936 files changed, 47733 insertions, 49841 deletions

diff --git a/pki/base/common/src/com/netscape/certsrv/acls/ACL.java b/pki/base/common/src/com/netscape/certsrv/acls/ACL.java
index 4200b94a..8f415a7c 100644
--- a/pki/base/common/src/com/netscape/certsrv/acls/ACL.java
+++ b/pki/base/common/src/com/netscape/certsrv/acls/ACL.java
@@ -17,22 +17,19 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.acls;
 
-
 import java.util.Enumeration;
 import java.util.Vector;
 
-
 /**
- * A class represents an access control list (ACL). An ACL
- * is associated with an protected resources. The policy 
- * enforcer can verify the ACLs with the current
- * context to see if the corresponding resource is accessible.  
+ * A class represents an access control list (ACL). An ACL is associated with an
+ * protected resources. The policy enforcer can verify the ACLs with the current
+ * context to see if the corresponding resource is accessible.
  * <P>
- * An <code>ACL</code> may contain one or more <code>ACLEntry</code>.
- * However, in case of multiple <code>ACLEntry</code>, a subject must
- * pass ALL of the <code>ACLEntry</code> evaluation for permission
- * to be granted
+ * An <code>ACL</code> may contain one or more <code>ACLEntry</code>. However,
+ * in case of multiple <code>ACLEntry</code>, a subject must pass ALL of the
+ * <code>ACLEntry</code> evaluation for permission to be granted
  * <P>
+ * 
  * @version $Revision$, $Date$
  */
 public class ACL implements IACL, java.io.Serializable {
@@ -44,7 +41,8 @@ public class ACL implements IACL, java.io.Serializable {
 
     protected Vector<ACLEntry> mEntries = new Vector<ACLEntry>(); // ACL entries
     protected Vector<String> mRights = null; // possible rights entries
-    protected String mResourceACLs = null; // exact resourceACLs string on ldap server
+    protected String mResourceACLs = null; // exact resourceACLs string on ldap
+                                           // server
     protected String mName = null; // resource name
     protected String mDescription = null; // resource description
 
@@ -55,17 +53,15 @@ public class ACL implements IACL, java.io.Serializable {
     }
 
     /**
-     * Class constructor.
-     * Constructs an access control list associated
-     * with a resource name
+     * Class constructor. Constructs an access control list associated with a
+     * resource name
+     * 
      * @param name resource name
      * @param rights applicable rights defined for this resource
      * @param resourceACLs the entire ACL specification. For example:
-     *                     "certServer.log.configuration:read,modify:
-     *                     allow (read,modify)
-     *                     group=\"Administrators\":
-     *                     Allow administrators to read and modify log 
-     *                     configuration"
+     *            "certServer.log.configuration:read,modify: allow (read,modify)
+     *            group=\"Administrators\": Allow administrators to read and
+     *            modify log configuration"
      */
     public ACL(String name, Vector<String> rights, String resourceACLs) {
         setName(name);
@@ -79,17 +75,17 @@ public class ACL implements IACL, java.io.Serializable {
     }
 
     /**
-     * Sets the name of the resource governed by this 
-     * access control.
+     * Sets the name of the resource governed by this access control.
+     * 
      * @param name name of the resource
      */
     public void setName(String name) {
         mName = name;
     }
-	
+
     /**
-     * Retrieves the name of the resource governed by 
-     * this access control.
+     * Retrieves the name of the resource governed by this access control.
+     * 
      * @return name of the resource
      */
     public String getName() {
@@ -98,6 +94,7 @@ public class ACL implements IACL, java.io.Serializable {
 
     /**
      * Retrieves the exact string of the resourceACLs
+     * 
      * @return resource's acl
      */
     public String getResourceACLs() {
@@ -105,17 +102,18 @@ public class ACL implements IACL, java.io.Serializable {
     }
 
     /**
-     * Sets the description of the resource governed by this 
-     * access control.
+     * Sets the description of the resource governed by this access control.
+     * 
      * @param description Description of the protected resource
      */
     public void setDescription(String description) {
         mDescription = description;
     }
-	
+
     /**
-     * Retrieves the description of the resource governed by 
-     * this access control.
+     * Retrieves the description of the resource governed by this access
+     * control.
+     * 
      * @return Description of the protected resource
      */
     public String getDescription() {
@@ -124,6 +122,7 @@ public class ACL implements IACL, java.io.Serializable {
 
     /**
      * Adds an ACL entry to this list.
+     * 
      * @param entry the <code>ACLEntry</code> to be added to this resource
      */
     public void addEntry(ACLEntry entry) {
@@ -132,6 +131,7 @@ public class ACL implements IACL, java.io.Serializable {
 
     /**
      * Returns ACL entries.
+     * 
      * @return enumeration for the <code>ACLEntry</code> vector
      */
     public Enumeration<ACLEntry> entries() {
@@ -140,9 +140,9 @@ public class ACL implements IACL, java.io.Serializable {
 
     /**
      * Returns the string reprsentation.
-     * @return the string representation of the ACL entries in the
-     *	       following format:
-     *         <resource name>[<ACLEntry1>,<ACLEntry 2>,...<ACLEntry N>]
+     * 
+     * @return the string representation of the ACL entries in the following
+     *         format: <resource name>[<ACLEntry1>,<ACLEntry 2>,...<ACLEntry N>]
      */
     public String toString() {
         String entries = "";
@@ -160,6 +160,7 @@ public class ACL implements IACL, java.io.Serializable {
 
     /**
      * Adds an rights entry to this list.
+     * 
      * @param right The right to be added for this ACL
      */
     public void addRight(String right) {
@@ -168,6 +169,7 @@ public class ACL implements IACL, java.io.Serializable {
 
     /**
      * Tells if the permission is one of the defined "rights"
+     * 
      * @param permission permission to be checked
      * @return true if it's one of the "rights"; false otherwise
      */
@@ -177,6 +179,7 @@ public class ACL implements IACL, java.io.Serializable {
 
     /**
      * Returns rights entries.
+     * 
      * @return enumeration of rights defined for this ACL
      */
     public Enumeration<String> rights() {
diff --git a/pki/base/common/src/com/netscape/certsrv/acls/ACLEntry.java b/pki/base/common/src/com/netscape/certsrv/acls/ACLEntry.java
index d689493b..2246a13c 100644
--- a/pki/base/common/src/com/netscape/certsrv/acls/ACLEntry.java
+++ b/pki/base/common/src/com/netscape/certsrv/acls/ACLEntry.java
@@ -17,15 +17,14 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.acls;
 
-
 import java.util.Enumeration;
 import java.util.Hashtable;
 import java.util.StringTokenizer;
 
-
 /**
  * A class represents an ACI entry of an access control list.
  * <P>
+ * 
  * @version $Revision$, $Date$
  */
 public class ACLEntry implements IACLEntry, java.io.Serializable {
@@ -47,8 +46,9 @@ public class ACLEntry implements IACLEntry, java.io.Serializable {
 
     /**
      * Checks if this ACL entry is set to negative.
-     * @return true if this ACL entry expression is for "deny";
-     *         false if this ACL entry expression is for "allow"
+     * 
+     * @return true if this ACL entry expression is for "deny"; false if this
+     *         ACL entry expression is for "allow"
      */
     public boolean isNegative() {
         return mNegative;
@@ -63,8 +63,10 @@ public class ACLEntry implements IACLEntry, java.io.Serializable {
 
     /**
      * Sets the ACL entry string
+     * 
      * @param s string in the following format:
-     * <PRE>
+     * 
+     *            <PRE>
      *   allow|deny (right[,right...]) attribute_expression
      * </PRE>
      */
@@ -72,10 +74,12 @@ public class ACLEntry implements IACLEntry, java.io.Serializable {
         mACLEntryString = s;
     }
 
-    /** 
+    /**
      * Gets the ACL Entry String
+     * 
      * @return ACL Entry string in the following format:
-     * <PRE>
+     * 
+     *         <PRE>
      *   allow|deny (right[,right...]) attribute_expression
      * </PRE>
      */
@@ -84,11 +88,12 @@ public class ACLEntry implements IACLEntry, java.io.Serializable {
     }
 
     /**
-     * Adds permission to this entry. Permission must be one of the
-     * "rights" defined for each protected resource in its ACL
+     * Adds permission to this entry. Permission must be one of the "rights"
+     * defined for each protected resource in its ACL
+     * 
      * @param acl the acl instance that this aclEntry is associated with
-     * @param permission one of the "rights" defined for each
-     *              	 protected resource in its ACL
+     * @param permission one of the "rights" defined for each protected resource
+     *            in its ACL
      */
     public void addPermission(IACL acl, String permission) {
         if (acl.checkRight(permission) == true) {
@@ -99,8 +104,8 @@ public class ACLEntry implements IACLEntry, java.io.Serializable {
     }
 
     /**
-     * Returns a list of permissions associated with
-     * this entry.
+     * Returns a list of permissions associated with this entry.
+     * 
      * @return a list of permissions for this ACL entry
      */
     public Enumeration<String> permissions() {
@@ -109,8 +114,9 @@ public class ACLEntry implements IACLEntry, java.io.Serializable {
 
     /**
      * Sets the expression associated with this entry.
+     * 
      * @param expressions the evaluator expressions. For example,
-     *                    group="Administrators"
+     *            group="Administrators"
      */
     public void setAttributeExpressions(String expressions) {
         mExpressions = expressions;
@@ -118,20 +124,21 @@ public class ACLEntry implements IACLEntry, java.io.Serializable {
 
     /**
      * Retrieves the expression associated with this entry.
-     * @return the evaluator expressions.  For example,
-     *                group="Administrators"
+     * 
+     * @return the evaluator expressions. For example, group="Administrators"
      */
     public String getAttributeExpressions() {
         return mExpressions;
     }
 
     /**
-     * Checks to see if this <code>ACLEntry</code> contains a
-     * particular permission
-     * @param permission one of the "rights" defined for each
-     *              	 protected resource in its ACL
-     * @return true if permission contained in the permission list
-     *              for this <code>ACLEntry</code>; false otherwise.
+     * Checks to see if this <code>ACLEntry</code> contains a particular
+     * permission
+     * 
+     * @param permission one of the "rights" defined for each protected resource
+     *            in its ACL
+     * @return true if permission contained in the permission list for this
+     *         <code>ACLEntry</code>; false otherwise.
      */
     public boolean containPermission(String permission) {
         return (mPerms.get(permission) != null);
@@ -139,15 +146,16 @@ public class ACLEntry implements IACLEntry, java.io.Serializable {
 
     /**
      * Checks if this entry has the given permission.
-     * @param permission one of the "rights" defined for each
-     *              	 protected resource in its ACL
-     * @return true if the permission is allowed; false if the
-     *           	 permission is denied.  If a permission is not
-     *          	 recognized by this ACL, it is considered denied
+     * 
+     * @param permission one of the "rights" defined for each protected resource
+     *            in its ACL
+     * @return true if the permission is allowed; false if the permission is
+     *         denied. If a permission is not recognized by this ACL, it is
+     *         considered denied
      */
     public boolean checkPermission(String permission) {
         // default - if we dont know about the requested permission,
-        //           don't grant permission
+        // don't grant permission
         if (mPerms.get(permission) == null)
             return false;
         if (isNegative()) {
@@ -159,10 +167,13 @@ public class ACLEntry implements IACLEntry, java.io.Serializable {
 
     /**
      * Parse string in the following format:
+     * 
      * <PRE>
      *   allow|deny (right[,right...]) attribute_expression
      * </PRE>
+     * 
      * into an instance of the <code>ACLEntry</code> class
+     * 
      * @param acl the acl instance associated with this aclentry
      * @param aclEntryString aclEntryString in the specified format
      * @return an instance of the <code>ACLEntry</code> class
@@ -175,7 +186,7 @@ public class ACLEntry implements IACLEntry, java.io.Serializable {
         String te = aclEntryString.trim();
 
         // locate first space
-        int i = te.indexOf(' '); 
+        int i = te.indexOf(' ');
         // prefix should be "allowed" or "deny"
         String prefix = te.substring(0, i);
         String suffix = te.substring(i + 1).trim();
@@ -189,7 +200,7 @@ public class ACLEntry implements IACLEntry, java.io.Serializable {
             return null;
         }
         // locate the second space
-        i = suffix.indexOf(' '); 
+        i = suffix.indexOf(' ');
         // this prefix should be rights list, delimited by ","
         prefix = suffix.substring(1, i - 1);
         // the suffix is the rest, which is the "expressions"
@@ -206,6 +217,7 @@ public class ACLEntry implements IACLEntry, java.io.Serializable {
 
     /**
      * Returns the string representation of this ACLEntry
+     * 
      * @return string representation of this ACLEntry
      */
     public String toString() {
diff --git a/pki/base/common/src/com/netscape/certsrv/acls/ACLsResources.java b/pki/base/common/src/com/netscape/certsrv/acls/ACLsResources.java
index 878fe163..9dc6d4ee 100644
--- a/pki/base/common/src/com/netscape/certsrv/acls/ACLsResources.java
+++ b/pki/base/common/src/com/netscape/certsrv/acls/ACLsResources.java
@@ -20,10 +20,9 @@ package com.netscape.certsrv.acls;
 import java.util.ListResourceBundle;
 
 /**
- * A class represents a resource bundle for the entire ACL component.
- * system.
+ * A class represents a resource bundle for the entire ACL component. system.
  * <P>
- *
+ * 
  * @deprecated
  * @version $Revision$, $Date$
  */
@@ -31,13 +30,14 @@ public class ACLsResources extends ListResourceBundle {
 
     /**
      * Returns the content of this resource.
+     * 
      * @return the content of this resource.
      */
     public Object[][] getContents() {
         return contents;
     }
 
-    /** 
+    /**
      * A set of constants for localized error messages.
      */
     static final Object[][] contents = {};
diff --git a/pki/base/common/src/com/netscape/certsrv/acls/EACLsException.java b/pki/base/common/src/com/netscape/certsrv/acls/EACLsException.java
index e79bd724..96a9b7b9 100644
--- a/pki/base/common/src/com/netscape/certsrv/acls/EACLsException.java
+++ b/pki/base/common/src/com/netscape/certsrv/acls/EACLsException.java
@@ -17,21 +17,18 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.acls;
 
-
 import java.util.Locale;
 
 import com.netscape.certsrv.base.EBaseException;
 import com.netscape.certsrv.base.MessageFormatter;
 
-
 /**
- * A class represents an acls exception. Note that this is
- * an Runtime exception so that methods used AccessManager
- * do not have to explicity declare this exception. This
- * allows AccessManager to be easily integrated into any
+ * A class represents an acls exception. Note that this is an Runtime exception
+ * so that methods used AccessManager do not have to explicity declare this
+ * exception. This allows AccessManager to be easily integrated into any
  * existing code.
  * <P>
- *
+ * 
  * @version $Revision$, $Date$
  */
 public class EACLsException extends EBaseException {
@@ -44,10 +41,11 @@ public class EACLsException extends EBaseException {
      * resource class name
      */
     private static final String ACL_RESOURCES = ACLsResources.class.getName();
- 
+
     /**
      * Constructs an acls exception.
      * <P>
+     * 
      * @param msgFormat exception details
      */
     public EACLsException(String msgFormat) {
@@ -57,11 +55,12 @@ public class EACLsException extends EBaseException {
 
     /**
      * Constructs a base exception with a parameter. For example,
+     * 
      * <PRE>
-     * 		new EACLsException("failed to load {0}", fileName);
+     * new EACLsException(&quot;failed to load {0}&quot;, fileName);
      * </PRE>
      * <P>
-     *
+     * 
      * @param msgFormat exception details in message string format
      * @param param message string parameter
      */
@@ -72,9 +71,9 @@ public class EACLsException extends EBaseException {
     }
 
     /**
-     * Constructs a base exception. It can be used to carry
-     * a system exception that may contain information about
-     * the context. For example,
+     * Constructs a base exception. It can be used to carry a system exception
+     * that may contain information about the context. For example,
+     * 
      * <PRE>
      * 		try {
      *  		...
@@ -83,7 +82,7 @@ public class EACLsException extends EBaseException {
      *      }
      * </PRE>
      * <P>
-     *
+     * 
      * @param msgFormat exception details in message string format
      * @param param system exception
      */
@@ -94,10 +93,10 @@ public class EACLsException extends EBaseException {
     }
 
     /**
-     * Constructs a base exception with a list of parameters
-     * that will be substituted into the message format.
+     * Constructs a base exception with a list of parameters that will be
+     * substituted into the message format.
      * <P>
-     *
+     * 
      * @param msgFormat exception details in message string format
      * @param params list of message format parameters
      */
@@ -109,7 +108,7 @@ public class EACLsException extends EBaseException {
     /**
      * Returns a list of parameters.
      * <P>
-     *
+     * 
      * @return list of message format parameters
      */
     public Object[] getParameters() {
@@ -118,6 +117,7 @@ public class EACLsException extends EBaseException {
 
     /**
      * String representation for the corresponding exception.
+     * 
      * @return String representation for the corresponding exception.
      */
     public String toString() {
@@ -126,6 +126,7 @@ public class EACLsException extends EBaseException {
 
     /**
      * Returns string representation for the corresponding exception.
+     * 
      * @param locale client specified locale for string representation.
      * @return String representation for the corresponding exception.
      */
@@ -136,6 +137,7 @@ public class EACLsException extends EBaseException {
 
     /**
      * Return the class name of the resource bundle.
+     * 
      * @return class name of the resource bundle.
      */
     protected String getBundleName() {
diff --git a/pki/base/common/src/com/netscape/certsrv/acls/IACL.java b/pki/base/common/src/com/netscape/certsrv/acls/IACL.java
index d336fc26..32b6ad3d 100644
--- a/pki/base/common/src/com/netscape/certsrv/acls/IACL.java
+++ b/pki/base/common/src/com/netscape/certsrv/acls/IACL.java
@@ -17,49 +17,52 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.acls;
 
-
 import java.util.Enumeration;
 
-
 /**
- * A class represents an access control list (ACL). An ACL
- * is associated with a protected resource. The policy 
- * enforcer can verify the ACLs with the current
- * context to see if the corresponding resource is accessible.  
+ * A class represents an access control list (ACL). An ACL is associated with a
+ * protected resource. The policy enforcer can verify the ACLs with the current
+ * context to see if the corresponding resource is accessible.
  * <P>
  * 
  * @version $Revision$, $Date$
  */
-public interface IACL { 
+public interface IACL {
 
     /**
      * Returns the name of the current ACL.
+     * 
      * @return the name of the current ACL.
      */
     public String getName();
 
     /**
      * Returns the description of the current ACL.
+     * 
      * @return the description of the current ACL.
      */
-    public String getDescription(); 
+    public String getDescription();
 
     /**
      * Returns a list of access rights of the current ACL.
+     * 
      * @return a list of access rights
      */
-    public Enumeration<String> rights(); 
+    public Enumeration<String> rights();
 
     /**
      * Returns a list of entries of the current ACL.
+     * 
      * @return a list of entries
      */
     public Enumeration<ACLEntry> entries();
 
     /**
      * Verifies if permission is granted.
+     * 
      * @param permission one of the applicable rights
-     * @return true if the given permission is one of the applicable rights; false otherwise.
+     * @return true if the given permission is one of the applicable rights;
+     *         false otherwise.
      */
     public boolean checkRight(String permission);
 }
diff --git a/pki/base/common/src/com/netscape/certsrv/acls/IACLEntry.java b/pki/base/common/src/com/netscape/certsrv/acls/IACLEntry.java
index f91ef38b..ff806f15 100644
--- a/pki/base/common/src/com/netscape/certsrv/acls/IACLEntry.java
+++ b/pki/base/common/src/com/netscape/certsrv/acls/IACLEntry.java
@@ -17,19 +17,17 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.acls;
 
-
-
-
 /**
  * A class represents an entry of access control list.
  * <P>
  * 
  * @version $Revision$, $Date$
  */
-public interface IACLEntry { 
+public interface IACLEntry {
 
     /**
      * Returns the ACL entry string of the entry.
+     * 
      * @return the ACL entry string of the entry.
      */
     public String getACLEntryString();
diff --git a/pki/base/common/src/com/netscape/certsrv/apps/CMS.java b/pki/base/common/src/com/netscape/certsrv/apps/CMS.java
index f093bb74..8ba3d06b 100644
--- a/pki/base/common/src/com/netscape/certsrv/apps/CMS.java
+++ b/pki/base/common/src/com/netscape/certsrv/apps/CMS.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.apps;
 
-
 import java.io.ByteArrayOutputStream;
 import java.io.PrintStream;
 import java.math.BigInteger;
@@ -98,18 +97,15 @@ import com.netscape.certsrv.usrgrp.IUGSubsystem;
 import com.netscape.cmsutil.net.ISocketFactory;
 import com.netscape.cmsutil.password.IPasswordStore;
 
-
 /**
- * This represents the CMS server. Plugins can access other
- * public objects such as subsystems via this inteface. 
- * This object also include a set of utility functions.
- *
- * This object does not include the actual implementation.
- * It acts as a public interface for plugins, and the
- * actual implementation is in the CMS engine 
- * (com.netscape.cmscore.apps.CMSEngine) that implements 
- * ICMSEngine interface.
- *
+ * This represents the CMS server. Plugins can access other public objects such
+ * as subsystems via this inteface. This object also include a set of utility
+ * functions.
+ * 
+ * This object does not include the actual implementation. It acts as a public
+ * interface for plugins, and the actual implementation is in the CMS engine
+ * (com.netscape.cmscore.apps.CMSEngine) that implements ICMSEngine interface.
+ * 
  * @version $Revision$, $Date$
  */
 public final class CMS {
@@ -129,7 +125,7 @@ public final class CMS {
     public static final String SUBSYSTEM_KRA = IKeyRecoveryAuthority.ID;
     public static final String SUBSYSTEM_OCSP = IOCSPAuthority.ID;
     public static final String SUBSYSTEM_TKS = ITKSAuthority.ID;
-   public static final String SUBSYSTEM_UG = IUGSubsystem.ID;
+    public static final String SUBSYSTEM_UG = IUGSubsystem.ID;
     public static final String SUBSYSTEM_AUTH = IAuthSubsystem.ID;
     public static final String SUBSYSTEM_AUTHZ = IAuthzSubsystem.ID;
     public static final String SUBSYSTEM_REGISTRY = IPluginRegistry.ID;
@@ -141,7 +137,7 @@ public final class CMS {
 
     /**
      * Private constructor.
-     *
+     * 
      * @param engine CMS engine implementation
      */
     private CMS(ICMSEngine engine) {
@@ -149,8 +145,9 @@ public final class CMS {
     }
 
     /**
-     * This method is used for unit tests.  It allows the underlying _engine
-     * to be stubbed out.
+     * This method is used for unit tests. It allows the underlying _engine to
+     * be stubbed out.
+     * 
      * @param engine The stub engine to set, for testing.
      */
     public static void setCMSEngine(ICMSEngine engine) {
@@ -159,7 +156,7 @@ public final class CMS {
 
     /**
      * Gets this ID .
-     *
+     * 
      * @return CMS engine identifier
      */
     public static String getId() {
@@ -167,9 +164,9 @@ public final class CMS {
     }
 
     /**
-     * Sets the identifier of this subsystem. Should never be called. 
-     * Returns error. 
-     *
+     * Sets the identifier of this subsystem. Should never be called. Returns
+     * error.
+     * 
      * @param id CMS engine identifier
      */
     public static void setId(String id) throws EBaseException {
@@ -178,14 +175,14 @@ public final class CMS {
 
     /**
      * Initialize all static, dynamic and final static subsystems.
-     *
+     * 
      * @param owner null
      * @param config main config store.
-     * @exception EBaseException if any error occur in subsystems during 
-     * initialization.
+     * @exception EBaseException if any error occur in subsystems during
+     *                initialization.
      */
-    public static void init(ISubsystem owner, IConfigStore config) 
-        throws EBaseException {
+    public static void init(ISubsystem owner, IConfigStore config)
+            throws EBaseException {
         _engine.init(owner, config);
     }
 
@@ -195,7 +192,7 @@ public final class CMS {
 
     /**
      * Starts up all subsystems. subsystems must be initialized.
-     *
+     * 
      * @exception EBaseException if any subsystem fails to startup.
      */
     public static void startup() throws EBaseException {
@@ -217,10 +214,10 @@ public final class CMS {
     }
 
     /**
-     * Checks to ensure that all new incoming requests have been blocked.
-     * This method is used for reentrancy protection.
+     * Checks to ensure that all new incoming requests have been blocked. This
+     * method is used for reentrancy protection.
      * <P>
-     *
+     * 
      * @return true or false
      */
     public static boolean areRequestsDisabled() {
@@ -228,34 +225,33 @@ public final class CMS {
     }
 
     /**
-     * Shuts down subsystems in backwards order 
-     * exceptions are ignored. process exists at end to force exit.
+     * Shuts down subsystems in backwards order exceptions are ignored. process
+     * exists at end to force exit.
      */
     public static void shutdown() {
         _engine.shutdown();
     }
 
     /**
-     * Shuts down subsystems in backwards order
-     * exceptions are ignored. process exists at end to force exit.
+     * Shuts down subsystems in backwards order exceptions are ignored. process
+     * exists at end to force exit.
      */
 
-     public static void forceShutdown() {
+    public static void forceShutdown() {
 
-         _engine.forceShutdown();
-     }
+        _engine.forceShutdown();
+    }
 
-     /**
-      * mode = 0 (pre-operational)
-      * mode = 1 (running)
-      */
-     public static void setCSState(int mode) {
-         _engine.setCSState(mode);
-     }
+    /**
+     * mode = 0 (pre-operational) mode = 1 (running)
+     */
+    public static void setCSState(int mode) {
+        _engine.setCSState(mode);
+    }
 
-     public static int getCSState() {
-         return _engine.getCSState();
-     }
+    public static int getCSState() {
+        return _engine.getCSState();
+    }
 
     public static boolean isPreOpMode() {
         return _engine.isPreOpMode();
@@ -266,10 +262,9 @@ public final class CMS {
     }
 
     /**
-     * Is the server in running state. After server startup, the
-     * server will be initialization state first. After the
-     * initialization state, the server will be in the running 
-     * state.
+     * Is the server in running state. After server startup, the server will be
+     * initialization state first. After the initialization state, the server
+     * will be in the running state.
      * 
      * @return true if the server is in the running state
      */
@@ -278,10 +273,9 @@ public final class CMS {
     }
 
     /**
-     * Returns the logger of the current server. The logger can
-     * be used to log critical informational or critical error
-     * messages.
-     *
+     * Returns the logger of the current server. The logger can be used to log
+     * critical informational or critical error messages.
+     * 
      * @return logger
      */
     public static ILogger getLogger() {
@@ -289,10 +283,9 @@ public final class CMS {
     }
 
     /**
-     * Returns the signed audit logger of the current server. This logger can
-     * be used to log critical informational or critical error
-     * messages.
-     *
+     * Returns the signed audit logger of the current server. This logger can be
+     * used to log critical informational or critical error messages.
+     * 
      * @return signed audit logger
      */
     public static ILogger getSignedAuditLogger() {
@@ -301,7 +294,7 @@ public final class CMS {
 
     /**
      * Creates a repository record in the internal database.
-     *
+     * 
      * @return repository record
      */
     public static IRepositoryRecord createRepositoryRecord() {
@@ -310,8 +303,10 @@ public final class CMS {
 
     /**
      * Parse ACL resource attributes
+     * 
      * @param resACLs same format as the resourceACLs attribute:
-     * <PRE>
+     * 
+     *            <PRE>
      *     <resource name>:<permission1,permission2,...permissionn>:
      *     <allow|deny> (<subset of the permission set>) <evaluator expression>
      * </PRE>
@@ -324,7 +319,7 @@ public final class CMS {
 
     /**
      * Creates an issuing poing record.
-     *
+     * 
      * @return issuing record
      */
     public static ICRLIssuingPointRecord createCRLIssuingPointRecord(String id, BigInteger crlNumber, Long crlSize, Date thisUpdate, Date nextUpdate) {
@@ -333,7 +328,7 @@ public final class CMS {
 
     /**
      * Retrieves the default CRL issuing point record name.
-     *
+     * 
      * @return CRL issuing point record name
      */
     public static String getCRLIssuingPointRecordName() {
@@ -342,7 +337,7 @@ public final class CMS {
 
     /**
      * Retrieves the process id of this server.
-     *
+     * 
      * @return process id of the server
      */
     public static int getpid() {
@@ -351,7 +346,7 @@ public final class CMS {
 
     /**
      * Retrieves the instance roort path of this server.
-     *
+     * 
      * @return instance directory path name
      */
     public static String getInstanceDir() {
@@ -359,9 +354,9 @@ public final class CMS {
     }
 
     /**
-     * Returns a server wide system time. Plugins should call
-     * this method to retrieve system time.
-     *
+     * Returns a server wide system time. Plugins should call this method to
+     * retrieve system time.
+     * 
      * @return current time
      */
     public static Date getCurrentDate() {
@@ -372,7 +367,7 @@ public final class CMS {
 
     /**
      * Puts data of an byte array into the debug file.
-     *
+     * 
      * @param data byte array to be recorded in the debug file
      */
     public static void debug(byte data[]) {
@@ -382,7 +377,7 @@ public final class CMS {
 
     /**
      * Puts a message into the debug file.
-     *
+     * 
      * @param msg debugging message
      */
     public static void debug(String msg) {
@@ -392,7 +387,7 @@ public final class CMS {
 
     /**
      * Puts a message into the debug file.
-     *
+     * 
      * @param level 0-10 (0 is less detail, 10 is more detail)
      * @param msg debugging message
      */
@@ -403,7 +398,7 @@ public final class CMS {
 
     /**
      * Puts an exception into the debug file.
-     *
+     * 
      * @param e exception
      */
     public static void debug(Throwable e) {
@@ -413,7 +408,7 @@ public final class CMS {
 
     /**
      * Checks if the debug mode is on or not.
-     *
+     * 
      * @return true if debug mode is on
      */
     public static boolean debugOn() {
@@ -430,42 +425,45 @@ public final class CMS {
             _engine.debugStackTrace();
     }
 
-	/*
-	 * If debugging for the particular realm is enabled, output name/value
-	 * pair info to the debug file. This is useful to dump out what hidden
-	 * config variables the server is looking at, or what HTTP variables it
-	 * is expecting to find, or what database attributes it is looking for.
-	 * @param type indicates what the source of key/val is. For example,
-     *     this could be 'CS.cfg', or something else. In the debug
-	 *     subsystem, there is a mechanism to filter this so only the types 
-     *     you care about are listed
-	 * @param key  the 'key' of the hashtable which is being accessed.
-	 *     This could be the name of the config parameter, or the http param
-	 *     name.
-	 * @param val  the value of the parameter
+    /*
+     * If debugging for the particular realm is enabled, output name/value pair
+     * info to the debug file. This is useful to dump out what hidden config
+     * variables the server is looking at, or what HTTP variables it is
+     * expecting to find, or what database attributes it is looking for.
+     * 
+     * @param type indicates what the source of key/val is. For example, this
+     * could be 'CS.cfg', or something else. In the debug subsystem, there is a
+     * mechanism to filter this so only the types you care about are listed
+     * 
+     * @param key the 'key' of the hashtable which is being accessed. This could
+     * be the name of the config parameter, or the http param name.
+     * 
+     * @param val the value of the parameter
+     * 
      * @param default the default value if the param is not found
-	 */
+     */
 
     public static void traceHashKey(String type, String key) {
         if (_engine != null) {
-			_engine.traceHashKey(type, key);
-		}
-	}
+            _engine.traceHashKey(type, key);
+        }
+    }
+
     public static void traceHashKey(String type, String key, String val) {
         if (_engine != null) {
-			_engine.traceHashKey(type, key, val);
-		}
-	}
+            _engine.traceHashKey(type, key, val);
+        }
+    }
+
     public static void traceHashKey(String type, String key, String val, String def) {
         if (_engine != null) {
-			_engine.traceHashKey(type, key, val, def);
-		}
-	}
-
+            _engine.traceHashKey(type, key, val, def);
+        }
+    }
 
     /**
      * Returns the names of all the registered subsystems.
-     *
+     * 
      * @return a list of string-based subsystem names
      */
     public static Enumeration<String> getSubsystemNames() {
@@ -478,7 +476,7 @@ public final class CMS {
 
     /**
      * Returns all the registered subsystems.
-     *
+     * 
      * @return a list of ISubsystem-based subsystems
      */
     public static Enumeration<ISubsystem> getSubsystems() {
@@ -487,7 +485,7 @@ public final class CMS {
 
     /**
      * Retrieves the registered subsytem with the given name.
-     *
+     * 
      * @param name subsystem name
      * @return subsystem of the given name
      */
@@ -497,7 +495,7 @@ public final class CMS {
 
     /**
      * Retrieves the localized user message from UserMessages.properties.
-     *
+     * 
      * @param msgID message id defined in UserMessages.properties
      * @return localized user message
      */
@@ -509,7 +507,7 @@ public final class CMS {
 
     /**
      * Retrieves the localized user message from UserMessages.properties.
-     *
+     * 
      * @param locale end-user locale
      * @param msgID message id defined in UserMessages.properties
      * @return localized user message
@@ -522,7 +520,7 @@ public final class CMS {
 
     /**
      * Retrieves the localized user message from UserMessages.properties.
-     *
+     * 
      * @param msgID message id defined in UserMessages.properties
      * @param p1 1st parameter
      * @return localized user message
@@ -535,7 +533,7 @@ public final class CMS {
 
     /**
      * Retrieves the localized user message from UserMessages.properties.
-     *
+     * 
      * @param locale end-user locale
      * @param msgID message id defined in UserMessages.properties
      * @param p1 1st parameter
@@ -549,7 +547,7 @@ public final class CMS {
 
     /**
      * Retrieves the localized user message from UserMessages.properties.
-     *
+     * 
      * @param msgID message id defined in UserMessages.properties
      * @param p1 1st parameter
      * @param p2 2nd parameter
@@ -563,7 +561,7 @@ public final class CMS {
 
     /**
      * Retrieves the localized user message from UserMessages.properties.
-     *
+     * 
      * @param locale end-user locale
      * @param msgID message id defined in UserMessages.properties
      * @param p1 1st parameter
@@ -578,7 +576,7 @@ public final class CMS {
 
     /**
      * Retrieves the localized user message from UserMessages.properties.
-     *
+     * 
      * @param msgID message id defined in UserMessages.properties
      * @param p1 1st parameter
      * @param p2 2nd parameter
@@ -593,15 +591,14 @@ public final class CMS {
 
     public static LDAPConnection getBoundConnection(String host, int port,
                int version, LDAPSSLSocketFactoryExt fac, String bindDN,
-               String bindPW) throws LDAPException
-    {
-         return _engine.getBoundConnection(host, port, version, fac,
+               String bindPW) throws LDAPException {
+        return _engine.getBoundConnection(host, port, version, fac,
                          bindDN, bindPW);
     }
 
     /**
      * Retrieves the localized user message from UserMessages.properties.
-     *
+     * 
      * @param locale end-user locale
      * @param msgID message id defined in UserMessages.properties
      * @param p1 1st parameter
@@ -617,7 +614,7 @@ public final class CMS {
 
     /**
      * Retrieves the localized user message from UserMessages.properties.
-     *
+     * 
      * @param msgID message id defined in UserMessages.properties
      * @param p an array of parameters
      * @return localized user message
@@ -630,7 +627,7 @@ public final class CMS {
 
     /**
      * Retrieves the localized user message from UserMessages.properties.
-     *
+     * 
      * @param locale end-user locale
      * @param msgID message id defined in UserMessages.properties
      * @param p an array of parameters
@@ -644,7 +641,7 @@ public final class CMS {
 
     /**
      * Retrieves the centralized log message from LogMessages.properties.
-     *
+     * 
      * @param msgID message id defined in LogMessages.properties
      * @return localized log message
      */
@@ -654,7 +651,7 @@ public final class CMS {
 
     /**
      * Retrieves the centralized log message from LogMessages.properties.
-     *
+     * 
      * @param msgID message id defined in LogMessages.properties
      * @param p an array of parameters
      * @return localized log message
@@ -665,7 +662,7 @@ public final class CMS {
 
     /**
      * Retrieves the centralized log message from LogMessages.properties.
-     *
+     * 
      * @param msgID message id defined in LogMessages.properties
      * @param p1 1st parameter
      * @return localized log message
@@ -676,7 +673,7 @@ public final class CMS {
 
     /**
      * Retrieves the centralized log message from LogMessages.properties.
-     *
+     * 
      * @param msgID message id defined in LogMessages.properties
      * @param p1 1st parameter
      * @param p2 2nd parameter
@@ -688,7 +685,7 @@ public final class CMS {
 
     /**
      * Retrieves the centralized log message from LogMessages.properties.
-     *
+     * 
      * @param msgID message id defined in LogMessages.properties
      * @param p1 1st parameter
      * @param p2 2nd parameter
@@ -701,7 +698,7 @@ public final class CMS {
 
     /**
      * Retrieves the centralized log message from LogMessages.properties.
-     *
+     * 
      * @param msgID message id defined in LogMessages.properties
      * @param p1 1st parameter
      * @param p2 2nd parameter
@@ -715,7 +712,7 @@ public final class CMS {
 
     /**
      * Retrieves the centralized log message from LogMessages.properties.
-     *
+     * 
      * @param msgID message id defined in LogMessages.properties
      * @param p1 1st parameter
      * @param p2 2nd parameter
@@ -730,7 +727,7 @@ public final class CMS {
 
     /**
      * Retrieves the centralized log message from LogMessages.properties.
-     *
+     * 
      * @param msgID message id defined in LogMessages.properties
      * @param p1 1st parameter
      * @param p2 2nd parameter
@@ -746,7 +743,7 @@ public final class CMS {
 
     /**
      * Retrieves the centralized log message from LogMessages.properties.
-     *
+     * 
      * @param msgID message id defined in LogMessages.properties
      * @param p1 1st parameter
      * @param p2 2nd parameter
@@ -763,7 +760,7 @@ public final class CMS {
 
     /**
      * Retrieves the centralized log message from LogMessages.properties.
-     *
+     * 
      * @param msgID message id defined in LogMessages.properties
      * @param p1 1st parameter
      * @param p2 2nd parameter
@@ -781,7 +778,7 @@ public final class CMS {
 
     /**
      * Retrieves the centralized log message from LogMessages.properties.
-     *
+     * 
      * @param msgID message id defined in LogMessages.properties
      * @param p1 1st parameter
      * @param p2 2nd parameter
@@ -800,7 +797,7 @@ public final class CMS {
 
     /**
      * Returns the main config store. It is a handle to CMS.cfg.
-     *
+     * 
      * @return configuration store
      */
     public static IConfigStore getConfigStore() {
@@ -809,7 +806,7 @@ public final class CMS {
 
     /**
      * Retrieves time server started up.
-     *
+     * 
      * @return last startup time
      */
     public static long getStartupTime() {
@@ -818,41 +815,41 @@ public final class CMS {
 
     /**
      * Retrieves the HTTP Connection for use with connector.
-     *
+     * 
      * @param authority remote authority
      * @param factory socket factory
      * @return http connection to the remote authority
      */
-    public static IHttpConnection getHttpConnection(IRemoteAuthority authority, 
-        ISocketFactory factory) {
+    public static IHttpConnection getHttpConnection(IRemoteAuthority authority,
+            ISocketFactory factory) {
         return _engine.getHttpConnection(authority, factory);
     }
 
     /**
      * Retrieves the HTTP Connection for use with connector.
-     *
+     * 
      * @param authority remote authority
      * @param factory socket factory
      * @param timeout return error if connection cannot be established within
-     *       the timeout period
+     *            the timeout period
      * @return http connection to the remote authority
      */
-    public static IHttpConnection getHttpConnection(IRemoteAuthority authority, 
-        ISocketFactory factory, int timeout) {
+    public static IHttpConnection getHttpConnection(IRemoteAuthority authority,
+            ISocketFactory factory, int timeout) {
         return _engine.getHttpConnection(authority, factory, timeout);
     }
 
     /**
      * Retrieves the request sender for use with connector.
-     *
+     * 
      * @param authority local authority
      * @param nickname nickname of the client certificate
      * @param remote remote authority
      * @param interval timeout interval
      * @return resender
      */
-    public static IResender getResender(IAuthority authority, String nickname, 
-        IRemoteAuthority remote, int interval) {
+    public static IResender getResender(IAuthority authority, String nickname,
+            IRemoteAuthority remote, int interval) {
         return _engine.getResender(authority, nickname, remote, interval);
     }
 
@@ -867,7 +864,7 @@ public final class CMS {
 
     /**
      * Sets the nickname of the server's server certificate.
-     *
+     * 
      * @param tokenName name of token where the certificate is located
      * @param nickName name of server certificate
      */
@@ -877,7 +874,7 @@ public final class CMS {
 
     /**
      * Sets the nickname of the server's server certificate.
-     *
+     * 
      * @param newName new nickname of server certificate
      */
     public static void setServerCertNickname(String newName) {
@@ -886,7 +883,7 @@ public final class CMS {
 
     /**
      * Retrieves the host name of the server's secure end entity service.
-     *
+     * 
      * @return host name of end-entity service
      */
     public static String getEEHost() {
@@ -895,7 +892,7 @@ public final class CMS {
 
     /**
      * Retrieves the host name of the server's non-secure end entity service.
-     *
+     * 
      * @return host name of end-entity non-secure service
      */
     public static String getEENonSSLHost() {
@@ -904,7 +901,7 @@ public final class CMS {
 
     /**
      * Retrieves the IP address of the server's non-secure end entity service.
-     *
+     * 
      * @return ip address of end-entity non-secure service
      */
     public static String getEENonSSLIP() {
@@ -913,7 +910,7 @@ public final class CMS {
 
     /**
      * Retrieves the port number of the server's non-secure end entity service.
-     *
+     * 
      * @return port of end-entity non-secure service
      */
     public static String getEENonSSLPort() {
@@ -922,7 +919,7 @@ public final class CMS {
 
     /**
      * Retrieves the host name of the server's secure end entity service.
-     *
+     * 
      * @return port of end-entity secure service
      */
     public static String getEESSLHost() {
@@ -931,7 +928,7 @@ public final class CMS {
 
     /**
      * Retrieves the host name of the server's secure end entity service.
-     *
+     * 
      * @return port of end-entity secure service
      */
     public static String getEEClientAuthSSLPort() {
@@ -940,7 +937,7 @@ public final class CMS {
 
     /**
      * Retrieves the IP address of the server's secure end entity service.
-     *
+     * 
      * @return ip address of end-entity secure service
      */
     public static String getEESSLIP() {
@@ -949,7 +946,7 @@ public final class CMS {
 
     /**
      * Retrieves the port number of the server's secure end entity service.
-     *
+     * 
      * @return port of end-entity secure service
      */
     public static String getEESSLPort() {
@@ -958,7 +955,7 @@ public final class CMS {
 
     /**
      * Retrieves the host name of the server's agent service.
-     *
+     * 
      * @return host name of agent service
      */
     public static String getAgentHost() {
@@ -967,7 +964,7 @@ public final class CMS {
 
     /**
      * Retrieves the IP address of the server's agent service.
-     *
+     * 
      * @return ip address of agent service
      */
     public static String getAgentIP() {
@@ -976,7 +973,7 @@ public final class CMS {
 
     /**
      * Retrieves the port number of the server's agent service.
-     *
+     * 
      * @return port of agent service
      */
     public static String getAgentPort() {
@@ -985,7 +982,7 @@ public final class CMS {
 
     /**
      * Retrieves the host name of the server's administration service.
-     *
+     * 
      * @return host name of administration service
      */
     public static String getAdminHost() {
@@ -994,7 +991,7 @@ public final class CMS {
 
     /**
      * Retrieves the IP address of the server's administration service.
-     *
+     * 
      * @return ip address of administration service
      */
     public static String getAdminIP() {
@@ -1003,7 +1000,7 @@ public final class CMS {
 
     /**
      * Retrieves the port number of the server's administration service.
-     *
+     * 
      * @return port of administration service
      */
     public static String getAdminPort() {
@@ -1012,7 +1009,7 @@ public final class CMS {
 
     /**
      * Creates a general name constraints.
-     *
+     * 
      * @param generalNameChoice type of general name
      * @param value general name string
      * @return general name object
@@ -1024,14 +1021,14 @@ public final class CMS {
 
     /**
      * Creates a general name.
-     *
+     * 
      * @param generalNameChoice type of general name
      * @param value general name string
      * @return general name object
      * @exception EBaseException failed to create general name
      */
     public static GeneralName form_GeneralName(String generalNameChoice,
-        String value) throws EBaseException {
+            String value) throws EBaseException {
         return _engine.form_GeneralName(generalNameChoice, value);
     }
 
@@ -1041,25 +1038,25 @@ public final class CMS {
      * @param name configuration name
      * @param params configuration parameters
      */
-    public static void getSubjAltNameConfigDefaultParams(String name, 
-        Vector<String> params) {
+    public static void getSubjAltNameConfigDefaultParams(String name,
+            Vector<String> params) {
         _engine.getSubjAltNameConfigDefaultParams(name, params);
     }
 
     /**
      * Get extended plugin info for subject alt name configuration.
-     *
+     * 
      * @param name configuration name
      * @param params configuration parameters
      */
-    public static void getSubjAltNameConfigExtendedPluginInfo(String name, 
-        Vector<String> params) {
+    public static void getSubjAltNameConfigExtendedPluginInfo(String name,
+            Vector<String> params) {
         _engine.getSubjAltNameConfigExtendedPluginInfo(name, params);
     }
 
     /**
      * Creates subject alt name configuration.
-     *
+     * 
      * @param name configuration name
      * @param config configuration store
      * @param isValueConfigured true if value is configured
@@ -1072,162 +1069,161 @@ public final class CMS {
 
     /**
      * Retrieves default general name configuration.
-     *
+     * 
      * @param name configuration name
      * @param isValueConfigured true if value is configured
      * @param params configuration parameters
      * @exception EBaseException failed to create subject alt name configuration
      */
     public static void getGeneralNameConfigDefaultParams(String name,
-        boolean isValueConfigured, Vector<String> params) {
+            boolean isValueConfigured, Vector<String> params) {
         _engine.getGeneralNameConfigDefaultParams(name,
-            isValueConfigured, params);
+                isValueConfigured, params);
     }
 
     /**
      * Retrieves default general names configuration.
-     *
+     * 
      * @param name configuration name
      * @param isValueConfigured true if value is configured
      * @param params configuration parameters
      * @exception EBaseException failed to create subject alt name configuration
      */
     public static void getGeneralNamesConfigDefaultParams(String name,
-        boolean isValueConfigured, Vector<String> params) {
+            boolean isValueConfigured, Vector<String> params) {
         _engine.getGeneralNamesConfigDefaultParams(name,
-            isValueConfigured, params);
+                isValueConfigured, params);
     }
 
     /**
      * Retrieves extended plugin info for general name configuration.
-     *
+     * 
      * @param name configuration name
      * @param isValueConfigured true if value is configured
      * @param info configuration parameters
      * @exception EBaseException failed to create subject alt name configuration
      */
     public static void getGeneralNameConfigExtendedPluginInfo(String name,
-        boolean isValueConfigured, Vector<String> info) {
+            boolean isValueConfigured, Vector<String> info) {
         _engine.getGeneralNameConfigExtendedPluginInfo(name,
-            isValueConfigured, info);
+                isValueConfigured, info);
     }
 
     /**
      * Retrieves extended plugin info for general name configuration.
-     *
+     * 
      * @param name configuration name
      * @param isValueConfigured true if value is configured
      * @param info configuration parameters
      * @exception EBaseException failed to create subject alt name configuration
      */
     public static void getGeneralNamesConfigExtendedPluginInfo(String name,
-        boolean isValueConfigured, Vector<String> info) {
+            boolean isValueConfigured, Vector<String> info) {
         _engine.getGeneralNamesConfigExtendedPluginInfo(name,
-            isValueConfigured, info);
+                isValueConfigured, info);
     }
 
     /**
      * Created general names configuration.
-     *
+     * 
      * @param name configuration name
      * @param config configuration store
      * @param isValueConfigured true if value is configured
      * @param isPolicyEnabled true if policy is enabled
      * @exception EBaseException failed to create subject alt name configuration
      */
-    public static IGeneralNamesConfig createGeneralNamesConfig(String name, 
-        IConfigStore config, boolean isValueConfigured, 
-        boolean isPolicyEnabled) throws EBaseException {
+    public static IGeneralNamesConfig createGeneralNamesConfig(String name,
+            IConfigStore config, boolean isValueConfigured,
+            boolean isPolicyEnabled) throws EBaseException {
         return _engine.createGeneralNamesConfig(name, config, isValueConfigured,
                 isPolicyEnabled);
     }
 
     /**
      * Created general name constraints configuration.
-     *
+     * 
      * @param name configuration name
      * @param config configuration store
      * @param isValueConfigured true if value is configured
      * @param isPolicyEnabled true if policy is enabled
      * @exception EBaseException failed to create subject alt name configuration
      */
-    public static IGeneralNameAsConstraintsConfig createGeneralNameAsConstraintsConfig(String name, IConfigStore config, boolean isValueConfigured, 
-        boolean isPolicyEnabled) throws EBaseException {
+    public static IGeneralNameAsConstraintsConfig createGeneralNameAsConstraintsConfig(String name, IConfigStore config, boolean isValueConfigured,
+            boolean isPolicyEnabled) throws EBaseException {
         return _engine.createGeneralNameAsConstraintsConfig(
                 name, config, isValueConfigured, isPolicyEnabled);
     }
 
     /**
      * Created general name constraints configuration.
-     *
+     * 
      * @param name configuration name
      * @param config configuration store
      * @param isValueConfigured true if value is configured
      * @param isPolicyEnabled true if policy is enabled
      * @exception EBaseException failed to create subject alt name configuration
      */
-    public static IGeneralNamesAsConstraintsConfig createGeneralNamesAsConstraintsConfig(String name, IConfigStore config, boolean isValueConfigured, 
-        boolean isPolicyEnabled) throws EBaseException {
+    public static IGeneralNamesAsConstraintsConfig createGeneralNamesAsConstraintsConfig(String name, IConfigStore config, boolean isValueConfigured,
+            boolean isPolicyEnabled) throws EBaseException {
         return _engine.createGeneralNamesAsConstraintsConfig(
                 name, config, isValueConfigured, isPolicyEnabled);
     }
 
     /**
      * Returns the finger print of the given certificate.
-     *
-     * @param cert certificate 
+     * 
+     * @param cert certificate
      * @return finger print of certificate
      */
     public static String getFingerPrint(Certificate cert)
-        throws CertificateEncodingException, NoSuchAlgorithmException {
+            throws CertificateEncodingException, NoSuchAlgorithmException {
         return _engine.getFingerPrint(cert);
     }
 
     /**
      * Returns the finger print of the given certificate.
-     *
-     * @param certDer DER byte array of the certificate 
+     * 
+     * @param certDer DER byte array of the certificate
      * @return finger print of certificate
      */
     public static String getFingerPrints(byte[] certDer)
-        throws NoSuchAlgorithmException {
+            throws NoSuchAlgorithmException {
         return _engine.getFingerPrints(certDer);
     }
 
     /**
      * Returns the finger print of the given certificate.
-     *
-     * @param cert certificate 
+     * 
+     * @param cert certificate
      * @return finger print of certificate
      */
     public static String getFingerPrints(Certificate cert)
-        throws NoSuchAlgorithmException, CertificateEncodingException {
+            throws NoSuchAlgorithmException, CertificateEncodingException {
         return _engine.getFingerPrints(cert);
     }
 
-    /** 
-     * Creates a HTTP PKI Message that can be sent to a remote
-     * authority.
-     *
+    /**
+     * Creates a HTTP PKI Message that can be sent to a remote authority.
+     * 
      * @return a new PKI Message for remote authority
      */
     public static IPKIMessage getHttpPKIMessage() {
         return _engine.getHttpPKIMessage();
     }
 
-    /** 
-     * Creates a request encoder. A request cannot be sent to
-     * the remote authority in its regular format.
-     *
+    /**
+     * Creates a request encoder. A request cannot be sent to the remote
+     * authority in its regular format.
+     * 
      * @return a request encoder
      */
     public static IRequestEncoder getHttpRequestEncoder() {
         return _engine.getHttpRequestEncoder();
     }
 
-    /** 
+    /**
      * Converts a BER-encoded byte array into a MIME-64 encoded string.
-     *
+     * 
      * @param data data in byte array format
      * @return base-64 encoding for the data
      */
@@ -1235,9 +1231,9 @@ public final class CMS {
         return _engine.BtoA(data);
     }
 
-    /** 
+    /**
      * Converts a MIME-64 encoded string into a BER-encoded byte array.
-     *
+     * 
      * @param data base-64 encoding for the data
      * @return data data in byte array format
      */
@@ -1246,42 +1242,40 @@ public final class CMS {
     }
 
     /**
-     * Retrieves the ldap connection information from the configuration
-     * store.
-     *
+     * Retrieves the ldap connection information from the configuration store.
+     * 
      * @param config configuration parameters of ldap connection
      * @return a LDAP connection info
      */
     public static ILdapConnInfo getLdapConnInfo(IConfigStore config)
-        throws EBaseException, ELdapException {
+            throws EBaseException, ELdapException {
         return _engine.getLdapConnInfo(config);
     }
 
     /**
-     * Creates a LDAP SSL socket with the given nickname. The 
-     * certificate associated with the nickname will be used
-     * for client authentication.
-     *
+     * Creates a LDAP SSL socket with the given nickname. The certificate
+     * associated with the nickname will be used for client authentication.
+     * 
      * @param certNickname nickname of client certificate
      * @return LDAP SSL socket factory
      */
-    public static  LDAPSSLSocketFactoryExt getLdapJssSSLSocketFactory(
-        String certNickname) {
+    public static LDAPSSLSocketFactoryExt getLdapJssSSLSocketFactory(
+            String certNickname) {
         return _engine.getLdapJssSSLSocketFactory(certNickname);
     }
 
     /**
      * Creates a LDAP SSL socket.
-     *
+     * 
      * @return LDAP SSL socket factory
      */
-    public static  LDAPSSLSocketFactoryExt getLdapJssSSLSocketFactory() {
+    public static LDAPSSLSocketFactoryExt getLdapJssSSLSocketFactory() {
         return _engine.getLdapJssSSLSocketFactory();
     }
 
     /**
      * Creates a LDAP Auth Info object.
-     *
+     * 
      * @return LDAP authentication info
      */
     public static ILdapAuthInfo getLdapAuthInfo() {
@@ -1290,27 +1284,27 @@ public final class CMS {
 
     /**
      * Retrieves the LDAP connection factory.
-     *
+     * 
      * @return bound LDAP connection pool
      */
     public static ILdapConnFactory getLdapBoundConnFactory()
-        throws ELdapException {
+            throws ELdapException {
         return _engine.getLdapBoundConnFactory();
     }
 
     /**
      * Retrieves the LDAP connection factory.
-     *
+     * 
      * @return anonymous LDAP connection pool
      */
     public static ILdapConnFactory getLdapAnonConnFactory()
-        throws ELdapException {
+            throws ELdapException {
         return _engine.getLdapAnonConnFactory();
     }
 
     /**
      * Retrieves the default X.509 certificate template.
-     *
+     * 
      * @return default certificate template
      */
     public static X509CertInfo getDefaultX509CertInfo() {
@@ -1318,9 +1312,9 @@ public final class CMS {
     }
 
     /**
-     * Retrieves the certifcate in MIME-64 encoded format
-     * with header and footer.
-     *
+     * Retrieves the certifcate in MIME-64 encoded format with header and
+     * footer.
+     * 
      * @param cert certificate
      * @return base-64 format certificate
      */
@@ -1328,25 +1322,24 @@ public final class CMS {
         return _engine.getEncodedCert(cert);
     }
 
-   /**
-    * Verifies all system certs
-    *  with tags defined in <subsystemtype>.cert.list
-    */
+    /**
+     * Verifies all system certs with tags defined in <subsystemtype>.cert.list
+     */
     public static boolean verifySystemCerts() {
         return _engine.verifySystemCerts();
     }
 
-   /**
-    * Verify a system cert by tag name
-    *  with tags defined in <subsystemtype>.cert.list
-    */
+    /**
+     * Verify a system cert by tag name with tags defined in
+     * <subsystemtype>.cert.list
+     */
     public static boolean verifySystemCertByTag(String tag) {
         return _engine.verifySystemCertByTag(tag);
     }
 
-   /**
-    * Verify a system cert by certificate nickname
-    */
+    /**
+     * Verify a system cert by certificate nickname
+     */
     public static boolean verifySystemCertByNickname(String nickname, String certificateUsage) {
         return _engine.verifySystemCertByNickname(nickname, certificateUsage);
     }
@@ -1360,7 +1353,7 @@ public final class CMS {
 
     /**
      * Checks if the given certificate is a signing certificate.
-     *
+     * 
      * @param cert certificate
      * @return true if the given certificate is a signing certificate
      */
@@ -1370,7 +1363,7 @@ public final class CMS {
 
     /**
      * Checks if the given certificate is an encryption certificate.
-     *
+     * 
      * @param cert certificate
      * @return true if the given certificate is an encryption certificate
      */
@@ -1380,7 +1373,7 @@ public final class CMS {
 
     /**
      * Retrieves the email form processor.
-     *
+     * 
      * @return email form processor
      */
     public static IEmailFormProcessor getEmailFormProcessor() {
@@ -1389,7 +1382,7 @@ public final class CMS {
 
     /**
      * Retrieves the email form template.
-     *
+     * 
      * @return email template
      */
     public static IEmailTemplate getEmailTemplate(String path) {
@@ -1398,7 +1391,7 @@ public final class CMS {
 
     /**
      * Retrieves the email notification handler.
-     *
+     * 
      * @return email notification
      */
     public static IMailNotification getMailNotification() {
@@ -1407,7 +1400,7 @@ public final class CMS {
 
     /**
      * Retrieves the email key resolver.
-     *
+     * 
      * @return email key resolver
      */
     public static IEmailResolverKeys getEmailResolverKeys() {
@@ -1416,19 +1409,19 @@ public final class CMS {
 
     /**
      * Checks if the given OID is valid.
-     *
+     * 
      * @param attrName attribute name
      * @param value attribute value
      * @return object identifier of the given attrName
      */
-    public static ObjectIdentifier checkOID(String attrName, String value) 
-        throws EBaseException { 
+    public static ObjectIdentifier checkOID(String attrName, String value)
+            throws EBaseException {
         return _engine.checkOID(attrName, value);
     }
 
     /**
      * Retrieves the email resolver that checks for subjectAlternateName.
-     *
+     * 
      * @return email key resolver
      */
     public static IEmailResolver getReqCertSANameEmailResolver() {
@@ -1437,7 +1430,7 @@ public final class CMS {
 
     /**
      * Retrieves the extension pretty print handler.
-     *
+     * 
      * @param e extension
      * @param indent indentation
      * @return extension pretty print handler
@@ -1445,10 +1438,10 @@ public final class CMS {
     public static IExtPrettyPrint getExtPrettyPrint(Extension e, int indent) {
         return _engine.getExtPrettyPrint(e, indent);
     }
-   
+
     /**
      * Retrieves the certificate pretty print handler.
-     *
+     * 
      * @param delimiter delimiter
      * @return certificate pretty print handler
      */
@@ -1458,7 +1451,7 @@ public final class CMS {
 
     /**
      * Retrieves the CRL pretty print handler.
-     *
+     * 
      * @param crl CRL
      * @return CRL pretty print handler
      */
@@ -1468,7 +1461,7 @@ public final class CMS {
 
     /**
      * Retrieves the CRL cache pretty print handler.
-     *
+     * 
      * @param ip CRL issuing point
      * @return CRL pretty print handler
      */
@@ -1478,7 +1471,7 @@ public final class CMS {
 
     /**
      * Retrieves the certificate pretty print handler.
-     *
+     * 
      * @param cert certificate
      * @return certificate pretty print handler
      */
@@ -1496,7 +1489,7 @@ public final class CMS {
 
     /**
      * Retrieves the password check.
-     *
+     * 
      * @return default password checker
      */
     public static IPasswordCheck getPasswordChecker() {
@@ -1505,7 +1498,7 @@ public final class CMS {
 
     /**
      * Puts a password entry into the single-sign on cache.
-     *
+     * 
      * @param tag password tag
      * @param pw password
      */
@@ -1524,7 +1517,7 @@ public final class CMS {
 
     /**
      * Retrieves command queue
-     *
+     * 
      * @return command queue
      */
     public static ICommandQueue getCommandQueue() {
@@ -1533,25 +1526,20 @@ public final class CMS {
 
     /**
      * Loads the configuration file and starts CMS's core implementation.
-     *
+     * 
      * @param path path to configuration file (CMS.cfg)
      * @exception EBaseException failed to start CMS
      */
     public static void start(String path) throws EBaseException {
-        //FileConfigStore mainConfig = null;
-/*
-        try {
-            mainConfig = new FileConfigStore(path);
-        } catch (EBaseException e) {
-            e.printStackTrace();
-            System.out.println(
-                "Error: The Server is not fully configured.\n" +
-                "Finish configuring server using Configure Setup Wizard in " +
-                "the Certificate Server Console.");
-            System.out.println(e.toString());
-            System.exit(0);
-        }
-*/
+        // FileConfigStore mainConfig = null;
+        /*
+         * try { mainConfig = new FileConfigStore(path); } catch (EBaseException
+         * e) { e.printStackTrace(); System.out.println(
+         * "Error: The Server is not fully configured.\n" +
+         * "Finish configuring server using Configure Setup Wizard in " +
+         * "the Certificate Server Console."); System.out.println(e.toString());
+         * System.exit(0); }
+         */
 
         String classname = "com.netscape.cmscore.apps.CMSEngine";
 
@@ -1559,7 +1547,7 @@ public final class CMS {
 
         try {
             ICMSEngine engine = (ICMSEngine)
-                Class.forName(classname).newInstance();
+                    Class.forName(classname).newInstance();
 
             cms = new CMS(engine);
             IConfigStore mainConfig = createFileConfigStore(path);
@@ -1568,16 +1556,16 @@ public final class CMS {
 
         } catch (EBaseException e) { // catch everything here purposely
             CMS.debug("CMS:Caught EBaseException");
-			CMS.debug(e);
+            CMS.debug(e);
 
-            // Raidzilla Bug #57592:  Always print error message to stdout.
+            // Raidzilla Bug #57592: Always print error message to stdout.
             System.out.println(e.toString());
 
             shutdown();
             throw e;
-        } catch (Exception e) { // catch everything here purposely 
-            ByteArrayOutputStream bos = new ByteArrayOutputStream(); 
-            PrintStream ps = new PrintStream(bos); 
+        } catch (Exception e) { // catch everything here purposely
+            ByteArrayOutputStream bos = new ByteArrayOutputStream();
+            PrintStream ps = new PrintStream(bos);
 
             e.printStackTrace(ps);
             System.out.println(Constants.SERVER_SHUTDOWN_MESSAGE);
@@ -1609,7 +1597,7 @@ public final class CMS {
     public static void setListOfVerifiedCerts(int size, long interval, long unknownStateInterval) {
         _engine.setListOfVerifiedCerts(size, interval, unknownStateInterval);
     }
- 
+
     public static IPasswordStore getPasswordStore() {
         return _engine.getPasswordStore();
     }
diff --git a/pki/base/common/src/com/netscape/certsrv/apps/ICMSEngine.java b/pki/base/common/src/com/netscape/certsrv/apps/ICMSEngine.java
index 7f5e4605..b764e7a4 100644
--- a/pki/base/common/src/com/netscape/certsrv/apps/ICMSEngine.java
+++ b/pki/base/common/src/com/netscape/certsrv/apps/ICMSEngine.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.apps;
 
-
 import java.math.BigInteger;
 import java.security.NoSuchAlgorithmException;
 import java.security.cert.Certificate;
@@ -81,135 +80,135 @@ import com.netscape.cmsutil.net.ISocketFactory;
 import com.netscape.cmsutil.password.IPasswordStore;
 
 /**
- * This interface represents the CMS core framework. The
- * framework contains a set of services that provide
- * the foundation of a security application.
+ * This interface represents the CMS core framework. The framework contains a
+ * set of services that provide the foundation of a security application.
  * <p>
- * The engine implementation is loaded by CMS at startup.
- * It is responsible for starting up all the related
- * subsystems.
+ * The engine implementation is loaded by CMS at startup. It is responsible for
+ * starting up all the related subsystems.
  * <p>
- *
+ * 
  * @version $Revision$, $Date$
  */
 public interface ICMSEngine extends ISubsystem {
 
     /**
      * Gets this ID .
-     *
+     * 
      * @return CMS engine identifier
      */
     public String getId();
 
     /**
-     * Sets the identifier of this subsystem. Should never be called.
-     * Returns error.
-     *
+     * Sets the identifier of this subsystem. Should never be called. Returns
+     * error.
+     * 
      * @param id CMS engine identifier
      */
     public void setId(String id) throws EBaseException;
 
     /**
      * Retrieves the process id of this server.
-     *
+     * 
      * @return process id of the server
      */
     public int getpid();
 
     public void reinit(String id) throws EBaseException;
+
     public int getCSState();
+
     public void setCSState(int mode);
+
     public boolean isPreOpMode();
+
     public boolean isRunningMode();
+
     /**
      * Retrieves the instance roort path of this server.
-     *
+     * 
      * @return instance directory path name
      */
     public String getInstanceDir();
 
     /**
-     * Returns a server wide system time. Plugins should call
-     * this method to retrieve system time.
-     *
+     * Returns a server wide system time. Plugins should call this method to
+     * retrieve system time.
+     * 
      * @return current time
      */
     public Date getCurrentDate();
 
     /**
      * Retrieves time server started up.
-     *
+     * 
      * @return last startup time
      */
     public long getStartupTime();
 
     /**
-     * Is the server in running state. After server startup, the
-     * server will be initialization state first. After the
-     * initialization state, the server will be in the running
-     * state.
-     *
+     * Is the server in running state. After server startup, the server will be
+     * initialization state first. After the initialization state, the server
+     * will be in the running state.
+     * 
      * @return true if the server is in the running state
      */
     public boolean isInRunningState();
 
     /**
      * Returns the names of all the registered subsystems.
-     *
+     * 
      * @return a list of string-based subsystem names
      */
     public Enumeration<String> getSubsystemNames();
 
     /**
      * Returns all the registered subsystems.
-     *
+     * 
      * @return a list of ISubsystem-based subsystems
      */
     public Enumeration<ISubsystem> getSubsystems();
 
     /**
      * Retrieves the registered subsytem with the given name.
-     *
+     * 
      * @param name subsystem name
      * @return subsystem of the given name
      */
     public ISubsystem getSubsystem(String name);
 
     /**
-     * Returns the logger of the current server. The logger can
-     * be used to log critical informational or critical error
-     * messages.
-     *
+     * Returns the logger of the current server. The logger can be used to log
+     * critical informational or critical error messages.
+     * 
      * @return logger
      */
     public ILogger getLogger();
 
     /**
-     * Returns the signed audit logger of the current server. This logger can
-     * be used to log critical informational or critical error
-     * messages.
-     *
+     * Returns the signed audit logger of the current server. This logger can be
+     * used to log critical informational or critical error messages.
+     * 
      * @return signed audit logger
      */
     public ILogger getSignedAuditLogger();
 
     /**
      * Puts data of an byte array into the debug file.
-     *
+     * 
      * @param data byte array to be recorded in the debug file
      */
     public void debug(byte data[]);
 
     /**
      * Puts a message into the debug file.
-     *
+     * 
      * @param msg debugging message
      */
     public void debug(String msg);
 
     /**
      * Puts a message into the debug file.
-     *
+     * 
      * @param level 0-10
      * @param msg debugging message
      */
@@ -217,14 +216,14 @@ public interface ICMSEngine extends ISubsystem {
 
     /**
      * Puts an exception into the debug file.
-     *
+     * 
      * @param e exception
      */
     public void debug(Throwable e);
 
     /**
      * Checks if the debug mode is on or not.
-     *
+     * 
      * @return true if debug mode is on
      */
     public boolean debugOn();
@@ -234,20 +233,20 @@ public interface ICMSEngine extends ISubsystem {
      */
     public void debugStackTrace();
 
-	
-	/**
-	 * Dump name/value pair debug information to debug file
-	 */
+    /**
+     * Dump name/value pair debug information to debug file
+     */
     public void traceHashKey(String type, String key);
+
     public void traceHashKey(String type, String key, String val);
-    public void traceHashKey(String type, String key, String val, String def);
 
+    public void traceHashKey(String type, String key, String val, String def);
 
     public byte[] getPKCS7(Locale locale, IRequest req);
 
     /**
      * Retrieves the localized user message from UserMessages.properties.
-     *
+     * 
      * @param locale end-user locale
      * @param msgID message id defined in UserMessages.properties
      * @return localized user message
@@ -256,7 +255,7 @@ public interface ICMSEngine extends ISubsystem {
 
     /**
      * Retrieves the localized user message from UserMessages.properties.
-     *
+     * 
      * @param locale end-user locale
      * @param msgID message id defined in UserMessages.properties
      * @param p an array of parameters
@@ -266,7 +265,7 @@ public interface ICMSEngine extends ISubsystem {
 
     /**
      * Retrieves the localized user message from UserMessages.properties.
-     *
+     * 
      * @param locale end-user locale
      * @param msgID message id defined in UserMessages.properties
      * @param p1 1st parameter
@@ -276,7 +275,7 @@ public interface ICMSEngine extends ISubsystem {
 
     /**
      * Retrieves the localized user message from UserMessages.properties.
-     *
+     * 
      * @param locale end-user locale
      * @param msgID message id defined in UserMessages.properties
      * @param p1 1st parameter
@@ -287,7 +286,7 @@ public interface ICMSEngine extends ISubsystem {
 
     /**
      * Retrieves the localized user message from UserMessages.properties.
-     *
+     * 
      * @param locale end-user locale
      * @param msgID message id defined in UserMessages.properties
      * @param p1 1st parameter
@@ -299,7 +298,7 @@ public interface ICMSEngine extends ISubsystem {
 
     /**
      * Retrieves the centralized log message from LogMessages.properties.
-     *
+     * 
      * @param msgID message id defined in LogMessages.properties
      * @return localized log message
      */
@@ -307,7 +306,7 @@ public interface ICMSEngine extends ISubsystem {
 
     /**
      * Retrieves the centralized log message from LogMessages.properties.
-     *
+     * 
      * @param msgID message id defined in LogMessages.properties
      * @param p an array of parameters
      * @return localized log message
@@ -316,7 +315,7 @@ public interface ICMSEngine extends ISubsystem {
 
     /**
      * Retrieves the centralized log message from LogMessages.properties.
-     *
+     * 
      * @param msgID message id defined in LogMessages.properties
      * @param p1 1st parameter
      * @return localized log message
@@ -325,7 +324,7 @@ public interface ICMSEngine extends ISubsystem {
 
     /**
      * Retrieves the centralized log message from LogMessages.properties.
-     *
+     * 
      * @param msgID message id defined in LogMessages.properties
      * @param p1 1st parameter
      * @param p2 2nd parameter
@@ -335,7 +334,7 @@ public interface ICMSEngine extends ISubsystem {
 
     /**
      * Retrieves the centralized log message from LogMessages.properties.
-     *
+     * 
      * @param msgID message id defined in LogMessages.properties
      * @param p1 1st parameter
      * @param p2 2nd parameter
@@ -346,7 +345,7 @@ public interface ICMSEngine extends ISubsystem {
 
     /**
      * Retrieves the centralized log message from LogMessages.properties.
-     *
+     * 
      * @param msgID message id defined in LogMessages.properties
      * @param p1 1st parameter
      * @param p2 2nd parameter
@@ -358,7 +357,7 @@ public interface ICMSEngine extends ISubsystem {
 
     /**
      * Retrieves the centralized log message from LogMessages.properties.
-     *
+     * 
      * @param msgID message id defined in LogMessages.properties
      * @param p1 1st parameter
      * @param p2 2nd parameter
@@ -371,7 +370,7 @@ public interface ICMSEngine extends ISubsystem {
 
     /**
      * Retrieves the centralized log message from LogMessages.properties.
-     *
+     * 
      * @param msgID message id defined in LogMessages.properties
      * @param p1 1st parameter
      * @param p2 2nd parameter
@@ -385,7 +384,7 @@ public interface ICMSEngine extends ISubsystem {
 
     /**
      * Retrieves the centralized log message from LogMessages.properties.
-     *
+     * 
      * @param msgID message id defined in LogMessages.properties
      * @param p1 1st parameter
      * @param p2 2nd parameter
@@ -400,7 +399,7 @@ public interface ICMSEngine extends ISubsystem {
 
     /**
      * Retrieves the centralized log message from LogMessages.properties.
-     *
+     * 
      * @param msgID message id defined in LogMessages.properties
      * @param p1 1st parameter
      * @param p2 2nd parameter
@@ -416,7 +415,7 @@ public interface ICMSEngine extends ISubsystem {
 
     /**
      * Retrieves the centralized log message from LogMessages.properties.
-     *
+     * 
      * @param msgID message id defined in LogMessages.properties
      * @param p1 1st parameter
      * @param p2 2nd parameter
@@ -433,8 +432,10 @@ public interface ICMSEngine extends ISubsystem {
 
     /**
      * Parse ACL resource attributes
+     * 
      * @param resACLs same format as the resourceACLs attribute:
-     * <PRE>
+     * 
+     *            <PRE>
      *     <resource name>:<permission1,permission2,...permissionn>:
      *     <allow|deny> (<subset of the permission set>) <evaluator expression>
      * </PRE>
@@ -445,71 +446,71 @@ public interface ICMSEngine extends ISubsystem {
 
     /**
      * Creates an issuing poing record.
-     *
+     * 
      * @return issuing record
      */
     public ICRLIssuingPointRecord createCRLIssuingPointRecord(String id, BigInteger crlNumber, Long crlSize, Date thisUpdate, Date nextUpdate);
 
     /**
      * Retrieves the default CRL issuing point record name.
-     *
+     * 
      * @return CRL issuing point record name
      */
     public String getCRLIssuingPointRecordName();
 
     /**
      * Returns the finger print of the given certificate.
-     *
+     * 
      * @param cert certificate
      * @return finger print of certificate
      */
     public String getFingerPrint(Certificate cert)
-        throws CertificateEncodingException, NoSuchAlgorithmException;
+            throws CertificateEncodingException, NoSuchAlgorithmException;
 
     /**
      * Returns the finger print of the given certificate.
-     *
+     * 
      * @param cert certificate
      * @return finger print of certificate
      */
     public String getFingerPrints(Certificate cert)
-        throws NoSuchAlgorithmException, CertificateEncodingException;
+            throws NoSuchAlgorithmException, CertificateEncodingException;
 
-	/*
+    /*
      * Returns the finger print of the given certificate.
-     *
+     * 
      * @param certDer DER byte array of certificate
+     * 
      * @return finger print of certificate
      */
     public String getFingerPrints(byte[] certDer)
-		 throws NoSuchAlgorithmException;
+            throws NoSuchAlgorithmException;
 
     /**
      * Creates a repository record in the internal database.
-     *
+     * 
      * @return repository record
      */
     public IRepositoryRecord createRepositoryRecord();
 
     /**
-     * Creates a HTTP PKI Message that can be sent to a remote
-     * authority.
-     *
+     * Creates a HTTP PKI Message that can be sent to a remote authority.
+     * 
      * @return a new PKI Message for remote authority
      */
     public IPKIMessage getHttpPKIMessage();
 
     /**
-     * Creates a request encoder. A request cannot be sent to
-     * the remote authority in its regular format.
-     *
+     * Creates a request encoder. A request cannot be sent to the remote
+     * authority in its regular format.
+     * 
      * @return a request encoder
      */
     public IRequestEncoder getHttpRequestEncoder();
 
     /**
      * Converts a BER-encoded byte array into a MIME-64 encoded string.
-     *
+     * 
      * @param data data in byte array format
      * @return base-64 encoding for the data
      */
@@ -517,16 +518,16 @@ public interface ICMSEngine extends ISubsystem {
 
     /**
      * Converts a MIME-64 encoded string into a BER-encoded byte array.
-     *
+     * 
      * @param data base-64 encoding for the data
      * @return data data in byte array format
      */
     public byte[] AtoB(String data);
 
     /**
-     * Retrieves the certifcate in MIME-64 encoded format
-     * with header and footer.
-     *
+     * Retrieves the certifcate in MIME-64 encoded format with header and
+     * footer.
+     * 
      * @param cert certificate
      * @return base-64 format certificate
      */
@@ -534,7 +535,7 @@ public interface ICMSEngine extends ISubsystem {
 
     /**
      * Retrieves the certificate pretty print handler.
-     *
+     * 
      * @param delimiter delimiter
      * @return certificate pretty print handler
      */
@@ -542,7 +543,7 @@ public interface ICMSEngine extends ISubsystem {
 
     /**
      * Retrieves the extension pretty print handler.
-     *
+     * 
      * @param e extension
      * @param indent indentation
      * @return extension pretty print handler
@@ -551,7 +552,7 @@ public interface ICMSEngine extends ISubsystem {
 
     /**
      * Retrieves the certificate pretty print handler.
-     *
+     * 
      * @param cert certificate
      * @return certificate pretty print handler
      */
@@ -559,7 +560,7 @@ public interface ICMSEngine extends ISubsystem {
 
     /**
      * Retrieves the CRL pretty print handler.
-     *
+     * 
      * @param crl CRL
      * @return CRL pretty print handler
      */
@@ -567,50 +568,48 @@ public interface ICMSEngine extends ISubsystem {
 
     /**
      * Retrieves the CRL cache pretty print handler.
-     *
+     * 
      * @param ip CRL issuing point
      * @return CRL pretty print handler
      */
     public ICRLPrettyPrint getCRLCachePrettyPrint(ICRLIssuingPoint ip);
 
     /**
-     * Retrieves the ldap connection information from the configuration
-     * store.
-     *
+     * Retrieves the ldap connection information from the configuration store.
+     * 
      * @param config configuration parameters of ldap connection
      * @return a LDAP connection info
      */
-    public  ILdapConnInfo getLdapConnInfo(IConfigStore config)
-        throws EBaseException, ELdapException;
+    public ILdapConnInfo getLdapConnInfo(IConfigStore config)
+            throws EBaseException, ELdapException;
 
     /**
-     * Creates a LDAP SSL socket with the given nickname. The
-     * certificate associated with the nickname will be used
-     * for client authentication.
-     *
+     * Creates a LDAP SSL socket with the given nickname. The certificate
+     * associated with the nickname will be used for client authentication.
+     * 
      * @param certNickname nickname of client certificate
      * @return LDAP SSL socket factory
      */
-    public   LDAPSSLSocketFactoryExt getLdapJssSSLSocketFactory(
-        String certNickname);
+    public LDAPSSLSocketFactoryExt getLdapJssSSLSocketFactory(
+            String certNickname);
 
     /**
      * Creates a LDAP SSL socket.
-     *
+     * 
      * @return LDAP SSL socket factory
      */
-    public  LDAPSSLSocketFactoryExt getLdapJssSSLSocketFactory();
+    public LDAPSSLSocketFactoryExt getLdapJssSSLSocketFactory();
 
     /**
      * Creates a LDAP Auth Info object.
-     *
+     * 
      * @return LDAP authentication info
      */
     public ILdapAuthInfo getLdapAuthInfo();
 
     /**
      * Retrieves the LDAP connection factory.
-     *
+     * 
      * @return bound LDAP connection pool
      */
     public ILdapConnFactory getLdapBoundConnFactory() throws ELdapException;
@@ -618,23 +617,24 @@ public interface ICMSEngine extends ISubsystem {
     public LDAPConnection getBoundConnection(String host, int port,
                int version, LDAPSSLSocketFactoryExt fac, String bindDN,
                String bindPW) throws LDAPException;
+
     /**
      * Retrieves the LDAP connection factory.
-     *
+     * 
      * @return anonymous LDAP connection pool
      */
     public ILdapConnFactory getLdapAnonConnFactory() throws ELdapException;
 
     /**
      * Retrieves the password check.
-     *
+     * 
      * @return default password checker
      */
     public IPasswordCheck getPasswordChecker();
 
     /**
      * Puts a password entry into the single-sign on cache.
-     *
+     * 
      * @param tag password tag
      * @param pw password
      */
@@ -642,21 +642,21 @@ public interface ICMSEngine extends ISubsystem {
 
     /**
      * Retrieves the password callback.
-     *
+     * 
      * @return default password callback
      */
     public PasswordCallback getPasswordCallback();
 
     /**
      * Retrieves the nickname of the server's server certificate.
-     *
+     * 
      * @return nickname of the server certificate
      */
     public String getServerCertNickname();
 
     /**
      * Sets the nickname of the server's server certificate.
-     *
+     * 
      * @param tokenName name of token where the certificate is located
      * @param nickName name of server certificate
      */
@@ -664,137 +664,142 @@ public interface ICMSEngine extends ISubsystem {
 
     /**
      * Sets the nickname of the server's server certificate.
-     *
+     * 
      * @param newName new nickname of server certificate
      */
     public void setServerCertNickname(String newName);
 
     /**
      * Retrieves the host name of the server's secure end entity service.
-     *
+     * 
      * @return host name of end-entity service
      */
     public String getEEHost();
 
     /**
      * Retrieves the host name of the server's non-secure end entity service.
-     *
+     * 
      * @return host name of end-entity non-secure service
      */
     public String getEENonSSLHost();
 
     /**
      * Retrieves the IP address of the server's non-secure end entity service.
-     *
+     * 
      * @return ip address of end-entity non-secure service
      */
     public String getEENonSSLIP();
 
     /**
      * Retrieves the port number of the server's non-secure end entity service.
-     *
+     * 
      * @return port of end-entity non-secure service
      */
     public String getEENonSSLPort();
 
     /**
      * Retrieves the host name of the server's secure end entity service.
-     *
+     * 
      * @return port of end-entity secure service
      */
     public String getEESSLHost();
 
     /**
      * Retrieves the IP address of the server's secure end entity service.
-     *
+     * 
      * @return ip address of end-entity secure service
      */
     public String getEESSLIP();
 
     /**
      * Retrieves the port number of the server's secure end entity service.
-     *
+     * 
      * @return port of end-entity secure service
      */
     public String getEESSLPort();
 
     /**
-     * Retrieves the port number of the server's client auth secure end entity service.
-     *
+     * Retrieves the port number of the server's client auth secure end entity
+     * service.
+     * 
      * @return port of end-entity client auth secure service
      */
     public String getEEClientAuthSSLPort();
 
     /**
      * Retrieves the host name of the server's agent service.
-     *
+     * 
      * @return host name of agent service
      */
     public String getAgentHost();
 
     /**
      * Retrieves the IP address of the server's agent service.
-     *
+     * 
      * @return ip address of agent service
      */
     public String getAgentIP();
 
     /**
      * Retrieves the port number of the server's agent service.
-     *
+     * 
      * @return port of agent service
      */
     public String getAgentPort();
 
     /**
      * Retrieves the host name of the server's administration service.
-     *
+     * 
      * @return host name of administration service
      */
     public String getAdminHost();
 
     /**
      * Retrieves the IP address of the server's administration service.
-     *
+     * 
      * @return ip address of administration service
      */
     public String getAdminIP();
 
     /**
      * Retrieves the port number of the server's administration service.
-     *
+     * 
      * @return port of administration service
      */
     public String getAdminPort();
 
     /**
      * Verifies all system certificates
+     * 
      * @return true if all passed, false otherwise
      */
-     public boolean verifySystemCerts();
+    public boolean verifySystemCerts();
 
     /**
-     * Verifies a system certificate by its tag name
-     * as defined in <subsystemtype>.cert.list
+     * Verifies a system certificate by its tag name as defined in
+     * <subsystemtype>.cert.list
+     * 
      * @return true if passed, false otherwise
      */
     public boolean verifySystemCertByTag(String tag);
 
     /**
      * Verifies a system certificate by its nickname
+     * 
      * @return true if passed, false otherwise
      */
     public boolean verifySystemCertByNickname(String nickname, String certificateUsage);
 
     /**
      * get the CertificateUsage as defined in JSS CryptoManager
+     * 
      * @return CertificateUsage as defined in JSS CryptoManager
      */
     public CertificateUsage getCertificateUsage(String certusage);
 
     /**
      * Checks if the given certificate is a signing certificate.
-     *
+     * 
      * @param cert certificate
      * @return true if the given certificate is a signing certificate
      */
@@ -802,7 +807,7 @@ public interface ICMSEngine extends ISubsystem {
 
     /**
      * Checks if the given certificate is an encryption certificate.
-     *
+     * 
      * @param cert certificate
      * @return true if the given certificate is an encryption certificate
      */
@@ -810,209 +815,209 @@ public interface ICMSEngine extends ISubsystem {
 
     /**
      * Retrieves the default X.509 certificate template.
-     *
+     * 
      * @return default certificate template
      */
     public X509CertInfo getDefaultX509CertInfo();
 
     /**
      * Retrieves the email form processor.
-     *
+     * 
      * @return email form processor
      */
     public IEmailFormProcessor getEmailFormProcessor();
 
     /**
      * Retrieves the email form template.
-     *
+     * 
      * @return email template
      */
     public IEmailTemplate getEmailTemplate(String path);
 
     /**
      * Retrieves the email notification handler.
-     *
+     * 
      * @return email notification
      */
     public IMailNotification getMailNotification();
 
     /**
      * Retrieves the email key resolver.
-     *
+     * 
      * @return email key resolver
      */
     public IEmailResolverKeys getEmailResolverKeys();
 
     /**
      * Retrieves the email resolver that checks for subjectAlternateName.
-     *
+     * 
      * @return email key resolver
      */
     public IEmailResolver getReqCertSANameEmailResolver();
 
     /**
      * Checks if the given OID is valid.
-     *
+     * 
      * @param attrName attribute name
      * @param value attribute value
      * @return object identifier of the given attrName
      */
     public ObjectIdentifier checkOID(String attrName, String value)
-        throws EBaseException;
+            throws EBaseException;
 
     /**
      * Creates a general name constraints.
-     *
+     * 
      * @param generalNameChoice type of general name
      * @param value general name string
      * @return general name object
      * @exception EBaseException failed to create general name constraint
      */
-    public  GeneralName form_GeneralNameAsConstraints(String generalNameChoice, String value) throws EBaseException;
+    public GeneralName form_GeneralNameAsConstraints(String generalNameChoice, String value) throws EBaseException;
 
     /**
      * Creates a general name.
-     *
+     * 
      * @param generalNameChoice type of general name
      * @param value general name string
      * @return general name object
      * @exception EBaseException failed to create general name
      */
-    public  GeneralName form_GeneralName(String generalNameChoice,
-        String value) throws EBaseException;
+    public GeneralName form_GeneralName(String generalNameChoice,
+            String value) throws EBaseException;
 
     /**
      * Retrieves default general name configuration.
-     *
+     * 
      * @param name configuration name
      * @param isValueConfigured true if value is configured
      * @param params configuration parameters
      * @exception EBaseException failed to create subject alt name configuration
      */
-    public  void getGeneralNameConfigDefaultParams(String name,
-        boolean isValueConfigured, Vector<String> params);
+    public void getGeneralNameConfigDefaultParams(String name,
+            boolean isValueConfigured, Vector<String> params);
 
     /**
      * Retrieves default general names configuration.
-     *
+     * 
      * @param name configuration name
      * @param isValueConfigured true if value is configured
      * @param params configuration parameters
      * @exception EBaseException failed to create subject alt name configuration
      */
-    public  void getGeneralNamesConfigDefaultParams(String name,
-        boolean isValueConfigured, Vector<String> params);
+    public void getGeneralNamesConfigDefaultParams(String name,
+            boolean isValueConfigured, Vector<String> params);
 
     /**
      * Retrieves extended plugin info for general name configuration.
-     *
+     * 
      * @param name configuration name
      * @param isValueConfigured true if value is configured
      * @param info configuration parameters
      * @exception EBaseException failed to create subject alt name configuration
      */
-    public  void getGeneralNameConfigExtendedPluginInfo(String name,
-        boolean isValueConfigured, Vector<String> info);
+    public void getGeneralNameConfigExtendedPluginInfo(String name,
+            boolean isValueConfigured, Vector<String> info);
 
     /**
      * Retrieves extended plugin info for general name configuration.
-     *
+     * 
      * @param name configuration name
      * @param isValueConfigured true if value is configured
      * @param info configuration parameters
      * @exception EBaseException failed to create subject alt name configuration
      */
-    public  void getGeneralNamesConfigExtendedPluginInfo(String name,
-        boolean isValueConfigured, Vector<String> info);
+    public void getGeneralNamesConfigExtendedPluginInfo(String name,
+            boolean isValueConfigured, Vector<String> info);
 
     /**
      * Created general names configuration.
-     *
+     * 
      * @param name configuration name
      * @param config configuration store
      * @param isValueConfigured true if value is configured
      * @param isPolicyEnabled true if policy is enabled
      * @exception EBaseException failed to create subject alt name configuration
      */
-    public  IGeneralNamesConfig createGeneralNamesConfig(String name,
-        IConfigStore config, boolean isValueConfigured,
-        boolean isPolicyEnabled) throws EBaseException;
+    public IGeneralNamesConfig createGeneralNamesConfig(String name,
+            IConfigStore config, boolean isValueConfigured,
+            boolean isPolicyEnabled) throws EBaseException;
 
     /**
      * Created general name constraints configuration.
-     *
+     * 
      * @param name configuration name
      * @param config configuration store
      * @param isValueConfigured true if value is configured
      * @param isPolicyEnabled true if policy is enabled
      * @exception EBaseException failed to create subject alt name configuration
      */
-    public  IGeneralNameAsConstraintsConfig createGeneralNameAsConstraintsConfig(String name, IConfigStore config, boolean isValueConfigured,
-        boolean isPolicyEnabled) throws EBaseException;
+    public IGeneralNameAsConstraintsConfig createGeneralNameAsConstraintsConfig(String name, IConfigStore config, boolean isValueConfigured,
+            boolean isPolicyEnabled) throws EBaseException;
 
     /**
      * Created general name constraints configuration.
-     *
+     * 
      * @param name configuration name
      * @param config configuration store
      * @param isValueConfigured true if value is configured
      * @param isPolicyEnabled true if policy is enabled
      * @exception EBaseException failed to create subject alt name configuration
      */
-    public  IGeneralNamesAsConstraintsConfig createGeneralNamesAsConstraintsConfig(String name, IConfigStore config, boolean isValueConfigured,
-        boolean isPolicyEnabled) throws EBaseException;
+    public IGeneralNamesAsConstraintsConfig createGeneralNamesAsConstraintsConfig(String name, IConfigStore config, boolean isValueConfigured,
+            boolean isPolicyEnabled) throws EBaseException;
 
     /**
      * Get default parameters for subject alt name configuration.
-     *
+     * 
      * @param name configuration name
      * @param params configuration parameters
      */
-    public  void getSubjAltNameConfigDefaultParams(String name, Vector<String> params);
+    public void getSubjAltNameConfigDefaultParams(String name, Vector<String> params);
 
     /**
      * Get extended plugin info for subject alt name configuration.
-     *
+     * 
      * @param name configuration name
      * @param params configuration parameters
      */
-    public  void getSubjAltNameConfigExtendedPluginInfo(String name, Vector<String> params);
+    public void getSubjAltNameConfigExtendedPluginInfo(String name, Vector<String> params);
 
     /**
      * Creates subject alt name configuration.
-     *
+     * 
      * @param name configuration name
      * @param config configuration store
      * @param isValueConfigured true if value is configured
      * @exception EBaseException failed to create subject alt name configuration
      */
-    public  ISubjAltNameConfig createSubjAltNameConfig(String name, IConfigStore config, boolean isValueConfigured) throws EBaseException;
+    public ISubjAltNameConfig createSubjAltNameConfig(String name, IConfigStore config, boolean isValueConfigured) throws EBaseException;
 
     /**
      * Retrieves the HTTP Connection for use with connector.
-     *
+     * 
      * @param authority remote authority
      * @param factory socket factory
      * @return http connection to the remote authority
      */
     public IHttpConnection getHttpConnection(IRemoteAuthority authority,
-        ISocketFactory factory);
+            ISocketFactory factory);
 
     /**
      * Retrieves the HTTP Connection for use with connector.
-     *
+     * 
      * @param authority remote authority
      * @param factory socket factory
      * @param timeout return error if connection cannot be established within
-     *       the timeout period
+     *            the timeout period
      * @return http connection to the remote authority
      */
     public IHttpConnection getHttpConnection(IRemoteAuthority authority,
-        ISocketFactory factory, int timeout);
+            ISocketFactory factory, int timeout);
 
     /**
      * Retrieves the request sender for use with connector.
-     *
+     * 
      * @param authority local authority
      * @param nickname nickname of the client certificate
      * @param remote remote authority
@@ -1020,11 +1025,11 @@ public interface ICMSEngine extends ISubsystem {
      * @return resender
      */
     public IResender getResender(IAuthority authority, String nickname,
-        IRemoteAuthority remote, int interval);
+            IRemoteAuthority remote, int interval);
 
     /**
      * Retrieves command queue
-     *
+     * 
      * @return command queue
      */
     public ICommandQueue getCommandQueue();
@@ -1040,22 +1045,23 @@ public interface ICMSEngine extends ISubsystem {
     public void terminateRequests();
 
     /**
-     * Checks to ensure that all new incoming requests have been blocked.
-     * This method is used for reentrancy protection.
+     * Checks to ensure that all new incoming requests have been blocked. This
+     * method is used for reentrancy protection.
      * <P>
-     *
+     * 
      * @return true or false
      */
     public boolean areRequestsDisabled();
 
     /**
      * Create configuration file.
-     *
+     * 
      * @param path configuration path
      * @return configuration store
      * @exception EBaseException failed to create file
      */
     public IConfigStore createFileConfigStore(String path) throws EBaseException;
+
     /**
      * Creates argument block.
      */
@@ -1072,31 +1078,30 @@ public interface ICMSEngine extends ISubsystem {
     public IArgBlock createArgBlock(Hashtable<String, String> httpReq);
 
     /**
-     * Checks against the local certificate repository to see 
-     * if the certificates are revoked.
-     *
+     * Checks against the local certificate repository to see if the
+     * certificates are revoked.
+     * 
      * @param certificates certificates
-     * @return true if certificate is revoked in the local 
-     *        certificate repository
+     * @return true if certificate is revoked in the local certificate
+     *         repository
      */
     public boolean isRevoked(X509Certificate[] certificates);
 
     /**
      * Sets list of verified certificates
-     *
+     * 
      * @param size size of verified certificates list
-     * @param interval interval in which certificate is not recheck
-     *        against local certificate repository
-     * @param unknownStateInterval interval in which certificate
-     *        may not recheck against local certificate repository
+     * @param interval interval in which certificate is not recheck against
+     *            local certificate repository
+     * @param unknownStateInterval interval in which certificate may not recheck
+     *            against local certificate repository
      */
     public void setListOfVerifiedCerts(int size, long interval, long unknownStateInterval);
 
     /**
-    * Performs graceful shutdown of CMS.
-    * Subsystems are shutdown in reverse order.
-    * Exceptions are ignored.
-    */
+     * Performs graceful shutdown of CMS. Subsystems are shutdown in reverse
+     * order. Exceptions are ignored.
+     */
     public void forceShutdown();
 
     public IPasswordStore getPasswordStore();
@@ -1107,4 +1112,3 @@ public interface ICMSEngine extends ISubsystem {
 
     public String getConfigSDSessionId();
 }
-
diff --git a/pki/base/common/src/com/netscape/certsrv/apps/ICommandQueue.java b/pki/base/common/src/com/netscape/certsrv/apps/ICommandQueue.java
index f41b2989..97d942c6 100644
--- a/pki/base/common/src/com/netscape/certsrv/apps/ICommandQueue.java
+++ b/pki/base/common/src/com/netscape/certsrv/apps/ICommandQueue.java
@@ -21,12 +21,9 @@ import javax.servlet.Servlet;
 
 import com.netscape.cms.servlet.common.CMSRequest;
 
-
-
-
 /**
- * This interface represents a command queue for registeration
- * and unregisteration proccess for clean shutdown
+ * This interface represents a command queue for registeration and
+ * unregisteration proccess for clean shutdown
  * 
  * @version $Revision$, $Date$
  */
@@ -34,17 +31,18 @@ public interface ICommandQueue {
 
     /**
      * Registers a thread into the command queue.
-     *
+     * 
      * @param currentRequest request object
      * @param currentServlet servlet that serves the request object
      */
     public boolean registerProcess(CMSRequest currentRequest, Servlet currentServlet);
+
     /**
      * UnRegisters a thread from the command queue.
-     *
+     * 
      * @param currentRequest request object
      * @param currentServlet servlet that serves the request object
      */
     public void unRegisterProccess(Object currentRequest, Object currentServlet);
-            
+
 } // CommandQueue
diff --git a/pki/base/common/src/com/netscape/certsrv/authentication/AuthCredentials.java b/pki/base/common/src/com/netscape/certsrv/authentication/AuthCredentials.java
index de124a38..c13ec073 100644
--- a/pki/base/common/src/com/netscape/certsrv/authentication/AuthCredentials.java
+++ b/pki/base/common/src/com/netscape/certsrv/authentication/AuthCredentials.java
@@ -23,10 +23,10 @@ import java.util.Hashtable;
 import com.netscape.certsrv.base.IArgBlock;
 
 /**
- * Authentication Credentials as input to the authMgr. It contains all the 
+ * Authentication Credentials as input to the authMgr. It contains all the
  * information required for authentication in the authMgr.
  * <P>
- *
+ * 
  * @version $Revision$, $Date$
  */
 public class AuthCredentials implements IAuthCredentials {
@@ -34,7 +34,7 @@ public class AuthCredentials implements IAuthCredentials {
     private static final long serialVersionUID = 5862936214648594328L;
     private Hashtable<String, Object> authCreds = null;
     private IArgBlock argblk = null;
-    
+
     /**
      * Constructor
      */
@@ -43,7 +43,9 @@ public class AuthCredentials implements IAuthCredentials {
     }
 
     /**
-     * Sets an authentication credential with credential name and the credential object
+     * Sets an authentication credential with credential name and the credential
+     * object
+     * 
      * @param name credential name
      * @param cred credential object
      */
@@ -54,7 +56,8 @@ public class AuthCredentials implements IAuthCredentials {
 
     /**
      * Returns the credential to which the specified name is mapped in this
-     *	 credential set
+     * credential set
+     * 
      * @param name credential name
      * @return the authentication credential for the given name
      */
@@ -63,9 +66,10 @@ public class AuthCredentials implements IAuthCredentials {
     }
 
     /**
-     * Removes the name and its corresponding credential from this
-     *	 credential set.  This method does nothing if the named
-     *	 credential is not in the credential set.
+     * Removes the name and its corresponding credential from this credential
+     * set. This method does nothing if the named credential is not in the
+     * credential set.
+     * 
      * @param name credential name
      */
     public void delete(String name) {
@@ -73,29 +77,29 @@ public class AuthCredentials implements IAuthCredentials {
     }
 
     /**
-     * Returns an enumeration of the credentials in this credential
-     * set. Use the Enumeration methods on the returned object to
-     * fetch the elements sequentially.
+     * Returns an enumeration of the credentials in this credential set. Use the
+     * Enumeration methods on the returned object to fetch the elements
+     * sequentially.
+     * 
      * @return an enumeration of the values in this credential set
      */
     public Enumeration<Object> getElements() {
         return (authCreds.elements());
     }
-    
+
     /**
-     * Set the given argblock
-i    * @param blk the given argblock.
+     * Set the given argblock i * @param blk the given argblock.
      */
     public void setArgBlock(IArgBlock blk) {
         argblk = blk;
-    }        
+    }
 
     /**
      * Returns the argblock.
+     * 
      * @return the argblock.
      */
     public IArgBlock getArgBlock() {
         return argblk;
-    }        
+    }
 }
-
diff --git a/pki/base/common/src/com/netscape/certsrv/authentication/AuthManagerProxy.java b/pki/base/common/src/com/netscape/certsrv/authentication/AuthManagerProxy.java
index f98276ec..006065dd 100644
--- a/pki/base/common/src/com/netscape/certsrv/authentication/AuthManagerProxy.java
+++ b/pki/base/common/src/com/netscape/certsrv/authentication/AuthManagerProxy.java
@@ -17,10 +17,10 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.authentication;
 
-
 /**
- * A class represents an authentication manager. It contains an
- * authentication manager instance and its state (enable or not).
+ * A class represents an authentication manager. It contains an authentication
+ * manager instance and its state (enable or not).
+ * 
  * @version $Revision$, $Date$
  */
 public class AuthManagerProxy {
@@ -29,9 +29,10 @@ public class AuthManagerProxy {
 
     /**
      * Constructor
+     * 
      * @param enable true if the authMgr is enabled; false otherwise
      * @param mgr authentication manager instance
-    */
+     */
     public AuthManagerProxy(boolean enable, IAuthManager mgr) {
         mEnable = enable;
         mMgr = mgr;
@@ -39,7 +40,8 @@ public class AuthManagerProxy {
 
     /**
      * Returns the state of the authentication manager instance
-     * @return true if the state of the authentication manager instance is 
+     * 
+     * @return true if the state of the authentication manager instance is
      *         enabled; false otherwise.
      */
     public boolean isEnable() {
@@ -48,6 +50,7 @@ public class AuthManagerProxy {
 
     /**
      * Returns an authentication manager instance.
+     * 
      * @return an authentication manager instance
      */
     public IAuthManager getAuthManager() {
diff --git a/pki/base/common/src/com/netscape/certsrv/authentication/AuthMgrPlugin.java b/pki/base/common/src/com/netscape/certsrv/authentication/AuthMgrPlugin.java
index bdb2fe00..b9816e7b 100644
--- a/pki/base/common/src/com/netscape/certsrv/authentication/AuthMgrPlugin.java
+++ b/pki/base/common/src/com/netscape/certsrv/authentication/AuthMgrPlugin.java
@@ -17,13 +17,10 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.authentication;
 
-
-
-
 /**
  * This class represents a registered authentication manager plugin.
  * <P>
- *
+ * 
  * @version $Revision$, $Date$
  */
 public class AuthMgrPlugin {
@@ -33,21 +30,24 @@ public class AuthMgrPlugin {
 
     /**
      * Constructs a AuthManager plugin.
+     * 
      * @param id auth manager implementation name
      * @param classPath class path
      */
     public AuthMgrPlugin(String id, String classPath) {
 
         /*
-         if (id == null || classPath == null)
-         throw new AssertionException("Authentication Manager id or classpath can't be null");
+         * if (id == null || classPath == null) throw new
+         * AssertionException("Authentication Manager id or classpath can't be null"
+         * );
          */
         mId = id;
         mClassPath = classPath;
     }
-		
+
     /**
      * Returns an auth manager implementation name
+     * 
      * @return an auth manager implementation name
      */
     public String getId() {
@@ -56,22 +56,25 @@ public class AuthMgrPlugin {
 
     /**
      * Returns a classpath of a AuthManager plugin
+     * 
      * @return a classpath of a AuthManager plugin
      */
     public String getClassPath() {
         return mClassPath;
     }
 
-    /** 
+    /**
      * Returns a visibility of the plugin
+     * 
      * @return a visibility of the plugin
      */
     public boolean isVisible() {
         return mVisible;
     }
 
-    /** 
+    /**
      * Sets visibility of the plugin
+     * 
      * @param visibility visibility of the plugin
      */
     public void setVisible(boolean visibility) {
diff --git a/pki/base/common/src/com/netscape/certsrv/authentication/AuthResources.java b/pki/base/common/src/com/netscape/certsrv/authentication/AuthResources.java
index 138a07eb..35e81011 100644
--- a/pki/base/common/src/com/netscape/certsrv/authentication/AuthResources.java
+++ b/pki/base/common/src/com/netscape/certsrv/authentication/AuthResources.java
@@ -22,7 +22,7 @@ import java.util.ListResourceBundle;
 /**
  * A class represents a resource bundle for the authentication component.
  * <P>
- *
+ * 
  * @deprecated
  * @version $Revision$, $Date$
  */
@@ -30,6 +30,7 @@ public class AuthResources extends ListResourceBundle {
 
     /**
      * Returns the content of this resource.
+     * 
      * @return the contents of this resource
      */
     public Object[][] getContents() {
diff --git a/pki/base/common/src/com/netscape/certsrv/authentication/AuthToken.java b/pki/base/common/src/com/netscape/certsrv/authentication/AuthToken.java
index eae282c0..677e22a8 100644
--- a/pki/base/common/src/com/netscape/certsrv/authentication/AuthToken.java
+++ b/pki/base/common/src/com/netscape/certsrv/authentication/AuthToken.java
@@ -38,13 +38,13 @@ import com.netscape.certsrv.apps.CMS;
 import com.netscape.certsrv.usrgrp.Certificates;
 
 /**
- * Authentication token returned by Authentication Managers.
- * Upon return, it contains authentication/identification information
- * as well as information retrieved from the database where the
- * authentication was done against.  Each authentication manager has
- * its own list of such information.  See individual authenticaiton
- * manager for more details.
+ * Authentication token returned by Authentication Managers. Upon return, it
+ * contains authentication/identification information as well as information
+ * retrieved from the database where the authentication was done against. Each
+ * authentication manager has its own list of such information. See individual
+ * authenticaiton manager for more details.
  * <p>
+ * 
  * @version $Revision$, $Date$
  */
 public class AuthToken implements IAuthToken {
@@ -74,43 +74,45 @@ public class AuthToken implements IAuthToken {
     public static final String TOKEN_CERT_TO_REVOKE = "tokenCertToRevoke";
 
     /**
-     * Plugin name of the authentication manager that created the 
-     * AuthToken as a string.
+     * Plugin name of the authentication manager that created the AuthToken as a
+     * string.
      */
     public static final String TOKEN_AUTHMGR_IMPL_NAME = "authMgrImplName";
 
     /**
-     * Name of the authentication manager that created the AuthToken
-     * as a string.
+     * Name of the authentication manager that created the AuthToken as a
+     * string.
      */
     public static final String TOKEN_AUTHMGR_INST_NAME = "authMgrInstName";
 
     /**
-     * Time of authentication as a java.util.Date 
+     * Time of authentication as a java.util.Date
      */
     public static final String TOKEN_AUTHTIME = "authTime";
 
     /**
-     * Constructs an instance of a authentication token.
-     * The token by default contains the following attributes: <br>
+     * Constructs an instance of a authentication token. The token by default
+     * contains the following attributes: <br>
+     * 
      * <pre>
-     *		"authMgrInstName" - The authentication manager instance name.
-     *		"authMgrImplName" - The authentication manager plugin name.
-     *		"authTime" - The - The time of authentication.
+     * 	"authMgrInstName" - The authentication manager instance name.
+     * 	"authMgrImplName" - The authentication manager plugin name.
+     * 	"authTime" - The - The time of authentication.
      * </pre>
+     * 
      * @param authMgr The authentication manager that created this Token.
      */
     public AuthToken(IAuthManager authMgr) {
         mAttrs = new Hashtable<String, Object>();
         if (authMgr != null) {
-          set(TOKEN_AUTHMGR_INST_NAME, authMgr.getName());
-          set(TOKEN_AUTHMGR_IMPL_NAME, authMgr.getImplName());
+            set(TOKEN_AUTHMGR_INST_NAME, authMgr.getName());
+            set(TOKEN_AUTHMGR_IMPL_NAME, authMgr.getImplName());
         }
         set(TOKEN_AUTHTIME, new Date());
     }
 
     public String getInString(String attrName) {
-        return (String)mAttrs.get(attrName);
+        return (String) mAttrs.get(attrName);
     }
 
     public boolean set(String attrName, String value) {
@@ -123,6 +125,7 @@ public class AuthToken implements IAuthToken {
 
     /**
      * Removes an attribute in the AuthToken
+     * 
      * @param attrName The name of the attribute to remove.
      */
     public void delete(String attrName) {
@@ -131,6 +134,7 @@ public class AuthToken implements IAuthToken {
 
     /**
      * Enumerate all attribute names in the AuthToken.
+     * 
      * @return Enumeration of all attribute names in this AuthToken.
      */
     public Enumeration<String> getElements() {
@@ -351,7 +355,7 @@ public class AuthToken implements IAuthToken {
             for (int i = 0; i < certArray.length; i++) {
                 ByteArrayOutputStream byteStream = new ByteArrayOutputStream();
                 try {
-                    X509CertImpl certImpl = (X509CertImpl)certArray[i];
+                    X509CertImpl certImpl = (X509CertImpl) certArray[i];
                     certImpl.encode(byteStream);
                     derValues[i] = new DerValue(byteStream.toByteArray());
                 } catch (CertificateEncodingException e) {
@@ -406,6 +410,7 @@ public class AuthToken implements IAuthToken {
 
     /**
      * Enumerate all attribute values in the AuthToken.
+     * 
      * @return Enumeration of all attribute names in this AuthToken.
      */
     public Enumeration<Object> getVals() {
@@ -413,10 +418,11 @@ public class AuthToken implements IAuthToken {
     }
 
     /**
-     * Gets the name of the authentication manager instance that created 
-     * this token.
-     * @return The name of the authentication manager instance that created 
-     * this token.
+     * Gets the name of the authentication manager instance that created this
+     * token.
+     * 
+     * @return The name of the authentication manager instance that created this
+     *         token.
      */
     public String getAuthManagerInstName() {
         return ((String) mAttrs.get(TOKEN_AUTHMGR_INST_NAME));
@@ -425,8 +431,9 @@ public class AuthToken implements IAuthToken {
     /**
      * Gets the plugin name of the authentication manager that created this
      * token.
+     * 
      * @return The plugin name of the authentication manager that created this
-     * token.
+     *         token.
      */
     public String getAuthManagerImplName() {
         return ((String) mAttrs.get(TOKEN_AUTHMGR_IMPL_NAME));
@@ -434,10 +441,10 @@ public class AuthToken implements IAuthToken {
 
     /**
      * Gets the time of authentication.
+     * 
      * @return The time of authentication
      */
     public Date getAuthTime() {
         return ((Date) mAttrs.get(TOKEN_AUTHTIME));
     }
 }
-
diff --git a/pki/base/common/src/com/netscape/certsrv/authentication/EAuthException.java b/pki/base/common/src/com/netscape/certsrv/authentication/EAuthException.java
index b998ae8b..c79c3e9a 100644
--- a/pki/base/common/src/com/netscape/certsrv/authentication/EAuthException.java
+++ b/pki/base/common/src/com/netscape/certsrv/authentication/EAuthException.java
@@ -22,6 +22,7 @@ import com.netscape.certsrv.base.EBaseException;
 /**
  * This class represents authentication exceptions.
  * <P>
+ * 
  * @version $Revision$, $Date$
  */
 public class EAuthException extends EBaseException {
@@ -38,6 +39,7 @@ public class EAuthException extends EBaseException {
     /**
      * Constructs an authentication exception
      * <P>
+     * 
      * @param msgFormat exception details
      */
     public EAuthException(String msgFormat) {
@@ -45,8 +47,9 @@ public class EAuthException extends EBaseException {
     }
 
     /**
-     * Constructs an authentication exception with a parameter. 
+     * Constructs an authentication exception with a parameter.
      * <p>
+     * 
      * @param msgFormat exception details in message string format
      * @param param message string parameter
      */
@@ -57,6 +60,7 @@ public class EAuthException extends EBaseException {
     /**
      * Constructs a auth exception with a exception parameter.
      * <P>
+     * 
      * @param msgFormat exception details in message string format
      * @param exception system exception
      */
@@ -67,6 +71,7 @@ public class EAuthException extends EBaseException {
     /**
      * Constructs a auth exception with a list of parameters.
      * <P>
+     * 
      * @param msgFormat the message format.
      * @param params list of message format parameters
      */
@@ -76,6 +81,7 @@ public class EAuthException extends EBaseException {
 
     /**
      * Returns the resource bundle name
+     * 
      * @return resource bundle name.
      */
     protected String getBundleName() {
diff --git a/pki/base/common/src/com/netscape/certsrv/authentication/EAuthInternalError.java b/pki/base/common/src/com/netscape/certsrv/authentication/EAuthInternalError.java
index fb4ad04b..1b2d848a 100644
--- a/pki/base/common/src/com/netscape/certsrv/authentication/EAuthInternalError.java
+++ b/pki/base/common/src/com/netscape/certsrv/authentication/EAuthInternalError.java
@@ -28,8 +28,9 @@ public class EAuthInternalError extends EAuthException {
     private static final long serialVersionUID = -4020816090107820450L;
 
     /**
-     * Constructs an authentication internal error exception
-     * with a detailed message.
+     * Constructs an authentication internal error exception with a detailed
+     * message.
+     * 
      * @param errorString Detailed error message.
      */
     public EAuthInternalError(String errorString) {
diff --git a/pki/base/common/src/com/netscape/certsrv/authentication/EAuthMgrNotFound.java b/pki/base/common/src/com/netscape/certsrv/authentication/EAuthMgrNotFound.java
index 675fbe59..925aaabf 100644
--- a/pki/base/common/src/com/netscape/certsrv/authentication/EAuthMgrNotFound.java
+++ b/pki/base/common/src/com/netscape/certsrv/authentication/EAuthMgrNotFound.java
@@ -29,6 +29,7 @@ public class EAuthMgrNotFound extends EAuthException {
 
     /**
      * Constructs a exception for a missing authentication manager
+     * 
      * @param errorString error string for missing authentication manager
      */
     public EAuthMgrNotFound(String errorString) {
diff --git a/pki/base/common/src/com/netscape/certsrv/authentication/EAuthMgrPluginNotFound.java b/pki/base/common/src/com/netscape/certsrv/authentication/EAuthMgrPluginNotFound.java
index 2210de2c..2ca90e3c 100644
--- a/pki/base/common/src/com/netscape/certsrv/authentication/EAuthMgrPluginNotFound.java
+++ b/pki/base/common/src/com/netscape/certsrv/authentication/EAuthMgrPluginNotFound.java
@@ -29,7 +29,8 @@ public class EAuthMgrPluginNotFound extends EAuthException {
 
     /**
      * Constructs a exception for a missing authentication manager plugin
-     * @param errorString error for a missing authentication manager plugin 
+     * 
+     * @param errorString error for a missing authentication manager plugin
      */
     public EAuthMgrPluginNotFound(String errorString) {
         super(errorString);
diff --git a/pki/base/common/src/com/netscape/certsrv/authentication/EAuthUserError.java b/pki/base/common/src/com/netscape/certsrv/authentication/EAuthUserError.java
index b3bafd3c..f816c35e 100644
--- a/pki/base/common/src/com/netscape/certsrv/authentication/EAuthUserError.java
+++ b/pki/base/common/src/com/netscape/certsrv/authentication/EAuthUserError.java
@@ -29,6 +29,7 @@ public class EAuthUserError extends EAuthException {
 
     /**
      * Constructs a exception for a Invalid attribute value
+     * 
      * @param errorString Detailed error message.
      */
     public EAuthUserError(String errorString) {
diff --git a/pki/base/common/src/com/netscape/certsrv/authentication/ECompSyntaxErr.java b/pki/base/common/src/com/netscape/certsrv/authentication/ECompSyntaxErr.java
index edbf13e6..84725bb9 100644
--- a/pki/base/common/src/com/netscape/certsrv/authentication/ECompSyntaxErr.java
+++ b/pki/base/common/src/com/netscape/certsrv/authentication/ECompSyntaxErr.java
@@ -29,6 +29,7 @@ public class ECompSyntaxErr extends EAuthException {
 
     /**
      * Constructs an component syntax error
+     * 
      * @param errorString Detailed error message.
      */
     public ECompSyntaxErr(String errorString) {
diff --git a/pki/base/common/src/com/netscape/certsrv/authentication/EFormSubjectDN.java b/pki/base/common/src/com/netscape/certsrv/authentication/EFormSubjectDN.java
index b56a1e0a..95282448 100644
--- a/pki/base/common/src/com/netscape/certsrv/authentication/EFormSubjectDN.java
+++ b/pki/base/common/src/com/netscape/certsrv/authentication/EFormSubjectDN.java
@@ -29,6 +29,7 @@ public class EFormSubjectDN extends EAuthException {
 
     /**
      * Constructs an Error on formulating the subject dn.
+     * 
      * @param errorString Detailed error message.
      */
     public EFormSubjectDN(String errorString) {
diff --git a/pki/base/common/src/com/netscape/certsrv/authentication/EInvalidCredentials.java b/pki/base/common/src/com/netscape/certsrv/authentication/EInvalidCredentials.java
index 894a07ca..3e4daaf0 100644
--- a/pki/base/common/src/com/netscape/certsrv/authentication/EInvalidCredentials.java
+++ b/pki/base/common/src/com/netscape/certsrv/authentication/EInvalidCredentials.java
@@ -29,6 +29,7 @@ public class EInvalidCredentials extends EAuthException {
 
     /**
      * Constructs an Invalid Credentials exception.
+     * 
      * @param errorString Detailed error message.
      */
     public EInvalidCredentials(String errorString) {
diff --git a/pki/base/common/src/com/netscape/certsrv/authentication/EMissingCredential.java b/pki/base/common/src/com/netscape/certsrv/authentication/EMissingCredential.java
index 695dd15c..5de73aa0 100644
--- a/pki/base/common/src/com/netscape/certsrv/authentication/EMissingCredential.java
+++ b/pki/base/common/src/com/netscape/certsrv/authentication/EMissingCredential.java
@@ -29,6 +29,7 @@ public class EMissingCredential extends EAuthException {
 
     /**
      * Constructs a exception for a missing required authentication credential
+     * 
      * @param errorString Detailed error message.
      */
     public EMissingCredential(String errorString) {
diff --git a/pki/base/common/src/com/netscape/certsrv/authentication/IAuthCredentials.java b/pki/base/common/src/com/netscape/certsrv/authentication/IAuthCredentials.java
index eb36f996..8056ae31 100644
--- a/pki/base/common/src/com/netscape/certsrv/authentication/IAuthCredentials.java
+++ b/pki/base/common/src/com/netscape/certsrv/authentication/IAuthCredentials.java
@@ -21,22 +21,24 @@ import com.netscape.certsrv.base.IArgBlock;
 import com.netscape.certsrv.base.IAttrSet;
 
 /**
- * An interface represents authentication credentials:
- * e.g. uid/pwd, uid/pin, certificate, etc.
+ * An interface represents authentication credentials: e.g. uid/pwd, uid/pin,
+ * certificate, etc.
  * <P>
- *
+ * 
  * @version $Revision$, $Date$
  */
 public interface IAuthCredentials extends IAttrSet {
 
-    /** 
+    /**
      * Set argblock.
+     * 
      * @param blk argblock
      */
     public void setArgBlock(IArgBlock blk);
 
     /**
      * Returns argblock.
+     * 
      * @return Argblock.
      */
     public IArgBlock getArgBlock();
diff --git a/pki/base/common/src/com/netscape/certsrv/authentication/IAuthManager.java b/pki/base/common/src/com/netscape/certsrv/authentication/IAuthManager.java
index b2f7d69a..e3e3ede8 100644
--- a/pki/base/common/src/com/netscape/certsrv/authentication/IAuthManager.java
+++ b/pki/base/common/src/com/netscape/certsrv/authentication/IAuthManager.java
@@ -23,7 +23,7 @@ import com.netscape.certsrv.base.IConfigStore;
 /**
  * Authentication Manager interface.
  * <P>
- *
+ * 
  * @version $Revision$, $Date$
  */
 public interface IAuthManager {
@@ -41,6 +41,7 @@ public interface IAuthManager {
     /**
      * Get the name of this authentication manager instance.
      * <p>
+     * 
      * @return the name of this authentication manager.
      */
     public String getName();
@@ -48,58 +49,63 @@ public interface IAuthManager {
     /**
      * Get name of authentication manager plugin.
      * <p>
+     * 
      * @return the name of the authentication manager plugin.
-     */ 
+     */
     public String getImplName();
 
     /**
      * Authenticate the given credentials.
+     * 
      * @param authCred The authentication credentials
      * @return authentication token
-     * @exception EMissingCredential If a required credential for this 
-     * authentication manager is missing.
+     * @exception EMissingCredential If a required credential for this
+     *                authentication manager is missing.
      * @exception EInvalidCredentials If credentials cannot be authenticated.
      * @exception EBaseException If an internal error occurred.
      */
     public IAuthToken authenticate(IAuthCredentials authCred)
-        throws EMissingCredential, EInvalidCredentials, EBaseException;
+            throws EMissingCredential, EInvalidCredentials, EBaseException;
 
     /**
      * Initialize this authentication manager.
+     * 
      * @param name The name of this authentication manager instance.
      * @param implName The name of the authentication manager plugin.
      * @param config The configuration store for this authentication manager.
      * @exception EBaseException If an initialization error occurred.
      */
     public void init(String name, String implName, IConfigStore config)
-        throws EBaseException;
+            throws EBaseException;
 
     /**
-     * Prepare this authentication manager for a shutdown.
-     * Called when the server is exiting for any cleanup needed.
+     * Prepare this authentication manager for a shutdown. Called when the
+     * server is exiting for any cleanup needed.
      */
     public void shutdown();
 
     /**
      * Gets a list of the required credentials for this authentication manager.
+     * 
      * @return The required credential attributes.
      */
     public String[] getRequiredCreds();
 
     /**
-     * Get configuration parameters for this implementation.
-     * The configuration parameters returned is passed to the 
-     * configuration console so configuration for instances of this 
-     * implementation can be made through the console.
+     * Get configuration parameters for this implementation. The configuration
+     * parameters returned is passed to the configuration console so
+     * configuration for instances of this implementation can be made through
+     * the console.
      * 
      * @return a list of configuration parameters.
      * @exception EBaseException If an internal error occurred
      */
     public String[] getConfigParams()
-        throws EBaseException;
+            throws EBaseException;
 
     /**
      * Get the configuration store for this authentication manager.
+     * 
      * @return The configuration store of this authentication manager.
      */
     public IConfigStore getConfigStore();
diff --git a/pki/base/common/src/com/netscape/certsrv/authentication/IAuthSubsystem.java b/pki/base/common/src/com/netscape/certsrv/authentication/IAuthSubsystem.java
index 2de8ed26..ba983742 100644
--- a/pki/base/common/src/com/netscape/certsrv/authentication/IAuthSubsystem.java
+++ b/pki/base/common/src/com/netscape/certsrv/authentication/IAuthSubsystem.java
@@ -26,7 +26,7 @@ import com.netscape.certsrv.base.ISubsystem;
 /**
  * An interface that represents an authentication component
  * <P>
- *
+ * 
  * @version $Revision$, $Date$
  */
 public interface IAuthSubsystem extends ISubsystem {
@@ -39,17 +39,17 @@ public interface IAuthSubsystem extends ISubsystem {
     /**
      * Constant for class.
      */
-    public static final String PROP_CLASS = "class"; 
+    public static final String PROP_CLASS = "class";
 
     /**
      * Constant for impl
      */
-    public static final String PROP_IMPL = "impl"; 
+    public static final String PROP_IMPL = "impl";
 
     /**
      * Constant for pluginName.
      */
-    public static final String PROP_PLUGIN = "pluginName"; 
+    public static final String PROP_PLUGIN = "pluginName";
 
     /**
      * Constant for instance.
@@ -120,19 +120,22 @@ public interface IAuthSubsystem extends ISubsystem {
 
     /**
      * Authenticate the given credentials using the given manager name.
+     * 
      * @param authCred The authentication credentials
      * @param authMgrName The authentication manager name
      * @return a authentication token.
-     * @exception EMissingCredential when missing credential during authentication
+     * @exception EMissingCredential when missing credential during
+     *                authentication
      * @exception EInvalidCredentials when the credential is invalid
      * @exception EBaseException If an error occurs during authentication.
      */
     public IAuthToken authenticate(IAuthCredentials authCred, String authMgrName)
-        throws EMissingCredential, EInvalidCredentials, EBaseException;
+            throws EMissingCredential, EInvalidCredentials, EBaseException;
 
     /**
      * Gets the required credential attributes for the given authentication
      * manager.
+     * 
      * @param authMgrName The authentication manager name
      * @return a Vector of required credential attribute names.
      * @exception EBaseException If the required credential is missing
@@ -141,6 +144,7 @@ public interface IAuthSubsystem extends ISubsystem {
 
     /**
      * Adds (registers) the given authentication manager.
+     * 
      * @param name The authentication manager name
      * @param authMgr The authentication manager instance.
      */
@@ -148,12 +152,14 @@ public interface IAuthSubsystem extends ISubsystem {
 
     /**
      * Deletes (deregisters) the given authentication manager.
+     * 
      * @param name The authentication manager name to delete.
      */
     public void delete(String name);
 
     /**
      * Gets the Authentication manager instance of the specified name.
+     * 
      * @param name The authentication manager's name.
      * @exception EBaseException when internal error occurs.
      */
@@ -162,18 +168,21 @@ public interface IAuthSubsystem extends ISubsystem {
     /**
      * Gets an enumeration of authentication managers registered to the
      * authentication subsystem.
+     * 
      * @return a list of authentication managers
      */
     public Enumeration<IAuthManager> getAuthManagers();
 
     /**
      * Gets an enumeration of authentication manager plugins.
+     * 
      * @return a list of authentication plugins
      */
     public Enumeration<AuthMgrPlugin> getAuthManagerPlugins();
 
     /**
      * Gets a single authentication manager plugin implementation
+     * 
      * @param name given authentication plugin name
      * @return the given authentication plugin
      */
@@ -181,17 +190,20 @@ public interface IAuthSubsystem extends ISubsystem {
 
     /**
      * Get configuration parameters for a authentication mgr plugin.
+     * 
      * @param implName The plugin name.
-     * @return configuration parameters for the given authentication manager plugin
-     * @exception EAuthMgrPluginNotFound If the authentication manager 
-     * plugin is not found.
+     * @return configuration parameters for the given authentication manager
+     *         plugin
+     * @exception EAuthMgrPluginNotFound If the authentication manager plugin is
+     *                not found.
      * @exception EBaseException If an internal error occurred.
      */
-    public String[] getConfigParams(String implName) 
-        throws EAuthMgrPluginNotFound, EBaseException;
+    public String[] getConfigParams(String implName)
+            throws EAuthMgrPluginNotFound, EBaseException;
 
     /**
      * Log error message.
+     * 
      * @param level log level
      * @param msg error message
      */
@@ -199,28 +211,31 @@ public interface IAuthSubsystem extends ISubsystem {
 
     /**
      * Get a hashtable containing all authentication plugins.
+     * 
      * @return all authentication plugins.
      */
     public Hashtable<String, AuthMgrPlugin> getPlugins();
 
     /**
      * Get a hashtable containing all authentication instances.
+     * 
      * @return all authentication instances.
      */
     public Hashtable<?, ?> getInstances();
 
     /**
      * Get an authentication manager interface for the given name.
+     * 
      * @param name given authentication manager name.
      * @return an authentication manager for the given manager name.
      */
     public IAuthManager get(String name);
 
     /**
-     * Get an authentication manager plugin impl  for the given name.
+     * Get an authentication manager plugin impl for the given name.
+     * 
      * @param name given authentication manager name.
      * @return an authentication manager plugin
      */
     public AuthMgrPlugin getAuthManagerPluginImpl(String name);
 }
-
diff --git a/pki/base/common/src/com/netscape/certsrv/authentication/IAuthToken.java b/pki/base/common/src/com/netscape/certsrv/authentication/IAuthToken.java
index 94279363..6569b62e 100644
--- a/pki/base/common/src/com/netscape/certsrv/authentication/IAuthToken.java
+++ b/pki/base/common/src/com/netscape/certsrv/authentication/IAuthToken.java
@@ -32,14 +32,14 @@ import com.netscape.certsrv.usrgrp.Certificates;
  */
 public interface IAuthToken {
 
-  /**
-   * Constant for userid.
-   */
-  public static final String USER_ID = "userid";
+    /**
+     * Constant for userid.
+     */
+    public static final String USER_ID = "userid";
 
     /**
      * Sets an attribute value within this AttrSet.
-     *
+     * 
      * @param name the name of the attribute
      * @param value the attribute object.
      * @return false on an error
@@ -48,7 +48,7 @@ public interface IAuthToken {
 
     /**
      * Gets an attribute value.
-     *
+     * 
      * @param name the name of the attribute to return.
      * @exception EBaseException on attribute handling errors.
      * @return the attribute value
@@ -58,151 +58,167 @@ public interface IAuthToken {
     /**
      * Returns an enumeration of the names of the attributes existing within
      * this AttrSet.
-     *
+     * 
      * @return an enumeration of the attribute names.
      */
     public Enumeration<String> getElements();
 
     /************
-     * Helpers for non-string sets and gets.
-     * These are needed because AuthToken is stored in IRequest (which can
-     * only store string values
+     * Helpers for non-string sets and gets. These are needed because AuthToken
+     * is stored in IRequest (which can only store string values
      */
 
     /**
-     * Retrieves the byte array value for name.  The value should have been
+     * Retrieves the byte array value for name. The value should have been
      * previously stored as a byte array (it will be CMS.AtoB decoded).
-     * @param name  The attribute name.
-     * @return  The byte array or null on error.
+     * 
+     * @param name The attribute name.
+     * @return The byte array or null on error.
      */
     public byte[] getInByteArray(String name);
 
     /**
      * Stores the byte array with the associated key.
-     * @param name   The attribute name.
-     * @param value  The value to store
+     * 
+     * @param name The attribute name.
+     * @param value The value to store
      * @return false on an error
      */
     public boolean set(String name, byte[] value);
 
     /**
      * Retrieves the Integer value for name.
-     * @param name  The attribute name.
-     * @return  The Integer or null on error.
+     * 
+     * @param name The attribute name.
+     * @return The Integer or null on error.
      */
     public Integer getInInteger(String name);
 
     /**
      * Stores the Integer with the associated key.
-     * @param name   The attribute name.
-     * @param value  The value to store
+     * 
+     * @param name The attribute name.
+     * @param value The value to store
      * @return false on an error
      */
     public boolean set(String name, Integer value);
 
     /**
      * Retrieves the BigInteger array value for name.
-     * @param name  The attribute name.
-     * @return  The value or null on error.
+     * 
+     * @param name The attribute name.
+     * @return The value or null on error.
      */
     public BigInteger[] getInBigIntegerArray(String name);
 
     /**
      * Stores the BigInteger array with the associated key.
-     * @param name   The attribute name.
-     * @param value  The value to store
+     * 
+     * @param name The attribute name.
+     * @param value The value to store
      * @return false on an error
      */
     public boolean set(String name, BigInteger[] value);
 
     /**
      * Retrieves the Date value for name.
-     * @param name  The attribute name.
-     * @return  The value or null on error.
+     * 
+     * @param name The attribute name.
+     * @return The value or null on error.
      */
     public Date getInDate(String name);
 
     /**
      * Stores the Date with the associated key.
-     * @param name   The attribute name.
-     * @param value  The value to store
+     * 
+     * @param name The attribute name.
+     * @param value The value to store
      * @return false on an error
      */
     public boolean set(String name, Date value);
 
     /**
      * Retrieves the String array value for name.
-     * @param name  The attribute name.
-     * @return  The value or null on error.
+     * 
+     * @param name The attribute name.
+     * @return The value or null on error.
      */
     public String[] getInStringArray(String name);
 
     /**
      * Stores the String array with the associated key.
-     * @param name   The attribute name.
-     * @param value  The value to store
+     * 
+     * @param name The attribute name.
+     * @param value The value to store
      * @return False on error.
      */
     public boolean set(String name, String[] value);
 
     /**
      * Retrieves the X509CertImpl value for name.
-     * @param name  The attribute name.
-     * @return  The value or null on error.
+     * 
+     * @param name The attribute name.
+     * @return The value or null on error.
      */
     public X509CertImpl getInCert(String name);
 
     /**
      * Stores the X509CertImpl with the associated key.
-     * @param name   The attribute name.
-     * @param value  The value to store
+     * 
+     * @param name The attribute name.
+     * @param value The value to store
      * @return false on error
      */
     public boolean set(String name, X509CertImpl value);
 
     /**
      * Retrieves the CertificateExtensions value for name.
-     * @param name  The attribute name.
-     * @return  The value or null on error.
+     * 
+     * @param name The attribute name.
+     * @return The value or null on error.
      */
     public CertificateExtensions getInCertExts(String name);
 
     /**
      * Stores the CertificateExtensions with the associated key.
-     * @param name   The attribute name.
-     * @param value  The value to store
+     * 
+     * @param name The attribute name.
+     * @param value The value to store
      * @return false on error
      */
     public boolean set(String name, CertificateExtensions value);
 
     /**
      * Retrieves the Certificates value for name.
-     * @param name  The attribute name.
-     * @return  The value or null on error.
+     * 
+     * @param name The attribute name.
+     * @return The value or null on error.
      */
     public Certificates getInCertificates(String name);
 
     /**
      * Stores the Certificates with the associated key.
-     * @param name   The attribute name.
-     * @param value  The value to store
+     * 
+     * @param name The attribute name.
+     * @param value The value to store
      * @return false on error
      */
     public boolean set(String name, Certificates value);
 
     /**
      * Retrieves the byte[][] value for name.
-     * @param name  The attribute name.
-     * @return  The value or null on error.
+     * 
+     * @param name The attribute name.
+     * @return The value or null on error.
      */
     public byte[][] getInByteArrayArray(String name);
 
     /**
      * Stores the byte[][] with the associated key.
-     * @param name   The attribute name.
-     * @param value  The value to store
+     * 
+     * @param name The attribute name.
+     * @param value The value to store
      * @return false on error
      */
     public boolean set(String name, byte[][] value);
 }
-
diff --git a/pki/base/common/src/com/netscape/certsrv/authentication/ISSLClientCertProvider.java b/pki/base/common/src/com/netscape/certsrv/authentication/ISSLClientCertProvider.java
index d4bdf7bb..c85e6278 100644
--- a/pki/base/common/src/com/netscape/certsrv/authentication/ISSLClientCertProvider.java
+++ b/pki/base/common/src/com/netscape/certsrv/authentication/ISSLClientCertProvider.java
@@ -17,18 +17,15 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.authentication;
 
-
 import java.security.cert.X509Certificate;
 
-
 /**
- * This interface represents an object that captures the
- * SSL client certificate in a SSL session. Normally, this
- * object is a servlet.
+ * This interface represents an object that captures the SSL client certificate
+ * in a SSL session. Normally, this object is a servlet.
  * <p>
- *
- * This interface is used to avoid the internal imeplemtnation
- * to have servlet (protocol handler) dependency.
+ * 
+ * This interface is used to avoid the internal imeplemtnation to have servlet
+ * (protocol handler) dependency.
  * <p>
  * 
  * @version $Revision$, $Date$
@@ -37,7 +34,7 @@ public interface ISSLClientCertProvider {
 
     /**
      * Retrieves the SSL client certificate chain.
-     *
+     * 
      * @return certificate chain
      */
     public X509Certificate[] getClientCertificateChain();
diff --git a/pki/base/common/src/com/netscape/certsrv/authentication/ISharedToken.java b/pki/base/common/src/com/netscape/certsrv/authentication/ISharedToken.java
index eae65d17..830c8866 100644
--- a/pki/base/common/src/com/netscape/certsrv/authentication/ISharedToken.java
+++ b/pki/base/common/src/com/netscape/certsrv/authentication/ISharedToken.java
@@ -26,6 +26,7 @@ import org.mozilla.jss.pkix.cmc.PKIData;
  */
 public interface ISharedToken {
 
-    public String getSharedToken(PKIData cmcData); 
-    public String getSharedToken(BigInteger serialnum); 
+    public String getSharedToken(PKIData cmcData);
+
+    public String getSharedToken(BigInteger serialnum);
 }
diff --git a/pki/base/common/src/com/netscape/certsrv/authority/IAuthority.java b/pki/base/common/src/com/netscape/certsrv/authority/IAuthority.java
index 5916ecd0..2875e4dd 100644
--- a/pki/base/common/src/com/netscape/certsrv/authority/IAuthority.java
+++ b/pki/base/common/src/com/netscape/certsrv/authority/IAuthority.java
@@ -17,15 +17,13 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.authority;
 
-
 import com.netscape.certsrv.base.ISubsystem;
 import com.netscape.certsrv.request.IRequestListener;
 import com.netscape.certsrv.request.IRequestQueue;
 
-
 /**
  * Authority interface.
- *
+ * 
  * @version $Revision$ $Date$
  */
 public interface IAuthority extends ISubsystem {
@@ -33,6 +31,7 @@ public interface IAuthority extends ISubsystem {
     /**
      * Retrieves the request queue for the Authority.
      * <P>
+     * 
      * @return the request queue.
      */
     public IRequestQueue getRequestQueue();
diff --git a/pki/base/common/src/com/netscape/certsrv/authority/ICertAuthority.java b/pki/base/common/src/com/netscape/certsrv/authority/ICertAuthority.java
index 94d6df40..dea1329e 100644
--- a/pki/base/common/src/com/netscape/certsrv/authority/ICertAuthority.java
+++ b/pki/base/common/src/com/netscape/certsrv/authority/ICertAuthority.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.authority;
 
-
 import netscape.security.x509.CertificateChain;
 import netscape.security.x509.X500Name;
 import netscape.security.x509.X509CertImpl;
@@ -27,12 +26,10 @@ import com.netscape.certsrv.logging.ILogger;
 import com.netscape.certsrv.publish.IPublisherProcessor;
 import com.netscape.certsrv.request.IRequestListener;
 
-
 /**
- * Authority that handles certificates needed by the cert registration
- * servlets. 
+ * Authority that handles certificates needed by the cert registration servlets.
  * <P>
- *
+ * 
  * @version $Revision$ $Date$
  */
 public interface ICertAuthority extends IAuthority {
@@ -40,7 +37,7 @@ public interface ICertAuthority extends IAuthority {
     /**
      * Retrieves the certificate repository for this authority.
      * <P>
-     *
+     * 
      * @return the certificate repository.
      */
     public ICertificateRepository getCertificateRepository();
@@ -48,6 +45,7 @@ public interface ICertAuthority extends IAuthority {
     /**
      * Returns CA's certificate chain.
      * <P>
+     * 
      * @return the Certificate Chain for the CA.
      */
     public CertificateChain getCACertChain();
@@ -55,18 +53,19 @@ public interface ICertAuthority extends IAuthority {
     /**
      * Returns CA's certificate implementaion.
      * <P>
+     * 
      * @return CA's certificate.
      */
     public X509CertImpl getCACert();
 
     /**
-     * Returns signing algorithms supported by the CA.
-     * Dependent on CA's key type and algorithms supported by security lib. 
+     * Returns signing algorithms supported by the CA. Dependent on CA's key
+     * type and algorithms supported by security lib.
      */
     public String[] getCASigningAlgorithms();
 
     /**
-     * Returns authority's X500 Name. - XXX what's this for ?? 
+     * Returns authority's X500 Name. - XXX what's this for ??
      */
     public X500Name getX500Name();
 
@@ -86,15 +85,14 @@ public interface ICertAuthority extends IAuthority {
     public void registerPendingListener(IRequestListener l);
 
     /**
-     * get authority's  publishing module if any.
+     * get authority's publishing module if any.
      */
     public IPublisherProcessor getPublisherProcessor();
-		
+
     /**
-     * Returns the logging interface for this authority.
-     * Using this interface both System and Audit events can be
-     * logged.
-     *
+     * Returns the logging interface for this authority. Using this interface
+     * both System and Audit events can be logged.
+     * 
      */
     public ILogger getLogger();
 
diff --git a/pki/base/common/src/com/netscape/certsrv/authorization/AuthzManagerProxy.java b/pki/base/common/src/com/netscape/certsrv/authorization/AuthzManagerProxy.java
index 0960311e..ed0df89a 100644
--- a/pki/base/common/src/com/netscape/certsrv/authorization/AuthzManagerProxy.java
+++ b/pki/base/common/src/com/netscape/certsrv/authorization/AuthzManagerProxy.java
@@ -17,10 +17,10 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.authorization;
 
-
 /**
- * A class represents an authorization manager. It contains an
- * authorization manager instance and its state (enable or not).
+ * A class represents an authorization manager. It contains an authorization
+ * manager instance and its state (enable or not).
+ * 
  * @version $Revision$, $Date$
  */
 public class AuthzManagerProxy {
@@ -29,9 +29,10 @@ public class AuthzManagerProxy {
 
     /**
      * Constructor
+     * 
      * @param enable true if the authzMgr is enabled; false otherwise
      * @param mgr authorization manager instance
-    */
+     */
     public AuthzManagerProxy(boolean enable, IAuthzManager mgr) {
         mEnable = enable;
         mMgr = mgr;
@@ -39,6 +40,7 @@ public class AuthzManagerProxy {
 
     /**
      * Returns the state of the authorization manager instance
+     * 
      * @return true if the state of the authorization manager instance is
      *         enabled; false otherwise.
      */
@@ -48,6 +50,7 @@ public class AuthzManagerProxy {
 
     /**
      * Returns an authorization manager instance.
+     * 
      * @return an authorization manager instance
      */
     public IAuthzManager getAuthzManager() {
diff --git a/pki/base/common/src/com/netscape/certsrv/authorization/AuthzMgrPlugin.java b/pki/base/common/src/com/netscape/certsrv/authorization/AuthzMgrPlugin.java
index aebe9170..e47e5817 100644
--- a/pki/base/common/src/com/netscape/certsrv/authorization/AuthzMgrPlugin.java
+++ b/pki/base/common/src/com/netscape/certsrv/authorization/AuthzMgrPlugin.java
@@ -17,13 +17,10 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.authorization;
 
-
-
-
 /**
  * This class represents a registered authorization manager plugin.
  * <P>
- *
+ * 
  * @version $Revision$, $Date$
  */
 public class AuthzMgrPlugin {
@@ -33,6 +30,7 @@ public class AuthzMgrPlugin {
 
     /**
      * Constructs a AuthzManager plugin.
+     * 
      * @param id authz manager implementation name
      * @param classPath class path
      */
@@ -40,9 +38,10 @@ public class AuthzMgrPlugin {
         mId = id;
         mClassPath = classPath;
     }
-		
+
     /**
      * Returns an authorization manager implementation name
+     * 
      * @return an authorization manager implementation name
      */
     public String getId() {
@@ -51,6 +50,7 @@ public class AuthzMgrPlugin {
 
     /**
      * Returns a classpath of a AuthzManager plugin
+     * 
      * @return a classpath of a AuthzManager plugin
      */
     public String getClassPath() {
@@ -59,6 +59,7 @@ public class AuthzMgrPlugin {
 
     /**
      * Returns a visibility of the plugin
+     * 
      * @return a visibility of the plugin
      */
     public boolean isVisible() {
@@ -67,6 +68,7 @@ public class AuthzMgrPlugin {
 
     /**
      * Sets visibility of the plugin
+     * 
      * @param visibility visibility of the plugin
      */
     public void setVisible(boolean visibility) {
diff --git a/pki/base/common/src/com/netscape/certsrv/authorization/AuthzResources.java b/pki/base/common/src/com/netscape/certsrv/authorization/AuthzResources.java
index 7cb5240a..13d33c21 100644
--- a/pki/base/common/src/com/netscape/certsrv/authorization/AuthzResources.java
+++ b/pki/base/common/src/com/netscape/certsrv/authorization/AuthzResources.java
@@ -17,13 +17,12 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.authorization;
 
-
 import java.util.ListResourceBundle;
 
-
 /**
  * A class represents a resource bundle for the authorization subsystem
  * <P>
+ * 
  * @deprecated
  * @version $Revision$, $Date$
  */
@@ -31,6 +30,7 @@ public class AuthzResources extends ListResourceBundle {
 
     /**
      * Returns the content of this resource.
+     * 
      * @return the content of this resource
      */
     public Object[][] getContents() {
diff --git a/pki/base/common/src/com/netscape/certsrv/authorization/AuthzToken.java b/pki/base/common/src/com/netscape/certsrv/authorization/AuthzToken.java
index 0b5db00a..2ef87742 100644
--- a/pki/base/common/src/com/netscape/certsrv/authorization/AuthzToken.java
+++ b/pki/base/common/src/com/netscape/certsrv/authorization/AuthzToken.java
@@ -17,21 +17,19 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.authorization;
 
-
 import java.util.Date;
 import java.util.Enumeration;
 import java.util.Hashtable;
 
 import com.netscape.certsrv.base.IAttrSet;
 
-
 /**
- * Authorization token returned by Authorization Managers.
- * Upon return, it contains the name of the authorization manager that create
- * the AuthzToken, the plugin name of the authorization manager, time of
- * authorization happened, name of the resource, type of operation performed
- * on the resource.
+ * Authorization token returned by Authorization Managers. Upon return, it
+ * contains the name of the authorization manager that create the AuthzToken,
+ * the plugin name of the authorization manager, time of authorization happened,
+ * name of the resource, type of operation performed on the resource.
  * <p>
+ * 
  * @version $Revision$, $Date$
  */
 public class AuthzToken implements IAttrSet {
@@ -39,19 +37,19 @@ public class AuthzToken implements IAttrSet {
     private Hashtable<String, Object> mAttrs = null;
 
     /**
-     * Plugin name of the authorization manager that created the 
-     * AuthzToken as a string.
+     * Plugin name of the authorization manager that created the AuthzToken as a
+     * string.
      */
     public static final String TOKEN_AUTHZMGR_IMPL_NAME = "authzMgrImplName";
 
     /**
-     * Name of the authorization manager that created the AuthzToken
-     * as a string.
+     * Name of the authorization manager that created the AuthzToken as a
+     * string.
      */
     public static final String TOKEN_AUTHZMGR_INST_NAME = "authzMgrInstName";
 
     /**
-     * Time of authorization as a java.util.Date 
+     * Time of authorization as a java.util.Date
      */
     public static final String TOKEN_AUTHZTIME = "authzTime";
 
@@ -61,7 +59,7 @@ public class AuthzToken implements IAttrSet {
     public static final String TOKEN_AUTHZ_RESOURCE = "authzRes";
 
     /**
-     * name of the operation 
+     * name of the operation
      */
     public static final String TOKEN_AUTHZ_OPERATION = "authzOp";
 
@@ -69,41 +67,45 @@ public class AuthzToken implements IAttrSet {
      * Status of the authorization evaluation
      */
     public static final String TOKEN_AUTHZ_STATUS = "status";
- 
+
     /**
-     * Constant for the success status of the authorization evaluation. 
+     * Constant for the success status of the authorization evaluation.
      */
     public static final String AUTHZ_STATUS_SUCCESS = "statusSuccess";
 
     /**
-     * Constructs an instance of a authorization token.
-     * The token by default contains the following attributes: <br>
+     * Constructs an instance of a authorization token. The token by default
+     * contains the following attributes: <br>
+     * 
      * <pre>
-     *		"authzMgrInstName" - The authorization manager instance name.
-     *		"authzMgrImplName" - The authorization manager plugin name.
-     *		"authzTime" - The - The time of authorization.
+     * 	"authzMgrInstName" - The authorization manager instance name.
+     * 	"authzMgrImplName" - The authorization manager plugin name.
+     * 	"authzTime" - The - The time of authorization.
      * </pre>
+     * 
      * @param authzMgr The authorization manager that created this Token.
      */
     public AuthzToken(IAuthzManager authzMgr) {
         mAttrs = new Hashtable<String, Object>();
-        mAttrs.put(TOKEN_AUTHZMGR_INST_NAME, authzMgr.getName()); 
-        mAttrs.put(TOKEN_AUTHZMGR_IMPL_NAME, authzMgr.getImplName()); 
+        mAttrs.put(TOKEN_AUTHZMGR_INST_NAME, authzMgr.getName());
+        mAttrs.put(TOKEN_AUTHZMGR_IMPL_NAME, authzMgr.getImplName());
         mAttrs.put(TOKEN_AUTHZTIME, new Date());
     }
 
     /**
      * Get the value of an attribute in the AuthzToken
+     * 
      * @param attrName The attribute name
-     * @return The value of attrName if any. 
+     * @return The value of attrName if any.
      */
     public Object get(String attrName) {
         return mAttrs.get(attrName);
     }
 
     /**
-     * Used by an Authorization manager to set an attribute and value
-     *	 in the AuthzToken.
+     * Used by an Authorization manager to set an attribute and value in the
+     * AuthzToken.
+     * 
      * @param attrName The name of the attribute
      * @param value The value of the attribute to set.
      */
@@ -113,6 +115,7 @@ public class AuthzToken implements IAttrSet {
 
     /**
      * Removes an attribute in the AuthzToken
+     * 
      * @param attrName The name of the attribute to remove.
      */
     public void delete(String attrName) {
@@ -121,6 +124,7 @@ public class AuthzToken implements IAttrSet {
 
     /**
      * Enumerate all attribute names in the AuthzToken.
+     * 
      * @return Enumeration of all attribute names in this AuthzToken.
      */
     public Enumeration<String> getElements() {
@@ -129,6 +133,7 @@ public class AuthzToken implements IAttrSet {
 
     /**
      * Enumerate all attribute values in the AuthzToken.
+     * 
      * @return Enumeration of all attribute names in this AuthzToken.
      */
     public Enumeration<Object> getVals() {
@@ -136,10 +141,11 @@ public class AuthzToken implements IAttrSet {
     }
 
     /**
-     * Gets the name of the authorization manager instance that created 
-     * this token.
-     * @return The name of the authorization manager instance that created 
-     * this token.
+     * Gets the name of the authorization manager instance that created this
+     * token.
+     * 
+     * @return The name of the authorization manager instance that created this
+     *         token.
      */
     public String getAuthzManagerInstName() {
         return ((String) mAttrs.get(TOKEN_AUTHZMGR_INST_NAME));
@@ -148,8 +154,9 @@ public class AuthzToken implements IAttrSet {
     /**
      * Gets the plugin name of the authorization manager that created this
      * token.
+     * 
      * @return The plugin name of the authorization manager that created this
-     * token.
+     *         token.
      */
     public String getAuthzManagerImplName() {
         return ((String) mAttrs.get(TOKEN_AUTHZMGR_IMPL_NAME));
@@ -157,10 +164,10 @@ public class AuthzToken implements IAttrSet {
 
     /**
      * Gets the time of authorization.
+     * 
      * @return The time of authorization
      */
     public Date getAuthzTime() {
         return ((Date) mAttrs.get(TOKEN_AUTHZTIME));
     }
 }
-
diff --git a/pki/base/common/src/com/netscape/certsrv/authorization/EAuthzAccessDenied.java b/pki/base/common/src/com/netscape/certsrv/authorization/EAuthzAccessDenied.java
index 18429c98..9fc7777c 100644
--- a/pki/base/common/src/com/netscape/certsrv/authorization/EAuthzAccessDenied.java
+++ b/pki/base/common/src/com/netscape/certsrv/authorization/EAuthzAccessDenied.java
@@ -29,9 +29,10 @@ public class EAuthzAccessDenied extends EAuthzException {
 
     /**
      * Constructs a exception for access denied by Authz manager
+     * 
      * @param errorString Detailed error message.
      */
     public EAuthzAccessDenied(String errorString) {
-        super(errorString); 
+        super(errorString);
     }
 }
diff --git a/pki/base/common/src/com/netscape/certsrv/authorization/EAuthzException.java b/pki/base/common/src/com/netscape/certsrv/authorization/EAuthzException.java
index 869a021c..65d95a57 100644
--- a/pki/base/common/src/com/netscape/certsrv/authorization/EAuthzException.java
+++ b/pki/base/common/src/com/netscape/certsrv/authorization/EAuthzException.java
@@ -17,12 +17,12 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.authorization;
 
-
 import com.netscape.certsrv.base.EBaseException;
 
 /**
  * This class represents authorization exceptions.
  * <P>
+ * 
  * @version $Revision$, $Date$
  */
 public class EAuthzException extends EBaseException {
@@ -39,6 +39,7 @@ public class EAuthzException extends EBaseException {
     /**
      * Constructs a authz exception
      * <P>
+     * 
      * @param msgFormat exception details
      */
     public EAuthzException(String msgFormat) {
@@ -46,8 +47,9 @@ public class EAuthzException extends EBaseException {
     }
 
     /**
-     * Constructs a authz exception with a parameter. 
+     * Constructs a authz exception with a parameter.
      * <p>
+     * 
      * @param msgFormat exception details in message string format
      * @param param message string parameter
      */
@@ -58,6 +60,7 @@ public class EAuthzException extends EBaseException {
     /**
      * Constructs a authz exception with a exception parameter.
      * <P>
+     * 
      * @param msgFormat exception details in message string format
      * @param param system exception
      */
@@ -68,6 +71,7 @@ public class EAuthzException extends EBaseException {
     /**
      * Constructs a authz exception with a list of parameters.
      * <P>
+     * 
      * @param msgFormat the message format.
      * @param params list of message format parameters
      */
@@ -77,6 +81,7 @@ public class EAuthzException extends EBaseException {
 
     /**
      * Returns the resource bundle name
+     * 
      * @return resource bundle name
      */
     protected String getBundleName() {
diff --git a/pki/base/common/src/com/netscape/certsrv/authorization/EAuthzInternalError.java b/pki/base/common/src/com/netscape/certsrv/authorization/EAuthzInternalError.java
index ff7da13d..2afe2c74 100644
--- a/pki/base/common/src/com/netscape/certsrv/authorization/EAuthzInternalError.java
+++ b/pki/base/common/src/com/netscape/certsrv/authorization/EAuthzInternalError.java
@@ -29,6 +29,7 @@ public class EAuthzInternalError extends EAuthzException {
 
     /**
      * Constructs an authorization internal error exception
+     * 
      * @param errorString error with a detailed message.
      */
     public EAuthzInternalError(String errorString) {
diff --git a/pki/base/common/src/com/netscape/certsrv/authorization/EAuthzMgrNotFound.java b/pki/base/common/src/com/netscape/certsrv/authorization/EAuthzMgrNotFound.java
index 944b9854..a920d37a 100644
--- a/pki/base/common/src/com/netscape/certsrv/authorization/EAuthzMgrNotFound.java
+++ b/pki/base/common/src/com/netscape/certsrv/authorization/EAuthzMgrNotFound.java
@@ -29,6 +29,7 @@ public class EAuthzMgrNotFound extends EAuthzException {
 
     /**
      * Constructs a exception for a missing required authorization manager
+     * 
      * @param errorString Detailed error message.
      */
     public EAuthzMgrNotFound(String errorString) {
diff --git a/pki/base/common/src/com/netscape/certsrv/authorization/EAuthzMgrPluginNotFound.java b/pki/base/common/src/com/netscape/certsrv/authorization/EAuthzMgrPluginNotFound.java
index b44e4711..43ae6edc 100644
--- a/pki/base/common/src/com/netscape/certsrv/authorization/EAuthzMgrPluginNotFound.java
+++ b/pki/base/common/src/com/netscape/certsrv/authorization/EAuthzMgrPluginNotFound.java
@@ -29,6 +29,7 @@ public class EAuthzMgrPluginNotFound extends EAuthzException {
 
     /**
      * Constructs a exception for a missing authorization plugin
+     * 
      * @param errorString Detailed error message.
      */
     public EAuthzMgrPluginNotFound(String errorString) {
diff --git a/pki/base/common/src/com/netscape/certsrv/authorization/EAuthzUnknownOperation.java b/pki/base/common/src/com/netscape/certsrv/authorization/EAuthzUnknownOperation.java
index 025306cb..9bbfa0c9 100644
--- a/pki/base/common/src/com/netscape/certsrv/authorization/EAuthzUnknownOperation.java
+++ b/pki/base/common/src/com/netscape/certsrv/authorization/EAuthzUnknownOperation.java
@@ -28,7 +28,9 @@ public class EAuthzUnknownOperation extends EAuthzException {
     private static final long serialVersionUID = 4344508835702220953L;
 
     /**
-     * Constructs a exception for an operation unknown to the authorization manager
+     * Constructs a exception for an operation unknown to the authorization
+     * manager
+     * 
      * @param errorString Detailed error message.
      */
     public EAuthzUnknownOperation(String errorString) {
diff --git a/pki/base/common/src/com/netscape/certsrv/authorization/EAuthzUnknownProtectedRes.java b/pki/base/common/src/com/netscape/certsrv/authorization/EAuthzUnknownProtectedRes.java
index 4d7695a8..0bc5a0ba 100644
--- a/pki/base/common/src/com/netscape/certsrv/authorization/EAuthzUnknownProtectedRes.java
+++ b/pki/base/common/src/com/netscape/certsrv/authorization/EAuthzUnknownProtectedRes.java
@@ -28,7 +28,9 @@ public class EAuthzUnknownProtectedRes extends EAuthzException {
     private static final long serialVersionUID = 444663701711532889L;
 
     /**
-     * Constructs a exception for a protected resource unknown to the authorization manager
+     * Constructs a exception for a protected resource unknown to the
+     * authorization manager
+     * 
      * @param errorString Detailed error message.
      */
     public EAuthzUnknownProtectedRes(String errorString) {
diff --git a/pki/base/common/src/com/netscape/certsrv/authorization/IAuthzManager.java b/pki/base/common/src/com/netscape/certsrv/authorization/IAuthzManager.java
index 25a66505..60c512c8 100644
--- a/pki/base/common/src/com/netscape/certsrv/authorization/IAuthzManager.java
+++ b/pki/base/common/src/com/netscape/certsrv/authorization/IAuthzManager.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.authorization;
 
-
 import java.util.Enumeration;
 import java.util.Hashtable;
 
@@ -29,12 +28,11 @@ import com.netscape.certsrv.base.EBaseException;
 import com.netscape.certsrv.base.IConfigStore;
 import com.netscape.certsrv.evaluators.IAccessEvaluator;
 
-
 /**
- * Authorization Manager interface needs to be implemented by all
- * authorization managers.  
+ * Authorization Manager interface needs to be implemented by all authorization
+ * managers.
  * <P>
- *
+ * 
  * @version $Revision$, $Date$
  */
 public interface IAuthzManager {
@@ -42,6 +40,7 @@ public interface IAuthzManager {
     /**
      * Get the name of this authorization manager instance.
      * <p>
+     * 
      * @return String the name of this authorization manager.
      */
     public String getName();
@@ -50,30 +49,34 @@ public interface IAuthzManager {
      * Get implementation name of authorization manager plugin.
      * <p>
      * An example of an implementation name will be:
+     * 
      * <PRE>
      * com.netscape.cms.BasicAclAuthz
      * </PRE>
      * <p>
+     * 
      * @return The name of the authorization manager plugin.
-     */ 
+     */
     public String getImplName();
 
     /**
-     * <code>accessInit</code> is for servlets who want to initialize their
-     * own authorization information before full operation.  It is supposed
-     * to be called from the authzMgrAccessInit() method of the AuthzSubsystem.
+     * <code>accessInit</code> is for servlets who want to initialize their own
+     * authorization information before full operation. It is supposed to be
+     * called from the authzMgrAccessInit() method of the AuthzSubsystem.
      * <p>
-     * The accessInfo format is determined by each individual
-     *	 authzmgr.  For example, for BasicAclAuthz,
-     *  The accessInfo is the resACLs, whose format should conform
-     * to the following:
+     * The accessInfo format is determined by each individual authzmgr. For
+     * example, for BasicAclAuthz, The accessInfo is the resACLs, whose format
+     * should conform to the following:
+     * 
      * <pre>
      *    <resource ID>:right-1[,right-n]:[allow,deny](right(s))<evaluatorType>=<value>:<comment for this resource acl
      * </pre>
      * <P>
-     * Example:
-     *    resTurnKnob:left,right:allow(left) group="lefties":door knobs for lefties
-     * @param accessInfo the access info string in the format specified in the authorization manager
+     * Example: resTurnKnob:left,right:allow(left) group="lefties":door knobs
+     * for lefties
+     * 
+     * @param accessInfo the access info string in the format specified in the
+     *            authorization manager
      * @exception EBaseException error parsing the accessInfo
      */
     public void accessInit(String accessInfo) throws EBaseException;
@@ -81,6 +84,7 @@ public interface IAuthzManager {
     /**
      * Check if the user is authorized to perform the given operation on the
      * given resource.
+     * 
      * @param authToken the authToken associated with a user.
      * @param resource - the protected resource name
      * @param operation - the protected resource operation name
@@ -89,53 +93,56 @@ public interface IAuthzManager {
      * @exception EAuthzAccessDenied if access denied
      */
     public AuthzToken authorize(IAuthToken authToken, String resource, String operation)
-        throws EAuthzInternalError, EAuthzAccessDenied;
+            throws EAuthzInternalError, EAuthzAccessDenied;
 
     public AuthzToken authorize(IAuthToken authToken, String expression)
-      throws EAuthzInternalError, EAuthzAccessDenied;
+            throws EAuthzInternalError, EAuthzAccessDenied;
 
     /**
      * Initialize this authorization manager.
+     * 
      * @param name The name of this authorization manager instance.
      * @param implName The name of the authorization manager plugin.
      * @param config The configuration store for this authorization manager.
      * @exception EBaseException If an initialization error occurred.
      */
     public void init(String name, String implName, IConfigStore config)
-        throws EBaseException;
+            throws EBaseException;
 
     /**
-     * Prepare this authorization manager for a graceful shutdown.
-     * Called when the server is exiting for any cleanup needed.
+     * Prepare this authorization manager for a graceful shutdown. Called when
+     * the server is exiting for any cleanup needed.
      */
     public void shutdown();
 
     /**
-     * Get configuration parameters for this implementation.
-     * The configuration parameters returned is passed to the 
-     * console so configuration for instances of this 
-     * implementation can be made through the console.
+     * Get configuration parameters for this implementation. The configuration
+     * parameters returned is passed to the console so configuration for
+     * instances of this implementation can be made through the console.
      * 
      * @return a list of names for configuration parameters.
      * @exception EBaseException If an internal error occurred
      */
     public String[] getConfigParams()
-        throws EBaseException;
+            throws EBaseException;
 
     /**
      * Get the configuration store for this authorization manager.
+     * 
      * @return The configuration store of this authorization manager.
      */
     public IConfigStore getConfigStore();
 
     /**
      * Get ACL entries
+     * 
      * @return enumeration of ACL entries.
      */
     public Enumeration<ACL> getACLs();
 
     /**
      * Get individual ACL entry for the given name of entry.
+     * 
      * @param target The name of the ACL entry
      * @return The ACL entry.
      */
@@ -143,23 +150,26 @@ public interface IAuthzManager {
 
     /**
      * Update ACLs in the database
+     * 
      * @param id The name of the ACL entry (ie, resource id)
      * @param rights The allowable rights for this resource
      * @param strACLs The value of the ACL entry
      * @param desc The description for this resource
      * @exception EACLsException when update fails.
      */
-    public void updateACLs(String id, String rights, String strACLs, 
-        String desc) throws EACLsException;
+    public void updateACLs(String id, String rights, String strACLs,
+            String desc) throws EACLsException;
 
     /**
      * Get all registered evaluators.
+     * 
      * @return All registered evaluators.
      */
     public Enumeration<IAccessEvaluator> aclEvaluatorElements();
 
     /**
      * Register new evaluator
+     * 
      * @param type Type of evaluator
      * @param evaluator Value of evaluator
      */
@@ -167,8 +177,8 @@ public interface IAuthzManager {
 
     /**
      * Return a table of evaluators
+     * 
      * @return A table of evaluators
      */
-    public Hashtable<String, IAccessEvaluator>  getAccessEvaluators();
+    public Hashtable<String, IAccessEvaluator> getAccessEvaluators();
 }
-
diff --git a/pki/base/common/src/com/netscape/certsrv/authorization/IAuthzSubsystem.java b/pki/base/common/src/com/netscape/certsrv/authorization/IAuthzSubsystem.java
index 281a11a2..49c3570c 100644
--- a/pki/base/common/src/com/netscape/certsrv/authorization/IAuthzSubsystem.java
+++ b/pki/base/common/src/com/netscape/certsrv/authorization/IAuthzSubsystem.java
@@ -27,11 +27,11 @@ import com.netscape.certsrv.base.ISubsystem;
 /**
  * An interface that represents an authorization component
  * <P>
- *
+ * 
  * @version $Revision$, $Date$
  */
 public interface IAuthzSubsystem extends ISubsystem {
-    
+
     /**
      * Constant for auths.
      */
@@ -40,17 +40,17 @@ public interface IAuthzSubsystem extends ISubsystem {
     /**
      * Constant for class.
      */
-    public static final String PROP_CLASS = "class"; 
+    public static final String PROP_CLASS = "class";
 
     /**
      * Constant for impl
      */
-    public static final String PROP_IMPL = "impl"; 
+    public static final String PROP_IMPL = "impl";
 
     /**
      * Constant for pluginName.
      */
-    public static final String PROP_PLUGIN = "pluginName"; 
+    public static final String PROP_PLUGIN = "pluginName";
 
     /**
      * Constant for instance.
@@ -60,22 +60,25 @@ public interface IAuthzSubsystem extends ISubsystem {
     /**
      * authorize the user associated with the given authToken for a given
      * operation with the given authorization manager name
+     * 
      * @param authzMgrName The authorization manager name
      * @param authToken the authenticaton token associated with a user
      * @param resource the resource protected by the authorization system
-     * @param operation the operation for resource protected by the authorization system
+     * @param operation the operation for resource protected by the
+     *            authorization system
      * @return a authorization token.
      * @exception EBaseException If an error occurs during authorization.
      */
     public AuthzToken authorize(String authzMgrName, IAuthToken authToken,
-        String resource, String operation)
-        throws EBaseException;
+            String resource, String operation)
+            throws EBaseException;
 
     public AuthzToken authorize(String authzMgrName, IAuthToken authToken,
-        String exp) throws EBaseException;
+            String exp) throws EBaseException;
 
     /**
      * Adds (registers) the given authorization manager.
+     * 
      * @param name The authorization manager name
      * @param authzMgr The authorization manager instance.
      */
@@ -83,12 +86,14 @@ public interface IAuthzSubsystem extends ISubsystem {
 
     /**
      * Deletes (deregisters) the given authorization manager.
+     * 
      * @param name The authorization manager name to delete.
      */
     public void delete(String name);
 
     /**
      * Gets the Authorization manager instance of the specified name.
+     * 
      * @param name The authorization manager's name.
      * @return an authorization manager interface
      */
@@ -97,6 +102,7 @@ public interface IAuthzSubsystem extends ISubsystem {
     /**
      * Gets an enumeration of authorization managers registered to the
      * authorization component.
+     * 
      * @return a list of authorization managers
      */
     public Enumeration<IAuthzManager> getAuthzManagers();
@@ -112,12 +118,14 @@ public interface IAuthzSubsystem extends ISubsystem {
 
     /**
      * Gets an enumeration of authorization manager plugins.
+     * 
      * @return list of authorization manager plugins
      */
-    public Enumeration<AuthzMgrPlugin>  getAuthzManagerPlugins();
+    public Enumeration<AuthzMgrPlugin> getAuthzManagerPlugins();
 
     /**
      * Gets a single authorization manager plugin implementation
+     * 
      * @param name given authorization plugin name
      * @return authorization manager plugin
      */
@@ -125,6 +133,7 @@ public interface IAuthzSubsystem extends ISubsystem {
 
     /**
      * Log error message.
+     * 
      * @param level log level
      * @param msg error message
      */
@@ -132,21 +141,23 @@ public interface IAuthzSubsystem extends ISubsystem {
 
     /**
      * Get a hashtable containing all authentication plugins.
+     * 
      * @return all authentication plugins.
      */
     public Hashtable<String, AuthzMgrPlugin> getPlugins();
 
     /**
      * Get a hashtable containing all authentication instances.
+     * 
      * @return all authentication instances.
      */
     public Hashtable<String, AuthzManagerProxy> getInstances();
 
     /**
      * Get an authorization manager interface for the given name.
+     * 
      * @param name given authorization manager name.
      * @return an authorization manager interface
      */
     public IAuthzManager get(String name);
 }
-
diff --git a/pki/base/common/src/com/netscape/certsrv/base/ASubsystem.java b/pki/base/common/src/com/netscape/certsrv/base/ASubsystem.java
index ea334230..d6b21052 100644
--- a/pki/base/common/src/com/netscape/certsrv/base/ASubsystem.java
+++ b/pki/base/common/src/com/netscape/certsrv/base/ASubsystem.java
@@ -17,12 +17,10 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.base;
 
-
 /**
- * This class represents a basic subsystem. Each basic
- * subsystem is named with an identifier and has a 
- * configuration store.
- *
+ * This class represents a basic subsystem. Each basic subsystem is named with
+ * an identifier and has a configuration store.
+ * 
  * @version $Revision$, $Date$
  */
 public abstract class ASubsystem implements ISubsystem {
@@ -33,7 +31,7 @@ public abstract class ASubsystem implements ISubsystem {
 
     /**
      * Initializes this subsystem.
-     *
+     * 
      * @param parent parent subsystem
      * @param cfg configuration store
      */
@@ -44,7 +42,7 @@ public abstract class ASubsystem implements ISubsystem {
 
     /**
      * Retrieves the configuration store.
-     *
+     * 
      * @return configuration store
      */
     public IConfigStore getConfigStore() {
@@ -53,7 +51,7 @@ public abstract class ASubsystem implements ISubsystem {
 
     /**
      * Sets the identifier of this subsystem.
-     *
+     * 
      * @param id subsystem identifier
      */
     public void setId(String id) {
@@ -62,7 +60,7 @@ public abstract class ASubsystem implements ISubsystem {
 
     /**
      * Retrieves the subsystem identifier.
-     *
+     * 
      * @return subsystem identifier
      */
     public String getId() {
diff --git a/pki/base/common/src/com/netscape/certsrv/base/AttributeNameHelper.java b/pki/base/common/src/com/netscape/certsrv/base/AttributeNameHelper.java
index 786148a0..eee51ca0 100644
--- a/pki/base/common/src/com/netscape/certsrv/base/AttributeNameHelper.java
+++ b/pki/base/common/src/com/netscape/certsrv/base/AttributeNameHelper.java
@@ -17,25 +17,24 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.base;
 
-
 /**
- * AttributeNameHelper. This Helper class used to decompose 
- * dot-separated attribute name into prefix and suffix.
- *
+ * AttributeNameHelper. This Helper class used to decompose dot-separated
+ * attribute name into prefix and suffix.
+ * 
  * @version $Revision$, $Date$
  */
 public class AttributeNameHelper {
     // Public members
     private static final char SEPARATOR = '.';
-	
+
     // Private data members
     private String prefix = null;
     private String suffix = null;
-	
+
     /**
      * Default constructor for the class. Name is of the form
      * "proofOfPosession.type".
-     *
+     * 
      * @param name the attribute name.
      */
     public AttributeNameHelper(String name) {
@@ -51,20 +50,19 @@ public class AttributeNameHelper {
 
     /**
      * Return the prefix of the name.
-     *
+     * 
      * @return attribute prefix
      */
     public String getPrefix() {
         return (prefix);
     }
-	
+
     /**
      * Return the suffix of the name.
-     *
+     * 
      * @return attribute suffix
      */
     public String getSuffix() {
         return (suffix);
     }
 }
-
diff --git a/pki/base/common/src/com/netscape/certsrv/base/BaseResources.java b/pki/base/common/src/com/netscape/certsrv/base/BaseResources.java
index f54f1377..e8752646 100644
--- a/pki/base/common/src/com/netscape/certsrv/base/BaseResources.java
+++ b/pki/base/common/src/com/netscape/certsrv/base/BaseResources.java
@@ -17,15 +17,12 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.base;
 
-
 import java.util.ListResourceBundle;
 
-
 /**
- * A class represents a resource bundle for the entire
- * system.
+ * A class represents a resource bundle for the entire system.
  * <P>
- *
+ * 
  * @version $Revision$, $Date$
  * @see java.util.ListResourceBundle
  */
@@ -39,8 +36,7 @@ public class BaseResources extends ListResourceBundle {
     }
 
     /*
-     * Constants. The suffix represents the number of
-     * possible parameters.
+     * Constants. The suffix represents the number of possible parameters.
      */
 
     static final Object[][] contents = {};
diff --git a/pki/base/common/src/com/netscape/certsrv/base/EBaseException.java b/pki/base/common/src/com/netscape/certsrv/base/EBaseException.java
index e58aaca2..8b84a636 100644
--- a/pki/base/common/src/com/netscape/certsrv/base/EBaseException.java
+++ b/pki/base/common/src/com/netscape/certsrv/base/EBaseException.java
@@ -17,15 +17,13 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.base;
 
-
 import java.util.Locale;
 
-
 /**
- * An exception with localizable error messages.  It is the 
- * base class for all exceptions in certificate server. 
+ * An exception with localizable error messages. It is the base class for all
+ * exceptions in certificate server.
  * <P>
- *
+ * 
  * @version $Revision$, $Date$
  * @see java.text.MessageFormat
  * @see com.netscape.certsrv.base.BaseResources
@@ -38,8 +36,8 @@ public class EBaseException extends Exception {
     private static final long serialVersionUID = 8213021692117483973L;
 
     /**
-     * The resource bundle to use for error messages.
-     * Subclasses can override to use its own resource bundle.
+     * The resource bundle to use for error messages. Subclasses can override to
+     * use its own resource bundle.
      */
     private static final String BASE_RESOURCES = BaseResources.class.getName();
 
@@ -49,12 +47,13 @@ public class EBaseException extends Exception {
     public Object mParams[] = null;
 
     /**
-     * Constructs an instance of this exception with the given resource key.
-     * If resource key is not found in the resource bundle, the resource key 
+     * Constructs an instance of this exception with the given resource key. If
+     * resource key is not found in the resource bundle, the resource key
      * specified is used as the error message.
+     * 
      * <pre>
-     *      new EBaseException(BaseResources.PERMISSION_DENIED);
-     *      new EBaseException("An plain error message");
+     * new EBaseException(BaseResources.PERMISSION_DENIED);
+     * new EBaseException(&quot;An plain error message&quot;);
      * <P>
      * @param msgFormat The error message resource key.
      */
@@ -64,12 +63,14 @@ public class EBaseException extends Exception {
     }
 
     /**
-     * Constructs an instance of this exception with the given resource key
-     * and a parameter as a string. 
+     * Constructs an instance of this exception with the given resource key and
+     * a parameter as a string.
+     * 
      * <PRE>
-     *      new EBaseException(BaseResource.NO_CONFIG_FILE, fileName);
+     * new EBaseException(BaseResource.NO_CONFIG_FILE, fileName);
      * </PRE>
      * <P>
+     * 
      * @param msgFormat exception details in message string format
      * @param param message string parameter
      */
@@ -80,8 +81,9 @@ public class EBaseException extends Exception {
     }
 
     /**
-     * Constructs an instance of the exception given the resource key and 
-     * a exception parameter. 
+     * Constructs an instance of the exception given the resource key and a
+     * exception parameter.
+     * 
      * <PRE>
      * 		try {
      *  		...
@@ -90,6 +92,7 @@ public class EBaseException extends Exception {
      *      }
      * </PRE>
      * <P>
+     * 
      * @param msgFormat The resource key
      * @param param The parameter as an exception
      */
@@ -100,9 +103,10 @@ public class EBaseException extends Exception {
     }
 
     /**
-     * Constructs an instance of this exception given the resource key and
-     * an array of parameters.
+     * Constructs an instance of this exception given the resource key and an
+     * array of parameters.
      * <P>
+     * 
      * @param msgFormat The resource key
      * @param params Array of params
      */
@@ -114,7 +118,7 @@ public class EBaseException extends Exception {
     /**
      * Returns the list of parameters.
      * <P>
-     *
+     * 
      * @return List of parameters.
      */
     public Object[] getParameters() {
@@ -124,6 +128,7 @@ public class EBaseException extends Exception {
     /**
      * Returns the exception string in the default locale.
      * <P>
+     * 
      * @return The exception string in the default locale.
      */
     public String toString() {
@@ -133,6 +138,7 @@ public class EBaseException extends Exception {
     /**
      * Returns the exception string in the given locale.
      * <P>
+     * 
      * @param locale The locale
      * @return The exception string in the given locale.
      */
@@ -143,6 +149,7 @@ public class EBaseException extends Exception {
 
     /**
      * Returns the given resource bundle name.
+     * 
      * @return the name of the resource bundle for this class.
      */
     protected String getBundleName() {
diff --git a/pki/base/common/src/com/netscape/certsrv/base/EPropertyNotDefined.java b/pki/base/common/src/com/netscape/certsrv/base/EPropertyNotDefined.java
index 938c9fff..89a78031 100644
--- a/pki/base/common/src/com/netscape/certsrv/base/EPropertyNotDefined.java
+++ b/pki/base/common/src/com/netscape/certsrv/base/EPropertyNotDefined.java
@@ -17,13 +17,12 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.base;
 
-
 /**
- * This class represents an exception thrown when a 
- * property is not defined (empty string) the configuration store.
- * It extends EBaseException and uses the same resource bundle.
+ * This class represents an exception thrown when a property is not defined
+ * (empty string) the configuration store. It extends EBaseException and uses
+ * the same resource bundle.
  * <p>
- *
+ * 
  * @version $Revision$, $Date$
  * @see com.netscape.certsrv.base.EBaseException
  */
@@ -35,9 +34,10 @@ public class EPropertyNotDefined extends EBaseException {
     private static final long serialVersionUID = -7986464387187170352L;
 
     /**
-     * Constructs an instance of this exception given the name of the
-     * property that's not found.
+     * Constructs an instance of this exception given the name of the property
+     * that's not found.
      * <p>
+     * 
      * @param errorString Detailed error message.
      */
     public EPropertyNotDefined(String errorString) {
diff --git a/pki/base/common/src/com/netscape/certsrv/base/EPropertyNotFound.java b/pki/base/common/src/com/netscape/certsrv/base/EPropertyNotFound.java
index 833a393a..b442f009 100644
--- a/pki/base/common/src/com/netscape/certsrv/base/EPropertyNotFound.java
+++ b/pki/base/common/src/com/netscape/certsrv/base/EPropertyNotFound.java
@@ -17,13 +17,12 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.base;
 
-
 /**
- * This class represents an exception thrown when a 
- * property is not found in the configuration store.
- * It extends EBaseException and uses the same resource bundle.
+ * This class represents an exception thrown when a property is not found in the
+ * configuration store. It extends EBaseException and uses the same resource
+ * bundle.
  * <p>
- *
+ * 
  * @version $Revision$, $Date$
  * @see com.netscape.certsrv.base.EBaseException
  */
@@ -35,9 +34,10 @@ public class EPropertyNotFound extends EBaseException {
     private static final long serialVersionUID = 2701966082697733003L;
 
     /**
-     * Constructs an instance of this exception given the name of the
-     * property that's not found.
+     * Constructs an instance of this exception given the name of the property
+     * that's not found.
      * <p>
+     * 
      * @param errorString Detailed error message.
      */
     public EPropertyNotFound(String errorString) {
diff --git a/pki/base/common/src/com/netscape/certsrv/base/ExtendedPluginInfo.java b/pki/base/common/src/com/netscape/certsrv/base/ExtendedPluginInfo.java
index a0399d34..cba4482a 100644
--- a/pki/base/common/src/com/netscape/certsrv/base/ExtendedPluginInfo.java
+++ b/pki/base/common/src/com/netscape/certsrv/base/ExtendedPluginInfo.java
@@ -17,14 +17,12 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.base;
 
-
 import java.util.Locale;
 
-
 /**
  * Plugin which can return extended information to console
  * <p>
- *
+ * 
  * @version $Revision$, $Date$
  */
 public class ExtendedPluginInfo implements IExtendedPluginInfo {
@@ -33,7 +31,7 @@ public class ExtendedPluginInfo implements IExtendedPluginInfo {
 
     /**
      * Constructs an extended plugin info object.
-     *
+     * 
      * @param epi plugin info list
      */
     public ExtendedPluginInfo(String epi[]) {
@@ -41,48 +39,43 @@ public class ExtendedPluginInfo implements IExtendedPluginInfo {
     }
 
     /**
-     *  This method returns an array of strings. Each element of the
-     *  array represents a configurable parameter, or some other
-     *  meta-info (such as help-token)
+     * This method returns an array of strings. Each element of the array
+     * represents a configurable parameter, or some other meta-info (such as
+     * help-token)
+     * 
+     * there is an entry indexed on that parameter name
+     * <param-name>;<type_info>[,required];<description>;...
+     * 
+     * Where:
+     * 
+     * type_info is either 'string', 'number', 'boolean', 'password' or
+     * 'choice(ch1,ch2,ch3,...)'
+     * 
+     * If the marker 'required' is included after the type_info, the parameter
+     * will has some visually distinctive marking in the UI.
+     * 
+     * 'description' is a short sentence describing the parameter 'choice' is
+     * rendered as a drop-down list. The first parameter in the list will be
+     * activated by default 'boolean' is rendered as a checkbox. The resulting
+     * parameter will be either 'true' or 'false' 'string' allows any characters
+     * 'number' allows only numbers 'password' is rendered as a password field
+     * (the characters are replaced with *'s when being types. This parameter is
+     * not passed through to the plugin. It is instead inserted directly into
+     * the password cache keyed on the instance name. The value of the parameter
+     * 'bindPWPrompt' (see example below) is set to the key.
+     * 
+     * In addition to the configurable parameters, the following magic
+     * parameters may be defined:
+     * 
+     * HELP_TOKEN;helptoken - a pointer to the online manual section for this
+     * plugin HELP_TEXT;helptext - a general help string describing the plugin
      * 
-     *  there is an entry indexed on that parameter name
-     *  <param-name>;<type_info>[,required];<description>;...
-     *  
-     *  Where:
-     *
-     *    type_info is either 'string', 'number', 'boolean', 'password' or 
-     *        'choice(ch1,ch2,ch3,...)'
-     *
-     *    If the marker 'required' is included after the type_info,
-     *    the parameter will has some visually distinctive marking in
-     *    the UI.
+     * For example: "username;string;The username you wish to login as"
+     * "bindPWPrompt;password;Enter password to bind as above user with"
+     * "algorithm;choice(RSA,DSA);Which algorithm do you want to use"
+     * "enable;boolean;Do you want to run this plugin"
+     * "port;number;Which port number do you want to use"
      * 
-     *    'description' is a short sentence describing the parameter
-     *    'choice' is rendered as a drop-down list. The first parameter in the
-     *       list will be activated by default
-     *    'boolean' is rendered as a checkbox. The resulting parameter will be
-     *       either 'true' or 'false'
-     *	  'string' allows any characters
-     *	  'number' allows only numbers
-     *    'password' is rendered as a password field (the characters are replaced
-     *       with *'s when being types. This parameter is not passed through to
-     *       the plugin. It is instead inserted directly into the password cache
-     *       keyed on the instance name. The value of the parameter
-     *       'bindPWPrompt' (see example below) is set to the key.
-     *
-     *  In addition to the configurable parameters, the following magic parameters
-     *  may be defined:
-     *  
-     *    HELP_TOKEN;helptoken - a pointer to the online manual section for this plugin
-     *    HELP_TEXT;helptext   - a general help string describing the plugin
-     *
-     *   For example:
-     *    "username;string;The username you wish to login as"
-     *    "bindPWPrompt;password;Enter password to bind as above user with"
-     *    "algorithm;choice(RSA,DSA);Which algorithm do you want to use"
-     *    "enable;boolean;Do you want to run this plugin"
-     *    "port;number;Which port number do you want to use"
-     *
      */
     public String[] getExtendedPluginInfo(Locale locale) {
         return _epi;
diff --git a/pki/base/common/src/com/netscape/certsrv/base/IArgBlock.java b/pki/base/common/src/com/netscape/certsrv/base/IArgBlock.java
index 65ca140e..84e6e5ec 100644
--- a/pki/base/common/src/com/netscape/certsrv/base/IArgBlock.java
+++ b/pki/base/common/src/com/netscape/certsrv/base/IArgBlock.java
@@ -23,32 +23,30 @@ import java.util.Enumeration;
 
 import netscape.security.pkcs.PKCS10;
 
-
 /**
- * This interface defines the abstraction for the generic collection
- * of attributes indexed by string names.
- * Set of cooperating implementations of this interface may exploit
- * dot-separated attribute names to provide seamless access to the
- * attributes of attribute value  which also implements AttrSet
- * interface as if it was direct attribute of the container
- * E.g., ((AttrSet)container.get("x")).get("y") is equivalent to
- * container.get("x.y");
+ * This interface defines the abstraction for the generic collection of
+ * attributes indexed by string names. Set of cooperating implementations of
+ * this interface may exploit dot-separated attribute names to provide seamless
+ * access to the attributes of attribute value which also implements AttrSet
+ * interface as if it was direct attribute of the container E.g.,
+ * ((AttrSet)container.get("x")).get("y") is equivalent to container.get("x.y");
  * <p>
- *
+ * 
  * @version $Revision$, $Date$
  **/
 public interface IArgBlock extends Serializable {
 
     /**
      * Checks if this argument block contains the given key.
-     *
+     * 
      * @param n key
      * @return true if key is present
      */
     public boolean isValuePresent(String n);
+
     /**
      * Adds string-based value into this argument block.
-     *
+     * 
      * @param n key
      * @param v value
      * @return value
@@ -57,7 +55,7 @@ public interface IArgBlock extends Serializable {
 
     /**
      * Retrieves argument value as string.
-     *
+     * 
      * @param n key
      * @return argument value as string
      * @exception EBaseException failed to retrieve value
@@ -66,7 +64,7 @@ public interface IArgBlock extends Serializable {
 
     /**
      * Retrieves argument value as string.
-     *
+     * 
      * @param n key
      * @param def default value to be returned if key is not present
      * @return argument value as string
@@ -75,16 +73,16 @@ public interface IArgBlock extends Serializable {
 
     /**
      * Retrieves argument value as integer.
-     *
+     * 
      * @param n key
      * @return argument value as int
      * @exception EBaseException failed to retrieve value
      */
-    public int getValueAsInt(String n) throws EBaseException;    
+    public int getValueAsInt(String n) throws EBaseException;
 
     /**
      * Retrieves argument value as integer.
-     *
+     * 
      * @param n key
      * @param def default value to be returned if key is not present
      * @return argument value as int
@@ -93,7 +91,7 @@ public interface IArgBlock extends Serializable {
 
     /**
      * Retrieves argument value as big integer.
-     *
+     * 
      * @param n key
      * @return argument value as big integer
      * @exception EBaseException failed to retrieve value
@@ -102,7 +100,7 @@ public interface IArgBlock extends Serializable {
 
     /**
      * Retrieves argument value as big integer.
-     *
+     * 
      * @param n key
      * @param def default value to be returned if key is not present
      * @return argument value as big integer
@@ -111,7 +109,7 @@ public interface IArgBlock extends Serializable {
 
     /**
      * Retrieves argument value as object
-     *
+     * 
      * @param n key
      * @return argument value as object
      * @exception EBaseException failed to retrieve value
@@ -120,7 +118,7 @@ public interface IArgBlock extends Serializable {
 
     /**
      * Retrieves argument value as object
-     *
+     * 
      * @param n key
      * @param def default value to be returned if key is not present
      * @return argument value as object
@@ -129,7 +127,7 @@ public interface IArgBlock extends Serializable {
 
     /**
      * Gets boolean value. They should be "true" or "false".
-     *
+     * 
      * @param name name of the input type
      * @return boolean type: <code>true</code> or <code>false</code>
      * @exception EBaseException failed to retrieve value
@@ -138,16 +136,16 @@ public interface IArgBlock extends Serializable {
 
     /**
      * Gets boolean value. They should be "true" or "false".
-     *
+     * 
      * @param name name of the input type
-     * @param def  Default value to return.
+     * @param def Default value to return.
      * @return boolean type: <code>true</code> or <code>false</code>
      */
     public boolean getValueAsBoolean(String name, boolean def);
 
     /**
      * Gets KeyGenInfo
-     *
+     * 
      * @param name name of the input type
      * @param def default value to return
      * @exception EBaseException On error.
@@ -156,9 +154,9 @@ public interface IArgBlock extends Serializable {
     public KeyGenInfo getValueAsKeyGenInfo(String name, KeyGenInfo def) throws EBaseException;
 
     /**
-     * Gets PKCS10 request. This pkcs10 attribute does not
-     * contain header information.
-     *
+     * Gets PKCS10 request. This pkcs10 attribute does not contain header
+     * information.
+     * 
      * @param name name of the input type
      * @return pkcs10 request
      * @exception EBaseException failed to retrieve value
@@ -166,9 +164,9 @@ public interface IArgBlock extends Serializable {
     public PKCS10 getValueAsRawPKCS10(String name) throws EBaseException;
 
     /**
-     * Gets PKCS10 request. This pkcs10 attribute does not
-     * contain header information.
-     *
+     * Gets PKCS10 request. This pkcs10 attribute does not contain header
+     * information.
+     * 
      * @param name name of the input type
      * @param def default PKCS10
      * @return pkcs10 request
@@ -178,8 +176,8 @@ public interface IArgBlock extends Serializable {
 
     /**
      * Retrieves PKCS10
-     *
-     * @param name name of the  input type
+     * 
+     * @param name name of the input type
      * @param checkheader true if header must be present
      * @return PKCS10 object
      * @exception EBaseException failed to retrieve value
@@ -188,8 +186,8 @@ public interface IArgBlock extends Serializable {
 
     /**
      * Retrieves PKCS10
-     *
-     * @param name name of the  input type
+     * 
+     * @param name name of the input type
      * @param checkheader true if header must be present
      * @param def default PKCS10
      * @return PKCS10 object
@@ -199,8 +197,8 @@ public interface IArgBlock extends Serializable {
 
     /**
      * Retrieves PKCS10
-     *
-     * @param name name of the  input type
+     * 
+     * @param name name of the input type
      * @param def default PKCS10
      * @return PKCS10 object
      * @exception EBaseException on error
@@ -209,14 +207,14 @@ public interface IArgBlock extends Serializable {
 
     /**
      * Retrieves a list of argument keys.
-     *
+     * 
      * @return a list of string-based keys
      */
     public Enumeration<String> elements();
 
     /**
      * Adds long-type arguments to this block.
-     *
+     * 
      * @param n key
      * @param v value
      * @return value
@@ -225,7 +223,7 @@ public interface IArgBlock extends Serializable {
 
     /**
      * Adds integer-type arguments to this block.
-     *
+     * 
      * @param n key
      * @param v value
      * @return value
@@ -234,7 +232,7 @@ public interface IArgBlock extends Serializable {
 
     /**
      * Adds boolean-type arguments to this block.
-     *
+     * 
      * @param n key
      * @param v value
      * @return value
@@ -243,7 +241,7 @@ public interface IArgBlock extends Serializable {
 
     /**
      * Adds integer-type arguments to this block.
-     *
+     * 
      * @param n key
      * @param v value
      * @param radix radix
@@ -253,7 +251,7 @@ public interface IArgBlock extends Serializable {
 
     /**
      * Sets argument into this block.
-     *
+     * 
      * @param name key
      * @param obj value
      */
@@ -261,7 +259,7 @@ public interface IArgBlock extends Serializable {
 
     /**
      * Retrieves argument.
-     *
+     * 
      * @param name key
      * @return object value
      */
@@ -269,14 +267,14 @@ public interface IArgBlock extends Serializable {
 
     /**
      * Deletes argument by the given key.
-     *
+     * 
      * @param name key
      */
     public void delete(String name);
 
     /**
      * Retrieves a list of argument keys.
-     *
+     * 
      * @return a list of string-based keys
      */
     public Enumeration<String> getElements();
diff --git a/pki/base/common/src/com/netscape/certsrv/base/IAttrSet.java b/pki/base/common/src/com/netscape/certsrv/base/IAttrSet.java
index 28e36da6..c37cc01e 100644
--- a/pki/base/common/src/com/netscape/certsrv/base/IAttrSet.java
+++ b/pki/base/common/src/com/netscape/certsrv/base/IAttrSet.java
@@ -17,38 +17,34 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.base;
 
-
 import java.io.Serializable;
 import java.util.Enumeration;
 
-
 /**
- * This interface defines the abstraction for the generic collection
- * of attributes indexed by string names.
- * Set of cooperating implementations of this interface may exploit
- * dot-separated attribute names to provide seamless access to the
- * attributes of attribute value  which also implements AttrSet
- * interface as if it was direct attribute of the container
- * E.g., ((AttrSet)container.get("x")).get("y") is equivalent to
- * container.get("x.y");
+ * This interface defines the abstraction for the generic collection of
+ * attributes indexed by string names. Set of cooperating implementations of
+ * this interface may exploit dot-separated attribute names to provide seamless
+ * access to the attributes of attribute value which also implements AttrSet
+ * interface as if it was direct attribute of the container E.g.,
+ * ((AttrSet)container.get("x")).get("y") is equivalent to container.get("x.y");
  * <p>
- *
+ * 
  * @version $Revision$, $Date$
  **/
 public interface IAttrSet extends Serializable {
 
     /**
      * Sets an attribute value within this AttrSet.
-     *
+     * 
      * @param name the name of the attribute
      * @param obj the attribute object.
      * @exception EBaseException on attribute handling errors.
      */
-    public void set(String name, Object obj)throws EBaseException;
+    public void set(String name, Object obj) throws EBaseException;
 
     /**
      * Gets an attribute value.
-     *
+     * 
      * @param name the name of the attribute to return.
      * @exception EBaseException on attribute handling errors.
      */
@@ -56,7 +52,7 @@ public interface IAttrSet extends Serializable {
 
     /**
      * Deletes an attribute value from this AttrSet.
-     *
+     * 
      * @param name the name of the attribute to delete.
      * @exception EBaseException on attribute handling errors.
      */
@@ -65,7 +61,7 @@ public interface IAttrSet extends Serializable {
     /**
      * Returns an enumeration of the names of the attributes existing within
      * this AttrSet.
-     *
+     * 
      * @return an enumeration of the attribute names.
      */
     public Enumeration<?> getElements();
diff --git a/pki/base/common/src/com/netscape/certsrv/base/IAuthInfo.java b/pki/base/common/src/com/netscape/certsrv/base/IAuthInfo.java
index 91f9f51a..ed55d47e 100644
--- a/pki/base/common/src/com/netscape/certsrv/base/IAuthInfo.java
+++ b/pki/base/common/src/com/netscape/certsrv/base/IAuthInfo.java
@@ -17,15 +17,11 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.base;
 
-
-
-
 /**
- * An interface represents an authentication context. This
- * is an entity that encapsulates the authentication
- * information of a service requestor. For example, CMS
- * user needs to authenticate to CMS using SSL. The
- * client certificate is expressed in authenticated context.
+ * An interface represents an authentication context. This is an entity that
+ * encapsulates the authentication information of a service requestor. For
+ * example, CMS user needs to authenticate to CMS using SSL. The client
+ * certificate is expressed in authenticated context.
  * <P>
  * 
  * @version $Revision$, $Date$
diff --git a/pki/base/common/src/com/netscape/certsrv/base/ICRLPrettyPrint.java b/pki/base/common/src/com/netscape/certsrv/base/ICRLPrettyPrint.java
index c770121f..eb11dfc8 100644
--- a/pki/base/common/src/com/netscape/certsrv/base/ICRLPrettyPrint.java
+++ b/pki/base/common/src/com/netscape/certsrv/base/ICRLPrettyPrint.java
@@ -17,21 +17,19 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.base;
 
-
 import java.util.Locale;
 
-
 /**
- * This interface represents a CRL pretty print handler.
- * It converts a CRL object into a printable CRL string.
- *
+ * This interface represents a CRL pretty print handler. It converts a CRL
+ * object into a printable CRL string.
+ * 
  * @version $Revision$, $Date$
  */
 public interface ICRLPrettyPrint {
 
     /**
      * Retrieves the printable CRL string.
-     *
+     * 
      * @param clientLocale end user clocale
      * @param crlSize CRL size
      * @param pageStart starting page number
@@ -42,7 +40,7 @@ public interface ICRLPrettyPrint {
 
     /**
      * Retrieves the printable CRL string.
-     *
+     * 
      * @param clientLocale end user clocale
      * @return printable CRL string
      */
diff --git a/pki/base/common/src/com/netscape/certsrv/base/ICertPrettyPrint.java b/pki/base/common/src/com/netscape/certsrv/base/ICertPrettyPrint.java
index fc4e8c29..fbef80f4 100644
--- a/pki/base/common/src/com/netscape/certsrv/base/ICertPrettyPrint.java
+++ b/pki/base/common/src/com/netscape/certsrv/base/ICertPrettyPrint.java
@@ -17,22 +17,19 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.base;
 
-
 import java.util.Locale;
 
-
 /**
- * This interface represents a certificate pretty print
- * handler. This handler converts certificate object into
- * a printable certificate string.
+ * This interface represents a certificate pretty print handler. This handler
+ * converts certificate object into a printable certificate string.
  * 
- * @version $Revision$, $Date$ 
+ * @version $Revision$, $Date$
  */
 public interface ICertPrettyPrint {
 
     /**
      * Returns printable certificate string.
-     *
+     * 
      * @param clientLocale end user locale
      * @return printable certificate string
      */
diff --git a/pki/base/common/src/com/netscape/certsrv/base/IConfigStore.java b/pki/base/common/src/com/netscape/certsrv/base/IConfigStore.java
index aef83b1c..207ff83a 100644
--- a/pki/base/common/src/com/netscape/certsrv/base/IConfigStore.java
+++ b/pki/base/common/src/com/netscape/certsrv/base/IConfigStore.java
@@ -17,16 +17,16 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.base;
 
-
 import java.math.BigInteger;
 import java.util.Enumeration;
 
-
 /**
- * An interface represents a configuration store. 
- * A configuration store is an abstraction of a hierarchical store 
- * to keep arbitrary data indexed by string names.<p>
- * In the following example: 
+ * An interface represents a configuration store. A configuration store is an
+ * abstraction of a hierarchical store to keep arbitrary data indexed by string
+ * names.
+ * <p>
+ * In the following example:
+ * 
  * <pre>
  *      param1=value1
  *      configStore1.param11=value11
@@ -35,26 +35,28 @@ import java.util.Enumeration;
  *      configStore1.subStore1.param112=value112
  *      configStore2.param21=value21
  * </pre>
- * The top config store has parameters <i>param1</i> and sub-stores 
+ * 
+ * The top config store has parameters <i>param1</i> and sub-stores
  * <i>configStore1</i> and <i>configStore2</i>. <br>
  * The following illustrates how a config store is used.
+ * 
  * <pre>
- *     // the top config store is passed to the following method. 
- *     public void init(IConfigStore config) throws EBaseException {
- *       IConfigStore store = config;
- *       String valx = config.getString("param1");  
- *       // valx is "value1" <p>
- *
- *       IConfigStore substore1 = config.getSubstore("configStore1");
- *       String valy = substore1.getString("param11"); 
- *       // valy is "value11" <p>
- *	
- *       IConfigStore substore2 = config.getSubstore("configStore2");
- *       String valz = substore2.getString("param21"); 
- *       // valz is "value21" <p>
- *     }
+ * // the top config store is passed to the following method.
+ * public void init(IConfigStore config) throws EBaseException {
+ *     IConfigStore store = config;
+ *     String valx = config.getString(&quot;param1&quot;);
+ *     // valx is &quot;value1&quot; &lt;p&gt;
+ * 
+ *     IConfigStore substore1 = config.getSubstore(&quot;configStore1&quot;);
+ *     String valy = substore1.getString(&quot;param11&quot;);
+ *     // valy is &quot;value11&quot; &lt;p&gt;
+ * 
+ *     IConfigStore substore2 = config.getSubstore(&quot;configStore2&quot;);
+ *     String valz = substore2.getString(&quot;param21&quot;);
+ *     // valz is &quot;value21&quot; &lt;p&gt;
+ * }
  * </pre>
- *		
+ * 
  * @version $Revision$, $Date$
  */
 public interface IConfigStore extends ISourceConfigStore {
@@ -62,6 +64,7 @@ public interface IConfigStore extends ISourceConfigStore {
     /**
      * Gets the name of this Configuration Store.
      * <P>
+     * 
      * @return The name of this Configuration store
      */
     public String getName();
@@ -69,60 +72,66 @@ public interface IConfigStore extends ISourceConfigStore {
     /**
      * Retrieves the value of the given property as a string.
      * <p>
+     * 
      * @param name The name of the property to get
      * @return The value of the property as a String
      * @exception EPropertyNotFound If the property is not present
      * @exception EBaseException If an internal error occurred
      */
-    public String getString(String name) 
-        throws EPropertyNotFound, EBaseException;
+    public String getString(String name)
+            throws EPropertyNotFound, EBaseException;
 
     /**
-     * Retrieves the value of a given property as a string or the 
-     * given default value if the property is not present.
+     * Retrieves the value of a given property as a string or the given default
+     * value if the property is not present.
      * <P>
+     * 
      * @param name The property to retrive
      * @param defval The default value to return if the property is not present
      * @return The roperty value as a string
      * @exception EBaseException If an internal error occurred
      */
-    public String getString(String name, String defval) 
-        throws EBaseException;
+    public String getString(String name, String defval)
+            throws EBaseException;
 
     /**
-     * Stores a property and its value as a string. 
+     * Stores a property and its value as a string.
      * <p>
+     * 
      * @param name The name of the property
      * @param value The value as a string
-     */ 
+     */
     public void putString(String name, String value);
 
     /**
      * Retrieves the value of a property as a byte array.
      * <P>
+     * 
      * @param name The property name
      * @return The property value as a byte array
      * @exception EPropertyNotFound If the property is not present
      * @exception EBaseException If an internal error occurred
      */
-    public byte[] getByteArray(String name) 
-        throws EPropertyNotFound, EBaseException;
+    public byte[] getByteArray(String name)
+            throws EPropertyNotFound, EBaseException;
 
     /**
-     * Retrieves the value of a property as a byte array, using the 
-     * given default value if property is not present.
+     * Retrieves the value of a property as a byte array, using the given
+     * default value if property is not present.
      * <P>
+     * 
      * @param name The name of the property
      * @param defval The default value if the property is not present.
      * @return The property value as a byte array.
      * @exception EBaseException If an internal error occurred
      */
-    public byte[] getByteArray(String name, byte defval[]) 
-        throws EBaseException;
+    public byte[] getByteArray(String name, byte defval[])
+            throws EBaseException;
 
     /**
      * Stores the given property and value as a byte array.
      * <p>
+     * 
      * @param name The property name
      * @param value The value as a byte array to store
      */
@@ -131,29 +140,32 @@ public interface IConfigStore extends ISourceConfigStore {
     /**
      * Retrieves the given property as a boolean.
      * <P>
+     * 
      * @param name The name of the property as a string.
      * @return The value of the property as a boolean.
      * @exception EPropertyNotFound If the property is not present
      * @exception EBaseException If an internal error occurred
      */
-    public boolean getBoolean(String name) 
-        throws EPropertyNotFound, EBaseException;
+    public boolean getBoolean(String name)
+            throws EPropertyNotFound, EBaseException;
 
     /**
      * Retrieves the given property as a boolean.
      * <P>
+     * 
      * @param name The name of the property
-     * @param defval The default value to turn as a boolean if 
-     * property is not present
+     * @param defval The default value to turn as a boolean if property is not
+     *            present
      * @return The value of the property as a boolean.
      * @exception EBaseException If an internal error occurred
      */
-    public boolean getBoolean(String name, boolean defval) 
-        throws EBaseException;
+    public boolean getBoolean(String name, boolean defval)
+            throws EBaseException;
 
     /**
      * Stores the given property and its value as a boolean.
      * <P>
+     * 
      * @param name The property name
      * @param value The value as a boolean
      */
@@ -162,28 +174,30 @@ public interface IConfigStore extends ISourceConfigStore {
     /**
      * Retrieves the given property as an integer.
      * <P>
+     * 
      * @param name The property name
      * @return The property value as an integer
      * @exception EPropertyNotFound If property is not found
      * @exception EBaseException If an internal error occurred
      */
-    public int getInteger(String name) 
-        throws EPropertyNotFound, EBaseException;
+    public int getInteger(String name)
+            throws EPropertyNotFound, EBaseException;
 
     /**
      * Retrieves the given property as an integer.
      * <P>
+     * 
      * @param name The property name
      * @return int The default value to return as an integer
-     * @exception EBaseException If the value cannot be converted to a 
-     * integer
+     * @exception EBaseException If the value cannot be converted to a integer
      */
-    public int getInteger(String name, int defval) 
-        throws EBaseException;
+    public int getInteger(String name, int defval)
+            throws EBaseException;
 
     /**
      * Sets a property and its value as an integer.
      * <P>
+     * 
      * @param name parameter name
      * @param value integer value
      */
@@ -192,28 +206,30 @@ public interface IConfigStore extends ISourceConfigStore {
     /**
      * Retrieves the given property as a big integer.
      * <P>
+     * 
      * @param name The property name
      * @return The property value as a big integer
      * @exception EPropertyNotFound If property is not found
      * @exception EBaseException If an internal error occurred
      */
-    public BigInteger getBigInteger(String name) 
-        throws EPropertyNotFound, EBaseException;
+    public BigInteger getBigInteger(String name)
+            throws EPropertyNotFound, EBaseException;
 
     /**
      * Retrieves the given property as a big integer.
      * <P>
+     * 
      * @param name The property name
      * @return int The default value to return as a big integer
-     * @exception EBaseException If the value cannot be converted to a 
-     * integer
+     * @exception EBaseException If the value cannot be converted to a integer
      */
-    public BigInteger getBigInteger(String name, BigInteger defval) 
-        throws EBaseException;
+    public BigInteger getBigInteger(String name, BigInteger defval)
+            throws EBaseException;
 
     /**
      * Sets a property and its value as an integer.
      * <P>
+     * 
      * @param name parameter name
      * @param value big integer value
      */
@@ -222,23 +238,26 @@ public interface IConfigStore extends ISourceConfigStore {
     /**
      * Creates a nested sub-store with the specified name.
      * <P>
+     * 
      * @param name The name of the sub-store
      * @return The sub-store created
      */
     public IConfigStore makeSubStore(String name);
 
     /**
-     * Retrieves the given sub-store. 
+     * Retrieves the given sub-store.
      * <P>
+     * 
      * @param name The name of the sub-store
      * @return The sub-store
      */
     public IConfigStore getSubStore(String name);
 
     /**
-     * Removes sub-store with the given name. 
-     * (Removes all properties and sub-stores under this sub-store.)
+     * Removes sub-store with the given name. (Removes all properties and
+     * sub-stores under this sub-store.)
      * <P>
+     * 
      * @param name The name of the sub-store to remove
      */
     public void removeSubStore(String name);
@@ -247,22 +266,24 @@ public interface IConfigStore extends ISourceConfigStore {
 
     /**
      * Retrives and enumeration of all properties in this config-store.
+     * 
      * @return An enumeration of all properties in this config-store
      */
     public Enumeration<String> getPropertyNames();
 
     /**
-     * Returns an enumeration of the names of the substores of 
-     * this config-store.
+     * Returns an enumeration of the names of the substores of this
+     * config-store.
      * <P>
-     * @return An enumeration of the names of the sub-stores of this 
-     * config-store
+     * 
+     * @return An enumeration of the names of the sub-stores of this
+     *         config-store
      */
     public Enumeration<String> getSubStoreNames();
 
     /**
      * Commits all the data into file immediately.
-     *
+     * 
      * @param createBackup true if a backup file should be created
      * @exception EBaseException failed to commit
      */
@@ -273,4 +294,3 @@ public interface IConfigStore extends ISourceConfigStore {
      */
     public int size();
 }
-
diff --git a/pki/base/common/src/com/netscape/certsrv/base/IConfigStoreEventListener.java b/pki/base/common/src/com/netscape/certsrv/base/IConfigStoreEventListener.java
index f2b6a03d..376b4e91 100644
--- a/pki/base/common/src/com/netscape/certsrv/base/IConfigStoreEventListener.java
+++ b/pki/base/common/src/com/netscape/certsrv/base/IConfigStoreEventListener.java
@@ -17,34 +17,32 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.base;
 
-
 import java.util.Hashtable;
- 
 
 /**
  * ConfigStore Parameters Event Notification.
- *
+ * 
  * @version $Revision$, $Date$
  */
 public interface IConfigStoreEventListener {
 
     /**
      * Called to validate the config store parameters that changed
-     *
+     * 
      * @param action action
      * @param params configuration parameters changed
      * @exception EBaseException failed to validate
      */
-    public void validateConfigParams(String action, 
-        Hashtable params) throws EBaseException;
+    public void validateConfigParams(String action,
+            Hashtable params) throws EBaseException;
 
     /**
      * Validates the config store parameters that changed
-     *
+     * 
      * @param action action
      * @param params configuration parameters changed
      * @exception EBaseException failed to validate
      */
-    public void doConfigParams(String action, 
-        Hashtable params) throws EBaseException;
+    public void doConfigParams(String action,
+            Hashtable params) throws EBaseException;
 }
diff --git a/pki/base/common/src/com/netscape/certsrv/base/IExtPrettyPrint.java b/pki/base/common/src/com/netscape/certsrv/base/IExtPrettyPrint.java
index 73e95b77..101af3fa 100644
--- a/pki/base/common/src/com/netscape/certsrv/base/IExtPrettyPrint.java
+++ b/pki/base/common/src/com/netscape/certsrv/base/IExtPrettyPrint.java
@@ -17,22 +17,17 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.base;
 
-
-
-
 /**
- * This class will display the certificate content in predefined
- * format.
- *
+ * This class will display the certificate content in predefined format.
+ * 
  * @version $Revision$, $Date$
  */
 public interface IExtPrettyPrint {
 
     /**
      * Retrieves the printable extension string.
-     *
+     * 
      * @return printable extension string
      */
     public String toString();
 }
-
diff --git a/pki/base/common/src/com/netscape/certsrv/base/IExtendedPluginInfo.java b/pki/base/common/src/com/netscape/certsrv/base/IExtendedPluginInfo.java
index e8060b24..e0f87c4e 100644
--- a/pki/base/common/src/com/netscape/certsrv/base/IExtendedPluginInfo.java
+++ b/pki/base/common/src/com/netscape/certsrv/base/IExtendedPluginInfo.java
@@ -17,14 +17,12 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.base;
 
-
 import java.util.Locale;
 
-
 /**
  * Plugin which can return extended information to console
  * <p>
- *
+ * 
  * @version $Revision$, $Date$
  */
 public interface IExtendedPluginInfo {
@@ -33,48 +31,43 @@ public interface IExtendedPluginInfo {
     public static final String HELP_TEXT = "HELP_TEXT";
 
     /**
-     *  This method returns an array of strings. Each element of the
-     *  array represents a configurable parameter, or some other
-     *  meta-info (such as help-token)
+     * This method returns an array of strings. Each element of the array
+     * represents a configurable parameter, or some other meta-info (such as
+     * help-token)
+     * 
+     * there is an entry indexed on that parameter name
+     * <param-name>;<type_info>[,required];<description>;...
+     * 
+     * Where:
+     * 
+     * type_info is either 'string', 'number', 'boolean', 'password' or
+     * 'choice(ch1,ch2,ch3,...)'
+     * 
+     * If the marker 'required' is included after the type_info, the parameter
+     * will has some visually distinctive marking in the UI.
+     * 
+     * 'description' is a short sentence describing the parameter 'choice' is
+     * rendered as a drop-down list. The first parameter in the list will be
+     * activated by default 'boolean' is rendered as a checkbox. The resulting
+     * parameter will be either 'true' or 'false' 'string' allows any characters
+     * 'number' allows only numbers 'password' is rendered as a password field
+     * (the characters are replaced with *'s when being types. This parameter is
+     * not passed through to the plugin. It is instead inserted directly into
+     * the password cache keyed on the instance name. The value of the parameter
+     * 'bindPWPrompt' (see example below) is set to the key.
+     * 
+     * In addition to the configurable parameters, the following magic
+     * parameters may be defined:
+     * 
+     * HELP_TOKEN;helptoken - a pointer to the online manual section for this
+     * plugin HELP_TEXT;helptext - a general help string describing the plugin
      * 
-     *  there is an entry indexed on that parameter name
-     *  <param-name>;<type_info>[,required];<description>;...
-     *  
-     *  Where:
-     *
-     *    type_info is either 'string', 'number', 'boolean', 'password' or 
-     *        'choice(ch1,ch2,ch3,...)'
-     *
-     *    If the marker 'required' is included after the type_info,
-     *    the parameter will has some visually distinctive marking in
-     *    the UI.
+     * For example: "username;string;The username you wish to login as"
+     * "bindPWPrompt;password;Enter password to bind as above user with"
+     * "algorithm;choice(RSA,DSA);Which algorithm do you want to use"
+     * "enable;boolean;Do you want to run this plugin"
+     * "port;number;Which port number do you want to use"
      * 
-     *    'description' is a short sentence describing the parameter
-     *    'choice' is rendered as a drop-down list. The first parameter in the
-     *       list will be activated by default
-     *    'boolean' is rendered as a checkbox. The resulting parameter will be
-     *       either 'true' or 'false'
-     *	  'string' allows any characters
-     *	  'number' allows only numbers
-     *    'password' is rendered as a password field (the characters are replaced
-     *       with *'s when being types. This parameter is not passed through to
-     *       the plugin. It is instead inserted directly into the password cache
-     *       keyed on the instance name. The value of the parameter
-     *       'bindPWPrompt' (see example below) is set to the key.
-     *
-     *  In addition to the configurable parameters, the following magic parameters
-     *  may be defined:
-     *  
-     *    HELP_TOKEN;helptoken - a pointer to the online manual section for this plugin
-     *    HELP_TEXT;helptext   - a general help string describing the plugin
-     *
-     *   For example:
-     *    "username;string;The username you wish to login as"
-     *    "bindPWPrompt;password;Enter password to bind as above user with"
-     *    "algorithm;choice(RSA,DSA);Which algorithm do you want to use"
-     *    "enable;boolean;Do you want to run this plugin"
-     *    "port;number;Which port number do you want to use"
-     *
      */
     public String[] getExtendedPluginInfo(Locale locale);
 
diff --git a/pki/base/common/src/com/netscape/certsrv/base/IPluginImpl.java b/pki/base/common/src/com/netscape/certsrv/base/IPluginImpl.java
index 4a55af60..3ce494d9 100644
--- a/pki/base/common/src/com/netscape/certsrv/base/IPluginImpl.java
+++ b/pki/base/common/src/com/netscape/certsrv/base/IPluginImpl.java
@@ -17,12 +17,11 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.base;
 
-
 import java.util.Vector;
 
 /**
  * This interface represents a plugin instance.
- *
+ * 
  * @version $Revision$, $Date$
  */
 public interface IPluginImpl {
@@ -32,6 +31,7 @@ public interface IPluginImpl {
     /**
      * Gets the description for this plugin instance.
      * <P>
+     * 
      * @return The Description for this plugin instance.
      */
     public String getDescription();
@@ -39,7 +39,7 @@ public interface IPluginImpl {
     /**
      * Returns the name of the plugin class.
      * <P>
-     *
+     * 
      * @return The name of the plugin class.
      */
     public String getImplName();
@@ -47,24 +47,24 @@ public interface IPluginImpl {
     /**
      * Returns the name of the plugin instance.
      * <P>
-     *
-     * @return The name of the plugin instance. If none	is set 
-     * the name of the implementation will be returned.xxxx
+     * 
+     * @return The name of the plugin instance. If none is set the name of the
+     *         implementation will be returned.xxxx
      */
     public String getInstanceName();
 
     /**
      * Initializes this plugin instance.
-     *
+     * 
      * @param sys parent subsystem
      * @param instanceName instance name of this plugin
      * @param className class name of this plugin
      * @param config configuration store
      * @exception EBaseException failed to initialize
      */
-    public void init(ISubsystem sys, String instanceName, String className, 
-        IConfigStore config)
-        throws EBaseException;
+    public void init(ISubsystem sys, String instanceName, String className,
+            IConfigStore config)
+            throws EBaseException;
 
     /**
      * Shutdowns this plugin.
@@ -73,33 +73,32 @@ public interface IPluginImpl {
 
     /**
      * Retrieves the configuration store.
-     *
+     * 
      * @return configuration store
      */
     public IConfigStore getConfigStore();
 
     /**
      * Return configured parameters for a plugin instance.
-     *
-     * @return nvPairs A Vector of name/value pairs. Each name/value 
-     *      pair is constructed as a String in name=value format.
+     * 
+     * @return nvPairs A Vector of name/value pairs. Each name/value pair is
+     *         constructed as a String in name=value format.
      */
     public Vector getInstanceParams();
 
     /**
      * Retrieves a list of configuration parameter names.
-     *
+     * 
      * @return a list of parameter names
      */
     public String[] getConfigParams();
 
     /**
      * Return default parameters for a plugin implementation.
-     *
-     * @return nvPairs A Vector of name/value pairs. Each name/value
-     *		  		pair is constructed as a String in name=value.
+     * 
+     * @return nvPairs A Vector of name/value pairs. Each name/value pair is
+     *         constructed as a String in name=value.
      */
     public Vector getDefaultParams();
 
 }
-
diff --git a/pki/base/common/src/com/netscape/certsrv/base/IPrettyPrintFormat.java b/pki/base/common/src/com/netscape/certsrv/base/IPrettyPrintFormat.java
index 1fba48f1..de03ec24 100644
--- a/pki/base/common/src/com/netscape/certsrv/base/IPrettyPrintFormat.java
+++ b/pki/base/common/src/com/netscape/certsrv/base/IPrettyPrintFormat.java
@@ -17,32 +17,28 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.base;
 
-
-
-
 /**
- * This class will display the certificate content in predefined
- * format.
- *
+ * This class will display the certificate content in predefined format.
+ * 
  * @version $Revision$, $Date$
  */
 public interface IPrettyPrintFormat {
 
     /**
      * Retrieves a pretty print string of the given byte array.
-     *
+     * 
      * @param in byte array
      * @param indentSize indentation size
      * @param lineLen length of line
      * @param separator separator string
      * @return pretty print string
      */
-    public String toHexString(byte[] in, int indentSize, 
-        int lineLen, String separator);
+    public String toHexString(byte[] in, int indentSize,
+            int lineLen, String separator);
 
     /**
      * Retrieves a pretty print string of the given byte array.
-     *
+     * 
      * @param in byte array
      * @param indentSize indentation size
      * @param lineLen length of line
@@ -52,7 +48,7 @@ public interface IPrettyPrintFormat {
 
     /**
      * Retrieves a pretty print string of the given byte array.
-     *
+     * 
      * @param in byte array
      * @param indentSize indentation size
      * @return pretty print string
@@ -61,7 +57,7 @@ public interface IPrettyPrintFormat {
 
     /**
      * Retrieves a pretty print string of the given byte array.
-     *
+     * 
      * @param in byte array
      * @return pretty print string
      */
diff --git a/pki/base/common/src/com/netscape/certsrv/base/ISecurityDomainSessionTable.java b/pki/base/common/src/com/netscape/certsrv/base/ISecurityDomainSessionTable.java
index ced3886c..24c55d08 100644
--- a/pki/base/common/src/com/netscape/certsrv/base/ISecurityDomainSessionTable.java
+++ b/pki/base/common/src/com/netscape/certsrv/base/ISecurityDomainSessionTable.java
@@ -19,21 +19,30 @@ package com.netscape.certsrv.base;
 
 import java.util.Enumeration;
 
-
 /**
  * This interface defines the abstraction for the cookie table.
  **/
 public interface ISecurityDomainSessionTable {
-    public static final int SUCCESS =0;
-    public static final int FAILURE =1;
+    public static final int SUCCESS = 0;
+    public static final int FAILURE = 1;
+
     public int addEntry(String cookieId, String ip, String uid, String group);
+
     public int removeEntry(String sessionId);
+
     public boolean isSessionIdExist(String sessionId);
+
     public String getIP(String sessionId);
+
     public String getUID(String sessionId);
+
     public String getGroup(String sessionId);
+
     public long getBeginTime(String sessionId);
+
     public int getSize();
+
     public long getTimeToLive();
+
     public Enumeration<String> getSessionIds();
 }
diff --git a/pki/base/common/src/com/netscape/certsrv/base/ISourceConfigStore.java b/pki/base/common/src/com/netscape/certsrv/base/ISourceConfigStore.java
index 03adb700..87a7ea40 100644
--- a/pki/base/common/src/com/netscape/certsrv/base/ISourceConfigStore.java
+++ b/pki/base/common/src/com/netscape/certsrv/base/ISourceConfigStore.java
@@ -17,20 +17,19 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.base;
 
-
 import java.io.IOException;
 import java.io.InputStream;
 import java.io.OutputStream;
 import java.io.Serializable;
 import java.util.Enumeration;
 
-
 /**
- * An interface that represents the source that creates the configuration
- * store tree. Note that the tree can be built based on the information
- * from a text file or ldap entries.
+ * An interface that represents the source that creates the configuration store
+ * tree. Note that the tree can be built based on the information from a text
+ * file or ldap entries.
+ * 
  * @see com.netscape.certsrv.base.IConfigStore
- *
+ * 
  * @version $Revision$, $Date$
  */
 public interface ISourceConfigStore extends Serializable {
@@ -38,7 +37,7 @@ public interface ISourceConfigStore extends Serializable {
     /**
      * Gets a property.
      * <P>
-     *
+     * 
      * @param name The property name
      * @return property value
      */
@@ -47,7 +46,7 @@ public interface ISourceConfigStore extends Serializable {
     /**
      * Retrieves a property.
      * <P>
-     *
+     * 
      * @param name The property name
      * @param value The property value
      */
@@ -56,7 +55,7 @@ public interface ISourceConfigStore extends Serializable {
     /**
      * Returns an enumeration of the config store's keys.
      * <P>
-     *
+     * 
      * @return a list of keys
      * @see java.util.Hashtable#elements
      * @see java.util.Enumeration
@@ -64,16 +63,16 @@ public interface ISourceConfigStore extends Serializable {
     public Enumeration<String> keys();
 
     /**
-     * Reads a config store from an input stream. 
-     *
+     * Reads a config store from an input stream.
+     * 
      * @param in input stream where the properties are located
      * @exception IOException If an IO error occurs while loading from input.
      */
     public void load(InputStream in) throws IOException;
 
     /**
-     * Stores this config store to the specified output stream. 
-     *
+     * Stores this config store to the specified output stream.
+     * 
      * @param out output stream where the properties should be serialized
      * @param header optional header to be serialized
      */
diff --git a/pki/base/common/src/com/netscape/certsrv/base/ISubsystem.java b/pki/base/common/src/com/netscape/certsrv/base/ISubsystem.java
index 77f1708a..994c8f75 100644
--- a/pki/base/common/src/com/netscape/certsrv/base/ISubsystem.java
+++ b/pki/base/common/src/com/netscape/certsrv/base/ISubsystem.java
@@ -17,13 +17,9 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.base;
 
-
-
-
 /**
- * An interface represents a CMS subsystem. CMS is made up of a list
- * subsystems. Each subsystem is responsible for a set of 
- * speciailized functions.
+ * An interface represents a CMS subsystem. CMS is made up of a list subsystems.
+ * Each subsystem is responsible for a set of speciailized functions.
  * <P>
  * 
  * @version $Revision$, $Date$
@@ -32,41 +28,40 @@ public interface ISubsystem {
 
     /**
      * Retrieves the name of this subsystem.
-     *
+     * 
      * @return subsystem identifier
      */
     public String getId();
 
     /**
      * Sets specific to this subsystem.
-     *
+     * 
      * @param id subsystem identifier
      * @exception EBaseException failed to set id
      */
     public void setId(String id) throws EBaseException;
 
     /**
-     * Initializes this subsystem with the given configuration
-     * store.
+     * Initializes this subsystem with the given configuration store.
      * <P>
-     *
+     * 
      * @param owner owner of this subsystem
      * @param config configuration store
      * @exception EBaseException failed to initialize
      */
     public void init(ISubsystem owner, IConfigStore config)
-        throws EBaseException;
+            throws EBaseException;
 
     /**
      * Notifies this subsystem if owner is in running mode.
-     *
+     * 
      * @exception EBaseException failed to start up
      */
     public void startup() throws EBaseException;
 
     /**
-     * Stops this system. The owner may call shutdown
-     * anytime after initialization.
+     * Stops this system. The owner may call shutdown anytime after
+     * initialization.
      * <P>
      */
     public void shutdown();
@@ -74,7 +69,7 @@ public interface ISubsystem {
     /**
      * Returns the root configuration storage of this system.
      * <P>
-     *
+     * 
      * @return configuration store of this subsystem
      */
     public IConfigStore getConfigStore();
diff --git a/pki/base/common/src/com/netscape/certsrv/base/ISubsystemSource.java b/pki/base/common/src/com/netscape/certsrv/base/ISubsystemSource.java
index 23b82179..7c491d51 100644
--- a/pki/base/common/src/com/netscape/certsrv/base/ISubsystemSource.java
+++ b/pki/base/common/src/com/netscape/certsrv/base/ISubsystemSource.java
@@ -17,12 +17,9 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.base;
 
-
-
-
 /**
- * An interface represents a subsystem source. A subsystem
- * source is a container that manages multiple subsystems.
+ * An interface represents a subsystem source. A subsystem source is a container
+ * that manages multiple subsystems.
  * <P>
  * 
  * @version $Revision$, $Date$
@@ -31,7 +28,7 @@ public interface ISubsystemSource {
 
     /**
      * Retrieves subsystem from the source.
-     *
+     * 
      * @param sid subsystem identifier
      * @return subsystem
      */
diff --git a/pki/base/common/src/com/netscape/certsrv/base/ITimeSource.java b/pki/base/common/src/com/netscape/certsrv/base/ITimeSource.java
index f1e3e25e..6805a5f9 100644
--- a/pki/base/common/src/com/netscape/certsrv/base/ITimeSource.java
+++ b/pki/base/common/src/com/netscape/certsrv/base/ITimeSource.java
@@ -17,17 +17,13 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.base;
 
-
 import java.util.Date;
 
-
 /**
- * This interface represents a time source where
- * current time can be retrieved. CMS is installed
- * with a default time source that returns
- * current time based on the system time. It is
- * possible to register a time source that returns
- * the current time from a NTP server.
+ * This interface represents a time source where current time can be retrieved.
+ * CMS is installed with a default time source that returns current time based
+ * on the system time. It is possible to register a time source that returns the
+ * current time from a NTP server.
  * 
  * @version $Revision$, $Date$
  */
@@ -35,7 +31,7 @@ public interface ITimeSource {
 
     /**
      * Retrieves current time and date.
-     *
+     * 
      * @return current time and date
      */
     public Date getCurrentDate();
diff --git a/pki/base/common/src/com/netscape/certsrv/base/KeyGenInfo.java b/pki/base/common/src/com/netscape/certsrv/base/KeyGenInfo.java
index 17efca77..5fc4ea20 100644
--- a/pki/base/common/src/com/netscape/certsrv/base/KeyGenInfo.java
+++ b/pki/base/common/src/com/netscape/certsrv/base/KeyGenInfo.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.base;
 
-
 import java.io.IOException;
 
 import netscape.security.util.DerInputStream;
@@ -25,35 +24,36 @@ import netscape.security.util.DerValue;
 import netscape.security.x509.AlgorithmId;
 import netscape.security.x509.X509Key;
 
-
 /**
- *
- * The <code>KeyGenInfo</code> represents the information generated by
- * the KeyGen tag of the HTML forms. It provides the parsing and accessing
- * mechanisms.<p>
- *
+ * 
+ * The <code>KeyGenInfo</code> represents the information generated by the
+ * KeyGen tag of the HTML forms. It provides the parsing and accessing
+ * mechanisms.
+ * <p>
+ * 
  * <pre>
  * SignedPublicKeyAndChallenge ::= SEQUENCE {
  *      publicKeyAndChallenge PublicKeyAndChallenge,
  *      signatureAlgorithm AlgorithmIdentifier,
  *      signature BIT STRING
  * }
- *
+ * 
  * PublicKeyAndChallenge ::= SEQUENCE {
  *      spki SubjectPublicKeyInfo,
  *      challenge IA5STRING
  * }
- *</pre>
- *
- *
+ * </pre>
+ * 
+ * 
  * @version $Revision$, $Date$
  */
 
 public class KeyGenInfo {
 
-    /*==========================================================
-     * variables
-     *==========================================================*/
+    /*
+     * ========================================================== variables
+     * ==========================================================
+     */
     private String mSPKACString;
     private byte mPKAC[];
     private byte mSPKAC[];
@@ -64,36 +64,38 @@ public class KeyGenInfo {
     private byte mSignature[];
     private AlgorithmId mAlgId;
 
-    /*==========================================================
-     * constructors
-     *==========================================================*/
+    /*
+     * ========================================================== constructors
+     * ==========================================================
+     */
 
     /**
-     * Construct empty KeyGenInfo. Need to call decode function
-     * later to initialize.
+     * Construct empty KeyGenInfo. Need to call decode function later to
+     * initialize.
      */
     public KeyGenInfo() {
 
     }
 
     /**
-     * Construct KeyGenInfo using the SignedPublicKeyAndChallenge
-     * string representation.
-     *
+     * Construct KeyGenInfo using the SignedPublicKeyAndChallenge string
+     * representation.
+     * 
      * @param spkac SignedPublicKeyAndChallenge string representation
      */
     public KeyGenInfo(String spkac)
-        throws IOException {
+            throws IOException {
         decode(spkac);
     }
 
-    /*==========================================================
-     * public methods
-     *==========================================================*/
+    /*
+     * ========================================================== public methods
+     * ==========================================================
+     */
 
     /**
      * Initialize using the SPKAC string
-     *
+     * 
      * @param spkac SPKAC string from the end user
      */
     public void decode(String spkac) throws IOException {
@@ -104,7 +106,7 @@ public class KeyGenInfo {
 
     /**
      * Der encoded into buffer
-     *
+     * 
      * @return Der encoded buffer
      */
     public byte[] encode() {
@@ -113,7 +115,7 @@ public class KeyGenInfo {
 
     /**
      * Get SPKI in DerValue form
-     *
+     * 
      * @return SPKI in DerValue form
      */
     public DerValue getDerSPKI() {
@@ -122,7 +124,7 @@ public class KeyGenInfo {
 
     /**
      * Get SPKI as X509Key
-     *
+     * 
      * @return SPKI in X509Key form
      */
     public X509Key getSPKI() {
@@ -131,7 +133,7 @@ public class KeyGenInfo {
 
     /**
      * Get Challenge phrase in DerValue form
-     *
+     * 
      * @return Challenge in DerValue form. null if none.
      */
     public DerValue getDerChallenge() {
@@ -140,7 +142,7 @@ public class KeyGenInfo {
 
     /**
      * Get Challenge phrase in string format
-     *
+     * 
      * @return challenge phrase. null if none.
      */
     public String getChallenge() {
@@ -149,6 +151,7 @@ public class KeyGenInfo {
 
     /**
      * Get Signature
+     * 
      * @return signature
      */
     public byte[] getSignature() {
@@ -157,6 +160,7 @@ public class KeyGenInfo {
 
     /**
      * Get Algorithm ID
+     * 
      * @return the algorithm id
      */
     public AlgorithmId getAlgorithmId() {
@@ -165,7 +169,7 @@ public class KeyGenInfo {
 
     /**
      * Validate Signature and Challenge Phrase
-     *
+     * 
      * @param challenge phrase; null if none
      * @return true if validated; otherwise, false
      */
@@ -180,7 +184,7 @@ public class KeyGenInfo {
 
     /**
      * String representation of KenGenInfo
-     *
+     * 
      * @return string representation of KeGenInfo
      */
     public String toString() {
@@ -189,18 +193,19 @@ public class KeyGenInfo {
         return "";
     }
 
-    /*==========================================================
-     * private methods
-     *==========================================================*/
+    /*
+     * ========================================================== private
+     * methods==========================================================
+     */
 
     private byte[] base64Decode(String spkac)
-        throws  IOException {
+            throws IOException {
 
         return com.netscape.osutil.OSUtil.AtoB(spkac);
     }
 
     private void derDecode(byte spkac[])
-        throws IOException {
+            throws IOException {
         DerInputStream derIn = new DerInputStream(spkac);
 
         /* get SPKAC Algorithm & Signature */
@@ -224,4 +229,3 @@ public class KeyGenInfo {
     }
 
 }
-
diff --git a/pki/base/common/src/com/netscape/certsrv/base/MessageFormatter.java b/pki/base/common/src/com/netscape/certsrv/base/MessageFormatter.java
index 8e186fc4..3445e236 100644
--- a/pki/base/common/src/com/netscape/certsrv/base/MessageFormatter.java
+++ b/pki/base/common/src/com/netscape/certsrv/base/MessageFormatter.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.base;
 
-
 import java.lang.reflect.Method;
 import java.text.MessageFormat;
 import java.util.Date;
@@ -25,13 +24,12 @@ import java.util.Locale;
 import java.util.MissingResourceException;
 import java.util.ResourceBundle;
 
-
 /**
- * Factors out common function of formatting internatinalized 
- * messages taking arguments and using  java.util.ResourceBundle 
- * and java.text.MessageFormat mechanism.
+ * Factors out common function of formatting internatinalized messages taking
+ * arguments and using java.util.ResourceBundle and java.text.MessageFormat
+ * mechanism.
  * <P>
- *
+ * 
  * @version $Revision$, $Date$
  * @see java.text.MessageFormat
  * @see java.util.ResourceBundle
@@ -42,22 +40,22 @@ public class MessageFormatter {
 
     /**
      * Retrieves the localized string.
-     *
+     * 
      * @param locale end user locale
      * @param resourceBundleBaseName resource bundle class name
      * @param formatString format string
      * @return localized string
      */
     public static String getLocalizedString(
-        Locale locale, String resourceBundleBaseName,
-        String formatString) {
-        return getLocalizedString(locale, resourceBundleBaseName, 
+            Locale locale, String resourceBundleBaseName,
+            String formatString) {
+        return getLocalizedString(locale, resourceBundleBaseName,
                 formatString, null);
     }
 
     /**
      * Retrieves the localized string.
-     *
+     * 
      * @param locale end user locale
      * @param resourceBundleBaseName resource bundle class name
      * @param formatString format string
@@ -65,18 +63,18 @@ public class MessageFormatter {
      * @return localized string
      */
     public static String getLocalizedString(
-        Locale locale, String resourceBundleBaseName,
-        String formatString, Object params) {
+            Locale locale, String resourceBundleBaseName,
+            String formatString, Object params) {
         Object o[] = new Object[1];
 
         o[0] = params;
-        return getLocalizedString(locale, resourceBundleBaseName, 
+        return getLocalizedString(locale, resourceBundleBaseName,
                 formatString, o);
     }
 
     /**
      * Retrieves the localized string.
-     *
+     * 
      * @param locale end user locale
      * @param resourceBundleBaseName resource bundle class name
      * @param formatString format string
@@ -84,8 +82,8 @@ public class MessageFormatter {
      * @return localized string
      */
     public static String getLocalizedString(
-        Locale locale, String resourceBundleBaseName,
-        String formatString, Object[] params) {
+            Locale locale, String resourceBundleBaseName,
+            String formatString, Object[] params) {
 
         String localizedFormat = null;
 
@@ -100,7 +98,7 @@ public class MessageFormatter {
                             resourceBundleBaseName, locale).getString(formatString);
             } catch (MissingResourceException e) {
                 return formatString;
-				
+
             }
             Object[] localizedParams = params;
             Object[] localeArg = null;
@@ -108,20 +106,21 @@ public class MessageFormatter {
             if (params != null) {
                 for (int i = 0; i < params.length; ++i) {
                     if (!(params[i] instanceof String) ||
-                        !(params[i] instanceof Date) ||
-                        !(params[i] instanceof Number)) {
+                            !(params[i] instanceof Date) ||
+                            !(params[i] instanceof Number)) {
                         if (localizedParams == params) {
 
                             // only done once
-                            // NB if the following variant of cloning code is used
-                            //         localizedParams = (Object [])mParams.clone();
+                            // NB if the following variant of cloning code is
+                            // used
+                            // localizedParams = (Object [])mParams.clone();
                             // it causes ArrayStoreException in
-                            //         localizedParams[i] = params[i].toString();
+                            // localizedParams[i] = params[i].toString();
                             // below
 
                             localizedParams = new Object[params.length];
                             System.arraycopy(params, 0, localizedParams, 0,
-                                params.length);
+                                    params.length);
                         }
                         try {
                             Method toStringMethod = params[i].getClass().getMethod(
@@ -141,7 +140,8 @@ public class MessageFormatter {
                 }
             }
             try {
-                // XXX - runtime exception may be raised by the following function
+                // XXX - runtime exception may be raised by the following
+                // function
                 MessageFormat format = new MessageFormat(localizedFormat);
 
                 return format.format(localizedParams);
diff --git a/pki/base/common/src/com/netscape/certsrv/base/MetaAttributeDef.java b/pki/base/common/src/com/netscape/certsrv/base/MetaAttributeDef.java
index 93dd2502..f68959db 100644
--- a/pki/base/common/src/com/netscape/certsrv/base/MetaAttributeDef.java
+++ b/pki/base/common/src/com/netscape/certsrv/base/MetaAttributeDef.java
@@ -17,17 +17,15 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.base;
 
-
 import java.util.Enumeration;
 import java.util.Hashtable;
 
 import netscape.security.util.ObjectIdentifier;
 
-
 /**
  * A class representing a meta attribute defintion.
  * <P>
- *
+ * 
  * @version $Revision$, $Date$
  */
 public class MetaAttributeDef {
@@ -40,66 +38,65 @@ public class MetaAttributeDef {
 
     private MetaAttributeDef() {
     }
-	
+
     /**
      * Constructs a MetaAttribute defintion
      * <P>
-     *
+     * 
      * @param name attribute name
      * @param valueClass attribute value class
      * @param oid attribute object identifier
      */
     private MetaAttributeDef(String name, Class<?> valueClass,
-        ObjectIdentifier oid) {
+            ObjectIdentifier oid) {
         mName = name;
         mValueClass = valueClass;
         mOid = oid;
     }
-    
+
     /**
      * Gets an attribute OID.
      * <P>
-     *
+     * 
      * @return returns attribute OID or null if not defined.
      */
-    public ObjectIdentifier getOID() { 
-        return mOid; 
+    public ObjectIdentifier getOID() {
+        return mOid;
     }
 
     /**
      * Gets an Java class for the attribute values
      * <P>
-     *
+     * 
      * @return returns Java class for the attribute values
      */
     public Class<?> getValueClass() {
-        return mValueClass; 
+        return mValueClass;
     }
 
     /**
      * Gets attribute name
      * <P>
-     *
-     * @return returns  attribute name
+     * 
+     * @return returns attribute name
      */
-    public String getName() { 
-        return mName; 
+    public String getName() {
+        return mName;
     }
-    
+
     /**
-     * Registers new MetaAttribute defintion
-     * Attribute is defined by name, Java class for attribute values and 
-     * optional object identifier
+     * Registers new MetaAttribute defintion Attribute is defined by name, Java
+     * class for attribute values and optional object identifier
      * <P>
-     *
+     * 
      * @param name attribute name
      * @param valueClass attribute value class
      * @param oid attribute object identifier
      * @exception IllegalArgumentException if name or valueClass are null, or
-     * conflicting attribute definition already exists
+     *                conflicting attribute definition already exists
      */
     public static MetaAttributeDef register(String name, Class<?> valueClass,
-        ObjectIdentifier oid) {
+            ObjectIdentifier oid) {
         if (name == null) {
             throw new IllegalArgumentException(
                     "Attribute name must not be null");
@@ -113,13 +110,13 @@ public class MetaAttributeDef {
         MetaAttributeDef oldDef;
 
         if ((oldDef = (MetaAttributeDef) mNameToAttrDef.get(name)) != null &&
-            !oldDef.equals(newDef)) {
+                !oldDef.equals(newDef)) {
             throw new IllegalArgumentException(
                     "Attribute \'" + name + "\' is already defined");
         }
         if (oid != null &&
-            (oldDef = (MetaAttributeDef) mOidToAttrDef.get(oid)) != null &&
-            !oldDef.equals(newDef)) {
+                (oldDef = (MetaAttributeDef) mOidToAttrDef.get(oid)) != null &&
+                !oldDef.equals(newDef)) {
             throw new IllegalArgumentException(
                     "OID \'" + oid + "\' is already in use");
         }
@@ -128,37 +125,37 @@ public class MetaAttributeDef {
             mOidToAttrDef.put(oid, newDef);
         }
         return newDef;
-    }    
-    
+    }
+
     /**
      * Compares this attribute definition with another, for equality.
      * <P>
-     *
-     * @return true iff names, valueClasses and object identifiers 
-     * are identical.
+     * 
+     * @return true iff names, valueClasses and object identifiers are
+     *         identical.
      */
     public boolean equals(Object other) {
         if (other == this)
             return true;
-	  
+
         if (other instanceof MetaAttributeDef) {
             MetaAttributeDef otherDef = (MetaAttributeDef) other;
 
-            if ((mOid != null && otherDef.mOid != null && 
-                    !mOid.equals(otherDef.mOid)) || 
-                (mOid == null && otherDef.mOid != null) ||
-                !mName.equals(otherDef.mName) ||  
-                !mValueClass.equals(otherDef.mValueClass)) {
+            if ((mOid != null && otherDef.mOid != null &&
+                    !mOid.equals(otherDef.mOid)) ||
+                    (mOid == null && otherDef.mOid != null) ||
+                    !mName.equals(otherDef.mName) ||
+                    !mValueClass.equals(otherDef.mValueClass)) {
                 return false;
             }
         }
         return false;
     }
-	
+
     /**
      * Retrieves attribute definition by name
      * <P>
-     *
+     * 
      * @param name attribute name
      * @return attribute definition or null if not found
      */
@@ -169,7 +166,7 @@ public class MetaAttributeDef {
     /**
      * Retrieves attribute definition by object identifier
      * <P>
-     *
+     * 
      * @param oid attribute object identifier
      * @return attribute definition or null if not found
      */
@@ -180,7 +177,7 @@ public class MetaAttributeDef {
     /**
      * Returns enumeration of the registered attribute names
      * <P>
-     *
+     * 
      * @return returns enumeration of the registered attribute names
      */
     public static Enumeration<String> getAttributeNames() {
@@ -190,7 +187,7 @@ public class MetaAttributeDef {
     /**
      * Returns enumeration of the registered attribute object identifiers
      * <P>
-     *
+     * 
      * @return returns enumeration of the attribute object identifiers
      */
     public static Enumeration<ObjectIdentifier> getAttributeNameOids() {
diff --git a/pki/base/common/src/com/netscape/certsrv/base/MetaInfo.java b/pki/base/common/src/com/netscape/certsrv/base/MetaInfo.java
index 65e40174..ba4a3412 100644
--- a/pki/base/common/src/com/netscape/certsrv/base/MetaInfo.java
+++ b/pki/base/common/src/com/netscape/certsrv/base/MetaInfo.java
@@ -17,17 +17,14 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.base;
 
-
 import java.util.Enumeration;
 import java.util.Hashtable;
 
-
 /**
- * A class represents meta information. A meta information
- * object is just a generic hashtable that is embedded into
- * a request object.
+ * A class represents meta information. A meta information object is just a
+ * generic hashtable that is embedded into a request object.
  * <P>
- *
+ * 
  * @version $Revision$, $Date$
  */
 public class MetaInfo implements IAttrSet {
@@ -41,7 +38,7 @@ public class MetaInfo implements IAttrSet {
 
     private Hashtable<String, Object> content = new Hashtable<String, Object>();
 
-    /**	
+    /**
      * Constructs a meta information.
      * <P>
      */
@@ -51,7 +48,7 @@ public class MetaInfo implements IAttrSet {
     /**
      * Returns a short string describing this certificate attribute.
      * <P>
-     *
+     * 
      * @return information about this certificate attribute.
      */
     public String toString() {
@@ -69,11 +66,11 @@ public class MetaInfo implements IAttrSet {
         sb.append("]\n");
         return sb.toString();
     }
-    
+
     /**
      * Gets an attribute value.
      * <P>
-     *
+     * 
      * @param name the name of the attribute to return.
      * @exception EBaseException on attribute handling errors.
      */
@@ -83,8 +80,8 @@ public class MetaInfo implements IAttrSet {
 
     /**
      * Sets an attribute value.
-     *
-     * @param name the name of the attribute 
+     * 
+     * @param name the name of the attribute
      * @param obj the attribute object.
      * 
      * @exception EBaseException on attribute handling errors.
@@ -92,18 +89,18 @@ public class MetaInfo implements IAttrSet {
     public void set(String name, Object obj) throws EBaseException {
         content.put(name, obj);
     }
-	
+
     /**
      * Deletes an attribute value from this CertAttrSet.
      * <P>
-     *
+     * 
      * @param name the name of the attribute to delete.
      * @exception EBaseException on attribute handling errors.
      */
     public void delete(String name) throws EBaseException {
         content.remove(name);
     }
-	
+
     /**
      * Returns an enumeration of the names of the attributes existing within
      * this attribute.
diff --git a/pki/base/common/src/com/netscape/certsrv/base/Nonces.java b/pki/base/common/src/com/netscape/certsrv/base/Nonces.java
index fde20933..cc0231ac 100644
--- a/pki/base/common/src/com/netscape/certsrv/base/Nonces.java
+++ b/pki/base/common/src/com/netscape/certsrv/base/Nonces.java
@@ -21,14 +21,13 @@ import java.security.cert.X509Certificate;
 import java.util.Hashtable;
 import java.util.Vector;
 
-
 /**
  * This class manages nonces sometimes used to control request state flow.
  * <P>
- *
+ * 
  * @version $Revision$, $Date$
  */
-public class Nonces  {
+public class Nonces {
 
     private Hashtable<Long, X509Certificate> mNonces = new Hashtable<Long, X509Certificate>();
     private Vector<Long> mNonceList = new Vector<Long>();
@@ -49,17 +48,17 @@ public class Nonces  {
         long i;
         long k = 0;
         long n = nonce;
-        long m = (long)((mNonceLimit / 2) + 1);
+        long m = (long) ((mNonceLimit / 2) + 1);
 
         for (i = 0; i < m; i++) {
             k = n + i;
             // avoid collisions
-            if (!mNonceList.contains((Object)k)) {
+            if (!mNonceList.contains((Object) k)) {
                 break;
             }
             k = n - i;
             // avoid collisions
-            if (!mNonceList.contains((Object)k)) {
+            if (!mNonceList.contains((Object) k)) {
                 break;
             }
         }
@@ -67,9 +66,9 @@ public class Nonces  {
             mNonceList.add(k);
             mNonces.put(k, cert);
             if (mNonceList.size() > mNonceLimit) {
-                n = ((Long)(mNonceList.firstElement())).longValue();
+                n = ((Long) (mNonceList.firstElement())).longValue();
                 mNonceList.remove(0);
-                mNonces.remove((Object)n);
+                mNonces.remove((Object) n);
             }
         } else {
             // failed to resolved collision
@@ -79,15 +78,15 @@ public class Nonces  {
     }
 
     public X509Certificate getCertificate(long nonce) {
-        X509Certificate cert = (X509Certificate)mNonces.get(nonce);
+        X509Certificate cert = (X509Certificate) mNonces.get(nonce);
         return cert;
     }
 
     public X509Certificate getCertificate(int index) {
         X509Certificate cert = null;
         if (index >= 0 && index < mNonceList.size()) {
-            long nonce = ((Long)(mNonceList.elementAt(index))).longValue();
-            cert = (X509Certificate)mNonces.get(nonce);
+            long nonce = ((Long) (mNonceList.elementAt(index))).longValue();
+            cert = (X509Certificate) mNonces.get(nonce);
         }
         return cert;
     }
@@ -95,17 +94,16 @@ public class Nonces  {
     public long getNonce(int index) {
         long nonce = 0;
         if (index >= 0 && index < mNonceList.size()) {
-            nonce = ((Long)(mNonceList.elementAt(index))).longValue();
+            nonce = ((Long) (mNonceList.elementAt(index))).longValue();
         }
         return nonce;
     }
 
     public void removeNonce(long nonce) {
-        mNonceList.remove((Object)nonce);
-        mNonces.remove((Object)nonce);
+        mNonceList.remove((Object) nonce);
+        mNonces.remove((Object) nonce);
     }
 
-
     public int size() {
         return mNonceList.size();
     }
diff --git a/pki/base/common/src/com/netscape/certsrv/base/PasswordResources.java b/pki/base/common/src/com/netscape/certsrv/base/PasswordResources.java
index 287ce795..c3309c5f 100644
--- a/pki/base/common/src/com/netscape/certsrv/base/PasswordResources.java
+++ b/pki/base/common/src/com/netscape/certsrv/base/PasswordResources.java
@@ -17,14 +17,12 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.base;
 
-
 import java.util.ListResourceBundle;
 
-
 /**
  * A class represents a resource bundle for the password checker.
  * <p>
- *
+ * 
  * @version $Revision$, $Date$
  * @see java.util.ListResourceBundle
  */
@@ -42,4 +40,3 @@ public class PasswordResources extends ListResourceBundle {
      */
     static final Object[][] contents = {};
 }
-
diff --git a/pki/base/common/src/com/netscape/certsrv/base/Plugin.java b/pki/base/common/src/com/netscape/certsrv/base/Plugin.java
index e7001ce5..79fae88a 100644
--- a/pki/base/common/src/com/netscape/certsrv/base/Plugin.java
+++ b/pki/base/common/src/com/netscape/certsrv/base/Plugin.java
@@ -17,9 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.base;
 
-
-
-
 /**
  * This represents a generici CMS plugin.
  * <p>
@@ -41,10 +38,10 @@ public class Plugin {
         mId = id;
         mClassPath = classPath;
     }
-		
+
     /**
      * Returns the plugin identifier.
-     *
+     * 
      * @return plugin id
      */
     public String getId() {
@@ -53,7 +50,7 @@ public class Plugin {
 
     /**
      * Returns the plugin classpath.
-     *
+     * 
      * @return plugin classpath
      */
     public String getClassPath() {
diff --git a/pki/base/common/src/com/netscape/certsrv/base/SessionContext.java b/pki/base/common/src/com/netscape/certsrv/base/SessionContext.java
index 151c2420..704e46b8 100644
--- a/pki/base/common/src/com/netscape/certsrv/base/SessionContext.java
+++ b/pki/base/common/src/com/netscape/certsrv/base/SessionContext.java
@@ -17,22 +17,19 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.base;
 
-
 import java.util.Hashtable;
 
-
 /**
- * This class specifies the context object that includes
- * authentication environment and connection information.
- * This object is later used in access control evaluation.
- * This is a global object that can be accessible 
- * throughout the server. It is useful for passing 
- * global and per-thread infomration in methods.
+ * This class specifies the context object that includes authentication
+ * environment and connection information. This object is later used in access
+ * control evaluation. This is a global object that can be accessible throughout
+ * the server. It is useful for passing global and per-thread infomration in
+ * methods.
  * <P>
- *
+ * 
  * @version $Revision$, $Date$
  */
-public class SessionContext extends Hashtable<Object,Object> {
+public class SessionContext extends Hashtable<Object, Object> {
 
     /**
      *
@@ -67,7 +64,7 @@ public class SessionContext extends Hashtable<Object,Object> {
     /**
      * Group ID of the authenticated user in the current thread.
      */
-    public static final String GROUP_ID = "groupid"; //String
+    public static final String GROUP_ID = "groupid"; // String
 
     /**
      * ID of the processing request in the current thread.
@@ -94,10 +91,9 @@ public class SessionContext extends Hashtable<Object,Object> {
     }
 
     /**
-     * Creates a new context and associates it with
-     * the current thread. If the current thread is
-     * also associated with a old context, the old
-     * context will be replaced.
+     * Creates a new context and associates it with the current thread. If the
+     * current thread is also associated with a old context, the old context
+     * will be replaced.
      */
     private static SessionContext createContext() {
         SessionContext sc = new SessionContext();
@@ -107,12 +103,10 @@ public class SessionContext extends Hashtable<Object,Object> {
     }
 
     /**
-     * Sets the current context. This allows the 
-     * caller to associate a specific session context 
-     * with the current thread.
-     * This methods makes custom session context
-     * possible.
-     *
+     * Sets the current context. This allows the caller to associate a specific
+     * session context with the current thread. This methods makes custom
+     * session context possible.
+     * 
      * @param sc session context
      */
     public static void setContext(SessionContext sc) {
@@ -120,10 +114,9 @@ public class SessionContext extends Hashtable<Object,Object> {
     }
 
     /**
-     * Retrieves the session context associated with 
-     * the current thread. If no context is associated,
-     * a context is created.
-     *
+     * Retrieves the session context associated with the current thread. If no
+     * context is associated, a context is created.
+     * 
      * @return sesssion context
      */
     public static SessionContext getContext() {
@@ -137,15 +130,14 @@ public class SessionContext extends Hashtable<Object,Object> {
     }
 
     /**
-     * Retrieves the session context associated with 
-     * the current thread. If no context is associated,
-     * null is returned.
-     *
+     * Retrieves the session context associated with the current thread. If no
+     * context is associated, null is returned.
+     * 
      * @return sesssion context
      */
     public static SessionContext getExistingContext() {
         SessionContext sc = (SessionContext)
-            mContexts.get(Thread.currentThread());
+                mContexts.get(Thread.currentThread());
 
         if (sc == null) {
             return null;
diff --git a/pki/base/common/src/com/netscape/certsrv/ca/CAResources.java b/pki/base/common/src/com/netscape/certsrv/ca/CAResources.java
index 4510c46b..162a8832 100644
--- a/pki/base/common/src/com/netscape/certsrv/ca/CAResources.java
+++ b/pki/base/common/src/com/netscape/certsrv/ca/CAResources.java
@@ -17,14 +17,12 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.ca;
 
-
 import java.util.ListResourceBundle;
 
-
 /**
  * A class represents a resource bundle for CA subsystem.
  * <P>
- *
+ * 
  * @version $Revision$ $Date$
  */
 public class CAResources extends ListResourceBundle {
@@ -37,8 +35,7 @@ public class CAResources extends ListResourceBundle {
     }
 
     /**
-     * Constants. The suffix represents the number of
-     * possible parameters.
+     * Constants. The suffix represents the number of possible parameters.
      */
     static final Object[][] contents = {};
 }
diff --git a/pki/base/common/src/com/netscape/certsrv/ca/ECAException.java b/pki/base/common/src/com/netscape/certsrv/ca/ECAException.java
index 59d8847c..a530b08a 100644
--- a/pki/base/common/src/com/netscape/certsrv/ca/ECAException.java
+++ b/pki/base/common/src/com/netscape/certsrv/ca/ECAException.java
@@ -17,14 +17,12 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.ca;
 
-
 import com.netscape.certsrv.base.EBaseException;
 
-
 /**
  * A class represents a CA exception.
  * <P>
- *
+ * 
  * @version $Revision$, $Date$
  */
 public class ECAException extends EBaseException {
@@ -36,11 +34,12 @@ public class ECAException extends EBaseException {
     /**
      * CA resource class name.
      */
-    private static final String CA_RESOURCES = CAResources.class.getName();		
+    private static final String CA_RESOURCES = CAResources.class.getName();
 
     /**
      * Constructs a CA exception.
      * <P>
+     * 
      * @param msgFormat constant from CAResources.
      */
     public ECAException(String msgFormat) {
@@ -50,6 +49,7 @@ public class ECAException extends EBaseException {
     /**
      * Constructs a CA exception.
      * <P>
+     * 
      * @param msgFormat constant from CAResources.
      * @param param additional parameters to the message.
      */
@@ -60,6 +60,7 @@ public class ECAException extends EBaseException {
     /**
      * Constructs a CA exception.
      * <P>
+     * 
      * @param msgFormat constant from CAResources.
      * @param e embedded exception.
      */
@@ -70,6 +71,7 @@ public class ECAException extends EBaseException {
     /**
      * Constructs a CA exception.
      * <P>
+     * 
      * @param msgFormat constant from CAResources.
      * @param params additional parameters to the message.
      */
@@ -80,6 +82,7 @@ public class ECAException extends EBaseException {
     /**
      * Returns the bundle file name.
      * <P>
+     * 
      * @return name of bundle class associated with this exception.
      */
     protected String getBundleName() {
diff --git a/pki/base/common/src/com/netscape/certsrv/ca/EErrorPublishCRL.java b/pki/base/common/src/com/netscape/certsrv/ca/EErrorPublishCRL.java
index 0e271c21..b4c10a0c 100644
--- a/pki/base/common/src/com/netscape/certsrv/ca/EErrorPublishCRL.java
+++ b/pki/base/common/src/com/netscape/certsrv/ca/EErrorPublishCRL.java
@@ -17,11 +17,10 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.ca;
 
-
 /**
  * A class represents a CA exception associated with publishing error.
  * <P>
- *
+ * 
  * @version $Revision$ $Date$
  */
 public class EErrorPublishCRL extends ECAException {
@@ -34,9 +33,10 @@ public class EErrorPublishCRL extends ECAException {
     /**
      * Constructs a CA exception caused by publishing error.
      * <P>
+     * 
      * @param errorString Detailed error message.
      */
     public EErrorPublishCRL(String errorString) {
-        super(errorString); 
+        super(errorString);
     }
 }
diff --git a/pki/base/common/src/com/netscape/certsrv/ca/ICAService.java b/pki/base/common/src/com/netscape/certsrv/ca/ICAService.java
index cac6fc75..ad980384 100644
--- a/pki/base/common/src/com/netscape/certsrv/ca/ICAService.java
+++ b/pki/base/common/src/com/netscape/certsrv/ca/ICAService.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.ca;
 
-
 import netscape.security.x509.RevokedCertImpl;
 import netscape.security.x509.X509CertImpl;
 import netscape.security.x509.X509CertInfo;
@@ -27,11 +26,10 @@ import com.netscape.certsrv.base.IConfigStore;
 import com.netscape.certsrv.connector.IConnector;
 import com.netscape.certsrv.request.IRequest;
 
-
 /**
  * An interface representing a CA request services.
  * <P>
- *
+ * 
  * @version $Revision$, $Date$
  */
 public interface ICAService {
@@ -39,54 +37,55 @@ public interface ICAService {
     /**
      * Marks certificate record as revoked by adding revocation information.
      * Updates CRL cache.
-     *
+     * 
      * @param crlentry revocation information obtained from revocation request
      * @exception EBaseException failed to mark certificate record as revoked
      */
     public void revokeCert(RevokedCertImpl crlentry)
-        throws EBaseException;
+            throws EBaseException;
 
     /**
      * Marks certificate record as revoked by adding revocation information.
      * Updates CRL cache.
-     *
+     * 
      * @param crlentry revocation information obtained from revocation request
      * @param requestId revocation request id
      * @exception EBaseException failed to mark certificate record as revoked
      */
     public void revokeCert(RevokedCertImpl crlentry, String requestId)
-        throws EBaseException;
+            throws EBaseException;
 
     /**
-     * Issues certificate base on enrollment information,
-     * creates certificate record, and stores all necessary data.
-     *
+     * Issues certificate base on enrollment information, creates certificate
+     * record, and stores all necessary data.
+     * 
      * @param certi information obtain from revocation request
-     * @exception EBaseException failed to issue certificate or create certificate record
+     * @exception EBaseException failed to issue certificate or create
+     *                certificate record
      */
     public X509CertImpl issueX509Cert(X509CertInfo certi)
-        throws EBaseException;
+            throws EBaseException;
 
     public X509CertImpl issueX509Cert(X509CertInfo certi, String profileId, String rid)
-        throws EBaseException;
+            throws EBaseException;
 
     /**
      * Services profile request.
-     *
+     * 
      * @param request profile enrollment request information
      * @exception EBaseException failed to service profile enrollment request
      */
     public void serviceProfileRequest(IRequest request)
-        throws EBaseException;
+            throws EBaseException;
 
     /**
      * Returns KRA-CA connector.
-     *
+     * 
      * @return KRA-CA connector
      */
     public IConnector getKRAConnector();
 
     public void setKRAConnector(IConnector c);
 
-    public IConnector getConnector(IConfigStore cs)  throws EBaseException;
+    public IConnector getConnector(IConfigStore cs) throws EBaseException;
 }
diff --git a/pki/base/common/src/com/netscape/certsrv/ca/ICMSCRLExtension.java b/pki/base/common/src/com/netscape/certsrv/ca/ICMSCRLExtension.java
index edaea59c..afc7bb3f 100644
--- a/pki/base/common/src/com/netscape/certsrv/ca/ICMSCRLExtension.java
+++ b/pki/base/common/src/com/netscape/certsrv/ca/ICMSCRLExtension.java
@@ -17,58 +17,55 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.ca;
 
-
 import netscape.security.x509.Extension;
 
 import com.netscape.certsrv.base.IConfigStore;
 import com.netscape.certsrv.common.NameValuePairs;
 
-
 /**
  * An interface representing a CRL extension plugin.
  * <P>
- *
+ * 
  * @version $Revision$, $Date$
  */
 public interface ICMSCRLExtension {
 
     /**
      * Returns CRL extension OID string.
-     *
+     * 
      * @return OID of CRL extension
      */
     public String getCRLExtOID();
 
     /**
-     * Sets extension criticality and returns extension
-     * with new criticality.
-     *
+     * Sets extension criticality and returns extension with new criticality.
+     * 
      * @param ext CRL extension that will change criticality
      * @param critical new criticality to be assigned to CRL extension
      * @return extension with new criticality
      */
     Extension setCRLExtensionCriticality(Extension ext,
-        boolean critical);
+            boolean critical);
 
     /**
-     * Builds new CRL extension based on configuration data,
-     * issuing point information, and criticality.
-     *
+     * Builds new CRL extension based on configuration data, issuing point
+     * information, and criticality.
+     * 
      * @param config configuration store
      * @param crlIssuingPoint CRL issuing point
      * @param critical criticality to be assigned to CRL extension
      * @return extension new CRL extension
      */
     Extension getCRLExtension(IConfigStore config,
-        Object crlIssuingPoint,
-        boolean critical);
+            Object crlIssuingPoint,
+            boolean critical);
 
     /**
      * Reads configuration data and converts them to name value pairs.
-     *
+     * 
      * @param config configuration store
-     * @param nvp name value pairs obtained from configuration data 
+     * @param nvp name value pairs obtained from configuration data
      */
     public void getConfigParams(IConfigStore config,
-        NameValuePairs nvp);
-} 
+            NameValuePairs nvp);
+}
diff --git a/pki/base/common/src/com/netscape/certsrv/ca/ICMSCRLExtensions.java b/pki/base/common/src/com/netscape/certsrv/ca/ICMSCRLExtensions.java
index f6df2226..f5d3ab7f 100644
--- a/pki/base/common/src/com/netscape/certsrv/ca/ICMSCRLExtensions.java
+++ b/pki/base/common/src/com/netscape/certsrv/ca/ICMSCRLExtensions.java
@@ -17,23 +17,21 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.ca;
 
-
 import com.netscape.certsrv.base.IConfigStore;
 import com.netscape.certsrv.common.NameValuePairs;
 
-
 /**
  * An interface representing a list of CRL extensions.
  * <P>
- *
+ * 
  * @version $Revision$, $Date$
  */
 public interface ICMSCRLExtensions {
 
     /**
-     * Updates configuration store for extension identified by id
-     * with data delivered in name value pairs.
-     *
+     * Updates configuration store for extension identified by id with data
+     * delivered in name value pairs.
+     * 
      * @param id extension id
      * @param nvp name value pairs with new configuration data
      * @param config configuration store
@@ -42,7 +40,7 @@ public interface ICMSCRLExtensions {
 
     /**
      * Reads configuration data and returns them as name value pairs.
-     *
+     * 
      * @param id extension id
      * @return name value pairs with configuration data
      */
@@ -50,10 +48,9 @@ public interface ICMSCRLExtensions {
 
     /**
      * Returns class name with its path.
-     *
+     * 
      * @param name extension id
      * @return class name with its path
      */
     public String getClassPath(String name);
 }
-
diff --git a/pki/base/common/src/com/netscape/certsrv/ca/ICRLIssuingPoint.java b/pki/base/common/src/com/netscape/certsrv/ca/ICRLIssuingPoint.java
index dab45fdb..e4ca5d6e 100644
--- a/pki/base/common/src/com/netscape/certsrv/ca/ICRLIssuingPoint.java
+++ b/pki/base/common/src/com/netscape/certsrv/ca/ICRLIssuingPoint.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.ca;
 
-
 import java.math.BigInteger;
 import java.util.Date;
 import java.util.Set;
@@ -34,19 +33,17 @@ import com.netscape.certsrv.base.ISubsystem;
 import com.netscape.certsrv.common.NameValuePairs;
 import com.netscape.certsrv.dbs.IElementProcessor;
 
-
 /**
- * This class encapsulates CRL issuing mechanism. CertificateAuthority 
- * contains a map of CRLIssuingPoint indexed by string ids. Each issuing 
- * point contains information about CRL issuing and publishing parameters 
- * as well as state information which includes last issued CRL, next CRL 
- * serial number, time of the next update etc. 
- * If autoUpdateInterval is set to non-zero value then worker thread 
- * is created that will perform CRL update at scheduled intervals. Update 
- * can also be triggered by invoking updateCRL method directly. Another 
- * parameter minUpdateInterval can be used to prevent CRL
- * from being updated too often
- *
+ * This class encapsulates CRL issuing mechanism. CertificateAuthority contains
+ * a map of CRLIssuingPoint indexed by string ids. Each issuing point contains
+ * information about CRL issuing and publishing parameters as well as state
+ * information which includes last issued CRL, next CRL serial number, time of
+ * the next update etc. If autoUpdateInterval is set to non-zero value then
+ * worker thread is created that will perform CRL update at scheduled intervals.
+ * Update can also be triggered by invoking updateCRL method directly. Another
+ * parameter minUpdateInterval can be used to prevent CRL from being updated too
+ * often
+ * 
  * @version $Revision$, $Date$
  */
 
@@ -75,151 +72,151 @@ public interface ICRLIssuingPoint {
 
     /**
      * Returns true if CRL issuing point is enabled.
-     *
+     * 
      * @return true if CRL issuing point is enabled
      */
     public boolean isCRLIssuingPointEnabled();
 
     /**
      * Returns true if CRL generation is enabled.
-     *
+     * 
      * @return true if CRL generation is enabled
      */
     public boolean isCRLGenerationEnabled();
 
     /**
      * Enables or disables CRL issuing point according to parameter.
-     *
+     * 
      * @param enable if true enables CRL issuing point
      */
     public void enableCRLIssuingPoint(boolean enable);
 
     /**
      * Returns CRL update status.
-     *
+     * 
      * @return CRL update status
      */
     public String getCrlUpdateStatusStr();
 
     /**
      * Returns CRL update error.
-     *
+     * 
      * @return CRL update error
      */
     public String getCrlUpdateErrorStr();
 
     /**
      * Returns CRL publishing status.
-     *
+     * 
      * @return CRL publishing status
      */
     public String getCrlPublishStatusStr();
 
     /**
      * Returns CRL publishing error.
-     *
+     * 
      * @return CRL publishing error
      */
     public String getCrlPublishErrorStr();
 
     /**
      * Returns CRL issuing point initialization status.
-     *
+     * 
      * @return status of CRL issuing point initialization
      */
     public int isCRLIssuingPointInitialized();
 
     /**
      * Checks if manual update is set.
-     *
+     * 
      * @return true if manual update is set
      */
     public boolean isManualUpdateSet();
 
     /**
      * Checks if expired certificates are included in CRL.
-     *
+     * 
      * @return true if expired certificates are included in CRL
      */
     public boolean areExpiredCertsIncluded();
 
     /**
      * Checks if CRL includes CA certificates only.
-     *
+     * 
      * @return true if CRL includes CA certificates only
      */
     public boolean isCACertsOnly();
 
     /**
      * Checks if CRL includes profile certificates only.
-     *
+     * 
      * @return true if CRL includes profile certificates only
      */
     public boolean isProfileCertsOnly();
 
     /**
      * Checks if CRL issuing point includes this profile.
-     *
+     * 
      * @return true if CRL issuing point includes this profile
      */
     public boolean checkCurrentProfile(String id);
 
     /**
      * Initializes CRL issuing point.
-     *
-     * @param ca certificate authority that holds CRL issuing point 
+     * 
+     * @param ca certificate authority that holds CRL issuing point
      * @param id CRL issuing point id
      * @param config configuration sub-store for CRL issuing point
      * @exception EBaseException thrown if initialization failed
      */
-    public void init(ISubsystem ca, String id, IConfigStore config) 
-        throws EBaseException;
+    public void init(ISubsystem ca, String id, IConfigStore config)
+            throws EBaseException;
 
     /**
-     * This method is called during shutdown.
-     * It updates CRL cache and stops thread controlling CRL updates.
+     * This method is called during shutdown. It updates CRL cache and stops
+     * thread controlling CRL updates.
      */
     public void shutdown();
 
     /**
      * Returns internal id of this CRL issuing point.
-     *
+     * 
      * @return internal id of this CRL issuing point
      */
     public String getId();
 
     /**
      * Returns internal description of this CRL issuing point.
-     *
+     * 
      * @return internal description of this CRL issuing point
      */
     public String getDescription();
 
     /**
      * Sets internal description of this CRL issuing point.
-     *
+     * 
      * @param description description for this CRL issuing point.
      */
     public void setDescription(String description);
 
     /**
-     * Returns DN of the directory entry where CRLs from this issuing point
-     * are published.
-     *
+     * Returns DN of the directory entry where CRLs from this issuing point are
+     * published.
+     * 
      * @return DN of the directory entry where CRLs are published.
      */
     public String getPublishDN();
 
     /**
      * Returns signing algorithm.
-     *
+     * 
      * @return signing algorithm
      */
     public String getSigningAlgorithm();
 
     /**
      * Returns signing algorithm used in last signing operation..
-     *
+     * 
      * @return last signing algorithm
      */
     public String getLastSigningAlgorithm();
@@ -227,14 +224,14 @@ public interface ICRLIssuingPoint {
     /**
      * Returns current CRL generation schema for this CRL issuing point.
      * <P>
-     *
+     * 
      * @return current CRL generation schema for this CRL issuing point
      */
     public int getCRLSchema();
 
     /**
      * Returns current CRL number of this CRL issuing point.
-     *
+     * 
      * @return current CRL number of this CRL issuing point
      */
     public BigInteger getCRLNumber();
@@ -242,56 +239,56 @@ public interface ICRLIssuingPoint {
     /**
      * Returns current delta CRL number of this CRL issuing point.
      * <P>
-     *
+     * 
      * @return current delta CRL number of this CRL issuing point
      */
     public BigInteger getDeltaCRLNumber();
 
     /**
      * Returns next CRL number of this CRL issuing point.
-     *
+     * 
      * @return next CRL number of this CRL issuing point
      */
     public BigInteger getNextCRLNumber();
 
     /**
      * Returns number of entries in the current CRL.
-     *
+     * 
      * @return number of entries in the current CRL
      */
     public long getCRLSize();
 
     /**
      * Returns number of entries in delta CRL
-     *
+     * 
      * @return number of entries in delta CRL
      */
     public long getDeltaCRLSize();
 
     /**
      * Returns time of the last update.
-     *
+     * 
      * @return last CRL update time
      */
     public Date getLastUpdate();
 
     /**
      * Returns time of the next update.
-     *
+     * 
      * @return next CRL update time
      */
     public Date getNextUpdate();
 
     /**
      * Returns time of the next delta CRL update.
-     *
+     * 
      * @return next delta CRL update time
      */
     public Date getNextDeltaUpdate();
 
     /**
      * Returns all the revoked certificates from the CRL cache.
-     *
+     * 
      * @param start first requested CRL entry
      * @param end next after last requested CRL entry
      * @return set of all the revoked certificates or null if there are none.
@@ -300,92 +297,92 @@ public interface ICRLIssuingPoint {
 
     /**
      * Returns certificate authority.
-     *
+     * 
      * @return certificate authority
      */
     public ISubsystem getCertificateAuthority();
 
     /**
-     * Schedules immediate CRL manual-update
-     * and sets signature algorithm to be used for signing.
-     *
+     * Schedules immediate CRL manual-update and sets signature algorithm to be
+     * used for signing.
+     * 
      * @param signatureAlgorithm signature algorithm to be used for signing
      */
-    public  void setManualUpdate(String signatureAlgorithm);
+    public void setManualUpdate(String signatureAlgorithm);
 
     /**
      * Returns auto update interval in milliseconds.
-     *
+     * 
      * @return auto update interval in milliseconds
      */
     public long getAutoUpdateInterval();
 
     /**
-     * Returns true if CRL is updated for every change
-     * of revocation status of any certificate.
-     *
+     * Returns true if CRL is updated for every change of revocation status of
+     * any certificate.
+     * 
      * @return true if CRL update is always triggered by revocation operation
      */
     public boolean getAlwaysUpdate();
 
     /**
      * Returns next update grace period in minutes.
-     *
+     * 
      * @return next update grace period in minutes
      */
     public long getNextUpdateGracePeriod();
 
     /**
-     * Returns filter used to build CRL based on information stored
-     * in local directory.
-     *
+     * Returns filter used to build CRL based on information stored in local
+     * directory.
+     * 
      * @return filter used to search local directory
      */
     public String getFilter();
 
     /**
-     * Builds a list of revoked certificates to put them into CRL.
-     * Calls certificate record processor to get necessary data
-     * from certificate records.
-     * This also regenerates CRL cache.
-     *
+     * Builds a list of revoked certificates to put them into CRL. Calls
+     * certificate record processor to get necessary data from certificate
+     * records. This also regenerates CRL cache.
+     * 
      * @param cp certificate record processor
      * @exception EBaseException if an error occurred in the database.
      */
     public void processRevokedCerts(IElementProcessor cp)
-        throws EBaseException;
+            throws EBaseException;
 
     /**
-     * Returns date of revoked certificate or null
-     * if certificated is not listed as revoked.
-     *
+     * Returns date of revoked certificate or null if certificated is not listed
+     * as revoked.
+     * 
      * @param serialNumber serial number of certificate to be checked
-     * @param checkDeltaCache true if delta CRL cache suppose to be
-     *        included in checking process
+     * @param checkDeltaCache true if delta CRL cache suppose to be included in
+     *            checking process
      * @param includeExpiredCerts true if delta CRL cache with expired
-     *        certificates suppose to be included in checking process
+     *            certificates suppose to be included in checking process
      * @return date of revoked certificate or null
      */
     public Date getRevocationDateFromCache(BigInteger serialNumber,
                                            boolean checkDeltaCache,
                                            boolean includeExpiredCerts);
+
     /**
      * Returns split times from CRL generation.
-     *
+     * 
      * @return split times from CRL generation in milliseconds
      */
     public Vector<Long> getSplitTimes();
 
     /**
-     * Generates CRL now based on cache or local directory if cache
-     * is not available. It also publishes CRL if it is required.
-     *
+     * Generates CRL now based on cache or local directory if cache is not
+     * available. It also publishes CRL if it is required.
+     * 
      * @param signingAlgorithm signing algorithm to be used for CRL signing
-     * @exception EBaseException if an error occurred during
-     *            CRL generation or publishing
+     * @exception EBaseException if an error occurred during CRL generation or
+     *                publishing
      */
-    public  void updateCRLNow(String signingAlgorithm)
-        throws EBaseException;
+    public void updateCRLNow(String signingAlgorithm)
+            throws EBaseException;
 
     /**
      * Clears CRL cache
@@ -399,29 +396,29 @@ public interface ICRLIssuingPoint {
 
     /**
      * Returns number of recently revoked certificates.
-     *
+     * 
      * @return number of recently revoked certificates
      */
     public int getNumberOfRecentlyRevokedCerts();
 
     /**
      * Returns number of recently unrevoked certificates.
-     *
+     * 
      * @return number of recently unrevoked certificates
      */
     public int getNumberOfRecentlyUnrevokedCerts();
 
     /**
      * Returns number of recently expired and revoked certificates.
-     *
+     * 
      * @return number of recently expired and revoked certificates
      */
     public int getNumberOfRecentlyExpiredCerts();
 
     /**
-     * Converts list of extensions supplied by revocation request
-     * to list of extensions required to be placed in CRL.
-     *
+     * Converts list of extensions supplied by revocation request to list of
+     * extensions required to be placed in CRL.
+     * 
      * @param exts list of extensions supplied by revocation request
      * @return list of extensions required to be placed in CRL
      */
@@ -429,7 +426,7 @@ public interface ICRLIssuingPoint {
 
     /**
      * Adds revoked certificate to delta-CRL cache.
-     *
+     * 
      * @param serialNumber serial number of revoked certificate
      * @param revokedCert revocation information supplied by revocation request
      */
@@ -437,7 +434,7 @@ public interface ICRLIssuingPoint {
 
     /**
      * Adds revoked certificate to delta-CRL cache.
-     *
+     * 
      * @param serialNumber serial number of revoked certificate
      * @param revokedCert revocation information supplied by revocation request
      * @param requestId revocation request id
@@ -447,14 +444,14 @@ public interface ICRLIssuingPoint {
 
     /**
      * Adds unrevoked certificate to delta-CRL cache.
-     *
+     * 
      * @param serialNumber serial number of unrevoked certificate
      */
     public void addUnrevokedCert(BigInteger serialNumber);
 
     /**
      * Adds unrevoked certificate to delta-CRL cache.
-     *
+     * 
      * @param serialNumber serial number of unrevoked certificate
      * @param requestId unrevocation request id
      */
@@ -462,7 +459,7 @@ public interface ICRLIssuingPoint {
 
     /**
      * Adds expired and revoked certificate to delta-CRL cache.
-     *
+     * 
      * @param serialNumber serial number of expired and revoked certificate
      */
     public void addExpiredCert(BigInteger serialNumber);
@@ -473,9 +470,9 @@ public interface ICRLIssuingPoint {
     public void updateCRLCacheRepository();
 
     /**
-     * Updates issuing point configuration according to supplied data
-     * in name value pairs.
-     *
+     * Updates issuing point configuration according to supplied data in name
+     * value pairs.
+     * 
      * @param params name value pairs defining new issuing point configuration
      * @return true if configuration is updated successfully
      */
@@ -483,35 +480,35 @@ public interface ICRLIssuingPoint {
 
     /**
      * Returns true if delta-CRL is enabled.
-     *
+     * 
      * @return true if delta-CRL is enabled
      */
     public boolean isDeltaCRLEnabled();
 
     /**
      * Returns true if CRL cache is enabled.
-     *
+     * 
      * @return true if CRL cache is enabled
      */
     public boolean isCRLCacheEnabled();
 
     /**
      * Returns true if CRL cache is empty.
-     *
+     * 
      * @return true if CRL cache is empty
      */
     public boolean isCRLCacheEmpty();
 
     /**
      * Returns true if CRL cache testing is enabled.
-     *
+     * 
      * @return true if CRL cache testing is enabled
      */
     public boolean isCRLCacheTestingEnabled();
 
     /**
      * Returns true if supplied delta-CRL is matching current delta-CRL.
-     *
+     * 
      * @param deltaCRL delta-CRL to verify against current delta-CRL
      * @return true if supplied delta-CRL is matching current delta-CRL
      */
@@ -519,27 +516,26 @@ public interface ICRLIssuingPoint {
 
     /**
      * Returns status of CRL generation.
-     *
+     * 
      * @return one of the following according to CRL generation status:
      *         CRL_UPDATE_DONE, CRL_UPDATE_STARTED, and CRL_PUBLISHING_STARTED
      */
     public int isCRLUpdateInProgress();
 
     /**
-     * Generates CRL now based on cache or local directory if cache
-     * is not available. It also publishes CRL if it is required.
-     * CRL is signed by default signing algorithm. 
-     *
-     * @exception EBaseException if an error occurred during
-     *            CRL generation or publishing
+     * Generates CRL now based on cache or local directory if cache is not
+     * available. It also publishes CRL if it is required. CRL is signed by
+     * default signing algorithm.
+     * 
+     * @exception EBaseException if an error occurred during CRL generation or
+     *                publishing
      */
-    public  void updateCRLNow() throws EBaseException;
+    public void updateCRLNow() throws EBaseException;
 
     /**
      * Returns list of CRL extensions.
-     *
+     * 
      * @return list of CRL extensions
      */
     public ICMSCRLExtensions getCRLExtensions();
 }
-
diff --git a/pki/base/common/src/com/netscape/certsrv/ca/ICertificateAuthority.java b/pki/base/common/src/com/netscape/certsrv/ca/ICertificateAuthority.java
index d86a37dd..9429d1c3 100644
--- a/pki/base/common/src/com/netscape/certsrv/ca/ICertificateAuthority.java
+++ b/pki/base/common/src/com/netscape/certsrv/ca/ICertificateAuthority.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.ca;
 
-
 import java.util.Enumeration;
 
 import netscape.security.x509.CertificateChain;
@@ -29,7 +28,6 @@ import netscape.security.x509.X509CertInfo;
 
 import org.mozilla.jss.crypto.SignatureAlgorithm;
 
-
 import com.netscape.certsrv.base.EBaseException;
 import com.netscape.certsrv.base.IConfigStore;
 import com.netscape.certsrv.base.ISubsystem;
@@ -45,12 +43,11 @@ import com.netscape.certsrv.request.IRequestQueue;
 import com.netscape.certsrv.request.IService;
 import com.netscape.certsrv.security.ISigningUnit;
 
-
 /**
- * An interface represents a Certificate Authority that is
- * responsible for certificate specific operations.
+ * An interface represents a Certificate Authority that is responsible for
+ * certificate specific operations.
  * <P>
- *
+ * 
  * @version $Revision$, $Date$
  */
 public interface ICertificateAuthority extends ISubsystem {
@@ -78,7 +75,7 @@ public interface ICertificateAuthority extends ISubsystem {
     public final static String PROP_DEF_VALIDITY = "DefaultIssueValidity";
     public final static String PROP_FAST_SIGNING = "fastSigning";
     public static final String PROP_ENABLE_ADMIN_ENROLL =
-        "enableAdminEnroll";
+            "enableAdminEnroll";
 
     public final static String PROP_CRL_SUBSTORE = "crl";
     // make this public so agent gateway can access for now.
@@ -86,9 +83,9 @@ public interface ICertificateAuthority extends ISubsystem {
     public final static String PROP_MASTER_CRL = "MasterCRL";
     public final static String PROP_CRLEXT_SUBSTORE = "extension";
     public final static String PROP_ISSUING_CLASS =
-        "com.netscape.cmscore.ca.CRLIssuingPoint";
+            "com.netscape.cmscore.ca.CRLIssuingPoint";
     public final static String PROP_EXPIREDCERTS_CLASS =
-        "com.netscape.cmscore.ca.CRLWithExpiredCerts";
+            "com.netscape.cmscore.ca.CRLWithExpiredCerts";
 
     public final static String PROP_NOTIFY_SUBSTORE = "notification";
     public final static String PROP_CERT_ISSUED_SUBSTORE = "certIssued";
@@ -109,67 +106,68 @@ public interface ICertificateAuthority extends ISubsystem {
     public final static String PROP_ID = "id";
 
     public final static String PROP_CERTDB_TRANS_MAXRECORDS = "transitMaxRecords";
-    public final static String PROP_CERTDB_TRANS_PAGESIZE   =  "transitRecordPageSize"; 
+    public final static String PROP_CERTDB_TRANS_PAGESIZE = "transitRecordPageSize";
 
     /**
-     * Retrieves the certificate repository where all the locally
-     * issued certificates are kept.
-     *
+     * Retrieves the certificate repository where all the locally issued
+     * certificates are kept.
+     * 
      * @return CA's certificate repository
      */
     public ICertificateRepository getCertificateRepository();
 
     /**
      * Retrieves the request queue of this certificate authority.
-     *
+     * 
      * @return CA's request queue
      */
     public IRequestQueue getRequestQueue();
 
     /**
      * Retrieves the policy processor of this certificate authority.
-     *
+     * 
      * @return CA's policy processor
      */
     public IPolicyProcessor getPolicyProcessor();
 
     public boolean noncesEnabled();
-    public Nonces  getNonces();
+
+    public Nonces getNonces();
 
     /**
      * Retrieves the publishing processor of this certificate authority.
-     *
+     * 
      * @return CA's publishing processor
      */
     public IPublisherProcessor getPublisherProcessor();
 
     /**
      * Retrieves the next available serial number.
-     *
+     * 
      * @return next available serial number
      */
     public String getStartSerial();
 
     /**
      * Sets the next available serial number.
-     *
+     * 
      * @param serial next available serial number
      * @exception EBaseException failed to set next available serial number
      */
     public void setStartSerial(String serial) throws EBaseException;
 
     /**
-     * Retrieves the last serial number that can be used for 
-     * certificate issuance in this certificate authority.
-     *
+     * Retrieves the last serial number that can be used for certificate
+     * issuance in this certificate authority.
+     * 
      * @return the last serial number
      */
     public String getMaxSerial();
 
     /**
-     * Sets the last serial number that can be used for 
-     * certificate issuance in this certificate authority.
-     *
+     * Sets the last serial number that can be used for certificate issuance in
+     * this certificate authority.
+     * 
      * @param serial the last serial number
      * @exception EBaseException failed to set the last serial number
      */
@@ -177,21 +175,21 @@ public interface ICertificateAuthority extends ISubsystem {
 
     /**
      * Retrieves the default signature algorithm of this certificate authority.
-     *
+     * 
      * @return the default signature algorithm of this CA
      */
     public SignatureAlgorithm getDefaultSignatureAlgorithm();
 
     /**
      * Retrieves the default signing algorithm of this certificate authority.
-     *
+     * 
      * @return the default signing algorithm of this CA
      */
     public String getDefaultAlgorithm();
 
     /**
      * Sets the default signing algorithm of this certificate authority.
-     *
+     * 
      * @param algorithm new default signing algorithm
      * @exception EBaseException failed to set the default signing algorithm
      */
@@ -199,38 +197,38 @@ public interface ICertificateAuthority extends ISubsystem {
 
     /**
      * Retrieves the supported signing algorithms of this certificate authority.
-     *
+     * 
      * @return the supported signing algorithms of this CA
      */
     public String[] getCASigningAlgorithms();
 
     /**
-     * Allows certificates to have validities that are longer
-     * than this certificate authority's.
-     *
-     * @param enableCAPast if equals "true", it allows certificates
-     * to have validity longer than CA's certificate validity
+     * Allows certificates to have validities that are longer than this
+     * certificate authority's.
+     * 
+     * @param enableCAPast if equals "true", it allows certificates to have
+     *            validity longer than CA's certificate validity
      * @exception EBaseException failed to set above option
      */
-    public void setValidity(String enableCAPast) throws EBaseException; 
+    public void setValidity(String enableCAPast) throws EBaseException;
 
     /**
      * Retrieves the default validity period.
-     *
+     * 
      * @return the default validity length in days
      */
     public long getDefaultValidity();
 
     /**
      * Retrieves all the CRL issuing points.
-     *
+     * 
      * @return enumeration of all the CRL issuing points
      */
     public Enumeration<ICRLIssuingPoint> getCRLIssuingPoints();
 
     /**
      * Retrieves CRL issuing point with the given identifier.
-     *
+     * 
      * @param id CRL issuing point id
      * @return CRL issuing point with given id
      */
@@ -238,7 +236,7 @@ public interface ICertificateAuthority extends ISubsystem {
 
     /**
      * Adds CRL issuing point with the given identifier and description.
-     *
+     * 
      * @param crlSubStore sub-store with all CRL issuing points
      * @param id CRL issuing point id
      * @param description CRL issuing point description
@@ -249,7 +247,7 @@ public interface ICertificateAuthority extends ISubsystem {
 
     /**
      * Deletes CRL issuing point with the given identifier.
-     *
+     * 
      * @param crlSubStore sub-store with all CRL issuing points
      * @param id CRL issuing point id
      */
@@ -257,122 +255,122 @@ public interface ICertificateAuthority extends ISubsystem {
 
     /**
      * Retrieves the CRL repository.
-     *
+     * 
      * @return CA's CRL repository
      */
     public ICRLRepository getCRLRepository();
 
     /**
      * Retrieves the Replica ID repository.
-     *
+     * 
      * @return CA's Replica ID repository
      */
     public IReplicaIDRepository getReplicaRepository();
 
     /**
      * Retrieves the request in queue listener.
-     *
+     * 
      * @return the request in queue listener
      */
     public IRequestListener getRequestInQListener();
 
     /**
      * Retrieves all request listeners.
-     *
+     * 
      * @return name enumeration of all request listeners
      */
-    public Enumeration<String>  getRequestListenerNames();
+    public Enumeration<String> getRequestListenerNames();
 
     /**
      * Retrieves the request listener for issued certificates.
-     *
+     * 
      * @return the request listener for issued certificates
      */
     public IRequestListener getCertIssuedListener();
 
     /**
      * Retrieves the request listener for revoked certificates.
-     *
+     * 
      * @return the request listener for revoked certificates
      */
     public IRequestListener getCertRevokedListener();
 
     /**
      * Retrieves the CA certificate chain.
-     *
+     * 
      * @return the CA certificate chain
      */
-    public CertificateChain getCACertChain(); 
+    public CertificateChain getCACertChain();
 
     /**
      * Retrieves the CA certificate.
-     *
+     * 
      * @return the CA certificate
      */
     public org.mozilla.jss.crypto.X509Certificate getCaX509Cert();
 
     /**
      * Retrieves the CA certificate.
-     *
+     * 
      * @return the CA certificate
      */
     public X509CertImpl getCACert();
 
     /**
      * Updates the CRL immediately for MasterCRL issuing point if it exists.
-     *
+     * 
      * @exception EBaseException failed to create or publish CRL
      */
     public void updateCRLNow() throws EBaseException;
 
     /**
      * Publishes the CRL immediately for MasterCRL issuing point if it exists.
-     *
+     * 
      * @exception EBaseException failed to publish CRL
      */
     public void publishCRLNow() throws EBaseException;
 
     /**
-     * Retrieves the signing unit that manages the CA signing key for
-     * signing certificates.
-     *
+     * Retrieves the signing unit that manages the CA signing key for signing
+     * certificates.
+     * 
      * @return the CA signing unit for certificates
      */
     public ISigningUnit getSigningUnit();
 
     /**
-     * Retrieves the signing unit that manages the CA signing key for
-     * signing CRL.
-     *
+     * Retrieves the signing unit that manages the CA signing key for signing
+     * CRL.
+     * 
      * @return the CA signing unit for CRLs
      */
     public ISigningUnit getCRLSigningUnit();
 
     /**
-     * Retrieves the signing unit that manages the CA signing key for
-     * signing OCSP response.
-     *
+     * Retrieves the signing unit that manages the CA signing key for signing
+     * OCSP response.
+     * 
      * @return the CA signing unit for OCSP responses
      */
     public ISigningUnit getOCSPSigningUnit();
 
     /**
      * Sets the maximium path length in the basic constraint extension.
-     *
+     * 
      * @param num the maximium path length
      */
     public void setBasicConstraintMaxLen(int num);
 
     /**
      * Is this a clone CA?
-     *
+     * 
      * @return true if this is a clone CA
      */
     public boolean isClone();
 
     /**
      * Retrieves the request listener by name.
-     *
+     * 
      * @param name request listener name
      * @return the request listener
      */
@@ -382,17 +380,17 @@ public interface ICertificateAuthority extends ISubsystem {
      * get request notifier
      */
     public IRequestNotifier getRequestNotifier();
-   
+
     /**
      * Registers a request listener.
-     *
+     * 
      * @param listener request listener to be registered
      */
     public void registerRequestListener(IRequestListener listener);
 
     /**
      * Registers a request listener.
-     *
+     * 
      * @param name under request listener is going to be registered
      * @param listener request listener to be registered
      */
@@ -400,32 +398,32 @@ public interface ICertificateAuthority extends ISubsystem {
 
     /**
      * Retrieves the issuer name of this certificate authority.
-     *
+     * 
      * @return the issuer name of this certificate authority
      */
     public X500Name getX500Name();
 
     /**
      * Retrieves the issuer name of this certificate authority issuing point.
-     *
+     * 
      * @return the issuer name of this certificate authority issuing point
      */
-    public X500Name getCRLX500Name(); 
+    public X500Name getCRLX500Name();
 
     /**
      * Signs the given CRL with the specific algorithm.
-     *
+     * 
      * @param crl CRL to be signed
      * @param algname algorithm used for signing
      * @return signed CRL
      * @exception EBaseException failed to sign CRL
      */
     public X509CRLImpl sign(X509CRLImpl crl, String algname)
-        throws EBaseException;
+            throws EBaseException;
 
     /**
      * Logs a message to this certificate authority.
-     *
+     * 
      * @param level logging level
      * @param msg logged message
      */
@@ -433,72 +431,71 @@ public interface ICertificateAuthority extends ISubsystem {
 
     /**
      * Returns the nickname for the CA signing certificate.
-     *
+     * 
      * @return the nickname for the CA signing certificate
      */
     public String getNickname();
 
     /**
      * Signs a X.509 certificate template.
-     *
+     * 
      * @param certInfo X.509 certificate template
      * @param algname algorithm used for signing
      * @return signed certificate
      * @exception EBaseException failed to sign certificate
      */
     public X509CertImpl sign(X509CertInfo certInfo, String algname)
-        throws EBaseException;
+            throws EBaseException;
 
     /**
      * Retrieves the default certificate version.
-     *
+     * 
      * @return the default version certificate
      */
     public CertificateVersion getDefaultCertVersion();
 
     /**
-     * Is this CA allowed to issue certificate that has longer
-     * validty than the CA's.
-     *
+     * Is this CA allowed to issue certificate that has longer validty than the
+     * CA's.
+     * 
      * @return true if allows certificates to have validity longer than CA's
      */
     public boolean isEnablePastCATime();
 
     /**
-     * Retrieves the CA service object that is responsible for
-     * processing requests.
-     *
+     * Retrieves the CA service object that is responsible for processing
+     * requests.
+     * 
      * @return CA service object
      */
     public IService getCAService();
 
     /**
      * Returns the in-memory count of the processed OCSP requests.
-     *
+     * 
      * @return number of processed OCSP requests in memory
      */
     public long getNumOCSPRequest();
 
     /**
-     * Returns the in-memory time (in mini-second) of 
-     * the processed time for OCSP requests.
-     *
+     * Returns the in-memory time (in mini-second) of the processed time for
+     * OCSP requests.
+     * 
      * @return processed times for OCSP requests
      */
     public long getOCSPRequestTotalTime();
 
     /**
-     * Returns the in-memory time (in mini-second) of 
-     * the signing time for OCSP requests.
-     *
+     * Returns the in-memory time (in mini-second) of the signing time for OCSP
+     * requests.
+     * 
      * @return processed times for OCSP requests
      */
     public long getOCSPTotalSignTime();
 
     /**
-     * Returns the total data signed
-     * for OCSP requests.
-     *
+     * Returns the total data signed for OCSP requests.
+     * 
      * @return processed times for OCSP requests
      */
     public long getOCSPTotalData();
diff --git a/pki/base/common/src/com/netscape/certsrv/cert/ICrossCertPairSubsystem.java b/pki/base/common/src/com/netscape/certsrv/cert/ICrossCertPairSubsystem.java
index 653c684f..c4cea76e 100644
--- a/pki/base/common/src/com/netscape/certsrv/cert/ICrossCertPairSubsystem.java
+++ b/pki/base/common/src/com/netscape/certsrv/cert/ICrossCertPairSubsystem.java
@@ -17,45 +17,44 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.cert;
 
-
 import java.security.cert.CertificateException;
 import java.security.cert.X509Certificate;
 
 import com.netscape.certsrv.base.EBaseException;
 import com.netscape.certsrv.base.ISubsystem;
 
-
 /**
  * Interface for handling cross certs
- *
+ * 
  * @version $Revision$, $Date$
  */
 public interface ICrossCertPairSubsystem extends ISubsystem {
 
     /**
-     * "import" the CA cert cross-signed by another CA (potentially a
-     * bridge CA) into internal ldap db.
-     * If publishing is turned on, and 
-     * if matches up a pair, then publish to publishing directory
-     * otherwise, leave in internal ldap db and wait for it's matching 
-     * pair
+     * "import" the CA cert cross-signed by another CA (potentially a bridge CA)
+     * into internal ldap db. If publishing is turned on, and if matches up a
+     * pair, then publish to publishing directory otherwise, leave in internal
+     * ldap db and wait for it's matching pair
+     * 
      * @param certBytes binary byte array of the cert
-	 * @exception EBaseException when certBytes conversion to X509
-	 * certificate fails
+     * @exception EBaseException when certBytes conversion to X509 certificate
+     *                fails
      */
     public void importCert(byte[] certBytes) throws EBaseException;
 
     /**
      * publish all cert pairs, if publisher is on
-	 * @exception EBaseException when publishing fails
+     * 
+     * @exception EBaseException when publishing fails
      */
     public void publishCertPairs() throws EBaseException;
 
-	/**
-	 * convert byte array to X509Certificate
-	 * @return X509Certificate the X509Certificate class
-	 * representation of the certificate byte array
-	 * @exception CertificateException when conversion fails
-	 */
+    /**
+     * convert byte array to X509Certificate
+     * 
+     * @return X509Certificate the X509Certificate class representation of the
+     *         certificate byte array
+     * @exception CertificateException when conversion fails
+     */
     public X509Certificate byteArray2X509Cert(byte[] certBytes) throws CertificateException;
 }
diff --git a/pki/base/common/src/com/netscape/certsrv/client/IDataProcessor.java b/pki/base/common/src/com/netscape/certsrv/client/IDataProcessor.java
index 3bce367d..7f78b97e 100644
--- a/pki/base/common/src/com/netscape/certsrv/client/IDataProcessor.java
+++ b/pki/base/common/src/com/netscape/certsrv/client/IDataProcessor.java
@@ -17,18 +17,18 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.client;
 
-
 /**
- * this class represents the callback interface between
- * the client package and the data storage object (data model)
- *
+ * this class represents the callback interface between the client package and
+ * the data storage object (data model)
+ * 
  * @version $Revision$, $Date$
  */
 public interface IDataProcessor {
 
     /**
-     * This method will be callby the client package each time
-     * data object arrived from the server side.
+     * This method will be callby the client package each time data object
+     * arrived from the server side.
+     * 
      * @param data data object expected by the interface implementor
      */
     public void processData(Object data);
diff --git a/pki/base/common/src/com/netscape/certsrv/client/connection/IAuthenticator.java b/pki/base/common/src/com/netscape/certsrv/client/connection/IAuthenticator.java
index ff83cadd..0a96ee69 100644
--- a/pki/base/common/src/com/netscape/certsrv/client/connection/IAuthenticator.java
+++ b/pki/base/common/src/com/netscape/certsrv/client/connection/IAuthenticator.java
@@ -17,10 +17,9 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.client.connection;
 
-
 /**
  * An interface represents authentiator.
- *
+ * 
  * @version $Revision$, $Date$
  */
 public interface IAuthenticator {
diff --git a/pki/base/common/src/com/netscape/certsrv/client/connection/IConnection.java b/pki/base/common/src/com/netscape/certsrv/client/connection/IConnection.java
index 18bd3518..4a8166b0 100644
--- a/pki/base/common/src/com/netscape/certsrv/client/connection/IConnection.java
+++ b/pki/base/common/src/com/netscape/certsrv/client/connection/IConnection.java
@@ -22,13 +22,13 @@ import java.net.SocketException;
 
 /**
  * Interface for all connection objects.
- *
+ * 
  * @version $Revision$, $Date$
  */
 public interface IConnection {
 
     /**
-     *  Send request to the server using this connection
+     * Send request to the server using this connection
      */
     public int sendRequest(String req) throws IOException;
 
@@ -41,11 +41,10 @@ public interface IConnection {
      * Close the connection
      */
     public void disconnect();
-    
+
     /**
      * SetTimeout
      */
     public void setSoTimeout(int timeout) throws SocketException;
- 
- 
+
 }
diff --git a/pki/base/common/src/com/netscape/certsrv/client/connection/IConnectionFactory.java b/pki/base/common/src/com/netscape/certsrv/client/connection/IConnectionFactory.java
index 1542d5fa..59f06a4c 100644
--- a/pki/base/common/src/com/netscape/certsrv/client/connection/IConnectionFactory.java
+++ b/pki/base/common/src/com/netscape/certsrv/client/connection/IConnectionFactory.java
@@ -21,23 +21,23 @@ import java.io.IOException;
 import java.net.UnknownHostException;
 
 /**
- * Interface for all connection factory. Primarily act as
- * the abstraction layer for different kind of connection factory.
- *
+ * Interface for all connection factory. Primarily act as the abstraction layer
+ * for different kind of connection factory.
+ * 
  * @version $Revision$, $Date$
  */
 public interface IConnectionFactory {
 
     /**
      * Creates connection using the host and port
-     * @param host  The host to connect to
-     * @param port  The port to connect to
-     * @return  The created connection
-     * @throws IOException   On an IO Error
-     * @throws UnknownHostException  If the host can't be resolved
+     * 
+     * @param host The host to connect to
+     * @param port The port to connect to
+     * @return The created connection
+     * @throws IOException On an IO Error
+     * @throws UnknownHostException If the host can't be resolved
      */
     public IConnection create(String host, int port)
-        throws IOException, UnknownHostException;
+            throws IOException, UnknownHostException;
 
 }
-
diff --git a/pki/base/common/src/com/netscape/certsrv/common/ConfigConstants.java b/pki/base/common/src/com/netscape/certsrv/common/ConfigConstants.java
index 9f892cd2..65c170ee 100644
--- a/pki/base/common/src/com/netscape/certsrv/common/ConfigConstants.java
+++ b/pki/base/common/src/com/netscape/certsrv/common/ConfigConstants.java
@@ -17,12 +17,10 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.common;
 
-
 /**
- * This interface contains constants that are used 
- * in the protocol between the configuration daemon 
- * and UI configuration wizard.
- *
+ * This interface contains constants that are used in the protocol between the
+ * configuration daemon and UI configuration wizard.
+ * 
  * @version $Revision$, $Date$
  */
 public interface ConfigConstants {
@@ -30,8 +28,8 @@ public interface ConfigConstants {
     public static final String TRUE = "true";
     public static final String FALSE = "false";
     public static final String OPTYPE = "opType";
-    public static final String TASKID = "taskID";  
- 
+    public static final String TASKID = "taskID";
+
     // Stages
     public static final String STAGES = "stages";
     public static final String STAGE_INTERNAL_DB = "stageInternalDB";
@@ -135,7 +133,7 @@ public interface ConfigConstants {
     public static final String PR_EE_SECURE_PORT = "eeGateway.https.port";
     public static final String PR_AGENT_PORT = "agentGateway.https.port";
     public static final String PR_RADM_PORT = "radm.https.port";
-    public static final String PR_RADM_PORT_SETUP="radm.port";
+    public static final String PR_RADM_PORT_SETUP = "radm.port";
     public static final String PR_EE_PORT_ENABLE = "eeGateway.http.enable";
     public static final String PR_EE_PORTS_ENABLE = "eePortsEnable";
 
@@ -173,27 +171,27 @@ public interface ConfigConstants {
     public static final String PR_ADD_LDIF_PATH = "addLdifPath";
     public static final String PR_MOD_LDIF_PATH = "modLdifPath";
     public static final String PR_SIGNING_KEY_MIGRATION_TOKEN =
-        "signingKeyMigrationToken";
+            "signingKeyMigrationToken";
     public static final String PR_SSL_KEY_MIGRATION_TOKEN =
-        "sslKeyMigrationToken";
+            "sslKeyMigrationToken";
     public static final String PR_SIGNING_KEY_MIGRATION_TOKEN_PASSWD =
-        "signingKeyMigrationTokenPasswd";
+            "signingKeyMigrationTokenPasswd";
     public static final String PR_SIGNING_KEY_MIGRATION_TOKEN_SOPPASSWD =
-        "signingKeyMigrationTokenSOPPasswd";
+            "signingKeyMigrationTokenSOPPasswd";
     public static final String PR_SSL_KEY_MIGRATION_TOKEN_PASSWD =
-        "sslKeyMigrationTokenPasswd";
+            "sslKeyMigrationTokenPasswd";
     public static final String PR_SSL_KEY_MIGRATION_TOKEN_SOPPASSWD =
-        "sslKeyMigrationTokenSOPPasswd";
+            "sslKeyMigrationTokenSOPPasswd";
     public static final String PR_NUM_MIGRATION_WARNINGS =
-        "numMigrationWarnings";
+            "numMigrationWarnings";
     public static final String PR_MIGRATION_WARNING = "migrationWarning";
     public static final String PR_CA_KEY_TYPE = "caKeyType";
     public static final String PR_LDAP_PASSWORD = "ldapPassword";
     public static final String PR_MIGRATION_PASSWORD = "migrationPassword";
 
     // Key and Cert
-    public static final String PR_HARDWARE_SPLIT = "hardwareSplit";    
-    public static final String PR_TOKEN_LIST = "tokenList";    
+    public static final String PR_HARDWARE_SPLIT = "hardwareSplit";
+    public static final String PR_TOKEN_LIST = "tokenList";
     public static final String PR_TOKEN_NAME = "tokenName";
     public static final String PR_SUBJECT_NAME = "subjectName";
     public static final String PR_CA_SUBJECT_NAME = "caSubjectName";
@@ -269,7 +267,7 @@ public interface ConfigConstants {
     public static final String PR_RA_TOKEN = "raToken";
     public static final String PR_KRA_TOKEN = "kraToken";
     public static final String PR_SSL_TOKEN = "sslToken";
-    //public static final String PR_SUBSYSTEMS = "subsystems";
+    // public static final String PR_SUBSYSTEMS = "subsystems";
 
     // Key Length
     public static final String PR_RSA_MIN_KEYLENGTH = "RSAMinKeyLength";
@@ -293,8 +291,8 @@ public interface ConfigConstants {
     // CA serial number
     public static final String PR_CA_SERIAL_NUMBER = "caSerialNumber";
     public static final String PR_CA_ENDSERIAL_NUMBER = "caEndSerialNumber";
-    
-	// KRA number
+
+    // KRA number
     public static final String PR_REQUEST_NUMBER = "requestNumber";
     public static final String PR_ENDREQUEST_NUMBER = "endRequestNumber";
     public static final String PR_SERIAL_REQUEST_NUMBER = "serialRequestNumber";
@@ -331,4 +329,3 @@ public interface ConfigConstants {
     public static final String PR_AGREEMENT_NAME_2 = "agreementName2";
     public static final String PR_REPLICATION_MANAGER_PASSWD_2 = "replicationManagerPwd2";
 }
-
diff --git a/pki/base/common/src/com/netscape/certsrv/common/Constants.java b/pki/base/common/src/com/netscape/certsrv/common/Constants.java
index c8503491..e2f5c5af 100644
--- a/pki/base/common/src/com/netscape/certsrv/common/Constants.java
+++ b/pki/base/common/src/com/netscape/certsrv/common/Constants.java
@@ -17,18 +17,18 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.common;
 
-
 /**
- * This interface contains constants that are shared 
- * by certificate server and its client SDK.
- *
+ * This interface contains constants that are shared by certificate server and
+ * its client SDK.
+ * 
  * @version $Revision$, $Date$
  */
 public interface Constants {
 
-    /*=======================================================
-     * MESSAGE FORMAT CONSTANTS
-     *=======================================================*/
+    /*
+     * ======================================================= MESSAGE FORMAT
+     * CONSTANTS=======================================================
+     */
     public static final String PASSWORDTYPE = "PasswordField";
     public static final String TEXTTYPE = "TextField";
     public static final String CHECKBOXTYPE = "CheckBox";
@@ -41,34 +41,37 @@ public interface Constants {
     public final static String OP_TYPE = "OP_TYPE";
     public final static String OP_SCOPE = "OP_SCOPE";
 
-    //STATIC RESOURCE IDENTIFIERS
+    // STATIC RESOURCE IDENTIFIERS
     public final static String RS_ID = "RS_ID";
     public final static String RS_ID_CONFIG = "RS_ID_CONFIG";
     public final static String RS_ID_ORDER = "RS_ID_ORDER";
 
-    //STATIC UI TYPE
+    // STATIC UI TYPE
     public final static String TYPE_PASSWORD = "password";
-    
+
     /**********************************************************
      * PROPERTY NAME LISTED BELOW
      **********************************************************/
-    
-    /*========================================================
-     * General
-     *========================================================*/     
+
+    /*
+     * ======================================================== General
+     * ========================================================
+     */
     public final static String PR_PORT = "port";
     public final static String PR_SSLPORT = "sslPort";
-     
-    /*========================================================
-     * Tasks
-     *========================================================*/
+
+    /*
+     * ======================================================== Tasks
+     * ========================================================
+     */
     public final static String PR_SERVER_START = "start";
     public final static String PR_SERVER_STOP = "stop";
     public final static String PR_SERVER_RESTART = "restart";
-    
-    /*========================================================
-     * Networks
-     *========================================================*/
+
+    /*
+     * ======================================================== Networks
+     * ========================================================
+     */
     public final static String PR_ADMIN_S_PORT = "admin.https.port";
     public final static String PR_AGENT_S_PORT = "agent.https.port";
     public final static String PR_GATEWAY_S_PORT = "gateway.https.port";
@@ -79,18 +82,20 @@ public interface Constants {
     public final static String PR_GATEWAY_S_BACKLOG = "gateway.https.backlog";
     public final static String PR_GATEWAY_BACKLOG = "gateway.http.backlog";
     public final static String PR_GATEWAY_PORT_ENABLED =
-        "gateway.http.enable";
+            "gateway.http.enable";
     public final static String PR_MASTER_AGENT_PORT = "master.ca.agent.port";
     public final static String PR_MASTER_AGENT_HOST = "master.ca.agent.host";
-    
-    /*========================================================
-     * SMTP
-     *========================================================*/
+
+    /*
+     * ======================================================== SMTP
+     * ========================================================
+     */
     public final static String PR_SERVER_NAME = "server";
-    
-    /*========================================================
-     * SNMP
-     *========================================================*/
+
+    /*
+     * ======================================================== SNMP
+     * ========================================================
+     */
     public final static String PR_SNMP_ENABLED = "on";
     public final static String PR_SNMP_MASTER_HOST = "master.host";
     public final static String PR_SNMP_MASTER_PORT = "master.port";
@@ -99,23 +104,25 @@ public interface Constants {
     public final static String PR_SNMP_LOC = "loc";
     public final static String PR_SNMP_CONTACT = "contact";
 
-    /*========================================================
-     * Self Tests
-     *========================================================*/
+    /*
+     * ======================================================== Self Tests
+     * ========================================================
+     */
     public final static String PR_RUN_SELFTESTS_ON_DEMAND = "run";
     public final static String PR_RUN_SELFTESTS_ON_DEMAND_CLASS = "class";
     public final static String PR_RUN_SELFTESTS_ON_DEMAND_CONTENT = "runContent";
 
-    /*========================================================
-     * Users and Groups
-     *========================================================*/
-    
-    //group properties
+    /*
+     * ======================================================== Users and Groups
+     * ========================================================
+     */
+
+    // group properties
     public final static String PR_GROUP_DESC = "desc";
     public final static String PR_GROUP_USER = "user";
     public final static String PR_GROUP_GROUP = "group";
 
-    //user properties
+    // user properties
     public final static String PR_USER_FULLNAME = "fullname";
     public final static String PR_USER_PASSWORD = "password";
     public final static String PR_USER_EMAIL = "email";
@@ -125,9 +132,10 @@ public interface Constants {
     public final static String PR_USER_GROUP = "groups";
     public final static String PR_MULTIROLES = "multiroles";
 
-    /*========================================================
-     * Authentication
-     *========================================================*/
+    /*
+     * ======================================================== Authentication
+     * ========================================================
+     */
     public final static String PR_PING = "ping";
     public final static String PR_AUTH_CLASS = "class";
     public final static String PR_AUTH_IMPL_NAME = "implName";
@@ -137,25 +145,28 @@ public interface Constants {
     public final static String PR_AUTH_ADMIN_DN = "ldapauth.bindDN";
     public final static String PR_AUTH_ADMIN_PWD = "ldapauth.bindPassword";
 
-    /*========================================================
-     * Job Scheduler
-     *========================================================*/
+    /*
+     * ======================================================== Job Scheduler
+     * ========================================================
+     */
     public final static String PR_JOBS_CLASS = "class";
     public final static String PR_JOBS_IMPL_NAME = "implName";
     public final static String PR_JOBS_FREQUENCY = "frequency";
 
-    /*========================================================
-     * Notification
-     *========================================================*/
+    /*
+     * ======================================================== Notification
+     * ========================================================
+     */
     public final static String PR_NOTIFICATION_FORM_NAME = "emailTemplate";
     public final static String PR_NOTIFICATION_SUBJECT =
-        "emailSubject";
+            "emailSubject";
     public final static String PR_NOTIFICATION_SENDER = "senderEmail";
     public final static String PR_NOTIFICATION_RECEIVER = "recipientEmail";
 
-    /*========================================================
-     * Logs
-     *========================================================*/
+    /*
+     * ======================================================== Logs
+     * ========================================================
+     */
     public static final String PR_LOG_IMPL_NAME = "implName";
     public static final String PR_EXT_PLUGIN_IMPLTYPE_LOG = "log";
     public final static String PR_LOG_CLASS = "class";
@@ -191,10 +202,11 @@ public interface Constants {
     public static final String PR_DEBUG_LOG_ENABLE = "debug.enabled";
     public static final String PR_DEBUG_LOG_LEVEL = "debug.level";
 
-    /*========================================================
-     * LDAP Publishing
-     *========================================================*/
-     
+    /*
+     * ======================================================== LDAP Publishing
+     * ========================================================
+     */
+
     // publishing properties
     public final static String PR_BASIC_AUTH = "BasicAuth";
     public final static String PR_SSL_AUTH = "SslClientAuth";
@@ -253,7 +265,7 @@ public interface Constants {
     public final static String PR_BASE_DN = "baseDN";
     public final static String PR_DNCOMPS = "dnComps";
     public final static String PR_FILTERCOMPS = "filterComps";
-    
+
     // ldap connection test
     public final static String PR_CONN_INITED = "connInited";
     public final static String PR_CONN_INIT_FAIL = "connInitFail";
@@ -264,15 +276,17 @@ public interface Constants {
     public final static String PR_SAVE_OK = "saveOk";
     public final static String PR_SAVE_NOT = "saveOrNot";
 
-    /*========================================================
-     * Plugin
-     *========================================================*/
+    /*
+     * ======================================================== Plugin
+     * ========================================================
+     */
     public final static String PR_PLUGIN_IMP = "imp";
     public final static String PR_PLUGIN_INSTANCE = "instance";
 
-    /*========================================================
-     * Policy
-     *========================================================*/
+    /*
+     * ======================================================== Policy
+     * ========================================================
+     */
     public final static String PR_POLICY_CLASS = "class";
     public final static String PR_POLICY_IMPL_NAME = "implName";
     public final static String PR_CRLDP_NAME = "crldpName";
@@ -281,9 +295,10 @@ public interface Constants {
     public final static String PR_POLICY_ENABLE = "enable";
     public final static String PR_POLICY_PREDICATE = "predicate";
 
-    /*========================================================
-     * Publish
-     *========================================================*/
+    /*
+     * ======================================================== Publish
+     * ========================================================
+     */
     public final static String PR_PUBLISHER = "publisher";
     public final static String PR_PUBLISHER_CLASS = "class";
     public final static String PR_PUBLISHER_IMPL_NAME = "implName";
@@ -314,19 +329,20 @@ public interface Constants {
 
     public final static String PR_OCSPSTORE_IMPL_NAME = "implName";
 
-    /*========================================================
-     * Registration Authority
-     *========================================================*/
+    /*
+     * ======================================================== Registration
+     * Authority========================================================
+     */
     public final static String PR_EE_ENABLED = "eeEnabled";
     public final static String PR_OCSP_ENABLED = "ocspEnabled";
     public final static String PR_RA_ENABLED = "raEnabled";
     public final static String PR_RENEWAL_ENABLED = "renewal.enabled";
     public final static String PR_RENEWAL_VALIDITY = "renewal.validity";
     public final static String PR_RENEWAL_EMAIL = "renewal.email";
-    public final static String PR_RENEWAL_EXPIREDNOTIFIEDENABLED = 
-        "renewal.expired.notification.enabled";
-    public final static String PR_RENEWAL_NUMNOTIFICATION = 
-        "renewal.numNotification";
+    public final static String PR_RENEWAL_EXPIREDNOTIFIEDENABLED =
+            "renewal.expired.notification.enabled";
+    public final static String PR_RENEWAL_NUMNOTIFICATION =
+            "renewal.numNotification";
     public final static String PR_RENEWAL_INTERVAL = "renewal.interval";
     public final static String PR_SERVLET_CLASS = "class";
     public final static String PR_SERVLET_URI = "uri";
@@ -337,27 +353,30 @@ public interface Constants {
     public final static String PR_URI = "uri";
     public final static String PR_ENABLED = "enable";
 
-    /*========================================================
-     * Certificate Authority
-     *========================================================*/
+    /*
+     * ======================================================== Certificate
+     * Authority========================================================
+     */
     public final static String PR_VALIDITY = "validity";
     public final static String PR_DEFAULT_ALGORITHM = "defaultSigningAlgorithm";
     public final static String PR_ALL_ALGORITHMS = "allSigningAlgorithms";
     public final static String PR_SERIAL = "startSerialNumber";
     public final static String PR_MAXSERIAL = "maxSerialNumber";
 
-    /*========================================================
-     * Access Control
-     *========================================================*/
+    /*
+     * ======================================================== Access Control
+     * ========================================================
+     */
     public final static String PR_ACL_OPS = "aclOperations";
     public final static String PR_ACI = "aci";
     public final static String PR_ACL_CLASS = "class";
     public final static String PR_ACL_DESC = "desc";
     public final static String PR_ACL_RIGHTS = "rights";
-    
-    /*========================================================
-     * Key Recovery
-     *========================================================*/
+
+    /*
+     * ======================================================== Key Recovery
+     * ========================================================
+     */
     public final static String PR_AUTO_RECOVERY_ON = "autoRecoveryOn";
     public final static String PR_RECOVERY_N = "recoveryN";
     public final static String PR_RECOVERY_M = "recoveryM";
@@ -367,18 +386,20 @@ public interface Constants {
     public final static String PR_AGENT_PWD = "agentPwd";
     public final static String PR_NO_OF_REQUIRED_RECOVERY_AGENTS = "noOfRequiredRecoveryAgents";
 
-    /*========================================================
-     * Status
-     *========================================================*/
+    /*
+     * ======================================================== Status
+     * ========================================================
+     */
     public final static String PR_STAT_STARTUP = "startup";
     public final static String PR_STAT_TIME = "time";
     public final static String PR_STAT_VERSION = "cms.version";
     public final static String PR_STAT_INSTALLDATE = "installDate";
     public final static String PR_STAT_INSTANCEID = "instanceId";
 
-    /*========================================================
-     * Server Instance
-     *========================================================*/
+    /*
+     * ======================================================== Server Instance
+     * ========================================================
+     */
     public final static String PR_INSTALL = "install";
     public final static String PR_INSTANCES_INSTALL = "instancesInstall";
     public final static String PR_CA_INSTANCE = "ca";
@@ -386,7 +407,7 @@ public interface Constants {
     public final static String PR_RA_INSTANCE = "ra";
     public final static String PR_KRA_INSTANCE = "kra";
     public final static String PR_TKS_INSTANCE = "tks";
-   
+
     /*
      * Certificate info
      */
@@ -464,11 +485,12 @@ public interface Constants {
      */
     public final static String PR_TRUST = "trust";
 
-    /*========================================================
-     * Security
-     *========================================================*/
-     
-    //functionality 
+    /*
+     * ======================================================== Security
+     * ========================================================
+     */
+
+    // functionality
     public final static String PR_CERT_SERVER = "SERVER";
     public final static String PR_CERT_ADMIN = "ADMIN";
     public final static String PR_CERT_AGENT = "AGENT";
@@ -477,17 +499,17 @@ public interface Constants {
     public final static String PR_CERT_RA = "RA";
     public final static String PR_CERT_POA = "POA";
     public final static String PR_CERT_TRANS = "TRANS";
-    
+
     // key and certificate management
     public final static String PR_OPERATION_TYPE = "operationtype";
     public final static String PR_INSTALL_TYPE = "install";
     public final static String PR_REQUEST_TYPE = "request";
-    //public final static String PR_CA_SIGNING_CERT = "cacert";
-    //public final static String PR_SERVER_CERT = "servercert";
+    // public final static String PR_CA_SIGNING_CERT = "cacert";
+    // public final static String PR_SERVER_CERT = "servercert";
     public final static String PR_CLIENT_CERT = "clientcert";
-    public final static String PR_FULL_INTERNAL_TOKEN_NAME="Internal Key Storage Token";
-    public final static String PR_INTERNAL_TOKEN_NAME = 
-        "internal";
+    public final static String PR_FULL_INTERNAL_TOKEN_NAME = "Internal Key Storage Token";
+    public final static String PR_INTERNAL_TOKEN_NAME =
+            "internal";
     public final static String PR_TOKEN_NAME = "tokenName";
     public final static String PR_TOKEN_PASSWD = "tokenPwd";
     public final static String PR_KEY_LENGTH = "keyLength";
@@ -502,16 +524,16 @@ public interface Constants {
     public final static String PR_SUBJECT_NAME = "subjectName";
     public final static String PR_CSR = "csr";
 
-    //encryption
-    
+    // encryption
+
     /* Cipher Version: domestic or export */
     public final static String PR_CIPHER_VERSION = "cipherversion";
     public final static String PR_CIPHER_VERSION_DOMESTIC = "cipherdomestic";
     public final static String PR_CIPHER_VERSION_EXPORT = "cipherexport";
-    
+
     /* Cipher Fortezza: true, false */
     public final static String PR_CIPHER_FORTEZZA = "cipherfortezza";
-    
+
     /* Token and Certificates */
     public final static String PR_TOKEN_LIST = "tokenlist";
     public final static String PR_TOKEN_PREFIX = "token_";
@@ -525,46 +547,30 @@ public interface Constants {
     public final static String PR_ECTYPE = "ectype";
 
     /* values for SSL cipher preferences */
-    public final static String 
-        PR_SSL2_RC4_128_WITH_MD5 = "rc4";
-    public final static String 
-        PR_SSL2_RC4_128_EXPORT40_WITH_MD5 = "rc4export";
-    public final static String 
-        PR_SSL2_RC2_128_CBC_WITH_MD5 = "rc2";
-    public final static String 
-        PR_SSL2_RC2_128_CBC_EXPORT40_WITH_MD5 = "rc2export";
-    public final static String 
-        PR_SSL2_DES_64_CBC_WITH_MD5 = "des";
-    public final static String 
-        PR_SSL2_DES_192_EDE3_CBC_WITH_MD5 = "desede3";
-    public final static String 
-        PR_SSL3_RSA_WITH_NULL_MD5 = "rsa_null_md5";
-    public final static String 
-        PR_SSL3_RSA_EXPORT_WITH_RC4_40_MD5 = "rsa_rc4_40_md5";
-    public final static String 
-        PR_SSL3_RSA_WITH_RC4_128_MD5 = "rsa_rc4_128_md5"; 
-    public final static String 
-        PR_SSL3_RSA_EXPORT_WITH_RC2_CBC_40_MD5 = "rsa_rc2_40_md5";
-    public final static String 
-        PR_SSL3_RSA_WITH_DES_CBC_SHA = "rsa_des_sha";
-    public final static String 
-        PR_SSL3_RSA_WITH_3DES_EDE_CBC_SHA = "rsa_3des_sha";
-    public final static String 
-        PR_SSL3_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA = "fortezza";
-    public final static String 
-        PR_SSL3_FORTEZZA_DMS_WITH_RC4_128_SHA = "fortezza_rc4_128_sha";
-    public final static String 
-        PR_SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA = "rsa_fips_3des_sha";
-    public final static String 
-        PR_SSL_RSA_FIPS_WITH_DES_CBC_SHA = "rsa_fips_des_sha";
-    public final static String 
-        PR_TLS_RSA_EXPORT1024_WITH_RC4_56_SHA = "tls_rsa_rc4_56_sha";
-    public final static String 
-        PR_TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA = "tls_rsa_des_sha";
-
-    /*========================================================
-     * Watchdog and Server State Messages 
-     *========================================================*/
+    public final static String PR_SSL2_RC4_128_WITH_MD5 = "rc4";
+    public final static String PR_SSL2_RC4_128_EXPORT40_WITH_MD5 = "rc4export";
+    public final static String PR_SSL2_RC2_128_CBC_WITH_MD5 = "rc2";
+    public final static String PR_SSL2_RC2_128_CBC_EXPORT40_WITH_MD5 = "rc2export";
+    public final static String PR_SSL2_DES_64_CBC_WITH_MD5 = "des";
+    public final static String PR_SSL2_DES_192_EDE3_CBC_WITH_MD5 = "desede3";
+    public final static String PR_SSL3_RSA_WITH_NULL_MD5 = "rsa_null_md5";
+    public final static String PR_SSL3_RSA_EXPORT_WITH_RC4_40_MD5 = "rsa_rc4_40_md5";
+    public final static String PR_SSL3_RSA_WITH_RC4_128_MD5 = "rsa_rc4_128_md5";
+    public final static String PR_SSL3_RSA_EXPORT_WITH_RC2_CBC_40_MD5 = "rsa_rc2_40_md5";
+    public final static String PR_SSL3_RSA_WITH_DES_CBC_SHA = "rsa_des_sha";
+    public final static String PR_SSL3_RSA_WITH_3DES_EDE_CBC_SHA = "rsa_3des_sha";
+    public final static String PR_SSL3_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA = "fortezza";
+    public final static String PR_SSL3_FORTEZZA_DMS_WITH_RC4_128_SHA = "fortezza_rc4_128_sha";
+    public final static String PR_SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA = "rsa_fips_3des_sha";
+    public final static String PR_SSL_RSA_FIPS_WITH_DES_CBC_SHA = "rsa_fips_des_sha";
+    public final static String PR_TLS_RSA_EXPORT1024_WITH_RC4_56_SHA = "tls_rsa_rc4_56_sha";
+    public final static String PR_TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA = "tls_rsa_des_sha";
+
+    /*
+     * ======================================================== Watchdog and
+     * Server State Messages
+     * ========================================================
+     */
 
     public final static String SERVER_STARTUP_WARNING_MESSAGE = "CMS Warning: ";
     public final static String SERVER_STARTUP_MESSAGE = "Server is started.";
@@ -572,9 +578,11 @@ public interface Constants {
     public final static String SERVER_SHUTDOWN_ERROR_MESSAGE = "Error Starting CMS: ";
     public final static String SERVER_SHUTDOWN_EXTENDED_ERROR_MESSAGE = "Extended error information: ";
 
-    /*============================================================
-     * THE FOLLOWING LIST WILL BE REMOVED
-     *============================================================*/
+    /*
+     * ============================================================ THE
+     * FOLLOWING LIST WILL BE REMOVED
+     * ============================================================
+     */
 
     // parameter types
     public final static String PT_OP = "op";
@@ -599,9 +607,9 @@ public interface Constants {
     public final static String PT_DN = "dn";
 
     public final static String PV_SYSTEM_ADMINISTRATORS =
-        "SystemAdministrators";
+            "SystemAdministrators";
     public final static String PV_CERTIFICATE_ADMINISTRATORS =
-        "CertificateAdministrators";
+            "CertificateAdministrators";
 
     public final static String OP_AUTHENTICATE = "authenticate";
     public final static String OP_RESTART = "restart";
@@ -636,9 +644,9 @@ public interface Constants {
     // certificate authority operations
     public final static String PT_PUBLISH_DN = "ldappublish.ldap.admin-dn";
     public final static String PT_PUBLISH_PWD =
-        "ldappublish.ldap.admin-password";
+            "ldappublish.ldap.admin-password";
     public final static String PT_PUBLISH_FREQ =
-        "crl.crl0.autoUpdateInterval";
+            "crl.crl0.autoUpdateInterval";
     public final static String PT_SERIALNO = "serialno";
     public final static String PT_NAMES = "names";
     public final static String PT_CERTIFICATES = "certificates";
@@ -732,10 +740,10 @@ public interface Constants {
     public final static String PR_REQUEST_SVC_PENDING = "4";
     public final static String PR_REQUEST_REJECTED = "5";
 
-    //Profile
+    // Profile
     public final static String PR_CONSTRAINTS_LIST = "constraintPolicy";
 
-    //Replication
+    // Replication
     public final static String PR_REPLICATION_ENABLED = "replication.enabled";
     public final static String PR_REPLICATION_AGREEMENT_NAME_1 = "replication.master1.name";
     public final static String PR_REPLICATION_HOST_1 = "replication.master1.hostname";
diff --git a/pki/base/common/src/com/netscape/certsrv/common/DestDef.java b/pki/base/common/src/com/netscape/certsrv/common/DestDef.java
index 1d3eaff1..5c90d307 100644
--- a/pki/base/common/src/com/netscape/certsrv/common/DestDef.java
+++ b/pki/base/common/src/com/netscape/certsrv/common/DestDef.java
@@ -17,12 +17,10 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.common;
 
-
 /**
- * This interface defines all the operation destination
- * used in the administration protocol between the
- * console and the server.
- *
+ * This interface defines all the operation destination used in the
+ * administration protocol between the console and the server.
+ * 
  * @version $Revision$, $Date$
  */
 public interface DestDef {
diff --git a/pki/base/common/src/com/netscape/certsrv/common/NameValuePair.java b/pki/base/common/src/com/netscape/certsrv/common/NameValuePair.java
index 44d55e32..1e513c30 100644
--- a/pki/base/common/src/com/netscape/certsrv/common/NameValuePair.java
+++ b/pki/base/common/src/com/netscape/certsrv/common/NameValuePair.java
@@ -17,13 +17,10 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.common;
 
-
-
-
 /**
- * A class represents a name value pair. A name value
- * pair consists of a name and a value.
- *
+ * A class represents a name value pair. A name value pair consists of a name
+ * and a value.
+ * 
  * @version $Revision$, $Date$
  */
 public class NameValuePair {
@@ -33,7 +30,7 @@ public class NameValuePair {
 
     /**
      * Constructs value pair object.
-     *
+     * 
      * @param name name
      * @param value value
      */
@@ -44,7 +41,7 @@ public class NameValuePair {
 
     /**
      * Retrieves the name.
-     *
+     * 
      * @return name
      */
     public String getName() {
@@ -53,19 +50,19 @@ public class NameValuePair {
 
     /**
      * Retrieves the value.
-     *
+     * 
      * @return value
      */
     public String getValue() {
         return mValue;
     }
-	
+
     /**
      * Sets the value
-     *
+     * 
      * @param value value
      */
     public void setValue(String value) {
         mValue = value;
     }
-}    
+}
diff --git a/pki/base/common/src/com/netscape/certsrv/common/NameValuePairs.java b/pki/base/common/src/com/netscape/certsrv/common/NameValuePairs.java
index 651de782..f175a8de 100644
--- a/pki/base/common/src/com/netscape/certsrv/common/NameValuePairs.java
+++ b/pki/base/common/src/com/netscape/certsrv/common/NameValuePairs.java
@@ -17,17 +17,14 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.common;
 
-
 import java.util.Enumeration;
 import java.util.Hashtable;
 import java.util.StringTokenizer;
 import java.util.Vector;
 
-
 /**
- * A class represents an ordered list of name 
- * value pairs.
- *
+ * A class represents an ordered list of name value pairs.
+ * 
  * @version $Revision$, $Date$
  */
 public class NameValuePairs {
@@ -35,20 +32,19 @@ public class NameValuePairs {
     private Vector<NameValuePair> mPairs = new Vector<NameValuePair>();
 
     // an index to speed up searching
-    // The key is the name.  The element is the NameValuePair.
+    // The key is the name. The element is the NameValuePair.
     private Hashtable<String, NameValuePair> index = new Hashtable<String, NameValuePair>();
 
     /**
      * Constructs name value pairs.
-     */	 
+     */
     public NameValuePairs() {
     }
 
     /**
-     * Adds a name value pair into this set.
-     * if the name already exist, the value will
-     * be replaced.
-     *
+     * Adds a name value pair into this set. if the name already exist, the
+     * value will be replaced.
+     * 
      * @param name name
      * @param value value
      */
@@ -66,7 +62,7 @@ public class NameValuePairs {
 
     /**
      * Retrieves name value pair from this set.
-     *
+     * 
      * @param name name
      * @return name value pair
      */
@@ -76,7 +72,7 @@ public class NameValuePairs {
 
     /**
      * Returns number of pairs in this set.
-     *
+     * 
      * @return size
      */
     public int size() {
@@ -85,7 +81,7 @@ public class NameValuePairs {
 
     /**
      * Retrieves name value pairs in specific position.
-     *
+     * 
      * @param pos position of the value
      * @return name value pair
      */
@@ -102,9 +98,8 @@ public class NameValuePairs {
     }
 
     /**
-     * Retrieves value of the name value pairs that matches
-     * the given name.
-     *
+     * Retrieves value of the name value pairs that matches the given name.
+     * 
      * @param name name
      * @return value
      */
@@ -119,26 +114,25 @@ public class NameValuePairs {
 
     /**
      * Retrieves a list of names.
-     *
+     * 
      * @return a list of names
      */
     public Enumeration<String> getNames() {
         Vector<String> v = new Vector<String>();
-        int size = mPairs.size(); 
+        int size = mPairs.size();
 
-        for (int i = 0; i < size; i++) { 
+        for (int i = 0; i < size; i++) {
             NameValuePair p = (NameValuePair) mPairs.elementAt(i);
 
             v.addElement(p.getName());
         }
-        //System.out.println("getNames: "+v.size());
+        // System.out.println("getNames: "+v.size());
         return v.elements();
     }
-	
+
     /**
-     * Show the content of this name value container as
-     * string representation.
-     *
+     * Show the content of this name value container as string representation.
+     * 
      * @return string representation
      */
     public String toString() {
@@ -155,7 +149,7 @@ public class NameValuePairs {
 
     /**
      * Parses a string into name value pairs.
-     *
+     * 
      * @param s string
      * @param nvp name value pairs
      * @return true if successful
@@ -174,16 +168,16 @@ public class NameValuePairs {
             String v = t.substring(i + 1);
 
             nvp.add(n, v);
-        }	
+        }
         return true;
     }
 
     /**
      * Returns a list of name value pair object.
-     *
+     * 
      * @return name value objects
      */
     public Enumeration<NameValuePair> elements() {
         return mPairs.elements();
     }
-}    
+}
diff --git a/pki/base/common/src/com/netscape/certsrv/common/OpDef.java b/pki/base/common/src/com/netscape/certsrv/common/OpDef.java
index 9cfcab4a..6b6b3a1b 100644
--- a/pki/base/common/src/com/netscape/certsrv/common/OpDef.java
+++ b/pki/base/common/src/com/netscape/certsrv/common/OpDef.java
@@ -17,12 +17,10 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.common;
 
-
 /**
- * This interface defines all the administration operations
- * used in the administration protocol between the console
- * and the server.
- *
+ * This interface defines all the administration operations used in the
+ * administration protocol between the console and the server.
+ * 
  * @version $Revision$, $Date$
  */
 public interface OpDef {
diff --git a/pki/base/common/src/com/netscape/certsrv/common/PrefixDef.java b/pki/base/common/src/com/netscape/certsrv/common/PrefixDef.java
index 11a58c5d..405544ab 100644
--- a/pki/base/common/src/com/netscape/certsrv/common/PrefixDef.java
+++ b/pki/base/common/src/com/netscape/certsrv/common/PrefixDef.java
@@ -17,25 +17,23 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.common;
 
-
 /**
- * This interface defines all the prefix tags
- * used in the administration protocol between
- * the console and the server.
- *
+ * This interface defines all the prefix tags used in the administration
+ * protocol between the console and the server.
+ * 
  * @version $Revision$, $Date$
  */
 public interface PrefixDef {
 
-    //user and group
+    // user and group
     public final static String PX_GROUP = "group";
     public final static String PX_USER = "user";
     public final static String PX_CERT = "cert";
     public final static String PX_SYS = "SYS_";
     public final static String PX_DEF = "DEF_";
     public final static String PX_PP = "CERT_PP";
-    
-    //log content
+
+    // log content
     public final static String PX_LOG = "log";
-    
+
 }
diff --git a/pki/base/common/src/com/netscape/certsrv/common/ScopeDef.java b/pki/base/common/src/com/netscape/certsrv/common/ScopeDef.java
index 0be3fdf0..0c8053d0 100644
--- a/pki/base/common/src/com/netscape/certsrv/common/ScopeDef.java
+++ b/pki/base/common/src/com/netscape/certsrv/common/ScopeDef.java
@@ -17,12 +17,10 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.common;
 
-
 /**
- * This interface defines all the operation scope
- * used in the administration protocol between the
- * console and the server.
- *
+ * This interface defines all the operation scope used in the administration
+ * protocol between the console and the server.
+ * 
  * @version $Revision$, $Date$
  */
 public interface ScopeDef {
@@ -31,7 +29,7 @@ public interface ScopeDef {
     public final static String SC_GROUPS = "groups";
     public final static String SC_USERS = "users";
     public final static String SC_USER_CERTS = "certs";
-    
+
     public final static String SC_SNMP = "snmp";
     public final static String SC_SMTP = "smtp";
     public final static String SC_SUBSYSTEM = "subsystem";
@@ -39,12 +37,12 @@ public interface ScopeDef {
     public final static String SC_GATEWAY = "gateway";
     public final static String SC_ADMIN = "admin";
     public final static String SC_NETWORK = "network";
-    
+
     // profile
     public final static String SC_PROFILE_IMPLS = "profile";
     public final static String SC_PROFILE_RULES = "rules";
     public final static String SC_PROFILE_DEFAULT_POLICY = "defaultPolicy";
-    public final static String SC_PROFILE_CONSTRAINT_POLICY = "constraintPolicy"; 
+    public final static String SC_PROFILE_CONSTRAINT_POLICY = "constraintPolicy";
     public final static String SC_PROFILE_POLICIES = "policies";
     public final static String SC_PROFILE_POLICY_CONFIG = "config";
     public final static String SC_PROFILE_INPUT = "profileInput";
@@ -83,9 +81,9 @@ public interface ScopeDef {
     public final static String SC_LOG_CONTENT = "log_content";
     public final static String SC_AUDITLOG_CONTENT = "transactionsLog_content";
     public final static String SC_ERRORLOG_CONTENT = "errorLog_content";
-    public final static String SC_SYSTEMLOG_CONTENT = "systemLog_content";    
+    public final static String SC_SYSTEMLOG_CONTENT = "systemLog_content";
 
-    //LDAP publishing
+    // LDAP publishing
     public final static String SC_LDAP = "ldap";
     public final static String SC_CRL = "crl";
     public final static String SC_USERCERT = "userCert";
@@ -109,9 +107,9 @@ public interface ScopeDef {
     public final static String SC_RECOVERY = "recovery";
     public final static String SC_AGENT_PWD = "agentPwd";
     public final static String SC_MNSCHEME = "mnScheme";
-    
-    //stat
-    public final static String  SC_STAT = "stat";
+
+    // stat
+    public final static String SC_STAT = "stat";
 
     // RA
     public final static String SC_GENERAL = "general";
@@ -119,27 +117,27 @@ public interface ScopeDef {
     public final static String SC_PKIGW = "pkigw";
     public final static String SC_SERVLET = "servlet";
     public final static String SC_CONNECTOR = "connector";
-    
-    //tasks
+
+    // tasks
     public final static String SC_TASKS = "tasks";
-    
-    //authentication
+
+    // authentication
     public final static String SC_AUTH = "auths";
     public final static String SC_AUTHTYPE = "authType";
     public final static String SC_AUTH_IMPLS = "impl";
     public final static String SC_AUTH_MGR_INSTANCE = "instance";
 
-    //jobs scheduler
+    // jobs scheduler
     public final static String SC_JOBS = "jobScheduler";
     public final static String SC_JOBS_IMPLS = "impl";
     public final static String SC_JOBS_INSTANCE = "job";
     public final static String SC_JOBS_RULES = "rules";
 
-    //notification
+    // notification
     public final static String SC_NOTIFICATION_REQ_COMP = "notificationREQC";
     public final static String SC_NOTIFICATION_REV_COMP = "notificationREVC";
     public final static String SC_NOTIFICATION_RIQ = "notificationRIQ";
-    
+
     // acl
     public final static String SC_ACL_IMPLS = "impl";
     public final static String SC_ACL = "acls";
@@ -181,7 +179,7 @@ public interface ScopeDef {
     public final static String SC_PLATFORM = "platform";
 
     public final static String SC_GET_NICKNAMES = "getNicknames";
- 
+
     // Profile
     public final static String SC_SUPPORTED_CONSTRAINTPOLICIES = "supportedConstraintPolicies";
 
diff --git a/pki/base/common/src/com/netscape/certsrv/common/TaskId.java b/pki/base/common/src/com/netscape/certsrv/common/TaskId.java
index 458822ff..1f5c5213 100644
--- a/pki/base/common/src/com/netscape/certsrv/common/TaskId.java
+++ b/pki/base/common/src/com/netscape/certsrv/common/TaskId.java
@@ -17,13 +17,10 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.common;
 
-
 /**
- * This interface defines all the tasks used in
- * the configuration protocol between the
- * configuration wizard and the configuration
- * daemon.
- *
+ * This interface defines all the tasks used in the configuration protocol
+ * between the configuration wizard and the configuration daemon.
+ * 
  * @version $Revision$, $Date$
  */
 public interface TaskId {
@@ -66,7 +63,7 @@ public interface TaskId {
 
     // get information about all cryptotokens
     public final static String TASK_TOKEN_INFO = "tokenInfo";
-    
+
     // server get master or clone setting
     public final static String TASK_MASTER_OR_CLONE = "SetMasterOrClone";
     // single signon
@@ -100,17 +97,18 @@ public interface TaskId {
     // set CA starting serial number
     public final static String TASK_SET_CA_SERIAL = "setCASerial";
 
-     // set CA starting serial number
+    // set CA starting serial number
     public final static String TASK_SET_KRA_NUMBER = "setKRANumber";
 
-   // check key length
+    // check key length
     public final static String TASK_CHECK_KEYLENGTH = "checkKeyLength";
 
     // check certificate extension
     public final static String TASK_CHECK_EXTENSION = "checkExtension";
 
-    // check validity period: make sure the notAfterDate of the certificate 
-    // will not go beyond the notAfterDate of the CA cert which signs the certificate.
+    // check validity period: make sure the notAfterDate of the certificate
+    // will not go beyond the notAfterDate of the CA cert which signs the
+    // certificate.
     public final static String TASK_VALIDITY_PERIOD = "checkValidityPeriod";
 
     public final static String TASK_CLONING = "taskCloning";
diff --git a/pki/base/common/src/com/netscape/certsrv/connector/IConnector.java b/pki/base/common/src/com/netscape/certsrv/connector/IConnector.java
index 6dcca9d2..c5e455c5 100644
--- a/pki/base/common/src/com/netscape/certsrv/connector/IConnector.java
+++ b/pki/base/common/src/com/netscape/certsrv/connector/IConnector.java
@@ -17,20 +17,17 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.connector;
 
-
 import com.netscape.certsrv.base.EBaseException;
 import com.netscape.certsrv.request.IRequest;
 
-
 /**
- * This interface represents a connector that forwards
- * CMS requests to a remote authority.
- *
- * To register a connector, one can add the following
- * to the CMS.cfg:
- *
+ * This interface represents a connector that forwards CMS requests to a remote
+ * authority.
+ * 
+ * To register a connector, one can add the following to the CMS.cfg:
+ * 
  * <pre>
- *
+ * 
  *  Example for KRA type connector.
  * ca.connector.KRA.enable=true
  * ca.connector.KRA.host=thehost.netscape.com        #Remote host.
@@ -39,21 +36,22 @@ import com.netscape.certsrv.request.IRequest;
  * ca.connector.KRA.uri="/kra/connector"             #Uri of the KRA server.
  * ca.connector.KRA.id="kra"
  * ca.connector.KRA.minHttpConns=1                   #Min connection pool connections. 
- * ca.connector.KRA.maxHttpConns=10                  #Max connection pool connections. 
+ * ca.connector.KRA.maxHttpConns=10                  #Max connection pool connections.
  * </pre>
- *
+ * 
  * @version $Revision$, $Date$
  */
 public interface IConnector {
 
     /**
      * Sends the request to a remote authority.
+     * 
      * @param req Request to be forwarded to remote authority.
      * @return true for success, otherwise false.
-     * @exception EBaseException Failure to send request to remote authority. 
+     * @exception EBaseException Failure to send request to remote authority.
      */
     public boolean send(IRequest req)
-        throws EBaseException;
+            throws EBaseException;
 
     /**
      * Starts this connector.
diff --git a/pki/base/common/src/com/netscape/certsrv/connector/IHttpConnFactory.java b/pki/base/common/src/com/netscape/certsrv/connector/IHttpConnFactory.java
index c53c6f09..2fa04053 100644
--- a/pki/base/common/src/com/netscape/certsrv/connector/IHttpConnFactory.java
+++ b/pki/base/common/src/com/netscape/certsrv/connector/IHttpConnFactory.java
@@ -17,35 +17,34 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.connector;
 
-
 import com.netscape.certsrv.base.EBaseException;
 
 /**
- * Maintains a pool of connections to to a Remote Authority.
- * Utilized by the IHttpConnector interface.
- * Multiple threads use this interface to utilize and release
- * the Ldap connection resources. This factory will maintain a
- * list of Http type connections to the remote host.
- *
+ * Maintains a pool of connections to to a Remote Authority. Utilized by the
+ * IHttpConnector interface. Multiple threads use this interface to utilize and
+ * release the Ldap connection resources. This factory will maintain a list of
+ * Http type connections to the remote host.
+ * 
  * @version $Revision$, $Date$
  */
 public interface IHttpConnFactory {
 
-
     /**
      * Request access to a Ldap connection from the pool.
+     * 
      * @exception EBaseException if any error occurs, such as a
-     * @return Ldap connection object.
-     * connection is not available
+     * @return Ldap connection object. connection is not available
      */
     public IHttpConnection getConn()
-        throws EBaseException;
+            throws EBaseException;
 
     /**
      * Return connection to the factory. mandatory after a getConn().
-     * @param conn Ldap connection object to be returned to the free list of the pool.
+     * 
+     * @param conn Ldap connection object to be returned to the free list of the
+     *            pool.
      * @exception EBaseException On any failure to return the connection.
      */
     public void returnConn(IHttpConnection conn)
-        throws EBaseException;
+            throws EBaseException;
 }
diff --git a/pki/base/common/src/com/netscape/certsrv/connector/IHttpConnection.java b/pki/base/common/src/com/netscape/certsrv/connector/IHttpConnection.java
index 6ee57059..49bccc37 100644
--- a/pki/base/common/src/com/netscape/certsrv/connector/IHttpConnection.java
+++ b/pki/base/common/src/com/netscape/certsrv/connector/IHttpConnection.java
@@ -17,26 +17,24 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.connector;
 
-
 import com.netscape.certsrv.base.EBaseException;
 
-
 /**
- * This represents a HTTP connection to a remote authority.
- * Http connection is used by the connector to send
- * PKI messages to a remote authority. The remote authority
- * will reply with a PKI message as well. An example would
- * be the communication between a CA and a KRA.
- *
+ * This represents a HTTP connection to a remote authority. Http connection is
+ * used by the connector to send PKI messages to a remote authority. The remote
+ * authority will reply with a PKI message as well. An example would be the
+ * communication between a CA and a KRA.
+ * 
  * @version $Revision$, $Date$
  */
 public interface IHttpConnection {
 
     /**
      * Sends the PKI message to the remote authority.
+     * 
      * @param tomsg Message to forward to authority.
      * @exception EBaseException Failed to send message.
      */
-    public IPKIMessage send(IPKIMessage tomsg) 
-        throws EBaseException;
+    public IPKIMessage send(IPKIMessage tomsg)
+            throws EBaseException;
 }
diff --git a/pki/base/common/src/com/netscape/certsrv/connector/IHttpPKIMessage.java b/pki/base/common/src/com/netscape/certsrv/connector/IHttpPKIMessage.java
index 5cb53e25..a6c47a86 100644
--- a/pki/base/common/src/com/netscape/certsrv/connector/IHttpPKIMessage.java
+++ b/pki/base/common/src/com/netscape/certsrv/connector/IHttpPKIMessage.java
@@ -17,39 +17,40 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.connector;
 
-
 import com.netscape.certsrv.request.IRequest;
 
-
 /**
- * This represents a  Http PKI message. It contains 
- * simple name/value pair values.  Also maintains information
- * about the status and type of the message.
- *
+ * This represents a Http PKI message. It contains simple name/value pair
+ * values. Also maintains information about the status and type of the message.
+ * 
  * @version $Revision$, $Date$
  */
 public interface IHttpPKIMessage extends IPKIMessage {
 
     /**
      * Retrieves the request type.
+     * 
      * @return String with the type of request.
      */
     public String getReqType();
 
     /**
      * Retrieves the request identifier.
+     * 
      * @return String of name of request.
      */
     public String getReqId();
 
     /**
      * Copies contents of request to make a simple name/value message.
+     * 
      * @param r Instance of IRequest to be copied from.
      */
     public void fromRequest(IRequest r);
 
     /**
      * Copies contents to request.
+     * 
      * @param r Instance of IRequest to be copied to.
      */
     public void toRequest(IRequest r);
diff --git a/pki/base/common/src/com/netscape/certsrv/connector/IPKIMessage.java b/pki/base/common/src/com/netscape/certsrv/connector/IPKIMessage.java
index 57ce9700..50b447a2 100644
--- a/pki/base/common/src/com/netscape/certsrv/connector/IPKIMessage.java
+++ b/pki/base/common/src/com/netscape/certsrv/connector/IPKIMessage.java
@@ -17,53 +17,52 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.connector;
 
-
 import java.io.Serializable;
 
 import com.netscape.certsrv.request.IRequest;
 
-
 /**
- * Messages that are serialized and go over the wire.
- * It must be serializable, and
- * later will be inherited by CRMF message. 
- *
+ * Messages that are serialized and go over the wire. It must be serializable,
+ * and later will be inherited by CRMF message.
+ * 
  * @version $Revision$, $Date$
  */
 public interface IPKIMessage extends Serializable {
 
     /**
-    *
-    * Returns status of request.
-    * @return String of request status.
-    */
+     * 
+     * Returns status of request.
+     * 
+     * @return String of request status.
+     */
     public String getReqStatus();
 
     /**
      * Retrieves the request type.
+     * 
      * @return String of type of request.
      */
     public String getReqType();
 
-   
     /**
      * Retrieves the request identifer.
+     * 
      * @return String of name of request.
      */
     public String getReqId();
 
     /**
-     * Makes a PKIMessage from a request
-     * PKIMessage will be sent to wire.
+     * Makes a PKIMessage from a request PKIMessage will be sent to wire.
+     * 
      * @param r Request to copy from.
      */
     public void fromRequest(IRequest r);
 
     /**
-     * Copies contents of PKIMessage to the request
-     * PKIMessage is from the wire.
+     * Copies contents of PKIMessage to the request PKIMessage is from the wire.
+     * 
      * @param r Request to copy to.
      */
     public void toRequest(IRequest r);
-	
+
 }
diff --git a/pki/base/common/src/com/netscape/certsrv/connector/IRemoteAuthority.java b/pki/base/common/src/com/netscape/certsrv/connector/IRemoteAuthority.java
index a97936aa..8353ef27 100644
--- a/pki/base/common/src/com/netscape/certsrv/connector/IRemoteAuthority.java
+++ b/pki/base/common/src/com/netscape/certsrv/connector/IRemoteAuthority.java
@@ -17,38 +17,38 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.connector;
 
-
-
-
 /**
- * This represents a remote authority that can be
- * a certificate manager, or key recovery manager or
- * some other manager.
- *
+ * This represents a remote authority that can be a certificate manager, or key
+ * recovery manager or some other manager.
+ * 
  * @version $Revision$, $Date$
  */
 public interface IRemoteAuthority {
 
     /**
      * Retrieves the host name of the remote Authority.
+     * 
      * @return String with the name of host of remote Authority.
      */
     public String getHost();
 
     /**
      * Retrieves the port number of the remote Authority.
+     * 
      * @return Int with port number of remote Authority.
      */
     public int getPort();
 
     /**
      * Retrieves the URI of the remote Authority.
+     * 
      * @return String with URI of remote Authority.
      */
     public String getURI();
 
     /**
      * Retrieves the timeout value for the connection to the remote Authority.
+     * 
      * @return In with remote Authority timeout value.
      */
     public int getTimeout();
diff --git a/pki/base/common/src/com/netscape/certsrv/connector/IRequestEncoder.java b/pki/base/common/src/com/netscape/certsrv/connector/IRequestEncoder.java
index 7838aa5e..80975462 100644
--- a/pki/base/common/src/com/netscape/certsrv/connector/IRequestEncoder.java
+++ b/pki/base/common/src/com/netscape/certsrv/connector/IRequestEncoder.java
@@ -17,34 +17,32 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.connector;
 
-
 import java.io.IOException;
 
-
 /**
- * This represents a rquest encoder that serializes and
- * deserializes a request to a Remote Authority so that it can be sent through
- * the connector.
- *
+ * This represents a rquest encoder that serializes and deserializes a request
+ * to a Remote Authority so that it can be sent through the connector.
+ * 
  * @version $Revision$, $Date$
  */
 public interface IRequestEncoder {
 
     /**
      * Encodes a request object.
+     * 
      * @param r Object to serve as the source of the message.
      * @return String containing encoded message.
      * @exception IOException Failure of the encoding operation due to IO error.
      */
     String encode(Object r)
-        throws IOException;
+            throws IOException;
 
     /**
-     * Dncodes a String into an  object.
+     * Dncodes a String into an object.
+     * 
      * @return Object which is the result of the decoded message.
      * @exception IOException Failure of the decoding operation due to IO error.
      */
     Object decode(String s)
-        throws IOException;
+            throws IOException;
 }
-
diff --git a/pki/base/common/src/com/netscape/certsrv/connector/IResender.java b/pki/base/common/src/com/netscape/certsrv/connector/IResender.java
index 3574c3a5..fad3c2a8 100644
--- a/pki/base/common/src/com/netscape/certsrv/connector/IResender.java
+++ b/pki/base/common/src/com/netscape/certsrv/connector/IResender.java
@@ -17,25 +17,22 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.connector;
 
-
 import com.netscape.certsrv.request.IRequest;
 
-
 /**
- * Resend requests at intervals to the server to ensure completion of requests. 
- * Default interval is 5 minutes.  The need to resend a message could arise
- * due to an error or the fact that the message could not be serviced
- * immediately.
- *
+ * Resend requests at intervals to the server to ensure completion of requests.
+ * Default interval is 5 minutes. The need to resend a message could arise due
+ * to an error or the fact that the message could not be serviced immediately.
+ * 
  * @version $Revision$, $Date$
  */
 public interface IResender extends Runnable {
 
     /**
      * Adds the request to the resend queue.
+     * 
      * @param r Request to be placed on the resend queue.
      */
     public void addRequest(IRequest r);
-	
-}
 
+}
diff --git a/pki/base/common/src/com/netscape/certsrv/dbs/DBResources.java b/pki/base/common/src/com/netscape/certsrv/dbs/DBResources.java
index 4bfb14fb..a2201b8e 100644
--- a/pki/base/common/src/com/netscape/certsrv/dbs/DBResources.java
+++ b/pki/base/common/src/com/netscape/certsrv/dbs/DBResources.java
@@ -17,14 +17,12 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.dbs;
 
-
 import java.util.ListResourceBundle;
 
-
 /**
  * A class represents a resource bundle for DBS subsystem.
  * <P>
- *
+ * 
  * @version $Revision$, $Date$
  */
 public class DBResources extends ListResourceBundle {
@@ -38,4 +36,3 @@ public class DBResources extends ListResourceBundle {
 
     static final Object[][] contents = {};
 }
-
diff --git a/pki/base/common/src/com/netscape/certsrv/dbs/EDBException.java b/pki/base/common/src/com/netscape/certsrv/dbs/EDBException.java
index 14f653d6..77508dca 100644
--- a/pki/base/common/src/com/netscape/certsrv/dbs/EDBException.java
+++ b/pki/base/common/src/com/netscape/certsrv/dbs/EDBException.java
@@ -17,14 +17,12 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.dbs;
 
-
 import com.netscape.certsrv.base.EBaseException;
 
-
 /**
  * A class represents a database exception.
  * <P>
- *
+ * 
  * @version $Revision$, $Date$
  */
 public class EDBException extends EBaseException {
@@ -36,12 +34,12 @@ public class EDBException extends EBaseException {
     /**
      * Resource class name.
      */
-    private static final String DB_RESOURCES = DBResources.class.getName();		
+    private static final String DB_RESOURCES = DBResources.class.getName();
 
     /**
      * Constructs a database exception.
      * <P>
-     *
+     * 
      * @param msgFormat message format
      */
     public EDBException(String msgFormat) {
@@ -51,7 +49,7 @@ public class EDBException extends EBaseException {
     /**
      * Constructs a database exception.
      * <P>
-     *
+     * 
      * @param msgFormat message format
      * @param param parameter
      */
@@ -62,7 +60,7 @@ public class EDBException extends EBaseException {
     /**
      * Constructs a database exception.
      * <P>
-     *
+     * 
      * @param msgFormat message format
      * @param e exception as parameter
      */
@@ -73,7 +71,7 @@ public class EDBException extends EBaseException {
     /**
      * Constructs a database exception.
      * <P>
-     *
+     * 
      * @param msgFormat message format
      * @param params list of parameters
      */
diff --git a/pki/base/common/src/com/netscape/certsrv/dbs/EDBNotAvailException.java b/pki/base/common/src/com/netscape/certsrv/dbs/EDBNotAvailException.java
index 170a8ee8..6afb2dcc 100644
--- a/pki/base/common/src/com/netscape/certsrv/dbs/EDBNotAvailException.java
+++ b/pki/base/common/src/com/netscape/certsrv/dbs/EDBNotAvailException.java
@@ -17,10 +17,9 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.dbs;
 
-
 /**
  * Indicates internal db is down.
- *
+ * 
  * @version $Revision$, $Date$
  */
 public class EDBNotAvailException extends EDBException {
@@ -32,7 +31,7 @@ public class EDBNotAvailException extends EDBException {
 
     /**
      * Constructs a ldap server down exception with host & port info.
-     *
+     * 
      * @param errorString Detailed error message.
      */
     public EDBNotAvailException(String errorString) {
diff --git a/pki/base/common/src/com/netscape/certsrv/dbs/EDBRecordNotFoundException.java b/pki/base/common/src/com/netscape/certsrv/dbs/EDBRecordNotFoundException.java
index 1640fc78..dd3880c1 100644
--- a/pki/base/common/src/com/netscape/certsrv/dbs/EDBRecordNotFoundException.java
+++ b/pki/base/common/src/com/netscape/certsrv/dbs/EDBRecordNotFoundException.java
@@ -17,10 +17,9 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.dbs;
 
-
 /**
  * Indicates internal db is down.
- *
+ * 
  * @version $Revision$, $Date$
  */
 public class EDBRecordNotFoundException extends EDBException {
@@ -32,7 +31,7 @@ public class EDBRecordNotFoundException extends EDBException {
 
     /**
      * Constructs a ldap server down exception with host & port info.
-     *
+     * 
      * @param errorString Detailed error message.
      */
     public EDBRecordNotFoundException(String errorString) {
diff --git a/pki/base/common/src/com/netscape/certsrv/dbs/IDBAttrMapper.java b/pki/base/common/src/com/netscape/certsrv/dbs/IDBAttrMapper.java
index 173537d6..8e109f20 100644
--- a/pki/base/common/src/com/netscape/certsrv/dbs/IDBAttrMapper.java
+++ b/pki/base/common/src/com/netscape/certsrv/dbs/IDBAttrMapper.java
@@ -17,66 +17,61 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.dbs;
 
-
 import java.util.Enumeration;
 
 import netscape.ldap.LDAPAttributeSet;
 
 import com.netscape.certsrv.base.EBaseException;
 
-
 /**
- * An interface represents an attribute mapper. A mapper
- * has knowledge on how to convert a db attribute into
- * zero or more LDAP attribute, and vice versa.
+ * An interface represents an attribute mapper. A mapper has knowledge on how to
+ * convert a db attribute into zero or more LDAP attribute, and vice versa.
  * <P>
- *
- * @version $Revision$, $Date$ 
+ * 
+ * @version $Revision$, $Date$
  */
 public interface IDBAttrMapper {
 
     /**
-     * Retrieves a list of LDAP attributes that are used
-     * in the mapper. By having this, the framework can
-     * provide search on selective attributes.
-     *
+     * Retrieves a list of LDAP attributes that are used in the mapper. By
+     * having this, the framework can provide search on selective attributes.
+     * 
      * @return a list of supported attribute names
      */
     public Enumeration<String> getSupportedLDAPAttributeNames();
 
     /**
      * Maps object attribute into LDAP attributes.
-     *
+     * 
      * @param parent parent object where the object comes from
      * @param name name of db attribute
      * @param obj object itself
      * @param attrs LDAP attribute set where the result should be stored
      * @exception EBaseException failed to map object
      */
-    public void mapObjectToLDAPAttributeSet(IDBObj parent, 
-        String name, Object obj, LDAPAttributeSet attrs) 
-        throws EBaseException;
+    public void mapObjectToLDAPAttributeSet(IDBObj parent,
+            String name, Object obj, LDAPAttributeSet attrs)
+            throws EBaseException;
 
     /**
-     * Maps LDAP attributes into object, and puts the object 
-     * into 'parent'.
-     *
+     * Maps LDAP attributes into object, and puts the object into 'parent'.
+     * 
      * @param attrs LDAP attribute set
      * @param name name of db attribute to be processed
      * @param parent parent object where the object should be added
      * @exception EBaseException failed to map object
      */
-    public void mapLDAPAttributeSetToObject(LDAPAttributeSet attrs, 
-        String name, IDBObj parent) throws EBaseException;
+    public void mapLDAPAttributeSetToObject(LDAPAttributeSet attrs,
+            String name, IDBObj parent) throws EBaseException;
 
     /**
      * Maps search filters into LDAP search filter.
-     *
+     * 
      * @param name name of db attribute
      * @param op filte operation (i.e. "=", ">=")
      * @param value attribute value
      * @exception EBaseException failed to map filter
      */
-    public String mapSearchFilter(String name, String op, 
-        String value) throws EBaseException;
+    public String mapSearchFilter(String name, String op,
+            String value) throws EBaseException;
 }
diff --git a/pki/base/common/src/com/netscape/certsrv/dbs/IDBDynAttrMapper.java b/pki/base/common/src/com/netscape/certsrv/dbs/IDBDynAttrMapper.java
index c1c8c3b3..c564506c 100644
--- a/pki/base/common/src/com/netscape/certsrv/dbs/IDBDynAttrMapper.java
+++ b/pki/base/common/src/com/netscape/certsrv/dbs/IDBDynAttrMapper.java
@@ -1,20 +1,18 @@
 package com.netscape.certsrv.dbs;
 
 /**
- * An interface representing a dynamic attribute mapper.
- * A dynamic mapper has knowledge on how to convert a set of dynamically
- * assigned db attribute into zero or more dynamically assigned LDAP
- * attributes, and vice versa.
+ * An interface representing a dynamic attribute mapper. A dynamic mapper has
+ * knowledge on how to convert a set of dynamically assigned db attribute into
+ * zero or more dynamically assigned LDAP attributes, and vice versa.
  * <P>
- *
+ * 
  * @version $Revision$, $Date$
  */
 public interface IDBDynAttrMapper extends IDBAttrMapper {
 
     /**
-     * Returns true if the LDAP attribute can be mapped by this
-     * dynamic mapper.
-     *
+     * Returns true if the LDAP attribute can be mapped by this dynamic mapper.
+     * 
      * @param attrName LDAP attribute name to check
      * @return a list of supported attribute names
      */
diff --git a/pki/base/common/src/com/netscape/certsrv/dbs/IDBObj.java b/pki/base/common/src/com/netscape/certsrv/dbs/IDBObj.java
index ab1ce0a4..1b9f818c 100644
--- a/pki/base/common/src/com/netscape/certsrv/dbs/IDBObj.java
+++ b/pki/base/common/src/com/netscape/certsrv/dbs/IDBObj.java
@@ -17,26 +17,21 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.dbs;
 
-
 import java.util.Enumeration;
 
 import com.netscape.certsrv.base.IAttrSet;
 
-
 /**
- * An interface represents a database object
- * that is serializable.
- *
- * @version $Revision$, $Date$ 
+ * An interface represents a database object that is serializable.
+ * 
+ * @version $Revision$, $Date$
  */
 public interface IDBObj extends IAttrSet {
 
     /**
-     * Returns a list of serializable attribute 
-     * names. This method should return the
-     * attribute name even if there is no attribute
-     * value for the attribute.
-     *
+     * Returns a list of serializable attribute names. This method should return
+     * the attribute name even if there is no attribute value for the attribute.
+     * 
      * @return a list of serializable attribute names
      */
     public Enumeration<String> getSerializableAttrNames();
diff --git a/pki/base/common/src/com/netscape/certsrv/dbs/IDBRegistry.java b/pki/base/common/src/com/netscape/certsrv/dbs/IDBRegistry.java
index 4270c9ce..a52c0eb4 100644
--- a/pki/base/common/src/com/netscape/certsrv/dbs/IDBRegistry.java
+++ b/pki/base/common/src/com/netscape/certsrv/dbs/IDBRegistry.java
@@ -17,42 +17,37 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.dbs;
 
-
 import netscape.ldap.LDAPAttributeSet;
 
 import com.netscape.certsrv.base.EBaseException;
 import com.netscape.certsrv.base.ISubsystem;
- 
 
 /**
- * A class represents a registry where all the
- * schema (object classes and attribute) information 
- * is stored.
- *
- * Attribute mappers can be registered with this
- * registry.
- *
- * Given the schema information stored, this registry
- * has knowledge to convert a Java object into a
- * LDAPAttributeSet or vice versa.
- *
- * @version $Revision$, $Date$ 
+ * A class represents a registry where all the schema (object classes and
+ * attribute) information is stored.
+ * 
+ * Attribute mappers can be registered with this registry.
+ * 
+ * Given the schema information stored, this registry has knowledge to convert a
+ * Java object into a LDAPAttributeSet or vice versa.
+ * 
+ * @version $Revision$, $Date$
  */
 public interface IDBRegistry extends ISubsystem {
 
     /**
      * Registers object class.
-     *
+     * 
      * @param className java class to create for the object classes
      * @param ldapNames a list of LDAP object classes
      * @exception EDBException failed to register
      */
     public void registerObjectClass(String className, String ldapNames[])
-        throws EDBException;
+            throws EDBException;
 
     /**
      * See if an object class is registered.
-     *
+     * 
      * @param className java class to create
      * @return true if object class is registered already
      */
@@ -60,17 +55,17 @@ public interface IDBRegistry extends ISubsystem {
 
     /**
      * Registers attribute mapper.
-     *
+     * 
      * @param ufName LDAP attribute name
      * @param mapper mapper to invoke for the attribute
      * @exception EDBException failed to register
      */
-    public void registerAttribute(String ufName, IDBAttrMapper mapper) 
-        throws EDBException;
+    public void registerAttribute(String ufName, IDBAttrMapper mapper)
+            throws EDBException;
 
     /**
      * See if an attribute is registered.
-     *
+     * 
      * @param ufName attribute name
      * @return true if attribute is registered already
      */
@@ -78,14 +73,15 @@ public interface IDBRegistry extends ISubsystem {
 
     /**
      * Registers a dynamic attribute mapper.
+     * 
      * @param mapper The dynamic mapper to register
      */
     public void registerDynamicMapper(IDBDynAttrMapper mapper);
 
     /**
-     * Creates LDAP-based search filters with help of
-     * registered mappers.
-     * Parses filter from filter string specified in RFC1558.
+     * Creates LDAP-based search filters with help of registered mappers. Parses
+     * filter from filter string specified in RFC1558.
+     * 
      * <pre>
      * <filter> ::= '(' <filtercomp> ')'
      * <filtercomp> ::= <and> | <or> | <not> | <item>
@@ -107,7 +103,7 @@ public interface IDBRegistry extends ISubsystem {
      * <starval> ::= NULL | <value> '*' <starval>
      * <final> ::= NULL | <value>
      * </pre>
-     *
+     * 
      * @param filter CMS-based filter
      * @return LDAP-based filter string
      * @exception EBaseException failed to convert filter
@@ -115,57 +111,56 @@ public interface IDBRegistry extends ISubsystem {
     public String getFilter(String filter) throws EBaseException;
 
     /**
-     * Creates LDAP-based search filters with help of
-     * registered mappers.
-     *
+     * Creates LDAP-based search filters with help of registered mappers.
+     * 
      * @param filter CMS-based filter
      * @param c filter converter
      * @return LDAP-based filter string
      * @exception EBaseException failed to convert filter
      */
-    public String getFilter(String filter, IFilterConverter c) 
-        throws EBaseException;
+    public String getFilter(String filter, IFilterConverter c)
+            throws EBaseException;
 
     /**
      * Maps object into LDAP attribute set.
-     *
+     * 
      * @param parent object's parent
      * @param name name of the object
      * @param obj object to be mapped
      * @param attrs LDAP attribute set
      * @exception EBaseException failed to map object
      */
-    public void mapObject(IDBObj parent, String name, Object obj, 
-        LDAPAttributeSet attrs) throws EBaseException;
+    public void mapObject(IDBObj parent, String name, Object obj,
+            LDAPAttributeSet attrs) throws EBaseException;
 
     /**
-     * Retrieves a list of LDAP attributes that are associated
-     * with the given attributes.
-     *
+     * Retrieves a list of LDAP attributes that are associated with the given
+     * attributes.
+     * 
      * @param attrs attributes
      * @return LDAP-based attributes
      * @exception EBaseException failed to map attributes
      */
-    public String[] getLDAPAttributes(String attrs[]) 
-        throws EBaseException;
+    public String[] getLDAPAttributes(String attrs[])
+            throws EBaseException;
 
     /**
      * Creates attribute set from object.
-     *
+     * 
      * @param obj database object
      * @return LDAP attribute set
      * @exception EBaseException failed to create set
      */
-    public LDAPAttributeSet createLDAPAttributeSet(IDBObj obj) 
-        throws EBaseException;
+    public LDAPAttributeSet createLDAPAttributeSet(IDBObj obj)
+            throws EBaseException;
 
     /**
      * Creates object from attribute set.
-     *
+     * 
      * @param attrs LDAP attribute set
      * @return database object
      * @exception EBaseException failed to create object
      */
     public IDBObj createObject(LDAPAttributeSet attrs)
-        throws EBaseException;
+            throws EBaseException;
 }
diff --git a/pki/base/common/src/com/netscape/certsrv/dbs/IDBSSession.java b/pki/base/common/src/com/netscape/certsrv/dbs/IDBSSession.java
index 7f4e4f8c..02ebb23f 100644
--- a/pki/base/common/src/com/netscape/certsrv/dbs/IDBSSession.java
+++ b/pki/base/common/src/com/netscape/certsrv/dbs/IDBSSession.java
@@ -17,45 +17,43 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.dbs;
 
-
 import netscape.ldap.LDAPSearchResults;
 
 import com.netscape.certsrv.base.EBaseException;
 import com.netscape.certsrv.base.ISubsystem;
 
-
 /**
- * An interface represents the database session. Operations
- * can be performed with a session.
- *
- * Transaction and Caching support can be integrated 
- * into session.
- *
- * @version $Revision$, $Date$ 
+ * An interface represents the database session. Operations can be performed
+ * with a session.
+ * 
+ * Transaction and Caching support can be integrated into session.
+ * 
+ * @version $Revision$, $Date$
  */
 public interface IDBSSession {
 
     /**
      * Returns database subsystem.
-     *
+     * 
      * @return subsystem
      */
     public ISubsystem getDBSubsystem();
 
     /**
      * Closes this session.
-     *
+     * 
      * @exception EDBException failed to close session
      */
     public void close() throws EDBException;
 
     /**
      * Adds object to backend database. For example,
+     * 
      * <PRE>
-     *    session.add("cn=123459,o=certificate repository,o=airius.com", 
-     * 			certRec);
+     * session.add(&quot;cn=123459,o=certificate repository,o=airius.com&quot;,
+     *             certRec);
      * </PRE>
-     *
+     * 
      * @param name name of the object
      * @param obj object to be added
      * @exception EDBException failed to add object
@@ -64,7 +62,7 @@ public interface IDBSSession {
 
     /**
      * Reads an object from the database.
-     *
+     * 
      * @param name name of the object that is to be read
      * @return database object
      * @exception EBaseException failed to read object
@@ -72,20 +70,20 @@ public interface IDBSSession {
     public IDBObj read(String name) throws EBaseException;
 
     /**
-     * Reads an object from the database, and only populates
-     * the selected attributes.
-     *
+     * Reads an object from the database, and only populates the selected
+     * attributes.
+     * 
      * @param name name of the object that is to be read
      * @param attrs selected attributes
      * @return database object
      * @exception EBaseException failed to read object
      */
-    public IDBObj read(String name, String attrs[]) 
-        throws EBaseException;
+    public IDBObj read(String name, String attrs[])
+            throws EBaseException;
 
     /**
      * Deletes object from database.
-     *
+     * 
      * @param name name of the object that is to be deleted
      * @exception EBaseException failed to delete object
      */
@@ -93,43 +91,40 @@ public interface IDBSSession {
 
     /**
      * Modify an object in the database.
-     *
+     * 
      * @param name name of the object that is to be modified
      * @param mods modifications
      * @exception EBaseException failed to modify
      */
-    public void modify(String name, ModificationSet mods) 
-        throws EBaseException;
+    public void modify(String name, ModificationSet mods)
+            throws EBaseException;
 
     /**
-     * Searchs for a list of objects that match the 
-     * filter.
-     *
+     * Searchs for a list of objects that match the filter.
+     * 
      * @param base starting point of the search
      * @param filter search filter
      * @return search results
      * @exception EBaseException failed to search
      */
-    public IDBSearchResults search(String base, String filter) 
-        throws EBaseException;
+    public IDBSearchResults search(String base, String filter)
+            throws EBaseException;
 
     /**
-     * Searchs for a list of objects that match the 
-     * filter.
-     *
+     * Searchs for a list of objects that match the filter.
+     * 
      * @param base starting point of the search
      * @param filter search filter
      * @param maxSize max number of entries
      * @return search results
      * @exception EBaseException failed to search
      */
-    public IDBSearchResults search(String base, String filter, int maxSize) 
-        throws EBaseException;
+    public IDBSearchResults search(String base, String filter, int maxSize)
+            throws EBaseException;
 
     /**
-     * Searchs for a list of objects that match the 
-     * filter.
-     *
+     * Searchs for a list of objects that match the filter.
+     * 
      * @param base starting point of the search
      * @param filter search filter
      * @param maxSize max number of entries
@@ -137,25 +132,24 @@ public interface IDBSSession {
      * @return search results
      * @exception EBaseException failed to search
      */
-    public IDBSearchResults search(String base, String filter, int maxSize, 
-        int timeLimit) throws EBaseException;
+    public IDBSearchResults search(String base, String filter, int maxSize,
+            int timeLimit) throws EBaseException;
 
     /**
-     * Retrieves a list of object that satifies the given 
-     * filter.
-     *
+     * Retrieves a list of object that satifies the given filter.
+     * 
      * @param base starting point of the search
      * @param filter search filter
      * @param attrs selected attributes
      * @return search results
      * @exception EBaseException failed to search
      */
-    public IDBSearchResults search(String base, String filter, 
-        String attrs[]) throws EBaseException;
+    public IDBSearchResults search(String base, String filter,
+            String attrs[]) throws EBaseException;
 
     /**
      * Retrieves a list of objects.
-     *
+     * 
      * @param base starting point of the search
      * @param filter search filter
      * @param attrs selected attributes
@@ -163,12 +157,11 @@ public interface IDBSSession {
      * @exception EBaseException failed to search
      */
     public <T> IDBVirtualList<T> createVirtualList(String base, String filter,
-        String attrs[]) throws EBaseException;
+            String attrs[]) throws EBaseException;
 
     /**
-     * Sets persistent search to retrieve modified
-     * certificate records.
-     *
+     * Sets persistent search to retrieve modified certificate records.
+     * 
      * @param base starting point of the search
      * @param filter search filter
      * @param attrs selected attributes
@@ -176,11 +169,11 @@ public interface IDBSSession {
      * @exception EBaseException failed to search
      */
     public LDAPSearchResults persistentSearch(String base, String filter,
-        String attrs[]) throws EBaseException;
+            String attrs[]) throws EBaseException;
 
     /**
      * Retrieves a list of objects.
-     *
+     * 
      * @param base starting point of the search
      * @param filter search filter
      * @param attrs selected attributes
@@ -190,12 +183,12 @@ public interface IDBSSession {
      * @exception EBaseException failed to search
      */
     public <T> IDBVirtualList<T> createVirtualList(String base, String filter,
-        String attrs[], String sortKey, int pageSize) 
-        throws EBaseException;
+            String attrs[], String sortKey, int pageSize)
+            throws EBaseException;
 
     /**
      * Retrieves a list of objects.
-     *
+     * 
      * @param base starting point of the search
      * @param filter search filter
      * @param attrs selected attributes
@@ -206,7 +199,7 @@ public interface IDBSSession {
      * @exception EBaseException failed to search
      */
     public <T> IDBVirtualList<T> createVirtualList(String base, String filter,
-        String attrs[], String startFrom, 
-        String sortKey, int pageSize) 
-        throws EBaseException;
+            String attrs[], String startFrom,
+            String sortKey, int pageSize)
+            throws EBaseException;
 }
diff --git a/pki/base/common/src/com/netscape/certsrv/dbs/IDBSearchResults.java b/pki/base/common/src/com/netscape/certsrv/dbs/IDBSearchResults.java
index 9f15b808..6efd8473 100644
--- a/pki/base/common/src/com/netscape/certsrv/dbs/IDBSearchResults.java
+++ b/pki/base/common/src/com/netscape/certsrv/dbs/IDBSearchResults.java
@@ -17,29 +17,26 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.dbs;
 
-
 import java.util.Enumeration;
- 
 
 /**
- * A class represents the search results. A search
- * results object contain a enumeration of
- * Java objects that are just read from the database.
- *
- * @version $Revision$, $Date$ 
+ * A class represents the search results. A search results object contain a
+ * enumeration of Java objects that are just read from the database.
+ * 
+ * @version $Revision$, $Date$
  */
 public interface IDBSearchResults extends Enumeration<Object> {
 
     /**
      * Checks if any element is available.
-     *
+     * 
      * @return true if there is more elements
      */
     public boolean hasMoreElements();
 
     /**
      * Retrieves next element.
-     *
+     * 
      * @return next element
      */
     public Object nextElement();
diff --git a/pki/base/common/src/com/netscape/certsrv/dbs/IDBSubsystem.java b/pki/base/common/src/com/netscape/certsrv/dbs/IDBSubsystem.java
index 350a29c4..d61e266b 100644
--- a/pki/base/common/src/com/netscape/certsrv/dbs/IDBSubsystem.java
+++ b/pki/base/common/src/com/netscape/certsrv/dbs/IDBSubsystem.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.dbs;
 
-
 import java.math.BigInteger;
 
 import netscape.ldap.LDAPConnection;
@@ -25,22 +24,19 @@ import netscape.ldap.LDAPConnection;
 import com.netscape.certsrv.base.EBaseException;
 import com.netscape.certsrv.base.ISubsystem;
 
-
 /**
- * An interface represents certificate server
- * backend database.
+ * An interface represents certificate server backend database.
  * <P>
- * This interface separate the database subsystem
- * functionalities from internal implementation.
+ * This interface separate the database subsystem functionalities from internal
+ * implementation.
  * <P>
- *
- * @version $Revision$, $Date$ 
+ * 
+ * @version $Revision$, $Date$
  */
 public interface IDBSubsystem extends ISubsystem {
 
     public static final String SUB_ID = "dbs";
 
-
     // values for repos
     public static final int CERTS = 0;
     public static final int REQUESTS = 1;
@@ -49,21 +45,21 @@ public interface IDBSubsystem extends ISubsystem {
 
     /**
      * Retrieves the base DN.
-     *
+     * 
      * @return base DN of the subsystem
      */
     public String getBaseDN();
 
     /**
      * Retrieves the registry.
-     *
+     * 
      * @return registry
      */
     public IDBRegistry getRegistry();
 
     /**
      * Creates a database session.
-     *
+     * 
      * @return database session
      * @exception EDBException failed to create session
      */
@@ -71,145 +67,144 @@ public interface IDBSubsystem extends ISubsystem {
 
     /**
      * Avoids losing serial number.
-     *
+     * 
      * @return true if serial number recovery option is enabled
      */
     public boolean enableSerialNumberRecovery();
 
     /**
      * Records next serial number in config file
-     *
+     * 
      * @param serial next serial number
-     * @exception EBaseException failed to set 
+     * @exception EBaseException failed to set
      */
     public void setNextSerialConfig(BigInteger serial) throws EBaseException;
 
     /**
      * Gets the next serial number in config file
-     *
+     * 
      * @return next serial number
      */
     public BigInteger getNextSerialConfig();
 
     /**
      * Records maximum serial number limit in config file
-     *
+     * 
      * @param serial max serial number
-     * @param repo   repo identifier 
-     * @exception EBaseException failed to set 
+     * @param repo repo identifier
+     * @exception EBaseException failed to set
      */
     public void setMaxSerialConfig(int repo, String serial) throws EBaseException;
 
     /**
      * Records minimum serial number limit in config file
-     *
+     * 
      * @param serial min serial number
-     * @param repo   repo identifier 
-     * @exception EBaseException failed to set 
+     * @param repo repo identifier
+     * @exception EBaseException failed to set
      */
     public void setMinSerialConfig(int repo, String serial) throws EBaseException;
 
     /**
      * Records maximum serial number limit for the next range in config file
-     *
+     * 
      * @param serial max serial number
-     * @param repo   repo identifier 
-     * @exception EBaseException failed to set 
+     * @param repo repo identifier
+     * @exception EBaseException failed to set
      */
     public void setNextMaxSerialConfig(int repo, String serial) throws EBaseException;
 
     /**
      * Records minimum serial number limit for the next range in config file
-     *
+     * 
      * @param serial min serial number
-     * @param repo   repo identifier 
-     * @exception EBaseException failed to set 
+     * @param repo repo identifier
+     * @exception EBaseException failed to set
      */
     public void setNextMinSerialConfig(int repo, String serial) throws EBaseException;
 
     /**
      * Gets minimum serial number limit in config file
-     *
-     * @param repo   repo identifier 
+     * 
+     * @param repo repo identifier
      * @return min serial number
      */
     public String getMinSerialConfig(int repo);
 
     /**
      * Gets the maximum serial number limit in config file
-     *
-     * @param repo   repo identifier 
+     * 
+     * @param repo repo identifier
      * @return max serial number
      */
     public String getMaxSerialConfig(int repo);
 
     /**
      * Gets the maximum serial number limit for next range in config file
-     *
-     * @param repo   repo identifier 
+     * 
+     * @param repo repo identifier
      * @return max serial number
      */
     public String getNextMaxSerialConfig(int repo);
 
     /**
      * Gets minimum serial number limit for next range in config file
-     *
-     * @param repo   repo identifier 
+     * 
+     * @param repo repo identifier
      * @return min serial number
      */
     public String getNextMinSerialConfig(int repo);
-    
+
     /**
      * Gets low water mark limit in config file
-     *
-     * @param repo   repo identifier 
+     * 
+     * @param repo repo identifier
      * @return low water mark
      */
     public String getLowWaterMarkConfig(int repo);
- 
+
     /**
      * Gets range increment limit for next range in config file
-     *
-     * @param repo   repo identifier 
+     * 
+     * @param repo repo identifier
      * @return range increment
      */
     public String getIncrementConfig(int repo);
-  
+
     /**
      * Gets number corresponding to start of next range from database
-     *
-     * @param repo   repo identifier 
+     * 
+     * @param repo repo identifier
      * @return start of next range
      */
     public String getNextRange(int repo);
 
     /**
      * Determines if a range conflict has been observed in database
-     *
-     * @param repo   repo identifier 
+     * 
+     * @param repo repo identifier
      * @return true if range conflict, false otherwise
      */
     public boolean hasRangeConflict(int repo);
 
     /**
      * Determines if serial number management has been enabled
-     *
+     * 
      * @return true if enabled, false otherwise
      */
     public boolean getEnableSerialMgmt();
 
-   /**
-     * Sets whether serial number management is enabled for certs
-     * and requests. 
-     *
-     * @param value   true/false 
-     * @exception EBaseException failed to set 
+    /**
+     * Sets whether serial number management is enabled for certs and requests.
+     * 
+     * @param value true/false
+     * @exception EBaseException failed to set
      */
     public void setEnableSerialMgmt(boolean value) throws EBaseException;
 
     /**
      * Returns LDAP connection to connection pool.
-     *
+     * 
      * @param conn connection to be returned
      */
     public void returnConn(LDAPConnection conn);
diff --git a/pki/base/common/src/com/netscape/certsrv/dbs/IDBVirtualList.java b/pki/base/common/src/com/netscape/certsrv/dbs/IDBVirtualList.java
index 7d175c45..ffd07fb0 100644
--- a/pki/base/common/src/com/netscape/certsrv/dbs/IDBVirtualList.java
+++ b/pki/base/common/src/com/netscape/certsrv/dbs/IDBVirtualList.java
@@ -17,24 +17,21 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.dbs;
 
-
 import com.netscape.certsrv.base.EBaseException;
 
-
 /**
- * A interface represents a virtual list of search results.
- * Note that this class must be used with DS4.0.
- *
+ * A interface represents a virtual list of search results. Note that this class
+ * must be used with DS4.0.
+ * 
  * @version $Revision$, $Date$
  */
-public interface IDBVirtualList<E>  {
+public interface IDBVirtualList<E> {
 
     /**
-     * Sets the paging size of this virtual list.
-     * The page size here is just a buffer size. A buffer is kept around
-     * that is three times as large as the number of visible entries.
-     * That way, you can scroll up/down several items(up to a page-full)
-     * without refetching entries from the directory.
+     * Sets the paging size of this virtual list. The page size here is just a
+     * buffer size. A buffer is kept around that is three times as large as the
+     * number of visible entries. That way, you can scroll up/down several
+     * items(up to a page-full) without refetching entries from the directory.
      * 
      * @param size the page size
      */
@@ -42,7 +39,7 @@ public interface IDBVirtualList<E>  {
 
     /**
      * Sets the sort key
-     *
+     * 
      * @param sortKey the attribute to sort by
      * @exception EBaseException failed to set
      */
@@ -50,95 +47,93 @@ public interface IDBVirtualList<E>  {
 
     /**
      * Sets the sort key
-     *
+     * 
      * @param sortKeys the attributes to sort by
      * @exception EBaseException failed to set
      */
     public void setSortKey(String[] sortKeys) throws EBaseException;
 
     /**
-     * Retrieves the size of this virtual list.
-     * Recommend to call getSize() before getElementAt() or getElements() 
-     * since you'd better check if the index is out of bound first.
-     *
+     * Retrieves the size of this virtual list. Recommend to call getSize()
+     * before getElementAt() or getElements() since you'd better check if the
+     * index is out of bound first.
+     * 
      * @return current size in list
      */
     public int getSize();
 
     /**
      * Returns current index.
-     *
+     * 
      * @return current index
      */
 
     public int getSizeBeforeJumpTo();
+
     public int getSizeAfterJumpTo();
 
     public int getCurrentIndex();
 
-    /** 
-     * Get a page starting at "first" (although we may also fetch
-     * some preceding entries)
-     * Recommend to call getSize() before getElementAt() or getElements() 
-     * since you'd better check if the index is out of bound first.
-     *
+    /**
+     * Get a page starting at "first" (although we may also fetch some preceding
+     * entries) Recommend to call getSize() before getElementAt() or
+     * getElements() since you'd better check if the index is out of bound
+     * first.
+     * 
      * @param first the index of the first entry of the page you want to fetch
      */
     public boolean getPage(int first);
 
-    /** 
-     * Called by application to scroll the list with initial letters.
-     * Consider text to be an initial substring of the attribute of the
-     * primary sorting key(the first one specified in the sort key array)
-     * of an entry.
-     * If no entries match, the one just before(or after, if none before)
-     * will be returned as mSelectedIndex
-     *
+    /**
+     * Called by application to scroll the list with initial letters. Consider
+     * text to be an initial substring of the attribute of the primary sorting
+     * key(the first one specified in the sort key array) of an entry. If no
+     * entries match, the one just before(or after, if none before) will be
+     * returned as mSelectedIndex
+     * 
      * @param text the prefix of the first entry of the page you want to fetch
      */
     public boolean getPage(String text);
 
-    /** 
-     * Fetchs data of a single list item
-     * Recommend to call getSize() before getElementAt() or getElements() 
-     * since you'd better check if the index is out of bound first.
-     * If the index is out of range of the virtual list, an exception 
-     * will be thrown and return null
-     *
+    /**
+     * Fetchs data of a single list item Recommend to call getSize() before
+     * getElementAt() or getElements() since you'd better check if the index is
+     * out of bound first. If the index is out of range of the virtual list, an
+     * exception will be thrown and return null
+     * 
      * @param index the index of the element to fetch
      */
     public E getElementAt(int index);
 
     /**
      * Retrieves and jumps to element in the given position.
-     *
+     * 
      * @param i position
      * @return object
      */
     public E getJumpToElementAt(int i);
 
     /**
-     * Processes elements as soon as it arrives. It is
-     * more memory-efficient. 
-     *
+     * Processes elements as soon as it arrives. It is more memory-efficient.
+     * 
      * @param startidx starting index
      * @param endidx ending index
      * @param ep object to call
      * @exception EBaseException failed to process elements
      */
     public void processElements(int startidx, int endidx, IElementProcessor ep)
-        throws EBaseException;
+            throws EBaseException;
 
-    /** 
+    /**
      * Gets the virutal selected index
-     *
+     * 
      * @return selected index
      */
     public int getSelectedIndex();
 
-    /** 
+    /**
      * Gets the top of the buffer
-     *
+     * 
      * @return first index
      */
     public int getFirstIndex();
diff --git a/pki/base/common/src/com/netscape/certsrv/dbs/IElementProcessor.java b/pki/base/common/src/com/netscape/certsrv/dbs/IElementProcessor.java
index 75702199..648a13ae 100644
--- a/pki/base/common/src/com/netscape/certsrv/dbs/IElementProcessor.java
+++ b/pki/base/common/src/com/netscape/certsrv/dbs/IElementProcessor.java
@@ -17,20 +17,18 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.dbs;
 
-
 import com.netscape.certsrv.base.EBaseException;
 
-
 /**
  * Processor handles object read from the session.
- *
+ * 
  * @version $Revision$, $Date$
  */
 public interface IElementProcessor {
 
     /**
      * Handles object
-     *
+     * 
      * @param o object to be processed
      * @exception EBaseException failed to process object
      */
diff --git a/pki/base/common/src/com/netscape/certsrv/dbs/IFilterConverter.java b/pki/base/common/src/com/netscape/certsrv/dbs/IFilterConverter.java
index 1a078365..0cf293ce 100644
--- a/pki/base/common/src/com/netscape/certsrv/dbs/IFilterConverter.java
+++ b/pki/base/common/src/com/netscape/certsrv/dbs/IFilterConverter.java
@@ -17,14 +17,10 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.dbs;
 
-
-
-
 /**
- * An interface represents a filter converter
- * that understands how to convert a attribute
- * type from one defintion to another.
- * For example, 
+ * An interface represents a filter converter that understands how to convert a
+ * attribute type from one defintion to another. For example,
+ * 
  * <PRE>
  * (1) database layer need to convert
  *     registered attribute type to ldap attribute
@@ -34,13 +30,13 @@ package com.netscape.certsrv.dbs;
  *     attribute type.
  * </PRE>
  * 
- * @version $Revision$, $Date$ 
+ * @version $Revision$, $Date$
  */
 public interface IFilterConverter {
 
     /**
      * Converts attribute into LDAP attribute.
-     *
+     * 
      * @param attr attribute name
      * @param op attribute operation
      * @param value attribute value
diff --git a/pki/base/common/src/com/netscape/certsrv/dbs/Modification.java b/pki/base/common/src/com/netscape/certsrv/dbs/Modification.java
index 9be75f0b..00456711 100644
--- a/pki/base/common/src/com/netscape/certsrv/dbs/Modification.java
+++ b/pki/base/common/src/com/netscape/certsrv/dbs/Modification.java
@@ -17,14 +17,11 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.dbs;
 
-
-
-
 /**
- * A class represents a modification. This is used by the
- * database (dbs) framework for modification operations.
- * It specifices the modification type and values.
- *
+ * A class represents a modification. This is used by the database (dbs)
+ * framework for modification operations. It specifices the modification type
+ * and values.
+ * 
  * @version $Revision$, $Date$
  */
 public class Modification {
@@ -50,7 +47,7 @@ public class Modification {
 
     /**
      * Constructs a role modification.
-     *
+     * 
      * @param name attribute name
      * @param op attribute operation (i.e. MOD_ADD, MOD_DELETE, or MOD_REPLACE)
      * @param value attribute value
@@ -63,7 +60,7 @@ public class Modification {
 
     /**
      * Retrieves attribute name.
-     *
+     * 
      * @return attribute name
      */
     public String getName() {
@@ -72,7 +69,7 @@ public class Modification {
 
     /**
      * Retrieves modification operation type.
-     *
+     * 
      * @return modification type
      */
     public int getOp() {
@@ -81,7 +78,7 @@ public class Modification {
 
     /**
      * Retrieves attribute value.
-     *
+     * 
      * @return attribute value
      */
     public Object getValue() {
diff --git a/pki/base/common/src/com/netscape/certsrv/dbs/ModificationSet.java b/pki/base/common/src/com/netscape/certsrv/dbs/ModificationSet.java
index b737f861..feda8d91 100644
--- a/pki/base/common/src/com/netscape/certsrv/dbs/ModificationSet.java
+++ b/pki/base/common/src/com/netscape/certsrv/dbs/ModificationSet.java
@@ -17,15 +17,13 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.dbs;
 
-
 import java.util.Enumeration;
 import java.util.Vector;
 
-
 /**
- * A class represents a modification set. A modification
- * set contains zero or more modifications.
- *
+ * A class represents a modification set. A modification set contains zero or
+ * more modifications.
+ * 
  * @version $Revision$, $Date$
  */
 public class ModificationSet {
@@ -43,7 +41,7 @@ public class ModificationSet {
 
     /**
      * Adds modification to this set.
-     *
+     * 
      * @param name attribute name
      * @param op modification operation
      * @param value attribute value
@@ -54,7 +52,7 @@ public class ModificationSet {
 
     /**
      * Retrieves a list of modifications.
-     *
+     * 
      * @return a list of Modifications
      */
     public Enumeration<Modification> getModifications() {
diff --git a/pki/base/common/src/com/netscape/certsrv/dbs/certdb/ICertRecord.java b/pki/base/common/src/com/netscape/certsrv/dbs/certdb/ICertRecord.java
index 681e586b..d05c9ed5 100644
--- a/pki/base/common/src/com/netscape/certsrv/dbs/certdb/ICertRecord.java
+++ b/pki/base/common/src/com/netscape/certsrv/dbs/certdb/ICertRecord.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.dbs.certdb;
 
-
 import java.math.BigInteger;
 import java.util.Date;
 
@@ -26,10 +25,9 @@ import netscape.security.x509.X509CertImpl;
 import com.netscape.certsrv.base.MetaInfo;
 import com.netscape.certsrv.dbs.IDBObj;
 
-
 /**
  * An interface contains constants for certificate record.
- *
+ * 
  * @version $Revision$, $Date$
  */
 public interface ICertRecord extends IDBObj {
@@ -71,108 +69,108 @@ public interface ICertRecord extends IDBObj {
     public final static String X509CERT_DURATION = "duration";
     public final static String X509CERT_EXTENSION = "extension";
     public final static String X509CERT_SUBJECT = "subject";
-    public final static String X509CERT_PUBLIC_KEY_DATA ="publicKeyData";
+    public final static String X509CERT_PUBLIC_KEY_DATA = "publicKeyData";
     public final static String X509CERT_VERSION = "version";
     public final static String X509CERT_ALGORITHM = "algorithm";
     public final static String X509CERT_SIGNING_ALGORITHM = "signingAlgorithm";
     public final static String X509CERT_SERIAL_NUMBER = "serialNumber";
 
     /* attribute type used the following with search filter */
-    public final static String ATTR_X509CERT_NOT_BEFORE = 
-        ATTR_X509CERT + "." + X509CERT_NOT_BEFORE;
-    public final static String ATTR_X509CERT_NOT_AFTER = 
-        ATTR_X509CERT + "." + X509CERT_NOT_AFTER;
-    public final static String ATTR_X509CERT_DURATION = 
-        ATTR_X509CERT + "." + X509CERT_DURATION;
-    public final static String ATTR_X509CERT_EXTENSION = 
-        ATTR_X509CERT + "." + X509CERT_EXTENSION;
-    public final static String ATTR_X509CERT_SUBJECT = 
-        ATTR_X509CERT + "." + X509CERT_SUBJECT;
-    public final static String ATTR_X509CERT_VERSION = 
-        ATTR_X509CERT + "." + X509CERT_VERSION;
-    public final static String ATTR_X509CERT_ALGORITHM = 
-        ATTR_X509CERT + "." + X509CERT_ALGORITHM;
-    public final static String ATTR_X509CERT_SIGNING_ALGORITHM = 
-        ATTR_X509CERT + "." + X509CERT_SIGNING_ALGORITHM;
-    public final static String ATTR_X509CERT_SERIAL_NUMBER = 
-        ATTR_X509CERT + "." + X509CERT_SERIAL_NUMBER;
-    public final static String ATTR_X509CERT_PUBLIC_KEY_DATA = 
-        ATTR_X509CERT + "." + X509CERT_PUBLIC_KEY_DATA;
+    public final static String ATTR_X509CERT_NOT_BEFORE =
+            ATTR_X509CERT + "." + X509CERT_NOT_BEFORE;
+    public final static String ATTR_X509CERT_NOT_AFTER =
+            ATTR_X509CERT + "." + X509CERT_NOT_AFTER;
+    public final static String ATTR_X509CERT_DURATION =
+            ATTR_X509CERT + "." + X509CERT_DURATION;
+    public final static String ATTR_X509CERT_EXTENSION =
+            ATTR_X509CERT + "." + X509CERT_EXTENSION;
+    public final static String ATTR_X509CERT_SUBJECT =
+            ATTR_X509CERT + "." + X509CERT_SUBJECT;
+    public final static String ATTR_X509CERT_VERSION =
+            ATTR_X509CERT + "." + X509CERT_VERSION;
+    public final static String ATTR_X509CERT_ALGORITHM =
+            ATTR_X509CERT + "." + X509CERT_ALGORITHM;
+    public final static String ATTR_X509CERT_SIGNING_ALGORITHM =
+            ATTR_X509CERT + "." + X509CERT_SIGNING_ALGORITHM;
+    public final static String ATTR_X509CERT_SERIAL_NUMBER =
+            ATTR_X509CERT + "." + X509CERT_SERIAL_NUMBER;
+    public final static String ATTR_X509CERT_PUBLIC_KEY_DATA =
+            ATTR_X509CERT + "." + X509CERT_PUBLIC_KEY_DATA;
 
     /**
      * Retrieves serial number from stored certificate.
-     *
+     * 
      * @return certificate serial number
      */
     public BigInteger getCertificateSerialNumber();
 
     /**
      * Retrieves serial number from certificate record.
-     *
+     * 
      * @return certificate serial number
      */
     public BigInteger getSerialNumber();
 
     /**
      * Retrieves certificate from certificate record.
-     *
+     * 
      * @return certificate
      */
     public X509CertImpl getCertificate();
 
     /**
      * Retrieves name of who issued this certificate.
-     *
+     * 
      * @return name of who issued this certificate
      */
     public String getIssuedBy();
 
     /**
      * Retrieves name of who revoked this certificate.
-     *
+     * 
      * @return name of who revoked this certificate
      */
     public String getRevokedBy();
 
     /**
      * Retrieves date when this certificate was revoked.
-     *
+     * 
      * @return date when this certificate was revoked
      */
     public Date getRevokedOn();
 
     /**
      * Retrieves meta info.
-     *
+     * 
      * @return meta info
      */
     public MetaInfo getMetaInfo();
 
     /**
      * Retrieves certificate status.
-     *
+     * 
      * @return certificate status
      */
     public String getStatus();
 
     /**
      * Retrieves time of creation of this certificate record.
-     *
+     * 
      * @return time of creation of this certificate record
      */
     public Date getCreateTime();
 
     /**
      * Retrieves time of modification of this certificate record.
-     *
+     * 
      * @return time of modification of this certificate record
      */
     public Date getModifyTime();
 
     /**
      * Retrieves revocation info.
-     *
+     * 
      * @return revocation info
      */
     public IRevocationInfo getRevocationInfo();
-}    
+}
diff --git a/pki/base/common/src/com/netscape/certsrv/dbs/certdb/ICertRecordList.java b/pki/base/common/src/com/netscape/certsrv/dbs/certdb/ICertRecordList.java
index 616bd5db..438d3a05 100644
--- a/pki/base/common/src/com/netscape/certsrv/dbs/certdb/ICertRecordList.java
+++ b/pki/base/common/src/com/netscape/certsrv/dbs/certdb/ICertRecordList.java
@@ -17,80 +17,77 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.dbs.certdb;
 
-
 import java.util.Enumeration;
 
 import com.netscape.certsrv.base.EBaseException;
 import com.netscape.certsrv.dbs.IElementProcessor;
 
-
 /**
  * A class represents a list of certificate records.
  * <P>
- *
+ * 
  * @version $Revision$, $Date$
  */
 public interface ICertRecordList {
 
     /**
      * Gets the current index.
-     *
+     * 
      * @return current index
      */
     public int getCurrentIndex();
 
     /**
      * Retrieves the size of request list.
-     *
+     * 
      * @return size
      */
     public int getSize();
 
     /**
      * Gets size before jump to index.
-     *
+     * 
      * @return size
      */
     public int getSizeBeforeJumpTo();
 
     /**
      * Gets size after jump to index.
-     *
+     * 
      * @return size
      */
     public int getSizeAfterJumpTo();
 
     /**
      * Process certificate record as soon as it is returned.
-     *
+     * 
      * @param startidx starting index
      * @param endidx ending index
      * @param ep element processor
      * @exception EBaseException failed to process cert records
      */
     public void processCertRecords(int startidx, int endidx,
-        IElementProcessor ep) throws EBaseException;
+            IElementProcessor ep) throws EBaseException;
 
     /**
-     * Retrieves requests.
-     * It's no good to call this if you didnt check
-     * if the startidx, endidx are valid.
-     *
+     * Retrieves requests. It's no good to call this if you didnt check if the
+     * startidx, endidx are valid.
+     * 
      * @param startidx starting index
      * @param endidx ending index
      * @exception EBaseException failed to retrieve
      */
     public Enumeration getCertRecords(int startidx, int endidx)
-        throws EBaseException;
+            throws EBaseException;
 
     /**
-     * Gets one single record at a time similar to 
-     * processCertRecords but no extra class needed.
+     * Gets one single record at a time similar to processCertRecords but no
+     * extra class needed.
      * 
      * @param index position of the record to be retrieved
      * @return object
      * @exception EBaseException failed to retrieve
      */
     public ICertRecord getCertRecord(int index)
-        throws EBaseException;
+            throws EBaseException;
 }
diff --git a/pki/base/common/src/com/netscape/certsrv/dbs/certdb/ICertificateRepository.java b/pki/base/common/src/com/netscape/certsrv/dbs/certdb/ICertificateRepository.java
index b913a18c..c4e5ee99 100644
--- a/pki/base/common/src/com/netscape/certsrv/dbs/certdb/ICertificateRepository.java
+++ b/pki/base/common/src/com/netscape/certsrv/dbs/certdb/ICertificateRepository.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.dbs.certdb;
 
-
 import java.math.BigInteger;
 import java.security.cert.Certificate;
 import java.util.Date;
@@ -32,157 +31,154 @@ import com.netscape.certsrv.base.MetaInfo;
 import com.netscape.certsrv.dbs.ModificationSet;
 import com.netscape.certsrv.dbs.repository.IRepository;
 
-
 /**
- * An interface represents a CMS certificate repository. 
- * It stores all the issued certificate.
+ * An interface represents a CMS certificate repository. It stores all the
+ * issued certificate.
  * <P>
- *
+ * 
  * @version $Revision$, $Date$
  */
 public interface ICertificateRepository extends IRepository {
 
     /**
-     * Adds a certificate record to the repository. Each certificate
-     * record contains four parts: certificate, meta-attributes,
-     * issue information and reovcation information.
+     * Adds a certificate record to the repository. Each certificate record
+     * contains four parts: certificate, meta-attributes, issue information and
+     * reovcation information.
      * <P>
-     *
+     * 
      * @param record X.509 certificate
-     * @exception EBaseException failed to add new certificate to
-     * 		the repository
+     * @exception EBaseException failed to add new certificate to the repository
      */
     public void addCertificateRecord(ICertRecord record)
-        throws EBaseException;
+            throws EBaseException;
 
     /**
      * Reads the certificate identified by the given serial no.
-     *
+     * 
      * @param serialNo serial number of certificate
      * @return certificate
      * @exception EBaseException failed to retrieve certificate
      */
     public X509CertImpl getX509Certificate(BigInteger serialNo)
-        throws EBaseException;
+            throws EBaseException;
 
     /**
      * Reads certificate from repository.
-     *
+     * 
      * @param serialNo serial number of certificate
      * @return certificate record
      * @exception EBaseException failed to retrieve certificate
      */
     public ICertRecord readCertificateRecord(BigInteger serialNo)
-        throws EBaseException;
+            throws EBaseException;
 
     /**
      * Sets certificate status update internal
-     *
+     * 
      * @param requestRepo request repository
      * @param interval update interval
      * @param listenToCloneModifications enable listening to clone modifications
      */
-    public void setCertStatusUpdateInterval(IRepository requestRepo, 
-        int interval,
-        boolean listenToCloneModifications);
+    public void setCertStatusUpdateInterval(IRepository requestRepo,
+            int interval,
+            boolean listenToCloneModifications);
 
     /**
      * Updates certificate status now. This is a blocking method.
-     *
+     * 
      * @exception EBaseException failed to update
      */
     public void updateCertStatus() throws EBaseException;
 
     /**
      * Modifies certificate record.
-     *
+     * 
      * @param serialNo serial number of record
      * @param mods modifications
      * @exception EBaseException failed to modify
      */
     public void modifyCertificateRecord(BigInteger serialNo,
-        ModificationSet mods) throws EBaseException;
+            ModificationSet mods) throws EBaseException;
 
     /**
      * Checks if the certificate exists in this repository.
-     *
+     * 
      * @param serialNo serial number of certificate
      * @return true if it exists
      * @exception EBaseException failed to check
      */
     public boolean containsCertificate(BigInteger serialNo)
-        throws EBaseException;
+            throws EBaseException;
 
     /**
      * Deletes certificate from this repository.
-     *
+     * 
      * @param serialNo serial number of certificate
      * @exception EBaseException failed to delete
      */
     public void deleteCertificateRecord(BigInteger serialNo)
-        throws EBaseException;
+            throws EBaseException;
 
     /**
      * Marks certificate as revoked.
-     *
+     * 
      * @param id serial number
      * @param info revocation information
      * @exception EBaseException failed to mark
      */
     public void markAsRevoked(BigInteger id, IRevocationInfo info)
-        throws EBaseException;
+            throws EBaseException;
 
     /**
      * Updates certificate status.
-     *
+     * 
      * @param id serial number
      * @param status certificate status
      * @exception EBaseException failed to update status
      */
     public void updateStatus(BigInteger id, String status)
-        throws EBaseException;
+            throws EBaseException;
 
     /**
      * Marks certificate as renewable.
-     *
+     * 
      * @param record certificate record to modify
      * @exception EBaseException failed to update
      */
     public void markCertificateAsRenewable(ICertRecord record)
-        throws EBaseException;
+            throws EBaseException;
 
     /**
      * Marks certificate as not renewable.
-     *
+     * 
      * @param record certificate record to modify
      * @exception EBaseException failed to update
      */
     public void markCertificateAsNotRenewable(ICertRecord record)
-        throws EBaseException;
+            throws EBaseException;
 
     /**
      * Marks certificate as renewed.
-     *
+     * 
      * @param serialNo certificate record to modify
      * @exception EBaseException failed to update
      */
     public void markCertificateAsRenewed(String serialNo)
-        throws EBaseException;
+            throws EBaseException;
 
     /**
      * Marks certificate as renewed and notified.
-     *
+     * 
      * @param serialNo certificate record to modify
      * @exception EBaseException failed to update
      */
     public void markCertificateAsRenewalNotified(String serialNo)
-        throws EBaseException;
+            throws EBaseException;
 
     /**
-     * Finds a list of certificate records that satisifies
-     * the filter.
-     * Here is a list of filter
-     * attribute can be used:
+     * Finds a list of certificate records that satisifies the filter. Here is a
+     * list of filter attribute can be used:
+     * 
      * <pre>
      *   certRecordId
      *   certMetaInfo
@@ -193,37 +189,36 @@ public interface ICertificateRepository extends IRepository {
      *   x509Cert.notAfter
      *   x509Cert.subject
      * </pre>
-     * The filter should follow RFC1558 LDAP filter syntax.
-     * For example,
+     * 
+     * The filter should follow RFC1558 LDAP filter syntax. For example,
+     * 
      * <pre>
      *   (&(certRecordId=5)(x509Cert.notBefore=934398398))
      * </pre>
-     *
+     * 
      * @param filter search filter
      * @param maxSize max size to return
      * @return a list of certificates
      * @exception EBaseException failed to search
      */
     public Enumeration searchCertificates(String filter, int maxSize)
-        throws EBaseException;
+            throws EBaseException;
 
     /**
-     * Finds a list of certificate records that satisifies
-     * the filter.
-     *
+     * Finds a list of certificate records that satisifies the filter.
+     * 
      * @param filter search filter
      * @param maxSize max size to return
      * @param timeLimit timeout value
      * @return a list of certificates
      * @exception EBaseException failed to search
      */
-    public Enumeration searchCertificates(String filter, int maxSize, 
-        int timeLimit) throws EBaseException;
+    public Enumeration searchCertificates(String filter, int maxSize,
+            int timeLimit) throws EBaseException;
 
     /**
-     * Finds a list of certificate records that satisifies
-     * the filter.
-     *
+     * Finds a list of certificate records that satisifies the filter.
+     * 
      * @param filter search filter
      * @param attrs selected attribute
      * @param pageSize page size
@@ -231,12 +226,11 @@ public interface ICertificateRepository extends IRepository {
      * @exception EBaseException failed to search
      */
     public ICertRecordList findCertRecordsInList(String filter,
-        String attrs[], int pageSize) throws EBaseException;
+            String attrs[], int pageSize) throws EBaseException;
 
     /**
-     * Finds a list of certificate records that satisifies
-     * the filter.
-     *
+     * Finds a list of certificate records that satisifies the filter.
+     * 
      * @param filter search filter
      * @param attrs selected attribute
      * @param sortKey key to use for sorting the returned elements
@@ -245,13 +239,12 @@ public interface ICertificateRepository extends IRepository {
      * @exception EBaseException failed to search
      */
     public ICertRecordList findCertRecordsInList(String filter,
-        String attrs[], String sortKey, int pageSize) 	
-        throws EBaseException;
+            String attrs[], String sortKey, int pageSize)
+            throws EBaseException;
 
     /**
-     * Finds a list of certificate records that satisifies
-     * the filter.
-     *
+     * Finds a list of certificate records that satisifies the filter.
+     * 
      * @param filter search filter
      * @param attrs selected attribute
      * @param jumpTo jump to index
@@ -261,17 +254,16 @@ public interface ICertificateRepository extends IRepository {
      * @exception EBaseException failed to search
      */
     public ICertRecordList findCertRecordsInList(String filter,
-        String attrs[], String jumpTo, String sortKey, int pageSize) 	
-        throws EBaseException;
+            String attrs[], String jumpTo, String sortKey, int pageSize)
+            throws EBaseException;
 
     public ICertRecordList findCertRecordsInList(String filter,
-        String attrs[], String jumpTo, boolean hardJumpTo, String sortKey, int pageSize) 	
-        throws EBaseException;
+            String attrs[], String jumpTo, boolean hardJumpTo, String sortKey, int pageSize)
+            throws EBaseException;
 
     /**
-     * Finds a list of certificate records that satisifies
-     * the filter.
-     *
+     * Finds a list of certificate records that satisifies the filter.
+     * 
      * @param filter search filter
      * @param attrs selected attribute
      * @param jumpTo jump to index
@@ -281,120 +273,119 @@ public interface ICertificateRepository extends IRepository {
      * @exception EBaseException failed to search
      */
     public ICertRecordList findCertRecordsInListRawJumpto(String filter,
-        String attrs[], String jumpTo, String sortKey, int pageSize)
-        throws EBaseException;
+            String attrs[], String jumpTo, String sortKey, int pageSize)
+            throws EBaseException;
 
     public static final int ALL_CERTS = 0;
     public static final int ALL_VALID_CERTS = 1;
     public static final int ALL_UNREVOKED_CERTS = 2;
 
     /**
-     * Gets all valid and unexpired certificates pertaining
-     * to a subject DN.
-     *
-     * @param subjectDN	The distinguished name of the subject.
-     * @param validityType	The type of certificatese to retrieve.
+     * Gets all valid and unexpired certificates pertaining to a subject DN.
+     * 
+     * @param subjectDN The distinguished name of the subject.
+     * @param validityType The type of certificatese to retrieve.
      * @return An array of certificates.
      * @throws EBaseException on error.
      */
     public X509CertImpl[] getX509Certificates(String subjectDN,
-        int validityType) throws EBaseException;
+            int validityType) throws EBaseException;
 
     /**
      * Retrieves all the revoked certificates that have not expired.
-     *
+     * 
      * @param asOfDate as of date
      * @return a list of revoked certificates
      * @exception EBaseException failed to retrieve
      */
     public Enumeration getRevokedCertificates(Date asOfDate)
-        throws EBaseException;
+            throws EBaseException;
 
     /**
-     * Retrieves all revoked certificates including ones that have expired
-     * or that are not yet valid.
-     *
+     * Retrieves all revoked certificates including ones that have expired or
+     * that are not yet valid.
+     * 
      * @return a list of revoked certificates
      * @exception EBaseException failed to search
      */
     public Enumeration getAllRevokedCertificates()
-        throws EBaseException;
+            throws EBaseException;
 
     /**
      * Retrieves all revoked but not expired certificates.
-     *
+     * 
      * @return a list of revoked certificates
      * @exception EBaseException failed to search
      */
     public Enumeration getAllRevokedNonExpiredCertificates()
-        throws EBaseException;
+            throws EBaseException;
 
     /**
-     * Finds all certificates given a filter. 
-     *
+     * Finds all certificates given a filter.
+     * 
      * @param filter search filter
      * @return a list of certificates
      * @exception EBaseException failed to search
      */
     public Enumeration findCertificates(String filter)
-        throws EBaseException;
+            throws EBaseException;
 
     /**
      * Finds all certificate records given a filter.
-     *
+     * 
      * @param filter search filter
      * @return a list of certificates
      * @exception EBaseException failed to search
      */
     public Enumeration findCertRecords(String filter)
-        throws EBaseException;
+            throws EBaseException;
 
     /**
-     * Gets Revoked certs orderes by noAfter date, jumps to records 
-     * where notAfter date is greater than current.
-     *
+     * Gets Revoked certs orderes by noAfter date, jumps to records where
+     * notAfter date is greater than current.
+     * 
      * @param date reference date
      * @param pageSize page size
      * @return a list of certificate records
      * @exception EBaseException failed to retrieve
      */
-    public ICertRecordList getRevokedCertsByNotAfterDate(Date date, 
-        int pageSize) throws EBaseException;	
+    public ICertRecordList getRevokedCertsByNotAfterDate(Date date,
+            int pageSize) throws EBaseException;
 
     /**
-     * Gets Invalid certs orderes by noAfter date, jumps to records 
-     * where notAfter date is greater than current.
-     *
+     * Gets Invalid certs orderes by noAfter date, jumps to records where
+     * notAfter date is greater than current.
+     * 
      * @param date reference date
      * @param pageSize page size
      * @return a list of certificate records
      * @exception EBaseException failed to retrieve
      */
-    public ICertRecordList getInvalidCertsByNotBeforeDate(Date date,   
-        int pageSize) throws EBaseException;
+    public ICertRecordList getInvalidCertsByNotBeforeDate(Date date,
+            int pageSize) throws EBaseException;
 
     /**
-     * Gets valid certs orderes by noAfter date, jumps to records 
-     * where notAfter date is greater than current.
-     *
+     * Gets valid certs orderes by noAfter date, jumps to records where notAfter
+     * date is greater than current.
+     * 
      * @param date reference date
      * @param pageSize page size
      * @return a list of certificate records
      * @exception EBaseException failed to retrieve
      */
-    public ICertRecordList getValidCertsByNotAfterDate(Date date, 
-        int pageSize) throws EBaseException;
+    public ICertRecordList getValidCertsByNotAfterDate(Date date,
+            int pageSize) throws EBaseException;
 
     /**
      * Creates certificate record.
-     *
+     * 
      * @param id serial number
      * @param cert certificate
      * @param meta meta information
      * @return certificate record
      */
-    public ICertRecord createCertRecord(BigInteger id, 
-        Certificate cert, MetaInfo meta);
+    public ICertRecord createCertRecord(BigInteger id,
+            Certificate cert, MetaInfo meta);
 
     /**
      * Finds certificate records.
@@ -404,21 +395,21 @@ public interface ICertificateRepository extends IRepository {
      * @exception EBaseException failed to retrieve cert records
      */
     public Enumeration findCertRecs(String filter)
-        throws EBaseException;
+            throws EBaseException;
 
     /**
      * Retrieves renewable certificates.
-     *
+     * 
      * @param renewalTime renewal time
      * @return certificates
      * @exception EBaseException failed to retrieve
      */
     public Hashtable getRenewableCertificates(String renewalTime)
-        throws EBaseException;
+            throws EBaseException;
 
     /**
      * Unmark a revoked certificates.
-     *
+     * 
      * @param id serial number
      * @param info revocation information
      * @param revokedOn revocation date
@@ -426,85 +417,85 @@ public interface ICertificateRepository extends IRepository {
      * @exception EBaseException failed to unmark
      */
     public void unmarkRevoked(BigInteger id, IRevocationInfo info,
-        Date revokedOn, String revokedBy)
-        throws EBaseException;
+            Date revokedOn, String revokedBy)
+            throws EBaseException;
 
     /**
      * Retrieves valid and not published certificates.
-     *
+     * 
      * @param from starting serial number
      * @param to ending serial number
      * @return a list of certificates
      * @exception EBaseException failed to retrieve
      */
     public Enumeration getValidNotPublishedCertificates(String from, String to)
-        throws EBaseException;
+            throws EBaseException;
 
     /**
      * Retrieves expired and published certificates.
-     *
+     * 
      * @param from starting serial number
      * @param to ending serial number
      * @return a list of certificates
      * @exception EBaseException failed to retrieve
      */
     public Enumeration getExpiredPublishedCertificates(String from, String to)
-        throws EBaseException;
+            throws EBaseException;
 
     /**
      * Retrieves revoked and published certificates.
-     *
+     * 
      * @param from starting serial number
      * @param to ending serial number
      * @return a list of certificates
      * @exception EBaseException failed to retrieve
      */
     public Enumeration getRevokedPublishedCertificates(String from, String to)
-        throws EBaseException;
+            throws EBaseException;
 
     /**
      * Retrieves valid certificates.
-     *
+     * 
      * @param from starting serial number
      * @param to ending serial number
      * @return a list of certificates
      * @exception EBaseException failed to retrieve
      */
     public Enumeration getValidCertificates(String from, String to)
-        throws EBaseException;
+            throws EBaseException;
 
     /**
      * Retrieves expired certificates.
-     *
+     * 
      * @param from starting serial number
      * @param to ending serial number
      * @return a list of certificates
      * @exception EBaseException failed to retrieve
      */
     public Enumeration getExpiredCertificates(String from, String to)
-        throws EBaseException;
+            throws EBaseException;
 
     /**
      * Retrieves revoked certificates.
-     *
+     * 
      * @param from starting serial number
      * @param to ending serial number
      * @return a list of certificates
      * @exception EBaseException failed to retrieve
      */
     public Enumeration getRevokedCertificates(String from, String to)
-        throws EBaseException;
+            throws EBaseException;
 
     /**
      * Retrieves modified certificate records.
-     *
+     * 
      * @param entry LDAPEntry with modified data
      */
-     public void getModifications(LDAPEntry entry);
+    public void getModifications(LDAPEntry entry);
 
     /**
      * Removes certificate records with this repository.
-     *
+     * 
      * @param beginS BigInteger with radix 16
      * @param endS BigInteger with radix 16
      */
diff --git a/pki/base/common/src/com/netscape/certsrv/dbs/certdb/IRevocationInfo.java b/pki/base/common/src/com/netscape/certsrv/dbs/certdb/IRevocationInfo.java
index 2086cacb..b2a08087 100644
--- a/pki/base/common/src/com/netscape/certsrv/dbs/certdb/IRevocationInfo.java
+++ b/pki/base/common/src/com/netscape/certsrv/dbs/certdb/IRevocationInfo.java
@@ -17,32 +17,30 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.dbs.certdb;
 
-
 import java.util.Date;
 
 import netscape.security.x509.CRLExtensions;
 
-
 /**
- * A class represents a certificate revocation info. This
- * object is written as an attribute of certificate record 
- * which essentially signifies a revocation act.
+ * A class represents a certificate revocation info. This object is written as
+ * an attribute of certificate record which essentially signifies a revocation
+ * act.
  * <P>
- *
+ * 
  * @version $Revision$, $Date$
  */
 public interface IRevocationInfo {
 
     /**
      * Retrieves revocation date.
-     *
+     * 
      * @return revocation date
      */
     public Date getRevocationDate();
 
     /**
      * Retrieves CRL entry extensions.
-     *
+     * 
      * @return CRL entry extensions
      */
     public CRLExtensions getCRLEntryExtensions();
diff --git a/pki/base/common/src/com/netscape/certsrv/dbs/crldb/ICRLIssuingPointRecord.java b/pki/base/common/src/com/netscape/certsrv/dbs/crldb/ICRLIssuingPointRecord.java
index 78acced0..f1093d2b 100644
--- a/pki/base/common/src/com/netscape/certsrv/dbs/crldb/ICRLIssuingPointRecord.java
+++ b/pki/base/common/src/com/netscape/certsrv/dbs/crldb/ICRLIssuingPointRecord.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.dbs.crldb;
 
-
 import java.math.BigInteger;
 import java.util.Date;
 import java.util.Hashtable;
@@ -26,11 +25,9 @@ import netscape.security.x509.RevokedCertificate;
 
 import com.netscape.certsrv.dbs.IDBObj;
 
-
 /**
- * An interface that defines abilities of
- * a CRL issuing point record.
- *
+ * An interface that defines abilities of a CRL issuing point record.
+ * 
  * @version $Revision$, $Date$
  */
 public interface ICRLIssuingPointRecord extends IDBObj {
@@ -52,111 +49,112 @@ public interface ICRLIssuingPointRecord extends IDBObj {
     public static final String ATTR_DELTA_CRL = "deltaRevocationList";
 
     public static final String CLEAN_CACHE = "-1";
-    public static final String NEW_CACHE   = "-2";
+    public static final String NEW_CACHE = "-2";
 
     /**
      * Retrieve unique CRL identifier.
-     *
+     * 
      * @return unique CRL identifier
      */
     public String getId();
 
     /**
      * Retrieves current CRL number out of CRL issuing point record.
-     *
+     * 
      * @return current CRL number
      */
     public BigInteger getCRLNumber();
 
     /**
      * Retrieves CRL size measured by the number of entries.
-     *
+     * 
      * @return CRL size
      */
     public Long getCRLSize();
 
     /**
      * Retrieves this update time.
-     *
+     * 
      * @return time of this update
      */
     public Date getThisUpdate();
 
     /**
      * Retrieves next update time.
-     *
+     * 
      * @return time of next update
      */
     public Date getNextUpdate();
 
     /**
      * Retrieves current delta CRL number out of CRL issuing point record.
-     *
+     * 
      * @return current delta CRL number
      */
     public BigInteger getDeltaCRLNumber();
 
     /**
      * Retrieves delta CRL size measured by the number of entries.
-     *
+     * 
      * @return delta CRL size
      */
     public Long getDeltaCRLSize();
 
     /**
      * Retrieve Retrieve reference to the first unsaved data.
-     *
+     * 
      * @return reference to the first unsaved data
      */
     public String getFirstUnsaved();
 
     /**
      * Retrieves encoded CRL.
-     *
+     * 
      * @return encoded CRL
      */
     public byte[] getCRL();
 
     /**
      * Retrieves encoded delta CRL.
-     *
+     * 
      * @return encoded delta CRL
      */
     public byte[] getDeltaCRL();
 
     /**
      * Retrieves encoded CA certificate.
-     *
+     * 
      * @return encoded CA certificate
      */
     public byte[] getCACert();
 
     /**
      * Retrieves cache information about CRL.
-     *
+     * 
      * @return list of recently revoked certificates
      */
-    public Hashtable<BigInteger,RevokedCertificate> getCRLCacheNoClone();
-    public Hashtable<BigInteger,RevokedCertificate> getCRLCache();
+    public Hashtable<BigInteger, RevokedCertificate> getCRLCacheNoClone();
+
+    public Hashtable<BigInteger, RevokedCertificate> getCRLCache();
 
     /**
      * Retrieves cache information about revoked certificates.
-     *
+     * 
      * @return list of recently revoked certificates
      */
-    public Hashtable<BigInteger,RevokedCertificate> getRevokedCerts();
+    public Hashtable<BigInteger, RevokedCertificate> getRevokedCerts();
 
     /**
      * Retrieves cache information about certificates released from hold.
-     *
+     * 
      * @return list of certificates recently released from hold
      */
-    public Hashtable<BigInteger,RevokedCertificate> getUnrevokedCerts();
+    public Hashtable<BigInteger, RevokedCertificate> getUnrevokedCerts();
 
     /**
      * Retrieves cache information about expired certificates.
-     *
+     * 
      * @return list of recently expired certificates
      */
-    public Hashtable<BigInteger,RevokedCertificate> getExpiredCerts();
+    public Hashtable<BigInteger, RevokedCertificate> getExpiredCerts();
 }
diff --git a/pki/base/common/src/com/netscape/certsrv/dbs/crldb/ICRLRepository.java b/pki/base/common/src/com/netscape/certsrv/dbs/crldb/ICRLRepository.java
index ba245bcf..b685bca0 100644
--- a/pki/base/common/src/com/netscape/certsrv/dbs/crldb/ICRLRepository.java
+++ b/pki/base/common/src/com/netscape/certsrv/dbs/crldb/ICRLRepository.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.dbs.crldb;
 
-
 import java.math.BigInteger;
 import java.util.Date;
 import java.util.Hashtable;
@@ -26,63 +25,63 @@ import java.util.Vector;
 import com.netscape.certsrv.base.EBaseException;
 import com.netscape.certsrv.dbs.ModificationSet;
 
-
 /**
- * An interface represents a CMS CRL repository. It stores 
- * all the CRL issuing points.
- *
+ * An interface represents a CMS CRL repository. It stores all the CRL issuing
+ * points.
+ * 
  * @version $Revision$, $Date$
  */
 public interface ICRLRepository {
 
     /**
      * Adds CRL issuing point record.
-     *
+     * 
      * @param rec issuing point record
      * @exception EBaseException failed to add new issuing point record
      */
     public void addCRLIssuingPointRecord(ICRLIssuingPointRecord rec)
-        throws EBaseException;
+            throws EBaseException;
 
     /**
      * Retrieves all the issuing points' names.
-     *
+     * 
      * @return A list of issuing points' names.
-     * @exception EBaseException failed to retrieve all the issuing points' names.
+     * @exception EBaseException failed to retrieve all the issuing points'
+     *                names.
      */
     public Vector getIssuingPointsNames() throws EBaseException;
 
     /**
      * Reads issuing point record.
-     *
+     * 
      * @return issuing point record
      * @exception EBaseException failed to read issuing point record
      */
     public ICRLIssuingPointRecord readCRLIssuingPointRecord(String id)
-        throws EBaseException;
+            throws EBaseException;
 
     /**
      * Deletes issuing point record.
-     *
+     * 
      * @param id issuing point record id
      * @exception EBaseException failed to delete issuing point record
      */
     public void deleteCRLIssuingPointRecord(String id)
-        throws EBaseException;
+            throws EBaseException;
 
     /**
      * Modifies issuing point record.
-     *
+     * 
      * @param id issuing point record id
      * @param mods set of modifications
      * @exception EBaseException failed to modify issuing point record
      */
     public void modifyCRLIssuingPointRecord(String id, ModificationSet mods)
-        throws EBaseException;
+            throws EBaseException;
 
     /**
      * Updates CRL issuing point record.
-     *
+     * 
      * @param id issuing point record id
      * @param newCRL encoded binary CRL
      * @param thisUpdate time of this update
@@ -92,12 +91,12 @@ public interface ICRLRepository {
      * @exception EBaseException failed to update issuing point record
      */
     public void updateCRLIssuingPointRecord(String id, byte[] newCRL,
-        Date thisUpdate, Date nextUpdate, BigInteger crlNumber, Long crlSize)
-        throws EBaseException;
+            Date thisUpdate, Date nextUpdate, BigInteger crlNumber, Long crlSize)
+            throws EBaseException;
 
     /**
      * Updates CRL issuing point record.
-     *
+     * 
      * @param id issuing point record id
      * @param newCRL encoded binary CRL
      * @param thisUpdate time of this update
@@ -110,34 +109,34 @@ public interface ICRLRepository {
      * @exception EBaseException failed to update issuing point record
      */
     public void updateCRLIssuingPointRecord(String id, byte[] newCRL,
-        Date thisUpdate, Date nextUpdate, BigInteger crlNumber, Long crlSize,
-        Hashtable revokedCerts, Hashtable unrevokedCerts, Hashtable expiredCerts)
-        throws EBaseException;
+            Date thisUpdate, Date nextUpdate, BigInteger crlNumber, Long crlSize,
+            Hashtable revokedCerts, Hashtable unrevokedCerts, Hashtable expiredCerts)
+            throws EBaseException;
 
     /**
      * Updates CRL issuing point record.
-     *
+     * 
      * @param id issuing point record id
      * @param revokedCerts list of revoked certificates
      * @param unrevokedCerts list of released from hold certificates
      * @exception EBaseException failed to update issuing point record
      */
     public void updateRevokedCerts(String id, Hashtable revokedCerts, Hashtable unrevokedCerts)
-        throws EBaseException;
+            throws EBaseException;
 
     /**
      * Updates CRL issuing point record.
-     *
+     * 
      * @param id issuing point record id
      * @param expiredCerts list of expired certificates
      * @exception EBaseException failed to update issuing point record
      */
     public void updateExpiredCerts(String id, Hashtable expiredCerts)
-        throws EBaseException;
+            throws EBaseException;
 
     /**
      * Updates CRL issuing point record.
-     *
+     * 
      * @param id issuing point record id
      * @param crlSize CRL size
      * @param revokedCerts list of revoked certificates
@@ -146,14 +145,14 @@ public interface ICRLRepository {
      * @exception EBaseException failed to update issuing point record
      */
     public void updateCRLCache(String id, Long crlSize,
-        Hashtable revokedCerts,
-        Hashtable unrevokedCerts,
-        Hashtable expiredCerts)
-        throws EBaseException;
+            Hashtable revokedCerts,
+            Hashtable unrevokedCerts,
+            Hashtable expiredCerts)
+            throws EBaseException;
 
     /**
      * Updates CRL issuing point record with delta-CRL.
-     *
+     * 
      * @param id issuing point record id
      * @param deltaCRLNumber delta CRL number
      * @param deltaCRLSize delta CRL size
@@ -164,16 +163,16 @@ public interface ICRLRepository {
     public void updateDeltaCRL(String id, BigInteger deltaCRLNumber,
                                Long deltaCRLSize, Date nextUpdate,
                                byte[] deltaCRL)
-        throws EBaseException;
+            throws EBaseException;
 
     /**
-     * Updates CRL issuing point record with reference to the first
-     * unsaved data.
-     *
+     * Updates CRL issuing point record with reference to the first unsaved
+     * data.
+     * 
      * @param id issuing point record id
      * @param firstUnsaved reference to the first unsaved data
      * @exception EBaseException failed to update issuing point record
      */
     public void updateFirstUnsaved(String id, String firstUnsaved)
-        throws EBaseException;
+            throws EBaseException;
 }
diff --git a/pki/base/common/src/com/netscape/certsrv/dbs/keydb/IKeyRecord.java b/pki/base/common/src/com/netscape/certsrv/dbs/keydb/IKeyRecord.java
index 0edcc187..010661d8 100644
--- a/pki/base/common/src/com/netscape/certsrv/dbs/keydb/IKeyRecord.java
+++ b/pki/base/common/src/com/netscape/certsrv/dbs/keydb/IKeyRecord.java
@@ -17,16 +17,14 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.dbs.keydb;
 
-
 import java.math.BigInteger;
 import java.util.Date;
 
 import com.netscape.certsrv.base.EBaseException;
 
-
 /**
  * An interface contains constants for key record.
- *
+ * 
  * @version $Revision$, $Date$
  */
 public interface IKeyRecord {
@@ -42,15 +40,15 @@ public interface IKeyRecord {
     public static final String ATTR_MODIFY_TIME = "keyModifyTime";
     public static final String ATTR_META_INFO = "keyMetaInfo";
     public static final String ATTR_ARCHIVED_BY = "keyArchivedBy";
-    
+
     // key state
     public static final String STATUS_ANY = "ANY";
     public static final String STATUS_VALID = "VALID";
     public static final String STATUS_INVALID = "INVALID";
-    
+
     /**
      * Retrieves the state of the key.
-     *
+     * 
      * @return key state
      * @exception EBaseException failed to retrieve state of the key
      */
@@ -58,15 +56,15 @@ public interface IKeyRecord {
 
     /**
      * Retrieves key identifier.
-     *
+     * 
      * @return key id
      * @exception EBaseException failed to retrieve key id
      */
-    public BigInteger getSerialNumber() throws EBaseException; 
+    public BigInteger getSerialNumber() throws EBaseException;
 
     /**
      * Retrieves key owner name.
-     *
+     * 
      * @return key owner name
      * @exception EBaseException failed to retrieve key owner name
      */
@@ -74,53 +72,53 @@ public interface IKeyRecord {
 
     /**
      * Retrieves key algorithm.
-     *
+     * 
      * @return key algorithm
      */
-    public String getAlgorithm(); 
+    public String getAlgorithm();
 
     /**
      * Retrieves key length.
-     *
+     * 
      * @return key length
      * @exception EBaseException failed to retrieve key length
      */
-    public Integer getKeySize() throws EBaseException; 
+    public Integer getKeySize() throws EBaseException;
 
     /**
      * Retrieves archiver identifier.
-     *
+     * 
      * @return archiver uid
      */
-    public String getArchivedBy(); 
+    public String getArchivedBy();
 
     /**
      * Retrieves creation time.
-     *
+     * 
      * @return creation time
      */
-    public Date getCreateTime(); 
+    public Date getCreateTime();
 
     /**
      * Retrieves last modification time.
-     *
+     * 
      * @return modification time
      */
-    public Date getModifyTime(); 
+    public Date getModifyTime();
 
     /**
      * Retrieves dates of recovery.
-     *
+     * 
      * @return recovery history
      * @exception EBaseException failed to retrieve recovery history
      */
-    public Date[] getDateOfRevocation() throws EBaseException; 
+    public Date[] getDateOfRevocation() throws EBaseException;
 
     /**
      * Retrieves public key data.
-     *
+     * 
      * @return public key data
      * @exception EBaseException failed to retrieve public key data
      */
     public byte[] getPublicKeyData() throws EBaseException;
-}    
+}
diff --git a/pki/base/common/src/com/netscape/certsrv/dbs/keydb/IKeyRecordList.java b/pki/base/common/src/com/netscape/certsrv/dbs/keydb/IKeyRecordList.java
index 5da23945..75f83389 100644
--- a/pki/base/common/src/com/netscape/certsrv/dbs/keydb/IKeyRecordList.java
+++ b/pki/base/common/src/com/netscape/certsrv/dbs/keydb/IKeyRecordList.java
@@ -17,35 +17,33 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.dbs.keydb;
 
-
 import java.util.Enumeration;
 
 import com.netscape.certsrv.base.EBaseException;
 
-
 /**
  * A class represents a list of key records.
  * <P>
- *
+ * 
  * @version $Revision$, $Date$
  */
 public interface IKeyRecordList {
 
     /**
-     * Retrieves the size of key list. 
-     *
+     * Retrieves the size of key list.
+     * 
      * @return size of key list
      */
     public int getSize();
 
     /**
      * Retrieves key records.
-     *
+     * 
      * @param startidx start index
      * @param endidx end index
      * @return key records
      * @exception EBaseException failed to retrieve key records
      */
     public Enumeration<IKeyRecord> getKeyRecords(int startidx, int endidx)
-        throws EBaseException;
+            throws EBaseException;
 }
diff --git a/pki/base/common/src/com/netscape/certsrv/dbs/keydb/IKeyRepository.java b/pki/base/common/src/com/netscape/certsrv/dbs/keydb/IKeyRepository.java
index 093bea25..5feaf932 100644
--- a/pki/base/common/src/com/netscape/certsrv/dbs/keydb/IKeyRepository.java
+++ b/pki/base/common/src/com/netscape/certsrv/dbs/keydb/IKeyRepository.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.dbs.keydb;
 
-
 import java.math.BigInteger;
 import java.security.PublicKey;
 import java.util.Enumeration;
@@ -28,12 +27,11 @@ import com.netscape.certsrv.base.EBaseException;
 import com.netscape.certsrv.dbs.ModificationSet;
 import com.netscape.certsrv.dbs.repository.IRepository;
 
-
 /**
- * An interface represents a Key repository. This is the 
- * container of archived keys.
+ * An interface represents a Key repository. This is the container of archived
+ * keys.
  * <P>
- *
+ * 
  * @version $Revision$, $Date$
  */
 public interface IKeyRepository extends IRepository {
@@ -41,7 +39,7 @@ public interface IKeyRepository extends IRepository {
     /**
      * Archives a key to the repository.
      * <P>
-     *
+     * 
      * @param record key record
      * @exception EBaseException failed to archive key
      */
@@ -50,61 +48,60 @@ public interface IKeyRepository extends IRepository {
     /**
      * Reads an archived key by serial number.
      * <P>
-     *
+     * 
      * @param serialNo serial number
      * @return key record
      * @exception EBaseException failed to recover key
      */
     public IKeyRecord readKeyRecord(BigInteger serialNo)
-        throws EBaseException;
+            throws EBaseException;
 
     /**
      * Reads an archived key by b64 encoded cert.
      * <P>
-     *
+     * 
      * @param cert b64 encoded cert
      * @return key record
      * @exception EBaseException failed to recover key
      */
     public IKeyRecord readKeyRecord(String cert)
-        throws EBaseException;
+            throws EBaseException;
 
     /**
      * Reads an archived key by owner name.
      * <P>
-     *
+     * 
      * @param ownerName owner name
      * @return key record
      * @exception EBaseException failed to recover key
      */
     public IKeyRecord readKeyRecord(X500Name ownerName)
-        throws EBaseException;
+            throws EBaseException;
 
     /**
      * Reads archived key using public key.
-     *
-     * @param publicKey public key that is corresponding 
-     *     to the private key
+     * 
+     * @param publicKey public key that is corresponding to the private key
      * @return key record
      * @exception EBaseException failed to read key
      */
     public IKeyRecord readKeyRecord(PublicKey publicKey)
-        throws EBaseException;
+            throws EBaseException;
 
     /**
      * Searches for private keys.
-     *
+     * 
      * @param filter LDAP filter for the search
      * @param maxSize maximium number of entries to be returned
      * @return a list of private key records
      * @exception EBaseException failed to search keys
      */
     public Enumeration searchKeys(String filter, int maxSize)
-        throws EBaseException;
+            throws EBaseException;
 
     /**
      * Searches for private keys.
-     *
+     * 
      * @param filter LDAP filter for the search
      * @param maxSize maximium number of entries to be returned
      * @param timeLimt timeout value
@@ -112,30 +109,31 @@ public interface IKeyRepository extends IRepository {
      * @exception EBaseException failed to search keys
      */
     public Enumeration searchKeys(String filter, int maxSize, int timeLimt)
-        throws EBaseException;
+            throws EBaseException;
 
     /**
      * Deletes a key record.
-     *
+     * 
      * @param serialno key identifier
      * @exception EBaseException failed to delete key record
      */
     public void deleteKeyRecord(BigInteger serialno)
-        throws EBaseException;
+            throws EBaseException;
 
     /**
      * Modifies key record in this repository.
-     *
+     * 
      * @param serialNo key identifier
      * @param mods modification of key records
      * @exception EBaseException failed to modify key record
      */
     public void modifyKeyRecord(BigInteger serialNo,
-        ModificationSet mods) throws EBaseException;
+            ModificationSet mods) throws EBaseException;
 
     /**
-     * Searchs for a list of key records.
-     * Here is a list of supported filter attributes:
+     * Searchs for a list of key records. Here is a list of supported filter
+     * attributes:
+     * 
      * <pre>
      *   keySerialNumber
      *   keyState
@@ -149,7 +147,7 @@ public interface IKeyRepository extends IRepository {
      *   keyModifyTime
      *   keyMetaInfo
      * </pre>
-     *
+     * 
      * @param filter search filter
      * @param attrs list of attributes to be returned
      * @param pageSize virtual list page size
@@ -157,11 +155,11 @@ public interface IKeyRepository extends IRepository {
      * @exception EBaseException failed to search key records
      */
     public IKeyRecordList findKeyRecordsInList(String filter,
-        String attrs[], int pageSize) throws EBaseException;
+            String attrs[], int pageSize) throws EBaseException;
 
     /**
      * Searchs for a list of key records.
-     *
+     * 
      * @param filter search filter
      * @param attrs list of attributes to be returned
      * @param sortKey name of attribute that the list should be sorted by
@@ -170,6 +168,6 @@ public interface IKeyRepository extends IRepository {
      * @exception EBaseException failed to search key records
      */
     public IKeyRecordList findKeyRecordsInList(String filter,
-        String attrs[], String sortKey, int pageSize) 
-        throws EBaseException;
+            String attrs[], String sortKey, int pageSize)
+            throws EBaseException;
 }
diff --git a/pki/base/common/src/com/netscape/certsrv/dbs/keydb/KeyState.java b/pki/base/common/src/com/netscape/certsrv/dbs/keydb/KeyState.java
index e4baf91e..3ab0bd3a 100644
--- a/pki/base/common/src/com/netscape/certsrv/dbs/keydb/KeyState.java
+++ b/pki/base/common/src/com/netscape/certsrv/dbs/keydb/KeyState.java
@@ -17,15 +17,13 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.dbs.keydb;
 
-
 import java.io.Serializable;
 
-
 /**
- * A class represents key state. This object is to
- * encapsulate the life cycle of a key.
+ * A class represents key state. This object is to encapsulate the life cycle of
+ * a key.
  * <P>
- *
+ * 
  * @version $Revision$, $Date$
  */
 public final class KeyState implements Serializable {
@@ -42,62 +40,67 @@ public final class KeyState implements Serializable {
     private KeyState(int code) {
         mStateCode = code;
     }
-	
+
     /**
      * Request state.
      */
-    public final static KeyState ANY = new  KeyState(-1);
+    public final static KeyState ANY = new KeyState(-1);
     public final static KeyState VALID = new KeyState(0);
     public final static KeyState INVALID = new KeyState(1);
-		
+
     /**
      * Checks if the given object equals to this object.
-     *
+     * 
      * @param other object to be compared
      * @return true if both objects are the same
      */
     public boolean equals(Object other) {
-        if (this == other) 
+        if (this == other)
             return true;
         else if (other instanceof KeyState)
             return ((KeyState) other).mStateCode == mStateCode;
-        else 
+        else
             return false;
     }
 
     /**
      * Returns the hash code.
-     *
+     * 
      * @return hash code
      */
     public int hashCode() {
         return mStateCode;
     }
-	
+
     /**
      * Return the string-representation of this object.
-     *
+     * 
      * @return string value
      */
     public String toString() {
-        if (mStateCode == -1) return "ANY";
-        if (mStateCode == 0) return "VALID";
-        if (mStateCode == 1) return "INVAILD";
+        if (mStateCode == -1)
+            return "ANY";
+        if (mStateCode == 0)
+            return "VALID";
+        if (mStateCode == 1)
+            return "INVAILD";
         return "[UNDEFINED]";
-		
+
     }
 
     /**
      * Converts a string into a key state object.
-     *
+     * 
      * @param state state in string-representation
      * @return key state object
      */
     public static KeyState toKeyState(String state) {
-        if (state.equalsIgnoreCase("ANY")) return ANY; 
-        if (state.equalsIgnoreCase("VALID")) return VALID; 
-        if (state.equalsIgnoreCase("INVALID")) return INVALID; 
+        if (state.equalsIgnoreCase("ANY"))
+            return ANY;
+        if (state.equalsIgnoreCase("VALID"))
+            return VALID;
+        if (state.equalsIgnoreCase("INVALID"))
+            return INVALID;
         return null;
     }
 }
-
diff --git a/pki/base/common/src/com/netscape/certsrv/dbs/replicadb/IReplicaIDRepository.java b/pki/base/common/src/com/netscape/certsrv/dbs/replicadb/IReplicaIDRepository.java
index 660b6e9e..25953c3d 100644
--- a/pki/base/common/src/com/netscape/certsrv/dbs/replicadb/IReplicaIDRepository.java
+++ b/pki/base/common/src/com/netscape/certsrv/dbs/replicadb/IReplicaIDRepository.java
@@ -19,12 +19,11 @@ package com.netscape.certsrv.dbs.replicadb;
 
 import com.netscape.certsrv.dbs.repository.IRepository;
 
-
 /**
- * An interface represents a ReplicaID Repository. 
- * It provides unique managed replica IDs.
+ * An interface represents a ReplicaID Repository. It provides unique managed
+ * replica IDs.
  * <P>
- *
+ * 
  * @version $Revision$, $Date$
  */
 public interface IReplicaIDRepository extends IRepository {
diff --git a/pki/base/common/src/com/netscape/certsrv/dbs/repository/IRepository.java b/pki/base/common/src/com/netscape/certsrv/dbs/repository/IRepository.java
index 5ff90241..707eb813 100644
--- a/pki/base/common/src/com/netscape/certsrv/dbs/repository/IRepository.java
+++ b/pki/base/common/src/com/netscape/certsrv/dbs/repository/IRepository.java
@@ -22,18 +22,18 @@ import java.math.BigInteger;
 import com.netscape.certsrv.base.EBaseException;
 
 /**
- * An interface represents a generic repository. It maintains unique 
- * serial number within repository.
+ * An interface represents a generic repository. It maintains unique serial
+ * number within repository.
  * <P>
- *
+ * 
  * @version $Revision$, $Date$
  */
 public interface IRepository {
 
     /**
-     * Retrieves the next serial number, and also increase the
-     * serial number by one.
-     *
+     * Retrieves the next serial number, and also increase the serial number by
+     * one.
+     * 
      * @return serial number
      * @exception EBaseException failed to retrieve next serial number
      */
@@ -58,30 +58,30 @@ public interface IRepository {
      * @param serial maximum number
      * @exception EBaseException failed to set maximum serial number
      */
-    public void setMaxSerial (String serial) throws EBaseException;
-   
+    public void setMaxSerial(String serial) throws EBaseException;
+
     /**
      * Set the maximum serial number in next range.
      * 
      * @param serial maximum number
-     * @exception EBaseException failed to set maximum serial number in next range
+     * @exception EBaseException failed to set maximum serial number in next
+     *                range
      */
     public void setNextMaxSerial(String serial) throws EBaseException;
 
     /**
-     * Checks to see if a new range is needed, or if we have reached the end of the 
-     * current range, or if a range conflict has occurred.
+     * Checks to see if a new range is needed, or if we have reached the end of
+     * the current range, or if a range conflict has occurred.
      * 
      * @exception EBaseException failed to check next range for conflicts
      */
     public void checkRanges() throws EBaseException;
 
-     /**
-     * Sets whether serial number management is enabled for certs
-     * and requests. 
-     *
-     * @param value   true/false 
-     * @exception EBaseException failed to set 
+    /**
+     * Sets whether serial number management is enabled for certs and requests.
+     * 
+     * @param value true/false
+     * @exception EBaseException failed to set
      */
     public void setEnableSerialMgmt(boolean value) throws EBaseException;
 
diff --git a/pki/base/common/src/com/netscape/certsrv/dbs/repository/IRepositoryRecord.java b/pki/base/common/src/com/netscape/certsrv/dbs/repository/IRepositoryRecord.java
index 326ea466..7eac4173 100644
--- a/pki/base/common/src/com/netscape/certsrv/dbs/repository/IRepositoryRecord.java
+++ b/pki/base/common/src/com/netscape/certsrv/dbs/repository/IRepositoryRecord.java
@@ -22,23 +22,23 @@ import java.math.BigInteger;
 import com.netscape.certsrv.dbs.IDBObj;
 
 /**
- * An interface represents a generic repository record. 
- * It maintains unique serial number within repository.
+ * An interface represents a generic repository record. It maintains unique
+ * serial number within repository.
  * <P>
- *
+ * 
  * @version $Revision$, $Date$
  */
 public interface IRepositoryRecord extends IDBObj {
 
-	public final static String ATTR_SERIALNO = "serialNo";
-	public final static String ATTR_PUB_STATUS = "publishingStatus";
+    public final static String ATTR_SERIALNO = "serialNo";
+    public final static String ATTR_PUB_STATUS = "publishingStatus";
 
-	/**
-	 * Retrieves serial number.
-	 *
-	 * @return serial number
-	 */
-	public BigInteger getSerialNumber();
+    /**
+     * Retrieves serial number.
+     * 
+     * @return serial number
+     */
+    public BigInteger getSerialNumber();
 
-	public String getPublishingStatus();
+    public String getPublishingStatus();
 }
diff --git a/pki/base/common/src/com/netscape/certsrv/evaluators/IAccessEvaluator.java b/pki/base/common/src/com/netscape/certsrv/evaluators/IAccessEvaluator.java
index 8c291447..f2b25ab3 100644
--- a/pki/base/common/src/com/netscape/certsrv/evaluators/IAccessEvaluator.java
+++ b/pki/base/common/src/com/netscape/certsrv/evaluators/IAccessEvaluator.java
@@ -17,16 +17,14 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.evaluators;
 
-
 import com.netscape.certsrv.authentication.IAuthToken;
 
-
 /**
- * A class represents an evaluator.  An evaluator is used to
- * evaluate an expression.  For example, one can write an evaluator to 
- * evaluate if a user belongs to a certain group.  An evaluator is
- * generally used for access control expression evaluation, however, it
- * can be used for other evaluation-related operations.
+ * A class represents an evaluator. An evaluator is used to evaluate an
+ * expression. For example, one can write an evaluator to evaluate if a user
+ * belongs to a certain group. An evaluator is generally used for access control
+ * expression evaluation, however, it can be used for other evaluation-related
+ * operations.
  * <P>
  * 
  * @version $Revision$, $Date$
@@ -39,47 +37,50 @@ public interface IAccessEvaluator {
     public void init();
 
     /**
-     * Gets the type of the evaluator.  Type is defined by each
-     * evaluator plugin.  Each evaluator plugin should have a unique type.
+     * Gets the type of the evaluator. Type is defined by each evaluator plugin.
+     * Each evaluator plugin should have a unique type.
+     * 
      * @return type of the evaluator
      */
     public String getType();
 
     /**
      * Gets the description of the evaluator
+     * 
      * @return a text description for this evaluator
      */
     public String getDescription();
 
     /**
-     * Evaluates if the given value satisfies the access
-     * control in current context.
+     * Evaluates if the given value satisfies the access control in current
+     * context.
+     * 
      * @param type Type of the evaluator, eg, user, group etc
      * @param op Operator of the evaluator, eg, =, !=
-     * @param value Part of the expression that can be used to
-     * evaluate, e.g, value can be the name of the group if the
-     * purpose of the evaluator is to evaluate if the user is a member 
-     * of the group.
+     * @param value Part of the expression that can be used to evaluate, e.g,
+     *            value can be the name of the group if the purpose of the
+     *            evaluator is to evaluate if the user is a member of the group.
      * @return true if the evaluation expression is matched; false otherwise.
      */
     public boolean evaluate(String type, String op, String value);
 
     /**
-     * Evaluates if the given value satisfies the access
-     * control in authToken obtained from Authentication.
+     * Evaluates if the given value satisfies the access control in authToken
+     * obtained from Authentication.
+     * 
      * @param authToken Authentication token
      * @param type Type of the evaluator, eg, user, group etc
      * @param op Operator of the evaluator, eg, =, !=
-     * @param value Part of the expression that can be used to
-     * evaluate, e.g, value can be the name of the group if the
-     * purpose of the evaluator is to evaluate if the user is a member 
-     * of the group.
+     * @param value Part of the expression that can be used to evaluate, e.g,
+     *            value can be the name of the group if the purpose of the
+     *            evaluator is to evaluate if the user is a member of the group.
      * @return true if the evaluation expression is matched; false otherwise.
      */
     public boolean evaluate(IAuthToken authToken, String type, String op, String value);
 
     /**
      * Get the supported operators for this evaluator
+     * 
      * @return Supported operators in string array
      */
     public String[] getSupportedOperators();
diff --git a/pki/base/common/src/com/netscape/certsrv/extensions/EExtensionsException.java b/pki/base/common/src/com/netscape/certsrv/extensions/EExtensionsException.java
index df4c1444..40fe80f9 100644
--- a/pki/base/common/src/com/netscape/certsrv/extensions/EExtensionsException.java
+++ b/pki/base/common/src/com/netscape/certsrv/extensions/EExtensionsException.java
@@ -17,13 +17,11 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.extensions;
 
-
 import com.netscape.certsrv.base.EBaseException;
 
-
 /**
  * This represents the extensions exception.
- *
+ * 
  * @version $Revision$, $Date$
  */
 public class EExtensionsException extends EBaseException {
@@ -36,7 +34,7 @@ public class EExtensionsException extends EBaseException {
      * Resource class name.
      */
     private static final String EXTENSIONS_RESOURCES =
-        ExtensionsResources.class.getName();
+            ExtensionsResources.class.getName();
 
     public EExtensionsException(String msgFormat) {
         super(msgFormat);
diff --git a/pki/base/common/src/com/netscape/certsrv/extensions/ExtensionsResources.java b/pki/base/common/src/com/netscape/certsrv/extensions/ExtensionsResources.java
index 4d7ee06c..ca1e4545 100644
--- a/pki/base/common/src/com/netscape/certsrv/extensions/ExtensionsResources.java
+++ b/pki/base/common/src/com/netscape/certsrv/extensions/ExtensionsResources.java
@@ -17,13 +17,11 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.extensions;
 
-
 import java.util.ListResourceBundle;
 
-
 /**
  * This represents the resources for extensions.
- *
+ * 
  * @version $Revision$, $Date$
  */
 public class ExtensionsResources extends ListResourceBundle {
diff --git a/pki/base/common/src/com/netscape/certsrv/extensions/ICMSExtension.java b/pki/base/common/src/com/netscape/certsrv/extensions/ICMSExtension.java
index fb4bb1f7..04086adc 100644
--- a/pki/base/common/src/com/netscape/certsrv/extensions/ICMSExtension.java
+++ b/pki/base/common/src/com/netscape/certsrv/extensions/ICMSExtension.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.extensions;
 
-
 import netscape.security.util.ObjectIdentifier;
 import netscape.security.x509.Extension;
 
@@ -26,11 +25,10 @@ import com.netscape.certsrv.base.IArgBlock;
 import com.netscape.certsrv.base.IConfigStore;
 import com.netscape.certsrv.base.ISubsystem;
 
-
 /**
- * CMS extension interface, for creating extensions from http input and 
- * displaying extensions to html forms. 
- *
+ * CMS extension interface, for creating extensions from http input and
+ * displaying extensions to html forms.
+ * 
  * @version $Revision$, $Date$
  */
 public interface ICMSExtension {
@@ -42,11 +40,12 @@ public interface ICMSExtension {
      * initialize from configuration file
      */
     public void init(ISubsystem owner, IConfigStore config)
-        throws EBaseException; 
+            throws EBaseException;
 
     /**
-     * Get name of this extension. 
-     * @return the name of this CMS extension, for 
+     * Get name of this extension.
+     * 
+     * @return the name of this CMS extension, for
      */
     public String getName();
 
@@ -54,21 +53,22 @@ public interface ICMSExtension {
      * Get object identifier associated with this extension.
      */
     public ObjectIdentifier getOID();
-	
+
     /**
      * Get an instance of the extension given http input.
+     * 
      * @return an instance of the extension.
      */
-    public Extension getExtension(IArgBlock argblock) 
-        throws EBaseException;
+    public Extension getExtension(IArgBlock argblock)
+            throws EBaseException;
 
     /**
-     * Get Javascript name value pairs to put into the request processing 
+     * Get Javascript name value pairs to put into the request processing
      * template.
-     * @return name value pairs 
+     * 
+     * @return name value pairs
      */
     public IArgBlock getFormParams(Extension extension)
-        throws EBaseException;
+            throws EBaseException;
 
 }
-
diff --git a/pki/base/common/src/com/netscape/certsrv/jobs/EJobsException.java b/pki/base/common/src/com/netscape/certsrv/jobs/EJobsException.java
index 154cb4e4..cc0923ae 100644
--- a/pki/base/common/src/com/netscape/certsrv/jobs/EJobsException.java
+++ b/pki/base/common/src/com/netscape/certsrv/jobs/EJobsException.java
@@ -17,14 +17,12 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.jobs;
 
-
 import com.netscape.certsrv.base.EBaseException;
 
-
 /**
  * A class represents a jobs exception.
  * <P>
- *
+ * 
  * @version $Revision$, $Date$
  */
 public class EJobsException extends EBaseException {
diff --git a/pki/base/common/src/com/netscape/certsrv/jobs/IJob.java b/pki/base/common/src/com/netscape/certsrv/jobs/IJob.java
index 1c3842bf..3a154541 100644
--- a/pki/base/common/src/com/netscape/certsrv/jobs/IJob.java
+++ b/pki/base/common/src/com/netscape/certsrv/jobs/IJob.java
@@ -17,72 +17,76 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.jobs;
 
-
 import com.netscape.certsrv.base.EBaseException;
 import com.netscape.certsrv.base.IConfigStore;
 import com.netscape.certsrv.base.ISubsystem;
 
-
 /**
- * An interface to be implemented from for a job to be scheduled by
- * the Jobs Scheduler.
- *
- * @version $Revision$, $Date$ 
+ * An interface to be implemented from for a job to be scheduled by the Jobs
+ * Scheduler.
+ * 
+ * @version $Revision$, $Date$
  */
 public interface IJob {
 
     /**
      * Initialize from the configuration file.
+     * 
      * @param id String name of this instance
      * @param implName string name of this implementation
      * @param config configuration store for this instance
      * @exception EBaseException any initilization failure
      */
     public void init(ISubsystem owner, String id, String implName,
-        IConfigStore config) throws EBaseException;
+            IConfigStore config) throws EBaseException;
 
     /**
      * tells if the job is enabled
-     * @return a boolean value indicating whether the job is enabled
-     * or not
+     * 
+     * @return a boolean value indicating whether the job is enabled or not
      */
     public boolean isEnabled();
 
     /**
      * set instance id.
+     * 
      * @param id String id of the instance
      */
     public void setId(String id);
 
     /**
      * get instance id.
+     * 
      * @return a String identifier
      */
     public String getId();
 
     /**
      * get cron string associated with this job
+     * 
      * @return a JobCron object that represents the schedule of this job
      */
     public IJobCron getJobCron();
 
     /**
-     * Returns a list of configuration parameter names. 
-     * The list is passed to the configuration console so instances of 
-     * this implementation can be configured through the console.
-     *
+     * Returns a list of configuration parameter names. The list is passed to
+     * the configuration console so instances of this implementation can be
+     * configured through the console.
+     * 
      * @return String array of configuration parameter names.
      */
     public String[] getConfigParams();
 
     /**
      * gets the plugin name of this job.
+     * 
      * @return a String that is the name of this implementation
      */
     public String getImplName();
 
     /**
      * Gets the configuration substore used by this job
+     * 
      * @return configuration store
      */
     public IConfigStore getConfigStore();
diff --git a/pki/base/common/src/com/netscape/certsrv/jobs/IJobCron.java b/pki/base/common/src/com/netscape/certsrv/jobs/IJobCron.java
index 1e238f60..3a841717 100644
--- a/pki/base/common/src/com/netscape/certsrv/jobs/IJobCron.java
+++ b/pki/base/common/src/com/netscape/certsrv/jobs/IJobCron.java
@@ -17,33 +17,26 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.jobs;
 
-
-
-
 /**
  * class representing one Job cron information
- * <p>here, an "item" refers to one of the 5 fields in a cron string;
- * "element" refers to any comma-deliminated element in an
- * "item"...which includes both numbers and '-' separated ranges.
- * A cron string in the configuration takes the following format:
- * <i>minute (0-59),
- * hour (0-23),
- * day of the month (1-31),
- * month of the year (1-12),
- * day of the week (0-6 with 0=Sunday)</i>
  * <p>
- * e.g. jobsScheduler.job.rnJob1.cron=30 11,23 * * 1-5
- * In this example, the job "rnJob1" will be executed from Monday
- * through Friday, at 11:30am and 11:30pm.
+ * here, an "item" refers to one of the 5 fields in a cron string; "element"
+ * refers to any comma-deliminated element in an "item"...which includes both
+ * numbers and '-' separated ranges. A cron string in the configuration takes
+ * the following format: <i>minute (0-59), hour (0-23), day of the month (1-31),
+ * month of the year (1-12), day of the week (0-6 with 0=Sunday)</i>
+ * <p>
+ * e.g. jobsScheduler.job.rnJob1.cron=30 11,23 * * 1-5 In this example, the job
+ * "rnJob1" will be executed from Monday through Friday, at 11:30am and 11:30pm.
  * <p>
- *
+ * 
  * @version $Revision$, $Date$
  */
 public interface IJobCron {
     /**
-     * constant that represents the configuration parameter
-     * "cron" for the job that this JobCron is associated with.  The
-     * value of which should conform to the cron format specified above.
+     * constant that represents the configuration parameter "cron" for the job
+     * that this JobCron is associated with. The value of which should conform
+     * to the cron format specified above.
      */
     public static final String PROP_CRON = "cron";
 
diff --git a/pki/base/common/src/com/netscape/certsrv/jobs/IJobsScheduler.java b/pki/base/common/src/com/netscape/certsrv/jobs/IJobsScheduler.java
index 844250de..00a3478f 100644
--- a/pki/base/common/src/com/netscape/certsrv/jobs/IJobsScheduler.java
+++ b/pki/base/common/src/com/netscape/certsrv/jobs/IJobsScheduler.java
@@ -17,32 +17,27 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.jobs;
 
-
 import java.util.Hashtable;
 
 import com.netscape.certsrv.base.EBaseException;
 import com.netscape.certsrv.base.ISubsystem;
 
-
 /**
- * An interface that represents the job scheduler component.  A JobScheduler
- * is a daemon thread that handles scheduled jobs like cron would
- * do with different jobs.  This daemon wakes up at a pre-configured
- * interval to see
- * if there is any job to be done, if so, a thread is created to execute
- * the job(s).
+ * An interface that represents the job scheduler component. A JobScheduler is a
+ * daemon thread that handles scheduled jobs like cron would do with different
+ * jobs. This daemon wakes up at a pre-configured interval to see if there is
+ * any job to be done, if so, a thread is created to execute the job(s).
  * <p>
- * The interval <b>jobsScheduler.interval</b> in the configuration is
- * specified as number of minutes.  If not set, the default is 1 minute.
- * Note that the cron specification for each job CAN NOT be finer than
- * the granularity of the Scheduler daemon interval.  For example, if
- * the daemon interval is set to 5 minute, a job cron for every minute
- * at 7am on each Tuesday (e.g. * 7 * * 2) will result in the
- * execution of the job thread only once every 5 minutes during that
- * hour.  <b>The inteval value is recommended at 1 minute, setting it
- * otherwise has the potential of forever missing the beat</b>. Use
- * with caution.
- *
+ * The interval <b>jobsScheduler.interval</b> in the configuration is specified
+ * as number of minutes. If not set, the default is 1 minute. Note that the cron
+ * specification for each job CAN NOT be finer than the granularity of the
+ * Scheduler daemon interval. For example, if the daemon interval is set to 5
+ * minute, a job cron for every minute at 7am on each Tuesday (e.g. * 7 * * 2)
+ * will result in the execution of the job thread only once every 5 minutes
+ * during that hour. <b>The inteval value is recommended at 1 minute, setting it
+ * otherwise has the potential of forever missing the beat</b>. Use with
+ * caution.
+ * 
  * @version $Revision$, $Date$
  */
 public interface IJobsScheduler extends ISubsystem {
@@ -52,111 +47,114 @@ public interface IJobsScheduler extends ISubsystem {
     public final static String ID = "jobsScheduler";
 
     /**
-     * constant that represents the configuration parameter
-     * "enabled" for this component in CMS.cfg.  The value of which
-     * tells CMS whether the JobsScheduler is enabled or not
+     * constant that represents the configuration parameter "enabled" for this
+     * component in CMS.cfg. The value of which tells CMS whether the
+     * JobsScheduler is enabled or not
      */
     public static final String PROP_ENABLED = "enabled";
 
     /**
-     * constant that represents the configuration parameter
-     * "interval" for this component in CMS.cfg.  The value of which
-     * tells CMS the interval that the JobsScheduler thread should
-     * wake up and look for jobs to execute
+     * constant that represents the configuration parameter "interval" for this
+     * component in CMS.cfg. The value of which tells CMS the interval that the
+     * JobsScheduler thread should wake up and look for jobs to execute
      */
     public static final String PROP_INTERVAL = "interval";
 
     /**
-     * constant that represents the configuration parameter
-     * "class" for this component in CMS.cfg.  The values of which are 
-     * the actual implementation classes
+     * constant that represents the configuration parameter "class" for this
+     * component in CMS.cfg. The values of which are the actual implementation
+     * classes
      */
     public static final String PROP_CLASS = "class";
 
     /**
-     * constant that represents the configuration parameter
-     * "job" for this component in CMS.cfg.  The values of which gives 
-     * configuration information specific to one single job instance.
-     * There may be multiple jobs served by the jobsScheduler
+     * constant that represents the configuration parameter "job" for this
+     * component in CMS.cfg. The values of which gives configuration information
+     * specific to one single job instance. There may be multiple jobs served by
+     * the jobsScheduler
      */
     public static final String PROP_JOB = "job";
 
     /**
-     * constant that represents the configuration parameter
-     * "impl" for this component in CMS.cfg.  The values of which are
-     * actual plugin implementation(s)
+     * constant that represents the configuration parameter "impl" for this
+     * component in CMS.cfg. The values of which are actual plugin
+     * implementation(s)
      */
     public static final String PROP_IMPL = "impl";
 
     /**
-     * constant that represents the configuration parameter
-     * "pluginName" for this component in CMS.cfg.  The value of which 
-     * gives the pluginName for the job it associates with
+     * constant that represents the configuration parameter "pluginName" for
+     * this component in CMS.cfg. The value of which gives the pluginName for
+     * the job it associates with
      */
     public static final String PROP_PLUGIN = "pluginName";
 
     /**
      * Retrieves all the job implementations.
+     * 
      * @return a Hashtable of available job plugin implementations
      */
     public Hashtable<String, JobPlugin> getPlugins();
 
     /**
      * Retrieves all the job instances.
+     * 
      * @return a Hashtable of job instances
      */
-    public Hashtable<String, IJob>  getInstances();
+    public Hashtable<String, IJob> getInstances();
 
     /**
-     * Retrieves the configuration parameters of the given
-     * implementation.  It is used to return to the Console for
-     * configuration
+     * Retrieves the configuration parameters of the given implementation. It is
+     * used to return to the Console for configuration
+     * 
      * @param implName the pulubin implementation name
-     * @return a String array of required configuration parameters of
-     * the given implementation.
-     * @exception EJobsException when job plugin implementation can
-     * not be found, instantiation is impossible, permission problem
-     * with the class.
+     * @return a String array of required configuration parameters of the given
+     *         implementation.
+     * @exception EJobsException when job plugin implementation can not be
+     *                found, instantiation is impossible, permission problem
+     *                with the class.
      */
-    public String[] getConfigParams(String implName) 
-        throws EJobsException;
+    public String[] getConfigParams(String implName)
+            throws EJobsException;
 
     /**
      * Writes a message to the system log.
-     * @param level an integer representing the log message level.
-     * Depending on the configuration set by the administrator, this
-     * value is a determining factor for whether this message will be
-     * actually logged or not.  The lower the level, the higher the
-     * priority, and the higher chance it will be logged.
-     * @param msg the message to be written.  Ideally should call
-     * CMS.getLogMessage() to get the localizable message 
-     * from the log properties file.
+     * 
+     * @param level an integer representing the log message level. Depending on
+     *            the configuration set by the administrator, this value is a
+     *            determining factor for whether this message will be actually
+     *            logged or not. The lower the level, the higher the priority,
+     *            and the higher chance it will be logged.
+     * @param msg the message to be written. Ideally should call
+     *            CMS.getLogMessage() to get the localizable message from the
+     *            log properties file.
      */
-    public void log(int level, String msg); 
+    public void log(int level, String msg);
 
     /**
      * Sets daemon's wakeup interval.
+     * 
      * @param minutes time in minutes that is to be the frequency of
-     * JobsScheduler wakeup call.
+     *            JobsScheduler wakeup call.
      */
-    public void setInterval(int minutes); 
+    public void setInterval(int minutes);
 
     /**
-     * Starts up the JobsScheduler daemon.  Usually called from the
+     * Starts up the JobsScheduler daemon. Usually called from the
      * initialization method when it's successfully initialized.
      */
     public void startDaemon();
 
     /**
-     * Creates a job cron.  Each job is associated with a "cron" which 
-     * specifies the rule of frequency that this job should be
-     * executed (e.g. every Sunday at midnight).  This method is
-     * called by each job at initialization time.
-     * @param cs the string that represents the cron.  See IJobCron
-     * for detail of the format.
+     * Creates a job cron. Each job is associated with a "cron" which specifies
+     * the rule of frequency that this job should be executed (e.g. every Sunday
+     * at midnight). This method is called by each job at initialization time.
+     * 
+     * @param cs the string that represents the cron. See IJobCron for detail of
+     *            the format.
      * @return IJobCron an IJobCron
-     * @exception EBaseException when the cron string, cs, can not be
-     * parsed correctly
+     * @exception EBaseException when the cron string, cs, can not be parsed
+     *                correctly
      */
     public IJobCron createJobCron(String cs) throws EBaseException;
 }
diff --git a/pki/base/common/src/com/netscape/certsrv/jobs/JobPlugin.java b/pki/base/common/src/com/netscape/certsrv/jobs/JobPlugin.java
index 33b7e7f2..95eae095 100644
--- a/pki/base/common/src/com/netscape/certsrv/jobs/JobPlugin.java
+++ b/pki/base/common/src/com/netscape/certsrv/jobs/JobPlugin.java
@@ -17,15 +17,12 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.jobs;
 
-
-
-
 /**
- * This class represents a job plugin registered with the
- * JobScheduler.  A Job plugin can be instantiated into a Job instance 
- * and scheduled by the JobScheduler to run at a scheduled interval
+ * This class represents a job plugin registered with the JobScheduler. A Job
+ * plugin can be instantiated into a Job instance and scheduled by the
+ * JobScheduler to run at a scheduled interval
  * <P>
- *
+ * 
  * @version $Revision$, $Date$
  */
 public class JobPlugin {
@@ -34,18 +31,19 @@ public class JobPlugin {
      */
     protected String mId = null;
     /**
-     * The Java class name of this job plugin.
-     * e.g. com.netscape.cms.RenewalNotificationJob
+     * The Java class name of this job plugin. e.g.
+     * com.netscape.cms.RenewalNotificationJob
      */
     protected String mClassPath = null;
 
     /*
      * Seems to be unused, should be removed
      */
-    //    protected Class mClass = null;
+    // protected Class mClass = null;
 
     /**
      * Constructor for a Job plugin.
+     * 
      * @param id job plugin name
      * @param classPath the Java class name of this job plugin
      */
@@ -56,6 +54,7 @@ public class JobPlugin {
 
     /**
      * get the job plugin name
+     * 
      * @return the name of this job plugin
      */
     public String getId() {
@@ -64,6 +63,7 @@ public class JobPlugin {
 
     /**
      * get the Java class name
+     * 
      * @return the Java class name of this plugin
      */
     public String getClassPath() {
diff --git a/pki/base/common/src/com/netscape/certsrv/jobs/JobsResources.java b/pki/base/common/src/com/netscape/certsrv/jobs/JobsResources.java
index 9bc82826..ef3ec953 100644
--- a/pki/base/common/src/com/netscape/certsrv/jobs/JobsResources.java
+++ b/pki/base/common/src/com/netscape/certsrv/jobs/JobsResources.java
@@ -17,14 +17,11 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.jobs;
 
-
 import java.util.ListResourceBundle;
 
-
 /**
- * A class represents a resource bundle for the 
- * Jobs package
- *
+ * A class represents a resource bundle for the Jobs package
+ * 
  * @version $Revision$, $Date$
  */
 public class JobsResources extends ListResourceBundle {
@@ -37,8 +34,7 @@ public class JobsResources extends ListResourceBundle {
     }
 
     /**
-     * Constants. The suffix represents the number of
-     * possible parameters.
+     * Constants. The suffix represents the number of possible parameters.
      */
 
     static final Object[][] contents = {};
diff --git a/pki/base/common/src/com/netscape/certsrv/kra/EKRAException.java b/pki/base/common/src/com/netscape/certsrv/kra/EKRAException.java
index 9ab4a238..869c8c60 100644
--- a/pki/base/common/src/com/netscape/certsrv/kra/EKRAException.java
+++ b/pki/base/common/src/com/netscape/certsrv/kra/EKRAException.java
@@ -17,16 +17,13 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.kra;
 
-
 import com.netscape.certsrv.base.EBaseException;
 
-
 /**
- * A class represents a KRA exception. This is the base
- * exception for all the KRA specific exceptions. It is
- * associated with <CODE>KRAResources</CODE>.
+ * A class represents a KRA exception. This is the base exception for all the
+ * KRA specific exceptions. It is associated with <CODE>KRAResources</CODE>.
  * <P>
- *
+ * 
  * @version $Revision$, $Date$
  */
 public class EKRAException extends EBaseException {
@@ -39,11 +36,12 @@ public class EKRAException extends EBaseException {
      * KRA resource class name.
      * <P>
      */
-    private static final String KRA_RESOURCES = KRAResources.class.getName();		
+    private static final String KRA_RESOURCES = KRAResources.class.getName();
 
     /**
      * Constructs a KRA exception.
      * <P>
+     * 
      * @param msgFormat constant from KRAResources.
      */
     public EKRAException(String msgFormat) {
@@ -53,6 +51,7 @@ public class EKRAException extends EBaseException {
     /**
      * Constructs a KRA exception.
      * <P>
+     * 
      * @param msgFormat constant from KRAResources.
      * @param param additional parameters to the message.
      */
@@ -63,6 +62,7 @@ public class EKRAException extends EBaseException {
     /**
      * Constructs a KRA exception.
      * <P>
+     * 
      * @param msgFormat constant from KRAResources.
      * @param e embedded exception.
      */
@@ -73,6 +73,7 @@ public class EKRAException extends EBaseException {
     /**
      * Constructs a KRA exception.
      * <P>
+     * 
      * @param msgFormat constant from KRAResources.
      * @param params additional parameters to the message.
      */
@@ -83,6 +84,7 @@ public class EKRAException extends EBaseException {
     /**
      * Returns the bundle file name.
      * <P>
+     * 
      * @return name of bundle class associated with this exception.
      */
     protected String getBundleName() {
diff --git a/pki/base/common/src/com/netscape/certsrv/kra/IJoinShares.java b/pki/base/common/src/com/netscape/certsrv/kra/IJoinShares.java
index e130b95c..35366c39 100644
--- a/pki/base/common/src/com/netscape/certsrv/kra/IJoinShares.java
+++ b/pki/base/common/src/com/netscape/certsrv/kra/IJoinShares.java
@@ -18,16 +18,19 @@
 package com.netscape.certsrv.kra;
 
 /**
- * Use Java's reflection API to leverage CMS's
- * old Share and JoinShares implementations.
- *
+ * Use Java's reflection API to leverage CMS's old Share and JoinShares
+ * implementations.
+ * 
  * @deprecated
  * @version $Revision$ $Date$
  */
 public interface IJoinShares {
 
     public void initialize(int threshold) throws Exception;
+
     public void addShare(int shareNum, byte[] share);
+
     public int getShareCount();
+
     public byte[] recoverSecret();
 }
diff --git a/pki/base/common/src/com/netscape/certsrv/kra/IKeyRecoveryAuthority.java b/pki/base/common/src/com/netscape/certsrv/kra/IKeyRecoveryAuthority.java
index 7be3f165..77fb80be 100644
--- a/pki/base/common/src/com/netscape/certsrv/kra/IKeyRecoveryAuthority.java
+++ b/pki/base/common/src/com/netscape/certsrv/kra/IKeyRecoveryAuthority.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.kra;
 
-
 import java.util.Enumeration;
 import java.util.Hashtable;
 import java.util.Vector;
@@ -38,13 +37,11 @@ import com.netscape.certsrv.security.Credential;
 import com.netscape.certsrv.security.IStorageKeyUnit;
 import com.netscape.certsrv.security.ITransportKeyUnit;
 
-
 /**
- * An interface represents key recovery authority. The
- * key recovery authority is responsibile for archiving
- * and recovering user encryption private keys.
+ * An interface represents key recovery authority. The key recovery authority is
+ * responsibile for archiving and recovering user encryption private keys.
  * <P>
- *
+ * 
  * @version $Revision$, $Date$
  */
 public interface IKeyRecoveryAuthority extends ISubsystem {
@@ -71,7 +68,7 @@ public interface IKeyRecoveryAuthority extends ISubsystem {
     /**
      * Returns the name of this subsystem.
      * <P>
-     *
+     * 
      * @return KRA name
      */
     public X500Name getX500Name();
@@ -79,30 +76,28 @@ public interface IKeyRecoveryAuthority extends ISubsystem {
     /**
      * Retrieves KRA request repository.
      * <P>
-     *
+     * 
      * @return request repository
      */
     public IRequestQueue getRequestQueue();
 
     /**
-     * Retrieves the key repository. The key repository 
-     * stores archived keys.
+     * Retrieves the key repository. The key repository stores archived keys.
      * <P>
      */
     public IKeyRepository getKeyRepository();
 
     /**
      * Retrieves the Replica ID repository.
-     *
+     * 
      * @return KRA's Replica ID repository
      */
     public IReplicaIDRepository getReplicaRepository();
 
     /**
-     * Enables the auto recovery state. Once KRA is in the auto 
-     * recovery state, no recovery agents need to be present for
-     * providing credentials. This feature is for enabling
-     * user-based recovery operation.
+     * Enables the auto recovery state. Once KRA is in the auto recovery state,
+     * no recovery agents need to be present for providing credentials. This
+     * feature is for enabling user-based recovery operation.
      * <p>
      * 
      * @param cs list of agent credentials
@@ -113,17 +108,16 @@ public interface IKeyRecoveryAuthority extends ISubsystem {
 
     /**
      * Returns the current auto recovery state.
-     *
+     * 
      * @return true if auto recvoery state is on
      */
     public boolean getAutoRecoveryState();
 
     /**
-     * Adds credentials to the given authorizated recovery operation.
-     * In distributed recovery mode, recovery agent login to the
-     * agent interface and submit its credential for a particular
-     * recovery operation.
-     *
+     * Adds credentials to the given authorizated recovery operation. In
+     * distributed recovery mode, recovery agent login to the agent interface
+     * and submit its credential for a particular recovery operation.
+     * 
      * @param id authorization identifier
      * @param creds list of credentials
      */
@@ -131,131 +125,129 @@ public interface IKeyRecoveryAuthority extends ISubsystem {
 
     /**
      * Removes a particular auto recovery operation.
-     *
+     * 
      * @param id authorization identifier
      */
     public void removeAutoRecovery(String id);
 
     /**
-     * Returns the number of required agents. In M-out-of-N
-     * recovery schema, only M agents are required even there
-     * are N agents. This method returns M.
-     *
+     * Returns the number of required agents. In M-out-of-N recovery schema,
+     * only M agents are required even there are N agents. This method returns
+     * M.
+     * 
      * @return number of required agents
      */
     public int getNoOfRequiredAgents() throws EBaseException;
 
     /**
      * Sets the number of required recovery agents
-     *
+     * 
      * @param number number of agents
      */
     public void setNoOfRequiredAgents(int number) throws EBaseException;
 
     /**
      * Returns the current recovery identifier.
-     *
+     * 
      * @return recovery identifier
      */
     public String getRecoveryID();
 
     /**
      * Returns a list of recovery identifiers.
-     *
+     * 
      * @return list of auto recovery identifiers
      */
     public Enumeration<String> getAutoRecoveryIDs();
 
     /**
-     * Returns the storage key unit that manages the
-     * stoarge key.
-     *
+     * Returns the storage key unit that manages the stoarge key.
+     * 
      * @return storage key unit
      */
     public IStorageKeyUnit getStorageKeyUnit();
 
     /**
-     * Returns the transport key unit that manages the
-     * transport key.
-     *
+     * Returns the transport key unit that manages the transport key.
+     * 
      * @return transport key unit
      */
     public ITransportKeyUnit getTransportKeyUnit();
 
     /**
-     * Returns the token that generates user key pairs for supporting server-side keygen
-     *
+     * Returns the token that generates user key pairs for supporting
+     * server-side keygen
+     * 
      * @return keygen token
      */
     public CryptoToken getKeygenToken();
 
     /**
      * Adds entropy to the token used for supporting server-side keygen
-	 * Parameters are set in the config file
-     * @param logflag create log messages at info level to report entropy shortage
+     * Parameters are set in the config file
+     * 
+     * @param logflag create log messages at info level to report entropy
+     *            shortage
      */
-	public void addEntropy(boolean logflag);
-
+    public void addEntropy(boolean logflag);
 
     /**
-     * Returns the request listener that listens on
-     * the request completion event.
-     *
+     * Returns the request listener that listens on the request completion
+     * event.
+     * 
      * @return request listener
      */
     public IRequestListener getRequestInQListener();
 
     /**
-     * Returns policy processor of the key recovery
-     * authority.
-     *
+     * Returns policy processor of the key recovery authority.
+     * 
      * @return policy processor
      */
     public IPolicyProcessor getPolicyProcessor();
 
     /**
      * Returns the nickname of the transport certificate.
-     *
+     * 
      * @return transport certificate nickname.
      */
     public String getNickname();
 
     /**
      * Sets the nickname of the transport certificate.
-     *
+     * 
      * @param str nickname
      */
     public void setNickname(String str);
 
     /**
      * Returns the new nickname of the transport certifiate.
-     *
+     * 
      * @return new nickname
      */
     public String getNewNickName() throws EBaseException;
 
     /**
      * Sets the new nickname of the transport certifiate.
-     *
+     * 
      * @param name new nickname
      */
     public void setNewNickName(String name);
 
     /**
      * Logs event into key recovery authority logging.
-     *
+     * 
      * @param level log level
      * @param msg log message
      */
     public void log(int level, String msg);
 
     /**
-     * Creates a request object to store attributes that
-     * will not be serialized. Currently, request queue
-     * framework will try to serialize all the attribute into
-     * persistent storage. Things like passwords are not
+     * Creates a request object to store attributes that will not be serialized.
+     * Currently, request queue framework will try to serialize all the
+     * attribute into persistent storage. Things like passwords are not
      * desirable to be stored.
-     *
+     * 
      * @param id request id
      * @return volatile requests
      */
@@ -263,7 +255,7 @@ public interface IKeyRecoveryAuthority extends ISubsystem {
 
     /**
      * Retrieves the request object.
-     *
+     * 
      * @param id request id
      * @return volatile requests
      */
@@ -271,32 +263,32 @@ public interface IKeyRecoveryAuthority extends ISubsystem {
 
     /**
      * Destroys the request object.
-     *
+     * 
      * @param id request id
      */
     public void destroyVolatileRequest(RequestId id);
 
     public Vector<Credential> getAppAgents(
-        String recoveryID) throws EBaseException;
+            String recoveryID) throws EBaseException;
 
     /**
      * Creates error for a specific recovery operation.
-     *
+     * 
      * @param recoveryID recovery id
      * @param error error
      * @exception EBaseException failed to create error
      */
     public void createError(String recoveryID, String error)
-        throws EBaseException;
+            throws EBaseException;
 
     /**
      * Retrieves error by recovery identifier.
-     *
+     * 
      * @param recoveryID recovery id
      * @return error message
      */
     public String getError(String recoveryID)
-        throws EBaseException;
+            throws EBaseException;
 
     /**
      * Retrieves PKCS12 package by recovery identifier.
@@ -305,16 +297,16 @@ public interface IKeyRecoveryAuthority extends ISubsystem {
      * @return pkcs12 package in bytes
      */
     public byte[] getPk12(String recoveryID)
-        throws EBaseException;
+            throws EBaseException;
 
     /**
      * Creates PKCS12 package in memory.
-     *
+     * 
      * @param recoveryID recovery id
      * @param pk12 package in bytes
-     */ 
+     */
     public void createPk12(String recoveryID, byte[] pk12)
-        throws EBaseException;
+            throws EBaseException;
 
     /**
      * Retrieves the transport certificate.
diff --git a/pki/base/common/src/com/netscape/certsrv/kra/IKeyService.java b/pki/base/common/src/com/netscape/certsrv/kra/IKeyService.java
index 5ed17453..c03599b8 100644
--- a/pki/base/common/src/com/netscape/certsrv/kra/IKeyService.java
+++ b/pki/base/common/src/com/netscape/certsrv/kra/IKeyService.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.kra;
 
-
 import java.math.BigInteger;
 import java.util.Hashtable;
 
@@ -26,63 +25,65 @@ import netscape.security.x509.X509CertImpl;
 import com.netscape.certsrv.base.EBaseException;
 import com.netscape.certsrv.security.Credential;
 
-
 /**
  * An interface representing a recovery service.
  * <P>
- *
+ * 
  * @version $Revision$, $Date$
  */
 public interface IKeyService {
 
     /**
-     * Retrieves number of agent required to perform
-     * key recovery operation.
+     * Retrieves number of agent required to perform key recovery operation.
      * 
      * @return number of required recovery agents
      * @exception EBaseException failed to retrieve value
      */
     public int getNoOfRequiredAgents() throws EBaseException;
 
-   /**
-    * is async recovery request status APPROVED -
-    *   i.e. all required # of recovery agents approved
-    * @param reqID request id
-    * @return true if  # of recovery required agents approved; false otherwise
-    */
+    /**
+     * is async recovery request status APPROVED - i.e. all required # of
+     * recovery agents approved
+     * 
+     * @param reqID request id
+     * @return true if # of recovery required agents approved; false otherwise
+     */
     public boolean isApprovedAsyncKeyRecovery(String reqID)
-        throws EBaseException;
+            throws EBaseException;
 
-   /**
-    * get async recovery request initiating agent
-    * @param reqID request id
-    * @return agentUID
-    */
+    /**
+     * get async recovery request initiating agent
+     * 
+     * @param reqID request id
+     * @return agentUID
+     */
     public String getInitAgentAsyncKeyRecovery(String reqID)
-        throws EBaseException;
+            throws EBaseException;
 
     /**
      * Initiate asynchronous key recovery
+     * 
      * @param kid key identifier
      * @param cert certificate embedded in PKCS12
      * @return requestId
      * @exception EBaseException failed to initiate async recovery
      */
     public String initAsyncKeyRecovery(BigInteger kid, X509CertImpl cert, String agent)
-         throws EBaseException;
+            throws EBaseException;
 
     /**
      * add approving agent in asynchronous key recovery
+     * 
      * @param reqID request id
      * @param agentID agent id
      * @exception EBaseException failed to initiate async recovery
      */
     public void addAgentAsyncKeyRecovery(String reqID, String agentID)
-         throws EBaseException;
+            throws EBaseException;
 
     /**
      * Performs administrator-initiated key recovery.
-     *
+     * 
      * @param kid key identifier
      * @param creds list of credentials (id and password)
      * @param pwd password to protect PKCS12
@@ -92,87 +93,87 @@ public interface IKeyService {
      * @exception EBaseException failed to perform recovery
      */
     public byte[] doKeyRecovery(BigInteger kid,
-        Credential creds[], String pwd, X509CertImpl cert,
-        String delivery, String nickname, String agent) throws EBaseException;
+            Credential creds[], String pwd, X509CertImpl cert,
+            String delivery, String nickname, String agent) throws EBaseException;
 
-     /**
-     * Async Recovers key for administrators. This method is
-     * invoked by the agent operation of the key recovery servlet.
+    /**
+     * Async Recovers key for administrators. This method is invoked by the
+     * agent operation of the key recovery servlet.
      * <P>
-     *
+     * 
      * <ul>
      * <li>signed.audit LOGGING_SIGNED_AUDIT_KEY_RECOVERY_REQUEST used whenever
      * a user private key recovery request is made (this is when the DRM
      * receives the request)
-     * <li>signed.audit LOGGING_SIGNED_AUDIT_KEY_RECOVERY_REQUEST_PROCESSED used whenever
-     * a user private key recovery request is processed (this is when the DRM
-     * processes the request)
+     * <li>signed.audit LOGGING_SIGNED_AUDIT_KEY_RECOVERY_REQUEST_PROCESSED used
+     * whenever a user private key recovery request is processed (this is when
+     * the DRM processes the request)
      * </ul>
-     * @param reqID  request id
-     * @param password password of the PKCS12 package
-     * subsystem
+     * 
+     * @param reqID request id
+     * @param password password of the PKCS12 package subsystem
      * @exception EBaseException failed to recover key
      * @return a byte array containing the key
      */
     public byte[] doKeyRecovery(
-        String reqID,
-        String password)
-        throws EBaseException;
+            String reqID,
+            String password)
+            throws EBaseException;
 
     /**
      * Retrieves recovery identifier.
-     *
+     * 
      * @return recovery id
      */
     public String getRecoveryID();
 
     /**
      * Creates recovery parameters for the given recovery operation.
-     *
+     * 
      * @param recoveryID recovery id
      * @return recovery parameters
      * @exception EBaseException failed to create
      */
     public Hashtable<String, Object> createRecoveryParams(String recoveryID)
-        throws EBaseException;
+            throws EBaseException;
 
     /**
      * Destroys recovery parameters for the given recovery operation.
-     *
+     * 
      * @param recoveryID recovery id
      * @exception EBaseException failed to destroy
      */
-    public void destroyRecoveryParams(String recoveryID) 
-        throws EBaseException;
+    public void destroyRecoveryParams(String recoveryID)
+            throws EBaseException;
 
     /**
      * Retrieves recovery parameters for the given recovery operation.
-     *
+     * 
      * @param recoveryID recovery id
      * @return recovery parameters
      * @exception EBaseException failed to retrieve
      */
     public Hashtable<String, Object> getRecoveryParams(String recoveryID)
-        throws EBaseException;
+            throws EBaseException;
 
     /**
      * Adds password in the distributed recovery operation.
-     *
+     * 
      * @param recoveryID recovery id
      * @param uid agent uid
      * @param pwd agent password
      * @exception EBaseException failed to add
      */
-    public void addDistributedCredential(String recoveryID, 
-        String uid, String pwd) throws EBaseException;
+    public void addDistributedCredential(String recoveryID,
+            String uid, String pwd) throws EBaseException;
 
     /**
      * Retrieves credentials in the distributed recovery operation.
-     *
+     * 
      * @param recoveryID recovery id
      * @return agent's credentials
      * @exception EBaseException failed to retrieve
      */
-    public Credential[] getDistributedCredentials(String recoveryID) 
-        throws EBaseException;
+    public Credential[] getDistributedCredentials(String recoveryID)
+            throws EBaseException;
 }
diff --git a/pki/base/common/src/com/netscape/certsrv/kra/IProofOfArchival.java b/pki/base/common/src/com/netscape/certsrv/kra/IProofOfArchival.java
index 1b484b66..20ac336e 100644
--- a/pki/base/common/src/com/netscape/certsrv/kra/IProofOfArchival.java
+++ b/pki/base/common/src/com/netscape/certsrv/kra/IProofOfArchival.java
@@ -17,15 +17,14 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.kra;
 
-
 import java.math.BigInteger;
 import java.util.Date;
 
-
 /**
  * An interface represents a proof of archival.
  * <P>
  * Here is the ASN1 definition of a proof of escrow:
+ * 
  * <PRE>
  * ProofOfArchival ::= SIGNED {
  *   SEQUENCE {
@@ -46,35 +45,35 @@ public interface IProofOfArchival {
 
     /**
      * Retrieves version of this proof.
-     *
+     * 
      * @return version
      */
     public BigInteger getVersion();
 
     /**
      * Retrieves the serial number.
-     *
+     * 
      * @return serial number
      */
     public BigInteger getSerialNumber();
 
     /**
      * Retrieves the subject name.
-     *
+     * 
      * @return subject name
      */
     public String getSubjectName();
 
     /**
      * Retrieves the issuer name.
-     *
+     * 
      * @return issuer name
      */
     public String getIssuerName();
 
     /**
      * Returns the beginning of the escrowed perioid.
-     *
+     * 
      * @return date of archival
      */
     public Date getDateOfArchival();
diff --git a/pki/base/common/src/com/netscape/certsrv/kra/IShare.java b/pki/base/common/src/com/netscape/certsrv/kra/IShare.java
index c4d58f0a..92eaf319 100644
--- a/pki/base/common/src/com/netscape/certsrv/kra/IShare.java
+++ b/pki/base/common/src/com/netscape/certsrv/kra/IShare.java
@@ -18,15 +18,16 @@
 package com.netscape.certsrv.kra;
 
 /**
- * Use Java's reflection API to leverage CMS's
- * old Share and JoinShares implementations.
- *
+ * Use Java's reflection API to leverage CMS's old Share and JoinShares
+ * implementations.
+ * 
  * @deprecated
  * @version $Revision$ $Date$
  */
 public interface IShare {
 
     public void initialize(byte[] secret, int threshold) throws Exception;
+
     public byte[] createShare(int sharenumber);
 
 }
diff --git a/pki/base/common/src/com/netscape/certsrv/kra/KRAResources.java b/pki/base/common/src/com/netscape/certsrv/kra/KRAResources.java
index 40e0ee17..14b686e6 100644
--- a/pki/base/common/src/com/netscape/certsrv/kra/KRAResources.java
+++ b/pki/base/common/src/com/netscape/certsrv/kra/KRAResources.java
@@ -17,10 +17,8 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.kra;
 
-
 import java.util.ListResourceBundle;
 
-
 /**
  * A class represents a resource bundle for KRA subsystem.
  * <P>
diff --git a/pki/base/common/src/com/netscape/certsrv/kra/ProofOfArchival.java b/pki/base/common/src/com/netscape/certsrv/kra/ProofOfArchival.java
index ca575396..99c8cc5f 100644
--- a/pki/base/common/src/com/netscape/certsrv/kra/ProofOfArchival.java
+++ b/pki/base/common/src/com/netscape/certsrv/kra/ProofOfArchival.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.kra;
 
-
 import java.io.IOException;
 import java.io.InputStream;
 import java.io.Serializable;
@@ -42,17 +41,15 @@ import com.netscape.certsrv.apps.CMS;
 import com.netscape.certsrv.base.EBaseException;
 import com.netscape.certsrv.dbs.IDBObj;
 
-
 /**
- * A class represents a proof of escrow. It indicates a key
- * pairs have been escrowed by appropriate authority. The 
- * structure of this object is very similar (if not exact) to 
- * X.509 certificate. A proof of escrow is signed by an escrow 
- * authority. It is possible to have a CMS policy to reject
- * the certificate issuance request if proof of escrow is not
- * presented.
+ * A class represents a proof of escrow. It indicates a key pairs have been
+ * escrowed by appropriate authority. The structure of this object is very
+ * similar (if not exact) to X.509 certificate. A proof of escrow is signed by
+ * an escrow authority. It is possible to have a CMS policy to reject the
+ * certificate issuance request if proof of escrow is not presented.
  * <P>
  * Here is the ASN1 definition of a proof of escrow:
+ * 
  * <PRE>
  * ProofOfEscrow ::= SIGNED {
  *   SEQUENCE {
@@ -106,13 +103,14 @@ public class ProofOfArchival implements IDBObj, IProofOfArchival, Serializable {
     /**
      * Constructs a proof of escrow.
      * <P>
+     * 
      * @param serialNo serial number of proof
      * @param subject subject name
      * @param issuer issuer name
      * @param dateOfArchival date of archival
      */
     public ProofOfArchival(BigInteger serialNo, String subject,
-        String issuer, Date dateOfArchival) {
+            String issuer, Date dateOfArchival) {
         mVersion = DEFAULT_VERSION;
         mSerialNo = serialNo;
         mSubject = subject;
@@ -123,6 +121,7 @@ public class ProofOfArchival implements IDBObj, IProofOfArchival, Serializable {
     /**
      * Constructs proof of escrow from input stream.
      * <P>
+     * 
      * @param in encoding source
      * @exception EBaseException failed to decode
      */
@@ -133,6 +132,7 @@ public class ProofOfArchival implements IDBObj, IProofOfArchival, Serializable {
     /**
      * Sets an attribute value.
      * <P>
+     * 
      * @param name attribute name
      * @param obj attribute value
      * @exception EBaseException failed to set attribute
@@ -157,6 +157,7 @@ public class ProofOfArchival implements IDBObj, IProofOfArchival, Serializable {
     /**
      * Retrieves the value of an named attribute.
      * <P>
+     * 
      * @param name attribute name
      * @return attribute value
      * @exception EBaseException failed to get attribute
@@ -177,10 +178,11 @@ public class ProofOfArchival implements IDBObj, IProofOfArchival, Serializable {
                     CMS.getUserMessage("CMS_BASE_INVALID_ATTRIBUTE", name));
         }
     }
-	
+
     /**
      * Deletes an attribute.
      * <P>
+     * 
      * @param name attribute name
      * @exception EBaseException failed to get attribute
      */
@@ -188,11 +190,11 @@ public class ProofOfArchival implements IDBObj, IProofOfArchival, Serializable {
         throw new EBaseException(
                 CMS.getUserMessage("CMS_BASE_INVALID_ATTRIBUTE", name));
     }
-	
+
     /**
      * Retrieves a list of possible attribute names.
      * <P>
-     *
+     * 
      * @return a list of names
      */
     public Enumeration<String> getElements() {
@@ -207,11 +209,12 @@ public class ProofOfArchival implements IDBObj, IProofOfArchival, Serializable {
     public Enumeration<String> getSerializableAttrNames() {
         return mNames.elements();
     }
-	
+
     /**
      * Retrieves version of this proof.
      * <P>
-     * @return version 
+     * 
+     * @return version
      */
     public BigInteger getVersion() {
         return mVersion;
@@ -220,7 +223,8 @@ public class ProofOfArchival implements IDBObj, IProofOfArchival, Serializable {
     /**
      * Retrieves the serial number.
      * <P>
-     * @return serial number 
+     * 
+     * @return serial number
      */
     public BigInteger getSerialNumber() {
         return mSerialNo;
@@ -229,6 +233,7 @@ public class ProofOfArchival implements IDBObj, IProofOfArchival, Serializable {
     /**
      * Retrieves the subject name.
      * <P>
+     * 
      * @return subject name
      */
     public String getSubjectName() {
@@ -238,6 +243,7 @@ public class ProofOfArchival implements IDBObj, IProofOfArchival, Serializable {
     /**
      * Retrieves the issuer name.
      * <P>
+     * 
      * @return issuer name
      */
     public String getIssuerName() {
@@ -247,6 +253,7 @@ public class ProofOfArchival implements IDBObj, IProofOfArchival, Serializable {
     /**
      * Returns the beginning of the escrowed perioid.
      * <P>
+     * 
      * @return date of archival
      */
     public Date getDateOfArchival() {
@@ -254,8 +261,7 @@ public class ProofOfArchival implements IDBObj, IProofOfArchival, Serializable {
     }
 
     /**
-     * Encodes this proof of escrow into the given 
-     * output stream.
+     * Encodes this proof of escrow into the given output stream.
      * <P>
      */
     public void encode(DerOutputStream out) throws EBaseException {
@@ -268,10 +274,10 @@ public class ProofOfArchival implements IDBObj, IProofOfArchival, Serializable {
 
                 version.putInteger(new BigInt(mVersion));
                 seq.write(DerValue.createTag(
-                        DerValue.TAG_CONTEXT, true, (byte) 0), 
-                    version);
+                        DerValue.TAG_CONTEXT, true, (byte) 0),
+                        version);
             }
-	
+
             // serial number
             DerOutputStream serialno = new DerOutputStream();
 
@@ -289,7 +295,7 @@ public class ProofOfArchival implements IDBObj, IProofOfArchival, Serializable {
 
             // issue date
             seq.putUTCTime(mDateOfArchival);
-            out.write(DerValue.tag_Sequence, seq);	
+            out.write(DerValue.tag_Sequence, seq);
 
         } catch (IOException e) {
             throw new EKRAException(CMS.getUserMessage("CMS_KRA_POA_DECODE_FAILED", e.toString()));
@@ -300,9 +306,9 @@ public class ProofOfArchival implements IDBObj, IProofOfArchival, Serializable {
      * Encodes and signs this proof of escrow.
      * <P>
      */
-    public void encodeAndSign(PrivateKey key, String algorithm, 
-        String provider, DerOutputStream out) 
-        throws EBaseException {
+    public void encodeAndSign(PrivateKey key, String algorithm,
+            String provider, DerOutputStream out)
+            throws EBaseException {
 
         try {
             Signature sigEngine = null;
@@ -310,7 +316,7 @@ public class ProofOfArchival implements IDBObj, IProofOfArchival, Serializable {
             if (provider == null) {
                 sigEngine = Signature.getInstance(algorithm);
             } else {
-                sigEngine = Signature.getInstance(algorithm, 
+                sigEngine = Signature.getInstance(algorithm,
                             provider);
             }
 
@@ -357,7 +363,7 @@ public class ProofOfArchival implements IDBObj, IProofOfArchival, Serializable {
 
             DerValue val = new DerValue(in);
 
-            DerValue seq[] = new DerValue[3]; 
+            DerValue seq[] = new DerValue[3];
 
             seq[0] = val.data.getDerValue();
             if (seq[0].tag == DerValue.tag_Sequence) {
@@ -365,12 +371,12 @@ public class ProofOfArchival implements IDBObj, IProofOfArchival, Serializable {
                 seq[1] = val.data.getDerValue();
                 seq[2] = val.data.getDerValue();
                 if (seq[1].data.available() != 0) {
-                    throw new EKRAException(CMS.getUserMessage("CMS_KRA_POA_DECODE_FAILED_1", 
+                    throw new EKRAException(CMS.getUserMessage("CMS_KRA_POA_DECODE_FAILED_1",
                                 "no algorithm found"));
                 }
 
                 if (seq[2].data.available() != 0) {
-                    throw new EKRAException(CMS.getUserMessage("CMS_KRA_POA_DECODE_FAILED_1", 
+                    throw new EKRAException(CMS.getUserMessage("CMS_KRA_POA_DECODE_FAILED_1",
                                 "no signature found"));
                 }
 
@@ -391,14 +397,14 @@ public class ProofOfArchival implements IDBObj, IProofOfArchival, Serializable {
      * Decodes proof of escrow.
      * <P>
      */
-    private void decodePOA(DerValue val, DerValue preprocessed) 
-        throws EBaseException {
+    private void decodePOA(DerValue val, DerValue preprocessed)
+            throws EBaseException {
         try {
             DerValue tmp = null;
 
             if (preprocessed == null) {
                 if (val.tag != DerValue.tag_Sequence) {
-                    throw new EKRAException(CMS.getUserMessage("CMS_KRA_POA_DECODE_FAILED_1", 
+                    throw new EKRAException(CMS.getUserMessage("CMS_KRA_POA_DECODE_FAILED_1",
                                 "not start with sequence"));
                 }
                 tmp = val.data.getDerValue();
@@ -429,7 +435,7 @@ public class ProofOfArchival implements IDBObj, IProofOfArchival, Serializable {
 
             // mSubject = new X500Name(subject); // doesnt work
             mSubject = new String(subject.toByteArray());
-		
+
             // issuer
             DerValue issuer = val.data.getDerValue();
 
@@ -443,15 +449,14 @@ public class ProofOfArchival implements IDBObj, IProofOfArchival, Serializable {
     }
 
     /**
-     * Retrieves the string reprensetation of this 
-     * proof of archival.
+     * Retrieves the string reprensetation of this proof of archival.
      */
     public String toString() {
         return "Version: " + mVersion.toString() + "\n" +
-            "SerialNo: " + mSerialNo.toString() + "\n" +
-            "Subject: " + mSubject + "\n" +
-            "Issuer: " + mIssuer + "\n" +
-            "DateOfArchival: " + mDateOfArchival.toString();
+                "SerialNo: " + mSerialNo.toString() + "\n" +
+                "Subject: " + mSubject + "\n" +
+                "Issuer: " + mIssuer + "\n" +
+                "DateOfArchival: " + mDateOfArchival.toString();
     }
 
 }
diff --git a/pki/base/common/src/com/netscape/certsrv/ldap/ELdapException.java b/pki/base/common/src/com/netscape/certsrv/ldap/ELdapException.java
index ab2d361b..0e0813ac 100644
--- a/pki/base/common/src/com/netscape/certsrv/ldap/ELdapException.java
+++ b/pki/base/common/src/com/netscape/certsrv/ldap/ELdapException.java
@@ -17,15 +17,13 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.ldap;
 
-
 import com.netscape.certsrv.base.EBaseException;
 
-
 /**
- * A class that represents a Ldap exception. Various
- * errors can occur when interacting with a Ldap directory server.
+ * A class that represents a Ldap exception. Various errors can occur when
+ * interacting with a Ldap directory server.
  * <P>
- *
+ * 
  * @version $Revision$, $Date$
  */
 public class ELdapException extends EBaseException {
@@ -37,23 +35,25 @@ public class ELdapException extends EBaseException {
     /**
      * Ldap resource class name.
      */
-    private static final String LDAP_RESOURCES = LdapResources.class.getName();		
+    private static final String LDAP_RESOURCES = LdapResources.class.getName();
 
     /**
-     * Constructs a Ldap  exception.
+     * Constructs a Ldap exception.
+     * 
      * @param msgFormat Resource Key, if key not present, serves as the message.
-     * <P>
+     *            <P>
      */
     public ELdapException(String msgFormat) {
         super(msgFormat);
     }
 
     /**
-     * Constructs a Ldap  exception.
+     * Constructs a Ldap exception.
+     * 
      * @param msgFormat Resource Key, if key not present, serves as the message.
-     * Include a message string parameter for variable content.
+     *            Include a message string parameter for variable content.
      * @param param Message string parameter.
-     * <P>
+     *            <P>
      */
     public ELdapException(String msgFormat, String param) {
         super(msgFormat, param);
@@ -61,19 +61,21 @@ public class ELdapException extends EBaseException {
 
     /**
      * Constructs a Ldap exception.
+     * 
      * @param msgFormat Resource Key, if key not present, serves as the message.
-     * @param e  Common exception.
-     * <P>
+     * @param e Common exception.
+     *            <P>
      */
     public ELdapException(String msgFormat, Exception e) {
         super(msgFormat, e);
     }
 
     /**
-     * Constructs a Ldap  exception.
+     * Constructs a Ldap exception.
+     * 
      * @param msgFormat Resource Key, if key not present, serves as the message.
      * @param params Array of Message string parameters.
-     * <P>
+     *            <P>
      */
     public ELdapException(String msgFormat, Object params[]) {
         super(msgFormat, params);
@@ -81,8 +83,9 @@ public class ELdapException extends EBaseException {
 
     /**
      * Gets the resource bundle name
+     * 
      * @return Name of the Ldap Exception resource bundle name.
-     * <p>
+     *         <p>
      */
     protected String getBundleName() {
         return LDAP_RESOURCES;
diff --git a/pki/base/common/src/com/netscape/certsrv/ldap/ELdapServerDownException.java b/pki/base/common/src/com/netscape/certsrv/ldap/ELdapServerDownException.java
index ead1a020..f347b171 100644
--- a/pki/base/common/src/com/netscape/certsrv/ldap/ELdapServerDownException.java
+++ b/pki/base/common/src/com/netscape/certsrv/ldap/ELdapServerDownException.java
@@ -17,10 +17,9 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.ldap;
 
-
 /**
  * This represents exception which indicates Ldap server is down.
- *
+ * 
  * @version $Revision$, $Date$
  */
 public class ELdapServerDownException extends ELdapException {
@@ -32,6 +31,7 @@ public class ELdapServerDownException extends ELdapException {
 
     /**
      * Constructs a ldap server down exception with host & port info.
+     * 
      * @param errorString Detailed error message.
      */
     public ELdapServerDownException(String errorString) {
diff --git a/pki/base/common/src/com/netscape/certsrv/ldap/ILdapAuthInfo.java b/pki/base/common/src/com/netscape/certsrv/ldap/ILdapAuthInfo.java
index 46082c73..b62cf20b 100644
--- a/pki/base/common/src/com/netscape/certsrv/ldap/ILdapAuthInfo.java
+++ b/pki/base/common/src/com/netscape/certsrv/ldap/ILdapAuthInfo.java
@@ -17,11 +17,9 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.ldap;
 
-
 import com.netscape.certsrv.base.EBaseException;
 import com.netscape.certsrv.base.IConfigStore;
 
-
 /**
  * Class for obtaining ldap authentication info from the configuration store.
  * Two types of authentication is basic and SSL client authentication.
@@ -39,28 +37,30 @@ public interface ILdapAuthInfo {
     static public final String LDAP_BASICAUTH_STR = "BasicAuth";
     static public final String LDAP_SSLCLIENTAUTH_STR = "SslClientAuth";
 
-    static public final int LDAP_AUTHTYPE_NONE = 0;  // illegal
+    static public final int LDAP_AUTHTYPE_NONE = 0; // illegal
     static public final int LDAP_AUTHTYPE_BASICAUTH = 1;
     static public final int LDAP_AUTHTYPE_SSLCLIENTAUTH = 2;
 
     /**
      * Initialize this class from the config store.
+     * 
      * @param config The config store from which to initialize.
      * @exception EBaseException Due to failure of the initialization process.
-     *
+     * 
      */
     public void init(IConfigStore config) throws EBaseException;
 
     /**
-     * Initialize this class from the config store. 
-     * Based on host, port, and secure boolean info.
-     * which allows an actual attempt on the server to verify credentials.
+     * Initialize this class from the config store. Based on host, port, and
+     * secure boolean info. which allows an actual attempt on the server to
+     * verify credentials.
+     * 
      * @param config The config store from which to initialize.
      * @exception EBaseException Due to failure of the initialization process.
-     *
+     * 
      */
     public void init(IConfigStore config, String host, int port, boolean secure)
-        throws EBaseException;
+            throws EBaseException;
 
     /**
      * Reset the connection to the host
@@ -68,28 +68,33 @@ public interface ILdapAuthInfo {
     public void reset();
 
     /**
-     * Get authentication type. 
+     * Get authentication type.
+     * 
      * @return one of: <br>
-     *		LdapAuthInfo.LDAP_AUTHTYPE_BASICAUTH or 
-     *		LdapAuthInfo.LDAP_AUTHTYPE_SSLCLIENTAUTH
+     *         LdapAuthInfo.LDAP_AUTHTYPE_BASICAUTH or
+     *         LdapAuthInfo.LDAP_AUTHTYPE_SSLCLIENTAUTH
      */
     public int getAuthType();
 
     /**
      * Get params for authentication.
-     * @return array of parameters for this authentication as an array of Strings.
+     * 
+     * @return array of parameters for this authentication as an array of
+     *         Strings.
      */
     public String[] getParms();
 
     /**
      * Add password to private password data structure.
+     * 
      * @param prompt Password prompt.
-     * @param pw     Password itself.
+     * @param pw Password itself.
      */
     public void addPassword(String prompt, String pw);
 
     /**
      * Remove password from private password data structure.
+     * 
      * @param prompt Identify password to remove with prompt.
      */
     public void removePassword(String prompt);
diff --git a/pki/base/common/src/com/netscape/certsrv/ldap/ILdapBoundConnFactory.java b/pki/base/common/src/com/netscape/certsrv/ldap/ILdapBoundConnFactory.java
index ef3e1742..0fac8d35 100644
--- a/pki/base/common/src/com/netscape/certsrv/ldap/ILdapBoundConnFactory.java
+++ b/pki/base/common/src/com/netscape/certsrv/ldap/ILdapBoundConnFactory.java
@@ -17,18 +17,14 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.ldap;
 
-
-
-
 /**
- * Maintains a pool of connections to the LDAP server.
- * CMS requests are processed on a multi threaded basis.
- * A pool of connections then must be be maintained so this
- * access to the Ldap server can be easily managed. The min and
- * max size of this connection pool should be configurable. Once
- * the maximum limit of connections is exceeded, the factory
- * should provide proper synchronization to resolve contention issues.
- *
+ * Maintains a pool of connections to the LDAP server. CMS requests are
+ * processed on a multi threaded basis. A pool of connections then must be be
+ * maintained so this access to the Ldap server can be easily managed. The min
+ * and max size of this connection pool should be configurable. Once the maximum
+ * limit of connections is exceeded, the factory should provide proper
+ * synchronization to resolve contention issues.
+ * 
  * @version $Revision$, $Date$
  */
 public interface ILdapBoundConnFactory extends ILdapConnFactory {
diff --git a/pki/base/common/src/com/netscape/certsrv/ldap/ILdapConnFactory.java b/pki/base/common/src/com/netscape/certsrv/ldap/ILdapConnFactory.java
index f706c2ec..118e414d 100644
--- a/pki/base/common/src/com/netscape/certsrv/ldap/ILdapConnFactory.java
+++ b/pki/base/common/src/com/netscape/certsrv/ldap/ILdapConnFactory.java
@@ -17,76 +17,79 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.ldap;
 
-
 import netscape.ldap.LDAPConnection;
 
 import com.netscape.certsrv.base.EBaseException;
 import com.netscape.certsrv.base.IConfigStore;
 
-
 /**
- * Maintains a pool of connections to the LDAP server.
- * Multiple threads use this interface to utilize and release
- * the Ldap connection resources.
- *
+ * Maintains a pool of connections to the LDAP server. Multiple threads use this
+ * interface to utilize and release the Ldap connection resources.
+ * 
  * @version $Revision$, $Date$
  */
 public interface ILdapConnFactory {
 
-    /** 
+    /**
      * Initialize the poll from the config store.
+     * 
      * @param config The configuration substore.
      * @exception EBaseException On configuration error.
-     * @exception ELdapException On all other errors. 
+     * @exception ELdapException On all other errors.
      */
-    public void init(IConfigStore config) 
-        throws EBaseException, ELdapException;
+    public void init(IConfigStore config)
+            throws EBaseException, ELdapException;
 
     /**
-     *
-     * Used for disconnecting all connections. 
-     * Used just before a subsystem
+     * 
+     * Used for disconnecting all connections. Used just before a subsystem
      * shutdown or process exit.
+     * 
      * @exception EldapException on Ldap failure when closing connections.
      */
-    public void reset() 
-        throws ELdapException;
+    public void reset()
+            throws ELdapException;
 
     /**
      * Returns the number of free connections available from this pool.
-     * @return Integer number of free connections. 
-     */ 
+     * 
+     * @return Integer number of free connections.
+     */
 
     public int freeConn();
 
     /**
      * Returns the number of total connections available from this pool.
      * Includes sum of free and in use connections.
+     * 
      * @return Integer number of total connections.
      */
     public int totalConn();
 
     /**
      * Returns the maximum number of connections available from this pool.
+     * 
      * @return Integer maximum number of connections.
      */
     public int maxConn();
 
-    /** 
-     * Request access to a Ldap connection from the pool. 
-     * @exception ELdapException if any error occurs, such as a 
-     * @return Ldap connection object.
-     * connection is not available 
+    /**
+     * Request access to a Ldap connection from the pool.
+     * 
+     * @exception ELdapException if any error occurs, such as a
+     * @return Ldap connection object. connection is not available
      */
-    public LDAPConnection getConn() 
-        throws ELdapException;
+    public LDAPConnection getConn()
+            throws ELdapException;
 
     /**
      * Return connection to the factory. mandatory after a getConn().
-     * @param conn Ldap connection object to be returned to the free list of the pool.
+     * 
+     * @param conn Ldap connection object to be returned to the free list of the
+     *            pool.
      * @exception ELdapException On any failure to return the connection.
      */
-    public void returnConn(LDAPConnection conn) 
-        throws ELdapException;
+    public void returnConn(LDAPConnection conn)
+            throws ELdapException;
 
 }
diff --git a/pki/base/common/src/com/netscape/certsrv/ldap/ILdapConnInfo.java b/pki/base/common/src/com/netscape/certsrv/ldap/ILdapConnInfo.java
index 4cffbe45..4eec994a 100644
--- a/pki/base/common/src/com/netscape/certsrv/ldap/ILdapConnInfo.java
+++ b/pki/base/common/src/com/netscape/certsrv/ldap/ILdapConnInfo.java
@@ -17,15 +17,14 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.ldap;
 
-
 import com.netscape.certsrv.base.EBaseException;
 import com.netscape.certsrv.base.IConfigStore;
 
-
 /**
- * Class for reading ldap connection information from the config store.
- * Ldap connection info: host name, port number,whether of not it is a secure connection.
- *
+ * Class for reading ldap connection information from the config store. Ldap
+ * connection info: host name, port number,whether of not it is a secure
+ * connection.
+ * 
  * @version $Revision$, $Date$
  */
 public interface ILdapConnInfo {
@@ -42,23 +41,24 @@ public interface ILdapConnInfo {
 
     /**
      * Initializes an instance from a config store.
+     * 
      * @param config Configuration store.
      * @exception ELdapException Ldap related error found.
-     * @exception EBaseException Other errors and errors with params included in the config store. 
+     * @exception EBaseException Other errors and errors with params included in
+     *                the config store.
      */
     public void init(IConfigStore config) throws EBaseException, ELdapException;
 
     /**
-     *  Return the name of the Host.
-     *
+     * Return the name of the Host.
+     * 
      */
 
-    
     public String getHost();
 
     /**
      * Return the port number of the host.
-     *
+     * 
      */
     public int getPort();
 
@@ -74,8 +74,8 @@ public interface ILdapConnInfo {
     public boolean getSecure();
 
     /**
-     * Return whether or not the server is to follow referrals
-     * to other servers when servicing a query.
+     * Return whether or not the server is to follow referrals to other servers
+     * when servicing a query.
      */
     public boolean getFollowReferrals();
 
diff --git a/pki/base/common/src/com/netscape/certsrv/ldap/ILdapConnModule.java b/pki/base/common/src/com/netscape/certsrv/ldap/ILdapConnModule.java
index 8d912fc5..601bfde8 100644
--- a/pki/base/common/src/com/netscape/certsrv/ldap/ILdapConnModule.java
+++ b/pki/base/common/src/com/netscape/certsrv/ldap/ILdapConnModule.java
@@ -17,45 +17,44 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.ldap;
 
-
 import com.netscape.certsrv.base.EBaseException;
 import com.netscape.certsrv.base.IConfigStore;
 import com.netscape.certsrv.base.ISubsystem;
 
-
 /**
- * Class on behalf of the Publishing system that controls an instance of an ILdapConnFactory.
- * Allows a factory to be intialized and grants access
- * to the factory to other interested parties.
- *
+ * Class on behalf of the Publishing system that controls an instance of an
+ * ILdapConnFactory. Allows a factory to be intialized and grants access to the
+ * factory to other interested parties.
+ * 
  * @version $Revision$, $Date$
  */
- 
+
 public interface ILdapConnModule {
 
     /**
      * Initialize ldap publishing module with config store.
+     * 
      * @param owner Entity that is interested in this instance of Publishing.
-     * @param config Config store containing the info needed to set up Publishing.
+     * @param config Config store containing the info needed to set up
+     *            Publishing.
      * @exception ELdapException Due to Ldap error.
-     * @exception EBaseException Due to config value errors and all other errors.
+     * @exception EBaseException Due to config value errors and all other
+     *                errors.
      */
-    public void init(ISubsystem owner, IConfigStore config) 
-        throws EBaseException, ELdapException;
+    public void init(ISubsystem owner, IConfigStore config)
+            throws EBaseException, ELdapException;
 
     /**
-     * Returns the internal ldap connection factory.
-     * This can be useful to get a ldap connection to the
-     * ldap publishing directory without having to get it again from the
-     * config file. Note that this means sharing a ldap connection pool
-     * with the ldap publishing module so be sure to return connections to pool.
-     * Use ILdapConnFactory.getConn() to get a Ldap connection to the ldap
-     * publishing directory.
-     * Use ILdapConnFactory.returnConn() to return the connection.
-     *
+     * Returns the internal ldap connection factory. This can be useful to get a
+     * ldap connection to the ldap publishing directory without having to get it
+     * again from the config file. Note that this means sharing a ldap
+     * connection pool with the ldap publishing module so be sure to return
+     * connections to pool. Use ILdapConnFactory.getConn() to get a Ldap
+     * connection to the ldap publishing directory. Use
+     * ILdapConnFactory.returnConn() to return the connection.
+     * 
      * @return Instance of ILdapConnFactory.
      */
 
     public ILdapConnFactory getLdapConnFactory();
 }
-
diff --git a/pki/base/common/src/com/netscape/certsrv/ldap/LdapResources.java b/pki/base/common/src/com/netscape/certsrv/ldap/LdapResources.java
index 26149738..ee2d307c 100644
--- a/pki/base/common/src/com/netscape/certsrv/ldap/LdapResources.java
+++ b/pki/base/common/src/com/netscape/certsrv/ldap/LdapResources.java
@@ -17,10 +17,8 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.ldap;
 
-
 import java.util.ListResourceBundle;
 
-
 /**
  * A resource bundle for ldap subsystem.
  * 
@@ -36,8 +34,7 @@ public class LdapResources extends ListResourceBundle {
     }
 
     /**
-     * Constants. The suffix represents the number of 
-     * possible parameters.
+     * Constants. The suffix represents the number of possible parameters.
      */
 
     static final Object[][] contents = {};
diff --git a/pki/base/common/src/com/netscape/certsrv/listeners/EListenersException.java b/pki/base/common/src/com/netscape/certsrv/listeners/EListenersException.java
index c498ca3d..6aee21ff 100644
--- a/pki/base/common/src/com/netscape/certsrv/listeners/EListenersException.java
+++ b/pki/base/common/src/com/netscape/certsrv/listeners/EListenersException.java
@@ -17,13 +17,12 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.listeners;
 
-
 import com.netscape.certsrv.base.EBaseException;
 
-
 /**
  * A class represents a listener exception.
  * <P>
+ * 
  * @version $Revision$, $Date$
  */
 public class EListenersException extends EBaseException {
@@ -40,8 +39,9 @@ public class EListenersException extends EBaseException {
     /**
      * Constructs a listeners exception.
      * <P>
+     * 
      * @param msgFormat The error message resource key.
-    */
+     */
     public EListenersException(String msgFormat) {
         super(msgFormat);
     }
@@ -49,6 +49,7 @@ public class EListenersException extends EBaseException {
     /**
      * Constructs a listeners exception.
      * <P>
+     * 
      * @param msgFormat exception details in message string format.
      * @param param message string parameter.
      */
@@ -59,27 +60,31 @@ public class EListenersException extends EBaseException {
     /**
      * Constructs a Listeners exception.
      * <P>
+     * 
      * @param msgFormat The resource key.
      * @param e The parameter as an exception.
      */
     public EListenersException(String msgFormat, Exception e) {
         super(msgFormat, e);
     }
-    
+
     /**
      * Constructs a Listeners exception.
      * <P>
+     * 
      * @param msgFormat The resource key.
      * @param params Array of params.
      */
     public EListenersException(String msgFormat, Object params[]) {
         super(msgFormat, params);
     }
+
     /**
      * get the listener resource class name.
      * <P>
+     * 
      * @return the class name of the resource.
-    */
+     */
     protected String getBundleName() {
         return LISTENERS_RESOURCES;
     }
diff --git a/pki/base/common/src/com/netscape/certsrv/listeners/IRequestListenerPlugin.java b/pki/base/common/src/com/netscape/certsrv/listeners/IRequestListenerPlugin.java
index b0cb173c..6b2f794d 100644
--- a/pki/base/common/src/com/netscape/certsrv/listeners/IRequestListenerPlugin.java
+++ b/pki/base/common/src/com/netscape/certsrv/listeners/IRequestListenerPlugin.java
@@ -17,62 +17,72 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.listeners;
 
-
 import com.netscape.certsrv.base.EBaseException;
 import com.netscape.certsrv.base.IConfigStore;
 
 /**
- * This interface represents a plug-in listener. Implement this class to
- * add the listener to an ARequestNotifier of a subsystem.
+ * This interface represents a plug-in listener. Implement this class to add the
+ * listener to an ARequestNotifier of a subsystem.
  * <P>
+ * 
  * @version $Revision$, $Date$
  */
 public interface IRequestListenerPlugin {
-    
+
     /**
      * get the registered class name set in the init() method.
      * <P>
-     *  @return the Name.
+     * 
+     * @return the Name.
      */
     public String getName();
-    
+
     /**
      * get the plugin implementaion name set in the init() method.
      * <P>
+     * 
      * @return the plugin implementation name.
      */
     public String getImplName();
-    
+
     /**
      * the subsystem call this method to initialize the plug-in.
      * <P>
+     * 
      * @param name the registered class name of the plug-in.
      * @param implName the implemetnation name of the plug-in.
-     * @param config the configuration store where the.
-     * properties of the plug-in are stored.
-     * @exception EBaseException throws base exception in the certificate server.
+     * @param config the configuration store where the. properties of the
+     *            plug-in are stored.
+     * @exception EBaseException throws base exception in the certificate
+     *                server.
      */
-    public void   init(String name, String implName, IConfigStore config)
-    throws EBaseException;
+    public void init(String name, String implName, IConfigStore config)
+            throws EBaseException;
+
     /**
      * shutdown the plugin.
      */
     public void shutdown();
+
     /**
      * get the configuration parameters of the plug-in.
      * <P>
+     * 
      * @return the configuration parameters.
-     * @exception EBaseException throws base exception in the certificate server.
+     * @exception EBaseException throws base exception in the certificate
+     *                server.
      */
     public String[] getConfigParams()
-    throws EBaseException;
+            throws EBaseException;
+
     /**
-     * get the configuration store of the plugin where the
-     * configuration parameters of the plug-in are stored.
+     * get the configuration store of the plugin where the configuration
+     * parameters of the plug-in are stored.
      * <P>
+     * 
      * @return the configuration store.
      */
-    
+
     public IConfigStore getConfigStore();
-    
+
 }
diff --git a/pki/base/common/src/com/netscape/certsrv/listeners/ListenersResources.java b/pki/base/common/src/com/netscape/certsrv/listeners/ListenersResources.java
index 199941be..bd03bb40 100644
--- a/pki/base/common/src/com/netscape/certsrv/listeners/ListenersResources.java
+++ b/pki/base/common/src/com/netscape/certsrv/listeners/ListenersResources.java
@@ -17,13 +17,11 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.listeners;
 
-
 import java.util.ListResourceBundle;
 
 /**
- * A class represents a resource bundle for the 
- * listeners package.
- *
+ * A class represents a resource bundle for the listeners package.
+ * 
  * @version $Revision$, $Date$
  */
 public class ListenersResources extends ListResourceBundle {
@@ -31,11 +29,14 @@ public class ListenersResources extends ListResourceBundle {
     /**
      * get the content of the resource.
      * <P>
-     * @return the content of this resource is a value pairs array of keys and values.
+     * 
+     * @return the content of this resource is a value pairs array of keys and
+     *         values.
      */
     public Object[][] getContents() {
         return contents;
     }
+
     static final Object[][] contents = {
         };
 }
diff --git a/pki/base/common/src/com/netscape/certsrv/logging/AuditEvent.java b/pki/base/common/src/com/netscape/certsrv/logging/AuditEvent.java
index 4f7e64f2..39634f24 100644
--- a/pki/base/common/src/com/netscape/certsrv/logging/AuditEvent.java
+++ b/pki/base/common/src/com/netscape/certsrv/logging/AuditEvent.java
@@ -17,20 +17,18 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.logging;
 
-
 import java.text.MessageFormat;
 import java.util.Locale;
 
 import com.netscape.certsrv.base.EBaseException;
 import com.netscape.certsrv.base.MessageFormatter;
 
-
 /**
- * The log event object that carries message detail of a log event
- * that goes into the Transaction log.  Note that the name of this
- * class "AuditEvent" is legacy and  has nothing to do with the signed 
- * audit log events, whcih are represented by SignedAuditEvent.
- *
+ * The log event object that carries message detail of a log event that goes
+ * into the Transaction log. Note that the name of this class "AuditEvent" is
+ * legacy and has nothing to do with the signed audit log events, whcih are
+ * represented by SignedAuditEvent.
+ * 
  * @version $Revision$, $Date$
  * @see java.text.MessageFormat
  * @see com.netscape.certsrv.logging.LogResources
@@ -56,12 +54,12 @@ public class AuditEvent implements IBundleLogEvent {
      * The bundle name for this event.
      */
     private String mBundleName = LogResources.class.getName();
-    private static final String INVALID_LOG_LEVEL="log level: {0} is invalid, should be 0-6";
+    private static final String INVALID_LOG_LEVEL = "log level: {0} is invalid, should be 0-6";
 
     /**
      * Constructs a message event
      * <P>
-     *
+     * 
      * @param msgFormat the message string
      */
     public AuditEvent(String msgFormat) {
@@ -71,11 +69,12 @@ public class AuditEvent implements IBundleLogEvent {
 
     /**
      * Constructs a message with a parameter. For example,
+     * 
      * <PRE>
-     *         new AuditEvent("failed to load {0}", fileName);
+     * new AuditEvent(&quot;failed to load {0}&quot;, fileName);
      * </PRE>
      * <P>
-     *
+     * 
      * @param msgFormat details in message string format
      * @param param message string parameter
      */
@@ -86,9 +85,9 @@ public class AuditEvent implements IBundleLogEvent {
     }
 
     /**
-     * Constructs a message from an exception. It can be used to carry
-     * a system exception that may contain information about
-     * the context. For example,
+     * Constructs a message from an exception. It can be used to carry a system
+     * exception that may contain information about the context. For example,
+     * 
      * <PRE>
      *         try {
      *          ...
@@ -97,7 +96,7 @@ public class AuditEvent implements IBundleLogEvent {
      *      }
      * </PRE>
      * <P>
-     *
+     * 
      * @param msgFormat exception details in message string format
      * @param exception system exception
      */
@@ -110,6 +109,7 @@ public class AuditEvent implements IBundleLogEvent {
     /**
      * Constructs a message from a base exception. This will use the msgFormat
      * from the exception itself.
+     * 
      * <PRE>
      *         try {
      *          ...
@@ -118,7 +118,7 @@ public class AuditEvent implements IBundleLogEvent {
      *      }
      * </PRE>
      * <P>
-     *
+     * 
      * @param e CMS exception
      */
     public AuditEvent(Exception e) {
@@ -132,10 +132,10 @@ public class AuditEvent implements IBundleLogEvent {
     }
 
     /**
-     * Constructs a message event with a list of parameters
-     * that will be substituted into the message format.
+     * Constructs a message event with a list of parameters that will be
+     * substituted into the message format.
      * <P>
-     *
+     * 
      * @param msgFormat message string format
      * @param params list of message format parameters
      */
@@ -147,7 +147,7 @@ public class AuditEvent implements IBundleLogEvent {
     /**
      * Returns the current message format string.
      * <P>
-     *
+     * 
      * @return details message
      */
     public String getMessage() {
@@ -157,7 +157,7 @@ public class AuditEvent implements IBundleLogEvent {
     /**
      * Returns a list of parameters.
      * <P>
-     *
+     * 
      * @return list of message format parameters
      */
     public Object[] getParameters() {
@@ -165,10 +165,10 @@ public class AuditEvent implements IBundleLogEvent {
     }
 
     /**
-     * Returns localized message string. This method should
-     * only be called if a localized string is necessary.
+     * Returns localized message string. This method should only be called if a
+     * localized string is necessary.
      * <P>
-     *
+     * 
      * @return details message
      */
     public String toContent() {
@@ -178,7 +178,7 @@ public class AuditEvent implements IBundleLogEvent {
     /**
      * Returns the string based on the given locale.
      * <P>
-     *
+     * 
      * @param locale locale
      * @return details message
      */
@@ -189,8 +189,9 @@ public class AuditEvent implements IBundleLogEvent {
     }
 
     /**
-     * Gets the resource bundle name for this class instance.  This should
-     * be overridden by subclasses who have their own resource bundles.
+     * Gets the resource bundle name for this class instance. This should be
+     * overridden by subclasses who have their own resource bundles.
+     * 
      * @param bundle String that represents the resource bundle name to be set
      */
     public void setBundleName(String bundle) {
@@ -199,6 +200,7 @@ public class AuditEvent implements IBundleLogEvent {
 
     /**
      * Retrieves bundle name.
+     * 
      * @return a String that represents the resource bundle name
      */
     protected String getBundleName() {
@@ -207,8 +209,9 @@ public class AuditEvent implements IBundleLogEvent {
 
     /**
      * Retrieves log source.
-     * @return an integer that indicates the component source
-     * where this message event was triggered
+     * 
+     * @return an integer that indicates the component source where this message
+     *         event was triggered
      */
     public int getSource() {
         return mSource;
@@ -216,18 +219,18 @@ public class AuditEvent implements IBundleLogEvent {
 
     /**
      * Sets log source.
-     * @param source an integer that represents the component source
-     * where this message event was triggered
+     * 
+     * @param source an integer that represents the component source where this
+     *            message event was triggered
      */
     public void setSource(int source) {
         mSource = source;
     }
 
-    
     /**
-     * Retrieves log level.
-     * The log level of an event represents its relative importance
-     * or severity within CMS.
+     * Retrieves log level. The log level of an event represents its relative
+     * importance or severity within CMS.
+     * 
      * @return Integer log level value.
      */
     public int getLevel() {
@@ -236,6 +239,7 @@ public class AuditEvent implements IBundleLogEvent {
 
     /**
      * Retrieves NT specific log event type.
+     * 
      * @return Integer NTEventType value.
      */
     public int getNTEventType() {
@@ -243,9 +247,9 @@ public class AuditEvent implements IBundleLogEvent {
     }
 
     /**
-     * Sets log level, NT log event type.
-     * For certain log levels the NT log event type gets
-     * set as well.
+     * Sets log level, NT log event type. For certain log levels the NT log
+     * event type gets set as well.
+     * 
      * @param level Integer log level value.
      */
     public void setLevel(int level) {
@@ -273,19 +277,21 @@ public class AuditEvent implements IBundleLogEvent {
             break;
         }
     }
-   
+
     /**
      * Retrieves log multiline attribute.
-     * @return Boolean whether or not this event is multiline.
-     * A multiline message simply consists of more than one line.
-     */ 
+     * 
+     * @return Boolean whether or not this event is multiline. A multiline
+     *         message simply consists of more than one line.
+     */
     public boolean getMultiline() {
         return mMultiline;
     }
 
     /**
-     * Sets log multiline attribute. A multiline message consists of
-     * more than one line.
+     * Sets log multiline attribute. A multiline message consists of more than
+     * one line.
+     * 
      * @param multiline Boolean multiline value.
      */
     public void setMultiline(boolean multiline) {
@@ -294,26 +300,27 @@ public class AuditEvent implements IBundleLogEvent {
 
     /**
      * Retrieves event time stamp.
+     * 
      * @return Long integer of the time the event was created.
      */
     public long getTimeStamp() {
         return mTimeStamp;
     }
 
-    
     /**
-     * Retrieves log event type. Each type of event
-     * has an associated String type value.
+     * Retrieves log event type. Each type of event has an associated String
+     * type value.
+     * 
      * @return String containing the type of event.
      */
     public String getEventType() {
         return mEventType;
     }
 
-    
     /**
-     * Sets log event type. Each type of event
-     * has an associated String type value.
+     * Sets log event type. Each type of event has an associated String type
+     * value.
+     * 
      * @param eventType String containing the type of event.
      */
     public void setEventType(String eventType) {
@@ -321,15 +328,16 @@ public class AuditEvent implements IBundleLogEvent {
     }
 
     /**
-    * Return string representation of log message.
-    * @return String containing log message.
-    */
+     * Return string representation of log message.
+     * 
+     * @return String containing log message.
+     */
     public String toString() {
         if (getBundleName() == null) {
             MessageFormat detailMessage = new MessageFormat(mMessage);
 
             return detailMessage.format(mParams);
-            //return getMessage();
+            // return getMessage();
         } else
             return toContent();
     }
diff --git a/pki/base/common/src/com/netscape/certsrv/logging/AuditFormat.java b/pki/base/common/src/com/netscape/certsrv/logging/AuditFormat.java
index 8d870ad9..1e4ae331 100644
--- a/pki/base/common/src/com/netscape/certsrv/logging/AuditFormat.java
+++ b/pki/base/common/src/com/netscape/certsrv/logging/AuditFormat.java
@@ -17,12 +17,11 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.logging;
 
-
 /**
- * Define audit log message format. Note that the name of this
- * class "AuditFormat" is legacy and  has nothing to do with the signed 
- * audit log events format
- *
+ * Define audit log message format. Note that the name of this class
+ * "AuditFormat" is legacy and has nothing to do with the signed audit log
+ * events format
+ * 
  * @version $Revision$, $Date$
  */
 public class AuditFormat {
@@ -40,18 +39,18 @@ public class AuditFormat {
     /**
      * initiative: the event is from agent
      */
-    public static final String FROMAGENT = "fromAgent";        
+    public static final String FROMAGENT = "fromAgent";
 
     /**
      * initiative: the event is from router
      */
-    public static final String FROMROUTER = "fromRouter";  
+    public static final String FROMROUTER = "fromRouter";
 
     /**
      * initiative: the event is from remote authority
      */
     public static final String FROMRA = "fromRemoteAuthority";
-      
+
     /**
      * authentication module: no Authentication manager
      */
@@ -59,54 +58,49 @@ public class AuditFormat {
 
     // for ProcessCertReq.java ,kra
     /**
-     0: request type
-     1: request ID
-     2: initiative
-     3: auth module
-     4: status
-     5: cert dn
-     6: other info. eg cert serial number, violation policies
+     * 0: request type 1: request ID 2: initiative 3: auth module 4: status 5:
+     * cert dn 6: other info. eg cert serial number, violation policies
      */
-    public static final String FORMAT = 
-        "{0} reqID {1} {2} authenticated by {3} is {4} DN requested: {5} {6}";
-    public static final  String NODNFORMAT = 
-        "{0} reqID {1} {2} authenticated by {3} is {4}";
+    public static final String FORMAT =
+            "{0} reqID {1} {2} authenticated by {3} is {4} DN requested: {5} {6}";
+    public static final String NODNFORMAT =
+            "{0} reqID {1} {2} authenticated by {3} is {4}";
 
-    public static final String ENROLLMENTFORMAT = 
-        "Enrollment request reqID {0} {1} authenticated by {2} is {3}. DN requested: {4} {5}";
-    public static final String RENEWALFORMAT = 
-        "Renewal request reqID {0} {1} authenticated by {2} is {3}. DN requested: {4} old serial number: 0x{5} {6}";
-    public static final String REVOCATIONFORMAT = 
-        "Revocation request reqID {0} {1} authenticated by {2} is {3}. DN requested: {4} serial number: 0x{5} revocation reason: {6} {7}";
+    public static final String ENROLLMENTFORMAT =
+            "Enrollment request reqID {0} {1} authenticated by {2} is {3}. DN requested: {4} {5}";
+    public static final String RENEWALFORMAT =
+            "Renewal request reqID {0} {1} authenticated by {2} is {3}. DN requested: {4} old serial number: 0x{5} {6}";
+    public static final String REVOCATIONFORMAT =
+            "Revocation request reqID {0} {1} authenticated by {2} is {3}. DN requested: {4} serial number: 0x{5} revocation reason: {6} {7}";
 
     // 1: fromAgent AgentID: xxx authenticated by xxx
-    public static final String DOREVOKEFORMAT = 
-        "Revocation request reqID {0} {1} is {2}. DN requested: {3} serial number: 0x{4} revocation reason: {5}";
+    public static final String DOREVOKEFORMAT =
+            "Revocation request reqID {0} {1} is {2}. DN requested: {3} serial number: 0x{4} revocation reason: {5}";
     // 1: fromAgent AgentID: xxx authenticated by xxx
-    public static final String DOUNREVOKEFORMAT = 
-        "Unrevocation request reqID {0} {1} is {2}. DN requested: {3} serial number: 0x{4}";
+    public static final String DOUNREVOKEFORMAT =
+            "Unrevocation request reqID {0} {1} is {2}. DN requested: {3} serial number: 0x{4}";
 
     // 0:initiative
-    public static final String CRLUPDATEFORMAT = 
-        "CRLUpdate request {0} authenticated by {1} is {2}. Id: {3}\ncrl Number: {4} last update time: {5} next update time: {6} number of entries in the CRL: {7}";
+    public static final String CRLUPDATEFORMAT =
+            "CRLUpdate request {0} authenticated by {1} is {2}. Id: {3}\ncrl Number: {4} last update time: {5} next update time: {6} number of entries in the CRL: {7}";
 
     // audit user/group
     public static final String ADDUSERFORMAT =
-        "Admin UID: {0} added User UID: {1}";
+            "Admin UID: {0} added User UID: {1}";
     public static final String REMOVEUSERFORMAT =
-        "Admin UID: {0} removed User UID: {1} ";
+            "Admin UID: {0} removed User UID: {1} ";
     public static final String MODIFYUSERFORMAT =
-        "Admin UID: {0} modified User UID: {1}";
+            "Admin UID: {0} modified User UID: {1}";
     public static final String ADDUSERCERTFORMAT =
-        "Admin UID: {0} added cert for User UID: {1}. cert DN: {2} serial number: 0x{3}";
+            "Admin UID: {0} added cert for User UID: {1}. cert DN: {2} serial number: 0x{3}";
     public static final String REMOVEUSERCERTFORMAT =
-        "Admin UID: {0} removed cert of User UID: {1}. cert DN: {2} serial number: 0x{3}";
+            "Admin UID: {0} removed cert of User UID: {1}. cert DN: {2} serial number: 0x{3}";
     public static final String ADDUSERGROUPFORMAT =
-        "Admin UID: {0} added User UID: {1} to group: {2}";
+            "Admin UID: {0} added User UID: {1} to group: {2}";
     public static final String REMOVEUSERGROUPFORMAT =
-        "Admin UID: {0} removed User UID: {1} from group: {2}";
+            "Admin UID: {0} removed User UID: {1} from group: {2}";
 
     // LDAP publishing
-    public static final String LDAP_PUBLISHED_FORMAT = 
-        "{0} successfully published serial number: 0x{1} with DN: {2}";
+    public static final String LDAP_PUBLISHED_FORMAT =
+            "{0} successfully published serial number: 0x{1} with DN: {2}";
 }
diff --git a/pki/base/common/src/com/netscape/certsrv/logging/ConsoleError.java b/pki/base/common/src/com/netscape/certsrv/logging/ConsoleError.java
index 146824ac..13e0f3d4 100644
--- a/pki/base/common/src/com/netscape/certsrv/logging/ConsoleError.java
+++ b/pki/base/common/src/com/netscape/certsrv/logging/ConsoleError.java
@@ -17,12 +17,9 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.logging;
 
-
-
-
 /**
  * A static class to log error messages to the Console
- *
+ * 
  * @version $Revision$, $Date$
  */
 public class ConsoleError {
@@ -30,8 +27,8 @@ public class ConsoleError {
 
     /**
      * Send the given event to the Console.
-     *
-     * @param	ev	log event to be sent to the console
+     * 
+     * @param ev log event to be sent to the console
      */
     public static void send(ILogEvent ev) {
         console.log(ev);
diff --git a/pki/base/common/src/com/netscape/certsrv/logging/ConsoleLog.java b/pki/base/common/src/com/netscape/certsrv/logging/ConsoleLog.java
index 8dee67ef..20ec08a0 100644
--- a/pki/base/common/src/com/netscape/certsrv/logging/ConsoleLog.java
+++ b/pki/base/common/src/com/netscape/certsrv/logging/ConsoleLog.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.logging;
 
-
 import java.io.IOException;
 import java.util.Hashtable;
 import java.util.Vector;
@@ -29,64 +28,63 @@ import com.netscape.certsrv.base.IConfigStore;
 import com.netscape.certsrv.base.ISubsystem;
 import com.netscape.certsrv.common.NameValuePairs;
 
-
 /**
  * A log event listener which sends all log events to the system console/tty
- *
+ * 
  * @version $Revision$, $Date$
  */
 public class ConsoleLog implements ILogEventListener {
 
     /**
-     * Log the given event.  Usually called from a log manager.
-     *
-     * @param	ev	log event
+     * Log the given event. Usually called from a log manager.
+     * 
+     * @param ev log event
      */
     public void log(ILogEvent ev) {
         System.err.println(Thread.currentThread().getName() + ": " + ev);
     }
 
     /**
-     * Flush the system output stream. 
-     *
+     * Flush the system output stream.
+     * 
      */
     public void flush() {
         System.err.flush();
     }
 
-	/**
-	 * All operations need to be cleaned up for shutdown are done here
-	 */
+    /**
+     * All operations need to be cleaned up for shutdown are done here
+     */
     public void shutdown() {
     }
 
-	/**
-	 * get the configuration store that is associated with this
-	 * log listener
-	 * @return the configuration store that is associated with this
-	 * log listener
-	 */
+    /**
+     * get the configuration store that is associated with this log listener
+     * 
+     * @return the configuration store that is associated with this log listener
+     */
     public IConfigStore getConfigStore() {
         return null;
     }
 
-    public void init(ISubsystem owner, IConfigStore config) 
-        throws EBaseException {
+    public void init(ISubsystem owner, IConfigStore config)
+            throws EBaseException {
     }
 
     public void startup() throws EBaseException {
     }
 
     /**
-     * Retrieve last "maxLine" number of system log with log lever >"level"
-     * and from  source "source". If the parameter is omitted. All entries
-     * are sent back.
-	 * @param req a Hashtable containing the required information such as
-	 * log entry, log level, log source, and log name
-	 * @return the content of the log that match the criteria in req
-	 * @exception servletException
-	 * @exception IOException
-	 * @exception EBaseException
+     * Retrieve last "maxLine" number of system log with log lever >"level" and
+     * from source "source". If the parameter is omitted. All entries are sent
+     * back.
+     * 
+     * @param req a Hashtable containing the required information such as log
+     *            entry, log level, log source, and log name
+     * @return the content of the log that match the criteria in req
+     * @exception servletException
+     * @exception IOException
+     * @exception EBaseException
      */
     public synchronized NameValuePairs retrieveLogContent(Hashtable<String, String> req) throws ServletException,
             IOException, EBaseException {
@@ -94,8 +92,8 @@ public class ConsoleLog implements ILogEventListener {
     }
 
     /**
-     * Retrieve log file list.
-	 * <br> unimplemented
+     * Retrieve log file list. <br>
+     * unimplemented
      */
     public synchronized NameValuePairs retrieveLogList(Hashtable<String, String> req) throws ServletException,
             IOException, EBaseException {
diff --git a/pki/base/common/src/com/netscape/certsrv/logging/ELogException.java b/pki/base/common/src/com/netscape/certsrv/logging/ELogException.java
index 90a74ba4..ed36ea5f 100644
--- a/pki/base/common/src/com/netscape/certsrv/logging/ELogException.java
+++ b/pki/base/common/src/com/netscape/certsrv/logging/ELogException.java
@@ -17,16 +17,14 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.logging;
 
-
 import java.util.Locale;
 
 import com.netscape.certsrv.base.EBaseException;
 import com.netscape.certsrv.base.MessageFormatter;
 
-
 /**
- * This class implements a Log exception. LogExceptions
- * should be caught by LogSubsystem managers.
+ * This class implements a Log exception. LogExceptions should be caught by
+ * LogSubsystem managers.
  * <P>
  * 
  * @version $Revision$, $Date$
@@ -39,14 +37,14 @@ public class ELogException extends EBaseException {
      */
     private static final long serialVersionUID = -8903703675126348145L;
     /**
-    * Resource bundle class name.
-    */
+     * Resource bundle class name.
+     */
     private static final String LOG_RESOURCES = LogResources.class.getName();
 
     /**
      * Constructs a log exception.
      * <P>
-     *
+     * 
      * @param msgFormat Exception details.
      */
     public ELogException(String msgFormat) {
@@ -56,11 +54,12 @@ public class ELogException extends EBaseException {
 
     /**
      * Constructs a log exception with a parameter. For example,
+     * 
      * <PRE>
-     * 		new ELogException("failed to load {0}", fileName);
+     * new ELogException(&quot;failed to load {0}&quot;, fileName);
      * </PRE>
      * <P>
-     *
+     * 
      * @param msgFormat Exception details in message string format.
      * @param param Message string parameter.
      */
@@ -71,9 +70,9 @@ public class ELogException extends EBaseException {
     }
 
     /**
-     * Constructs a log exception. It can be used to carry
-     * a system exception that may contain information about
-     * the context. For example,
+     * Constructs a log exception. It can be used to carry a system exception
+     * that may contain information about the context. For example,
+     * 
      * <PRE>
      * 		try {
      *  		...
@@ -82,7 +81,7 @@ public class ELogException extends EBaseException {
      *      }
      * </PRE>
      * <P>
-     *
+     * 
      * @param msgFormat Exception details in message string format.
      * @param param System exception.
      */
@@ -93,10 +92,10 @@ public class ELogException extends EBaseException {
     }
 
     /**
-     * Constructs a log exception with a list of parameters
-     * that will be substituted into the message format.
+     * Constructs a log exception with a list of parameters that will be
+     * substituted into the message format.
      * <P>
-     *
+     * 
      * @param msgFormat Exception details in message string format.
      * @param params List of message format parameters.
      */
@@ -108,7 +107,7 @@ public class ELogException extends EBaseException {
     /**
      * Returns a list of parameters.
      * <P>
-     *
+     * 
      * @return list of message format parameters.
      */
     public Object[] getParameters() {
@@ -116,10 +115,10 @@ public class ELogException extends EBaseException {
     }
 
     /**
-     * Returns localized exception string. This method should
-     * only be called if a localized string is necessary.
+     * Returns localized exception string. This method should only be called if
+     * a localized string is necessary.
      * <P>
-     *
+     * 
      * @return Details message.
      */
     public String toString() {
@@ -129,7 +128,7 @@ public class ELogException extends EBaseException {
     /**
      * Returns the string based on the given locale.
      * <P>
-     *
+     * 
      * @param locale Locale.
      * @return Details message.
      */
@@ -139,13 +138,14 @@ public class ELogException extends EBaseException {
     }
 
     /**
-     * Retrieves resource bundle name.
-     * Subclasses should override this as necessary
+     * Retrieves resource bundle name. Subclasses should override this as
+     * necessary
+     * 
      * @return String containing name of resource bundle.
      */
 
     protected String getBundleName() {
         return LOG_RESOURCES;
     }
-	
+
 }
diff --git a/pki/base/common/src/com/netscape/certsrv/logging/ELogNotFound.java b/pki/base/common/src/com/netscape/certsrv/logging/ELogNotFound.java
index 2dad7aec..7de84733 100644
--- a/pki/base/common/src/com/netscape/certsrv/logging/ELogNotFound.java
+++ b/pki/base/common/src/com/netscape/certsrv/logging/ELogNotFound.java
@@ -17,10 +17,9 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.logging;
 
-
 /**
  * Exception for log not found.
- *
+ * 
  * @version $Revision$, $Date$
  */
 public class ELogNotFound extends ELogException {
@@ -32,6 +31,7 @@ public class ELogNotFound extends ELogException {
 
     /**
      * Constructs a exception for a missing required log.
+     * 
      * @param errorString Detailed error message.
      */
     public ELogNotFound(String errorString) {
diff --git a/pki/base/common/src/com/netscape/certsrv/logging/ELogPluginNotFound.java b/pki/base/common/src/com/netscape/certsrv/logging/ELogPluginNotFound.java
index efac65a2..6c434aff 100644
--- a/pki/base/common/src/com/netscape/certsrv/logging/ELogPluginNotFound.java
+++ b/pki/base/common/src/com/netscape/certsrv/logging/ELogPluginNotFound.java
@@ -17,10 +17,9 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.logging;
 
-
 /**
  * Exception for log plugin not found.
- *
+ * 
  * @version $Revision$, $Date$
  */
 public class ELogPluginNotFound extends ELogException {
@@ -32,10 +31,10 @@ public class ELogPluginNotFound extends ELogException {
 
     /**
      * Constructs a exception for a missing log plugin.
+     * 
      * @param errorString Detailed error message.
      */
     public ELogPluginNotFound(String errorString) {
         super(errorString);
     }
 }
-
diff --git a/pki/base/common/src/com/netscape/certsrv/logging/IBundleLogEvent.java b/pki/base/common/src/com/netscape/certsrv/logging/IBundleLogEvent.java
index 44a4283b..a1a10304 100644
--- a/pki/base/common/src/com/netscape/certsrv/logging/IBundleLogEvent.java
+++ b/pki/base/common/src/com/netscape/certsrv/logging/IBundleLogEvent.java
@@ -17,23 +17,19 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.logging;
 
-
-
-
 /**
- * An interface which all loggable events must implement.
- * See ILogEvent class.
- * This class maintains a resource bundle name for given
- * event type.
- *
+ * An interface which all loggable events must implement. See ILogEvent class.
+ * This class maintains a resource bundle name for given event type.
+ * 
  * @version $Revision$, $Date$
  */
 public interface IBundleLogEvent extends ILogEvent {
 
     /**
-    * Sets the name of the resource bundle to be associated
-    * with this event type.
-    * @param bundle name of resource bundle.
-    */
+     * Sets the name of the resource bundle to be associated with this event
+     * type.
+     * 
+     * @param bundle name of resource bundle.
+     */
     public void setBundleName(String bundle);
 }
diff --git a/pki/base/common/src/com/netscape/certsrv/logging/ILogEvent.java b/pki/base/common/src/com/netscape/certsrv/logging/ILogEvent.java
index d0caca71..07bd67d0 100644
--- a/pki/base/common/src/com/netscape/certsrv/logging/ILogEvent.java
+++ b/pki/base/common/src/com/netscape/certsrv/logging/ILogEvent.java
@@ -17,80 +17,81 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.logging;
 
-
 import java.io.Serializable;
 import java.util.Locale;
 
-
 /**
- * An interface which all loggable events must implement. CMS comes
- * with a limited set of ILogEvent types to implement: audit, system, and 
- * signed audit.  This is the base class of all the subsequent implemented types.
- * A log event represents a certain kind of log message designed for a specific purpose.
- * For instance, an audit type event represents messages having to do with auditable CMS
- * actions.  The resulting message will ultimately appear into a specific log file.
- *
+ * An interface which all loggable events must implement. CMS comes with a
+ * limited set of ILogEvent types to implement: audit, system, and signed audit.
+ * This is the base class of all the subsequent implemented types. A log event
+ * represents a certain kind of log message designed for a specific purpose. For
+ * instance, an audit type event represents messages having to do with auditable
+ * CMS actions. The resulting message will ultimately appear into a specific log
+ * file.
+ * 
  * @version $Revision$, $Date$
  */
 public interface ILogEvent extends Serializable {
 
     /**
      * Retrieves event time stamp.
+     * 
      * @return Long integer of the time the event was created.
      */
     public long getTimeStamp();
 
     /**
-     * Retrieves log source.
-     * This is an id of the subsystem responsible
-     * for creating the log event.
+     * Retrieves log source. This is an id of the subsystem responsible for
+     * creating the log event.
+     * 
      * @return Integer source id.
      */
     public int getSource();
 
-    
     /**
-     * Retrieves log level.
-     * The log level of an event represents its relative importance
-     * or severity within CMS.
+     * Retrieves log level. The log level of an event represents its relative
+     * importance or severity within CMS.
+     * 
      * @return Integer log level value.
      */
     public int getLevel();
 
     /**
      * Retrieves NT specific log event type.
+     * 
      * @return Integer NTEventType value.
      */
     public int getNTEventType();
 
     /**
-    *  Retrieves multiline attribute.
-    *  Does this message consiste of more than one line.
-    *  @return Boolean of multiline status.
-    */
+     * Retrieves multiline attribute. Does this message consiste of more than
+     * one line.
+     * 
+     * @return Boolean of multiline status.
+     */
     public boolean getMultiline();
 
-
     /**
-     * Retrieves log event type. Each type of event
-     * has an associated String type value.
+     * Retrieves log event type. Each type of event has an associated String
+     * type value.
+     * 
      * @return String containing the type of event.
      */
     public String getEventType();
 
     /**
-     * Sets log event type. Each type of event
-     * has an associated String type value.
+     * Sets log event type. Each type of event has an associated String type
+     * value.
+     * 
      * @param eventType String containing the type of event.
      */
     public void setEventType(String eventType);
 
-
     /**
-     * Returns localized message string. This method should
-     * only be called if a localized string is necessary.
+     * Returns localized message string. This method should only be called if a
+     * localized string is necessary.
      * <P>
-     *
+     * 
      * @return Details message.
      */
     public String toContent();
@@ -98,7 +99,7 @@ public interface ILogEvent extends Serializable {
     /**
      * Returns the string based on the given locale.
      * <P>
-     *
+     * 
      * @param locale locale
      * @return Details message.
      */
diff --git a/pki/base/common/src/com/netscape/certsrv/logging/ILogEventFactory.java b/pki/base/common/src/com/netscape/certsrv/logging/ILogEventFactory.java
index f94f20a9..0cf4c23e 100644
--- a/pki/base/common/src/com/netscape/certsrv/logging/ILogEventFactory.java
+++ b/pki/base/common/src/com/netscape/certsrv/logging/ILogEventFactory.java
@@ -17,22 +17,19 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.logging;
 
-
 import java.util.Properties;
 
-
 /**
- * An interface represents a log event factory. This
- * factory will be responsible for creating and returning ILogEvent objects
- * on demand.
- *
+ * An interface represents a log event factory. This factory will be responsible
+ * for creating and returning ILogEvent objects on demand.
+ * 
  * @version $Revision$, $Date$
  */
 public interface ILogEventFactory {
 
     /**
      * Creates an event of a particular event type/class.
-     *
+     * 
      * @param evtClass The event type.
      * @param prop The resource bundle.
      * @param source The subsystem ID who creates the log event.
@@ -43,11 +40,11 @@ public interface ILogEventFactory {
      * @return The created ILogEvent object.
      */
     public ILogEvent create(int evtClass, Properties prop, int source,
-        int level, boolean multiline, String msg, Object params[]);
+            int level, boolean multiline, String msg, Object params[]);
 
     /**
      * Releases previously created event.
-     *
+     * 
      * @param event The log event.
      */
     public void release(ILogEvent event);
diff --git a/pki/base/common/src/com/netscape/certsrv/logging/ILogEventListener.java b/pki/base/common/src/com/netscape/certsrv/logging/ILogEventListener.java
index 80953ead..48aa11d6 100644
--- a/pki/base/common/src/com/netscape/certsrv/logging/ILogEventListener.java
+++ b/pki/base/common/src/com/netscape/certsrv/logging/ILogEventListener.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.logging;
 
-
 import java.io.IOException;
 import java.util.EventListener;
 import java.util.Hashtable;
@@ -30,102 +29,105 @@ import com.netscape.certsrv.base.IConfigStore;
 import com.netscape.certsrv.base.ISubsystem;
 import com.netscape.certsrv.common.NameValuePairs;
 
-
-
 /**
- * An interface represents a log event listener.
- * A ILogEventListener is registered to  a specific
- * ILogQueue to be notified of created ILogEvents.
- * the log queue will notify all its registered listeners
- * of the logged event. The listener will then proceed to
- * process the event accordingly which will result in a log
- * message existing in some file.
- *
+ * An interface represents a log event listener. A ILogEventListener is
+ * registered to a specific ILogQueue to be notified of created ILogEvents. the
+ * log queue will notify all its registered listeners of the logged event. The
+ * listener will then proceed to process the event accordingly which will result
+ * in a log message existing in some file.
+ * 
  * @version $Revision$, $Date$
  */
 public interface ILogEventListener extends EventListener {
 
     /**
-     *  The event notification method: Logs event.
-     *
+     * The event notification method: Logs event.
+     * 
      * @param event The log event to be processed.
      */
     public void log(ILogEvent event) throws ELogException;
 
     /**
-     *  Flushes the log buffers (if any). Will result in the messages
-     *  being actually written to their destination.
+     * Flushes the log buffers (if any). Will result in the messages being
+     * actually written to their destination.
      */
     public void flush();
 
     /**
-     *  Closes the log file and destroys any associated threads.
+     * Closes the log file and destroys any associated threads.
      */
     public void shutdown();
 
     /**
      * Get the configuration store for the log event listener.
+     * 
      * @return The configuration store of this log event listener.
      */
     public IConfigStore getConfigStore();
 
     /**
      * Initialize this log listener
-	 * @param owner The subsystem.
-	 * @param config Configuration store for this log listener.
-	 * @exception initialization error.
+     * 
+     * @param owner The subsystem.
+     * @param config Configuration store for this log listener.
+     * @exception initialization error.
      */
-    public void init(ISubsystem owner, IConfigStore config) 
-        throws EBaseException;
+    public void init(ISubsystem owner, IConfigStore config)
+            throws EBaseException;
 
     /**
      * Startup the instance.
      */
     public void startup()
-        throws EBaseException;
+            throws EBaseException;
 
     /**
-     * Retrieve last "maxLine" number of system logs with log level >"level"
-     * and from  source "source". If the parameter is omitted. All entries
-     * are sent back.
-         * @param req a Hashtable containing the required information such as
-         * log entry, log level, log source, and log name.
-         * @return NameValue pair list of log messages.
-         * @exception ServletException For Servelet errros.
-         * @exception IOException For input/output problems.
-         * @exception EBaseException For other problems.
+     * Retrieve last "maxLine" number of system logs with log level >"level" and
+     * from source "source". If the parameter is omitted. All entries are sent
+     * back.
+     * 
+     * @param req a Hashtable containing the required information such as log
+     *            entry, log level, log source, and log name.
+     * @return NameValue pair list of log messages.
+     * @exception ServletException For Servelet errros.
+     * @exception IOException For input/output problems.
+     * @exception EBaseException For other problems.
      */
     public NameValuePairs retrieveLogContent(Hashtable<String, String> req) throws ServletException,
             IOException, EBaseException;
 
     /**
-    * Retrieve list of log files.
-    *
-    */
+     * Retrieve list of log files.
+     * 
+     */
     public NameValuePairs retrieveLogList(Hashtable<String, String> req) throws ServletException,
             IOException, EBaseException;
 
     /**
      * Returns implementation name.
+     * 
      * @return String name of event listener implementation.
      */
     public String getImplName();
 
     /**
      * Returns the description of this log event listener.
+     * 
      * @return String with listener description.
      */
     public String getDescription();
 
     /**
-    * Return list of default config parameters for this log event listener.
-    * @return Vector of default parameters.
-    */
+     * Return list of default config parameters for this log event listener.
+     * 
+     * @return Vector of default parameters.
+     */
     public Vector<String> getDefaultParams();
 
     /**
-    * Return list of instance config parameters for this log event listener.
-    * @return Vector of instance parameters.
-    */
+     * Return list of instance config parameters for this log event listener.
+     * 
+     * @return Vector of instance parameters.
+     */
     public Vector<String> getInstanceParams();
 }
diff --git a/pki/base/common/src/com/netscape/certsrv/logging/ILogQueue.java b/pki/base/common/src/com/netscape/certsrv/logging/ILogQueue.java
index 878b9ba1..5923d330 100644
--- a/pki/base/common/src/com/netscape/certsrv/logging/ILogQueue.java
+++ b/pki/base/common/src/com/netscape/certsrv/logging/ILogQueue.java
@@ -17,40 +17,35 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.logging;
 
-
-
-
 /**
- * An interface represents a log queue. A log queue
- * is a queue of pending log events to be dispatched
- * to a set of registered ILogEventListeners.
- *
+ * An interface represents a log queue. A log queue is a queue of pending log
+ * events to be dispatched to a set of registered ILogEventListeners.
+ * 
  * @version $Revision$, $Date$
  */
 public interface ILogQueue {
 
     /**
      * Dispatch the log event to all registered log event listeners.
-     *
+     * 
      * @param evt the log event
      */
     public void log(ILogEvent evt);
 
     /**
-     * Flushes log queue, flushes all registered listeners.
-     * Messages should be written to their destination.
+     * Flushes log queue, flushes all registered listeners. Messages should be
+     * written to their destination.
      */
     public void flush();
 
     /**
      * Registers an event listener.
-     *
-     * @param listener The log event listener to be registered
-     * to this queue.
+     * 
+     * @param listener The log event listener to be registered to this queue.
      */
     public void addLogEventListener(ILogEventListener listener);
 
-    /** 
+    /**
      * Removes an event listener.
      * 
      * @param listener The log event listener to be removed from this queue.
@@ -60,7 +55,7 @@ public interface ILogQueue {
     /**
      * Initializes the log queue.
      * <P>
-     *
+     * 
      */
     public void init();
 
diff --git a/pki/base/common/src/com/netscape/certsrv/logging/ILogSubsystem.java b/pki/base/common/src/com/netscape/certsrv/logging/ILogSubsystem.java
index 2bdba0ab..13495b10 100644
--- a/pki/base/common/src/com/netscape/certsrv/logging/ILogSubsystem.java
+++ b/pki/base/common/src/com/netscape/certsrv/logging/ILogSubsystem.java
@@ -17,22 +17,19 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.logging;
 
-
 import java.util.Hashtable;
 import java.util.Vector;
 
 import com.netscape.certsrv.base.ISubsystem;
 
-
 /**
- * An interface that represents a logging component.  The logging
- * component is a framework that handles different types of log types,
- * each represented by an ILogEventListener, and each implements a log 
- * plugin.  CMS  comes
- * with three standard log types: "signedAudit", "system", and
- * "transaction".  Each log plugin can be instantiated into log
- * instances.  Each log instance can be individually configured and is 
- * associated with its own configuration entries in the configuration file.
+ * An interface that represents a logging component. The logging component is a
+ * framework that handles different types of log types, each represented by an
+ * ILogEventListener, and each implements a log plugin. CMS comes with three
+ * standard log types: "signedAudit", "system", and "transaction". Each log
+ * plugin can be instantiated into log instances. Each log instance can be
+ * individually configured and is associated with its own configuration entries
+ * in the configuration file.
  * <P>
  * 
  * @version $Revision$, $Date$
@@ -45,15 +42,17 @@ public interface ILogSubsystem extends ISubsystem {
     public static final String ID = "log";
 
     /**
-     * Retrieve plugin name (implementation name) of the log event
-     * listener.  If no plug name found, an empty string is returned
+     * Retrieve plugin name (implementation name) of the log event listener. If
+     * no plug name found, an empty string is returned
+     * 
      * @param log the log event listener
      * @return the log event listener's plugin name
-     */ 
+     */
     public String getLogPluginName(ILogEventListener log);
 
     /**
      * Retrieve the log event listener by instance name
+     * 
      * @param insName the log instance name in String
      * @return the log instance in ILogEventListener
      */
@@ -61,44 +60,47 @@ public interface ILogSubsystem extends ISubsystem {
 
     /**
      * get the list of log plugins that are available
-     * @return log plugins in a Hashtable.  Each entry in the
-     * Hashtable contains the name/value pair of pluginName/LogPlugin
+     * 
+     * @return log plugins in a Hashtable. Each entry in the Hashtable contains
+     *         the name/value pair of pluginName/LogPlugin
      * @see LogPlugin
      */
-    public Hashtable<String, LogPlugin>  getLogPlugins();
+    public Hashtable<String, LogPlugin> getLogPlugins();
 
     /**
      * get the list of log instances that are available
-     * @return log instances in a Hashtable.  Each entry in the
-     * Hashtable contains the name/value pair of instName/ILogEventListener
+     * 
+     * @return log instances in a Hashtable. Each entry in the Hashtable
+     *         contains the name/value pair of instName/ILogEventListener
      * @see LogPlugin
      */
     public Hashtable<String, ILogEventListener> getLogInsts();
 
     /**
-     * Get the default configuration parameter names associated with a 
-     * plugin.  It is used by
-     * administration servlet to handle log configuration when a new
-     * log instance is added.
-     * @param implName The implementation name for which the
-     * configuration parameters are to be configured
-     * @return a Vector of default configuration paramter names
-     * associated with this log plugin
-     * @exception ELogException when instantiation of the plugin
-     * implementation fails.
+     * Get the default configuration parameter names associated with a plugin.
+     * It is used by administration servlet to handle log configuration when a
+     * new log instance is added.
+     * 
+     * @param implName The implementation name for which the configuration
+     *            parameters are to be configured
+     * @return a Vector of default configuration paramter names associated with
+     *         this log plugin
+     * @exception ELogException when instantiation of the plugin implementation
+     *                fails.
      */
     public Vector<String> getLogDefaultParams(String implName) throws
             ELogException;
 
     /**
-     * Get the default configuration parameter names associated with a 
-     * log instance.  It is used by administration servlet to handle
-     * log instance configuration.
-     * @param insName The instance name for which the configuration
-     * parameters are to be configured
-     * @return a Vector of default configuration paramter names
-     * associated with this log instance.
+     * Get the default configuration parameter names associated with a log
+     * instance. It is used by administration servlet to handle log instance
+     * configuration.
+     * 
+     * @param insName The instance name for which the configuration parameters
+     *            are to be configured
+     * @return a Vector of default configuration paramter names associated with
+     *         this log instance.
      */
     public Vector<String> getLogInstanceParams(String insName)
-        throws ELogException;
+            throws ELogException;
 }
diff --git a/pki/base/common/src/com/netscape/certsrv/logging/ILogger.java b/pki/base/common/src/com/netscape/certsrv/logging/ILogger.java
index 01fbc6b9..d32386cc 100644
--- a/pki/base/common/src/com/netscape/certsrv/logging/ILogger.java
+++ b/pki/base/common/src/com/netscape/certsrv/logging/ILogger.java
@@ -17,23 +17,22 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.logging;
 
-
 import java.util.Properties;
 
-
 /**
- * An interface represents a logger for certificate server. This object is used to
- * issue log messages for the various types of logging event types.  A log message results
- * in a  ILogEvent being created.  This event is then placed on a ILogQueue to be ultimately
- * written to the destination log file.  This object also maintains a collection of ILogFactory objects
- * which are used to create the supported types of ILogEvents. CMS comes out of the box with three event
- * types:  "signedAudit", "system", and "audit".
- *
+ * An interface represents a logger for certificate server. This object is used
+ * to issue log messages for the various types of logging event types. A log
+ * message results in a ILogEvent being created. This event is then placed on a
+ * ILogQueue to be ultimately written to the destination log file. This object
+ * also maintains a collection of ILogFactory objects which are used to create
+ * the supported types of ILogEvents. CMS comes out of the box with three event
+ * types: "signedAudit", "system", and "audit".
+ * 
  * @version $Revision$, $Date$
  */
 public interface ILogger {
-    
-    //List of defined log classes.
+
+    // List of defined log classes.
     /**
      * log class: audit event.
      */
@@ -41,24 +40,24 @@ public interface ILogger {
     public static final String PROP_AUDIT = "transaction";
 
     /**
-     * log class: system event. 
-     * System event with log level >= LL_FAILURE will also be logged in error log
+     * log class: system event. System event with log level >= LL_FAILURE will
+     * also be logged in error log
      */
     public static final int EV_SYSTEM = 1;
     public static final String PROP_SYSTEM = "system";
 
     /**
-     * log class: SignedAudit event. 
+     * log class: SignedAudit event.
      */
     public static final int EV_SIGNED_AUDIT = 2;
     public static final String PROP_SIGNED_AUDIT = "signedAudit";
 
-    //List of defined log sources.
-	
+    // List of defined log sources.
+
     /**
      * log source: used by servlet to retrieve all logs
      */
-    public static final int S_ALL = 0; //used by servlet only
+    public static final int S_ALL = 0; // used by servlet only
 
     /**
      * log source: identify the log entry is from KRA
@@ -136,30 +135,29 @@ public interface ILogger {
      */
 
     public static final int S_TKS = 16;
-    
+
     /**
-     * log source: identify the log entry is from other subsystem
-     * eg. policy, security, connector,registration
+     * log source: identify the log entry is from other subsystem eg. policy,
+     * security, connector,registration
      */
     public static final int S_OTHER = 20;
 
-
     // List of defined log levels.
     /**
      * log level: used by servlet to retrieve all level logs
      */
-    public static final int LL_ALL = -1; //used by servlet only
-    public static final String LL_ALL_STRING = "All"; //used by servlet only
+    public static final int LL_ALL = -1; // used by servlet only
+    public static final String LL_ALL_STRING = "All"; // used by servlet only
 
     /**
      * log level: indicate this log entry is debug info
      */
-    
+
     /**
-     * Debug level is depreciated since CMS6.1. Please use
-     * CMS.debug() to output messages to debugging file.
+     * Debug level is depreciated since CMS6.1. Please use CMS.debug() to output
+     * messages to debugging file.
      */
-    public static final int LL_DEBUG = 0;  // depreciated
+    public static final int LL_DEBUG = 0; // depreciated
     public static final String LL_DEBUG_STRING = "Debug";
 
     /**
@@ -199,20 +197,20 @@ public interface ILogger {
     public static final String LL_SECURITY_STRING = "Security";
 
     /**
-     * "SubjectID" for system-initiated events logged
-     * in signed audit log messages
+     * "SubjectID" for system-initiated events logged in signed audit log
+     * messages
      */
     public static final String SYSTEM_UID = "$System$";
 
     /**
-     * A constant string value used to denote a single "unknown" identity
-     * in signed audit log messages
+     * A constant string value used to denote a single "unknown" identity in
+     * signed audit log messages
      */
     public static final String UNIDENTIFIED = "$Unidentified$";
 
     /**
-     * A constant string value used to denote a single "non-role" identity
-     * in signed audit log messages
+     * A constant string value used to denote a single "non-role" identity in
+     * signed audit log messages
      */
     public static final String NONROLEUSER = "$NonRoleUser$";
 
@@ -221,23 +219,22 @@ public interface ILogger {
      */
     public static final String SUCCESS = "Success";
     public static final String FAILURE = "Failure";
-    
+
     /**
-     * A constant string value used to denote a "non-applicable"
-     * data value in signed audit log messages
+     * A constant string value used to denote a "non-applicable" data value in
+     * signed audit log messages
      */
     public final static String SIGNED_AUDIT_NON_APPLICABLE = "N/A";
 
     /**
-     * A constant string value used to denote an "empty", or "null",
-     * data value in signed audit log messages
+     * A constant string value used to denote an "empty", or "null", data value
+     * in signed audit log messages
      */
     public final static String SIGNED_AUDIT_EMPTY_VALUE = "<null>";
 
     /**
-     * Constant string values associated with the type of certificate
-     * processing stored in the "InfoName" field in certain signed
-     * audit log messages
+     * Constant string values associated with the type of certificate processing
+     * stored in the "InfoName" field in certain signed audit log messages
      */
     public final static String SIGNED_AUDIT_ACCEPTANCE = "certificate";
     public final static String SIGNED_AUDIT_CANCELLATION = "cancelReason";
@@ -258,7 +255,7 @@ public interface ILogger {
      * NT event type: correspont to log level LL_FAILURE and above
      */
     public static final int NT_ERROR = 1;
-    
+
     // List of defined log multiline attribute.
     /**
      * indicate the log message has more than one line
@@ -272,8 +269,9 @@ public interface ILogger {
 
     /**
      * Logs an event to the log queue.
-     *
-     * @param evtClass What kind of event it is: EV_AUDIT or EV_SYSTEM or EV_SIGNED_AUDIT.
+     * 
+     * @param evtClass What kind of event it is: EV_AUDIT or EV_SYSTEM or
+     *            EV_SIGNED_AUDIT.
      * @param source The source of the log event.
      * @param msg The detail message to be logged.
      */
@@ -281,8 +279,9 @@ public interface ILogger {
 
     /**
      * Logs an event to the log queue.
-     *
-     * @param evtClass What kind of event it is: EV_AUDIT or EV_SYSTEM or EV_SIGNED_AUDIT.
+     * 
+     * @param evtClass What kind of event it is: EV_AUDIT or EV_SYSTEM or
+     *            EV_SIGNED_AUDIT.
      * @param props The resource bundle used for the detailed message.
      * @param source The source of the log event.
      * @param msg The detail message to be logged.
@@ -291,8 +290,9 @@ public interface ILogger {
 
     /**
      * Logs an event to the log queue.
-     *
-     * @param evtClass What kind of event it is: EV_AUDIT or EV_SYSTEM or EV_SIGNED_AUDIT.
+     * 
+     * @param evtClass What kind of event it is: EV_AUDIT or EV_SYSTEM or
+     *            EV_SIGNED_AUDIT.
      * @param source The source of the log event.
      * @param level The level of the log event.
      * @param msg The detail message to be logged.
@@ -301,8 +301,9 @@ public interface ILogger {
 
     /**
      * Logs an event to the log queue.
-     *
-     * @param evtClass What kind of event it is: EV_AUDIT or EV_SYSTEM or EV_SIGNED_AUDIT.
+     * 
+     * @param evtClass What kind of event it is: EV_AUDIT or EV_SYSTEM or
+     *            EV_SIGNED_AUDIT.
      * @param props The resource bundle used for the detailed message.
      * @param source The source of the log event.
      * @param level The level of the log event.
@@ -312,8 +313,9 @@ public interface ILogger {
 
     /**
      * Logs an event to the log queue.
-     *
-     * @param evtClass What kind of event it is: EV_AUDIT or EV_SYSTEM or EV_SIGNED_AUDIT.
+     * 
+     * @param evtClass What kind of event it is: EV_AUDIT or EV_SYSTEM or
+     *            EV_SIGNED_AUDIT.
      * @param source The source of the log event.
      * @param level The level of the log event.
      * @param msg The detail message to be logged.
@@ -323,8 +325,9 @@ public interface ILogger {
 
     /**
      * Logs an event to the log queue.
-     *
-     * @param evtClass What kind of event it is: EV_AUDIT or EV_SYSTEM or EV_SIGNED_AUDIT.
+     * 
+     * @param evtClass What kind of event it is: EV_AUDIT or EV_SYSTEM or
+     *            EV_SIGNED_AUDIT.
      * @param source The source of the log event.
      * @param level The level of the log event.
      * @param msg The detail message to be logged.
@@ -334,8 +337,9 @@ public interface ILogger {
 
     /**
      * Logs an event to the log queue.
-     *
-     * @param evtClass What kind of event it is: EV_AUDIT or EV_SYSTEM or EV_SIGNED_AUDIT.
+     * 
+     * @param evtClass What kind of event it is: EV_AUDIT or EV_SYSTEM or
+     *            EV_SIGNED_AUDIT.
      * @param props The resource bundle used for the detailed message.
      * @param source The source of the log event.
      * @param msg The detail message to be logged.
@@ -345,8 +349,9 @@ public interface ILogger {
 
     /**
      * Logs an event to the log queue.
-     *
-     * @param evtClass What kind of event it is: EV_AUDIT or EV_SYSTEM or EV_SIGNED_AUDIT.
+     * 
+     * @param evtClass What kind of event it is: EV_AUDIT or EV_SYSTEM or
+     *            EV_SIGNED_AUDIT.
      * @param props The resource bundle used for the detailed message.
      * @param source The source of the log event.
      * @param level The level of the log event.
@@ -354,12 +359,13 @@ public interface ILogger {
      * @param param The parameter in the detail message.
      */
     public void log(int evtClass, Properties props, int source, int level, String msg,
-        Object param);
+            Object param);
 
     /**
      * Logs an event to the log queue.
-     *
-     * @param evtClass What kind of event it is: EV_AUDIT or EV_SYSTEM or EV_SIGNED_AUDIT.
+     * 
+     * @param evtClass What kind of event it is: EV_AUDIT or EV_SYSTEM or
+     *            EV_SIGNED_AUDIT.
      * @param prop The resource bundle used for the detailed message.
      * @param source The source of the log event.
      * @param level The level of the log event.
@@ -367,119 +373,145 @@ public interface ILogger {
      * @param params The parameters in the detail message.
      */
     public void log(int evtClass, Properties prop, int source, int level, String msg,
-        Object params[]);
+            Object params[]);
 
-    //multiline log
+    // multiline log
 
     /**
      * Logs an event to the log queue.
-     *
-     * @param evtClass What kind of event it is: EV_AUDIT or EV_SYSTEM or EV_SIGNED_AUDIT.
+     * 
+     * @param evtClass What kind of event it is: EV_AUDIT or EV_SYSTEM or
+     *            EV_SIGNED_AUDIT.
      * @param source The source of the log event.
      * @param msg The detail message to be logged.
-     * @param multiline true If the message has more than one line, otherwise false.
+     * @param multiline true If the message has more than one line, otherwise
+     *            false.
      */
     public void log(int evtClass, int source, String msg, boolean multiline);
 
     /**
      * Logs an event to the log queue.
-     *
-     * @param evtClass What kind of event it is: EV_AUDIT or EV_SYSTEM or EV_SIGNED_AUDIT.
+     * 
+     * @param evtClass What kind of event it is: EV_AUDIT or EV_SYSTEM or
+     *            EV_SIGNED_AUDIT.
      * @param props The resource bundle used for the detailed message.
      * @param source The source of the log event.
      * @param msg The detail message to be logged.
-     * @param multiline True if the message has more than one line, otherwise false.
+     * @param multiline True if the message has more than one line, otherwise
+     *            false.
      */
     public void log(int evtClass, Properties props, int source, String msg, boolean multiline);
 
     /**
      * Logs an event to the log queue.
-     *
-     * @param evtClass What kind of event it is: EV_AUDIT or EV_SYSTEM or EV_SIGNED_AUDIT.
+     * 
+     * @param evtClass What kind of event it is: EV_AUDIT or EV_SYSTEM or
+     *            EV_SIGNED_AUDIT.
      * @param source The source of the log event.
      * @param level The level of the log event.
      * @param msg The detail message to be logged.
-     * @param multiline True if the message has more than one line, otherwise false.
+     * @param multiline True if the message has more than one line, otherwise
+     *            false.
      */
     public void log(int evtClass, int source, int level, String msg, boolean multiline);
 
     /**
      * Logs an event to the log queue.
-     *
-     * @param evtClass What kind of event it is: EV_AUDIT or EV_SYSTEM or EV_SIGNED_AUDIT.
+     * 
+     * @param evtClass What kind of event it is: EV_AUDIT or EV_SYSTEM or
+     *            EV_SIGNED_AUDIT.
      * @param props The resource bundle used for the detailed message.
      * @param source The source of the log event.
      * @param level The level of the log event.
      * @param msg The detail message to be logged.
-     * @param multiline True if the message has more than one line, otherwise false.
+     * @param multiline True if the message has more than one line, otherwise
+     *            false.
      */
     public void log(int evtClass, Properties props, int source, int level, String msg, boolean multiline);
 
     /**
      * Logs an event to the log queue.
-     *
-     * @param evtClass What kind of event it is: EV_AUDIT or EV_SYSTEM or EV_SIGNED_AUDIT.
+     * 
+     * @param evtClass What kind of event it is: EV_AUDIT or EV_SYSTEM or
+     *            EV_SIGNED_AUDIT.
      * @param source The source of the log event.
      * @param level The level of the log event.
      * @param msg The detail message to be logged.
      * @param param The parameter in the detail message.
-     * @param multiline True if the message has more than one line, otherwise false.
+     * @param multiline True if the message has more than one line, otherwise
+     *            false.
      */
     public void log(int evtClass, int source, int level, String msg, Object param, boolean multiline);
 
     /**
      * Logs an event to the log queue.
-     *
-     * @param evtClass What kind of event it is: EV_AUDIT or EV_SYSTEM or EV_SIGNED_AUDIT.
+     * 
+     * @param evtClass What kind of event it is: EV_AUDIT or EV_SYSTEM or
+     *            EV_SIGNED_AUDIT.
      * @param props The resource bundle used for the detailed message.
      * @param source TTTTsource of the log event.
      * @param msg The detail message to be logged.
      * @param param The parameter in the detail message.
-     * @param multiline True if the message has more than one line, otherwise false.
+     * @param multiline True if the message has more than one line, otherwise
+     *            false.
      */
     public void log(int evtClass, Properties props, int source, String msg, Object param, boolean multiline);
 
     /**
      * Logs an event to the log queue.
-     *
-     * @param evtClass What kind of event it is: EV_AUDIT or EV_SYSTEM or EV_SIGNED_AUDIT.
+     * 
+     * @param evtClass What kind of event it is: EV_AUDIT or EV_SYSTEM or
+     *            EV_SIGNED_AUDIT.
      * @param props The resource bundle used for the detailed message.
      * @param source The source of the log event.
      * @param level The level of the log event.
      * @param msg The detail message to be logged.
      * @param param The parameter in the detail message.
-     * @param multiline True if the message has more than one line, otherwise false.
+     * @param multiline True if the message has more than one line, otherwise
+     *            false.
      */
     public void log(int evtClass, Properties props, int source, int level, String msg,
-        Object param, boolean multiline);
+            Object param, boolean multiline);
 
     /**
      * Logs an event to the log queue.
-     *
-     * @param evtClass What kind of event it is: EV_AUDIT or EV_SYSTEM or EV_SIGNED_AUDIT.
+     * 
+     * @param evtClass What kind of event it is: EV_AUDIT or EV_SYSTEM or
+     *            EV_SIGNED_AUDIT.
      * @param prop The resource bundle used for the detailed message.
      * @param source The source of the log event.
      * @param level The level of the log event.
      * @param msg The detail message to be logged.
      * @param params The parameters in the detail message.
-     * @param multiline True if the message has more than one line, otherwise false.
+     * @param multiline True if the message has more than one line, otherwise
+     *            false.
      */
     public void log(int evtClass, Properties prop, int source, int level, String msg,
-        Object params[], boolean multiline);
+            Object params[], boolean multiline);
 
     /*
      * Generates an ILogEvent
-     * @param evtClass What kind of event it is: EV_AUDIT or EV_SYSTEM or EV_SIGNED_AUDIT.
+     * 
+     * @param evtClass What kind of event it is: EV_AUDIT or EV_SYSTEM or
+     * EV_SIGNED_AUDIT.
+     * 
      * @param props The resource bundle used for the detailed message.
+     * 
      * @param source The source of the log event.
+     * 
      * @param level The level of the log event.
+     * 
      * @param msg The detail message to be logged.
+     * 
      * @param params The parameters in the detail message.
-     * @param multiline True if the message has more than one line, otherwise false.
+     * 
+     * @param multiline True if the message has more than one line, otherwise
+     * false.
+     * 
      * @return ILogEvent, a log event.
      */
     public ILogEvent create(int evtClass, Properties prop, int source, int level,
-        String msg, Object params[], boolean multiline);
+            String msg, Object params[], boolean multiline);
 
     /**
      * Register a log event factory. Which will create the desired ILogEvents.
@@ -487,8 +519,8 @@ public interface ILogger {
     public void register(int evtClass, ILogEventFactory f);
 
     /**
-     * Retrieves the associated log queue.  The log queue is where issued log events
-     * are collected for later processing.
+     * Retrieves the associated log queue. The log queue is where issued log
+     * events are collected for later processing.
      */
     public ILogQueue getLogQueue();
 
diff --git a/pki/base/common/src/com/netscape/certsrv/logging/LogPlugin.java b/pki/base/common/src/com/netscape/certsrv/logging/LogPlugin.java
index b8195eec..9d7a5cc4 100644
--- a/pki/base/common/src/com/netscape/certsrv/logging/LogPlugin.java
+++ b/pki/base/common/src/com/netscape/certsrv/logging/LogPlugin.java
@@ -17,18 +17,16 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.logging;
 
-
 import com.netscape.certsrv.base.Plugin;
 
-
 /**
  * This class represents a registered logger plugin.
  * <P>
- *
+ * 
  * @version $Revision$, $Date$
  */
 public class LogPlugin extends Plugin {
-    public LogPlugin (String id, String path) {
+    public LogPlugin(String id, String path) {
         super(id, path);
     }
 }
diff --git a/pki/base/common/src/com/netscape/certsrv/logging/LogResources.java b/pki/base/common/src/com/netscape/certsrv/logging/LogResources.java
index 6a7472ff..33615443 100644
--- a/pki/base/common/src/com/netscape/certsrv/logging/LogResources.java
+++ b/pki/base/common/src/com/netscape/certsrv/logging/LogResources.java
@@ -17,17 +17,15 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.logging;
 
-
 import java.util.ListResourceBundle;
 import java.util.ResourceBundle;
 
 import com.netscape.certsrv.base.BaseResources;
 
-
 /**
  * This is the fallback resource bundle for all log events.
  * <P>
- *
+ * 
  * @version $Revision$, $Date$
  * @see java.util.ListResourceBundle
  */
@@ -35,9 +33,9 @@ public class LogResources extends ListResourceBundle {
     public static final String BASE_RESOURCES = BaseResources.class.getName();
 
     /**
-     * Contructs a log resource bundle and sets it's parent to the base
-     * resource bundle.
-     *
+     * Contructs a log resource bundle and sets it's parent to the base resource
+     * bundle.
+     * 
      * @see com.netscape.certsrv.base.BaseResources
      */
     public LogResources() {
@@ -47,6 +45,7 @@ public class LogResources extends ListResourceBundle {
 
     /**
      * Returns the content of this resource.
+     * 
      * @return Array of objects making up the contents of this resource.
      */
     public Object[][] getContents() {
diff --git a/pki/base/common/src/com/netscape/certsrv/logging/SignedAuditEvent.java b/pki/base/common/src/com/netscape/certsrv/logging/SignedAuditEvent.java
index ab86a4ce..099ab701 100644
--- a/pki/base/common/src/com/netscape/certsrv/logging/SignedAuditEvent.java
+++ b/pki/base/common/src/com/netscape/certsrv/logging/SignedAuditEvent.java
@@ -17,20 +17,18 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.logging;
 
-
 import java.text.MessageFormat;
 import java.util.Locale;
 
 import com.netscape.certsrv.base.EBaseException;
 import com.netscape.certsrv.base.MessageFormatter;
 
-
 /**
- * The log event object that carries message detail of a log event
- * that goes into the  Signed Audit Event log.  This log has the
- * property of being digitally signed for security considerations.
- *
- *
+ * The log event object that carries message detail of a log event that goes
+ * into the Signed Audit Event log. This log has the property of being digitally
+ * signed for security considerations.
+ * 
+ * 
  * @version $Revision$, $Date$
  * @see java.text.MessageFormat
  * @see com.netscape.certsrv.logging.LogResources
@@ -52,18 +50,18 @@ public class SignedAuditEvent implements IBundleLogEvent {
     private boolean mMultiline = false;
     private long mTimeStamp = System.currentTimeMillis();
 
-    private static final String INVALID_LOG_LEVEL="log level: {0} is invalid, should be 0-6";
+    private static final String INVALID_LOG_LEVEL = "log level: {0} is invalid, should be 0-6";
 
     /**
-     * The bundle name for this event.
-     * ....not anymore...keep for now and clean up later
+     * The bundle name for this event. ....not anymore...keep for now and clean
+     * up later
      */
     private String mBundleName = LogResources.class.getName();
 
     /**
      * Constructs a SignedAuditEvent message event.
      * <P>
-     *
+     * 
      * @param msgFormat The message string.
      */
     public SignedAuditEvent(String msgFormat) {
@@ -73,11 +71,12 @@ public class SignedAuditEvent implements IBundleLogEvent {
 
     /**
      * Constructs a message with a parameter. For example,
+     * 
      * <PRE>
-     * 		new SignedAuditEvent("failed to load {0}", fileName);
+     * new SignedAuditEvent(&quot;failed to load {0}&quot;, fileName);
      * </PRE>
      * <P>
-     *
+     * 
      * @param msgFormat Details in message string format.
      * @param param Message string parameter.
      */
@@ -88,9 +87,10 @@ public class SignedAuditEvent implements IBundleLogEvent {
     }
 
     /**
-     * Constructs a message from an exception. It can be used to carry
-     * a signed audit exception that may contain information about
-     * the context. For example,
+     * Constructs a message from an exception. It can be used to carry a signed
+     * audit exception that may contain information about the context. For
+     * example,
+     * 
      * <PRE>
      * 		try {
      *  		...
@@ -99,7 +99,7 @@ public class SignedAuditEvent implements IBundleLogEvent {
      *      }
      * </PRE>
      * <P>
-     *
+     * 
      * @param msgFormat Exception details in message string format.
      * @param exception System exception.
      */
@@ -112,6 +112,7 @@ public class SignedAuditEvent implements IBundleLogEvent {
     /**
      * Constructs a message from a base exception. This will use the msgFormat
      * from the exception itself.
+     * 
      * <PRE>
      * 		try {
      *  		...
@@ -120,7 +121,7 @@ public class SignedAuditEvent implements IBundleLogEvent {
      *      }
      * </PRE>
      * <P>
-     *
+     * 
      * @param e CMS exception.
      */
     public SignedAuditEvent(Exception e) {
@@ -134,10 +135,10 @@ public class SignedAuditEvent implements IBundleLogEvent {
     }
 
     /**
-     * Constructs a message event with a list of parameters
-     * that will be substituted into the message format.
+     * Constructs a message event with a list of parameters that will be
+     * substituted into the message format.
      * <P>
-     *
+     * 
      * @param msgFormat Message string format.
      * @param params List of message format parameters.
      */
@@ -149,7 +150,7 @@ public class SignedAuditEvent implements IBundleLogEvent {
     /**
      * Returns the current message format string.
      * <P>
-     *
+     * 
      * @return Details message.
      */
     public String getMessage() {
@@ -157,10 +158,10 @@ public class SignedAuditEvent implements IBundleLogEvent {
     }
 
     /**
-     * Returns a list of parameters. These parameters can be
-     * used to assist in formatting the message.
+     * Returns a list of parameters. These parameters can be used to assist in
+     * formatting the message.
      * <P>
-     *
+     * 
      * @return List of message format parameters.
      */
     public Object[] getParameters() {
@@ -168,10 +169,10 @@ public class SignedAuditEvent implements IBundleLogEvent {
     }
 
     /**
-     * Returns localized message string. This method should
-     * only be called if a localized string is necessary.
+     * Returns localized message string. This method should only be called if a
+     * localized string is necessary.
      * <P>
-     *
+     * 
      * @return Details message.
      */
     public String toContent() {
@@ -181,7 +182,7 @@ public class SignedAuditEvent implements IBundleLogEvent {
     /**
      * Returns the string based on the given locale.
      * <P>
-     *
+     * 
      * @param locale Locale.
      * @return Details message.
      */
@@ -192,8 +193,9 @@ public class SignedAuditEvent implements IBundleLogEvent {
     }
 
     /**
-     * Sets the resource bundle name for this class instance.  This should
-     * be overridden by subclasses who have their own resource bundles.
+     * Sets the resource bundle name for this class instance. This should be
+     * overridden by subclasses who have their own resource bundles.
+     * 
      * @param bundle String with name of resource bundle.
      */
     public void setBundleName(String bundle) {
@@ -202,6 +204,7 @@ public class SignedAuditEvent implements IBundleLogEvent {
 
     /**
      * Retrieves bundle name.
+     * 
      * @return String with name of resource bundle.
      */
     protected String getBundleName() {
@@ -209,9 +212,9 @@ public class SignedAuditEvent implements IBundleLogEvent {
     }
 
     /**
-     * Retrieves log source.
-     * This is an id of the subsystem responsible
-     * for creating the log event.
+     * Retrieves log source. This is an id of the subsystem responsible for
+     * creating the log event.
+     * 
      * @return Integer source id.
      */
     public int getSource() {
@@ -220,6 +223,7 @@ public class SignedAuditEvent implements IBundleLogEvent {
 
     /**
      * Sets log source.
+     * 
      * @param source Integer id of log source.
      */
     public void setSource(int source) {
@@ -227,18 +231,18 @@ public class SignedAuditEvent implements IBundleLogEvent {
     }
 
     /**
-     * Retrieves log level.
-     * The log level of an event represents its relative importance
-     * or severity within CMS.
+     * Retrieves log level. The log level of an event represents its relative
+     * importance or severity within CMS.
+     * 
      * @return Integer log level value.
      */
     public int getLevel() {
         return mLevel;
     }
 
-    
     /**
      * Retrieves NT specific log event type.
+     * 
      * @return Integer NTEventType value.
      */
     public int getNTEventType() {
@@ -246,9 +250,9 @@ public class SignedAuditEvent implements IBundleLogEvent {
     }
 
     /**
-     * Sets log level, NT log event type.
-     * For certain log levels the NT log event type gets
-     * set as well.
+     * Sets log level, NT log event type. For certain log levels the NT log
+     * event type gets set as well.
+     * 
      * @param level Integer log level value.
      */
     public void setLevel(int level) {
@@ -279,45 +283,47 @@ public class SignedAuditEvent implements IBundleLogEvent {
 
     /**
      * Retrieves log multiline attribute.
-     * @return Boolean whether or not this event is multiline.
-     * A multiline message simply consists of more than one line.
+     * 
+     * @return Boolean whether or not this event is multiline. A multiline
+     *         message simply consists of more than one line.
      */
     public boolean getMultiline() {
         return mMultiline;
     }
 
     /**
-     * Sets log multiline attribute. A multiline message consists of
-     * more than one line.
+     * Sets log multiline attribute. A multiline message consists of more than
+     * one line.
+     * 
      * @param multiline Boolean multiline value.
      */
     public void setMultiline(boolean multiline) {
         mMultiline = multiline;
     }
 
-    
     /**
      * Retrieves event time stamp.
+     * 
      * @return Long integer of the time the event was created.
      */
     public long getTimeStamp() {
         return mTimeStamp;
     }
 
-    
     /**
-     * Retrieves log event type. Each type of event
-     * has an associated String type value.
+     * Retrieves log event type. Each type of event has an associated String
+     * type value.
+     * 
      * @return String containing the type of event.
      */
     public String getEventType() {
         return mEventType;
     }
 
-    
     /**
-     * Sets log event type. Each type of event
-     * has an associated String type value.
+     * Sets log event type. Each type of event has an associated String type
+     * value.
+     * 
      * @param eventType String containing the type of event.
      */
     public void setEventType(String eventType) {
@@ -325,9 +331,10 @@ public class SignedAuditEvent implements IBundleLogEvent {
     }
 
     /**
-    * Return string representation of log message.
-    * @return String containing log message.
-    */
+     * Return string representation of log message.
+     * 
+     * @return String containing log message.
+     */
     public String toString() {
         if (getBundleName() == null) {
             MessageFormat detailMessage = new MessageFormat(mMessage);
diff --git a/pki/base/common/src/com/netscape/certsrv/logging/SystemEvent.java b/pki/base/common/src/com/netscape/certsrv/logging/SystemEvent.java
index 83026323..7e39e523 100644
--- a/pki/base/common/src/com/netscape/certsrv/logging/SystemEvent.java
+++ b/pki/base/common/src/com/netscape/certsrv/logging/SystemEvent.java
@@ -17,19 +17,16 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.logging;
 
-
 import java.text.MessageFormat;
 import java.util.Locale;
 
 import com.netscape.certsrv.base.EBaseException;
 import com.netscape.certsrv.base.MessageFormatter;
 
-
 /**
- * The log event object that carries a log message.
- * This class represents System events which are CMS events
- * which need to be logged to a log file. 
- *
+ * The log event object that carries a log message. This class represents System
+ * events which are CMS events which need to be logged to a log file.
+ * 
  * @version $Revision$, $Date$
  * @see java.text.MessageFormat
  * @see com.netscape.certsrv.logging.LogResources
@@ -56,12 +53,12 @@ public class SystemEvent implements IBundleLogEvent {
      */
     private String mBundleName = LogResources.class.getName();
 
-    private static final String INVALID_LOG_LEVEL="log level: {0} is invalid, should be 0-6";
+    private static final String INVALID_LOG_LEVEL = "log level: {0} is invalid, should be 0-6";
 
     /**
      * Constructs a SystemEvent message event.
      * <P>
-     *
+     * 
      * @param msgFormat The message string.
      */
     public SystemEvent(String msgFormat) {
@@ -71,11 +68,12 @@ public class SystemEvent implements IBundleLogEvent {
 
     /**
      * Constructs a SystemEvent message with a parameter. For example,
+     * 
      * <PRE>
-     * 		new SystemEvent("failed to load {0}", fileName);
+     * new SystemEvent(&quot;failed to load {0}&quot;, fileName);
      * </PRE>
      * <P>
-     *
+     * 
      * @param msgFormat Details in message string format.
      * @param param Message string parameter.
      */
@@ -86,9 +84,10 @@ public class SystemEvent implements IBundleLogEvent {
     }
 
     /**
-     * Constructs a SystemEvent message from an exception. It can be used to carry
-     * a system exception that may contain information about
-     * the context. For example,
+     * Constructs a SystemEvent message from an exception. It can be used to
+     * carry a system exception that may contain information about the context.
+     * For example,
+     * 
      * <PRE>
      * 		try {
      *  		...
@@ -97,7 +96,7 @@ public class SystemEvent implements IBundleLogEvent {
      *      }
      * </PRE>
      * <P>
-     *
+     * 
      * @param msgFormat Exception details in message string format.
      * @param exception System exception.
      */
@@ -108,8 +107,9 @@ public class SystemEvent implements IBundleLogEvent {
     }
 
     /**
-     * Constructs a SystemEvent message from a base exception. This will use the msgFormat
-     * from the exception itself.
+     * Constructs a SystemEvent message from a base exception. This will use the
+     * msgFormat from the exception itself.
+     * 
      * <PRE>
      * 		try {
      *  		...
@@ -118,7 +118,7 @@ public class SystemEvent implements IBundleLogEvent {
      *      }
      * </PRE>
      * <P>
-     *
+     * 
      * @param e CMS exception.
      */
     public SystemEvent(Exception e) {
@@ -132,10 +132,10 @@ public class SystemEvent implements IBundleLogEvent {
     }
 
     /**
-     * Constructs a SystemEvent message event with a list of parameters
-     * that will be substituted into the message format.
+     * Constructs a SystemEvent message event with a list of parameters that
+     * will be substituted into the message format.
      * <P>
-     *
+     * 
      * @param msgFormat Message string format.
      * @param params List of message format parameters.
      */
@@ -147,7 +147,7 @@ public class SystemEvent implements IBundleLogEvent {
     /**
      * Returns the current message format string.
      * <P>
-     *
+     * 
      * @return Details message.
      */
     public String getMessage() {
@@ -155,10 +155,10 @@ public class SystemEvent implements IBundleLogEvent {
     }
 
     /**
-     * Returns a list of parameters. These parameters can be
-     * used to assist in formatting the message.
+     * Returns a list of parameters. These parameters can be used to assist in
+     * formatting the message.
      * <P>
-     *
+     * 
      * @return List of message format parameters.
      */
     public Object[] getParameters() {
@@ -166,10 +166,10 @@ public class SystemEvent implements IBundleLogEvent {
     }
 
     /**
-     * Returns localized message string. This method should
-     * only be called if a localized string is necessary.
+     * Returns localized message string. This method should only be called if a
+     * localized string is necessary.
      * <P>
-     *
+     * 
      * @return Details message.
      */
     public String toContent() {
@@ -179,7 +179,7 @@ public class SystemEvent implements IBundleLogEvent {
     /**
      * Returns the string based on the given locale.
      * <P>
-     *
+     * 
      * @param locale Locale.
      * @return Details message.
      */
@@ -190,8 +190,9 @@ public class SystemEvent implements IBundleLogEvent {
     }
 
     /**
-     * Sets the resource bundle name for this class instance.  This should
-     * be overridden by subclasses who have their own resource bundles.
+     * Sets the resource bundle name for this class instance. This should be
+     * overridden by subclasses who have their own resource bundles.
+     * 
      * @param bundle String with the name of resource bundle.
      */
     public void setBundleName(String bundle) {
@@ -200,6 +201,7 @@ public class SystemEvent implements IBundleLogEvent {
 
     /**
      * Retrieves bundle name.
+     * 
      * @return String with name of resource bundle.
      */
     protected String getBundleName() {
@@ -207,9 +209,9 @@ public class SystemEvent implements IBundleLogEvent {
     }
 
     /**
-     * Retrieves log source.
-     * This is an id of the subsystem responsible
-     * for creating the log event.
+     * Retrieves log source. This is an id of the subsystem responsible for
+     * creating the log event.
+     * 
      * @return Integer source id.
      */
     public int getSource() {
@@ -217,8 +219,8 @@ public class SystemEvent implements IBundleLogEvent {
     }
 
     /**
-     * Sets log source.
-     * Sets the id of the subsystem issuing the event.
+     * Sets log source. Sets the id of the subsystem issuing the event.
+     * 
      * @param source Integer source id.
      */
     public void setSource(int source) {
@@ -226,9 +228,9 @@ public class SystemEvent implements IBundleLogEvent {
     }
 
     /**
-     * Retrieves log level.
-     * The log level of an event represents its relative importance
-     * or severity within CMS.
+     * Retrieves log level. The log level of an event represents its relative
+     * importance or severity within CMS.
+     * 
      * @return Integer log level value.
      */
     public int getLevel() {
@@ -237,6 +239,7 @@ public class SystemEvent implements IBundleLogEvent {
 
     /**
      * Retrieves NT specific log event type.
+     * 
      * @return Integer NTEventType value.
      */
     public int getNTEventType() {
@@ -244,9 +247,9 @@ public class SystemEvent implements IBundleLogEvent {
     }
 
     /**
-     * Sets log level, NT log event type.
-     * For certain log levels the NT log event type gets
-     * set as well.  
+     * Sets log level, NT log event type. For certain log levels the NT log
+     * event type gets set as well.
+     * 
      * @param level Integer log level value.
      */
     public void setLevel(int level) {
@@ -277,16 +280,18 @@ public class SystemEvent implements IBundleLogEvent {
 
     /**
      * Retrieves log multiline attribute.
-     * @return Boolean whether or not this event is multiline.
-     * A multiline message simply consists of more than one line.
+     * 
+     * @return Boolean whether or not this event is multiline. A multiline
+     *         message simply consists of more than one line.
      */
     public boolean getMultiline() {
         return mMultiline;
     }
 
     /**
-     * Sets log multiline attribute. A multiline message consists of
-     * more than one line.
+     * Sets log multiline attribute. A multiline message consists of more than
+     * one line.
+     * 
      * @param multiline Boolean multiline value.
      */
     public void setMultiline(boolean multiline) {
@@ -295,6 +300,7 @@ public class SystemEvent implements IBundleLogEvent {
 
     /**
      * Retrieves event time stamp.
+     * 
      * @return Long integer of the time the event was created.
      */
     public long getTimeStamp() {
@@ -302,18 +308,19 @@ public class SystemEvent implements IBundleLogEvent {
     }
 
     /**
-     * Retrieves log event type. Each type of event
-     * has an associated String type value.
+     * Retrieves log event type. Each type of event has an associated String
+     * type value.
+     * 
      * @return String containing the type of event.
      */
     public String getEventType() {
         return mEventType;
     }
 
-    
     /**
-     * Sets log event type. Each type of event
-     * has an associated String type value.
+     * Sets log event type. Each type of event has an associated String type
+     * value.
+     * 
      * @param eventType String containing the type of event.
      */
     public void setEventType(String eventType) {
@@ -321,9 +328,10 @@ public class SystemEvent implements IBundleLogEvent {
     }
 
     /**
-    * Return string representation of log message.
-    * @return String containing log message.
-    */
+     * Return string representation of log message.
+     * 
+     * @return String containing log message.
+     */
     public String toString() {
         if (getBundleName() == null) {
             MessageFormat detailMessage = new MessageFormat(mMessage);
diff --git a/pki/base/common/src/com/netscape/certsrv/notification/ENotificationException.java b/pki/base/common/src/com/netscape/certsrv/notification/ENotificationException.java
index 4e34ded3..fffc8ede 100644
--- a/pki/base/common/src/com/netscape/certsrv/notification/ENotificationException.java
+++ b/pki/base/common/src/com/netscape/certsrv/notification/ENotificationException.java
@@ -17,14 +17,12 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.notification;
 
-
 import com.netscape.certsrv.base.EBaseException;
 
-
 /**
  * A class represents a notification exception.
  * <P>
- *
+ * 
  * @version $Revision$, $Date$
  */
 public class ENotificationException extends EBaseException {
diff --git a/pki/base/common/src/com/netscape/certsrv/notification/IEmailFormProcessor.java b/pki/base/common/src/com/netscape/certsrv/notification/IEmailFormProcessor.java
index ace09a8c..b0be4862 100644
--- a/pki/base/common/src/com/netscape/certsrv/notification/IEmailFormProcessor.java
+++ b/pki/base/common/src/com/netscape/certsrv/notification/IEmailFormProcessor.java
@@ -17,17 +17,15 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.notification;
 
-
 import java.util.Hashtable;
 import java.util.Vector;
 
-
 /**
- * formulates the final email.  Escape character '\' is understood.
- * '$' is used preceeding a token name.  A token name should not be a
- * substring of any other token name
+ * formulates the final email. Escape character '\' is understood. '$' is used
+ * preceeding a token name. A token name should not be a substring of any other
+ * token name
  * <p>
- *
+ * 
  * @version $Revision$, $Date$
  */
 public interface IEmailFormProcessor {
@@ -58,16 +56,19 @@ public interface IEmailFormProcessor {
     public final static String TOKEN_REVOCATION_DATE = "RevocationDate";
 
     /*
-     * takes the form template, parse and replace all $tokens with the
-     *		 right values.  It handles escape character '\'
+     * takes the form template, parse and replace all $tokens with the right
+     * values. It handles escape character '\'
+     * 
      * @param form The locale specific form template,
-     * @param tok2vals a hashtable containing one to one mapping
-     *	 from $tokens used by the admins in the form template to the real
-     *	 values corresponding to the $tokens
+     * 
+     * @param tok2vals a hashtable containing one to one mapping from $tokens
+     * used by the admins in the form template to the real values corresponding
+     * to the $tokens
+     * 
      * @return mail content
      */
     public String getEmailContent(String form,
-        Hashtable<String, Object> tok2vals);
+            Hashtable<String, Object> tok2vals);
 
     /**
      * takes a vector of strings and concatenate them
@@ -79,4 +80,3 @@ public interface IEmailFormProcessor {
      */
     public void log(int level, String msg);
 }
-
diff --git a/pki/base/common/src/com/netscape/certsrv/notification/IEmailResolver.java b/pki/base/common/src/com/netscape/certsrv/notification/IEmailResolver.java
index 49d0851e..bb421858 100644
--- a/pki/base/common/src/com/netscape/certsrv/notification/IEmailResolver.java
+++ b/pki/base/common/src/com/netscape/certsrv/notification/IEmailResolver.java
@@ -17,25 +17,24 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.notification;
 
-
 import com.netscape.certsrv.base.EBaseException;
 
-
 /**
- * An email resolver that first checks the request email, if none,
- * then follows by checking the subjectDN of the certificate
+ * An email resolver that first checks the request email, if none, then follows
+ * by checking the subjectDN of the certificate
  * <p>
- *
+ * 
  * @version $Revision$, $Date$
  */
 public interface IEmailResolver {
 
     /**
-     * returns an email address by using the resolver keys.  The
-     *	 return value can possibly be null
+     * returns an email address by using the resolver keys. The return value can
+     * possibly be null
+     * 
      * @param keys list of keys used for resolving the email address
      */
-    public String getEmail(IEmailResolverKeys keys) 
-        throws EBaseException, ENotificationException;
+    public String getEmail(IEmailResolverKeys keys)
+            throws EBaseException, ENotificationException;
 
 }
diff --git a/pki/base/common/src/com/netscape/certsrv/notification/IEmailResolverKeys.java b/pki/base/common/src/com/netscape/certsrv/notification/IEmailResolverKeys.java
index d1a6889c..8ba95fa5 100644
--- a/pki/base/common/src/com/netscape/certsrv/notification/IEmailResolverKeys.java
+++ b/pki/base/common/src/com/netscape/certsrv/notification/IEmailResolverKeys.java
@@ -17,16 +17,14 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.notification;
 
-
 import com.netscape.certsrv.base.IAttrSet;
 
-
 /**
- * An interface represents email resolver (ordered) keys for resolving
- * emails 
- * e.g. request/cert, cert/request, request, request/cert/subjectalternatename etc.
+ * An interface represents email resolver (ordered) keys for resolving emails
+ * e.g. request/cert, cert/request, request, request/cert/subjectalternatename
+ * etc.
  * <P>
- *
+ * 
  * @version $Revision$, $Date$
  */
 public interface IEmailResolverKeys extends IAttrSet {
diff --git a/pki/base/common/src/com/netscape/certsrv/notification/IEmailTemplate.java b/pki/base/common/src/com/netscape/certsrv/notification/IEmailTemplate.java
index bcda466d..5320761f 100644
--- a/pki/base/common/src/com/netscape/certsrv/notification/IEmailTemplate.java
+++ b/pki/base/common/src/com/netscape/certsrv/notification/IEmailTemplate.java
@@ -17,13 +17,10 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.notification;
 
-
-
-
 /**
- * Files to be processed and returned to the requested parties. It
- * is a template with $tokens to be used by the form/template processor.
- *
+ * Files to be processed and returned to the requested parties. It is a template
+ * with $tokens to be used by the form/template processor.
+ * 
  * @version $Revision$, $Date$
  */
 
@@ -36,7 +33,7 @@ public interface IEmailTemplate {
      */
     public String getTemplateName();
 
-    /** 
+    /**
      * @return true if template is an html file, false otherwise
      */
     public boolean isHTML();
diff --git a/pki/base/common/src/com/netscape/certsrv/notification/IMailNotification.java b/pki/base/common/src/com/netscape/certsrv/notification/IMailNotification.java
index b537fbbd..0c141981 100644
--- a/pki/base/common/src/com/netscape/certsrv/notification/IMailNotification.java
+++ b/pki/base/common/src/com/netscape/certsrv/notification/IMailNotification.java
@@ -17,17 +17,14 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.notification;
 
-
 import java.io.IOException;
 import java.util.Vector;
 
-
 /**
- * This class handles mail notification via SMTP.
- * This class uses <b>smtp.host</b> in the configuration for smtp
- * host.  The port default (25) is used.  If no smtp specified, local
- * host is used
- *
+ * This class handles mail notification via SMTP. This class uses
+ * <b>smtp.host</b> in the configuration for smtp host. The port default (25) is
+ * used. If no smtp specified, local host is used
+ * 
  * @version $Revision$, $Date$
  */
 public interface IMailNotification {
@@ -39,36 +36,42 @@ public interface IMailNotification {
 
     /**
      * sets the "From" field
+     * 
      * @param from email address of the sender
      */
     public void setFrom(String from);
 
     /**
      * sets the "Subject" field
+     * 
      * @param subject subject of the email
      */
     public void setSubject(String subject);
 
     /**
      * sets the "Content-Type" field
+     * 
      * @param contentType content type of the email
      */
     public void setContentType(String contentType);
 
     /**
      * sets the content of the email
+     * 
      * @param content the message content
      */
     public void setContent(String content);
 
     /**
      * sets the recipients' email addresses
+     * 
      * @param addresses a list of email addresses of the recipients
      */
     public void setTo(Vector<String> addresses);
 
     /**
      * sets the recipient's email address
+     * 
      * @param to address of the recipient email address
      */
     public void setTo(String to);
diff --git a/pki/base/common/src/com/netscape/certsrv/notification/NotificationResources.java b/pki/base/common/src/com/netscape/certsrv/notification/NotificationResources.java
index 40d9e80e..e7a2be40 100644
--- a/pki/base/common/src/com/netscape/certsrv/notification/NotificationResources.java
+++ b/pki/base/common/src/com/netscape/certsrv/notification/NotificationResources.java
@@ -17,14 +17,11 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.notification;
 
-
 import java.util.ListResourceBundle;
 
-
 /**
- * A class represents a resource bundle for the 
- * Mail Notification package
- *
+ * A class represents a resource bundle for the Mail Notification package
+ * 
  * @version $Revision$, $Date$
  */
 public class NotificationResources extends ListResourceBundle {
@@ -37,8 +34,7 @@ public class NotificationResources extends ListResourceBundle {
     }
 
     /**
-     * Constants. The suffix represents the number of
-     * possible parameters.
+     * Constants. The suffix represents the number of possible parameters.
      */
 
     static final Object[][] contents = {};
diff --git a/pki/base/common/src/com/netscape/certsrv/ocsp/IDefStore.java b/pki/base/common/src/com/netscape/certsrv/ocsp/IDefStore.java
index 82c5821b..bc62dabe 100644
--- a/pki/base/common/src/com/netscape/certsrv/ocsp/IDefStore.java
+++ b/pki/base/common/src/com/netscape/certsrv/ocsp/IDefStore.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.ocsp;
 
-
 import java.math.BigInteger;
 import java.security.cert.X509CRL;
 import java.util.Date;
@@ -27,28 +26,26 @@ import com.netscape.certsrv.base.EBaseException;
 import com.netscape.certsrv.dbs.crldb.ICRLIssuingPointRecord;
 import com.netscape.certsrv.dbs.repository.IRepositoryRecord;
 
-
 /**
  * This class defines an Online Certificate Status Protocol (OCSP) store which
  * has been extended to provide information from the internal database.
- * <P> 
- *
+ * <P>
+ * 
  * @version $Revision$, $Date$
  */
-public interface IDefStore extends IOCSPStore
-{
+public interface IDefStore extends IOCSPStore {
     /**
      * This method retrieves the number of CRL updates since startup.
      * <P>
-     *
+     * 
      * @return count the number of OCSP default stores
      */
-    public int getStateCount(); 
+    public int getStateCount();
 
     /**
      * This method retrieves the number of OCSP requests since startup.
      * <P>
-     *
+     * 
      * @param id a string associated with an OCSP request
      * @return count the number of this type of OCSP requests
      */
@@ -57,30 +54,30 @@ public interface IDefStore extends IOCSPStore
     /**
      * This method creates a an OCSP default store repository record.
      * <P>
-     *
+     * 
      * @return IRepositoryRecord an instance of the repository record object
      */
-    public IRepositoryRecord createRepositoryRecord(); 
+    public IRepositoryRecord createRepositoryRecord();
 
     /**
      * This method adds a request to the default OCSP store repository.
      * <P>
-     *
+     * 
      * @param name a string representing the name of this request
      * @param thisUpdate the current request
      * @param rec an instance of the repository record object
-     * @exception EBaseException occurs when there is an error attempting to
-     *    add this request to the repository
+     * @exception EBaseException occurs when there is an error attempting to add
+     *                this request to the repository
      */
     public void addRepository(String name, String thisUpdate,
-        IRepositoryRecord rec)
-        throws EBaseException;
+            IRepositoryRecord rec)
+            throws EBaseException;
 
     /**
      * This method specifies whether or not to wait for the Certificate
      * Revocation List (CRL) to be updated.
      * <P>
-     *
+     * 
      * @return boolean true or false
      */
     public boolean waitOnCRLUpdate();
@@ -88,7 +85,7 @@ public interface IDefStore extends IOCSPStore
     /**
      * This method updates the specified CRL.
      * <P>
-     *
+     * 
      * @param crl the CRL to be updated
      * @exception EBaseException occurs when the CRL cannot be updated
      */
@@ -97,44 +94,44 @@ public interface IDefStore extends IOCSPStore
     /**
      * This method attempts to read the CRL issuing point.
      * <P>
-     *
+     * 
      * @param name the name of the CRL to be read
      * @return ICRLIssuingPointRecord the CRL issuing point
      * @exception EBaseException occurs when the specified CRL cannot be located
      */
     public ICRLIssuingPointRecord readCRLIssuingPoint(String name)
-        throws EBaseException;
+            throws EBaseException;
 
     /**
      * This method searches all CRL issuing points.
      * <P>
-     *
+     * 
      * @param maxSize specifies the largest number of hits from the search
      * @return Enumeration a list of the CRL issuing points
      * @exception EBaseException occurs when no CRL issuing point exists
      */
     public Enumeration searchAllCRLIssuingPointRecord(
-        int maxSize)
-        throws EBaseException;
+            int maxSize)
+            throws EBaseException;
 
     /**
      * This method searches all CRL issuing points constrained by the specified
      * filtering mechanism.
      * <P>
-     *
+     * 
      * @param filter a string which constrains the search
      * @param maxSize specifies the largest number of hits from the search
      * @return Enumeration a list of the CRL issuing points
      * @exception EBaseException occurs when no CRL issuing point exists
      */
     public Enumeration searchCRLIssuingPointRecord(String filter,
-        int maxSize)
-        throws EBaseException;
+            int maxSize)
+            throws EBaseException;
 
     /**
      * This method creates a CRL issuing point record.
      * <P>
-     *
+     * 
      * @param name a string representation of this CRL issuing point record
      * @param crlNumber the number of this CRL issuing point record
      * @param crlSize the size of this CRL issuing point record
@@ -143,39 +140,38 @@ public interface IDefStore extends IOCSPStore
      * @return ICRLIssuingPointRecord this CRL issuing point record
      */
     public ICRLIssuingPointRecord createCRLIssuingPointRecord(
-        String name, BigInteger crlNumber, 
-        Long crlSize, Date thisUpdate, Date nextUpdate);
+            String name, BigInteger crlNumber,
+            Long crlSize, Date thisUpdate, Date nextUpdate);
 
     /**
      * This method adds a CRL issuing point
      * <P>
-     *
+     * 
      * @param name a string representation of this CRL issuing point record
      * @param rec this CRL issuing point record
      * @exception EBaseException occurs when the specified CRL issuing point
-     *     record cannot be added
+     *                record cannot be added
      */
     public void addCRLIssuingPoint(String name, ICRLIssuingPointRecord rec)
-        throws EBaseException;
+            throws EBaseException;
 
     /**
      * This method deletes a CRL issuing point record
      * <P>
-     *
+     * 
      * @param id a string representation of this CRL issuing point record
      * @exception EBaseException occurs when the specified CRL issuing point
-     *     record cannot be deleted 
+     *                record cannot be deleted
      */
     public void deleteCRLIssuingPointRecord(String id)
-        throws EBaseException;
+            throws EBaseException;
 
     /**
-     * This method checks to see if the OCSP response should return good
-     * when the certificate is not found.
+     * This method checks to see if the OCSP response should return good when
+     * the certificate is not found.
      * <P>
-     *
+     * 
      * @return boolean true or false
      */
     public boolean isNotFoundGood();
 }
-
diff --git a/pki/base/common/src/com/netscape/certsrv/ocsp/IOCSPAuthority.java b/pki/base/common/src/com/netscape/certsrv/ocsp/IOCSPAuthority.java
index b99f6241..71030bce 100644
--- a/pki/base/common/src/com/netscape/certsrv/ocsp/IOCSPAuthority.java
+++ b/pki/base/common/src/com/netscape/certsrv/ocsp/IOCSPAuthority.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.ocsp;
 
-
 import netscape.security.x509.X500Name;
 
 import org.mozilla.jss.asn1.OBJECT_IDENTIFIER;
@@ -30,16 +29,14 @@ import com.netscape.cmsutil.ocsp.BasicOCSPResponse;
 import com.netscape.cmsutil.ocsp.ResponderID;
 import com.netscape.cmsutil.ocsp.ResponseData;
 
-
 /**
- * This class represents the primary interface for the Online Certificate
- * Status Protocol (OCSP) server.
- * <P> 
- *
+ * This class represents the primary interface for the Online Certificate Status
+ * Protocol (OCSP) server.
+ * <P>
+ * 
  * @version $Revision$, $Date$
  */
-public interface IOCSPAuthority extends ISubsystem
-{
+public interface IOCSPAuthority extends ISubsystem {
     public static final String ID = "ocsp";
 
     public final static OBJECT_IDENTIFIER OCSP_NONCE = new OBJECT_IDENTIFIER("1.3.6.1.5.5.7.48.1.2");
@@ -53,16 +50,16 @@ public interface IOCSPAuthority extends ISubsystem
     /**
      * This method retrieves the OCSP store given its name.
      * <P>
-     *
+     * 
      * @param id the string representation of an OCSP store
      * @return IOCSPStore an instance of an OCSP store object
      */
-    public IOCSPStore getOCSPStore(String id); 
+    public IOCSPStore getOCSPStore(String id);
 
     /**
      * This method retrieves the signing unit.
      * <P>
-     *
+     * 
      * @return ISigningUnit an instance of a signing unit object
      */
     public ISigningUnit getSigningUnit();
@@ -70,7 +67,7 @@ public interface IOCSPAuthority extends ISubsystem
     /**
      * This method retrieves the responder ID by its name.
      * <P>
-     *
+     * 
      * @return ResponderID an instance of a responder ID
      */
     public ResponderID getResponderIDByName();
@@ -78,16 +75,16 @@ public interface IOCSPAuthority extends ISubsystem
     /**
      * This method retrieves the responder ID by its hash.
      * <P>
-     *
+     * 
      * @return ResponderID an instance of a responder ID
      */
     public ResponderID getResponderIDByHash();
 
     /**
-     * This method retrieves the default OCSP store
-     * (i. e. - information from the internal database).
+     * This method retrieves the default OCSP store (i. e. - information from
+     * the internal database).
      * <P>
-     *
+     * 
      * @return IDefStore an instance of the default OCSP store
      */
     public IDefStore getDefaultStore();
@@ -95,17 +92,17 @@ public interface IOCSPAuthority extends ISubsystem
     /**
      * This method sets the supplied algorithm as the default signing algorithm.
      * <P>
-     *
+     * 
      * @param algorithm a string representing the requested algorithm
      * @exception EBaseException if the algorithm is unknown or disallowed
      */
     public void setDefaultAlgorithm(String algorithm)
-        throws EBaseException;
+            throws EBaseException;
 
     /**
      * This method retrieves the default signing algorithm.
      * <P>
-     *
+     * 
      * @return String the name of the default signing algorithm
      */
     public String getDefaultAlgorithm();
@@ -113,7 +110,7 @@ public interface IOCSPAuthority extends ISubsystem
     /**
      * This method retrieves all potential OCSP signing algorithms.
      * <P>
-     *
+     * 
      * @return String[] the names of all potential OCSP signing algorithms
      */
     public String[] getOCSPSigningAlgorithms();
@@ -121,17 +118,17 @@ public interface IOCSPAuthority extends ISubsystem
     /**
      * This method logs the specified message at the specified level.
      * <P>
-     *
+     * 
      * @param level the log level
      * @param msg the log message
      */
     public void log(int level, String msg);
 
     /**
-     * This method logs the specified message at the specified level given
-     * the specified event.
+     * This method logs the specified message at the specified level given the
+     * specified event.
      * <P>
-     *
+     * 
      * @param event the log event
      * @param level the log message
      * @param msg the log message
@@ -141,7 +138,7 @@ public interface IOCSPAuthority extends ISubsystem
     /**
      * This method retrieves the X500Name of an OCSP server instance.
      * <P>
-     *
+     * 
      * @return X500Name an instance of the X500 name object
      */
     public X500Name getName();
@@ -149,7 +146,7 @@ public interface IOCSPAuthority extends ISubsystem
     /**
      * This method retrieves an OCSP server instance digest name as a string.
      * <P>
-     *
+     * 
      * @param alg the signing algorithm
      * @return String the digest name of the related OCSP server
      */
@@ -158,19 +155,19 @@ public interface IOCSPAuthority extends ISubsystem
     /**
      * This method signs the basic OCSP response data provided as a parameter.
      * <P>
-     *
+     * 
      * @param rd response data
      * @return BasicOCSPResponse signed response data
-     * @exception EBaseException error associated with an inability to sign
-     *     the specified response data
+     * @exception EBaseException error associated with an inability to sign the
+     *                specified response data
      */
     public BasicOCSPResponse sign(ResponseData rd)
-        throws EBaseException;
+            throws EBaseException;
 
     /**
      * This method compares two byte arrays to see if they are equivalent.
      * <P>
-     *
+     * 
      * @param bytes the first byte array
      * @param ints the second byte array
      * @return boolean true or false
@@ -178,8 +175,10 @@ public interface IOCSPAuthority extends ISubsystem
     public boolean arraysEqual(byte[] bytes, byte[] ints);
 
     public void incTotalTime(long inc);
+
     public void incSignTime(long inc);
+
     public void incLookupTime(long inc);
+
     public void incNumOCSPRequest(long inc);
 }
-
diff --git a/pki/base/common/src/com/netscape/certsrv/ocsp/IOCSPService.java b/pki/base/common/src/com/netscape/certsrv/ocsp/IOCSPService.java
index 8ca8b2f0..cfed9f14 100644
--- a/pki/base/common/src/com/netscape/certsrv/ocsp/IOCSPService.java
+++ b/pki/base/common/src/com/netscape/certsrv/ocsp/IOCSPService.java
@@ -17,53 +17,50 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.ocsp;
 
-
 import com.netscape.certsrv.base.EBaseException;
 import com.netscape.cmsutil.ocsp.OCSPRequest;
 import com.netscape.cmsutil.ocsp.OCSPResponse;
 
-
 /**
- * This class represents the servlet that serves the Online Certificate
- * Status Protocol (OCSP) requests.
- *
+ * This class represents the servlet that serves the Online Certificate Status
+ * Protocol (OCSP) requests.
+ * 
  * @version $Revision$ $Date$
  */
-public interface IOCSPService
-{
+public interface IOCSPService {
     /**
-     * This method validates the information associated with the specified
-     * OCSP request and returns an OCSP response.
+     * This method validates the information associated with the specified OCSP
+     * request and returns an OCSP response.
      * <P>
-     *
+     * 
      * @param r an OCSP request
-     * @return OCSPResponse the OCSP response associated with the specified
-     *     OCSP request
+     * @return OCSPResponse the OCSP response associated with the specified OCSP
+     *         request
      * @exception EBaseException an error associated with the inability to
-     *     process the supplied OCSP request
+     *                process the supplied OCSP request
      */
-    public OCSPResponse validate(OCSPRequest r) 
-        throws EBaseException;
+    public OCSPResponse validate(OCSPRequest r)
+            throws EBaseException;
 
     /**
      * Returns the in-memory count of the processed OCSP requests.
-     *
+     * 
      * @return number of processed OCSP requests in memory
      */
     public long getNumOCSPRequest();
 
     /**
-     * Returns the in-memory time (in mini-second) of
-     * the processed time for OCSP requests.
-     *
+     * Returns the in-memory time (in mini-second) of the processed time for
+     * OCSP requests.
+     * 
      * @return processed times for OCSP requests
      */
     public long getOCSPRequestTotalTime();
 
     /**
-     * Returns the in-memory time (in mini-second) of
-     * the signing time for OCSP requests.
-     *
+     * Returns the in-memory time (in mini-second) of the signing time for OCSP
+     * requests.
+     * 
      * @return processed times for OCSP requests
      */
     public long getOCSPTotalSignTime();
@@ -71,11 +68,9 @@ public interface IOCSPService
     public long getOCSPTotalLookupTime();
 
     /**
-     * Returns the total data signed
-     * for OCSP requests.
-     *
+     * Returns the total data signed for OCSP requests.
+     * 
      * @return processed times for OCSP requests
      */
     public long getOCSPTotalData();
 }
-
diff --git a/pki/base/common/src/com/netscape/certsrv/ocsp/IOCSPStore.java b/pki/base/common/src/com/netscape/certsrv/ocsp/IOCSPStore.java
index ee60105c..080d13de 100644
--- a/pki/base/common/src/com/netscape/certsrv/ocsp/IOCSPStore.java
+++ b/pki/base/common/src/com/netscape/certsrv/ocsp/IOCSPStore.java
@@ -17,46 +17,43 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.ocsp;
 
-
 import com.netscape.certsrv.base.EBaseException;
 import com.netscape.certsrv.base.ISubsystem;
 import com.netscape.certsrv.common.NameValuePairs;
 import com.netscape.cmsutil.ocsp.OCSPRequest;
 import com.netscape.cmsutil.ocsp.OCSPResponse;
 
-
 /**
- * This class represents the generic interface for an Online Certificate
- * Status Protocol (OCSP) store.  Users can plugin different OCSP stores
- * by extending this class.  For example, imagine that if a user wants to
- * use the corporate LDAP server for revocation checking, then the user
- * would merely create a new class that extends this class (e. g. -
+ * This class represents the generic interface for an Online Certificate Status
+ * Protocol (OCSP) store. Users can plugin different OCSP stores by extending
+ * this class. For example, imagine that if a user wants to use the corporate
+ * LDAP server for revocation checking, then the user would merely create a new
+ * class that extends this class (e. g. -
  * "public interface ICorporateLDAPStore extends IOCSPStore").
  * <P>
- *
+ * 
  * @version $Revision$, $Date$
  */
-public interface IOCSPStore extends ISubsystem
-{
+public interface IOCSPStore extends ISubsystem {
     /**
-     * This method validates the information associated with the specified
-     * OCSP request and returns an OCSP response.
+     * This method validates the information associated with the specified OCSP
+     * request and returns an OCSP response.
      * <P>
-     *
+     * 
      * @param req an OCSP request
-     * @return OCSPResponse the OCSP response associated with the specified
-     *     OCSP request
+     * @return OCSPResponse the OCSP response associated with the specified OCSP
+     *         request
      * @exception EBaseException an error associated with the inability to
-     *     process the supplied OCSP request
+     *                process the supplied OCSP request
      */
-    public OCSPResponse validate(OCSPRequest req) 
-        throws EBaseException;
+    public OCSPResponse validate(OCSPRequest req)
+            throws EBaseException;
 
     /**
      * This method retrieves the configuration parameters associated with this
      * OCSP store.
      * <P>
-     *
+     * 
      * @return NameValuePairs all configuration items
      */
     public NameValuePairs getConfigParameters();
@@ -65,11 +62,10 @@ public interface IOCSPStore extends ISubsystem
      * This method stores the configuration parameters specified by the
      * passed-in Name Value pairs object.
      * <P>
-     *
+     * 
      * @param pairs a name-value pair object
      * @exception EBaseException an illegal name-value pair
      */
-    public void setConfigParameters(NameValuePairs pairs) 
-        throws EBaseException;
+    public void setConfigParameters(NameValuePairs pairs)
+            throws EBaseException;
 }
-
diff --git a/pki/base/common/src/com/netscape/certsrv/password/EPasswordCheckException.java b/pki/base/common/src/com/netscape/certsrv/password/EPasswordCheckException.java
index a99fd764..3dc028ff 100644
--- a/pki/base/common/src/com/netscape/certsrv/password/EPasswordCheckException.java
+++ b/pki/base/common/src/com/netscape/certsrv/password/EPasswordCheckException.java
@@ -23,7 +23,7 @@ import com.netscape.certsrv.base.PasswordResources;
 /**
  * A class represents a password checker exception.
  * <P>
- *
+ * 
  * @version $Revision$, $Date$
  */
 public class EPasswordCheckException extends EBaseException {
@@ -40,6 +40,7 @@ public class EPasswordCheckException extends EBaseException {
     /**
      * Constructs a password checker exception
      * <P>
+     * 
      * @param msgFormat exception details
      */
     public EPasswordCheckException(String msgFormat) {
@@ -49,6 +50,7 @@ public class EPasswordCheckException extends EBaseException {
     /**
      * Constructs a password checker exception.
      * <P>
+     * 
      * @param msgFormat exception details in message string format
      * @param param message string parameter
      */
@@ -59,6 +61,7 @@ public class EPasswordCheckException extends EBaseException {
     /**
      * Constructs a password checker exception.
      * <P>
+     * 
      * @param msgFormat exception details in message string format
      * @param exception system exception
      */
@@ -69,6 +72,7 @@ public class EPasswordCheckException extends EBaseException {
     /**
      * Constructs a password checker exception.
      * <P>
+     * 
      * @param msgFormat the message format.
      * @param params list of message format parameters
      */
@@ -78,6 +82,7 @@ public class EPasswordCheckException extends EBaseException {
 
     /**
      * Retrieves bundle name.
+     * 
      * @return resource bundle name.
      */
     protected String getBundleName() {
diff --git a/pki/base/common/src/com/netscape/certsrv/password/IConfigPasswordCheck.java b/pki/base/common/src/com/netscape/certsrv/password/IConfigPasswordCheck.java
index ddf4325c..3abe5f21 100644
--- a/pki/base/common/src/com/netscape/certsrv/password/IConfigPasswordCheck.java
+++ b/pki/base/common/src/com/netscape/certsrv/password/IConfigPasswordCheck.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.password;
 
-
 /**
  * Configuration Wizard Password quality checker interface.
  * <P>
@@ -28,16 +27,18 @@ public interface IConfigPasswordCheck {
 
     /**
      * Check if the password meets the quality requirement
+     * 
      * @param pwd the given password
-     * @return true if the password meets the quality requirement; otherwise false
+     * @return true if the password meets the quality requirement; otherwise
+     *         false
      */
     public boolean isGoodConfigPassword(String pwd);
 
     /**
      * Returns a reason if the password doesnt meet the quality requirement.
+     * 
      * @param pwd the given password
      * @return a reason if the password quality requirement is not met.
      */
     public String getConfigReason(String pwd);
 }
-
diff --git a/pki/base/common/src/com/netscape/certsrv/password/IPasswordCheck.java b/pki/base/common/src/com/netscape/certsrv/password/IPasswordCheck.java
index bb84a72f..3c1530fb 100644
--- a/pki/base/common/src/com/netscape/certsrv/password/IPasswordCheck.java
+++ b/pki/base/common/src/com/netscape/certsrv/password/IPasswordCheck.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.password;
 
-
 /**
  * Password quality checker interface.
  * <P>
@@ -28,16 +27,18 @@ public interface IPasswordCheck {
 
     /**
      * Check if the password meets the quality requirement
+     * 
      * @param pwd the given password
-     * @return true if the password meets the quality requirement; otherwise false
+     * @return true if the password meets the quality requirement; otherwise
+     *         false
      */
     public boolean isGoodPassword(String pwd);
 
     /**
      * Returns a reason if the password doesnt meet the quality requirement.
+     * 
      * @param pwd the given password
      * @return a reason if the password quality requirement is not met.
      */
     public String getReason(String pwd);
 }
-
diff --git a/pki/base/common/src/com/netscape/certsrv/pattern/AttrSetCollection.java b/pki/base/common/src/com/netscape/certsrv/pattern/AttrSetCollection.java
index 22cfc232..90b39eab 100644
--- a/pki/base/common/src/com/netscape/certsrv/pattern/AttrSetCollection.java
+++ b/pki/base/common/src/com/netscape/certsrv/pattern/AttrSetCollection.java
@@ -17,15 +17,13 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.pattern;
 
-
 import java.util.Hashtable;
 
 import com.netscape.certsrv.base.IAttrSet;
 
 /**
- * This class represents a collection of attribute
- * sets.
- *
+ * This class represents a collection of attribute sets.
+ * 
  * @version $Revision$, $Date$
  */
 public class AttrSetCollection extends Hashtable<String, IAttrSet> {
@@ -44,7 +42,7 @@ public class AttrSetCollection extends Hashtable<String, IAttrSet> {
 
     /**
      * Retrieves a attribute set from this collection.
-     *
+     * 
      * @param name name of the attribute set
      * @return attribute set
      */
@@ -54,7 +52,7 @@ public class AttrSetCollection extends Hashtable<String, IAttrSet> {
 
     /**
      * Sets attribute set in this collection.
-     *
+     * 
      * @param name set of the attribute set
      * @param set attribute set
      */
diff --git a/pki/base/common/src/com/netscape/certsrv/pattern/Pattern.java b/pki/base/common/src/com/netscape/certsrv/pattern/Pattern.java
index 36cc7cb3..f90f7c6d 100644
--- a/pki/base/common/src/com/netscape/certsrv/pattern/Pattern.java
+++ b/pki/base/common/src/com/netscape/certsrv/pattern/Pattern.java
@@ -17,34 +17,30 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.pattern;
 
-
 import java.util.Enumeration;
 
 import com.netscape.certsrv.base.EBaseException;
 import com.netscape.certsrv.base.IAttrSet;
 
-
 /**
- * This is a generic pattern subtitution engine. The
- * pattern format should be:
+ * This is a generic pattern subtitution engine. The pattern format should be:
  * <p>
- *   $[attribute set key].[attribute name]$
+ * $[attribute set key].[attribute name]$
  * <p>
  * For example,
  * <p>
- *   $request.requestor_email$
- *   $ctx.user_id$
+ * $request.requestor_email$ $ctx.user_id$
  * <p>
- *
+ * 
  * @version $Revision$, $Date$
  */
 public class Pattern {
 
     private String mS = null;
-   
+
     /**
      * Constructs a pattern object with the given string.
-     *
+     * 
      * @param s string with pattern (i.e. $request.requestor_email$)
      */
     public Pattern(String s) {
@@ -53,7 +49,7 @@ public class Pattern {
 
     /**
      * Subtitutes this pattern with the given attribute set.
-     *
+     * 
      * @param key key name of the given attribute set
      * @param attrSet attribute set
      * @return substituted string
@@ -64,7 +60,7 @@ public class Pattern {
 
     /**
      * Subtitutes this pattern with the given attribute set.
-     *
+     * 
      * @param attrSetCollection attribute set collection
      * @return substituted string
      */
@@ -76,24 +72,22 @@ public class Pattern {
             String key = (String) keys.nextElement();
             Pattern p = new Pattern(temp);
 
-            temp = p.substitute(key, 
+            temp = p.substitute(key,
                         attrSetCollection.getAttrSet(key));
-			
+
         }
         return temp;
     }
 
     /**
      * Subtitutes this pattern with the given attribute set.
-     *
-	 * This is an extended version of the substitute() method.
-	 * It takes a more flexible pattern format that could have
-	 * non-token ($...$) format.  e.g.
-	 *    $request.screenname$@redhat.com
-	 * where "@redhat.com" is not in token pattern format, and will be
-	 * literally put in place. e.g.
-	 *    TomRiddle@redhat.com
-	 *
+     * 
+     * This is an extended version of the substitute() method. It takes a more
+     * flexible pattern format that could have non-token ($...$) format. e.g.
+     * $request.screenname$@redhat.com where "@redhat.com" is not in token
+     * pattern format, and will be literally put in place. e.g.
+     * TomRiddle@redhat.com
+     * 
      * @param key key name of the given attribute set
      * @param attrSet attribute set
      * @return substituted string
@@ -105,39 +99,39 @@ public class Pattern {
         int lastPos;
 
         do {
-			// from startPos to right before '$' or end of string
-			// need to be copied over
-			
+            // from startPos to right before '$' or end of string
+            // need to be copied over
+
             lastPos = mS.indexOf('$', startPos);
 
-			// if no '$', return the entire string
+            // if no '$', return the entire string
             if (lastPos == -1 && startPos == 0)
-              return mS;
+                return mS;
 
-			// no more '$' found, copy the rest of chars, done
+            // no more '$' found, copy the rest of chars, done
             if (lastPos == -1) {
-				sb.append(mS.substring(startPos)); //
-				return sb.toString(); //
-				//                continue;
-			}
+                sb.append(mS.substring(startPos)); //
+                return sb.toString(); //
+                // continue;
+            }
 
-			// found '$'
+            // found '$'
             if (startPos < lastPos) {
-                sb.append(mS.substring(startPos, lastPos));	
+                sb.append(mS.substring(startPos, lastPos));
             }
 
-			// look for the ending '$'
+            // look for the ending '$'
             int endPos = mS.indexOf('$', lastPos + 1);
             String token = mS.substring(lastPos + 1, endPos);
             int dotPos = token.indexOf('.');
 
-			// it's assuming there's always a '.'
+            // it's assuming there's always a '.'
             String attrKey = token.substring(0, dotPos);
             String attrName = token.substring(dotPos + 1);
 
             if (!key.equals(attrKey)) {
                 startPos = endPos + 1;
-                sb.append("$" + attrKey + "." + attrName + "$");	
+                sb.append("$" + attrKey + "." + attrName + "$");
                 continue;
             }
 
@@ -145,20 +139,19 @@ public class Pattern {
                 Object o = attrSet.get(attrName);
 
                 if (!(o instanceof String)) {
-                    startPos = endPos + 1;	
-					// if no such attrName, copy the token pattern over
-                    sb.append("$" + attrKey + "." + attrName + "$");	
+                    startPos = endPos + 1;
+                    // if no such attrName, copy the token pattern over
+                    sb.append("$" + attrKey + "." + attrName + "$");
                     continue;
                 }
                 String val = (String) o;
 
-                sb.append(val);	
+                sb.append(val);
             } catch (EBaseException e) {
-                sb.append("$" + attrKey + "." + attrName + "$");	
+                sb.append("$" + attrKey + "." + attrName + "$");
             }
-            startPos = endPos + 1;	
-        }
-        while (lastPos != -1);
+            startPos = endPos + 1;
+        } while (lastPos != -1);
 
         return sb.toString();
     }
diff --git a/pki/base/common/src/com/netscape/certsrv/policy/EPolicyException.java b/pki/base/common/src/com/netscape/certsrv/policy/EPolicyException.java
index c8431fcf..30c78939 100644
--- a/pki/base/common/src/com/netscape/certsrv/policy/EPolicyException.java
+++ b/pki/base/common/src/com/netscape/certsrv/policy/EPolicyException.java
@@ -17,25 +17,23 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.policy;
 
-
 import java.util.Locale;
 
 import com.netscape.certsrv.base.EBaseException;
 import com.netscape.certsrv.base.MessageFormatter;
 
-
 /**
- * This class represents Exceptions used by the policy package.
- * The policies themselves do not raise exceptions but use them
- * to format error messages.
- *
+ * This class represents Exceptions used by the policy package. The policies
+ * themselves do not raise exceptions but use them to format error messages.
+ * 
  * Adapted from EBasException
  * <P>
+ * 
  * <PRE>
  * NOTE:  The Policy Framework has been replaced by the Profile Framework.
  * </PRE>
  * <P>
- *
+ * 
  * @deprecated
  * @version $Revision$, $Date$
  * @see java.text.MessageFormat
@@ -54,7 +52,7 @@ public class EPolicyException extends EBaseException {
     /**
      * Constructs a base exception.
      * <P>
-     *
+     * 
      * @param msgFormat exception details
      */
     public EPolicyException(String msgFormat) {
@@ -64,11 +62,12 @@ public class EPolicyException extends EBaseException {
 
     /**
      * Constructs a base exception with a parameter. For example,
+     * 
      * <PRE>
-     * 		new EPolicyException("failed to load {0}", fileName);
+     * new EPolicyException(&quot;failed to load {0}&quot;, fileName);
      * </PRE>
      * <P>
-     *
+     * 
      * @param msgFormat exception details in message string format
      * @param param message string parameter
      */
@@ -81,7 +80,7 @@ public class EPolicyException extends EBaseException {
     /**
      * Constructs a base exception with two String parameters. For example,
      * <P>
-     *
+     * 
      * @param msgFormat exception details in message string format
      * @param param1 message string parameter
      * @param param2 message string parameter
@@ -94,9 +93,9 @@ public class EPolicyException extends EBaseException {
     }
 
     /**
-     * Constructs a base exception. It can be used to carry
-     * a system exception that may contain information about
-     * the context. For example,
+     * Constructs a base exception. It can be used to carry a system exception
+     * that may contain information about the context. For example,
+     * 
      * <PRE>
      * 		try {
      *  		...
@@ -105,7 +104,7 @@ public class EPolicyException extends EBaseException {
      *      }
      * </PRE>
      * <P>
-     *
+     * 
      * @param msgFormat exception details in message string format
      * @param param system exception
      */
@@ -116,10 +115,10 @@ public class EPolicyException extends EBaseException {
     }
 
     /**
-     * Constructs a base exception with a list of parameters
-     * that will be substituted into the message format.
+     * Constructs a base exception with a list of parameters that will be
+     * substituted into the message format.
      * <P>
-     *
+     * 
      * @param msgFormat exception details in message string format
      * @param params list of message format parameters
      */
@@ -131,7 +130,7 @@ public class EPolicyException extends EBaseException {
     /**
      * Returns a list of parameters.
      * <P>
-     *
+     * 
      * @return list of message format parameters
      */
     public Object[] getParameters() {
@@ -139,10 +138,10 @@ public class EPolicyException extends EBaseException {
     }
 
     /**
-     * Returns localized exception string. This method should
-     * only be called if a localized string is necessary.
+     * Returns localized exception string. This method should only be called if
+     * a localized string is necessary.
      * <P>
-     *
+     * 
      * @return details message
      */
     public String toString() {
@@ -152,7 +151,7 @@ public class EPolicyException extends EBaseException {
     /**
      * Returns the string based on the given locale.
      * <P>
-     *
+     * 
      * @param locale locale
      * @return details message
      */
diff --git a/pki/base/common/src/com/netscape/certsrv/policy/IEnrollmentPolicy.java b/pki/base/common/src/com/netscape/certsrv/policy/IEnrollmentPolicy.java
index bfd0e7c2..04de3434 100644
--- a/pki/base/common/src/com/netscape/certsrv/policy/IEnrollmentPolicy.java
+++ b/pki/base/common/src/com/netscape/certsrv/policy/IEnrollmentPolicy.java
@@ -17,20 +17,18 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.policy;
 
-
 /**
- * Interface for an enrollment policy rule. This provides general
- * typing for rules so that a policy processor can group rules
- * based on a particular type.
+ * Interface for an enrollment policy rule. This provides general typing for
+ * rules so that a policy processor can group rules based on a particular type.
  * <P>
+ * 
  * <PRE>
  * NOTE:  The Policy Framework has been replaced by the Profile Framework.
  * </PRE>
  * <P>
- *
+ * 
  * @deprecated
  * @version $Revision$, $Date$
  */
 public interface IEnrollmentPolicy extends IPolicyRule {
 }
-
diff --git a/pki/base/common/src/com/netscape/certsrv/policy/IExpression.java b/pki/base/common/src/com/netscape/certsrv/policy/IExpression.java
index 6bed58c5..4075e868 100644
--- a/pki/base/common/src/com/netscape/certsrv/policy/IExpression.java
+++ b/pki/base/common/src/com/netscape/certsrv/policy/IExpression.java
@@ -17,18 +17,17 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.policy;
 
-
 import com.netscape.certsrv.request.IRequest;
 
-
 /**
  * Interface for a policy expression.
  * <P>
+ * 
  * <PRE>
  * NOTE:  The Policy Framework has been replaced by the Profile Framework.
  * </PRE>
  * <P>
- *
+ * 
  * @deprecated
  * @version $Revision$, $Date$
  */
@@ -48,12 +47,12 @@ public interface IExpression {
 
     /**
      * Evaluate the Expression.
-     *
-     * @param req	The PKIRequest on which we are applying the condition.
-     * @return 		The return value.
+     * 
+     * @param req The PKIRequest on which we are applying the condition.
+     * @return The return value.
      */
     boolean evaluate(IRequest req)
-        throws EPolicyException;
+            throws EPolicyException;
 
     /**
      * Convert to a string.
diff --git a/pki/base/common/src/com/netscape/certsrv/policy/IGeneralNameAsConstraintsConfig.java b/pki/base/common/src/com/netscape/certsrv/policy/IGeneralNameAsConstraintsConfig.java
index 757780d3..7746bfd9 100644
--- a/pki/base/common/src/com/netscape/certsrv/policy/IGeneralNameAsConstraintsConfig.java
+++ b/pki/base/common/src/com/netscape/certsrv/policy/IGeneralNameAsConstraintsConfig.java
@@ -17,21 +17,20 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.policy;
 
-
 import java.util.Vector;
 
 import netscape.security.x509.GeneralName;
 
-
-/** 
- * Class that can be used to form general names from configuration file. 
- * Used by policies and extension commands.  
+/**
+ * Class that can be used to form general names from configuration file. Used by
+ * policies and extension commands.
  * <P>
+ * 
  * <PRE>
  * NOTE:  The Policy Framework has been replaced by the Profile Framework.
  * </PRE>
  * <P>
- *
+ * 
  * @deprecated
  * @version $Revision$, $Date$
  */
@@ -39,14 +38,14 @@ public interface IGeneralNameAsConstraintsConfig {
 
     /**
      * Retrieves instance parameters.
-     *
+     * 
      * @param params parameters
      */
     public void getInstanceParams(Vector<String> params);
 
     /**
      * Retrieves the general name.
-     *
+     * 
      * @return general name
      */
     public GeneralName getGeneralName();
diff --git a/pki/base/common/src/com/netscape/certsrv/policy/IGeneralNameConfig.java b/pki/base/common/src/com/netscape/certsrv/policy/IGeneralNameConfig.java
index 953bb41e..bc61e922 100644
--- a/pki/base/common/src/com/netscape/certsrv/policy/IGeneralNameConfig.java
+++ b/pki/base/common/src/com/netscape/certsrv/policy/IGeneralNameConfig.java
@@ -17,23 +17,22 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.policy;
 
-
 import java.util.Vector;
 
 import netscape.security.x509.GeneralName;
 
 import com.netscape.certsrv.base.EBaseException;
 
-
-/** 
- * Class that can be used to form general names from configuration file. 
- * Used by policies and extension commands.  
+/**
+ * Class that can be used to form general names from configuration file. Used by
+ * policies and extension commands.
  * <P>
+ * 
  * <PRE>
  * NOTE:  The Policy Framework has been replaced by the Profile Framework.
  * </PRE>
  * <P>
- *
+ * 
  * @deprecated
  * @version $Revision$, $Date$
  */
@@ -41,27 +40,27 @@ public interface IGeneralNameConfig {
 
     /**
      * Forms a general name from string.
-     *
+     * 
      * @param value general name in string
      * @return general name object
      * @exception EBaseException failed to form general name
      */
-    public GeneralName formGeneralName(String value) 
-        throws EBaseException;
+    public GeneralName formGeneralName(String value)
+            throws EBaseException;
 
     /**
      * Forms general names from the given value.
-     *
+     * 
      * @param value general name in string
      * @return a vector of general names
      * @exception EBaseException failed to form general name
      */
     public Vector<GeneralName> formGeneralNames(Object value)
-        throws EBaseException;
+            throws EBaseException;
 
     /**
      * Retrieves the instance parameters.
-     *
+     * 
      * @param params parameters
      */
     public void getInstanceParams(Vector<String> params);
diff --git a/pki/base/common/src/com/netscape/certsrv/policy/IGeneralNameUtil.java b/pki/base/common/src/com/netscape/certsrv/policy/IGeneralNameUtil.java
index c1526284..e4218832 100644
--- a/pki/base/common/src/com/netscape/certsrv/policy/IGeneralNameUtil.java
+++ b/pki/base/common/src/com/netscape/certsrv/policy/IGeneralNameUtil.java
@@ -17,16 +17,16 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.policy;
 
-
-/** 
- * Class that can be used to form general names from configuration file. 
- * Used by policies and extension commands.
+/**
+ * Class that can be used to form general names from configuration file. Used by
+ * policies and extension commands.
  * <P>
+ * 
  * <PRE>
  * NOTE:  The Policy Framework has been replaced by the Profile Framework.
  * </PRE>
  * <P>
- *
+ * 
  * @deprecated
  * @version $Revision$, $Date$
  */
@@ -51,30 +51,26 @@ public interface IGeneralNameUtil {
      */
     public static final int DEF_NUM_GENERALNAMES = 8;
 
-    /** 
+    /**
      * Default extended plugin info.
      */
-    public static String 
-        NUM_GENERALNAMES_INFO = "number;The total number of alternative names or identities permitted in the extension.";
-    public static String GENNAME_CHOICE_INFO = 
-        "choice(" +
-        IGeneralNameUtil.GENNAME_CHOICE_RFC822NAME + "," +
-        IGeneralNameUtil.GENNAME_CHOICE_DIRECTORYNAME + "," +
-        IGeneralNameUtil.GENNAME_CHOICE_DNSNAME + "," +
-        IGeneralNameUtil.GENNAME_CHOICE_EDIPARTYNAME + "," +
-        IGeneralNameUtil.GENNAME_CHOICE_URL + "," +
-        IGeneralNameUtil.GENNAME_CHOICE_IPADDRESS + "," +
-        IGeneralNameUtil.GENNAME_CHOICE_REGISTEREDID + "," +
-        IGeneralNameUtil.GENNAME_CHOICE_OTHERNAME + ");" +
-        "GeneralName choice. See RFC 2459 appendix B2 on GeneralName.";
-    public static String GENNAME_VALUE_INFO = 
-        "string;Value according to the GeneralName choice.";
+    public static String NUM_GENERALNAMES_INFO = "number;The total number of alternative names or identities permitted in the extension.";
+    public static String GENNAME_CHOICE_INFO =
+            "choice(" +
+                    IGeneralNameUtil.GENNAME_CHOICE_RFC822NAME + "," +
+                    IGeneralNameUtil.GENNAME_CHOICE_DIRECTORYNAME + "," +
+                    IGeneralNameUtil.GENNAME_CHOICE_DNSNAME + "," +
+                    IGeneralNameUtil.GENNAME_CHOICE_EDIPARTYNAME + "," +
+                    IGeneralNameUtil.GENNAME_CHOICE_URL + "," +
+                    IGeneralNameUtil.GENNAME_CHOICE_IPADDRESS + "," +
+                    IGeneralNameUtil.GENNAME_CHOICE_REGISTEREDID + "," +
+                    IGeneralNameUtil.GENNAME_CHOICE_OTHERNAME + ");" +
+                    "GeneralName choice. See RFC 2459 appendix B2 on GeneralName.";
+    public static String GENNAME_VALUE_INFO =
+            "string;Value according to the GeneralName choice.";
 
-    public static String 
-        PROP_NUM_GENERALNAMES_INFO = PROP_NUM_GENERALNAMES + ";" + NUM_GENERALNAMES_INFO;
-    public static String 
-        PROP_GENNAME_CHOICE_INFO = PROP_GENNAME_CHOICE + ";" + GENNAME_CHOICE_INFO;
-    public static String 
-        PROP_GENNAME_VALUE_INFO = PROP_GENNAME_VALUE + ";" + GENNAME_VALUE_INFO;
+    public static String PROP_NUM_GENERALNAMES_INFO = PROP_NUM_GENERALNAMES + ";" + NUM_GENERALNAMES_INFO;
+    public static String PROP_GENNAME_CHOICE_INFO = PROP_GENNAME_CHOICE + ";" + GENNAME_CHOICE_INFO;
+    public static String PROP_GENNAME_VALUE_INFO = PROP_GENNAME_VALUE + ";" + GENNAME_VALUE_INFO;
 
 }
diff --git a/pki/base/common/src/com/netscape/certsrv/policy/IGeneralNamesAsConstraintsConfig.java b/pki/base/common/src/com/netscape/certsrv/policy/IGeneralNamesAsConstraintsConfig.java
index c461efd3..86447642 100644
--- a/pki/base/common/src/com/netscape/certsrv/policy/IGeneralNamesAsConstraintsConfig.java
+++ b/pki/base/common/src/com/netscape/certsrv/policy/IGeneralNamesAsConstraintsConfig.java
@@ -17,21 +17,20 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.policy;
 
-
 import java.util.Vector;
 
 import netscape.security.x509.GeneralNames;
 
-
-/** 
- * Class that can be used to form general names from configuration file. 
- * Used by policies and extension commands.
+/**
+ * Class that can be used to form general names from configuration file. Used by
+ * policies and extension commands.
  * <P>
+ * 
  * <PRE>
  * NOTE:  The Policy Framework has been replaced by the Profile Framework.
  * </PRE>
  * <P>
- *
+ * 
  * @deprecated
  * @version $Revision$, $Date$
  */
@@ -39,14 +38,14 @@ public interface IGeneralNamesAsConstraintsConfig {
 
     /**
      * Retrieves a list of configured general names.
-     *
+     * 
      * @return a list of general names
      */
     public GeneralNames getGeneralNames();
 
     /**
      * Retrieves instance parameters.
-     *
+     * 
      * @param params instance parameters
      */
     public void getInstanceParams(Vector<String> params);
diff --git a/pki/base/common/src/com/netscape/certsrv/policy/IGeneralNamesConfig.java b/pki/base/common/src/com/netscape/certsrv/policy/IGeneralNamesConfig.java
index 4c2330df..9b564ee7 100644
--- a/pki/base/common/src/com/netscape/certsrv/policy/IGeneralNamesConfig.java
+++ b/pki/base/common/src/com/netscape/certsrv/policy/IGeneralNamesConfig.java
@@ -17,21 +17,20 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.policy;
 
-
 import java.util.Vector;
 
 import netscape.security.x509.GeneralNames;
 
-
-/** 
- * Class that can be used to form general names from configuration file. 
- * Used by policies and extension commands.
+/**
+ * Class that can be used to form general names from configuration file. Used by
+ * policies and extension commands.
  * <P>
+ * 
  * <PRE>
  * NOTE:  The Policy Framework has been replaced by the Profile Framework.
  * </PRE>
  * <P>
- *
+ * 
  * @deprecated
  * @version $Revision$, $Date$
  */
@@ -39,14 +38,14 @@ public interface IGeneralNamesConfig {
 
     /**
      * Retrieves a list of configured general names.
-     *
+     * 
      * @return general names
      */
     public GeneralNames getGeneralNames();
 
     /**
      * Retrieves the instance parameters.
-     *
+     * 
      * @param params instance parameters
      */
     public void getInstanceParams(Vector<String> params);
diff --git a/pki/base/common/src/com/netscape/certsrv/policy/IKeyArchivalPolicy.java b/pki/base/common/src/com/netscape/certsrv/policy/IKeyArchivalPolicy.java
index 13ba5f61..14a29256 100644
--- a/pki/base/common/src/com/netscape/certsrv/policy/IKeyArchivalPolicy.java
+++ b/pki/base/common/src/com/netscape/certsrv/policy/IKeyArchivalPolicy.java
@@ -17,18 +17,17 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.policy;
 
-
 /**
  * Interface for a key recovery policy rule.
  * <P>
+ * 
  * <PRE>
  * NOTE:  The Policy Framework has been replaced by the Profile Framework.
  * </PRE>
  * <P>
- *
+ * 
  * @deprecated
  * @version $Revision$, $Date$
  */
 public interface IKeyArchivalPolicy extends IPolicyRule {
 }
-
diff --git a/pki/base/common/src/com/netscape/certsrv/policy/IKeyRecoveryPolicy.java b/pki/base/common/src/com/netscape/certsrv/policy/IKeyRecoveryPolicy.java
index 1d173f28..6de61567 100644
--- a/pki/base/common/src/com/netscape/certsrv/policy/IKeyRecoveryPolicy.java
+++ b/pki/base/common/src/com/netscape/certsrv/policy/IKeyRecoveryPolicy.java
@@ -17,18 +17,17 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.policy;
 
-
 /**
  * Interface for a key recovery policy rule.
  * <P>
+ * 
  * <PRE>
  * NOTE:  The Policy Framework has been replaced by the Profile Framework.
  * </PRE>
  * <P>
- *
+ * 
  * @deprecated
  * @version $Revision$, $Date$
  */
 public interface IKeyRecoveryPolicy extends IPolicyRule {
 }
-
diff --git a/pki/base/common/src/com/netscape/certsrv/policy/IPolicyPredicateParser.java b/pki/base/common/src/com/netscape/certsrv/policy/IPolicyPredicateParser.java
index 7b5f4465..0992beae 100644
--- a/pki/base/common/src/com/netscape/certsrv/policy/IPolicyPredicateParser.java
+++ b/pki/base/common/src/com/netscape/certsrv/policy/IPolicyPredicateParser.java
@@ -17,15 +17,15 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.policy;
 
-
 /**
  * Interface for policy predicate parsers.
  * <P>
+ * 
  * <PRE>
  * NOTE:  The Policy Framework has been replaced by the Profile Framework.
  * </PRE>
  * <P>
- *
+ * 
  * @deprecated
  * @version $Revision$, $Date$
  */
@@ -33,11 +33,11 @@ public interface IPolicyPredicateParser {
 
     /**
      * Parse the predicate expression and return a vector of expressions.
-     *
-     * @param predicateExpression	The predicate expression as read from the
-     *		config file.
-     * @return expVector	The vector of expressions.
+     * 
+     * @param predicateExpression The predicate expression as read from the
+     *            config file.
+     * @return expVector The vector of expressions.
      */
     IExpression parse(String predicateExpression)
-        throws EPolicyException;
+            throws EPolicyException;
 }
diff --git a/pki/base/common/src/com/netscape/certsrv/policy/IPolicyProcessor.java b/pki/base/common/src/com/netscape/certsrv/policy/IPolicyProcessor.java
index 09f2415a..d6cd7184 100644
--- a/pki/base/common/src/com/netscape/certsrv/policy/IPolicyProcessor.java
+++ b/pki/base/common/src/com/netscape/certsrv/policy/IPolicyProcessor.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.policy;
 
-
 import java.util.Enumeration;
 import java.util.Hashtable;
 import java.util.Vector;
@@ -25,22 +24,22 @@ import java.util.Vector;
 import com.netscape.certsrv.base.EBaseException;
 import com.netscape.certsrv.base.ISubsystem;
 
-
 /**
- * A generic interface for a policy processor. By making a processor
- * extend the policy interface, we make even the processor a rule -
- * which makes sense because a processor may be based on some rule
- * such as evaluate all policies before returning the final result or
- * return as soon as one of the policies return a failure and so on.
- *
- * By making both processor and policy rules implement a common
- * interface, one can write rules that are processors as well.
+ * A generic interface for a policy processor. By making a processor extend the
+ * policy interface, we make even the processor a rule - which makes sense
+ * because a processor may be based on some rule such as evaluate all policies
+ * before returning the final result or return as soon as one of the policies
+ * return a failure and so on.
+ * 
+ * By making both processor and policy rules implement a common interface, one
+ * can write rules that are processors as well.
  * <P>
+ * 
  * <PRE>
  * NOTE:  The Policy Framework has been replaced by the Profile Framework.
  * </PRE>
  * <P>
- *
+ * 
  * @deprecated
  * @version $Revision$, $Date$
  */
@@ -61,42 +60,40 @@ public interface IPolicyProcessor extends ISubsystem,
 
     /**
      * Returns the policy substore id.
-     *
-     * @return storeID	The policy store id used by this processor.
+     * 
+     * @return storeID The policy store id used by this processor.
      */
     String getPolicySubstoreId();
 
     /**
      * Returns information on Policy impls.
-     *
-     * @return An enumeration of strings describing the information
-     * 		   about policy implementations. Currently only the
-     *		   the implementation id is expected.
+     * 
+     * @return An enumeration of strings describing the information about policy
+     *         implementations. Currently only the the implementation id is
+     *         expected.
      */
     Enumeration<String> getPolicyImplsInfo();
 
     /**
      * Returns the rule implementations registered with this processor.
-     *
-     * @return An Enumeration of uninitialized IPolicyRule 
-     *					objects.
+     * 
+     * @return An Enumeration of uninitialized IPolicyRule objects.
      */
     Enumeration<IPolicyRule> getPolicyImpls();
 
     /**
      * Returns an implementation identified by a given id.
-     *
-     * @param id		The implementation id.
+     * 
+     * @param id The implementation id.
      * @return The uninitialized instance of the policy rule.
      */
     IPolicyRule getPolicyImpl(String id);
 
     /**
-     * Returns configuration for an implmentation. 
-     *
-     * @param id		The implementation id.
-     * @return A vector of name/value pairs in the form of
-     *	name=value.
+     * Returns configuration for an implmentation.
+     * 
+     * @param id The implementation id.
+     * @return A vector of name/value pairs in the form of name=value.
      */
     Vector<String> getPolicyImplConfig(String id);
 
@@ -104,53 +101,50 @@ public interface IPolicyProcessor extends ISubsystem,
      * Deletes a policy implementation identified by an impl id.
      * 
      * 
-     * @param id	The impl id of the policy to be deleted.
-     *				There shouldn't be any active instance for this 
-     *				implementation.
+     * @param id The impl id of the policy to be deleted. There shouldn't be any
+     *            active instance for this implementation.
      * @exception EBaseException is thrown if an error occurs in deletion.
      */
     void deletePolicyImpl(String id)
-        throws EBaseException;
+            throws EBaseException;
 
     /**
      * Adds a policy implementation identified by an impl id.
      * 
-     * @param id			The impl id of the policy to be added.
-     *						The id should be unique.
-     * @param classPath 	The fully qualified path for the implementation. 
+     * @param id The impl id of the policy to be added. The id should be unique.
+     * @param classPath The fully qualified path for the implementation.
      * @exception EBaseException is thrown if an error occurs in addition.
      */
     void addPolicyImpl(String id, String classPath)
-        throws EBaseException;
+            throws EBaseException;
 
     /**
      * Returns information on Policy instances.
-     *
-     * @return An Enumeration of Strings describing the information 
-     *			about policy rule instances.
+     * 
+     * @return An Enumeration of Strings describing the information about policy
+     *         rule instances.
      */
     Enumeration<String> getPolicyInstancesInfo();
 
     /**
      * Returns policy instances registered with this processor.
-     *
+     * 
      * @return An Enumeration of policy instances.
      */
-    Enumeration<IPolicyRule>  getPolicyInstances();
+    Enumeration<IPolicyRule> getPolicyInstances();
 
     /**
      * Returns instance configuration for a given instance id.
-     *
-     * @param id		The rule id.
-     * @return A vector of name/value pairs in the form of
-     *	name=value.
+     * 
+     * @param id The rule id.
+     * @return A vector of name/value pairs in the form of name=value.
      */
-    Vector<String>  getPolicyInstanceConfig(String id);
+    Vector<String> getPolicyInstanceConfig(String id);
 
     /**
      * Returns instance configuration for a given instance id.
-     *
-     * @param id		The rule id.
+     * 
+     * @param id The rule id.
      * @return the policy instance identified by the id.
      */
     IPolicyRule getPolicyInstance(String id);
@@ -158,41 +152,39 @@ public interface IPolicyProcessor extends ISubsystem,
     /**
      * Deletes a policy instance identified by an instance id.
      * 
-     * @param id	The instance id of the policy to be deleted.
+     * @param id The instance id of the policy to be deleted.
      * @exception EBaseException is thrown if an error occurs in deletion.
      */
     void deletePolicyInstance(String id)
-        throws EBaseException;
+            throws EBaseException;
 
     /**
-     * Adds a policy instance 
+     * Adds a policy instance
      * 
-     * @param id			The impl id of the policy to be added.
-     *						The id should be unique.
+     * @param id The impl id of the policy to be added. The id should be unique.
      * @param ht a Hashtable of config params.
      * @exception EBaseException is thrown if an error occurs in addition.
      */
     void addPolicyInstance(String id, Hashtable<String, String> ht)
-        throws EBaseException;
+            throws EBaseException;
 
     /**
-     * Modifies a policy instance 
+     * Modifies a policy instance
      * 
-     * @param id			The impl id of the policy to be modified.
-     *						The policy instance with this id should be present.
+     * @param id The impl id of the policy to be modified. The policy instance
+     *            with this id should be present.
      * @param ht a Hashtable of config params.
      * @exception EBaseException is thrown if an error occurs in addition.
      */
     void modifyPolicyInstance(String id, Hashtable<String, String> ht)
-        throws EBaseException;
+            throws EBaseException;
 
     /**
      * Modifies policy ordering.
-     *
+     * 
      * @param policyOrderStr The comma separated list of instance ids.
-     *
+     * 
      */
     void changePolicyInstanceOrdering(String policyOrderStr)
-        throws EBaseException;
+            throws EBaseException;
 }
-
diff --git a/pki/base/common/src/com/netscape/certsrv/policy/IPolicyRule.java b/pki/base/common/src/com/netscape/certsrv/policy/IPolicyRule.java
index 0babd48a..65b6f661 100644
--- a/pki/base/common/src/com/netscape/certsrv/policy/IPolicyRule.java
+++ b/pki/base/common/src/com/netscape/certsrv/policy/IPolicyRule.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.policy;
 
-
 import java.util.Vector;
 
 import com.netscape.certsrv.base.EBaseException;
@@ -26,20 +25,20 @@ import com.netscape.certsrv.base.ISubsystem;
 import com.netscape.certsrv.request.IRequest;
 import com.netscape.certsrv.request.PolicyResult;
 
-
 /**
  * Interface for a policy rule.
  * <P>
+ * 
  * <PRE>
  * NOTE:  The Policy Framework has been replaced by the Profile Framework.
  * </PRE>
  * <P>
- *
+ * 
  * @deprecated
  * @version $Revision$, $Date$
  */
 public interface IPolicyRule
-    extends com.netscape.certsrv.request.IPolicy {
+        extends com.netscape.certsrv.request.IPolicy {
     public static final String PROP_ENABLE = "enable";
     public static final String PROP_PREDICATE = "predicate";
     public static final String PROP_IMPLNAME = "implName";
@@ -47,15 +46,16 @@ public interface IPolicyRule
     /**
      * Initializes the policy rule.
      * <P>
-     *
+     * 
      * @param config The config store reference
      */
     void init(ISubsystem owner, IConfigStore config)
-        throws EBaseException;
+            throws EBaseException;
 
     /**
      * Gets the description for this policy rule.
      * <P>
+     * 
      * @return The Description for this rule.
      */
     String getDescription();
@@ -63,7 +63,7 @@ public interface IPolicyRule
     /**
      * Returns the name of the policy rule class.
      * <P>
-     *
+     * 
      * @return The name of the policy class.
      */
     String getName();
@@ -71,54 +71,54 @@ public interface IPolicyRule
     /**
      * Returns the name of the policy rule instance.
      * <P>
-     *
-     * @return The name of the policy rule instance. If none
-     * 	is set the name of the implementation will be returned.
-     * 	
+     * 
+     * @return The name of the policy rule instance. If none is set the name of
+     *         the implementation will be returned.
+     * 
      */
     String getInstanceName();
 
     /**
      * Sets a predicate expression for rule matching.
      * <P>
-     *
-     * @param exp	The predicate expression for the rule.
+     * 
+     * @param exp The predicate expression for the rule.
      */
     void setPredicate(IExpression exp);
 
     /**
      * Returns the predicate expression for the rule.
      * <P>
-     *
+     * 
      * @return The predicate expression for the rule.
      */
     IExpression getPredicate();
 
     /**
-     * Applies the policy on the given Request. This may modify
-     * the request appropriately.
+     * Applies the policy on the given Request. This may modify the request
+     * appropriately.
      * <P>
-     *
-     * @param req	The request on which to apply policy.
+     * 
+     * @param req The request on which to apply policy.
      * @return The PolicyResult object.
      */
     PolicyResult apply(IRequest req);
 
     /**
      * Return configured parameters for a policy rule instance.
-     *
-     * @return nvPairs A Vector of name/value pairs. Each name/value
-     *				pair is constructed as a String in name=value format.
+     * 
+     * @return nvPairs A Vector of name/value pairs. Each name/value pair is
+     *         constructed as a String in name=value format.
      */
     public Vector<String> getInstanceParams();
 
     /**
      * Return default parameters for a policy implementation.
-     *
-     * @return nvPairs A Vector of name/value pairs. Each name/value
-     *		  		pair is constructed as a String in name=value.
+     * 
+     * @return nvPairs A Vector of name/value pairs. Each name/value pair is
+     *         constructed as a String in name=value.
      */
-    public Vector<String>  getDefaultParams();
+    public Vector<String> getDefaultParams();
 
     public void setError(IRequest req, String format, Object[] params);
 
@@ -126,4 +126,3 @@ public interface IPolicyRule
 
     public void setPolicyException(IRequest req, EBaseException ex);
 }
-
diff --git a/pki/base/common/src/com/netscape/certsrv/policy/IPolicySet.java b/pki/base/common/src/com/netscape/certsrv/policy/IPolicySet.java
index dd5a36bc..d60baa25 100644
--- a/pki/base/common/src/com/netscape/certsrv/policy/IPolicySet.java
+++ b/pki/base/common/src/com/netscape/certsrv/policy/IPolicySet.java
@@ -17,28 +17,27 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.policy;
 
-
 import java.util.Enumeration;
 
 import com.netscape.certsrv.request.IRequest;
 import com.netscape.certsrv.request.PolicyResult;
 
-
 /**
- * Represents a set of policy rules. Policy rules are ordered from
- * lowest priority to highest priority. The priority assignment for rules
- * is not enforced by this interface. Various implementation may
- * use different mechanisms such as a linear ordering of rules
- * in a configuration file or explicit assignment of priority levels ..etc.
- * The policy system initialization needs to deal with reading the rules, sorting
- * them in increasing order of priority and presenting an ordered vector of rules
- * via the IPolicySet interface.
+ * Represents a set of policy rules. Policy rules are ordered from lowest
+ * priority to highest priority. The priority assignment for rules is not
+ * enforced by this interface. Various implementation may use different
+ * mechanisms such as a linear ordering of rules in a configuration file or
+ * explicit assignment of priority levels ..etc. The policy system
+ * initialization needs to deal with reading the rules, sorting them in
+ * increasing order of priority and presenting an ordered vector of rules via
+ * the IPolicySet interface.
  * <P>
+ * 
  * <PRE>
  * NOTE:  The Policy Framework has been replaced by the Profile Framework.
  * </PRE>
  * <P>
- *
+ * 
  * @deprecated
  * @version $Revision$, $Date$
  */
@@ -47,7 +46,7 @@ public interface IPolicySet {
     /**
      * Returns the name of the rule set.
      * <P>
-     *
+     * 
      * @return The name of the rule set.
      */
     String getName();
@@ -55,6 +54,7 @@ public interface IPolicySet {
     /**
      * Returns the no of rules in a set.
      * <P>
+     * 
      * @return the no of rules.
      */
     int count();
@@ -62,24 +62,24 @@ public interface IPolicySet {
     /**
      * Add a policy rule.
      * <P>
-     *
+     * 
      * @param ruleName The name of the rule to be added.
-     * @param rule  The rule to be added.
+     * @param rule The rule to be added.
      */
     void addRule(String ruleName, IPolicyRule rule);
 
     /**
      * Removes a policy rule identified by the given name.
-     *
-     * @param ruleName  The name of the rule to be removed.
+     * 
+     * @param ruleName The name of the rule to be removed.
      */
     void removeRule(String ruleName);
 
     /**
      * Returns the rule identified by a given name.
      * <P>
-     *
-     * @param ruleName  The name of the rule to be return.
+     * 
+     * @param ruleName The name of the rule to be return.
      * @return The rule identified by the given name or null if none exists.
      */
     IPolicyRule getRule(String ruleName);
@@ -87,20 +87,19 @@ public interface IPolicySet {
     /**
      * Returns an enumeration of rules.
      * <P>
-     *
+     * 
      * @return An enumeration of rules.
      */
     Enumeration<IPolicyRule> getRules();
 
     /**
-     * Apply policy rules on a request. This call may modify
-     * the request content.
-     *
-     * @param req   The request to apply policies on.
-     *
-     * <P>
+     * Apply policy rules on a request. This call may modify the request
+     * content.
+     * 
+     * @param req The request to apply policies on.
+     * 
+     *            <P>
      * @return The policy result.
      */
     PolicyResult apply(IRequest req);
 }
-
diff --git a/pki/base/common/src/com/netscape/certsrv/policy/IRenewalPolicy.java b/pki/base/common/src/com/netscape/certsrv/policy/IRenewalPolicy.java
index 7bf2026e..28f56fe7 100644
--- a/pki/base/common/src/com/netscape/certsrv/policy/IRenewalPolicy.java
+++ b/pki/base/common/src/com/netscape/certsrv/policy/IRenewalPolicy.java
@@ -17,18 +17,17 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.policy;
 
-
 /**
  * Interface for a renewal policy rule.
  * <P>
+ * 
  * <PRE>
  * NOTE:  The Policy Framework has been replaced by the Profile Framework.
  * </PRE>
  * <P>
- *
+ * 
  * @deprecated
  * @version $Revision$, $Date$
  */
 public interface IRenewalPolicy extends IPolicyRule {
 }
-
diff --git a/pki/base/common/src/com/netscape/certsrv/policy/IRevocationPolicy.java b/pki/base/common/src/com/netscape/certsrv/policy/IRevocationPolicy.java
index e0ecfb16..7e6084c7 100644
--- a/pki/base/common/src/com/netscape/certsrv/policy/IRevocationPolicy.java
+++ b/pki/base/common/src/com/netscape/certsrv/policy/IRevocationPolicy.java
@@ -17,18 +17,17 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.policy;
 
-
 /**
  * Interface for a revocation policy rule.
  * <P>
+ * 
  * <PRE>
  * NOTE:  The Policy Framework has been replaced by the Profile Framework.
  * </PRE>
  * <P>
- *
+ * 
  * @deprecated
  * @version $Revision$, $Date$
  */
 public interface IRevocationPolicy extends IPolicyRule {
 }
-
diff --git a/pki/base/common/src/com/netscape/certsrv/policy/ISubjAltNameConfig.java b/pki/base/common/src/com/netscape/certsrv/policy/ISubjAltNameConfig.java
index 75df22de..388bd405 100644
--- a/pki/base/common/src/com/netscape/certsrv/policy/ISubjAltNameConfig.java
+++ b/pki/base/common/src/com/netscape/certsrv/policy/ISubjAltNameConfig.java
@@ -17,18 +17,16 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.policy;
 
-
-
-
-/** 
- * Class that can be used to form general names from configuration file. 
- * Used by policies and extension commands.
+/**
+ * Class that can be used to form general names from configuration file. Used by
+ * policies and extension commands.
  * <P>
+ * 
  * <PRE>
  * NOTE:  The Policy Framework has been replaced by the Profile Framework.
  * </PRE>
  * <P>
- *
+ * 
  * @deprecated
  * @version $Revision$, $Date$
  */
@@ -36,14 +34,14 @@ public interface ISubjAltNameConfig extends IGeneralNameConfig {
 
     /**
      * Retrieves configuration prefix.
-     *
+     * 
      * @return prefix
      */
     public String getPfx();
 
     /**
      * Retrieves configuration attribute.
-     *
+     * 
      * @return attribute
      */
     public String getAttr();
diff --git a/pki/base/common/src/com/netscape/certsrv/policy/PolicyResources.java b/pki/base/common/src/com/netscape/certsrv/policy/PolicyResources.java
index c8bcec2c..d330b719 100644
--- a/pki/base/common/src/com/netscape/certsrv/policy/PolicyResources.java
+++ b/pki/base/common/src/com/netscape/certsrv/policy/PolicyResources.java
@@ -17,18 +17,17 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.policy;
 
-
 import java.util.ListResourceBundle;
 
-
 /**
  * Error messages for Policies.
  * <P>
+ * 
  * <PRE>
  * NOTE:  The Policy Framework has been replaced by the Profile Framework.
  * </PRE>
  * <P>
- *
+ * 
  * @deprecated
  * @version $Revision$, $Date$
  * @see java.util.ListResourceBundle
diff --git a/pki/base/common/src/com/netscape/certsrv/profile/CertInfoProfile.java b/pki/base/common/src/com/netscape/certsrv/profile/CertInfoProfile.java
index 75f134c2..5c192e9c 100644
--- a/pki/base/common/src/com/netscape/certsrv/profile/CertInfoProfile.java
+++ b/pki/base/common/src/com/netscape/certsrv/profile/CertInfoProfile.java
@@ -26,8 +26,7 @@ import netscape.security.x509.X509CertInfo;
 import com.netscape.certsrv.apps.CMS;
 import com.netscape.certsrv.base.IConfigStore;
 
-public class CertInfoProfile 
-{
+public class CertInfoProfile {
     private Vector<ICertInfoPolicyDefault> mDefaults = new Vector<ICertInfoPolicyDefault>();
     private String mName = null;
     private String mID = null;
@@ -35,8 +34,7 @@ public class CertInfoProfile
     private String mProfileIDMapping = null;
     private String mProfileSetIDMapping = null;
 
-    public CertInfoProfile(String cfg) throws Exception
-    {
+    public CertInfoProfile(String cfg) throws Exception {
         IConfigStore config = CMS.createFileConfigStore(cfg);
         mID = config.getString("id");
         mName = config.getString("name");
@@ -45,67 +43,60 @@ public class CertInfoProfile
         mProfileSetIDMapping = config.getString("profileSetIDMapping");
         StringTokenizer st = new StringTokenizer(config.getString("list"), ",");
         while (st.hasMoreTokens()) {
-            String id = (String)st.nextToken();
+            String id = (String) st.nextToken();
             String c = config.getString(id + ".default.class");
             try {
-              /* load defaults */
-              ICertInfoPolicyDefault def = (ICertInfoPolicyDefault)
-                 Class.forName(c).newInstance();
-              init(config.getSubStore(id + ".default"), def);
-              mDefaults.addElement(def);
+                /* load defaults */
+                ICertInfoPolicyDefault def = (ICertInfoPolicyDefault)
+                        Class.forName(c).newInstance();
+                init(config.getSubStore(id + ".default"), def);
+                mDefaults.addElement(def);
             } catch (Exception e) {
-              CMS.debug("CertInfoProfile: " + e.toString());
+                CMS.debug("CertInfoProfile: " + e.toString());
             }
         }
     }
 
     private void init(IConfigStore config, ICertInfoPolicyDefault def)
-           throws Exception
-    {
-      try {
-        def.init(null, config);
-      } catch (Exception e) {
-        CMS.debug("CertInfoProfile.init: " + e.toString());
-      }
+            throws Exception {
+        try {
+            def.init(null, config);
+        } catch (Exception e) {
+            CMS.debug("CertInfoProfile.init: " + e.toString());
+        }
     }
 
-    public String getID()
-    {
+    public String getID() {
         return mID;
     }
 
-    public String getName()
-    {
+    public String getName() {
         return mName;
     }
 
-    public String getDescription()
-    {
+    public String getDescription() {
         return mDescription;
     }
 
-    public String getProfileIDMapping()
-    {
+    public String getProfileIDMapping() {
         return mProfileIDMapping;
     }
 
-    public String getProfileSetIDMapping()
-    {
+    public String getProfileSetIDMapping() {
         return mProfileSetIDMapping;
     }
 
-    public void populate(X509CertInfo info)
-    {
+    public void populate(X509CertInfo info) {
         Enumeration<ICertInfoPolicyDefault> e1 = mDefaults.elements();
         while (e1.hasMoreElements()) {
-          ICertInfoPolicyDefault def = 
-               (ICertInfoPolicyDefault)e1.nextElement();
-          try {
-            def.populate(null /* request */, info);
-          } catch (Exception e) {
-            CMS.debug(e);
-            CMS.debug("CertInfoProfile.populate: " + e.toString());
-          }
+            ICertInfoPolicyDefault def =
+                    (ICertInfoPolicyDefault) e1.nextElement();
+            try {
+                def.populate(null /* request */, info);
+            } catch (Exception e) {
+                CMS.debug(e);
+                CMS.debug("CertInfoProfile.populate: " + e.toString());
+            }
         }
     }
 }
diff --git a/pki/base/common/src/com/netscape/certsrv/profile/EDeferException.java b/pki/base/common/src/com/netscape/certsrv/profile/EDeferException.java
index f4af86b2..2717fabf 100644
--- a/pki/base/common/src/com/netscape/certsrv/profile/EDeferException.java
+++ b/pki/base/common/src/com/netscape/certsrv/profile/EDeferException.java
@@ -17,17 +17,14 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.profile;
 
-
 /**
- * This represents a profile specific exception. The 
- * framework raises this exception when a request is 
- * deferred. 
+ * This represents a profile specific exception. The framework raises this
+ * exception when a request is deferred.
  * <p>
- * A deferred request will not be processed
- * immediately. Manual approval is required for
- * processing the request again.
+ * A deferred request will not be processed immediately. Manual approval is
+ * required for processing the request again.
  * <p>
- *
+ * 
  * @version $Revision$, $Date$
  */
 public class EDeferException extends EProfileException {
@@ -39,11 +36,9 @@ public class EDeferException extends EProfileException {
 
     /**
      * Creates a defer exception.
-     *
-     * @param msg localized message that will be 
-     *            displayed to end user. This message 
-     *            should indicate the reason why a request 
-     *            is deferred.
+     * 
+     * @param msg localized message that will be displayed to end user. This
+     *            message should indicate the reason why a request is deferred.
      */
     public EDeferException(String msg) {
         super(msg);
diff --git a/pki/base/common/src/com/netscape/certsrv/profile/EProfileException.java b/pki/base/common/src/com/netscape/certsrv/profile/EProfileException.java
index d21d6edb..a7d1ca42 100644
--- a/pki/base/common/src/com/netscape/certsrv/profile/EProfileException.java
+++ b/pki/base/common/src/com/netscape/certsrv/profile/EProfileException.java
@@ -22,10 +22,9 @@ import com.netscape.certsrv.base.EBaseException;
 /**
  * This represents a generic profile exception.
  * <p>
- * This is the base class for all profile-specific
- * exception.
+ * This is the base class for all profile-specific exception.
  * <p>
- *
+ * 
  * @version $Revision$, $Date$
  */
 public class EProfileException extends EBaseException {
@@ -37,10 +36,9 @@ public class EProfileException extends EBaseException {
 
     /**
      * Creates a profile exception.
-     *
-     * @param msg additional message for the handler
-     *            of the exception. The message may
-     *            or may not be localized.
+     * 
+     * @param msg additional message for the handler of the exception. The
+     *            message may or may not be localized.
      */
     public EProfileException(String msg) {
         super(msg);
diff --git a/pki/base/common/src/com/netscape/certsrv/profile/ERejectException.java b/pki/base/common/src/com/netscape/certsrv/profile/ERejectException.java
index ceea57f2..ca4bc9da 100644
--- a/pki/base/common/src/com/netscape/certsrv/profile/ERejectException.java
+++ b/pki/base/common/src/com/netscape/certsrv/profile/ERejectException.java
@@ -17,16 +17,14 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.profile;
 
-
 /**
- * This represents a profile specific exception. This
- * exception is raised when a request is rejected.
+ * This represents a profile specific exception. This exception is raised when a
+ * request is rejected.
  * <p>
- * A rejected request cannot be reprocessed. Rejected
- * request is considered as a request in its terminal
- * state.
+ * A rejected request cannot be reprocessed. Rejected request is considered as a
+ * request in its terminal state.
  * <p>
- *
+ * 
  * @version $Revision$, $Date$
  */
 public class ERejectException extends EProfileException {
@@ -37,10 +35,9 @@ public class ERejectException extends EProfileException {
     private static final long serialVersionUID = -542393641391361342L;
 
     /**
-     * Creates a rejection exception. 
-     *
-     * @param msg localized message that indicates
-     *            the reason why a request is 
+     * Creates a rejection exception.
+     * 
+     * @param msg localized message that indicates the reason why a request is
      *            rejected.
      */
     public ERejectException(String msg) {
diff --git a/pki/base/common/src/com/netscape/certsrv/profile/ICertInfoPolicyDefault.java b/pki/base/common/src/com/netscape/certsrv/profile/ICertInfoPolicyDefault.java
index bfd9bdc9..69879129 100644
--- a/pki/base/common/src/com/netscape/certsrv/profile/ICertInfoPolicyDefault.java
+++ b/pki/base/common/src/com/netscape/certsrv/profile/ICertInfoPolicyDefault.java
@@ -27,6 +27,6 @@ public interface ICertInfoPolicyDefault extends IPolicyDefault {
     /**
      * Populates certificate info directly.
      */
-    public void populate(IRequest request, X509CertInfo info) 
+    public void populate(IRequest request, X509CertInfo info)
               throws EBaseException;
 }
diff --git a/pki/base/common/src/com/netscape/certsrv/profile/IEnrollProfile.java b/pki/base/common/src/com/netscape/certsrv/profile/IEnrollProfile.java
index fb92d53e..3207aede 100644
--- a/pki/base/common/src/com/netscape/certsrv/profile/IEnrollProfile.java
+++ b/pki/base/common/src/com/netscape/certsrv/profile/IEnrollProfile.java
@@ -22,28 +22,26 @@ import com.netscape.certsrv.request.IRequest;
 /**
  * This interface represents an enrollment profile.
  * <p>
- * An enrollment profile contains a list of enrollment
- * specific input plugins, default policies, constriant
- * policies and output plugins.
+ * An enrollment profile contains a list of enrollment specific input plugins,
+ * default policies, constriant policies and output plugins.
  * <p>
- * This interface also defines a set of enrollment specific
- * attribute names that can be used to retrieve values
- * from an enrollment request.
+ * This interface also defines a set of enrollment specific attribute names that
+ * can be used to retrieve values from an enrollment request.
  * <p>
- *
+ * 
  * @version $Revision$, $Date$
  */
 public interface IEnrollProfile extends IProfile {
 
     /**
-     * Name of request attribute that stores the User 
-     * Supplied Certificate Request Type.
+     * Name of request attribute that stores the User Supplied Certificate
+     * Request Type.
      */
     public static final String CTX_CERT_REQUEST_TYPE = "cert_request_type";
 
     /**
-     * Name of request attribute that stores the User 
-     * Supplied Certificate Request.
+     * Name of request attribute that stores the User Supplied Certificate
+     * Request.
      */
     public static final String CTX_CERT_REQUEST = "cert_request";
 
@@ -56,17 +54,17 @@ public interface IEnrollProfile extends IProfile {
     public static final String REQ_TYPE_KEYGEN = "keygen";
 
     /**
-     * Name of request attribute that stores the End-User Locale. 
+     * Name of request attribute that stores the End-User Locale.
      * <p>
      * The value is of type java.util.Locale.
      */
     public static final String REQUEST_LOCALE = "req_locale";
 
     /**
-     * Name of request attribute that stores the sequence number. Consider
-     * a CRMF request that may contain multiple certificate request.
-     * The first sub certificate certificate request has a sequence
-     * number of 0, the next one has a sequence of 1, and so on.
+     * Name of request attribute that stores the sequence number. Consider a
+     * CRMF request that may contain multiple certificate request. The first sub
+     * certificate certificate request has a sequence number of 0, the next one
+     * has a sequence of 1, and so on.
      * <p>
      * The value is of type java.lang.Integer.
      */
@@ -86,57 +84,53 @@ public interface IEnrollProfile extends IProfile {
     public static final String CTX_RENEWAL = "renewal";
 
     /**
-     * Name of request attribute that stores the End-User Supplied
-     * Key.
+     * Name of request attribute that stores the End-User Supplied Key.
      * <p>
      * The value is of type netscape.security.x509.CertificateX509Key
      */
     public static final String REQUEST_KEY = "req_key";
 
     /**
-     * Name of request attribute that stores the End-User Supplied
-     * Subject Name.
+     * Name of request attribute that stores the End-User Supplied Subject Name.
      * <p>
      * The value is of type netscape.security.x509.CertificateSubjectName
      */
     public static final String REQUEST_SUBJECT_NAME = "req_subject_name";
 
     /**
-     * Name of request attribute that stores the End-User Supplied
-     * Validity.
+     * Name of request attribute that stores the End-User Supplied Validity.
      * <p>
      * The value is of type netscape.security.x509.CertificateValidity
      */
     public static final String REQUEST_VALIDITY = "req_validity";
 
     /**
-     * Name of request attribute that stores the End-User Supplied
-     * Signing Algorithm.
+     * Name of request attribute that stores the End-User Supplied Signing
+     * Algorithm.
      * <p>
      * The value is of type netscape.security.x509.CertificateAlgorithmId
      */
     public static final String REQUEST_SIGNING_ALGORITHM = "req_signing_alg";
 
     /**
-     * Name of request attribute that stores the End-User Supplied
-     * Extensions.
+     * Name of request attribute that stores the End-User Supplied Extensions.
      * <p>
      * The value is of type netscape.security.x509.CertificateExtensions
      */
     public static final String REQUEST_EXTENSIONS = "req_extensions";
 
     /**
-     * Name of request attribute that stores the End-User Supplied
-     * PKI Archive Option extension. This extension is extracted
-     * from a CRMF request that has the user-provided private key.
+     * Name of request attribute that stores the End-User Supplied PKI Archive
+     * Option extension. This extension is extracted from a CRMF request that
+     * has the user-provided private key.
      * <p>
      * The value is of type byte []
      */
     public static final String REQUEST_ARCHIVE_OPTIONS = "req_archive_options";
 
     /**
-     * Name of request attribute that stores the certificate template
-     * that will be signed and then become a certificate.
+     * Name of request attribute that stores the certificate template that will
+     * be signed and then become a certificate.
      * <p>
      * The value is of type netscape.security.x509.X509CertInfo
      */
@@ -151,6 +145,7 @@ public interface IEnrollProfile extends IProfile {
 
     /**
      * Set Default X509CertInfo in the request.
+     * 
      * @param request profile-based certificate request.
      * @exception EProfileException failed to set the X509CertInfo.
      */
diff --git a/pki/base/common/src/com/netscape/certsrv/profile/IPolicyConstraint.java b/pki/base/common/src/com/netscape/certsrv/profile/IPolicyConstraint.java
index 1af3ef19..21656cb3 100644
--- a/pki/base/common/src/com/netscape/certsrv/profile/IPolicyConstraint.java
+++ b/pki/base/common/src/com/netscape/certsrv/profile/IPolicyConstraint.java
@@ -17,55 +17,50 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.profile;
 
-
 import java.util.Locale;
 
 import com.netscape.certsrv.base.IConfigStore;
 import com.netscape.certsrv.property.IConfigTemplate;
 import com.netscape.certsrv.request.IRequest;
 
-
 /**
- * This represents a constraint policy. A constraint policy
- * validates if the given request conforms to the set
- * rules.
+ * This represents a constraint policy. A constraint policy validates if the
+ * given request conforms to the set rules.
  * <p>
- *
+ * 
  * @version $Revision$, $Date$
  */
 public interface IPolicyConstraint extends IConfigTemplate {
 
     /**
      * Initializes this constraint policy.
-     *
+     * 
      * @param profile owner of this policy
      * @param config configuration store for this constraint
      * @exception EProfileException failed to initialize
      */
     public void init(IProfile profile, IConfigStore config)
-        throws EProfileException;
+            throws EProfileException;
 
     /**
-     * Returns the corresponding configuration store
-     * of this constraint policy.
-     *
+     * Returns the corresponding configuration store of this constraint policy.
+     * 
      * @return config store of this constraint
      */
     public IConfigStore getConfigStore();
 
     /**
-     * Validates the request. The request is not modified
-     * during the validation.
-     *
+     * Validates the request. The request is not modified during the validation.
+     * 
      * @param request request to be validated
      * @exception ERejectException reject the given request
      */
     public void validate(IRequest request)
-        throws ERejectException;
+            throws ERejectException;
 
     /**
      * Returns localized description of this constraint.
-     *
+     * 
      * @param locale locale of the end-user
      * @return localized description of this constraint
      */
@@ -73,19 +68,18 @@ public interface IPolicyConstraint extends IConfigTemplate {
 
     /**
      * Returns localized name of this constraint.
-     *
+     * 
      * @param locale locale of the end-user
      * @return localized name of this constraint
      */
     public String getName(Locale locale);
 
     /**
-     * Checks if this constraint is applicable to the
-     * given default policy.
-     *
+     * Checks if this constraint is applicable to the given default policy.
+     * 
      * @param def default policy to be checked
-     * @return true if this constraint can be applied to
-     *              the given default policy
+     * @return true if this constraint can be applied to the given default
+     *         policy
      */
     public boolean isApplicable(IPolicyDefault def);
 }
diff --git a/pki/base/common/src/com/netscape/certsrv/profile/IPolicyDefault.java b/pki/base/common/src/com/netscape/certsrv/profile/IPolicyDefault.java
index 092b10fd..02504320 100644
--- a/pki/base/common/src/com/netscape/certsrv/profile/IPolicyDefault.java
+++ b/pki/base/common/src/com/netscape/certsrv/profile/IPolicyDefault.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.profile;
 
-
 import java.util.Enumeration;
 import java.util.Locale;
 
@@ -27,36 +26,28 @@ import com.netscape.certsrv.property.IConfigTemplate;
 import com.netscape.certsrv.property.IDescriptor;
 import com.netscape.certsrv.request.IRequest;
 
-
 /**
- * This represents a default policy that populates
- * the request with additional values.
+ * This represents a default policy that populates the request with additional
+ * values.
  * <p>
- *
- * During request submission process, a default 
- * policy is invoked to populate the default values
- * in the request. The default values will later
- * on be used for execution. The default values
- * are like the parameters for the request.
+ * 
+ * During request submission process, a default policy is invoked to populate
+ * the default values in the request. The default values will later on be used
+ * for execution. The default values are like the parameters for the request.
  * <p>
- *
- * This policy is called in 2 places. For
- * automated enrollment request, this policy
- * is invoked to populate the HTTP parameters
- * into the request. For request that cannot
- * be executed immediately, this policy will be
- * invoked again right after the agent's
- * approval.
+ * 
+ * This policy is called in 2 places. For automated enrollment request, this
+ * policy is invoked to populate the HTTP parameters into the request. For
+ * request that cannot be executed immediately, this policy will be invoked
+ * again right after the agent's approval.
  * <p>
- *
- * Each default policy may contain zero or more
- * properties that describe the default value.
- * For example, a X509 Key can be described by
- * its key type, key length, and key data. The
- * properties help to describe the default value
- * into human readable values.
+ * 
+ * Each default policy may contain zero or more properties that describe the
+ * default value. For example, a X509 Key can be described by its key type, key
+ * length, and key data. The properties help to describe the default value into
+ * human readable values.
  * <p>
- *
+ * 
  * @version $Revision$, $Date$
  */
 public interface IPolicyDefault extends IConfigTemplate {
@@ -69,27 +60,27 @@ public interface IPolicyDefault extends IConfigTemplate {
      * @exception EProfileException failed to initialize
      */
     public void init(IProfile profile, IConfigStore config)
-        throws EProfileException;
+            throws EProfileException;
 
     /**
      * Retrieves the configuration store of this default.
-     *
+     * 
      * @return configuration store of this default policy
      */
     public IConfigStore getConfigStore();
 
     /**
      * Populates the request with this policy default.
-     *
+     * 
      * @param request request to be populated
      * @exception EProfileException failed to populate
      */
     public void populate(IRequest request)
-        throws EProfileException;
- 
+            throws EProfileException;
+
     /**
      * Retrieves the localizable name of this policy.
-     *
+     * 
      * @param locale locale of the end user
      * @return localized name of this default policy
      */
@@ -105,17 +96,15 @@ public interface IPolicyDefault extends IConfigTemplate {
 
     /**
      * Retrieves a list of names of the property.
-     *
-     * @return a list of property names. The values are
-     *         of type java.lang.String
+     * 
+     * @return a list of property names. The values are of type java.lang.String
      */
     public Enumeration<String> getValueNames();
 
     /**
-     * Retrieves the descriptor of the given property 
-     * by name. The descriptor contains syntax 
-     * information.
-     *
+     * Retrieves the descriptor of the given property by name. The descriptor
+     * contains syntax information.
+     * 
      * @param locale locale of the end user
      * @param name name of property
      * @return descriptor of the property
@@ -124,25 +113,24 @@ public interface IPolicyDefault extends IConfigTemplate {
 
     /**
      * Sets the value of the given value property by name.
-     *
+     * 
      * @param name name of property
      * @param locale locale of the end user
      * @param request request
      * @param value value to be set in the given request
      * @exception EPropertyException failed to set property
      */
-    public void setValue(String name, Locale locale, IRequest request, 
-        String value) throws EPropertyException;
+    public void setValue(String name, Locale locale, IRequest request,
+            String value) throws EPropertyException;
 
     /**
-     * Retrieves the value of the given value 
-     * property by name.
-     *
+     * Retrieves the value of the given value property by name.
+     * 
      * @param name name of property
      * @param locale locale of the end user
      * @param request request
      * @exception EPropertyException failed to get property
      */
     public String getValue(String name, Locale locale, IRequest request)
-        throws EPropertyException;
+            throws EPropertyException;
 }
diff --git a/pki/base/common/src/com/netscape/certsrv/profile/IProfile.java b/pki/base/common/src/com/netscape/certsrv/profile/IProfile.java
index cc6975cd..b6cdab6a 100644
--- a/pki/base/common/src/com/netscape/certsrv/profile/IProfile.java
+++ b/pki/base/common/src/com/netscape/certsrv/profile/IProfile.java
@@ -29,72 +29,67 @@ import com.netscape.certsrv.request.IRequestQueue;
 import com.netscape.cms.profile.common.ProfilePolicy;
 
 /**
- * This interface represents a profile. A profile contains 
- * a list of input policies, default policies, constraint 
- * policies and output policies.
+ * This interface represents a profile. A profile contains a list of input
+ * policies, default policies, constraint policies and output policies.
  * <p>
- *
+ * 
  * The input policy is for building the enrollment page.
  * <p>
- *
- * The default policy is for populating user-supplied and
- * system-supplied values into the request.
+ * 
+ * The default policy is for populating user-supplied and system-supplied values
+ * into the request.
  * <p>
- *
- * The constraint policy is for validating the request before
- * processing.
+ * 
+ * The constraint policy is for validating the request before processing.
  * <p>
- *
+ * 
  * The output policy is for building the result page.
  * <p>
- *
- * Each profile can have multiple policy set. Each set
- * is composed of zero or more default policies and zero
- * or more constraint policies.
+ * 
+ * Each profile can have multiple policy set. Each set is composed of zero or
+ * more default policies and zero or more constraint policies.
  * <p>
- *
+ * 
  * @version $Revision$, $Date$
  */
 public interface IProfile {
 
     /**
      * Initializes this profile.
-     *
+     * 
      * @param owner profile subsystem
      * @param config configuration store for this profile
      * @exception EBaseException failed to initialize
      */
     public void init(IProfileSubsystem owner, IConfigStore config)
-        throws EBaseException;
+            throws EBaseException;
 
     /**
-     * Retrieves the request queue that is associated with
-     * this profile. The request queue is for creating
-     * new requests.
-     *
+     * Retrieves the request queue that is associated with this profile. The
+     * request queue is for creating new requests.
+     * 
      * @return request queue
      */
     public IRequestQueue getRequestQueue();
 
     /**
      * Sets id of this profile.
-     *
+     * 
      * @param id profile identifier
      */
     public void setId(String id);
- 
+
     /**
      * Returns the identifier of this profile.
-     *
+     * 
      * @return profile id
      */
     public String getId();
 
     /**
-     * Retrieves a localized string that represents
-     * requestor's distinguished name. This string
-     * displayed in the request listing user interface.
-     *
+     * Retrieves a localized string that represents requestor's distinguished
+     * name. This string displayed in the request listing user interface.
+     * 
      * @param request request
      * @return distringuished name of the request owner
      */
@@ -102,14 +97,14 @@ public interface IProfile {
 
     /**
      * Retrieves the configuration store of this profile.
-     *
+     * 
      * @return configuration store
      */
     public IConfigStore getConfigStore();
 
     /**
      * Retrieves the instance id of the authenticator for this profile.
-     *
+     * 
      * @return authenticator instance id
      */
     public String getAuthenticatorId();
@@ -118,31 +113,31 @@ public interface IProfile {
 
     /**
      * Sets the instance id of the authenticator for this profile.
-     *
+     * 
      * @param id authenticator instance id
      */
     public void setAuthenticatorId(String id);
 
     /**
      * Retrieves the associated authenticator instance.
-     *
-     * @return profile authenticator instance. 
-     *                 if no associated authenticator, null is returned
+     * 
+     * @return profile authenticator instance. if no associated authenticator,
+     *         null is returned
      * @exception EProfileException failed to retrieve
      */
-    public IProfileAuthenticator getAuthenticator() 
-        throws EProfileException;
+    public IProfileAuthenticator getAuthenticator()
+            throws EProfileException;
 
     /**
      * Retrieves a list of input policy IDs.
-     *
+     * 
      * @return input policy id list
      */
     public Enumeration<String> getProfileInputIds();
 
     /**
      * Retrieves input policy by id.
-     *
+     * 
      * @param id input policy id
      * @return input policy instance
      */
@@ -150,40 +145,38 @@ public interface IProfile {
 
     /**
      * Retrieves a list of output policy IDs.
-     *
+     * 
      * @return output policy id list
      */
     public Enumeration<String> getProfileOutputIds();
 
     /**
      * Retrieves output policy by id.
-     *
+     * 
      * @param id output policy id
      * @return output policy instance
      */
     public IProfileOutput getProfileOutput(String id);
 
     /**
-     * Checks if this profile is end-user profile or not.
-     * End-user profile will be displayed to the end user.
-     * Non end-user profile mainly is for registration
-     * manager.
-     *
+     * Checks if this profile is end-user profile or not. End-user profile will
+     * be displayed to the end user. Non end-user profile mainly is for
+     * registration manager.
+     * 
      * @return end-user profile or not
      */
-    public boolean isVisible(); 
+    public boolean isVisible();
 
     /**
      * Sets this profile end-user profile or not.
-     *
+     * 
      * @param v end-user profile or not
      */
-    public void setVisible(boolean v); 
+    public void setVisible(boolean v);
 
     /**
-     * Retrieves the user id of the person who
-     * approves this profile.
-     *
+     * Retrieves the user id of the person who approves this profile.
+     * 
      * @return user id of the approver of this profile
      */
     public String getApprovedBy();
@@ -200,7 +193,7 @@ public interface IProfile {
 
     /**
      * Returns the profile name.
-     *
+     * 
      * @param locale end-user locale
      * @param name profile name
      */
@@ -208,7 +201,7 @@ public interface IProfile {
 
     /**
      * Retrieves the profile name.
-     *
+     * 
      * @param locale end-user locale
      * @return localized profile name
      */
@@ -216,7 +209,7 @@ public interface IProfile {
 
     /**
      * Returns the profile description.
-     *
+     * 
      * @param locale end-user locale
      * @param desc profile description
      */
@@ -224,31 +217,30 @@ public interface IProfile {
 
     /**
      * Retrieves the profile description.
-     *
+     * 
      * @param locale end-user locale
      * @return localized profile description
      */
     public String getDescription(Locale locale);
 
     /**
-     * Retrieves profile context. The context stores
-     * information about the requestor before the
-     * actual request is created.
-     *
+     * Retrieves profile context. The context stores information about the
+     * requestor before the actual request is created.
+     * 
      * @return profile context.
      */
     public IProfileContext createContext();
 
     /**
      * Returns the profile policy set identifiers.
-     *
+     * 
      * @return a list of policy set id
      */
     public Enumeration<String> getProfilePolicySetIds();
 
     /**
      * Creates a profile policy.
-     *
+     * 
      * @param setId id of the policy set that owns this policy
      * @param id policy id
      * @param defaultClassId id of the registered default implementation
@@ -256,83 +248,82 @@ public interface IProfile {
      * @exception EProfileException failed to create policy
      * @return profile policy instance
      */
-    public IProfilePolicy createProfilePolicy(String setId, String id, 
-        String defaultClassId, String constraintClassId)
-        throws EProfileException;
+    public IProfilePolicy createProfilePolicy(String setId, String id,
+            String defaultClassId, String constraintClassId)
+            throws EProfileException;
 
     /**
      * Deletes input policy by id.
-     *
+     * 
      * @param inputId id of the input policy
-     * @exception EProfileException failed to  delete
+     * @exception EProfileException failed to delete
      */
     public void deleteProfileInput(String inputId) throws EProfileException;
 
     /**
      * Deletes output policy by id.
-     *
+     * 
      * @param outputId id of the output policy
-     * @exception EProfileException failed to  delete
+     * @exception EProfileException failed to delete
      */
     public void deleteProfileOutput(String outputId) throws EProfileException;
 
     /**
      * Creates a input policy.
-     *
+     * 
      * @param id input policy id
      * @param inputClassId id of the registered input implementation
      * @param nvp default parameters
      * @return input policy
      * @exception EProfileException failed to create
      */
-    public IProfileInput createProfileInput(String id, String inputClassId, 
-        NameValuePairs nvp)
-        throws EProfileException;
+    public IProfileInput createProfileInput(String id, String inputClassId,
+            NameValuePairs nvp)
+            throws EProfileException;
 
     /**
      * Creates a output policy.
-     *
+     * 
      * @param id output policy id
      * @param outputClassId id of the registered output implementation
      * @param nvp default parameters
      * @return output policy
      * @exception EProfileException failed to create
      */
-    public IProfileOutput createProfileOutput(String id, String outputClassId, 
-        NameValuePairs nvp) throws EProfileException;
+    public IProfileOutput createProfileOutput(String id, String outputClassId,
+            NameValuePairs nvp) throws EProfileException;
 
     /**
      * Deletes a policy.
-     *
+     * 
      * @param setId id of the policy set
      * @param policyId id of policy to delete
      * @exception EProfileException failed to delete
      */
-    public void deleteProfilePolicy(String setId, String policyId) 
-        throws EProfileException;
+    public void deleteProfilePolicy(String setId, String policyId)
+            throws EProfileException;
 
     /**
      * Retrieves a policy.
-     *
+     * 
      * @param setId set id
      * @param id policy id
      * @return profile policy
      */
-    public IProfilePolicy getProfilePolicy(String setId, String id); 
+    public IProfilePolicy getProfilePolicy(String setId, String id);
 
     /**
      * Retrieves all the policy id within a set.
-     *
+     * 
      * @param setId set id
      * @return a list of policy id
      */
     public Enumeration<String> getProfilePolicyIds(String setId);
 
     /**
-     * Retrieves a default set id for the given request.
-     * It is the profile's responsibility to return
-     * an appropriate set id for the request.
-     *
+     * Retrieves a default set id for the given request. It is the profile's
+     * responsibility to return an appropriate set id for the request.
+     * 
      * @param req request
      * @return policy set id
      */
@@ -340,72 +331,72 @@ public interface IProfile {
 
     /**
      * Returns a list of profile policies.
-     *
+     * 
      * @param setId set id
      * @return a list of policies
      */
     public Enumeration<ProfilePolicy> getProfilePolicies(String setId);
 
     /**
-     * Creates one or more requests. Normally, only one request will
-     * be created. In case of CRMF request, multiple requests may be
-     * created for one submission.
-     *
+     * Creates one or more requests. Normally, only one request will be created.
+     * In case of CRMF request, multiple requests may be created for one
+     * submission.
+     * 
      * @param ctx profile context
      * @param locale user locale
      * @return a list of requests
      * @exception EProfileException failed to create requests
      */
-    public IRequest[] createRequests(IProfileContext ctx, Locale locale) 
-        throws EProfileException;
+    public IRequest[] createRequests(IProfileContext ctx, Locale locale)
+            throws EProfileException;
 
     /**
      * Populates user-supplied input values into the requests.
-     *
+     * 
      * @param ctx profile context
      * @param request request
      * @exception EProfileException failed to populate
      */
-    public void populateInput(IProfileContext ctx, IRequest request) 
-        throws EProfileException;
+    public void populateInput(IProfileContext ctx, IRequest request)
+            throws EProfileException;
 
     /**
-     * Passes the request to the set of default policies that
-     * populate the profile information against the profile.
-     *
+     * Passes the request to the set of default policies that populate the
+     * profile information against the profile.
+     * 
      * @param request request
      * @exception EProfileException failed to populate default values
-     */ 
-    public void populate(IRequest request) 
-        throws EProfileException;
+     */
+    public void populate(IRequest request)
+            throws EProfileException;
 
     /**
-     * Passes the request to the set of constraint policies 
-     * that validate the request against the profile.
-     *
+     * Passes the request to the set of constraint policies that validate the
+     * request against the profile.
+     * 
      * @param request request
      * @exception ERejectException validation violation
-     */ 
-    public void validate(IRequest request) 
-        throws ERejectException;
+     */
+    public void validate(IRequest request)
+            throws ERejectException;
 
     /**
      * Process a request after validation.
-     *
+     * 
      * @param request request to be processed
      * @exception EProfileException failed to process
      */
-    public void execute(IRequest request) 
-        throws EProfileException;
+    public void execute(IRequest request)
+            throws EProfileException;
 
     /**
      * Handles end-user request submission.
-     *
+     * 
      * @param token authentication token
      * @param request request to be processed
      * @exception EDeferException defer request
      * @exception EProfileException failed to submit
      */
     public void submit(IAuthToken token, IRequest request)
-        throws EDeferException, EProfileException;
+            throws EDeferException, EProfileException;
 }
diff --git a/pki/base/common/src/com/netscape/certsrv/profile/IProfileAuthenticator.java b/pki/base/common/src/com/netscape/certsrv/profile/IProfileAuthenticator.java
index 476002e2..026f86b7 100644
--- a/pki/base/common/src/com/netscape/certsrv/profile/IProfileAuthenticator.java
+++ b/pki/base/common/src/com/netscape/certsrv/profile/IProfileAuthenticator.java
@@ -26,14 +26,12 @@ import com.netscape.certsrv.base.IConfigStore;
 import com.netscape.certsrv.property.IDescriptor;
 import com.netscape.certsrv.request.IRequest;
 
-
 /**
- * This interface represents an authenticator for profile.
- * An authenticator is responsibile for authenting
- * the end-user. If authentication is successful, request
- * can be processed immediately. Otherwise, the request will
- * be defered and manual approval is then required.
- *  
+ * This interface represents an authenticator for profile. An authenticator is
+ * responsibile for authenting the end-user. If authentication is successful,
+ * request can be processed immediately. Otherwise, the request will be defered
+ * and manual approval is then required.
+ * 
  * @version $Revision$, $Date$
  */
 public interface IProfileAuthenticator extends IAuthManager {
@@ -42,35 +40,35 @@ public interface IProfileAuthenticator extends IAuthManager {
 
     /**
      * Initializes this default policy.
-     *
+     * 
      * @param profile owner of this authenticator
      * @param config configuration store
      * @exception EProfileException failed to initialize
      */
     public void init(IProfile profile, IConfigStore config)
-        throws EProfileException;
+            throws EProfileException;
 
     /**
      * Retrieves the configuration store.
-     *
+     * 
      * @return configuration store
      */
     public IConfigStore getConfigStore();
 
     /**
-     * Populates authentication specific information into the
-     * request for auditing purposes.
-     *
+     * Populates authentication specific information into the request for
+     * auditing purposes.
+     * 
      * @param token authentication token
      * @param request request
      * @exception EProfileException failed to populate
      */
     public void populate(IAuthToken token, IRequest request)
-        throws EProfileException;
+            throws EProfileException;
 
     /**
      * Retrieves the localizable name of this policy.
-     *
+     * 
      * @param locale end user locale
      * @return localized authenticator name
      */
@@ -78,7 +76,7 @@ public interface IProfileAuthenticator extends IAuthManager {
 
     /**
      * Retrieves the localizable description of this policy.
-     *
+     * 
      * @param locale end user locale
      * @return localized authenticator description
      */
@@ -86,26 +84,24 @@ public interface IProfileAuthenticator extends IAuthManager {
 
     /**
      * Retrieves a list of names of the property.
-     *
+     * 
      * @return a list of property names
      */
     public Enumeration<String> getValueNames();
 
     /**
-     * Checks if the value of the given property should be
-     * serializable into the request. Passsword or other
-     * security-related value may not be desirable for
-     * storage.
-     *
+     * Checks if the value of the given property should be serializable into the
+     * request. Passsword or other security-related value may not be desirable
+     * for storage.
+     * 
      * @param name property name
      * @return true if the property is not security related
      */
     public boolean isValueWriteable(String name);
 
     /**
-     * Retrieves the descriptor of the given value 
-     * property by name.
-     *
+     * Retrieves the descriptor of the given value property by name.
+     * 
      * @param locale user locale
      * @param name property name
      * @return descriptor of the requested property
@@ -114,7 +110,7 @@ public interface IProfileAuthenticator extends IAuthManager {
 
     /**
      * Checks if this authenticator requires SSL client authentication.
-     *
+     * 
      * @return client authentication required or not
      */
     public boolean isSSLClientRequired();
diff --git a/pki/base/common/src/com/netscape/certsrv/profile/IProfileContext.java b/pki/base/common/src/com/netscape/certsrv/profile/IProfileContext.java
index 906c4816..8a569d17 100644
--- a/pki/base/common/src/com/netscape/certsrv/profile/IProfileContext.java
+++ b/pki/base/common/src/com/netscape/certsrv/profile/IProfileContext.java
@@ -17,19 +17,17 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.profile;
 
-
 /**
- * This interface represents a profile context which
- * stores system-wide and user-provided information for
- * assisting request creation.
- *
+ * This interface represents a profile context which stores system-wide and
+ * user-provided information for assisting request creation.
+ * 
  * @version $Revision$, $Date$
  */
 public interface IProfileContext {
 
     /**
      * Sets a value into the context.
-     *
+     * 
      * @param name property name
      * @param value property value
      */
@@ -37,7 +35,7 @@ public interface IProfileContext {
 
     /**
      * Retrieves a value from the context.
-     *
+     * 
      * @param name property name
      * @return property value
      */
diff --git a/pki/base/common/src/com/netscape/certsrv/profile/IProfileEx.java b/pki/base/common/src/com/netscape/certsrv/profile/IProfileEx.java
index 8ce3262e..dc8d782b 100644
--- a/pki/base/common/src/com/netscape/certsrv/profile/IProfileEx.java
+++ b/pki/base/common/src/com/netscape/certsrv/profile/IProfileEx.java
@@ -20,17 +20,16 @@ package com.netscape.certsrv.profile;
 import com.netscape.certsrv.base.EBaseException;
 
 /**
- * This interface represents the extension version of
- * profile.
+ * This interface represents the extension version of profile.
  * <p>
- *
+ * 
  * @version $Revision$, $Date$
  */
 public interface IProfileEx extends IProfile {
 
     /**
-     * Called after initialization. It populates default
-     * policies, inputs, and outputs.
+     * Called after initialization. It populates default policies, inputs, and
+     * outputs.
      */
     public void populate() throws EBaseException;
 }
diff --git a/pki/base/common/src/com/netscape/certsrv/profile/IProfileInput.java b/pki/base/common/src/com/netscape/certsrv/profile/IProfileInput.java
index 35453e7d..b2268ebb 100644
--- a/pki/base/common/src/com/netscape/certsrv/profile/IProfileInput.java
+++ b/pki/base/common/src/com/netscape/certsrv/profile/IProfileInput.java
@@ -27,9 +27,8 @@ import com.netscape.certsrv.property.IDescriptor;
 import com.netscape.certsrv.request.IRequest;
 
 /**
- * This interface represents a input policy which
- * provides information on how to create the
- * end-user enrollment page.
+ * This interface represents a input policy which provides information on how to
+ * create the end-user enrollment page.
  * 
  * @version $Revision$, $Date$
  */
@@ -37,34 +36,34 @@ public interface IProfileInput extends IConfigTemplate {
 
     /**
      * Initializes this default policy.
-     *
+     * 
      * @param profile owner of this input
      * @param config configuration store
      * @exception EProfileException failed to initialize
      */
     public void init(IProfile profile, IConfigStore config)
-        throws EProfileException;
+            throws EProfileException;
 
     /**
      * Returns configuration store.
-     *
+     * 
      * @return configuration store
      */
     public IConfigStore getConfigStore();
 
     /**
      * Populates the request with this policy default.
-     *
+     * 
      * @param ctx profile context
      * @param request request
      * @exception EProfileException failed to populate
      */
     public void populate(IProfileContext ctx, IRequest request)
-        throws EProfileException;
+            throws EProfileException;
 
     /**
      * Retrieves the localizable name of this policy.
-     *
+     * 
      * @param locale user locale
      * @return localized input name
      */
@@ -72,7 +71,7 @@ public interface IProfileInput extends IConfigTemplate {
 
     /**
      * Retrieves the localizable description of this policy.
-     *
+     * 
      * @param locale user locale
      * @return localized input description
      */
@@ -80,15 +79,14 @@ public interface IProfileInput extends IConfigTemplate {
 
     /**
      * Retrieves a list of names of the property.
-     *
+     * 
      * @return a list of property names
      */
     public Enumeration<String> getValueNames();
 
     /**
-     * Retrieves the descriptor of the given value 
-     * property by name.
-     *
+     * Retrieves the descriptor of the given value property by name.
+     * 
      * @param locale user locale
      * @param name property name
      * @return descriptor of the property
@@ -97,24 +95,24 @@ public interface IProfileInput extends IConfigTemplate {
 
     /**
      * Retrieves value from the request.
-     *
+     * 
      * @param name property name
      * @param locale user locale
      * @param request request
      * @exception EProfileException failed to get value
      */
     public String getValue(String name, Locale locale, IRequest request)
-        throws EProfileException;
+            throws EProfileException;
 
     /**
      * Sets the value of the given property by name.
-     *
+     * 
      * @param name property name
      * @param locale user locale
      * @param request request
      * @param value value
      * @exception EProfileException failed to get value
      */
-    public void setValue(String name, Locale locale, IRequest request, 
-        String value) throws EPropertyException;
+    public void setValue(String name, Locale locale, IRequest request,
+            String value) throws EPropertyException;
 }
diff --git a/pki/base/common/src/com/netscape/certsrv/profile/IProfileOutput.java b/pki/base/common/src/com/netscape/certsrv/profile/IProfileOutput.java
index 6dbfea51..f8fc9d6b 100644
--- a/pki/base/common/src/com/netscape/certsrv/profile/IProfileOutput.java
+++ b/pki/base/common/src/com/netscape/certsrv/profile/IProfileOutput.java
@@ -27,9 +27,8 @@ import com.netscape.certsrv.property.IDescriptor;
 import com.netscape.certsrv.request.IRequest;
 
 /**
- * This interface represents a output policy which
- * provides information on how to build the result
- * page for the enrollment.
+ * This interface represents a output policy which provides information on how
+ * to build the result page for the enrollment.
  * 
  * @version $Revision$, $Date$
  */
@@ -37,34 +36,34 @@ public interface IProfileOutput extends IConfigTemplate {
 
     /**
      * Initializes this default policy.
-     *
+     * 
      * @param profile owner of this policy
      * @param config configuration store
      * @exception EProfileException failed to initialize
      */
     public void init(IProfile profile, IConfigStore config)
-        throws EProfileException;
+            throws EProfileException;
 
     /**
      * Retrieves configuration store.
-     *
+     * 
      * @return configuration store
      */
     public IConfigStore getConfigStore();
 
     /**
      * Populates the request with this policy default.
-     *
+     * 
      * @param ctx profile context
      * @param request request
      * @exception EProfileException failed to populate
      */
     public void populate(IProfileContext ctx, IRequest request)
-        throws EProfileException;
+            throws EProfileException;
 
     /**
      * Retrieves the localizable name of this policy.
-     *
+     * 
      * @param locale user locale
      * @return output policy name
      */
@@ -72,7 +71,7 @@ public interface IProfileOutput extends IConfigTemplate {
 
     /**
      * Retrieves the localizable description of this policy.
-     *
+     * 
      * @param locale user locale
      * @return output policy description
      */
@@ -80,15 +79,14 @@ public interface IProfileOutput extends IConfigTemplate {
 
     /**
      * Retrieves a list of names of the value parameter.
-     *
+     * 
      * @return a list of property names
      */
     public Enumeration<String> getValueNames();
 
     /**
-     * Retrieves the descriptor of the given value 
-     * parameter by name.
-     *
+     * Retrieves the descriptor of the given value parameter by name.
+     * 
      * @param locale user locale
      * @param name property name
      * @return property descriptor
@@ -97,7 +95,7 @@ public interface IProfileOutput extends IConfigTemplate {
 
     /**
      * Retrieves the value of the given value parameter by name.
-     *
+     * 
      * @param name property name
      * @param locale user locale
      * @param request request
@@ -105,17 +103,17 @@ public interface IProfileOutput extends IConfigTemplate {
      * @exception EProfileException failed to retrieve value
      */
     public String getValue(String name, Locale locale, IRequest request)
-        throws EProfileException;
+            throws EProfileException;
 
     /**
      * Sets the value of the given value parameter by name.
-     *
+     * 
      * @param name property name
      * @param locale user locale
      * @param request request
      * @param value property value
      * @exception EProfileException failed to retrieve value
      */
-    public void setValue(String name, Locale locale, IRequest request, 
-        String value) throws EPropertyException;
+    public void setValue(String name, Locale locale, IRequest request,
+            String value) throws EPropertyException;
 }
diff --git a/pki/base/common/src/com/netscape/certsrv/profile/IProfilePolicy.java b/pki/base/common/src/com/netscape/certsrv/profile/IProfilePolicy.java
index 9577cb08..733a69b1 100644
--- a/pki/base/common/src/com/netscape/certsrv/profile/IProfilePolicy.java
+++ b/pki/base/common/src/com/netscape/certsrv/profile/IProfilePolicy.java
@@ -18,31 +18,30 @@
 package com.netscape.certsrv.profile;
 
 /**
- * This interface represents a profile policy
- * which consists a default policy and a
- * constraint policy.
- *
+ * This interface represents a profile policy which consists a default policy
+ * and a constraint policy.
+ * 
  * @version $Revision$, $Date$
  */
 public interface IProfilePolicy {
 
     /**
-     * Retrieves the policy id 
-     *
+     * Retrieves the policy id
+     * 
      * @return policy id
      */
     public String getId();
 
     /**
      * Retrieves the default policy.
-     *
+     * 
      * @return default policy
      */
     public IPolicyDefault getDefault();
 
     /**
      * Retrieves the constraint policy.
-     *
+     * 
      * @return constraint policy
      */
     public IPolicyConstraint getConstraint();
diff --git a/pki/base/common/src/com/netscape/certsrv/profile/IProfileSubsystem.java b/pki/base/common/src/com/netscape/certsrv/profile/IProfileSubsystem.java
index 6f2fef37..48162dd2 100644
--- a/pki/base/common/src/com/netscape/certsrv/profile/IProfileSubsystem.java
+++ b/pki/base/common/src/com/netscape/certsrv/profile/IProfileSubsystem.java
@@ -17,16 +17,13 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.profile;
 
-
 import java.util.Enumeration;
 
 import com.netscape.certsrv.base.ISubsystem;
 
-
 /**
- * This represents the profile subsystem that manages 
- * a list of profiles.
- *
+ * This represents the profile subsystem that manages a list of profiles.
+ * 
  * @version $Revision$, $Date$
  */
 public interface IProfileSubsystem extends ISubsystem {
@@ -34,16 +31,16 @@ public interface IProfileSubsystem extends ISubsystem {
 
     /**
      * Retrieves a profile by id.
-     *
+     * 
      * @return profile
      * @exception EProfileException failed to retrieve
      */
     public IProfile getProfile(String id)
-        throws EProfileException;
+            throws EProfileException;
 
     /**
      * Checks if a profile is approved by an agent or not.
-     *
+     * 
      * @param id profile id
      * @return true if profile is approved
      */
@@ -51,7 +48,7 @@ public interface IProfileSubsystem extends ISubsystem {
 
     /**
      * Retrieves the approver of the given profile.
-     *
+     * 
      * @param id profile id
      * @return user id of the agent who has approved the profile
      */
@@ -59,76 +56,75 @@ public interface IProfileSubsystem extends ISubsystem {
 
     /**
      * Creates new profile.
-     *
+     * 
      * @param id profile id
      * @param classid implementation id
      * @param className class Name
      * @param configFile configuration file
      * @exception EProfileException failed to create profile
      */
-    public IProfile createProfile(String id, String classid, 
-        String className, String configFile) 
-        throws EProfileException;
+    public IProfile createProfile(String id, String classid,
+            String className, String configFile)
+            throws EProfileException;
 
     /**
      * Deletes profile.
-     *
+     * 
      * @param id profile id
      * @param configFile configuration file
      * @exception EProfileException failed to delete profile
      */
-    public void deleteProfile(String id, String configFile) 
-        throws EProfileException;
+    public void deleteProfile(String id, String configFile)
+            throws EProfileException;
 
     /**
      * Creates a new profile configuration file.
-     *
+     * 
      * @param id profile id
      * @param classId implementation id
      * @param configPath location to create the configuration file
      * @exception failed to create profile
      */
     public void createProfileConfig(String id, String classId,
-        String configPath) throws EProfileException;
+            String configPath) throws EProfileException;
 
     /**
      * Enables a profile.
-     *
+     * 
      * @param id profile id
      * @param enableBy agent's user id
      * @exception EProfileException failed to enable profile
      */
     public void enableProfile(String id, String enableBy)
-        throws EProfileException;
+            throws EProfileException;
 
     /**
      * Disables a profile.
-     *
+     * 
      * @param id profile id
      * @exception EProfileException failed to disable
      */
     public void disableProfile(String id)
-        throws EProfileException;
+            throws EProfileException;
 
     /**
      * Retrieves the id of the implementation of the given profile.
-     *
+     * 
      * @param id profile id
      * @return implementation id managed by the registry
      */
     public String getProfileClassId(String id);
 
     /**
-     * Retrieves a list of profile ids. The return
-     * list is of type String.
-     *
+     * Retrieves a list of profile ids. The return list is of type String.
+     * 
      * @return a list of profile ids
      */
-    public Enumeration<String>  getProfileIds();
+    public Enumeration<String> getProfileIds();
 
     /**
      * Checks if owner id should be enforced during profile approval.
-     *
+     * 
      * @return true if approval should be checked
      */
     public boolean checkOwner();
diff --git a/pki/base/common/src/com/netscape/certsrv/profile/IProfileUpdater.java b/pki/base/common/src/com/netscape/certsrv/profile/IProfileUpdater.java
index a36ee196..504acb0b 100644
--- a/pki/base/common/src/com/netscape/certsrv/profile/IProfileUpdater.java
+++ b/pki/base/common/src/com/netscape/certsrv/profile/IProfileUpdater.java
@@ -25,8 +25,8 @@ import com.netscape.certsrv.request.IRequest;
 import com.netscape.certsrv.request.RequestStatus;
 
 /**
- * This interface represents an updater that will be
- * called when the request's state changes.
+ * This interface represents an updater that will be called when the request's
+ * state changes.
  * 
  * @version $Revision$, $Date$
  */
@@ -34,34 +34,34 @@ public interface IProfileUpdater extends IConfigTemplate {
 
     /**
      * Initializes this default policy.
-     *
+     * 
      * @param profile owner of this policy
      * @param config configuration store
      * @exception EProfileException failed to initialize
      */
     public void init(IProfile profile, IConfigStore config)
-        throws EProfileException;
+            throws EProfileException;
 
     /**
      * Retrieves configuration store.
-     *
+     * 
      * @return configuration store
      */
     public IConfigStore getConfigStore();
 
     /**
      * Notifies of state change.
-     *
+     * 
      * @param req request
      * @param status The status to check for.
      * @exception EProfileException failed to populate
      */
-    public void update(IRequest req, RequestStatus status) 
-         throws EProfileException;
+    public void update(IRequest req, RequestStatus status)
+            throws EProfileException;
 
     /**
      * Retrieves the localizable name of this policy.
-     *
+     * 
      * @param locale user locale
      * @return output policy name
      */
@@ -69,7 +69,7 @@ public interface IProfileUpdater extends IConfigTemplate {
 
     /**
      * Retrieves the localizable description of this policy.
-     *
+     * 
      * @param locale user locale
      * @return output policy description
      */
diff --git a/pki/base/common/src/com/netscape/certsrv/property/Descriptor.java b/pki/base/common/src/com/netscape/certsrv/property/Descriptor.java
index 92aeff18..a6f6cd83 100644
--- a/pki/base/common/src/com/netscape/certsrv/property/Descriptor.java
+++ b/pki/base/common/src/com/netscape/certsrv/property/Descriptor.java
@@ -19,10 +19,9 @@ package com.netscape.certsrv.property;
 
 import java.util.Locale;
 
-
 /**
- * This interface represents a property descriptor. A descriptor
- * includes information that describe a property.
+ * This interface represents a property descriptor. A descriptor includes
+ * information that describe a property.
  * 
  * @version $Revision$, $Date$
  */
@@ -35,7 +34,7 @@ public class Descriptor implements IDescriptor {
 
     /**
      * Constructs a descriptor.
-     *
+     * 
      * @param syntax syntax
      * @param constraint constraint
      * @param defValue default value
@@ -50,16 +49,16 @@ public class Descriptor implements IDescriptor {
 
     /**
      * Returns the syntax of the property.
-     *
+     * 
      * @return syntax
      */
     public String getSyntax() {
         return mSyntax;
     }
- 
+
     /**
      * Returns the default value of the property.
-     *
+     * 
      * @return default value
      */
     public String getDefaultValue() {
@@ -69,14 +68,14 @@ public class Descriptor implements IDescriptor {
     /**
      * Constraint for the given syntax. For example,
      * <p>
-     *   - number(1-5): 1-5 is the constraint, and it indicates
-     *     that the number must be in the range of 1 to 5.
+     * - number(1-5): 1-5 is the constraint, and it indicates that the number
+     * must be in the range of 1 to 5.
      * <p>
-     *   - choice(cert,crl): cert,crl is the constraint
-     *     for choice
+     * - choice(cert,crl): cert,crl is the constraint for choice
      * <p>
      * If null, no constraint shall be enforced.
      * <p>
+     * 
      * @return constraint
      */
     public String getConstraint() {
@@ -85,6 +84,7 @@ public class Descriptor implements IDescriptor {
 
     /**
      * Retrieves the description of the property.
+     * 
      * @param locale user locale
      * @return description
      */
diff --git a/pki/base/common/src/com/netscape/certsrv/property/EPropertyException.java b/pki/base/common/src/com/netscape/certsrv/property/EPropertyException.java
index a5847cb2..23f59a25 100644
--- a/pki/base/common/src/com/netscape/certsrv/property/EPropertyException.java
+++ b/pki/base/common/src/com/netscape/certsrv/property/EPropertyException.java
@@ -17,12 +17,11 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.property;
 
-
 import com.netscape.certsrv.base.EBaseException;
 
 /**
  * This is the base exception for property handling.
- *
+ * 
  * @version $Revision$, $Date$
  */
 public class EPropertyException extends EBaseException {
@@ -34,7 +33,7 @@ public class EPropertyException extends EBaseException {
 
     /**
      * Constructs property exception
-     *
+     * 
      * @param msg exception message
      */
     public EPropertyException(String msg) {
diff --git a/pki/base/common/src/com/netscape/certsrv/property/IConfigTemplate.java b/pki/base/common/src/com/netscape/certsrv/property/IConfigTemplate.java
index e40c98fa..5a972073 100644
--- a/pki/base/common/src/com/netscape/certsrv/property/IConfigTemplate.java
+++ b/pki/base/common/src/com/netscape/certsrv/property/IConfigTemplate.java
@@ -17,21 +17,17 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.property;
 
-
 import java.util.Enumeration;
 import java.util.Locale;
 
-
 /**
- * This interface provides a standard way to describe
- * a set of configuration parameters and its associated syntax.
- * It provides programmatic methods for querying 
- * template description.
+ * This interface provides a standard way to describe a set of configuration
+ * parameters and its associated syntax. It provides programmatic methods for
+ * querying template description.
  * <p>
- * A plugin, for example, can be described as a
- * property template. 
+ * A plugin, for example, can be described as a property template.
  * <p>
- *
+ * 
  * @version $Revision$, $Date$
  */
 public interface IConfigTemplate {
@@ -45,7 +41,7 @@ public interface IConfigTemplate {
 
     /**
      * Returns the descriptors of configuration parameter.
-     *
+     * 
      * @param locale user locale
      * @param name configuration parameter name
      * @return descriptor
@@ -54,17 +50,17 @@ public interface IConfigTemplate {
 
     /**
      * Sets configuration parameter.
-     *
+     * 
      * @param name parameter name
      * @param value parameter value
      * @exception EPropertyException failed to set parameter
      */
     public void setConfig(String name, String value)
-        throws EPropertyException;
+            throws EPropertyException;
 
     /**
      * Retrieves configuration parameter by name.
-     *
+     * 
      * @return parameter
      */
     public String getConfig(String name);
diff --git a/pki/base/common/src/com/netscape/certsrv/property/IDescriptor.java b/pki/base/common/src/com/netscape/certsrv/property/IDescriptor.java
index 271c1808..d70156f7 100644
--- a/pki/base/common/src/com/netscape/certsrv/property/IDescriptor.java
+++ b/pki/base/common/src/com/netscape/certsrv/property/IDescriptor.java
@@ -17,13 +17,11 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.property;
 
-
 import java.util.Locale;
 
-
 /**
  * This interface represents a property descriptor.
- *
+ * 
  * @version $Revision$, $Date$
  */
 public interface IDescriptor {
@@ -54,26 +52,24 @@ public interface IDescriptor {
 
     /**
      * Returns the syntax of the property.
-     *
+     * 
      * @return syntax
      */
     public String getSyntax();
 
     /**
-     * Constraint for the given syntax. For example,
-     *   - number(1-5): 1-5 is the constraint, and it indicates
-     *     that the number must be in the range of 1 to 5.
-     *   - choice(cert,crl): cert,crl is the constraint
-     *     for choice
-     * If null, no constraint shall be enforced.
-     *
+     * Constraint for the given syntax. For example, - number(1-5): 1-5 is the
+     * constraint, and it indicates that the number must be in the range of 1 to
+     * 5. - choice(cert,crl): cert,crl is the constraint for choice If null, no
+     * constraint shall be enforced.
+     * 
      * @return constraint
      */
     public String getConstraint();
 
     /**
      * Retrieves the description of the property.
-     *
+     * 
      * @param locale user locale
      * @return localized description
      */
@@ -81,7 +77,7 @@ public interface IDescriptor {
 
     /**
      * Retrieves the default value of the property.
-     *
+     * 
      * @return default value
      */
     public String getDefaultValue();
diff --git a/pki/base/common/src/com/netscape/certsrv/property/PropertySet.java b/pki/base/common/src/com/netscape/certsrv/property/PropertySet.java
index f308a3e7..dc839deb 100644
--- a/pki/base/common/src/com/netscape/certsrv/property/PropertySet.java
+++ b/pki/base/common/src/com/netscape/certsrv/property/PropertySet.java
@@ -20,40 +20,33 @@ package com.netscape.certsrv.property;
 import java.util.Enumeration;
 import java.util.Hashtable;
 
-
 /**
  * A set of properties.
  */
 public class PropertySet {
 
-  private Hashtable<String, IDescriptor> mProperties = new Hashtable<String, IDescriptor>();
+    private Hashtable<String, IDescriptor> mProperties = new Hashtable<String, IDescriptor>();
 
-  public PropertySet()
-  {
-  }
+    public PropertySet() {
+    }
 
-  public void add(String name, IDescriptor desc)
-  {
-     mProperties.put(name, desc);
-  }
+    public void add(String name, IDescriptor desc) {
+        mProperties.put(name, desc);
+    }
 
-  public Enumeration<String> getNames()
-  {
-    return mProperties.keys();
-  }
+    public Enumeration<String> getNames() {
+        return mProperties.keys();
+    }
 
-  public IDescriptor getDescriptor(String name)
-  {
-    return (IDescriptor)mProperties.get(name);
-  }
+    public IDescriptor getDescriptor(String name) {
+        return (IDescriptor) mProperties.get(name);
+    }
 
-  public void remove(String name)
-  {
-    mProperties.remove(name);
-  }
+    public void remove(String name) {
+        mProperties.remove(name);
+    }
 
-  public int size()
-  {
-    return mProperties.size();
-  }
+    public int size() {
+        return mProperties.size();
+    }
 }
diff --git a/pki/base/common/src/com/netscape/certsrv/publish/ECompSyntaxErr.java b/pki/base/common/src/com/netscape/certsrv/publish/ECompSyntaxErr.java
index 147bdd20..76b67cdc 100644
--- a/pki/base/common/src/com/netscape/certsrv/publish/ECompSyntaxErr.java
+++ b/pki/base/common/src/com/netscape/certsrv/publish/ECompSyntaxErr.java
@@ -17,16 +17,14 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.publish;
 
-
 import com.netscape.certsrv.ldap.ELdapException;
 
-
 /**
- *  This type of exception is thrown in cases where an parsing
- *  error is found while evaluating a PKI component.  An example
- * would be in trying to evaluate a PKI authentication message and
- * the parsing operation fails due to a missing token.
- *  
+ * This type of exception is thrown in cases where an parsing error is found
+ * while evaluating a PKI component. An example would be in trying to evaluate a
+ * PKI authentication message and the parsing operation fails due to a missing
+ * token.
+ * 
  * @version $Revision$ $Date$
  */
 public class ECompSyntaxErr extends ELdapException {
@@ -37,8 +35,9 @@ public class ECompSyntaxErr extends ELdapException {
     private static final long serialVersionUID = -2224290038321971845L;
 
     /**
-     *   Construct a ECompSyntaxErr
-     *   @param errorString The descriptive error condition.
+     * Construct a ECompSyntaxErr
+     * 
+     * @param errorString The descriptive error condition.
      */
 
     public ECompSyntaxErr(String errorString) {
diff --git a/pki/base/common/src/com/netscape/certsrv/publish/EMapperNotFound.java b/pki/base/common/src/com/netscape/certsrv/publish/EMapperNotFound.java
index 8c482a4e..fdf4a1b9 100644
--- a/pki/base/common/src/com/netscape/certsrv/publish/EMapperNotFound.java
+++ b/pki/base/common/src/com/netscape/certsrv/publish/EMapperNotFound.java
@@ -17,13 +17,11 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.publish;
 
-
 import com.netscape.certsrv.ldap.ELdapException;
 
-
 /**
- * Exception for Publish  Mapper not found.
- *
+ * Exception for Publish Mapper not found.
+ * 
  * @version $Revision$ $Date$
  */
 public class EMapperNotFound extends ELdapException {
@@ -35,6 +33,7 @@ public class EMapperNotFound extends ELdapException {
 
     /**
      * Constructs a exception for a missing required mapper
+     * 
      * @param errorString Detailed error message.
      */
     public EMapperNotFound(String errorString) {
diff --git a/pki/base/common/src/com/netscape/certsrv/publish/EMapperPluginNotFound.java b/pki/base/common/src/com/netscape/certsrv/publish/EMapperPluginNotFound.java
index d487488b..f8f18c5f 100644
--- a/pki/base/common/src/com/netscape/certsrv/publish/EMapperPluginNotFound.java
+++ b/pki/base/common/src/com/netscape/certsrv/publish/EMapperPluginNotFound.java
@@ -17,13 +17,11 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.publish;
 
-
 import com.netscape.certsrv.ldap.ELdapException;
 
-
 /**
  * Exception for Mapper Plugin not found.
- *
+ * 
  * @version $Revision$ $Date$
  */
 public class EMapperPluginNotFound extends ELdapException {
@@ -35,10 +33,10 @@ public class EMapperPluginNotFound extends ELdapException {
 
     /**
      * Constructs a exception for a missing mapper plugin
+     * 
      * @param errorString Detailed error message.
      */
     public EMapperPluginNotFound(String errorString) {
         super(errorString);
     }
 }
-
diff --git a/pki/base/common/src/com/netscape/certsrv/publish/EPublisherNotFound.java b/pki/base/common/src/com/netscape/certsrv/publish/EPublisherNotFound.java
index 12054dd1..176001e9 100644
--- a/pki/base/common/src/com/netscape/certsrv/publish/EPublisherNotFound.java
+++ b/pki/base/common/src/com/netscape/certsrv/publish/EPublisherNotFound.java
@@ -17,13 +17,11 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.publish;
 
-
 import com.netscape.certsrv.ldap.ELdapException;
 
-
 /**
  * Exception for Publisher not found. Required for successful publishing.
- *
+ * 
  * @version $Revision$ $Date$
  */
 public class EPublisherNotFound extends ELdapException {
@@ -35,6 +33,7 @@ public class EPublisherNotFound extends ELdapException {
 
     /**
      * Constructs a exception for a missing required publisher.
+     * 
      * @param errorString Detailed error message.
      */
     public EPublisherNotFound(String errorString) {
diff --git a/pki/base/common/src/com/netscape/certsrv/publish/EPublisherPluginNotFound.java b/pki/base/common/src/com/netscape/certsrv/publish/EPublisherPluginNotFound.java
index 0a7fa1ca..ad47d0c7 100644
--- a/pki/base/common/src/com/netscape/certsrv/publish/EPublisherPluginNotFound.java
+++ b/pki/base/common/src/com/netscape/certsrv/publish/EPublisherPluginNotFound.java
@@ -17,13 +17,12 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.publish;
 
-
 import com.netscape.certsrv.ldap.ELdapException;
 
-
 /**
- * Exception for Publisher Plugin not found.  Plugin implementation is required to actually publish.
- *
+ * Exception for Publisher Plugin not found. Plugin implementation is required
+ * to actually publish.
+ * 
  * @version $Revision$ $Date$
  */
 public class EPublisherPluginNotFound extends ELdapException {
@@ -35,10 +34,10 @@ public class EPublisherPluginNotFound extends ELdapException {
 
     /**
      * Constructs a exception for a missing publisher plugin.
+     * 
      * @param errorString Detailed error message.
      */
     public EPublisherPluginNotFound(String errorString) {
         super(errorString);
     }
 }
-
diff --git a/pki/base/common/src/com/netscape/certsrv/publish/ERuleNotFound.java b/pki/base/common/src/com/netscape/certsrv/publish/ERuleNotFound.java
index 2094967d..dba161dd 100644
--- a/pki/base/common/src/com/netscape/certsrv/publish/ERuleNotFound.java
+++ b/pki/base/common/src/com/netscape/certsrv/publish/ERuleNotFound.java
@@ -17,13 +17,11 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.publish;
 
-
 import com.netscape.certsrv.ldap.ELdapException;
 
-
 /**
  * Exception for Ldap Publishing Rule not found.
- *
+ * 
  * @version $Revision$ $Date$
  */
 public class ERuleNotFound extends ELdapException {
@@ -34,7 +32,9 @@ public class ERuleNotFound extends ELdapException {
     private static final long serialVersionUID = 8442034769483263745L;
 
     /**
-     * Constructs a exception for a missing required rule, which links a publisher and mapper.
+     * Constructs a exception for a missing required rule, which links a
+     * publisher and mapper.
+     * 
      * @param errorString Detailed error message.
      */
     public ERuleNotFound(String errorString) {
diff --git a/pki/base/common/src/com/netscape/certsrv/publish/ERulePluginNotFound.java b/pki/base/common/src/com/netscape/certsrv/publish/ERulePluginNotFound.java
index 24ffa11a..bfb41e14 100644
--- a/pki/base/common/src/com/netscape/certsrv/publish/ERulePluginNotFound.java
+++ b/pki/base/common/src/com/netscape/certsrv/publish/ERulePluginNotFound.java
@@ -17,13 +17,12 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.publish;
 
-
 import com.netscape.certsrv.ldap.ELdapException;
 
-
 /**
- * Exception for Publisher Rule plugin not found.  Plugin required to implement Ldap Rule.
- *
+ * Exception for Publisher Rule plugin not found. Plugin required to implement
+ * Ldap Rule.
+ * 
  * @version $Revision$ $Date$
  */
 public class ERulePluginNotFound extends ELdapException {
@@ -35,10 +34,10 @@ public class ERulePluginNotFound extends ELdapException {
 
     /**
      * Constructs a exception for a missing rule plugin.
+     * 
      * @param errorString Detailed error message.
      */
     public ERulePluginNotFound(String errorString) {
         super(errorString);
     }
 }
-
diff --git a/pki/base/common/src/com/netscape/certsrv/publish/ICRLPublisher.java b/pki/base/common/src/com/netscape/certsrv/publish/ICRLPublisher.java
index cae75d2f..e426d931 100644
--- a/pki/base/common/src/com/netscape/certsrv/publish/ICRLPublisher.java
+++ b/pki/base/common/src/com/netscape/certsrv/publish/ICRLPublisher.java
@@ -17,50 +17,43 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.publish;
 
-
 import netscape.security.x509.X509CRLImpl;
 
 import com.netscape.certsrv.base.EBaseException;
 import com.netscape.certsrv.base.IConfigStore;
 import com.netscape.certsrv.base.ISubsystem;
 
-
 /**
- * This interface represents a CRL publisher that is
- * invoked when CRL publishing is requested by CMS.
- * Note that CMS, by default, shipped with a LDAP-based 
- * CRL publisher that can be configured via 
- * Certificiate Manager/LDAP Publishing panel. This
- * interface provides administrator additional capability 
- * of publishing CRL to different destinations.
- *
- * The CRL publishing frequency is configured via
- * Netscape Certificate Server Console's 
- * Certificate Manager/Revocation List panel.
- * The CRL publishing may occur either everytime a 
- * certificate is revoked or at a pre-defined interval.
+ * This interface represents a CRL publisher that is invoked when CRL publishing
+ * is requested by CMS. Note that CMS, by default, shipped with a LDAP-based CRL
+ * publisher that can be configured via Certificiate Manager/LDAP Publishing
+ * panel. This interface provides administrator additional capability of
+ * publishing CRL to different destinations.
  * 
- * To try out this new CRL publisher mechanism, do
- * the following:
- * (1) Write a sample CRL publisher class that implements
- *     ICRLPublisher interface. For example,
+ * The CRL publishing frequency is configured via Netscape Certificate Server
+ * Console's Certificate Manager/Revocation List panel. The CRL publishing may
+ * occur either everytime a certificate is revoked or at a pre-defined interval.
+ * 
+ * To try out this new CRL publisher mechanism, do the following: (1) Write a
+ * sample CRL publisher class that implements ICRLPublisher interface. For
+ * example,
  * 
  * <code>
  * public class CRLPublisher implements ICRLPublisher
  * {
  * 	public void init(ISubsystem owner, IConfigStore config) 
- *		throws EBaseException
+ * 		throws EBaseException
  * 	{
- *		log(ILogger.LL_DEBUG, "CRLPublisher: Initialized");
+ * 		log(ILogger.LL_DEBUG, "CRLPublisher: Initialized");
  * 	}
- *
- *	public void publish(String issuingPointId, X509CRLImpl crl) 
+ * 
+ * 	public void publish(String issuingPointId, X509CRLImpl crl) 
  * 		throws EBaseException 
  *      {
  * 		log(ILogger.LL_DEBUG, "CRLPublisher: " + issuingPointId + 
  *                " crl=" + crl);
  * 	}
- *
+ * 
  *      public void log(int level, String msg)
  *      {
  *              Logger.getLogger().log(ILogger.EV_SYSTEM, 
@@ -69,14 +62,12 @@ import com.netscape.certsrv.base.ISubsystem;
  *      }
  * }
  * </code>
- *
- * (2) Compile the class and place the class into 
- *     <server-root>\bin\cert\classes directory. 
- * (3) Add the following parameter to CMS.cfg
- *       ca.crlPublisher.class=<implementation class>
- *     For example,
- *       ca.crlPublisher.class=myCRLPublisher
- *
+ * 
+ * (2) Compile the class and place the class into <server-root>\bin\cert\classes
+ * directory. (3) Add the following parameter to CMS.cfg
+ * ca.crlPublisher.class=<implementation class> For example,
+ * ca.crlPublisher.class=myCRLPublisher
+ * 
  * @version $Revision$, $Date$
  */
 public interface ICRLPublisher {
@@ -84,26 +75,25 @@ public interface ICRLPublisher {
     /**
      * Initializes this CRL publisher.
      * 
-     * @param owner parent of the publisher. An object of type 
-     *        CertificateAuthority.
-     * @param config config store for this publisher. If this
-     *        publisher requires configuration parameters for
-     *        initialization, the parameters should be placed
-     *        in CMS.cfg as ca.crlPublisher.<paramType>=<paramValue>
+     * @param owner parent of the publisher. An object of type
+     *            CertificateAuthority.
+     * @param config config store for this publisher. If this publisher requires
+     *            configuration parameters for initialization, the parameters
+     *            should be placed in CMS.cfg as
+     *            ca.crlPublisher.<paramType>=<paramValue>
      * @exception EBaseException failed to initialize this publisher
      */
-    public void init(ISubsystem owner, IConfigStore config) 
-        throws EBaseException;
+    public void init(ISubsystem owner, IConfigStore config)
+            throws EBaseException;
 
     /**
-     * Publishes CRL. This method is invoked by CMS based
-     * on the configured CRL publishing frequency.
-     *
-     * @param issuingPointId CRL issuing point identifier 
-     *          (i.e. MasterCRL)
+     * Publishes CRL. This method is invoked by CMS based on the configured CRL
+     * publishing frequency.
+     * 
+     * @param issuingPointId CRL issuing point identifier (i.e. MasterCRL)
      * @param crl CRL that is publishing
      * @exception EBaseException failed to publish
      */
-    public void publish(String issuingPointId, X509CRLImpl crl) 
-        throws EBaseException;
-} 
+    public void publish(String issuingPointId, X509CRLImpl crl)
+            throws EBaseException;
+}
diff --git a/pki/base/common/src/com/netscape/certsrv/publish/ILdapCertMapper.java b/pki/base/common/src/com/netscape/certsrv/publish/ILdapCertMapper.java
index cd4012a4..9ee48098 100644
--- a/pki/base/common/src/com/netscape/certsrv/publish/ILdapCertMapper.java
+++ b/pki/base/common/src/com/netscape/certsrv/publish/ILdapCertMapper.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.publish;
 
-
 import java.security.cert.X509Certificate;
 import java.util.Vector;
 
@@ -25,10 +24,9 @@ import netscape.ldap.LDAPConnection;
 
 import com.netscape.certsrv.ldap.ELdapException;
 
-
-/** 
- * Interface for mapping a X509 certificate to a LDAP entry. 
- *
+/**
+ * Interface for mapping a X509 certificate to a LDAP entry.
+ * 
  * @version $Revision$ $Date$
  */
 public interface ILdapCertMapper extends ILdapPlugin {
@@ -54,18 +52,18 @@ public interface ILdapCertMapper extends ILdapPlugin {
     public Vector getInstanceParams();
 
     /**
-     * maps a certificate to a LDAP entry.
-     * returns dn of the mapped LDAP entry.
+     * maps a certificate to a LDAP entry. returns dn of the mapped LDAP entry.
+     * 
      * @param conn the LDAP connection
      * @param cert the certificate to map
      * @param checkForCert whether to check for the presence of the cert
-     * @exception ELdapException  Failed to map.
-     * @return LdapCertMapResult indicates whether a mapping was successful
-     * and whether a certificate was found if checkForCert was true.
-     * If checkForCert was not set the hasCert method in LdapCertMapResult
-     * should be ignored.
+     * @exception ELdapException Failed to map.
+     * @return LdapCertMapResult indicates whether a mapping was successful and
+     *         whether a certificate was found if checkForCert was true. If
+     *         checkForCert was not set the hasCert method in LdapCertMapResult
+     *         should be ignored.
      */
-    public LdapCertMapResult map(LDAPConnection conn, 
-        X509Certificate cert, boolean checkForCert)
-        throws ELdapException;
+    public LdapCertMapResult map(LDAPConnection conn,
+            X509Certificate cert, boolean checkForCert)
+            throws ELdapException;
 }
diff --git a/pki/base/common/src/com/netscape/certsrv/publish/ILdapCrlMapper.java b/pki/base/common/src/com/netscape/certsrv/publish/ILdapCrlMapper.java
index a15ea0ab..51e86743 100644
--- a/pki/base/common/src/com/netscape/certsrv/publish/ILdapCrlMapper.java
+++ b/pki/base/common/src/com/netscape/certsrv/publish/ILdapCrlMapper.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.publish;
 
-
 import netscape.ldap.LDAPConnection;
 import netscape.security.x509.X509CRLImpl;
 
@@ -25,36 +24,36 @@ import com.netscape.certsrv.base.EBaseException;
 import com.netscape.certsrv.base.IConfigStore;
 import com.netscape.certsrv.ldap.ELdapException;
 
-
-/** 
- * Interface for mapping a CRL to a LDAP entry. 
- *
+/**
+ * Interface for mapping a CRL to a LDAP entry.
+ * 
  * @version $Revision$ $Date$
  */
 public interface ILdapCrlMapper {
 
     /**
-     * maps a crl to a LDAP entry.
-     * returns dn of the mapped LDAP entry.
+     * maps a crl to a LDAP entry. returns dn of the mapped LDAP entry.
+     * 
      * @param conn the LDAP connection
      * @param crl the CRL to map
      * @param checkForCrl whether to check for the presence of the CRL
-     * @exception ELdapException  Failed to map CRL to entry.
-     * @return LdapCertMapResult indicates whether a mapping was successful
-     * and whether a certificate was found if checkForCert was true.
-     * If checkForCert was not set the hasCert method in LdapCertMapResult
-     * should be ignored.
+     * @exception ELdapException Failed to map CRL to entry.
+     * @return LdapCertMapResult indicates whether a mapping was successful and
+     *         whether a certificate was found if checkForCert was true. If
+     *         checkForCert was not set the hasCert method in LdapCertMapResult
+     *         should be ignored.
      */
-    public LdapCertMapResult 
-    map(LDAPConnection conn, X509CRLImpl crl, boolean checkForCrl)
-        throws ELdapException;
+    public LdapCertMapResult
+            map(LDAPConnection conn, X509CRLImpl crl, boolean checkForCrl)
+                    throws ELdapException;
 
     /**
      * initialize from config store.
+     * 
      * @param config the configuration store to initialize from.
      * @exception ELdapException Initialization failed due to Ldap error.
      * @exception EBaseException Initialization failed.
      */
     public void init(IConfigStore config)
-        throws ELdapException, EBaseException;
+            throws ELdapException, EBaseException;
 }
diff --git a/pki/base/common/src/com/netscape/certsrv/publish/ILdapExpression.java b/pki/base/common/src/com/netscape/certsrv/publish/ILdapExpression.java
index 26360fe8..4537636c 100644
--- a/pki/base/common/src/com/netscape/certsrv/publish/ILdapExpression.java
+++ b/pki/base/common/src/com/netscape/certsrv/publish/ILdapExpression.java
@@ -17,15 +17,13 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.publish;
 
-
 import com.netscape.certsrv.base.SessionContext;
 import com.netscape.certsrv.ldap.ELdapException;
 import com.netscape.certsrv.request.IRequest;
 
-
 /**
  * Interface for a Ldap predicate expression.
- *
+ * 
  * @version $Revision$, $Date$
  */
 public interface ILdapExpression {
@@ -44,28 +42,28 @@ public interface ILdapExpression {
 
     /**
      * Evaluate the Expression.
-     *
-     * @param   sc       The SessionContext on which we are applying the condition.
-     * @return          The return value.
-     * @exception          ELdapExeption  Failed to evaluate expression.
+     * 
+     * @param sc The SessionContext on which we are applying the condition.
+     * @return The return value.
+     * @exception ELdapExeption Failed to evaluate expression.
      */
     boolean evaluate(SessionContext sc)
-        throws ELdapException;
+            throws ELdapException;
 
     /**
      * Evaluate the Expression.
-     *
-     * @param    req	The PKIRequest on which we are applying the condition.
-     * @return 		The return value.
-     * @exception          ELdapExeption  Failed to evaluate expression.
+     * 
+     * @param req The PKIRequest on which we are applying the condition.
+     * @return The return value.
+     * @exception ELdapExeption Failed to evaluate expression.
      */
     boolean evaluate(IRequest req)
-        throws ELdapException;
+            throws ELdapException;
 
     /**
      * Convert to a string.
+     * 
      * @return String representation of expression.
      */
     public String toString();
 }
-
diff --git a/pki/base/common/src/com/netscape/certsrv/publish/ILdapMapper.java b/pki/base/common/src/com/netscape/certsrv/publish/ILdapMapper.java
index c4afd039..edd0ae87 100644
--- a/pki/base/common/src/com/netscape/certsrv/publish/ILdapMapper.java
+++ b/pki/base/common/src/com/netscape/certsrv/publish/ILdapMapper.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.publish;
 
-
 import java.util.Vector;
 
 import netscape.ldap.LDAPConnection;
@@ -25,10 +24,9 @@ import netscape.ldap.LDAPConnection;
 import com.netscape.certsrv.ldap.ELdapException;
 import com.netscape.certsrv.request.IRequest;
 
-
-/** 
- * Interface for mapping a X509 certificate to a LDAP entry. 
- *
+/**
+ * Interface for mapping a X509 certificate to a LDAP entry.
+ * 
  * @version $Revision$ $Date$
  */
 public interface ILdapMapper extends ILdapPlugin {
@@ -54,28 +52,27 @@ public interface ILdapMapper extends ILdapPlugin {
     public Vector<String> getInstanceParams();
 
     /**
-     * maps a certificate to a LDAP entry.
-     * returns dn of the mapped LDAP entry.
+     * maps a certificate to a LDAP entry. returns dn of the mapped LDAP entry.
+     * 
      * @param conn the LDAP connection
      * @param obj the object to map
      * @return dn indicates whether a mapping was successful
      * @exception ELdapException Map operation failed.
      */
-    public String 
-    map(LDAPConnection conn, Object obj)
-        throws ELdapException;
+    public String
+            map(LDAPConnection conn, Object obj)
+                    throws ELdapException;
 
     /**
-     * maps a certificate to a LDAP entry.
-     * returns dn of the mapped LDAP entry.
+     * maps a certificate to a LDAP entry. returns dn of the mapped LDAP entry.
+     * 
      * @param conn the LDAP connection
-     * @param r    the request to map
-     * @param obj  the object to map
+     * @param r the request to map
+     * @param obj the object to map
      * @return dn indicates whether a mapping was successful
      * @exception ELdapException Map operation failed.
      */
-    public String 
-    map(LDAPConnection conn, IRequest r, Object obj)
-        throws ELdapException;
+    public String
+            map(LDAPConnection conn, IRequest r, Object obj)
+                    throws ELdapException;
 }
-
diff --git a/pki/base/common/src/com/netscape/certsrv/publish/ILdapPlugin.java b/pki/base/common/src/com/netscape/certsrv/publish/ILdapPlugin.java
index b73b5ae2..b0a9fe73 100644
--- a/pki/base/common/src/com/netscape/certsrv/publish/ILdapPlugin.java
+++ b/pki/base/common/src/com/netscape/certsrv/publish/ILdapPlugin.java
@@ -17,27 +17,26 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.publish;
 
-
 import com.netscape.certsrv.base.EBaseException;
 import com.netscape.certsrv.base.IConfigStore;
 import com.netscape.certsrv.ldap.ELdapException;
 
-
-/** 
+/**
  * Interface for any Ldap plugin.
- *
+ * 
  * @version $Revision$ $Date$
  */
 public interface ILdapPlugin {
 
     /**
      * Initialize from config store.
+     * 
      * @param config the configuration store to initialize from.
      * @exception ELdapException initialization failed due to Ldap error.
      * @exception EBaseException initialization failed.
      */
     public void init(IConfigStore config)
-        throws EBaseException, ELdapException;
+            throws EBaseException, ELdapException;
 
     /**
      * Return config store.
diff --git a/pki/base/common/src/com/netscape/certsrv/publish/ILdapPluginImpl.java b/pki/base/common/src/com/netscape/certsrv/publish/ILdapPluginImpl.java
index e84b62fc..db52a910 100644
--- a/pki/base/common/src/com/netscape/certsrv/publish/ILdapPluginImpl.java
+++ b/pki/base/common/src/com/netscape/certsrv/publish/ILdapPluginImpl.java
@@ -17,37 +17,37 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.publish;
 
-
 import com.netscape.certsrv.base.EBaseException;
 import com.netscape.certsrv.base.IConfigStore;
 import com.netscape.certsrv.base.IPluginImpl;
 import com.netscape.certsrv.base.ISubsystem;
 import com.netscape.certsrv.ldap.ELdapException;
 
-
-/** 
+/**
  * Interface for any ldap plugin. Plugin implementation is defined here.
- *
+ * 
  * @version $Revision$ $Date$
  */
 public interface ILdapPluginImpl extends IPluginImpl {
 
     /**
      * initialize from config store.
+     * 
      * @param config the configuration store to initialize from.
      * @exception ELdapException initializtion failed due to Ldap error.
      * @exception EBaseException initialization failed.
      */
     public void init(ISubsystem sys, IConfigStore config)
-        throws EBaseException, ELdapException;
+            throws EBaseException, ELdapException;
 
     /**
      * initialize from config store and Isubsystem.
+     * 
      * @param config the configuration store to initialize from.
      * @exception ELdapException initializtion failed due to Ldap error.
      * @exception EBaseException initialization failed.
      */
     public void init(IConfigStore config)
-        throws EBaseException, ELdapException;
+            throws EBaseException, ELdapException;
 
 }
diff --git a/pki/base/common/src/com/netscape/certsrv/publish/ILdapPublishModule.java b/pki/base/common/src/com/netscape/certsrv/publish/ILdapPublishModule.java
index 001d472b..f31b3c60 100644
--- a/pki/base/common/src/com/netscape/certsrv/publish/ILdapPublishModule.java
+++ b/pki/base/common/src/com/netscape/certsrv/publish/ILdapPublishModule.java
@@ -17,14 +17,12 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.publish;
 
-
 import com.netscape.certsrv.request.IRequest;
 import com.netscape.certsrv.request.IRequestListener;
 
-
-/**  
- * Handles requests to  perform Ldap publishing.
- *
+/**
+ * Handles requests to perform Ldap publishing.
+ * 
  * @version $Revision$ $Date$
  */
 public interface ILdapPublishModule extends IRequestListener {
@@ -32,14 +30,14 @@ public interface ILdapPublishModule extends IRequestListener {
     /**
      * initialize ldap publishing module with config store
      */
-    //	public void init(ICertAuthority owner, IConfigStore config) 
-    //		throws EBaseException, ELdapException;
+    // public void init(ICertAuthority owner, IConfigStore config)
+    // throws EBaseException, ELdapException;
 
     /**
-     * Accepts completed requests from an authority and 
-     * performs ldap publishing.
-     * @param request The publishing request. 
+     * Accepts completed requests from an authority and performs ldap
+     * publishing.
+     * 
+     * @param request The publishing request.
      */
     public void accept(IRequest request);
 }
-
diff --git a/pki/base/common/src/com/netscape/certsrv/publish/ILdapPublisher.java b/pki/base/common/src/com/netscape/certsrv/publish/ILdapPublisher.java
index 5a1197dc..5d6b8ca9 100644
--- a/pki/base/common/src/com/netscape/certsrv/publish/ILdapPublisher.java
+++ b/pki/base/common/src/com/netscape/certsrv/publish/ILdapPublisher.java
@@ -17,17 +17,15 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.publish;
 
-
 import java.util.Vector;
 
 import netscape.ldap.LDAPConnection;
 
 import com.netscape.certsrv.ldap.ELdapException;
 
-
-/** 
- * Interface for publishing certificate or crl to database store. 
- *
+/**
+ * Interface for publishing certificate or crl to database store.
+ * 
  * @version $Revision$ $Date$
  */
 public interface ILdapPublisher extends ILdapPlugin {
@@ -58,30 +56,25 @@ public interface ILdapPublisher extends ILdapPlugin {
     /**
      * Publish an object.
      * 
-     * @param conn a Ldap connection 
-     *        (null for non-LDAP publishing)
-     * @param dn dn of the ldap entry to publish cert
-     *        (null for non-LDAP publishing)
-     * @param object object to publish
-     *        (java.security.cert.X509Certificate or,
-     *         java.security.cert.X509CRL)
+     * @param conn a Ldap connection (null for non-LDAP publishing)
+     * @param dn dn of the ldap entry to publish cert (null for non-LDAP
+     *            publishing)
+     * @param object object to publish (java.security.cert.X509Certificate or,
+     *            java.security.cert.X509CRL)
      * @exception ELdapException publish failed.
      */
     public void publish(LDAPConnection conn, String dn, Object object)
-        throws ELdapException;
+            throws ELdapException;
 
     /**
      * Unpublish an object.
-     *
-     * @param conn the Ldap connection
-     *        (null for non-LDAP publishing)
-     * @param dn dn of the ldap entry to unpublish cert
-     *        (null for non-LDAP publishing)
-     * @param object object to unpublish 
-     *        (java.security.cert.X509Certificate)
+     * 
+     * @param conn the Ldap connection (null for non-LDAP publishing)
+     * @param dn dn of the ldap entry to unpublish cert (null for non-LDAP
+     *            publishing)
+     * @param object object to unpublish (java.security.cert.X509Certificate)
      * @exception ELdapException unpublish failed.
      */
     public void unpublish(LDAPConnection conn, String dn, Object object)
-        throws ELdapException;
+            throws ELdapException;
 }
-
diff --git a/pki/base/common/src/com/netscape/certsrv/publish/ILdapRule.java b/pki/base/common/src/com/netscape/certsrv/publish/ILdapRule.java
index 4c5699b1..7bf19b07 100644
--- a/pki/base/common/src/com/netscape/certsrv/publish/ILdapRule.java
+++ b/pki/base/common/src/com/netscape/certsrv/publish/ILdapRule.java
@@ -17,16 +17,14 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.publish;
 
-
 import java.util.Vector;
 
 import com.netscape.certsrv.base.EBaseException;
 import com.netscape.certsrv.base.IConfigStore;
 
-
-/** 
+/**
  * Interface for publishing rule which associates a Publisher with a Mapper.
- *
+ * 
  * @version $Revision$ $Date$
  */
 public interface ILdapRule extends ILdapPlugin {
@@ -36,10 +34,11 @@ public interface ILdapRule extends ILdapPlugin {
 
     /**
      * Initialize the plugin.
+     * 
      * @exception EBaseException Initialization failed.
      */
     public void init(IPublisherProcessor processor, IConfigStore
-        config) throws EBaseException;
+            config) throws EBaseException;
 
     /**
      * Returns the implementation name.
diff --git a/pki/base/common/src/com/netscape/certsrv/publish/IPublishRuleSet.java b/pki/base/common/src/com/netscape/certsrv/publish/IPublishRuleSet.java
index 6ff997a1..e6cd3756 100644
--- a/pki/base/common/src/com/netscape/certsrv/publish/IPublishRuleSet.java
+++ b/pki/base/common/src/com/netscape/certsrv/publish/IPublishRuleSet.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.publish;
 
-
 import java.util.Enumeration;
 
 import netscape.ldap.LDAPConnection;
@@ -28,22 +27,20 @@ import com.netscape.certsrv.base.ISubsystem;
 import com.netscape.certsrv.ldap.ELdapException;
 import com.netscape.certsrv.request.IRequest;
 
-
 /**
  * Represents a set of publishing rules. Publishing rules are ordered from
- * lowest priority to highest priority. The priority assignment for publishing 
- * rules is not enforced by this interface. Various implementation may
- * use different mechanisms such as a linear ordering of publishing rules
- * in a configuration file or explicit assignment of priority levels ..etc.
- * The publishing rule initialization needs to deal with reading the 
- * publishing rules, sorting them in increasing order of priority and 
- * presenting an ordered vector of publishing rules via the IPublishRuleSet 
- * interface.
- * When a request comes, the predicates of the publishing rules will be 
- * checked in the order to find the first matched publishing rule as the 
- * mapping rule to (un)publish the object.
+ * lowest priority to highest priority. The priority assignment for publishing
+ * rules is not enforced by this interface. Various implementation may use
+ * different mechanisms such as a linear ordering of publishing rules in a
+ * configuration file or explicit assignment of priority levels ..etc. The
+ * publishing rule initialization needs to deal with reading the publishing
+ * rules, sorting them in increasing order of priority and presenting an ordered
+ * vector of publishing rules via the IPublishRuleSet interface. When a request
+ * comes, the predicates of the publishing rules will be checked in the order to
+ * find the first matched publishing rule as the mapping rule to (un)publish the
+ * object.
  * <P>
- *
+ * 
  * @version $Revision$, $Date$
  */
 public interface IPublishRuleSet {
@@ -52,7 +49,7 @@ public interface IPublishRuleSet {
     /**
      * Returns the name of the publishing rule set.
      * <P>
-     *
+     * 
      * @return The name of the publishing rule set.
      */
     String getName();
@@ -60,6 +57,7 @@ public interface IPublishRuleSet {
     /**
      * Returns the no of publishing rules in a set.
      * <P>
+     * 
      * @return the no of publishing rules.
      */
     int count();
@@ -67,33 +65,34 @@ public interface IPublishRuleSet {
     /**
      * Add a publishing rule
      * <P>
-     *
-     * @param aliasName  The name of the publishing rule to be added.
-     * @param rule rule  The publishing rule to be added.
+     * 
+     * @param aliasName The name of the publishing rule to be added.
+     * @param rule rule The publishing rule to be added.
      */
     void addRule(String aliasName, ILdapRule rule);
 
     /**
      * Removes a publishing rule identified by the given name.
-     *
-     * @param ruleName  The name of the publishing rule to be removed.
+     * 
+     * @param ruleName The name of the publishing rule to be removed.
      */
     void removeRule(String ruleName);
 
     /**
      * Get the publishing rule identified by a given name.
      * <P>
-     *
-     * @param ruleName  The name of the publishing rule to be return.
-     * @return The publishing rule identified by the given name or null if none exists.
+     * 
+     * @param ruleName The name of the publishing rule to be return.
+     * @return The publishing rule identified by the given name or null if none
+     *         exists.
      */
     ILdapRule getRule(String ruleName);
 
     /**
      * Get the publishing rule identified by a corresponding request.
      * <P>
-     *
-     * @param req  The request from which rule will be identified.
+     * 
+     * @param req The request from which rule will be identified.
      * @return The publishing rule or null if none exists.
      */
     ILdapRule getRule(IRequest req);
@@ -101,24 +100,22 @@ public interface IPublishRuleSet {
     /**
      * Get an enumeration of publishing rules.
      * <P>
-     *
+     * 
      * @return An enumeration of publishing rules.
      */
     Enumeration getRules();
 
     /**
-     * Apply publishing rules on a request. 
-     * The predicates of the publishing rules will be checked in the order 
-     * to find the first matched publishing rule. 
-     * Use the mapper to find the dn of the LDAP entry and use the publisher 
-     * to publish the object in the request.
+     * Apply publishing rules on a request. The predicates of the publishing
+     * rules will be checked in the order to find the first matched publishing
+     * rule. Use the mapper to find the dn of the LDAP entry and use the
+     * publisher to publish the object in the request.
      * <P>
-     *
-     * @param conn    The Ldap connection
-     * @param req   The request to apply policies on.
-     * @exception  ELdapException publish failed due to Ldap error.
+     * 
+     * @param conn The Ldap connection
+     * @param req The request to apply policies on.
+     * @exception ELdapException publish failed due to Ldap error.
      */
     public void publish(LDAPConnection conn, IRequest req)
-        throws ELdapException;
+            throws ELdapException;
 }
-
diff --git a/pki/base/common/src/com/netscape/certsrv/publish/IPublisherProcessor.java b/pki/base/common/src/com/netscape/certsrv/publish/IPublisherProcessor.java
index 1da2f346..bc908296 100644
--- a/pki/base/common/src/com/netscape/certsrv/publish/IPublisherProcessor.java
+++ b/pki/base/common/src/com/netscape/certsrv/publish/IPublisherProcessor.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.publish;
 
-
 import java.math.BigInteger;
 import java.security.cert.X509CRL;
 import java.security.cert.X509Certificate;
@@ -32,11 +31,10 @@ import com.netscape.certsrv.ldap.ELdapException;
 import com.netscape.certsrv.ldap.ILdapConnModule;
 import com.netscape.certsrv.request.IRequest;
 
-
 /**
- *  Controls the publishing process from the top level.  Maintains
- *  a collection of Publishers , Mappers, and Publish Rules.
- *
+ * Controls the publishing process from the top level. Maintains a collection of
+ * Publishers , Mappers, and Publish Rules.
+ * 
  * @version $Revision$ $Date$
  */
 
@@ -64,63 +62,66 @@ public interface IPublisherProcessor extends ISubsystem {
     public static final String PROP_TYPE = "type";
 
     /**
-     *
+     * 
      * Returns Hashtable of rule plugins.
      */
 
     public Hashtable<String, RulePlugin> getRulePlugins();
 
     /**
-     *
-     * Returns Hashtable of rule  instances.
+     * 
+     * Returns Hashtable of rule instances.
      */
 
     public Hashtable<String, ILdapRule> getRuleInsts();
 
     /**
-     *
+     * 
      * Returns Hashtable of mapper plugins.
      */
 
     public Hashtable<String, MapperPlugin> getMapperPlugins();
 
     /**
-     *
+     * 
      * Returns Hashtable of publisher plugins.
      */
     public Hashtable<String, PublisherPlugin> getPublisherPlugins();
 
     /**
-     *
+     * 
      * Returns Hashtable of rule mapper instances.
      */
     public Hashtable<String, MapperProxy> getMapperInsts();
 
     /**
-     *
+     * 
      * Returns Hashtable of rule publisher instances.
      */
     public Hashtable<String, PublisherProxy> getPublisherInsts();
 
     /**
-     *
+     * 
      * Returns list of rules based on publishing type.
+     * 
      * @param publishingType Type for which to retrieve rule list.
      */
 
     public Enumeration<ILdapRule> getRules(String publishingType);
 
     /**
-     *
+     * 
      * Returns list of rules based on publishing type and publishing request.
+     * 
      * @param publishingType Type for which to retrieve rule list.
-     * @param req  Corresponding publish request.
+     * @param req Corresponding publish request.
      */
     public Enumeration<ILdapRule> getRules(String publishingType, IRequest req);
 
     /**
-     *
+     * 
      * Returns mapper initial default parameters.
+     * 
      * @param implName name of MapperPlugin.
      */
 
@@ -128,8 +129,9 @@ public interface IPublisherProcessor extends ISubsystem {
             ELdapException;
 
     /**
-     *
-     * Returns mapper current instance  parameters.
+     * 
+     * Returns mapper current instance parameters.
+     * 
      * @param insName name of MapperProxy.
      * @exception ELdapException failed due to Ldap error.
      */
@@ -138,8 +140,9 @@ public interface IPublisherProcessor extends ISubsystem {
             ELdapException;
 
     /**
-     *
+     * 
      * Returns publisher initial default parameters.
+     * 
      * @param implName name of PublisherPlugin.
      * @exception ELdapException failed due to Ldap error.
      */
@@ -147,8 +150,9 @@ public interface IPublisherProcessor extends ISubsystem {
             ELdapException;
 
     /**
-     *
+     * 
      * Returns true if MapperInstance is enabled.
+     * 
      * @param insName name of MapperProxy.
      * @return true if enabled. false if disabled.
      */
@@ -156,48 +160,54 @@ public interface IPublisherProcessor extends ISubsystem {
     public boolean isMapperInstanceEnable(String insName);
 
     /**
-     *
+     * 
      * Returns ILdapMapper instance that is currently active.
+     * 
      * @param insName name of MapperProxy.
      * @return instance of ILdapMapper.
-     */ 
+     */
     public ILdapMapper getActiveMapperInstance(String insName);
 
     /**
-     *
+     * 
      * Returns ILdapMapper instance based on name of MapperProxy.
+     * 
      * @param insName name of MapperProxy.
      * @return instance of ILdapMapper.
      */
     public ILdapMapper getMapperInstance(String insName);
 
     /**
-     *
+     * 
      * Returns true publisher instance is currently enabled.
+     * 
      * @param insName name of PublisherProxy.
      * @return true if enabled.
      */
     public boolean isPublisherInstanceEnable(String insName);
 
     /**
-     *
+     * 
      * Returns ILdapPublisher instance that is currently active.
+     * 
      * @param insName name of PublisherProxy.
      * @return instance of ILdapPublisher.
      */
     public ILdapPublisher getActivePublisherInstance(String insName);
 
     /**
-     *
+     * 
      * Returns ILdapPublisher instance.
+     * 
      * @param insName name of PublisherProxy.
      * @return instance of ILdapPublisher.
      */
     public ILdapPublisher getPublisherInstance(String insName);
 
     /**
-     *
+     * 
      * Returns Vector of PublisherIntance's current instance parameters.
+     * 
      * @param insName name of PublisherProxy.
      * @return Vector of current instance parameters.
      */
@@ -205,8 +215,9 @@ public interface IPublisherProcessor extends ISubsystem {
             ELdapException;
 
     /**
-     *
+     * 
      * Returns Vector of RulePlugin's initial default parameters.
+     * 
      * @param implName name of RulePlugin.
      * @return Vector of initial default parameters.
      * @exception ELdapException failed due to Ldap error.
@@ -215,8 +226,9 @@ public interface IPublisherProcessor extends ISubsystem {
             ELdapException;
 
     /**
-     *
+     * 
      * Returns Vector of RulePlugin's current instance parameters.
+     * 
      * @param implName name of RulePlugin.
      * @return Vector of current instance parameters.
      * @exception ELdapException failed due to Ldap error.
@@ -225,8 +237,9 @@ public interface IPublisherProcessor extends ISubsystem {
             ELdapException;
 
     /**
-     * Set published flag - true when published, false when unpublished. 
-     * Not exist means not published. 
+     * Set published flag - true when published, false when unpublished. Not
+     * exist means not published.
+     * 
      * @param serialNo serial number of publishable object.
      * @param published true for published, false for not.
      */
@@ -234,102 +247,111 @@ public interface IPublisherProcessor extends ISubsystem {
 
     /**
      * Publish ca cert, UpdateDir.java, jobs, request listeners
+     * 
      * @param cert X509 certificate to be published.
      * @exception ELdapException publish failed due to Ldap error.
      */
     public void publishCACert(X509Certificate cert)
-        throws ELdapException;
+            throws ELdapException;
 
     /**
-     * This function is never called. CMS does not unpublish
-     * CA certificate.
+     * This function is never called. CMS does not unpublish CA certificate.
      */
     public void unpublishCACert(X509Certificate cert)
-        throws ELdapException;
+            throws ELdapException;
 
     /**
-     * Publishs regular user certificate based on the criteria
-     * set in the request.
+     * Publishs regular user certificate based on the criteria set in the
+     * request.
+     * 
      * @param cert X509 certificate to be published.
-     * @param req  request which provides the criteria
+     * @param req request which provides the criteria
      * @exception ELdapException publish failed due to Ldap error.
      */
     public void publishCert(X509Certificate cert, IRequest req)
-        throws ELdapException;
+            throws ELdapException;
 
     /**
-     * Unpublish user certificate. This is used by 
-     * UnpublishExpiredJob.
+     * Unpublish user certificate. This is used by UnpublishExpiredJob.
+     * 
      * @param cert X509 certificate to be unpublished.
-     * @param req  request which provides the criteria
+     * @param req request which provides the criteria
      * @exception ELdapException unpublish failed due to Ldap error.
      */
     public void unpublishCert(X509Certificate cert, IRequest req)
-        throws ELdapException;
+            throws ELdapException;
 
     /**
-     * publishes a crl by mapping the issuer name in the crl to an entry
-     * and publishing it there. entry must be a certificate authority.
-     * Note that this is used by cmsgateway/cert/UpdateDir.java
+     * publishes a crl by mapping the issuer name in the crl to an entry and
+     * publishing it there. entry must be a certificate authority. Note that
+     * this is used by cmsgateway/cert/UpdateDir.java
+     * 
      * @param crl Certificate Revocation List
      * @param crlIssuingPointId name of the issuing point.
-    * @exception ELdapException publish failed due to Ldap error.
+     * @exception ELdapException publish failed due to Ldap error.
      */
-    public void publishCRL(X509CRLImpl crl,String crlIssuingPointId) 
-        throws ELdapException;
+    public void publishCRL(X509CRLImpl crl, String crlIssuingPointId)
+            throws ELdapException;
 
     /**
-     * publishes a crl by mapping the issuer name in the crl to an entry
-     * and publishing it there. entry must be a certificate authority.
-     * @param dn  Distinguished name to publish.
+     * publishes a crl by mapping the issuer name in the crl to an entry and
+     * publishing it there. entry must be a certificate authority.
+     * 
+     * @param dn Distinguished name to publish.
      * @param crl Certificate Revocation List
      * @exception ELdapException publish failed due to Ldap error.
      */
-    public void publishCRL(String dn, X509CRL crl) 
-        throws ELdapException;
+    public void publishCRL(String dn, X509CRL crl)
+            throws ELdapException;
 
     /**
-     *
+     * 
      * Return true if Ldap is enabled.
+     * 
      * @return true if Ldap is enabled,otherwise false.
      */
 
     public boolean ldapEnabled();
 
     /**
-     *
+     * 
      * Return true of PublisherProcessor is enabled.
+     * 
      * @return true if is enabled, otherwise false.
-     *
+     * 
      */
     public boolean enabled();
 
     /**
-     *
-     *  Return Authority for which this Processor operates.
+     * 
+     * Return Authority for which this Processor operates.
+     * 
      * @return Authority.
      */
 
     public ISubsystem getAuthority();
 
     /**
-     *
+     * 
      * Perform logging function for this Processor.
-     * @param level  Log level to be used for this message
-     * @param msg    Message to be logged.
+     * 
+     * @param level Log level to be used for this message
+     * @param msg Message to be logged.
      */
 
     public void log(int level, String msg);
 
     /**
-     *
+     * 
      * Returns LdapConnModule belonging to this Processor.
+     * 
      * @return LdapConnModule.
      */
     public ILdapConnModule getLdapConnModule();
 
     /**
      * Sets the LdapConnModule belonging to this Processor.
+     * 
      * @param m ILdapConnModule.
      */
     public void setLdapConnModule(ILdapConnModule m);
diff --git a/pki/base/common/src/com/netscape/certsrv/publish/IXcertPublisherProcessor.java b/pki/base/common/src/com/netscape/certsrv/publish/IXcertPublisherProcessor.java
index ce72ed8a..38842bb9 100644
--- a/pki/base/common/src/com/netscape/certsrv/publish/IXcertPublisherProcessor.java
+++ b/pki/base/common/src/com/netscape/certsrv/publish/IXcertPublisherProcessor.java
@@ -17,23 +17,21 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.publish;
 
-
 import com.netscape.certsrv.ldap.ELdapException;
 
-
 /**
- * Interface for a publisher that has the capability of publishing
- * cross certs
- *
+ * Interface for a publisher that has the capability of publishing cross certs
+ * 
  * @version $Revision$, $Date$
  */
 public interface IXcertPublisherProcessor extends IPublisherProcessor {
 
     /**
      * Publish crossCertificatePair.
+     * 
      * @param pair Byte array representing cert pair.
      * @exception EldapException publish failed due to Ldap error.
      */
     public void publishXCertPair(byte[] pair)
-        throws ELdapException;
+            throws ELdapException;
 }
diff --git a/pki/base/common/src/com/netscape/certsrv/publish/LdapCertMapResult.java b/pki/base/common/src/com/netscape/certsrv/publish/LdapCertMapResult.java
index 559cd8c0..900a9854 100644
--- a/pki/base/common/src/com/netscape/certsrv/publish/LdapCertMapResult.java
+++ b/pki/base/common/src/com/netscape/certsrv/publish/LdapCertMapResult.java
@@ -17,14 +17,11 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.publish;
 
-
-
-
-/** 
- * Class that represents the result of a Ldap Mapping operation.
- *  certificate map result: 
- *  Represented by a mapped entry as a DN and whether entry has the certificate.
- *
+/**
+ * Class that represents the result of a Ldap Mapping operation. certificate map
+ * result: Represented by a mapped entry as a DN and whether entry has the
+ * certificate.
+ * 
  * @version $Revision$ $Date$
  */
 public class LdapCertMapResult {
@@ -38,9 +35,10 @@ public class LdapCertMapResult {
         mDn = dn;
         mHasCert = hasCert;
     }
-	
+
     /**
      * Gets DN from the result.
+     * 
      * @return Distinguished Name.
      */
     public String getDn() {
@@ -49,6 +47,7 @@ public class LdapCertMapResult {
 
     /**
      * Gets whether the ldap entry had a certificate from result.
+     * 
      * @return true if cert is present, false otherwise.
      */
     public boolean hasCert() {
diff --git a/pki/base/common/src/com/netscape/certsrv/publish/MapperPlugin.java b/pki/base/common/src/com/netscape/certsrv/publish/MapperPlugin.java
index 282db3cd..b193e1b5 100644
--- a/pki/base/common/src/com/netscape/certsrv/publish/MapperPlugin.java
+++ b/pki/base/common/src/com/netscape/certsrv/publish/MapperPlugin.java
@@ -17,25 +17,23 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.publish;
 
-
 import com.netscape.certsrv.base.Plugin;
 
-
 /**
  * This class represents a registered mapper plugin.
  * <P>
- *
+ * 
  * @version $Revision$, $Date$
  */
 public class MapperPlugin extends Plugin {
 
     /**
      * Constructs a MapperPlugin based on a name and a path.
+     * 
      * @param id Name of plugin.
      * @param path Classpath of plugin.
      */
-    public MapperPlugin (String id, String path) {
+    public MapperPlugin(String id, String path) {
         super(id, path);
     }
 }
-
diff --git a/pki/base/common/src/com/netscape/certsrv/publish/MapperProxy.java b/pki/base/common/src/com/netscape/certsrv/publish/MapperProxy.java
index bd8ea741..95dc98d9 100644
--- a/pki/base/common/src/com/netscape/certsrv/publish/MapperProxy.java
+++ b/pki/base/common/src/com/netscape/certsrv/publish/MapperProxy.java
@@ -17,13 +17,10 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.publish;
 
-
-
-
 /**
- *
- *  Class representing a LdapMapper.
- *
+ * 
+ * Class representing a LdapMapper.
+ * 
  * @version $Revision$ $Date$
  */
 
@@ -32,8 +29,9 @@ public class MapperProxy {
     private ILdapMapper mMapper;
 
     /**
-     *
+     * 
      * Contructs MapperProxy .
+     * 
      * @param enable Enabled or not.
      * @param mapper Corresponding ILdapMapper object.
      */
@@ -43,8 +41,9 @@ public class MapperProxy {
     }
 
     /**
-     *
+     * 
      * Returns if enabled.
+     * 
      * @return true if enabled, otherwise false.
      */
     public boolean isEnable() {
@@ -52,8 +51,9 @@ public class MapperProxy {
     }
 
     /**
-     *
+     * 
      * Returns ILdapMapper object.
+     * 
      * @return Intance of ILdapMapper object.
      */
     public ILdapMapper getMapper() {
diff --git a/pki/base/common/src/com/netscape/certsrv/publish/PublisherPlugin.java b/pki/base/common/src/com/netscape/certsrv/publish/PublisherPlugin.java
index d6864326..5a163b80 100644
--- a/pki/base/common/src/com/netscape/certsrv/publish/PublisherPlugin.java
+++ b/pki/base/common/src/com/netscape/certsrv/publish/PublisherPlugin.java
@@ -17,26 +17,24 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.publish;
 
-
 import com.netscape.certsrv.base.Plugin;
 
-
 /**
  * This class represents a registered publisher plugin.
  * <P>
- *
+ * 
  * @version $Revision$, $Date$
  */
 public class PublisherPlugin extends Plugin {
 
     /**
-     *
-     *  Constructs a PublisherPlugin based on name and classpath.
-     *  @param id name of plugin.
-     *  @param path Classpath of plugin.
+     * 
+     * Constructs a PublisherPlugin based on name and classpath.
+     * 
+     * @param id name of plugin.
+     * @param path Classpath of plugin.
      */
-    public PublisherPlugin (String id, String path) {
+    public PublisherPlugin(String id, String path) {
         super(id, path);
     }
 }
-
diff --git a/pki/base/common/src/com/netscape/certsrv/publish/PublisherProxy.java b/pki/base/common/src/com/netscape/certsrv/publish/PublisherProxy.java
index 06e08c31..5a496d1d 100644
--- a/pki/base/common/src/com/netscape/certsrv/publish/PublisherProxy.java
+++ b/pki/base/common/src/com/netscape/certsrv/publish/PublisherProxy.java
@@ -17,24 +17,22 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.publish;
 
-
-
-
 /**
- *
+ * 
  * Class representing a proxy for a ILdapPublisher.
- *
+ * 
  * @version $Revision$ $Date$
  */
 
-
 public class PublisherProxy {
     private boolean mEnable;
     private ILdapPublisher mPublisher;
 
     /**
-     *
-     * Constructs a PublisherProxy based on a ILdapPublisher object and enabled boolean.
+     * 
+     * Constructs a PublisherProxy based on a ILdapPublisher object and enabled
+     * boolean.
+     * 
      * @param enable Proxy is enabled or not.
      * @param publisher Corresponding ILdapPublisher object.
      */
@@ -45,6 +43,7 @@ public class PublisherProxy {
 
     /**
      * Return if enabled or not.
+     * 
      * @return true if enabled, otherwise false.
      */
     public boolean isEnable() {
@@ -53,6 +52,7 @@ public class PublisherProxy {
 
     /**
      * Return ILdapPublisher object.
+     * 
      * @return Instance of ILdapPublisher.
      */
     public ILdapPublisher getPublisher() {
diff --git a/pki/base/common/src/com/netscape/certsrv/publish/RulePlugin.java b/pki/base/common/src/com/netscape/certsrv/publish/RulePlugin.java
index 8e515726..b37a24d5 100644
--- a/pki/base/common/src/com/netscape/certsrv/publish/RulePlugin.java
+++ b/pki/base/common/src/com/netscape/certsrv/publish/RulePlugin.java
@@ -17,25 +17,24 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.publish;
 
-
 import com.netscape.certsrv.base.Plugin;
 
-
 /**
  * This class represents a registered Publishing Rule plugin.
  * <P>
- *
+ * 
  * @version $Revision$, $Date$
  */
 public class RulePlugin extends Plugin {
 
     /**
-     *
+     * 
      * Constructs a RulePlugin based on name and classpath.
+     * 
      * @param id name of RulePlugin.
      * @param path Classpath of RulePlugin.
      */
-    public RulePlugin (String id, String path) {
+    public RulePlugin(String id, String path) {
         super(id, path);
     }
 }
diff --git a/pki/base/common/src/com/netscape/certsrv/ra/IRAService.java b/pki/base/common/src/com/netscape/certsrv/ra/IRAService.java
index 92ccd558..4bab4745 100644
--- a/pki/base/common/src/com/netscape/certsrv/ra/IRAService.java
+++ b/pki/base/common/src/com/netscape/certsrv/ra/IRAService.java
@@ -17,47 +17,45 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.ra;
 
-
 import com.netscape.certsrv.base.EBaseException;
 import com.netscape.certsrv.connector.IConnector;
 import com.netscape.certsrv.request.IRequest;
 import com.netscape.certsrv.request.IService;
 
-
 /**
  * An interface representing a RA request services.
  * <P>
- *
+ * 
  * @version $Revision$, $Date$
  */
-public interface IRAService extends IService { 
+public interface IRAService extends IService {
 
     /**
      * Services request.
-     *
+     * 
      * @param req request data
      */
     public boolean serviceRequest(IRequest req);
 
     /**
      * Services profile request.
-     *
+     * 
      * @param request profile enrollment request information
      * @exception EBaseException failed to service profile enrollment request
      */
     public void serviceProfileRequest(IRequest request)
-        throws EBaseException;
+            throws EBaseException;
 
     /**
      * Returns CA connector.
-     *
+     * 
      * @return CA connector
      */
     public IConnector getCAConnector();
 
     /**
      * Returns KRA connector.
-     *
+     * 
      * @return KRA connector
      */
     public IConnector getKRAConnector();
diff --git a/pki/base/common/src/com/netscape/certsrv/ra/IRegistrationAuthority.java b/pki/base/common/src/com/netscape/certsrv/ra/IRegistrationAuthority.java
index 3ab3a084..95154af2 100644
--- a/pki/base/common/src/com/netscape/certsrv/ra/IRegistrationAuthority.java
+++ b/pki/base/common/src/com/netscape/certsrv/ra/IRegistrationAuthority.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.ra;
 
-
 import java.util.Enumeration;
 
 import netscape.security.x509.X500Name;
@@ -29,12 +28,11 @@ import com.netscape.certsrv.publish.IPublisherProcessor;
 import com.netscape.certsrv.request.IRequestListener;
 import com.netscape.certsrv.request.IRequestQueue;
 
-
 /**
- * An interface represents a Registration Authority that is
- * responsible for certificate enrollment operations.
+ * An interface represents a Registration Authority that is responsible for
+ * certificate enrollment operations.
  * <P>
- *
+ * 
  * @version $Revision$, $Date$
  */
 public interface IRegistrationAuthority extends ISubsystem {
@@ -44,8 +42,8 @@ public interface IRegistrationAuthority extends ISubsystem {
     public static final String PROP_REGISTRATION = "Registration";
     public static final String PROP_GATEWAY = "gateway";
     public static final String PROP_NICKNAME = "certNickname";
-    //public final static String PROP_PUBLISH_SUBSTORE = "publish";
-    //public final static String PROP_LDAP_PUBLISH_SUBSTORE = "ldappublish";
+    // public final static String PROP_PUBLISH_SUBSTORE = "publish";
+    // public final static String PROP_LDAP_PUBLISH_SUBSTORE = "ldappublish";
     public final static String PROP_CONNECTOR = "connector";
     public final static String PROP_NEW_NICKNAME = "newNickname";
 
@@ -57,63 +55,63 @@ public interface IRegistrationAuthority extends ISubsystem {
 
     /**
      * Retrieves the request queue of this registration authority.
-     *
+     * 
      * @return RA's request queue
      */
     public IRequestQueue getRequestQueue();
 
     /**
      * Retrieves the publishing processor of this registration authority.
-     *
+     * 
      * @return RA's publishing processor
      */
     public IPublisherProcessor getPublisherProcessor();
 
     /**
      * Retrieves the policy processor of this registration authority.
-     *
+     * 
      * @return RA's policy processor
      */
     public IPolicyProcessor getPolicyProcessor();
 
     /**
      * Retrieves the RA certificate.
-     *
+     * 
      * @return the RA certificate
      */
     public org.mozilla.jss.crypto.X509Certificate getRACert();
 
     /**
      * Retrieves the request in queue listener.
-     *
+     * 
      * @return the request in queue listener
      */
     public IRequestListener getRequestInQListener();
 
     /**
      * Retrieves the request listener for issued certificates.
-     *
+     * 
      * @return the request listener for issued certificates
      */
     public IRequestListener getCertIssuedListener();
 
     /**
      * Retrieves the request listener for revoked certificates.
-     *
+     * 
      * @return the request listener for revoked certificates
      */
     public IRequestListener getCertRevokedListener();
 
     /**
      * Returns the nickname of the RA certificate.
-     *
+     * 
      * @return the nickname of the RA certificate
      */
     public String getNickname();
 
     /**
      * Retrieves the nickname of the RA certificate from configuration store.
-     *
+     * 
      * @return the nickname of the RA certificate
      * @exception EBaseException failed to get nickname
      */
@@ -121,51 +119,51 @@ public interface IRegistrationAuthority extends ISubsystem {
 
     /**
      * Sets the new nickname of the RA certifiate.
-     *
+     * 
      * @param name new nickname
      */
     public void setNewNickName(String name);
 
     /**
      * Sets the nickname of the RA certifiate.
-     *
+     * 
      * @param str nickname
      */
     public void setNickname(String str);
 
     /**
      * Retrieves the default validity period.
-     *
+     * 
      * @return the default validity length in days
      */
     public long getDefaultValidity();
 
     /**
      * Retrieves the issuer name of this registration authority.
-     *
+     * 
      * @return the issuer name of this registration authority
      */
     public X500Name getX500Name();
 
     /**
-     * Retrieves the RA service object that is responsible for
-     * processing requests.
-     *
+     * Retrieves the RA service object that is responsible for processing
+     * requests.
+     * 
      * @return RA service object
      */
-    public IRAService getRAService(); 
+    public IRAService getRAService();
 
     /**
      * Retrieves the request listener by name.
-     *
+     * 
      * @param name request listener name
      * @return the request listener
      */
-    public IRequestListener getRequestListener(String name); 
+    public IRequestListener getRequestListener(String name);
 
     /**
      * Retrieves all request listeners.
-     *
+     * 
      * @return name enumeration of all request listeners
      */
     public Enumeration<String> getRequestListenerNames();
diff --git a/pki/base/common/src/com/netscape/certsrv/registry/ERegistryException.java b/pki/base/common/src/com/netscape/certsrv/registry/ERegistryException.java
index a4574981..5d2e2c91 100644
--- a/pki/base/common/src/com/netscape/certsrv/registry/ERegistryException.java
+++ b/pki/base/common/src/com/netscape/certsrv/registry/ERegistryException.java
@@ -17,13 +17,11 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.registry;
 
-
 import com.netscape.certsrv.base.EBaseException;
 
-
 /**
  * This represents a registry exception.
- *
+ * 
  * @version $Revision$, $Date$
  */
 public class ERegistryException extends EBaseException {
@@ -35,7 +33,7 @@ public class ERegistryException extends EBaseException {
 
     /**
      * Constructs a registry exception.
-     *
+     * 
      * @param msg message carried along with the exception
      */
     public ERegistryException(String msg) {
diff --git a/pki/base/common/src/com/netscape/certsrv/registry/IPluginInfo.java b/pki/base/common/src/com/netscape/certsrv/registry/IPluginInfo.java
index 774b3f9b..31a24ab5 100644
--- a/pki/base/common/src/com/netscape/certsrv/registry/IPluginInfo.java
+++ b/pki/base/common/src/com/netscape/certsrv/registry/IPluginInfo.java
@@ -17,28 +17,23 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.registry;
 
-
 import java.util.Locale;
 
-
 /**
- * The plugin information includes name, 
- * class name, and description. The localizable
- * name and description are information
- * for end-users.
+ * The plugin information includes name, class name, and description. The
+ * localizable name and description are information for end-users.
  * <p>
- *
- * The class name can be used to create
- * an instance of the plugin.
+ * 
+ * The class name can be used to create an instance of the plugin.
  * <p>
- *
+ * 
  * @version $Revision$, $Date$
  */
 public interface IPluginInfo {
 
     /**
      * Retrieves the localized plugin name.
-     *
+     * 
      * @param locale end-user locale
      * @return plugin name
      */
@@ -46,18 +41,18 @@ public interface IPluginInfo {
 
     /**
      * Retrieves the localized plugin description.
-     *
+     * 
      * @param locale end-user locale
      * @return plugin description
      */
     public String getDescription(Locale locale);
 
     /**
-     * Retrieves the class name of the plugin.
-     * Instance of plugin can be created with
+     * Retrieves the class name of the plugin. Instance of plugin can be created
+     * with
      * <p>
      * Class.forName(info.getClassName());
-     *
+     * 
      * @return java class name
      */
     public String getClassName();
diff --git a/pki/base/common/src/com/netscape/certsrv/registry/IPluginRegistry.java b/pki/base/common/src/com/netscape/certsrv/registry/IPluginRegistry.java
index 7631f3ea..142f70c9 100644
--- a/pki/base/common/src/com/netscape/certsrv/registry/IPluginRegistry.java
+++ b/pki/base/common/src/com/netscape/certsrv/registry/IPluginRegistry.java
@@ -17,20 +17,17 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.registry;
 
-
 import java.util.Enumeration;
 
 import com.netscape.certsrv.base.IConfigStore;
 import com.netscape.certsrv.base.ISubsystem;
 
-
 /**
- * This represents the registry subsystem that manages 
- * mulitple types of plugin information.
- *
- * The plugin information includes id, name, 
- * classname, and description.
- *
+ * This represents the registry subsystem that manages mulitple types of plugin
+ * information.
+ * 
+ * The plugin information includes id, name, classname, and description.
+ * 
  * @version $Revision$, $Date$
  */
 public interface IPluginRegistry extends ISubsystem {
@@ -39,21 +36,21 @@ public interface IPluginRegistry extends ISubsystem {
 
     /**
      * Returns handle to the registry configuration file.
-     *
+     * 
      * @return configuration store of registry subsystem
      */
     public IConfigStore getFileConfigStore();
 
     /**
      * Returns all type names.
-     *
+     * 
      * @return a list of String-based names
      */
     public Enumeration<String> getTypeNames();
 
     /**
      * Returns a list of plugin identifiers of the given type.
-     *
+     * 
      * @param type plugin type
      * @return a list of plugin IDs
      */
@@ -61,7 +58,7 @@ public interface IPluginRegistry extends ISubsystem {
 
     /**
      * Retrieves the plugin information.
-     *
+     * 
      * @param type plugin type
      * @param id plugin id
      * @return plugin info
@@ -70,24 +67,24 @@ public interface IPluginRegistry extends ISubsystem {
 
     /**
      * Adds plugin info.
-     *
+     * 
      * @param type plugin type
      * @param id plugin id
      * @param info plugin info
      * @exception ERegistryException failed to add plugin
      */
     public void addPluginInfo(String type, String id, IPluginInfo info)
-        throws ERegistryException;
+            throws ERegistryException;
 
     /**
      * Removes plugin info.
      */
     public void removePluginInfo(String type, String id)
-     throws ERegistryException;
+            throws ERegistryException;
 
     /**
      * Creates a pluginInfo
      */
-    public IPluginInfo createPluginInfo(String name, String desc, 
-       String classPath);
+    public IPluginInfo createPluginInfo(String name, String desc,
+            String classPath);
 }
diff --git a/pki/base/common/src/com/netscape/certsrv/request/ARequestNotifier.java b/pki/base/common/src/com/netscape/certsrv/request/ARequestNotifier.java
index 65ddeac9..6fbbb8ba 100644
--- a/pki/base/common/src/com/netscape/certsrv/request/ARequestNotifier.java
+++ b/pki/base/common/src/com/netscape/certsrv/request/ARequestNotifier.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.request;
 
-
 import java.math.BigInteger;
 import java.util.Enumeration;
 import java.util.Hashtable;
@@ -31,9 +30,9 @@ import com.netscape.certsrv.ldap.ILdapConnModule;
 import com.netscape.certsrv.publish.IPublisherProcessor;
 
 /**
- * The ARequestNotifier class implements the IRequestNotifier interface,
- * which notifies all registered request listeners.
- *
+ * The ARequestNotifier class implements the IRequestNotifier interface, which
+ * notifies all registered request listeners.
+ * 
  * @version $Revision$, $Date$
  */
 public class ARequestNotifier implements IRequestNotifier {
@@ -52,31 +51,32 @@ public class ARequestNotifier implements IRequestNotifier {
     private int mSavePublishingStatus = 0;
     private int mSavePublishingCounter = 0;
 
-
     public ARequestNotifier() {
         mPublishingQueuePriority = Thread.currentThread().getPriority();
     }
 
-    public ARequestNotifier (ICertificateAuthority ca) {
+    public ARequestNotifier(ICertificateAuthority ca) {
         mCA = ca;
-        if (mCA != null) mRequestQueue = mCA.getRequestQueue();
+        if (mCA != null)
+            mRequestQueue = mCA.getRequestQueue();
     }
 
-    public void setPublishingQueue (boolean isPublishingQueueEnabled,
+    public void setPublishingQueue(boolean isPublishingQueueEnabled,
                                     int publishingQueuePriorityLevel,
                                     int maxNumberOfPublishingThreads,
                                     int publishingQueuePageSize,
                                     int savePublishingStatus) {
-        CMS.debug("setPublishingQueue:  Publishing Queue Enabled: " + isPublishingQueueEnabled+
-                  "  Priority Level: " + publishingQueuePriorityLevel+
-                  "  Maximum Number of Threads: " + maxNumberOfPublishingThreads+
-                  "  Page Size: "+ publishingQueuePageSize);
+        CMS.debug("setPublishingQueue:  Publishing Queue Enabled: " + isPublishingQueueEnabled +
+                  "  Priority Level: " + publishingQueuePriorityLevel +
+                  "  Maximum Number of Threads: " + maxNumberOfPublishingThreads +
+                  "  Page Size: " + publishingQueuePageSize);
         mIsPublishingQueueEnabled = isPublishingQueueEnabled;
         mMaxThreads = maxNumberOfPublishingThreads;
         mMaxRequests = publishingQueuePageSize;
         mSavePublishingStatus = savePublishingStatus;
 
-        // Publishing Queue Priority Levels:  2 - maximum, 1 - higher, 0 - normal, -1 - lower, -2 - minimum
+        // Publishing Queue Priority Levels: 2 - maximum, 1 - higher, 0 -
+        // normal, -1 - lower, -2 - minimum
         if (publishingQueuePriorityLevel > 1) {
             mPublishingQueuePriority = Thread.MAX_PRIORITY;
         } else if (publishingQueuePriorityLevel > 0) {
@@ -89,7 +89,8 @@ public class ARequestNotifier implements IRequestNotifier {
             mPublishingQueuePriority = Thread.currentThread().getPriority();
         }
 
-        if (mCA != null && mRequestQueue == null) mRequestQueue = mCA.getRequestQueue();
+        if (mCA != null && mRequestQueue == null)
+            mRequestQueue = mCA.getRequestQueue();
         if (mIsPublishingQueueEnabled && mSavePublishingStatus > 0 && mRequestQueue != null) {
             mPublishingStatus = mRequestQueue.getPublishingStatus();
             BigInteger status = new BigInteger("-2");
@@ -101,23 +102,23 @@ public class ARequestNotifier implements IRequestNotifier {
             } catch (Exception e) {
             }
         }
-        
+
     }
 
     /**
      * Registers a request listener.
-     *
+     * 
      * @param listener listener to be registered
      */
     public void registerListener(IRequestListener listener) {
         // XXX should check for duplicates here or allow listeners
-        // to register twice and call twice ? 
+        // to register twice and call twice ?
         mListeners.put(listener.getClass().getName(), listener);
     }
 
     /**
      * Registers a request listener.
-     *
+     * 
      * @param name listener name
      * @param listener listener to be registered
      */
@@ -127,18 +128,18 @@ public class ARequestNotifier implements IRequestNotifier {
 
     /**
      * Removes listener from the list of registered listeners.
-     *
+     * 
      * @param listener listener to be removed from the list
      */
     public void removeListener(IRequestListener listener) {
         // XXX should check for duplicates here or allow listeners
-        // to register twice and call twice ? 
+        // to register twice and call twice ?
         mListeners.remove(listener.getClass().getName());
     }
 
     /**
      * Gets list of listener names.
-     *
+     * 
      * @return enumeration of listener names
      */
     public Enumeration<String> getListenerNames() {
@@ -147,7 +148,7 @@ public class ARequestNotifier implements IRequestNotifier {
 
     /**
      * Removes listener from the list of registered listeners.
-     *
+     * 
      * @param name listener name to be removed from the list
      */
     public void removeListener(String name) {
@@ -156,7 +157,7 @@ public class ARequestNotifier implements IRequestNotifier {
 
     /**
      * Gets listener from the list of registered listeners.
-     *
+     * 
      * @param name listener name
      * @return listener
      */
@@ -166,26 +167,25 @@ public class ARequestNotifier implements IRequestNotifier {
 
     /**
      * Gets list of listeners.
-     *
+     * 
      * @return enumeration of listeners
      */
     public Enumeration<IRequestListener> getListeners() {
         return mListeners.elements();
     }
 
-
     private Object publishingCounterMonitor = new Object();
 
     public void updatePublishingStatus(String id) {
         if (mRequestQueue != null) {
             synchronized (publishingCounterMonitor) {
                 if (mSavePublishingCounter == 0) {
-                    CMS.debug("updatePublishingStatus  requestId: "+id);
+                    CMS.debug("updatePublishingStatus  requestId: " + id);
                     mRequestQueue.setPublishingStatus(id);
                 }
                 mSavePublishingCounter++;
-                CMS.debug("updatePublishingStatus  mSavePublishingCounter: "+mSavePublishingCounter+
-                          " mSavePublishingStatus: "+mSavePublishingStatus);
+                CMS.debug("updatePublishingStatus  mSavePublishingCounter: " + mSavePublishingCounter +
+                          " mSavePublishingStatus: " + mSavePublishingStatus);
                 if (mSavePublishingCounter >= mSavePublishingStatus) {
                     mSavePublishingCounter = 0;
                 }
@@ -197,24 +197,25 @@ public class ARequestNotifier implements IRequestNotifier {
 
     /**
      * Gets request from publishing queue.
-     *
+     * 
      * @return request
      */
     public synchronized IRequest getRequest() {
-       IRequest r = null;
-       String id = null;
+        IRequest r = null;
+        String id = null;
 
         CMS.debug("getRequest  mRequests=" + mRequests.size() + "  mSearchForRequests=" + mSearchForRequests);
         if (mSearchForRequests && mRequests.size() == 1) {
-            id = (String)mRequests.elementAt(0);
-            if (mCA != null && mRequestQueue == null) mRequestQueue = mCA.getRequestQueue();
+            id = (String) mRequests.elementAt(0);
+            if (mCA != null && mRequestQueue == null)
+                mRequestQueue = mCA.getRequestQueue();
             if (id != null && mRequestQueue != null) {
                 CMS.debug("getRequest  request id=" + id);
                 IRequestVirtualList list = mRequestQueue.getPagedRequestsByFilter(
                                                new RequestId(id),
                                                "(requeststate=complete)", mMaxRequests, "requestId");
                 int s = list.getSize() - list.getCurrentIndex();
-                CMS.debug("getRequest  list size: "+s);
+                CMS.debug("getRequest  list size: " + s);
                 for (int i = 0; i < s; i++) {
                     r = null;
                     try {
@@ -230,10 +231,9 @@ public class ARequestNotifier implements IRequestNotifier {
                         continue;
                     }
                     if (!(requestType.equals(IRequest.ENROLLMENT_REQUEST) ||
-                          requestType.equals(IRequest.RENEWAL_REQUEST) ||
-                          requestType.equals(IRequest.REVOCATION_REQUEST) ||
-                          requestType.equals(IRequest.CMCREVOKE_REQUEST) ||
-                          requestType.equals(IRequest.UNREVOCATION_REQUEST))) {
+                            requestType.equals(IRequest.RENEWAL_REQUEST) ||
+                            requestType.equals(IRequest.REVOCATION_REQUEST) ||
+                            requestType.equals(IRequest.CMCREVOKE_REQUEST) || requestType.equals(IRequest.UNREVOCATION_REQUEST))) {
                         continue;
                     }
                     if (i == 0 && id.equals(r.getRequestId().toString())) {
@@ -245,8 +245,8 @@ public class ARequestNotifier implements IRequestNotifier {
                     }
                     if (mRequests.size() < mMaxRequests) {
                         mRequests.addElement(r.getRequestId().toString());
-                        CMS.debug("getRequest  added "+r.getRequestType()+" request "+r.getRequestId().toString()+
-                                  " to mRequests: " + mRequests.size()+" ("+mMaxRequests+")");
+                        CMS.debug("getRequest  added " + r.getRequestType() + " request " + r.getRequestId().toString() +
+                                  " to mRequests: " + mRequests.size() + " (" + mMaxRequests + ")");
                     } else {
                         break;
                     }
@@ -257,16 +257,17 @@ public class ARequestNotifier implements IRequestNotifier {
             }
         }
         if (mRequests.size() > 0) {
-            id = (String)mRequests.elementAt(0);
+            id = (String) mRequests.elementAt(0);
             if (id != null) {
                 CMS.debug("getRequest  getting request: " + id);
-                if (mCA != null && mRequestQueue == null) mRequestQueue = mCA.getRequestQueue();
+                if (mCA != null && mRequestQueue == null)
+                    mRequestQueue = mCA.getRequestQueue();
                 if (mRequestQueue != null) {
                     try {
                         r = mRequestQueue.findRequest(new RequestId(id));
                         mRequests.remove(0);
-                        CMS.debug("getRequest  request "+ id + ((r != null)?" found":" not found"));
-                        //updatePublishingStatus(id);
+                        CMS.debug("getRequest  request " + id + ((r != null) ? " found" : " not found"));
+                        // updatePublishingStatus(id);
                     } catch (EBaseException e) {
                         CMS.debug("getRequest  EBaseException " + e.toString());
                     }
@@ -285,7 +286,7 @@ public class ARequestNotifier implements IRequestNotifier {
 
     /**
      * Gets number of requests in publishing queue.
-     *
+     * 
      * @return number of requests in publishing queue
      */
     public int getNumberOfRequests() {
@@ -294,7 +295,7 @@ public class ARequestNotifier implements IRequestNotifier {
 
     /**
      * Checks if publishing queue is enabled.
-     *
+     * 
      * @return true if publishing queue is enabled, false otherwise
      */
     public boolean isPublishingQueueEnabled() {
@@ -303,7 +304,7 @@ public class ARequestNotifier implements IRequestNotifier {
 
     /**
      * Removes a notifier thread from the pool of publishing queue threads.
-     *
+     * 
      * @param notifierThread Thread
      */
     public void removeNotifierThread(Thread notifierThread) {
@@ -318,12 +319,12 @@ public class ARequestNotifier implements IRequestNotifier {
 
     /**
      * Notifies all registered listeners about request.
-     *
+     * 
      * @param r request
      */
     public void notify(IRequest r) {
-        CMS.debug("ARequestNotifier  notify mIsPublishingQueueEnabled="+mIsPublishingQueueEnabled+
-                  " mMaxThreads="+mMaxThreads);
+        CMS.debug("ARequestNotifier  notify mIsPublishingQueueEnabled=" + mIsPublishingQueueEnabled +
+                  " mMaxThreads=" + mMaxThreads);
         if (mIsPublishingQueueEnabled) {
             addToNotify(r);
         } else if (mMaxThreads == 0) {
@@ -341,26 +342,27 @@ public class ARequestNotifier implements IRequestNotifier {
                 new Thread(new RunListeners(r, mListeners.elements())).start();
             } catch (Throwable e) {
 
-            /*
-             CMS.getLogger().log(
-             ILogger.EV_SYSTEM, ILogger.S_REQQUEUE, ILogger.LL_FAILURE, 
-             "Could not run listeners for request " + r.getRequestId() +
-             ". Error " + e + ";" + e.getMessage());
-             */
+                /*
+                 * CMS.getLogger().log( ILogger.EV_SYSTEM, ILogger.S_REQQUEUE,
+                 * ILogger.LL_FAILURE, "Could not run listeners for request " +
+                 * r.getRequestId() + ". Error " + e + ";" + e.getMessage());
+                 */
             }
         }
     }
 
     /**
      * Checks for available publishing connections
-     *
-     * @return true if there are available publishing connections, false otherwise
+     * 
+     * @return true if there are available publishing connections, false
+     *         otherwise
      */
     private boolean checkAvailablePublishingConnections() {
         boolean availableConnections = false;
 
         IPublisherProcessor pp = null;
-        if (mCA != null) pp = mCA.getPublisherProcessor();
+        if (mCA != null)
+            pp = mCA.getPublisherProcessor();
         if (pp != null && pp.enabled()) {
             ILdapConnModule ldapConnModule = pp.getLdapConnModule();
             if (ldapConnModule != null) {
@@ -378,8 +380,8 @@ public class ARequestNotifier implements IRequestNotifier {
                 CMS.debug("checkAvailablePublishingConnections  ldapConnModule is not accessible");
             }
         } else {
-            CMS.debug("checkAvailablePublishingConnections  PublisherProcessor is not " + 
-                      ((pp != null)?"enabled":"accessible"));
+            CMS.debug("checkAvailablePublishingConnections  PublisherProcessor is not " +
+                      ((pp != null) ? "enabled" : "accessible"));
         }
 
         return availableConnections;
@@ -387,7 +389,7 @@ public class ARequestNotifier implements IRequestNotifier {
 
     /**
      * Checks if more publishing threads can be added.
-     *
+     * 
      * @return true if more publishing threads can be added, false otherwise
      */
     private boolean morePublishingThreads() {
@@ -396,9 +398,9 @@ public class ARequestNotifier implements IRequestNotifier {
         if (mNotifierThreads.size() == 0) {
             moreThreads = true;
         } else if (mNotifierThreads.size() < mMaxThreads) {
-            CMS.debug("morePublishingThreads  ("+mRequests.size()+">"+
-                      ((mMaxRequests * mNotifierThreads.size()) / mMaxThreads)+
-                      " "+"("+mMaxRequests+"*"+mNotifierThreads.size()+"):"+mMaxThreads);
+            CMS.debug("morePublishingThreads  (" + mRequests.size() + ">" +
+                      ((mMaxRequests * mNotifierThreads.size()) / mMaxThreads) +
+                      " " + "(" + mMaxRequests + "*" + mNotifierThreads.size() + "):" + mMaxThreads);
             // gradually add new publishing threads
             if (mRequests.size() > ((mMaxRequests * mNotifierThreads.size()) / mMaxThreads)) {
                 // check for available publishing connections
@@ -412,21 +414,20 @@ public class ARequestNotifier implements IRequestNotifier {
         return moreThreads;
     }
 
-
     /**
      * Notifies all registered listeners about request.
-     *
+     * 
      * @param r request
      */
     public synchronized void addToNotify(IRequest r) {
         if (!mSearchForRequests) {
             if (mRequests.size() < mMaxRequests) {
                 mRequests.addElement(r.getRequestId().toString());
-                CMS.debug("addToNotify  extended buffer to "+mRequests.size()+"("+mMaxRequests+")"+
-                          " requests by adding request "+r.getRequestId().toString());
+                CMS.debug("addToNotify  extended buffer to " + mRequests.size() + "(" + mMaxRequests + ")" +
+                          " requests by adding request " + r.getRequestId().toString());
                 if (morePublishingThreads()) {
                     try {
-                        Thread notifierThread = new Thread(new RunListeners((IRequestNotifier)this));
+                        Thread notifierThread = new Thread(new RunListeners((IRequestNotifier) this));
                         if (notifierThread != null) {
                             mNotifierThreads.addElement(notifierThread);
                             CMS.debug("Number of publishing threads: " + mNotifierThreads.size());
@@ -445,23 +446,22 @@ public class ARequestNotifier implements IRequestNotifier {
         }
     }
 
-
     /**
      * Recovers publishing queue.
-     *
+     * 
      * @param id request request
      */
     public void recoverPublishingQueue(String id) {
-        CMS.debug("recoverPublishingQueue  mRequests.size()="+mRequests.size()+"("+mMaxRequests+")"+
-                      " requests by adding request "+id);
+        CMS.debug("recoverPublishingQueue  mRequests.size()=" + mRequests.size() + "(" + mMaxRequests + ")" +
+                      " requests by adding request " + id);
         if (mRequests.size() == 0) {
             mRequests.addElement(id);
-            CMS.debug("recoverPublishingQueue  extended buffer to "+mRequests.size()+"("+mMaxRequests+")"+
-                      " requests by adding request "+id);
+            CMS.debug("recoverPublishingQueue  extended buffer to " + mRequests.size() + "(" + mMaxRequests + ")" +
+                      " requests by adding request " + id);
             if (morePublishingThreads()) {
                 mSearchForRequests = true;
                 try {
-                    Thread notifierThread = new Thread(new RunListeners((IRequestNotifier)this));
+                    Thread notifierThread = new Thread(new RunListeners((IRequestNotifier) this));
                     if (notifierThread != null) {
                         mNotifierThreads.addElement(notifierThread);
                         CMS.debug("Number of publishing threads: " + mNotifierThreads.size());
@@ -478,10 +478,9 @@ public class ARequestNotifier implements IRequestNotifier {
     }
 }
 
-
 /**
- * The RunListeners class implements Runnable interface.
- * This class executes notification of registered listeners.
+ * The RunListeners class implements Runnable interface. This class executes
+ * notification of registered listeners.
  */
 class RunListeners implements Runnable {
     IRequest mRequest = null;
@@ -490,7 +489,7 @@ class RunListeners implements Runnable {
 
     /**
      * RunListeners class constructor.
-     *
+     * 
      * @param r request
      * @param listeners list of listeners
      */
@@ -501,7 +500,7 @@ class RunListeners implements Runnable {
 
     /**
      * RunListeners class constructor.
-     *
+     * 
      * @param r request
      * @param listeners list of listeners
      */
@@ -514,10 +513,11 @@ class RunListeners implements Runnable {
      * RunListeners thread implementation.
      */
     public void run() {
-        CMS.debug("RunListeners::"+((mRequestNotifier != null && mRequestNotifier.getNumberOfRequests() > 0)?" Queue: "+mRequestNotifier.getNumberOfRequests():" noQueue")+
-                  " "+((mRequest != null)?" SingleRequest":" noSingleRequest"));
+        CMS.debug("RunListeners::" + ((mRequestNotifier != null && mRequestNotifier.getNumberOfRequests() > 0) ? " Queue: " + mRequestNotifier.getNumberOfRequests() : " noQueue") +
+                  " " + ((mRequest != null) ? " SingleRequest" : " noSingleRequest"));
         do {
-            if (mRequestNotifier != null) mRequest = (IRequest)mRequestNotifier.getRequest();
+            if (mRequestNotifier != null)
+                mRequest = (IRequest) mRequestNotifier.getRequest();
             if (mListeners != null && mRequest != null) {
                 while (mListeners.hasMoreElements()) {
                     IRequestListener l = (IRequestListener) mListeners.nextElement();
@@ -529,11 +529,13 @@ class RunListeners implements Runnable {
                     mRequestNotifier.updatePublishingStatus(mRequest.getRequestId().toString());
                 }
             }
-            CMS.debug("RunListeners: "+((mRequestNotifier != null && mRequestNotifier.getNumberOfRequests() > 0)?" Queue: "+mRequestNotifier.getNumberOfRequests():" noQueue")+
-                      " "+((mRequest != null)?" SingleRequest":" noSingleRequest"));
-            if (mRequestNotifier != null) mListeners = mRequestNotifier.getListeners();
+            CMS.debug("RunListeners: " + ((mRequestNotifier != null && mRequestNotifier.getNumberOfRequests() > 0) ? " Queue: " + mRequestNotifier.getNumberOfRequests() : " noQueue") +
+                      " " + ((mRequest != null) ? " SingleRequest" : " noSingleRequest"));
+            if (mRequestNotifier != null)
+                mListeners = mRequestNotifier.getListeners();
         } while (mRequestNotifier != null && mRequestNotifier.getNumberOfRequests() > 0);
 
-        if (mRequestNotifier != null) mRequestNotifier.removeNotifierThread(Thread.currentThread());
+        if (mRequestNotifier != null)
+            mRequestNotifier.removeNotifierThread(Thread.currentThread());
     }
 }
diff --git a/pki/base/common/src/com/netscape/certsrv/request/AgentApproval.java b/pki/base/common/src/com/netscape/certsrv/request/AgentApproval.java
index c884ebbf..681263b4 100644
--- a/pki/base/common/src/com/netscape/certsrv/request/AgentApproval.java
+++ b/pki/base/common/src/com/netscape/certsrv/request/AgentApproval.java
@@ -17,27 +17,25 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.request;
 
-
 import java.io.Serializable;
 import java.util.Date;
 
-
 /**
- * The AgentApproval class contains the record of a
- * single agent approval.
- *
+ * The AgentApproval class contains the record of a single agent approval.
+ * 
  * @version $Revision$, $Date$
  */
 public class AgentApproval
-    implements Serializable {
+        implements Serializable {
 
     /**
      *
      */
     private static final long serialVersionUID = -3444654917454805225L;
+
     /**
      * Returns the approving agent's user name.
-     *
+     * 
      * @return an identifier for the agent
      */
     public String getUserName() {
@@ -46,7 +44,7 @@ public class AgentApproval
 
     /**
      * Returns the date of the approval
-     *
+     * 
      * @return date and time of the approval
      */
     public Date getDate() {
@@ -55,7 +53,7 @@ public class AgentApproval
 
     /**
      * AgentApproval class constructor
-     *
+     * 
      * @param userName user name of the approving agent
      */
     AgentApproval(String userName) {
diff --git a/pki/base/common/src/com/netscape/certsrv/request/AgentApprovals.java b/pki/base/common/src/com/netscape/certsrv/request/AgentApprovals.java
index 410e3b2c..bc2e60ac 100644
--- a/pki/base/common/src/com/netscape/certsrv/request/AgentApprovals.java
+++ b/pki/base/common/src/com/netscape/certsrv/request/AgentApprovals.java
@@ -17,21 +17,18 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.request;
 
-
 import java.io.Serializable;
 import java.util.Date;
 import java.util.Enumeration;
 import java.util.Vector;
 
-
 /**
- * A collection of AgentApproval objects. 
- * <single-threaded>
- *
+ * A collection of AgentApproval objects. <single-threaded>
+ * 
  * @version $Revision$, $Date$
  */
 public class AgentApprovals
-    implements Serializable {
+        implements Serializable {
 
     /**
      *
@@ -41,15 +38,14 @@ public class AgentApprovals
     /**
      * Adds an approval to approval's list.
      * <p>
-     * If an approval is already present for this user,
-     * it is updated with a new date.  Otherwise a new
-     * value is  inserted.
-     *
+     * If an approval is already present for this user, it is updated with a new
+     * date. Otherwise a new value is inserted.
+     * 
      * @param userName user name of the approving agent
      */
     public void addApproval(String userName) {
         AgentApproval a = findApproval(userName);
-   
+
         // update existing approval
         if (a != null) {
             a.mDate = new Date(); /* CMS.getCurrentDate(); */
@@ -63,9 +59,8 @@ public class AgentApprovals
     /**
      * Removes an approval from approval's list.
      * <p>
-     * If there is no approval for this userName, this
-     * call does nothing.
-     *
+     * If there is no approval for this userName, this call does nothing.
+     * 
      * @param userName user name of the approving agent
      */
     public void removeApproval(String userName) {
@@ -77,7 +72,7 @@ public class AgentApprovals
 
     /**
      * Finds an existing AgentApproval for the named user.
-     *
+     * 
      * @param userName user name of the approving agent
      * @return an AgentApproval object
      */
@@ -88,7 +83,8 @@ public class AgentApprovals
         for (int i = 0; i < mVector.size(); i++) {
             a = (AgentApproval) mVector.elementAt(i);
 
-            if (a.mUserName.equals(userName)) break;
+            if (a.mUserName.equals(userName))
+                break;
         }
 
         return a;
@@ -96,7 +92,7 @@ public class AgentApprovals
 
     /**
      * Returns an enumeration of the agent approvals
-     *
+     * 
      * @return an enumeration of the agent approvals
      */
     public Enumeration elements() {
@@ -104,12 +100,11 @@ public class AgentApprovals
     }
 
     /**
-     * Returns the AgentApprovals as a Vector of strings.
-     * Each entry in the vector is of the format:
-     *     epoch;username
-     * where epoch is the date.getTime()
+     * Returns the AgentApprovals as a Vector of strings. Each entry in the
+     * vector is of the format: epoch;username where epoch is the date.getTime()
      * <p>
      * This is used for serialization in Request.setExtData().
+     * 
      * @return The string vector.
      */
     public Vector toStringVector() {
@@ -123,8 +118,9 @@ public class AgentApprovals
     }
 
     /**
-     * Recreates an AgentApprovals instance from a Vector of strings that
-     * was created by toStringVector().
+     * Recreates an AgentApprovals instance from a Vector of strings that was
+     * created by toStringVector().
+     * 
      * @param stringVector The vector of strings to translate
      * @return the AgentApprovals instance or null if it can't be translated.
      */
@@ -135,7 +131,7 @@ public class AgentApprovals
         AgentApprovals approvals = new AgentApprovals();
         for (int i = 0; i < stringVector.size(); i++) {
             try {
-                String approvalString = (String)stringVector.get(i);
+                String approvalString = (String) stringVector.get(i);
                 String[] parts = approvalString.split(";", 2);
                 if (parts.length != 2) {
                     return null;
diff --git a/pki/base/common/src/com/netscape/certsrv/request/IEnrollmentRequest.java b/pki/base/common/src/com/netscape/certsrv/request/IEnrollmentRequest.java
index e7036d1e..01bc870f 100644
--- a/pki/base/common/src/com/netscape/certsrv/request/IEnrollmentRequest.java
+++ b/pki/base/common/src/com/netscape/certsrv/request/IEnrollmentRequest.java
@@ -17,15 +17,13 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.request;
 
-
 /**
- * An example of a more specialized request interface.
- * This version (currently) doesn't supply any additional
- * data, but is implementated only for testing and
+ * An example of a more specialized request interface. This version (currently)
+ * doesn't supply any additional data, but is implementated only for testing and
  * demonstration purposes.
- *
+ * 
  * @version $Revision$, $Date$
  */
 public interface IEnrollmentRequest
-    extends IRequest {
+        extends IRequest {
 }
diff --git a/pki/base/common/src/com/netscape/certsrv/request/INotify.java b/pki/base/common/src/com/netscape/certsrv/request/INotify.java
index d4ff15b7..636eba7b 100644
--- a/pki/base/common/src/com/netscape/certsrv/request/INotify.java
+++ b/pki/base/common/src/com/netscape/certsrv/request/INotify.java
@@ -17,24 +17,22 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.request;
 
-
 /**
- * The INotify interface defines operations that are invoked
- * when a request is completely processed.  A class implementing
- * this interface may be registered with a IRequestQueue.
- * The interface will be invoked when a request is completely
- * serviced by the IService object.
- *
+ * The INotify interface defines operations that are invoked when a request is
+ * completely processed. A class implementing this interface may be registered
+ * with a IRequestQueue. The interface will be invoked when a request is
+ * completely serviced by the IService object.
+ * 
  * @version $Revision$ $Date$
  */
 public interface INotify {
 
     /**
-     * Provides notification that a request has been completed.
-     * The implementation may use values stored in the IRequest
-     * object, and may implement any type publishing (such as email
-     * or writing values into a directory)
-     *
+     * Provides notification that a request has been completed. The
+     * implementation may use values stored in the IRequest object, and may
+     * implement any type publishing (such as email or writing values into a
+     * directory)
+     * 
      * @param request the request that is completed.
      */
     public void notify(IRequest request);
diff --git a/pki/base/common/src/com/netscape/certsrv/request/IPolicy.java b/pki/base/common/src/com/netscape/certsrv/request/IPolicy.java
index d74a32a4..06262fee 100644
--- a/pki/base/common/src/com/netscape/certsrv/request/IPolicy.java
+++ b/pki/base/common/src/com/netscape/certsrv/request/IPolicy.java
@@ -17,37 +17,32 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.request;
 
-
 /**
- * Interface to a policy.  The policy evaluates the request for
- * correctness and completeness.  It may change or add to values
- * stored in the request.  The policy object also decides
- * whether a request should be queue to await approval by
- * an agent.
- * FUTURE:   In this case, the policy should set the
- * 'agentGroup' entry in the request to indicate the group
- * of agents allowed to perform further processing.  If none
- * is set, a default value ("defaultAgentGroup") will be
- * set instead.
- *
+ * Interface to a policy. The policy evaluates the request for correctness and
+ * completeness. It may change or add to values stored in the request. The
+ * policy object also decides whether a request should be queue to await
+ * approval by an agent. FUTURE: In this case, the policy should set the
+ * 'agentGroup' entry in the request to indicate the group of agents allowed to
+ * perform further processing. If none is set, a default value
+ * ("defaultAgentGroup") will be set instead.
+ * 
  * @version $Revision$, $Date$
  */
 public interface IPolicy {
 
     /**
-     * Applies the policy check to the request.  The policy should
-     * determine whether the request can be processed immediately,
-     * or should be held pending manual approval.
+     * Applies the policy check to the request. The policy should determine
+     * whether the request can be processed immediately, or should be held
+     * pending manual approval.
      * <p>
-     * The policy can update fields in the request, to add additional values
-     * or to restrict the values to pre-determined ranges.
+     * The policy can update fields in the request, to add additional values or
+     * to restrict the values to pre-determined ranges.
      * <p>
-     * @param request
-     *   the request to check
-     * @return
-     *   a result code indicating the result of the evaluation.  The
-     *   processor will determine the next request processing step based
-     *   on this value
+     * 
+     * @param request the request to check
+     * @return a result code indicating the result of the evaluation. The
+     *         processor will determine the next request processing step based
+     *         on this value
      */
     PolicyResult apply(IRequest request);
 }
diff --git a/pki/base/common/src/com/netscape/certsrv/request/IRequest.java b/pki/base/common/src/com/netscape/certsrv/request/IRequest.java
index 1174778a..6a731444 100644
--- a/pki/base/common/src/com/netscape/certsrv/request/IRequest.java
+++ b/pki/base/common/src/com/netscape/certsrv/request/IRequest.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.request;
 
-
 //import java.io.Serializable;
 
 import java.math.BigInteger;
@@ -36,10 +35,9 @@ import netscape.security.x509.X509CertInfo;
 import com.netscape.certsrv.authentication.IAuthToken;
 import com.netscape.certsrv.base.IAttrSet;
 
-
 /**
  * An interface that defines abilities of request objects,
- *
+ * 
  * @version $Revision$, $Date$
  */
 public interface IRequest {
@@ -77,18 +75,19 @@ public interface IRequest {
     public static final String REQUESTOR_EMAIL = "csrRequestorEmail";
     public static final String REQUESTOR_COMMENTS = "csrRequestorComments";
 
-    // request attributes for all 
+    // request attributes for all
     public static final String AUTH_TOKEN = "AUTH_TOKEN";
     public static final String HTTP_PARAMS = "HTTP_PARAMS";
     public static final String HTTP_HEADERS = "HTTP_HEADERS";
     // Params added by agents on agent approval page
     public static final String AGENT_PARAMS = "AGENT_PARAMS";
     // server attributes: attributes generated by server modules.
-    public static final String SERVER_ATTRS = "SERVER_ATTRS"; 
+    public static final String SERVER_ATTRS = "SERVER_ATTRS";
 
-    public static final String  RESULT = "Result";  // service result.
-    public static final Integer RES_SUCCESS = Integer.valueOf(1);  // result value
-    public static final Integer RES_ERROR = Integer.valueOf(2);	// result value
+    public static final String RESULT = "Result"; // service result.
+    public static final Integer RES_SUCCESS = Integer.valueOf(1); // result
+                                                                  // value
+    public static final Integer RES_ERROR = Integer.valueOf(2); // result value
     public static final String REMOTE_SERVICE_AUTHORITY = "RemServiceAuthority";
     public static final String SVCERRORS = "serviceErrors";
     public static final String REMOTE_STATUS = "remoteStatus";
@@ -110,11 +109,10 @@ public interface IRequest {
     // also used for renewal
     public static final String CERT_INFO = "CERT_INFO";
     public static final String ISSUED_CERTS = "issuedCerts";
-    public static final String 
-        REQUEST_TRUSTEDMGR_PRIVILEGE = "requestTrustedManagerPrivilege";
+    public static final String REQUEST_TRUSTEDMGR_PRIVILEGE = "requestTrustedManagerPrivilege";
     public static final String FINGERPRINTS = "fingerprints";
-						
-    // enrollment request values 
+
+    // enrollment request values
     public static final String SERVER_CERT = "server";
     public static final String CLIENT_CERT = "client";
     public static final String CA_CERT = "ca";
@@ -124,7 +122,7 @@ public interface IRequest {
     public static final String OTHER_CERT = "other";
     public static final String ROUTER_CERT = "router"; // deprecated
     public static final String CEP_CERT = "CEP-Request";
-	
+
     // renewal request attributes. (internally set)
     // also used for revocation
     public static final String OLD_CERTS = "OLD_CERTS";
@@ -143,13 +141,13 @@ public interface IRequest {
     public final static String CRL_PUBLISH_ERROR = "crlPublishError";
     public static final String REQUESTOR_TYPE = "requestorType";
 
-	// Netkey request attributes
+    // Netkey request attributes
     public final static String NETKEY_ATTR_CUID = "CUID";
     public final static String NETKEY_ATTR_USERID = "USERID";
     public final static String NETKEY_ATTR_DRMTRANS_DES_KEY = "drm_trans_desKey";
-    public final static String NETKEY_ATTR_ARCHIVE_FLAG ="archive";
-    public final static String NETKEY_ATTR_SERVERSIDE_MUSCLE_FLAG ="serverSideMuscle";
-    public final static String NETKEY_ATTR_ENC_PRIVKEY_FLAG ="encryptPrivKey";
+    public final static String NETKEY_ATTR_ARCHIVE_FLAG = "archive";
+    public final static String NETKEY_ATTR_SERVERSIDE_MUSCLE_FLAG = "serverSideMuscle";
+    public final static String NETKEY_ATTR_ENC_PRIVKEY_FLAG = "encryptPrivKey";
     public final static String NETKEY_ATTR_USER_CERT = "cert";
     public final static String NETKEY_ATTR_KEY_SIZE = "keysize";
 
@@ -160,7 +158,7 @@ public interface IRequest {
     public static final String REQUESTOR_KRA = "KRA";
     public static final String REQUESTOR_AGENT = "Agent";
 
-    // others  (internally set)
+    // others (internally set)
     public final static String CACERTCHAIN = "CACertChain";
     public final static String CRL = "CRL";
     public final static String DOGETCACHAIN = "doGetCAChain";
@@ -174,90 +172,87 @@ public interface IRequest {
 
     /**
      * Gets the primary identifier for this request.
-     *
+     * 
      * @return request id
      */
     RequestId getRequestId();
 
     /**
      * Gets the current state of this request.
-     *
+     * 
      * @return request status
      */
     RequestStatus getRequestStatus();
 
     /**
-     * Gets the "sourceId" for the request.  The sourceId is
-     * assigned by the originator of the request (for example,
-     * the EE servlet or the RA servlet.
+     * Gets the "sourceId" for the request. The sourceId is assigned by the
+     * originator of the request (for example, the EE servlet or the RA servlet.
      * <p>
-     * The sourceId should be unique so that it can be used
-     * to retrieve request later without knowing the locally
-     * assigned primary id (RequestID)
+     * The sourceId should be unique so that it can be used to retrieve request
+     * later without knowing the locally assigned primary id (RequestID)
      * <p>
-     * @return
-     *    the sourceId value (or null if none has been set)
+     * 
+     * @return the sourceId value (or null if none has been set)
      */
     public String getSourceId();
 
     /**
-     * Sets the "sourceId" for this request.  The request must be updated
-     * in the database for this change to take effect.  This can be done
-     * by calling IRequestQueue.update() or by performing one of the
-     * other operations like processRequest or approveRequest.
-     *
+     * Sets the "sourceId" for this request. The request must be updated in the
+     * database for this change to take effect. This can be done by calling
+     * IRequestQueue.update() or by performing one of the other operations like
+     * processRequest or approveRequest.
+     * 
      * @param id source id for this request
      */
     public void setSourceId(String id);
 
     /**
      * Gets the current owner of this request.
-     *
+     * 
      * @return request owner
      */
     public String getRequestOwner();
 
     /**
      * Sets the current owner of this request.
-     *
-     * @param owner
-     *    The new owner of this request. If this value is set to null
-     *    there will be no current owner
+     * 
+     * @param owner The new owner of this request. If this value is set to null
+     *            there will be no current owner
      */
     public void setRequestOwner(String owner);
 
     /**
      * Gets the type of this request.
-     *
+     * 
      * @return request type
      */
     public String getRequestType();
 
     /**
      * Sets the type or this request.
-     *
+     * 
      * @param type request type
      */
     public void setRequestType(String type);
 
     /**
      * Gets the version of this request.
-     *
+     * 
      * @return request version
      */
     public String getRequestVersion();
 
     /**
      * Gets the time this request was created.
-     *
+     * 
      * @return request creation time
      */
     Date getCreationTime();
 
     /**
-     * Gets the time this request was last modified (defined
-	 * as updated in the queue)  (See IRequestQueue.update)
-     *
+     * Gets the time this request was last modified (defined as updated in the
+     * queue) (See IRequestQueue.update)
+     * 
      * @return request last modification time
      */
     Date getModificationTime();
@@ -278,83 +273,81 @@ public interface IRequest {
     public static final String ERROR = "Error";
 
     /**
-     * Copies meta attributes (excluding request Id, etc.) of another request 
-     * to this request.
-	 *
+     * Copies meta attributes (excluding request Id, etc.) of another request to
+     * this request.
+     * 
      * @param req another request
      */
     public void copyContents(IRequest req);
 
     /**
      * Gets context of this request.
-	 *
+     * 
      * @return request context
      */
     public String getContext();
 
     /**
      * Sets context of this request.
-	 *
+     * 
      * @param ctx request context
      */
     public void setContext(String ctx);
 
     /**
      * Sets status of this request.
-	 *
+     * 
      * @param s request status
      */
     public void setRequestStatus(RequestStatus s);
 
     /**
      * Gets status of connector transfer.
-	 *
+     * 
      * @return status of connector transfer
      */
     public boolean isSuccess();
 
     /**
      * Gets localized error message from connector transfer.
-	 *
+     * 
      * @param locale request locale
      * @return error message from connector transfer
      */
     public String getError(Locale locale);
 
-
     /**************************************************************
      * ExtData data methods:
-     *
-     * These methods should be used in place of the mAttrData methods
-     * deprecated above.
-     *
-     * These methods all store Strings in LDAP.  This means they can no longer
-     * be used as a garbage dump for all sorts of objects.  A limited number
-     * of helper methods are provided for Vectors/Arrays/Hashtables but the
-     * keys and values for all of these should be Strings.
-     *
-     * The keys are used in the LDAP attribute names, and so much obey LDAP
-     * key syntax rules: A-Za-z0-9 and hyphen.
-     */
-
-    /**
-     * Sets an Extended Data string-key string-value pair.
-     * All keys are lower cased because LDAP does not preserve case.
-     *
-     * @param key  The extended data key
+     * 
+     * These methods should be used in place of the mAttrData methods deprecated
+     * above.
+     * 
+     * These methods all store Strings in LDAP. This means they can no longer be
+     * used as a garbage dump for all sorts of objects. A limited number of
+     * helper methods are provided for Vectors/Arrays/Hashtables but the keys
+     * and values for all of these should be Strings.
+     * 
+     * The keys are used in the LDAP attribute names, and so much obey LDAP key
+     * syntax rules: A-Za-z0-9 and hyphen.
+     */
+
+    /**
+     * Sets an Extended Data string-key string-value pair. All keys are lower
+     * cased because LDAP does not preserve case.
+     * 
+     * @param key The extended data key
      * @param value The extended data value
      * @return false if key is invalid.
      */
     public boolean setExtData(String key, String value);
 
     /**
-     * Sets an Extended Data string-key string-value pair.
-     * The key and hashtable keys are all lowercased because LDAP does not
-     * preserve case.
-     *
-     * @param key  The extended data key
-     * @param value The extended data value
-     * the Hashtable contains an illegal key.
+     * Sets an Extended Data string-key string-value pair. The key and hashtable
+     * keys are all lowercased because LDAP does not preserve case.
+     * 
+     * @param key The extended data key
+     * @param value The extended data value the Hashtable contains an illegal
+     *            key.
      * @return false if the key or hashtable keys are invalid
      */
     public boolean setExtData(String key, Hashtable<String, ?> value);
@@ -362,65 +355,69 @@ public interface IRequest {
     /**
      * Checks whether the key is storing a simple String value, or a complex
      * (Vector/hashtable) structure.
-     * @param key  The key to check for.
-     * @return True if the key maps to a string.  False if it maps to a
+     * 
+     * @param key The key to check for.
+     * @return True if the key maps to a string. False if it maps to a
      *         hashtable.
      */
     public boolean isSimpleExtDataValue(String key);
 
     /**
-     * Returns the String value stored for the String key.  Returns null
-     * if not found.  Throws exception if key stores a complex data structure
+     * Returns the String value stored for the String key. Returns null if not
+     * found. Throws exception if key stores a complex data structure
      * (Vector/Hashtable).
-     * @param key  The key to lookup (case-insensitive)
-     * @return  The value associated with the key. null if not found or if the
-     *          key is associated with a non-string value.
+     * 
+     * @param key The key to lookup (case-insensitive)
+     * @return The value associated with the key. null if not found or if the
+     *         key is associated with a non-string value.
      */
     public String getExtDataInString(String key);
 
     /**
-     * Returns the Hashtable value for the String key.  Returns null if not
-     * found.  Throws exception if the key stores a String value.
-     *
+     * Returns the Hashtable value for the String key. Returns null if not
+     * found. Throws exception if the key stores a String value.
+     * 
      * The Hashtable returned is actually a subclass of Hashtable that
-     * lowercases all keys used to access the hashtable.  Its purpose is to
-     * to make lookups seemless, but be aware it is not a normal hashtable and
+     * lowercases all keys used to access the hashtable. Its purpose is to to
+     * make lookups seemless, but be aware it is not a normal hashtable and
      * might behave strangely in some cases (e.g., iterating keys)
-     *
-     * @param key  The key to lookup (case-insensitive)
-     * @return The hashtable value associated with the key.  null if not found
-     *         or if the key is associated with a string-value.
+     * 
+     * @param key The key to lookup (case-insensitive)
+     * @return The hashtable value associated with the key. null if not found or
+     *         if the key is associated with a string-value.
      */
     public <V> Hashtable<String, V> getExtDataInHashtable(String key);
 
-
     /**
      * Returns all the keys stored in ExtData
+     * 
      * @return Enumeration of all the keys.
      */
     public Enumeration<String> getExtDataKeys();
 
     /**
-     * Stores an array of Strings in ExtData.
-     * The indices of the array are used as subkeys.
-     * @param key    the ExtData key
-     * @param values  the array of string values to store
+     * Stores an array of Strings in ExtData. The indices of the array are used
+     * as subkeys.
+     * 
+     * @param key the ExtData key
+     * @param values the array of string values to store
      * @return False if the key is invalid
      */
     public boolean setExtData(String key, String[] values);
 
     /**
-     * Retrieves an array of Strings stored with the key.
-     * This only works if the data was stored as an array.  If the data
-     * is not correct, this method will return null.
-     * @param key  The ExtData key
-     * @return  The value.  Null if not found or the data isn't an array.
+     * Retrieves an array of Strings stored with the key. This only works if the
+     * data was stored as an array. If the data is not correct, this method will
+     * return null.
+     * 
+     * @param key The ExtData key
+     * @return The value. Null if not found or the data isn't an array.
      */
     public String[] getExtDataInStringArray(String key);
 
     /**
      * Removes the value of an extdata attribute.
-     *
+     * 
      * @param type key to delete
      */
     void deleteExtData(String type);
@@ -430,237 +427,252 @@ public interface IRequest {
      ****************************/
 
     /**
-     * Helper method to add subkey/value pair to a ExtData hashtable.
-     * If the hashtable it exists, the subkey/value are added to it.  Otherwise
-     * a new hashtable is created.
-     *
+     * Helper method to add subkey/value pair to a ExtData hashtable. If the
+     * hashtable it exists, the subkey/value are added to it. Otherwise a new
+     * hashtable is created.
+     * 
      * The key and subkey are lowercased because LDAP does not preserve case.
-     *
-     * @param key    The top level key
+     * 
+     * @param key The top level key
      * @param subkey The hashtable data key
-     * @param value  The hashtable value
+     * @param value The hashtable value
      * @return False if the key or subkey are invalid
      */
     public boolean setExtData(String key, String subkey, String value);
 
     /**
      * Helper method to retrieve an individual value from a Hashtable value.
-     * @param key     the ExtData key
-     * @param subkey  the key in the Hashtable value (case insensitive)
+     * 
+     * @param key the ExtData key
+     * @param subkey the key in the Hashtable value (case insensitive)
      * @return the value corresponding to the key/subkey
      */
     public String getExtDataInString(String key, String subkey);
 
     /**
-     * Helper method to store an Integer value.  It converts the integer value
-     * to a String and stores it.
-     *
-     * @param key  the ExtData key
-     * @param value  the Integer to store (as a String)
+     * Helper method to store an Integer value. It converts the integer value to
+     * a String and stores it.
+     * 
+     * @param key the ExtData key
+     * @param value the Integer to store (as a String)
      * @return False if the key or value are invalid
      */
     public boolean setExtData(String key, Integer value);
 
     /**
-     * Retrieves an integer value.  Returns null if not found or
-     * the value can't be represented as an Integer.
-     *
-     * @param key  The ExtData key to lookup
-     * @return  The integer value or null if not possible.
+     * Retrieves an integer value. Returns null if not found or the value can't
+     * be represented as an Integer.
+     * 
+     * @param key The ExtData key to lookup
+     * @return The integer value or null if not possible.
      */
     public Integer getExtDataInInteger(String key);
 
     /**
      * Stores an array of Integers
-     * @param key    The extdata key
-     * @param values  The array of Integers to store
-     * @return  false if the key is invalid
+     * 
+     * @param key The extdata key
+     * @param values The array of Integers to store
+     * @return false if the key is invalid
      */
     public boolean setExtData(String key, Integer[] values);
 
     /**
      * Retrieves an array of Integers
-     * @param key  The extdata key
+     * 
+     * @param key The extdata key
      * @return The array of Integers or null on error.
      */
     public Integer[] getExtDataInIntegerArray(String key);
 
     /**
-     * Helper method to store a BigInteger value.  It converts the integer value
+     * Helper method to store a BigInteger value. It converts the integer value
      * to a String and stores it.
-     *
-     * @param key  the ExtData key
-     * @param value  the BigInteger to store (as a String)
+     * 
+     * @param key the ExtData key
+     * @param value the BigInteger to store (as a String)
      * @return False if the key or value are invalid
      */
     public boolean setExtData(String key, BigInteger value);
 
     /**
-     * Retrieves a BigInteger value.  Returns null if not found or
-     * the value can't be represented as a BigInteger.
-     *
-     * @param key  The ExtData key to lookup
-     * @return  The integer value or null if not possible.
+     * Retrieves a BigInteger value. Returns null if not found or the value
+     * can't be represented as a BigInteger.
+     * 
+     * @param key The ExtData key to lookup
+     * @return The integer value or null if not possible.
      */
     public BigInteger getExtDataInBigInteger(String key);
 
     /**
      * Stores an array of BigIntegers
-     * @param key    The extdata key
-     * @param values  The array of BigIntegers to store
-     * @return  false if the key is invalid
+     * 
+     * @param key The extdata key
+     * @param values The array of BigIntegers to store
+     * @return false if the key is invalid
      */
     public boolean setExtData(String key, BigInteger[] values);
 
     /**
      * Retrieves an array of BigIntegers
-     * @param key  The extdata key
+     * 
+     * @param key The extdata key
      * @return The array of BigIntegers or null on error.
      */
     public BigInteger[] getExtDataInBigIntegerArray(String key);
 
     /**
-     * Helper method to store an exception.
-     * It actually stores the e.toString() value.
-     *
-     * @param key  The ExtData key to store under
-     * @param e    The throwable to store
-     * @return  False if the key is invalid.
+     * Helper method to store an exception. It actually stores the e.toString()
+     * value.
+     * 
+     * @param key The ExtData key to store under
+     * @param e The throwable to store
+     * @return False if the key is invalid.
      */
     public boolean setExtData(String key, Throwable e);
 
     /**
      * Stores a byte array as base64 encoded text
-     * @param key  The ExtData key
-     * @param data  The byte array to store
-     * @return  False if the key is invalid.
+     * 
+     * @param key The ExtData key
+     * @param data The byte array to store
+     * @return False if the key is invalid.
      */
     public boolean setExtData(String key, byte[] data);
 
     /**
      * Retrieves the data, which should be base64 encoded as a byte array.
-     * @param key  The ExtData key
-     * @return  The data, or null if an error occurs.
+     * 
+     * @param key The ExtData key
+     * @return The data, or null if an error occurs.
      */
     public byte[] getExtDataInByteArray(String key);
 
     /**
      * Stores a X509CertImpl as base64 encoded text using the getEncode()
      * method.
-     * @param key  The ExtData key
-     * @param data  certificate
-     * @return  False if the key is invalid.
+     * 
+     * @param key The ExtData key
+     * @param data certificate
+     * @return False if the key is invalid.
      */
     public boolean setExtData(String key, X509CertImpl data);
 
     /**
      * Retrieves the data, which should be base64 encoded as a byte array.
-     * @param key  The ExtData key
-     * @return  The data, or null if an error occurs.
+     * 
+     * @param key The ExtData key
+     * @return The data, or null if an error occurs.
      */
     public X509CertImpl getExtDataInCert(String key);
 
     /**
      * Stores an array of X509CertImpls as a base64 encoded text.
+     * 
      * @param key The ExtData key
-     * @param data  The array of certs to store
+     * @param data The array of certs to store
      * @return False if the key or data is invalid.
      */
     public boolean setExtData(String key, X509CertImpl[] data);
 
     /**
      * Retrieves an array of X509CertImpl.
-     * @param key  The ExtData key
-     * @return  Array of certs, or null if not found or invalid data.
+     * 
+     * @param key The ExtData key
+     * @return Array of certs, or null if not found or invalid data.
      */
     public X509CertImpl[] getExtDataInCertArray(String key);
 
     /**
      * Stores a X509CertInfo as base64 encoded text using the getEncodedInfo()
      * method.
-     * @param key  The ExtData key
-     * @param data  certificate
-     * @return  False if the key is invalid.
+     * 
+     * @param key The ExtData key
+     * @param data certificate
+     * @return False if the key is invalid.
      */
     public boolean setExtData(String key, X509CertInfo data);
 
     /**
      * Retrieves the data, which should be base64 encoded as a byte array.
-     * @param key  The ExtData key
-     * @return  The data, or null if an error occurs.
+     * 
+     * @param key The ExtData key
+     * @return The data, or null if an error occurs.
      */
     public X509CertInfo getExtDataInCertInfo(String key);
 
     /**
      * Stores an array of X509CertInfos as a base64 encoded text.
+     * 
      * @param key The ExtData key
-     * @param data  The array of cert infos to store
+     * @param data The array of cert infos to store
      * @return False if the key or data is invalid.
      */
     public boolean setExtData(String key, X509CertInfo[] data);
 
     /**
      * Retrieves an array of X509CertInfo.
-     * @param key  The ExtData key
-     * @return  Array of cert infos, or null if not found or invalid data.
+     * 
+     * @param key The ExtData key
+     * @return Array of cert infos, or null if not found or invalid data.
      */
     public X509CertInfo[] getExtDataInCertInfoArray(String key);
 
     /**
      * Stores an array of RevokedCertImpls as a base64 encoded text.
+     * 
      * @param key The ExtData key
-     * @param data  The array of cert infos to store
+     * @param data The array of cert infos to store
      * @return False if the key or data is invalid.
      */
     public boolean setExtData(String key, RevokedCertImpl[] data);
 
     /**
      * Retrieves an array of RevokedCertImpl.
-     * @param key  The ExtData key
-     * @return  Array of cert infos, or null if not found or invalid data.
+     * 
+     * @param key The ExtData key
+     * @return Array of cert infos, or null if not found or invalid data.
      */
     public RevokedCertImpl[] getExtDataInRevokedCertArray(String key);
 
     /**
-     * Stores the contents of the String Vector in ExtData.
-     * TODO - as soon as we're allowed to use JDK5 this should be changed
-     * to use Vector<String> data.
-     *
+     * Stores the contents of the String Vector in ExtData. TODO - as soon as
+     * we're allowed to use JDK5 this should be changed to use Vector<String>
+     * data.
+     * 
      * Note that modifications to the Vector are not automatically reflected
-     * after it is stored.  You must call set() again to make the changes.
-     *
-     * @param key  The extdata key to store
+     * after it is stored. You must call set() again to make the changes.
+     * 
+     * @param key The extdata key to store
      * @param data A vector of Strings to store
-     * @return  False on key error or invalid data.
+     * @return False on key error or invalid data.
      */
     public boolean setExtData(String key, Vector<?> data);
 
     /**
-     * Returns a vector of strings for the key.
-     * Note that the returned vector, if modified, does not make changes
-     * in ExtData.  You must call setExtData() to propogate changes back
-     * into ExtData.
-     *
-     * @param key  The extdata key
-     * @return  A Vector of strings, or null on error.
+     * Returns a vector of strings for the key. Note that the returned vector,
+     * if modified, does not make changes in ExtData. You must call setExtData()
+     * to propogate changes back into ExtData.
+     * 
+     * @param key The extdata key
+     * @return A Vector of strings, or null on error.
      */
     public Vector<String> getExtDataInStringVector(String key);
 
     /**
-     * Gets boolean value for given type or default value
-	 * if attribute is absent.
-	 *
+     * Gets boolean value for given type or default value if attribute is
+     * absent.
+     * 
      * @param type attribute type
      * @param defVal default attribute value
      * @return attribute value
      */
     boolean getExtDataInBoolean(String type, boolean defVal);
 
-
     /**
-     * Gets extdata boolean value for given type or default value
-	 * if attribute is absent for this request with this prefix.
-	 *
+     * Gets extdata boolean value for given type or default value if attribute
+     * is absent for this request with this prefix.
+     * 
      * @param prefix request prefix
      * @param type attribute type
      * @param defVal default attribute value
@@ -668,59 +680,64 @@ public interface IRequest {
      */
     public boolean getExtDataInBoolean(String prefix, String type, boolean defVal);
 
-
     /**
      * Stores an AuthToken the same as a Hashtable.
+     * 
      * @param key The ExtData key
-     * @param data  The authtoken to store
+     * @param data The authtoken to store
      * @return False if the key or data is invalid.
      */
     public boolean setExtData(String key, IAuthToken data);
 
     /**
      * Retrieves an authtoken.
-     * @param key  The ExtData key
-     * @return  AuthToken, or null if not found or invalid data.
+     * 
+     * @param key The ExtData key
+     * @return AuthToken, or null if not found or invalid data.
      */
     public IAuthToken getExtDataInAuthToken(String key);
 
     /**
      * Stores a CertificateExtensions in extdata.
+     * 
      * @param key The ExtData key
-     * @param data  The CertificateExtensions to store
+     * @param data The CertificateExtensions to store
      * @return False if the key or data is invalid.
      */
     public boolean setExtData(String key, CertificateExtensions data);
 
     /**
      * Retrieves the CertificateExtensions associated with the key.
-     * @param key  The ExtData key
-     * @return  the object, or null if not found or invalid data.
+     * 
+     * @param key The ExtData key
+     * @return the object, or null if not found or invalid data.
      */
     public CertificateExtensions getExtDataInCertExts(String key);
 
     /**
      * Stores a CertificateSubjectName in extdata.
+     * 
      * @param key The ExtData key
-     * @param data  The CertificateSubjectName to store
+     * @param data The CertificateSubjectName to store
      * @return False if the key or data is invalid.
      */
     public boolean setExtData(String key, CertificateSubjectName data);
 
     /**
      * Retrieves the CertificateSubjectName associated with the key.
-     * @param key  The ExtData key
-     * @return  the object, or null if not found or invalid data.
+     * 
+     * @param key The ExtData key
+     * @return the object, or null if not found or invalid data.
      */
     public CertificateSubjectName getExtDataInCertSubjectName(String key);
 
     /**
-     * This method returns an IAttrSet wrapper for the IRequest.
-     * Use of this method is strongly discouraged.  It provides extremely
-     * limited functionality, and is only provided for the two places IRequest
-     * is being used as such in the code.  If you are considering using this
-     * method, please don't.
-     *
+     * This method returns an IAttrSet wrapper for the IRequest. Use of this
+     * method is strongly discouraged. It provides extremely limited
+     * functionality, and is only provided for the two places IRequest is being
+     * used as such in the code. If you are considering using this method,
+     * please don't.
+     * 
      * @return IAttrSet wrapper with basic "get" functionality.
      * @deprecated
      */
diff --git a/pki/base/common/src/com/netscape/certsrv/request/IRequestList.java b/pki/base/common/src/com/netscape/certsrv/request/IRequestList.java
index a01ceb8c..f1979398 100644
--- a/pki/base/common/src/com/netscape/certsrv/request/IRequestList.java
+++ b/pki/base/common/src/com/netscape/certsrv/request/IRequestList.java
@@ -17,41 +17,39 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.request;
 
-
 import java.util.Enumeration;
 
-
 /**
- * An interface providing a list of RequestIds that match
- * some criteria.  It could be a list of all elements in a
- * queue, or just some defined sub-set.
- *
+ * An interface providing a list of RequestIds that match some criteria. It
+ * could be a list of all elements in a queue, or just some defined sub-set.
+ * 
  * @version $Revision$, $Date$
  */
 public interface IRequestList
-    extends Enumeration {
+        extends Enumeration {
 
     /**
-     * Gets the next RequestId from this list.  null is
-	 * returned when there are no more elements in the list.
-	 * <p>
-	 * Callers should be sure there is another element in the
-	 * list by calling hasMoreElements first.
+     * Gets the next RequestId from this list. null is returned when there are
+     * no more elements in the list.
+     * <p>
+     * Callers should be sure there is another element in the list by calling
+     * hasMoreElements first.
      * <p>
+     * 
      * @return next request id
      */
     RequestId nextRequestId();
 
     /**
      * Gets next request from the list.
-     *
+     * 
      * @return next request
      */
     public Object nextRequest();
 
     /**
      * Gets next request Object from the list.
-     *
+     * 
      * @return next request
      */
     public IRequest nextRequestObject();
diff --git a/pki/base/common/src/com/netscape/certsrv/request/IRequestListener.java b/pki/base/common/src/com/netscape/certsrv/request/IRequestListener.java
index a98cd747..382ffc31 100644
--- a/pki/base/common/src/com/netscape/certsrv/request/IRequestListener.java
+++ b/pki/base/common/src/com/netscape/certsrv/request/IRequestListener.java
@@ -17,23 +17,21 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.request;
 
-
 import com.netscape.certsrv.base.EBaseException;
 import com.netscape.certsrv.base.IConfigStore;
 import com.netscape.certsrv.base.ISubsystem;
 
-
 /**
  * An interface that defines abilities of request listener,
- *
+ * 
  * @version $Revision$, $Date$
  */
 public interface IRequestListener {
 
     /**
-     * Initializes request listener for the specific subsystem
-	 * and configuration store.
-	 *
+     * Initializes request listener for the specific subsystem and configuration
+     * store.
+     * 
      * @param sub subsystem
      * @param config configuration store
      */
@@ -41,14 +39,14 @@ public interface IRequestListener {
 
     /**
      * Accepts request.
-	 *
+     * 
      * @param request request
      */
-    public void accept(IRequest request); 
+    public void accept(IRequest request);
 
     /**
      * Sets attribute.
-	 *
+     * 
      * @param name attribute name
      * @param val attribute value
      */
diff --git a/pki/base/common/src/com/netscape/certsrv/request/IRequestNotifier.java b/pki/base/common/src/com/netscape/certsrv/request/IRequestNotifier.java
index ba06c626..66bd3543 100644
--- a/pki/base/common/src/com/netscape/certsrv/request/IRequestNotifier.java
+++ b/pki/base/common/src/com/netscape/certsrv/request/IRequestNotifier.java
@@ -17,27 +17,25 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.request;
 
-
 import java.util.Enumeration;
 
-
 /**
  * IRequestNotifier interface defines methods to register listeners,
- *
+ * 
  * @version $Revision$, $Date$
  */
 public interface IRequestNotifier extends INotify {
 
     /**
      * Registers a request listener.
-     *
+     * 
      * @param listener listener to be registered
      */
     public void registerListener(IRequestListener listener);
 
     /**
      * Registers a request listener.
-     *
+     * 
      * @param name listener name
      * @param listener listener to be registered
      */
@@ -45,28 +43,28 @@ public interface IRequestNotifier extends INotify {
 
     /**
      * Removes listener from the list of registered listeners.
-     *
+     * 
      * @param listener listener to be removed from the list
      */
     public void removeListener(IRequestListener listener);
 
     /**
      * Removes listener from the list of registered listeners.
-     *
+     * 
      * @param name listener name to be removed from the list
      */
     public void removeListener(String name);
 
     /**
      * Gets list of listener names.
-     *
+     * 
      * @return enumeration of listener names
      */
-    public Enumeration<String>  getListenerNames();
+    public Enumeration<String> getListenerNames();
 
     /**
      * Gets listener from the list of registered listeners.
-     *
+     * 
      * @param name listener name
      * @return listener
      */
@@ -74,55 +72,55 @@ public interface IRequestNotifier extends INotify {
 
     /**
      * Gets list of listeners.
-     *
+     * 
      * @return enumeration of listeners
      */
-    public Enumeration<IRequestListener>  getListeners();
+    public Enumeration<IRequestListener> getListeners();
 
     /**
      * Gets request from publishing queue.
-     *
+     * 
      * @return request
      */
     public IRequest getRequest();
 
     /**
      * Gets number of requests in publishing queue.
-     *
+     * 
      * @return number of requests in publishing queue
      */
     public int getNumberOfRequests();
 
     /**
      * Checks if publishing queue is enabled.
-     *
+     * 
      * @return true if publishing queue is enabled, false otherwise
      */
     public boolean isPublishingQueueEnabled();
 
     /**
      * Removes a notifier thread from the pool of publishing queue threads.
-     *
+     * 
      * @param notifierThread Thread
      */
     public void removeNotifierThread(Thread notifierThread);
 
     /**
      * Notifies all registered listeners about request.
-     *
+     * 
      * @param r request
      */
     public void addToNotify(IRequest r);
 
     /**
      * Sets publishing queue parameters.
-     *
+     * 
      * @param isPublishingQueueEnabled publishing queue switch
      * @param publishingQueuePriorityLevel publishing queue priority level
      * @param maxNumberOfPublishingThreads maximum number of publishing threads
      * @param publishingQueuePageSize publishing queue page size
      */
-    public void setPublishingQueue (boolean isPublishingQueueEnabled,
+    public void setPublishingQueue(boolean isPublishingQueueEnabled,
                                     int publishingQueuePriorityLevel,
                                     int maxNumberOfPublishingThreads,
                                     int publishingQueuePageSize,
diff --git a/pki/base/common/src/com/netscape/certsrv/request/IRequestQueue.java b/pki/base/common/src/com/netscape/certsrv/request/IRequestQueue.java
index 468336b4..943fd10a 100644
--- a/pki/base/common/src/com/netscape/certsrv/request/IRequestQueue.java
+++ b/pki/base/common/src/com/netscape/certsrv/request/IRequestQueue.java
@@ -22,242 +22,222 @@ import java.math.BigInteger;
 import com.netscape.certsrv.base.EBaseException;
 import com.netscape.certsrv.dbs.repository.IRepository;
 
-
 /**
- * The IRequestQueue interface defines the operations on
- * a collection of requests within the certificate server.
- * There are may several collections, such as KRA, RA and CA
- * requests.  Each of these request collection has a defined
- * set of policies, a notification service (for request
- * completion) and a service routine.  The request queue
- * provides an interface for creating and viewing requests,
- * as well as performing operations on them.
+ * The IRequestQueue interface defines the operations on a collection of
+ * requests within the certificate server. There are may several collections,
+ * such as KRA, RA and CA requests. Each of these request collection has a
+ * defined set of policies, a notification service (for request completion) and
+ * a service routine. The request queue provides an interface for creating and
+ * viewing requests, as well as performing operations on them.
  * <p>
+ * 
  * @version $Revision$ $Date$
  */
 public interface IRequestQueue {
 
     /**
-     * Creates a new request object.  A request id is
-     * assigned to it - see IRequest.getRequestId, and
-     * the status is set to RequestStatus.BEGIN
+     * Creates a new request object. A request id is assigned to it - see
+     * IRequest.getRequestId, and the status is set to RequestStatus.BEGIN
      * <p>
-     * The request is LOCKED.  The caller MUST release the
-     * request object by calling releaseRequest().
+     * The request is LOCKED. The caller MUST release the request object by
+     * calling releaseRequest().
      * <p>
-     * TODO: provide other required values (such as type
-     *  and sourceId)
-     *
+     * TODO: provide other required values (such as type and sourceId)
+     * 
      * @param requestType request type
      * @return new request
      * @exception EBaseException failed to create new request
      */
     public IRequest newRequest(String requestType)
-        throws EBaseException;
+            throws EBaseException;
 
     /**
-     * Clones a request object. A new request id is assigned 
-     * and all attributes of the request is copied to cloned request, 
-     * except for the sourceID of the original request 
-     * (remote authority's request Id).
+     * Clones a request object. A new request id is assigned and all attributes
+     * of the request is copied to cloned request, except for the sourceID of
+     * the original request (remote authority's request Id).
      * <p>
-     * The cloned request that is returned is LOCKED. The caller MUST 
-     * release the request object by calling releaseRequest().
-     *
+     * The cloned request that is returned is LOCKED. The caller MUST release
+     * the request object by calling releaseRequest().
+     * 
      * @param r request to be cloned
      * @return cloned request
      * @exception EBaseException failed to clone request
      */
-    public IRequest cloneRequest(IRequest r) 
-        throws EBaseException;
+    public IRequest cloneRequest(IRequest r)
+            throws EBaseException;
 
     /**
-     * Gets the Request corresponding to id.
-     * Returns null if the id does not correspond
-     * to a valid request id.
+     * Gets the Request corresponding to id. Returns null if the id does not
+     * correspond to a valid request id.
      * <p>
      * Errors may be generated for other conditions.
-     *
+     * 
      * @param id request id
      * @return found request
      * @exception EBaseException failed to access request queue
      */
     public IRequest findRequest(RequestId id)
-        throws EBaseException;
+            throws EBaseException;
 
     /**
-     * Begins processing for this request.  This call
-     * is valid only on requests with status BEGIN
-     * An error is generated for other cases.
-     *
+     * Begins processing for this request. This call is valid only on requests
+     * with status BEGIN An error is generated for other cases.
+     * 
      * @param req request to be processed
      * @exception EBaseException failed to process request
      */
     public void processRequest(IRequest req)
-        throws EBaseException;
+            throws EBaseException;
 
     /**
      * Sets request scheduler.
-     *
+     * 
      * @param scheduler request scheduler
      */
     public void setRequestScheduler(IRequestScheduler scheduler);
 
     /**
      * Gets request scheduler.
-     *
+     * 
      * @return request scheduler
      */
     public IRequestScheduler getRequestScheduler();
 
     /**
-     * Puts a new request into the PENDING state.  This call is
-     * only valid for requests with status BEGIN.  An error is
-     * generated for other cases.
+     * Puts a new request into the PENDING state. This call is only valid for
+     * requests with status BEGIN. An error is generated for other cases.
      * <p>
-     * This call might be used by agent servlets that want to
-     * copy a previous request, and resubmit it.  By putting it
-     * into PENDING state, the normal agent screens can be used
-     * for further processing.
-     *
-     * @param req
-     *    the request to mark PENDING
+     * This call might be used by agent servlets that want to copy a previous
+     * request, and resubmit it. By putting it into PENDING state, the normal
+     * agent screens can be used for further processing.
+     * 
+     * @param req the request to mark PENDING
      * @exception EBaseException failed to mark request as pending
      */
     public void markRequestPending(IRequest req)
-        throws EBaseException;
+            throws EBaseException;
 
     /**
-     * Clones a request object and mark it pending. A new request id is assigned 
-     * and all attributes of the request is copied to cloned request, 
-     * except for the sourceID of the original request 
-     * (remote authority's request Id).
+     * Clones a request object and mark it pending. A new request id is assigned
+     * and all attributes of the request is copied to cloned request, except for
+     * the sourceID of the original request (remote authority's request Id).
      * <p>
-     * The cloned request that is returned is LOCKED. The caller MUST 
-     * release the request object by calling releaseRequest().
-     *
+     * The cloned request that is returned is LOCKED. The caller MUST release
+     * the request object by calling releaseRequest().
+     * 
      * @param r request to be cloned
      * @return cloned request mark PENDING
      * @exception EBaseException failed to clone or mark request
      */
-    public IRequest cloneAndMarkPending(IRequest r) 
-        throws EBaseException;
+    public IRequest cloneAndMarkPending(IRequest r)
+            throws EBaseException;
 
     /**
-     * Approves a request.  The request must be locked.
+     * Approves a request. The request must be locked.
      * <p>
-     * This call will fail if:
-     *   the request is not in PENDING state
-     *   the policy modules do not accept the request
+     * This call will fail if: the request is not in PENDING state the policy
+     * modules do not accept the request
      * <p>
-     * If the policy modules reject the request, then the request
-     * will remain in the PENDING state.  Messages from the policy
-     * module can be display to the agent to indicate the source
-     * of the problem.
+     * If the policy modules reject the request, then the request will remain in
+     * the PENDING state. Messages from the policy module can be display to the
+     * agent to indicate the source of the problem.
      * <p>
-     * The request processing code adds an AgentApproval to this
-     * request that contains the authentication id of the agent.  This
-     * data is retrieved from the Session object (qv).
-     *
-     * @param request
-     *    the request that is being approved
+     * The request processing code adds an AgentApproval to this request that
+     * contains the authentication id of the agent. This data is retrieved from
+     * the Session object (qv).
+     * 
+     * @param request the request that is being approved
      * @exception EBaseException failed to approve request
      */
     public void approveRequest(IRequest request)
-        throws EBaseException;
+            throws EBaseException;
 
     /**
-     * Rejects a request.  The request must be locked.
+     * Rejects a request. The request must be locked.
      * <p>
-     * This call will fail if:
-     *   the request is not in PENDING state
+     * This call will fail if: the request is not in PENDING state
      * <p>
-     * The agent servlet (or other application) may wish to store
-     * AgentMessage values to indicate the reason for the action
-     *
-     * @param request
-     *    the request that is being rejected
+     * The agent servlet (or other application) may wish to store AgentMessage
+     * values to indicate the reason for the action
+     * 
+     * @param request the request that is being rejected
      * @exception EBaseException failed to reject request
      */
     public void rejectRequest(IRequest request)
-        throws EBaseException;
+            throws EBaseException;
 
     /**
-     * Cancels a request.  The request must be locked.
+     * Cancels a request. The request must be locked.
      * <p>
-     * This call will fail if:
-     *   the request is not in PENDING state
+     * This call will fail if: the request is not in PENDING state
      * <p>
-     * The agent servlet (or other application) may wish to store
-     * AgentMessage values to indicate the reason for the action
-     *
-     * @param request
-     *    the request that is being canceled
+     * The agent servlet (or other application) may wish to store AgentMessage
+     * values to indicate the reason for the action
+     * 
+     * @param request the request that is being canceled
      * @exception EBaseException failed to cancel request
      */
     public void cancelRequest(IRequest request)
-        throws EBaseException;
+            throws EBaseException;
 
     /**
      * Updates the request in the permanent data store.
      * <p>
-     * This call can be made after changing a value like source
-     * id or owner, to force the new value to be written.
+     * This call can be made after changing a value like source id or owner, to
+     * force the new value to be written.
      * <p>
      * The request must be locked to make this call.
-	 *
-     * @param request
-     *    the request that is being updated
+     * 
+     * @param request the request that is being updated
      * @exception EBaseException failed to update request
      */
     public void updateRequest(IRequest request)
-        throws EBaseException;
+            throws EBaseException;
 
     /**
-     * Returns an enumerator that lists all RequestIds in the
-     * queue.  The caller should use the RequestIds to locate
-     * each request by calling findRequest().
+     * Returns an enumerator that lists all RequestIds in the queue. The caller
+     * should use the RequestIds to locate each request by calling
+     * findRequest().
      * <p>
-     * NOTE: This interface will not be useful for large databases.
-     * This needs to be replace by a VLV (paged) search object.
-     *
+     * NOTE: This interface will not be useful for large databases. This needs
+     * to be replace by a VLV (paged) search object.
+     * 
      * @return request list
      */
     public IRequestList listRequests();
 
     /**
-     * Returns an enumerator that lists all RequestIds for requests
-     * that are in the given status.  For example, all the PENDING
-     * requests could be listed by specifying RequestStatus.PENDING
-     * as the <i>status</i> argument
+     * Returns an enumerator that lists all RequestIds for requests that are in
+     * the given status. For example, all the PENDING requests could be listed
+     * by specifying RequestStatus.PENDING as the <i>status</i> argument
      * <p>
-     * NOTE: This interface will not be useful for large databases.
-     * This needs to be replace by a VLV (paged) search object.
-     *
+     * NOTE: This interface will not be useful for large databases. This needs
+     * to be replace by a VLV (paged) search object.
+     * 
      * @param status request status
      * @return request list
      */
     public IRequestList listRequestsByStatus(RequestStatus status);
 
     /**
-     * Returns an enumerator that lists all RequestIds for requests
-     * that match the filter.
+     * Returns an enumerator that lists all RequestIds for requests that match
+     * the filter.
      * <p>
-     * NOTE: This interface will not be useful for large databases.
-     * This needs to be replace by a VLV (paged) search object.
-     *
+     * NOTE: This interface will not be useful for large databases. This needs
+     * to be replace by a VLV (paged) search object.
+     * 
      * @param filter search filter
      * @return request list
      */
     public IRequestList listRequestsByFilter(String filter);
 
     /**
-     * Returns an enumerator that lists all RequestIds for requests
-     * that match the filter.
+     * Returns an enumerator that lists all RequestIds for requests that match
+     * the filter.
      * <p>
-     * NOTE: This interface will not be useful for large databases.
-     * This needs to be replace by a VLV (paged) search object.
-     *
+     * NOTE: This interface will not be useful for large databases. This needs
+     * to be replace by a VLV (paged) search object.
+     * 
      * @param filter search filter
      * @param maxSize max size to return
      * @return request list
@@ -265,12 +245,12 @@ public interface IRequestQueue {
     public IRequestList listRequestsByFilter(String filter, int maxSize);
 
     /**
-     * Returns an enumerator that lists all RequestIds for requests
-     * that match the filter.
+     * Returns an enumerator that lists all RequestIds for requests that match
+     * the filter.
      * <p>
-     * NOTE: This interface will not be useful for large databases.
-     * This needs to be replace by a VLV (paged) search object.
-     *
+     * NOTE: This interface will not be useful for large databases. This needs
+     * to be replace by a VLV (paged) search object.
+     * 
      * @param filter search filter
      * @param maxSize max size to return
      * @param timeLimit timeout value for the search
@@ -281,31 +261,30 @@ public interface IRequestQueue {
     /**
      * Gets requests that are pending on handling by the service
      * <p>
+     * 
      * @return list of pending requests
      */
     // public IRequestList listServicePendingRequests();
 
     /**
      * Locates a request from the SourceId.
-     *
-     * @param id
-     *    a unique identifier for the record that is based on the source
-     *    of the request, and possibly an identify assigned by the source.
-     * @return
-     *    The requestid corresponding to this source id.  null is
-     *    returned if the source id does not exist.
+     * 
+     * @param id a unique identifier for the record that is based on the source
+     *            of the request, and possibly an identify assigned by the
+     *            source.
+     * @return The requestid corresponding to this source id. null is returned
+     *         if the source id does not exist.
      */
     public RequestId findRequestBySourceId(String id);
 
     /**
      * Locates all requests with a particular SourceId.
      * <p>
-     * @param id
-     *    an identifier for the record that is based on the source
-     *    of the request
-     * @return
-     *    A list of requests corresponding to this source id.  null is
-     *    returned if the source id does not exist.
+     * 
+     * @param id an identifier for the record that is based on the source of the
+     *            request
+     * @return A list of requests corresponding to this source id. null is
+     *         returned if the source id does not exist.
      */
     public IRequestList findRequestsBySourceId(String id);
 
@@ -313,26 +292,27 @@ public interface IRequestQueue {
      * Releases the LOCK on a request obtained from findRequest() or
      * newRequest()
      * <p>
+     * 
      * @param r request
      */
     public void releaseRequest(IRequest r);
 
     /**
-     * Marks as serviced after destination authority has serviced request.
-     * Used by connector.
-     *
+     * Marks as serviced after destination authority has serviced request. Used
+     * by connector.
+     * 
      * @param r request
      */
     public void markAsServiced(IRequest r);
 
     /**
-     * Resends requests 
+     * Resends requests
      */
     public void recover();
 
     /**
      * Gets a pageable list of IRequest entries in this queue.
-     *
+     * 
      * @param pageSize page size
      * @return request list
      */
@@ -340,18 +320,19 @@ public interface IRequestQueue {
 
     /**
      * Gets a pageable list of IRequest entries in this queue.
-     *
+     * 
      * @param filter search filter
      * @param pageSize page size
      * @param sortKey the attributes to sort by
      * @return request list
      */
     public IRequestVirtualList getPagedRequestsByFilter(String filter,
-	                                                    int pageSize,
-														String sortKey);
+                                                        int pageSize,
+                                                        String sortKey);
+
     /**
      * Gets a pageable list of IRequest entries in this queue.
-     *
+     * 
      * @param fromId request id to start with
      * @param filter search filter
      * @param pageSize page size
@@ -359,14 +340,14 @@ public interface IRequestQueue {
      * @return request list
      */
     public IRequestVirtualList getPagedRequestsByFilter(RequestId fromId,
-	                                                    String filter,
-														int pageSize, 
+                                                        String filter,
+                                                        int pageSize,
                                                         String sortKey);
 
     /**
-     * Gets a pageable list of IRequest entries in this queue. This
-     * jumps right to the end of the list
-     *
+     * Gets a pageable list of IRequest entries in this queue. This jumps right
+     * to the end of the list
+     * 
      * @param fromId request id to start with
      * @param jumpToEnd jump to end of list (set fromId to null)
      * @param filter search filter
@@ -375,26 +356,24 @@ public interface IRequestQueue {
      * @return request list
      */
     public IRequestVirtualList getPagedRequestsByFilter(RequestId fromId,
-	                               boolean jumpToEnd, String filter,
-	                               int pageSize,
+                                   boolean jumpToEnd, String filter,
+                                   int pageSize,
                                    String sortKey);
 
-
     /**
      * Retrieves the notifier for pending request.
-     *
+     * 
      * @return notifier for pending request
      */
     public INotify getPendingNotify();
 
-
-    public BigInteger getLastRequestIdInRange(BigInteger  reqId_low_bound, BigInteger reqId_upper_bound);
+    public BigInteger getLastRequestIdInRange(BigInteger reqId_low_bound, BigInteger reqId_upper_bound);
 
     /**
      * Resets serial number.
      */
     public void resetSerialNumber(BigInteger serial) throws EBaseException;
-                                                                                
+
     /**
      * Removes all objects with this repository.
      */
@@ -402,7 +381,7 @@ public interface IRequestQueue {
 
     /**
      * Gets request repository.
-     *
+     * 
      * @return request repository
      */
     public IRepository getRequestRepository();
diff --git a/pki/base/common/src/com/netscape/certsrv/request/IRequestRecord.java b/pki/base/common/src/com/netscape/certsrv/request/IRequestRecord.java
index 53a3e37b..d4e11a4f 100644
--- a/pki/base/common/src/com/netscape/certsrv/request/IRequestRecord.java
+++ b/pki/base/common/src/com/netscape/certsrv/request/IRequestRecord.java
@@ -17,22 +17,21 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.request;
 
-
 import java.util.Enumeration;
 
 import com.netscape.certsrv.base.EBaseException;
 import com.netscape.certsrv.dbs.IDBObj;
 
-
 /**
- * A request record is the stored version of a request.
- * It has a set of attributes that are mapped into LDAP
- * attributes for actual directory operations.
+ * A request record is the stored version of a request. It has a set of
+ * attributes that are mapped into LDAP attributes for actual directory
+ * operations.
  * <p>
+ * 
  * @version $Revision$ $Date$
  */
 public interface IRequestRecord
-    extends IDBObj {
+        extends IDBObj {
     //
     // The names of the attributes stored in this record
     //
@@ -57,28 +56,28 @@ public interface IRequestRecord
 
     public final static String ATTR_REQUEST_TYPE = "requestType";
 
-    // Placeholder for ExtAttr data.  this attribute is not in LDAP, but
+    // Placeholder for ExtAttr data. this attribute is not in LDAP, but
     // is used to trigger the ExtAttrDynMapper during conversion between LDAP
     // and the RequestRecord.
     public final static String ATTR_EXT_DATA = "requestExtData";
 
     /**
      * Gets the request id.
-     *
+     * 
      * @return request id
      */
     public RequestId getRequestId();
 
     /**
      * Gets attribute names of the request.
-     *
+     * 
      * @return list of attribute names
      */
     public Enumeration<String> getAttrNames();
 
     /**
      * Gets the request attribute value by the name.
-     *
+     * 
      * @param name attribute name
      * @return attribute value
      */
@@ -86,7 +85,7 @@ public interface IRequestRecord
 
     /**
      * Sets new attribute for the request.
-     *
+     * 
      * @param name attribute name
      * @param o attribute value
      */
@@ -94,20 +93,20 @@ public interface IRequestRecord
 
     /**
      * Removes attribute from the request.
-     *
+     * 
      * @param name attribute name
      */
     public void delete(String name)
-        throws EBaseException;
+            throws EBaseException;
 
     /**
      * Gets attribute list of the request.
-     *
+     * 
      * @return attribute list
      */
     public Enumeration<String> getElements();
 
     // IDBObj.getSerializableAttrNames
-    //public Enumeration getSerializableAttrNames();
+    // public Enumeration getSerializableAttrNames();
 
 }
diff --git a/pki/base/common/src/com/netscape/certsrv/request/IRequestScheduler.java b/pki/base/common/src/com/netscape/certsrv/request/IRequestScheduler.java
index 198092fc..2d1cb89d 100644
--- a/pki/base/common/src/com/netscape/certsrv/request/IRequestScheduler.java
+++ b/pki/base/common/src/com/netscape/certsrv/request/IRequestScheduler.java
@@ -17,16 +17,12 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.request;
 
-
 //import java.io.Serializable;
 
-
-
 /**
- * This is an interface to a request scheduler that prioritizes
- * the threads based on the request processing order.
- * The request that enters the request queue first should
- * be processed first.
+ * This is an interface to a request scheduler that prioritizes the threads
+ * based on the request processing order. The request that enters the request
+ * queue first should be processed first.
  * 
  * @version $Revision$ $Date$
  */
@@ -34,14 +30,14 @@ public interface IRequestScheduler {
 
     /**
      * Request entered the request queue processing.
-     *
+     * 
      * @param r request
      */
     public void requestIn(IRequest r);
 
     /**
      * Request exited the request queue processing.
-     *
+     * 
      * @param r request
      */
     public void requestOut(IRequest r);
diff --git a/pki/base/common/src/com/netscape/certsrv/request/IRequestSubsystem.java b/pki/base/common/src/com/netscape/certsrv/request/IRequestSubsystem.java
index c32c6698..f7d0d80d 100644
--- a/pki/base/common/src/com/netscape/certsrv/request/IRequestSubsystem.java
+++ b/pki/base/common/src/com/netscape/certsrv/request/IRequestSubsystem.java
@@ -17,89 +17,78 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.request;
 
-
 import com.netscape.certsrv.base.EBaseException;
 
-
 /**
- * This interface defines storage of request objects
- * in the local database.
+ * This interface defines storage of request objects in the local database.
  * <p>
+ * 
  * @version $Revision$, $Date$
  */
 public interface IRequestSubsystem {
     public static final String SUB_ID = "request";
 
     /**
-     * Creates a new request queue.
-	 * (Currently unimplemented.  Just use getRequestQueue to create
-	 * an in-memory queue.)
+     * Creates a new request queue. (Currently unimplemented. Just use
+     * getRequestQueue to create an in-memory queue.)
      * <p>
-     * @param name The name of the queue object. This name can be used
-     *    in getRequestQueue to retrieve the queue later.
+     * 
+     * @param name The name of the queue object. This name can be used in
+     *            getRequestQueue to retrieve the queue later.
      * @exception EBaseException failed to create request queue
      */
     public void createRequestQueue(String name)
-        throws EBaseException;
+            throws EBaseException;
 
     /**
-     * Retrieves a request queue.  This operation should only be done
-     * once on each queue.  For example, the RA subsystem should retrieve
-     * its queue, and store it somewhere for use by related services, and
-     * servlets.
+     * Retrieves a request queue. This operation should only be done once on
+     * each queue. For example, the RA subsystem should retrieve its queue, and
+     * store it somewhere for use by related services, and servlets.
      * <p>
-     * WARNING: retrieving the same queue twice with result in multi-thread
-     * race conditions.
+     * WARNING: retrieving the same queue twice with result in multi-thread race
+     * conditions.
      * <p>
-     * @param name
-     *    the name of the request queue.  (Ex: "ca" "ra")
-     * @param p
-     *    A policy enforcement module.  This object is called to make
-     *    adjustments to the request, and decide whether it needs agent
-     *    approval.
-     * @param s
-     *    The service object.  This object actually performs the request
-     *    after it is finalized and approved.
-     * @param n
-     *    A notifier object (optional).  The notify() method of this object
-     *    is invoked when the request is completed (COMPLETE, REJECTED or
-     *    CANCELED states).
+     * 
+     * @param name the name of the request queue. (Ex: "ca" "ra")
+     * @param p A policy enforcement module. This object is called to make
+     *            adjustments to the request, and decide whether it needs agent
+     *            approval.
+     * @param s The service object. This object actually performs the request
+     *            after it is finalized and approved.
+     * @param n A notifier object (optional). The notify() method of this object
+     *            is invoked when the request is completed (COMPLETE, REJECTED
+     *            or CANCELED states).
      * @exception EBaseException failed to retrieve request queue
      */
     public IRequestQueue
-    getRequestQueue(String name, int increment, IPolicy p, IService s, INotify n)
-        throws EBaseException;
+            getRequestQueue(String name, int increment, IPolicy p, IService s, INotify n)
+                    throws EBaseException;
 
     /**
-     * Retrieves a request queue.  This operation should only be done
-     * once on each queue.  For example, the RA subsystem should retrieve
-     * its queue, and store it somewhere for use by related services, and
-     * servlets.
+     * Retrieves a request queue. This operation should only be done once on
+     * each queue. For example, the RA subsystem should retrieve its queue, and
+     * store it somewhere for use by related services, and servlets.
      * <p>
-     * WARNING: retrieving the same queue twice with result in multi-thread
-     * race conditions.
+     * WARNING: retrieving the same queue twice with result in multi-thread race
+     * conditions.
      * <p>
-     * @param name
-     *    the name of the request queue.  (Ex: "ca" "ra")
-     * @param p
-     *    A policy enforcement module.  This object is called to make
-     *    adjustments to the request, and decide whether it needs agent
-     *    approval.
-     * @param s
-     *    The service object.  This object actually performs the request
-     *    after it is finalized and approved.
-     * @param n
-     *    A notifier object (optional).  The notify() method of this object
-     *    is invoked when the request is completed (COMPLETE, REJECTED or
-     *    CANCELED states).
-     * @param pendingNotifier
-     *    A notifier object (optional).  Like the 'n' argument, except the
-     *    notification happens if the request is made PENDING.  May be the
-     *    same as the 'n' argument if desired.
+     * 
+     * @param name the name of the request queue. (Ex: "ca" "ra")
+     * @param p A policy enforcement module. This object is called to make
+     *            adjustments to the request, and decide whether it needs agent
+     *            approval.
+     * @param s The service object. This object actually performs the request
+     *            after it is finalized and approved.
+     * @param n A notifier object (optional). The notify() method of this object
+     *            is invoked when the request is completed (COMPLETE, REJECTED
+     *            or CANCELED states).
+     * @param pendingNotifier A notifier object (optional). Like the 'n'
+     *            argument, except the notification happens if the request is
+     *            made PENDING. May be the same as the 'n' argument if desired.
      * @exception EBaseException failed to retrieve request queue
      */
     public IRequestQueue
-    getRequestQueue(String name, int increment, IPolicy p, IService s, INotify n,
-        INotify pendingNotifier)
-        throws EBaseException;
+            getRequestQueue(String name, int increment, IPolicy p, IService s, INotify n,
+                    INotify pendingNotifier)
+                    throws EBaseException;
 }
diff --git a/pki/base/common/src/com/netscape/certsrv/request/IRequestVirtualList.java b/pki/base/common/src/com/netscape/certsrv/request/IRequestVirtualList.java
index 4d877a77..faf8e07e 100644
--- a/pki/base/common/src/com/netscape/certsrv/request/IRequestVirtualList.java
+++ b/pki/base/common/src/com/netscape/certsrv/request/IRequestVirtualList.java
@@ -17,25 +17,25 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.request;
 
-
 /**
  * This interface defines access to request virtual list.
  * <p>
+ * 
  * @version $Revision$, $Date$
  */
 public interface IRequestVirtualList {
 
     /**
-     * Gets the total size of the result set.  Elements of the
-     * list are numbered from 0..(size-1)
-	 *
+     * Gets the total size of the result set. Elements of the list are numbered
+     * from 0..(size-1)
+     * 
      * @return size of the result set
      */
     int getSize();
 
     /**
      * Gets the element at the specified index
-	 *
+     * 
      * @param index index of the element
      * @return specified request
      */
@@ -43,7 +43,7 @@ public interface IRequestVirtualList {
 
     /**
      * Gets the current index
-	 *
+     * 
      * @return current index
      */
     int getCurrentIndex();
diff --git a/pki/base/common/src/com/netscape/certsrv/request/IService.java b/pki/base/common/src/com/netscape/certsrv/request/IService.java
index aeaf757a..20e87f12 100644
--- a/pki/base/common/src/com/netscape/certsrv/request/IService.java
+++ b/pki/base/common/src/com/netscape/certsrv/request/IService.java
@@ -17,32 +17,29 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.request;
 
-
 import com.netscape.certsrv.base.EBaseException;
 
-
 /**
- * This interface defines how requests are serviced.
- * This covers certificate generation, revocation, renewals,
- * revocation checking, and much more.
+ * This interface defines how requests are serviced. This covers certificate
+ * generation, revocation, renewals, revocation checking, and much more.
  * <p>
+ * 
  * @version $Revision$, $Date$
  */
 public interface IService {
 
     /**
-     * Performs the service (such as certificate generation)
-     * represented by this request.
+     * Performs the service (such as certificate generation) represented by this
+     * request.
      * <p>
-     * @param request
-     *    The request that needs service.  The service may use
-     *    attributes stored in the request, and may update the
-     *    values, or store new ones.
-     * @return
-     *    an indication of whether this request is still pending.
-     *    'false' means the request will wait for further notification.
+     * 
+     * @param request The request that needs service. The service may use
+     *            attributes stored in the request, and may update the values,
+     *            or store new ones.
+     * @return an indication of whether this request is still pending. 'false'
+     *         means the request will wait for further notification.
      * @exception EBaseException indicates major processing failure.
      */
     boolean serviceRequest(IRequest request)
-        throws EBaseException;
+            throws EBaseException;
 }
diff --git a/pki/base/common/src/com/netscape/certsrv/request/PolicyMessage.java b/pki/base/common/src/com/netscape/certsrv/request/PolicyMessage.java
index 13cec161..dc0c6cbb 100644
--- a/pki/base/common/src/com/netscape/certsrv/request/PolicyMessage.java
+++ b/pki/base/common/src/com/netscape/certsrv/request/PolicyMessage.java
@@ -17,18 +17,17 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.request;
 
-
 import com.netscape.certsrv.base.EBaseException;
 
-
 /**
- * A (localizable) message recorded by a policy module that describes
- * the reason for rejecting a request.
+ * A (localizable) message recorded by a policy module that describes the reason
+ * for rejecting a request.
  * <p>
+ * 
  * @version $Revision$, $Date$
  */
 public class PolicyMessage
-    extends EBaseException {
+        extends EBaseException {
 
     /**
      *
@@ -38,6 +37,7 @@ public class PolicyMessage
     /**
      * Class constructor that registers policy message.
      * <p>
+     * 
      * @param message message string
      */
     public PolicyMessage(String message) {
diff --git a/pki/base/common/src/com/netscape/certsrv/request/PolicyResult.java b/pki/base/common/src/com/netscape/certsrv/request/PolicyResult.java
index 2750e3d8..c7cad94f 100644
--- a/pki/base/common/src/com/netscape/certsrv/request/PolicyResult.java
+++ b/pki/base/common/src/com/netscape/certsrv/request/PolicyResult.java
@@ -17,10 +17,9 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.request;
 
-
 /**
  * This class defines results for policy actions.
- *
+ * 
  * @version $Revision$, $Date$
  */
 public final class PolicyResult {
diff --git a/pki/base/common/src/com/netscape/certsrv/request/RequestId.java b/pki/base/common/src/com/netscape/certsrv/request/RequestId.java
index 01bd65d3..f8a4133d 100644
--- a/pki/base/common/src/com/netscape/certsrv/request/RequestId.java
+++ b/pki/base/common/src/com/netscape/certsrv/request/RequestId.java
@@ -17,32 +17,34 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.request;
 
-
 /**
- * The RequestId class represents the identifier for a particular
- * request within a request queue.  This identifier may be used to
- * retrieve the request object itself from the request queue.
+ * The RequestId class represents the identifier for a particular request within
+ * a request queue. This identifier may be used to retrieve the request object
+ * itself from the request queue.
  * <p>
+ * 
  * @version $Revision$ $Date$
  */
 public final class RequestId {
 
     /**
-     * Creates a new RequestId from its string representation. 
+     * Creates a new RequestId from its string representation.
      * <p>
-     * @param   id
-     *    a string containing the decimal (base 10) value for the identifier.
+     * 
+     * @param id a string containing the decimal (base 10) value for the
+     *            identifier.
      */
     public RequestId(String id) {
         mString = id;
     }
 
     /**
-     * Converts the RequestId into its string representation.  The string
-     * form can be stored in a database (such as the LDAP directory)
+     * Converts the RequestId into its string representation. The string form
+     * can be stored in a database (such as the LDAP directory)
      * <p>
-     * @return
-     *    a string containing the decimal (base 10) value for the identifier.
+     * 
+     * @return a string containing the decimal (base 10) value for the
+     *         identifier.
      */
     public String toString() {
         return mString;
@@ -51,6 +53,7 @@ public final class RequestId {
     /**
      * Implements Object.hashCode.
      * <p>
+     * 
      * @return hash code of the object
      */
     public int hashCode() {
@@ -60,7 +63,8 @@ public final class RequestId {
     /**
      * Implements Object.equals.
      * <p>
-     * @param  obj object to compare
+     * 
+     * @param obj object to compare
      * @return true if objects are equal
      */
     public boolean equals(Object obj) {
diff --git a/pki/base/common/src/com/netscape/certsrv/request/RequestStatus.java b/pki/base/common/src/com/netscape/certsrv/request/RequestStatus.java
index ad3b91e7..059e2b0d 100644
--- a/pki/base/common/src/com/netscape/certsrv/request/RequestStatus.java
+++ b/pki/base/common/src/com/netscape/certsrv/request/RequestStatus.java
@@ -17,21 +17,19 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.request;
 
-
 /**
- * The RequestStatus class represents the current state of a request
- * in a request queue.  The state of the request changes as actions
- * are performed on it.
- *
- * The request is created in the BEGIN state, then general progresses
- * through the PENDING, APPROVED, SVC_PENDING, and COMPLETE states.
- * Some requests may bypass the PENDING state if no agent action is
- * required.
- *
- * Requests may be CANCELED (not implemented) or REJECTED.  These are
- * error conditions, and usually result because the request was invalid
- * or was not approved by an agent.
- *
+ * The RequestStatus class represents the current state of a request in a
+ * request queue. The state of the request changes as actions are performed on
+ * it.
+ * 
+ * The request is created in the BEGIN state, then general progresses through
+ * the PENDING, APPROVED, SVC_PENDING, and COMPLETE states. Some requests may
+ * bypass the PENDING state if no agent action is required.
+ * 
+ * Requests may be CANCELED (not implemented) or REJECTED. These are error
+ * conditions, and usually result because the request was invalid or was not
+ * approved by an agent.
+ * 
  * @version $Revision$ $Date$
  */
 public final class RequestStatus {
@@ -44,22 +42,22 @@ public final class RequestStatus {
     public static String COMPLETE_STRING = "complete";
 
     /**
-     * The initial state of a request. Requests in this state have not
-     * been review by policy.
-     *
-     * While in this state the source of the request (usually the servlet,
-     * but it could be some other protocol module, such as email)
-     * should populate the request with data need to service it.
+     * The initial state of a request. Requests in this state have not been
+     * review by policy.
+     * 
+     * While in this state the source of the request (usually the servlet, but
+     * it could be some other protocol module, such as email) should populate
+     * the request with data need to service it.
      */
     public static RequestStatus BEGIN = new RequestStatus(BEGIN_STRING);
 
     /**
-     * The state of a request that is waiting for action by an agent.
-     * When the agent approves or rejects the request, process will
-     * continue as appropriate.
-     *
-     * In this state there may be PolicyMessages present that indicate
-     * the reason for the pending status.
+     * The state of a request that is waiting for action by an agent. When the
+     * agent approves or rejects the request, process will continue as
+     * appropriate.
+     * 
+     * In this state there may be PolicyMessages present that indicate the
+     * reason for the pending status.
      */
     public static RequestStatus PENDING = new RequestStatus(PENDING_STRING);
 
@@ -67,80 +65,84 @@ public final class RequestStatus {
      * The state of a request that has been approved by an agent, or
      * automatically by the policy engine, but have not been successfully
      * transmitted to the service module.
-     *
-     * These requests are resent to the service during the recovery
-     * process that runs at server startup.
+     * 
+     * These requests are resent to the service during the recovery process that
+     * runs at server startup.
      */
     public static RequestStatus APPROVED = new RequestStatus(APPROVED_STRING);
 
     /**
-     * The state of a request that has been sent to the service, but
-     * has not been fully processed.  The service will invoke the
-     * serviceComplete() method to cause processing to continue.
+     * The state of a request that has been sent to the service, but has not
+     * been fully processed. The service will invoke the serviceComplete()
+     * method to cause processing to continue.
      */
     public static RequestStatus SVC_PENDING =
-        new RequestStatus(SVC_PENDING_STRING);
+            new RequestStatus(SVC_PENDING_STRING);
 
     /**
-     * Not implemented.  This is intended to be a final state that is
-     * reached when a request is removed from the processing queue without
-     * normal notification occurring.  (see REJECTED)
+     * Not implemented. This is intended to be a final state that is reached
+     * when a request is removed from the processing queue without normal
+     * notification occurring. (see REJECTED)
      */
     public static RequestStatus CANCELED = new RequestStatus(CANCELED_STRING);
 
     /**
-     * The state of a request after it is rejected.  When a request is
-     * rejected, the notifier is called prior to making the finl status
-     * change.
-     *
-     * Rejected requests may have PolicyMessages indicating the reason for
-     * the rejection, or AgentMessages, which allow the agent to give
-     * reasons for the action.
+     * The state of a request after it is rejected. When a request is rejected,
+     * the notifier is called prior to making the finl status change.
+     * 
+     * Rejected requests may have PolicyMessages indicating the reason for the
+     * rejection, or AgentMessages, which allow the agent to give reasons for
+     * the action.
      */
     public static RequestStatus REJECTED = new RequestStatus(REJECTED_STRING);
 
     /**
-     * The normal final state of a request.  The completion status attribute
-     * gives other information about the request.  The request is not
-     * necessarily successful, but may indicated that service processing
-     * did not succeed.
+     * The normal final state of a request. The completion status attribute
+     * gives other information about the request. The request is not necessarily
+     * successful, but may indicated that service processing did not succeed.
      */
     public static RequestStatus COMPLETE = new RequestStatus(COMPLETE_STRING);
 
     /**
-     * Converts a string name for a request status into the
-     * request status enum object.
+     * Converts a string name for a request status into the request status enum
+     * object.
      * <p>
-     * @param s
-     *    The string representation of the state.
-     * @return
-     *    request status
+     * 
+     * @param s The string representation of the state.
+     * @return request status
      */
     public static RequestStatus fromString(String s) {
-        if (s.equals(BEGIN_STRING)) return BEGIN;
-        if (s.equals(PENDING_STRING)) return PENDING;
-        if (s.equals(APPROVED_STRING)) return APPROVED;
-        if (s.equals(SVC_PENDING_STRING)) return SVC_PENDING;
-        if (s.equals(CANCELED_STRING)) return CANCELED;
-        if (s.equals(REJECTED_STRING)) return REJECTED;
-        if (s.equals(COMPLETE_STRING)) return COMPLETE;
+        if (s.equals(BEGIN_STRING))
+            return BEGIN;
+        if (s.equals(PENDING_STRING))
+            return PENDING;
+        if (s.equals(APPROVED_STRING))
+            return APPROVED;
+        if (s.equals(SVC_PENDING_STRING))
+            return SVC_PENDING;
+        if (s.equals(CANCELED_STRING))
+            return CANCELED;
+        if (s.equals(REJECTED_STRING))
+            return REJECTED;
+        if (s.equals(COMPLETE_STRING))
+            return COMPLETE;
 
         return null;
     }
 
     /**
-     * Returns the string form of the RequestStatus, which may be used
-     * to record the status in a database.
-	 *
+     * Returns the string form of the RequestStatus, which may be used to record
+     * the status in a database.
+     * 
      * @return request status
      */
     public String toString() {
         return mString;
     }
- 
+
     /**
      * Class constructor. Creates request status from the string.
-	 *
+     * 
      * @param string string describing request status
      */
     private RequestStatus(String string) {
@@ -151,21 +153,25 @@ public final class RequestStatus {
 
     /**
      * Compares request status with specified string.
-	 *
+     * 
      * @param string string describing request status
      */
     public boolean equals(String string) {
-        if (string.equals(mString)) return true;
-        else return false;
+        if (string.equals(mString))
+            return true;
+        else
+            return false;
     }
-  
+
     /**
      * Compares current request status with request status.
-	 *
+     * 
      * @param rs request status
      */
     public boolean equals(RequestStatus rs) {
-        if (mString.equals(rs.mString)) return true;
-        else return false;
+        if (mString.equals(rs.mString))
+            return true;
+        else
+            return false;
     }
 }
diff --git a/pki/base/common/src/com/netscape/certsrv/request/ldap/IRequestMod.java b/pki/base/common/src/com/netscape/certsrv/request/ldap/IRequestMod.java
index 1fc0657f..c1e153a8 100644
--- a/pki/base/common/src/com/netscape/certsrv/request/ldap/IRequestMod.java
+++ b/pki/base/common/src/com/netscape/certsrv/request/ldap/IRequestMod.java
@@ -25,31 +25,31 @@ import com.netscape.certsrv.request.RequestStatus;
 /**
  * This interface defines how to update request record.
  * <p>
+ * 
  * @version $Revision$, $Date$
  */
-public interface IRequestMod
-{
-	/**
+public interface IRequestMod {
+    /**
      * Modifies request status.
-	 *
+     * 
      * @param r request
      * @param s request status
      */
-	void modRequestStatus(IRequest r, RequestStatus s);
+    void modRequestStatus(IRequest r, RequestStatus s);
 
-	/**
+    /**
      * Modifies request creation time.
-	 *
+     * 
      * @param r request
      * @param d date
      */
-	void modCreationTime(IRequest r, Date d);
+    void modCreationTime(IRequest r, Date d);
 
-	/**
+    /**
      * Modifies request modification time.
-	 *
+     * 
      * @param r request
      * @param d date
      */
-	void modModificationTime(IRequest r, Date d);
+    void modModificationTime(IRequest r, Date d);
 }
diff --git a/pki/base/common/src/com/netscape/certsrv/security/Credential.java b/pki/base/common/src/com/netscape/certsrv/security/Credential.java
index 9aff49ad..ea6ca400 100644
--- a/pki/base/common/src/com/netscape/certsrv/security/Credential.java
+++ b/pki/base/common/src/com/netscape/certsrv/security/Credential.java
@@ -17,12 +17,10 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.security;
 
-
 /**
- * A class represents a credential. A credential contains
- * information that identifies a user. In this case,
- * identifier and password are used.
- *
+ * A class represents a credential. A credential contains information that
+ * identifies a user. In this case, identifier and password are used.
+ * 
  * @version $Revision$, $Date$
  */
 public class Credential implements java.io.Serializable {
@@ -36,7 +34,7 @@ public class Credential implements java.io.Serializable {
 
     /**
      * Constructs credential object.
-     *
+     * 
      * @param id user id
      * @param password user password
      */
@@ -44,10 +42,10 @@ public class Credential implements java.io.Serializable {
         mId = id;
         mPassword = password;
     }
-	
+
     /**
      * Retrieves identifier.
-     *
+     * 
      * @return user id
      */
     public String getIdentifier() {
@@ -56,7 +54,7 @@ public class Credential implements java.io.Serializable {
 
     /**
      * Retrieves password.
-     *
+     * 
      * @return user password
      */
     public String getPassword() {
diff --git a/pki/base/common/src/com/netscape/certsrv/security/ICryptoSubsystem.java b/pki/base/common/src/com/netscape/certsrv/security/ICryptoSubsystem.java
index ab910b37..09ac7342 100644
--- a/pki/base/common/src/com/netscape/certsrv/security/ICryptoSubsystem.java
+++ b/pki/base/common/src/com/netscape/certsrv/security/ICryptoSubsystem.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.security;
 
-
 import java.io.IOException;
 import java.security.KeyPair;
 import java.security.cert.CertificateException;
@@ -37,11 +36,10 @@ import com.netscape.certsrv.base.IConfigStore;
 import com.netscape.certsrv.base.ISubsystem;
 import com.netscape.certsrv.common.NameValuePairs;
 
-
 /**
- * This interface represents the cryptographics subsystem
- * that provides all the security related functions.
- *
+ * This interface represents the cryptographics subsystem that provides all the
+ * security related functions.
+ * 
  * @version $Revision$, $Date$
  */
 public interface ICryptoSubsystem extends ISubsystem {
@@ -49,9 +47,9 @@ public interface ICryptoSubsystem extends ISubsystem {
     public static final String ID = "jss";
 
     /**
-     * Retrieves a list of nicknames of certificates that are
-     * in the installed tokens.
-     *
+     * Retrieves a list of nicknames of certificates that are in the installed
+     * tokens.
+     * 
      * @return a list of comma-separated nicknames
      * @exception EBaseException failed to retrieve nicknames
      */
@@ -59,7 +57,7 @@ public interface ICryptoSubsystem extends ISubsystem {
 
     /**
      * Retrieves certificate in pretty-print format by the nickname.
-     *
+     * 
      * @param nickname nickname of certificate
      * @param date not after of the returned certificate must be date
      * @param locale user locale
@@ -67,50 +65,53 @@ public interface ICryptoSubsystem extends ISubsystem {
      * @exception EBaseException failed to retrieve certificate
      */
     public String getCertPrettyPrint(String nickname, String date,
-        Locale locale) throws EBaseException;
+            Locale locale) throws EBaseException;
+
     public String getRootCertTrustBit(String nickname, String serialno,
-      String issuerName) throws EBaseException;
-    public String getCertPrettyPrint(String nickname, String serialno, 
-      String issuername, Locale locale) throws EBaseException;
-    public String getCertPrettyPrintAndFingerPrint(String nickname, String serialno, 
-      String issuername, Locale locale) throws EBaseException;
+            String issuerName) throws EBaseException;
+
+    public String getCertPrettyPrint(String nickname, String serialno,
+            String issuername, Locale locale) throws EBaseException;
+
+    public String getCertPrettyPrintAndFingerPrint(String nickname, String serialno,
+            String issuername, Locale locale) throws EBaseException;
 
     /**
      * Retrieves the certificate in the pretty print format.
-     *
+     * 
      * @param b64E certificate in mime-64 encoded format
      * @param locale end user locale
      * @return certificate in pretty-print format
      * @exception EBaseException failed to retrieve certificate
      */
-    public String getCertPrettyPrint(String b64E, Locale locale) 
-        throws EBaseException;
+    public String getCertPrettyPrint(String b64E, Locale locale)
+            throws EBaseException;
 
     /**
      * Imports certificate into the server.
-     *
+     * 
      * @param b64E certificate in mime-64 encoded format
      * @param nickname nickname for the importing certificate
      * @param certType certificate type
      * @exception EBaseException failed to import certificate
      */
     public void importCert(String b64E, String nickname, String certType)
-        throws EBaseException;
+            throws EBaseException;
 
     /**
      * Imports certificate into the server.
-     *
+     * 
      * @param signedCert certificate
      * @param nickname nickname for the importing certificate
      * @param certType certificate type
      * @exception EBaseException failed to import certificate
      */
     public void importCert(X509CertImpl signedCert, String nickname,
-        String certType) throws EBaseException;
+            String certType) throws EBaseException;
 
     /**
      * Generates a key pair based on the given parameters.
-     *
+     * 
      * @param properties key parameters
      * @return key pair
      * @exception EBaseException failed to generate key pair
@@ -119,7 +120,7 @@ public interface ICryptoSubsystem extends ISubsystem {
 
     /**
      * Retrieves the key pair based on the given nickname.
-     *
+     * 
      * @param nickname nickname of the public key
      * @exception EBaseException failed to retrieve key pair
      */
@@ -127,7 +128,7 @@ public interface ICryptoSubsystem extends ISubsystem {
 
     /**
      * Generates a key pair based on the given parameters.
-     *
+     * 
      * @param tokenName name of token where key is generated
      * @param alg key algorithm
      * @param keySize key size
@@ -135,11 +136,11 @@ public interface ICryptoSubsystem extends ISubsystem {
      * @exception EBaseException failed to generate key pair
      */
     public KeyPair getKeyPair(String tokenName, String alg,
-        int keySize) throws EBaseException;
+            int keySize) throws EBaseException;
 
     /**
      * Generates a key pair based on the given parameters.
-     *
+     * 
      * @param tokenName name of token where key is generated
      * @param alg key algorithm
      * @param keySize key size
@@ -148,11 +149,11 @@ public interface ICryptoSubsystem extends ISubsystem {
      * @exception EBaseException failed to generate key pair
      */
     public KeyPair getKeyPair(String tokenName, String alg,
-        int keySize, PQGParams pqg) throws EBaseException;
+            int keySize, PQGParams pqg) throws EBaseException;
 
     /**
      * Generates an ECC key pair based on the given parameters.
-     *
+     * 
      * @param properties key parameters
      * @return key pair
      * @exception EBaseException failed to generate key pair
@@ -161,7 +162,7 @@ public interface ICryptoSubsystem extends ISubsystem {
 
     /**
      * Generates an ECC key pair based on the given parameters.
-     *
+     * 
      * @param token token name
      * @param curveName curve name
      * @param certType type of cert(sslserver etc..)
@@ -171,28 +172,27 @@ public interface ICryptoSubsystem extends ISubsystem {
     public KeyPair getECCKeyPair(String token, String curveName, String certType) throws EBaseException;
 
     /**
-     * Retrieves the signature algorithm of the certificate named
-     * by the given nickname.
-     *
+     * Retrieves the signature algorithm of the certificate named by the given
+     * nickname.
+     * 
      * @param nickname nickname of the certificate
      * @return signature algorithm
-     * @exception EBaseException failed to retrieve signature 
+     * @exception EBaseException failed to retrieve signature
      */
     public String getSignatureAlgorithm(String nickname) throws EBaseException;
 
     /**
      * Checks if the given dn is a valid distinguished name.
-     *
+     * 
      * @param dn distinguished name
      * @exception EBaseException failed to check
      */
     public void isX500DN(String dn) throws EBaseException;
 
     /**
-     * Retrieves CA's signing algorithm id. If it is DSA algorithm,
-     * algorithm is constructed by reading the parameters
-     * ca.dsaP, ca.dsaQ, ca.dsaG.
-     *
+     * Retrieves CA's signing algorithm id. If it is DSA algorithm, algorithm is
+     * constructed by reading the parameters ca.dsaP, ca.dsaQ, ca.dsaG.
+     * 
      * @param algname DSA or RSA
      * @param store configuration store.
      * @return algorithm id
@@ -201,59 +201,57 @@ public interface ICryptoSubsystem extends ISubsystem {
     public AlgorithmId getAlgorithmId(String algname, IConfigStore store) throws EBaseException;
 
     /**
-     * Retrieves subject name of the certificate that is identified by
-     * the given nickname.
-     *
+     * Retrieves subject name of the certificate that is identified by the given
+     * nickname.
+     * 
      * @param tokenname name of token where the nickname is valid
      * @param nickname nickname of the certificate
      * @return subject name
      * @exception EBaseException failed to get subject name
      */
     public String getCertSubjectName(String tokenname, String nickname)
-        throws EBaseException;
+            throws EBaseException;
 
     /**
-     * Retrieves extensions of the certificate that is identified by
-     * the given nickname.
-     *
+     * Retrieves extensions of the certificate that is identified by the given
+     * nickname.
+     * 
      * @param tokenname name of token where the nickname is valid
      * @param nickname nickname of the certificate
      * @return certificate extensions
      * @exception EBaseException failed to get extensions
      */
     public CertificateExtensions getExtensions(String tokenname, String nickname
-    )
-        throws EBaseException;
+            )
+                    throws EBaseException;
 
     /**
      * Deletes certificate of the given nickname.
-     *
+     * 
      * @param nickname nickname of the certificate
      * @param pathname path where a copy of the deleted certificate is stored
      * @exception EBaseException failed to delete certificate
      */
-    public void deleteTokenCertificate(String nickname, String pathname) 
-        throws EBaseException;
+    public void deleteTokenCertificate(String nickname, String pathname)
+            throws EBaseException;
 
     /**
      * Delete certificate of the given nickname.
-     *
+     * 
      * @param nickname nickname of the certificate
-     * @param notAfterTime The notAfter of the certificate. It 
-     *        is possible to ge t multiple certificates under 
-     *        the same nickname. If one of the certificates match 
-     *        the notAfterTime, then the certificate will get 
-     *        deleted. The format of the notAfterTime has to be 
-     *        in "MMMMM dd, yyyy HH:mm:ss" format.
+     * @param notAfterTime The notAfter of the certificate. It is possible to ge
+     *            t multiple certificates under the same nickname. If one of the
+     *            certificates match the notAfterTime, then the certificate will
+     *            get deleted. The format of the notAfterTime has to be in
+     *            "MMMMM dd, yyyy HH:mm:ss" format.
      * @exception EBaseException failed to delete certificate
      */
-    public void deleteCert(String nickname, String notAfterTime) 
-        throws EBaseException;
+    public void deleteCert(String nickname, String notAfterTime)
+            throws EBaseException;
 
     /**
-     * Retrieves the subject DN of the certificate identified by
-     * the nickname.
-     *
+     * Retrieves the subject DN of the certificate identified by the nickname.
+     * 
      * @param nickname nickname of the certificate
      * @return subject distinguished name
      * @exception EBaseException failed to retrieve subject DN
@@ -262,19 +260,19 @@ public interface ICryptoSubsystem extends ISubsystem {
 
     /**
      * Trusts a certificate for all available purposes.
-     *
+     * 
      * @param nickname nickname of the certificate
      * @param date certificate's not before
      * @param trust "Trust" or other
      * @exception EBaseException failed to trust certificate
      */
-    public void trustCert(String nickname, String date, String trust) 
-        throws EBaseException;
+    public void trustCert(String nickname, String date, String trust)
+            throws EBaseException;
 
     /**
-     * Checks if the given base-64 encoded string contains an extension
-     * or a sequence of extensions.
-     *
+     * Checks if the given base-64 encoded string contains an extension or a
+     * sequence of extensions.
+     * 
      * @param ext extension or sequence of extension encoded in base-64
      * @exception EBaseException failed to check encoding
      */
@@ -282,16 +280,17 @@ public interface ICryptoSubsystem extends ISubsystem {
 
     /**
      * Gets all certificates on all tokens for Certificate Database Management.
-     *
+     * 
      * @return all certificates
      * @exception EBaseException failed to retrieve certificates
      */
     public NameValuePairs getAllCertsManage() throws EBaseException;
+
     public NameValuePairs getUserCerts() throws EBaseException;
 
     /**
      * Gets all CA certificates on all tokens.
-     *
+     * 
      * @return all CA certificates
      * @exception EBaseException failed to retrieve certificates
      */
@@ -300,17 +299,17 @@ public interface ICryptoSubsystem extends ISubsystem {
     public NameValuePairs getRootCerts() throws EBaseException;
 
     public void setRootCertTrust(String nickname, String serialno,
-      String issuername, String trust) throws EBaseException;
+            String issuername, String trust) throws EBaseException;
 
     public void deleteRootCert(String nickname, String serialno,
-      String issuername) throws EBaseException;
+            String issuername) throws EBaseException;
 
     public void deleteUserCert(String nickname, String serialno,
-      String issuername) throws EBaseException;
+            String issuername) throws EBaseException;
 
     /**
      * Retrieves PQG parameters based on key size.
-     *
+     * 
      * @param keysize key size
      * @return pqg parameters
      */
@@ -318,100 +317,100 @@ public interface ICryptoSubsystem extends ISubsystem {
 
     /**
      * Retrieves PQG parameters based on key size.
-     *
+     * 
      * @param keysize key size
      * @param store configuration store
      * @return pqg parameters
      */
     public PQGParams getCAPQG(int keysize, IConfigStore store)
-        throws EBaseException;
+            throws EBaseException;
 
     /**
-     * Retrieves extensions of the certificate that is identified by
-     * the given nickname.
-     *
+     * Retrieves extensions of the certificate that is identified by the given
+     * nickname.
+     * 
      * @param tokenname token name
      * @param nickname nickname
      * @return certificate extensions
      */
     public CertificateExtensions getCertExtensions(String tokenname, String nickname
-    )
-        throws NotInitializedException, TokenException, ObjectNotFoundException,
+            )
+                    throws NotInitializedException, TokenException, ObjectNotFoundException,
 
-            IOException, CertificateException;
+                    IOException, CertificateException;
 
     /**
      * Checks if the given token is logged in.
-     *
+     * 
      * @param name token name
      * @return true if token is logged in
-     * @exception EBaseException failed to login 
+     * @exception EBaseException failed to login
      */
     public boolean isTokenLoggedIn(String name) throws EBaseException;
 
     /**
      * Logs into token.
-     *
+     * 
      * @param tokenName name of the token
      * @param pwd token password
      * @exception EBaseException failed to login
      */
-    public void loggedInToken(String tokenName, String pwd) 
-        throws EBaseException;
+    public void loggedInToken(String tokenName, String pwd)
+            throws EBaseException;
 
     /**
      * Generates certificate request from the given key pair.
-     *
+     * 
      * @param subjectName subject name to use in the request
      * @param kp key pair that contains public key material
      * @return certificate request in base-64 encoded format
      * @exception EBaseException failed to generate request
      */
     public String getCertRequest(String subjectName, KeyPair kp)
-        throws EBaseException;
+            throws EBaseException;
 
     /**
      * Checks if fortezza is enabled.
-     *
+     * 
      * @return "true" if fortezza is enabled
      */
     public String isCipherFortezza() throws EBaseException;
 
     /**
      * Retrieves the SSL cipher version.
-     *
+     * 
      * @return cipher version (i.e. "cipherdomestic")
      */
     public String getCipherVersion() throws EBaseException;
 
     /**
      * Retrieves the cipher preferences.
-     *
+     * 
      * @return cipher preferences (i.e. "rc4export,rc2export,...")
      */
     public String getCipherPreferences() throws EBaseException;
 
     /**
      * Sets the current SSL cipher preferences.
-     *
+     * 
      * @param cipherPrefs cipher preferences (i.e. "rc4export,rc2export,...")
      * @exception EBaseException failed to set cipher preferences
      */
     public void setCipherPreferences(String cipherPrefs)
-        throws EBaseException;
+            throws EBaseException;
 
     /**
      * Retrieves a list of currently registered token names.
-     *
+     * 
      * @return list of token names
      * @exception EBaseException failed to retrieve token list
      */
     public String getTokenList() throws EBaseException;
 
     /**
-     * Retrieves all certificates. The result list will not
-     * contain the token tag.
-     *
+     * Retrieves all certificates. The result list will not contain the token
+     * tag.
+     * 
      * @param name token name
      * @return list of certificates without token tag
      * @exception EBaseException failed to retrieve
@@ -420,16 +419,16 @@ public interface ICryptoSubsystem extends ISubsystem {
 
     /**
      * Retrieves the token name of the internal (software) token.
-     *
+     * 
      * @return the token name
      * @exception EBaseException failed to retrieve token name
      */
     public String getInternalTokenName() throws EBaseException;
 
     /**
-     * Checks to see if the certificate of the given nickname is a
-     * CA certificate.
-     *
+     * Checks to see if the certificate of the given nickname is a CA
+     * certificate.
+     * 
      * @param fullNickname nickname of the certificate to check
      * @return true if it is a CA certificate
      * @exception EBaseException failed to check
@@ -437,28 +436,29 @@ public interface ICryptoSubsystem extends ISubsystem {
     public boolean isCACert(String fullNickname) throws EBaseException;
 
     /**
-     * Adds the specified number of bits of entropy from the system
-	 * entropy generator to the RNG of the default PKCS#11 RNG token.
-     * The default token is set using the modutil command.
-	 * Note that the system entropy generator (usually /dev/random)
-	 * will block until sufficient entropy is collected.
-     *
+     * Adds the specified number of bits of entropy from the system entropy
+     * generator to the RNG of the default PKCS#11 RNG token. The default token
+     * is set using the modutil command. Note that the system entropy generator
+     * (usually /dev/random) will block until sufficient entropy is collected.
+     * 
      * @param bits number of bits of entropy
-     * @exception org.mozilla.jss.util.NotImplementedException If the Crypto device does not support
-     *             adding entropy
-	 * @exception TokenException If there was some other problem with the Crypto device
-	 * @exception IOException If there was a problem reading from the /dev/random
+     * @exception org.mozilla.jss.util.NotImplementedException If the Crypto
+     *                device does not support adding entropy
+     * @exception TokenException If there was some other problem with the Crypto
+     *                device
+     * @exception IOException If there was a problem reading from the
+     *                /dev/random
      */
 
     public void addEntropy(int bits)
-    throws org.mozilla.jss.util.NotImplementedException,
+            throws org.mozilla.jss.util.NotImplementedException,
             IOException,
             TokenException;
 
     /**
-     * Signs the certificate template into the given data and returns
-     * a signed certificate.
-     *
+     * Signs the certificate template into the given data and returns a signed
+     * certificate.
+     * 
      * @param data data that contains certificate template
      * @param certType certificate type
      * @param priKey CA signing key
diff --git a/pki/base/common/src/com/netscape/certsrv/security/IEncryptionUnit.java b/pki/base/common/src/com/netscape/certsrv/security/IEncryptionUnit.java
index 984425a5..c98a1821 100644
--- a/pki/base/common/src/com/netscape/certsrv/security/IEncryptionUnit.java
+++ b/pki/base/common/src/com/netscape/certsrv/security/IEncryptionUnit.java
@@ -17,41 +17,39 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.security;
 
-
 import java.security.PublicKey;
 
 import org.mozilla.jss.crypto.PrivateKey;
 
 import com.netscape.certsrv.base.EBaseException;
 
-
 /**
  * An interface represents a encryption unit.
- *
+ * 
  * @version $Revision$, $Date$
  */
 public interface IEncryptionUnit extends IToken {
 
     /**
      * Retrieves the public key in this unit.
-     *
+     * 
      * @return public key
      */
     public PublicKey getPublicKey();
 
     /**
-     * Wraps data. The given key will be wrapped by the
-     * private key in this unit.
-     *
+     * Wraps data. The given key will be wrapped by the private key in this
+     * unit.
+     * 
      * @param priKey private key to be wrapped
-     * @return wrapped data 
+     * @return wrapped data
      * @exception EBaseException failed to wrap
      */
     public byte[] wrap(PrivateKey priKey) throws EBaseException;
 
     /**
-     * Verifies the given key pair. 
-     *  
+     * Verifies the given key pair.
+     * 
      * @param publicKey public key
      * @param privateKey private key
      */
@@ -59,11 +57,11 @@ public interface IEncryptionUnit extends IToken {
             EBaseException;
 
     /**
-     * Unwraps data. This method rebuilds the private key by
-     * unwrapping the private key data.
-     *
+     * Unwraps data. This method rebuilds the private key by unwrapping the
+     * private key data.
+     * 
      * @param sessionKey session key that unwrap the private key
-     * @param symmAlgOID symmetric algorithm 
+     * @param symmAlgOID symmetric algorithm
      * @param symmAlgParams symmetric algorithm parameters
      * @param privateKey private key data
      * @param pubKey public key
@@ -71,56 +69,57 @@ public interface IEncryptionUnit extends IToken {
      * @exception EBaseException failed to unwrap
      */
     public PrivateKey unwrap(byte sessionKey[], String symmAlgOID,
-        byte symmAlgParams[], byte privateKey[], 
-        PublicKey pubKey)
-        throws EBaseException;
+            byte symmAlgParams[], byte privateKey[],
+            PublicKey pubKey)
+            throws EBaseException;
 
     /**
-     * Unwraps data. This method rebuilds the private key by
-     * unwrapping the private key data.
-     *
+     * Unwraps data. This method rebuilds the private key by unwrapping the
+     * private key data.
+     * 
      * @param privateKey private key data
      * @param pubKey public key object
      * @return private key object
      * @exception EBaseException failed to unwrap
      */
     public PrivateKey unwrap(byte privateKey[], PublicKey pubKey)
-        throws EBaseException;
-	
+            throws EBaseException;
+
     /**
-     * Encrypts the internal private key (private key to the KRA's
-     * internal storage).
-     *
+     * Encrypts the internal private key (private key to the KRA's internal
+     * storage).
+     * 
      * @param rawPrivate user's private key (key to be archived)
      * @return encrypted data
      * @exception EBaseException failed to encrypt
      */
     public byte[] encryptInternalPrivate(byte rawPrivate[])
-        throws EBaseException;
+            throws EBaseException;
 
     /**
-     * Decrypts the internal private key (private key from the KRA's
-     * internal storage).
-     *
-     * @param wrappedPrivateData unwrapped private key data (key to be recovered)
+     * Decrypts the internal private key (private key from the KRA's internal
+     * storage).
+     * 
+     * @param wrappedPrivateData unwrapped private key data (key to be
+     *            recovered)
      * @return raw private key
      * @exception EBaseException failed to decrypt
      */
     public byte[] decryptInternalPrivate(byte wrappedPrivateData[])
-        throws EBaseException;
+            throws EBaseException;
 
     /**
      * Decrypts the external private key (private key from the end-user).
-     *
+     * 
      * @param sessionKey session key that protects the user private
-     * @param symmAlgOID symmetric algorithm 
+     * @param symmAlgOID symmetric algorithm
      * @param symmAlgParams symmetric algorithm parameters
      * @param privateKey private key data
      * @return private key data
      * @exception EBaseException failed to decrypt
      */
-    public byte[] decryptExternalPrivate(byte sessionKey[], 
-        String symmAlgOID,
-        byte symmAlgParams[], byte privateKey[])
-        throws EBaseException;
+    public byte[] decryptExternalPrivate(byte sessionKey[],
+            String symmAlgOID,
+            byte symmAlgParams[], byte privateKey[])
+            throws EBaseException;
 }
diff --git a/pki/base/common/src/com/netscape/certsrv/security/ISigningUnit.java b/pki/base/common/src/com/netscape/certsrv/security/ISigningUnit.java
index 664d5c1f..0cc245f1 100644
--- a/pki/base/common/src/com/netscape/certsrv/security/ISigningUnit.java
+++ b/pki/base/common/src/com/netscape/certsrv/security/ISigningUnit.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.security;
 
-
 import java.security.PublicKey;
 
 import netscape.security.x509.X509CertImpl;
@@ -28,9 +27,8 @@ import org.mozilla.jss.crypto.X509Certificate;
 import com.netscape.certsrv.base.EBaseException;
 
 /**
- * A class represents the signing unit which is
- * capable of signing data.
- *
+ * A class represents the signing unit which is capable of signing data.
+ * 
  * @version $Revision$, $Date$
  */
 public interface ISigningUnit {
@@ -46,11 +44,11 @@ public interface ISigningUnit {
     /**
      * Retrieves the nickname of the signing certificate.
      */
-    public String getNickname(); 
+    public String getNickname();
 
     /**
      * Retrieves the new nickname in the renewal process.
-     *
+     * 
      * @return new nickname
      * @exception EBaseException failed to get new nickname
      */
@@ -58,39 +56,39 @@ public interface ISigningUnit {
 
     /**
      * Sets new nickname of the signing certificate.
-     *
+     * 
      * @param name nickname
      */
     public void setNewNickName(String name);
 
     /**
      * Retrieves the signing certificate.
-     *
+     * 
      * @return signing certificate
      */
     public X509Certificate getCert();
 
     /**
      * Retrieves the signing certificate.
-     *
+     * 
      * @return signing certificate
      */
     public X509CertImpl getCertImpl();
 
     /**
      * Signs the given data in specific algorithm.
-     *
+     * 
      * @param data data to be signed
      * @param algname signing algorithm to be used
      * @return signed data
      * @exception EBaseException failed to sign
      */
     public byte[] sign(byte[] data, String algname)
-        throws EBaseException;
-	
+            throws EBaseException;
+
     /**
      * Verifies the signed data.
-     *
+     * 
      * @param data signed data
      * @param signature signature
      * @param algname signing algorithm
@@ -98,18 +96,18 @@ public interface ISigningUnit {
      * @exception EBaseException failed to verify
      */
     public boolean verify(byte[] data, byte[] signature, String algname)
-        throws EBaseException;
+            throws EBaseException;
 
     /**
      * Retrieves the default algorithm.
-     *
+     * 
      * @return default signing algorithm
      */
     public SignatureAlgorithm getDefaultSignatureAlgorithm();
 
     /**
      * Retrieves the default algorithm name.
-     *
+     * 
      * @return default signing algorithm name
      */
     public String getDefaultAlgorithm();
@@ -124,15 +122,15 @@ public interface ISigningUnit {
 
     /**
      * Retrieves all supported signing algorithm of this unit.
-     *
+     * 
      * @return a list of signing algorithms
      * @exception EBaseException failed to list
-     */ 
+     */
     public String[] getAllAlgorithms() throws EBaseException;
 
     /**
      * Retrieves the token name of this unit.
-     *
+     * 
      * @return token name
      * @exception EBaseException failed to retrieve name
      */
@@ -140,7 +138,7 @@ public interface ISigningUnit {
 
     /**
      * Updates new nickname and tokename in the configuration file.
-     *
+     * 
      * @param nickname new nickname
      * @param tokenname new tokenname
      */
@@ -148,19 +146,18 @@ public interface ISigningUnit {
 
     /**
      * Checks if the given algorithm name is supported.
-     *
+     * 
      * @param algname algorithm name
      * @return signing algorithm
      * @exception EBaseException failed to check signing algorithm
      */
     public SignatureAlgorithm checkSigningAlgorithmFromName(String algname)
-        throws EBaseException;
+            throws EBaseException;
 
     /**
      * Retrieves the public key associated in this unit.
-     *
+     * 
      * @return public key
      */
     public PublicKey getPublicKey();
 }
-
diff --git a/pki/base/common/src/com/netscape/certsrv/security/IStorageKeyUnit.java b/pki/base/common/src/com/netscape/certsrv/security/IStorageKeyUnit.java
index 02ebc616..008d6384 100644
--- a/pki/base/common/src/com/netscape/certsrv/security/IStorageKeyUnit.java
+++ b/pki/base/common/src/com/netscape/certsrv/security/IStorageKeyUnit.java
@@ -17,33 +17,31 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.security;
 
-
 import java.util.Enumeration;
 
 import org.mozilla.jss.crypto.CryptoToken;
 
 import com.netscape.certsrv.base.EBaseException;
 
-
 /**
- * An interface represents a storage key unit. This storage
- * unit contains a storage key pair that is used for
- * encrypting the user private key for long term storage.
- *
+ * An interface represents a storage key unit. This storage unit contains a
+ * storage key pair that is used for encrypting the user private key for long
+ * term storage.
+ * 
  * @version $Revision$, $Date$
  */
 public interface IStorageKeyUnit extends IEncryptionUnit {
 
     /**
      * Retrieves total number of recovery agents.
-     *
+     * 
      * @return total number of recovery agents
      */
     public int getNoOfAgents() throws EBaseException;
 
     /**
-     * Retrieves number of recovery agents required to
-     * perform recovery operation.
+     * Retrieves number of recovery agents required to perform recovery
+     * operation.
      * 
      * @return required number of recovery agents for recovery operation
      */
@@ -51,33 +49,33 @@ public interface IStorageKeyUnit extends IEncryptionUnit {
 
     /**
      * Sets the numer of required recovery agents
-     *
+     * 
      * @param number number of required agents
      */
     public void setNoOfRequiredAgents(int number);
 
     /**
      * Retrieves a list of agents in this unit.
-     *
+     * 
      * @return a list of string-based agent identifiers
      */
     public Enumeration getAgentIdentifiers();
 
     /**
      * Changes agent password.
-     *
+     * 
      * @param id agent id
      * @param oldpwd old password
      * @param newpwd new password
      * @return true if operation successful
      * @exception EBaseException failed to change password
      */
-    public boolean changeAgentPassword(String id, String oldpwd, 
-        String newpwd) throws EBaseException;
+    public boolean changeAgentPassword(String id, String oldpwd,
+            String newpwd) throws EBaseException;
 
     /**
      * Changes M-N recovery scheme.
-     *
+     * 
      * @param n total number of agents
      * @param m required number of agents for recovery operation
      * @param oldcreds all old credentials
@@ -86,11 +84,11 @@ public interface IStorageKeyUnit extends IEncryptionUnit {
      * @exception EBaseException failed to change schema
      */
     public boolean changeAgentMN(int n, int m, Credential oldcreds[],
-        Credential newcreds[]) throws EBaseException;
-	
+            Credential newcreds[]) throws EBaseException;
+
     /**
      * Logins to this unit.
-     *
+     * 
      * @param ac agent's credentials
      * @exception EBaseException failed to login
      */
diff --git a/pki/base/common/src/com/netscape/certsrv/security/IToken.java b/pki/base/common/src/com/netscape/certsrv/security/IToken.java
index 0b79cfcf..05aff64f 100644
--- a/pki/base/common/src/com/netscape/certsrv/security/IToken.java
+++ b/pki/base/common/src/com/netscape/certsrv/security/IToken.java
@@ -17,20 +17,18 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.security;
 
-
 import com.netscape.certsrv.base.EBaseException;
 
-
 /**
  * An interface represents a generic token unit.
- *
+ * 
  * @version $Revision$, $Date$
  */
 public interface IToken {
 
     /**
      * Logins to the token unit.
-     *
+     * 
      * @param pin password to access the token
      * @exception EBaseException failed to login to this token
      */
diff --git a/pki/base/common/src/com/netscape/certsrv/security/ITransportKeyUnit.java b/pki/base/common/src/com/netscape/certsrv/security/ITransportKeyUnit.java
index 2edfa12a..dc09c885 100644
--- a/pki/base/common/src/com/netscape/certsrv/security/ITransportKeyUnit.java
+++ b/pki/base/common/src/com/netscape/certsrv/security/ITransportKeyUnit.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.security;
 
-
 import java.security.PublicKey;
 
 import org.mozilla.jss.crypto.CryptoToken;
@@ -26,27 +25,31 @@ import org.mozilla.jss.crypto.SymmetricKey;
 
 import com.netscape.certsrv.base.EBaseException;
 
-
 /**
- * An interface represents the transport key pair. 
- * This key pair is used to protected EE's private 
- * key in transit.
- *
+ * An interface represents the transport key pair. This key pair is used to
+ * protected EE's private key in transit.
+ * 
  * @version $Revision$, $Date$
  */
 public interface ITransportKeyUnit extends IEncryptionUnit {
 
     /**
      * Retrieves public key.
-     *
+     * 
      * @return certificate
      */
     public org.mozilla.jss.crypto.X509Certificate getCertificate();
+
     public SymmetricKey unwrap_sym(byte encSymmKey[]);
+
     public SymmetricKey unwrap_encrypt_sym(byte encSymmKey[]);
+
     public PrivateKey unwrap_temp(byte wrappedKeyData[], PublicKey
-	  pubKey) throws EBaseException;
+            pubKey) throws EBaseException;
+
     public CryptoToken getToken();
-    public String getSigningAlgorithm() throws EBaseException; 
-    public void setSigningAlgorithm(String str) throws EBaseException; 
+
+    public String getSigningAlgorithm() throws EBaseException;
+
+    public void setSigningAlgorithm(String str) throws EBaseException;
 }
diff --git a/pki/base/common/src/com/netscape/certsrv/security/KeyCertData.java b/pki/base/common/src/com/netscape/certsrv/security/KeyCertData.java
index 484e5e73..18cc98be 100644
--- a/pki/base/common/src/com/netscape/certsrv/security/KeyCertData.java
+++ b/pki/base/common/src/com/netscape/certsrv/security/KeyCertData.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.security;
 
-
 import java.math.BigInteger;
 import java.security.KeyPair;
 import java.util.Properties;
@@ -32,8 +31,7 @@ import com.netscape.certsrv.common.ConfigConstants;
 import com.netscape.certsrv.common.Constants;
 
 /**
- * This class represents a container for storaging
- * data in the security package.
+ * This class represents a container for storaging data in the security package.
  * 
  * @version $Revision$, $Date$
  */
@@ -53,7 +51,7 @@ public class KeyCertData extends Properties {
 
     /**
      * Retrieves the key pair from this container.
-     *
+     * 
      * @return key pair
      */
     public KeyPair getKeyPair() {
@@ -62,7 +60,7 @@ public class KeyCertData extends Properties {
 
     /**
      * Sets key pair into this container.
-     *
+     * 
      * @param keypair key pair
      */
     public void setKeyPair(KeyPair keypair) {
@@ -71,7 +69,7 @@ public class KeyCertData extends Properties {
 
     /**
      * Retrieves the issuer name from this container.
-     *
+     * 
      * @return issuer name
      */
     public String getIssuerName() {
@@ -80,7 +78,7 @@ public class KeyCertData extends Properties {
 
     /**
      * Sets the issuer name in this container.
-     *
+     * 
      * @param name issuer name
      */
     public void setIssuerName(String name) {
@@ -89,7 +87,7 @@ public class KeyCertData extends Properties {
 
     /**
      * Retrieves certificate server instance name.
-     *
+     * 
      * @return instance name
      */
     public String getCertInstanceName() {
@@ -98,7 +96,7 @@ public class KeyCertData extends Properties {
 
     /**
      * Sets certificate server instance name.
-     *
+     * 
      * @param name instance name
      */
     public void setCertInstanceName(String name) {
@@ -107,16 +105,16 @@ public class KeyCertData extends Properties {
 
     /**
      * Retrieves certificate nickname.
-     *
+     * 
      * @return certificate nickname
      */
     public String getCertNickname() {
         return (String) get(Constants.PR_NICKNAME);
     }
-    
+
     /**
      * Sets certificate nickname.
-     *
+     * 
      * @param nickname certificate nickname
      */
     public void setCertNickname(String nickname) {
@@ -125,7 +123,7 @@ public class KeyCertData extends Properties {
 
     /**
      * Retrieves key length.
-     *
+     * 
      * @return key length
      */
     public String getKeyLength() {
@@ -134,7 +132,7 @@ public class KeyCertData extends Properties {
 
     /**
      * Sets key length.
-     *
+     * 
      * @param len key length
      */
     public void setKeyLength(String len) {
@@ -143,7 +141,7 @@ public class KeyCertData extends Properties {
 
     /**
      * Retrieves key type.
-     *
+     * 
      * @return key type
      */
     public String getKeyType() {
@@ -152,7 +150,7 @@ public class KeyCertData extends Properties {
 
     /**
      * Sets key type.
-     *
+     * 
      * @param type key type
      */
     public void setKeyType(String type) {
@@ -161,7 +159,7 @@ public class KeyCertData extends Properties {
 
     /**
      * Retrieves key curve name.
-     *
+     * 
      * @return key curve name
      */
     public String getKeyCurveName() {
@@ -170,7 +168,7 @@ public class KeyCertData extends Properties {
 
     /**
      * Sets key curvename.
-     *
+     * 
      * @param len key curvename
      */
     public void setKeyCurveName(String len) {
@@ -179,7 +177,7 @@ public class KeyCertData extends Properties {
 
     /**
      * Retrieves signature algorithm.
-     *
+     * 
      * @return signature algorithm
      */
     public SignatureAlgorithm getSignatureAlgorithm() {
@@ -188,7 +186,7 @@ public class KeyCertData extends Properties {
 
     /**
      * Sets signature algorithm
-     *
+     * 
      * @param alg signature algorithm
      */
     public void setSignatureAlgorithm(SignatureAlgorithm alg) {
@@ -197,7 +195,7 @@ public class KeyCertData extends Properties {
 
     /**
      * Retrieves algorithm used to sign the root CA Cert.
-     *
+     * 
      * @return signature algorithm
      */
     public String getSignedBy() {
@@ -206,7 +204,7 @@ public class KeyCertData extends Properties {
 
     /**
      * Sets signature algorithm used to sign root CA cert
-     *
+     * 
      * @param alg signature algorithm
      */
     public void setSignedBy(String alg) {
@@ -215,7 +213,7 @@ public class KeyCertData extends Properties {
 
     /**
      * Retrieves signature algorithm.
-     *
+     * 
      * @return signature algorithm
      */
     public AlgorithmId getAlgorithmId() {
@@ -224,7 +222,7 @@ public class KeyCertData extends Properties {
 
     /**
      * Sets algorithm identifier
-     *
+     * 
      * @param id signature algorithm
      */
     public void setAlgorithmId(AlgorithmId id) {
@@ -233,7 +231,7 @@ public class KeyCertData extends Properties {
 
     /**
      * Retrieves serial number.
-     *
+     * 
      * @return serial number
      */
     public BigInteger getSerialNumber() {
@@ -242,7 +240,7 @@ public class KeyCertData extends Properties {
 
     /**
      * Sets serial number.
-     *
+     * 
      * @param num serial number
      */
     public void setSerialNumber(BigInteger num) {
@@ -251,16 +249,16 @@ public class KeyCertData extends Properties {
 
     /**
      * Retrieves configuration file.
-     *
+     * 
      * @return configuration file
      */
     public IConfigStore getConfigFile() {
-        return (IConfigStore)(get("cmsFile"));
+        return (IConfigStore) (get("cmsFile"));
     }
 
     /**
      * Sets configuration file.
-     *
+     * 
      * @param file configuration file
      */
     public void setConfigFile(IConfigStore file) {
@@ -269,7 +267,7 @@ public class KeyCertData extends Properties {
 
     /**
      * Retrieves begining year of validity.
-     *
+     * 
      * @return begining year
      */
     public String getBeginYear() {
@@ -278,7 +276,7 @@ public class KeyCertData extends Properties {
 
     /**
      * Sets begining year of validity.
-     *
+     * 
      * @param year begining year
      */
     public void setBeginYear(String year) {
@@ -287,7 +285,7 @@ public class KeyCertData extends Properties {
 
     /**
      * Retrieves ending year of validity.
-     *
+     * 
      * @return ending year
      */
     public String getAfterYear() {
@@ -296,7 +294,7 @@ public class KeyCertData extends Properties {
 
     /**
      * Sets ending year of validity.
-     *
+     * 
      * @param year ending year
      */
     public void setAfterYear(String year) {
@@ -305,7 +303,7 @@ public class KeyCertData extends Properties {
 
     /**
      * Retrieves begining month of validity.
-     *
+     * 
      * @return begining month
      */
     public String getBeginMonth() {
@@ -314,7 +312,7 @@ public class KeyCertData extends Properties {
 
     /**
      * Sets begining month of validity.
-     *
+     * 
      * @param month begining month
      */
     public void setBeginMonth(String month) {
@@ -323,7 +321,7 @@ public class KeyCertData extends Properties {
 
     /**
      * Retrieves ending month of validity.
-     *
+     * 
      * @return ending month
      */
     public String getAfterMonth() {
@@ -332,7 +330,7 @@ public class KeyCertData extends Properties {
 
     /**
      * Sets ending month of validity.
-     *
+     * 
      * @param month ending month
      */
     public void setAfterMonth(String month) {
@@ -341,7 +339,7 @@ public class KeyCertData extends Properties {
 
     /**
      * Retrieves begining date of validity.
-     *
+     * 
      * @return begining date
      */
     public String getBeginDate() {
@@ -350,7 +348,7 @@ public class KeyCertData extends Properties {
 
     /**
      * Sets begining date of validity.
-     *
+     * 
      * @param date begining date
      */
     public void setBeginDate(String date) {
@@ -359,7 +357,7 @@ public class KeyCertData extends Properties {
 
     /**
      * Retrieves ending date of validity.
-     *
+     * 
      * @return ending date
      */
     public String getAfterDate() {
@@ -368,7 +366,7 @@ public class KeyCertData extends Properties {
 
     /**
      * Sets ending date of validity.
-     *
+     * 
      * @param date ending date
      */
     public void setAfterDate(String date) {
@@ -377,7 +375,7 @@ public class KeyCertData extends Properties {
 
     /**
      * Retrieves starting hour of validity.
-     *
+     * 
      * @return starting hour
      */
     public String getBeginHour() {
@@ -386,7 +384,7 @@ public class KeyCertData extends Properties {
 
     /**
      * Sets starting hour of validity.
-     *
+     * 
      * @param hour starting hour
      */
     public void setBeginHour(String hour) {
@@ -395,7 +393,7 @@ public class KeyCertData extends Properties {
 
     /**
      * Retrieves ending hour of validity.
-     *
+     * 
      * @return ending hour
      */
     public String getAfterHour() {
@@ -404,7 +402,7 @@ public class KeyCertData extends Properties {
 
     /**
      * Sets ending hour of validity.
-     *
+     * 
      * @param hour ending hour
      */
     public void setAfterHour(String hour) {
@@ -413,16 +411,16 @@ public class KeyCertData extends Properties {
 
     /**
      * Retrieves starting minute of validity.
-     *
+     * 
      * @return starting minute
      */
     public String getBeginMin() {
         return (String) get(Constants.PR_BEGIN_MIN);
     }
-  
+
     /**
      * Sets starting minute of validity.
-     *
+     * 
      * @param min starting minute
      */
     public void setBeginMin(String min) {
@@ -431,7 +429,7 @@ public class KeyCertData extends Properties {
 
     /**
      * Retrieves ending minute of validity.
-     *
+     * 
      * @return ending minute
      */
     public String getAfterMin() {
@@ -440,7 +438,7 @@ public class KeyCertData extends Properties {
 
     /**
      * Sets ending minute of validity.
-     *
+     * 
      * @param min ending minute
      */
     public void setAfterMin(String min) {
@@ -449,7 +447,7 @@ public class KeyCertData extends Properties {
 
     /**
      * Retrieves starting second of validity.
-     *
+     * 
      * @return starting second
      */
     public String getBeginSec() {
@@ -458,7 +456,7 @@ public class KeyCertData extends Properties {
 
     /**
      * Sets starting second of validity.
-     *
+     * 
      * @param sec starting second
      */
     public void setBeginSec(String sec) {
@@ -467,7 +465,7 @@ public class KeyCertData extends Properties {
 
     /**
      * Retrieves ending second of validity.
-     *
+     * 
      * @return ending second
      */
     public String getAfterSec() {
@@ -476,7 +474,7 @@ public class KeyCertData extends Properties {
 
     /**
      * Sets ending second of validity.
-     *
+     * 
      * @param sec ending second
      */
     public void setAfterSec(String sec) {
@@ -485,7 +483,7 @@ public class KeyCertData extends Properties {
 
     /**
      * Retrieves CA key pair
-     *
+     * 
      * @return CA key pair
      */
     public KeyPair getCAKeyPair() {
@@ -494,7 +492,7 @@ public class KeyCertData extends Properties {
 
     /**
      * Sets CA key pair
-     *
+     * 
      * @param keypair key pair
      */
     public void setCAKeyPair(KeyPair keypair) {
@@ -503,7 +501,7 @@ public class KeyCertData extends Properties {
 
     /**
      * Retrieves extensions
-     *
+     * 
      * @return extensions
      */
     public String getDerExtension() {
@@ -512,7 +510,7 @@ public class KeyCertData extends Properties {
 
     /**
      * Sets extensions
-     *
+     * 
      * @param ext extensions
      */
     public void setDerExtension(String ext) {
@@ -521,7 +519,7 @@ public class KeyCertData extends Properties {
 
     /**
      * Retrieves isCA
-     *
+     * 
      * @return "true" if it is CA
      */
     public String isCA() {
@@ -530,7 +528,7 @@ public class KeyCertData extends Properties {
 
     /**
      * Sets isCA
-     *
+     * 
      * @param ext "true" if it is CA
      */
     public void setCA(String ext) {
@@ -539,7 +537,7 @@ public class KeyCertData extends Properties {
 
     /**
      * Retrieves key length
-     *
+     * 
      * @return certificate's key length
      */
     public String getCertLen() {
@@ -548,7 +546,7 @@ public class KeyCertData extends Properties {
 
     /**
      * Sets key length
-     *
+     * 
      * @param len certificate's key length
      */
     public void setCertLen(String len) {
@@ -557,7 +555,7 @@ public class KeyCertData extends Properties {
 
     /**
      * Retrieves SSL Client bit
-     *
+     * 
      * @return SSL Client bit
      */
     public String getSSLClientBit() {
@@ -566,7 +564,7 @@ public class KeyCertData extends Properties {
 
     /**
      * Sets SSL Client bit
-     *
+     * 
      * @param sslClientBit SSL Client bit
      */
     public void setSSLClientBit(String sslClientBit) {
@@ -575,7 +573,7 @@ public class KeyCertData extends Properties {
 
     /**
      * Retrieves SSL Server bit
-     *
+     * 
      * @return SSL Server bit
      */
     public String getSSLServerBit() {
@@ -584,7 +582,7 @@ public class KeyCertData extends Properties {
 
     /**
      * Sets SSL Server bit
-     *
+     * 
      * @param sslServerBit SSL Server bit
      */
     public void setSSLServerBit(String sslServerBit) {
@@ -593,7 +591,7 @@ public class KeyCertData extends Properties {
 
     /**
      * Retrieves SSL Mail bit
-     *
+     * 
      * @return SSL Mail bit
      */
     public String getSSLMailBit() {
@@ -602,7 +600,7 @@ public class KeyCertData extends Properties {
 
     /**
      * Sets SSL Mail bit
-     *
+     * 
      * @param sslMailBit SSL Mail bit
      */
     public void setSSLMailBit(String sslMailBit) {
@@ -611,7 +609,7 @@ public class KeyCertData extends Properties {
 
     /**
      * Retrieves SSL CA bit
-     *
+     * 
      * @return SSL CA bit
      */
     public String getSSLCABit() {
@@ -620,7 +618,7 @@ public class KeyCertData extends Properties {
 
     /**
      * Sets SSL CA bit
-     *
+     * 
      * @param cabit SSL CA bit
      */
     public void setSSLCABit(String cabit) {
@@ -629,16 +627,16 @@ public class KeyCertData extends Properties {
 
     /**
      * Retrieves SSL Signing bit
-     *
+     * 
      * @return SSL Signing bit
      */
     public String getObjectSigningBit() {
         return (String) get(Constants.PR_OBJECT_SIGNING_BIT);
     }
 
-    /** 
+    /**
      * Retrieves Time Stamping bit
-     *
+     * 
      * @return Time Stamping bit
      */
     public String getTimeStampingBit() {
@@ -647,7 +645,7 @@ public class KeyCertData extends Properties {
 
     /**
      * Sets SSL Signing bit
-     *
+     * 
      * @param objectSigningBit SSL Signing bit
      */
     public void setObjectSigningBit(String objectSigningBit) {
@@ -656,7 +654,7 @@ public class KeyCertData extends Properties {
 
     /**
      * Retrieves SSL Mail CA bit
-     *
+     * 
      * @return SSL Mail CA bit
      */
     public String getMailCABit() {
@@ -665,7 +663,7 @@ public class KeyCertData extends Properties {
 
     /**
      * Sets SSL Mail CA bit
-     *
+     * 
      * @param mailCABit SSL Mail CA bit
      */
     public void setMailCABit(String mailCABit) {
@@ -674,7 +672,7 @@ public class KeyCertData extends Properties {
 
     /**
      * Retrieves SSL Object Signing bit
-     *
+     * 
      * @return SSL Object Signing bit
      */
     public String getObjectSigningCABit() {
@@ -683,7 +681,7 @@ public class KeyCertData extends Properties {
 
     /**
      * Sets SSL Object Signing bit
-     *
+     * 
      * @param bit SSL Object Signing bit
      */
     public void setObjectSigningCABit(String bit) {
@@ -692,7 +690,7 @@ public class KeyCertData extends Properties {
 
     /**
      * Retrieves OCSP Signing flag
-     *
+     * 
      * @return OCSP Signing flag
      */
     public String getOCSPSigning() {
@@ -701,7 +699,7 @@ public class KeyCertData extends Properties {
 
     /**
      * Sets OCSP Signing flag
-     *
+     * 
      * @param aki OCSP Signing flag
      */
     public void setOCSPSigning(String aki) {
@@ -710,7 +708,7 @@ public class KeyCertData extends Properties {
 
     /**
      * Retrieves OCSP No Check flag
-     *
+     * 
      * @return OCSP No Check flag
      */
     public String getOCSPNoCheck() {
@@ -719,7 +717,7 @@ public class KeyCertData extends Properties {
 
     /**
      * Sets OCSP No Check flag
-     *
+     * 
      * @param noCheck OCSP No Check flag
      */
     public void setOCSPNoCheck(String noCheck) {
@@ -728,7 +726,7 @@ public class KeyCertData extends Properties {
 
     /**
      * Retrieves Authority Information Access flag
-     *
+     * 
      * @return Authority Information Access flag
      */
     public String getAIA() {
@@ -737,7 +735,7 @@ public class KeyCertData extends Properties {
 
     /**
      * Sets Authority Information Access flag
-     *
+     * 
      * @param aia Authority Information Access flag
      */
     public void setAIA(String aia) {
@@ -746,7 +744,7 @@ public class KeyCertData extends Properties {
 
     /**
      * Retrieves Authority Key Identifier flag
-     *
+     * 
      * @return Authority Key Identifier flag
      */
     public String getAKI() {
@@ -755,7 +753,7 @@ public class KeyCertData extends Properties {
 
     /**
      * Sets Authority Key Identifier flag
-     *
+     * 
      * @param aki Authority Key Identifier flag
      */
     public void setAKI(String aki) {
@@ -764,7 +762,7 @@ public class KeyCertData extends Properties {
 
     /**
      * Retrieves Subject Key Identifier flag
-     *
+     * 
      * @return Subject Key Identifier flag
      */
     public String getSKI() {
@@ -773,7 +771,7 @@ public class KeyCertData extends Properties {
 
     /**
      * Sets Subject Key Identifier flag
-     *
+     * 
      * @param ski Subject Key Identifier flag
      */
     public void setSKI(String ski) {
@@ -782,7 +780,7 @@ public class KeyCertData extends Properties {
 
     /**
      * Retrieves key usage extension
-     *
+     * 
      * @return true if key usage extension set
      */
     public boolean getKeyUsageExtension() {
@@ -795,7 +793,7 @@ public class KeyCertData extends Properties {
 
     /**
      * Sets CA extensions
-     *
+     * 
      * @param ext CA extensions
      */
     public void setCAExtensions(CertificateExtensions ext) {
@@ -804,7 +802,7 @@ public class KeyCertData extends Properties {
 
     /**
      * Retrieves CA extensions
-     *
+     * 
      * @return CA extensions
      */
     public CertificateExtensions getCAExtensions() {
@@ -813,11 +811,10 @@ public class KeyCertData extends Properties {
 
     /**
      * Retrieves hash type
-     *
+     * 
      * @return hash type
      */
     public String getHashType() {
         return (String) get(ConfigConstants.PR_HASH_TYPE);
     }
 }
-
diff --git a/pki/base/common/src/com/netscape/certsrv/selftests/EDuplicateSelfTestException.java b/pki/base/common/src/com/netscape/certsrv/selftests/EDuplicateSelfTestException.java
index d0f6b4c3..1ace7097 100644
--- a/pki/base/common/src/com/netscape/certsrv/selftests/EDuplicateSelfTestException.java
+++ b/pki/base/common/src/com/netscape/certsrv/selftests/EDuplicateSelfTestException.java
@@ -20,38 +20,33 @@
 
 package com.netscape.certsrv.selftests;
 
-
 ///////////////////////
 // import statements //
 ///////////////////////
 
-
-
 //////////////////////
 // class definition //
 //////////////////////
 
 /**
  * This class implements a duplicate self test exception.
- * EDuplicateSelfTestExceptions are derived from ESelfTestExceptions
- * in order to allow users to easily do self tests without try-catch clauses.
- *
+ * EDuplicateSelfTestExceptions are derived from ESelfTestExceptions in order to
+ * allow users to easily do self tests without try-catch clauses.
+ * 
  * EDuplicateSelfTestExceptions should be caught by SelfTestSubsystem managers.
  * <P>
  * 
  * @version $Revision$, $Date$
  */
 public class EDuplicateSelfTestException
-    extends ESelfTestException {
-    ////////////////////////
+        extends ESelfTestException {
+    // //////////////////////
     // default parameters //
-    ////////////////////////
-
-
+    // //////////////////////
 
-    ///////////////////////
+    // /////////////////////
     // helper parameters //
-    ///////////////////////
+    // /////////////////////
 
     /**
      *
@@ -62,32 +57,28 @@ public class EDuplicateSelfTestException
     private String mInstanceParameter = null;
     private String mInstanceValue = null;
 
-    ////////////////////////////////////////////
+    // //////////////////////////////////////////
     // EDuplicateSelfTestException parameters //
-    ////////////////////////////////////////////
+    // //////////////////////////////////////////
 
-
-
-    ///////////////////////////////////////////////
+    // /////////////////////////////////////////////
     // ESelfTestException parameters (inherited) //
-    ///////////////////////////////////////////////
-
+    // /////////////////////////////////////////////
 
-
-    /////////////////////
+    // ///////////////////
     // default methods //
-    /////////////////////
+    // ///////////////////
 
     /**
      * Constructs a "duplicate" self test exception.
      * <P>
-     *
+     * 
      * @param instanceName duplicate "instanceName" exception details
      */
     public EDuplicateSelfTestException(String instanceName) {
         super("The self test plugin property named "
-            + instanceName
-            + " already exists.");
+                + instanceName
+                + " already exists.");
 
         // strip preceding/trailing whitespace
         // from passed-in String parameters
@@ -100,20 +91,20 @@ public class EDuplicateSelfTestException
     }
 
     /**
-     * Constructs a "duplicate" self test exception where the value is always
-     * a duplicate from a name/value pair
+     * Constructs a "duplicate" self test exception where the value is always a
+     * duplicate from a name/value pair
      * <P>
-     *
+     * 
      * @param instanceName duplicate "instanceName" exception details
      * @param instanceValue duplicate "instanceValue" exception details
      */
     public EDuplicateSelfTestException(String instanceName,
-        String instanceValue) {
+            String instanceValue) {
         super("The self test plugin property named "
-            + instanceName
-            + " contains a value of "
-            + instanceValue
-            + " which already exists.");
+                + instanceName
+                + " contains a value of "
+                + instanceValue
+                + " which already exists.");
 
         // strip preceding/trailing whitespace
         // from passed-in String parameters
@@ -134,18 +125,18 @@ public class EDuplicateSelfTestException
      * duplicate from a substore.parameter/value pair; (the value passed in may
      * be null).
      * <P>
-     *
+     * 
      * @param instanceStore duplicate "instanceStore" exception details
      * @param instanceParameter duplicate "instanceParameter" exception details
-     * @param instanceValue duplicate "instanceValue" exception details
-     * (may be null)
+     * @param instanceValue duplicate "instanceValue" exception details (may be
+     *            null)
      */
     public EDuplicateSelfTestException(String instanceStore,
-        String instanceParameter,
-        String instanceValue) {
+            String instanceParameter,
+            String instanceValue) {
         super("The self test plugin property named "
-            + instanceStore + "." + instanceParameter
-            + " is a duplicate.");
+                + instanceStore + "." + instanceParameter
+                + " is a duplicate.");
 
         // strip preceding/trailing whitespace
         // from passed-in String parameters
@@ -165,14 +156,14 @@ public class EDuplicateSelfTestException
         mInstanceValue = instanceValue;
     }
 
-    ////////////////////
+    // //////////////////
     // helper methods //
-    ////////////////////
+    // //////////////////
 
     /**
      * Returns the instance name associated with this self test.
      * <P>
-     *
+     * 
      * @return name portion of the name/value pair
      */
     public String getInstanceName() {
@@ -182,7 +173,7 @@ public class EDuplicateSelfTestException
     /**
      * Returns the store associated with this self test.
      * <P>
-     *
+     * 
      * @return substore portion of the substore.parameter/value pair
      */
     public String getInstanceStore() {
@@ -192,7 +183,7 @@ public class EDuplicateSelfTestException
     /**
      * Returns the parameter associated with this self test.
      * <P>
-     *
+     * 
      * @return parameter portion of the substore.parameter/value pair
      */
     public String getInstanceParameter() {
@@ -202,27 +193,25 @@ public class EDuplicateSelfTestException
     /**
      * Returns the value associated with this self test.
      * <P>
-     *
+     * 
      * @return value portion of the name/value pair
      */
     public String getInstanceValue() {
         return mInstanceValue;
     }
 
-    /////////////////////////////////////////
+    // ///////////////////////////////////////
     // EDuplicateSelfTestException methods //
-    /////////////////////////////////////////
-
-
+    // ///////////////////////////////////////
 
-    ////////////////////////////////////////////
+    // //////////////////////////////////////////
     // ESelfTestException methods (inherited) //
-    ////////////////////////////////////////////
+    // //////////////////////////////////////////
 
-    /* Note that all of the following ESelfTestException methods
-     * are inherited from the ESelfTestException class:
-     *
+    /*
+     * Note that all of the following ESelfTestException methods are inherited
+     * from the ESelfTestException class:
+     * 
      * public ESelfTestException( String msg );
      */
 }
-
diff --git a/pki/base/common/src/com/netscape/certsrv/selftests/EInvalidSelfTestException.java b/pki/base/common/src/com/netscape/certsrv/selftests/EInvalidSelfTestException.java
index 11907695..c8b40c66 100644
--- a/pki/base/common/src/com/netscape/certsrv/selftests/EInvalidSelfTestException.java
+++ b/pki/base/common/src/com/netscape/certsrv/selftests/EInvalidSelfTestException.java
@@ -20,38 +20,33 @@
 
 package com.netscape.certsrv.selftests;
 
-
 ///////////////////////
 // import statements //
 ///////////////////////
 
-
-
 //////////////////////
 // class definition //
 //////////////////////
 
 /**
  * This class implements an invalid self test exception.
- * EInvalidSelfTestExceptions are derived from ESelfTestExceptions
- * in order to allow users to easily do self tests without try-catch clauses.
- *
+ * EInvalidSelfTestExceptions are derived from ESelfTestExceptions in order to
+ * allow users to easily do self tests without try-catch clauses.
+ * 
  * EInvalidSelfTestExceptions should be caught by SelfTestSubsystem managers.
  * <P>
  * 
  * @version $Revision$, $Date$
  */
 public class EInvalidSelfTestException
-    extends ESelfTestException {
-    ////////////////////////
+        extends ESelfTestException {
+    // //////////////////////
     // default parameters //
-    ////////////////////////
-
-
+    // //////////////////////
 
-    ///////////////////////
+    // /////////////////////
     // helper parameters //
-    ///////////////////////
+    // /////////////////////
 
     /**
      *
@@ -62,32 +57,28 @@ public class EInvalidSelfTestException
     private String mInstanceParameter = null;
     private String mInstanceValue = null;
 
-    //////////////////////////////////////////
+    // ////////////////////////////////////////
     // EInvalidSelfTestException parameters //
-    //////////////////////////////////////////
+    // ////////////////////////////////////////
 
-
-
-    ///////////////////////////////////////////////
+    // /////////////////////////////////////////////
     // ESelfTestException parameters (inherited) //
-    ///////////////////////////////////////////////
-
+    // /////////////////////////////////////////////
 
-
-    /////////////////////
+    // ///////////////////
     // default methods //
-    /////////////////////
+    // ///////////////////
 
     /**
      * Constructs an "invalid" self test exception.
      * <P>
-     *
+     * 
      * @param instanceName invalid "instanceName" exception details
      */
     public EInvalidSelfTestException(String instanceName) {
         super("The self test plugin named "
-            + instanceName
-            + " is invalid.");
+                + instanceName
+                + " is invalid.");
 
         // strip preceding/trailing whitespace
         // from passed-in String parameters
@@ -103,17 +94,17 @@ public class EInvalidSelfTestException
      * Constructs a "invalid" self test exception where the value is always
      * invalid from a name/value pair
      * <P>
-     *
+     * 
      * @param instanceName invalid "instanceName" exception details
      * @param instanceValue invalid "instanceValue" exception details
      */
     public EInvalidSelfTestException(String instanceName,
-        String instanceValue) {
+            String instanceValue) {
         super("The self test plugin named "
-            + instanceName
-            + " contains a value "
-            + instanceValue
-            + " which is invalid.");
+                + instanceName
+                + " contains a value "
+                + instanceValue
+                + " which is invalid.");
 
         // strip preceding/trailing whitespace
         // from passed-in String parameters
@@ -131,21 +122,21 @@ public class EInvalidSelfTestException
 
     /**
      * Constructs an "invalid" self test exception where the parameter is always
-     * invalid from a substore.parameter/value pair; (the value passed in may
-     * be null).
+     * invalid from a substore.parameter/value pair; (the value passed in may be
+     * null).
      * <P>
-     *
+     * 
      * @param instanceStore invalid "instanceStore" exception details
      * @param instanceParameter invalid "instanceParameter" exception details
-     * @param instanceValue invalid "instanceValue" exception details
-     * (may be null)
+     * @param instanceValue invalid "instanceValue" exception details (may be
+     *            null)
      */
     public EInvalidSelfTestException(String instanceStore,
-        String instanceParameter,
-        String instanceValue) {
+            String instanceParameter,
+            String instanceValue) {
         super("The self test plugin parameter named "
-            + instanceStore + "." + instanceParameter
-            + " is invalid.");
+                + instanceStore + "." + instanceParameter
+                + " is invalid.");
 
         // strip preceding/trailing whitespace
         // from passed-in String parameters
@@ -165,14 +156,14 @@ public class EInvalidSelfTestException
         mInstanceValue = instanceValue;
     }
 
-    ////////////////////
+    // //////////////////
     // helper methods //
-    ////////////////////
+    // //////////////////
 
     /**
      * Returns the instance name associated with this self test.
      * <P>
-     *
+     * 
      * @return name portion of the name/value pair
      */
     public String getInstanceName() {
@@ -182,7 +173,7 @@ public class EInvalidSelfTestException
     /**
      * Returns the store associated with this self test.
      * <P>
-     *
+     * 
      * @return substore portion of the substore.parameter/value pair
      */
     public String getInstanceStore() {
@@ -192,7 +183,7 @@ public class EInvalidSelfTestException
     /**
      * Returns the parameter associated with this self test.
      * <P>
-     *
+     * 
      * @return parameter portion of the substore.parameter/value pair
      */
     public String getInstanceParameter() {
@@ -202,27 +193,25 @@ public class EInvalidSelfTestException
     /**
      * Returns the value associated with this self test.
      * <P>
-     *
+     * 
      * @return value portion of the name/value pair
      */
     public String getInstanceValue() {
         return mInstanceValue;
     }
 
-    ///////////////////////////////////////
+    // /////////////////////////////////////
     // EInvalidSelfTestException methods //
-    ///////////////////////////////////////
-
-
+    // /////////////////////////////////////
 
-    ////////////////////////////////////////////
+    // //////////////////////////////////////////
     // ESelfTestException methods (inherited) //
-    ////////////////////////////////////////////
+    // //////////////////////////////////////////
 
-    /* Note that all of the following ESelfTestException methods
-     * are inherited from the ESelfTestException class:
-     *
+    /*
+     * Note that all of the following ESelfTestException methods are inherited
+     * from the ESelfTestException class:
+     * 
      * public ESelfTestException( String msg );
      */
 }
-
diff --git a/pki/base/common/src/com/netscape/certsrv/selftests/EMissingSelfTestException.java b/pki/base/common/src/com/netscape/certsrv/selftests/EMissingSelfTestException.java
index 88fa14cb..70876c5c 100644
--- a/pki/base/common/src/com/netscape/certsrv/selftests/EMissingSelfTestException.java
+++ b/pki/base/common/src/com/netscape/certsrv/selftests/EMissingSelfTestException.java
@@ -20,38 +20,33 @@
 
 package com.netscape.certsrv.selftests;
 
-
 ///////////////////////
 // import statements //
 ///////////////////////
 
-
-
 //////////////////////
 // class definition //
 //////////////////////
 
 /**
  * This class implements a missing self test exception.
- * EMissingSelfTestExceptions are derived from ESelfTestExceptions
- * in order to allow users to easily do self tests without try-catch clauses.
- *
+ * EMissingSelfTestExceptions are derived from ESelfTestExceptions in order to
+ * allow users to easily do self tests without try-catch clauses.
+ * 
  * EMissingSelfTestExceptions should be caught by SelfTestSubsystem managers.
  * <P>
  * 
  * @version $Revision$, $Date$
  */
 public class EMissingSelfTestException
-    extends ESelfTestException {
-    ////////////////////////
+        extends ESelfTestException {
+    // //////////////////////
     // default parameters //
-    ////////////////////////
-
-
+    // //////////////////////
 
-    ///////////////////////
+    // /////////////////////
     // helper parameters //
-    ///////////////////////
+    // /////////////////////
 
     /**
      *
@@ -62,26 +57,22 @@ public class EMissingSelfTestException
     private String mInstanceParameter = null;
     private String mInstanceValue = null;
 
-    //////////////////////////////////////////
+    // ////////////////////////////////////////
     // EMissingSelfTestException parameters //
-    //////////////////////////////////////////
+    // ////////////////////////////////////////
 
-
-
-    ///////////////////////////////////////////////
+    // /////////////////////////////////////////////
     // ESelfTestException parameters (inherited) //
-    ///////////////////////////////////////////////
-
+    // /////////////////////////////////////////////
 
-
-    /////////////////////
+    // ///////////////////
     // default methods //
-    /////////////////////
+    // ///////////////////
 
     /**
      * Constructs a "missing" self test exception where the name is null
      * <P>
-     *
+     * 
      */
     public EMissingSelfTestException() {
         super("The self test plugin property name is null.");
@@ -91,13 +82,13 @@ public class EMissingSelfTestException
      * Constructs a "missing" self test exception where the name is always
      * missing from a name/value pair.
      * <P>
-     *
+     * 
      * @param instanceName missing "instanceName" exception details
      */
     public EMissingSelfTestException(String instanceName) {
         super("The self test plugin property named "
-            + instanceName
-            + " does not exist.");
+                + instanceName
+                + " does not exist.");
 
         // strip preceding/trailing whitespace
         // from passed-in String parameters
@@ -113,16 +104,16 @@ public class EMissingSelfTestException
      * Constructs a "missing" self test exception where the value is always
      * missing from a name/value pair; (the value passed in is always null).
      * <P>
-     *
+     * 
      * @param instanceName missing "instanceName" exception details
-     * @param instanceValue missing "instanceValue" exception details
-     * (always null)
+     * @param instanceValue missing "instanceValue" exception details (always
+     *            null)
      */
     public EMissingSelfTestException(String instanceName,
-        String instanceValue) {
+            String instanceValue) {
         super("The self test plugin property named "
-            + instanceName
-            + " contains no values.");
+                + instanceName
+                + " contains no values.");
 
         // strip preceding/trailing whitespace
         // from passed-in String parameters
@@ -140,21 +131,21 @@ public class EMissingSelfTestException
 
     /**
      * Constructs a "missing" self test exception where the parameter is always
-     * missing from a substore.parameter/value pair; (the value passed in may
-     * be null).
+     * missing from a substore.parameter/value pair; (the value passed in may be
+     * null).
      * <P>
-     *
+     * 
      * @param instanceStore missing "instanceStore" exception details
      * @param instanceParameter missing "instanceParameter" exception details
-     * @param instanceValue missing "instanceValue" exception details
-     * (may be null)
+     * @param instanceValue missing "instanceValue" exception details (may be
+     *            null)
      */
     public EMissingSelfTestException(String instanceStore,
-        String instanceParameter,
-        String instanceValue) {
+            String instanceParameter,
+            String instanceValue) {
         super("The self test plugin property named "
-            + instanceStore + "." + instanceParameter
-            + " is missing.");
+                + instanceStore + "." + instanceParameter
+                + " is missing.");
 
         // strip preceding/trailing whitespace
         // from passed-in String parameters
@@ -174,14 +165,14 @@ public class EMissingSelfTestException
         mInstanceValue = instanceValue;
     }
 
-    ////////////////////
+    // //////////////////
     // helper methods //
-    ////////////////////
+    // //////////////////
 
     /**
      * Returns the instance name associated with this self test.
      * <P>
-     *
+     * 
      * @return name portion of the name/value pair
      */
     public String getInstanceName() {
@@ -191,7 +182,7 @@ public class EMissingSelfTestException
     /**
      * Returns the store associated with this self test.
      * <P>
-     *
+     * 
      * @return substore portion of the substore.parameter/value pair
      */
     public String getInstanceStore() {
@@ -201,7 +192,7 @@ public class EMissingSelfTestException
     /**
      * Returns the parameter associated with this self test.
      * <P>
-     *
+     * 
      * @return parameter portion of the substore.parameter/value pair
      */
     public String getInstanceParameter() {
@@ -211,27 +202,25 @@ public class EMissingSelfTestException
     /**
      * Returns the value associated with this self test.
      * <P>
-     *
+     * 
      * @return value portion of the name/value pair
      */
     public String getInstanceValue() {
         return mInstanceValue;
     }
 
-    ///////////////////////////////////////
+    // /////////////////////////////////////
     // EMissingSelfTestException methods //
-    ///////////////////////////////////////
-
-
+    // /////////////////////////////////////
 
-    ////////////////////////////////////////////
+    // //////////////////////////////////////////
     // ESelfTestException methods (inherited) //
-    ////////////////////////////////////////////
+    // //////////////////////////////////////////
 
-    /* Note that all of the following ESelfTestException methods
-     * are inherited from the ESelfTestException class:
-     *
+    /*
+     * Note that all of the following ESelfTestException methods are inherited
+     * from the ESelfTestException class:
+     * 
      * public ESelfTestException( String msg );
      */
 }
-
diff --git a/pki/base/common/src/com/netscape/certsrv/selftests/ESelfTestException.java b/pki/base/common/src/com/netscape/certsrv/selftests/ESelfTestException.java
index e465517c..8ee7b8c0 100644
--- a/pki/base/common/src/com/netscape/certsrv/selftests/ESelfTestException.java
+++ b/pki/base/common/src/com/netscape/certsrv/selftests/ESelfTestException.java
@@ -20,39 +20,35 @@
 
 package com.netscape.certsrv.selftests;
 
-
 ///////////////////////
 // import statements //
 ///////////////////////
 
 import com.netscape.certsrv.base.EBaseException;
 
-
 //////////////////////
 // class definition //
 //////////////////////
 
 /**
- * This class implements a self test exception. ESelfTestExceptions
- * are derived from EBaseExceptions in order to allow users
- * to easily do self tests without try-catch clauses.
- *
+ * This class implements a self test exception. ESelfTestExceptions are derived
+ * from EBaseExceptions in order to allow users to easily do self tests without
+ * try-catch clauses.
+ * 
  * ESelfTestExceptions should be caught by SelfTestSubsystem managers.
  * <P>
  * 
  * @version $Revision$, $Date$
  */
 public class ESelfTestException
-    extends EBaseException {
-    ////////////////////////
+        extends EBaseException {
+    // //////////////////////
     // default parameters //
-    ////////////////////////
-
-
+    // //////////////////////
 
-    ///////////////////////////////////
+    // /////////////////////////////////
     // ESelfTestException parameters //
-    ///////////////////////////////////
+    // /////////////////////////////////
 
     /**
      *
@@ -60,68 +56,65 @@ public class ESelfTestException
     private static final long serialVersionUID = -8001373369705595891L;
     private static final String SELFTEST_RESOURCES = SelfTestResources.class.getName();
 
-
-    ///////////////////////////////////////////
+    // /////////////////////////////////////////
     // EBaseException parameters (inherited) //
-    ///////////////////////////////////////////
+    // /////////////////////////////////////////
 
-    /* Note that all of the following EBaseException parameters
-     * are inherited from the EBaseException class:
-     *
+    /*
+     * Note that all of the following EBaseException parameters are inherited
+     * from the EBaseException class:
+     * 
      * public Object mParams[];
      */
 
-
-
-    /////////////////////
+    // ///////////////////
     // default methods //
-    /////////////////////
+    // ///////////////////
 
     /**
      * Constructs a self test exception.
      * <P>
-     *
+     * 
      * @param msg exception details
      */
     public ESelfTestException(String msg) {
         super(msg);
     }
 
-
-    ////////////////////////////////
+    // //////////////////////////////
     // ESelfTestException methods //
-    ////////////////////////////////
+    // //////////////////////////////
 
     /**
      * Returns the bundle file name.
      * <P>
+     * 
      * @return name of bundle class associated with this exception.
      */
     protected String getBundleName() {
         return SELFTEST_RESOURCES;
     }
 
-
-    ////////////////////////////////////////
+    // //////////////////////////////////////
     // EBaseException methods (inherited) //
-    ////////////////////////////////////////
+    // //////////////////////////////////////
 
-    /* Note that all of the following EBaseException methods
-     * are inherited from the EBaseException class:
-     *
+    /*
+     * Note that all of the following EBaseException methods are inherited from
+     * the EBaseException class:
+     * 
      * public EBaseException( String msgFormat );
-     *
+     * 
      * public EBaseException( String msgFormat, String param );
-     *
+     * 
      * public EBaseException( String msgFormat, Exception param );
-     *
+     * 
      * public EBaseException( String msgFormat, Object params[] );
-     *
+     * 
      * public Object[] getParameters();
-     *
+     * 
      * public String toString();
-     *
+     * 
      * public String toString( Locale locale );
      */
 }
-
diff --git a/pki/base/common/src/com/netscape/certsrv/selftests/ISelfTest.java b/pki/base/common/src/com/netscape/certsrv/selftests/ISelfTest.java
index f881a285..357544f7 100644
--- a/pki/base/common/src/com/netscape/certsrv/selftests/ISelfTest.java
+++ b/pki/base/common/src/com/netscape/certsrv/selftests/ISelfTest.java
@@ -20,7 +20,6 @@
 
 package com.netscape.certsrv.selftests;
 
-
 ///////////////////////
 // import statements //
 ///////////////////////
@@ -30,7 +29,6 @@ import java.util.Locale;
 import com.netscape.certsrv.base.IConfigStore;
 import com.netscape.certsrv.logging.ILogEventListener;
 
-
 //////////////////////
 // class definition //
 //////////////////////
@@ -42,86 +40,82 @@ import com.netscape.certsrv.logging.ILogEventListener;
  * @version $Revision$, $Date$
  */
 public interface ISelfTest {
-    ////////////////////////
+    // //////////////////////
     // default parameters //
-    ////////////////////////
-
-
+    // //////////////////////
 
-    //////////////////////////
+    // ////////////////////////
     // ISelfTest parameters //
-    //////////////////////////
+    // ////////////////////////
 
     public static final String PROP_PLUGIN = "plugin";
 
-    /////////////////////
+    // ///////////////////
     // default methods //
-    /////////////////////
+    // ///////////////////
 
-
-
-    ///////////////////////
+    // /////////////////////
     // ISelfTest methods //
-    ///////////////////////
+    // /////////////////////
 
     /**
-     * Initializes this subsystem with the configuration store
-     * associated with this instance name.
+     * Initializes this subsystem with the configuration store associated with
+     * this instance name.
      * <P>
-     *
+     * 
      * @param subsystem the associated subsystem
-     * @param instanceName the name of this self test instance 
+     * @param instanceName the name of this self test instance
      * @param parameters configuration store (self test parameters)
      * @exception EDuplicateSelfTestException subsystem has duplicate name/value
      * @exception EInvalidSelfTestException subsystem has invalid name/value
      * @exception EMissingSelfTestException subsystem has missing name/value
      */
     public void initSelfTest(ISelfTestSubsystem subsystem,
-        String instanceName,
-        IConfigStore parameters)
-        throws EDuplicateSelfTestException,
+            String instanceName,
+            IConfigStore parameters)
+            throws EDuplicateSelfTestException,
             EInvalidSelfTestException,
             EMissingSelfTestException;
 
     /**
      * Notifies this subsystem if it is in execution mode.
      * <P>
-     *
+     * 
      * @exception ESelfTestException failed to start
      */
     public void startupSelfTest()
-        throws ESelfTestException;
+            throws ESelfTestException;
 
     /**
-     * Stops this subsystem. The subsystem may call shutdownSelfTest
-     * anytime after initialization.
+     * Stops this subsystem. The subsystem may call shutdownSelfTest anytime
+     * after initialization.
      * <P>
      */
     public void shutdownSelfTest();
 
     /**
-     * Returns the name associated with this self test. This method may
-     * return null if the self test has not been intialized.
+     * Returns the name associated with this self test. This method may return
+     * null if the self test has not been intialized.
      * <P>
-     *
+     * 
      * @return instanceName of this self test
      */
     public String getSelfTestName();
 
     /**
-     * Returns the root configuration storage (self test parameters)
-     * associated with this subsystem.
+     * Returns the root configuration storage (self test parameters) associated
+     * with this subsystem.
      * <P>
-     *
+     * 
      * @return configuration store (self test parameters) of this subsystem
      */
     public IConfigStore getSelfTestConfigStore();
 
     /**
-     * Retrieves description associated with an individual self test.
-     * This method may return null.
+     * Retrieves description associated with an individual self test. This
+     * method may return null.
      * <P>
-     *
+     * 
      * @param locale locale of the client that requests the description
      * @return description of self test
      */
@@ -130,11 +124,10 @@ public interface ISelfTest {
     /**
      * Execute an individual self test.
      * <P>
-     *
+     * 
      * @param logger specifies logging subsystem
      * @exception ESelfTestException self test exception
      */
     public void runSelfTest(ILogEventListener logger)
-        throws ESelfTestException;
+            throws ESelfTestException;
 }
-
diff --git a/pki/base/common/src/com/netscape/certsrv/selftests/ISelfTestSubsystem.java b/pki/base/common/src/com/netscape/certsrv/selftests/ISelfTestSubsystem.java
index 3391bdd1..392a80e5 100644
--- a/pki/base/common/src/com/netscape/certsrv/selftests/ISelfTestSubsystem.java
+++ b/pki/base/common/src/com/netscape/certsrv/selftests/ISelfTestSubsystem.java
@@ -20,7 +20,6 @@
 
 package com.netscape.certsrv.selftests;
 
-
 ///////////////////////
 // import statements //
 ///////////////////////
@@ -28,7 +27,6 @@ package com.netscape.certsrv.selftests;
 import com.netscape.certsrv.base.ISubsystem;
 import com.netscape.certsrv.logging.ILogEventListener;
 
-
 //////////////////////
 // class definition //
 //////////////////////
@@ -40,16 +38,14 @@ import com.netscape.certsrv.logging.ILogEventListener;
  * @version $Revision$, $Date$
  */
 public interface ISelfTestSubsystem
-    extends ISubsystem {
-    ////////////////////////
+        extends ISubsystem {
+    // //////////////////////
     // default parameters //
-    ////////////////////////
-
+    // //////////////////////
 
-
-    //////////////////////////////////
+    // ////////////////////////////////
     // ISelfTestSubsystem constants //
-    //////////////////////////////////
+    // ////////////////////////////////
 
     public static final String ID = "selftests";
     public static final String PROP_CONTAINER = "container";
@@ -60,21 +56,17 @@ public interface ISelfTestSubsystem
     public static final String PROP_ON_DEMAND = "onDemand";
     public static final String PROP_STARTUP = "startup";
 
-    ///////////////////////////////////////
+    // /////////////////////////////////////
     // ISubsystem parameters (inherited) //
-    ///////////////////////////////////////
-
+    // /////////////////////////////////////
 
-
-    /////////////////////
+    // ///////////////////
     // default methods //
-    /////////////////////
-
+    // ///////////////////
 
-
-    ////////////////////////////////
+    // //////////////////////////////
     // ISelfTestSubsystem methods //
-    ////////////////////////////////
+    // //////////////////////////////
 
     //
     // methods associated with the list of on demand self tests
@@ -84,7 +76,7 @@ public interface ISelfTestSubsystem
      * List the instance names of all the self tests enabled to run on demand
      * (in execution order); may return null.
      * <P>
-     *
+     * 
      * @return list of self test instance names run on demand
      */
     public String[] listSelfTestsEnabledOnDemand();
@@ -92,72 +84,70 @@ public interface ISelfTestSubsystem
     /**
      * Enable the specified self test to be executed on demand.
      * <P>
-     *
+     * 
      * @param instanceName instance name of self test
-     * @param isCritical isCritical is either a critical failure (true) or
-     * a non-critical failure (false)
+     * @param isCritical isCritical is either a critical failure (true) or a
+     *            non-critical failure (false)
      * @exception EInvalidSelfTestException subsystem has invalid name/value
      * @exception EMissingSelfTestException subsystem has missing name/value
      */
-    //  public void enableSelfTestOnDemand( String instanceName,
-    //                                      boolean isCritical )
-    //  throws EInvalidSelfTestException, EMissingSelfTestException;
-
+    // public void enableSelfTestOnDemand( String instanceName,
+    // boolean isCritical )
+    // throws EInvalidSelfTestException, EMissingSelfTestException;
 
     /**
      * Disable the specified self test from being able to be executed on demand.
      * <P>
-     *
+     * 
      * @param instanceName instance name of self test
      * @exception EMissingSelfTestException subsystem has missing name
      */
-    //  public void disableSelfTestOnDemand( String instanceName )
-    //  throws EMissingSelfTestException;
-
+    // public void disableSelfTestOnDemand( String instanceName )
+    // throws EMissingSelfTestException;
 
     /**
      * Determine if the specified self test is enabled to be executed on demand.
      * <P>
-     *
+     * 
      * @param instanceName instance name of self test
      * @return true if the specified self test is enabled on demand
      * @exception EMissingSelfTestException subsystem has missing name
      */
     public boolean isSelfTestEnabledOnDemand(String instanceName)
-        throws EMissingSelfTestException;
+            throws EMissingSelfTestException;
 
     /**
-     * Determine if failure of the specified self test is fatal when 
-     * it is executed on demand.
+     * Determine if failure of the specified self test is fatal when it is
+     * executed on demand.
      * <P>
-     *
+     * 
      * @param instanceName instance name of self test
-     * @return true if failure of the specified self test is fatal when
-     * it is executed on demand
+     * @return true if failure of the specified self test is fatal when it is
+     *         executed on demand
      * @exception EMissingSelfTestException subsystem has missing name
      */
     public boolean isSelfTestCriticalOnDemand(String instanceName)
-        throws EMissingSelfTestException;
+            throws EMissingSelfTestException;
 
     /**
      * Execute all self tests specified to be run on demand.
      * <P>
-     *
+     * 
      * @exception EMissingSelfTestException subsystem has missing name
      * @exception ESelfTestException self test exception
      */
     public void runSelfTestsOnDemand()
-        throws EMissingSelfTestException, ESelfTestException;
+            throws EMissingSelfTestException, ESelfTestException;
 
     //
     // methods associated with the list of startup self tests
     //
 
     /**
-     * List the instance names of all the self tests enabled to run
-     * at server startup (in execution order); may return null.
+     * List the instance names of all the self tests enabled to run at server
+     * startup (in execution order); may return null.
      * <P>
-     *
+     * 
      * @return list of self test instance names run at server startup
      */
     public String[] listSelfTestsEnabledAtStartup();
@@ -165,73 +155,71 @@ public interface ISelfTestSubsystem
     /**
      * Enable the specified self test at server startup.
      * <P>
-     *
+     * 
      * @param instanceName instance name of self test
-     * @param isCritical isCritical is either a critical failure (true) or
-     * a non-critical failure (false)
+     * @param isCritical isCritical is either a critical failure (true) or a
+     *            non-critical failure (false)
      * @exception EInvalidSelfTestException subsystem has invalid name/value
      * @exception EMissingSelfTestException subsystem has missing name/value
      */
-    //  public void enableSelfTestAtStartup( String instanceName,
-    //                                       boolean isCritical )
-    //  throws EInvalidSelfTestException, EMissingSelfTestException;
-
+    // public void enableSelfTestAtStartup( String instanceName,
+    // boolean isCritical )
+    // throws EInvalidSelfTestException, EMissingSelfTestException;
 
     /**
      * Disable the specified self test at server startup.
      * <P>
-     *
+     * 
      * @param instanceName instance name of self test
      * @exception EMissingSelfTestException subsystem has missing name
      */
-    //  public void disableSelfTestAtStartup( String instanceName )
-    //  throws EMissingSelfTestException;
-
+    // public void disableSelfTestAtStartup( String instanceName )
+    // throws EMissingSelfTestException;
 
     /**
-     * Determine if the specified self test is executed automatically
-     * at server startup.
+     * Determine if the specified self test is executed automatically at server
+     * startup.
      * <P>
-     *
+     * 
      * @param instanceName instance name of self test
      * @return true if the specified self test is executed at server startup
      * @exception EMissingSelfTestException subsystem has missing name
      */
     public boolean isSelfTestEnabledAtStartup(String instanceName)
-        throws EMissingSelfTestException;
+            throws EMissingSelfTestException;
 
     /**
-     * Determine if failure of the specified self test is fatal to
-     * server startup.
+     * Determine if failure of the specified self test is fatal to server
+     * startup.
      * <P>
-     *
+     * 
      * @param instanceName instance name of self test
-     * @return true if failure of the specified self test is fatal to
-     * server startup
+     * @return true if failure of the specified self test is fatal to server
+     *         startup
      * @exception EMissingSelfTestException subsystem has missing name
      */
     public boolean isSelfTestCriticalAtStartup(String instanceName)
-        throws EMissingSelfTestException;
+            throws EMissingSelfTestException;
 
     /**
      * Execute all self tests specified to be run at server startup.
      * <P>
-     *
+     * 
      * @exception EMissingSelfTestException subsystem has missing name
      * @exception ESelfTestException self test exception
      */
     public void runSelfTestsAtStartup()
-        throws EMissingSelfTestException, ESelfTestException;
+            throws EMissingSelfTestException, ESelfTestException;
 
     //
     // methods associated with the list of self test instances
     //
 
     /**
-     * Retrieve an individual self test from the instances list
-     * given its instance name.
+     * Retrieve an individual self test from the instances list given its
+     * instance name.
      * <P>
-     *
+     * 
      * @param instanceName instance name of self test
      * @return individual self test
      */
@@ -242,10 +230,10 @@ public interface ISelfTestSubsystem
     //
 
     /**
-     * Returns the ILogEventListener of this subsystem.
-     * This method may return null.
+     * Returns the ILogEventListener of this subsystem. This method may return
+     * null.
      * <P>
-     *
+     * 
      * @return ILogEventListener of this subsystem
      */
     public ILogEventListener getSelfTestLogger();
@@ -253,104 +241,97 @@ public interface ISelfTestSubsystem
     /**
      * This method represents the log interface for the self test subsystem.
      * <P>
-     *
+     * 
      * @param logger log event listener
      * @param msg self test log message
      */
     public void log(ILogEventListener logger, String msg);
 
     /**
-     * Register an individual self test on the instances list AND
-     * on the "on demand" list (note that the specified self test
-     * will be appended to the end of each list).
+     * Register an individual self test on the instances list AND on the
+     * "on demand" list (note that the specified self test will be appended to
+     * the end of each list).
      * <P>
-     *
+     * 
      * @param instanceName instance name of self test
-     * @param isCritical isCritical is either a critical failure (true) or
-     * a non-critical failure (false)
+     * @param isCritical isCritical is either a critical failure (true) or a
+     *            non-critical failure (false)
      * @param instance individual self test
      * @exception EDuplicateSelfTestException subsystem has duplicate name
      * @exception EInvalidSelfTestException subsystem has invalid name/value
      * @exception EMissingSelfTestException subsystem has missing name/value
      */
-    //  public void registerSelfTestOnDemand( String instanceName,
-    //                                        boolean isCritical,
-    //                                        ISelfTest instance )
-    //  throws EDuplicateSelfTestException,
-    //         EInvalidSelfTestException,
-    //         EMissingSelfTestException;
-
+    // public void registerSelfTestOnDemand( String instanceName,
+    // boolean isCritical,
+    // ISelfTest instance )
+    // throws EDuplicateSelfTestException,
+    // EInvalidSelfTestException,
+    // EMissingSelfTestException;
 
     /**
-     * Deregister an individual self test on the instances list AND
-     * on the "on demand" list (note that the specified self test
-     * will be removed from each list).
+     * Deregister an individual self test on the instances list AND on the
+     * "on demand" list (note that the specified self test will be removed from
+     * each list).
      * <P>
-     *
+     * 
      * @param instanceName instance name of self test
      * @exception EMissingSelfTestException subsystem has missing name
      */
-    //  public void deregisterSelfTestOnDemand( String instanceName )
-    //  throws EMissingSelfTestException;
-
+    // public void deregisterSelfTestOnDemand( String instanceName )
+    // throws EMissingSelfTestException;
 
     /**
-     * Register an individual self test on the instances list AND
-     * on the "startup" list (note that the specified self test
-     * will be appended to the end of each list).
+     * Register an individual self test on the instances list AND on the
+     * "startup" list (note that the specified self test will be appended to the
+     * end of each list).
      * <P>
-     *
+     * 
      * @param instanceName instance name of self test
-     * @param isCritical isCritical is either a critical failure (true) or
-     * a non-critical failure (false)
+     * @param isCritical isCritical is either a critical failure (true) or a
+     *            non-critical failure (false)
      * @param instance individual self test
      * @exception EDuplicateSelfTestException subsystem has duplicate name
      * @exception EInvalidSelfTestException subsystem has invalid name/value
      * @exception EMissingSelfTestException subsystem has missing name/value
      */
-    //  public void registerSelfTestAtStartup( String instanceName,
-    //                                         boolean isCritical,
-    //                                         ISelfTest instance )
-    //  throws EDuplicateSelfTestException,
-    //         EInvalidSelfTestException,
-    //         EMissingSelfTestException;
-
+    // public void registerSelfTestAtStartup( String instanceName,
+    // boolean isCritical,
+    // ISelfTest instance )
+    // throws EDuplicateSelfTestException,
+    // EInvalidSelfTestException,
+    // EMissingSelfTestException;
 
     /**
-     * Deregister an individual self test on the instances list AND
-     * on the "startup" list (note that the specified self test
-     * will be removed from each list).
+     * Deregister an individual self test on the instances list AND on the
+     * "startup" list (note that the specified self test will be removed from
+     * each list).
      * <P>
-     *
+     * 
      * @param instanceName instance name of self test
      * @exception EMissingSelfTestException subsystem has missing name
      */
-    //  public void deregisterSelfTestAtStartup( String instanceName )
-    //  throws EMissingSelfTestException;
-
+    // public void deregisterSelfTestAtStartup( String instanceName )
+    // throws EMissingSelfTestException;
 
-
-    ////////////////////////////////////
+    // //////////////////////////////////
     // ISubsystem methods (inherited) //
-    ////////////////////////////////////
-
-    /* Note that all of the following ISubsystem methods
-     * are inherited from the ISubsystem class:
-     *
-     *    public String getId();
-     *
-     *    public void setId( String id )
-     *    throws EBaseException;
-     *
-     *    public void init( ISubsystem owner, IConfigStore config )
-     *    throws EBaseException;
-     *
-     *    public void startup()
-     *    throws EBaseException;
-     *
-     *    public void shutdown();
-     *
-     *    public IConfigStore getConfigStore();
+    // //////////////////////////////////
+
+    /*
+     * Note that all of the following ISubsystem methods are inherited from the
+     * ISubsystem class:
+     * 
+     * public String getId();
+     * 
+     * public void setId( String id ) throws EBaseException;
+     * 
+     * public void init( ISubsystem owner, IConfigStore config ) throws
+     * EBaseException;
+     * 
+     * public void startup() throws EBaseException;
+     * 
+     * public void shutdown();
+     * 
+     * public IConfigStore getConfigStore();
      */
 }
-
diff --git a/pki/base/common/src/com/netscape/certsrv/selftests/SelfTestResources.java b/pki/base/common/src/com/netscape/certsrv/selftests/SelfTestResources.java
index c396c14b..c7c4d372 100644
--- a/pki/base/common/src/com/netscape/certsrv/selftests/SelfTestResources.java
+++ b/pki/base/common/src/com/netscape/certsrv/selftests/SelfTestResources.java
@@ -17,10 +17,8 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.selftests;
 
-
 import java.util.ListResourceBundle;
 
-
 /**
  * A class represents a resource bundle for Self Tests.
  * <P>
diff --git a/pki/base/common/src/com/netscape/certsrv/template/ArgList.java b/pki/base/common/src/com/netscape/certsrv/template/ArgList.java
index 72288a73..4ea2fb48 100644
--- a/pki/base/common/src/com/netscape/certsrv/template/ArgList.java
+++ b/pki/base/common/src/com/netscape/certsrv/template/ArgList.java
@@ -20,11 +20,10 @@ package com.netscape.certsrv.template;
 import java.util.Vector;
 
 /**
- * This class represents a list of arguments
- * that will be returned to the end-user via
- * the template framework.
+ * This class represents a list of arguments that will be returned to the
+ * end-user via the template framework.
  * <p>
- *
+ * 
  * @version $Revision$, $Date$
  */
 public class ArgList implements IArgValue {
@@ -39,16 +38,16 @@ public class ArgList implements IArgValue {
 
     /**
      * Adds an argument to the list.
-     *
+     * 
      * @param arg argument to be added
      */
     public void add(IArgValue arg) {
         mList.addElement(arg);
     }
 
-    /** 
+    /**
      * Returns the number of arguments in the list.
-     *
+     * 
      * @return size of the list
      */
     public int size() {
@@ -56,9 +55,8 @@ public class ArgList implements IArgValue {
     }
 
     /**
-     * Returns the argument at the given position
-     * Position starts from 0.
-     *
+     * Returns the argument at the given position Position starts from 0.
+     * 
      * @param pos position
      * @return argument
      */
diff --git a/pki/base/common/src/com/netscape/certsrv/template/ArgSet.java b/pki/base/common/src/com/netscape/certsrv/template/ArgSet.java
index 471371f9..f5e1badd 100644
--- a/pki/base/common/src/com/netscape/certsrv/template/ArgSet.java
+++ b/pki/base/common/src/com/netscape/certsrv/template/ArgSet.java
@@ -21,12 +21,10 @@ import java.util.Enumeration;
 import java.util.Hashtable;
 
 /**
- * This class represents a set of arguments.
- * Unlike ArgList, this set of arguments is 
- * not ordered.
+ * This class represents a set of arguments. Unlike ArgList, this set of
+ * arguments is not ordered.
  * <p>
- * Each argument in the set is tagged with
- * a name (key).
+ * Each argument in the set is tagged with a name (key).
  * <p>
  * 
  * @version $Revision$, $Date$
@@ -36,7 +34,7 @@ public class ArgSet implements IArgValue {
 
     /**
      * Returns a list of argument names.
-     *
+     * 
      * @return list of argument names
      */
     public Enumeration<String> getNames() {
@@ -45,17 +43,17 @@ public class ArgSet implements IArgValue {
 
     /**
      * Sets string argument into the set with the given name.
-     *
+     * 
      * @param name argument name
      * @param arg argument in string
      */
     public void set(String name, String arg) {
-        mArgs.put(name, new ArgString (arg));
+        mArgs.put(name, new ArgString(arg));
     }
 
     /**
      * Sets argument into the set with the given name.
-     *
+     * 
      * @param name argument name
      * @param arg argument value
      */
@@ -65,7 +63,7 @@ public class ArgSet implements IArgValue {
 
     /**
      * Retrieves argument from the set.
-     *
+     * 
      * @param name argument name
      * @return argument value
      */
diff --git a/pki/base/common/src/com/netscape/certsrv/template/ArgString.java b/pki/base/common/src/com/netscape/certsrv/template/ArgString.java
index 385338ca..4fb982eb 100644
--- a/pki/base/common/src/com/netscape/certsrv/template/ArgString.java
+++ b/pki/base/common/src/com/netscape/certsrv/template/ArgString.java
@@ -17,11 +17,9 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.template;
 
-
-
 /**
  * This class represents a string-based argument.
- *
+ * 
  * @version $Revision$, $Date$
  */
 public class ArgString implements IArgValue {
@@ -29,7 +27,7 @@ public class ArgString implements IArgValue {
 
     /**
      * Constructs a string-based argument value.
-     *
+     * 
      * @param value argument value
      */
     public ArgString(String value) {
@@ -38,7 +36,7 @@ public class ArgString implements IArgValue {
 
     /**
      * Returns the argument value.
-     *
+     * 
      * @return argument value
      */
     public String getValue() {
diff --git a/pki/base/common/src/com/netscape/certsrv/template/IArgValue.java b/pki/base/common/src/com/netscape/certsrv/template/IArgValue.java
index d679f0a1..27694a06 100644
--- a/pki/base/common/src/com/netscape/certsrv/template/IArgValue.java
+++ b/pki/base/common/src/com/netscape/certsrv/template/IArgValue.java
@@ -18,10 +18,9 @@
 package com.netscape.certsrv.template;
 
 /**
- * This interface presents a generic argument value.
- * Argument value can be in string, in a list, or 
- * in a set.
- *
+ * This interface presents a generic argument value. Argument value can be in
+ * string, in a list, or in a set.
+ * 
  * @version $Revision$, $Date$
  */
 public interface IArgValue {
diff --git a/pki/base/common/src/com/netscape/certsrv/tks/ITKSAuthority.java b/pki/base/common/src/com/netscape/certsrv/tks/ITKSAuthority.java
index 0fec3043..4806da66 100644
--- a/pki/base/common/src/com/netscape/certsrv/tks/ITKSAuthority.java
+++ b/pki/base/common/src/com/netscape/certsrv/tks/ITKSAuthority.java
@@ -17,16 +17,14 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.tks;
 
-
 import com.netscape.certsrv.base.ISubsystem;
 import com.netscape.certsrv.request.IRequestQueue;
 
-
 /**
- * An interface represents a Registration Authority that is
- * responsible for certificate enrollment operations.
+ * An interface represents a Registration Authority that is responsible for
+ * certificate enrollment operations.
  * <P>
- *
+ * 
  * @version $Revision$, $Date$
  */
 public interface ITKSAuthority extends ISubsystem {
@@ -36,23 +34,21 @@ public interface ITKSAuthority extends ISubsystem {
     public static final String PROP_REGISTRATION = "Registration";
     public static final String PROP_GATEWAY = "gateway";
     public static final String PROP_NICKNAME = "certNickname";
-    //public final static String PROP_PUBLISH_SUBSTORE = "publish";
-    //public final static String PROP_LDAP_PUBLISH_SUBSTORE = "ldappublish";
+    // public final static String PROP_PUBLISH_SUBSTORE = "publish";
+    // public final static String PROP_LDAP_PUBLISH_SUBSTORE = "ldappublish";
     public final static String PROP_CONNECTOR = "connector";
     public final static String PROP_NEW_NICKNAME = "newNickname";
 
-
-
     /**
      * Retrieves the request queue of this registration authority.
-     *
+     * 
      * @return RA's request queue
      */
     public IRequestQueue getRequestQueue();
 
     /**
      * Returns the nickname of the RA certificate.
-     *
+     * 
      * @return the nickname of the RA certificate
      */
     public String getNickname();
diff --git a/pki/base/common/src/com/netscape/certsrv/usrgrp/Certificates.java b/pki/base/common/src/com/netscape/certsrv/usrgrp/Certificates.java
index c5711725..1251eca6 100644
--- a/pki/base/common/src/com/netscape/certsrv/usrgrp/Certificates.java
+++ b/pki/base/common/src/com/netscape/certsrv/usrgrp/Certificates.java
@@ -17,14 +17,12 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.usrgrp;
 
-
 import java.security.cert.X509Certificate;
 
-
 /**
- * This class defines the strong authentication basic elements,
- * the X509 certificates.
- *
+ * This class defines the strong authentication basic elements, the X509
+ * certificates.
+ * 
  * @version $Revision$, $Date$
  */
 public class Certificates {
@@ -33,6 +31,7 @@ public class Certificates {
 
     /**
      * Constructs strong authenticator.
+     * 
      * @param certs a list of X509Certificates
      */
     public Certificates(X509Certificate certs[]) {
@@ -41,6 +40,7 @@ public class Certificates {
 
     /**
      * Retrieves certificates.
+     * 
      * @return a list of X509Certificates
      */
     public X509Certificate[] getCertificates() {
diff --git a/pki/base/common/src/com/netscape/certsrv/usrgrp/EUsrGrpException.java b/pki/base/common/src/com/netscape/certsrv/usrgrp/EUsrGrpException.java
index ca4634a6..a25a1a6b 100644
--- a/pki/base/common/src/com/netscape/certsrv/usrgrp/EUsrGrpException.java
+++ b/pki/base/common/src/com/netscape/certsrv/usrgrp/EUsrGrpException.java
@@ -17,14 +17,12 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.usrgrp;
 
-
 import com.netscape.certsrv.base.EBaseException;
 
-
 /**
  * A class represents a Identity exception.
  * <P>
- *
+ * 
  * @version $Revision$, $Date$
  */
 public class EUsrGrpException extends EBaseException {
@@ -40,8 +38,9 @@ public class EUsrGrpException extends EBaseException {
 
     /**
      * Constructs a usr/grp management exception
+     * 
      * @param msgFormat exception details in message string format
-     * <P>
+     *            <P>
      */
     public EUsrGrpException(String msgFormat) {
         super(msgFormat);
@@ -49,9 +48,10 @@ public class EUsrGrpException extends EBaseException {
 
     /**
      * Constructs a Identity exception.
+     * 
      * @param msgFormat exception details in message string format
      * @param param message string parameter
-     * <P>
+     *            <P>
      */
     public EUsrGrpException(String msgFormat, String param) {
         super(msgFormat, param);
@@ -59,8 +59,9 @@ public class EUsrGrpException extends EBaseException {
 
     /**
      * Constructs a Identity exception.
+     * 
      * @param e system exception
-     * <P>
+     *            <P>
      */
     public EUsrGrpException(String msgFormat, Exception e) {
         super(msgFormat, e);
@@ -68,9 +69,10 @@ public class EUsrGrpException extends EBaseException {
 
     /**
      * Constructs a Identity exception.
+     * 
      * @param msgFormat exception details in message string format
      * @param params list of message format parameters
-     * <P>
+     *            <P>
      */
     public EUsrGrpException(String msgFormat, Object params[]) {
         super(msgFormat, params);
diff --git a/pki/base/common/src/com/netscape/certsrv/usrgrp/ICertUserLocator.java b/pki/base/common/src/com/netscape/certsrv/usrgrp/ICertUserLocator.java
index a9d789e6..4c40c69a 100644
--- a/pki/base/common/src/com/netscape/certsrv/usrgrp/ICertUserLocator.java
+++ b/pki/base/common/src/com/netscape/certsrv/usrgrp/ICertUserLocator.java
@@ -17,25 +17,24 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.usrgrp;
 
-
 import netscape.ldap.LDAPException;
 
 import com.netscape.certsrv.ldap.ELdapException;
 
-
 /**
- * This interface defines a certificate mapping strategy to locate
- * a user
- *
+ * This interface defines a certificate mapping strategy to locate a user
+ * 
  * @version $Revision$, $Date$
  */
 public interface ICertUserLocator {
 
     /**
      * Returns a user whose certificates match with the given certificates
+     * 
      * @return an user interface
-     * @exception EUsrGrpException thrown when failed to build user 
-     * @exception LDAPException thrown when LDAP internal database is not available
+     * @exception EUsrGrpException thrown when failed to build user
+     * @exception LDAPException thrown when LDAP internal database is not
+     *                available
      * @exception ELdapException thrown when the LDAP search failed
      */
     public IUser locateUser(Certificates certs) throws
@@ -43,6 +42,7 @@ public interface ICertUserLocator {
 
     /**
      * Retrieves description.
+     * 
      * @return description
      */
     public String getDescription();
diff --git a/pki/base/common/src/com/netscape/certsrv/usrgrp/IGroup.java b/pki/base/common/src/com/netscape/certsrv/usrgrp/IGroup.java
index 778b9aab..cddb649c 100644
--- a/pki/base/common/src/com/netscape/certsrv/usrgrp/IGroup.java
+++ b/pki/base/common/src/com/netscape/certsrv/usrgrp/IGroup.java
@@ -17,53 +17,58 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.usrgrp;
 
-
 import java.util.Enumeration;
 
 import com.netscape.certsrv.base.IAttrSet;
 
-
 /**
- * This interface defines the basic interfaces for
- * an identity group. (get/set methods for a group entry attributes)
- *
+ * This interface defines the basic interfaces for an identity group. (get/set
+ * methods for a group entry attributes)
+ * 
  * @version $Revision$, $Date$
  */
 public interface IGroup extends IAttrSet, IGroupConstants {
 
     /**
      * Retrieves the group name.
+     * 
      * @return the group name
      */
     public String getName();
 
     /**
      * Retrieves group identifier.
+     * 
      * @return the group id
      */
     public String getGroupID();
 
     /**
      * Retrieves group description.
+     * 
      * @return description
      */
     public String getDescription();
 
     /**
      * Checks if the given name is member of this group.
+     * 
      * @param name the given name
-     * @return true if the given name is the member of this group; otherwise false.
+     * @return true if the given name is the member of this group; otherwise
+     *         false.
      */
     public boolean isMember(String name);
 
     /**
      * Adds new member.
+     * 
      * @param name the given name.
      */
     public void addMemberName(String name);
 
     /**
      * Retrieves a list of member names.
+     * 
      * @return a list of member names for this group.
      */
     public Enumeration getMemberNames();
diff --git a/pki/base/common/src/com/netscape/certsrv/usrgrp/IGroupConstants.java b/pki/base/common/src/com/netscape/certsrv/usrgrp/IGroupConstants.java
index 2f8711ce..22d89455 100644
--- a/pki/base/common/src/com/netscape/certsrv/usrgrp/IGroupConstants.java
+++ b/pki/base/common/src/com/netscape/certsrv/usrgrp/IGroupConstants.java
@@ -17,12 +17,9 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.usrgrp;
 
-
-
-
 /**
  * This interface defines the attribute names for a group entry
- *
+ * 
  * @version $Revision$, $Date$
  */
 public interface IGroupConstants {
diff --git a/pki/base/common/src/com/netscape/certsrv/usrgrp/IIdEvaluator.java b/pki/base/common/src/com/netscape/certsrv/usrgrp/IIdEvaluator.java
index 94bdf885..103b1026 100644
--- a/pki/base/common/src/com/netscape/certsrv/usrgrp/IIdEvaluator.java
+++ b/pki/base/common/src/com/netscape/certsrv/usrgrp/IIdEvaluator.java
@@ -17,9 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.usrgrp;
 
-
-
-
 /**
  * A class represents an ID evaluator.
  * <P>
@@ -29,8 +26,9 @@ package com.netscape.certsrv.usrgrp;
 public interface IIdEvaluator {
 
     /**
-     * Evaluates if the given value satisfies the ID evaluation:
-     * is a user a member of a group
+     * Evaluates if the given value satisfies the ID evaluation: is a user a
+     * member of a group
+     * 
      * @param type the type of evaluator, in this case, it is group
      * @param id the user id for the given user
      * @param op operator, only "=" and "!=" are supported
diff --git a/pki/base/common/src/com/netscape/certsrv/usrgrp/IUGSubsystem.java b/pki/base/common/src/com/netscape/certsrv/usrgrp/IUGSubsystem.java
index ff6f7be6..5857e3e9 100644
--- a/pki/base/common/src/com/netscape/certsrv/usrgrp/IUGSubsystem.java
+++ b/pki/base/common/src/com/netscape/certsrv/usrgrp/IUGSubsystem.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.usrgrp;
 
-
 import java.security.cert.X509Certificate;
 import java.util.Enumeration;
 
@@ -25,12 +24,10 @@ import netscape.ldap.LDAPException;
 
 import com.netscape.certsrv.base.ISubsystem;
 
-
 /**
- * This class defines low-level LDAP usr/grp management
- * usr/grp information is located remotely on another
- * LDAP server.
- *
+ * This class defines low-level LDAP usr/grp management usr/grp information is
+ * located remotely on another LDAP server.
+ * 
  * @version $Revision$, $Date$
  */
 public interface IUGSubsystem extends ISubsystem, IUsrGrp {
@@ -47,6 +44,7 @@ public interface IUGSubsystem extends ISubsystem, IUsrGrp {
 
     /**
      * Retrieves a user from LDAP
+     * 
      * @param userid the given user id
      * @exception EUsrGrpException thrown when failed to find the user
      */
@@ -54,6 +52,7 @@ public interface IUGSubsystem extends ISubsystem, IUsrGrp {
 
     /**
      * Searches for users that matches the filter.
+     * 
      * @param filter search filter for efficiency
      * @return list of users
      * @exception EUsrGrpException thrown when any internal error occurs
@@ -62,48 +61,57 @@ public interface IUGSubsystem extends ISubsystem, IUsrGrp {
 
     /**
      * Adds the given user to the internal database
+     * 
      * @param identity the given user
      * @exception EUsrGrpException thrown when failed to add user to the group
-     * @exception LDAPException thrown when the LDAP internal database is not available
+     * @exception LDAPException thrown when the LDAP internal database is not
+     *                available
      */
     public void addUser(IUser identity) throws EUsrGrpException, LDAPException;
 
     /**
      * Adds a user certificate to user
+     * 
      * @param identity user interface
-     * @exception EUsrGrpException thrown when failed to add the user certificate to the given user
-     * @exception LDAPException thrown when the LDAP internal database is not available
+     * @exception EUsrGrpException thrown when failed to add the user
+     *                certificate to the given user
+     * @exception LDAPException thrown when the LDAP internal database is not
+     *                available
      */
     public void addUserCert(IUser identity) throws EUsrGrpException,
             LDAPException;
 
     /**
-     * Removes a user certificate for a user entry
-     * given a user certificate DN (actually, a combination of version,
-     * serialNumber, issuerDN, and SubjectDN), and it gets removed
-     * @param identity the given user whose user certificate is going to be
-     * be removed.
+     * Removes a user certificate for a user entry given a user certificate DN
+     * (actually, a combination of version, serialNumber, issuerDN, and
+     * SubjectDN), and it gets removed
+     * 
+     * @param identity the given user whose user certificate is going to be be
+     *            removed.
      * @exception EUsrGrpException thrown when failed to remove user certificate
      */
     public void removeUserCert(IUser identity) throws EUsrGrpException;
 
     /**
      * Removes identity.
+     * 
      * @param userid the given user id
      * @exception EUsrGrpException thrown when failed to remove user
      */
     public void removeUser(String userid) throws EUsrGrpException;
 
     /**
-     * Modifies user attributes.  Certs are handled separately
-     * @param identity the given identity which contains all the user
-     * attributes being modified
+     * Modifies user attributes. Certs are handled separately
+     * 
+     * @param identity the given identity which contains all the user attributes
+     *            being modified
      * @exception EUsrGrpException thrown when modification failed
      */
     public void modifyUser(IUser identity) throws EUsrGrpException;
 
     /**
      * Finds groups that match the filter.
+     * 
      * @param filter the search filter
      * @return a list of groups that match the given search filter
      */
@@ -111,24 +119,27 @@ public interface IUGSubsystem extends ISubsystem, IUsrGrp {
 
     /**
      * Find a group for the given name
+     * 
      * @param name the given name
      * @return a group that matched the given name
      */
     public IGroup findGroup(String name);
 
     /**
-     * List groups.  This method is more efficient than findGroups because
-     * this method retrieves group names and description only. Each 
-     * retrieved group just contains group name and description.
+     * List groups. This method is more efficient than findGroups because this
+     * method retrieves group names and description only. Each retrieved group
+     * just contains group name and description.
+     * 
      * @param filter the search filter
-     * @return a list of groups, each group just contains group name and
-     * its description.
+     * @return a list of groups, each group just contains group name and its
+     *         description.
      * @exception EUsrGrpException thrown when failed to list groups
      */
     public Enumeration<IGroup> listGroups(String filter) throws EUsrGrpException;
 
     /**
      * Retrieves a group from LDAP for the given group name
+     * 
      * @param name the given group name
      * @return a group interface
      */
@@ -136,37 +147,44 @@ public interface IUGSubsystem extends ISubsystem, IUsrGrp {
 
     /**
      * Retrieves a group from LDAP for the given DN.
-     * @param DN the given DN 
+     * 
+     * @param DN the given DN
      * @return a group interface for the given DN.
      */
     public IGroup getGroup(String DN);
 
     /**
      * Checks if the given group exists.
+     * 
      * @param name the given group name
-     * @return true if the given group exists in the internal database; otherwise false.
+     * @return true if the given group exists in the internal database;
+     *         otherwise false.
      */
     public boolean isGroupPresent(String name);
 
     /**
      * Checks if the given context is a member of the given group
+     * 
      * @param uid the given user id
      * @param name the given group name
-     * @return true if the user with the given user id is a member of the given 
-     * group
+     * @return true if the user with the given user id is a member of the given
+     *         group
      */
     public boolean isMemberOf(String uid, String name);
+
     public boolean isMemberOf(IUser id, String name);
 
     /**
      * Adds a group of identities.
+     * 
      * @param group the given group
      * @exception EUsrGrpException thrown when failed to add group.
      */
     public void addGroup(IGroup group) throws EUsrGrpException;
 
     /**
-     * Removes a group.  Can't remove SUPER_CERT_ADMINS
+     * Removes a group. Can't remove SUPER_CERT_ADMINS
+     * 
      * @param name the given group name
      * @exception EUsrGrpException thrown when the given group failed to remove
      */
@@ -174,24 +192,27 @@ public interface IUGSubsystem extends ISubsystem, IUsrGrp {
 
     /**
      * Modifies a group.
+     * 
      * @param group the given group which contain all group attributes being
-     * modified.
+     *            modified.
      * @exception EUsrGrpException thrown when failed to modify group.
      */
     public void modifyGroup(IGroup group) throws EUsrGrpException;
 
     /**
      * Removes the user with the given id from the given group
+     * 
      * @param grp the given group
      * @param userid the given user id
      * @exception EUsrGrpException thrown when failed to remove the user from
-     * the given group
+     *                the given group
      */
     public void removeUserFromGroup(IGroup grp, String userid)
-        throws EUsrGrpException;
+            throws EUsrGrpException;
 
     /**
      * Create user with the given id.
+     * 
      * @param id the user with the given id.
      * @return a new user
      */
@@ -199,6 +220,7 @@ public interface IUGSubsystem extends ISubsystem, IUsrGrp {
 
     /**
      * Create group with the given id.
+     * 
      * @param id the group with the given id.
      * @return a new group
      */
@@ -206,24 +228,29 @@ public interface IUGSubsystem extends ISubsystem, IUsrGrp {
 
     /**
      * Get string representation of the given certificate
+     * 
      * @param cert given certificate
      * @return the string representation of the given certificate
      */
     public String getCertificateString(X509Certificate cert);
 
     /**
-     * Searchs for identities that matches the certificate locater
-     * generated filter.
+     * Searchs for identities that matches the certificate locater generated
+     * filter.
+     * 
      * @param filter search filter
      * @return an user
      * @exception EUsrGrpException thrown when failed to find user
-     * @exception LDAPException thrown when the internal database is not available
+     * @exception LDAPException thrown when the internal database is not
+     *                available
      */
     public IUser findUsersByCert(String filter) throws
             EUsrGrpException, LDAPException;
 
     /**
-     * Get user locator which does the mapping between the user and the certificate.
+     * Get user locator which does the mapping between the user and the
+     * certificate.
+     * 
      * @return CertUserLocator
      */
     public ICertUserLocator getCertUserLocator();
diff --git a/pki/base/common/src/com/netscape/certsrv/usrgrp/IUser.java b/pki/base/common/src/com/netscape/certsrv/usrgrp/IUser.java
index 398ccb71..fea2f56a 100644
--- a/pki/base/common/src/com/netscape/certsrv/usrgrp/IUser.java
+++ b/pki/base/common/src/com/netscape/certsrv/usrgrp/IUser.java
@@ -17,136 +17,154 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.usrgrp;
 
-
 import java.security.cert.X509Certificate;
 
 import com.netscape.certsrv.base.IAttrSet;
 
-
 /**
- * This interface defines the basic interfaces for
- * a user identity. (get/set methods for a user entry attributes)
- *
+ * This interface defines the basic interfaces for a user identity. (get/set
+ * methods for a user entry attributes)
+ * 
  * @version $Revision$, $Date$
  */
 public interface IUser extends IAttrSet, IUserConstants {
 
     /**
      * Retrieves name.
+     * 
      * @return user name
      */
     public String getName();
 
     /**
      * Retrieves user identifier.
+     * 
      * @return user id
      */
     public String getUserID();
 
     /**
      * Retrieves user full name.
+     * 
      * @return user fullname
      */
     public String getFullName();
 
     /**
      * Retrieves user phonenumber.
+     * 
      * @return user phonenumber
      */
     public String getPhone();
 
     /**
      * Retrieves user state
+     * 
      * @return user state
      */
     public String getState();
 
     /**
      * Sets user full name.
+     * 
      * @param name the given full name
      */
     public void setFullName(String name);
 
     /**
      * Sets user ldap DN.
+     * 
      * @param userdn the given user DN
      */
     public void setUserDN(String userdn);
 
     /**
      * Gets user ldap dn
+     * 
      * @return user DN
      */
     public String getUserDN();
 
     /**
      * Retrieves user password.
+     * 
      * @return user password
      */
     public String getPassword();
 
     /**
      * Sets user password.
+     * 
      * @param p the given password
      */
     public void setPassword(String p);
 
     /**
      * Sets user phonenumber
-     * @param p user phonenumber 
+     * 
+     * @param p user phonenumber
      */
     public void setPhone(String p);
 
     /**
      * Sets user state
+     * 
      * @param p the given user state
      */
     public void setState(String p);
 
     /**
      * Sets user type
+     * 
      * @param userType the given user type
      */
     public void setUserType(String userType);
 
     /**
      * Gets user email address.
+     * 
      * @return email address
      */
     public String getEmail();
 
     /**
      * Sets user email address.
+     * 
      * @param email the given email address
      */
     public void setEmail(String email);
 
     /**
      * Gets list of certificates from this user
+     * 
      * @return list of certificates
      */
     public X509Certificate[] getX509Certificates();
 
     /**
      * Sets list of certificates in this user
+     * 
      * @param certs list of certificates
      */
     public void setX509Certificates(X509Certificate certs[]);
 
     /**
      * Get certificate DN
+     * 
      * @return certificate DN
      */
     public String getCertDN();
 
     /**
      * Set certificate DN
+     * 
      * @param userdn the given DN
      */
     public void setCertDN(String userdn);
 
     /**
      * Get user type
+     * 
      * @return user type.
      */
     public String getUserType();
diff --git a/pki/base/common/src/com/netscape/certsrv/usrgrp/IUserConstants.java b/pki/base/common/src/com/netscape/certsrv/usrgrp/IUserConstants.java
index f24e9fb4..f66f01c7 100644
--- a/pki/base/common/src/com/netscape/certsrv/usrgrp/IUserConstants.java
+++ b/pki/base/common/src/com/netscape/certsrv/usrgrp/IUserConstants.java
@@ -17,12 +17,9 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.usrgrp;
 
-
-
-
 /**
  * This interface defines the attribute names for a user entry
- *
+ * 
  * @version $Revision$, $Date$
  */
 public interface IUserConstants {
diff --git a/pki/base/common/src/com/netscape/certsrv/usrgrp/IUsrGrp.java b/pki/base/common/src/com/netscape/certsrv/usrgrp/IUsrGrp.java
index 17b00c88..af842ff6 100644
--- a/pki/base/common/src/com/netscape/certsrv/usrgrp/IUsrGrp.java
+++ b/pki/base/common/src/com/netscape/certsrv/usrgrp/IUsrGrp.java
@@ -20,50 +20,54 @@ package com.netscape.certsrv.usrgrp;
 import netscape.ldap.LDAPException;
 
 /**
- * This interface defines the basic capabilities of
- * a usr/group manager. (get/add/modify/remove users or groups)
- *
+ * This interface defines the basic capabilities of a usr/group manager.
+ * (get/add/modify/remove users or groups)
+ * 
  * @version $Revision$, $Date$
  */
 public interface IUsrGrp extends IIdEvaluator {
 
     /**
      * Retrieves usr/grp manager identifier.
+     * 
      * @return id
      */
     public String getId();
 
     /**
      * Retrieves the description
+     * 
      * @return description
      */
     public String getDescription();
 
     /**
      * Retrieves an identity
+     * 
      * @param userid the user id for the given user
      * @return user interface
      */
     public IUser getUser(String userid) throws EUsrGrpException;
 
     /**
-     * Adds a user identity to the LDAP server. For example,
-     * <code>
+     * Adds a user identity to the LDAP server. For example, <code>
      *   User user = new User("joe");
      *   user.setFullName("joe doe");
      *   user.setPassword("secret");
      *   usrgrp.addUser(user);
      * </code>
+     * 
      * @param user an user interface
      * @exception EUsrGrpException thrown when some of the user attribute values
-     * are null
+     *                are null
      * @exception LDAPException thrown when the LDAP internal database is not
-     * available, or the add operation failed
+     *                available, or the add operation failed
      */
     public void addUser(IUser user) throws EUsrGrpException, LDAPException;
 
     /**
      * Removes a user.
+     * 
      * @param userid the user id for the given user
      * @exception EUsrGrpException thrown when failed to remove user
      */
@@ -71,6 +75,7 @@ public interface IUsrGrp extends IIdEvaluator {
 
     /**
      * Modifies user.
+     * 
      * @param user the user interface which contains the modified information
      * @exception EUsrGrpException thrown when failed to modify user
      */
@@ -78,6 +83,7 @@ public interface IUsrGrp extends IIdEvaluator {
 
     /**
      * Retrieves an identity group
+     * 
      * @param groupid the given group id.
      * @return the group interface
      */
@@ -85,6 +91,7 @@ public interface IUsrGrp extends IIdEvaluator {
 
     /**
      * Adds a group
+     * 
      * @param group the given group
      * @exception EUsrGrpException thrown when failed to add the group.
      */
@@ -92,16 +99,18 @@ public interface IUsrGrp extends IIdEvaluator {
 
     /**
      * Modifies a group
-     * @param group the given group contains the new information for modification.
+     * 
+     * @param group the given group contains the new information for
+     *            modification.
      * @exception EUsrGrpException thrown when failed to modify the group.
      */
     public void modifyGroup(IGroup group) throws EUsrGrpException;
 
     /**
      * Removes a group
+     * 
      * @param name the group name
-     * @exception EUsrGrpException thrown when failed to remove the given
-     * group.
+     * @exception EUsrGrpException thrown when failed to remove the given group.
      */
     public void removeGroup(String name) throws EUsrGrpException;
 
diff --git a/pki/base/common/src/com/netscape/certsrv/usrgrp/UsrGrpResources.java b/pki/base/common/src/com/netscape/certsrv/usrgrp/UsrGrpResources.java
index ed4f28b8..7e04ff9a 100644
--- a/pki/base/common/src/com/netscape/certsrv/usrgrp/UsrGrpResources.java
+++ b/pki/base/common/src/com/netscape/certsrv/usrgrp/UsrGrpResources.java
@@ -20,9 +20,8 @@ package com.netscape.certsrv.usrgrp;
 import java.util.ListResourceBundle;
 
 /**
- * A class represents a resource bundle for the 
- * user/group manager
- *
+ * A class represents a resource bundle for the user/group manager
+ * 
  * @deprecated
  * @version $Revision$, $Date$
  */
@@ -30,6 +29,7 @@ public class UsrGrpResources extends ListResourceBundle {
 
     /**
      * Returns the content of this resource.
+     * 
      * @return the content of this resource.
      */
     public Object[][] getContents() {
@@ -37,8 +37,7 @@ public class UsrGrpResources extends ListResourceBundle {
     }
 
     /**
-     * Constants. The suffix represents the number of
-     * possible parameters.
+     * Constants. The suffix represents the number of possible parameters.
      */
 
     static final Object[][] contents = {};
diff --git a/pki/base/common/src/com/netscape/certsrv/util/HttpInput.java b/pki/base/common/src/com/netscape/certsrv/util/HttpInput.java
index 4f68bf63..2c4581f8 100644
--- a/pki/base/common/src/com/netscape/certsrv/util/HttpInput.java
+++ b/pki/base/common/src/com/netscape/certsrv/util/HttpInput.java
@@ -26,19 +26,16 @@ import javax.servlet.http.HttpServletRequest;
 
 import netscape.ldap.LDAPDN;
 
-public class HttpInput
-{
-   public static int getPortNumberInInt(HttpServletRequest request, String name)
-        throws IOException
-    {
+public class HttpInput {
+    public static int getPortNumberInInt(HttpServletRequest request, String name)
+            throws IOException {
         String val = request.getParameter(name);
         int p = Integer.parseInt(val);
         return p;
     }
-                                                                                
+
     public static String getBoolean(HttpServletRequest request, String name)
-        throws IOException
-    {
+            throws IOException {
         String val = request.getParameter(name);
         if (val.equals("true") || val.equals("false")) {
             return val;
@@ -47,8 +44,7 @@ public class HttpInput
     }
 
     public static String getCheckbox(HttpServletRequest request, String name)
-        throws IOException
-    {
+            throws IOException {
         String val = request.getParameter(name);
         if (val == null || val.equals("")) {
             return "off";
@@ -59,8 +55,7 @@ public class HttpInput
     }
 
     public static String getInteger(HttpServletRequest request, String name)
-        throws IOException
-    {
+            throws IOException {
         String val = request.getParameter(name);
         int p = 0;
         try {
@@ -75,9 +70,8 @@ public class HttpInput
         return val;
     }
 
-    public static String getInteger(HttpServletRequest request, String name, 
-          int min, int max) throws IOException
-    {
+    public static String getInteger(HttpServletRequest request, String name,
+            int min, int max) throws IOException {
         String val = getInteger(request, name);
         int p = Integer.parseInt(val);
         if (p < min || p > max) {
@@ -85,41 +79,36 @@ public class HttpInput
         }
         return val;
     }
-                                                                                
+
     public static String getPortNumber(HttpServletRequest request, String name)
-        throws IOException
-    {
-        String v =  getInteger(request, name);         
+            throws IOException {
+        String v = getInteger(request, name);
         return v;
     }
-                                                                                
+
     public static String getString(HttpServletRequest request, String name)
-        throws IOException
-    {
+            throws IOException {
         String val = request.getParameter(name);
         return val;
     }
 
     public static String getString(HttpServletRequest request, String name,
-            int minlen, int maxlen) throws IOException
-    {
+            int minlen, int maxlen) throws IOException {
         String val = request.getParameter(name);
         if (val.length() < minlen || val.length() > maxlen) {
-            throw new IOException("String length of '" + val + 
-               "' is out of range");
+            throw new IOException("String length of '" + val +
+                    "' is out of range");
         }
         return val;
     }
-                                                                                
+
     public static String getLdapDatabase(HttpServletRequest request, String name)
-        throws IOException
-    {
+            throws IOException {
         return getString(request, name);
     }
-                                                                                
+
     public static String getURL(HttpServletRequest request, String name)
-        throws IOException
-    {
+            throws IOException {
         String v = getString(request, name);
         try {
             URL u = new URL(v);
@@ -128,163 +117,144 @@ public class HttpInput
         }
         return v;
     }
-                                                                                
+
     public static String getUID(HttpServletRequest request, String name)
-        throws IOException
-    {
+            throws IOException {
         return getString(request, name);
     }
-                                                                                
+
     public static String getPassword(HttpServletRequest request, String name)
-        throws IOException
-    {
+            throws IOException {
         return getString(request, name);
     }
 
     public static String getKeyType(HttpServletRequest request, String name)
-        throws IOException
-    {
+            throws IOException {
         String v = getString(request, name);
         if (v.equals("rsa")) {
-          return v;
+            return v;
         }
         if (v.equals("ecc")) {
-          return v;
+            return v;
         }
         throw new IOException("Invalid key type '" + v + "' not supported.");
     }
-                                                                                
+
     public static String getKeySize(HttpServletRequest request, String name)
-        throws IOException
-    {
+            throws IOException {
         String i = getInteger(request, name);
         if (i.equals("256") || i.equals("512") || i.equals("1024") ||
-           i.equals("2048") || i.equals("4096")) {
-          return i;
+                i.equals("2048") || i.equals("4096")) {
+            return i;
         }
         throw new IOException("Invalid key length '" + i + "'. Currently supported key lengths are 256, 512, 1024, 2048, 4096.");
     }
 
     public static String getKeySize(HttpServletRequest request, String name, String keyType)
-        throws IOException
-    {
+            throws IOException {
         String i = getInteger(request, name);
         if (keyType.equals("rsa")) {
-          if (i.equals("256") || i.equals("512") || i.equals("1024") ||
-             i.equals("2048") || i.equals("4096")) {
-            return i;
-          } else {
-            throw new IOException("Invalid key length '" + i + "'. Currently supported RSA key lengths are 256, 512, 1024, 2048, 4096.");
-          }
+            if (i.equals("256") || i.equals("512") || i.equals("1024") ||
+                    i.equals("2048") || i.equals("4096")) {
+                return i;
+            } else {
+                throw new IOException("Invalid key length '" + i + "'. Currently supported RSA key lengths are 256, 512, 1024, 2048, 4096.");
+            }
         }
         if (keyType.equals("ecc")) {
-          int p = 0;
-          try {
-            p = Integer.parseInt(i);
-          } catch (NumberFormatException e) {
-            throw new IOException("Input '" + i + "' is not an integer");
-          }
-          if ((p >= 112) && (p <= 571))
-            return i;
-          else {
-            throw new IOException("Invalid key length '" + i + "'. Please consult your security officer for a proper length, or take the default value. Here are examples of some commonly used key lengths: 256, 384, 521.");
-          }
-/*
-
-          if (i.equals("256") || i.equals("384") || i.equals("521")) { 
-            return i;
-          } else {
-            throw new IOException("Invalid key length '" + i + "'. Currently supported ECC key lengths are 256, 384, 521.");
-          }
-*/
+            int p = 0;
+            try {
+                p = Integer.parseInt(i);
+            } catch (NumberFormatException e) {
+                throw new IOException("Input '" + i + "' is not an integer");
+            }
+            if ((p >= 112) && (p <= 571))
+                return i;
+            else {
+                throw new IOException("Invalid key length '" + i + "'. Please consult your security officer for a proper length, or take the default value. Here are examples of some commonly used key lengths: 256, 384, 521.");
+            }
+            /*
+             * 
+             * if (i.equals("256") || i.equals("384") || i.equals("521")) {
+             * return i; } else { throw new IOException("Invalid key length '" +
+             * i + "'. Currently supported ECC key lengths are 256, 384, 521.");
+             * }
+             */
         }
         throw new IOException("Invalid key type '" + keyType + "'");
     }
-                                                                                
+
     public static String getDN(HttpServletRequest request, String name)
-        throws IOException
-    {
+            throws IOException {
         String v = getString(request, name);
         String dn[] = LDAPDN.explodeDN(v, true);
         if (dn == null || dn.length <= 0) {
-           throw new IOException("Invalid DN " + v + " in " + name);
+            throw new IOException("Invalid DN " + v + " in " + name);
         }
         return v;
     }
-                                                                                
+
     public static String getID(HttpServletRequest request, String name)
-        throws IOException
-    {
+            throws IOException {
         return getString(request, name);
     }
-                                                                                
+
     public static String getName(HttpServletRequest request, String name)
-        throws IOException
-    {
+            throws IOException {
         return getString(request, name);
     }
-                                                                                
+
     public static String getCertRequest(HttpServletRequest request, String name)
-        throws IOException
-    {
+            throws IOException {
         return getString(request, name);
     }
-                                                                                
+
     public static String getCertChain(HttpServletRequest request, String name)
-        throws IOException
-    {
+            throws IOException {
         return getString(request, name);
     }
-                                                                                
+
     public static String getCert(HttpServletRequest request, String name)
-        throws IOException
-    {
+            throws IOException {
         return getString(request, name);
     }
 
     public static String getNickname(HttpServletRequest request, String name)
-        throws IOException
-    {
+            throws IOException {
         return getString(request, name);
     }
-                                                                                
+
     public static String getHostname(HttpServletRequest request, String name)
-        throws IOException
-    {
+            throws IOException {
         return getString(request, name);
     }
-                                                                                
+
     public static String getTokenName(HttpServletRequest request, String name)
-        throws IOException
-    {
+            throws IOException {
         return getString(request, name);
     }
 
     public static String getReplicationAgreementName(HttpServletRequest request, String name)
-        throws IOException
-    {
+            throws IOException {
         return getString(request, name);
     }
-                                                                                
+
     public static String getEmail(HttpServletRequest request, String name)
-        throws IOException
-    {
+            throws IOException {
         String v = getString(request, name);
         if (v.indexOf('@') == -1) {
-           throw new IOException("Invalid email " + v);
+            throw new IOException("Invalid email " + v);
         }
         return v;
     }
-                                                                                
+
     public static String getDomainName(HttpServletRequest request, String name)
-        throws IOException
-    {
+            throws IOException {
         return getString(request, name);
     }
-                                                                                
-    public static String getSecurityDomainName(HttpServletRequest request, String name)       
-        throws IOException
-    {
+
+    public static String getSecurityDomainName(HttpServletRequest request, String name)
+            throws IOException {
         String v = getName(request, name);
         Pattern p = Pattern.compile("[A-Za-z0-9]+[A-Za-z0-9 -]*");
         Matcher m = p.matcher(v);
diff --git a/pki/base/common/src/com/netscape/certsrv/util/IStatsSubsystem.java b/pki/base/common/src/com/netscape/certsrv/util/IStatsSubsystem.java
index c9881236..8846a99a 100644
--- a/pki/base/common/src/com/netscape/certsrv/util/IStatsSubsystem.java
+++ b/pki/base/common/src/com/netscape/certsrv/util/IStatsSubsystem.java
@@ -17,26 +17,21 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.util;
 
-
 import java.util.Date;
 
 import com.netscape.certsrv.base.ISubsystem;
 
-
 /**
- * A class represents a internal subsystem. This subsystem
- * can be loaded into cert server kernel to perform
- * statistics collection.
+ * A class represents a internal subsystem. This subsystem can be loaded into
+ * cert server kernel to perform statistics collection.
  * <P>
  * 
  * @author thomask
  * @version $Revision$, $Date$
  */
-public interface IStatsSubsystem extends ISubsystem
-{
+public interface IStatsSubsystem extends ISubsystem {
     /**
-     * Retrieves the start time since startup or 
-     * clearing of statistics.
+     * Retrieves the start time since startup or clearing of statistics.
      */
     public Date getStartTime();
 
diff --git a/pki/base/common/src/com/netscape/certsrv/util/StatsEvent.java b/pki/base/common/src/com/netscape/certsrv/util/StatsEvent.java
index 7c510b88..9e004b62 100644
--- a/pki/base/common/src/com/netscape/certsrv/util/StatsEvent.java
+++ b/pki/base/common/src/com/netscape/certsrv/util/StatsEvent.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.certsrv.util;
 
-
 import java.util.Enumeration;
 import java.util.Vector;
 
@@ -28,167 +27,149 @@ import java.util.Vector;
  * @author thomask
  * @version $Revision$, $Date$
  */
-public class StatsEvent
-{
-  private String mName = null;
-  private long mMin = -1;
-  private long mMax = -1;
-  private long mTimeTaken = 0;
-  private long mTimeTakenSqSum = 0;
-  private long mNoOfOperations = 0;
-  private Vector mSubEvents = new Vector();
-  private StatsEvent mParent = null;
-
-  public StatsEvent(StatsEvent parent)
-  {
-    mParent = parent;
-  }
-  
-  public void setName(String name) 
-  {
-    mName = name;
-  }
-
-  /**
-   * Retrieves Transaction name.
-   */ 
-  public String getName() 
-  {
-    return mName;
-  }
-    
-  public void addSubEvent(StatsEvent st)
-  {
-    mSubEvents.addElement(st);
-  }
-
-  /**
-   * Retrieves a list of sub transaction names.
-   */
-  public Enumeration getSubEventNames()
-  {
-    Vector names = new Vector();
-    Enumeration e = mSubEvents.elements();
-    while (e.hasMoreElements()) {
-      StatsEvent st = (StatsEvent)e.nextElement();
-      names.addElement(st.getName());
-    }
-    return names.elements();
-  }  
-
-  /** 
-   * Retrieves a sub transaction.
-   */
-  public StatsEvent getSubEvent(String name)
-  {
-    Enumeration e = mSubEvents.elements();
-    while (e.hasMoreElements()) {
-      StatsEvent st = (StatsEvent)e.nextElement();
-      if (st.getName().equals(name)) {
-        return st;
-      }
-    }
-    return null;
-  }
-
-  public void resetCounters()
-  {
-    mMin = -1;
-    mMax = -1;
-    mNoOfOperations = 0;
-    mTimeTaken = 0;
-    mTimeTakenSqSum = 0;
-    Enumeration e = getSubEventNames();
-    while (e.hasMoreElements()) {
-      String n = (String)e.nextElement();
-      StatsEvent c = getSubEvent(n);
-      c.resetCounters();
-    }
-  }
-
-  public long getMax()
-  {
-    return mMax;
-  }
-
-  public long getMin()
-  {
-    return mMin;
-  }
-
-  public void incNoOfOperations(long c)
-  {
-    mNoOfOperations += c;
-  }
-
-  public long getTimeTakenSqSum()
-  {
-    return mTimeTakenSqSum;
-  }
-
-  public long getPercentage()
-  {
-    if (mParent == null || mParent.getTimeTaken() == 0) {
-      return 100;
-    } else {
-      return (mTimeTaken * 100 / mParent.getTimeTaken());
-    }
-  }
-
-  public long getStdDev()
-  {
-    if (getNoOfOperations() == 0) {
-      return 0;
-    } else {
-      long a = getTimeTakenSqSum();
-      long b = (-2 * getAvg() *getTimeTaken());
-      long c = getAvg() * getAvg() * getNoOfOperations();
-      return (long)Math.sqrt((a + b + c)/getNoOfOperations());
-    }
-  }
-
-  public long getAvg()
-  {
-    if (mNoOfOperations == 0) {
-      return -1;
-    } else {
-      return mTimeTaken/mNoOfOperations;
-    }
-  }
-
-  /**
-   * Retrieves number of operations performed.
-   */
-  public long getNoOfOperations()
-  {
-    return mNoOfOperations;
-  }
- 
-  public void incTimeTaken(long c)
-  {
-    if (mMin == -1) {
-      mMin = c;
-    } else {
-      if (c < mMin) {
-        mMin = c;
-      }
-    }
-    if (mMax == -1) {
-      mMax = c;
-    } else {
-      if (c > mMax) {
-        mMax = c;
-      }
-    }
-    mTimeTaken += c;
-    mTimeTakenSqSum += (c * c);
-  }
-
-  /**
-   * Retrieves total time token in msec.
-   */
-  public long getTimeTaken()
-  {
-    return mTimeTaken;
-  }
+public class StatsEvent {
+    private String mName = null;
+    private long mMin = -1;
+    private long mMax = -1;
+    private long mTimeTaken = 0;
+    private long mTimeTakenSqSum = 0;
+    private long mNoOfOperations = 0;
+    private Vector mSubEvents = new Vector();
+    private StatsEvent mParent = null;
+
+    public StatsEvent(StatsEvent parent) {
+        mParent = parent;
+    }
+
+    public void setName(String name) {
+        mName = name;
+    }
+
+    /**
+     * Retrieves Transaction name.
+     */
+    public String getName() {
+        return mName;
+    }
+
+    public void addSubEvent(StatsEvent st) {
+        mSubEvents.addElement(st);
+    }
+
+    /**
+     * Retrieves a list of sub transaction names.
+     */
+    public Enumeration getSubEventNames() {
+        Vector names = new Vector();
+        Enumeration e = mSubEvents.elements();
+        while (e.hasMoreElements()) {
+            StatsEvent st = (StatsEvent) e.nextElement();
+            names.addElement(st.getName());
+        }
+        return names.elements();
+    }
+
+    /**
+     * Retrieves a sub transaction.
+     */
+    public StatsEvent getSubEvent(String name) {
+        Enumeration e = mSubEvents.elements();
+        while (e.hasMoreElements()) {
+            StatsEvent st = (StatsEvent) e.nextElement();
+            if (st.getName().equals(name)) {
+                return st;
+            }
+        }
+        return null;
+    }
+
+    public void resetCounters() {
+        mMin = -1;
+        mMax = -1;
+        mNoOfOperations = 0;
+        mTimeTaken = 0;
+        mTimeTakenSqSum = 0;
+        Enumeration e = getSubEventNames();
+        while (e.hasMoreElements()) {
+            String n = (String) e.nextElement();
+            StatsEvent c = getSubEvent(n);
+            c.resetCounters();
+        }
+    }
+
+    public long getMax() {
+        return mMax;
+    }
+
+    public long getMin() {
+        return mMin;
+    }
+
+    public void incNoOfOperations(long c) {
+        mNoOfOperations += c;
+    }
+
+    public long getTimeTakenSqSum() {
+        return mTimeTakenSqSum;
+    }
+
+    public long getPercentage() {
+        if (mParent == null || mParent.getTimeTaken() == 0) {
+            return 100;
+        } else {
+            return (mTimeTaken * 100 / mParent.getTimeTaken());
+        }
+    }
+
+    public long getStdDev() {
+        if (getNoOfOperations() == 0) {
+            return 0;
+        } else {
+            long a = getTimeTakenSqSum();
+            long b = (-2 * getAvg() * getTimeTaken());
+            long c = getAvg() * getAvg() * getNoOfOperations();
+            return (long) Math.sqrt((a + b + c) / getNoOfOperations());
+        }
+    }
+
+    public long getAvg() {
+        if (mNoOfOperations == 0) {
+            return -1;
+        } else {
+            return mTimeTaken / mNoOfOperations;
+        }
+    }
+
+    /**
+     * Retrieves number of operations performed.
+     */
+    public long getNoOfOperations() {
+        return mNoOfOperations;
+    }
+
+    public void incTimeTaken(long c) {
+        if (mMin == -1) {
+            mMin = c;
+        } else {
+            if (c < mMin) {
+                mMin = c;
+            }
+        }
+        if (mMax == -1) {
+            mMax = c;
+        } else {
+            if (c > mMax) {
+                mMax = c;
+            }
+        }
+        mTimeTaken += c;
+        mTimeTakenSqSum += (c * c);
+    }
+
+    /**
+     * Retrieves total time token in msec.
+     */
+    public long getTimeTaken() {
+        return mTimeTaken;
+    }
 }
diff --git a/pki/base/common/src/com/netscape/cms/authentication/AVAPattern.java b/pki/base/common/src/com/netscape/cms/authentication/AVAPattern.java
index 4cfe9a45..f53e65ea 100644
--- a/pki/base/common/src/com/netscape/cms/authentication/AVAPattern.java
+++ b/pki/base/common/src/com/netscape/cms/authentication/AVAPattern.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.authentication;
 
-
 import java.io.IOException;
 import java.io.PushbackReader;
 import java.io.StringReader;
@@ -36,24 +35,27 @@ import com.netscape.certsrv.apps.CMS;
 import com.netscape.certsrv.authentication.EAuthException;
 import com.netscape.certsrv.authentication.ECompSyntaxErr;
 
-
 /**
- * class for parsing a DN pattern used to construct a certificate 
- * subject name from ldap attributes and dn.<p>
+ * class for parsing a DN pattern used to construct a certificate subject name
+ * from ldap attributes and dn.
+ * <p>
+ * 
+ * dnpattern is a string representing a subject name pattern to formulate from
+ * the directory attributes and entry dn. If empty or not set, the ldap entry DN
+ * will be used as the certificate subject name.
+ * <p>
  * 
- * dnpattern is a string representing a subject name pattern to formulate from 
- * the directory attributes and entry dn. If empty or not set, the 
- * ldap entry DN will be used as the certificate subject name. <p>
+ * The syntax is
  * 
- * The syntax is 
  * <pre>
- *		dnPattern := rdnPattern *[ "," rdnPattern ]
- *		rdnPattern := avaPattern *[ "+" avaPattern ]
+ * 	dnPattern := rdnPattern *[ "," rdnPattern ]
+ * 	rdnPattern := avaPattern *[ "+" avaPattern ]
  * 		avaPattern := name "=" value | 
- *				      name "=" "$attr" "." attrName [ "." attrNumber ] | 
- *				      name "=" "$dn" "." attrName [ "." attrNumber ] | 
- *				 	  "$dn" "." "$rdn" "." number
+ * 			      name "=" "$attr" "." attrName [ "." attrNumber ] | 
+ * 			      name "=" "$dn" "." attrName [ "." attrNumber ] | 
+ * 			 	  "$dn" "." "$rdn" "." number
  * </pre>
+ * 
  * <pre>
  * Example1: <i>E=$attr.mail.1, CN=$attr.cn, OU=$dn.ou.2, O=$dn.o, C=US </i>
  * Ldap entry: dn:  UID=jjames, OU=IS, OU=people, O=acme.org
@@ -80,11 +82,12 @@ import com.netscape.certsrv.authentication.ECompSyntaxErr;
  *     E = the first 'mail' ldap attribute value in user's entry. <br>
  *     CN = the (first) 'cn' ldap attribute value in the user's entry. <br>
  *     OU = the second 'ou' value in the user's entry DN. note multiple AVAs
- *		    in a RDN in this example. <br>
+ * 	    in a RDN in this example. <br>
  *     O = the (first) 'o' value in the user's entry DN. <br>
  *     C = the string "US"
  * <p>
  * </pre>
+ * 
  * <pre>
  * Example3: <i>CN=$attr.cn, $rdn.2, O=$dn.o, C=US</i>
  * Ldap entry: dn:  UID=jjames, OU=IS+OU=people, O=acme.org
@@ -109,15 +112,16 @@ import com.netscape.certsrv.authentication.ECompSyntaxErr;
  * <p>	
  *     CN = the (first) 'cn' ldap attribute value in the user's entry. <br>
  *     OU = the second 'ou' value in the user's entry DN followed by the 
- *			first 'ou' value in the user's entry. note multiple AVAs
- *		    in a RDN in this example. <br>
+ * 		first 'ou' value in the user's entry. note multiple AVAs
+ * 	    in a RDN in this example. <br>
  *     O = the (first) 'o' value in the user's entry DN. <br>
  *     C = the string "US"
  * <p>
  * </pre>
- * If an attribute or subject DN component does not exist the attribute 
- * is skipped.
- *
+ * 
+ * If an attribute or subject DN component does not exist the attribute is
+ * skipped.
+ * 
  * @version $Revision$, $Date$
  */
 class AVAPattern {
@@ -130,8 +134,8 @@ class AVAPattern {
 
     private static final char[] endChars = new char[] { '+', ',' };
 
-    private static final LdapV3DNStrConverter mLdapDNStrConverter = 
-        new LdapV3DNStrConverter();
+    private static final LdapV3DNStrConverter mLdapDNStrConverter =
+            new LdapV3DNStrConverter();
 
     /* ldap attributes needed by this AVA (to retrieve from ldap) */
     protected String[] mLdapAttrs = null;
@@ -140,7 +144,7 @@ class AVAPattern {
     protected String mType = null;
 
     /* the attribute in the AVA pair */
-    protected String mAttr = null; 
+    protected String mAttr = null;
 
     /* value - could be name of an ldap attribute or entry dn attribute. */
     protected String mValue = null;
@@ -151,47 +155,47 @@ class AVAPattern {
     protected String mTestDN = null;
 
     public AVAPattern(String component)
-        throws EAuthException {
-        if (component == null || component.length() == 0) 
+            throws EAuthException {
+        if (component == null || component.length() == 0)
             throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX", component));
         parse(new PushbackReader(new StringReader(component)));
     }
 
-    public AVAPattern(PushbackReader in) 
-        throws EAuthException {
+    public AVAPattern(PushbackReader in)
+            throws EAuthException {
         parse(in);
     }
 
     private void parse(PushbackReader in)
-        throws EAuthException {
+            throws EAuthException {
         int c;
 
         // mark ava beginning.
 
         // skip spaces
-        //System.out.println("============ AVAPattern Begin ===========");
-        //System.out.println("skip spaces");
+        // System.out.println("============ AVAPattern Begin ===========");
+        // System.out.println("skip spaces");
 
         try {
-            while ((c = in.read()) == ' ' || c == '\t') {//System.out.println("spaces read "+(char)c);
+            while ((c = in.read()) == ' ' || c == '\t') {// System.out.println("spaces read "+(char)c);
                 ;
             }
         } catch (IOException e) {
             throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX", "All blank"));
         }
-        if (c == -1) 
+        if (c == -1)
             throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX", "All blank"));
 
-            // $rdn "." number syntax. 
+        // $rdn "." number syntax.
 
         if (c == '$') {
-            //System.out.println("$rdn syntax");
+            // System.out.println("$rdn syntax");
             mType = TYPE_RDN;
             try {
-                if (in.read() != 'r' || 
-                    in.read() != 'd' || 
-                    in.read() != 'n' || 
-                    in.read() != '.') 
+                if (in.read() != 'r' ||
+                        in.read() != 'd' ||
+                        in.read() != 'n' ||
+                        in.read() != '.')
                     throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX", "Invalid $ syntax, expecting $rdn"));
             } catch (IOException e) {
                 throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX", "Invalid $ syntax, expecting $rdn"));
@@ -201,7 +205,7 @@ class AVAPattern {
 
             try {
                 while ((c = in.read()) != ',' && c != -1 && c != '+') {
-                    //System.out.println("rdnNumber read "+(char)c);
+                    // System.out.println("rdnNumber read "+(char)c);
                     rdnNumberBuf.append((char) c);
                 }
                 if (c != -1) // either ',' or '+'
@@ -212,7 +216,7 @@ class AVAPattern {
 
             String rdnNumber = rdnNumberBuf.toString().trim();
 
-            if (rdnNumber.length() == 0) 
+            if (rdnNumber.length() == 0)
                 throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX", "$rdn number not set in ava pattern"));
             try {
                 mElement = Integer.parseInt(rdnNumber) - 1;
@@ -222,20 +226,20 @@ class AVAPattern {
             return;
         }
 
-        // name "=" ... syntax. 
+        // name "=" ... syntax.
 
-        // read name 
-        //System.out.println("reading name");
+        // read name
+        // System.out.println("reading name");
 
-        StringBuffer attrBuf = new StringBuffer(); 
+        StringBuffer attrBuf = new StringBuffer();
 
         try {
             while (c != '=' && c != -1 && c != ',' && c != '+') {
                 attrBuf.append((char) c);
                 c = in.read();
-                //System.out.println("name read "+(char)c);
-            } 
-            if (c == ',' || c == '+') 
+                // System.out.println("name read "+(char)c);
+            }
+            if (c == ',' || c == '+')
                 in.unread(c);
         } catch (IOException e) {
             throw new EAuthException(CMS.getUserMessage("CMS_AUTHENTICATION_INTERNAL_ERROR", e.toString()));
@@ -243,73 +247,73 @@ class AVAPattern {
         if (c != '=')
             throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX", "Missing \"=\" in ava pattern"));
 
-            // read value 
-            //System.out.println("reading value");
+        // read value
+        // System.out.println("reading value");
 
-            // skip spaces 
-            //System.out.println("skip spaces for value");
+        // skip spaces
+        // System.out.println("skip spaces for value");
         try {
-            while ((c = in.read()) == ' ' || c == '\t') {//System.out.println("spaces2 read "+(char)c);
+            while ((c = in.read()) == ' ' || c == '\t') {// System.out.println("spaces2 read "+(char)c);
                 ;
             }
         } catch (IOException e) {
             throw new EAuthException(CMS.getUserMessage("CMS_AUTHENTICATION_INTERNAL_ERROR", e.toString()));
         }
-        if (c == -1) 
+        if (c == -1)
             throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX", "no value after = in ava pattern"));
 
         if (c == '$') {
-            // check for $dn or $attr 
+            // check for $dn or $attr
             try {
                 c = in.read();
-                //System.out.println("check $dn or $attr read "+(char)c);
+                // System.out.println("check $dn or $attr read "+(char)c);
             } catch (IOException e) {
                 throw new EAuthException(CMS.getUserMessage("CMS_AUTHENTICATION_INTERNAL_ERROR", e.toString()));
             }
-            if (c == -1) 
-                throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX", 
+            if (c == -1)
+                throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX",
                             "expecting $dn or $attr in ava pattern"));
             if (c == 'a') {
                 try {
-                    if (in.read() != 't' || 
-                        in.read() != 't' || 
-                        in.read() != 'r' || 
-                        in.read() != '.') 
-                        throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX", 
+                    if (in.read() != 't' ||
+                            in.read() != 't' ||
+                            in.read() != 'r' ||
+                            in.read() != '.')
+                        throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX",
                                     "expecting $attr in ava pattern"));
                 } catch (IOException e) {
                     throw new EAuthException(CMS.getUserMessage("CMS_AUTHENTICATION_INTERNAL_ERROR", e.toString()));
                 }
                 mType = TYPE_ATTR;
-                //System.out.println("---- mtype $attr");
+                // System.out.println("---- mtype $attr");
             } else if (c == 'd') {
                 try {
-                    if (in.read() != 'n' || 
-                        in.read() != '.') 
+                    if (in.read() != 'n' ||
+                            in.read() != '.')
                         throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX",
                                     "expecting $dn in ava pattern"));
                 } catch (IOException e) {
                     throw new EAuthException(CMS.getUserMessage("CMS_AUTHENTICATION_INTERNAL_ERROR", e.toString()));
                 }
                 mType = TYPE_DN;
-                //System.out.println("----- mtype $dn");
+                // System.out.println("----- mtype $dn");
             } else {
-                throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX", 
-                            "unknown keyword. expecting $dn or $attr.")); 
+                throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX",
+                            "unknown keyword. expecting $dn or $attr."));
             }
 
-            // get attr name of dn pattern from above. 
+            // get attr name of dn pattern from above.
             String attrName = attrBuf.toString().trim();
 
-            //System.out.println("----- attrName "+attrName);
-            if (attrName.length() == 0) 
+            // System.out.println("----- attrName "+attrName);
+            if (attrName.length() == 0)
                 throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX", "attribute name expected"));
-            try { 
-                ObjectIdentifier attrOid = 
-                    mLdapDNStrConverter.parseAVAKeyword(attrName); 
+            try {
+                ObjectIdentifier attrOid =
+                        mLdapDNStrConverter.parseAVAKeyword(attrName);
 
-                mAttr = mLdapDNStrConverter.encodeOID(attrOid);		
-                //System.out.println("----- mAttr "+mAttr);
+                mAttr = mLdapDNStrConverter.encodeOID(attrOid);
+                // System.out.println("----- mAttr "+mAttr);
             } catch (IOException e) {
                 throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX", e.getMessage()));
             }
@@ -318,40 +322,40 @@ class AVAPattern {
             StringBuffer valueBuf = new StringBuffer();
 
             try {
-                while ((c = in.read()) != ',' && 
-                    c != -1 && c != '.' && c != '+') {
-                    //System.out.println("mValue read "+(char)c);
+                while ((c = in.read()) != ',' &&
+                        c != -1 && c != '.' && c != '+') {
+                    // System.out.println("mValue read "+(char)c);
                     valueBuf.append((char) c);
                 }
                 if (c == '+' || c == ',') // either ',' or '+'
-                    in.unread(c); // pushback last , or + 
+                    in.unread(c); // pushback last , or +
             } catch (IOException e) {
                 throw new EAuthException(CMS.getUserMessage("CMS_AUTHENTICATION_INTERNAL_ERROR", e.toString()));
             }
 
             mValue = valueBuf.toString().trim();
-            if (mValue.length() == 0) 
+            if (mValue.length() == 0)
                 throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX",
                             "$dn or $attr attribute name expected"));
-                //System.out.println("----- mValue "+mValue);
+            // System.out.println("----- mValue "+mValue);
 
-                // get nth dn or attribute from ldap search.
+            // get nth dn or attribute from ldap search.
             if (c == '.') {
                 StringBuffer attrNumberBuf = new StringBuffer();
 
                 try {
                     while ((c = in.read()) != ',' && c != -1 && c != '+') {
-                        //System.out.println("mElement read "+(char)c);
+                        // System.out.println("mElement read "+(char)c);
                         attrNumberBuf.append((char) c);
                     }
                     if (c != -1) // either ',' or '+'
-                        in.unread(c);  // pushback last , or +
+                        in.unread(c); // pushback last , or +
                 } catch (IOException e) {
                     throw new EAuthException(CMS.getUserMessage("CMS_AUTHENTICATION_INTERNAL_ERROR", e.toString()));
                 }
                 String attrNumber = attrNumberBuf.toString().trim();
 
-                if (attrNumber.length() == 0) 
+                if (attrNumber.length() == 0)
                     throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX",
                                 "nth element $dn or $attr expected"));
                 try {
@@ -361,18 +365,18 @@ class AVAPattern {
                                 "Invalid format in nth element $dn or $attr"));
                 }
             }
-            //System.out.println("----- mElement "+mElement);
+            // System.out.println("----- mElement "+mElement);
         } else {
             // value is constant. treat as regular ava.
             mType = TYPE_CONSTANT;
-            //System.out.println("----- mType constant");
-            // parse ava value. 
+            // System.out.println("----- mType constant");
+            // parse ava value.
             StringBuffer valueBuf = new StringBuffer();
 
             valueBuf.append((char) c);
             try {
                 while ((c = in.read()) != ',' &&
-                    c != -1) {
+                        c != -1) {
                     valueBuf.append((char) c);
                 }
                 if (c == '+' || c == ',') { // either ',' or '+'
@@ -381,11 +385,11 @@ class AVAPattern {
             } catch (IOException e) {
                 throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX", e.getMessage()));
             }
-            try { 
-                AVA ava = mLdapDNStrConverter.parseAVA(attrBuf + "=" + valueBuf); 
+            try {
+                AVA ava = mLdapDNStrConverter.parseAVA(attrBuf + "=" + valueBuf);
 
                 mValue = ava.toLdapDNString();
-                //System.out.println("----- mValue "+mValue);
+                // System.out.println("----- mValue "+mValue);
             } catch (IOException e) {
                 throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX", e.getMessage()));
             }
@@ -393,19 +397,19 @@ class AVAPattern {
     }
 
     public String formAVA(LDAPEntry entry)
-        throws EAuthException {
-        if (mType == TYPE_CONSTANT) 
+            throws EAuthException {
+        if (mType == TYPE_CONSTANT)
             return mValue;
 
         if (mType == TYPE_RDN) {
             String dn = entry.getDN();
 
-            if (mTestDN != null) 
+            if (mTestDN != null)
                 dn = mTestDN;
-                //System.out.println("AVAPattern Using dn "+mTestDN);
+            // System.out.println("AVAPattern Using dn "+mTestDN);
             String[] rdns = LDAPDN.explodeDN(dn, false);
 
-            if (mElement >= rdns.length) 
+            if (mElement >= rdns.length)
                 return null;
             return rdns[mElement];
         }
@@ -413,9 +417,9 @@ class AVAPattern {
         if (mType == TYPE_DN) {
             String dn = entry.getDN();
 
-            if (mTestDN != null) 
+            if (mTestDN != null)
                 dn = mTestDN;
-                //System.out.println("AVAPattern Using dn "+mTestDN);
+            // System.out.println("AVAPattern Using dn "+mTestDN);
             String[] rdns = LDAPDN.explodeDN(dn, false);
             String value = null;
             int nFound = -1;
@@ -426,14 +430,14 @@ class AVAPattern {
                 for (int j = 0; j < avas.length; j++) {
                     String[] exploded = explodeAVA(avas[j]);
 
-                    if (exploded[0].equalsIgnoreCase(mValue) && 
-                        ++nFound == mElement) {
+                    if (exploded[0].equalsIgnoreCase(mValue) &&
+                            ++nFound == mElement) {
                         value = exploded[1];
                         break;
                     }
                 }
             }
-            if (value == null) 
+            if (value == null)
                 return null;
             return mAttr + "=" + value;
         }
@@ -441,11 +445,11 @@ class AVAPattern {
         if (mType == TYPE_ATTR) {
             LDAPAttribute ldapAttr = entry.getAttribute(mValue);
 
-            if (ldapAttr == null) 
+            if (ldapAttr == null)
                 return null;
             String value = null;
             @SuppressWarnings("unchecked")
-			Enumeration<String> ldapValues = ldapAttr.getStringValues();
+            Enumeration<String> ldapValues = ldapAttr.getStringValues();
 
             for (int i = 0; ldapValues.hasMoreElements(); i++) {
                 String val = (String) ldapValues.nextElement();
@@ -455,7 +459,7 @@ class AVAPattern {
                     break;
                 }
             }
-            if (value == null) 
+            if (value == null)
                 return null;
             String v = escapeLdapString(value);
 
@@ -486,16 +490,16 @@ class AVAPattern {
                 int k = i + 1;
 
                 if (i == len - 1 ||
-                    (c[k] == ',' || c[k] == '=' || c[k] == '+' || c[k] == '<' ||
-                        c[k] == '>' || c[k] == '#' || c[k] == ';')) {
+                        (c[k] == ',' || c[k] == '=' || c[k] == '+' || c[k] == '<' ||
+                                c[k] == '>' || c[k] == '#' || c[k] == ';')) {
                     newc[j++] = '\\';
                     newc[j++] = c[i];
                 }
             } // escape QUOTATION
             else if (c[i] == '"') {
-                if ((i == 0 && c[len - 1] != '"') || 
-                    (i == len - 1 && c[0] != '"') || 
-                    (i > 0 && i < len - 1)) {
+                if ((i == 0 && c[len - 1] != '"') ||
+                        (i == len - 1 && c[0] != '"') ||
+                        (i > 0 && i < len - 1)) {
                     newc[j++] = '\\';
                     newc[j++] = c[i];
                 }
@@ -513,20 +517,19 @@ class AVAPattern {
     }
 
     /**
-     * Explode RDN into AVAs. 
-     * Does not handle escaped '+' 
-     * Java ldap library does not yet support multiple avas per rdn.
-     * If RDN is malformed returns empty array. 
+     * Explode RDN into AVAs. Does not handle escaped '+' Java ldap library does
+     * not yet support multiple avas per rdn. If RDN is malformed returns empty
+     * array.
      */
     public static String[] explodeRDN(String rdn) {
         int plus = rdn.indexOf('+');
 
-        if (plus == -1) 
+        if (plus == -1)
             return new String[] { rdn };
         Vector<String> avas = new Vector<String>();
         StringTokenizer token = new StringTokenizer(rdn, "+");
 
-        while (token.hasMoreTokens()) 
+        while (token.hasMoreTokens())
             avas.addElement(token.nextToken());
         String[] theAvas = new String[avas.size()];
 
@@ -535,17 +538,15 @@ class AVAPattern {
     }
 
     /**
-     * Explode AVA into name and value. 
-     * Does not handle escaped '='
-     * If AVA is malformed empty array is returned.
+     * Explode AVA into name and value. Does not handle escaped '=' If AVA is
+     * malformed empty array is returned.
      */
     public static String[] explodeAVA(String ava) {
         int equals = ava.indexOf('=');
 
-        if (equals == -1) 
+        if (equals == -1)
             return null;
         return new String[] {
-                ava.substring(0, equals).trim(), ava.substring(equals + 1).trim()};
+                ava.substring(0, equals).trim(), ava.substring(equals + 1).trim() };
     }
 }
-
diff --git a/pki/base/common/src/com/netscape/cms/authentication/AgentCertAuthentication.java b/pki/base/common/src/com/netscape/cms/authentication/AgentCertAuthentication.java
index 270d1fa2..d248c476 100644
--- a/pki/base/common/src/com/netscape/cms/authentication/AgentCertAuthentication.java
+++ b/pki/base/common/src/com/netscape/cms/authentication/AgentCertAuthentication.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.authentication;
 
-
 import java.security.cert.CertificateException;
 import java.security.cert.X509Certificate;
 import java.util.Enumeration;
@@ -48,16 +47,14 @@ import com.netscape.certsrv.usrgrp.ICertUserLocator;
 import com.netscape.certsrv.usrgrp.IUGSubsystem;
 import com.netscape.certsrv.usrgrp.IUser;
 
-
 /**
- * Certificate server agent authentication.  
- * Maps a SSL client authenticate certificate to a user (agent) entry in the 
- * internal database. 
+ * Certificate server agent authentication. Maps a SSL client authenticate
+ * certificate to a user (agent) entry in the internal database.
  * <P>
- *
+ * 
  * @version $Revision$, $Date$
  */
-public class AgentCertAuthentication implements IAuthManager, 
+public class AgentCertAuthentication implements IAuthManager,
         IProfileAuthenticator {
 
     /* result auth token attributes */
@@ -91,14 +88,15 @@ public class AgentCertAuthentication implements IAuthManager,
     /**
      * initializes the CertUserDBAuthentication auth manager
      * <p>
-     * called by AuthSubsystem init() method, when initializing
-     * all available authentication managers.
+     * called by AuthSubsystem init() method, when initializing all available
+     * authentication managers.
+     * 
      * @param name The name of this authentication manager instance.
      * @param implName The name of the authentication manager plugin.
      * @param config The configuration store for this authentication manager.
      */
     public void init(String name, String implName, IConfigStore config)
-        throws EBaseException {
+            throws EBaseException {
         mName = name;
         mImplName = implName;
         mConfig = config;
@@ -106,7 +104,7 @@ public class AgentCertAuthentication implements IAuthManager,
         mUGSub = (IUGSubsystem) CMS.getSubsystem(CMS.SUBSYSTEM_UG);
         mCULocator = mUGSub.getCertUserLocator();
     }
- 
+
     /**
      * Gets the name of this authentication manager.
      */
@@ -120,7 +118,7 @@ public class AgentCertAuthentication implements IAuthManager,
     public String getImplName() {
         return mImplName;
     }
- 
+
     public boolean isSSLClientRequired() {
         return true;
     }
@@ -128,29 +126,30 @@ public class AgentCertAuthentication implements IAuthManager,
     /**
      * authenticates user(agent) by certificate
      * <p>
-     * called by other subsystems or their servlets to authenticate
-     *	 users (agents)
-     * @param authCred - authentication credential that contains
-     *	 an usrgrp.Certificates of the user (agent)
+     * called by other subsystems or their servlets to authenticate users
+     * (agents)
+     * 
+     * @param authCred - authentication credential that contains an
+     *            usrgrp.Certificates of the user (agent)
      * @return the authentication token that contains the following
-     *
+     * 
      * @exception EMissingCredential If a required credential for this
-     * authentication manager is missing.
+     *                authentication manager is missing.
      * @exception EInvalidCredentials If credentials cannot be authenticated.
      * @exception EBaseException If an internal error occurred.
      * @see com.netscape.certsrv.authentication.AuthToken
      * @see com.netscape.certsrv.usrgrp.Certificates
      */
     public IAuthToken authenticate(IAuthCredentials authCred)
-        throws EMissingCredential, EInvalidCredentials, EBaseException {
-      
+            throws EMissingCredential, EInvalidCredentials, EBaseException {
+
         CMS.debug("AgentCertAuthentication: start");
-        CMS.debug("authenticator instance name is "+getName());
+        CMS.debug("authenticator instance name is " + getName());
 
         // force SSL handshake
         SessionContext context = SessionContext.getExistingContext();
         ISSLClientCertProvider provider = (ISSLClientCertProvider)
-            context.get("sslClientCertProvider");
+                context.get("sslClientCertProvider");
 
         if (provider == null) {
             CMS.debug("AgentCertAuthentication: No SSL Client Cert Provider Found");
@@ -185,15 +184,15 @@ public class AgentCertAuthentication implements IAuthManager,
         // check if certificate(s) is revoked
         boolean checkRevocation = true;
         try {
-           checkRevocation = mConfig.getBoolean("checkRevocation", true);
+            checkRevocation = mConfig.getBoolean("checkRevocation", true);
         } catch (EBaseException e) {
-           // do nothing; default to true
+            // do nothing; default to true
         }
         if (checkRevocation) {
-          if (CMS.isRevoked(ci)) {
-             CMS.debug("AgentCertAuthentication: certificate revoked");
-             throw new EInvalidCredentials(CMS.getUserMessage("CMS_AUTHENTICATION_INVALID_CREDENTIAL"));
-          }
+            if (CMS.isRevoked(ci)) {
+                CMS.debug("AgentCertAuthentication: certificate revoked");
+                throw new EInvalidCredentials(CMS.getUserMessage("CMS_AUTHENTICATION_INVALID_CREDENTIAL"));
+            }
         }
 
         // map cert to user
@@ -205,11 +204,11 @@ public class AgentCertAuthentication implements IAuthManager,
         } catch (EUsrGrpException e) {
             throw new EInvalidCredentials(CMS.getUserMessage("CMS_AUTHENTICATION_INVALID_CREDENTIAL"));
         } catch (netscape.ldap.LDAPException e) {
-            throw new EBaseException(CMS.getUserMessage("CMS_BASE_INTERNAL_ERROR", 
+            throw new EBaseException(CMS.getUserMessage("CMS_BASE_INTERNAL_ERROR",
                         e.toString()));
         }
 
-        // any unexpected error occurs like internal db down, 
+        // any unexpected error occurs like internal db down,
         // UGSubsystem only returns null for user.
         if (user == null) {
             throw new EInvalidCredentials(CMS.getUserMessage("CMS_AUTHENTICATION_INVALID_CREDENTIAL"));
@@ -219,16 +218,16 @@ public class AgentCertAuthentication implements IAuthManager,
         IConfigStore sconfig = CMS.getConfigStore();
         String groupname = "";
         try {
-            groupname = sconfig.getString("auths.instance."+ getName() +".agentGroup", 
-              "");
+            groupname = sconfig.getString("auths.instance." + getName() + ".agentGroup",
+                    "");
         } catch (EBaseException ee) {
         }
 
         if (!groupname.equals("")) {
-            CMS.debug("check if "+user.getUserID()+" is  in group "+groupname);
-            IUGSubsystem uggroup = (IUGSubsystem)CMS.getSubsystem(CMS.SUBSYSTEM_UG);
+            CMS.debug("check if " + user.getUserID() + " is  in group " + groupname);
+            IUGSubsystem uggroup = (IUGSubsystem) CMS.getSubsystem(CMS.SUBSYSTEM_UG);
             if (!uggroup.isMemberOf(user, groupname)) {
-                CMS.debug(user.getUserID()+" is not in this group "+groupname);
+                CMS.debug(user.getUserID() + " is not in this group " + groupname);
                 throw new EInvalidCredentials(CMS.getUserMessage("CMS_AUTHORIZATION_ERROR"));
             }
         }
@@ -237,7 +236,7 @@ public class AgentCertAuthentication implements IAuthManager,
         authToken.set(TOKEN_USERID, user.getUserID());
         authToken.set(TOKEN_UID, user.getUserID());
         authToken.set(TOKEN_GROUP, groupname);
-        authToken.set(CRED_CERT, certs);  
+        authToken.set(CRED_CERT, certs);
 
         CMS.debug("AgentCertAuthentication: authenticated " + user.getUserDN());
 
@@ -245,11 +244,12 @@ public class AgentCertAuthentication implements IAuthManager,
     }
 
     /**
-     * get the list of authentication credential attribute names
-     *	 required by this authentication manager. Generally used by
-     *	 the servlets that handle agent operations to authenticate its
-     *	 users.  It calls this method to know which are the
-     *	 required credentials from the user (e.g. Javascript form data)
+     * get the list of authentication credential attribute names required by
+     * this authentication manager. Generally used by the servlets that handle
+     * agent operations to authenticate its users. It calls this method to know
+     * which are the required credentials from the user (e.g. Javascript form
+     * data)
+     * 
      * @return attribute names in Vector
      */
     public String[] getRequiredCreds() {
@@ -257,15 +257,15 @@ public class AgentCertAuthentication implements IAuthManager,
     }
 
     /**
-     * get the list of configuration parameter names
-     *	 required by this authentication manager.  Generally used by
-     *	 the Certificate Server Console to display the table for
-     *	 configuration purposes.  CertUserDBAuthentication is currently not
-     *	 exposed in this case, so this method is not to be used.
-     * @return configuration parameter names in Hashtable of Vectors
-     *	 where each hashtable entry's key is the substore name, value is a
-     * Vector of parameter names.  If no substore, the parameter name
-     *	 is the Hashtable key itself, with value same as key.
+     * get the list of configuration parameter names required by this
+     * authentication manager. Generally used by the Certificate Server Console
+     * to display the table for configuration purposes. CertUserDBAuthentication
+     * is currently not exposed in this case, so this method is not to be used.
+     * 
+     * @return configuration parameter names in Hashtable of Vectors where each
+     *         hashtable entry's key is the substore name, value is a Vector of
+     *         parameter names. If no substore, the parameter name is the
+     *         Hashtable key itself, with value same as key.
      */
     public String[] getConfigParams() {
         return (mConfigParams);
@@ -278,8 +278,8 @@ public class AgentCertAuthentication implements IAuthManager,
     }
 
     /**
-     * gets the configuretion substore used by this authentication
-     *  manager
+     * gets the configuretion substore used by this authentication manager
+     * 
      * @return configuration store
      */
     public IConfigStore getConfigStore() {
@@ -289,7 +289,7 @@ public class AgentCertAuthentication implements IAuthManager,
     // Profile-related methods
 
     public void init(IProfile profile, IConfigStore config)
-        throws EProfileException {
+            throws EProfileException {
     }
 
     /**
@@ -318,14 +318,13 @@ public class AgentCertAuthentication implements IAuthManager,
     }
 
     /**
-     * Retrieves the descriptor of the given value
-     * parameter by name.
+     * Retrieves the descriptor of the given value parameter by name.
      */
     public IDescriptor getValueDescriptor(Locale locale, String name) {
         return null;
     }
 
     public void populate(IAuthToken token, IRequest request)
-        throws EProfileException {
+            throws EProfileException {
     }
 }
diff --git a/pki/base/common/src/com/netscape/cms/authentication/CMCAuth.java b/pki/base/common/src/com/netscape/cms/authentication/CMCAuth.java
index fef68c1c..a499796a 100644
--- a/pki/base/common/src/com/netscape/cms/authentication/CMCAuth.java
+++ b/pki/base/common/src/com/netscape/cms/authentication/CMCAuth.java
@@ -20,7 +20,6 @@
 
 package com.netscape.cms.authentication;
 
-
 ///////////////////////
 // import statements //
 ///////////////////////
@@ -101,142 +100,137 @@ import com.netscape.cmsutil.util.Utils;
 /**
  * UID/CMC authentication plug-in
  * <P>
- *
+ * 
  * @version $Revision$, $Date$
  */
 public class CMCAuth implements IAuthManager, IExtendedPluginInfo,
         IProfileAuthenticator {
 
-    ////////////////////////
+    // //////////////////////
     // default parameters //
-    ////////////////////////
-    
-    
-    
-    /////////////////////////////
+    // //////////////////////
+
+    // ///////////////////////////
     // IAuthManager parameters //
-    /////////////////////////////
-    
+    // ///////////////////////////
+
     /* authentication plug-in configuration store */
     private IConfigStore mConfig;
     private static final String HEADER = "-----BEGIN NEW CERTIFICATE REQUEST-----";
     private static final String TRAILER = "-----END NEW CERTIFICATE REQUEST-----";
-    public static final String TOKEN_CERT_SERIAL = "certSerialToRevoke";    
+    public static final String TOKEN_CERT_SERIAL = "certSerialToRevoke";
     public static final String REASON_CODE = "reasonCode";
     /* authentication plug-in name */
     private String mImplName = null;
-    
+
     /* authentication plug-in instance name */
     private String mName = null;
-    
+
     /* authentication plug-in fields */
-    
-    
-    
-    /* Holds authentication plug-in fields accepted by this implementation.
-     * This list is passed to the configuration console so configuration
-     * for instances of this implementation can be configured through the
-     * console.
+
+    /*
+     * Holds authentication plug-in fields accepted by this implementation. This
+     * list is passed to the configuration console so configuration for
+     * instances of this implementation can be configured through the console.
      */
     protected static String[] mConfigParams =
-        new String[] {};
-    
+            new String[] {};
+
     /* authentication plug-in values */
-    
+
     /* authentication plug-in properties */
-    
-    
+
     /* required credentials to authenticate. UID and CMC are strings. */
     public static final String CRED_CMC = "cmcRequest";
-    
+
     protected static String[] mRequiredCreds = {};
-    
-    ////////////////////////////////////
+
+    // //////////////////////////////////
     // IExtendedPluginInfo parameters //
-    ////////////////////////////////////
-    
+    // //////////////////////////////////
+
     /* Vector of extendedPluginInfo strings */
     protected static Vector mExtendedPluginInfo = null;
-    //public static final String AGENT_AUTHMGR_ID = "agentAuthMgr";
-    //public static final String AGENT_PLUGIN_ID = "agentAuthPlugin";
-    
-    
+    // public static final String AGENT_AUTHMGR_ID = "agentAuthMgr";
+    // public static final String AGENT_PLUGIN_ID = "agentAuthPlugin";
+
     /* actual help messages */
     static {
         mExtendedPluginInfo = new Vector();
-        
+
         mExtendedPluginInfo.add(IExtendedPluginInfo.HELP_TEXT +
-            ";Authenticate the CMC request. The signer must be an agent. The \"Authentication Instance ID\" must be named \"CMCAuth\"");
+                ";Authenticate the CMC request. The signer must be an agent. The \"Authentication Instance ID\" must be named \"CMCAuth\"");
         mExtendedPluginInfo.add(IExtendedPluginInfo.HELP_TOKEN +
-            ";configuration-authentication");
+                ";configuration-authentication");
     }
-    
-    ///////////////////////
+
+    // /////////////////////
     // Logger parameters //
-    ///////////////////////
-    
+    // /////////////////////
+
     /* the system's logger */
     private ILogger mLogger = CMS.getLogger();
-    
+
     /* signed audit parameters */
     private ILogger mSignedAuditLogger = CMS.getSignedAuditLogger();
     private final static String SIGNED_AUDIT_ENROLLMENT_REQUEST_TYPE =
-        "enrollment";
+            "enrollment";
     private final static String SIGNED_AUDIT_REVOCATION_REQUEST_TYPE =
-        "revocation";
-    private final static String
-        LOGGING_SIGNED_AUDIT_CMC_SIGNED_REQUEST_SIG_VERIFY =
-        "LOGGING_SIGNED_AUDIT_CMC_SIGNED_REQUEST_SIG_VERIFY_5";
+            "revocation";
+    private final static String LOGGING_SIGNED_AUDIT_CMC_SIGNED_REQUEST_SIG_VERIFY =
+            "LOGGING_SIGNED_AUDIT_CMC_SIGNED_REQUEST_SIG_VERIFY_5";
 
-    /////////////////////
+    // ///////////////////
     // default methods //
-    /////////////////////
-    
+    // ///////////////////
+
     /**
      * Default constructor, initialization must follow.
      */
     public CMCAuth() {
     }
-    
-    //////////////////////////
+
+    // ////////////////////////
     // IAuthManager methods //
-    //////////////////////////
-    
+    // ////////////////////////
+
     /**
      * Initializes the CMCAuth authentication plug-in.
      * <p>
+     * 
      * @param name The name for this authentication plug-in instance.
      * @param implName The name of the authentication plug-in.
      * @param config - The configuration store for this instance.
      * @exception EBaseException If an error occurs during initialization.
      */
     public void init(String name, String implName, IConfigStore config)
-        throws EBaseException {
+            throws EBaseException {
         mName = name;
         mImplName = implName;
         mConfig = config;
-        
+
         log(ILogger.LL_INFO, "Initialization complete!");
     }
-    
+
     /**
-     * Authenticates user by their CMC;
-     * resulting AuthToken sets a TOKEN_SUBJECT for the subject name.
+     * Authenticates user by their CMC; resulting AuthToken sets a TOKEN_SUBJECT
+     * for the subject name.
      * <P>
-     *
+     * 
      * <ul>
-     * <li>signed.audit LOGGING_SIGNED_AUDIT_CMC_SIGNED_REQUEST_SIG_VERIFY
-     * used when CMC (agent-pre-signed) cert requests or revocation requests
-     * are submitted and signature is verified
+     * <li>signed.audit LOGGING_SIGNED_AUDIT_CMC_SIGNED_REQUEST_SIG_VERIFY used
+     * when CMC (agent-pre-signed) cert requests or revocation requests are
+     * submitted and signature is verified
      * </ul>
+     * 
      * @param authCred Authentication credentials, CRED_UID and CRED_CMC.
      * @return an AuthToken
-     * @exception com.netscape.certsrv.authentication.EMissingCredential
-     *            If a required authentication credential is missing.
-     * @exception com.netscape.certsrv.authentication.EInvalidCredentials
-     *            If credentials failed authentication.
-     * @exception com.netscape.certsrv.base.EBaseException
-     *            If an internal error occurred.
+     * @exception com.netscape.certsrv.authentication.EMissingCredential If a
+     *                required authentication credential is missing.
+     * @exception com.netscape.certsrv.authentication.EInvalidCredentials If
+     *                credentials failed authentication.
+     * @exception com.netscape.certsrv.base.EBaseException If an internal error
+     *                occurred.
      * @see com.netscape.certsrv.authentication.AuthToken
      */
     public IAuthToken authenticate(IAuthCredentials authCred) throws EMissingCredential, EInvalidCredentials, EBaseException {
@@ -245,13 +239,13 @@ public class CMCAuth implements IAuthManager, IExtendedPluginInfo,
         String auditReqType = ILogger.UNIDENTIFIED;
         String auditCertSubject = ILogger.UNIDENTIFIED;
         String auditSignerInfo = ILogger.UNIDENTIFIED;
-        
+
         // ensure that any low-level exceptions are reported
         // to the signed audit log and stored as failures
         try {
             // get the CMC.
 
-            Object argblock = (Object)(authCred.getArgBlock());
+            Object argblock = (Object) (authCred.getArgBlock());
             Object returnVal = null;
             if (argblock == null) {
                 returnVal = authCred.get("cert_request");
@@ -266,140 +260,139 @@ public class CMCAuth implements IAuthManager, IExtendedPluginInfo,
             if (cmc == null) {
                 // store a message in the signed audit log file
                 auditMessage = CMS.getLogMessage(
-                    LOGGING_SIGNED_AUDIT_CMC_SIGNED_REQUEST_SIG_VERIFY,
-                    auditSubjectID,
-                    ILogger.FAILURE,
-                    auditReqType,
-                    auditCertSubject,
-                    auditSignerInfo );
+                        LOGGING_SIGNED_AUDIT_CMC_SIGNED_REQUEST_SIG_VERIFY,
+                        auditSubjectID,
+                        ILogger.FAILURE,
+                        auditReqType,
+                        auditCertSubject,
+                        auditSignerInfo);
 
-                audit( auditMessage );
+                audit(auditMessage);
 
                 throw new EMissingCredential(CMS.getUserMessage(
-                    "CMS_AUTHENTICATION_NULL_CREDENTIAL",CRED_CMC));
+                        "CMS_AUTHENTICATION_NULL_CREDENTIAL", CRED_CMC));
             }
 
             if (cmc.equals("")) {
                 log(ILogger.LL_FAILURE,
-                    "cmc : attempted login with empty CMC.");
+                        "cmc : attempted login with empty CMC.");
 
                 // store a message in the signed audit log file
                 auditMessage = CMS.getLogMessage(
-                    LOGGING_SIGNED_AUDIT_CMC_SIGNED_REQUEST_SIG_VERIFY,
-                    auditSubjectID,
-                    ILogger.FAILURE,
-                    auditReqType,
-                    auditCertSubject,
-                    auditSignerInfo );
+                        LOGGING_SIGNED_AUDIT_CMC_SIGNED_REQUEST_SIG_VERIFY,
+                        auditSubjectID,
+                        ILogger.FAILURE,
+                        auditReqType,
+                        auditCertSubject,
+                        auditSignerInfo);
 
-                audit( auditMessage );
+                audit(auditMessage);
 
                 throw new EInvalidCredentials(CMS.getUserMessage(
-                    "CMS_AUTHENTICATION_INVALID_CREDENTIAL"));
+                        "CMS_AUTHENTICATION_INVALID_CREDENTIAL"));
             }
-        
+
             // authenticate by checking CMC.
-        
+
             // everything OK.
             // now formulate the certificate info.
             // set the subject name at a minimum.
             // set anything else like version, extensions, etc.
             // if nothing except subject name is set the rest of
             // cert info will be filled in by policies and CA defaults.
-        
+
             AuthToken authToken = new AuthToken(this);
-        
+
             try {
                 String asciiBASE64Blob;
-                
+
                 int startIndex = cmc.indexOf(HEADER);
                 int endIndex = cmc.indexOf(TRAILER);
-                if (startIndex!= -1 && endIndex!=-1) {
+                if (startIndex != -1 && endIndex != -1) {
                     startIndex = startIndex + HEADER.length();
-                    asciiBASE64Blob=cmc.substring(startIndex, endIndex);
-                }else
+                    asciiBASE64Blob = cmc.substring(startIndex, endIndex);
+                } else
                     asciiBASE64Blob = cmc;
 
-
                 byte[] cmcBlob = CMS.AtoB(asciiBASE64Blob);
-                ByteArrayInputStream cmcBlobIn= new
+                ByteArrayInputStream cmcBlobIn = new
                                                  ByteArrayInputStream(cmcBlob);
-            
+
                 org.mozilla.jss.pkix.cms.ContentInfo cmcReq =
-                    (org.mozilla.jss.pkix.cms.ContentInfo)
-                    org.mozilla.jss.pkix.cms.ContentInfo.getTemplate().decode(
-                        cmcBlobIn);
+                        (org.mozilla.jss.pkix.cms.ContentInfo)
+                        org.mozilla.jss.pkix.cms.ContentInfo.getTemplate().decode(
+                                cmcBlobIn);
 
-                if(!cmcReq.getContentType().equals(
-                    org.mozilla.jss.pkix.cms.ContentInfo.SIGNED_DATA) ||
-                    !cmcReq.hasContent()) {
+                if (!cmcReq.getContentType().equals(
+                        org.mozilla.jss.pkix.cms.ContentInfo.SIGNED_DATA) ||
+                        !cmcReq.hasContent()) {
                     // store a message in the signed audit log file
                     auditMessage = CMS.getLogMessage(
-                        LOGGING_SIGNED_AUDIT_CMC_SIGNED_REQUEST_SIG_VERIFY,
-                        auditSubjectID,
-                        ILogger.FAILURE,
-                        auditReqType,
-                        auditCertSubject,
-                        auditSignerInfo );
+                            LOGGING_SIGNED_AUDIT_CMC_SIGNED_REQUEST_SIG_VERIFY,
+                            auditSubjectID,
+                            ILogger.FAILURE,
+                            auditReqType,
+                            auditCertSubject,
+                            auditSignerInfo);
 
-                    audit( auditMessage );
+                    audit(auditMessage);
 
                     // throw new ECMSGWException(CMSGWResources.NO_CMC_CONTENT);
 
                     throw new EBaseException("NO_CMC_CONTENT");
                 }
-            
+
                 SignedData cmcFullReq = (SignedData)
                                         cmcReq.getInterpretedContent();
-            
+
                 IConfigStore cmc_config = CMS.getConfigStore();
                 boolean checkSignerInfo =
-                    cmc_config.getBoolean("cmc.signerInfo.verify", true);
+                        cmc_config.getBoolean("cmc.signerInfo.verify", true);
                 String userid = "defUser";
                 String uid = "defUser";
                 if (checkSignerInfo) {
-                    IAuthToken agentToken = verifySignerInfo(authToken,cmcFullReq);
+                    IAuthToken agentToken = verifySignerInfo(authToken, cmcFullReq);
                     userid = agentToken.getInString("userid");
                     uid = agentToken.getInString("cn");
                 } else {
                     CMS.debug("CMCAuth: authenticate() signerInfo verification bypassed");
                 }
                 // reset value of auditSignerInfo
-                if( uid != null ) {
+                if (uid != null) {
                     auditSignerInfo = uid.trim();
                 }
 
                 EncapsulatedContentInfo ci = cmcFullReq.getContentInfo();
-            
+
                 OBJECT_IDENTIFIER id = ci.getContentType();
 
                 if (!id.equals(OBJECT_IDENTIFIER.id_cct_PKIData) ||
-                    !ci.hasContent()) {
+                        !ci.hasContent()) {
                     // store a message in the signed audit log file
                     auditMessage = CMS.getLogMessage(
-                        LOGGING_SIGNED_AUDIT_CMC_SIGNED_REQUEST_SIG_VERIFY,
-                        auditSubjectID,
-                        ILogger.FAILURE,
-                        auditReqType,
-                        auditCertSubject,
-                        auditSignerInfo );
+                            LOGGING_SIGNED_AUDIT_CMC_SIGNED_REQUEST_SIG_VERIFY,
+                            auditSubjectID,
+                            ILogger.FAILURE,
+                            auditReqType,
+                            auditCertSubject,
+                            auditSignerInfo);
 
-                    audit( auditMessage );
+                    audit(auditMessage);
 
-                    //  throw new ECMSGWException(
+                    // throw new ECMSGWException(
                     // CMSGWResources.NO_PKIDATA);
 
                     throw new EBaseException("NO_PKIDATA");
                 }
-            
+
                 OCTET_STRING content = ci.getContent();
-            
+
                 ByteArrayInputStream s = new
-                    ByteArrayInputStream(content.toByteArray());
+                        ByteArrayInputStream(content.toByteArray());
                 PKIData pkiData = (PKIData) (new PKIData.Template()).decode(s);
-            
+
                 SEQUENCE reqSequence = pkiData.getReqSequence();
-            
+
                 int numReqs = reqSequence.size();
 
                 if (numReqs == 0) {
@@ -414,14 +407,14 @@ public class CMCAuth implements IAuthManager, IExtendedPluginInfo,
                     if (controlSize > 0) {
                         for (int i = 0; i < controlSize; i++) {
                             TaggedAttribute taggedAttribute =
-                                (TaggedAttribute) controlSequence.elementAt(i);
+                                    (TaggedAttribute) controlSequence.elementAt(i);
                             OBJECT_IDENTIFIER type = taggedAttribute.getType();
 
-                            if( type.equals(
-                                OBJECT_IDENTIFIER.id_cmc_revokeRequest)) {
+                            if (type.equals(
+                                    OBJECT_IDENTIFIER.id_cmc_revokeRequest)) {
                                 // if( i ==1 ) {
-                                //     taggedAttribute.getType() ==
-                                //       OBJECT_IDENTIFIER.id_cmc_revokeRequest
+                                // taggedAttribute.getType() ==
+                                // OBJECT_IDENTIFIER.id_cmc_revokeRequest
                                 // }
 
                                 SET values = taggedAttribute.getValues();
@@ -430,50 +423,48 @@ public class CMCAuth implements IAuthManager, IExtendedPluginInfo,
 
                                 bigIntArray = new BigInteger[numVals];
                                 for (int j = 0; j < numVals; j++) {
-                                    // serialNumber    INTEGER
-                                
+                                    // serialNumber INTEGER
+
                                     // SEQUENCE RevRequest = (SEQUENCE)
-                                    //     values.elementAt(j);
+                                    // values.elementAt(j);
                                     byte[] encoded = ASN1Util.encode(
-                                        values.elementAt(j));
-                                    org.mozilla.jss.asn1.ASN1Template
-                                        template = new 
-                                        org.mozilla.jss.pkix.cmmf.RevRequest.Template();
-                                    org.mozilla.jss.pkix.cmmf.RevRequest
-                                        revRequest =
-                                        (org.mozilla.jss.pkix.cmmf.RevRequest) 
-                                        ASN1Util.decode(template, encoded);
-                               
+                                            values.elementAt(j));
+                                    org.mozilla.jss.asn1.ASN1Template template = new
+                                            org.mozilla.jss.pkix.cmmf.RevRequest.Template();
+                                    org.mozilla.jss.pkix.cmmf.RevRequest revRequest =
+                                            (org.mozilla.jss.pkix.cmmf.RevRequest)
+                                            ASN1Util.decode(template, encoded);
+
                                     // SEQUENCE RevRequest = (SEQUENCE)
-                                    //     ASN1Util.decode(
-                                    //         SEQUENCE.getTemplate(),
-                                    //         ASN1Util.encode(
-                                    //         values.elementAt(j)));
+                                    // ASN1Util.decode(
+                                    // SEQUENCE.getTemplate(),
+                                    // ASN1Util.encode(
+                                    // values.elementAt(j)));
 
                                     // SEQUENCE RevRequest =
-                                    //     values.elementAt(j);
+                                    // values.elementAt(j);
                                     // int revReqSize = RevRequest.size();
                                     // if( revReqSize > 3 ) {
-                                    //     INTEGER serialNumber =
-                                    //         new INTEGER((long)0);
+                                    // INTEGER serialNumber =
+                                    // new INTEGER((long)0);
                                     // }
 
                                     INTEGER temp = revRequest.getSerialNumber();
                                     int temp2 = temp.intValue();
-                                    
+
                                     bigIntArray[j] = temp;
-                                    authToken.set(TOKEN_CERT_SERIAL,bigIntArray);
-                                    
+                                    authToken.set(TOKEN_CERT_SERIAL, bigIntArray);
+
                                     long reasonCode = revRequest.getReason().getValue();
-                                    Integer IntObject = Integer.valueOf((int)reasonCode);
-                                    authToken.set(REASON_CODE,IntObject);
-                                    
-                                    authToken.set("uid",uid);
-                                    authToken.set("userid",userid);
+                                    Integer IntObject = Integer.valueOf((int) reasonCode);
+                                    authToken.set(REASON_CODE, IntObject);
+
+                                    authToken.set("uid", uid);
+                                    authToken.set("userid", userid);
                                 }
                             }
                         }
-                    
+
                     }
                 } else {
                     // enrollment request
@@ -487,48 +478,48 @@ public class CMCAuth implements IAuthManager, IExtendedPluginInfo,
                     for (int i = 0; i < numReqs; i++) {
                         // decode message.
                         TaggedRequest taggedRequest =
-                            (TaggedRequest) reqSequence.elementAt(i);
+                                (TaggedRequest) reqSequence.elementAt(i);
 
                         TaggedRequest.Type type = taggedRequest.getType();
 
                         if (type.equals(TaggedRequest.PKCS10)) {
                             CMS.debug("CMCAuth: in PKCS10");
                             TaggedCertificationRequest tcr =
-                                taggedRequest.getTcr();
+                                    taggedRequest.getTcr();
                             int p10Id = tcr.getBodyPartID().intValue();
 
                             reqIdArray[i] = String.valueOf(p10Id);
 
                             CertificationRequest p10 =
-                                tcr.getCertificationRequest();
+                                    tcr.getCertificationRequest();
 
                             // transfer to sun class
                             ByteArrayOutputStream ostream =
-                                new ByteArrayOutputStream();
+                                    new ByteArrayOutputStream();
 
                             p10.encode(ostream);
                             try {
                                 PKCS10 pkcs10 =
-                                    new PKCS10(ostream.toByteArray());
+                                        new PKCS10(ostream.toByteArray());
 
                                 // xxx do we need to do anything else?
                                 X509CertInfo certInfo =
-                                    CMS.getDefaultX509CertInfo();
+                                        CMS.getDefaultX509CertInfo();
 
                                 // fillPKCS10(certInfo,pkcs10,authToken,null);
 
                                 // authToken.set(
-                                //     pkcs10.getSubjectPublicKeyInfo());
+                                // pkcs10.getSubjectPublicKeyInfo());
 
                                 X500Name tempName = pkcs10.getSubjectName();
 
                                 // reset value of auditCertSubject
-                                if( tempName != null ) {
+                                if (tempName != null) {
                                     auditCertSubject =
-                                        tempName.toString().trim();
-                                    if( auditCertSubject.equals( "" ) ) {
+                                            tempName.toString().trim();
+                                    if (auditCertSubject.equals("")) {
                                         auditCertSubject =
-                                            ILogger.SIGNED_AUDIT_EMPTY_VALUE;
+                                                ILogger.SIGNED_AUDIT_EMPTY_VALUE;
                                     }
                                     authToken.set(AuthToken.TOKEN_CERT_SUBJECT,
                                               tempName.toString());
@@ -541,19 +532,19 @@ public class CMCAuth implements IAuthManager, IExtendedPluginInfo,
                             } catch (Exception e) {
                                 // store a message in the signed audit log file
                                 auditMessage = CMS.getLogMessage(
-                                    LOGGING_SIGNED_AUDIT_CMC_SIGNED_REQUEST_SIG_VERIFY,
-                                    auditSubjectID,
-                                    ILogger.FAILURE,
-                                    auditReqType,
-                                    auditCertSubject,
-                                    auditSignerInfo );
+                                        LOGGING_SIGNED_AUDIT_CMC_SIGNED_REQUEST_SIG_VERIFY,
+                                        auditSubjectID,
+                                        ILogger.FAILURE,
+                                        auditReqType,
+                                        auditCertSubject,
+                                        auditSignerInfo);
 
-                                audit( auditMessage );
+                                audit(auditMessage);
 
-                                //throw new ECMSGWException(
-                                //CMSGWResources.ERROR_PKCS101, e.toString());
+                                // throw new ECMSGWException(
+                                // CMSGWResources.ERROR_PKCS101, e.toString());
 
-                                e.printStackTrace();    
+                                e.printStackTrace();
                                 throw new EBaseException(e.toString());
                             }
                         } else if (type.equals(TaggedRequest.CRMF)) {
@@ -561,7 +552,7 @@ public class CMCAuth implements IAuthManager, IExtendedPluginInfo,
                             CMS.debug("CMCAuth: in CRMF");
                             try {
                                 CertReqMsg crm =
-                                    taggedRequest.getCrm();
+                                        taggedRequest.getCrm();
                                 CertRequest certReq = crm.getCertReq();
                                 INTEGER reqID = certReq.getCertReqId();
                                 reqIdArray[i] = reqID.toString();
@@ -570,16 +561,16 @@ public class CMCAuth implements IAuthManager, IExtendedPluginInfo,
 
                                 // xxx do we need to do anything else?
                                 X509CertInfo certInfo =
-                                    CMS.getDefaultX509CertInfo();
+                                        CMS.getDefaultX509CertInfo();
 
                                 // reset value of auditCertSubject
-                                if( name != null ) {
+                                if (name != null) {
                                     String ss = name.getRFC1485();
 
                                     auditCertSubject = ss;
-                                    if( auditCertSubject.equals( "" ) ) {
+                                    if (auditCertSubject.equals("")) {
                                         auditCertSubject =
-                                            ILogger.SIGNED_AUDIT_EMPTY_VALUE;
+                                                ILogger.SIGNED_AUDIT_EMPTY_VALUE;
                                     }
 
                                     authToken.set(AuthToken.TOKEN_CERT_SUBJECT, ss);
@@ -590,17 +581,17 @@ public class CMCAuth implements IAuthManager, IExtendedPluginInfo,
                             } catch (Exception e) {
                                 // store a message in the signed audit log file
                                 auditMessage = CMS.getLogMessage(
-                                    LOGGING_SIGNED_AUDIT_CMC_SIGNED_REQUEST_SIG_VERIFY,
-                                    auditSubjectID,
-                                    ILogger.FAILURE,
-                                    auditReqType,
-                                    auditCertSubject,
-                                    auditSignerInfo );
+                                        LOGGING_SIGNED_AUDIT_CMC_SIGNED_REQUEST_SIG_VERIFY,
+                                        auditSubjectID,
+                                        ILogger.FAILURE,
+                                        auditReqType,
+                                        auditCertSubject,
+                                        auditSignerInfo);
 
-                                audit( auditMessage );
+                                audit(auditMessage);
 
-                                //throw new ECMSGWException(
-                                //CMSGWResources.ERROR_PKCS101, e.toString());
+                                // throw new ECMSGWException(
+                                // CMSGWResources.ERROR_PKCS101, e.toString());
 
                                 e.printStackTrace();
                                 throw new EBaseException(e.toString());
@@ -608,141 +599,144 @@ public class CMCAuth implements IAuthManager, IExtendedPluginInfo,
                         }
 
                         // authToken.set(AgentAuthentication.CRED_CERT, new
-                        //     com.netscape.certsrv.usrgrp.Certificates(
-                        //     x509Certs));
+                        // com.netscape.certsrv.usrgrp.Certificates(
+                        // x509Certs));
                     }
                 }
             } catch (Exception e) {
                 // store a message in the signed audit log file
                 auditMessage = CMS.getLogMessage(
-                    LOGGING_SIGNED_AUDIT_CMC_SIGNED_REQUEST_SIG_VERIFY,
-                    auditSubjectID,
-                    ILogger.FAILURE,
-                    auditReqType,
-                    auditCertSubject,
-                    auditSignerInfo );
+                        LOGGING_SIGNED_AUDIT_CMC_SIGNED_REQUEST_SIG_VERIFY,
+                        auditSubjectID,
+                        ILogger.FAILURE,
+                        auditReqType,
+                        auditCertSubject,
+                        auditSignerInfo);
 
-                audit( auditMessage );
+                audit(auditMessage);
 
-                //Debug.printStackTrace(e);
+                // Debug.printStackTrace(e);
                 throw new EInvalidCredentials(CMS.getUserMessage(
-                    "CMS_AUTHENTICATION_INVALID_CREDENTIAL"));
+                        "CMS_AUTHENTICATION_INVALID_CREDENTIAL"));
             }
-        
+
             // store a message in the signed audit log file
             auditMessage = CMS.getLogMessage(
-                LOGGING_SIGNED_AUDIT_CMC_SIGNED_REQUEST_SIG_VERIFY,
-                auditSubjectID,
-                ILogger.SUCCESS,
-                auditReqType,
-                auditCertSubject,
-                auditSignerInfo );
+                    LOGGING_SIGNED_AUDIT_CMC_SIGNED_REQUEST_SIG_VERIFY,
+                    auditSubjectID,
+                    ILogger.SUCCESS,
+                    auditReqType,
+                    auditCertSubject,
+                    auditSignerInfo);
 
-            audit( auditMessage );
+            audit(auditMessage);
 
             return authToken;
-        } catch( EMissingCredential eAudit1 ) {
+        } catch (EMissingCredential eAudit1) {
             // store a message in the signed audit log file
             auditMessage = CMS.getLogMessage(
-                LOGGING_SIGNED_AUDIT_CMC_SIGNED_REQUEST_SIG_VERIFY,
-                auditSubjectID,
-                ILogger.FAILURE,
-                auditReqType,
-                auditCertSubject,
-                auditSignerInfo );
+                    LOGGING_SIGNED_AUDIT_CMC_SIGNED_REQUEST_SIG_VERIFY,
+                    auditSubjectID,
+                    ILogger.FAILURE,
+                    auditReqType,
+                    auditCertSubject,
+                    auditSignerInfo);
 
-            audit( auditMessage );
+            audit(auditMessage);
 
             // rethrow the specific exception to be handled later
             throw eAudit1;
-        } catch( EInvalidCredentials eAudit2 ) {
+        } catch (EInvalidCredentials eAudit2) {
             // store a message in the signed audit log file
             auditMessage = CMS.getLogMessage(
-                LOGGING_SIGNED_AUDIT_CMC_SIGNED_REQUEST_SIG_VERIFY,
-                auditSubjectID,
-                ILogger.FAILURE,
-                auditReqType,
-                auditCertSubject,
-                auditSignerInfo );
+                    LOGGING_SIGNED_AUDIT_CMC_SIGNED_REQUEST_SIG_VERIFY,
+                    auditSubjectID,
+                    ILogger.FAILURE,
+                    auditReqType,
+                    auditCertSubject,
+                    auditSignerInfo);
 
-            audit( auditMessage );
+            audit(auditMessage);
 
             // rethrow the specific exception to be handled later
             throw eAudit2;
-        } catch( EBaseException eAudit3 ) {
+        } catch (EBaseException eAudit3) {
             // store a message in the signed audit log file
             auditMessage = CMS.getLogMessage(
-                LOGGING_SIGNED_AUDIT_CMC_SIGNED_REQUEST_SIG_VERIFY,
-                auditSubjectID,
-                ILogger.FAILURE,
-                auditReqType,
-                auditCertSubject,
-                auditSignerInfo );
+                    LOGGING_SIGNED_AUDIT_CMC_SIGNED_REQUEST_SIG_VERIFY,
+                    auditSubjectID,
+                    ILogger.FAILURE,
+                    auditReqType,
+                    auditCertSubject,
+                    auditSignerInfo);
 
-            audit( auditMessage );
+            audit(auditMessage);
 
             // rethrow the specific exception to be handled later
             throw eAudit3;
         }
     }
-    
+
     /**
-     * Returns a list of configuration parameter names.
-     * The list is passed to the configuration console so instances of
-     * this implementation can be configured through the console.
+     * Returns a list of configuration parameter names. The list is passed to
+     * the configuration console so instances of this implementation can be
+     * configured through the console.
      * <p>
+     * 
      * @return String array of configuration parameter names.
      */
     public String[] getConfigParams() {
         return (mConfigParams);
     }
-    
+
     /**
-     * gets the configuration substore used by this authentication
-     *  plug-in
+     * gets the configuration substore used by this authentication plug-in
      * <p>
+     * 
      * @return configuration store
      */
     public IConfigStore getConfigStore() {
         return mConfig;
     }
-    
+
     /**
      * gets the plug-in name of this authentication plug-in.
      */
     public String getImplName() {
         return mImplName;
     }
-    
+
     /**
      * gets the name of this authentication plug-in instance
      */
     public String getName() {
         return mName;
     }
-    
+
     /**
      * get the list of required credentials.
      * <p>
+     * 
      * @return list of required credentials as strings.
      */
     public String[] getRequiredCreds() {
         return (mRequiredCreds);
     }
-    
+
     /**
      * prepares for shutdown.
      */
     public void shutdown() {
     }
-    
-    /////////////////////////////////
+
+    // ///////////////////////////////
     // IExtendedPluginInfo methods //
-    /////////////////////////////////
-    
+    // ///////////////////////////////
+
     /**
      * Activate the help system.
      * <p>
+     * 
      * @return help messages
      */
     public String[] getExtendedPluginInfo() {
@@ -755,14 +749,15 @@ public class CMCAuth implements IAuthManager, IExtendedPluginInfo,
         }
         return s;
     }
-    
-    ////////////////////
+
+    // //////////////////
     // Logger methods //
-    ////////////////////
-    
+    // //////////////////
+
     /**
      * Logs a message for this class in the system log file.
      * <p>
+     * 
      * @param level The log level.
      * @param msg The message to log.
      * @see com.netscape.certsrv.logging.ILogger
@@ -771,45 +766,46 @@ public class CMCAuth implements IAuthManager, IExtendedPluginInfo,
         if (mLogger == null)
             return;
         mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_AUTHENTICATION,
-            level, "CMC Authentication: " + msg);
+                level, "CMC Authentication: " + msg);
     }
-    
-    protected IAuthToken verifySignerInfo(AuthToken authToken,SignedData cmcFullReq) throws EInvalidCredentials {
-        
+
+    protected IAuthToken verifySignerInfo(AuthToken authToken, SignedData cmcFullReq) throws EInvalidCredentials {
+
         EncapsulatedContentInfo ci = cmcFullReq.getContentInfo();
         OBJECT_IDENTIFIER id = ci.getContentType();
         OCTET_STRING content = ci.getContent();
-        
+
         try {
             ByteArrayInputStream s = new ByteArrayInputStream(content.toByteArray());
             PKIData pkiData = (PKIData) (new PKIData.Template()).decode(s);
-            
+
             SET dais = cmcFullReq.getDigestAlgorithmIdentifiers();
             int numDig = dais.size();
             Hashtable digs = new Hashtable();
 
-            //if request key is used for signing, there MUST be only one signerInfo
-            //object in the signedData object.
+            // if request key is used for signing, there MUST be only one
+            // signerInfo
+            // object in the signedData object.
             for (int i = 0; i < numDig; i++) {
                 AlgorithmIdentifier dai =
-                    (AlgorithmIdentifier) dais.elementAt(i);
+                        (AlgorithmIdentifier) dais.elementAt(i);
                 String name =
-                    DigestAlgorithm.fromOID(dai.getOID()).toString();
-                
+                        DigestAlgorithm.fromOID(dai.getOID()).toString();
+
                 MessageDigest md =
-                    MessageDigest.getInstance(name);
-                
+                        MessageDigest.getInstance(name);
+
                 byte[] digest = md.digest(content.toByteArray());
 
                 digs.put(name, digest);
             }
-            
+
             SET sis = cmcFullReq.getSignerInfos();
             int numSis = sis.size();
-            
+
             for (int i = 0; i < numSis; i++) {
                 org.mozilla.jss.pkix.cms.SignerInfo si = (org.mozilla.jss.pkix.cms.SignerInfo) sis.elementAt(i);
-                
+
                 String name = si.getDigestAlgorithm().toString();
                 byte[] digest = (byte[]) digs.get(name);
 
@@ -819,9 +815,9 @@ public class CMCAuth implements IAuthManager, IExtendedPluginInfo,
 
                     pkiData.encode((OutputStream) ostream);
                     digest = md.digest(ostream.toByteArray());
-                    
+
                 }
-                // signed  by  previously certified signature key
+                // signed by previously certified signature key
                 SignerIdentifier sid = si.getSignerIdentifier();
 
                 if (sid.getType().equals(SignerIdentifier.ISSUER_AND_SERIALNUMBER)) {
@@ -833,30 +829,30 @@ public class CMCAuth implements IAuthManager, IExtendedPluginInfo,
                         SET certs = cmcFullReq.getCertificates();
                         int numCerts = certs.size();
                         java.security.cert.X509Certificate[] x509Certs = new java.security.cert.X509Certificate[1];
-                         byte[] certByteArray = new byte[0];
-                         for (int j = 0; j < numCerts; j++) {
+                        byte[] certByteArray = new byte[0];
+                        for (int j = 0; j < numCerts; j++) {
                             Certificate certJss = (Certificate) certs.elementAt(j);
                             CertificateInfo certI = certJss.getInfo();
                             Name issuer = certI.getIssuer();
-                            
+
                             byte[] issuerB = ASN1Util.encode(issuer);
-                            INTEGER sn = certI.getSerialNumber(); 
-                            // if this cert is the signer cert, not a cert in the chain
+                            INTEGER sn = certI.getSerialNumber();
+                            // if this cert is the signer cert, not a cert in
+                            // the chain
                             if (new String(issuerB).equals(new String(ASN1Util.encode(issuerAndSerialNumber.getIssuer())))
-                            && sn.toString().equals(issuerAndSerialNumber.getSerialNumber().toString()) ) 
-                            {
+                                    && sn.toString().equals(issuerAndSerialNumber.getSerialNumber().toString())) {
                                 ByteArrayOutputStream os = new
-                                    ByteArrayOutputStream();
+                                        ByteArrayOutputStream();
 
                                 certJss.encode(os);
-                                certByteArray =  os.toByteArray();
- 
+                                certByteArray = os.toByteArray();
+
                                 X509CertImpl tempcert = new X509CertImpl(os.toByteArray());
 
                                 cert = tempcert;
                                 x509Certs[0] = cert;
-                                 // xxx validate the cert length
-                                
+                                // xxx validate the cert length
+
                             }
                         }
                         CMS.debug("CMCAuth: start checking signature");
@@ -880,38 +876,38 @@ public class CMCAuth implements IAuthManager, IExtendedPluginInfo,
                             si.verify(digest, id, pubK);
                         }
                         CMS.debug("CMCAuth: finished checking signature");
-                         // verify signer's certificate using the revocator
-                        CryptoManager cm = CryptoManager.getInstance(); 
-                        if( ! cm.isCertValid( certByteArray, true,CryptoManager.CertUsage.SSLClient) )
+                        // verify signer's certificate using the revocator
+                        CryptoManager cm = CryptoManager.getInstance();
+                        if (!cm.isCertValid(certByteArray, true, CryptoManager.CertUsage.SSLClient))
                             throw new EInvalidCredentials(CMS.getUserMessage("CMS_AUTHENTICATION_INVALID_CREDENTIAL"));
 
-                       // authenticate signer's certificate using the userdb
+                        // authenticate signer's certificate using the userdb
                         IAuthSubsystem authSS = (IAuthSubsystem) CMS.getSubsystem(CMS.SUBSYSTEM_AUTH);
-                         
-                        IAuthManager agentAuth = authSS.getAuthManager(IAuthSubsystem.CERTUSERDB_AUTHMGR_ID);//AGENT_AUTHMGR_ID);
-                        IAuthCredentials agentCred  = new com.netscape.certsrv.authentication.AuthCredentials();
-                        
+
+                        IAuthManager agentAuth = authSS.getAuthManager(IAuthSubsystem.CERTUSERDB_AUTHMGR_ID);// AGENT_AUTHMGR_ID);
+                        IAuthCredentials agentCred = new com.netscape.certsrv.authentication.AuthCredentials();
+
                         agentCred.set(IAuthManager.CRED_SSL_CLIENT_CERT, x509Certs);
-                        
+
                         IAuthToken tempToken = agentAuth.authenticate(agentCred);
                         netscape.security.x509.X500Name tempPrincipal = (X500Name) x509Certs[0].getSubjectDN();
-                        String CN = (String) tempPrincipal.getCommonName();//tempToken.get("userid");
-                        
-                        BigInteger agentCertSerial  = x509Certs[0].getSerialNumber();
-                        authToken.set(IAuthManager.CRED_SSL_CLIENT_CERT,agentCertSerial.toString());
-                        tempToken.set("cn",CN);
+                        String CN = (String) tempPrincipal.getCommonName();// tempToken.get("userid");
+
+                        BigInteger agentCertSerial = x509Certs[0].getSerialNumber();
+                        authToken.set(IAuthManager.CRED_SSL_CLIENT_CERT, agentCertSerial.toString());
+                        tempToken.set("cn", CN);
                         return tempToken;
-                        
+
                     }
                     // find from internaldb if it's ca. (ra does not have that.)
                     // find from internaldb usrgrp info
-                    
+
                     // find from certDB
-					si.verify(digest, id);
-                    
-                } // 
+                    si.verify(digest, id);
+
+                } //
             }
-        }catch (InvalidBERException e) {
+        } catch (InvalidBERException e) {
             CMS.debug("CMCAuth: " + e.toString());
         } catch (IOException e) {
             CMS.debug("CMCAuth: " + e.toString());
@@ -919,7 +915,7 @@ public class CMCAuth implements IAuthManager, IExtendedPluginInfo,
             throw new EInvalidCredentials(CMS.getUserMessage("CMS_AUTHENTICATION_INVALID_CREDENTIAL"));
         }
         return (IAuthToken) null;
-        
+
     }
 
     public String[] getExtendedPluginInfo(Locale locale) {
@@ -929,22 +925,20 @@ public class CMCAuth implements IAuthManager, IExtendedPluginInfo,
     // Profile-related methods
 
     public void init(IProfile profile, IConfigStore config)
-        throws EProfileException {
+            throws EProfileException {
     }
 
     /**
      * Retrieves the localizable name of this policy.
      */
-    public String getName(Locale locale)
-    {
+    public String getName(Locale locale) {
         return CMS.getUserMessage(locale, "CMS_AUTHENTICATION_CMS_SIGN_NAME");
     }
 
     /**
      * Retrieves the localizable description of this policy.
      */
-    public String getText(Locale locale)
-    {
+    public String getText(Locale locale) {
         return CMS.getUserMessage(locale, "CMS_AUTHENTICATION_CMS_SIGN_TEXT");
     }
 
@@ -962,19 +956,18 @@ public class CMCAuth implements IAuthManager, IExtendedPluginInfo,
     }
 
     /**
-     * Retrieves the descriptor of the given value
-     * parameter by name.
+     * Retrieves the descriptor of the given value parameter by name.
      */
     public IDescriptor getValueDescriptor(Locale locale, String name) {
         if (name.equals(CRED_CMC)) {
             return new Descriptor(IDescriptor.STRING_LIST, null, null,
-              "CMC request");
+                    "CMC request");
         }
         return null;
     }
 
     public void populate(IAuthToken token, IRequest request)
-        throws EProfileException {
+            throws EProfileException {
         request.setExtData(IProfileAuthenticator.AUTHENTICATED_NAME,
                 token.getInString(AuthToken.TOKEN_CERT_SUBJECT));
     }
@@ -985,10 +978,10 @@ public class CMCAuth implements IAuthManager, IExtendedPluginInfo,
 
     /**
      * Signed Audit Log
-     *
+     * 
      * This method is called to store messages to the signed audit log.
      * <P>
-     *
+     * 
      * @param msg signed audit log message
      */
     private void audit(String msg) {
@@ -1000,19 +993,19 @@ public class CMCAuth implements IAuthManager, IExtendedPluginInfo,
         }
 
         mSignedAuditLogger.log(ILogger.EV_SIGNED_AUDIT,
-            null,
-            ILogger.S_SIGNED_AUDIT,
-            ILogger.LL_SECURITY,
-            msg);
+                null,
+                ILogger.S_SIGNED_AUDIT,
+                ILogger.LL_SECURITY,
+                msg);
     }
 
     /**
      * Signed Audit Log Subject ID
-     *
-     * This method is called to obtain the "SubjectID" for
-     * a signed audit log message.
+     * 
+     * This method is called to obtain the "SubjectID" for a signed audit log
+     * message.
      * <P>
-     *
+     * 
      * @return id string containing the signed audit log message SubjectID
      */
     private String auditSubjectID() {
@@ -1042,4 +1035,3 @@ public class CMCAuth implements IAuthManager, IExtendedPluginInfo,
         return subjectID;
     }
 }
-
diff --git a/pki/base/common/src/com/netscape/cms/authentication/Crypt.java b/pki/base/common/src/com/netscape/cms/authentication/Crypt.java
index 95012039..db4fda5f 100644
--- a/pki/base/common/src/com/netscape/cms/authentication/Crypt.java
+++ b/pki/base/common/src/com/netscape/cms/authentication/Crypt.java
@@ -17,151 +17,150 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.authentication;
 
-
 public class Crypt {
     // Static data:
     static byte[]
-        IP =		// Initial permutation
-        {
-            58, 50, 42, 34, 26, 18, 10, 2,
-            60, 52, 44, 36, 28, 20, 12, 4,
-            62, 54, 46, 38, 30, 22, 14, 6,
-            64, 56, 48, 40, 32, 24, 16, 8,
-            57, 49, 41, 33, 25, 17, 9, 1,
-            59, 51, 43, 35, 27, 19, 11, 3,
-            61, 53, 45, 37, 29, 21, 13, 5,
-            63, 55, 47, 39, 31, 23, 15, 7
+            IP = // Initial permutation
+            {
+                    58, 50, 42, 34, 26, 18, 10, 2,
+                    60, 52, 44, 36, 28, 20, 12, 4,
+                    62, 54, 46, 38, 30, 22, 14, 6,
+                    64, 56, 48, 40, 32, 24, 16, 8,
+                    57, 49, 41, 33, 25, 17, 9, 1,
+                    59, 51, 43, 35, 27, 19, 11, 3,
+                    61, 53, 45, 37, 29, 21, 13, 5,
+                    63, 55, 47, 39, 31, 23, 15, 7
         },
-        FP =		// Final permutation, FP = IP^(-1)
-        {
-            40, 8, 48, 16, 56, 24, 64, 32,
-            39, 7, 47, 15, 55, 23, 63, 31,
-            38, 6, 46, 14, 54, 22, 62, 30,
-            37, 5, 45, 13, 53, 21, 61, 29,
-            36, 4, 44, 12, 52, 20, 60, 28,
-            35, 3, 43, 11, 51, 19, 59, 27,
-            34, 2, 42, 10, 50, 18, 58, 26,
-            33, 1, 41, 9, 49, 17, 57, 25
+            FP = // Final permutation, FP = IP^(-1)
+            {
+                    40, 8, 48, 16, 56, 24, 64, 32,
+                    39, 7, 47, 15, 55, 23, 63, 31,
+                    38, 6, 46, 14, 54, 22, 62, 30,
+                    37, 5, 45, 13, 53, 21, 61, 29,
+                    36, 4, 44, 12, 52, 20, 60, 28,
+                    35, 3, 43, 11, 51, 19, 59, 27,
+                    34, 2, 42, 10, 50, 18, 58, 26,
+                    33, 1, 41, 9, 49, 17, 57, 25
         },
-        // Permuted-choice 1 from the key bits to yield C and D.
-        // Note that bits 8,16... are left out:
-        // They are intended for a parity check.
-        PC1_C =
+            // Permuted-choice 1 from the key bits to yield C and D.
+            // Note that bits 8,16... are left out:
+            // They are intended for a parity check.
+            PC1_C =
         {
-            57, 49, 41, 33, 25, 17, 9,
-            1, 58, 50, 42, 34, 26, 18,
-            10, 2, 59, 51, 43, 35, 27,
-            19, 11, 3, 60, 52, 44, 36
+                57, 49, 41, 33, 25, 17, 9,
+                1, 58, 50, 42, 34, 26, 18,
+                10, 2, 59, 51, 43, 35, 27,
+                19, 11, 3, 60, 52, 44, 36
         },
-        PC1_D =
+            PC1_D =
         {
-            63, 55, 47, 39, 31, 23, 15,
-            7, 62, 54, 46, 38, 30, 22,
-            14, 6, 61, 53, 45, 37, 29,
-            21, 13, 5, 28, 20, 12, 4
+                63, 55, 47, 39, 31, 23, 15,
+                7, 62, 54, 46, 38, 30, 22,
+                14, 6, 61, 53, 45, 37, 29,
+                21, 13, 5, 28, 20, 12, 4
         },
-        shifts =	// Sequence of shifts used for the key schedule.
-        {
-            1, 1, 2, 2, 2, 2, 2, 2, 1, 2, 2, 2, 2, 2, 2, 1
+            shifts = // Sequence of shifts used for the key schedule.
+            {
+                    1, 1, 2, 2, 2, 2, 2, 2, 1, 2, 2, 2, 2, 2, 2, 1
         },
-        // Permuted-choice 2, to pick out the bits from
-        // the CD array that generate the key schedule.
-        PC2_C =
+            // Permuted-choice 2, to pick out the bits from
+            // the CD array that generate the key schedule.
+            PC2_C =
         {
-            14, 17, 11, 24, 1, 5,
-            3, 28, 15, 6, 21, 10,
-            23, 19, 12, 4, 26, 8,
-            16, 7, 27, 20, 13, 2
+                14, 17, 11, 24, 1, 5,
+                3, 28, 15, 6, 21, 10,
+                23, 19, 12, 4, 26, 8,
+                16, 7, 27, 20, 13, 2
         },
-        PC2_D =
+            PC2_D =
         {
-            41, 52, 31, 37, 47, 55,
-            30, 40, 51, 45, 33, 48,
-            44, 49, 39, 56, 34, 53,
-            46, 42, 50, 36, 29, 32
+                41, 52, 31, 37, 47, 55,
+                30, 40, 51, 45, 33, 48,
+                44, 49, 39, 56, 34, 53,
+                46, 42, 50, 36, 29, 32
         },
-        e2 =		// The E-bit selection table. (see E below)
-        {
-            32, 1, 2, 3, 4, 5,
-            4, 5, 6, 7, 8, 9,
-            8, 9, 10, 11, 12, 13,
-            12, 13, 14, 15, 16, 17,
-            16, 17, 18, 19, 20, 21,
-            20, 21, 22, 23, 24, 25,
-            24, 25, 26, 27, 28, 29,
-            28, 29, 30, 31, 32, 1
+            e2 = // The E-bit selection table. (see E below)
+            {
+                    32, 1, 2, 3, 4, 5,
+                    4, 5, 6, 7, 8, 9,
+                    8, 9, 10, 11, 12, 13,
+                    12, 13, 14, 15, 16, 17,
+                    16, 17, 18, 19, 20, 21,
+                    20, 21, 22, 23, 24, 25,
+                    24, 25, 26, 27, 28, 29,
+                    28, 29, 30, 31, 32, 1
         },
-        // P is a permutation on the selected combination of
-        // the current L and key.
-        P =
+            // P is a permutation on the selected combination of
+            // the current L and key.
+            P =
         {
-            16, 7, 20, 21,
-            29, 12, 28, 17,
-            1, 15, 23, 26,
-            5, 18, 31, 10,
-            2, 8, 24, 14,
-            32, 27, 3, 9,
-            19, 13, 30, 6,
-            22, 11, 4, 25
+                16, 7, 20, 21,
+                29, 12, 28, 17,
+                1, 15, 23, 26,
+                5, 18, 31, 10,
+                2, 8, 24, 14,
+                32, 27, 3, 9,
+                19, 13, 30, 6,
+                22, 11, 4, 25
         };
-    // The 8 selection functions.  For some reason, they gave a 0-origin
+    // The 8 selection functions. For some reason, they gave a 0-origin
     // index, unlike everything else.
     static byte[][] S =
         {
-            {
-                14, 4, 13, 1, 2, 15, 11, 8, 3, 10, 6, 12, 5, 9, 0, 7,
-                0, 15, 7, 4, 14, 2, 13, 1, 10, 6, 12, 11, 9, 5, 3, 8,
-                4, 1, 14, 8, 13, 6, 2, 11, 15, 12, 9, 7, 3, 10, 5, 0,
-                15, 12, 8, 2, 4, 9, 1, 7, 5, 11, 3, 14, 10, 0, 6, 13
-            }, {
-                15, 1, 8, 14, 6, 11, 3, 4, 9, 7, 2, 13, 12, 0, 5, 10,
-                3, 13, 4, 7, 15, 2, 8, 14, 12, 0, 1, 10, 6, 9, 11, 5,
-                0, 14, 7, 11, 10, 4, 13, 1, 5, 8, 12, 6, 9, 3, 2, 15,
-                13, 8, 10, 1, 3, 15, 4, 2, 11, 6, 7, 12, 0, 5, 14, 9
-            }, {
-                10, 0, 9, 14, 6, 3, 15, 5, 1, 13, 12, 7, 11, 4, 2, 8,
-                13, 7, 0, 9, 3, 4, 6, 10, 2, 8, 5, 14, 12, 11, 15, 1,
-                13, 6, 4, 9, 8, 15, 3, 0, 11, 1, 2, 12, 5, 10, 14, 7,
-                1, 10, 13, 0, 6, 9, 8, 7, 4, 15, 14, 3, 11, 5, 2, 12
-            }, {
-                7, 13, 14, 3, 0, 6, 9, 10, 1, 2, 8, 5, 11, 12, 4, 15,
-                13, 8, 11, 5, 6, 15, 0, 3, 4, 7, 2, 12, 1, 10, 14, 9,
-                10, 6, 9, 0, 12, 11, 7, 13, 15, 1, 3, 14, 5, 2, 8, 4,
-                3, 15, 0, 6, 10, 1, 13, 8, 9, 4, 5, 11, 12, 7, 2, 14
-            }, {
-                2, 12, 4, 1, 7, 10, 11, 6, 8, 5, 3, 15, 13, 0, 14, 9,
-                14, 11, 2, 12, 4, 7, 13, 1, 5, 0, 15, 10, 3, 9, 8, 6,
-                4, 2, 1, 11, 10, 13, 7, 8, 15, 9, 12, 5, 6, 3, 0, 14,
-                11, 8, 12, 7, 1, 14, 2, 13, 6, 15, 0, 9, 10, 4, 5, 3
-            }, {
-                12, 1, 10, 15, 9, 2, 6, 8, 0, 13, 3, 4, 14, 7, 5, 11,
-                10, 15, 4, 2, 7, 12, 9, 5, 6, 1, 13, 14, 0, 11, 3, 8,
-                9, 14, 15, 5, 2, 8, 12, 3, 7, 0, 4, 10, 1, 13, 11, 6,
-                4, 3, 2, 12, 9, 5, 15, 10, 11, 14, 1, 7, 6, 0, 8, 13
-            }, {
-                4, 11, 2, 14, 15, 0, 8, 13, 3, 12, 9, 7, 5, 10, 6, 1,
-                13, 0, 11, 7, 4, 9, 1, 10, 14, 3, 5, 12, 2, 15, 8, 6,
-                1, 4, 11, 13, 12, 3, 7, 14, 10, 15, 6, 8, 0, 5, 9, 2,
-                6, 11, 13, 8, 1, 4, 10, 7, 9, 5, 0, 15, 14, 2, 3, 12
-            }, {
-                13, 2, 8, 4, 6, 15, 11, 1, 10, 9, 3, 14, 5, 0, 12, 7,
-                1, 15, 13, 8, 10, 3, 7, 4, 12, 5, 6, 11, 0, 14, 9, 2,
-                7, 11, 4, 1, 9, 12, 14, 2, 0, 6, 10, 13, 15, 3, 5, 8,
-                2, 1, 14, 7, 4, 10, 8, 13, 15, 12, 9, 0, 3, 5, 6, 11
-            }
+                {
+                        14, 4, 13, 1, 2, 15, 11, 8, 3, 10, 6, 12, 5, 9, 0, 7,
+                        0, 15, 7, 4, 14, 2, 13, 1, 10, 6, 12, 11, 9, 5, 3, 8,
+                        4, 1, 14, 8, 13, 6, 2, 11, 15, 12, 9, 7, 3, 10, 5, 0,
+                        15, 12, 8, 2, 4, 9, 1, 7, 5, 11, 3, 14, 10, 0, 6, 13
+                }, {
+                        15, 1, 8, 14, 6, 11, 3, 4, 9, 7, 2, 13, 12, 0, 5, 10,
+                        3, 13, 4, 7, 15, 2, 8, 14, 12, 0, 1, 10, 6, 9, 11, 5,
+                        0, 14, 7, 11, 10, 4, 13, 1, 5, 8, 12, 6, 9, 3, 2, 15,
+                        13, 8, 10, 1, 3, 15, 4, 2, 11, 6, 7, 12, 0, 5, 14, 9
+                }, {
+                        10, 0, 9, 14, 6, 3, 15, 5, 1, 13, 12, 7, 11, 4, 2, 8,
+                        13, 7, 0, 9, 3, 4, 6, 10, 2, 8, 5, 14, 12, 11, 15, 1,
+                        13, 6, 4, 9, 8, 15, 3, 0, 11, 1, 2, 12, 5, 10, 14, 7,
+                        1, 10, 13, 0, 6, 9, 8, 7, 4, 15, 14, 3, 11, 5, 2, 12
+                }, {
+                        7, 13, 14, 3, 0, 6, 9, 10, 1, 2, 8, 5, 11, 12, 4, 15,
+                        13, 8, 11, 5, 6, 15, 0, 3, 4, 7, 2, 12, 1, 10, 14, 9,
+                        10, 6, 9, 0, 12, 11, 7, 13, 15, 1, 3, 14, 5, 2, 8, 4,
+                        3, 15, 0, 6, 10, 1, 13, 8, 9, 4, 5, 11, 12, 7, 2, 14
+                }, {
+                        2, 12, 4, 1, 7, 10, 11, 6, 8, 5, 3, 15, 13, 0, 14, 9,
+                        14, 11, 2, 12, 4, 7, 13, 1, 5, 0, 15, 10, 3, 9, 8, 6,
+                        4, 2, 1, 11, 10, 13, 7, 8, 15, 9, 12, 5, 6, 3, 0, 14,
+                        11, 8, 12, 7, 1, 14, 2, 13, 6, 15, 0, 9, 10, 4, 5, 3
+                }, {
+                        12, 1, 10, 15, 9, 2, 6, 8, 0, 13, 3, 4, 14, 7, 5, 11,
+                        10, 15, 4, 2, 7, 12, 9, 5, 6, 1, 13, 14, 0, 11, 3, 8,
+                        9, 14, 15, 5, 2, 8, 12, 3, 7, 0, 4, 10, 1, 13, 11, 6,
+                        4, 3, 2, 12, 9, 5, 15, 10, 11, 14, 1, 7, 6, 0, 8, 13
+                }, {
+                        4, 11, 2, 14, 15, 0, 8, 13, 3, 12, 9, 7, 5, 10, 6, 1,
+                        13, 0, 11, 7, 4, 9, 1, 10, 14, 3, 5, 12, 2, 15, 8, 6,
+                        1, 4, 11, 13, 12, 3, 7, 14, 10, 15, 6, 8, 0, 5, 9, 2,
+                        6, 11, 13, 8, 1, 4, 10, 7, 9, 5, 0, 15, 14, 2, 3, 12
+                }, {
+                        13, 2, 8, 4, 6, 15, 11, 1, 10, 9, 3, 14, 5, 0, 12, 7,
+                        1, 15, 13, 8, 10, 3, 7, 4, 12, 5, 6, 11, 0, 14, 9, 2,
+                        7, 11, 4, 1, 9, 12, 14, 2, 0, 6, 10, 13, 15, 3, 5, 8,
+                        2, 1, 14, 7, 4, 10, 8, 13, 15, 12, 9, 0, 3, 5, 6, 11
+                }
         };
 
     // Dynamic data:
-    byte[] C = new byte[28],		// The C and D arrays used to
-        D = new byte[28],		// calculate the key schedule.
-        E = new byte[48],		// The E bit-selection table.
-        L = new byte[32],		// The current block,
-        R = new byte[32],		//  divided into two halves.
-        tempL = new byte[32],
-        f = new byte[32],
-        preS = new byte[48];		// The combination of the key and
+    byte[] C = new byte[28], // The C and D arrays used to
+            D = new byte[28], // calculate the key schedule.
+            E = new byte[48], // The E bit-selection table.
+            L = new byte[32], // The current block,
+            R = new byte[32], // divided into two halves.
+            tempL = new byte[32],
+            f = new byte[32],
+            preS = new byte[48]; // The combination of the key and
     // the input, before selection.
-    // The key schedule.  Generated from the key.
+    // The key schedule. Generated from the key.
     byte[][] KS = new byte[16][48];
 
     // Object fields:
@@ -169,17 +168,17 @@ public class Crypt {
 
     // Public methods:
     /**
-     * Create Crypt object with no passwd or salt set.  Must use setPasswd()
-     * and setSalt() before getEncryptedPasswd().
+     * Create Crypt object with no passwd or salt set. Must use setPasswd() and
+     * setSalt() before getEncryptedPasswd().
      */
     public Crypt() {
         Passwd = Salt = Encrypt = "";
     }
 
     /**
-     * Create a Crypt object with specified salt.  Use setPasswd() before
+     * Create a Crypt object with specified salt. Use setPasswd() before
      * getEncryptedPasswd().
-     *
+     * 
      * @param salt the salt string for encryption
      */
     public Crypt(String salt) {
@@ -189,10 +188,9 @@ public class Crypt {
     }
 
     /**
-     * Create a Crypt object with specified passwd and salt (often the
-     * already encypted passwd).  Get the encrypted result with
-     * getEncryptedPasswd().
-     *
+     * Create a Crypt object with specified passwd and salt (often the already
+     * encypted passwd). Get the encrypted result with getEncryptedPasswd().
+     * 
      * @param passwd the passwd to encrypt
      * @param salt the salt string for encryption
      */
@@ -204,7 +202,7 @@ public class Crypt {
 
     /**
      * Retrieve the passwd string currently being encrypted.
-     *
+     * 
      * @return the current passwd string
      */
     public String getPasswd() {
@@ -213,7 +211,7 @@ public class Crypt {
 
     /**
      * Retrieve the salt string currently being used for encryption.
-     *
+     * 
      * @return the current salt string
      */
     public String getSalt() {
@@ -221,9 +219,9 @@ public class Crypt {
     }
 
     /**
-     * Retrieve the resulting encrypted string from the current passwd and
-     * salt settings.
-     *
+     * Retrieve the resulting encrypted string from the current passwd and salt
+     * settings.
+     * 
      * @return the encrypted passwd
      */
     public String getEncryptedPasswd() {
@@ -231,9 +229,9 @@ public class Crypt {
     }
 
     /**
-     * Set a new passwd string for encryption.  Use getEncryptedPasswd() to
+     * Set a new passwd string for encryption. Use getEncryptedPasswd() to
      * retrieve the new result.
-     *
+     * 
      * @param passwd the new passwd string
      */
     public void setPasswd(String passwd) {
@@ -242,9 +240,9 @@ public class Crypt {
     }
 
     /**
-     * Set a new salt string for encryption.  Use getEncryptedPasswd() to
+     * Set a new salt string for encryption. Use getEncryptedPasswd() to
      * retrieve the new result.
-     *
+     * 
      * @param salt the new salt string
      */
     public void setSalt(String salt) {
@@ -254,19 +252,17 @@ public class Crypt {
 
     // Internal crypt methods:
     String crypt() {
-        if (Salt.length() == 0) return "";
+        if (Salt.length() == 0)
+            return "";
         int i, j, pwi;
         byte c, temp;
-        byte[] block = new byte[66],
-            iobuf = new byte[16],
-            salt = new byte[2],
-            pw = Passwd.getBytes(),		//jdk1.1
-            saltbytes = Salt.getBytes();			//jdk1.1
+        byte[] block = new byte[66], iobuf = new byte[16], salt = new byte[2], pw = Passwd.getBytes(), // jdk1.1
+        saltbytes = Salt.getBytes(); // jdk1.1
 
-        //	  pw = new byte[Passwd.length()],	//jdk1.0.2
-        // saltbytes = new byte[Salt.length()];		//jdk1.0.2
-        //Passwd.getBytes(0,Passwd.length(),pw,0);	//jdk1.0.2
-        //Salt.getBytes(0,Salt.length(),saltbytes,0);	//jdk1.0.2
+        // pw = new byte[Passwd.length()], //jdk1.0.2
+        // saltbytes = new byte[Salt.length()]; //jdk1.0.2
+        // Passwd.getBytes(0,Passwd.length(),pw,0); //jdk1.0.2
+        // Salt.getBytes(0,Salt.length(),saltbytes,0); //jdk1.0.2
 
         salt[0] = saltbytes[0];
         salt[1] = (saltbytes.length > 1) ? saltbytes[1] : 0;
@@ -288,8 +284,10 @@ public class Crypt {
         for (i = 0; i < 2; i++) {
             c = salt[i];
             iobuf[i] = c;
-            if (c > 'Z') c -= 6;
-            if (c > '9') c -= 7;
+            if (c > 'Z')
+                c -= 6;
+            if (c > '9')
+                c -= 7;
             c -= '.';
             for (j = 0; j < 6; j++) {
                 if (((c >> j) & 1) != 0) {
@@ -311,8 +309,10 @@ public class Crypt {
                 c |= block[6 * i + j];
             }
             c += '.';
-            if (c > '9') c += 7;
-            if (c > 'Z') c += 6;
+            if (c > '9')
+                c += 7;
+            if (c > 'Z')
+                c += 6;
             iobuf[i + 2] = c;
         }
 
@@ -320,16 +320,16 @@ public class Crypt {
         if (iobuf[1] == 0)
             iobuf[1] = iobuf[0];
 
-        return new String(iobuf);		//jdk1.1
-        //return new String(iobuf,0);		//jdk1.0.2
+        return new String(iobuf); // jdk1.1
+        // return new String(iobuf,0); //jdk1.0.2
     }
 
-    void setkey(byte[] key)	// Set up the key schedule from the key.
+    void setkey(byte[] key) // Set up the key schedule from the key.
     {
         int i, j, k;
         byte t;
 
-        // First, generate C and D by permuting the key.  The low order bit
+        // First, generate C and D by permuting the key. The low order bit
         // of each 8-bit char is not used, so C and D are only 28 bits apiece.
         for (i = 0; i < 28; i++) {
             C[i] = key[PC1_C[i] - 1];
@@ -369,41 +369,41 @@ public class Crypt {
         byte k;
 
         // First, permute the bits in the input
-        //for (j = 0; j < 64; j++)
-        //{
-        //    L[j] = block[IP[j]-1];
-        //}
+        // for (j = 0; j < 64; j++)
+        // {
+        // L[j] = block[IP[j]-1];
+        // }
         for (j = 0; j < 32; j++)
             L[j] = block[IP[j] - 1];
         for (j = 32; j < 64; j++)
             R[j - 32] = block[IP[j] - 1];
 
-            // Perform an encryption operation 16 times.
+        // Perform an encryption operation 16 times.
         for (ii = 0; ii < 16; ii++) {
             i = ii;
             // Save the R array, which will be the new L.
             for (j = 0; j < 32; j++)
                 tempL[j] = R[j];
-                // Expand R to 48 bits using the E selector;
-                //  exclusive-or with the current key bits.
+            // Expand R to 48 bits using the E selector;
+            // exclusive-or with the current key bits.
             for (j = 0; j < 48; j++)
                 preS[j] = (byte) (R[E[j] - 1] ^ KS[i][j]);
 
-                // The pre-select bits are now considered in 8 groups of
-                // 6 bits each.  The 8 selection functions map these 6-bit
-                // quantities into 4-bit quantities and the results permuted
-                // to make an f(R, K).  The indexing into the selection functions
-                // is peculiar; it could be simplified by rewriting the tables.
+            // The pre-select bits are now considered in 8 groups of
+            // 6 bits each. The 8 selection functions map these 6-bit
+            // quantities into 4-bit quantities and the results permuted
+            // to make an f(R, K). The indexing into the selection functions
+            // is peculiar; it could be simplified by rewriting the tables.
             for (j = 0; j < 8; j++) {
                 t = 6 * j;
-                k = S[j][ (preS[t  ] << 5) +
+                k = S[j][(preS[t] << 5) +
                         (preS[t + 1] << 3) +
                         (preS[t + 2] << 2) +
                         (preS[t + 3] << 1) +
                         (preS[t + 4]) +
-                        (preS[t + 5] << 4) ];
+                        (preS[t + 5] << 4)];
                 t = 4 * j;
-                f[t  ] = (byte) ((k >> 3) & 1);
+                f[t] = (byte) ((k >> 3) & 1);
                 f[t + 1] = (byte) ((k >> 2) & 1);
                 f[t + 2] = (byte) ((k >> 1) & 1);
                 f[t + 3] = (byte) ((k) & 1);
@@ -430,7 +430,7 @@ public class Crypt {
 
         // The final output gets the inverse permutation of the very original.
         for (j = 0; j < 64; j++) {
-            //block[j] = L[FP[j]-1];
+            // block[j] = L[FP[j]-1];
             block[j] = (FP[j] > 32) ? R[FP[j] - 33] : L[FP[j] - 1];
         }
     }
diff --git a/pki/base/common/src/com/netscape/cms/authentication/DNPattern.java b/pki/base/common/src/com/netscape/cms/authentication/DNPattern.java
index 1f2eb69a..a221f68f 100644
--- a/pki/base/common/src/com/netscape/cms/authentication/DNPattern.java
+++ b/pki/base/common/src/com/netscape/cms/authentication/DNPattern.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.authentication;
 
-
 import java.io.IOException;
 import java.io.PushbackReader;
 import java.io.StringReader;
@@ -28,24 +27,27 @@ import netscape.ldap.LDAPEntry;
 import com.netscape.certsrv.authentication.EAuthException;
 import com.netscape.certsrv.base.EBaseException;
 
-
 /**
- * class for parsing a DN pattern used to construct a certificate 
- * subject name from ldap attributes and dn.<p>
+ * class for parsing a DN pattern used to construct a certificate subject name
+ * from ldap attributes and dn.
+ * <p>
  * 
- * dnpattern is a string representing a subject name pattern to formulate from 
- * the directory attributes and entry dn. If empty or not set, the 
- * ldap entry DN will be used as the certificate subject name. <p>
+ * dnpattern is a string representing a subject name pattern to formulate from
+ * the directory attributes and entry dn. If empty or not set, the ldap entry DN
+ * will be used as the certificate subject name.
+ * <p>
+ * 
+ * The syntax is
  * 
- * The syntax is 
  * <pre>
- *		dnPattern := rdnPattern *[ "," rdnPattern ]
- *		rdnPattern := avaPattern *[ "+" avaPattern ]
+ * 	dnPattern := rdnPattern *[ "," rdnPattern ]
+ * 	rdnPattern := avaPattern *[ "+" avaPattern ]
  * 		avaPattern := name "=" value | 
- *				      name "=" "$attr" "." attrName [ "." attrNumber ] | 
- *				      name "=" "$dn" "." attrName [ "." attrNumber ] | 
- *				 	  "$dn" "." "$rdn" "." number
+ * 			      name "=" "$attr" "." attrName [ "." attrNumber ] | 
+ * 			      name "=" "$dn" "." attrName [ "." attrNumber ] | 
+ * 			 	  "$dn" "." "$rdn" "." number
  * </pre>
+ * 
  * <pre>
  * Example1: <i>E=$attr.mail.1, CN=$attr.cn, OU=$dn.ou.2, O=$dn.o, C=US </i>
  * Ldap entry: dn:  UID=jjames, OU=IS, OU=people, O=acme.org
@@ -72,11 +74,12 @@ import com.netscape.certsrv.base.EBaseException;
  *     E = the first 'mail' ldap attribute value in user's entry. <br>
  *     CN = the (first) 'cn' ldap attribute value in the user's entry. <br>
  *     OU = the second 'ou' value in the user's entry DN. note multiple AVAs
- *		    in a RDN in this example. <br>
+ * 	    in a RDN in this example. <br>
  *     O = the (first) 'o' value in the user's entry DN. <br>
  *     C = the string "US"
  * <p>
  * </pre>
+ * 
  * <pre>
  * Example3: <i>CN=$attr.cn, $rdn.2, O=$dn.o, C=US</i>
  * Ldap entry: dn:  UID=jjames, OU=IS+OU=people, O=acme.org
@@ -101,15 +104,16 @@ import com.netscape.certsrv.base.EBaseException;
  * <p>	
  *     CN = the (first) 'cn' ldap attribute value in the user's entry. <br>
  *     OU = the second 'ou' value in the user's entry DN followed by the 
- *			first 'ou' value in the user's entry. note multiple AVAs
- *		    in a RDN in this example. <br>
+ * 		first 'ou' value in the user's entry. note multiple AVAs
+ * 	    in a RDN in this example. <br>
  *     O = the (first) 'o' value in the user's entry DN. <br>
  *     C = the string "US"
  * <p>
  * </pre>
- * If an attribute or subject DN component does not exist the attribute 
- * is skipped.
- *
+ * 
+ * If an attribute or subject DN component does not exist the attribute is
+ * skipped.
+ * 
  * @version $Revision$, $Date$
  */
 public class DNPattern {
@@ -125,15 +129,16 @@ public class DNPattern {
 
     protected String mTestDN = null;
 
-    /** 
+    /**
      * Construct a DN pattern by parsing a pattern string.
+     * 
      * @param pattern the DN pattern
-     * @exception EBaseException If parsing error occurs. 
+     * @exception EBaseException If parsing error occurs.
      */
     public DNPattern(String pattern)
-        throws EAuthException {
+            throws EAuthException {
         if (pattern == null || pattern.equals("")) {
-            // create an attribute list that is the dn. 
+            // create an attribute list that is the dn.
             mLdapAttrs = new String[] { "dn" };
         } else {
             mPatternString = pattern;
@@ -143,13 +148,13 @@ public class DNPattern {
         }
     }
 
-    public DNPattern(PushbackReader in) 
-        throws EAuthException {
+    public DNPattern(PushbackReader in)
+            throws EAuthException {
         parse(in);
     }
 
     private void parse(PushbackReader in)
-        throws EAuthException {
+            throws EAuthException {
         Vector rdnPatterns = new Vector();
         RDNPattern rdnPattern = null;
         int lastChar = -1;
@@ -162,8 +167,7 @@ public class DNPattern {
             } catch (IOException e) {
                 throw new EAuthException("CMS_AUTHENTICATION_INTERNAL_ERROR", e.toString());
             }
-        }
-        while (lastChar == ',');
+        } while (lastChar == ',');
 
         mRDNPatterns = new RDNPattern[rdnPatterns.size()];
         rdnPatterns.copyInto(mRDNPatterns);
@@ -173,8 +177,8 @@ public class DNPattern {
         for (int i = 0; i < mRDNPatterns.length; i++) {
             String[] rdnAttrs = mRDNPatterns[i].getLdapAttrs();
 
-            if (rdnAttrs != null && rdnAttrs.length > 0) 
-                for (int j = 0; j < rdnAttrs.length; j++) 
+            if (rdnAttrs != null && rdnAttrs.length > 0)
+                for (int j = 0; j < rdnAttrs.length; j++)
                     ldapAttrs.addElement(rdnAttrs[j]);
         }
         mLdapAttrs = new String[ldapAttrs.size()];
@@ -183,11 +187,12 @@ public class DNPattern {
 
     /**
      * Form a Ldap v3 DN string from results of a ldap search.
+     * 
      * @param entry LDAPentry from a ldap search
-     * @return Ldap v3 DN string to use for a subject name. 
+     * @return Ldap v3 DN string to use for a subject name.
      */
     public String formDN(LDAPEntry entry)
-        throws EAuthException {
+            throws EAuthException {
         StringBuffer formedDN = new StringBuffer();
 
         for (int i = 0; i < mRDNPatterns.length; i++) {
@@ -197,13 +202,13 @@ public class DNPattern {
 
             if (rdn != null) {
                 if (rdn != null && rdn.length() != 0) {
-                    if (formedDN.length() != 0) 
+                    if (formedDN.length() != 0)
                         formedDN.append(",");
                     formedDN.append(rdn);
                 }
             }
         }
-        //System.out.println("formed DN "+formedDN.toString());
+        // System.out.println("formed DN "+formedDN.toString());
         return formedDN.toString();
     }
 
diff --git a/pki/base/common/src/com/netscape/cms/authentication/DirBasedAuthentication.java b/pki/base/common/src/com/netscape/cms/authentication/DirBasedAuthentication.java
index c9b64fca..41fb9699 100644
--- a/pki/base/common/src/com/netscape/cms/authentication/DirBasedAuthentication.java
+++ b/pki/base/common/src/com/netscape/cms/authentication/DirBasedAuthentication.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.authentication;
 
-
 // ldap java sdk
 import java.io.IOException;
 import java.security.cert.CertificateException;
@@ -57,29 +56,28 @@ import com.netscape.certsrv.ldap.ILdapConnFactory;
 import com.netscape.certsrv.logging.ILogger;
 import com.netscape.cmsutil.util.Utils;
 
-
 /**
- * Abstract class for directory based authentication managers
- * Uses a pattern for formulating subject names. 
- * The pattern is read from configuration file. 
+ * Abstract class for directory based authentication managers Uses a pattern for
+ * formulating subject names. The pattern is read from configuration file.
  * Syntax of the pattern is described in the init() method.
  * 
  * <P>
+ * 
  * @version $Revision$, $Date$
  */
-public abstract class DirBasedAuthentication 
-    implements IAuthManager, IExtendedPluginInfo {
+public abstract class DirBasedAuthentication
+        implements IAuthManager, IExtendedPluginInfo {
 
-    protected static final String USER_DN = "userDN";  
+    protected static final String USER_DN = "userDN";
 
     /* configuration parameter keys */
-    protected static final String PROP_LDAP = "ldap";  
-    protected static final String PROP_BASEDN = "basedn";  
-    protected static final String PROP_DNPATTERN = "dnpattern";  
+    protected static final String PROP_LDAP = "ldap";
+    protected static final String PROP_BASEDN = "basedn";
+    protected static final String PROP_DNPATTERN = "dnpattern";
     protected static final String PROP_LDAPSTRINGATTRS = "ldapStringAttributes";
     protected static final String PROP_LDAPBYTEATTRS = "ldapByteAttributes";
 
-    // members 
+    // members
 
     /* name of this authentication manager instance */
     protected String mName = null;
@@ -105,20 +103,24 @@ public abstract class DirBasedAuthentication
     /* the subject DN pattern */
     protected DNPattern mPattern = null;
 
-    /* the list of LDAP attributes with string values to retrieve to 
-     * save in the auth token including ones from the dn pattern. */
+    /*
+     * the list of LDAP attributes with string values to retrieve to save in the
+     * auth token including ones from the dn pattern.
+     */
     protected String[] mLdapStringAttrs = null;
 
-    /* the list of LDAP attributes with byte[] values to retrive to save 
-     * in authtoken. */
+    /*
+     * the list of LDAP attributes with byte[] values to retrive to save in
+     * authtoken.
+     */
     protected String[] mLdapByteAttrs = null;
 
-    /* the combined list of LDAP attriubutes to retrieve*/
+    /* the combined list of LDAP attriubutes to retrieve */
     protected String[] mLdapAttrs = null;
 
     /* default dn pattern if left blank or not set in the config */
-    protected static String DEFAULT_DNPATTERN = 
-        "E=$attr.mail, CN=$attr.cn, O=$dn.o, C=$dn.c";
+    protected static String DEFAULT_DNPATTERN =
+            "E=$attr.mail, CN=$attr.cn, O=$dn.o, C=$dn.c";
 
     /* Vector of extendedPluginInfo strings */
     protected static Vector<String> mExtendedPluginInfo = null;
@@ -126,31 +128,31 @@ public abstract class DirBasedAuthentication
     static {
         mExtendedPluginInfo = new Vector<String>();
         mExtendedPluginInfo.add(PROP_DNPATTERN + ";string;Template for cert" +
-            " Subject Name. ($dn.xxx - get value from user's LDAP " +
-            "DN.  $attr.yyy - get value from LDAP attributes in " +
-            "user's entry.) Default: " + DEFAULT_DNPATTERN);
+                " Subject Name. ($dn.xxx - get value from user's LDAP " +
+                "DN.  $attr.yyy - get value from LDAP attributes in " +
+                "user's entry.) Default: " + DEFAULT_DNPATTERN);
         mExtendedPluginInfo.add(PROP_LDAPSTRINGATTRS + ";string;" +
-            "Comma-separated list of LDAP attributes to copy from " +
-            "the user's LDAP entry into the AuthToken. e.g use " +
-            "'mail' to copy user's email address for subjectAltName");
+                "Comma-separated list of LDAP attributes to copy from " +
+                "the user's LDAP entry into the AuthToken. e.g use " +
+                "'mail' to copy user's email address for subjectAltName");
         mExtendedPluginInfo.add(PROP_LDAPBYTEATTRS + ";string;" +
-            "Comma-separated list of binary LDAP attributes to copy" +
-            " from the user's LDAP entry into the AuthToken");
+                "Comma-separated list of binary LDAP attributes to copy" +
+                " from the user's LDAP entry into the AuthToken");
         mExtendedPluginInfo.add("ldap.ldapconn.host;string,required;" +
-            "LDAP host to connect to");
+                "LDAP host to connect to");
         mExtendedPluginInfo.add("ldap.ldapconn.port;number,required;" +
-            "LDAP port number (use 389, or 636 if SSL)");
+                "LDAP port number (use 389, or 636 if SSL)");
         mExtendedPluginInfo.add("ldap.ldapconn.secureConn;boolean;" +
-            "Use SSL to connect to directory?");
+                "Use SSL to connect to directory?");
         mExtendedPluginInfo.add("ldap.ldapconn.version;choice(3,2);" +
-            "LDAP protocol version");
+                "LDAP protocol version");
         mExtendedPluginInfo.add("ldap.basedn;string,required;Base DN to start searching " +
-            "under. If your user's DN is 'uid=jsmith, o=company', you " +
-            "might want to use 'o=company' here");
+                "under. If your user's DN is 'uid=jsmith, o=company', you " +
+                "might want to use 'o=company' here");
         mExtendedPluginInfo.add("ldap.minConns;number;number of connections " +
-            "to keep open to directory server. Default 5.");
+                "to keep open to directory server. Default 5.");
         mExtendedPluginInfo.add("ldap.maxConns;number;when needed, connection " +
-            "pool can grow to this many (multiplexed) connections. Default 1000.");
+                "pool can grow to this many (multiplexed) connections. Default 1000.");
     }
 
     /**
@@ -163,24 +165,26 @@ public abstract class DirBasedAuthentication
      * Initializes the UidPwdDirBasedAuthentication auth manager.
      * 
      * Takes the following configuration parameters: <br>
+     * 
      * <pre>
-     *		ldap.basedn             - the ldap base dn.
-     *		ldap.ldapconn.host      - the ldap host.
-     *		ldap.ldapconn.port      - the ldap port 
-     *		ldap.ldapconn.secureConn - whether port should be secure 
-     *		ldap.minConns           - minimum connections
-     *		ldap.maxConns           - max connections
-     *		dnpattern               - dn pattern.
+     * 	ldap.basedn             - the ldap base dn.
+     * 	ldap.ldapconn.host      - the ldap host.
+     * 	ldap.ldapconn.port      - the ldap port 
+     * 	ldap.ldapconn.secureConn - whether port should be secure 
+     * 	ldap.minConns           - minimum connections
+     * 	ldap.maxConns           - max connections
+     * 	dnpattern               - dn pattern.
      * </pre>
      * <p>
-     * <i><b>dnpattern</b></i> is a string representing a subject name pattern 
-     * to formulate from the directory attributes and entry dn. If empty or 
-     * not set, the ldap entry DN will be used as the certificate subject name.
+     * <i><b>dnpattern</b></i> is a string representing a subject name pattern
+     * to formulate from the directory attributes and entry dn. If empty or not
+     * set, the ldap entry DN will be used as the certificate subject name.
      * <p>
-     * The syntax is 
+     * The syntax is
+     * 
      * <pre>
      *     dnpattern = SubjectNameComp *[ "," SubjectNameComp ]
-     *
+     * 
      *     SubjectNameComponent = DnComp | EntryComp | ConstantComp  
      *     DnComp = CertAttr "=" "$dn" "." DnAttr "." Num
      *     EntryComp = CertAttr "=" "$attr" "." EntryAttr "." Num
@@ -190,11 +194,12 @@ public abstract class DirBasedAuthentication
      *     CertAttr  =  a Component in the Certificate Subject Name
      *                  (multiple AVA in one RDN not supported) 
      *     Num       =  the nth value of tha attribute  in the dn or entry.
-     *     Constant  =  Constant String, with any accepted ldap string value. 
+     *     Constant  =  Constant String, with any accepted ldap string value.
      * 
      * </pre>
      * <p>
      * <b>Example:</b>
+     * 
      * <pre>
      * dnpattern: 
      *     E=$attr.mail.1, CN=$attr.cn, OU=$attr.ou.2, O=$dn.o, C=US
@@ -213,6 +218,7 @@ public abstract class DirBasedAuthentication
      * </pre>
      * <p>
      * The subject name formulated in the cert will be : <br>
+     * 
      * <pre>
      *   E=joesmith@acme.com, CN=Joe Smith, OU=Human Resources, O=Acme.com, C=US
      *   
@@ -229,19 +235,20 @@ public abstract class DirBasedAuthentication
      * @exception EBaseException If an error occurs during initialization.
      */
     public void init(String name, String implName, IConfigStore config)
-        throws EBaseException {
+            throws EBaseException {
         init(name, implName, config, true);
     }
 
     public void init(String name, String implName, IConfigStore config, boolean needBaseDN)
-        throws EBaseException {
+            throws EBaseException {
         mName = name;
         mImplName = implName;
         mConfig = config;
 
         /* initialize ldap server configuration */
         mLdapConfig = mConfig.getSubStore(PROP_LDAP);
-        if (needBaseDN) mBaseDN = mLdapConfig.getString(PROP_BASEDN);
+        if (needBaseDN)
+            mBaseDN = mLdapConfig.getString(PROP_BASEDN);
         if (needBaseDN && ((mBaseDN == null) || (mBaseDN.length() == 0) || (mBaseDN.trim().equals(""))))
             throw new EPropertyNotFound(CMS.getUserMessage("CMS_BASE_GET_PROPERTY_FAILED", "basedn"));
         mConnFactory = CMS.getLdapAnonConnFactory();
@@ -250,7 +257,7 @@ public abstract class DirBasedAuthentication
         /* initialize dn pattern */
         String pattern = mConfig.getString(PROP_DNPATTERN, null);
 
-        if (pattern == null || pattern.length() == 0) 
+        if (pattern == null || pattern.length() == 0)
             pattern = DEFAULT_DNPATTERN;
         mPattern = new DNPattern(pattern);
         String[] patternLdapAttrs = mPattern.getLdapAttrs();
@@ -261,15 +268,15 @@ public abstract class DirBasedAuthentication
         if (ldapStringAttrs == null) {
             mLdapStringAttrs = patternLdapAttrs;
         } else {
-            StringTokenizer pAttrs = 
-                new StringTokenizer(ldapStringAttrs, ",", false);
+            StringTokenizer pAttrs =
+                    new StringTokenizer(ldapStringAttrs, ",", false);
             int begin = 0;
 
             if (patternLdapAttrs != null && patternLdapAttrs.length > 0) {
-                mLdapStringAttrs = new String[ 
+                mLdapStringAttrs = new String[
                         patternLdapAttrs.length + pAttrs.countTokens()];
-                System.arraycopy(patternLdapAttrs, 0, 
-                    mLdapStringAttrs, 0, patternLdapAttrs.length);
+                System.arraycopy(patternLdapAttrs, 0,
+                        mLdapStringAttrs, 0, patternLdapAttrs.length);
                 begin = patternLdapAttrs.length;
             } else {
                 mLdapStringAttrs = new String[pAttrs.countTokens()];
@@ -285,11 +292,11 @@ public abstract class DirBasedAuthentication
         if (ldapByteAttrs == null) {
             mLdapByteAttrs = new String[0];
         } else {
-            StringTokenizer byteAttrs = 
-                new StringTokenizer(ldapByteAttrs, ",", false);
+            StringTokenizer byteAttrs =
+                    new StringTokenizer(ldapByteAttrs, ",", false);
 
             mLdapByteAttrs = new String[byteAttrs.countTokens()];
-            for (int j = 0; j < mLdapByteAttrs.length; j++) { 
+            for (int j = 0; j < mLdapByteAttrs.length; j++) {
                 mLdapByteAttrs[j] = ((String) byteAttrs.nextElement()).trim();
             }
         }
@@ -297,10 +304,10 @@ public abstract class DirBasedAuthentication
         /* make the combined list */
         mLdapAttrs =
                 new String[mLdapStringAttrs.length + mLdapByteAttrs.length];
-        System.arraycopy(mLdapStringAttrs, 0, mLdapAttrs, 
-            0, mLdapStringAttrs.length);
-        System.arraycopy(mLdapByteAttrs, 0, mLdapAttrs, 
-            mLdapStringAttrs.length, mLdapByteAttrs.length);
+        System.arraycopy(mLdapStringAttrs, 0, mLdapAttrs,
+                0, mLdapStringAttrs.length);
+        System.arraycopy(mLdapByteAttrs, 0, mLdapAttrs,
+                mLdapStringAttrs.length, mLdapByteAttrs.length);
 
         log(ILogger.LL_INFO, CMS.getLogMessage("CMS_AUTH_INIT_DONE"));
     }
@@ -320,21 +327,22 @@ public abstract class DirBasedAuthentication
     }
 
     /**
-     * Authenticates user through LDAP by a set of credentials. 
-     * Resulting AuthToken a TOKEN_CERTINFO field of a X509CertInfo
+     * Authenticates user through LDAP by a set of credentials. Resulting
+     * AuthToken a TOKEN_CERTINFO field of a X509CertInfo
      * <p>
+     * 
      * @param authCred Authentication credentials, CRED_UID and CRED_PWD.
      * @return A AuthToken with a TOKEN_SUBJECT of X500name type.
-     * @exception com.netscape.certsrv.authentication.EMissingCredential
-     *			If a required authentication credential is missing.
-     * @exception com.netscape.certsrv.authentication.EInvalidCredentials
-     *			If credentials failed authentication.
-     * @exception com.netscape.certsrv.base.EBaseException 
-     *			If an internal error occurred. 
+     * @exception com.netscape.certsrv.authentication.EMissingCredential If a
+     *                required authentication credential is missing.
+     * @exception com.netscape.certsrv.authentication.EInvalidCredentials If
+     *                credentials failed authentication.
+     * @exception com.netscape.certsrv.base.EBaseException If an internal error
+     *                occurred.
      * @see com.netscape.certsrv.authentication.AuthToken
      */
     public IAuthToken authenticate(IAuthCredentials authCred)
-        throws EMissingCredential, EInvalidCredentials, EBaseException {
+            throws EMissingCredential, EInvalidCredentials, EBaseException {
         String userdn = null;
         LDAPConnection conn = null;
         AuthToken authToken = new AuthToken(this);
@@ -360,28 +368,28 @@ public abstract class DirBasedAuthentication
             // set subject name.
             try {
                 CertificateSubjectName subjectname = (CertificateSubjectName)
-                    certInfo.get(X509CertInfo.SUBJECT);
+                        certInfo.get(X509CertInfo.SUBJECT);
 
                 if (subjectname != null)
-                    authToken.set(AuthToken.TOKEN_CERT_SUBJECT, 
-                        subjectname.toString());
+                    authToken.set(AuthToken.TOKEN_CERT_SUBJECT,
+                            subjectname.toString());
             } // error means it's not set.
             catch (CertificateException e) {
             } catch (IOException e) {
             }
 
-            // set validity if any 
+            // set validity if any
             try {
                 CertificateValidity validity = (CertificateValidity)
-                    certInfo.get(X509CertInfo.VALIDITY);
+                        certInfo.get(X509CertInfo.VALIDITY);
 
                 if (validity != null) {
-                    // the gets throws IOException but only if attribute 
-                    // not recognized. In these cases they are always. 
-                    authToken.set(AuthToken.TOKEN_CERT_NOTBEFORE, 
-                        (Date)validity.get(CertificateValidity.NOT_BEFORE));
-                    authToken.set(AuthToken.TOKEN_CERT_NOTAFTER, 
-                        (Date)validity.get(CertificateValidity.NOT_AFTER));
+                    // the gets throws IOException but only if attribute
+                    // not recognized. In these cases they are always.
+                    authToken.set(AuthToken.TOKEN_CERT_NOTBEFORE,
+                            (Date) validity.get(CertificateValidity.NOT_BEFORE));
+                    authToken.set(AuthToken.TOKEN_CERT_NOTAFTER,
+                            (Date) validity.get(CertificateValidity.NOT_AFTER));
                 }
             } // error means it's not set.
             catch (CertificateException e) {
@@ -391,7 +399,7 @@ public abstract class DirBasedAuthentication
             // set extensions if any.
             try {
                 CertificateExtensions extensions = (CertificateExtensions)
-                    certInfo.get(X509CertInfo.EXTENSIONS);
+                        certInfo.get(X509CertInfo.EXTENSIONS);
 
                 if (extensions != null)
                     authToken.set(AuthToken.TOKEN_CERT_EXTENSIONS, extensions);
@@ -401,7 +409,7 @@ public abstract class DirBasedAuthentication
             }
 
         } finally {
-            if (conn != null) 
+            if (conn != null)
                 mConnFactory.returnConn(conn);
         }
 
@@ -410,15 +418,16 @@ public abstract class DirBasedAuthentication
 
     /**
      * get the list of required credentials.
+     * 
      * @return list of required credentials as strings.
      */
     public abstract String[] getRequiredCreds();
 
     /**
-     * Returns a list of configuration parameter names. 
-     * The list is passed to the configuration console so instances of 
-     * this implementation can be configured through the console.
-     *
+     * Returns a list of configuration parameter names. The list is passed to
+     * the configuration console so instances of this implementation can be
+     * configured through the console.
+     * 
      * @return String array of configuration parameter names.
      */
     public abstract String[] getConfigParams();
@@ -440,6 +449,7 @@ public abstract class DirBasedAuthentication
 
     /**
      * Gets the configuration substore used by this authentication manager
+     * 
      * @return configuration store
      */
     public IConfigStore getConfigStore() {
@@ -452,11 +462,11 @@ public abstract class DirBasedAuthentication
      * @param authCreds The authentication credentials.
      * @return The user's ldap entry dn.
      * @exception EInvalidCredentials If the uid and password are not valid
-     * @exception EBaseException If an internal error occurs. 
+     * @exception EBaseException If an internal error occurs.
      */
     protected abstract String authenticate(
-        LDAPConnection conn, IAuthCredentials authCreds, AuthToken token)
-        throws EBaseException;
+            LDAPConnection conn, IAuthCredentials authCreds, AuthToken token)
+            throws EBaseException;
 
     /**
      * Formulate the cert info.
@@ -465,24 +475,24 @@ public abstract class DirBasedAuthentication
      * @param userdn The user's dn.
      * @param certinfo A certinfo object to fill.
      * @param token A authentication token to fill.
-     * @exception EBaseException If an internal error occurs. 
+     * @exception EBaseException If an internal error occurs.
      */
-    protected void formCertInfo(LDAPConnection conn, 
-        String userdn, 
-        X509CertInfo certinfo,
-        AuthToken token)
-        throws EBaseException {
+    protected void formCertInfo(LDAPConnection conn,
+            String userdn,
+            X509CertInfo certinfo,
+            AuthToken token)
+            throws EBaseException {
         String dn = null;
         // get ldap attributes to retrieve.
         String[] attrs = getLdapAttrs();
 
-        // retrieve the attributes. 
+        // retrieve the attributes.
         try {
             if (conn != null) {
                 LDAPEntry entry = null;
-                LDAPSearchResults results = 
-                    conn.search(userdn, LDAPv2.SCOPE_BASE, "objectclass=*", 
-                        attrs, false);
+                LDAPSearchResults results =
+                        conn.search(userdn, LDAPv2.SCOPE_BASE, "objectclass=*",
+                                attrs, false);
 
                 if (!results.hasMoreElements()) {
                     log(ILogger.LL_FAILURE, CMS.getLogMessage("CMS_AUTH_NO_ATTR_ERROR"));
@@ -490,11 +500,11 @@ public abstract class DirBasedAuthentication
                 }
                 entry = results.next();
 
-                // formulate the subject dn 
+                // formulate the subject dn
                 try {
                     dn = formSubjectName(entry);
                 } catch (EBaseException e) {
-                    //e.printStackTrace();
+                    // e.printStackTrace();
                     throw e;
                 }
                 // Put selected values from the entry into the token
@@ -504,23 +514,23 @@ public abstract class DirBasedAuthentication
             }
 
             // add anything else in cert info such as validity, extensions
-            // (nothing now) 
+            // (nothing now)
 
             // pack the dn into X500name and set subject name.
             if (dn.length() == 0) {
-                EBaseException ex = 
-                    new EAuthException(CMS.getUserMessage("CMS_AUTHENTICATION_EMPTY_DN_FORMED", mName));
+                EBaseException ex =
+                        new EAuthException(CMS.getUserMessage("CMS_AUTHENTICATION_EMPTY_DN_FORMED", mName));
 
                 log(ILogger.LL_FAILURE, CMS.getLogMessage("CMS_AUTH_NO_DN_ERROR", ex.toString()));
                 throw ex;
             }
             X500Name subjectdn = new X500Name(dn);
 
-            certinfo.set(X509CertInfo.SUBJECT, 
-                new CertificateSubjectName(subjectdn));
+            certinfo.set(X509CertInfo.SUBJECT,
+                    new CertificateSubjectName(subjectdn));
         } catch (LDAPException e) {
             switch (e.getLDAPResultCode()) {
-            case LDAPException.SERVER_DOWN: 
+            case LDAPException.SERVER_DOWN:
                 log(ILogger.LL_FAILURE, CMS.getLogMessage("CMS_AUTH_NO_AUTH_ATTR_ERROR"));
                 throw new ELdapException(
                         CMS.getUserMessage("CMS_LDAP_SERVER_UNAVAILABLE", conn.getHost(), "" + conn.getPort()));
@@ -534,7 +544,7 @@ public abstract class DirBasedAuthentication
                 log(ILogger.LL_FAILURE, CMS.getLogMessage("LDAP_ERROR", e.toString()));
                 throw new ELdapException(
                         CMS.getUserMessage("CMS_LDAP_OTHER_LDAP_EXCEPTION",
-                            e.errorCodeToString()));
+                                e.errorCodeToString()));
             }
         } catch (IOException e) {
             log(ILogger.LL_FAILURE, CMS.getLogMessage("CMS_AUTH_CREATE_SUBJECT_ERROR", userdn, e.getMessage()));
@@ -546,26 +556,27 @@ public abstract class DirBasedAuthentication
     }
 
     /**
-     * Copy values from the LDAPEntry into the AuthToken. The
-     * list of values that should be store this way is given in
-     * a the ldapAttributes configuration parameter.
+     * Copy values from the LDAPEntry into the AuthToken. The list of values
+     * that should be store this way is given in a the ldapAttributes
+     * configuration parameter.
      */
     protected void setAuthTokenValues(LDAPEntry e, AuthToken tok) {
         for (int i = 0; i < mLdapStringAttrs.length; i++)
             setAuthTokenStringValue(mLdapStringAttrs[i], e, tok);
-        for (int j = 0; j < mLdapByteAttrs.length; j++) 
+        for (int j = 0; j < mLdapByteAttrs.length; j++)
             setAuthTokenByteValue(mLdapByteAttrs[j], e, tok);
     }
 
     protected void setAuthTokenStringValue(
-        String name, LDAPEntry entry, AuthToken tok) {
+            String name, LDAPEntry entry, AuthToken tok) {
         LDAPAttribute values = entry.getAttribute(name);
 
-        if (values == null) return;
+        if (values == null)
+            return;
 
         Vector<String> v = new Vector<String>();
         @SuppressWarnings("unchecked")
-		Enumeration<String> e = values.getStringValues();
+        Enumeration<String> e = values.getStringValues();
 
         while (e.hasMoreElements()) {
             v.addElement(e.nextElement());
@@ -579,14 +590,15 @@ public abstract class DirBasedAuthentication
     }
 
     protected void setAuthTokenByteValue(
-        String name, LDAPEntry entry, AuthToken tok) {
+            String name, LDAPEntry entry, AuthToken tok) {
         LDAPAttribute values = entry.getAttribute(name);
 
-        if (values == null) return;
+        if (values == null)
+            return;
 
         Vector<byte[]> v = new Vector<byte[]>();
         @SuppressWarnings("unchecked")
-		Enumeration<byte[]> e = values.getByteValues();
+        Enumeration<byte[]> e = values.getByteValues();
 
         while (e.hasMoreElements()) {
             v.addElement(e.nextElement());
@@ -602,6 +614,7 @@ public abstract class DirBasedAuthentication
     /**
      * Return a list of LDAP attributes with String values to retrieve.
      * Subclasses can override to return any set of attributes.
+     * 
      * @return Array of LDAP attributes to retrieve from the directory.
      */
     protected String[] getLdapAttrs() {
@@ -611,6 +624,7 @@ public abstract class DirBasedAuthentication
     /**
      * Return a list of LDAP attributes with byte[] values to retrieve.
      * Subclasses can override to return any set of attributes.
+     * 
      * @return Array of LDAP attributes to retrieve from the directory.
      */
     protected String[] getLdapByteAttrs() {
@@ -618,22 +632,21 @@ public abstract class DirBasedAuthentication
     }
 
     /**
-     * Formulate the subject name 
+     * Formulate the subject name
+     * 
      * @param entry The LDAP entry
      * @return The subject name string.
      * @exception EBaseException If an internal error occurs.
      */
     protected String formSubjectName(LDAPEntry entry)
-        throws EAuthException {
-        if (mPattern.mPatternString == null) 
+            throws EAuthException {
+        if (mPattern.mPatternString == null)
             return entry.getDN();
-		
-            /*
-             if (mTestDNString != null) {
-             mPattern.mTestDN = mTestDNString;
-             //System.out.println("Set DNPattern.mTestDN to "+mPattern.mTestDN);
-            }
-            */
+
+        /*
+         * if (mTestDNString != null) { mPattern.mTestDN = mTestDNString;
+         * //System.out.println("Set DNPattern.mTestDN to "+mPattern.mTestDN); }
+         */
 
         String dn = mPattern.formDN(entry);
 
@@ -643,6 +656,7 @@ public abstract class DirBasedAuthentication
 
     /**
      * Logs a message for this class in the system log file.
+     * 
      * @param level The log level.
      * @param msg The message to log.
      * @see com.netscape.certsrv.logging.ILogger
@@ -651,15 +665,14 @@ public abstract class DirBasedAuthentication
         if (mLogger == null)
             return;
         mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_AUTHENTICATION,
-            level, msg);
+                level, msg);
     }
 
     public String[] getExtendedPluginInfo(Locale locale) {
         String[] s = Utils.getStringArrayFromVector(mExtendedPluginInfo);
 
         return s;
-		
+
     }
 
 }
-
diff --git a/pki/base/common/src/com/netscape/cms/authentication/FlatFileAuth.java b/pki/base/common/src/com/netscape/cms/authentication/FlatFileAuth.java
index ab59c499..2bfc29c2 100644
--- a/pki/base/common/src/com/netscape/cms/authentication/FlatFileAuth.java
+++ b/pki/base/common/src/com/netscape/cms/authentication/FlatFileAuth.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.authentication;
 
-
 // ldap java sdk
 import java.io.BufferedReader;
 import java.io.BufferedWriter;
@@ -49,15 +48,14 @@ import com.netscape.certsrv.profile.IProfileAuthenticator;
 import com.netscape.certsrv.property.IDescriptor;
 import com.netscape.certsrv.request.IRequest;
 
-
 /**
- * This represents the authentication manager that authenticates
- * user against a file where id, and password are stored.
+ * This represents the authentication manager that authenticates user against a
+ * file where id, and password are stored.
  * 
  * @version $Revision$, $Date$
  */
-public class FlatFileAuth 
-    implements IProfileAuthenticator, IExtendedPluginInfo {
+public class FlatFileAuth
+        implements IProfileAuthenticator, IExtendedPluginInfo {
 
     /* configuration parameter keys */
     protected static final String PROP_FILENAME = "fileName";
@@ -66,39 +64,39 @@ public class FlatFileAuth
     protected static final String PROP_DEFERONFAILURE = "deferOnFailure";
 
     protected String mFilename = "config/pwfile";
-    protected long   mFileLastRead = 0;
+    protected long mFileLastRead = 0;
     protected String mKeyAttributes = "UID";
     protected String mAuthAttrs = "PWD";
     protected boolean mDeferOnFailure = true;
     private static final String DATE_PATTERN = "yyyy-MM-dd-HH-mm-ss";
     private static SimpleDateFormat mDateFormat = new SimpleDateFormat(DATE_PATTERN);
 
-    protected static String[] mConfigParams = 
-        new String[] {
-            PROP_FILENAME,
-            PROP_KEYATTRIBUTES,
-            PROP_AUTHATTRS,
-            PROP_DEFERONFAILURE
+    protected static String[] mConfigParams =
+            new String[] {
+                    PROP_FILENAME,
+                    PROP_KEYATTRIBUTES,
+                    PROP_AUTHATTRS,
+                    PROP_DEFERONFAILURE
         };
 
     public String[] getExtendedPluginInfo(Locale locale) {
         String s[] = {
                 PROP_FILENAME + ";string;Pathname of password file",
                 PROP_KEYATTRIBUTES + ";string;Comma-separated list of attributes" +
-                " which together form a unique identifier for the user",
+                        " which together form a unique identifier for the user",
                 PROP_AUTHATTRS + ";string;Comma-separated list of attributes" +
-                " which are used for further authentication",
+                        " which are used for further authentication",
                 PROP_DEFERONFAILURE + ";boolean;if user is not found, defer the " +
-                "request to the queue for manual-authentication (true), or " +
-                "simply rejected the request (false)"
+                        "request to the queue for manual-authentication (true), or " +
+                        "simply rejected the request (false)"
             };
 
         return s;
     }
-	
+
     /** name of this authentication manager instance */
     protected String mName = null;
-	
+
     protected String FFAUTH = "FlatFileAuth";
 
     /** name of the authentication manager plugin */
@@ -109,30 +107,31 @@ public class FlatFileAuth
 
     /** system logger */
     protected ILogger mLogger = CMS.getLogger();
-	
-    /** This array is created as to include all the requested attributes
-     *
+
+    /**
+     * This array is created as to include all the requested attributes
+     * 
      */
     String[] reqCreds = null;
 
     String[] authAttrs = null;
     String[] keyAttrs = null;
 
-    /** Hashtable of entries from Auth File. Hash index is the
-     *  concatenation of the attributes from matchAttributes property
+    /**
+     * Hashtable of entries from Auth File. Hash index is the concatenation of
+     * the attributes from matchAttributes property
      */
     protected Hashtable entries = null;
 
     /**
-     * Get the named property
-     * If the property is not set, use s as the default, and create
-     * a new value for the property in the config file.
+     * Get the named property If the property is not set, use s as the default,
+     * and create a new value for the property in the config file.
      * 
      * @param propertyName Property name
      * @param s The default value of the property
      */
     protected String getPropertyS(String propertyName, String s)
-        throws EBaseException {
+            throws EBaseException {
         String p;
 
         try {
@@ -149,15 +148,14 @@ public class FlatFileAuth
     }
 
     /**
-     * Get the named property,
-     * If the property is not set, use b as the default, and create
-     * a new value for the property in the config file.
+     * Get the named property, If the property is not set, use b as the default,
+     * and create a new value for the property in the config file.
      * 
      * @param propertyName Property name
      * @param b The default value of the property
      */
     protected boolean getPropertyB(String propertyName, boolean b)
-        throws EBaseException {
+            throws EBaseException {
         boolean p;
 
         try {
@@ -170,7 +168,7 @@ public class FlatFileAuth
     }
 
     public void init(String name, String implName, IConfigStore config)
-        throws EBaseException {
+            throws EBaseException {
         mName = name;
         mImplName = implName;
         mConfig = config;
@@ -219,6 +217,7 @@ public class FlatFileAuth
 
     /**
      * Log a message.
+     * 
      * @param level The logging level.
      * @param msg The message to log.
      */
@@ -226,16 +225,16 @@ public class FlatFileAuth
         if (mLogger == null)
             return;
         mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_AUTHENTICATION,
-            level, msg);
+                level, msg);
     }
- 
+
     void print(String s) {
         CMS.debug("FlatFileAuth: " + s);
     }
 
     /**
-     * Return a string array which is the union of all the string arrays
-     * passed in. The strings are treated as case sensitive
+     * Return a string array which is the union of all the string arrays passed
+     * in. The strings are treated as case sensitive
      */
 
     public String[] unionOfStrings(String[][] stringArrays) {
@@ -257,12 +256,11 @@ public class FlatFileAuth
             s[i] = (String) e.nextElement();
         }
         return s;
-		
+
     }
-			
+
     /**
-     * Split a comma-delimited String into an array of individual
-     * Strings.
+     * Split a comma-delimited String into an array of individual Strings.
      */
     private String[] splitOnComma(String s) {
         print("Splitting String: " + s + " on commas");
@@ -282,8 +280,8 @@ public class FlatFileAuth
     }
 
     /**
-     * Join an array of Strings into one string, with
-     * the specified string between each string
+     * Join an array of Strings into one string, with the specified string
+     * between each string
      */
 
     private String joinStringArray(String[] s, String sep) {
@@ -298,9 +296,9 @@ public class FlatFileAuth
         return sb.toString();
     }
 
-    private synchronized void updateFile (String key) {
+    private synchronized void updateFile(String key) {
         try {
-            String name = writeFile (key);
+            String name = writeFile(key);
             if (name != null) {
                 File orgFile = new File(mFilename);
                 long lastModified = orgFile.lastModified();
@@ -310,15 +308,15 @@ public class FlatFileAuth
                 } else {
                     mFileLastRead = newFile.lastModified();
                 }
-                if (orgFile.renameTo(new File(name.substring(0, name.length()-1)))) {
+                if (orgFile.renameTo(new File(name.substring(0, name.length() - 1)))) {
                     if (!newFile.renameTo(new File(mFilename))) {
                         log(ILogger.LL_FAILURE, CMS.getLogMessage("RENAME_FILE_ERROR", name, mFilename));
-                        File file = new File(name.substring(0, name.length()-1));
+                        File file = new File(name.substring(0, name.length() - 1));
                         file.renameTo(new File(mFilename));
                     }
                 } else {
                     log(ILogger.LL_FAILURE, CMS.getLogMessage("RENAME_FILE_ERROR", mFilename,
-                                                              name.substring(0, name.length()-1)));
+                                                              name.substring(0, name.length() - 1)));
                 }
             }
         } catch (Exception e) {
@@ -326,7 +324,7 @@ public class FlatFileAuth
         }
     }
 
-    private String writeFile (String key) {
+    private String writeFile(String key) {
         BufferedReader reader = null;
         BufferedWriter writer = null;
         String name = null;
@@ -334,9 +332,9 @@ public class FlatFileAuth
         boolean done = false;
         String line = null;
         try {
-            reader = new BufferedReader (new FileReader (mFilename));
-            name = mFilename+"."+mDateFormat.format(new Date())+"~";
-            writer = new BufferedWriter (new FileWriter(name));
+            reader = new BufferedReader(new FileReader(mFilename));
+            name = mFilename + "." + mDateFormat.format(new Date()) + "~";
+            writer = new BufferedWriter(new FileWriter(name));
             if (reader != null && writer != null) {
                 while ((line = reader.readLine()) != null) {
                     if (commentOutNextLine) {
@@ -374,12 +372,15 @@ public class FlatFileAuth
                 long s2 = 0;
                 File f1 = new File(mFilename);
                 File f2 = new File(name);
-                if (f1.exists()) s1 = f1.length();
-                if (f2.exists()) s2 = f2.length();
+                if (f1.exists())
+                    s1 = f1.length();
+                if (f2.exists())
+                    s2 = f2.length();
                 if (s1 > 0 && s2 > 0 && s2 > s1) {
                     done = true;
                 } else {
-                    if (f2.exists()) f2.delete();
+                    if (f2.exists())
+                        f2.delete();
                     name = null;
                 }
             }
@@ -390,27 +391,28 @@ public class FlatFileAuth
         return name;
     }
 
-
     /**
-     * Read a file with the following format: <p><pre>
+     * Read a file with the following format:
+     * <p>
+     * 
+     * <pre>
      * param1: valuea
      * param2: valueb
      * -blank-line-
      * param1: valuec
      * param2: valued
      * </pre>
-     *
+     * 
      * @param f The file to read
-     * @param keys The parameters to concat together to form the hash
-     *   key
+     * @param keys The parameters to concat together to form the hash key
      * @return a hashtable of hashtables.
      */
     protected Hashtable readFile(File f, String[] keys)
-        throws IOException {
+            throws IOException {
         log(ILogger.LL_INFO, "Reading file: " + f.getName());
         BufferedReader file = new BufferedReader(
                 new FileReader(f)
-            );
+                );
 
         String line;
         Hashtable allusers = new Hashtable();
@@ -429,7 +431,7 @@ public class FlatFileAuth
                 entry = new Hashtable();
             }
 
-            if (colon == -1) {    // no colon -> empty line signifies end of record
+            if (colon == -1) { // no colon -> empty line signifies end of record
                 if (!line.trim().equals("")) {
                     if (file != null) {
                         file.close();
@@ -458,8 +460,8 @@ public class FlatFileAuth
     }
 
     private void putEntry(Hashtable allUsers,
-        Hashtable entry, 
-        String[] keys) {
+            Hashtable entry,
+            String[] keys) {
         if (entry == null) {
             return;
         }
@@ -497,20 +499,20 @@ public class FlatFileAuth
     }
 
     /**
-     * Compare attributes provided by the user with those in
-     * in flat file.
-     *
+     * Compare attributes provided by the user with those in in flat file.
+     * 
      */
 
     private IAuthToken doAuthentication(Hashtable user, IAuthCredentials authCred)
-        throws EMissingCredential, EInvalidCredentials, EBaseException {
+            throws EMissingCredential, EInvalidCredentials, EBaseException {
         AuthToken authToken = new AuthToken(this);
 
         for (int i = 0; i < authAttrs.length; i++) {
             String ffvalue = (String) user.get(authAttrs[i]);
             String uservalue = (String) authCred.get(authAttrs[i]);
 
-            // print("checking authentication token (" + authAttrs[i] + ": " + uservalue + " against ff value: " + ffvalue);
+            // print("checking authentication token (" + authAttrs[i] + ": " +
+            // uservalue + " against ff value: " + ffvalue);
             if (!ffvalue.equals(uservalue)) {
                 throw new EInvalidCredentials(CMS.getUserMessage("CMS_AUTHENTICATION_INVALID_CREDENTIAL"));
             }
@@ -536,10 +538,10 @@ public class FlatFileAuth
 
     /**
      * Authenticate the request
-     *
+     * 
      */
     public IAuthToken authenticate(IAuthCredentials authCred)
-        throws EMissingCredential, EInvalidCredentials, EBaseException {
+            throws EMissingCredential, EInvalidCredentials, EBaseException {
         IAuthToken authToken = null;
         String keyForUser = "";
 
@@ -579,7 +581,7 @@ public class FlatFileAuth
             }
         }
 
-        // if a dn was specified in the password file for this user, 
+        // if a dn was specified in the password file for this user,
         // replace the requested dn with the one in the pwfile
         if (user != null) {
             String dn = (String) user.get("dn");
@@ -601,21 +603,21 @@ public class FlatFileAuth
     }
 
     /**
-     * Return a list of HTTP parameters which will be taken from the
-     * request posting and placed into the AuthCredentials block
-     *
-     * Note that this method will not be called until after the
-     * init() method is called
+     * Return a list of HTTP parameters which will be taken from the request
+     * posting and placed into the AuthCredentials block
+     * 
+     * Note that this method will not be called until after the init() method is
+     * called
      */
     public String[] getRequiredCreds() {
         print("getRequiredCreds returning: " + joinStringArray(reqCreds, ","));
         return reqCreds;
-	
+
     }
 
     /**
-     * Returns a list of configuration parameters, so the console
-     * can prompt the user when configuring.
+     * Returns a list of configuration parameters, so the console can prompt the
+     * user when configuring.
      */
     public String[] getConfigParams() {
         return mConfigParams;
@@ -640,7 +642,7 @@ public class FlatFileAuth
     }
 
     public void init(IProfile profile, IConfigStore config)
-        throws EProfileException {
+            throws EProfileException {
     }
 
     /**
@@ -666,7 +668,7 @@ public class FlatFileAuth
     }
 
     public void populate(IAuthToken token, IRequest request)
-        throws EProfileException {
+            throws EProfileException {
     }
 
     /**
diff --git a/pki/base/common/src/com/netscape/cms/authentication/HashAuthData.java b/pki/base/common/src/com/netscape/cms/authentication/HashAuthData.java
index 19bfab69..19e4f0e3 100644
--- a/pki/base/common/src/com/netscape/cms/authentication/HashAuthData.java
+++ b/pki/base/common/src/com/netscape/cms/authentication/HashAuthData.java
@@ -17,17 +17,16 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.authentication;
 
-
 // java sdk imports.
 import java.util.Hashtable;
 import java.util.Vector;
 
-
 /**
- * The structure stores the information of which machine is enabled for
- * the agent-initiated user enrollment, and whom agents enable this feature,
- * and the value of the timeout.
+ * The structure stores the information of which machine is enabled for the
+ * agent-initiated user enrollment, and whom agents enable this feature, and the
+ * value of the timeout.
  * <P>
+ * 
  * @version $Revision$, $Date$
  */
 public class HashAuthData extends Hashtable {
@@ -54,7 +53,7 @@ public class HashAuthData extends Hashtable {
         Vector val = (Vector) get(hostname);
 
         if (val == null) {
-            val = new Vector();   
+            val = new Vector();
             put(hostname, val);
         }
         val.setElementAt(agentName, 0);
@@ -117,4 +116,3 @@ public class HashAuthData extends Hashtable {
         val.setElementAt(Long.valueOf(lastLogin), 3);
     }
 }
-
diff --git a/pki/base/common/src/com/netscape/cms/authentication/HashAuthentication.java b/pki/base/common/src/com/netscape/cms/authentication/HashAuthentication.java
index 24a10e0a..4ef160ab 100644
--- a/pki/base/common/src/com/netscape/cms/authentication/HashAuthentication.java
+++ b/pki/base/common/src/com/netscape/cms/authentication/HashAuthentication.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.authentication;
 
-
 // ldap java sdk
 import java.security.MessageDigest;
 import java.security.NoSuchAlgorithmException;
@@ -40,11 +39,10 @@ import com.netscape.certsrv.base.IExtendedPluginInfo;
 import com.netscape.certsrv.logging.ILogger;
 import com.netscape.cmsutil.util.Utils;
 
-
 /**
  * Hash uid/pwd directory based authentication manager
  * <P>
- *
+ * 
  * @version $Revision$, $Date$
  */
 public class HashAuthentication implements IAuthManager, IExtendedPluginInfo {
@@ -71,18 +69,18 @@ public class HashAuthentication implements IAuthManager, IExtendedPluginInfo {
     private ILogger mLogger = CMS.getLogger();
     private static Vector mExtendedPluginInfo = null;
     private HashAuthData mHosts = null;
-   
+
     static String[] mConfigParams =
-        new String[] {};
+            new String[] {};
 
     static {
         mExtendedPluginInfo = new Vector();
         mExtendedPluginInfo.add(IExtendedPluginInfo.HELP_TEXT +
-            ";Authenticate the username and password provided " +
-            "by the user against an LDAP directory. Works with the " +
-            "Dir Based Enrollment HTML form");
+                ";Authenticate the username and password provided " +
+                "by the user against an LDAP directory. Works with the " +
+                "Dir Based Enrollment HTML form");
         mExtendedPluginInfo.add(IExtendedPluginInfo.HELP_TOKEN +
-            ";configuration-authrules-uidpwddirauth");
+                ";configuration-authrules-uidpwddirauth");
     };
 
     /**
@@ -91,8 +89,8 @@ public class HashAuthentication implements IAuthManager, IExtendedPluginInfo {
     public HashAuthentication() {
     }
 
-    public void init(String name, String implName, IConfigStore config)  
-        throws EBaseException {
+    public void init(String name, String implName, IConfigStore config)
+            throws EBaseException {
         mName = name;
         mImplName = implName;
         mConfig = config;
@@ -124,7 +122,7 @@ public class HashAuthentication implements IAuthManager, IExtendedPluginInfo {
     }
 
     public void createEntry(String host, String dn, long timeout,
-        String secret, long lastLogin) {
+            String secret, long lastLogin) {
         Vector v = new Vector();
 
         v.addElement(dn);
@@ -141,7 +139,7 @@ public class HashAuthentication implements IAuthManager, IExtendedPluginInfo {
     public String getAgentName(String hostname) {
         return mHosts.getAgentName(hostname);
     }
-    
+
     public void setAgentName(String hostname, String agentName) {
         mHosts.setAgentName(hostname, agentName);
     }
@@ -184,7 +182,7 @@ public class HashAuthentication implements IAuthManager, IExtendedPluginInfo {
         if (mLogger == null)
             return;
         mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_AUTHENTICATION,
-            level, msg);
+                level, msg);
     }
 
     public boolean validFingerprint(String host, String pageID, String uid, String fingerprint) {
@@ -192,7 +190,7 @@ public class HashAuthentication implements IAuthManager, IExtendedPluginInfo {
 
         if (val.equals(fingerprint))
             return true;
-        return false; 
+        return false;
     }
 
     public Enumeration getHosts() {
@@ -200,8 +198,8 @@ public class HashAuthentication implements IAuthManager, IExtendedPluginInfo {
     }
 
     public String hashFingerprint(String host, String pageID, String uid) {
-        byte[] hash = 
-            mSHADigest.digest((SALT + pageID + getSecret(host) + uid).getBytes());        
+        byte[] hash =
+                mSHADigest.digest((SALT + pageID + getSecret(host) + uid).getBytes());
         String b64E = com.netscape.osutil.OSUtil.BtoA(hash);
 
         return "{SHA}" + b64E;
@@ -216,18 +214,18 @@ public class HashAuthentication implements IAuthManager, IExtendedPluginInfo {
      * @param authCreds The authentication credentials.
      * @return The user's ldap entry dn.
      * @exception EInvalidCredentials If the uid and password are not valid
-     * @exception EBaseException If an internal error occurs. 
+     * @exception EBaseException If an internal error occurs.
      */
     public IAuthToken authenticate(IAuthCredentials authCreds)
-        throws EBaseException {
+            throws EBaseException {
         AuthToken token = new AuthToken(this);
         String fingerprint = (String) authCreds.get(CRED_FINGERPRINT);
         String pageID = (String) authCreds.get(CRED_PAGEID);
         String uid = (String) authCreds.get(CRED_UID);
         String host = (String) authCreds.get(CRED_HOST);
 
-        if (fingerprint.equals("") || 
-            !validFingerprint(host, pageID, uid, fingerprint)) {
+        if (fingerprint.equals("") ||
+                !validFingerprint(host, pageID, uid, fingerprint)) {
             log(ILogger.LL_FAILURE, CMS.getLogMessage("CMS_AUTH_INVALID_FINGER_PRINT"));
             throw new EAuthException("Invalid Fingerprint");
         }
@@ -240,6 +238,7 @@ public class HashAuthentication implements IAuthManager, IExtendedPluginInfo {
 
     /**
      * Returns array of required credentials for this authentication manager.
+     * 
      * @return Array of required credentials.
      */
     public String[] getRequiredCreds() {
@@ -248,6 +247,7 @@ public class HashAuthentication implements IAuthManager, IExtendedPluginInfo {
 
     /**
      * Gets the configuration substore used by this authentication manager
+     * 
      * @return configuration store
      */
     public IConfigStore getConfigStore() {
@@ -276,14 +276,13 @@ public class HashAuthentication implements IAuthManager, IExtendedPluginInfo {
     }
 
     /**
-     * Returns a list of configuration parameter names. 
-     * The list is passed to the configuration console so instances of 
-     * this implementation can be configured through the console.
-     *
+     * Returns a list of configuration parameter names. The list is passed to
+     * the configuration console so instances of this implementation can be
+     * configured through the console.
+     * 
      * @return String array of configuration parameter names.
      */
     public String[] getConfigParams() {
         return (mConfigParams);
     }
 }
-
diff --git a/pki/base/common/src/com/netscape/cms/authentication/PortalEnroll.java b/pki/base/common/src/com/netscape/cms/authentication/PortalEnroll.java
index 56c8739a..491151bb 100644
--- a/pki/base/common/src/com/netscape/cms/authentication/PortalEnroll.java
+++ b/pki/base/common/src/com/netscape/cms/authentication/PortalEnroll.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.authentication;
 
-
 // ldap java sdk
 import java.util.Enumeration;
 import java.util.Locale;
@@ -49,26 +48,25 @@ import com.netscape.certsrv.ldap.ELdapException;
 import com.netscape.certsrv.ldap.ILdapConnFactory;
 import com.netscape.certsrv.logging.ILogger;
 
-
 /**
  * uid/pwd directory based authentication manager
  * <P>
- *
+ * 
  * @version $Revision$, $Date$
  */
 public class PortalEnroll extends DirBasedAuthentication {
 
     /* configuration parameter keys */
-    protected static final String PROP_LDAPAUTH = "ldapauth";  
-    protected static final String PROP_AUTHTYPE = "authtype";  
-    protected static final String PROP_BINDDN = "bindDN";  
-    protected static final String PROP_BINDPW = "bindPW";  
-    protected static final String PROP_LDAPCONN = "ldapconn";  
-    protected static final String PROP_HOST = "host";  
-    protected static final String PROP_PORT = "port";  
-    protected static final String PROP_SECURECONN = "secureConn";  
-    protected static final String PROP_VERSION = "version";  
-    protected static final String PROP_OBJECTCLASS = "objectclass";  
+    protected static final String PROP_LDAPAUTH = "ldapauth";
+    protected static final String PROP_AUTHTYPE = "authtype";
+    protected static final String PROP_BINDDN = "bindDN";
+    protected static final String PROP_BINDPW = "bindPW";
+    protected static final String PROP_LDAPCONN = "ldapconn";
+    protected static final String PROP_HOST = "host";
+    protected static final String PROP_PORT = "port";
+    protected static final String PROP_SECURECONN = "secureConn";
+    protected static final String PROP_VERSION = "version";
+    protected static final String PROP_OBJECTCLASS = "objectclass";
 
     /* required credentials to authenticate. uid and pwd are strings. */
     public static final String CRED_UID = "uid";
@@ -80,83 +78,84 @@ public class PortalEnroll extends DirBasedAuthentication {
     private String mObjectClass = null;
     private String mBindDN = null;
     private String mBaseDN = null;
-    private ILdapConnFactory  mLdapFactory = null;
-    private LDAPConnection        mLdapConn = null;
+    private ILdapConnFactory mLdapFactory = null;
+    private LDAPConnection mLdapConn = null;
 
     // contains all nested superiors' required attrs in the form of a
-    //	vector of "required" attributes in Enumeration
+    // vector of "required" attributes in Enumeration
     Vector mRequiredAttrs = null;
-     
+
     // contains all nested superiors' optional attrs in the form of a
-    //	vector of "optional" attributes in Enumeration
+    // vector of "optional" attributes in Enumeration
     Vector mOptionalAttrs = null;
 
     // contains all the objclasses, including superiors and itself
     Vector mObjClasses = null;
-     
-    /* Holds configuration parameters accepted by this implementation.
-     * This list is passed to the configuration console so configuration
-     * for instances of this implementation can be configured through the
-     * console.
+
+    /*
+     * Holds configuration parameters accepted by this implementation. This list
+     * is passed to the configuration console so configuration for instances of
+     * this implementation can be configured through the console.
      */
-    protected static String[] mConfigParams = 
-        new String[] { 
-            PROP_DNPATTERN,
-            "ldap.ldapconn.host",
-            "ldap.ldapconn.port",
-            "ldap.ldapconn.secureConn",
-            "ldap.ldapconn.version",
-            "ldap.ldapauth.bindDN",
-            "ldap.ldapauth.bindPWPrompt",
-            "ldap.ldapauth.clientCertNickname",
-            "ldap.ldapauth.authtype",
-            "ldap.basedn",
-            "ldap.objectclass",
-            "ldap.minConns", 
-            "ldap.maxConns",
+    protected static String[] mConfigParams =
+            new String[] {
+                    PROP_DNPATTERN,
+                    "ldap.ldapconn.host",
+                    "ldap.ldapconn.port",
+                    "ldap.ldapconn.secureConn",
+                    "ldap.ldapconn.version",
+                    "ldap.ldapauth.bindDN",
+                    "ldap.ldapauth.bindPWPrompt",
+                    "ldap.ldapauth.clientCertNickname",
+                    "ldap.ldapauth.authtype",
+                    "ldap.basedn",
+                    "ldap.objectclass",
+                    "ldap.minConns",
+                    "ldap.maxConns",
         };
-					  
+
     /**
      * Default constructor, initialization must follow.
      */
-    public PortalEnroll() 
-        throws EBaseException {	
+    public PortalEnroll()
+            throws EBaseException {
         super();
     }
 
     /**
      * Initializes the PortalEnrollment auth manager.
      * <p>
+     * 
      * @param name - The name for this authentication manager instance.
      * @param implName - The name of the authentication manager plugin.
      * @param config - The configuration store for this instance.
      * @exception EBaseException If an error occurs during initialization.
      */
     public void init(String name, String implName, IConfigStore config)
-        throws EBaseException {
+            throws EBaseException {
         super.init(name, implName, config);
-		
+
         /* Get Bind DN for directory server */
         mConfig = mLdapConfig.getSubStore(PROP_LDAPAUTH);
         mBindDN = mConfig.getString(PROP_BINDDN);
-        if ( (mBindDN == null) || (mBindDN.length() == 0) || (mBindDN == ""))
+        if ((mBindDN == null) || (mBindDN.length() == 0) || (mBindDN == ""))
             throw new EPropertyNotFound(CMS.getUserMessage("CMS_BASE_GET_PROPERTY_FAILED", "binddn"));
-		
-            /* Get Bind DN for directory server */
+
+        /* Get Bind DN for directory server */
         mBaseDN = mLdapConfig.getString(PROP_BASEDN);
         if ((mBaseDN == null) || (mBaseDN.length() == 0) || (mBaseDN == ""))
             throw new EPropertyNotFound(CMS.getUserMessage("CMS_BASE_GET_PROPERTY_FAILED", "basedn"));
-		
-            /* Get Object clase name for enrollment */
+
+        /* Get Object clase name for enrollment */
         mObjectClass = mLdapConfig.getString(PROP_OBJECTCLASS);
-        if (mObjectClass == null || mObjectClass.length() == 0) 
+        if (mObjectClass == null || mObjectClass.length() == 0)
             throw new EPropertyNotFound(CMS.getUserMessage("CMS_BASE_GET_PROPERTY_FAILED", "objectclass"));
 
-            /* Get connect parameter */
+        /* Get connect parameter */
         mLdapFactory = CMS.getLdapBoundConnFactory();
         mLdapFactory.init(mLdapConfig);
         mLdapConn = mLdapFactory.getConn();
-		
+
         log(ILogger.LL_INFO, CMS.getLogMessage("CMS_AUTH_PORTAL_INIT"));
     }
 
@@ -166,18 +165,18 @@ public class PortalEnroll extends DirBasedAuthentication {
      * @param authCreds The authentication credentials.
      * @return The user's ldap entry dn.
      * @exception EInvalidCredentials If the uid and password are not valid
-     * @exception EBaseException If an internal error occurs. 
+     * @exception EBaseException If an internal error occurs.
      */
-    protected String authenticate(LDAPConnection conn, 
-        IAuthCredentials authCreds,
-        AuthToken token)
-        throws EBaseException {
+    protected String authenticate(LDAPConnection conn,
+            IAuthCredentials authCreds,
+            AuthToken token)
+            throws EBaseException {
         String uid = null;
         String pwd = null;
         String dn = null;
 
         argblk = authCreds.getArgBlock();
-	    
+
         // authenticate by binding to ldap server with password.
         try {
             // get the uid.
@@ -185,7 +184,7 @@ public class PortalEnroll extends DirBasedAuthentication {
             if (uid == null) {
                 throw new EMissingCredential(CMS.getUserMessage("CMS_AUTHENTICATION_NULL_CREDENTIAL", CRED_UID));
             }
-	
+
             // get the password.
             pwd = (String) authCreds.get(CRED_PWD);
             if (pwd == null) {
@@ -206,8 +205,8 @@ public class PortalEnroll extends DirBasedAuthentication {
                 throw new EAuthUserError(CMS.getUserMessage("CMS_AUTHENTICATION_INVALID_ATTRIBUTE_VALUE", "UID already exists."));
             } else {
                 dn = regist(token, uid);
-                if (dn == null) 
-                    throw new EAuthUserError(CMS.getUserMessage("CMS_AUTHENTICATION_INVALID_ATTRIBUTE_VALUE","Could not add user " + uid + "."));
+                if (dn == null)
+                    throw new EAuthUserError(CMS.getUserMessage("CMS_AUTHENTICATION_INVALID_ATTRIBUTE_VALUE", "Could not add user " + uid + "."));
             }
 
             // bind as user dn and pwd - authenticates user with pwd.
@@ -217,22 +216,21 @@ public class PortalEnroll extends DirBasedAuthentication {
             token.set(CRED_UID, uid);
 
             log(ILogger.LL_INFO, "portal authentication is done");
-            
+
             return dn;
         } catch (ELdapException e) {
             log(ILogger.LL_FAILURE, CMS.getLogMessage("LDAP_ERROR", e.toString()));
             throw e;
         } catch (LDAPException e) {
             switch (e.getLDAPResultCode()) {
-            case LDAPException.NO_SUCH_OBJECT: 
-            case LDAPException.LDAP_PARTIAL_RESULTS: 
+            case LDAPException.NO_SUCH_OBJECT:
+            case LDAPException.LDAP_PARTIAL_RESULTS:
                 log(ILogger.LL_SECURITY, CMS.getLogMessage("CMS_AUTH_ADD_USER_ERROR", conn.getHost(), Integer.toString(conn.getPort())));
-                throw new 
-                  EAuthInternalError(CMS.getUserMessage("CMS_AUTHENTICATION_INTERNAL_ERROR", "Check Configuration detail."));
+                throw new EAuthInternalError(CMS.getUserMessage("CMS_AUTHENTICATION_INTERNAL_ERROR", "Check Configuration detail."));
 
             case LDAPException.INVALID_CREDENTIALS:
-                log(ILogger.LL_SECURITY, 
-                    CMS.getLogMessage("CMS_AUTH_BAD_PASSWORD", uid));
+                log(ILogger.LL_SECURITY,
+                        CMS.getLogMessage("CMS_AUTH_BAD_PASSWORD", uid));
                 throw new EInvalidCredentials(CMS.getUserMessage("CMS_AUTHENTICATION_INVALID_CREDENTIAL"));
 
             case LDAPException.SERVER_DOWN:
@@ -240,24 +238,24 @@ public class PortalEnroll extends DirBasedAuthentication {
                 throw new ELdapException(
                         CMS.getUserMessage("CMS_LDAP_SERVER_UNAVAILABLE", conn.getHost(), "" + conn.getPort()));
 
-            default: 
+            default:
                 log(ILogger.LL_FAILURE, CMS.getLogMessage("LDAP_ERROR", e.getMessage()));
                 throw new ELdapException(
-                        CMS.getUserMessage("CMS_LDAP_OTHER_LDAP_EXCEPTION", 
-                            e.errorCodeToString()));
+                        CMS.getUserMessage("CMS_LDAP_OTHER_LDAP_EXCEPTION",
+                                e.errorCodeToString()));
             }
         } catch (EBaseException e) {
             if (e.getMessage().equalsIgnoreCase(CMS.getUserMessage("CMS_BASE_ATTRIBUTE_NOT_FOUND")) == true)
                 log(ILogger.LL_FAILURE, CMS.getLogMessage("CMS_AUTH_MAKE_DN_ERROR", e.toString()));
             throw e;
-        }		    
+        }
     }
 
     /**
-     * Returns a list of configuration parameter names. 
-     * The list is passed to the configuration console so instances of 
-     * this implementation can be configured through the console.
-     *
+     * Returns a list of configuration parameter names. The list is passed to
+     * the configuration console so instances of this implementation can be
+     * configured through the console.
+     * 
      * @return String array of configuration parameter names.
      */
     public String[] getConfigParams() {
@@ -267,43 +265,44 @@ public class PortalEnroll extends DirBasedAuthentication {
     public String[] getExtendedPluginInfo(Locale locale) {
         String[] s = {
                 PROP_DNPATTERN + ";string;Template for cert" +
-                " Subject Name. ($dn.xxx - get value from user's LDAP " +
-                "DN.  $attr.yyy - get value from LDAP attributes in " +
-                "user's entry.) Default: " + DEFAULT_DNPATTERN,
+                        " Subject Name. ($dn.xxx - get value from user's LDAP " +
+                        "DN.  $attr.yyy - get value from LDAP attributes in " +
+                        "user's entry.) Default: " + DEFAULT_DNPATTERN,
                 "ldap.ldapconn.host;string,required;" + "LDAP host to connect to",
                 "ldap.ldapconn.port;number,required;" + "LDAP port number (default 389, or 636 if SSL)",
                 "ldap.objectclass;string,required;SEE DOCUMENTATION for Object Class. "
-                + "Default is inetOrgPerson.",
+                        + "Default is inetOrgPerson.",
                 "ldap.ldapconn.secureConn;boolean;" + "Use SSL to connect to directory?",
                 "ldap.ldapconn.version;choice(3,2);" + "LDAP protocol version",
                 "ldap.ldapauth.bindDN;string,required;DN to bind as for Directory Manager. "
-                + "For example 'CN=Directory Manager'",
+                        + "For example 'CN=Directory Manager'",
                 "ldap.ldapauth.bindPWPrompt;password;Enter password used to bind as " +
-                "the above user",
+                        "the above user",
                 "ldap.ldapauth.authtype;choice(BasicAuth,SslClientAuth);"
-                + "How to bind to the directory (for pin removal only)",
+                        + "How to bind to the directory (for pin removal only)",
                 "ldap.ldapauth.clientCertNickname;string;If you want to use "
-                + "SSL client auth to the directory, set the client "
-                + "cert nickname here",
+                        + "SSL client auth to the directory, set the client "
+                        + "cert nickname here",
                 "ldap.basedn;string,required;Base DN to start searching " +
-                "under. If your user's DN is 'uid=jsmith, o=company', you " +
-                "might want to use 'o=company' here",
+                        "under. If your user's DN is 'uid=jsmith, o=company', you " +
+                        "might want to use 'o=company' here",
                 "ldap.minConns;number;number of connections " +
-                "to keep open to directory server",
+                        "to keep open to directory server",
                 "ldap.maxConns;number;when needed, connection " +
-                "pool can grow to this many connections",
+                        "pool can grow to this many connections",
                 IExtendedPluginInfo.HELP_TEXT +
-                ";This authentication plugin checks to see if a user " +
-                "exists in the directory. If not, then the user is created " +
-                "with the requested password.",
+                        ";This authentication plugin checks to see if a user " +
+                        "exists in the directory. If not, then the user is created " +
+                        "with the requested password.",
                 IExtendedPluginInfo.HELP_TOKEN + ";configuration-authrules-portalauth"
             };
-    
+
         return s;
     }
 
     /**
      * Returns array of required credentials for this authentication manager.
+     * 
      * @return Array of required credentials.
      */
     public String[] getRequiredCreds() {
@@ -312,6 +311,7 @@ public class PortalEnroll extends DirBasedAuthentication {
 
     /**
      * adds a user to the directory.
+     * 
      * @return dn upon success and null upon failure.
      * @param token authentication token
      * @param uid the user's id.
@@ -321,7 +321,7 @@ public class PortalEnroll extends DirBasedAuthentication {
 
         /* Specify the attributes of the entry */
         Vector objectclass_values = null;
-		
+
         LDAPAttributeSet attrs = new LDAPAttributeSet();
         LDAPAttribute attr = new LDAPAttribute("objectclass");
 
@@ -334,8 +334,10 @@ public class PortalEnroll extends DirBasedAuthentication {
 
         try {
 
-            /* Construct a new LDAPSchema object to hold
-             the schema that you want to retrieve. */
+            /*
+             * Construct a new LDAPSchema object to hold the schema that you
+             * want to retrieve.
+             */
             dirSchema = new LDAPSchema();
 
             /* Get the schema from the Directory. Anonymous access okay. */
@@ -369,7 +371,7 @@ public class PortalEnroll extends DirBasedAuthentication {
                 } catch (EBaseException e) {
                     if (e.getMessage().equalsIgnoreCase(CMS.getUserMessage("CMS_BASE_ATTRIBUTE_NOT_FOUND")) == true)
                         continue;
-                }		    
+                }
 
                 CMS.debug("PortalEnroll: " + attrname + " = " + attrval);
                 attrs.add(new LDAPAttribute(attrname, attrval));
@@ -386,17 +388,17 @@ public class PortalEnroll extends DirBasedAuthentication {
             while (attrnames.hasMoreElements()) {
                 String attrname = (String) attrnames.nextElement();
                 String attrval = null;
-				
+
                 CMS.debug("PortalEnroll: attrname is: " + attrname);
                 try {
                     attrval = (String) argblk.getValueAsString(attrname);
                 } catch (EBaseException e) {
                     if (e.getMessage().equalsIgnoreCase(CMS.getUserMessage("CMS_BASE_ATTRIBUTE_NOT_FOUND")) == true)
                         continue;
-                }		    
+                }
                 CMS.debug("PortalEnroll: " + attrname + " = " + attrval);
                 if (attrval != null) {
-                  attrs.add(new LDAPAttribute(attrname, attrval));
+                    attrs.add(new LDAPAttribute(attrname, attrval));
                 }
             }
         }
@@ -417,15 +419,15 @@ public class PortalEnroll extends DirBasedAuthentication {
         }
 
         log(ILogger.LL_INFO, CMS.getLogMessage("CMS_AUTH_REGISTRATION_DONE"));
-        
+
         return dn;
     }
 
     /*
-     *  get the superiors of "inetOrgPerson" so the "required
-     *  attributes", "optional qttributes", and "object classes" are complete;
-     *  should build up
-     *  mRequiredAttrs, mOptionalAttrs, and mObjClasses when returned
+     * get the superiors of "inetOrgPerson" so the "required
+     * attributes", "optional qttributes", and "object classes" are complete;
+     * should build up mRequiredAttrs, mOptionalAttrs, and mObjClasses when
+     * returned
      */
     public void initLdapAttrs(LDAPSchema dirSchema, String oclass) {
         CMS.debug("PortalEnroll: in initLdapAttrsAttrs");
@@ -461,4 +463,3 @@ public class PortalEnroll extends DirBasedAuthentication {
         }
     }
 }
-
diff --git a/pki/base/common/src/com/netscape/cms/authentication/RDNPattern.java b/pki/base/common/src/com/netscape/cms/authentication/RDNPattern.java
index 1f21bc1d..cb028216 100644
--- a/pki/base/common/src/com/netscape/cms/authentication/RDNPattern.java
+++ b/pki/base/common/src/com/netscape/cms/authentication/RDNPattern.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.authentication;
 
-
 import java.io.IOException;
 import java.io.PushbackReader;
 import java.io.StringReader;
@@ -29,24 +28,27 @@ import com.netscape.certsrv.apps.CMS;
 import com.netscape.certsrv.authentication.EAuthException;
 import com.netscape.certsrv.base.EBaseException;
 
-
 /**
- * class for parsing a DN pattern used to construct a certificate 
- * subject name from ldap attributes and dn.<p>
+ * class for parsing a DN pattern used to construct a certificate subject name
+ * from ldap attributes and dn.
+ * <p>
  * 
- * dnpattern is a string representing a subject name pattern to formulate from 
- * the directory attributes and entry dn. If empty or not set, the 
- * ldap entry DN will be used as the certificate subject name. <p>
+ * dnpattern is a string representing a subject name pattern to formulate from
+ * the directory attributes and entry dn. If empty or not set, the ldap entry DN
+ * will be used as the certificate subject name.
+ * <p>
+ * 
+ * The syntax is
  * 
- * The syntax is 
  * <pre>
- *		dnPattern := rdnPattern *[ "," rdnPattern ]
- *		rdnPattern := avaPattern *[ "+" avaPattern ]
+ * 	dnPattern := rdnPattern *[ "," rdnPattern ]
+ * 	rdnPattern := avaPattern *[ "+" avaPattern ]
  * 		avaPattern := name "=" value | 
- *				      name "=" "$attr" "." attrName [ "." attrNumber ] | 
- *				      name "=" "$dn" "." attrName [ "." attrNumber ] | 
- *				 	  "$dn" "." "$rdn" "." number
+ * 			      name "=" "$attr" "." attrName [ "." attrNumber ] | 
+ * 			      name "=" "$dn" "." attrName [ "." attrNumber ] | 
+ * 			 	  "$dn" "." "$rdn" "." number
  * </pre>
+ * 
  * <pre>
  * Example1: <i>E=$attr.mail.1, CN=$attr.cn, OU=$dn.ou.2, O=$dn.o, C=US </i>
  * Ldap entry: dn:  UID=jjames, OU=IS, OU=people, O=acme.org
@@ -73,11 +75,12 @@ import com.netscape.certsrv.base.EBaseException;
  *     E = the first 'mail' ldap attribute value in user's entry. <br>
  *     CN = the (first) 'cn' ldap attribute value in the user's entry. <br>
  *     OU = the second 'ou' value in the user's entry DN. note multiple AVAs
- *		    in a RDN in this example. <br>
+ * 	    in a RDN in this example. <br>
  *     O = the (first) 'o' value in the user's entry DN. <br>
  *     C = the string "US"
  * <p>
  * </pre>
+ * 
  * <pre>
  * Example3: <i>CN=$attr.cn, $rdn.2, O=$dn.o, C=US</i>
  * Ldap entry: dn:  UID=jjames, OU=IS+OU=people, O=acme.org
@@ -102,15 +105,16 @@ import com.netscape.certsrv.base.EBaseException;
  * <p>	
  *     CN = the (first) 'cn' ldap attribute value in the user's entry. <br>
  *     OU = the second 'ou' value in the user's entry DN followed by the 
- *			first 'ou' value in the user's entry. note multiple AVAs
- *		    in a RDN in this example. <br>
+ * 		first 'ou' value in the user's entry. note multiple AVAs
+ * 	    in a RDN in this example. <br>
  *     O = the (first) 'o' value in the user's entry DN. <br>
  *     C = the string "US"
  * <p>
  * </pre>
- * If an attribute or subject DN component does not exist the attribute 
- * is skipped.
- *
+ * 
+ * If an attribute or subject DN component does not exist the attribute is
+ * skipped.
+ * 
  * @version $Revision$, $Date$
  */
 class RDNPattern {
@@ -126,15 +130,16 @@ class RDNPattern {
 
     protected String mTestDN = null;
 
-    /** 
+    /**
      * Construct a DN pattern by parsing a pattern string.
+     * 
      * @param pattenr the DN pattern
-     * @exception EBaseException If parsing error occurs. 
+     * @exception EBaseException If parsing error occurs.
      */
     public RDNPattern(String pattern)
-        throws EAuthException {
+            throws EAuthException {
         if (pattern == null || pattern.equals("")) {
-            // create an attribute list that is the dn. 
+            // create an attribute list that is the dn.
             mLdapAttrs = new String[] { "dn" };
         } else {
             mPatternString = pattern;
@@ -145,16 +150,16 @@ class RDNPattern {
     }
 
     /**
-     * Construct a DN pattern from a input stream of pattern 
+     * Construct a DN pattern from a input stream of pattern
      */
-    public RDNPattern(PushbackReader in) 
-        throws EAuthException {
+    public RDNPattern(PushbackReader in)
+            throws EAuthException {
         parse(in);
     }
 
     private void parse(PushbackReader in)
-        throws EAuthException {
-        //System.out.println("_________ begin rdn _________");
+            throws EAuthException {
+        // System.out.println("_________ begin rdn _________");
         Vector avaPatterns = new Vector();
         AVAPattern avaPattern = null;
         int lastChar;
@@ -162,22 +167,21 @@ class RDNPattern {
         do {
             avaPattern = new AVAPattern(in);
             avaPatterns.addElement(avaPattern);
-            //System.out.println("added AVAPattern"+
-            //" mType "+avaPattern.mType+
-            //" mAttr "+avaPattern.mAttr+
-            //" mValue "+avaPattern.mValue+
-            //" mElement "+avaPattern.mElement);
-            try { 
-                lastChar = in.read(); 
+            // System.out.println("added AVAPattern"+
+            // " mType "+avaPattern.mType+
+            // " mAttr "+avaPattern.mAttr+
+            // " mValue "+avaPattern.mValue+
+            // " mElement "+avaPattern.mElement);
+            try {
+                lastChar = in.read();
             } catch (IOException e) {
                 throw new EAuthException(CMS.getUserMessage("CMS_AUTHENTICATION_INTERNAL_ERROR", e.toString()));
             }
-        }
-        while (lastChar == '+');
+        } while (lastChar == '+');
 
         if (lastChar != -1) {
             try {
-                in.unread(lastChar);	// pushback last , 
+                in.unread(lastChar); // pushback last ,
             } catch (IOException e) {
                 throw new EAuthException(CMS.getUserMessage("CMS_AUTHENTICATION_INTERNAL_ERROR", e.toString()));
             }
@@ -191,7 +195,7 @@ class RDNPattern {
         for (int i = 0; i < mAVAPatterns.length; i++) {
             String avaAttr = mAVAPatterns[i].getLdapAttr();
 
-            if (avaAttr == null || avaAttr.length() == 0) 
+            if (avaAttr == null || avaAttr.length() == 0)
                 continue;
             ldapAttrs.addElement(avaAttr);
         }
@@ -201,15 +205,16 @@ class RDNPattern {
 
     /**
      * Form a Ldap v3 DN string from results of a ldap search.
+     * 
      * @param entry LDAPentry from a ldap search
-     * @return Ldap v3 DN string to use for a subject name. 
+     * @return Ldap v3 DN string to use for a subject name.
      */
     public String formRDN(LDAPEntry entry)
-        throws EAuthException {
+            throws EAuthException {
         StringBuffer formedRDN = new StringBuffer();
 
         for (int i = 0; i < mAVAPatterns.length; i++) {
-            if (mTestDN != null) 
+            if (mTestDN != null)
                 mAVAPatterns[i].mTestDN = mTestDN;
             String ava = mAVAPatterns[i].formAVA(entry);
 
@@ -219,7 +224,7 @@ class RDNPattern {
                 formedRDN.append(ava);
             }
         }
-        //System.out.println("formed RDN "+formedRDN.toString());
+        // System.out.println("formed RDN "+formedRDN.toString());
         return formedRDN.toString();
     }
 
diff --git a/pki/base/common/src/com/netscape/cms/authentication/SSLclientCertAuthentication.java b/pki/base/common/src/com/netscape/cms/authentication/SSLclientCertAuthentication.java
index e73a112c..50bdeab0 100644
--- a/pki/base/common/src/com/netscape/cms/authentication/SSLclientCertAuthentication.java
+++ b/pki/base/common/src/com/netscape/cms/authentication/SSLclientCertAuthentication.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.authentication;
 
-
 import java.security.Principal;
 import java.security.cert.CertificateException;
 import java.security.cert.X509Certificate;
@@ -47,15 +46,14 @@ import com.netscape.certsrv.property.IDescriptor;
 import com.netscape.certsrv.request.IRequest;
 import com.netscape.certsrv.usrgrp.Certificates;
 
-
 /**
- * Certificate server SSL client authentication.  
- *
+ * Certificate server SSL client authentication.
+ * 
  * @author Christina Fu
- * <P>
- *
+ *         <P>
+ * 
  */
-public class SSLclientCertAuthentication implements IAuthManager, 
+public class SSLclientCertAuthentication implements IAuthManager,
         IProfileAuthenticator {
 
     /* result auth token attributes */
@@ -86,19 +84,20 @@ public class SSLclientCertAuthentication implements IAuthManager,
     /**
      * initializes the SSLClientCertAuthentication auth manager
      * <p>
-     * called by AuthSubsystem init() method, when initializing
-     * all available authentication managers.
+     * called by AuthSubsystem init() method, when initializing all available
+     * authentication managers.
+     * 
      * @param name The name of this authentication manager instance.
      * @param implName The name of the authentication manager plugin.
      * @param config The configuration store for this authentication manager.
      */
     public void init(String name, String implName, IConfigStore config)
-        throws EBaseException {
+            throws EBaseException {
         mName = name;
         mImplName = implName;
         mConfig = config;
     }
- 
+
     /**
      * Gets the name of this authentication manager.
      */
@@ -112,7 +111,7 @@ public class SSLclientCertAuthentication implements IAuthManager,
     public String getImplName() {
         return mImplName;
     }
- 
+
     public boolean isSSLClientRequired() {
         return true;
     }
@@ -120,29 +119,29 @@ public class SSLclientCertAuthentication implements IAuthManager,
     /**
      * authenticates user by certificate
      * <p>
-     * called by other subsystems or their servlets to authenticate
-     *	 users
-     * @param authCred - authentication credential that contains
-     *	 an usrgrp.Certificates of the user (agent)
+     * called by other subsystems or their servlets to authenticate users
+     * 
+     * @param authCred - authentication credential that contains an
+     *            usrgrp.Certificates of the user (agent)
      * @return the authentication token that contains the following
-     *
+     * 
      * @exception EMissingCredential If a required credential for this
-     * authentication manager is missing.
+     *                authentication manager is missing.
      * @exception EInvalidCredentials If credentials cannot be authenticated.
      * @exception EBaseException If an internal error occurred.
      * @see com.netscape.certsrv.authentication.AuthToken
      * @see com.netscape.certsrv.usrgrp.Certificates
      */
     public IAuthToken authenticate(IAuthCredentials authCred)
-        throws EMissingCredential, EInvalidCredentials, EBaseException {
-      
+            throws EMissingCredential, EInvalidCredentials, EBaseException {
+
         CMS.debug("SSLclientCertAuthentication: start");
-        CMS.debug("authenticator instance name is "+getName());
+        CMS.debug("authenticator instance name is " + getName());
 
         // force SSL handshake
         SessionContext context = SessionContext.getExistingContext();
         ISSLClientCertProvider provider = (ISSLClientCertProvider)
-            context.get("sslClientCertProvider");
+                context.get("sslClientCertProvider");
 
         if (provider == null) {
             CMS.debug("SSLclientCertAuthentication: No SSL Client Cert Provider Found");
@@ -173,7 +172,7 @@ public class SSLclientCertAuthentication implements IAuthManager,
                 // find out which one is the leaf cert
                 clientCert = ci[i];
 
-                byte [] extBytes = clientCert.getExtensionValue("2.5.29.19");
+                byte[] extBytes = clientCert.getExtensionValue("2.5.29.19");
                 // try to see if this is a leaf cert
                 // look for BasicConstraint extension
                 if (extBytes == null) {
@@ -186,24 +185,24 @@ public class SSLclientCertAuthentication implements IAuthManager,
                     // so it's not likely to be a leaf cert,
                     // however, check the isCA field regardless
                     try {
-                      BasicConstraintsExtension bce =
-                        new BasicConstraintsExtension(true, extBytes);
-                      if (bce != null) {
-                          if (!(Boolean)bce.get("is_ca")) {
-                            CMS.debug("SSLclientCertAuthentication: authenticate: found CA cert in chain");
-                            break;
-                          } // else found a ca cert, continue
-                      }
-                   } catch (Exception e) {
-                     CMS.debug("SSLclientCertAuthentication: authenticate: exception:"+
+                        BasicConstraintsExtension bce =
+                                new BasicConstraintsExtension(true, extBytes);
+                        if (bce != null) {
+                            if (!(Boolean) bce.get("is_ca")) {
+                                CMS.debug("SSLclientCertAuthentication: authenticate: found CA cert in chain");
+                                break;
+                            } // else found a ca cert, continue
+                        }
+                    } catch (Exception e) {
+                        CMS.debug("SSLclientCertAuthentication: authenticate: exception:" +
                                  e.toString());
-                     throw new EInvalidCredentials(CMS.getUserMessage("CMS_AUTHENTICATION_INVALID_CREDENTIAL"));
-                   }
-               }
+                        throw new EInvalidCredentials(CMS.getUserMessage("CMS_AUTHENTICATION_INVALID_CREDENTIAL"));
+                    }
+                }
             }
             if (clientCert == null) {
-              CMS.debug("SSLclientCertAuthentication: authenticate: client cert not found");
-              throw new EInvalidCredentials(CMS.getUserMessage("CMS_AUTHENTICATION_INVALID_CREDENTIAL"));
+                CMS.debug("SSLclientCertAuthentication: authenticate: client cert not found");
+                throw new EInvalidCredentials(CMS.getUserMessage("CMS_AUTHENTICATION_INVALID_CREDENTIAL"));
             }
         } catch (CertificateException e) {
             CMS.debug(e.toString());
@@ -213,15 +212,15 @@ public class SSLclientCertAuthentication implements IAuthManager,
         // check if certificate(s) is revoked
         boolean checkRevocation = true;
         try {
-           checkRevocation = mConfig.getBoolean("checkRevocation", true);
+            checkRevocation = mConfig.getBoolean("checkRevocation", true);
         } catch (EBaseException e) {
-           // do nothing; default to true
+            // do nothing; default to true
         }
         if (checkRevocation) {
-          if (CMS.isRevoked(ci)) {
-             CMS.debug("SSLclientCertAuthentication: certificate revoked");
-             throw new EInvalidCredentials(CMS.getUserMessage("CMS_AUTHENTICATION_INVALID_CREDENTIAL"));
-          }
+            if (CMS.isRevoked(ci)) {
+                CMS.debug("SSLclientCertAuthentication: certificate revoked");
+                throw new EInvalidCredentials(CMS.getUserMessage("CMS_AUTHENTICATION_INVALID_CREDENTIAL"));
+            }
         }
         Certificates certs = new Certificates(ci);
         Principal p_dn = clientCert.getSubjectDN();
@@ -232,13 +231,13 @@ public class SSLclientCertAuthentication implements IAuthManager,
             authToken.set(TOKEN_UID, uid);
             authToken.set(TOKEN_USERID, uid);
         }
-/*
-        authToken.set(TOKEN_USER_DN, user.getUserDN());
-        authToken.set(TOKEN_USERID, user.getUserID());
-        authToken.set(TOKEN_UID, user.getUserID());
-        authToken.set(TOKEN_GROUP, groupname);
-*/
-        authToken.set(CRED_CERT, certs);  
+        /*
+         * authToken.set(TOKEN_USER_DN, user.getUserDN());
+         * authToken.set(TOKEN_USERID, user.getUserID());
+         * authToken.set(TOKEN_UID, user.getUserID());
+         * authToken.set(TOKEN_GROUP, groupname);
+         */
+        authToken.set(CRED_CERT, certs);
 
         CMS.debug("SSLclientCertAuthentication: authenticated ");
 
@@ -257,7 +256,7 @@ public class SSLclientCertAuthentication implements IAuthManager,
             String n = t.substring(0, i);
             if (n.equalsIgnoreCase("uid")) {
                 String v = t.substring(i + 1);
-                CMS.debug("SSLclientCertAuthentication: getUidFromDN(): uid found:"+v);
+                CMS.debug("SSLclientCertAuthentication: getUidFromDN(): uid found:" + v);
                 return v;
             } else {
                 continue;
@@ -267,11 +266,12 @@ public class SSLclientCertAuthentication implements IAuthManager,
     }
 
     /**
-     * get the list of authentication credential attribute names
-     *	 required by this authentication manager. Generally used by
-     *	 the servlets that handle agent operations to authenticate its
-     *	 users.  It calls this method to know which are the
-     *	 required credentials from the user (e.g. Javascript form data)
+     * get the list of authentication credential attribute names required by
+     * this authentication manager. Generally used by the servlets that handle
+     * agent operations to authenticate its users. It calls this method to know
+     * which are the required credentials from the user (e.g. Javascript form
+     * data)
+     * 
      * @return attribute names in Vector
      */
     public String[] getRequiredCreds() {
@@ -279,15 +279,15 @@ public class SSLclientCertAuthentication implements IAuthManager,
     }
 
     /**
-     * get the list of configuration parameter names
-     *	 required by this authentication manager.  Generally used by
-     *	 the Certificate Server Console to display the table for
-     *	 configuration purposes.  CertUserDBAuthentication is currently not
-     *	 exposed in this case, so this method is not to be used.
-     * @return configuration parameter names in Hashtable of Vectors
-     *	 where each hashtable entry's key is the substore name, value is a
-     * Vector of parameter names.  If no substore, the parameter name
-     *	 is the Hashtable key itself, with value same as key.
+     * get the list of configuration parameter names required by this
+     * authentication manager. Generally used by the Certificate Server Console
+     * to display the table for configuration purposes. CertUserDBAuthentication
+     * is currently not exposed in this case, so this method is not to be used.
+     * 
+     * @return configuration parameter names in Hashtable of Vectors where each
+     *         hashtable entry's key is the substore name, value is a Vector of
+     *         parameter names. If no substore, the parameter name is the
+     *         Hashtable key itself, with value same as key.
      */
     public String[] getConfigParams() {
         return (mConfigParams);
@@ -300,8 +300,8 @@ public class SSLclientCertAuthentication implements IAuthManager,
     }
 
     /**
-     * gets the configuretion substore used by this authentication
-     *  manager
+     * gets the configuretion substore used by this authentication manager
+     * 
      * @return configuration store
      */
     public IConfigStore getConfigStore() {
@@ -311,7 +311,7 @@ public class SSLclientCertAuthentication implements IAuthManager,
     // Profile-related methods
 
     public void init(IProfile profile, IConfigStore config)
-        throws EProfileException {
+            throws EProfileException {
     }
 
     /**
@@ -340,15 +340,14 @@ public class SSLclientCertAuthentication implements IAuthManager,
     }
 
     /**
-     * Retrieves the descriptor of the given value
-     * parameter by name.
+     * Retrieves the descriptor of the given value parameter by name.
      */
     public IDescriptor getValueDescriptor(Locale locale, String name) {
         return null;
     }
 
     public void populate(IAuthToken token, IRequest request)
-        throws EProfileException {
+            throws EProfileException {
         request.setExtData(IProfileAuthenticator.AUTHENTICATED_NAME,
                 token.getInString(TOKEN_USERDN));
         request.setExtData(IProfileAuthenticator.AUTHENTICATED_NAME,
diff --git a/pki/base/common/src/com/netscape/cms/authentication/SharedSecret.java b/pki/base/common/src/com/netscape/cms/authentication/SharedSecret.java
index 8b0a7b9b..7a0784c5 100644
--- a/pki/base/common/src/com/netscape/cms/authentication/SharedSecret.java
+++ b/pki/base/common/src/com/netscape/cms/authentication/SharedSecret.java
@@ -26,7 +26,7 @@ import com.netscape.certsrv.authentication.ISharedToken;
 public class SharedSecret implements ISharedToken {
 
     public SharedSecret() {
-    } 
+    }
 
     public String getSharedToken(PKIData cmcdata) {
         return "testing";
diff --git a/pki/base/common/src/com/netscape/cms/authentication/TokenAuthentication.java b/pki/base/common/src/com/netscape/cms/authentication/TokenAuthentication.java
index bb393767..001415be 100644
--- a/pki/base/common/src/com/netscape/cms/authentication/TokenAuthentication.java
+++ b/pki/base/common/src/com/netscape/cms/authentication/TokenAuthentication.java
@@ -46,13 +46,12 @@ import com.netscape.cmsutil.http.JssSSLSocketFactory;
 import com.netscape.cmsutil.xml.XMLObject;
 
 /**
- * Token authentication.  
- * Checked if the given token is valid.
+ * Token authentication. Checked if the given token is valid.
  * <P>
- *
+ * 
  * @version $Revision$, $Date$
  */
-public class TokenAuthentication implements IAuthManager, 
+public class TokenAuthentication implements IAuthManager,
         IProfileAuthenticator {
 
     /* result auth token attributes */
@@ -79,21 +78,22 @@ public class TokenAuthentication implements IAuthManager,
     /**
      * initializes the TokenAuthentication auth manager
      * <p>
-     * called by AuthSubsystem init() method, when initializing
-     * all available authentication managers.
+     * called by AuthSubsystem init() method, when initializing all available
+     * authentication managers.
+     * 
      * @param name The name of this authentication manager instance.
      * @param implName The name of the authentication manager plugin.
      * @param config The configuration store for this authentication manager.
      */
     public void init(String name, String implName, IConfigStore config)
-        throws EBaseException {
+            throws EBaseException {
         mName = name;
         mImplName = implName;
         mConfig = config;
 
         mUGSub = (IUGSubsystem) CMS.getSubsystem(CMS.SUBSYSTEM_UG);
     }
- 
+
     /**
      * Gets the name of this authentication manager.
      */
@@ -107,7 +107,7 @@ public class TokenAuthentication implements IAuthManager,
     public String getImplName() {
         return mImplName;
     }
- 
+
     public boolean isSSLClientRequired() {
         return false;
     }
@@ -115,21 +115,22 @@ public class TokenAuthentication implements IAuthManager,
     /**
      * authenticates user(agent) by certificate
      * <p>
-     * called by other subsystems or their servlets to authenticate
-     *	 users (agents)
-     * @param authCred - authentication credential that contains
-     *	 an usrgrp.Certificates of the user (agent)
+     * called by other subsystems or their servlets to authenticate users
+     * (agents)
+     * 
+     * @param authCred - authentication credential that contains an
+     *            usrgrp.Certificates of the user (agent)
      * @return the authentication token that contains the following
-     * @exception EMissingCredential If a required credential for this 
-     * authentication manager is missing.
+     * @exception EMissingCredential If a required credential for this
+     *                authentication manager is missing.
      * @exception EInvalidCredentials If credentials cannot be authenticated.
      * @exception EBaseException If an internal error occurred.
      * @see com.netscape.certsrv.authentication.AuthToken
      * @see com.netscape.certsrv.usrgrp.Certificates
      */
     public IAuthToken authenticate(IAuthCredentials authCred)
-        throws EMissingCredential, EInvalidCredentials, EBaseException {
-      
+            throws EMissingCredential, EInvalidCredentials, EBaseException {
+
         CMS.debug("TokenAuthentication: start");
 
         // force SSL handshake
@@ -141,8 +142,8 @@ public class TokenAuthentication implements IAuthManager,
         // get group name from configuration file
         IConfigStore sconfig = CMS.getConfigStore();
 
-        String sessionId = (String)authCred.get(CRED_SESSION_ID);
-        String givenHost = (String)authCred.get("clientHost");
+        String sessionId = (String) authCred.get(CRED_SESSION_ID);
+        String givenHost = (String) authCred.get("clientHost");
         String auth_host = sconfig.getString("securitydomain.host");
         int auth_port = sconfig.getInteger("securitydomain.httpseeport");
 
@@ -151,7 +152,7 @@ public class TokenAuthentication implements IAuthManager,
         try {
             JssSSLSocketFactory factory = new JssSSLSocketFactory();
             httpclient = new HttpClient(factory);
-            String content = CRED_SESSION_ID+"="+sessionId+"&hostname="+givenHost;
+            String content = CRED_SESSION_ID + "=" + sessionId + "&hostname=" + givenHost;
             CMS.debug("TokenAuthentication: content=" + content);
             httpclient.connect(auth_host, auth_port);
             HttpRequest httprequest = new HttpRequest();
@@ -165,8 +166,8 @@ public class TokenAuthentication implements IAuthManager,
             HttpResponse httpresponse = httpclient.send(httprequest);
 
             c = httpresponse.getContent();
-        } catch (Exception e) { 
-            CMS.debug("TokenAuthentication authenticate Exception="+e.toString());
+        } catch (Exception e) {
+            CMS.debug("TokenAuthentication authenticate Exception=" + e.toString());
         }
 
         if (c != null) {
@@ -177,9 +178,9 @@ public class TokenAuthentication implements IAuthManager,
                 try {
                     parser = new XMLObject(bis);
                 } catch (Exception e) {
-                    CMS.debug( "TokenAuthentication::authenticate() - "
-                             + "Exception="+e.toString() );
-                    throw new EBaseException( e.toString() );
+                    CMS.debug("TokenAuthentication::authenticate() - "
+                             + "Exception=" + e.toString());
+                    throw new EBaseException(e.toString());
                 }
                 String status = parser.getValue("Status");
 
@@ -195,13 +196,13 @@ public class TokenAuthentication implements IAuthManager,
                 authToken.set(TOKEN_UID, uid);
                 authToken.set(TOKEN_GID, gid);
 
-                if(context != null)  {
+                if (context != null) {
                     CMS.debug("SessionContext.USER_ID " + uid + " SessionContext.GROUP_ID " + gid);
-                    context.put(SessionContext.USER_ID,  uid );
-                    context.put(SessionContext.GROUP_ID, gid );
+                    context.put(SessionContext.USER_ID, uid);
+                    context.put(SessionContext.GROUP_ID, gid);
                 }
 
-                CMS.debug("TokenAuthentication: authenticated uid="+uid+", gid="+gid);
+                CMS.debug("TokenAuthentication: authenticated uid=" + uid + ", gid=" + gid);
             } catch (EBaseException e) {
                 throw e;
             } catch (Exception e) {
@@ -212,11 +213,12 @@ public class TokenAuthentication implements IAuthManager,
     }
 
     /**
-     * get the list of authentication credential attribute names
-     *	 required by this authentication manager. Generally used by
-     *	 the servlets that handle agent operations to authenticate its
-     *	 users.  It calls this method to know which are the
-     *	 required credentials from the user (e.g. Javascript form data)
+     * get the list of authentication credential attribute names required by
+     * this authentication manager. Generally used by the servlets that handle
+     * agent operations to authenticate its users. It calls this method to know
+     * which are the required credentials from the user (e.g. Javascript form
+     * data)
+     * 
      * @return attribute names in Vector
      */
     public String[] getRequiredCreds() {
@@ -224,15 +226,15 @@ public class TokenAuthentication implements IAuthManager,
     }
 
     /**
-     * get the list of configuration parameter names
-     *	 required by this authentication manager.  Generally used by
-     *	 the Certificate Server Console to display the table for
-     *	 configuration purposes.  CertUserDBAuthentication is currently not
-     *	 exposed in this case, so this method is not to be used.
-     * @return configuration parameter names in Hashtable of Vectors
-     *	 where each hashtable entry's key is the substore name, value is a
-     * Vector of parameter names.  If no substore, the parameter name
-     *	 is the Hashtable key itself, with value same as key.
+     * get the list of configuration parameter names required by this
+     * authentication manager. Generally used by the Certificate Server Console
+     * to display the table for configuration purposes. CertUserDBAuthentication
+     * is currently not exposed in this case, so this method is not to be used.
+     * 
+     * @return configuration parameter names in Hashtable of Vectors where each
+     *         hashtable entry's key is the substore name, value is a Vector of
+     *         parameter names. If no substore, the parameter name is the
+     *         Hashtable key itself, with value same as key.
      */
     public String[] getConfigParams() {
         return (mConfigParams);
@@ -245,8 +247,8 @@ public class TokenAuthentication implements IAuthManager,
     }
 
     /**
-     * gets the configuretion substore used by this authentication
-     *  manager
+     * gets the configuretion substore used by this authentication manager
+     * 
      * @return configuration store
      */
     public IConfigStore getConfigStore() {
@@ -256,7 +258,7 @@ public class TokenAuthentication implements IAuthManager,
     // Profile-related methods
 
     public void init(IProfile profile, IConfigStore config)
-        throws EProfileException {
+            throws EProfileException {
     }
 
     /**
@@ -288,14 +290,13 @@ public class TokenAuthentication implements IAuthManager,
     }
 
     /**
-     * Retrieves the descriptor of the given value
-     * parameter by name.
+     * Retrieves the descriptor of the given value parameter by name.
      */
     public IDescriptor getValueDescriptor(Locale locale, String name) {
         return null;
     }
 
     public void populate(IAuthToken token, IRequest request)
-        throws EProfileException {
+            throws EProfileException {
     }
 }
diff --git a/pki/base/common/src/com/netscape/cms/authentication/UdnPwdDirAuthentication.java b/pki/base/common/src/com/netscape/cms/authentication/UdnPwdDirAuthentication.java
index 565bca1a..3a20a994 100644
--- a/pki/base/common/src/com/netscape/cms/authentication/UdnPwdDirAuthentication.java
+++ b/pki/base/common/src/com/netscape/cms/authentication/UdnPwdDirAuthentication.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.authentication;
 
-
 // ldap java sdk
 import netscape.ldap.LDAPConnection;
 import netscape.ldap.LDAPException;
@@ -33,11 +32,10 @@ import com.netscape.certsrv.base.IExtendedPluginInfo;
 import com.netscape.certsrv.ldap.ELdapException;
 import com.netscape.certsrv.logging.ILogger;
 
-
 /**
  * udn/pwd directory based authentication manager
  * <P>
- *
+ * 
  * @version $Revision$, $Date$
  */
 public class UdnPwdDirAuthentication extends DirBasedAuthentication {
@@ -47,30 +45,30 @@ public class UdnPwdDirAuthentication extends DirBasedAuthentication {
     public static final String CRED_PWD = "pwd";
     protected static String[] mRequiredCreds = { CRED_UDN, CRED_PWD };
 
-    /* Holds configuration parameters accepted by this implementation.
-     * This list is passed to the configuration console so configuration
-     * for instances of this implementation can be configured through the
-     * console.
+    /*
+     * Holds configuration parameters accepted by this implementation. This list
+     * is passed to the configuration console so configuration for instances of
+     * this implementation can be configured through the console.
      */
-    protected static String[] mConfigParams = 
-        new String[] {	PROP_DNPATTERN,
-            PROP_LDAPSTRINGATTRS,
-            PROP_LDAPBYTEATTRS,
-            "ldap.ldapconn.host",
-            "ldap.ldapconn.port",
-            "ldap.ldapconn.secureConn",
-            "ldap.ldapconn.version",
-            "ldap.minConns", 
-            "ldap.maxConns",
+    protected static String[] mConfigParams =
+            new String[] { PROP_DNPATTERN,
+                    PROP_LDAPSTRINGATTRS,
+                    PROP_LDAPBYTEATTRS,
+                    "ldap.ldapconn.host",
+                    "ldap.ldapconn.port",
+                    "ldap.ldapconn.secureConn",
+                    "ldap.ldapconn.version",
+                    "ldap.minConns",
+                    "ldap.maxConns",
         };
 
     static {
         mExtendedPluginInfo.add(IExtendedPluginInfo.HELP_TEXT +
-            ";Authenticate the user distinguished name and password provided " +
-            "by the user against an LDAP directory. Works with the " +
-            "Dir Based Enrollment HTML form");
+                ";Authenticate the user distinguished name and password provided " +
+                "by the user against an LDAP directory. Works with the " +
+                "Dir Based Enrollment HTML form");
         mExtendedPluginInfo.add(IExtendedPluginInfo.HELP_TOKEN +
-            ";configuration-authentication");
+                ";configuration-authentication");
     };
 
     /**
@@ -83,13 +81,14 @@ public class UdnPwdDirAuthentication extends DirBasedAuthentication {
     /**
      * Initializes the UdnPwdDirAuthentication auth manager.
      * <p>
+     * 
      * @param name - The name for this authentication manager instance.
      * @param implName - The name of the authentication manager plugin.
      * @param config - The configuration store for this instance.
      * @exception EBaseException If an error occurs during initialization.
      */
     public void init(String name, String implName, IConfigStore config)
-        throws EBaseException {
+            throws EBaseException {
         super.init(name, implName, config, false);
     }
 
@@ -99,12 +98,12 @@ public class UdnPwdDirAuthentication extends DirBasedAuthentication {
      * @param authCreds The authentication credentials.
      * @return The user's ldap entry dn.
      * @exception EInvalidCredentials If the udn and password are not valid
-     * @exception EBaseException If an internal error occurs. 
+     * @exception EBaseException If an internal error occurs.
      */
-    protected String authenticate(LDAPConnection conn, 
-        IAuthCredentials authCreds,
-        AuthToken token)
-        throws EBaseException {
+    protected String authenticate(LDAPConnection conn,
+            IAuthCredentials authCreds,
+            AuthToken token)
+            throws EBaseException {
         String userdn = null;
 
         // authenticate by binding to ldap server with password.
@@ -114,7 +113,7 @@ public class UdnPwdDirAuthentication extends DirBasedAuthentication {
             if (userdn == null) {
                 throw new EMissingCredential(CMS.getUserMessage("CMS_AUTHENTICATION_NULL_CREDENTIAL", CRED_UDN));
             }
-	
+
             // get the password.
             String pwd = (String) authCreds.get(CRED_PWD);
 
@@ -123,8 +122,8 @@ public class UdnPwdDirAuthentication extends DirBasedAuthentication {
             }
             if (pwd.equals("")) {
                 // anonymous binding not allowed
-                log(ILogger.LL_FAILURE, 
-                    "user " + userdn + " attempted login with empty password.");
+                log(ILogger.LL_FAILURE,
+                        "user " + userdn + " attempted login with empty password.");
                 throw new EInvalidCredentials(CMS.getUserMessage("CMS_AUTHENTICATION_INVALID_CREDENTIAL"));
             }
 
@@ -135,21 +134,21 @@ public class UdnPwdDirAuthentication extends DirBasedAuthentication {
 
             return userdn;
         } catch (ELdapException e) {
-            log(ILogger.LL_FAILURE, 
-                "Couldn't get ldap connection. Error: " + e.toString());
+            log(ILogger.LL_FAILURE,
+                    "Couldn't get ldap connection. Error: " + e.toString());
             throw e;
         } catch (LDAPException e) {
             switch (e.getLDAPResultCode()) {
-            case LDAPException.NO_SUCH_OBJECT: 
-            case LDAPException.LDAP_PARTIAL_RESULTS: 
-                log(ILogger.LL_SECURITY, 
-                    "user " + userdn + " does not exist in ldap server host " +
-                    conn.getHost() + ", port " + conn.getPort() + ".");
+            case LDAPException.NO_SUCH_OBJECT:
+            case LDAPException.LDAP_PARTIAL_RESULTS:
+                log(ILogger.LL_SECURITY,
+                        "user " + userdn + " does not exist in ldap server host " +
+                                conn.getHost() + ", port " + conn.getPort() + ".");
                 throw new EInvalidCredentials(CMS.getUserMessage("CMS_AUTHENTICATION_INVALID_CREDENTIAL"));
 
             case LDAPException.INVALID_CREDENTIALS:
-                log(ILogger.LL_SECURITY, 
-                    "authenticate user " + userdn + " with bad password.");
+                log(ILogger.LL_SECURITY,
+                        "authenticate user " + userdn + " with bad password.");
                 throw new EInvalidCredentials(CMS.getUserMessage("CMS_AUTHENTICATION_INVALID_CREDENTIAL"));
 
             case LDAPException.SERVER_DOWN:
@@ -157,21 +156,21 @@ public class UdnPwdDirAuthentication extends DirBasedAuthentication {
                 throw new ELdapException(
                         CMS.getUserMessage("CMS_LDAP_SERVER_UNAVAILABLE", conn.getHost(), "" + conn.getPort()));
 
-            default: 
-                log(ILogger.LL_FAILURE, 
-                    "Ldap error encountered. " + e.getMessage());
+            default:
+                log(ILogger.LL_FAILURE,
+                        "Ldap error encountered. " + e.getMessage());
                 throw new ELdapException(
-                        CMS.getUserMessage("CMS_LDAP_OTHER_LDAP_EXCEPTION", 
-                            e.errorCodeToString()));
+                        CMS.getUserMessage("CMS_LDAP_OTHER_LDAP_EXCEPTION",
+                                e.errorCodeToString()));
             }
-        } 
+        }
     }
 
     /**
-     * Returns a list of configuration parameter names. 
-     * The list is passed to the configuration console so instances of 
-     * this implementation can be configured through the console.
-     *
+     * Returns a list of configuration parameter names. The list is passed to
+     * the configuration console so instances of this implementation can be
+     * configured through the console.
+     * 
      * @return String array of configuration parameter names.
      */
     public String[] getConfigParams() {
@@ -180,6 +179,7 @@ public class UdnPwdDirAuthentication extends DirBasedAuthentication {
 
     /**
      * Returns array of required credentials for this authentication manager.
+     * 
      * @return Array of required credentials.
      */
     public String[] getRequiredCreds() {
@@ -187,4 +187,3 @@ public class UdnPwdDirAuthentication extends DirBasedAuthentication {
     }
 
 }
-
diff --git a/pki/base/common/src/com/netscape/cms/authentication/UidPwdDirAuthentication.java b/pki/base/common/src/com/netscape/cms/authentication/UidPwdDirAuthentication.java
index e97fee8b..61333345 100644
--- a/pki/base/common/src/com/netscape/cms/authentication/UidPwdDirAuthentication.java
+++ b/pki/base/common/src/com/netscape/cms/authentication/UidPwdDirAuthentication.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.authentication;
 
-
 // ldap java sdk
 import java.util.Enumeration;
 import java.util.Locale;
@@ -47,46 +46,45 @@ import com.netscape.certsrv.property.Descriptor;
 import com.netscape.certsrv.property.IDescriptor;
 import com.netscape.certsrv.request.IRequest;
 
-
 /**
  * uid/pwd directory based authentication manager
  * <P>
- *
+ * 
  * @version $Revision$, $Date$
  */
-public class UidPwdDirAuthentication extends DirBasedAuthentication 
-    implements IProfileAuthenticator {
+public class UidPwdDirAuthentication extends DirBasedAuthentication
+        implements IProfileAuthenticator {
 
     /* required credentials to authenticate. uid and pwd are strings. */
     public static final String CRED_UID = "uid";
     public static final String CRED_PWD = "pwd";
     protected static String[] mRequiredCreds = { CRED_UID, CRED_PWD };
 
-    /* Holds configuration parameters accepted by this implementation.
-     * This list is passed to the configuration console so configuration
-     * for instances of this implementation can be configured through the
-     * console.
+    /*
+     * Holds configuration parameters accepted by this implementation. This list
+     * is passed to the configuration console so configuration for instances of
+     * this implementation can be configured through the console.
      */
-    protected static String[] mConfigParams = 
-        new String[] {	PROP_DNPATTERN,
-            PROP_LDAPSTRINGATTRS,
-            PROP_LDAPBYTEATTRS,
-            "ldap.ldapconn.host",
-            "ldap.ldapconn.port",
-            "ldap.ldapconn.secureConn",
-            "ldap.ldapconn.version",
-            "ldap.basedn",
-            "ldap.minConns", 
-            "ldap.maxConns",
+    protected static String[] mConfigParams =
+            new String[] { PROP_DNPATTERN,
+                    PROP_LDAPSTRINGATTRS,
+                    PROP_LDAPBYTEATTRS,
+                    "ldap.ldapconn.host",
+                    "ldap.ldapconn.port",
+                    "ldap.ldapconn.secureConn",
+                    "ldap.ldapconn.version",
+                    "ldap.basedn",
+                    "ldap.minConns",
+                    "ldap.maxConns",
         };
 
     static {
         mExtendedPluginInfo.add(IExtendedPluginInfo.HELP_TEXT +
-            ";Authenticate the username and password provided " +
-            "by the user against an LDAP directory. Works with the " +
-            "Dir Based Enrollment HTML form");
+                ";Authenticate the username and password provided " +
+                "by the user against an LDAP directory. Works with the " +
+                "Dir Based Enrollment HTML form");
         mExtendedPluginInfo.add(IExtendedPluginInfo.HELP_TOKEN +
-            ";configuration-authrules-uidpwddirauth");
+                ";configuration-authrules-uidpwddirauth");
     };
 
     /**
@@ -102,12 +100,12 @@ public class UidPwdDirAuthentication extends DirBasedAuthentication
      * @param authCreds The authentication credentials.
      * @return The user's ldap entry dn.
      * @exception EInvalidCredentials If the uid and password are not valid
-     * @exception EBaseException If an internal error occurs. 
+     * @exception EBaseException If an internal error occurs.
      */
-    protected String authenticate(LDAPConnection conn, 
-        IAuthCredentials authCreds,
-        AuthToken token)
-        throws EBaseException {
+    protected String authenticate(LDAPConnection conn,
+            IAuthCredentials authCreds,
+            AuthToken token)
+            throws EBaseException {
         String userdn = null;
         String uid = null;
 
@@ -119,12 +117,12 @@ public class UidPwdDirAuthentication extends DirBasedAuthentication
             if (uid == null) {
                 throw new EMissingCredential(CMS.getUserMessage("CMS_AUTHENTICATION_NULL_CREDENTIAL", CRED_UID));
             }
-	
+
             // get the password.
             String pwd = (String) authCreds.get(CRED_PWD);
 
             if (pwd == null) {
-                throw new EMissingCredential(CMS.getUserMessage("CMS_AUTHENTICATION_NULL_CREDENTIAL",CRED_PWD));
+                throw new EMissingCredential(CMS.getUserMessage("CMS_AUTHENTICATION_NULL_CREDENTIAL", CRED_PWD));
             }
             if (pwd.equals("")) {
                 // anonymous binding not allowed
@@ -133,13 +131,13 @@ public class UidPwdDirAuthentication extends DirBasedAuthentication
             }
 
             // get user dn.
-            CMS.debug("Authenticating: Searching for UID=" + uid + 
+            CMS.debug("Authenticating: Searching for UID=" + uid +
                       " base DN=" + mBaseDN);
             LDAPSearchResults res = conn.search(mBaseDN,
                     LDAPv2.SCOPE_SUB, "(uid=" + uid + ")", null, false);
 
             if (res.hasMoreElements()) {
-                //LDAPEntry entry = (LDAPEntry)res.nextElement();
+                // LDAPEntry entry = (LDAPEntry)res.nextElement();
                 LDAPEntry entry = res.next();
 
                 userdn = entry.getDN();
@@ -160,8 +158,8 @@ public class UidPwdDirAuthentication extends DirBasedAuthentication
             throw e;
         } catch (LDAPException e) {
             switch (e.getLDAPResultCode()) {
-            case LDAPException.NO_SUCH_OBJECT: 
-            case LDAPException.LDAP_PARTIAL_RESULTS: 
+            case LDAPException.NO_SUCH_OBJECT:
+            case LDAPException.LDAP_PARTIAL_RESULTS:
                 log(ILogger.LL_SECURITY, CMS.getLogMessage("USER_NOT_EXIST", uid));
                 throw new EInvalidCredentials(CMS.getUserMessage("CMS_AUTHENTICATION_INVALID_CREDENTIAL"));
 
@@ -174,20 +172,20 @@ public class UidPwdDirAuthentication extends DirBasedAuthentication
                 throw new ELdapException(
                         CMS.getUserMessage("CMS_LDAP_SERVER_UNAVAILABLE", conn.getHost(), "" + conn.getPort()));
 
-            default: 
+            default:
                 log(ILogger.LL_FAILURE, CMS.getLogMessage("OPERATION_ERROR", e.getMessage()));
                 throw new ELdapException(
-                        CMS.getUserMessage("CMS_LDAP_OTHER_LDAP_EXCEPTION", 
-                            e.errorCodeToString()));
+                        CMS.getUserMessage("CMS_LDAP_OTHER_LDAP_EXCEPTION",
+                                e.errorCodeToString()));
             }
-        } 
+        }
     }
 
     /**
-     * Returns a list of configuration parameter names. 
-     * The list is passed to the configuration console so instances of 
-     * this implementation can be configured through the console.
-     *
+     * Returns a list of configuration parameter names. The list is passed to
+     * the configuration console so instances of this implementation can be
+     * configured through the console.
+     * 
      * @return String array of configuration parameter names.
      */
     public String[] getConfigParams() {
@@ -196,6 +194,7 @@ public class UidPwdDirAuthentication extends DirBasedAuthentication
 
     /**
      * Returns array of required credentials for this authentication manager.
+     * 
      * @return Array of required credentials.
      */
     public String[] getRequiredCreds() {
@@ -203,9 +202,9 @@ public class UidPwdDirAuthentication extends DirBasedAuthentication
     }
 
     // Profile-related methods
-      
+
     public void init(IProfile profile, IConfigStore config)
-        throws EProfileException {
+            throws EProfileException {
     }
 
     /**
@@ -243,23 +242,22 @@ public class UidPwdDirAuthentication extends DirBasedAuthentication
     }
 
     /**
-     * Retrieves the descriptor of the given value
-     * parameter by name.
+     * Retrieves the descriptor of the given value parameter by name.
      */
     public IDescriptor getValueDescriptor(Locale locale, String name) {
-        if (name.equals(CRED_UID)) { 
+        if (name.equals(CRED_UID)) {
             return new Descriptor(IDescriptor.STRING, null, null,
                     CMS.getUserMessage(locale, "CMS_AUTHENTICATION_LDAP_UID"));
         } else if (name.equals(CRED_PWD)) {
             return new Descriptor(IDescriptor.PASSWORD, null, null,
                     CMS.getUserMessage(locale, "CMS_AUTHENTICATION_LDAP_PWD"));
-	
+
         }
         return null;
     }
 
-    public void populate(IAuthToken token, IRequest request) 
-        throws EProfileException {
+    public void populate(IAuthToken token, IRequest request)
+            throws EProfileException {
         request.setExtData(IProfileAuthenticator.AUTHENTICATED_NAME,
                 token.getInString(USER_DN));
     }
diff --git a/pki/base/common/src/com/netscape/cms/authentication/UidPwdPinDirAuthentication.java b/pki/base/common/src/com/netscape/cms/authentication/UidPwdPinDirAuthentication.java
index ce60bf8d..f305648b 100644
--- a/pki/base/common/src/com/netscape/cms/authentication/UidPwdPinDirAuthentication.java
+++ b/pki/base/common/src/com/netscape/cms/authentication/UidPwdPinDirAuthentication.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.authentication;
 
-
 // ldap java sdk
 import java.security.MessageDigest;
 import java.security.NoSuchAlgorithmException;
@@ -53,15 +52,14 @@ import com.netscape.certsrv.property.Descriptor;
 import com.netscape.certsrv.property.IDescriptor;
 import com.netscape.certsrv.request.IRequest;
 
-
 /**
  * uid/pwd/pin directory based authentication manager
  * <P>
- *
+ * 
  * @version $Revision$, $Date$
  */
 public class UidPwdPinDirAuthentication extends DirBasedAuthentication
-    implements IExtendedPluginInfo, IProfileAuthenticator {
+        implements IExtendedPluginInfo, IProfileAuthenticator {
 
     /* required credentials to authenticate. uid and pwd are strings. */
     public static final String CRED_UID = "uid";
@@ -79,54 +77,54 @@ public class UidPwdPinDirAuthentication extends DirBasedAuthentication
     protected static final byte SENTINEL_MD5 = 1;
     protected static final byte SENTINEL_NONE = 0x2d;
 
-    /* Holds configuration parameters accepted by this implementation.
-     * This list is passed to the configuration console so configuration
-     * for instances of this implementation can be configured through the
-     * console.
+    /*
+     * Holds configuration parameters accepted by this implementation. This list
+     * is passed to the configuration console so configuration for instances of
+     * this implementation can be configured through the console.
      */
-    protected static String[] mConfigParams = 
-        new String[] { PROP_REMOVE_PIN,
-            PROP_PIN_ATTR,
-            PROP_DNPATTERN,
-            PROP_LDAPSTRINGATTRS,
-            PROP_LDAPBYTEATTRS,
-            "ldap.ldapconn.host",
-            "ldap.ldapconn.port",
-            "ldap.ldapconn.secureConn",
-            "ldap.ldapconn.version",
-            "ldap.ldapauth.bindDN",
-            "ldap.ldapauth.bindPWPrompt",
-            "ldap.ldapauth.clientCertNickname",
-            "ldap.ldapauth.authtype",
-            "ldap.basedn",
-            "ldap.minConns", 
-            "ldap.maxConns",
+    protected static String[] mConfigParams =
+            new String[] { PROP_REMOVE_PIN,
+                    PROP_PIN_ATTR,
+                    PROP_DNPATTERN,
+                    PROP_LDAPSTRINGATTRS,
+                    PROP_LDAPBYTEATTRS,
+                    "ldap.ldapconn.host",
+                    "ldap.ldapconn.port",
+                    "ldap.ldapconn.secureConn",
+                    "ldap.ldapconn.version",
+                    "ldap.ldapauth.bindDN",
+                    "ldap.ldapauth.bindPWPrompt",
+                    "ldap.ldapauth.clientCertNickname",
+                    "ldap.ldapauth.authtype",
+                    "ldap.basedn",
+                    "ldap.minConns",
+                    "ldap.maxConns",
         };
 
     static {
         mExtendedPluginInfo.add(
-            PROP_REMOVE_PIN + ";boolean;SEE DOCUMENTATION for pin removal");
+                PROP_REMOVE_PIN + ";boolean;SEE DOCUMENTATION for pin removal");
         mExtendedPluginInfo.add(
-            PROP_PIN_ATTR + ";string;directory attribute to use for pin (default 'pin')");
+                PROP_PIN_ATTR + ";string;directory attribute to use for pin (default 'pin')");
         mExtendedPluginInfo.add(
-            "ldap.ldapauth.bindDN;string;DN to bind as for pin removal. "
-            + "For example 'CN=PinRemoval User'");
+                "ldap.ldapauth.bindDN;string;DN to bind as for pin removal. "
+                        + "For example 'CN=PinRemoval User'");
         mExtendedPluginInfo.add(
-            "ldap.ldapauth.bindPWPrompt;password;Enter password used to bind as " +
-            "the above user");
+                "ldap.ldapauth.bindPWPrompt;password;Enter password used to bind as " +
+                        "the above user");
         mExtendedPluginInfo.add(
-            "ldap.ldapauth.clientCertNickname;string;If you want to use "
-            + "SSL client auth to the directory, set the client "
-            + "cert nickname here");
+                "ldap.ldapauth.clientCertNickname;string;If you want to use "
+                        + "SSL client auth to the directory, set the client "
+                        + "cert nickname here");
         mExtendedPluginInfo.add(
-            "ldap.ldapauth.authtype;choice(BasicAuth,SslClientAuth),required;"
-            + "How to bind to the directory (for pin removal only)");
+                "ldap.ldapauth.authtype;choice(BasicAuth,SslClientAuth),required;"
+                        + "How to bind to the directory (for pin removal only)");
         mExtendedPluginInfo.add(IExtendedPluginInfo.HELP_TEXT
-            + ";Authenticate the username, password and pin provided "
-            + "by the user against an LDAP directory. Works with the "
-            + "Dir/Pin Based Enrollment HTML form");
+                + ";Authenticate the username, password and pin provided "
+                + "by the user against an LDAP directory. Works with the "
+                + "Dir/Pin Based Enrollment HTML form");
         mExtendedPluginInfo.add(IExtendedPluginInfo.HELP_TOKEN +
-            ";configuration-authrules-uidpwdpindirauth");
+                ";configuration-authrules-uidpwdpindirauth");
 
     }
 
@@ -135,12 +133,12 @@ public class UidPwdPinDirAuthentication extends DirBasedAuthentication
     protected MessageDigest mSHADigest = null;
     protected MessageDigest mMD5Digest = null;
 
-    private   String mBindDN = null;
-    private   String mBindPassword = null;
+    private String mBindDN = null;
+    private String mBindPassword = null;
 
-    private   ILdapConnFactory  removePinLdapFactory = null;
-    private   LDAPConnection        removePinLdapConnection = null;
-    private   IConfigStore          removePinLdapConfigStore = null;
+    private ILdapConnFactory removePinLdapFactory = null;
+    private LDAPConnection removePinLdapConnection = null;
+    private IConfigStore removePinLdapConfigStore = null;
 
     /**
      * Default constructor, initialization must follow.
@@ -149,12 +147,12 @@ public class UidPwdPinDirAuthentication extends DirBasedAuthentication
         super();
     }
 
-    public void init(String name, String implName, IConfigStore config) 
-        throws EBaseException {
+    public void init(String name, String implName, IConfigStore config)
+            throws EBaseException {
         super.init(name, implName, config);
-        mRemovePin = 
+        mRemovePin =
                 config.getBoolean(PROP_REMOVE_PIN, DEF_REMOVE_PIN);
-        mPinAttr = 
+        mPinAttr =
                 config.getString(PROP_PIN_ATTR, DEF_PIN_ATTR);
         if (mPinAttr.equals("")) {
             mPinAttr = DEF_PIN_ATTR;
@@ -166,7 +164,7 @@ public class UidPwdPinDirAuthentication extends DirBasedAuthentication
             removePinLdapFactory.init(removePinLdapConfigStore);
             removePinLdapConnection = removePinLdapFactory.getConn();
         }
-        
+
         try {
             mSHADigest = MessageDigest.getInstance("SHA1");
             mMD5Digest = MessageDigest.getInstance("MD5");
@@ -177,7 +175,7 @@ public class UidPwdPinDirAuthentication extends DirBasedAuthentication
     }
 
     protected void verifyPassword(String Password) {
-    }    
+    }
 
     /**
      * Authenticates a user based on its uid, pwd, pin in the directory.
@@ -185,16 +183,16 @@ public class UidPwdPinDirAuthentication extends DirBasedAuthentication
      * @param authCreds The authentication credentials with uid, pwd, pin.
      * @return The user's ldap entry dn.
      * @exception EInvalidCredentials If the uid and password are not valid
-     * @exception EBaseException If an internal error occurs. 
+     * @exception EBaseException If an internal error occurs.
      */
-    protected String authenticate(LDAPConnection conn, 
-        IAuthCredentials authCreds,
-        AuthToken token)
-        throws EBaseException {
+    protected String authenticate(LDAPConnection conn,
+            IAuthCredentials authCreds,
+            AuthToken token)
+            throws EBaseException {
         String userdn = null;
-        String uid = null; 
-        String pwd = null; 
-        String pin = null; 
+        String uid = null;
+        String pwd = null;
+        String pin = null;
 
         try {
             // get the uid.
@@ -202,7 +200,7 @@ public class UidPwdPinDirAuthentication extends DirBasedAuthentication
             if (uid == null) {
                 throw new EMissingCredential(CMS.getUserMessage("CMS_AUTHENTICATION_NULL_CREDENTIAL", CRED_UID));
             }
-	
+
             // get the password.
             pwd = (String) authCreds.get(CRED_PWD);
             if (pwd == null) {
@@ -244,7 +242,7 @@ public class UidPwdPinDirAuthentication extends DirBasedAuthentication
             log(ILogger.LL_SECURITY, CMS.getLogMessage("CMS_AUTH_AUTHENTICATED", uid));
             // log(ILogger.LL_SECURITY, "found user : " + userdn);
 
-            // check pin. 
+            // check pin.
             checkpin(conn, userdn, uid, pin);
 
             // set uid in the token.
@@ -256,8 +254,8 @@ public class UidPwdPinDirAuthentication extends DirBasedAuthentication
             throw e;
         } catch (LDAPException e) {
             switch (e.getLDAPResultCode()) {
-            case LDAPException.NO_SUCH_OBJECT: 
-            case LDAPException.LDAP_PARTIAL_RESULTS: 
+            case LDAPException.NO_SUCH_OBJECT:
+            case LDAPException.LDAP_PARTIAL_RESULTS:
                 log(ILogger.LL_SECURITY, CMS.getLogMessage("CMS_AUTH_USER_NOT_EXIST", uid));
                 throw new EInvalidCredentials(CMS.getUserMessage("CMS_AUTHENTICATION_INVALID_CREDENTIAL"));
 
@@ -270,24 +268,24 @@ public class UidPwdPinDirAuthentication extends DirBasedAuthentication
                 throw new ELdapException(
                         CMS.getUserMessage("CMS_LDAP_SERVER_UNAVAILABLE", conn.getHost(), "" + conn.getPort()));
 
-            default: 
+            default:
                 log(ILogger.LL_FAILURE, CMS.getLogMessage("OPERATION_ERROR", e.getMessage()));
                 throw new ELdapException(
-                        CMS.getUserMessage("CMS_LDAP_OTHER_LDAP_EXCEPTION", 
-                            e.errorCodeToString()));
+                        CMS.getUserMessage("CMS_LDAP_OTHER_LDAP_EXCEPTION",
+                                e.errorCodeToString()));
             }
-        } 
+        }
     }
 
-    protected void checkpin(LDAPConnection conn, String userdn, 
-        String uid, String pin)
-        throws EBaseException, LDAPException {
+    protected void checkpin(LDAPConnection conn, String userdn,
+            String uid, String pin)
+            throws EBaseException, LDAPException {
         LDAPSearchResults res = null;
         LDAPEntry entry = null;
 
         // get pin.
 
-        res = conn.search(userdn, LDAPv2.SCOPE_BASE, 
+        res = conn.search(userdn, LDAPv2.SCOPE_BASE,
                     "(objectclass=*)", new String[] { mPinAttr }, false);
         if (res.hasMoreElements()) {
             entry = (LDAPEntry) res.nextElement();
@@ -309,7 +307,7 @@ public class UidPwdPinDirAuthentication extends DirBasedAuthentication
             log(ILogger.LL_SECURITY, CMS.getLogMessage("CMS_AUTH_NO_PIN_FOUND", uid));
             throw new EInvalidCredentials(CMS.getUserMessage("CMS_AUTHENTICATION_INVALID_CREDENTIAL"));
         }
-        byte[] entrypin = (byte[]) pinValues.nextElement();  
+        byte[] entrypin = (byte[]) pinValues.nextElement();
 
         // compare value digest.
 
@@ -317,14 +315,14 @@ public class UidPwdPinDirAuthentication extends DirBasedAuthentication
             log(ILogger.LL_SECURITY, CMS.getLogMessage("CMS_AUTH_NO_PIN_FOUND", uid));
             throw new EInvalidCredentials(CMS.getUserMessage("CMS_AUTHENTICATION_INVALID_CREDENTIAL"));
         }
-       
+
         byte hashtype = entrypin[0];
 
         byte[] pinDigest = null;
         String toBeDigested = userdn + pin;
 
         if (hashtype == SENTINEL_SHA) {
-            
+
             pinDigest = mSHADigest.digest(toBeDigested.getBytes());
         } else if (hashtype == SENTINEL_MD5) {
             pinDigest = mMD5Digest.digest(toBeDigested.getBytes());
@@ -343,7 +341,7 @@ public class UidPwdPinDirAuthentication extends DirBasedAuthentication
         int i;
 
         for (i = 0; i < (entrypin.length - 1); i++) {
-            if (pinDigest[i] != entrypin[i + 1]) 
+            if (pinDigest[i] != entrypin[i + 1])
                 break;
         }
         if (i != (entrypin.length - 1)) {
@@ -354,17 +352,17 @@ public class UidPwdPinDirAuthentication extends DirBasedAuthentication
         // pin ok. remove pin if so configured
         // Note that this means that a policy may reject this request later,
         // but the user will not be able to enroll again as his pin is gone.
-        
+
         // We remove the pin using a different connection which is bound as
         // a more privileged user.
 
         if (mRemovePin) {
 
             try {
-                removePinLdapConnection.modify(userdn, 
-                    new LDAPModification(
-                        LDAPModification.DELETE,
-                        new LDAPAttribute(mPinAttr, entrypin)));
+                removePinLdapConnection.modify(userdn,
+                        new LDAPModification(
+                                LDAPModification.DELETE,
+                                new LDAPAttribute(mPinAttr, entrypin)));
 
             } catch (LDAPException e) {
                 log(ILogger.LL_SECURITY, CMS.getLogMessage("CMS_AUTH_CANT_REMOVE_PIN", userdn));
@@ -374,10 +372,10 @@ public class UidPwdPinDirAuthentication extends DirBasedAuthentication
     }
 
     /**
-     * Returns a list of configuration parameter names. 
-     * The list is passed to the configuration console so instances of 
-     * this implementation can be configured through the console.
-     *
+     * Returns a list of configuration parameter names. The list is passed to
+     * the configuration console so instances of this implementation can be
+     * configured through the console.
+     * 
      * @return String array of configuration parameter names.
      */
     public String[] getConfigParams() {
@@ -386,6 +384,7 @@ public class UidPwdPinDirAuthentication extends DirBasedAuthentication
 
     /**
      * Returns array of required credentials for this authentication manager.
+     * 
      * @return Array of required credentials.
      */
     public String[] getRequiredCreds() {
@@ -395,7 +394,7 @@ public class UidPwdPinDirAuthentication extends DirBasedAuthentication
     // Profile-related methods
 
     public void init(IProfile profile, IConfigStore config)
-        throws EProfileException {
+            throws EProfileException {
     }
 
     /**
@@ -434,8 +433,7 @@ public class UidPwdPinDirAuthentication extends DirBasedAuthentication
     }
 
     /**
-     * Retrieves the descriptor of the given value
-     * parameter by name.
+     * Retrieves the descriptor of the given value parameter by name.
      */
     public IDescriptor getValueDescriptor(Locale locale, String name) {
         if (name.equals(CRED_UID)) {
@@ -453,7 +451,7 @@ public class UidPwdPinDirAuthentication extends DirBasedAuthentication
     }
 
     public void populate(IAuthToken token, IRequest request)
-        throws EProfileException {
+            throws EProfileException {
         request.setExtData(IProfileAuthenticator.AUTHENTICATED_NAME,
                 token.getInString(USER_DN));
     }
@@ -462,4 +460,3 @@ public class UidPwdPinDirAuthentication extends DirBasedAuthentication
         return false;
     }
 }
-
diff --git a/pki/base/common/src/com/netscape/cms/authorization/AAclAuthz.java b/pki/base/common/src/com/netscape/cms/authorization/AAclAuthz.java
index 0bb36f28..df15dd1c 100644
--- a/pki/base/common/src/com/netscape/cms/authorization/AAclAuthz.java
+++ b/pki/base/common/src/com/netscape/cms/authorization/AAclAuthz.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.authorization;
 
-
 import java.util.Enumeration;
 import java.util.Hashtable;
 import java.util.Locale;
@@ -37,30 +36,32 @@ import com.netscape.certsrv.evaluators.IAccessEvaluator;
 import com.netscape.certsrv.logging.ILogger;
 import com.netscape.cmsutil.util.Utils;
 
-
 /**
- * An abstract class represents an authorization manager that governs the 
- * access of internal resources such as servlets. 
- * It parses in the ACLs associated with each protected 
- * resources, and provides protected method <CODE>checkPermission</CODE> 
- * for code that needs to verify access before performing 
- * actions.
+ * An abstract class represents an authorization manager that governs the access
+ * of internal resources such as servlets. It parses in the ACLs associated with
+ * each protected resources, and provides protected method
+ * <CODE>checkPermission</CODE> for code that needs to verify access before
+ * performing actions.
  * <P>
  * Here is a sample resourceACLS for a resource
+ * 
  * <PRE>
  *   certServer.UsrGrpAdminServlet:
  *       execute:
  *           deny (execute) user="tempAdmin";
  *           allow (execute) group="Administrators";
  * </PRE>
- * To perform permission checking, code call authz mgr authorize()
- * method to verify access. See AuthzMgr for calling example.
+ * 
+ * To perform permission checking, code call authz mgr authorize() method to
+ * verify access. See AuthzMgr for calling example.
  * <P>
- * default "evaluators" are used to evaluate the "group=.." or "user=.."
- * rules.  See evaluator for more info
+ * default "evaluators" are used to evaluate the "group=.." or "user=.." rules.
+ * See evaluator for more info
  * 
  * @version $Revision$, $Date$
- * @see <A HREF="http://developer.netscape.com/library/documentation/enterprise/admnunix/aclfiles.htm">ACL Files</A>
+ * @see <A
+ *      HREF="http://developer.netscape.com/library/documentation/enterprise/admnunix/aclfiles.htm">ACL
+ *      Files</A>
  */
 public abstract class AAclAuthz {
 
@@ -92,10 +93,10 @@ public abstract class AAclAuthz {
     }
 
     /**
-     * Initializes 
+     * Initializes
      */
-    protected void init(IConfigStore config) 
-        throws EBaseException {
+    protected void init(IConfigStore config)
+            throws EBaseException {
 
         mLogger = CMS.getLogger();
         CMS.debug("AAclAuthz: init begins");
@@ -123,16 +124,15 @@ public abstract class AAclAuthz {
                             type + "." + PROP_CLASS));
             }
 
-            // instantiate evaluator 
+            // instantiate evaluator
             try {
                 evaluator =
                         (IAccessEvaluator) Class.forName(evalClassPath).newInstance();
             } catch (Exception e) {
                 String errMsg = "init(): failed to load class: " +
-                    evalClassPath + ":" + e.toString();
+                        evalClassPath + ":" + e.toString();
 
-                throw new
-                    EACLsException(CMS.getUserMessage("CMS_ACL_CLASS_LOAD_FAIL",
+                throw new EACLsException(CMS.getUserMessage("CMS_ACL_CLASS_LOAD_FAIL",
                             evalClassPath));
             }
 
@@ -151,16 +151,18 @@ public abstract class AAclAuthz {
     }
 
     /**
-     * Parse ACL resource attributes, then update the ACLs memory store
-     * This is intended to be used if storing ACLs on ldap is not desired, 
-     * and the caller is expected to call this method to add resource
-     * and acl info into acls memory store.  The resACLs format should conform
-     * to the following:
-     *    <resource ID>:right-1[,right-n]:[allow,deny](right(s))<evaluatorType>=<value>:<comment for this resource acl
+     * Parse ACL resource attributes, then update the ACLs memory store This is
+     * intended to be used if storing ACLs on ldap is not desired, and the
+     * caller is expected to call this method to add resource and acl info into
+     * acls memory store. The resACLs format should conform to the following:
+     * <resource
+     * ID>:right-1[,right-n]:[allow,deny](right(s))<evaluatorType>=<value
+     * >:<comment for this resource acl
      * <P>
-     * Example:
-     *    resTurnKnob:left,right:allow(left) group="lefties":door knobs for lefties
-     * @param resACLs same format as the resourceACLs attribute 
+     * Example: resTurnKnob:left,right:allow(left) group="lefties":door knobs
+     * for lefties
+     * 
+     * @param resACLs same format as the resourceACLs attribute
      * @throws EBaseException parsing error from <code>parseACL</code>
      */
     public void addACLs(String resACLs) throws EBaseException {
@@ -180,7 +182,7 @@ public abstract class AAclAuthz {
     public IACL getACL(String target) {
         return (ACL) mACLs.get(target);
     }
-	
+
     protected Enumeration<String> getTargetNames() {
         return mACLs.keys();
     }
@@ -204,10 +206,10 @@ public abstract class AAclAuthz {
     }
 
     /**
-     * Returns a list of configuration parameter names.
-     * The list is passed to the configuration console so instances of
-     * this implementation can be configured through the console.
-     *
+     * Returns a list of configuration parameter names. The list is passed to
+     * the configuration console so instances of this implementation can be
+     * configured through the console.
+     * 
      * @return String array of configuration parameter names.
      */
     public String[] getConfigParams() {
@@ -220,8 +222,7 @@ public abstract class AAclAuthz {
     public abstract void shutdown();
 
     /**
-     * Registers new handler for the given attribute type
-     * in the expressions.
+     * Registers new handler for the given attribute type in the expressions.
      */
     public void registerEvaluator(String type, IAccessEvaluator evaluator) {
         mEvaluators.put(type, evaluator);
@@ -233,45 +234,42 @@ public abstract class AAclAuthz {
      *******************************************************/
 
     /**
-     * Checks if the permission is granted or denied in 
-     * the current execution context. If the code is
-     * marked as privileged, this methods will simply
+     * Checks if the permission is granted or denied in the current execution
+     * context. If the code is marked as privileged, this methods will simply
      * return.
      * <P>
-     * note that if a resource does not exist in the aclResources
-     *	 entry, but a higher level node exist, it will still be
-     *	 evaluated.  The highest level node's acl determines the
-     *	 permission.  If the higher level node doesn't contain any acl
-     *	 information, then it's passed down to the lower node.  If
-     *	 a node has no aci in its resourceACLs, then it's considered
-     *	 passed.
+     * note that if a resource does not exist in the aclResources entry, but a
+     * higher level node exist, it will still be evaluated. The highest level
+     * node's acl determines the permission. If the higher level node doesn't
+     * contain any acl information, then it's passed down to the lower node. If
+     * a node has no aci in its resourceACLs, then it's considered passed.
      * <p>
      * example: certServer.common.users, if failed permission check for
-     *	 "certServer", then it's considered failed, and there is no need to
-     *	 continue the check.  If passed permission check for "certServer",
-     * then it's considered passed, and no need to continue the
-     *	 check.  If certServer contains no aci then "certServer.common" will be
-     *	 checked for permission instead.  If down to the leaf level,
-     *	 the node still contains no aci, then it's considered passed.
-     *  If at the leaf level, no such resource exist, or no acis, it's
-     *	 considered passed.
+     * "certServer", then it's considered failed, and there is no need to
+     * continue the check. If passed permission check for "certServer", then
+     * it's considered passed, and no need to continue the check. If certServer
+     * contains no aci then "certServer.common" will be checked for permission
+     * instead. If down to the leaf level, the node still contains no aci, then
+     * it's considered passed. If at the leaf level, no such resource exist, or
+     * no acis, it's considered passed.
      * <p>
-     * If there are multiple aci's for a resource, ALL aci's will be
-     *	 checked, and only if all passed permission checks, will the
-     *	 eventual access be granted.
+     * If there are multiple aci's for a resource, ALL aci's will be checked,
+     * and only if all passed permission checks, will the eventual access be
+     * granted.
+     * 
      * @param name resource name
      * @param perm permission requested
      * @exception EACLsException access permission denied
      */
-    protected synchronized void checkPermission(String name, String perm) 
-        throws EACLsException {
+    protected synchronized void checkPermission(String name, String perm)
+            throws EACLsException {
         String resource = "";
         StringTokenizer st = new StringTokenizer(name, ".");
 
         while (st.hasMoreTokens()) {
             String node = st.nextToken();
 
-            if (! "".equals(resource)) {
+            if (!"".equals(resource)) {
                 resource = resource + "." + node;
             } else {
                 resource = node;
@@ -288,18 +286,17 @@ public abstract class AAclAuthz {
                 params[1] = perm;
 
                 String errMsg = "checkPermission(): permission denied for the resource " +
-                    name + " on operation " + perm;
+                        name + " on operation " + perm;
 
                 log(ILogger.LL_SECURITY, CMS.getLogMessage("AUTHZ_EVALUATOR_ACCESS_DENIED", name, perm));
 
-                throw new
-                    EACLsException(CMS.getUserMessage("CMS_ACL_NO_PERMISSION",
+                throw new EACLsException(CMS.getUserMessage("CMS_ACL_NO_PERMISSION",
                             (String[]) params));
             }
 
             if (passed) {
                 String infoMsg = "checkPermission(): permission granted for the resource " +
-                    name + " on operation " + perm;
+                        name + " on operation " + perm;
 
                 log(ILogger.LL_INFO, infoMsg);
 
@@ -309,38 +306,37 @@ public abstract class AAclAuthz {
     }
 
     /**
-     * Checks if the permission is granted or denied in 
-     * the current execution context.
+     * Checks if the permission is granted or denied in the current execution
+     * context.
      * <P>
      * An <code>ACL</code> may contain one or more <code>ACLEntry</code>.
-     * However, in case of multiple <code>ACLEntry</code>, a subject must
-     * pass ALL of the <code>ACLEntry</code> evaluation for permission
-     * to be granted
+     * However, in case of multiple <code>ACLEntry</code>, a subject must pass
+     * ALL of the <code>ACLEntry</code> evaluation for permission to be granted
      * <P>
-     * negative ("deny") aclEntries are treated differently than
-     * positive ("allow") statements. If a negative aclEntries 
-     * fails the acl check, the permission check will return "false"
-     * right away; while in the case of a positive aclEntry, if the
-     * the aclEntry fails the acl check, the next aclEntry will be
-     * evaluated.
+     * negative ("deny") aclEntries are treated differently than positive
+     * ("allow") statements. If a negative aclEntries fails the acl check, the
+     * permission check will return "false" right away; while in the case of a
+     * positive aclEntry, if the the aclEntry fails the acl check, the next
+     * aclEntry will be evaluated.
+     * 
      * @param name resource name
      * @param perm permission requested
-     * @return true if access allowed
-     *         false if should be passed down to the next node
+     * @return true if access allowed false if should be passed down to the next
+     *         node
      * @exception EACLsException if access disallowed
      */
-    private boolean checkACLs(String name, String perm) 
-        throws EACLsException {
+    private boolean checkACLs(String name, String perm)
+            throws EACLsException {
         ACL acl = (ACL) mACLs.get(name);
 
         // no such resource, pass it down
         if (acl == null) {
             String infoMsg = "checkACLs(): no acl for" +
-                name + "...pass down to next node";
+                    name + "...pass down to next node";
 
             log(ILogger.LL_INFO, infoMsg);
 
-            return false; 
+            return false;
         }
 
         Enumeration<ACLEntry> e = acl.entries();
@@ -348,7 +344,7 @@ public abstract class AAclAuthz {
         if ((e == null) || (e.hasMoreElements() == false)) {
             // no acis for node, pass down to next node
             String infoMsg = " AAclAuthz.checkACLs(): no acis for " +
-                name + " acl entry...pass down to next node";
+                    name + " acl entry...pass down to next node";
 
             log(ILogger.LL_INFO, infoMsg);
 
@@ -380,10 +376,8 @@ public abstract class AAclAuthz {
     }
 
     /**
-     * Resolves the given expressions.
-     * expression || expression || ...
-     * example:
-     *     group="Administrators" || group="Operators"
+     * Resolves the given expressions. expression || expression || ... example:
+     * group="Administrators" || group="Operators"
      */
     private boolean evaluateExpressions(String s) {
         // XXX - just handle "||" (or) among multiple expressions for now
@@ -449,8 +443,8 @@ public abstract class AAclAuthz {
     private boolean evaluateExpression(String expression) {
         // XXX - just recognize "=" for now!!
         int i = expression.indexOf("=");
-        String type = expression.substring(0, i);	
-        String value = expression.substring(i + 1);	
+        String type = expression.substring(0, i);
+        String value = expression.substring(i + 1);
         IAccessEvaluator evaluator = (IAccessEvaluator) mEvaluators.get(type);
 
         if (evaluator == null) {
@@ -468,76 +462,73 @@ public abstract class AAclAuthz {
      *******************************************************/
 
     /**
-     * Checks if the permission is granted or denied with id from authtoken 
+     * Checks if the permission is granted or denied with id from authtoken
      * gotten from authentication that precedes authorization. If the code is
-     * marked as privileged, this methods will simply
-     * return.
+     * marked as privileged, this methods will simply return.
      * <P>
-     * note that if a resource does not exist in the aclResources
-     *	 entry, but a higher level node exist, it will still be
-     *	 evaluated.  The highest level node's acl determines the
-     *	 permission.  If the higher level node doesn't contain any acl
-     *	 information, then it's passed down to the lower node.  If
-     *	 a node has no aci in its resourceACLs, then it's considered
-     *	 passed.
+     * note that if a resource does not exist in the aclResources entry, but a
+     * higher level node exist, it will still be evaluated. The highest level
+     * node's acl determines the permission. If the higher level node doesn't
+     * contain any acl information, then it's passed down to the lower node. If
+     * a node has no aci in its resourceACLs, then it's considered passed.
      * <p>
      * example: certServer.common.users, if failed permission check for
-     *	 "certServer", then it's considered failed, and there is no need to
-     *	 continue the check.  If passed permission check for "certServer",
-     * then it's considered passed, and no need to continue the
-     *	 check.  If certServer contains no aci then "certServer.common" will be
-     *	 checked for permission instead.  If down to the leaf level,
-     *	 the node still contains no aci, then it's considered passed.
-     *  If at the leaf level, no such resource exist, or no acis, it's
-     *	 considered passed.
+     * "certServer", then it's considered failed, and there is no need to
+     * continue the check. If passed permission check for "certServer", then
+     * it's considered passed, and no need to continue the check. If certServer
+     * contains no aci then "certServer.common" will be checked for permission
+     * instead. If down to the leaf level, the node still contains no aci, then
+     * it's considered passed. If at the leaf level, no such resource exist, or
+     * no acis, it's considered passed.
      * <p>
-     * If there are multiple aci's for a resource, ALL aci's will be
-     *	 checked, and only if all passed permission checks, will the
-     *	 eventual access be granted.
+     * If there are multiple aci's for a resource, ALL aci's will be checked,
+     * and only if all passed permission checks, will the eventual access be
+     * granted.
+     * 
      * @param authToken authentication token gotten from authentication
      * @param name resource name
      * @param perm permission requested
      * @exception EACLsException access permission denied
      */
-    public synchronized void checkPermission(IAuthToken authToken, String name, 
-        String perm) 
-        throws EACLsException {
- 
+    public synchronized void checkPermission(IAuthToken authToken, String name,
+            String perm)
+            throws EACLsException {
+
         Vector<String> nodev = getNodes(name);
         Enumeration<String> nodes = nodev.elements();
         String order = getOrder();
         Enumeration<ACLEntry> entries = null;
 
-        if (order.equals("deny")) 
+        if (order.equals("deny"))
             entries = getDenyEntries(nodes, perm);
-        else 
+        else
             entries = getAllowEntries(nodes, perm);
- 
+
         boolean permitted = false;
 
         while (entries.hasMoreElements()) {
             ACLEntry entry = (ACLEntry) entries.nextElement();
 
             CMS.debug("checkACLS(): ACLEntry expressions= " +
-                entry.getAttributeExpressions());
+                    entry.getAttributeExpressions());
             if (evaluateExpressions(authToken, entry.getAttributeExpressions())) {
-                log(ILogger.LL_SECURITY, 
-                    " checkACLs(): permission denied");
+                log(ILogger.LL_SECURITY,
+                        " checkACLs(): permission denied");
                 throw new EACLsException(CMS.getUserMessage("CMS_ACL_PERMISSION_DENIED"));
             }
         }
 
         nodes = nodev.elements();
-        if (order.equals("deny")) 
+        if (order.equals("deny"))
             entries = getAllowEntries(nodes, perm);
-        else 
+        else
             entries = getDenyEntries(nodes, perm);
 
-        while (entries.hasMoreElements()) { 
+        while (entries.hasMoreElements()) {
             ACLEntry entry = (ACLEntry) entries.nextElement();
 
             CMS.debug("checkACLS(): ACLEntry expressions= " +
-                entry.getAttributeExpressions());
+                    entry.getAttributeExpressions());
             if (evaluateExpressions(authToken, entry.getAttributeExpressions())) {
                 permitted = true;
             }
@@ -546,7 +537,7 @@ public abstract class AAclAuthz {
         nodev = null;
         if (permitted) {
             String infoMsg = "checkPermission(): permission granted for the resource " +
-                name + " on operation " + perm;
+                    name + " on operation " + perm;
 
             log(ILogger.LL_INFO, infoMsg);
             return;
@@ -557,10 +548,10 @@ public abstract class AAclAuthz {
             params[1] = perm;
 
             String errMsg = "checkPermission(): permission denied for the resource " +
-                name + " on operation " + perm;
+                    name + " on operation " + perm;
 
-            log(ILogger.LL_SECURITY, 
-                CMS.getLogMessage("AUTHZ_EVALUATOR_ACCESS_DENIED", name, perm));
+            log(ILogger.LL_SECURITY,
+                    CMS.getLogMessage("AUTHZ_EVALUATOR_ACCESS_DENIED", name, perm));
 
             throw new EACLsException(CMS.getUserMessage("CMS_ACL_NO_PERMISSION",
                         (String[]) params));
@@ -582,13 +573,13 @@ public abstract class AAclAuthz {
             while (e.hasMoreElements()) {
                 ACLEntry entry = (ACLEntry) e.nextElement();
 
-                if (!entry.isNegative() && 
-                    entry.containPermission(operation)) {
+                if (!entry.isNegative() &&
+                        entry.containPermission(operation)) {
                     v.addElement(entry);
                 }
             }
         }
-       
+
         return v.elements();
     }
 
@@ -607,21 +598,19 @@ public abstract class AAclAuthz {
             while (e.hasMoreElements()) {
                 ACLEntry entry = e.nextElement();
 
-                if (entry.isNegative() && 
-                    entry.containPermission(operation)) {
+                if (entry.isNegative() &&
+                        entry.containPermission(operation)) {
                     v.addElement(entry);
                 }
             }
         }
-       
+
         return v.elements();
     }
 
     /**
-     * Resolves the given expressions.
-     * expression || expression || ...
-     * example:
-     *     group="Administrators" || group="Operators"
+     * Resolves the given expressions. expression || expression || ... example:
+     * group="Administrators" || group="Operators"
      */
     private boolean evaluateExpressions(IAuthToken authToken, String s) {
         // XXX - just handle "||" (or) among multiple expressions for now
@@ -703,7 +692,7 @@ public abstract class AAclAuthz {
         while (index != -1) {
             name = name.substring(0, index);
             v.addElement(name);
-            index = name.lastIndexOf(".");    
+            index = name.lastIndexOf(".");
         }
 
         return v;
@@ -745,7 +734,7 @@ public abstract class AAclAuthz {
                 i = exp.indexOf(">");
                 if (i == -1) {
                     i = exp.indexOf("<");
-                    if (i == -1) {  
+                    if (i == -1) {
                         log(ILogger.LL_FAILURE, CMS.getLogMessage("AUTHZ_OP_NOT_SUPPORTED", exp));
                     } else {
                         return "<";
@@ -780,19 +769,19 @@ public abstract class AAclAuthz {
      *******************************************************/
 
     /**
-     * This one only updates the memory.  Classes extend this class should
-     * also update to a permanent storage
+     * This one only updates the memory. Classes extend this class should also
+     * update to a permanent storage
      */
-    public void updateACLs(String id, String rights, String strACLs, 
-        String desc) throws EACLsException {
+    public void updateACLs(String id, String rights, String strACLs,
+            String desc) throws EACLsException {
         ACL acl = (ACL) getACL(id);
-  
+
         String resourceACLs = id;
 
         if (rights != null)
             resourceACLs = id + ":" + rights + ":" + strACLs + ":" + desc;
 
-            // memory update
+        // memory update
         ACL ac = null;
 
         try {
@@ -806,6 +795,7 @@ public abstract class AAclAuthz {
 
     /**
      * gets an enumeration of resources
+     * 
      * @return an enumeration of resources contained in the ACL table
      */
     public Enumeration<ACL> aclResElements() {
@@ -814,6 +804,7 @@ public abstract class AAclAuthz {
 
     /**
      * gets an enumeration of access evaluators
+     * 
      * @return an enumeraton of access evaluators
      */
     public Enumeration<IAccessEvaluator> aclEvaluatorElements() {
@@ -822,6 +813,7 @@ public abstract class AAclAuthz {
 
     /**
      * gets the access evaluators
+     * 
      * @return handle to the access evaluators table
      */
     public Hashtable<String, IAccessEvaluator> getAccessEvaluators() {
@@ -830,6 +822,7 @@ public abstract class AAclAuthz {
 
     /**
      * is this resource name unique
+     * 
      * @return true if unique; false otherwise
      */
     public boolean isTypeUnique(String type) {
@@ -844,7 +837,7 @@ public abstract class AAclAuthz {
         if (mLogger == null)
             return;
         mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_AUTHORIZATION,
-            level, msg);
+                level, msg);
     }
 
     /*********************************
@@ -852,17 +845,16 @@ public abstract class AAclAuthz {
      **********************************/
 
     /**
-     * update acls.  called after memory upate is done to flush to permanent
+     * update acls. called after memory upate is done to flush to permanent
      * storage.
      * <p>
      */
     protected abstract void flushResourceACLs() throws EACLsException;
 
     /**
-     * an abstract class that enforces implementation of the
-     *	 authorize() method that will authorize an operation on a
-     *	 particular resource
-     *
+     * an abstract class that enforces implementation of the authorize() method
+     * that will authorize an operation on a particular resource
+     * 
      * @param authToken the authToken associated with a user
      * @param resource - the protected resource name
      * @param operation - the protected resource operation name
diff --git a/pki/base/common/src/com/netscape/cms/authorization/BasicAclAuthz.java b/pki/base/common/src/com/netscape/cms/authorization/BasicAclAuthz.java
index 29cb671e..d2d29996 100644
--- a/pki/base/common/src/com/netscape/cms/authorization/BasicAclAuthz.java
+++ b/pki/base/common/src/com/netscape/cms/authorization/BasicAclAuthz.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.authorization;
 
-
 // cert server imports.
 import com.netscape.certsrv.acls.EACLsException;
 import com.netscape.certsrv.apps.CMS;
@@ -31,14 +30,13 @@ import com.netscape.certsrv.base.IConfigStore;
 import com.netscape.certsrv.base.IExtendedPluginInfo;
 import com.netscape.certsrv.logging.ILogger;
 
-
 /**
  * A class for basic acls authorization manager
- *
+ * 
  * @version $Revision$, $Date$
  */
 public class BasicAclAuthz extends AAclAuthz
-    implements IAuthzManager, IExtendedPluginInfo {
+        implements IAuthzManager, IExtendedPluginInfo {
 
     // members
 
@@ -67,13 +65,14 @@ public class BasicAclAuthz extends AAclAuthz
      */
     public BasicAclAuthz() {
 
-        /* Holds configuration parameters accepted by this implementation.
-         * This list is passed to the configuration console so configuration
-         * for instances of this implementation can be configured through the
+        /*
+         * Holds configuration parameters accepted by this implementation. This
+         * list is passed to the configuration console so configuration for
+         * instances of this implementation can be configured through the
          * console.
          */
         mConfigParams =
-                new String[] { 
+                new String[] {
                     "dummy"
                 };
     }
@@ -82,7 +81,7 @@ public class BasicAclAuthz extends AAclAuthz
      *
      */
     public void init(String name, String implName, IConfigStore config)
-        throws EBaseException {
+            throws EBaseException {
         mName = name;
         mImplName = implName;
         mConfig = config;
@@ -108,20 +107,22 @@ public class BasicAclAuthz extends AAclAuthz
     }
 
     /**
-     * check the authorization permission for the user associated with
-     * authToken on operation
+     * check the authorization permission for the user associated with authToken
+     * on operation
      * <p>
      * Example:
      * <p>
-     * For example, if UsrGrpAdminServlet needs to authorize the caller
-     * it would do be done in the following fashion:
+     * For example, if UsrGrpAdminServlet needs to authorize the caller it would
+     * do be done in the following fashion:
+     * 
      * <PRE>
-     *   try {
-     *     authzTok = mAuthz.authorize("DirACLBasedAuthz", authToken, RES_GROUP, "read");
-     *   } catch (EBaseException e) {
-     *      log(ILogger.LL_FAILURE, "authorize call: "+ e.toString());
-     *   }
-     * </PRE> 
+     * try {
+     *     authzTok = mAuthz.authorize(&quot;DirACLBasedAuthz&quot;, authToken, RES_GROUP, &quot;read&quot;);
+     * } catch (EBaseException e) {
+     *     log(ILogger.LL_FAILURE, &quot;authorize call: &quot; + e.toString());
+     * }
+     * </PRE>
+     * 
      * @param authToken the authToken associated with a user
      * @param resource - the protected resource name
      * @param operation - the protected resource operation name
@@ -130,7 +131,7 @@ public class BasicAclAuthz extends AAclAuthz
      * @return authzToken if success
      */
     public AuthzToken authorize(IAuthToken authToken, String resource, String operation)
-        throws EAuthzInternalError, EAuthzAccessDenied {
+            throws EAuthzInternalError, EAuthzAccessDenied {
         AuthzToken authzToken = new AuthzToken(this);
 
         try {
@@ -142,11 +143,11 @@ public class BasicAclAuthz extends AAclAuthz
             authzToken.set(AuthzToken.TOKEN_AUTHZ_RESOURCE, resource);
             authzToken.set(AuthzToken.TOKEN_AUTHZ_OPERATION, operation);
             authzToken.set(AuthzToken.TOKEN_AUTHZ_STATUS,
-                AuthzToken.AUTHZ_STATUS_SUCCESS);
+                    AuthzToken.AUTHZ_STATUS_SUCCESS);
         } catch (EACLsException e) {
-            // audit here later 
+            // audit here later
             log(ILogger.LL_FAILURE, CMS.getLogMessage("AUTHZ_EVALUATOR_AUTHORIZATION_FAILED"));
-            String params[] = {resource, operation};
+            String params[] = { resource, operation };
 
             throw new EAuthzAccessDenied(CMS.getUserMessage("CMS_AUTHORIZATION_AUTHZ_ACCESS_DENIED", params));
         }
@@ -155,32 +156,33 @@ public class BasicAclAuthz extends AAclAuthz
     }
 
     public AuthzToken authorize(IAuthToken authToken, String expression)
-      throws EAuthzAccessDenied {
+            throws EAuthzAccessDenied {
         if (evaluateACLs(authToken, expression)) {
             return (new AuthzToken(this));
         } else {
-            String params[] = {expression};
+            String params[] = { expression };
             throw new EAuthzAccessDenied(CMS.getUserMessage("CMS_AUTHORIZATION_AUTHZ_ACCESS_DENIED", params));
         }
     }
 
     /**
      * This currently does not flush to permanent storage
+     * 
      * @param id is the resource id
-     * @param strACLs 
+     * @param strACLs
      */
     public void updateACLs(String id, String rights, String strACLs,
-        String desc) throws EACLsException {
+            String desc) throws EACLsException {
         try {
             super.updateACLs(id, rights, strACLs, desc);
-            //            flushResourceACLs();
+            // flushResourceACLs();
             needsFlush = false;
         } catch (EACLsException ex) {
             // flushing failed, set flag
             needsFlush = true;
 
             String errMsg = "updateACLs: failed to flushResourceACLs(): "
-                + ex.toString();
+                    + ex.toString();
 
             log(ILogger.LL_FAILURE, CMS.getLogMessage("AUTHZ_EVALUATOR_FLUSH_RESOURCES", ex.toString()));
 
@@ -189,8 +191,8 @@ public class BasicAclAuthz extends AAclAuthz
     }
 
     /**
-     * updates resourceACLs to permanent storage.
-     * currently not implemented for this authzMgr
+     * updates resourceACLs to permanent storage. currently not implemented for
+     * this authzMgr
      */
     protected void flushResourceACLs() throws EACLsException {
         log(ILogger.LL_FAILURE, "flushResourceACL() is not implemented");
@@ -198,7 +200,7 @@ public class BasicAclAuthz extends AAclAuthz
     }
 
     /**
-     * graceful shutdown 
+     * graceful shutdown
      */
     public void shutdown() {
         log(ILogger.LL_INFO, "shutting down");
@@ -206,6 +208,7 @@ public class BasicAclAuthz extends AAclAuthz
 
     /**
      * Logs a message for this class in the system log file.
+     * 
      * @param level The log level.
      * @param msg The message to log.
      * @see com.netscape.certsrv.logging.ILogger
@@ -214,6 +217,6 @@ public class BasicAclAuthz extends AAclAuthz
         if (mLogger == null)
             return;
         mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_AUTHORIZATION,
-            level, msg);
+                level, msg);
     }
 }
diff --git a/pki/base/common/src/com/netscape/cms/authorization/DirAclAuthz.java b/pki/base/common/src/com/netscape/cms/authorization/DirAclAuthz.java
index 820bf97b..0938b498 100644
--- a/pki/base/common/src/com/netscape/cms/authorization/DirAclAuthz.java
+++ b/pki/base/common/src/com/netscape/cms/authorization/DirAclAuthz.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.authorization;
 
-
 import java.util.Enumeration;
 
 import netscape.ldap.LDAPAttribute;
@@ -44,15 +43,14 @@ import com.netscape.certsrv.ldap.ELdapException;
 import com.netscape.certsrv.ldap.ILdapConnFactory;
 import com.netscape.certsrv.logging.ILogger;
 
-
 /**
- * A class for ldap acls based authorization manager
- * The ldap server used for acls is the cms internal ldap db.
- *
+ * A class for ldap acls based authorization manager The ldap server used for
+ * acls is the cms internal ldap db.
+ * 
  * @version $Revision$, $Date$
  */
 public class DirAclAuthz extends AAclAuthz
-    implements IAuthzManager, IExtendedPluginInfo {
+        implements IAuthzManager, IExtendedPluginInfo {
 
     // members
 
@@ -76,21 +74,21 @@ public class DirAclAuthz extends AAclAuthz
 
     static {
         mExtendedPluginInfo.add("ldap.ldapconn.host;string,required;" +
-            "LDAP host to connect to");
+                "LDAP host to connect to");
         mExtendedPluginInfo.add("ldap.ldapconn.port;number,required;" +
-            "LDAP port number (use 389, or 636 if SSL)");
+                "LDAP port number (use 389, or 636 if SSL)");
         mExtendedPluginInfo.add("ldap.ldapconn.secureConn;boolean;" +
-            "Use SSL to connect to directory?");
+                "Use SSL to connect to directory?");
         mExtendedPluginInfo.add("ldap.ldapconn.version;choice(3,2);" +
-            "LDAP protocol version");
+                "LDAP protocol version");
         mExtendedPluginInfo.add("ldap.basedn;string,required;Base DN to start sarching " +
-            "under. If the ACL's DN is 'cn=resourceACL, o=NetscapeCertificateServer' you " +
-            "might want to use 'o=NetscapeCertificateServer' here");
+                "under. If the ACL's DN is 'cn=resourceACL, o=NetscapeCertificateServer' you " +
+                "might want to use 'o=NetscapeCertificateServer' here");
         mExtendedPluginInfo.add("ldap.minConns;number;number of connections " +
-            "to keep open to directory server. Default 5.");
+                "to keep open to directory server. Default 5.");
         mExtendedPluginInfo.add("ldap.maxConns;number;when needed, connection "
-            +
-            "pool can grow to this many (multiplexed) connections. Default 1000");
+                +
+                "pool can grow to this many (multiplexed) connections. Default 1000");
     }
 
     /**
@@ -98,20 +96,21 @@ public class DirAclAuthz extends AAclAuthz
      */
     public DirAclAuthz() {
 
-        /* Holds configuration parameters accepted by this implementation.
-         * This list is passed to the configuration console so configuration
-         * for instances of this implementation can be configured through the
+        /*
+         * Holds configuration parameters accepted by this implementation. This
+         * list is passed to the configuration console so configuration for
+         * instances of this implementation can be configured through the
          * console.
          */
         mConfigParams =
-                new String[] { 
-                    "ldap.ldapconn.host",
-                    "ldap.ldapconn.port",
-                    "ldap.ldapconn.secureConn",
-                    "ldap.ldapconn.version",
-                    "ldap.basedn",
-                    "ldap.minConns",
-                    "ldap.maxConns",
+                new String[] {
+                        "ldap.ldapconn.host",
+                        "ldap.ldapconn.port",
+                        "ldap.ldapconn.secureConn",
+                        "ldap.ldapconn.version",
+                        "ldap.basedn",
+                        "ldap.minConns",
+                        "ldap.maxConns",
                 };
     }
 
@@ -119,7 +118,7 @@ public class DirAclAuthz extends AAclAuthz
      *
      */
     public void init(String name, String implName, IConfigStore config)
-        throws EBaseException {
+            throws EBaseException {
         mName = name;
         mImplName = implName;
         mConfig = config;
@@ -154,7 +153,7 @@ public class DirAclAuthz extends AAclAuthz
         CMS.debug("DirAclAuthz: about to ldap search aclResources");
         try {
             conn = getConn();
-            LDAPSearchResults res = conn.search(mBaseDN, LDAPv2.SCOPE_SUB, 
+            LDAPSearchResults res = conn.search(mBaseDN, LDAPv2.SCOPE_SUB,
                     "cn=aclResources", null, false);
 
             returnConn(conn);
@@ -165,7 +164,7 @@ public class DirAclAuthz extends AAclAuthz
                 LDAPAttribute aclRes = entry.getAttribute("resourceACLS");
 
                 @SuppressWarnings("unchecked")
-				Enumeration<String> en = (Enumeration<String> )aclRes.getStringValues();
+                Enumeration<String> en = (Enumeration<String>) aclRes.getStringValues();
 
                 for (; en != null && en.hasMoreElements();) {
                     addACLs(en.nextElement());
@@ -200,20 +199,22 @@ public class DirAclAuthz extends AAclAuthz
     }
 
     /**
-     * check the authorization permission for the user associated with
-     * authToken on operation
+     * check the authorization permission for the user associated with authToken
+     * on operation
      * <p>
      * Example:
      * <p>
-     * For example, if UsrGrpAdminServlet needs to authorize the caller
-     * it would do be done in the following fashion:
+     * For example, if UsrGrpAdminServlet needs to authorize the caller it would
+     * do be done in the following fashion:
+     * 
      * <PRE>
-     *   try {
-     *     authzTok = mAuthz.authorize("DirAclAuthz", authToken, RES_GROUP, "read");
-     *   } catch (EBaseException e) {
-     *      log(ILogger.LL_FAILURE, "authorize call: "+ e.toString());
-     *   }
-     * </PRE> 
+     * try {
+     *     authzTok = mAuthz.authorize(&quot;DirAclAuthz&quot;, authToken, RES_GROUP, &quot;read&quot;);
+     * } catch (EBaseException e) {
+     *     log(ILogger.LL_FAILURE, &quot;authorize call: &quot; + e.toString());
+     * }
+     * </PRE>
+     * 
      * @param authToken the authToken associated with a user
      * @param resource - the protected resource name
      * @param operation - the protected resource operation name
@@ -221,7 +222,7 @@ public class DirAclAuthz extends AAclAuthz
      * @return authzToken
      */
     public AuthzToken authorize(IAuthToken authToken, String resource, String operation)
-        throws EAuthzInternalError, EAuthzAccessDenied {
+            throws EAuthzInternalError, EAuthzAccessDenied {
         AuthzToken authzToken = new AuthzToken(this);
 
         try {
@@ -232,42 +233,42 @@ public class DirAclAuthz extends AAclAuthz
             authzToken.set(AuthzToken.TOKEN_AUTHZ_STATUS, AuthzToken.AUTHZ_STATUS_SUCCESS);
             CMS.debug("DirAclAuthz: authorization passed");
         } catch (EACLsException e) {
-            // audit here later 
+            // audit here later
             log(ILogger.LL_FAILURE, CMS.getLogMessage("AUTHZ_EVALUATOR_AUTHORIZATION_FAILED"));
-            String params[] = {resource, operation};
+            String params[] = { resource, operation };
 
             throw new EAuthzAccessDenied(CMS.getUserMessage("CMS_AUTHORIZATION_AUTHZ_ACCESS_DENIED", params));
         }
-		
+
         return authzToken;
     }
 
     public AuthzToken authorize(IAuthToken authToken, String expression)
-      throws EAuthzAccessDenied {
+            throws EAuthzAccessDenied {
         if (evaluateACLs(authToken, expression)) {
             return (new AuthzToken(this));
         } else {
-            String params[] = {expression};
+            String params[] = { expression };
             throw new EAuthzAccessDenied(CMS.getUserMessage("CMS_AUTHORIZATION_AUTHZ_ACCESS_DENIED", params));
         }
     }
 
     /**
-     * update acls.  when memory update is done, flush to ldap.
+     * update acls. when memory update is done, flush to ldap.
      * <p>
-     * Currently, it is possible that when the memory is updated
-     *	 successfully, and the ldap isn't, the memory upates lingers.
-     *	 The result is that the changes will only be done on ldap at the
-     *	 next update, or when the system shuts down, another flush will be
-     *	 attempted.
+     * Currently, it is possible that when the memory is updated successfully,
+     * and the ldap isn't, the memory upates lingers. The result is that the
+     * changes will only be done on ldap at the next update, or when the system
+     * shuts down, another flush will be attempted.
+     * 
      * @param id is the resource id
      * @param rights The allowable rights for this resource
-     * @param strACLs has the same format as a resourceACLs entry acis
-     *	 on the ldap server
+     * @param strACLs has the same format as a resourceACLs entry acis on the
+     *            ldap server
      * @param desc The description for this resource
      */
     public void updateACLs(String id, String rights, String strACLs,
-        String desc) throws EACLsException {
+            String desc) throws EACLsException {
         try {
             super.updateACLs(id, rights, strACLs, desc);
             flushResourceACLs();
@@ -277,7 +278,7 @@ public class DirAclAuthz extends AAclAuthz
             needsFlush = true;
 
             String errMsg = "updateACLs: failed to flushResourceACLs(): "
-                + ex.toString();
+                    + ex.toString();
 
             log(ILogger.LL_FAILURE, CMS.getLogMessage("AUTHZ_EVALUATOR_FLUSH_RESOURCES", ex.toString()));
 
@@ -335,7 +336,7 @@ public class DirAclAuthz extends AAclAuthz
     }
 
     /**
-     * graceful shutdown 
+     * graceful shutdown
      */
     public void shutdown() {
         if (needsFlush) {
@@ -351,13 +352,14 @@ public class DirAclAuthz extends AAclAuthz
         try {
             mLdapConnFactory.reset();
             mLdapConnFactory = null;
-        } catch (ELdapException e) { 
+        } catch (ELdapException e) {
             log(ILogger.LL_FAILURE, CMS.getLogMessage("AUTHZ_EVALUATOR_LDAP_ERROR", e.toString()));
         }
     }
 
     /**
      * Logs a message for this class in the system log file.
+     * 
      * @param level The log level.
      * @param msg The message to log.
      * @see com.netscape.certsrv.logging.ILogger
@@ -366,6 +368,6 @@ public class DirAclAuthz extends AAclAuthz
         if (mLogger == null)
             return;
         mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_AUTHORIZATION,
-            level, msg);
+                level, msg);
     }
 }
diff --git a/pki/base/common/src/com/netscape/cms/crl/CMSAuthInfoAccessExtension.java b/pki/base/common/src/com/netscape/cms/crl/CMSAuthInfoAccessExtension.java
index 6fe802e7..19b6180d 100644
--- a/pki/base/common/src/com/netscape/cms/crl/CMSAuthInfoAccessExtension.java
+++ b/pki/base/common/src/com/netscape/cms/crl/CMSAuthInfoAccessExtension.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.crl;
 
-
 import java.io.IOException;
 import java.util.Locale;
 
@@ -38,14 +37,13 @@ import com.netscape.certsrv.ca.ICRLIssuingPoint;
 import com.netscape.certsrv.common.NameValuePairs;
 import com.netscape.certsrv.logging.ILogger;
 
-
 /**
  * This represents a Authority Information Access CRL extension.
- *
+ * 
  * @version $Revision$, $Date$
  */
 public class CMSAuthInfoAccessExtension
-    implements ICMSCRLExtension, IExtendedPluginInfo {
+        implements ICMSCRLExtension, IExtendedPluginInfo {
     public static final String PROP_NUM_ADS = "numberOfAccessDescriptions";
     public static final String PROP_ACCESS_METHOD = "accessMethod";
     public static final String PROP_ACCESS_LOCATION_TYPE = "accessLocationType";
@@ -62,7 +60,7 @@ public class CMSAuthInfoAccessExtension
     }
 
     public Extension setCRLExtensionCriticality(Extension ext,
-        boolean critical) {
+            boolean critical) {
         AuthInfoAccessExtension authInfoAccessExt = (AuthInfoAccessExtension) ext;
 
         authInfoAccessExt.setCritical(critical);
@@ -71,7 +69,7 @@ public class CMSAuthInfoAccessExtension
     }
 
     public Extension getCRLExtension(IConfigStore config, Object ip,
-        boolean critical) {
+            boolean critical) {
         ICRLIssuingPoint crlIssuingPoint = (ICRLIssuingPoint) ip;
         AuthInfoAccessExtension authInfoAccessExt = new AuthInfoAccessExtension(critical);
 
@@ -138,7 +136,7 @@ public class CMSAuthInfoAccessExtension
                     String hostname = CMS.getEENonSSLHost();
                     String port = CMS.getEENonSSLPort();
                     if (hostname != null && port != null) {
-                        accessLocation = "http://"+hostname+":"+port+"/ca/ee/ca/getCAChain?op=downloadBIN";
+                        accessLocation = "http://" + hostname + ":" + port + "/ca/ee/ca/getCAChain?op=downloadBIN";
                     }
                     URIName uriName = new URIName(accessLocation);
                     authInfoAccessExt.addAccessDescription(AuthInfoAccessExtension.METHOD_CA_ISSUERS, new GeneralName(uriName));
@@ -211,7 +209,7 @@ public class CMSAuthInfoAccessExtension
                 String hostname = CMS.getEENonSSLHost();
                 String port = CMS.getEENonSSLPort();
                 if (hostname != null && port != null) {
-                    accessLocation = "http://"+hostname+":"+port+"/ca/ee/ca/getCAChain?op=downloadBIN";
+                    accessLocation = "http://" + hostname + ":" + port + "/ca/ee/ca/getCAChain?op=downloadBIN";
                 }
                 nvp.add(PROP_ACCESS_LOCATION + i, accessLocation);
             }
@@ -224,32 +222,32 @@ public class CMSAuthInfoAccessExtension
                 "critical;boolean;Set criticality for Authority Information Access extension.",
                 PROP_NUM_ADS + ";number;Set number of Access Descriptions.",
                 PROP_ACCESS_METHOD + "0;choice(" + PROP_ACCESS_METHOD_CAISSUERS + "," +
-                PROP_ACCESS_METHOD_OCSP +");Select access description method.",
+                        PROP_ACCESS_METHOD_OCSP + ");Select access description method.",
                 PROP_ACCESS_LOCATION_TYPE + "0;choice(" + PROP_URINAME + "," +
-                PROP_DIRNAME + ");Select access location type.",
+                        PROP_DIRNAME + ");Select access location type.",
                 PROP_ACCESS_LOCATION + "0;string;Enter access location " +
-                "corresponding to the selected access location type.",
+                        "corresponding to the selected access location type.",
                 IExtendedPluginInfo.HELP_TOKEN +
-                ";configuration-ca-edit-crlextension-authorityinformationaccess",
+                        ";configuration-ca-edit-crlextension-authorityinformationaccess",
                 PROP_ACCESS_METHOD + "1;choice(" + PROP_ACCESS_METHOD_CAISSUERS + "," +
-                PROP_ACCESS_METHOD_OCSP +");Select access description method.",
+                        PROP_ACCESS_METHOD_OCSP + ");Select access description method.",
                 PROP_ACCESS_LOCATION_TYPE + "1;choice(" + PROP_URINAME + "," +
-                PROP_DIRNAME + ");Select access location type.",
+                        PROP_DIRNAME + ");Select access location type.",
                 PROP_ACCESS_LOCATION + "1;string;Enter access location " +
-                "corresponding to the selected access location type.",
+                        "corresponding to the selected access location type.",
                 IExtendedPluginInfo.HELP_TOKEN +
-                ";configuration-ca-edit-crlextension-authorityinformationaccess",
+                        ";configuration-ca-edit-crlextension-authorityinformationaccess",
                 PROP_ACCESS_METHOD + "2;choice(" + PROP_ACCESS_METHOD_CAISSUERS + "," +
-                PROP_ACCESS_METHOD_OCSP +");Select access description method.",
+                        PROP_ACCESS_METHOD_OCSP + ");Select access description method.",
                 PROP_ACCESS_LOCATION_TYPE + "2;choice(" + PROP_URINAME + "," +
-                PROP_DIRNAME + ");Select access location type.",
+                        PROP_DIRNAME + ");Select access location type.",
                 PROP_ACCESS_LOCATION + "2;string;Enter access location " +
-                "corresponding to the selected access location type.",
+                        "corresponding to the selected access location type.",
                 IExtendedPluginInfo.HELP_TOKEN +
-                ";configuration-ca-edit-crlextension-authorityinformationaccess",
+                        ";configuration-ca-edit-crlextension-authorityinformationaccess",
                 IExtendedPluginInfo.HELP_TEXT +
-                ";The Freshest CRL is a non critical CRL extension " +
-                "that identifies the delta CRL distribution points for a particular CRL."
+                        ";The Freshest CRL is a non critical CRL extension " +
+                        "that identifies the delta CRL distribution points for a particular CRL."
             };
 
         return params;
@@ -257,6 +255,6 @@ public class CMSAuthInfoAccessExtension
 
     private void log(int level, String msg) {
         mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_CA, level,
-            "CMSAuthInfoAccessExtension - " + msg);
+                "CMSAuthInfoAccessExtension - " + msg);
     }
-} 
+}
diff --git a/pki/base/common/src/com/netscape/cms/crl/CMSAuthorityKeyIdentifierExtension.java b/pki/base/common/src/com/netscape/cms/crl/CMSAuthorityKeyIdentifierExtension.java
index 4cdb0bdc..4981702a 100644
--- a/pki/base/common/src/com/netscape/cms/crl/CMSAuthorityKeyIdentifierExtension.java
+++ b/pki/base/common/src/com/netscape/cms/crl/CMSAuthorityKeyIdentifierExtension.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.crl;
 
-
 import java.io.IOException;
 import java.security.cert.CertificateException;
 import java.security.cert.CertificateParsingException;
@@ -43,21 +42,20 @@ import com.netscape.certsrv.ca.ICertificateAuthority;
 import com.netscape.certsrv.common.NameValuePairs;
 import com.netscape.certsrv.logging.ILogger;
 
-
 /**
  * This represents an authority key identifier extension.
- *
+ * 
  * @version $Revision$, $Date$
  */
 public class CMSAuthorityKeyIdentifierExtension
-    implements ICMSCRLExtension, IExtendedPluginInfo {
+        implements ICMSCRLExtension, IExtendedPluginInfo {
     private ILogger mLogger = CMS.getLogger();
 
     public CMSAuthorityKeyIdentifierExtension() {
     }
 
     public Extension setCRLExtensionCriticality(Extension ext,
-        boolean critical) {
+            boolean critical) {
         AuthorityKeyIdentifierExtension authKeyIdExt = null;
         KeyIdentifier keyId = null;
         GeneralNames names = null;
@@ -78,8 +76,8 @@ public class CMSAuthorityKeyIdentifierExtension
     }
 
     public Extension getCRLExtension(IConfigStore config,
-        Object ip,
-        boolean critical) {
+            Object ip,
+            boolean critical) {
         AuthorityKeyIdentifierExtension authKeyIdExt = null;
         ICRLIssuingPoint crlIssuingPoint = (ICRLIssuingPoint) ip;
 
@@ -88,12 +86,12 @@ public class CMSAuthorityKeyIdentifierExtension
 
             try {
                 X509CertInfo info = (X509CertInfo)
-                    ((ICertificateAuthority) crlIssuingPoint.getCertificateAuthority()).getCACert().get(
-                        X509CertImpl.NAME + "." + X509CertImpl.INFO);
+                        ((ICertificateAuthority) crlIssuingPoint.getCertificateAuthority()).getCACert().get(
+                                X509CertImpl.NAME + "." + X509CertImpl.INFO);
 
                 if (info != null) {
-                    CertificateExtensions caCertExtensions = (CertificateExtensions) 
-                        info.get(X509CertInfo.EXTENSIONS);
+                    CertificateExtensions caCertExtensions = (CertificateExtensions)
+                            info.get(X509CertInfo.EXTENSIONS);
 
                     if (caCertExtensions != null) {
                         for (int i = 0; i < caCertExtensions.size(); i++) {
@@ -101,7 +99,7 @@ public class CMSAuthorityKeyIdentifierExtension
 
                             if (caCertExt instanceof SubjectKeyIdentifierExtension) {
                                 SubjectKeyIdentifierExtension id =
-                                    (SubjectKeyIdentifierExtension) caCertExt;
+                                        (SubjectKeyIdentifierExtension) caCertExt;
 
                                 keyId = (KeyIdentifier)
                                         id.get(SubjectKeyIdentifierExtension.KEY_ID);
@@ -143,16 +141,16 @@ public class CMSAuthorityKeyIdentifierExtension
 
     public String[] getExtendedPluginInfo(Locale locale) {
         String[] params = {
-                //"type;choice(CRLExtension,CRLEntryExtension);CRL Extension Type. "+
-                //"This field is not editable.",
+                // "type;choice(CRLExtension,CRLEntryExtension);CRL Extension Type. "+
+                // "This field is not editable.",
                 "enable;boolean;Check to enable Authority Key Identifier CRL extension.",
                 "critical;boolean;Set criticality for Authority Key Identifier CRL extension.",
                 IExtendedPluginInfo.HELP_TOKEN +
-                ";configuration-ca-edit-crlextension-authoritykeyidentifier",
+                        ";configuration-ca-edit-crlextension-authoritykeyidentifier",
                 IExtendedPluginInfo.HELP_TEXT +
-                ";The authority key identifier extension provides a means " +
-                "of identifying the public key corresponding to the private " +
-                "key used to sign a CRL."
+                        ";The authority key identifier extension provides a means " +
+                        "of identifying the public key corresponding to the private " +
+                        "key used to sign a CRL."
             };
 
         return params;
@@ -160,6 +158,6 @@ public class CMSAuthorityKeyIdentifierExtension
 
     private void log(int level, String msg) {
         mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_CA, level,
-            "CMSAuthorityKeyIdentifierExtension - " + msg);
+                "CMSAuthorityKeyIdentifierExtension - " + msg);
     }
-} 
+}
diff --git a/pki/base/common/src/com/netscape/cms/crl/CMSCRLNumberExtension.java b/pki/base/common/src/com/netscape/cms/crl/CMSCRLNumberExtension.java
index e4bb4cb6..958a4d56 100644
--- a/pki/base/common/src/com/netscape/cms/crl/CMSCRLNumberExtension.java
+++ b/pki/base/common/src/com/netscape/cms/crl/CMSCRLNumberExtension.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.crl;
 
-
 import java.io.IOException;
 import java.math.BigInteger;
 import java.util.Locale;
@@ -34,21 +33,20 @@ import com.netscape.certsrv.ca.ICRLIssuingPoint;
 import com.netscape.certsrv.common.NameValuePairs;
 import com.netscape.certsrv.logging.ILogger;
 
-
 /**
  * This represents a CRL number extension.
- *
+ * 
  * @version $Revision$, $Date$
  */
 public class CMSCRLNumberExtension
-    implements ICMSCRLExtension, IExtendedPluginInfo {
+        implements ICMSCRLExtension, IExtendedPluginInfo {
     private ILogger mLogger = CMS.getLogger();
 
     public CMSCRLNumberExtension() {
     }
 
     public Extension setCRLExtensionCriticality(Extension ext,
-        boolean critical) {
+            boolean critical) {
         BigInteger crlNumber = null;
         CRLNumberExtension crlNumberExt = null;
 
@@ -64,8 +62,8 @@ public class CMSCRLNumberExtension
     }
 
     public Extension getCRLExtension(IConfigStore config,
-        Object ip,
-        boolean critical) {
+            Object ip,
+            boolean critical) {
         CRLNumberExtension crlNumberExt = null;
         ICRLIssuingPoint crlIssuingPoint = (ICRLIssuingPoint) ip;
 
@@ -87,16 +85,16 @@ public class CMSCRLNumberExtension
 
     public String[] getExtendedPluginInfo(Locale locale) {
         String[] params = {
-                //"type;choice(CRLExtension,CRLEntryExtension);"+
-                //"CRL Extension type. This field is not editable.",
+                // "type;choice(CRLExtension,CRLEntryExtension);"+
+                // "CRL Extension type. This field is not editable.",
                 "enable;boolean;Check to enable CRL Number extension.",
                 "critical;boolean;Set criticality for CRL Number extension.",
                 IExtendedPluginInfo.HELP_TOKEN +
-                ";configuration-ca-edit-crlextension-crlnumber",
+                        ";configuration-ca-edit-crlextension-crlnumber",
                 IExtendedPluginInfo.HELP_TEXT +
-                ";The CRL number is a non-critical CRL extension " +
-                "which conveys a monotonically increasing sequence number " +
-                "for each CRL issued by a CA"
+                        ";The CRL number is a non-critical CRL extension " +
+                        "which conveys a monotonically increasing sequence number " +
+                        "for each CRL issued by a CA"
             };
 
         return params;
@@ -104,6 +102,6 @@ public class CMSCRLNumberExtension
 
     private void log(int level, String msg) {
         mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_CA, level,
-            "CMSCRLNumberExtension - " + msg);
+                "CMSCRLNumberExtension - " + msg);
     }
-} 
+}
diff --git a/pki/base/common/src/com/netscape/cms/crl/CMSCRLReasonExtension.java b/pki/base/common/src/com/netscape/cms/crl/CMSCRLReasonExtension.java
index 245428a6..614d672d 100644
--- a/pki/base/common/src/com/netscape/cms/crl/CMSCRLReasonExtension.java
+++ b/pki/base/common/src/com/netscape/cms/crl/CMSCRLReasonExtension.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.crl;
 
-
 import java.io.IOException;
 import java.util.Locale;
 
@@ -33,21 +32,20 @@ import com.netscape.certsrv.ca.ICMSCRLExtension;
 import com.netscape.certsrv.common.NameValuePairs;
 import com.netscape.certsrv.logging.ILogger;
 
-
 /**
  * This represents a CRL reason extension.
- *
+ * 
  * @version $Revision$, $Date$
  */
 public class CMSCRLReasonExtension
-    implements ICMSCRLExtension, IExtendedPluginInfo {
+        implements ICMSCRLExtension, IExtendedPluginInfo {
     private ILogger mLogger = CMS.getLogger();
 
     public CMSCRLReasonExtension() {
     }
 
     public Extension setCRLExtensionCriticality(Extension ext,
-        boolean critical) {
+            boolean critical) {
         RevocationReason reason = null;
         CRLReasonExtension crlReasonExt = null;
 
@@ -61,8 +59,8 @@ public class CMSCRLReasonExtension
     }
 
     public Extension getCRLExtension(IConfigStore config,
-        Object crlIssuingPoint,
-        boolean critical) {
+            Object crlIssuingPoint,
+            boolean critical) {
         CRLReasonExtension crlReasonExt = null;
 
         return crlReasonExt;
@@ -77,15 +75,15 @@ public class CMSCRLReasonExtension
 
     public String[] getExtendedPluginInfo(Locale locale) {
         String[] params = {
-                //"type;choice(CRLExtension,CRLEntryExtension);"+
-                //"CRL Entry Extension type. This field is not editable.",
+                // "type;choice(CRLExtension,CRLEntryExtension);"+
+                // "CRL Entry Extension type. This field is not editable.",
                 "enable;boolean;Check to enable reason code CRL entry extension.",
                 "critical;boolean;Set criticality for reason code CRL entry extension.",
                 IExtendedPluginInfo.HELP_TOKEN +
-                ";configuration-ca-edit-crlextension-crlreason",
+                        ";configuration-ca-edit-crlextension-crlreason",
                 IExtendedPluginInfo.HELP_TEXT +
-                ";The CRL reason code is a non-critical CRL entry extension " +
-                "that identifies the reason for the certificate revocation."
+                        ";The CRL reason code is a non-critical CRL entry extension " +
+                        "that identifies the reason for the certificate revocation."
             };
 
         return params;
@@ -93,6 +91,6 @@ public class CMSCRLReasonExtension
 
     private void log(int level, String msg) {
         mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_CA, level,
-            "CMSCRLReasonExtension - " + msg);
+                "CMSCRLReasonExtension - " + msg);
     }
-} 
+}
diff --git a/pki/base/common/src/com/netscape/cms/crl/CMSCertificateIssuerExtension.java b/pki/base/common/src/com/netscape/cms/crl/CMSCertificateIssuerExtension.java
index 601e15d2..4d8fc8b9 100644
--- a/pki/base/common/src/com/netscape/cms/crl/CMSCertificateIssuerExtension.java
+++ b/pki/base/common/src/com/netscape/cms/crl/CMSCertificateIssuerExtension.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.crl;
 
-
 import java.io.IOException;
 import java.util.Locale;
 
@@ -40,18 +39,18 @@ import com.netscape.certsrv.logging.ILogger;
 
 /**
  * This represents a certificate issuer extension.
- *
+ * 
  * @version $Revision$, $Date$
  */
 public class CMSCertificateIssuerExtension
-    implements ICMSCRLExtension, IExtendedPluginInfo {
+        implements ICMSCRLExtension, IExtendedPluginInfo {
     private ILogger mLogger = CMS.getLogger();
 
     public CMSCertificateIssuerExtension() {
     }
 
     public Extension setCRLExtensionCriticality(Extension ext,
-        boolean critical) {
+            boolean critical) {
         CertificateIssuerExtension certIssuerExt = null;
         GeneralNames names = null;
 
@@ -67,8 +66,8 @@ public class CMSCertificateIssuerExtension
     }
 
     public Extension getCRLExtension(IConfigStore config,
-        Object ip,
-        boolean critical) {
+            Object ip,
+            boolean critical) {
         CertificateIssuerExtension certIssuerExt = null;
         int numNames = 0;
 
@@ -195,8 +194,8 @@ public class CMSCertificateIssuerExtension
 
     public String[] getExtendedPluginInfo(Locale locale) {
         String[] params = {
-                //"type;choice(CRLExtension,CRLEntryExtension);CRL Entry Extension type."+
-                //" This field is not editable.",
+                // "type;choice(CRLExtension,CRLEntryExtension);CRL Entry Extension type."+
+                // " This field is not editable.",
                 "enable;boolean;Check to enable Certificate Issuer CRL entry extension.",
                 "critical;boolean;Set criticality for Certificate Issuer CRL entry extension.",
                 "numNames;number;Set number of certificate issuer names for the CRL entry.",
@@ -207,10 +206,10 @@ public class CMSCertificateIssuerExtension
                 "nameType2;choice(DirectoryName,URI);Select Certificate Issuer name type.",
                 "name2;string;Enter Certificate Issuer name corresponding to the selected name type.",
                 IExtendedPluginInfo.HELP_TOKEN +
-                ";configuration-ca-edit-crlextension-certificateissuer",
+                        ";configuration-ca-edit-crlextension-certificateissuer",
                 IExtendedPluginInfo.HELP_TEXT +
-                ";This CRL entry extension identifies the certificate issuer" +
-                " associated with an entry in an indirect CRL."
+                        ";This CRL entry extension identifies the certificate issuer" +
+                        " associated with an entry in an indirect CRL."
             };
 
         return params;
@@ -219,4 +218,4 @@ public class CMSCertificateIssuerExtension
     private void log(int level, String msg) {
         mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_CA, level, msg);
     }
-} 
+}
diff --git a/pki/base/common/src/com/netscape/cms/crl/CMSDeltaCRLIndicatorExtension.java b/pki/base/common/src/com/netscape/cms/crl/CMSDeltaCRLIndicatorExtension.java
index 35d21e5c..e3290c34 100644
--- a/pki/base/common/src/com/netscape/cms/crl/CMSDeltaCRLIndicatorExtension.java
+++ b/pki/base/common/src/com/netscape/cms/crl/CMSDeltaCRLIndicatorExtension.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.crl;
 
-
 import java.io.IOException;
 import java.math.BigInteger;
 import java.util.Locale;
@@ -34,21 +33,20 @@ import com.netscape.certsrv.ca.ICRLIssuingPoint;
 import com.netscape.certsrv.common.NameValuePairs;
 import com.netscape.certsrv.logging.ILogger;
 
-
 /**
  * This represents a delta CRL indicator extension.
- *
+ * 
  * @version $Revision$, $Date$
  */
 public class CMSDeltaCRLIndicatorExtension
-    implements ICMSCRLExtension, IExtendedPluginInfo {
+        implements ICMSCRLExtension, IExtendedPluginInfo {
     private ILogger mLogger = CMS.getLogger();
 
     public CMSDeltaCRLIndicatorExtension() {
     }
 
     public Extension setCRLExtensionCriticality(Extension ext,
-        boolean critical) {
+            boolean critical) {
         BigInteger baseCRLNumber = null;
         DeltaCRLIndicatorExtension deltaCRLIndicatorExt = null;
 
@@ -65,8 +63,8 @@ public class CMSDeltaCRLIndicatorExtension
     }
 
     public Extension getCRLExtension(IConfigStore config,
-        Object ip,
-        boolean critical) {
+            Object ip,
+            boolean critical) {
         DeltaCRLIndicatorExtension deltaCRLIndicatorExt = null;
         ICRLIssuingPoint crlIssuingPoint = (ICRLIssuingPoint) ip;
 
@@ -89,15 +87,15 @@ public class CMSDeltaCRLIndicatorExtension
 
     public String[] getExtendedPluginInfo(Locale locale) {
         String[] params = {
-                //"type;choice(CRLExtension,CRLEntryExtension);"+
-                //"CRL Extension type. This field is not editable.",
+                // "type;choice(CRLExtension,CRLEntryExtension);"+
+                // "CRL Extension type. This field is not editable.",
                 "enable;boolean;Check to enable Delta CRL Indicator extension.",
                 "critical;boolean;Set criticality for Delta CRL Indicator extension.",
                 IExtendedPluginInfo.HELP_TOKEN +
-                ";configuration-ca-edit-crlextension-crlnumber",
+                        ";configuration-ca-edit-crlextension-crlnumber",
                 IExtendedPluginInfo.HELP_TEXT +
-                ";The Delta CRL Indicator is a critical CRL extension " +
-                "which identifies a delta-CRL."
+                        ";The Delta CRL Indicator is a critical CRL extension " +
+                        "which identifies a delta-CRL."
             };
 
         return params;
@@ -105,7 +103,6 @@ public class CMSDeltaCRLIndicatorExtension
 
     private void log(int level, String msg) {
         mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_CA, level,
-            "CMSDeltaCRLIndicatorExtension - " + msg);
+                "CMSDeltaCRLIndicatorExtension - " + msg);
     }
 }
-
diff --git a/pki/base/common/src/com/netscape/cms/crl/CMSFreshestCRLExtension.java b/pki/base/common/src/com/netscape/cms/crl/CMSFreshestCRLExtension.java
index 86bdd05e..38eb7a1c 100644
--- a/pki/base/common/src/com/netscape/cms/crl/CMSFreshestCRLExtension.java
+++ b/pki/base/common/src/com/netscape/cms/crl/CMSFreshestCRLExtension.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.crl;
 
-
 import java.io.IOException;
 import java.util.Locale;
 
@@ -40,14 +39,13 @@ import com.netscape.certsrv.ca.ICRLIssuingPoint;
 import com.netscape.certsrv.common.NameValuePairs;
 import com.netscape.certsrv.logging.ILogger;
 
-
 /**
  * This represents a freshest CRL extension.
- *
+ * 
  * @version $Revision$, $Date$
  */
 public class CMSFreshestCRLExtension
-    implements ICMSCRLExtension, IExtendedPluginInfo {
+        implements ICMSCRLExtension, IExtendedPluginInfo {
     public static final String PROP_NUM_POINTS = "numPoints";
     public static final String PROP_POINTTYPE = "pointType";
     public static final String PROP_POINTNAME = "pointName";
@@ -60,7 +58,7 @@ public class CMSFreshestCRLExtension
     }
 
     public Extension setCRLExtensionCriticality(Extension ext,
-        boolean critical) {
+            boolean critical) {
         FreshestCRLExtension freshestCRLExt = (FreshestCRLExtension) ext;
 
         freshestCRLExt.setCritical(critical);
@@ -69,7 +67,7 @@ public class CMSFreshestCRLExtension
     }
 
     public Extension getCRLExtension(IConfigStore config, Object ip,
-        boolean critical) {
+            boolean critical) {
         ICRLIssuingPoint crlIssuingPoint = (ICRLIssuingPoint) ip;
         FreshestCRLExtension freshestCRLExt = null;
 
@@ -159,7 +157,7 @@ public class CMSFreshestCRLExtension
             numPoints = config.getInteger(PROP_NUM_POINTS, 0);
         } catch (EBaseException e) {
             log(ILogger.LL_FAILURE, "Invalid numPoints property for CRL " +
-                "Freshest CRL extension - " + e);
+                    "Freshest CRL extension - " + e);
         }
         nvp.add(PROP_NUM_POINTS, String.valueOf(numPoints));
 
@@ -204,26 +202,26 @@ public class CMSFreshestCRLExtension
                 "critical;boolean;Set criticality for Freshest CRL extension.",
                 PROP_NUM_POINTS + ";number;Set number of CRL distribution points.",
                 PROP_POINTTYPE + "0;choice(" + PROP_DIRNAME + "," + PROP_URINAME +
-                ");Select CRL distribution point name type.",
+                        ");Select CRL distribution point name type.",
                 PROP_POINTNAME + "0;string;Enter CRL distribution point name " +
-                "corresponding to the selected point type.",
+                        "corresponding to the selected point type.",
                 IExtendedPluginInfo.HELP_TOKEN +
-                ";configuration-ca-edit-crlextension-issuingdistributionpoint",
+                        ";configuration-ca-edit-crlextension-issuingdistributionpoint",
                 PROP_POINTTYPE + "1;choice(" + PROP_DIRNAME + "," + PROP_URINAME +
-                ");Select CRL distribution point name type.",
+                        ");Select CRL distribution point name type.",
                 PROP_POINTNAME + "1;string;Enter CRL distribution point name " +
-                "corresponding to the selected point type.",
+                        "corresponding to the selected point type.",
                 IExtendedPluginInfo.HELP_TOKEN +
-                ";configuration-ca-edit-crlextension-issuingdistributionpoint",
+                        ";configuration-ca-edit-crlextension-issuingdistributionpoint",
                 PROP_POINTTYPE + "2;choice(" + PROP_DIRNAME + "," + PROP_URINAME +
-                ");Select CRL distribution point name type.",
+                        ");Select CRL distribution point name type.",
                 PROP_POINTNAME + "2;string;Enter CRL distribution point name " +
-                "corresponding to the selected point type.",
+                        "corresponding to the selected point type.",
                 IExtendedPluginInfo.HELP_TOKEN +
-                ";configuration-ca-edit-crlextension-issuingdistributionpoint",
+                        ";configuration-ca-edit-crlextension-issuingdistributionpoint",
                 IExtendedPluginInfo.HELP_TEXT +
-                ";The Freshest CRL is a non critical CRL extension " +
-                "that identifies the delta CRL distribution points for a particular CRL."
+                        ";The Freshest CRL is a non critical CRL extension " +
+                        "that identifies the delta CRL distribution points for a particular CRL."
             };
 
         return params;
@@ -231,6 +229,6 @@ public class CMSFreshestCRLExtension
 
     private void log(int level, String msg) {
         mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_CA, level,
-            "CMSFreshestCRLExtension - " + msg);
+                "CMSFreshestCRLExtension - " + msg);
     }
-} 
+}
diff --git a/pki/base/common/src/com/netscape/cms/crl/CMSHoldInstructionExtension.java b/pki/base/common/src/com/netscape/cms/crl/CMSHoldInstructionExtension.java
index e0e39b8a..04e5468d 100644
--- a/pki/base/common/src/com/netscape/cms/crl/CMSHoldInstructionExtension.java
+++ b/pki/base/common/src/com/netscape/cms/crl/CMSHoldInstructionExtension.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.crl;
 
-
 import java.io.IOException;
 import java.util.Locale;
 
@@ -36,14 +35,13 @@ import com.netscape.certsrv.ca.ICRLIssuingPoint;
 import com.netscape.certsrv.common.NameValuePairs;
 import com.netscape.certsrv.logging.ILogger;
 
-
 /**
  * This represents a hold instruction extension.
- *
+ * 
  * @version $Revision$, $Date$
  */
 public class CMSHoldInstructionExtension
-    implements ICMSCRLExtension, IExtendedPluginInfo {
+        implements ICMSCRLExtension, IExtendedPluginInfo {
     public static final String PROP_INSTR = "instruction";
     public static final String PROP_INSTR_NONE = "none";
     public static final String PROP_INSTR_CALLISSUER = "callissuer";
@@ -55,12 +53,12 @@ public class CMSHoldInstructionExtension
     }
 
     public Extension setCRLExtensionCriticality(Extension ext,
-        boolean critical) {
+            boolean critical) {
         HoldInstructionExtension holdInstrExt = null;
 
         try {
             ObjectIdentifier holdInstr =
-                ((HoldInstructionExtension) ext).getHoldInstructionCode();
+                    ((HoldInstructionExtension) ext).getHoldInstructionCode();
 
             holdInstrExt = new HoldInstructionExtension(Boolean.valueOf(critical),
                         holdInstr);
@@ -71,8 +69,8 @@ public class CMSHoldInstructionExtension
     }
 
     public Extension getCRLExtension(IConfigStore config,
-        Object ip,
-        boolean critical) {
+            Object ip,
+            boolean critical) {
         HoldInstructionExtension holdInstrExt = null;
         String instruction = null;
 
@@ -121,8 +119,7 @@ public class CMSHoldInstructionExtension
         }
         if (instruction != null) {
             if (!(instruction.equalsIgnoreCase(PROP_INSTR_NONE) ||
-                    instruction.equalsIgnoreCase(PROP_INSTR_CALLISSUER) ||
-                    instruction.equalsIgnoreCase(PROP_INSTR_REJECT))) {
+                    instruction.equalsIgnoreCase(PROP_INSTR_CALLISSUER) || instruction.equalsIgnoreCase(PROP_INSTR_REJECT))) {
                 instruction = PROP_INSTR_NONE;
             }
         } else {
@@ -133,19 +130,19 @@ public class CMSHoldInstructionExtension
 
     public String[] getExtendedPluginInfo(Locale locale) {
         String[] params = {
-                //"type;choice(CRLExtension,CRLEntryExtension);"+
-                //"CRL Entry Extension type. This field is not editable.",
+                // "type;choice(CRLExtension,CRLEntryExtension);"+
+                // "CRL Entry Extension type. This field is not editable.",
                 "enable;boolean;Check to enable Hold Instruction CRL entry extension.",
                 "critical;boolean;Set criticality for Hold Instruction CRL entry extension.",
                 PROP_INSTR + ";choice(" + PROP_INSTR_NONE + "," + PROP_INSTR_CALLISSUER + "," +
-                PROP_INSTR_REJECT + ");Select hold instruction code.",
+                        PROP_INSTR_REJECT + ");Select hold instruction code.",
                 IExtendedPluginInfo.HELP_TOKEN +
-                ";configuration-ca-edit-crlextension-holdinstruction",
+                        ";configuration-ca-edit-crlextension-holdinstruction",
                 IExtendedPluginInfo.HELP_TEXT +
-                ";The hold instruction code is a non-critical CRL entry " +
-                "extension that provides a registered instruction identifier " +
-                "which indicates the action to be taken after encountering " +
-                "a certificate that has been placed on hold."
+                        ";The hold instruction code is a non-critical CRL entry " +
+                        "extension that provides a registered instruction identifier " +
+                        "which indicates the action to be taken after encountering " +
+                        "a certificate that has been placed on hold."
             };
 
         return params;
@@ -153,6 +150,6 @@ public class CMSHoldInstructionExtension
 
     private void log(int level, String msg) {
         mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_CA, level,
-            "CMSHoldInstructionExtension - " + msg);
+                "CMSHoldInstructionExtension - " + msg);
     }
-} 
+}
diff --git a/pki/base/common/src/com/netscape/cms/crl/CMSInvalidityDateExtension.java b/pki/base/common/src/com/netscape/cms/crl/CMSInvalidityDateExtension.java
index c0c62244..2f885262 100644
--- a/pki/base/common/src/com/netscape/cms/crl/CMSInvalidityDateExtension.java
+++ b/pki/base/common/src/com/netscape/cms/crl/CMSInvalidityDateExtension.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.crl;
 
-
 import java.io.IOException;
 import java.util.Date;
 import java.util.Locale;
@@ -33,21 +32,20 @@ import com.netscape.certsrv.ca.ICMSCRLExtension;
 import com.netscape.certsrv.common.NameValuePairs;
 import com.netscape.certsrv.logging.ILogger;
 
-
 /**
  * This represents a invalidity date extension.
- *
+ * 
  * @version $Revision$, $Date$
  */
 public class CMSInvalidityDateExtension
-    implements ICMSCRLExtension, IExtendedPluginInfo {
+        implements ICMSCRLExtension, IExtendedPluginInfo {
     private ILogger mLogger = CMS.getLogger();
 
     public CMSInvalidityDateExtension() {
     }
 
     public Extension setCRLExtensionCriticality(Extension ext,
-        boolean critical) {
+            boolean critical) {
         InvalidityDateExtension invalidityDateExt = null;
 
         try {
@@ -62,8 +60,8 @@ public class CMSInvalidityDateExtension
     }
 
     public Extension getCRLExtension(IConfigStore config,
-        Object crlIssuingPoint,
-        boolean critical) {
+            Object crlIssuingPoint,
+            boolean critical) {
         InvalidityDateExtension invalidityDateExt = null;
 
         return invalidityDateExt;
@@ -78,17 +76,17 @@ public class CMSInvalidityDateExtension
 
     public String[] getExtendedPluginInfo(Locale locale) {
         String[] params = {
-                //"type;choice(CRLExtension,CRLEntryExtension);"+
-                //"CRL Entry Extension type. This field is not editable.",
+                // "type;choice(CRLExtension,CRLEntryExtension);"+
+                // "CRL Entry Extension type. This field is not editable.",
                 "enable;boolean;Check to enable Invalidity Date CRL entry extension.",
                 "critical;boolean;Set criticality for Invalidity Date CRL entry extension.",
                 IExtendedPluginInfo.HELP_TOKEN +
-                ";configuration-ca-edit-crlextension-invaliditydate",
+                        ";configuration-ca-edit-crlextension-invaliditydate",
                 IExtendedPluginInfo.HELP_TEXT +
-                ";The invalidity date is a non-critical CRL entry extension " +
-                "that provides the date on which it is known or suspected " +
-                "that the private key was compromised or that the certificate" +
-                " otherwise became invalid."
+                        ";The invalidity date is a non-critical CRL entry extension " +
+                        "that provides the date on which it is known or suspected " +
+                        "that the private key was compromised or that the certificate" +
+                        " otherwise became invalid."
             };
 
         return params;
@@ -96,6 +94,6 @@ public class CMSInvalidityDateExtension
 
     private void log(int level, String msg) {
         mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_CA, level,
-            "CMSInvalidityDateExtension - " + msg);
+                "CMSInvalidityDateExtension - " + msg);
     }
-} 
+}
diff --git a/pki/base/common/src/com/netscape/cms/crl/CMSIssuerAlternativeNameExtension.java b/pki/base/common/src/com/netscape/cms/crl/CMSIssuerAlternativeNameExtension.java
index 9ca9d5d2..428fb447 100644
--- a/pki/base/common/src/com/netscape/cms/crl/CMSIssuerAlternativeNameExtension.java
+++ b/pki/base/common/src/com/netscape/cms/crl/CMSIssuerAlternativeNameExtension.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.crl;
 
-
 import java.io.ByteArrayInputStream;
 import java.io.IOException;
 import java.util.Locale;
@@ -47,14 +46,13 @@ import com.netscape.certsrv.ca.ICRLIssuingPoint;
 import com.netscape.certsrv.common.NameValuePairs;
 import com.netscape.certsrv.logging.ILogger;
 
-
 /**
  * This represents a issuer alternative name extension.
- *
+ * 
  * @version $Revision$, $Date$
  */
 public class CMSIssuerAlternativeNameExtension
-    implements ICMSCRLExtension, IExtendedPluginInfo {
+        implements ICMSCRLExtension, IExtendedPluginInfo {
     private static final String PROP_RFC822_NAME = "rfc822Name";
     private static final String PROP_DNS_NAME = "dNSName";
     private static final String PROP_DIR_NAME = "directoryName";
@@ -70,7 +68,7 @@ public class CMSIssuerAlternativeNameExtension
     }
 
     public Extension setCRLExtensionCriticality(Extension ext,
-        boolean critical) {
+            boolean critical) {
         IssuerAlternativeNameExtension issuerAltNameExt = null;
         GeneralNames names = null;
 
@@ -84,8 +82,8 @@ public class CMSIssuerAlternativeNameExtension
     }
 
     public Extension getCRLExtension(IConfigStore config,
-        Object ip,
-        boolean critical) {
+            Object ip,
+            boolean critical) {
         ICRLIssuingPoint crlIssuingPoint = (ICRLIssuingPoint) ip;
         IssuerAlternativeNameExtension issuerAltNameExt = null;
         int numNames = 0;
@@ -196,7 +194,7 @@ public class CMSIssuerAlternativeNameExtension
             numNames = config.getInteger("numNames", 0);
         } catch (EBaseException e) {
             log(ILogger.LL_FAILURE, "Invalid numNames property for CRL " +
-                "IssuerAlternativeName extension - " + e);
+                    "IssuerAlternativeName extension - " + e);
         }
         nvp.add("numNames", String.valueOf(numNames));
 
@@ -207,10 +205,10 @@ public class CMSIssuerAlternativeNameExtension
                 nameType = config.getString("nameType" + i);
             } catch (EPropertyNotFound e) {
                 log(ILogger.LL_FAILURE, "Undefined nameType" + i + " property for " +
-                    "CRL IssuerAlternativeName extension - " + e);
+                        "CRL IssuerAlternativeName extension - " + e);
             } catch (EBaseException e) {
                 log(ILogger.LL_FAILURE, "Invalid nameType" + i + " property for " +
-                    "CRL IssuerAlternativeName extension - " + e);
+                        "CRL IssuerAlternativeName extension - " + e);
             }
 
             if (nameType != null && nameType.length() > 0) {
@@ -225,10 +223,10 @@ public class CMSIssuerAlternativeNameExtension
                 name = config.getString("name" + i);
             } catch (EPropertyNotFound e) {
                 log(ILogger.LL_FAILURE, "Undefined name" + i + " property for " +
-                    "CRL IssuerAlternativeName extension - " + e);
+                        "CRL IssuerAlternativeName extension - " + e);
             } catch (EBaseException e) {
                 log(ILogger.LL_FAILURE, "Invalid name" + i + " property for " +
-                    "CRL IssuerAlternativeName extension - " + e);
+                        "CRL IssuerAlternativeName extension - " + e);
             }
 
             if (name != null && name.length() > 0) {
@@ -248,28 +246,28 @@ public class CMSIssuerAlternativeNameExtension
 
     public String[] getExtendedPluginInfo(Locale locale) {
         String[] params = {
-                //"type;choice(CRLExtension,CRLEntryExtension);"+
-                //"CRL Extension type. This field is not editable.",
+                // "type;choice(CRLExtension,CRLEntryExtension);"+
+                // "CRL Extension type. This field is not editable.",
                 "enable;boolean;Check to enable Issuer Alternative Name CRL extension.",
                 "critical;boolean;Set criticality for Issuer Alternative Name CRL extension.",
                 "numNames;number;Set number of alternative names for the CRL issuer.",
                 "nameType0;choice(" + PROP_RFC822_NAME + "," + PROP_DIR_NAME + "," + PROP_DNS_NAME + "," +
-                PROP_EDI_NAME + "," + PROP_URI_NAME + "," + PROP_IP_NAME + "," + PROP_OID_NAME + "," +
-                PROP_OTHER_NAME + ");Select Issuer Alternative Name type.",
+                        PROP_EDI_NAME + "," + PROP_URI_NAME + "," + PROP_IP_NAME + "," + PROP_OID_NAME + "," +
+                        PROP_OTHER_NAME + ");Select Issuer Alternative Name type.",
                 "name0;string;Enter Issuer Alternative Name corresponding to the selected name type.",
                 "nameType1;choice(" + PROP_RFC822_NAME + "," + PROP_DIR_NAME + "," + PROP_DNS_NAME + "," +
-                PROP_EDI_NAME + "," + PROP_URI_NAME + "," + PROP_IP_NAME + "," + PROP_OID_NAME + "," +
-                PROP_OTHER_NAME + ");Select Issuer Alternative Name type.",
+                        PROP_EDI_NAME + "," + PROP_URI_NAME + "," + PROP_IP_NAME + "," + PROP_OID_NAME + "," +
+                        PROP_OTHER_NAME + ");Select Issuer Alternative Name type.",
                 "name1;string;Enter Issuer Alternative Name corresponding to the selected name type.",
                 "nameType2;choice(" + PROP_RFC822_NAME + "," + PROP_DIR_NAME + "," + PROP_DNS_NAME + "," +
-                PROP_EDI_NAME + "," + PROP_URI_NAME + "," + PROP_IP_NAME + "," + PROP_OID_NAME + "," +
-                PROP_OTHER_NAME + ");Select Issuer Alternative Name type.",
+                        PROP_EDI_NAME + "," + PROP_URI_NAME + "," + PROP_IP_NAME + "," + PROP_OID_NAME + "," +
+                        PROP_OTHER_NAME + ");Select Issuer Alternative Name type.",
                 "name2;string;Enter Issuer Alternative Name corresponding to the selected name type.",
                 IExtendedPluginInfo.HELP_TOKEN +
-                ";configuration-ca-edit-crlextension-issueralternativename",
+                        ";configuration-ca-edit-crlextension-issueralternativename",
                 IExtendedPluginInfo.HELP_TEXT +
-                ";The issuer alternative names extension allows additional" +
-                " identities to be associated with the issuer of the CRL."
+                        ";The issuer alternative names extension allows additional" +
+                        " identities to be associated with the issuer of the CRL."
             };
 
         return params;
@@ -277,6 +275,6 @@ public class CMSIssuerAlternativeNameExtension
 
     private void log(int level, String msg) {
         mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_CA, level,
-            "CMSIssuerAlternativeNameExtension - " + msg);
+                "CMSIssuerAlternativeNameExtension - " + msg);
     }
-} 
+}
diff --git a/pki/base/common/src/com/netscape/cms/crl/CMSIssuingDistributionPointExtension.java b/pki/base/common/src/com/netscape/cms/crl/CMSIssuingDistributionPointExtension.java
index ccc5b64d..498e358c 100644
--- a/pki/base/common/src/com/netscape/cms/crl/CMSIssuingDistributionPointExtension.java
+++ b/pki/base/common/src/com/netscape/cms/crl/CMSIssuingDistributionPointExtension.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.crl;
 
-
 import java.io.IOException;
 import java.util.Locale;
 import java.util.StringTokenizer;
@@ -43,14 +42,13 @@ import com.netscape.certsrv.ca.ICRLIssuingPoint;
 import com.netscape.certsrv.common.NameValuePairs;
 import com.netscape.certsrv.logging.ILogger;
 
-
 /**
  * This represents a issuing distribution point extension.
- *
+ * 
  * @version $Revision$, $Date$
  */
 public class CMSIssuingDistributionPointExtension
-    implements ICMSCRLExtension, IExtendedPluginInfo {
+        implements ICMSCRLExtension, IExtendedPluginInfo {
     public static final String PROP_POINTTYPE = "pointType";
     public static final String PROP_POINTNAME = "pointName";
     public static final String PROP_DIRNAME = "DirectoryName";
@@ -61,14 +59,14 @@ public class CMSIssuingDistributionPointExtension
     public static final String PROP_INDIRECT = "indirectCRL";
     public static final String PROP_REASONS = "onlySomeReasons";
 
-    private static final String[] reasonFlags = {"unused",
+    private static final String[] reasonFlags = { "unused",
             "keyCompromise",
             "cACompromise",
             "affiliationChanged",
             "superseded",
             "cessationOfOperation",
             "certificateHold",
-            "privilegeWithdrawn"};
+            "privilegeWithdrawn" };
 
     private ILogger mLogger = CMS.getLogger();
 
@@ -76,9 +74,9 @@ public class CMSIssuingDistributionPointExtension
     }
 
     public Extension setCRLExtensionCriticality(Extension ext,
-        boolean critical) {
+            boolean critical) {
         IssuingDistributionPointExtension issuingDPointExt =
-            (IssuingDistributionPointExtension) ext;
+                (IssuingDistributionPointExtension) ext;
 
         issuingDPointExt.setCritical(critical);
 
@@ -86,8 +84,8 @@ public class CMSIssuingDistributionPointExtension
     }
 
     public Extension getCRLExtension(IConfigStore config,
-        Object ip,
-        boolean critical) {
+            Object ip,
+            boolean critical) {
 
         CMS.debug("in CMSIssuingDistributionPointExtension::getCRLExtension.");
         ICRLIssuingPoint crlIssuingPoint = (ICRLIssuingPoint) ip;
@@ -164,7 +162,7 @@ public class CMSIssuingDistributionPointExtension
         }
         if (reasons != null && reasons.length() > 0) {
 
-            boolean[] bits = {false, false, false, false, false, false, false};
+            boolean[] bits = { false, false, false, false, false, false, false };
             int k = 0;
             StringTokenizer st = new StringTokenizer(reasons, ",");
 
@@ -275,25 +273,22 @@ public class CMSIssuingDistributionPointExtension
             log(ILogger.LL_FAILURE, CMS.getLogMessage("CRL_INVALID_PROPERTY", "caCertsOnly", e.toString()));
         }
         // Disable these for now unitl we support them fully
-/*
-        try {
-            boolean userCertsOnly = config.getBoolean(PROP_USERCERTS, false);
-
-            nvp.add(PROP_USERCERTS, String.valueOf(userCertsOnly));
-        } catch (EBaseException e) {
-            nvp.add(PROP_USERCERTS, "false");
-            log(ILogger.LL_FAILURE, CMS.getLogMessage("CRL_INVALID_PROPERTY", "userCertsOnly", e.toString()));
-        }
-
-        try {
-            boolean indirectCRL = config.getBoolean(PROP_INDIRECT, false);
-
-            nvp.add(PROP_INDIRECT, String.valueOf(indirectCRL));
-        } catch (EBaseException e) {
-            nvp.add(PROP_INDIRECT, "false");
-            log(ILogger.LL_FAILURE, CMS.getLogMessage("CRL_INVALID_PROPERTY", "indirectCRL", e.toString()));
-        }
-*/
+        /*
+         * try { boolean userCertsOnly = config.getBoolean(PROP_USERCERTS,
+         * false);
+         * 
+         * nvp.add(PROP_USERCERTS, String.valueOf(userCertsOnly)); } catch
+         * (EBaseException e) { nvp.add(PROP_USERCERTS, "false");
+         * log(ILogger.LL_FAILURE, CMS.getLogMessage("CRL_INVALID_PROPERTY",
+         * "userCertsOnly", e.toString())); }
+         * 
+         * try { boolean indirectCRL = config.getBoolean(PROP_INDIRECT, false);
+         * 
+         * nvp.add(PROP_INDIRECT, String.valueOf(indirectCRL)); } catch
+         * (EBaseException e) { nvp.add(PROP_INDIRECT, "false");
+         * log(ILogger.LL_FAILURE, CMS.getLogMessage("CRL_INVALID_PROPERTY",
+         * "indirectCRL", e.toString())); }
+         */
     }
 
     public String[] getExtendedPluginInfo(Locale locale) {
@@ -305,25 +300,26 @@ public class CMSIssuingDistributionPointExtension
             sb_reasons.append(reasonFlags[i]);
         }
         String[] params = {
-                //"type;choice(CRLExtension,CRLEntryExtension);"+
-                //"CRL Extension type. This field is not editable.",
+                // "type;choice(CRLExtension,CRLEntryExtension);"+
+                // "CRL Extension type. This field is not editable.",
                 "enable;boolean;Check to enable Issuing Distribution Point CRL extension.",
                 "critical;boolean;Set criticality for Issuing Distribution Point CRL extension.",
                 PROP_POINTTYPE + ";choice(" + PROP_DIRNAME + "," + PROP_URINAME + "," +
-                PROP_RDNNAME + ");Select Issuing Distribution Point name type.",
+                        PROP_RDNNAME + ");Select Issuing Distribution Point name type.",
                 PROP_POINTNAME + ";string;Enter Issuing Distribution Point name " +
-                "corresponding to the selected point type.",
+                        "corresponding to the selected point type.",
                 PROP_REASONS + ";string;Select any combination of the following reasons: " +
-                sb_reasons.toString(),
+                        sb_reasons.toString(),
                 PROP_CACERTS + ";boolean;Check if CRL contains CA certificates only",
-             //   Remove these from the UI until they can be supported fully.
-             //   PROP_USERCERTS + ";boolean;Check if CRL contains user certificates only",
-             //   PROP_INDIRECT + ";boolean;Check if CRL is built indirectly.",
+                // Remove these from the UI until they can be supported fully.
+                // PROP_USERCERTS +
+                // ";boolean;Check if CRL contains user certificates only",
+                // PROP_INDIRECT + ";boolean;Check if CRL is built indirectly.",
                 IExtendedPluginInfo.HELP_TOKEN +
-                ";configuration-ca-edit-crlextension-issuingdistributionpoint",
+                        ";configuration-ca-edit-crlextension-issuingdistributionpoint",
                 IExtendedPluginInfo.HELP_TEXT +
-                ";The issuing distribution point is a critical CRL extension " +
-                "that identifies the CRL distribution point for a particular CRL."
+                        ";The issuing distribution point is a critical CRL extension " +
+                        "that identifies the CRL distribution point for a particular CRL."
             };
 
         return params;
@@ -331,6 +327,6 @@ public class CMSIssuingDistributionPointExtension
 
     private void log(int level, String msg) {
         mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_CA, level,
-            "CMSIssuingDistributionPointExtension - " + msg);
+                "CMSIssuingDistributionPointExtension - " + msg);
     }
-} 
+}
diff --git a/pki/base/common/src/com/netscape/cms/evaluators/GroupAccessEvaluator.java b/pki/base/common/src/com/netscape/cms/evaluators/GroupAccessEvaluator.java
index d026cdba..9411d2b7 100644
--- a/pki/base/common/src/com/netscape/cms/evaluators/GroupAccessEvaluator.java
+++ b/pki/base/common/src/com/netscape/cms/evaluators/GroupAccessEvaluator.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.evaluators;
 
-
 import com.netscape.certsrv.apps.CMS;
 import com.netscape.certsrv.authentication.IAuthToken;
 import com.netscape.certsrv.base.EBaseException;
@@ -28,7 +27,6 @@ import com.netscape.certsrv.usrgrp.IUGSubsystem;
 import com.netscape.certsrv.usrgrp.IUser;
 import com.netscape.cmsutil.util.Utils;
 
-
 /**
  * A class represents a group acls evaluator.
  * <P>
@@ -54,7 +52,7 @@ public class GroupAccessEvaluator implements IAccessEvaluator {
     }
 
     /**
-     * initialization.  nothing for now.
+     * initialization. nothing for now.
      */
     public void init() {
         CMS.debug("GroupAccessEvaluator: init");
@@ -62,6 +60,7 @@ public class GroupAccessEvaluator implements IAccessEvaluator {
 
     /**
      * gets the type name for this acl evaluator
+     * 
      * @return type for this acl evaluator: "group" or "at_group"
      */
     public String getType() {
@@ -70,6 +69,7 @@ public class GroupAccessEvaluator implements IAccessEvaluator {
 
     /**
      * gets the description for this acl evaluator
+     * 
      * @return description for this acl evaluator
      */
     public String getDescription() {
@@ -85,14 +85,13 @@ public class GroupAccessEvaluator implements IAccessEvaluator {
     }
 
     /**
-     * evaluates uid in AuthToken to see if it has membership in
-     *	 group value
+     * evaluates uid in AuthToken to see if it has membership in group value
+     * 
      * @param authToken authentication token
      * @param type must be "at_group"
      * @param op must be "="
      * @param value the group name
-     * @return true if AuthToken uid belongs to the group value,
-     *	 false otherwise
+     * @return true if AuthToken uid belongs to the group value, false otherwise
      */
     public boolean evaluate(IAuthToken authToken, String type, String op, String value) {
 
@@ -104,17 +103,17 @@ public class GroupAccessEvaluator implements IAccessEvaluator {
             if (uid == null) {
                 uid = authToken.getInString("uid");
                 if (uid == null) {
-                  CMS.debug("GroupAccessEvaluator: evaluate: uid null");
-                  log(ILogger.LL_FAILURE, CMS.getLogMessage("EVALUTOR_UID_NULL"));
-                  return false;
+                    CMS.debug("GroupAccessEvaluator: evaluate: uid null");
+                    log(ILogger.LL_FAILURE, CMS.getLogMessage("EVALUTOR_UID_NULL"));
+                    return false;
                 }
             }
-            CMS.debug("GroupAccessEvaluator: evaluate: uid="+uid +" value="+value);
+            CMS.debug("GroupAccessEvaluator: evaluate: uid=" + uid + " value=" + value);
 
             String groupname = authToken.getInString("gid");
 
             if (groupname != null) {
-                CMS.debug("GroupAccessEvaluator: evaluate: authToken gid="+groupname);
+                CMS.debug("GroupAccessEvaluator: evaluate: authToken gid=" + groupname);
                 if (op.equals("=")) {
                     return groupname.equals(Utils.stripQuotes(value));
                 } else if (op.equals("!=")) {
@@ -123,12 +122,12 @@ public class GroupAccessEvaluator implements IAccessEvaluator {
             } else {
                 CMS.debug("GroupAccessEvaluator: evaluate: no gid in authToken");
                 IUser id = null;
-                try { 
-                    id = mUG.getUser(uid); 
-                } catch (EBaseException e) { 
+                try {
+                    id = mUG.getUser(uid);
+                } catch (EBaseException e) {
                     CMS.debug("GroupAccessEvaluator: " + e.toString());
                     return false;
-                } 
+                }
 
                 if (op.equals("=")) {
                     return mUG.isMemberOf(id, Utils.stripQuotes(value));
@@ -142,13 +141,14 @@ public class GroupAccessEvaluator implements IAccessEvaluator {
     }
 
     /**
-     * evaluates uid in SessionContext to see if it has membership in
-     *	 group value
+     * evaluates uid in SessionContext to see if it has membership in group
+     * value
+     * 
      * @param type must be "group"
      * @param op must be "="
      * @param value the group name
-     * @return true if SessionContext uid belongs to the group value,
-     *	 false otherwise
+     * @return true if SessionContext uid belongs to the group value, false
+     *         otherwise
      */
     public boolean evaluate(String type, String op, String value) {
 
@@ -161,12 +161,12 @@ public class GroupAccessEvaluator implements IAccessEvaluator {
                 log(ILogger.LL_FAILURE, CMS.getLogMessage("EVALUTOR_UID_NULL"));
                 return false;
             }
-            if (op.equals("=")) 
+            if (op.equals("="))
                 return mUG.isMemberOf(id, Utils.stripQuotes(value));
             else
                 return !(mUG.isMemberOf(id, Utils.stripQuotes(value)));
-            
-        } 
+
+        }
 
         return false;
     }
@@ -175,7 +175,7 @@ public class GroupAccessEvaluator implements IAccessEvaluator {
         if (mLogger == null)
             return;
         mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_ACLS,
-            level, "GroupAccessEvaluator: " + msg);
+                level, "GroupAccessEvaluator: " + msg);
     }
 
 }
diff --git a/pki/base/common/src/com/netscape/cms/evaluators/IPAddressAccessEvaluator.java b/pki/base/common/src/com/netscape/cms/evaluators/IPAddressAccessEvaluator.java
index a5c99eeb..3d512c98 100644
--- a/pki/base/common/src/com/netscape/cms/evaluators/IPAddressAccessEvaluator.java
+++ b/pki/base/common/src/com/netscape/cms/evaluators/IPAddressAccessEvaluator.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.evaluators;
 
-
 import com.netscape.certsrv.apps.CMS;
 import com.netscape.certsrv.authentication.IAuthToken;
 import com.netscape.certsrv.base.SessionContext;
@@ -25,7 +24,6 @@ import com.netscape.certsrv.evaluators.IAccessEvaluator;
 import com.netscape.certsrv.logging.ILogger;
 import com.netscape.cmsutil.util.Utils;
 
-
 /**
  * A class represents a IP address acls evaluator.
  * <P>
@@ -44,13 +42,14 @@ public class IPAddressAccessEvaluator implements IAccessEvaluator {
     }
 
     /**
-     * initialization.  nothing for now.
+     * initialization. nothing for now.
      */
     public void init() {
     }
 
     /**
      * gets the type name for this acl evaluator
+     * 
      * @return type for this acl evaluator: ipaddress
      */
     public String getType() {
@@ -59,6 +58,7 @@ public class IPAddressAccessEvaluator implements IAccessEvaluator {
 
     /**
      * gets the description for this acl evaluator
+     * 
      * @return description for this acl evaluator
      */
     public String getDescription() {
@@ -75,6 +75,7 @@ public class IPAddressAccessEvaluator implements IAccessEvaluator {
 
     /**
      * Gets the IP address from session context
+     * 
      * @param authToken authentication token
      * @param type must be "ipaddress"
      * @param op must be "=" or "!="
@@ -86,13 +87,14 @@ public class IPAddressAccessEvaluator implements IAccessEvaluator {
     }
 
     /**
-     * evaluates uid in SessionContext to see if it has membership in
-     *	 group value
+     * evaluates uid in SessionContext to see if it has membership in group
+     * value
+     * 
      * @param type must be "group"
      * @param op must be "="
      * @param value the group name
-     * @return true if SessionContext uid belongs to the group value,
-     *	 false otherwise
+     * @return true if SessionContext uid belongs to the group value, false
+     *         otherwise
      */
     public boolean evaluate(String type, String op, String value) {
 
@@ -106,13 +108,13 @@ public class IPAddressAccessEvaluator implements IAccessEvaluator {
                 log(ILogger.LL_FAILURE, CMS.getLogMessage("EVALUATOR_IPADDRESS_NULL"));
                 return false;
             }
-            if (op.equals("=")) { 
+            if (op.equals("=")) {
                 return ipaddress.matches(value);
             } else {
                 return !(ipaddress.matches(value));
             }
-            
-        } 
+
+        }
 
         return false;
     }
@@ -121,6 +123,6 @@ public class IPAddressAccessEvaluator implements IAccessEvaluator {
         if (mLogger == null)
             return;
         mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_ACLS,
-            level, "GroupAccessEvaluator: " + msg);
+                level, "GroupAccessEvaluator: " + msg);
     }
 }
diff --git a/pki/base/common/src/com/netscape/cms/evaluators/UserAccessEvaluator.java b/pki/base/common/src/com/netscape/cms/evaluators/UserAccessEvaluator.java
index 4b6b5677..bf7727c9 100644
--- a/pki/base/common/src/com/netscape/cms/evaluators/UserAccessEvaluator.java
+++ b/pki/base/common/src/com/netscape/cms/evaluators/UserAccessEvaluator.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.evaluators;
 
-
 import com.netscape.certsrv.apps.CMS;
 import com.netscape.certsrv.authentication.IAuthToken;
 import com.netscape.certsrv.base.SessionContext;
@@ -26,7 +25,6 @@ import com.netscape.certsrv.logging.ILogger;
 import com.netscape.certsrv.usrgrp.IUser;
 import com.netscape.cmsutil.util.Utils;
 
-
 /**
  * A class represents a user acls evaluator.
  * <P>
@@ -48,7 +46,7 @@ public class UserAccessEvaluator implements IAccessEvaluator {
     }
 
     /**
-     * initialization.  nothing for now.
+     * initialization. nothing for now.
      */
     public void init() {
         CMS.debug("UserAccessEvaluator: init");
@@ -56,6 +54,7 @@ public class UserAccessEvaluator implements IAccessEvaluator {
 
     /**
      * gets the type name for this acl evaluator
+     * 
      * @return type for this acl evaluator: "user" or "at_user"
      */
     public String getType() {
@@ -64,6 +63,7 @@ public class UserAccessEvaluator implements IAccessEvaluator {
 
     /**
      * gets the description for this acl evaluator
+     * 
      * @return description for this acl evaluator
      */
     public String getDescription() {
@@ -80,6 +80,7 @@ public class UserAccessEvaluator implements IAccessEvaluator {
 
     /**
      * Evaluates the user in AuthToken to see if it's equal to value
+     * 
      * @param authToken AuthToken from authentication
      * @param type must be "at_user"
      * @param op must be "="
@@ -92,9 +93,9 @@ public class UserAccessEvaluator implements IAccessEvaluator {
             String s = Utils.stripQuotes(value);
 
             if ((s.equals(ANYBODY) || s.equals(EVERYBODY)) && op.equals("="))
-                return true; 
-            
-                // should define "uid" at a common place
+                return true;
+
+            // should define "uid" at a common place
             String uid = null;
 
             uid = authToken.getInString("uid");
@@ -108,13 +109,14 @@ public class UserAccessEvaluator implements IAccessEvaluator {
                 return s.equalsIgnoreCase(uid);
             else if (op.equals("!="))
                 return !(s.equalsIgnoreCase(uid));
-        }        
+        }
 
         return false;
     }
 
     /**
      * Evaluates the user in session context to see if it's equal to value
+     * 
      * @param type must be "user"
      * @param op must be "="
      * @param value the user id
@@ -145,7 +147,7 @@ public class UserAccessEvaluator implements IAccessEvaluator {
         if (mLogger == null)
             return;
         mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_ACLS,
-            level, "UserAccessEvaluator: " + msg);
+                level, "UserAccessEvaluator: " + msg);
     }
 
 }
diff --git a/pki/base/common/src/com/netscape/cms/evaluators/UserOrigReqAccessEvaluator.java b/pki/base/common/src/com/netscape/cms/evaluators/UserOrigReqAccessEvaluator.java
index b1b406c0..4687b709 100644
--- a/pki/base/common/src/com/netscape/cms/evaluators/UserOrigReqAccessEvaluator.java
+++ b/pki/base/common/src/com/netscape/cms/evaluators/UserOrigReqAccessEvaluator.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.evaluators;
 
-
 import com.netscape.certsrv.apps.CMS;
 import com.netscape.certsrv.authentication.IAuthToken;
 import com.netscape.certsrv.base.SessionContext;
@@ -26,12 +25,11 @@ import com.netscape.certsrv.logging.ILogger;
 import com.netscape.certsrv.usrgrp.IUser;
 import com.netscape.cmsutil.util.Utils;
 
-
 /**
- * A class represents a user-origreq uid mapping acls evaluator.
- * This is primarily used for renewal.  During renewal, the orig_req
- * uid is placed in the SessionContext of the renewal session context
- * to be evaluated by this evaluator
+ * A class represents a user-origreq uid mapping acls evaluator. This is
+ * primarily used for renewal. During renewal, the orig_req uid is placed in the
+ * SessionContext of the renewal session context to be evaluated by this
+ * evaluator
  * <P>
  * 
  * @author Christina Fu
@@ -52,7 +50,7 @@ public class UserOrigReqAccessEvaluator implements IAccessEvaluator {
     }
 
     /**
-     * initialization.  nothing for now.
+     * initialization. nothing for now.
      */
     public void init() {
         CMS.debug("UserOrigReqAccessEvaluator: init");
@@ -60,6 +58,7 @@ public class UserOrigReqAccessEvaluator implements IAccessEvaluator {
 
     /**
      * gets the type name for this acl evaluator
+     * 
      * @return type for this acl evaluator: "user_origreq" or "at_user_origreq"
      */
     public String getType() {
@@ -68,6 +67,7 @@ public class UserOrigReqAccessEvaluator implements IAccessEvaluator {
 
     /**
      * gets the description for this acl evaluator
+     * 
      * @return description for this acl evaluator
      */
     public String getDescription() {
@@ -84,6 +84,7 @@ public class UserOrigReqAccessEvaluator implements IAccessEvaluator {
 
     /**
      * Evaluates the user in AuthToken to see if it's equal to value
+     * 
      * @param authToken AuthToken from authentication
      * @param type must be "at_userreq"
      * @param op must be "="
@@ -96,9 +97,9 @@ public class UserOrigReqAccessEvaluator implements IAccessEvaluator {
             String s = Utils.stripQuotes(value);
 
             if ((s.equals(ANYBODY) || s.equals(EVERYBODY)) && op.equals("="))
-                return true; 
-            
-                // should define "uid" at a common place
+                return true;
+
+            // should define "uid" at a common place
             String uid = null;
 
             uid = authToken.getInString("uid");
@@ -107,30 +108,31 @@ public class UserOrigReqAccessEvaluator implements IAccessEvaluator {
                 CMS.debug("UserOrigReqAccessEvaluator: evaluate() uid in authtoken null");
                 return false;
             } else
-                CMS.debug("UserOrigReqAccessEvaluator: evaluate() uid in authtoken ="+ uid);
+                CMS.debug("UserOrigReqAccessEvaluator: evaluate() uid in authtoken =" + uid);
 
             // find value of param in request
             SessionContext mSC = SessionContext.getContext();
-            CMS.debug("UserOrigReqAccessEvaluator: evaluate() getting "+"orig_req."+s+ " in SessionContext");
+            CMS.debug("UserOrigReqAccessEvaluator: evaluate() getting " + "orig_req." + s + " in SessionContext");
             // "orig_req.auth_token.uid"
-            String orig_id = (String) mSC.get("orig_req."+s);
+            String orig_id = (String) mSC.get("orig_req." + s);
 
             if (orig_id == null) {
                 CMS.debug("UserOrigReqAccessEvaluator: evaluate() orig_id null");
                 return false;
             }
-                CMS.debug("UserOrigReqAccessEvaluator: evaluate() orig_id ="+ orig_id);
+            CMS.debug("UserOrigReqAccessEvaluator: evaluate() orig_id =" + orig_id);
             if (op.equals("="))
                 return uid.equalsIgnoreCase(orig_id);
             else if (op.equals("!="))
                 return !(uid.equalsIgnoreCase(orig_id));
-        }        
+        }
 
         return false;
     }
 
     /**
      * Evaluates the user in session context to see if it's equal to value
+     * 
      * @param type must be "user_origreq"
      * @param op must be "="
      * @param value the user id
@@ -141,7 +143,7 @@ public class UserOrigReqAccessEvaluator implements IAccessEvaluator {
         SessionContext mSC = SessionContext.getContext();
 
         if (type.equals(mType)) {
-// what do I do with s here?
+            // what do I do with s here?
             String s = Utils.stripQuotes(value);
 
             if (s.equals(ANYBODY) && op.equals("="))
@@ -149,7 +151,7 @@ public class UserOrigReqAccessEvaluator implements IAccessEvaluator {
 
             IUser id = (IUser) mSC.get(SessionContext.USER);
             // "orig_req.auth_token.uid"
-            String orig_id = (String) mSC.get("orig_req"+s);
+            String orig_id = (String) mSC.get("orig_req" + s);
 
             if (op.equals("="))
                 return id.getName().equalsIgnoreCase(orig_id);
diff --git a/pki/base/common/src/com/netscape/cms/jobs/AJobBase.java b/pki/base/common/src/com/netscape/cms/jobs/AJobBase.java
index 8488ec2d..bf875162 100644
--- a/pki/base/common/src/com/netscape/cms/jobs/AJobBase.java
+++ b/pki/base/common/src/com/netscape/cms/jobs/AJobBase.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.jobs;
 
-
 import java.io.IOException;
 import java.util.Hashtable;
 
@@ -36,11 +35,10 @@ import com.netscape.certsrv.notification.IEmailTemplate;
 import com.netscape.certsrv.notification.IMailNotification;
 import com.netscape.certsrv.request.IRequest;
 
-
 /**
- * This abstract class is a base job for real job extentions for the
- * Jobs Scheduler. 
- *
+ * This abstract class is a base job for real job extentions for the Jobs
+ * Scheduler.
+ * 
  * @version $Revision$, $Date$
  * @see com.netscape.certsrv.jobs.IJob
  */
@@ -57,7 +55,7 @@ public abstract class AJobBase implements IJob, Runnable {
     protected static final String STATUS_FAILURE = "failed";
     protected static final String STATUS_SUCCESS = "succeeded";
 
-    // variables used by the Job Scheduler Daemon 
+    // variables used by the Job Scheduler Daemon
     protected String mImplName = null;
     protected IConfigStore mConfig;
     protected String mId = null;
@@ -81,8 +79,8 @@ public abstract class AJobBase implements IJob, Runnable {
 
     /**
      * tells if the job is enabled
-     * @return a boolean value indicating whether the job is enabled
-     *	 or not
+     * 
+     * @return a boolean value indicating whether the job is enabled or not
      */
     public boolean isEnabled() {
         boolean enabled = false;
@@ -98,16 +96,17 @@ public abstract class AJobBase implements IJob, Runnable {
      * abstract methods
      ***********************/
     public abstract void init(ISubsystem owner, String id, String implName, IConfigStore
-        config) throws EBaseException;
+            config) throws EBaseException;
 
     public abstract void run();
 
     /***********************
      * public methods
      ***********************/
-    
+
     /**
      * get instance id.
+     * 
      * @return a String identifier
      */
     public String getId() {
@@ -116,6 +115,7 @@ public abstract class AJobBase implements IJob, Runnable {
 
     /**
      * set instance id.
+     * 
      * @param id String id of the instance
      */
     public void setId(String id) {
@@ -124,6 +124,7 @@ public abstract class AJobBase implements IJob, Runnable {
 
     /**
      * get cron string associated with this job
+     * 
      * @return a JobCron object that represents the schedule of this job
      */
     public IJobCron getJobCron() {
@@ -132,6 +133,7 @@ public abstract class AJobBase implements IJob, Runnable {
 
     /**
      * gets the plugin name of this job.
+     * 
      * @return a String that is the name of this implementation
      */
     public String getImplName() {
@@ -140,6 +142,7 @@ public abstract class AJobBase implements IJob, Runnable {
 
     /**
      * Gets the configuration substore used by this job
+     * 
      * @return configuration store
      */
     public IConfigStore getConfigStore() {
@@ -193,29 +196,29 @@ public abstract class AJobBase implements IJob, Runnable {
         } catch (ENotificationException e) {
             // already logged, lets audit
             mLogger.log(ILogger.EV_AUDIT, null,
-                ILogger.S_OTHER,
-                ILogger.LL_FAILURE, CMS.getLogMessage("JOBS_SEND_NOTIFICATION", e.toString()));
+                    ILogger.S_OTHER,
+                    ILogger.LL_FAILURE, CMS.getLogMessage("JOBS_SEND_NOTIFICATION", e.toString()));
         } catch (IOException e) {
             // already logged, lets audit
             mLogger.log(ILogger.EV_AUDIT, null,
-                ILogger.S_OTHER,
-                ILogger.LL_FAILURE, CMS.getLogMessage("JOBS_SEND_NOTIFICATION", e.toString()));
+                    ILogger.S_OTHER,
+                    ILogger.LL_FAILURE, CMS.getLogMessage("JOBS_SEND_NOTIFICATION", e.toString()));
         }
     }
 
     protected void buildItemParams(X509CertImpl cert) {
         mItemParams.put(IEmailFormProcessor.TOKEN_SERIAL_NUM,
-            (Object) cert.getSerialNumber().toString());
+                (Object) cert.getSerialNumber().toString());
         mItemParams.put(IEmailFormProcessor.TOKEN_HEX_SERIAL_NUM,
-            (Object) cert.getSerialNumber().toString(16));
+                (Object) cert.getSerialNumber().toString(16));
         mItemParams.put(IEmailFormProcessor.TOKEN_ISSUER_DN,
-            (Object) cert.getIssuerDN().toString());
+                (Object) cert.getIssuerDN().toString());
         mItemParams.put(IEmailFormProcessor.TOKEN_SUBJECT_DN,
-            (Object) cert.getSubjectDN().toString());
+                (Object) cert.getSubjectDN().toString());
         mItemParams.put(IEmailFormProcessor.TOKEN_NOT_AFTER,
-            (Object) cert.getNotAfter().toString());
+                (Object) cert.getNotAfter().toString());
         mItemParams.put(IEmailFormProcessor.TOKEN_NOT_BEFORE,
-            (Object) cert.getNotBefore().toString());
+                (Object) cert.getNotBefore().toString());
         // ... and more
     }
 
@@ -258,7 +261,8 @@ public abstract class AJobBase implements IJob, Runnable {
     }
 
     /**
-     * logs an entry in the log file.  Used by classes extending this class.
+     * logs an entry in the log file. Used by classes extending this class.
+     * 
      * @param level log level
      * @param msg log message in String
      */
@@ -266,21 +270,22 @@ public abstract class AJobBase implements IJob, Runnable {
         if (mLogger == null)
             return;
         mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_OTHER,
-            level, mId + ": " + msg);
+                level, mId + ": " + msg);
     }
 
     /**
-     * capable of logging multiline entry in the log file.  Used by classes extending this class.
+     * capable of logging multiline entry in the log file. Used by classes
+     * extending this class.
+     * 
      * @param level log level
      * @param msg log message in String
-     * @param multiline boolean indicating whether the message is a
-     *	 multi-lined message.
+     * @param multiline boolean indicating whether the message is a multi-lined
+     *            message.
      */
     public void log(int level, String msg, boolean multiline) {
         if (mLogger == null)
             return;
         mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_OTHER,
-            level, mId + ": " + msg, multiline);
+                level, mId + ": " + msg, multiline);
     }
 }
-
diff --git a/pki/base/common/src/com/netscape/cms/jobs/PublishCertsJob.java b/pki/base/common/src/com/netscape/cms/jobs/PublishCertsJob.java
index a23cc1f3..ba8bffad 100644
--- a/pki/base/common/src/com/netscape/cms/jobs/PublishCertsJob.java
+++ b/pki/base/common/src/com/netscape/cms/jobs/PublishCertsJob.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.jobs;
 
-
 import java.security.cert.X509Certificate;
 import java.text.DateFormat;
 import java.util.Date;
@@ -46,59 +45,47 @@ import com.netscape.certsrv.request.IRequest;
 import com.netscape.certsrv.request.IRequestQueue;
 import com.netscape.certsrv.request.RequestId;
 
-
 /**
- * a job for the Jobs Scheduler.  This job checks in the internal ldap
- * db for valid certs that have not been published to the
- * publishing directory.
+ * a job for the Jobs Scheduler. This job checks in the internal ldap db for
+ * valid certs that have not been published to the publishing directory.
  * <p>
  * the $TOKENS that are available for the this jobs's summary outer form are:<br>
  * <UL>
- * $Status
- * $InstanceID
- * $SummaryItemList
- * $SummaryTotalNum
- * $SummaryTotalSuccess
- * $SummaryTotalfailure
- * $ExecutionTime
+ * $Status $InstanceID $SummaryItemList $SummaryTotalNum $SummaryTotalSuccess
+ * $SummaryTotalfailure $ExecutionTime
  * </UL>
  * and for the inner list items:
  * <UL>
- * $SerialNumber
- * $IssuerDN
- * $SubjectDN
- * $NotAfter
- * $NotBefore
- * $RequestorEmail
+ * $SerialNumber $IssuerDN $SubjectDN $NotAfter $NotBefore $RequestorEmail
  * $CertType
  * </UL>
- *
+ * 
  * @version $Revision$, $Date$
  */
 public class PublishCertsJob extends AJobBase
-    implements IJob, Runnable, IExtendedPluginInfo {
-	
+        implements IJob, Runnable, IExtendedPluginInfo {
+
     ICertificateAuthority mCa = null;
     IRequestQueue mReqQ = null;
     ICertificateRepository mRepository = null;
     IPublisherProcessor mPublisherProcessor = null;
     private boolean mSummary = false;
 
-    /* Holds configuration parameters accepted by this implementation.
-     * This list is passed to the configuration console so configuration
-     * for instances of this implementation can be configured through the
-     * console.
+    /*
+     * Holds configuration parameters accepted by this implementation. This list
+     * is passed to the configuration console so configuration for instances of
+     * this implementation can be configured through the console.
      */
     protected static String[] mConfigParams =
-        new String[] { 
-            "enabled",
-            "cron",
-            "summary.enabled",
-            "summary.emailSubject",
-            "summary.emailTemplate",
-            "summary.itemTemplate",
-            "summary.senderEmail",
-            "summary.recipientEmail"
+            new String[] {
+                    "enabled",
+                    "cron",
+                    "summary.enabled",
+                    "summary.emailSubject",
+                    "summary.emailTemplate",
+                    "summary.itemTemplate",
+                    "summary.senderEmail",
+                    "summary.recipientEmail"
         };
 
     /* Vector of extendedPluginInfo strings */
@@ -110,24 +97,24 @@ public class PublishCertsJob extends AJobBase
     public String[] getExtendedPluginInfo(Locale locale) {
         String s[] = {
                 IExtendedPluginInfo.HELP_TEXT +
-                "; A job that checks for valid certificates in the " +
-                "database, that have not been published and publish them to " +
-                "the publishing directory",
+                        "; A job that checks for valid certificates in the " +
+                        "database, that have not been published and publish them to " +
+                        "the publishing directory",
                 "cron;string;Format: minute hour dayOfMonth month " +
-                "dayOfWeek. Use '*' for 'every'. For dayOfWeek, 0 is Sunday",
+                        "dayOfWeek. Use '*' for 'every'. For dayOfWeek, 0 is Sunday",
                 "summary.senderEmail;string;Specify the address to be used " +
-                "as the email's 'sender'. Bounces go to this address.",
+                        "as the email's 'sender'. Bounces go to this address.",
                 "summary.recipientEmail;string;Who should receive summaries",
                 "enabled;boolean;Enable this plugin",
                 "summary.enabled;boolean;Enable the summary. You must enabled " +
-                "this for the job to work.",
+                        "this for the job to work.",
                 "summary.emailSubject;string;Subject of summary email",
                 "summary.emailTemplate;string;Fully qualified pathname of " +
-                "template file of email to be sent",
+                        "template file of email to be sent",
                 "summary.itemTemplate;string;Fully qualified pathname of " +
-                "file containing template for each item",
+                        "file containing template for each item",
                 IExtendedPluginInfo.HELP_TOKEN +
-                ";configuration-jobrules-unpublishexpiredjobs",
+                        ";configuration-jobrules-unpublishexpiredjobs",
             };
 
         return s;
@@ -151,13 +138,13 @@ public class PublishCertsJob extends AJobBase
         mReqQ = mCa.getRequestQueue();
         mRepository = (ICertificateRepository) mCa.getCertificateRepository();
         mPublisherProcessor = mCa.getPublisherProcessor();
-		
+
         // read from the configuration file
         mCron = mConfig.getString(IJobCron.PROP_CRON);
         if (mCron == null) {
             return;
         }
-		
+
         // parse cron string into a JobCron class
         IJobsScheduler scheduler = (IJobsScheduler) owner;
 
@@ -179,15 +166,14 @@ public class PublishCertsJob extends AJobBase
     }
 
     /**
-     * look in the internal db for certificateRecords that are
-     * valid but not published
-     * The publish() method should set <b>InLdapPublishDir</b> flag accordingly.
-     *    if publish unsuccessfully, log it -- unsuccessful certs should be
-     *    picked up and attempted again at the next scheduled run
+     * look in the internal db for certificateRecords that are valid but not
+     * published The publish() method should set <b>InLdapPublishDir</b> flag
+     * accordingly. if publish unsuccessfully, log it -- unsuccessful certs
+     * should be picked up and attempted again at the next scheduled run
      */
     public void run() {
-	CMS.debug("in PublishCertsJob "+
-					   getId()+ " : run()");
+        CMS.debug("in PublishCertsJob " +
+                       getId() + " : run()");
         // get time now..."now" is before the loop
         Date date = CMS.getCurrentDate();
         long now = date.getTime();
@@ -196,8 +182,8 @@ public class PublishCertsJob extends AJobBase
 
         // form filter
         String filter = // might need to use "metaInfo"
-            "(!(certMetainfo=" + ICertRecord.META_LDAPPUBLISH +
-            ":true))";
+        "(!(certMetainfo=" + ICertRecord.META_LDAPPUBLISH +
+                ":true))";
 
         Enumeration unpublishedCerts = null;
 
@@ -205,10 +191,10 @@ public class PublishCertsJob extends AJobBase
             unpublishedCerts = mRepository.findCertRecs(filter);
             // bug 399150
             /*
-             CertRecordList list = null;
-             list = mRepository.findCertRecordsInList(filter,  null, "serialno", 5);
-             int size = list.getSize();
-             expired = list.getCertRecords(0, size - 1);
+             * CertRecordList list = null; list =
+             * mRepository.findCertRecordsInList(filter, null, "serialno", 5);
+             * int size = list.getSize(); expired = list.getCertRecords(0, size
+             * - 1);
              */
         } catch (EBaseException e) {
             log(ILogger.LL_FAILURE, CMS.getLogMessage("OPERATION_ERROR", e.toString()));
@@ -225,28 +211,29 @@ public class PublishCertsJob extends AJobBase
             itemForm = getTemplateContent(mItemForm);
         }
 
-	// filter out the invalid ones and publish them
+        // filter out the invalid ones and publish them
         // publish() will set inLdapPublishDir flag
         while (unpublishedCerts != null && unpublishedCerts.hasMoreElements()) {
             ICertRecord rec = (ICertRecord) unpublishedCerts.nextElement();
 
-            if (rec == null) break;
+            if (rec == null)
+                break;
             X509CertImpl cert = rec.getCertificate();
-	    Date notBefore = cert.getNotBefore();
-	    Date notAfter = cert.getNotAfter();
+            Date notBefore = cert.getNotBefore();
+            Date notAfter = cert.getNotAfter();
 
-	    // skip CA certs
-	    if (cert.getBasicConstraintsIsCA() == true)
-		continue;
+            // skip CA certs
+            if (cert.getBasicConstraintsIsCA() == true)
+                continue;
 
-	    // skip the expired certs
-	    if (notAfter.before(date))
-		continue;
+            // skip the expired certs
+            if (notAfter.before(date))
+                continue;
 
             if (mSummary == true)
                 buildItemParams(cert);
 
-                // get request id from cert record MetaInfo
+            // get request id from cert record MetaInfo
             MetaInfo minfo = null;
 
             try {
@@ -255,42 +242,42 @@ public class PublishCertsJob extends AJobBase
                 negCount += 1;
                 if (mSummary == true)
                     buildItemParams(IEmailFormProcessor.TOKEN_STATUS,
-                        STATUS_FAILURE);
-                log(ILogger.LL_FAILURE,					
-                    CMS.getLogMessage("JOBS_META_INFO_ERROR",
-                        cert.getSerialNumber().toString(16) +
-                        e.toString()));
+                            STATUS_FAILURE);
+                log(ILogger.LL_FAILURE,
+                        CMS.getLogMessage("JOBS_META_INFO_ERROR",
+                                cert.getSerialNumber().toString(16) +
+                                        e.toString()));
             }
 
             String ridString = null;
 
             try {
                 if (minfo != null)
-                    ridString = (String) minfo.get(ICertRecord.META_REQUEST_ID); 
+                    ridString = (String) minfo.get(ICertRecord.META_REQUEST_ID);
             } catch (EBaseException e) {
                 negCount += 1;
                 if (mSummary == true)
                     buildItemParams(IEmailFormProcessor.TOKEN_STATUS,
-                        STATUS_FAILURE);
-                log(ILogger.LL_FAILURE,					
-                    CMS.getLogMessage("JOBS_META_REQUEST_ERROR",
-                        cert.getSerialNumber().toString(16) +
-                        e.toString()));
+                            STATUS_FAILURE);
+                log(ILogger.LL_FAILURE,
+                        CMS.getLogMessage("JOBS_META_REQUEST_ERROR",
+                                cert.getSerialNumber().toString(16) +
+                                        e.toString()));
             } catch (NullPointerException e) {
                 // no requestId in MetaInfo...skip to next record
                 negCount += 1;
                 if (mSummary == true)
                     buildItemParams(IEmailFormProcessor.TOKEN_STATUS,
-                        STATUS_FAILURE);
-                log(ILogger.LL_FAILURE,					
-                    CMS.getLogMessage("JOBS_META_REQUEST_ERROR",
-                        cert.getSerialNumber().toString(16) +
-                        e.toString()));
+                            STATUS_FAILURE);
+                log(ILogger.LL_FAILURE,
+                        CMS.getLogMessage("JOBS_META_REQUEST_ERROR",
+                                cert.getSerialNumber().toString(16) +
+                                        e.toString()));
             }
 
             if (ridString != null) {
                 RequestId rid = new RequestId(ridString);
-				
+
                 // get request from request id
                 IRequest req = null;
 
@@ -304,19 +291,19 @@ public class PublishCertsJob extends AJobBase
                     negCount += 1;
                     if (mSummary == true)
                         buildItemParams(IEmailFormProcessor.TOKEN_STATUS,
-                            STATUS_FAILURE);
-                    log(ILogger.LL_FAILURE,					
-                        CMS.getLogMessage("JOBS_FIND_REQUEST_ERROR",
-                            cert.getSerialNumber().toString(16) +
-                            e.toString()));
+                                STATUS_FAILURE);
+                    log(ILogger.LL_FAILURE,
+                            CMS.getLogMessage("JOBS_FIND_REQUEST_ERROR",
+                                    cert.getSerialNumber().toString(16) +
+                                            e.toString()));
                 }
                 try {
                     if ((mPublisherProcessor != null) &&
-                        mPublisherProcessor.enabled()) { 
+                            mPublisherProcessor.enabled()) {
                         mPublisherProcessor.publishCert((X509Certificate) cert, req);
                         if (mSummary == true)
                             buildItemParams(IEmailFormProcessor.TOKEN_STATUS,
-                                STATUS_SUCCESS);
+                                    STATUS_SUCCESS);
                         count += 1;
                     } else {
                         negCount += 1;
@@ -325,22 +312,22 @@ public class PublishCertsJob extends AJobBase
                     negCount += 1;
                     if (mSummary == true)
                         buildItemParams(IEmailFormProcessor.TOKEN_STATUS,
-                            STATUS_FAILURE);
-                    log(ILogger.LL_FAILURE,					
-                        CMS.getLogMessage("JOBS_PUBLISH_ERROR",
-                            cert.getSerialNumber().toString(16) +
-                            e.toString()));
+                                STATUS_FAILURE);
+                    log(ILogger.LL_FAILURE,
+                            CMS.getLogMessage("JOBS_PUBLISH_ERROR",
+                                    cert.getSerialNumber().toString(16) +
+                                            e.toString()));
                 }
             } // ridString != null
             else {
                 try {
                     if ((mPublisherProcessor != null) &&
-                        mPublisherProcessor.enabled()) { 
+                            mPublisherProcessor.enabled()) {
                         mPublisherProcessor.publishCert((X509Certificate) cert, null);
 
                         if (mSummary == true)
                             buildItemParams(IEmailFormProcessor.TOKEN_STATUS,
-                                STATUS_SUCCESS);
+                                    STATUS_SUCCESS);
                         count += 1;
                     } else {
                         negCount += 1;
@@ -350,12 +337,12 @@ public class PublishCertsJob extends AJobBase
 
                     if (mSummary == true)
                         buildItemParams(IEmailFormProcessor.TOKEN_STATUS,
-                            STATUS_FAILURE);
+                                STATUS_FAILURE);
 
-                    log(ILogger.LL_FAILURE,					
-                        CMS.getLogMessage("JOBS_PUBLISH_ERROR",
-                            cert.getSerialNumber().toString(16) +
-                            e.toString()));
+                    log(ILogger.LL_FAILURE,
+                            CMS.getLogMessage("JOBS_PUBLISH_ERROR",
+                                    cert.getSerialNumber().toString(16) +
+                                            e.toString()));
                 }
             } // ridString == null
 
@@ -365,7 +352,7 @@ public class PublishCertsJob extends AJobBase
             // if summary is enabled, form the item content
             if (mSummary) {
                 IEmailFormProcessor emailItemFormProcessor =
-                    CMS.getEmailFormProcessor();
+                        CMS.getEmailFormProcessor();
                 String c = emailItemFormProcessor.getEmailContent(itemForm,
                         mItemParams);
 
@@ -381,36 +368,35 @@ public class PublishCertsJob extends AJobBase
         // time for summary
         if (mSummary == true) {
             buildContentParams(IEmailFormProcessor.TOKEN_ID,
-                mId);
+                    mId);
             buildContentParams(IEmailFormProcessor.TOKEN_SUMMARY_ITEM_LIST,
-                itemListContent);
+                    itemListContent);
             buildContentParams(IEmailFormProcessor.TOKEN_SUMMARY_TOTAL_NUM,
-                String.valueOf(count + negCount));
+                    String.valueOf(count + negCount));
             buildContentParams(IEmailFormProcessor.TOKEN_SUMMARY_SUCCESS_NUM,
-                String.valueOf(count));
+                    String.valueOf(count));
             buildContentParams(IEmailFormProcessor.TOKEN_SUMMARY_FAILURE_NUM,
-                String.valueOf(negCount));
+                    String.valueOf(negCount));
             buildContentParams(IEmailFormProcessor.TOKEN_EXECUTION_TIME,
-                nowString);
+                    nowString);
 
             IEmailFormProcessor emailFormProcessor = CMS.getEmailFormProcessor();
             String mailContent =
-                emailFormProcessor.getEmailContent(contentForm,
-                    mContentParams);
+                    emailFormProcessor.getEmailContent(contentForm,
+                            mContentParams);
 
             mailSummary(mailContent);
         }
     }
 
     /**
-     * Returns a list of configuration parameter names. 
-     * The list is passed to the configuration console so instances of 
-     * this implementation can be configured through the console.
-     *
+     * Returns a list of configuration parameter names. The list is passed to
+     * the configuration console so instances of this implementation can be
+     * configured through the console.
+     * 
      * @return String array of configuration parameter names.
      */
     public String[] getConfigParams() {
         return (mConfigParams);
     }
 }
-
diff --git a/pki/base/common/src/com/netscape/cms/jobs/RenewalNotificationJob.java b/pki/base/common/src/com/netscape/cms/jobs/RenewalNotificationJob.java
index 8649cf23..0ffcc636 100644
--- a/pki/base/common/src/com/netscape/cms/jobs/RenewalNotificationJob.java
+++ b/pki/base/common/src/com/netscape/cms/jobs/RenewalNotificationJob.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.jobs;
 
-
 import java.io.IOException;
 import java.text.DateFormat;
 import java.util.Calendar;
@@ -49,12 +48,11 @@ import com.netscape.certsrv.notification.IMailNotification;
 import com.netscape.certsrv.request.IRequest;
 import com.netscape.certsrv.request.RequestId;
 
-
 /**
- * A job for the Jobs Scheduler.  This job checks in the internal ldap
- * db for certs about to expire within the next configurable days and
- * sends email notifications to the appropriate recipients.
- *
+ * A job for the Jobs Scheduler. This job checks in the internal ldap db for
+ * certs about to expire within the next configurable days and sends email
+ * notifications to the appropriate recipients.
+ * 
  * the $TOKENS that are available for the this jobs's summary outer form are:<br
  >
  * <UL>
@@ -79,14 +77,14 @@ import com.netscape.certsrv.request.RequestId;
  * <LI>$HttpHost
  * <LI>$HttpPort
  * </UL>
- *
+ * 
  * @version $Revision$, $Date$
  * @see com.netscape.certsrv.jobs.IJob
  * @see com.netscape.cms.jobs.AJobBase
  */
-public class RenewalNotificationJob 
-    extends AJobBase
-    implements IJob, Runnable, IExtendedPluginInfo {
+public class RenewalNotificationJob
+        extends AJobBase
+        implements IJob, Runnable, IExtendedPluginInfo {
 
     // config parameters...
     public static final String PROP_CRON = "cron";
@@ -97,15 +95,15 @@ public class RenewalNotificationJob
     public static final String PROP_PROFILE_ID = "profileId";
 
     /**
-     * This job will send notification at this much time before the
-     *	 enpiration date
+     * This job will send notification at this much time before the enpiration
+     * date
      */
     public static final String PROP_NOTIFYTRIGGEROFFSET =
-        "notifyTriggerOffset";
+            "notifyTriggerOffset";
 
     /**
-     * This job will stop sending notification this much time after
-     *	 the expiration date
+     * This job will stop sending notification this much time after the
+     * expiration date
      */
     public static final String PROP_NOTIFYENDOFFSET = "notifyEndOffset";
 
@@ -113,13 +111,13 @@ public class RenewalNotificationJob
      * sender email address as appeared on the notification email
      */
     public static final String PROP_SENDEREMAIL =
-        "senderEmail";
+            "senderEmail";
 
     /**
      * email subject line as appeared on the notification email
      */
     public static final String PROP_EMAILSUBJECT =
-        "emailSubject";
+            "emailSubject";
 
     /**
      * location of the template file used for email notification
@@ -148,55 +146,54 @@ public class RenewalNotificationJob
     public static final String PROP_SUMMARY_TEMPLATE = "summary.emailTemplate";
 
     /**
-     * location of the template file for each item appeared on the
-     *	 notification summary
+     * location of the template file for each item appeared on the notification
+     * summary
      */
     public static final String PROP_SUMMARY_ITEMTEMPLATE = "summary.itemTemplate";
 
     /*
-     * Holds configuration parameters accepted by this implementation.
-     * This list is passed to the configuration console so configuration
-     * for instances of this implementation can be configured through the
-     * console.
+     * Holds configuration parameters accepted by this implementation. This list
+     * is passed to the configuration console so configuration for instances of
+     * this implementation can be configured through the console.
      */
-    protected static String[] mConfigParams = 
-        new String[] {
-            "enabled",
-            PROP_CRON,
-            PROP_PROFILE_ID,
-            PROP_NOTIFYTRIGGEROFFSET,
-            PROP_NOTIFYENDOFFSET,
-            PROP_SENDEREMAIL,
-            PROP_EMAILSUBJECT,
-            PROP_EMAILTEMPLATE,
-            "summary.enabled",
-            PROP_SUMMARY_RECIPIENTEMAIL,
-            PROP_SUMMARY_SENDEREMAIL,
-            PROP_SUMMARY_SUBJECT,
-            PROP_SUMMARY_ITEMTEMPLATE,
-            PROP_SUMMARY_TEMPLATE,
+    protected static String[] mConfigParams =
+            new String[] {
+                    "enabled",
+                    PROP_CRON,
+                    PROP_PROFILE_ID,
+                    PROP_NOTIFYTRIGGEROFFSET,
+                    PROP_NOTIFYENDOFFSET,
+                    PROP_SENDEREMAIL,
+                    PROP_EMAILSUBJECT,
+                    PROP_EMAILTEMPLATE,
+                    "summary.enabled",
+                    PROP_SUMMARY_RECIPIENTEMAIL,
+                    PROP_SUMMARY_SENDEREMAIL,
+                    PROP_SUMMARY_SUBJECT,
+                    PROP_SUMMARY_ITEMTEMPLATE,
+                    PROP_SUMMARY_TEMPLATE,
         };
-    
+
     protected ICertificateRepository mCertDB = null;
     protected ICertificateAuthority mCA = null;
     protected boolean mSummary = false;
     protected String mEmailSender = null;
     protected String mEmailSubject = null;
     protected String mEmailTemplateName = null;
-    protected	String mSummaryItemTemplateName = null;
-    protected	String mSummaryTemplateName = null;
+    protected String mSummaryItemTemplateName = null;
+    protected String mSummaryTemplateName = null;
     protected boolean mSummaryHTML = false;
     protected boolean mHTML = false;
 
     protected String mHttpHost = null;
     protected String mHttpPort = null;
 
-    private	int mPreDays = 0;
-    private	long mPreMS = 0;
-    private	int mPostDays = 0;
-    private	long mPostMS = 0;
-    private	int mMaxNotifyCount = 1;
-    private     String[] mProfileId = null;
+    private int mPreDays = 0;
+    private long mPreMS = 0;
+    private int mPostDays = 0;
+    private long mPostMS = 0;
+    private int mMaxNotifyCount = 1;
+    private String[] mProfileId = null;
 
     /* Vector of extendedPluginInfo strings */
     protected static Vector mExtendedPluginInfo = null;
@@ -207,8 +204,8 @@ public class RenewalNotificationJob
 
     /**
      * class constructor
-     */		   
-    public RenewalNotificationJob () {
+     */
+    public RenewalNotificationJob() {
     }
 
     /**
@@ -217,48 +214,49 @@ public class RenewalNotificationJob
     public String[] getExtendedPluginInfo(Locale locale) {
         String s[] = {
                 IExtendedPluginInfo.HELP_TEXT +
-                "; A job that checks for expiring or expired certs" +
-                "notifyTriggerOffset before and notifyEndOffset after " +
-                "the expiration date",
-			
-                PROP_PROFILE_ID + ";string;Specify the ID of the profile which "+
-                "approved the certificates that are about to expire. For multiple "+
-                "profiles, each entry is separated by white space. For example, " +
-                "if the administrator just wants to give automated notification " +
-                "when the SSL server certificates are about to expire, then "+
-                "he should enter \"caServerCert caAgentServerCert\" in the profileId textfield. "+
-                "Blank field means all profiles.",
+                        "; A job that checks for expiring or expired certs" +
+                        "notifyTriggerOffset before and notifyEndOffset after " +
+                        "the expiration date",
+
+                PROP_PROFILE_ID + ";string;Specify the ID of the profile which " +
+                        "approved the certificates that are about to expire. For multiple " +
+                        "profiles, each entry is separated by white space. For example, " +
+                        "if the administrator just wants to give automated notification " +
+                        "when the SSL server certificates are about to expire, then " +
+                        "he should enter \"caServerCert caAgentServerCert\" in the profileId textfield. " +
+                        "Blank field means all profiles.",
                 PROP_NOTIFYTRIGGEROFFSET + ";number,required;How long (in days) before " +
-                "certificate expiration will the first notification " +
-                "be sent",
+                        "certificate expiration will the first notification " +
+                        "be sent",
                 PROP_NOTIFYENDOFFSET + ";number,required;How long (in days) after " +
-                "certificate expiration will notifications " +
-                "continue to be resent if certificate is not renewed",
+                        "certificate expiration will notifications " +
+                        "continue to be resent if certificate is not renewed",
                 PROP_CRON + ";string,required;Format: minute hour dayOfMonth Mmonth " +
-                "dayOfWeek. Use '*' for 'every'. For dayOfWeek, 0 is Sunday",
+                        "dayOfWeek. Use '*' for 'every'. For dayOfWeek, 0 is Sunday",
                 PROP_SENDEREMAIL + ";string,required;Specify the address to be used " +
-                "as the email's 'sender'. Bounces go to this address.",
+                        "as the email's 'sender'. Bounces go to this address.",
                 PROP_EMAILSUBJECT + ";string,required;Email subject",
                 PROP_EMAILTEMPLATE + ";string,required;Fully qualified pathname of " +
-                "template file of email to be sent",
+                        "template file of email to be sent",
                 "enabled;boolean;Enable this plugin",
                 "summary.enabled;boolean;Enabled sending of summaries",
                 PROP_SUMMARY_SENDEREMAIL + ";string,required;Sender email address of summary",
                 PROP_SUMMARY_RECIPIENTEMAIL + ";string,required;Who should receive summaries",
                 PROP_SUMMARY_SUBJECT + ";string,required;Subject of summary email",
                 PROP_SUMMARY_TEMPLATE + ";string,required;Fully qualified pathname of " +
-                "template file of email to be sent",
+                        "template file of email to be sent",
                 PROP_SUMMARY_ITEMTEMPLATE + ";string,required;Fully qualified pathname of " +
-                "file with template to be used for each summary item",
+                        "file with template to be used for each summary item",
                 IExtendedPluginInfo.HELP_TOKEN +
-                ";configuration-jobrules-renewalnotification",
+                        ";configuration-jobrules-renewalnotification",
             };
 
         return s;
     }
-    
+
     /**
      * Initialize from the configuration file.
+     * 
      * @param id String name of this instance
      * @param implName string name of this implementation
      * @param config configuration store for this instance
@@ -289,19 +287,20 @@ public class RenewalNotificationJob
 
         mJobCron = scheduler.createJobCron(mCron);
     }
-    
+
     /**
-     * finds out which cert needs notification and notifies the
-     *	 responsible parties
+     * finds out which cert needs notification and notifies the responsible
+     * parties
      */
     public void run() {
         // for forming renewal URL at template
         mHttpHost = CMS.getEEHost();
         mHttpPort = CMS.getEESSLPort();
 
-        // read from the configuration file				
+        // read from the configuration file
         try {
-            mPreDays = mConfig.getInteger(PROP_NOTIFYTRIGGEROFFSET, 30);  // in days
+            mPreDays = mConfig.getInteger(PROP_NOTIFYTRIGGEROFFSET, 30); // in
+                                                                         // days
             mPostDays = mConfig.getInteger(PROP_NOTIFYENDOFFSET, 15); // in days
 
             mEmailSender = mConfig.getString(PROP_SENDEREMAIL);
@@ -314,19 +313,19 @@ public class RenewalNotificationJob
             if (sc.getBoolean(PROP_ENABLED, false)) {
                 mSummary = true;
                 mSummaryItemTemplateName =
-                    mConfig.getString(PROP_SUMMARY_ITEMTEMPLATE);
+                        mConfig.getString(PROP_SUMMARY_ITEMTEMPLATE);
                 mSummarySenderEmail =
-                    mConfig.getString(PROP_SUMMARY_SENDEREMAIL);
+                        mConfig.getString(PROP_SUMMARY_SENDEREMAIL);
                 mSummaryReceiverEmail =
-                    mConfig.getString(PROP_SUMMARY_RECIPIENTEMAIL);
+                        mConfig.getString(PROP_SUMMARY_RECIPIENTEMAIL);
                 mSummaryMailSubject =
-                    mConfig.getString(PROP_SUMMARY_SUBJECT);
+                        mConfig.getString(PROP_SUMMARY_SUBJECT);
                 mSummaryTemplateName =
-                    mConfig.getString(PROP_SUMMARY_TEMPLATE);
+                        mConfig.getString(PROP_SUMMARY_TEMPLATE);
             } else {
                 mSummary = false;
             }
-		
+
             long msperday = 86400 * 1000;
             long mspredays = mPreDays;
             long mspostdays = mPostDays;
@@ -339,17 +338,15 @@ public class RenewalNotificationJob
             String nowString = dateFormat.format(now);
 
             /*
-             * look in the internal db for certificateRecords that are
-             * 1. within the expiration notification period
-             * 2. has not yet been renewed
-             * 3. notify - use EmailTemplateProcessor to formulate
-             *		 content, then send
-             * if notified successfully, mark "STATUS_SUCCESS",
-             *    else, if notified unsuccessfully, mark "STATUS_FAILURE".
+             * look in the internal db for certificateRecords that are 1. within
+             * the expiration notification period 2. has not yet been renewed 3.
+             * notify - use EmailTemplateProcessor to formulate content, then
+             * send if notified successfully, mark "STATUS_SUCCESS", else, if
+             * notified unsuccessfully, mark "STATUS_FAILURE".
              */
-	    
+
             /* 1) make target notAfter string */
-	    
+
             Date expiryDate = null;
             Date stopDate = null;
 
@@ -360,13 +357,14 @@ public class RenewalNotificationJob
 
             expiryDate = new Date(expiryMS);
             stopDate = new Date(stopMS);
-			
+
             // All cert records which:
-            //   1) expire before the deadline
-            //   2) have not already been renewed
-            // filter format: 
-            // (& (notafter<='time')(!(certAutoRenew=DONE))(!certAutoRenew=DISABLED))
-		
+            // 1) expire before the deadline
+            // 2) have not already been renewed
+            // filter format:
+            // (&
+            // (notafter<='time')(!(certAutoRenew=DONE))(!certAutoRenew=DISABLED))
+
             StringBuffer f = new StringBuffer();
             String profileId = "";
             try {
@@ -374,24 +372,24 @@ public class RenewalNotificationJob
             } catch (EBaseException ee) {
             }
 
-            if (profileId != null && profileId.length() > 0) { 
+            if (profileId != null && profileId.length() > 0) {
                 StringTokenizer tokenizer = new StringTokenizer(profileId);
                 int num = tokenizer.countTokens();
                 mProfileId = new String[num];
-                for (int i=0; i<num; i++)
+                for (int i = 0; i < num; i++)
                     mProfileId[i] = tokenizer.nextToken();
             }
 
             f.append("(&");
             if (mProfileId != null) {
                 if (mProfileId.length == 1)
-                    f.append("("+ICertRecord.ATTR_META_INFO+ "=" + 
-                      ICertRecord.META_PROFILE_ID +":"+mProfileId[0]+")");
+                    f.append("(" + ICertRecord.ATTR_META_INFO + "=" +
+                            ICertRecord.META_PROFILE_ID + ":" + mProfileId[0] + ")");
                 else {
                     f.append("(|");
-                    for (int i=0; i<mProfileId.length; i++) {
-                        f.append("("+ICertRecord.ATTR_META_INFO+ "=" + 
-                          ICertRecord.META_PROFILE_ID +":"+mProfileId[i]+")");
+                    for (int i = 0; i < mProfileId.length; i++) {
+                        f.append("(" + ICertRecord.ATTR_META_INFO + "=" +
+                                ICertRecord.META_PROFILE_ID + ":" + mProfileId[i] + ")");
                     }
                     f.append(")");
                 }
@@ -407,7 +405,7 @@ public class RenewalNotificationJob
             String filter = f.toString();
 
             String emailTemplate =
-                getTemplateContent(mEmailTemplateName);
+                    getTemplateContent(mEmailTemplateName);
 
             mHTML = mMailHTML;
 
@@ -415,15 +413,16 @@ public class RenewalNotificationJob
                 String summaryItemTemplate = null;
 
                 if (mSummary == true) {
-                    summaryItemTemplate = 
+                    summaryItemTemplate =
                             getTemplateContent(mSummaryItemTemplateName);
                 }
 
                 ItemCounter ic = new ItemCounter();
                 CertRecProcessor cp = new CertRecProcessor(this, emailTemplate, summaryItemTemplate, ic);
-                //CertRecordList list = mCertDB.findCertRecordsInList(filter, null, "serialno", 5);
-                //list.processCertRecords(0, list.getSize() - 1, cp);
-			
+                // CertRecordList list = mCertDB.findCertRecordsInList(filter,
+                // null, "serialno", 5);
+                // list.processCertRecords(0, list.getSize() - 1, cp);
+
                 Enumeration en = mCertDB.findCertRecs(filter);
 
                 while (en.hasMoreElements()) {
@@ -432,40 +431,41 @@ public class RenewalNotificationJob
                     try {
                         cp.process(element);
                     } catch (Exception e) {
-                        //Don't abort the entire operation. The error should already be logged
+                        // Don't abort the entire operation. The error should
+                        // already be logged
                         log(ILogger.LL_FAILURE, CMS.getLogMessage("JOBS_FAILED_PROCESS", e.toString()));
                     }
                 }
-			
+
                 // Now send the summary
 
                 if (mSummary == true) {
                     try {
                         String summaryTemplate =
-                            getTemplateContent(mSummaryTemplateName);
+                                getTemplateContent(mSummaryTemplateName);
 
                         mSummaryHTML = mMailHTML;
 
                         buildContentParams(IEmailFormProcessor.TOKEN_ID,
-                            mId);
+                                mId);
 
                         buildContentParams(IEmailFormProcessor.TOKEN_SUMMARY_ITEM_LIST,
-                            ic.mItemListContent);
+                                ic.mItemListContent);
                         buildContentParams(IEmailFormProcessor.TOKEN_SUMMARY_TOTAL_NUM,
-                            String.valueOf(ic.mNumFail + ic.mNumSuccessful));
-                        buildContentParams(IEmailFormProcessor.TOKEN_SUMMARY_SUCCESS_NUM, 
-                            String.valueOf(ic.mNumSuccessful));
+                                String.valueOf(ic.mNumFail + ic.mNumSuccessful));
+                        buildContentParams(IEmailFormProcessor.TOKEN_SUMMARY_SUCCESS_NUM,
+                                String.valueOf(ic.mNumSuccessful));
                         buildContentParams(IEmailFormProcessor.TOKEN_SUMMARY_FAILURE_NUM,
-                            String.valueOf(ic.mNumFail));
+                                String.valueOf(ic.mNumFail));
 
                         buildContentParams(IEmailFormProcessor.TOKEN_EXECUTION_TIME,
-                            nowString);
-					
+                                nowString);
+
                         IEmailFormProcessor summaryEmfp = CMS.getEmailFormProcessor();
 
-                        String summaryContent = 
-                            summaryEmfp.getEmailContent(summaryTemplate,
-                                mContentParams);
+                        String summaryContent =
+                                summaryEmfp.getEmailContent(summaryTemplate,
+                                        mContentParams);
 
                         if (summaryContent == null) {
                             log(ILogger.LL_FAILURE, CMS.getLogMessage("JOBS_SUMMARY_CONTENT_NULL"));
@@ -490,38 +490,43 @@ public class RenewalNotificationJob
 
     /**
      * get instance id.
+     * 
      * @return a String identifier
      */
     public String getId() {
         return mId;
     }
-    
+
     /**
      * set instance id.
+     * 
      * @param id String id of the instance
      */
     public void setId(String id) {
         mId = id;
     }
-    
+
     /**
      * get cron string associated with this job
+     * 
      * @return a JobCron object that represents the schedule of this job
      */
     public IJobCron getJobCron() {
         return mJobCron;
     }
-    
+
     /**
      * gets the plugin name of this job.
+     * 
      * @return a String that is the name of this implementation
      */
     public String getImplName() {
         return mImplName;
     }
-    
+
     /**
      * Gets the configuration substore used by this job
+     * 
      * @return configuration store
      */
     public IConfigStore getConfigStore() {
@@ -529,16 +534,16 @@ public class RenewalNotificationJob
     }
 
     protected void mailUser(String subject,
-        String msg,
-        String sender,
-        IRequest req,
-        ICertRecord cr)
-        throws IOException, ENotificationException, EBaseException {
+            String msg,
+            String sender,
+            IRequest req,
+            ICertRecord cr)
+            throws IOException, ENotificationException, EBaseException {
 
         IMailNotification mn = CMS.getMailNotification();
 
         String rcp = null;
-        //		boolean sendFailed = false;
+        // boolean sendFailed = false;
         Exception sendFailedException = null;
 
         IEmailResolverKeys keys = CMS.getEmailResolverKeys();
@@ -561,20 +566,25 @@ public class RenewalNotificationJob
 
         } catch (Exception e) {
             // already logged by the resolver
-            //			sendFailed = true;
+            // sendFailed = true;
             sendFailedException = e;
             throw (ENotificationException) sendFailedException;
         }
 
         mn.setTo(rcp);
 
-        if (sender != null) mn.setFrom(sender);
-        else mn.setFrom("nobody");
+        if (sender != null)
+            mn.setFrom(sender);
+        else
+            mn.setFrom("nobody");
 
-        if (subject != null) mn.setSubject(subject);
-        else mn.setFrom("Important message from Certificate Authority");
+        if (subject != null)
+            mn.setSubject(subject);
+        else
+            mn.setFrom("Important message from Certificate Authority");
 
-        if (mHTML == true) mn.setContentType("text/html");
+        if (mHTML == true)
+            mn.setContentType("text/html");
 
         String failedString = null;
 
@@ -584,10 +594,10 @@ public class RenewalNotificationJob
     }
 
     /**
-     * Returns a list of configuration parameter names. 
-     * The list is passed to the configuration console so instances of 
-     * this implementation can be configured through the console.
-     *
+     * Returns a list of configuration parameter names. The list is passed to
+     * the configuration console so instances of this implementation can be
+     * configured through the console.
+     * 
      * @return String array of configuration parameter names.
      */
     public String[] getConfigParams() {
@@ -595,15 +605,14 @@ public class RenewalNotificationJob
     }
 }
 
-
 class CertRecProcessor implements IElementProcessor {
     protected RenewalNotificationJob mJob;
     protected String mEmailTemplate;
     protected String mSummaryItemTemplate;
     protected ItemCounter mIC;
 
-    public CertRecProcessor(RenewalNotificationJob job, String emailTemplate, 
-        String summaryItemTemplate, ItemCounter ic) {
+    public CertRecProcessor(RenewalNotificationJob job, String emailTemplate,
+            String summaryItemTemplate, ItemCounter ic) {
         mJob = job;
         mEmailTemplate = emailTemplate;
         mSummaryItemTemplate = summaryItemTemplate;
@@ -621,9 +630,9 @@ class CertRecProcessor implements IElementProcessor {
         if (cr != null) {
             mJob.buildItemParams(cr.getCertificate());
             mJob.buildItemParams(IEmailFormProcessor.TOKEN_HTTP_HOST,
-                mJob.mHttpHost);
+                    mJob.mHttpHost);
             mJob.buildItemParams(IEmailFormProcessor.TOKEN_HTTP_PORT, mJob.mHttpPort);
-						
+
             MetaInfo metaInfo = null;
 
             metaInfo = (MetaInfo) cr.get(ICertRecord.ATTR_META_INFO);
@@ -632,10 +641,10 @@ class CertRecProcessor implements IElementProcessor {
                 numFailCounted = true;
                 if (mJob.mSummary == true)
                     mJob.buildItemParams(IEmailFormProcessor.TOKEN_STATUS,
-                        AJobBase.STATUS_FAILURE);
-                mJob.log(ILogger.LL_FAILURE,					
-                    CMS.getLogMessage("JOBS_GET_CERT_ERROR",
-                        cr.getCertificate().getSerialNumber().toString(16)));
+                            AJobBase.STATUS_FAILURE);
+                mJob.log(ILogger.LL_FAILURE,
+                        CMS.getLogMessage("JOBS_GET_CERT_ERROR",
+                                cr.getCertificate().getSerialNumber().toString(16)));
             } else {
                 ridString = (String) metaInfo.get(ICertRecord.META_REQUEST_ID);
             }
@@ -645,54 +654,54 @@ class CertRecProcessor implements IElementProcessor {
 
         if (ridString != null) {
             RequestId rid = new RequestId(ridString);
-						
+
             try {
                 req = mJob.mCA.getRequestQueue().findRequest(rid);
             } catch (Exception e) {
                 // it is ok not to be able to get the request. The main reason
                 // to get the request is to retrieve the requestor's email.
                 // We can retrieve the email from the CertRecord.
-                CMS.debug("huh RenewalNotificationJob Exception: "+e.toString());
+                CMS.debug("huh RenewalNotificationJob Exception: " + e.toString());
             }
 
             if (req != null)
                 mJob.buildItemParams(req);
         } // ridString != null
 
-        try {						
+        try {
             // send mail to user
-						
+
             IEmailFormProcessor emfp = CMS.getEmailFormProcessor();
             String message = emfp.getEmailContent(mEmailTemplate,
                     mJob.mItemParams);
 
             mJob.mailUser(mJob.mEmailSubject,
-                message,
-                mJob.mEmailSender,
-                req,
-                cr);
-						
+                    message,
+                    mJob.mEmailSender,
+                    req,
+                    cr);
+
             mJob.buildItemParams(IEmailFormProcessor.TOKEN_STATUS,
-                AJobBase.STATUS_SUCCESS);
-						
+                    AJobBase.STATUS_SUCCESS);
+
             mIC.mNumSuccessful++;
-						
+
         } catch (Exception e) {
-            CMS.debug("RenewalNotificationJob Exception: "+e.toString());
+            CMS.debug("RenewalNotificationJob Exception: " + e.toString());
             mJob.buildItemParams(IEmailFormProcessor.TOKEN_STATUS, AJobBase.STATUS_FAILURE);
             mJob.log(ILogger.LL_FAILURE, e.toString(), ILogger.L_MULTILINE);
             if (numFailCounted == false) {
                 mIC.mNumFail++;
             }
         }
-				
+
         if (mJob.mSummary == true) {
             IEmailFormProcessor summaryItemEmfp =
-                CMS.getEmailFormProcessor();
-            String c = 
-                summaryItemEmfp.getEmailContent(mSummaryItemTemplate,
-                    mJob.mItemParams);
-					
+                    CMS.getEmailFormProcessor();
+            String c =
+                    summaryItemEmfp.getEmailContent(mSummaryItemTemplate,
+                            mJob.mItemParams);
+
             if (mIC.mItemListContent == null) {
                 mIC.mItemListContent = c;
             } else {
@@ -702,7 +711,6 @@ class CertRecProcessor implements IElementProcessor {
     }
 }
 
-
 class ItemCounter {
     public int mNumSuccessful = 0;
     public int mNumFail = 0;
diff --git a/pki/base/common/src/com/netscape/cms/jobs/RequestInQueueJob.java b/pki/base/common/src/com/netscape/cms/jobs/RequestInQueueJob.java
index 07a35a9d..4888d301 100644
--- a/pki/base/common/src/com/netscape/cms/jobs/RequestInQueueJob.java
+++ b/pki/base/common/src/com/netscape/cms/jobs/RequestInQueueJob.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.jobs;
 
-
 import java.text.DateFormat;
 import java.util.Date;
 import java.util.Locale;
@@ -37,46 +36,43 @@ import com.netscape.certsrv.request.IRequestQueue;
 import com.netscape.certsrv.request.RequestId;
 import com.netscape.certsrv.request.RequestStatus;
 
-
 /**
- * A job for the Jobs Scheduler.  This job checks in the internal ldap
- * db for requests currently in the request queue and send a summary
- * report to the administrator
+ * A job for the Jobs Scheduler. This job checks in the internal ldap db for
+ * requests currently in the request queue and send a summary report to the
+ * administrator
  * <p>
  * the $TOKENS that are available for the this jobs's summary outer form are:<br>
  * <UL>
- * $InstanceID
- * $SummaryTotalNum
- * $ExecutionTime
+ * $InstanceID $SummaryTotalNum $ExecutionTime
  * </UL>
- *
+ * 
  * @version $Revision$, $Date$
  * @see com.netscape.certsrv.jobs.IJob
  * @see com.netscape.cms.jobs.AJobBase
  */
 public class RequestInQueueJob extends AJobBase
-    implements IJob, Runnable, IExtendedPluginInfo {
+        implements IJob, Runnable, IExtendedPluginInfo {
     protected static final String PROP_SUBSYSTEM_ID = "subsystemId";
 
     IAuthority mSub = null;
     IRequestQueue mReqQ = null;
     private boolean mSummary = false;
 
-    /* Holds configuration parameters accepted by this implementation.
-     * This list is passed to the configuration console so configuration
-     * for instances of this implementation can be configured through the
-     * console.
+    /*
+     * Holds configuration parameters accepted by this implementation. This list
+     * is passed to the configuration console so configuration for instances of
+     * this implementation can be configured through the console.
      */
     protected static String[] mConfigParams =
-        new String[] { 
-            "enabled",
-            "cron",
-            "subsystemId",
-            "summary.enabled",
-            "summary.emailSubject",
-            "summary.emailTemplate",
-            "summary.senderEmail",
-            "summary.recipientEmail"
+            new String[] {
+                    "enabled",
+                    "cron",
+                    "subsystemId",
+                    "summary.enabled",
+                    "summary.emailSubject",
+                    "summary.emailTemplate",
+                    "summary.senderEmail",
+                    "summary.recipientEmail"
         };
 
     /**
@@ -85,30 +81,31 @@ public class RequestInQueueJob extends AJobBase
     public String[] getExtendedPluginInfo(Locale locale) {
         String s[] = {
                 IExtendedPluginInfo.HELP_TEXT +
-                "; A job that checks for enrollment requests in the " +
-                "queue, and reports to recipientEmail",
+                        "; A job that checks for enrollment requests in the " +
+                        "queue, and reports to recipientEmail",
                 "cron;string;Format: minute hour dayOfMonth month " +
-                "dayOfWeek. Use '*' for 'every'. For dayOfWeek, 0 is Sunday",
+                        "dayOfWeek. Use '*' for 'every'. For dayOfWeek, 0 is Sunday",
                 "summary.senderEmail;string;Specify the address to be used " +
-                "as the email's 'sender'. Bounces go to this address.",
+                        "as the email's 'sender'. Bounces go to this address.",
                 "summary.recipientEmail;string;Who should receive summaries",
                 "enabled;boolean;Enable this plugin",
                 "summary.enabled;boolean;Enable the summary. You must enabled " +
-                "this for the job to work.",
+                        "this for the job to work.",
                 "summary.emailSubject;string;Subject of summary email",
                 "summary.emailTemplate;string;Fully qualified pathname of " +
-                "template file of email to be sent",
+                        "template file of email to be sent",
                 "subsystemId;choice(ca,ra);The type of subsystem this job is " +
-                "for",
+                        "for",
                 IExtendedPluginInfo.HELP_TOKEN +
-                ";configuration-jobrules-requestinqueuejob",
+                        ";configuration-jobrules-requestinqueuejob",
             };
 
         return s;
     }
-    
+
     /**
      * initialize from the configuration file
+     * 
      * @param id String name of this instance
      * @param implName string name of this implementation
      * @param config configuration store for this instance
@@ -137,7 +134,7 @@ public class RequestInQueueJob extends AJobBase
         if (mCron == null) {
             return;
         }
-		
+
         // parse cron string into a JobCron class
         IJobsScheduler scheduler = (IJobsScheduler) owner;
 
@@ -150,7 +147,7 @@ public class RequestInQueueJob extends AJobBase
             mSummary = true;
             mSummaryMailSubject = sc.getString(PROP_EMAIL_SUBJECT);
             mMailForm = sc.getString(PROP_EMAIL_TEMPLATE);
-            //		mItemForm = sc.getString(PROP_ITEM_TEMPLATE);
+            // mItemForm = sc.getString(PROP_ITEM_TEMPLATE);
             mSummarySenderEmail = sc.getString(PROP_SENDER_EMAIL);
             mSummaryReceiverEmail = sc.getString(PROP_RECEIVER_EMAIL);
         } else {
@@ -162,7 +159,8 @@ public class RequestInQueueJob extends AJobBase
      * summarize the queue status and mail it
      */
     public void run() {
-        if (mSummary == false) return;
+        if (mSummary == false)
+            return;
 
         Date date = CMS.getCurrentDate();
         long now = date.getTime();
@@ -171,24 +169,20 @@ public class RequestInQueueJob extends AJobBase
 
         int count = 0;
         IRequestList list =
-            mReqQ.listRequestsByStatus(RequestStatus.PENDING);
+                mReqQ.listRequestsByStatus(RequestStatus.PENDING);
 
         while (list != null && list.hasMoreElements()) {
             RequestId rid = list.nextRequestId();
 
-            /*  This is way too slow
-             // get request from request id
-             IRequest req = null;
-             try {
-             req = mReqQ.findRequest(rid);
-             } catch (EBaseException e) {
-             System.out.println(e.toString());
-             }
+            /*
+             * This is way too slow // get request from request id IRequest req
+             * = null; try { req = mReqQ.findRequest(rid); } catch
+             * (EBaseException e) { System.out.println(e.toString()); }
              */
             count++;
         }
 
-        //		if (count == 0) return;
+        // if (count == 0) return;
 
         String contentForm = null;
 
@@ -196,23 +190,23 @@ public class RequestInQueueJob extends AJobBase
 
         buildContentParams(IEmailFormProcessor.TOKEN_ID, mId);
         buildContentParams(IEmailFormProcessor.TOKEN_SUMMARY_TOTAL_NUM,
-            String.valueOf(count));
+                String.valueOf(count));
         buildContentParams(IEmailFormProcessor.TOKEN_EXECUTION_TIME,
-            nowString);
+                nowString);
 
         IEmailFormProcessor emailFormProcessor = CMS.getEmailFormProcessor();
         String mailContent =
-            emailFormProcessor.getEmailContent(contentForm,
-                mContentParams);
+                emailFormProcessor.getEmailContent(contentForm,
+                        mContentParams);
 
         mailSummary(mailContent);
     }
 
     /**
-     * Returns a list of configuration parameter names. 
-     * The list is passed to the configuration console so instances of 
-     * this implementation can be configured through the console.
-     *
+     * Returns a list of configuration parameter names. The list is passed to
+     * the configuration console so instances of this implementation can be
+     * configured through the console.
+     * 
      * @return String array of configuration parameter names.
      */
     public String[] getConfigParams() {
diff --git a/pki/base/common/src/com/netscape/cms/jobs/UnpublishExpiredJob.java b/pki/base/common/src/com/netscape/cms/jobs/UnpublishExpiredJob.java
index 6a0a6d03..2419b9b7 100644
--- a/pki/base/common/src/com/netscape/cms/jobs/UnpublishExpiredJob.java
+++ b/pki/base/common/src/com/netscape/cms/jobs/UnpublishExpiredJob.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.jobs;
 
-
 import java.security.cert.X509Certificate;
 import java.text.DateFormat;
 import java.util.Date;
@@ -46,59 +45,47 @@ import com.netscape.certsrv.request.IRequest;
 import com.netscape.certsrv.request.IRequestQueue;
 import com.netscape.certsrv.request.RequestId;
 
-
 /**
- * a job for the Jobs Scheduler.  This job checks in the internal ldap
- * db for certs that have expired and remove them from the ldap
- * publishing directory.
+ * a job for the Jobs Scheduler. This job checks in the internal ldap db for
+ * certs that have expired and remove them from the ldap publishing directory.
  * <p>
  * the $TOKENS that are available for the this jobs's summary outer form are:<br>
  * <UL>
- * $Status
- * $InstanceID
- * $SummaryItemList
- * $SummaryTotalNum
- * $SummaryTotalSuccess
- * $SummaryTotalfailure
- * $ExecutionTime
+ * $Status $InstanceID $SummaryItemList $SummaryTotalNum $SummaryTotalSuccess
+ * $SummaryTotalfailure $ExecutionTime
  * </UL>
  * and for the inner list items:
  * <UL>
- * $SerialNumber
- * $IssuerDN
- * $SubjectDN
- * $NotAfter
- * $NotBefore
- * $RequestorEmail
+ * $SerialNumber $IssuerDN $SubjectDN $NotAfter $NotBefore $RequestorEmail
  * $CertType
  * </UL>
- *
+ * 
  * @version $Revision$, $Date$
  */
 public class UnpublishExpiredJob extends AJobBase
-    implements IJob, Runnable, IExtendedPluginInfo {
-	
+        implements IJob, Runnable, IExtendedPluginInfo {
+
     ICertificateAuthority mCa = null;
     IRequestQueue mReqQ = null;
     ICertificateRepository mRepository = null;
     IPublisherProcessor mPublisherProcessor = null;
     private boolean mSummary = false;
 
-    /* Holds configuration parameters accepted by this implementation.
-     * This list is passed to the configuration console so configuration
-     * for instances of this implementation can be configured through the
-     * console.
+    /*
+     * Holds configuration parameters accepted by this implementation. This list
+     * is passed to the configuration console so configuration for instances of
+     * this implementation can be configured through the console.
      */
     protected static String[] mConfigParams =
-        new String[] { 
-            "enabled",
-            "cron",
-            "summary.enabled",
-            "summary.emailSubject",
-            "summary.emailTemplate",
-            "summary.itemTemplate",
-            "summary.senderEmail",
-            "summary.recipientEmail"
+            new String[] {
+                    "enabled",
+                    "cron",
+                    "summary.enabled",
+                    "summary.emailSubject",
+                    "summary.emailTemplate",
+                    "summary.itemTemplate",
+                    "summary.senderEmail",
+                    "summary.recipientEmail"
         };
 
     /* Vector of extendedPluginInfo strings */
@@ -110,24 +97,24 @@ public class UnpublishExpiredJob extends AJobBase
     public String[] getExtendedPluginInfo(Locale locale) {
         String s[] = {
                 IExtendedPluginInfo.HELP_TEXT +
-                "; A job that checks for expired certificates in the " +
-                "database, and removes them from the publishing " +
-                "directory",
+                        "; A job that checks for expired certificates in the " +
+                        "database, and removes them from the publishing " +
+                        "directory",
                 "cron;string;Format: minute hour dayOfMonth month " +
-                "dayOfWeek. Use '*' for 'every'. For dayOfWeek, 0 is Sunday",
+                        "dayOfWeek. Use '*' for 'every'. For dayOfWeek, 0 is Sunday",
                 "summary.senderEmail;string;Specify the address to be used " +
-                "as the email's 'sender'. Bounces go to this address.",
+                        "as the email's 'sender'. Bounces go to this address.",
                 "summary.recipientEmail;string;Who should receive summaries",
                 "enabled;boolean;Enable this plugin",
                 "summary.enabled;boolean;Enable the summary. You must enabled " +
-                "this for the job to work.",
+                        "this for the job to work.",
                 "summary.emailSubject;string;Subject of summary email",
                 "summary.emailTemplate;string;Fully qualified pathname of " +
-                "template file of email to be sent",
+                        "template file of email to be sent",
                 "summary.itemTemplate;string;Fully qualified pathname of " +
-                "file containing template for each item",
+                        "file containing template for each item",
                 IExtendedPluginInfo.HELP_TOKEN +
-                ";configuration-jobrules-unpublishexpiredjobs",
+                        ";configuration-jobrules-unpublishexpiredjobs",
             };
 
         return s;
@@ -151,13 +138,13 @@ public class UnpublishExpiredJob extends AJobBase
         mReqQ = mCa.getRequestQueue();
         mRepository = (ICertificateRepository) mCa.getCertificateRepository();
         mPublisherProcessor = mCa.getPublisherProcessor();
-		
+
         // read from the configuration file
         mCron = mConfig.getString(IJobCron.PROP_CRON);
         if (mCron == null) {
             return;
         }
-		
+
         // parse cron string into a JobCron class
         IJobsScheduler scheduler = (IJobsScheduler) owner;
 
@@ -179,16 +166,14 @@ public class UnpublishExpiredJob extends AJobBase
     }
 
     /**
-     * look in the internal db for certificateRecords that are
-     * expired.
-     * remove them from ldap publishing directory
-     * if remove successfully, mark <i>false</i> on the
-     *		 <b>InLdapPublishDir</b> flag,
-     *    else, if remove unsuccessfully, log it
+     * look in the internal db for certificateRecords that are expired. remove
+     * them from ldap publishing directory if remove successfully, mark
+     * <i>false</i> on the <b>InLdapPublishDir</b> flag, else, if remove
+     * unsuccessfully, log it
      */
     public void run() {
-        //		System.out.println("in ExpiredUnpublishJob "+
-        //						   getId()+ " : run()");
+        // System.out.println("in ExpiredUnpublishJob "+
+        // getId()+ " : run()");
         // get time now..."now" is before the loop
         Date date = CMS.getCurrentDate();
         long now = date.getTime();
@@ -197,11 +182,11 @@ public class UnpublishExpiredJob extends AJobBase
 
         // form filter
         String filter = "(&(x509Cert.notAfter<=" + now +
-            ")(!(x509Cert.notAfter=" + now + "))" +
-            "(" + "certMetainfo=" + ICertRecord.META_LDAPPUBLISH +
-            ":true))";
+                ")(!(x509Cert.notAfter=" + now + "))" +
+                "(" + "certMetainfo=" + ICertRecord.META_LDAPPUBLISH +
+                ":true))";
         // a test for without CertRecord.META_LDAPPUBLISH
-        //String filter = "(x509Cert.notAfter<="+ now +")";
+        // String filter = "(x509Cert.notAfter<="+ now +")";
 
         Enumeration expired = null;
 
@@ -209,10 +194,10 @@ public class UnpublishExpiredJob extends AJobBase
             expired = mRepository.findCertRecs(filter);
             // bug 399150
             /*
-             CertRecordList list = null;
-             list = mRepository.findCertRecordsInList(filter,  null, "serialno", 5);
-             int size = list.getSize();
-             expired = list.getCertRecords(0, size - 1);
+             * CertRecordList list = null; list =
+             * mRepository.findCertRecordsInList(filter, null, "serialno", 5);
+             * int size = list.getSize(); expired = list.getCertRecords(0, size
+             * - 1);
              */
         } catch (EBaseException e) {
             log(ILogger.LL_FAILURE, CMS.getLogMessage("OPERATION_ERROR", e.toString()));
@@ -233,13 +218,14 @@ public class UnpublishExpiredJob extends AJobBase
         while (expired != null && expired.hasMoreElements()) {
             ICertRecord rec = (ICertRecord) expired.nextElement();
 
-            if (rec == null) break;
+            if (rec == null)
+                break;
             X509CertImpl cert = rec.getCertificate();
 
             if (mSummary == true)
                 buildItemParams(cert);
 
-                // get request id from cert record MetaInfo
+            // get request id from cert record MetaInfo
             MetaInfo minfo = null;
 
             try {
@@ -248,42 +234,42 @@ public class UnpublishExpiredJob extends AJobBase
                 negCount += 1;
                 if (mSummary == true)
                     buildItemParams(IEmailFormProcessor.TOKEN_STATUS,
-                        STATUS_FAILURE);
-                log(ILogger.LL_FAILURE,					
-                    CMS.getLogMessage("JOBS_META_INFO_ERROR",
-                        cert.getSerialNumber().toString(16) +
-                        e.toString()));
+                            STATUS_FAILURE);
+                log(ILogger.LL_FAILURE,
+                        CMS.getLogMessage("JOBS_META_INFO_ERROR",
+                                cert.getSerialNumber().toString(16) +
+                                        e.toString()));
             }
 
             String ridString = null;
 
             try {
                 if (minfo != null)
-                    ridString = (String) minfo.get(ICertRecord.META_REQUEST_ID); 
+                    ridString = (String) minfo.get(ICertRecord.META_REQUEST_ID);
             } catch (EBaseException e) {
                 negCount += 1;
                 if (mSummary == true)
                     buildItemParams(IEmailFormProcessor.TOKEN_STATUS,
-                        STATUS_FAILURE);
-                log(ILogger.LL_FAILURE,					
-                    CMS.getLogMessage("JOBS_META_REQUEST_ERROR",
-                        cert.getSerialNumber().toString(16) +
-                        e.toString()));
+                            STATUS_FAILURE);
+                log(ILogger.LL_FAILURE,
+                        CMS.getLogMessage("JOBS_META_REQUEST_ERROR",
+                                cert.getSerialNumber().toString(16) +
+                                        e.toString()));
             } catch (NullPointerException e) {
                 // no requestId in MetaInfo...skip to next record
                 negCount += 1;
                 if (mSummary == true)
                     buildItemParams(IEmailFormProcessor.TOKEN_STATUS,
-                        STATUS_FAILURE);
-                log(ILogger.LL_FAILURE,					
-                    CMS.getLogMessage("JOBS_META_REQUEST_ERROR",
-                        cert.getSerialNumber().toString(16) +
-                        e.toString()));
+                            STATUS_FAILURE);
+                log(ILogger.LL_FAILURE,
+                        CMS.getLogMessage("JOBS_META_REQUEST_ERROR",
+                                cert.getSerialNumber().toString(16) +
+                                        e.toString()));
             }
 
             if (ridString != null) {
                 RequestId rid = new RequestId(ridString);
-				
+
                 // get request from request id
                 IRequest req = null;
 
@@ -297,19 +283,19 @@ public class UnpublishExpiredJob extends AJobBase
                     negCount += 1;
                     if (mSummary == true)
                         buildItemParams(IEmailFormProcessor.TOKEN_STATUS,
-                            STATUS_FAILURE);
-                    log(ILogger.LL_FAILURE,					
-                        CMS.getLogMessage("JOBS_FIND_REQUEST_ERROR",
-                            cert.getSerialNumber().toString(16) +
-                            e.toString()));
+                                STATUS_FAILURE);
+                    log(ILogger.LL_FAILURE,
+                            CMS.getLogMessage("JOBS_FIND_REQUEST_ERROR",
+                                    cert.getSerialNumber().toString(16) +
+                                            e.toString()));
                 }
                 try {
                     if ((mPublisherProcessor != null) &&
-                        mPublisherProcessor.enabled()) { 
+                            mPublisherProcessor.enabled()) {
                         mPublisherProcessor.unpublishCert((X509Certificate) cert, req);
                         if (mSummary == true)
                             buildItemParams(IEmailFormProcessor.TOKEN_STATUS,
-                                STATUS_SUCCESS);
+                                    STATUS_SUCCESS);
                         count += 1;
                     } else {
                         negCount += 1;
@@ -318,21 +304,21 @@ public class UnpublishExpiredJob extends AJobBase
                     negCount += 1;
                     if (mSummary == true)
                         buildItemParams(IEmailFormProcessor.TOKEN_STATUS,
-                            STATUS_FAILURE);
-                    log(ILogger.LL_FAILURE,					
-                        CMS.getLogMessage("JOBS_UNPUBLISH_ERROR",
-                            cert.getSerialNumber().toString(16) +
-                            e.toString()));
+                                STATUS_FAILURE);
+                    log(ILogger.LL_FAILURE,
+                            CMS.getLogMessage("JOBS_UNPUBLISH_ERROR",
+                                    cert.getSerialNumber().toString(16) +
+                                            e.toString()));
                 }
             } // ridString != null
             else {
                 try {
                     if ((mPublisherProcessor != null) &&
-                        mPublisherProcessor.enabled()) { 
+                            mPublisherProcessor.enabled()) {
                         mPublisherProcessor.unpublishCert((X509Certificate) cert, null);
                         if (mSummary == true)
                             buildItemParams(IEmailFormProcessor.TOKEN_STATUS,
-                                STATUS_SUCCESS);
+                                    STATUS_SUCCESS);
                         count += 1;
                     } else {
                         negCount += 1;
@@ -341,11 +327,11 @@ public class UnpublishExpiredJob extends AJobBase
                     negCount += 1;
                     if (mSummary == true)
                         buildItemParams(IEmailFormProcessor.TOKEN_STATUS,
-                            STATUS_FAILURE);
-                    log(ILogger.LL_FAILURE,					
-                        CMS.getLogMessage("JOBS_UNPUBLISH_ERROR",
-                            cert.getSerialNumber().toString(16) +
-                            e.toString()));
+                                STATUS_FAILURE);
+                    log(ILogger.LL_FAILURE,
+                            CMS.getLogMessage("JOBS_UNPUBLISH_ERROR",
+                                    cert.getSerialNumber().toString(16) +
+                                            e.toString()));
                 }
             } // ridString == null
 
@@ -355,7 +341,7 @@ public class UnpublishExpiredJob extends AJobBase
             // if summary is enabled, form the item content
             if (mSummary) {
                 IEmailFormProcessor emailItemFormProcessor =
-                    CMS.getEmailFormProcessor();
+                        CMS.getEmailFormProcessor();
                 String c = emailItemFormProcessor.getEmailContent(itemForm,
                         mItemParams);
 
@@ -371,36 +357,35 @@ public class UnpublishExpiredJob extends AJobBase
         // time for summary
         if (mSummary == true) {
             buildContentParams(IEmailFormProcessor.TOKEN_ID,
-                mId);
+                    mId);
             buildContentParams(IEmailFormProcessor.TOKEN_SUMMARY_ITEM_LIST,
-                itemListContent);
+                    itemListContent);
             buildContentParams(IEmailFormProcessor.TOKEN_SUMMARY_TOTAL_NUM,
-                String.valueOf(count + negCount));
+                    String.valueOf(count + negCount));
             buildContentParams(IEmailFormProcessor.TOKEN_SUMMARY_SUCCESS_NUM,
-                String.valueOf(count));
+                    String.valueOf(count));
             buildContentParams(IEmailFormProcessor.TOKEN_SUMMARY_FAILURE_NUM,
-                String.valueOf(negCount));
+                    String.valueOf(negCount));
             buildContentParams(IEmailFormProcessor.TOKEN_EXECUTION_TIME,
-                nowString);
+                    nowString);
 
             IEmailFormProcessor emailFormProcessor = CMS.getEmailFormProcessor();
             String mailContent =
-                emailFormProcessor.getEmailContent(contentForm,
-                    mContentParams);
+                    emailFormProcessor.getEmailContent(contentForm,
+                            mContentParams);
 
             mailSummary(mailContent);
         }
     }
 
     /**
-     * Returns a list of configuration parameter names. 
-     * The list is passed to the configuration console so instances of 
-     * this implementation can be configured through the console.
-     *
+     * Returns a list of configuration parameter names. The list is passed to
+     * the configuration console so instances of this implementation can be
+     * configured through the console.
+     * 
      * @return String array of configuration parameter names.
      */
     public String[] getConfigParams() {
         return (mConfigParams);
     }
 }
-
diff --git a/pki/base/common/src/com/netscape/cms/listeners/CertificateIssuedListener.java b/pki/base/common/src/com/netscape/cms/listeners/CertificateIssuedListener.java
index d238c279..d2fefa24 100644
--- a/pki/base/common/src/com/netscape/cms/listeners/CertificateIssuedListener.java
+++ b/pki/base/common/src/com/netscape/cms/listeners/CertificateIssuedListener.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.listeners;
 
-
 import java.io.File;
 import java.io.IOException;
 import java.text.DateFormat;
@@ -45,12 +44,11 @@ import com.netscape.certsrv.request.IRequest;
 import com.netscape.certsrv.request.IRequestListener;
 import com.netscape.certsrv.request.RequestId;
 
-
 /**
  * a listener for every completed enrollment request
  * <p>
- * Here is a list of available $TOKENs for email notification
- templates if certificate is successfully issued:
+ * Here is a list of available $TOKENs for email notification templates if
+ * certificate is successfully issued:
  * <UL>
  * <LI>$InstanceID
  * <LI>$SerialNumber
@@ -66,13 +64,13 @@ import com.netscape.certsrv.request.RequestId;
  * <LI>$RecipientEmail
  * </UL>
  * <p>
- * Here is a list of available $TOKENs for email notification
- templates if certificate request is rejected:
+ * Here is a list of available $TOKENs for email notification templates if
+ * certificate request is rejected:
  * <UL>
  * <LI>$RequestId
  * <LI>$InstanceID
  * </UL>
- *
+ * 
  * @version $Revision$, $Date$
  */
 public class CertificateIssuedListener implements IRequestListener {
@@ -107,7 +105,7 @@ public class CertificateIssuedListener implements IRequestListener {
     }
 
     public void init(ISubsystem sub, IConfigStore config)
-        throws EListenersException, EPropertyNotFound, EBaseException {
+            throws EListenersException, EPropertyNotFound, EBaseException {
         mSubsystem = (ICertAuthority) sub;
         mConfig = mSubsystem.getConfigStore();
 
@@ -125,13 +123,13 @@ public class CertificateIssuedListener implements IRequestListener {
         String mDir = null;
 
         // figure out the reject email path: same dir as form path,
-        //		same ending as form path
+        // same ending as form path
         int ridx = mFormPath.lastIndexOf(File.separator);
 
         if (ridx == -1) {
             CMS.debug("CertificateIssuedListener: file separator: " + File.separator
-                +
-                " not found. Use default /");
+                    +
+                    " not found. Use default /");
             ridx = mFormPath.lastIndexOf("/");
             mDir = mFormPath.substring(0, ridx + 1);
         } else {
@@ -166,9 +164,10 @@ public class CertificateIssuedListener implements IRequestListener {
     }
 
     public void accept(IRequest r) {
-        CMS.debug("CertificateIssuedListener: accept " + 
-            r.getRequestId().toString());
-        if (mEnabled != true) return;
+        CMS.debug("CertificateIssuedListener: accept " +
+                r.getRequestId().toString());
+        if (mEnabled != true)
+            return;
 
         mSubject = mSubject_Success;
         mReqId = r.getRequestId();
@@ -192,15 +191,15 @@ public class CertificateIssuedListener implements IRequestListener {
                 return;
             if ((r.getExtDataInInteger(IRequest.RESULT)).equals(IRequest.RES_ERROR)) {
                 CMS.debug("CertificateIssuedListener: Request errored. " +
-                    "No need to email notify for enrollment request id " +
-                    mReqId);
+                        "No need to email notify for enrollment request id " +
+                        mReqId);
                 return;
             }
         }
         String requestType = r.getRequestType();
 
         if (requestType.equals(IRequest.ENROLLMENT_REQUEST) ||
-            requestType.equals(IRequest.RENEWAL_REQUEST)) {
+                requestType.equals(IRequest.RENEWAL_REQUEST)) {
             CMS.debug("accept() enrollment/renewal request...");
             // Get the certificate from the request
             X509CertImpl issuedCert[] = null;
@@ -224,10 +223,10 @@ public class CertificateIssuedListener implements IRequestListener {
                 try {
                     keys.set(IEmailResolverKeys.KEY_REQUEST, r);
                     keys.set(IEmailResolverKeys.KEY_CERT,
-                        issuedCert[0]);
+                            issuedCert[0]);
                 } catch (EBaseException e) {
                     log(ILogger.LL_FAILURE,
-                        CMS.getLogMessage("LISTENERS_CERT_ISSUED_SET_RESOLVER", e.toString()));
+                            CMS.getLogMessage("LISTENERS_CERT_ISSUED_SET_RESOLVER", e.toString()));
                 }
 
                 IEmailResolver er = CMS.getReqCertSANameEmailResolver();
@@ -236,30 +235,30 @@ public class CertificateIssuedListener implements IRequestListener {
                     mEmail = er.getEmail(keys);
                 } catch (ENotificationException e) {
                     log(ILogger.LL_FAILURE,
-                        CMS.getLogMessage("LISTENERS_CERT_ISSUED_EXCEPTION",
-                            e.toString()));
+                            CMS.getLogMessage("LISTENERS_CERT_ISSUED_EXCEPTION",
+                                    e.toString()));
                 } catch (EBaseException e) {
                     log(ILogger.LL_FAILURE,
-                        CMS.getLogMessage("LISTENERS_CERT_ISSUED_EXCEPTION",
-                            e.toString()));
+                            CMS.getLogMessage("LISTENERS_CERT_ISSUED_EXCEPTION",
+                                    e.toString()));
                 } catch (Exception e) {
                     log(ILogger.LL_FAILURE,
-                        CMS.getLogMessage("LISTENERS_CERT_ISSUED_EXCEPTION",
-                            e.toString()));
+                            CMS.getLogMessage("LISTENERS_CERT_ISSUED_EXCEPTION",
+                                    e.toString()));
                 }
-				
+
                 // now we can mail
                 if ((mEmail != null) && (!mEmail.equals(""))) {
                     mailIt(mEmail, issuedCert);
                 } else {
                     log(ILogger.LL_FAILURE,
-                        CMS.getLogMessage("LISTENERS_CERT_ISSUED_NOTIFY_ERROR",
-                            issuedCert[0].getSerialNumber().toString(), mReqId.toString()));
+                            CMS.getLogMessage("LISTENERS_CERT_ISSUED_NOTIFY_ERROR",
+                                    issuedCert[0].getSerialNumber().toString(), mReqId.toString()));
                     // send failure notification to "sender"
                     mSubject = "Certificate Issued notification undeliverable";
                     mailIt(mSenderEmail, issuedCert);
                 }
-            }				
+            }
         }
     }
 
@@ -282,7 +281,7 @@ public class CertificateIssuedListener implements IRequestListener {
             if (!template.init()) {
                 return;
             }
-		
+
             buildContentParams(issuedCert, mEmail);
             IEmailFormProcessor et = CMS.getEmailFormProcessor();
             String c = et.getEmailContent(template.toString(), mContentParams);
@@ -293,19 +292,19 @@ public class CertificateIssuedListener implements IRequestListener {
             mn.setContent(c);
         } else {
             log(ILogger.LL_FAILURE,
-                CMS.getLogMessage("LISTENERS_CERT_ISSUED_TEMPLATE_ERROR",
-                    issuedCert[0].getSerialNumber().toString(), mReqId.toString()));
+                    CMS.getLogMessage("LISTENERS_CERT_ISSUED_TEMPLATE_ERROR",
+                            issuedCert[0].getSerialNumber().toString(), mReqId.toString()));
 
             mn.setContent("Serial Number = " +
-                issuedCert[0].getSerialNumber() +
-                "; Request ID = " + mReqId);
+                    issuedCert[0].getSerialNumber() +
+                    "; Request ID = " + mReqId);
         }
-		
+
         try {
             mn.sendNotification();
         } catch (ENotificationException e) {
             log(ILogger.LL_FAILURE, CMS.getLogMessage("OPERATION_ERROR", e.toString()));
-			
+
         } catch (IOException e) {
             log(ILogger.LL_FAILURE, CMS.getLogMessage("OPERATION_ERROR", e.toString()));
         }
@@ -320,7 +319,7 @@ public class CertificateIssuedListener implements IRequestListener {
             keys.set(IEmailResolverKeys.KEY_REQUEST, r);
         } catch (EBaseException e) {
             log(ILogger.LL_FAILURE,
-                CMS.getLogMessage("LISTENERS_CERT_ISSUED_SET_RESOLVER", e.toString()));
+                    CMS.getLogMessage("LISTENERS_CERT_ISSUED_SET_RESOLVER", e.toString()));
         }
 
         IEmailResolver er = CMS.getReqCertSANameEmailResolver();
@@ -352,17 +351,17 @@ public class CertificateIssuedListener implements IRequestListener {
                 if (!template.init()) {
                     return;
                 }
-			
+
                 if (template.isHTML()) {
                     mn.setContentType("text/html");
                 }
 
                 // build some token data
                 mContentParams.put(IEmailFormProcessor.TOKEN_ID,
-                    mConfig.getName());
+                        mConfig.getName());
                 mReqId = r.getRequestId();
                 mContentParams.put(IEmailFormProcessor.TOKEN_REQUEST_ID,
-                    (Object) mReqId.toString());
+                        (Object) mReqId.toString());
                 IEmailFormProcessor et = CMS.getEmailFormProcessor();
                 String c = et.getEmailContent(template.toString(), mContentParams);
 
@@ -377,48 +376,48 @@ public class CertificateIssuedListener implements IRequestListener {
             } catch (ENotificationException e) {
                 // already logged, lets audit
                 log(ILogger.LL_FAILURE, CMS.getLogMessage("OPERATION_ERROR", e.toString()));
-				
+
             } catch (IOException e) {
                 log(ILogger.LL_FAILURE, CMS.getLogMessage("OPERATION_ERROR", e.toString()));
             }
         } else {
             log(ILogger.LL_FAILURE,
-                CMS.getLogMessage("LISTENERS_CERT_ISSUED_REJECTION_NOTIFICATION", mReqId.toString()));
+                    CMS.getLogMessage("LISTENERS_CERT_ISSUED_REJECTION_NOTIFICATION", mReqId.toString()));
 
         }
     }
 
     private void buildContentParams(X509CertImpl issuedCert[], String mEmail) {
         mContentParams.put(IEmailFormProcessor.TOKEN_ID,
-            mConfig.getName());
+                mConfig.getName());
         mContentParams.put(IEmailFormProcessor.TOKEN_SERIAL_NUM,
-            (Object) issuedCert[0].getSerialNumber().toString());
+                (Object) issuedCert[0].getSerialNumber().toString());
         mContentParams.put(IEmailFormProcessor.TOKEN_HEX_SERIAL_NUM,
-            (Object) Long.toHexString(issuedCert[0].getSerialNumber().longValue()));
+                (Object) Long.toHexString(issuedCert[0].getSerialNumber().longValue()));
         mContentParams.put(IEmailFormProcessor.TOKEN_REQUEST_ID,
-            (Object) mReqId.toString());
+                (Object) mReqId.toString());
         mContentParams.put(IEmailFormProcessor.TOKEN_HTTP_HOST,
-            (Object) mHttpHost);
+                (Object) mHttpHost);
         mContentParams.put(IEmailFormProcessor.TOKEN_HTTP_PORT,
-            (Object) mHttpPort);
+                (Object) mHttpPort);
         mContentParams.put(IEmailFormProcessor.TOKEN_ISSUER_DN,
-            (Object) issuedCert[0].getIssuerDN().toString());
+                (Object) issuedCert[0].getIssuerDN().toString());
         mContentParams.put(IEmailFormProcessor.TOKEN_SUBJECT_DN,
-            (Object) issuedCert[0].getSubjectDN().toString());
+                (Object) issuedCert[0].getSubjectDN().toString());
 
         Date date = (Date) issuedCert[0].getNotAfter();
 
         mContentParams.put(IEmailFormProcessor.TOKEN_NOT_AFTER,
-            mDateFormat.format(date));
+                mDateFormat.format(date));
 
         date = (Date) issuedCert[0].getNotBefore();
         mContentParams.put(IEmailFormProcessor.TOKEN_NOT_BEFORE,
-            mDateFormat.format(date));
+                mDateFormat.format(date));
 
         mContentParams.put(IEmailFormProcessor.TOKEN_SENDER_EMAIL,
-            (Object) mSenderEmail);
+                (Object) mSenderEmail);
         mContentParams.put(IEmailFormProcessor.TOKEN_RECIPIENT_EMAIL,
-            (Object) mEmail);
+                (Object) mEmail);
         // ... and more
     }
 
@@ -448,7 +447,7 @@ public class CertificateIssuedListener implements IRequestListener {
         if (mLogger == null)
             return;
         mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_OTHER,
-            level, msg);
+                level, msg);
     }
 
 }
diff --git a/pki/base/common/src/com/netscape/cms/listeners/CertificateRevokedListener.java b/pki/base/common/src/com/netscape/cms/listeners/CertificateRevokedListener.java
index ca62af5f..a67c1c92 100644
--- a/pki/base/common/src/com/netscape/cms/listeners/CertificateRevokedListener.java
+++ b/pki/base/common/src/com/netscape/cms/listeners/CertificateRevokedListener.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.listeners;
 
-
 import java.io.File;
 import java.io.IOException;
 import java.security.cert.X509Certificate;
@@ -47,12 +46,11 @@ import com.netscape.certsrv.request.IRequest;
 import com.netscape.certsrv.request.IRequestListener;
 import com.netscape.certsrv.request.RequestId;
 
-
 /**
  * a listener for every completed enrollment request
  * <p>
- * Here is a list of available $TOKENs for email notification
- templates if certificate is successfully issued:
+ * Here is a list of available $TOKENs for email notification templates if
+ * certificate is successfully issued:
  * <UL>
  * <LI>$InstanceID
  * <LI>$SerialNumber
@@ -68,13 +66,13 @@ import com.netscape.certsrv.request.RequestId;
  * <LI>$RecipientEmail
  * </UL>
  * <p>
- * Here is a list of available $TOKENs for email notification
- templates if certificate request is revoked:
+ * Here is a list of available $TOKENs for email notification templates if
+ * certificate request is revoked:
  * <UL>
  * <LI>$RequestId
  * <LI>$InstanceID
  * </UL>
- *
+ * 
  * @version $Revision$, $Date$
  */
 public class CertificateRevokedListener implements IRequestListener {
@@ -109,7 +107,7 @@ public class CertificateRevokedListener implements IRequestListener {
     }
 
     public void init(ISubsystem sub, IConfigStore config)
-        throws EListenersException, EPropertyNotFound, EBaseException {
+            throws EListenersException, EPropertyNotFound, EBaseException {
         mSubsystem = (ICertAuthority) sub;
         mConfig = mSubsystem.getConfigStore();
 
@@ -127,13 +125,13 @@ public class CertificateRevokedListener implements IRequestListener {
         String mDir = null;
 
         // figure out the reject email path: same dir as form path,
-        //		same ending as form path
+        // same ending as form path
         int ridx = mFormPath.lastIndexOf(File.separator);
 
         if (ridx == -1) {
             CMS.debug("CertificateRevokedListener: file separator: " + File.separator
-                +
-                " not found. Use default /");
+                    +
+                    " not found. Use default /");
             ridx = mFormPath.lastIndexOf("/");
             mDir = mFormPath.substring(0, ridx + 1);
         } else {
@@ -168,7 +166,8 @@ public class CertificateRevokedListener implements IRequestListener {
     }
 
     public void accept(IRequest r) {
-        if (mEnabled != true) return;
+        if (mEnabled != true)
+            return;
 
         mSubject = mSubject_Success;
         mReqId = r.getRequestId();
@@ -180,7 +179,7 @@ public class CertificateRevokedListener implements IRequestListener {
             return;
         if (rs.equals("complete") == false) {
             CMS.debug("CertificateRevokedListener: Request status: " + rs);
-            //revoked(r);
+            // revoked(r);
             return;
         }
 
@@ -190,18 +189,18 @@ public class CertificateRevokedListener implements IRequestListener {
 
         if ((r.getExtDataInInteger(IRequest.RESULT)).equals(IRequest.RES_ERROR)) {
             CMS.debug("CertificateRevokedListener: Request errored. " +
-                "No need to email notify for enrollment request id " +
-                mReqId);
+                    "No need to email notify for enrollment request id " +
+                    mReqId);
             return;
         }
-     
+
         if (requestType.equals(IRequest.REVOCATION_REQUEST)) {
             CMS.debug("CertificateRevokedListener: accept() revocation request...");
             // Get the certificate from the request
-            //X509CertImpl issuedCert[] =
-            //    (X509CertImpl[])
+            // X509CertImpl issuedCert[] =
+            // (X509CertImpl[])
             RevokedCertImpl crlentries[] =
-                r.getExtDataInRevokedCertArray(IRequest.CERT_INFO);
+                    r.getExtDataInRevokedCertArray(IRequest.CERT_INFO);
 
             if (crlentries != null) {
                 CMS.debug("CertificateRevokedListener: Sending email notification..");
@@ -213,10 +212,10 @@ public class CertificateRevokedListener implements IRequestListener {
                 try {
                     keys.set(IEmailResolverKeys.KEY_REQUEST, r);
                     keys.set(IEmailResolverKeys.KEY_CERT,
-                        crlentries[0]);
+                            crlentries[0]);
                 } catch (EBaseException e) {
                     log(ILogger.LL_FAILURE,
-                        CMS.getLogMessage("LISTENERS_CERT_ISSUED_SET_RESOLVER", e.toString()));
+                            CMS.getLogMessage("LISTENERS_CERT_ISSUED_SET_RESOLVER", e.toString()));
                 }
 
                 IEmailResolver er = CMS.getReqCertSANameEmailResolver();
@@ -225,30 +224,30 @@ public class CertificateRevokedListener implements IRequestListener {
                     mEmail = er.getEmail(keys);
                 } catch (ENotificationException e) {
                     log(ILogger.LL_FAILURE,
-                        CMS.getLogMessage("LISTENERS_CERT_ISSUED_EXCEPTION",
-                            e.toString()));
+                            CMS.getLogMessage("LISTENERS_CERT_ISSUED_EXCEPTION",
+                                    e.toString()));
                 } catch (EBaseException e) {
                     log(ILogger.LL_FAILURE,
-                        CMS.getLogMessage("LISTENERS_CERT_ISSUED_EXCEPTION",
-                            e.toString()));
+                            CMS.getLogMessage("LISTENERS_CERT_ISSUED_EXCEPTION",
+                                    e.toString()));
                 } catch (Exception e) {
                     log(ILogger.LL_FAILURE,
-                        CMS.getLogMessage("LISTENERS_CERT_ISSUED_EXCEPTION",
-                            e.toString()));
+                            CMS.getLogMessage("LISTENERS_CERT_ISSUED_EXCEPTION",
+                                    e.toString()));
                 }
-				
+
                 // now we can mail
                 if ((mEmail != null) && (!mEmail.equals(""))) {
                     mailIt(mEmail, crlentries);
                 } else {
                     log(ILogger.LL_FAILURE,
-                        CMS.getLogMessage("LISTENERS_CERT_ISSUED_NOTIFY_ERROR",
-                            crlentries[0].getSerialNumber().toString(), mReqId.toString()));
+                            CMS.getLogMessage("LISTENERS_CERT_ISSUED_NOTIFY_ERROR",
+                                    crlentries[0].getSerialNumber().toString(), mReqId.toString()));
                     // send failure notification to "sender"
                     mSubject = "Certificate Issued notification undeliverable";
                     mailIt(mSenderEmail, crlentries);
                 }
-            }				
+            }
         }
     }
 
@@ -271,7 +270,7 @@ public class CertificateRevokedListener implements IRequestListener {
             if (!template.init()) {
                 return;
             }
-		
+
             buildContentParams(crlentries, mEmail);
             IEmailFormProcessor et = CMS.getEmailFormProcessor();
             String c = et.getEmailContent(template.toString(), mContentParams);
@@ -282,19 +281,19 @@ public class CertificateRevokedListener implements IRequestListener {
             mn.setContent(c);
         } else {
             log(ILogger.LL_FAILURE,
-                CMS.getLogMessage("LISTENERS_CERT_ISSUED_TEMPLATE_ERROR",
-                    crlentries[0].getSerialNumber().toString(), mReqId.toString()));
+                    CMS.getLogMessage("LISTENERS_CERT_ISSUED_TEMPLATE_ERROR",
+                            crlentries[0].getSerialNumber().toString(), mReqId.toString()));
 
             mn.setContent("Serial Number = " +
-                crlentries[0].getSerialNumber() +
-                "; Request ID = " + mReqId);
+                    crlentries[0].getSerialNumber() +
+                    "; Request ID = " + mReqId);
         }
-		
+
         try {
             mn.sendNotification();
         } catch (ENotificationException e) {
             log(ILogger.LL_FAILURE, CMS.getLogMessage("OPERATION_ERROR", e.toString()));
-			
+
         } catch (IOException e) {
             log(ILogger.LL_FAILURE, CMS.getLogMessage("OPERATION_ERROR", e.toString()));
         }
@@ -302,18 +301,18 @@ public class CertificateRevokedListener implements IRequestListener {
 
     private void buildContentParams(RevokedCertImpl crlentries[], String mEmail) {
         mContentParams.put(IEmailFormProcessor.TOKEN_ID,
-            mConfig.getName());
+                mConfig.getName());
         mContentParams.put(IEmailFormProcessor.TOKEN_SERIAL_NUM,
-            (Object) crlentries[0].getSerialNumber().toString());
+                (Object) crlentries[0].getSerialNumber().toString());
         mContentParams.put(IEmailFormProcessor.TOKEN_HEX_SERIAL_NUM,
-            (Object) Long.toHexString(crlentries[0].getSerialNumber().longValue()));
+                (Object) Long.toHexString(crlentries[0].getSerialNumber().longValue()));
         mContentParams.put(IEmailFormProcessor.TOKEN_REQUEST_ID,
-            (Object) mReqId.toString());
+                (Object) mReqId.toString());
         mContentParams.put(IEmailFormProcessor.TOKEN_HTTP_HOST,
-            (Object) mHttpHost);
+                (Object) mHttpHost);
         mContentParams.put(IEmailFormProcessor.TOKEN_HTTP_PORT,
-            (Object) mHttpPort);
-        
+                (Object) mHttpPort);
+
         try {
             RevokedCertImpl revCert = (RevokedCertImpl) crlentries[0];
             ICertificateAuthority ca = (ICertificateAuthority) CMS.getSubsystem(CMS.SUBSYSTEM_CA);
@@ -321,22 +320,22 @@ public class CertificateRevokedListener implements IRequestListener {
             X509Certificate cert = certDB.getX509Certificate(revCert.getSerialNumber());
 
             mContentParams.put(IEmailFormProcessor.TOKEN_ISSUER_DN,
-                (Object) cert.getIssuerDN().toString());
+                    (Object) cert.getIssuerDN().toString());
             mContentParams.put(IEmailFormProcessor.TOKEN_SUBJECT_DN,
-                (Object) cert.getSubjectDN().toString());
+                    (Object) cert.getSubjectDN().toString());
             Date date = (Date) crlentries[0].getRevocationDate();
-            
+
             mContentParams.put(IEmailFormProcessor.TOKEN_REVOCATION_DATE,
-                mDateFormat.format(date));
+                    mDateFormat.format(date));
         } catch (EBaseException e) {
             log(ILogger.LL_FAILURE,
-                CMS.getLogMessage("LISTENERS_CERT_ISSUED_SET_RESOLVER", e.toString()));
+                    CMS.getLogMessage("LISTENERS_CERT_ISSUED_SET_RESOLVER", e.toString()));
         }
 
         mContentParams.put(IEmailFormProcessor.TOKEN_SENDER_EMAIL,
-            (Object) mSenderEmail);
+                (Object) mSenderEmail);
         mContentParams.put(IEmailFormProcessor.TOKEN_RECIPIENT_EMAIL,
-            (Object) mEmail);
+                (Object) mEmail);
         // ... and more
     }
 
@@ -366,7 +365,7 @@ public class CertificateRevokedListener implements IRequestListener {
         if (mLogger == null)
             return;
         mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_OTHER,
-            level, msg);
+                level, msg);
     }
 
 }
diff --git a/pki/base/common/src/com/netscape/cms/listeners/PinRemovalListener.java b/pki/base/common/src/com/netscape/cms/listeners/PinRemovalListener.java
index 2f02774d..c71b9c60 100644
--- a/pki/base/common/src/com/netscape/cms/listeners/PinRemovalListener.java
+++ b/pki/base/common/src/com/netscape/cms/listeners/PinRemovalListener.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.listeners;
 
-
 import java.util.Hashtable;
 
 import netscape.ldap.LDAPAttribute;
@@ -39,10 +38,9 @@ import com.netscape.certsrv.request.IRequest;
 import com.netscape.certsrv.request.IRequestListener;
 import com.netscape.certsrv.request.RequestId;
 
-
 /**
  * This represnets a listener that removes pin from LDAP directory.
- *
+ * 
  * @version $Revision$, $Date$
  */
 public class PinRemovalListener implements IRequestListener {
@@ -87,18 +85,18 @@ public class PinRemovalListener implements IRequestListener {
 
     protected String[] configParams = { "a" };
 
-    public String[] getConfigParams() 
-        throws EBaseException {
+    public String[] getConfigParams()
+            throws EBaseException {
 
         return configParams;
     }
 
     public void init(ISubsystem sub, IConfigStore config) throws EBaseException {
-	init(null, null, config);
+        init(null, null, config);
     }
 
     public void init(String name, String ImplName, IConfigStore config)
-        throws EBaseException {
+            throws EBaseException {
         mName = name;
         mImplName = ImplName;
         mConfig = config;
@@ -115,7 +113,8 @@ public class PinRemovalListener implements IRequestListener {
     }
 
     public void accept(IRequest r) {
-        if (mEnabled != true) return;
+        if (mEnabled != true)
+            return;
 
         mReqId = r.getRequestId();
 
@@ -129,7 +128,7 @@ public class PinRemovalListener implements IRequestListener {
         String requestType = r.getRequestType();
 
         if (requestType.equals(IRequest.ENROLLMENT_REQUEST) ||
-            requestType.equals(IRequest.RENEWAL_REQUEST)) {
+                requestType.equals(IRequest.RENEWAL_REQUEST)) {
 
             String uid = r.getExtDataInString(
                     IRequest.HTTP_PARAMS, "uid");
@@ -144,21 +143,21 @@ public class PinRemovalListener implements IRequestListener {
             try {
                 LDAPSearchResults res = mRemovePinLdapConnection.search(mBaseDN,
                         LDAPv2.SCOPE_SUB, "(uid=" + uid + ")", null, false);
-			
+
                 if (!res.hasMoreElements()) {
                     log(ILogger.LL_SECURITY, "uid " + uid + " does not exist in the ldap " +
-                        " server. Could not remove pin");
+                            " server. Could not remove pin");
                     return;
                 }
 
                 LDAPEntry entry = (LDAPEntry) res.nextElement();
 
                 userdn = entry.getDN();
-	
+
                 mRemovePinLdapConnection.modify(userdn,
-                    new LDAPModification(
-                        LDAPModification.DELETE,
-                        new LDAPAttribute(mPinAttr)));
+                        new LDAPModification(
+                                LDAPModification.DELETE,
+                                new LDAPAttribute(mPinAttr)));
 
                 log(ILogger.LL_INFO, "Removed pin for user \"" + userdn + "\"");
 
@@ -173,10 +172,9 @@ public class PinRemovalListener implements IRequestListener {
         if (mLogger == null)
             return;
         mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_OTHER,
-            level, "PinRemovalListener: " + msg);
+                level, "PinRemovalListener: " + msg);
     }
 
     public void set(String name, String val) {
     }
 }
-
diff --git a/pki/base/common/src/com/netscape/cms/listeners/RequestInQListener.java b/pki/base/common/src/com/netscape/cms/listeners/RequestInQListener.java
index f5810a46..18887f88 100644
--- a/pki/base/common/src/com/netscape/cms/listeners/RequestInQListener.java
+++ b/pki/base/common/src/com/netscape/cms/listeners/RequestInQListener.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.listeners;
 
-
 import java.io.IOException;
 import java.util.Hashtable;
 
@@ -39,7 +38,6 @@ import com.netscape.certsrv.request.RequestId;
 import com.netscape.cms.profile.input.SubjectNameInput;
 import com.netscape.cms.profile.input.SubmitterInfoInput;
 
-
 /**
  * a listener for every request gets into the request queue.
  * <p>
@@ -54,7 +52,7 @@ import com.netscape.cms.profile.input.SubmitterInfoInput;
  * <LI>$SenderEmail
  * <LI>$RecipientEmail
  * </UL>
- *
+ * 
  */
 public class RequestInQListener implements IRequestListener {
     protected static final String PROP_ENABLED = "enabled";
@@ -89,8 +87,8 @@ public class RequestInQListener implements IRequestListener {
      * initializes the listener from the configuration
      */
     public void init(ISubsystem sub, IConfigStore config)
-        throws EListenersException, EPropertyNotFound, EBaseException {
-		
+            throws EListenersException, EPropertyNotFound, EBaseException {
+
         mSubsystem = (ICertAuthority) sub;
         mConfig = mSubsystem.getConfigStore();
 
@@ -118,32 +116,34 @@ public class RequestInQListener implements IRequestListener {
         // make available http host and port for forming url in templates
         mHttpHost = CMS.getAgentHost();
         mAgentPort = CMS.getAgentPort();
-        if (mAgentPort == null) 
+        if (mAgentPort == null)
             log(ILogger.LL_FAILURE, CMS.getLogMessage("LISTENERS_REQUEST_PORT_NOT_FOUND"));
         else
             CMS.debug("RequestInQuListener: agentport = " + mAgentPort);
 
-            // register for this event listener
+        // register for this event listener
         mSubsystem.registerPendingListener(this);
     }
 
     /**
      * carries out the operation when the listener is triggered.
+     * 
      * @param r IRequest structure holding the request information
      * @see com.netscape.certsrv.request.IRequest
      */
     public void accept(IRequest r) {
 
-        if (mEnabled != true) return;
+        if (mEnabled != true)
+            return;
 
-            // regardless of type of request...notify for everything
-            // no need for email resolver here...
+        // regardless of type of request...notify for everything
+        // no need for email resolver here...
         IMailNotification mn = CMS.getMailNotification();
 
         mn.setFrom(mSenderEmail);
         mn.setTo(mRecipientEmail);
         mn.setSubject(mEmailSubject + " (request id: " +
-            r.getRequestId() + ")");
+                r.getRequestId() + ")");
 
         /*
          * get form file from disk
@@ -158,7 +158,7 @@ public class RequestInQListener implements IRequestListener {
                 log(ILogger.LL_FAILURE, CMS.getLogMessage("LISTENERS_TEMPLATE_NOT_INIT"));
                 return;
             }
-		
+
             buildContentParams(r);
             IEmailFormProcessor et = CMS.getEmailFormProcessor();
             String c = et.getEmailContent(template.toString(), mContentParams);
@@ -169,8 +169,8 @@ public class RequestInQListener implements IRequestListener {
             mn.setContent(c);
         } else {
             // log and mail
-            log(ILogger.LL_FAILURE, 
-                CMS.getLogMessage("LISTENERS_TEMPLATE_NOT_GET"));
+            log(ILogger.LL_FAILURE,
+                    CMS.getLogMessage("LISTENERS_TEMPLATE_NOT_GET"));
             mn.setContent("Template not retrievable for Request in Queue notification");
         }
 
@@ -179,78 +179,80 @@ public class RequestInQListener implements IRequestListener {
         } catch (ENotificationException e) {
             // already logged, lets audit
             mLogger.log(ILogger.EV_AUDIT, null,
-                ILogger.S_OTHER,
-                ILogger.LL_FAILURE, CMS.getLogMessage("OPERATION_ERROR", e.toString()));
-			
+                    ILogger.S_OTHER,
+                    ILogger.LL_FAILURE, CMS.getLogMessage("OPERATION_ERROR", e.toString()));
+
             mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER,
-                ILogger.LL_FAILURE,
-                CMS.getLogMessage("LISTENERS_SEND_FAILED", e.toString()));
+                    ILogger.LL_FAILURE,
+                    CMS.getLogMessage("LISTENERS_SEND_FAILED", e.toString()));
 
         } catch (IOException e) {
             log(ILogger.LL_FAILURE,
-                CMS.getLogMessage("LISTENERS_SEND_FAILED", e.toString()));
+                    CMS.getLogMessage("LISTENERS_SEND_FAILED", e.toString()));
         }
     }
 
     private void buildContentParams(IRequest r) {
         mContentParams.clear();
         mContentParams.put(IEmailFormProcessor.TOKEN_ID,
-            mConfig.getName());
+                mConfig.getName());
         Object val = null;
 
         String profileId = r.getExtDataInString("profileId");
 
         if (profileId == null) {
-          val = r.getExtDataInString(IRequest.HTTP_PARAMS, "csrRequestorEmail");
+            val = r.getExtDataInString(IRequest.HTTP_PARAMS, "csrRequestorEmail");
         } else {
-          // use the submitter info if available, otherwise, use the 
-          // subject name input email 
-          val = r.getExtDataInString(SubmitterInfoInput.EMAIL);
+            // use the submitter info if available, otherwise, use the
+            // subject name input email
+            val = r.getExtDataInString(SubmitterInfoInput.EMAIL);
 
-          if ((val == null) || (((String) val).compareTo("") == 0)) {
-              val = r.getExtDataInString(SubjectNameInput.VAL_EMAIL);
-          }
+            if ((val == null) || (((String) val).compareTo("") == 0)) {
+                val = r.getExtDataInString(SubjectNameInput.VAL_EMAIL);
+            }
         }
         if (val != null)
             mContentParams.put(IEmailFormProcessor.TOKEN_REQUESTOR_EMAIL,
-                val);
+                    val);
 
         if (profileId == null) {
-          val = r.getExtDataInString(IRequest.HTTP_PARAMS, IRequest.CERT_TYPE);
+            val = r.getExtDataInString(IRequest.HTTP_PARAMS, IRequest.CERT_TYPE);
         } else {
-          val = profileId;
+            val = profileId;
         }
         if (val != null) {
             mContentParams.put(IEmailFormProcessor.TOKEN_CERT_TYPE,
-                val);
+                    val);
         }
 
         RequestId reqId = r.getRequestId();
 
         mContentParams.put(IEmailFormProcessor.TOKEN_REQUEST_ID,
-            (Object) reqId.toString());
+                (Object) reqId.toString());
 
         mContentParams.put(IEmailFormProcessor.TOKEN_ID, mId);
 
         val = r.getRequestType();
         if (val != null)
             mContentParams.put(IEmailFormProcessor.TOKEN_REQUEST_TYPE,
-                val);
+                    val);
 
         mContentParams.put(IEmailFormProcessor.TOKEN_HTTP_HOST,
-            (Object) mHttpHost);
+                (Object) mHttpHost);
         mContentParams.put(IEmailFormProcessor.TOKEN_HTTP_PORT,
-            (Object) mAgentPort);
+                (Object) mAgentPort);
 
         mContentParams.put(IEmailFormProcessor.TOKEN_SENDER_EMAIL,
-            (Object) mSenderEmail);
+                (Object) mSenderEmail);
         mContentParams.put(IEmailFormProcessor.TOKEN_RECIPIENT_EMAIL,
-            (Object) mRecipientEmail);
+                (Object) mRecipientEmail);
     }
 
     /**
      * sets the configurable parameters
-     * @param name a String represents the name of the configuration parameter to be set
+     * 
+     * @param name a String represents the name of the configuration parameter
+     *            to be set
      * @param val a String containing the value to be set for name
      */
     public void set(String name, String val) {
@@ -277,7 +279,6 @@ public class RequestInQListener implements IRequestListener {
         if (mLogger == null)
             return;
         mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_OTHER,
-            level, msg);
+                level, msg);
     }
 }
-
diff --git a/pki/base/common/src/com/netscape/cms/logging/LogEntry.java b/pki/base/common/src/com/netscape/cms/logging/LogEntry.java
index 4ab9f281..b95f2687 100644
--- a/pki/base/common/src/com/netscape/cms/logging/LogEntry.java
+++ b/pki/base/common/src/com/netscape/cms/logging/LogEntry.java
@@ -17,17 +17,15 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.logging;
 
-
 import java.text.DateFormat;
 import java.text.ParseException;
 import java.text.SimpleDateFormat;
 import java.util.Date;
 import java.util.Vector;
 
-
 /**
  * A log entry of LogFile
- *
+ * 
  * @version $Revision$, $Date$
  */
 public class LogEntry {
@@ -43,7 +41,7 @@ public class LogEntry {
 
     /**
      * Constructor for a LogEntry.
-     *
+     * 
      */
     public LogEntry(String entry) throws ParseException {
         mEntry = entry;
@@ -52,10 +50,10 @@ public class LogEntry {
 
     /**
      * parse a log entry
-     *
+     * 
      * return a vector of the segments of the entry
      */
-     
+
     public Vector parse() throws ParseException {
         int x = mEntry.indexOf("[");
 
@@ -96,7 +94,8 @@ public class LogEntry {
         row.addElement(mTime);
         row.addElement(mDetail);
 
-        //System.out.println(mSource +"," + mLevel +","+ mDate+","+mTime+","+mDetail);
+        // System.out.println(mSource +"," + mLevel +","+
+        // mDate+","+mTime+","+mDetail);
         return row;
 
     }
diff --git a/pki/base/common/src/com/netscape/cms/logging/LogFile.java b/pki/base/common/src/com/netscape/cms/logging/LogFile.java
index c2dd7b33..1e4bdc6c 100644
--- a/pki/base/common/src/com/netscape/cms/logging/LogFile.java
+++ b/pki/base/common/src/com/netscape/cms/logging/LogFile.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.logging;
 
-
 import java.io.BufferedReader;
 import java.io.BufferedWriter;
 import java.io.ByteArrayOutputStream;
@@ -81,7 +80,7 @@ import com.netscape.cmsutil.util.Utils;
 
 /**
  * A log event listener which write logs to log files
- *
+ * 
  * @version $Revision$, $Date$
  **/
 public class LogFile implements ILogEventListener, IExtendedPluginInfo {
@@ -108,7 +107,7 @@ public class LogFile implements ILogEventListener, IExtendedPluginInfo {
     private final static String LOG_SIGNED_AUDIT_EXCEPTION =
                                "LOG_SIGNED_AUDIT_EXCEPTION_1";
 
-    protected ILogger mSignedAuditLogger  = CMS.getSignedAuditLogger();
+    protected ILogger mSignedAuditLogger = CMS.getSignedAuditLogger();
     protected IConfigStore mConfig = null;
 
     /**
@@ -116,7 +115,7 @@ public class LogFile implements ILogEventListener, IExtendedPluginInfo {
      */
     static final String DATE_PATTERN = "yyyyMMddHHmmss";
 
-    //It may be interesting to make this flexable someday....
+    // It may be interesting to make this flexable someday....
     protected SimpleDateFormat mLogFileDateFormat = new SimpleDateFormat(DATE_PATTERN);
 
     /**
@@ -152,7 +151,7 @@ public class LogFile implements ILogEventListener, IExtendedPluginInfo {
     /**
      * The log date entry format
      */
-    protected    SimpleDateFormat mLogDateFormat = new SimpleDateFormat(mDatePattern);
+    protected SimpleDateFormat mLogDateFormat = new SimpleDateFormat(mDatePattern);
 
     /**
      * The date object used for log entries
@@ -228,20 +227,20 @@ public class LogFile implements ILogEventListener, IExtendedPluginInfo {
     static final String CRYPTO_PROVIDER = "Mozilla-JSS";
 
     /**
-     * The log level threshold
-     * Only logs with level greater or equal than this value will be written
+     * The log level threshold Only logs with level greater or equal than this
+     * value will be written
      */
     protected long mLevel = 1;
 
     /**
      * Constructor for a LogFile.
-     *
+     * 
      */
     public LogFile() {
     }
 
-    public void init(ISubsystem owner, IConfigStore config) 
-        throws EBaseException {
+    public void init(ISubsystem owner, IConfigStore config)
+            throws EBaseException {
         mConfig = config;
 
         try {
@@ -263,7 +262,7 @@ public class LogFile implements ILogEventListener, IExtendedPluginInfo {
             try {
                 mSAuditCertNickName = config.getString(
                                           PROP_SIGNED_AUDIT_CERT_NICKNAME);
-                CMS.debug("LogFile: init(): audit log signing enabled. signedAuditCertNickname="+ mSAuditCertNickName);
+                CMS.debug("LogFile: init(): audit log signing enabled. signedAuditCertNickname=" + mSAuditCertNickName);
             } catch (EBaseException e) {
                 throw new ELogException(CMS.getUserMessage("CMS_BASE_GET_PROPERTY_FAILED",
                         config.getName() + "."
@@ -272,9 +271,9 @@ public class LogFile implements ILogEventListener, IExtendedPluginInfo {
             if (mSAuditCertNickName == null ||
                     mSAuditCertNickName.trim().equals("")) {
                 throw new ELogException(CMS.getUserMessage(
-                    "CMS_BASE_GET_PROPERTY_FAILED",
-                    config.getName() + "."
-                    + PROP_SIGNED_AUDIT_CERT_NICKNAME));
+                        "CMS_BASE_GET_PROPERTY_FAILED",
+                        config.getName() + "."
+                                + PROP_SIGNED_AUDIT_CERT_NICKNAME));
             }
         }
 
@@ -309,13 +308,14 @@ public class LogFile implements ILogEventListener, IExtendedPluginInfo {
             String eventId = tokens.nextToken().trim();
 
             theVector.addElement(eventId);
-            CMS.debug("LogFile: log event type selected: "+eventId);
+            CMS.debug("LogFile: log event type selected: " + eventId);
         }
         return theVector;
     }
 
     /**
      * add the event to the selected events list
+     * 
      * @param event to be selected
      */
     public void selectEvent(String event) {
@@ -325,6 +325,7 @@ public class LogFile implements ILogEventListener, IExtendedPluginInfo {
 
     /**
      * remove the event from the selected events list
+     * 
      * @param event to be de-selected
      */
     public void deselectEvent(String event) {
@@ -334,6 +335,7 @@ public class LogFile implements ILogEventListener, IExtendedPluginInfo {
 
     /**
      * replace the selected events list
+     * 
      * @param events comma-separated event list
      */
     public void replaceEvents(String events) {
@@ -348,9 +350,9 @@ public class LogFile implements ILogEventListener, IExtendedPluginInfo {
         ByteArrayOutputStream output = new ByteArrayOutputStream();
         Base64OutputStream b64 = new Base64OutputStream(new
                 PrintStream(new
-                    FilterOutputStream(output)
+                        FilterOutputStream(output)
                 )
-            );
+                );
 
         b64.write(bytes);
         b64.flush();
@@ -363,7 +365,7 @@ public class LogFile implements ILogEventListener, IExtendedPluginInfo {
     private static boolean mInSignedAuditLogFailureMode = false;
 
     private static synchronized void shutdownCMS() {
-        if( mInSignedAuditLogFailureMode == false ) {
+        if (mInSignedAuditLogFailureMode == false) {
 
             // Set signed audit log failure mode true
             // No, this isn't a race condition, because the method is
@@ -371,7 +373,7 @@ public class LogFile implements ILogEventListener, IExtendedPluginInfo {
             mInSignedAuditLogFailureMode = true;
 
             // Block all new incoming requests
-            if( CMS.areRequestsDisabled() == false ) {
+            if (CMS.areRequestsDisabled() == false) {
                 // XXX is this a race condition?
                 CMS.disableRequests();
             }
@@ -389,7 +391,7 @@ public class LogFile implements ILogEventListener, IExtendedPluginInfo {
 
     /**
      * Initialize and open the log using the parameters from a config store
-     *
+     * 
      * @param config The property config store to find values in
      */
     public void init(IConfigStore config) throws IOException,
@@ -445,51 +447,51 @@ public class LogFile implements ILogEventListener, IExtendedPluginInfo {
             // retrieve the subsystem
             String subsystem = "";
 
-            ISubsystem caSubsystem = CMS.getSubsystem( "ca" );
-            if( caSubsystem != null ) {
+            ISubsystem caSubsystem = CMS.getSubsystem("ca");
+            if (caSubsystem != null) {
                 subsystem = "ca";
             }
 
-            ISubsystem raSubsystem = CMS.getSubsystem( "ra" );
-            if( raSubsystem != null ) {
+            ISubsystem raSubsystem = CMS.getSubsystem("ra");
+            if (raSubsystem != null) {
                 subsystem = "ra";
             }
 
-            ISubsystem kraSubsystem = CMS.getSubsystem( "kra" );
-            if( kraSubsystem != null ) {
+            ISubsystem kraSubsystem = CMS.getSubsystem("kra");
+            if (kraSubsystem != null) {
                 subsystem = "kra";
             }
 
-            ISubsystem ocspSubsystem = CMS.getSubsystem( "ocsp" );
-            if( ocspSubsystem != null ) {
+            ISubsystem ocspSubsystem = CMS.getSubsystem("ocsp");
+            if (ocspSubsystem != null) {
                 subsystem = "ocsp";
             }
 
             // retrieve the instance name
             String instIDPath = CMS.getInstanceDir();
-            int index = instIDPath.lastIndexOf( "/" );
-            String instID = instIDPath.substring( index + 1 );
+            int index = instIDPath.lastIndexOf("/");
+            String instID = instIDPath.substring(index + 1);
 
             // build the default signedAudit file name
             signedAuditDefaultFileName = subsystem + "_"
                                        + instID + "_" + "audit";
 
-        } catch( Exception e2 ) {
+        } catch (Exception e2) {
             throw new ELogException(
-                          CMS.getUserMessage( "CMS_BASE_GET_PROPERTY_FAILED",
+                          CMS.getUserMessage("CMS_BASE_GET_PROPERTY_FAILED",
                                               config.getName() + "." +
-                                              PROP_FILE_NAME ) );
+                                                      PROP_FILE_NAME));
         }
 
         // the default value is determined by the eventType.
         if (mType.equals(ILogger.PROP_SIGNED_AUDIT)) {
             defaultFileName = "logs/signedAudit/" + signedAuditDefaultFileName;
-        }else if (mType.equals(ILogger.PROP_SYSTEM)) {
+        } else if (mType.equals(ILogger.PROP_SYSTEM)) {
             defaultFileName = "logs/system";
-        }else if (mType.equals(ILogger.PROP_AUDIT)) {
+        } else if (mType.equals(ILogger.PROP_AUDIT)) {
             defaultFileName = "logs/transactions";
-        }else {
-            //wont get here
+        } else {
+            // wont get here
             throw new ELogException(CMS.getUserMessage("CMS_LOG_INVALID_LOG_TYPE",
                     config.getName()));
         }
@@ -502,29 +504,29 @@ public class LogFile implements ILogEventListener, IExtendedPluginInfo {
         }
 
         if (mOn) {
-          init(fileName, config.getInteger(PROP_BUFFER_SIZE, BUFFER_SIZE),
-            config.getInteger(PROP_FLUSH_INTERVAL, FLUSH_INTERVAL));
+            init(fileName, config.getInteger(PROP_BUFFER_SIZE, BUFFER_SIZE),
+                    config.getInteger(PROP_FLUSH_INTERVAL, FLUSH_INTERVAL));
         }
     }
 
     /**
      * Initialize and open the log
-     *
-     * @param    bufferSize   The buffer size for the output stream in bytes
-     * @param    flushInterval   The interval in seconds to flush the log
+     * 
+     * @param bufferSize The buffer size for the output stream in bytes
+     * @param flushInterval The interval in seconds to flush the log
      */
-    public void init(String fileName, int bufferSize, int flushInterval) throws IOException,ELogException {
+    public void init(String fileName, int bufferSize, int flushInterval) throws IOException, ELogException {
 
         if (fileName == null)
             throw new ELogException(CMS.getUserMessage("CMS_LOG_INVALID_FILE_NAME", "null"));
 
-            //If we want to reuse the old log files
-            //mFileName = fileName + "." + mLogFileDateFormat.format(mDate);
+        // If we want to reuse the old log files
+        // mFileName = fileName + "." + mLogFileDateFormat.format(mDate);
         mFileName = fileName;
-        if( !Utils.isNT() ) {
+        if (!Utils.isNT()) {
             // Always insure that a physical file exists!
-            Utils.exec( "touch " + mFileName );
-            Utils.exec( "chmod 00640 " + mFileName );
+            Utils.exec("touch " + mFileName);
+            Utils.exec("chmod 00640 " + mFileName);
         }
         mFile = new File(mFileName);
         mBufferSize = bufferSize;
@@ -540,25 +542,25 @@ public class LogFile implements ILogEventListener, IExtendedPluginInfo {
 
             Provider[] providers = java.security.Security.getProviders();
             int ps = providers.length;
-            for (int i = 0; i<ps; i++) {
-                CMS.debug("LogFile: provider "+i+"= "+providers[i].getName());
+            for (int i = 0; i < ps; i++) {
+                CMS.debug("LogFile: provider " + i + "= " + providers[i].getName());
             }
 
             CryptoManager cm = CryptoManager.getInstance();
 
             // find CertServer's private key
-            X509Certificate cert = cm.findCertByNickname( mSAuditCertNickName );
+            X509Certificate cert = cm.findCertByNickname(mSAuditCertNickName);
             if (cert != null) {
-                CMS.debug("LogFile: setupSignig(): found cert:"+mSAuditCertNickName);
+                CMS.debug("LogFile: setupSignig(): found cert:" + mSAuditCertNickName);
             } else {
-                CMS.debug("LogFile: setupSignig(): cert not found:"+mSAuditCertNickName);
+                CMS.debug("LogFile: setupSignig(): cert not found:" + mSAuditCertNickName);
             }
             mSigningKey = cm.findPrivKeyByCert(cert);
 
             String sigAlgorithm;
-            if( mSigningKey instanceof RSAPrivateKey ) {
+            if (mSigningKey instanceof RSAPrivateKey) {
                 sigAlgorithm = "SHA-256/RSA";
-            } else if( mSigningKey instanceof DSAPrivateKey ) {
+            } else if (mSigningKey instanceof DSAPrivateKey) {
                 sigAlgorithm = "SHA-256/DSA";
             } else {
                 throw new NoSuchAlgorithmException("Unknown private key type");
@@ -567,11 +569,11 @@ public class LogFile implements ILogEventListener, IExtendedPluginInfo {
             CryptoToken savedToken = cm.getThreadToken();
             try {
                 CryptoToken keyToken =
-                    ((org.mozilla.jss.pkcs11.PK11PrivKey)mSigningKey)
-                            .getOwningToken();
+                        ((org.mozilla.jss.pkcs11.PK11PrivKey) mSigningKey)
+                                .getOwningToken();
                 cm.setThreadToken(keyToken);
                 mSignature = java.security.Signature.getInstance(sigAlgorithm,
-                    CRYPTO_PROVIDER);
+                        CRYPTO_PROVIDER);
             } finally {
                 cm.setThreadToken(savedToken);
             }
@@ -580,7 +582,7 @@ public class LogFile implements ILogEventListener, IExtendedPluginInfo {
 
             // get the last signature from the currently-opened file
             String entry = getLastSignature(mFile);
-            if( entry != null ) {
+            if (entry != null) {
                 mSignature.update(entry.getBytes("UTF-8"));
                 mSignature.update(LINE_SEP_BYTE);
             }
@@ -614,12 +616,11 @@ public class LogFile implements ILogEventListener, IExtendedPluginInfo {
     }
 
     private static void setupSigningFailure(String logMessageCode, Exception e)
-        throws EBaseException
-    {
+            throws EBaseException {
         try {
-            ConsoleError.send( new SystemEvent(
-                CMS.getLogMessage(logMessageCode)));
-        } catch(Exception e2) {
+            ConsoleError.send(new SystemEvent(
+                    CMS.getLogMessage(logMessageCode)));
+        } catch (Exception e2) {
             // don't allow an exception while printing to the console
             // prevent us from running the rest of this function.
             e2.printStackTrace();
@@ -632,36 +633,36 @@ public class LogFile implements ILogEventListener, IExtendedPluginInfo {
     /**
      * Startup the instance
      * <P>
-     *
+     * 
      * <ul>
      * <li>signed.audit LOGGING_SIGNED_AUDIT_AUDIT_LOG_STARTUP used at audit
      * function startup
      * </ul>
+     * 
      * @exception EBaseException if an internal error occurred
      */
     public void startup() throws EBaseException {
         // ensure that any low-level exceptions are reported
         // to the signed audit log and stored as failures
         CMS.debug("LogFile: entering LogFile.startup()");
-        if( mOn && mLogSigning ) {
+        if (mOn && mLogSigning) {
             try {
                 setupSigning();
-                audit( CMS.getLogMessage(
-                    LOGGING_SIGNED_AUDIT_AUDIT_LOG_STARTUP,
-                    ILogger.SYSTEM_UID,
-                    ILogger.SUCCESS) );
-            } catch(EBaseException e) {
-                audit( CMS.getLogMessage(
-                    LOGGING_SIGNED_AUDIT_AUDIT_LOG_STARTUP,
-                    ILogger.SYSTEM_UID,
-                    ILogger.FAILURE) );
+                audit(CMS.getLogMessage(
+                        LOGGING_SIGNED_AUDIT_AUDIT_LOG_STARTUP,
+                        ILogger.SYSTEM_UID,
+                        ILogger.SUCCESS));
+            } catch (EBaseException e) {
+                audit(CMS.getLogMessage(
+                        LOGGING_SIGNED_AUDIT_AUDIT_LOG_STARTUP,
+                        ILogger.SYSTEM_UID,
+                        ILogger.FAILURE));
                 throw e;
             }
         }
 
     }
 
-
     /**
      * Retrieves the eventType this log is triggered.
      */
@@ -673,7 +674,7 @@ public class LogFile implements ILogEventListener, IExtendedPluginInfo {
      * Retrieves the log on/off.
      */
     public String getOn() {
-        return String.valueOf( mOn );
+        return String.valueOf(mOn);
     }
 
     /**
@@ -695,22 +696,22 @@ public class LogFile implements ILogEventListener, IExtendedPluginInfo {
     /**
      * Record that the signed audit log has been signed
      * <P>
-     *
+     * 
      * <ul>
-     * <li>signed.audit LOGGING_SIGNED_AUDIT_SIGNING used when a signature on the
-     * audit log is generated (same as "flush" time)
+     * <li>signed.audit LOGGING_SIGNED_AUDIT_SIGNING used when a signature on
+     * the audit log is generated (same as "flush" time)
      * </ul>
+     * 
      * @exception IOException for input/output problems
      * @exception ELogException when plugin implementation fails
      * @exception SignatureException when signing fails
      * @exception InvalidKeyException when an invalid key is utilized
      */
     private void pushSignature() throws IOException, ELogException,
-            SignatureException, InvalidKeyException
-    {
+            SignatureException, InvalidKeyException {
         byte[] sigBytes = null;
 
-        if( mSignature == null ) {
+        if (mSignature == null) {
             return;
         }
 
@@ -727,31 +728,31 @@ public class LogFile implements ILogEventListener, IExtendedPluginInfo {
                 LOGGING_SIGNED_AUDIT_SIGNING,
                 ILogger.SYSTEM_UID,
                 ILogger.SUCCESS,
-                base64Encode( sigBytes ) );
+                base64Encode(sigBytes));
 
-        if( mSignedAuditLogger == null ) {
+        if (mSignedAuditLogger == null) {
             return;
         }
 
         ILogEvent ev = mSignedAuditLogger.create(
                 ILogger.EV_SIGNED_AUDIT,
-                ( Properties ) null,
+                (Properties) null,
                 ILogger.S_SIGNED_AUDIT,
                 ILogger.LL_SECURITY,
                 auditMessage,
                 o,
-                ILogger.L_SINGLELINE );
+                ILogger.L_SINGLELINE);
 
-        String logMesg = logEvt2String(ev);                    
+        String logMesg = logEvt2String(ev);
         doLog(logMesg, true);
     }
 
     private static String getLastSignature(File f) throws IOException {
-        BufferedReader r = new BufferedReader( new FileReader(f) );
+        BufferedReader r = new BufferedReader(new FileReader(f));
         String lastSig = null;
         String curLine = null;
-        while( (curLine = r.readLine()) != null ) {
-            if( curLine.indexOf("AUDIT_LOG_SIGNING") != -1 ) {
+        while ((curLine = r.readLine()) != null) {
+            if (curLine.indexOf("AUDIT_LOG_SIGNING") != -1) {
                 lastSig = curLine;
             }
         }
@@ -760,8 +761,8 @@ public class LogFile implements ILogEventListener, IExtendedPluginInfo {
     }
 
     /**
-     * Open the log file.  This creates the buffered FileWriter
-     *
+     * Open the log file. This creates the buffered FileWriter
+     * 
      */
     protected synchronized void open() throws IOException {
         RandomAccessFile out;
@@ -769,14 +770,14 @@ public class LogFile implements ILogEventListener, IExtendedPluginInfo {
         try {
             out = new RandomAccessFile(mFile, "rw");
             out.seek(out.length());
-            //XXX int or long?
+            // XXX int or long?
             mBytesWritten = (int) out.length();
-            if( !Utils.isNT() ) {
+            if (!Utils.isNT()) {
                 try {
-                    Utils.exec( "chmod 00640 " + mFile.getCanonicalPath() );
-                } catch( IOException e ) {
-                    CMS.debug( "Unable to change file permissions on "
-                             + mFile.toString() );
+                    Utils.exec("chmod 00640 " + mFile.getCanonicalPath());
+                } catch (IOException e) {
+                    CMS.debug("Unable to change file permissions on "
+                             + mFile.toString());
                 }
             }
             mLogWriter = new BufferedWriter(
@@ -785,20 +786,20 @@ public class LogFile implements ILogEventListener, IExtendedPluginInfo {
             // The first time we open, mSignature will not have been
             // initialized yet. That's ok, we will push our first signature
             // in setupSigning().
-            if( mLogSigning && (mSignature != null)) {
+            if (mLogSigning && (mSignature != null)) {
                 try {
                     pushSignature();
                 } catch (ELogException le) {
                     ConsoleError.send(
-                        new SystemEvent(CMS.getUserMessage("CMS_LOG_ILLEGALARGUMENT",
-                                mFileName)));
+                            new SystemEvent(CMS.getUserMessage("CMS_LOG_ILLEGALARGUMENT",
+                                    mFileName)));
                 }
             }
         } catch (IllegalArgumentException iae) {
             ConsoleError.send(
-                new SystemEvent(CMS.getUserMessage("CMS_LOG_ILLEGALARGUMENT",
-                        mFileName)));
-        } catch(GeneralSecurityException gse) {
+                    new SystemEvent(CMS.getUserMessage("CMS_LOG_ILLEGALARGUMENT",
+                            mFileName)));
+        } catch (GeneralSecurityException gse) {
             // error with signed audit log, shutdown CMS
             gse.printStackTrace();
             shutdownCMS();
@@ -808,12 +809,12 @@ public class LogFile implements ILogEventListener, IExtendedPluginInfo {
     }
 
     /**
-     * Flush the log file.  Also update the MAC for hash protected logs
-     *
+     * Flush the log file. Also update the MAC for hash protected logs
+     * 
      */
     public synchronized void flush() {
         try {
-            if( mLogSigning ) {
+            if (mLogSigning) {
                 try {
                     pushSignature();
                 } catch (ELogException le) {
@@ -827,11 +828,11 @@ public class LogFile implements ILogEventListener, IExtendedPluginInfo {
         } catch (IOException e) {
             ConsoleError.send(new SystemEvent(CMS.getUserMessage("CMS_LOG_FLUSH_LOG_FAILED", mFileName, e.toString())));
             if (mLogSigning) {
-                //error in writing to signed audit log, shut down CMS
+                // error in writing to signed audit log, shut down CMS
                 e.printStackTrace();
                 shutdownCMS();
             }
-        } catch(GeneralSecurityException gse) {
+        } catch (GeneralSecurityException gse) {
             // error with signed audit log, shutdown CMS
             gse.printStackTrace();
             shutdownCMS();
@@ -842,7 +843,7 @@ public class LogFile implements ILogEventListener, IExtendedPluginInfo {
 
     /**
      * Close the log file
-     *
+     * 
      */
     protected synchronized void close() {
         try {
@@ -859,7 +860,7 @@ public class LogFile implements ILogEventListener, IExtendedPluginInfo {
     /**
      * Shutdown this log file.
      * <P>
-     *
+     * 
      * <ul>
      * <li>signed.audit LOGGING_SIGNED_AUDIT_AUDIT_LOG_SHUTDOWN used at audit
      * function shutdown
@@ -876,9 +877,9 @@ public class LogFile implements ILogEventListener, IExtendedPluginInfo {
         auditMessage = CMS.getLogMessage(
                            LOGGING_SIGNED_AUDIT_AUDIT_LOG_SHUTDOWN,
                            ILogger.SYSTEM_UID,
-                           ILogger.SUCCESS );
+                           ILogger.SUCCESS);
 
-        audit( auditMessage );
+        audit(auditMessage);
 
         close();
     }
@@ -886,9 +887,10 @@ public class LogFile implements ILogEventListener, IExtendedPluginInfo {
     /**
      * Set the flush interval
      * <P>
-     * @param    flushInterval The amount of time in seconds until the log
-     * is flush.  A value of 0 will disable autoflush.  This will also set
-     * the update period for hash protected logs.
+     * 
+     * @param flushInterval The amount of time in seconds until the log is
+     *            flush. A value of 0 will disable autoflush. This will also set
+     *            the update period for hash protected logs.
      **/
     public synchronized void setFlushInterval(int flushInterval) {
         mFlushInterval = flushInterval * 1000;
@@ -903,8 +905,8 @@ public class LogFile implements ILogEventListener, IExtendedPluginInfo {
     }
 
     /**
-     * Log flush thread.  Sleep for the flush interval and flush the
-     * log. Changing flush interval to 0 will cause this thread to exit.
+     * Log flush thread. Sleep for the flush interval and flush the log.
+     * Changing flush interval to 0 will cause this thread to exit.
      */
     final class FlushThread extends Thread {
 
@@ -925,7 +927,7 @@ public class LogFile implements ILogEventListener, IExtendedPluginInfo {
                     } catch (InterruptedException e) {
                         // This shouldn't happen very often
                         ConsoleError.send(new
-                            SystemEvent(CMS.getUserMessage("CMS_LOG_THREAD_INTERRUPT", "flush")));
+                                SystemEvent(CMS.getUserMessage("CMS_LOG_THREAD_INTERRUPT", "flush")));
                     }
                 }
 
@@ -942,10 +944,10 @@ public class LogFile implements ILogEventListener, IExtendedPluginInfo {
     }
 
     /**
-     * Synchronized method to write a string to the log file.  All I18N
-     * should take place before this call.
-     *
-     * @param  entry The log entry string
+     * Synchronized method to write a string to the log file. All I18N should
+     * take place before this call.
+     * 
+     * @param entry The log entry string
      */
     protected synchronized void log(String entry) throws ELogException {
         doLog(entry, false);
@@ -957,9 +959,9 @@ public class LogFile implements ILogEventListener, IExtendedPluginInfo {
     private static final byte LINE_SEP_BYTE = 0x0a;
 
     /**
-     * This method actually does the logging, and is not overridden
-     * by subclasses, so you can call it and know that it will do exactly
-     * what you see below.
+     * This method actually does the logging, and is not overridden by
+     * subclasses, so you can call it and know that it will do exactly what you
+     * see below.
      */
     private synchronized void doLog(String entry, boolean noFlush)
             throws ELogException {
@@ -969,51 +971,51 @@ public class LogFile implements ILogEventListener, IExtendedPluginInfo {
             throw new ELogException(CMS.getUserMessage("CMS_LOG_LOGFILE_CLOSED", params));
         } else {
             try {
-                mLogWriter.write(entry, 0/*offset*/, entry.length());
+                mLogWriter.write(entry, 0/* offset */, entry.length());
 
-                if (mLogSigning==true) {
-                    if(mSignature != null) {
+                if (mLogSigning == true) {
+                    if (mSignature != null) {
                         // include newline for calculating MAC
                         mSignature.update(entry.getBytes("UTF-8"));
                     } else {
                         CMS.debug("LogFile: mSignature is not yet ready... null in log()");
                     }
                 }
-                if (mTrace) { 
-                    CharArrayWriter cw = new CharArrayWriter(200); 
+                if (mTrace) {
+                    CharArrayWriter cw = new CharArrayWriter(200);
                     PrintWriter pw = new PrintWriter(cw);
                     Exception e = new Exception();
-                    e.printStackTrace(pw); 
-                    char[] c = cw.toCharArray(); 
-                    cw.close(); 
+                    e.printStackTrace(pw);
+                    char[] c = cw.toCharArray();
+                    cw.close();
                     pw.close();
 
-                    CharArrayReader cr = new CharArrayReader(c); 
+                    CharArrayReader cr = new CharArrayReader(c);
                     LineNumberReader lr = new LineNumberReader(cr);
 
-                    String text = null; 
-                    String method = null; 
+                    String text = null;
+                    String method = null;
                     String fileAndLine = null;
-                    if (lr.ready()) { 
-                        text = lr.readLine(); 
-                        do { 
-                            text = lr.readLine(); 
+                    if (lr.ready()) {
+                        text = lr.readLine();
+                        do {
+                            text = lr.readLine();
                         } while (text.indexOf("logging") != -1);
-                        int p = text.indexOf("("); 
+                        int p = text.indexOf("(");
                         fileAndLine = text.substring(p);
 
-                        String classandmethod = text.substring(0, p); 
-                        int q = classandmethod.lastIndexOf("."); 
-                        method = classandmethod.substring(q + 1); 
-                        mLogWriter.write(fileAndLine, 0/*offset*/, fileAndLine.length());
-                        mLogWriter.write(" ", 0/*offset*/, " ".length());
-                        mLogWriter.write(method, 0/*offset*/, method.length());
+                        String classandmethod = text.substring(0, p);
+                        int q = classandmethod.lastIndexOf(".");
+                        method = classandmethod.substring(q + 1);
+                        mLogWriter.write(fileAndLine, 0/* offset */, fileAndLine.length());
+                        mLogWriter.write(" ", 0/* offset */, " ".length());
+                        mLogWriter.write(method, 0/* offset */, method.length());
                     }
                 }
                 mLogWriter.newLine();
 
-                if (mLogSigning==true){
-                    if(mSignature != null) {
+                if (mLogSigning == true) {
+                    if (mSignature != null) {
                         mSignature.update(LINE_SEP_BYTE);
                     } else {
                         CMS.debug("LogFile: mSignature is null in log() 2");
@@ -1027,23 +1029,22 @@ public class LogFile implements ILogEventListener, IExtendedPluginInfo {
                     shutdownCMS();
                 }
             } catch (IllegalStateException e) {
-                CMS.debug("LogFile: exception thrown in log(): "+e.toString());
-                ConsoleError.send(new SignedAuditEvent(CMS.getLogMessage(LOG_SIGNED_AUDIT_EXCEPTION,e.toString())));
-            } catch( GeneralSecurityException gse ) {
+                CMS.debug("LogFile: exception thrown in log(): " + e.toString());
+                ConsoleError.send(new SignedAuditEvent(CMS.getLogMessage(LOG_SIGNED_AUDIT_EXCEPTION, e.toString())));
+            } catch (GeneralSecurityException gse) {
                 // DJN: handle error
                 CMS.debug("LogFile: exception thrown in log(): "
-                    + gse.toString());
+                        + gse.toString());
                 gse.printStackTrace();
                 ConsoleError.send(new SignedAuditEvent(CMS.getLogMessage(
-                    LOG_SIGNED_AUDIT_EXCEPTION,gse.toString())));
+                        LOG_SIGNED_AUDIT_EXCEPTION, gse.toString())));
             }
-                
 
             // XXX
             // Although length will be in Unicode dual-bytes, the PrintWriter
-            // will only print out 1 byte per character.  I suppose this could
+            // will only print out 1 byte per character. I suppose this could
             // be dependent on the encoding of your log file, but it ain't that
-            // smart yet.  Also, add one for the newline. (hmm, on NT, CR+LF)
+            // smart yet. Also, add one for the newline. (hmm, on NT, CR+LF)
             int nBytes = entry.length() + 1;
 
             mBytesWritten += nBytes;
@@ -1057,8 +1058,8 @@ public class LogFile implements ILogEventListener, IExtendedPluginInfo {
 
     /**
      * Write an event to the log file
-     *
-     * @param  ev The event to be logged.
+     * 
+     * @param ev The event to be logged.
      */
     public void log(ILogEvent ev) throws ELogException {
         if (ev instanceof AuditEvent) {
@@ -1069,7 +1070,7 @@ public class LogFile implements ILogEventListener, IExtendedPluginInfo {
             if (!mType.equals("system") || (!mOn) || mLevel > ev.getLevel()) {
                 return;
             }
-        }  else if (ev instanceof SignedAuditEvent) {
+        } else if (ev instanceof SignedAuditEvent) {
             if (!mType.equals("signedAudit") || (!mOn) || mLevel > ev.getLevel()) {
                 return;
             }
@@ -1082,7 +1083,7 @@ public class LogFile implements ILogEventListener, IExtendedPluginInfo {
             String type = ev.getEventType();
             if (type != null) {
                 if (!mSelectedEvents.contains(type)) {
-                    CMS.debug("LogFile: event type not selected: "+type);
+                    CMS.debug("LogFile: event type not selected: " + type);
                     return;
                 }
             }
@@ -1120,13 +1121,13 @@ public class LogFile implements ILogEventListener, IExtendedPluginInfo {
 
     /**
      * change multi-line log entry by replace "\n" with "\n "
-     *
-     * @param  original The original multi-line log entry.
+     * 
+     * @param original The original multi-line log entry.
      */
     private String prepareMultiline(String original) {
         int i, last = 0;
 
-        //NT: \r\n, unix: \n
+        // NT: \r\n, unix: \n
         while ((i = original.indexOf("\n", last)) != -1) {
             last = i + 1;
             original = original.substring(0, i + 1) + " " + original.substring(i + 1);
@@ -1135,15 +1136,15 @@ public class LogFile implements ILogEventListener, IExtendedPluginInfo {
     }
 
     /**
-     * Read all entries whose logLevel>=lowLevel && log source = source
-     * to at most maxLine entries(from end)
-     * If the parameter is -1, it's ignored and return all entries
-     *
+     * Read all entries whose logLevel>=lowLevel && log source = source to at
+     * most maxLine entries(from end) If the parameter is -1, it's ignored and
+     * return all entries
+     * 
      * @param maxLine The maximum lines to be returned
      * @param lowLevel The lowest log level to be returned
      * @param source The particular log source to be returned
      * @param fName The log file name to be read. If it's null, read the current
-     * log file
+     *            log file
      */
     public Vector<LogEntry> readEntry(int maxLine, int lowLevel, int source, String fName) {
         Vector<LogEntry> mEntries = new Vector<LogEntry>();
@@ -1152,23 +1153,23 @@ public class LogFile implements ILogEventListener, IExtendedPluginInfo {
         int lineNo = 0; // lineNo of the current entry in the log file
         int line = 0; // line of readed valid entries
         String firstLine = null; // line buffer
-        String nextLine = null; 
+        String nextLine = null;
         String entry = null;
         LogEntry logEntry = null;
 
         /*
-         this variable is added to accormodate misplaced multiline entries
-         write out buffered log entry when next entry is parsed successfully
-         this implementation is assuming parsing is more time consuming than
-         condition check
+         * this variable is added to accormodate misplaced multiline entries
+         * write out buffered log entry when next entry is parsed successfully
+         * this implementation is assuming parsing is more time consuming than
+         * condition check
          */
-        LogEntry preLogEntry = null; 
+        LogEntry preLogEntry = null;
 
         if (fName != null) {
             fileName = fName;
         }
         try {
-            //XXX think about this
+            // XXX think about this
             fBuffer = new BufferedReader(new FileReader(fileName));
             do {
                 try {
@@ -1194,9 +1195,9 @@ public class LogFile implements ILogEventListener, IExtendedPluginInfo {
                                 // if parse succeed, write out previous entry
                                 if (preLogEntry != null) {
                                     if ((Integer.parseInt(preLogEntry.getLevel()) >= lowLevel) &&
-                                        ((Integer.parseInt(preLogEntry.getSource()) == source) ||
+                                            ((Integer.parseInt(preLogEntry.getSource()) == source) ||
                                             (source == ILogger.S_ALL)
-                                        )) {
+                                            )) {
                                         mEntries.addElement(preLogEntry);
                                         if (maxLine == -1) {
                                             line++;
@@ -1223,13 +1224,12 @@ public class LogFile implements ILogEventListener, IExtendedPluginInfo {
 
                 } catch (IOException e) {
                     CMS.getLogger().log(ILogger.EV_SYSTEM, ILogger.S_OTHER,
-                        ILogger.LL_FAILURE,
-            CMS.getLogMessage("LOGGING_READ_ERROR", fileName,
-                        Integer.toString(lineNo)));
+                            ILogger.LL_FAILURE,
+                            CMS.getLogMessage("LOGGING_READ_ERROR", fileName,
+                                    Integer.toString(lineNo)));
                 }
 
-            }
-            while (nextLine != null);
+            } while (nextLine != null);
 
             // need to process the last 2 entries of the file
             if (firstLine != null) {
@@ -1240,17 +1240,18 @@ public class LogFile implements ILogEventListener, IExtendedPluginInfo {
                 try {
                     logEntry = new LogEntry(entry);
 
-                    /*  System.out.println(
-                     Integer.toString(Integer.parseInt(logEntry.getLevel()))
-                     +","+Integer.toString(lowLevel)+","+
-                     Integer.toString(Integer.parseInt(logEntry.getSource()))
-                     +","+Integer.toString(source) );
+                    /*
+                     * System.out.println(
+                     * Integer.toString(Integer.parseInt(logEntry.getLevel()))
+                     * +","+Integer.toString(lowLevel)+","+
+                     * Integer.toString(Integer.parseInt(logEntry.getSource()))
+                     * +","+Integer.toString(source) );
                      */
                     if (preLogEntry != null) {
                         if ((Integer.parseInt(preLogEntry.getLevel()) >= lowLevel) &&
-                            ((Integer.parseInt(preLogEntry.getSource()) == source) ||
+                                ((Integer.parseInt(preLogEntry.getSource()) == source) ||
                                 (source == ILogger.S_ALL)
-                            )) {
+                                )) {
                             mEntries.addElement(preLogEntry);
                             if (maxLine == -1) {
                                 line++;
@@ -1268,11 +1269,11 @@ public class LogFile implements ILogEventListener, IExtendedPluginInfo {
 
                 if (preLogEntry != null) {
                     if ((Integer.parseInt(preLogEntry.getLevel()) >= lowLevel)
-                        &&
-                        ((Integer.parseInt(preLogEntry.getSource()) == source)
+                            &&
+                            ((Integer.parseInt(preLogEntry.getSource()) == source)
                             ||
                             (source == ILogger.S_ALL)
-                        )) {
+                            )) {
                         // parse the entry, pass to UI
                         mEntries.addElement(preLogEntry);
                         if (maxLine == -1) {
@@ -1291,15 +1292,15 @@ public class LogFile implements ILogEventListener, IExtendedPluginInfo {
                 fBuffer.close();
             } catch (IOException e) {
                 CMS.getLogger().log(ILogger.EV_SYSTEM, ILogger.S_OTHER,
-                    ILogger.LL_FAILURE, "logging:" + fileName +
-                    " failed to close for reading");
+                        ILogger.LL_FAILURE, "logging:" + fileName +
+                                " failed to close for reading");
             }
 
         } catch (FileNotFoundException e) {
             CMS.getLogger().log(ILogger.EV_SYSTEM, ILogger.S_OTHER,
-                ILogger.LL_FAILURE, 
-        CMS.getLogMessage("LOGGING_FILE_NOT_FOUND",
-            fileName));
+                    ILogger.LL_FAILURE,
+                    CMS.getLogMessage("LOGGING_FILE_NOT_FOUND",
+                            fileName));
         }
         return mEntries;
     }
@@ -1307,7 +1308,7 @@ public class LogFile implements ILogEventListener, IExtendedPluginInfo {
     /**
      * Retrieves the configuration store of this subsystem.
      * <P>
-     *
+     * 
      * @return configuration store
      */
     public IConfigStore getConfigStore() {
@@ -1315,27 +1316,27 @@ public class LogFile implements ILogEventListener, IExtendedPluginInfo {
     }
 
     /**
-     * Retrieve last "maxLine" number of system log with log lever >"level"
-     * and from  source "source". If the parameter is omitted. All entries
-     * are sent back.
+     * Retrieve last "maxLine" number of system log with log lever >"level" and
+     * from source "source". If the parameter is omitted. All entries are sent
+     * back.
      */
     public synchronized NameValuePairs retrieveLogContent(Hashtable<String, String> req) throws ServletException,
             IOException, EBaseException {
         NameValuePairs params = new NameValuePairs();
         String tmp, fName = null;
         int maxLine = -1, level = -1, source = -1;
-        Vector<LogEntry>  entries = null;
+        Vector<LogEntry> entries = null;
 
-        if ((tmp = (String)req.get(Constants.PR_LOG_ENTRY)) != null) {
+        if ((tmp = (String) req.get(Constants.PR_LOG_ENTRY)) != null) {
             maxLine = Integer.parseInt(tmp);
         }
-        if ((tmp = (String)req.get(Constants.PR_LOG_LEVEL)) != null) {
+        if ((tmp = (String) req.get(Constants.PR_LOG_LEVEL)) != null) {
             level = Integer.parseInt(tmp);
         }
-        if ((tmp = (String)req.get(Constants.PR_LOG_SOURCE)) != null) {
+        if ((tmp = (String) req.get(Constants.PR_LOG_SOURCE)) != null) {
             source = Integer.parseInt(tmp);
         }
-        tmp = (String)req.get(Constants.PR_LOG_NAME);
+        tmp = (String) req.get(Constants.PR_LOG_NAME);
         if (!(tmp.equals(Constants.PR_CURRENT_LOG))) {
             fName = tmp;
         } else {
@@ -1346,12 +1347,12 @@ public class LogFile implements ILogEventListener, IExtendedPluginInfo {
             entries = readEntry(maxLine, level, source, fName);
             for (int i = 0; i < entries.size(); i++) {
                 params.add(Integer.toString(i) +
-                    ((LogEntry) entries.elementAt(i)).getEntry(), "");
+                        ((LogEntry) entries.elementAt(i)).getEntry(), "");
             }
         } catch (Exception e) {
             CMS.getLogger().log(ILogger.EV_SYSTEM, ILogger.S_OTHER,
-                ILogger.LL_WARN, 
-                "System log parse error");
+                    ILogger.LL_WARN,
+                    "System log parse error");
         }
         return params;
     }
@@ -1385,11 +1386,11 @@ public class LogFile implements ILogEventListener, IExtendedPluginInfo {
         // needs to find a way to determine what type you want. if this
         // is not for the signed audit type, then we should not show the
         // following parameters.
-        //if( mType.equals( ILogger.PROP_SIGNED_AUDIT ) ) {
-            v.addElement( PROP_SIGNED_AUDIT_LOG_SIGNING + "=" );
-            v.addElement( PROP_SIGNED_AUDIT_CERT_NICKNAME + "=" );
-            v.addElement( PROP_SIGNED_AUDIT_EVENTS + "=" );
-        //}
+        // if( mType.equals( ILogger.PROP_SIGNED_AUDIT ) ) {
+        v.addElement(PROP_SIGNED_AUDIT_LOG_SIGNING + "=");
+        v.addElement(PROP_SIGNED_AUDIT_CERT_NICKNAME + "=");
+        v.addElement(PROP_SIGNED_AUDIT_EVENTS + "=");
+        // }
 
         return v;
     }
@@ -1401,11 +1402,11 @@ public class LogFile implements ILogEventListener, IExtendedPluginInfo {
 
             if (mType == null) {
                 v.addElement(PROP_TYPE + "=");
-            }else {
+            } else {
                 v.addElement(PROP_TYPE + "=" +
-                    mConfig.getString(PROP_TYPE));
+                        mConfig.getString(PROP_TYPE));
             }
-            v.addElement(PROP_ON + "=" + String.valueOf( mOn ) );
+            v.addElement(PROP_ON + "=" + String.valueOf(mOn));
             if (mLevel == 0)
                 v.addElement(PROP_LEVEL + "=" + ILogger.LL_DEBUG_STRING);
             else if (mLevel == 1)
@@ -1423,29 +1424,29 @@ public class LogFile implements ILogEventListener, IExtendedPluginInfo {
 
             if (mFileName == null) {
                 v.addElement(PROP_FILE_NAME + "=");
-            }else {
+            } else {
                 v.addElement(PROP_FILE_NAME + "=" +
-                    mFileName);
+                        mFileName);
             }
             v.addElement(PROP_BUFFER_SIZE + "=" + mBufferSize);
             v.addElement(PROP_FLUSH_INTERVAL + "=" + mFlushInterval / 1000);
 
-            if( (mType != null) && mType.equals( ILogger.PROP_SIGNED_AUDIT ) ) {
-                v.addElement( PROP_SIGNED_AUDIT_LOG_SIGNING + "="
-                            + String.valueOf( mLogSigning ) );
+            if ((mType != null) && mType.equals(ILogger.PROP_SIGNED_AUDIT)) {
+                v.addElement(PROP_SIGNED_AUDIT_LOG_SIGNING + "="
+                            + String.valueOf(mLogSigning));
 
-                if( mSAuditCertNickName == null ) {
-                    v.addElement( PROP_SIGNED_AUDIT_CERT_NICKNAME + "=" );
+                if (mSAuditCertNickName == null) {
+                    v.addElement(PROP_SIGNED_AUDIT_CERT_NICKNAME + "=");
                 } else {
-                    v.addElement( PROP_SIGNED_AUDIT_CERT_NICKNAME + "="
-                                + mSAuditCertNickName );
+                    v.addElement(PROP_SIGNED_AUDIT_CERT_NICKNAME + "="
+                                + mSAuditCertNickName);
                 }
 
-                if( mSelectedEventsList == null ) {
-                    v.addElement( PROP_SIGNED_AUDIT_EVENTS + "=" );
+                if (mSelectedEventsList == null) {
+                    v.addElement(PROP_SIGNED_AUDIT_EVENTS + "=");
                 } else {
-                    v.addElement( PROP_SIGNED_AUDIT_EVENTS + "="
-                                + mSelectedEventsList );
+                    v.addElement(PROP_SIGNED_AUDIT_EVENTS + "="
+                                + mSelectedEventsList);
                 }
             }
         } catch (Exception e) {
@@ -1454,53 +1455,53 @@ public class LogFile implements ILogEventListener, IExtendedPluginInfo {
     }
 
     public String[] getExtendedPluginInfo(Locale locale) {
-        if( mType.equals( ILogger.PROP_SIGNED_AUDIT ) ) {
+        if (mType.equals(ILogger.PROP_SIGNED_AUDIT)) {
             String[] params = {
-                PROP_TYPE + ";choice(transaction,signedAudit,system);The log event type this instance is listening to",
-                PROP_ON + ";boolean;Turn on the listener",
-                PROP_LEVEL + ";choice(" + ILogger.LL_DEBUG_STRING + "," +
-                ILogger.LL_INFO_STRING + "," +
-                ILogger.LL_WARN_STRING + "," +
-                ILogger.LL_FAILURE_STRING + "," +
-                ILogger.LL_MISCONF_STRING + "," +
-                ILogger.LL_CATASTRPHE_STRING + "," +
-                ILogger.LL_SECURITY_STRING + ");Only log message with level higher than this filter will be written by this listener",
-                PROP_FILE_NAME + ";string;The name of the file the log is written to",
-                PROP_BUFFER_SIZE + ";integer;The size of the buffer to receive log messages in kilobytes(KB)",
-                PROP_FLUSH_INTERVAL + ";integer;The maximum time in seconds before the buffer is flushed to the file",
-                IExtendedPluginInfo.HELP_TOKEN +
-                ";configuration-logrules-logfile",
-                IExtendedPluginInfo.HELP_TEXT +
-                ";Write the log messages to a file",
-                PROP_SIGNED_AUDIT_LOG_SIGNING +
-                ";boolean;Enable audit logs to be signed",
-                PROP_SIGNED_AUDIT_CERT_NICKNAME +
-                ";string;The nickname of the certificate to be used to sign audit logs",
-                PROP_SIGNED_AUDIT_EVENTS +
-                ";string;A comma-separated list of strings used to specify particular signed audit log events",
+                    PROP_TYPE + ";choice(transaction,signedAudit,system);The log event type this instance is listening to",
+                    PROP_ON + ";boolean;Turn on the listener",
+                    PROP_LEVEL + ";choice(" + ILogger.LL_DEBUG_STRING + "," +
+                            ILogger.LL_INFO_STRING + "," +
+                            ILogger.LL_WARN_STRING + "," +
+                            ILogger.LL_FAILURE_STRING + "," +
+                            ILogger.LL_MISCONF_STRING + "," +
+                            ILogger.LL_CATASTRPHE_STRING + "," +
+                            ILogger.LL_SECURITY_STRING + ");Only log message with level higher than this filter will be written by this listener",
+                    PROP_FILE_NAME + ";string;The name of the file the log is written to",
+                    PROP_BUFFER_SIZE + ";integer;The size of the buffer to receive log messages in kilobytes(KB)",
+                    PROP_FLUSH_INTERVAL + ";integer;The maximum time in seconds before the buffer is flushed to the file",
+                    IExtendedPluginInfo.HELP_TOKEN +
+                            ";configuration-logrules-logfile",
+                    IExtendedPluginInfo.HELP_TEXT +
+                            ";Write the log messages to a file",
+                    PROP_SIGNED_AUDIT_LOG_SIGNING +
+                            ";boolean;Enable audit logs to be signed",
+                    PROP_SIGNED_AUDIT_CERT_NICKNAME +
+                            ";string;The nickname of the certificate to be used to sign audit logs",
+                    PROP_SIGNED_AUDIT_EVENTS +
+                            ";string;A comma-separated list of strings used to specify particular signed audit log events",
             };
 
             return params;
         } else {
-            // mType.equals( ILogger.PROP_AUDIT )  ||
+            // mType.equals( ILogger.PROP_AUDIT ) ||
             // mType.equals( ILogger.PROP_SYSTEM )
             String[] params = {
-                PROP_TYPE + ";choice(transaction,signedAudit,system);The log event type this instance is listening to",
-                PROP_ON + ";boolean;Turn on the listener",
-                PROP_LEVEL + ";choice(" + ILogger.LL_DEBUG_STRING + "," +
-                ILogger.LL_INFO_STRING + "," +
-                ILogger.LL_WARN_STRING + "," +
-                ILogger.LL_FAILURE_STRING + "," +
-                ILogger.LL_MISCONF_STRING + "," +
-                ILogger.LL_CATASTRPHE_STRING + "," +
-                ILogger.LL_SECURITY_STRING + ");Only log message with level higher than this filter will be written by this listener",
-                PROP_FILE_NAME + ";string;The name of the file the log is written to",
-                PROP_BUFFER_SIZE + ";integer;The size of the buffer to receive log messages in kilobytes(KB)",
-                PROP_FLUSH_INTERVAL + ";integer;The maximum time in seconds before the buffer is flushed to the file",
-                IExtendedPluginInfo.HELP_TOKEN +
-                ";configuration-logrules-logfile",
-                IExtendedPluginInfo.HELP_TEXT +
-                ";Write the log messages to a file"
+                    PROP_TYPE + ";choice(transaction,signedAudit,system);The log event type this instance is listening to",
+                    PROP_ON + ";boolean;Turn on the listener",
+                    PROP_LEVEL + ";choice(" + ILogger.LL_DEBUG_STRING + "," +
+                            ILogger.LL_INFO_STRING + "," +
+                            ILogger.LL_WARN_STRING + "," +
+                            ILogger.LL_FAILURE_STRING + "," +
+                            ILogger.LL_MISCONF_STRING + "," +
+                            ILogger.LL_CATASTRPHE_STRING + "," +
+                            ILogger.LL_SECURITY_STRING + ");Only log message with level higher than this filter will be written by this listener",
+                    PROP_FILE_NAME + ";string;The name of the file the log is written to",
+                    PROP_BUFFER_SIZE + ";integer;The size of the buffer to receive log messages in kilobytes(KB)",
+                    PROP_FLUSH_INTERVAL + ";integer;The maximum time in seconds before the buffer is flushed to the file",
+                    IExtendedPluginInfo.HELP_TOKEN +
+                            ";configuration-logrules-logfile",
+                    IExtendedPluginInfo.HELP_TEXT +
+                            ";Write the log messages to a file"
             };
 
             return params;
@@ -1509,27 +1510,25 @@ public class LogFile implements ILogEventListener, IExtendedPluginInfo {
 
     /**
      * Signed Audit Log
-     *
-     * This method is inherited by all classes that extend this "LogFile"
-     * class, and is called to store messages to the signed audit log.
+     * 
+     * This method is inherited by all classes that extend this "LogFile" class,
+     * and is called to store messages to the signed audit log.
      * <P>
-     *
+     * 
      * @param msg signed audit log message
      */
-    protected void audit( String msg )
-    {
+    protected void audit(String msg) {
         // in this case, do NOT strip preceding/trailing whitespace
         // from passed-in String parameters
 
-        if( mSignedAuditLogger == null ) {
+        if (mSignedAuditLogger == null) {
             return;
         }
 
-        mSignedAuditLogger.log( ILogger.EV_SIGNED_AUDIT,
+        mSignedAuditLogger.log(ILogger.EV_SIGNED_AUDIT,
                                 null,
                                 ILogger.S_SIGNED_AUDIT,
                                 ILogger.LL_SECURITY,
-                                msg );
+                                msg);
     }
 }
-
diff --git a/pki/base/common/src/com/netscape/cms/logging/RollingLogFile.java b/pki/base/common/src/com/netscape/cms/logging/RollingLogFile.java
index d2dab395..e4678bb7 100644
--- a/pki/base/common/src/com/netscape/cms/logging/RollingLogFile.java
+++ b/pki/base/common/src/com/netscape/cms/logging/RollingLogFile.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.logging;
 
-
 import java.io.File;
 import java.io.FileNotFoundException;
 import java.io.FilenameFilter;
@@ -41,12 +40,11 @@ import com.netscape.certsrv.logging.ILogger;
 import com.netscape.certsrv.logging.SystemEvent;
 import com.netscape.cmsutil.util.Utils;
 
-
 /**
  * A rotating log file for Certificate log events. This class loosely follows
  * the Netscape Common Log API implementing rollover interval, size and file
  * naming conventions. It does not yet implement Disk Usage.
- *
+ * 
  * @version $Revision$, $Date$
  */
 public class RollingLogFile extends LogFile {
@@ -105,7 +103,7 @@ public class RollingLogFile extends LogFile {
     private Object mExpLock = new Object();
 
     private final static String LOGGING_SIGNED_AUDIT_LOG_DELETE =
-        "LOGGING_SIGNED_AUDIT_LOG_DELETE_3";
+            "LOGGING_SIGNED_AUDIT_LOG_DELETE_3";
 
     /**
      * Construct a RollingLogFile
@@ -115,7 +113,7 @@ public class RollingLogFile extends LogFile {
 
     /**
      * Initialize and open a RollingLogFile using the prop config store
-     *
+     * 
      * @param config The property config store to find values in
      */
     public void init(IConfigStore config) throws IOException,
@@ -123,8 +121,8 @@ public class RollingLogFile extends LogFile {
         super.init(config);
 
         rl_init(config.getInteger(PROP_MAX_FILE_SIZE, MAX_FILE_SIZE),
-            config.getString(PROP_ROLLOVER_INTERVAL, ROLLOVER_INTERVAL),
-            config.getString(PROP_EXPIRATION_TIME, EXPIRATION_TIME));
+                config.getString(PROP_ROLLOVER_INTERVAL, ROLLOVER_INTERVAL),
+                config.getString(PROP_EXPIRATION_TIME, EXPIRATION_TIME));
     }
 
     /**
@@ -132,7 +130,7 @@ public class RollingLogFile extends LogFile {
      * attributes.
      */
     protected void rl_init(int maxFileSize, String rolloverInterval,
-        String expirationTime) {
+            String expirationTime) {
         mMaxFileSize = maxFileSize * 1024;
         setRolloverTime(rolloverInterval);
         setExpirationTime(expirationTime);
@@ -153,9 +151,9 @@ public class RollingLogFile extends LogFile {
 
     /**
      * Set the rollover interval
-     *
-     * @param	rolloverSeconds The amount of time in seconds until the log
-     * is rotated.  A value of 0 will disable log rollover.
+     * 
+     * @param rolloverSeconds The amount of time in seconds until the log is
+     *            rotated. A value of 0 will disable log rollover.
      **/
     public synchronized void setRolloverTime(String rolloverSeconds) {
         mRolloverInterval = Long.valueOf(rolloverSeconds).longValue() * 1000;
@@ -171,8 +169,8 @@ public class RollingLogFile extends LogFile {
 
     /**
      * Get the rollover interval
-     *
-     * @return   The interval in seconds in which the log is rotated
+     * 
+     * @return The interval in seconds in which the log is rotated
      **/
     public synchronized int getRolloverTime() {
         return (int) (mRolloverInterval / 1000);
@@ -180,9 +178,9 @@ public class RollingLogFile extends LogFile {
 
     /**
      * Set the file expiration time
-     *
-     * @param	expirationSeconds The amount of time in seconds until log files
-     * are deleted
+     * 
+     * @param expirationSeconds The amount of time in seconds until log files
+     *            are deleted
      **/
     public void setExpirationTime(String expirationSeconds) {
 
@@ -205,8 +203,8 @@ public class RollingLogFile extends LogFile {
 
     /**
      * Get the expiration time
-     *
-     * @return   The age in seconds in which log files are delete
+     * 
+     * @return The age in seconds in which log files are delete
      **/
     public int getExpirationTime() {
         return (int) (mExpirationTime / 1000);
@@ -217,82 +215,82 @@ public class RollingLogFile extends LogFile {
      * extension
      **/
     public synchronized void rotate()
-        throws IOException {
+            throws IOException {
 
-        //File backupFile = new File(mFileName + "." + mFileNumber);
+        // File backupFile = new File(mFileName + "." + mFileNumber);
         File backupFile = new File(mFileName + "." + mLogFileDateFormat.format(mDate));
 
         // close, backup, and reopen the log file zeroizing its contents
         super.close();
         try {
-            if( Utils.isNT() ) {
+            if (Utils.isNT()) {
                 // NT is very picky on the path
-                Utils.exec( "copy " +
-                            mFile.getCanonicalPath().replace( '/', '\\' ) +
+                Utils.exec("copy " +
+                            mFile.getCanonicalPath().replace('/', '\\') +
                             " " +
-                            backupFile.getCanonicalPath().replace( '/',
-                                                                   '\\' ) );
+                            backupFile.getCanonicalPath().replace('/',
+                                                                   '\\'));
             } else {
                 // Create a copy of the original file which
                 // preserves the original file permissions.
-                Utils.exec( "cp -p " + mFile.getCanonicalPath() + " " +
-                             backupFile.getCanonicalPath() );
+                Utils.exec("cp -p " + mFile.getCanonicalPath() + " " +
+                             backupFile.getCanonicalPath());
             }
 
             // Zeroize the original file if and only if
             // the backup copy was successful.
-            if( backupFile.exists() ) {
+            if (backupFile.exists()) {
 
                 // Make certain that the backup file has
                 // the correct permissions.
-                if( !Utils.isNT() ) {
-                    Utils.exec( "chmod 00640 " + backupFile.getCanonicalPath() );
+                if (!Utils.isNT()) {
+                    Utils.exec("chmod 00640 " + backupFile.getCanonicalPath());
                 }
 
                 try {
                     // Open and close the original file
                     // to zeroize its contents.
-                    PrintWriter pw = new PrintWriter( mFile );
+                    PrintWriter pw = new PrintWriter(mFile);
                     pw.close();
 
                     // Make certain that the original file retains
                     // the correct permissions.
-                    if( !Utils.isNT() ) {
-                        Utils.exec( "chmod 00640 " + mFile.getCanonicalPath() );
+                    if (!Utils.isNT()) {
+                        Utils.exec("chmod 00640 " + mFile.getCanonicalPath());
                     }
-                } catch ( FileNotFoundException e ) {
-                    CMS.debug( "Unable to zeroize "
-                             + mFile.toString() );
+                } catch (FileNotFoundException e) {
+                    CMS.debug("Unable to zeroize "
+                             + mFile.toString());
                 }
             } else {
-                CMS.debug( "Unable to backup "
+                CMS.debug("Unable to backup "
                          + mFile.toString() + " to "
-                         + backupFile.toString() );
+                         + backupFile.toString());
             }
-        } catch( Exception e ) {
-            CMS.debug( "Unable to backup "
+        } catch (Exception e) {
+            CMS.debug("Unable to backup "
                      + mFile.toString() + " to "
-                     + backupFile.toString() );
+                     + backupFile.toString());
         }
         super.open(); // will reset mBytesWritten
         mFileNumber++;
     }
 
     /**
-     * Remove any log files which have not been modified in the specified
-     * time
+     * Remove any log files which have not been modified in the specified time
      * <P>
-     *
-     * NOTE:  automatic removal of log files is currently NOT supported!
+     * 
+     * NOTE: automatic removal of log files is currently NOT supported!
      * <P>
-     *
+     * 
      * <ul>
      * <li>signed.audit LOGGING_SIGNED_AUDIT_LOG_DELETE used AFTER audit log
      * expires (authorization should not allow, but in case authorization gets
      * compromised make sure it is written AFTER the log expiration happens)
      * </ul>
+     * 
      * @param expirationSeconds The number of seconds since the expired files
-     * have been modified.
+     *            have been modified.
      * @return the time in milliseconds when the next file expires
      **/
     public long expire(long expirationSeconds) throws ELogException {
@@ -312,26 +310,26 @@ public class RollingLogFile extends LogFile {
         File dir = new File(dirName);
 
         // Get just the base name, minus the .date extension
-        //int len = mFile.getName().length() - LogFile.DATE_PATTERN.length() - 1;
-        //String baseName = mFile.getName().substring(0, len);
+        // int len = mFile.getName().length() - LogFile.DATE_PATTERN.length() -
+        // 1;
+        // String baseName = mFile.getName().substring(0, len);
         String fileName = mFile.getName();
         String baseName = null, pathName = null;
         int index = fileName.lastIndexOf("/");
 
-        if (index != -1) { // "/"  exist in fileName
+        if (index != -1) { // "/" exist in fileName
             pathName = fileName.substring(0, index);
             baseName = fileName.substring(index + 1);
             dirName = dirName.concat("/" + pathName);
-        }else { // "/" NOT exist in fileName
+        } else { // "/" NOT exist in fileName
             baseName = fileName;
         }
 
         fileFilter ff = new fileFilter(baseName + ".");
         String[] filelist = dir.list(ff);
 
-        if (filelist == null) { // Crap!  Something is wrong.
-            throw new
-                ELogException(CMS.getUserMessage("CMS_LOG_DIRECTORY_LIST_FAILED",
+        if (filelist == null) { // Crap! Something is wrong.
+            throw new ELogException(CMS.getUserMessage("CMS_LOG_DIRECTORY_LIST_FAILED",
                     dirName, ff.toString()));
         }
 
@@ -340,16 +338,16 @@ public class RollingLogFile extends LogFile {
         for (int i = 0; i < filelist.length; i++) {
             if (pathName != null) {
                 filelist[i] = pathName + "/" + filelist[i];
-            }else {
+            } else {
                 filelist[i] = dirName + "/" + filelist[i];
             }
-            
+
             String fullname = dirName + File.separatorChar + filelist[i];
             File file = new File(fullname);
             long fileTime = file.lastModified();
 
             // Java documentation on File says lastModified() should not
-            // be interpeted.  The doc is wrong.  See JavaSoft bug #4094538
+            // be interpeted. The doc is wrong. See JavaSoft bug #4094538
             if ((currentTime - fileTime) > expirationTime) {
                 file.delete();
 
@@ -382,7 +380,7 @@ public class RollingLogFile extends LogFile {
     //
     // At first glance you may think it's a waste of thread resources to have
     // two threads for every log file, but the truth is that these threads are
-    // sleeping 99% of the time.  NxN thread implementations (Solaris, NT,
+    // sleeping 99% of the time. NxN thread implementations (Solaris, NT,
     // IRIX 6.4, Unixware, etc...) will handle these in user space.
     //
     // You may be able to join these into one thread, and deal with
@@ -392,8 +390,8 @@ public class RollingLogFile extends LogFile {
     //
 
     /**
-     * Log rotation thread.  Sleep for the rollover interval and rotate the
-     * log. Changing rollover interval to 0 will cause this thread to exit.
+     * Log rotation thread. Sleep for the rollover interval and rotate the log.
+     * Changing rollover interval to 0 will cause this thread to exit.
      */
     final class RolloverThread extends Thread {
 
@@ -414,7 +412,7 @@ public class RollingLogFile extends LogFile {
                     } catch (InterruptedException e) {
                         // This shouldn't happen very often
                         CMS.getLogger().getLogQueue().log(new
-                            SystemEvent(CMS.getUserMessage("CMS_LOG_THREAD_INTERRUPT", "rollover")));
+                                SystemEvent(CMS.getUserMessage("CMS_LOG_THREAD_INTERRUPT", "rollover")));
                     }
                 }
 
@@ -427,23 +425,22 @@ public class RollingLogFile extends LogFile {
                         rotate();
                     } catch (IOException e) {
                         ConsoleError.send(new
-                            SystemEvent(CMS.getUserMessage("CMS_LOG_ROTATE_LOG_FAILED", mFile.getName(), e.toString())));
+                                SystemEvent(CMS.getUserMessage("CMS_LOG_ROTATE_LOG_FAILED", mFile.getName(), e.toString())));
                         break;
                     }
                 }
                 // else
-                //   Don't rotate empty logs
-                //   flag in log summary file?
+                // Don't rotate empty logs
+                // flag in log summary file?
             }
             mRolloverThread = null;
         }
     }
 
-
     /**
-     * Log expiration thread.  Sleep for the expiration interval and
-     * delete any files which are too old.
-     * Changing expiration interval to 0 will cause this thread to exit.
+     * Log expiration thread. Sleep for the expiration interval and delete any
+     * files which are too old. Changing expiration interval to 0 will cause
+     * this thread to exit.
      */
     final class ExpirationThread extends Thread {
 
@@ -467,18 +464,18 @@ public class RollingLogFile extends LogFile {
                         wakeupTime = expire((long) (mExpirationTime / 1000));
                     } catch (SecurityException e) {
                         ConsoleError.send(new
-                            SystemEvent(CMS.getUserMessage("CMS_LOG_EXPIRE_LOG_FAILED", e.toString())));
+                                SystemEvent(CMS.getUserMessage("CMS_LOG_EXPIRE_LOG_FAILED", e.toString())));
                         break;
                     } catch (ELogException e) {
                         ConsoleError.send(new
-                            SystemEvent(CMS.getUserMessage("CMS_LOG_EXPIRE_LOG_FAILED", e.toString())));
+                                SystemEvent(CMS.getUserMessage("CMS_LOG_EXPIRE_LOG_FAILED", e.toString())));
                         break;
                     }
 
                     sleepTime = wakeupTime - System.currentTimeMillis();
-                    //System.out.println("wakeup " + wakeupTime);
-                    //System.out.println("current "+System.currentTimeMillis());
-                    //System.out.println("sleep " + sleepTime);
+                    // System.out.println("wakeup " + wakeupTime);
+                    // System.out.println("current "+System.currentTimeMillis());
+                    // System.out.println("sleep " + sleepTime);
                     // Sleep for the interval and then check the directory
                     // Note: mExpirationTime can only change while we're
                     // sleeping
@@ -488,7 +485,7 @@ public class RollingLogFile extends LogFile {
                         } catch (InterruptedException e) {
                             // This shouldn't happen very often
                             ConsoleError.send(new
-                                SystemEvent(CMS.getUserMessage("CMS_LOG_THREAD_INTERRUPT", "expiration")));
+                                    SystemEvent(CMS.getUserMessage("CMS_LOG_THREAD_INTERRUPT", "expiration")));
                         }
                     }
                 }
@@ -499,11 +496,11 @@ public class RollingLogFile extends LogFile {
 
     /**
      * Write an event to the log file
-     *
-     * @param  ev The event to be logged.
+     * 
+     * @param ev The event to be logged.
      **/
     public synchronized void log(ILogEvent ev) throws ELogException {
-        //xxx, Shall we log first without checking if it exceed the maximum?
+        // xxx, Shall we log first without checking if it exceed the maximum?
         super.log(ev); // Will increment mBytesWritten
 
         if ((0 != mMaxFileSize) && (mBytesWritten > mMaxFileSize)) {
@@ -519,9 +516,9 @@ public class RollingLogFile extends LogFile {
     /**
      * Retrieve log file list.
      */
-    public synchronized NameValuePairs retrieveLogList(Hashtable<String, String>  req
-        ) throws ServletException,
-            IOException, EBaseException {
+    public synchronized NameValuePairs retrieveLogList(Hashtable<String, String> req
+            ) throws ServletException,
+                    IOException, EBaseException {
         NameValuePairs params = new NameValuePairs();
         String[] files = null;
 
@@ -534,7 +531,7 @@ public class RollingLogFile extends LogFile {
 
     /**
      * Get the log file list in the log directory
-     *
+     * 
      * @return an array of filenames with related path to cert server root
      */
     protected String[] fileList() {
@@ -544,7 +541,7 @@ public class RollingLogFile extends LogFile {
         String fileName = mFile.getName();
         int index = fileName.lastIndexOf("/");
 
-        if (index != -1) { // "/"  exist in fileName
+        if (index != -1) { // "/" exist in fileName
             pathName = fileName.substring(0, index);
             baseName = fileName.substring(index + 1);
             if (dirName == null) {
@@ -552,24 +549,25 @@ public class RollingLogFile extends LogFile {
             } else {
                 dirName = dirName.concat("/" + pathName);
             }
-        }else { // "/" NOT exist in fileName
+        } else { // "/" NOT exist in fileName
             baseName = fileName;
         }
-			
+
         File dir = new File(dirName);
 
         fileFilter ff = new fileFilter(baseName + ".");
-        //There are some difference here. both should work
-        //error,logs,logs/error jdk115
-        //logs/system,., logs/system jdk116
-        //System.out.println(mFile.getName()+","+dirName+","+mFile.getPath()); //log/system,.
-		
+        // There are some difference here. both should work
+        // error,logs,logs/error jdk115
+        // logs/system,., logs/system jdk116
+        // System.out.println(mFile.getName()+","+dirName+","+mFile.getPath());
+        // //log/system,.
+
         String[] filelist = dir.list(ff);
 
         for (int i = 0; i < filelist.length; i++) {
             if (pathName != null) {
                 filelist[i] = pathName + "/" + filelist[i];
-            }else {
+            } else {
                 filelist[i] = dirName + "/" + filelist[i];
             }
         }
@@ -589,7 +587,7 @@ public class RollingLogFile extends LogFile {
 
         v.addElement(PROP_MAX_FILE_SIZE + "=");
         v.addElement(PROP_ROLLOVER_INTERVAL + "=");
-        //v.addElement(PROP_EXPIRATION_TIME + "=");
+        // v.addElement(PROP_EXPIRATION_TIME + "=");
         return v;
     }
 
@@ -609,7 +607,8 @@ public class RollingLogFile extends LogFile {
             else if (mRolloverInterval / 1000 <= 60 * 60 * 24 * 366)
                 v.addElement(PROP_ROLLOVER_INTERVAL + "=" + "Yearly");
 
-            //v.addElement(PROP_EXPIRATION_TIME + "=" + mExpirationTime / 1000);
+            // v.addElement(PROP_EXPIRATION_TIME + "=" + mExpirationTime /
+            // 1000);
         } catch (Exception e) {
         }
         return v;
@@ -627,10 +626,10 @@ public class RollingLogFile extends LogFile {
         info.addElement(PROP_ROLLOVER_INTERVAL + ";choice(Hourly,Daily,Weekly,Monthly,Yearly);The frequency of the log being rotated.");
         info.addElement(PROP_EXPIRATION_TIME + ";integer;The amount of time before a backed up log is removed in seconds");
         info.addElement(IExtendedPluginInfo.HELP_TOKEN +
-            //";configuration-logrules-rollinglogfile");
-            ";configuration-adminbasics");
+                // ";configuration-logrules-rollinglogfile");
+                ";configuration-adminbasics");
         info.addElement(IExtendedPluginInfo.HELP_TEXT +
-            ";Write the log messages to a file which will be rotated automatically.");
+                ";Write the log messages to a file which will be rotated automatically.");
         String[] params = new String[info.size()];
 
         info.copyInto(params);
@@ -639,14 +638,13 @@ public class RollingLogFile extends LogFile {
     }
 }
 
-
 /**
  * A file filter to select the file with a given prefix
  */
 class fileFilter implements FilenameFilter {
     String patternToMatch = null;
 
-    public fileFilter (String pattern) {
+    public fileFilter(String pattern) {
         patternToMatch = pattern;
     }
 
diff --git a/pki/base/common/src/com/netscape/cms/notification/MailNotification.java b/pki/base/common/src/com/netscape/cms/notification/MailNotification.java
index af651584..9d3bd4f0 100644
--- a/pki/base/common/src/com/netscape/cms/notification/MailNotification.java
+++ b/pki/base/common/src/com/netscape/cms/notification/MailNotification.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.notification;
 
-
 import java.io.IOException;
 import java.io.PrintStream;
 import java.util.Vector;
@@ -30,13 +29,11 @@ import com.netscape.certsrv.logging.ILogger;
 import com.netscape.certsrv.notification.ENotificationException;
 import com.netscape.certsrv.notification.IMailNotification;
 
-
 /**
- * This class handles mail notification via SMTP.
- * This class uses <b>smtp.host</b> in the configuration for smtp
- * host.  The port default (25) is used.  If no smtp specified, local
- * host is used
- *
+ * This class handles mail notification via SMTP. This class uses
+ * <b>smtp.host</b> in the configuration for smtp host. The port default (25) is
+ * used. If no smtp specified, local host is used
+ * 
  * @version $Revision$, $Date$
  */
 public class MailNotification implements IMailNotification {
@@ -56,10 +53,10 @@ public class MailNotification implements IMailNotification {
         if (mHost == null) {
             try {
                 IConfigStore mConfig =
-                    CMS.getConfigStore();
+                        CMS.getConfigStore();
 
                 IConfigStore c =
-                    mConfig.getSubStore(PROP_SMTP_SUBSTORE);
+                        mConfig.getSubStore(PROP_SMTP_SUBSTORE);
 
                 if (c == null) {
                     return;
@@ -67,10 +64,10 @@ public class MailNotification implements IMailNotification {
                 mHost = c.getString(PROP_HOST);
 
                 // log it
-                //				if (mHost !=null) {
-                //					String msg =" using external SMTP host: "+mHost;
-                //					CMS.debug("MailNotification: "  + msg);
-                //}
+                // if (mHost !=null) {
+                // String msg =" using external SMTP host: "+mHost;
+                // CMS.debug("MailNotification: " + msg);
+                // }
             } catch (Exception e) {
                 // don't care
             }
@@ -94,7 +91,7 @@ public class MailNotification implements IMailNotification {
         if ((mFrom != null) && (!mFrom.equals("")))
             sc.from(mFrom);
         else {
-            throw new ENotificationException (
+            throw new ENotificationException(
                     CMS.getUserMessage("CMS_NOTIFICATION_NO_SMTP_SENDER"));
         }
 
@@ -103,7 +100,7 @@ public class MailNotification implements IMailNotification {
             log(ILogger.LL_INFO, "mail to be sent to " + mTo);
             sc.to(mTo);
         } else {
-            throw new ENotificationException (
+            throw new ENotificationException(
                     CMS.getUserMessage("CMS_NOTIFICATION_NO_SMTP_RECEIVER"));
         }
 
@@ -129,13 +126,14 @@ public class MailNotification implements IMailNotification {
             sc.closeServer();
         } catch (IOException e) {
             log(ILogger.LL_FAILURE, CMS.getLogMessage("OPERATION_ERROR", e.toString()));
-            throw new ENotificationException (
+            throw new ENotificationException(
                     CMS.getUserMessage("CMS_NOTIFICATION_SMTP_SEND_FAILED", mTo));
         }
     }
 
     /**
      * sets the "From" field
+     * 
      * @param from email address of the sender
      */
     public void setFrom(String from) {
@@ -144,6 +142,7 @@ public class MailNotification implements IMailNotification {
 
     /**
      * sets the "Subject" field
+     * 
      * @param subject subject of the email
      */
     public void setSubject(String subject) {
@@ -152,6 +151,7 @@ public class MailNotification implements IMailNotification {
 
     /**
      * sets the "Content-Type" field
+     * 
      * @param contentType content type of the email
      */
     public void setContentType(String contentType) {
@@ -160,6 +160,7 @@ public class MailNotification implements IMailNotification {
 
     /**
      * sets the content of the email
+     * 
      * @param content the message content
      */
     public void setContent(String content) {
@@ -168,6 +169,7 @@ public class MailNotification implements IMailNotification {
 
     /**
      * sets the recipients' email addresses
+     * 
      * @param addresses a list of email addresses of the recipients
      */
     public void setTo(Vector<String> addresses) {
@@ -177,6 +179,7 @@ public class MailNotification implements IMailNotification {
 
     /**
      * sets the recipient's email address
+     * 
      * @param to address of the recipient email address
      */
     public void setTo(String to) {
@@ -187,7 +190,7 @@ public class MailNotification implements IMailNotification {
         if (mLogger == null)
             return;
         mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_OTHER,
-            level, "MailNotification: " + msg);
+                level, "MailNotification: " + msg);
     }
 
 }
diff --git a/pki/base/common/src/com/netscape/cms/ocsp/DefStore.java b/pki/base/common/src/com/netscape/cms/ocsp/DefStore.java
index 0468e13f..dfe5eb53 100644
--- a/pki/base/common/src/com/netscape/cms/ocsp/DefStore.java
+++ b/pki/base/common/src/com/netscape/cms/ocsp/DefStore.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.ocsp;
 
-
 import java.math.BigInteger;
 import java.security.MessageDigest;
 import java.security.cert.X509CRL;
@@ -75,33 +74,32 @@ import com.netscape.cmsutil.ocsp.SingleResponse;
 import com.netscape.cmsutil.ocsp.TBSRequest;
 import com.netscape.cmsutil.ocsp.UnknownInfo;
 
-
 /**
- * This is the default OCSP store that stores revocation information
- * as certificate record (CMS internal data structure).
- *
+ * This is the default OCSP store that stores revocation information as
+ * certificate record (CMS internal data structure).
+ * 
  * @version $Revision$, $Date$
  */
 public class DefStore implements IDefStore, IExtendedPluginInfo {
 
     // refreshInSec is useful in the master-clone situation.
-    // clone does not know that the CRL has been updated in 
+    // clone does not know that the CRL has been updated in
     // the master (by default no refresh)
     private static final String PROP_USE_CACHE = "useCache";
 
     private static final String PROP_REFRESH_IN_SEC = "refreshInSec";
-    private static final int DEF_REFRESH_IN_SEC = 0; 
+    private static final int DEF_REFRESH_IN_SEC = 0;
 
     public static final BigInteger BIG_ZERO = new BigInteger("0");
     public static final Long MINUS_ONE = Long.valueOf(-1);
 
-    private final static String PROP_BY_NAME = 
-        "byName";
-    private final static String PROP_WAIT_ON_CRL_UPDATE = 
-        "waitOnCRLUpdate";
+    private final static String PROP_BY_NAME =
+            "byName";
+    private final static String PROP_WAIT_ON_CRL_UPDATE =
+            "waitOnCRLUpdate";
     private final static String PROP_NOT_FOUND_GOOD = "notFoundAsGood";
     private final static String PROP_INCLUDE_NEXT_UPDATE =
-        "includeNextUpdate";
+            "includeNextUpdate";
 
     protected Hashtable<String, Long> mReqCounts = new Hashtable<String, Long>();
     protected boolean mNotFoundGood = true;
@@ -123,19 +121,19 @@ public class DefStore implements IDefStore, IExtendedPluginInfo {
     public DefStore() {
     }
 
-    public String[] getExtendedPluginInfo(Locale locale) { 
-        Vector<String> v = new Vector<String>(); 
+    public String[] getExtendedPluginInfo(Locale locale) {
+        Vector<String> v = new Vector<String>();
 
         v.addElement(PROP_NOT_FOUND_GOOD + ";boolean; " + CMS.getUserMessage(locale, "CMS_OCSP_DEFSTORE_PROP_NOT_FOUND_GOOD"));
         v.addElement(PROP_BY_NAME + ";boolean; " + CMS.getUserMessage(locale, "CMS_OCSP_DEFSTORE_PROP_BY_NAME"));
         v.addElement(PROP_INCLUDE_NEXT_UPDATE + ";boolean; " + CMS.getUserMessage(locale, "CMS_OCSP_DEFSTORE_PROP_INCLUDE_NEXT_UPDATE"));
         v.addElement(IExtendedPluginInfo.HELP_TEXT + "; " + CMS.getUserMessage(locale, "CMS_OCSP_DEFSTORE_DESC"));
-        v.addElement(IExtendedPluginInfo.HELP_TOKEN + ";configuration-ocspstores-defstore"); 
+        v.addElement(IExtendedPluginInfo.HELP_TOKEN + ";configuration-ocspstores-defstore");
         return com.netscape.cmsutil.util.Utils.getStringArrayFromVector(v);
     }
 
-    public void init(ISubsystem owner, IConfigStore config) 	
-        throws EBaseException {
+    public void init(ISubsystem owner, IConfigStore config)
+            throws EBaseException {
         mOCSPAuthority = (IOCSPAuthority) owner;
         mConfig = config;
 
@@ -170,8 +168,7 @@ public class DefStore implements IDefStore, IExtendedPluginInfo {
         initWebGateway();
 
         /**
-         DeleteOldCRLsThread t = new DeleteOldCRLsThread(this);
-         t.start();
+         * DeleteOldCRLsThread t = new DeleteOldCRLsThread(this); t.start();
          **/
         // deleteOldCRLs();
     }
@@ -180,7 +177,7 @@ public class DefStore implements IDefStore, IExtendedPluginInfo {
      * init web gateway - just gets the ee gateway for this CA.
      */
     private void initWebGateway()
-        throws EBaseException {
+            throws EBaseException {
     }
 
     public IRepositoryRecord createRepositoryRecord() {
@@ -222,20 +219,20 @@ public class DefStore implements IDefStore, IExtendedPluginInfo {
     }
 
     /**
-     * This store will not delete the old CRL until the 
-     * new one is totally committed.
+     * This store will not delete the old CRL until the new one is totally
+     * committed.
      */
     public void deleteOldCRLs() throws EBaseException {
         Enumeration<ICRLIssuingPointRecord> recs = searchCRLIssuingPointRecord(
                 "objectclass=" +
-                CMS.getCRLIssuingPointRecordName(),
+                        CMS.getCRLIssuingPointRecordName(),
                 100);
         X509CertImpl theCert = null;
         ICRLIssuingPointRecord theRec = null;
 
         while (recs.hasMoreElements()) {
-            ICRLIssuingPointRecord rec = 
-                recs.nextElement();
+            ICRLIssuingPointRecord rec =
+                    recs.nextElement();
 
             deleteOldCRLsInCA(rec.getId());
         }
@@ -246,7 +243,7 @@ public class DefStore implements IDefStore, IExtendedPluginInfo {
 
         try {
             ICRLIssuingPointRecord cp = (ICRLIssuingPointRecord)
-                readCRLIssuingPoint(caName);
+                    readCRLIssuingPoint(caName);
 
             if (cp == null)
                 return; // nothing to do
@@ -257,34 +254,35 @@ public class DefStore implements IDefStore, IExtendedPluginInfo {
             Enumeration<IRepositoryRecord> e = searchRepository(
                     caName,
                     "(!" + IRepositoryRecord.ATTR_SERIALNO + "=" +
-                    thisUpdate + ")");
+                            thisUpdate + ")");
 
             while (e != null && e.hasMoreElements()) {
                 IRepositoryRecord r = e.nextElement();
-                Enumeration<ICertRecord> recs = 
-                    searchCertRecord(caName,
-                        r.getSerialNumber().toString(),
-                        ICertRecord.ATTR_ID + "=*");
-
-                log(ILogger.LL_INFO, "remove CRL 0x" + 
-                    r.getSerialNumber().toString(16) + 
-                    " of " + caName);
-                String rep_dn = "ou=" + 
-                    r.getSerialNumber().toString() +
-                    ",cn=" + transformDN(caName) + "," + 
-                    getBaseDN();
+                Enumeration<ICertRecord> recs =
+                        searchCertRecord(caName,
+                                r.getSerialNumber().toString(),
+                                ICertRecord.ATTR_ID + "=*");
+
+                log(ILogger.LL_INFO, "remove CRL 0x" +
+                        r.getSerialNumber().toString(16) +
+                        " of " + caName);
+                String rep_dn = "ou=" +
+                        r.getSerialNumber().toString() +
+                        ",cn=" + transformDN(caName) + "," +
+                        getBaseDN();
 
                 while (recs != null && recs.hasMoreElements()) {
-                    ICertRecord rec =  recs.nextElement();
-                    String cert_dn = "cn=" + 
-                        rec.getSerialNumber().toString() + "," + rep_dn;
+                    ICertRecord rec = recs.nextElement();
+                    String cert_dn = "cn=" +
+                            rec.getSerialNumber().toString() + "," + rep_dn;
 
                     s.delete(cert_dn);
                 }
                 s.delete(rep_dn);
             }
         } finally {
-            if (s != null) s.close();
+            if (s != null)
+                s.close();
         }
     }
 
@@ -297,12 +295,12 @@ public class DefStore implements IDefStore, IExtendedPluginInfo {
     }
 
     public void startup() throws EBaseException {
-        int refresh = mConfig.getInteger(PROP_REFRESH_IN_SEC, 
-           DEF_REFRESH_IN_SEC);
+        int refresh = mConfig.getInteger(PROP_REFRESH_IN_SEC,
+                DEF_REFRESH_IN_SEC);
         if (refresh > 0) {
-          DefStoreCRLUpdater updater = 
-            new DefStoreCRLUpdater(mCacheCRLIssuingPoints, refresh);
-          updater.start();
+            DefStoreCRLUpdater updater =
+                    new DefStoreCRLUpdater(mCacheCRLIssuingPoints, refresh);
+            updater.start();
         }
     }
 
@@ -324,10 +322,10 @@ public class DefStore implements IDefStore, IExtendedPluginInfo {
     /**
      * Validate an OCSP request.
      */
-    public OCSPResponse validate(OCSPRequest request) 
-        throws EBaseException {	
+    public OCSPResponse validate(OCSPRequest request)
+            throws EBaseException {
 
-        IStatsSubsystem statsSub = (IStatsSubsystem)CMS.getSubsystem("stats");
+        IStatsSubsystem statsSub = (IStatsSubsystem) CMS.getSubsystem("stats");
 
         mOCSPAuthority.incNumOCSPRequest(1);
         long startTime = CMS.getCurrentDate().getTime();
@@ -336,16 +334,16 @@ public class DefStore implements IDefStore, IExtendedPluginInfo {
             TBSRequest tbsReq = request.getTBSRequest();
 
             // (3) look into database to check the
-            //     certificate's status
+            // certificate's status
             Vector<SingleResponse> singleResponses = new Vector<SingleResponse>();
             if (statsSub != null) {
-              statsSub.startTiming("lookup");
+                statsSub.startTiming("lookup");
             }
 
             long lookupStartTime = CMS.getCurrentDate().getTime();
             for (int i = 0; i < tbsReq.getRequestCount(); i++) {
                 com.netscape.cmsutil.ocsp.Request req =
-                    tbsReq.getRequestAt(i);
+                        tbsReq.getRequestAt(i);
                 CertID cid = req.getCertID();
                 SingleResponse sr = processRequest(cid);
 
@@ -353,17 +351,17 @@ public class DefStore implements IDefStore, IExtendedPluginInfo {
             }
             long lookupEndTime = CMS.getCurrentDate().getTime();
             if (statsSub != null) {
-              statsSub.endTiming("lookup");
+                statsSub.endTiming("lookup");
             }
             mOCSPAuthority.incLookupTime(lookupEndTime - lookupStartTime);
 
-            if (singleResponses.size() <= 0) { 
+            if (singleResponses.size() <= 0) {
                 CMS.debug("DefStore: No Request Found");
                 log(ILogger.LL_FAILURE, CMS.getLogMessage("OCSP_REQUEST_FAILURE", "No Request Found"));
                 return null;
             }
             if (statsSub != null) {
-              statsSub.startTiming("build_response");
+                statsSub.startTiming("build_response");
             }
             SingleResponse res[] = new SingleResponse[singleResponses.size()];
 
@@ -391,24 +389,24 @@ public class DefStore implements IDefStore, IExtendedPluginInfo {
             ResponseData rd = new ResponseData(rid,
                     new GeneralizedTime(CMS.getCurrentDate()), res, nonce);
             if (statsSub != null) {
-              statsSub.endTiming("build_response");
+                statsSub.endTiming("build_response");
             }
 
             if (statsSub != null) {
-              statsSub.startTiming("signing");
+                statsSub.startTiming("signing");
             }
             long signStartTime = CMS.getCurrentDate().getTime();
             BasicOCSPResponse basicRes = mOCSPAuthority.sign(rd);
             long signEndTime = CMS.getCurrentDate().getTime();
             if (statsSub != null) {
-              statsSub.endTiming("signing");
+                statsSub.endTiming("signing");
             }
             mOCSPAuthority.incSignTime(signEndTime - signStartTime);
 
             OCSPResponse response = new OCSPResponse(
                     OCSPResponseStatus.SUCCESSFUL,
                     new ResponseBytes(ResponseBytes.OCSP_BASIC,
-                        new OCTET_STRING(ASN1Util.encode(basicRes))));
+                            new OCTET_STRING(ASN1Util.encode(basicRes))));
 
             log(ILogger.LL_INFO, "done OCSP request");
             long endTime = CMS.getCurrentDate().getTime();
@@ -435,17 +433,17 @@ public class DefStore implements IDefStore, IExtendedPluginInfo {
             ICRLIssuingPointRecord theRec = null;
             byte keyhsh[] = cid.getIssuerKeyHash().toByteArray();
             CRLIPContainer matched = (CRLIPContainer)
-                mCacheCRLIssuingPoints.get(new String(keyhsh));
+                    mCacheCRLIssuingPoints.get(new String(keyhsh));
 
             if (matched == null) {
                 Enumeration<ICRLIssuingPointRecord> recs = searchCRLIssuingPointRecord(
                         "objectclass=" +
-                        CMS.getCRLIssuingPointRecordName(),
+                                CMS.getCRLIssuingPointRecordName(),
                         100);
 
                 while (recs.hasMoreElements()) {
                     ICRLIssuingPointRecord rec = (ICRLIssuingPointRecord)
-                        recs.nextElement();
+                            recs.nextElement();
                     byte certdata[] = rec.getCACert();
                     X509CertImpl cert = null;
 
@@ -468,15 +466,15 @@ public class DefStore implements IDefStore, IExtendedPluginInfo {
                         byte crldata[] = rec.getCRL();
 
                         if (rec.getCRLCache() == null) {
-                          CMS.debug("DefStore: start building x509 crl impl");
-                          try {
-                            theCRL = new X509CRLImpl(crldata);
-                          } catch (Exception e) {
-                            log(ILogger.LL_FAILURE, CMS.getLogMessage("OCSP_DECODE_CRL", e.toString()));
-                          }
-                          CMS.debug("DefStore: done building x509 crl impl");
+                            CMS.debug("DefStore: start building x509 crl impl");
+                            try {
+                                theCRL = new X509CRLImpl(crldata);
+                            } catch (Exception e) {
+                                log(ILogger.LL_FAILURE, CMS.getLogMessage("OCSP_DECODE_CRL", e.toString()));
+                            }
+                            CMS.debug("DefStore: done building x509 crl impl");
                         } else {
-                          CMS.debug("DefStore: using crl cache");
+                            CMS.debug("DefStore: using crl cache");
                         }
                         mCacheCRLIssuingPoints.put(new String(digest), new CRLIPContainer(theRec, theCert, theCRL));
                         break;
@@ -524,25 +522,25 @@ public class DefStore implements IDefStore, IExtendedPluginInfo {
                         CMS.debug("DefStore: evaluating crl cache");
                         Hashtable<BigInteger, RevokedCertificate> cache = theRec.getCRLCacheNoClone();
                         if (cache != null) {
-                             RevokedCertificate rc = (RevokedCertificate)
-                                  cache.get(new BigInteger(serialNo.toString()));
-                             if (rc == null) { 
-                                if (isNotFoundGood()) { 
-                                   certStatus = new GoodInfo(); 
-                                } else { 
-                                   certStatus = new UnknownInfo(); 
+                            RevokedCertificate rc = (RevokedCertificate)
+                                    cache.get(new BigInteger(serialNo.toString()));
+                            if (rc == null) {
+                                if (isNotFoundGood()) {
+                                    certStatus = new GoodInfo();
+                                } else {
+                                    certStatus = new UnknownInfo();
                                 }
-                             } else {
-           
+                            } else {
+
                                 certStatus = new RevokedInfo(
-                                     new GeneralizedTime(
-                                        rc.getRevocationDate()));
-                             }
+                                        new GeneralizedTime(
+                                                rc.getRevocationDate()));
+                            }
                         }
                     }
-                     
+
                 } else {
-                        CMS.debug("DefStore: evaluating x509 crl impl");
+                    CMS.debug("DefStore: evaluating x509 crl impl");
                     X509CRLEntry crlentry = theCRL.getRevokedCertificate(new BigInteger(serialNo.toString()));
 
                     if (crlentry == null) {
@@ -555,7 +553,7 @@ public class DefStore implements IDefStore, IExtendedPluginInfo {
                     } else {
                         certStatus = new RevokedInfo(new GeneralizedTime(
                                         crlentry.getRevocationDate()));
-               
+
                     }
                 }
                 return new SingleResponse(cid, certStatus, thisUpdate,
@@ -580,17 +578,17 @@ public class DefStore implements IDefStore, IExtendedPluginInfo {
         return mDBService.getBaseDN();
     }
 
-    public Enumeration<ICRLIssuingPointRecord > searchAllCRLIssuingPointRecord(int maxSize)
-        throws EBaseException {
+    public Enumeration<ICRLIssuingPointRecord> searchAllCRLIssuingPointRecord(int maxSize)
+            throws EBaseException {
         return searchCRLIssuingPointRecord(
                 "objectclass=" +
-                CMS.getCRLIssuingPointRecordName(),
+                        CMS.getCRLIssuingPointRecordName(),
                 maxSize);
     }
 
     public Enumeration<ICRLIssuingPointRecord> searchCRLIssuingPointRecord(String filter,
-        int maxSize)
-        throws EBaseException {
+            int maxSize)
+            throws EBaseException {
         IDBSSession s = mDBService.createSession();
         Enumeration<ICRLIssuingPointRecord> e = null;
 
@@ -604,20 +602,21 @@ public class DefStore implements IDefStore, IExtendedPluginInfo {
     }
 
     public synchronized void modifyCRLIssuingPointRecord(String name,
-        ModificationSet mods) throws EBaseException {
+            ModificationSet mods) throws EBaseException {
         IDBSSession s = mDBService.createSession();
 
         try {
             String dn = "cn=" +
-                transformDN(name) + "," + getBaseDN();
+                    transformDN(name) + "," + getBaseDN();
 
             s.modify(dn, mods);
         } catch (EBaseException e) {
-          CMS.debug("modifyCRLIssuingPointRecord: error=" + e);
-          CMS.debug(e);
-          throw e;
+            CMS.debug("modifyCRLIssuingPointRecord: error=" + e);
+            CMS.debug(e);
+            throw e;
         } finally {
-            if (s != null) s.close();
+            if (s != null)
+                s.close();
         }
     }
 
@@ -625,42 +624,45 @@ public class DefStore implements IDefStore, IExtendedPluginInfo {
      * Returns an issuing point.
      */
     public ICRLIssuingPointRecord readCRLIssuingPoint(String name)
-        throws EBaseException {
+            throws EBaseException {
         IDBSSession s = mDBService.createSession();
         ICRLIssuingPointRecord rec = null;
 
         try {
             String dn = "cn=" +
-                transformDN(name) + "," + getBaseDN();
+                    transformDN(name) + "," + getBaseDN();
 
             if (s != null) {
                 rec = (ICRLIssuingPointRecord) s.read(dn);
             }
         } finally {
-            if (s != null) s.close();
+            if (s != null)
+                s.close();
         }
         return rec;
     }
 
     public ICRLIssuingPointRecord createCRLIssuingPointRecord(
-        String name, BigInteger crlNumber,
-        Long crlSize, Date thisUpdate, Date nextUpdate) {
+            String name, BigInteger crlNumber,
+            Long crlSize, Date thisUpdate, Date nextUpdate) {
         return CMS.createCRLIssuingPointRecord(
                 name, crlNumber, crlSize, thisUpdate, nextUpdate);
     }
 
-     public void deleteCRLIssuingPointRecord(String id)
-        throws EBaseException {
+    public void deleteCRLIssuingPointRecord(String id)
+            throws EBaseException {
 
         IDBSSession s = null;
 
         try {
             s = mDBService.createSession();
-            String name = "cn=" + transformDN(id) + "," + getBaseDN(); 
+            String name = "cn=" + transformDN(id) + "," + getBaseDN();
             CMS.debug("DefStore::deleteCRLIssuingPointRecord: Attempting to delete: " + name);
-            if (s != null) s.delete(name);
+            if (s != null)
+                s.delete(name);
         } finally {
-            if (s != null) s.close();
+            if (s != null)
+                s.close();
         }
     }
 
@@ -668,12 +670,12 @@ public class DefStore implements IDefStore, IExtendedPluginInfo {
      * Creates a new issuing point in OCSP.
      */
     public void addCRLIssuingPoint(String name, ICRLIssuingPointRecord rec)
-        throws EBaseException {
+            throws EBaseException {
         IDBSSession s = mDBService.createSession();
 
         try {
             String dn = "cn=" +
-                transformDN(name) + "," + getBaseDN();
+                    transformDN(name) + "," + getBaseDN();
 
             s.add(dn, (ICRLIssuingPointRecord) rec);
         } finally {
@@ -683,7 +685,7 @@ public class DefStore implements IDefStore, IExtendedPluginInfo {
     }
 
     public Enumeration<IRepositoryRecord> searchRepository(String name, String filter)
-        throws EBaseException {
+            throws EBaseException {
         IDBSSession s = mDBService.createSession();
         Enumeration<IRepositoryRecord> e = null;
 
@@ -701,13 +703,13 @@ public class DefStore implements IDefStore, IExtendedPluginInfo {
      * Creates a new issuing point in OCSP.
      */
     public void addRepository(String name, String thisUpdate,
-        IRepositoryRecord rec)
-        throws EBaseException {
+            IRepositoryRecord rec)
+            throws EBaseException {
         IDBSSession s = mDBService.createSession();
 
         try {
             String dn = "ou=" + thisUpdate + ",cn=" +
-                transformDN(name) + "," + getBaseDN();
+                    transformDN(name) + "," + getBaseDN();
 
             s.add(dn, rec);
         } finally {
@@ -717,22 +719,24 @@ public class DefStore implements IDefStore, IExtendedPluginInfo {
     }
 
     public void modifyCertRecord(String name, String thisUpdate,
-        String sno,
-        ModificationSet mods) throws EBaseException {
+            String sno,
+            ModificationSet mods) throws EBaseException {
         IDBSSession s = mDBService.createSession();
 
         try {
             String dn = "cn=" + sno + ",ou=" + thisUpdate +
-                ",cn=" + transformDN(name) + "," + getBaseDN();
+                    ",cn=" + transformDN(name) + "," + getBaseDN();
 
-            if (s != null) s.modify(dn, mods);
+            if (s != null)
+                s.modify(dn, mods);
         } finally {
-            if (s != null) s.close();
+            if (s != null)
+                s.close();
         }
     }
 
     public Enumeration<ICertRecord> searchCertRecord(String name, String thisUpdate,
-        String filter) throws EBaseException {
+            String filter) throws EBaseException {
         IDBSSession s = mDBService.createSession();
         Enumeration<ICertRecord> e = null;
 
@@ -748,20 +752,21 @@ public class DefStore implements IDefStore, IExtendedPluginInfo {
     }
 
     public ICertRecord readCertRecord(String name, String thisUpdate,
-        String sno)
-        throws EBaseException {
+            String sno)
+            throws EBaseException {
         IDBSSession s = mDBService.createSession();
         ICertRecord rec = null;
 
         try {
             String dn = "cn=" + sno + ",ou=" + thisUpdate +
-                ",cn=" + transformDN(name) + "," + getBaseDN();
+                    ",cn=" + transformDN(name) + "," + getBaseDN();
 
             if (s != null) {
                 rec = (ICertRecord) s.read(dn);
             }
         } finally {
-            if (s != null) s.close();
+            if (s != null)
+                s.close();
         }
         return rec;
     }
@@ -770,13 +775,13 @@ public class DefStore implements IDefStore, IExtendedPluginInfo {
      * Creates a new issuing point in OCSP.
      */
     public void addCertRecord(String name, String thisUpdate,
-        String sno, ICertRecord rec)
-        throws EBaseException {
+            String sno, ICertRecord rec)
+            throws EBaseException {
         IDBSSession s = mDBService.createSession();
 
         try {
             String dn = "cn=" + sno + ",ou=" + thisUpdate +
-                ",cn=" + transformDN(name) + "," + getBaseDN();
+                    ",cn=" + transformDN(name) + "," + getBaseDN();
 
             s.add(dn, rec);
         } finally {
@@ -785,26 +790,26 @@ public class DefStore implements IDefStore, IExtendedPluginInfo {
         }
     }
 
-    public NameValuePairs getConfigParameters() { 
+    public NameValuePairs getConfigParameters() {
         try {
-            NameValuePairs params = new NameValuePairs(); 
+            NameValuePairs params = new NameValuePairs();
 
             params.add(Constants.PR_OCSPSTORE_IMPL_NAME,
-                mConfig.getString("class"));
-            params.add(PROP_NOT_FOUND_GOOD, 
-                mConfig.getString(PROP_NOT_FOUND_GOOD, "true"));
-            params.add(PROP_BY_NAME, 
-                mConfig.getString(PROP_BY_NAME, "true"));
-            params.add(PROP_INCLUDE_NEXT_UPDATE, 
-                mConfig.getString(PROP_INCLUDE_NEXT_UPDATE, "false"));
-            return params; 
+                    mConfig.getString("class"));
+            params.add(PROP_NOT_FOUND_GOOD,
+                    mConfig.getString(PROP_NOT_FOUND_GOOD, "true"));
+            params.add(PROP_BY_NAME,
+                    mConfig.getString(PROP_BY_NAME, "true"));
+            params.add(PROP_INCLUDE_NEXT_UPDATE,
+                    mConfig.getString(PROP_INCLUDE_NEXT_UPDATE, "false"));
+            return params;
         } catch (Exception e) {
             return null;
         }
     }
 
-    public void setConfigParameters(NameValuePairs pairs) 
-        throws EBaseException { 
+    public void setConfigParameters(NameValuePairs pairs)
+            throws EBaseException {
         Enumeration<String> k = pairs.getNames();
 
         while (k.hasMoreElements()) {
@@ -821,8 +826,8 @@ public class DefStore implements IDefStore, IExtendedPluginInfo {
             CMS.debug("DefStore: Ready to update Issuer");
 
             try {
-              if (!((X509CRLImpl)crl).areEntriesIncluded())
-                crl = new X509CRLImpl(((X509CRLImpl)crl).getEncoded());
+                if (!((X509CRLImpl) crl).areEntriesIncluded())
+                    crl = new X509CRLImpl(((X509CRLImpl) crl).getEncoded());
             } catch (Exception e) {
                 CMS.debug(e);
             }
@@ -832,51 +837,51 @@ public class DefStore implements IDefStore, IExtendedPluginInfo {
 
             if (crl.getThisUpdate() != null)
                 mods.add(ICRLIssuingPointRecord.ATTR_THIS_UPDATE,
-                    Modification.MOD_REPLACE, crl.getThisUpdate());
+                        Modification.MOD_REPLACE, crl.getThisUpdate());
             if (crl.getNextUpdate() != null)
                 mods.add(ICRLIssuingPointRecord.ATTR_NEXT_UPDATE,
-                    Modification.MOD_REPLACE, crl.getNextUpdate());
+                        Modification.MOD_REPLACE, crl.getNextUpdate());
             if (mUseCache) {
-              if (((X509CRLImpl)crl).getListOfRevokedCertificates() != null) {
-                 mods.add(ICRLIssuingPointRecord.ATTR_CRL_CACHE,
-                    Modification.MOD_REPLACE, 
-                    ((X509CRLImpl)crl).getListOfRevokedCertificates());
-              }
+                if (((X509CRLImpl) crl).getListOfRevokedCertificates() != null) {
+                    mods.add(ICRLIssuingPointRecord.ATTR_CRL_CACHE,
+                            Modification.MOD_REPLACE,
+                            ((X509CRLImpl) crl).getListOfRevokedCertificates());
+                }
             }
             if (((X509CRLImpl) crl).getNumberOfRevokedCertificates() < 0) {
                 mods.add(ICRLIssuingPointRecord.ATTR_CRL_SIZE,
-                    Modification.MOD_REPLACE, Long.valueOf(0));
+                        Modification.MOD_REPLACE, Long.valueOf(0));
             } else {
                 mods.add(ICRLIssuingPointRecord.ATTR_CRL_SIZE,
-                    Modification.MOD_REPLACE, Long.valueOf(((X509CRLImpl) crl).getNumberOfRevokedCertificates()));
+                        Modification.MOD_REPLACE, Long.valueOf(((X509CRLImpl) crl).getNumberOfRevokedCertificates()));
             }
-            BigInteger crlNumber = ((X509CRLImpl)crl).getCRLNumber();
+            BigInteger crlNumber = ((X509CRLImpl) crl).getCRLNumber();
             if (crlNumber == null) {
                 mods.add(ICRLIssuingPointRecord.ATTR_CRL_NUMBER,
-                    Modification.MOD_REPLACE, new BigInteger("-1"));
+                        Modification.MOD_REPLACE, new BigInteger("-1"));
             } else {
                 mods.add(ICRLIssuingPointRecord.ATTR_CRL_NUMBER,
-                    Modification.MOD_REPLACE, crlNumber);
+                        Modification.MOD_REPLACE, crlNumber);
             }
             try {
                 mods.add(ICRLIssuingPointRecord.ATTR_CRL,
-                    Modification.MOD_REPLACE, crl.getEncoded());
+                        Modification.MOD_REPLACE, crl.getEncoded());
             } catch (Exception e) {
                 // ignore
             }
-            CMS.debug("DefStore: ready to CRL update " + 
-                crl.getIssuerDN().getName());
+            CMS.debug("DefStore: ready to CRL update " +
+                    crl.getIssuerDN().getName());
             modifyCRLIssuingPointRecord(
-                crl.getIssuerDN().getName(), mods);
-            CMS.debug("DefStore: done CRL update " + 
-                crl.getIssuerDN().getName());
+                    crl.getIssuerDN().getName(), mods);
+            CMS.debug("DefStore: done CRL update " +
+                    crl.getIssuerDN().getName());
 
             // update cache
             mCacheCRLIssuingPoints.clear();
 
-            log(ILogger.LL_INFO, "AddCRLServlet: Finish Committing CRL." + 
-                " thisUpdate=" + crl.getThisUpdate() + 
-                " nextUpdate=" + crl.getNextUpdate());
+            log(ILogger.LL_INFO, "AddCRLServlet: Finish Committing CRL." +
+                    " thisUpdate=" + crl.getThisUpdate() +
+                    " nextUpdate=" + crl.getNextUpdate());
 
         } finally {
             mStateCount--;
@@ -889,7 +894,6 @@ public class DefStore implements IDefStore, IExtendedPluginInfo {
 
 }
 
-
 class DeleteOldCRLsThread extends Thread {
     private DefStore mDefStore = null;
 
@@ -905,7 +909,6 @@ class DeleteOldCRLsThread extends Thread {
     }
 }
 
-
 class CRLIPContainer {
     private ICRLIssuingPointRecord mRec = null;
     private X509CertImpl mCert = null;
diff --git a/pki/base/common/src/com/netscape/cms/ocsp/LDAPStore.java b/pki/base/common/src/com/netscape/cms/ocsp/LDAPStore.java
index 5e4e6566..2f18d6ab 100644
--- a/pki/base/common/src/com/netscape/cms/ocsp/LDAPStore.java
+++ b/pki/base/common/src/com/netscape/cms/ocsp/LDAPStore.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.ocsp;
 
-
 import java.math.BigInteger;
 import java.security.MessageDigest;
 import java.security.cert.X509CRL;
@@ -71,11 +70,10 @@ import com.netscape.cmsutil.ocsp.SingleResponse;
 import com.netscape.cmsutil.ocsp.TBSRequest;
 import com.netscape.cmsutil.ocsp.UnknownInfo;
 
-
 /**
- * This is the LDAP OCSP store. It reads CA certificate and
- * revocation list attributes from the CA entry.
- *
+ * This is the LDAP OCSP store. It reads CA certificate and revocation list
+ * attributes from the CA entry.
+ * 
  * @version $Revision$, $Date$
  */
 public class LDAPStore implements IDefStore, IExtendedPluginInfo {
@@ -93,8 +91,8 @@ public class LDAPStore implements IDefStore, IExtendedPluginInfo {
     private static final String PROP_PORT = "port";
 
     private final static String PROP_NOT_FOUND_GOOD = "notFoundAsGood";
-    private final static String PROP_INCLUDE_NEXT_UPDATE = 
-        "includeNextUpdate";
+    private final static String PROP_INCLUDE_NEXT_UPDATE =
+            "includeNextUpdate";
 
     private IOCSPAuthority mOCSPAuthority = null;
     private IConfigStore mConfig = null;
@@ -111,8 +109,8 @@ public class LDAPStore implements IDefStore, IExtendedPluginInfo {
     public LDAPStore() {
     }
 
-    public String[] getExtendedPluginInfo(Locale locale) { 
-        Vector v = new Vector(); 
+    public String[] getExtendedPluginInfo(Locale locale) {
+        Vector v = new Vector();
 
         v.addElement(PROP_NOT_FOUND_GOOD + ";boolean; " + CMS.getUserMessage(locale, "CMS_OCSP_LDAPSTORE_PROP_NOT_FOUND_GOOD"));
         v.addElement(PROP_INCLUDE_NEXT_UPDATE + ";boolean; " + CMS.getUserMessage(locale, "CMS_OCSP_LDAPSTORE_PROP_INCLUDE_NEXT_UPDATE"));
@@ -121,33 +119,33 @@ public class LDAPStore implements IDefStore, IExtendedPluginInfo {
         v.addElement(PROP_CRL_ATTR + ";string; " + CMS.getUserMessage(locale, "CMS_OCSP_LDAPSTORE_PROP_CRL_ATTR"));
         v.addElement(PROP_CA_CERT_ATTR + ";string; " + CMS.getUserMessage(locale, "CMS_OCSP_LDAPSTORE_PROP_CA_CERT_ATTR"));
         v.addElement(IExtendedPluginInfo.HELP_TEXT + "; " + CMS.getUserMessage(locale, "CMS_OCSP_LDAPSTORE_DESC"));
-        v.addElement(IExtendedPluginInfo.HELP_TOKEN + ";configuration-ocspstores-ldapstore"); 
-        return com.netscape.cmsutil.util.Utils.getStringArrayFromVector(v); 
+        v.addElement(IExtendedPluginInfo.HELP_TOKEN + ";configuration-ocspstores-ldapstore");
+        return com.netscape.cmsutil.util.Utils.getStringArrayFromVector(v);
     }
 
     /**
      * Fetch CA certificate and CRL from LDAP server.
      */
-    public void init(ISubsystem owner, IConfigStore config) 	
-        throws EBaseException {
+    public void init(ISubsystem owner, IConfigStore config)
+            throws EBaseException {
         mOCSPAuthority = (IOCSPAuthority) owner;
         mConfig = config;
 
         mCRLAttr = mConfig.getString(PROP_CRL_ATTR, DEF_CRL_ATTR);
-        mCACertAttr = mConfig.getString(PROP_CA_CERT_ATTR, 
+        mCACertAttr = mConfig.getString(PROP_CA_CERT_ATTR,
                     DEF_CA_CERT_ATTR);
         mByName = mConfig.getBoolean(PROP_BY_NAME, true);
-		
+
     }
 
     /**
      * Locates the CA certificate.
      */
-    public X509CertImpl locateCACert(LDAPConnection conn, String baseDN) 
-        throws EBaseException {
+    public X509CertImpl locateCACert(LDAPConnection conn, String baseDN)
+            throws EBaseException {
         try {
-            LDAPSearchResults results = conn.search(baseDN, 
-                    LDAPv2.SCOPE_SUB, mCACertAttr + "=*", 
+            LDAPSearchResults results = conn.search(baseDN,
+                    LDAPv2.SCOPE_SUB, mCACertAttr + "=*",
                     null, false);
 
             if (!results.hasMoreElements()) {
@@ -166,8 +164,8 @@ public class LDAPStore implements IDefStore, IExtendedPluginInfo {
             return caCert;
         } catch (Exception e) {
             CMS.debug("LDAPStore: locateCACert " + e.toString());
-            log(ILogger.LL_FAILURE, 
-                CMS.getLogMessage("OCSP_LOCATE_CA", e.toString()));
+            log(ILogger.LL_FAILURE,
+                    CMS.getLogMessage("OCSP_LOCATE_CA", e.toString()));
         }
         return null;
     }
@@ -175,11 +173,11 @@ public class LDAPStore implements IDefStore, IExtendedPluginInfo {
     /**
      * Locates the CRL.
      */
-    public X509CRLImpl locateCRL(LDAPConnection conn, String baseDN) 
-        throws EBaseException {
+    public X509CRLImpl locateCRL(LDAPConnection conn, String baseDN)
+            throws EBaseException {
         try {
-            LDAPSearchResults results = conn.search(baseDN, 
-                    LDAPv2.SCOPE_SUB, mCRLAttr + "=*", 
+            LDAPSearchResults results = conn.search(baseDN,
+                    LDAPv2.SCOPE_SUB, mCRLAttr + "=*",
                     null, false);
 
             if (!results.hasMoreElements()) {
@@ -198,21 +196,20 @@ public class LDAPStore implements IDefStore, IExtendedPluginInfo {
             return crl;
         } catch (Exception e) {
             CMS.debug("LDAPStore: locateCRL " + e.toString());
-            log(ILogger.LL_FAILURE, 
-                CMS.getLogMessage("OCSP_LOCATE_CRL", e.toString()));
+            log(ILogger.LL_FAILURE,
+                    CMS.getLogMessage("OCSP_LOCATE_CRL", e.toString()));
         }
         return null;
     }
 
-    public void updateCRLHash(X509CertImpl caCert, X509CRLImpl crl) 
-        throws EBaseException {
+    public void updateCRLHash(X509CertImpl caCert, X509CRLImpl crl)
+            throws EBaseException {
         X509CRLImpl oldCRL = (X509CRLImpl) mCRLs.get(caCert);
 
         if (oldCRL != null) {
-            if (oldCRL.getThisUpdate().getTime() >= 
-                crl.getThisUpdate().getTime()) {
-                log(ILogger.LL_INFO, 
-                    "LDAPStore: no update, received CRL is older than current CRL");
+            if (oldCRL.getThisUpdate().getTime() >= crl.getThisUpdate().getTime()) {
+                log(ILogger.LL_INFO,
+                        "LDAPStore: no update, received CRL is older than current CRL");
                 return; // no update
             }
         }
@@ -240,8 +237,8 @@ public class LDAPStore implements IDefStore, IExtendedPluginInfo {
             String baseDN = mConfig.getString(PROP_BASE_DN + Integer.toString(i), null);
             CRLUpdater updater = new CRLUpdater(
                     this, c, baseDN,
-                    mConfig.getInteger(PROP_REFRESH_IN_SEC + Integer.toString(i), 
-                        DEF_REFRESH_IN_SEC));
+                    mConfig.getInteger(PROP_REFRESH_IN_SEC + Integer.toString(i),
+                            DEF_REFRESH_IN_SEC));
 
             updater.start();
         }
@@ -265,10 +262,10 @@ public class LDAPStore implements IDefStore, IExtendedPluginInfo {
     /**
      * Validate an OCSP request.
      */
-    public OCSPResponse validate(OCSPRequest request) 
-        throws EBaseException {	
+    public OCSPResponse validate(OCSPRequest request)
+            throws EBaseException {
 
-        IStatsSubsystem statsSub = (IStatsSubsystem)CMS.getSubsystem("stats");
+        IStatsSubsystem statsSub = (IStatsSubsystem) CMS.getSubsystem("stats");
 
         mOCSPAuthority.incNumOCSPRequest(1);
         long startTime = CMS.getCurrentDate().getTime();
@@ -279,13 +276,13 @@ public class LDAPStore implements IDefStore, IExtendedPluginInfo {
             Vector singleResponses = new Vector();
 
             if (statsSub != null) {
-              statsSub.startTiming("lookup");
+                statsSub.startTiming("lookup");
             }
 
             long lookupStartTime = CMS.getCurrentDate().getTime();
             for (int i = 0; i < tbsReq.getRequestCount(); i++) {
-                com.netscape.cmsutil.ocsp.Request req = 
-                    tbsReq.getRequestAt(i);
+                com.netscape.cmsutil.ocsp.Request req =
+                        tbsReq.getRequestAt(i);
                 CertID cid = req.getCertID();
                 SingleResponse sr = processRequest(cid);
 
@@ -293,12 +290,12 @@ public class LDAPStore implements IDefStore, IExtendedPluginInfo {
             }
             long lookupEndTime = CMS.getCurrentDate().getTime();
             if (statsSub != null) {
-              statsSub.endTiming("lookup");
+                statsSub.endTiming("lookup");
             }
             mOCSPAuthority.incLookupTime(lookupEndTime - lookupStartTime);
 
             if (statsSub != null) {
-              statsSub.startTiming("build_response");
+                statsSub.startTiming("build_response");
             }
             SingleResponse res[] = new SingleResponse[singleResponses.size()];
 
@@ -323,14 +320,14 @@ public class LDAPStore implements IDefStore, IExtendedPluginInfo {
                 }
             }
 
-            ResponseData rd = new ResponseData(rid, 
+            ResponseData rd = new ResponseData(rid,
                     new GeneralizedTime(CMS.getCurrentDate()), res, nonce);
             if (statsSub != null) {
-              statsSub.endTiming("build_response");
+                statsSub.endTiming("build_response");
             }
 
             if (statsSub != null) {
-              statsSub.startTiming("signing");
+                statsSub.startTiming("signing");
             }
 
             long signStartTime = CMS.getCurrentDate().getTime();
@@ -338,13 +335,13 @@ public class LDAPStore implements IDefStore, IExtendedPluginInfo {
             long signEndTime = CMS.getCurrentDate().getTime();
             mOCSPAuthority.incSignTime(signEndTime - signStartTime);
             if (statsSub != null) {
-              statsSub.endTiming("signing");
+                statsSub.endTiming("signing");
             }
 
             OCSPResponse response = new OCSPResponse(
-                    OCSPResponseStatus.SUCCESSFUL, 
-                    new ResponseBytes(ResponseBytes.OCSP_BASIC, 
-                        new OCTET_STRING(ASN1Util.encode(basicRes))));
+                    OCSPResponseStatus.SUCCESSFUL,
+                    new ResponseBytes(ResponseBytes.OCSP_BASIC,
+                            new OCTET_STRING(ASN1Util.encode(basicRes))));
 
             log(ILogger.LL_INFO, "done OCSP request");
             long endTime = CMS.getCurrentDate().getTime();
@@ -375,8 +372,8 @@ public class LDAPStore implements IDefStore, IExtendedPluginInfo {
     }
 
     public void addRepository(String name, String thisUpdate,
-        IRepositoryRecord rec)
-        throws EBaseException {
+            IRepositoryRecord rec)
+            throws EBaseException {
         throw new EBaseException("NOT SUPPORTED");
     }
 
@@ -389,12 +386,12 @@ public class LDAPStore implements IDefStore, IExtendedPluginInfo {
     }
 
     public ICRLIssuingPointRecord readCRLIssuingPoint(String name)
-        throws EBaseException {
+            throws EBaseException {
         throw new EBaseException("NOT SUPPORTED");
     }
 
     public Enumeration searchAllCRLIssuingPointRecord(int maxSize)
-        throws EBaseException {
+            throws EBaseException {
         Vector recs = new Vector();
         Enumeration keys = mCRLs.keys();
 
@@ -408,25 +405,25 @@ public class LDAPStore implements IDefStore, IExtendedPluginInfo {
     }
 
     public Enumeration searchCRLIssuingPointRecord(String filter,
-        int maxSize)
-        throws EBaseException {
+            int maxSize)
+            throws EBaseException {
         return null;
     }
 
     public ICRLIssuingPointRecord createCRLIssuingPointRecord(
-        String name, BigInteger crlNumber,
-        Long crlSize, Date thisUpdate, Date nextUpdate) {
+            String name, BigInteger crlNumber,
+            Long crlSize, Date thisUpdate, Date nextUpdate) {
         return null;
     }
 
     public void addCRLIssuingPoint(String name, ICRLIssuingPointRecord rec)
-        throws EBaseException {
+            throws EBaseException {
         throw new EBaseException("NOT SUPPORTED");
     }
 
     public void deleteCRLIssuingPointRecord(String id)
-       throws EBaseException  {
-       throw new EBaseException("NOT SUPPORTED");
+            throws EBaseException {
+        throw new EBaseException("NOT SUPPORTED");
     }
 
     public boolean isNotFoundGood() {
@@ -439,7 +436,7 @@ public class LDAPStore implements IDefStore, IExtendedPluginInfo {
 
     public boolean includeNextUpdate() throws EBaseException {
         return mConfig.getBoolean(PROP_INCLUDE_NEXT_UPDATE, false);
-    } 
+    }
 
     public boolean isNotFoundGood1() throws EBaseException {
         return mConfig.getBoolean(PROP_NOT_FOUND_GOOD, true);
@@ -470,7 +467,7 @@ public class LDAPStore implements IDefStore, IExtendedPluginInfo {
             }
             X509Key key = (X509Key) caCert.getPublicKey();
 
-            if( key == null ) {
+            if (key == null) {
                 System.out.println("LDAPStore::processRequest - key is null!");
                 return null;
             }
@@ -508,55 +505,55 @@ public class LDAPStore implements IDefStore, IExtendedPluginInfo {
                 cid.getSerialNumber());
 
         if (entry == null) {
-            if (isNotFoundGood1()) { 
-                certStatus = new GoodInfo(); 
-            } else { 
-                certStatus = new UnknownInfo(); 
+            if (isNotFoundGood1()) {
+                certStatus = new GoodInfo();
+            } else {
+                certStatus = new UnknownInfo();
             }
         } else {
             certStatus = new RevokedInfo(new GeneralizedTime(
                             entry.getRevocationDate()));
         }
-		
+
         return new SingleResponse(cid, certStatus, thisUpdate, nextUpdate);
     }
 
     /**
      * Provides configuration parameters.
      */
-    public NameValuePairs getConfigParameters() { 
+    public NameValuePairs getConfigParameters() {
         try {
-            NameValuePairs params = new NameValuePairs(); 
+            NameValuePairs params = new NameValuePairs();
 
-            params.add(Constants.PR_OCSPSTORE_IMPL_NAME, 
-                mConfig.getString("class"));
+            params.add(Constants.PR_OCSPSTORE_IMPL_NAME,
+                    mConfig.getString("class"));
             int num = mConfig.getInteger(PROP_NUM_CONNS, 0);
 
             params.add(PROP_NUM_CONNS, Integer.toString(num));
             for (int i = 0; i < num; i++) {
-                params.add(PROP_HOST + Integer.toString(i), 
-                    mConfig.getString(PROP_HOST + 
-                        Integer.toString(i), ""));
-                params.add(PROP_PORT + Integer.toString(i), 
-                    mConfig.getString(PROP_PORT + 
-                        Integer.toString(i), "389"));
-                params.add(PROP_BASE_DN + Integer.toString(i), 
-                    mConfig.getString(PROP_BASE_DN + 
-                        Integer.toString(i), ""));
-                params.add(PROP_REFRESH_IN_SEC + Integer.toString(i), 
-                    mConfig.getString(PROP_REFRESH_IN_SEC + 
-                        Integer.toString(i), Integer.toString(DEF_REFRESH_IN_SEC)));
+                params.add(PROP_HOST + Integer.toString(i),
+                        mConfig.getString(PROP_HOST +
+                                Integer.toString(i), ""));
+                params.add(PROP_PORT + Integer.toString(i),
+                        mConfig.getString(PROP_PORT +
+                                Integer.toString(i), "389"));
+                params.add(PROP_BASE_DN + Integer.toString(i),
+                        mConfig.getString(PROP_BASE_DN +
+                                Integer.toString(i), ""));
+                params.add(PROP_REFRESH_IN_SEC + Integer.toString(i),
+                        mConfig.getString(PROP_REFRESH_IN_SEC +
+                                Integer.toString(i), Integer.toString(DEF_REFRESH_IN_SEC)));
             }
-            params.add(PROP_BY_NAME, 
-                mConfig.getString(PROP_BY_NAME, "true"));
-            params.add(PROP_CA_CERT_ATTR, 
-                mConfig.getString(PROP_CA_CERT_ATTR, DEF_CA_CERT_ATTR));
+            params.add(PROP_BY_NAME,
+                    mConfig.getString(PROP_BY_NAME, "true"));
+            params.add(PROP_CA_CERT_ATTR,
+                    mConfig.getString(PROP_CA_CERT_ATTR, DEF_CA_CERT_ATTR));
             params.add(PROP_CRL_ATTR,
-                mConfig.getString(PROP_CRL_ATTR, DEF_CRL_ATTR));
+                    mConfig.getString(PROP_CRL_ATTR, DEF_CRL_ATTR));
             params.add(PROP_NOT_FOUND_GOOD,
-                mConfig.getString(PROP_NOT_FOUND_GOOD, "true"));
+                    mConfig.getString(PROP_NOT_FOUND_GOOD, "true"));
             params.add(PROP_INCLUDE_NEXT_UPDATE,
-                mConfig.getString(PROP_INCLUDE_NEXT_UPDATE, "false"));
+                    mConfig.getString(PROP_INCLUDE_NEXT_UPDATE, "false"));
             return params;
         } catch (Exception e) {
             return null;
@@ -564,7 +561,7 @@ public class LDAPStore implements IDefStore, IExtendedPluginInfo {
     }
 
     public void setConfigParameters(NameValuePairs pairs)
-        throws EBaseException {
+            throws EBaseException {
         Enumeration k = pairs.getNames();
 
         while (k.hasMoreElements()) {
@@ -575,15 +572,14 @@ public class LDAPStore implements IDefStore, IExtendedPluginInfo {
     }
 }
 
-
 class CRLUpdater extends Thread {
     private LDAPConnection mC = null;
     private String mBaseDN = null;
     private int mSec = 0;
     private LDAPStore mStore = null;
 
-    public CRLUpdater(LDAPStore store, LDAPConnection c, 
-        String baseDN, int sec) {
+    public CRLUpdater(LDAPStore store, LDAPConnection c,
+            String baseDN, int sec) {
         mC = c;
         mSec = sec;
         mBaseDN = baseDN;
@@ -608,7 +604,6 @@ class CRLUpdater extends Thread {
     }
 }
 
-
 class TempCRLIssuingPointRecord implements ICRLIssuingPointRecord {
     /**
      *
@@ -739,7 +734,7 @@ class TempCRLIssuingPointRecord implements ICRLIssuingPointRecord {
         return null;
     }
 
-    public void set(String name, Object obj)throws EBaseException {
+    public void set(String name, Object obj) throws EBaseException {
     }
 
     public Object get(String name) throws EBaseException {
@@ -747,7 +742,7 @@ class TempCRLIssuingPointRecord implements ICRLIssuingPointRecord {
     }
 
     public void delete(String name) throws EBaseException {
-	
+
     }
 
     public Enumeration getElements() {
diff --git a/pki/base/common/src/com/netscape/cms/password/PasswordChecker.java b/pki/base/common/src/com/netscape/cms/password/PasswordChecker.java
index 4d59f34e..2bdf4066 100644
--- a/pki/base/common/src/com/netscape/cms/password/PasswordChecker.java
+++ b/pki/base/common/src/com/netscape/cms/password/PasswordChecker.java
@@ -17,17 +17,15 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.password;
 
-
 import com.netscape.certsrv.apps.CMS;
 import com.netscape.certsrv.password.EPasswordCheckException;
 import com.netscape.certsrv.password.IConfigPasswordCheck;
 import com.netscape.certsrv.password.IPasswordCheck;
 
-
 /**
  * This class checks the given password if it meets the specific requirements.
- * For example, it can also specify the format of the password which has to 
- * be 8 characters long and must be in alphanumeric.
+ * For example, it can also specify the format of the password which has to be 8
+ * characters long and must be in alphanumeric.
  * <P>
  * 
  * @version $Revision$, $Date$
@@ -75,9 +73,10 @@ public class PasswordChecker implements IPasswordCheck, IConfigPasswordCheck {
     /**
      * Returns true if the given password meets the quality requirement;
      * otherwise returns false.
+     * 
      * @param mPassword The given password being checked.
      * @return true if the password meets the quality requirement; otherwise
-     * returns false.
+     *         returns false.
      */
     public boolean isGoodPassword(String mPassword) {
         if (mPassword == null || mPassword.length() == 0) {
@@ -96,7 +95,9 @@ public class PasswordChecker implements IPasswordCheck, IConfigPasswordCheck {
 
     /**
      * Returns a reason if the password doesnt meet the quality requirement.
-     * @return string as a reason if the password quality requirement is not met.
+     * 
+     * @return string as a reason if the password quality requirement is not
+     *         met.
      */
     public String getReason(String mPassword) {
         if (mPassword == null || mPassword.length() == 0) {
@@ -113,4 +114,3 @@ public class PasswordChecker implements IPasswordCheck, IConfigPasswordCheck {
         return null;
     }
 }
-
diff --git a/pki/base/common/src/com/netscape/cms/policy/APolicyRule.java b/pki/base/common/src/com/netscape/cms/policy/APolicyRule.java
index d9a527d6..9c050b2b 100644
--- a/pki/base/common/src/com/netscape/cms/policy/APolicyRule.java
+++ b/pki/base/common/src/com/netscape/cms/policy/APolicyRule.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.policy;
 
-
 import java.io.IOException;
 import java.security.InvalidKeyException;
 import java.security.MessageDigest;
@@ -42,16 +41,15 @@ import com.netscape.certsrv.request.AgentApprovals;
 import com.netscape.certsrv.request.IRequest;
 import com.netscape.certsrv.request.PolicyResult;
 
-
 /**
- * The abstract policy rule that concrete implementations will
- * extend.
+ * The abstract policy rule that concrete implementations will extend.
  * <P>
+ * 
  * <PRE>
  * NOTE:  The Policy Framework has been replaced by the Profile Framework.
  * </PRE>
  * <P>
- *
+ * 
  * @deprecated
  * @version $Revision$, $Date$
  */
@@ -68,15 +66,16 @@ public abstract class APolicyRule implements IPolicyRule {
     /**
      * Initializes the policy rule.
      * <P>
-     *
-     * @param config	The config store reference
+     * 
+     * @param config The config store reference
      */
     public abstract void init(ISubsystem owner, IConfigStore config)
-        throws EBaseException;
+            throws EBaseException;
 
     /**
      * Gets the description for this policy rule.
      * <P>
+     * 
      * @return The Description for this rule.
      */
     public String getDescription() {
@@ -86,8 +85,8 @@ public abstract class APolicyRule implements IPolicyRule {
     /**
      * Sets a predicate expression for rule matching.
      * <P>
-     *
-     * @param exp	The predicate expression for the rule.
+     * 
+     * @param exp The predicate expression for the rule.
      */
     public void setPredicate(IExpression exp) {
         mFilterExp = exp;
@@ -96,7 +95,7 @@ public abstract class APolicyRule implements IPolicyRule {
     /**
      * Returns the predicate expression for the rule.
      * <P>
-     *
+     * 
      * @return The predicate expression for the rule.
      */
     public IExpression getPredicate() {
@@ -106,7 +105,7 @@ public abstract class APolicyRule implements IPolicyRule {
     /**
      * Returns the name of the policy rule.
      * <P>
-     *
+     * 
      * @return The name of the policy class.
      */
     public String getName() {
@@ -114,45 +113,45 @@ public abstract class APolicyRule implements IPolicyRule {
     }
 
     /**
-     * Sets the instance name for a policy rule. 
+     * Sets the instance name for a policy rule.
      * <P>
-     *
-     * @param instanceName	The name of the rule instance.
+     * 
+     * @param instanceName The name of the rule instance.
      */
-    public void setInstanceName(String instanceName) { 
+    public void setInstanceName(String instanceName) {
         mInstanceName = instanceName;
     }
 
     /**
      * Returns the name of the policy rule instance.
      * <P>
-     *
-     * @return The name of the policy rule instance if set, else
-     *		   the name of the rule class. 
+     * 
+     * @return The name of the policy rule instance if set, else the name of the
+     *         rule class.
      */
-    public String getInstanceName() { 
+    public String getInstanceName() {
         return mInstanceName != null ? mInstanceName : NAME;
     }
 
     /**
      * Applies the policy on the given Request.
      * <P>
-     *
-     * @param req	The request on which to apply policy.
+     * 
+     * @param req The request on which to apply policy.
      * @return The policy result object.
      */
     public abstract PolicyResult apply(IRequest req);
 
     /**
      * Return configured parameters for a policy rule instance.
-     *
+     * 
      * @return nvPairs A Vector of name/value pairs.
      */
     public abstract Vector getInstanceParams();
 
     /**
      * Return default parameters for a policy implementation.
-     *
+     * 
      * @return nvPairs A Vector of name/value pairs.
      */
     public abstract Vector getDefaultParams();
@@ -161,8 +160,8 @@ public abstract class APolicyRule implements IPolicyRule {
         setPolicyException(req, format, params);
     }
 
-    public void setError(IRequest req, String format, String arg1, 
-        String arg2) {
+    public void setError(IRequest req, String format, String arg1,
+            String arg2) {
         Object[] np = new Object[2];
 
         np[0] = arg1;
@@ -188,10 +187,10 @@ public abstract class APolicyRule implements IPolicyRule {
     }
 
     /**
-     * determines whether a DEFERRED policy result should be returned
-     * by checking the contents of the AgentApprovals attribute.  This
-     * call should be used by policy modules instead of returning
-     * PolicyResult.DEFERRED directly.
+     * determines whether a DEFERRED policy result should be returned by
+     * checking the contents of the AgentApprovals attribute. This call should
+     * be used by policy modules instead of returning PolicyResult.DEFERRED
+     * directly.
      * <p>
      */
     protected PolicyResult deferred(IRequest req) {
@@ -223,12 +222,12 @@ public abstract class APolicyRule implements IPolicyRule {
         }
     }
 
-    public void setPolicyException(IRequest req, String format, 
-        Object[] params) {
-        if (format == null) 
+    public void setPolicyException(IRequest req, String format,
+            Object[] params) {
+        if (format == null)
             return;
 
-        EPolicyException ex; 
+        EPolicyException ex;
 
         if (params == null)
             ex = new EPolicyException(format);
@@ -247,12 +246,12 @@ public abstract class APolicyRule implements IPolicyRule {
      * log a message for this policy rule.
      */
     protected void log(int level, String msg) {
-        mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER, level, 
-            "APolicyRule " + NAME + ": " + msg);
+        mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER, level,
+                "APolicyRule " + NAME + ": " + msg);
     }
 
-    public static KeyIdentifier createKeyIdentifier(X509Key key) 
-        throws NoSuchAlgorithmException, InvalidKeyException {
+    public static KeyIdentifier createKeyIdentifier(X509Key key)
+            throws NoSuchAlgorithmException, InvalidKeyException {
         MessageDigest md = MessageDigest.getInstance("SHA-1");
 
         md.update(key.getEncoded());
@@ -260,19 +259,20 @@ public abstract class APolicyRule implements IPolicyRule {
     }
 
     /**
-     * Form a byte array of octet string key identifier from the sha-1 hash of 
+     * Form a byte array of octet string key identifier from the sha-1 hash of
      * the Subject Public Key INFO. (including algorithm ID, etc.)
      * <p>
+     * 
      * @param certInfo cert info of the certificate.
      * @return A Key identifier with the sha-1 hash of subject public key.
      */
     protected KeyIdentifier formSpkiSHA1KeyId(X509CertInfo certInfo)
-        throws EBaseException {
+            throws EBaseException {
         KeyIdentifier keyId = null;
 
         try {
             CertificateX509Key certKey =
-                (CertificateX509Key) certInfo.get(X509CertInfo.KEY);
+                    (CertificateX509Key) certInfo.get(X509CertInfo.KEY);
 
             if (certKey == null) {
                 log(ILogger.LL_FAILURE, CMS.getLogMessage("POLICY_MISSING_KEY_1", ""));
@@ -286,23 +286,23 @@ public abstract class APolicyRule implements IPolicyRule {
             }
             keyId = createKeyIdentifier(key);
         } catch (IOException e) {
-            log(ILogger.LL_FAILURE, 
-                CMS.getLogMessage("POLICY_ERROR_SUBJECT_KEY_ID_1", NAME));
+            log(ILogger.LL_FAILURE,
+                    CMS.getLogMessage("POLICY_ERROR_SUBJECT_KEY_ID_1", NAME));
             throw new EPolicyException(
                     CMS.getUserMessage("CMS_POLICY_SUBJECT_KEY_ID_ERROR", NAME));
         } catch (CertificateException e) {
-            log(ILogger.LL_FAILURE, 
-                CMS.getLogMessage("POLICY_ERROR_SUBJECT_KEY_ID_1", NAME));
+            log(ILogger.LL_FAILURE,
+                    CMS.getLogMessage("POLICY_ERROR_SUBJECT_KEY_ID_1", NAME));
             throw new EPolicyException(
                     CMS.getUserMessage("CMS_POLICY_SUBJECT_KEY_ID_ERROR", NAME));
         } catch (NoSuchAlgorithmException e) {
-            log(ILogger.LL_FAILURE, 
-                CMS.getLogMessage("POLICY_ERROR_SUBJECT_KEY_ID_1", NAME));
+            log(ILogger.LL_FAILURE,
+                    CMS.getLogMessage("POLICY_ERROR_SUBJECT_KEY_ID_1", NAME));
             throw new EPolicyException(
                     CMS.getUserMessage("CMS_POLICY_SUBJECT_KEY_ID_ERROR", NAME));
         } catch (InvalidKeyException e) {
-            log(ILogger.LL_FAILURE, 
-                CMS.getLogMessage("POLICY_ERROR_SUBJECT_KEY_ID_1", NAME));
+            log(ILogger.LL_FAILURE,
+                    CMS.getLogMessage("POLICY_ERROR_SUBJECT_KEY_ID_1", NAME));
             throw new EPolicyException(
                     CMS.getUserMessage("CMS_POLICY_SUBJECT_KEY_ID_ERROR", NAME));
         }
@@ -310,19 +310,20 @@ public abstract class APolicyRule implements IPolicyRule {
     }
 
     /**
-     * Form a byte array of octet string key identifier from the sha-1 hash of 
+     * Form a byte array of octet string key identifier from the sha-1 hash of
      * the Subject Public Key BIT STRING.
      * <p>
+     * 
      * @param certInfo cert info of the certificate.
      * @return A Key identifier with the sha-1 hash of subject public key.
      */
     protected KeyIdentifier formSHA1KeyId(X509CertInfo certInfo)
-        throws EBaseException {
+            throws EBaseException {
         KeyIdentifier keyId = null;
 
         try {
             CertificateX509Key certKey =
-                (CertificateX509Key) certInfo.get(X509CertInfo.KEY);
+                    (CertificateX509Key) certInfo.get(X509CertInfo.KEY);
 
             if (certKey == null) {
                 log(ILogger.LL_FAILURE, CMS.getLogMessage("POLICY_MISSING_KEY_1", ""));
@@ -341,22 +342,21 @@ public abstract class APolicyRule implements IPolicyRule {
             md.update(rawKey);
             keyId = new KeyIdentifier(md.digest());
         } catch (IOException e) {
-            log(ILogger.LL_FAILURE, 
-                CMS.getLogMessage("POLICY_ERROR_SUBJECT_KEY_ID_1", NAME));
+            log(ILogger.LL_FAILURE,
+                    CMS.getLogMessage("POLICY_ERROR_SUBJECT_KEY_ID_1", NAME));
             throw new EPolicyException(
                     CMS.getUserMessage("CMS_POLICY_SUBJECT_KEY_ID_ERROR", NAME));
         } catch (CertificateException e) {
-            log(ILogger.LL_FAILURE, 
-                CMS.getLogMessage("POLICY_ERROR_SUBJECT_KEY_ID_1", NAME));
+            log(ILogger.LL_FAILURE,
+                    CMS.getLogMessage("POLICY_ERROR_SUBJECT_KEY_ID_1", NAME));
             throw new EPolicyException(
                     CMS.getUserMessage("CMS_POLICY_SUBJECT_KEY_ID_ERROR", NAME));
         } catch (NoSuchAlgorithmException e) {
-            log(ILogger.LL_FAILURE, 
-                CMS.getLogMessage("POLICY_ERROR_SUBJECT_KEY_ID_1", NAME));
+            log(ILogger.LL_FAILURE,
+                    CMS.getLogMessage("POLICY_ERROR_SUBJECT_KEY_ID_1", NAME));
             throw new EPolicyException(
                     CMS.getUserMessage("CMS_POLICY_SUBJECT_KEY_ID_ERROR", NAME));
         }
         return keyId;
     }
 }
-
diff --git a/pki/base/common/src/com/netscape/cms/policy/constraints/AgentPolicy.java b/pki/base/common/src/com/netscape/cms/policy/constraints/AgentPolicy.java
index 3aeadabe..d203e904 100644
--- a/pki/base/common/src/com/netscape/cms/policy/constraints/AgentPolicy.java
+++ b/pki/base/common/src/com/netscape/cms/policy/constraints/AgentPolicy.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.policy.constraints;
 
-
 import java.util.Vector;
 
 import com.netscape.certsrv.apps.CMS;
@@ -30,24 +29,23 @@ import com.netscape.certsrv.request.IRequest;
 import com.netscape.certsrv.request.PolicyResult;
 import com.netscape.cms.policy.APolicyRule;
 
-
 /**
- * AgentPolicy is an enrollment policy wraps another policy module.
- *   Requests are sent first to the contained module, but if the
- *   policy indicates that the request should be deferred, a check
- *   for agent approvals is done.  If any are found, the request
- *   is approved.
+ * AgentPolicy is an enrollment policy wraps another policy module. Requests are
+ * sent first to the contained module, but if the policy indicates that the
+ * request should be deferred, a check for agent approvals is done. If any are
+ * found, the request is approved.
  * <P>
+ * 
  * <PRE>
  * NOTE:  The Policy Framework has been replaced by the Profile Framework.
  * </PRE>
  * <P>
- *
+ * 
  * @deprecated
  * @version $Revision$, $Date$
  */
 public class AgentPolicy extends APolicyRule
-    implements IEnrollmentPolicy {
+        implements IEnrollmentPolicy {
     public AgentPolicy() {
         NAME = "AgentPolicy";
         DESC = "Agent Approval Policy";
@@ -56,19 +54,19 @@ public class AgentPolicy extends APolicyRule
     /**
      * Initializes this policy rule.
      * <P>
-     *
+     * 
      * The entries may be of the form:
-     *
-     *      ra.Policy.rule.<ruleName>.implName=AgentPolicy
-     *      ra.Policy.rule.<ruleName>.enable=true
-     *      ra.Policy.rule.<ruleName>.predicate= ou == engineering AND o == netscape.com
-     *      ra.Policy.rule.<ruleName>.class=xxxx
-     *      ra.Policy.rule.<ruleName>.params.*
-     *
-     * @param config	The config store reference
+     * 
+     * ra.Policy.rule.<ruleName>.implName=AgentPolicy
+     * ra.Policy.rule.<ruleName>.enable=true
+     * ra.Policy.rule.<ruleName>.predicate= ou == engineering AND o ==
+     * netscape.com ra.Policy.rule.<ruleName>.class=xxxx
+     * ra.Policy.rule.<ruleName>.params.*
+     * 
+     * @param config The config store reference
      */
     public void init(ISubsystem owner, IConfigStore config)
-        throws EPolicyException {
+            throws EPolicyException {
 
         // Create subordinate object
         String className = (String) config.get("class");
@@ -79,14 +77,14 @@ public class AgentPolicy extends APolicyRule
 
             try {
                 @SuppressWarnings("unchecked")
-				Class<APolicyRule> c = (Class<APolicyRule>) Class.forName(className);
+                Class<APolicyRule> c = (Class<APolicyRule>) Class.forName(className);
 
                 Object o = c.newInstance();
 
                 if (!(o instanceof APolicyRule)) {
                     throw new EPolicyException(
-                            CMS.getUserMessage("CMS_POLICY_INVALID_POLICY_CLASS", 
-                                getInstanceName(), className));
+                            CMS.getUserMessage("CMS_POLICY_INVALID_POLICY_CLASS",
+                                    getInstanceName(), className));
                 }
 
                 APolicyRule pr = (APolicyRule) o;
@@ -100,7 +98,7 @@ public class AgentPolicy extends APolicyRule
                 System.err.println("Agent Policy Error: " + e);
                 throw new EPolicyException(
                         CMS.getUserMessage("CMS_POLICY_LOADING_POLICY_ERROR",
-                            getInstanceName(), className));
+                                getInstanceName(), className));
             }
         }
     }
@@ -108,8 +106,8 @@ public class AgentPolicy extends APolicyRule
     /**
      * Applies the policy on the given Request.
      * <P>
-     *
-     * @param req	The request on which to apply policy.
+     * 
+     * @param req The request on which to apply policy.
      * @return The policy result object.
      */
     public PolicyResult apply(IRequest req) {
@@ -129,10 +127,10 @@ public class AgentPolicy extends APolicyRule
             AgentApprovals aa = AgentApprovals.fromStringVector(
                     req.getExtDataInStringVector(AgentApprovals.class.getName()));
 
-            //Object o = req.get("agentApprovals");
+            // Object o = req.get("agentApprovals");
 
             // Any approvals causes success
-            if (aa != null && aa.elements().hasMoreElements()) //if (o != null)
+            if (aa != null && aa.elements().hasMoreElements()) // if (o != null)
             {
                 System.err.println("Agent approval found");
                 result = PolicyResult.ACCEPTED;
@@ -144,7 +142,7 @@ public class AgentPolicy extends APolicyRule
 
     /**
      * Return configured parameters for a policy rule instance.
-     *
+     * 
      * @return nvPairs A Vector of name/value pairs.
      */
     public Vector<String> getInstanceParams() {
@@ -153,13 +151,12 @@ public class AgentPolicy extends APolicyRule
 
     /**
      * Return default parameters for a policy implementation.
-     *
+     * 
      * @return nvPairs A Vector of name/value pairs.
      */
     public Vector<String> getDefaultParams() {
         return null;
     }
 
-    APolicyRule mPolicy = null; 
+    APolicyRule mPolicy = null;
 }
-
diff --git a/pki/base/common/src/com/netscape/cms/policy/constraints/AttributePresentConstraints.java b/pki/base/common/src/com/netscape/cms/policy/constraints/AttributePresentConstraints.java
index 90e81ed4..ebf111cb 100644
--- a/pki/base/common/src/com/netscape/cms/policy/constraints/AttributePresentConstraints.java
+++ b/pki/base/common/src/com/netscape/cms/policy/constraints/AttributePresentConstraints.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.policy.constraints;
 
-
 import java.util.Enumeration;
 import java.util.Hashtable;
 import java.util.Locale;
@@ -44,20 +43,20 @@ import com.netscape.certsrv.request.PolicyResult;
 import com.netscape.certsrv.request.RequestId;
 import com.netscape.cms.policy.APolicyRule;
 
-
 /**
  * This checks if attribute present.
  * <P>
+ * 
  * <PRE>
  * NOTE:  The Policy Framework has been replaced by the Profile Framework.
  * </PRE>
  * <P>
- *
+ * 
  * @deprecated
  * @version $Revision$, $Date$
  */
-public class AttributePresentConstraints extends APolicyRule 
-    implements IEnrollmentPolicy, IExtendedPluginInfo {
+public class AttributePresentConstraints extends APolicyRule
+        implements IEnrollmentPolicy, IExtendedPluginInfo {
     protected static final String PROP_ENABLED = "enabled";
     protected static final String PROP_LDAP = "ldap";
 
@@ -82,42 +81,42 @@ public class AttributePresentConstraints extends APolicyRule
     public String[] getExtendedPluginInfo(Locale locale) {
         String params[] = {
                 PROP_ATTR + ";string,required;Ldap attribute to check presence of (default " +
-                DEF_ATTR + ")",
+                        DEF_ATTR + ")",
                 PROP_VALUE + ";string;if this parameter is non-empty, the attribute must " +
-                "match this value for the request to proceed ",
+                        "match this value for the request to proceed ",
                 PROP_LDAP_BASE + ";string,required;Base DN to start searching " +
-                "under. If your user's DN is 'uid=jsmith, o=company', you " +
-                "might want to use 'o=company' here",
+                        "under. If your user's DN is 'uid=jsmith, o=company', you " +
+                        "might want to use 'o=company' here",
                 PROP_LDAP_HOST + ";string,required;" +
-                "LDAP host to connect to",
+                        "LDAP host to connect to",
                 PROP_LDAP_PORT + ";number,required;" +
-                "LDAP port number (use 389, or 636 if SSL)",
+                        "LDAP port number (use 389, or 636 if SSL)",
                 PROP_LDAP_SSL + ";boolean;" +
-                "Use SSL to connect to directory?",
+                        "Use SSL to connect to directory?",
                 PROP_LDAP_VER + ";choice(3,2),required;" +
-                "LDAP protocol version",
+                        "LDAP protocol version",
                 PROP_LDAP_BIND + ";string;DN to bind as for attribute checking. " +
-                "For example 'CN=Pincheck User'",
+                        "For example 'CN=Pincheck User'",
                 PROP_LDAP_PW + ";password;Enter password used to bind as " +
-                "the above user",
+                        "the above user",
                 PROP_LDAP_AUTH + ";choice(BasicAuth,SslClientAuth),required;" +
-                "How to bind to the directory",
+                        "How to bind to the directory",
                 PROP_LDAP_CERT + ";string;If you want to use " +
-                "SSL client auth to the directory, set the client " +
-                "cert nickname here",
+                        "SSL client auth to the directory, set the client " +
+                        "cert nickname here",
                 PROP_LDAP_BASE + ";string,required;Base DN to start searching " +
-                "under. If your user's DN is 'uid=jsmith, o=company', you " +
-                "might want to use 'o=company' here",
+                        "under. If your user's DN is 'uid=jsmith, o=company', you " +
+                        "might want to use 'o=company' here",
                 PROP_LDAP_MINC + ";number;number of connections " +
-                "to keep open to directory server. Default " + DEF_LDAP_MINC,
+                        "to keep open to directory server. Default " + DEF_LDAP_MINC,
                 PROP_LDAP_MAXC + ";number;when needed, connection " +
-                "pool can grow to this many (multiplexed) connections. Default " + DEF_LDAP_MAXC,
+                        "pool can grow to this many (multiplexed) connections. Default " + DEF_LDAP_MAXC,
                 IExtendedPluginInfo.HELP_TOKEN +
-                ";configuration-policyrules-pinpresent",
+                        ";configuration-policyrules-pinpresent",
                 IExtendedPluginInfo.HELP_TEXT +
-                ";" + DESC + " This plugin can be used to " +
-                "check the presence (and, optionally, the value) of any LDAP " +
-                "attribute for the user. "
+                        ";" + DESC + " This plugin can be used to " +
+                        "check the presence (and, optionally, the value) of any LDAP " +
+                        "attribute for the user. "
             };
 
         return params;
@@ -179,9 +178,9 @@ public class AttributePresentConstraints extends APolicyRule
     protected static final String PROP_VALUE = "value";
     protected static final String DEF_VALUE = "";
 
-    protected static Vector<String>    mParamNames;
+    protected static Vector<String> mParamNames;
     protected static Hashtable<String, Object> mParamDefault;
-    protected        Hashtable<String, Object> mParamValue = null;
+    protected Hashtable<String, Object> mParamValue = null;
 
     static {
         mParamNames = new Vector<String>();
@@ -200,7 +199,7 @@ public class AttributePresentConstraints extends APolicyRule
         addParam(PROP_ATTR, DEF_ATTR);
         addParam(PROP_VALUE, DEF_VALUE);
     };
-	
+
     protected static void addParam(String name, Object value) {
         mParamNames.addElement(name);
         mParamDefault.put(name, value);
@@ -209,8 +208,8 @@ public class AttributePresentConstraints extends APolicyRule
     protected void getStringConfigParam(IConfigStore config, String paramName) {
         try {
             mParamValue.put(
-                paramName, config.getString(paramName, (String) mParamDefault.get(paramName))
-            );
+                    paramName, config.getString(paramName, (String) mParamDefault.get(paramName))
+                    );
         } catch (Exception e) {
         }
     }
@@ -218,12 +217,12 @@ public class AttributePresentConstraints extends APolicyRule
     protected void getIntConfigParam(IConfigStore config, String paramName) {
         try {
             mParamValue.put(
-                paramName, Integer.valueOf(
-                    config.getInteger(paramName,
-                        ((Integer) mParamDefault.get(paramName)).intValue()
-                    )
-                )
-            );
+                    paramName, Integer.valueOf(
+                            config.getInteger(paramName,
+                                    ((Integer) mParamDefault.get(paramName)).intValue()
+                                    )
+                            )
+                    );
         } catch (Exception e) {
         }
     }
@@ -231,18 +230,18 @@ public class AttributePresentConstraints extends APolicyRule
     protected void getBooleanConfigParam(IConfigStore config, String paramName) {
         try {
             mParamValue.put(
-                paramName, Boolean.valueOf(
-                    config.getBoolean(paramName,
-                        ((Boolean) mParamDefault.get(paramName)).booleanValue()
-                    )
-                )
-            );
+                    paramName, Boolean.valueOf(
+                            config.getBoolean(paramName,
+                                    ((Boolean) mParamDefault.get(paramName)).booleanValue()
+                                    )
+                            )
+                    );
         } catch (Exception e) {
         }
     }
 
     public void init(ISubsystem owner, IConfigStore config)
-        throws EBaseException {
+            throws EBaseException {
         mConfig = config;
 
         mParamValue = new Hashtable<String, Object>();
@@ -277,7 +276,7 @@ public class AttributePresentConstraints extends APolicyRule
         String requestType = r.getRequestType();
 
         if (requestType.equals(IRequest.ENROLLMENT_REQUEST) ||
-            requestType.equals(IRequest.RENEWAL_REQUEST)) {
+                requestType.equals(IRequest.RENEWAL_REQUEST)) {
 
             String uid = r.getExtDataInString(IRequest.HTTP_PARAMS, "uid");
 
@@ -291,10 +290,10 @@ public class AttributePresentConstraints extends APolicyRule
 
             try {
                 String[] attrs = { (String) mParamValue.get(PROP_ATTR) };
-                LDAPSearchResults searchResult = 
-                    mCheckAttrLdapConnection.search((String) mParamValue.get(PROP_LDAP_BASE),
-                        LDAPv2.SCOPE_SUB, "(uid=" + uid + ")", attrs, false);
-			
+                LDAPSearchResults searchResult =
+                        mCheckAttrLdapConnection.search((String) mParamValue.get(PROP_LDAP_BASE),
+                                LDAPv2.SCOPE_SUB, "(uid=" + uid + ")", attrs, false);
+
                 if (!searchResult.hasMoreElements()) {
                     log(ILogger.LL_FAILURE, CMS.getLogMessage("CMS_AUTH_NO_PIN_FOUND", uid));
                     setError(r, CMS.getUserMessage("CMS_POLICY_PIN_UNAUTHORIZED"), "");
@@ -304,12 +303,12 @@ public class AttributePresentConstraints extends APolicyRule
                 LDAPEntry entry = (LDAPEntry) searchResult.nextElement();
 
                 userdn = entry.getDN();
-	
+
                 LDAPAttribute attr = entry.getAttribute((String) mParamValue.get(PROP_ATTR));
 
                 /* if attribute not present, reject the request */
                 if (attr == null) {
-                    log(ILogger.LL_FAILURE, CMS.getLogMessage("CMS_AUTH_NO_PIN_FOUND", userdn)); 
+                    log(ILogger.LL_FAILURE, CMS.getLogMessage("CMS_AUTH_NO_PIN_FOUND", userdn));
                     setError(r, CMS.getUserMessage("CMS_POLICY_PIN_UNAUTHORIZED"), "");
                     return PolicyResult.REJECTED;
                 }
@@ -331,7 +330,7 @@ public class AttributePresentConstraints extends APolicyRule
                         return PolicyResult.REJECTED;
                     }
                 }
-				
+
                 CMS.debug("AttributePresentConstraints: Attribute is present for user: \"" + userdn + "\"");
 
             } catch (LDAPException e) {
@@ -344,7 +343,7 @@ public class AttributePresentConstraints extends APolicyRule
         return res;
     }
 
-    public Vector<String>  getInstanceParams() {
+    public Vector<String> getInstanceParams() {
         Vector<String> params = new Vector<String>();
 
         Enumeration<String> e = mParamNames.elements();
@@ -382,25 +381,26 @@ public class AttributePresentConstraints extends APolicyRule
         return params;
 
         /*
-         params.addElement("ldap.ldapconn.host=localhost");
-         params.addElement("ldap.ldapconn.port=389");
-         params.addElement("ldap.ldapconn.secureConn=false");
-         params.addElement("ldap.ldapconn.version=3");
-         params.addElement("ldap.ldapauth.bindDN=CN=Directory Manager");
-         params.addElement("ldap.ldapauth.bindPWPrompt=");
-         params.addElement("ldap.ldapauth.clientCertNickname=");
-         params.addElement("ldap.ldapauth.authtype=BasicAuth");
-         params.addElement("ldap.basedn=");
-         params.addElement("ldap.minConns=1");
-         params.addElement("ldap.maxConns=5");
+         * params.addElement("ldap.ldapconn.host=localhost");
+         * params.addElement("ldap.ldapconn.port=389");
+         * params.addElement("ldap.ldapconn.secureConn=false");
+         * params.addElement("ldap.ldapconn.version=3");
+         * params.addElement("ldap.ldapauth.bindDN=CN=Directory Manager");
+         * params.addElement("ldap.ldapauth.bindPWPrompt=");
+         * params.addElement("ldap.ldapauth.clientCertNickname=");
+         * params.addElement("ldap.ldapauth.authtype=BasicAuth");
+         * params.addElement("ldap.basedn=");
+         * params.addElement("ldap.minConns=1");
+         * params.addElement("ldap.maxConns=5");
          */
     }
 
     protected void log(int level, String msg) {
-        if (mLogger == null) return;
+        if (mLogger == null)
+            return;
 
         mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_OTHER,
-            level, "AttributePresentConstraints: " + msg);
+                level, "AttributePresentConstraints: " + msg);
     }
 
 }
diff --git a/pki/base/common/src/com/netscape/cms/policy/constraints/DSAKeyConstraints.java b/pki/base/common/src/com/netscape/cms/policy/constraints/DSAKeyConstraints.java
index 3caee615..c8f96409 100644
--- a/pki/base/common/src/com/netscape/cms/policy/constraints/DSAKeyConstraints.java
+++ b/pki/base/common/src/com/netscape/cms/policy/constraints/DSAKeyConstraints.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.policy.constraints;
 
-
 import java.math.BigInteger;
 import java.security.interfaces.DSAParams;
 import java.util.Locale;
@@ -40,20 +39,20 @@ import com.netscape.certsrv.request.IRequest;
 import com.netscape.certsrv.request.PolicyResult;
 import com.netscape.cms.policy.APolicyRule;
 
-
 /**
  * DSAKeyConstraints policy enforces min and max size of the key.
  * <P>
+ * 
  * <PRE>
  * NOTE:  The Policy Framework has been replaced by the Profile Framework.
  * </PRE>
  * <P>
- *
+ * 
  * @deprecated
  * @version $Revision$, $Date$
  */
 public class DSAKeyConstraints extends APolicyRule
-    implements IEnrollmentPolicy, IExtendedPluginInfo {
+        implements IEnrollmentPolicy, IExtendedPluginInfo {
     private int mMinSize;
     private int mMaxSize;
 
@@ -73,7 +72,7 @@ public class DSAKeyConstraints extends APolicyRule
         defConfParams.addElement(PROP_MIN_SIZE + "=" + DEF_MIN_SIZE);
         defConfParams.addElement(PROP_MAX_SIZE + "=" + DEF_MAX_SIZE);
     }
-		
+
     public DSAKeyConstraints() {
         NAME = "DSAKeyConstraints";
         DESC = "Enforces DSA Key Constraints.";
@@ -84,9 +83,9 @@ public class DSAKeyConstraints extends APolicyRule
                 PROP_MIN_SIZE + ";number;Minimum key size",
                 PROP_MAX_SIZE + ";number;Maximum key size",
                 IExtendedPluginInfo.HELP_TOKEN +
-                ";configuration-policyrules-dsakeyconstraints",
+                        ";configuration-policyrules-dsakeyconstraints",
                 IExtendedPluginInfo.HELP_TEXT +
-                ";Rejects request if DSA key size is out of range"
+                        ";Rejects request if DSA key size is out of range"
             };
 
         return params;
@@ -95,18 +94,19 @@ public class DSAKeyConstraints extends APolicyRule
     /**
      * Initializes this policy rule.
      * <P>
-     *
+     * 
      * The entries probably are of the form
-     *      ra.Policy.rule.<ruleName>.implName=DSAKeyConstraints
-     *      ra.Policy.rule.<ruleName>.enable=true
-     *      ra.Policy.rule.<ruleName>.minSize=512
-     *      ra.Policy.rule.<ruleName>.maxSize=1024
-     *      ra.Policy.rule.<ruleName>.predicate= ou == engineering AND o == netscape.com
-     *
-     * @param config	The config store reference
+     * ra.Policy.rule.<ruleName>.implName=DSAKeyConstraints
+     * ra.Policy.rule.<ruleName>.enable=true
+     * ra.Policy.rule.<ruleName>.minSize=512
+     * ra.Policy.rule.<ruleName>.maxSize=1024
+     * ra.Policy.rule.<ruleName>.predicate= ou == engineering AND o ==
+     * netscape.com
+     * 
+     * @param config The config store reference
      */
     public void init(ISubsystem owner, IConfigStore config)
-        throws EPolicyException {
+            throws EPolicyException {
 
         // Get Min and Max sizes
         mConfig = config;
@@ -120,34 +120,34 @@ public class DSAKeyConstraints extends APolicyRule
 
                 log(ILogger.LL_FAILURE, PROP_MAX_SIZE + " " + msg);
                 throw new EBaseException(
-                        CMS.getUserMessage("CMS_BASE_INVALID_ATTR_VALUE", 
-                            PROP_MAX_SIZE, msg));
+                        CMS.getUserMessage("CMS_BASE_INVALID_ATTR_VALUE",
+                                PROP_MAX_SIZE, msg));
             }
             if (mMinSize < DEF_MIN_SIZE) {
                 String msg = "cannot be less than " + DEF_MIN_SIZE;
 
                 log(ILogger.LL_FAILURE, PROP_MIN_SIZE + " " + msg);
                 throw new EBaseException(
-                        CMS.getUserMessage("CMS_BASE_INVALID_ATTR_VALUE", 
-                            PROP_MIN_SIZE, msg));
+                        CMS.getUserMessage("CMS_BASE_INVALID_ATTR_VALUE",
+                                PROP_MIN_SIZE, msg));
             }
             if (mMaxSize % INCREMENT != 0) {
                 String msg = "must be in increments of " + INCREMENT;
 
                 log(ILogger.LL_FAILURE, PROP_MAX_SIZE + " " + msg);
                 throw new EBaseException(
-                        CMS.getUserMessage("CMS_BASE_INVALID_ATTR_VALUE", 
-                            PROP_MIN_SIZE, msg));
+                        CMS.getUserMessage("CMS_BASE_INVALID_ATTR_VALUE",
+                                PROP_MIN_SIZE, msg));
             }
             if (mMaxSize % INCREMENT != 0) {
                 String msg = "must be in increments of " + INCREMENT;
 
                 log(ILogger.LL_FAILURE, PROP_MIN_SIZE + " " + msg);
                 throw new EBaseException(
-                        CMS.getUserMessage("CMS_BASE_INVALID_ATTR_VALUE", 
-                            PROP_MIN_SIZE, msg));
+                        CMS.getUserMessage("CMS_BASE_INVALID_ATTR_VALUE",
+                                PROP_MIN_SIZE, msg));
             }
-			
+
             config.putInteger(PROP_MIN_SIZE, mMinSize);
             config.putInteger(PROP_MAX_SIZE, mMaxSize);
 
@@ -160,8 +160,8 @@ public class DSAKeyConstraints extends APolicyRule
     /**
      * Applies the policy on the given Request.
      * <P>
-     *
-     * @param req	The request on which to apply policy.
+     * 
+     * @param req The request on which to apply policy.
      * @return The policy result object.
      */
     public PolicyResult apply(IRequest req) {
@@ -171,7 +171,7 @@ public class DSAKeyConstraints extends APolicyRule
         try {
             // Get the certificate info from the request
             X509CertInfo ci[] =
-                req.getExtDataInCertInfoArray(IRequest.CERT_INFO);
+                    req.getExtDataInCertInfoArray(IRequest.CERT_INFO);
 
             // There should be a certificate info set.
             if (ci == null || ci[0] == null) {
@@ -182,19 +182,19 @@ public class DSAKeyConstraints extends APolicyRule
             // Else check if the key size(s) are within the limit.
             for (int i = 0; i < ci.length; i++) {
                 CertificateX509Key certKey = (CertificateX509Key)
-                    ci[i].get(X509CertInfo.KEY);
+                        ci[i].get(X509CertInfo.KEY);
                 X509Key key = (X509Key) certKey.get(CertificateX509Key.KEY);
                 String alg = key.getAlgorithmId().toString();
 
                 if (!alg.equalsIgnoreCase(DSA))
                     continue;
 
-                    // Check DSAKey parameters.
-                    // size refers to the p parameter.
+                // Check DSAKey parameters.
+                // size refers to the p parameter.
                 DSAPublicKey dsaKey = new DSAPublicKey(key.getEncoded());
                 DSAParams keyParams = dsaKey.getParams();
 
-                if (keyParams == null) { 
+                if (keyParams == null) {
                     // key parameters could not be parsed.
                     Object[] params = new Object[] {
                             getInstanceName(), String.valueOf(i + 1) };
@@ -205,11 +205,11 @@ public class DSAKeyConstraints extends APolicyRule
                 BigInteger p = keyParams.getP();
                 int len = p.bitLength();
 
-                if (len < mMinSize || len > mMaxSize || 
-                    (len % INCREMENT) != 0) {
-                    String[] parms = new String[] { 
-                            getInstanceName(), 
-                            String.valueOf(len), 
+                if (len < mMinSize || len > mMaxSize ||
+                        (len % INCREMENT) != 0) {
+                    String[] parms = new String[] {
+                            getInstanceName(),
+                            String.valueOf(len),
                             String.valueOf(mMinSize),
                             String.valueOf(mMaxSize),
                             String.valueOf(INCREMENT) };
@@ -220,7 +220,7 @@ public class DSAKeyConstraints extends APolicyRule
             }
         } catch (Exception e) {
             // e.printStackTrace();
-            String[] params = { getInstanceName(), e.toString()};
+            String[] params = { getInstanceName(), e.toString() };
 
             setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR", params), "");
             result = PolicyResult.REJECTED;
@@ -230,27 +230,27 @@ public class DSAKeyConstraints extends APolicyRule
 
     /**
      * Return configured parameters for a policy rule instance.
-     *
+     * 
      * @return nvPairs A Vector of name/value pairs.
      */
-    public Vector getInstanceParams() { 
+    public Vector getInstanceParams() {
         Vector confParams = new Vector();
 
         try {
             confParams.addElement(PROP_MIN_SIZE + "=" + mConfig.getInteger(PROP_MIN_SIZE, DEF_MIN_SIZE));
             confParams.addElement(PROP_MAX_SIZE + "=" + mConfig.getInteger(PROP_MAX_SIZE, DEF_MAX_SIZE));
-        } catch (EBaseException e) {;
+        } catch (EBaseException e) {
+            ;
         }
         return confParams;
     }
 
     /**
      * Return default parameters for a policy implementation.
-     *
+     * 
      * @return nvPairs A Vector of name/value pairs.
      */
     public Vector getDefaultParams() {
         return defConfParams;
     }
 }
-
diff --git a/pki/base/common/src/com/netscape/cms/policy/constraints/DefaultRevocation.java b/pki/base/common/src/com/netscape/cms/policy/constraints/DefaultRevocation.java
index 3d4aedc3..4fc40036 100644
--- a/pki/base/common/src/com/netscape/cms/policy/constraints/DefaultRevocation.java
+++ b/pki/base/common/src/com/netscape/cms/policy/constraints/DefaultRevocation.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.policy.constraints;
 
-
 import java.util.Locale;
 import java.util.Vector;
 
@@ -30,22 +29,21 @@ import com.netscape.certsrv.request.IRequest;
 import com.netscape.certsrv.request.PolicyResult;
 import com.netscape.cms.policy.APolicyRule;
 
-
 /**
- * This is the default revocation policy. Currently this does
- * nothing. We can later add checks like whether or not to
- * revoke expired certs ..etc here.
+ * This is the default revocation policy. Currently this does nothing. We can
+ * later add checks like whether or not to revoke expired certs ..etc here.
  * <P>
+ * 
  * <PRE>
  * NOTE:  The Policy Framework has been replaced by the Profile Framework.
  * </PRE>
  * <P>
- *
+ * 
  * @deprecated
  * @version $Revision$, $Date$
  */
 public class DefaultRevocation extends APolicyRule
-    implements IRevocationPolicy, IExtendedPluginInfo {
+        implements IRevocationPolicy, IExtendedPluginInfo {
     public DefaultRevocation() {
         NAME = "DefaultRevocation";
         DESC = "Default Revocation Policy";
@@ -54,24 +52,25 @@ public class DefaultRevocation extends APolicyRule
     /**
      * Initializes this policy rule.
      * <P>
-     *
+     * 
      * The entries may be of the form:
-     *
-     *      ra.Policy.rule.<ruleName>.implName=DefaultRevocation
-     *      ra.Policy.rule.<ruleName>.enable=true
-     *      ra.Policy.rule.<ruleName>.predicate= ou == engineering AND o == netscape.com
-     *
-     * @param config	The config store reference
+     * 
+     * ra.Policy.rule.<ruleName>.implName=DefaultRevocation
+     * ra.Policy.rule.<ruleName>.enable=true
+     * ra.Policy.rule.<ruleName>.predicate= ou == engineering AND o ==
+     * netscape.com
+     * 
+     * @param config The config store reference
      */
     public void init(ISubsystem owner, IConfigStore config)
-        throws EPolicyException {
+            throws EPolicyException {
     }
 
     /**
      * Applies the policy on the given Request.
      * <P>
-     *
-     * @param req	The request on which to apply policy.
+     * 
+     * @param req The request on which to apply policy.
      * @return The policy result object.
      */
     public PolicyResult apply(IRequest req) {
@@ -80,7 +79,7 @@ public class DefaultRevocation extends APolicyRule
 
     /**
      * Return configured parameters for a policy rule instance.
-     *
+     * 
      * @return nvPairs A Vector of name/value pairs.
      */
     public Vector getInstanceParams() {
@@ -89,7 +88,7 @@ public class DefaultRevocation extends APolicyRule
 
     /**
      * Return default parameters for a policy implementation.
-     *
+     * 
      * @return nvPairs A Vector of name/value pairs.
      */
     public Vector getDefaultParams() {
@@ -104,4 +103,3 @@ public class DefaultRevocation extends APolicyRule
         return params;
     }
 }
-
diff --git a/pki/base/common/src/com/netscape/cms/policy/constraints/IssuerConstraints.java b/pki/base/common/src/com/netscape/cms/policy/constraints/IssuerConstraints.java
index aed75bcd..8e10d3b6 100644
--- a/pki/base/common/src/com/netscape/cms/policy/constraints/IssuerConstraints.java
+++ b/pki/base/common/src/com/netscape/cms/policy/constraints/IssuerConstraints.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.policy.constraints;
 
-
 import java.util.Locale;
 import java.util.Vector;
 
@@ -35,29 +34,29 @@ import com.netscape.certsrv.request.IRequest;
 import com.netscape.certsrv.request.PolicyResult;
 import com.netscape.cms.policy.APolicyRule;
 
-
 /**
- * IssuerConstraints is a rule for restricting the issuers of the
- * certificates used for certificate-based enrollments.
+ * IssuerConstraints is a rule for restricting the issuers of the certificates
+ * used for certificate-based enrollments.
  * <P>
+ * 
  * <PRE>
  * NOTE:  The Policy Framework has been replaced by the Profile Framework.
  * </PRE>
  * <P>
- *
+ * 
  * @deprecated
  * @version $Revision$ $Date$
  */
 public class IssuerConstraints extends APolicyRule
-    implements IEnrollmentPolicy, IExtendedPluginInfo {
+        implements IEnrollmentPolicy, IExtendedPluginInfo {
     private final static String PROP_ISSUER_DN = "issuerDN";
     private static final String CLIENT_ISSUER = "clientIssuer";
     private X500Name mIssuerDN = null;
     private String mIssuerDNString;
 
     /**
-     * checks the issuer of the ssl client-auth cert.  Only one issuer
-     *	 is allowed for now
+     * checks the issuer of the ssl client-auth cert. Only one issuer is allowed
+     * for now
      */
     public IssuerConstraints() {
         NAME = "IssuerConstraints";
@@ -68,10 +67,10 @@ public class IssuerConstraints extends APolicyRule
         String[] params = {
                 PROP_ISSUER_DN + ";string;Subject DN of the Issuer. The IssuerDN of the authenticating cert must match what's specified here",
                 IExtendedPluginInfo.HELP_TOKEN +
-                ";configuration-policyrules-issuerconstraints",
+                        ";configuration-policyrules-issuerconstraints",
                 IExtendedPluginInfo.HELP_TEXT +
-                ";Rejects the request if the issuer in the certificate is" +
-                "not of the one specified"
+                        ";Rejects the request if the issuer in the certificate is" +
+                        "not of the one specified"
             };
 
         return params;
@@ -81,34 +80,35 @@ public class IssuerConstraints extends APolicyRule
     /**
      * Initializes this policy rule.
      * <P>
-     * @param config	The config store reference
+     * 
+     * @param config The config store reference
      */
     public void init(ISubsystem owner, IConfigStore config)
-        throws EPolicyException {
+            throws EPolicyException {
         try {
             mIssuerDNString = config.getString(PROP_ISSUER_DN, null);
-            if ((mIssuerDNString != null) && 
-                !mIssuerDNString.equals("")) {
+            if ((mIssuerDNString != null) &&
+                    !mIssuerDNString.equals("")) {
                 mIssuerDN = new X500Name(mIssuerDNString);
             }
         } catch (Exception e) {
-            log(ILogger.LL_FAILURE, 
-                NAME + CMS.getLogMessage("CA_GET_ISSUER_NAME_FAILED"));
+            log(ILogger.LL_FAILURE,
+                    NAME + CMS.getLogMessage("CA_GET_ISSUER_NAME_FAILED"));
 
-            String[] params = {getInstanceName(), e.toString()};
+            String[] params = { getInstanceName(), e.toString() };
 
             throw new EPolicyException(
                     CMS.getUserMessage("CMS_POLICY_INVALID_POLICY_CONFIG", params));
         }
         CMS.debug(
-            NAME + ": init() done");
+                NAME + ": init() done");
     }
 
     /**
      * Applies the policy on the given Request.
      * <P>
-     *
-     * @param req	The request on which to apply policy.
+     * 
+     * @param req The request on which to apply policy.
      * @return The policy result object.
      */
     public PolicyResult apply(IRequest req) {
@@ -125,82 +125,82 @@ public class IssuerConstraints extends APolicyRule
 
                 if (!ci_name.equals(mIssuerDN)) {
                     setError(req,
-                        CMS.getUserMessage("CMS_POLICY_INVALID_ISSUER",
-                            getInstanceName()), "");
+                            CMS.getUserMessage("CMS_POLICY_INVALID_ISSUER",
+                                    getInstanceName()), "");
                     result = PolicyResult.REJECTED;
                     log(ILogger.LL_FAILURE,
-                        CMS.getLogMessage("CA_GET_ISSUER_NAME_FAILED")); 
+                            CMS.getLogMessage("CA_GET_ISSUER_NAME_FAILED"));
                     CMS.debug(
-                        NAME + ": apply() - issuerDN mismatch: client issuerDN = " + clientIssuerDN + "; expected issuerDN = " + mIssuerDNString);
+                            NAME + ": apply() - issuerDN mismatch: client issuerDN = " + clientIssuerDN + "; expected issuerDN = " + mIssuerDNString);
                 }
             } else {
 
                 // Get the certificate info from the request
                 X509CertInfo certInfo[] =
-                    req.getExtDataInCertInfoArray(IRequest.CERT_INFO);
+                        req.getExtDataInCertInfoArray(IRequest.CERT_INFO);
 
                 if (certInfo == null) {
-                    log(ILogger.LL_FAILURE, 
-                        NAME + ": apply() - missing certInfo");
-                    setError(req, CMS.getUserMessage("CMS_POLICY_NO_CERT_INFO", 
+                    log(ILogger.LL_FAILURE,
+                            NAME + ": apply() - missing certInfo");
+                    setError(req, CMS.getUserMessage("CMS_POLICY_NO_CERT_INFO",
                             getInstanceName()), "");
                     return PolicyResult.REJECTED;
                 }
-				
+
                 for (int i = 0; i < certInfo.length; i++) {
                     String oldIssuer = (String)
-                        certInfo[i].get(X509CertInfo.ISSUER).toString();
-					
+                            certInfo[i].get(X509CertInfo.ISSUER).toString();
+
                     if (oldIssuer == null) {
                         setError(req,
-                            CMS.getUserMessage("CMS_POLICY_CLIENT_ISSUER_NOT_FOUND",
-                                getInstanceName()), "");
+                                CMS.getUserMessage("CMS_POLICY_CLIENT_ISSUER_NOT_FOUND",
+                                        getInstanceName()), "");
                         result = PolicyResult.REJECTED;
-                        log(ILogger.LL_FAILURE, 
-                            NAME + ": apply() - client issuerDN not found");
+                        log(ILogger.LL_FAILURE,
+                                NAME + ": apply() - client issuerDN not found");
                     }
                     X500Name oi_name = new X500Name(oldIssuer);
 
                     if (!oi_name.equals(mIssuerDN)) {
                         setError(req,
-                            CMS.getUserMessage("CMS_POLICY_INVALID_ISSUER",
-                                getInstanceName()), "");
+                                CMS.getUserMessage("CMS_POLICY_INVALID_ISSUER",
+                                        getInstanceName()), "");
                         result = PolicyResult.REJECTED;
-                        log(ILogger.LL_FAILURE, 
-                            NAME + ": apply() - cert issuerDN mismatch: client issuerDN = " + oldIssuer + "; expected issuerDN = " + mIssuerDNString);
+                        log(ILogger.LL_FAILURE,
+                                NAME + ": apply() - cert issuerDN mismatch: client issuerDN = " + oldIssuer + "; expected issuerDN = " + mIssuerDNString);
                     }
                 }
             }
         } catch (Exception e) {
-            String params[] = {getInstanceName(), e.toString()};
+            String params[] = { getInstanceName(), e.toString() };
 
             setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR", params), "");
             result = PolicyResult.REJECTED;
         }
 
         if (result.equals(PolicyResult.ACCEPTED)) {
-            log(ILogger.LL_INFO, 
-                NAME + ": apply() - accepted");
+            log(ILogger.LL_INFO,
+                    NAME + ": apply() - accepted");
         }
         return result;
     }
 
     /**
      * Return configured parameters for a policy rule instance.
-     *
+     * 
      * @return nvPairs A Vector of name/value pairs.
      */
     public Vector getInstanceParams() {
         Vector confParams = new Vector();
 
         confParams.addElement(PROP_ISSUER_DN + "=" +
-            mIssuerDNString);
+                mIssuerDNString);
         return confParams;
     }
 
     /**
      * Return default parameters for a policy implementation.
-     *
+     * 
      * @return nvPairs A Vector of name/value pairs.
      */
     public Vector getDefaultParams() {
diff --git a/pki/base/common/src/com/netscape/cms/policy/constraints/KeyAlgorithmConstraints.java b/pki/base/common/src/com/netscape/cms/policy/constraints/KeyAlgorithmConstraints.java
index 8286cf31..7c79ced7 100644
--- a/pki/base/common/src/com/netscape/cms/policy/constraints/KeyAlgorithmConstraints.java
+++ b/pki/base/common/src/com/netscape/cms/policy/constraints/KeyAlgorithmConstraints.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.policy.constraints;
 
-
 import java.util.Enumeration;
 import java.util.Locale;
 import java.util.StringTokenizer;
@@ -37,43 +36,43 @@ import com.netscape.certsrv.request.IRequest;
 import com.netscape.certsrv.request.PolicyResult;
 import com.netscape.cms.policy.APolicyRule;
 
-
 /**
- * KeyAlgorithmConstraints enforces a constraint that the RA or a CA
- * honor only the keys generated using one of the permitted algorithms
- * such as RSA, DSA or DH.
+ * KeyAlgorithmConstraints enforces a constraint that the RA or a CA honor only
+ * the keys generated using one of the permitted algorithms such as RSA, DSA or
+ * DH.
  * <P>
+ * 
  * <PRE>
  * NOTE:  The Policy Framework has been replaced by the Profile Framework.
  * </PRE>
  * <P>
- *
+ * 
  * @deprecated
  * @version $Revision$, $Date$
  */
 public class KeyAlgorithmConstraints extends APolicyRule
-    implements IEnrollmentPolicy, IExtendedPluginInfo {
+        implements IEnrollmentPolicy, IExtendedPluginInfo {
     private Vector mAlgorithms;
     private final static String DEF_KEY_ALGORITHM = "RSA,DSA";
     private final static String PROP_ALGORITHMS = "algorithms";
     private final static String[] supportedAlgorithms =
-        {"RSA", "DSA", "DH" };
+        { "RSA", "DSA", "DH" };
 
     private final static Vector defConfParams = new Vector();
 
     static {
-        defConfParams.addElement(PROP_ALGORITHMS + "=" + 
-            DEF_KEY_ALGORITHM);
+        defConfParams.addElement(PROP_ALGORITHMS + "=" +
+                DEF_KEY_ALGORITHM);
     }
 
     public String[] getExtendedPluginInfo(Locale locale) {
         String params[] = {
                 "algorithms;choice(RSA\\,DSA,RSA,DSA);Certificate's key can be one of these algorithms",
                 IExtendedPluginInfo.HELP_TOKEN +
-                ";configuration-policyrules-keyalgorithmconstraints",
+                        ";configuration-policyrules-keyalgorithmconstraints",
                 IExtendedPluginInfo.HELP_TEXT +
-                ";Rejects the request if the key in the certificate is " +
-                "not of the type specified"
+                        ";Rejects the request if the key in the certificate is " +
+                        "not of the type specified"
             };
 
         return params;
@@ -87,17 +86,17 @@ public class KeyAlgorithmConstraints extends APolicyRule
     /**
      * Initializes this policy rule.
      * <P>
-     *
+     * 
      * The entries probably are of the form
-     *      ra.Policy.rule.<ruleName>.implName=KeyAlgorithmConstraints
-     *      ra.Policy.rule.<ruleName>.algorithms=RSA,DSA
-     *      ra.Policy.rule.<ruleName>.enable=true
-     *      ra.Policy.rule.<ruleName>.predicate=ou==Sales
-     *
-     * @param config	The config store reference
+     * ra.Policy.rule.<ruleName>.implName=KeyAlgorithmConstraints
+     * ra.Policy.rule.<ruleName>.algorithms=RSA,DSA
+     * ra.Policy.rule.<ruleName>.enable=true
+     * ra.Policy.rule.<ruleName>.predicate=ou==Sales
+     * 
+     * @param config The config store reference
      */
     public void init(ISubsystem owner, IConfigStore config)
-        throws EPolicyException {
+            throws EPolicyException {
 
         mAlgorithms = new Vector();
 
@@ -112,7 +111,7 @@ public class KeyAlgorithmConstraints extends APolicyRule
         try {
             algNames = config.getString(PROP_ALGORITHMS, null);
         } catch (Exception e) {
-            String[] params = {getInstanceName(), e.toString()};
+            String[] params = { getInstanceName(), e.toString() };
 
             throw new EPolicyException(
                     CMS.getUserMessage("CMS_POLICY_INVALID_POLICY_CONFIG", params));
@@ -133,11 +132,10 @@ public class KeyAlgorithmConstraints extends APolicyRule
         }
 
         // Check if configured algorithms are supported.
-        for (Enumeration e = mAlgorithms.elements();
-            e.hasMoreElements();) {
+        for (Enumeration e = mAlgorithms.elements(); e.hasMoreElements();) {
             int i;
             String configuredAlg = (String) e.nextElement();
-				
+
             // See if it is a supported algorithm.
             for (i = 0; i < supportedAlgorithms.length; i++) {
                 if (configuredAlg.equals(supportedAlgorithms[i]))
@@ -148,15 +146,15 @@ public class KeyAlgorithmConstraints extends APolicyRule
             if (i == supportedAlgorithms.length)
                 throw new EPolicyException(
                         CMS.getUserMessage("CMS_POLICY_UNSUPPORTED_KEY_ALG",
-                            getInstanceName(), configuredAlg));
+                                getInstanceName(), configuredAlg));
         }
     }
 
     /**
      * Applies the policy on the given Request.
      * <P>
-     *
-     * @param req	The request on which to apply policy.
+     * 
+     * @param req The request on which to apply policy.
      * @return The policy result object.
      */
     public PolicyResult apply(IRequest req) {
@@ -166,7 +164,7 @@ public class KeyAlgorithmConstraints extends APolicyRule
         try {
             // Get the certificate info from the request
             // X509CertInfo certInfo[] = (X509CertInfo[])
-            //    req.get(IRequest.CERT_INFO);
+            // req.get(IRequest.CERT_INFO);
             X509CertInfo certInfo[] = req.getExtDataInCertInfoArray(IRequest.CERT_INFO);
 
             // We need to have a certificate info set
@@ -179,18 +177,18 @@ public class KeyAlgorithmConstraints extends APolicyRule
             // Else check if the key algorithm is supported.
             for (int i = 0; i < certInfo.length; i++) {
                 CertificateX509Key certKey = (CertificateX509Key)
-                    certInfo[i].get(X509CertInfo.KEY);
+                        certInfo[i].get(X509CertInfo.KEY);
                 X509Key key = (X509Key) certKey.get(CertificateX509Key.KEY);
                 String alg = key.getAlgorithmId().getName().toUpperCase();
 
                 if (!mAlgorithms.contains(alg)) {
-                    setError(req, CMS.getUserMessage("CMS_POLICY_KEY_ALG_VIOLATION", 
+                    setError(req, CMS.getUserMessage("CMS_POLICY_KEY_ALG_VIOLATION",
                             getInstanceName(), alg), "");
                     result = PolicyResult.REJECTED;
                 }
             }
         } catch (Exception e) {
-            String params[] = {getInstanceName(), e.toString()};
+            String params[] = { getInstanceName(), e.toString() };
 
             setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR",
                     params), "");
@@ -201,10 +199,10 @@ public class KeyAlgorithmConstraints extends APolicyRule
 
     /**
      * Return configured parameters for a policy rule instance.
-     *
+     * 
      * @return nvPairs A Vector of name/value pairs.
      */
-    public Vector getInstanceParams() { 
+    public Vector getInstanceParams() {
         Vector v = new Vector();
         StringBuffer sb = new StringBuffer();
 
@@ -217,14 +215,13 @@ public class KeyAlgorithmConstraints extends APolicyRule
         v.addElement(PROP_ALGORITHMS + "=" + sb.toString());
         return v;
     }
-		
+
     /**
      * Return default parameters for a policy implementation.
-     *
+     * 
      * @return nvPairs A Vector of name/value pairs.
      */
     public Vector getDefaultParams() {
         return defConfParams;
     }
 }
-
diff --git a/pki/base/common/src/com/netscape/cms/policy/constraints/ManualAuthentication.java b/pki/base/common/src/com/netscape/cms/policy/constraints/ManualAuthentication.java
index a2bf9437..8526c77b 100644
--- a/pki/base/common/src/com/netscape/cms/policy/constraints/ManualAuthentication.java
+++ b/pki/base/common/src/com/netscape/cms/policy/constraints/ManualAuthentication.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.policy.constraints;
 
-
 import java.util.Vector;
 
 import com.netscape.certsrv.authentication.IAuthToken;
@@ -29,23 +28,22 @@ import com.netscape.certsrv.request.IRequest;
 import com.netscape.certsrv.request.PolicyResult;
 import com.netscape.cms.policy.APolicyRule;
 
-
 /**
- * ManualAuthentication is an enrollment policy that queues
- * all requests for issuing agent's approval if no authentication
- * is present. The policy rejects a request if any of the auth tokens
- * indicates authentication failure.
+ * ManualAuthentication is an enrollment policy that queues all requests for
+ * issuing agent's approval if no authentication is present. The policy rejects
+ * a request if any of the auth tokens indicates authentication failure.
  * <P>
+ * 
  * <PRE>
  * NOTE:  The Policy Framework has been replaced by the Profile Framework.
  * </PRE>
  * <P>
- *
+ * 
  * @deprecated
  * @version $Revision$, $Date$
  */
 public class ManualAuthentication extends APolicyRule
-    implements IEnrollmentPolicy {
+        implements IEnrollmentPolicy {
     public ManualAuthentication() {
         NAME = "ManualAuthentication";
         DESC = "Manual Authentication Policy";
@@ -54,30 +52,31 @@ public class ManualAuthentication extends APolicyRule
     /**
      * Initializes this policy rule.
      * <P>
-     *
+     * 
      * The entries may be of the form:
-     *
-     *      ra.Policy.rule.<ruleName>.implName=ManualAuthentication
-     *      ra.Policy.rule.<ruleName>.enable=true
-     *      ra.Policy.rule.<ruleName>.predicate= ou == engineering AND o == netscape.com
-     *
-     * @param config	The config store reference
+     * 
+     * ra.Policy.rule.<ruleName>.implName=ManualAuthentication
+     * ra.Policy.rule.<ruleName>.enable=true
+     * ra.Policy.rule.<ruleName>.predicate= ou == engineering AND o ==
+     * netscape.com
+     * 
+     * @param config The config store reference
      */
     public void init(ISubsystem owner, IConfigStore config)
-        throws EPolicyException {
+            throws EPolicyException {
     }
 
     /**
      * Applies the policy on the given Request.
      * <P>
-     *
-     * @param req	The request on which to apply policy.
+     * 
+     * @param req The request on which to apply policy.
      * @return The policy result object.
      */
     public PolicyResult apply(IRequest req) {
         IAuthToken authToken = req.getExtDataInAuthToken(IRequest.AUTH_TOKEN);
 
-        if (authToken == null) 
+        if (authToken == null)
             return deferred(req);
 
         return PolicyResult.ACCEPTED;
@@ -85,7 +84,7 @@ public class ManualAuthentication extends APolicyRule
 
     /**
      * Return configured parameters for a policy rule instance.
-     *
+     * 
      * @return nvPairs A Vector of name/value pairs.
      */
     public Vector getInstanceParams() {
@@ -94,11 +93,10 @@ public class ManualAuthentication extends APolicyRule
 
     /**
      * Return default parameters for a policy implementation.
-     *
+     * 
      * @return nvPairs A Vector of name/value pairs.
      */
     public Vector getDefaultParams() {
         return null;
     }
 }
-
diff --git a/pki/base/common/src/com/netscape/cms/policy/constraints/RSAKeyConstraints.java b/pki/base/common/src/com/netscape/cms/policy/constraints/RSAKeyConstraints.java
index 7f7537bf..ccfa3ec0 100644
--- a/pki/base/common/src/com/netscape/cms/policy/constraints/RSAKeyConstraints.java
+++ b/pki/base/common/src/com/netscape/cms/policy/constraints/RSAKeyConstraints.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.policy.constraints;
 
-
 import java.util.Enumeration;
 import java.util.Locale;
 import java.util.StringTokenizer;
@@ -41,21 +40,21 @@ import com.netscape.certsrv.request.IRequest;
 import com.netscape.certsrv.request.PolicyResult;
 import com.netscape.cms.policy.APolicyRule;
 
-
 /**
- * RSAKeyConstraints policy enforces min and max size of the key.
- * Optionally checks the exponents.
+ * RSAKeyConstraints policy enforces min and max size of the key. Optionally
+ * checks the exponents.
  * <P>
+ * 
  * <PRE>
  * NOTE:  The Policy Framework has been replaced by the Profile Framework.
  * </PRE>
  * <P>
- *
+ * 
  * @deprecated
  * @version $Revision$, $Date$
  */
 public class RSAKeyConstraints extends APolicyRule
-    implements IEnrollmentPolicy, IExtendedPluginInfo {
+        implements IEnrollmentPolicy, IExtendedPluginInfo {
     private Vector mExponents;
     private int mMinSize;
     private int mMaxSize;
@@ -81,10 +80,10 @@ public class RSAKeyConstraints extends APolicyRule
                 PROP_MAX_SIZE + ";number;Maximum size of user's RSA key (bits)",
                 PROP_EXPONENTS + ";string;Comma-separated list of permissible exponents",
                 IExtendedPluginInfo.HELP_TOKEN +
-                ";configuration-policyrules-rsakeyconstraints",
+                        ";configuration-policyrules-rsakeyconstraints",
                 IExtendedPluginInfo.HELP_TEXT +
-                ";Reject request if RSA key length is not within the " +
-                "specified constraints"
+                        ";Reject request if RSA key length is not within the " +
+                        "specified constraints"
             };
 
         return params;
@@ -98,38 +97,38 @@ public class RSAKeyConstraints extends APolicyRule
     /**
      * Initializes this policy rule.
      * <P>
-     *
+     * 
      * The entries probably are of the form:
-     *
-     *      ra.Policy.rule.<ruleName>.implName=RSAKeyConstraints
-     *      ra.Policy.rule.<ruleName>.enable=true
-     *      ra.Policy.rule.<ruleName>.minSize=512
-     *      ra.Policy.rule.<ruleName>.maxSize=2048
-     *      ra.Policy.rule.<ruleName>.predicate=ou==Marketing
-     *
-     * @param config	The config store reference
+     * 
+     * ra.Policy.rule.<ruleName>.implName=RSAKeyConstraints
+     * ra.Policy.rule.<ruleName>.enable=true
+     * ra.Policy.rule.<ruleName>.minSize=512
+     * ra.Policy.rule.<ruleName>.maxSize=2048
+     * ra.Policy.rule.<ruleName>.predicate=ou==Marketing
+     * 
+     * @param config The config store reference
      */
     public void init(ISubsystem owner, IConfigStore config)
-        throws EBaseException {
+            throws EBaseException {
 
         if (config == null || config.size() == 0)
             throw new EPolicyException(
                     CMS.getUserMessage("CMS_POLICY_MISSING_POLICY_CONFIG",
-                        getInstanceName()));
+                            getInstanceName()));
         String exponents = null;
 
         // Get Min and Max sizes
         mMinSize = config.getInteger(PROP_MIN_SIZE, DEF_MIN_SIZE);
         mMaxSize = config.getInteger(PROP_MAX_SIZE, DEF_MAX_SIZE);
 
-        if (mMinSize <= 0) 
+        if (mMinSize <= 0)
             throw new EBaseException(
                     CMS.getUserMessage("CMS_BASE_MUST_BE_POSITIVE_NUMBER", PROP_MIN_SIZE));
-        if (mMaxSize <= 0) 
+        if (mMaxSize <= 0)
             throw new EBaseException(
                     CMS.getUserMessage("CMS_BASE_MUST_BE_POSITIVE_NUMBER", PROP_MAX_SIZE));
 
-        if (mMinSize > mMaxSize) 
+        if (mMinSize > mMaxSize)
             throw new EBaseException(
                     CMS.getUserMessage("CMS_BASE_A_GREATER_THAN_EQUAL_B", PROP_MIN_SIZE, PROP_MAX_SIZE));
 
@@ -149,8 +148,8 @@ public class RSAKeyConstraints extends APolicyRule
                 }
             } catch (Exception e) {
                 // e.printStackTrace();
-                String[] params = {getInstanceName(), exponents, 
-                        PROP_EXPONENTS};
+                String[] params = { getInstanceName(), exponents,
+                        PROP_EXPONENTS };
 
                 throw new EPolicyException(
                         CMS.getUserMessage("CMS_POLICY_INVALID_CONFIG_PARAM", params));
@@ -161,8 +160,8 @@ public class RSAKeyConstraints extends APolicyRule
     /**
      * Applies the policy on the given Request.
      * <P>
-     *
-     * @param req	The request on which to apply policy.
+     * 
+     * @param req The request on which to apply policy.
      * @return The policy result object.
      */
     public PolicyResult apply(IRequest req) {
@@ -172,11 +171,11 @@ public class RSAKeyConstraints extends APolicyRule
         try {
             // Get the certificate info from the request
             X509CertInfo certInfo[] =
-                req.getExtDataInCertInfoArray(IRequest.CERT_INFO);
+                    req.getExtDataInCertInfoArray(IRequest.CERT_INFO);
 
             // There should be a certificate info set.
             if (certInfo == null) {
-                setError(req, CMS.getUserMessage("CMS_POLICY_NO_CERT_INFO", 
+                setError(req, CMS.getUserMessage("CMS_POLICY_NO_CERT_INFO",
                         getInstanceName()), "");
                 return PolicyResult.REJECTED;
             }
@@ -184,7 +183,7 @@ public class RSAKeyConstraints extends APolicyRule
             // Else check if the key size(s) are within the limit.
             for (int i = 0; i < certInfo.length; i++) {
                 CertificateX509Key certKey = (CertificateX509Key)
-                    certInfo[i].get(X509CertInfo.KEY);
+                        certInfo[i].get(X509CertInfo.KEY);
                 X509Key key = (X509Key) certKey.get(CertificateX509Key.KEY);
                 String alg = key.getAlgorithmId().toString();
 
@@ -196,22 +195,22 @@ public class RSAKeyConstraints extends APolicyRule
                     newkey = new X509Key(AlgorithmId.get("RSA"),
                                 key.getKey());
                 } catch (Exception e) {
-                    CMS.debug( "RSAKeyConstraints::apply() - "
-                             + "Exception="+e.toString() );
-                    setError( req,
-                              CMS.getUserMessage( "CMS_POLICY_KEY_SIZE_VIOLATION", 
-                                                  getInstanceName() ),
-                              "" );
+                    CMS.debug("RSAKeyConstraints::apply() - "
+                             + "Exception=" + e.toString());
+                    setError(req,
+                              CMS.getUserMessage("CMS_POLICY_KEY_SIZE_VIOLATION",
+                                                  getInstanceName()),
+                              "");
                     return PolicyResult.REJECTED;
                 }
                 RSAPublicKey rsaKey = new RSAPublicKey(newkey.getEncoded());
                 int keySize = rsaKey.getKeySize();
 
                 if (keySize < mMinSize || keySize > mMaxSize) {
-                    String[] params = {getInstanceName(), 
-                            String.valueOf(keySize), 
+                    String[] params = { getInstanceName(),
+                            String.valueOf(keySize),
                             String.valueOf(mMinSize),
-                            String.valueOf(mMaxSize)};
+                            String.valueOf(mMaxSize) };
 
                     setError(req, CMS.getUserMessage("CMS_POLICY_KEY_SIZE_VIOLATION",
                             params), "");
@@ -226,15 +225,14 @@ public class RSAKeyConstraints extends APolicyRule
                     if (!mExponents.contains(exp)) {
                         StringBuffer sb = new StringBuffer();
 
-                        for (Enumeration e = mExponents.elements(); 
-                            e.hasMoreElements();) {
+                        for (Enumeration e = mExponents.elements(); e.hasMoreElements();) {
                             BigInt bi = (BigInt) e.nextElement();
 
                             sb.append(bi.toBigInteger().toString());
                             sb.append(" ");
                         }
-                        String[] params = {getInstanceName(), 
-                                exp.toBigInteger().toString(), new String(sb)};
+                        String[] params = { getInstanceName(),
+                                exp.toBigInteger().toString(), new String(sb) };
 
                         setError(req, CMS.getUserMessage("CMS_POLICY_EXPONENT_VIOLATION", params), "");
                         result = PolicyResult.REJECTED;
@@ -243,7 +241,7 @@ public class RSAKeyConstraints extends APolicyRule
             }
         } catch (Exception e) {
             // e.printStackTrace();
-            String params[] = {getInstanceName(), e.toString()};
+            String params[] = { getInstanceName(), e.toString() };
 
             setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR", params), "");
             result = PolicyResult.REJECTED;
@@ -253,10 +251,10 @@ public class RSAKeyConstraints extends APolicyRule
 
     /**
      * Return configured parameters for a policy rule instance.
-     *
+     * 
      * @return nvPairs A Vector of name/value pairs.
      */
-    public Vector getInstanceParams() { 
+    public Vector getInstanceParams() {
         Vector confParams = new Vector();
 
         confParams.addElement(PROP_MIN_SIZE + "=" + mMinSize);
@@ -275,11 +273,10 @@ public class RSAKeyConstraints extends APolicyRule
 
     /**
      * Return default parameters for a policy implementation.
-     *
+     * 
      * @return nvPairs A Vector of name/value pairs.
      */
     public Vector getDefaultParams() {
         return defConfParams;
     }
 }
-
diff --git a/pki/base/common/src/com/netscape/cms/policy/constraints/RenewalConstraints.java b/pki/base/common/src/com/netscape/cms/policy/constraints/RenewalConstraints.java
index 08e479b8..763c7713 100644
--- a/pki/base/common/src/com/netscape/cms/policy/constraints/RenewalConstraints.java
+++ b/pki/base/common/src/com/netscape/cms/policy/constraints/RenewalConstraints.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.policy.constraints;
 
-
 import java.util.Date;
 import java.util.Locale;
 import java.util.Vector;
@@ -37,21 +36,22 @@ import com.netscape.certsrv.request.IRequest;
 import com.netscape.certsrv.request.PolicyResult;
 import com.netscape.cms.policy.APolicyRule;
 
-
 /**
  * Whether to allow renewal of an expired cert.
+ * 
  * @version $Revision$, $Date$
- * <P>
- * <PRE>
+ *          <P>
+ * 
+ *          <PRE>
  * NOTE:  The Policy Framework has been replaced by the Profile Framework.
  * </PRE>
- * <P>
- *
+ *          <P>
+ * 
  * @deprecated
  * @version $Revision$, $Date$
  */
 public class RenewalConstraints extends APolicyRule
-    implements IRenewalPolicy, IExtendedPluginInfo {
+        implements IRenewalPolicy, IExtendedPluginInfo {
 
     private static final String PROP_ALLOW_EXPIRED_CERTS = "allowExpiredCerts";
     private static final String PROP_RENEWAL_NOT_AFTER = "renewalNotAfter";
@@ -66,7 +66,7 @@ public class RenewalConstraints extends APolicyRule
     static {
         defConfParams.addElement(PROP_ALLOW_EXPIRED_CERTS + "=" + true);
         defConfParams.addElement(PROP_RENEWAL_NOT_AFTER + "=" +
-            DEF_RENEWAL_NOT_AFTER);
+                DEF_RENEWAL_NOT_AFTER);
     }
 
     public RenewalConstraints() {
@@ -79,10 +79,10 @@ public class RenewalConstraints extends APolicyRule
                 PROP_ALLOW_EXPIRED_CERTS + ";boolean;Allow a user to renew an already-expired certificate",
                 PROP_RENEWAL_NOT_AFTER + ";number;Number of days since certificate expiry after which renewal request would be rejected",
                 IExtendedPluginInfo.HELP_TOKEN +
-                ";configuration-policyrules-renewalconstraints",
+                        ";configuration-policyrules-renewalconstraints",
                 IExtendedPluginInfo.HELP_TEXT +
-                ";Permit administrator to decide policy on whether to " +
-                "permit renewals for already-expired certificates"
+                        ";Permit administrator to decide policy on whether to " +
+                        "permit renewals for already-expired certificates"
             };
 
         return params;
@@ -92,24 +92,24 @@ public class RenewalConstraints extends APolicyRule
     /**
      * Initializes this policy rule.
      * <P>
-     *
+     * 
      * The entries probably are of the form:
-     *
-     *      ra.Policy.rule.<ruleName>.implName=ValidityConstraints
-     *      ra.Policy.rule.<ruleName>.enable=true
-     *      ra.Policy.rule.<ruleName>.allowExpiredCerts=true
-     *
-     * @param config	The config store reference
+     * 
+     * ra.Policy.rule.<ruleName>.implName=ValidityConstraints
+     * ra.Policy.rule.<ruleName>.enable=true
+     * ra.Policy.rule.<ruleName>.allowExpiredCerts=true
+     * 
+     * @param config The config store reference
      */
     public void init(ISubsystem owner, IConfigStore config)
-        throws EPolicyException {
+            throws EPolicyException {
         // Get min and max validity in days and configure them.
         try {
-            mAllowExpiredCerts = 
+            mAllowExpiredCerts =
                     config.getBoolean(PROP_ALLOW_EXPIRED_CERTS, true);
             String val = config.getString(PROP_RENEWAL_NOT_AFTER, null);
 
-            if (val == null) 
+            if (val == null)
                 mRenewalNotAfter = DEF_RENEWAL_NOT_AFTER * DAYS_TO_MS_FACTOR;
             else {
                 mRenewalNotAfter = Long.parseLong(val) * DAYS_TO_MS_FACTOR;
@@ -125,8 +125,8 @@ public class RenewalConstraints extends APolicyRule
     /**
      * Applies the policy on the given Request.
      * <P>
-     *
-     * @param req	The request on which to apply policy.
+     * 
+     * @param req The request on which to apply policy.
      * @return The policy result object.
      */
     public PolicyResult apply(IRequest req) {
@@ -135,25 +135,26 @@ public class RenewalConstraints extends APolicyRule
         try {
             // Get the certificates being renwed.
             X509CertImpl[] oldCerts =
-                req.getExtDataInCertArray(IRequest.OLD_CERTS);
+                    req.getExtDataInCertArray(IRequest.OLD_CERTS);
 
             if (oldCerts == null) {
                 setError(req, CMS.getUserMessage("CMS_POLICY_NO_OLD_CERT",
                         getInstanceName()), "");
                 return PolicyResult.REJECTED;
             }
-			
+
             if (mAllowExpiredCerts) {
                 CMS.debug("checking validity of each cert");
-                // check if each cert to be renewed is expired for more than 		    // allowed days.
+                // check if each cert to be renewed is expired for more than //
+                // allowed days.
                 for (int i = 0; i < oldCerts.length; i++) {
                     X509CertInfo oldCertInfo = (X509CertInfo)
-                        oldCerts[i].get(X509CertImpl.NAME + "." +
-                            X509CertImpl.INFO);
-                    CertificateValidity  oldValidity = (CertificateValidity)
-                        oldCertInfo.get(X509CertInfo.VALIDITY);
+                            oldCerts[i].get(X509CertImpl.NAME + "." +
+                                    X509CertImpl.INFO);
+                    CertificateValidity oldValidity = (CertificateValidity)
+                            oldCertInfo.get(X509CertInfo.VALIDITY);
                     Date notAfter = (Date)
-                        oldValidity.get(CertificateValidity.NOT_AFTER);
+                            oldValidity.get(CertificateValidity.NOT_AFTER);
 
                     // Is the Certificate eligible for renewal ?
 
@@ -166,12 +167,12 @@ public class RenewalConstraints extends APolicyRule
 
                     if (renewedNotAfter.before(now)) {
                         CMS.debug(
-                            "One or more certificates is expired for more than " + (mRenewalNotAfter / DAYS_TO_MS_FACTOR) + " days");
+                                "One or more certificates is expired for more than " + (mRenewalNotAfter / DAYS_TO_MS_FACTOR) + " days");
                         String params[] = { getInstanceName(), Long.toString(mRenewalNotAfter / DAYS_TO_MS_FACTOR) };
 
-                        setError(req, 
-                            CMS.getUserMessage("CMS_POLICY_CANNOT_RENEW_EXPIRED_CERTS_AFTER_ALLOWED_PERIOD",
-                                params), "");
+                        setError(req,
+                                CMS.getUserMessage("CMS_POLICY_CANNOT_RENEW_EXPIRED_CERTS_AFTER_ALLOWED_PERIOD",
+                                        params), "");
                         return PolicyResult.REJECTED;
                     }
                 }
@@ -182,12 +183,12 @@ public class RenewalConstraints extends APolicyRule
             // check if each cert to be renewed is expired.
             for (int i = 0; i < oldCerts.length; i++) {
                 X509CertInfo oldCertInfo = (X509CertInfo)
-                    oldCerts[i].get(
-                        X509CertImpl.NAME + "." + X509CertImpl.INFO);
-                CertificateValidity  oldValidity = (CertificateValidity)
-                    oldCertInfo.get(X509CertInfo.VALIDITY);
+                        oldCerts[i].get(
+                                X509CertImpl.NAME + "." + X509CertImpl.INFO);
+                CertificateValidity oldValidity = (CertificateValidity)
+                        oldCertInfo.get(X509CertInfo.VALIDITY);
                 Date notAfter = (Date)
-                    oldValidity.get(CertificateValidity.NOT_AFTER);
+                        oldValidity.get(CertificateValidity.NOT_AFTER);
 
                 // Is the Certificate still valid?
                 Date now = CMS.getCurrentDate();
@@ -195,19 +196,19 @@ public class RenewalConstraints extends APolicyRule
                 CMS.debug("RenewalConstraints: cert " + i + " notAfter " + notAfter + " now=" + now);
                 if (notAfter.before(now)) {
                     CMS.debug(
-                        "RenewalConstraints: One or more certificates is expired.");
+                            "RenewalConstraints: One or more certificates is expired.");
                     String params[] = { getInstanceName() };
 
-                    setError(req, 
-                        CMS.getUserMessage("CMS_POLICY_CANNOT_RENEW_EXPIRED_CERTS",
-                            params), "");
+                    setError(req,
+                            CMS.getUserMessage("CMS_POLICY_CANNOT_RENEW_EXPIRED_CERTS",
+                                    params), "");
                     result = PolicyResult.REJECTED;
                     break;
                 }
             }
 
         } catch (Exception e) {
-            String params[] = {getInstanceName(), e.toString()};
+            String params[] = { getInstanceName(), e.toString() };
 
             setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR", params), "");
             result = PolicyResult.REJECTED;
@@ -217,22 +218,22 @@ public class RenewalConstraints extends APolicyRule
 
     /**
      * Return configured parameters for a policy rule instance.
-     *
+     * 
      * @return nvPairs A Vector of name/value pairs.
      */
     public Vector getInstanceParams() {
         Vector confParams = new Vector();
 
         confParams.addElement(
-            PROP_ALLOW_EXPIRED_CERTS + "=" + mAllowExpiredCerts);
+                PROP_ALLOW_EXPIRED_CERTS + "=" + mAllowExpiredCerts);
         confParams.addElement(PROP_RENEWAL_NOT_AFTER + "=" +
-            mRenewalNotAfter / DAYS_TO_MS_FACTOR);
+                mRenewalNotAfter / DAYS_TO_MS_FACTOR);
         return confParams;
     }
 
     /**
      * Return default parameters for a policy implementation.
-     *
+     * 
      * @return nvPairs A Vector of name/value pairs.
      */
     public Vector getDefaultParams() {
diff --git a/pki/base/common/src/com/netscape/cms/policy/constraints/RenewalValidityConstraints.java b/pki/base/common/src/com/netscape/cms/policy/constraints/RenewalValidityConstraints.java
index 3d98f3c2..b4131ea9 100644
--- a/pki/base/common/src/com/netscape/cms/policy/constraints/RenewalValidityConstraints.java
+++ b/pki/base/common/src/com/netscape/cms/policy/constraints/RenewalValidityConstraints.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.policy.constraints;
 
-
 import java.util.Date;
 import java.util.Locale;
 import java.util.Vector;
@@ -36,30 +35,29 @@ import com.netscape.certsrv.request.IRequest;
 import com.netscape.certsrv.request.PolicyResult;
 import com.netscape.cms.policy.APolicyRule;
 
-
 /**
- * RenewalValidityConstraints is a default rule for Certificate
- * Renewal. This policy enforces the no of days before which a
- * currently active certificate can be renewed and sets new validity
- * period for the renewed certificate starting from the the ending
- * period in the old certificate.
- *
+ * RenewalValidityConstraints is a default rule for Certificate Renewal. This
+ * policy enforces the no of days before which a currently active certificate
+ * can be renewed and sets new validity period for the renewed certificate
+ * starting from the the ending period in the old certificate.
+ * 
  * The main parameters are:
- *
- *  The renewal leadtime in days: - i.e how many days before the
- *      expiry of the current certificate can one request the renewal.
- *      min and max validity duration.
+ * 
+ * The renewal leadtime in days: - i.e how many days before the expiry of the
+ * current certificate can one request the renewal. min and max validity
+ * duration.
  * <P>
+ * 
  * <PRE>
  * NOTE:  The Policy Framework has been replaced by the Profile Framework.
  * </PRE>
  * <P>
- *
+ * 
  * @deprecated
  * @version $Revision$, $Date$
  */
 public class RenewalValidityConstraints extends APolicyRule
-    implements IRenewalPolicy, IExtendedPluginInfo {
+        implements IRenewalPolicy, IExtendedPluginInfo {
     private long mMinValidity;
     private long mMaxValidity;
     private long mRenewalInterval;
@@ -78,11 +76,11 @@ public class RenewalValidityConstraints extends APolicyRule
 
     static {
         defConfParams.addElement(PROP_MIN_VALIDITY + "=" +
-            DEF_MIN_VALIDITY);
+                DEF_MIN_VALIDITY);
         defConfParams.addElement(PROP_MAX_VALIDITY + "=" +
-            DEF_MAX_VALIDITY);
+                DEF_MAX_VALIDITY);
         defConfParams.addElement(PROP_RENEWAL_INTERVAL + "=" +
-            DEF_RENEWAL_INTERVAL);
+                DEF_RENEWAL_INTERVAL);
     }
 
     public String[] getExtendedPluginInfo(Locale locale) {
@@ -91,10 +89,10 @@ public class RenewalValidityConstraints extends APolicyRule
                 PROP_MAX_VALIDITY + ";number;Specifies the maximum validity period, in days, for renewed certificates.",
                 PROP_RENEWAL_INTERVAL + ";number;Specifies how many days before its expiration that a certificate can be renewed.",
                 IExtendedPluginInfo.HELP_TOKEN +
-                ";configuration-policyrules-renewalvalidityconstraints",
+                        ";configuration-policyrules-renewalvalidityconstraints",
                 IExtendedPluginInfo.HELP_TEXT +
-                ";Reject renewal request if the certificate is too far " +
-                "before it's expiry date"
+                        ";Reject renewal request if the certificate is too far " +
+                        "before it's expiry date"
             };
 
         return params;
@@ -109,20 +107,20 @@ public class RenewalValidityConstraints extends APolicyRule
     /**
      * Initializes this policy rule.
      * <P>
-     *
+     * 
      * The entries probably are of the form:
-     *
-     *      ra.Policy.rule.<ruleName>.implName=ValidityConstraints
-     *      ra.Policy.rule.<ruleName>.enable=true
-     *      ra.Policy.rule.<ruleName>.minValidity=30
-     *      ra.Policy.rule.<ruleName>.maxValidity=180
-     *      ra.Policy.rule.<ruleName>.renewalInterval=15
-     *      ra.Policy.rule.<ruleName>.predicate=ou==Sales
-     *
-     * @param config	The config store reference
+     * 
+     * ra.Policy.rule.<ruleName>.implName=ValidityConstraints
+     * ra.Policy.rule.<ruleName>.enable=true
+     * ra.Policy.rule.<ruleName>.minValidity=30
+     * ra.Policy.rule.<ruleName>.maxValidity=180
+     * ra.Policy.rule.<ruleName>.renewalInterval=15
+     * ra.Policy.rule.<ruleName>.predicate=ou==Sales
+     * 
+     * @param config The config store reference
      */
     public void init(ISubsystem owner, IConfigStore config)
-        throws EPolicyException {
+            throws EPolicyException {
 
         // Get min and max validity in days and onfigure them.
         try {
@@ -148,7 +146,7 @@ public class RenewalValidityConstraints extends APolicyRule
 
             // minValidity can't be bigger than maxValidity.
             if (mMinValidity > mMaxValidity) {
-                String params[] = {getInstanceName(),
+                String params[] = { getInstanceName(),
                         String.valueOf(mMinValidity / DAYS_TO_MS_FACTOR),
                         String.valueOf(mMaxValidity / DAYS_TO_MS_FACTOR) };
 
@@ -158,7 +156,7 @@ public class RenewalValidityConstraints extends APolicyRule
 
             // Renewal interval can't be more than maxValidity.
             if (mRenewalInterval > mMaxValidity) {
-                String params[] = {getInstanceName(),
+                String params[] = { getInstanceName(),
                         String.valueOf(mRenewalInterval / DAYS_TO_MS_FACTOR),
                         String.valueOf(mMaxValidity / DAYS_TO_MS_FACTOR) };
 
@@ -167,7 +165,7 @@ public class RenewalValidityConstraints extends APolicyRule
             }
         } catch (Exception e) {
             // e.printStackTrace();
-            String[] params = {getInstanceName(), e.toString()};
+            String[] params = { getInstanceName(), e.toString() };
 
             throw new EPolicyException(
                     CMS.getUserMessage("CMS_POLICY_INVALID_POLICY_CONFIG", params));
@@ -177,8 +175,8 @@ public class RenewalValidityConstraints extends APolicyRule
     /**
      * Applies the policy on the given Request.
      * <P>
-     *
-     * @param req	The request on which to apply policy.
+     * 
+     * @param req The request on which to apply policy.
      * @return The policy result object.
      */
     public PolicyResult apply(IRequest req) {
@@ -191,15 +189,15 @@ public class RenewalValidityConstraints extends APolicyRule
         try {
             // Get the certificate info from the request
             X509CertInfo certInfo[] =
-                req.getExtDataInCertInfoArray(IRequest.CERT_INFO);
+                    req.getExtDataInCertInfoArray(IRequest.CERT_INFO);
 
             // Get the certificates being renwed.
             X509CertImpl currentCerts[] =
-                req.getExtDataInCertArray(IRequest.OLD_CERTS);
+                    req.getExtDataInCertArray(IRequest.OLD_CERTS);
 
             // Both certificate info and current certs should be set
             if (certInfo == null) {
-                setError(req, CMS.getUserMessage("CMS_POLICY_NO_CERT_INFO", 
+                setError(req, CMS.getUserMessage("CMS_POLICY_NO_CERT_INFO",
                         getInstanceName()), "");
                 return PolicyResult.REJECTED;
             }
@@ -218,12 +216,12 @@ public class RenewalValidityConstraints extends APolicyRule
             // set the validity.
             for (int i = 0; i < certInfo.length; i++) {
                 X509CertInfo oldCertInfo = (X509CertInfo)
-                    currentCerts[i].get(X509CertImpl.NAME +
-                        "." + X509CertImpl.INFO);
-                CertificateValidity  oldValidity = (CertificateValidity)
-                    oldCertInfo.get(X509CertInfo.VALIDITY);
+                        currentCerts[i].get(X509CertImpl.NAME +
+                                "." + X509CertImpl.INFO);
+                CertificateValidity oldValidity = (CertificateValidity)
+                        oldCertInfo.get(X509CertInfo.VALIDITY);
                 Date notAfter = (Date)
-                    oldValidity.get(CertificateValidity.NOT_AFTER);
+                        oldValidity.get(CertificateValidity.NOT_AFTER);
 
                 // Is the Certificate still valid?
                 Date now = CMS.getCurrentDate();
@@ -233,14 +231,14 @@ public class RenewalValidityConstraints extends APolicyRule
                     long interval = notAfter.getTime() - now.getTime();
 
                     if (interval > mRenewalInterval) {
-                        setError(req, 
-                            CMS.getUserMessage("CMS_POLICY_LONG_RENEWAL_LEAD_TIME",
-                                getInstanceName(),
-                                String.valueOf(mRenewalInterval / DAYS_TO_MS_FACTOR)), "");
-                        setError(req, 
-                            CMS.getUserMessage("CMS_POLICY_EXISTING_CERT_DETAILS",
-                                getInstanceName(),
-                                getCertDetails(req, currentCerts[i])), "");
+                        setError(req,
+                                CMS.getUserMessage("CMS_POLICY_LONG_RENEWAL_LEAD_TIME",
+                                        getInstanceName(),
+                                        String.valueOf(mRenewalInterval / DAYS_TO_MS_FACTOR)), "");
+                        setError(req,
+                                CMS.getUserMessage("CMS_POLICY_EXISTING_CERT_DETAILS",
+                                        getInstanceName(),
+                                        getCertDetails(req, currentCerts[i])), "");
 
                         result = PolicyResult.REJECTED;
                         setDummyValidity(certInfo[i]);
@@ -248,27 +246,27 @@ public class RenewalValidityConstraints extends APolicyRule
                     }
                 }
 
-                // Else compute new  validity.
+                // Else compute new validity.
                 Date renewedNotBef = notAfter;
                 Date renewedNotAfter = new Date(notAfter.getTime() +
                         mMaxValidity);
 
-                // If the new notAfter is within renewal interval days from 
+                // If the new notAfter is within renewal interval days from
                 // today or already expired, set the notBefore to today.
                 if (renewedNotAfter.before(now) ||
-                    (renewedNotAfter.getTime() - now.getTime()) <=
-                    mRenewalInterval) {
+                        (renewedNotAfter.getTime() - now.getTime()) <=
+                        mRenewalInterval) {
                     renewedNotBef = now;
                     renewedNotAfter = new Date(now.getTime() +
                                 mMaxValidity);
                 }
                 CertificateValidity newValidity =
-                    new CertificateValidity(renewedNotBef, renewedNotAfter);
+                        new CertificateValidity(renewedNotBef, renewedNotAfter);
 
                 certInfo[i].set(X509CertInfo.VALIDITY, newValidity);
             }
         } catch (Exception e) {
-            String params[] = {getInstanceName(), e.toString()};
+            String params[] = { getInstanceName(), e.toString() };
 
             setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR", params), "");
             result = PolicyResult.REJECTED;
@@ -278,24 +276,24 @@ public class RenewalValidityConstraints extends APolicyRule
 
     /**
      * Return configured parameters for a policy rule instance.
-     *
+     * 
      * @return nvPairs A Vector of name/value pairs.
      */
     public Vector getInstanceParams() {
         Vector confParams = new Vector();
 
         confParams.addElement(PROP_MIN_VALIDITY + "=" +
-            mMinValidity / DAYS_TO_MS_FACTOR);
+                mMinValidity / DAYS_TO_MS_FACTOR);
         confParams.addElement(PROP_MAX_VALIDITY + "=" +
-            mMaxValidity / DAYS_TO_MS_FACTOR);
+                mMaxValidity / DAYS_TO_MS_FACTOR);
         confParams.addElement(PROP_RENEWAL_INTERVAL + "=" +
-            mRenewalInterval / DAYS_TO_MS_FACTOR);
+                mRenewalInterval / DAYS_TO_MS_FACTOR);
         return confParams;
     }
 
     /**
      * Return default parameters for a policy implementation.
-     *
+     * 
      * @return nvPairs A Vector of name/value pairs.
      */
     public Vector getDefaultParams() {
@@ -306,7 +304,7 @@ public class RenewalValidityConstraints extends APolicyRule
     private void setDummyValidity(X509CertInfo certInfo) {
         try {
             certInfo.set(X509CertInfo.VALIDITY,
-                new CertificateValidity(CMS.getCurrentDate(), new Date()));
+                    new CertificateValidity(CMS.getCurrentDate(), new Date()));
         } catch (Exception e) {
         }
     }
@@ -317,8 +315,8 @@ public class RenewalValidityConstraints extends APolicyRule
         sb.append("\n");
         sb.append("Serial No: " + cert.getSerialNumber().toString(16));
         sb.append("\n");
-        sb.append("Validity: " + cert.getNotBefore().toString() + 
-            " - " + cert.getNotAfter().toString());
+        sb.append("Validity: " + cert.getNotBefore().toString() +
+                " - " + cert.getNotAfter().toString());
         sb.append("\n");
         String certType = req.getExtDataInString(IRequest.CERT_TYPE);
 
@@ -326,11 +324,12 @@ public class RenewalValidityConstraints extends APolicyRule
             certType = IRequest.SERVER_CERT;
         if (certType.equals(IRequest.CLIENT_CERT)) {
 
-            /*** Take this our - URL formulation hard to do here.
-             sb.append("Use the following url with your CA/RA gateway spec to download the certificate.");
-             sb.append("\n");
-             sb.append("/query/certImport?op=displayByserial&serialNumber=");
-             sb.append(cert.getSerialNumber().toString(16));
+            /***
+             * Take this our - URL formulation hard to do here. sb.append(
+             * "Use the following url with your CA/RA gateway spec to download the certificate."
+             * ); sb.append("\n");
+             * sb.append("/query/certImport?op=displayByserial&serialNumber=");
+             * sb.append(cert.getSerialNumber().toString(16));
              ***/
             sb.append("\n");
         } else {
@@ -342,7 +341,7 @@ public class RenewalValidityConstraints extends APolicyRule
 
                 sb.append(CERT_HEADER + encodedCert + CERT_TRAILER);
             } catch (Exception e) {
-                //throw new AssertionException(e.toString());
+                // throw new AssertionException(e.toString());
             }
         }
         return sb.toString();
diff --git a/pki/base/common/src/com/netscape/cms/policy/constraints/RevocationConstraints.java b/pki/base/common/src/com/netscape/cms/policy/constraints/RevocationConstraints.java
index 686529f4..046ebd35 100644
--- a/pki/base/common/src/com/netscape/cms/policy/constraints/RevocationConstraints.java
+++ b/pki/base/common/src/com/netscape/cms/policy/constraints/RevocationConstraints.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.policy.constraints;
 
-
 import java.util.Date;
 import java.util.Locale;
 import java.util.Vector;
@@ -38,20 +37,20 @@ import com.netscape.certsrv.request.IRequest;
 import com.netscape.certsrv.request.PolicyResult;
 import com.netscape.cms.policy.APolicyRule;
 
-
 /**
  * Whether to allow revocation of an expired cert.
  * <P>
+ * 
  * <PRE>
  * NOTE:  The Policy Framework has been replaced by the Profile Framework.
  * </PRE>
  * <P>
- *
+ * 
  * @deprecated
  * @version $Revision$, $Date$
  */
 public class RevocationConstraints extends APolicyRule
-    implements IRevocationPolicy, IExtendedPluginInfo {
+        implements IRevocationPolicy, IExtendedPluginInfo {
     private static final String PROP_ALLOW_EXPIRED_CERTS = "allowExpiredCerts";
     private static final String PROP_ALLOW_ON_HOLD = "allowOnHold";
 
@@ -74,13 +73,13 @@ public class RevocationConstraints extends APolicyRule
                 PROP_ALLOW_EXPIRED_CERTS + ";boolean;Allow a user to revoke an already-expired certificate",
                 PROP_ALLOW_ON_HOLD + ";boolean;Allow a user to set reason to On-Hold",
                 IExtendedPluginInfo.HELP_TOKEN +
-                ";configuration-policyrules-revocationconstraints",
+                        ";configuration-policyrules-revocationconstraints",
                 IExtendedPluginInfo.HELP_TEXT +
-                ";Allow administrator to decide policy on whether to allow " +
-                "recovation of expired certificates" +
-                "and set reason to On-Hold"
+                        ";Allow administrator to decide policy on whether to allow " +
+                        "recovation of expired certificates" +
+                        "and set reason to On-Hold"
 
-            };
+        };
 
         return params;
 
@@ -89,20 +88,20 @@ public class RevocationConstraints extends APolicyRule
     /**
      * Initializes this policy rule.
      * <P>
-     *
+     * 
      * The entries probably are of the form:
-     *
-     *      ra.Policy.rule.<ruleName>.implName=ValidityConstraints
-     *      ra.Policy.rule.<ruleName>.enable=true
-     *      ra.Policy.rule.<ruleName>.allowExpiredCerts=true
-     *
-     * @param config	The config store reference
+     * 
+     * ra.Policy.rule.<ruleName>.implName=ValidityConstraints
+     * ra.Policy.rule.<ruleName>.enable=true
+     * ra.Policy.rule.<ruleName>.allowExpiredCerts=true
+     * 
+     * @param config The config store reference
      */
     public void init(ISubsystem owner, IConfigStore config)
-        throws EPolicyException {
+            throws EPolicyException {
         // Get min and max validity in days and onfigure them.
         try {
-            mAllowExpiredCerts = 
+            mAllowExpiredCerts =
                     config.getBoolean(PROP_ALLOW_EXPIRED_CERTS, true);
             mAllowOnHold =
                     config.getBoolean(PROP_ALLOW_ON_HOLD, true);
@@ -117,8 +116,8 @@ public class RevocationConstraints extends APolicyRule
     /**
      * Applies the policy on the given Request.
      * <P>
-     *
-     * @param req	The request on which to apply policy.
+     * 
+     * @param req The request on which to apply policy.
      * @return The policy result object.
      */
     public PolicyResult apply(IRequest req) {
@@ -138,35 +137,35 @@ public class RevocationConstraints extends APolicyRule
 
                 setError(req, CMS.getUserMessage("CMS_POLICY_NO_ON_HOLD_ALLOWED", params), "");
                 return PolicyResult.REJECTED;
-            }                
+            }
         }
 
         if (mAllowExpiredCerts)
             // nothing to check.
             return PolicyResult.ACCEPTED;
-		
+
         PolicyResult result = PolicyResult.ACCEPTED;
 
         try {
             // Get the certificates being renwed.
             X509CertImpl[] oldCerts =
-                req.getExtDataInCertArray(IRequest.OLD_CERTS);
+                    req.getExtDataInCertArray(IRequest.OLD_CERTS);
 
             if (oldCerts == null) {
                 setError(req, CMS.getUserMessage("CMS_POLICY_NO_OLD_CERT"),
-                    getInstanceName());
+                        getInstanceName());
                 return PolicyResult.REJECTED;
             }
 
             // check if each cert to be renewed is expired.
             for (int i = 0; i < oldCerts.length; i++) {
                 X509CertInfo oldCertInfo = (X509CertInfo)
-                    oldCerts[i].get(
-                        X509CertImpl.NAME + "." + X509CertImpl.INFO);
-                CertificateValidity  oldValidity = (CertificateValidity)
-                    oldCertInfo.get(X509CertInfo.VALIDITY);
+                        oldCerts[i].get(
+                                X509CertImpl.NAME + "." + X509CertImpl.INFO);
+                CertificateValidity oldValidity = (CertificateValidity)
+                        oldCertInfo.get(X509CertInfo.VALIDITY);
                 Date notAfter = (Date)
-                    oldValidity.get(CertificateValidity.NOT_AFTER);
+                        oldValidity.get(CertificateValidity.NOT_AFTER);
 
                 // Is the Certificate still valid?
                 Date now = CMS.getCurrentDate();
@@ -174,16 +173,16 @@ public class RevocationConstraints extends APolicyRule
                 if (notAfter.before(now)) {
                     String params[] = { getInstanceName() };
 
-                    setError(req, 
-                        CMS.getUserMessage("CMS_POLICY_CANNOT_REVOKE_EXPIRED_CERTS",
-                            params), "");
+                    setError(req,
+                            CMS.getUserMessage("CMS_POLICY_CANNOT_REVOKE_EXPIRED_CERTS",
+                                    params), "");
                     result = PolicyResult.REJECTED;
                     break;
                 }
             }
 
         } catch (Exception e) {
-            String params[] = {getInstanceName(), e.toString()};
+            String params[] = { getInstanceName(), e.toString() };
 
             setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR", params), "");
             result = PolicyResult.REJECTED;
@@ -193,22 +192,22 @@ public class RevocationConstraints extends APolicyRule
 
     /**
      * Return configured parameters for a policy rule instance.
-     *
+     * 
      * @return nvPairs A Vector of name/value pairs.
      */
     public Vector getInstanceParams() {
         Vector confParams = new Vector();
 
         confParams.addElement(
-            PROP_ALLOW_EXPIRED_CERTS + "=" + mAllowExpiredCerts);
+                PROP_ALLOW_EXPIRED_CERTS + "=" + mAllowExpiredCerts);
         confParams.addElement(
-            PROP_ALLOW_ON_HOLD + "=" + mAllowOnHold);
+                PROP_ALLOW_ON_HOLD + "=" + mAllowOnHold);
         return confParams;
     }
 
     /**
      * Return default parameters for a policy implementation.
-     *
+     * 
      * @return nvPairs A Vector of name/value pairs.
      */
     public Vector getDefaultParams() {
diff --git a/pki/base/common/src/com/netscape/cms/policy/constraints/SigningAlgorithmConstraints.java b/pki/base/common/src/com/netscape/cms/policy/constraints/SigningAlgorithmConstraints.java
index 9d519284..8f974aee 100644
--- a/pki/base/common/src/com/netscape/cms/policy/constraints/SigningAlgorithmConstraints.java
+++ b/pki/base/common/src/com/netscape/cms/policy/constraints/SigningAlgorithmConstraints.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.policy.constraints;
 
-
 import java.util.Locale;
 import java.util.StringTokenizer;
 import java.util.Vector;
@@ -41,23 +40,24 @@ import com.netscape.certsrv.request.IRequest;
 import com.netscape.certsrv.request.PolicyResult;
 import com.netscape.cms.policy.APolicyRule;
 
-
 /**
- * SigningAlgorithmConstraints enforces that only a supported
- * signing algorithm be requested.
+ * SigningAlgorithmConstraints enforces that only a supported signing algorithm
+ * be requested.
  * <P>
+ * 
  * <PRE>
  * NOTE:  The Policy Framework has been replaced by the Profile Framework.
  * </PRE>
  * <P>
- *
+ * 
  * @deprecated
  * @version $Revision$, $Date$
  */
 public class SigningAlgorithmConstraints extends APolicyRule
-    implements IEnrollmentPolicy, IExtendedPluginInfo {
+        implements IEnrollmentPolicy, IExtendedPluginInfo {
     private String[] mAllowedAlgs = null; // algs allowed by this policy
-    static String[] mDefaultAllowedAlgs = null; // default algs allowed by this policy based on CA's key
+    static String[] mDefaultAllowedAlgs = null; // default algs allowed by this
+                                                // policy based on CA's key
     private String[] mConfigAlgs = null; // algs listed in config file
     private boolean winnowedByKey = false;
     IAuthority mAuthority = null;
@@ -94,17 +94,17 @@ public class SigningAlgorithmConstraints extends APolicyRule
     /**
      * Initializes this policy rule.
      * <P>
-     *
+     * 
      * The entries probably are of the form
-     *      ra.Policy.rule.<ruleName>.implName=SigningAlgorithmConstraints
-     *      ra.Policy.rule.<ruleName>.algorithms=SHA-1WithRSA, SHA-1WithDSA
-     *      ra.Policy.rule.<ruleName>.enable=true
-     *      ra.Policy.rule.<ruleName>.predicate=ou==Sales
-     *
-     * @param config	The config store reference
+     * ra.Policy.rule.<ruleName>.implName=SigningAlgorithmConstraints
+     * ra.Policy.rule.<ruleName>.algorithms=SHA-1WithRSA, SHA-1WithDSA
+     * ra.Policy.rule.<ruleName>.enable=true
+     * ra.Policy.rule.<ruleName>.predicate=ou==Sales
+     * 
+     * @param config The config store reference
      */
     public void init(ISubsystem owner, IConfigStore config)
-        throws EBaseException {
+            throws EBaseException {
         mAuthority = (IAuthority) ((IPolicyProcessor) owner).getAuthority();
 
         // Get allowed algorithms from config file
@@ -114,7 +114,7 @@ public class SigningAlgorithmConstraints extends APolicyRule
             try {
                 algNames = config.getString(PROP_ALGORITHMS, null);
             } catch (Exception e) {
-                String[] params = {getInstanceName(), e.toString(), PROP_ALGORITHMS};
+                String[] params = { getInstanceName(), e.toString(), PROP_ALGORITHMS };
 
                 throw new EPolicyException(
                         CMS.getUserMessage("CMS_POLICY_PARAM_CONFIG_ERROR", params));
@@ -136,7 +136,7 @@ public class SigningAlgorithmConstraints extends APolicyRule
                 for (int i = 0; i < itemCount; i++) {
                     mAllowedAlgs[i] = (String) algs.elementAt(i);
                 }
-			
+
             }
 
         }
@@ -149,8 +149,8 @@ public class SigningAlgorithmConstraints extends APolicyRule
 
         if (mAllowedAlgs != null) {
             // winnow out unknown algorithms
-            winnowAlgs(AlgorithmId.ALL_SIGNING_ALGORITHMS, 
-                "CMS_POLICY_UNKNOWN_SIGNING_ALG", true);
+            winnowAlgs(AlgorithmId.ALL_SIGNING_ALGORITHMS,
+                    "CMS_POLICY_UNKNOWN_SIGNING_ALG", true);
         } else {
             // if nothing was in the config file, allow all known algs
             mAllowedAlgs = AlgorithmId.ALL_SIGNING_ALGORITHMS;
@@ -183,19 +183,19 @@ public class SigningAlgorithmConstraints extends APolicyRule
 
         // get list of algorithms allowed for the key
         String[] allowedByKey =
-            ((ICertAuthority) mAuthority).getCASigningAlgorithms();
+                ((ICertAuthority) mAuthority).getCASigningAlgorithms();
 
         if (allowedByKey != null) {
-            // don't show algorithms that don't match CA's key in UI.	
+            // don't show algorithms that don't match CA's key in UI.
             mDefaultAllowedAlgs = new String[allowedByKey.length];
             for (int i = 0; i < allowedByKey.length; i++)
                 mDefaultAllowedAlgs[i] = allowedByKey[i];
-                // winnow out algorithms that don't match CA's signing key
+            // winnow out algorithms that don't match CA's signing key
             winnowAlgs(allowedByKey,
-                "CMS_POLICY_SIGNALG_NOT_MATCH_CAKEY_1", false);
+                    "CMS_POLICY_SIGNALG_NOT_MATCH_CAKEY_1", false);
             winnowedByKey = true;
         } else {
-            // We don't know the CA's signing algorithms.  Maybe we're
+            // We don't know the CA's signing algorithms. Maybe we're
             // an RA that hasn't talked to the CA yet? Try again later.
         }
     }
@@ -203,14 +203,15 @@ public class SigningAlgorithmConstraints extends APolicyRule
     /**
      * Winnows out of mAllowedAlgorithms those algorithms that aren't allowed
      * for some reason.
-     *
-     * @param allowed An array of allowed algorithms.  Only algorithms in this
-     *    list will survive the winnowing process.
-     * @param reason A string describing the problem with an algorithm
-     *		that is not allowed by this list. Must be a predefined string in PolicyResources.
+     * 
+     * @param allowed An array of allowed algorithms. Only algorithms in this
+     *            list will survive the winnowing process.
+     * @param reason A string describing the problem with an algorithm that is
+     *            not allowed by this list. Must be a predefined string in
+     *            PolicyResources.
      */
-    private void winnowAlgs(String[] allowed, String reason, boolean isError) 
-        throws EBaseException {
+    private void winnowAlgs(String[] allowed, String reason, boolean isError)
+            throws EBaseException {
         int i, j, goodSize;
 
         // validate the currently-allowed algorithms
@@ -240,7 +241,7 @@ public class SigningAlgorithmConstraints extends APolicyRule
         // convert back into an array
         goodSize = goodAlgs.size();
         if (mAllowedAlgs.length != goodSize) {
-            mAllowedAlgs = new String[ goodSize ];
+            mAllowedAlgs = new String[goodSize];
             for (i = 0; i < goodSize; i++) {
                 mAllowedAlgs[i] = (String) goodAlgs.elementAt(i);
             }
@@ -250,8 +251,8 @@ public class SigningAlgorithmConstraints extends APolicyRule
     /**
      * Applies the policy on the given Request.
      * <P>
-     *
-     * @param req	The request on which to apply policy.
+     * 
+     * @param req The request on which to apply policy.
      * @return The policy result object.
      */
     public PolicyResult apply(IRequest req) {
@@ -262,8 +263,8 @@ public class SigningAlgorithmConstraints extends APolicyRule
         try {
 
             // Get the certificate info from the request
-            //X509CertInfo certInfo[] = (X509CertInfo[])
-            //    req.get(IRequest.CERT_INFO);
+            // X509CertInfo certInfo[] = (X509CertInfo[])
+            // req.get(IRequest.CERT_INFO);
             X509CertInfo certInfo[] = req.getExtDataInCertInfoArray(IRequest.CERT_INFO);
 
             // We need to have a certificate info set
@@ -282,10 +283,10 @@ public class SigningAlgorithmConstraints extends APolicyRule
                 }
 
                 CertificateAlgorithmId certAlgId = (CertificateAlgorithmId)
-                    certInfo[i].get(X509CertInfo.ALGORITHM_ID);
+                        certInfo[i].get(X509CertInfo.ALGORITHM_ID);
 
                 AlgorithmId algId = (AlgorithmId)
-                    certAlgId.get(CertificateAlgorithmId.ALGORITHM);
+                        certAlgId.get(CertificateAlgorithmId.ALGORITHM);
                 String alg = algId.getName();
 
                 // test against the list of allowed algorithms
@@ -298,10 +299,10 @@ public class SigningAlgorithmConstraints extends APolicyRule
                     // if the algor doesn't match the CA's key replace
                     // it with one that does.
                     if (mAllowedAlgs[0].equals("SHA1withDSA") ||
-                        alg.equals("SHA1withDSA")) {
+                            alg.equals("SHA1withDSA")) {
                         certInfo[i].set(X509CertInfo.ALGORITHM_ID,
-                            new CertificateAlgorithmId(
-                                AlgorithmId.get(mAllowedAlgs[0])));
+                                new CertificateAlgorithmId(
+                                        AlgorithmId.get(mAllowedAlgs[0])));
                         return PolicyResult.ACCEPTED;
                     }
 
@@ -313,9 +314,9 @@ public class SigningAlgorithmConstraints extends APolicyRule
             }
         } catch (Exception e) {
             // e.printStackTrace();
-            String params[] = {getInstanceName(), e.toString()};
+            String params[] = { getInstanceName(), e.toString() };
 
-            setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR", 
+            setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR",
                     params), "");
             result = PolicyResult.REJECTED;
         }
@@ -324,10 +325,10 @@ public class SigningAlgorithmConstraints extends APolicyRule
 
     /**
      * Return configured parameters for a policy rule instance.
-     *
+     * 
      * @return nvPairs A Vector of name/value pairs.
      */
-    public Vector getInstanceParams() { 
+    public Vector getInstanceParams() {
         Vector confParams = new Vector();
         StringBuffer sb = new StringBuffer();
 
@@ -343,10 +344,10 @@ public class SigningAlgorithmConstraints extends APolicyRule
 
     /**
      * Return default parameters for a policy implementation.
-     *
+     * 
      * @return nvPairs A Vector of name/value pairs.
      */
-    public Vector getDefaultParams() { 
+    public Vector getDefaultParams() {
         StringBuffer sb = new StringBuffer();
         sb.append(PROP_ALGORITHMS);
         sb.append("=");
@@ -365,14 +366,14 @@ public class SigningAlgorithmConstraints extends APolicyRule
         }
         defConfParams.addElement(sb.toString());
 
-        return defConfParams; 
+        return defConfParams;
     }
 
     public String[] getExtendedPluginInfo(Locale locale) {
         if (!winnowedByKey) {
-            try { 
-                winnowByKey(); 
-            } catch (Exception e) { 
+            try {
+                winnowByKey();
+            } catch (Exception e) {
             }
         }
 
@@ -380,51 +381,51 @@ public class SigningAlgorithmConstraints extends APolicyRule
 
         String[] params_BOTH = {
                 PROP_ALGORITHMS + ";" + "choice(MD2withRSA\\,MD5withRSA\\,SHA1withRSA\\,SHA256withRSA\\,SHA512withRSA\\,SHA1withDSA," +
-                "MD2withRSA\\,MD5withRSA\\,SHA1withRSA\\,SHA1withDSA,"+
-                "MD2withRSA\\,MD5withRSA\\,SHA1withRSA," +
-                "MD2withRSA\\,SHA1withRSA\\,SHA1withDSA," +
-                "MD5withRSA\\,SHA1withRSA\\,SHA1withDSA," +
-                "MD2withRSA\\,MD5withRSA\\,SHA1withDSA," +
-                "MD2withRSA\\,MD5withRSA," +
-                "MD2withRSA\\,SHA1withRSA," +
-                "MD2withRSA\\,SHA1withDSA," +
-                "MD5withRSA\\,SHA1withRSA," +
-                "MD5withRSA\\,SHA1withDSA," +
-                "SHA1withRSA\\,SHA1withDSA," +
-                "MD2withRSA," +
-                "MD5withRSA," +
-                "SHA1withRSA," +
-                "SHA1withDSA);List of algorithms to restrict the requested signing algorithm " +
-                "to be one of the algorithms supported by Certificate System",
+                        "MD2withRSA\\,MD5withRSA\\,SHA1withRSA\\,SHA1withDSA," +
+                        "MD2withRSA\\,MD5withRSA\\,SHA1withRSA," +
+                        "MD2withRSA\\,SHA1withRSA\\,SHA1withDSA," +
+                        "MD5withRSA\\,SHA1withRSA\\,SHA1withDSA," +
+                        "MD2withRSA\\,MD5withRSA\\,SHA1withDSA," +
+                        "MD2withRSA\\,MD5withRSA," +
+                        "MD2withRSA\\,SHA1withRSA," +
+                        "MD2withRSA\\,SHA1withDSA," +
+                        "MD5withRSA\\,SHA1withRSA," +
+                        "MD5withRSA\\,SHA1withDSA," +
+                        "SHA1withRSA\\,SHA1withDSA," +
+                        "MD2withRSA," +
+                        "MD5withRSA," +
+                        "SHA1withRSA," +
+                        "SHA1withDSA);List of algorithms to restrict the requested signing algorithm " +
+                        "to be one of the algorithms supported by Certificate System",
                 IExtendedPluginInfo.HELP_TOKEN + ";configuration-policyrules-signingalgconstraints",
                 IExtendedPluginInfo.HELP_TEXT +
-                ";Restricts the requested signing algorithm to be one of" +
-                " the algorithms supported by Certificate System"
+                        ";Restricts the requested signing algorithm to be one of" +
+                        " the algorithms supported by Certificate System"
             };
 
         String[] params_RSA = {
                 PROP_ALGORITHMS + ";" + "choice(MD2withRSA\\,MD5withRSA\\,SHA1withRSA," +
-                "MD2withRSA\\,MD5withRSA," +
-                "MD2withRSA\\,SHA1withRSA," +
-                "MD5withRSA\\,SHA1withRSA," +
-                "MD2withRSA," +
-                "MD5withRSA," +
-                "SHA1withRSA);Restrict the requested signing algorithm to be " +
-                "one of the algorithms supported by Certificate System",
+                        "MD2withRSA\\,MD5withRSA," +
+                        "MD2withRSA\\,SHA1withRSA," +
+                        "MD5withRSA\\,SHA1withRSA," +
+                        "MD2withRSA," +
+                        "MD5withRSA," +
+                        "SHA1withRSA);Restrict the requested signing algorithm to be " +
+                        "one of the algorithms supported by Certificate System",
                 IExtendedPluginInfo.HELP_TOKEN + ";configuration-policyrules-signingalgconstraints",
                 IExtendedPluginInfo.HELP_TEXT +
-                ";Restricts the requested signing algorithm to be one of" +
-                " the algorithms supported by Certificate System"
+                        ";Restricts the requested signing algorithm to be one of" +
+                        " the algorithms supported by Certificate System"
             };
 
         String[] params_DSA = {
                 PROP_ALGORITHMS + ";" + "choice(SHA1withDSA);Restrict the requested signing " +
-                "algorithm to be one of the algorithms supported by Certificate " +
-                "System",
+                        "algorithm to be one of the algorithms supported by Certificate " +
+                        "System",
                 IExtendedPluginInfo.HELP_TOKEN + ";configuration-policyrules-signingalgconstraints",
                 IExtendedPluginInfo.HELP_TEXT +
-                ";Restricts the requested signing algorithm to be one of" +
-                " the algorithms supported by Certificate System"
+                        ";Restricts the requested signing algorithm to be one of" +
+                        " the algorithms supported by Certificate System"
             };
 
         switch (mDefaultAllowedAlgs.length) {
@@ -447,4 +448,3 @@ public class SigningAlgorithmConstraints extends APolicyRule
     }
 
 }
-
diff --git a/pki/base/common/src/com/netscape/cms/policy/constraints/SubCANameConstraints.java b/pki/base/common/src/com/netscape/cms/policy/constraints/SubCANameConstraints.java
index 8e8cd4a7..81862cfe 100644
--- a/pki/base/common/src/com/netscape/cms/policy/constraints/SubCANameConstraints.java
+++ b/pki/base/common/src/com/netscape/cms/policy/constraints/SubCANameConstraints.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.policy.constraints;
 
-
 import java.util.Locale;
 import java.util.Vector;
 
@@ -41,16 +40,16 @@ import com.netscape.certsrv.request.PolicyResult;
 import com.netscape.certsrv.security.ISigningUnit;
 import com.netscape.cms.policy.APolicyRule;
 
-
 /**
- * This simple policy checks the subordinate CA CSR to see
- * if it is the same as the local CA.
+ * This simple policy checks the subordinate CA CSR to see if it is the same as
+ * the local CA.
  * <P>
+ * 
  * <PRE>
  * NOTE:  The Policy Framework has been replaced by the Profile Framework.
  * </PRE>
  * <P>
- *
+ * 
  * @deprecated
  * @version $Revision$, $Date$
  */
@@ -66,32 +65,32 @@ public class SubCANameConstraints extends APolicyRule implements IEnrollmentPoli
     public String[] getExtendedPluginInfo(Locale locale) {
         String[] params = {
                 IExtendedPluginInfo.HELP_TOKEN +
-                ";configuration-policyrules-subcanamecheck",
+                        ";configuration-policyrules-subcanamecheck",
                 IExtendedPluginInfo.HELP_TEXT +
-                ";Checks if subordinate CA request matches the local CA. There are no parameters to change"
+                        ";Checks if subordinate CA request matches the local CA. There are no parameters to change"
             };
 
         return params;
 
     }
-	
+
     /**
      * Initializes this policy rule.
      * <P>
-     *
+     * 
      * The entries probably are of the form
-     *      ra.Policy.rule.<ruleName>.implName=KeyAlgorithmConstraints
-     *      ra.Policy.rule.<ruleName>.algorithms=RSA,DSA
-     *      ra.Policy.rule.<ruleName>.enable=true
-     *      ra.Policy.rule.<ruleName>.predicate=ou==Sales
-     *
-     * @param config	The config store reference
+     * ra.Policy.rule.<ruleName>.implName=KeyAlgorithmConstraints
+     * ra.Policy.rule.<ruleName>.algorithms=RSA,DSA
+     * ra.Policy.rule.<ruleName>.enable=true
+     * ra.Policy.rule.<ruleName>.predicate=ou==Sales
+     * 
+     * @param config The config store reference
      */
     public void init(ISubsystem owner, IConfigStore config)
-        throws EBaseException {
+            throws EBaseException {
         // get CA's public key to create authority key id.
-        ICertAuthority certAuthority = (ICertAuthority) 
-            ((IPolicyProcessor) owner).getAuthority();
+        ICertAuthority certAuthority = (ICertAuthority)
+                ((IPolicyProcessor) owner).getAuthority();
 
         if (certAuthority == null) {
             // should never get here.
@@ -106,7 +105,7 @@ public class SubCANameConstraints extends APolicyRule implements IEnrollmentPoli
         }
         mCA = (ICertificateAuthority) certAuthority;
         ISigningUnit su = mCA.getSigningUnit();
-        if( su == null || CMS.isPreOpMode() ) {
+        if (su == null || CMS.isPreOpMode()) {
             return;
         }
 
@@ -124,8 +123,8 @@ public class SubCANameConstraints extends APolicyRule implements IEnrollmentPoli
     /**
      * Applies the policy on the given Request.
      * <P>
-     *
-     * @param req	The request on which to apply policy.
+     * 
+     * @param req The request on which to apply policy.
      * @return The policy result object.
      */
     public PolicyResult apply(IRequest req) {
@@ -136,7 +135,7 @@ public class SubCANameConstraints extends APolicyRule implements IEnrollmentPoli
             // Get the certificate templates
             X509CertInfo[] certInfos = req.getExtDataInCertInfoArray(
                     IRequest.CERT_INFO);
-						
+
             if (certInfos == null) {
                 log(ILogger.LL_FAILURE, CMS.getLogMessage("POLICY_NO_CERT_INFO", getInstanceName()));
                 setError(req, CMS.getUserMessage("CMS_POLICY_NO_CERT_INFO", NAME + ":" + getInstanceName()), "");
@@ -163,7 +162,7 @@ public class SubCANameConstraints extends APolicyRule implements IEnrollmentPoli
             }
         } catch (Exception e) {
             log(ILogger.LL_FAILURE, CMS.getLogMessage("POLICY_NO_SUBJECT_NAME_1", getInstanceName()));
-            String params[] = {getInstanceName(), e.toString()};
+            String params[] = { getInstanceName(), e.toString() };
 
             setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR",
                     params), "");
@@ -174,24 +173,23 @@ public class SubCANameConstraints extends APolicyRule implements IEnrollmentPoli
 
     /**
      * Return configured parameters for a policy rule instance.
-     *
+     * 
      * @return nvPairs A Vector of name/value pairs.
      */
-    public Vector getInstanceParams() { 
+    public Vector getInstanceParams() {
         Vector v = new Vector();
 
         return v;
     }
-		
+
     /**
      * Return default parameters for a policy implementation.
-     *
+     * 
      * @return nvPairs A Vector of name/value pairs.
      */
-    public Vector getDefaultParams() { 
+    public Vector getDefaultParams() {
         Vector v = new Vector();
 
         return v;
     }
 }
-
diff --git a/pki/base/common/src/com/netscape/cms/policy/constraints/UniqueSubjectName.java b/pki/base/common/src/com/netscape/cms/policy/constraints/UniqueSubjectName.java
index dc8ecd79..9afbf765 100644
--- a/pki/base/common/src/com/netscape/cms/policy/constraints/UniqueSubjectName.java
+++ b/pki/base/common/src/com/netscape/cms/policy/constraints/UniqueSubjectName.java
@@ -17,17 +17,15 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.policy.constraints;
 
-
-
-
 /**
  * This class is used to help migrate CMS4.1 to CMS4.2.
  * <P>
+ * 
  * <PRE>
  * NOTE:  The Policy Framework has been replaced by the Profile Framework.
  * </PRE>
  * <P>
- *
+ * 
  * @deprecated
  * @version $Revision$, $Date$
  */
diff --git a/pki/base/common/src/com/netscape/cms/policy/constraints/UniqueSubjectNameConstraints.java b/pki/base/common/src/com/netscape/cms/policy/constraints/UniqueSubjectNameConstraints.java
index 2cff24d3..48663f61 100644
--- a/pki/base/common/src/com/netscape/cms/policy/constraints/UniqueSubjectNameConstraints.java
+++ b/pki/base/common/src/com/netscape/cms/policy/constraints/UniqueSubjectNameConstraints.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.policy.constraints;
 
-
 import java.io.IOException;
 import java.util.Enumeration;
 import java.util.Locale;
@@ -44,35 +43,33 @@ import com.netscape.certsrv.request.IRequest;
 import com.netscape.certsrv.request.PolicyResult;
 import com.netscape.cms.policy.APolicyRule;
 
-
 /**
- * Checks the uniqueness of the subject name. This policy
- * can only be used (installed) in Certificate Authority 
- * subsystem. 
- *
- * This policy can perform pre-agent-approval checking or
- * post-agent-approval checking based on configuration
- * setting.
- *
- * In some situations, user may want to have 2 certificates with
- * the same subject name. For example, one key for encryption, 
- * and one for signing. This policy does not deal with this case 
- * directly. But it can be easily extended to do that.
+ * Checks the uniqueness of the subject name. This policy can only be used
+ * (installed) in Certificate Authority subsystem.
+ * 
+ * This policy can perform pre-agent-approval checking or post-agent-approval
+ * checking based on configuration setting.
+ * 
+ * In some situations, user may want to have 2 certificates with the same
+ * subject name. For example, one key for encryption, and one for signing. This
+ * policy does not deal with this case directly. But it can be easily extended
+ * to do that.
  * <P>
+ * 
  * <PRE>
  * NOTE:  The Policy Framework has been replaced by the Profile Framework.
  * </PRE>
  * <P>
- *
+ * 
  * @deprecated
  * @version $Revision$, $Date$
  */
-public class UniqueSubjectNameConstraints extends APolicyRule 
-    implements IEnrollmentPolicy, IExtendedPluginInfo {
-    protected static final String PROP_PRE_AGENT_APPROVAL_CHECKING = 
-        "enablePreAgentApprovalChecking";
-    protected static final String PROP_KEY_USAGE_EXTENSION_CHECKING = 
-        "enableKeyUsageExtensionChecking";
+public class UniqueSubjectNameConstraints extends APolicyRule
+        implements IEnrollmentPolicy, IExtendedPluginInfo {
+    protected static final String PROP_PRE_AGENT_APPROVAL_CHECKING =
+            "enablePreAgentApprovalChecking";
+    protected static final String PROP_KEY_USAGE_EXTENSION_CHECKING =
+            "enableKeyUsageExtensionChecking";
 
     public ICertificateAuthority mCA = null;
 
@@ -82,17 +79,17 @@ public class UniqueSubjectNameConstraints extends APolicyRule
     public UniqueSubjectNameConstraints() {
         NAME = "UniqueSubjectName";
         DESC = "Ensure the uniqueness of the subject name.";
-    } 
+    }
 
     public String[] getExtendedPluginInfo(Locale locale) {
         String[] params = {
                 PROP_PRE_AGENT_APPROVAL_CHECKING + ";boolean;If checked, check subject name uniqueness BEFORE agent approves, (else checks AFTER approval)",
                 PROP_KEY_USAGE_EXTENSION_CHECKING + ";boolean;If checked, allow non-unique subject names if Key Usage Extension differs",
                 IExtendedPluginInfo.HELP_TOKEN +
-                ";configuration-policyrules-uniquesubjectname",
+                        ";configuration-policyrules-uniquesubjectname",
                 IExtendedPluginInfo.HELP_TEXT +
-                ";Rejects a request if there exists an unrevoked, unexpired " +
-                "certificate with the same subject name"
+                        ";Rejects a request if there exists an unrevoked, unexpired " +
+                        "certificate with the same subject name"
             };
 
         return params;
@@ -102,22 +99,22 @@ public class UniqueSubjectNameConstraints extends APolicyRule
     /**
      * Initializes this policy rule.
      * <P>
-     *
+     * 
      * The entries probably are of the form:
-     *
-     *      ca.Policy.rule.<ruleName>.implName=UniqueSubjectName
-     *      ca.Policy.rule.<ruleName>.enable=true
-     *      ca.Policy.rule.<ruleName>.enable=true
-     *      ca.Policy.rule.<ruleName>.enablePreAgentApprovalChecking=true
-     *      ca.Policy.rule.<ruleName>.enableKeyUsageExtensionChecking=true
-     *
-     * @param config	The config store reference
+     * 
+     * ca.Policy.rule.<ruleName>.implName=UniqueSubjectName
+     * ca.Policy.rule.<ruleName>.enable=true
+     * ca.Policy.rule.<ruleName>.enable=true
+     * ca.Policy.rule.<ruleName>.enablePreAgentApprovalChecking=true
+     * ca.Policy.rule.<ruleName>.enableKeyUsageExtensionChecking=true
+     * 
+     * @param config The config store reference
      */
-    public void init(ISubsystem owner, IConfigStore config) 
-        throws EBaseException {
+    public void init(ISubsystem owner, IConfigStore config)
+            throws EBaseException {
         // get CA's public key to create authority key id.
         ICertAuthority certAuthority = (ICertAuthority)
-            ((IPolicyProcessor) owner).getAuthority();
+                ((IPolicyProcessor) owner).getAuthority();
 
         if (certAuthority == null) {
             // should never get here.
@@ -131,12 +128,12 @@ public class UniqueSubjectNameConstraints extends APolicyRule
 
         mCA = (ICertificateAuthority) certAuthority;
         try {
-            mPreAgentApprovalChecking = 
+            mPreAgentApprovalChecking =
                     config.getBoolean(PROP_PRE_AGENT_APPROVAL_CHECKING, false);
         } catch (EBaseException e) {
         }
         try {
-            mKeyUsageExtensionChecking = 
+            mKeyUsageExtensionChecking =
                     config.getBoolean(PROP_KEY_USAGE_EXTENSION_CHECKING, true);
         } catch (EBaseException e) {
         }
@@ -145,8 +142,8 @@ public class UniqueSubjectNameConstraints extends APolicyRule
     /**
      * Applies the policy on the given Request.
      * <P>
-     *
-     * @param req	The request on which to apply policy.
+     * 
+     * @param req The request on which to apply policy.
      * @return The policy result object.
      */
     public PolicyResult apply(IRequest req) {
@@ -162,9 +159,9 @@ public class UniqueSubjectNameConstraints extends APolicyRule
             // Get the certificate templates
             X509CertInfo[] certInfos = req.getExtDataInCertInfoArray(
                     IRequest.CERT_INFO);
-			
+
             if (certInfos == null) {
-                setError(req, CMS.getUserMessage("CMS_POLICY_NO_CERT_INFO", 
+                setError(req, CMS.getUserMessage("CMS_POLICY_NO_CERT_INFO",
                         getInstanceName()), "");
                 return PolicyResult.REJECTED;
             }
@@ -172,11 +169,11 @@ public class UniqueSubjectNameConstraints extends APolicyRule
             // retrieve the subject name and check its unqiueness
             for (int i = 0; i < certInfos.length; i++) {
                 CertificateSubjectName subName = (CertificateSubjectName)
-                    certInfos[i].get(X509CertInfo.SUBJECT);
+                        certInfos[i].get(X509CertInfo.SUBJECT);
 
                 // if there is no name set, set one here.
                 if (subName == null) {
-                    setError(req, CMS.getUserMessage("CMS_POLICY_NO_SUBJECT_NAME", 
+                    setError(req, CMS.getUserMessage("CMS_POLICY_NO_SUBJECT_NAME",
                             getInstanceName()), "");
                     return PolicyResult.REJECTED;
                 }
@@ -184,23 +181,24 @@ public class UniqueSubjectNameConstraints extends APolicyRule
                 String filter = "x509Cert.subject=" + certSubjectName;
                 // subject name is indexed, so we only use subject name
                 // in the filter
-                Enumeration<ICertRecord> matched = 
-                    mCA.getCertificateRepository().findCertRecords(filter);
+                Enumeration<ICertRecord> matched =
+                        mCA.getCertificateRepository().findCertRecords(filter);
 
                 while (matched.hasMoreElements()) {
-                    ICertRecord rec =  matched.nextElement();
+                    ICertRecord rec = matched.nextElement();
                     String status = rec.getStatus();
 
                     if (status.equals(ICertRecord.STATUS_REVOKED) || status.equals(ICertRecord.STATUS_EXPIRED) || status.equals(ICertRecord.STATUS_REVOKED_EXPIRED)) {
-                        // accept this only if we have a REVOKED, 
+                        // accept this only if we have a REVOKED,
                         // EXPIRED or REVOKED_EXPIRED certificate
                         continue;
-					
+
                     }
-                    // you already have an VALID or INVALID (not yet valid) certificate
+                    // you already have an VALID or INVALID (not yet valid)
+                    // certificate
                     if (mKeyUsageExtensionChecking && agentApproved(req)) {
-                        // This request is agent approved which 
-                        // means all requested extensions are finalized 
+                        // This request is agent approved which
+                        // means all requested extensions are finalized
                         // to the request,
                         // We will accept duplicated subject name with
                         // different keyUsage extension if
@@ -210,15 +208,15 @@ public class UniqueSubjectNameConstraints extends APolicyRule
                         }
                     }
 
-                    setError(req, CMS.getUserMessage("CMS_POLICY_SUBJECT_NAME_EXIST", 
+                    setError(req, CMS.getUserMessage("CMS_POLICY_SUBJECT_NAME_EXIST",
                             getInstanceName() + " " + certSubjectName), "");
                     return PolicyResult.REJECTED;
                 }
             }
         } catch (Exception e) {
-            String params[] = {getInstanceName(), e.toString()};
+            String params[] = { getInstanceName(), e.toString() };
 
-            setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR", 
+            setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR",
                     params), "");
             result = PolicyResult.REJECTED;
         }
@@ -226,11 +224,11 @@ public class UniqueSubjectNameConstraints extends APolicyRule
     }
 
     /**
-     * Checks if the key extension in the issued certificate
-     * is the same as the one in the certificate template.
+     * Checks if the key extension in the issued certificate is the same as the
+     * one in the certificate template.
      */
-    private boolean sameKeyUsageExtension(ICertRecord rec, 
-        X509CertInfo certInfo) {
+    private boolean sameKeyUsageExtension(ICertRecord rec,
+            X509CertInfo certInfo) {
         X509CertImpl impl = rec.getCertificate();
         boolean bits[] = impl.getKeyUsage();
 
@@ -282,25 +280,25 @@ public class UniqueSubjectNameConstraints extends APolicyRule
 
     /**
      * Return configured parameters for a policy rule instance.
-     *
+     * 
      * @return nvPairs A Vector of name/value pairs.
      */
     public Vector<String> getInstanceParams() {
         Vector<String> confParams = new Vector<String>();
 
         confParams.addElement(PROP_PRE_AGENT_APPROVAL_CHECKING +
-            "=" + mPreAgentApprovalChecking);
+                "=" + mPreAgentApprovalChecking);
         confParams.addElement(PROP_KEY_USAGE_EXTENSION_CHECKING +
-            "=" + mKeyUsageExtensionChecking);
+                "=" + mKeyUsageExtensionChecking);
         return confParams;
     }
 
     /**
      * Return default parameters for a policy implementation.
-     *
+     * 
      * @return nvPairs A Vector of name/value pairs.
      */
-    public Vector<String> getDefaultParams() { 
+    public Vector<String> getDefaultParams() {
         Vector<String> defParams = new Vector<String>();
 
         defParams.addElement(PROP_PRE_AGENT_APPROVAL_CHECKING + "=");
diff --git a/pki/base/common/src/com/netscape/cms/policy/constraints/ValidityConstraints.java b/pki/base/common/src/com/netscape/cms/policy/constraints/ValidityConstraints.java
index 62c49450..d8578633 100644
--- a/pki/base/common/src/com/netscape/cms/policy/constraints/ValidityConstraints.java
+++ b/pki/base/common/src/com/netscape/cms/policy/constraints/ValidityConstraints.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.policy.constraints;
 
-
 import java.util.Date;
 import java.util.Locale;
 import java.util.Vector;
@@ -35,26 +34,24 @@ import com.netscape.certsrv.request.IRequest;
 import com.netscape.certsrv.request.PolicyResult;
 import com.netscape.cms.policy.APolicyRule;
 
-
 /**
- * ValidityConstraints is a default rule for Enrollment and
- * Renewal that enforces minimum and maximum validity periods
- * and changes them if not met.
- *
- * Optionally the lead and lag times - i.e how far back into the
- * front or back the notBefore date could go in minutes can also
- * be specified.
+ * ValidityConstraints is a default rule for Enrollment and Renewal that
+ * enforces minimum and maximum validity periods and changes them if not met.
+ * 
+ * Optionally the lead and lag times - i.e how far back into the front or back
+ * the notBefore date could go in minutes can also be specified.
  * <P>
+ * 
  * <PRE>
  * NOTE:  The Policy Framework has been replaced by the Profile Framework.
  * </PRE>
  * <P>
- *
+ * 
  * @deprecated
  * @version $Revision$, $Date$
  */
 public class ValidityConstraints extends APolicyRule
-    implements IEnrollmentPolicy, IExtendedPluginInfo {
+        implements IEnrollmentPolicy, IExtendedPluginInfo {
     protected long mMinValidity;
     protected long mMaxValidity;
     protected long mLeadTime;
@@ -78,15 +75,15 @@ public class ValidityConstraints extends APolicyRule
 
     static {
         defConfParams.addElement(PROP_MIN_VALIDITY + "=" +
-            DEF_MIN_VALIDITY);
+                DEF_MIN_VALIDITY);
         defConfParams.addElement(PROP_MAX_VALIDITY + "=" +
-            DEF_MAX_VALIDITY);
+                DEF_MAX_VALIDITY);
         defConfParams.addElement(PROP_LEAD_TIME + "=" +
-            DEF_LEAD_TIME);
+                DEF_LEAD_TIME);
         defConfParams.addElement(PROP_LAG_TIME + "=" +
-            DEF_LAG_TIME);
+                DEF_LAG_TIME);
         defConfParams.addElement(PROP_NOT_BEFORE_SKEW + "=" +
-            DEF_NOT_BEFORE_SKEW);
+                DEF_NOT_BEFORE_SKEW);
     }
 
     public String[] getExtendedPluginInfo(Locale locale) {
@@ -97,11 +94,11 @@ public class ValidityConstraints extends APolicyRule
                 PROP_LAG_TIME + ";number;NOT CURRENTLY IN USE",
                 PROP_NOT_BEFORE_SKEW + ";number;Number of minutes a cert's notBefore should be in the past",
                 IExtendedPluginInfo.HELP_TOKEN +
-                ";configuration-policyrules-validityconstraints",
+                        ";configuration-policyrules-validityconstraints",
                 IExtendedPluginInfo.HELP_TEXT +
-                ";Ensures that the user's requested validity period is " +
-                "acceptable. If not specified, as is usually the case, " +
-                "this policy will set the validity. See RFC 2459."
+                        ";Ensures that the user's requested validity period is " +
+                        "acceptable. If not specified, as is usually the case, " +
+                        "this policy will set the validity. See RFC 2459."
             };
 
         return params;
@@ -116,19 +113,19 @@ public class ValidityConstraints extends APolicyRule
     /**
      * Initializes this policy rule.
      * <P>
-     *
+     * 
      * The entries probably are of the form:
-     *
-     *      ra.Policy.rule.<ruleName>.implName=ValidityConstraints
-     *      ra.Policy.rule.<ruleName>.enable=true
-     *      ra.Policy.rule.<ruleName>.minValidity=30
-     *      ra.Policy.rule.<ruleName>.maxValidity=180
-     *      ra.Policy.rule.<ruleName>.predicate=ou==Sales
-     *
-     * @param config	The config store reference
+     * 
+     * ra.Policy.rule.<ruleName>.implName=ValidityConstraints
+     * ra.Policy.rule.<ruleName>.enable=true
+     * ra.Policy.rule.<ruleName>.minValidity=30
+     * ra.Policy.rule.<ruleName>.maxValidity=180
+     * ra.Policy.rule.<ruleName>.predicate=ou==Sales
+     * 
+     * @param config The config store reference
      */
     public void init(ISubsystem owner, IConfigStore config)
-        throws EPolicyException {
+            throws EPolicyException {
 
         // Get min and max validity in days and configure them.
         try {
@@ -164,7 +161,7 @@ public class ValidityConstraints extends APolicyRule
                 mNotBeforeSkew = DEF_NOT_BEFORE_SKEW * MINS_TO_MS_FACTOR;
         } catch (Exception e) {
             // e.printStackTrace();
-            String[] params = {getInstanceName(), e.toString()};
+            String[] params = { getInstanceName(), e.toString() };
 
             throw new EPolicyException(
                     CMS.getUserMessage("CMS_POLICY_INVALID_POLICY_CONFIG", params));
@@ -174,8 +171,8 @@ public class ValidityConstraints extends APolicyRule
     /**
      * Applies the policy on the given Request.
      * <P>
-     *
-     * @param req	The request on which to apply policy.
+     * 
+     * @param req The request on which to apply policy.
      * @return The policy result object.
      */
     public PolicyResult apply(IRequest req) {
@@ -184,8 +181,8 @@ public class ValidityConstraints extends APolicyRule
 
         try {
             // Get the certificate info from the request
-            //X509CertInfo certInfo[] = (X509CertInfo[])
-            //    req.get(IRequest.CERT_INFO);
+            // X509CertInfo certInfo[] = (X509CertInfo[])
+            // req.get(IRequest.CERT_INFO);
             X509CertInfo certInfo[] = req.getExtDataInCertInfoArray(IRequest.CERT_INFO);
 
             // There should be a certificate info set.
@@ -198,7 +195,7 @@ public class ValidityConstraints extends APolicyRule
             // Else check if validity is within the limit
             for (int i = 0; i < certInfo.length; i++) {
                 CertificateValidity validity = (CertificateValidity)
-                    certInfo[i].get(X509CertInfo.VALIDITY);
+                        certInfo[i].get(X509CertInfo.VALIDITY);
 
                 Date notBefore = null, notAfter = null;
 
@@ -209,15 +206,15 @@ public class ValidityConstraints extends APolicyRule
                             validity.get(CertificateValidity.NOT_AFTER);
                 }
 
-                // If no validity is supplied yet, make one.  The default
+                // If no validity is supplied yet, make one. The default
                 // validity is supposed to pass the following checks, so
                 // bypass further checking.
                 // (date = 0 is hack for serialization)
 
                 if (validity == null ||
-                    (notBefore.getTime() == 0 && notAfter.getTime() == 0)) {
+                        (notBefore.getTime() == 0 && notAfter.getTime() == 0)) {
                     certInfo[i].set(X509CertInfo.VALIDITY,
-                        makeDefaultValidity(req));
+                            makeDefaultValidity(req));
                     continue;
                 }
 
@@ -228,22 +225,20 @@ public class ValidityConstraints extends APolicyRule
                             getInstanceName()), "");
                     result = PolicyResult.REJECTED;
                 }
-                if ((notAfter.getTime() - notBefore.getTime()) >
-                    mMaxValidity) {
-                    String params[] = {getInstanceName(), 
+                if ((notAfter.getTime() - notBefore.getTime()) > mMaxValidity) {
+                    String params[] = { getInstanceName(),
                             String.valueOf(
-                                ((notAfter.getTime() - notBefore.getTime()) / DAYS_TO_MS_FACTOR)),
-                            String.valueOf(mMaxValidity / DAYS_TO_MS_FACTOR)};
+                                    ((notAfter.getTime() - notBefore.getTime()) / DAYS_TO_MS_FACTOR)),
+                            String.valueOf(mMaxValidity / DAYS_TO_MS_FACTOR) };
 
                     setError(req, CMS.getUserMessage("CMS_POLICY_MORE_THAN_MAX_VALIDITY", params), "");
                     result = PolicyResult.REJECTED;
                 }
-                if ((notAfter.getTime() - notBefore.getTime()) <
-                    mMinValidity) {
-                    String params[] = {getInstanceName(), 
+                if ((notAfter.getTime() - notBefore.getTime()) < mMinValidity) {
+                    String params[] = { getInstanceName(),
                             String.valueOf(
-                                ((notAfter.getTime() - notBefore.getTime()) / DAYS_TO_MS_FACTOR)),
-                            String.valueOf(mMinValidity / DAYS_TO_MS_FACTOR)};
+                                    ((notAfter.getTime() - notBefore.getTime()) / DAYS_TO_MS_FACTOR)),
+                            String.valueOf(mMinValidity / DAYS_TO_MS_FACTOR) };
 
                     setError(req, CMS.getUserMessage("CMS_POLICY_LESS_THAN_MIN_VALIDITY", params), "");
                     result = PolicyResult.REJECTED;
@@ -251,7 +246,7 @@ public class ValidityConstraints extends APolicyRule
             }
         } catch (Exception e) {
             // e.printStackTrace();
-            String params[] = {getInstanceName(), e.toString()};
+            String params[] = { getInstanceName(), e.toString() };
 
             setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR",
                     params), "");
@@ -262,28 +257,28 @@ public class ValidityConstraints extends APolicyRule
 
     /**
      * Return configured parameters for a policy rule instance.
-     *
+     * 
      * @return nvPairs A Vector of name/value pairs.
      */
     public Vector getInstanceParams() {
         Vector confParams = new Vector();
 
         confParams.addElement(PROP_MIN_VALIDITY + "=" +
-            mMinValidity / DAYS_TO_MS_FACTOR);
+                mMinValidity / DAYS_TO_MS_FACTOR);
         confParams.addElement(PROP_MAX_VALIDITY + "=" +
-            mMaxValidity / DAYS_TO_MS_FACTOR);
-        confParams.addElement(PROP_LEAD_TIME + "=" 
-            + mLeadTime / MINS_TO_MS_FACTOR);
-        confParams.addElement(PROP_LAG_TIME + "=" + 
-            mLagTime / MINS_TO_MS_FACTOR);
-        confParams.addElement(PROP_NOT_BEFORE_SKEW + "=" + 
-            mNotBeforeSkew / MINS_TO_MS_FACTOR);
+                mMaxValidity / DAYS_TO_MS_FACTOR);
+        confParams.addElement(PROP_LEAD_TIME + "="
+                + mLeadTime / MINS_TO_MS_FACTOR);
+        confParams.addElement(PROP_LAG_TIME + "=" +
+                mLagTime / MINS_TO_MS_FACTOR);
+        confParams.addElement(PROP_NOT_BEFORE_SKEW + "=" +
+                mNotBeforeSkew / MINS_TO_MS_FACTOR);
         return confParams;
     }
 
     /**
      * Return default parameters for a policy implementation.
-     *
+     * 
      * @return nvPairs A Vector of name/value pairs.
      */
     public Vector getDefaultParams() {
@@ -292,12 +287,12 @@ public class ValidityConstraints extends APolicyRule
 
     /**
      * Create a default validity value for a request
-     *
+     * 
      * This code can be easily overridden in a derived class, if the
      * calculations here aren't accepatble.
-     *
-     * TODO: it might be good to base this calculation on the creation
-     * time of the request.
+     * 
+     * TODO: it might be good to base this calculation on the creation time of
+     * the request.
      */
     protected CertificateValidity makeDefaultValidity(IRequest req) {
         long now = roundTimeToSecond((CMS.getCurrentDate()).getTime());
@@ -311,13 +306,11 @@ public class ValidityConstraints extends APolicyRule
     }
 
     /**
-     * convert a millisecond resolution time into one with 1 second
-     * resolution.  Most times in certificates are storage at 1
-     * second resolution, so its better if we deal with things at
-     * that level.
+     * convert a millisecond resolution time into one with 1 second resolution.
+     * Most times in certificates are storage at 1 second resolution, so its
+     * better if we deal with things at that level.
      */
     protected long roundTimeToSecond(long input) {
         return (input / 1000) * 1000;
     }
 }
-
diff --git a/pki/base/common/src/com/netscape/cms/policy/extensions/AuthInfoAccessExt.java b/pki/base/common/src/com/netscape/cms/policy/extensions/AuthInfoAccessExt.java
index 4f8aaa29..79679f0c 100644
--- a/pki/base/common/src/com/netscape/cms/policy/extensions/AuthInfoAccessExt.java
+++ b/pki/base/common/src/com/netscape/cms/policy/extensions/AuthInfoAccessExt.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.policy.extensions;
 
-
 import java.io.IOException;
 import java.io.Serializable;
 import java.security.cert.CertificateException;
@@ -44,57 +43,51 @@ import com.netscape.certsrv.request.IRequest;
 import com.netscape.certsrv.request.PolicyResult;
 import com.netscape.cms.policy.APolicyRule;
 
-
 /**
- * Authority Information Access extension policy.
- * If this policy is enabled, it adds an authority
- * information access extension to the certificate.
- *
+ * Authority Information Access extension policy. If this policy is enabled, it
+ * adds an authority information access extension to the certificate.
+ * 
  * The following listed sample configuration parameters:
  * 
- * ca.Policy.impl.AuthInfoAccess.class=com.netscape.certsrv.policy.AuthInfoAccessExt
+ * ca.Policy.impl.AuthInfoAccess.class=com.netscape.certsrv.policy.
+ * AuthInfoAccessExt
  * ca.Policy.rule.aia.ad0_location=uriName:http://ocsp1.netscape.com
- * ca.Policy.rule.aia.ad0_method=ocsp
- * ca.Policy.rule.aia.ad1_location_type=URI
+ * ca.Policy.rule.aia.ad0_method=ocsp ca.Policy.rule.aia.ad1_location_type=URI
  * ca.Policy.rule.aia.ad1_location=http://ocsp2.netscape.com
- * ca.Policy.rule.aia.ad1_method=ocsp
- * ca.Policy.rule.aia.ad2_location=
- * ca.Policy.rule.aia.ad2_method=
- * ca.Policy.rule.aia.ad3_location=
- * ca.Policy.rule.aia.ad3_method=
- * ca.Policy.rule.aia.ad4_location=
- * ca.Policy.rule.aia.ad4_method=
- * ca.Policy.rule.aia.critical=true
- * ca.Policy.rule.aia.enable=true
- * ca.Policy.rule.aia.implName=AuthInfoAccess
+ * ca.Policy.rule.aia.ad1_method=ocsp ca.Policy.rule.aia.ad2_location=
+ * ca.Policy.rule.aia.ad2_method= ca.Policy.rule.aia.ad3_location=
+ * ca.Policy.rule.aia.ad3_method= ca.Policy.rule.aia.ad4_location=
+ * ca.Policy.rule.aia.ad4_method= ca.Policy.rule.aia.critical=true
+ * ca.Policy.rule.aia.enable=true ca.Policy.rule.aia.implName=AuthInfoAccess
  * ca.Policy.rule.aia.predicate=
- *
- * Currently, this policy only supports the following location:
- *  uriName:[URI], dirName:[DN]
+ * 
+ * Currently, this policy only supports the following location: uriName:[URI],
+ * dirName:[DN]
  * <P>
+ * 
  * <PRE>
  * NOTE:  The Policy Framework has been replaced by the Profile Framework.
  * </PRE>
  * <P>
- *
+ * 
  * @deprecated
  * @version $Revision$, $Date$
  */
-public class AuthInfoAccessExt extends APolicyRule implements 
+public class AuthInfoAccessExt extends APolicyRule implements
         IEnrollmentPolicy, IExtendedPluginInfo {
     protected static final String PROP_CRITICAL =
-        "critical";
+            "critical";
     protected static final String PROP_AD =
-        "ad";
+            "ad";
     protected static final String PROP_METHOD =
-        "method";
+            "method";
     protected static final String PROP_LOCATION =
-        "location";
+            "location";
     protected static final String PROP_LOCATION_TYPE =
-        "location_type";
+            "location_type";
 
     protected static final String PROP_NUM_ADS =
-        "numADs";
+            "numADs";
 
     public static final int MAX_AD = 5;
 
@@ -109,13 +102,13 @@ public class AuthInfoAccessExt extends APolicyRule implements
         Vector<String> v = new Vector<String>();
 
         v.addElement(PROP_CRITICAL +
-            ";boolean;RFC 2459 recommendation: This extension MUST be non-critical.");
+                ";boolean;RFC 2459 recommendation: This extension MUST be non-critical.");
         v.addElement(PROP_NUM_ADS +
-            ";number;The total number of access descriptions.");
+                ";number;The total number of access descriptions.");
         v.addElement(IExtendedPluginInfo.HELP_TEXT +
-            ";Adds Authority Info Access Extension. Defined in RFC 2459 " + "(4.2.2.1)");
+                ";Adds Authority Info Access Extension. Defined in RFC 2459 " + "(4.2.2.1)");
         v.addElement(IExtendedPluginInfo.HELP_TOKEN +
-            ";configuration-policyrules-authinfoaccess");
+                ";configuration-policyrules-authinfoaccess");
 
         for (int i = 0; i < MAX_AD; i++) {
             v.addElement(PROP_AD + Integer.toString(i) + "_" + PROP_METHOD + ";string;" + "A unique,valid OID specified in dot-separated numeric component notation. e.g. 1.3.6.1.5.5.7.48.1 (ocsp), 1.3.6.1.5.5.7.48.2 (caIssuers), 2.16.840.1.113730.1.16.1 (renewal)");
@@ -128,17 +121,17 @@ public class AuthInfoAccessExt extends APolicyRule implements
     /**
      * Initializes this policy rule.
      * <P>
-     *
+     * 
      * The entries may be of the form:
-     *
-     *      ca.Policy.rule.<ruleName>.implName=AuthInfoAccessExt
-     *      ca.Policy.rule.<ruleName>.enable=true
-     *      ca.Policy.rule.<ruleName>.predicate=
-     *
-     * @param config	The config store reference
+     * 
+     * ca.Policy.rule.<ruleName>.implName=AuthInfoAccessExt
+     * ca.Policy.rule.<ruleName>.enable=true
+     * ca.Policy.rule.<ruleName>.predicate=
+     * 
+     * @param config The config store reference
      */
     public void init(ISubsystem owner, IConfigStore config)
-        throws EBaseException {
+            throws EBaseException {
         mConfig = config;
     }
 
@@ -153,7 +146,7 @@ public class AuthInfoAccessExt extends APolicyRule implements
         //
         for (int i = 0;; i++) {
             ObjectIdentifier methodOID = null;
-            String method = mConfig.getString(PROP_AD + 
+            String method = mConfig.getString(PROP_AD +
                     Integer.toString(i) + "_" + PROP_METHOD, null);
 
             if (method == null)
@@ -162,10 +155,10 @@ public class AuthInfoAccessExt extends APolicyRule implements
             if (method.equals(""))
                 break;
 
-                //
-                // method ::= ocsp | caIssuers | <OID>
-                // OID ::= [object identifier]
-                //
+            //
+            // method ::= ocsp | caIssuers | <OID>
+            // OID ::= [object identifier]
+            //
             try {
                 if (method.equalsIgnoreCase("ocsp")) {
                     methodOID = ObjectIdentifier.getObjectIdentifier("1.3.6.1.5.5.7.48.1");
@@ -186,17 +179,17 @@ public class AuthInfoAccessExt extends APolicyRule implements
             // TAG ::= uriName | dirName
             // VALUE ::= [value defined by TAG]
             //
-            String location_type = mConfig.getString(PROP_AD + 
-                    Integer.toString(i) + 
+            String location_type = mConfig.getString(PROP_AD +
+                    Integer.toString(i) +
                     "_" + PROP_LOCATION_TYPE, null);
-            String location = mConfig.getString(PROP_AD + 
-                    Integer.toString(i) + 
+            String location = mConfig.getString(PROP_AD +
+                    Integer.toString(i) +
                     "_" + PROP_LOCATION, null);
 
             if (location == null)
                 break;
             GeneralName gn = CMS.form_GeneralName(location_type, location);
-            Vector<Serializable> e = new Vector<Serializable>(); 
+            Vector<Serializable> e = new Vector<Serializable>();
 
             e.addElement(methodOID);
             e.addElement(gn);
@@ -206,10 +199,10 @@ public class AuthInfoAccessExt extends APolicyRule implements
     }
 
     /**
-     * If this policy is enabled, add the authority information
-     * access extension to the certificate.
+     * If this policy is enabled, add the authority information access extension
+     * to the certificate.
      * <P>
-     *
+     * 
      * @param req The request on which to apply policy.
      * @return The policy result object.
      */
@@ -221,7 +214,7 @@ public class AuthInfoAccessExt extends APolicyRule implements
                 IRequest.CERT_INFO);
 
         if (ci == null) {
-            setError(req, CMS.getUserMessage("CMS_POLICY_NO_CERT_INFO", NAME), ""); 
+            setError(req, CMS.getUserMessage("CMS_POLICY_NO_CERT_INFO", NAME), "");
             return PolicyResult.REJECTED; // unrecoverable error.
         }
 
@@ -229,8 +222,8 @@ public class AuthInfoAccessExt extends APolicyRule implements
 
             certInfo = ci[j];
             if (certInfo == null) {
-                log(ILogger.LL_FAILURE, CMS.getLogMessage("POLICY_UNEXPECTED_POLICY_ERROR", NAME, "")); 
-                setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR", 
+                log(ILogger.LL_FAILURE, CMS.getLogMessage("POLICY_UNEXPECTED_POLICY_ERROR", NAME, ""));
+                setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR",
                         NAME, "Configuration Info Error"), "");
                 return PolicyResult.REJECTED; // unrecoverable error.
             }
@@ -238,19 +231,19 @@ public class AuthInfoAccessExt extends APolicyRule implements
             try {
                 // Find the extensions in the certInfo
                 CertificateExtensions extensions = (CertificateExtensions)
-                    certInfo.get(X509CertInfo.EXTENSIONS);
+                        certInfo.get(X509CertInfo.EXTENSIONS);
 
                 // add access descriptions
                 Enumeration<Vector<Serializable>> e = getAccessDescriptions();
 
                 if (!e.hasMoreElements()) {
                     return res;
-                }	
-	
+                }
+
                 if (extensions == null) {
                     // create extension if not exist
                     certInfo.set(X509CertInfo.VERSION,
-                        new CertificateVersion(CertificateVersion.V3));
+                            new CertificateVersion(CertificateVersion.V3));
                     extensions = new CertificateExtensions();
                     certInfo.set(X509CertInfo.EXTENSIONS, extensions);
                 } else {
@@ -263,12 +256,12 @@ public class AuthInfoAccessExt extends APolicyRule implements
                 }
 
                 // Create the extension
-                AuthInfoAccessExtension aiaExt = new 
-                    AuthInfoAccessExtension(mConfig.getBoolean(
-                            PROP_CRITICAL, false));
+                AuthInfoAccessExtension aiaExt = new
+                        AuthInfoAccessExtension(mConfig.getBoolean(
+                                PROP_CRITICAL, false));
 
                 while (e.hasMoreElements()) {
-                    Vector<Serializable> ad =  e.nextElement();
+                    Vector<Serializable> ad = e.nextElement();
                     ObjectIdentifier oid = (ObjectIdentifier) ad.elementAt(0);
                     GeneralName gn = (GeneralName) ad.elementAt(1);
 
@@ -278,17 +271,17 @@ public class AuthInfoAccessExt extends APolicyRule implements
 
             } catch (IOException e) {
                 log(ILogger.LL_FAILURE, CMS.getLogMessage("POLICY_UNEXPECTED_POLICY_ERROR", NAME, e.getMessage()));
-                setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR", 
+                setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR",
                         NAME, e.getMessage()), "");
                 return PolicyResult.REJECTED; // unrecoverable error.
             } catch (EBaseException e) {
                 log(ILogger.LL_FAILURE, CMS.getLogMessage("POLICY_UNEXPECTED_POLICY_ERROR", NAME, e.getMessage()));
-                setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR", 
+                setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR",
                         NAME, "Configuration Info Error"), "");
                 return PolicyResult.REJECTED; // unrecoverable error.
             } catch (CertificateException e) {
                 log(ILogger.LL_FAILURE, CMS.getLogMessage("POLICY_UNEXPECTED_POLICY_ERROR", NAME, e.getMessage()));
-                setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR", 
+                setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR",
                         NAME, "Certificate Info Error"), "");
                 return PolicyResult.REJECTED; // unrecoverable error.
             }
@@ -299,15 +292,15 @@ public class AuthInfoAccessExt extends APolicyRule implements
 
     /**
      * Return configured parameters for a policy rule instance.
-     *
+     * 
      * @return nvPairs A Vector of name/value pairs.
      */
-    public Vector<String> getInstanceParams() { 
+    public Vector<String> getInstanceParams() {
         Vector<String> params = new Vector<String>();
 
         try {
-            params.addElement(PROP_CRITICAL + "=" + 
-                mConfig.getBoolean(PROP_CRITICAL, false));
+            params.addElement(PROP_CRITICAL + "=" +
+                    mConfig.getBoolean(PROP_CRITICAL, false));
         } catch (EBaseException e) {
             params.addElement(PROP_CRITICAL + "=false");
         }
@@ -325,46 +318,46 @@ public class AuthInfoAccessExt extends APolicyRule implements
             String method = null;
 
             try {
-                method = mConfig.getString(PROP_AD + 
+                method = mConfig.getString(PROP_AD +
                             Integer.toString(i) + "_" + PROP_METHOD,
                             "");
             } catch (EBaseException e) {
             }
-            params.addElement(PROP_AD + 
-                Integer.toString(i) + 
-                "_" + PROP_METHOD + "=" + method);
+            params.addElement(PROP_AD +
+                    Integer.toString(i) +
+                    "_" + PROP_METHOD + "=" + method);
             String location_type = null;
 
             try {
-                location_type = mConfig.getString(PROP_AD + 
-                            Integer.toString(i) + "_" + PROP_LOCATION_TYPE, 
+                location_type = mConfig.getString(PROP_AD +
+                            Integer.toString(i) + "_" + PROP_LOCATION_TYPE,
                             IGeneralNameUtil.GENNAME_CHOICE_URL);
             } catch (EBaseException e) {
             }
-            params.addElement(PROP_AD + 
-                Integer.toString(i) + 
-                "_" + PROP_LOCATION_TYPE + "=" + location_type);
+            params.addElement(PROP_AD +
+                    Integer.toString(i) +
+                    "_" + PROP_LOCATION_TYPE + "=" + location_type);
             String location = null;
 
             try {
-                location = mConfig.getString(PROP_AD + 
-                            Integer.toString(i) + "_" + PROP_LOCATION, 
+                location = mConfig.getString(PROP_AD +
+                            Integer.toString(i) + "_" + PROP_LOCATION,
                             "");
             } catch (EBaseException e) {
             }
-            params.addElement(PROP_AD + 
-                Integer.toString(i) + 
-                "_" + PROP_LOCATION + "=" + location);
+            params.addElement(PROP_AD +
+                    Integer.toString(i) +
+                    "_" + PROP_LOCATION + "=" + location);
         }
         return params;
     }
 
     /**
      * Return default parameters for a policy implementation.
-     *
+     * 
      * @return nvPairs A Vector of name/value pairs.
      */
-    public Vector<String> getDefaultParams() { 
+    public Vector<String> getDefaultParams() {
         Vector<String> defParams = new Vector<String>();
 
         defParams.addElement(PROP_CRITICAL + "=false");
@@ -376,14 +369,13 @@ public class AuthInfoAccessExt extends APolicyRule implements
         // the CMS.cfg
         //
         for (int i = 0; i < MAX_AD; i++) {
-            defParams.addElement(PROP_AD + Integer.toString(i) + 
-                "_" + PROP_METHOD + "=");
-            defParams.addElement(PROP_AD + Integer.toString(i) + 
-                "_" + PROP_LOCATION_TYPE + "=" + IGeneralNameUtil.GENNAME_CHOICE_URL);
-            defParams.addElement(PROP_AD + Integer.toString(i) + 
-                "_" + PROP_LOCATION + "=");
+            defParams.addElement(PROP_AD + Integer.toString(i) +
+                    "_" + PROP_METHOD + "=");
+            defParams.addElement(PROP_AD + Integer.toString(i) +
+                    "_" + PROP_LOCATION_TYPE + "=" + IGeneralNameUtil.GENNAME_CHOICE_URL);
+            defParams.addElement(PROP_AD + Integer.toString(i) +
+                    "_" + PROP_LOCATION + "=");
         }
         return defParams;
     }
 }
-
diff --git a/pki/base/common/src/com/netscape/cms/policy/extensions/AuthorityKeyIdentifierExt.java b/pki/base/common/src/com/netscape/cms/policy/extensions/AuthorityKeyIdentifierExt.java
index 7ec05fec..3a651d58 100644
--- a/pki/base/common/src/com/netscape/cms/policy/extensions/AuthorityKeyIdentifierExt.java
+++ b/pki/base/common/src/com/netscape/cms/policy/extensions/AuthorityKeyIdentifierExt.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.policy.extensions;
 
-
 import java.io.IOException;
 import java.security.cert.CertificateException;
 import java.util.Locale;
@@ -45,21 +44,21 @@ import com.netscape.certsrv.request.IRequest;
 import com.netscape.certsrv.request.PolicyResult;
 import com.netscape.cms.policy.APolicyRule;
 
-
 /**
- * Authority Public Key Extension Policy
- * Adds the subject public key id extension to certificates. 
+ * Authority Public Key Extension Policy Adds the subject public key id
+ * extension to certificates.
  * <P>
+ * 
  * <PRE>
  * NOTE:  The Policy Framework has been replaced by the Profile Framework.
  * </PRE>
  * <P>
- *
+ * 
  * @deprecated
  * @version $Revision$, $Date$
  */
 public class AuthorityKeyIdentifierExt extends APolicyRule
-    implements IEnrollmentPolicy, IExtendedPluginInfo {
+        implements IEnrollmentPolicy, IExtendedPluginInfo {
     protected static final String PROP_CRITICAL = "critical";
     protected static final String PROP_ALT_KEYID_TYPE = "AltKeyIdType";
 
@@ -77,7 +76,7 @@ public class AuthorityKeyIdentifierExt extends APolicyRule
     protected boolean mCritical = DEF_CRITICAL;
     protected String mAltKeyIdType = DEF_ALT_KEYID_TYPE;
 
-    // the extension to add to certs. 
+    // the extension to add to certs.
     protected AuthorityKeyIdentifierExtension mTheExtension = null;
 
     // instance params for console
@@ -97,28 +96,25 @@ public class AuthorityKeyIdentifierExt extends APolicyRule
     }
 
     /**
-     * Initializes this policy rule.
-     * Reads configuration file and creates a authority key identifier 
-     * extension to add. Key identifier inside the extension is constructed as 
-     * the CA's subject key identifier extension if it exists. 
-     * If it does not exist this can be configured to use: 
-     * (1) sha-1 hash of the CA's subject public key info 
-     * (what communicator expects if the CA does not have a subject key 
-     * identifier extension) or (2) No extension set (3) Empty sequence
-     * in Authority Key Identifier extension.
-     *
+     * Initializes this policy rule. Reads configuration file and creates a
+     * authority key identifier extension to add. Key identifier inside the
+     * extension is constructed as the CA's subject key identifier extension if
+     * it exists. If it does not exist this can be configured to use: (1) sha-1
+     * hash of the CA's subject public key info (what communicator expects if
+     * the CA does not have a subject key identifier extension) or (2) No
+     * extension set (3) Empty sequence in Authority Key Identifier extension.
+     * 
      * <P>
-     *
+     * 
      * The entries may be of the form:
-     *
-     *      ca.Policy.rule.<ruleName>.predicate=
-     *      ca.Policy.rule.<ruleName>.implName=
-     *      ca.Policy.rule.<ruleName>.enable=true
-     *
-     * @param config	The config store reference
+     * 
+     * ca.Policy.rule.<ruleName>.predicate= ca.Policy.rule.<ruleName>.implName=
+     * ca.Policy.rule.<ruleName>.enable=true
+     * 
+     * @param config The config store reference
      */
     public void init(ISubsystem owner, IConfigStore config)
-        throws EBaseException {
+            throws EBaseException {
         mConfig = config;
 
         mEnabled = mConfig.getBoolean(
@@ -131,44 +127,44 @@ public class AuthorityKeyIdentifierExt extends APolicyRule
         if (mAltKeyIdType.equalsIgnoreCase(ALT_KEYID_TYPE_SPKISHA1))
             mAltKeyIdType = ALT_KEYID_TYPE_SPKISHA1;
 
-            /*
-             else if (mAltKeyIdType.equalsIgnoreCase(ALT_KEYID_TYPE_EMPTY))
-             mAltKeyIdType = ALT_KEYID_TYPE_EMPTY;
-             */
+        /*
+         * else if (mAltKeyIdType.equalsIgnoreCase(ALT_KEYID_TYPE_EMPTY))
+         * mAltKeyIdType = ALT_KEYID_TYPE_EMPTY;
+         */
         else if (mAltKeyIdType.equalsIgnoreCase(ALT_KEYID_TYPE_NONE))
             mAltKeyIdType = ALT_KEYID_TYPE_NONE;
         else {
             log(ILogger.LL_FAILURE, NAME +
-                CMS.getLogMessage("CA_UNKNOWN_ALT_KEY_ID_TYPE", mAltKeyIdType));
-            throw new EBaseException(CMS.getUserMessage("CMS_BASE_INVALID_ATTR_VALUE", PROP_ALT_KEYID_TYPE,  
+                    CMS.getLogMessage("CA_UNKNOWN_ALT_KEY_ID_TYPE", mAltKeyIdType));
+            throw new EBaseException(CMS.getUserMessage("CMS_BASE_INVALID_ATTR_VALUE", PROP_ALT_KEYID_TYPE,
                         "value must be one of " + ALT_KEYID_TYPE_SPKISHA1 + ", " + ALT_KEYID_TYPE_NONE));
         }
 
         // create authority key id extension.
         ICertAuthority certAuthority = (ICertAuthority)
-            ((IPolicyProcessor) owner).getAuthority();
+                ((IPolicyProcessor) owner).getAuthority();
 
         if (certAuthority == null) {
             // should never get here.
             String msg = NAME + ": " +
-                "Cannot find the Certificate Manager or Registration Manager";
+                    "Cannot find the Certificate Manager or Registration Manager";
 
             log(ILogger.LL_FAILURE, CMS.getLogMessage("CA_CANT_FIND_MANAGER"));
             throw new EBaseException(CMS.getUserMessage("CMS_BASE_INTERNAL_ERROR", msg));
         }
         if (!(certAuthority instanceof ICertificateAuthority)) {
             log(ILogger.LL_FAILURE, NAME +
-                CMS.getLogMessage("POLICY_INVALID_POLICY", NAME));
-            throw new EBaseException(CMS.getUserMessage("CMS_BASE_INTERNAL_ERROR", 
+                    CMS.getLogMessage("POLICY_INVALID_POLICY", NAME));
+            throw new EBaseException(CMS.getUserMessage("CMS_BASE_INTERNAL_ERROR",
                         NAME + " policy can only be used in a Certificate Authority."));
-        } 
-        //CertificateChain caChain = certAuthority.getCACertChain();
-        //X509Certificate caCert = caChain.getFirstCertificate();
+        }
+        // CertificateChain caChain = certAuthority.getCACertChain();
+        // X509Certificate caCert = caChain.getFirstCertificate();
         X509CertImpl caCert = certAuthority.getCACert();
-        if( caCert == null || CMS.isPreOpMode() ) {
+        if (caCert == null || CMS.isPreOpMode()) {
             return;
         }
-        KeyIdentifier keyId = formKeyIdentifier(caCert); 
+        KeyIdentifier keyId = formKeyIdentifier(caCert);
 
         if (keyId != null) {
             try {
@@ -176,7 +172,7 @@ public class AuthorityKeyIdentifierExt extends APolicyRule
                             mCritical, keyId, null, null);
             } catch (IOException e) {
                 String msg = NAME + ": " +
-                    "Error forming Authority Key Identifier extension: " + e;
+                        "Error forming Authority Key Identifier extension: " + e;
 
                 log(ILogger.LL_FAILURE, CMS.getLogMessage("POLICY_ERROR_AUTHORITY_KEY_ID_1", NAME));
                 throw new EBaseException(CMS.getUserMessage("CMS_BASE_INTERNAL_ERROR", msg));
@@ -184,33 +180,33 @@ public class AuthorityKeyIdentifierExt extends APolicyRule
         } else {
         }
 
-        // form instance params 
+        // form instance params
         mInstanceParams.addElement(PROP_CRITICAL + "=" + mCritical);
         mInstanceParams.addElement(PROP_ALT_KEYID_TYPE + "=" + mAltKeyIdType);
     }
 
     /**
-     * Adds Authority Key Identifier Extension to a certificate.
-     * If the extension is already there, accept it if it's from the agent, 
-     * else replace it.
-     *
-     * @param req	The request on which to apply policy.
+     * Adds Authority Key Identifier Extension to a certificate. If the
+     * extension is already there, accept it if it's from the agent, else
+     * replace it.
+     * 
+     * @param req The request on which to apply policy.
      * @return The policy result object.
      */
     public PolicyResult apply(IRequest req) {
         // get certInfo from request.
-        X509CertInfo[] ci = 
-            req.getExtDataInCertInfoArray(IRequest.CERT_INFO);
+        X509CertInfo[] ci =
+                req.getExtDataInCertInfoArray(IRequest.CERT_INFO);
 
         if (ci == null || ci[0] == null) {
             setError(req, CMS.getUserMessage("CMS_POLICY_NO_CERT_INFO", NAME), "");
-            return PolicyResult.REJECTED; 
+            return PolicyResult.REJECTED;
         }
 
         for (int i = 0; i < ci.length; i++) {
             PolicyResult certResult = applyCert(req, ci[i]);
 
-            if (certResult == PolicyResult.REJECTED) 
+            if (certResult == PolicyResult.REJECTED)
                 return certResult;
         }
         return PolicyResult.ACCEPTED;
@@ -219,11 +215,11 @@ public class AuthorityKeyIdentifierExt extends APolicyRule
     public PolicyResult applyCert(IRequest req, X509CertInfo certInfo) {
 
         try {
-            // if authority key id extension already exists, leave it if 
+            // if authority key id extension already exists, leave it if
             // from agent. else replace it.
             AuthorityKeyIdentifierExtension authorityKeyIdExt = null;
             CertificateExtensions extensions = (CertificateExtensions)
-                certInfo.get(X509CertInfo.EXTENSIONS);
+                    certInfo.get(X509CertInfo.EXTENSIONS);
 
             try {
                 if (extensions != null) {
@@ -231,65 +227,66 @@ public class AuthorityKeyIdentifierExt extends APolicyRule
                             extensions.get(AuthorityKeyIdentifierExtension.class.getSimpleName());
                 }
             } catch (IOException e) {
-                // extension isn't there. 
+                // extension isn't there.
             }
             if (authorityKeyIdExt != null) {
                 if (agentApproved(req)) {
                     CMS.debug(
-                        "AuthorityKeyIdentifierKeyExt: agent approved request id " + req.getRequestId() +
-                        " already has authority key id extension with value " +
-                        authorityKeyIdExt);
+                            "AuthorityKeyIdentifierKeyExt: agent approved request id " + req.getRequestId() +
+                                    " already has authority key id extension with value " +
+                                    authorityKeyIdExt);
                     return PolicyResult.ACCEPTED;
                 } else {
                     CMS.debug(
-                        "AuthorityKeyIdentifierKeyExt: request id from user " + req.getRequestId() +
-                        " had authority key identifier - deleted");
+                            "AuthorityKeyIdentifierKeyExt: request id from user " + req.getRequestId() +
+                                    " had authority key identifier - deleted");
                     extensions.delete(AuthorityKeyIdentifierExtension.class.getSimpleName());
                 }
             }
 
-            // if no authority key identifier should be set b/c CA does not 
-            // have a subject key identifier, return here. 
-            if (mTheExtension == null) 
+            // if no authority key identifier should be set b/c CA does not
+            // have a subject key identifier, return here.
+            if (mTheExtension == null)
                 return PolicyResult.ACCEPTED;
 
-                // add authority key id extension.
+            // add authority key id extension.
             if (extensions == null) {
                 certInfo.set(X509CertInfo.VERSION,
-                    new CertificateVersion(CertificateVersion.V3));
+                        new CertificateVersion(CertificateVersion.V3));
                 extensions = new CertificateExtensions();
                 certInfo.set(X509CertInfo.EXTENSIONS, extensions);
             }
             extensions.set(
-                AuthorityKeyIdentifierExtension.class.getSimpleName(), mTheExtension);
+                    AuthorityKeyIdentifierExtension.class.getSimpleName(), mTheExtension);
             CMS.debug(
-                "AuthorityKeyIdentifierKeyExt: added authority key id ext to request " + req.getRequestId());
+                    "AuthorityKeyIdentifierKeyExt: added authority key id ext to request " + req.getRequestId());
             return PolicyResult.ACCEPTED;
         } catch (IOException e) {
-            log(ILogger.LL_FAILURE, 
-                CMS.getLogMessage("POLICY_UNEXPECTED_POLICY_ERROR", NAME, e.toString()));
-            setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR", 
+            log(ILogger.LL_FAILURE,
+                    CMS.getLogMessage("POLICY_UNEXPECTED_POLICY_ERROR", NAME, e.toString()));
+            setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR",
                     NAME, e.getMessage()), "");
             return PolicyResult.REJECTED;
         } catch (CertificateException e) {
-            log(ILogger.LL_FAILURE, 
-                CMS.getLogMessage("BASE_INVALID_CERT", e.getMessage()));
-            setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR", 
+            log(ILogger.LL_FAILURE,
+                    CMS.getLogMessage("BASE_INVALID_CERT", e.getMessage()));
+            setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR",
                     NAME, "Certificate Info Error"), "");
             return PolicyResult.REJECTED;
         }
     }
 
     /**
-     * Form the Key Identifier in the Authority Key Identifier extension.
-     * from the CA's cert.
+     * Form the Key Identifier in the Authority Key Identifier extension. from
+     * the CA's cert.
      * <p>
+     * 
      * @param caCertImpl Certificate Info
      * @return A Key Identifier.
      * @throws com.netscape.certsrv.base.EBaseException on error
      */
     protected KeyIdentifier formKeyIdentifier(X509CertImpl caCertImpl)
-        throws EBaseException {
+            throws EBaseException {
         KeyIdentifier keyId = null;
 
         // get CA's certInfo.
@@ -298,50 +295,50 @@ public class AuthorityKeyIdentifierExt extends APolicyRule
         try {
             certInfo = (X509CertInfo) caCertImpl.get(
                         X509CertImpl.NAME + "." + X509CertImpl.INFO);
-            if (certInfo == null) { 
+            if (certInfo == null) {
                 String msg = "Bad CA certificate encountered. " +
-                    "TBS Certificate missing.";
+                        "TBS Certificate missing.";
 
                 log(ILogger.LL_FAILURE, CMS.getLogMessage("BASE_INVALID_CERT_FORMAT"));
                 throw new EBaseException(CMS.getUserMessage("CMS_BASE_INTERNAL_ERROR", NAME + ": " + msg));
             }
         } catch (CertificateException e) {
             log(ILogger.LL_FAILURE, NAME + ": " +
-                CMS.getLogMessage("BASE_DECODE_CERT_FAILED_1", e.toString()));
+                    CMS.getLogMessage("BASE_DECODE_CERT_FAILED_1", e.toString()));
             throw new EBaseException(CMS.getUserMessage("CMS_BASE_INTERNAL_ERROR",
                         NAME + " Error decoding the CA Certificate: " + e));
         }
 
         // get Key Id from CA's Subject Key Id extension in CA's CertInfo.
         keyId = getKeyIdentifier(certInfo);
-        if (keyId != null) 
+        if (keyId != null)
             return keyId;
 
-            // if none exists use the configured alternate.
+        // if none exists use the configured alternate.
         if (mAltKeyIdType == ALT_KEYID_TYPE_SPKISHA1) {
             keyId = formSpkiSHA1KeyId(certInfo);
         } /*
-         else if (mAltKeyIdType == ALT_KEYID_TYPE_EMPTY) {
-         keyId = formEmptyKeyId(certInfo);
-         }
-         */ else if (mAltKeyIdType == ALT_KEYID_TYPE_NONE) {
+           * else if (mAltKeyIdType == ALT_KEYID_TYPE_EMPTY) { keyId =
+           * formEmptyKeyId(certInfo); }
+           */else if (mAltKeyIdType == ALT_KEYID_TYPE_NONE) {
             keyId = null;
         } else {
-            throw new EBaseException(CMS.getUserMessage("CMS_BASE_INVALID_ATTR_VALUE",  
-                        mAltKeyIdType, 
+            throw new EBaseException(CMS.getUserMessage("CMS_BASE_INVALID_ATTR_VALUE",
+                        mAltKeyIdType,
                         "Unknown Alternate Key Identifier type."));
         }
         return keyId;
     }
 
     /**
-     * Get the Key Identifier in a subject key identifier extension from a 
+     * Get the Key Identifier in a subject key identifier extension from a
      * CertInfo.
+     * 
      * @param certInfo the CertInfo structure.
      * @return Key Identifier in a Subject Key Identifier extension if any.
      */
-    protected KeyIdentifier getKeyIdentifier(X509CertInfo certInfo) 
-        throws EBaseException {
+    protected KeyIdentifier getKeyIdentifier(X509CertInfo certInfo)
+            throws EBaseException {
         CertificateExtensions exts = null;
         SubjectKeyIdentifierExtension subjKeyIdExt = null;
         KeyIdentifier keyId = null;
@@ -357,7 +354,7 @@ public class AuthorityKeyIdentifierExt extends APolicyRule
             CMS.debug(NAME + ": " + "No extensions found. Error " + e);
             return null;
         }
-        if (exts == null) 
+        if (exts == null)
             return null;
 
         try {
@@ -366,7 +363,7 @@ public class AuthorityKeyIdentifierExt extends APolicyRule
         } catch (IOException e) {
             // extension isn't there.
             CMS.debug(
-                "AuthorityKeyIdentifierKeyExt: No Subject Key Identifier Extension found. Error: " + e);
+                    "AuthorityKeyIdentifierKeyExt: No Subject Key Identifier Extension found. Error: " + e);
             return null;
         }
         if (subjKeyIdExt == null)
@@ -376,9 +373,9 @@ public class AuthorityKeyIdentifierExt extends APolicyRule
             keyId = (KeyIdentifier) subjKeyIdExt.get(
                         SubjectKeyIdentifierExtension.KEY_ID);
         } catch (IOException e) {
-            // no key identifier in subject key id extension. 
+            // no key identifier in subject key id extension.
             String msg = NAME + ": " +
-                "Bad Subject Key Identifier Extension found. Error: " + e;
+                    "Bad Subject Key Identifier Extension found. Error: " + e;
 
             log(ILogger.LL_FAILURE, CMS.getLogMessage("POLICY_ERROR_AUTHORITY_KEY_ID_1", NAME));
             throw new EBaseException(CMS.getUserMessage("CMS_BASE_INTERNAL_ERROR", msg));
@@ -388,40 +385,39 @@ public class AuthorityKeyIdentifierExt extends APolicyRule
 
     /**
      * Return configured parameters for a policy rule instance.
-     *
+     * 
      * @return nvPairs A Vector of name/value pairs.
      */
-    public Vector<String> getInstanceParams() { 
+    public Vector<String> getInstanceParams() {
         return mInstanceParams;
     }
 
     /**
      * Return default parameters for a policy implementation.
-     *
+     * 
      * @return nvPairs A Vector of name/value pairs.
      */
-    public Vector<String> getDefaultParams() { 
+    public Vector<String> getDefaultParams() {
         return mDefaultParams;
     }
 
     public String[] getExtendedPluginInfo(Locale locale) {
         String[] params = {
                 PROP_CRITICAL + ";boolean;" +
-                "RFC 2459 recommendation: MUST NOT be marked critical.",
+                        "RFC 2459 recommendation: MUST NOT be marked critical.",
                 PROP_ALT_KEYID_TYPE + ";" +
-                "choice(" + ALT_KEYID_TYPE_SPKISHA1 + "," + ALT_KEYID_TYPE_NONE + ");" +
-                "Specifies whether to use a SHA1 hash of the CA's subject " +
-                "public key info for key identifier or leave out the " +
-                "authority key identifier extension if the CA certificate " +
-                "does not have a Subject Key Identifier extension.",
+                        "choice(" + ALT_KEYID_TYPE_SPKISHA1 + "," + ALT_KEYID_TYPE_NONE + ");" +
+                        "Specifies whether to use a SHA1 hash of the CA's subject " +
+                        "public key info for key identifier or leave out the " +
+                        "authority key identifier extension if the CA certificate " +
+                        "does not have a Subject Key Identifier extension.",
                 IExtendedPluginInfo.HELP_TOKEN +
-                ";configuration-policyrules-authkeyid",
+                        ";configuration-policyrules-authkeyid",
                 IExtendedPluginInfo.HELP_TEXT +
-                ";Adds Authority Key Identifier Extension. " +
-                "See RFC 2459 (4.2.1.1)"
+                        ";Adds Authority Key Identifier Extension. " +
+                        "See RFC 2459 (4.2.1.1)"
             };
 
         return params;
     }
 }
-
diff --git a/pki/base/common/src/com/netscape/cms/policy/extensions/BasicConstraintsExt.java b/pki/base/common/src/com/netscape/cms/policy/extensions/BasicConstraintsExt.java
index 1636902d..56062012 100644
--- a/pki/base/common/src/com/netscape/cms/policy/extensions/BasicConstraintsExt.java
+++ b/pki/base/common/src/com/netscape/cms/policy/extensions/BasicConstraintsExt.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.policy.extensions;
 
-
 import java.io.IOException;
 import java.security.cert.CertificateException;
 import java.security.cert.X509Certificate;
@@ -47,48 +46,46 @@ import com.netscape.certsrv.request.IRequest;
 import com.netscape.certsrv.request.PolicyResult;
 import com.netscape.cms.policy.APolicyRule;
 
-
 /**
- * Basic Constraints policy.
- * Adds the Basic constraints extension.
+ * Basic Constraints policy. Adds the Basic constraints extension.
  * <P>
+ * 
  * <PRE>
  * NOTE:  The Policy Framework has been replaced by the Profile Framework.
  * </PRE>
  * <P>
- *
+ * 
  * @deprecated
  * @version $Revision$, $Date$
  */
 public class BasicConstraintsExt extends APolicyRule
-    implements IEnrollmentPolicy, IExtendedPluginInfo {
+        implements IEnrollmentPolicy, IExtendedPluginInfo {
     protected static final String PROP_MAXPATHLEN = "maxPathLen";
     protected static final String PROP_IS_CA = "isCA";
     protected static final String PROP_IS_CRITICAL = "critical";
 
     protected static final String ARG_PATHLEN = "BasicConstraintsPathLen";
 
-    protected int mMaxPathLen = 0;	// < 0 means unlimited
+    protected int mMaxPathLen = 0; // < 0 means unlimited
     protected String mOrigMaxPathLen = ""; // for UI display only
     protected boolean mCritical = true;
-    protected int mDefaultMaxPathLen = 0;	// depends on the CA's path length.
-    protected int mCAPathLen = 0;	
+    protected int mDefaultMaxPathLen = 0; // depends on the CA's path length.
+    protected int mCAPathLen = 0;
     protected boolean mRemoveExt = true;
     protected boolean mIsCA = true;
 
     public static final boolean DEFAULT_CRITICALITY = true;
 
     /**
-     * Adds the basic constraints extension as a critical extension in 
-     * CA certificates i.e. certype is ca, with either a requested 
-     * or configured path len.
-     * The requested or configured path length cannot be greater than 
-     * or equal to the CA's basic constraints path length.
-     * If the CA path length is 0, all requests for CA certs are rejected.
+     * Adds the basic constraints extension as a critical extension in CA
+     * certificates i.e. certype is ca, with either a requested or configured
+     * path len. The requested or configured path length cannot be greater than
+     * or equal to the CA's basic constraints path length. If the CA path length
+     * is 0, all requests for CA certs are rejected.
      */
     public BasicConstraintsExt() {
         NAME = "BasicConstraintsExt";
-        DESC = 
+        DESC =
                 "Sets critical basic constraints extension in subordinate CA certs";
     }
 
@@ -96,54 +93,54 @@ public class BasicConstraintsExt extends APolicyRule
      * Initializes this policy rule.
      * <p>
      * The entries may be of the form:
-     *
-     *      ca.Policy.rule.<ruleName>.implName=BasicConstraintsExtImpl
-     *      ca.Policy.rule.<ruleName>.pathLen=<n>, -1 for undefined.
-     *      ca.Policy.rule.<ruleName>.enable=true
-     *
-     * @param config	The config store reference
+     * 
+     * ca.Policy.rule.<ruleName>.implName=BasicConstraintsExtImpl
+     * ca.Policy.rule.<ruleName>.pathLen=<n>, -1 for undefined.
+     * ca.Policy.rule.<ruleName>.enable=true
+     * 
+     * @param config The config store reference
      */
     public void init(ISubsystem owner, IConfigStore config)
-        throws EBaseException {
+            throws EBaseException {
 
         // get the CA's path len to check against configured max path len.
         ICertAuthority certAuthority = (ICertAuthority)
-            ((IPolicyProcessor) owner).getAuthority();
+                ((IPolicyProcessor) owner).getAuthority();
 
         if (certAuthority == null) {
             // should never get here.
             log(ILogger.LL_FAILURE, CMS.getLogMessage("CA_CANT_FIND_MANAGER"));
-            throw new EBaseException(CMS.getUserMessage("CMS_BASE_INTERNAL_ERROR", 
+            throw new EBaseException(CMS.getUserMessage("CMS_BASE_INTERNAL_ERROR",
                         "Cannot find the Certificate Manager or Registration Manager"));
         }
         if (certAuthority instanceof IRegistrationAuthority) {
-            log(ILogger.LL_WARN, 
-                "default basic constraints extension path len to -1.");
+            log(ILogger.LL_WARN,
+                    "default basic constraints extension path len to -1.");
             mCAPathLen = -1;
         } else {
             CertificateChain caChain = certAuthority.getCACertChain();
-            if( caChain == null || CMS.isPreOpMode() ) {
+            if (caChain == null || CMS.isPreOpMode()) {
                 return;
             }
             X509Certificate caCert = caChain.getFirstCertificate();
 
             mCAPathLen = caCert.getBasicConstraints();
         }
-        // set default to one less than the CA's pathlen or 0 if CA's 
-        // pathlen is 0. 
+        // set default to one less than the CA's pathlen or 0 if CA's
+        // pathlen is 0.
         // If it's unlimited default the max pathlen also to unlimited.
-        if (mCAPathLen < 0) 
+        if (mCAPathLen < 0)
             mDefaultMaxPathLen = -1;
-        else if (mCAPathLen > 0) 
+        else if (mCAPathLen > 0)
             mDefaultMaxPathLen = mCAPathLen - 1;
-        else // (mCAPathLen == 0)  
+        else // (mCAPathLen == 0)
         {
-            log(ILogger.LL_WARN, 
-                CMS.getLogMessage("POLICY_PATHLEN_ZERO"));
-            //return;
+            log(ILogger.LL_WARN,
+                    CMS.getLogMessage("POLICY_PATHLEN_ZERO"));
+            // return;
         }
 
-        // get configured max path len, use defaults if not configured. 
+        // get configured max path len, use defaults if not configured.
         boolean pathLenConfigured = true;
 
         try {
@@ -151,19 +148,19 @@ public class BasicConstraintsExt extends APolicyRule
             mIsCA = config.getBoolean(PROP_IS_CA, true);
             mMaxPathLen = config.getInteger(PROP_MAXPATHLEN);
             if (mMaxPathLen < 0) {
-                log(ILogger.LL_MISCONF, 
-                    CMS.getLogMessage("POLICY_INVALID_MAXPATHLEN_4", "",
-                        String.valueOf(mMaxPathLen)));
+                log(ILogger.LL_MISCONF,
+                        CMS.getLogMessage("POLICY_INVALID_MAXPATHLEN_4", "",
+                                String.valueOf(mMaxPathLen)));
                 throw new EPolicyException(
                         CMS.getUserMessage("CMS_POLICY_INVALID_MAXPATHLEN_1",
-                            NAME, String.valueOf(mMaxPathLen)));
+                                NAME, String.valueOf(mMaxPathLen)));
             }
             mOrigMaxPathLen = Integer.toString(mMaxPathLen);
         } catch (EBaseException e) {
-            if (!(e instanceof EPropertyNotFound) && 
-                !(e instanceof EPropertyNotDefined)) {
-                log(ILogger.LL_MISCONF, 
-                    CMS.getLogMessage("POLICY_INVALID_MAXPATHLEN"));
+            if (!(e instanceof EPropertyNotFound) &&
+                    !(e instanceof EPropertyNotDefined)) {
+                log(ILogger.LL_MISCONF,
+                        CMS.getLogMessage("POLICY_INVALID_MAXPATHLEN"));
                 throw e;
             }
 
@@ -175,53 +172,53 @@ public class BasicConstraintsExt extends APolicyRule
 
         // check if configured path len is valid.
         if (pathLenConfigured) {
-            // if CA's pathlen is unlimited, any max pathlen is ok. 
-            // else maxPathlen must be at most one less than the CA's 
-            // pathlen or 0 if CA's pathlen is 0. 
-
-            if (mCAPathLen > 0 && 
-                (mMaxPathLen >= mCAPathLen || mMaxPathLen < 0)) {
-                String maxStr = (mMaxPathLen < 0) ? 
-                    String.valueOf(mMaxPathLen) + "(unlimited)" :
-                    String.valueOf(mMaxPathLen);
-
-                log(ILogger.LL_MISCONF, 
-                    CMS.getLogMessage("POLICY_MAXPATHLEN_TOO_BIG_3", "",
-                        maxStr,
-                        String.valueOf(mCAPathLen)));
+            // if CA's pathlen is unlimited, any max pathlen is ok.
+            // else maxPathlen must be at most one less than the CA's
+            // pathlen or 0 if CA's pathlen is 0.
+
+            if (mCAPathLen > 0 &&
+                    (mMaxPathLen >= mCAPathLen || mMaxPathLen < 0)) {
+                String maxStr = (mMaxPathLen < 0) ?
+                        String.valueOf(mMaxPathLen) + "(unlimited)" :
+                        String.valueOf(mMaxPathLen);
+
+                log(ILogger.LL_MISCONF,
+                        CMS.getLogMessage("POLICY_MAXPATHLEN_TOO_BIG_3", "",
+                                maxStr,
+                                String.valueOf(mCAPathLen)));
                 throw new EPolicyException(
                         CMS.getUserMessage("CMS_POLICY_MAXPATHLEN_TOO_BIG_1",
-                            NAME, maxStr, Integer.toString(mCAPathLen)));
+                                NAME, maxStr, Integer.toString(mCAPathLen)));
             } else if (mCAPathLen == 0 && mMaxPathLen != 0) {
-                log(ILogger.LL_MISCONF, 
-                    CMS.getLogMessage("POLICY_INVALID_MAXPATHLEN_2", "", String.valueOf(mMaxPathLen))); 
+                log(ILogger.LL_MISCONF,
+                        CMS.getLogMessage("POLICY_INVALID_MAXPATHLEN_2", "", String.valueOf(mMaxPathLen)));
                 throw new EPolicyException(
                         CMS.getUserMessage("CMS_POLICY_INVALID_MAXPATHLEN",
-                            NAME, String.valueOf(mMaxPathLen)));
+                                NAME, String.valueOf(mMaxPathLen)));
             }
         }
 
     }
 
     /**
-     * Checks if the basic contraints extension in certInfo is valid and 
-     * add the basic constraints extension for CA certs if none exists.
-     * Non-CA certs do not get a basic constraints extension.
-     *
-     * @param req	The request on which to apply policy.
+     * Checks if the basic contraints extension in certInfo is valid and add the
+     * basic constraints extension for CA certs if none exists. Non-CA certs do
+     * not get a basic constraints extension.
+     * 
+     * @param req The request on which to apply policy.
      * @return The policy result object.
      */
     public PolicyResult apply(IRequest req) {
         PolicyResult res = PolicyResult.ACCEPTED;
 
         // get cert info.
-        X509CertInfo[] ci = 
-            req.getExtDataInCertInfoArray(IRequest.CERT_INFO);
+        X509CertInfo[] ci =
+                req.getExtDataInCertInfoArray(IRequest.CERT_INFO);
 
         X509CertInfo certInfo = null;
 
         if (ci == null || (certInfo = ci[0]) == null) {
-            setError(req, CMS.getUserMessage("CMS_POLICY_NO_CERT_INFO", NAME), ""); 
+            setError(req, CMS.getUserMessage("CMS_POLICY_NO_CERT_INFO", NAME), "");
             return PolicyResult.REJECTED; // unrecoverable error.
         }
 
@@ -229,24 +226,22 @@ public class BasicConstraintsExt extends APolicyRule
         boolean isCA = mIsCA;
 
         /**
-         boolean isCA = false;
-         String type = (String)req.get(IRequest.HTTP_PARAMS, IRequest.CERT_TYPE);
-         if (type != null && type.equalsIgnoreCase(IRequest.CA_CERT)) {
-         isCA = true;
-         }
+         * boolean isCA = false; String type =
+         * (String)req.get(IRequest.HTTP_PARAMS, IRequest.CERT_TYPE); if (type
+         * != null && type.equalsIgnoreCase(IRequest.CA_CERT)) { isCA = true; }
          **/
 
         for (int i = 0; i < ci.length; i++) {
             PolicyResult certResult = applyCert(req, isCA, certInfo);
 
-            if (certResult == PolicyResult.REJECTED) 
+            if (certResult == PolicyResult.REJECTED)
                 return certResult;
         }
         return PolicyResult.ACCEPTED;
     }
 
     public PolicyResult applyCert(
-        IRequest req, boolean isCA, X509CertInfo certInfo) {
+            IRequest req, boolean isCA, X509CertInfo certInfo) {
 
         // get basic constraints extension from cert info if any.
         CertificateExtensions extensions = null;
@@ -266,19 +261,19 @@ public class BasicConstraintsExt extends APolicyRule
             // no extensions or basic constraints extension.
         }
 
-        // for non-CA certs, pkix says it SHOULD NOT have the extension 
+        // for non-CA certs, pkix says it SHOULD NOT have the extension
         // so remove it.
         if (!isCA) {
             if (extensions == null) {
                 try {
                     // create extensions set if none.
-                    certInfo.set(X509CertInfo.VERSION, 
-                        new CertificateVersion(CertificateVersion.V3));
+                    certInfo.set(X509CertInfo.VERSION,
+                            new CertificateVersion(CertificateVersion.V3));
                     extensions = new CertificateExtensions();
                     certInfo.set(X509CertInfo.EXTENSIONS, extensions);
                 } catch (CertificateException e) {
                 } catch (IOException e) {
-                    // not possible 
+                    // not possible
                 }
             }
             if (basicExt != null) {
@@ -293,54 +288,54 @@ public class BasicConstraintsExt extends APolicyRule
             try {
                 critExt = new BasicConstraintsExtension(isCA, mCritical, mMaxPathLen);
             } catch (IOException e) {
-                log(ILogger.LL_FAILURE, 
-                    CMS.getLogMessage("POLICY_ERROR_BASIC_CONSTRAINTS_2",  
-                        e.toString()));
-                setError(req, 
-                    CMS.getUserMessage("CMS_POLICY_BASIC_CONSTRAINTS_ERROR", NAME), "");
+                log(ILogger.LL_FAILURE,
+                        CMS.getLogMessage("POLICY_ERROR_BASIC_CONSTRAINTS_2",
+                                e.toString()));
+                setError(req,
+                        CMS.getUserMessage("CMS_POLICY_BASIC_CONSTRAINTS_ERROR", NAME), "");
                 return PolicyResult.REJECTED; // unrecoverable error.
             }
- 
+
             try {
                 extensions.set(BasicConstraintsExtension.class.getSimpleName(), critExt);
             } catch (IOException e) {
             }
             CMS.debug(
-                "BasicConstraintsExt: PolicyRule BasicConstraintsExt: added the extension to request " +
-                req.getRequestId());
+                    "BasicConstraintsExt: PolicyRule BasicConstraintsExt: added the extension to request " +
+                            req.getRequestId());
             return PolicyResult.ACCEPTED;
         }
 
         // For CA certs, check if existing extension is valid, and adjust.
-        // Extension must be marked critial and pathlen must be < CA's pathlen. 
+        // Extension must be marked critial and pathlen must be < CA's pathlen.
         // if CA's pathlen is 0 all ca certs are rejected.
 
         if (mCAPathLen == 0) {
-            // reject all subordinate CA cert requests because CA's 
+            // reject all subordinate CA cert requests because CA's
             // path length is 0.
-            log(ILogger.LL_FAILURE, 
-                CMS.getLogMessage("POLICY_NO_SUB_CA_CERTS_ALLOWED_1", NAME));
-            setError(req, CMS.getUserMessage("CMS_POLICY_NO_SUB_CA_CERTS_ALLOWED", NAME), ""); 
+            log(ILogger.LL_FAILURE,
+                    CMS.getLogMessage("POLICY_NO_SUB_CA_CERTS_ALLOWED_1", NAME));
+            setError(req, CMS.getUserMessage("CMS_POLICY_NO_SUB_CA_CERTS_ALLOWED", NAME), "");
             return PolicyResult.REJECTED;
         }
 
-        if (basicExt != null) { 
+        if (basicExt != null) {
             try {
-                boolean extIsCA = 
-                    ((Boolean) basicExt.get(BasicConstraintsExtension.IS_CA)).booleanValue();
-                int pathLen = 
-                    ((Integer) basicExt.get(BasicConstraintsExtension.PATH_LEN)).intValue();
+                boolean extIsCA =
+                        ((Boolean) basicExt.get(BasicConstraintsExtension.IS_CA)).booleanValue();
+                int pathLen =
+                        ((Integer) basicExt.get(BasicConstraintsExtension.PATH_LEN)).intValue();
 
                 if (mMaxPathLen > -1) {
                     if (pathLen > mMaxPathLen || pathLen < 0) {
-                        log(ILogger.LL_FAILURE, 
-                            CMS.getLogMessage("POLICY_MAXPATHLEN_TOO_BIG_3", NAME, "unlimited", String.valueOf(pathLen))); 
-                        if (pathLen < 0) 
+                        log(ILogger.LL_FAILURE,
+                                CMS.getLogMessage("POLICY_MAXPATHLEN_TOO_BIG_3", NAME, "unlimited", String.valueOf(pathLen)));
+                        if (pathLen < 0)
                             setError(req, CMS.getUserMessage("CMS_POLICY_MAXPATHLEN_TOO_BIG",
                                     NAME, "unlimited", Integer.toString(mMaxPathLen)), "");
                         else
                             setError(req, CMS.getUserMessage("CMS_POLICY_MAXPATHLEN_TOO_BIG",
-                                    NAME, Integer.toString(pathLen), 
+                                    NAME, Integer.toString(pathLen),
                                     Integer.toString(mMaxPathLen)), "");
                         return PolicyResult.REJECTED;
                     }
@@ -348,20 +343,20 @@ public class BasicConstraintsExt extends APolicyRule
 
                 // adjust isCA field
                 if (!extIsCA) {
-                    basicExt.set(BasicConstraintsExtension.IS_CA, 
-                        Boolean.valueOf(true));
+                    basicExt.set(BasicConstraintsExtension.IS_CA,
+                            Boolean.valueOf(true));
                 }
 
                 // adjust path length field.
                 if (mMaxPathLen == 0) {
                     if (pathLen != 0) {
-                        basicExt.set(BasicConstraintsExtension.PATH_LEN, 
-                            Integer.valueOf(0));
+                        basicExt.set(BasicConstraintsExtension.PATH_LEN,
+                                Integer.valueOf(0));
                         pathLen = 0;
                     }
                 } else if (mMaxPathLen > 0 && pathLen > mMaxPathLen) {
-                    basicExt.set(BasicConstraintsExtension.PATH_LEN, 
-                        Integer.valueOf(mMaxPathLen));
+                    basicExt.set(BasicConstraintsExtension.PATH_LEN,
+                            Integer.valueOf(mMaxPathLen));
                     pathLen = mMaxPathLen;
                 }
 
@@ -372,10 +367,10 @@ public class BasicConstraintsExt extends APolicyRule
                     try {
                         critExt = new BasicConstraintsExtension(isCA, mCritical, pathLen);
                     } catch (IOException e) {
-                        log(ILogger.LL_FAILURE, 
-                            CMS.getLogMessage("POLICY_ERROR_BASIC_CONSTRAINTS_1", NAME));
-                        setError(req, 
-                            CMS.getUserMessage("CMS_POLICY_BASIC_CONSTRAINTS_ERROR", NAME), "");
+                        log(ILogger.LL_FAILURE,
+                                CMS.getLogMessage("POLICY_ERROR_BASIC_CONSTRAINTS_1", NAME));
+                        setError(req,
+                                CMS.getUserMessage("CMS_POLICY_BASIC_CONSTRAINTS_ERROR", NAME), "");
                         return PolicyResult.REJECTED; // unrecoverable error.
                     }
                     extensions.delete(BasicConstraintsExtension.class.getSimpleName());
@@ -385,8 +380,8 @@ public class BasicConstraintsExt extends APolicyRule
                 // not possible in these cases.
             }
             CMS.debug(
-                "BasicConstraintsExt: PolicyRule BasicConstraintsExt: added the extension to request " +
-                req.getRequestId());
+                    "BasicConstraintsExt: PolicyRule BasicConstraintsExt: added the extension to request " +
+                            req.getRequestId());
             return PolicyResult.ACCEPTED;
         }
 
@@ -394,14 +389,14 @@ public class BasicConstraintsExt extends APolicyRule
         if (extensions == null) {
             try {
                 // create extensions set if none.
-                certInfo.set(X509CertInfo.VERSION, 
-                    new CertificateVersion(CertificateVersion.V3));
+                certInfo.set(X509CertInfo.VERSION,
+                        new CertificateVersion(CertificateVersion.V3));
                 extensions = new CertificateExtensions();
                 certInfo.set(X509CertInfo.EXTENSIONS, extensions);
             } catch (CertificateException e) {
                 // not possible
             } catch (IOException e) {
-                // not possible 
+                // not possible
             }
         }
 
@@ -413,29 +408,29 @@ public class BasicConstraintsExt extends APolicyRule
         if (reqPathLenStr == null) {
             reqPathLen = mMaxPathLen;
         } else {
-            try { 
-                reqPathLen = Integer.parseInt(reqPathLenStr); 
+            try {
+                reqPathLen = Integer.parseInt(reqPathLenStr);
                 if ((mMaxPathLen == 0 && reqPathLen != 0) ||
-                    (mMaxPathLen > 0 && 
+                        (mMaxPathLen > 0 &&
                         (reqPathLen > mMaxPathLen || reqPathLen < 0))) {
-                    String plenStr = 
-                        ((reqPathLen < 0) ? 
-                            reqPathLenStr + "(unlimited)" : reqPathLenStr);
-
-                    log(ILogger.LL_FAILURE, 
-                        CMS.getLogMessage("POLICY_PATHLEN_TOO_BIG_3", plenStr,
-                            String.valueOf(mMaxPathLen)));
-                    setError(req, 
-                        CMS.getUserMessage("CMS_POLICY_PATHLEN_TOO_BIG",
-                            NAME, plenStr, String.valueOf(mMaxPathLen)), "");
+                    String plenStr =
+                            ((reqPathLen < 0) ?
+                                    reqPathLenStr + "(unlimited)" : reqPathLenStr);
+
+                    log(ILogger.LL_FAILURE,
+                            CMS.getLogMessage("POLICY_PATHLEN_TOO_BIG_3", plenStr,
+                                    String.valueOf(mMaxPathLen)));
+                    setError(req,
+                            CMS.getUserMessage("CMS_POLICY_PATHLEN_TOO_BIG",
+                                    NAME, plenStr, String.valueOf(mMaxPathLen)), "");
                     return PolicyResult.REJECTED;
                 }
             } catch (NumberFormatException e) {
-                log(ILogger.LL_FAILURE, 
-                    CMS.getLogMessage("POLICY_INVALID_PATHLEN_FORMAT_2", NAME, reqPathLenStr));
-                setError(req, CMS.getUserMessage("CMS_POLICY_INVALID_PATHLEN_FORMAT", 
+                log(ILogger.LL_FAILURE,
+                        CMS.getLogMessage("POLICY_INVALID_PATHLEN_FORMAT_2", NAME, reqPathLenStr));
+                setError(req, CMS.getUserMessage("CMS_POLICY_INVALID_PATHLEN_FORMAT",
                         NAME, reqPathLenStr), "");
-                return PolicyResult.REJECTED; 
+                return PolicyResult.REJECTED;
             }
         }
         BasicConstraintsExtension newExt;
@@ -443,29 +438,29 @@ public class BasicConstraintsExt extends APolicyRule
         try {
             newExt = new BasicConstraintsExtension(isCA, mCritical, reqPathLen);
         } catch (IOException e) {
-            log(ILogger.LL_FAILURE, 
-                CMS.getLogMessage("POLICY_ERROR_BASIC_CONSTRAINTS_2", e.toString()));
-            setError(req, 
-                CMS.getUserMessage("CMS_POLICY_BASIC_CONSTRAINTS_ERROR", NAME), "");
+            log(ILogger.LL_FAILURE,
+                    CMS.getLogMessage("POLICY_ERROR_BASIC_CONSTRAINTS_2", e.toString()));
+            setError(req,
+                    CMS.getUserMessage("CMS_POLICY_BASIC_CONSTRAINTS_ERROR", NAME), "");
             return PolicyResult.REJECTED; // unrecoverable error.
         }
         try {
             extensions.set(BasicConstraintsExtension.class.getSimpleName(), newExt);
-        }catch (IOException e) {
+        } catch (IOException e) {
             // doesn't happen.
         }
         CMS.debug(
-            "BasicConstraintsExt: added the extension to request " +
-            req.getRequestId());
+                "BasicConstraintsExt: added the extension to request " +
+                        req.getRequestId());
         return PolicyResult.ACCEPTED;
     }
 
     /**
      * Return configured parameters for a policy rule instance.
-     *
+     * 
      * @return nvPairs A Vector of name/value pairs.
      */
-    public Vector<String> getInstanceParams() { 
+    public Vector<String> getInstanceParams() {
         Vector<String> params = new Vector<String>();
 
         // Because of one of the UI bugs 385273, we should leave the empty space
@@ -478,10 +473,10 @@ public class BasicConstraintsExt extends APolicyRule
 
     /**
      * Return default parameters for a policy implementation.
-     *
+     * 
      * @return nvPairs A Vector of name/value pairs.
      */
-    public Vector<String> getDefaultParams() { 
+    public Vector<String> getDefaultParams() {
         Vector<String> defParams = new Vector<String>();
 
         defParams.addElement(PROP_IS_CRITICAL + "=true");
@@ -494,17 +489,16 @@ public class BasicConstraintsExt extends APolicyRule
         String[] params = {
                 PROP_MAXPATHLEN + ";number;'0' means : no subordinates allowed, 'n' means : at most n subordinates allowed.",
                 PROP_IS_CRITICAL + ";boolean;" +
-                "RFC 2459 recommendation: MUST be critical in CA certs, SHOULD NOT appear in EE certs.",
+                        "RFC 2459 recommendation: MUST be critical in CA certs, SHOULD NOT appear in EE certs.",
                 PROP_IS_CA + ";boolean;" +
-                "Identifies the subject of the certificate is a CA or not.",
+                        "Identifies the subject of the certificate is a CA or not.",
                 IExtendedPluginInfo.HELP_TOKEN +
-                ";configuration-policyrules-basicconstraints",
+                        ";configuration-policyrules-basicconstraints",
                 IExtendedPluginInfo.HELP_TEXT +
-                ";Adds the Basic Constraints extension. See RFC 2459 (4.2.1.10)"
+                        ";Adds the Basic Constraints extension. See RFC 2459 (4.2.1.10)"
             };
 
         return params;
     }
 
 }
-
diff --git a/pki/base/common/src/com/netscape/cms/policy/extensions/CRLDistributionPointsExt.java b/pki/base/common/src/com/netscape/cms/policy/extensions/CRLDistributionPointsExt.java
index 05d4a28e..688997df 100644
--- a/pki/base/common/src/com/netscape/cms/policy/extensions/CRLDistributionPointsExt.java
+++ b/pki/base/common/src/com/netscape/cms/policy/extensions/CRLDistributionPointsExt.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.policy.extensions;
 
-
 import java.io.IOException;
 import java.security.cert.CertificateException;
 import java.util.Hashtable;
@@ -50,18 +49,18 @@ import com.netscape.certsrv.request.IRequest;
 import com.netscape.certsrv.request.PolicyResult;
 import com.netscape.cms.policy.APolicyRule;
 
-
 /**
- * The type of the distribution point or issuer name. The name is expressed
- * as a simple string in the configuration file, so this attribute is needed
- * to tell whether the simple string should be stored in an X.500 Name,
- * a URL, or an RDN.
+ * The type of the distribution point or issuer name. The name is expressed as a
+ * simple string in the configuration file, so this attribute is needed to tell
+ * whether the simple string should be stored in an X.500 Name, a URL, or an
+ * RDN.
  * <P>
+ * 
  * <PRE>
  * NOTE:  The Policy Framework has been replaced by the Profile Framework.
  * </PRE>
  * <P>
- *
+ * 
  * @deprecated
  * @version $Revision$, $Date$
  */
@@ -69,7 +68,7 @@ class NameType {
     private NameType() {
     } // no default constructor
 
-    private String stringRep;  // string representation of this type
+    private String stringRep; // string representation of this type
 
     private NameType(String s) {
         map.put(s, this);
@@ -79,8 +78,8 @@ class NameType {
     private static Hashtable<String, NameType> map = new Hashtable<String, NameType>();
 
     /**
-     * Looks up a NameType from its string representation.  Returns null
-     * if no matching NameType was found.
+     * Looks up a NameType from its string representation. Returns null if no
+     * matching NameType was found.
      */
     public static NameType fromString(String s) {
         return map.get(s);
@@ -93,14 +92,13 @@ class NameType {
     public static final NameType DIRECTORY_NAME = new NameType("DirectoryName");
     public static final NameType URI = new NameType("URI");
     public static final NameType RELATIVE_TO_ISSUER =
-        new NameType("RelativeToIssuer");
+            new NameType("RelativeToIssuer");
 }
 
-
 /**
- * These are the parameters that may be given in the configuration file
- * for each distribution point. They are parsed by DPParamsToDP().
- * Any of them may be null.
+ * These are the parameters that may be given in the configuration file for each
+ * distribution point. They are parsed by DPParamsToDP(). Any of them may be
+ * null.
  */
 class DistPointParams {
     public String pointName;
@@ -124,13 +122,12 @@ class DistPointParams {
 
 }
 
-
 /**
- * CRL Distribution Points policy.
- * Adds the CRL Distribution Points extension to the certificate.
+ * CRL Distribution Points policy. Adds the CRL Distribution Points extension to
+ * the certificate.
  */
 public class CRLDistributionPointsExt extends APolicyRule
-    implements IEnrollmentPolicy, IExtendedPluginInfo {
+        implements IEnrollmentPolicy, IExtendedPluginInfo {
 
     public static final String PROP_IS_CRITICAL = "critical";
     public static final String PROP_NUM_POINTS = "numPoints";
@@ -173,29 +170,29 @@ public class CRLDistributionPointsExt extends APolicyRule
         // should replace MAX_POINTS with mNumPoints if bug 385118 is fixed
         for (int i = 0; i < MAX_POINTS; i++) {
             v.addElement(PROP_POINT_TYPE + Integer.toString(i) + ";choice(" +
-                "DirectoryName,URI,RelativeToIssuer);" +
-                "The type of the CRL distribution point.");
+                    "DirectoryName,URI,RelativeToIssuer);" +
+                    "The type of the CRL distribution point.");
             v.addElement(PROP_POINT_NAME + Integer.toString(i) + ";string;" +
-                "The name of the CRL distribution point depending on the CRLDP type.");
+                    "The name of the CRL distribution point depending on the CRLDP type.");
             v.addElement(PROP_REASONS + Integer.toString(i) + ";string;" +
-                "The revocation reasons for the CRL maintained at this distribution point. It's a comma-seperated list of the following constants: unused, keyCompromise, cACompromise, affiliationChanged, superseded, cessationOfOperation, certificateHold.");
+                    "The revocation reasons for the CRL maintained at this distribution point. It's a comma-seperated list of the following constants: unused, keyCompromise, cACompromise, affiliationChanged, superseded, cessationOfOperation, certificateHold.");
             v.addElement(PROP_ISSUER_TYPE + Integer.toString(i) + ";choice(" +
-                "DirectoryName,URI);" +
-                "The type of the issuer that has signed the CRL maintained at this distribution point.");
+                    "DirectoryName,URI);" +
+                    "The type of the issuer that has signed the CRL maintained at this distribution point.");
             v.addElement(PROP_ISSUER_NAME + Integer.toString(i) + ";string;" +
-                "The name of the issuer that has signed the CRL maintained at this distribution point. The value depends on the issuer type.");
+                    "The name of the issuer that has signed the CRL maintained at this distribution point. The value depends on the issuer type.");
         }
 
         v.addElement(PROP_NUM_POINTS +
-            ";number;The total number of CRL distribution points to be contained or allowed in the extension.");
+                ";number;The total number of CRL distribution points to be contained or allowed in the extension.");
         v.addElement(PROP_IS_CRITICAL +
-            ";boolean;RFC 2459 recommendation: SHOULD be non-critical. But recommends support for this extension by CAs and applications.");
+                ";boolean;RFC 2459 recommendation: SHOULD be non-critical. But recommends support for this extension by CAs and applications.");
         v.addElement(IExtendedPluginInfo.HELP_TOKEN +
-            ";configuration-policyrules-crldistributionpoints");
+                ";configuration-policyrules-crldistributionpoints");
         v.addElement(IExtendedPluginInfo.HELP_TEXT +
-            ";This policy inserts the CRL Distribution Points " +
-            "Extension into the certificate. See RFC 2459 (4.2.1.14). "
-        );
+                ";This policy inserts the CRL Distribution Points " +
+                "Extension into the certificate. See RFC 2459 (4.2.1.14). "
+                );
 
         mExtParams = com.netscape.cmsutil.util.Utils.getStringArrayFromVector(v);
     }
@@ -212,13 +209,13 @@ public class CRLDistributionPointsExt extends APolicyRule
      * Performs one-time initialization of the policy.
      */
     public void init(ISubsystem owner, IConfigStore config)
-        throws EBaseException {
+            throws EBaseException {
         // Register the CRL Distribution Points extension.
         try {
             netscape.security.x509.OIDMap.addAttribute(
-                CRLDistributionPointsExtension.class.getName(),
-                CRLDistributionPointsExtension.OID,
-                CRLDistributionPointsExtension.class.getSimpleName());
+                    CRLDistributionPointsExtension.class.getName(),
+                    CRLDistributionPointsExtension.OID,
+                    CRLDistributionPointsExtension.class.getSimpleName());
         } catch (CertificateException e) {
             // ignore, just means it has already been added
         }
@@ -269,11 +266,11 @@ public class CRLDistributionPointsExt extends APolicyRule
     }
 
     /**
-     * Parses the parameters in the config file to create an
-     * actual CRL Distribution Point object.
+     * Parses the parameters in the config file to create an actual CRL
+     * Distribution Point object.
      */
     private CRLDistributionPoint DPParamsToDP(DistPointParams params)
-        throws EBaseException {
+            throws EBaseException {
         CRLDistributionPoint crlDP = new CRLDistributionPoint();
 
         try {
@@ -337,14 +334,14 @@ public class CRLDistributionPointsExt extends APolicyRule
 
                     if (r == null) {
                         log(ILogger.LL_FAILURE, CMS.getLogMessage("CA_UNKNOWN_REASON", s));
-                        throw new EBaseException("Unknown reason: " + s);    
+                        throw new EBaseException("Unknown reason: " + s);
                     } else {
                         reasonBits |= r.getBitMask();
                     }
                 }
                 if (reasonBits != 0) {
                     BitArray ba = new BitArray(8, new byte[] { reasonBits }
-                        );
+                            );
 
                     crlDP.setReasons(ba);
                 }
@@ -421,15 +418,15 @@ public class CRLDistributionPointsExt extends APolicyRule
         try {
             // find the extensions in the certInfo
             CertificateExtensions extensions = (CertificateExtensions)
-                certInfo.get(X509CertInfo.EXTENSIONS);
+                    certInfo.get(X509CertInfo.EXTENSIONS);
 
             // prepare the extensions data structure
             if (extensions == null) {
                 certInfo.set(X509CertInfo.VERSION,
-                    new CertificateVersion(CertificateVersion.V3));
+                        new CertificateVersion(CertificateVersion.V3));
                 extensions = new CertificateExtensions();
                 certInfo.set(X509CertInfo.VERSION,
-                    new CertificateVersion(CertificateVersion.V3));
+                        new CertificateVersion(CertificateVersion.V3));
                 certInfo.set(X509CertInfo.EXTENSIONS, extensions);
             } else {
                 // remove any previously computed version of the extension
@@ -446,13 +443,13 @@ public class CRLDistributionPointsExt extends APolicyRule
         } catch (IOException e) {
             log(ILogger.LL_FAILURE, CMS.getLogMessage("POLICY_UNEXPECTED_POLICY_ERROR", NAME, e.getMessage()));
             setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"), NAME,
-                e.getMessage());
+                    e.getMessage());
             return PolicyResult.REJECTED;
         } catch (CertificateException e) {
             log(ILogger.LL_FAILURE, CMS.getLogMessage("CA_CERT_INFO_ERROR",
                     e.getMessage()));
             setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"), NAME,
-                e.getMessage());
+                    e.getMessage());
             return PolicyResult.REJECTED;
         }
     }
@@ -471,7 +468,7 @@ public class CRLDistributionPointsExt extends APolicyRule
 
     /**
      * Return configured parameters for a policy rule instance.
-     *
+     * 
      * @return nvPairs A Vector of name/value pairs.
      */
     public Vector<String> getInstanceParams() {
diff --git a/pki/base/common/src/com/netscape/cms/policy/extensions/CertificatePoliciesExt.java b/pki/base/common/src/com/netscape/cms/policy/extensions/CertificatePoliciesExt.java
index 1e61c4ad..c4384e75 100644
--- a/pki/base/common/src/com/netscape/cms/policy/extensions/CertificatePoliciesExt.java
+++ b/pki/base/common/src/com/netscape/cms/policy/extensions/CertificatePoliciesExt.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.policy.extensions;
 
-
 import java.io.IOException;
 import java.security.cert.CertificateException;
 import java.util.Locale;
@@ -50,21 +49,20 @@ import com.netscape.certsrv.request.IRequest;
 import com.netscape.certsrv.request.PolicyResult;
 import com.netscape.cms.policy.APolicyRule;
 
-
 /**
- * Certificate Policies.
- * Adds certificate policies extension.
+ * Certificate Policies. Adds certificate policies extension.
  * <P>
+ * 
  * <PRE>
  * NOTE:  The Policy Framework has been replaced by the Profile Framework.
  * </PRE>
  * <P>
- *
+ * 
  * @deprecated
  * @version $Revision$, $Date$
  */
 public class CertificatePoliciesExt extends APolicyRule
-    implements IEnrollmentPolicy, IExtendedPluginInfo {
+        implements IEnrollmentPolicy, IExtendedPluginInfo {
     protected static final String PROP_CRITICAL = "critical";
     protected static final String PROP_NUM_CERTPOLICIES = "numCertPolicies";
 
@@ -91,17 +89,16 @@ public class CertificatePoliciesExt extends APolicyRule
     /**
      * Initializes this policy rule.
      * <P>
-     *
+     * 
      * The entries may be of the form:
-     *
-     *      ca.Policy.rule.<ruleName>.predicate=certType==ca
-     *      ca.Policy.rule.<ruleName>.implName=
-     *      ca.Policy.rule.<ruleName>.enable=true
-     *
-     * @param config	The config store reference
+     * 
+     * ca.Policy.rule.<ruleName>.predicate=certType==ca
+     * ca.Policy.rule.<ruleName>.implName= ca.Policy.rule.<ruleName>.enable=true
+     * 
+     * @param config The config store reference
      */
     public void init(ISubsystem owner, IConfigStore config)
-        throws EBaseException {
+            throws EBaseException {
         mConfig = config;
 
         mEnabled = mConfig.getBoolean(
@@ -117,7 +114,7 @@ public class CertificatePoliciesExt extends APolicyRule
                         "value must be greater than or equal to 1"));
         }
 
-        // init Policy Mappings, check values if enabled. 
+        // init Policy Mappings, check values if enabled.
         mCertPolicies = new CertPolicy[mNumCertPolicies];
         for (int i = 0; i < mNumCertPolicies; i++) {
             String subtreeName = PROP_CERTPOLICY + i;
@@ -126,7 +123,7 @@ public class CertificatePoliciesExt extends APolicyRule
                 mCertPolicies[i] = new CertPolicy(subtreeName, mConfig, mEnabled);
             } catch (EBaseException e) {
                 log(ILogger.LL_FAILURE, NAME + ": " +
-                    CMS.getLogMessage("POLICY_ERROR_CREATE_CERT_POLICY", e.toString()));
+                        CMS.getLogMessage("POLICY_ERROR_CREATE_CERT_POLICY", e.toString()));
                 throw e;
             }
         }
@@ -138,21 +135,21 @@ public class CertificatePoliciesExt extends APolicyRule
 
                 for (int j = 0; j < mNumCertPolicies; j++) {
                     CertPolicies.addElement(
-                        mCertPolicies[j].mCertificatePolicyInfo);
+                            mCertPolicies[j].mCertificatePolicyInfo);
                 }
-                mCertificatePoliciesExtension = 
+                mCertificatePoliciesExtension =
                         new CertificatePoliciesExtension(mCritical, CertPolicies);
             } catch (IOException e) {
                 throw new EBaseException(
                         CMS.getUserMessage("CMS_BASE_INTERNAL_ERROR",
-                            "Error initializing " + NAME + " Error: " + e));
+                                "Error initializing " + NAME + " Error: " + e));
             }
         }
 
-        // form instance params 
+        // form instance params
         mInstanceParams.addElement(PROP_CRITICAL + "=" + mCritical);
         mInstanceParams.addElement(
-            PROP_NUM_CERTPOLICIES + "=" + mNumCertPolicies);
+                PROP_NUM_CERTPOLICIES + "=" + mNumCertPolicies);
         for (int i = 0; i < mNumCertPolicies; i++) {
             mCertPolicies[i].getInstanceParams(mInstanceParams);
         }
@@ -161,19 +158,19 @@ public class CertificatePoliciesExt extends APolicyRule
     /**
      * Applies the policy on the given Request.
      * <p>
-     *
-     * @param req	The request on which to apply policy.
+     * 
+     * @param req The request on which to apply policy.
      * @return The policy result object.
      */
     public PolicyResult apply(IRequest req) {
 
         // get certInfo from request.
-        X509CertInfo[] ci = 
-            req.getExtDataInCertInfoArray(IRequest.CERT_INFO);
-		
+        X509CertInfo[] ci =
+                req.getExtDataInCertInfoArray(IRequest.CERT_INFO);
+
         if (ci == null || ci[0] == null) {
             setError(req, CMS.getUserMessage("CMS_POLICY_NO_CERT_INFO"), NAME);
-            return PolicyResult.REJECTED; 
+            return PolicyResult.REJECTED;
         }
 
         for (int i = 0; i < ci.length; i++) {
@@ -194,8 +191,8 @@ public class CertificatePoliciesExt extends APolicyRule
             if (extensions == null) {
                 extensions = new CertificateExtensions();
                 try {
-                    certInfo.set(X509CertInfo.VERSION, 
-                        new CertificateVersion(CertificateVersion.V3));
+                    certInfo.set(X509CertInfo.VERSION,
+                            new CertificateVersion(CertificateVersion.V3));
                     certInfo.set(X509CertInfo.EXTENSIONS, extensions);
                 } catch (Exception e) {
                 }
@@ -204,8 +201,9 @@ public class CertificatePoliciesExt extends APolicyRule
                 try {
                     extensions.delete(CertificatePoliciesExtension.class.getSimpleName());
                 } catch (IOException e) {
-                    // this is the hack: for some reason, the key which is the name
-                    // of the policy has been converted into the OID 
+                    // this is the hack: for some reason, the key which is the
+                    // name
+                    // of the policy has been converted into the OID
                     try {
                         extensions.delete("2.5.29.32");
                     } catch (IOException ee) {
@@ -213,24 +211,24 @@ public class CertificatePoliciesExt extends APolicyRule
                 }
             }
             extensions.set(CertificatePoliciesExtension.class.getSimpleName(),
-                mCertificatePoliciesExtension);
+                    mCertificatePoliciesExtension);
         } catch (IOException e) {
             log(ILogger.LL_FAILURE, CMS.getLogMessage("POLICY_ERROR_CERTIFICATE_POLICIES_1",
                     e.toString()));
             setError(req,
-                CMS.getUserMessage("CMS_POLICY_CERTIFICATE_POLICIES_ERROR"), NAME);
+                    CMS.getUserMessage("CMS_POLICY_CERTIFICATE_POLICIES_ERROR"), NAME);
             return PolicyResult.REJECTED;
         } catch (CertificateException e) {
             log(ILogger.LL_FAILURE, CMS.getLogMessage("POLICY_ERROR_CERTIFICATE_POLICIES_1",
                     e.toString()));
             setError(req,
-                CMS.getUserMessage("CMS_POLICY_CERTIFICATE_POLICIES_ERROR"), NAME);
+                    CMS.getUserMessage("CMS_POLICY_CERTIFICATE_POLICIES_ERROR"), NAME);
             return PolicyResult.REJECTED;
         } catch (Exception e) {
             log(ILogger.LL_FAILURE, CMS.getLogMessage("POLICY_ERROR_CERTIFICATE_POLICIES_1",
                     e.toString()));
             setError(req,
-                CMS.getUserMessage("CMS_POLICY_CERTIFICATE_POLICIES_ERROR"), NAME);
+                    CMS.getUserMessage("CMS_POLICY_CERTIFICATE_POLICIES_ERROR"), NAME);
             return PolicyResult.REJECTED;
         }
         return PolicyResult.ACCEPTED;
@@ -238,51 +236,50 @@ public class CertificatePoliciesExt extends APolicyRule
 
     /**
      * Return configured parameters for a policy rule instance.
-     *
+     * 
      * @return nvPairs A Vector of name/value pairs.
      */
-    public Vector<String> getInstanceParams() { 
+    public Vector<String> getInstanceParams() {
         return mInstanceParams;
     }
 
     /**
-     * Default config parameters. 
-     * To add more permitted or excluded subtrees, 
-     * increase the num to greater than 0 and more configuration params 
-     * will show up in the console.
+     * Default config parameters. To add more permitted or excluded subtrees,
+     * increase the num to greater than 0 and more configuration params will
+     * show up in the console.
      */
     private static Vector<String> mDefParams = new Vector<String>();
     static {
         mDefParams.addElement(PROP_CRITICAL + "=" + DEF_CRITICAL);
         mDefParams.addElement(
-            PROP_NUM_CERTPOLICIES + "=" + DEF_NUM_CERTPOLICIES);
+                PROP_NUM_CERTPOLICIES + "=" + DEF_NUM_CERTPOLICIES);
         String certPolicy0Dot = PROP_CERTPOLICY + "0.";
 
         mDefParams.addElement(
-            certPolicy0Dot + CertPolicy.PROP_POLICY_IDENTIFIER + "=" + "");
+                certPolicy0Dot + CertPolicy.PROP_POLICY_IDENTIFIER + "=" + "");
         mDefParams.addElement(
-            certPolicy0Dot + CertPolicy.PROP_NOTICE_REF_ORG + "=" + "");
+                certPolicy0Dot + CertPolicy.PROP_NOTICE_REF_ORG + "=" + "");
         mDefParams.addElement(
-            certPolicy0Dot + CertPolicy.PROP_NOTICE_REF_NUMS + "=" + "");
+                certPolicy0Dot + CertPolicy.PROP_NOTICE_REF_NUMS + "=" + "");
         mDefParams.addElement(
-            certPolicy0Dot + CertPolicy.PROP_USER_NOTICE_TEXT + "=" + "");
+                certPolicy0Dot + CertPolicy.PROP_USER_NOTICE_TEXT + "=" + "");
         mDefParams.addElement(
-            certPolicy0Dot + CertPolicy.PROP_CPS_URI + "=" + "");
+                certPolicy0Dot + CertPolicy.PROP_CPS_URI + "=" + "");
 
     }
 
     /**
      * Return default parameters for a policy implementation.
-     *
+     * 
      * @return nvPairs A Vector of name/value pairs.
      */
-    public Vector<String> getDefaultParams() { 
+    public Vector<String> getDefaultParams() {
         return mDefParams;
     }
 
     public String[] getExtendedPluginInfo(Locale locale) {
         Vector<String> theparams = new Vector<String>();
-		
+
         theparams.addElement(PROP_CRITICAL + ";boolean;RFC 3280 recommendation: MUST be non-critical.");
         theparams.addElement(PROP_NUM_CERTPOLICIES + ";number; Number of certificate policies. The value must be greater than or equal to 1");
 
@@ -290,22 +287,22 @@ public class CertificatePoliciesExt extends APolicyRule
             String certPolicykDot = PROP_CERTPOLICY + k + ".";
 
             theparams.addElement(certPolicykDot +
-                CertPolicy.PROP_POLICY_IDENTIFIER + ";string,required;An object identifier in the form n.n.n.n");
+                    CertPolicy.PROP_POLICY_IDENTIFIER + ";string,required;An object identifier in the form n.n.n.n");
             theparams.addElement(certPolicykDot +
-                CertPolicy.PROP_NOTICE_REF_ORG + ";string;See RFC 3280 sec 4.2.1.5");
+                    CertPolicy.PROP_NOTICE_REF_ORG + ";string;See RFC 3280 sec 4.2.1.5");
             theparams.addElement(certPolicykDot +
-                CertPolicy.PROP_NOTICE_REF_NUMS +
-                ";string;comma-separated list of numbers. See RFC 3280 sec 4.2.1.5");
+                    CertPolicy.PROP_NOTICE_REF_NUMS +
+                    ";string;comma-separated list of numbers. See RFC 3280 sec 4.2.1.5");
             theparams.addElement(certPolicykDot +
-                CertPolicy.PROP_USER_NOTICE_TEXT + ";string;See RFC 3280 sec 4.2.1.5");
+                    CertPolicy.PROP_USER_NOTICE_TEXT + ";string;See RFC 3280 sec 4.2.1.5");
             theparams.addElement(certPolicykDot +
-                CertPolicy.PROP_CPS_URI + ";string;See RFC 3280 sec 4.2.1.5");
+                    CertPolicy.PROP_CPS_URI + ";string;See RFC 3280 sec 4.2.1.5");
         }
 
         theparams.addElement(IExtendedPluginInfo.HELP_TOKEN +
-            ";configuration-policyrules-certificatepolicies");
+                ";configuration-policyrules-certificatepolicies");
         theparams.addElement(IExtendedPluginInfo.HELP_TEXT +
-            ";Adds Certificate Policies Extension. See RFC 3280 (4.2.1.5)");
+                ";Adds Certificate Policies Extension. See RFC 3280 (4.2.1.5)");
 
         String[] params = new String[theparams.size()];
 
@@ -314,7 +311,6 @@ public class CertificatePoliciesExt extends APolicyRule
     }
 }
 
-
 class CertPolicy {
 
     protected static final String PROP_POLICY_IDENTIFIER = "policyId";
@@ -337,34 +333,35 @@ class CertPolicy {
 
     /**
      * forms policy map parameters.
+     * 
      * @param name name of this policy map, for example certPolicy0
      * @param config parent's config from where we find this configuration.
      * @param enabled whether policy was enabled.
      */
-    protected CertPolicy(String name, IConfigStore config, boolean enabled) 
-        throws EBaseException {
+    protected CertPolicy(String name, IConfigStore config, boolean enabled)
+            throws EBaseException {
         mName = name;
         mConfig = config.getSubStore(mName);
         mNameDot = mName + ".";
 
-        if( mConfig == null ) {
-            CMS.debug( "CertificatePoliciesExt::CertPolicy - mConfig is " +
-                       "null!" );
-            throw new EBaseException( "mConfig is null" );
+        if (mConfig == null) {
+            CMS.debug("CertificatePoliciesExt::CertPolicy - mConfig is " +
+                       "null!");
+            throw new EBaseException("mConfig is null");
         }
 
         // if there's no configuration for this policy put it there.
         if (mConfig.size() == 0) {
-            config.putString(mNameDot + PROP_POLICY_IDENTIFIER, ""); 
-            config.putString(mNameDot + PROP_NOTICE_REF_ORG, ""); 
-            config.putString(mNameDot + PROP_NOTICE_REF_NUMS, ""); 
-            config.putString(mNameDot + PROP_USER_NOTICE_TEXT, ""); 
-            config.putString(mNameDot + PROP_CPS_URI, ""); 
+            config.putString(mNameDot + PROP_POLICY_IDENTIFIER, "");
+            config.putString(mNameDot + PROP_NOTICE_REF_ORG, "");
+            config.putString(mNameDot + PROP_NOTICE_REF_NUMS, "");
+            config.putString(mNameDot + PROP_USER_NOTICE_TEXT, "");
+            config.putString(mNameDot + PROP_CPS_URI, "");
             mConfig = config.getSubStore(mName);
-            if(mConfig == null || mConfig.size() == 0) {
-	            CMS.debug( "CertificatePoliciesExt::CertPolicy - mConfig " +
-                           "is null or empty!" );
-                throw new EBaseException( "mConfig is null or empty" );
+            if (mConfig == null || mConfig.size() == 0) {
+                CMS.debug("CertificatePoliciesExt::CertPolicy - mConfig " +
+                           "is null or empty!");
+                throw new EBaseException("mConfig is null or empty");
             }
         }
 
@@ -376,28 +373,28 @@ class CertPolicy {
         mCpsUri = mConfig.getString(PROP_CPS_URI, null);
 
         // adjust for "" and console returning "null"
-        if (mPolicyId != null && 
-            (mPolicyId.length() == 0 || 
+        if (mPolicyId != null &&
+                (mPolicyId.length() == 0 ||
                 mPolicyId.equals("null"))) {
             mPolicyId = null;
         }
-        if (mNoticeRefOrg != null && 
-            (mNoticeRefOrg.length() == 0 || 
+        if (mNoticeRefOrg != null &&
+                (mNoticeRefOrg.length() == 0 ||
                 mNoticeRefOrg.equals("null"))) {
             mNoticeRefOrg = null;
         }
-        if (mNoticeRefNums != null && 
-            (mNoticeRefNums.length() == 0 || 
+        if (mNoticeRefNums != null &&
+                (mNoticeRefNums.length() == 0 ||
                 mNoticeRefNums.equals("null"))) {
             mNoticeRefNums = null;
         }
-        if (mNoticeRefExplicitText != null && 
-            (mNoticeRefExplicitText.length() == 0 || 
+        if (mNoticeRefExplicitText != null &&
+                (mNoticeRefExplicitText.length() == 0 ||
                 mNoticeRefExplicitText.equals("null"))) {
             mNoticeRefExplicitText = null;
         }
-        if (mCpsUri != null && 
-            (mCpsUri.length() == 0 || 
+        if (mCpsUri != null &&
+                (mCpsUri.length() == 0 ||
                 mCpsUri.equals("null"))) {
             mCpsUri = null;
         }
@@ -405,42 +402,44 @@ class CertPolicy {
         // policy ids cannot be null if policy is enabled.
         String msg = "value cannot be null.";
 
-        if (mPolicyId == null && enabled) 
+        if (mPolicyId == null && enabled)
             throw new EBaseException(CMS.getUserMessage("CMS_BASE_INVALID_ATTR_VALUE",
                         mNameDot + PROP_POLICY_IDENTIFIER, msg));
         msg = "NoticeReference is optional; If chosen to include, NoticeReference must at least has 'organization'";
-        if (mNoticeRefOrg == null && mNoticeRefNums != null && enabled) 
+        if (mNoticeRefOrg == null && mNoticeRefNums != null && enabled)
             throw new EBaseException(CMS.getUserMessage("CMS_BASE_INVALID_ATTR_VALUE",
                         mNameDot + PROP_NOTICE_REF_ORG, msg));
-		
-            // if a policy id is not null check that it is a valid OID.
+
+        // if a policy id is not null check that it is a valid OID.
         ObjectIdentifier policyId = null;
 
-        if (mPolicyId != null) 
+        if (mPolicyId != null)
             policyId = CMS.checkOID(
                         mNameDot + PROP_POLICY_IDENTIFIER, mPolicyId);
-		
-            // if enabled, form CertificatePolicyInfo to be encoded in
-            // extension. Policy ids should be all set.
+
+        // if enabled, form CertificatePolicyInfo to be encoded in
+        // extension. Policy ids should be all set.
         if (enabled) {
-	    CMS.debug("CertPolicy: in CertPolicy");
+            CMS.debug("CertPolicy: in CertPolicy");
             DisplayText displayText = null;
 
-            if (mNoticeRefExplicitText != null && 
-                !mNoticeRefExplicitText.equals(""))
+            if (mNoticeRefExplicitText != null &&
+                    !mNoticeRefExplicitText.equals(""))
                 displayText = new DisplayText(DisplayText.tag_VisibleString, mNoticeRefExplicitText);
-                //		  new DisplayText(DisplayText.tag_IA5String, mNoticeRefExplicitText);
+            // new DisplayText(DisplayText.tag_IA5String,
+            // mNoticeRefExplicitText);
             DisplayText orgName = null;
 
-            if (mNoticeRefOrg != null && 
-                !mNoticeRefOrg.equals(""))
+            if (mNoticeRefOrg != null &&
+                    !mNoticeRefOrg.equals(""))
                 orgName =
                         new DisplayText(DisplayText.tag_VisibleString, mNoticeRefOrg);
-                //		  new DisplayText(DisplayText.tag_VisibleString, mNoticeRefOrg);
+            // new DisplayText(DisplayText.tag_VisibleString, mNoticeRefOrg);
 
-            int[] nums = new int[0];;
-            if (mNoticeRefNums != null && 
-                !mNoticeRefNums.equals("")) {
+            int[] nums = new int[0];
+            ;
+            if (mNoticeRefNums != null &&
+                    !mNoticeRefNums.equals("")) {
 
                 // should add a method to NoticeReference to take a
                 // Vector...but let's do this for now
@@ -468,24 +467,23 @@ class CertPolicy {
             try {
                 cpolicyId = new CertificatePolicyId(ObjectIdentifier.getObjectIdentifier(mPolicyId));
             } catch (Exception e) {
-                throw new
-                    EBaseException(CMS.getUserMessage("CMS_POLICY_CERTIFICATE_POLICIES_ERROR", mPolicyId));
+                throw new EBaseException(CMS.getUserMessage("CMS_POLICY_CERTIFICATE_POLICIES_ERROR", mPolicyId));
             }
 
             PolicyQualifiers policyQualifiers = new PolicyQualifiers();
-			
+
             NoticeReference noticeReference = null;
-			
+
             if (orgName != null)
                 noticeReference = new NoticeReference(orgName, nums);
 
             UserNotice userNotice = null;
 
             if (displayText != null || noticeReference != null) {
-                userNotice = new UserNotice (noticeReference, displayText);
-				
+                userNotice = new UserNotice(noticeReference, displayText);
+
                 PolicyQualifierInfo policyQualifierInfo1 =
-                    new PolicyQualifierInfo(PolicyQualifierInfo.QT_UNOTICE, userNotice);
+                        new PolicyQualifierInfo(PolicyQualifierInfo.QT_UNOTICE, userNotice);
 
                 policyQualifiers.add(policyQualifierInfo1);
             }
@@ -493,25 +491,25 @@ class CertPolicy {
             CPSuri cpsUri = null;
 
             if (mCpsUri != null && mCpsUri.length() > 0) {
-                cpsUri = new CPSuri (mCpsUri);
+                cpsUri = new CPSuri(mCpsUri);
                 PolicyQualifierInfo policyQualifierInfo2 =
-                    new PolicyQualifierInfo(PolicyQualifierInfo.QT_CPS, cpsUri);
-				
+                        new PolicyQualifierInfo(PolicyQualifierInfo.QT_CPS, cpsUri);
+
                 policyQualifiers.add(policyQualifierInfo2);
             }
 
             if ((mNoticeRefOrg == null || mNoticeRefOrg.equals("")) &&
-                (mNoticeRefExplicitText == null || mNoticeRefExplicitText.equals("")) &&
-                (mCpsUri == null || mCpsUri.equals(""))) {
-		CMS.debug("CertPolicy mNoticeRefOrg = "+mNoticeRefOrg);
-		CMS.debug("CertPolicy mNoticeRefExplicitText = "+mNoticeRefExplicitText);
-		CMS.debug("CertPolicy mCpsUri = "+mCpsUri);
+                    (mNoticeRefExplicitText == null || mNoticeRefExplicitText.equals("")) &&
+                    (mCpsUri == null || mCpsUri.equals(""))) {
+                CMS.debug("CertPolicy mNoticeRefOrg = " + mNoticeRefOrg);
+                CMS.debug("CertPolicy mNoticeRefExplicitText = " + mNoticeRefExplicitText);
+                CMS.debug("CertPolicy mCpsUri = " + mCpsUri);
 
                 mCertificatePolicyInfo = new CertificatePolicyInfo(cpolicyId);
             } else {
-		CMS.debug("CertPolicy mNoticeRefOrg = "+mNoticeRefOrg);
-		CMS.debug("CertPolicy mNoticeRefExplicitText = "+mNoticeRefExplicitText);
-		CMS.debug("CertPolicy mCpsUri = "+mCpsUri);
+                CMS.debug("CertPolicy mNoticeRefOrg = " + mNoticeRefOrg);
+                CMS.debug("CertPolicy mNoticeRefExplicitText = " + mNoticeRefExplicitText);
+                CMS.debug("CertPolicy mCpsUri = " + mCpsUri);
                 mCertificatePolicyInfo = new CertificatePolicyInfo(cpolicyId, policyQualifiers);
             }
         }
@@ -519,20 +517,19 @@ class CertPolicy {
 
     protected void getInstanceParams(Vector<String> instanceParams) {
         instanceParams.addElement(
-            mNameDot + PROP_POLICY_IDENTIFIER + "=" + (mPolicyId == null ? "" :
-                mPolicyId));
+                mNameDot + PROP_POLICY_IDENTIFIER + "=" + (mPolicyId == null ? "" :
+                        mPolicyId));
         instanceParams.addElement(
-            mNameDot + PROP_NOTICE_REF_ORG + "=" + (mNoticeRefOrg == null ? "" :
-                mNoticeRefOrg));
+                mNameDot + PROP_NOTICE_REF_ORG + "=" + (mNoticeRefOrg == null ? "" :
+                        mNoticeRefOrg));
         instanceParams.addElement(
-            mNameDot + PROP_NOTICE_REF_NUMS + "=" + (mNoticeRefNums == null ? "" :
-                mNoticeRefNums));
+                mNameDot + PROP_NOTICE_REF_NUMS + "=" + (mNoticeRefNums == null ? "" :
+                        mNoticeRefNums));
         instanceParams.addElement(
-            mNameDot + PROP_USER_NOTICE_TEXT + "=" + (mNoticeRefExplicitText == null ? "" :
-                mNoticeRefExplicitText));
+                mNameDot + PROP_USER_NOTICE_TEXT + "=" + (mNoticeRefExplicitText == null ? "" :
+                        mNoticeRefExplicitText));
         instanceParams.addElement(
-            mNameDot + PROP_CPS_URI + "=" + (mCpsUri == null ? "" :
-                mCpsUri));
+                mNameDot + PROP_CPS_URI + "=" + (mCpsUri == null ? "" :
+                        mCpsUri));
     }
 }
-
diff --git a/pki/base/common/src/com/netscape/cms/policy/extensions/CertificateRenewalWindowExt.java b/pki/base/common/src/com/netscape/cms/policy/extensions/CertificateRenewalWindowExt.java
index e3927502..7471a580 100644
--- a/pki/base/common/src/com/netscape/cms/policy/extensions/CertificateRenewalWindowExt.java
+++ b/pki/base/common/src/com/netscape/cms/policy/extensions/CertificateRenewalWindowExt.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.policy.extensions;
 
-
 import java.io.IOException;
 import java.security.cert.CertificateException;
 import java.util.Date;
@@ -40,20 +39,20 @@ import com.netscape.certsrv.request.IRequest;
 import com.netscape.certsrv.request.PolicyResult;
 import com.netscape.cms.policy.APolicyRule;
 
-
 /**
  * Certificate Renewal Window Extension Policy
  * <P>
+ * 
  * <PRE>
  * NOTE:  The Policy Framework has been replaced by the Profile Framework.
  * </PRE>
  * <P>
- *
+ * 
  * @deprecated
  * @version $Revision$, $Date$
  */
 public class CertificateRenewalWindowExt extends APolicyRule
-    implements IEnrollmentPolicy, IExtendedPluginInfo {
+        implements IEnrollmentPolicy, IExtendedPluginInfo {
 
     protected static final String PROP_END_TIME = "relativeEndTime";
     protected static final String PROP_BEGIN_TIME = "relativeBeginTime";
@@ -64,9 +63,8 @@ public class CertificateRenewalWindowExt extends APolicyRule
     protected String mEndTime;
 
     /**
-     * Adds the  Netscape comment in the end-entity certificates or
-     * CA certificates. The policy is set to be non-critical with the
-     * provided OID.
+     * Adds the Netscape comment in the end-entity certificates or CA
+     * certificates. The policy is set to be non-critical with the provided OID.
      */
     public CertificateRenewalWindowExt() {
         NAME = "CertificateRenewalWindowExt";
@@ -75,11 +73,11 @@ public class CertificateRenewalWindowExt extends APolicyRule
 
     /**
      * Initializes this policy rule.
-     *
-     * @param config        The config store reference
+     * 
+     * @param config The config store reference
      */
     public void init(ISubsystem owner, IConfigStore config)
-        throws EBaseException {
+            throws EBaseException {
         mCritical = config.getBoolean(PROP_CRITICAL, false);
         mBeginTime = config.getString(PROP_BEGIN_TIME, null);
         mEndTime = config.getString(PROP_END_TIME, null);
@@ -89,16 +87,16 @@ public class CertificateRenewalWindowExt extends APolicyRule
     /**
      * Applies the policy on the given Request.
      * <p>
-     *
-     * @param req   The request on which to apply policy.
+     * 
+     * @param req The request on which to apply policy.
      * @return The policy result object.
      */
     public PolicyResult apply(IRequest req) {
         PolicyResult res = PolicyResult.ACCEPTED;
 
         // get cert info.
-        X509CertInfo[] ci = 
-            req.getExtDataInCertInfoArray(IRequest.CERT_INFO);
+        X509CertInfo[] ci =
+                req.getExtDataInCertInfoArray(IRequest.CERT_INFO);
 
         if (ci == null || ci[0] == null) {
             setError(req, CMS.getUserMessage("CMS_POLICY_NO_CERT_INFO"), NAME);
@@ -128,8 +126,8 @@ public class CertificateRenewalWindowExt extends APolicyRule
         if (extensions == null) {
             extensions = new CertificateExtensions();
             try {
-                certInfo.set(X509CertInfo.VERSION, 
-                    new CertificateVersion(CertificateVersion.V3));
+                certInfo.set(X509CertInfo.VERSION,
+                        new CertificateVersion(CertificateVersion.V3));
                 certInfo.set(X509CertInfo.EXTENSIONS, extensions);
             } catch (Exception e) {
             }
@@ -137,10 +135,10 @@ public class CertificateRenewalWindowExt extends APolicyRule
             // remove any previously computed version of the extension
             try {
                 extensions.delete(CertificateRenewalWindowExtension.class.getSimpleName());
-				
+
             } catch (IOException e) {
                 // this is the hack: for some reason, the key which is the name
-                // of the policy has been converted into the OID 
+                // of the policy has been converted into the OID
                 try {
                     extensions.delete("2.16.840.1.113730.1.15");
                 } catch (IOException ee) {
@@ -154,22 +152,22 @@ public class CertificateRenewalWindowExt extends APolicyRule
 
             if (mEndTime == null || mEndTime.equals("")) {
                 crwExt = new CertificateRenewalWindowExtension(
-                            mCritical, 
+                            mCritical,
                             getDateValue(now, mBeginTime),
                             null);
             } else {
                 crwExt = new CertificateRenewalWindowExtension(
-                            mCritical, 
+                            mCritical,
                             getDateValue(now, mBeginTime),
                             getDateValue(now, mEndTime));
             }
-            extensions.set(CertificateRenewalWindowExtension.class.getSimpleName(), 
-                crwExt);
+            extensions.set(CertificateRenewalWindowExtension.class.getSimpleName(),
+                    crwExt);
         } catch (Exception e) {
             log(ILogger.LL_FAILURE,
-                CMS.getLogMessage("POLICY_ERROR_CERTIFICATE_POLICIES_1", NAME));
+                    CMS.getLogMessage("POLICY_ERROR_CERTIFICATE_POLICIES_1", NAME));
             setError(req,
-                CMS.getUserMessage("CMS_POLICY_CERTIFICATE_POLICIES_ERROR"), NAME);
+                    CMS.getUserMessage("CMS_POLICY_CERTIFICATE_POLICIES_ERROR"), NAME);
             return PolicyResult.REJECTED;
         }
         return PolicyResult.ACCEPTED;
@@ -179,13 +177,13 @@ public class CertificateRenewalWindowExt extends APolicyRule
         long time;
 
         if (s.endsWith("s")) {
-            time = 1000 * Long.parseLong(s.substring(0, 
+            time = 1000 * Long.parseLong(s.substring(0,
                             s.length() - 1));
         } else if (s.endsWith("m")) {
-            time = 60 * 1000 * Long.parseLong(s.substring(0, 
+            time = 60 * 1000 * Long.parseLong(s.substring(0,
                             s.length() - 1));
         } else if (s.endsWith("h")) {
-            time = 60 * 60 * 1000 * Long.parseLong(s.substring(0, 
+            time = 60 * 60 * 1000 * Long.parseLong(s.substring(0,
                             s.length() - 1));
         } else if (s.endsWith("D")) {
             time = 24 * 60 * 60 * 1000 * Long.parseLong(
@@ -206,9 +204,9 @@ public class CertificateRenewalWindowExt extends APolicyRule
                 PROP_BEGIN_TIME + ";string;Start Time in seconds (Relative to the time of issuance). Optionally, time unit (s - seconds, m - minutes, h - hours, D - days, M - months) can be specified right after the value. For example, 5 days can be expressed as 5D.",
                 PROP_END_TIME + ";string;End Time in seconds (Optional, Relative to the time of issuance). Optionally, time unit (s - seconds, m - minutes, h - hours, D - days, M - months) can be specified right after the value. For example, 5 days can be expressed as 5D.",
                 IExtendedPluginInfo.HELP_TOKEN +
-                ";configuration-policyrules-certificaterenewalwindow",
+                        ";configuration-policyrules-certificaterenewalwindow",
                 IExtendedPluginInfo.HELP_TEXT +
-                ";Adds 'Certificate Renewal Window' extension. See manual"
+                        ";Adds 'Certificate Renewal Window' extension. See manual"
             };
 
         return params;
@@ -217,10 +215,10 @@ public class CertificateRenewalWindowExt extends APolicyRule
 
     /**
      * Return configured parameters for a policy rule instance.
-     *
+     * 
      * @return nvPairs A Vector of name/value pairs.
      */
-    public Vector<String> getInstanceParams() { 
+    public Vector<String> getInstanceParams() {
         Vector<String> params = new Vector<String>();
 
         params.addElement(PROP_CRITICAL + "=" + mCritical);
@@ -239,10 +237,10 @@ public class CertificateRenewalWindowExt extends APolicyRule
 
     /**
      * Return default parameters for a policy implementation.
-     *
+     * 
      * @return nvPairs A Vector of name/value pairs.
      */
-    public Vector<String> getDefaultParams() { 
+    public Vector<String> getDefaultParams() {
         Vector<String> defParams = new Vector<String>();
 
         defParams.addElement(PROP_CRITICAL + "=false");
diff --git a/pki/base/common/src/com/netscape/cms/policy/extensions/CertificateScopeOfUseExt.java b/pki/base/common/src/com/netscape/cms/policy/extensions/CertificateScopeOfUseExt.java
index 14ef4213..bf1bc8a4 100644
--- a/pki/base/common/src/com/netscape/cms/policy/extensions/CertificateScopeOfUseExt.java
+++ b/pki/base/common/src/com/netscape/cms/policy/extensions/CertificateScopeOfUseExt.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.policy.extensions;
 
-
 import java.io.IOException;
 import java.security.cert.CertificateException;
 import java.util.Locale;
@@ -43,31 +42,31 @@ import com.netscape.certsrv.request.IRequest;
 import com.netscape.certsrv.request.PolicyResult;
 import com.netscape.cms.policy.APolicyRule;
 
-
 /**
- * Certificate Scope Of Use extension policy. This extension
- * is defined in draft-thayes-cert-scope-00.txt
+ * Certificate Scope Of Use extension policy. This extension is defined in
+ * draft-thayes-cert-scope-00.txt
  * <P>
+ * 
  * <PRE>
  * NOTE:  The Policy Framework has been replaced by the Profile Framework.
  * </PRE>
  * <P>
- *
+ * 
  * @deprecated
  * @version $Revision$, $Date$
  */
-public class CertificateScopeOfUseExt extends APolicyRule implements 
+public class CertificateScopeOfUseExt extends APolicyRule implements
         IEnrollmentPolicy, IExtendedPluginInfo {
     protected static final String PROP_CRITICAL =
-        "critical";
+            "critical";
     protected static final String PROP_ENTRY =
-        "entry";
+            "entry";
     protected static final String PROP_NAME =
-        "name";
+            "name";
     protected static final String PROP_NAME_TYPE =
-        "name_type";
+            "name_type";
     protected static final String PROP_PORT_NUMBER =
-        "port_number";
+            "port_number";
 
     public static final int MAX_ENTRY = 5;
 
@@ -82,11 +81,11 @@ public class CertificateScopeOfUseExt extends APolicyRule implements
         Vector<String> v = new Vector<String>();
 
         v.addElement(PROP_CRITICAL +
-            ";boolean; This extension may be either critical or non-critical.");
+                ";boolean; This extension may be either critical or non-critical.");
         v.addElement(IExtendedPluginInfo.HELP_TOKEN +
-            ";configuration-policyrules-certificatescopeofuse");
+                ";configuration-policyrules-certificatescopeofuse");
         v.addElement(IExtendedPluginInfo.HELP_TEXT +
-            ";Adds Certificate Scope of Use Extension.");
+                ";Adds Certificate Scope of Use Extension.");
 
         for (int i = 0; i < MAX_ENTRY; i++) {
             v.addElement(PROP_ENTRY + Integer.toString(i) + "_" + PROP_NAME + ";" + IGeneralNameUtil.GENNAME_VALUE_INFO);
@@ -99,17 +98,17 @@ public class CertificateScopeOfUseExt extends APolicyRule implements
     /**
      * Initializes this policy rule.
      * <P>
-     *
+     * 
      * The entries may be of the form:
-     *
-     *      ca.Policy.rule.<ruleName>.implName=AuthInfoAccessExt
-     *      ca.Policy.rule.<ruleName>.enable=true
-     *      ca.Policy.rule.<ruleName>.predicate=
-     *
-     * @param config	The config store reference
+     * 
+     * ca.Policy.rule.<ruleName>.implName=AuthInfoAccessExt
+     * ca.Policy.rule.<ruleName>.enable=true
+     * ca.Policy.rule.<ruleName>.predicate=
+     * 
+     * @param config The config store reference
      */
     public void init(ISubsystem owner, IConfigStore config)
-        throws EBaseException {
+            throws EBaseException {
         mConfig = config;
     }
 
@@ -124,7 +123,7 @@ public class CertificateScopeOfUseExt extends APolicyRule implements
         //
         for (int i = 0;; i++) {
             // get port number (optional)
-            String port = mConfig.getString(PROP_ENTRY + 
+            String port = mConfig.getString(PROP_ENTRY +
                     Integer.toString(i) + "_" + PROP_PORT_NUMBER, null);
             BigInt portNumber = null;
 
@@ -137,11 +136,11 @@ public class CertificateScopeOfUseExt extends APolicyRule implements
             // TAG ::= uriName | dirName
             // VALUE ::= [value defined by TAG]
             //
-            String name_type = mConfig.getString(PROP_ENTRY + 
-                    Integer.toString(i) + 
+            String name_type = mConfig.getString(PROP_ENTRY +
+                    Integer.toString(i) +
                     "_" + PROP_NAME_TYPE, null);
-            String name = mConfig.getString(PROP_ENTRY + 
-                    Integer.toString(i) + 
+            String name = mConfig.getString(PROP_ENTRY +
+                    Integer.toString(i) +
                     "_" + PROP_NAME, null);
 
             if (name == null || name.equals(""))
@@ -154,10 +153,10 @@ public class CertificateScopeOfUseExt extends APolicyRule implements
     }
 
     /**
-     * If this policy is enabled, add the authority information
-     * access extension to the certificate.
+     * If this policy is enabled, add the authority information access extension
+     * to the certificate.
      * <P>
-     *
+     * 
      * @param req The request on which to apply policy.
      * @return The policy result object.
      */
@@ -169,7 +168,7 @@ public class CertificateScopeOfUseExt extends APolicyRule implements
                 IRequest.CERT_INFO);
 
         if (ci == null) {
-            setError(req, CMS.getUserMessage("CMS_POLICY_NO_CERT_INFO"), NAME); 
+            setError(req, CMS.getUserMessage("CMS_POLICY_NO_CERT_INFO"), NAME);
             return PolicyResult.REJECTED; // unrecoverable error.
         }
 
@@ -177,29 +176,29 @@ public class CertificateScopeOfUseExt extends APolicyRule implements
 
             certInfo = ci[j];
             if (certInfo == null) {
-                log(ILogger.LL_FAILURE, 
-                    CMS.getLogMessage("CA_CERT_INFO_ERROR", NAME));
-                setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"), 
-                    NAME, "Configuration Info Error");
+                log(ILogger.LL_FAILURE,
+                        CMS.getLogMessage("CA_CERT_INFO_ERROR", NAME));
+                setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"),
+                        NAME, "Configuration Info Error");
                 return PolicyResult.REJECTED; // unrecoverable error.
             }
 
             try {
                 // Find the extensions in the certInfo
                 CertificateExtensions extensions = (CertificateExtensions)
-                    certInfo.get(X509CertInfo.EXTENSIONS);
+                        certInfo.get(X509CertInfo.EXTENSIONS);
 
                 // add access descriptions
                 Vector<CertificateScopeEntry> entries = getScopeEntries();
 
                 if (entries.size() == 0) {
                     return res;
-                }	
-	
+                }
+
                 if (extensions == null) {
                     // create extension if not exist
                     certInfo.set(X509CertInfo.VERSION,
-                        new CertificateVersion(CertificateVersion.V3));
+                            new CertificateVersion(CertificateVersion.V3));
                     extensions = new CertificateExtensions();
                     certInfo.set(X509CertInfo.EXTENSIONS, extensions);
                 } else {
@@ -212,29 +211,29 @@ public class CertificateScopeOfUseExt extends APolicyRule implements
                 }
 
                 // Create the extension
-                CertificateScopeOfUseExtension suExt = new 
-                    CertificateScopeOfUseExtension(mConfig.getBoolean(
-                            PROP_CRITICAL, false), entries);
+                CertificateScopeOfUseExtension suExt = new
+                        CertificateScopeOfUseExtension(mConfig.getBoolean(
+                                PROP_CRITICAL, false), entries);
 
                 extensions.set(CertificateScopeOfUseExtension.NAME, suExt);
 
             } catch (IOException e) {
                 log(ILogger.LL_FAILURE, CMS.getLogMessage("BASE_IO_ERROR", e.getMessage()));
-                setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"), 
-                    NAME, e.getMessage());
+                setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"),
+                        NAME, e.getMessage());
                 return PolicyResult.REJECTED; // unrecoverable error.
             } catch (EBaseException e) {
-                log(ILogger.LL_FAILURE, 
-                    "Configuration Info Error encountered: " +
-                    e.getMessage());
-                setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"), 
-                    NAME, "Configuration Info Error");
+                log(ILogger.LL_FAILURE,
+                        "Configuration Info Error encountered: " +
+                                e.getMessage());
+                setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"),
+                        NAME, "Configuration Info Error");
                 return PolicyResult.REJECTED; // unrecoverable error.
             } catch (CertificateException e) {
-                log(ILogger.LL_FAILURE, 
-                    CMS.getLogMessage("CA_CERT_INFO_ERROR", e.getMessage()));
-                setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"), 
-                    NAME, "Certificate Info Error");
+                log(ILogger.LL_FAILURE,
+                        CMS.getLogMessage("CA_CERT_INFO_ERROR", e.getMessage()));
+                setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"),
+                        NAME, "Certificate Info Error");
                 return PolicyResult.REJECTED; // unrecoverable error.
             }
         }
@@ -244,15 +243,15 @@ public class CertificateScopeOfUseExt extends APolicyRule implements
 
     /**
      * Return configured parameters for a policy rule instance.
-     *
+     * 
      * @return nvPairs A Vector of name/value pairs.
      */
-    public Vector<String> getInstanceParams() { 
+    public Vector<String> getInstanceParams() {
         Vector<String> params = new Vector<String>();
 
         try {
-            params.addElement(PROP_CRITICAL + "=" + 
-                mConfig.getBoolean(PROP_CRITICAL, false));
+            params.addElement(PROP_CRITICAL + "=" +
+                    mConfig.getBoolean(PROP_CRITICAL, false));
         } catch (EBaseException e) {
         }
 
@@ -260,50 +259,50 @@ public class CertificateScopeOfUseExt extends APolicyRule implements
             String name_type = null;
 
             try {
-                name_type = mConfig.getString(PROP_ENTRY + 
-                            Integer.toString(i) + "_" + PROP_NAME_TYPE, 
+                name_type = mConfig.getString(PROP_ENTRY +
+                            Integer.toString(i) + "_" + PROP_NAME_TYPE,
                             null);
             } catch (EBaseException e) {
             }
             if (name_type == null)
                 break;
-            params.addElement(PROP_ENTRY + 
-                Integer.toString(i) + 
-                "_" + PROP_NAME_TYPE + "=" + name_type);
+            params.addElement(PROP_ENTRY +
+                    Integer.toString(i) +
+                    "_" + PROP_NAME_TYPE + "=" + name_type);
             String name = null;
 
             try {
-                name = mConfig.getString(PROP_ENTRY + 
-                            Integer.toString(i) + "_" + PROP_NAME, 
+                name = mConfig.getString(PROP_ENTRY +
+                            Integer.toString(i) + "_" + PROP_NAME,
                             null);
             } catch (EBaseException e) {
             }
             if (name == null)
                 break;
-            params.addElement(PROP_ENTRY + 
-                Integer.toString(i) + 
-                "_" + PROP_NAME + "=" + name);
+            params.addElement(PROP_ENTRY +
+                    Integer.toString(i) +
+                    "_" + PROP_NAME + "=" + name);
             String port = null;
 
             try {
-                port = mConfig.getString(PROP_ENTRY + 
-                            Integer.toString(i) + "_" + PROP_PORT_NUMBER, 
+                port = mConfig.getString(PROP_ENTRY +
+                            Integer.toString(i) + "_" + PROP_PORT_NUMBER,
                             "");
             } catch (EBaseException e) {
             }
-            params.addElement(PROP_ENTRY + 
-                Integer.toString(i) + 
-                "_" + PROP_PORT_NUMBER + "=" + port);
+            params.addElement(PROP_ENTRY +
+                    Integer.toString(i) +
+                    "_" + PROP_PORT_NUMBER + "=" + port);
         }
         return params;
     }
 
     /**
      * Return default parameters for a policy implementation.
-     *
+     * 
      * @return nvPairs A Vector of name/value pairs.
      */
-    public Vector<String> getDefaultParams() { 
+    public Vector<String> getDefaultParams() {
         Vector<String> defParams = new Vector<String>();
 
         defParams.addElement(PROP_CRITICAL + "=false");
@@ -314,14 +313,13 @@ public class CertificateScopeOfUseExt extends APolicyRule implements
         // the CMS.cfg
         //
         for (int i = 0; i < MAX_ENTRY; i++) {
-            defParams.addElement(PROP_ENTRY + Integer.toString(i) + 
-                "_" + PROP_NAME_TYPE + "=");
-            defParams.addElement(PROP_ENTRY + Integer.toString(i) + 
-                "_" + PROP_NAME + "=");
-            defParams.addElement(PROP_ENTRY + Integer.toString(i) + 
-                "_" + PROP_PORT_NUMBER + "=");
+            defParams.addElement(PROP_ENTRY + Integer.toString(i) +
+                    "_" + PROP_NAME_TYPE + "=");
+            defParams.addElement(PROP_ENTRY + Integer.toString(i) +
+                    "_" + PROP_NAME + "=");
+            defParams.addElement(PROP_ENTRY + Integer.toString(i) +
+                    "_" + PROP_PORT_NUMBER + "=");
         }
         return defParams;
     }
 }
-
diff --git a/pki/base/common/src/com/netscape/cms/policy/extensions/ExtendedKeyUsageExt.java b/pki/base/common/src/com/netscape/cms/policy/extensions/ExtendedKeyUsageExt.java
index 94d7d8df..2684d02c 100644
--- a/pki/base/common/src/com/netscape/cms/policy/extensions/ExtendedKeyUsageExt.java
+++ b/pki/base/common/src/com/netscape/cms/policy/extensions/ExtendedKeyUsageExt.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.policy.extensions;
 
-
 import java.io.IOException;
 import java.security.cert.CertificateException;
 import java.util.Locale;
@@ -40,20 +39,20 @@ import com.netscape.certsrv.request.IRequest;
 import com.netscape.certsrv.request.PolicyResult;
 import com.netscape.cms.policy.APolicyRule;
 
-
 /**
  * This implements the extended key usage extension.
  * <P>
+ * 
  * <PRE>
  * NOTE:  The Policy Framework has been replaced by the Profile Framework.
  * </PRE>
  * <P>
- *
+ * 
  * @deprecated
  * @version $Revision$, $Date$
  */
 public class ExtendedKeyUsageExt extends APolicyRule
-    implements IEnrollmentPolicy, IExtendedPluginInfo {
+        implements IEnrollmentPolicy, IExtendedPluginInfo {
     public static final String PROP_CRITICAL = "critical";
     protected static final String PROP_PURPOSE_ID = "id";
     protected static final String PROP_NUM_IDS = "numIds";
@@ -63,7 +62,7 @@ public class ExtendedKeyUsageExt extends APolicyRule
     private Vector<ObjectIdentifier> mUsages = null;
 
     private String[] mParams = null;
-    
+
     // PKIX specifies the that the extension SHOULD NOT be critical
     public static final boolean DEFAULT_CRITICALITY = false;
 
@@ -81,7 +80,7 @@ public class ExtendedKeyUsageExt extends APolicyRule
      * Performs one-time initialization of the policy.
      */
     public void init(ISubsystem owner, IConfigStore config)
-        throws EBaseException {
+            throws EBaseException {
         mConfig = config;
         setExtendedPluginInfo();
         setupParams();
@@ -99,7 +98,7 @@ public class ExtendedKeyUsageExt extends APolicyRule
         }
 
         X509CertInfo[] ci =
-            req.getExtDataInCertInfoArray(IRequest.CERT_INFO);
+                req.getExtDataInCertInfoArray(IRequest.CERT_INFO);
 
         if (ci == null || ci[0] == null) {
             setError(req, CMS.getUserMessage("CMS_POLICY_NO_CERT_INFO"), NAME);
@@ -119,15 +118,15 @@ public class ExtendedKeyUsageExt extends APolicyRule
         try {
             // find the extensions in the certInfo
             CertificateExtensions extensions = (CertificateExtensions)
-                certInfo.get(X509CertInfo.EXTENSIONS);
+                    certInfo.get(X509CertInfo.EXTENSIONS);
 
             // prepare the extensions data structure
             if (extensions == null) {
                 certInfo.set(X509CertInfo.VERSION,
-                    new CertificateVersion(CertificateVersion.V3));
+                        new CertificateVersion(CertificateVersion.V3));
                 extensions = new CertificateExtensions();
                 certInfo.set(X509CertInfo.VERSION,
-                    new CertificateVersion(CertificateVersion.V3));
+                        new CertificateVersion(CertificateVersion.V3));
                 certInfo.set(X509CertInfo.EXTENSIONS, extensions);
             } else {
                 try {
@@ -143,17 +142,17 @@ public class ExtendedKeyUsageExt extends APolicyRule
         } catch (IOException e) {
             log(ILogger.LL_FAILURE, CMS.getLogMessage("BASE_IO_ERROR", e.getMessage()));
             setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"), NAME,
-                e.getMessage());
+                    e.getMessage());
             return PolicyResult.REJECTED;
         } catch (CertificateException e) {
             log(ILogger.LL_FAILURE, CMS.getLogMessage("CA_CERT_INFO_ERROR",
                     e.getMessage()));
             setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"), NAME,
-                e.getMessage());
+                    e.getMessage());
             return PolicyResult.REJECTED;
         }
     }
-    
+
     /**
      * Returns instance specific parameters.
      */
@@ -172,16 +171,16 @@ public class ExtendedKeyUsageExt extends APolicyRule
 
         for (int i = 0; i < numIds; i++) {
             if (mUsages.size() <= i) {
-                params.addElement(PROP_PURPOSE_ID + 
-                    Integer.toString(i) + "=");
+                params.addElement(PROP_PURPOSE_ID +
+                        Integer.toString(i) + "=");
             } else {
                 usage = ((ObjectIdentifier) mUsages.elementAt(i)).toString();
                 if (usage == null) {
-                    params.addElement(PROP_PURPOSE_ID + 
-                        Integer.toString(i) + "=");
+                    params.addElement(PROP_PURPOSE_ID +
+                            Integer.toString(i) + "=");
                 } else {
-                    params.addElement(PROP_PURPOSE_ID + 
-                        Integer.toString(i) + "=" + usage);
+                    params.addElement(PROP_PURPOSE_ID +
+                            Integer.toString(i) + "=" + usage);
                 }
             }
         }
@@ -200,17 +199,17 @@ public class ExtendedKeyUsageExt extends APolicyRule
         }
         for (int i = 0; i < mNum; i++) {
             v.addElement(PROP_PURPOSE_ID + Integer.toString(i) + ";string;" +
-                "A unique,valid OID specified in dot-separated numeric component notation. e.g. 2.16.840.1.113730.1.99");
+                    "A unique,valid OID specified in dot-separated numeric component notation. e.g. 2.16.840.1.113730.1.99");
         }
 
         v.addElement(PROP_NUM_IDS + ";number;The total number of policy IDs.");
         v.addElement(PROP_CRITICAL +
-            ";boolean;RFC 2459 recommendation: This extension may, at the option of the certificate issuer, be either critical or non-critical.");
+                ";boolean;RFC 2459 recommendation: This extension may, at the option of the certificate issuer, be either critical or non-critical.");
         v.addElement(IExtendedPluginInfo.HELP_TOKEN +
-            ";configuration-policyrules-extendedkeyusage");
+                ";configuration-policyrules-extendedkeyusage");
         v.addElement(IExtendedPluginInfo.HELP_TEXT +
-            ";Adds Extended Key Usage Extension. Defined in RFC 2459 " +
-            "(4.2.1.13)");
+                ";Adds Extended Key Usage Extension. Defined in RFC 2459 " +
+                "(4.2.1.13)");
 
         mParams = com.netscape.cmsutil.util.Utils.getStringArrayFromVector(v);
     }
@@ -221,7 +220,7 @@ public class ExtendedKeyUsageExt extends APolicyRule
         }
         return mParams;
     }
-    
+
     /**
      * Returns default parameters.
      */
@@ -235,30 +234,32 @@ public class ExtendedKeyUsageExt extends APolicyRule
         }
         return defParams;
     }
-    
+
     /**
      * Setups parameters.
      */
     private void setupParams() throws EBaseException {
-        
+
         mCritical = mConfig.getBoolean(PROP_CRITICAL, false);
         if (mUsages == null) {
             mUsages = new Vector<ObjectIdentifier>();
         }
-        
+
         int mNum = mConfig.getInteger(PROP_NUM_IDS, MAX_PURPOSE_ID);
 
         for (int i = 0; i < mNum; i++) {
             ObjectIdentifier usageOID = null;
-	        
-            String usage = mConfig.getString(PROP_PURPOSE_ID + 
+
+            String usage = mConfig.getString(PROP_PURPOSE_ID +
                     Integer.toString(i), null);
 
             try {
-           
-                if (usage == null)  break;
+
+                if (usage == null)
+                    break;
                 usage = usage.trim();
-                if (usage.equals(""))   break;
+                if (usage.equals(""))
+                    break;
                 if (usage.equalsIgnoreCase("ocspsigning")) {
                     usageOID = ObjectIdentifier.getObjectIdentifier(ExtendedKeyUsageExtension.OID_OCSPSigning);
                 } else if (usage.equalsIgnoreCase("codesigning")) {
@@ -268,10 +269,10 @@ public class ExtendedKeyUsageExt extends APolicyRule
                     usageOID = ObjectIdentifier.getObjectIdentifier(usage);
                 }
             } catch (IOException ex) {
-                throw new EBaseException(this.getClass().getName() + ":" + 
+                throw new EBaseException(this.getClass().getName() + ":" +
                         ex.getMessage());
             } catch (NumberFormatException ex) {
-                throw new EBaseException(this.getClass().getName() + ":" + 
+                throw new EBaseException(this.getClass().getName() + ":" +
                         "OID '" + usage + "' format error");
             }
             mUsages.addElement(usageOID);
diff --git a/pki/base/common/src/com/netscape/cms/policy/extensions/GenericASN1Ext.java b/pki/base/common/src/com/netscape/cms/policy/extensions/GenericASN1Ext.java
index bdfdb14a..c382416f 100644
--- a/pki/base/common/src/com/netscape/cms/policy/extensions/GenericASN1Ext.java
+++ b/pki/base/common/src/com/netscape/cms/policy/extensions/GenericASN1Ext.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.policy.extensions;
 
-
 import java.io.File;
 import java.io.FileInputStream;
 import java.io.IOException;
@@ -46,12 +45,10 @@ import com.netscape.certsrv.request.IRequest;
 import com.netscape.certsrv.request.PolicyResult;
 import com.netscape.cms.policy.APolicyRule;
 
-
 /**
- * Private Integer extension policy.
- * If this policy is enabled, it adds an Private Integer
- * extension to the certificate.
- *
+ * Private Integer extension policy. If this policy is enabled, it adds an
+ * Private Integer extension to the certificate.
+ * 
  * The following listed sample configuration parameters:
  * 
  * ca.Policy.impl.privateInteger.class=com.netscape.certsrv.policy.genericASNExt
@@ -78,51 +75,52 @@ import com.netscape.cms.policy.APolicyRule;
  * ca.Policy.rule.genericASNExt.implName=genericASNExt
  * ca.Policy.rule.genericASNExt.predicate=
  * <P>
+ * 
  * <PRE>
  * NOTE:  The Policy Framework has been replaced by the Profile Framework.
  * </PRE>
  * <P>
- *
+ * 
  * @deprecated
  * @version $Revision$, $Date$
  */
-public class GenericASN1Ext extends APolicyRule implements 
+public class GenericASN1Ext extends APolicyRule implements
         IEnrollmentPolicy, IExtendedPluginInfo {
     protected static final int MAX_ATTR = 10;
 
     protected static final String PROP_CRITICAL =
-        "critical";
+            "critical";
     protected static final String PROP_NAME =
-        "name";
+            "name";
     protected static final String PROP_OID =
-        "oid";
+            "oid";
     protected static final String PROP_PATTERN =
-        "pattern";
+            "pattern";
     protected static final String PROP_ATTRIBUTE =
-        "attribute";
+            "attribute";
     protected static final String PROP_TYPE =
-        "type";
+            "type";
     protected static final String PROP_SOURCE =
-        "source";
+            "source";
     protected static final String PROP_VALUE =
-        "value";
+            "value";
     protected static final String PROP_PREDICATE =
-        "predicate";
+            "predicate";
 
     protected static final String PROP_ENABLE =
-        "enable";
+            "enable";
 
     public IConfigStore mConfig = null;
 
     private String pattern = null;
-    
+
     public String[] getExtendedPluginInfo(Locale locale) {
         String s[] = {
                 "enable" + ";boolean;Enable this policy",
                 "predicate" + ";string;",
                 PROP_CRITICAL + ";boolean;",
-                PROP_NAME + ";string;Name for this extension.",                  
-                PROP_OID + ";string;OID number for this extension. It should be unique.",                   
+                PROP_NAME + ";string;Name for this extension.",
+                PROP_OID + ";string;OID number for this extension. It should be unique.",
                 PROP_PATTERN + ";string;Pattern for extension; {012}34",
                 // Attribute 0
                 PROP_ATTRIBUTE + "." + "0" + "." + PROP_TYPE + ";choice(Integer,IA5String,OctetString,PrintableString,VisibleString,UTCTime,OID,Boolean);Attribute type for extension",
@@ -165,14 +163,14 @@ public class GenericASN1Ext extends APolicyRule implements
                 PROP_ATTRIBUTE + "." + "9" + "." + PROP_SOURCE + ";choice(Value,File);Data Source for the extension. You can specify the value here or file name has value.",
                 PROP_ATTRIBUTE + "." + "9" + "." + PROP_VALUE + ";string;If data source is 'value', specity value here. If data source is 'file', specify the file name with full path.",
                 IExtendedPluginInfo.HELP_TOKEN +
-                ";configuration-policyrules-genericasn1ext",
+                        ";configuration-policyrules-genericasn1ext",
                 IExtendedPluginInfo.HELP_TEXT +
-                ";Adds Private extension based on ASN1. See manual"    		
+                        ";Adds Private extension based on ASN1. See manual"
             };
 
         return s;
     }
-    
+
     public GenericASN1Ext() {
         NAME = "GenericASN1Ext";
         DESC = "Sets Generic extension for certificates";
@@ -181,17 +179,17 @@ public class GenericASN1Ext extends APolicyRule implements
     /**
      * Initializes this policy rule.
      * <P>
-     *
+     * 
      * The entries may be of the form:
-     *
-     *      ca.Policy.rule.<ruleName>.implName=genericASNExt
-     *      ca.Policy.rule.<ruleName>.enable=true
-     *      ca.Policy.rule.<ruleName>.predicate=
-     *
-     * @param config	The config store reference
+     * 
+     * ca.Policy.rule.<ruleName>.implName=genericASNExt
+     * ca.Policy.rule.<ruleName>.enable=true
+     * ca.Policy.rule.<ruleName>.predicate=
+     * 
+     * @param config The config store reference
      */
     public void init(ISubsystem owner, IConfigStore config)
-        throws EBaseException {
+            throws EBaseException {
         mConfig = config;
         if (mConfig == null) {
             log(ILogger.LL_FAILURE, CMS.getLogMessage("POLICY_INIT_ERROR"));
@@ -202,33 +200,33 @@ public class GenericASN1Ext extends APolicyRule implements
 
         if (enable == false)
             return;
-	    
+
         String oid = mConfig.getString(PROP_OID, null);
 
         if ((oid == null) || (oid.length() == 0)) {
             log(ILogger.LL_FAILURE, CMS.getLogMessage("POLICY_INIT_ERROR"));
             return;
         }
-	    
+
         String name = mConfig.getString(PROP_NAME, null);
 
         if ((name == null) || (name.length() == 0)) {
             log(ILogger.LL_FAILURE, CMS.getLogMessage("POLICY_INIT_ERROR"));
             return;
         }
-	    
+
         try {
             if (File.separatorChar == '\\') {
                 pattern = mConfig.getString(PROP_PATTERN, null);
                 checkFilename(0);
-            }                
+            }
         } catch (IOException e) {
             log(ILogger.LL_FAILURE, "" + e.toString());
         } catch (EBaseException e) {
             log(ILogger.LL_FAILURE, "" + e.toString());
         }
-		
-        // Check OID value 
+
+        // Check OID value
         CMS.checkOID(name, oid);
         pattern = mConfig.getString(PROP_PATTERN, null);
         checkOID(0);
@@ -241,14 +239,14 @@ public class GenericASN1Ext extends APolicyRule implements
         } catch (CertificateException e) {
             log(ILogger.LL_FAILURE, "" + e.toString());
         }
-        
+
     }
 
     // Check filename
-    private  int checkFilename(int index) 
-        throws IOException, EBaseException {
+    private int checkFilename(int index)
+            throws IOException, EBaseException {
         String source = null;
-        
+
         while (index < pattern.length()) {
             char ch = pattern.charAt(index);
 
@@ -262,28 +260,28 @@ public class GenericASN1Ext extends APolicyRule implements
                 return index;
 
             default:
-                source = mConfig.getString(PROP_ATTRIBUTE + "." + ch + "." + PROP_SOURCE, null);                    
+                source = mConfig.getString(PROP_ATTRIBUTE + "." + ch + "." + PROP_SOURCE, null);
                 if ((source != null) && (source.equalsIgnoreCase("file"))) {
-                    String oValue = mConfig.getString(PROP_ATTRIBUTE + "." + ch + "." + PROP_VALUE, null);                    
+                    String oValue = mConfig.getString(PROP_ATTRIBUTE + "." + ch + "." + PROP_VALUE, null);
                     String nValue = oValue.replace('\\', '/');
 
-                    mConfig.putString(PROP_ATTRIBUTE + "." + ch + "." + PROP_VALUE, nValue);                    
+                    mConfig.putString(PROP_ATTRIBUTE + "." + ch + "." + PROP_VALUE, nValue);
                     FileInputStream fis = new FileInputStream(nValue);
                     fis.close();
-                }                        
+                }
             }
             index++;
-        }            
+        }
 
         return index;
     }
 
     // Check oid
-    private  int checkOID(int index) 
-        throws EBaseException {
+    private int checkOID(int index)
+            throws EBaseException {
         String type = null;
         String oid = null;
-		
+
         while (index < pattern.length()) {
             char ch = pattern.charAt(index);
 
@@ -297,23 +295,23 @@ public class GenericASN1Ext extends APolicyRule implements
                 return index;
 
             default:
-                type = mConfig.getString(PROP_ATTRIBUTE + "." + ch + "." + PROP_TYPE, null);                    
+                type = mConfig.getString(PROP_ATTRIBUTE + "." + ch + "." + PROP_TYPE, null);
                 if ((type != null) && (type.equalsIgnoreCase("OID"))) {
-                    oid = mConfig.getString(PROP_ATTRIBUTE + "." + ch + "." + PROP_VALUE, null);                    
+                    oid = mConfig.getString(PROP_ATTRIBUTE + "." + ch + "." + PROP_VALUE, null);
                     CMS.checkOID(oid, oid);
-                }                        
+                }
             }
             index++;
-        }            
+        }
 
         return index;
     }
-	
+
     /**
-     * If this policy is enabled, add the private Integer
-     * information extension to the certificate.
+     * If this policy is enabled, add the private Integer information extension
+     * to the certificate.
      * <P>
-     *
+     * 
      * @param req The request on which to apply policy.
      * @return The policy result object.
      */
@@ -321,9 +319,9 @@ public class GenericASN1Ext extends APolicyRule implements
         PolicyResult res = PolicyResult.ACCEPTED;
         X509CertInfo certInfo;
         X509CertInfo[] ci = req.getExtDataInCertInfoArray(IRequest.CERT_INFO);
-	
+
         if (ci == null) {
-            setError(req, CMS.getUserMessage("CMS_POLICY_NO_CERT_INFO"), NAME); 
+            setError(req, CMS.getUserMessage("CMS_POLICY_NO_CERT_INFO"), NAME);
             return PolicyResult.REJECTED; // unrecoverable error.
         }
 
@@ -343,7 +341,7 @@ public class GenericASN1Ext extends APolicyRule implements
                 if (extensions == null) {
                     // create extension if not exist
                     certInfo.set(X509CertInfo.VERSION,
-                        new CertificateVersion(CertificateVersion.V3));
+                            new CertificateVersion(CertificateVersion.V3));
                     extensions = new CertificateExtensions();
                     certInfo.set(X509CertInfo.EXTENSIONS, extensions);
                 } else {
@@ -358,35 +356,35 @@ public class GenericASN1Ext extends APolicyRule implements
 
                 // Create the extension
                 GenericASN1Extension priExt = mkExtension();
-                
+
                 extensions.set(priExt.getName(), priExt);
 
             } catch (IOException e) {
                 log(ILogger.LL_FAILURE, CMS.getLogMessage("BASE_IO_ERROR", e.getMessage()));
-                setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"), 
-                    NAME, e.getMessage());
+                setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"),
+                        NAME, e.getMessage());
                 return PolicyResult.REJECTED; // unrecoverable error.
             } catch (EBaseException e) {
                 log(ILogger.LL_FAILURE, CMS.getLogMessage("CA_CERT_INFO_ERROR", e.getMessage()));
-                setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"), 
-                    NAME, "Configuration Info Error");
+                setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"),
+                        NAME, "Configuration Info Error");
                 return PolicyResult.REJECTED; // unrecoverable error.
             } catch (CertificateException e) {
                 log(ILogger.LL_FAILURE, CMS.getLogMessage("CA_CERT_INFO_ERROR", e.getMessage()));
-                setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"), 
-                    NAME, "Certificate Info Error");
+                setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"),
+                        NAME, "Certificate Info Error");
                 return PolicyResult.REJECTED; // unrecoverable error.
             } catch (ParseException e) {
-                log(ILogger.LL_FAILURE, 
-                    CMS.getLogMessage("BASE_EXTENSION_ERROR", e.getMessage()));
-                setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"), 
-                    NAME, "Pattern parsing error");
+                log(ILogger.LL_FAILURE,
+                        CMS.getLogMessage("BASE_EXTENSION_ERROR", e.getMessage()));
+                setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"),
+                        NAME, "Pattern parsing error");
                 return PolicyResult.REJECTED; // unrecoverable error.
             } catch (Exception e) {
-                log(ILogger.LL_FAILURE, 
-                    CMS.getLogMessage("BASE_UNKNOWN_EXCEPTION", e.getMessage()));
-                setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"), 
-                    NAME, "Unknown Error");
+                log(ILogger.LL_FAILURE,
+                        CMS.getLogMessage("BASE_UNKNOWN_EXCEPTION", e.getMessage()));
+                setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"),
+                        NAME, "Unknown Error");
                 return PolicyResult.REJECTED; // unrecoverable error.
             }
         }
@@ -397,7 +395,7 @@ public class GenericASN1Ext extends APolicyRule implements
      * Construct GenericASN1Extension with value from CMS.cfg
      */
     protected GenericASN1Extension mkExtension()
-        throws IOException, EBaseException, ParseException {
+            throws IOException, EBaseException, ParseException {
         GenericASN1Extension ext;
 
         Hashtable<String, String> h = new Hashtable<String, String>();
@@ -413,21 +411,21 @@ public class GenericASN1Ext extends APolicyRule implements
             String proptype = PROP_ATTRIBUTE + "." + idx + "." + PROP_TYPE;
             String propsource = PROP_ATTRIBUTE + "." + idx + "." + PROP_SOURCE;
             String propvalue = PROP_ATTRIBUTE + "." + idx + "." + PROP_VALUE;
-		
+
             h.put(proptype, mConfig.getString(proptype, null));
             h.put(propsource, mConfig.getString(propsource, null));
             h.put(propvalue, mConfig.getString(propvalue, null));
         }
         ext = new GenericASN1Extension(h);
         return ext;
-    }        
-        
+    }
+
     /**
      * Return configured parameters for a policy rule instance.
-     *
+     * 
      * @return nvPairs A Vector of name/value pairs.
      */
-    public Vector<String> getInstanceParams() { 
+    public Vector<String> getInstanceParams() {
         int idx = 0;
         Vector<String> params = new Vector<String>();
 
@@ -436,7 +434,7 @@ public class GenericASN1Ext extends APolicyRule implements
             params.addElement(PROP_NAME + "=" + mConfig.getString(PROP_NAME, null));
             params.addElement(PROP_OID + "=" + mConfig.getString(PROP_OID, null));
             params.addElement(PROP_PATTERN + "=" + mConfig.getString(PROP_PATTERN, null));
-		
+
             for (idx = 0; idx < MAX_ATTR; idx++) {
                 String proptype = PROP_ATTRIBUTE + "." + idx + "." + PROP_TYPE;
                 String propsource = PROP_ATTRIBUTE + "." + idx + "." + PROP_SOURCE;
@@ -447,7 +445,8 @@ public class GenericASN1Ext extends APolicyRule implements
                 params.addElement(propvalue + "=" + mConfig.getString(propvalue, null));
             }
             params.addElement(PROP_PREDICATE + "=" + mConfig.getString(PROP_PREDICATE, null));
-        } catch (EBaseException e) {;
+        } catch (EBaseException e) {
+            ;
         }
 
         return params;
@@ -455,26 +454,25 @@ public class GenericASN1Ext extends APolicyRule implements
 
     /**
      * Return default parameters for a policy implementation.
-     *
+     * 
      * @return nvPairs A Vector of name/value pairs.
      */
-    public Vector<String> getDefaultParams() { 
+    public Vector<String> getDefaultParams() {
         int idx = 0;
-        
+
         Vector<String> defParams = new Vector<String>();
 
         defParams.addElement(PROP_CRITICAL + "=false");
         defParams.addElement(PROP_NAME + "=");
         defParams.addElement(PROP_OID + "=");
         defParams.addElement(PROP_PATTERN + "=");
-		
+
         for (idx = 0; idx < MAX_ATTR; idx++) {
             defParams.addElement(PROP_ATTRIBUTE + "." + idx + "." + PROP_TYPE + "=");
             defParams.addElement(PROP_ATTRIBUTE + "." + idx + "." + PROP_SOURCE + "=");
             defParams.addElement(PROP_ATTRIBUTE + "." + idx + "." + PROP_VALUE + "=");
         }
-        
+
         return defParams;
     }
 }
-
diff --git a/pki/base/common/src/com/netscape/cms/policy/extensions/IssuerAltNameExt.java b/pki/base/common/src/com/netscape/cms/policy/extensions/IssuerAltNameExt.java
index 9524f689..fc975fd3 100644
--- a/pki/base/common/src/com/netscape/cms/policy/extensions/IssuerAltNameExt.java
+++ b/pki/base/common/src/com/netscape/cms/policy/extensions/IssuerAltNameExt.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.policy.extensions;
 
-
 import java.io.IOException;
 import java.security.cert.CertificateException;
 import java.util.Locale;
@@ -41,23 +40,23 @@ import com.netscape.certsrv.request.IRequest;
 import com.netscape.certsrv.request.PolicyResult;
 import com.netscape.cms.policy.APolicyRule;
 
-
 /**
  * Issuer Alt Name Extension policy.
  * 
- * This extension is used to associate Internet-style identities 
- * with the Certificate issuer. 
+ * This extension is used to associate Internet-style identities with the
+ * Certificate issuer.
  * <P>
+ * 
  * <PRE>
  * NOTE:  The Policy Framework has been replaced by the Profile Framework.
  * </PRE>
  * <P>
- *
+ * 
  * @deprecated
  * @version $Revision$, $Date$
  */
 public class IssuerAltNameExt extends APolicyRule
-    implements IEnrollmentPolicy, IExtendedPluginInfo {
+        implements IEnrollmentPolicy, IExtendedPluginInfo {
     public static final String PROP_CRITICAL = "critical";
 
     // PKIX specifies the that the extension SHOULD NOT be critical
@@ -69,15 +68,15 @@ public class IssuerAltNameExt extends APolicyRule
     static {
         defaultParams.addElement(PROP_CRITICAL + "=" + DEFAULT_CRITICALITY);
         CMS.getGeneralNamesConfigDefaultParams(null, true, defaultParams);
-	
+
         Vector<String> info = new Vector<String>();
 
         info.addElement(PROP_CRITICAL + ";boolean;RFC 2459 recommendation: SHOULD NOT be marked critical.");
         info.addElement(IExtendedPluginInfo.HELP_TOKEN +
-            ";configuration-policyrules-issueraltname");
+                ";configuration-policyrules-issueraltname");
         info.addElement(IExtendedPluginInfo.HELP_TEXT +
-            ";This policy inserts the Issuer Alternative Name " +
-            "Extension into the certificate. See RFC 2459 (4.2.1.8). ");
+                ";This policy inserts the Issuer Alternative Name " +
+                "Extension into the certificate. See RFC 2459 (4.2.1.8). ");
 
         CMS.getGeneralNamesConfigExtendedPluginInfo(null, true, info);
 
@@ -102,10 +101,11 @@ public class IssuerAltNameExt extends APolicyRule
 
     /**
      * Initializes this policy rule.
-     * @param config    The config store reference
+     * 
+     * @param config The config store reference
      */
     public void init(ISubsystem owner, IConfigStore config)
-        throws EBaseException {
+            throws EBaseException {
         mConfig = config;
 
         // get criticality
@@ -120,43 +120,43 @@ public class IssuerAltNameExt extends APolicyRule
 
         // form extension
         try {
-            if (mEnabled && 
-                mGNs.getGeneralNames() != null && !mGNs.getGeneralNames().isEmpty()) {
-                mExtension = 
+            if (mEnabled &&
+                    mGNs.getGeneralNames() != null && !mGNs.getGeneralNames().isEmpty()) {
+                mExtension =
                         new IssuerAlternativeNameExtension(
-                            Boolean.valueOf(mCritical), mGNs.getGeneralNames());
+                                Boolean.valueOf(mCritical), mGNs.getGeneralNames());
             }
         } catch (Exception e) {
             throw new EBaseException(CMS.getUserMessage("CMS_BASE_INTERNAL_ERROR", e.toString()));
         }
 
         // init instance params
-        mParams.addElement(PROP_CRITICAL + "=" + mCritical); 
+        mParams.addElement(PROP_CRITICAL + "=" + mCritical);
         mGNs.getInstanceParams(mParams);
 
         return;
     }
 
     /**
-     * Adds a extension if none exists. 
-     *
-     * @param req   The request on which to apply policy.
+     * Adds a extension if none exists.
+     * 
+     * @param req The request on which to apply policy.
      * @return The policy result object.
      */
     public PolicyResult apply(IRequest req) {
         PolicyResult res = PolicyResult.ACCEPTED;
 
-        if (mEnabled == false || mExtension == null) 
+        if (mEnabled == false || mExtension == null)
             return res;
 
-            // get cert info.
-        X509CertInfo[] ci = 
-            req.getExtDataInCertInfoArray(IRequest.CERT_INFO);
+        // get cert info.
+        X509CertInfo[] ci =
+                req.getExtDataInCertInfoArray(IRequest.CERT_INFO);
 
         X509CertInfo certInfo = null;
 
         if (ci == null || (certInfo = ci[0]) == null) {
-            setError(req, CMS.getUserMessage("CMS_POLICY_NO_CERT_INFO"), NAME); 
+            setError(req, CMS.getUserMessage("CMS_POLICY_NO_CERT_INFO"), NAME);
             return PolicyResult.REJECTED; // unrecoverable error.
         }
 
@@ -188,7 +188,7 @@ public class IssuerAltNameExt extends APolicyRule
             extensions = new CertificateExtensions();
             try {
                 certInfo.set(X509CertInfo.VERSION,
-                    new CertificateVersion(CertificateVersion.V3));
+                        new CertificateVersion(CertificateVersion.V3));
                 certInfo.set(X509CertInfo.EXTENSIONS, extensions);
             } catch (CertificateException e) {
                 // not possible
@@ -214,10 +214,10 @@ public class IssuerAltNameExt extends APolicyRule
         try {
             extensions.set(IssuerAlternativeNameExtension.class.getSimpleName(), mExtension);
         } catch (Exception e) {
-            if (e instanceof RuntimeException) 
+            if (e instanceof RuntimeException)
                 throw (RuntimeException) e;
-            log(ILogger.LL_FAILURE, 
-                CMS.getLogMessage("CRL_CREATE_ISSUER_ALT_NAME_EXT", e.toString()));
+            log(ILogger.LL_FAILURE,
+                    CMS.getLogMessage("CRL_CREATE_ISSUER_ALT_NAME_EXT", e.toString()));
             setError(req, CMS.getUserMessage("CMS_POLICY_SUBJECT_KEY_ID_ERROR"), NAME);
             return PolicyResult.REJECTED;
         }
@@ -226,21 +226,21 @@ public class IssuerAltNameExt extends APolicyRule
 
     /**
      * Return configured parameters for a policy rule instance.
-     *
+     * 
      * @return Empty Vector since this policy has no configuration parameters.
-     * for this policy instance.
+     *         for this policy instance.
      */
-    public Vector<String> getInstanceParams() { 
+    public Vector<String> getInstanceParams() {
         return mParams;
     }
 
     /**
      * Return default parameters for a policy implementation.
-     *
-     * @return Empty Vector since this policy implementation has no 
-     * configuration parameters.
+     * 
+     * @return Empty Vector since this policy implementation has no
+     *         configuration parameters.
      */
-    public Vector<String> getDefaultParams() { 
+    public Vector<String> getDefaultParams() {
         return defaultParams;
     }
 
@@ -249,4 +249,3 @@ public class IssuerAltNameExt extends APolicyRule
     }
 
 }
-
diff --git a/pki/base/common/src/com/netscape/cms/policy/extensions/KeyUsageExt.java b/pki/base/common/src/com/netscape/cms/policy/extensions/KeyUsageExt.java
index 4e9ef825..0988a636 100644
--- a/pki/base/common/src/com/netscape/cms/policy/extensions/KeyUsageExt.java
+++ b/pki/base/common/src/com/netscape/cms/policy/extensions/KeyUsageExt.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.policy.extensions;
 
-
 import java.io.IOException;
 import java.security.cert.CertificateException;
 import java.security.cert.X509Certificate;
@@ -44,25 +43,25 @@ import com.netscape.certsrv.request.IRequest;
 import com.netscape.certsrv.request.PolicyResult;
 import com.netscape.cms.policy.APolicyRule;
 
-
 /**
- * Policy to add Key Usage Extension.
- * Adds the key usage extension based on what's requested.
+ * Policy to add Key Usage Extension. Adds the key usage extension based on
+ * what's requested.
  * <P>
+ * 
  * <PRE>
  * NOTE:  The Policy Framework has been replaced by the Profile Framework.
  * </PRE>
  * <P>
- *
+ * 
  * @deprecated
  * @version $Revision$, $Date$
  */
 public class KeyUsageExt extends APolicyRule
-    implements IEnrollmentPolicy, IExtendedPluginInfo {
+        implements IEnrollmentPolicy, IExtendedPluginInfo {
 
     private final static String HTTP_INPUT = "HTTP_INPUT";
-    protected static final boolean[] DEF_BITS = 
-        new boolean[KeyUsageExtension.NBITS];
+    protected static final boolean[] DEF_BITS =
+            new boolean[KeyUsageExtension.NBITS];
     protected int mCAPathLen = -1;
     protected IConfigStore mConfig = null;
     protected static final String PROP_CRITICAL = "critical";
@@ -97,25 +96,24 @@ public class KeyUsageExt extends APolicyRule
     /**
      * Initializes this policy rule.
      * <P>
-     *
+     * 
      * The entries may be of the form:
-     *
-     *      ca.Policy.rule.<ruleName>.implName=KeyUsageExt
-     *      ca.Policy.rule.<ruleName>.enable=true
-     *		ca.Policy.rule.<ruleName>.
-     *
-     * @param config	The config store reference
+     * 
+     * ca.Policy.rule.<ruleName>.implName=KeyUsageExt
+     * ca.Policy.rule.<ruleName>.enable=true ca.Policy.rule.<ruleName>.
+     * 
+     * @param config The config store reference
      */
     public void init(ISubsystem owner, IConfigStore config)
-        throws EBaseException {
+            throws EBaseException {
         mConfig = config;
 
         ICertAuthority certAuthority = (ICertAuthority)
-            ((IPolicyProcessor) owner).getAuthority();
+                ((IPolicyProcessor) owner).getAuthority();
 
         if (certAuthority == null) {
             log(ILogger.LL_FAILURE, CMS.getLogMessage("CA_CANT_FIND_MANAGER"));
-            throw new EBaseException(CMS.getUserMessage("CMS_BASE_INTERNAL_ERROR", 
+            throw new EBaseException(CMS.getUserMessage("CMS_BASE_INTERNAL_ERROR",
                         "Cannot find the Certificate Manager or Registration Manager"));
         }
 
@@ -123,9 +121,9 @@ public class KeyUsageExt extends APolicyRule
             CertificateChain caChain = certAuthority.getCACertChain();
             X509Certificate caCert = null;
 
-            // Note that in RA the chain could be null if CA was not up when 
-            // RA was started. In that case just set the length to -1 and let 
-            // CA reject if it does not allow any subordinate CA certs. 
+            // Note that in RA the chain could be null if CA was not up when
+            // RA was started. In that case just set the length to -1 and let
+            // CA reject if it does not allow any subordinate CA certs.
             if (caChain != null) {
                 caCert = caChain.getFirstCertificate();
                 mCAPathLen = caCert.getBasicConstraints();
@@ -145,30 +143,29 @@ public class KeyUsageExt extends APolicyRule
     }
 
     /**
-     * Adds the key usage extension if not set already.
-     * (CRMF, agent, authentication (currently) or PKCS#10 (future) 
-     *  or RA could have set the extension.)
-     * If not set, set from http input parameters or use default if 
+     * Adds the key usage extension if not set already. (CRMF, agent,
+     * authentication (currently) or PKCS#10 (future) or RA could have set the
+     * extension.) If not set, set from http input parameters or use default if
      * no http input parameters are set.
      * 
-     * Note: this allows any bits requested - does not check if user 
-     * authenticated is allowed to have a Key Usage Extension with 
-     * those bits. Unless the CA's certificate path length is 0, then 
-     * we do not allow CA sign or CRL sign bits in any request.
+     * Note: this allows any bits requested - does not check if user
+     * authenticated is allowed to have a Key Usage Extension with those bits.
+     * Unless the CA's certificate path length is 0, then we do not allow CA
+     * sign or CRL sign bits in any request.
      * 
      * <P>
-     *
-     * @param req	The request on which to apply policy.
+     * 
+     * @param req The request on which to apply policy.
      * @return The policy result object.
      */
     public PolicyResult apply(IRequest req) {
         PolicyResult res = PolicyResult.ACCEPTED;
 
-        X509CertInfo[] ci = 
-            req.getExtDataInCertInfoArray(IRequest.CERT_INFO);
+        X509CertInfo[] ci =
+                req.getExtDataInCertInfoArray(IRequest.CERT_INFO);
 
         if (ci == null || ci[0] == null) {
-            setError(req, CMS.getUserMessage("CMS_POLICY_NO_CERT_INFO"), NAME); 
+            setError(req, CMS.getUserMessage("CMS_POLICY_NO_CERT_INFO"), NAME);
             return PolicyResult.REJECTED; // unrecoverable error.
         }
 
@@ -184,7 +181,7 @@ public class KeyUsageExt extends APolicyRule
     public PolicyResult applyCert(IRequest req, X509CertInfo certInfo) {
         try {
             CertificateExtensions extensions = (CertificateExtensions)
-                certInfo.get(X509CertInfo.EXTENSIONS);
+                    certInfo.get(X509CertInfo.EXTENSIONS);
             KeyUsageExtension ext = null;
 
             if (extensions != null) {
@@ -195,7 +192,7 @@ public class KeyUsageExt extends APolicyRule
                     // extension isn't there.
                     ext = null;
                 }
-                // check if CA does not allow subordinate CA certs. 
+                // check if CA does not allow subordinate CA certs.
                 // otherwise accept existing key usage extension.
                 if (ext != null) {
                     if (mCAPathLen == 0) {
@@ -203,11 +200,11 @@ public class KeyUsageExt extends APolicyRule
 
                         if ((bits.length > KeyUsageExtension.KEY_CERTSIGN_BIT &&
                                 bits[KeyUsageExtension.KEY_CERTSIGN_BIT] == true) ||
-                            (bits.length > KeyUsageExtension.CRL_SIGN_BIT && 
+                                (bits.length > KeyUsageExtension.CRL_SIGN_BIT &&
                                 bits[KeyUsageExtension.CRL_SIGN_BIT] == true)) {
-                            setError(req, 
-                                CMS.getUserMessage("CMS_POLICY_NO_SUB_CA_CERTS_ALLOWED"), 
-                                NAME);
+                            setError(req,
+                                    CMS.getUserMessage("CMS_POLICY_NO_SUB_CA_CERTS_ALLOWED"),
+                                    NAME);
                             return PolicyResult.REJECTED;
                         }
                     }
@@ -216,8 +213,8 @@ public class KeyUsageExt extends APolicyRule
             } else {
                 // create extensions set if none.
                 if (extensions == null) {
-                    certInfo.set(X509CertInfo.VERSION, 
-                        new CertificateVersion(CertificateVersion.V3));
+                    certInfo.set(X509CertInfo.VERSION,
+                            new CertificateVersion(CertificateVersion.V3));
                     extensions = new CertificateExtensions();
                     certInfo.set(X509CertInfo.EXTENSIONS, extensions);
                 }
@@ -225,41 +222,41 @@ public class KeyUsageExt extends APolicyRule
 
             boolean[] bits = new boolean[KeyUsageExtension.NBITS];
 
-            bits[KeyUsageExtension.DIGITAL_SIGNATURE_BIT] = getBit("digital_signature", 
-                        mDigitalSignature, req); 
-            bits[KeyUsageExtension.NON_REPUDIATION_BIT] = getBit("non_repudiation", 
+            bits[KeyUsageExtension.DIGITAL_SIGNATURE_BIT] = getBit("digital_signature",
+                        mDigitalSignature, req);
+            bits[KeyUsageExtension.NON_REPUDIATION_BIT] = getBit("non_repudiation",
                         mNonRepudiation, req);
-            bits[KeyUsageExtension.KEY_ENCIPHERMENT_BIT] = getBit("key_encipherment", 
+            bits[KeyUsageExtension.KEY_ENCIPHERMENT_BIT] = getBit("key_encipherment",
                         mKeyEncipherment, req);
-            bits[KeyUsageExtension.DATA_ENCIPHERMENT_BIT] = getBit("data_encipherment", 
+            bits[KeyUsageExtension.DATA_ENCIPHERMENT_BIT] = getBit("data_encipherment",
                         mDataEncipherment, req);
-            bits[KeyUsageExtension.KEY_AGREEMENT_BIT] = getBit("key_agreement", 
-                        mKeyAgreement, req); 
-            bits[KeyUsageExtension.KEY_CERTSIGN_BIT] = getBit("key_certsign", 
+            bits[KeyUsageExtension.KEY_AGREEMENT_BIT] = getBit("key_agreement",
+                        mKeyAgreement, req);
+            bits[KeyUsageExtension.KEY_CERTSIGN_BIT] = getBit("key_certsign",
                         mKeyCertsign, req);
             bits[KeyUsageExtension.CRL_SIGN_BIT] = getBit("crl_sign", mCrlSign, req);
             bits[KeyUsageExtension.ENCIPHER_ONLY_BIT] = getBit("encipher_only",
                         mEncipherOnly, req);
-            bits[KeyUsageExtension.DECIPHER_ONLY_BIT] = getBit("decipher_only",  
+            bits[KeyUsageExtension.DECIPHER_ONLY_BIT] = getBit("decipher_only",
                         mDecipherOnly, req);
-            
-            // don't allow no bits set or the extension does not 
+
+            // don't allow no bits set or the extension does not
             // encode/decode properlly.
             boolean bitset = false;
 
             for (int i = 0; i < bits.length; i++) {
                 if (bits[i]) {
-                    bitset = true;   
+                    bitset = true;
                     break;
                 }
             }
             if (!bitset) {
-                log(ILogger.LL_FAILURE, CMS.getLogMessage("POLICY_NO_KEYUSAGE_EXTENSION_BITS_SET", NAME)); 
+                log(ILogger.LL_FAILURE, CMS.getLogMessage("POLICY_NO_KEYUSAGE_EXTENSION_BITS_SET", NAME));
                 setError(req, CMS.getUserMessage("CMS_POLICY_NO_KEYUSAGE_EXTENSION_BITS_SET"),
-                    NAME); 
+                        NAME);
                 return PolicyResult.REJECTED;
             }
-  
+
             // create the extension.
             try {
                 mKeyUsage = new KeyUsageExtension(mCritical, bits);
@@ -269,23 +266,23 @@ public class KeyUsageExt extends APolicyRule
             return PolicyResult.ACCEPTED;
         } catch (IOException e) {
             log(ILogger.LL_FAILURE, CMS.getLogMessage("BASE_IO_ERROR", e.getMessage()));
-            setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"), 
-                NAME, e.getMessage());
+            setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"),
+                    NAME, e.getMessage());
             return PolicyResult.REJECTED; // unrecoverable error.
         } catch (CertificateException e) {
             log(ILogger.LL_FAILURE, CMS.getLogMessage("CA_CERT_INFO_ERROR", e.getMessage()));
-            setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"), 
-                NAME, "Certificate Info Error");
+            setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"),
+                    NAME, "Certificate Info Error");
             return PolicyResult.REJECTED; // unrecoverable error.
         }
     }
 
     /**
      * Return configured parameters for a policy rule instance.
-     *
+     * 
      * @return nvPairs A Vector of name/value pairs.
      */
-    public Vector<String> getInstanceParams() { 
+    public Vector<String> getInstanceParams() {
         Vector<String> params = new Vector<String>();
 
         params.addElement(PROP_CRITICAL + "=" + mCritical);
@@ -328,21 +325,21 @@ public class KeyUsageExt extends APolicyRule
                 PROP_ENCIPHER_ONLY + ";choice(true,false,HTTP_INPUT);true means always set this bit, false means don't set this bit, HTTP_INPUT means get this bit from the HTTP input",
                 PROP_DECIPHER_ONLY + ";choice(true,false,HTTP_INPUT);true means always set this bit, false means don't set this bit, HTTP_INPUT means get this bit from the HTTP input",
                 IExtendedPluginInfo.HELP_TOKEN +
-                ";configuration-policyrules-keyusage",
+                        ";configuration-policyrules-keyusage",
                 IExtendedPluginInfo.HELP_TEXT +
-                ";Adds Key Usage Extension; See in RFC 2459 (4.2.1.3)"
+                        ";Adds Key Usage Extension; See in RFC 2459 (4.2.1.3)"
 
-            };
+        };
 
         return params;
     }
-	
+
     /**
      * Return default parameters for a policy implementation.
-     *
+     * 
      * @return nvPairs A Vector of name/value pairs.
      */
-    public Vector<String> getDefaultParams() { 
+    public Vector<String> getDefaultParams() {
         return mDefParams;
     }
 
@@ -355,4 +352,3 @@ public class KeyUsageExt extends APolicyRule
         return Boolean.valueOf(choice).booleanValue();
     }
 }
-
diff --git a/pki/base/common/src/com/netscape/cms/policy/extensions/NSCCommentExt.java b/pki/base/common/src/com/netscape/cms/policy/extensions/NSCCommentExt.java
index 019e3e08..c453eb0d 100644
--- a/pki/base/common/src/com/netscape/cms/policy/extensions/NSCCommentExt.java
+++ b/pki/base/common/src/com/netscape/cms/policy/extensions/NSCCommentExt.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.policy.extensions;
 
-
 import java.io.BufferedReader;
 import java.io.FileInputStream;
 import java.io.FileNotFoundException;
@@ -45,21 +44,20 @@ import com.netscape.certsrv.request.IRequest;
 import com.netscape.certsrv.request.PolicyResult;
 import com.netscape.cms.policy.APolicyRule;
 
-
 /**
- * Netscape comment
- * Adds Netscape comment policy
+ * Netscape comment Adds Netscape comment policy
  * <P>
+ * 
  * <PRE>
  * NOTE:  The Policy Framework has been replaced by the Profile Framework.
  * </PRE>
  * <P>
- *
+ * 
  * @deprecated
  * @version $Revision$, $Date$
  */
 public class NSCCommentExt extends APolicyRule
-    implements IEnrollmentPolicy, IExtendedPluginInfo {
+        implements IEnrollmentPolicy, IExtendedPluginInfo {
 
     protected static final String PROP_USER_NOTICE_DISPLAY_TEXT = "displayText";
     protected static final String PROP_COMMENT_FILE = "commentFile";
@@ -68,19 +66,18 @@ public class NSCCommentExt extends APolicyRule
     protected static final String TEXT = "Text";
     protected static final String FILE = "File";
 
-    protected String  mUserNoticeDisplayText;
-    protected String  mCommentFile;
-    protected String  mInputType;
+    protected String mUserNoticeDisplayText;
+    protected String mCommentFile;
+    protected String mInputType;
     protected boolean mCritical;
     private Vector<String> mParams = new Vector<String>();
 
-    protected String  tempCommentFile;
+    protected String tempCommentFile;
     protected boolean certApplied = false;
 
     /**
-     * Adds the  Netscape comment in the end-entity certificates or
-     * CA certificates. The policy is set to be non-critical with the
-     * provided OID.
+     * Adds the Netscape comment in the end-entity certificates or CA
+     * certificates. The policy is set to be non-critical with the provided OID.
      */
     public NSCCommentExt() {
         NAME = "NSCCommentExt";
@@ -91,16 +88,16 @@ public class NSCCommentExt extends APolicyRule
      * Initializes this policy rule.
      * <p>
      * The entries may be of the form:
-     *
-     *	  ca.Policy.rule.<ruleName>.implName=NSCCommentExtImpl
-     *	  ca.Policy.rule.<ruleName>.displayText=<n>
-     *	  ca.Policy.rule.<ruleName>.commentFile=<n>
-     *	  ca.Policy.rule.<ruleName>.enable=false
-     *
-     * @param config		The config store reference
+     * 
+     * ca.Policy.rule.<ruleName>.implName=NSCCommentExtImpl
+     * ca.Policy.rule.<ruleName>.displayText=<n>
+     * ca.Policy.rule.<ruleName>.commentFile=<n>
+     * ca.Policy.rule.<ruleName>.enable=false
+     * 
+     * @param config The config store reference
      */
     public void init(ISubsystem owner, IConfigStore config)
-        throws EBaseException {
+            throws EBaseException {
 
         FileInputStream fileStream = null;
 
@@ -138,11 +135,11 @@ public class NSCCommentExt extends APolicyRule
 
             mParams.addElement(PROP_COMMENT_FILE + "=" + mCommentFile);
         } catch (FileNotFoundException e) {
-            Object[] params = {getInstanceName(), "File not found : " + tempCommentFile};
+            Object[] params = { getInstanceName(), "File not found : " + tempCommentFile };
 
             throw new EPolicyException(CMS.getUserMessage("CMS_POLICY_INVALID_POLICY_CONFIG"), params);
         } catch (Exception e) {
-            Object[] params = {getInstanceName(), e.getMessage()};
+            Object[] params = { getInstanceName(), e.getMessage() };
 
             throw new EPolicyException(CMS.getUserMessage("CMS_POLICY_INVALID_POLICY_CONFIG"), params);
         }
@@ -151,16 +148,16 @@ public class NSCCommentExt extends APolicyRule
     /**
      * Applies the policy on the given Request.
      * <p>
-     *
-     * @param req   The request on which to apply policy.
+     * 
+     * @param req The request on which to apply policy.
      * @return The policy result object.
      */
     public PolicyResult apply(IRequest req) {
         PolicyResult res = PolicyResult.ACCEPTED;
 
         // get cert info.
-        X509CertInfo[] ci = 
-            req.getExtDataInCertInfoArray(IRequest.CERT_INFO);
+        X509CertInfo[] ci =
+                req.getExtDataInCertInfoArray(IRequest.CERT_INFO);
 
         if (ci == null || ci[0] == null) {
             setError(req, CMS.getUserMessage("CMS_POLICY_NO_CERT_INFO"), NAME);
@@ -191,8 +188,8 @@ public class NSCCommentExt extends APolicyRule
         if (extensions == null) {
             extensions = new CertificateExtensions();
             try {
-                certInfo.set(X509CertInfo.VERSION, 
-                    new CertificateVersion(CertificateVersion.V3));
+                certInfo.set(X509CertInfo.VERSION,
+                        new CertificateVersion(CertificateVersion.V3));
                 certInfo.set(X509CertInfo.EXTENSIONS, extensions);
             } catch (Exception e) {
             }
@@ -200,10 +197,10 @@ public class NSCCommentExt extends APolicyRule
             // remove any previously computed version of the extension
             try {
                 extensions.delete(NSCCommentExtension.class.getSimpleName());
-			
+
             } catch (IOException e) {
                 // this is the hack: for some reason, the key which is the name
-                // of the policy has been converted into the OID 
+                // of the policy has been converted into the OID
                 try {
                     extensions.delete("2.16.840.1.113730.1.13");
                 } catch (IOException ee) {
@@ -211,7 +208,8 @@ public class NSCCommentExt extends APolicyRule
             }
         }
         if (mInputType.equals("File")) {
-            //		if ((mUserNoticeDisplayText.equals("")) && !(mCommentFile.equals(""))) {
+            // if ((mUserNoticeDisplayText.equals("")) &&
+            // !(mCommentFile.equals(""))) {
             try {
                 // Read the comments file
                 BufferedReader fis = new BufferedReader(new FileReader(mCommentFile));
@@ -225,9 +223,9 @@ public class NSCCommentExt extends APolicyRule
                 fis.close();
             } catch (IOException e) {
                 setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"),
-                    NAME, " Comment Text file not found : " + mCommentFile);
+                        NAME, " Comment Text file not found : " + mCommentFile);
                 log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("POLICY_COMMENT_FILE_NOT_FOUND", e.toString()));
+                        CMS.getLogMessage("POLICY_COMMENT_FILE_NOT_FOUND", e.toString()));
                 return PolicyResult.REJECTED;
 
             }
@@ -235,20 +233,20 @@ public class NSCCommentExt extends APolicyRule
         }
 
         certApplied = true;
-	
+
         DisplayText displayText =
-            new DisplayText(DisplayText.tag_IA5String, mUserNoticeDisplayText);
+                new DisplayText(DisplayText.tag_IA5String, mUserNoticeDisplayText);
 
         try {
-            NSCCommentExtension cpExt = 
-                new NSCCommentExtension(mCritical, mUserNoticeDisplayText);
+            NSCCommentExtension cpExt =
+                    new NSCCommentExtension(mCritical, mUserNoticeDisplayText);
 
             extensions.set(NSCCommentExtension.class.getSimpleName(), cpExt);
         } catch (Exception e) {
             log(ILogger.LL_FAILURE,
-                CMS.getLogMessage("POLICY_ERROR_CERTIFICATE_POLICIES_1", NAME));
+                    CMS.getLogMessage("POLICY_ERROR_CERTIFICATE_POLICIES_1", NAME));
             setError(req,
-                CMS.getUserMessage("CMS_POLICY_CERTIFICATE_POLICIES_ERROR"), NAME);
+                    CMS.getUserMessage("CMS_POLICY_CERTIFICATE_POLICIES_ERROR"), NAME);
             return PolicyResult.REJECTED;
         }
         return PolicyResult.ACCEPTED;
@@ -258,16 +256,16 @@ public class NSCCommentExt extends APolicyRule
         String[] params = {
                 PROP_CRITICAL + ";boolean;Netscape recommendation: non-critical.",
                 PROP_INPUT_TYPE + ";choice(Text,File);Whether the comments " +
-                "would be entered in the displayText field or come from " +
-                "a file.",
+                        "would be entered in the displayText field or come from " +
+                        "a file.",
                 PROP_USER_NOTICE_DISPLAY_TEXT + ";string;The comment that may be " +
-                "displayed to the user when the certificate is viewed.",
+                        "displayed to the user when the certificate is viewed.",
                 PROP_COMMENT_FILE + ";string; If data source is 'File', specify " +
-                "the file name with full path.",
+                        "the file name with full path.",
                 IExtendedPluginInfo.HELP_TOKEN +
-                ";configuration-policyrules-nsccomment",
+                        ";configuration-policyrules-nsccomment",
                 IExtendedPluginInfo.HELP_TEXT +
-                ";Adds 'netscape comment' extension. See manual"
+                        ";Adds 'netscape comment' extension. See manual"
             };
 
         return params;
@@ -276,19 +274,19 @@ public class NSCCommentExt extends APolicyRule
 
     /**
      * Return configured parameters for a policy rule instance.
-     *
+     * 
      * @return nvPairs A Vector of name/value pairs.
      */
-    public Vector<String> getInstanceParams() { 
+    public Vector<String> getInstanceParams() {
         return mParams;
     }
 
     /**
      * Return default parameters for a policy implementation.
-     *
+     * 
      * @return nvPairs A Vector of name/value pairs.
      */
-    public Vector<String> getDefaultParams() { 
+    public Vector<String> getDefaultParams() {
         Vector<String> defParams = new Vector<String>();
 
         defParams.addElement(PROP_CRITICAL + "=false");
diff --git a/pki/base/common/src/com/netscape/cms/policy/extensions/NSCertTypeExt.java b/pki/base/common/src/com/netscape/cms/policy/extensions/NSCertTypeExt.java
index 88c57d2e..c80f65e5 100644
--- a/pki/base/common/src/com/netscape/cms/policy/extensions/NSCertTypeExt.java
+++ b/pki/base/common/src/com/netscape/cms/policy/extensions/NSCertTypeExt.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.policy.extensions;
 
-
 import java.io.IOException;
 import java.security.cert.CertificateException;
 import java.security.cert.X509Certificate;
@@ -46,45 +45,45 @@ import com.netscape.certsrv.request.IRequest;
 import com.netscape.certsrv.request.PolicyResult;
 import com.netscape.cms.policy.APolicyRule;
 
-
 /**
- * NS Cert Type policy.
- * Adds the ns cert type extension depending on cert type requested.
+ * NS Cert Type policy. Adds the ns cert type extension depending on cert type
+ * requested.
  * <P>
+ * 
  * <PRE>
  * NOTE:  The Policy Framework has been replaced by the Profile Framework.
  * </PRE>
  * <P>
- *
+ * 
  * @deprecated
  * @version $Revision$, $Date$
  */
 public class NSCertTypeExt extends APolicyRule
-    implements IEnrollmentPolicy, IExtendedPluginInfo {
+        implements IEnrollmentPolicy, IExtendedPluginInfo {
     protected static final String PROP_SET_DEFAULT_BITS = "setDefaultBits";
     protected static final boolean DEF_SET_DEFAULT_BITS = true;
-    protected static final String DEF_SET_DEFAULT_BITS_VAL = 
-        Boolean.valueOf(DEF_SET_DEFAULT_BITS).toString();
+    protected static final String DEF_SET_DEFAULT_BITS_VAL =
+            Boolean.valueOf(DEF_SET_DEFAULT_BITS).toString();
 
     protected static final int DEF_PATHLEN = -1;
 
-    protected static final boolean[] DEF_BITS = 
-        new boolean[NSCertTypeExtension.NBITS];
+    protected static final boolean[] DEF_BITS =
+            new boolean[NSCertTypeExtension.NBITS];
 
-    // XXX for future use. currenlty always allow. 
+    // XXX for future use. currenlty always allow.
     protected static final String PROP_AGENT_OVERR = "allowAgentOverride";
     protected static final String PROP_EE_OVERR = "AllowEEOverride";
 
-    // XXX for future use. currently always critical 
-    // (standard says SHOULD be marked critical if included.) 
+    // XXX for future use. currently always critical
+    // (standard says SHOULD be marked critical if included.)
     protected static final String PROP_CRITICAL = "critical";
 
-    // XXX for future use to allow overrides from forms. 
+    // XXX for future use to allow overrides from forms.
     // request must be agent approved or authenticated.
     protected boolean mAllowAgentOverride = false;
     protected boolean mAllowEEOverride = false;
 
-    // XXX for future use. currently always non-critical 
+    // XXX for future use. currently always non-critical
     protected boolean mCritical = false;
 
     protected int mCAPathLen = -1;
@@ -112,25 +111,25 @@ public class NSCertTypeExt extends APolicyRule
     /**
      * Initializes this policy rule.
      * <P>
-     *
+     * 
      * The entries may be of the form:
-     *
-     *      ra.Policy.rule.<ruleName>.implName=nsCertTypeExt
-     *      ra.Policy.rule.<ruleName>.enable=true
-     *
-     * @param config	The config store reference
+     * 
+     * ra.Policy.rule.<ruleName>.implName=nsCertTypeExt
+     * ra.Policy.rule.<ruleName>.enable=true
+     * 
+     * @param config The config store reference
      */
     public void init(ISubsystem owner, IConfigStore config)
-        throws EBaseException {
+            throws EBaseException {
         mConfig = config;
 
         // XXX future use.
-        //mAllowAgentOverride = config.getBoolean(PROP_AGENT_OVERR, false);
-        //mAllowEEOverride = config.getBoolean(PROP_EE_OVERR, false);
+        // mAllowAgentOverride = config.getBoolean(PROP_AGENT_OVERR, false);
+        // mAllowEEOverride = config.getBoolean(PROP_EE_OVERR, false);
         mCritical = config.getBoolean(PROP_CRITICAL, false);
 
         ICertAuthority certAuthority = (ICertAuthority)
-            ((IPolicyProcessor) owner).getAuthority();
+                ((IPolicyProcessor) owner).getAuthority();
 
         if (certAuthority instanceof ICertificateAuthority) {
             CertificateChain caChain = certAuthority.getCACertChain();
@@ -141,7 +140,7 @@ public class NSCertTypeExt extends APolicyRule
             // CA reject if it does not allow any subordinate CA certs.
             if (caChain != null) {
                 caCert = caChain.getFirstCertificate();
-                if (caCert != null) 
+                if (caCert != null)
                     mCAPathLen = caCert.getBasicConstraints();
             }
         }
@@ -151,25 +150,24 @@ public class NSCertTypeExt extends APolicyRule
     }
 
     /**
-     * Adds the ns cert type if not set already.
-     * reads ns cert type choices from form. If no choices from form
-     * will defaults to all.
+     * Adds the ns cert type if not set already. reads ns cert type choices from
+     * form. If no choices from form will defaults to all.
      * <P>
-     *
-     * @param req	The request on which to apply policy.
+     * 
+     * @param req The request on which to apply policy.
      * @return The policy result object.
      */
     public PolicyResult apply(IRequest req) {
         CMS.debug("NSCertTypeExt: Impl: " + NAME + ", Instance: " + getInstanceName() + "::apply()");
         PolicyResult res = PolicyResult.ACCEPTED;
 
-        X509CertInfo[] ci = 
-            req.getExtDataInCertInfoArray(IRequest.CERT_INFO);
-		
+        X509CertInfo[] ci =
+                req.getExtDataInCertInfoArray(IRequest.CERT_INFO);
+
         X509CertInfo certInfo = null;
 
         if (ci == null || (certInfo = ci[0]) == null) {
-            setError(req, CMS.getUserMessage("CMS_POLICY_NO_CERT_INFO"), NAME); 
+            setError(req, CMS.getUserMessage("CMS_POLICY_NO_CERT_INFO"), NAME);
             return PolicyResult.REJECTED; // unrecoverable error.
         }
 
@@ -184,10 +182,10 @@ public class NSCertTypeExt extends APolicyRule
 
     public PolicyResult applyCert(IRequest req, X509CertInfo certInfo) {
         try {
-            String certType = 
-                req.getExtDataInString(IRequest.HTTP_PARAMS, IRequest.CERT_TYPE);
+            String certType =
+                    req.getExtDataInString(IRequest.HTTP_PARAMS, IRequest.CERT_TYPE);
             CertificateExtensions extensions = (CertificateExtensions)
-                certInfo.get(X509CertInfo.EXTENSIONS);
+                    certInfo.get(X509CertInfo.EXTENSIONS);
             NSCertTypeExtension nsCertTypeExt = null;
 
             if (extensions != null) {
@@ -201,13 +199,13 @@ public class NSCertTypeExt extends APolicyRule
                 }
                 // XXX agent servlet currently sets this. it should be
                 // delayed to here.
-                if (nsCertTypeExt != null && 
-                    extensionIsGood(nsCertTypeExt, req)) {
+                if (nsCertTypeExt != null &&
+                        extensionIsGood(nsCertTypeExt, req)) {
                     CMS.debug(
-                        "NSCertTypeExt: already has correct ns cert type ext");
+                            "NSCertTypeExt: already has correct ns cert type ext");
                     return PolicyResult.ACCEPTED;
-                } else if ((nsCertTypeExt != null) && 
-                    (certType.equals("ocspResponder"))) {
+                } else if ((nsCertTypeExt != null) &&
+                        (certType.equals("ocspResponder"))) {
                     // Fix for #528732 : Always delete
                     // this extension from OCSP signing cert
                     extensions.delete(NSCertTypeExtension.class.getSimpleName());
@@ -216,12 +214,12 @@ public class NSCertTypeExt extends APolicyRule
             } else {
                 // create extensions set if none.
                 if (extensions == null) {
-                    certInfo.set(X509CertInfo.VERSION, 
-                        new CertificateVersion(CertificateVersion.V3));
+                    certInfo.set(X509CertInfo.VERSION,
+                            new CertificateVersion(CertificateVersion.V3));
                     extensions = new CertificateExtensions();
                     certInfo.set(X509CertInfo.EXTENSIONS, extensions);
                     CMS.debug(
-                        "NSCertTypeExt: Created extensions for adding ns cert type..");
+                            "NSCertTypeExt: Created extensions for adding ns cert type..");
                 }
             }
             // add ns cert type extension if not set or not set correctly.
@@ -229,13 +227,13 @@ public class NSCertTypeExt extends APolicyRule
 
             bits = getBitsFromRequest(req, mSetDefaultBits);
 
-            // check if ca doesn't allow any subordinate ca 
-            if (mCAPathLen == 0 && bits != null) {   
-                if (bits[NSCertTypeExtension.SSL_CA_BIT] || 
-                    bits[NSCertTypeExtension.EMAIL_CA_BIT] || 
-                    bits[NSCertTypeExtension.OBJECT_SIGNING_CA_BIT]) {
-                    setError(req, 
-                        CMS.getUserMessage("CMS_POLICY_NO_SUB_CA_CERTS_ALLOWED"), NAME);
+            // check if ca doesn't allow any subordinate ca
+            if (mCAPathLen == 0 && bits != null) {
+                if (bits[NSCertTypeExtension.SSL_CA_BIT] ||
+                        bits[NSCertTypeExtension.EMAIL_CA_BIT] ||
+                        bits[NSCertTypeExtension.OBJECT_SIGNING_CA_BIT]) {
+                    setError(req,
+                            CMS.getUserMessage("CMS_POLICY_NO_SUB_CA_CERTS_ALLOWED"), NAME);
                     return PolicyResult.REJECTED;
                 }
             }
@@ -249,11 +247,12 @@ public class NSCertTypeExt extends APolicyRule
             int j;
 
             for (j = 0; bits != null && j < bits.length; j++)
-                if (bits[j]) break;
+                if (bits[j])
+                    break;
             if (bits == null || j == bits.length) {
                 if (!mSetDefaultBits) {
                     CMS.debug(
-                        "NSCertTypeExt: no bits requested, not setting default.");
+                            "NSCertTypeExt: no bits requested, not setting default.");
                     return PolicyResult.ACCEPTED;
                 } else
                     bits = DEF_BITS;
@@ -264,30 +263,29 @@ public class NSCertTypeExt extends APolicyRule
             return PolicyResult.ACCEPTED;
         } catch (IOException e) {
             log(ILogger.LL_FAILURE, CMS.getLogMessage("BASE_IO_ERROR", e.getMessage()));
-            setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"), 
-                NAME, e.getMessage());
+            setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"),
+                    NAME, e.getMessage());
             return PolicyResult.REJECTED; // unrecoverable error.
         } catch (CertificateException e) {
             log(ILogger.LL_FAILURE, CMS.getLogMessage("CA_CERT_INFO_ERROR", e.getMessage()));
 
-            setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"), 
-                NAME, "Certificate Info Error");
+            setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"),
+                    NAME, "Certificate Info Error");
             return PolicyResult.REJECTED; // unrecoverable error.
         }
     }
 
     /**
-     * check if ns cert type extension is set correctly, 
-     * correct bits if not. 
-     * if not authorized to set extension, bits will be replaced.
+     * check if ns cert type extension is set correctly, correct bits if not. if
+     * not authorized to set extension, bits will be replaced.
      */
     protected boolean extensionIsGood(
-        NSCertTypeExtension nsCertTypeExt, IRequest req)
-        throws IOException, CertificateException {
+            NSCertTypeExtension nsCertTypeExt, IRequest req)
+            throws IOException, CertificateException {
         // always return false for now to make sure minimum is set.
         // agents and ee can add others.
 
-        // must be agent approved or authenticated for allowing extensions 
+        // must be agent approved or authenticated for allowing extensions
         // which is always the case if we get to this point.
         IAuthToken token = req.getExtDataInAuthToken(IRequest.AUTH_TOKEN);
 
@@ -295,7 +293,7 @@ public class NSCertTypeExt extends APolicyRule
             // don't know where this came from.
             // set all bits to false to reset.
             CMS.debug(
-                "NSCertTypeExt: unknown origin: setting ns cert type bits to false");
+                    "NSCertTypeExt: unknown origin: setting ns cert type bits to false");
             boolean[] bits = new boolean[8];
 
             for (int i = bits.length - 1; i >= 0; i--) {
@@ -316,36 +314,36 @@ public class NSCertTypeExt extends APolicyRule
             }
             if (certType.equals(IRequest.CA_CERT)) {
                 if (!nsCertTypeExt.isSet(NSCertTypeExtension.SSL_CA_BIT) &&
-                    !nsCertTypeExt.isSet(NSCertTypeExtension.EMAIL_CA_BIT) &&
-                    !nsCertTypeExt.isSet(
-                        NSCertTypeExtension.OBJECT_SIGNING_CA_BIT)) {
+                        !nsCertTypeExt.isSet(NSCertTypeExtension.EMAIL_CA_BIT) &&
+                        !nsCertTypeExt.isSet(
+                                NSCertTypeExtension.OBJECT_SIGNING_CA_BIT)) {
                     // min not set so set all.
                     CMS.debug(
-                        "NSCertTypeExt: is extension good: no ca bits set. set all");
+                            "NSCertTypeExt: is extension good: no ca bits set. set all");
 
-                    nsCertTypeExt.set(NSCertTypeExtension.SSL_CA, 
-                        Boolean.valueOf(true));
+                    nsCertTypeExt.set(NSCertTypeExtension.SSL_CA,
+                            Boolean.valueOf(true));
                     nsCertTypeExt.set(NSCertTypeExtension.EMAIL_CA,
-                        Boolean.valueOf(true));
+                            Boolean.valueOf(true));
                     nsCertTypeExt.set(NSCertTypeExtension.OBJECT_SIGNING_CA,
-                        Boolean.valueOf(true));
+                            Boolean.valueOf(true));
                 }
                 return true;
             } else if (certType.equals(IRequest.CLIENT_CERT)) {
                 if (!nsCertTypeExt.isSet(NSCertTypeExtension.SSL_CLIENT_BIT) &&
-                    !nsCertTypeExt.isSet(NSCertTypeExtension.EMAIL_BIT) &&
-                    !nsCertTypeExt.isSet(NSCertTypeExtension.SSL_SERVER_BIT) &&
-                    !nsCertTypeExt.isSet(
-                        NSCertTypeExtension.OBJECT_SIGNING_BIT)) {
+                        !nsCertTypeExt.isSet(NSCertTypeExtension.EMAIL_BIT) &&
+                        !nsCertTypeExt.isSet(NSCertTypeExtension.SSL_SERVER_BIT) &&
+                        !nsCertTypeExt.isSet(
+                                NSCertTypeExtension.OBJECT_SIGNING_BIT)) {
                     // min not set so set all.
                     CMS.debug(
-                        "NSCertTypeExt: is extension good: no cl bits set. set all");
-                    nsCertTypeExt.set(NSCertTypeExtension.SSL_CLIENT, 
-                        new Boolean(true));
+                            "NSCertTypeExt: is extension good: no cl bits set. set all");
+                    nsCertTypeExt.set(NSCertTypeExtension.SSL_CLIENT,
+                            new Boolean(true));
                     nsCertTypeExt.set(NSCertTypeExtension.EMAIL,
-                        new Boolean(true));
+                            new Boolean(true));
                     nsCertTypeExt.set(NSCertTypeExtension.OBJECT_SIGNING,
-                        new Boolean(true));
+                            new Boolean(true));
                 }
                 return true;
             } else if (certType.equals(IRequest.SERVER_CERT)) {
@@ -358,14 +356,13 @@ public class NSCertTypeExt extends APolicyRule
     }
 
     /**
-     * Gets ns cert type bits from request.
-     * If none set, use cert type to determine correct bits. 
-     * If no cert type, use default. 
-     */ 
+     * Gets ns cert type bits from request. If none set, use cert type to
+     * determine correct bits. If no cert type, use default.
+     */
 
     protected boolean[] getBitsFromRequest(IRequest req, boolean setDefault) {
         boolean[] bits = null;
-		
+
         CMS.debug("NSCertTypeExt: ns cert type getting ns cert type vars");
         bits = getNSCertTypeBits(req);
         if (bits == null && setDefault) {
@@ -440,23 +437,23 @@ public class NSCertTypeExt extends APolicyRule
      */
     protected boolean[] getCertTypeBits(IRequest req) {
         String certType =
-            req.getExtDataInString(IRequest.HTTP_PARAMS, IRequest.CERT_TYPE);
+                req.getExtDataInString(IRequest.HTTP_PARAMS, IRequest.CERT_TYPE);
 
-        if (certType == null || certType.length() == 0) 
+        if (certType == null || certType.length() == 0)
             return null;
 
         boolean[] bits = new boolean[KeyUsageExtension.NBITS];
 
-        for (int i = bits.length - 1; i >= 0; i--) 
+        for (int i = bits.length - 1; i >= 0; i--)
             bits[i] = false;
 
         if (certType.equals(IRequest.CLIENT_CERT)) {
             CMS.debug("NSCertTypeExt: setting bits for client cert");
-            // we can only guess here when it's client. 
+            // we can only guess here when it's client.
             // sets all client bit for default.
             bits[NSCertTypeExtension.SSL_CLIENT_BIT] = true;
             bits[NSCertTypeExtension.EMAIL_BIT] = true;
-            //bits[NSCertTypeExtension.OBJECT_SIGNING_BIT] = true;
+            // bits[NSCertTypeExtension.OBJECT_SIGNING_BIT] = true;
         } else if (certType.equals(IRequest.SERVER_CERT)) {
             CMS.debug("NSCertTypeExt: setting bits for server cert");
             bits[NSCertTypeExtension.SSL_SERVER_BIT] = true;
@@ -477,9 +474,8 @@ public class NSCertTypeExt extends APolicyRule
     }
 
     /**
-     * merge bits with those set from form. 
-     * make sure required minimum is set. Agent or auth can set others.
-     * XXX form shouldn't set the extension
+     * merge bits with those set from form. make sure required minimum is set.
+     * Agent or auth can set others. XXX form shouldn't set the extension
      */
     public void mergeBits(NSCertTypeExtension nsCertTypeExt, boolean[] bits) {
         for (int i = bits.length - 1; i >= 0; i--) {
@@ -492,37 +488,37 @@ public class NSCertTypeExt extends APolicyRule
 
     /**
      * Return configured parameters for a policy rule instance.
-     *
+     * 
      * @return nvPairs A Vector of name/value pairs.
      */
-    public Vector<String> getInstanceParams() { 
+    public Vector<String> getInstanceParams() {
         Vector<String> params = new Vector<String>();
 
         params.addElement(PROP_CRITICAL + "=" + mCritical);
         params.addElement(PROP_SET_DEFAULT_BITS + "=" + mSetDefaultBits);
-        //new Boolean(mSetDefaultBits).toString());
+        // new Boolean(mSetDefaultBits).toString());
         return params;
     }
 
     private static Vector<String> mDefParams = new Vector<String>();
     static {
         mDefParams.addElement(
-            PROP_CRITICAL + "=false");
+                PROP_CRITICAL + "=false");
         mDefParams.addElement(
-            PROP_SET_DEFAULT_BITS + "=" + DEF_SET_DEFAULT_BITS);
+                PROP_SET_DEFAULT_BITS + "=" + DEF_SET_DEFAULT_BITS);
     }
 
     public String[] getExtendedPluginInfo(Locale locale) {
         String[] params = {
                 PROP_CRITICAL + ";boolean;Netscape recommendation: non-critical.",
                 PROP_SET_DEFAULT_BITS + ";boolean;Specify whether to set the Netscape certificate " +
-                "type extension with default bits ('ssl client' and 'email') in certificates " +
-                "specified by the predicate " +
-                "expression.",
+                        "type extension with default bits ('ssl client' and 'email') in certificates " +
+                        "specified by the predicate " +
+                        "expression.",
                 IExtendedPluginInfo.HELP_TOKEN +
-                ";configuration-policyrules-nscerttype",
+                        ";configuration-policyrules-nscerttype",
                 IExtendedPluginInfo.HELP_TEXT +
-                ";Adds Netscape Certificate Type extension."
+                        ";Adds Netscape Certificate Type extension."
             };
 
         return params;
@@ -530,11 +526,10 @@ public class NSCertTypeExt extends APolicyRule
 
     /**
      * Return default parameters for a policy implementation.
-     *
+     * 
      * @return nvPairs A Vector of name/value pairs.
      */
-    public Vector<String> getDefaultParams() { 
+    public Vector<String> getDefaultParams() {
         return mDefParams;
     }
 }
-
diff --git a/pki/base/common/src/com/netscape/cms/policy/extensions/NameConstraintsExt.java b/pki/base/common/src/com/netscape/cms/policy/extensions/NameConstraintsExt.java
index 8b8001bb..e47cf978 100644
--- a/pki/base/common/src/com/netscape/cms/policy/extensions/NameConstraintsExt.java
+++ b/pki/base/common/src/com/netscape/cms/policy/extensions/NameConstraintsExt.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.policy.extensions;
 
-
 import java.io.IOException;
 import java.security.cert.CertificateException;
 import java.util.Locale;
@@ -43,22 +42,21 @@ import com.netscape.certsrv.request.IRequest;
 import com.netscape.certsrv.request.PolicyResult;
 import com.netscape.cms.policy.APolicyRule;
 
-
 /**
- * Name Constraints Extension Policy
- * Adds the name constraints extension to a (CA) certificate. 
- * Filtering of CA certificates is done through predicates.
+ * Name Constraints Extension Policy Adds the name constraints extension to a
+ * (CA) certificate. Filtering of CA certificates is done through predicates.
  * <P>
+ * 
  * <PRE>
  * NOTE:  The Policy Framework has been replaced by the Profile Framework.
  * </PRE>
  * <P>
- *
+ * 
  * @deprecated
  * @version $Revision$, $Date$
  */
 public class NameConstraintsExt extends APolicyRule
-    implements IEnrollmentPolicy, IExtendedPluginInfo {
+        implements IEnrollmentPolicy, IExtendedPluginInfo {
     protected static final String PROP_CRITICAL = "critical";
     protected static final String PROP_NUM_PERMITTEDSUBTREES = "numPermittedSubtrees";
     protected static final String PROP_NUM_EXCLUDEDSUBTREES = "numExcludedSubtrees";
@@ -90,37 +88,31 @@ public class NameConstraintsExt extends APolicyRule
     /**
      * Initializes this policy rule.
      * <P>
-     *
+     * 
      * The entries may be of the form:
-     *
-     *      ca.Policy.rule.<ruleName>.predicate=certType==ca
-     *      ca.Policy.rule.<ruleName>.implName=
-     *      ca.Policy.rule.<ruleName>.enable=true
-     *
-     * @param config	The config store reference
+     * 
+     * ca.Policy.rule.<ruleName>.predicate=certType==ca
+     * ca.Policy.rule.<ruleName>.implName= ca.Policy.rule.<ruleName>.enable=true
+     * 
+     * @param config The config store reference
      */
     public void init(ISubsystem owner, IConfigStore config)
-        throws EBaseException {
+            throws EBaseException {
         mConfig = config;
 
-        // XXX should do do this ? 
-        // if CA does not allow subordinate CAs by way of basic constraints, 
-        // this policy always rejects 
+        // XXX should do do this ?
+        // if CA does not allow subordinate CAs by way of basic constraints,
+        // this policy always rejects
         /*****
-         ICertAuthority certAuthority = (ICertAuthority)
-         ((IPolicyProcessor)owner).getAuthority();
-         if (certAuthority instanceof ICertificateAuthority) {
-         CertificateChain caChain = certAuthority.getCACertChain();
-         X509Certificate caCert = null;
-         // Note that in RA the chain could be null if CA was not up when
-         // RA was started. In that case just set the length to -1 and let
-         // CA reject if it does not allow any subordinate CA certs.
-         if (caChain != null) {
-         caCert = caChain.getFirstCertificate();
-         if (caCert != null) 
-         mCAPathLen = caCert.getBasicConstraints();
-         }
-         }
+         * ICertAuthority certAuthority = (ICertAuthority)
+         * ((IPolicyProcessor)owner).getAuthority(); if (certAuthority
+         * instanceof ICertificateAuthority) { CertificateChain caChain =
+         * certAuthority.getCACertChain(); X509Certificate caCert = null; //
+         * Note that in RA the chain could be null if CA was not up when // RA
+         * was started. In that case just set the length to -1 and let // CA
+         * reject if it does not allow any subordinate CA certs. if (caChain !=
+         * null) { caCert = caChain.getFirstCertificate(); if (caCert != null)
+         * mCAPathLen = caCert.getBasicConstraints(); } }
          ****/
 
         mEnabled = mConfig.getBoolean(
@@ -133,25 +125,25 @@ public class NameConstraintsExt extends APolicyRule
 
         if (mNumPermittedSubtrees < 0) {
             throw new EBaseException(CMS.getUserMessage("CMS_BASE_INVALID_ATTR_VALUE",
-                        PROP_NUM_PERMITTEDSUBTREES, 
+                        PROP_NUM_PERMITTEDSUBTREES,
                         "value must be greater than or equal to 0"));
         }
         if (mNumExcludedSubtrees < 0) {
             throw new EBaseException(CMS.getUserMessage("CMS_BASE_INVALID_ATTR_VALUE",
-                        PROP_NUM_EXCLUDEDSUBTREES, 
+                        PROP_NUM_EXCLUDEDSUBTREES,
                         "value must be greater than or equal to 0"));
         }
 
         // init permitted subtrees if any.
         if (mNumPermittedSubtrees > 0) {
-            mPermittedSubtrees = 
+            mPermittedSubtrees =
                     form_subtrees(PROP_PERMITTEDSUBTREES, mNumPermittedSubtrees);
             CMS.debug("NameConstraintsExt: formed permitted subtrees");
         }
 
         // init excluded subtrees if any.
         if (mNumExcludedSubtrees > 0) {
-            mExcludedSubtrees = 
+            mExcludedSubtrees =
                     form_subtrees(PROP_EXCLUDEDSUBTREES, mNumExcludedSubtrees);
             CMS.debug("NameConstraintsExt: formed excluded subtrees");
         }
@@ -163,13 +155,13 @@ public class NameConstraintsExt extends APolicyRule
 
                 for (int i = 0; i < mNumPermittedSubtrees; i++) {
                     permittedSubtrees.addElement(
-                        mPermittedSubtrees[i].mGeneralSubtree);
+                            mPermittedSubtrees[i].mGeneralSubtree);
                 }
                 Vector<GeneralSubtree> excludedSubtrees = new Vector<GeneralSubtree>();
 
                 for (int j = 0; j < mNumExcludedSubtrees; j++) {
                     excludedSubtrees.addElement(
-                        mExcludedSubtrees[j].mGeneralSubtree);
+                            mExcludedSubtrees[j].mGeneralSubtree);
                 }
                 GeneralSubtrees psb = null;
 
@@ -181,44 +173,44 @@ public class NameConstraintsExt extends APolicyRule
                 if (excludedSubtrees.size() > 0) {
                     esb = new GeneralSubtrees(excludedSubtrees);
                 }
-                mNameConstraintsExtension = 
-                        new NameConstraintsExtension(mCritical, 
-                            psb,
-                            esb);
+                mNameConstraintsExtension =
+                        new NameConstraintsExtension(mCritical,
+                                psb,
+                                esb);
                 CMS.debug("NameConstraintsExt: formed Name Constraints Extension " +
-                    mNameConstraintsExtension);
+                        mNameConstraintsExtension);
             } catch (IOException e) {
                 throw new EBaseException(
                         CMS.getUserMessage("CMS_BASE_INTERNAL_ERROR",
-                            "Error initializing Name Constraints Extension: " + e));
+                                "Error initializing Name Constraints Extension: " + e));
             }
         }
 
-        // form instance params 
+        // form instance params
         mInstanceParams.addElement(PROP_CRITICAL + "=" + mCritical);
         mInstanceParams.addElement(
-            PROP_NUM_PERMITTEDSUBTREES + "=" + mNumPermittedSubtrees);
+                PROP_NUM_PERMITTEDSUBTREES + "=" + mNumPermittedSubtrees);
         mInstanceParams.addElement(
-            PROP_NUM_EXCLUDEDSUBTREES + "=" + mNumExcludedSubtrees);
+                PROP_NUM_EXCLUDEDSUBTREES + "=" + mNumExcludedSubtrees);
         if (mNumPermittedSubtrees > 0) {
-            for (int i = 0; i < mPermittedSubtrees.length; i++) 
+            for (int i = 0; i < mPermittedSubtrees.length; i++)
                 mPermittedSubtrees[i].getInstanceParams(mInstanceParams);
         }
         if (mNumExcludedSubtrees > 0) {
-            for (int j = 0; j < mExcludedSubtrees.length; j++) 
+            for (int j = 0; j < mExcludedSubtrees.length; j++)
                 mExcludedSubtrees[j].getInstanceParams(mInstanceParams);
         }
     }
 
-    Subtree[] form_subtrees(String subtreesName, int numSubtrees) 
-        throws EBaseException {
+    Subtree[] form_subtrees(String subtreesName, int numSubtrees)
+            throws EBaseException {
         Subtree[] subtrees = new Subtree[numSubtrees];
 
         for (int i = 0; i < numSubtrees; i++) {
             String subtreeName = subtreesName + i;
             IConfigStore subtreeConfig = mConfig.getSubStore(subtreeName);
-            Subtree subtree = 
-                new Subtree(subtreeName, subtreeConfig, mEnabled);
+            Subtree subtree =
+                    new Subtree(subtreeName, subtreeConfig, mEnabled);
 
             subtrees[i] = subtree;
         }
@@ -228,28 +220,28 @@ public class NameConstraintsExt extends APolicyRule
     /**
      * Adds Name Constraints Extension to a (CA) certificate.
      * 
-     * If a Name constraints Extension is already there, accept it if 
-     * it's been approved by agent, else replace it.
-     *
-     * @param req	The request on which to apply policy.
+     * If a Name constraints Extension is already there, accept it if it's been
+     * approved by agent, else replace it.
+     * 
+     * @param req The request on which to apply policy.
      * @return The policy result object.
      */
     public PolicyResult apply(IRequest req) {
-        // if extension hasn't been properly configured reject requests until 
+        // if extension hasn't been properly configured reject requests until
         // it has been resolved (or disabled).
         if (mNameConstraintsExtension == null) {
-            //setError(req, PolicyResources.EXTENSION_NOT_INITED_1, NAME);
-            //return PolicyResult.REJECTED;
+            // setError(req, PolicyResources.EXTENSION_NOT_INITED_1, NAME);
+            // return PolicyResult.REJECTED;
             return PolicyResult.ACCEPTED;
         }
 
         // get certInfo from request.
-        X509CertInfo[] ci = 
-            req.getExtDataInCertInfoArray(IRequest.CERT_INFO);
+        X509CertInfo[] ci =
+                req.getExtDataInCertInfoArray(IRequest.CERT_INFO);
 
         if (ci == null || ci[0] == null) {
             setError(req, CMS.getUserMessage("CMS_POLICY_NO_CERT_INFO"), NAME);
-            return PolicyResult.REJECTED; 
+            return PolicyResult.REJECTED;
         }
 
         for (int i = 0; i < ci.length; i++) {
@@ -269,7 +261,7 @@ public class NameConstraintsExt extends APolicyRule
         try {
             NameConstraintsExtension nameConstraintsExt = null;
             CertificateExtensions extensions = (CertificateExtensions)
-                certInfo.get(X509CertInfo.EXTENSIONS);
+                    certInfo.get(X509CertInfo.EXTENSIONS);
 
             try {
                 if (extensions != null) {
@@ -277,71 +269,70 @@ public class NameConstraintsExt extends APolicyRule
                             extensions.get(NameConstraintsExtension.class.getSimpleName());
                 }
             } catch (IOException e) {
-                // extension isn't there. 
+                // extension isn't there.
             }
 
             if (nameConstraintsExt != null) {
                 if (agentApproved(req)) {
                     CMS.debug(
-                        "NameConstraintsExt: request id from agent " + req.getRequestId() +
-                        " already has name constraints - accepted");
+                            "NameConstraintsExt: request id from agent " + req.getRequestId() +
+                                    " already has name constraints - accepted");
                     return PolicyResult.ACCEPTED;
                 } else {
                     CMS.debug(
-                        "NameConstraintsExt: request id " + req.getRequestId() + " from user " +
-                        " already has name constraints - deleted");
+                            "NameConstraintsExt: request id " + req.getRequestId() + " from user " +
+                                    " already has name constraints - deleted");
                     extensions.delete(NameConstraintsExtension.class.getSimpleName());
                 }
             }
 
             if (extensions == null) {
                 certInfo.set(X509CertInfo.VERSION,
-                    new CertificateVersion(CertificateVersion.V3));
+                        new CertificateVersion(CertificateVersion.V3));
                 extensions = new CertificateExtensions();
                 certInfo.set(X509CertInfo.EXTENSIONS, extensions);
             }
             extensions.set(
-                NameConstraintsExtension.class.getSimpleName(), mNameConstraintsExtension);
+                    NameConstraintsExtension.class.getSimpleName(), mNameConstraintsExtension);
             CMS.debug(
-                "NameConstraintsExt: added Name Constraints Extension to request " +
-                req.getRequestId());
+                    "NameConstraintsExt: added Name Constraints Extension to request " +
+                            req.getRequestId());
             return PolicyResult.ACCEPTED;
         } catch (IOException e) {
-            log(ILogger.LL_FAILURE, 
-                CMS.getLogMessage("POLICY_ERROR_NAME_CONST_EXTENSION", e.getMessage()));
-            setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"), 
-                NAME, e.getMessage());
+            log(ILogger.LL_FAILURE,
+                    CMS.getLogMessage("POLICY_ERROR_NAME_CONST_EXTENSION", e.getMessage()));
+            setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"),
+                    NAME, e.getMessage());
             return PolicyResult.REJECTED;
         } catch (CertificateException e) {
             log(ILogger.LL_FAILURE, CMS.getLogMessage("CA_CERT_INFO_ERROR", e.toString()));
-            setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"), 
-                NAME, "Certificate Info Error");
+            setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"),
+                    NAME, "Certificate Info Error");
             return PolicyResult.REJECTED;
         }
     }
 
     /**
      * Return configured parameters for a policy rule instance.
-     *
+     * 
      * @return nvPairs A Vector of name/value pairs.
      */
-    public Vector<String> getInstanceParams() { 
+    public Vector<String> getInstanceParams() {
         return mInstanceParams;
     }
 
     /**
-     * Default config parameters. 
-     * To add more permitted or excluded subtrees, 
-     * increase the num to greater than 0 and more configuration params 
-     * will show up in the console.
+     * Default config parameters. To add more permitted or excluded subtrees,
+     * increase the num to greater than 0 and more configuration params will
+     * show up in the console.
      */
     private static Vector<String> mDefParams = new Vector<String>();
     static {
         mDefParams.addElement(PROP_CRITICAL + "=" + DEF_CRITICAL);
         mDefParams.addElement(
-            PROP_NUM_PERMITTEDSUBTREES + "=" + DEF_NUM_PERMITTEDSUBTREES);
+                PROP_NUM_PERMITTEDSUBTREES + "=" + DEF_NUM_PERMITTEDSUBTREES);
         mDefParams.addElement(
-            PROP_NUM_EXCLUDEDSUBTREES + "=" + DEF_NUM_EXCLUDEDSUBTREES);
+                PROP_NUM_EXCLUDEDSUBTREES + "=" + DEF_NUM_EXCLUDEDSUBTREES);
         for (int k = 0; k < DEF_NUM_PERMITTEDSUBTREES; k++) {
             Subtree.getDefaultParams(PROP_PERMITTEDSUBTREES + k, mDefParams);
         }
@@ -352,10 +343,10 @@ public class NameConstraintsExt extends APolicyRule
 
     /**
      * Return default parameters for a policy implementation.
-     *
+     * 
      * @return nvPairs A Vector of name/value pairs.
      */
-    public Vector<String> getDefaultParams() { 
+    public Vector<String> getDefaultParams() {
         return mDefParams;
     }
 
@@ -364,9 +355,9 @@ public class NameConstraintsExt extends APolicyRule
 
         theparams.addElement(PROP_CRITICAL + ";boolean;RFC 2459 recommendation: MUST be critical.");
         theparams.addElement(
-            PROP_NUM_PERMITTEDSUBTREES + ";number;See RFC 2459 sec 4.2.1.11");
+                PROP_NUM_PERMITTEDSUBTREES + ";number;See RFC 2459 sec 4.2.1.11");
         theparams.addElement(
-            PROP_NUM_EXCLUDEDSUBTREES + ";number;See RFC 2459 sec 4.2.1.11");
+                PROP_NUM_EXCLUDEDSUBTREES + ";number;See RFC 2459 sec 4.2.1.11");
 
         // now do the subtrees.
         for (int k = 0; k < DEF_NUM_PERMITTEDSUBTREES; k++) {
@@ -376,9 +367,9 @@ public class NameConstraintsExt extends APolicyRule
             Subtree.getExtendedPluginInfo(PROP_EXCLUDEDSUBTREES + l, theparams);
         }
         theparams.addElement(IExtendedPluginInfo.HELP_TOKEN +
-            ";configuration-policyrules-nameconstraints");
+                ";configuration-policyrules-nameconstraints");
         theparams.addElement(IExtendedPluginInfo.HELP_TEXT +
-            ";Adds Name Constraints Extension. See RFC 2459");
+                ";Adds Name Constraints Extension. See RFC 2459");
 
         String[] info = new String[theparams.size()];
 
@@ -387,9 +378,8 @@ public class NameConstraintsExt extends APolicyRule
     }
 }
 
-
 /**
- * subtree configuration 
+ * subtree configuration
  */
 class Subtree {
 
@@ -400,8 +390,7 @@ class Subtree {
     protected static final int DEF_MIN = 0;
     protected static final int DEF_MAX = -1; // -1 (less than 0) means not set.
 
-    protected static final String 
-        MINMAX_INFO = "number;See RFC 2459 section 4.2.1.11";
+    protected static final String MINMAX_INFO = "number;See RFC 2459 section 4.2.1.11";
 
     String mName = null;
     IConfigStore mConfig = null;
@@ -414,13 +403,13 @@ class Subtree {
     String mNameDotMax = null;
 
     public Subtree(
-        String subtreeName, IConfigStore config, boolean policyEnabled) 
-        throws EBaseException {
+            String subtreeName, IConfigStore config, boolean policyEnabled)
+            throws EBaseException {
         mName = subtreeName;
         mConfig = config;
 
         if (mName != null) {
-            mNameDot = mName + "."; 
+            mNameDot = mName + ".";
             mNameDotMin = mNameDot + PROP_MIN;
             mNameDotMax = mNameDot + PROP_MAX;
         } else {
@@ -439,13 +428,14 @@ class Subtree {
         // if policy enabled get values to form the general subtree.
         mMin = mConfig.getInteger(PROP_MIN, DEF_MIN);
         mMax = mConfig.getInteger(PROP_MAX, DEF_MAX);
-        if (mMax < -1) mMax = -1;
+        if (mMax < -1)
+            mMax = -1;
         mBase = CMS.createGeneralNameAsConstraintsConfig(
-                    mNameDot + PROP_BASE, mConfig.getSubStore(PROP_BASE), 
+                    mNameDot + PROP_BASE, mConfig.getSubStore(PROP_BASE),
                     true, policyEnabled);
 
         if (policyEnabled) {
-            mGeneralSubtree = 
+            mGeneralSubtree =
                     new GeneralSubtree(mBase.getGeneralName(), mMin, mMax);
         }
     }
@@ -476,4 +466,3 @@ class Subtree {
         info.addElement(nameDot + PROP_MAX + ";" + MINMAX_INFO);
     }
 }
-
diff --git a/pki/base/common/src/com/netscape/cms/policy/extensions/OCSPNoCheckExt.java b/pki/base/common/src/com/netscape/cms/policy/extensions/OCSPNoCheckExt.java
index 9e36ae80..b57ff58a 100644
--- a/pki/base/common/src/com/netscape/cms/policy/extensions/OCSPNoCheckExt.java
+++ b/pki/base/common/src/com/netscape/cms/policy/extensions/OCSPNoCheckExt.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.policy.extensions;
 
-
 import java.io.IOException;
 import java.security.cert.CertificateException;
 import java.util.Locale;
@@ -39,25 +38,25 @@ import com.netscape.certsrv.request.IRequest;
 import com.netscape.certsrv.request.PolicyResult;
 import com.netscape.cms.policy.APolicyRule;
 
-
 /**
- * This implements an OCSP Signing policy, it
- * adds the OCSP Signing extension to the certificate.
+ * This implements an OCSP Signing policy, it adds the OCSP Signing extension to
+ * the certificate.
  * <P>
+ * 
  * <PRE>
  * NOTE:  The Policy Framework has been replaced by the Profile Framework.
  * </PRE>
  * <P>
- *
+ * 
  * @deprecated
  * @version $Revision$ $Date$
  */
 public class OCSPNoCheckExt extends APolicyRule
-    implements IEnrollmentPolicy, IExtendedPluginInfo {
-    
+        implements IEnrollmentPolicy, IExtendedPluginInfo {
+
     public static final String PROP_CRITICAL = "critical";
     private boolean mCritical = false;
-    
+
     // PKIX specifies the that the extension SHOULD NOT be critical
     public static final boolean DEFAULT_CRITICALITY = false;
 
@@ -75,9 +74,9 @@ public class OCSPNoCheckExt extends APolicyRule
         String[] params = {
                 PROP_CRITICAL + ";boolean;RFC 2560 recommendation: SHOULD be non-critical.",
                 IExtendedPluginInfo.HELP_TOKEN +
-                ";configuration-policyrules-ocspnocheck",
+                        ";configuration-policyrules-ocspnocheck",
                 IExtendedPluginInfo.HELP_TEXT +
-                ";Adds OCSP signing extension to certificate"
+                        ";Adds OCSP signing extension to certificate"
             };
 
         return params;
@@ -88,9 +87,9 @@ public class OCSPNoCheckExt extends APolicyRule
      * Performs one-time initialization of the policy.
      */
     public void init(ISubsystem owner, IConfigStore config)
-        throws EBaseException {
+            throws EBaseException {
         mOCSPNoCheck = new OCSPNoCheckExtension();
-    
+
         if (mOCSPNoCheck != null) {
             // configure the extension itself
             mCritical = config.getBoolean(PROP_CRITICAL,
@@ -110,7 +109,7 @@ public class OCSPNoCheckExt extends APolicyRule
         }
 
         X509CertInfo[] ci =
-            req.getExtDataInCertInfoArray(IRequest.CERT_INFO);
+                req.getExtDataInCertInfoArray(IRequest.CERT_INFO);
 
         if (ci == null || ci[0] == null) {
             setError(req, CMS.getUserMessage("CMS_POLICY_NO_CERT_INFO"), NAME);
@@ -131,22 +130,23 @@ public class OCSPNoCheckExt extends APolicyRule
 
             // find the extensions in the certInfo
             CertificateExtensions extensions = (CertificateExtensions)
-                certInfo.get(X509CertInfo.EXTENSIONS);
+                    certInfo.get(X509CertInfo.EXTENSIONS);
 
             // prepare the extensions data structure
             if (extensions == null) {
                 certInfo.set(X509CertInfo.VERSION,
-                    new CertificateVersion(CertificateVersion.V3));
+                        new CertificateVersion(CertificateVersion.V3));
                 extensions = new CertificateExtensions();
                 certInfo.set(X509CertInfo.VERSION,
-                    new CertificateVersion(CertificateVersion.V3));
+                        new CertificateVersion(CertificateVersion.V3));
                 certInfo.set(X509CertInfo.EXTENSIONS, extensions);
             } else {
                 try {
                     extensions.delete(OCSPNoCheckExtension.class.getSimpleName());
                 } catch (IOException ex) {
                     // OCSPNoCheck extension is not already there
-                    //  log(ILogger.LL_FAILURE, "No previous extension: "+OCSPNoCheckExtension.NAME+" "+ex.getMessage());
+                    // log(ILogger.LL_FAILURE,
+                    // "No previous extension: "+OCSPNoCheckExtension.NAME+" "+ex.getMessage());
                 }
             }
 
@@ -157,16 +157,16 @@ public class OCSPNoCheckExt extends APolicyRule
         } catch (IOException e) {
             log(ILogger.LL_FAILURE, CMS.getLogMessage("BASE_IO_ERROR", e.getMessage()));
             setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"), NAME,
-                e.getMessage());
+                    e.getMessage());
             return PolicyResult.REJECTED;
         } catch (CertificateException e) {
             log(ILogger.LL_FAILURE, CMS.getLogMessage("CA_CERT_INFO_ERROR", e.getMessage()));
             setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"), NAME,
-                e.getMessage());
+                    e.getMessage());
             return PolicyResult.REJECTED;
         }
     }
-    
+
     /**
      * Returns instance parameters.
      */
@@ -175,9 +175,9 @@ public class OCSPNoCheckExt extends APolicyRule
 
         params.addElement(PROP_CRITICAL + "=" + mCritical);
         return params;
-        
+
     }
-    
+
     /**
      * Returns default parameters.
      */
@@ -186,6 +186,6 @@ public class OCSPNoCheckExt extends APolicyRule
 
         defParams.addElement(PROP_CRITICAL + "=false");
         return defParams;
-        
+
     }
 }
diff --git a/pki/base/common/src/com/netscape/cms/policy/extensions/PolicyConstraintsExt.java b/pki/base/common/src/com/netscape/cms/policy/extensions/PolicyConstraintsExt.java
index 849036c7..f1a18cf4 100644
--- a/pki/base/common/src/com/netscape/cms/policy/extensions/PolicyConstraintsExt.java
+++ b/pki/base/common/src/com/netscape/cms/policy/extensions/PolicyConstraintsExt.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.policy.extensions;
 
-
 import java.io.IOException;
 import java.security.cert.CertificateException;
 import java.util.Locale;
@@ -40,31 +39,28 @@ import com.netscape.certsrv.request.IRequest;
 import com.netscape.certsrv.request.PolicyResult;
 import com.netscape.cms.policy.APolicyRule;
 
-
 /**
- * Policy Constraints Extension Policy
- * Adds the policy constraints extension to (CA) certificates. 
- * Filtering of CA certificates is done through predicates.
+ * Policy Constraints Extension Policy Adds the policy constraints extension to
+ * (CA) certificates. Filtering of CA certificates is done through predicates.
  * <P>
+ * 
  * <PRE>
  * NOTE:  The Policy Framework has been replaced by the Profile Framework.
  * </PRE>
  * <P>
- *
+ * 
  * @deprecated
  * @version $Revision$, $Date$
  */
 public class PolicyConstraintsExt extends APolicyRule
-    implements IEnrollmentPolicy, IExtendedPluginInfo {
+        implements IEnrollmentPolicy, IExtendedPluginInfo {
     protected static final String PROP_CRITICAL = "critical";
-    protected static final String 
-        PROP_REQ_EXPLICIT_POLICY = "reqExplicitPolicy";
-    protected static final String 
-        PROP_INHIBIT_POLICY_MAPPING = "inhibitPolicyMapping";
+    protected static final String PROP_REQ_EXPLICIT_POLICY = "reqExplicitPolicy";
+    protected static final String PROP_INHIBIT_POLICY_MAPPING = "inhibitPolicyMapping";
 
     protected static final boolean DEF_CRITICAL = false;
-    protected static final int DEF_REQ_EXPLICIT_POLICY = -1; 	// not set
-    protected static final int DEF_INHIBIT_POLICY_MAPPING = -1;	// not set
+    protected static final int DEF_REQ_EXPLICIT_POLICY = -1; // not set
+    protected static final int DEF_INHIBIT_POLICY_MAPPING = -1; // not set
 
     protected boolean mEnabled = false;
     protected IConfigStore mConfig = null;
@@ -80,9 +76,9 @@ public class PolicyConstraintsExt extends APolicyRule
     static {
         mDefaultParams.addElement(PROP_CRITICAL + "=" + DEF_CRITICAL);
         mDefaultParams.addElement(
-            PROP_REQ_EXPLICIT_POLICY + "=" + DEF_REQ_EXPLICIT_POLICY);
+                PROP_REQ_EXPLICIT_POLICY + "=" + DEF_REQ_EXPLICIT_POLICY);
         mDefaultParams.addElement(
-            PROP_INHIBIT_POLICY_MAPPING + "=" + DEF_INHIBIT_POLICY_MAPPING);
+                PROP_INHIBIT_POLICY_MAPPING + "=" + DEF_INHIBIT_POLICY_MAPPING);
     }
 
     public PolicyConstraintsExt() {
@@ -93,37 +89,31 @@ public class PolicyConstraintsExt extends APolicyRule
     /**
      * Initializes this policy rule.
      * <P>
-     *
+     * 
      * The entries may be of the form:
-     *
-     *      ca.Policy.rule.<ruleName>.predicate=certType==ca
-     *      ca.Policy.rule.<ruleName>.implName=
-     *      ca.Policy.rule.<ruleName>.enable=true
-     *
-     * @param config	The config store reference
+     * 
+     * ca.Policy.rule.<ruleName>.predicate=certType==ca
+     * ca.Policy.rule.<ruleName>.implName= ca.Policy.rule.<ruleName>.enable=true
+     * 
+     * @param config The config store reference
      */
     public void init(ISubsystem owner, IConfigStore config)
-        throws EBaseException {
+            throws EBaseException {
         mConfig = config;
 
-        // XXX should do do this ? 
-        // if CA does not allow subordinate CAs by way of basic constraints, 
-        // this policy always rejects 
+        // XXX should do do this ?
+        // if CA does not allow subordinate CAs by way of basic constraints,
+        // this policy always rejects
         /*****
-         ICertAuthority certAuthority = (ICertAuthority)
-         ((GenericPolicyProcessor)owner).mAuthority;
-         if (certAuthority instanceof ICertificateAuthority) {
-         CertificateChain caChain = certAuthority.getCACertChain();
-         X509Certificate caCert = null;
-         // Note that in RA the chain could be null if CA was not up when
-         // RA was started. In that case just set the length to -1 and let
-         // CA reject if it does not allow any subordinate CA certs.
-         if (caChain != null) {
-         caCert = caChain.getFirstCertificate();
-         if (caCert != null) 
-         mCAPathLen = caCert.getBasicConstraints();
-         }
-         }
+         * ICertAuthority certAuthority = (ICertAuthority)
+         * ((GenericPolicyProcessor)owner).mAuthority; if (certAuthority
+         * instanceof ICertificateAuthority) { CertificateChain caChain =
+         * certAuthority.getCACertChain(); X509Certificate caCert = null; //
+         * Note that in RA the chain could be null if CA was not up when // RA
+         * was started. In that case just set the length to -1 and let // CA
+         * reject if it does not allow any subordinate CA certs. if (caChain !=
+         * null) { caCert = caChain.getFirstCertificate(); if (caCert != null)
+         * mCAPathLen = caCert.getBasicConstraints(); } }
          ****/
 
         mEnabled = mConfig.getBoolean(
@@ -135,58 +125,58 @@ public class PolicyConstraintsExt extends APolicyRule
         mInhibitPolicyMapping = mConfig.getInteger(
                     PROP_INHIBIT_POLICY_MAPPING, DEF_INHIBIT_POLICY_MAPPING);
 
-        if (mReqExplicitPolicy < -1) 
+        if (mReqExplicitPolicy < -1)
             mReqExplicitPolicy = -1;
-        if (mInhibitPolicyMapping < -1) 
+        if (mInhibitPolicyMapping < -1)
             mInhibitPolicyMapping = -1;
-		
-            // create instance of policy constraings extension 
+
+        // create instance of policy constraings extension
         try {
-            mPolicyConstraintsExtension = 
-                    new PolicyConstraintsExtension(mCritical, 
-                        mReqExplicitPolicy, mInhibitPolicyMapping);
+            mPolicyConstraintsExtension =
+                    new PolicyConstraintsExtension(mCritical,
+                            mReqExplicitPolicy, mInhibitPolicyMapping);
             CMS.debug(
-                "PolicyConstraintsExt: Created Policy Constraints Extension: " +
-                mPolicyConstraintsExtension);
+                    "PolicyConstraintsExt: Created Policy Constraints Extension: " +
+                            mPolicyConstraintsExtension);
         } catch (IOException e) {
             log(ILogger.LL_FAILURE,
-                CMS.getLogMessage("POLICY_ERROR_CANT_INIT_POLICY_CONST_EXT", e.toString()));
+                    CMS.getLogMessage("POLICY_ERROR_CANT_INIT_POLICY_CONST_EXT", e.toString()));
             throw new EBaseException(
                     CMS.getUserMessage("CMS_BASE_INTERNAL_ERROR",
-                        "Could not init Policy Constraints Extension. Error: " + e));
+                            "Could not init Policy Constraints Extension. Error: " + e));
         }
 
-        // form instance params 
+        // form instance params
         mInstanceParams.addElement(PROP_CRITICAL + "=" + mCritical);
         mInstanceParams.addElement(
-            PROP_REQ_EXPLICIT_POLICY + "=" + mReqExplicitPolicy);
+                PROP_REQ_EXPLICIT_POLICY + "=" + mReqExplicitPolicy);
         mInstanceParams.addElement(
-            PROP_INHIBIT_POLICY_MAPPING + "=" + mInhibitPolicyMapping);
+                PROP_INHIBIT_POLICY_MAPPING + "=" + mInhibitPolicyMapping);
     }
 
     /**
      * Adds Policy Constraints Extension to a (CA) certificate.
      * 
-     * If a Policy constraints Extension is already there, accept it if 
-     * it's been approved by agent, else replace it.
-     *
-     * @param req	The request on which to apply policy.
+     * If a Policy constraints Extension is already there, accept it if it's
+     * been approved by agent, else replace it.
+     * 
+     * @param req The request on which to apply policy.
      * @return The policy result object.
      */
     public PolicyResult apply(IRequest req) {
-        // if extension hasn't been properly configured reject requests until 
+        // if extension hasn't been properly configured reject requests until
         // it has been resolved (or disabled).
         if (mPolicyConstraintsExtension == null) {
             return PolicyResult.ACCEPTED;
         }
 
         // get certInfo from request.
-        X509CertInfo[] ci = 
-            req.getExtDataInCertInfoArray(IRequest.CERT_INFO);
+        X509CertInfo[] ci =
+                req.getExtDataInCertInfoArray(IRequest.CERT_INFO);
 
         if (ci == null || ci[0] == null) {
             setError(req, CMS.getUserMessage("CMS_POLICY_NO_CERT_INFO"), NAME);
-            return PolicyResult.REJECTED; 
+            return PolicyResult.REJECTED;
         }
 
         for (int i = 0; i < ci.length; i++) {
@@ -206,7 +196,7 @@ public class PolicyConstraintsExt extends APolicyRule
         try {
             PolicyConstraintsExtension policyConstraintsExt = null;
             CertificateExtensions extensions = (CertificateExtensions)
-                certInfo.get(X509CertInfo.EXTENSIONS);
+                    certInfo.get(X509CertInfo.EXTENSIONS);
 
             try {
                 if (extensions != null) {
@@ -214,7 +204,7 @@ public class PolicyConstraintsExt extends APolicyRule
                             extensions.get(PolicyConstraintsExtension.class.getSimpleName());
                 }
             } catch (IOException e) {
-                // extension isn't there. 
+                // extension isn't there.
             }
 
             if (policyConstraintsExt != null) {
@@ -227,55 +217,55 @@ public class PolicyConstraintsExt extends APolicyRule
 
             if (extensions == null) {
                 certInfo.set(X509CertInfo.VERSION,
-                    new CertificateVersion(CertificateVersion.V3));
+                        new CertificateVersion(CertificateVersion.V3));
                 extensions = new CertificateExtensions();
                 certInfo.set(X509CertInfo.EXTENSIONS, extensions);
             }
             extensions.set(
-                "PolicyConstriantsExt", mPolicyConstraintsExtension);
+                    "PolicyConstriantsExt", mPolicyConstraintsExtension);
             CMS.debug("PolicyConstraintsExt: added our policy constraints extension");
             return PolicyResult.ACCEPTED;
         } catch (IOException e) {
-            log(ILogger.LL_FAILURE, 
-                CMS.getLogMessage("POLICY_ERROR_CANT_PROCESS_POLICY_CONST_EXT", e.toString()));
-            setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"), 
-                NAME, e.getMessage());
+            log(ILogger.LL_FAILURE,
+                    CMS.getLogMessage("POLICY_ERROR_CANT_PROCESS_POLICY_CONST_EXT", e.toString()));
+            setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"),
+                    NAME, e.getMessage());
             return PolicyResult.REJECTED;
         } catch (CertificateException e) {
             log(ILogger.LL_FAILURE, CMS.getLogMessage("CA_CERT_INFO_ERROR", e.toString()));
-            setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"), 
-                NAME, "Certificate Info Error");
+            setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"),
+                    NAME, "Certificate Info Error");
             return PolicyResult.REJECTED;
         }
     }
 
     /**
      * Return configured parameters for a policy rule instance.
-     *
+     * 
      * @return nvPairs A Vector of name/value pairs.
      */
-    public Vector<String> getInstanceParams() { 
+    public Vector<String> getInstanceParams() {
         return mInstanceParams;
     }
 
     /**
      * Return default parameters for a policy implementation.
-     *
+     * 
      * @return nvPairs A Vector of name/value pairs.
      */
-    public Vector<String> getDefaultParams() { 
+    public Vector<String> getDefaultParams() {
         return mDefaultParams;
     }
 
     /**
-     * gets plugin info for pretty console edit displays. 
+     * gets plugin info for pretty console edit displays.
      */
     public String[] getExtendedPluginInfo(Locale locale) {
         mInstanceParams.addElement(PROP_CRITICAL + "=" + mCritical);
         mInstanceParams.addElement(
-            PROP_REQ_EXPLICIT_POLICY + "=" + mReqExplicitPolicy);
+                PROP_REQ_EXPLICIT_POLICY + "=" + mReqExplicitPolicy);
         mInstanceParams.addElement(
-            PROP_INHIBIT_POLICY_MAPPING + "=" + mInhibitPolicyMapping);
+                PROP_INHIBIT_POLICY_MAPPING + "=" + mInhibitPolicyMapping);
 
         String[] params = {
                 PROP_CRITICAL + ";boolean;RFC 2459 recommendation: may be critical or non-critical.",
@@ -287,4 +277,3 @@ public class PolicyConstraintsExt extends APolicyRule
         return params;
     }
 }
-
diff --git a/pki/base/common/src/com/netscape/cms/policy/extensions/PolicyMappingsExt.java b/pki/base/common/src/com/netscape/cms/policy/extensions/PolicyMappingsExt.java
index 1d901d57..80efc78f 100644
--- a/pki/base/common/src/com/netscape/cms/policy/extensions/PolicyMappingsExt.java
+++ b/pki/base/common/src/com/netscape/cms/policy/extensions/PolicyMappingsExt.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.policy.extensions;
 
-
 import java.io.IOException;
 import java.security.cert.CertificateException;
 import java.util.Locale;
@@ -43,22 +42,21 @@ import com.netscape.certsrv.request.IRequest;
 import com.netscape.certsrv.request.PolicyResult;
 import com.netscape.cms.policy.APolicyRule;
 
-
 /**
- * Policy Mappings Extension Policy
- * Adds the Policy Mappings extension to a (CA) certificate. 
- * Filtering of CA certificates is done through predicates.
+ * Policy Mappings Extension Policy Adds the Policy Mappings extension to a (CA)
+ * certificate. Filtering of CA certificates is done through predicates.
  * <P>
+ * 
  * <PRE>
  * NOTE:  The Policy Framework has been replaced by the Profile Framework.
  * </PRE>
  * <P>
- *
+ * 
  * @deprecated
  * @version $Revision$, $Date$
  */
 public class PolicyMappingsExt extends APolicyRule
-    implements IEnrollmentPolicy, IExtendedPluginInfo {
+        implements IEnrollmentPolicy, IExtendedPluginInfo {
     protected static final String PROP_CRITICAL = "critical";
     protected static final String PROP_NUM_POLICYMAPPINGS = "numPolicyMappings";
 
@@ -85,37 +83,31 @@ public class PolicyMappingsExt extends APolicyRule
     /**
      * Initializes this policy rule.
      * <P>
-     *
+     * 
      * The entries may be of the form:
-     *
-     *      ca.Policy.rule.<ruleName>.predicate=certType==ca
-     *      ca.Policy.rule.<ruleName>.implName=
-     *      ca.Policy.rule.<ruleName>.enable=true
-     *
-     * @param config	The config store reference
+     * 
+     * ca.Policy.rule.<ruleName>.predicate=certType==ca
+     * ca.Policy.rule.<ruleName>.implName= ca.Policy.rule.<ruleName>.enable=true
+     * 
+     * @param config The config store reference
      */
     public void init(ISubsystem owner, IConfigStore config)
-        throws EBaseException {
+            throws EBaseException {
         mConfig = config;
 
-        // XXX should do do this ? 
-        // if CA does not allow subordinate CAs by way of basic constraints, 
-        // this policy always rejects 
+        // XXX should do do this ?
+        // if CA does not allow subordinate CAs by way of basic constraints,
+        // this policy always rejects
         /*****
-         ICertAuthority certAuthority = (ICertAuthority)
-         ((IPolicyProcessor)owner).getAuthority();
-         if (certAuthority instanceof ICertificateAuthority) {
-         CertificateChain caChain = certAuthority.getCACertChain();
-         X509Certificate caCert = null;
-         // Note that in RA the chain could be null if CA was not up when
-         // RA was started. In that case just set the length to -1 and let
-         // CA reject if it does not allow any subordinate CA certs.
-         if (caChain != null) {
-         caCert = caChain.getFirstCertificate();
-         if (caCert != null) 
-         mCAPathLen = caCert.getBasicConstraints();
-         }
-         }
+         * ICertAuthority certAuthority = (ICertAuthority)
+         * ((IPolicyProcessor)owner).getAuthority(); if (certAuthority
+         * instanceof ICertificateAuthority) { CertificateChain caChain =
+         * certAuthority.getCACertChain(); X509Certificate caCert = null; //
+         * Note that in RA the chain could be null if CA was not up when // RA
+         * was started. In that case just set the length to -1 and let // CA
+         * reject if it does not allow any subordinate CA certs. if (caChain !=
+         * null) { caCert = caChain.getFirstCertificate(); if (caCert != null)
+         * mCAPathLen = caCert.getBasicConstraints(); } }
          ****/
 
         mEnabled = mConfig.getBoolean(
@@ -131,7 +123,7 @@ public class PolicyMappingsExt extends APolicyRule
                         "value must be greater than or equal to 1"));
         }
 
-        // init Policy Mappings, check values if enabled. 
+        // init Policy Mappings, check values if enabled.
         mPolicyMaps = new PolicyMap[mNumPolicyMappings];
         for (int i = 0; i < mNumPolicyMappings; i++) {
             String subtreeName = PROP_POLICYMAP + i;
@@ -140,7 +132,7 @@ public class PolicyMappingsExt extends APolicyRule
                 mPolicyMaps[i] = new PolicyMap(subtreeName, mConfig, mEnabled);
             } catch (EBaseException e) {
                 log(ILogger.LL_FAILURE, NAME + ": " +
-                    CMS.getLogMessage("POLICY_ERROR_CREATE_MAP", e.toString()));
+                        CMS.getLogMessage("POLICY_ERROR_CREATE_MAP", e.toString()));
                 throw e;
             }
         }
@@ -152,21 +144,21 @@ public class PolicyMappingsExt extends APolicyRule
 
                 for (int j = 0; j < mNumPolicyMappings; j++) {
                     certPolicyMaps.addElement(
-                        mPolicyMaps[j].mCertificatePolicyMap);
+                            mPolicyMaps[j].mCertificatePolicyMap);
                 }
-                mPolicyMappingsExtension = 
+                mPolicyMappingsExtension =
                         new PolicyMappingsExtension(mCritical, certPolicyMaps);
             } catch (IOException e) {
                 throw new EBaseException(
                         CMS.getUserMessage("CMS_BASE_INTERNAL_ERROR",
-                            "Error initializing " + NAME + " Error: " + e));
+                                "Error initializing " + NAME + " Error: " + e));
             }
         }
 
-        // form instance params 
+        // form instance params
         mInstanceParams.addElement(PROP_CRITICAL + "=" + mCritical);
         mInstanceParams.addElement(
-            PROP_NUM_POLICYMAPPINGS + "=" + mNumPolicyMappings);
+                PROP_NUM_POLICYMAPPINGS + "=" + mNumPolicyMappings);
         for (int i = 0; i < mNumPolicyMappings; i++) {
             mPolicyMaps[i].getInstanceParams(mInstanceParams);
         }
@@ -175,28 +167,28 @@ public class PolicyMappingsExt extends APolicyRule
     /**
      * Adds policy mappings Extension to a (CA) certificate.
      * 
-     * If a policy mappings Extension is already there, accept it if 
-     * it's been approved by agent, else replace it.
-     *
-     * @param req	The request on which to apply policy.
+     * If a policy mappings Extension is already there, accept it if it's been
+     * approved by agent, else replace it.
+     * 
+     * @param req The request on which to apply policy.
      * @return The policy result object.
      */
     public PolicyResult apply(IRequest req) {
-        // if extension hasn't been properly configured reject requests until 
+        // if extension hasn't been properly configured reject requests until
         // it has been resolved (or disabled).
         if (mPolicyMappingsExtension == null) {
-            //setError(req, PolicyResources.EXTENSION_NOT_INITED_1, NAME);
-            //return PolicyResult.REJECTED;
+            // setError(req, PolicyResources.EXTENSION_NOT_INITED_1, NAME);
+            // return PolicyResult.REJECTED;
             return PolicyResult.ACCEPTED;
         }
 
         // get certInfo from request.
-        X509CertInfo[] ci = 
-            req.getExtDataInCertInfoArray(IRequest.CERT_INFO);
-		
+        X509CertInfo[] ci =
+                req.getExtDataInCertInfoArray(IRequest.CERT_INFO);
+
         if (ci == null || ci[0] == null) {
             setError(req, CMS.getUserMessage("CMS_POLICY_NO_CERT_INFO"), NAME);
-            return PolicyResult.REJECTED; 
+            return PolicyResult.REJECTED;
         }
 
         for (int i = 0; i < ci.length; i++) {
@@ -215,7 +207,7 @@ public class PolicyMappingsExt extends APolicyRule
         try {
             PolicyMappingsExtension policyMappingsExt = null;
             CertificateExtensions extensions = (CertificateExtensions)
-                certInfo.get(X509CertInfo.EXTENSIONS);
+                    certInfo.get(X509CertInfo.EXTENSIONS);
 
             try {
                 if (extensions != null) {
@@ -223,7 +215,7 @@ public class PolicyMappingsExt extends APolicyRule
                             extensions.get(PolicyMappingsExtension.class.getSimpleName());
                 }
             } catch (IOException e) {
-                // extension isn't there. 
+                // extension isn't there.
             }
 
             if (policyMappingsExt != null) {
@@ -236,87 +228,86 @@ public class PolicyMappingsExt extends APolicyRule
 
             if (extensions == null) {
                 certInfo.set(X509CertInfo.VERSION,
-                    new CertificateVersion(CertificateVersion.V3));
+                        new CertificateVersion(CertificateVersion.V3));
                 extensions = new CertificateExtensions();
                 certInfo.set(X509CertInfo.EXTENSIONS, extensions);
             }
             extensions.set(
-                PolicyMappingsExtension.class.getSimpleName(), mPolicyMappingsExtension);
+                    PolicyMappingsExtension.class.getSimpleName(), mPolicyMappingsExtension);
             return PolicyResult.ACCEPTED;
         } catch (IOException e) {
-            log(ILogger.LL_FAILURE, 
-                CMS.getLogMessage("POLICY_ERROR_PROCESS_POLICYMAP_EXT", e.getMessage()));
-            setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"), 
-                NAME, e.getMessage());
+            log(ILogger.LL_FAILURE,
+                    CMS.getLogMessage("POLICY_ERROR_PROCESS_POLICYMAP_EXT", e.getMessage()));
+            setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"),
+                    NAME, e.getMessage());
             return PolicyResult.REJECTED;
         } catch (CertificateException e) {
             log(ILogger.LL_FAILURE, CMS.getLogMessage("CA_CERT_INFO_ERROR", e.toString()));
 
-            setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"), 
-                NAME, "Certificate Info Error");
+            setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"),
+                    NAME, "Certificate Info Error");
             return PolicyResult.REJECTED;
         }
     }
 
     /**
      * Return configured parameters for a policy rule instance.
-     *
+     * 
      * @return nvPairs A Vector of name/value pairs.
      */
-    public Vector<String> getInstanceParams() { 
+    public Vector<String> getInstanceParams() {
         return mInstanceParams;
     }
 
     /**
-     * Default config parameters. 
-     * To add more permitted or excluded subtrees, 
-     * increase the num to greater than 0 and more configuration params 
-     * will show up in the console.
+     * Default config parameters. To add more permitted or excluded subtrees,
+     * increase the num to greater than 0 and more configuration params will
+     * show up in the console.
      */
     private static Vector<String> mDefParams = new Vector<String>();
     static {
         mDefParams.addElement(PROP_CRITICAL + "=" + DEF_CRITICAL);
         mDefParams.addElement(
-            PROP_NUM_POLICYMAPPINGS + "=" + DEF_NUM_POLICYMAPPINGS);
+                PROP_NUM_POLICYMAPPINGS + "=" + DEF_NUM_POLICYMAPPINGS);
         String policyMap0Dot = PROP_POLICYMAP + "0.";
 
         mDefParams.addElement(
-            policyMap0Dot + PolicyMap.PROP_ISSUER_DOMAIN_POLICY + "=" + "");
+                policyMap0Dot + PolicyMap.PROP_ISSUER_DOMAIN_POLICY + "=" + "");
         mDefParams.addElement(
-            policyMap0Dot + PolicyMap.PROP_SUBJECT_DOMAIN_POLICY + "=" + "");
+                policyMap0Dot + PolicyMap.PROP_SUBJECT_DOMAIN_POLICY + "=" + "");
     }
 
     /**
      * Return default parameters for a policy implementation.
-     *
+     * 
      * @return nvPairs A Vector of name/value pairs.
      */
-    public Vector<String> getDefaultParams() { 
+    public Vector<String> getDefaultParams() {
         return mDefParams;
     }
 
     public String[] getExtendedPluginInfo(Locale locale) {
         Vector<String> theparams = new Vector<String>();
-		
+
         theparams.addElement(PROP_CRITICAL + ";boolean;RFC 2459 recommendation: MUST be non-critical.");
         theparams.addElement(PROP_NUM_POLICYMAPPINGS + ";number; Number of policy mappings. The value must be greater than or equal to 1");
 
-        String policyInfo = 
-            ";string;An object identifier in the form n.n.n.n";
+        String policyInfo =
+                ";string;An object identifier in the form n.n.n.n";
 
         for (int k = 0; k < 5; k++) {
             String policyMapkDot = PROP_POLICYMAP + k + ".";
 
             theparams.addElement(policyMapkDot +
-                PolicyMap.PROP_ISSUER_DOMAIN_POLICY + policyInfo);
+                    PolicyMap.PROP_ISSUER_DOMAIN_POLICY + policyInfo);
             theparams.addElement(policyMapkDot +
-                PolicyMap.PROP_SUBJECT_DOMAIN_POLICY + policyInfo);
+                    PolicyMap.PROP_SUBJECT_DOMAIN_POLICY + policyInfo);
         }
 
         theparams.addElement(IExtendedPluginInfo.HELP_TOKEN +
-            ";configuration-policyrules-policymappings");
+                ";configuration-policyrules-policymappings");
         theparams.addElement(IExtendedPluginInfo.HELP_TEXT +
-            ";Adds Policy Mappings Extension. See RFC 2459 (4.2.1.6)");
+                ";Adds Policy Mappings Extension. See RFC 2459 (4.2.1.6)");
 
         String[] params = new String[theparams.size()];
 
@@ -325,7 +316,6 @@ public class PolicyMappingsExt extends APolicyRule
     }
 }
 
-
 class PolicyMap {
 
     protected static String PROP_ISSUER_DOMAIN_POLICY = "issuerDomainPolicy";
@@ -340,47 +330,48 @@ class PolicyMap {
 
     /**
      * forms policy map parameters.
+     * 
      * @param name name of this policy map, for example policyMap0
      * @param config parent's config from where we find this configuration.
      * @param enabled whether policy was enabled.
      */
-    protected PolicyMap(String name, IConfigStore config, boolean enabled) 
-        throws EBaseException {
+    protected PolicyMap(String name, IConfigStore config, boolean enabled)
+            throws EBaseException {
         mName = name;
         mConfig = config.getSubStore(mName);
         mNameDot = mName + ".";
 
-        if( mConfig == null ) {
-            CMS.debug( "PolicyMappingsExt::PolicyMap - mConfig is null!" );
+        if (mConfig == null) {
+            CMS.debug("PolicyMappingsExt::PolicyMap - mConfig is null!");
             return;
         }
 
         // if there's no configuration for this map put it there.
         if (mConfig.size() == 0) {
-            config.putString(mNameDot + PROP_ISSUER_DOMAIN_POLICY, ""); 
-            config.putString(mNameDot + PROP_SUBJECT_DOMAIN_POLICY, ""); 
+            config.putString(mNameDot + PROP_ISSUER_DOMAIN_POLICY, "");
+            config.putString(mNameDot + PROP_SUBJECT_DOMAIN_POLICY, "");
             mConfig = config.getSubStore(mName);
             if (mConfig == null || mConfig.size() == 0) {
-	            CMS.debug( "PolicyMappingsExt::PolicyMap - mConfig " +
-                           "is null or empty!" );
+                CMS.debug("PolicyMappingsExt::PolicyMap - mConfig " +
+                           "is null or empty!");
                 return;
             }
         }
 
         // get policy ids from configuration.
-        mIssuerDomainPolicy = 
+        mIssuerDomainPolicy =
                 mConfig.getString(PROP_ISSUER_DOMAIN_POLICY, null);
-        mSubjectDomainPolicy = 
+        mSubjectDomainPolicy =
                 mConfig.getString(PROP_SUBJECT_DOMAIN_POLICY, null);
 
         // adjust for "" and console returning "null"
-        if (mIssuerDomainPolicy != null && 
-            (mIssuerDomainPolicy.length() == 0 || 
+        if (mIssuerDomainPolicy != null &&
+                (mIssuerDomainPolicy.length() == 0 ||
                 mIssuerDomainPolicy.equals("null"))) {
             mIssuerDomainPolicy = null;
         }
-        if (mSubjectDomainPolicy != null && 
-            (mSubjectDomainPolicy.length() == 0 || 
+        if (mSubjectDomainPolicy != null &&
+                (mSubjectDomainPolicy.length() == 0 ||
                 mSubjectDomainPolicy.equals("null"))) {
             mSubjectDomainPolicy = null;
         }
@@ -388,26 +379,26 @@ class PolicyMap {
         // policy ids cannot be null if policy is enabled.
         String msg = "value cannot be null.";
 
-        if (mIssuerDomainPolicy == null && enabled) 
+        if (mIssuerDomainPolicy == null && enabled)
             throw new EBaseException(CMS.getUserMessage("CMS_BASE_INVALID_ATTR_VALUE",
                         mNameDot + PROP_ISSUER_DOMAIN_POLICY, msg));
-        if (mSubjectDomainPolicy == null && enabled) 
+        if (mSubjectDomainPolicy == null && enabled)
             throw new EBaseException(CMS.getUserMessage("CMS_BASE_INVALID_ATTR_VALUE",
                         mNameDot + PROP_SUBJECT_DOMAIN_POLICY, msg));
 
-            // if a policy id is not null check that it is a valid OID.
+        // if a policy id is not null check that it is a valid OID.
         ObjectIdentifier issuerPolicyId = null;
         ObjectIdentifier subjectPolicyId = null;
 
-        if (mIssuerDomainPolicy != null) 
+        if (mIssuerDomainPolicy != null)
             issuerPolicyId = CMS.checkOID(
                         mNameDot + PROP_ISSUER_DOMAIN_POLICY, mIssuerDomainPolicy);
-        if (mSubjectDomainPolicy != null) 
+        if (mSubjectDomainPolicy != null)
             subjectPolicyId = CMS.checkOID(
                         mNameDot + PROP_SUBJECT_DOMAIN_POLICY, mSubjectDomainPolicy);
-		
-            // if enabled, form CertificatePolicyMap to be encoded in extension.
-            // policy ids should be all set.
+
+        // if enabled, form CertificatePolicyMap to be encoded in extension.
+        // policy ids should be all set.
         if (enabled) {
             mCertificatePolicyMap = new CertificatePolicyMap(
                         new CertificatePolicyId(issuerPolicyId),
@@ -417,12 +408,11 @@ class PolicyMap {
 
     protected void getInstanceParams(Vector<String> instanceParams) {
         instanceParams.addElement(
-            mNameDot + PROP_ISSUER_DOMAIN_POLICY + "=" + (mIssuerDomainPolicy == null ? "" :
-                mIssuerDomainPolicy));
+                mNameDot + PROP_ISSUER_DOMAIN_POLICY + "=" + (mIssuerDomainPolicy == null ? "" :
+                        mIssuerDomainPolicy));
         instanceParams.addElement(
-            mNameDot + PROP_SUBJECT_DOMAIN_POLICY + "=" + (mSubjectDomainPolicy == null ? "" :
-                mSubjectDomainPolicy));
+                mNameDot + PROP_SUBJECT_DOMAIN_POLICY + "=" + (mSubjectDomainPolicy == null ? "" :
+                        mSubjectDomainPolicy));
     }
 
 }
-
diff --git a/pki/base/common/src/com/netscape/cms/policy/extensions/PresenceExt.java b/pki/base/common/src/com/netscape/cms/policy/extensions/PresenceExt.java
index 125555c4..a171a400 100644
--- a/pki/base/common/src/com/netscape/cms/policy/extensions/PresenceExt.java
+++ b/pki/base/common/src/com/netscape/cms/policy/extensions/PresenceExt.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.policy.extensions;
 
-
 import java.util.Locale;
 import java.util.Vector;
 
@@ -32,11 +31,12 @@ import com.netscape.cms.policy.APolicyRule;
 /**
  * Checks extension presence.
  * <P>
+ * 
  * <PRE>
  * NOTE:  The Policy Framework has been replaced by the Profile Framework.
  * </PRE>
  * <P>
- *
+ * 
  * @deprecated
  * @version $Revision$, $Date$
  */
@@ -77,7 +77,7 @@ public class PresenceExt extends APolicyRule {
     }
 
     public void init(ISubsystem owner, IConfigStore config)
-        throws EBaseException {
+            throws EBaseException {
         mConfig = config;
 
         mCritical = config.getBoolean(PROP_IS_CRITICAL, false);
@@ -97,19 +97,18 @@ public class PresenceExt extends APolicyRule {
         PolicyResult res = PolicyResult.ACCEPTED;
 
         /*
-         PresenceServerExtension ext = new PresenceServerExtension(mCritical,
-         mOID, mVersion, mStreetAddress,
-         mTelephoneNumber, mRFC822Name, mID,
-         mHostName, mPortNumber, mMaxUsers, mServiceLevel);
+         * PresenceServerExtension ext = new PresenceServerExtension(mCritical,
+         * mOID, mVersion, mStreetAddress, mTelephoneNumber, mRFC822Name, mID,
+         * mHostName, mPortNumber, mMaxUsers, mServiceLevel);
          */
-	
+
         return res;
     }
 
-    public Vector<String> getInstanceParams() { 
-        Vector<String> params = new Vector<String>(); 
+    public Vector<String> getInstanceParams() {
+        Vector<String> params = new Vector<String>();
 
-        params.addElement(PROP_IS_CRITICAL + "=" + mCritical); 
+        params.addElement(PROP_IS_CRITICAL + "=" + mCritical);
         params.addElement(PROP_OID + "=" + mOID);
         params.addElement(PROP_VERSION + "=" + mVersion);
         params.addElement(PROP_STREET_ADDRESS + "=" + mStreetAddress);
@@ -137,21 +136,21 @@ public class PresenceExt extends APolicyRule {
                 PROP_MAX_USERS + ";string; max users",
                 PROP_SERVICE_LEVEL + ";string; service level",
                 IExtendedPluginInfo.HELP_TOKEN +
-                ";configuration-policyrules-presenceext",
+                        ";configuration-policyrules-presenceext",
                 IExtendedPluginInfo.HELP_TEXT +
-                ";Adds Presence Server Extension;"
+                        ";Adds Presence Server Extension;"
 
-            };
+        };
 
         return params;
     }
-	
+
     /**
      * Return default parameters for a policy implementation.
-     *
+     * 
      * @return nvPairs A Vector of name/value pairs.
      */
-    public Vector<String> getDefaultParams() { 
+    public Vector<String> getDefaultParams() {
         return mDefParams;
     }
 }
diff --git a/pki/base/common/src/com/netscape/cms/policy/extensions/PrivateKeyUsagePeriodExt.java b/pki/base/common/src/com/netscape/cms/policy/extensions/PrivateKeyUsagePeriodExt.java
index 8b3ab40c..60c0dfbc 100644
--- a/pki/base/common/src/com/netscape/cms/policy/extensions/PrivateKeyUsagePeriodExt.java
+++ b/pki/base/common/src/com/netscape/cms/policy/extensions/PrivateKeyUsagePeriodExt.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.policy.extensions;
 
-
 import java.io.IOException;
 import java.security.cert.CertificateException;
 import java.text.SimpleDateFormat;
@@ -42,20 +41,20 @@ import com.netscape.certsrv.request.IRequest;
 import com.netscape.certsrv.request.PolicyResult;
 import com.netscape.cms.policy.APolicyRule;
 
-
 /**
  * PrivateKeyUsagePeriod Identifier Extension policy.
  * <P>
+ * 
  * <PRE>
  * NOTE:  The Policy Framework has been replaced by the Profile Framework.
  * </PRE>
  * <P>
- *
+ * 
  * @deprecated
  * @version $Revision$, $Date$
  */
 public class PrivateKeyUsagePeriodExt extends APolicyRule
-    implements IEnrollmentPolicy, IExtendedPluginInfo {
+        implements IEnrollmentPolicy, IExtendedPluginInfo {
 
     private final static String PROP_NOT_BEFORE = "notBefore";
     private final static String PROP_NOT_AFTER = "notAfter";
@@ -94,16 +93,16 @@ public class PrivateKeyUsagePeriodExt extends APolicyRule
     public String[] getExtendedPluginInfo(Locale locale) {
         String[] params = {
                 PROP_IS_CRITICAL + ";boolean;RFC 2459 recommendation: The profile " +
-                "recommends against the use of this extension. CAs " +
-                "conforming to the profile MUST NOT generate certs with " +
-                "critical private key usage period extensions.",
+                        "recommends against the use of this extension. CAs " +
+                        "conforming to the profile MUST NOT generate certs with " +
+                        "critical private key usage period extensions.",
                 PROP_NOT_BEFORE + ";string; Date before which the Private Key is invalid.",
                 PROP_NOT_AFTER + ";string; Date after which the Private Key is invalid.",
                 IExtendedPluginInfo.HELP_TOKEN +
-                ";configuration-policyrules-privatekeyusageperiod",
+                        ";configuration-policyrules-privatekeyusageperiod",
                 IExtendedPluginInfo.HELP_TEXT +
-                ";Adds (deprecated) Private Key Usage Period Extension. " +
-                "Defined in RFC 2459 (4.2.1.4)"
+                        ";Adds (deprecated) Private Key Usage Period Extension. " +
+                        "Defined in RFC 2459 (4.2.1.4)"
             };
 
         return params;
@@ -119,17 +118,17 @@ public class PrivateKeyUsagePeriodExt extends APolicyRule
 
     /**
      * Initializes this policy rule.
-     *	  ra.Policy.rule.<ruleName>.implName=PrivateKeyUsageExtension
-     *	  ra.Policy.rule.<ruleName>.enable=true
-     *	  ra.Policy.rule.<ruleName>.notBefore=30
-     *	  ra.Policy.rule.<ruleName>.notAfter=180
-     *	  ra.Policy.rule.<ruleName>.critical=false
-     *	  ra.Policy.rule.<ruleName>.predicate=ou==Sales
-     *
-     * @param config	The config store reference
+     * ra.Policy.rule.<ruleName>.implName=PrivateKeyUsageExtension
+     * ra.Policy.rule.<ruleName>.enable=true
+     * ra.Policy.rule.<ruleName>.notBefore=30
+     * ra.Policy.rule.<ruleName>.notAfter=180
+     * ra.Policy.rule.<ruleName>.critical=false
+     * ra.Policy.rule.<ruleName>.predicate=ou==Sales
+     * 
+     * @param config The config store reference
      */
     public void init(ISubsystem owner, IConfigStore config)
-        throws EBaseException {
+            throws EBaseException {
 
         try {
             // Get params.
@@ -145,7 +144,7 @@ public class PrivateKeyUsagePeriodExt extends APolicyRule
             notAfter = formatter.format(formatter.parse(mNotAfter.trim()));
         } catch (Exception e) {
             // e.printStackTrace();
-            Object[] params = {getInstanceName(), e};
+            Object[] params = { getInstanceName(), e };
 
             throw new EPolicyException(
                     CMS.getUserMessage("CMS_POLICY_INVALID_POLICY_CONFIG"), params);
@@ -154,20 +153,20 @@ public class PrivateKeyUsagePeriodExt extends APolicyRule
     }
 
     /**
-     * Adds a private key usage extension if none exists. 
-     *
-     * @param req	The request on which to apply policy.
+     * Adds a private key usage extension if none exists.
+     * 
+     * @param req The request on which to apply policy.
      * @return The policy result object.
      */
     public PolicyResult apply(IRequest req) {
         PolicyResult res = PolicyResult.ACCEPTED;
 
         // get cert info.
-        X509CertInfo[] ci = 
-            req.getExtDataInCertInfoArray(IRequest.CERT_INFO);
-		
+        X509CertInfo[] ci =
+                req.getExtDataInCertInfoArray(IRequest.CERT_INFO);
+
         if (ci == null || ci[0] == null) {
-            setError(req, CMS.getUserMessage("CMS_POLICY_NO_CERT_INFO"), NAME); 
+            setError(req, CMS.getUserMessage("CMS_POLICY_NO_CERT_INFO"), NAME);
             return PolicyResult.REJECTED; // unrecoverable error.
         }
 
@@ -201,7 +200,7 @@ public class PrivateKeyUsagePeriodExt extends APolicyRule
             // remove any previously computed version of the extension
             try {
                 extensions.delete(PrivateKeyUsageExtension.class.getSimpleName());
-	   
+
             } catch (IOException e) {
             }
 
@@ -209,16 +208,16 @@ public class PrivateKeyUsagePeriodExt extends APolicyRule
 
         try {
             ext = new PrivateKeyUsageExtension(
-                        formatter.parse(mNotBefore), 
+                        formatter.parse(mNotBefore),
                         formatter.parse(mNotAfter));
             certInfo.set(X509CertInfo.VERSION,
-                new CertificateVersion(CertificateVersion.V3));
+                    new CertificateVersion(CertificateVersion.V3));
             extensions.set(PrivateKeyUsageExtension.class.getSimpleName(), ext);
         } catch (Exception e) {
-            if (e instanceof RuntimeException) 
+            if (e instanceof RuntimeException)
                 throw (RuntimeException) e;
-            log(ILogger.LL_FAILURE, 
-                CMS.getLogMessage("POLICY_ERROR_CREATE_PRIVATE_KEY_EXT", e.toString()));
+            log(ILogger.LL_FAILURE,
+                    CMS.getLogMessage("POLICY_ERROR_CREATE_PRIVATE_KEY_EXT", e.toString()));
             setError(req, CMS.getUserMessage("CMS_POLICY_SUBJECT_KEY_ID_ERROR"), NAME);
             return PolicyResult.REJECTED;
         }
@@ -227,11 +226,11 @@ public class PrivateKeyUsagePeriodExt extends APolicyRule
 
     /**
      * Return configured parameters for a policy rule instance.
-     *
+     * 
      * @return Empty Vector since this policy has no configuration parameters.
-     * for this policy instance.
+     *         for this policy instance.
      */
-    public Vector<String> getInstanceParams() { 
+    public Vector<String> getInstanceParams() {
         Vector<String> params = new Vector<String>();
 
         params.addElement(PROP_IS_CRITICAL + "=" + mCritical);
@@ -242,11 +241,11 @@ public class PrivateKeyUsagePeriodExt extends APolicyRule
 
     /**
      * Return default parameters for a policy implementation.
-     *
-     * @return Empty Vector since this policy implementation has no 
-     * configuration parameters.
+     * 
+     * @return Empty Vector since this policy implementation has no
+     *         configuration parameters.
      */
-    public Vector<String> getDefaultParams() { 
+    public Vector<String> getDefaultParams() {
         Vector<String> defParams = new Vector<String>();
 
         defParams.addElement(PROP_IS_CRITICAL + "=" + DEFAULT_CRITICALITY);
@@ -255,4 +254,3 @@ public class PrivateKeyUsagePeriodExt extends APolicyRule
         return defParams;
     }
 }
-
diff --git a/pki/base/common/src/com/netscape/cms/policy/extensions/RemoveBasicConstraintsExt.java b/pki/base/common/src/com/netscape/cms/policy/extensions/RemoveBasicConstraintsExt.java
index 396afc97..08c88e97 100644
--- a/pki/base/common/src/com/netscape/cms/policy/extensions/RemoveBasicConstraintsExt.java
+++ b/pki/base/common/src/com/netscape/cms/policy/extensions/RemoveBasicConstraintsExt.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.policy.extensions;
 
-
 import java.io.IOException;
 import java.security.cert.CertificateException;
 import java.util.Locale;
@@ -37,55 +36,54 @@ import com.netscape.certsrv.request.IRequest;
 import com.netscape.certsrv.request.PolicyResult;
 import com.netscape.cms.policy.APolicyRule;
 
-
 /**
- * Remove Basic Constraints policy.
- * Adds the Basic constraints extension.
+ * Remove Basic Constraints policy. Adds the Basic constraints extension.
  * <P>
+ * 
  * <PRE>
  * NOTE:  The Policy Framework has been replaced by the Profile Framework.
  * </PRE>
  * <P>
- *
+ * 
  * @deprecated
  * @version $Revision$, $Date$
  */
 public class RemoveBasicConstraintsExt extends APolicyRule
-    implements IEnrollmentPolicy, IExtendedPluginInfo {
+        implements IEnrollmentPolicy, IExtendedPluginInfo {
     public RemoveBasicConstraintsExt() {
         NAME = "RemoveBasicConstraintsExt";
         DESC = "Remove Basic Constraints extension";
     }
 
     public void init(ISubsystem owner, IConfigStore config)
-        throws EBaseException {
+            throws EBaseException {
     }
 
     public PolicyResult apply(IRequest req) {
         PolicyResult res = PolicyResult.ACCEPTED;
 
         // get cert info.
-        X509CertInfo[] ci = 
-            req.getExtDataInCertInfoArray(IRequest.CERT_INFO);
+        X509CertInfo[] ci =
+                req.getExtDataInCertInfoArray(IRequest.CERT_INFO);
 
         X509CertInfo certInfo = null;
 
         if (ci == null || (certInfo = ci[0]) == null) {
-            setError(req, CMS.getUserMessage("CMS_POLICY_NO_CERT_INFO"), NAME); 
+            setError(req, CMS.getUserMessage("CMS_POLICY_NO_CERT_INFO"), NAME);
             return PolicyResult.REJECTED; // unrecoverable error.
         }
 
         for (int i = 0; i < ci.length; i++) {
             PolicyResult certResult = applyCert(req, certInfo);
 
-            if (certResult == PolicyResult.REJECTED) 
+            if (certResult == PolicyResult.REJECTED)
                 return certResult;
         }
         return PolicyResult.ACCEPTED;
     }
 
     public PolicyResult applyCert(
-        IRequest req, X509CertInfo certInfo) {
+            IRequest req, X509CertInfo certInfo) {
         // get basic constraints extension from cert info if any.
         CertificateExtensions extensions = null;
 
@@ -110,10 +108,10 @@ public class RemoveBasicConstraintsExt extends APolicyRule
 
     /**
      * Return configured parameters for a policy rule instance.
-     *
+     * 
      * @return nvPairs A Vector of name/value pairs.
      */
-    public Vector<String> getInstanceParams() { 
+    public Vector<String> getInstanceParams() {
         Vector<String> params = new Vector<String>();
 
         return params;
@@ -121,10 +119,10 @@ public class RemoveBasicConstraintsExt extends APolicyRule
 
     /**
      * Return default parameters for a policy implementation.
-     *
+     * 
      * @return nvPairs A Vector of name/value pairs.
      */
-    public Vector<String> getDefaultParams() { 
+    public Vector<String> getDefaultParams() {
         Vector<String> defParams = new Vector<String>();
 
         return defParams;
@@ -133,13 +131,12 @@ public class RemoveBasicConstraintsExt extends APolicyRule
     public String[] getExtendedPluginInfo(Locale locale) {
         String[] params = {
                 IExtendedPluginInfo.HELP_TOKEN +
-                ";configuration-policyrules-removebasicconstraints",
+                        ";configuration-policyrules-removebasicconstraints",
                 IExtendedPluginInfo.HELP_TEXT +
-                ";Removes the Basic Constraints extension."
+                        ";Removes the Basic Constraints extension."
             };
 
         return params;
     }
 
 }
-
diff --git a/pki/base/common/src/com/netscape/cms/policy/extensions/SubjAltNameExt.java b/pki/base/common/src/com/netscape/cms/policy/extensions/SubjAltNameExt.java
index aab88ff3..8a91dca6 100644
--- a/pki/base/common/src/com/netscape/cms/policy/extensions/SubjAltNameExt.java
+++ b/pki/base/common/src/com/netscape/cms/policy/extensions/SubjAltNameExt.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.policy.extensions;
 
-
 import java.io.IOException;
 import java.security.cert.CertificateException;
 import java.util.Locale;
@@ -42,56 +41,54 @@ import com.netscape.certsrv.request.IRequest;
 import com.netscape.certsrv.request.PolicyResult;
 import com.netscape.cms.policy.APolicyRule;
 
-
 /**
  * 
- * THIS POLICY HAS BEEN DEPRECATED SINCE CMS 4.2. 
- * New Policy is com.netscape.certsrv.policy.SubjectAltNameExt. 
+ * THIS POLICY HAS BEEN DEPRECATED SINCE CMS 4.2. New Policy is
+ * com.netscape.certsrv.policy.SubjectAltNameExt.
  * <p>
  * 
  * Subject Alternative Name extension policy in CMS 4.1.
- *
- * Adds the subject alternative name extension depending on the
- * certificate type requested.
- *
- * Two forms are supported.  1) For S/MIME certificates, email
- * addresses are copied from data stored in the request by the
- * authentication component.  Both 'e' and 'altEmail' are supported
- * so that both the primary address and alternative forms may be
- * certified.  Only the primary goes in the subjectName position (which
- * should be phased out).
- *
- * e
- * mailAlternateAddress
+ * 
+ * Adds the subject alternative name extension depending on the certificate type
+ * requested.
+ * 
+ * Two forms are supported. 1) For S/MIME certificates, email addresses are
+ * copied from data stored in the request by the authentication component. Both
+ * 'e' and 'altEmail' are supported so that both the primary address and
+ * alternative forms may be certified. Only the primary goes in the subjectName
+ * position (which should be phased out).
+ * 
+ * e mailAlternateAddress
  * <P>
+ * 
  * <PRE>
  * NOTE:  The Policy Framework has been replaced by the Profile Framework.
  * </PRE>
  * <P>
- *
+ * 
  * @deprecated
  * @version $Revision$, $Date$
  */
 public class SubjAltNameExt extends APolicyRule
-    implements IEnrollmentPolicy, IExtendedPluginInfo {
-    // for future use. currently always allow. 
+        implements IEnrollmentPolicy, IExtendedPluginInfo {
+    // for future use. currently always allow.
     protected static final String PROP_AGENT_OVERR = "allowAgentOverride";
     protected static final String PROP_EE_OVERR = "AllowEEOverride";
     protected static final String PROP_ENABLE_MANUAL_VALUES =
-        "enableManualValues";
+            "enableManualValues";
 
-    // for future use. currently always non-critical 
-    // (standard says SHOULD be marked critical if included.) 
+    // for future use. currently always non-critical
+    // (standard says SHOULD be marked critical if included.)
     protected static final String PROP_CRITICAL = "critical";
 
-    // for future use to allow overrides from forms. 
+    // for future use to allow overrides from forms.
     // request must be agent approved or authenticated.
     protected boolean mAllowAgentOverride = false;
     protected boolean mAllowEEOverride = false;
     protected boolean mEnableManualValues = false;
 
-    // for future use. currently always critical 
-    // (standard says SHOULD be marked critical if included.) 
+    // for future use. currently always critical
+    // (standard says SHOULD be marked critical if included.)
     protected boolean mCritical = false;
 
     public SubjAltNameExt() {
@@ -103,15 +100,15 @@ public class SubjAltNameExt extends APolicyRule
         String[] params = {
                 PROP_CRITICAL + ";boolean;RFC 2459 recommendation: If the certificate subject field contains an empty sequence, the subjectAltName extension MUST be marked critical.",
                 IExtendedPluginInfo.HELP_TOKEN +
-                ";configuration-policyrules-subjaltname",
+                        ";configuration-policyrules-subjaltname",
                 IExtendedPluginInfo.HELP_TEXT +
-                ";This policy inserts the Subject Alternative Name " +
-                "Extension into the certificate. See RFC 2459 (4.2.1.7). " +
-                "* Note: you probably want to use this policy in " +
-                "conjunction with an authentication manager which sets " +
-                "the 'mail' or 'mailalternateaddress' values in the authToken. " +
-                "See the 'ldapStringAttrs' parameter in the Directory-based " +
-                "authentication plugin"
+                        ";This policy inserts the Subject Alternative Name " +
+                        "Extension into the certificate. See RFC 2459 (4.2.1.7). " +
+                        "* Note: you probably want to use this policy in " +
+                        "conjunction with an authentication manager which sets " +
+                        "the 'mail' or 'mailalternateaddress' values in the authToken. " +
+                        "See the 'ldapStringAttrs' parameter in the Directory-based " +
+                        "authentication plugin"
             };
 
         return params;
@@ -121,40 +118,41 @@ public class SubjAltNameExt extends APolicyRule
     /**
      * Initializes this policy rule.
      * <P>
-     *
+     * 
      * The entries may be of the form:
-     *
-     *      ra.Policy.rule.<ruleName>.implName=SubjAltNameExt
-     *      ra.Policy.rule.<ruleName>.enable=true
-     *
-     * @param config	The config store reference
+     * 
+     * ra.Policy.rule.<ruleName>.implName=SubjAltNameExt
+     * ra.Policy.rule.<ruleName>.enable=true
+     * 
+     * @param config The config store reference
      */
     public void init(ISubsystem owner, IConfigStore config)
-        throws EBaseException {
+            throws EBaseException {
         // future use.
         mAllowAgentOverride = config.getBoolean(PROP_AGENT_OVERR, false);
         mAllowEEOverride = config.getBoolean(PROP_EE_OVERR, false);
         mCritical = config.getBoolean(PROP_CRITICAL, false);
-        // mEnableManualValues = config.getBoolean(PROP_ENABLE_MANUAL_VALUES, false);
+        // mEnableManualValues = config.getBoolean(PROP_ENABLE_MANUAL_VALUES,
+        // false);
     }
 
     /**
      * Adds the subject alternative names extension if not set already.
-     *
+     * 
      * <P>
-     *
-     * @param req	The request on which to apply policy.
+     * 
+     * @param req The request on which to apply policy.
      * @return The policy result object.
      */
     public PolicyResult apply(IRequest req) {
         PolicyResult res = PolicyResult.ACCEPTED;
 
         // Find the X509CertInfo object in the request
-        X509CertInfo[] ci = 
-            req.getExtDataInCertInfoArray(IRequest.CERT_INFO);
+        X509CertInfo[] ci =
+                req.getExtDataInCertInfoArray(IRequest.CERT_INFO);
 
         if (ci == null || ci[0] == null) {
-            setError(req, CMS.getUserMessage("CMS_POLICY_NO_CERT_INFO"), NAME); 
+            setError(req, CMS.getUserMessage("CMS_POLICY_NO_CERT_INFO"), NAME);
 
             return PolicyResult.REJECTED; // unrecoverable error.
         }
@@ -174,12 +172,11 @@ public class SubjAltNameExt extends APolicyRule
         //
         // General error handling block
         //
-        apply:
-        try {
+        apply: try {
 
             // Find the extensions in the certInfo
             CertificateExtensions extensions = (CertificateExtensions)
-                certInfo.get(X509CertInfo.EXTENSIONS);
+                    certInfo.get(X509CertInfo.EXTENSIONS);
 
             if (extensions != null) {
                 //
@@ -193,17 +190,17 @@ public class SubjAltNameExt extends APolicyRule
             }
 
             //
-            // Determine the type of the request.  For future expansion
+            // Determine the type of the request. For future expansion
             // this test should dispatch to a specialized object to
-            // handle each particular type.  For now just return for
+            // handle each particular type. For now just return for
             // non-client certs, and implement client certs directly here.
             //
             String certType =
-                req.getExtDataInString(IRequest.HTTP_PARAMS, IRequest.CERT_TYPE);
+                    req.getExtDataInString(IRequest.HTTP_PARAMS, IRequest.CERT_TYPE);
 
             if (certType == null ||
-                !certType.equals(IRequest.CLIENT_CERT) ||
-                !req.getExtDataInBoolean(IRequest.SMIME, false)) {
+                    !certType.equals(IRequest.CLIENT_CERT) ||
+                    !req.getExtDataInBoolean(IRequest.SMIME, false)) {
                 break apply;
             }
 
@@ -212,30 +209,32 @@ public class SubjAltNameExt extends APolicyRule
 
             IAuthToken tok = findAuthToken(req, null);
 
-            if (tok == null) break apply;
+            if (tok == null)
+                break apply;
 
             Vector<String> emails = getEmailList(tok);
 
-            if (emails == null) break apply;
+            if (emails == null)
+                break apply;
 
-                // Create the extension
+            // Create the extension
             SubjectAlternativeNameExtension subjAltNameExt = mkExt(emails);
 
             if (extensions == null)
                 extensions = createCertificateExtensions(certInfo);
 
             extensions.set(SubjectAlternativeNameExtension.class.getSimpleName(),
-                subjAltNameExt);
+                    subjAltNameExt);
 
         } catch (IOException e) {
-            log(ILogger.LL_FAILURE, CMS.getLogMessage("BASE_IO_ERROR", e.getMessage())); 
-            setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"), 
-                NAME, e.getMessage());
+            log(ILogger.LL_FAILURE, CMS.getLogMessage("BASE_IO_ERROR", e.getMessage()));
+            setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"),
+                    NAME, e.getMessage());
             return PolicyResult.REJECTED; // unrecoverable error.
         } catch (CertificateException e) {
             log(ILogger.LL_FAILURE, CMS.getLogMessage("CA_CERT_INFO_ERROR", e.toString()));
-            setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"), 
-                NAME, "Certificate Info Error");
+            setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"),
+                    NAME, "Certificate Info Error");
             return PolicyResult.REJECTED; // unrecoverable error.
         }
 
@@ -243,28 +242,29 @@ public class SubjAltNameExt extends APolicyRule
     }
 
     /**
-     * Find a particular authentication token by manager name.
-     * If the token is not present return null
+     * Find a particular authentication token by manager name. If the token is
+     * not present return null
      */
     protected IAuthToken
-    findAuthToken(IRequest req, String authMgrName) {
+            findAuthToken(IRequest req, String authMgrName) {
 
         return req.getExtDataInAuthToken(IRequest.AUTH_TOKEN);
     }
 
     /**
-     * Generate a String Vector containing all the email addresses
-     * found in this Authentication token
+     * Generate a String Vector containing all the email addresses found in this
+     * Authentication token
      */
     protected Vector /* of String */<String>
-    getEmailList(IAuthToken tok) {
+            getEmailList(IAuthToken tok) {
 
         Vector<String> v = new Vector<String>();
 
         addValues(tok, "mail", v);
         addValues(tok, "mailalternateaddress", v);
 
-        if (v.size() == 0) return null;
+        if (v.size() == 0)
+            return null;
 
         return v;
     }
@@ -273,10 +273,11 @@ public class SubjAltNameExt extends APolicyRule
      * Add attribute values from an LDAP attribute to a vector
      */
     protected void
-    addValues(IAuthToken tok, String attrName, Vector<String> v) {
+            addValues(IAuthToken tok, String attrName, Vector<String> v) {
         String attr[] = tok.getInStringArray(attrName);
 
-        if (attr == null) return;
+        if (attr == null)
+            return;
 
         for (int i = 0; i < attr.length; i++) {
             v.addElement(attr[i]);
@@ -287,8 +288,8 @@ public class SubjAltNameExt extends APolicyRule
      * Make a Subject name extension given a list of email addresses
      */
     protected SubjectAlternativeNameExtension
-    mkExt(Vector<String> emails)
-        throws IOException {
+            mkExt(Vector<String> emails)
+                    throws IOException {
         SubjectAlternativeNameExtension sa;
         GeneralNames gns = new GeneralNames();
 
@@ -304,19 +305,18 @@ public class SubjAltNameExt extends APolicyRule
     }
 
     /**
-     * Create a new SET of extensions in the certificate info
-     * object.
-     *
+     * Create a new SET of extensions in the certificate info object.
+     * 
      * This should be a method in the X509CertInfo object
      */
-    protected CertificateExtensions 
-    createCertificateExtensions(X509CertInfo certInfo)
-        throws IOException, CertificateException {
+    protected CertificateExtensions
+            createCertificateExtensions(X509CertInfo certInfo)
+                    throws IOException, CertificateException {
         CertificateExtensions extensions;
 
         // Force version to V3
-        certInfo.set(X509CertInfo.VERSION, 
-            new CertificateVersion(CertificateVersion.V3));
+        certInfo.set(X509CertInfo.VERSION,
+                new CertificateVersion(CertificateVersion.V3));
 
         extensions = new CertificateExtensions();
         certInfo.set(X509CertInfo.EXTENSIONS, extensions);
@@ -326,34 +326,33 @@ public class SubjAltNameExt extends APolicyRule
 
     /**
      * Return configured parameters for a policy rule instance.
-     *
+     * 
      * @return nvPairs A Vector of name/value pairs.
      */
-    public Vector<String> getInstanceParams() { 
+    public Vector<String> getInstanceParams() {
         Vector<String> params = new Vector<String>();
 
-        //params.addElement("PROP_AGENT_OVERR = " + mAllowAgentOverride);
-        //params.addElement("PROP_EE_OVERR = " + mAllowEEOverride);
+        // params.addElement("PROP_AGENT_OVERR = " + mAllowAgentOverride);
+        // params.addElement("PROP_EE_OVERR = " + mAllowEEOverride);
         params.addElement(PROP_CRITICAL + "=" + mCritical);
         // params.addElement(PROP_ENABLE_MANUAL_VALUES + " = " +
-        //	mEnableManualValues);
+        // mEnableManualValues);
         return params;
     }
 
     /**
      * Return default parameters for a policy implementation.
-     *
+     * 
      * @return nvPairs A Vector of name/value pairs.
      */
-    public Vector<String>  getDefaultParams() { 
-        Vector<String>  defParams = new Vector<String> ();
+    public Vector<String> getDefaultParams() {
+        Vector<String> defParams = new Vector<String>();
 
-        //defParams.addElement("PROP_AGENT_OVERR = " + DEF_AGENT_OVERR);
-        //defParams.addElement("PROP_EE_OVERR = " + DEF_EE_OVERR);
+        // defParams.addElement("PROP_AGENT_OVERR = " + DEF_AGENT_OVERR);
+        // defParams.addElement("PROP_EE_OVERR = " + DEF_EE_OVERR);
         defParams.addElement(PROP_CRITICAL + "=false");
         // defParams.addElement(PROP_ENABLE_MANUAL_VALUES + "= false");
 
         return defParams;
     }
 }
-
diff --git a/pki/base/common/src/com/netscape/cms/policy/extensions/SubjectAltNameExt.java b/pki/base/common/src/com/netscape/cms/policy/extensions/SubjectAltNameExt.java
index b9bc6059..73ac5f0b 100644
--- a/pki/base/common/src/com/netscape/cms/policy/extensions/SubjectAltNameExt.java
+++ b/pki/base/common/src/com/netscape/cms/policy/extensions/SubjectAltNameExt.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.policy.extensions;
 
-
 import java.io.IOException;
 import java.security.cert.CertificateException;
 import java.util.Enumeration;
@@ -45,33 +44,31 @@ import com.netscape.certsrv.request.IRequest;
 import com.netscape.certsrv.request.PolicyResult;
 import com.netscape.cms.policy.APolicyRule;
 
-
 /**
  * Subject Alternative Name extension policy.
- *
+ * 
  * Adds the subject alternative name extension as configured.
- *
- * Two forms are supported.  1) For S/MIME certificates, email
- * addresses are copied from data stored in the request by the
- * authentication component.  Both 'e' and 'altEmail' are supported
- * so that both the primary address and alternative forms may be
- * certified.  Only the primary goes in the subjectName position (which
- * should be phased out).
- *
- * e
- * mailAlternateAddress
+ * 
+ * Two forms are supported. 1) For S/MIME certificates, email addresses are
+ * copied from data stored in the request by the authentication component. Both
+ * 'e' and 'altEmail' are supported so that both the primary address and
+ * alternative forms may be certified. Only the primary goes in the subjectName
+ * position (which should be phased out).
+ * 
+ * e mailAlternateAddress
  * <P>
+ * 
  * <PRE>
  * NOTE:  The Policy Framework has been replaced by the Profile Framework.
  * </PRE>
  * <P>
- *
+ * 
  * @deprecated
  * @version $Revision$, $Date$
  */
 public class SubjectAltNameExt extends APolicyRule
-    implements IEnrollmentPolicy, IExtendedPluginInfo {
-    // (standard says SHOULD be marked critical if included.) 
+        implements IEnrollmentPolicy, IExtendedPluginInfo {
+    // (standard says SHOULD be marked critical if included.)
     protected static final String PROP_CRITICAL = "critical";
     protected static final boolean DEF_CRITICAL = false;
 
@@ -89,11 +86,11 @@ public class SubjectAltNameExt extends APolicyRule
         // default params.
         mDefParams.addElement(PROP_CRITICAL + "=" + DEF_CRITICAL);
         mDefParams.addElement(
-            IGeneralNameUtil.PROP_NUM_GENERALNAMES + "=" + 
-            IGeneralNameUtil.DEF_NUM_GENERALNAMES);
+                IGeneralNameUtil.PROP_NUM_GENERALNAMES + "=" +
+                        IGeneralNameUtil.DEF_NUM_GENERALNAMES);
         for (int i = 0; i < IGeneralNameUtil.DEF_NUM_GENERALNAMES; i++) {
             CMS.getSubjAltNameConfigDefaultParams(
-                IGeneralNameUtil.PROP_GENERALNAME + i, mDefParams);
+                    IGeneralNameUtil.PROP_GENERALNAME + i, mDefParams);
         }
     }
 
@@ -107,16 +104,16 @@ public class SubjectAltNameExt extends APolicyRule
     /**
      * Initializes this policy rule.
      * <P>
-     *
+     * 
      * The entries may be of the form:
-     *
-     *      ra.Policy.rule.<ruleName>.implName=SubjectAltNameExt
-     *      ra.Policy.rule.<ruleName>.enable=true
-     *
-     * @param config	The config store reference
+     * 
+     * ra.Policy.rule.<ruleName>.implName=SubjectAltNameExt
+     * ra.Policy.rule.<ruleName>.enable=true
+     * 
+     * @param config The config store reference
      */
     public void init(ISubsystem owner, IConfigStore config)
-        throws EBaseException {
+            throws EBaseException {
         mConfig = config;
 
         // get criticality
@@ -127,11 +124,11 @@ public class SubjectAltNameExt extends APolicyRule
                     IPolicyProcessor.PROP_ENABLE, false);
 
         // get general names configuration.
-        mNumGNs = mConfig.getInteger(IGeneralNameUtil.PROP_NUM_GENERALNAMES); 
+        mNumGNs = mConfig.getInteger(IGeneralNameUtil.PROP_NUM_GENERALNAMES);
         if (mNumGNs <= 0) {
             throw new EBaseException(
-                    CMS.getUserMessage("CMS_BASE_MUST_BE_POSITIVE_NUMBER", 
-                        IGeneralNameUtil.PROP_NUM_GENERALNAMES));
+                    CMS.getUserMessage("CMS_BASE_MUST_BE_POSITIVE_NUMBER",
+                            IGeneralNameUtil.PROP_NUM_GENERALNAMES));
         }
         mGNs = new ISubjAltNameConfig[mNumGNs];
         for (int i = 0; i < mNumGNs; i++) {
@@ -144,7 +141,7 @@ public class SubjectAltNameExt extends APolicyRule
         // init instance params.
         mInstanceParams.addElement(PROP_CRITICAL + "=" + mCritical);
         mInstanceParams.addElement(
-            IGeneralNameUtil.PROP_NUM_GENERALNAMES + "=" + mNumGNs);
+                IGeneralNameUtil.PROP_NUM_GENERALNAMES + "=" + mNumGNs);
         for (int j = 0; j < mGNs.length; j++) {
             mGNs[j].getInstanceParams(mInstanceParams);
         }
@@ -152,21 +149,21 @@ public class SubjectAltNameExt extends APolicyRule
 
     /**
      * Adds the subject alternative names extension if not set already.
-     *
+     * 
      * <P>
-     *
-     * @param req	The request on which to apply policy.
+     * 
+     * @param req The request on which to apply policy.
      * @return The policy result object.
      */
     public PolicyResult apply(IRequest req) {
         PolicyResult res = PolicyResult.ACCEPTED;
 
         // Find the X509CertInfo object in the request
-        X509CertInfo[] ci = 
-            req.getExtDataInCertInfoArray(IRequest.CERT_INFO);
+        X509CertInfo[] ci =
+                req.getExtDataInCertInfoArray(IRequest.CERT_INFO);
 
         if (ci == null || ci[0] == null) {
-            setError(req, CMS.getUserMessage("CMS_POLICY_NO_CERT_INFO"), NAME); 
+            setError(req, CMS.getUserMessage("CMS_POLICY_NO_CERT_INFO"), NAME);
 
             return PolicyResult.REJECTED; // unrecoverable error.
         }
@@ -186,15 +183,15 @@ public class SubjectAltNameExt extends APolicyRule
         try {
             // Find the extensions in the certInfo
             CertificateExtensions extensions = (CertificateExtensions)
-                certInfo.get(X509CertInfo.EXTENSIONS);
+                    certInfo.get(X509CertInfo.EXTENSIONS);
 
             // Remove any previously computed version of the extension
-            // unless it is from RA. If from RA, accept what RA put in 
+            // unless it is from RA. If from RA, accept what RA put in
             // request and don't add our own.
             if (extensions != null) {
                 String sourceId = req.getSourceId();
 
-                if (sourceId != null && sourceId.length() > 0) 
+                if (sourceId != null && sourceId.length() > 0)
                     return res; // accepted
                 try {
                     extensions.delete(SubjectAlternativeNameExtension.class.getSimpleName());
@@ -223,8 +220,8 @@ public class SubjectAltNameExt extends APolicyRule
             }
 
             // nothing was found in request to put into extension
-            if (gns.size() == 0) 
-                return res;	// accepted
+            if (gns.size() == 0)
+                return res; // accepted
 
             String subject = certInfo.get(X509CertInfo.SUBJECT).toString();
 
@@ -233,10 +230,9 @@ public class SubjectAltNameExt extends APolicyRule
             if (subject.equals("")) {
                 curCritical = true;
             }
-            
-            // make the extension 
-            SubjectAlternativeNameExtension 
-                sa = new SubjectAlternativeNameExtension(curCritical, gns);
+
+            // make the extension
+            SubjectAlternativeNameExtension sa = new SubjectAlternativeNameExtension(curCritical, gns);
 
             // add it to certInfo.
             if (extensions == null)
@@ -248,37 +244,36 @@ public class SubjectAltNameExt extends APolicyRule
 
         } catch (IOException e) {
             log(ILogger.LL_FAILURE, CMS.getLogMessage("BASE_IO_ERROR", e.getMessage()));
-            setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"), 
-                NAME, e.getMessage());
+            setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"),
+                    NAME, e.getMessage());
             return PolicyResult.REJECTED; // unrecoverable error.
         } catch (CertificateException e) {
             log(ILogger.LL_FAILURE, CMS.getLogMessage("CA_CERT_INFO_ERROR", e.getMessage()));
-            setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"), 
-                NAME, "Certificate Info Error");
+            setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"),
+                    NAME, "Certificate Info Error");
             return PolicyResult.REJECTED; // unrecoverable error.
         } catch (Exception e) {
-            log(ILogger.LL_FAILURE, 
-                CMS.getLogMessage("BASE_INTERNAL_ERROR_1", e.getMessage()));
-            setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"), 
-                NAME, "Internal Error");
+            log(ILogger.LL_FAILURE,
+                    CMS.getLogMessage("BASE_INTERNAL_ERROR_1", e.getMessage()));
+            setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"),
+                    NAME, "Internal Error");
             return PolicyResult.REJECTED; // unrecoverable error.
         }
     }
 
     /**
-     * Create a new SET of extensions in the certificate info
-     * object.
-     *
+     * Create a new SET of extensions in the certificate info object.
+     * 
      * This should be a method in the X509CertInfo object
      */
-    protected CertificateExtensions 
-    createCertificateExtensions(X509CertInfo certInfo)
-        throws IOException, CertificateException {
+    protected CertificateExtensions
+            createCertificateExtensions(X509CertInfo certInfo)
+                    throws IOException, CertificateException {
         CertificateExtensions extensions;
 
         // Force version to V3
-        certInfo.set(X509CertInfo.VERSION, 
-            new CertificateVersion(CertificateVersion.V3));
+        certInfo.set(X509CertInfo.VERSION,
+                new CertificateVersion(CertificateVersion.V3));
 
         extensions = new CertificateExtensions();
         certInfo.set(X509CertInfo.EXTENSIONS, extensions);
@@ -288,19 +283,19 @@ public class SubjectAltNameExt extends APolicyRule
 
     /**
      * Return configured parameters for a policy rule instance.
-     *
+     * 
      * @return nvPairs A Vector of name/value pairs.
      */
-    public Vector<String> getInstanceParams() { 
+    public Vector<String> getInstanceParams() {
         return mInstanceParams;
     }
 
     /**
      * Return default parameters for a policy implementation.
-     *
+     * 
      * @return nvPairs A Vector of name/value pairs.
      */
-    public Vector<String> getDefaultParams() { 
+    public Vector<String> getDefaultParams() {
         return mDefParams;
     }
 
@@ -313,22 +308,21 @@ public class SubjectAltNameExt extends APolicyRule
         info.addElement(IGeneralNameUtil.PROP_NUM_GENERALNAMES_INFO);
         for (int i = 0; i < IGeneralNameUtil.DEF_NUM_GENERALNAMES; i++) {
             CMS.getSubjAltNameConfigExtendedPluginInfo(
-                IGeneralNameUtil.PROP_GENERALNAME + i, info);
+                    IGeneralNameUtil.PROP_GENERALNAME + i, info);
         }
         info.addElement(IExtendedPluginInfo.HELP_TOKEN +
-            ";configuration-policyrules-subjaltname");
+                ";configuration-policyrules-subjaltname");
         info.addElement(IExtendedPluginInfo.HELP_TEXT +
-            ";This policy inserts the Subject Alternative Name " +
-            "Extension into the certificate. See RFC 2459 (4.2.1.7). " +
-            "* Note: you probably want to use this policy in " +
-            "conjunction with an authentication manager which sets " +
-            "the 'mail' or 'mailalternateaddress' values in the authToken. " +
-            "See the 'ldapStringAttrs' parameter in the Directory-based " +
-            "authentication plugin");
+                ";This policy inserts the Subject Alternative Name " +
+                "Extension into the certificate. See RFC 2459 (4.2.1.7). " +
+                "* Note: you probably want to use this policy in " +
+                "conjunction with an authentication manager which sets " +
+                "the 'mail' or 'mailalternateaddress' values in the authToken. " +
+                "See the 'ldapStringAttrs' parameter in the Directory-based " +
+                "authentication plugin");
         mExtendedPluginInfo = new String[info.size()];
         info.copyInto(mExtendedPluginInfo);
         return mExtendedPluginInfo;
     }
 
 }
-
diff --git a/pki/base/common/src/com/netscape/cms/policy/extensions/SubjectDirectoryAttributesExt.java b/pki/base/common/src/com/netscape/cms/policy/extensions/SubjectDirectoryAttributesExt.java
index 34821fab..2f3812fe 100644
--- a/pki/base/common/src/com/netscape/cms/policy/extensions/SubjectDirectoryAttributesExt.java
+++ b/pki/base/common/src/com/netscape/cms/policy/extensions/SubjectDirectoryAttributesExt.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.policy.extensions;
 
-
 import java.io.IOException;
 import java.security.cert.CertificateException;
 import java.util.Enumeration;
@@ -45,20 +44,20 @@ import com.netscape.certsrv.request.IRequest;
 import com.netscape.certsrv.request.PolicyResult;
 import com.netscape.cms.policy.APolicyRule;
 
-
 /**
  * Policy to add the subject directory attributes extension.
  * <P>
+ * 
  * <PRE>
  * NOTE:  The Policy Framework has been replaced by the Profile Framework.
  * </PRE>
  * <P>
- *
+ * 
  * @deprecated
  * @version $Revision$, $Date$
  */
-public class SubjectDirectoryAttributesExt extends APolicyRule 
-    implements IEnrollmentPolicy, IExtendedPluginInfo {
+public class SubjectDirectoryAttributesExt extends APolicyRule
+        implements IEnrollmentPolicy, IExtendedPluginInfo {
     protected static final String PROP_CRITICAL = "critical";
     protected static final String PROP_ATTRIBUTE = "attribute";
     protected static final String PROP_NUM_ATTRIBUTES = "numAttributes";
@@ -75,7 +74,7 @@ public class SubjectDirectoryAttributesExt extends APolicyRule
     protected SubjectDirAttributesExtension mExt = null;
 
     protected Vector<String> mParams = new Vector<String>();
-    private String[] mEPI = null;  			// extended plugin info
+    private String[] mEPI = null; // extended plugin info
     protected static Vector<String> mDefParams = new Vector<String>();
 
     static {
@@ -85,16 +84,16 @@ public class SubjectDirectoryAttributesExt extends APolicyRule
     public SubjectDirectoryAttributesExt() {
         NAME = "SubjectDirectoryAttributesExtPolicy";
         DESC = "Sets Subject Directory Attributes Extension in certificates.";
-        setExtendedPluginInfo();  
+        setExtendedPluginInfo();
     }
 
     public void init(ISubsystem owner, IConfigStore config)
-        throws EBaseException {
+            throws EBaseException {
         boolean enabled = config.getBoolean("enabled", false);
 
         mConfig = config;
 
-        mCritical = mConfig.getBoolean(PROP_CRITICAL, false);        
+        mCritical = mConfig.getBoolean(PROP_CRITICAL, false);
         mNumAttributes = mConfig.getInteger(PROP_NUM_ATTRIBUTES, DEF_NUM_ATTRIBUTES);
         if (mNumAttributes < 1) {
             EBaseException ex = new EBaseException(
@@ -110,14 +109,14 @@ public class SubjectDirectoryAttributesExt extends APolicyRule
 
             mAttributes[i] = new AttributeConfig(name, c, enabled);
         }
-        if (enabled) { 
+        if (enabled) {
             try {
                 mExt = formExt(null);
             } catch (IOException e) {
                 log(ILogger.LL_FAILURE, NAME + " Error: " + e.getMessage());
-                throw new EBaseException(CMS.getUserMessage("CMS_BASE_INTERNAL_ERROR", 
+                throw new EBaseException(CMS.getUserMessage("CMS_BASE_INTERNAL_ERROR",
                             "Error forming Subject Directory Attributes Extension. " +
-                            "See log file for details."));
+                                    "See log file for details."));
             }
         }
         setInstanceParams();
@@ -126,7 +125,7 @@ public class SubjectDirectoryAttributesExt extends APolicyRule
     public PolicyResult apply(IRequest req) {
         PolicyResult res = PolicyResult.ACCEPTED;
         X509CertInfo[] ci =
-            req.getExtDataInCertInfoArray(IRequest.CERT_INFO);
+                req.getExtDataInCertInfoArray(IRequest.CERT_INFO);
 
         if (ci == null || ci[0] == null) {
             setError(req, CMS.getUserMessage("CMS_POLICY_NO_CERT_INFO"), NAME);
@@ -136,7 +135,7 @@ public class SubjectDirectoryAttributesExt extends APolicyRule
         for (int i = 0; i < ci.length; i++) {
             PolicyResult r = applyCert(req, ci[i]);
 
-            if (r == PolicyResult.REJECTED) 
+            if (r == PolicyResult.REJECTED)
                 return r;
         }
         return PolicyResult.ACCEPTED;
@@ -153,13 +152,14 @@ public class SubjectDirectoryAttributesExt extends APolicyRule
             if (extensions == null) {
                 extensions = new CertificateExtensions();
                 certInfo.set(X509CertInfo.VERSION,
-                    new CertificateVersion(CertificateVersion.V3));
+                        new CertificateVersion(CertificateVersion.V3));
                 certInfo.set(X509CertInfo.EXTENSIONS, extensions);
             } else {
                 try {
                     extensions.delete(SubjectDirAttributesExtension.class.getSimpleName());
                 } catch (IOException ee) {
-                    // if name is not found, try deleting the extension using the OID
+                    // if name is not found, try deleting the extension using
+                    // the OID
                     try {
                         extensions.delete("2.5.29.9");
                     } catch (IOException eee) {
@@ -173,7 +173,7 @@ public class SubjectDirectoryAttributesExt extends APolicyRule
             } else {
                 SubjectDirAttributesExtension ext = formExt(req);
 
-                if (ext != null) 
+                if (ext != null)
                     extensions.set(SubjectDirAttributesExtension.class.getSimpleName(), formExt(req));
             }
             return PolicyResult.ACCEPTED;
@@ -181,17 +181,16 @@ public class SubjectDirectoryAttributesExt extends APolicyRule
             log(ILogger.LL_FAILURE, CMS.getLogMessage("CA_CERT_INFO_ERROR", e.getMessage()));
 
             setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"),
-                NAME, "Certificate Info Error");
+                    NAME, "Certificate Info Error");
             return PolicyResult.REJECTED; // unrecoverable error.
         } catch (IOException e) {
-            log(ILogger.LL_FAILURE, CMS.getLogMessage("BASE_IO_ERROR", e.getMessage())); 
+            log(ILogger.LL_FAILURE, CMS.getLogMessage("BASE_IO_ERROR", e.getMessage()));
             setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"),
-                NAME, "IOException Error");
+                    NAME, "IOException Error");
             return PolicyResult.REJECTED;
-        } 
+        }
     }
 
-
     public Vector<String> getInstanceParams() {
         return mParams; // inited in init()
     }
@@ -201,12 +200,12 @@ public class SubjectDirectoryAttributesExt extends APolicyRule
     }
 
     public String[] getExtendedPluginInfo(Locale locale) {
-        return mEPI;  // inited in the constructor.
+        return mEPI; // inited in the constructor.
     }
 
     private void setInstanceParams() {
-        mParams.addElement(PROP_CRITICAL + "=" + mCritical); 
-        mParams.addElement(PROP_NUM_ATTRIBUTES + "=" + mNumAttributes); 
+        mParams.addElement(PROP_CRITICAL + "=" + mCritical);
+        mParams.addElement(PROP_NUM_ATTRIBUTES + "=" + mNumAttributes);
         for (int i = 0; i < mNumAttributes; i++) {
             mAttributes[i].getInstanceParams(mParams);
         }
@@ -217,8 +216,8 @@ public class SubjectDirectoryAttributesExt extends APolicyRule
     }
 
     private static void setDefaultParams() {
-        mDefParams.addElement(PROP_CRITICAL + "=" + DEF_CRITICAL); 
-        mDefParams.addElement(PROP_NUM_ATTRIBUTES + "=" + DEF_NUM_ATTRIBUTES); 
+        mDefParams.addElement(PROP_CRITICAL + "=" + DEF_CRITICAL);
+        mDefParams.addElement(PROP_NUM_ATTRIBUTES + "=" + DEF_NUM_ATTRIBUTES);
         for (int i = 0; i < DEF_NUM_ATTRIBUTES; i++) {
             AttributeConfig.getDefaultParams(PROP_ATTRIBUTE + i, mDefParams);
         }
@@ -228,32 +227,31 @@ public class SubjectDirectoryAttributesExt extends APolicyRule
         Vector<String> v = new Vector<String>();
 
         v.addElement(PROP_CRITICAL + ";boolean;" +
-            "RFC 2459 recommendation: MUST be non-critical.");
+                "RFC 2459 recommendation: MUST be non-critical.");
         v.addElement(PROP_NUM_ATTRIBUTES + ";number;" +
-            "Number of Attributes in the extension.");
+                "Number of Attributes in the extension.");
 
         for (int i = 0; i < MAX_NUM_ATTRIBUTES; i++) {
             AttributeConfig.getExtendedPluginInfo(PROP_ATTRIBUTE + i, v);
         }
 
         v.addElement(IExtendedPluginInfo.HELP_TOKEN +
-            ";configuration-policyrules-subjectdirectoryattributes");
+                ";configuration-policyrules-subjectdirectoryattributes");
         v.addElement(IExtendedPluginInfo.HELP_TEXT +
-            ";Adds Subject Directory Attributes extension. See RFC 2459 (4.2.1.9). It's not recommended as an essential part of the profile, but may be used in local environments.");
+                ";Adds Subject Directory Attributes extension. See RFC 2459 (4.2.1.9). It's not recommended as an essential part of the profile, but may be used in local environments.");
 
         mEPI = com.netscape.cmsutil.util.Utils.getStringArrayFromVector(v);
     }
 
-    private SubjectDirAttributesExtension formExt(IRequest req) 
-        throws IOException {
+    private SubjectDirAttributesExtension formExt(IRequest req)
+            throws IOException {
         Vector<Attribute> attrs = new Vector<Attribute>();
 
         // if we're called from init and one attribute is from request attribute
         // the ext can't be formed yet.
         if (req == null) {
             for (int i = 0; i < mNumAttributes; i++) {
-                if (mAttributes[i].mWhereToGetValue == 
-                    AttributeConfig.USE_REQUEST_ATTR)
+                if (mAttributes[i].mWhereToGetValue == AttributeConfig.USE_REQUEST_ATTR)
                     return null;
             }
         }
@@ -265,24 +263,23 @@ public class SubjectDirectoryAttributesExt extends APolicyRule
                 // skip attribute if request attribute doesn't exist.
                 Attribute a = mAttributes[i].formAttr(req);
 
-                if (a == null) 
+                if (a == null)
                     continue;
                 attrs.addElement(a);
             }
         }
-        if (attrs.size() == 0) 
+        if (attrs.size() == 0)
             return null;
         Attribute[] attrList = new Attribute[attrs.size()];
 
         attrs.copyInto(attrList);
-        SubjectDirAttributesExtension ext = 
-            new SubjectDirAttributesExtension(attrList); 
+        SubjectDirAttributesExtension ext =
+                new SubjectDirAttributesExtension(attrList);
 
         return ext;
     }
 }
 
-
 class AttributeConfig {
 
     protected static final String PROP_ATTRIBUTE_NAME = "attributeName";
@@ -305,21 +302,21 @@ class AttributeConfig {
     protected Attribute mAttribute = null;
 
     protected static final String ATTRIBUTE_NAME_INFO = "Attribute name.";
-    protected static final String WTG_VALUE_INFO = 
-        PROP_WTG_VALUE + ";choice(" + USE_REQUEST_ATTR + "," + USE_FIXED + ");" +
-        "Get value from a request attribute or use a fixed value specified below.";
-    protected static final String VALUE_INFO = 
-        PROP_VALUE + ";string;" +
-        "Request attribute name or a fixed value to put into the extension.";
-
-    public AttributeConfig(String name, IConfigStore config, boolean enabled) 
-        throws EBaseException {
+    protected static final String WTG_VALUE_INFO =
+            PROP_WTG_VALUE + ";choice(" + USE_REQUEST_ATTR + "," + USE_FIXED + ");" +
+                    "Get value from a request attribute or use a fixed value specified below.";
+    protected static final String VALUE_INFO =
+            PROP_VALUE + ";string;" +
+                    "Request attribute name or a fixed value to put into the extension.";
+
+    public AttributeConfig(String name, IConfigStore config, boolean enabled)
+            throws EBaseException {
         X500NameAttrMap map = X500NameAttrMap.getDefault();
 
         mName = name;
         mConfig = config;
         if (enabled) {
-            mAttributeName = mConfig.getString(PROP_ATTRIBUTE_NAME);        
+            mAttributeName = mConfig.getString(PROP_ATTRIBUTE_NAME);
             mWhereToGetValue = mConfig.getString(PROP_WTG_VALUE);
             mValue = mConfig.getString(PROP_VALUE);
         } else {
@@ -330,7 +327,7 @@ class AttributeConfig {
 
         if (mAttributeName.length() > 0) {
             mAttributeOID = map.getOid(mAttributeName);
-            if (mAttributeOID == null) 
+            if (mAttributeOID == null)
                 throw new EBaseException(
                         CMS.getUserMessage("CMS_BASE_INVALID_ATTRIBUTE", mAttributeName));
         }
@@ -345,8 +342,8 @@ class AttributeConfig {
             if (dot != -1) {
                 mPrefix = mValue.substring(0, dot);
                 mReqAttr = mValue.substring(dot + 1);
-                if (mPrefix == null || mPrefix.length() == 0 || 
-                    mReqAttr == null || mReqAttr.length() == 0) {
+                if (mPrefix == null || mPrefix.length() == 0 ||
+                        mReqAttr == null || mReqAttr.length() == 0) {
                     throw new EBaseException(
                             CMS.getUserMessage("CMS_BASE_INVALID_ATTRIBUTE", mValue));
                 }
@@ -357,17 +354,17 @@ class AttributeConfig {
         } else if (mWhereToGetValue.equalsIgnoreCase(USE_FIXED)) {
             mWhereToGetValue = USE_FIXED;
             if (mAttributeOID != null) {
-                try { 
-                    checkValue(mAttributeOID, mValue); 
-                    mAttribute = new Attribute(mAttributeOID, mValue); 
+                try {
+                    checkValue(mAttributeOID, mValue);
+                    mAttribute = new Attribute(mAttributeOID, mValue);
                 } catch (Exception e) {
                     throw new EBaseException(
                             CMS.getUserMessage("CMS_BASE_INVALID_ATTR_VALUE",
-                                mAttributeName, e.getMessage()));
+                                    mAttributeName, e.getMessage()));
                 }
             }
         } else if (enabled || mWhereToGetValue.length() > 0) {
-            throw new EBaseException(CMS.getUserMessage("CMS_BASE_INVALID_VALUE_FOR_TYPE", PROP_WTG_VALUE,  
+            throw new EBaseException(CMS.getUserMessage("CMS_BASE_INVALID_VALUE_FOR_TYPE", PROP_WTG_VALUE,
                         "Must be either '" + USE_REQUEST_ATTR + "' or '" + USE_FIXED + "'."));
         }
     }
@@ -385,7 +382,7 @@ class AttributeConfig {
         String attrChoices = getAllNames();
 
         v.addElement(nameDot + PROP_ATTRIBUTE_NAME + ";choice(" + attrChoices + ");" +
-            ATTRIBUTE_NAME_INFO);
+                ATTRIBUTE_NAME_INFO);
         v.addElement(nameDot + WTG_VALUE_INFO);
         v.addElement(nameDot + VALUE_INFO);
     }
@@ -398,21 +395,21 @@ class AttributeConfig {
         v.addElement(nameDot + PROP_VALUE + "=" + mValue);
     }
 
-    public Attribute formAttr(IRequest req) 
-        throws IOException {
+    public Attribute formAttr(IRequest req)
+            throws IOException {
         String val = req.getExtDataInString(mPrefix, mReqAttr);
 
         if (val == null || val.length() == 0) {
             return null;
         }
-        checkValue(mAttributeOID, val); 
+        checkValue(mAttributeOID, val);
         return new Attribute(mAttributeOID, val);
     }
 
     static private String getAllNames() {
         Enumeration<String> n = X500NameAttrMap.getDefault().getAllNames();
         StringBuffer sb = new StringBuffer();
-        sb.append( n.nextElement());
+        sb.append(n.nextElement());
 
         while (n.hasMoreElements()) {
             sb.append(",");
@@ -421,8 +418,8 @@ class AttributeConfig {
         return sb.toString();
     }
 
-    private static void checkValue(ObjectIdentifier oid, String val) 
-        throws IOException {
+    private static void checkValue(ObjectIdentifier oid, String val)
+            throws IOException {
         AVAValueConverter c = X500NameAttrMap.getDefault().getValueConverter(oid);
         DerValue derval;
 
diff --git a/pki/base/common/src/com/netscape/cms/policy/extensions/SubjectKeyIdentifierExt.java b/pki/base/common/src/com/netscape/cms/policy/extensions/SubjectKeyIdentifierExt.java
index 717a6482..08d72dcb 100644
--- a/pki/base/common/src/com/netscape/cms/policy/extensions/SubjectKeyIdentifierExt.java
+++ b/pki/base/common/src/com/netscape/cms/policy/extensions/SubjectKeyIdentifierExt.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.policy.extensions;
 
-
 import java.io.IOException;
 import java.security.MessageDigest;
 import java.security.NoSuchAlgorithmException;
@@ -46,21 +45,21 @@ import com.netscape.certsrv.request.IRequest;
 import com.netscape.certsrv.request.PolicyResult;
 import com.netscape.cms.policy.APolicyRule;
 
-
 /**
- * Subject Public Key Extension Policy
- * Adds the subject public key id extension to certificates. 
+ * Subject Public Key Extension Policy Adds the subject public key id extension
+ * to certificates.
  * <P>
+ * 
  * <PRE>
  * NOTE:  The Policy Framework has been replaced by the Profile Framework.
  * </PRE>
  * <P>
- *
+ * 
  * @deprecated
  * @version $Revision$, $Date$
  */
 public class SubjectKeyIdentifierExt extends APolicyRule
-    implements IEnrollmentPolicy, IExtendedPluginInfo {
+        implements IEnrollmentPolicy, IExtendedPluginInfo {
     protected static final String PROP_CRITICAL = "critical";
     protected static final String PROP_KEYID_TYPE = "keyIdentifierType";
     protected static final String PROP_REQATTR_NAME = "requestAttrName";
@@ -90,7 +89,7 @@ public class SubjectKeyIdentifierExt extends APolicyRule
         mDefaultParams.addElement(PROP_KEYID_TYPE + "=" + DEF_KEYID_TYPE);
 
         /*
-         mDefaultParams.addElement(PROP_REQATTR_NAME+"="+DEF_REQATTR_NAME);
+         * mDefaultParams.addElement(PROP_REQATTR_NAME+"="+DEF_REQATTR_NAME);
          */
     }
 
@@ -102,17 +101,16 @@ public class SubjectKeyIdentifierExt extends APolicyRule
     /**
      * Initializes this policy rule.
      * <P>
-     *
+     * 
      * The entries may be of the form:
-     *
-     *      ca.Policy.rule.<ruleName>.predicate=
-     *      ca.Policy.rule.<ruleName>.implName=
-     *      ca.Policy.rule.<ruleName>.enable=true
-     *
-     * @param config	The config store reference
+     * 
+     * ca.Policy.rule.<ruleName>.predicate= ca.Policy.rule.<ruleName>.implName=
+     * ca.Policy.rule.<ruleName>.enable=true
+     * 
+     * @param config The config store reference
      */
     public void init(ISubsystem owner, IConfigStore config)
-        throws EBaseException {
+            throws EBaseException {
         mConfig = config;
 
         mEnabled = mConfig.getBoolean(
@@ -122,56 +120,57 @@ public class SubjectKeyIdentifierExt extends APolicyRule
         mKeyIdType = mConfig.getString(PROP_KEYID_TYPE, DEF_KEYID_TYPE);
 
         /*
-         mReqAttrName = mConfig.getString(PROP_REQATTR_NAME, DEF_REQATTR_NAME);
+         * mReqAttrName = mConfig.getString(PROP_REQATTR_NAME,
+         * DEF_REQATTR_NAME);
          */
 
         // parse key id type
-        if (mKeyIdType.equalsIgnoreCase(KEYID_TYPE_SHA1)) 
+        if (mKeyIdType.equalsIgnoreCase(KEYID_TYPE_SHA1))
             mKeyIdType = KEYID_TYPE_SHA1;
-        else if (mKeyIdType.equalsIgnoreCase(KEYID_TYPE_TYPEFIELD)) 
+        else if (mKeyIdType.equalsIgnoreCase(KEYID_TYPE_TYPEFIELD))
             mKeyIdType = KEYID_TYPE_TYPEFIELD;
 
-            /*
-             else if (mKeyIdType.equalsIgnoreCase(KEYID_TYPE_REQATTR)
-             mKeyIdType = KEYID_TYPE_REQATTR;
-             */
-        else if (mKeyIdType.equalsIgnoreCase(KEYID_TYPE_SPKISHA1)) 
+        /*
+         * else if (mKeyIdType.equalsIgnoreCase(KEYID_TYPE_REQATTR) mKeyIdType =
+         * KEYID_TYPE_REQATTR;
+         */
+        else if (mKeyIdType.equalsIgnoreCase(KEYID_TYPE_SPKISHA1))
             mKeyIdType = KEYID_TYPE_SPKISHA1;
         else {
-            log(ILogger.LL_FAILURE, 
-                CMS.getLogMessage("KRA_UNKNOWN_KEY_ID_TYPE", mKeyIdType));
-            throw new EBaseException(CMS.getUserMessage("CMS_BASE_INVALID_ATTR_VALUE", 
-                        PROP_KEYID_TYPE, 
+            log(ILogger.LL_FAILURE,
+                    CMS.getLogMessage("KRA_UNKNOWN_KEY_ID_TYPE", mKeyIdType));
+            throw new EBaseException(CMS.getUserMessage("CMS_BASE_INVALID_ATTR_VALUE",
+                        PROP_KEYID_TYPE,
                         "value must be one of " +
-                        KEYID_TYPE_SHA1 + ", " +
-                        KEYID_TYPE_TYPEFIELD + ", " +
-                        KEYID_TYPE_SPKISHA1));
+                                KEYID_TYPE_SHA1 + ", " +
+                                KEYID_TYPE_TYPEFIELD + ", " +
+                                KEYID_TYPE_SPKISHA1));
         }
 
-        // form instance params 
+        // form instance params
         mInstanceParams.addElement(PROP_CRITICAL + "=" + mCritical);
         mInstanceParams.addElement(PROP_KEYID_TYPE + "=" + mKeyIdType);
 
         /*
-         mInstanceParams.addElement(PROP_REQATTR_NAME+"="+mReqAttrName);
+         * mInstanceParams.addElement(PROP_REQATTR_NAME+"="+mReqAttrName);
          */
     }
 
     /**
-     * Adds Subject Key identifier Extension to a certificate.
-     * If the extension is already there, accept it.
-     *
-     * @param req	The request on which to apply policy.
+     * Adds Subject Key identifier Extension to a certificate. If the extension
+     * is already there, accept it.
+     * 
+     * @param req The request on which to apply policy.
      * @return The policy result object.
      */
     public PolicyResult apply(IRequest req) {
         // get certInfo from request.
-        X509CertInfo[] ci = 
-            req.getExtDataInCertInfoArray(IRequest.CERT_INFO);
-		
+        X509CertInfo[] ci =
+                req.getExtDataInCertInfoArray(IRequest.CERT_INFO);
+
         if (ci == null || ci[0] == null) {
             setError(req, CMS.getUserMessage("CMS_POLICY_NO_CERT_INFO"), NAME);
-            return PolicyResult.REJECTED; 
+            return PolicyResult.REJECTED;
         }
 
         for (int i = 0; i < ci.length; i++) {
@@ -189,7 +188,7 @@ public class SubjectKeyIdentifierExt extends APolicyRule
             // if subject key id extension already exists, leave it if approved.
             SubjectKeyIdentifierExtension subjectKeyIdExt = null;
             CertificateExtensions extensions = (CertificateExtensions)
-                certInfo.get(X509CertInfo.EXTENSIONS);
+                    certInfo.get(X509CertInfo.EXTENSIONS);
 
             try {
                 if (extensions != null) {
@@ -197,19 +196,19 @@ public class SubjectKeyIdentifierExt extends APolicyRule
                             extensions.get(SubjectKeyIdentifierExtension.class.getSimpleName());
                 }
             } catch (IOException e) {
-                // extension isn't there. 
+                // extension isn't there.
             }
             if (subjectKeyIdExt != null) {
                 if (agentApproved(req)) {
                     CMS.debug(
-                        "SubjectKeyIdentifierExt: agent approved request id " + req.getRequestId() +
-                        " already has subject key id extension with value " +
-                        subjectKeyIdExt);
+                            "SubjectKeyIdentifierExt: agent approved request id " + req.getRequestId() +
+                                    " already has subject key id extension with value " +
+                                    subjectKeyIdExt);
                     return PolicyResult.ACCEPTED;
                 } else {
                     CMS.debug(
-                        "SubjectKeyIdentifierExt: request id from user " + req.getRequestId() +
-                        " had subject key identifier - deleted to be replaced");
+                            "SubjectKeyIdentifierExt: request id from user " + req.getRequestId() +
+                                    " had subject key identifier - deleted to be replaced");
                     extensions.delete(SubjectKeyIdentifierExtension.class.getSimpleName());
                 }
             }
@@ -217,38 +216,38 @@ public class SubjectKeyIdentifierExt extends APolicyRule
             // create subject key id extension.
             KeyIdentifier keyId = null;
 
-            try { 
-                keyId = formKeyIdentifier(certInfo, req); 
+            try {
+                keyId = formKeyIdentifier(certInfo, req);
             } catch (EBaseException e) {
                 setPolicyException(req, e);
                 return PolicyResult.REJECTED;
             }
-            subjectKeyIdExt = 
+            subjectKeyIdExt =
                     new SubjectKeyIdentifierExtension(
-                        mCritical, keyId.getIdentifier());
+                            mCritical, keyId.getIdentifier());
 
             // add subject key id extension.
             if (extensions == null) {
                 certInfo.set(X509CertInfo.VERSION,
-                    new CertificateVersion(CertificateVersion.V3));
+                        new CertificateVersion(CertificateVersion.V3));
                 extensions = new CertificateExtensions();
                 certInfo.set(X509CertInfo.EXTENSIONS, extensions);
             }
             extensions.set(
-                SubjectKeyIdentifierExtension.class.getSimpleName(), subjectKeyIdExt);
+                    SubjectKeyIdentifierExtension.class.getSimpleName(), subjectKeyIdExt);
             CMS.debug(
-                "SubjectKeyIdentifierExt: added subject key id ext to request " + req.getRequestId());
+                    "SubjectKeyIdentifierExt: added subject key id ext to request " + req.getRequestId());
             return PolicyResult.ACCEPTED;
         } catch (IOException e) {
-            log(ILogger.LL_FAILURE, 
-                CMS.getLogMessage("POLICY_UNEXPECTED_POLICY_ERROR,NAME", e.getMessage()));
-            setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"), 
-                NAME, e.getMessage());
+            log(ILogger.LL_FAILURE,
+                    CMS.getLogMessage("POLICY_UNEXPECTED_POLICY_ERROR,NAME", e.getMessage()));
+            setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"),
+                    NAME, e.getMessage());
             return PolicyResult.REJECTED;
         } catch (CertificateException e) {
             log(ILogger.LL_FAILURE, CMS.getLogMessage("CA_CERT_INFO_ERROR", e.getMessage()));
-            setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"), 
-                NAME, "Certificate Info Error");
+            setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"),
+                    NAME, "Certificate Info Error");
             return PolicyResult.REJECTED;
         }
     }
@@ -256,12 +255,13 @@ public class SubjectKeyIdentifierExt extends APolicyRule
     /**
      * Form the Key Identifier in the Subject Key Identifier extension.
      * <p>
+     * 
      * @param certInfo Certificate Info
      * @param req request
      * @return A Key Identifier.
      */
     protected KeyIdentifier formKeyIdentifier(
-        X509CertInfo certInfo, IRequest req) throws EBaseException {
+            X509CertInfo certInfo, IRequest req) throws EBaseException {
         KeyIdentifier keyId = null;
 
         if (mKeyIdType == KEYID_TYPE_SHA1) {
@@ -269,10 +269,9 @@ public class SubjectKeyIdentifierExt extends APolicyRule
         } else if (mKeyIdType == KEYID_TYPE_TYPEFIELD) {
             keyId = formTypeFieldKeyId(certInfo);
         } /*
-         else if (mKeyIdType == KEYID_TYPE_REQATTR) {
-         keyId = formReqAttrKeyId(certInfo, req);
-         }
-         */ else if (mKeyIdType == KEYID_TYPE_SPKISHA1) {
+           * else if (mKeyIdType == KEYID_TYPE_REQATTR) { keyId =
+           * formReqAttrKeyId(certInfo, req); }
+           */else if (mKeyIdType == KEYID_TYPE_SPKISHA1) {
             keyId = formSpkiSHA1KeyId(certInfo);
         } else {
             throw new EBaseException(CMS.getUserMessage("CMS_BASE_INVALID_ATTR_VALUE",
@@ -282,22 +281,23 @@ public class SubjectKeyIdentifierExt extends APolicyRule
     }
 
     /**
-     * Form key identifier from a type field value of 0100 followed by 
-     * the least significate 60 bits of the sha-1 hash of the subject 
-     * public key BIT STRING in accordance with RFC 2459. 
+     * Form key identifier from a type field value of 0100 followed by the least
+     * significate 60 bits of the sha-1 hash of the subject public key BIT
+     * STRING in accordance with RFC 2459.
      * <p>
+     * 
      * @param certInfo - certificate info
      * @return A Key Identifier with value formulatd as described.
      */
 
     protected KeyIdentifier formTypeFieldKeyId(X509CertInfo certInfo)
-        throws EBaseException {
+            throws EBaseException {
         KeyIdentifier keyId = null;
         X509Key key = null;
 
         try {
             CertificateX509Key certKey =
-                (CertificateX509Key) certInfo.get(X509CertInfo.KEY);
+                    (CertificateX509Key) certInfo.get(X509CertInfo.KEY);
 
             if (certKey == null) {
                 log(ILogger.LL_FAILURE, CMS.getLogMessage("POLICY_MISSING_KEY_1", NAME));
@@ -309,13 +309,13 @@ public class SubjectKeyIdentifierExt extends APolicyRule
                 throw new EPolicyException(CMS.getUserMessage("CMS_POLICY_MISSING_KEY", NAME));
             }
         } catch (IOException e) {
-            log(ILogger.LL_FAILURE, 
-                CMS.getLogMessage("POLICY_ERROR_GET_KEY_FROM_CERT", e.toString()));
+            log(ILogger.LL_FAILURE,
+                    CMS.getLogMessage("POLICY_ERROR_GET_KEY_FROM_CERT", e.toString()));
             throw new EPolicyException(
                     CMS.getUserMessage("CMS_POLICY_SUBJECT_KEY_ID_ERROR", NAME));
         } catch (CertificateException e) {
-            log(ILogger.LL_FAILURE, 
-                CMS.getLogMessage("POLICY_ERROR_GET_KEY_FROM_CERT", e.toString()));
+            log(ILogger.LL_FAILURE,
+                    CMS.getLogMessage("POLICY_ERROR_GET_KEY_FROM_CERT", e.toString()));
             throw new EPolicyException(
                     CMS.getUserMessage("CMS_POLICY_SUBJECT_KEY_ID_ERROR", NAME));
         }
@@ -330,8 +330,8 @@ public class SubjectKeyIdentifierExt extends APolicyRule
             octetString[0] &= (0x08f & octetString[0]);
             keyId = new KeyIdentifier(octetString);
         } catch (NoSuchAlgorithmException e) {
-            log(ILogger.LL_FAILURE, 
-                CMS.getLogMessage("POLICY_ERROR_SUBJECT_KEY_ID_1", NAME));
+            log(ILogger.LL_FAILURE,
+                    CMS.getLogMessage("POLICY_ERROR_SUBJECT_KEY_ID_1", NAME));
             throw new EPolicyException(
                     CMS.getUserMessage("CMS_POLICY_SUBJECT_KEY_ID_ERROR", NAME));
         }
@@ -340,40 +340,39 @@ public class SubjectKeyIdentifierExt extends APolicyRule
 
     /**
      * Return configured parameters for a policy rule instance.
-     *
+     * 
      * @return nvPairs A Vector of name/value pairs.
      */
-    public Vector<String> getInstanceParams() { 
+    public Vector<String> getInstanceParams() {
         return mInstanceParams;
     }
 
     /**
      * Return default parameters for a policy implementation.
-     *
+     * 
      * @return nvPairs A Vector of name/value pairs.
      */
-    public Vector<String> getDefaultParams() { 
+    public Vector<String> getDefaultParams() {
         return mDefaultParams;
     }
 
     /**
-     * Gets extended plugin info for pretty Console displays. 
+     * Gets extended plugin info for pretty Console displays.
      */
     public String[] getExtendedPluginInfo(Locale locale) {
         String[] params = {
                 PROP_CRITICAL + ";boolean;RFC 2459 recommendation: MUST NOT be marked critical.",
                 PROP_KEYID_TYPE + ";" +
-                "choice(" + KEYID_TYPE_SHA1 + "," +
-                KEYID_TYPE_TYPEFIELD + "," +
-                KEYID_TYPE_SPKISHA1 + ");" +
-                "Method to derive the Key Identifier.",
+                        "choice(" + KEYID_TYPE_SHA1 + "," +
+                        KEYID_TYPE_TYPEFIELD + "," +
+                        KEYID_TYPE_SPKISHA1 + ");" +
+                        "Method to derive the Key Identifier.",
                 IExtendedPluginInfo.HELP_TOKEN +
-                ";configuration-policyrules-subjectkeyidentifier",
+                        ";configuration-policyrules-subjectkeyidentifier",
                 IExtendedPluginInfo.HELP_TEXT +
-                ";Adds the Subject Key Identifier extension. See RFC 2459 (4.2.1.2)"
+                        ";Adds the Subject Key Identifier extension. See RFC 2459 (4.2.1.2)"
             };
 
         return params;
     }
 }
-
diff --git a/pki/base/common/src/com/netscape/cms/profile/common/BasicProfile.java b/pki/base/common/src/com/netscape/cms/profile/common/BasicProfile.java
index 68c706f5..63032d99 100644
--- a/pki/base/common/src/com/netscape/cms/profile/common/BasicProfile.java
+++ b/pki/base/common/src/com/netscape/cms/profile/common/BasicProfile.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.profile.common;
 
-
 import java.util.Enumeration;
 import java.util.Hashtable;
 import java.util.Locale;
@@ -49,10 +48,9 @@ import com.netscape.certsrv.registry.IPluginRegistry;
 import com.netscape.certsrv.request.IRequest;
 import com.netscape.certsrv.request.RequestStatus;
 
-
 /**
  * This class implements a basic profile.
- *
+ * 
  * @version $Revision$, $Date$
  */
 public abstract class BasicProfile implements IProfile {
@@ -76,8 +74,8 @@ public abstract class BasicProfile implements IProfile {
     public static final String PROP_NAME = "name";
     public static final String PROP_DESC = "desc";
     public static final String PROP_NO_DEFAULT = "noDefaultImpl";
-    public static final String PROP_NO_CONSTRAINT= "noConstraintImpl";
-    public static final String PROP_GENERIC_EXT_DEFAULT= "genericExtDefaultImpl";
+    public static final String PROP_NO_CONSTRAINT = "noConstraintImpl";
+    public static final String PROP_GENERIC_EXT_DEFAULT = "genericExtDefaultImpl";
 
     protected IProfileSubsystem mOwner = null;
     protected IConfigStore mConfig = null;
@@ -145,19 +143,19 @@ public abstract class BasicProfile implements IProfile {
     public IProfileAuthenticator getAuthenticator() throws EProfileException {
         try {
             IAuthSubsystem authSub = (IAuthSubsystem)
-                CMS.getSubsystem(CMS.SUBSYSTEM_AUTH);
+                    CMS.getSubsystem(CMS.SUBSYSTEM_AUTH);
             IProfileAuthenticator auth = (IProfileAuthenticator)
-                authSub.get(mAuthInstanceId);
+                    authSub.get(mAuthInstanceId);
 
-            if (mAuthInstanceId != null && mAuthInstanceId.length() > 0 
-                && auth == null) {
-                throw new EProfileException("Cannot load " + 
+            if (mAuthInstanceId != null && mAuthInstanceId.length() > 0
+                    && auth == null) {
+                throw new EProfileException("Cannot load " +
                         mAuthInstanceId);
             }
             return auth;
         } catch (Exception e) {
             if (mAuthInstanceId != null) {
-                throw new EProfileException("Cannot load " + 
+                throw new EProfileException("Cannot load " +
                         mAuthInstanceId);
             }
             return null;
@@ -167,7 +165,7 @@ public abstract class BasicProfile implements IProfile {
     public String getRequestorDN(IRequest request) {
         return null;
     }
-  
+
     public String getAuthenticatorId() {
         return mAuthInstanceId;
     }
@@ -185,7 +183,7 @@ public abstract class BasicProfile implements IProfile {
      * Initializes this profile.
      */
     public void init(IProfileSubsystem owner, IConfigStore config)
-        throws EBaseException { 
+            throws EBaseException {
         CMS.debug("BasicProfile: start init");
         mOwner = owner;
         mConfig = config;
@@ -204,17 +202,18 @@ public abstract class BasicProfile implements IProfile {
         // policy.p1.default.class=com.netscape.cms.profile.defaults.SubjectName
         // policy.p1.default.params.x1=x1
         // policy.p1.default.params.x2=x2
-        // policy.p1.constraint.class= ... .cms.profile.constraints.ValidityRange
+        // policy.p1.constraint.class= ...
+        // .cms.profile.constraints.ValidityRange
         // policy.p1.constraint.params.x1=x1
         // policy.p1.constraint.params.x2=x2
 
-        // handle profile authentication plugins 
+        // handle profile authentication plugins
         try {
             mAuthInstanceId = config.getString("auth." + PROP_INSTANCE_ID, null);
             mAuthzAcl = config.getString("authz.acl", "");
         } catch (EBaseException e) {
             CMS.debug("BasicProfile: authentication class not found " +
-                e.toString());
+                    e.toString());
         }
 
         // handle profile input plugins
@@ -224,7 +223,7 @@ public abstract class BasicProfile implements IProfile {
 
         while (input_st.hasMoreTokens()) {
             String input_id = (String) input_st.nextToken();
-            String inputClassId = inputStore.getString(input_id + "." + 
+            String inputClassId = inputStore.getString(input_id + "." +
                     PROP_CLASS_ID);
             IPluginInfo inputInfo = mRegistry.getPluginInfo("profileInput",
                     inputClassId);
@@ -234,12 +233,12 @@ public abstract class BasicProfile implements IProfile {
 
             try {
                 input = (IProfileInput)
-                        Class.forName(inputClass).newInstance(); 
+                        Class.forName(inputClass).newInstance();
             } catch (Exception e) {
                 // throw Exception
-                CMS.debug("BasicProfile: input plugin Class.forName " + 
-                    inputClass + " " + e.toString());
-                throw new EBaseException( e.toString() );
+                CMS.debug("BasicProfile: input plugin Class.forName " +
+                        inputClass + " " + e.toString());
+                throw new EBaseException(e.toString());
             }
             IConfigStore inputConfig = inputStore.getSubStore(input_id);
             input.init(this, inputConfig);
@@ -255,7 +254,7 @@ public abstract class BasicProfile implements IProfile {
         while (output_st.hasMoreTokens()) {
             String output_id = (String) output_st.nextToken();
 
-            String outputClassId = outputStore.getString(output_id + "." + 
+            String outputClassId = outputStore.getString(output_id + "." +
                     PROP_CLASS_ID);
             IPluginInfo outputInfo = mRegistry.getPluginInfo("profileOutput",
                     outputClassId);
@@ -265,12 +264,12 @@ public abstract class BasicProfile implements IProfile {
 
             try {
                 output = (IProfileOutput)
-                        Class.forName(outputClass).newInstance(); 
+                        Class.forName(outputClass).newInstance();
             } catch (Exception e) {
                 // throw Exception
-                CMS.debug("BasicProfile: output plugin Class.forName " + 
-                    outputClass + " " + e.toString());
-                throw new EBaseException( e.toString() );
+                CMS.debug("BasicProfile: output plugin Class.forName " +
+                        outputClass + " " + e.toString());
+                throw new EBaseException(e.toString());
             }
             IConfigStore outputConfig = outputStore.getSubStore(output_id);
             output.init(this, outputConfig);
@@ -286,7 +285,7 @@ public abstract class BasicProfile implements IProfile {
         while (updater_st.hasMoreTokens()) {
             String updater_id = (String) updater_st.nextToken();
 
-            String updaterClassId = updaterStore.getString(updater_id + "." + 
+            String updaterClassId = updaterStore.getString(updater_id + "." +
                     PROP_CLASS_ID);
             IPluginInfo updaterInfo = mRegistry.getPluginInfo("profileUpdater",
                      updaterClassId);
@@ -296,12 +295,12 @@ public abstract class BasicProfile implements IProfile {
 
             try {
                 updater = (IProfileUpdater)
-                        Class.forName(updaterClass).newInstance(); 
+                        Class.forName(updaterClass).newInstance();
             } catch (Exception e) {
                 // throw Exception
-                CMS.debug("BasicProfile: updater plugin Class.forName " + 
-                    updaterClass + " " + e.toString());
-                throw new EBaseException( e.toString() );
+                CMS.debug("BasicProfile: updater plugin Class.forName " +
+                        updaterClass + " " + e.toString());
+                throw new EBaseException(e.toString());
             }
             IConfigStore updaterConfig = updaterStore.getSubStore(updater_id);
             updater.init(this, updaterConfig);
@@ -325,15 +324,15 @@ public abstract class BasicProfile implements IProfile {
                 String id = (String) st1.nextToken();
 
                 String defaultRoot = id + "." + PROP_DEFAULT;
-                String defaultClassId = policyStore.getString(defaultRoot + "." + 
+                String defaultClassId = policyStore.getString(defaultRoot + "." +
                         PROP_CLASS_ID);
 
                 String constraintRoot = id + "." + PROP_CONSTRAINT;
-                String constraintClassId = 
-                    policyStore.getString(constraintRoot + "." + PROP_CLASS_ID);
+                String constraintClassId =
+                        policyStore.getString(constraintRoot + "." + PROP_CLASS_ID);
 
-                createProfilePolicy(setId, id, defaultClassId, 
-                    constraintClassId, false);
+                createProfilePolicy(setId, id, defaultClassId,
+                        constraintClassId, false);
             }
         }
         CMS.debug("BasicProfile: done init");
@@ -380,20 +379,20 @@ public abstract class BasicProfile implements IProfile {
     }
 
     public String getInput(String name, Locale locale, IRequest request)
-        throws EProfileException {
+            throws EProfileException {
         return null;
     }
 
     public void setInput(String name, Locale locale, IRequest request,
-        String value) throws EProfileException {
+            String value) throws EProfileException {
     }
 
     public Enumeration<String> getProfilePolicySetIds() {
         return mPolicySet.keys();
     }
 
-    public void deleteProfilePolicy(String setId, String policyId) 
-        throws EProfileException {
+    public void deleteProfilePolicy(String setId, String policyId)
+            throws EProfileException {
         Vector<ProfilePolicy> policies = mPolicySet.get(setId);
 
         if (policies == null) {
@@ -443,10 +442,10 @@ public abstract class BasicProfile implements IProfile {
                         while (st1.hasMoreTokens()) {
                             String e = st1.nextToken();
 
-                            if (!e.equals(setId)) 
+                            if (!e.equals(setId))
                                 newlist1 = newlist1 + e + ",";
                         }
-                        if (!newlist1.equals("")) 
+                        if (!newlist1.equals(""))
                             newlist1 = newlist1.substring(0, newlist1.length() - 1);
                         policySetSubStore.putString(PROP_POLICY_LIST, newlist1);
                     }
@@ -454,8 +453,8 @@ public abstract class BasicProfile implements IProfile {
                 }
             }
 
-            mConfig.putString("lastModified", 
-               Long.toString(CMS.getCurrentDate().getTime()));
+            mConfig.putString("lastModified",
+                    Long.toString(CMS.getCurrentDate().getTime()));
             mConfig.commit(false);
         } catch (Exception e) {
         }
@@ -496,8 +495,8 @@ public abstract class BasicProfile implements IProfile {
 
             mInputs.remove(inputId);
             mConfig.putString("input." + PROP_INPUT_LIST, newlist);
-            mConfig.putString("lastModified", 
-               Long.toString(CMS.getCurrentDate().getTime()));
+            mConfig.putString("lastModified",
+                    Long.toString(CMS.getCurrentDate().getTime()));
             mConfig.commit(false);
         } catch (Exception e) {
         }
@@ -537,24 +536,23 @@ public abstract class BasicProfile implements IProfile {
 
             mOutputs.remove(outputId);
             mConfig.putString("output." + PROP_OUTPUT_LIST, newlist);
-            mConfig.putString("lastModified", 
-               Long.toString(CMS.getCurrentDate().getTime()));
+            mConfig.putString("lastModified",
+                    Long.toString(CMS.getCurrentDate().getTime()));
             mConfig.commit(false);
         } catch (Exception e) {
         }
     }
 
-    public IProfileOutput createProfileOutput(String id, String outputId, 
-        NameValuePairs nvps)
-        throws EProfileException {
-        return createProfileOutput(id, outputId, nvps, true); 
+    public IProfileOutput createProfileOutput(String id, String outputId,
+            NameValuePairs nvps)
+            throws EProfileException {
+        return createProfileOutput(id, outputId, nvps, true);
     }
 
     public IProfileOutput createProfileOutput(String id, String outputId,
-        NameValuePairs nvps, boolean createConfig)
+            NameValuePairs nvps, boolean createConfig)
 
-
-        throws EProfileException {
+    throws EProfileException {
         IConfigStore outputStore = mConfig.getSubStore("output");
         String output_list = null;
 
@@ -618,7 +616,7 @@ public abstract class BasicProfile implements IProfile {
             String prefix = id + ".";
 
             outputStore.putString(prefix + "name",
-                outputInfo.getName(Locale.getDefault()));
+                    outputInfo.getName(Locale.getDefault()));
             outputStore.putString(prefix + "class_id", outputId);
 
             Enumeration<String> enum1 = nvps.getNames();
@@ -628,17 +626,17 @@ public abstract class BasicProfile implements IProfile {
 
                 outputStore.putString(prefix + "params." + name, nvps.getValue(name));
                 try {
-                   if (output != null) {
-                       output.setConfig(name, nvps.getValue(name));
-                   }
+                    if (output != null) {
+                        output.setConfig(name, nvps.getValue(name));
+                    }
                 } catch (EBaseException e) {
-                   CMS.debug(e.toString());
+                    CMS.debug(e.toString());
                 }
             }
 
             try {
-            mConfig.putString("lastModified", 
-               Long.toString(CMS.getCurrentDate().getTime()));
+                mConfig.putString("lastModified",
+                        Long.toString(CMS.getCurrentDate().getTime()));
                 mConfig.commit(false);
             } catch (EBaseException e) {
                 CMS.debug(e.toString());
@@ -648,15 +646,15 @@ public abstract class BasicProfile implements IProfile {
         return output;
     }
 
-    public IProfileInput createProfileInput(String id, String inputId, 
-        NameValuePairs nvps)
-        throws EProfileException {
-        return createProfileInput(id, inputId, nvps, true); 
+    public IProfileInput createProfileInput(String id, String inputId,
+            NameValuePairs nvps)
+            throws EProfileException {
+        return createProfileInput(id, inputId, nvps, true);
     }
 
     public IProfileInput createProfileInput(String id, String inputId,
-        NameValuePairs nvps, boolean createConfig)
-        throws EProfileException {
+            NameValuePairs nvps, boolean createConfig)
+            throws EProfileException {
         IConfigStore inputStore = mConfig.getSubStore("input");
 
         String input_list = null;
@@ -720,10 +718,10 @@ public abstract class BasicProfile implements IProfile {
             }
             String prefix = id + ".";
 
-            inputStore.putString(prefix + "name", 
-                inputInfo.getName(Locale.getDefault()));
+            inputStore.putString(prefix + "name",
+                    inputInfo.getName(Locale.getDefault()));
             inputStore.putString(prefix + "class_id", inputId);
-            
+
             Enumeration<String> enum1 = nvps.getNames();
 
             while (enum1.hasMoreElements()) {
@@ -731,17 +729,17 @@ public abstract class BasicProfile implements IProfile {
 
                 inputStore.putString(prefix + "params." + name, nvps.getValue(name));
                 try {
-                   if (input != null) {
-                       input.setConfig(name, nvps.getValue(name));
-                   }
+                    if (input != null) {
+                        input.setConfig(name, nvps.getValue(name));
+                    }
                 } catch (EBaseException e) {
-                   CMS.debug(e.toString());
+                    CMS.debug(e.toString());
                 }
             }
 
             try {
-                mConfig.putString("lastModified", 
-                  Long.toString(CMS.getCurrentDate().getTime()));
+                mConfig.putString("lastModified",
+                        Long.toString(CMS.getCurrentDate().getTime()));
                 mConfig.commit(false);
             } catch (EBaseException e) {
                 CMS.debug(e.toString());
@@ -754,33 +752,36 @@ public abstract class BasicProfile implements IProfile {
     /**
      * Creates a profile policy
      */
-    public IProfilePolicy createProfilePolicy(String setId, String id, 
-        String defaultClassId, String constraintClassId)
-        throws EProfileException {
-        return createProfilePolicy(setId, id, defaultClassId, 
+    public IProfilePolicy createProfilePolicy(String setId, String id,
+            String defaultClassId, String constraintClassId)
+            throws EProfileException {
+        return createProfilePolicy(setId, id, defaultClassId,
                 constraintClassId, true);
     }
 
-    public IProfilePolicy createProfilePolicy(String setId, String id, 
-        String defaultClassId, String constraintClassId,
-        boolean createConfig)
-        throws EProfileException {
-        
+    public IProfilePolicy createProfilePolicy(String setId, String id,
+            String defaultClassId, String constraintClassId,
+            boolean createConfig)
+            throws EProfileException {
+
         // String setId ex: policyset.set1
-        // String id    Id of policy : examples: p1,p2,p3 
-        // String defaultClassId : id of the default plugin ex: validityDefaultImpl
-        // String constraintClassId : if of the constraint plugin ex: basicConstraintsExtConstraintImpl
-        // boolean createConfig : true : being called from the console. false: being called from server startup code
+        // String id Id of policy : examples: p1,p2,p3
+        // String defaultClassId : id of the default plugin ex:
+        // validityDefaultImpl
+        // String constraintClassId : if of the constraint plugin ex:
+        // basicConstraintsExtConstraintImpl
+        // boolean createConfig : true : being called from the console. false:
+        // being called from server startup code
 
-        Vector<ProfilePolicy> policies =  mPolicySet.get(setId);
+        Vector<ProfilePolicy> policies = mPolicySet.get(setId);
 
         IConfigStore policyStore = mConfig.getSubStore("policyset." + setId);
         if (policies == null) {
             policies = new Vector<ProfilePolicy>();
             mPolicySet.put(setId, policies);
-            if (createConfig) {	
+            if (createConfig) {
                 // re-create policyset.list
-                StringBuffer setlist =new StringBuffer();
+                StringBuffer setlist = new StringBuffer();
                 Enumeration<String> keys = mPolicySet.keys();
 
                 while (keys.hasMoreElements()) {
@@ -794,62 +795,62 @@ public abstract class BasicProfile implements IProfile {
                 mConfig.putString("policyset.list", setlist.toString());
             }
         } else {
-                String ids = null;
+            String ids = null;
 
-                try {
-                    ids = policyStore.getString(PROP_POLICY_LIST, "");
-                } catch (Exception ee) {
-                }
+            try {
+                ids = policyStore.getString(PROP_POLICY_LIST, "");
+            } catch (Exception ee) {
+            }
 
-                if( ids == null ) {
-                    CMS.debug("BasicProfile::createProfilePolicy() - ids is null!" );
-                    return null;
-                }
+            if (ids == null) {
+                CMS.debug("BasicProfile::createProfilePolicy() - ids is null!");
+                return null;
+            }
 
-                StringTokenizer st1 = new StringTokenizer(ids, ",");
-                int appearances = 0;
-                int appearancesTooMany = 0;
-                if (createConfig) 
-                    appearancesTooMany = 1;
-                else
-                    appearancesTooMany = 2;
+            StringTokenizer st1 = new StringTokenizer(ids, ",");
+            int appearances = 0;
+            int appearancesTooMany = 0;
+            if (createConfig)
+                appearancesTooMany = 1;
+            else
+                appearancesTooMany = 2;
 
-                while (st1.hasMoreTokens()) {
-                    String pid = st1.nextToken();
-                    if (pid.equals(id)) {
-                        appearances++;
-                        if (appearances >= appearancesTooMany) {
-                            CMS.debug("WARNING detected duplicate policy id:   " + id + " Profile: "  + mId);
-                            if (createConfig) {
-                                throw new EProfileException("Duplicate policy id: " + id);
-                            }
+            while (st1.hasMoreTokens()) {
+                String pid = st1.nextToken();
+                if (pid.equals(id)) {
+                    appearances++;
+                    if (appearances >= appearancesTooMany) {
+                        CMS.debug("WARNING detected duplicate policy id:   " + id + " Profile: " + mId);
+                        if (createConfig) {
+                            throw new EProfileException("Duplicate policy id: " + id);
                         }
                     }
                 }
+            }
         }
 
         // Now make sure we aren't trying to add a policy that already exists
         IConfigStore policySetStore = mConfig.getSubStore("policyset");
-        String setlist =  null;
+        String setlist = null;
         try {
             setlist = policySetStore.getString("list", "");
         } catch (Exception e) {
         }
         StringTokenizer st = new StringTokenizer(setlist, ",");
 
-        int matches = 0; 
+        int matches = 0;
         while (st.hasMoreTokens()) {
             String sId = (String) st.nextToken();
 
-            //Only search the setId set. Ex: encryptionCertSet
+            // Only search the setId set. Ex: encryptionCertSet
             if (!sId.equals(setId)) {
                 continue;
             }
             IConfigStore pStore = policySetStore.getSubStore(sId);
-           
+
             String list = null;
             try {
-                list =  pStore.getString(PROP_POLICY_LIST, "");
+                list = pStore.getString(PROP_POLICY_LIST, "");
             } catch (Exception e) {
                 CMS.debug("WARNING, can't get policy id list!");
             }
@@ -862,9 +863,9 @@ public abstract class BasicProfile implements IProfile {
                 String defaultRoot = curId + "." + PROP_DEFAULT;
                 String curDefaultClassId = null;
                 try {
-                    curDefaultClassId =  pStore.getString(defaultRoot + "." +
-                        PROP_CLASS_ID);
-                } catch(Exception e) {
+                    curDefaultClassId = pStore.getString(defaultRoot + "." +
+                            PROP_CLASS_ID);
+                } catch (Exception e) {
                     CMS.debug("WARNING, can't get default plugin id!");
                 }
 
@@ -876,24 +877,23 @@ public abstract class BasicProfile implements IProfile {
                     CMS.debug("WARNING, can't get constraint plugin id!");
                 }
 
-                //Disallow duplicate defaults  with the following exceptions:
+                // Disallow duplicate defaults with the following exceptions:
                 // noDefaultImpl, genericExtDefaultImpl
 
-                if ((curDefaultClassId.equals(defaultClassId)  && 
-                    !curDefaultClassId.equals(PROP_NO_DEFAULT) && 
-                    !curDefaultClassId.equals(PROP_GENERIC_EXT_DEFAULT)) ) {
+                if ((curDefaultClassId.equals(defaultClassId) &&
+                        !curDefaultClassId.equals(PROP_NO_DEFAULT) && !curDefaultClassId.equals(PROP_GENERIC_EXT_DEFAULT))) {
 
                     matches++;
                     if (createConfig) {
                         if (matches == 1) {
-                              CMS.debug("WARNING attempt to add duplicate Policy "  + defaultClassId + ":" + constraintClassId +
-                                  " Contact System Administrator.");
-                             throw new EProfileException("Attempt to add duplicate Policy : " +  defaultClassId + ":" + constraintClassId);
+                            CMS.debug("WARNING attempt to add duplicate Policy " + defaultClassId + ":" + constraintClassId +
+                                    " Contact System Administrator.");
+                            throw new EProfileException("Attempt to add duplicate Policy : " + defaultClassId + ":" + constraintClassId);
                         }
                     } else {
-                        if( matches > 1) {
-                             CMS.debug("WARNING attempt to add duplicate Policy "  + defaultClassId + ":" + constraintClassId +
-                                  " Contact System Administrator.");
+                        if (matches > 1) {
+                            CMS.debug("WARNING attempt to add duplicate Policy " + defaultClassId + ":" + constraintClassId +
+                                    " Contact System Administrator.");
                         }
                     }
                 }
@@ -919,8 +919,8 @@ public abstract class BasicProfile implements IProfile {
                     Class.forName(defaultClass).newInstance();
         } catch (Exception e) {
             // throw Exception
-            CMS.debug("BasicProfile: default policy " + 
-                defaultClass + " " + e.toString());
+            CMS.debug("BasicProfile: default policy " +
+                    defaultClass + " " + e.toString());
         }
         if (def == null) {
             CMS.debug("BasicProfile: failed to create " + defaultClass);
@@ -931,7 +931,7 @@ public abstract class BasicProfile implements IProfile {
             def.init(this, defStore);
         }
 
-        IPluginInfo conInfo = mRegistry.getPluginInfo("constraintPolicy", 
+        IPluginInfo conInfo = mRegistry.getPluginInfo("constraintPolicy",
                 constraintClassId);
         String constraintClass = conInfo.getClassName();
         IPolicyConstraint constraint = null;
@@ -941,8 +941,8 @@ public abstract class BasicProfile implements IProfile {
                     Class.forName(constraintClass).newInstance();
         } catch (Exception e) {
             // throw Exception
-            CMS.debug("BasicProfile: constraint policy " + 
-                constraintClass + " " + e.toString());
+            CMS.debug("BasicProfile: constraint policy " +
+                    constraintClass + " " + e.toString());
         }
         ProfilePolicy policy = null;
         if (constraint == null) {
@@ -968,21 +968,21 @@ public abstract class BasicProfile implements IProfile {
             } else {
                 policyStore.putString(PROP_POLICY_LIST, list + "," + id);
             }
-            policyStore.putString(id + ".default.name", 
-                defInfo.getName(Locale.getDefault()));
-            policyStore.putString(id + ".default.class_id", 
-                defaultClassId);
-            policyStore.putString(id + ".constraint.name", 
-                conInfo.getName(Locale.getDefault()));
-            policyStore.putString(id + ".constraint.class_id", 
-                constraintClassId);
+            policyStore.putString(id + ".default.name",
+                    defInfo.getName(Locale.getDefault()));
+            policyStore.putString(id + ".default.class_id",
+                    defaultClassId);
+            policyStore.putString(id + ".constraint.name",
+                    conInfo.getName(Locale.getDefault()));
+            policyStore.putString(id + ".constraint.class_id",
+                    constraintClassId);
             try {
-                mConfig.putString("lastModified", 
-                  Long.toString(CMS.getCurrentDate().getTime()));
+                mConfig.putString("lastModified",
+                        Long.toString(CMS.getCurrentDate().getTime()));
                 policyStore.commit(false);
             } catch (EBaseException e) {
-                CMS.debug("BasicProfile: commiting config store " + 
-                    e.toString());
+                CMS.debug("BasicProfile: commiting config store " +
+                        e.toString());
             }
         }
 
@@ -990,7 +990,7 @@ public abstract class BasicProfile implements IProfile {
     }
 
     public IProfilePolicy getProfilePolicy(String setId, String id) {
-        Vector<ProfilePolicy> policies =  mPolicySet.get(setId);
+        Vector<ProfilePolicy> policies = mPolicySet.get(setId);
 
         if (policies == null)
             return null;
@@ -1038,7 +1038,7 @@ public abstract class BasicProfile implements IProfile {
      * Creates request.
      */
     public abstract IRequest[] createRequests(IProfileContext ctx, Locale locale)
-        throws EProfileException;
+            throws EProfileException;
 
     /**
      * Returns the profile description.
@@ -1056,54 +1056,54 @@ public abstract class BasicProfile implements IProfile {
     }
 
     public void populateInput(IProfileContext ctx, IRequest request)
-        throws EProfileException {
+            throws EProfileException {
         Enumeration<String> ids = getProfileInputIds();
 
         while (ids.hasMoreElements()) {
             String id = (String) ids.nextElement();
-            IProfileInput input = getProfileInput(id); 
+            IProfileInput input = getProfileInput(id);
 
             input.populate(ctx, request);
         }
     }
 
     public Vector<ProfilePolicy> getPolicies(String setId) {
-        Vector<ProfilePolicy> policies =  mPolicySet.get(setId);
+        Vector<ProfilePolicy> policies = mPolicySet.get(setId);
 
         return policies;
     }
 
     /**
-     * Passes the request to the set of default policies that
-     * populate the profile information against the profile.
-     */ 
+     * Passes the request to the set of default policies that populate the
+     * profile information against the profile.
+     */
     public void populate(IRequest request)
-        throws EProfileException {
+            throws EProfileException {
         String setId = getPolicySetId(request);
         Vector<ProfilePolicy> policies = getPolicies(setId);
-        CMS.debug("BasicProfile: populate() policy setid ="+ setId);
+        CMS.debug("BasicProfile: populate() policy setid =" + setId);
 
         for (int i = 0; i < policies.size(); i++) {
             ProfilePolicy policy = (ProfilePolicy)
-                policies.elementAt(i);
+                    policies.elementAt(i);
 
             policy.getDefault().populate(request);
         }
     }
 
     /**
-     * Passes the request to the set of constraint policies 
-     * that validate the request against the profile.
-     */ 
+     * Passes the request to the set of constraint policies that validate the
+     * request against the profile.
+     */
     public void validate(IRequest request)
-        throws ERejectException {
+            throws ERejectException {
         String setId = getPolicySetId(request);
-        CMS.debug("BasicProfile: validate start on setId="+ setId);
+        CMS.debug("BasicProfile: validate start on setId=" + setId);
         Vector<ProfilePolicy> policies = getPolicies(setId);
 
         for (int i = 0; i < policies.size(); i++) {
             ProfilePolicy policy = (ProfilePolicy)
-                policies.elementAt(i);
+                    policies.elementAt(i);
 
             policy.getConstraint().validate(request);
         }
@@ -1130,24 +1130,24 @@ public abstract class BasicProfile implements IProfile {
 
         for (int i = 0; i < policies.size(); i++) {
             ProfilePolicy policy = (ProfilePolicy)
-                policies.elementAt(i);
+                    policies.elementAt(i);
 
-            v.addElement(policy.getId());	
+            v.addElement(policy.getId());
         }
         return v.elements();
     }
 
     public void execute(IRequest request)
-        throws EProfileException {
+            throws EProfileException {
     }
 
     /**
      * Signed Audit Log
-     *
-     * This method is inherited by all extended "BasicProfile"s,
-     * and is called to store messages to the signed audit log.
+     * 
+     * This method is inherited by all extended "BasicProfile"s, and is called
+     * to store messages to the signed audit log.
      * <P>
-     *
+     * 
      * @param msg signed audit log message
      */
     protected void audit(String msg) {
@@ -1159,20 +1159,19 @@ public abstract class BasicProfile implements IProfile {
         }
 
         mSignedAuditLogger.log(ILogger.EV_SIGNED_AUDIT,
-            null,
-            ILogger.S_SIGNED_AUDIT,
-            ILogger.LL_SECURITY,
-            msg);
+                null,
+                ILogger.S_SIGNED_AUDIT,
+                ILogger.LL_SECURITY,
+                msg);
     }
 
     /**
      * Signed Audit Log Subject ID
-     *
-     * This method is inherited by all extended "BasicProfile"s,
-     * and is called to obtain the "SubjectID" for
-     * a signed audit log message.
+     * 
+     * This method is inherited by all extended "BasicProfile"s, and is called
+     * to obtain the "SubjectID" for a signed audit log message.
      * <P>
-     *
+     * 
      * @return id string containing the signed audit log message SubjectID
      */
     protected String auditSubjectID() {
@@ -1202,4 +1201,3 @@ public abstract class BasicProfile implements IProfile {
         return subjectID;
     }
 }
-
diff --git a/pki/base/common/src/com/netscape/cms/profile/common/CACertCAEnrollProfile.java b/pki/base/common/src/com/netscape/cms/profile/common/CACertCAEnrollProfile.java
index 681f2b4a..72c0aebe 100644
--- a/pki/base/common/src/com/netscape/cms/profile/common/CACertCAEnrollProfile.java
+++ b/pki/base/common/src/com/netscape/cms/profile/common/CACertCAEnrollProfile.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.profile.common;
 
-
 import com.netscape.certsrv.base.EBaseException;
 import com.netscape.certsrv.base.IConfigStore;
 import com.netscape.certsrv.common.NameValuePairs;
@@ -28,103 +27,101 @@ import com.netscape.certsrv.profile.IProfileInput;
 import com.netscape.certsrv.profile.IProfileOutput;
 import com.netscape.certsrv.profile.IProfilePolicy;
 
-
 /**
- * This class implements a Certificate Manager enrollment
- * profile for CA Certificates.
- *
+ * This class implements a Certificate Manager enrollment profile for CA
+ * Certificates.
+ * 
  * @version $Revision$, $Date$
  */
-public class CACertCAEnrollProfile extends CAEnrollProfile 
-   implements IProfileEx {
+public class CACertCAEnrollProfile extends CAEnrollProfile
+        implements IProfileEx {
 
     /**
-     * Called after initialization. It populates default
-     * policies, inputs, and outputs.
+     * Called after initialization. It populates default policies, inputs, and
+     * outputs.
      */
-    public void populate() throws EBaseException
-    { 
+    public void populate() throws EBaseException {
         // create inputs
         NameValuePairs inputParams1 = new NameValuePairs();
-        IProfileInput input1 = 
-          createProfileInput("i1", "certReqInputImpl", inputParams1);
+        IProfileInput input1 =
+                createProfileInput("i1", "certReqInputImpl", inputParams1);
         NameValuePairs inputParams2 = new NameValuePairs();
-        IProfileInput input2 = 
-          createProfileInput("i2", "submitterInfoInputImpl", inputParams2);
+        IProfileInput input2 =
+                createProfileInput("i2", "submitterInfoInputImpl", inputParams2);
 
-        // create outputs 
+        // create outputs
         NameValuePairs outputParams1 = new NameValuePairs();
-        IProfileOutput output1 = 
-          createProfileOutput("o1", "certOutputImpl", outputParams1);
+        IProfileOutput output1 =
+                createProfileOutput("o1", "certOutputImpl", outputParams1);
 
         // create policies
         IProfilePolicy policy1 =
-          createProfilePolicy("set1", "p1",
-            "userSubjectNameDefaultImpl", "noConstraintImpl");
+                createProfilePolicy("set1", "p1",
+                        "userSubjectNameDefaultImpl", "noConstraintImpl");
         IPolicyDefault def1 = policy1.getDefault();
         IConfigStore defConfig1 = def1.getConfigStore();
         IPolicyConstraint con1 = policy1.getConstraint();
         IConfigStore conConfig1 = con1.getConfigStore();
 
         IProfilePolicy policy2 =
-          createProfilePolicy("set1", "p2",
-            "validityDefaultImpl", "noConstraintImpl");
+                createProfilePolicy("set1", "p2",
+                        "validityDefaultImpl", "noConstraintImpl");
         IPolicyDefault def2 = policy2.getDefault();
         IConfigStore defConfig2 = def2.getConfigStore();
-        defConfig2.putString("params.range","180");
-        defConfig2.putString("params.startTime","0");
+        defConfig2.putString("params.range", "180");
+        defConfig2.putString("params.startTime", "0");
         IPolicyConstraint con2 = policy2.getConstraint();
         IConfigStore conConfig2 = con2.getConfigStore();
 
         IProfilePolicy policy3 =
-          createProfilePolicy("set1", "p3",
-            "userKeyDefaultImpl", "noConstraintImpl");
+                createProfilePolicy("set1", "p3",
+                        "userKeyDefaultImpl", "noConstraintImpl");
         IPolicyDefault def3 = policy3.getDefault();
         IConfigStore defConfig3 = def3.getConfigStore();
-        defConfig3.putString("params.keyType","RSA");
-        defConfig3.putString("params.keyMinLength","512");
-        defConfig3.putString("params.keyMaxLength","4096");
+        defConfig3.putString("params.keyType", "RSA");
+        defConfig3.putString("params.keyMinLength", "512");
+        defConfig3.putString("params.keyMaxLength", "4096");
         IPolicyConstraint con3 = policy3.getConstraint();
         IConfigStore conConfig3 = con3.getConfigStore();
 
         IProfilePolicy policy4 =
-          createProfilePolicy("set1", "p4",
-            "signingAlgDefaultImpl", "noConstraintImpl");
+                createProfilePolicy("set1", "p4",
+                        "signingAlgDefaultImpl", "noConstraintImpl");
         IPolicyDefault def4 = policy4.getDefault();
         IConfigStore defConfig4 = def4.getConfigStore();
-        defConfig4.putString("params.signingAlg","-");
+        defConfig4.putString("params.signingAlg", "-");
         defConfig4.putString("params.signingAlgsAllowed",
-          "SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA256withEC,SHA384withEC,SHA512withEC");
+                "SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA256withEC,SHA384withEC,SHA512withEC");
         IPolicyConstraint con4 = policy4.getConstraint();
         IConfigStore conConfig4 = con4.getConfigStore();
 
         // extensions
         IProfilePolicy policy5 =
-          createProfilePolicy("set1", "p5",
-            "keyUsageExtDefaultImpl", "noConstraintImpl");
+                createProfilePolicy("set1", "p5",
+                        "keyUsageExtDefaultImpl", "noConstraintImpl");
         IPolicyDefault def5 = policy5.getDefault();
         IConfigStore defConfig5 = def5.getConfigStore();
-        defConfig5.putString("params.keyUsageCritical","true");
-        defConfig5.putString("params.keyUsageCrlSign","true");
-        defConfig5.putString("params.keyUsageDataEncipherment","false");
-        defConfig5.putString("params.keyUsageDecipherOnly","false");
-        defConfig5.putString("params.keyUsageDigitalSignature","true");
-        defConfig5.putString("params.keyUsageEncipherOnly","false");
-        defConfig5.putString("params.keyUsageKeyAgreement","false");
-        defConfig5.putString("params.keyUsageKeyCertSign","true");
-        defConfig5.putString("params.keyUsageKeyEncipherment","false");
-        defConfig5.putString("params.keyUsageNonRepudiation","true");
+        defConfig5.putString("params.keyUsageCritical", "true");
+        defConfig5.putString("params.keyUsageCrlSign", "true");
+        defConfig5.putString("params.keyUsageDataEncipherment", "false");
+        defConfig5.putString("params.keyUsageDecipherOnly", "false");
+        defConfig5.putString("params.keyUsageDigitalSignature", "true");
+        defConfig5.putString("params.keyUsageEncipherOnly", "false");
+        defConfig5.putString("params.keyUsageKeyAgreement", "false");
+        defConfig5.putString("params.keyUsageKeyCertSign", "true");
+        defConfig5.putString("params.keyUsageKeyEncipherment", "false");
+        defConfig5.putString("params.keyUsageNonRepudiation", "true");
         IPolicyConstraint con5 = policy5.getConstraint();
         IConfigStore conConfig5 = con5.getConfigStore();
 
         IProfilePolicy policy6 =
-          createProfilePolicy("set1", "p6",
-            "basicConstraintsExtDefaultImpl", "noConstraintImpl");
+                createProfilePolicy("set1", "p6",
+                        "basicConstraintsExtDefaultImpl", "noConstraintImpl");
         IPolicyDefault def6 = policy6.getDefault();
         IConfigStore defConfig6 = def6.getConfigStore();
-        defConfig6.putString("params.basicConstraintsPathLen","-1");
-        defConfig6.putString("params.basicConstraintsIsCA","true");
-        defConfig6.putString("params.basicConstraintsPathLen","-1");
+        defConfig6.putString("params.basicConstraintsPathLen", "-1");
+        defConfig6.putString("params.basicConstraintsIsCA", "true");
+        defConfig6.putString("params.basicConstraintsPathLen", "-1");
         IPolicyConstraint con6 = policy6.getConstraint();
         IConfigStore conConfig6 = con6.getConfigStore();
     }
diff --git a/pki/base/common/src/com/netscape/cms/profile/common/CAEnrollProfile.java b/pki/base/common/src/com/netscape/cms/profile/common/CAEnrollProfile.java
index 32cd51b5..df558acb 100644
--- a/pki/base/common/src/com/netscape/cms/profile/common/CAEnrollProfile.java
+++ b/pki/base/common/src/com/netscape/cms/profile/common/CAEnrollProfile.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.profile.common;
 
-
 import java.util.Enumeration;
 
 import netscape.security.x509.X500Name;
@@ -41,27 +40,23 @@ import com.netscape.certsrv.profile.IProfileUpdater;
 import com.netscape.certsrv.request.IRequest;
 import com.netscape.certsrv.request.RequestStatus;
 
-
 /**
- * This class implements a Certificate Manager enrollment
- * profile.
- *
+ * This class implements a Certificate Manager enrollment profile.
+ * 
  * @version $Revision$, $Date$
  */
 public class CAEnrollProfile extends EnrollProfile {
 
-    private final static String
-        LOGGING_SIGNED_AUDIT_PRIVATE_KEY_ARCHIVE_REQUEST =
-        "LOGGING_SIGNED_AUDIT_PRIVATE_KEY_ARCHIVE_REQUEST_4";
-
+    private final static String LOGGING_SIGNED_AUDIT_PRIVATE_KEY_ARCHIVE_REQUEST =
+            "LOGGING_SIGNED_AUDIT_PRIVATE_KEY_ARCHIVE_REQUEST_4";
 
     public CAEnrollProfile() {
         super();
     }
 
     public IAuthority getAuthority() {
-        IAuthority authority = (IAuthority) 
-            CMS.getSubsystem(CMS.SUBSYSTEM_CA);
+        IAuthority authority = (IAuthority)
+                CMS.getSubsystem(CMS.SUBSYSTEM_CA);
 
         if (authority == null)
             return null;
@@ -70,17 +65,17 @@ public class CAEnrollProfile extends EnrollProfile {
 
     public X500Name getIssuerName() {
         ICertificateAuthority ca = (ICertificateAuthority)
-            CMS.getSubsystem(CMS.SUBSYSTEM_CA);
+                CMS.getSubsystem(CMS.SUBSYSTEM_CA);
         X500Name issuerName = ca.getX500Name();
 
         return issuerName;
     }
 
     public void execute(IRequest request)
-        throws EProfileException {
+            throws EProfileException {
 
         long startTime = CMS.getCurrentDate().getTime();
-         
+
         if (!isEnable()) {
             CMS.debug("CAEnrollProfile: Profile Not Enabled");
             throw new EProfileException("Profile Not Enabled");
@@ -91,14 +86,13 @@ public class CAEnrollProfile extends EnrollProfile {
         String auditRequesterID = auditRequesterID(request);
         String auditArchiveID = ILogger.UNIDENTIFIED;
 
-
         String id = request.getRequestId().toString();
         if (id != null) {
             auditArchiveID = id.trim();
         }
 
-        CMS.debug("CAEnrollProfile: execute reqId=" + 
-            request.getRequestId().toString());
+        CMS.debug("CAEnrollProfile: execute reqId=" +
+                request.getRequestId().toString());
         ICertificateAuthority ca = (ICertificateAuthority) getAuthority();
         ICAService caService = (ICAService) ca.getCAService();
 
@@ -113,41 +107,39 @@ public class CAEnrollProfile extends EnrollProfile {
         // do not archive keys for renewal requests
         if ((optionsData != null) && (!request.getRequestType().equals(IRequest.RENEWAL_REQUEST))) {
             PKIArchiveOptions options = (PKIArchiveOptions)
-                toPKIArchiveOptions(optionsData);
+                    toPKIArchiveOptions(optionsData);
 
             if (options != null) {
                 CMS.debug("CAEnrollProfile: execute found " +
-                    "PKIArchiveOptions");
+                        "PKIArchiveOptions");
                 try {
                     IConnector kraConnector = caService.getKRAConnector();
 
                     if (kraConnector == null) {
                         CMS.debug("CAEnrollProfile: KRA connector " +
-                            "not configured");
+                                "not configured");
 
                         auditMessage = CMS.getLogMessage(
-                            LOGGING_SIGNED_AUDIT_PRIVATE_KEY_ARCHIVE_REQUEST,
-                            auditSubjectID,
-                            ILogger.FAILURE,
-                            auditRequesterID,
-                            auditArchiveID);
+                                LOGGING_SIGNED_AUDIT_PRIVATE_KEY_ARCHIVE_REQUEST,
+                                auditSubjectID,
+                                ILogger.FAILURE,
+                                auditRequesterID,
+                                auditArchiveID);
 
                         audit(auditMessage);
-                   
+
                     } else {
                         CMS.debug("CAEnrollProfile: execute send request");
                         kraConnector.send(request);
 
-
-                        
                         // check response
                         if (!request.isSuccess()) {
                             auditMessage = CMS.getLogMessage(
-                            LOGGING_SIGNED_AUDIT_PRIVATE_KEY_ARCHIVE_REQUEST,
-                            auditSubjectID,
-                            ILogger.FAILURE,
-                            auditRequesterID,
-                            auditArchiveID);
+                                    LOGGING_SIGNED_AUDIT_PRIVATE_KEY_ARCHIVE_REQUEST,
+                                    auditSubjectID,
+                                    ILogger.FAILURE,
+                                    auditRequesterID,
+                                    auditArchiveID);
 
                             audit(auditMessage);
                             throw new ERejectException(
@@ -155,17 +147,16 @@ public class CAEnrollProfile extends EnrollProfile {
                         }
 
                         auditMessage = CMS.getLogMessage(
-                            LOGGING_SIGNED_AUDIT_PRIVATE_KEY_ARCHIVE_REQUEST,
-                            auditSubjectID,
-                            ILogger.SUCCESS,
-                            auditRequesterID,
-                            auditArchiveID);
+                                LOGGING_SIGNED_AUDIT_PRIVATE_KEY_ARCHIVE_REQUEST,
+                                auditSubjectID,
+                                ILogger.SUCCESS,
+                                auditRequesterID,
+                                auditArchiveID);
 
                         audit(auditMessage);
                     }
                 } catch (Exception e) {
 
-
                     if (e instanceof ERejectException) {
                         throw (ERejectException) e;
                     }
@@ -189,17 +180,17 @@ public class CAEnrollProfile extends EnrollProfile {
         X509CertInfo info = request.getExtDataInCertInfo(REQUEST_CERTINFO);
         X509CertImpl theCert = null;
 
-        // #615460 - added audit log (transaction) 
+        // #615460 - added audit log (transaction)
         SessionContext sc = SessionContext.getExistingContext();
         sc.put("profileId", getId());
         String setId = request.getExtDataInString("profileSetId");
         if (setId != null) {
-          sc.put("profileSetId", setId);
+            sc.put("profileSetId", setId);
         }
 
         try {
             theCert = caService.issueX509Cert(info, getId() /* profileId */,
-              id /* requestId */);
+                    id /* requestId */);
         } catch (EBaseException e) {
             CMS.debug(e.toString());
 
@@ -211,24 +202,24 @@ public class CAEnrollProfile extends EnrollProfile {
 
         String initiative = AuditFormat.FROMAGENT
                           + " userID: "
-                          + (String)sc.get(SessionContext.USER_ID);
-        String authMgr = (String)sc.get(SessionContext.AUTH_MANAGER_ID);
+                          + (String) sc.get(SessionContext.USER_ID);
+        String authMgr = (String) sc.get(SessionContext.AUTH_MANAGER_ID);
 
         ILogger logger = CMS.getLogger();
-        if( logger != null ) {
-            logger.log( ILogger.EV_AUDIT, 
-                        ILogger.S_OTHER, AuditFormat.LEVEL, AuditFormat.FORMAT, 
-                        new Object[] { 
-                            request.getRequestType(), 
-                            request.getRequestId(), 
-                            initiative, 
-                            authMgr, 
-                            "completed", 
-                            theCert.getSubjectDN(), 
-                            "cert issued serial number: 0x" + 
-                            theCert.getSerialNumber().toString(16) + 
-                            " time: " + (endTime - startTime) }
-            );
+        if (logger != null) {
+            logger.log(ILogger.EV_AUDIT,
+                        ILogger.S_OTHER, AuditFormat.LEVEL, AuditFormat.FORMAT,
+                        new Object[] {
+                                request.getRequestType(),
+                                request.getRequestId(),
+                                initiative,
+                                authMgr,
+                                "completed",
+                                theCert.getSubjectDN(),
+                                "cert issued serial number: 0x" +
+                                        theCert.getSerialNumber().toString(16) +
+                                        " time: " + (endTime - startTime) }
+                    );
         }
 
         request.setRequestStatus(RequestStatus.COMPLETE);
@@ -236,9 +227,9 @@ public class CAEnrollProfile extends EnrollProfile {
         // notifies updater plugins
         Enumeration updaterIds = getProfileUpdaterIds();
         while (updaterIds.hasMoreElements()) {
-           String updaterId = (String)updaterIds.nextElement();
-           IProfileUpdater updater = getProfileUpdater(updaterId);
-           updater.update(request, RequestStatus.COMPLETE); 
+            String updaterId = (String) updaterIds.nextElement();
+            IProfileUpdater updater = getProfileUpdater(updaterId);
+            updater.update(request, RequestStatus.COMPLETE);
         }
 
         // set value for predicate value - checking in getRule
@@ -248,4 +239,3 @@ public class CAEnrollProfile extends EnrollProfile {
             request.setExtData("isEncryptionCert", "false");
     }
 }
-
diff --git a/pki/base/common/src/com/netscape/cms/profile/common/EnrollProfile.java b/pki/base/common/src/com/netscape/cms/profile/common/EnrollProfile.java
index 8bc6f190..f56481d2 100644
--- a/pki/base/common/src/com/netscape/cms/profile/common/EnrollProfile.java
+++ b/pki/base/common/src/com/netscape/cms/profile/common/EnrollProfile.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.profile.common;
 
-
 import java.io.ByteArrayInputStream;
 import java.io.ByteArrayOutputStream;
 import java.io.IOException;
@@ -99,21 +98,21 @@ import com.netscape.certsrv.request.IRequest;
 import com.netscape.certsrv.request.IRequestQueue;
 import com.netscape.cmsutil.util.HMACDigest;
 
-
 /**
  * This class implements a generic enrollment profile.
- *
+ * 
  * @version $Revision$, $Date$
  */
-public abstract class EnrollProfile extends BasicProfile 
-    implements IEnrollProfile {
+public abstract class EnrollProfile extends BasicProfile
+        implements IEnrollProfile {
 
     private final static String LOGGING_SIGNED_AUDIT_PROFILE_CERT_REQUEST =
-        "LOGGING_SIGNED_AUDIT_PROFILE_CERT_REQUEST_5";
+            "LOGGING_SIGNED_AUDIT_PROFILE_CERT_REQUEST_5";
     private final static String LOGGING_SIGNED_AUDIT_PROOF_OF_POSSESSION =
-        "LOGGING_SIGNED_AUDIT_PROOF_OF_POSSESSION_2";
+            "LOGGING_SIGNED_AUDIT_PROOF_OF_POSSESSION_2";
 
     private PKIData mCMCData;
+
     public EnrollProfile() {
         super();
     }
@@ -134,11 +133,11 @@ public abstract class EnrollProfile extends BasicProfile
      * Creates request.
      */
     public IRequest[] createRequests(IProfileContext context, Locale locale)
-        throws EProfileException {
+            throws EProfileException {
         EnrollProfileContext ctx = (EnrollProfileContext) context;
 
         // determine how many requests should be created
-        String cert_request_type = ctx.get(CTX_CERT_REQUEST_TYPE); 
+        String cert_request_type = ctx.get(CTX_CERT_REQUEST_TYPE);
         String cert_request = ctx.get(CTX_CERT_REQUEST);
         String is_renewal = ctx.get(CTX_RENEWAL);
         Integer renewal_seq_num = 0;
@@ -168,17 +167,16 @@ public abstract class EnrollProfile extends BasicProfile
                 num_requests = msgs.length;
         }
 
-        // only 1 request for renewal 
+        // only 1 request for renewal
         if ((is_renewal != null) && (is_renewal.equals("true"))) {
             num_requests = 1;
             String renewal_seq_num_str = ctx.get(CTX_RENEWAL_SEQ_NUM);
             if (renewal_seq_num_str != null) {
                 renewal_seq_num = Integer.parseInt(renewal_seq_num_str);
             } else {
-                renewal_seq_num =0;
+                renewal_seq_num = 0;
             }
         }
-                
 
         // populate requests with appropriate content
         IRequest result[] = new IRequest[num_requests];
@@ -186,7 +184,7 @@ public abstract class EnrollProfile extends BasicProfile
         for (int i = 0; i < num_requests; i++) {
             result[i] = createEnrollmentRequest();
             if ((is_renewal != null) && (is_renewal.equals("true"))) {
-                result[i].setExtData(REQUEST_SEQ_NUM,renewal_seq_num);
+                result[i].setExtData(REQUEST_SEQ_NUM, renewal_seq_num);
             } else {
                 result[i].setExtData(REQUEST_SEQ_NUM, Integer.valueOf(i));
             }
@@ -211,32 +209,32 @@ public abstract class EnrollProfile extends BasicProfile
                 48, 92, 48, 13, 6, 9, 42, -122, 72, -122, -9, 13, 1, 1, 1, 5,
                 0, 3, 75, 0, 48, 72, 2, 65, 0, -65, 121, -119, -59, 105, 66,
                 -122, -78, -30, -64, 63, -47, 44, -48, -104, 103, -47, -108,
-                42, -38, 46, -8, 32, 49, -29, -26, -112, -29, -86,71, 24,
+                42, -38, 46, -8, 32, 49, -29, -26, -112, -29, -86, 71, 24,
                 -104, 78, -31, -75, -128, 90, -92, -34, -51, -125, -13, 80, 101,
                 -78, 39, -119, -38, 117, 28, 67, -19, -71, -124, -85, 105, -53,
-                -103, -59, -67, -38, -83, 118, 65, 2, 3, 1, 0, 1};
+                -103, -59, -67, -38, -83, 118, 65, 2, 3, 1, 0, 1 };
         // default values into x509 certinfo. This thing is
         // not serializable by default
         try {
-            info.set(X509CertInfo.VERSION, 
-                new CertificateVersion(CertificateVersion.V3));
-            info.set(X509CertInfo.SERIAL_NUMBER, 
-                new CertificateSerialNumber(new BigInteger("0")));
-            info.set(X509CertInfo.ISSUER, 
-                new CertificateIssuerName(issuerName));
+            info.set(X509CertInfo.VERSION,
+                    new CertificateVersion(CertificateVersion.V3));
+            info.set(X509CertInfo.SERIAL_NUMBER,
+                    new CertificateSerialNumber(new BigInteger("0")));
+            info.set(X509CertInfo.ISSUER,
+                    new CertificateIssuerName(issuerName));
             info.set(X509CertInfo.KEY,
-                new CertificateX509Key(X509Key.parse(new DerValue(dummykey))));
-            info.set(X509CertInfo.SUBJECT, 
-                new CertificateSubjectName(issuerName));
-            info.set(X509CertInfo.VALIDITY, 
-                new CertificateValidity(new Date(), new Date()));
-            info.set(X509CertInfo.ALGORITHM_ID, 
-                new CertificateAlgorithmId(
-                    AlgorithmId.getAlgorithmId("MD5withRSA")));
+                    new CertificateX509Key(X509Key.parse(new DerValue(dummykey))));
+            info.set(X509CertInfo.SUBJECT,
+                    new CertificateSubjectName(issuerName));
+            info.set(X509CertInfo.VALIDITY,
+                    new CertificateValidity(new Date(), new Date()));
+            info.set(X509CertInfo.ALGORITHM_ID,
+                    new CertificateAlgorithmId(
+                            AlgorithmId.getAlgorithmId("MD5withRSA")));
 
             // add default extension container
-            info.set(X509CertInfo.EXTENSIONS, 
-                new CertificateExtensions());
+            info.set(X509CertInfo.EXTENSIONS,
+                    new CertificateExtensions());
         } catch (Exception e) {
             // throw exception - add key to template
             CMS.debug("EnrollProfile: Building X509CertInfo - " + e.toString());
@@ -246,7 +244,7 @@ public abstract class EnrollProfile extends BasicProfile
     }
 
     public IRequest createEnrollmentRequest()
-        throws EProfileException {
+            throws EProfileException {
         IRequest req = null;
 
         try {
@@ -270,7 +268,7 @@ public abstract class EnrollProfile extends BasicProfile
     }
 
     public abstract void execute(IRequest request)
-        throws EProfileException;
+            throws EProfileException;
 
     /**
      * Perform simple policy set assignment.
@@ -298,7 +296,7 @@ public abstract class EnrollProfile extends BasicProfile
 
         try {
             CertificateSubjectName sn = (CertificateSubjectName)
-                info.get(X509CertInfo.SUBJECT);
+                    info.get(X509CertInfo.SUBJECT);
 
             return sn.toString();
         } catch (Exception e) {
@@ -308,35 +306,35 @@ public abstract class EnrollProfile extends BasicProfile
     }
 
     /**
-     * This method is called after the user submits the 
-     * request from the end-entity page.
+     * This method is called after the user submits the request from the
+     * end-entity page.
      */
     public void submit(IAuthToken token, IRequest request)
-        throws EDeferException, EProfileException {
+            throws EDeferException, EProfileException {
         // Request Submission Logic:
         //
         // if (Authentication Failed) {
-        //   return Error
+        // return Error
+        // } else {
+        // if (No Auth Token) {
+        // queue request
         // } else {
-        //   if (No Auth Token) {
-        //     queue request
-        //   } else {
-        //     process request
-        //   }
+        // process request
+        // }
         // }
 
-        IAuthority authority = (IAuthority) 
-            getAuthority();
+        IAuthority authority = (IAuthority)
+                getAuthority();
         IRequestQueue queue = authority.getRequestQueue();
 
-            // this profile queues request that is authenticated
-            // by NoAuth
-            try {
-                queue.updateRequest(request);
-            } catch (EBaseException e) {
-                // save request to disk
-                CMS.debug("EnrollProfile: Update request " + e.toString());
-            }
+        // this profile queues request that is authenticated
+        // by NoAuth
+        try {
+            queue.updateRequest(request);
+        } catch (EBaseException e) {
+            // save request to disk
+            CMS.debug("EnrollProfile: Update request " + e.toString());
+        }
 
         if (token == null) {
             CMS.debug("EnrollProfile: auth token is null");
@@ -359,7 +357,7 @@ public abstract class EnrollProfile extends BasicProfile
     }
 
     public TaggedRequest[] parseCMC(Locale locale, String certreq)
-        throws EProfileException {
+            throws EProfileException {
         /* cert request must not be null */
         if (certreq == null) {
             CMS.debug("EnrollProfile: parseCMC() certreq null");
@@ -374,21 +372,21 @@ public abstract class EnrollProfile extends BasicProfile
         try {
             byte data[] = CMS.AtoB(creq);
             ByteArrayInputStream cmcBlobIn =
-                new ByteArrayInputStream(data);
-            
+                    new ByteArrayInputStream(data);
+
             org.mozilla.jss.pkix.cms.ContentInfo cmcReq = (org.mozilla.jss.pkix.cms.ContentInfo)
-            org.mozilla.jss.pkix.cms.ContentInfo.getTemplate().decode(cmcBlobIn);
-            org.mozilla.jss.pkix.cms.SignedData cmcFullReq = (org.mozilla.jss.pkix.cms.SignedData)cmcReq.getInterpretedContent();
-             org.mozilla.jss.pkix.cms.EncapsulatedContentInfo ci = cmcFullReq.getContentInfo();
+                    org.mozilla.jss.pkix.cms.ContentInfo.getTemplate().decode(cmcBlobIn);
+            org.mozilla.jss.pkix.cms.SignedData cmcFullReq = (org.mozilla.jss.pkix.cms.SignedData) cmcReq.getInterpretedContent();
+            org.mozilla.jss.pkix.cms.EncapsulatedContentInfo ci = cmcFullReq.getContentInfo();
             OBJECT_IDENTIFIER id = ci.getContentType();
             OCTET_STRING content = ci.getContent();
-            
+
             ByteArrayInputStream s = new ByteArrayInputStream(content.toByteArray());
             PKIData pkiData = (PKIData) (new PKIData.Template()).decode(s);
 
             mCMCData = pkiData;
-            //PKIData pkiData = (PKIData)
-            //    (new PKIData.Template()).decode(cmcBlobIn);
+            // PKIData pkiData = (PKIData)
+            // (new PKIData.Template()).decode(cmcBlobIn);
             SEQUENCE controlSeq = pkiData.getControlSequence();
             int numcontrols = controlSeq.size();
             SEQUENCE reqSeq = pkiData.getReqSequence();
@@ -398,22 +396,22 @@ public abstract class EnrollProfile extends BasicProfile
                 if (numcontrols > 0) {
                     context.put("numOfControls", Integer.valueOf(numcontrols));
                     TaggedAttribute[] attributes = new TaggedAttribute[numcontrols];
-                    for (int i=0; i<numcontrols; i++) {
-                        attributes[i] = (TaggedAttribute)controlSeq.elementAt(i);
+                    for (int i = 0; i < numcontrols; i++) {
+                        attributes[i] = (TaggedAttribute) controlSeq.elementAt(i);
                         OBJECT_IDENTIFIER oid = attributes[i].getType();
                         if (oid.equals(OBJECT_IDENTIFIER.id_cmc_identityProof)) {
-                            boolean valid = verifyIdentityProof(attributes[i], 
-                              reqSeq);
+                            boolean valid = verifyIdentityProof(attributes[i],
+                                    reqSeq);
                             if (!valid) {
-                                SEQUENCE bpids = getRequestBpids(reqSeq); 
+                                SEQUENCE bpids = getRequestBpids(reqSeq);
                                 context.put("identityProof", bpids);
                                 return null;
                             }
                         } else if (oid.equals(OBJECT_IDENTIFIER.id_cmc_idPOPLinkRandom)) {
                             SET vals = attributes[i].getValues();
-                            OCTET_STRING ostr = 
-                              (OCTET_STRING)(ASN1Util.decode(OCTET_STRING.getTemplate(),
-                              ASN1Util.encode(vals.elementAt(0))));
+                            OCTET_STRING ostr =
+                                    (OCTET_STRING) (ASN1Util.decode(OCTET_STRING.getTemplate(),
+                                            ASN1Util.encode(vals.elementAt(0))));
                             randomSeed = ostr.toByteArray();
                         } else {
                             context.put(attributes[i].getType(), attributes[i]);
@@ -421,18 +419,18 @@ public abstract class EnrollProfile extends BasicProfile
                     }
                 }
             }
- 
+
             SEQUENCE otherMsgSeq = pkiData.getOtherMsgSequence();
             int numOtherMsgs = otherMsgSeq.size();
             if (!context.containsKey("numOfOtherMsgs")) {
                 context.put("numOfOtherMsgs", Integer.valueOf(numOtherMsgs));
-                for (int i=0; i<numOtherMsgs; i++) {
-                    OtherMsg omsg =(OtherMsg)(ASN1Util.decode(OtherMsg.getTemplate(),
-                      ASN1Util.encode(otherMsgSeq.elementAt(i))));
-                    context.put("otherMsg"+i, omsg);
+                for (int i = 0; i < numOtherMsgs; i++) {
+                    OtherMsg omsg = (OtherMsg) (ASN1Util.decode(OtherMsg.getTemplate(),
+                            ASN1Util.encode(otherMsgSeq.elementAt(i))));
+                    context.put("otherMsg" + i, omsg);
                 }
             }
-            
+
             int nummsgs = reqSeq.size();
             if (nummsgs > 0) {
                 msgs = new TaggedRequest[reqSeq.size()];
@@ -445,7 +443,7 @@ public abstract class EnrollProfile extends BasicProfile
                             valid = verifyPOPLinkWitness(randomSeed, msgs[i], bpids);
                             if (!valid || bpids.size() > 0) {
                                 context.put("POPLinkWitness", bpids);
-                                return null; 
+                                return null;
                             }
                         }
                     }
@@ -462,7 +460,7 @@ public abstract class EnrollProfile extends BasicProfile
     }
 
     private boolean verifyPOPLinkWitness(byte[] randomSeed, TaggedRequest req,
-      SEQUENCE bpids) {
+            SEQUENCE bpids) {
         ISharedToken tokenClass = null;
         boolean sharedSecretFound = true;
         String name = null;
@@ -477,15 +475,15 @@ public abstract class EnrollProfile extends BasicProfile
         }
 
         try {
-            tokenClass = (ISharedToken)Class.forName(name).newInstance();
+            tokenClass = (ISharedToken) Class.forName(name).newInstance();
         } catch (ClassNotFoundException e) {
-            CMS.debug("EnrollProfile: Failed to find class name: "+name);
+            CMS.debug("EnrollProfile: Failed to find class name: " + name);
             sharedSecretFound = false;
         } catch (InstantiationException e) {
-            CMS.debug("EnrollProfile: Failed to instantiate class: "+name);
+            CMS.debug("EnrollProfile: Failed to instantiate class: " + name);
             sharedSecretFound = false;
         } catch (IllegalAccessException e) {
-            CMS.debug("EnrollProfile: Illegal access: "+name);
+            CMS.debug("EnrollProfile: Illegal access: " + name);
             sharedSecretFound = false;
         }
 
@@ -494,7 +492,7 @@ public abstract class EnrollProfile extends BasicProfile
         String sharedSecret = null;
         if (tokenClass != null)
             sharedSecret = tokenClass.getSharedToken(mCMCData);
-        if (req.getType().equals(TaggedRequest.PKCS10)) { 
+        if (req.getType().equals(TaggedRequest.PKCS10)) {
             TaggedCertificationRequest tcr = req.getTcr();
             if (!sharedSecretFound) {
                 bpids.addElement(tcr.getBodyPartID());
@@ -503,25 +501,25 @@ public abstract class EnrollProfile extends BasicProfile
                 CertificationRequest creq = tcr.getCertificationRequest();
                 CertificationRequestInfo cinfo = creq.getInfo();
                 SET attrs = cinfo.getAttributes();
-                for (int j=0; j<attrs.size(); j++) {
-                    Attribute pkcs10Attr = (Attribute)attrs.elementAt(j);
+                for (int j = 0; j < attrs.size(); j++) {
+                    Attribute pkcs10Attr = (Attribute) attrs.elementAt(j);
                     if (pkcs10Attr.getType().equals(OBJECT_IDENTIFIER.id_cmc_idPOPLinkWitness)) {
                         SET witnessVal = pkcs10Attr.getValues();
                         if (witnessVal.size() > 0) {
                             try {
                                 OCTET_STRING str =
-                                  (OCTET_STRING)(ASN1Util.decode(OCTET_STRING.getTemplate(),
-                                  ASN1Util.encode(witnessVal.elementAt(0))));
+                                        (OCTET_STRING) (ASN1Util.decode(OCTET_STRING.getTemplate(),
+                                                ASN1Util.encode(witnessVal.elementAt(0))));
                                 bv = str.toByteArray();
                                 return verifyDigest(sharedSecret.getBytes(),
-                                  randomSeed, bv);
+                                        randomSeed, bv);
                             } catch (InvalidBERException ex) {
                                 return false;
                             }
                         }
-                    } 
+                    }
                 }
-  
+
                 return false;
             }
         } else if (req.getType().equals(TaggedRequest.CRMF)) {
@@ -535,14 +533,14 @@ public abstract class EnrollProfile extends BasicProfile
                 for (int i = 0; i < certReq.numControls(); i++) {
                     AVA ava = certReq.controlAt(i);
 
-                    if (ava.getOID().equals(OBJECT_IDENTIFIER.id_cmc_idPOPLinkWitness)) { 
+                    if (ava.getOID().equals(OBJECT_IDENTIFIER.id_cmc_idPOPLinkWitness)) {
                         ASN1Value value = ava.getValue();
                         ByteArrayInputStream bis = new ByteArrayInputStream(
-                          ASN1Util.encode(value));
+                                ASN1Util.encode(value));
                         OCTET_STRING ostr = null;
                         try {
                             ostr = (OCTET_STRING)
-                              (new OCTET_STRING.Template()).decode(bis);
+                                    (new OCTET_STRING.Template()).decode(bis);
                             bv = ostr.toByteArray();
                         } catch (Exception e) {
                             bpids.addElement(reqId);
@@ -550,7 +548,7 @@ public abstract class EnrollProfile extends BasicProfile
                         }
 
                         boolean valid = verifyDigest(sharedSecret.getBytes(),
-                          randomSeed, bv);
+                                randomSeed, bv);
                         if (!valid) {
                             bpids.addElement(reqId);
                             return valid;
@@ -569,7 +567,7 @@ public abstract class EnrollProfile extends BasicProfile
             MessageDigest SHA1Digest = MessageDigest.getInstance("SHA1");
             key = SHA1Digest.digest(sharedSecret);
         } catch (NoSuchAlgorithmException ex) {
-            CMS.debug("EnrollProfile: No such algorithm for this message digest."); 
+            CMS.debug("EnrollProfile: No such algorithm for this message digest.");
             return false;
         }
 
@@ -580,7 +578,7 @@ public abstract class EnrollProfile extends BasicProfile
             hmacDigest.update(text);
             finalDigest = hmacDigest.digest();
         } catch (NoSuchAlgorithmException ex) {
-            CMS.debug("EnrollProfile: No such algorithm for this message digest."); 
+            CMS.debug("EnrollProfile: No such algorithm for this message digest.");
             return false;
         }
 
@@ -589,9 +587,9 @@ public abstract class EnrollProfile extends BasicProfile
             return false;
         }
 
-        for (int j=0; j<bv.length; j++) {
+        for (int j = 0; j < bv.length; j++) {
             if (bv[j] != finalDigest[j]) {
-            CMS.debug("EnrollProfile: The content of two HMAC digest are not the same.");
+                CMS.debug("EnrollProfile: The content of two HMAC digest are not the same.");
                 return false;
             }
         }
@@ -633,23 +631,23 @@ public abstract class EnrollProfile extends BasicProfile
         else {
             ISharedToken tokenClass = null;
             try {
-                tokenClass = (ISharedToken)Class.forName(name).newInstance();
+                tokenClass = (ISharedToken) Class.forName(name).newInstance();
             } catch (ClassNotFoundException e) {
-                CMS.debug("EnrollProfile: Failed to find class name: "+name);
+                CMS.debug("EnrollProfile: Failed to find class name: " + name);
                 return false;
             } catch (InstantiationException e) {
-                CMS.debug("EnrollProfile: Failed to instantiate class: "+name);
+                CMS.debug("EnrollProfile: Failed to instantiate class: " + name);
                 return false;
             } catch (IllegalAccessException e) {
-                CMS.debug("EnrollProfile: Illegal access: "+name);
+                CMS.debug("EnrollProfile: Illegal access: " + name);
                 return false;
             }
- 
+
             String token = tokenClass.getSharedToken(mCMCData);
             OCTET_STRING ostr = null;
             try {
-                ostr = (OCTET_STRING)(ASN1Util.decode(OCTET_STRING.getTemplate(),
-                ASN1Util.encode(vals.elementAt(0))));
+                ostr = (OCTET_STRING) (ASN1Util.decode(OCTET_STRING.getTemplate(),
+                        ASN1Util.encode(vals.elementAt(0))));
             } catch (InvalidBERException e) {
                 CMS.debug("EnrollProfile: Failed to decode the byte value.");
                 return false;
@@ -662,34 +660,34 @@ public abstract class EnrollProfile extends BasicProfile
     }
 
     public void fillTaggedRequest(Locale locale, TaggedRequest tagreq, X509CertInfo info,
-        IRequest req)
-        throws EProfileException {
+            IRequest req)
+            throws EProfileException {
         TaggedRequest.Type type = tagreq.getType();
 
-        if (type.equals(TaggedRequest.PKCS10)) { 
+        if (type.equals(TaggedRequest.PKCS10)) {
             try {
-                TaggedCertificationRequest tcr = tagreq.getTcr(); 
-                CertificationRequest p10 = tcr.getCertificationRequest(); 
-                ByteArrayOutputStream ostream = new ByteArrayOutputStream(); 
+                TaggedCertificationRequest tcr = tagreq.getTcr();
+                CertificationRequest p10 = tcr.getCertificationRequest();
+                ByteArrayOutputStream ostream = new ByteArrayOutputStream();
 
-                p10.encode(ostream); 
+                p10.encode(ostream);
                 PKCS10 pkcs10 = new PKCS10(ostream.toByteArray());
 
                 req.setExtData("bodyPartId", tcr.getBodyPartID());
                 fillPKCS10(locale, pkcs10, info, req);
             } catch (Exception e) {
-                CMS.debug("EnrollProfile: fillTaggedRequest " + 
-                    e.toString());
+                CMS.debug("EnrollProfile: fillTaggedRequest " +
+                        e.toString());
             }
-        } else if (type.equals(TaggedRequest.CRMF)) { 
-            CertReqMsg crm = tagreq.getCrm(); 
+        } else if (type.equals(TaggedRequest.CRMF)) {
+            CertReqMsg crm = tagreq.getCrm();
             SessionContext context = SessionContext.getContext();
-            Integer nums = (Integer)(context.get("numOfControls"));
+            Integer nums = (Integer) (context.get("numOfControls"));
 
             // check if the LRA POP Witness Control attribute exists
             if (nums != null && nums.intValue() > 0) {
-                TaggedAttribute attr = 
-                  (TaggedAttribute)(context.get(OBJECT_IDENTIFIER.id_cmc_lraPOPWitness));
+                TaggedAttribute attr =
+                        (TaggedAttribute) (context.get(OBJECT_IDENTIFIER.id_cmc_lraPOPWitness));
                 if (attr != null) {
                     parseLRAPopWitness(locale, crm, attr);
                 } else {
@@ -708,42 +706,42 @@ public abstract class EnrollProfile extends BasicProfile
         }
     }
 
-    private void parseLRAPopWitness(Locale locale, CertReqMsg crm, 
-      TaggedAttribute attr) throws EProfileException {
+    private void parseLRAPopWitness(Locale locale, CertReqMsg crm,
+            TaggedAttribute attr) throws EProfileException {
         SET vals = attr.getValues();
         boolean donePOP = false;
         INTEGER reqId = null;
         if (vals.size() > 0) {
             LraPopWitness lraPop = null;
             try {
-                lraPop = (LraPopWitness)(ASN1Util.decode(LraPopWitness.getTemplate(),
-                  ASN1Util.encode(vals.elementAt(0))));
+                lraPop = (LraPopWitness) (ASN1Util.decode(LraPopWitness.getTemplate(),
+                        ASN1Util.encode(vals.elementAt(0))));
             } catch (InvalidBERException e) {
                 throw new EProfileException(
-                  CMS.getUserMessage(locale, "CMS_PROFILE_ENCODING_ERROR"));
+                        CMS.getUserMessage(locale, "CMS_PROFILE_ENCODING_ERROR"));
             }
 
             SEQUENCE bodyIds = lraPop.getBodyIds();
             reqId = crm.getCertReq().getCertReqId();
 
-            for (int i=0; i<bodyIds.size(); i++) {
-                INTEGER num = (INTEGER)(bodyIds.elementAt(i));
+            for (int i = 0; i < bodyIds.size(); i++) {
+                INTEGER num = (INTEGER) (bodyIds.elementAt(i));
                 if (num.toString().equals(reqId.toString())) {
                     donePOP = true;
-                    CMS.debug("EnrollProfile: skip POP for request: "+reqId.toString()+ " because LRA POP Witness control is found.");
+                    CMS.debug("EnrollProfile: skip POP for request: " + reqId.toString() + " because LRA POP Witness control is found.");
                     break;
                 }
             }
         }
 
         if (!donePOP) {
-            CMS.debug("EnrollProfile: not skip POP for request: "+reqId.toString()+" because this request id is not part of the body list in LRA Pop witness control.");
+            CMS.debug("EnrollProfile: not skip POP for request: " + reqId.toString() + " because this request id is not part of the body list in LRA Pop witness control.");
             verifyPOP(locale, crm);
         }
     }
 
     public CertReqMsg[] parseCRMF(Locale locale, String certreq)
-        throws EProfileException {
+            throws EProfileException {
 
         /* cert request must not be null */
         if (certreq == null) {
@@ -758,10 +756,10 @@ public abstract class EnrollProfile extends BasicProfile
         try {
             byte data[] = CMS.AtoB(creq);
             ByteArrayInputStream crmfBlobIn =
-                new ByteArrayInputStream(data);
+                    new ByteArrayInputStream(data);
             SEQUENCE crmfMsgs = (SEQUENCE)
-                new SEQUENCE.OF_Template(new
-                    CertReqMsg.Template()).decode(crmfBlobIn);
+                    new SEQUENCE.OF_Template(new
+                            CertReqMsg.Template()).decode(crmfBlobIn);
             int nummsgs = crmfMsgs.size();
 
             if (nummsgs <= 0)
@@ -779,17 +777,17 @@ public abstract class EnrollProfile extends BasicProfile
     }
 
     private static final OBJECT_IDENTIFIER PKIARCHIVEOPTIONS_OID =
-        new OBJECT_IDENTIFIER(new long[] {1, 3, 6, 1, 5, 5, 7, 5, 1, 4}
-        );
+            new OBJECT_IDENTIFIER(new long[] { 1, 3, 6, 1, 5, 5, 7, 5, 1, 4 }
+            );
 
-    protected PKIArchiveOptions getPKIArchiveOptions(AVA ava) { 
-        ASN1Value archVal = ava.getValue(); 
+    protected PKIArchiveOptions getPKIArchiveOptions(AVA ava) {
+        ASN1Value archVal = ava.getValue();
         ByteArrayInputStream bis = new ByteArrayInputStream(
-                ASN1Util.encode(archVal)); 
+                ASN1Util.encode(archVal));
         PKIArchiveOptions archOpts = null;
 
-        try { 
-            archOpts = (PKIArchiveOptions) 
+        try {
+            archOpts = (PKIArchiveOptions)
                     (new PKIArchiveOptions.Template()).decode(bis);
         } catch (Exception e) {
             CMS.debug("EnrollProfile: getPKIArchiveOptions " + e.toString());
@@ -801,8 +799,8 @@ public abstract class EnrollProfile extends BasicProfile
         ByteArrayInputStream bis = new ByteArrayInputStream(options);
         PKIArchiveOptions archOpts = null;
 
-        try { 
-            archOpts = (PKIArchiveOptions) 
+        try {
+            archOpts = (PKIArchiveOptions)
                     (new PKIArchiveOptions.Template()).decode(bis);
         } catch (Exception e) {
             CMS.debug("EnrollProfile: toPKIArchiveOptions " + e.toString());
@@ -810,13 +808,13 @@ public abstract class EnrollProfile extends BasicProfile
         return archOpts;
     }
 
-    public byte[] toByteArray(PKIArchiveOptions options) { 
+    public byte[] toByteArray(PKIArchiveOptions options) {
         return ASN1Util.encode(options);
     }
 
     public void fillCertReqMsg(Locale locale, CertReqMsg certReqMsg, X509CertInfo info,
-        IRequest req)
-        throws EProfileException {
+            IRequest req)
+            throws EProfileException {
         try {
             CMS.debug("Start parseCertReqMsg ");
             CertRequest certReq = certReqMsg.getCertReq();
@@ -825,12 +823,12 @@ public abstract class EnrollProfile extends BasicProfile
             for (int i = 0; i < certReq.numControls(); i++) {
                 AVA ava = certReq.controlAt(i);
 
-                if (ava.getOID().equals(PKIARCHIVEOPTIONS_OID)) { 
+                if (ava.getOID().equals(PKIARCHIVEOPTIONS_OID)) {
                     PKIArchiveOptions opt = getPKIArchiveOptions(ava);
 
-                    //req.set(REQUEST_ARCHIVE_OPTIONS, opt);
-                    req.setExtData(REQUEST_ARCHIVE_OPTIONS, 
-                        toByteArray(opt));
+                    // req.set(REQUEST_ARCHIVE_OPTIONS, opt);
+                    req.setExtData(REQUEST_ARCHIVE_OPTIONS,
+                            toByteArray(opt));
                 }
             }
 
@@ -847,8 +845,8 @@ public abstract class EnrollProfile extends BasicProfile
             key.decode(keybytes);
 
             // XXX - kmccarth - this may simply undo the decoding above
-            //                  but for now it's unclear whether X509Key
-            //                  changest the format when decoding.
+            // but for now it's unclear whether X509Key
+            // changest the format when decoding.
             CertificateX509Key certKey = new CertificateX509Key(key);
             ByteArrayOutputStream certKeyOut = new ByteArrayOutputStream();
             certKey.encode(certKeyOut);
@@ -856,7 +854,7 @@ public abstract class EnrollProfile extends BasicProfile
 
             // parse validity
             if (certTemplate.getNotBefore() != null ||
-                certTemplate.getNotAfter() != null) {
+                    certTemplate.getNotAfter() != null) {
                 CMS.debug("EnrollProfile:  requested notBefore: " + certTemplate.getNotBefore());
                 CMS.debug("EnrollProfile:  requested notAfter:  " + certTemplate.getNotAfter());
                 CMS.debug("EnrollProfile:  current CA time:     " + new Date());
@@ -874,30 +872,32 @@ public abstract class EnrollProfile extends BasicProfile
             if (certTemplate.hasSubject()) {
                 Name subjectdn = certTemplate.getSubject();
                 ByteArrayOutputStream subjectEncStream =
-                    new ByteArrayOutputStream();
+                        new ByteArrayOutputStream();
 
                 subjectdn.encode(subjectEncStream);
                 byte[] subjectEnc = subjectEncStream.toByteArray();
                 X500Name subject = new X500Name(subjectEnc);
 
-                //info.set(X509CertInfo.SUBJECT,
-                //  new CertificateSubjectName(subject));
+                // info.set(X509CertInfo.SUBJECT,
+                // new CertificateSubjectName(subject));
 
                 req.setExtData(REQUEST_SUBJECT_NAME,
                         new CertificateSubjectName(subject));
                 try {
-                    String subjectCN  = subject.getCommonName();
-                    if (subjectCN  == null) subjectCN  = "";
-                    req.setExtData(REQUEST_SUBJECT_NAME+".cn",  subjectCN);
+                    String subjectCN = subject.getCommonName();
+                    if (subjectCN == null)
+                        subjectCN = "";
+                    req.setExtData(REQUEST_SUBJECT_NAME + ".cn", subjectCN);
                 } catch (Exception ee) {
-                    req.setExtData(REQUEST_SUBJECT_NAME+".cn", "");
+                    req.setExtData(REQUEST_SUBJECT_NAME + ".cn", "");
                 }
                 try {
                     String subjectUID = subject.getUserID();
-                    if (subjectUID == null) subjectUID = "";
-                    req.setExtData(REQUEST_SUBJECT_NAME+".uid", subjectUID);
+                    if (subjectUID == null)
+                        subjectUID = "";
+                    req.setExtData(REQUEST_SUBJECT_NAME + ".uid", subjectUID);
                 } catch (Exception ee) {
-                    req.setExtData(REQUEST_SUBJECT_NAME+".uid", "");
+                    req.setExtData(REQUEST_SUBJECT_NAME + ".uid", "");
                 }
             }
 
@@ -906,11 +906,11 @@ public abstract class EnrollProfile extends BasicProfile
 
             // try {
             extensions = req.getExtDataInCertExts(REQUEST_EXTENSIONS);
-            //  } catch (CertificateException e) {
-            //     extensions = null;
+            // } catch (CertificateException e) {
+            // extensions = null;
             // } catch (IOException e) {
-            //    extensions = null;
-            //  }
+            // extensions = null;
+            // }
             if (certTemplate.hasExtensions()) {
                 // put each extension from CRMF into CertInfo.
                 // index by extension name, consistent with
@@ -921,10 +921,10 @@ public abstract class EnrollProfile extends BasicProfile
 
                 for (int j = 0; j < numexts; j++) {
                     org.mozilla.jss.pkix.cert.Extension jssext =
-                        certTemplate.extensionAt(j);
+                            certTemplate.extensionAt(j);
                     boolean isCritical = jssext.getCritical();
                     org.mozilla.jss.asn1.OBJECT_IDENTIFIER jssoid =
-                        jssext.getExtnId();
+                            jssext.getExtnId();
                     long[] numbers = jssoid.getNumbers();
                     int[] oidNumbers = new int[numbers.length];
 
@@ -932,21 +932,21 @@ public abstract class EnrollProfile extends BasicProfile
                         oidNumbers[k] = (int) numbers[k];
                     }
                     ObjectIdentifier oid =
-                        new ObjectIdentifier(oidNumbers);
+                            new ObjectIdentifier(oidNumbers);
                     org.mozilla.jss.asn1.OCTET_STRING jssvalue =
-                        jssext.getExtnValue();
+                            jssext.getExtnValue();
                     ByteArrayOutputStream jssvalueout =
-                        new ByteArrayOutputStream();
+                            new ByteArrayOutputStream();
 
                     jssvalue.encode(jssvalueout);
                     byte[] extValue = jssvalueout.toByteArray();
 
                     Extension ext =
-                        new Extension(oid, isCritical, extValue);
+                            new Extension(oid, isCritical, extValue);
 
                     extensions.parseExtension(ext);
                 }
-                //                info.set(X509CertInfo.EXTENSIONS, extensions);
+                // info.set(X509CertInfo.EXTENSIONS, extensions);
                 req.setExtData(REQUEST_EXTENSIONS, extensions);
 
             }
@@ -958,14 +958,14 @@ public abstract class EnrollProfile extends BasicProfile
             CMS.debug("EnrollProfile: fillCertReqMsg " + e.toString());
             throw new EProfileException(
                     CMS.getUserMessage(locale, "CMS_PROFILE_INVALID_REQUEST"));
-            //  } catch (CertificateException e) {
-            //     CMS.debug("EnrollProfile: fillCertReqMsg " + e.toString());
-            //    throw new EProfileException(e.toString());
+            // } catch (CertificateException e) {
+            // CMS.debug("EnrollProfile: fillCertReqMsg " + e.toString());
+            // throw new EProfileException(e.toString());
         }
     }
 
     public PKCS10 parsePKCS10(Locale locale, String certreq)
-        throws EProfileException {
+            throws EProfileException {
         /* cert request must not be null */
         if (certreq == null) {
             CMS.debug("EnrollProfile:parsePKCS10() certreq null");
@@ -996,7 +996,7 @@ public abstract class EnrollProfile extends BasicProfile
                     CMS.debug("EnrollProfile: parsePKCS10: use internal token");
                     signToken = cm.getInternalCryptoToken();
                 } else {
-                    CMS.debug("EnrollProfile: parsePKCS10: tokenName="+ tokenName);
+                    CMS.debug("EnrollProfile: parsePKCS10: tokenName=" + tokenName);
                     signToken = cm.getTokenByName(tokenName);
                 }
                 CMS.debug("EnrollProfile: parsePKCS10 setting thread token");
@@ -1021,7 +1021,7 @@ public abstract class EnrollProfile extends BasicProfile
     }
 
     public void fillPKCS10(Locale locale, PKCS10 pkcs10, X509CertInfo info, IRequest req)
-        throws EProfileException {
+            throws EProfileException {
         X509Key key = pkcs10.getSubjectPublicKeyInfo();
 
         try {
@@ -1033,18 +1033,20 @@ public abstract class EnrollProfile extends BasicProfile
             req.setExtData(EnrollProfile.REQUEST_SUBJECT_NAME,
                     new CertificateSubjectName(pkcs10.getSubjectName()));
             try {
-                String subjectCN  = pkcs10.getSubjectName().getCommonName();
-                if (subjectCN  == null) subjectCN  = "";
-                req.setExtData(REQUEST_SUBJECT_NAME+".cn",  subjectCN);
+                String subjectCN = pkcs10.getSubjectName().getCommonName();
+                if (subjectCN == null)
+                    subjectCN = "";
+                req.setExtData(REQUEST_SUBJECT_NAME + ".cn", subjectCN);
             } catch (Exception ee) {
-                req.setExtData(REQUEST_SUBJECT_NAME+".cn", "");
+                req.setExtData(REQUEST_SUBJECT_NAME + ".cn", "");
             }
             try {
                 String subjectUID = pkcs10.getSubjectName().getUserID();
-                if (subjectUID == null) subjectUID = "";
-                req.setExtData(REQUEST_SUBJECT_NAME+".uid", subjectUID);
+                if (subjectUID == null)
+                    subjectUID = "";
+                req.setExtData(REQUEST_SUBJECT_NAME + ".uid", subjectUID);
             } catch (Exception ee) {
-                req.setExtData(REQUEST_SUBJECT_NAME+".uid", "");
+                req.setExtData(REQUEST_SUBJECT_NAME + ".uid", "");
             }
 
             info.set(X509CertInfo.KEY, certKey);
@@ -1052,11 +1054,12 @@ public abstract class EnrollProfile extends BasicProfile
             PKCS10Attributes p10Attrs = pkcs10.getAttributes();
             if (p10Attrs != null) {
                 PKCS10Attribute p10Attr = (PKCS10Attribute)
-                    (p10Attrs.getAttribute(CertificateExtensions.NAME));
+                        (p10Attrs.getAttribute(CertificateExtensions.NAME));
                 if (p10Attr != null && p10Attr.getAttributeId().equals(
-                        PKCS9Attribute.EXTENSION_REQUEST_OID)) {                                    CMS.debug("Found PKCS10 extension");
+                        PKCS9Attribute.EXTENSION_REQUEST_OID)) {
+                    CMS.debug("Found PKCS10 extension");
                     Extensions exts0 = (Extensions)
-                        (p10Attr.getAttributeValue());
+                            (p10Attr.getAttributeValue());
                     DerOutputStream extOut = new DerOutputStream();
 
                     exts0.encode(extOut);
@@ -1070,8 +1073,8 @@ public abstract class EnrollProfile extends BasicProfile
                     }
                 } else {
                     CMS.debug("PKCS10 extension Not Found");
-                } 
-            } 
+                }
+            }
 
             CMS.debug("Finish parsePKCS10 - " + pkcs10.getSubjectName());
         } catch (IOException e) {
@@ -1085,60 +1088,58 @@ public abstract class EnrollProfile extends BasicProfile
         }
     }
 
+    // for netkey
+    public void fillNSNKEY(Locale locale, String sn, String skey, X509CertInfo info, IRequest req)
+            throws EProfileException {
 
- // for netkey
-        public void fillNSNKEY(Locale locale, String sn, String skey, X509CertInfo info, IRequest req)
-        throws EProfileException {
+        try {
+            // cfu - is the algorithm going to be replaced by the policy?
+            X509Key key = new X509Key();
+            key.decode(CMS.AtoB(skey));
+
+            info.set(X509CertInfo.KEY, new CertificateX509Key(key));
+            // req.set(EnrollProfile.REQUEST_SUBJECT_NAME,
+            // new CertificateSubjectName(new
+            // X500Name("CN="+sn)));
+            req.setExtData("screenname", sn);
+            // keeping "aoluid" to be backward compatible
+            req.setExtData("aoluid", sn);
+            req.setExtData("uid", sn);
+            CMS.debug("EnrollPrifile: fillNSNKEY(): uid=" + sn);
 
-                try {
-                        //cfu - is the algorithm going to be replaced by the policy?
-                        X509Key key = new  X509Key();
-                        key.decode(CMS.AtoB(skey));
-
-                        info.set(X509CertInfo.KEY, new CertificateX509Key(key));
-                        //                      req.set(EnrollProfile.REQUEST_SUBJECT_NAME,
-                        //                              new CertificateSubjectName(new
-                        //                              X500Name("CN="+sn)));
-                        req.setExtData("screenname", sn);
-                        // keeping "aoluid" to be backward compatible
-                        req.setExtData("aoluid", sn);
-                        req.setExtData("uid", sn);
-                        CMS.debug("EnrollPrifile: fillNSNKEY(): uid="+sn);
-
-                } catch (Exception e) {
-                        CMS.debug("EnrollProfile: fillNSNKEY(): "+e.toString());
+        } catch (Exception e) {
+            CMS.debug("EnrollProfile: fillNSNKEY(): " + e.toString());
             throw new EProfileException(
                     CMS.getUserMessage(locale, "CMS_PROFILE_INVALID_REQUEST"));
-                }
         }
+    }
 
- // for house key
-        public void fillNSHKEY(Locale locale, String tcuid, String skey, X509CertInfo info, IRequest req)
-        throws EProfileException {
+    // for house key
+    public void fillNSHKEY(Locale locale, String tcuid, String skey, X509CertInfo info, IRequest req)
+            throws EProfileException {
 
-                try {
-                        //cfu - is the algorithm going to be replaced by the policy?
-                        X509Key key = new  X509Key();
-                        key.decode(CMS.AtoB(skey));
+        try {
+            // cfu - is the algorithm going to be replaced by the policy?
+            X509Key key = new X509Key();
+            key.decode(CMS.AtoB(skey));
 
-                        info.set(X509CertInfo.KEY, new CertificateX509Key(key));
-                        //                      req.set(EnrollProfile.REQUEST_SUBJECT_NAME,
-                        //                              new CertificateSubjectName(new
-                        //                              X500Name("CN="+sn)));
-                        req.setExtData("tokencuid", tcuid);
+            info.set(X509CertInfo.KEY, new CertificateX509Key(key));
+            // req.set(EnrollProfile.REQUEST_SUBJECT_NAME,
+            // new CertificateSubjectName(new
+            // X500Name("CN="+sn)));
+            req.setExtData("tokencuid", tcuid);
 
-                        CMS.debug("EnrollPrifile: fillNSNKEY(): tokencuid="+tcuid);
+            CMS.debug("EnrollPrifile: fillNSNKEY(): tokencuid=" + tcuid);
 
-                } catch (Exception e) {
-                        CMS.debug("EnrollProfile: fillNSHKEY(): "+e.toString());
+        } catch (Exception e) {
+            CMS.debug("EnrollProfile: fillNSHKEY(): " + e.toString());
             throw new EProfileException(
                     CMS.getUserMessage(locale, "CMS_PROFILE_INVALID_REQUEST"));
-                }
         }
-
+    }
 
     public DerInputStream parseKeyGen(Locale locale, String certreq)
-        throws EProfileException {
+            throws EProfileException {
         byte data[] = CMS.AtoB(certreq);
 
         DerInputStream derIn = new DerInputStream(data);
@@ -1147,8 +1148,8 @@ public abstract class EnrollProfile extends BasicProfile
     }
 
     public void fillKeyGen(Locale locale, DerInputStream derIn, X509CertInfo info, IRequest req
-    )
-        throws EProfileException {
+            )
+                    throws EProfileException {
         try {
 
             /* get SPKAC Algorithm & Signature */
@@ -1229,37 +1230,38 @@ public abstract class EnrollProfile extends BasicProfile
     /**
      * Populate input
      * <P>
-     *
+     * 
      * (either all "agent" profile cert requests NOT made through a connector,
-     *  or all "EE" profile cert requests NOT made through a connector)
+     * or all "EE" profile cert requests NOT made through a connector)
      * <P>
-     *
+     * 
      * <ul>
      * <li>signed.audit LOGGING_SIGNED_AUDIT_PROFILE_CERT_REQUEST used when a
      * profile cert request is made (before approval process)
      * </ul>
+     * 
      * @param ctx profile context
      * @param request the certificate request
      * @exception EProfileException an error related to this profile has
-     * occurred
+     *                occurred
      */
     public void populateInput(IProfileContext ctx, IRequest request)
-        throws EProfileException {
+            throws EProfileException {
         super.populateInput(ctx, request);
     }
 
     public void populate(IRequest request)
-        throws EProfileException {
+            throws EProfileException {
         super.populate(request);
 
     }
 
     /**
-     * Passes the request to the set of constraint policies
-     * that validate the request against the profile.
+     * Passes the request to the set of constraint policies that validate the
+     * request against the profile.
      */
     public void validate(IRequest request)
-        throws ERejectException {
+            throws ERejectException {
         String auditMessage = null;
         String auditSubjectID = auditSubjectID();
         String auditRequesterID = auditRequesterID(request);
@@ -1272,15 +1274,15 @@ public abstract class EnrollProfile extends BasicProfile
 
         try {
             CertificateSubjectName sn = (CertificateSubjectName)
-                info.get(X509CertInfo.SUBJECT);
+                    info.get(X509CertInfo.SUBJECT);
 
             // if the cert subject name is NOT MISSING, retrieve the
             // actual "auditCertificateSubjectName" and "normalize" it
             if (sn != null) {
                 subject = sn.toString();
                 if (subject != null) {
-                    // NOTE:  This is ok even if the cert subject name
-                    //        is "" (empty)!
+                    // NOTE: This is ok even if the cert subject name
+                    // is "" (empty)!
                     auditCertificateSubjectName = subject.trim();
                 }
             }
@@ -1348,12 +1350,11 @@ public abstract class EnrollProfile extends BasicProfile
 
     /**
      * Signed Audit Log Requester ID
-     *
-     * This method is inherited by all extended "EnrollProfile"s,
-     * and is called to obtain the "RequesterID" for
-     * a signed audit log message.
+     * 
+     * This method is inherited by all extended "EnrollProfile"s, and is called
+     * to obtain the "RequesterID" for a signed audit log message.
      * <P>
-     *
+     * 
      * @param request the actual request
      * @return id string containing the signed audit log message RequesterID
      */
@@ -1379,12 +1380,11 @@ public abstract class EnrollProfile extends BasicProfile
 
     /**
      * Signed Audit Log Profile ID
-     *
-     * This method is inherited by all extended "EnrollProfile"s,
-     * and is called to obtain the "ProfileID" for
-     * a signed audit log message.
+     * 
+     * This method is inherited by all extended "EnrollProfile"s, and is called
+     * to obtain the "ProfileID" for a signed audit log message.
      * <P>
-     *
+     * 
      * @return id string containing the signed audit log message ProfileID
      */
     protected String auditProfileID() {
@@ -1405,7 +1405,7 @@ public abstract class EnrollProfile extends BasicProfile
     }
 
     public void verifyPOP(Locale locale, CertReqMsg certReqMsg)
-        throws EProfileException {
+            throws EProfileException {
         CMS.debug("EnrollProfile ::in verifyPOP");
 
         String auditMessage = null;
@@ -1429,32 +1429,31 @@ public abstract class EnrollProfile extends BasicProfile
                 CMS.debug("POP verification using internal token");
                 certReqMsg.verify();
             } else {
-                CMS.debug("POP verification using token:"+ tokenName);
+                CMS.debug("POP verification using token:" + tokenName);
                 verifyToken = cm.getTokenByName(tokenName);
                 certReqMsg.verify(verifyToken);
             }
 
             // store a message in the signed audit log file
             auditMessage = CMS.getLogMessage(
-              LOGGING_SIGNED_AUDIT_PROOF_OF_POSSESSION,
-              auditSubjectID,
-              ILogger.SUCCESS );
-            audit( auditMessage );
+                    LOGGING_SIGNED_AUDIT_PROOF_OF_POSSESSION,
+                    auditSubjectID,
+                    ILogger.SUCCESS);
+            audit(auditMessage);
         } catch (Exception e) {
 
-            CMS.debug("Failed POP verify! "+e.toString());
+            CMS.debug("Failed POP verify! " + e.toString());
 
             // store a message in the signed audit log file
             auditMessage = CMS.getLogMessage(
-              LOGGING_SIGNED_AUDIT_PROOF_OF_POSSESSION,
-              auditSubjectID,
-              ILogger.FAILURE );
+                    LOGGING_SIGNED_AUDIT_PROOF_OF_POSSESSION,
+                    auditSubjectID,
+                    ILogger.FAILURE);
 
-            audit( auditMessage );
+            audit(auditMessage);
 
             throw new EProfileException(CMS.getUserMessage(locale,
                         "CMS_POP_VERIFICATION_ERROR"));
         }
     }
 }
-
diff --git a/pki/base/common/src/com/netscape/cms/profile/common/EnrollProfileContext.java b/pki/base/common/src/com/netscape/cms/profile/common/EnrollProfileContext.java
index 199aa794..06b05a44 100644
--- a/pki/base/common/src/com/netscape/cms/profile/common/EnrollProfileContext.java
+++ b/pki/base/common/src/com/netscape/cms/profile/common/EnrollProfileContext.java
@@ -17,17 +17,15 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.profile.common;
 
-
 import com.netscape.certsrv.profile.IProfileContext;
 
-
 /**
- * This class implements an enrollment profile context
- * that carries information for request creation.
- *
+ * This class implements an enrollment profile context that carries information
+ * for request creation.
+ * 
  * @version $Revision$, $Date$
  */
-public class EnrollProfileContext extends ProfileContext 
-    implements IProfileContext {
+public class EnrollProfileContext extends ProfileContext
+        implements IProfileContext {
 
 }
diff --git a/pki/base/common/src/com/netscape/cms/profile/common/ProfileContext.java b/pki/base/common/src/com/netscape/cms/profile/common/ProfileContext.java
index 147d9c82..7a275b1e 100644
--- a/pki/base/common/src/com/netscape/cms/profile/common/ProfileContext.java
+++ b/pki/base/common/src/com/netscape/cms/profile/common/ProfileContext.java
@@ -17,15 +17,13 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.profile.common;
 
-
 import java.util.Hashtable;
 
 import com.netscape.certsrv.profile.IProfileContext;
 
-
 /**
  * This class implements the profile context.
- *
+ * 
  * @version $Revision$, $Date$
  */
 public class ProfileContext implements IProfileContext {
diff --git a/pki/base/common/src/com/netscape/cms/profile/common/ProfilePolicy.java b/pki/base/common/src/com/netscape/cms/profile/common/ProfilePolicy.java
index a0f0ed25..7021925a 100644
--- a/pki/base/common/src/com/netscape/cms/profile/common/ProfilePolicy.java
+++ b/pki/base/common/src/com/netscape/cms/profile/common/ProfilePolicy.java
@@ -17,17 +17,14 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.profile.common;
 
-
 import com.netscape.certsrv.profile.IPolicyConstraint;
 import com.netscape.certsrv.profile.IPolicyDefault;
 import com.netscape.certsrv.profile.IProfilePolicy;
 
-
 /**
- * This class implements a profile policy that
- * contains a default policy and a constraint
- * policy.
- *
+ * This class implements a profile policy that contains a default policy and a
+ * constraint policy.
+ * 
  * @version $Revision$, $Date$
  */
 public class ProfilePolicy implements IProfilePolicy {
diff --git a/pki/base/common/src/com/netscape/cms/profile/common/RAEnrollProfile.java b/pki/base/common/src/com/netscape/cms/profile/common/RAEnrollProfile.java
index f82e7313..ed6e6e48 100644
--- a/pki/base/common/src/com/netscape/cms/profile/common/RAEnrollProfile.java
+++ b/pki/base/common/src/com/netscape/cms/profile/common/RAEnrollProfile.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.profile.common;
 
-
 import java.util.Enumeration;
 
 import netscape.security.x509.X500Name;
@@ -35,11 +34,9 @@ import com.netscape.certsrv.request.IRequestListener;
 import com.netscape.certsrv.request.IRequestQueue;
 import com.netscape.certsrv.request.RequestStatus;
 
-
 /**
- * This class implements a Registration Manager 
- * enrollment profile.
- *
+ * This class implements a Registration Manager enrollment profile.
+ * 
  * @version $Revision$, $Date$
  */
 public class RAEnrollProfile extends EnrollProfile {
@@ -49,8 +46,8 @@ public class RAEnrollProfile extends EnrollProfile {
     }
 
     public IAuthority getAuthority() {
-        IAuthority authority = (IAuthority) 
-            CMS.getSubsystem(CMS.SUBSYSTEM_RA);
+        IAuthority authority = (IAuthority)
+                CMS.getSubsystem(CMS.SUBSYSTEM_RA);
 
         if (authority == null)
             return null;
@@ -59,15 +56,14 @@ public class RAEnrollProfile extends EnrollProfile {
 
     public X500Name getIssuerName() {
         IRegistrationAuthority ra = (IRegistrationAuthority)
-            CMS.getSubsystem(CMS.SUBSYSTEM_RA);
+                CMS.getSubsystem(CMS.SUBSYSTEM_RA);
         X500Name issuerName = ra.getX500Name();
 
         return issuerName;
     }
 
     public void execute(IRequest request)
-        throws EProfileException {
-
+            throws EProfileException {
 
         if (!isEnable()) {
             CMS.debug("CAEnrollProfile: Profile Not Enabled");
@@ -75,14 +71,13 @@ public class RAEnrollProfile extends EnrollProfile {
         }
 
         IRegistrationAuthority ra =
-            (IRegistrationAuthority) getAuthority();
+                (IRegistrationAuthority) getAuthority();
         IRAService raService = (IRAService) ra.getRAService();
 
         if (raService == null) {
             throw new EProfileException("No RA Service");
         }
 
-
         IRequestQueue queue = ra.getRequestQueue();
 
         // send request to CA
@@ -94,13 +89,13 @@ public class RAEnrollProfile extends EnrollProfile {
             } else {
                 caConnector.send(request);
                 // check response
-                if (!request.isSuccess()) { 
+                if (!request.isSuccess()) {
                     CMS.debug("RAEnrollProfile error talking to CA setting req status to SVC_PENDING");
 
                     request.setRequestStatus(RequestStatus.SVC_PENDING);
 
                     try {
-                       queue.updateRequest(request);
+                        queue.updateRequest(request);
                     } catch (EBaseException e) {
                         CMS.debug("RAEnrollProfile: Update request " + e.toString());
                     }
diff --git a/pki/base/common/src/com/netscape/cms/profile/common/ServerCertCAEnrollProfile.java b/pki/base/common/src/com/netscape/cms/profile/common/ServerCertCAEnrollProfile.java
index 4a18ff14..4cb5644b 100644
--- a/pki/base/common/src/com/netscape/cms/profile/common/ServerCertCAEnrollProfile.java
+++ b/pki/base/common/src/com/netscape/cms/profile/common/ServerCertCAEnrollProfile.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.profile.common;
 
-
 import com.netscape.certsrv.base.EBaseException;
 import com.netscape.certsrv.base.IConfigStore;
 import com.netscape.certsrv.common.NameValuePairs;
@@ -28,91 +27,89 @@ import com.netscape.certsrv.profile.IProfileInput;
 import com.netscape.certsrv.profile.IProfileOutput;
 import com.netscape.certsrv.profile.IProfilePolicy;
 
-
 /**
- * This class implements a Certificate Manager enrollment
- * profile for Server Certificates.
- *
+ * This class implements a Certificate Manager enrollment profile for Server
+ * Certificates.
+ * 
  * @version $Revision$, $Date$
  */
-public class ServerCertCAEnrollProfile extends CAEnrollProfile 
-   implements IProfileEx {
+public class ServerCertCAEnrollProfile extends CAEnrollProfile
+        implements IProfileEx {
 
     /**
-     * Called after initialization. It populates default
-     * policies, inputs, and outputs.
+     * Called after initialization. It populates default policies, inputs, and
+     * outputs.
      */
-    public void populate() throws EBaseException
-    {
+    public void populate() throws EBaseException {
         // create inputs
         NameValuePairs inputParams1 = new NameValuePairs();
         IProfileInput input1 =
-          createProfileInput("i1", "certReqInputImpl", inputParams1);
+                createProfileInput("i1", "certReqInputImpl", inputParams1);
         NameValuePairs inputParams2 = new NameValuePairs();
         IProfileInput input2 =
-          createProfileInput("i2", "submitterInfoInputImpl", inputParams2);
+                createProfileInput("i2", "submitterInfoInputImpl", inputParams2);
 
         // create outputs
         NameValuePairs outputParams1 = new NameValuePairs();
         IProfileOutput output1 =
-          createProfileOutput("o1", "certOutputImpl", outputParams1);
+                createProfileOutput("o1", "certOutputImpl", outputParams1);
 
         IProfilePolicy policy1 =
-          createProfilePolicy("set1", "p1",
-            "userSubjectNameDefaultImpl", "noConstraintImpl");
+                createProfilePolicy("set1", "p1",
+                        "userSubjectNameDefaultImpl", "noConstraintImpl");
         IPolicyDefault def1 = policy1.getDefault();
         IConfigStore defConfig1 = def1.getConfigStore();
         IPolicyConstraint con1 = policy1.getConstraint();
         IConfigStore conConfig1 = con1.getConfigStore();
 
         IProfilePolicy policy2 =
-          createProfilePolicy("set1", "p2",
-            "validityDefaultImpl", "noConstraintImpl");
+                createProfilePolicy("set1", "p2",
+                        "validityDefaultImpl", "noConstraintImpl");
         IPolicyDefault def2 = policy2.getDefault();
         IConfigStore defConfig2 = def2.getConfigStore();
-        defConfig2.putString("params.range","180");
-        defConfig2.putString("params.startTime","0");
+        defConfig2.putString("params.range", "180");
+        defConfig2.putString("params.startTime", "0");
         IPolicyConstraint con2 = policy2.getConstraint();
         IConfigStore conConfig2 = con2.getConfigStore();
 
         IProfilePolicy policy3 =
-          createProfilePolicy("set1", "p3",
-            "userKeyDefaultImpl", "noConstraintImpl");
+                createProfilePolicy("set1", "p3",
+                        "userKeyDefaultImpl", "noConstraintImpl");
         IPolicyDefault def3 = policy3.getDefault();
         IConfigStore defConfig3 = def3.getConfigStore();
-        defConfig3.putString("params.keyType","RSA");
-        defConfig3.putString("params.keyMinLength","512");
-        defConfig3.putString("params.keyMaxLength","4096");
+        defConfig3.putString("params.keyType", "RSA");
+        defConfig3.putString("params.keyMinLength", "512");
+        defConfig3.putString("params.keyMaxLength", "4096");
         IPolicyConstraint con3 = policy3.getConstraint();
         IConfigStore conConfig3 = con3.getConfigStore();
 
         IProfilePolicy policy4 =
-          createProfilePolicy("set1", "p4",
-            "signingAlgDefaultImpl", "noConstraintImpl");
+                createProfilePolicy("set1", "p4",
+                        "signingAlgDefaultImpl", "noConstraintImpl");
         IPolicyDefault def4 = policy4.getDefault();
         IConfigStore defConfig4 = def4.getConfigStore();
-        defConfig4.putString("params.signingAlg","-");
+        defConfig4.putString("params.signingAlg", "-");
         defConfig4.putString("params.signingAlgsAllowed",
-          "SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC");
+                "SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC");
         IPolicyConstraint con4 = policy4.getConstraint();
         IConfigStore conConfig4 = con4.getConfigStore();
 
-        IProfilePolicy policy5 = 
-          createProfilePolicy("set1", "p5", 
-            "keyUsageExtDefaultImpl", "noConstraintImpl"); 
-        IPolicyDefault def5 = policy5.getDefault(); 
-        IConfigStore defConfig5 = def5.getConfigStore(); 
-        defConfig5.putString("params.keyUsageCritical","true"); 
-        defConfig5.putString("params.keyUsageCrlSign","false"); 
-        defConfig5.putString("params.keyUsageDataEncipherment","true"); 
-        defConfig5.putString("params.keyUsageDecipherOnly","false"); 
-        defConfig5.putString("params.keyUsageDigitalSignature","true"); 
-        defConfig5.putString("params.keyUsageEncipherOnly","false"); 
-        defConfig5.putString("params.keyUsageKeyAgreement","false"); 
-        defConfig5.putString("params.keyUsageKeyCertSign","false"); 
-        defConfig5.putString("params.keyUsageKeyEncipherment","true"); 
-        defConfig5.putString("params.keyUsageNonRepudiation","true"); 
-        IPolicyConstraint con5 = policy5.getConstraint(); 
+        IProfilePolicy policy5 =
+                createProfilePolicy("set1", "p5",
+                        "keyUsageExtDefaultImpl", "noConstraintImpl");
+        IPolicyDefault def5 = policy5.getDefault();
+        IConfigStore defConfig5 = def5.getConfigStore();
+        defConfig5.putString("params.keyUsageCritical", "true");
+        defConfig5.putString("params.keyUsageCrlSign", "false");
+        defConfig5.putString("params.keyUsageDataEncipherment", "true");
+        defConfig5.putString("params.keyUsageDecipherOnly", "false");
+        defConfig5.putString("params.keyUsageDigitalSignature", "true");
+        defConfig5.putString("params.keyUsageEncipherOnly", "false");
+        defConfig5.putString("params.keyUsageKeyAgreement", "false");
+        defConfig5.putString("params.keyUsageKeyCertSign", "false");
+        defConfig5.putString("params.keyUsageKeyEncipherment", "true");
+        defConfig5.putString("params.keyUsageNonRepudiation", "true");
+        IPolicyConstraint con5 = policy5.getConstraint();
         IConfigStore conConfig5 = con5.getConfigStore();
 
     }
diff --git a/pki/base/common/src/com/netscape/cms/profile/common/UserCertCAEnrollProfile.java b/pki/base/common/src/com/netscape/cms/profile/common/UserCertCAEnrollProfile.java
index 7d4254bf..24e92cfa 100644
--- a/pki/base/common/src/com/netscape/cms/profile/common/UserCertCAEnrollProfile.java
+++ b/pki/base/common/src/com/netscape/cms/profile/common/UserCertCAEnrollProfile.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.profile.common;
 
-
 import com.netscape.certsrv.base.EBaseException;
 import com.netscape.certsrv.base.IConfigStore;
 import com.netscape.certsrv.common.NameValuePairs;
@@ -28,94 +27,92 @@ import com.netscape.certsrv.profile.IProfileInput;
 import com.netscape.certsrv.profile.IProfileOutput;
 import com.netscape.certsrv.profile.IProfilePolicy;
 
-
 /**
- * This class implements a Certificate Manager enrollment
- * profile for User Certificates.
- *
+ * This class implements a Certificate Manager enrollment profile for User
+ * Certificates.
+ * 
  * @version $Revision$, $Date$
  */
-public class UserCertCAEnrollProfile extends CAEnrollProfile 
-   implements IProfileEx { 
+public class UserCertCAEnrollProfile extends CAEnrollProfile
+        implements IProfileEx {
 
     /**
-     * Called after initialization. It populates default
-     * policies, inputs, and outputs.
+     * Called after initialization. It populates default policies, inputs, and
+     * outputs.
      */
-    public void populate() throws EBaseException
-    {
+    public void populate() throws EBaseException {
         // create inputs
         NameValuePairs inputParams1 = new NameValuePairs();
         IProfileInput input1 =
-          createProfileInput("i1", "keyGenInputImpl", inputParams1);
+                createProfileInput("i1", "keyGenInputImpl", inputParams1);
         NameValuePairs inputParams2 = new NameValuePairs();
         IProfileInput input2 =
-          createProfileInput("i2", "subjectNameInputImpl", inputParams2);
+                createProfileInput("i2", "subjectNameInputImpl", inputParams2);
         NameValuePairs inputParams3 = new NameValuePairs();
         IProfileInput input3 =
-          createProfileInput("i3", "submitterInfoInputImpl", inputParams2);
+                createProfileInput("i3", "submitterInfoInputImpl", inputParams2);
 
         // create outputs
         NameValuePairs outputParams1 = new NameValuePairs();
         IProfileOutput output1 =
-          createProfileOutput("o1", "certOutputImpl", outputParams1);
+                createProfileOutput("o1", "certOutputImpl", outputParams1);
 
         // create policies
         IProfilePolicy policy1 =
-          createProfilePolicy("set1", "p1", 
-            "userSubjectNameDefaultImpl", "noConstraintImpl"); 
-        IPolicyDefault def1 = policy1.getDefault(); 
-        IConfigStore defConfig1 = def1.getConfigStore(); 
-        IPolicyConstraint con1 = policy1.getConstraint(); 
+                createProfilePolicy("set1", "p1",
+                        "userSubjectNameDefaultImpl", "noConstraintImpl");
+        IPolicyDefault def1 = policy1.getDefault();
+        IConfigStore defConfig1 = def1.getConfigStore();
+        IPolicyConstraint con1 = policy1.getConstraint();
         IConfigStore conConfig1 = con1.getConfigStore();
 
         IProfilePolicy policy2 =
-          createProfilePolicy("set1", "p2", 
-            "validityDefaultImpl", "noConstraintImpl");
-        IPolicyDefault def2 = policy2.getDefault(); 
-        IConfigStore defConfig2 = def2.getConfigStore(); 
-        defConfig2.putString("params.range","180");
-        defConfig2.putString("params.startTime","0");
-        IPolicyConstraint con2 = policy2.getConstraint(); 
+                createProfilePolicy("set1", "p2",
+                        "validityDefaultImpl", "noConstraintImpl");
+        IPolicyDefault def2 = policy2.getDefault();
+        IConfigStore defConfig2 = def2.getConfigStore();
+        defConfig2.putString("params.range", "180");
+        defConfig2.putString("params.startTime", "0");
+        IPolicyConstraint con2 = policy2.getConstraint();
         IConfigStore conConfig2 = con2.getConfigStore();
 
         IProfilePolicy policy3 =
-          createProfilePolicy("set1", "p3", 
-            "userKeyDefaultImpl", "noConstraintImpl");
-        IPolicyDefault def3 = policy3.getDefault(); 
-        IConfigStore defConfig3 = def3.getConfigStore(); 
-        defConfig3.putString("params.keyType","RSA");
-        defConfig3.putString("params.keyMinLength","512");
-        defConfig3.putString("params.keyMaxLength","4096");
-        IPolicyConstraint con3 = policy3.getConstraint(); 
+                createProfilePolicy("set1", "p3",
+                        "userKeyDefaultImpl", "noConstraintImpl");
+        IPolicyDefault def3 = policy3.getDefault();
+        IConfigStore defConfig3 = def3.getConfigStore();
+        defConfig3.putString("params.keyType", "RSA");
+        defConfig3.putString("params.keyMinLength", "512");
+        defConfig3.putString("params.keyMaxLength", "4096");
+        IPolicyConstraint con3 = policy3.getConstraint();
         IConfigStore conConfig3 = con3.getConfigStore();
 
         IProfilePolicy policy4 =
-          createProfilePolicy("set1", "p4", 
-            "signingAlgDefaultImpl", "noConstraintImpl");
-        IPolicyDefault def4 = policy4.getDefault(); 
-        IConfigStore defConfig4 = def4.getConfigStore(); 
-        defConfig4.putString("params.signingAlg","-");
+                createProfilePolicy("set1", "p4",
+                        "signingAlgDefaultImpl", "noConstraintImpl");
+        IPolicyDefault def4 = policy4.getDefault();
+        IConfigStore defConfig4 = def4.getConfigStore();
+        defConfig4.putString("params.signingAlg", "-");
         defConfig4.putString("params.signingAlgsAllowed",
-          "SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC");
-        IPolicyConstraint con4 = policy4.getConstraint(); 
+                "SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC");
+        IPolicyConstraint con4 = policy4.getConstraint();
         IConfigStore conConfig4 = con4.getConfigStore();
 
         IProfilePolicy policy5 =
-          createProfilePolicy("set1", "p5",
-            "keyUsageExtDefaultImpl", "noConstraintImpl");
+                createProfilePolicy("set1", "p5",
+                        "keyUsageExtDefaultImpl", "noConstraintImpl");
         IPolicyDefault def5 = policy5.getDefault();
         IConfigStore defConfig5 = def5.getConfigStore();
-        defConfig5.putString("params.keyUsageCritical","true");
-        defConfig5.putString("params.keyUsageCrlSign","false");
-        defConfig5.putString("params.keyUsageDataEncipherment","false");
-        defConfig5.putString("params.keyUsageDecipherOnly","false");
-        defConfig5.putString("params.keyUsageDigitalSignature","true");
-        defConfig5.putString("params.keyUsageEncipherOnly","false");
-        defConfig5.putString("params.keyUsageKeyAgreement","false");
-        defConfig5.putString("params.keyUsageKeyCertSign","false");
-        defConfig5.putString("params.keyUsageKeyEncipherment","true");
-        defConfig5.putString("params.keyUsageNonRepudiation","true");
+        defConfig5.putString("params.keyUsageCritical", "true");
+        defConfig5.putString("params.keyUsageCrlSign", "false");
+        defConfig5.putString("params.keyUsageDataEncipherment", "false");
+        defConfig5.putString("params.keyUsageDecipherOnly", "false");
+        defConfig5.putString("params.keyUsageDigitalSignature", "true");
+        defConfig5.putString("params.keyUsageEncipherOnly", "false");
+        defConfig5.putString("params.keyUsageKeyAgreement", "false");
+        defConfig5.putString("params.keyUsageKeyCertSign", "false");
+        defConfig5.putString("params.keyUsageKeyEncipherment", "true");
+        defConfig5.putString("params.keyUsageNonRepudiation", "true");
         IPolicyConstraint con5 = policy5.getConstraint();
         IConfigStore conConfig5 = con5.getConfigStore();
     }
diff --git a/pki/base/common/src/com/netscape/cms/profile/constraint/BasicConstraintsExtConstraint.java b/pki/base/common/src/com/netscape/cms/profile/constraint/BasicConstraintsExtConstraint.java
index 4e4c2f60..a196d330 100644
--- a/pki/base/common/src/com/netscape/cms/profile/constraint/BasicConstraintsExtConstraint.java
+++ b/pki/base/common/src/com/netscape/cms/profile/constraint/BasicConstraintsExtConstraint.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.profile.constraint;
 
-
 import java.io.IOException;
 import java.util.Locale;
 
@@ -40,24 +39,22 @@ import com.netscape.cms.profile.def.BasicConstraintsExtDefault;
 import com.netscape.cms.profile.def.NoDefault;
 import com.netscape.cms.profile.def.UserExtensionDefault;
 
-
 /**
- * This class implements the basic constraints extension constraint.
- * It checks if the basic constraint in the certificate
- * template satisfies the criteria.
- *
+ * This class implements the basic constraints extension constraint. It checks
+ * if the basic constraint in the certificate template satisfies the criteria.
+ * 
  * @version $Revision$, $Date$
  */
 public class BasicConstraintsExtConstraint extends EnrollConstraint {
 
-    public static final String CONFIG_CRITICAL = 
-        "basicConstraintsCritical";
-    public static final String CONFIG_IS_CA = 
-        "basicConstraintsIsCA";
-    public static final String CONFIG_MIN_PATH_LEN = 
-        "basicConstraintsMinPathLen";
-    public static final String CONFIG_MAX_PATH_LEN = 
-        "basicConstraintsMaxPathLen";
+    public static final String CONFIG_CRITICAL =
+            "basicConstraintsCritical";
+    public static final String CONFIG_IS_CA =
+            "basicConstraintsIsCA";
+    public static final String CONFIG_MIN_PATH_LEN =
+            "basicConstraintsMinPathLen";
+    public static final String CONFIG_MAX_PATH_LEN =
+            "basicConstraintsMaxPathLen";
 
     public BasicConstraintsExtConstraint() {
         super();
@@ -71,25 +68,25 @@ public class BasicConstraintsExtConstraint extends EnrollConstraint {
      * Initializes this constraint plugin.
      */
     public void init(IProfile profile, IConfigStore config)
-        throws EProfileException {
+            throws EProfileException {
         super.init(profile, config);
     }
 
-    public IDescriptor getConfigDescriptor(Locale locale, String name) { 
-        if (name.equals(CONFIG_CRITICAL)) { 
-            return new Descriptor(IDescriptor.CHOICE, "true,false,-", 
+    public IDescriptor getConfigDescriptor(Locale locale, String name) {
+        if (name.equals(CONFIG_CRITICAL)) {
+            return new Descriptor(IDescriptor.CHOICE, "true,false,-",
                     "-",
                     CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL"));
         } else if (name.equals(CONFIG_IS_CA)) {
-            return new Descriptor(IDescriptor.CHOICE, "true,false,-", 
+            return new Descriptor(IDescriptor.CHOICE, "true,false,-",
                     "-",
                     CMS.getUserMessage(locale, "CMS_PROFILE_IS_CA"));
         } else if (name.equals(CONFIG_MIN_PATH_LEN)) {
-            return new Descriptor(IDescriptor.INTEGER, null, 
+            return new Descriptor(IDescriptor.INTEGER, null,
                     "-1",
                     CMS.getUserMessage(locale, "CMS_PROFILE_MIN_PATH_LEN"));
         } else if (name.equals(CONFIG_MAX_PATH_LEN)) {
-            return new Descriptor(IDescriptor.INTEGER, null, 
+            return new Descriptor(IDescriptor.INTEGER, null,
                     "100",
                     CMS.getUserMessage(locale, "CMS_PROFILE_MAX_PATH_LEN"));
         }
@@ -97,24 +94,23 @@ public class BasicConstraintsExtConstraint extends EnrollConstraint {
     }
 
     /**
-     * Validates the request. The request is not modified
-     * during the validation.
+     * Validates the request. The request is not modified during the validation.
      */
     public void validate(IRequest request, X509CertInfo info)
-        throws ERejectException {
+            throws ERejectException {
         CertificateExtensions exts = null;
 
         try {
             BasicConstraintsExtension ext = (BasicConstraintsExtension)
-                getExtension(PKIXExtensions.BasicConstraints_Id.toString(), 
-                    info); 
+                    getExtension(PKIXExtensions.BasicConstraints_Id.toString(),
+                            info);
 
             if (ext == null) {
                 throw new ERejectException(
                         CMS.getUserMessage(
-                            getLocale(request), 
-                            "CMS_PROFILE_EXTENSION_NOT_FOUND", 
-                            PKIXExtensions.BasicConstraints_Id.toString()));
+                                getLocale(request),
+                                "CMS_PROFILE_EXTENSION_NOT_FOUND",
+                                PKIXExtensions.BasicConstraints_Id.toString()));
             }
 
             // check criticality
@@ -125,10 +121,10 @@ public class BasicConstraintsExtConstraint extends EnrollConstraint {
 
                 if (critical != ext.isCritical()) {
                     throw new ERejectException(
-                            CMS.getUserMessage(getLocale(request), 
-                                "CMS_PROFILE_CRITICAL_NOT_MATCHED"));
+                            CMS.getUserMessage(getLocale(request),
+                                    "CMS_PROFILE_CRITICAL_NOT_MATCHED"));
                 }
-            } 
+            }
             value = getConfig(CONFIG_IS_CA);
             if (!isOptional(value)) {
                 boolean isCA = getBoolean(value);
@@ -136,10 +132,10 @@ public class BasicConstraintsExtConstraint extends EnrollConstraint {
 
                 if (isCA != extIsCA.booleanValue()) {
                     throw new ERejectException(
-                            CMS.getUserMessage(getLocale(request), 
-                                "CMS_PROFILE_CONSTRAINT_BASIC_CONSTRAINTS_EXT_IS_CA"));
+                            CMS.getUserMessage(getLocale(request),
+                                    "CMS_PROFILE_CONSTRAINT_BASIC_CONSTRAINTS_EXT_IS_CA"));
                 }
-            } 
+            }
             value = getConfig(CONFIG_MIN_PATH_LEN);
             if (!isOptional(value)) {
                 int pathLen = getInt(value);
@@ -148,8 +144,8 @@ public class BasicConstraintsExtConstraint extends EnrollConstraint {
                 if (pathLen > extPathLen.intValue()) {
                     CMS.debug("BasicCOnstraintsExtConstraint: pathLen=" + pathLen + " > extPathLen=" + extPathLen);
                     throw new ERejectException(
-                            CMS.getUserMessage(getLocale(request), 
-                                "CMS_PROFILE_CONSTRAINT_BASIC_CONSTRAINTS_EXT_MIN_PATH"));
+                            CMS.getUserMessage(getLocale(request),
+                                    "CMS_PROFILE_CONSTRAINT_BASIC_CONSTRAINTS_EXT_MIN_PATH"));
                 }
             }
             value = getConfig(CONFIG_MAX_PATH_LEN);
@@ -160,17 +156,17 @@ public class BasicConstraintsExtConstraint extends EnrollConstraint {
                 if (pathLen < extPathLen.intValue()) {
                     CMS.debug("BasicCOnstraintsExtConstraint: pathLen=" + pathLen + " < extPathLen=" + extPathLen);
                     throw new ERejectException(
-                            CMS.getUserMessage(getLocale(request), 
-                                "CMS_PROFILE_CONSTRAINT_BASIC_CONSTRAINTS_EXT_MAX_PATH"));
+                            CMS.getUserMessage(getLocale(request),
+                                    "CMS_PROFILE_CONSTRAINT_BASIC_CONSTRAINTS_EXT_MAX_PATH"));
                 }
             }
         } catch (IOException e) {
             CMS.debug("BasicConstraintsExt: validate " + e.toString());
             throw new ERejectException(
                     CMS.getUserMessage(
-                        getLocale(request), 
-                        "CMS_PROFILE_EXTENSION_NOT_FOUND", 
-                        PKIXExtensions.BasicConstraints_Id.toString()));
+                            getLocale(request),
+                            "CMS_PROFILE_EXTENSION_NOT_FOUND",
+                            PKIXExtensions.BasicConstraints_Id.toString()));
         }
     }
 
@@ -182,8 +178,8 @@ public class BasicConstraintsExtConstraint extends EnrollConstraint {
                 getConfig(CONFIG_MAX_PATH_LEN)
             };
 
-        return CMS.getUserMessage(locale, 
-                "CMS_PROFILE_CONSTRAINT_BASIC_CONSTRAINTS_EXT_TEXT", 
+        return CMS.getUserMessage(locale,
+                "CMS_PROFILE_CONSTRAINT_BASIC_CONSTRAINTS_EXT_TEXT",
                 params);
     }
 
@@ -198,8 +194,7 @@ public class BasicConstraintsExtConstraint extends EnrollConstraint {
     }
 
     public void setConfig(String name, String value)
-        throws EPropertyException {
-
+            throws EPropertyException {
 
         if (mConfig.getSubStore("params") == null) {
             CMS.debug("BasicConstraintsExt: mConfig.getSubStore is null");
@@ -208,8 +203,7 @@ public class BasicConstraintsExtConstraint extends EnrollConstraint {
 
             CMS.debug("BasicConstraintsExt: setConfig name " + name + " value " + value);
 
-            if(name.equals(CONFIG_MAX_PATH_LEN))
-            {
+            if (name.equals(CONFIG_MAX_PATH_LEN)) {
 
                 String minPathLen = getConfig(CONFIG_MIN_PATH_LEN);
 
@@ -217,13 +211,12 @@ public class BasicConstraintsExtConstraint extends EnrollConstraint {
 
                 int maxLen = getInt(value);
 
-                if(minLen >= maxLen)    {
+                if (minLen >= maxLen) {
                     CMS.debug("BasicConstraintExt:  minPathLen >= maxPathLen!");
 
                     throw new EPropertyException("bad value");
                 }
 
-
             }
             mConfig.getSubStore("params").putString(name, value);
         }
diff --git a/pki/base/common/src/com/netscape/cms/profile/constraint/CAEnrollConstraint.java b/pki/base/common/src/com/netscape/cms/profile/constraint/CAEnrollConstraint.java
index 9759af73..94098024 100644
--- a/pki/base/common/src/com/netscape/cms/profile/constraint/CAEnrollConstraint.java
+++ b/pki/base/common/src/com/netscape/cms/profile/constraint/CAEnrollConstraint.java
@@ -17,16 +17,13 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.profile.constraint;
 
-
 import netscape.security.x509.X509CertImpl;
 
 import com.netscape.certsrv.apps.CMS;
 import com.netscape.certsrv.ca.ICertificateAuthority;
 
-
 /**
- * This class represents an abstract class for CA enrollment
- * constraint.
+ * This class represents an abstract class for CA enrollment constraint.
  */
 public abstract class CAEnrollConstraint extends EnrollConstraint {
 
@@ -42,7 +39,7 @@ public abstract class CAEnrollConstraint extends EnrollConstraint {
      */
     public X509CertImpl getCACert() {
         ICertificateAuthority ca = (ICertificateAuthority)
-            CMS.getSubsystem(CMS.SUBSYSTEM_CA);
+                CMS.getSubsystem(CMS.SUBSYSTEM_CA);
         X509CertImpl caCert = ca.getCACert();
 
         return caCert;
diff --git a/pki/base/common/src/com/netscape/cms/profile/constraint/CAValidityConstraint.java b/pki/base/common/src/com/netscape/cms/profile/constraint/CAValidityConstraint.java
index 4d89e739..12150a87 100644
--- a/pki/base/common/src/com/netscape/cms/profile/constraint/CAValidityConstraint.java
+++ b/pki/base/common/src/com/netscape/cms/profile/constraint/CAValidityConstraint.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.profile.constraint;
 
-
 import java.io.IOException;
 import java.util.Date;
 import java.util.Locale;
@@ -38,12 +37,10 @@ import com.netscape.cms.profile.def.NoDefault;
 import com.netscape.cms.profile.def.UserValidityDefault;
 import com.netscape.cms.profile.def.ValidityDefault;
 
-
 /**
- * This class implements the validity constraint.
- * It checks if the validity in the certificate
- * template is within the CA's validity.
- *
+ * This class implements the validity constraint. It checks if the validity in
+ * the certificate template is within the CA's validity.
+ * 
  * @version $Revision$, $Date$
  */
 public class CAValidityConstraint extends CAEnrollConstraint {
@@ -56,7 +53,7 @@ public class CAValidityConstraint extends CAEnrollConstraint {
     }
 
     public void init(IProfile profile, IConfigStore config)
-        throws EProfileException {
+            throws EProfileException {
         super.init(profile, config);
         X509CertImpl caCert = getCACert();
 
@@ -65,11 +62,10 @@ public class CAValidityConstraint extends CAEnrollConstraint {
     }
 
     /**
-     * Validates the request. The request is not modified
-     * during the validation.
+     * Validates the request. The request is not modified during the validation.
      */
     public void validate(IRequest request, X509CertInfo info)
-        throws ERejectException {
+            throws ERejectException {
         CMS.debug("CAValidityConstraint: validate start");
         CertificateValidity v = null;
 
@@ -99,15 +95,15 @@ public class CAValidityConstraint extends CAEnrollConstraint {
         }
 
         if (mDefNotBefore != null) {
-            CMS.debug("ValidtyConstraint: notBefore=" + notBefore + 
-                " defNotBefore=" + mDefNotBefore);
+            CMS.debug("ValidtyConstraint: notBefore=" + notBefore +
+                    " defNotBefore=" + mDefNotBefore);
             if (notBefore.before(mDefNotBefore)) {
                 throw new ERejectException(CMS.getUserMessage(
                             getLocale(request), "CMS_PROFILE_INVALID_NOT_BEFORE"));
             }
         }
-        CMS.debug("ValidtyConstraint: notAfter=" + notAfter + 
-            " defNotAfter=" + mDefNotAfter);
+        CMS.debug("ValidtyConstraint: notAfter=" + notAfter +
+                " defNotAfter=" + mDefNotAfter);
         if (notAfter.after(mDefNotAfter)) {
             throw new ERejectException(CMS.getUserMessage(
                         getLocale(request), "CMS_PROFILE_INVALID_NOT_AFTER"));
@@ -122,8 +118,8 @@ public class CAValidityConstraint extends CAEnrollConstraint {
                 mDefNotAfter.toString()
             };
 
-        return CMS.getUserMessage(locale, 
-                "CMS_PROFILE_CONSTRAINT_CA_VALIDITY_CONSTRAINT_TEXT", 
+        return CMS.getUserMessage(locale,
+                "CMS_PROFILE_CONSTRAINT_CA_VALIDITY_CONSTRAINT_TEXT",
                 params);
     }
 
diff --git a/pki/base/common/src/com/netscape/cms/profile/constraint/EnrollConstraint.java b/pki/base/common/src/com/netscape/cms/profile/constraint/EnrollConstraint.java
index a03eadcd..0343c35f 100644
--- a/pki/base/common/src/com/netscape/cms/profile/constraint/EnrollConstraint.java
+++ b/pki/base/common/src/com/netscape/cms/profile/constraint/EnrollConstraint.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.profile.constraint;
 
-
 import java.util.Enumeration;
 import java.util.Locale;
 import java.util.Vector;
@@ -39,10 +38,9 @@ import com.netscape.certsrv.property.IDescriptor;
 import com.netscape.certsrv.request.IRequest;
 import com.netscape.cms.profile.common.EnrollProfile;
 
-
 /**
  * This class implements the generic enrollment constraint.
- *
+ * 
  * @version $Revision$, $Date$
  */
 public abstract class EnrollConstraint implements IPolicyConstraint {
@@ -81,7 +79,7 @@ public abstract class EnrollConstraint implements IPolicyConstraint {
     }
 
     public void setConfig(String name, String value)
-        throws EPropertyException {
+            throws EPropertyException {
         if (mConfig.getSubStore("params") == null) {
             //
         } else {
@@ -105,46 +103,43 @@ public abstract class EnrollConstraint implements IPolicyConstraint {
     }
 
     public void init(IProfile profile, IConfigStore config)
-        throws EProfileException {
+            throws EProfileException {
         mConfig = config;
     }
 
     public IConfigStore getConfigStore() {
         return mConfig;
-    } 
+    }
 
     /**
-     * Validates the request. The request is not modified
-     * during the validation.
-     *
+     * Validates the request. The request is not modified during the validation.
+     * 
      * @param request enrollment request
      * @param info certificate template
-     * @exception ERejectException request is rejected due
-     *        to violation of constraint
+     * @exception ERejectException request is rejected due to violation of
+     *                constraint
      */
     public abstract void validate(IRequest request, X509CertInfo info)
-        throws ERejectException;
+            throws ERejectException;
 
     /**
-     * Validates the request. The request is not modified
-     * during the validation.
-     *
-     * The current implementation of this method calls
-     * into the subclass's validate(request, info)
-     * method for validation checking.
-     *
+     * Validates the request. The request is not modified during the validation.
+     * 
+     * The current implementation of this method calls into the subclass's
+     * validate(request, info) method for validation checking.
+     * 
      * @param request request
-     * @exception ERejectException request is rejected due
-     *        to violation of constraint
+     * @exception ERejectException request is rejected due to violation of
+     *                constraint
      */
     public void validate(IRequest request)
-        throws ERejectException {
+            throws ERejectException {
         String name = getClass().getName();
 
         name = name.substring(name.lastIndexOf('.') + 1);
         CMS.debug(name + ": validate start");
         X509CertInfo info =
-            request.getExtDataInCertInfo(EnrollProfile.REQUEST_CERTINFO);
+                request.getExtDataInCertInfo(EnrollProfile.REQUEST_CERTINFO);
 
         validate(request, info);
 
diff --git a/pki/base/common/src/com/netscape/cms/profile/constraint/ExtendedKeyUsageExtConstraint.java b/pki/base/common/src/com/netscape/cms/profile/constraint/ExtendedKeyUsageExtConstraint.java
index 539f4890..47e967c7 100644
--- a/pki/base/common/src/com/netscape/cms/profile/constraint/ExtendedKeyUsageExtConstraint.java
+++ b/pki/base/common/src/com/netscape/cms/profile/constraint/ExtendedKeyUsageExtConstraint.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.profile.constraint;
 
-
 import java.util.Enumeration;
 import java.util.Locale;
 import java.util.StringTokenizer;
@@ -40,19 +39,18 @@ import com.netscape.cms.profile.def.ExtendedKeyUsageExtDefault;
 import com.netscape.cms.profile.def.NoDefault;
 import com.netscape.cms.profile.def.UserExtensionDefault;
 
-
 /**
- * This class implements the extended key usage extension constraint.
- * It checks if the extended key usage extension in the certificate
- * template satisfies the criteria.
- *
+ * This class implements the extended key usage extension constraint. It checks
+ * if the extended key usage extension in the certificate template satisfies the
+ * criteria.
+ * 
  * @version $Revision$, $Date$
  */
 public class ExtendedKeyUsageExtConstraint extends EnrollConstraint {
 
     public static final String CONFIG_CRITICAL = "exKeyUsageCritical";
     public static final String CONFIG_OIDS =
-        "exKeyUsageOIDs";
+            "exKeyUsageOIDs";
 
     public ExtendedKeyUsageExtConstraint() {
         super();
@@ -61,38 +59,37 @@ public class ExtendedKeyUsageExtConstraint extends EnrollConstraint {
     }
 
     public void init(IProfile profile, IConfigStore config)
-        throws EProfileException {
+            throws EProfileException {
         super.init(profile, config);
     }
 
-    public IDescriptor getConfigDescriptor(Locale locale, String name) { 
-        if (name.equals(CONFIG_CRITICAL)) { 
-            return new Descriptor(IDescriptor.CHOICE, "true,false,-", 
-                    "-",	
+    public IDescriptor getConfigDescriptor(Locale locale, String name) {
+        if (name.equals(CONFIG_CRITICAL)) {
+            return new Descriptor(IDescriptor.CHOICE, "true,false,-",
+                    "-",
                     CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL"));
         } else if (name.equals(CONFIG_OIDS)) {
-            return new Descriptor(IDescriptor.STRING, null, 
+            return new Descriptor(IDescriptor.STRING, null,
                     null,
                     CMS.getUserMessage(locale, "CMS_PROFILE_OIDS"));
-        }	
+        }
         return null;
     }
 
     /**
-     * Validates the request. The request is not modified
-     * during the validation.
+     * Validates the request. The request is not modified during the validation.
      */
     public void validate(IRequest request, X509CertInfo info)
-        throws ERejectException {
+            throws ERejectException {
         ExtendedKeyUsageExtension ext = (ExtendedKeyUsageExtension)
-            getExtension(ExtendedKeyUsageExtension.OID, info); 
+                getExtension(ExtendedKeyUsageExtension.OID, info);
 
         if (ext == null) {
             throw new ERejectException(
                     CMS.getUserMessage(
-                        getLocale(request),
-                        "CMS_PROFILE_EXTENSION_NOT_FOUND",
-                        ExtendedKeyUsageExtension.OID));
+                            getLocale(request),
+                            "CMS_PROFILE_EXTENSION_NOT_FOUND",
+                            ExtendedKeyUsageExtension.OID));
         }
 
         // check criticality
@@ -104,10 +101,10 @@ public class ExtendedKeyUsageExtConstraint extends EnrollConstraint {
             if (critical != ext.isCritical()) {
                 throw new ERejectException(
                         CMS.getUserMessage(
-                            getLocale(request),
-                            "CMS_PROFILE_CRITICAL_NOT_MATCHED"));
+                                getLocale(request),
+                                "CMS_PROFILE_CRITICAL_NOT_MATCHED"));
             }
-        } 
+        }
 
         // Build local cache of configured OIDs
         Vector mCache = new Vector();
@@ -122,15 +119,15 @@ public class ExtendedKeyUsageExtConstraint extends EnrollConstraint {
         // check OIDs
         Enumeration e = ext.getOIDs();
 
-        while (e.hasMoreElements()) { 
+        while (e.hasMoreElements()) {
             ObjectIdentifier oid = (ObjectIdentifier) e.nextElement();
 
             if (!mCache.contains(oid.toString())) {
                 throw new ERejectException(
                         CMS.getUserMessage(
-                            getLocale(request),
-                            "CMS_PROFILE_OID_NOT_MATCHED",
-                            oid.toString()));
+                                getLocale(request),
+                                "CMS_PROFILE_OID_NOT_MATCHED",
+                                oid.toString()));
             }
         }
     }
@@ -141,7 +138,7 @@ public class ExtendedKeyUsageExtConstraint extends EnrollConstraint {
                 getConfig(CONFIG_OIDS)
             };
 
-        return CMS.getUserMessage(locale, 
+        return CMS.getUserMessage(locale,
                 "CMS_PROFILE_CONSTRAINT_EXTENDED_KEY_EXT_TEXT",
                 params);
     }
diff --git a/pki/base/common/src/com/netscape/cms/profile/constraint/ExtensionConstraint.java b/pki/base/common/src/com/netscape/cms/profile/constraint/ExtensionConstraint.java
index cda51a07..9413ce9b 100644
--- a/pki/base/common/src/com/netscape/cms/profile/constraint/ExtensionConstraint.java
+++ b/pki/base/common/src/com/netscape/cms/profile/constraint/ExtensionConstraint.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.profile.constraint;
 
-
 import java.util.Locale;
 
 import netscape.security.x509.Extension;
@@ -37,12 +36,10 @@ import com.netscape.cms.profile.def.EnrollExtDefault;
 import com.netscape.cms.profile.def.NoDefault;
 import com.netscape.cms.profile.def.UserExtensionDefault;
 
-
 /**
- * This class implements the general extension constraint.
- * It checks if the extension in the certificate
- * template satisfies the criteria.
- *
+ * This class implements the general extension constraint. It checks if the
+ * extension in the certificate template satisfies the criteria.
+ * 
  * @version $Revision$, $Date$
  */
 public class ExtensionConstraint extends EnrollConstraint {
@@ -57,33 +54,32 @@ public class ExtensionConstraint extends EnrollConstraint {
     }
 
     public void init(IProfile profile, IConfigStore config)
-        throws EProfileException {
+            throws EProfileException {
         super.init(profile, config);
     }
 
     public void setConfig(String name, String value)
-        throws EPropertyException {
+            throws EPropertyException {
 
         if (mConfig.getSubStore("params") == null) {
             CMS.debug("ExtensionConstraint: mConfig.getSubStore is null");
         } else {
             CMS.debug("ExtensionConstraint: setConfig name=" + name +
-                 " value=" + value);
-
-            if(name.equals(CONFIG_OID))
-            {
-               try {
-                 CMS.checkOID("", value);
-               } catch (Exception e) {
-                   throw new EPropertyException(
-                      CMS.getUserMessage("CMS_PROFILE_PROPERTY_ERROR", value));
-               }
+                    " value=" + value);
+
+            if (name.equals(CONFIG_OID)) {
+                try {
+                    CMS.checkOID("", value);
+                } catch (Exception e) {
+                    throw new EPropertyException(
+                            CMS.getUserMessage("CMS_PROFILE_PROPERTY_ERROR", value));
+                }
             }
             mConfig.getSubStore("params").putString(name, value);
         }
     }
 
-    public IDescriptor getConfigDescriptor(Locale locale, String name) { 
+    public IDescriptor getConfigDescriptor(Locale locale, String name) {
         if (name.equals(CONFIG_CRITICAL)) {
             return new Descriptor(IDescriptor.CHOICE, "true,false,-",
                     "-",
@@ -97,34 +93,33 @@ public class ExtensionConstraint extends EnrollConstraint {
     }
 
     /**
-     * Validates the request. The request is not modified
-     * during the validation.
+     * Validates the request. The request is not modified during the validation.
      */
     public void validate(IRequest request, X509CertInfo info)
-        throws ERejectException {
+            throws ERejectException {
 
-        Extension ext = getExtension(getConfig(CONFIG_OID), info); 
+        Extension ext = getExtension(getConfig(CONFIG_OID), info);
 
         if (ext == null) {
             throw new ERejectException(
                     CMS.getUserMessage(
-                        getLocale(request),
-                        "CMS_PROFILE_EXTENSION_NOT_FOUND",
-                        getConfig(CONFIG_OID)));
+                            getLocale(request),
+                            "CMS_PROFILE_EXTENSION_NOT_FOUND",
+                            getConfig(CONFIG_OID)));
         }
 
-        // check criticality 
+        // check criticality
         String value = getConfig(CONFIG_CRITICAL);
 
         if (!isOptional(value)) {
             boolean critical = getBoolean(value);
 
-            if (critical != ext.isCritical()) { 
+            if (critical != ext.isCritical()) {
                 throw new ERejectException(
                         CMS.getUserMessage(getLocale(request),
-                            "CMS_PROFILE_CRITICAL_NOT_MATCHED"));
+                                "CMS_PROFILE_CRITICAL_NOT_MATCHED"));
             }
-        } 
+        }
     }
 
     public String getText(Locale locale) {
@@ -133,7 +128,7 @@ public class ExtensionConstraint extends EnrollConstraint {
                 getConfig(CONFIG_OID)
             };
 
-        return CMS.getUserMessage(locale, 
+        return CMS.getUserMessage(locale,
                 "CMS_PROFILE_CONSTRAINT_EXTENSION_TEXT", params);
     }
 
diff --git a/pki/base/common/src/com/netscape/cms/profile/constraint/KeyConstraint.java b/pki/base/common/src/com/netscape/cms/profile/constraint/KeyConstraint.java
index 56ec0adf..5bdcbd51 100644
--- a/pki/base/common/src/com/netscape/cms/profile/constraint/KeyConstraint.java
+++ b/pki/base/common/src/com/netscape/cms/profile/constraint/KeyConstraint.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.profile.constraint;
 
-
 import java.math.BigInteger;
 import java.security.interfaces.DSAParams;
 import java.util.HashMap;
@@ -44,11 +43,9 @@ import com.netscape.certsrv.request.IRequest;
 import com.netscape.cms.profile.def.NoDefault;
 import com.netscape.cms.profile.def.UserKeyDefault;
 
-
 /**
- * This constraint is to check the key type and
- * key length.
- *
+ * This constraint is to check the key type and key length.
+ * 
  * @version $Revision$, $Date$
  */
 @SuppressWarnings("serial")
@@ -57,72 +54,299 @@ public class KeyConstraint extends EnrollConstraint {
     public static final String CONFIG_KEY_TYPE = "keyType"; // (EC, RSA)
     public static final String CONFIG_KEY_PARAMETERS = "keyParameters";
 
-    private static final String[] ecCurves = {"nistp256","nistp384","nistp521","sect163k1","nistk163","sect163r1","sect163r2",
-       "nistb163","sect193r1","sect193r2","sect233k1","nistk233","sect233r1","nistb233","sect239k1","sect283k1","nistk283",
-       "sect283r1","nistb283","sect409k1","nistk409","sect409r1","nistb409","sect571k1","nistk571","sect571r1","nistb571",
-       "secp160k1","secp160r1","secp160r2","secp192k1","secp192r1","nistp192","secp224k1","secp224r1","nistp224","secp256k1",
-       "secp256r1","secp384r1","secp521r1","prime192v1","prime192v2","prime192v3","prime239v1","prime239v2","prime239v3","c2pnb163v1",
-       "c2pnb163v2","c2pnb163v3","c2pnb176v1","c2tnb191v1","c2tnb191v2","c2tnb191v3","c2pnb208w1","c2tnb239v1","c2tnb239v2","c2tnb239v3",
-       "c2pnb272w1","c2pnb304w1","c2tnb359w1","c2pnb368w1","c2tnb431r1","secp112r1","secp112r2","secp128r1","secp128r2","sect113r1","sect113r2",
-       "sect131r1","sect131r2"
+    private static final String[] ecCurves = { "nistp256", "nistp384", "nistp521", "sect163k1", "nistk163", "sect163r1", "sect163r2",
+            "nistb163", "sect193r1", "sect193r2", "sect233k1", "nistk233", "sect233r1", "nistb233", "sect239k1", "sect283k1", "nistk283",
+            "sect283r1", "nistb283", "sect409k1", "nistk409", "sect409r1", "nistb409", "sect571k1", "nistk571", "sect571r1", "nistb571",
+            "secp160k1", "secp160r1", "secp160r2", "secp192k1", "secp192r1", "nistp192", "secp224k1", "secp224r1", "nistp224", "secp256k1",
+            "secp256r1", "secp384r1", "secp521r1", "prime192v1", "prime192v2", "prime192v3", "prime239v1", "prime239v2", "prime239v3", "c2pnb163v1",
+            "c2pnb163v2", "c2pnb163v3", "c2pnb176v1", "c2tnb191v1", "c2tnb191v2", "c2tnb191v3", "c2pnb208w1", "c2tnb239v1", "c2tnb239v2", "c2tnb239v3",
+            "c2pnb272w1", "c2pnb304w1", "c2tnb359w1", "c2pnb368w1", "c2tnb431r1", "secp112r1", "secp112r2", "secp128r1", "secp128r2", "sect113r1", "sect113r2",
+            "sect131r1", "sect131r2"
     };
 
-    private final static HashMap<String,Vector> ecOIDs = new HashMap<String,Vector>();
- 	static
-    {
-       ecOIDs.put( "1.2.840.10045.3.1.7",  new Vector() {{add("nistp256");add("secp256r1");}});
-       ecOIDs.put( "1.3.132.0.34",         new Vector() {{add("nistp384");add("secp384r1");}});
-       ecOIDs.put( "1.3.132.0.35",         new Vector() {{add("nistp521");add("secp521r1");}});
-       ecOIDs.put( "1.3.132.0.1",          new Vector() {{add("sect163k1");add("nistk163");}});
-       ecOIDs.put( "1.3.132.0.2",          new Vector() {{add("sect163r1");}});
-       ecOIDs.put( "1.3.132.0.15",         new Vector() {{add("sect163r2");add("nistb163");}});
-       ecOIDs.put( "1.3.132.0.24",         new Vector() {{add("sect193r1");}});
-       ecOIDs.put( "1.3.132.0.25",         new Vector() {{add("sect193r2");}});
-       ecOIDs.put( "1.3.132.0.26",         new Vector() {{add("sect233k1");add("nistk233");}});
-       ecOIDs.put( "1.3.132.0.27",         new Vector() {{add("sect233r1");add("nistb233");}});
-       ecOIDs.put( "1.3.132.0.3",         new Vector() {{add("sect239k1");}});
-       ecOIDs.put( "1.3.132.0.16",         new Vector() {{add("sect283k1");add("nistk283");}});
-       ecOIDs.put( "1.3.132.0.17",         new Vector() {{add("sect283r1");add("nistb283");}});
-       ecOIDs.put( "1.3.132.0.36",         new Vector() {{add("sect409k1");add("nistk409");}});
-       ecOIDs.put( "1.3.132.0.37",         new Vector() {{add("sect409r1");add("nistb409");}});
-       ecOIDs.put( "1.3.132.0.38",         new Vector() {{add("sect571k1"); add("nistk571");}});
-       ecOIDs.put( "1.3.132.0.39",         new Vector() {{add("sect571r1");add("nistb571");}});
-       ecOIDs.put( "1.3.132.0.9",          new Vector()  {{add("secp160k1");}});
-       ecOIDs.put( "1.3.132.0.8",          new Vector()  {{add("secp160r1");}});
-       ecOIDs.put( "1.3.132.0.30",         new Vector() {{add("secp160r2");}});
-       ecOIDs.put( "1.3.132.0.31",         new Vector() {{add("secp192k1");}});
-       ecOIDs.put( "1.2.840.10045.3.1.1",  new Vector() {{add("secp192r1");add("nistp192");add("prime192v1");}});
-       ecOIDs.put( "1.3.132.0.32",         new Vector() {{add("secp224k1");}});
-       ecOIDs.put( "1.3.132.0.33",         new Vector() {{add("secp224r1");add("nistp224");}});
-       ecOIDs.put( "1.3.132.0.10",         new Vector() {{add("secp256k1");}});
-       ecOIDs.put( "1.2.840.10045.3.1.2",new Vector() {{add("prime192v2");}});
-       ecOIDs.put( "1.2.840.10045.3.1.3",new Vector() {{add("prime192v3");}});
-       ecOIDs.put( "1.2.840.10045.3.1.4",new Vector() {{add("prime239v1");}});
-       ecOIDs.put( "1.2.840.10045.3.1.5",new Vector() {{add("prime239v2");}});
-       ecOIDs.put( "1.2.840.10045.3.1.6",new Vector() {{add("prime239v3");}});
-       ecOIDs.put( "1.2.840.10045.3.0.1",  new Vector() {{add("c2pnb163v1");}});
-       ecOIDs.put( "1.2.840.10045.3.0.2",  new Vector() {{add("c2pnb163v2");}});
-       ecOIDs.put( "1.2.840.10045.3.0.3",  new Vector() {{add("c2pnb163v3");}});
-       ecOIDs.put( "1.2.840.10045.3.0.4",  new Vector() {{add("c2pnb176v1");}});
-       ecOIDs.put( "1.2.840.10045.3.0.5",  new Vector() {{add("c2tnb191v1");}});
-       ecOIDs.put( "1.2.840.10045.3.0.6",  new Vector() {{add("c2tnb191v2");}});
-       ecOIDs.put( "1.2.840.10045.3.0.7",  new Vector() {{add("c2tnb191v3");}});
-       ecOIDs.put( "1.2.840.10045.3.0.10", new Vector() {{add("c2pnb208w1");}});
-       ecOIDs.put( "1.2.840.10045.3.0.11", new Vector() {{add("c2tnb239v1");}});
-       ecOIDs.put( "1.2.840.10045.3.0.12", new Vector() {{add("c2tnb239v2");}});
-       ecOIDs.put( "1.2.840.10045.3.0.13", new Vector() {{add("c2tnb239v3");}});
-       ecOIDs.put( "1.2.840.10045.3.0.16", new Vector() {{add("c2pnb272w1");}});
-       ecOIDs.put( "1.2.840.10045.3.0.17", new Vector() {{add("c2pnb304w1");}});
-       ecOIDs.put( "1.2.840.10045.3.0.19", new Vector() {{add("c2pnb368w1");}});
-       ecOIDs.put( "1.2.840.10045.3.0.20", new Vector() {{add("c2tnb431r1");}});
-       ecOIDs.put( "1.3.132.0.6",          new Vector() {{add("secp112r1");}});
-       ecOIDs.put( "1.3.132.0.7",          new Vector() {{add("secp112r2");}});
-       ecOIDs.put( "1.3.132.0.28",         new Vector() {{add("secp128r1");}});
-       ecOIDs.put( "1.3.132.0.29",         new Vector() {{add("secp128r2");}});
-       ecOIDs.put( "1.3.132.0.4",          new Vector() {{add("sect113r1");}});
-       ecOIDs.put( "1.3.132.0.5",          new Vector() {{add("sect113r2");}});
-       ecOIDs.put( "1.3.132.0.22",         new Vector() {{add("sect131r1");}});
-       ecOIDs.put( "1.3.132.0.23",         new Vector() {{add("sect131r2");}});
+    private final static HashMap<String, Vector> ecOIDs = new HashMap<String, Vector>();
+    static {
+        ecOIDs.put("1.2.840.10045.3.1.7", new Vector() {
+            {
+                add("nistp256");
+                add("secp256r1");
+            }
+        });
+        ecOIDs.put("1.3.132.0.34", new Vector() {
+            {
+                add("nistp384");
+                add("secp384r1");
+            }
+        });
+        ecOIDs.put("1.3.132.0.35", new Vector() {
+            {
+                add("nistp521");
+                add("secp521r1");
+            }
+        });
+        ecOIDs.put("1.3.132.0.1", new Vector() {
+            {
+                add("sect163k1");
+                add("nistk163");
+            }
+        });
+        ecOIDs.put("1.3.132.0.2", new Vector() {
+            {
+                add("sect163r1");
+            }
+        });
+        ecOIDs.put("1.3.132.0.15", new Vector() {
+            {
+                add("sect163r2");
+                add("nistb163");
+            }
+        });
+        ecOIDs.put("1.3.132.0.24", new Vector() {
+            {
+                add("sect193r1");
+            }
+        });
+        ecOIDs.put("1.3.132.0.25", new Vector() {
+            {
+                add("sect193r2");
+            }
+        });
+        ecOIDs.put("1.3.132.0.26", new Vector() {
+            {
+                add("sect233k1");
+                add("nistk233");
+            }
+        });
+        ecOIDs.put("1.3.132.0.27", new Vector() {
+            {
+                add("sect233r1");
+                add("nistb233");
+            }
+        });
+        ecOIDs.put("1.3.132.0.3", new Vector() {
+            {
+                add("sect239k1");
+            }
+        });
+        ecOIDs.put("1.3.132.0.16", new Vector() {
+            {
+                add("sect283k1");
+                add("nistk283");
+            }
+        });
+        ecOIDs.put("1.3.132.0.17", new Vector() {
+            {
+                add("sect283r1");
+                add("nistb283");
+            }
+        });
+        ecOIDs.put("1.3.132.0.36", new Vector() {
+            {
+                add("sect409k1");
+                add("nistk409");
+            }
+        });
+        ecOIDs.put("1.3.132.0.37", new Vector() {
+            {
+                add("sect409r1");
+                add("nistb409");
+            }
+        });
+        ecOIDs.put("1.3.132.0.38", new Vector() {
+            {
+                add("sect571k1");
+                add("nistk571");
+            }
+        });
+        ecOIDs.put("1.3.132.0.39", new Vector() {
+            {
+                add("sect571r1");
+                add("nistb571");
+            }
+        });
+        ecOIDs.put("1.3.132.0.9", new Vector() {
+            {
+                add("secp160k1");
+            }
+        });
+        ecOIDs.put("1.3.132.0.8", new Vector() {
+            {
+                add("secp160r1");
+            }
+        });
+        ecOIDs.put("1.3.132.0.30", new Vector() {
+            {
+                add("secp160r2");
+            }
+        });
+        ecOIDs.put("1.3.132.0.31", new Vector() {
+            {
+                add("secp192k1");
+            }
+        });
+        ecOIDs.put("1.2.840.10045.3.1.1", new Vector() {
+            {
+                add("secp192r1");
+                add("nistp192");
+                add("prime192v1");
+            }
+        });
+        ecOIDs.put("1.3.132.0.32", new Vector() {
+            {
+                add("secp224k1");
+            }
+        });
+        ecOIDs.put("1.3.132.0.33", new Vector() {
+            {
+                add("secp224r1");
+                add("nistp224");
+            }
+        });
+        ecOIDs.put("1.3.132.0.10", new Vector() {
+            {
+                add("secp256k1");
+            }
+        });
+        ecOIDs.put("1.2.840.10045.3.1.2", new Vector() {
+            {
+                add("prime192v2");
+            }
+        });
+        ecOIDs.put("1.2.840.10045.3.1.3", new Vector() {
+            {
+                add("prime192v3");
+            }
+        });
+        ecOIDs.put("1.2.840.10045.3.1.4", new Vector() {
+            {
+                add("prime239v1");
+            }
+        });
+        ecOIDs.put("1.2.840.10045.3.1.5", new Vector() {
+            {
+                add("prime239v2");
+            }
+        });
+        ecOIDs.put("1.2.840.10045.3.1.6", new Vector() {
+            {
+                add("prime239v3");
+            }
+        });
+        ecOIDs.put("1.2.840.10045.3.0.1", new Vector() {
+            {
+                add("c2pnb163v1");
+            }
+        });
+        ecOIDs.put("1.2.840.10045.3.0.2", new Vector() {
+            {
+                add("c2pnb163v2");
+            }
+        });
+        ecOIDs.put("1.2.840.10045.3.0.3", new Vector() {
+            {
+                add("c2pnb163v3");
+            }
+        });
+        ecOIDs.put("1.2.840.10045.3.0.4", new Vector() {
+            {
+                add("c2pnb176v1");
+            }
+        });
+        ecOIDs.put("1.2.840.10045.3.0.5", new Vector() {
+            {
+                add("c2tnb191v1");
+            }
+        });
+        ecOIDs.put("1.2.840.10045.3.0.6", new Vector() {
+            {
+                add("c2tnb191v2");
+            }
+        });
+        ecOIDs.put("1.2.840.10045.3.0.7", new Vector() {
+            {
+                add("c2tnb191v3");
+            }
+        });
+        ecOIDs.put("1.2.840.10045.3.0.10", new Vector() {
+            {
+                add("c2pnb208w1");
+            }
+        });
+        ecOIDs.put("1.2.840.10045.3.0.11", new Vector() {
+            {
+                add("c2tnb239v1");
+            }
+        });
+        ecOIDs.put("1.2.840.10045.3.0.12", new Vector() {
+            {
+                add("c2tnb239v2");
+            }
+        });
+        ecOIDs.put("1.2.840.10045.3.0.13", new Vector() {
+            {
+                add("c2tnb239v3");
+            }
+        });
+        ecOIDs.put("1.2.840.10045.3.0.16", new Vector() {
+            {
+                add("c2pnb272w1");
+            }
+        });
+        ecOIDs.put("1.2.840.10045.3.0.17", new Vector() {
+            {
+                add("c2pnb304w1");
+            }
+        });
+        ecOIDs.put("1.2.840.10045.3.0.19", new Vector() {
+            {
+                add("c2pnb368w1");
+            }
+        });
+        ecOIDs.put("1.2.840.10045.3.0.20", new Vector() {
+            {
+                add("c2tnb431r1");
+            }
+        });
+        ecOIDs.put("1.3.132.0.6", new Vector() {
+            {
+                add("secp112r1");
+            }
+        });
+        ecOIDs.put("1.3.132.0.7", new Vector() {
+            {
+                add("secp112r2");
+            }
+        });
+        ecOIDs.put("1.3.132.0.28", new Vector() {
+            {
+                add("secp128r1");
+            }
+        });
+        ecOIDs.put("1.3.132.0.29", new Vector() {
+            {
+                add("secp128r2");
+            }
+        });
+        ecOIDs.put("1.3.132.0.4", new Vector() {
+            {
+                add("sect113r1");
+            }
+        });
+        ecOIDs.put("1.3.132.0.5", new Vector() {
+            {
+                add("sect113r2");
+            }
+        });
+        ecOIDs.put("1.3.132.0.22", new Vector() {
+            {
+                add("sect131r1");
+            }
+        });
+        ecOIDs.put("1.3.132.0.23", new Vector() {
+            {
+                add("sect131r2");
+            }
+        });
     }
 
     private static String[] cfgECCurves = null;
@@ -136,7 +360,7 @@ public class KeyConstraint extends EnrollConstraint {
     }
 
     public void init(IProfile profile, IConfigStore config)
-        throws EProfileException {
+            throws EProfileException {
         super.init(profile, config);
 
         String ecNames = "";
@@ -148,32 +372,31 @@ public class KeyConstraint extends EnrollConstraint {
         CMS.debug("KeyConstraint.init ecNames: " + ecNames);
         if (ecNames != null && ecNames.length() != 0) {
             cfgECCurves = ecNames.split(",");
-       }
+        }
     }
 
-    public IDescriptor getConfigDescriptor(Locale locale, String name) { 
+    public IDescriptor getConfigDescriptor(Locale locale, String name) {
         if (name.equals(CONFIG_KEY_TYPE)) {
             return new Descriptor(IDescriptor.CHOICE, "-,RSA,EC",
                     "RSA",
                     CMS.getUserMessage(locale, "CMS_PROFILE_KEY_TYPE"));
-        }   else if (name.equals(CONFIG_KEY_PARAMETERS)) {
-            return new Descriptor(IDescriptor.STRING,null,"",
-                    CMS.getUserMessage(locale,"CMS_PROFILE_KEY_PARAMETERS"));
+        } else if (name.equals(CONFIG_KEY_PARAMETERS)) {
+            return new Descriptor(IDescriptor.STRING, null, "",
+                    CMS.getUserMessage(locale, "CMS_PROFILE_KEY_PARAMETERS"));
         }
 
         return null;
     }
 
     /**
-     * Validates the request. The request is not modified
-     * during the validation.
+     * Validates the request. The request is not modified during the validation.
      */
     public void validate(IRequest request, X509CertInfo info)
-        throws ERejectException { 
+            throws ERejectException {
         try {
             CertificateX509Key infokey = (CertificateX509Key)
-                info.get(X509CertInfo.KEY);
-            X509Key key = (X509Key) infokey.get(CertificateX509Key.KEY); 
+                    info.get(X509CertInfo.KEY);
+            X509Key key = (X509Key) infokey.get(CertificateX509Key.KEY);
 
             String alg = key.getAlgorithmId().getName().toUpperCase();
             String value = getConfig(CONFIG_KEY_TYPE);
@@ -183,27 +406,27 @@ public class KeyConstraint extends EnrollConstraint {
                 if (!alg.equals(value)) {
                     throw new ERejectException(
                             CMS.getUserMessage(
-                                getLocale(request),
-                                "CMS_PROFILE_KEY_TYPE_NOT_MATCHED", 
-                                value));
+                                    getLocale(request),
+                                    "CMS_PROFILE_KEY_TYPE_NOT_MATCHED",
+                                    value));
                 }
             }
 
             int keySize = 0;
             String ecCurve = "";
 
-            if (alg.equals("RSA")) { 
+            if (alg.equals("RSA")) {
                 keySize = getRSAKeyLen(key);
-            } else if (alg.equals("DSA")) { 
+            } else if (alg.equals("DSA")) {
                 keySize = getDSAKeyLen(key);
-            } else if (alg.equals("EC")) { 
-                //EC key case.
+            } else if (alg.equals("EC")) {
+                // EC key case.
             } else {
-                throw new ERejectException(	
+                throw new ERejectException(
                         CMS.getUserMessage(
-                            getLocale(request),
-                            "CMS_PROFILE_INVALID_KEY_TYPE",
-                            alg));
+                                getLocale(request),
+                                "CMS_PROFILE_INVALID_KEY_TYPE",
+                                alg));
             }
 
             value = getConfig(CONFIG_KEY_PARAMETERS);
@@ -214,26 +437,26 @@ public class KeyConstraint extends EnrollConstraint {
                 if (!alg.equals(keyType) && !isOptional(keyType)) {
                     throw new ERejectException(
                             CMS.getUserMessage(
-                                getLocale(request),
-                                "CMS_PROFILE_KEY_PARAMS_NOT_MATCHED",
-                                value));
+                                    getLocale(request),
+                                    "CMS_PROFILE_KEY_PARAMS_NOT_MATCHED",
+                                    value));
                 }
 
                 AlgorithmId algid = key.getAlgorithmId();
 
                 CMS.debug("algId: " + algid);
 
-                //Get raw string representation of alg parameters, will give 
-                //us the curve OID.
+                // Get raw string representation of alg parameters, will give
+                // us the curve OID.
 
-                String params =  null;
+                String params = null;
                 if (algid != null) {
                     params = algid.getParametersString();
                 }
 
                 if (params.startsWith("OID.")) {
                     params = params.substring(4);
-                } 
+                }
 
                 CMS.debug("EC key OID: " + params);
                 Vector vect = ecOIDs.get(params);
@@ -244,9 +467,10 @@ public class KeyConstraint extends EnrollConstraint {
                     CMS.debug("vect: " + vect.toString());
 
                     if (!isOptional(keyType)) {
-                        //Check the curve parameters only if explicit ECC or not optional
-                        for (int i = 0 ; i < keyParams.length ; i ++) {
-                            String ecParam =  keyParams[i];
+                        // Check the curve parameters only if explicit ECC or
+                        // not optional
+                        for (int i = 0; i < keyParams.length; i++) {
+                            String ecParam = keyParams[i];
                             CMS.debug("keyParams[i]: " + i + " param: " + ecParam);
                             if (vect.contains(ecParam)) {
                                 curveFound = true;
@@ -260,21 +484,21 @@ public class KeyConstraint extends EnrollConstraint {
                 }
 
                 if (!curveFound) {
-                     CMS.debug("KeyConstraint.validate: EC key constrainst failed.");
+                    CMS.debug("KeyConstraint.validate: EC key constrainst failed.");
                     throw new ERejectException(
                             CMS.getUserMessage(
-                                getLocale(request),
-                                "CMS_PROFILE_KEY_PARAMS_NOT_MATCHED",
-                                value));
+                                    getLocale(request),
+                                    "CMS_PROFILE_KEY_PARAMS_NOT_MATCHED",
+                                    value));
                 }
 
-            }  else {
-                if ( !arrayContainsString(keyParams,Integer.toString(keySize))) {
-                     throw new ERejectException(
+            } else {
+                if (!arrayContainsString(keyParams, Integer.toString(keySize))) {
+                    throw new ERejectException(
                             CMS.getUserMessage(
-                                getLocale(request),
-                                "CMS_PROFILE_KEY_PARAMS_NOT_MATCHED",
-                                value));
+                                    getLocale(request),
+                                    "CMS_PROFILE_KEY_PARAMS_NOT_MATCHED",
+                                    value));
                 }
                 CMS.debug("KeyConstraint.validate: RSA key contraints passed.");
             }
@@ -320,7 +544,7 @@ public class KeyConstraint extends EnrollConstraint {
                 getConfig(CONFIG_KEY_PARAMETERS)
             };
 
-        return CMS.getUserMessage(locale, 
+        return CMS.getUserMessage(locale,
                 "CMS_PROFILE_CONSTRAINT_KEY_TEXT", params);
     }
 
@@ -333,27 +557,27 @@ public class KeyConstraint extends EnrollConstraint {
     }
 
     public void setConfig(String name, String value)
-        throws EPropertyException {
+            throws EPropertyException {
 
         CMS.debug("KeyConstraint.setConfig name: " + name + " value: " + value);
-        //establish keyType, we don't know which order these params will arrive
+        // establish keyType, we don't know which order these params will arrive
         if (name.equals(CONFIG_KEY_TYPE)) {
             keyType = value;
-            if(keyParams.equals(""))
-               return;
+            if (keyParams.equals(""))
+                return;
         }
-        
-        //establish keyParams
+
+        // establish keyParams
         if (name.equals(CONFIG_KEY_PARAMETERS)) {
             CMS.debug("establish keyParams: " + value);
             keyParams = value;
 
-            if(keyType.equals(""))
+            if (keyType.equals(""))
                 return;
         }
-        // All the params we need for validation have been collected, 
+        // All the params we need for validation have been collected,
         // we don't know which order they will show up
-        if (keyType.length() > 0  && keyParams.length() > 0) {
+        if (keyType.length() > 0 && keyParams.length() > 0) {
             String[] params = keyParams.split(",");
             boolean isECCurve = false;
             int keySize = 0;
@@ -361,48 +585,50 @@ public class KeyConstraint extends EnrollConstraint {
             for (int i = 0; i < params.length; i++) {
                 if (keyType.equals("EC")) {
                     if (cfgECCurves == null) {
-                        //Use the static array as a backup if the config values are not present.
-                        isECCurve = arrayContainsString(ecCurves,params[i]);
+                        // Use the static array as a backup if the config values
+                        // are not present.
+                        isECCurve = arrayContainsString(ecCurves, params[i]);
                     } else {
-                        isECCurve = arrayContainsString(cfgECCurves,params[i]);
+                        isECCurve = arrayContainsString(cfgECCurves, params[i]);
                     }
-                    if (isECCurve == false) { //Not a valid EC curve throw exception.
+                    if (isECCurve == false) { // Not a valid EC curve throw
+                                              // exception.
                         keyType = "";
                         keyParams = "";
                         throw new EPropertyException(CMS.getUserMessage(
-                            "CMS_INVALID_PROPERTY", name));
+                                "CMS_INVALID_PROPERTY", name));
                     }
-                }  else {
+                } else {
                     try {
                         keySize = Integer.parseInt(params[i]);
                     } catch (Exception e) {
                         keySize = 0;
                     }
-                    if (keySize <=  0) {
+                    if (keySize <= 0) {
                         keyType = "";
                         keyParams = "";
                         throw new EPropertyException(CMS.getUserMessage(
-                            "CMS_INVALID_PROPERTY", name));
+                                "CMS_INVALID_PROPERTY", name));
                     }
                 }
             }
-       }
-       //Actually set the configuration in the profile
-       super.setConfig(CONFIG_KEY_TYPE, keyType);
-       super.setConfig(CONFIG_KEY_PARAMETERS, keyParams);
+        }
+        // Actually set the configuration in the profile
+        super.setConfig(CONFIG_KEY_TYPE, keyType);
+        super.setConfig(CONFIG_KEY_PARAMETERS, keyParams);
 
-       //Reset the vars for next round.
-       keyType = "";
-       keyParams = "";
+        // Reset the vars for next round.
+        keyType = "";
+        keyParams = "";
     }
 
     private boolean arrayContainsString(String[] array, String value) {
 
         if (array == null || value == null) {
-           return false;
-        } 
+            return false;
+        }
 
-        for (int i = 0 ; i < array.length; i++) {
+        for (int i = 0; i < array.length; i++) {
             if (array[i].equals(value)) {
                 return true;
             }
@@ -411,4 +637,3 @@ public class KeyConstraint extends EnrollConstraint {
         return false;
     }
 }
-
diff --git a/pki/base/common/src/com/netscape/cms/profile/constraint/KeyUsageExtConstraint.java b/pki/base/common/src/com/netscape/cms/profile/constraint/KeyUsageExtConstraint.java
index 4a483b43..fac28bf9 100644
--- a/pki/base/common/src/com/netscape/cms/profile/constraint/KeyUsageExtConstraint.java
+++ b/pki/base/common/src/com/netscape/cms/profile/constraint/KeyUsageExtConstraint.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.profile.constraint;
 
-
 import java.util.Locale;
 
 import netscape.security.x509.KeyUsageExtension;
@@ -37,25 +36,23 @@ import com.netscape.cms.profile.def.KeyUsageExtDefault;
 import com.netscape.cms.profile.def.NoDefault;
 import com.netscape.cms.profile.def.UserExtensionDefault;
 
-
 /**
- * This class implements the key usage extension constraint.
- * It checks if the key usage constraint in the certificate
- * template satisfies the criteria.
- *
+ * This class implements the key usage extension constraint. It checks if the
+ * key usage constraint in the certificate template satisfies the criteria.
+ * 
  * @version $Revision$, $Date$
  */
 public class KeyUsageExtConstraint extends EnrollConstraint {
 
     public static final String CONFIG_CRITICAL = "keyUsageCritical";
     public static final String CONFIG_DIGITAL_SIGNATURE =
-        "keyUsageDigitalSignature";
+            "keyUsageDigitalSignature";
     public static final String CONFIG_NON_REPUDIATION =
-        "keyUsageNonRepudiation";
+            "keyUsageNonRepudiation";
     public static final String CONFIG_KEY_ENCIPHERMENT =
-        "keyUsageKeyEncipherment";
+            "keyUsageKeyEncipherment";
     public static final String CONFIG_DATA_ENCIPHERMENT =
-        "keyUsageDataEncipherment";
+            "keyUsageDataEncipherment";
     public static final String CONFIG_KEY_AGREEMENT = "keyUsageKeyAgreement";
     public static final String CONFIG_KEY_CERTSIGN = "keyUsageKeyCertSign";
     public static final String CONFIG_CRL_SIGN = "keyUsageCrlSign";
@@ -77,12 +74,12 @@ public class KeyUsageExtConstraint extends EnrollConstraint {
     }
 
     public void init(IProfile profile, IConfigStore config)
-        throws EProfileException {
+            throws EProfileException {
         super.init(profile, config);
 
     }
 
-    public IDescriptor getConfigDescriptor(Locale locale, String name) { 
+    public IDescriptor getConfigDescriptor(Locale locale, String name) {
         if (name.equals(CONFIG_CRITICAL)) {
             return new Descriptor(IDescriptor.CHOICE, "true,false,-",
                     "-",
@@ -134,20 +131,19 @@ public class KeyUsageExtConstraint extends EnrollConstraint {
     }
 
     /**
-     * Validates the request. The request is not modified
-     * during the validation.
+     * Validates the request. The request is not modified during the validation.
      */
     public void validate(IRequest request, X509CertInfo info)
-        throws ERejectException {
-        KeyUsageExtension ext = (KeyUsageExtension) 
-            getExtension(PKIXExtensions.KeyUsage_Id.toString(), info);
+            throws ERejectException {
+        KeyUsageExtension ext = (KeyUsageExtension)
+                getExtension(PKIXExtensions.KeyUsage_Id.toString(), info);
 
         if (ext == null) {
             throw new ERejectException(
                     CMS.getUserMessage(
-                        getLocale(request),
-                        "CMS_PROFILE_EXTENSION_NOT_FOUND",
-                        PKIXExtensions.KeyUsage_Id.toString()));
+                            getLocale(request),
+                            "CMS_PROFILE_EXTENSION_NOT_FOUND",
+                            PKIXExtensions.KeyUsage_Id.toString()));
         }
 
         boolean[] bits = ext.getBits();
@@ -156,10 +152,10 @@ public class KeyUsageExtConstraint extends EnrollConstraint {
         if (!isOptional(value)) {
             boolean critical = getBoolean(value);
 
-            if (critical != ext.isCritical()) { 
-                throw new ERejectException( 
-                        CMS.getUserMessage(getLocale(request), 
-                            "CMS_PROFILE_CRITICAL_NOT_MATCHED"));
+            if (critical != ext.isCritical()) {
+                throw new ERejectException(
+                        CMS.getUserMessage(getLocale(request),
+                                "CMS_PROFILE_CRITICAL_NOT_MATCHED"));
             }
         }
         value = getConfig(CONFIG_DIGITAL_SIGNATURE);
@@ -167,99 +163,99 @@ public class KeyUsageExtConstraint extends EnrollConstraint {
             boolean bit = getBoolean(value);
 
             if (bit != isSet(bits, 0)) {
-                throw new ERejectException( 
-                        CMS.getUserMessage(getLocale(request), 
-                            "CMS_PROFILE_DIGITAL_SIGNATURE_NOT_MATCHED",
-                            value));
-            } 
+                throw new ERejectException(
+                        CMS.getUserMessage(getLocale(request),
+                                "CMS_PROFILE_DIGITAL_SIGNATURE_NOT_MATCHED",
+                                value));
+            }
         }
         value = getConfig(CONFIG_NON_REPUDIATION);
         if (!isOptional(value)) {
             boolean bit = getBoolean(value);
 
             if (bit != isSet(bits, 1)) {
-                throw new ERejectException( 
-                        CMS.getUserMessage(getLocale(request), 
-                            "CMS_PROFILE_NON_REPUDIATION_NOT_MATCHED",
-                            value));
-            } 
+                throw new ERejectException(
+                        CMS.getUserMessage(getLocale(request),
+                                "CMS_PROFILE_NON_REPUDIATION_NOT_MATCHED",
+                                value));
+            }
         }
         value = getConfig(CONFIG_KEY_ENCIPHERMENT);
         if (!isOptional(value)) {
             boolean bit = getBoolean(value);
 
             if (bit != isSet(bits, 2)) {
-                throw new ERejectException( 
-                        CMS.getUserMessage(getLocale(request), 
-                            "CMS_PROFILE_KEY_ENCIPHERMENT_NOT_MATCHED",
-                            value));
-            } 
+                throw new ERejectException(
+                        CMS.getUserMessage(getLocale(request),
+                                "CMS_PROFILE_KEY_ENCIPHERMENT_NOT_MATCHED",
+                                value));
+            }
         }
         value = getConfig(CONFIG_DATA_ENCIPHERMENT);
         if (!isOptional(value)) {
             boolean bit = getBoolean(value);
 
             if (bit != isSet(bits, 3)) {
-                throw new ERejectException( 
-                        CMS.getUserMessage(getLocale(request), 
-                            "CMS_PROFILE_DATA_ENCIPHERMENT_NOT_MATCHED",
-                            value));
-            } 
+                throw new ERejectException(
+                        CMS.getUserMessage(getLocale(request),
+                                "CMS_PROFILE_DATA_ENCIPHERMENT_NOT_MATCHED",
+                                value));
+            }
         }
         value = getConfig(CONFIG_KEY_AGREEMENT);
         if (!isOptional(value)) {
             boolean bit = getBoolean(value);
 
             if (bit != isSet(bits, 4)) {
-                throw new ERejectException( 
-                        CMS.getUserMessage(getLocale(request), 
-                            "CMS_PROFILE_KEY_AGREEMENT_NOT_MATCHED",
-                            value));
-            } 
+                throw new ERejectException(
+                        CMS.getUserMessage(getLocale(request),
+                                "CMS_PROFILE_KEY_AGREEMENT_NOT_MATCHED",
+                                value));
+            }
         }
         value = getConfig(CONFIG_KEY_CERTSIGN);
         if (!isOptional(value)) {
             boolean bit = getBoolean(value);
 
             if (bit != isSet(bits, 5)) {
-                throw new ERejectException( 
-                        CMS.getUserMessage(getLocale(request), 
-                            "CMS_PROFILE_KEY_CERTSIGN_NOT_MATCHED",
-                            value));
-            } 
+                throw new ERejectException(
+                        CMS.getUserMessage(getLocale(request),
+                                "CMS_PROFILE_KEY_CERTSIGN_NOT_MATCHED",
+                                value));
+            }
         }
         value = getConfig(CONFIG_CRL_SIGN);
         if (!isOptional(value)) {
             boolean bit = getBoolean(value);
 
             if (bit != isSet(bits, 6)) {
-                throw new ERejectException( 
-                        CMS.getUserMessage(getLocale(request), 
-                            "CMS_PROFILE_CRL_SIGN_NOT_MATCHED",
-                            value));
-            } 
+                throw new ERejectException(
+                        CMS.getUserMessage(getLocale(request),
+                                "CMS_PROFILE_CRL_SIGN_NOT_MATCHED",
+                                value));
+            }
         }
         value = getConfig(CONFIG_ENCIPHER_ONLY);
         if (!isOptional(value)) {
             boolean bit = getBoolean(value);
 
             if (bit != isSet(bits, 7)) {
-                throw new ERejectException( 
-                        CMS.getUserMessage(getLocale(request), 
-                            "CMS_PROFILE_ENCIPHER_ONLY_NOT_MATCHED",
-                            value));
-            } 
+                throw new ERejectException(
+                        CMS.getUserMessage(getLocale(request),
+                                "CMS_PROFILE_ENCIPHER_ONLY_NOT_MATCHED",
+                                value));
+            }
         }
         value = getConfig(CONFIG_DECIPHER_ONLY);
         if (!isOptional(value)) {
             boolean bit = getBoolean(value);
 
             if (bit != isSet(bits, 8)) {
-                throw new ERejectException( 
-                        CMS.getUserMessage(getLocale(request), 
-                            "CMS_PROFILE_DECIPHER_ONLY_NOT_MATCHED",
-                            value));
-            } 
+                throw new ERejectException(
+                        CMS.getUserMessage(getLocale(request),
+                                "CMS_PROFILE_DECIPHER_ONLY_NOT_MATCHED",
+                                value));
+            }
         }
     }
 
@@ -277,7 +273,7 @@ public class KeyUsageExtConstraint extends EnrollConstraint {
                 getConfig(CONFIG_DECIPHER_ONLY)
             };
 
-        return CMS.getUserMessage(locale, 
+        return CMS.getUserMessage(locale,
                 "CMS_PROFILE_CONSTRAINT_KEY_USAGE_EXT_TEXT", params);
     }
 
diff --git a/pki/base/common/src/com/netscape/cms/profile/constraint/NSCertTypeExtConstraint.java b/pki/base/common/src/com/netscape/cms/profile/constraint/NSCertTypeExtConstraint.java
index fe20b766..a49152df 100644
--- a/pki/base/common/src/com/netscape/cms/profile/constraint/NSCertTypeExtConstraint.java
+++ b/pki/base/common/src/com/netscape/cms/profile/constraint/NSCertTypeExtConstraint.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.profile.constraint;
 
-
 import java.util.Locale;
 
 import netscape.security.extensions.NSCertTypeExtension;
@@ -36,12 +35,11 @@ import com.netscape.cms.profile.def.NSCertTypeExtDefault;
 import com.netscape.cms.profile.def.NoDefault;
 import com.netscape.cms.profile.def.UserExtensionDefault;
 
-
 /**
- * This class implements the Netscape certificate type extension constraint.
- * It checks if the Netscape certificate type extension in the certificate
- * template satisfies the criteria.
- *
+ * This class implements the Netscape certificate type extension constraint. It
+ * checks if the Netscape certificate type extension in the certificate template
+ * satisfies the criteria.
+ * 
  * @version $Revision$, $Date$
  */
 public class NSCertTypeExtConstraint extends EnrollConstraint {
@@ -68,11 +66,11 @@ public class NSCertTypeExtConstraint extends EnrollConstraint {
     }
 
     public void init(IProfile profile, IConfigStore config)
-        throws EProfileException {
+            throws EProfileException {
         super.init(profile, config);
     }
 
-    public IDescriptor getConfigDescriptor(Locale locale, String name) { 
+    public IDescriptor getConfigDescriptor(Locale locale, String name) {
         if (name.equals(CONFIG_CRITICAL)) {
             return new Descriptor(IDescriptor.CHOICE, "true,false,-",
                     "-",
@@ -104,27 +102,26 @@ public class NSCertTypeExtConstraint extends EnrollConstraint {
         } else if (name.equals(CONFIG_OBJECT_SIGNING_CA)) {
             return new Descriptor(IDescriptor.CHOICE, "true,false,-",
                     "-",
-                    CMS.getUserMessage(locale, 
-                        "CMS_PROFILE_OBJECT_SIGNING_CA"));
+                    CMS.getUserMessage(locale,
+                            "CMS_PROFILE_OBJECT_SIGNING_CA"));
         }
         return null;
     }
 
     /**
-     * Validates the request. The request is not modified
-     * during the validation.
+     * Validates the request. The request is not modified during the validation.
      */
     public void validate(IRequest request, X509CertInfo info)
-        throws ERejectException {
+            throws ERejectException {
         NSCertTypeExtension ext = (NSCertTypeExtension)
-            getExtension(NSCertTypeExtension.CertType_Id.toString(), info);
+                getExtension(NSCertTypeExtension.CertType_Id.toString(), info);
 
         if (ext == null) {
             throw new ERejectException(
                     CMS.getUserMessage(
-                        getLocale(request),
-                        "CMS_PROFILE_EXTENSION_NOT_FOUND",
-                        NSCertTypeExtension.CertType_Id.toString()));
+                            getLocale(request),
+                            "CMS_PROFILE_EXTENSION_NOT_FOUND",
+                            NSCertTypeExtension.CertType_Id.toString()));
         }
 
         String value = getConfig(CONFIG_CRITICAL);
@@ -132,10 +129,10 @@ public class NSCertTypeExtConstraint extends EnrollConstraint {
         if (!isOptional(value)) {
             boolean critical = getBoolean(value);
 
-            if (critical != ext.isCritical()) { 
-                throw new ERejectException( 
-                        CMS.getUserMessage(getLocale(request), 
-                            "CMS_PROFILE_CRITICAL_NOT_MATCHED"));
+            if (critical != ext.isCritical()) {
+                throw new ERejectException(
+                        CMS.getUserMessage(getLocale(request),
+                                "CMS_PROFILE_CRITICAL_NOT_MATCHED"));
             }
         }
         value = getConfig(CONFIG_SSL_CLIENT);
@@ -143,10 +140,10 @@ public class NSCertTypeExtConstraint extends EnrollConstraint {
             boolean bit = getBoolean(value);
 
             if (bit != ext.isSet(0)) {
-                throw new ERejectException( 
-                        CMS.getUserMessage(getLocale(request), 
-                            "CMS_PROFILE_SSL_CLIENT_NOT_MATCHED",
-                            value));
+                throw new ERejectException(
+                        CMS.getUserMessage(getLocale(request),
+                                "CMS_PROFILE_SSL_CLIENT_NOT_MATCHED",
+                                value));
             }
         }
         value = getConfig(CONFIG_SSL_SERVER);
@@ -154,10 +151,10 @@ public class NSCertTypeExtConstraint extends EnrollConstraint {
             boolean bit = getBoolean(value);
 
             if (bit != ext.isSet(1)) {
-                throw new ERejectException( 
-                        CMS.getUserMessage(getLocale(request), 
-                            "CMS_PROFILE_SSL_SERVER_NOT_MATCHED",
-                            value));
+                throw new ERejectException(
+                        CMS.getUserMessage(getLocale(request),
+                                "CMS_PROFILE_SSL_SERVER_NOT_MATCHED",
+                                value));
             }
         }
         value = getConfig(CONFIG_EMAIL);
@@ -165,10 +162,10 @@ public class NSCertTypeExtConstraint extends EnrollConstraint {
             boolean bit = getBoolean(value);
 
             if (bit != ext.isSet(2)) {
-                throw new ERejectException( 
-                        CMS.getUserMessage(getLocale(request), 
-                            "CMS_PROFILE_EMAIL_NOT_MATCHED",
-                            value));
+                throw new ERejectException(
+                        CMS.getUserMessage(getLocale(request),
+                                "CMS_PROFILE_EMAIL_NOT_MATCHED",
+                                value));
             }
         }
         value = getConfig(CONFIG_OBJECT_SIGNING);
@@ -176,10 +173,10 @@ public class NSCertTypeExtConstraint extends EnrollConstraint {
             boolean bit = getBoolean(value);
 
             if (bit != ext.isSet(3)) {
-                throw new ERejectException( 
-                        CMS.getUserMessage(getLocale(request), 
-                            "CMS_PROFILE_OBJECT_SIGNING_NOT_MATCHED",
-                            value));
+                throw new ERejectException(
+                        CMS.getUserMessage(getLocale(request),
+                                "CMS_PROFILE_OBJECT_SIGNING_NOT_MATCHED",
+                                value));
             }
         }
         value = getConfig(CONFIG_SSL_CA);
@@ -187,10 +184,10 @@ public class NSCertTypeExtConstraint extends EnrollConstraint {
             boolean bit = getBoolean(value);
 
             if (bit != ext.isSet(4)) {
-                throw new ERejectException( 
-                        CMS.getUserMessage(getLocale(request), 
-                            "CMS_PROFILE_SSL_CA_NOT_MATCHED",
-                            value));
+                throw new ERejectException(
+                        CMS.getUserMessage(getLocale(request),
+                                "CMS_PROFILE_SSL_CA_NOT_MATCHED",
+                                value));
             }
         }
         value = getConfig(CONFIG_EMAIL_CA);
@@ -198,10 +195,10 @@ public class NSCertTypeExtConstraint extends EnrollConstraint {
             boolean bit = getBoolean(value);
 
             if (bit != ext.isSet(5)) {
-                throw new ERejectException( 
-                        CMS.getUserMessage(getLocale(request), 
-                            "CMS_PROFILE_EMAIL_CA_NOT_MATCHED",
-                            value));
+                throw new ERejectException(
+                        CMS.getUserMessage(getLocale(request),
+                                "CMS_PROFILE_EMAIL_CA_NOT_MATCHED",
+                                value));
             }
         }
         value = getConfig(CONFIG_OBJECT_SIGNING_CA);
@@ -209,10 +206,10 @@ public class NSCertTypeExtConstraint extends EnrollConstraint {
             boolean bit = getBoolean(value);
 
             if (bit != ext.isSet(6)) {
-                throw new ERejectException( 
-                        CMS.getUserMessage(getLocale(request), 
-                            "CMS_PROFILE_OBJECT_SIGNING_CA_NOT_MATCHED",
-                            value));
+                throw new ERejectException(
+                        CMS.getUserMessage(getLocale(request),
+                                "CMS_PROFILE_OBJECT_SIGNING_CA_NOT_MATCHED",
+                                value));
             }
         }
     }
@@ -229,7 +226,7 @@ public class NSCertTypeExtConstraint extends EnrollConstraint {
                 getConfig(CONFIG_OBJECT_SIGNING_CA)
             };
 
-        return CMS.getUserMessage(locale, 
+        return CMS.getUserMessage(locale,
                 "CMS_PROFILE_CONSTRAINT_NS_CERT_EXT_TEXT", params);
     }
 
diff --git a/pki/base/common/src/com/netscape/cms/profile/constraint/NoConstraint.java b/pki/base/common/src/com/netscape/cms/profile/constraint/NoConstraint.java
index 108c32b1..01eeefca 100644
--- a/pki/base/common/src/com/netscape/cms/profile/constraint/NoConstraint.java
+++ b/pki/base/common/src/com/netscape/cms/profile/constraint/NoConstraint.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.profile.constraint;
 
-
 import java.util.Enumeration;
 import java.util.Locale;
 import java.util.Vector;
@@ -34,17 +33,16 @@ import com.netscape.certsrv.property.EPropertyException;
 import com.netscape.certsrv.property.IDescriptor;
 import com.netscape.certsrv.request.IRequest;
 
-
 /**
  * This class implements no constraint.
- *
+ * 
  * @version $Revision$, $Date$
  */
 public class NoConstraint implements IPolicyConstraint {
 
     public static final String CONFIG_NAME = "name";
 
-    private IConfigStore mConfig = null; 
+    private IConfigStore mConfig = null;
     private Vector mNames = new Vector();
 
     public Enumeration getConfigNames() {
@@ -56,7 +54,7 @@ public class NoConstraint implements IPolicyConstraint {
     }
 
     public void setConfig(String name, String value)
-        throws EPropertyException {
+            throws EPropertyException {
     }
 
     public String getConfig(String name) {
@@ -68,7 +66,7 @@ public class NoConstraint implements IPolicyConstraint {
     }
 
     public void init(IProfile profile, IConfigStore config)
-        throws EProfileException {
+            throws EProfileException {
         mConfig = config;
     }
 
@@ -77,15 +75,14 @@ public class NoConstraint implements IPolicyConstraint {
     }
 
     /**
-     * Validates the request. The request is not modified
-     * during the validation.
+     * Validates the request. The request is not modified during the validation.
      */
     public void validate(IRequest request)
-        throws ERejectException {
+            throws ERejectException {
     }
 
     public String getText(Locale locale) {
-        return CMS.getUserMessage(locale, 
+        return CMS.getUserMessage(locale,
                 "CMS_PROFILE_CONSTRAINT_NO_CONSTRAINT_TEXT");
     }
 
diff --git a/pki/base/common/src/com/netscape/cms/profile/constraint/RenewGracePeriodConstraint.java b/pki/base/common/src/com/netscape/cms/profile/constraint/RenewGracePeriodConstraint.java
index 91d5a46a..b41e1b2e 100644
--- a/pki/base/common/src/com/netscape/cms/profile/constraint/RenewGracePeriodConstraint.java
+++ b/pki/base/common/src/com/netscape/cms/profile/constraint/RenewGracePeriodConstraint.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.profile.constraint;
 
-
 import java.math.BigInteger;
 import java.util.Date;
 import java.util.Locale;
@@ -36,17 +35,16 @@ import com.netscape.certsrv.property.IDescriptor;
 import com.netscape.certsrv.request.IRequest;
 import com.netscape.cms.profile.def.NoDefault;
 
-
 /**
- * This class supports renewal grace period, which has two
- * parameters: graceBefore and graceAfter
- *
+ * This class supports renewal grace period, which has two parameters:
+ * graceBefore and graceAfter
+ * 
  * @author Christina Fu
  * @version $Revision$, $Date$
  */
 public class RenewGracePeriodConstraint extends EnrollConstraint {
 
-    // for renewal: # of days before the orig cert expiration date 
+    // for renewal: # of days before the orig cert expiration date
     public static final String CONFIG_RENEW_GRACE_BEFORE = "renewal.graceBefore";
     // for renewal: # of days after the orig cert expiration date
     public static final String CONFIG_RENEW_GRACE_AFTER = "renewal.graceAfter";
@@ -58,20 +56,20 @@ public class RenewGracePeriodConstraint extends EnrollConstraint {
     }
 
     public void init(IProfile profile, IConfigStore config)
-        throws EProfileException {
+            throws EProfileException {
         super.init(profile, config);
     }
 
     public void setConfig(String name, String value)
-        throws EPropertyException {
-        if ( name.equals(CONFIG_RENEW_GRACE_BEFORE) ||
-            name.equals(CONFIG_RENEW_GRACE_AFTER)) {
-          try {
-            Integer.parseInt(value);
-          } catch (Exception e) {
+            throws EPropertyException {
+        if (name.equals(CONFIG_RENEW_GRACE_BEFORE) ||
+                name.equals(CONFIG_RENEW_GRACE_AFTER)) {
+            try {
+                Integer.parseInt(value);
+            } catch (Exception e) {
                 throw new EPropertyException(CMS.getUserMessage(
-                            "CMS_INVALID_PROPERTY", CONFIG_RENEW_GRACE_BEFORE +" or "+ CONFIG_RENEW_GRACE_AFTER));
-          }
+                            "CMS_INVALID_PROPERTY", CONFIG_RENEW_GRACE_BEFORE + " or " + CONFIG_RENEW_GRACE_AFTER));
+            }
         }
         super.setConfig(name, value);
     }
@@ -88,75 +86,73 @@ public class RenewGracePeriodConstraint extends EnrollConstraint {
     }
 
     public void validate(IRequest req, X509CertInfo info)
-        throws ERejectException {
-           String origExpDate_s = req.getExtDataInString("origNotAfter");
-           // probably not for renewal
-           if (origExpDate_s == null) {
-               return;
-           } else {
-               CMS.debug("validate RenewGracePeriod: original cert expiration date found... renewing");
-           }
-           CMS.debug("ValidilityConstraint: validateRenewGraceperiod begins");
-           BigInteger origExpDate_BI = new BigInteger(origExpDate_s);
-           Date origExpDate = new Date(origExpDate_BI.longValue());
-           String renew_grace_before_s = getConfig(CONFIG_RENEW_GRACE_BEFORE);
-           String renew_grace_after_s = getConfig(CONFIG_RENEW_GRACE_AFTER);
-           int renew_grace_before = 0;
-           int renew_grace_after = 0;
-           BigInteger renew_grace_before_BI = new BigInteger(renew_grace_before_s);
-           BigInteger renew_grace_after_BI= new BigInteger(renew_grace_after_s);
-
-           // -1 means no limit
-           if (renew_grace_before_s == "")
-               renew_grace_before = -1;
-           else
-               renew_grace_before = Integer.parseInt(renew_grace_before_s);
-
-           if (renew_grace_after_s == "")
-               renew_grace_after = -1;
-           else
-               renew_grace_after = Integer.parseInt(renew_grace_after_s);
-
-           if (renew_grace_before > 0)
-               renew_grace_before_BI = renew_grace_before_BI.multiply(BigInteger.valueOf(1000 * 86400));
-           if (renew_grace_after > 0)
-               renew_grace_after_BI = renew_grace_after_BI.multiply(BigInteger.valueOf(1000 * 86400));
-
-           Date current = CMS.getCurrentDate();
-           long millisDiff = origExpDate.getTime() - current.getTime();
-           CMS.debug("validateRenewGracePeriod: millisDiff=" + millisDiff + " origExpDate=" + origExpDate.getTime() + " current=" + current.getTime());
-
-           /*
-            * "days", if positive, has to be less than renew_grace_before
-            * "days", if negative, means already past expiration date,
-            *     (abs value) has to be less than renew_grace_after
-            * if renew_grace_before or renew_grace_after are negative
-            *    the one with negative value is ignored
-            */
-           if (millisDiff >= 0) {
-               if ((renew_grace_before>0) && (millisDiff > renew_grace_before_BI.longValue())) {
-                   throw new ERejectException(CMS.getUserMessage(getLocale(req),
-                        "CMS_PROFILE_RENEW_OUTSIDE_GRACE_PERIOD", 
-                        renew_grace_before+" days before and "+
-                        renew_grace_after+" days after original cert expiration date"));
-               }
-           } else {
-               if ((renew_grace_after > 0) && ((0-millisDiff) > renew_grace_after_BI.longValue())) {
-                   throw new ERejectException(CMS.getUserMessage(getLocale(req),
-                        "CMS_PROFILE_RENEW_OUTSIDE_GRACE_PERIOD", 
-                        renew_grace_before+" days before and "+
-                        renew_grace_after+" days after original cert expiration date"));
-               }
-           }
+            throws ERejectException {
+        String origExpDate_s = req.getExtDataInString("origNotAfter");
+        // probably not for renewal
+        if (origExpDate_s == null) {
+            return;
+        } else {
+            CMS.debug("validate RenewGracePeriod: original cert expiration date found... renewing");
+        }
+        CMS.debug("ValidilityConstraint: validateRenewGraceperiod begins");
+        BigInteger origExpDate_BI = new BigInteger(origExpDate_s);
+        Date origExpDate = new Date(origExpDate_BI.longValue());
+        String renew_grace_before_s = getConfig(CONFIG_RENEW_GRACE_BEFORE);
+        String renew_grace_after_s = getConfig(CONFIG_RENEW_GRACE_AFTER);
+        int renew_grace_before = 0;
+        int renew_grace_after = 0;
+        BigInteger renew_grace_before_BI = new BigInteger(renew_grace_before_s);
+        BigInteger renew_grace_after_BI = new BigInteger(renew_grace_after_s);
+
+        // -1 means no limit
+        if (renew_grace_before_s == "")
+            renew_grace_before = -1;
+        else
+            renew_grace_before = Integer.parseInt(renew_grace_before_s);
+
+        if (renew_grace_after_s == "")
+            renew_grace_after = -1;
+        else
+            renew_grace_after = Integer.parseInt(renew_grace_after_s);
+
+        if (renew_grace_before > 0)
+            renew_grace_before_BI = renew_grace_before_BI.multiply(BigInteger.valueOf(1000 * 86400));
+        if (renew_grace_after > 0)
+            renew_grace_after_BI = renew_grace_after_BI.multiply(BigInteger.valueOf(1000 * 86400));
+
+        Date current = CMS.getCurrentDate();
+        long millisDiff = origExpDate.getTime() - current.getTime();
+        CMS.debug("validateRenewGracePeriod: millisDiff=" + millisDiff + " origExpDate=" + origExpDate.getTime() + " current=" + current.getTime());
+
+        /*
+         * "days", if positive, has to be less than renew_grace_before "days",
+         * if negative, means already past expiration date, (abs value) has to
+         * be less than renew_grace_after if renew_grace_before or
+         * renew_grace_after are negative the one with negative value is ignored
+         */
+        if (millisDiff >= 0) {
+            if ((renew_grace_before > 0) && (millisDiff > renew_grace_before_BI.longValue())) {
+                throw new ERejectException(CMS.getUserMessage(getLocale(req),
+                        "CMS_PROFILE_RENEW_OUTSIDE_GRACE_PERIOD",
+                        renew_grace_before + " days before and " +
+                                renew_grace_after + " days after original cert expiration date"));
+            }
+        } else {
+            if ((renew_grace_after > 0) && ((0 - millisDiff) > renew_grace_after_BI.longValue())) {
+                throw new ERejectException(CMS.getUserMessage(getLocale(req),
+                        "CMS_PROFILE_RENEW_OUTSIDE_GRACE_PERIOD",
+                        renew_grace_before + " days before and " +
+                                renew_grace_after + " days after original cert expiration date"));
+            }
+        }
     }
 
-
     public String getText(Locale locale) {
         String renew_grace_before_s = getConfig(CONFIG_RENEW_GRACE_BEFORE);
-        String renew_grace_after_s= getConfig(CONFIG_RENEW_GRACE_AFTER);
-        return CMS.getUserMessage(locale, "CMS_PROFILE_CONSTRAINT_VALIDITY_TEXT", 
-                        renew_grace_before_s+" days before and "+
-                        renew_grace_after_s+" days after original cert expiration date");
+        String renew_grace_after_s = getConfig(CONFIG_RENEW_GRACE_AFTER);
+        return CMS.getUserMessage(locale, "CMS_PROFILE_CONSTRAINT_VALIDITY_TEXT",
+                        renew_grace_before_s + " days before and " +
+                                renew_grace_after_s + " days after original cert expiration date");
     }
 
     public boolean isApplicable(IPolicyDefault def) {
diff --git a/pki/base/common/src/com/netscape/cms/profile/constraint/SigningAlgConstraint.java b/pki/base/common/src/com/netscape/cms/profile/constraint/SigningAlgConstraint.java
index f570c26e..12261862 100644
--- a/pki/base/common/src/com/netscape/cms/profile/constraint/SigningAlgConstraint.java
+++ b/pki/base/common/src/com/netscape/cms/profile/constraint/SigningAlgConstraint.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.profile.constraint;
 
-
 import java.util.Locale;
 import java.util.StringTokenizer;
 import java.util.Vector;
@@ -40,12 +39,10 @@ import com.netscape.cms.profile.def.NoDefault;
 import com.netscape.cms.profile.def.SigningAlgDefault;
 import com.netscape.cms.profile.def.UserSigningAlgDefault;
 
-
 /**
- * This class implements the signing algorithm constraint.
- * It checks if the signing algorithm in the certificate
- * template satisfies the criteria.
- *
+ * This class implements the signing algorithm constraint. It checks if the
+ * signing algorithm in the certificate template satisfies the criteria.
+ * 
  * @version $Revision$, $Date$
  */
 public class SigningAlgConstraint extends EnrollConstraint {
@@ -69,29 +66,28 @@ public class SigningAlgConstraint extends EnrollConstraint {
     }
 
     public void init(IProfile profile, IConfigStore config)
-        throws EProfileException {
+            throws EProfileException {
         super.init(profile, config);
     }
 
     public void setConfig(String name, String value)
-        throws EPropertyException {
+            throws EPropertyException {
 
         if (mConfig.getSubStore("params") == null) {
             CMS.debug("SigningAlgConstraint: mConfig.getSubStore is null");
         } else {
-            CMS.debug("SigningAlgConstraint: setConfig name=" + name + 
-                 " value=" + value);
-
-            if(name.equals(CONFIG_ALGORITHMS_ALLOWED))
-            {
-              StringTokenizer st = new StringTokenizer(value, ",");
-              while (st.hasMoreTokens()) {
-                 String v = st.nextToken();
-                 if (DEF_CONFIG_ALGORITHMS.indexOf(v) == -1) {
-                   throw new EPropertyException(
-                      CMS.getUserMessage("CMS_PROFILE_PROPERTY_ERROR", v));
-                 }
-              }
+            CMS.debug("SigningAlgConstraint: setConfig name=" + name +
+                    " value=" + value);
+
+            if (name.equals(CONFIG_ALGORITHMS_ALLOWED)) {
+                StringTokenizer st = new StringTokenizer(value, ",");
+                while (st.hasMoreTokens()) {
+                    String v = st.nextToken();
+                    if (DEF_CONFIG_ALGORITHMS.indexOf(v) == -1) {
+                        throw new EPropertyException(
+                                CMS.getUserMessage("CMS_PROFILE_PROPERTY_ERROR", v));
+                    }
+                }
             }
             mConfig.getSubStore("params").putString(name, value);
         }
@@ -101,24 +97,23 @@ public class SigningAlgConstraint extends EnrollConstraint {
         if (name.equals(CONFIG_ALGORITHMS_ALLOWED)) {
             return new Descriptor(IDescriptor.STRING, null,
                     DEF_CONFIG_ALGORITHMS,
-                    CMS.getUserMessage(locale, 
-                        "CMS_PROFILE_SIGNING_ALGORITHMS_ALLOWED"));
+                    CMS.getUserMessage(locale,
+                            "CMS_PROFILE_SIGNING_ALGORITHMS_ALLOWED"));
         }
         return null;
     }
 
     /**
-     * Validates the request. The request is not modified
-     * during the validation.
+     * Validates the request. The request is not modified during the validation.
      */
     public void validate(IRequest request, X509CertInfo info)
-        throws ERejectException {
+            throws ERejectException {
         CertificateAlgorithmId algId = null;
 
         try {
             algId = (CertificateAlgorithmId) info.get(X509CertInfo.ALGORITHM_ID);
             AlgorithmId id = (AlgorithmId)
-                algId.get(CertificateAlgorithmId.ALGORITHM);
+                    algId.get(CertificateAlgorithmId.ALGORITHM);
 
             Vector mCache = new Vector();
             StringTokenizer st = new StringTokenizer(
@@ -132,7 +127,7 @@ public class SigningAlgConstraint extends EnrollConstraint {
 
             if (!mCache.contains(id.toString())) {
                 throw new ERejectException(CMS.getUserMessage(
-                            getLocale(request), 
+                            getLocale(request),
                             "CMS_PROFILE_SIGNING_ALGORITHM_NOT_MATCHED", id.toString()));
             }
         } catch (Exception e) {
diff --git a/pki/base/common/src/com/netscape/cms/profile/constraint/SubjectNameConstraint.java b/pki/base/common/src/com/netscape/cms/profile/constraint/SubjectNameConstraint.java
index 7ce32f00..9ca8d452 100644
--- a/pki/base/common/src/com/netscape/cms/profile/constraint/SubjectNameConstraint.java
+++ b/pki/base/common/src/com/netscape/cms/profile/constraint/SubjectNameConstraint.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.profile.constraint;
 
-
 import java.io.IOException;
 import java.util.Locale;
 
@@ -38,12 +37,10 @@ import com.netscape.cms.profile.def.NoDefault;
 import com.netscape.cms.profile.def.SubjectNameDefault;
 import com.netscape.cms.profile.def.UserSubjectNameDefault;
 
-
 /**
- * This class implements the subject name constraint.
- * It checks if the subject name in the certificate
- * template satisfies the criteria.
- *
+ * This class implements the subject name constraint. It checks if the subject
+ * name in the certificate template satisfies the criteria.
+ * 
  * @version $Revision$, $Date$
  */
 public class SubjectNameConstraint extends EnrollConstraint {
@@ -56,13 +53,13 @@ public class SubjectNameConstraint extends EnrollConstraint {
     }
 
     public void init(IProfile profile, IConfigStore config)
-        throws EProfileException {
+            throws EProfileException {
         super.init(profile, config);
     }
 
-    public IDescriptor getConfigDescriptor(Locale locale, String name) { 
-        if (name.equals(CONFIG_PATTERN)) { 
-            return new Descriptor(IDescriptor.STRING, 
+    public IDescriptor getConfigDescriptor(Locale locale, String name) {
+        if (name.equals(CONFIG_PATTERN)) {
+            return new Descriptor(IDescriptor.STRING,
                     null, null,
                     CMS.getUserMessage(locale, "CMS_PROFILE_SUBJECT_NAME_PATTERN"));
         } else {
@@ -75,22 +72,21 @@ public class SubjectNameConstraint extends EnrollConstraint {
     }
 
     /**
-     * Validates the request. The request is not modified
-     * during the validation.
+     * Validates the request. The request is not modified during the validation.
      */
     public void validate(IRequest request, X509CertInfo info)
-        throws ERejectException {
+            throws ERejectException {
         CMS.debug("SubjectNameConstraint: validate start");
         CertificateSubjectName sn = null;
 
         try {
             sn = (CertificateSubjectName) info.get(X509CertInfo.SUBJECT);
-            CMS.debug("SubjectNameConstraint: validate cert subject ="+
+            CMS.debug("SubjectNameConstraint: validate cert subject =" +
                          sn.toString());
         } catch (Exception e) {
             throw new ERejectException(
-                    CMS.getUserMessage(getLocale(request), 
-                        "CMS_PROFILE_SUBJECT_NAME_NOT_FOUND"));
+                    CMS.getUserMessage(getLocale(request),
+                            "CMS_PROFILE_SUBJECT_NAME_NOT_FOUND"));
         }
         X500Name sn500 = null;
 
@@ -98,31 +94,31 @@ public class SubjectNameConstraint extends EnrollConstraint {
             sn500 = (X500Name) sn.get(CertificateSubjectName.DN_NAME);
         } catch (IOException e) {
             throw new ERejectException(
-                    CMS.getUserMessage(getLocale(request), 
-                        "CMS_PROFILE_SUBJECT_NAME_NOT_FOUND"));
+                    CMS.getUserMessage(getLocale(request),
+                            "CMS_PROFILE_SUBJECT_NAME_NOT_FOUND"));
         }
         if (sn500 == null) {
             CMS.debug("SubjectNameConstraint: validate() - sn500 is null");
             throw new ERejectException(
-                    CMS.getUserMessage(getLocale(request), 
-                        "CMS_PROFILE_SUBJECT_NAME_NOT_FOUND"));
+                    CMS.getUserMessage(getLocale(request),
+                            "CMS_PROFILE_SUBJECT_NAME_NOT_FOUND"));
         } else {
-            CMS.debug("SubjectNameConstraint: validate() - sn500 "+
-                  CertificateSubjectName.DN_NAME + " = "+
-                  sn500.toString()); 
+            CMS.debug("SubjectNameConstraint: validate() - sn500 " +
+                    CertificateSubjectName.DN_NAME + " = " +
+                    sn500.toString());
         }
         if (!sn500.toString().matches(getConfig(CONFIG_PATTERN))) {
-            CMS.debug("SubjectNameConstraint: validate() - sn500 not matching pattern "+ getConfig(CONFIG_PATTERN));
+            CMS.debug("SubjectNameConstraint: validate() - sn500 not matching pattern " + getConfig(CONFIG_PATTERN));
             throw new ERejectException(
-                    CMS.getUserMessage(getLocale(request), 
-                        "CMS_PROFILE_SUBJECT_NAME_NOT_MATCHED", 
-                        sn500.toString()));
+                    CMS.getUserMessage(getLocale(request),
+                            "CMS_PROFILE_SUBJECT_NAME_NOT_MATCHED",
+                            sn500.toString()));
         }
     }
 
     public String getText(Locale locale) {
-        return CMS.getUserMessage(locale, 
-                "CMS_PROFILE_CONSTRAINT_SUBJECT_NAME_TEXT", 
+        return CMS.getUserMessage(locale,
+                "CMS_PROFILE_CONSTRAINT_SUBJECT_NAME_TEXT",
                 getConfig(CONFIG_PATTERN));
     }
 
diff --git a/pki/base/common/src/com/netscape/cms/profile/constraint/UniqueKeyConstraint.java b/pki/base/common/src/com/netscape/cms/profile/constraint/UniqueKeyConstraint.java
index b47e2230..c242ffce 100644
--- a/pki/base/common/src/com/netscape/cms/profile/constraint/UniqueKeyConstraint.java
+++ b/pki/base/common/src/com/netscape/cms/profile/constraint/UniqueKeyConstraint.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.profile.constraint;
 
-
 import java.util.Enumeration;
 import java.util.Locale;
 
@@ -43,57 +42,53 @@ import com.netscape.certsrv.request.IRequest;
 import com.netscape.cms.profile.def.NoDefault;
 
 /**
- * This constraint is to check for publickey uniqueness.
- * The config param "allowSameKeyRenewal" enables the
- * situation where if the publickey is not unique, and if
- * the subject DN is the same, that is a "renewal".
- *
- * Another "feature" that is quoted out of this code is the
- * "revokeDupKeyCert" option, which enables the revocation
- * of certs that bear the same publickey as the enrolling
- * request.  Since this can potentially be abused, it is taken
- * out and preserved in comments to allow future refinement.
- *
+ * This constraint is to check for publickey uniqueness. The config param
+ * "allowSameKeyRenewal" enables the situation where if the publickey is not
+ * unique, and if the subject DN is the same, that is a "renewal".
+ * 
+ * Another "feature" that is quoted out of this code is the "revokeDupKeyCert"
+ * option, which enables the revocation of certs that bear the same publickey as
+ * the enrolling request. Since this can potentially be abused, it is taken out
+ * and preserved in comments to allow future refinement.
+ * 
  * @version $Revision$, $Date$
  */
 public class UniqueKeyConstraint extends EnrollConstraint {
-	/*
-	public static final String CONFIG_REVOKE_DUPKEY_CERT =
-		"revokeDupKeyCert";
-	boolean mRevokeDupKeyCert = false;
-	*/
-	public static final String CONFIG_ALLOW_SAME_KEY_RENEWAL =
-		"allowSameKeyRenewal";
-	boolean mAllowSameKeyRenewal = false;
+    /*
+     * public static final String CONFIG_REVOKE_DUPKEY_CERT =
+     * "revokeDupKeyCert"; boolean mRevokeDupKeyCert = false;
+     */
+    public static final String CONFIG_ALLOW_SAME_KEY_RENEWAL =
+            "allowSameKeyRenewal";
+    boolean mAllowSameKeyRenewal = false;
     public ICertificateAuthority mCA = null;
 
-	public UniqueKeyConstraint() {
-		super();
-		/*
-		addConfigName(CONFIG_REVOKE_DUPKEY_CERT);
-		*/
-		addConfigName(CONFIG_ALLOW_SAME_KEY_RENEWAL);
-	}
+    public UniqueKeyConstraint() {
+        super();
+        /*
+         * addConfigName(CONFIG_REVOKE_DUPKEY_CERT);
+         */
+        addConfigName(CONFIG_ALLOW_SAME_KEY_RENEWAL);
+    }
 
-	public void init(IProfile profile, IConfigStore config)
-        throws EProfileException {
+    public void init(IProfile profile, IConfigStore config)
+            throws EProfileException {
         super.init(profile, config);
         mCA = (ICertificateAuthority)
-			CMS.getSubsystem(CMS.SUBSYSTEM_CA);
+                CMS.getSubsystem(CMS.SUBSYSTEM_CA);
     }
 
-    public IDescriptor getConfigDescriptor(Locale locale, String name)
-	{
-		/*
-		if (name.equals(CONFIG_REVOKE_DUPKEY_CERT)) {
-			return new Descriptor(IDescriptor.BOOLEAN, null, "false",
-				  CMS.getUserMessage(locale, "CMS_PROFILE_CONFIG_REVOKE_DUPKEY_CERT"));
-		}
-		*/
-		if (name.equals(CONFIG_ALLOW_SAME_KEY_RENEWAL)) {
-			return new Descriptor(IDescriptor.BOOLEAN, null, "false",
-				  CMS.getUserMessage(locale, "CMS_PROFILE_CONFIG_ALLOW_SAME_KEY_RENEWAL"));
-		}
+    public IDescriptor getConfigDescriptor(Locale locale, String name) {
+        /*
+         * if (name.equals(CONFIG_REVOKE_DUPKEY_CERT)) { return new
+         * Descriptor(IDescriptor.BOOLEAN, null, "false",
+         * CMS.getUserMessage(locale, "CMS_PROFILE_CONFIG_REVOKE_DUPKEY_CERT"));
+         * }
+         */
+        if (name.equals(CONFIG_ALLOW_SAME_KEY_RENEWAL)) {
+            return new Descriptor(IDescriptor.BOOLEAN, null, "false",
+                    CMS.getUserMessage(locale, "CMS_PROFILE_CONFIG_ALLOW_SAME_KEY_RENEWAL"));
+        }
         return null;
     }
 
@@ -102,173 +97,159 @@ public class UniqueKeyConstraint extends EnrollConstraint {
     }
 
     /**
-     * Validates the request. The request is not modified
-     * during the validation.
+     * Validates the request. The request is not modified during the validation.
      */
     public void validate(IRequest request, X509CertInfo info)
-        throws ERejectException { 
-		boolean rejected = false;
-		int size = 0;
-		ICertRecordList list;
+            throws ERejectException {
+        boolean rejected = false;
+        int size = 0;
+        ICertRecordList list;
 
-		/*
-		mRevokeDupKeyCert =
- getConfigBoolean(CONFIG_REVOKE_DUPKEY_CERT);
-		*/
-		mAllowSameKeyRenewal = getConfigBoolean(CONFIG_ALLOW_SAME_KEY_RENEWAL);
+        /*
+         * mRevokeDupKeyCert = getConfigBoolean(CONFIG_REVOKE_DUPKEY_CERT);
+         */
+        mAllowSameKeyRenewal = getConfigBoolean(CONFIG_ALLOW_SAME_KEY_RENEWAL);
 
         try {
             CertificateX509Key infokey = (CertificateX509Key)
-                info.get(X509CertInfo.KEY);
+                    info.get(X509CertInfo.KEY);
             X509Key key = (X509Key)
-				infokey.get(CertificateX509Key.KEY);
+                    infokey.get(CertificateX509Key.KEY);
 
-			// check for key uniqueness
-			byte pub[] = key.getEncoded();
-			String pub_s = escapeBinaryData(pub);
-			String filter = "(" + ICertRecord.ATTR_X509CERT_PUBLIC_KEY_DATA +"=" + pub_s + ")";
-			list =
-				(ICertRecordList)
-				mCA.getCertificateRepository().findCertRecordsInList(filter, null, 10);
-			size = list.getSize();
+            // check for key uniqueness
+            byte pub[] = key.getEncoded();
+            String pub_s = escapeBinaryData(pub);
+            String filter = "(" + ICertRecord.ATTR_X509CERT_PUBLIC_KEY_DATA + "=" + pub_s + ")";
+            list =
+                    (ICertRecordList)
+                    mCA.getCertificateRepository().findCertRecordsInList(filter, null, 10);
+            size = list.getSize();
 
         } catch (Exception e) {
-                throw new ERejectException(	
+            throw new ERejectException(
                         CMS.getUserMessage(
-                            getLocale(request),
-                            "CMS_PROFILE_INTERNAL_ERROR",e.toString()));
-		}
-
-		/*
-		 * It does not matter if the corresponding cert's status
-		 * is valid or not, we don't want a key that was once
-		 * generated before
-		 */
-		if (size > 0) {
-			CMS.debug("UniqueKeyConstraint: found existing cert with duplicate key.");
-
-		/*
-		    The following code revokes the existing certs that have
-			the same public key as the one submitted for enrollment
-			request.  However, it is not a good idea due to possible
-			abuse.  It is therefore commented out.  It is still
-			however still maintained for possible utilization at later
-			time
-
-			// if configured to revoke duplicated key
-			//    revoke cert
-			if (mRevokeDupKeyCert) {
-				try {
-					Enumeration e = list.getCertRecords(0, size-1);
-					while (e != null && e.hasMoreElements()) {
-						ICertRecord rec = (ICertRecord) e.nextElement();
-						X509CertImpl cert = rec.getCertificate();
-
-						// revoke the cert
-						BigInteger serialNum = cert.getSerialNumber();
-						ICAService service = (ICAService) mCA.getCAService();
-
-						RevokedCertImpl crlEntry = 
-							formCRLEntry(serialNum, RevocationReason.KEY_COMPROMISE);
-						service.revokeCert(crlEntry);
-						CMS.debug("UniqueKeyConstraint: certificate with duplicate publickey revoked successfully");
-					}
-				} catch (Exception ex) {
-					CMS.debug("UniqueKeyConstraint: error in revoke dupkey cert");
-				}
-			} // revoke dupkey cert turned on
-		*/
-
-			if (mAllowSameKeyRenewal == true) {
-				X500Name sjname_in_db = null;
-				X500Name sjname_in_req = null;
-
-				try {
-					// get subject of request
-					CertificateSubjectName subName = 
-						(CertificateSubjectName) info.get(X509CertInfo.SUBJECT);
-
-					if (subName != null) {
-
-						sjname_in_req =
-							(X500Name) subName.get(CertificateSubjectName.DN_NAME);
-						CMS.debug("UniqueKeyConstraint: cert request subject DN ="+ sjname_in_req.toString());
-						Enumeration e = list.getCertRecords(0, size-1);
-						while (e != null && e.hasMoreElements()) {
-							ICertRecord rec = (ICertRecord) e.nextElement();
-							X509CertImpl cert = rec.getCertificate();
-							String certDN =
-								cert.getSubjectDN().toString();
-						CMS.debug("UniqueKeyConstraint: cert retrieved from ldap has subject DN ="+ certDN);
-
-							sjname_in_db = new X500Name(certDN);
-
-							if (sjname_in_db.equals(sjname_in_req) == false) {
-								rejected = true;
-								break;
-							} else {
-								rejected = false;
-							}
-						} // while
-					} else { //subName is null
-						rejected = true;
-					}
-				} catch (Exception ex1) {
-					CMS.debug("UniqueKeyConstraint: error in allowSameKeyRenewal: "+ex1.toString());
-					rejected = true;
-				} // try
-
-			} else {
-				rejected = true;
-			}// allowSameKeyRenewal
-		} // (size > 0)
+                                getLocale(request),
+                                "CMS_PROFILE_INTERNAL_ERROR", e.toString()));
+        }
 
-		if (rejected == true) {
-			CMS.debug("UniqueKeyConstraint: rejected");
-			throw new ERejectException(	
-						   CMS.getUserMessage(
-						  getLocale(request),
-						  "CMS_PROFILE_DUPLICATE_KEY"));
-		} else {
-			CMS.debug("UniqueKeyConstraint: approved");
-		}
+        /*
+         * It does not matter if the corresponding cert's status is valid or
+         * not, we don't want a key that was once generated before
+         */
+        if (size > 0) {
+            CMS.debug("UniqueKeyConstraint: found existing cert with duplicate key.");
+
+            /*
+             * The following code revokes the existing certs that have the same
+             * public key as the one submitted for enrollment request. However,
+             * it is not a good idea due to possible abuse. It is therefore
+             * commented out. It is still however still maintained for possible
+             * utilization at later time
+             * 
+             * // if configured to revoke duplicated key // revoke cert if
+             * (mRevokeDupKeyCert) { try { Enumeration e =
+             * list.getCertRecords(0, size-1); while (e != null &&
+             * e.hasMoreElements()) { ICertRecord rec = (ICertRecord)
+             * e.nextElement(); X509CertImpl cert = rec.getCertificate();
+             * 
+             * // revoke the cert BigInteger serialNum = cert.getSerialNumber();
+             * ICAService service = (ICAService) mCA.getCAService();
+             * 
+             * RevokedCertImpl crlEntry = formCRLEntry(serialNum,
+             * RevocationReason.KEY_COMPROMISE); service.revokeCert(crlEntry);
+             * CMS.debug(
+             * "UniqueKeyConstraint: certificate with duplicate publickey revoked successfully"
+             * ); } } catch (Exception ex) {
+             * CMS.debug("UniqueKeyConstraint: error in revoke dupkey cert"); }
+             * } // revoke dupkey cert turned on
+             */
+
+            if (mAllowSameKeyRenewal == true) {
+                X500Name sjname_in_db = null;
+                X500Name sjname_in_req = null;
+
+                try {
+                    // get subject of request
+                    CertificateSubjectName subName =
+                            (CertificateSubjectName) info.get(X509CertInfo.SUBJECT);
+
+                    if (subName != null) {
+
+                        sjname_in_req =
+                                (X500Name) subName.get(CertificateSubjectName.DN_NAME);
+                        CMS.debug("UniqueKeyConstraint: cert request subject DN =" + sjname_in_req.toString());
+                        Enumeration e = list.getCertRecords(0, size - 1);
+                        while (e != null && e.hasMoreElements()) {
+                            ICertRecord rec = (ICertRecord) e.nextElement();
+                            X509CertImpl cert = rec.getCertificate();
+                            String certDN =
+                                    cert.getSubjectDN().toString();
+                            CMS.debug("UniqueKeyConstraint: cert retrieved from ldap has subject DN =" + certDN);
+
+                            sjname_in_db = new X500Name(certDN);
+
+                            if (sjname_in_db.equals(sjname_in_req) == false) {
+                                rejected = true;
+                                break;
+                            } else {
+                                rejected = false;
+                            }
+                        } // while
+                    } else { // subName is null
+                        rejected = true;
+                    }
+                } catch (Exception ex1) {
+                    CMS.debug("UniqueKeyConstraint: error in allowSameKeyRenewal: " + ex1.toString());
+                    rejected = true;
+                } // try
+
+            } else {
+                rejected = true;
+            }// allowSameKeyRenewal
+        } // (size > 0)
+
+        if (rejected == true) {
+            CMS.debug("UniqueKeyConstraint: rejected");
+            throw new ERejectException(
+                           CMS.getUserMessage(
+                                   getLocale(request),
+                                   "CMS_PROFILE_DUPLICATE_KEY"));
+        } else {
+            CMS.debug("UniqueKeyConstraint: approved");
+        }
     }
 
-   /**
+    /**
      * make a CRL entry from a serial number and revocation reason.
+     * 
      * @return a RevokedCertImpl that can be entered in a CRL.
-
-    protected RevokedCertImpl formCRLEntry(
-        BigInteger serialNo, RevocationReason reason)
-        throws EBaseException {
-        CRLReasonExtension reasonExt = new CRLReasonExtension(reason);
-        CRLExtensions crlentryexts = new CRLExtensions();
-
-        try {
-            crlentryexts.set(CRLReasonExtension.NAME, reasonExt);
-        } catch (IOException e) {
-                CMS.debug("CMSGW_ERR_CRL_REASON "+e.toString());
-
-				//            throw new ECMSGWException(
-				//  CMS.getLogMessage("CMSGW_ERROR_SETTING_CRLREASON"));
-
-        }
-        RevokedCertImpl crlentry =
-            new RevokedCertImpl(serialNo, CMS.getCurrentDate(),
-								crlentryexts);
-
-        return crlentry;
-    }
-   */
+     * 
+     *         protected RevokedCertImpl formCRLEntry( BigInteger serialNo,
+     *         RevocationReason reason) throws EBaseException {
+     *         CRLReasonExtension reasonExt = new CRLReasonExtension(reason);
+     *         CRLExtensions crlentryexts = new CRLExtensions();
+     * 
+     *         try { crlentryexts.set(CRLReasonExtension.NAME, reasonExt); }
+     *         catch (IOException e) {
+     *         CMS.debug("CMSGW_ERR_CRL_REASON "+e.toString());
+     * 
+     *         // throw new ECMSGWException( //
+     *         CMS.getLogMessage("CMSGW_ERROR_SETTING_CRLREASON"));
+     * 
+     *         } RevokedCertImpl crlentry = new RevokedCertImpl(serialNo,
+     *         CMS.getCurrentDate(), crlentryexts);
+     * 
+     *         return crlentry; }
+     */
 
     public String getText(Locale locale) {
         String params[] = {
-/*
-                getConfig(CONFIG_REVOKE_DUPKEY_CERT),
-*/
-             };
+        /*
+         * getConfig(CONFIG_REVOKE_DUPKEY_CERT),
+         */
+        };
 
-        return CMS.getUserMessage(locale, 
+        return CMS.getUserMessage(locale,
                 "CMS_PROFILE_CONSTRAINT_ALLOW_SAME_KEY_RENEWAL_TEXT", params);
     }
 
@@ -285,12 +266,12 @@ public class UniqueKeyConstraint extends EnrollConstraint {
     }
 
     public boolean isApplicable(IPolicyDefault def) {
-		if (def instanceof NoDefault)
-			return true;
+        if (def instanceof NoDefault)
+            return true;
         if (def instanceof UniqueKeyConstraint)
             return true;
 
-		return false;
+        return false;
     }
 
 }
diff --git a/pki/base/common/src/com/netscape/cms/profile/constraint/UniqueSubjectNameConstraint.java b/pki/base/common/src/com/netscape/cms/profile/constraint/UniqueSubjectNameConstraint.java
index 72498d39..b59e6e30 100644
--- a/pki/base/common/src/com/netscape/cms/profile/constraint/UniqueSubjectNameConstraint.java
+++ b/pki/base/common/src/com/netscape/cms/profile/constraint/UniqueSubjectNameConstraint.java
@@ -51,17 +51,16 @@ import com.netscape.cms.profile.def.SubjectNameDefault;
 import com.netscape.cms.profile.def.UserSubjectNameDefault;
 
 /**
- * This class implements the unique subject name constraint.
- * It checks if the subject name in the certificate is
- * unique in the internal database, ie, no two certificates
- * have the same subject name.
- *
+ * This class implements the unique subject name constraint. It checks if the
+ * subject name in the certificate is unique in the internal database, ie, no
+ * two certificates have the same subject name.
+ * 
  * @version $Revision$, $Date$
  */
 public class UniqueSubjectNameConstraint extends EnrollConstraint {
 
     public static final String CONFIG_KEY_USAGE_EXTENSION_CHECKING =
-        "enableKeyUsageExtensionChecking";
+            "enableKeyUsageExtensionChecking";
     private boolean mKeyUsageExtensionChecking = true;
 
     public UniqueSubjectNameConstraint() {
@@ -69,14 +68,14 @@ public class UniqueSubjectNameConstraint extends EnrollConstraint {
     }
 
     public void init(IProfile profile, IConfigStore config)
-        throws EProfileException {
+            throws EProfileException {
         super.init(profile, config);
     }
 
-    public IDescriptor getConfigDescriptor(Locale locale, String name) { 
+    public IDescriptor getConfigDescriptor(Locale locale, String name) {
         if (name.equals(CONFIG_KEY_USAGE_EXTENSION_CHECKING)) {
             return new Descriptor(IDescriptor.BOOLEAN, null, "true",
-                CMS.getUserMessage(locale, "CMS_PROFILE_CONFIG_KEY_USAGE_EXTENSION_CHECKING"));
+                    CMS.getUserMessage(locale, "CMS_PROFILE_CONFIG_KEY_USAGE_EXTENSION_CHECKING"));
         }
         return null;
     }
@@ -85,12 +84,12 @@ public class UniqueSubjectNameConstraint extends EnrollConstraint {
         return null;
     }
 
-     /**
-      * Checks if the key extension in the issued certificate
-      * is the same as the one in the certificate template.
-      */
+    /**
+     * Checks if the key extension in the issued certificate is the same as the
+     * one in the certificate template.
+     */
     private boolean sameKeyUsageExtension(ICertRecord rec,
-        X509CertInfo certInfo) {
+            X509CertInfo certInfo) {
         X509CertImpl impl = rec.getCertificate();
         boolean bits[] = impl.getKeyUsage();
 
@@ -98,7 +97,7 @@ public class UniqueSubjectNameConstraint extends EnrollConstraint {
 
         try {
             extensions = (CertificateExtensions)
-            certInfo.get(X509CertInfo.EXTENSIONS);
+                    certInfo.get(X509CertInfo.EXTENSIONS);
         } catch (IOException e) {
         } catch (java.security.cert.CertificateException e) {
         }
@@ -110,9 +109,9 @@ public class UniqueSubjectNameConstraint extends EnrollConstraint {
         } else {
             try {
                 ext = (KeyUsageExtension) extensions.get(
-                    KeyUsageExtension.class.getSimpleName());
+                        KeyUsageExtension.class.getSimpleName());
             } catch (IOException e) {
-            // extension isn't there.
+                // extension isn't there.
             }
 
             if (ext == null) {
@@ -135,48 +134,46 @@ public class UniqueSubjectNameConstraint extends EnrollConstraint {
                             return false;
                     }
                 }
-            } 
+            }
         }
-        return true; 
+        return true;
     }
 
-
     /**
-     * Validates the request. The request is not modified
-     * during the validation.
-     *
-     * Rules are as follows: 
-     * If the subject name is not unique, then the request will be rejected unless:
-     * 1. the certificate is expired or expired_revoked
+     * Validates the request. The request is not modified during the validation.
+     * 
+     * Rules are as follows: If the subject name is not unique, then the request
+     * will be rejected unless: 1. the certificate is expired or expired_revoked
      * 2. the certificate is revoked and the revocation reason is not "on hold"
-     * 3. the keyUsageExtension bits are different and enableKeyUsageExtensionChecking=true (default)
+     * 3. the keyUsageExtension bits are different and
+     * enableKeyUsageExtensionChecking=true (default)
      */
     public void validate(IRequest request, X509CertInfo info)
-        throws ERejectException {
+            throws ERejectException {
         CMS.debug("UniqueSubjectNameConstraint: validate start");
         CertificateSubjectName sn = null;
-        IAuthority authority = (IAuthority)CMS.getSubsystem("ca");
-       
+        IAuthority authority = (IAuthority) CMS.getSubsystem("ca");
+
         mKeyUsageExtensionChecking = getConfigBoolean(CONFIG_KEY_USAGE_EXTENSION_CHECKING);
         ICertificateRepository certdb = null;
         if (authority != null && authority instanceof ICertificateAuthority) {
-            ICertificateAuthority ca = (ICertificateAuthority)authority;
+            ICertificateAuthority ca = (ICertificateAuthority) authority;
             certdb = ca.getCertificateRepository();
         }
-            
+
         try {
             sn = (CertificateSubjectName) info.get(X509CertInfo.SUBJECT);
         } catch (Exception e) {
             throw new ERejectException(
-                    CMS.getUserMessage(getLocale(request), 
-                        "CMS_PROFILE_SUBJECT_NAME_NOT_FOUND"));
+                    CMS.getUserMessage(getLocale(request),
+                            "CMS_PROFILE_SUBJECT_NAME_NOT_FOUND"));
         }
 
         String certsubjectname = null;
         if (sn == null)
             throw new ERejectException(
-                    CMS.getUserMessage(getLocale(request), 
-                        "CMS_PROFILE_SUBJECT_NAME_NOT_FOUND"));
+                    CMS.getUserMessage(getLocale(request),
+                            "CMS_PROFILE_SUBJECT_NAME_NOT_FOUND"));
         else {
             certsubjectname = sn.toString();
             String filter = "x509Cert.subject=" + certsubjectname;
@@ -184,10 +181,10 @@ public class UniqueSubjectNameConstraint extends EnrollConstraint {
             try {
                 sameSubjRecords = certdb.findCertRecords(filter);
             } catch (EBaseException e) {
-                CMS.debug("UniqueSubjectNameConstraint exception: "+e.toString());
+                CMS.debug("UniqueSubjectNameConstraint exception: " + e.toString());
             }
             while (sameSubjRecords != null && sameSubjRecords.hasMoreElements()) {
-                ICertRecord rec =  sameSubjRecords.nextElement();
+                ICertRecord rec = sameSubjRecords.nextElement();
                 String status = rec.getStatus();
 
                 IRevocationInfo revocationInfo = rec.getRevocationInfo();
@@ -200,7 +197,7 @@ public class UniqueSubjectNameConstraint extends EnrollConstraint {
                         Enumeration<Extension> enumx = crlExts.getElements();
 
                         while (enumx.hasMoreElements()) {
-                            Extension ext =  enumx.nextElement();
+                            Extension ext = enumx.nextElement();
 
                             if (ext instanceof CRLReasonExtension) {
                                 reason = ((CRLReasonExtension) ext).getReason();
@@ -213,8 +210,8 @@ public class UniqueSubjectNameConstraint extends EnrollConstraint {
                     continue;
                 }
 
-                if (status.equals(ICertRecord.STATUS_REVOKED) && reason != null && 
-                    (! reason.equals(RevocationReason.CERTIFICATE_HOLD))) {
+                if (status.equals(ICertRecord.STATUS_REVOKED) && reason != null &&
+                        (!reason.equals(RevocationReason.CERTIFICATE_HOLD))) {
                     continue;
                 }
 
@@ -223,20 +220,20 @@ public class UniqueSubjectNameConstraint extends EnrollConstraint {
                 }
 
                 throw new ERejectException(
-                  CMS.getUserMessage(getLocale(request),
-                  "CMS_PROFILE_SUBJECT_NAME_NOT_UNIQUE",
-                  certsubjectname));
+                        CMS.getUserMessage(getLocale(request),
+                                "CMS_PROFILE_SUBJECT_NAME_NOT_UNIQUE",
+                                certsubjectname));
             }
         }
-	CMS.debug("UniqueSubjectNameConstraint: validate end");
+        CMS.debug("UniqueSubjectNameConstraint: validate end");
     }
 
     public String getText(Locale locale) {
         String params[] = {
-            getConfig(CONFIG_KEY_USAGE_EXTENSION_CHECKING)
+                getConfig(CONFIG_KEY_USAGE_EXTENSION_CHECKING)
         };
-        return CMS.getUserMessage(locale, 
-                "CMS_PROFILE_CONSTRAINT_UNIQUE_SUBJECT_NAME_TEXT", 
+        return CMS.getUserMessage(locale,
+                "CMS_PROFILE_CONSTRAINT_UNIQUE_SUBJECT_NAME_TEXT",
                 params);
     }
 
diff --git a/pki/base/common/src/com/netscape/cms/profile/constraint/ValidityConstraint.java b/pki/base/common/src/com/netscape/cms/profile/constraint/ValidityConstraint.java
index 95c32221..c839cb5d 100644
--- a/pki/base/common/src/com/netscape/cms/profile/constraint/ValidityConstraint.java
+++ b/pki/base/common/src/com/netscape/cms/profile/constraint/ValidityConstraint.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.profile.constraint;
 
-
 import java.io.IOException;
 import java.util.Date;
 import java.util.Locale;
@@ -40,12 +39,10 @@ import com.netscape.cms.profile.def.NoDefault;
 import com.netscape.cms.profile.def.UserValidityDefault;
 import com.netscape.cms.profile.def.ValidityDefault;
 
-
 /**
- * This class implements the validity constraint.
- * It checks if the validity in the certificate
- * template satisfies the criteria.
- *
+ * This class implements the validity constraint. It checks if the validity in
+ * the certificate template satisfies the criteria.
+ * 
  * @version $Revision$, $Date$
  */
 public class ValidityConstraint extends EnrollConstraint {
@@ -68,20 +65,20 @@ public class ValidityConstraint extends EnrollConstraint {
     }
 
     public void init(IProfile profile, IConfigStore config)
-        throws EProfileException {
+            throws EProfileException {
         super.init(profile, config);
     }
 
     public void setConfig(String name, String value)
-        throws EPropertyException {
+            throws EPropertyException {
         if (name.equals(CONFIG_RANGE) ||
-            name.equals(CONFIG_NOT_BEFORE_GRACE_PERIOD)) {
-          try {
-            Integer.parseInt(value);
-          } catch (Exception e) {
+                name.equals(CONFIG_NOT_BEFORE_GRACE_PERIOD)) {
+            try {
+                Integer.parseInt(value);
+            } catch (Exception e) {
                 throw new EPropertyException(CMS.getUserMessage(
                             "CMS_INVALID_PROPERTY", name));
-          }
+            }
         }
         super.setConfig(name, value);
     }
@@ -104,11 +101,10 @@ public class ValidityConstraint extends EnrollConstraint {
     }
 
     /**
-     * Validates the request. The request is not modified
-     * during the validation.
+     * Validates the request. The request is not modified during the validation.
      */
     public void validate(IRequest request, X509CertInfo info)
-        throws ERejectException {
+            throws ERejectException {
         CertificateValidity v = null;
 
         try {
@@ -144,22 +140,22 @@ public class ValidityConstraint extends EnrollConstraint {
 
         long millisDiff = notAfter.getTime() - notBefore.getTime();
         CMS.debug("ValidityConstraint: millisDiff=" + millisDiff + " notAfter=" + notAfter.getTime() + " notBefore=" + notBefore.getTime());
-        long long_days = (millisDiff / 1000 ) / 86400;
-        CMS.debug("ValidityConstraint: long_days: "+long_days);
-        int days = (int)long_days;
-        CMS.debug("ValidityConstraint: days: "+days);
+        long long_days = (millisDiff / 1000) / 86400;
+        CMS.debug("ValidityConstraint: long_days: " + long_days);
+        int days = (int) long_days;
+        CMS.debug("ValidityConstraint: days: " + days);
 
         if (days > Integer.parseInt(getConfig(CONFIG_RANGE))) {
             throw new ERejectException(CMS.getUserMessage(getLocale(request),
-                        "CMS_PROFILE_VALIDITY_OUT_OF_RANGE", 
+                        "CMS_PROFILE_VALIDITY_OUT_OF_RANGE",
                         Integer.toString(days)));
         }
 
-        // 613828 
-        // The validity field shall specify a notBefore value 
-        // that does not precede the current time and a notAfter 
-        // value that does not precede the value specified in 
-        // notBefore (test can be automated; try entering violating 
+        // 613828
+        // The validity field shall specify a notBefore value
+        // that does not precede the current time and a notAfter
+        // value that does not precede the value specified in
+        // notBefore (test can be automated; try entering violating
         // time values and check result).
         String notBeforeCheckStr = getConfig(CONFIG_CHECK_NOT_BEFORE);
         boolean notBeforeCheck;
@@ -167,7 +163,7 @@ public class ValidityConstraint extends EnrollConstraint {
         if (notBeforeCheckStr == null || notBeforeCheckStr.equals("")) {
             notBeforeCheckStr = "false";
         }
-        notBeforeCheck = Boolean.valueOf(notBeforeCheckStr).booleanValue(); 
+        notBeforeCheck = Boolean.valueOf(notBeforeCheckStr).booleanValue();
 
         String notAfterCheckStr = getConfig(CONFIG_CHECK_NOT_AFTER);
         boolean notAfterCheck;
@@ -175,7 +171,7 @@ public class ValidityConstraint extends EnrollConstraint {
         if (notAfterCheckStr == null || notAfterCheckStr.equals("")) {
             notAfterCheckStr = "false";
         }
-        notAfterCheck = Boolean.valueOf(notAfterCheckStr).booleanValue(); 
+        notAfterCheck = Boolean.valueOf(notAfterCheckStr).booleanValue();
 
         String notBeforeGracePeriodStr = getConfig(CONFIG_NOT_BEFORE_GRACE_PERIOD);
         if (notBeforeGracePeriodStr == null || notBeforeGracePeriodStr.equals("")) {
@@ -186,7 +182,7 @@ public class ValidityConstraint extends EnrollConstraint {
         Date current = CMS.getCurrentDate();
         if (notBeforeCheck) {
             if (notBefore.getTime() > (current.getTime() + notBeforeGracePeriod)) {
-                CMS.debug("ValidityConstraint: notBefore (" + notBefore + ") > current + "+
+                CMS.debug("ValidityConstraint: notBefore (" + notBefore + ") > current + " +
                           "gracePeriod (" + new Date(current.getTime() + notBeforeGracePeriod) + ")");
                 throw new ERejectException(CMS.getUserMessage(getLocale(request),
                             "CMS_PROFILE_NOT_BEFORE_AFTER_CURRENT"));
diff --git a/pki/base/common/src/com/netscape/cms/profile/def/AuthInfoAccessExtDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/AuthInfoAccessExtDefault.java
index 6f73cd52..732d4640 100644
--- a/pki/base/common/src/com/netscape/cms/profile/def/AuthInfoAccessExtDefault.java
+++ b/pki/base/common/src/com/netscape/cms/profile/def/AuthInfoAccessExtDefault.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.profile.def;
 
-
 import java.io.IOException;
 import java.util.Enumeration;
 import java.util.Locale;
@@ -40,11 +39,10 @@ import com.netscape.certsrv.property.EPropertyException;
 import com.netscape.certsrv.property.IDescriptor;
 import com.netscape.certsrv.request.IRequest;
 
-
 /**
- * This class implements an enrollment default policy 
- * that populates Authuority Info Access extension.
- *
+ * This class implements an enrollment default policy that populates Authuority
+ * Info Access extension.
+ * 
  * @version $Revision$, $Date$
  */
 public class AuthInfoAccessExtDefault extends EnrollExtDefault {
@@ -89,30 +87,30 @@ public class AuthInfoAccessExtDefault extends EnrollExtDefault {
 
         return num;
     }
- 
+
     public void init(IProfile profile, IConfigStore config)
-        throws EProfileException {
+            throws EProfileException {
         super.init(profile, config);
         refreshConfigAndValueNames();
     }
 
     public void setConfig(String name, String value)
-        throws EPropertyException {
+            throws EPropertyException {
         int num = 0;
         if (name.equals(CONFIG_NUM_ADS)) {
-          try {
-            num = Integer.parseInt(value);
+            try {
+                num = Integer.parseInt(value);
 
-            if (num >= MAX_NUM_AD || num < 0) {
-                throw new EPropertyException(CMS.getUserMessage(
+                if (num >= MAX_NUM_AD || num < 0) {
+                    throw new EPropertyException(CMS.getUserMessage(
                             "CMS_INVALID_PROPERTY", CONFIG_NUM_ADS));
-            }
- 
-          } catch (Exception e) {
+                }
+
+            } catch (Exception e) {
                 throw new EPropertyException(CMS.getUserMessage(
                             "CMS_INVALID_PROPERTY", CONFIG_NUM_ADS));
-          }
-        } 
+            }
+        }
         super.setConfig(name, value);
     }
 
@@ -122,7 +120,7 @@ public class AuthInfoAccessExtDefault extends EnrollExtDefault {
     }
 
     protected void refreshConfigAndValueNames() {
-        //refesh our config name list
+        // refesh our config name list
 
         super.refreshConfigAndValueNames();
         mConfigNames.removeAllElements();
@@ -142,42 +140,42 @@ public class AuthInfoAccessExtDefault extends EnrollExtDefault {
         }
     }
 
-    public IDescriptor getConfigDescriptor(Locale locale, String name) { 
+    public IDescriptor getConfigDescriptor(Locale locale, String name) {
         if (name.equals(CONFIG_CRITICAL)) {
-            return new Descriptor(IDescriptor.BOOLEAN, null, 
+            return new Descriptor(IDescriptor.BOOLEAN, null,
                     "false",
                     CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL"));
         } else if (name.startsWith(CONFIG_AD_METHOD)) {
-            return new Descriptor(IDescriptor.STRING, null, 
+            return new Descriptor(IDescriptor.STRING, null,
                     null,
                     CMS.getUserMessage(locale, "CMS_PROFILE_AD_METHOD"));
         } else if (name.startsWith(CONFIG_AD_LOCATIONTYPE)) {
-            return new Descriptor(IDescriptor.CHOICE, "RFC822Name,DNSName,DirectoryName,EDIPartyName,URIName,IPAddress,OIDName", 
+            return new Descriptor(IDescriptor.CHOICE, "RFC822Name,DNSName,DirectoryName,EDIPartyName,URIName,IPAddress,OIDName",
                     "URIName",
                     CMS.getUserMessage(locale, "CMS_PROFILE_AD_LOCATIONTYPE"));
         } else if (name.startsWith(CONFIG_AD_LOCATION)) {
-            return new Descriptor(IDescriptor.STRING, null, 
+            return new Descriptor(IDescriptor.STRING, null,
                     null,
                     CMS.getUserMessage(locale, "CMS_PROFILE_AD_LOCATION"));
         } else if (name.startsWith(CONFIG_AD_ENABLE)) {
-            return new Descriptor(IDescriptor.BOOLEAN, null, 
+            return new Descriptor(IDescriptor.BOOLEAN, null,
                     "false",
                     CMS.getUserMessage(locale, "CMS_PROFILE_AD_ENABLE"));
         } else if (name.startsWith(CONFIG_NUM_ADS)) {
             return new Descriptor(IDescriptor.INTEGER, null,
                     "1",
                     CMS.getUserMessage(locale, "CMS_PROFILE_NUM_ADS"));
-        } 
+        }
         return null;
     }
 
     public IDescriptor getValueDescriptor(Locale locale, String name) {
         if (name.equals(VAL_CRITICAL)) {
-            return new Descriptor(IDescriptor.BOOLEAN, null, 
+            return new Descriptor(IDescriptor.BOOLEAN, null,
                     "false",
                     CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL"));
         } else if (name.equals(VAL_GENERAL_NAMES)) {
-            return new Descriptor(IDescriptor.STRING_LIST, null, 
+            return new Descriptor(IDescriptor.STRING_LIST, null,
                     null,
                     CMS.getUserMessage(locale, "CMS_PROFILE_GENERAL_NAMES"));
         } else {
@@ -186,45 +184,42 @@ public class AuthInfoAccessExtDefault extends EnrollExtDefault {
     }
 
     public void setValue(String name, Locale locale,
-        X509CertInfo info, String value)
-        throws EPropertyException {
+            X509CertInfo info, String value)
+            throws EPropertyException {
         try {
             AuthInfoAccessExtension ext = null;
 
-            if (name == null) { 
-                throw new EPropertyException(CMS.getUserMessage( 
+            if (name == null) {
+                throw new EPropertyException(CMS.getUserMessage(
                             locale, "CMS_INVALID_PROPERTY", name));
             }
 
-           
             AuthInfoAccessExtension a = new AuthInfoAccessExtension(false);
             ObjectIdentifier oid = a.getExtensionId();
 
             ext = (AuthInfoAccessExtension)
-                        getExtension(oid.toString(), info); 
+                        getExtension(oid.toString(), info);
 
-            if(ext == null)  {
-                populate(null,info);
+            if (ext == null) {
+                populate(null, info);
             }
- 
+
             if (name.equals(VAL_CRITICAL)) {
 
                 ext = (AuthInfoAccessExtension)
                         getExtension(oid.toString(), info);
                 boolean val = Boolean.valueOf(value).booleanValue();
 
-                if(ext == null)
-                {
+                if (ext == null) {
                     return;
                 }
-                ext.setCritical(val); 
-            } else if (name.equals(VAL_GENERAL_NAMES)) { 
+                ext.setCritical(val);
+            } else if (name.equals(VAL_GENERAL_NAMES)) {
 
                 ext = (AuthInfoAccessExtension)
                         getExtension(oid.toString(), info);
 
-                if(ext == null)
-                {
+                if (ext == null) {
                     return;
                 }
                 boolean critical = ext.isCritical();
@@ -263,17 +258,17 @@ public class AuthInfoAccessExtDefault extends EnrollExtDefault {
                             GeneralNameInterface interface1 = parseGeneralName(locationType + ":" + location);
                             if (interface1 == null)
                                 throw new EPropertyException(CMS.getUserMessage(
-                                  locale, "CMS_INVALID_PROPERTY", locationType));
+                                        locale, "CMS_INVALID_PROPERTY", locationType));
                             gn = new GeneralName(interface1);
                         }
-     
+
                         if (method != null) {
                             try {
-                                ext.addAccessDescription(new ObjectIdentifier(method), gn); 
+                                ext.addAccessDescription(new ObjectIdentifier(method), gn);
                             } catch (NumberFormatException ee) {
-                                CMS.debug("AuthInfoAccessExtDefault: "+ee.toString());
+                                CMS.debug("AuthInfoAccessExtDefault: " + ee.toString());
                                 throw new EPropertyException(CMS.getUserMessage(
-                                  locale, "CMS_PROFILE_DEF_AIA_OID", method));
+                                        locale, "CMS_PROFILE_DEF_AIA_OID", method));
                             }
                         }
                     }
@@ -296,30 +291,29 @@ public class AuthInfoAccessExtDefault extends EnrollExtDefault {
     }
 
     public String getValue(String name, Locale locale,
-        X509CertInfo info)
-        throws EPropertyException {
+            X509CertInfo info)
+            throws EPropertyException {
         AuthInfoAccessExtension ext = null;
 
-        if (name == null) { 
+        if (name == null) {
             throw new EPropertyException(CMS.getUserMessage(
                         locale, "CMS_INVALID_PROPERTY", name));
         }
 
         AuthInfoAccessExtension a = new AuthInfoAccessExtension(false);
-            ObjectIdentifier oid = a.getExtensionId();
+        ObjectIdentifier oid = a.getExtensionId();
 
         ext = (AuthInfoAccessExtension)
                     getExtension(oid.toString(), info);
 
-        if(ext == null)
-        {
+        if (ext == null) {
             try {
-                populate(null,info);
+                populate(null, info);
 
             } catch (EProfileException e) {
                 CMS.debug("AuthInfoAccessExtDefault: getValue " + e.toString());
-                 throw new EPropertyException(CMS.getUserMessage(
-                      locale, "CMS_INVALID_PROPERTY", name));
+                throw new EPropertyException(CMS.getUserMessage(
+                        locale, "CMS_INVALID_PROPERTY", name));
             }
 
         }
@@ -336,7 +330,7 @@ public class AuthInfoAccessExtDefault extends EnrollExtDefault {
             } else {
                 return "false";
             }
-        } else if (name.equals(VAL_GENERAL_NAMES)) { 
+        } else if (name.equals(VAL_GENERAL_NAMES)) {
 
             ext = (AuthInfoAccessExtension)
                     getExtension(oid.toString(), info);
@@ -345,11 +339,11 @@ public class AuthInfoAccessExtDefault extends EnrollExtDefault {
                 return "";
 
             int num = getNumAds();
-	
+
             CMS.debug("AuthInfoAccess num=" + num);
             Vector recs = new Vector();
 
-            for (int i = 0; i < num; i++) { 
+            for (int i = 0; i < num; i++) {
                 NameValuePairs np = new NameValuePairs();
                 AccessDescription des = null;
 
@@ -363,7 +357,7 @@ public class AuthInfoAccessExtDefault extends EnrollExtDefault {
                     np.add(AD_ENABLE, "false");
                 } else {
                     ObjectIdentifier methodOid = des.getMethod();
-                    GeneralName gn = des.getLocation(); 
+                    GeneralName gn = des.getLocation();
 
                     np.add(AD_METHOD, methodOid.toString());
                     np.add(AD_LOCATION_TYPE, getGeneralNameType(gn));
@@ -402,7 +396,7 @@ public class AuthInfoAccessExtDefault extends EnrollExtDefault {
             ads.append(getConfig(CONFIG_AD_ENABLE + i));
             ads.append("}");
         }
-        return CMS.getUserMessage(locale, "CMS_PROFILE_DEF_AIA_TEXT", 
+        return CMS.getUserMessage(locale, "CMS_PROFILE_DEF_AIA_TEXT",
                 getConfig(CONFIG_CRITICAL), ads.toString());
     }
 
@@ -410,14 +404,14 @@ public class AuthInfoAccessExtDefault extends EnrollExtDefault {
      * Populates the request with this policy default.
      */
     public void populate(IRequest request, X509CertInfo info)
-        throws EProfileException {
+            throws EProfileException {
         AuthInfoAccessExtension ext = createExtension();
 
         addExtension(ext.getExtensionId().toString(), ext, info);
     }
 
     public AuthInfoAccessExtension createExtension() {
-        AuthInfoAccessExtension ext = null; 
+        AuthInfoAccessExtension ext = null;
         int num = getNumAds();
 
         try {
@@ -439,22 +433,23 @@ public class AuthInfoAccessExtDefault extends EnrollExtDefault {
                             String hostname = CMS.getEENonSSLHost();
                             String port = CMS.getEENonSSLPort();
                             if (hostname != null && port != null)
-                                // location = "http://"+hostname+":"+port+"/ocsp/ee/ocsp";
-                                location = "http://"+hostname+":"+port+"/ca/ocsp";
+                                // location =
+                                // "http://"+hostname+":"+port+"/ocsp/ee/ocsp";
+                                location = "http://" + hostname + ":" + port + "/ca/ocsp";
                         }
                     }
 
                     String s = locationType + ":" + location;
                     GeneralNameInterface gn = parseGeneralName(s);
                     if (gn != null) {
-                      ext.addAccessDescription(new ObjectIdentifier(method), 
-                        new GeneralName(gn)); 
+                        ext.addAccessDescription(new ObjectIdentifier(method),
+                                new GeneralName(gn));
                     }
                 }
             }
         } catch (Exception e) {
-            CMS.debug("AuthInfoAccessExtDefault: createExtension " + 
-                e.toString());
+            CMS.debug("AuthInfoAccessExtDefault: createExtension " +
+                    e.toString());
         }
 
         return ext;
diff --git a/pki/base/common/src/com/netscape/cms/profile/def/AuthTokenSubjectNameDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/AuthTokenSubjectNameDefault.java
index a308e2eb..9226bb4c 100644
--- a/pki/base/common/src/com/netscape/cms/profile/def/AuthTokenSubjectNameDefault.java
+++ b/pki/base/common/src/com/netscape/cms/profile/def/AuthTokenSubjectNameDefault.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.profile.def;
 
-
 import java.io.IOException;
 import java.util.Locale;
 
@@ -35,11 +34,10 @@ import com.netscape.certsrv.property.EPropertyException;
 import com.netscape.certsrv.property.IDescriptor;
 import com.netscape.certsrv.request.IRequest;
 
-
 /**
- * This class implements an enrollment default policy that
- * populates subject name based on the attribute values
- * in the authentication token (AuthToken) object.
+ * This class implements an enrollment default policy that populates subject
+ * name based on the attribute values in the authentication token (AuthToken)
+ * object.
  * 
  * @version $Revision$, $Date$
  */
@@ -53,7 +51,7 @@ public class AuthTokenSubjectNameDefault extends EnrollDefault {
     }
 
     public void init(IProfile profile, IConfigStore config)
-        throws EProfileException {
+            throws EProfileException {
         super.init(profile, config);
     }
 
@@ -67,8 +65,8 @@ public class AuthTokenSubjectNameDefault extends EnrollDefault {
     }
 
     public void setValue(String name, Locale locale,
-        X509CertInfo info, String value)
-        throws EPropertyException {
+            X509CertInfo info, String value)
+            throws EPropertyException {
         CMS.debug("AuthTokenSubjectNameDefault: begins");
         if (name == null) {
             throw new EPropertyException(CMS.getUserMessage(locale,
@@ -81,18 +79,18 @@ public class AuthTokenSubjectNameDefault extends EnrollDefault {
                 x500name = new X500Name(value);
                 CMS.debug("AuthTokenSubjectNameDefault: setValue x500name=" + x500name.toString());
             } catch (IOException e) {
-                CMS.debug("AuthTokenSubjectNameDefault: setValue " + 
-                    e.toString());
+                CMS.debug("AuthTokenSubjectNameDefault: setValue " +
+                        e.toString());
                 // failed to build x500 name
             }
             CMS.debug("AuthTokenSubjectNameDefault: setValue name=" + x500name.toString());
             try {
-                info.set(X509CertInfo.SUBJECT, 
-                    new CertificateSubjectName(x500name));
+                info.set(X509CertInfo.SUBJECT,
+                        new CertificateSubjectName(x500name));
             } catch (Exception e) {
                 // failed to insert subject name
-                CMS.debug("AuthTokenSubjectNameDefault: setValue " + 
-                    e.toString());
+                CMS.debug("AuthTokenSubjectNameDefault: setValue " +
+                        e.toString());
             }
         } else {
             throw new EPropertyException(CMS.getUserMessage(locale,
@@ -101,8 +99,8 @@ public class AuthTokenSubjectNameDefault extends EnrollDefault {
     }
 
     public String getValue(String name, Locale locale,
-        X509CertInfo info)
-        throws EPropertyException {
+            X509CertInfo info)
+            throws EPropertyException {
         if (name == null)
             throw new EPropertyException("Invalid name " + name);
         if (name.equals(VAL_NAME)) {
@@ -114,8 +112,8 @@ public class AuthTokenSubjectNameDefault extends EnrollDefault {
                 return sn.toString();
             } catch (Exception e) {
                 // nothing
-                CMS.debug("AuthTokenSubjectNameDefault: getValue " + 
-                    e.toString());
+                CMS.debug("AuthTokenSubjectNameDefault: getValue " +
+                        e.toString());
             }
             throw new EPropertyException(CMS.getUserMessage(locale,
                         "CMS_INVALID_PROPERTY", name));
@@ -126,7 +124,7 @@ public class AuthTokenSubjectNameDefault extends EnrollDefault {
     }
 
     public String getText(Locale locale) {
-        return CMS.getUserMessage(locale, 
+        return CMS.getUserMessage(locale,
                 "CMS_PROFILE_DEF_AUTHTOKEN_SUBJECT_NAME");
     }
 
@@ -134,7 +132,7 @@ public class AuthTokenSubjectNameDefault extends EnrollDefault {
      * Populates the request with this policy default.
      */
     public void populate(IRequest request, X509CertInfo info)
-        throws EProfileException {
+            throws EProfileException {
 
         // authenticate the subject name and populate it
         // to the certinfo
diff --git a/pki/base/common/src/com/netscape/cms/profile/def/AuthorityKeyIdentifierExtDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/AuthorityKeyIdentifierExtDefault.java
index 869deed2..d6606c2b 100644
--- a/pki/base/common/src/com/netscape/cms/profile/def/AuthorityKeyIdentifierExtDefault.java
+++ b/pki/base/common/src/com/netscape/cms/profile/def/AuthorityKeyIdentifierExtDefault.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.profile.def;
 
-
 import java.io.IOException;
 import java.util.Locale;
 
@@ -35,12 +34,10 @@ import com.netscape.certsrv.property.EPropertyException;
 import com.netscape.certsrv.property.IDescriptor;
 import com.netscape.certsrv.request.IRequest;
 
-
 /**
- * This class implements an enrollment default policy
- * that populates Authority Key Identifier extension
- * into the certificate template.
- *
+ * This class implements an enrollment default policy that populates Authority
+ * Key Identifier extension into the certificate template.
+ * 
  * @version $Revision$, $Date$
  */
 public class AuthorityKeyIdentifierExtDefault extends CAEnrollDefault {
@@ -56,29 +53,29 @@ public class AuthorityKeyIdentifierExtDefault extends CAEnrollDefault {
     }
 
     public void init(IProfile profile, IConfigStore config)
-        throws EProfileException {
+            throws EProfileException {
         super.init(profile, config);
     }
 
     public IDescriptor getValueDescriptor(Locale locale, String name) {
         if (name.equals(VAL_CRITICAL)) {
-            return new Descriptor(IDescriptor.STRING, 
+            return new Descriptor(IDescriptor.STRING,
                     IDescriptor.READONLY, null, CMS.getUserMessage(locale,
-                        "CMS_PROFILE_CRITICAL"));
+                            "CMS_PROFILE_CRITICAL"));
         } else if (name.equals(VAL_KEY_ID)) {
-            return new Descriptor(IDescriptor.STRING, 
+            return new Descriptor(IDescriptor.STRING,
                     IDescriptor.READONLY, null, CMS.getUserMessage(locale,
-                        "CMS_PROFILE_KEY_ID"));
+                            "CMS_PROFILE_KEY_ID"));
         } else {
             return null;
         }
     }
 
     public void setValue(String name, Locale locale,
-        X509CertInfo info, String value)
-        throws EPropertyException {
-        if (name == null) { 
-            throw new EPropertyException(CMS.getUserMessage( 
+            X509CertInfo info, String value)
+            throws EPropertyException {
+        if (name == null) {
+            throw new EPropertyException(CMS.getUserMessage(
                         locale, "CMS_INVALID_PROPERTY", name));
         }
         if (name.equals(VAL_CRITICAL)) {
@@ -86,40 +83,38 @@ public class AuthorityKeyIdentifierExtDefault extends CAEnrollDefault {
         } else if (name.equals(VAL_KEY_ID)) {
             // do nothing for read only value
         } else {
-            throw new EPropertyException(CMS.getUserMessage( 
+            throw new EPropertyException(CMS.getUserMessage(
                         locale, "CMS_INVALID_PROPERTY", name));
         }
     }
 
     public String getValue(String name, Locale locale,
-        X509CertInfo info)
-        throws EPropertyException {
-        if (name == null) { 
-            throw new EPropertyException(CMS.getUserMessage( 
+            X509CertInfo info)
+            throws EPropertyException {
+        if (name == null) {
+            throw new EPropertyException(CMS.getUserMessage(
                         locale, "CMS_INVALID_PROPERTY", name));
         }
 
-
         AuthorityKeyIdentifierExtension ext =
                 (AuthorityKeyIdentifierExtension) getExtension(
-                    PKIXExtensions.AuthorityKey_Id.toString(), info);
+                        PKIXExtensions.AuthorityKey_Id.toString(), info);
 
-        if(ext == null)
-        {
+        if (ext == null) {
             try {
-                populate(null,info);
+                populate(null, info);
 
             } catch (EProfileException e) {
                 CMS.debug("BasicConstraintsExtDefault: getValue " + e.toString());
-                 throw new EPropertyException(CMS.getUserMessage(
-                      locale, "CMS_INVALID_PROPERTY", name));
+                throw new EPropertyException(CMS.getUserMessage(
+                        locale, "CMS_INVALID_PROPERTY", name));
             }
 
         }
         if (name.equals(VAL_CRITICAL)) {
-             ext = 
-                (AuthorityKeyIdentifierExtension) getExtension(
-                    PKIXExtensions.AuthorityKey_Id.toString(), info);
+            ext =
+                    (AuthorityKeyIdentifierExtension) getExtension(
+                            PKIXExtensions.AuthorityKey_Id.toString(), info);
 
             if (ext == null) {
                 return null;
@@ -131,8 +126,8 @@ public class AuthorityKeyIdentifierExtDefault extends CAEnrollDefault {
             }
         } else if (name.equals(VAL_KEY_ID)) {
             ext =
-                (AuthorityKeyIdentifierExtension) getExtension(
-                    PKIXExtensions.AuthorityKey_Id.toString(), info);
+                    (AuthorityKeyIdentifierExtension) getExtension(
+                            PKIXExtensions.AuthorityKey_Id.toString(), info);
 
             if (ext == null) {
                 // do something here
@@ -147,11 +142,11 @@ public class AuthorityKeyIdentifierExtDefault extends CAEnrollDefault {
                 //
                 CMS.debug(e.toString());
             }
-            if (kid == null) 
+            if (kid == null)
                 return "";
             return toHexString(kid.getIdentifier());
         } else {
-            throw new EPropertyException(CMS.getUserMessage( 
+            throw new EPropertyException(CMS.getUserMessage(
                         locale, "CMS_INVALID_PROPERTY", name));
         }
     }
@@ -164,7 +159,7 @@ public class AuthorityKeyIdentifierExtDefault extends CAEnrollDefault {
      * Populates the request with this policy default.
      */
     public void populate(IRequest request, X509CertInfo info)
-        throws EProfileException {
+            throws EProfileException {
         AuthorityKeyIdentifierExtension ext = createExtension(info);
 
         addExtension(PKIXExtensions.AuthorityKey_Id.toString(), ext, info);
@@ -174,9 +169,9 @@ public class AuthorityKeyIdentifierExtDefault extends CAEnrollDefault {
         KeyIdentifier kid = null;
         String localKey = getConfig("localKey");
         if (localKey != null && localKey.equals("true")) {
-          kid = getKeyIdentifier(info);
+            kid = getKeyIdentifier(info);
         } else {
-          kid = getCAKeyIdentifier();
+            kid = getCAKeyIdentifier();
         }
 
         if (kid == null)
@@ -186,8 +181,8 @@ public class AuthorityKeyIdentifierExtDefault extends CAEnrollDefault {
         try {
             ext = new AuthorityKeyIdentifierExtension(false, kid, null, null);
         } catch (IOException e) {
-            CMS.debug("AuthorityKeyIdentifierExtDefault: createExtension " + 
-                e.toString());
+            CMS.debug("AuthorityKeyIdentifierExtDefault: createExtension " +
+                    e.toString());
         }
         return ext;
     }
diff --git a/pki/base/common/src/com/netscape/cms/profile/def/AutoAssignDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/AutoAssignDefault.java
index 7ab05d75..ddb9c4a8 100644
--- a/pki/base/common/src/com/netscape/cms/profile/def/AutoAssignDefault.java
+++ b/pki/base/common/src/com/netscape/cms/profile/def/AutoAssignDefault.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.profile.def;
 
-
 import java.util.Locale;
 
 import netscape.security.x509.X509CertInfo;
@@ -31,11 +30,10 @@ import com.netscape.certsrv.property.EPropertyException;
 import com.netscape.certsrv.property.IDescriptor;
 import com.netscape.certsrv.request.IRequest;
 
-
 /**
- * This class implements an enrollment default policy
- * that automatically assign request to agent.
- *
+ * This class implements an enrollment default policy that automatically assign
+ * request to agent.
+ * 
  * @version $Revision$, $Date$
  */
 public class AutoAssignDefault extends EnrollDefault {
@@ -48,15 +46,15 @@ public class AutoAssignDefault extends EnrollDefault {
     }
 
     public void init(IProfile profile, IConfigStore config)
-        throws EProfileException {
+            throws EProfileException {
         super.init(profile, config);
     }
 
-    public IDescriptor getConfigDescriptor(Locale locale, String name) { 
-        if (name.equals(CONFIG_ASSIGN_TO)) { 
-            return new Descriptor(IDescriptor.STRING, 
+    public IDescriptor getConfigDescriptor(Locale locale, String name) {
+        if (name.equals(CONFIG_ASSIGN_TO)) {
+            return new Descriptor(IDescriptor.STRING,
                     null, "admin", CMS.getUserMessage(locale,
-                        "CMS_PROFILE_AUTO_ASSIGN"));
+                            "CMS_PROFILE_AUTO_ASSIGN"));
         } else {
             return null;
         }
@@ -67,29 +65,29 @@ public class AutoAssignDefault extends EnrollDefault {
     }
 
     public void setValue(String name, Locale locale,
-        X509CertInfo info, String value)
-        throws EPropertyException {
+            X509CertInfo info, String value)
+            throws EPropertyException {
     }
 
     public String getValue(String name, Locale locale,
-        X509CertInfo info)
-        throws EPropertyException {
+            X509CertInfo info)
+            throws EPropertyException {
         return null;
     }
 
     public String getText(Locale locale) {
         return CMS.getUserMessage(locale, "CMS_PROFILE_DEF_AUTO_ASSIGN",
-		getConfig(CONFIG_ASSIGN_TO));
+                getConfig(CONFIG_ASSIGN_TO));
     }
 
     /**
      * Populates the request with this policy default.
      */
     public void populate(IRequest request, X509CertInfo info)
-        throws EProfileException {
+            throws EProfileException {
         try {
-	    request.setRequestOwner(
-		mapPattern(request, getConfig(CONFIG_ASSIGN_TO)));
+            request.setRequestOwner(
+                    mapPattern(request, getConfig(CONFIG_ASSIGN_TO)));
         } catch (Exception e) {
             // failed to insert subject name
             CMS.debug("AutoAssignDefault: populate " + e.toString());
diff --git a/pki/base/common/src/com/netscape/cms/profile/def/BasicConstraintsExtDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/BasicConstraintsExtDefault.java
index 8c5d8094..2665fa2c 100644
--- a/pki/base/common/src/com/netscape/cms/profile/def/BasicConstraintsExtDefault.java
+++ b/pki/base/common/src/com/netscape/cms/profile/def/BasicConstraintsExtDefault.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.profile.def;
 
-
 import java.io.IOException;
 import java.util.Locale;
 
@@ -34,12 +33,10 @@ import com.netscape.certsrv.property.EPropertyException;
 import com.netscape.certsrv.property.IDescriptor;
 import com.netscape.certsrv.request.IRequest;
 
-
 /**
- * This class implements an enrollment default policy
- * that populates Basic Constraint extension
- * into the certificate template.
- *
+ * This class implements an enrollment default policy that populates Basic
+ * Constraint extension into the certificate template.
+ * 
  * @version $Revision$, $Date$
  */
 public class BasicConstraintsExtDefault extends EnrollExtDefault {
@@ -64,21 +61,21 @@ public class BasicConstraintsExtDefault extends EnrollExtDefault {
     }
 
     public void init(IProfile profile, IConfigStore config)
-        throws EProfileException {
+            throws EProfileException {
         super.init(profile, config);
     }
 
-    public IDescriptor getConfigDescriptor(Locale locale, String name) { 
+    public IDescriptor getConfigDescriptor(Locale locale, String name) {
         if (name.equals(CONFIG_CRITICAL)) {
-            return new Descriptor(IDescriptor.BOOLEAN, null, 
+            return new Descriptor(IDescriptor.BOOLEAN, null,
                     "false",
                     CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL"));
         } else if (name.equals(CONFIG_IS_CA)) {
-            return new Descriptor(IDescriptor.BOOLEAN, null, 
+            return new Descriptor(IDescriptor.BOOLEAN, null,
                     "true",
                     CMS.getUserMessage(locale, "CMS_PROFILE_IS_CA"));
         } else if (name.equals(CONFIG_PATH_LEN)) {
-            return new Descriptor(IDescriptor.INTEGER, null, 
+            return new Descriptor(IDescriptor.INTEGER, null,
                     "-1",
                     CMS.getUserMessage(locale, "CMS_PROFILE_PATH_LEN"));
         }
@@ -87,15 +84,15 @@ public class BasicConstraintsExtDefault extends EnrollExtDefault {
 
     public IDescriptor getValueDescriptor(Locale locale, String name) {
         if (name.equals(VAL_CRITICAL)) {
-            return new Descriptor(IDescriptor.BOOLEAN, null, 
+            return new Descriptor(IDescriptor.BOOLEAN, null,
                     "false",
                     CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL"));
         } else if (name.equals(VAL_IS_CA)) {
-            return new Descriptor(IDescriptor.BOOLEAN, null, 
+            return new Descriptor(IDescriptor.BOOLEAN, null,
                     "true",
                     CMS.getUserMessage(locale, "CMS_PROFILE_IS_CA"));
         } else if (name.equals(VAL_PATH_LEN)) {
-            return new Descriptor(IDescriptor.INTEGER, null, 
+            return new Descriptor(IDescriptor.INTEGER, null,
                     "-1",
                     CMS.getUserMessage(locale, "CMS_PROFILE_PATH_LEN"));
         } else {
@@ -104,39 +101,37 @@ public class BasicConstraintsExtDefault extends EnrollExtDefault {
     }
 
     public void setValue(String name, Locale locale,
-        X509CertInfo info, String value)
-        throws EPropertyException {
+            X509CertInfo info, String value)
+            throws EPropertyException {
         try {
             BasicConstraintsExtension ext = null;
 
-            if (name == null) { 
-                throw new EPropertyException(CMS.getUserMessage( 
+            if (name == null) {
+                throw new EPropertyException(CMS.getUserMessage(
                             locale, "CMS_INVALID_PROPERTY", name));
             }
 
             ext = (BasicConstraintsExtension)
                         getExtension(PKIXExtensions.BasicConstraints_Id.toString(), info);
 
-            if(ext == null)
-            {
-                populate(null,info);
+            if (ext == null) {
+                populate(null, info);
             }
 
             if (name.equals(VAL_CRITICAL)) {
 
                 ext = (BasicConstraintsExtension)
                         getExtension(PKIXExtensions.BasicConstraints_Id.toString(), info);
-                boolean val = Boolean.valueOf(value).booleanValue(); 
-
+                boolean val = Boolean.valueOf(value).booleanValue();
 
-                if(ext == null)  {
+                if (ext == null) {
                     return;
                 }
                 ext.setCritical(val);
             } else if (name.equals(VAL_IS_CA)) {
                 ext = (BasicConstraintsExtension)
                         getExtension(PKIXExtensions.BasicConstraints_Id.toString(), info);
-                if(ext == null)  {
+                if (ext == null) {
                     return;
                 }
                 Boolean isCA = Boolean.valueOf(value);
@@ -146,7 +141,7 @@ public class BasicConstraintsExtDefault extends EnrollExtDefault {
                 ext = (BasicConstraintsExtension)
                         getExtension(PKIXExtensions.BasicConstraints_Id.toString(), info);
 
-                if(ext == null)  {
+                if (ext == null) {
                     return;
                 }
                 Integer pathLen = Integer.valueOf(value);
@@ -156,8 +151,8 @@ public class BasicConstraintsExtDefault extends EnrollExtDefault {
                 throw new EPropertyException("Invalid name " + name);
             }
             replaceExtension(PKIXExtensions.BasicConstraints_Id.toString(),
-                ext, info);
-        } catch (IOException e) { 
+                    ext, info);
+        } catch (IOException e) {
             CMS.debug("BasicConstraintsExtDefault: setValue " + e.toString());
             throw new EPropertyException(CMS.getUserMessage(
                         locale, "CMS_INVALID_PROPERTY", name));
@@ -169,35 +164,34 @@ public class BasicConstraintsExtDefault extends EnrollExtDefault {
     }
 
     public String getValue(String name, Locale locale,
-        X509CertInfo info)
-        throws EPropertyException {
+            X509CertInfo info)
+            throws EPropertyException {
         try {
-            if (name == null) { 
-                throw new EPropertyException(CMS.getUserMessage( 
+            if (name == null) {
+                throw new EPropertyException(CMS.getUserMessage(
                             locale, "CMS_INVALID_PROPERTY", name));
             }
 
             BasicConstraintsExtension ext = (BasicConstraintsExtension)
                     getExtension(PKIXExtensions.BasicConstraints_Id.toString(), info);
 
-            if(ext == null)
-            {
+            if (ext == null) {
                 CMS.debug("BasicConstraintsExtDefault: getValue ext is null, populating a new one ");
-             
-                try { 
-                    populate(null,info);
+
+                try {
+                    populate(null, info);
 
                 } catch (EProfileException e) {
                     CMS.debug("BasicConstraintsExtDefault: getValue " + e.toString());
-                     throw new EPropertyException(CMS.getUserMessage(
-                          locale, "CMS_INVALID_PROPERTY", name));
+                    throw new EPropertyException(CMS.getUserMessage(
+                            locale, "CMS_INVALID_PROPERTY", name));
                 }
 
             }
 
             if (name.equals(VAL_CRITICAL)) {
-                    ext = (BasicConstraintsExtension)
-                    getExtension(PKIXExtensions.BasicConstraints_Id.toString(), info);
+                ext = (BasicConstraintsExtension)
+                        getExtension(PKIXExtensions.BasicConstraints_Id.toString(), info);
 
                 if (ext == null) {
                     return null;
@@ -208,8 +202,8 @@ public class BasicConstraintsExtDefault extends EnrollExtDefault {
                     return "false";
                 }
             } else if (name.equals(VAL_IS_CA)) {
-                    ext = (BasicConstraintsExtension)
-                    getExtension(PKIXExtensions.BasicConstraints_Id.toString(), info);
+                ext = (BasicConstraintsExtension)
+                        getExtension(PKIXExtensions.BasicConstraints_Id.toString(), info);
 
                 if (ext == null) {
                     return null;
@@ -218,41 +212,41 @@ public class BasicConstraintsExtDefault extends EnrollExtDefault {
 
                 return isCA.toString();
             } else if (name.equals(VAL_PATH_LEN)) {
-                    ext = (BasicConstraintsExtension)
-                    getExtension(PKIXExtensions.BasicConstraints_Id.toString(), info);
+                ext = (BasicConstraintsExtension)
+                        getExtension(PKIXExtensions.BasicConstraints_Id.toString(), info);
 
                 if (ext == null) {
                     return null;
                 }
                 Integer pathLen = (Integer)
-                    ext.get(BasicConstraintsExtension.PATH_LEN);
-
+                        ext.get(BasicConstraintsExtension.PATH_LEN);
 
                 String pLen = null;
 
                 pLen = pathLen.toString();
-                if(pLen.equals("-2"))
-                {
-                   //This is done for bug 621700.  Profile constraints actually checks for -1
-                   //The low level security class for some reason sets this to -2
-                   //This will allow the request to be approved successfuly by the agent.
+                if (pLen.equals("-2")) {
+                    // This is done for bug 621700. Profile constraints actually
+                    // checks for -1
+                    // The low level security class for some reason sets this to
+                    // -2
+                    // This will allow the request to be approved successfuly by
+                    // the agent.
 
-                   pLen = "-1";
+                    pLen = "-1";
 
                 }
-               
+
                 CMS.debug("BasicConstriantsExtDefault getValue(pLen) " + pLen);
- 
+
                 return pLen;
 
-                
-            } else { 
-                throw new EPropertyException(CMS.getUserMessage( 
+            } else {
+                throw new EPropertyException(CMS.getUserMessage(
                             locale, "CMS_INVALID_PROPERTY", name));
             }
         } catch (IOException e) {
             CMS.debug("BasicConstraintsExtDefault: getValue " + e.toString());
-            throw new EPropertyException(CMS.getUserMessage( 
+            throw new EPropertyException(CMS.getUserMessage(
                         locale, "CMS_INVALID_PROPERTY", name));
         }
     }
@@ -271,11 +265,11 @@ public class BasicConstraintsExtDefault extends EnrollExtDefault {
      * Populates the request with this policy default.
      */
     public void populate(IRequest request, X509CertInfo info)
-        throws EProfileException {
+            throws EProfileException {
         BasicConstraintsExtension ext = createExtension();
 
         addExtension(PKIXExtensions.BasicConstraints_Id.toString(), ext,
-            info);
+                info);
     }
 
     public BasicConstraintsExtension createExtension() {
@@ -287,8 +281,7 @@ public class BasicConstraintsExtDefault extends EnrollExtDefault {
 
         int pathLen = -2;
 
-
-        if(!pathLenStr.equals("") )  {
+        if (!pathLenStr.equals("")) {
 
             pathLen = Integer.valueOf(pathLenStr).intValue();
         }
@@ -296,8 +289,8 @@ public class BasicConstraintsExtDefault extends EnrollExtDefault {
         try {
             ext = new BasicConstraintsExtension(isCA, critical, pathLen);
         } catch (Exception e) {
-            CMS.debug("BasicConstraintsExtDefault: createExtension " + 
-                e.toString());
+            CMS.debug("BasicConstraintsExtDefault: createExtension " +
+                    e.toString());
             return null;
         }
         ext.setCritical(critical);
diff --git a/pki/base/common/src/com/netscape/cms/profile/def/CAEnrollDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/CAEnrollDefault.java
index 4b883f7f..38a74bf0 100644
--- a/pki/base/common/src/com/netscape/cms/profile/def/CAEnrollDefault.java
+++ b/pki/base/common/src/com/netscape/cms/profile/def/CAEnrollDefault.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.profile.def;
 
-
 import java.io.IOException;
 import java.security.MessageDigest;
 import java.security.NoSuchAlgorithmException;
@@ -34,12 +33,10 @@ import netscape.security.x509.X509Key;
 import com.netscape.certsrv.apps.CMS;
 import com.netscape.certsrv.ca.ICertificateAuthority;
 
-
 /**
- * This class implements an abstract CA specific 
- * Enrollment default. This policy can only be
- * used with CA subsystem.
- *
+ * This class implements an abstract CA specific Enrollment default. This policy
+ * can only be used with CA subsystem.
+ * 
  * @version $Revision$, $Date$
  */
 public abstract class CAEnrollDefault extends EnrollDefault {
@@ -48,8 +45,8 @@ public abstract class CAEnrollDefault extends EnrollDefault {
 
     public KeyIdentifier getKeyIdentifier(X509CertInfo info) {
         try {
-            CertificateX509Key ckey = (CertificateX509Key) 
-              info.get(X509CertInfo.KEY);
+            CertificateX509Key ckey = (CertificateX509Key)
+                    info.get(X509CertInfo.KEY);
             X509Key key = (X509Key) ckey.get(CertificateX509Key.KEY);
             MessageDigest md = MessageDigest.getInstance("SHA-1");
 
@@ -59,35 +56,35 @@ public abstract class CAEnrollDefault extends EnrollDefault {
             return new KeyIdentifier(hash);
         } catch (IOException e) {
             CMS.debug("AuthorityKeyIdentifierExtDefault: getKeyId " +
-                e.toString());
+                    e.toString());
         } catch (CertificateException e) {
             CMS.debug("AuthorityKeyIdentifierExtDefault: getKeyId " +
-                e.toString());
+                    e.toString());
         } catch (NoSuchAlgorithmException e) {
             CMS.debug("AuthorityKeyIdentifierExtDefault: getKeyId " +
-                e.toString());
+                    e.toString());
         }
         return null;
     }
 
     public KeyIdentifier getCAKeyIdentifier() {
         ICertificateAuthority ca = (ICertificateAuthority)
-            CMS.getSubsystem(CMS.SUBSYSTEM_CA);
+                CMS.getSubsystem(CMS.SUBSYSTEM_CA);
         X509CertImpl caCert = ca.getCACert();
         if (caCert == null) {
-          // during configuration, we dont have the CA certificate
-          return null;
+            // during configuration, we dont have the CA certificate
+            return null;
         }
         X509Key key = (X509Key) caCert.getPublicKey();
 
         SubjectKeyIdentifierExtension subjKeyIdExt =
-            (SubjectKeyIdentifierExtension)
-             caCert.getExtension(PKIXExtensions.SubjectKey_Id.toString());
+                (SubjectKeyIdentifierExtension)
+                caCert.getExtension(PKIXExtensions.SubjectKey_Id.toString());
         if (subjKeyIdExt != null) {
             try {
-              KeyIdentifier keyId = (KeyIdentifier) subjKeyIdExt.get(
-                 SubjectKeyIdentifierExtension.KEY_ID);
-              return keyId;
+                KeyIdentifier keyId = (KeyIdentifier) subjKeyIdExt.get(
+                        SubjectKeyIdentifierExtension.KEY_ID);
+                return keyId;
             } catch (IOException e) {
             }
         }
@@ -101,7 +98,7 @@ public abstract class CAEnrollDefault extends EnrollDefault {
             return new KeyIdentifier(hash);
         } catch (NoSuchAlgorithmException e) {
             CMS.debug("AuthorityKeyIdentifierExtDefault: getKeyId " +
-                e.toString());
+                    e.toString());
         }
         return null;
     }
diff --git a/pki/base/common/src/com/netscape/cms/profile/def/CAValidityDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/CAValidityDefault.java
index 8bf4c75f..01f9bd65 100644
--- a/pki/base/common/src/com/netscape/cms/profile/def/CAValidityDefault.java
+++ b/pki/base/common/src/com/netscape/cms/profile/def/CAValidityDefault.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.profile.def;
 
-
 import java.io.IOException;
 import java.text.ParsePosition;
 import java.text.SimpleDateFormat;
@@ -39,21 +38,19 @@ import com.netscape.certsrv.property.EPropertyException;
 import com.netscape.certsrv.property.IDescriptor;
 import com.netscape.certsrv.request.IRequest;
 
-
 /**
- * This class implements a CA signing cert enrollment default policy
- * that populates a server-side configurable validity
- * into the certificate template.
+ * This class implements a CA signing cert enrollment default policy that
+ * populates a server-side configurable validity into the certificate template.
  * It allows an agent to bypass the CA's signing cert's expiration constraint
  */
 public class CAValidityDefault extends EnrollDefault {
     public static final String CONFIG_RANGE = "range";
     public static final String CONFIG_START_TIME = "startTime";
-    public static final String CONFIG_BYPASS_CA_NOTAFTER= "bypassCAnotafter";
+    public static final String CONFIG_BYPASS_CA_NOTAFTER = "bypassCAnotafter";
 
     public static final String VAL_NOT_BEFORE = "notBefore";
     public static final String VAL_NOT_AFTER = "notAfter";
-    public static final String VAL_BYPASS_CA_NOTAFTER= "bypassCAnotafter";
+    public static final String VAL_BYPASS_CA_NOTAFTER = "bypassCAnotafter";
 
     public static final String DATE_FORMAT = "yyyy-MM-dd HH:mm:ss";
 
@@ -72,28 +69,28 @@ public class CAValidityDefault extends EnrollDefault {
     }
 
     public void init(IProfile profile, IConfigStore config)
-        throws EProfileException {
+            throws EProfileException {
         super.init(profile, config);
         mCA = (ICertificateAuthority)
-            CMS.getSubsystem(CMS.SUBSYSTEM_CA);
+                CMS.getSubsystem(CMS.SUBSYSTEM_CA);
     }
 
     public void setConfig(String name, String value)
-        throws EPropertyException {
+            throws EPropertyException {
         if (name.equals(CONFIG_RANGE)) {
-          try {
-            Integer.parseInt(value);
-          } catch (Exception e) {
+            try {
+                Integer.parseInt(value);
+            } catch (Exception e) {
                 throw new EPropertyException(CMS.getUserMessage(
                             "CMS_INVALID_PROPERTY", CONFIG_RANGE));
-          }
+            }
         } else if (name.equals(CONFIG_START_TIME)) {
-          try {
-            Integer.parseInt(value);
-          } catch (Exception e) {
+            try {
+                Integer.parseInt(value);
+            } catch (Exception e) {
                 throw new EPropertyException(CMS.getUserMessage(
                             "CMS_INVALID_PROPERTY", CONFIG_START_TIME));
-          }
+            }
         }
         super.setConfig(name, value);
     }
@@ -101,16 +98,16 @@ public class CAValidityDefault extends EnrollDefault {
     public IDescriptor getConfigDescriptor(Locale locale, String name) {
         if (name.equals(CONFIG_RANGE)) {
             return new Descriptor(IDescriptor.STRING,
-                    null, 
+                    null,
                     "2922", /* 8 years */
                     CMS.getUserMessage(locale,
-                        "CMS_PROFILE_VALIDITY_RANGE"));
+                            "CMS_PROFILE_VALIDITY_RANGE"));
         } else if (name.equals(CONFIG_START_TIME)) {
             return new Descriptor(IDescriptor.STRING,
-                    null, 
+                    null,
                     "60", /* 1 minute */
                     CMS.getUserMessage(locale,
-                        "CMS_PROFILE_VALIDITY_START_TIME"));
+                            "CMS_PROFILE_VALIDITY_START_TIME"));
         } else if (name.equals(CONFIG_BYPASS_CA_NOTAFTER)) {
             return new Descriptor(IDescriptor.BOOLEAN, null,
                     "false",
@@ -138,21 +135,21 @@ public class CAValidityDefault extends EnrollDefault {
     }
 
     public void setValue(String name, Locale locale,
-        X509CertInfo info, String value)
-        throws EPropertyException {
-        if (name == null) { 
+            X509CertInfo info, String value)
+            throws EPropertyException {
+        if (name == null) {
             throw new EPropertyException(CMS.getUserMessage(
                         locale, "CMS_INVALID_PROPERTY", name));
         }
-        if (value == null || value.equals("")) { 
+        if (value == null || value.equals("")) {
             throw new EPropertyException(CMS.getUserMessage(
                         locale, "CMS_INVALID_PROPERTY", name));
         }
-        CMS.debug("CAValidityDefault: setValue name= "+ name);
+        CMS.debug("CAValidityDefault: setValue name= " + name);
 
         if (name.equals(VAL_NOT_BEFORE)) {
-            SimpleDateFormat formatter = 
-                new SimpleDateFormat(DATE_FORMAT);
+            SimpleDateFormat formatter =
+                    new SimpleDateFormat(DATE_FORMAT);
             ParsePosition pos = new ParsePosition(0);
             Date date = formatter.parse(value, pos);
             CertificateValidity validity = null;
@@ -161,15 +158,15 @@ public class CAValidityDefault extends EnrollDefault {
                 validity = (CertificateValidity)
                         info.get(X509CertInfo.VALIDITY);
                 validity.set(CertificateValidity.NOT_BEFORE,
-                    date);
+                        date);
             } catch (Exception e) {
                 CMS.debug("CAValidityDefault: setValue " + e.toString());
                 throw new EPropertyException(CMS.getUserMessage(
                             locale, "CMS_INVALID_PROPERTY", name));
             }
         } else if (name.equals(VAL_NOT_AFTER)) {
-            SimpleDateFormat formatter = 
-                new SimpleDateFormat(DATE_FORMAT);
+            SimpleDateFormat formatter =
+                    new SimpleDateFormat(DATE_FORMAT);
             ParsePosition pos = new ParsePosition(0);
             Date date = formatter.parse(value, pos);
             CertificateValidity validity = null;
@@ -178,7 +175,7 @@ public class CAValidityDefault extends EnrollDefault {
                 validity = (CertificateValidity)
                         info.get(X509CertInfo.VALIDITY);
                 validity.set(CertificateValidity.NOT_AFTER,
-                    date);
+                        date);
             } catch (Exception e) {
                 CMS.debug("CAValidityDefault: setValue " + e.toString());
                 throw new EPropertyException(CMS.getUserMessage(
@@ -186,23 +183,23 @@ public class CAValidityDefault extends EnrollDefault {
             }
         } else if (name.equals(VAL_BYPASS_CA_NOTAFTER)) {
             boolean bypassCAvalidity = Boolean.valueOf(value).booleanValue();
-            CMS.debug("CAValidityDefault: setValue: bypassCAvalidity="+ bypassCAvalidity);
+            CMS.debug("CAValidityDefault: setValue: bypassCAvalidity=" + bypassCAvalidity);
 
             BasicConstraintsExtension ext = (BasicConstraintsExtension)
                     getExtension(PKIXExtensions.BasicConstraints_Id.toString(), info);
 
-            if(ext == null)  {
+            if (ext == null) {
                 CMS.debug("CAValidityDefault: setValue: this default cannot be applied to non-CA cert.");
                 return;
             }
             try {
                 Boolean isCA = (Boolean) ext.get(BasicConstraintsExtension.IS_CA);
-                if(isCA.booleanValue() != true)  {
+                if (isCA.booleanValue() != true) {
                     CMS.debug("CAValidityDefault: setValue: this default cannot be aplied to non-CA cert.");
                     return;
                 }
             } catch (Exception e) {
-                CMS.debug("CAValidityDefault: setValue: this default cannot be aplied to non-CA cert."+ e.toString());
+                CMS.debug("CAValidityDefault: setValue: this default cannot be aplied to non-CA cert." + e.toString());
                 return;
             }
 
@@ -210,7 +207,7 @@ public class CAValidityDefault extends EnrollDefault {
             Date notAfter = null;
             try {
                 validity = (CertificateValidity)
-                    info.get(X509CertInfo.VALIDITY);
+                        info.get(X509CertInfo.VALIDITY);
                 notAfter = (Date) validity.get(CertificateValidity.NOT_AFTER);
             } catch (Exception e) {
                 CMS.debug("CAValidityDefault: setValue " + e.toString());
@@ -220,7 +217,7 @@ public class CAValidityDefault extends EnrollDefault {
 
             // not to exceed CA's expiration
             Date caNotAfter =
-                mCA.getSigningUnit().getCertImpl().getNotAfter();
+                    mCA.getSigningUnit().getCertImpl().getNotAfter();
 
             if (notAfter.after(caNotAfter)) {
                 if (bypassCAvalidity == false) {
@@ -232,7 +229,7 @@ public class CAValidityDefault extends EnrollDefault {
             }
             try {
                 validity.set(CertificateValidity.NOT_AFTER,
-                    notAfter);
+                        notAfter);
             } catch (Exception e) {
                 CMS.debug("CAValidityDefault: setValue " + e.toString());
                 throw new EPropertyException(CMS.getUserMessage(
@@ -243,19 +240,19 @@ public class CAValidityDefault extends EnrollDefault {
                         locale, "CMS_INVALID_PROPERTY", name));
         }
     }
- 
+
     public String getValue(String name, Locale locale,
-        X509CertInfo info)
-        throws EPropertyException { 
+            X509CertInfo info)
+            throws EPropertyException {
 
         if (name == null)
             throw new EPropertyException(CMS.getUserMessage(
                         locale, "CMS_INVALID_PROPERTY", name));
 
-        CMS.debug("CAValidityDefault: getValue: name= "+ name);
+        CMS.debug("CAValidityDefault: getValue: name= " + name);
         if (name.equals(VAL_NOT_BEFORE)) {
-            SimpleDateFormat formatter = 
-                new SimpleDateFormat(DATE_FORMAT);
+            SimpleDateFormat formatter =
+                    new SimpleDateFormat(DATE_FORMAT);
             CertificateValidity validity = null;
 
             try {
@@ -269,8 +266,8 @@ public class CAValidityDefault extends EnrollDefault {
                         locale, "CMS_INVALID_PROPERTY", name));
             }
         } else if (name.equals(VAL_NOT_AFTER)) {
-            SimpleDateFormat formatter = 
-                new SimpleDateFormat(DATE_FORMAT);
+            SimpleDateFormat formatter =
+                    new SimpleDateFormat(DATE_FORMAT);
             CertificateValidity validity = null;
 
             try {
@@ -298,19 +295,19 @@ public class CAValidityDefault extends EnrollDefault {
                 getConfig(CONFIG_BYPASS_CA_NOTAFTER)
             };
 
-        return CMS.getUserMessage(locale, "CMS_PROFILE_DEF_VALIDITY",  params);
+        return CMS.getUserMessage(locale, "CMS_PROFILE_DEF_VALIDITY", params);
     }
 
     /**
      * Populates the request with this policy default.
      */
     public void populate(IRequest request, X509CertInfo info)
-        throws EProfileException {
+            throws EProfileException {
 
         // always + 60 seconds
         String startTimeStr = getConfig(CONFIG_START_TIME);
         try {
-          startTimeStr = mapPattern(request, startTimeStr);
+            startTimeStr = mapPattern(request, startTimeStr);
         } catch (IOException e) {
             CMS.debug("CAValidityDefault: populate " + e.toString());
         }
@@ -325,7 +322,7 @@ public class CAValidityDefault extends EnrollDefault {
         try {
             String rangeStr = getConfig(CONFIG_RANGE);
             rangeStr = mapPattern(request, rangeStr);
-            notAfterVal = notBefore.getTime() + 
+            notAfterVal = notBefore.getTime() +
                     (mDefault * Integer.parseInt(rangeStr));
         } catch (Exception e) {
             // configured value is not correct
@@ -335,8 +332,8 @@ public class CAValidityDefault extends EnrollDefault {
         }
         Date notAfter = new Date(notAfterVal);
 
-        CertificateValidity validity = 
-            new CertificateValidity(notBefore, notAfter);
+        CertificateValidity validity =
+                new CertificateValidity(notBefore, notAfter);
 
         try {
             info.set(X509CertInfo.VALIDITY, validity);
diff --git a/pki/base/common/src/com/netscape/cms/profile/def/CRLDistributionPointsExtDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/CRLDistributionPointsExtDefault.java
index 5a551033..5b500c53 100644
--- a/pki/base/common/src/com/netscape/cms/profile/def/CRLDistributionPointsExtDefault.java
+++ b/pki/base/common/src/com/netscape/cms/profile/def/CRLDistributionPointsExtDefault.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.profile.def;
 
-
 import java.io.IOException;
 import java.util.Enumeration;
 import java.util.Locale;
@@ -45,12 +44,10 @@ import com.netscape.certsrv.property.EPropertyException;
 import com.netscape.certsrv.property.IDescriptor;
 import com.netscape.certsrv.request.IRequest;
 
-
 /**
- * This class implements an enrollment default policy
- * that populates a CRL Distribution points extension
- * into the certificate template.
- *
+ * This class implements an enrollment default policy that populates a CRL
+ * Distribution points extension into the certificate template.
+ * 
  * @version $Revision$, $Date$
  */
 public class CRLDistributionPointsExtDefault extends EnrollExtDefault {
@@ -84,32 +81,31 @@ public class CRLDistributionPointsExtDefault extends EnrollExtDefault {
     }
 
     public void init(IProfile profile, IConfigStore config)
-        throws EProfileException {
+            throws EProfileException {
         super.init(profile, config);
         refreshConfigAndValueNames();
     }
 
-     public void setConfig(String name, String value)
-        throws EPropertyException {
+    public void setConfig(String name, String value)
+            throws EPropertyException {
         int num = 0;
         if (name.equals(CONFIG_NUM_POINTS)) {
-          try {
-            num = Integer.parseInt(value);
+            try {
+                num = Integer.parseInt(value);
 
-            if (num >= MAX_NUM_POINTS || num < 0) {
-                throw new EPropertyException(CMS.getUserMessage(
+                if (num >= MAX_NUM_POINTS || num < 0) {
+                    throw new EPropertyException(CMS.getUserMessage(
                             "CMS_INVALID_PROPERTY", CONFIG_NUM_POINTS));
-            }
+                }
 
-          } catch (Exception e) {
+            } catch (Exception e) {
                 throw new EPropertyException(CMS.getUserMessage(
                             "CMS_INVALID_PROPERTY", CONFIG_NUM_POINTS));
-          }
+            }
         }
         super.setConfig(name, value);
     }
 
-
     public Enumeration<String> getConfigNames() {
         refreshConfigAndValueNames();
         return super.getConfigNames();
@@ -147,39 +143,39 @@ public class CRLDistributionPointsExtDefault extends EnrollExtDefault {
             }
         }
 
-        if (num >= MAX_NUM_POINTS) 
+        if (num >= MAX_NUM_POINTS)
             num = DEF_NUM_POINTS;
 
         return num;
     }
 
-    public IDescriptor getConfigDescriptor(Locale locale, String name) { 
-        if (name.equals(CONFIG_CRITICAL)) { 
-            return new Descriptor(IDescriptor.BOOLEAN, null, 
+    public IDescriptor getConfigDescriptor(Locale locale, String name) {
+        if (name.equals(CONFIG_CRITICAL)) {
+            return new Descriptor(IDescriptor.BOOLEAN, null,
                     "false",
                     CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL"));
         } else if (name.startsWith(CONFIG_POINT_TYPE)) {
-            return new Descriptor(IDescriptor.STRING, null, 
+            return new Descriptor(IDescriptor.STRING, null,
                     null,
                     CMS.getUserMessage(locale, "CMS_PROFILE_POINT_TYPE"));
         } else if (name.startsWith(CONFIG_POINT_NAME)) {
-            return new Descriptor(IDescriptor.STRING, null, 
+            return new Descriptor(IDescriptor.STRING, null,
                     null,
                     CMS.getUserMessage(locale, "CMS_PROFILE_POINT_NAME"));
         } else if (name.startsWith(CONFIG_REASONS)) {
-            return new Descriptor(IDescriptor.STRING, null, 
+            return new Descriptor(IDescriptor.STRING, null,
                     null,
                     CMS.getUserMessage(locale, "CMS_PROFILE_REASONS"));
         } else if (name.startsWith(CONFIG_ISSUER_TYPE)) {
-            return new Descriptor(IDescriptor.STRING, null, 
+            return new Descriptor(IDescriptor.STRING, null,
                     null,
                     CMS.getUserMessage(locale, "CMS_PROFILE_ISSUER_TYPE"));
         } else if (name.startsWith(CONFIG_ISSUER_NAME)) {
-            return new Descriptor(IDescriptor.STRING, null, 
+            return new Descriptor(IDescriptor.STRING, null,
                     null,
                     CMS.getUserMessage(locale, "CMS_PROFILE_ISSUER_NAME"));
         } else if (name.startsWith(CONFIG_ENABLE)) {
-            return new Descriptor(IDescriptor.BOOLEAN, null, 
+            return new Descriptor(IDescriptor.BOOLEAN, null,
                     null,
                     CMS.getUserMessage(locale, "CMS_PROFILE_ENABLE"));
         } else if (name.startsWith(CONFIG_NUM_POINTS)) {
@@ -193,12 +189,12 @@ public class CRLDistributionPointsExtDefault extends EnrollExtDefault {
     }
 
     public IDescriptor getValueDescriptor(Locale locale, String name) {
-        if (name.equals(VAL_CRITICAL)) { 
-            return new Descriptor(IDescriptor.BOOLEAN, null, 
+        if (name.equals(VAL_CRITICAL)) {
+            return new Descriptor(IDescriptor.BOOLEAN, null,
                     "false",
                     CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL"));
         } else if (name.equals(VAL_CRL_DISTRIBUTION_POINTS)) {
-            return new Descriptor(IDescriptor.STRING_LIST, null, 
+            return new Descriptor(IDescriptor.STRING_LIST, null,
                     null,
                     CMS.getUserMessage(locale, "CMS_PROFILE_CRL_DISTRIBUTION_POINTS"));
         } else {
@@ -207,47 +203,45 @@ public class CRLDistributionPointsExtDefault extends EnrollExtDefault {
     }
 
     public void setValue(String name, Locale locale,
-        X509CertInfo info, String value)
-        throws EPropertyException {
+            X509CertInfo info, String value)
+            throws EPropertyException {
         try {
             CRLDistributionPointsExtension ext = null;
 
-            if (name == null) { 
-                throw new EPropertyException(CMS.getUserMessage( 
+            if (name == null) {
+                throw new EPropertyException(CMS.getUserMessage(
                             locale, "CMS_INVALID_PROPERTY", name));
             }
 
             ext = (CRLDistributionPointsExtension)
                         getExtension(PKIXExtensions.CRLDistributionPoints_Id.toString(),
-                            info);
+                                info);
 
-            if(ext == null)  {
-                populate(locale,info); 
+            if (ext == null) {
+                populate(locale, info);
             }
 
             if (name.equals(VAL_CRITICAL)) {
                 ext = (CRLDistributionPointsExtension)
-                        getExtension(PKIXExtensions.CRLDistributionPoints_Id.toString(), 
-                            info);
+                        getExtension(PKIXExtensions.CRLDistributionPoints_Id.toString(),
+                                info);
                 boolean val = Boolean.valueOf(value).booleanValue();
 
-                if(ext == null)
-                {
+                if (ext == null) {
                     return;
                 }
-                ext.setCritical(val); 
-            } else if (name.equals(VAL_CRL_DISTRIBUTION_POINTS)) { 
+                ext.setCritical(val);
+            } else if (name.equals(VAL_CRL_DISTRIBUTION_POINTS)) {
                 ext = (CRLDistributionPointsExtension)
-                        getExtension(PKIXExtensions.CRLDistributionPoints_Id.toString(), 
-                            info);
+                        getExtension(PKIXExtensions.CRLDistributionPoints_Id.toString(),
+                                info);
 
-                if(ext == null)
-                {
+                if (ext == null) {
                     return;
                 }
                 Vector<NameValuePairs> v = parseRecords(value);
                 int size = v.size();
-              
+
                 boolean critical = ext.isCritical();
                 int i = 0;
 
@@ -285,7 +279,7 @@ public class CRLDistributionPointsExtDefault extends EnrollExtDefault {
                         if (issuerType != null)
                             addIssuer(locale, cdp, issuerType, issuerValue);
 
-                            // this is the first distribution point
+                        // this is the first distribution point
                         if (i == 0) {
                             ext = new CRLDistributionPointsExtension(cdp);
                             ext.setCritical(critical);
@@ -295,51 +289,51 @@ public class CRLDistributionPointsExtDefault extends EnrollExtDefault {
                     }
                 }
             } else {
-                throw new EPropertyException(CMS.getUserMessage( 
+                throw new EPropertyException(CMS.getUserMessage(
                             locale, "CMS_INVALID_PROPERTY", name));
             }
 
             replaceExtension(PKIXExtensions.CRLDistributionPoints_Id.toString(),
-                ext, info);
+                    ext, info);
         } catch (EProfileException e) {
-            CMS.debug("CRLDistributionPointsExtDefault: setValue " + 
-                e.toString());
-            throw new EPropertyException(CMS.getUserMessage( 
+            CMS.debug("CRLDistributionPointsExtDefault: setValue " +
+                    e.toString());
+            throw new EPropertyException(CMS.getUserMessage(
                         locale, "CMS_INVALID_PROPERTY", name));
         }
     }
 
     private void addCRLPoint(Locale locale, CRLDistributionPoint cdp, String type,
-        String value) throws EPropertyException {
+            String value) throws EPropertyException {
         try {
             if (value == null || value.length() == 0)
                 return;
-        
+
             if (type.equals(RELATIVETOISSUER)) {
                 cdp.setRelativeName(new RDN(value));
             } else if (isGeneralNameType(type)) {
                 GeneralNames gen = new GeneralNames();
-                gen.addElement(parseGeneralName(type,value));
+                gen.addElement(parseGeneralName(type, value));
                 cdp.setFullName(gen);
             } else {
-                throw new EPropertyException(CMS.getUserMessage( 
+                throw new EPropertyException(CMS.getUserMessage(
                             locale, "CMS_INVALID_PROPERTY", type));
             }
         } catch (IOException e) {
-            CMS.debug("CRLDistributionPointsExtDefault: addCRLPoint " + 
-                e.toString());
-            throw new EPropertyException(CMS.getUserMessage( 
+            CMS.debug("CRLDistributionPointsExtDefault: addCRLPoint " +
+                    e.toString());
+            throw new EPropertyException(CMS.getUserMessage(
                         locale, "CMS_INVALID_PROPERTY", type));
         } catch (GeneralNamesException e) {
-            CMS.debug("CRLDistributionPointsExtDefault: addCRLPoint " + 
-                e.toString());
-            throw new EPropertyException(CMS.getUserMessage( 
+            CMS.debug("CRLDistributionPointsExtDefault: addCRLPoint " +
+                    e.toString());
+            throw new EPropertyException(CMS.getUserMessage(
                         locale, "CMS_INVALID_PROPERTY", type));
         }
     }
 
     private void addIssuer(Locale locale, CRLDistributionPoint cdp, String type,
-        String value) throws EPropertyException {
+            String value) throws EPropertyException {
         if (value == null || value.length() == 0)
             return;
         try {
@@ -349,20 +343,20 @@ public class CRLDistributionPointsExtDefault extends EnrollExtDefault {
                 gen.addElement(parseGeneralName(type, value));
                 cdp.setCRLIssuer(gen);
             } else {
-                throw new EPropertyException(CMS.getUserMessage( 
+                throw new EPropertyException(CMS.getUserMessage(
                             locale, "CMS_INVALID_PROPERTY", type));
             }
         } catch (IOException e) {
-            CMS.debug("CRLDistributionPointsExtDefault: addIssuer " + 
-                e.toString());
+            CMS.debug("CRLDistributionPointsExtDefault: addIssuer " +
+                    e.toString());
         } catch (GeneralNamesException e) {
-            CMS.debug("CRLDistributionPointsExtDefault: addIssuer " + 
-                e.toString());
+            CMS.debug("CRLDistributionPointsExtDefault: addIssuer " +
+                    e.toString());
         }
     }
 
-    private void addReasons(Locale locale, CRLDistributionPoint cdp, String type, 
-        String value) throws EPropertyException {
+    private void addReasons(Locale locale, CRLDistributionPoint cdp, String type,
+            String value) throws EPropertyException {
         if (value == null || value.length() == 0)
             return;
         if (type.equals(REASONS)) {
@@ -376,7 +370,7 @@ public class CRLDistributionPointsExtDefault extends EnrollExtDefault {
 
                     if (r == null) {
                         CMS.debug("CRLDistributeionPointsExtDefault: addReasons Unknown reason: " + s);
-                        throw new EPropertyException(CMS.getUserMessage( 
+                        throw new EPropertyException(CMS.getUserMessage(
                                     locale, "CMS_INVALID_PROPERTY", s));
                     } else {
                         reasonBits |= r.getBitMask();
@@ -384,47 +378,46 @@ public class CRLDistributionPointsExtDefault extends EnrollExtDefault {
                 }
 
                 if (reasonBits != 0) {
-                    BitArray ba = new BitArray(8, new byte[] {reasonBits}
-                        );
+                    BitArray ba = new BitArray(8, new byte[] { reasonBits }
+                            );
 
                     cdp.setReasons(ba);
                 }
             }
         } else {
-            throw new EPropertyException(CMS.getUserMessage( 
+            throw new EPropertyException(CMS.getUserMessage(
                         locale, "CMS_INVALID_PROPERTY", type));
         }
     }
 
     public String getValue(String name, Locale locale,
-        X509CertInfo info)
-        throws EPropertyException {
+            X509CertInfo info)
+            throws EPropertyException {
         CRLDistributionPointsExtension ext = null;
 
         if (name == null) {
-            throw new EPropertyException(CMS.getUserMessage( 
+            throw new EPropertyException(CMS.getUserMessage(
                         locale, "CMS_INVALID_PROPERTY", name));
         }
 
         ext = (CRLDistributionPointsExtension)
                     getExtension(PKIXExtensions.CRLDistributionPoints_Id.toString(),
-                        info);
+                            info);
 
-        if(ext == null)
-        {
+        if (ext == null) {
             try {
-                populate(locale,info);
+                populate(locale, info);
 
             } catch (EProfileException e) {
-                 throw new EPropertyException(CMS.getUserMessage(
-                      locale, "CMS_INVALID_PROPERTY", name));
+                throw new EPropertyException(CMS.getUserMessage(
+                        locale, "CMS_INVALID_PROPERTY", name));
             }
         }
 
         if (name.equals(VAL_CRITICAL)) {
             ext = (CRLDistributionPointsExtension)
-                    getExtension(PKIXExtensions.CRLDistributionPoints_Id.toString(), 
-                        info);
+                    getExtension(PKIXExtensions.CRLDistributionPoints_Id.toString(),
+                            info);
 
             if (ext == null) {
                 return null;
@@ -434,10 +427,10 @@ public class CRLDistributionPointsExtDefault extends EnrollExtDefault {
             } else {
                 return "false";
             }
-        } else if (name.equals(VAL_CRL_DISTRIBUTION_POINTS)) { 
+        } else if (name.equals(VAL_CRL_DISTRIBUTION_POINTS)) {
             ext = (CRLDistributionPointsExtension)
-                    getExtension(PKIXExtensions.CRLDistributionPoints_Id.toString(), 
-                        info);
+                    getExtension(PKIXExtensions.CRLDistributionPoints_Id.toString(),
+                            info);
 
             if (ext == null)
                 return "";
@@ -451,7 +444,7 @@ public class CRLDistributionPointsExtDefault extends EnrollExtDefault {
                 NameValuePairs pairs = null;
 
                 if (i < ext.getNumPoints()) {
-                    CRLDistributionPoint p = ext.getPointAt(i); 
+                    CRLDistributionPoint p = ext.getPointAt(i);
                     GeneralNames gns = p.getFullName();
 
                     pairs = buildGeneralNames(gns, p);
@@ -461,10 +454,10 @@ public class CRLDistributionPointsExtDefault extends EnrollExtDefault {
                     recs.addElement(pairs);
                 }
             }
-                
+
             return buildRecords(recs);
         } else {
-            throw new EPropertyException(CMS.getUserMessage( 
+            throw new EPropertyException(CMS.getUserMessage(
                         locale, "CMS_INVALID_PROPERTY", name));
         }
     }
@@ -482,7 +475,7 @@ public class CRLDistributionPointsExtDefault extends EnrollExtDefault {
     }
 
     protected NameValuePairs buildGeneralNames(GeneralNames gns, CRLDistributionPoint p)
-        throws EPropertyException {
+            throws EPropertyException {
 
         NameValuePairs pairs = new NameValuePairs();
 
@@ -551,14 +544,14 @@ public class CRLDistributionPointsExtDefault extends EnrollExtDefault {
         if (reasons != null) {
             byte[] b = reasons.toByteArray();
             Reason[] reasonArray = Reason.bitArrayToReasonArray(b);
-    
+
             for (int i = 0; i < reasonArray.length; i++) {
                 if (sb.length() > 0)
                     sb.append(",");
                 sb.append(reasonArray[i].getName());
             }
         }
- 
+
         return sb.toString();
     }
 
@@ -589,8 +582,8 @@ public class CRLDistributionPointsExtDefault extends EnrollExtDefault {
             sb.append(getConfig(CONFIG_ENABLE + i));
             sb.append("}");
         }
-        return CMS.getUserMessage(locale, 
-                "CMS_PROFILE_DEF_CRL_DIST_POINTS_EXT", 
+        return CMS.getUserMessage(locale,
+                "CMS_PROFILE_DEF_CRL_DIST_POINTS_EXT",
                 getConfig(CONFIG_CRITICAL),
                 sb.toString());
     }
@@ -599,29 +592,30 @@ public class CRLDistributionPointsExtDefault extends EnrollExtDefault {
      * Populates the request with this policy default.
      */
     private void populate(Locale locale, X509CertInfo info)
-        throws EProfileException {
+            throws EProfileException {
         CRLDistributionPointsExtension ext = createExtension(locale);
 
         if (ext == null)
             return;
         addExtension(PKIXExtensions.CRLDistributionPoints_Id.toString(),
-            ext, info);
+                ext, info);
     }
+
     /**
      * Populates the request with this policy default.
      */
     public void populate(IRequest request, X509CertInfo info)
-        throws EProfileException {
+            throws EProfileException {
         CRLDistributionPointsExtension ext = createExtension(request);
 
         if (ext == null)
             return;
-        addExtension(PKIXExtensions.CRLDistributionPoints_Id.toString(), 
-            ext, info);
+        addExtension(PKIXExtensions.CRLDistributionPoints_Id.toString(),
+                ext, info);
     }
 
     public CRLDistributionPointsExtension createExtension(IRequest request) {
-        CRLDistributionPointsExtension ext = null; 
+        CRLDistributionPointsExtension ext = null;
         int num = 0;
 
         try {
@@ -631,8 +625,8 @@ public class CRLDistributionPointsExtDefault extends EnrollExtDefault {
             for (int i = 0; i < num; i++) {
                 CRLDistributionPoint cdp = new CRLDistributionPoint();
 
-                String enable = getConfig(CONFIG_ENABLE + i); 
-                String pointType = getConfig(CONFIG_POINT_TYPE + i); 
+                String enable = getConfig(CONFIG_ENABLE + i);
+                String pointType = getConfig(CONFIG_POINT_TYPE + i);
                 String pointName = getConfig(CONFIG_POINT_NAME + i);
                 String reasons = getConfig(CONFIG_REASONS + i);
                 String issuerType = getConfig(CONFIG_ISSUER_TYPE + i);
@@ -644,7 +638,7 @@ public class CRLDistributionPointsExtDefault extends EnrollExtDefault {
                     if (issuerType != null)
                         addIssuer(getLocale(request), cdp, issuerType, issuerName);
                     if (reasons != null)
-                      addReasons(getLocale(request), cdp, REASONS, reasons);
+                        addReasons(getLocale(request), cdp, REASONS, reasons);
 
                     if (i == 0) {
                         ext = new CRLDistributionPointsExtension(cdp);
@@ -656,7 +650,7 @@ public class CRLDistributionPointsExtDefault extends EnrollExtDefault {
             }
         } catch (Exception e) {
             CMS.debug("CRLDistribtionPointsExtDefault: createExtension " +
-                e.toString());
+                    e.toString());
             CMS.debug(e);
         }
 
@@ -698,7 +692,7 @@ public class CRLDistributionPointsExtDefault extends EnrollExtDefault {
             }
         } catch (Exception e) {
             CMS.debug("CRLDistribtionPointsExtDefault: createExtension " +
-                e.toString());
+                    e.toString());
             CMS.debug(e);
         }
 
diff --git a/pki/base/common/src/com/netscape/cms/profile/def/CertificatePoliciesExtDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/CertificatePoliciesExtDefault.java
index 63a4d303..416da61b 100644
--- a/pki/base/common/src/com/netscape/cms/profile/def/CertificatePoliciesExtDefault.java
+++ b/pki/base/common/src/com/netscape/cms/profile/def/CertificatePoliciesExtDefault.java
@@ -1,4 +1,3 @@
-
 // --- BEGIN COPYRIGHT BLOCK ---
 // This program is free software; you can redistribute it and/or modify
 // it under the terms of the GNU General Public License as published by
@@ -18,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.profile.def;
 
-
 import java.io.IOException;
 import java.util.Enumeration;
 import java.util.Hashtable;
@@ -49,10 +47,9 @@ import com.netscape.certsrv.property.IDescriptor;
 import com.netscape.certsrv.request.IRequest;
 
 /**
- * This class implements an enrollment default policy
- * that populates a policy mappings extension
- * into the certificate template.
- *
+ * This class implements an enrollment default policy that populates a policy
+ * mappings extension into the certificate template.
+ * 
  * @version $Revision$, $Date$
  */
 public class CertificatePoliciesExtDefault extends EnrollExtDefault {
@@ -122,33 +119,32 @@ public class CertificatePoliciesExtDefault extends EnrollExtDefault {
     }
 
     public void init(IProfile profile, IConfigStore config)
-        throws EProfileException {
+            throws EProfileException {
         super.init(profile, config);
 
         refreshConfigAndValueNames();
     }
 
     public void setConfig(String name, String value)
-        throws EPropertyException {
+            throws EPropertyException {
         int num = 0;
         if (name.equals(CONFIG_POLICY_NUM)) {
-          try {
-            num = Integer.parseInt(value);
+            try {
+                num = Integer.parseInt(value);
 
-            if (num >= MAX_NUM_POLICIES || num < 0) {
-                throw new EPropertyException(CMS.getUserMessage(
+                if (num >= MAX_NUM_POLICIES || num < 0) {
+                    throw new EPropertyException(CMS.getUserMessage(
                             "CMS_INVALID_PROPERTY", CONFIG_POLICY_NUM));
-            }
+                }
 
-          } catch (Exception e) {
+            } catch (Exception e) {
                 throw new EPropertyException(CMS.getUserMessage(
                             "CMS_INVALID_PROPERTY", CONFIG_POLICY_NUM));
-          }
+            }
         }
         super.setConfig(name, value);
     }
 
-
     public Enumeration<String> getConfigNames() {
         refreshConfigAndValueNames();
         return super.getConfigNames();
@@ -166,22 +162,22 @@ public class CertificatePoliciesExtDefault extends EnrollExtDefault {
         int numQualifiers = getNumQualifiers();
 
         addConfigName(CONFIG_POLICY_NUM);
-        
+
         for (int i = 0; i < num; i++) {
-            addConfigName(CONFIG_PREFIX+i+SEPARATOR+CONFIG_POLICY_ID);
-            addConfigName(CONFIG_PREFIX+i+SEPARATOR+CONFIG_POLICY_ENABLE);
-            for (int j=0; j<numQualifiers; j++) {
-                addConfigName(CONFIG_PREFIX+i+SEPARATOR+CONFIG_PREFIX1+j+SEPARATOR+CONFIG_CPSURI_ENABLE);
-                addConfigName(CONFIG_PREFIX+i+SEPARATOR+CONFIG_PREFIX1+j+SEPARATOR+CONFIG_USERNOTICE_ENABLE);
-                addConfigName(CONFIG_PREFIX+i+SEPARATOR+CONFIG_PREFIX1+j+SEPARATOR+CONFIG_CPSURI_VALUE);
-                addConfigName(CONFIG_PREFIX+i+SEPARATOR+CONFIG_PREFIX1+j+SEPARATOR+CONFIG_USERNOTICE_ORG);
-                addConfigName(CONFIG_PREFIX+i+SEPARATOR+CONFIG_PREFIX1+j+SEPARATOR+CONFIG_USERNOTICE_NUMBERS);
-                addConfigName(CONFIG_PREFIX+i+SEPARATOR+CONFIG_PREFIX1+j+SEPARATOR+CONFIG_USERNOTICE_TEXT);
+            addConfigName(CONFIG_PREFIX + i + SEPARATOR + CONFIG_POLICY_ID);
+            addConfigName(CONFIG_PREFIX + i + SEPARATOR + CONFIG_POLICY_ENABLE);
+            for (int j = 0; j < numQualifiers; j++) {
+                addConfigName(CONFIG_PREFIX + i + SEPARATOR + CONFIG_PREFIX1 + j + SEPARATOR + CONFIG_CPSURI_ENABLE);
+                addConfigName(CONFIG_PREFIX + i + SEPARATOR + CONFIG_PREFIX1 + j + SEPARATOR + CONFIG_USERNOTICE_ENABLE);
+                addConfigName(CONFIG_PREFIX + i + SEPARATOR + CONFIG_PREFIX1 + j + SEPARATOR + CONFIG_CPSURI_VALUE);
+                addConfigName(CONFIG_PREFIX + i + SEPARATOR + CONFIG_PREFIX1 + j + SEPARATOR + CONFIG_USERNOTICE_ORG);
+                addConfigName(CONFIG_PREFIX + i + SEPARATOR + CONFIG_PREFIX1 + j + SEPARATOR + CONFIG_USERNOTICE_NUMBERS);
+                addConfigName(CONFIG_PREFIX + i + SEPARATOR + CONFIG_PREFIX1 + j + SEPARATOR + CONFIG_USERNOTICE_TEXT);
             }
         }
     }
 
-    public IDescriptor getConfigDescriptor(Locale locale, String name) { 
+    public IDescriptor getConfigDescriptor(Locale locale, String name) {
 
         if (name.equals(CONFIG_CRITICAL)) {
             return new Descriptor(IDescriptor.BOOLEAN, null,
@@ -189,16 +185,16 @@ public class CertificatePoliciesExtDefault extends EnrollExtDefault {
                     CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL"));
         } else if (name.indexOf(CONFIG_POLICY_ID) >= 0) {
             return new Descriptor(IDescriptor.STRING, null,
-              null,
-              CMS.getUserMessage(locale, "CMS_PROFILE_POLICY_ID"));
+                    null,
+                    CMS.getUserMessage(locale, "CMS_PROFILE_POLICY_ID"));
         } else if (name.indexOf(CONFIG_CPSURI_ENABLE) >= 0) {
             return new Descriptor(IDescriptor.BOOLEAN, null,
-              "false",
-              CMS.getUserMessage(locale, "CMS_PROFILE_POLICY_QUALIFIER_CPSURI_ENABLE"));
+                    "false",
+                    CMS.getUserMessage(locale, "CMS_PROFILE_POLICY_QUALIFIER_CPSURI_ENABLE"));
         } else if (name.indexOf(CONFIG_USERNOTICE_ENABLE) >= 0) {
             return new Descriptor(IDescriptor.BOOLEAN, null,
-              "false",
-              CMS.getUserMessage(locale, "CMS_PROFILE_POLICY_QUALIFIER_USERNOTICE_ENABLE"));
+                    "false",
+                    CMS.getUserMessage(locale, "CMS_PROFILE_POLICY_QUALIFIER_USERNOTICE_ENABLE"));
         } else if (name.indexOf(CONFIG_POLICY_ENABLE) >= 0) {
             return new Descriptor(IDescriptor.BOOLEAN, null,
                     "false",
@@ -225,8 +221,8 @@ public class CertificatePoliciesExtDefault extends EnrollExtDefault {
                     CMS.getUserMessage(locale, "CMS_PROFILE_POLICY_CPSURI"));
         } else if (name.indexOf(CONFIG_POLICY_NUM) >= 0) {
             return new Descriptor(IDescriptor.INTEGER, null,
-                   "5",
-                   CMS.getUserMessage(locale, "CMS_PROFILE_NUM_POLICIES"));
+                    "5",
+                    CMS.getUserMessage(locale, "CMS_PROFILE_NUM_POLICIES"));
         }
         return null;
     }
@@ -234,7 +230,7 @@ public class CertificatePoliciesExtDefault extends EnrollExtDefault {
     public IDescriptor getValueDescriptor(Locale locale, String name) {
 
         if (name.equals(VAL_CRITICAL)) {
-            return new Descriptor(IDescriptor.BOOLEAN, null, 
+            return new Descriptor(IDescriptor.BOOLEAN, null,
                     "false",
                     CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL"));
         } else if (name.equals(VAL_POLICY_QUALIFIERS)) {
@@ -253,126 +249,126 @@ public class CertificatePoliciesExtDefault extends EnrollExtDefault {
             int index = token.indexOf(":");
             if (index <= 0)
                 throw new EPropertyException(CMS.getUserMessage(
-                  "CMS_INVALID_PROPERTY", token));
+                        "CMS_INVALID_PROPERTY", token));
             String name = token.substring(0, index);
             String val = "";
-            if ((token.length()-1) > index) {
-                val = token.substring(index+1);
+            if ((token.length() - 1) > index) {
+                val = token.substring(index + 1);
             }
             table.put(name, val);
-        }        
-    
+        }
+
         return table;
     }
 
     public void setValue(String name, Locale locale,
-        X509CertInfo info, String value)
-        throws EPropertyException {
+            X509CertInfo info, String value)
+            throws EPropertyException {
         try {
             CertificatePoliciesExtension ext = null;
 
             if (name == null) {
-                throw new EPropertyException(CMS.getUserMessage( 
+                throw new EPropertyException(CMS.getUserMessage(
                             locale, "CMS_INVALID_PROPERTY", name));
             }
             if (name.equals(VAL_CRITICAL)) {
                 ext = (CertificatePoliciesExtension)
-                        getExtension(PKIXExtensions.CertificatePolicies_Id.toString(), 
-                            info);
+                        getExtension(PKIXExtensions.CertificatePolicies_Id.toString(),
+                                info);
                 boolean val = Boolean.valueOf(value).booleanValue();
 
-                ext.setCritical(val); 
-            } else if (name.equals(VAL_POLICY_QUALIFIERS)) { 
+                ext.setCritical(val);
+            } else if (name.equals(VAL_POLICY_QUALIFIERS)) {
                 ext = (CertificatePoliciesExtension)
-                        getExtension(PKIXExtensions.CertificatePolicies_Id.toString(), 
-                            info);
-                
+                        getExtension(PKIXExtensions.CertificatePolicies_Id.toString(),
+                                info);
+
                 Hashtable<String, String> h = buildRecords(value);
 
-                String numStr = (String)h.get(CONFIG_POLICY_NUM);
+                String numStr = (String) h.get(CONFIG_POLICY_NUM);
                 int size = Integer.parseInt(numStr);
 
                 Vector<CertificatePolicyInfo> certificatePolicies = new Vector<CertificatePolicyInfo>();
                 for (int i = 0; i < size; i++) {
-                    String enable = (String)h.get(CONFIG_PREFIX+i+SEPARATOR+CONFIG_POLICY_ENABLE);
+                    String enable = (String) h.get(CONFIG_PREFIX + i + SEPARATOR + CONFIG_POLICY_ENABLE);
                     CertificatePolicyInfo cinfo = null;
                     if (enable != null && enable.equals("true")) {
-                        String policyId = (String)h.get(CONFIG_PREFIX+i+SEPARATOR+CONFIG_POLICY_ID);
+                        String policyId = (String) h.get(CONFIG_PREFIX + i + SEPARATOR + CONFIG_POLICY_ID);
 
-                        if (policyId == null || policyId.length() == 0) 
-                            throw new EPropertyException(CMS.getUserMessage( 
+                        if (policyId == null || policyId.length() == 0)
+                            throw new EPropertyException(CMS.getUserMessage(
                                         locale, "CMS_PROFILE_CERTIFICATE_POLICIES_EMPTY_POLICYID"));
                         CertificatePolicyId cpolicyId = getPolicyId(policyId);
 
-                        String qualifersNum = (String)h.get(CONFIG_PREFIX+i+SEPARATOR+CONFIG_POLICY_QUALIFIERS_NUM);
+                        String qualifersNum = (String) h.get(CONFIG_PREFIX + i + SEPARATOR + CONFIG_POLICY_QUALIFIERS_NUM);
                         PolicyQualifiers policyQualifiers = new PolicyQualifiers();
                         int num = 0;
                         if (qualifersNum != null && qualifersNum.length() > 0)
                             num = Integer.parseInt(qualifersNum);
-                        for (int j=0; j<num; j++) {
-                            String cpsuriEnable = (String)h.get(CONFIG_PREFIX+i+SEPARATOR+CONFIG_PREFIX1+j+SEPARATOR+CONFIG_CPSURI_ENABLE);
-                            String usernoticeEnable = (String)h.get(CONFIG_PREFIX+i+SEPARATOR+CONFIG_PREFIX1+j+SEPARATOR+CONFIG_USERNOTICE_ENABLE);
+                        for (int j = 0; j < num; j++) {
+                            String cpsuriEnable = (String) h.get(CONFIG_PREFIX + i + SEPARATOR + CONFIG_PREFIX1 + j + SEPARATOR + CONFIG_CPSURI_ENABLE);
+                            String usernoticeEnable = (String) h.get(CONFIG_PREFIX + i + SEPARATOR + CONFIG_PREFIX1 + j + SEPARATOR + CONFIG_USERNOTICE_ENABLE);
                             if (cpsuriEnable != null && cpsuriEnable.equals("true")) {
-                                String cpsuri = (String)h.get(CONFIG_PREFIX+i+SEPARATOR+CONFIG_PREFIX1+j+SEPARATOR+CONFIG_CPSURI_VALUE);
+                                String cpsuri = (String) h.get(CONFIG_PREFIX + i + SEPARATOR + CONFIG_PREFIX1 + j + SEPARATOR + CONFIG_CPSURI_VALUE);
                                 netscape.security.x509.PolicyQualifierInfo qualifierInfo = createCPSuri(cpsuri);
                                 if (qualifierInfo != null)
-                                  policyQualifiers.add(qualifierInfo);
+                                    policyQualifiers.add(qualifierInfo);
                             } else if (usernoticeEnable != null && enable.equals("true")) {
-                                String org = (String)h.get(CONFIG_PREFIX+i+SEPARATOR+CONFIG_PREFIX1+j+SEPARATOR+CONFIG_USERNOTICE_ORG);
-                                String noticenumbers = (String)h.get(CONFIG_PREFIX+i+SEPARATOR+CONFIG_PREFIX1+j+SEPARATOR+CONFIG_USERNOTICE_NUMBERS);
-                                String explicitText = (String)h.get(CONFIG_PREFIX+i+SEPARATOR+CONFIG_PREFIX1+j+SEPARATOR+CONFIG_USERNOTICE_TEXT);
+                                String org = (String) h.get(CONFIG_PREFIX + i + SEPARATOR + CONFIG_PREFIX1 + j + SEPARATOR + CONFIG_USERNOTICE_ORG);
+                                String noticenumbers = (String) h.get(CONFIG_PREFIX + i + SEPARATOR + CONFIG_PREFIX1 + j + SEPARATOR + CONFIG_USERNOTICE_NUMBERS);
+                                String explicitText = (String) h.get(CONFIG_PREFIX + i + SEPARATOR + CONFIG_PREFIX1 + j + SEPARATOR + CONFIG_USERNOTICE_TEXT);
                                 netscape.security.x509.PolicyQualifierInfo qualifierInfo = createUserNotice(org,
-                                  noticenumbers, explicitText);
+                                        noticenumbers, explicitText);
                                 if (qualifierInfo != null)
-                                  policyQualifiers.add(qualifierInfo);
+                                    policyQualifiers.add(qualifierInfo);
                             }
                         }
 
                         if (policyQualifiers.size() <= 0) {
                             cinfo =
-                              new CertificatePolicyInfo(cpolicyId);
+                                    new CertificatePolicyInfo(cpolicyId);
                         } else {
                             cinfo =
-                              new CertificatePolicyInfo(cpolicyId, policyQualifiers);
+                                    new CertificatePolicyInfo(cpolicyId, policyQualifiers);
                         }
                         if (cinfo != null)
-                          certificatePolicies.addElement(cinfo);
+                            certificatePolicies.addElement(cinfo);
                     }
                 }
 
                 ext.set(CertificatePoliciesExtension.INFOS, certificatePolicies);
             } else {
-                throw new EPropertyException(CMS.getUserMessage( 
+                throw new EPropertyException(CMS.getUserMessage(
                             locale, "CMS_INVALID_PROPERTY", name));
             }
 
             replaceExtension(PKIXExtensions.CertificatePolicies_Id.toString(),
-                ext, info);
+                    ext, info);
         } catch (EProfileException e) {
             CMS.debug("CertificatePoliciesExtDefault: setValue " + e.toString());
-            throw new EPropertyException(CMS.getUserMessage( 
+            throw new EPropertyException(CMS.getUserMessage(
                         locale, "CMS_INVALID_PROPERTY", name));
         } catch (IOException e) {
             CMS.debug("CertificatePoliciesExtDefault: setValue " + e.toString());
-            throw new EPropertyException(CMS.getUserMessage( 
+            throw new EPropertyException(CMS.getUserMessage(
                         locale, "CMS_INVALID_PROPERTY", name));
         }
     }
 
-	public String getValue(String name, Locale locale,
-        X509CertInfo info)
-        throws EPropertyException {
+    public String getValue(String name, Locale locale,
+            X509CertInfo info)
+            throws EPropertyException {
         CertificatePoliciesExtension ext = null;
 
         if (name == null) {
-            throw new EPropertyException(CMS.getUserMessage( 
+            throw new EPropertyException(CMS.getUserMessage(
                         locale, "CMS_INVALID_PROPERTY", name));
         }
 
         if (name.equals(VAL_CRITICAL)) {
             ext = (CertificatePoliciesExtension)
-                    getExtension(PKIXExtensions.CertificatePolicies_Id.toString(), 
-                        info);
+                    getExtension(PKIXExtensions.CertificatePolicies_Id.toString(),
+                            info);
 
             if (ext == null) {
                 return null;
@@ -382,10 +378,10 @@ public class CertificatePoliciesExtDefault extends EnrollExtDefault {
             } else {
                 return "false";
             }
-        } else if (name.equals(VAL_POLICY_QUALIFIERS)) { 
+        } else if (name.equals(VAL_POLICY_QUALIFIERS)) {
             ext = (CertificatePoliciesExtension)
-                    getExtension(PKIXExtensions.CertificatePolicies_Id.toString(), 
-                        info);
+                    getExtension(PKIXExtensions.CertificatePolicies_Id.toString(),
+                            info);
 
             if (ext == null)
                 return "";
@@ -396,14 +392,14 @@ public class CertificatePoliciesExtDefault extends EnrollExtDefault {
             sb.append(":");
             sb.append(num_policies);
             sb.append("\n");
-            
-            Vector<CertificatePolicyInfo> infos ;
+
+            Vector<CertificatePolicyInfo> infos;
             try {
                 @SuppressWarnings("unchecked")
-                Vector<CertificatePolicyInfo> certPolicyInfos = (Vector<CertificatePolicyInfo>)ext.get(CertificatePoliciesExtension.INFOS); 
+                Vector<CertificatePolicyInfo> certPolicyInfos = (Vector<CertificatePolicyInfo>) ext.get(CertificatePoliciesExtension.INFOS);
                 infos = certPolicyInfos;
             } catch (IOException ee) {
-                infos  =null;
+                infos = null;
             }
 
             for (int i = 0; i < num_policies; i++) {
@@ -411,70 +407,70 @@ public class CertificatePoliciesExtDefault extends EnrollExtDefault {
                 String policyId = "";
                 String policyEnable = "false";
                 PolicyQualifiers qualifiers = null;
-                if (infos.size() > 0) { 
-                    CertificatePolicyInfo cinfo = 
-                         infos.elementAt(0);
-                
-                    CertificatePolicyId id1 = cinfo.getPolicyIdentifier();               
+                if (infos.size() > 0) {
+                    CertificatePolicyInfo cinfo =
+                            infos.elementAt(0);
+
+                    CertificatePolicyId id1 = cinfo.getPolicyIdentifier();
                     policyId = id1.getIdentifier().toString();
                     policyEnable = "true";
                     qualifiers = cinfo.getPolicyQualifiers();
                     if (qualifiers != null)
-                      qSize = qualifiers.size();
+                        qSize = qualifiers.size();
                     infos.removeElementAt(0);
                 }
-                sb.append(CONFIG_PREFIX+i+SEPARATOR+CONFIG_POLICY_ENABLE);
+                sb.append(CONFIG_PREFIX + i + SEPARATOR + CONFIG_POLICY_ENABLE);
                 sb.append(":");
                 sb.append(policyEnable);
                 sb.append("\n");
-                sb.append(CONFIG_PREFIX+i+SEPARATOR+CONFIG_POLICY_ID);
+                sb.append(CONFIG_PREFIX + i + SEPARATOR + CONFIG_POLICY_ID);
                 sb.append(":");
                 sb.append(policyId);
                 sb.append("\n");
-          
+
                 if (qSize == 0) {
-                    sb.append(CONFIG_PREFIX+i+SEPARATOR+CONFIG_POLICY_QUALIFIERS_NUM);
+                    sb.append(CONFIG_PREFIX + i + SEPARATOR + CONFIG_POLICY_QUALIFIERS_NUM);
                     sb.append(":");
                     sb.append(DEF_NUM_QUALIFIERS);
                     sb.append("\n");
                 } else {
-                    sb.append(CONFIG_PREFIX+i+SEPARATOR+CONFIG_POLICY_QUALIFIERS_NUM);
+                    sb.append(CONFIG_PREFIX + i + SEPARATOR + CONFIG_POLICY_QUALIFIERS_NUM);
                     sb.append(":");
                     sb.append(qSize);
                     sb.append("\n");
                 }
                 if (qSize == 0) {
-                    sb.append(CONFIG_PREFIX+i+SEPARATOR+CONFIG_PREFIX1+"0"+SEPARATOR+CONFIG_CPSURI_ENABLE);
+                    sb.append(CONFIG_PREFIX + i + SEPARATOR + CONFIG_PREFIX1 + "0" + SEPARATOR + CONFIG_CPSURI_ENABLE);
                     sb.append(":");
                     sb.append("false");
                     sb.append("\n");
-                    sb.append(CONFIG_PREFIX+i+SEPARATOR+CONFIG_PREFIX1+"0"+SEPARATOR+CONFIG_CPSURI_VALUE);
+                    sb.append(CONFIG_PREFIX + i + SEPARATOR + CONFIG_PREFIX1 + "0" + SEPARATOR + CONFIG_CPSURI_VALUE);
                     sb.append(":");
                     sb.append("");
                     sb.append("\n");
-                    sb.append(CONFIG_PREFIX+i+SEPARATOR+CONFIG_PREFIX1+"0"+SEPARATOR+CONFIG_USERNOTICE_ENABLE);
+                    sb.append(CONFIG_PREFIX + i + SEPARATOR + CONFIG_PREFIX1 + "0" + SEPARATOR + CONFIG_USERNOTICE_ENABLE);
                     sb.append(":");
                     sb.append("false");
                     sb.append("\n");
-                    sb.append(CONFIG_PREFIX+i+SEPARATOR+CONFIG_PREFIX1+"0"+SEPARATOR+CONFIG_USERNOTICE_ORG);
+                    sb.append(CONFIG_PREFIX + i + SEPARATOR + CONFIG_PREFIX1 + "0" + SEPARATOR + CONFIG_USERNOTICE_ORG);
                     sb.append(":");
                     sb.append("");
                     sb.append("\n");
-                    sb.append(CONFIG_PREFIX+i+SEPARATOR+CONFIG_PREFIX1+"0"+SEPARATOR+CONFIG_USERNOTICE_NUMBERS);
+                    sb.append(CONFIG_PREFIX + i + SEPARATOR + CONFIG_PREFIX1 + "0" + SEPARATOR + CONFIG_USERNOTICE_NUMBERS);
                     sb.append(":");
                     sb.append("");
                     sb.append("\n");
-                    sb.append(CONFIG_PREFIX+i+SEPARATOR+CONFIG_PREFIX1+"0"+SEPARATOR+CONFIG_USERNOTICE_TEXT);
+                    sb.append(CONFIG_PREFIX + i + SEPARATOR + CONFIG_PREFIX1 + "0" + SEPARATOR + CONFIG_USERNOTICE_TEXT);
                     sb.append(":");
                     sb.append("");
                     sb.append("\n");
                 }
 
-                for (int j=0; j<qSize; j++) {
+                for (int j = 0; j < qSize; j++) {
                     netscape.security.x509.PolicyQualifierInfo qinfo = qualifiers.getInfoAt(j);
                     ObjectIdentifier oid = qinfo.getId();
                     Qualifier qualifier = qinfo.getQualifier();
-                        
+
                     String cpsuriEnable = "false";
                     String usernoticeEnable = "false";
                     String cpsuri = "";
@@ -484,16 +480,16 @@ public class CertificatePoliciesExtDefault extends EnrollExtDefault {
 
                     if (oid.toString().equals(netscape.security.x509.PolicyQualifierInfo.QT_CPS.toString())) {
                         cpsuriEnable = "true";
-                        CPSuri content = (CPSuri)qualifier;
-                        cpsuri = content.getURI(); 
+                        CPSuri content = (CPSuri) qualifier;
+                        cpsuri = content.getURI();
                     } else if (oid.toString().equals(netscape.security.x509.PolicyQualifierInfo.QT_UNOTICE.toString())) {
                         usernoticeEnable = "true";
-                        UserNotice content = (UserNotice)qualifier;
+                        UserNotice content = (UserNotice) qualifier;
                         NoticeReference ref = content.getNoticeReference();
                         if (ref != null) {
                             org = ref.getOrganization().getText();
                             int[] nums = ref.getNumbers();
-                            for (int k=0; k<nums.length; k++) {
+                            for (int k = 0; k < nums.length; k++) {
                                 if (k != 0) {
                                     noticeNum.append(",");
                                     noticeNum.append(nums[k]);
@@ -506,27 +502,27 @@ public class CertificatePoliciesExtDefault extends EnrollExtDefault {
                             explicitText = displayText.getText();
                     }
 
-                    sb.append(CONFIG_PREFIX+i+SEPARATOR+CONFIG_PREFIX1+j+SEPARATOR+CONFIG_CPSURI_ENABLE);
+                    sb.append(CONFIG_PREFIX + i + SEPARATOR + CONFIG_PREFIX1 + j + SEPARATOR + CONFIG_CPSURI_ENABLE);
                     sb.append(":");
                     sb.append(cpsuriEnable);
                     sb.append("\n");
-                    sb.append(CONFIG_PREFIX+i+SEPARATOR+CONFIG_PREFIX1+j+SEPARATOR+CONFIG_CPSURI_VALUE);
+                    sb.append(CONFIG_PREFIX + i + SEPARATOR + CONFIG_PREFIX1 + j + SEPARATOR + CONFIG_CPSURI_VALUE);
                     sb.append(":");
                     sb.append(cpsuri);
                     sb.append("\n");
-                    sb.append(CONFIG_PREFIX+i+SEPARATOR+CONFIG_PREFIX1+j+SEPARATOR+CONFIG_USERNOTICE_ENABLE);
+                    sb.append(CONFIG_PREFIX + i + SEPARATOR + CONFIG_PREFIX1 + j + SEPARATOR + CONFIG_USERNOTICE_ENABLE);
                     sb.append(":");
                     sb.append(usernoticeEnable);
                     sb.append("\n");
-                    sb.append(CONFIG_PREFIX+i+SEPARATOR+CONFIG_PREFIX1+j+SEPARATOR+CONFIG_USERNOTICE_ORG);
+                    sb.append(CONFIG_PREFIX + i + SEPARATOR + CONFIG_PREFIX1 + j + SEPARATOR + CONFIG_USERNOTICE_ORG);
                     sb.append(":");
                     sb.append(org);
                     sb.append("\n");
-                    sb.append(CONFIG_PREFIX+i+SEPARATOR+CONFIG_PREFIX1+j+SEPARATOR+CONFIG_USERNOTICE_NUMBERS);
+                    sb.append(CONFIG_PREFIX + i + SEPARATOR + CONFIG_PREFIX1 + j + SEPARATOR + CONFIG_USERNOTICE_NUMBERS);
                     sb.append(":");
                     sb.append(noticeNum.toString());
                     sb.append("\n");
-                    sb.append(CONFIG_PREFIX+i+SEPARATOR+CONFIG_PREFIX1+j+SEPARATOR+CONFIG_USERNOTICE_TEXT);
+                    sb.append(CONFIG_PREFIX + i + SEPARATOR + CONFIG_PREFIX1 + j + SEPARATOR + CONFIG_USERNOTICE_TEXT);
                     sb.append(":");
                     sb.append(explicitText);
                     sb.append("\n");
@@ -534,7 +530,7 @@ public class CertificatePoliciesExtDefault extends EnrollExtDefault {
             } // end of for loop
             return sb.toString();
         } else {
-            throw new EPropertyException(CMS.getUserMessage( 
+            throw new EPropertyException(CMS.getUserMessage(
                         locale, "CMS_INVALID_PROPERTY", name));
         }
     }
@@ -552,7 +548,7 @@ public class CertificatePoliciesExtDefault extends EnrollExtDefault {
             sb.append(",");
             for (int i = 0; i < num; i++) {
                 sb.append("{");
-                IConfigStore substore = basesubstore.getSubStore(CONFIG_PREFIX+i);
+                IConfigStore substore = basesubstore.getSubStore(CONFIG_PREFIX + i);
                 String enable = substore.getString(CONFIG_POLICY_ENABLE, "");
                 sb.append(POLICY_ID_ENABLE + ":");
                 sb.append(enable);
@@ -562,18 +558,18 @@ public class CertificatePoliciesExtDefault extends EnrollExtDefault {
                 sb.append(policyId);
                 sb.append(",");
                 String qualifiersNum = substore.getString(CONFIG_POLICY_QUALIFIERS_NUM, "");
-                sb.append(CONFIG_POLICY_QUALIFIERS_NUM+":");
+                sb.append(CONFIG_POLICY_QUALIFIERS_NUM + ":");
                 sb.append(qualifiersNum);
                 sb.append(",");
-                for (int j=0; j<num1; j++) {
-                    IConfigStore substore1 = substore.getSubStore(CONFIG_PREFIX1+j);
+                for (int j = 0; j < num1; j++) {
+                    IConfigStore substore1 = substore.getSubStore(CONFIG_PREFIX1 + j);
                     sb.append("{");
                     String cpsuriEnable = substore1.getString(CONFIG_CPSURI_ENABLE, "");
                     sb.append(POLICY_QUALIFIER_CPSURI_ENABLE + ":");
                     sb.append(cpsuriEnable);
                     sb.append(",");
                     String usernoticeEnable = substore1.getString(CONFIG_USERNOTICE_ENABLE, "");
-                    sb.append(POLICY_QUALIFIER_USERNOTICE_ENABLE+ ":");
+                    sb.append(POLICY_QUALIFIER_USERNOTICE_ENABLE + ":");
                     sb.append(usernoticeEnable);
                     sb.append(",");
                     String org = substore1.getString(CONFIG_USERNOTICE_ORG, "");
@@ -596,9 +592,9 @@ public class CertificatePoliciesExtDefault extends EnrollExtDefault {
                 sb.append("}");
             }
             sb.append("}");
-            return CMS.getUserMessage(locale, 
-                "CMS_PROFILE_DEF_CERTIFICATE_POLICIES_EXT", 
-                getConfig(CONFIG_CRITICAL), sb.toString());
+            return CMS.getUserMessage(locale,
+                    "CMS_PROFILE_DEF_CERTIFICATE_POLICIES_EXT",
+                    getConfig(CONFIG_CRITICAL), sb.toString());
         } catch (Exception e) {
             return "";
         }
@@ -608,72 +604,72 @@ public class CertificatePoliciesExtDefault extends EnrollExtDefault {
      * Populates the request with this policy default.
      */
     public void populate(IRequest request, X509CertInfo info)
-        throws EProfileException {
+            throws EProfileException {
         CertificatePoliciesExtension ext = createExtension();
 
         if (ext == null)
             return;
-        addExtension(PKIXExtensions.CertificatePolicies_Id.toString(), 
-            ext, info);
+        addExtension(PKIXExtensions.CertificatePolicies_Id.toString(),
+                ext, info);
     }
 
-    public CertificatePoliciesExtension createExtension() 
-      throws EProfileException {
-        CertificatePoliciesExtension ext = null; 
+    public CertificatePoliciesExtension createExtension()
+            throws EProfileException {
+        CertificatePoliciesExtension ext = null;
 
         try {
             boolean critical = getConfigBoolean(CONFIG_CRITICAL);
             Vector<CertificatePolicyInfo> certificatePolicies = new Vector<CertificatePolicyInfo>();
             int num = getNumPolicies();
-            CMS.debug("CertificatePoliciesExtension: createExtension: number of policies="+num);
+            CMS.debug("CertificatePoliciesExtension: createExtension: number of policies=" + num);
             IConfigStore config = getConfigStore();
 
-            for (int i = 0; i < num; i++) { 
+            for (int i = 0; i < num; i++) {
                 IConfigStore basesubstore = config.getSubStore("params");
-                IConfigStore substore = basesubstore.getSubStore(CONFIG_PREFIX+i);
+                IConfigStore substore = basesubstore.getSubStore(CONFIG_PREFIX + i);
                 String enable = substore.getString(CONFIG_POLICY_ENABLE);
 
-                CMS.debug("CertificatePoliciesExtension: createExtension: CertificatePolicy "+i+" enable="+enable);
+                CMS.debug("CertificatePoliciesExtension: createExtension: CertificatePolicy " + i + " enable=" + enable);
                 if (enable != null && enable.equals("true")) {
                     String policyId = substore.getString(CONFIG_POLICY_ID);
                     CertificatePolicyId cpolicyId = getPolicyId(policyId);
-                    CMS.debug("CertificatePoliciesExtension: createExtension: CertificatePolicy "+i+" policyId="+policyId);
+                    CMS.debug("CertificatePoliciesExtension: createExtension: CertificatePolicy " + i + " policyId=" + policyId);
                     int qualifierNum = getNumQualifiers();
                     PolicyQualifiers policyQualifiers = new PolicyQualifiers();
-                    for (int j=0; j<qualifierNum; j++) {
-                        IConfigStore substore1 = substore.getSubStore(CONFIG_PREFIX1+j);
+                    for (int j = 0; j < qualifierNum; j++) {
+                        IConfigStore substore1 = substore.getSubStore(CONFIG_PREFIX1 + j);
                         String cpsuriEnable = substore1.getString(CONFIG_CPSURI_ENABLE);
                         String usernoticeEnable = substore1.getString(CONFIG_USERNOTICE_ENABLE);
 
                         if (cpsuriEnable != null && cpsuriEnable.equals("true")) {
                             String cpsuri = substore1.getString(CONFIG_CPSURI_VALUE, "");
-                            netscape.security.x509.PolicyQualifierInfo qualifierInfo = createCPSuri(cpsuri); 
+                            netscape.security.x509.PolicyQualifierInfo qualifierInfo = createCPSuri(cpsuri);
                             if (qualifierInfo != null)
-                              policyQualifiers.add(qualifierInfo);
-                        } else if (usernoticeEnable != null && 
+                                policyQualifiers.add(qualifierInfo);
+                        } else if (usernoticeEnable != null &&
                                      usernoticeEnable.equals("true")) {
 
                             String org = substore1.getString(CONFIG_USERNOTICE_ORG);
                             String noticenumbers = substore1.getString(CONFIG_USERNOTICE_NUMBERS);
                             String explicitText = substore1.getString(CONFIG_USERNOTICE_TEXT);
                             netscape.security.x509.PolicyQualifierInfo qualifierInfo = createUserNotice(org,
-                              noticenumbers, explicitText);
+                                    noticenumbers, explicitText);
                             if (qualifierInfo != null)
                                 policyQualifiers.add(qualifierInfo);
                         }
                     }
-                
+
                     CertificatePolicyInfo info = null;
                     if (policyQualifiers.size() <= 0) {
-                        info = 
-                          new CertificatePolicyInfo(cpolicyId);
+                        info =
+                                new CertificatePolicyInfo(cpolicyId);
                     } else {
-                        info = 
-                          new CertificatePolicyInfo(cpolicyId, policyQualifiers);
+                        info =
+                                new CertificatePolicyInfo(cpolicyId, policyQualifiers);
                     }
-             
+
                     if (info != null)
-                      certificatePolicies.addElement(info);
+                        certificatePolicies.addElement(info);
                 }
             }
 
@@ -683,51 +679,51 @@ public class CertificatePoliciesExtDefault extends EnrollExtDefault {
         } catch (EProfileException e) {
             throw e;
         } catch (Exception e) {
-            CMS.debug("CertificatePoliciesExtDefault: createExtension " + 
-                e.toString());
+            CMS.debug("CertificatePoliciesExtDefault: createExtension " +
+                    e.toString());
         }
 
         return ext;
     }
 
-    private CertificatePolicyId getPolicyId (String policyId) throws EPropertyException {
+    private CertificatePolicyId getPolicyId(String policyId) throws EPropertyException {
         if (policyId == null || policyId.length() == 0)
             throw new EPropertyException(CMS.getUserMessage(
-              "CMS_PROFILE_CERTIFICATE_POLICIES_EMPTY_POLICYID"));
+                    "CMS_PROFILE_CERTIFICATE_POLICIES_EMPTY_POLICYID"));
 
         CertificatePolicyId cpolicyId = null;
         try {
             cpolicyId = new CertificatePolicyId(
-              ObjectIdentifier.getObjectIdentifier(policyId));
+                    ObjectIdentifier.getObjectIdentifier(policyId));
             return cpolicyId;
         } catch (Exception e) {
             throw new EPropertyException(CMS.getUserMessage(
-              "CMS_PROFILE_CERTIFICATE_POLICIES_POLICYID_ERROR", policyId));
+                    "CMS_PROFILE_CERTIFICATE_POLICIES_POLICYID_ERROR", policyId));
         }
     }
 
     private netscape.security.x509.PolicyQualifierInfo createCPSuri(String uri) throws EPropertyException {
-        if (uri == null || uri.length() == 0) 
+        if (uri == null || uri.length() == 0)
             throw new EPropertyException(CMS.getUserMessage(
-              "CMS_PROFILE_CERTIFICATE_POLICIES_EMPTY_CPSURI"));
+                    "CMS_PROFILE_CERTIFICATE_POLICIES_EMPTY_CPSURI"));
 
-        CPSuri cpsURI = new CPSuri(uri); 
+        CPSuri cpsURI = new CPSuri(uri);
         netscape.security.x509.PolicyQualifierInfo policyQualifierInfo2 =
-          new netscape.security.x509.PolicyQualifierInfo(netscape.security.x509.PolicyQualifierInfo.QT_CPS, cpsURI);
- 
+                new netscape.security.x509.PolicyQualifierInfo(netscape.security.x509.PolicyQualifierInfo.QT_CPS, cpsURI);
+
         return policyQualifierInfo2;
     }
 
-    private netscape.security.x509.PolicyQualifierInfo createUserNotice(String organization, 
-      String noticeText, String noticeNums) throws EPropertyException {
-   
-        if ((organization == null || organization.length() == 0) && 
-          (noticeNums == null || noticeNums.length() == 0) &&
-          (noticeText == null || noticeText.length() == 0))
+    private netscape.security.x509.PolicyQualifierInfo createUserNotice(String organization,
+            String noticeText, String noticeNums) throws EPropertyException {
+
+        if ((organization == null || organization.length() == 0) &&
+                (noticeNums == null || noticeNums.length() == 0) &&
+                (noticeText == null || noticeText.length() == 0))
             return null;
 
         DisplayText explicitText = null;
-        if (noticeText != null && noticeText.length() > 0) 
+        if (noticeText != null && noticeText.length() > 0)
             explicitText = new DisplayText(DisplayText.tag_VisibleString, noticeText);
 
         int nums[] = null;
@@ -753,7 +749,7 @@ public class CertificatePoliciesExtDefault extends EnrollExtDefault {
         DisplayText orgName = null;
         if (organization != null && organization.length() > 0) {
             orgName =
-              new DisplayText(DisplayText.tag_VisibleString, organization);
+                    new DisplayText(DisplayText.tag_VisibleString, organization);
         }
 
         NoticeReference noticeReference = null;
@@ -763,10 +759,10 @@ public class CertificatePoliciesExtDefault extends EnrollExtDefault {
 
         UserNotice userNotice = null;
         if (explicitText != null || noticeReference != null) {
-            userNotice = new UserNotice (noticeReference, explicitText);
+            userNotice = new UserNotice(noticeReference, explicitText);
 
             netscape.security.x509.PolicyQualifierInfo policyQualifierInfo1 =
-              new netscape.security.x509.PolicyQualifierInfo(netscape.security.x509.PolicyQualifierInfo.QT_UNOTICE, userNotice);
+                    new netscape.security.x509.PolicyQualifierInfo(netscape.security.x509.PolicyQualifierInfo.QT_UNOTICE, userNotice);
             return policyQualifierInfo1;
         }
 
diff --git a/pki/base/common/src/com/netscape/cms/profile/def/CertificateVersionDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/CertificateVersionDefault.java
index f3b68594..f5b00970 100644
--- a/pki/base/common/src/com/netscape/cms/profile/def/CertificateVersionDefault.java
+++ b/pki/base/common/src/com/netscape/cms/profile/def/CertificateVersionDefault.java
@@ -34,10 +34,9 @@ import com.netscape.certsrv.property.IDescriptor;
 import com.netscape.certsrv.request.IRequest;
 
 /**
- * This class implements an enrollment default policy
- * that populates a Netscape comment extension
- * into the certificate template.
- *
+ * This class implements an enrollment default policy that populates a Netscape
+ * comment extension into the certificate template.
+ * 
  * @version $Revision$, $Date$
  */
 public class CertificateVersionDefault extends EnrollExtDefault {
@@ -54,11 +53,11 @@ public class CertificateVersionDefault extends EnrollExtDefault {
     }
 
     public void init(IProfile profile, IConfigStore config)
-        throws EProfileException {
+            throws EProfileException {
         super.init(profile, config);
     }
 
-    public IDescriptor getConfigDescriptor(Locale locale, String name) { 
+    public IDescriptor getConfigDescriptor(Locale locale, String name) {
         if (name.equals(CONFIG_VERSION)) {
             return new Descriptor(IDescriptor.INTEGER, null,
                     "3",
@@ -69,14 +68,14 @@ public class CertificateVersionDefault extends EnrollExtDefault {
     }
 
     public void setConfig(String name, String value)
-        throws EPropertyException {
+            throws EPropertyException {
         if (name.equals(CONFIG_VERSION)) {
-          try {
-            Integer.parseInt(value);
-          } catch (Exception e) {
+            try {
+                Integer.parseInt(value);
+            } catch (Exception e) {
                 throw new EPropertyException(CMS.getUserMessage(
                             "CMS_INVALID_PROPERTY", CONFIG_VERSION));
-          }
+            }
         }
         super.setConfig(name, value);
     }
@@ -92,32 +91,32 @@ public class CertificateVersionDefault extends EnrollExtDefault {
     }
 
     public void setValue(String name, Locale locale,
-        X509CertInfo info, String value)
-        throws EPropertyException {
+            X509CertInfo info, String value)
+            throws EPropertyException {
         try {
 
             if (name == null) {
-                throw new EPropertyException(CMS.getUserMessage( 
+                throw new EPropertyException(CMS.getUserMessage(
                             locale, "CMS_INVALID_PROPERTY", name));
             }
-            if (name.equals(VAL_VERSION)) { 
+            if (name.equals(VAL_VERSION)) {
                 if (value == null || value.equals(""))
-                    throw new EPropertyException(name+" cannot be empty");
+                    throw new EPropertyException(name + " cannot be empty");
                 else {
-                    int version = Integer.valueOf(value).intValue()-1;
-         
+                    int version = Integer.valueOf(value).intValue() - 1;
+
                     if (version == CertificateVersion.V1)
                         info.set(X509CertInfo.VERSION,
-                          new CertificateVersion(CertificateVersion.V1));
+                                new CertificateVersion(CertificateVersion.V1));
                     else if (version == CertificateVersion.V2)
                         info.set(X509CertInfo.VERSION,
-                          new CertificateVersion(CertificateVersion.V2));
+                                new CertificateVersion(CertificateVersion.V2));
                     else if (version == CertificateVersion.V3)
                         info.set(X509CertInfo.VERSION,
-                          new CertificateVersion(CertificateVersion.V3));
+                                new CertificateVersion(CertificateVersion.V3));
                 }
             } else {
-                throw new EPropertyException(CMS.getUserMessage( 
+                throw new EPropertyException(CMS.getUserMessage(
                             locale, "CMS_INVALID_PROPERTY", name));
             }
         } catch (IOException e) {
@@ -128,30 +127,30 @@ public class CertificateVersionDefault extends EnrollExtDefault {
     }
 
     public String getValue(String name, Locale locale,
-        X509CertInfo info)
-        throws EPropertyException {
+            X509CertInfo info)
+            throws EPropertyException {
 
         if (name == null) {
-            throw new EPropertyException(CMS.getUserMessage( 
+            throw new EPropertyException(CMS.getUserMessage(
                         locale, "CMS_INVALID_PROPERTY", name));
         }
 
-        if (name.equals(VAL_VERSION)) { 
+        if (name.equals(VAL_VERSION)) {
             CertificateVersion v = null;
-            try { 
-                v = (CertificateVersion)info.get(
-                  X509CertInfo.VERSION);
+            try {
+                v = (CertificateVersion) info.get(
+                        X509CertInfo.VERSION);
             } catch (Exception e) {
             }
 
             if (v == null)
-                throw new EPropertyException(CMS.getUserMessage( 
+                throw new EPropertyException(CMS.getUserMessage(
                         locale, "CMS_INVALID_PROPERTY", name));
             int version = v.compare(0);
-   
-            return ""+(version+1);
+
+            return "" + (version + 1);
         } else {
-            throw new EPropertyException(CMS.getUserMessage( 
+            throw new EPropertyException(CMS.getUserMessage(
                         locale, "CMS_INVALID_PROPERTY", name));
         }
     }
@@ -168,26 +167,26 @@ public class CertificateVersionDefault extends EnrollExtDefault {
      * Populates the request with this policy default.
      */
     public void populate(IRequest request, X509CertInfo info)
-        throws EProfileException {
+            throws EProfileException {
         String v = getConfig(CONFIG_VERSION);
-        int version = Integer.valueOf(v).intValue()-1;
-         
+        int version = Integer.valueOf(v).intValue() - 1;
+
         try {
             if (version == CertificateVersion.V1)
                 info.set(X509CertInfo.VERSION,
-                  new CertificateVersion(CertificateVersion.V1));
+                        new CertificateVersion(CertificateVersion.V1));
             else if (version == CertificateVersion.V2)
                 info.set(X509CertInfo.VERSION,
-                  new CertificateVersion(CertificateVersion.V2));
+                        new CertificateVersion(CertificateVersion.V2));
             else if (version == CertificateVersion.V3)
                 info.set(X509CertInfo.VERSION,
-                  new CertificateVersion(CertificateVersion.V3));
+                        new CertificateVersion(CertificateVersion.V3));
             else {
                 throw new EProfileException(CMS.getUserMessage(
-                  getLocale(request), "CMS_INVALID_PROPERTY", CONFIG_VERSION));
+                        getLocale(request), "CMS_INVALID_PROPERTY", CONFIG_VERSION));
             }
         } catch (IOException e) {
         } catch (CertificateException e) {
-        } 
+        }
     }
 }
diff --git a/pki/base/common/src/com/netscape/cms/profile/def/EnrollDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/EnrollDefault.java
index 239765ab..81efbf90 100644
--- a/pki/base/common/src/com/netscape/cms/profile/def/EnrollDefault.java
+++ b/pki/base/common/src/com/netscape/cms/profile/def/EnrollDefault.java
@@ -60,10 +60,9 @@ import com.netscape.certsrv.property.IDescriptor;
 import com.netscape.certsrv.request.IRequest;
 import com.netscape.cms.profile.common.EnrollProfile;
 
-
 /**
  * This class implements an enrollment default policy.
- *
+ * 
  * @version $Revision$, $Date$
  */
 public abstract class EnrollDefault implements IPolicyDefault, ICertInfoPolicyDefault {
@@ -99,7 +98,7 @@ public abstract class EnrollDefault implements IPolicyDefault, ICertInfoPolicyDe
     }
 
     public void setConfig(String name, String value)
-        throws EPropertyException {
+            throws EPropertyException {
         if (mConfig.getSubStore("params") == null) {
             //
         } else {
@@ -120,19 +119,18 @@ public abstract class EnrollDefault implements IPolicyDefault, ICertInfoPolicyDe
     }
 
     public void init(IProfile profile, IConfigStore config)
-        throws EProfileException {
+            throws EProfileException {
         mConfig = config;
     }
 
     /**
      * Retrieves the localizable description of this policy.
-     *
+     * 
      * @param locale locale of the end user
      * @return localized description of this default policy
      */
     public abstract String getText(Locale locale);
 
-
     public IConfigStore getConfigStore() {
         return mConfig;
     }
@@ -147,60 +145,57 @@ public abstract class EnrollDefault implements IPolicyDefault, ICertInfoPolicyDe
 
     /**
      * Populates attributes into the certificate template.
-     *
+     * 
      * @param request enrollment request
      * @param info certificate template
-     * @exception EProfileException  failed to populate attributes
-     *     into request
+     * @exception EProfileException failed to populate attributes into request
      */
     public abstract void populate(IRequest request, X509CertInfo info)
-        throws EProfileException;
+            throws EProfileException;
 
     /**
      * Sets values from the approval page into certificate template.
-     *
+     * 
      * @param name name of the attribute
      * @param locale user locale
      * @param info certificate template
      * @param value attribute value
-     * @exception EProfileException  failed to set attributes
-     *     into request
+     * @exception EProfileException failed to set attributes into request
      */
-    public abstract void setValue(String name, Locale locale, 
-        X509CertInfo info, String value)
-        throws EPropertyException;
+    public abstract void setValue(String name, Locale locale,
+            X509CertInfo info, String value)
+            throws EPropertyException;
 
     /**
-     * Retrieves certificate template values and returns them to
-     * the approval page.
-     *
+     * Retrieves certificate template values and returns them to the approval
+     * page.
+     * 
      * @param name name of the attribute
      * @param locale user locale
      * @param info certificate template
-     * @exception EProfileException  failed to get attributes
-     *     from request
+     * @exception EProfileException failed to get attributes from request
      */
-    public abstract String getValue(String name, Locale locale, 
-        X509CertInfo info)
-        throws EPropertyException;
+    public abstract String getValue(String name, Locale locale,
+            X509CertInfo info)
+            throws EPropertyException;
 
     /**
      * Populates the request with this policy default.
-     *
-     * The current implementation extracts enrollment specific attributes
-     * and calls the populate() method of the subclass.
-     *
+     * 
+     * The current implementation extracts enrollment specific attributes and
+     * calls the populate() method of the subclass.
+     * 
      * @param request request to be populated
      * @exception EProfileException failed to populate
      */
     public void populate(IRequest request)
-        throws EProfileException {
+            throws EProfileException {
         String name = getClass().getName();
 
         name = name.substring(name.lastIndexOf('.') + 1);
         CMS.debug(name + ": populate start");
         X509CertInfo info =
-            request.getExtDataInCertInfo(IEnrollProfile.REQUEST_CERTINFO);
+                request.getExtDataInCertInfo(IEnrollProfile.REQUEST_CERTINFO);
 
         populate(request, info);
 
@@ -222,21 +217,21 @@ public abstract class EnrollDefault implements IPolicyDefault, ICertInfoPolicyDe
 
     /**
      * Sets the value of the given value property by name.
-     *
-     * The current implementation extracts enrollment specific attributes
-     * and calls the setValue() method of the subclass.
-     *
+     * 
+     * The current implementation extracts enrollment specific attributes and
+     * calls the setValue() method of the subclass.
+     * 
      * @param name name of property
      * @param locale locale of the end user
      * @param request request
      * @param value value to be set in the given request
      * @exception EPropertyException failed to set property
      */
-    public void setValue(String name, Locale locale, IRequest request, 
-        String value)
-        throws EPropertyException {
+    public void setValue(String name, Locale locale, IRequest request,
+            String value)
+            throws EPropertyException {
         X509CertInfo info =
-            request.getExtDataInCertInfo(IEnrollProfile.REQUEST_CERTINFO);
+                request.getExtDataInCertInfo(IEnrollProfile.REQUEST_CERTINFO);
 
         setValue(name, locale, info, value);
 
@@ -244,21 +239,20 @@ public abstract class EnrollDefault implements IPolicyDefault, ICertInfoPolicyDe
     }
 
     /**
-     * Retrieves the value of the given value
-     * property by name.
-     *
-     * The current implementation extracts enrollment specific attributes
-     * and calls the getValue() method of the subclass.
-     *
+     * Retrieves the value of the given value property by name.
+     * 
+     * The current implementation extracts enrollment specific attributes and
+     * calls the getValue() method of the subclass.
+     * 
      * @param name name of property
      * @param locale locale of the end user
      * @param request request
      * @exception EPropertyException failed to get property
      */
     public String getValue(String name, Locale locale, IRequest request)
-        throws EPropertyException {
+            throws EPropertyException {
         X509CertInfo info =
-            request.getExtDataInCertInfo(IEnrollProfile.REQUEST_CERTINFO);
+                request.getExtDataInCertInfo(IEnrollProfile.REQUEST_CERTINFO);
 
         String value = getValue(name, locale, info);
         request.setExtData(IEnrollProfile.REQUEST_CERTINFO, info);
@@ -279,8 +273,8 @@ public abstract class EnrollDefault implements IPolicyDefault, ICertInfoPolicyDe
     }
 
     protected void refreshConfigAndValueNames() {
-         mConfigNames.removeAllElements();
-         mValueNames.removeAllElements();
+        mConfigNames.removeAllElements();
+        mValueNames.removeAllElements();
     }
 
     protected void deleteExtension(String name, X509CertInfo info) {
@@ -294,7 +288,7 @@ public abstract class EnrollDefault implements IPolicyDefault, ICertInfoPolicyDe
             Enumeration<String> e = exts.getNames();
 
             while (e.hasMoreElements()) {
-                String n =  e.nextElement();
+                String n = e.nextElement();
                 Extension ext = (Extension) exts.get(n);
 
                 if (ext.getExtensionId().toString().equals(name)) {
@@ -336,18 +330,18 @@ public abstract class EnrollDefault implements IPolicyDefault, ICertInfoPolicyDe
     }
 
     protected void addExtension(String name, Extension ext, X509CertInfo info)
-        throws EProfileException {
+            throws EProfileException {
         if (ext == null) {
             throw new EProfileException("extension not found");
         }
         CertificateExtensions exts = null;
 
-        Extension alreadyPresentExtension = getExtension(name,info);
+        Extension alreadyPresentExtension = getExtension(name, info);
 
         if (alreadyPresentExtension != null) {
             String eName = ext.toString();
             CMS.debug("EnrollDefault.addExtension: duplicate extension attempted! Name:  " + eName);
-            throw new EProfileException(CMS.getUserMessage("CMS_PROFILE_DUPLICATE_EXTENSION",eName));
+            throw new EProfileException(CMS.getUserMessage("CMS_PROFILE_DUPLICATE_EXTENSION", eName));
         }
 
         try {
@@ -367,7 +361,7 @@ public abstract class EnrollDefault implements IPolicyDefault, ICertInfoPolicyDe
     }
 
     protected void replaceExtension(String name, Extension ext, X509CertInfo info)
-        throws EProfileException {
+            throws EProfileException {
         deleteExtension(name, info);
         addExtension(name, ext, info);
     }
@@ -392,65 +386,62 @@ public abstract class EnrollDefault implements IPolicyDefault, ICertInfoPolicyDe
         return getInt(getConfig(value));
     }
 
-    protected boolean isGeneralNameValid(String name)
-    {
+    protected boolean isGeneralNameValid(String name) {
         if (name == null)
-           return false;
+            return false;
         int pos = name.indexOf(':');
         if (pos == -1)
-          return false;
+            return false;
         String nameType = name.substring(0, pos).trim();
         String nameValue = name.substring(pos + 1).trim();
         if (nameValue.equals(""))
-           return false;
+            return false;
         return true;
     }
 
     protected GeneralNameInterface parseGeneralName(String name)
-        throws IOException {
+            throws IOException {
         int pos = name.indexOf(':');
         if (pos == -1)
-          return null;
+            return null;
         String nameType = name.substring(0, pos).trim();
         String nameValue = name.substring(pos + 1).trim();
         return parseGeneralName(nameType, nameValue);
     }
 
-    protected boolean isGeneralNameType(String nameType) 
-    {
+    protected boolean isGeneralNameType(String nameType) {
         if (nameType.equalsIgnoreCase("RFC822Name")) {
-          return true;
+            return true;
         }
         if (nameType.equalsIgnoreCase("DNSName")) {
-          return true;
+            return true;
         }
         if (nameType.equalsIgnoreCase("x400")) {
-          return true;
+            return true;
         }
         if (nameType.equalsIgnoreCase("DirectoryName")) {
-          return true;
+            return true;
         }
         if (nameType.equalsIgnoreCase("EDIPartyName")) {
-          return true;
+            return true;
         }
         if (nameType.equalsIgnoreCase("URIName")) {
-          return true;
+            return true;
         }
         if (nameType.equalsIgnoreCase("IPAddress")) {
-          return true;
+            return true;
         }
         if (nameType.equalsIgnoreCase("OIDName")) {
-          return true;
+            return true;
         }
         if (nameType.equalsIgnoreCase("OtherName")) {
-          return true;
+            return true;
         }
         return false;
     }
 
     protected GeneralNameInterface parseGeneralName(String nameType, String nameValue)
-        throws IOException 
-    {
+            throws IOException {
         if (nameType.equalsIgnoreCase("RFC822Name")) {
             return new RFC822Name(nameValue);
         }
@@ -458,7 +449,7 @@ public abstract class EnrollDefault implements IPolicyDefault, ICertInfoPolicyDe
             return new DNSName(nameValue);
         }
         if (nameType.equalsIgnoreCase("x400")) {
-             // XXX
+            // XXX
         }
         if (nameType.equalsIgnoreCase("DirectoryName")) {
             return new X500Name(nameValue);
@@ -476,153 +467,153 @@ public abstract class EnrollDefault implements IPolicyDefault, ICertInfoPolicyDe
                 StringTokenizer st = new StringTokenizer(nameValue, "/");
                 String addr = st.nextToken();
                 String netmask = st.nextToken();
-                CMS.debug("addr:" + addr +" netmask: "+netmask);
+                CMS.debug("addr:" + addr + " netmask: " + netmask);
                 return new IPAddressName(addr, netmask);
-             } else {
+            } else {
                 return new IPAddressName(nameValue);
-             }
+            }
         }
         if (nameType.equalsIgnoreCase("OIDName")) {
             try {
-              // check if OID
-              ObjectIdentifier oid = new ObjectIdentifier(nameValue);
+                // check if OID
+                ObjectIdentifier oid = new ObjectIdentifier(nameValue);
             } catch (Exception e) {
-              return null;
+                return null;
             }
             return new OIDName(nameValue);
-        } 
+        }
         if (nameType.equals("OtherName")) {
             if (nameValue == null || nameValue.length() == 0)
                 nameValue = " ";
             if (nameValue.startsWith("(PrintableString)")) {
-              // format: OtherName: (PrintableString)oid,value
-              int pos0 = nameValue.indexOf(')');
-              int pos1 = nameValue.indexOf(',');
-              if (pos1 == -1)
-                return null;
-              String on_oid = nameValue.substring(pos0 + 1, pos1).trim();
-              String on_value = nameValue.substring(pos1 + 1).trim();
-              if (isValidOID(on_oid)) {
-                return new OtherName(new ObjectIdentifier(on_oid), DerValue.tag_PrintableString, on_value);
-              } else {
-                return null;
-              }
+                // format: OtherName: (PrintableString)oid,value
+                int pos0 = nameValue.indexOf(')');
+                int pos1 = nameValue.indexOf(',');
+                if (pos1 == -1)
+                    return null;
+                String on_oid = nameValue.substring(pos0 + 1, pos1).trim();
+                String on_value = nameValue.substring(pos1 + 1).trim();
+                if (isValidOID(on_oid)) {
+                    return new OtherName(new ObjectIdentifier(on_oid), DerValue.tag_PrintableString, on_value);
+                } else {
+                    return null;
+                }
             } else if (nameValue.startsWith("(KerberosName)")) {
                 // Syntax: (KerberosName)Realm|NameType|NameString(s)
-              int pos0 = nameValue.indexOf(')');
-              int pos1 = nameValue.indexOf('|');
-              int pos2 = nameValue.lastIndexOf('|');
-              String realm = nameValue.substring(pos0 + 1, pos1).trim();
-              String name_type = nameValue.substring(pos1 + 1, pos2).trim();
-              String name_strings = nameValue.substring(pos2 + 1).trim();
-              Vector<String> strings = new Vector<String>();
-              StringTokenizer st = new StringTokenizer(name_strings, ",");
-              while (st.hasMoreTokens()) {
-                     strings.addElement(st.nextToken());
-              }
-              KerberosName name = new KerberosName(realm, 
-                    Integer.parseInt(name_type), strings);
-              // krb5 OBJECT IDENTIFIER ::= { iso (1)
-              //                    org (3)
-              //                    dod (6)
-              //                    internet (1)
-              //                    security (5)
-              //                    kerberosv5 (2) }
-              // krb5PrincipalName OBJECT IDENTIFIER ::= { krb5 2 }
-              return new OtherName(KerberosName.KRB5_PRINCIPAL_NAME,
-                       name.toByteArray());
+                int pos0 = nameValue.indexOf(')');
+                int pos1 = nameValue.indexOf('|');
+                int pos2 = nameValue.lastIndexOf('|');
+                String realm = nameValue.substring(pos0 + 1, pos1).trim();
+                String name_type = nameValue.substring(pos1 + 1, pos2).trim();
+                String name_strings = nameValue.substring(pos2 + 1).trim();
+                Vector<String> strings = new Vector<String>();
+                StringTokenizer st = new StringTokenizer(name_strings, ",");
+                while (st.hasMoreTokens()) {
+                    strings.addElement(st.nextToken());
+                }
+                KerberosName name = new KerberosName(realm,
+                        Integer.parseInt(name_type), strings);
+                // krb5 OBJECT IDENTIFIER ::= { iso (1)
+                // org (3)
+                // dod (6)
+                // internet (1)
+                // security (5)
+                // kerberosv5 (2) }
+                // krb5PrincipalName OBJECT IDENTIFIER ::= { krb5 2 }
+                return new OtherName(KerberosName.KRB5_PRINCIPAL_NAME,
+                        name.toByteArray());
             } else if (nameValue.startsWith("(IA5String)")) {
-              int pos0 = nameValue.indexOf(')');
-              int pos1 = nameValue.indexOf(',');
-              if (pos1 == -1)
-                return null;
-              String on_oid = nameValue.substring(pos0 + 1, pos1).trim();
-              String on_value = nameValue.substring(pos1 + 1).trim();
-              if (isValidOID(on_oid)) {
-                return new OtherName(new ObjectIdentifier(on_oid), DerValue.tag_IA5String, on_value);
-              } else {
-                return null;
-              }
+                int pos0 = nameValue.indexOf(')');
+                int pos1 = nameValue.indexOf(',');
+                if (pos1 == -1)
+                    return null;
+                String on_oid = nameValue.substring(pos0 + 1, pos1).trim();
+                String on_value = nameValue.substring(pos1 + 1).trim();
+                if (isValidOID(on_oid)) {
+                    return new OtherName(new ObjectIdentifier(on_oid), DerValue.tag_IA5String, on_value);
+                } else {
+                    return null;
+                }
             } else if (nameValue.startsWith("(UTF8String)")) {
-              int pos0 = nameValue.indexOf(')');
-              int pos1 = nameValue.indexOf(',');
-              if (pos1 == -1)
-                return null;
-              String on_oid = nameValue.substring(pos0 + 1, pos1).trim();
-              String on_value = nameValue.substring(pos1 + 1).trim();
-              if (isValidOID(on_oid)) {
-                return new OtherName(new ObjectIdentifier(on_oid), DerValue.tag_UTF8String, on_value);
-              } else {
-                return null;
-              }
+                int pos0 = nameValue.indexOf(')');
+                int pos1 = nameValue.indexOf(',');
+                if (pos1 == -1)
+                    return null;
+                String on_oid = nameValue.substring(pos0 + 1, pos1).trim();
+                String on_value = nameValue.substring(pos1 + 1).trim();
+                if (isValidOID(on_oid)) {
+                    return new OtherName(new ObjectIdentifier(on_oid), DerValue.tag_UTF8String, on_value);
+                } else {
+                    return null;
+                }
             } else if (nameValue.startsWith("(BMPString)")) {
-              int pos0 = nameValue.indexOf(')');
-              int pos1 = nameValue.indexOf(',');
-              if (pos1 == -1)
-                return null;
-              String on_oid = nameValue.substring(pos0 + 1, pos1).trim();
-              String on_value = nameValue.substring(pos1 + 1).trim();
-              if (isValidOID(on_oid)) {
-                return new OtherName(new ObjectIdentifier(on_oid), DerValue.tag_BMPString, on_value);
-              } else {
-                return null;
-              }
+                int pos0 = nameValue.indexOf(')');
+                int pos1 = nameValue.indexOf(',');
+                if (pos1 == -1)
+                    return null;
+                String on_oid = nameValue.substring(pos0 + 1, pos1).trim();
+                String on_value = nameValue.substring(pos1 + 1).trim();
+                if (isValidOID(on_oid)) {
+                    return new OtherName(new ObjectIdentifier(on_oid), DerValue.tag_BMPString, on_value);
+                } else {
+                    return null;
+                }
             } else if (nameValue.startsWith("(Any)")) {
-              int pos0 = nameValue.indexOf(')');
-              int pos1 = nameValue.indexOf(',');
-              if (pos1 == -1)
-                return null;
-              String on_oid = nameValue.substring(pos0 + 1, pos1).trim();
-              String on_value = nameValue.substring(pos1 + 1).trim();
-              if (isValidOID(on_oid)) {
-                CMS.debug("OID: " + on_oid + " Value:" + on_value);
-                return new OtherName(new ObjectIdentifier(on_oid), getBytes(on_value));
-              } else {
-                CMS.debug("Invalid OID " + on_oid);
-                return null;
-              }
+                int pos0 = nameValue.indexOf(')');
+                int pos1 = nameValue.indexOf(',');
+                if (pos1 == -1)
+                    return null;
+                String on_oid = nameValue.substring(pos0 + 1, pos1).trim();
+                String on_value = nameValue.substring(pos1 + 1).trim();
+                if (isValidOID(on_oid)) {
+                    CMS.debug("OID: " + on_oid + " Value:" + on_value);
+                    return new OtherName(new ObjectIdentifier(on_oid), getBytes(on_value));
+                } else {
+                    CMS.debug("Invalid OID " + on_oid);
+                    return null;
+                }
             } else {
-               return null;
+                return null;
             }
         }
         return null;
     }
 
-/**
- * Converts string containing pairs of characters in the range of '0' 
- * to '9', 'a' to 'f' to an array of bytes such that each pair of 
- * characters in the string represents an individual byte
- */
+    /**
+     * Converts string containing pairs of characters in the range of '0' to
+     * '9', 'a' to 'f' to an array of bytes such that each pair of characters in
+     * the string represents an individual byte
+     */
     public byte[] getBytes(String string) {
-      if (string == null)
-        return null;
-      int stringLength = string.length();
-      if ((stringLength == 0) || ((stringLength % 2) != 0))
-        return null;
-      byte[] bytes = new byte[ (stringLength / 2) ];
-      for (int i = 0, b = 0; i < stringLength; i += 2, ++b) {
-        String nextByte = string.substring(i, (i + 2));
-        bytes[b] = (byte)Integer.parseInt(nextByte, 0x10);
-      } 
-      return bytes;
+        if (string == null)
+            return null;
+        int stringLength = string.length();
+        if ((stringLength == 0) || ((stringLength % 2) != 0))
+            return null;
+        byte[] bytes = new byte[(stringLength / 2)];
+        for (int i = 0, b = 0; i < stringLength; i += 2, ++b) {
+            String nextByte = string.substring(i, (i + 2));
+            bytes[b] = (byte) Integer.parseInt(nextByte, 0x10);
+        }
+        return bytes;
     }
 
     /**
-     * Check if a object identifier in string form is valid,
-     * that is a string in the form n.n.n.n and der encode and decode-able.
+     * Check if a object identifier in string form is valid, that is a string in
+     * the form n.n.n.n and der encode and decode-able.
+     * 
      * @param oid object identifier string.
      * @return true if the oid is valid
      */
-    public boolean isValidOID(String oid)
-    {
-         ObjectIdentifier v = null;
+    public boolean isValidOID(String oid) {
+        ObjectIdentifier v = null;
         try {
             v = ObjectIdentifier.getObjectIdentifier(oid);
         } catch (Exception e) {
-           return false;
+            return false;
         }
         if (v == null)
-           return false;
+            return false;
 
         // if the OID isn't valid (ex. n.n) the error isn't caught til
         // encoding time leaving a bad request in the request queue.
@@ -632,7 +623,7 @@ public abstract class EnrollDefault implements IPolicyDefault, ICertInfoPolicyDe
             derOut.putOID(v);
             new ObjectIdentifier(new DerInputStream(derOut.toByteArray()));
         } catch (Exception e) {
-           return false;
+            return false;
         }
         return true;
     }
@@ -641,7 +632,7 @@ public abstract class EnrollDefault implements IPolicyDefault, ICertInfoPolicyDe
         StringBuffer sb = new StringBuffer();
 
         for (int i = 0; i < recs.size(); i++) {
-            NameValuePairs pairs =  recs.elementAt(i);
+            NameValuePairs pairs = recs.elementAt(i);
 
             sb.append("Record #");
             sb.append(i);
@@ -658,7 +649,7 @@ public abstract class EnrollDefault implements IPolicyDefault, ICertInfoPolicyDe
                 sb.append("\r\n");
             }
             sb.append("\r\n");
-		
+
         }
         return sb.toString();
     }
@@ -670,15 +661,15 @@ public abstract class EnrollDefault implements IPolicyDefault, ICertInfoPolicyDe
         NameValuePairs nvps = null;
 
         while (st.hasMoreTokens()) {
-            String token =  st.nextToken();
+            String token = st.nextToken();
 
             if (token.equals("Record #" + num)) {
                 CMS.debug("parseRecords: Record" + num);
                 nvps = new NameValuePairs();
                 v.addElement(nvps);
                 try {
-                    token =  st.nextToken();
-                } catch (NoSuchElementException e) { 
+                    token = st.nextToken();
+                } catch (NoSuchElementException e) {
                     v.removeElementAt(num);
                     CMS.debug(e.toString());
                     return v;
@@ -688,7 +679,7 @@ public abstract class EnrollDefault implements IPolicyDefault, ICertInfoPolicyDe
 
             if (nvps == null)
                 throw new EPropertyException("Bad Input Format");
-       
+
             int pos = token.indexOf(":");
 
             if (pos <= 0) {
@@ -706,8 +697,8 @@ public abstract class EnrollDefault implements IPolicyDefault, ICertInfoPolicyDe
         return v;
     }
 
-    protected String getGeneralNameType(GeneralName gn) 
-        throws EPropertyException {
+    protected String getGeneralNameType(GeneralName gn)
+            throws EPropertyException {
         int type = gn.getType();
 
         if (type == GeneralNameInterface.NAME_RFC822)
@@ -762,17 +753,17 @@ public abstract class EnrollDefault implements IPolicyDefault, ICertInfoPolicyDe
     }
 
     public String toGeneralNameString(GeneralNameInterface gn) {
-        int type = gn.getType(); 
+        int type = gn.getType();
         // Sun's General Name is not consistent, so we need
         // to do a special case for directory string
         if (type == GeneralNameInterface.NAME_DIRECTORY) {
-            return "DirectoryName: " +  gn.toString();
+            return "DirectoryName: " + gn.toString();
         }
         return gn.toString();
     }
 
     protected String mapPattern(IRequest request, String pattern)
-      throws IOException {
+            throws IOException {
         Pattern p = new Pattern(pattern);
         IAttrSet attrSet = null;
         if (request != null) {
@@ -781,30 +772,32 @@ public abstract class EnrollDefault implements IPolicyDefault, ICertInfoPolicyDe
         return p.substitute2("request", attrSet);
     }
 
-    protected StringBuffer escapeValueRfc1779(String v, boolean doubleEscape)
-    {
+    protected StringBuffer escapeValueRfc1779(String v, boolean doubleEscape) {
         StringBuffer result = new StringBuffer();
 
         // Do we need to escape any characters
         for (int i = 0; i < v.length(); i++) {
             int c = v.charAt(i);
             if (c == ',' || c == '=' || c == '+' || c == '<' ||
-                c == '>' || c == '#' || c == ';' || c == '\r' ||
-                c == '\n' || c == '\\' || c == '"') {
-                if ((c == 0x5c) && ((i+1) < v.length())) {
-                    int nextC = v.charAt(i+1);
+                    c == '>' || c == '#' || c == ';' || c == '\r' ||
+                    c == '\n' || c == '\\' || c == '"') {
+                if ((c == 0x5c) && ((i + 1) < v.length())) {
+                    int nextC = v.charAt(i + 1);
                     if ((c == 0x5c) && (nextC == ',' || nextC == '=' || nextC == '+' ||
                                         nextC == '<' || nextC == '>' || nextC == '#' ||
                                         nextC == ';' || nextC == '\r' || nextC == '\n' ||
                                         nextC == '\\' || nextC == '"')) {
-                        if (doubleEscape) result.append('\\');
+                        if (doubleEscape)
+                            result.append('\\');
                     } else {
                         result.append('\\');
-                        if (doubleEscape) result.append('\\');
+                        if (doubleEscape)
+                            result.append('\\');
                     }
                 } else {
                     result.append('\\');
-                    if (doubleEscape) result.append('\\');
+                    if (doubleEscape)
+                        result.append('\\');
                 }
             }
             if (c == '\r') {
@@ -812,10 +805,10 @@ public abstract class EnrollDefault implements IPolicyDefault, ICertInfoPolicyDe
             } else if (c == '\n') {
                 result.append("0A");
             } else {
-                result.append((char)c);
+                result.append((char) c);
             }
         }
         return result;
     }
- 
+
 }
diff --git a/pki/base/common/src/com/netscape/cms/profile/def/EnrollExtDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/EnrollExtDefault.java
index 7cf2a359..acdf98b4 100644
--- a/pki/base/common/src/com/netscape/cms/profile/def/EnrollExtDefault.java
+++ b/pki/base/common/src/com/netscape/cms/profile/def/EnrollExtDefault.java
@@ -17,14 +17,10 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.profile.def;
 
-
-
-
 /**
- * This class implements an enrollment extension 
- * default policy that extension into the certificate
- * template.
- *
+ * This class implements an enrollment extension default policy that extension
+ * into the certificate template.
+ * 
  * @version $Revision$, $Date$
  */
 public abstract class EnrollExtDefault extends EnrollDefault {
diff --git a/pki/base/common/src/com/netscape/cms/profile/def/ExtendedKeyUsageExtDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/ExtendedKeyUsageExtDefault.java
index 62d21cc8..4ea3679b 100644
--- a/pki/base/common/src/com/netscape/cms/profile/def/ExtendedKeyUsageExtDefault.java
+++ b/pki/base/common/src/com/netscape/cms/profile/def/ExtendedKeyUsageExtDefault.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.profile.def;
 
-
 import java.util.Enumeration;
 import java.util.Locale;
 import java.util.StringTokenizer;
@@ -35,12 +34,10 @@ import com.netscape.certsrv.property.EPropertyException;
 import com.netscape.certsrv.property.IDescriptor;
 import com.netscape.certsrv.request.IRequest;
 
-
 /**
- * This class implements an enrollment default policy
- * that populates Extended Key Usage extension
- * into the certificate template.
- *
+ * This class implements an enrollment default policy that populates Extended
+ * Key Usage extension into the certificate template.
+ * 
  * @version $Revision$, $Date$
  */
 public class ExtendedKeyUsageExtDefault extends EnrollExtDefault {
@@ -60,17 +57,17 @@ public class ExtendedKeyUsageExtDefault extends EnrollExtDefault {
     }
 
     public void init(IProfile profile, IConfigStore config)
-        throws EProfileException {
+            throws EProfileException {
         super.init(profile, config);
     }
 
-    public IDescriptor getConfigDescriptor(Locale locale, String name) { 
+    public IDescriptor getConfigDescriptor(Locale locale, String name) {
         if (name.equals(CONFIG_CRITICAL)) {
-            return new Descriptor(IDescriptor.BOOLEAN, null, 
+            return new Descriptor(IDescriptor.BOOLEAN, null,
                     "false",
                     CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL"));
         } else if (name.equals(CONFIG_OIDS)) {
-            return new Descriptor(IDescriptor.STRING, null, 
+            return new Descriptor(IDescriptor.STRING, null,
                     null,
                     CMS.getUserMessage(locale, "CMS_PROFILE_OIDS"));
         }
@@ -91,51 +88,49 @@ public class ExtendedKeyUsageExtDefault extends EnrollExtDefault {
     }
 
     public void setValue(String name, Locale locale,
-        X509CertInfo info, String value)
-        throws EPropertyException {
+            X509CertInfo info, String value)
+            throws EPropertyException {
         ExtendedKeyUsageExtension ext = null;
 
-
         ext = (ExtendedKeyUsageExtension)
                     getExtension(ExtendedKeyUsageExtension.OID, info);
 
-        if(ext == null)
-        {
+        if (ext == null) {
             try {
-                populate(null,info);
+                populate(null, info);
 
             } catch (EProfileException e) {
-                 throw new EPropertyException(CMS.getUserMessage(
-                      locale, "CMS_INVALID_PROPERTY", name));
+                throw new EPropertyException(CMS.getUserMessage(
+                        locale, "CMS_INVALID_PROPERTY", name));
             }
 
-        } 
-        if (name == null) { 
+        }
+        if (name == null) {
             throw new EPropertyException(CMS.getUserMessage(
                         locale, "CMS_INVALID_PROPERTY", name));
         }
         if (name.equals(VAL_CRITICAL)) {
             ext = (ExtendedKeyUsageExtension)
-                    getExtension(ExtendedKeyUsageExtension.OID, info); 
-            boolean val = Boolean.valueOf(value).booleanValue(); 
+                    getExtension(ExtendedKeyUsageExtension.OID, info);
+            boolean val = Boolean.valueOf(value).booleanValue();
 
-            if(ext == null) {
+            if (ext == null) {
                 return;
             }
-            ext.setCritical(val);	    
+            ext.setCritical(val);
         } else if (name.equals(VAL_OIDS)) {
             ext = (ExtendedKeyUsageExtension)
                     getExtension(ExtendedKeyUsageExtension.OID, info);
-            //		ext.deleteAllOIDs();
+            // ext.deleteAllOIDs();
             StringTokenizer st = new StringTokenizer(value, ",");
 
-            if(ext == null) {
+            if (ext == null) {
                 return;
             }
             while (st.hasMoreTokens()) {
                 String oid = st.nextToken();
 
-                ext.addOID(new ObjectIdentifier(oid));	
+                ext.addOID(new ObjectIdentifier(oid));
             }
         } else {
             throw new EPropertyException(CMS.getUserMessage(
@@ -151,8 +146,8 @@ public class ExtendedKeyUsageExtDefault extends EnrollExtDefault {
     }
 
     public String getValue(String name, Locale locale,
-        X509CertInfo info)
-        throws EPropertyException {
+            X509CertInfo info)
+            throws EPropertyException {
         if (name == null) {
             throw new EPropertyException(CMS.getUserMessage(
                         locale, "CMS_INVALID_PROPERTY", name));
@@ -160,23 +155,21 @@ public class ExtendedKeyUsageExtDefault extends EnrollExtDefault {
 
         ExtendedKeyUsageExtension ext = (ExtendedKeyUsageExtension)
                 getExtension(ExtendedKeyUsageExtension.OID, info);
-       
 
-        if(ext == null)
-        {
+        if (ext == null) {
             try {
-                populate(null,info);
+                populate(null, info);
 
             } catch (EProfileException e) {
-                 throw new EPropertyException(CMS.getUserMessage(
-                      locale, "CMS_INVALID_PROPERTY", name));
+                throw new EPropertyException(CMS.getUserMessage(
+                        locale, "CMS_INVALID_PROPERTY", name));
             }
 
         }
 
         if (name.equals(VAL_CRITICAL)) {
             ext = (ExtendedKeyUsageExtension)
-                getExtension(ExtendedKeyUsageExtension.OID, info);
+                    getExtension(ExtendedKeyUsageExtension.OID, info);
 
             if (ext == null) {
                 return null;
@@ -188,20 +181,20 @@ public class ExtendedKeyUsageExtDefault extends EnrollExtDefault {
             }
         } else if (name.equals(VAL_OIDS)) {
             ext = (ExtendedKeyUsageExtension)
-                getExtension(ExtendedKeyUsageExtension.OID, info);
+                    getExtension(ExtendedKeyUsageExtension.OID, info);
             StringBuffer sb = new StringBuffer();
-            if(ext == null) {
+            if (ext == null) {
                 return "";
             }
             Enumeration e = ext.getOIDs();
 
             while (e.hasMoreElements()) {
                 ObjectIdentifier oid = (ObjectIdentifier)
-                    e.nextElement();
+                        e.nextElement();
 
                 if (!sb.toString().equals("")) {
                     sb.append(",");
-                }	
+                }
                 sb.append(oid.toString());
             }
             return sb.toString();
@@ -213,11 +206,11 @@ public class ExtendedKeyUsageExtDefault extends EnrollExtDefault {
 
     public String getText(Locale locale) {
         String params[] = {
-                getConfig(CONFIG_CRITICAL), 
+                getConfig(CONFIG_CRITICAL),
                 getConfig(CONFIG_OIDS)
             };
 
-        return CMS.getUserMessage(locale, 
+        return CMS.getUserMessage(locale,
                 "CMS_PROFILE_DEF_EXTENDED_KEY_EXT", params);
     }
 
@@ -225,20 +218,20 @@ public class ExtendedKeyUsageExtDefault extends EnrollExtDefault {
      * Populates the request with this policy default.
      */
     public void populate(IRequest request, X509CertInfo info)
-        throws EProfileException {
+            throws EProfileException {
         ExtendedKeyUsageExtension ext = createExtension();
 
         addExtension(ExtendedKeyUsageExtension.OID, ext, info);
     }
 
     public ExtendedKeyUsageExtension createExtension() {
-        ExtendedKeyUsageExtension ext = null; 
+        ExtendedKeyUsageExtension ext = null;
 
         try {
             ext = new ExtendedKeyUsageExtension();
         } catch (Exception e) {
             CMS.debug("ExtendedKeyUsageExtDefault: createExtension " +
-                e.toString());
+                    e.toString());
         }
         if (ext == null)
             return null;
@@ -250,7 +243,7 @@ public class ExtendedKeyUsageExtDefault extends EnrollExtDefault {
         while (st.hasMoreTokens()) {
             String oid = st.nextToken();
 
-            ext.addOID(new ObjectIdentifier(oid));	
+            ext.addOID(new ObjectIdentifier(oid));
         }
         return ext;
     }
diff --git a/pki/base/common/src/com/netscape/cms/profile/def/FreshestCRLExtDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/FreshestCRLExtDefault.java
index 13af0426..5824bbfd 100644
--- a/pki/base/common/src/com/netscape/cms/profile/def/FreshestCRLExtDefault.java
+++ b/pki/base/common/src/com/netscape/cms/profile/def/FreshestCRLExtDefault.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.profile.def;
 
-
 import java.io.IOException;
 import java.util.Enumeration;
 import java.util.Locale;
@@ -42,12 +41,10 @@ import com.netscape.certsrv.property.EPropertyException;
 import com.netscape.certsrv.property.IDescriptor;
 import com.netscape.certsrv.request.IRequest;
 
-
 /**
- * This class implements an enrollment default policy
- * that populates Freshest CRL extension
- * into the certificate template.
- *
+ * This class implements an enrollment default policy that populates Freshest
+ * CRL extension into the certificate template.
+ * 
  * @version $Revision$, $Date$
  */
 public class FreshestCRLExtDefault extends EnrollExtDefault {
@@ -61,8 +58,8 @@ public class FreshestCRLExtDefault extends EnrollExtDefault {
     public static final String CONFIG_ENABLE = "freshestCRLPointEnable_";
 
     public static final String VAL_CRITICAL = "freshestCRLCritical";
-    public static final String VAL_CRL_DISTRIBUTION_POINTS = 
-        "freshestCRLPointsValue";
+    public static final String VAL_CRL_DISTRIBUTION_POINTS =
+            "freshestCRLPointsValue";
 
     private static final String POINT_TYPE = "Point Type";
     private static final String POINT_NAME = "Point Name";
@@ -78,12 +75,11 @@ public class FreshestCRLExtDefault extends EnrollExtDefault {
     }
 
     public void init(IProfile profile, IConfigStore config)
-        throws EProfileException {
+            throws EProfileException {
         super.init(profile, config);
         refreshConfigAndValueNames();
     }
 
-    
     protected int getNumPoints() {
         int num = DEF_NUM_POINTS;
         String val = getConfig(CONFIG_NUM_POINTS);
@@ -103,33 +99,32 @@ public class FreshestCRLExtDefault extends EnrollExtDefault {
     }
 
     public void setConfig(String name, String value)
-        throws EPropertyException {
+            throws EPropertyException {
         int num = 0;
         if (name.equals(CONFIG_NUM_POINTS)) {
-          try {
-            num = Integer.parseInt(value);
+            try {
+                num = Integer.parseInt(value);
 
-            if (num >= MAX_NUM_POINTS || num < 0) {
-                throw new EPropertyException(CMS.getUserMessage(
+                if (num >= MAX_NUM_POINTS || num < 0) {
+                    throw new EPropertyException(CMS.getUserMessage(
                             "CMS_INVALID_PROPERTY", CONFIG_NUM_POINTS));
-            }
+                }
 
-          } catch (Exception e) {
+            } catch (Exception e) {
                 throw new EPropertyException(CMS.getUserMessage(
                             "CMS_INVALID_PROPERTY", CONFIG_NUM_POINTS));
-          }
+            }
         }
         super.setConfig(name, value);
     }
 
-
     public Enumeration<String> getConfigNames() {
         refreshConfigAndValueNames();
         return super.getConfigNames();
     }
 
     protected void refreshConfigAndValueNames() {
-        //refesh our config name list
+        // refesh our config name list
 
         super.refreshConfigAndValueNames();
         addValueName(VAL_CRITICAL);
@@ -149,47 +144,47 @@ public class FreshestCRLExtDefault extends EnrollExtDefault {
 
     }
 
-    public IDescriptor getConfigDescriptor(Locale locale, String name) { 
-        if (name.equals(CONFIG_CRITICAL)) { 
-            return new Descriptor(IDescriptor.BOOLEAN, null, 
+    public IDescriptor getConfigDescriptor(Locale locale, String name) {
+        if (name.equals(CONFIG_CRITICAL)) {
+            return new Descriptor(IDescriptor.BOOLEAN, null,
                     "false",
                     CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL"));
         } else if (name.startsWith(CONFIG_POINT_TYPE)) {
-            return new Descriptor(IDescriptor.STRING, null, 
+            return new Descriptor(IDescriptor.STRING, null,
                     null,
                     CMS.getUserMessage(locale, "CMS_PROFILE_POINT_TYPE"));
         } else if (name.startsWith(CONFIG_POINT_NAME)) {
-            return new Descriptor(IDescriptor.STRING, null, 
+            return new Descriptor(IDescriptor.STRING, null,
                     null,
                     CMS.getUserMessage(locale, "CMS_PROFILE_POINT_NAME"));
         } else if (name.startsWith(CONFIG_ISSUER_TYPE)) {
-            return new Descriptor(IDescriptor.STRING, null, 
+            return new Descriptor(IDescriptor.STRING, null,
                     null,
                     CMS.getUserMessage(locale, "CMS_PROFILE_ISSUER_TYPE"));
         } else if (name.startsWith(CONFIG_ISSUER_NAME)) {
-            return new Descriptor(IDescriptor.STRING, null, 
+            return new Descriptor(IDescriptor.STRING, null,
                     null,
                     CMS.getUserMessage(locale, "CMS_PROFILE_ISSUER_NAME"));
         } else if (name.startsWith(CONFIG_ENABLE)) {
-            return new Descriptor(IDescriptor.BOOLEAN, null, 
+            return new Descriptor(IDescriptor.BOOLEAN, null,
                     null,
                     CMS.getUserMessage(locale, "CMS_PROFILE_ENABLE"));
         } else if (name.startsWith(CONFIG_NUM_POINTS)) {
             return new Descriptor(IDescriptor.INTEGER, null,
-                   "1",
-                   CMS.getUserMessage(locale, "CMS_PROFILE_NUM_DIST_POINTS"));
+                    "1",
+                    CMS.getUserMessage(locale, "CMS_PROFILE_NUM_DIST_POINTS"));
         } else {
             return null;
         }
     }
 
     public IDescriptor getValueDescriptor(Locale locale, String name) {
-        if (name.equals(VAL_CRITICAL)) { 
-            return new Descriptor(IDescriptor.BOOLEAN, null, 
+        if (name.equals(VAL_CRITICAL)) {
+            return new Descriptor(IDescriptor.BOOLEAN, null,
                     "false",
                     CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL"));
         } else if (name.equals(VAL_CRL_DISTRIBUTION_POINTS)) {
-            return new Descriptor(IDescriptor.STRING_LIST, null, 
+            return new Descriptor(IDescriptor.STRING_LIST, null,
                     null,
                     CMS.getUserMessage(locale, "CMS_PROFILE_CRL_DISTRIBUTION_POINTS"));
         } else {
@@ -198,39 +193,39 @@ public class FreshestCRLExtDefault extends EnrollExtDefault {
     }
 
     public void setValue(String name, Locale locale,
-        X509CertInfo info, String value)
-        throws EPropertyException {
+            X509CertInfo info, String value)
+            throws EPropertyException {
         try {
             FreshestCRLExtension ext = null;
 
-            if (name == null) { 
-                throw new EPropertyException(CMS.getUserMessage( 
+            if (name == null) {
+                throw new EPropertyException(CMS.getUserMessage(
                             locale, "CMS_INVALID_PROPERTY", name));
             }
 
             ext = (FreshestCRLExtension)
                         getExtension(FreshestCRLExtension.OID,
-                            info);
+                                info);
 
-            if(ext == null)  {
-                populate(locale,info);
+            if (ext == null) {
+                populate(locale, info);
             }
-            
+
             if (name.equals(VAL_CRITICAL)) {
                 ext = (FreshestCRLExtension)
-                        getExtension(FreshestCRLExtension.OID, 
-                            info);
+                        getExtension(FreshestCRLExtension.OID,
+                                info);
                 boolean val = Boolean.valueOf(value).booleanValue();
 
-                ext.setCritical(val); 
-            } else if (name.equals(VAL_CRL_DISTRIBUTION_POINTS)) { 
+                ext.setCritical(val);
+            } else if (name.equals(VAL_CRL_DISTRIBUTION_POINTS)) {
                 ext = (FreshestCRLExtension)
-                        getExtension(FreshestCRLExtension.OID, 
-                            info);
+                        getExtension(FreshestCRLExtension.OID,
+                                info);
 
                 Vector<NameValuePairs> v = parseRecords(value);
                 int size = v.size();
-              
+
                 boolean critical = ext.isCritical();
                 int i = 0;
 
@@ -266,7 +261,7 @@ public class FreshestCRLExtDefault extends EnrollExtDefault {
                         if (issuerType != null)
                             addIssuer(locale, cdp, issuerType, issuerValue);
 
-                            // this is the first distribution point
+                        // this is the first distribution point
                         if (i == 0) {
                             ext = new FreshestCRLExtension(cdp);
                             ext.setCritical(critical);
@@ -276,100 +271,99 @@ public class FreshestCRLExtDefault extends EnrollExtDefault {
                     }
                 }
             } else {
-                throw new EPropertyException(CMS.getUserMessage( 
+                throw new EPropertyException(CMS.getUserMessage(
                             locale, "CMS_INVALID_PROPERTY", name));
             }
 
             replaceExtension(PKIXExtensions.FreshestCRL_Id.toString(),
-                ext, info);
+                    ext, info);
         } catch (EProfileException e) {
-            CMS.debug("FreshestCRLExtDefault: setValue " + 
-                e.toString());
-            throw new EPropertyException(CMS.getUserMessage( 
+            CMS.debug("FreshestCRLExtDefault: setValue " +
+                    e.toString());
+            throw new EPropertyException(CMS.getUserMessage(
                         locale, "CMS_INVALID_PROPERTY", name));
         }
     }
 
     private void addCRLPoint(Locale locale, CRLDistributionPoint cdp, String type,
-        String value) throws EPropertyException {
+            String value) throws EPropertyException {
         try {
             if (value == null || value.length() == 0)
                 return;
-        
+
             if (isGeneralNameType(type)) {
                 GeneralNames gen = new GeneralNames();
 
-                gen.addElement(parseGeneralName(type,value));
+                gen.addElement(parseGeneralName(type, value));
                 cdp.setFullName(gen);
             } else {
-                throw new EPropertyException(CMS.getUserMessage( 
+                throw new EPropertyException(CMS.getUserMessage(
                             locale, "CMS_INVALID_PROPERTY", type));
             }
         } catch (IOException e) {
-            CMS.debug("FreshestCRLExtDefault: addCRLPoint " + 
-                e.toString());
-            throw new EPropertyException(CMS.getUserMessage( 
+            CMS.debug("FreshestCRLExtDefault: addCRLPoint " +
+                    e.toString());
+            throw new EPropertyException(CMS.getUserMessage(
                         locale, "CMS_INVALID_PROPERTY", type));
         } catch (GeneralNamesException e) {
-            CMS.debug("FreshestCRLExtDefault: addCRLPoint " + 
-                e.toString());
-            throw new EPropertyException(CMS.getUserMessage( 
+            CMS.debug("FreshestCRLExtDefault: addCRLPoint " +
+                    e.toString());
+            throw new EPropertyException(CMS.getUserMessage(
                         locale, "CMS_INVALID_PROPERTY", type));
         }
     }
 
     private void addIssuer(Locale locale, CRLDistributionPoint cdp, String type,
-        String value) throws EPropertyException {
+            String value) throws EPropertyException {
         if (value == null || value.length() == 0)
             return;
         try {
             if (isGeneralNameType(type)) {
                 GeneralNames gen = new GeneralNames();
 
-                gen.addElement(parseGeneralName(type,value));
+                gen.addElement(parseGeneralName(type, value));
                 cdp.setCRLIssuer(gen);
             } else {
-                throw new EPropertyException(CMS.getUserMessage( 
+                throw new EPropertyException(CMS.getUserMessage(
                             locale, "CMS_INVALID_PROPERTY", type));
             }
         } catch (IOException e) {
-            CMS.debug("FreshestCRLExtDefault: addIssuer " + 
-                e.toString());
+            CMS.debug("FreshestCRLExtDefault: addIssuer " +
+                    e.toString());
         } catch (GeneralNamesException e) {
-            CMS.debug("FreshestCRLExtDefault: addIssuer " + 
-                e.toString());
+            CMS.debug("FreshestCRLExtDefault: addIssuer " +
+                    e.toString());
         }
     }
 
     public String getValue(String name, Locale locale,
-        X509CertInfo info)
-        throws EPropertyException {
+            X509CertInfo info)
+            throws EPropertyException {
         FreshestCRLExtension ext = null;
 
         if (name == null) {
-            throw new EPropertyException(CMS.getUserMessage( 
+            throw new EPropertyException(CMS.getUserMessage(
                         locale, "CMS_INVALID_PROPERTY", name));
         }
 
         ext = (FreshestCRLExtension)
                     getExtension(FreshestCRLExtension.OID,
-                        info);
-        if(ext == null)
-        {
+                            info);
+        if (ext == null) {
             try {
-                populate(locale,info);
+                populate(locale, info);
 
             } catch (EProfileException e) {
-                 throw new EPropertyException(CMS.getUserMessage(
-                      locale, "CMS_INVALID_PROPERTY", name));
+                throw new EPropertyException(CMS.getUserMessage(
+                        locale, "CMS_INVALID_PROPERTY", name));
             }
 
         }
 
         if (name.equals(VAL_CRITICAL)) {
             ext = (FreshestCRLExtension)
-                    getExtension(FreshestCRLExtension.OID, 
-                        info);
+                    getExtension(FreshestCRLExtension.OID,
+                            info);
 
             if (ext == null) {
                 return null;
@@ -379,10 +373,10 @@ public class FreshestCRLExtDefault extends EnrollExtDefault {
             } else {
                 return "false";
             }
-        } else if (name.equals(VAL_CRL_DISTRIBUTION_POINTS)) { 
+        } else if (name.equals(VAL_CRL_DISTRIBUTION_POINTS)) {
             ext = (FreshestCRLExtension)
-                    getExtension(FreshestCRLExtension.OID, 
-                        info);
+                    getExtension(FreshestCRLExtension.OID,
+                            info);
 
             if (ext == null)
                 return "";
@@ -395,7 +389,7 @@ public class FreshestCRLExtDefault extends EnrollExtDefault {
                 NameValuePairs pairs = null;
 
                 if (i < ext.getNumPoints()) {
-                    CRLDistributionPoint p = ext.getPointAt(i); 
+                    CRLDistributionPoint p = ext.getPointAt(i);
                     GeneralNames gns = p.getFullName();
 
                     pairs = buildGeneralNames(gns, p);
@@ -404,10 +398,10 @@ public class FreshestCRLExtDefault extends EnrollExtDefault {
                 }
                 recs.addElement(pairs);
             }
-                
+
             return buildRecords(recs);
         } else {
-            throw new EPropertyException(CMS.getUserMessage( 
+            throw new EPropertyException(CMS.getUserMessage(
                         locale, "CMS_INVALID_PROPERTY", name));
         }
     }
@@ -424,7 +418,7 @@ public class FreshestCRLExtDefault extends EnrollExtDefault {
     }
 
     protected NameValuePairs buildGeneralNames(GeneralNames gns, CRLDistributionPoint p)
-        throws EPropertyException {
+            throws EPropertyException {
 
         NameValuePairs pairs = new NameValuePairs();
 
@@ -495,8 +489,8 @@ public class FreshestCRLExtDefault extends EnrollExtDefault {
             sb.append(getConfig(CONFIG_ENABLE + i));
             sb.append("}");
         }
-        return CMS.getUserMessage(locale, 
-                "CMS_PROFILE_DEF_FRESHEST_CRL_EXT", 
+        return CMS.getUserMessage(locale,
+                "CMS_PROFILE_DEF_FRESHEST_CRL_EXT",
                 getConfig(CONFIG_CRITICAL),
                 sb.toString());
     }
@@ -505,7 +499,7 @@ public class FreshestCRLExtDefault extends EnrollExtDefault {
      * Populates the request with this policy default.
      */
     public void populate(IRequest request, X509CertInfo info)
-        throws EProfileException {
+            throws EProfileException {
         FreshestCRLExtension ext = createExtension(request);
 
         if (ext == null)
@@ -519,14 +513,14 @@ public class FreshestCRLExtDefault extends EnrollExtDefault {
 
         try {
             boolean critical = getConfigBoolean(CONFIG_CRITICAL);
-                        ext.setCritical(critical);
+            ext.setCritical(critical);
 
             num = getNumPoints();
             for (int i = 0; i < num; i++) {
                 CRLDistributionPoint cdp = new CRLDistributionPoint();
 
-                String enable = getConfig(CONFIG_ENABLE + i); 
-                String pointType = getConfig(CONFIG_POINT_TYPE + i); 
+                String enable = getConfig(CONFIG_ENABLE + i);
+                String pointType = getConfig(CONFIG_POINT_TYPE + i);
                 String pointName = getConfig(CONFIG_POINT_NAME + i);
                 String issuerType = getConfig(CONFIG_ISSUER_TYPE + i);
                 String issuerName = getConfig(CONFIG_ISSUER_NAME + i);
@@ -537,12 +531,12 @@ public class FreshestCRLExtDefault extends EnrollExtDefault {
                     if (issuerType != null)
                         addIssuer(getLocale(request), cdp, issuerType, issuerName);
 
-                        ext.addPoint(cdp);
+                    ext.addPoint(cdp);
                 }
             }
         } catch (Exception e) {
             CMS.debug("FreshestCRLExtDefault: createExtension " +
-                e.toString());
+                    e.toString());
         }
 
         return ext;
@@ -552,7 +546,7 @@ public class FreshestCRLExtDefault extends EnrollExtDefault {
      * Populates the request with this policy default.
      */
     private void populate(Locale locale, X509CertInfo info)
-        throws EProfileException {
+            throws EProfileException {
         FreshestCRLExtension ext = createExtension(locale);
 
         if (ext == null)
@@ -589,7 +583,7 @@ public class FreshestCRLExtDefault extends EnrollExtDefault {
             }
         } catch (Exception e) {
             CMS.debug("FreshestCRLExtDefault: createExtension " +
-                e.toString());
+                    e.toString());
         }
 
         return ext;
diff --git a/pki/base/common/src/com/netscape/cms/profile/def/GenericExtDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/GenericExtDefault.java
index 4051f31a..c1e109d2 100644
--- a/pki/base/common/src/com/netscape/cms/profile/def/GenericExtDefault.java
+++ b/pki/base/common/src/com/netscape/cms/profile/def/GenericExtDefault.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.profile.def;
 
-
 import java.util.Locale;
 
 import netscape.security.util.DerOutputStream;
@@ -34,12 +33,10 @@ import com.netscape.certsrv.property.EPropertyException;
 import com.netscape.certsrv.property.IDescriptor;
 import com.netscape.certsrv.request.IRequest;
 
-
 /**
- * This class implements an enrollment default policy
- * that populates a Netscape comment extension
- * into the certificate template.
- *
+ * This class implements an enrollment default policy that populates a Netscape
+ * comment extension into the certificate template.
+ * 
  * @version $Revision$, $Date$
  */
 public class GenericExtDefault extends EnrollExtDefault {
@@ -62,13 +59,13 @@ public class GenericExtDefault extends EnrollExtDefault {
     }
 
     public void init(IProfile profile, IConfigStore config)
-        throws EProfileException {
+            throws EProfileException {
         super.init(profile, config);
     }
 
-    public IDescriptor getConfigDescriptor(Locale locale, String name) { 
+    public IDescriptor getConfigDescriptor(Locale locale, String name) {
         if (name.equals(CONFIG_CRITICAL)) {
-            return new Descriptor(IDescriptor.BOOLEAN, null, 
+            return new Descriptor(IDescriptor.BOOLEAN, null,
                     "false",
                     CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL"));
         } else if (name.equals(CONFIG_OID)) {
@@ -86,7 +83,7 @@ public class GenericExtDefault extends EnrollExtDefault {
 
     public IDescriptor getValueDescriptor(Locale locale, String name) {
         if (name.equals(VAL_CRITICAL)) {
-            return new Descriptor(IDescriptor.BOOLEAN, null, 
+            return new Descriptor(IDescriptor.BOOLEAN, null,
                     "false",
                     CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL"));
         } else if (name.equals(VAL_DATA)) {
@@ -99,13 +96,13 @@ public class GenericExtDefault extends EnrollExtDefault {
     }
 
     public void setValue(String name, Locale locale,
-        X509CertInfo info, String value)
-        throws EPropertyException {
+            X509CertInfo info, String value)
+            throws EPropertyException {
         try {
             Extension ext = null;
 
             if (name == null) {
-                throw new EPropertyException(CMS.getUserMessage( 
+                throw new EPropertyException(CMS.getUserMessage(
                             locale, "CMS_INVALID_PROPERTY", name));
             }
 
@@ -114,28 +111,28 @@ public class GenericExtDefault extends EnrollExtDefault {
             ext = (Extension)
                         getExtension(oid.toString(), info);
 
-            if(ext == null)  {
-                populate(null,info);
+            if (ext == null) {
+                populate(null, info);
             }
 
             if (name.equals(VAL_CRITICAL)) {
                 ext = (Extension)
                         getExtension(oid.toString(), info);
-                if (ext == null)  {
+                if (ext == null) {
                     return;
                 }
                 boolean val = Boolean.valueOf(value).booleanValue();
-                ext.setCritical(val); 
-            } else if (name.equals(VAL_DATA)) { 
+                ext.setCritical(val);
+            } else if (name.equals(VAL_DATA)) {
                 ext = (Extension)
                         getExtension(oid.toString(), info);
-                if (ext == null)  {
+                if (ext == null) {
                     return;
                 }
                 byte data[] = getBytes(value);
-		ext.setExtensionValue(data);
+                ext.setExtensionValue(data);
             } else {
-                throw new EPropertyException(CMS.getUserMessage( 
+                throw new EPropertyException(CMS.getUserMessage(
                             locale, "CMS_INVALID_PROPERTY", name));
             }
 
@@ -146,12 +143,12 @@ public class GenericExtDefault extends EnrollExtDefault {
     }
 
     public String getValue(String name, Locale locale,
-        X509CertInfo info)
-        throws EPropertyException {
+            X509CertInfo info)
+            throws EPropertyException {
         Extension ext = null;
 
         if (name == null) {
-            throw new EPropertyException(CMS.getUserMessage( 
+            throw new EPropertyException(CMS.getUserMessage(
                         locale, "CMS_INVALID_PROPERTY", name));
         }
 
@@ -160,14 +157,13 @@ public class GenericExtDefault extends EnrollExtDefault {
         ext = (Extension)
                     getExtension(oid.toString(), info);
 
-        if(ext == null)
-        {
+        if (ext == null) {
             try {
-                populate(null,info);
+                populate(null, info);
 
             } catch (EProfileException e) {
-                 throw new EPropertyException(CMS.getUserMessage(
-                      locale, "CMS_INVALID_PROPERTY", name));
+                throw new EPropertyException(CMS.getUserMessage(
+                        locale, "CMS_INVALID_PROPERTY", name));
             }
 
         }
@@ -185,7 +181,7 @@ public class GenericExtDefault extends EnrollExtDefault {
             } else {
                 return "false";
             }
-        } else if (name.equals(VAL_DATA)) { 
+        } else if (name.equals(VAL_DATA)) {
 
             ext = (Extension)
                     getExtension(oid.toString(), info);
@@ -197,17 +193,17 @@ public class GenericExtDefault extends EnrollExtDefault {
 
             if (data == null)
                 return "";
-   
+
             return toStr(data);
         } else {
-            throw new EPropertyException(CMS.getUserMessage( 
+            throw new EPropertyException(CMS.getUserMessage(
                         locale, "CMS_INVALID_PROPERTY", name));
         }
     }
 
     public String getText(Locale locale) {
         String params[] = {
-                getConfig(CONFIG_CRITICAL), 
+                getConfig(CONFIG_CRITICAL),
                 getConfig(CONFIG_OID),
                 getConfig(CONFIG_DATA)
             };
@@ -218,10 +214,10 @@ public class GenericExtDefault extends EnrollExtDefault {
     public String toStr(byte data[]) {
         StringBuffer b = new StringBuffer();
         for (int i = 0; i < data.length; i++) {
-           if ((data[i] & 0xff) < 16) {
-              b.append("0");
-           }
-           b.append(Integer.toString((int)(data[i] & 0xff), 0x10));
+            if ((data[i] & 0xff) < 16) {
+                b.append("0");
+            }
+            b.append(Integer.toString((int) (data[i] & 0xff), 0x10));
         }
         return b.toString();
     }
@@ -230,14 +226,14 @@ public class GenericExtDefault extends EnrollExtDefault {
      * Populates the request with this policy default.
      */
     public void populate(IRequest request, X509CertInfo info)
-        throws EProfileException {
+            throws EProfileException {
         Extension ext = createExtension(request);
 
         addExtension(ext.getExtensionId().toString(), ext, info);
     }
 
     public Extension createExtension(IRequest request) {
-        Extension ext = null; 
+        Extension ext = null;
 
         try {
             boolean critical = getConfigBoolean(CONFIG_CRITICAL);
@@ -250,13 +246,13 @@ public class GenericExtDefault extends EnrollExtDefault {
                 data = getBytes(mapPattern(request, getConfig(CONFIG_DATA)));
             }
 
-	    DerOutputStream out = new DerOutputStream();
+            DerOutputStream out = new DerOutputStream();
             out.putOctetString(data);
 
             ext = new Extension(oid, critical, out.toByteArray());
         } catch (Exception e) {
-            CMS.debug("GenericExtDefault: createExtension " + 
-                e.toString());
+            CMS.debug("GenericExtDefault: createExtension " +
+                    e.toString());
         }
         return ext;
     }
diff --git a/pki/base/common/src/com/netscape/cms/profile/def/ImageDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/ImageDefault.java
index 5bb8abd4..dc1fa33d 100644
--- a/pki/base/common/src/com/netscape/cms/profile/def/ImageDefault.java
+++ b/pki/base/common/src/com/netscape/cms/profile/def/ImageDefault.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.profile.def;
 
-
 import java.util.Locale;
 
 import netscape.security.x509.X509CertInfo;
@@ -31,11 +30,10 @@ import com.netscape.certsrv.property.EPropertyException;
 import com.netscape.certsrv.property.IDescriptor;
 import com.netscape.certsrv.request.IRequest;
 
-
 /**
- * This class implements an enrollment default policy
- * that shows an image in the approval page.
- *
+ * This class implements an enrollment default policy that shows an image in the
+ * approval page.
+ * 
  * @version $Revision$, $Date$
  */
 public class ImageDefault extends EnrollDefault {
@@ -50,7 +48,7 @@ public class ImageDefault extends EnrollDefault {
     }
 
     public void init(IProfile profile, IConfigStore config)
-        throws EProfileException {
+            throws EProfileException {
         super.init(profile, config);
     }
 
@@ -68,12 +66,12 @@ public class ImageDefault extends EnrollDefault {
     }
 
     public void setValue(String name, Locale locale,
-        X509CertInfo info, String value)
-        throws EPropertyException {
+            X509CertInfo info, String value)
+            throws EPropertyException {
     }
 
     public String getValue(String name, Locale locale, IRequest request)
-        throws EPropertyException {
+            throws EPropertyException {
 
         if (name == null) {
             throw new EPropertyException(CMS.getUserMessage(
@@ -89,19 +87,19 @@ public class ImageDefault extends EnrollDefault {
     }
 
     public String getValue(String name, Locale locale,
-        X509CertInfo info)
-        throws EPropertyException { 
+            X509CertInfo info)
+            throws EPropertyException {
         return null;
     }
 
     public String getText(Locale locale) {
-        return CMS.getUserMessage(locale, "CMS_PROFILE_DEF_IMAGE" );
+        return CMS.getUserMessage(locale, "CMS_PROFILE_DEF_IMAGE");
     }
 
     /**
      * Populates the request with this policy default.
      */
     public void populate(IRequest request, X509CertInfo info)
-        throws EProfileException {
+            throws EProfileException {
     }
 }
diff --git a/pki/base/common/src/com/netscape/cms/profile/def/InhibitAnyPolicyExtDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/InhibitAnyPolicyExtDefault.java
index c6bbc7f7..c0a92ee7 100644
--- a/pki/base/common/src/com/netscape/cms/profile/def/InhibitAnyPolicyExtDefault.java
+++ b/pki/base/common/src/com/netscape/cms/profile/def/InhibitAnyPolicyExtDefault.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.profile.def;
 
-
 import java.math.BigInteger;
 import java.util.Locale;
 
@@ -34,10 +33,9 @@ import com.netscape.certsrv.property.EPropertyException;
 import com.netscape.certsrv.property.IDescriptor;
 import com.netscape.certsrv.request.IRequest;
 
-
 /**
  * This class implements an inhibit Any-Policy extension
- *
+ * 
  * @version $Revision$, $Date$
  */
 public class InhibitAnyPolicyExtDefault extends EnrollExtDefault {
@@ -61,31 +59,31 @@ public class InhibitAnyPolicyExtDefault extends EnrollExtDefault {
     }
 
     public void init(IProfile profile, IConfigStore config)
-        throws EProfileException {
+            throws EProfileException {
         super.init(profile, config);
     }
 
-    public IDescriptor getConfigDescriptor(Locale locale, String name) { 
+    public IDescriptor getConfigDescriptor(Locale locale, String name) {
         if (name.equals(CONFIG_CRITICAL)) {
             return new Descriptor(IDescriptor.BOOLEAN, null, "true",
-              CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL"));
+                    CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL"));
         } else if (name.startsWith(CONFIG_SKIP_CERTS)) {
             return new Descriptor(IDescriptor.INTEGER, null, "0",
-              CMS.getUserMessage(locale, "CMS_PROFILE_SKIP_CERTS"));
+                    CMS.getUserMessage(locale, "CMS_PROFILE_SKIP_CERTS"));
         } else {
             return null;
         }
     }
 
     public void setConfig(String name, String value)
-        throws EPropertyException {
+            throws EPropertyException {
         if (name.equals(CONFIG_SKIP_CERTS)) {
-          try {
-            Integer.parseInt(value);
-          } catch (Exception e) {
+            try {
+                Integer.parseInt(value);
+            } catch (Exception e) {
                 throw new EPropertyException(CMS.getUserMessage(
                             "CMS_INVALID_PROPERTY", CONFIG_SKIP_CERTS));
-          }
+            }
         }
         super.setConfig(name, value);
     }
@@ -93,36 +91,36 @@ public class InhibitAnyPolicyExtDefault extends EnrollExtDefault {
     public IDescriptor getValueDescriptor(Locale locale, String name) {
         if (name.equals(VAL_CRITICAL)) {
             return new Descriptor(IDescriptor.BOOLEAN, null, "true",
-              CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL"));
+                    CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL"));
         } else if (name.equals(VAL_SKIP_CERTS)) {
             return new Descriptor(IDescriptor.INTEGER, null, "0",
-              CMS.getUserMessage(locale, "CMS_PROFILE_SKIP_CERTS"));
+                    CMS.getUserMessage(locale, "CMS_PROFILE_SKIP_CERTS"));
         } else {
             return null;
         }
     }
 
     public void setValue(String name, Locale locale,
-        X509CertInfo info, String value)
-        throws EPropertyException {
+            X509CertInfo info, String value)
+            throws EPropertyException {
         try {
             InhibitAnyPolicyExtension ext = null;
 
-            if (name == null) { 
-                throw new EPropertyException(CMS.getUserMessage( 
+            if (name == null) {
+                throw new EPropertyException(CMS.getUserMessage(
                             locale, "CMS_INVALID_PROPERTY", name));
             }
 
             ext = (InhibitAnyPolicyExtension)
-              getExtension(InhibitAnyPolicyExtension.OID, info);
+                    getExtension(InhibitAnyPolicyExtension.OID, info);
 
-            if(ext == null)  {
-                populate(null,info);
-            } 
+            if (ext == null) {
+                populate(null, info);
+            }
 
             if (name.equals(VAL_CRITICAL)) {
                 ext = (InhibitAnyPolicyExtension)
-                  getExtension(InhibitAnyPolicyExtension.OID, info);
+                        getExtension(InhibitAnyPolicyExtension.OID, info);
 
                 if (ext == null) {
                     // it is ok, the extension is never populated or delted
@@ -133,7 +131,7 @@ public class InhibitAnyPolicyExtDefault extends EnrollExtDefault {
                 ext.setCritical(critical);
             } else if (name.equals(VAL_SKIP_CERTS)) {
                 ext = (InhibitAnyPolicyExtension)
-                  getExtension(InhibitAnyPolicyExtension.OID, info);
+                        getExtension(InhibitAnyPolicyExtension.OID, info);
 
                 if (ext == null) {
                     // it is ok, the extension is never populated or delted
@@ -150,48 +148,47 @@ public class InhibitAnyPolicyExtDefault extends EnrollExtDefault {
                     BigInteger l = new BigInteger(value);
                     num = new BigInt(l);
                 } catch (Exception e) {
-                    throw new EPropertyException(CMS.getUserMessage( 
-                        locale, "CMS_INVALID_PROPERTY", name));
+                    throw new EPropertyException(CMS.getUserMessage(
+                            locale, "CMS_INVALID_PROPERTY", name));
                 }
                 ext = new InhibitAnyPolicyExtension(critical,
-                  num);
+                        num);
             } else {
-                throw new EPropertyException(CMS.getUserMessage( 
+                throw new EPropertyException(CMS.getUserMessage(
                             locale, "CMS_INVALID_PROPERTY", name));
             }
             replaceExtension(InhibitAnyPolicyExtension.OID, ext, info);
         } catch (EProfileException e) {
             CMS.debug("InhibitAnyPolicyExtDefault: setValue " + e.toString());
-            throw new EPropertyException(CMS.getUserMessage( 
+            throw new EPropertyException(CMS.getUserMessage(
                         locale, "CMS_INVALID_PROPERTY", name));
         }
     }
 
     public String getValue(String name, Locale locale,
-        X509CertInfo info)
-        throws EPropertyException {
+            X509CertInfo info)
+            throws EPropertyException {
         if (name == null) {
-            throw new EPropertyException(CMS.getUserMessage( 
-                 locale, "CMS_INVALID_PROPERTY", name));
+            throw new EPropertyException(CMS.getUserMessage(
+                    locale, "CMS_INVALID_PROPERTY", name));
         }
 
         InhibitAnyPolicyExtension ext =
-          (InhibitAnyPolicyExtension)
-          getExtension(InhibitAnyPolicyExtension.OID, info);
+                (InhibitAnyPolicyExtension)
+                getExtension(InhibitAnyPolicyExtension.OID, info);
 
-        if(ext == null)
-        {
+        if (ext == null) {
             try {
-                populate(null,info);
+                populate(null, info);
             } catch (EProfileException e) {
                 throw new EPropertyException(CMS.getUserMessage(
-                  locale, "CMS_INVALID_PROPERTY", name));
+                        locale, "CMS_INVALID_PROPERTY", name));
             }
         }
 
         if (name.equals(VAL_CRITICAL)) {
             ext = (InhibitAnyPolicyExtension)
-              getExtension(InhibitAnyPolicyExtension.OID, info);
+                    getExtension(InhibitAnyPolicyExtension.OID, info);
 
             if (ext == null) {
                 return null;
@@ -203,38 +200,37 @@ public class InhibitAnyPolicyExtDefault extends EnrollExtDefault {
             }
         } else if (name.equals(VAL_SKIP_CERTS)) {
             ext = (InhibitAnyPolicyExtension)
-              getExtension(InhibitAnyPolicyExtension.OID, info);
+                    getExtension(InhibitAnyPolicyExtension.OID, info);
             if (ext == null) {
                 return null;
             }
 
             BigInt n = ext.getSkipCerts();
-            return ""+n.toInt();
+            return "" + n.toInt();
         } else {
-            throw new EPropertyException(CMS.getUserMessage( 
-              locale, "CMS_INVALID_PROPERTY", name));
-       }
+            throw new EPropertyException(CMS.getUserMessage(
+                    locale, "CMS_INVALID_PROPERTY", name));
+        }
     }
 
     /*
-     * returns text that goes into description for this extension on
-     * a profile
+     * returns text that goes into description for this extension on a profile
      */
     public String getText(Locale locale) {
-	StringBuffer sb = new StringBuffer();
+        StringBuffer sb = new StringBuffer();
         sb.append(SKIP_CERTS + ":");
         sb.append(getConfig(CONFIG_SKIP_CERTS));
 
-        return CMS.getUserMessage(locale, 
-          "CMS_PROFILE_DEF_INHIBIT_ANY_POLICY_EXT", 
-          getConfig(CONFIG_CRITICAL), sb.toString());
+        return CMS.getUserMessage(locale,
+                "CMS_PROFILE_DEF_INHIBIT_ANY_POLICY_EXT",
+                getConfig(CONFIG_CRITICAL), sb.toString());
     }
 
     /**
      * Populates the request with this policy default.
      */
     public void populate(IRequest request, X509CertInfo info)
-        throws EProfileException {
+            throws EProfileException {
         InhibitAnyPolicyExtension ext = null;
 
         ext = createExtension(request);
@@ -242,7 +238,7 @@ public class InhibitAnyPolicyExtDefault extends EnrollExtDefault {
     }
 
     public InhibitAnyPolicyExtension createExtension(IRequest request)
-        throws EProfileException {
+            throws EProfileException {
         InhibitAnyPolicyExtension ext = null;
 
         boolean critical = Boolean.valueOf(
@@ -259,7 +255,7 @@ public class InhibitAnyPolicyExtDefault extends EnrollExtDefault {
                 val = new BigInt(b);
             } catch (NumberFormatException e) {
                 throw new EProfileException(
-                CMS.getUserMessage("CMS_PROFILE_INHIBIT_ANY_POLICY_WRONG_SKIP_CERTS"));
+                        CMS.getUserMessage("CMS_PROFILE_INHIBIT_ANY_POLICY_WRONG_SKIP_CERTS"));
             }
 
             try {
diff --git a/pki/base/common/src/com/netscape/cms/profile/def/IssuerAltNameExtDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/IssuerAltNameExtDefault.java
index 40bd4876..00a05305 100644
--- a/pki/base/common/src/com/netscape/cms/profile/def/IssuerAltNameExtDefault.java
+++ b/pki/base/common/src/com/netscape/cms/profile/def/IssuerAltNameExtDefault.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.profile.def;
 
-
 import java.io.IOException;
 import java.util.Enumeration;
 import java.util.Locale;
@@ -39,12 +38,10 @@ import com.netscape.certsrv.property.EPropertyException;
 import com.netscape.certsrv.property.IDescriptor;
 import com.netscape.certsrv.request.IRequest;
 
-
 /**
- * This class implements an enrollment default policy
- * that populates a issuer alternative name extension
- * into the certificate template.
- *
+ * This class implements an enrollment default policy that populates a issuer
+ * alternative name extension into the certificate template.
+ * 
  * @version $Revision$, $Date$
  */
 public class IssuerAltNameExtDefault extends EnrollExtDefault {
@@ -67,25 +64,25 @@ public class IssuerAltNameExtDefault extends EnrollExtDefault {
     }
 
     public void init(IProfile profile, IConfigStore config)
-        throws EProfileException {
+            throws EProfileException {
         super.init(profile, config);
     }
 
-    public IDescriptor getConfigDescriptor(Locale locale, String name) { 
+    public IDescriptor getConfigDescriptor(Locale locale, String name) {
         if (name.equals(CONFIG_CRITICAL)) {
-            return new Descriptor(IDescriptor.BOOLEAN, null, 
+            return new Descriptor(IDescriptor.BOOLEAN, null,
                     "false",
                     CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL"));
         } else if (name.equals(CONFIG_TYPE)) {
             return new Descriptor(IDescriptor.CHOICE, "RFC822Name,DNSName,DirectoryName,EDIPartyName,URIName,IPAddress,OIDName",
                     "RFC822Name",
-                    CMS.getUserMessage(locale, 
-                        "CMS_PROFILE_ISSUER_ALT_NAME_TYPE"));
+                    CMS.getUserMessage(locale,
+                            "CMS_PROFILE_ISSUER_ALT_NAME_TYPE"));
         } else if (name.equals(CONFIG_PATTERN)) {
-            return new Descriptor(IDescriptor.STRING, null, 
+            return new Descriptor(IDescriptor.STRING, null,
                     null,
-                    CMS.getUserMessage(locale, 
-                        "CMS_PROFILE_ISSUER_ALT_NAME_PATTERN"));
+                    CMS.getUserMessage(locale,
+                            "CMS_PROFILE_ISSUER_ALT_NAME_PATTERN"));
         } else {
             return null;
         }
@@ -93,11 +90,11 @@ public class IssuerAltNameExtDefault extends EnrollExtDefault {
 
     public IDescriptor getValueDescriptor(Locale locale, String name) {
         if (name.equals(VAL_CRITICAL)) {
-            return new Descriptor(IDescriptor.BOOLEAN, null, 
+            return new Descriptor(IDescriptor.BOOLEAN, null,
                     "false",
                     CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL"));
         } else if (name.equals(VAL_GENERAL_NAMES)) {
-            return new Descriptor(IDescriptor.STRING_LIST, null, 
+            return new Descriptor(IDescriptor.STRING_LIST, null,
                     null,
                     CMS.getUserMessage(locale, "CMS_PROFILE_GENERAL_NAMES"));
         } else {
@@ -106,13 +103,13 @@ public class IssuerAltNameExtDefault extends EnrollExtDefault {
     }
 
     public void setValue(String name, Locale locale,
-        X509CertInfo info, String value)
-        throws EPropertyException {
+            X509CertInfo info, String value)
+            throws EPropertyException {
         try {
             IssuerAlternativeNameExtension ext = null;
 
-            if (name == null) { 
-                throw new EPropertyException(CMS.getUserMessage( 
+            if (name == null) {
+                throw new EPropertyException(CMS.getUserMessage(
                             locale, "CMS_INVALID_PROPERTY", name));
             }
 
@@ -120,20 +117,19 @@ public class IssuerAltNameExtDefault extends EnrollExtDefault {
                         (IssuerAlternativeNameExtension)
                         getExtension(PKIXExtensions.IssuerAlternativeName_Id.toString(), info);
 
-            if(ext == null)
-            {
+            if (ext == null) {
                 try {
-                    populate(null,info);
+                    populate(null, info);
 
                 } catch (EProfileException e) {
-                     throw new EPropertyException(CMS.getUserMessage(
-                          locale, "CMS_INVALID_PROPERTY", name));
+                    throw new EPropertyException(CMS.getUserMessage(
+                            locale, "CMS_INVALID_PROPERTY", name));
                 }
 
             }
- 
+
             if (name.equals(VAL_CRITICAL)) {
-                ext = 
+                ext =
                         (IssuerAlternativeNameExtension)
                         getExtension(PKIXExtensions.IssuerAlternativeName_Id.toString(), info);
 
@@ -145,7 +141,7 @@ public class IssuerAltNameExtDefault extends EnrollExtDefault {
 
                 ext.setCritical(critical);
             } else if (name.equals(VAL_GENERAL_NAMES)) {
-                ext = 
+                ext =
                         (IssuerAlternativeNameExtension)
                         getExtension(PKIXExtensions.IssuerAlternativeName_Id.toString(), info);
 
@@ -166,34 +162,34 @@ public class IssuerAltNameExtDefault extends EnrollExtDefault {
 
                     GeneralNameInterface n = parseGeneralName(gname);
                     if (n != null) {
-                      gn.addElement(n);
+                        gn.addElement(n);
                     }
                 }
                 ext.set(IssuerAlternativeNameExtension.ISSUER_NAME, gn);
             } else {
-                throw new EPropertyException(CMS.getUserMessage( 
+                throw new EPropertyException(CMS.getUserMessage(
                             locale, "CMS_INVALID_PROPERTY", name));
             }
             replaceExtension(
-                PKIXExtensions.IssuerAlternativeName_Id.toString(),
-                ext, info);
+                    PKIXExtensions.IssuerAlternativeName_Id.toString(),
+                    ext, info);
         } catch (IOException e) {
             CMS.debug("IssuerAltNameExtDefault: setValue " + e.toString());
-            throw new EPropertyException(CMS.getUserMessage( 
+            throw new EPropertyException(CMS.getUserMessage(
                         locale, "CMS_INVALID_PROPERTY", name));
         } catch (EProfileException e) {
             CMS.debug("IssuerAltNameExtDefault: setValue " + e.toString());
-            throw new EPropertyException(CMS.getUserMessage( 
+            throw new EPropertyException(CMS.getUserMessage(
                         locale, "CMS_INVALID_PROPERTY", name));
         }
     }
 
     public String getValue(String name, Locale locale,
-        X509CertInfo info)
-        throws EPropertyException {
+            X509CertInfo info)
+            throws EPropertyException {
         try {
             if (name == null) {
-                throw new EPropertyException(CMS.getUserMessage( 
+                throw new EPropertyException(CMS.getUserMessage(
                             locale, "CMS_INVALID_PROPERTY", name));
             }
 
@@ -201,23 +197,22 @@ public class IssuerAltNameExtDefault extends EnrollExtDefault {
                     (IssuerAlternativeNameExtension)
                     getExtension(PKIXExtensions.IssuerAlternativeName_Id.toString(), info);
 
-            if(ext == null)
-            {
+            if (ext == null) {
 
                 try {
-                    populate(null,info);
+                    populate(null, info);
 
                 } catch (EProfileException e) {
-                     throw new EPropertyException(CMS.getUserMessage(
-                          locale, "CMS_INVALID_PROPERTY", name));
+                    throw new EPropertyException(CMS.getUserMessage(
+                            locale, "CMS_INVALID_PROPERTY", name));
                 }
 
             }
 
             if (name.equals(VAL_CRITICAL)) {
-                ext = 
-                    (IssuerAlternativeNameExtension)
-                    getExtension(PKIXExtensions.IssuerAlternativeName_Id.toString(), info);
+                ext =
+                        (IssuerAlternativeNameExtension)
+                        getExtension(PKIXExtensions.IssuerAlternativeName_Id.toString(), info);
 
                 if (ext == null) {
                     return null;
@@ -228,16 +223,15 @@ public class IssuerAltNameExtDefault extends EnrollExtDefault {
                     return "false";
                 }
             } else if (name.equals(VAL_GENERAL_NAMES)) {
-                ext = 
-                    (IssuerAlternativeNameExtension)
-                    getExtension(PKIXExtensions.IssuerAlternativeName_Id.toString(), info);
-                if(ext == null)
-                {
+                ext =
+                        (IssuerAlternativeNameExtension)
+                        getExtension(PKIXExtensions.IssuerAlternativeName_Id.toString(), info);
+                if (ext == null) {
                     return "";
                 }
 
                 GeneralNames names = (GeneralNames)
-                    ext.get(IssuerAlternativeNameExtension.ISSUER_NAME);
+                        ext.get(IssuerAlternativeNameExtension.ISSUER_NAME);
                 StringBuffer sb = new StringBuffer();
                 Enumeration<GeneralNameInterface> e = names.elements();
 
@@ -246,17 +240,17 @@ public class IssuerAltNameExtDefault extends EnrollExtDefault {
 
                     if (!sb.toString().equals("")) {
                         sb.append("\r\n");
-                    }	
+                    }
                     sb.append(toGeneralNameString(gn));
                 }
                 return sb.toString();
             } else {
-                throw new EPropertyException(CMS.getUserMessage( 
+                throw new EPropertyException(CMS.getUserMessage(
                             locale, "CMS_INVALID_PROPERTY", name));
             }
         } catch (IOException e) {
-            CMS.debug("IssuerAltNameExtDefault: getValue " + 
-                e.toString());
+            CMS.debug("IssuerAltNameExtDefault: getValue " +
+                    e.toString());
         }
         return null;
     }
@@ -275,7 +269,7 @@ public class IssuerAltNameExtDefault extends EnrollExtDefault {
      * Populates the request with this policy default.
      */
     public void populate(IRequest request, X509CertInfo info)
-        throws EProfileException {
+            throws EProfileException {
         IssuerAlternativeNameExtension ext = null;
 
         try {
@@ -284,35 +278,35 @@ public class IssuerAltNameExtDefault extends EnrollExtDefault {
         } catch (IOException e) {
             CMS.debug("IssuerAltNameExtDefault: populate " + e.toString());
         }
-        addExtension(PKIXExtensions.IssuerAlternativeName_Id.toString(), 
-            ext, info);
+        addExtension(PKIXExtensions.IssuerAlternativeName_Id.toString(),
+                ext, info);
     }
 
-    public IssuerAlternativeNameExtension createExtension(IRequest request) 
-        throws IOException {
-        IssuerAlternativeNameExtension ext = null; 
+    public IssuerAlternativeNameExtension createExtension(IRequest request)
+            throws IOException {
+        IssuerAlternativeNameExtension ext = null;
 
         try {
             ext = new IssuerAlternativeNameExtension();
         } catch (Exception e) {
             CMS.debug(e.toString());
-            throw new IOException( e.toString() );
+            throw new IOException(e.toString());
         }
         boolean critical = Boolean.valueOf(
-                getConfig(CONFIG_CRITICAL)).booleanValue(); 
+                getConfig(CONFIG_CRITICAL)).booleanValue();
         String pattern = getConfig(CONFIG_PATTERN);
 
         if (!pattern.equals("")) {
-            GeneralNames gn = new GeneralNames(); 
+            GeneralNames gn = new GeneralNames();
 
             String gname = "";
 
-            if(request != null)  {
+            if (request != null) {
                 gname = mapPattern(request, pattern);
             }
 
             gn.addElement(parseGeneralName(
-                    getConfig(CONFIG_TYPE) + ":" + gname)); 
+                    getConfig(CONFIG_TYPE) + ":" + gname));
             ext.set(IssuerAlternativeNameExtension.ISSUER_NAME, gn);
         }
         ext.setCritical(critical);
diff --git a/pki/base/common/src/com/netscape/cms/profile/def/KeyUsageExtDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/KeyUsageExtDefault.java
index c8ed9281..4547a0f5 100644
--- a/pki/base/common/src/com/netscape/cms/profile/def/KeyUsageExtDefault.java
+++ b/pki/base/common/src/com/netscape/cms/profile/def/KeyUsageExtDefault.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.profile.def;
 
-
 import java.io.IOException;
 import java.util.Locale;
 
@@ -34,25 +33,23 @@ import com.netscape.certsrv.property.EPropertyException;
 import com.netscape.certsrv.property.IDescriptor;
 import com.netscape.certsrv.request.IRequest;
 
-
 /**
- * This class implements an enrollment default policy
- * that populates a Key Usage extension
- * into the certificate template.
- *
+ * This class implements an enrollment default policy that populates a Key Usage
+ * extension into the certificate template.
+ * 
  * @version $Revision$, $Date$
  */
 public class KeyUsageExtDefault extends EnrollExtDefault {
 
     public static final String CONFIG_CRITICAL = "keyUsageCritical";
-    public static final String CONFIG_DIGITAL_SIGNATURE = 
-        "keyUsageDigitalSignature";
-    public static final String CONFIG_NON_REPUDIATION = 
-        "keyUsageNonRepudiation";
-    public static final String CONFIG_KEY_ENCIPHERMENT = 
-        "keyUsageKeyEncipherment";
-    public static final String CONFIG_DATA_ENCIPHERMENT = 
-        "keyUsageDataEncipherment";
+    public static final String CONFIG_DIGITAL_SIGNATURE =
+            "keyUsageDigitalSignature";
+    public static final String CONFIG_NON_REPUDIATION =
+            "keyUsageNonRepudiation";
+    public static final String CONFIG_KEY_ENCIPHERMENT =
+            "keyUsageKeyEncipherment";
+    public static final String CONFIG_DATA_ENCIPHERMENT =
+            "keyUsageDataEncipherment";
     public static final String CONFIG_KEY_AGREEMENT = "keyUsageKeyAgreement";
     public static final String CONFIG_KEY_CERTSIGN = "keyUsageKeyCertSign";
     public static final String CONFIG_CRL_SIGN = "keyUsageCrlSign";
@@ -60,14 +57,14 @@ public class KeyUsageExtDefault extends EnrollExtDefault {
     public static final String CONFIG_DECIPHER_ONLY = "keyUsageDecipherOnly";
 
     public static final String VAL_CRITICAL = "keyUsageCritical";
-    public static final String VAL_DIGITAL_SIGNATURE = 
-        "keyUsageDigitalSignature";
-    public static final String VAL_NON_REPUDIATION = 
-        "keyUsageNonRepudiation";
-    public static final String VAL_KEY_ENCIPHERMENT = 
-        "keyUsageKeyEncipherment";
-    public static final String VAL_DATA_ENCIPHERMENT = 
-        "keyUsageDataEncipherment";
+    public static final String VAL_DIGITAL_SIGNATURE =
+            "keyUsageDigitalSignature";
+    public static final String VAL_NON_REPUDIATION =
+            "keyUsageNonRepudiation";
+    public static final String VAL_KEY_ENCIPHERMENT =
+            "keyUsageKeyEncipherment";
+    public static final String VAL_DATA_ENCIPHERMENT =
+            "keyUsageDataEncipherment";
     public static final String VAL_KEY_AGREEMENT = "keyUsageKeyAgreement";
     public static final String VAL_KEY_CERTSIGN = "keyUsageKeyCertSign";
     public static final String VAL_CRL_SIGN = "keyUsageCrlSign";
@@ -100,21 +97,21 @@ public class KeyUsageExtDefault extends EnrollExtDefault {
     }
 
     public void init(IProfile profile, IConfigStore config)
-        throws EProfileException {
+            throws EProfileException {
         super.init(profile, config);
     }
 
-    public IDescriptor getConfigDescriptor(Locale locale, String name) { 
+    public IDescriptor getConfigDescriptor(Locale locale, String name) {
         if (name.equals(CONFIG_CRITICAL)) {
-            return new Descriptor(IDescriptor.BOOLEAN, null, 
+            return new Descriptor(IDescriptor.BOOLEAN, null,
                     "false",
                     CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL"));
         } else if (name.equals(CONFIG_DIGITAL_SIGNATURE)) {
-            return new Descriptor(IDescriptor.BOOLEAN, null, 
+            return new Descriptor(IDescriptor.BOOLEAN, null,
                     "false",
                     CMS.getUserMessage(locale, "CMS_PROFILE_DIGITAL_SIGNATURE"));
         } else if (name.equals(CONFIG_NON_REPUDIATION)) {
-            return new Descriptor(IDescriptor.BOOLEAN, null, 
+            return new Descriptor(IDescriptor.BOOLEAN, null,
                     "false",
                     CMS.getUserMessage(locale, "CMS_PROFILE_NON_REPUDIATION"));
         } else if (name.equals(CONFIG_KEY_ENCIPHERMENT)) {
@@ -152,15 +149,15 @@ public class KeyUsageExtDefault extends EnrollExtDefault {
 
     public IDescriptor getValueDescriptor(Locale locale, String name) {
         if (name.equals(VAL_CRITICAL)) {
-            return new Descriptor(IDescriptor.BOOLEAN, null, 
+            return new Descriptor(IDescriptor.BOOLEAN, null,
                     "false",
                     CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL"));
         } else if (name.equals(VAL_DIGITAL_SIGNATURE)) {
-            return new Descriptor(IDescriptor.BOOLEAN, null, 
+            return new Descriptor(IDescriptor.BOOLEAN, null,
                     "false",
                     CMS.getUserMessage(locale, "CMS_PROFILE_DIGITAL_SIGNATURE"));
         } else if (name.equals(VAL_NON_REPUDIATION)) {
-            return new Descriptor(IDescriptor.BOOLEAN, null, 
+            return new Descriptor(IDescriptor.BOOLEAN, null,
                     "false",
                     CMS.getUserMessage(locale, "CMS_PROFILE_NON_REPUDIATION"));
         } else if (name.equals(VAL_KEY_ENCIPHERMENT)) {
@@ -197,158 +194,157 @@ public class KeyUsageExtDefault extends EnrollExtDefault {
     }
 
     public void setValue(String name, Locale locale,
-        X509CertInfo info, String value)
-        throws EPropertyException {
+            X509CertInfo info, String value)
+            throws EPropertyException {
         try {
             KeyUsageExtension ext = null;
 
-            if (name == null) { 
-                throw new EPropertyException(CMS.getUserMessage( 
+            if (name == null) {
+                throw new EPropertyException(CMS.getUserMessage(
                             locale, "CMS_INVALID_PROPERTY", name));
             }
 
             ext = (KeyUsageExtension)
-                        getExtension(PKIXExtensions.KeyUsage_Id.toString(), info); 
+                        getExtension(PKIXExtensions.KeyUsage_Id.toString(), info);
 
-            if(ext == null)  {
-                populate(null,info);
+            if (ext == null) {
+                populate(null, info);
 
             }
-             
+
             if (name.equals(VAL_CRITICAL)) {
                 ext = (KeyUsageExtension)
                         getExtension(PKIXExtensions.KeyUsage_Id.toString(), info);
-                boolean val = Boolean.valueOf(value).booleanValue(); 
+                boolean val = Boolean.valueOf(value).booleanValue();
 
-                if(ext == null)  {
+                if (ext == null) {
                     return;
                 }
                 ext.setCritical(val);
-            } else if (name.equals(VAL_DIGITAL_SIGNATURE)) { 
+            } else if (name.equals(VAL_DIGITAL_SIGNATURE)) {
                 ext = (KeyUsageExtension)
                         getExtension(PKIXExtensions.KeyUsage_Id.toString(), info);
-                if(ext == null)  {
+                if (ext == null) {
                     return;
                 }
-                Boolean val = Boolean.valueOf(value); 
+                Boolean val = Boolean.valueOf(value);
 
                 ext.set(KeyUsageExtension.DIGITAL_SIGNATURE, val);
             } else if (name.equals(VAL_NON_REPUDIATION)) {
                 ext = (KeyUsageExtension)
                         getExtension(PKIXExtensions.KeyUsage_Id.toString(), info);
-                if(ext == null)  {
+                if (ext == null) {
                     return;
                 }
-                Boolean val = Boolean.valueOf(value); 
+                Boolean val = Boolean.valueOf(value);
 
                 ext.set(KeyUsageExtension.NON_REPUDIATION, val);
             } else if (name.equals(VAL_KEY_ENCIPHERMENT)) {
                 ext = (KeyUsageExtension)
                         getExtension(PKIXExtensions.KeyUsage_Id.toString(), info);
-                if(ext == null)  {
+                if (ext == null) {
                     return;
                 }
-                Boolean val = Boolean.valueOf(value); 
+                Boolean val = Boolean.valueOf(value);
 
                 ext.set(KeyUsageExtension.KEY_ENCIPHERMENT, val);
             } else if (name.equals(VAL_DATA_ENCIPHERMENT)) {
                 ext = (KeyUsageExtension)
                         getExtension(PKIXExtensions.KeyUsage_Id.toString(), info);
-                if(ext == null)  {
+                if (ext == null) {
                     return;
                 }
-                Boolean val = Boolean.valueOf(value); 
+                Boolean val = Boolean.valueOf(value);
 
                 ext.set(KeyUsageExtension.DATA_ENCIPHERMENT, val);
             } else if (name.equals(VAL_KEY_AGREEMENT)) {
                 ext = (KeyUsageExtension)
                         getExtension(PKIXExtensions.KeyUsage_Id.toString(), info);
-                if(ext == null)  {
+                if (ext == null) {
                     return;
                 }
-                Boolean val = Boolean.valueOf(value); 
+                Boolean val = Boolean.valueOf(value);
 
                 ext.set(KeyUsageExtension.KEY_AGREEMENT, val);
             } else if (name.equals(VAL_KEY_CERTSIGN)) {
                 ext = (KeyUsageExtension)
                         getExtension(PKIXExtensions.KeyUsage_Id.toString(), info);
-                if(ext == null)  {
+                if (ext == null) {
                     return;
                 }
-                Boolean val = Boolean.valueOf(value); 
+                Boolean val = Boolean.valueOf(value);
 
                 ext.set(KeyUsageExtension.KEY_CERTSIGN, val);
             } else if (name.equals(VAL_CRL_SIGN)) {
                 ext = (KeyUsageExtension)
                         getExtension(PKIXExtensions.KeyUsage_Id.toString(), info);
-                if(ext == null)  {
+                if (ext == null) {
                     return;
                 }
-                Boolean val = Boolean.valueOf(value); 
+                Boolean val = Boolean.valueOf(value);
 
                 ext.set(KeyUsageExtension.CRL_SIGN, val);
             } else if (name.equals(VAL_ENCIPHER_ONLY)) {
                 ext = (KeyUsageExtension)
                         getExtension(PKIXExtensions.KeyUsage_Id.toString(), info);
-                if(ext == null)  {
+                if (ext == null) {
                     return;
                 }
-                Boolean val = Boolean.valueOf(value); 
+                Boolean val = Boolean.valueOf(value);
 
                 ext.set(KeyUsageExtension.ENCIPHER_ONLY, val);
             } else if (name.equals(VAL_DECIPHER_ONLY)) {
                 ext = (KeyUsageExtension)
                         getExtension(PKIXExtensions.KeyUsage_Id.toString(), info);
-                if(ext == null)  {
+                if (ext == null) {
                     return;
                 }
-                Boolean val = Boolean.valueOf(value); 
+                Boolean val = Boolean.valueOf(value);
 
                 ext.set(KeyUsageExtension.DECIPHER_ONLY, val);
             } else {
-                throw new EPropertyException(CMS.getUserMessage( 
+                throw new EPropertyException(CMS.getUserMessage(
                             locale, "CMS_INVALID_PROPERTY", name));
             }
 
             replaceExtension(PKIXExtensions.KeyUsage_Id.toString(), ext, info);
         } catch (IOException e) {
             CMS.debug("KeyUsageExtDefault: setValue " + e.toString());
-            throw new EPropertyException(CMS.getUserMessage( 
+            throw new EPropertyException(CMS.getUserMessage(
                         locale, "CMS_INVALID_PROPERTY", name));
         } catch (EProfileException e) {
             CMS.debug("KeyUsageExtDefault: setValue " + e.toString());
-            throw new EPropertyException(CMS.getUserMessage( 
+            throw new EPropertyException(CMS.getUserMessage(
                         locale, "CMS_INVALID_PROPERTY", name));
         }
     }
 
     public String getValue(String name, Locale locale,
-        X509CertInfo info)
-        throws EPropertyException {
+            X509CertInfo info)
+            throws EPropertyException {
         try {
             if (name == null) {
-                throw new EPropertyException(CMS.getUserMessage( 
+                throw new EPropertyException(CMS.getUserMessage(
                             locale, "CMS_INVALID_PROPERTY", name));
             }
 
             KeyUsageExtension ext = (KeyUsageExtension)
                     getExtension(PKIXExtensions.KeyUsage_Id.toString(), info);
 
-            if(ext == null)
-            {
+            if (ext == null) {
                 try {
-                    populate(null,info);
+                    populate(null, info);
 
                 } catch (EProfileException e) {
-                     throw new EPropertyException(CMS.getUserMessage(
-                          locale, "CMS_INVALID_PROPERTY", name));
+                    throw new EPropertyException(CMS.getUserMessage(
+                            locale, "CMS_INVALID_PROPERTY", name));
                 }
 
             }
 
             if (name.equals(VAL_CRITICAL)) {
                 ext = (KeyUsageExtension)
-                    getExtension(PKIXExtensions.KeyUsage_Id.toString(), info);
+                        getExtension(PKIXExtensions.KeyUsage_Id.toString(), info);
 
                 if (ext == null) {
                     return null;
@@ -360,117 +356,117 @@ public class KeyUsageExtDefault extends EnrollExtDefault {
                 }
             } else if (name.equals(VAL_DIGITAL_SIGNATURE)) {
                 ext = (KeyUsageExtension)
-                    getExtension(PKIXExtensions.KeyUsage_Id.toString(), info);
+                        getExtension(PKIXExtensions.KeyUsage_Id.toString(), info);
                 if (ext == null) {
                     return null;
                 }
 
                 Boolean val = (Boolean)
-                    ext.get(KeyUsageExtension.DIGITAL_SIGNATURE);
+                        ext.get(KeyUsageExtension.DIGITAL_SIGNATURE);
 
                 return val.toString();
             } else if (name.equals(VAL_NON_REPUDIATION)) {
                 ext = (KeyUsageExtension)
-                    getExtension(PKIXExtensions.KeyUsage_Id.toString(), info);
+                        getExtension(PKIXExtensions.KeyUsage_Id.toString(), info);
                 if (ext == null) {
                     return null;
                 }
                 Boolean val = (Boolean)
-                    ext.get(KeyUsageExtension.NON_REPUDIATION);
+                        ext.get(KeyUsageExtension.NON_REPUDIATION);
 
                 return val.toString();
             } else if (name.equals(VAL_KEY_ENCIPHERMENT)) {
                 ext = (KeyUsageExtension)
-                    getExtension(PKIXExtensions.KeyUsage_Id.toString(), info);
+                        getExtension(PKIXExtensions.KeyUsage_Id.toString(), info);
                 if (ext == null) {
                     return null;
                 }
                 Boolean val = (Boolean)
-                    ext.get(KeyUsageExtension.KEY_ENCIPHERMENT);
+                        ext.get(KeyUsageExtension.KEY_ENCIPHERMENT);
 
                 return val.toString();
             } else if (name.equals(VAL_DATA_ENCIPHERMENT)) {
                 ext = (KeyUsageExtension)
-                    getExtension(PKIXExtensions.KeyUsage_Id.toString(), info);
+                        getExtension(PKIXExtensions.KeyUsage_Id.toString(), info);
                 if (ext == null) {
                     return null;
                 }
                 Boolean val = (Boolean)
-                    ext.get(KeyUsageExtension.DATA_ENCIPHERMENT);
+                        ext.get(KeyUsageExtension.DATA_ENCIPHERMENT);
 
                 return val.toString();
             } else if (name.equals(VAL_KEY_AGREEMENT)) {
                 ext = (KeyUsageExtension)
-                    getExtension(PKIXExtensions.KeyUsage_Id.toString(), info);
+                        getExtension(PKIXExtensions.KeyUsage_Id.toString(), info);
                 if (ext == null) {
                     return null;
                 }
                 Boolean val = (Boolean)
-                    ext.get(KeyUsageExtension.KEY_AGREEMENT);
+                        ext.get(KeyUsageExtension.KEY_AGREEMENT);
 
                 return val.toString();
             } else if (name.equals(VAL_KEY_CERTSIGN)) {
                 ext = (KeyUsageExtension)
-                    getExtension(PKIXExtensions.KeyUsage_Id.toString(), info);
+                        getExtension(PKIXExtensions.KeyUsage_Id.toString(), info);
                 if (ext == null) {
                     return null;
                 }
                 Boolean val = (Boolean)
-                    ext.get(KeyUsageExtension.KEY_CERTSIGN);
+                        ext.get(KeyUsageExtension.KEY_CERTSIGN);
 
                 return val.toString();
             } else if (name.equals(VAL_CRL_SIGN)) {
                 ext = (KeyUsageExtension)
-                    getExtension(PKIXExtensions.KeyUsage_Id.toString(), info);
+                        getExtension(PKIXExtensions.KeyUsage_Id.toString(), info);
                 if (ext == null) {
                     return null;
                 }
                 Boolean val = (Boolean)
-                    ext.get(KeyUsageExtension.CRL_SIGN);
+                        ext.get(KeyUsageExtension.CRL_SIGN);
 
                 return val.toString();
             } else if (name.equals(VAL_ENCIPHER_ONLY)) {
                 ext = (KeyUsageExtension)
-                    getExtension(PKIXExtensions.KeyUsage_Id.toString(), info);
+                        getExtension(PKIXExtensions.KeyUsage_Id.toString(), info);
                 if (ext == null) {
                     return null;
                 }
                 Boolean val = (Boolean)
-                    ext.get(KeyUsageExtension.ENCIPHER_ONLY);
+                        ext.get(KeyUsageExtension.ENCIPHER_ONLY);
 
                 return val.toString();
             } else if (name.equals(VAL_DECIPHER_ONLY)) {
                 ext = (KeyUsageExtension)
-                    getExtension(PKIXExtensions.KeyUsage_Id.toString(), info);
+                        getExtension(PKIXExtensions.KeyUsage_Id.toString(), info);
                 if (ext == null) {
                     return null;
                 }
                 Boolean val = (Boolean)
-                    ext.get(KeyUsageExtension.DECIPHER_ONLY);
+                        ext.get(KeyUsageExtension.DECIPHER_ONLY);
 
                 return val.toString();
             } else {
-                throw new EPropertyException(CMS.getUserMessage( 
+                throw new EPropertyException(CMS.getUserMessage(
                             locale, "CMS_INVALID_PROPERTY", name));
             }
         } catch (IOException e) {
             CMS.debug("KeyUsageExtDefault: getValue " + e.toString());
-            throw new EPropertyException(CMS.getUserMessage( 
+            throw new EPropertyException(CMS.getUserMessage(
                         locale, "CMS_INVALID_PROPERTY", name));
         }
     }
 
     public String getText(Locale locale) {
         String params[] = {
-                getConfig(CONFIG_CRITICAL), 
-                getConfig(CONFIG_DIGITAL_SIGNATURE), 
-                getConfig(CONFIG_NON_REPUDIATION), 
-                getConfig(CONFIG_KEY_ENCIPHERMENT), 
-                getConfig(CONFIG_DATA_ENCIPHERMENT), 
-                getConfig(CONFIG_KEY_AGREEMENT), 
-                getConfig(CONFIG_KEY_CERTSIGN), 
-                getConfig(CONFIG_CRL_SIGN), 
-                getConfig(CONFIG_ENCIPHER_ONLY), 
+                getConfig(CONFIG_CRITICAL),
+                getConfig(CONFIG_DIGITAL_SIGNATURE),
+                getConfig(CONFIG_NON_REPUDIATION),
+                getConfig(CONFIG_KEY_ENCIPHERMENT),
+                getConfig(CONFIG_DATA_ENCIPHERMENT),
+                getConfig(CONFIG_KEY_AGREEMENT),
+                getConfig(CONFIG_KEY_CERTSIGN),
+                getConfig(CONFIG_CRL_SIGN),
+                getConfig(CONFIG_ENCIPHER_ONLY),
                 getConfig(CONFIG_DECIPHER_ONLY)
             };
 
@@ -482,14 +478,14 @@ public class KeyUsageExtDefault extends EnrollExtDefault {
      * Populates the request with this policy default.
      */
     public void populate(IRequest request, X509CertInfo info)
-        throws EProfileException {
+            throws EProfileException {
         KeyUsageExtension ext = createKeyUsageExtension();
 
         addExtension(PKIXExtensions.KeyUsage_Id.toString(), ext, info);
     }
 
     public KeyUsageExtension createKeyUsageExtension() {
-        KeyUsageExtension ext = null; 
+        KeyUsageExtension ext = null;
         boolean[] bits = new boolean[KeyUsageExtension.NBITS];
 
         boolean critical = getConfigBoolean(CONFIG_CRITICAL);
@@ -506,8 +502,8 @@ public class KeyUsageExtDefault extends EnrollExtDefault {
         try {
             ext = new KeyUsageExtension(critical, bits);
         } catch (Exception e) {
-            CMS.debug("KeyUsageExtDefault: createKeyUsageExtension " + 
-                e.toString());
+            CMS.debug("KeyUsageExtDefault: createKeyUsageExtension " +
+                    e.toString());
         }
         return ext;
     }
diff --git a/pki/base/common/src/com/netscape/cms/profile/def/NSCCommentExtDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/NSCCommentExtDefault.java
index 01e92d6a..19cd23fa 100644
--- a/pki/base/common/src/com/netscape/cms/profile/def/NSCCommentExtDefault.java
+++ b/pki/base/common/src/com/netscape/cms/profile/def/NSCCommentExtDefault.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.profile.def;
 
-
 import java.io.IOException;
 import java.util.Locale;
 
@@ -34,12 +33,10 @@ import com.netscape.certsrv.property.EPropertyException;
 import com.netscape.certsrv.property.IDescriptor;
 import com.netscape.certsrv.request.IRequest;
 
-
 /**
- * This class implements an enrollment default policy
- * that populates a Netscape comment extension
- * into the certificate template.
- *
+ * This class implements an enrollment default policy that populates a Netscape
+ * comment extension into the certificate template.
+ * 
  * @version $Revision$, $Date$
  */
 public class NSCCommentExtDefault extends EnrollExtDefault {
@@ -60,13 +57,13 @@ public class NSCCommentExtDefault extends EnrollExtDefault {
     }
 
     public void init(IProfile profile, IConfigStore config)
-        throws EProfileException {
+            throws EProfileException {
         super.init(profile, config);
     }
 
-    public IDescriptor getConfigDescriptor(Locale locale, String name) { 
+    public IDescriptor getConfigDescriptor(Locale locale, String name) {
         if (name.equals(CONFIG_CRITICAL)) {
-            return new Descriptor(IDescriptor.BOOLEAN, null, 
+            return new Descriptor(IDescriptor.BOOLEAN, null,
                     "false",
                     CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL"));
         } else if (name.equals(CONFIG_COMMENT)) {
@@ -80,7 +77,7 @@ public class NSCCommentExtDefault extends EnrollExtDefault {
 
     public IDescriptor getValueDescriptor(Locale locale, String name) {
         if (name.equals(VAL_CRITICAL)) {
-            return new Descriptor(IDescriptor.BOOLEAN, null, 
+            return new Descriptor(IDescriptor.BOOLEAN, null,
                     "false",
                     CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL"));
         } else if (name.equals(VAL_COMMENT)) {
@@ -93,13 +90,13 @@ public class NSCCommentExtDefault extends EnrollExtDefault {
     }
 
     public void setValue(String name, Locale locale,
-        X509CertInfo info, String value)
-        throws EPropertyException {
+            X509CertInfo info, String value)
+            throws EPropertyException {
         try {
             NSCCommentExtension ext = null;
 
             if (name == null) {
-                throw new EPropertyException(CMS.getUserMessage( 
+                throw new EPropertyException(CMS.getUserMessage(
                             locale, "CMS_INVALID_PROPERTY", name));
             }
 
@@ -108,8 +105,8 @@ public class NSCCommentExtDefault extends EnrollExtDefault {
             ext = (NSCCommentExtension)
                         getExtension(oid.toString(), info);
 
-            if(ext == null)  {
-                populate(null,info);
+            if (ext == null) {
+                populate(null, info);
             }
 
             if (name.equals(VAL_CRITICAL)) {
@@ -118,27 +115,27 @@ public class NSCCommentExtDefault extends EnrollExtDefault {
                         getExtension(oid.toString(), info);
                 boolean val = Boolean.valueOf(value).booleanValue();
 
-                if (ext == null)  {
+                if (ext == null) {
                     return;
                 }
-                ext.setCritical(val); 
-            } else if (name.equals(VAL_COMMENT)) { 
+                ext.setCritical(val);
+            } else if (name.equals(VAL_COMMENT)) {
 
                 ext = (NSCCommentExtension)
                         getExtension(oid.toString(), info);
 
-                if (ext == null)  {
+                if (ext == null) {
                     return;
                 }
                 boolean critical = ext.isCritical();
 
                 if (value == null || value.equals(""))
                     ext = new NSCCommentExtension(critical, "");
-                    //                    throw new EPropertyException(name+" cannot be empty");
+                // throw new EPropertyException(name+" cannot be empty");
                 else
                     ext = new NSCCommentExtension(critical, value);
             } else {
-                throw new EPropertyException(CMS.getUserMessage( 
+                throw new EPropertyException(CMS.getUserMessage(
                             locale, "CMS_INVALID_PROPERTY", name));
             }
 
@@ -151,12 +148,12 @@ public class NSCCommentExtDefault extends EnrollExtDefault {
     }
 
     public String getValue(String name, Locale locale,
-        X509CertInfo info)
-        throws EPropertyException {
+            X509CertInfo info)
+            throws EPropertyException {
         NSCCommentExtension ext = null;
 
         if (name == null) {
-            throw new EPropertyException(CMS.getUserMessage( 
+            throw new EPropertyException(CMS.getUserMessage(
                         locale, "CMS_INVALID_PROPERTY", name));
         }
 
@@ -165,14 +162,13 @@ public class NSCCommentExtDefault extends EnrollExtDefault {
         ext = (NSCCommentExtension)
                     getExtension(oid.toString(), info);
 
-        if(ext == null)
-        {
+        if (ext == null) {
             try {
-                populate(null,info);
+                populate(null, info);
 
             } catch (EProfileException e) {
-                 throw new EPropertyException(CMS.getUserMessage(
-                      locale, "CMS_INVALID_PROPERTY", name));
+                throw new EPropertyException(CMS.getUserMessage(
+                        locale, "CMS_INVALID_PROPERTY", name));
             }
 
         }
@@ -190,7 +186,7 @@ public class NSCCommentExtDefault extends EnrollExtDefault {
             } else {
                 return "false";
             }
-        } else if (name.equals(VAL_COMMENT)) { 
+        } else if (name.equals(VAL_COMMENT)) {
 
             ext = (NSCCommentExtension)
                     getExtension(oid.toString(), info);
@@ -202,17 +198,17 @@ public class NSCCommentExtDefault extends EnrollExtDefault {
 
             if (comment == null)
                 comment = "";
-   
+
             return comment;
         } else {
-            throw new EPropertyException(CMS.getUserMessage( 
+            throw new EPropertyException(CMS.getUserMessage(
                         locale, "CMS_INVALID_PROPERTY", name));
         }
     }
 
     public String getText(Locale locale) {
         String params[] = {
-                getConfig(CONFIG_CRITICAL), 
+                getConfig(CONFIG_CRITICAL),
                 getConfig(CONFIG_COMMENT)
             };
 
@@ -223,14 +219,14 @@ public class NSCCommentExtDefault extends EnrollExtDefault {
      * Populates the request with this policy default.
      */
     public void populate(IRequest request, X509CertInfo info)
-        throws EProfileException {
+            throws EProfileException {
         NSCCommentExtension ext = createExtension();
 
         addExtension(ext.getExtensionId().toString(), ext, info);
     }
 
     public NSCCommentExtension createExtension() {
-        NSCCommentExtension ext = null; 
+        NSCCommentExtension ext = null;
 
         try {
             boolean critical = getConfigBoolean(CONFIG_CRITICAL);
@@ -241,8 +237,8 @@ public class NSCCommentExtDefault extends EnrollExtDefault {
             else
                 ext = new NSCCommentExtension(critical, comment);
         } catch (Exception e) {
-            CMS.debug("NSCCommentExtension: createExtension " + 
-                e.toString());
+            CMS.debug("NSCCommentExtension: createExtension " +
+                    e.toString());
         }
         return ext;
     }
diff --git a/pki/base/common/src/com/netscape/cms/profile/def/NSCertTypeExtDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/NSCertTypeExtDefault.java
index e3438ccf..68a12c28 100644
--- a/pki/base/common/src/com/netscape/cms/profile/def/NSCertTypeExtDefault.java
+++ b/pki/base/common/src/com/netscape/cms/profile/def/NSCertTypeExtDefault.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.profile.def;
 
-
 import java.security.cert.CertificateException;
 import java.util.Locale;
 
@@ -33,12 +32,10 @@ import com.netscape.certsrv.property.EPropertyException;
 import com.netscape.certsrv.property.IDescriptor;
 import com.netscape.certsrv.request.IRequest;
 
-
 /**
- * This class implements an enrollment default policy
- * that populates a Netscape Certificate Type extension
- * into the certificate template.
- *
+ * This class implements an enrollment default policy that populates a Netscape
+ * Certificate Type extension into the certificate template.
+ * 
  * @version $Revision$, $Date$
  */
 public class NSCertTypeExtDefault extends EnrollExtDefault {
@@ -83,11 +80,11 @@ public class NSCertTypeExtDefault extends EnrollExtDefault {
     }
 
     public void init(IProfile profile, IConfigStore config)
-        throws EProfileException {
+            throws EProfileException {
         super.init(profile, config);
     }
 
-    public IDescriptor getConfigDescriptor(Locale locale, String name) { 
+    public IDescriptor getConfigDescriptor(Locale locale, String name) {
         if (name.equals(CONFIG_CRITICAL)) {
             return new Descriptor(IDescriptor.BOOLEAN, null,
                     "false",
@@ -127,7 +124,7 @@ public class NSCertTypeExtDefault extends EnrollExtDefault {
 
     public IDescriptor getValueDescriptor(Locale locale, String name) {
         if (name.equals(VAL_CRITICAL)) {
-            return new Descriptor(IDescriptor.BOOLEAN, null, 
+            return new Descriptor(IDescriptor.BOOLEAN, null,
                     "false",
                     CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL"));
         } else if (name.equals(VAL_SSL_CLIENT)) {
@@ -135,7 +132,7 @@ public class NSCertTypeExtDefault extends EnrollExtDefault {
                     "false",
                     CMS.getUserMessage(locale, "CMS_PROFILE_SSL_CLIENT"));
         } else if (name.equals(VAL_SSL_SERVER)) {
-            return new Descriptor(IDescriptor.BOOLEAN, null, 
+            return new Descriptor(IDescriptor.BOOLEAN, null,
                     "false",
                     CMS.getUserMessage(locale, "CMS_PROFILE_SSL_SERVER"));
         } else if (name.equals(VAL_EMAIL)) {
@@ -155,7 +152,7 @@ public class NSCertTypeExtDefault extends EnrollExtDefault {
                     "false",
                     CMS.getUserMessage(locale, "CMS_PROFILE_EMAIL_CA"));
         } else if (name.equals(VAL_OBJECT_SIGNING_CA)) {
-            return new Descriptor(IDescriptor.BOOLEAN, null, 
+            return new Descriptor(IDescriptor.BOOLEAN, null,
                     "false",
                     CMS.getUserMessage(locale, "CMS_PROFILE_OBJECT_SIGNING_CA"));
         } else {
@@ -164,8 +161,8 @@ public class NSCertTypeExtDefault extends EnrollExtDefault {
     }
 
     public void setValue(String name, Locale locale,
-        X509CertInfo info, String value)
-        throws EPropertyException {
+            X509CertInfo info, String value)
+            throws EPropertyException {
         try {
             NSCertTypeExtension ext = null;
 
@@ -174,12 +171,11 @@ public class NSCertTypeExtDefault extends EnrollExtDefault {
                             locale, "CMS_INVALID_PROPERTY", name));
             }
 
-
             ext = (NSCertTypeExtension)
                         getExtension(NSCertTypeExtension.CertType_Id.toString(), info);
 
-            if(ext == null) {
-                populate(null,info);
+            if (ext == null) {
+                populate(null, info);
 
             }
             if (name.equals(VAL_CRITICAL)) {
@@ -187,69 +183,69 @@ public class NSCertTypeExtDefault extends EnrollExtDefault {
                         getExtension(NSCertTypeExtension.CertType_Id.toString(), info);
                 boolean val = Boolean.valueOf(value).booleanValue();
 
-                if(ext == null)  {
-                    return ;
+                if (ext == null) {
+                    return;
                 }
-                ext.setCritical(val); 
-            } else if (name.equals(VAL_SSL_CLIENT)) { 
+                ext.setCritical(val);
+            } else if (name.equals(VAL_SSL_CLIENT)) {
                 ext = (NSCertTypeExtension)
                         getExtension(NSCertTypeExtension.CertType_Id.toString(), info);
-                if(ext == null)  {
-                    return ;
+                if (ext == null) {
+                    return;
                 }
                 Boolean val = Boolean.valueOf(value);
 
                 ext.set(NSCertTypeExtension.SSL_CLIENT, val);
-            } else if (name.equals(VAL_SSL_SERVER)) { 
+            } else if (name.equals(VAL_SSL_SERVER)) {
                 ext = (NSCertTypeExtension)
                         getExtension(NSCertTypeExtension.CertType_Id.toString(), info);
-                if(ext == null)  {
-                    return ;
+                if (ext == null) {
+                    return;
                 }
                 Boolean val = Boolean.valueOf(value);
 
                 ext.set(NSCertTypeExtension.SSL_SERVER, val);
-            } else if (name.equals(VAL_EMAIL)) { 
+            } else if (name.equals(VAL_EMAIL)) {
                 ext = (NSCertTypeExtension)
                         getExtension(NSCertTypeExtension.CertType_Id.toString(), info);
-                if(ext == null)  {
-                    return ;
+                if (ext == null) {
+                    return;
                 }
                 Boolean val = Boolean.valueOf(value);
 
                 ext.set(NSCertTypeExtension.EMAIL, val);
-            } else if (name.equals(VAL_OBJECT_SIGNING)) { 
+            } else if (name.equals(VAL_OBJECT_SIGNING)) {
                 ext = (NSCertTypeExtension)
                         getExtension(NSCertTypeExtension.CertType_Id.toString(), info);
-                if(ext == null)  {
-                    return ;
+                if (ext == null) {
+                    return;
                 }
                 Boolean val = Boolean.valueOf(value);
 
                 ext.set(NSCertTypeExtension.OBJECT_SIGNING, val);
-            } else if (name.equals(VAL_SSL_CA)) { 
+            } else if (name.equals(VAL_SSL_CA)) {
                 ext = (NSCertTypeExtension)
                         getExtension(NSCertTypeExtension.CertType_Id.toString(), info);
-                if(ext == null)  {
-                    return ;
+                if (ext == null) {
+                    return;
                 }
                 Boolean val = Boolean.valueOf(value);
 
                 ext.set(NSCertTypeExtension.SSL_CA, val);
-            } else if (name.equals(VAL_EMAIL_CA)) { 
+            } else if (name.equals(VAL_EMAIL_CA)) {
                 ext = (NSCertTypeExtension)
                         getExtension(NSCertTypeExtension.CertType_Id.toString(), info);
-                if(ext == null)  {
-                    return ;
+                if (ext == null) {
+                    return;
                 }
                 Boolean val = Boolean.valueOf(value);
 
                 ext.set(NSCertTypeExtension.EMAIL_CA, val);
-            } else if (name.equals(VAL_OBJECT_SIGNING_CA)) { 
+            } else if (name.equals(VAL_OBJECT_SIGNING_CA)) {
                 ext = (NSCertTypeExtension)
                         getExtension(NSCertTypeExtension.CertType_Id.toString(), info);
-                if(ext == null)  {
-                    return ;
+                if (ext == null) {
+                    return;
                 }
                 Boolean val = Boolean.valueOf(value);
 
@@ -266,31 +262,30 @@ public class NSCertTypeExtDefault extends EnrollExtDefault {
     }
 
     public String getValue(String name, Locale locale,
-        X509CertInfo info)
-        throws EPropertyException {
+            X509CertInfo info)
+            throws EPropertyException {
         try {
-            if (name == null) { 
-                throw new EPropertyException(CMS.getUserMessage( 
+            if (name == null) {
+                throw new EPropertyException(CMS.getUserMessage(
                             locale, "CMS_INVALID_PROPERTY", name));
             }
 
             NSCertTypeExtension ext = (NSCertTypeExtension)
                     getExtension(NSCertTypeExtension.CertType_Id.toString(), info);
 
-            if(ext == null)
-            {
+            if (ext == null) {
                 try {
-                    populate(null,info);
+                    populate(null, info);
 
                 } catch (EProfileException e) {
-                     throw new EPropertyException(CMS.getUserMessage(
-                          locale, "CMS_INVALID_PROPERTY", name));
+                    throw new EPropertyException(CMS.getUserMessage(
+                            locale, "CMS_INVALID_PROPERTY", name));
                 }
 
             }
             if (name.equals(VAL_CRITICAL)) {
                 ext = (NSCertTypeExtension)
-                    getExtension(NSCertTypeExtension.CertType_Id.toString(), info);
+                        getExtension(NSCertTypeExtension.CertType_Id.toString(), info);
 
                 if (ext == null) {
                     return null;
@@ -300,63 +295,63 @@ public class NSCertTypeExtDefault extends EnrollExtDefault {
                 } else {
                     return "false";
                 }
-            } else if (name.equals(VAL_SSL_CLIENT)) { 
+            } else if (name.equals(VAL_SSL_CLIENT)) {
                 ext = (NSCertTypeExtension)
-                    getExtension(NSCertTypeExtension.CertType_Id.toString(), info);
+                        getExtension(NSCertTypeExtension.CertType_Id.toString(), info);
                 if (ext == null) {
                     return null;
                 }
                 Boolean val = (Boolean) ext.get(NSCertTypeExtension.SSL_CLIENT);
 
                 return val.toString();
-            } else if (name.equals(VAL_SSL_SERVER)) { 
+            } else if (name.equals(VAL_SSL_SERVER)) {
                 ext = (NSCertTypeExtension)
-                    getExtension(NSCertTypeExtension.CertType_Id.toString(), info);
+                        getExtension(NSCertTypeExtension.CertType_Id.toString(), info);
                 if (ext == null) {
                     return null;
                 }
                 Boolean val = (Boolean) ext.get(NSCertTypeExtension.SSL_SERVER);
 
                 return val.toString();
-            } else if (name.equals(VAL_EMAIL)) { 
+            } else if (name.equals(VAL_EMAIL)) {
                 ext = (NSCertTypeExtension)
-                    getExtension(NSCertTypeExtension.CertType_Id.toString(), info);
+                        getExtension(NSCertTypeExtension.CertType_Id.toString(), info);
                 if (ext == null) {
                     return null;
                 }
                 Boolean val = (Boolean) ext.get(NSCertTypeExtension.EMAIL);
 
                 return val.toString();
-            } else if (name.equals(VAL_OBJECT_SIGNING)) { 
+            } else if (name.equals(VAL_OBJECT_SIGNING)) {
                 ext = (NSCertTypeExtension)
-                    getExtension(NSCertTypeExtension.CertType_Id.toString(), info);
+                        getExtension(NSCertTypeExtension.CertType_Id.toString(), info);
                 if (ext == null) {
                     return null;
                 }
                 Boolean val = (Boolean) ext.get(NSCertTypeExtension.OBJECT_SIGNING);
 
                 return val.toString();
-            } else if (name.equals(VAL_SSL_CA)) { 
+            } else if (name.equals(VAL_SSL_CA)) {
                 ext = (NSCertTypeExtension)
-                    getExtension(NSCertTypeExtension.CertType_Id.toString(), info);
+                        getExtension(NSCertTypeExtension.CertType_Id.toString(), info);
                 if (ext == null) {
                     return null;
                 }
                 Boolean val = (Boolean) ext.get(NSCertTypeExtension.SSL_CA);
 
                 return val.toString();
-            } else if (name.equals(VAL_EMAIL_CA)) { 
+            } else if (name.equals(VAL_EMAIL_CA)) {
                 ext = (NSCertTypeExtension)
-                    getExtension(NSCertTypeExtension.CertType_Id.toString(), info);
+                        getExtension(NSCertTypeExtension.CertType_Id.toString(), info);
                 if (ext == null) {
                     return null;
                 }
                 Boolean val = (Boolean) ext.get(NSCertTypeExtension.EMAIL_CA);
 
                 return val.toString();
-            } else if (name.equals(VAL_OBJECT_SIGNING_CA)) { 
+            } else if (name.equals(VAL_OBJECT_SIGNING_CA)) {
                 ext = (NSCertTypeExtension)
-                    getExtension(NSCertTypeExtension.CertType_Id.toString(), info);
+                        getExtension(NSCertTypeExtension.CertType_Id.toString(), info);
                 if (ext == null) {
                     return null;
                 }
@@ -364,7 +359,7 @@ public class NSCertTypeExtDefault extends EnrollExtDefault {
 
                 return val.toString();
             } else {
-                throw new EPropertyException(CMS.getUserMessage( 
+                throw new EPropertyException(CMS.getUserMessage(
                             locale, "CMS_INVALID_PROPERTY", name));
             }
         } catch (CertificateException e) {
@@ -375,13 +370,13 @@ public class NSCertTypeExtDefault extends EnrollExtDefault {
 
     public String getText(Locale locale) {
         String params[] = {
-                getConfig(CONFIG_CRITICAL), 
-                getConfig(CONFIG_SSL_CLIENT), 
-                getConfig(CONFIG_SSL_SERVER), 
-                getConfig(CONFIG_EMAIL), 
-                getConfig(CONFIG_OBJECT_SIGNING), 
-                getConfig(CONFIG_SSL_CA), 
-                getConfig(CONFIG_EMAIL_CA), 
+                getConfig(CONFIG_CRITICAL),
+                getConfig(CONFIG_SSL_CLIENT),
+                getConfig(CONFIG_SSL_SERVER),
+                getConfig(CONFIG_EMAIL),
+                getConfig(CONFIG_OBJECT_SIGNING),
+                getConfig(CONFIG_SSL_CA),
+                getConfig(CONFIG_EMAIL_CA),
                 getConfig(CONFIG_OBJECT_SIGNING_CA)
             };
 
@@ -393,14 +388,14 @@ public class NSCertTypeExtDefault extends EnrollExtDefault {
      * Populates the request with this policy default.
      */
     public void populate(IRequest request, X509CertInfo info)
-        throws EProfileException {
+            throws EProfileException {
         NSCertTypeExtension ext = createExtension();
 
         addExtension(NSCertTypeExtension.CertType_Id.toString(), ext, info);
     }
 
     public NSCertTypeExtension createExtension() {
-        NSCertTypeExtension ext = null; 
+        NSCertTypeExtension ext = null;
         boolean[] bits = new boolean[NSCertTypeExtension.NBITS];
 
         boolean critical = getConfigBoolean(CONFIG_CRITICAL);
@@ -415,8 +410,8 @@ public class NSCertTypeExtDefault extends EnrollExtDefault {
         try {
             ext = new NSCertTypeExtension(critical, bits);
         } catch (Exception e) {
-            CMS.debug("NSCertTypeExtDefault: createExtension " + 
-                e.toString());
+            CMS.debug("NSCertTypeExtDefault: createExtension " +
+                    e.toString());
         }
         return ext;
     }
diff --git a/pki/base/common/src/com/netscape/cms/profile/def/NameConstraintsExtDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/NameConstraintsExtDefault.java
index 7776238a..7471b0c7 100644
--- a/pki/base/common/src/com/netscape/cms/profile/def/NameConstraintsExtDefault.java
+++ b/pki/base/common/src/com/netscape/cms/profile/def/NameConstraintsExtDefault.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.profile.def;
 
-
 import java.io.IOException;
 import java.util.Enumeration;
 import java.util.Locale;
@@ -41,25 +40,23 @@ import com.netscape.certsrv.property.EPropertyException;
 import com.netscape.certsrv.property.IDescriptor;
 import com.netscape.certsrv.request.IRequest;
 
-
 /**
- * This class implements an enrollment default policy
- * that populates a name constraint extension
- * into the certificate template.
- *
+ * This class implements an enrollment default policy that populates a name
+ * constraint extension into the certificate template.
+ * 
  * @version $Revision$, $Date$
  */
 public class NameConstraintsExtDefault extends EnrollExtDefault {
 
     public static final String CONFIG_CRITICAL = "nameConstraintsCritical";
-    public static final String CONFIG_NUM_PERMITTED_SUBTREES = 
-        "nameConstraintsNumPermittedSubtrees";
+    public static final String CONFIG_NUM_PERMITTED_SUBTREES =
+            "nameConstraintsNumPermittedSubtrees";
     public static final String CONFIG_PERMITTED_MIN_VAL = "nameConstraintsPermittedSubtreeMinValue_";
     public static final String CONFIG_PERMITTED_MAX_VAL = "nameConstraintsPermittedSubtreeMaxValue_";
     public static final String CONFIG_PERMITTED_NAME_CHOICE = "nameConstraintsPermittedSubtreeNameChoice_";
     public static final String CONFIG_PERMITTED_NAME_VAL = "nameConstraintsPermittedSubtreeNameValue_";
     public static final String CONFIG_PERMITTED_ENABLE = "nameConstraintsPermittedSubtreeEnable_";
-    
+
     public static final String CONFIG_NUM_EXCLUDED_SUBTREES = "nameConstraintsNumExcludedSubtrees";
     public static final String CONFIG_EXCLUDED_MIN_VAL = "nameConstraintsExcludedSubtreeMinValue_";
     public static final String CONFIG_EXCLUDED_MAX_VAL = "nameConstraintsExcludedSubtreeMaxValue_";
@@ -87,7 +84,7 @@ public class NameConstraintsExtDefault extends EnrollExtDefault {
     }
 
     public void init(IProfile profile, IConfigStore config)
-        throws EProfileException {
+            throws EProfileException {
         super.init(profile, config);
         refreshConfigAndValueNames();
 
@@ -128,48 +125,47 @@ public class NameConstraintsExtDefault extends EnrollExtDefault {
         return num;
     }
 
-     public void setConfig(String name, String value)
-        throws EPropertyException {
+    public void setConfig(String name, String value)
+            throws EPropertyException {
         int num = 0;
         if (name.equals(CONFIG_NUM_PERMITTED_SUBTREES)) {
-          try {
-            num = Integer.parseInt(value);
+            try {
+                num = Integer.parseInt(value);
 
-            if (num >= MAX_NUM_PERMITTED_SUBTREES || num < 0) {
-                throw new EPropertyException(CMS.getUserMessage(
+                if (num >= MAX_NUM_PERMITTED_SUBTREES || num < 0) {
+                    throw new EPropertyException(CMS.getUserMessage(
                             "CMS_INVALID_PROPERTY", CONFIG_NUM_PERMITTED_SUBTREES));
-            }
+                }
 
-          } catch (Exception e) {
+            } catch (Exception e) {
                 throw new EPropertyException(CMS.getUserMessage(
                             "CMS_INVALID_PROPERTY", CONFIG_NUM_PERMITTED_SUBTREES));
-          }
-        } else if(name.equals(CONFIG_NUM_EXCLUDED_SUBTREES)) {
+            }
+        } else if (name.equals(CONFIG_NUM_EXCLUDED_SUBTREES)) {
 
             try {
-              num = Integer.parseInt(value);
+                num = Integer.parseInt(value);
 
-            if (num >= MAX_NUM_EXCLUDED_SUBTREES || num < 0) {
-                throw new EPropertyException(CMS.getUserMessage(
+                if (num >= MAX_NUM_EXCLUDED_SUBTREES || num < 0) {
+                    throw new EPropertyException(CMS.getUserMessage(
                             "CMS_INVALID_PROPERTY", CONFIG_NUM_EXCLUDED_SUBTREES));
-            }
+                }
 
-          } catch (Exception e) {
+            } catch (Exception e) {
                 throw new EPropertyException(CMS.getUserMessage(
                             "CMS_INVALID_PROPERTY", CONFIG_NUM_EXCLUDED_SUBTREES));
-          }
+            }
         }
         super.setConfig(name, value);
     }
 
-
     public Enumeration<String> getConfigNames() {
         refreshConfigAndValueNames();
         return super.getConfigNames();
     }
 
     protected void refreshConfigAndValueNames() {
-        //refesh our config name list
+        // refesh our config name list
 
         super.refreshConfigAndValueNames();
 
@@ -203,50 +199,49 @@ public class NameConstraintsExtDefault extends EnrollExtDefault {
 
     }
 
-
-    public IDescriptor getConfigDescriptor(Locale locale, String name) { 
+    public IDescriptor getConfigDescriptor(Locale locale, String name) {
         if (name.equals(CONFIG_CRITICAL)) {
-            return new Descriptor(IDescriptor.BOOLEAN, null, 
+            return new Descriptor(IDescriptor.BOOLEAN, null,
                     "false",
                     CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL"));
         } else if (name.startsWith(CONFIG_PERMITTED_MIN_VAL)) {
-            return new Descriptor(IDescriptor.STRING, null, 
+            return new Descriptor(IDescriptor.STRING, null,
                     null,
                     CMS.getUserMessage(locale, "CMS_PROFILE_PERMITTED_MIN_VAL"));
         } else if (name.startsWith(CONFIG_PERMITTED_MAX_VAL)) {
-            return new Descriptor(IDescriptor.STRING, null, 
+            return new Descriptor(IDescriptor.STRING, null,
                     null,
                     CMS.getUserMessage(locale, "CMS_PROFILE_PERMITTED_MAX_VAL"));
         } else if (name.startsWith(CONFIG_PERMITTED_NAME_CHOICE)) {
-            return new Descriptor(IDescriptor.STRING, null, 
+            return new Descriptor(IDescriptor.STRING, null,
                     null,
                     CMS.getUserMessage(locale, "CMS_PROFILE_PERMITTED_NAME_CHOICE"));
         } else if (name.startsWith(CONFIG_PERMITTED_NAME_VAL)) {
-            return new Descriptor(IDescriptor.STRING, null, 
+            return new Descriptor(IDescriptor.STRING, null,
                     null,
                     CMS.getUserMessage(locale, "CMS_PROFILE_PERMITTED_NAME_VAL"));
         } else if (name.startsWith(CONFIG_PERMITTED_ENABLE)) {
-            return new Descriptor(IDescriptor.BOOLEAN, null, 
+            return new Descriptor(IDescriptor.BOOLEAN, null,
                     "false",
                     CMS.getUserMessage(locale, "CMS_PROFILE_ENABLE"));
         } else if (name.startsWith(CONFIG_EXCLUDED_MIN_VAL)) {
-            return new Descriptor(IDescriptor.STRING, null, 
+            return new Descriptor(IDescriptor.STRING, null,
                     null,
                     CMS.getUserMessage(locale, "CMS_PROFILE_EXCLUDED_MIN_VAL"));
         } else if (name.startsWith(CONFIG_EXCLUDED_MAX_VAL)) {
-            return new Descriptor(IDescriptor.STRING, null, 
+            return new Descriptor(IDescriptor.STRING, null,
                     null,
                     CMS.getUserMessage(locale, "CMS_PROFILE_EXCLUDED_MAX_VAL"));
         } else if (name.startsWith(CONFIG_EXCLUDED_NAME_CHOICE)) {
-            return new Descriptor(IDescriptor.STRING, null, 
+            return new Descriptor(IDescriptor.STRING, null,
                     null,
                     CMS.getUserMessage(locale, "CMS_PROFILE_EXCLUDED_NAME_CHOICE"));
         } else if (name.startsWith(CONFIG_EXCLUDED_NAME_VAL)) {
-            return new Descriptor(IDescriptor.STRING, null, 
+            return new Descriptor(IDescriptor.STRING, null,
                     null,
                     CMS.getUserMessage(locale, "CMS_PROFILE_EXCLUDED_NAME_VAL"));
         } else if (name.startsWith(CONFIG_EXCLUDED_ENABLE)) {
-            return new Descriptor(IDescriptor.BOOLEAN, null, 
+            return new Descriptor(IDescriptor.BOOLEAN, null,
                     "false",
                     CMS.getUserMessage(locale, "CMS_PROFILE_ENABLE"));
         } else if (name.startsWith(CONFIG_NUM_EXCLUDED_SUBTREES)) {
@@ -255,23 +250,23 @@ public class NameConstraintsExtDefault extends EnrollExtDefault {
                     CMS.getUserMessage(locale, "CMS_PROFILE_NUM_EXCLUDED_SUBTREES"));
         } else if (name.startsWith(CONFIG_NUM_PERMITTED_SUBTREES)) {
             return new Descriptor(IDescriptor.INTEGER, null,
-                   "1",
-                   CMS.getUserMessage(locale, "CMS_PROFILE_NUM_PERMITTED_SUBTREES"));
+                    "1",
+                    CMS.getUserMessage(locale, "CMS_PROFILE_NUM_PERMITTED_SUBTREES"));
         }
         return null;
     }
 
     public IDescriptor getValueDescriptor(Locale locale, String name) {
         if (name.equals(VAL_CRITICAL)) {
-            return new Descriptor(IDescriptor.BOOLEAN, null, 
+            return new Descriptor(IDescriptor.BOOLEAN, null,
                     "false",
                     CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL"));
         } else if (name.equals(VAL_PERMITTED_SUBTREES)) {
-            return new Descriptor(IDescriptor.STRING_LIST, null, 
+            return new Descriptor(IDescriptor.STRING_LIST, null,
                     null,
                     CMS.getUserMessage(locale, "CMS_PROFILE_PERMITTED_SUBTREES"));
         } else if (name.equals(VAL_EXCLUDED_SUBTREES)) {
-            return new Descriptor(IDescriptor.STRING_LIST, null, 
+            return new Descriptor(IDescriptor.STRING_LIST, null,
                     null,
                     CMS.getUserMessage(locale, "CMS_PROFILE_EXCLUDED_SUBTREES"));
         } else {
@@ -280,21 +275,21 @@ public class NameConstraintsExtDefault extends EnrollExtDefault {
     }
 
     public void setValue(String name, Locale locale,
-        X509CertInfo info, String value)
-        throws EPropertyException {
+            X509CertInfo info, String value)
+            throws EPropertyException {
         try {
             NameConstraintsExtension ext = null;
 
-            if (name == null) { 
-                throw new EPropertyException(CMS.getUserMessage( 
+            if (name == null) {
+                throw new EPropertyException(CMS.getUserMessage(
                             locale, "CMS_INVALID_PROPERTY", name));
             }
 
             ext = (NameConstraintsExtension)
                         getExtension(PKIXExtensions.NameConstraints_Id.toString(), info);
 
-            if(ext == null)  {
-                populate(null,info);
+            if (ext == null) {
+                populate(null, info);
             }
 
             if (name.equals(VAL_CRITICAL)) {
@@ -302,19 +297,19 @@ public class NameConstraintsExtDefault extends EnrollExtDefault {
                         getExtension(PKIXExtensions.NameConstraints_Id.toString(), info);
                 boolean val = Boolean.valueOf(value).booleanValue();
 
-                if(ext == null)  {
+                if (ext == null) {
                     return;
                 }
-                ext.setCritical(val); 
-            } else if (name.equals(VAL_PERMITTED_SUBTREES)) { 
+                ext.setCritical(val);
+            } else if (name.equals(VAL_PERMITTED_SUBTREES)) {
                 ext = (NameConstraintsExtension)
                         getExtension(PKIXExtensions.NameConstraints_Id.toString(), info);
 
-                if(ext == null)  {
+                if (ext == null) {
                     return;
                 }
                 if ((value == null) || (value.equals("null")) || (value.equals(""))) {
-                    CMS.debug("NameConstraintsExtDefault:setValue : " + 
+                    CMS.debug("NameConstraintsExtDefault:setValue : " +
                               "blank value for permitted subtrees ... returning");
                     return;
                 }
@@ -323,17 +318,17 @@ public class NameConstraintsExtDefault extends EnrollExtDefault {
 
                 Vector<GeneralSubtree> permittedSubtrees = createSubtrees(locale, v);
 
-                ext.set(NameConstraintsExtension.PERMITTED_SUBTREES, 
-                    new GeneralSubtrees(permittedSubtrees));
+                ext.set(NameConstraintsExtension.PERMITTED_SUBTREES,
+                        new GeneralSubtrees(permittedSubtrees));
             } else if (name.equals(VAL_EXCLUDED_SUBTREES)) {
                 ext = (NameConstraintsExtension)
                         getExtension(PKIXExtensions.NameConstraints_Id.toString(), info);
 
-                if(ext == null)  {
+                if (ext == null) {
                     return;
                 }
                 if ((value == null) || (value.equals("null")) || (value.equals(""))) {
-                    CMS.debug("NameConstraintsExtDefault:setValue : " + 
+                    CMS.debug("NameConstraintsExtDefault:setValue : " +
                               "blank value for excluded subtrees ... returning");
                     return;
                 }
@@ -341,21 +336,21 @@ public class NameConstraintsExtDefault extends EnrollExtDefault {
 
                 Vector<GeneralSubtree> excludedSubtrees = createSubtrees(locale, v);
 
-                ext.set(NameConstraintsExtension.EXCLUDED_SUBTREES, 
-                    new GeneralSubtrees(excludedSubtrees));
+                ext.set(NameConstraintsExtension.EXCLUDED_SUBTREES,
+                        new GeneralSubtrees(excludedSubtrees));
             } else {
-                throw new EPropertyException(CMS.getUserMessage( 
+                throw new EPropertyException(CMS.getUserMessage(
                             locale, "CMS_INVALID_PROPERTY", name));
             }
 
             replaceExtension(PKIXExtensions.NameConstraints_Id.toString(), ext, info);
         } catch (IOException e) {
             CMS.debug("NameConstraintsExtDefault: setValue " + e.toString());
-            throw new EPropertyException(CMS.getUserMessage( 
+            throw new EPropertyException(CMS.getUserMessage(
                         locale, "CMS_INVALID_PROPERTY", name));
         } catch (EProfileException e) {
             CMS.debug("NameConstraintsExtDefault: setValue " + e.toString());
-            throw new EPropertyException(CMS.getUserMessage( 
+            throw new EPropertyException(CMS.getUserMessage(
                         locale, "CMS_INVALID_PROPERTY", name));
         }
     }
@@ -385,16 +380,16 @@ public class NameConstraintsExtDefault extends EnrollExtDefault {
                 } else if (name1.equals(MAX_VALUE)) {
                     maxS = nvps.getValue(name1);
                 }
-            } 
+            }
 
             if (choice == null || choice.length() == 0) {
                 throw new EPropertyException(CMS.getUserMessage(locale,
                             "CMS_PROFILE_GENERAL_NAME_NOT_FOUND"));
             }
-                 
+
             if (val == null)
                 val = "";
-                   
+
             int min = 0;
             int max = -1;
 
@@ -410,7 +405,7 @@ public class NameConstraintsExtDefault extends EnrollExtDefault {
                 gnI = parseGeneralName(choice + ":" + val);
             } catch (IOException e) {
                 CMS.debug("NameConstraintsExtDefault: createSubtress " +
-                    e.toString());
+                        e.toString());
             }
 
             if (gnI != null) {
@@ -423,32 +418,31 @@ public class NameConstraintsExtDefault extends EnrollExtDefault {
                     gn, min, max);
 
             subtrees.addElement(subtree);
-        } 
+        }
 
         return subtrees;
     }
 
     public String getValue(String name, Locale locale,
-        X509CertInfo info)
-        throws EPropertyException {
+            X509CertInfo info)
+            throws EPropertyException {
         NameConstraintsExtension ext = null;
 
         if (name == null) {
-            throw new EPropertyException(CMS.getUserMessage( 
+            throw new EPropertyException(CMS.getUserMessage(
                         locale, "CMS_INVALID_PROPERTY", name));
         }
 
         ext = (NameConstraintsExtension)
-                    getExtension(PKIXExtensions.NameConstraints_Id.toString(), info); 
+                    getExtension(PKIXExtensions.NameConstraints_Id.toString(), info);
 
-        if(ext == null)
-        {
+        if (ext == null) {
             try {
-                populate(null,info);
+                populate(null, info);
 
             } catch (EProfileException e) {
-                 throw new EPropertyException(CMS.getUserMessage(
-                      locale, "CMS_INVALID_PROPERTY", name));
+                throw new EPropertyException(CMS.getUserMessage(
+                        locale, "CMS_INVALID_PROPERTY", name));
             }
 
         }
@@ -465,7 +459,7 @@ public class NameConstraintsExtDefault extends EnrollExtDefault {
             } else {
                 return "false";
             }
-        } else if (name.equals(VAL_PERMITTED_SUBTREES)) { 
+        } else if (name.equals(VAL_PERMITTED_SUBTREES)) {
             ext = (NameConstraintsExtension)
                     getExtension(PKIXExtensions.NameConstraints_Id.toString(), info);
 
@@ -475,19 +469,19 @@ public class NameConstraintsExtDefault extends EnrollExtDefault {
             GeneralSubtrees subtrees = null;
 
             try {
-                subtrees = (GeneralSubtrees) 
+                subtrees = (GeneralSubtrees)
                         ext.get(NameConstraintsExtension.PERMITTED_SUBTREES);
             } catch (IOException e) {
                 CMS.debug("NameConstraintExtDefault: getValue " + e.toString());
             }
 
-            if( subtrees == null ) {
-                CMS.debug( "NameConstraintsExtDefault::getValue() VAL_PERMITTED_SUBTREES is null!" );
-                throw new EPropertyException( "subtrees is null" );
+            if (subtrees == null) {
+                CMS.debug("NameConstraintsExtDefault::getValue() VAL_PERMITTED_SUBTREES is null!");
+                throw new EPropertyException("subtrees is null");
             }
 
             return getSubtreesInfo(ext, subtrees);
-        } else if (name.equals(VAL_EXCLUDED_SUBTREES)) { 
+        } else if (name.equals(VAL_EXCLUDED_SUBTREES)) {
             ext = (NameConstraintsExtension)
                     getExtension(PKIXExtensions.NameConstraints_Id.toString(), info);
 
@@ -497,26 +491,26 @@ public class NameConstraintsExtDefault extends EnrollExtDefault {
             GeneralSubtrees subtrees = null;
 
             try {
-                subtrees = (GeneralSubtrees) 
+                subtrees = (GeneralSubtrees)
                         ext.get(NameConstraintsExtension.EXCLUDED_SUBTREES);
             } catch (IOException e) {
                 CMS.debug("NameConstraintExtDefault: getValue " + e.toString());
             }
 
-            if( subtrees == null ) {
-                CMS.debug( "NameConstraintsExtDefault::getValue() VAL_EXCLUDED_SUBTREES is null!" );
-                throw new EPropertyException( "subtrees is null" );
+            if (subtrees == null) {
+                CMS.debug("NameConstraintsExtDefault::getValue() VAL_EXCLUDED_SUBTREES is null!");
+                throw new EPropertyException("subtrees is null");
             }
 
             return getSubtreesInfo(ext, subtrees);
         } else {
-            throw new EPropertyException(CMS.getUserMessage( 
+            throw new EPropertyException(CMS.getUserMessage(
                         locale, "CMS_INVALID_PROPERTY", name));
         }
     }
 
-    private String getSubtreesInfo(NameConstraintsExtension ext, 
-        GeneralSubtrees subtrees) throws EPropertyException {
+    private String getSubtreesInfo(NameConstraintsExtension ext,
+            GeneralSubtrees subtrees) throws EPropertyException {
         Vector<GeneralSubtree> trees = subtrees.getSubtrees();
         int size = trees.size();
 
@@ -526,8 +520,8 @@ public class NameConstraintsExtDefault extends EnrollExtDefault {
             GeneralSubtree tree = (GeneralSubtree) trees.elementAt(i);
 
             GeneralName gn = tree.getGeneralName();
-            String type = getGeneralNameType(gn); 
-            int max = tree.getMaxValue(); 
+            String type = getGeneralNameType(gn);
+            int max = tree.getMaxValue();
             int min = tree.getMinValue();
 
             NameValuePairs pairs = new NameValuePairs();
@@ -540,7 +534,7 @@ public class NameConstraintsExtDefault extends EnrollExtDefault {
 
             recs.addElement(pairs);
         }
- 
+
         return buildRecords(recs);
     }
 
@@ -583,8 +577,8 @@ public class NameConstraintsExtDefault extends EnrollExtDefault {
             sb.append(getConfig(CONFIG_EXCLUDED_MAX_VAL + i));
             sb.append("}");
         }
-        return CMS.getUserMessage(locale, 
-                "CMS_PROFILE_DEF_NAME_CONSTRAINTS_EXT", 
+        return CMS.getUserMessage(locale,
+                "CMS_PROFILE_DEF_NAME_CONSTRAINTS_EXT",
                 getConfig(CONFIG_CRITICAL), sb.toString());
     }
 
@@ -592,14 +586,14 @@ public class NameConstraintsExtDefault extends EnrollExtDefault {
      * Populates the request with this policy default.
      */
     public void populate(IRequest request, X509CertInfo info)
-        throws EProfileException {
+            throws EProfileException {
         NameConstraintsExtension ext = createExtension();
 
         addExtension(PKIXExtensions.NameConstraints_Id.toString(), ext, info);
     }
 
     public NameConstraintsExtension createExtension() {
-        NameConstraintsExtension ext = null; 
+        NameConstraintsExtension ext = null;
 
         try {
             int num = getNumPermitted();
@@ -637,18 +631,18 @@ public class NameConstraintsExtDefault extends EnrollExtDefault {
                 }
             }
 
-            ext = new NameConstraintsExtension(critical, 
+            ext = new NameConstraintsExtension(critical,
                         new GeneralSubtrees(v), new GeneralSubtrees(v1));
         } catch (Exception e) {
-            CMS.debug("NameConstraintsExtDefault: createExtension " + 
-                e.toString());
+            CMS.debug("NameConstraintsExtDefault: createExtension " +
+                    e.toString());
         }
 
         return ext;
     }
 
-    private GeneralSubtree createSubtree(String choice, String value, 
-        String minS, String maxS) {
+    private GeneralSubtree createSubtree(String choice, String value,
+            String minS, String maxS) {
         GeneralName gn = null;
         GeneralNameInterface gnI = null;
 
@@ -660,7 +654,7 @@ public class NameConstraintsExtDefault extends EnrollExtDefault {
         if (gnI != null)
             gn = new GeneralName(gnI);
         else
-            //throw new EPropertyException("GeneralName must not be null");
+            // throw new EPropertyException("GeneralName must not be null");
             return null;
 
         int min = 0;
diff --git a/pki/base/common/src/com/netscape/cms/profile/def/NoDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/NoDefault.java
index 283f5083..8197d3de 100644
--- a/pki/base/common/src/com/netscape/cms/profile/def/NoDefault.java
+++ b/pki/base/common/src/com/netscape/cms/profile/def/NoDefault.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.profile.def;
 
-
 import java.util.Enumeration;
 import java.util.Locale;
 import java.util.Vector;
@@ -32,13 +31,12 @@ import com.netscape.certsrv.property.EPropertyException;
 import com.netscape.certsrv.property.IDescriptor;
 import com.netscape.certsrv.request.IRequest;
 
-
 /**
  * This class implements no default policy.
- *
+ * 
  * @version $Revision$, $Date$
  */
-public class NoDefault implements IPolicyDefault { 
+public class NoDefault implements IPolicyDefault {
 
     public static final String PROP_NAME = "name";
 
@@ -55,7 +53,7 @@ public class NoDefault implements IPolicyDefault {
     }
 
     public void setConfig(String name, String value)
-        throws EPropertyException {
+            throws EPropertyException {
     }
 
     public String getDefaultConfig(String name) {
@@ -67,7 +65,7 @@ public class NoDefault implements IPolicyDefault {
     }
 
     public void init(IProfile profile, IConfigStore config)
-        throws EProfileException {
+            throws EProfileException {
         mConfig = config;
     }
 
@@ -79,7 +77,7 @@ public class NoDefault implements IPolicyDefault {
      * Populates the request with this policy default.
      */
     public void populate(IRequest request)
-        throws EProfileException {
+            throws EProfileException {
     }
 
     public Enumeration getValueNames() {
@@ -90,9 +88,9 @@ public class NoDefault implements IPolicyDefault {
         return null;
     }
 
-    public void setValue(String name, Locale locale, IRequest request, 
-        String value)
-        throws EPropertyException {
+    public void setValue(String name, Locale locale, IRequest request,
+            String value)
+            throws EPropertyException {
     }
 
     public String getValue(String name, Locale locale, IRequest request) {
diff --git a/pki/base/common/src/com/netscape/cms/profile/def/OCSPNoCheckExtDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/OCSPNoCheckExtDefault.java
index 28a25a6e..576d1a5d 100644
--- a/pki/base/common/src/com/netscape/cms/profile/def/OCSPNoCheckExtDefault.java
+++ b/pki/base/common/src/com/netscape/cms/profile/def/OCSPNoCheckExtDefault.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.profile.def;
 
-
 import java.util.Locale;
 
 import netscape.security.extensions.OCSPNoCheckExtension;
@@ -32,12 +31,10 @@ import com.netscape.certsrv.property.EPropertyException;
 import com.netscape.certsrv.property.IDescriptor;
 import com.netscape.certsrv.request.IRequest;
 
-
 /**
- * This class implements an enrollment default policy
- * that populates an OCSP No Check extension
- * into the certificate template.
- *
+ * This class implements an enrollment default policy that populates an OCSP No
+ * Check extension into the certificate template.
+ * 
  * @version $Revision$, $Date$
  */
 public class OCSPNoCheckExtDefault extends EnrollExtDefault {
@@ -53,13 +50,13 @@ public class OCSPNoCheckExtDefault extends EnrollExtDefault {
     }
 
     public void init(IProfile profile, IConfigStore config)
-        throws EProfileException {
+            throws EProfileException {
         super.init(profile, config);
     }
 
-    public IDescriptor getConfigDescriptor(Locale locale, String name) { 
+    public IDescriptor getConfigDescriptor(Locale locale, String name) {
         if (name.equals(CONFIG_CRITICAL)) {
-            return new Descriptor(IDescriptor.BOOLEAN, null, 
+            return new Descriptor(IDescriptor.BOOLEAN, null,
                     "false",
                     CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL"));
         } else {
@@ -69,7 +66,7 @@ public class OCSPNoCheckExtDefault extends EnrollExtDefault {
 
     public IDescriptor getValueDescriptor(Locale locale, String name) {
         if (name.equals(VAL_CRITICAL)) {
-            return new Descriptor(IDescriptor.BOOLEAN, null, 
+            return new Descriptor(IDescriptor.BOOLEAN, null,
                     "false",
                     CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL"));
         } else {
@@ -78,70 +75,67 @@ public class OCSPNoCheckExtDefault extends EnrollExtDefault {
     }
 
     public void setValue(String name, Locale locale,
-        X509CertInfo info, String value)
-        throws EPropertyException {
-        if (name == null) { 
-            throw new EPropertyException(CMS.getUserMessage( 
+            X509CertInfo info, String value)
+            throws EPropertyException {
+        if (name == null) {
+            throw new EPropertyException(CMS.getUserMessage(
                         locale, "CMS_INVALID_PROPERTY", name));
         }
 
         OCSPNoCheckExtension ext = (OCSPNoCheckExtension)
                 getExtension(OCSPNoCheckExtension.OID, info);
 
-
-        if(ext == null)
-        {
+        if (ext == null) {
             try {
-                populate(null,info);
+                populate(null, info);
 
             } catch (EProfileException e) {
-                 throw new EPropertyException(CMS.getUserMessage(
-                      locale, "CMS_INVALID_PROPERTY", name));
+                throw new EPropertyException(CMS.getUserMessage(
+                        locale, "CMS_INVALID_PROPERTY", name));
             }
 
         }
 
         if (name.equals(VAL_CRITICAL)) {
             ext = (OCSPNoCheckExtension)
-                getExtension(OCSPNoCheckExtension.OID, info);
+                    getExtension(OCSPNoCheckExtension.OID, info);
             boolean val = Boolean.valueOf(value).booleanValue();
 
-            if(ext == null)  {
-               return;
+            if (ext == null) {
+                return;
             }
             ext.setCritical(val);
         } else {
-            throw new EPropertyException(CMS.getUserMessage( 
+            throw new EPropertyException(CMS.getUserMessage(
                         locale, "CMS_INVALID_PROPERTY", name));
         }
     }
 
     public String getValue(String name, Locale locale,
-        X509CertInfo info)
-        throws EPropertyException {
+            X509CertInfo info)
+            throws EPropertyException {
         if (name == null) {
-            throw new EPropertyException(CMS.getUserMessage( 
+            throw new EPropertyException(CMS.getUserMessage(
                         locale, "CMS_INVALID_PROPERTY", name));
         }
 
         OCSPNoCheckExtension ext = (OCSPNoCheckExtension)
                 getExtension(OCSPNoCheckExtension.OID, info);
 
-        if(ext == null)
-        {
+        if (ext == null) {
             try {
-                populate(null,info);
+                populate(null, info);
 
             } catch (EProfileException e) {
-                 throw new EPropertyException(CMS.getUserMessage(
-                      locale, "CMS_INVALID_PROPERTY", name));
+                throw new EPropertyException(CMS.getUserMessage(
+                        locale, "CMS_INVALID_PROPERTY", name));
             }
 
         }
 
         if (name.equals(VAL_CRITICAL)) {
             ext = (OCSPNoCheckExtension)
-                getExtension(OCSPNoCheckExtension.OID, info);
+                    getExtension(OCSPNoCheckExtension.OID, info);
 
             if (ext == null) {
                 return null;
@@ -152,7 +146,7 @@ public class OCSPNoCheckExtDefault extends EnrollExtDefault {
                 return "false";
             }
         } else {
-            throw new EPropertyException(CMS.getUserMessage( 
+            throw new EPropertyException(CMS.getUserMessage(
                         locale, "CMS_INVALID_PROPERTY", name));
         }
     }
@@ -166,20 +160,20 @@ public class OCSPNoCheckExtDefault extends EnrollExtDefault {
      * Populates the request with this policy default.
      */
     public void populate(IRequest request, X509CertInfo info)
-        throws EProfileException {
+            throws EProfileException {
         OCSPNoCheckExtension ext = createExtension();
 
         addExtension(OCSPNoCheckExtension.OID, ext, info);
     }
 
     public OCSPNoCheckExtension createExtension() {
-        OCSPNoCheckExtension ext = null; 
+        OCSPNoCheckExtension ext = null;
 
         try {
             ext = new OCSPNoCheckExtension();
         } catch (Exception e) {
             CMS.debug("OCSPNoCheckExtDefault:  createExtension " +
-                e.toString());
+                    e.toString());
             return null;
         }
         boolean critical = getConfigBoolean(CONFIG_CRITICAL);
diff --git a/pki/base/common/src/com/netscape/cms/profile/def/PolicyConstraintsExtDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/PolicyConstraintsExtDefault.java
index 9a36f0cd..c8a4e675 100644
--- a/pki/base/common/src/com/netscape/cms/profile/def/PolicyConstraintsExtDefault.java
+++ b/pki/base/common/src/com/netscape/cms/profile/def/PolicyConstraintsExtDefault.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.profile.def;
 
-
 import java.io.IOException;
 import java.util.Locale;
 
@@ -34,12 +33,10 @@ import com.netscape.certsrv.property.EPropertyException;
 import com.netscape.certsrv.property.IDescriptor;
 import com.netscape.certsrv.request.IRequest;
 
-
 /**
- * This class implements an enrollment default policy
- * that populates a policy constraints extension
- * into the certificate template.
- *
+ * This class implements an enrollment default policy that populates a policy
+ * constraints extension into the certificate template.
+ * 
  * @version $Revision$, $Date$
  */
 public class PolicyConstraintsExtDefault extends EnrollExtDefault {
@@ -64,17 +61,17 @@ public class PolicyConstraintsExtDefault extends EnrollExtDefault {
     }
 
     public void init(IProfile profile, IConfigStore config)
-        throws EProfileException {
+            throws EProfileException {
         super.init(profile, config);
     }
 
-    public IDescriptor getConfigDescriptor(Locale locale, String name) { 
+    public IDescriptor getConfigDescriptor(Locale locale, String name) {
         if (name.equals(CONFIG_CRITICAL)) {
-            return new Descriptor(IDescriptor.BOOLEAN, null, 
+            return new Descriptor(IDescriptor.BOOLEAN, null,
                     "false",
                     CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL"));
         } else if (name.equals(CONFIG_REQ_EXPLICIT_POLICY)) {
-            return new Descriptor(IDescriptor.INTEGER, null, 
+            return new Descriptor(IDescriptor.INTEGER, null,
                     null,
                     CMS.getUserMessage(locale, "CMS_PROFILE_REQUIRED_EXPLICIT_POLICY"));
         } else if (name.equals(CONFIG_INHIBIT_POLICY_MAPPING)) {
@@ -87,11 +84,11 @@ public class PolicyConstraintsExtDefault extends EnrollExtDefault {
 
     public IDescriptor getValueDescriptor(Locale locale, String name) {
         if (name.equals(VAL_CRITICAL)) {
-            return new Descriptor(IDescriptor.BOOLEAN, null, 
+            return new Descriptor(IDescriptor.BOOLEAN, null,
                     "false",
                     CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL"));
         } else if (name.equals(VAL_REQ_EXPLICIT_POLICY)) {
-            return new Descriptor(IDescriptor.INTEGER, null, 
+            return new Descriptor(IDescriptor.INTEGER, null,
                     null,
                     CMS.getUserMessage(locale, "CMS_PROFILE_REQUIRED_EXPLICIT_POLICY"));
         } else if (name.equals(VAL_INHIBIT_POLICY_MAPPING)) {
@@ -103,104 +100,103 @@ public class PolicyConstraintsExtDefault extends EnrollExtDefault {
     }
 
     public void setValue(String name, Locale locale,
-        X509CertInfo info, String value)
-        throws EPropertyException {
+            X509CertInfo info, String value)
+            throws EPropertyException {
         try {
             PolicyConstraintsExtension ext = null;
 
-            if (name == null) { 
-                throw new EPropertyException(CMS.getUserMessage( 
+            if (name == null) {
+                throw new EPropertyException(CMS.getUserMessage(
                             locale, "CMS_INVALID_PROPERTY", name));
             }
 
             ext = (PolicyConstraintsExtension)
                         getExtension(PKIXExtensions.PolicyConstraints_Id.toString(),
-                            info);
+                                info);
 
-            if(ext == null)  {
-                populate(null,info);
+            if (ext == null) {
+                populate(null, info);
             }
 
             if (name.equals(VAL_CRITICAL)) {
                 ext = (PolicyConstraintsExtension)
-                        getExtension(PKIXExtensions.PolicyConstraints_Id.toString(), 
-                            info);
+                        getExtension(PKIXExtensions.PolicyConstraints_Id.toString(),
+                                info);
                 boolean val = Boolean.valueOf(value).booleanValue();
 
-                if(ext == null)  {
+                if (ext == null) {
                     return;
                 }
-                ext.setCritical(val); 
-            } else if (name.equals(VAL_REQ_EXPLICIT_POLICY)) { 
+                ext.setCritical(val);
+            } else if (name.equals(VAL_REQ_EXPLICIT_POLICY)) {
                 ext = (PolicyConstraintsExtension)
-                        getExtension(PKIXExtensions.PolicyConstraints_Id.toString(), 
-                            info);
-               
-                if(ext == null)  {
+                        getExtension(PKIXExtensions.PolicyConstraints_Id.toString(),
+                                info);
+
+                if (ext == null) {
                     return;
-                } 
+                }
                 Integer num = new Integer(value);
 
                 ext.set(PolicyConstraintsExtension.REQUIRE, num);
-            } else if (name.equals(VAL_INHIBIT_POLICY_MAPPING)) { 
+            } else if (name.equals(VAL_INHIBIT_POLICY_MAPPING)) {
                 ext = (PolicyConstraintsExtension)
-                        getExtension(PKIXExtensions.PolicyConstraints_Id.toString(), 
-                            info);
+                        getExtension(PKIXExtensions.PolicyConstraints_Id.toString(),
+                                info);
 
-                if(ext == null)  {
+                if (ext == null) {
                     return;
                 }
                 Integer num = new Integer(value);
 
                 ext.set(PolicyConstraintsExtension.INHIBIT, num);
             } else {
-                throw new EPropertyException(CMS.getUserMessage( 
+                throw new EPropertyException(CMS.getUserMessage(
                             locale, "CMS_INVALID_PROPERTY", name));
             }
 
             replaceExtension(PKIXExtensions.PolicyConstraints_Id.toString(),
-                ext, info);
+                    ext, info);
         } catch (EProfileException e) {
             CMS.debug("PolicyConstraintsExtDefault: setValue " + e.toString());
-            throw new EPropertyException(CMS.getUserMessage( 
+            throw new EPropertyException(CMS.getUserMessage(
                         locale, "CMS_INVALID_PROPERTY", name));
         } catch (IOException e) {
             CMS.debug("PolicyConstraintsExtDefault: setValue " + e.toString());
-            throw new EPropertyException(CMS.getUserMessage( 
+            throw new EPropertyException(CMS.getUserMessage(
                         locale, "CMS_INVALID_PROPERTY", name));
         }
     }
 
     public String getValue(String name, Locale locale,
-        X509CertInfo info)
-        throws EPropertyException {
+            X509CertInfo info)
+            throws EPropertyException {
         PolicyConstraintsExtension ext = null;
 
         if (name == null) {
-            throw new EPropertyException(CMS.getUserMessage( 
+            throw new EPropertyException(CMS.getUserMessage(
                         locale, "CMS_INVALID_PROPERTY", name));
         }
 
         ext = (PolicyConstraintsExtension)
                     getExtension(PKIXExtensions.PolicyConstraints_Id.toString(),
-                        info);
-        if(ext == null)
-        {
+                            info);
+        if (ext == null) {
 
             try {
-                populate(null,info);
+                populate(null, info);
 
             } catch (EProfileException e) {
-                 throw new EPropertyException(CMS.getUserMessage(
-                      locale, "CMS_INVALID_PROPERTY", name));
+                throw new EPropertyException(CMS.getUserMessage(
+                        locale, "CMS_INVALID_PROPERTY", name));
             }
 
         }
 
         if (name.equals(VAL_CRITICAL)) {
             ext = (PolicyConstraintsExtension)
-                    getExtension(PKIXExtensions.PolicyConstraints_Id.toString(), 
-                        info);
+                    getExtension(PKIXExtensions.PolicyConstraints_Id.toString(),
+                            info);
 
             if (ext == null) {
                 return null;
@@ -210,10 +206,10 @@ public class PolicyConstraintsExtDefault extends EnrollExtDefault {
             } else {
                 return "false";
             }
-        } else if (name.equals(VAL_REQ_EXPLICIT_POLICY)) { 
+        } else if (name.equals(VAL_REQ_EXPLICIT_POLICY)) {
             ext = (PolicyConstraintsExtension)
-                    getExtension(PKIXExtensions.PolicyConstraints_Id.toString(), 
-                        info);
+                    getExtension(PKIXExtensions.PolicyConstraints_Id.toString(),
+                            info);
 
             if (ext == null)
                 return "";
@@ -223,8 +219,8 @@ public class PolicyConstraintsExtDefault extends EnrollExtDefault {
             return "" + num;
         } else if (name.equals(VAL_INHIBIT_POLICY_MAPPING)) {
             ext = (PolicyConstraintsExtension)
-                    getExtension(PKIXExtensions.PolicyConstraints_Id.toString(), 
-                        info);
+                    getExtension(PKIXExtensions.PolicyConstraints_Id.toString(),
+                            info);
 
             if (ext == null)
                 return "";
@@ -233,15 +229,15 @@ public class PolicyConstraintsExtDefault extends EnrollExtDefault {
 
             return "" + num;
         } else {
-            throw new EPropertyException(CMS.getUserMessage( 
+            throw new EPropertyException(CMS.getUserMessage(
                         locale, "CMS_INVALID_PROPERTY", name));
         }
     }
 
     public String getText(Locale locale) {
         String params[] = {
-                getConfig(CONFIG_CRITICAL), 
-                getConfig(CONFIG_REQ_EXPLICIT_POLICY), 
+                getConfig(CONFIG_CRITICAL),
+                getConfig(CONFIG_REQ_EXPLICIT_POLICY),
                 getConfig(CONFIG_INHIBIT_POLICY_MAPPING)
             };
 
@@ -252,17 +248,17 @@ public class PolicyConstraintsExtDefault extends EnrollExtDefault {
      * Populates the request with this policy default.
      */
     public void populate(IRequest request, X509CertInfo info)
-        throws EProfileException {
+            throws EProfileException {
         PolicyConstraintsExtension ext = createExtension();
 
         if (ext == null)
             return;
-        addExtension(PKIXExtensions.PolicyConstraints_Id.toString(), 
-            ext, info);
+        addExtension(PKIXExtensions.PolicyConstraints_Id.toString(),
+                ext, info);
     }
 
     public PolicyConstraintsExtension createExtension() {
-        PolicyConstraintsExtension ext = null; 
+        PolicyConstraintsExtension ext = null;
 
         try {
             boolean critical = getConfigBoolean(CONFIG_CRITICAL);
@@ -281,8 +277,8 @@ public class PolicyConstraintsExtDefault extends EnrollExtDefault {
             }
             ext = new PolicyConstraintsExtension(critical, reqNum, inhibitNum);
         } catch (Exception e) {
-            CMS.debug("PolicyConstraintsExtDefault: createExtension " + 
-                e.toString());
+            CMS.debug("PolicyConstraintsExtDefault: createExtension " +
+                    e.toString());
         }
 
         return ext;
diff --git a/pki/base/common/src/com/netscape/cms/profile/def/PolicyMappingsExtDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/PolicyMappingsExtDefault.java
index 05899e2c..c186c453 100644
--- a/pki/base/common/src/com/netscape/cms/profile/def/PolicyMappingsExtDefault.java
+++ b/pki/base/common/src/com/netscape/cms/profile/def/PolicyMappingsExtDefault.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.profile.def;
 
-
 import java.io.IOException;
 import java.util.Enumeration;
 import java.util.Locale;
@@ -40,12 +39,10 @@ import com.netscape.certsrv.property.EPropertyException;
 import com.netscape.certsrv.property.IDescriptor;
 import com.netscape.certsrv.request.IRequest;
 
-
 /**
- * This class implements an enrollment default policy
- * that populates a policy mappings extension
- * into the certificate template.
- *
+ * This class implements an enrollment default policy that populates a policy
+ * mappings extension into the certificate template.
+ * 
  * @version $Revision$, $Date$
  */
 public class PolicyMappingsExtDefault extends EnrollExtDefault {
@@ -85,27 +82,27 @@ public class PolicyMappingsExtDefault extends EnrollExtDefault {
     }
 
     public void init(IProfile profile, IConfigStore config)
-        throws EProfileException {
+            throws EProfileException {
         super.init(profile, config);
         refreshConfigAndValueNames();
     }
 
-     public void setConfig(String name, String value)
-        throws EPropertyException {
+    public void setConfig(String name, String value)
+            throws EPropertyException {
         int num = 0;
         if (name.equals(CONFIG_NUM_POLICY_MAPPINGS)) {
-          try {
-            num = Integer.parseInt(value);
+            try {
+                num = Integer.parseInt(value);
 
-            if (num >= MAX_NUM_MAPPINGS || num < 0) {
-                throw new EPropertyException(CMS.getUserMessage(
+                if (num >= MAX_NUM_MAPPINGS || num < 0) {
+                    throw new EPropertyException(CMS.getUserMessage(
                             "CMS_INVALID_PROPERTY", CONFIG_NUM_POLICY_MAPPINGS));
-            }
+                }
 
-          } catch (Exception e) {
+            } catch (Exception e) {
                 throw new EPropertyException(CMS.getUserMessage(
                             "CMS_INVALID_PROPERTY", CONFIG_NUM_POLICY_MAPPINGS));
-          }
+            }
         }
         super.setConfig(name, value);
     }
@@ -132,7 +129,7 @@ public class PolicyMappingsExtDefault extends EnrollExtDefault {
         }
     }
 
-    public IDescriptor getConfigDescriptor(Locale locale, String name) { 
+    public IDescriptor getConfigDescriptor(Locale locale, String name) {
         if (name.equals(CONFIG_CRITICAL)) {
             return new Descriptor(IDescriptor.BOOLEAN, null,
                     "false",
@@ -151,8 +148,8 @@ public class PolicyMappingsExtDefault extends EnrollExtDefault {
                     CMS.getUserMessage(locale, "CMS_PROFILE_ENABLE"));
         } else if (name.startsWith(CONFIG_NUM_POLICY_MAPPINGS)) {
             return new Descriptor(IDescriptor.INTEGER, null,
-                   "1",
-                   CMS.getUserMessage(locale, "CMS_PROFILE_NUM_POLICY_MAPPINGS"));
+                    "1",
+                    CMS.getUserMessage(locale, "CMS_PROFILE_NUM_POLICY_MAPPINGS"));
         }
 
         return null;
@@ -160,7 +157,7 @@ public class PolicyMappingsExtDefault extends EnrollExtDefault {
 
     public IDescriptor getValueDescriptor(Locale locale, String name) {
         if (name.equals(VAL_CRITICAL)) {
-            return new Descriptor(IDescriptor.BOOLEAN, null, 
+            return new Descriptor(IDescriptor.BOOLEAN, null,
                     "false",
                     CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL"));
         } else if (name.equals(VAL_DOMAINS)) {
@@ -172,43 +169,43 @@ public class PolicyMappingsExtDefault extends EnrollExtDefault {
     }
 
     public void setValue(String name, Locale locale,
-        X509CertInfo info, String value)
-        throws EPropertyException {
+            X509CertInfo info, String value)
+            throws EPropertyException {
         try {
             PolicyMappingsExtension ext = null;
 
             if (name == null) {
-                throw new EPropertyException(CMS.getUserMessage( 
+                throw new EPropertyException(CMS.getUserMessage(
                             locale, "CMS_INVALID_PROPERTY", name));
             }
 
             ext = (PolicyMappingsExtension)
                         getExtension(PKIXExtensions.PolicyMappings_Id.toString(),
-                            info);
+                                info);
 
-            if(ext == null)  {
-                populate(null,info);
+            if (ext == null) {
+                populate(null, info);
 
             }
 
             if (name.equals(VAL_CRITICAL)) {
                 ext = (PolicyMappingsExtension)
-                        getExtension(PKIXExtensions.PolicyMappings_Id.toString(), 
-                            info);
+                        getExtension(PKIXExtensions.PolicyMappings_Id.toString(),
+                                info);
                 boolean val = Boolean.valueOf(value).booleanValue();
 
-                if(ext == null)  {
+                if (ext == null) {
                     return;
                 }
-                ext.setCritical(val); 
-            } else if (name.equals(VAL_DOMAINS)) { 
+                ext.setCritical(val);
+            } else if (name.equals(VAL_DOMAINS)) {
                 ext = (PolicyMappingsExtension)
-                        getExtension(PKIXExtensions.PolicyMappings_Id.toString(), 
-                            info);
-               
-                if(ext == null)  {
+                        getExtension(PKIXExtensions.PolicyMappings_Id.toString(),
+                                info);
+
+                if (ext == null) {
                     return;
-                } 
+                }
                 Vector<NameValuePairs> v = parseRecords(value);
                 int size = v.size();
 
@@ -232,12 +229,12 @@ public class PolicyMappingsExtDefault extends EnrollExtDefault {
                             enable = nvps.getValue(name1);
                         }
                     }
-                   
+
                     if (enable != null && enable.equals("true")) {
-                        if (issuerPolicyId == null || 
-                            issuerPolicyId.length() == 0 || subjectPolicyId == null ||
-                            subjectPolicyId.length() == 0) 
-                            throw new EPropertyException(CMS.getUserMessage( 
+                        if (issuerPolicyId == null ||
+                                issuerPolicyId.length() == 0 || subjectPolicyId == null ||
+                                subjectPolicyId.length() == 0)
+                            throw new EPropertyException(CMS.getUserMessage(
                                         locale, "CMS_PROFILE_POLICY_ID_NOT_FOUND"));
                         CertificatePolicyMap map = new CertificatePolicyMap(
                                 new CertificatePolicyId(new ObjectIdentifier(issuerPolicyId)),
@@ -248,52 +245,51 @@ public class PolicyMappingsExtDefault extends EnrollExtDefault {
                 }
                 ext.set(PolicyMappingsExtension.MAP, policyMaps);
             } else {
-                throw new EPropertyException(CMS.getUserMessage( 
+                throw new EPropertyException(CMS.getUserMessage(
                             locale, "CMS_INVALID_PROPERTY", name));
             }
 
             replaceExtension(PKIXExtensions.PolicyMappings_Id.toString(),
-                ext, info);
+                    ext, info);
         } catch (EProfileException e) {
             CMS.debug("PolicyMappingsExtDefault: setValue " + e.toString());
-            throw new EPropertyException(CMS.getUserMessage( 
+            throw new EPropertyException(CMS.getUserMessage(
                         locale, "CMS_INVALID_PROPERTY", name));
         } catch (IOException e) {
             CMS.debug("PolicyMappingsExtDefault: setValue " + e.toString());
-            throw new EPropertyException(CMS.getUserMessage( 
+            throw new EPropertyException(CMS.getUserMessage(
                         locale, "CMS_INVALID_PROPERTY", name));
         }
     }
 
     public String getValue(String name, Locale locale,
-        X509CertInfo info)
-        throws EPropertyException {
+            X509CertInfo info)
+            throws EPropertyException {
         PolicyMappingsExtension ext = null;
 
         if (name == null) {
-            throw new EPropertyException(CMS.getUserMessage( 
+            throw new EPropertyException(CMS.getUserMessage(
                         locale, "CMS_INVALID_PROPERTY", name));
         }
 
         ext = (PolicyMappingsExtension)
                     getExtension(PKIXExtensions.PolicyMappings_Id.toString(),
-                        info);
-        if(ext == null)
-        {
+                            info);
+        if (ext == null) {
             try {
-                populate(null,info);
+                populate(null, info);
 
             } catch (EProfileException e) {
-                 throw new EPropertyException(CMS.getUserMessage(
-                      locale, "CMS_INVALID_PROPERTY", name));
+                throw new EPropertyException(CMS.getUserMessage(
+                        locale, "CMS_INVALID_PROPERTY", name));
             }
 
         }
 
         if (name.equals(VAL_CRITICAL)) {
             ext = (PolicyMappingsExtension)
-                    getExtension(PKIXExtensions.PolicyMappings_Id.toString(), 
-                        info);
+                    getExtension(PKIXExtensions.PolicyMappings_Id.toString(),
+                            info);
 
             if (ext == null) {
                 return null;
@@ -303,10 +299,10 @@ public class PolicyMappingsExtDefault extends EnrollExtDefault {
             } else {
                 return "false";
             }
-        } else if (name.equals(VAL_DOMAINS)) { 
+        } else if (name.equals(VAL_DOMAINS)) {
             ext = (PolicyMappingsExtension)
-                    getExtension(PKIXExtensions.PolicyMappings_Id.toString(), 
-                        info);
+                    getExtension(PKIXExtensions.PolicyMappings_Id.toString(),
+                            info);
 
             if (ext == null)
                 return "";
@@ -314,7 +310,7 @@ public class PolicyMappingsExtDefault extends EnrollExtDefault {
             int num_mappings = getNumMappings();
 
             Enumeration<CertificatePolicyMap> maps = ext.getMappings();
-         
+
             int num = 0;
             StringBuffer sb = new StringBuffer();
 
@@ -323,12 +319,12 @@ public class PolicyMappingsExtDefault extends EnrollExtDefault {
             for (int i = 0; i < num_mappings; i++) {
                 NameValuePairs pairs = new NameValuePairs();
 
-                if (maps.hasMoreElements()) { 
-                    CertificatePolicyMap map = 
-                        (CertificatePolicyMap) maps.nextElement();
-                
+                if (maps.hasMoreElements()) {
+                    CertificatePolicyMap map =
+                            (CertificatePolicyMap) maps.nextElement();
+
                     CertificatePolicyId i1 = map.getIssuerIdentifier();
-                    CertificatePolicyId s1 = map.getSubjectIdentifier();               
+                    CertificatePolicyId s1 = map.getSubjectIdentifier();
 
                     pairs.add(ISSUER_POLICY_ID, i1.getIdentifier().toString());
                     pairs.add(SUBJECT_POLICY_ID, s1.getIdentifier().toString());
@@ -337,14 +333,14 @@ public class PolicyMappingsExtDefault extends EnrollExtDefault {
                     pairs.add(ISSUER_POLICY_ID, "");
                     pairs.add(SUBJECT_POLICY_ID, "");
                     pairs.add(POLICY_ID_ENABLE, "false");
-			
+
                 }
                 recs.addElement(pairs);
-            }    
- 
+            }
+
             return buildRecords(recs);
         } else {
-            throw new EPropertyException(CMS.getUserMessage( 
+            throw new EPropertyException(CMS.getUserMessage(
                         locale, "CMS_INVALID_PROPERTY", name));
         }
     }
@@ -368,8 +364,8 @@ public class PolicyMappingsExtDefault extends EnrollExtDefault {
             sb.append(getConfig(CONFIG_ENABLE + i));
             sb.append("}");
         }
-        return CMS.getUserMessage(locale, 
-                "CMS_PROFILE_DEF_POLICY_MAPPINGS_EXT", 
+        return CMS.getUserMessage(locale,
+                "CMS_PROFILE_DEF_POLICY_MAPPINGS_EXT",
                 getConfig(CONFIG_CRITICAL), sb.toString());
     }
 
@@ -377,24 +373,24 @@ public class PolicyMappingsExtDefault extends EnrollExtDefault {
      * Populates the request with this policy default.
      */
     public void populate(IRequest request, X509CertInfo info)
-        throws EProfileException {
+            throws EProfileException {
         PolicyMappingsExtension ext = createExtension();
 
         if (ext == null)
             return;
-        addExtension(PKIXExtensions.PolicyMappings_Id.toString(), 
-            ext, info);
+        addExtension(PKIXExtensions.PolicyMappings_Id.toString(),
+                ext, info);
     }
 
     public PolicyMappingsExtension createExtension() {
-        PolicyMappingsExtension ext = null; 
+        PolicyMappingsExtension ext = null;
 
         try {
             boolean critical = getConfigBoolean(CONFIG_CRITICAL);
             Vector<CertificatePolicyMap> policyMaps = new Vector<CertificatePolicyMap>();
             int num = getNumMappings();
 
-            for (int i = 0; i < num; i++) { 
+            for (int i = 0; i < num; i++) {
                 String enable = getConfig(CONFIG_ENABLE + i);
 
                 if (enable != null && enable.equals("true")) {
@@ -420,8 +416,8 @@ public class PolicyMappingsExtDefault extends EnrollExtDefault {
 
             ext = new PolicyMappingsExtension(critical, policyMaps);
         } catch (Exception e) {
-            CMS.debug("PolicyMappingsExtDefault: createExtension " + 
-                e.toString());
+            CMS.debug("PolicyMappingsExtDefault: createExtension " +
+                    e.toString());
         }
 
         return ext;
diff --git a/pki/base/common/src/com/netscape/cms/profile/def/PrivateKeyUsagePeriodExtDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/PrivateKeyUsagePeriodExtDefault.java
index f1a71ff9..73d4df32 100644
--- a/pki/base/common/src/com/netscape/cms/profile/def/PrivateKeyUsagePeriodExtDefault.java
+++ b/pki/base/common/src/com/netscape/cms/profile/def/PrivateKeyUsagePeriodExtDefault.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.profile.def;
 
-
 import java.text.ParsePosition;
 import java.text.SimpleDateFormat;
 import java.util.Date;
@@ -37,12 +36,10 @@ import com.netscape.certsrv.property.EPropertyException;
 import com.netscape.certsrv.property.IDescriptor;
 import com.netscape.certsrv.request.IRequest;
 
-
 /**
- * This class implements an enrollment default policy
- * that populates a Private Key Usage Period extension
- * into the certificate template.
- *
+ * This class implements an enrollment default policy that populates a Private
+ * Key Usage Period extension into the certificate template.
+ * 
  * @version $Revision$, $Date$
  */
 public class PrivateKeyUsagePeriodExtDefault extends EnrollExtDefault {
@@ -70,13 +67,13 @@ public class PrivateKeyUsagePeriodExtDefault extends EnrollExtDefault {
     }
 
     public void init(IProfile profile, IConfigStore config)
-        throws EProfileException {
+            throws EProfileException {
         super.init(profile, config);
     }
 
-    public IDescriptor getConfigDescriptor(Locale locale, String name) { 
+    public IDescriptor getConfigDescriptor(Locale locale, String name) {
         if (name.equals(CONFIG_CRITICAL)) {
-            return new Descriptor(IDescriptor.BOOLEAN, null, 
+            return new Descriptor(IDescriptor.BOOLEAN, null,
                     "false",
                     CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL"));
         } else if (name.equals(CONFIG_START_TIME)) {
@@ -93,28 +90,28 @@ public class PrivateKeyUsagePeriodExtDefault extends EnrollExtDefault {
     }
 
     public void setConfig(String name, String value)
-        throws EPropertyException {
+            throws EPropertyException {
         if (name.equals(CONFIG_START_TIME)) {
-          try {
-            Integer.parseInt(value);
-          } catch (Exception e) {
-                throw new EPropertyException(CMS.getUserMessage( 
+            try {
+                Integer.parseInt(value);
+            } catch (Exception e) {
+                throw new EPropertyException(CMS.getUserMessage(
                             "CMS_INVALID_PROPERTY", CONFIG_START_TIME));
-          }
+            }
         } else if (name.equals(CONFIG_DURATION)) {
-          try {
-            Integer.parseInt(value);
-          } catch (Exception e) {
-                throw new EPropertyException(CMS.getUserMessage( 
+            try {
+                Integer.parseInt(value);
+            } catch (Exception e) {
+                throw new EPropertyException(CMS.getUserMessage(
                             "CMS_INVALID_PROPERTY", CONFIG_DURATION));
-          }
+            }
         }
         super.setConfig(name, value);
     }
 
     public IDescriptor getValueDescriptor(Locale locale, String name) {
         if (name.equals(VAL_CRITICAL)) {
-            return new Descriptor(IDescriptor.BOOLEAN, null, 
+            return new Descriptor(IDescriptor.BOOLEAN, null,
                     "false",
                     CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL"));
         } else if (name.equals(VAL_NOT_BEFORE)) {
@@ -131,13 +128,13 @@ public class PrivateKeyUsagePeriodExtDefault extends EnrollExtDefault {
     }
 
     public void setValue(String name, Locale locale,
-        X509CertInfo info, String value)
-        throws EPropertyException {
+            X509CertInfo info, String value)
+            throws EPropertyException {
         try {
             PrivateKeyUsageExtension ext = null;
 
             if (name == null) {
-                throw new EPropertyException(CMS.getUserMessage( 
+                throw new EPropertyException(CMS.getUserMessage(
                             locale, "CMS_INVALID_PROPERTY", name));
             }
 
@@ -146,8 +143,8 @@ public class PrivateKeyUsagePeriodExtDefault extends EnrollExtDefault {
             ext = (PrivateKeyUsageExtension)
                         getExtension(oid.toString(), info);
 
-            if(ext == null)  {
-                populate(null,info);
+            if (ext == null) {
+                populate(null, info);
             }
 
             if (name.equals(VAL_CRITICAL)) {
@@ -156,38 +153,38 @@ public class PrivateKeyUsagePeriodExtDefault extends EnrollExtDefault {
                         getExtension(oid.toString(), info);
                 boolean val = Boolean.valueOf(value).booleanValue();
 
-                if (ext == null)  {
+                if (ext == null) {
                     return;
                 }
-                ext.setCritical(val); 
-            } else if (name.equals(VAL_NOT_BEFORE)) { 
-                SimpleDateFormat formatter = 
-                  new SimpleDateFormat(DATE_FORMAT); 
-                ParsePosition pos = new ParsePosition(0); 
+                ext.setCritical(val);
+            } else if (name.equals(VAL_NOT_BEFORE)) {
+                SimpleDateFormat formatter =
+                        new SimpleDateFormat(DATE_FORMAT);
+                ParsePosition pos = new ParsePosition(0);
                 Date date = formatter.parse(value, pos);
 
                 ext = (PrivateKeyUsageExtension)
                         getExtension(oid.toString(), info);
 
-                if (ext == null)  {
+                if (ext == null) {
                     return;
                 }
                 ext.set(PrivateKeyUsageExtension.NOT_BEFORE, date);
-            } else if (name.equals(VAL_NOT_AFTER)) { 
-                SimpleDateFormat formatter = 
-                  new SimpleDateFormat(DATE_FORMAT); 
-                ParsePosition pos = new ParsePosition(0); 
+            } else if (name.equals(VAL_NOT_AFTER)) {
+                SimpleDateFormat formatter =
+                        new SimpleDateFormat(DATE_FORMAT);
+                ParsePosition pos = new ParsePosition(0);
                 Date date = formatter.parse(value, pos);
 
                 ext = (PrivateKeyUsageExtension)
                         getExtension(oid.toString(), info);
 
-                if (ext == null)  {
+                if (ext == null) {
                     return;
                 }
                 ext.set(PrivateKeyUsageExtension.NOT_AFTER, date);
             } else {
-                throw new EPropertyException(CMS.getUserMessage( 
+                throw new EPropertyException(CMS.getUserMessage(
                             locale, "CMS_INVALID_PROPERTY", name));
             }
 
@@ -200,12 +197,12 @@ public class PrivateKeyUsagePeriodExtDefault extends EnrollExtDefault {
     }
 
     public String getValue(String name, Locale locale,
-        X509CertInfo info)
-        throws EPropertyException {
+            X509CertInfo info)
+            throws EPropertyException {
         PrivateKeyUsageExtension ext = null;
 
         if (name == null) {
-            throw new EPropertyException(CMS.getUserMessage( 
+            throw new EPropertyException(CMS.getUserMessage(
                         locale, "CMS_INVALID_PROPERTY", name));
         }
 
@@ -214,14 +211,13 @@ public class PrivateKeyUsagePeriodExtDefault extends EnrollExtDefault {
         ext = (PrivateKeyUsageExtension)
                     getExtension(oid.toString(), info);
 
-        if(ext == null)
-        {
+        if (ext == null) {
             try {
-                populate(null,info);
+                populate(null, info);
 
             } catch (EProfileException e) {
-                 throw new EPropertyException(CMS.getUserMessage(
-                      locale, "CMS_INVALID_PROPERTY", name));
+                throw new EPropertyException(CMS.getUserMessage(
+                        locale, "CMS_INVALID_PROPERTY", name));
             }
 
         }
@@ -239,9 +235,9 @@ public class PrivateKeyUsagePeriodExtDefault extends EnrollExtDefault {
             } else {
                 return "false";
             }
-        } else if (name.equals(VAL_NOT_BEFORE)) { 
-            SimpleDateFormat formatter = 
-               new SimpleDateFormat(DATE_FORMAT);
+        } else if (name.equals(VAL_NOT_BEFORE)) {
+            SimpleDateFormat formatter =
+                    new SimpleDateFormat(DATE_FORMAT);
 
             ext = (PrivateKeyUsageExtension)
                     getExtension(oid.toString(), info);
@@ -250,9 +246,9 @@ public class PrivateKeyUsagePeriodExtDefault extends EnrollExtDefault {
                 return "";
 
             return formatter.format(ext.getNotBefore());
-        } else if (name.equals(VAL_NOT_AFTER)) { 
-            SimpleDateFormat formatter = 
-               new SimpleDateFormat(DATE_FORMAT);
+        } else if (name.equals(VAL_NOT_AFTER)) {
+            SimpleDateFormat formatter =
+                    new SimpleDateFormat(DATE_FORMAT);
 
             ext = (PrivateKeyUsageExtension)
                     getExtension(oid.toString(), info);
@@ -262,14 +258,14 @@ public class PrivateKeyUsagePeriodExtDefault extends EnrollExtDefault {
 
             return formatter.format(ext.getNotAfter());
         } else {
-            throw new EPropertyException(CMS.getUserMessage( 
+            throw new EPropertyException(CMS.getUserMessage(
                         locale, "CMS_INVALID_PROPERTY", name));
         }
     }
 
     public String getText(Locale locale) {
         String params[] = {
-                getConfig(CONFIG_CRITICAL), 
+                getConfig(CONFIG_CRITICAL),
                 getConfig(CONFIG_START_TIME),
                 getConfig(CONFIG_DURATION)
             };
@@ -281,27 +277,27 @@ public class PrivateKeyUsagePeriodExtDefault extends EnrollExtDefault {
      * Populates the request with this policy default.
      */
     public void populate(IRequest request, X509CertInfo info)
-        throws EProfileException {
+            throws EProfileException {
         PrivateKeyUsageExtension ext = createExtension();
 
         addExtension(ext.getExtensionId().toString(), ext, info);
     }
 
     public PrivateKeyUsageExtension createExtension() {
-        PrivateKeyUsageExtension ext = null; 
+        PrivateKeyUsageExtension ext = null;
 
         try {
             boolean critical = getConfigBoolean(CONFIG_CRITICAL);
 
-            // always + 60 seconds 
+            // always + 60 seconds
             String startTimeStr = getConfig(CONFIG_START_TIME);
 
-            if (startTimeStr == null || startTimeStr.equals("")) { 
-              startTimeStr = "60"; 
-            } 
-            int startTime = Integer.parseInt(startTimeStr); 
-            Date notBefore = new Date(CMS.getCurrentDate().getTime() + 
-               (1000 * startTime)); 
+            if (startTimeStr == null || startTimeStr.equals("")) {
+                startTimeStr = "60";
+            }
+            int startTime = Integer.parseInt(startTimeStr);
+            Date notBefore = new Date(CMS.getCurrentDate().getTime() +
+                    (1000 * startTime));
             long notAfterVal = 0;
 
             notAfterVal = notBefore.getTime() +
@@ -309,10 +305,10 @@ public class PrivateKeyUsagePeriodExtDefault extends EnrollExtDefault {
             Date notAfter = new Date(notAfterVal);
 
             ext = new PrivateKeyUsageExtension(notBefore, notAfter);
-            ext.setCritical(critical); 
+            ext.setCritical(critical);
         } catch (Exception e) {
-            CMS.debug("PrivateKeyUsagePeriodExt: createExtension " + 
-                e.toString());
+            CMS.debug("PrivateKeyUsagePeriodExt: createExtension " +
+                    e.toString());
         }
         return ext;
     }
diff --git a/pki/base/common/src/com/netscape/cms/profile/def/SigningAlgDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/SigningAlgDefault.java
index 4bca9350..29d1116c 100644
--- a/pki/base/common/src/com/netscape/cms/profile/def/SigningAlgDefault.java
+++ b/pki/base/common/src/com/netscape/cms/profile/def/SigningAlgDefault.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.profile.def;
 
-
 import java.util.Locale;
 
 import netscape.security.x509.AlgorithmId;
@@ -34,12 +33,10 @@ import com.netscape.certsrv.property.EPropertyException;
 import com.netscape.certsrv.property.IDescriptor;
 import com.netscape.certsrv.request.IRequest;
 
-
 /**
- * This class implements an enrollment default policy
- * that populates a signing algorithm
- * into the certificate template.
- *
+ * This class implements an enrollment default policy that populates a signing
+ * algorithm into the certificate template.
+ * 
  * @version $Revision$, $Date$
  */
 public class SigningAlgDefault extends EnrollDefault {
@@ -47,8 +44,8 @@ public class SigningAlgDefault extends EnrollDefault {
     public static final String CONFIG_ALGORITHM = "signingAlg";
 
     public static final String VAL_ALGORITHM = "signingAlg";
-    public static final String DEF_CONFIG_ALGORITHMS = 
-      "-,MD5withRSA,MD2withRSA,SHA1withRSA,SHA256withRSA,SHA512withRSA";
+    public static final String DEF_CONFIG_ALGORITHMS =
+            "-,MD5withRSA,MD2withRSA,SHA1withRSA,SHA256withRSA,SHA512withRSA";
 
     public SigningAlgDefault() {
         super();
@@ -57,7 +54,7 @@ public class SigningAlgDefault extends EnrollDefault {
     }
 
     public void init(IProfile profile, IConfigStore config)
-        throws EProfileException {
+            throws EProfileException {
         super.init(profile, config);
     }
 
@@ -68,41 +65,39 @@ public class SigningAlgDefault extends EnrollDefault {
                     CMS.getUserMessage(locale, "CMS_PROFILE_SIGNING_ALGORITHM"));
         } else {
             return null;
-        } 
+        }
     }
 
-    public String getSigningAlg()
-    {
-      String signingAlg = getConfig(CONFIG_ALGORITHM);
-      // if specified, use the specified one. Otherwise, pick
-      // the best selection for the user
-      if (signingAlg == null || signingAlg.equals("") ||
-          signingAlg.equals("-")) {
-        // best pick for the user
-        ICertificateAuthority ca = (ICertificateAuthority)
-                CMS.getSubsystem(CMS.SUBSYSTEM_CA);
-        return ca.getDefaultAlgorithm();
-      } else {
-        return signingAlg;
-      }
+    public String getSigningAlg() {
+        String signingAlg = getConfig(CONFIG_ALGORITHM);
+        // if specified, use the specified one. Otherwise, pick
+        // the best selection for the user
+        if (signingAlg == null || signingAlg.equals("") ||
+                signingAlg.equals("-")) {
+            // best pick for the user
+            ICertificateAuthority ca = (ICertificateAuthority)
+                    CMS.getSubsystem(CMS.SUBSYSTEM_CA);
+            return ca.getDefaultAlgorithm();
+        } else {
+            return signingAlg;
+        }
     }
 
-    public String getDefSigningAlgorithms()
-    {
-      StringBuffer allowed = new StringBuffer();
-      ICertificateAuthority ca = (ICertificateAuthority)
+    public String getDefSigningAlgorithms() {
+        StringBuffer allowed = new StringBuffer();
+        ICertificateAuthority ca = (ICertificateAuthority)
                 CMS.getSubsystem(CMS.SUBSYSTEM_CA);
-      String algos[] = ca.getCASigningAlgorithms();
-      for (int i = 0; i < algos.length; i++) {
-        if (allowed.length()== 0) {
-          allowed.append(algos[i]);
-        } else {
-          allowed.append(",");
-          allowed.append(algos[i]);
+        String algos[] = ca.getCASigningAlgorithms();
+        for (int i = 0; i < algos.length; i++) {
+            if (allowed.length() == 0) {
+                allowed.append(algos[i]);
+            } else {
+                allowed.append(",");
+                allowed.append(algos[i]);
+            }
         }
-      }
-      return allowed.toString();
-    } 
+        return allowed.toString();
+    }
 
     public IDescriptor getValueDescriptor(Locale locale, String name) {
         if (name.equals(VAL_ALGORITHM)) {
@@ -115,31 +110,31 @@ public class SigningAlgDefault extends EnrollDefault {
     }
 
     public void setValue(String name, Locale locale,
-        X509CertInfo info, String value)
-        throws EPropertyException {
-        if (name == null) { 
-            throw new EPropertyException(CMS.getUserMessage( 
+            X509CertInfo info, String value)
+            throws EPropertyException {
+        if (name == null) {
+            throw new EPropertyException(CMS.getUserMessage(
                         locale, "CMS_INVALID_PROPERTY", name));
         }
         if (name.equals(VAL_ALGORITHM)) {
             try {
                 info.set(X509CertInfo.ALGORITHM_ID,
-                    new CertificateAlgorithmId(
-                        AlgorithmId.getAlgorithmId(value)));
+                        new CertificateAlgorithmId(
+                                AlgorithmId.getAlgorithmId(value)));
             } catch (Exception e) {
                 CMS.debug("SigningAlgDefault: setValue " + e.toString());
-                throw new EPropertyException(CMS.getUserMessage( 
+                throw new EPropertyException(CMS.getUserMessage(
                             locale, "CMS_INVALID_PROPERTY", name));
             }
         } else {
-            throw new EPropertyException(CMS.getUserMessage( 
+            throw new EPropertyException(CMS.getUserMessage(
                         locale, "CMS_INVALID_PROPERTY", name));
         }
     }
 
     public String getValue(String name, Locale locale,
-        X509CertInfo info)
-        throws EPropertyException { 
+            X509CertInfo info)
+            throws EPropertyException {
 
         if (name == null)
             throw new EPropertyException("Invalid name " + name);
@@ -151,23 +146,23 @@ public class SigningAlgDefault extends EnrollDefault {
                 algId = (CertificateAlgorithmId)
                         info.get(X509CertInfo.ALGORITHM_ID);
                 AlgorithmId id = (AlgorithmId)
-                    algId.get(CertificateAlgorithmId.ALGORITHM);
+                        algId.get(CertificateAlgorithmId.ALGORITHM);
 
                 return id.toString();
             } catch (Exception e) {
                 CMS.debug("SigningAlgDefault: getValue " + e.toString());
             }
-            throw new EPropertyException(CMS.getUserMessage( 
+            throw new EPropertyException(CMS.getUserMessage(
                         locale, "CMS_INVALID_PROPERTY", name));
         } else {
-            throw new EPropertyException(CMS.getUserMessage( 
+            throw new EPropertyException(CMS.getUserMessage(
                         locale, "CMS_INVALID_PROPERTY", name));
         }
 
     }
 
     public String getText(Locale locale) {
-        return CMS.getUserMessage(locale, "CMS_PROFILE_DEF_SIGNING_ALGORITHM", 
+        return CMS.getUserMessage(locale, "CMS_PROFILE_DEF_SIGNING_ALGORITHM",
                 getSigningAlg());
     }
 
@@ -175,11 +170,11 @@ public class SigningAlgDefault extends EnrollDefault {
      * Populates the request with this policy default.
      */
     public void populate(IRequest request, X509CertInfo info)
-        throws EProfileException {
+            throws EProfileException {
         try {
             info.set(X509CertInfo.ALGORITHM_ID,
-                new CertificateAlgorithmId(
-                    AlgorithmId.getAlgorithmId(getSigningAlg())));
+                    new CertificateAlgorithmId(
+                            AlgorithmId.getAlgorithmId(getSigningAlg())));
         } catch (Exception e) {
             CMS.debug("SigningAlgDefault: populate " + e.toString());
         }
diff --git a/pki/base/common/src/com/netscape/cms/profile/def/SubjectAltNameExtDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/SubjectAltNameExtDefault.java
index 8adc94dc..f02a65de 100644
--- a/pki/base/common/src/com/netscape/cms/profile/def/SubjectAltNameExtDefault.java
+++ b/pki/base/common/src/com/netscape/cms/profile/def/SubjectAltNameExtDefault.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.profile.def;
 
-
 import java.io.IOException;
 import java.util.Enumeration;
 import java.util.Locale;
@@ -42,12 +41,10 @@ import com.netscape.certsrv.property.EPropertyException;
 import com.netscape.certsrv.property.IDescriptor;
 import com.netscape.certsrv.request.IRequest;
 
-
 /**
- * This class implements an enrollment default policy
- * that populates a subject alternative name extension
- * into the certificate template.
- *
+ * This class implements an enrollment default policy that populates a subject
+ * alternative name extension into the certificate template.
+ * 
  * @version $Revision$, $Date$
  */
 public class SubjectAltNameExtDefault extends EnrollExtDefault {
@@ -90,70 +87,69 @@ public class SubjectAltNameExtDefault extends EnrollExtDefault {
         }
 
         if (num >= MAX_NUM_GN)
-           num = DEF_NUM_GN;
+            num = DEF_NUM_GN;
         return num;
     }
- 
 
     public void init(IProfile profile, IConfigStore config)
-        throws EProfileException {
+            throws EProfileException {
 
-        super.init(profile,config);
-        refreshConfigAndValueNames();  
+        super.init(profile, config);
+        refreshConfigAndValueNames();
         // migrate old parameters to new parameters
         String old_type = null;
         String old_pattern = null;
         IConfigStore paramConfig = config.getSubStore("params");
         try {
-          if (paramConfig != null) {
-            old_type = paramConfig.getString(CONFIG_OLD_TYPE);
-          }
+            if (paramConfig != null) {
+                old_type = paramConfig.getString(CONFIG_OLD_TYPE);
+            }
         } catch (EBaseException e) {
-          // nothing to do here
+            // nothing to do here
         }
         CMS.debug("SubjectAltNameExtDefault: Upgrading old_type=" +
                 old_type);
         try {
-          if (paramConfig != null) {
-            old_pattern = paramConfig.getString(CONFIG_OLD_PATTERN);
-          }
+            if (paramConfig != null) {
+                old_pattern = paramConfig.getString(CONFIG_OLD_PATTERN);
+            }
         } catch (EBaseException e) {
-          // nothing to do here
+            // nothing to do here
         }
         CMS.debug("SubjectAltNameExtDefault: Upgrading old_pattern=" +
                 old_pattern);
-        if (old_type != null && old_pattern != null)  {
-           CMS.debug("SubjectAltNameExtDefault: Upgrading");
-           try {
-             paramConfig.putString(CONFIG_NUM_GNS, "1");
-             paramConfig.putString(CONFIG_GN_ENABLE + "0", "true");
-             paramConfig.putString(CONFIG_TYPE + "0", old_type);
-             paramConfig.putString(CONFIG_PATTERN + "0", old_pattern);
-             paramConfig.remove(CONFIG_OLD_TYPE);
-             paramConfig.remove(CONFIG_OLD_PATTERN);
-             profile.getConfigStore().commit(true);
-           } catch (Exception e) {
-             CMS.debug("SubjectAltNameExtDefault: Failed to upgrade " + e);
-           }
+        if (old_type != null && old_pattern != null) {
+            CMS.debug("SubjectAltNameExtDefault: Upgrading");
+            try {
+                paramConfig.putString(CONFIG_NUM_GNS, "1");
+                paramConfig.putString(CONFIG_GN_ENABLE + "0", "true");
+                paramConfig.putString(CONFIG_TYPE + "0", old_type);
+                paramConfig.putString(CONFIG_PATTERN + "0", old_pattern);
+                paramConfig.remove(CONFIG_OLD_TYPE);
+                paramConfig.remove(CONFIG_OLD_PATTERN);
+                profile.getConfigStore().commit(true);
+            } catch (Exception e) {
+                CMS.debug("SubjectAltNameExtDefault: Failed to upgrade " + e);
+            }
         }
     }
 
     public void setConfig(String name, String value)
-        throws EPropertyException {
+            throws EPropertyException {
         int num = 0;
         if (name.equals(CONFIG_NUM_GNS)) {
-          try {
-            num = Integer.parseInt(value);
+            try {
+                num = Integer.parseInt(value);
 
-            if (num >= MAX_NUM_GN || num < 0) {
-                throw new EPropertyException(CMS.getUserMessage(
+                if (num >= MAX_NUM_GN || num < 0) {
+                    throw new EPropertyException(CMS.getUserMessage(
                             "CMS_INVALID_PROPERTY", CONFIG_NUM_GNS));
-            }
+                }
 
-          } catch (Exception e) {
+            } catch (Exception e) {
                 throw new EPropertyException(CMS.getUserMessage(
                             "CMS_INVALID_PROPERTY", CONFIG_NUM_GNS));
-          }
+            }
         }
         super.setConfig(name, value);
     }
@@ -173,29 +169,29 @@ public class SubjectAltNameExtDefault extends EnrollExtDefault {
         int num = getNumGNs();
         addConfigName(CONFIG_NUM_GNS);
         for (int i = 0; i < num; i++) {
-        addConfigName(CONFIG_TYPE + i);
-        addConfigName(CONFIG_PATTERN + i);
-        addConfigName(CONFIG_GN_ENABLE + i);
+            addConfigName(CONFIG_TYPE + i);
+            addConfigName(CONFIG_PATTERN + i);
+            addConfigName(CONFIG_GN_ENABLE + i);
         }
     }
-    
-    public IDescriptor getConfigDescriptor(Locale locale, String name) { 
+
+    public IDescriptor getConfigDescriptor(Locale locale, String name) {
         if (name.equals(CONFIG_CRITICAL)) {
-            return new Descriptor(IDescriptor.BOOLEAN, null, 
+            return new Descriptor(IDescriptor.BOOLEAN, null,
                     "false",
                     CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL"));
         } else if (name.startsWith(CONFIG_TYPE)) {
             return new Descriptor(IDescriptor.CHOICE, "RFC822Name,DNSName,DirectoryName,EDIPartyName,URIName,IPAddress,OIDName,OtherName",
                     "RFC822Name",
-                    CMS.getUserMessage(locale, 
-                        "CMS_PROFILE_SUBJECT_ALT_NAME_TYPE"));
+                    CMS.getUserMessage(locale,
+                            "CMS_PROFILE_SUBJECT_ALT_NAME_TYPE"));
         } else if (name.startsWith(CONFIG_PATTERN)) {
-            return new Descriptor(IDescriptor.STRING, null, 
+            return new Descriptor(IDescriptor.STRING, null,
                     null,
-                    CMS.getUserMessage(locale, 
-                        "CMS_PROFILE_SUBJECT_ALT_NAME_PATTERN"));
+                    CMS.getUserMessage(locale,
+                            "CMS_PROFILE_SUBJECT_ALT_NAME_PATTERN"));
         } else if (name.startsWith(CONFIG_GN_ENABLE)) {
-            return new Descriptor(IDescriptor.BOOLEAN, null, 
+            return new Descriptor(IDescriptor.BOOLEAN, null,
                     "false",
                     CMS.getUserMessage(locale, "CMS_PROFILE_GN_ENABLE"));
         } else if (name.startsWith(CONFIG_NUM_GNS)) {
@@ -209,11 +205,11 @@ public class SubjectAltNameExtDefault extends EnrollExtDefault {
 
     public IDescriptor getValueDescriptor(Locale locale, String name) {
         if (name.equals(VAL_CRITICAL)) {
-            return new Descriptor(IDescriptor.BOOLEAN, null, 
+            return new Descriptor(IDescriptor.BOOLEAN, null,
                     "false",
                     CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL"));
         } else if (name.equals(VAL_GENERAL_NAMES)) {
-            return new Descriptor(IDescriptor.STRING_LIST, null, 
+            return new Descriptor(IDescriptor.STRING_LIST, null,
                     null,
                     CMS.getUserMessage(locale, "CMS_PROFILE_GENERAL_NAMES"));
         } else {
@@ -222,13 +218,13 @@ public class SubjectAltNameExtDefault extends EnrollExtDefault {
     }
 
     public void setValue(String name, Locale locale,
-        X509CertInfo info, String value)
-        throws EPropertyException {
+            X509CertInfo info, String value)
+            throws EPropertyException {
         try {
             SubjectAlternativeNameExtension ext = null;
 
-            if (name == null) { 
-                throw new EPropertyException(CMS.getUserMessage( 
+            if (name == null) {
+                throw new EPropertyException(CMS.getUserMessage(
                             locale, "CMS_INVALID_PROPERTY", name));
             }
 
@@ -236,12 +232,12 @@ public class SubjectAltNameExtDefault extends EnrollExtDefault {
                         (SubjectAlternativeNameExtension)
                         getExtension(PKIXExtensions.SubjectAlternativeName_Id.toString(), info);
 
-            if(ext == null)  {
-                populate(null,info);
-            } 
+            if (ext == null) {
+                populate(null, info);
+            }
 
             if (name.equals(VAL_CRITICAL)) {
-                ext = 
+                ext =
                         (SubjectAlternativeNameExtension)
                         getExtension(PKIXExtensions.SubjectAlternativeName_Id.toString(), info);
 
@@ -253,7 +249,7 @@ public class SubjectAltNameExtDefault extends EnrollExtDefault {
 
                 ext.setCritical(critical);
             } else if (name.equals(VAL_GENERAL_NAMES)) {
-                ext = 
+                ext =
                         (SubjectAlternativeNameExtension)
                         getExtension(PKIXExtensions.SubjectAlternativeName_Id.toString(), info);
 
@@ -278,41 +274,41 @@ public class SubjectAltNameExtDefault extends EnrollExtDefault {
                     }
                     GeneralNameInterface n = parseGeneralName(gname);
                     if (n != null) {
-                      gn.addElement(n);
+                        gn.addElement(n);
                     }
                 }
                 if (gn.size() == 0) {
-                   CMS.debug("GN size is zero");
-                   deleteExtension(PKIXExtensions.SubjectAlternativeName_Id.toString(), info);
+                    CMS.debug("GN size is zero");
+                    deleteExtension(PKIXExtensions.SubjectAlternativeName_Id.toString(), info);
                     return;
                 } else {
-                   CMS.debug("GN size is non zero (" + gn.size() + ")");
-                  ext.set(SubjectAlternativeNameExtension.SUBJECT_NAME, gn);
+                    CMS.debug("GN size is non zero (" + gn.size() + ")");
+                    ext.set(SubjectAlternativeNameExtension.SUBJECT_NAME, gn);
                 }
             } else {
-                throw new EPropertyException(CMS.getUserMessage( 
+                throw new EPropertyException(CMS.getUserMessage(
                             locale, "CMS_INVALID_PROPERTY", name));
             }
             replaceExtension(
-                PKIXExtensions.SubjectAlternativeName_Id.toString(),
-                ext, info);
+                    PKIXExtensions.SubjectAlternativeName_Id.toString(),
+                    ext, info);
         } catch (IOException e) {
             CMS.debug("SubjectAltNameExtDefault: setValue " + e.toString());
-            throw new EPropertyException(CMS.getUserMessage( 
+            throw new EPropertyException(CMS.getUserMessage(
                         locale, "CMS_INVALID_PROPERTY", name));
         } catch (EProfileException e) {
             CMS.debug("SubjectAltNameExtDefault: setValue " + e.toString());
-            throw new EPropertyException(CMS.getUserMessage( 
+            throw new EPropertyException(CMS.getUserMessage(
                         locale, "CMS_INVALID_PROPERTY", name));
         }
     }
 
     public String getValue(String name, Locale locale,
-        X509CertInfo info)
-        throws EPropertyException {
+            X509CertInfo info)
+            throws EPropertyException {
         try {
             if (name == null) {
-                throw new EPropertyException(CMS.getUserMessage( 
+                throw new EPropertyException(CMS.getUserMessage(
                             locale, "CMS_INVALID_PROPERTY", name));
             }
 
@@ -320,22 +316,21 @@ public class SubjectAltNameExtDefault extends EnrollExtDefault {
                     (SubjectAlternativeNameExtension)
                     getExtension(PKIXExtensions.SubjectAlternativeName_Id.toString(), info);
 
-            if(ext == null)
-            {
+            if (ext == null) {
                 try {
-                    populate(null,info);
+                    populate(null, info);
 
                 } catch (EProfileException e) {
-                     throw new EPropertyException(CMS.getUserMessage(
-                          locale, "CMS_INVALID_PROPERTY", name));
+                    throw new EPropertyException(CMS.getUserMessage(
+                            locale, "CMS_INVALID_PROPERTY", name));
                 }
 
             }
 
             if (name.equals(VAL_CRITICAL)) {
-                ext = 
-                    (SubjectAlternativeNameExtension)
-                    getExtension(PKIXExtensions.SubjectAlternativeName_Id.toString(), info);
+                ext =
+                        (SubjectAlternativeNameExtension)
+                        getExtension(PKIXExtensions.SubjectAlternativeName_Id.toString(), info);
 
                 if (ext == null) {
                     return null;
@@ -346,15 +341,15 @@ public class SubjectAltNameExtDefault extends EnrollExtDefault {
                     return "false";
                 }
             } else if (name.equals(VAL_GENERAL_NAMES)) {
-                ext = 
-                    (SubjectAlternativeNameExtension)
-                    getExtension(PKIXExtensions.SubjectAlternativeName_Id.toString(), info);
+                ext =
+                        (SubjectAlternativeNameExtension)
+                        getExtension(PKIXExtensions.SubjectAlternativeName_Id.toString(), info);
                 if (ext == null) {
                     return null;
                 }
 
                 GeneralNames names = (GeneralNames)
-                    ext.get(SubjectAlternativeNameExtension.SUBJECT_NAME);
+                        ext.get(SubjectAlternativeNameExtension.SUBJECT_NAME);
                 StringBuffer sb = new StringBuffer();
                 Enumeration<GeneralNameInterface> e = names.elements();
 
@@ -369,39 +364,39 @@ public class SubjectAltNameExtDefault extends EnrollExtDefault {
                 }
                 return sb.toString();
             } else {
-                throw new EPropertyException(CMS.getUserMessage( 
+                throw new EPropertyException(CMS.getUserMessage(
                             locale, "CMS_INVALID_PROPERTY", name));
             }
         } catch (IOException e) {
-            CMS.debug("SubjectAltNameExtDefault: getValue " + 
-                e.toString());
+            CMS.debug("SubjectAltNameExtDefault: getValue " +
+                    e.toString());
         }
         return null;
     }
 
     /*
-     * returns text that goes into description for this extension on
-     * a profile
+     * returns text that goes into description for this extension on a profile
      */
     public String getText(Locale locale) {
         StringBuffer sb = new StringBuffer();
         String numGNs = getConfig(CONFIG_NUM_GNS);
         int num = getNumGNs();
 
-        for (int i= 0; i< num; i++) {
+        for (int i = 0; i < num; i++) {
             sb.append("Record #");
             sb.append(i);
             sb.append("{");
             sb.append(GN_PATTERN + ":");
             sb.append(getConfig(CONFIG_PATTERN + i));
             sb.append(",");
-            sb.append(GN_TYPE +":");
-            sb.append(getConfig(CONFIG_TYPE +i));
+            sb.append(GN_TYPE + ":");
+            sb.append(getConfig(CONFIG_TYPE + i));
             sb.append(",");
             sb.append(GN_ENABLE + ":");
             sb.append(getConfig(CONFIG_GN_ENABLE + i));
             sb.append("}");
-        };
+        }
+        ;
 
         return CMS.getUserMessage(locale, "CMS_PROFILE_DEF_SUBJECT_ALT_NAME_EXT", getConfig(CONFIG_CRITICAL), sb.toString());
     }
@@ -410,26 +405,26 @@ public class SubjectAltNameExtDefault extends EnrollExtDefault {
      * Populates the request with this policy default.
      */
     public void populate(IRequest request, X509CertInfo info)
-        throws EProfileException {
+            throws EProfileException {
         SubjectAlternativeNameExtension ext = null;
 
         try {
-            /* read from config file*/
+            /* read from config file */
             ext = createExtension(request);
 
         } catch (IOException e) {
             CMS.debug("SubjectAltNameExtDefault: populate " + e.toString());
         }
         if (ext != null) {
-        addExtension(PKIXExtensions.SubjectAlternativeName_Id.toString(), 
-            ext, info);
+            addExtension(PKIXExtensions.SubjectAlternativeName_Id.toString(),
+                    ext, info);
         } else {
             CMS.debug("SubjectAltNameExtDefault: populate sees no extension.  get out");
         }
     }
 
     public SubjectAlternativeNameExtension createExtension(IRequest request)
-        throws IOException {
+            throws IOException {
         SubjectAlternativeNameExtension ext = null;
         int num = getNumGNs();
 
@@ -438,11 +433,11 @@ public class SubjectAltNameExtDefault extends EnrollExtDefault {
 
         GeneralNames gn = new GeneralNames();
         int count = 0; // # of actual gnames
-        for (int i=0; i< num; i++) {
-        String enable = getConfig(CONFIG_GN_ENABLE +i);
+        for (int i = 0; i < num; i++) {
+            String enable = getConfig(CONFIG_GN_ENABLE + i);
             if (enable != null && enable.equals("true")) {
-                CMS.debug("SubjectAltNameExtDefault: createExtension i=" +i);
-                
+                CMS.debug("SubjectAltNameExtDefault: createExtension i=" + i);
+
                 String pattern = getConfig(CONFIG_PATTERN + i);
                 if (pattern == null || pattern.equals("")) {
                     pattern = " ";
@@ -453,28 +448,29 @@ public class SubjectAltNameExtDefault extends EnrollExtDefault {
 
                     // cfu - see if this is server-generated (e.g. UUID4)
                     // to use this feature, use $server.source$ in pattern
-                    String source = getConfig(CONFIG_SOURCE +i); 
+                    String source = getConfig(CONFIG_SOURCE + i);
                     String type = getConfig(CONFIG_TYPE + i);
                     if ((source != null) && (!source.equals(""))) {
                         if (type.equalsIgnoreCase("OtherName")) {
-                            CMS.debug("SubjectAlternativeNameExtension: using "+
-                               source+ " as gn");
+                            CMS.debug("SubjectAlternativeNameExtension: using " +
+                                    source + " as gn");
                             if (source.equals(CONFIG_SOURCE_UUID4)) {
-                              UUID randUUID = UUID.randomUUID();
-                              // call the mapPattern that does server-side gen
-                              // request is not used, but needed for the substitute
-                              // function
-                              gname = mapPattern(randUUID.toString(), request, pattern);
-                            } else { //expand more server-gen types here
-                              CMS.debug("SubjectAltNameExtDefault: createExtension - unsupported server-generated type: "+source+". Supported: UUID4");
-                              continue;
+                                UUID randUUID = UUID.randomUUID();
+                                // call the mapPattern that does server-side gen
+                                // request is not used, but needed for the
+                                // substitute
+                                // function
+                                gname = mapPattern(randUUID.toString(), request, pattern);
+                            } else { // expand more server-gen types here
+                                CMS.debug("SubjectAltNameExtDefault: createExtension - unsupported server-generated type: " + source + ". Supported: UUID4");
+                                continue;
                             }
                         } else {
-                              CMS.debug("SubjectAltNameExtDefault: createExtension - source is only supported for subjAltExtType OtherName");
-                              continue;
+                            CMS.debug("SubjectAltNameExtDefault: createExtension - source is only supported for subjAltExtType OtherName");
+                            continue;
                         }
                     } else {
-                        if (request != null)  {
+                        if (request != null) {
                             gname = mapPattern(request, pattern);
                         }
                     }
@@ -483,11 +479,11 @@ public class SubjectAltNameExtDefault extends EnrollExtDefault {
                         CMS.debug("gname is empty, not added");
                         continue;
                     }
-                    CMS.debug("SubjectAltNameExtDefault: createExtension got gname=" +gname);
+                    CMS.debug("SubjectAltNameExtDefault: createExtension got gname=" + gname);
 
                     GeneralNameInterface n = parseGeneralName(type + ":" + gname);
 
-                    CMS.debug("adding gname: "+gname);
+                    CMS.debug("adding gname: " + gname);
                     if (n != null) {
                         CMS.debug("SubjectAlternativeNameExtension: n not null");
                         gn.addElement(n);
@@ -496,26 +492,26 @@ public class SubjectAltNameExtDefault extends EnrollExtDefault {
                         CMS.debug("SubjectAlternativeNameExtension: n null");
                     }
                 }
-           }
-        } //for
+            }
+        } // for
 
         if (count != 0) {
-          try {
-            ext = new SubjectAlternativeNameExtension();
-          } catch (Exception e) {
-            CMS.debug(e.toString());
-            throw new IOException( e.toString() );
-          }
-          ext.set(SubjectAlternativeNameExtension.SUBJECT_NAME, gn);
-          ext.setCritical(critical);
+            try {
+                ext = new SubjectAlternativeNameExtension();
+            } catch (Exception e) {
+                CMS.debug(e.toString());
+                throw new IOException(e.toString());
+            }
+            ext.set(SubjectAlternativeNameExtension.SUBJECT_NAME, gn);
+            ext.setCritical(critical);
         } else {
-          CMS.debug("count is 0");
-        } 
+            CMS.debug("count is 0");
+        }
         return ext;
     }
 
-    public String mapPattern(IRequest request, String pattern) 
-        throws IOException {
+    public String mapPattern(IRequest request, String pattern)
+            throws IOException {
         Pattern p = new Pattern(pattern);
         IAttrSet attrSet = null;
         if (request != null) {
@@ -525,8 +521,8 @@ public class SubjectAltNameExtDefault extends EnrollExtDefault {
     }
 
     // for server-side generated values
-    public String mapPattern(String val, IRequest request, String pattern) 
-        throws IOException {
+    public String mapPattern(String val, IRequest request, String pattern)
+            throws IOException {
         Pattern p = new Pattern(pattern);
         IAttrSet attrSet = null;
         if (request != null) {
@@ -535,7 +531,7 @@ public class SubjectAltNameExtDefault extends EnrollExtDefault {
         try {
             attrSet.set("source", val);
         } catch (Exception e) {
-            CMS.debug("SubjectAlternativeNameExtension: mapPattern source "+e.toString());
+            CMS.debug("SubjectAlternativeNameExtension: mapPattern source " + e.toString());
         }
 
         return p.substitute("server", attrSet);
diff --git a/pki/base/common/src/com/netscape/cms/profile/def/SubjectDirAttributesExtDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/SubjectDirAttributesExtDefault.java
index 04ae8da3..37916e02 100644
--- a/pki/base/common/src/com/netscape/cms/profile/def/SubjectDirAttributesExtDefault.java
+++ b/pki/base/common/src/com/netscape/cms/profile/def/SubjectDirAttributesExtDefault.java
@@ -43,10 +43,9 @@ import com.netscape.certsrv.property.IDescriptor;
 import com.netscape.certsrv.request.IRequest;
 
 /**
- * This class implements an enrollment default policy
- * that populates a subject directory attributes extension
- * into the certificate template.
- *
+ * This class implements an enrollment default policy that populates a subject
+ * directory attributes extension into the certificate template.
+ * 
  * @version $Revision$, $Date$
  */
 public class SubjectDirAttributesExtDefault extends EnrollExtDefault {
@@ -71,7 +70,7 @@ public class SubjectDirAttributesExtDefault extends EnrollExtDefault {
     }
 
     public void init(IProfile profile, IConfigStore config)
-        throws EProfileException {
+            throws EProfileException {
         super.init(profile, config);
         refreshConfigAndValueNames();
     }
@@ -95,26 +94,25 @@ public class SubjectDirAttributesExtDefault extends EnrollExtDefault {
     }
 
     public void setConfig(String name, String value)
-        throws EPropertyException {
+            throws EPropertyException {
         int num = 0;
         if (name.equals(DEF_NUM_ATTRS)) {
-          try {
-            num = Integer.parseInt(value);
+            try {
+                num = Integer.parseInt(value);
 
-            if (num >= MAX_NUM_ATTRS || num < 0) {
-                throw new EPropertyException(CMS.getUserMessage(
+                if (num >= MAX_NUM_ATTRS || num < 0) {
+                    throw new EPropertyException(CMS.getUserMessage(
                             "CMS_INVALID_PROPERTY", CONFIG_NUM_ATTRS));
-            }
+                }
 
-          } catch (Exception e) {
+            } catch (Exception e) {
                 throw new EPropertyException(CMS.getUserMessage(
                             "CMS_INVALID_PROPERTY", CONFIG_NUM_ATTRS));
-          }
+            }
         }
         super.setConfig(name, value);
     }
 
-
     public Enumeration<String> getConfigNames() {
         refreshConfigAndValueNames();
         return super.getConfigNames();
@@ -136,43 +134,43 @@ public class SubjectDirAttributesExtDefault extends EnrollExtDefault {
         }
     }
 
-    public IDescriptor getConfigDescriptor(Locale locale, String name) { 
-        if (name.equals(CONFIG_CRITICAL)) { 
-            return new Descriptor(IDescriptor.BOOLEAN, null, 
+    public IDescriptor getConfigDescriptor(Locale locale, String name) {
+        if (name.equals(CONFIG_CRITICAL)) {
+            return new Descriptor(IDescriptor.BOOLEAN, null,
                     "false",
                     CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL"));
         } else if (name.startsWith(CONFIG_ATTR_NAME)) {
-            return new Descriptor(IDescriptor.STRING, null, 
+            return new Descriptor(IDescriptor.STRING, null,
                     null,
                     CMS.getUserMessage(locale, "CMS_PROFILE_NUM_ATTRS"));
         } else if (name.startsWith(CONFIG_ATTR_NAME)) {
-            return new Descriptor(IDescriptor.STRING, null, 
+            return new Descriptor(IDescriptor.STRING, null,
                     null,
                     CMS.getUserMessage(locale, "CMS_PROFILE_ATTR_NAME"));
         } else if (name.startsWith(CONFIG_PATTERN)) {
-            return new Descriptor(IDescriptor.STRING, null, 
+            return new Descriptor(IDescriptor.STRING, null,
                     null,
                     CMS.getUserMessage(locale, "CMS_PROFILE_ATTR_VALUE"));
         } else if (name.startsWith(CONFIG_ENABLE)) {
-            return new Descriptor(IDescriptor.BOOLEAN, null, 
+            return new Descriptor(IDescriptor.BOOLEAN, null,
                     null,
                     CMS.getUserMessage(locale, "CMS_PROFILE_ENABLE"));
         } else if (name.startsWith(CONFIG_NUM_ATTRS)) {
             return new Descriptor(IDescriptor.INTEGER, null,
                     "1",
-                    CMS.getUserMessage(locale, "CMS_PROFILE_NUM_ATTRS")); 
-        }  
+                    CMS.getUserMessage(locale, "CMS_PROFILE_NUM_ATTRS"));
+        }
 
         return null;
     }
 
     public IDescriptor getValueDescriptor(Locale locale, String name) {
-        if (name.equals(VAL_CRITICAL)) { 
-            return new Descriptor(IDescriptor.BOOLEAN, null, 
+        if (name.equals(VAL_CRITICAL)) {
+            return new Descriptor(IDescriptor.BOOLEAN, null,
                     "false",
                     CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL"));
         } else if (name.equals(VAL_ATTR)) {
-            return new Descriptor(IDescriptor.STRING_LIST, null, 
+            return new Descriptor(IDescriptor.STRING_LIST, null,
                     null,
                     CMS.getUserMessage(locale, "CMS_PROFILE_SUBJDIR_ATTRS"));
         } else {
@@ -181,55 +179,53 @@ public class SubjectDirAttributesExtDefault extends EnrollExtDefault {
     }
 
     public void setValue(String name, Locale locale,
-        X509CertInfo info, String value)
-        throws EPropertyException {
+            X509CertInfo info, String value)
+            throws EPropertyException {
         try {
             SubjectDirAttributesExtension ext = null;
 
-            if (name == null) { 
-                throw new EPropertyException(CMS.getUserMessage( 
+            if (name == null) {
+                throw new EPropertyException(CMS.getUserMessage(
                             locale, "CMS_INVALID_PROPERTY", name));
             }
 
             ext = (SubjectDirAttributesExtension)
-              getExtension(PKIXExtensions.SubjectDirectoryAttributes_Id.toString(),
-              info);
+                    getExtension(PKIXExtensions.SubjectDirectoryAttributes_Id.toString(),
+                            info);
 
             if (name.equals(VAL_CRITICAL)) {
                 ext = (SubjectDirAttributesExtension)
-                  getExtension(PKIXExtensions.SubjectDirectoryAttributes_Id.toString(),
-                  info);
+                        getExtension(PKIXExtensions.SubjectDirectoryAttributes_Id.toString(),
+                                info);
                 boolean val = Boolean.valueOf(value).booleanValue();
 
-                if(ext == null)
-                {
+                if (ext == null) {
                     return;
                 }
-                ext.setCritical(val); 
-            } else if (name.equals(VAL_ATTR)) { 
+                ext.setCritical(val);
+            } else if (name.equals(VAL_ATTR)) {
                 ext = (SubjectDirAttributesExtension)
-                  getExtension(PKIXExtensions.SubjectDirectoryAttributes_Id.toString(),
-                  info);
+                        getExtension(PKIXExtensions.SubjectDirectoryAttributes_Id.toString(),
+                                info);
 
-                if(ext == null)
-                {
+                if (ext == null) {
                     return;
                 }
                 Vector<NameValuePairs> v = parseRecords(value);
                 int size = v.size();
-              
+
                 boolean critical = ext.isCritical();
 
                 X500NameAttrMap map = X500NameAttrMap.getDefault();
                 Vector<Attribute> attrV = new Vector<Attribute>();
-                for (int i=0; i < size; i++) {
+                for (int i = 0; i < size; i++) {
                     NameValuePairs nvps = v.elementAt(i);
                     Enumeration<String> names = nvps.getNames();
                     String attrName = null;
                     String attrValue = null;
                     String enable = "false";
                     while (names.hasMoreElements()) {
-                        String name1 =  names.nextElement();
+                        String name1 = names.nextElement();
 
                         if (name1.equals(ATTR_NAME)) {
                             attrName = nvps.getValue(name1);
@@ -241,8 +237,8 @@ public class SubjectDirAttributesExtDefault extends EnrollExtDefault {
                     }
 
                     if (enable.equals("true")) {
-                        AttributeConfig attributeConfig =  
-                          new AttributeConfig(attrName, attrValue); 
+                        AttributeConfig attributeConfig =
+                                new AttributeConfig(attrName, attrValue);
                         Attribute attr = attributeConfig.mAttribute;
                         if (attr != null)
                             attrV.addElement(attr);
@@ -256,43 +252,43 @@ public class SubjectDirAttributesExtDefault extends EnrollExtDefault {
                 } else
                     return;
             } else {
-                throw new EPropertyException(CMS.getUserMessage( 
+                throw new EPropertyException(CMS.getUserMessage(
                             locale, "CMS_INVALID_PROPERTY", name));
             }
 
             replaceExtension(PKIXExtensions.SubjectDirectoryAttributes_Id.toString(),
-                ext, info);
+                    ext, info);
         } catch (EProfileException e) {
-            CMS.debug("SubjectDirAttributesExtDefault: setValue " + 
-                e.toString());
-            throw new EPropertyException(CMS.getUserMessage( 
+            CMS.debug("SubjectDirAttributesExtDefault: setValue " +
+                    e.toString());
+            throw new EPropertyException(CMS.getUserMessage(
                         locale, "CMS_INVALID_PROPERTY", name));
         } catch (IOException e) {
-            CMS.debug("SubjectDirAttributesExtDefault: setValue " + 
-                e.toString());
-            throw new EPropertyException(CMS.getUserMessage( 
+            CMS.debug("SubjectDirAttributesExtDefault: setValue " +
+                    e.toString());
+            throw new EPropertyException(CMS.getUserMessage(
                         locale, "CMS_INVALID_PROPERTY", name));
         }
     }
 
     public String getValue(String name, Locale locale,
-        X509CertInfo info)
-        throws EPropertyException {
+            X509CertInfo info)
+            throws EPropertyException {
         SubjectDirAttributesExtension ext = null;
 
         if (name == null) {
-            throw new EPropertyException(CMS.getUserMessage( 
+            throw new EPropertyException(CMS.getUserMessage(
                         locale, "CMS_INVALID_PROPERTY", name));
         }
 
         ext = (SubjectDirAttributesExtension)
-          getExtension(PKIXExtensions.SubjectDirectoryAttributes_Id.toString(),
-          info);
+                getExtension(PKIXExtensions.SubjectDirectoryAttributes_Id.toString(),
+                        info);
 
         if (name.equals(VAL_CRITICAL)) {
             ext = (SubjectDirAttributesExtension)
-              getExtension(PKIXExtensions.SubjectDirectoryAttributes_Id.toString(), 
-              info);
+                    getExtension(PKIXExtensions.SubjectDirectoryAttributes_Id.toString(),
+                            info);
 
             if (ext == null) {
                 return null;
@@ -302,10 +298,10 @@ public class SubjectDirAttributesExtDefault extends EnrollExtDefault {
             } else {
                 return "false";
             }
-        } else if (name.equals(VAL_ATTR)) { 
+        } else if (name.equals(VAL_ATTR)) {
             ext = (SubjectDirAttributesExtension)
-              getExtension(PKIXExtensions.SubjectDirectoryAttributes_Id.toString(), 
-              info);
+                    getExtension(PKIXExtensions.SubjectDirectoryAttributes_Id.toString(),
+                            info);
 
             if (ext == null)
                 return "";
@@ -315,42 +311,42 @@ public class SubjectDirAttributesExtDefault extends EnrollExtDefault {
             Vector<NameValuePairs> recs = new Vector<NameValuePairs>();
             int num = getNumAttrs();
             Enumeration<Attribute> e = ext.getAttributesList();
-            CMS.debug("SubjectDirAttributesExtDefault: getValue: attributesList="+e);
-            int i=0;
+            CMS.debug("SubjectDirAttributesExtDefault: getValue: attributesList=" + e);
+            int i = 0;
 
             while (e.hasMoreElements()) {
                 NameValuePairs pairs = new NameValuePairs();
                 pairs.add(ENABLE, "true");
                 Attribute attr = e.nextElement();
-                CMS.debug("SubjectDirAttributesExtDefault: getValue: attribute="+attr);
+                CMS.debug("SubjectDirAttributesExtDefault: getValue: attribute=" + attr);
                 ObjectIdentifier oid = attr.getOid();
-                CMS.debug("SubjectDirAttributesExtDefault: getValue: oid="+oid);
-   
+                CMS.debug("SubjectDirAttributesExtDefault: getValue: oid=" + oid);
+
                 String vv = map.getName(oid);
 
-                if (vv != null) 
+                if (vv != null)
                     pairs.add(ATTR_NAME, vv);
                 else
                     pairs.add(ATTR_NAME, oid.toString());
                 Enumeration<String> v = attr.getValues();
-                
+
                 // just support single value for now
                 StringBuffer ss = new StringBuffer();
                 while (v.hasMoreElements()) {
                     if (ss.length() == 0)
-                        ss.append((String)(v.nextElement()));
+                        ss.append((String) (v.nextElement()));
                     else {
                         ss.append(",");
-                        ss.append((String)(v.nextElement()));
+                        ss.append((String) (v.nextElement()));
                     }
                 }
 
-                pairs .add(ATTR_VALUE, ss.toString());
+                pairs.add(ATTR_VALUE, ss.toString());
                 recs.addElement(pairs);
                 i++;
             }
-                
-            for (;i < num; i++) {
+
+            for (; i < num; i++) {
                 NameValuePairs pairs = new NameValuePairs();
                 pairs.add(ENABLE, "false");
                 pairs.add(ATTR_NAME, "GENERATIONQUALIFIER");
@@ -360,7 +356,7 @@ public class SubjectDirAttributesExtDefault extends EnrollExtDefault {
 
             return buildRecords(recs);
         } else {
-            throw new EPropertyException(CMS.getUserMessage( 
+            throw new EPropertyException(CMS.getUserMessage(
                         locale, "CMS_INVALID_PROPERTY", name));
         }
     }
@@ -383,8 +379,8 @@ public class SubjectDirAttributesExtDefault extends EnrollExtDefault {
             sb.append(getConfig(CONFIG_ENABLE + i));
             sb.append("}");
         }
-        return CMS.getUserMessage(locale, 
-                "CMS_PROFILE_DEF_SUBJECT_DIR_ATTR_EXT", 
+        return CMS.getUserMessage(locale,
+                "CMS_PROFILE_DEF_SUBJECT_DIR_ATTR_EXT",
                 getConfig(CONFIG_CRITICAL),
                 sb.toString());
     }
@@ -393,42 +389,42 @@ public class SubjectDirAttributesExtDefault extends EnrollExtDefault {
      * Populates the request with this policy default.
      */
     public void populate(IRequest request, X509CertInfo info)
-        throws EProfileException {
+            throws EProfileException {
         SubjectDirAttributesExtension ext = createExtension(request);
 
         if (ext == null)
             return;
 
-        addExtension(PKIXExtensions.SubjectDirectoryAttributes_Id.toString(), 
-            ext, info);
+        addExtension(PKIXExtensions.SubjectDirectoryAttributes_Id.toString(),
+                ext, info);
     }
 
     public SubjectDirAttributesExtension createExtension(IRequest request)
-      throws EProfileException {
-        SubjectDirAttributesExtension ext = null; 
+            throws EProfileException {
+        SubjectDirAttributesExtension ext = null;
         int num = 0;
 
         boolean critical = getConfigBoolean(CONFIG_CRITICAL);
 
         num = getNumAttrs();
-         
+
         AttributeConfig attributeConfig = null;
         Vector<Attribute> attrs = new Vector<Attribute>();
         for (int i = 0; i < num; i++) {
-            String enable = getConfig(CONFIG_ENABLE + i); 
+            String enable = getConfig(CONFIG_ENABLE + i);
             if (enable != null && enable.equals("true")) {
                 String attrName = getConfig(CONFIG_ATTR_NAME + i);
-                String pattern = getConfig(CONFIG_PATTERN + i); 
+                String pattern = getConfig(CONFIG_PATTERN + i);
                 if (pattern == null || pattern.equals(""))
                     pattern = " ";
 
-                //check pattern syntax
+                // check pattern syntax
                 int startpos = pattern.indexOf("$");
                 int lastpos = pattern.lastIndexOf("$");
                 String attrValue = pattern;
                 if (!pattern.equals("") && startpos != -1 &&
-                  startpos == 0 && lastpos != -1 &&
-                  lastpos == (pattern.length()-1)) {
+                        startpos == 0 && lastpos != -1 &&
+                        lastpos == (pattern.length() - 1)) {
                     if (request != null) {
                         try {
                             attrValue = mapPattern(request, pattern);
@@ -436,7 +432,7 @@ public class SubjectDirAttributesExtDefault extends EnrollExtDefault {
                             throw new EProfileException(e.toString());
                         }
                     }
-                } 
+                }
                 try {
                     attributeConfig = new AttributeConfig(attrName, attrValue);
                 } catch (EPropertyException e) {
@@ -454,7 +450,7 @@ public class SubjectDirAttributesExtDefault extends EnrollExtDefault {
             attrs.copyInto(attrList);
             try {
                 ext =
-                  new SubjectDirAttributesExtension(attrList, critical);
+                        new SubjectDirAttributesExtension(attrList, critical);
             } catch (IOException e) {
                 throw new EProfileException(e.toString());
             }
@@ -470,50 +466,49 @@ class AttributeConfig {
     protected Attribute mAttribute = null;
 
     public AttributeConfig(String attrName, String attrValue)
-      throws EPropertyException {
+            throws EPropertyException {
         X500NameAttrMap map = X500NameAttrMap.getDefault();
-     
+
         if (attrName == null || attrName.length() == 0) {
             throw new EPropertyException(
-              CMS.getUserMessage("CMS_PROFILE_SUBJDIR_EMPTY_ATTRNAME", attrName));
+                    CMS.getUserMessage("CMS_PROFILE_SUBJDIR_EMPTY_ATTRNAME", attrName));
         }
- 
+
         if (attrValue == null || attrValue.length() == 0) {
             throw new EPropertyException(
-              CMS.getUserMessage("CMS_PROFILE_SUBJDIR_EMPTY_ATTRVAL", attrValue));
+                    CMS.getUserMessage("CMS_PROFILE_SUBJDIR_EMPTY_ATTRVAL", attrValue));
         }
 
         try {
             mAttributeOID = new ObjectIdentifier(attrName);
         } catch (Exception e) {
-            CMS.debug("SubjectDirAttributesExtDefault: invalid OID syntax: "+ attrName);
+            CMS.debug("SubjectDirAttributesExtDefault: invalid OID syntax: " + attrName);
         }
 
         if (mAttributeOID == null) {
             mAttributeOID = map.getOid(attrName);
             if (mAttributeOID == null)
                 throw new EPropertyException(
-                  CMS.getUserMessage("CMS_BASE_INVALID_ATTRIBUTE", attrName));
+                        CMS.getUserMessage("CMS_BASE_INVALID_ATTRIBUTE", attrName));
             try {
                 checkValue(mAttributeOID, attrValue);
             } catch (IOException e) {
                 throw new EPropertyException(CMS.getUserMessage(
-                  "CMS_BASE_INVALID_ATTR_VALUE", e.getMessage()));
+                        "CMS_BASE_INVALID_ATTR_VALUE", e.getMessage()));
             }
         }
 
-
         try {
-            mAttribute = new Attribute(mAttributeOID, 
-              str2MultiValues(attrValue));
+            mAttribute = new Attribute(mAttributeOID,
+                    str2MultiValues(attrValue));
         } catch (IOException e) {
             throw new EPropertyException(CMS.getUserMessage(
-              "CMS_BASE_INVALID_ATTR_VALUE", e.getMessage()));
+                    "CMS_BASE_INVALID_ATTR_VALUE", e.getMessage()));
         }
     }
 
-    private static void checkValue(ObjectIdentifier oid, String val) 
-      throws IOException {
+    private static void checkValue(ObjectIdentifier oid, String val)
+            throws IOException {
         AVAValueConverter c = X500NameAttrMap.getDefault().getValueConverter(oid);
         DerValue derval;
 
@@ -527,7 +522,7 @@ class AttributeConfig {
         while (tokenizer.hasMoreTokens()) {
             v.addElement(tokenizer.nextToken());
         }
- 
+
         return v;
     }
 }
diff --git a/pki/base/common/src/com/netscape/cms/profile/def/SubjectInfoAccessExtDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/SubjectInfoAccessExtDefault.java
index 8a3f2afc..309e7228 100644
--- a/pki/base/common/src/com/netscape/cms/profile/def/SubjectInfoAccessExtDefault.java
+++ b/pki/base/common/src/com/netscape/cms/profile/def/SubjectInfoAccessExtDefault.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.profile.def;
 
-
 import java.io.IOException;
 import java.util.Enumeration;
 import java.util.Locale;
@@ -40,11 +39,10 @@ import com.netscape.certsrv.property.EPropertyException;
 import com.netscape.certsrv.property.IDescriptor;
 import com.netscape.certsrv.request.IRequest;
 
-
 /**
- * This class implements an enrollment default policy 
- * that populates Subject Info Access extension.
- *
+ * This class implements an enrollment default policy that populates Subject
+ * Info Access extension.
+ * 
  * @version $Revision$, $Date$
  */
 public class SubjectInfoAccessExtDefault extends EnrollExtDefault {
@@ -87,29 +85,29 @@ public class SubjectInfoAccessExtDefault extends EnrollExtDefault {
 
         return num;
     }
- 
+
     public void init(IProfile profile, IConfigStore config)
-        throws EProfileException {
+            throws EProfileException {
         super.init(profile, config);
         refreshConfigAndValueNames();
     }
 
     public void setConfig(String name, String value)
-        throws EPropertyException {
+            throws EPropertyException {
         int num = 0;
         if (name.equals(CONFIG_NUM_ADS)) {
-          try {
-            num = Integer.parseInt(value);
+            try {
+                num = Integer.parseInt(value);
 
-            if (num >= MAX_NUM_AD || num < 0) {
-                throw new EPropertyException(CMS.getUserMessage(
+                if (num >= MAX_NUM_AD || num < 0) {
+                    throw new EPropertyException(CMS.getUserMessage(
                             "CMS_INVALID_PROPERTY", CONFIG_NUM_ADS));
-            }
+                }
 
-          } catch (Exception e) {
+            } catch (Exception e) {
                 throw new EPropertyException(CMS.getUserMessage(
                             "CMS_INVALID_PROPERTY", CONFIG_NUM_ADS));
-          }
+            }
         }
         super.setConfig(name, value);
     }
@@ -137,28 +135,28 @@ public class SubjectInfoAccessExtDefault extends EnrollExtDefault {
         }
     }
 
-    public IDescriptor getConfigDescriptor(Locale locale, String name) { 
+    public IDescriptor getConfigDescriptor(Locale locale, String name) {
         if (name.equals(CONFIG_CRITICAL)) {
-            return new Descriptor(IDescriptor.BOOLEAN, null, 
+            return new Descriptor(IDescriptor.BOOLEAN, null,
                     "false",
                     CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL"));
         } else if (name.startsWith(CONFIG_AD_METHOD)) {
-            return new Descriptor(IDescriptor.STRING, null, 
+            return new Descriptor(IDescriptor.STRING, null,
                     null,
                     CMS.getUserMessage(locale, "CMS_PROFILE_AD_METHOD"));
         } else if (name.startsWith(CONFIG_AD_LOCATIONTYPE)) {
-            return new Descriptor(IDescriptor.CHOICE, "RFC822Name,DNSName,DirectoryName,EDIPartyName,URIName,IPAddress,OIDName", 
+            return new Descriptor(IDescriptor.CHOICE, "RFC822Name,DNSName,DirectoryName,EDIPartyName,URIName,IPAddress,OIDName",
                     "URIName",
                     CMS.getUserMessage(locale, "CMS_PROFILE_AD_LOCATIONTYPE"));
         } else if (name.startsWith(CONFIG_AD_LOCATION)) {
-            return new Descriptor(IDescriptor.STRING, null, 
+            return new Descriptor(IDescriptor.STRING, null,
                     null,
                     CMS.getUserMessage(locale, "CMS_PROFILE_AD_LOCATION"));
         } else if (name.startsWith(CONFIG_AD_ENABLE)) {
-            return new Descriptor(IDescriptor.BOOLEAN, null, 
+            return new Descriptor(IDescriptor.BOOLEAN, null,
                     "false",
                     CMS.getUserMessage(locale, "CMS_PROFILE_AD_ENABLE"));
-        }  else if (name.startsWith(CONFIG_NUM_ADS)) {
+        } else if (name.startsWith(CONFIG_NUM_ADS)) {
             return new Descriptor(IDescriptor.INTEGER, null,
                     "1",
                     CMS.getUserMessage(locale, "CMS_PROFILE_NUM_ADS"));
@@ -168,11 +166,11 @@ public class SubjectInfoAccessExtDefault extends EnrollExtDefault {
 
     public IDescriptor getValueDescriptor(Locale locale, String name) {
         if (name.equals(VAL_CRITICAL)) {
-            return new Descriptor(IDescriptor.BOOLEAN, null, 
+            return new Descriptor(IDescriptor.BOOLEAN, null,
                     "false",
                     CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL"));
         } else if (name.equals(VAL_GENERAL_NAMES)) {
-            return new Descriptor(IDescriptor.STRING_LIST, null, 
+            return new Descriptor(IDescriptor.STRING_LIST, null,
                     null,
                     CMS.getUserMessage(locale, "CMS_PROFILE_GENERAL_NAMES"));
         } else {
@@ -181,45 +179,42 @@ public class SubjectInfoAccessExtDefault extends EnrollExtDefault {
     }
 
     public void setValue(String name, Locale locale,
-        X509CertInfo info, String value)
-        throws EPropertyException {
+            X509CertInfo info, String value)
+            throws EPropertyException {
         try {
             SubjectInfoAccessExtension ext = null;
 
-            if (name == null) { 
-                throw new EPropertyException(CMS.getUserMessage( 
+            if (name == null) {
+                throw new EPropertyException(CMS.getUserMessage(
                             locale, "CMS_INVALID_PROPERTY", name));
             }
 
-           
             SubjectInfoAccessExtension a = new SubjectInfoAccessExtension(false);
             ObjectIdentifier oid = a.getExtensionId();
 
             ext = (SubjectInfoAccessExtension)
-                        getExtension(oid.toString(), info); 
+                        getExtension(oid.toString(), info);
 
-            if(ext == null)  {
-                populate(null,info);
+            if (ext == null) {
+                populate(null, info);
             }
- 
+
             if (name.equals(VAL_CRITICAL)) {
 
                 ext = (SubjectInfoAccessExtension)
                         getExtension(oid.toString(), info);
                 boolean val = Boolean.valueOf(value).booleanValue();
 
-                if(ext == null)
-                {
+                if (ext == null) {
                     return;
                 }
-                ext.setCritical(val); 
-            } else if (name.equals(VAL_GENERAL_NAMES)) { 
+                ext.setCritical(val);
+            } else if (name.equals(VAL_GENERAL_NAMES)) {
 
                 ext = (SubjectInfoAccessExtension)
                         getExtension(oid.toString(), info);
 
-                if(ext == null)
-                {
+                if (ext == null) {
                     return;
                 }
                 boolean critical = ext.isCritical();
@@ -258,17 +253,17 @@ public class SubjectInfoAccessExtDefault extends EnrollExtDefault {
                             GeneralNameInterface interface1 = parseGeneralName(locationType + ":" + location);
                             if (interface1 == null)
                                 throw new EPropertyException(CMS.getUserMessage(
-                                  locale, "CMS_INVALID_PROPERTY", locationType));
+                                        locale, "CMS_INVALID_PROPERTY", locationType));
                             gn = new GeneralName(interface1);
                         }
-     
+
                         if (method != null) {
                             try {
-                                ext.addAccessDescription(new ObjectIdentifier(method), gn); 
+                                ext.addAccessDescription(new ObjectIdentifier(method), gn);
                             } catch (NumberFormatException ee) {
-                                CMS.debug("SubjectInfoAccessExtDefault: "+ee.toString());
+                                CMS.debug("SubjectInfoAccessExtDefault: " + ee.toString());
                                 throw new EPropertyException(CMS.getUserMessage(
-                                  locale, "CMS_PROFILE_DEF_SIA_OID", method));
+                                        locale, "CMS_PROFILE_DEF_SIA_OID", method));
                             }
                         }
                     }
@@ -291,30 +286,29 @@ public class SubjectInfoAccessExtDefault extends EnrollExtDefault {
     }
 
     public String getValue(String name, Locale locale,
-        X509CertInfo info)
-        throws EPropertyException {
+            X509CertInfo info)
+            throws EPropertyException {
         SubjectInfoAccessExtension ext = null;
 
-        if (name == null) { 
+        if (name == null) {
             throw new EPropertyException(CMS.getUserMessage(
                         locale, "CMS_INVALID_PROPERTY", name));
         }
 
         SubjectInfoAccessExtension a = new SubjectInfoAccessExtension(false);
-            ObjectIdentifier oid = a.getExtensionId();
+        ObjectIdentifier oid = a.getExtensionId();
 
         ext = (SubjectInfoAccessExtension)
                     getExtension(oid.toString(), info);
 
-        if(ext == null)
-        {
+        if (ext == null) {
             try {
-                populate(null,info);
+                populate(null, info);
 
             } catch (EProfileException e) {
                 CMS.debug("SubjectInfoAccessExtDefault: getValue " + e.toString());
-                 throw new EPropertyException(CMS.getUserMessage(
-                      locale, "CMS_INVALID_PROPERTY", name));
+                throw new EPropertyException(CMS.getUserMessage(
+                        locale, "CMS_INVALID_PROPERTY", name));
             }
 
         }
@@ -331,7 +325,7 @@ public class SubjectInfoAccessExtDefault extends EnrollExtDefault {
             } else {
                 return "false";
             }
-        } else if (name.equals(VAL_GENERAL_NAMES)) { 
+        } else if (name.equals(VAL_GENERAL_NAMES)) {
 
             ext = (SubjectInfoAccessExtension)
                     getExtension(oid.toString(), info);
@@ -340,11 +334,11 @@ public class SubjectInfoAccessExtDefault extends EnrollExtDefault {
                 return "";
 
             int num = getNumAds();
-	
+
             CMS.debug("SubjectInfoAccess num=" + num);
             Vector recs = new Vector();
 
-            for (int i = 0; i < num; i++) { 
+            for (int i = 0; i < num; i++) {
                 NameValuePairs np = new NameValuePairs();
                 AccessDescription des = null;
 
@@ -358,7 +352,7 @@ public class SubjectInfoAccessExtDefault extends EnrollExtDefault {
                     np.add(AD_ENABLE, "false");
                 } else {
                     ObjectIdentifier methodOid = des.getMethod();
-                    GeneralName gn = des.getLocation(); 
+                    GeneralName gn = des.getLocation();
 
                     np.add(AD_METHOD, methodOid.toString());
                     np.add(AD_LOCATION_TYPE, getGeneralNameType(gn));
@@ -397,7 +391,7 @@ public class SubjectInfoAccessExtDefault extends EnrollExtDefault {
             ads.append(getConfig(CONFIG_AD_ENABLE + i));
             ads.append("}");
         }
-        return CMS.getUserMessage(locale, "CMS_PROFILE_DEF_SIA_TEXT", 
+        return CMS.getUserMessage(locale, "CMS_PROFILE_DEF_SIA_TEXT",
                 getConfig(CONFIG_CRITICAL), ads.toString());
     }
 
@@ -405,14 +399,14 @@ public class SubjectInfoAccessExtDefault extends EnrollExtDefault {
      * Populates the request with this policy default.
      */
     public void populate(IRequest request, X509CertInfo info)
-        throws EProfileException {
+            throws EProfileException {
         SubjectInfoAccessExtension ext = createExtension();
 
         addExtension(ext.getExtensionId().toString(), ext, info);
     }
 
     public SubjectInfoAccessExtension createExtension() {
-        SubjectInfoAccessExtension ext = null; 
+        SubjectInfoAccessExtension ext = null;
         int num = getNumAds();
 
         try {
@@ -434,21 +428,21 @@ public class SubjectInfoAccessExtDefault extends EnrollExtDefault {
                             String hostname = CMS.getEENonSSLHost();
                             String port = CMS.getEENonSSLPort();
                             if (hostname != null && port != null)
-                                location = "http://"+hostname+":"+port+"/ocsp";
+                                location = "http://" + hostname + ":" + port + "/ocsp";
                         }
                     }
 
                     String s = locationType + ":" + location;
                     GeneralNameInterface gn = parseGeneralName(s);
                     if (gn != null) {
-                      ext.addAccessDescription(new ObjectIdentifier(method), 
-                        new GeneralName(gn)); 
+                        ext.addAccessDescription(new ObjectIdentifier(method),
+                                new GeneralName(gn));
                     }
                 }
             }
         } catch (Exception e) {
-            CMS.debug("SubjectInfoAccessExtDefault: createExtension " + 
-                e.toString());
+            CMS.debug("SubjectInfoAccessExtDefault: createExtension " +
+                    e.toString());
         }
 
         return ext;
diff --git a/pki/base/common/src/com/netscape/cms/profile/def/SubjectKeyIdentifierExtDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/SubjectKeyIdentifierExtDefault.java
index d8b09f5d..4df905a0 100644
--- a/pki/base/common/src/com/netscape/cms/profile/def/SubjectKeyIdentifierExtDefault.java
+++ b/pki/base/common/src/com/netscape/cms/profile/def/SubjectKeyIdentifierExtDefault.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.profile.def;
 
-
 import java.io.IOException;
 import java.security.MessageDigest;
 import java.security.NoSuchAlgorithmException;
@@ -39,12 +38,10 @@ import com.netscape.certsrv.property.EPropertyException;
 import com.netscape.certsrv.property.IDescriptor;
 import com.netscape.certsrv.request.IRequest;
 
-
 /**
- * This class implements an enrollment default policy
- * that populates a subject key identifier extension
- * into the certificate template.
- *
+ * This class implements an enrollment default policy that populates a subject
+ * key identifier extension into the certificate template.
+ * 
  * @version $Revision$, $Date$
  */
 public class SubjectKeyIdentifierExtDefault extends EnrollExtDefault {
@@ -61,19 +58,19 @@ public class SubjectKeyIdentifierExtDefault extends EnrollExtDefault {
     }
 
     public void init(IProfile profile, IConfigStore config)
-        throws EProfileException {
+            throws EProfileException {
         super.init(profile, config);
     }
 
     public IDescriptor getValueDescriptor(Locale locale, String name) {
         if (name.equals(VAL_CRITICAL)) {
-            return new Descriptor(IDescriptor.STRING, 
-                    IDescriptor.READONLY, 
+            return new Descriptor(IDescriptor.STRING,
+                    IDescriptor.READONLY,
                     null,
                     CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL"));
         } else if (name.equals(VAL_KEY_ID)) {
-            return new Descriptor(IDescriptor.STRING, 
-                    IDescriptor.READONLY, 
+            return new Descriptor(IDescriptor.STRING,
+                    IDescriptor.READONLY,
                     null,
                     CMS.getUserMessage(locale, "CMS_PROFILE_KEY_ID"));
         } else {
@@ -82,8 +79,8 @@ public class SubjectKeyIdentifierExtDefault extends EnrollExtDefault {
     }
 
     public void setValue(String name, Locale locale,
-        X509CertInfo info, String value)
-        throws EPropertyException {
+            X509CertInfo info, String value)
+            throws EPropertyException {
         if (name == null) {
             throw new EPropertyException(CMS.getUserMessage(
                         locale, "CMS_INVALID_PROPERTY", name));
@@ -99,8 +96,8 @@ public class SubjectKeyIdentifierExtDefault extends EnrollExtDefault {
     }
 
     public String getValue(String name, Locale locale,
-        X509CertInfo info)
-        throws EPropertyException {
+            X509CertInfo info)
+            throws EPropertyException {
         if (name == null) {
             throw new EPropertyException(CMS.getUserMessage(
                         locale, "CMS_INVALID_PROPERTY", name));
@@ -108,24 +105,23 @@ public class SubjectKeyIdentifierExtDefault extends EnrollExtDefault {
 
         SubjectKeyIdentifierExtension ext =
                 (SubjectKeyIdentifierExtension) getExtension(
-                    PKIXExtensions.SubjectKey_Id.toString(), info);
+                        PKIXExtensions.SubjectKey_Id.toString(), info);
 
-        if(ext == null)
-        {
+        if (ext == null) {
             try {
-                populate(null,info);
+                populate(null, info);
 
             } catch (EProfileException e) {
-                 throw new EPropertyException(CMS.getUserMessage(
-                      locale, "CMS_INVALID_PROPERTY", name));
+                throw new EPropertyException(CMS.getUserMessage(
+                        locale, "CMS_INVALID_PROPERTY", name));
             }
 
         }
 
         if (name.equals(VAL_CRITICAL)) {
-            ext = 
-                (SubjectKeyIdentifierExtension) getExtension(
-                    PKIXExtensions.SubjectKey_Id.toString(), info);
+            ext =
+                    (SubjectKeyIdentifierExtension) getExtension(
+                            PKIXExtensions.SubjectKey_Id.toString(), info);
 
             if (ext == null) {
                 return null;
@@ -136,9 +132,9 @@ public class SubjectKeyIdentifierExtDefault extends EnrollExtDefault {
                 return "false";
             }
         } else if (name.equals(VAL_KEY_ID)) {
-            ext = 
-                (SubjectKeyIdentifierExtension) getExtension(
-                    PKIXExtensions.SubjectKey_Id.toString(), info);
+            ext =
+                    (SubjectKeyIdentifierExtension) getExtension(
+                            PKIXExtensions.SubjectKey_Id.toString(), info);
 
             if (ext == null) {
                 return null;
@@ -149,11 +145,11 @@ public class SubjectKeyIdentifierExtDefault extends EnrollExtDefault {
                 kid = (KeyIdentifier)
                         ext.get(SubjectKeyIdentifierExtension.KEY_ID);
             } catch (IOException e) {
-                CMS.debug( "SubjectKeyIdentifierExtDefault::getValue() - " +
-                           "kid is null!" );
-                throw new EPropertyException( CMS.getUserMessage( locale,
+                CMS.debug("SubjectKeyIdentifierExtDefault::getValue() - " +
+                           "kid is null!");
+                throw new EPropertyException(CMS.getUserMessage(locale,
                                                                   "CMS_INVALID_PROPERTY",
-                                                                  name ) );
+                                                                  name));
             }
             return toHexString(kid.getIdentifier());
         } else {
@@ -170,7 +166,7 @@ public class SubjectKeyIdentifierExtDefault extends EnrollExtDefault {
      * Populates the request with this policy default.
      */
     public void populate(IRequest request, X509CertInfo info)
-        throws EProfileException {
+            throws EProfileException {
         SubjectKeyIdentifierExtension ext = createExtension(info);
 
         addExtension(PKIXExtensions.SubjectKey_Id.toString(), ext, info);
@@ -184,36 +180,36 @@ public class SubjectKeyIdentifierExtDefault extends EnrollExtDefault {
             return null;
         }
         SubjectKeyIdentifierExtension ext = null;
-        
+
         boolean critical = Boolean.valueOf(getConfig(CONFIG_CRITICAL)).booleanValue();
 
         try {
             ext = new SubjectKeyIdentifierExtension(critical, kid.getIdentifier());
         } catch (IOException e) {
-            CMS.debug("SubjectKeyIdentifierExtDefault: createExtension " + 
-                e.toString());
+            CMS.debug("SubjectKeyIdentifierExtDefault: createExtension " +
+                    e.toString());
             //
         }
         return ext;
     }
 
-    public KeyIdentifier getKeyIdentifier(X509CertInfo info) { 
-        try { 
-            CertificateX509Key infokey = (CertificateX509Key) 
-                info.get(X509CertInfo.KEY);
+    public KeyIdentifier getKeyIdentifier(X509CertInfo info) {
+        try {
+            CertificateX509Key infokey = (CertificateX509Key)
+                    info.get(X509CertInfo.KEY);
             X509Key key = (X509Key) infokey.get(CertificateX509Key.KEY);
             MessageDigest md = MessageDigest.getInstance("SHA-1");
 
-            md.update(key.getKey()); 
+            md.update(key.getKey());
             byte[] hash = md.digest();
 
             return new KeyIdentifier(hash);
         } catch (NoSuchAlgorithmException e) {
-            CMS.debug("SubjectKeyIdentifierExtDefault: getKeyIdentifier " + 
-                e.toString());
+            CMS.debug("SubjectKeyIdentifierExtDefault: getKeyIdentifier " +
+                    e.toString());
         } catch (Exception e) {
-            CMS.debug("SubjectKeyIdentifierExtDefault: getKeyIdentifier " + 
-                e.toString());
+            CMS.debug("SubjectKeyIdentifierExtDefault: getKeyIdentifier " +
+                    e.toString());
         }
         return null;
     }
diff --git a/pki/base/common/src/com/netscape/cms/profile/def/SubjectNameDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/SubjectNameDefault.java
index 9f404e89..787c2358 100644
--- a/pki/base/common/src/com/netscape/cms/profile/def/SubjectNameDefault.java
+++ b/pki/base/common/src/com/netscape/cms/profile/def/SubjectNameDefault.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.profile.def;
 
-
 import java.io.IOException;
 import java.util.Locale;
 
@@ -34,12 +33,10 @@ import com.netscape.certsrv.property.EPropertyException;
 import com.netscape.certsrv.property.IDescriptor;
 import com.netscape.certsrv.request.IRequest;
 
-
 /**
- * This class implements an enrollment default policy
- * that populates server-side configurable subject name
- * into the certificate template.
- *
+ * This class implements an enrollment default policy that populates server-side
+ * configurable subject name into the certificate template.
+ * 
  * @version $Revision$, $Date$
  */
 public class SubjectNameDefault extends EnrollDefault {
@@ -55,15 +52,15 @@ public class SubjectNameDefault extends EnrollDefault {
     }
 
     public void init(IProfile profile, IConfigStore config)
-        throws EProfileException {
+            throws EProfileException {
         super.init(profile, config);
     }
 
-    public IDescriptor getConfigDescriptor(Locale locale, String name) { 
-        if (name.equals(CONFIG_NAME)) { 
-            return new Descriptor(IDescriptor.STRING, 
+    public IDescriptor getConfigDescriptor(Locale locale, String name) {
+        if (name.equals(CONFIG_NAME)) {
+            return new Descriptor(IDescriptor.STRING,
                     null, "CN=TEST", CMS.getUserMessage(locale,
-                        "CMS_PROFILE_SUBJECT_NAME"));
+                            "CMS_PROFILE_SUBJECT_NAME"));
         } else {
             return null;
         }
@@ -72,18 +69,18 @@ public class SubjectNameDefault extends EnrollDefault {
     public IDescriptor getValueDescriptor(Locale locale, String name) {
         if (name.equals(VAL_NAME)) {
             return new Descriptor(IDescriptor.STRING, null, null,
-                    CMS.getUserMessage(locale, 
-                        "CMS_PROFILE_SUBJECT_NAME"));
+                    CMS.getUserMessage(locale,
+                            "CMS_PROFILE_SUBJECT_NAME"));
         } else {
             return null;
         }
     }
 
     public void setValue(String name, Locale locale,
-        X509CertInfo info, String value)
-        throws EPropertyException {
+            X509CertInfo info, String value)
+            throws EPropertyException {
         if (name == null) {
-            throw new EPropertyException(CMS.getUserMessage( 
+            throw new EPropertyException(CMS.getUserMessage(
                         locale, "CMS_INVALID_PROPERTY", name));
         }
         if (name.equals(VAL_NAME)) {
@@ -100,25 +97,25 @@ public class SubjectNameDefault extends EnrollDefault {
             }
             CMS.debug("SubjectNameDefault: setValue name=" + x500name.toString());
             try {
-                info.set(X509CertInfo.SUBJECT, 
-                    new CertificateSubjectName(x500name));
+                info.set(X509CertInfo.SUBJECT,
+                        new CertificateSubjectName(x500name));
             } catch (Exception e) {
                 // failed to insert subject name
                 CMS.debug("SubjectNameDefault: setValue " + e.toString());
-                throw new EPropertyException(CMS.getUserMessage( 
+                throw new EPropertyException(CMS.getUserMessage(
                             locale, "CMS_INVALID_PROPERTY", name));
             }
         } else {
-            throw new EPropertyException(CMS.getUserMessage( 
+            throw new EPropertyException(CMS.getUserMessage(
                         locale, "CMS_INVALID_PROPERTY", name));
         }
     }
 
     public String getValue(String name, Locale locale,
-        X509CertInfo info)
-        throws EPropertyException {
+            X509CertInfo info)
+            throws EPropertyException {
         if (name == null) {
-            throw new EPropertyException(CMS.getUserMessage( 
+            throw new EPropertyException(CMS.getUserMessage(
                         locale, "CMS_INVALID_PROPERTY", name));
         }
         if (name.equals(VAL_NAME)) {
@@ -133,18 +130,18 @@ public class SubjectNameDefault extends EnrollDefault {
             } catch (Exception e) {
                 // nothing
                 CMS.debug("SubjectNameDefault: getValue " + e.toString());
-		
+
             }
-            throw new EPropertyException(CMS.getUserMessage( 
+            throw new EPropertyException(CMS.getUserMessage(
                         locale, "CMS_INVALID_PROPERTY", name));
         } else {
-            throw new EPropertyException(CMS.getUserMessage( 
+            throw new EPropertyException(CMS.getUserMessage(
                         locale, "CMS_INVALID_PROPERTY", name));
         }
     }
 
     public String getText(Locale locale) {
-        return CMS.getUserMessage(locale, "CMS_PROFILE_DEF_SUBJECT_NAME", 
+        return CMS.getUserMessage(locale, "CMS_PROFILE_DEF_SUBJECT_NAME",
                 getConfig(CONFIG_NAME));
     }
 
@@ -152,13 +149,13 @@ public class SubjectNameDefault extends EnrollDefault {
      * Populates the request with this policy default.
      */
     public void populate(IRequest request, X509CertInfo info)
-        throws EProfileException {
+            throws EProfileException {
         X500Name name = null;
 
         String subjectName = null;
 
         try {
-          subjectName = mapPattern(request, getConfig(CONFIG_NAME));
+            subjectName = mapPattern(request, getConfig(CONFIG_NAME));
         } catch (IOException e) {
             CMS.debug("SubjectNameDefault: mapPattern " + e.toString());
         }
@@ -176,8 +173,8 @@ public class SubjectNameDefault extends EnrollDefault {
             // failed to build x500 name
         }
         try {
-            info.set(X509CertInfo.SUBJECT, 
-                new CertificateSubjectName(name));
+            info.set(X509CertInfo.SUBJECT,
+                    new CertificateSubjectName(name));
         } catch (Exception e) {
             // failed to insert subject name
             CMS.debug("SubjectNameDefault: populate " + e.toString());
diff --git a/pki/base/common/src/com/netscape/cms/profile/def/UserExtensionDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/UserExtensionDefault.java
index c834eee1..19b2d345 100644
--- a/pki/base/common/src/com/netscape/cms/profile/def/UserExtensionDefault.java
+++ b/pki/base/common/src/com/netscape/cms/profile/def/UserExtensionDefault.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.profile.def;
 
-
 import java.util.Locale;
 
 import netscape.security.x509.CertificateExtensions;
@@ -34,12 +33,10 @@ import com.netscape.certsrv.property.EPropertyException;
 import com.netscape.certsrv.property.IDescriptor;
 import com.netscape.certsrv.request.IRequest;
 
-
 /**
- * This class implements an enrollment default policy
- * that populates a user-supplied extension
- * into the certificate template.
- *
+ * This class implements an enrollment default policy that populates a
+ * user-supplied extension into the certificate template.
+ * 
  * @version $Revision$, $Date$
  */
 public class UserExtensionDefault extends EnrollExtDefault {
@@ -57,11 +54,11 @@ public class UserExtensionDefault extends EnrollExtDefault {
     }
 
     public void init(IProfile profile, IConfigStore config)
-        throws EProfileException {
+            throws EProfileException {
         super.init(profile, config);
     }
 
-    public IDescriptor getConfigDescriptor(Locale locale, String name) { 
+    public IDescriptor getConfigDescriptor(Locale locale, String name) {
         if (name.equals(CONFIG_OID)) {
             return new Descriptor(IDescriptor.STRING, null,
                     "Comment Here...",
@@ -83,16 +80,16 @@ public class UserExtensionDefault extends EnrollExtDefault {
     }
 
     public void setValue(String name, Locale locale,
-        X509CertInfo info, String value)
-        throws EPropertyException {
+            X509CertInfo info, String value)
+            throws EPropertyException {
         // Nothing to do for read-only values
     }
 
     public String getValue(String name, Locale locale,
-        X509CertInfo info)
-        throws EPropertyException {
-        if (name == null) { 
-            throw new EPropertyException(CMS.getUserMessage( 
+            X509CertInfo info)
+            throws EPropertyException {
+        if (name == null) {
+            throw new EPropertyException(CMS.getUserMessage(
                         locale, "CMS_INVALID_PROPERTY", name));
         }
         if (name.equals(VAL_OID)) {
@@ -104,7 +101,7 @@ public class UserExtensionDefault extends EnrollExtDefault {
             }
             return ext.getExtensionId().toString();
         } else {
-            throw new EPropertyException(CMS.getUserMessage( 
+            throw new EPropertyException(CMS.getUserMessage(
                         locale, "CMS_INVALID_PROPERTY", name));
         }
     }
@@ -117,22 +114,22 @@ public class UserExtensionDefault extends EnrollExtDefault {
      * Populates the request with this policy default.
      */
     public void populate(IRequest request, X509CertInfo info)
-        throws EProfileException {
+            throws EProfileException {
         CertificateExtensions inExts = null;
         String oid = getConfig(CONFIG_OID);
 
         inExts = request.getExtDataInCertExts(IEnrollProfile.REQUEST_EXTENSIONS);
         if (inExts == null)
-          return; 
+            return;
         Extension ext = getExtension(getConfig(CONFIG_OID), inExts);
         if (ext == null) {
-          CMS.debug("UserExtensionDefault: no user ext supplied for "+ oid);
-          return;
+            CMS.debug("UserExtensionDefault: no user ext supplied for " + oid);
+            return;
         }
 
         // user supplied the ext that's allowed, replace the def set by system
         deleteExtension(oid, info);
-        CMS.debug("UserExtensionDefault: using user supplied ext for "+ oid);
+        CMS.debug("UserExtensionDefault: using user supplied ext for " + oid);
         addExtension(oid, ext, info);
     }
 }
diff --git a/pki/base/common/src/com/netscape/cms/profile/def/UserKeyDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/UserKeyDefault.java
index 1cff57df..97046e5f 100644
--- a/pki/base/common/src/com/netscape/cms/profile/def/UserKeyDefault.java
+++ b/pki/base/common/src/com/netscape/cms/profile/def/UserKeyDefault.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.profile.def;
 
-
 import java.io.ByteArrayInputStream;
 import java.math.BigInteger;
 import java.security.interfaces.DSAParams;
@@ -40,12 +39,10 @@ import com.netscape.certsrv.property.EPropertyException;
 import com.netscape.certsrv.property.IDescriptor;
 import com.netscape.certsrv.request.IRequest;
 
-
 /**
- * This class implements an enrollment default policy
- * that populates a user supplied key
- * into the certificate template.
- *
+ * This class implements an enrollment default policy that populates a user
+ * supplied key into the certificate template.
+ * 
  * @version $Revision$, $Date$
  */
 public class UserKeyDefault extends EnrollDefault {
@@ -62,24 +59,24 @@ public class UserKeyDefault extends EnrollDefault {
     }
 
     public void init(IProfile profile, IConfigStore config)
-        throws EProfileException {
+            throws EProfileException {
         super.init(profile, config);
     }
 
     public IDescriptor getValueDescriptor(Locale locale, String name) {
         if (name.equals(VAL_KEY)) {
-            return new Descriptor(IDescriptor.STRING, 
-                    IDescriptor.READONLY, 
+            return new Descriptor(IDescriptor.STRING,
+                    IDescriptor.READONLY,
                     null,
                     CMS.getUserMessage(locale, "CMS_PROFILE_KEY"));
         } else if (name.equals(VAL_LEN)) {
             return new Descriptor(IDescriptor.STRING,
-                    IDescriptor.READONLY, 
+                    IDescriptor.READONLY,
                     null,
                     CMS.getUserMessage(locale, "CMS_PROFILE_KEY_LEN"));
         } else if (name.equals(VAL_TYPE)) {
             return new Descriptor(IDescriptor.STRING,
-                    IDescriptor.READONLY, 
+                    IDescriptor.READONLY,
                     null,
                     CMS.getUserMessage(locale, "CMS_PROFILE_KEY_TYPE"));
         } else {
@@ -88,15 +85,15 @@ public class UserKeyDefault extends EnrollDefault {
     }
 
     public void setValue(String name, Locale locale,
-        X509CertInfo info, String value)
-        throws EPropertyException {
+            X509CertInfo info, String value)
+            throws EPropertyException {
         // this default rule is readonly
     }
 
     public String getValue(String name, Locale locale,
-        X509CertInfo info)
-        throws EPropertyException {
-        if (name == null) { 
+            X509CertInfo info)
+            throws EPropertyException {
+        if (name == null) {
             throw new EPropertyException(CMS.getUserMessage(
                         locale, "CMS_INVALID_PROPERTY", name));
         }
@@ -116,7 +113,7 @@ public class UserKeyDefault extends EnrollDefault {
                         ck.get(CertificateX509Key.KEY);
             } catch (Exception e) {
                 // nothing
-            } 
+            }
             if (k == null) {
                 throw new EPropertyException(CMS.getUserMessage(
                             locale, "CMS_PROFILE_KEY_NOT_FOUND"));
@@ -139,7 +136,7 @@ public class UserKeyDefault extends EnrollDefault {
             } catch (Exception e) {
                 // nothing
             }
-            if (k == null) { 
+            if (k == null) {
                 throw new EPropertyException(CMS.getUserMessage(
                             locale, "CMS_PROFILE_KEY_NOT_FOUND"));
             }
@@ -171,12 +168,12 @@ public class UserKeyDefault extends EnrollDefault {
             } catch (Exception e) {
                 // nothing
             }
-            if (k == null) { 
+            if (k == null) {
                 throw new EPropertyException(CMS.getUserMessage(
                             locale, "CMS_PROFILE_KEY_NOT_FOUND"));
             }
-            return k.getAlgorithm() + " - " + 
-                k.getAlgorithmId().getOID().toString();
+            return k.getAlgorithm() + " - " +
+                    k.getAlgorithmId().getOID().toString();
         } else {
             throw new EPropertyException(CMS.getUserMessage(
                         locale, "CMS_INVALID_PROPERTY", name));
@@ -217,7 +214,7 @@ public class UserKeyDefault extends EnrollDefault {
      * Populates the request with this policy default.
      */
     public void populate(IRequest request, X509CertInfo info)
-        throws EProfileException {
+            throws EProfileException {
         CertificateX509Key certKey = null;
         // authenticate the certificate key, and move
         // the key from request into x509 certinfo
diff --git a/pki/base/common/src/com/netscape/cms/profile/def/UserSigningAlgDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/UserSigningAlgDefault.java
index 07e6c77e..b129e741 100644
--- a/pki/base/common/src/com/netscape/cms/profile/def/UserSigningAlgDefault.java
+++ b/pki/base/common/src/com/netscape/cms/profile/def/UserSigningAlgDefault.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.profile.def;
 
-
 import java.io.ByteArrayInputStream;
 import java.util.Locale;
 
@@ -35,12 +34,10 @@ import com.netscape.certsrv.property.EPropertyException;
 import com.netscape.certsrv.property.IDescriptor;
 import com.netscape.certsrv.request.IRequest;
 
-
 /**
- * This class implements an enrollment default policy
- * that populates a user-supplied signing algorithm
- * into the certificate template.
- *
+ * This class implements an enrollment default policy that populates a
+ * user-supplied signing algorithm into the certificate template.
+ * 
  * @version $Revision$, $Date$
  */
 public class UserSigningAlgDefault extends EnrollDefault {
@@ -53,30 +50,30 @@ public class UserSigningAlgDefault extends EnrollDefault {
     }
 
     public void init(IProfile profile, IConfigStore config)
-        throws EProfileException {
+            throws EProfileException {
         super.init(profile, config);
     }
 
     public IDescriptor getValueDescriptor(Locale locale, String name) {
         if (name.equals(VAL_ALG_ID)) {
-            return new Descriptor(IDescriptor.STRING, 
+            return new Descriptor(IDescriptor.STRING,
                     IDescriptor.READONLY, null,
                     CMS.getUserMessage(locale,
-                        "CMS_PROFILE_SIGNING_ALGORITHM"));
+                            "CMS_PROFILE_SIGNING_ALGORITHM"));
         } else {
             return null;
         }
     }
 
     public void setValue(String name, Locale locale,
-        X509CertInfo info, String value)
-        throws EPropertyException {
+            X509CertInfo info, String value)
+            throws EPropertyException {
         // this default rule is readonly
     }
 
     public String getValue(String name, Locale locale,
-        X509CertInfo info)
-        throws EPropertyException {
+            X509CertInfo info)
+            throws EPropertyException {
         if (name == null) {
             throw new EPropertyException(CMS.getUserMessage(
                         locale, "CMS_INVALID_PROPERTY", name));
@@ -88,12 +85,12 @@ public class UserSigningAlgDefault extends EnrollDefault {
                 algID = (CertificateAlgorithmId)
                         info.get(X509CertInfo.ALGORITHM_ID);
                 AlgorithmId id = (AlgorithmId)
-                    algID.get(CertificateAlgorithmId.ALGORITHM);
+                        algID.get(CertificateAlgorithmId.ALGORITHM);
 
                 return id.toString();
             } catch (Exception e) {
                 CMS.debug("UserSigningAlgDefault: setValue " + e.toString());
-                return ""; //XXX
+                return ""; // XXX
             }
         } else {
             throw new EPropertyException(CMS.getUserMessage(
@@ -109,7 +106,7 @@ public class UserSigningAlgDefault extends EnrollDefault {
      * Populates the request with this policy default.
      */
     public void populate(IRequest request, X509CertInfo info)
-        throws EProfileException {
+            throws EProfileException {
         CertificateAlgorithmId certAlg = null;
         // authenticate the certificate key, and move
         // the key from request into x509 certinfo
diff --git a/pki/base/common/src/com/netscape/cms/profile/def/UserSubjectNameDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/UserSubjectNameDefault.java
index f589b654..5f3ec298 100644
--- a/pki/base/common/src/com/netscape/cms/profile/def/UserSubjectNameDefault.java
+++ b/pki/base/common/src/com/netscape/cms/profile/def/UserSubjectNameDefault.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.profile.def;
 
-
 import java.io.IOException;
 import java.util.Locale;
 
@@ -35,12 +34,10 @@ import com.netscape.certsrv.property.EPropertyException;
 import com.netscape.certsrv.property.IDescriptor;
 import com.netscape.certsrv.request.IRequest;
 
-
 /**
- * This class implements an enrollment default policy
- * that populates a user-supplied subject name
- * into the certificate template.
- *
+ * This class implements an enrollment default policy that populates a
+ * user-supplied subject name into the certificate template.
+ * 
  * @version $Revision$, $Date$
  */
 public class UserSubjectNameDefault extends EnrollDefault {
@@ -53,7 +50,7 @@ public class UserSubjectNameDefault extends EnrollDefault {
     }
 
     public void init(IProfile profile, IConfigStore config)
-        throws EProfileException {
+            throws EProfileException {
         super.init(profile, config);
     }
 
@@ -67,8 +64,8 @@ public class UserSubjectNameDefault extends EnrollDefault {
     }
 
     public void setValue(String name, Locale locale,
-        X509CertInfo info, String value)
-        throws EPropertyException {
+            X509CertInfo info, String value)
+            throws EPropertyException {
         if (name == null) {
             throw new EPropertyException(CMS.getUserMessage(
                         locale, "CMS_INVALID_PROPERTY", name));
@@ -84,12 +81,12 @@ public class UserSubjectNameDefault extends EnrollDefault {
             }
             CMS.debug("SubjectNameDefault: setValue name=" + x500name);
             try {
-                info.set(X509CertInfo.SUBJECT, 
-                    new CertificateSubjectName(x500name));
+                info.set(X509CertInfo.SUBJECT,
+                        new CertificateSubjectName(x500name));
             } catch (Exception e) {
                 // failed to insert subject name
                 CMS.debug("UserSubjectNameDefault: setValue " + e.toString());
-                throw new EPropertyException(CMS.getUserMessage( 
+                throw new EPropertyException(CMS.getUserMessage(
                             locale, "CMS_INVALID_PROPERTY", name));
             }
         } else {
@@ -99,10 +96,10 @@ public class UserSubjectNameDefault extends EnrollDefault {
     }
 
     public String getValue(String name, Locale locale,
-        X509CertInfo info)
-        throws EPropertyException {
-        if (name == null) { 
-            throw new EPropertyException(CMS.getUserMessage( 
+            X509CertInfo info)
+            throws EPropertyException {
+        if (name == null) {
+            throw new EPropertyException(CMS.getUserMessage(
                         locale, "CMS_INVALID_PROPERTY", name));
         }
         if (name.equals(VAL_NAME)) {
@@ -115,10 +112,10 @@ public class UserSubjectNameDefault extends EnrollDefault {
             } catch (Exception e) {
                 // nothing
             }
-            throw new EPropertyException(CMS.getUserMessage( 
+            throw new EPropertyException(CMS.getUserMessage(
                         locale, "CMS_INVALID_PROPERTY", name));
         } else {
-            throw new EPropertyException(CMS.getUserMessage( 
+            throw new EPropertyException(CMS.getUserMessage(
                         locale, "CMS_INVALID_PROPERTY", name));
         }
     }
@@ -131,7 +128,7 @@ public class UserSubjectNameDefault extends EnrollDefault {
      * Populates the request with this policy default.
      */
     public void populate(IRequest request, X509CertInfo info)
-        throws EProfileException {
+            throws EProfileException {
         // authenticate the subject name and populate it
         // to the certinfo
         try {
diff --git a/pki/base/common/src/com/netscape/cms/profile/def/UserValidityDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/UserValidityDefault.java
index 2d79b192..2d3e9245 100644
--- a/pki/base/common/src/com/netscape/cms/profile/def/UserValidityDefault.java
+++ b/pki/base/common/src/com/netscape/cms/profile/def/UserValidityDefault.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.profile.def;
 
-
 import java.io.ByteArrayInputStream;
 import java.util.Date;
 import java.util.Locale;
@@ -35,12 +34,10 @@ import com.netscape.certsrv.property.EPropertyException;
 import com.netscape.certsrv.property.IDescriptor;
 import com.netscape.certsrv.request.IRequest;
 
-
 /**
- * This class implements an enrollment default policy
- * that populates a user-supplied validity
- * into the certificate template.
- *
+ * This class implements an enrollment default policy that populates a
+ * user-supplied validity into the certificate template.
+ * 
  * @version $Revision$, $Date$
  */
 public class UserValidityDefault extends EnrollDefault {
@@ -55,13 +52,13 @@ public class UserValidityDefault extends EnrollDefault {
     }
 
     public void init(IProfile profile, IConfigStore config)
-        throws EProfileException {
+            throws EProfileException {
         super.init(profile, config);
     }
 
     public IDescriptor getValueDescriptor(Locale locale, String name) {
         if (name.equals(VAL_NOT_BEFORE)) {
-            return new Descriptor(IDescriptor.STRING, 
+            return new Descriptor(IDescriptor.STRING,
                     IDescriptor.READONLY,
                     null,
                     CMS.getUserMessage(locale, "CMS_PROFILE_NOT_BEFORE"));
@@ -76,16 +73,16 @@ public class UserValidityDefault extends EnrollDefault {
     }
 
     public void setValue(String name, Locale locale,
-        X509CertInfo info, String value)
-        throws EPropertyException {
+            X509CertInfo info, String value)
+            throws EPropertyException {
         // this default rule is readonly
     }
 
     public String getValue(String name, Locale locale,
-        X509CertInfo info)
-        throws EPropertyException {
-        if (name == null) { 
-            throw new EPropertyException(CMS.getUserMessage( 
+            X509CertInfo info)
+            throws EPropertyException {
+        if (name == null) {
+            throw new EPropertyException(CMS.getUserMessage(
                         locale, "CMS_INVALID_PROPERTY", name));
         }
         if (name.equals(VAL_NOT_BEFORE)) {
@@ -93,32 +90,32 @@ public class UserValidityDefault extends EnrollDefault {
 
             try {
                 validity = (CertificateValidity)
-                   info.get(X509CertInfo.VALIDITY);
+                        info.get(X509CertInfo.VALIDITY);
                 Date notBefore = (Date)
-                    validity.get(CertificateValidity.NOT_BEFORE);
+                        validity.get(CertificateValidity.NOT_BEFORE);
 
                 return notBefore.toString();
             } catch (Exception e) {
                 CMS.debug("UserValidityDefault: getValue " + e.toString());
-                throw new EPropertyException(CMS.getUserMessage( 
+                throw new EPropertyException(CMS.getUserMessage(
                             locale, "CMS_INVALID_PROPERTY", name));
             }
         } else if (name.equals(VAL_NOT_AFTER)) {
             try {
                 CertificateValidity validity = null;
                 validity = (CertificateValidity)
-                   info.get(X509CertInfo.VALIDITY);
+                        info.get(X509CertInfo.VALIDITY);
                 Date notAfter = (Date)
-                    validity.get(CertificateValidity.NOT_AFTER);
+                        validity.get(CertificateValidity.NOT_AFTER);
 
                 return notAfter.toString();
             } catch (Exception e) {
                 CMS.debug("UserValidityDefault: getValue " + e.toString());
-                throw new EPropertyException(CMS.getUserMessage( 
+                throw new EPropertyException(CMS.getUserMessage(
                             locale, "CMS_INVALID_PROPERTY", name));
             }
         } else {
-            throw new EPropertyException(CMS.getUserMessage( 
+            throw new EPropertyException(CMS.getUserMessage(
                         locale, "CMS_INVALID_PROPERTY", name));
         }
     }
@@ -131,7 +128,7 @@ public class UserValidityDefault extends EnrollDefault {
      * Populates the request with this policy default.
      */
     public void populate(IRequest request, X509CertInfo info)
-        throws EProfileException {
+            throws EProfileException {
         CertificateValidity certValidity = null;
         // authenticate the certificate key, and move
         // the key from request into x509 certinfo
diff --git a/pki/base/common/src/com/netscape/cms/profile/def/ValidityDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/ValidityDefault.java
index 6e9b08ab..ab118757 100644
--- a/pki/base/common/src/com/netscape/cms/profile/def/ValidityDefault.java
+++ b/pki/base/common/src/com/netscape/cms/profile/def/ValidityDefault.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.profile.def;
 
-
 import java.io.IOException;
 import java.text.ParsePosition;
 import java.text.SimpleDateFormat;
@@ -36,12 +35,10 @@ import com.netscape.certsrv.property.EPropertyException;
 import com.netscape.certsrv.property.IDescriptor;
 import com.netscape.certsrv.request.IRequest;
 
-
 /**
- * This class implements an enrollment default policy
- * that populates a server-side configurable validity
- * into the certificate template.
- *
+ * This class implements an enrollment default policy that populates a
+ * server-side configurable validity into the certificate template.
+ * 
  * @version $Revision$, $Date$
  */
 public class ValidityDefault extends EnrollDefault {
@@ -64,26 +61,26 @@ public class ValidityDefault extends EnrollDefault {
     }
 
     public void init(IProfile profile, IConfigStore config)
-        throws EProfileException {
+            throws EProfileException {
         super.init(profile, config);
     }
 
     public void setConfig(String name, String value)
-        throws EPropertyException {
+            throws EPropertyException {
         if (name.equals(CONFIG_RANGE)) {
-          try {
-            Integer.parseInt(value);
-          } catch (Exception e) {
+            try {
+                Integer.parseInt(value);
+            } catch (Exception e) {
                 throw new EPropertyException(CMS.getUserMessage(
                             "CMS_INVALID_PROPERTY", CONFIG_RANGE));
-          }
+            }
         } else if (name.equals(CONFIG_START_TIME)) {
-          try {
-            Integer.parseInt(value);
-          } catch (Exception e) {
+            try {
+                Integer.parseInt(value);
+            } catch (Exception e) {
                 throw new EPropertyException(CMS.getUserMessage(
                             "CMS_INVALID_PROPERTY", CONFIG_START_TIME));
-          }
+            }
         }
         super.setConfig(name, value);
     }
@@ -91,16 +88,16 @@ public class ValidityDefault extends EnrollDefault {
     public IDescriptor getConfigDescriptor(Locale locale, String name) {
         if (name.equals(CONFIG_RANGE)) {
             return new Descriptor(IDescriptor.STRING,
-                    null, 
+                    null,
                     "2922",
                     CMS.getUserMessage(locale,
-                        "CMS_PROFILE_VALIDITY_RANGE"));
+                            "CMS_PROFILE_VALIDITY_RANGE"));
         } else if (name.equals(CONFIG_START_TIME)) {
             return new Descriptor(IDescriptor.STRING,
-                    null, 
+                    null,
                     "60", /* 1 minute */
                     CMS.getUserMessage(locale,
-                        "CMS_PROFILE_VALIDITY_START_TIME"));
+                            "CMS_PROFILE_VALIDITY_START_TIME"));
         } else {
             return null;
         }
@@ -119,19 +116,19 @@ public class ValidityDefault extends EnrollDefault {
     }
 
     public void setValue(String name, Locale locale,
-        X509CertInfo info, String value)
-        throws EPropertyException {
-        if (name == null) { 
+            X509CertInfo info, String value)
+            throws EPropertyException {
+        if (name == null) {
             throw new EPropertyException(CMS.getUserMessage(
                         locale, "CMS_INVALID_PROPERTY", name));
         }
-        if (value == null || value.equals("")) { 
+        if (value == null || value.equals("")) {
             throw new EPropertyException(CMS.getUserMessage(
                         locale, "CMS_INVALID_PROPERTY", name));
         }
         if (name.equals(VAL_NOT_BEFORE)) {
-            SimpleDateFormat formatter = 
-                new SimpleDateFormat(DATE_FORMAT);
+            SimpleDateFormat formatter =
+                    new SimpleDateFormat(DATE_FORMAT);
             ParsePosition pos = new ParsePosition(0);
             Date date = formatter.parse(value, pos);
             CertificateValidity validity = null;
@@ -140,15 +137,15 @@ public class ValidityDefault extends EnrollDefault {
                 validity = (CertificateValidity)
                         info.get(X509CertInfo.VALIDITY);
                 validity.set(CertificateValidity.NOT_BEFORE,
-                    date);
+                        date);
             } catch (Exception e) {
                 CMS.debug("ValidityDefault: setValue " + e.toString());
                 throw new EPropertyException(CMS.getUserMessage(
                             locale, "CMS_INVALID_PROPERTY", name));
             }
         } else if (name.equals(VAL_NOT_AFTER)) {
-            SimpleDateFormat formatter = 
-                new SimpleDateFormat(DATE_FORMAT);
+            SimpleDateFormat formatter =
+                    new SimpleDateFormat(DATE_FORMAT);
             ParsePosition pos = new ParsePosition(0);
             Date date = formatter.parse(value, pos);
             CertificateValidity validity = null;
@@ -157,7 +154,7 @@ public class ValidityDefault extends EnrollDefault {
                 validity = (CertificateValidity)
                         info.get(X509CertInfo.VALIDITY);
                 validity.set(CertificateValidity.NOT_AFTER,
-                    date);
+                        date);
             } catch (Exception e) {
                 CMS.debug("ValidityDefault: setValue " + e.toString());
                 throw new EPropertyException(CMS.getUserMessage(
@@ -170,16 +167,16 @@ public class ValidityDefault extends EnrollDefault {
     }
 
     public String getValue(String name, Locale locale,
-        X509CertInfo info)
-        throws EPropertyException { 
+            X509CertInfo info)
+            throws EPropertyException {
 
         if (name == null)
             throw new EPropertyException(CMS.getUserMessage(
                         locale, "CMS_INVALID_PROPERTY", name));
 
         if (name.equals(VAL_NOT_BEFORE)) {
-            SimpleDateFormat formatter = 
-                new SimpleDateFormat(DATE_FORMAT);
+            SimpleDateFormat formatter =
+                    new SimpleDateFormat(DATE_FORMAT);
             CertificateValidity validity = null;
 
             try {
@@ -192,8 +189,8 @@ public class ValidityDefault extends EnrollDefault {
             }
             throw new EPropertyException("Invalid valie");
         } else if (name.equals(VAL_NOT_AFTER)) {
-            SimpleDateFormat formatter = 
-                new SimpleDateFormat(DATE_FORMAT);
+            SimpleDateFormat formatter =
+                    new SimpleDateFormat(DATE_FORMAT);
             CertificateValidity validity = null;
 
             try {
@@ -214,7 +211,7 @@ public class ValidityDefault extends EnrollDefault {
     }
 
     public String getText(Locale locale) {
-        return CMS.getUserMessage(locale, "CMS_PROFILE_DEF_VALIDITY", 
+        return CMS.getUserMessage(locale, "CMS_PROFILE_DEF_VALIDITY",
                 getConfig(CONFIG_RANGE));
     }
 
@@ -222,11 +219,11 @@ public class ValidityDefault extends EnrollDefault {
      * Populates the request with this policy default.
      */
     public void populate(IRequest request, X509CertInfo info)
-        throws EProfileException {
+            throws EProfileException {
         // always + 60 seconds
         String startTimeStr = getConfig(CONFIG_START_TIME);
         try {
-          startTimeStr = mapPattern(request, startTimeStr);
+            startTimeStr = mapPattern(request, startTimeStr);
         } catch (IOException e) {
             CMS.debug("ValidityDefault: populate " + e.toString());
         }
@@ -241,7 +238,7 @@ public class ValidityDefault extends EnrollDefault {
         try {
             String rangeStr = getConfig(CONFIG_RANGE);
             rangeStr = mapPattern(request, rangeStr);
-            notAfterVal = notBefore.getTime() + 
+            notAfterVal = notBefore.getTime() +
                     (mDefault * Integer.parseInt(rangeStr));
         } catch (Exception e) {
             // configured value is not correct
@@ -250,8 +247,8 @@ public class ValidityDefault extends EnrollDefault {
                         getLocale(request), "CMS_INVALID_PROPERTY", CONFIG_RANGE));
         }
         Date notAfter = new Date(notAfterVal);
-        CertificateValidity validity = 
-            new CertificateValidity(notBefore, notAfter);
+        CertificateValidity validity =
+                new CertificateValidity(notBefore, notAfter);
 
         try {
             info.set(X509CertInfo.VALIDITY, validity);
diff --git a/pki/base/common/src/com/netscape/cms/profile/def/nsHKeySubjectNameDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/nsHKeySubjectNameDefault.java
index c8beca2f..ffe7012a 100644
--- a/pki/base/common/src/com/netscape/cms/profile/def/nsHKeySubjectNameDefault.java
+++ b/pki/base/common/src/com/netscape/cms/profile/def/nsHKeySubjectNameDefault.java
@@ -34,22 +34,21 @@ import com.netscape.certsrv.property.IDescriptor;
 import com.netscape.certsrv.request.IRequest;
 
 /**
- * This class implements an enrollment default policy
- * that populates server-side configurable subject name
- * into the certificate template.
- *
+ * This class implements an enrollment default policy that populates server-side
+ * configurable subject name into the certificate template.
+ * 
  * @version $Revision$, $Date$
  */
 public class nsHKeySubjectNameDefault extends EnrollDefault {
 
-	public static final String PROP_PARAMS = "params";
+    public static final String PROP_PARAMS = "params";
     public static final String CONFIG_DNPATTERN = "dnpattern";
 
     public static final String VAL_NAME = "name";
 
     /* default dn pattern if left blank or not set in the config */
-    protected static String DEFAULT_DNPATTERN = 
-        "CN=SecureMember - $request.tokencuid$, OU=Subscriber, O=Red Hat, C=US";
+    protected static String DEFAULT_DNPATTERN =
+            "CN=SecureMember - $request.tokencuid$, OU=Subscriber, O=Red Hat, C=US";
 
     protected IConfigStore mParamsConfig;
 
@@ -61,43 +60,43 @@ public class nsHKeySubjectNameDefault extends EnrollDefault {
     }
 
     public void init(IProfile profile, IConfigStore config)
-        throws EProfileException {
+            throws EProfileException {
         super.init(profile, config);
     }
 
-    public IDescriptor getConfigDescriptor(Locale locale, String name) { 
-		CMS.debug("nsHKeySubjectNameDefault: in getConfigDescriptor, name="+ name);
-        if (name.equals(CONFIG_DNPATTERN)) { 
-            return new Descriptor(IDescriptor.STRING, 
+    public IDescriptor getConfigDescriptor(Locale locale, String name) {
+        CMS.debug("nsHKeySubjectNameDefault: in getConfigDescriptor, name=" + name);
+        if (name.equals(CONFIG_DNPATTERN)) {
+            return new Descriptor(IDescriptor.STRING,
                     null, null, CMS.getUserMessage(locale,
-                        "CMS_PROFILE_SUBJECT_NAME"));
+                            "CMS_PROFILE_SUBJECT_NAME"));
         } else {
             return null;
         }
     }
 
     public IDescriptor getValueDescriptor(Locale locale, String name) {
-		CMS.debug("nsHKeySubjectNameDefault: in getValueDescriptor name="+name);
+        CMS.debug("nsHKeySubjectNameDefault: in getValueDescriptor name=" + name);
 
         if (name.equals(VAL_NAME)) {
             return new Descriptor(IDescriptor.STRING,
-				null,
-				null,
-				CMS.getUserMessage(locale, 
-					"CMS_PROFILE_SUBJECT_NAME"));
+                    null,
+                    null,
+                    CMS.getUserMessage(locale,
+                            "CMS_PROFILE_SUBJECT_NAME"));
         } else {
             return null;
         }
     }
 
     public void setValue(String name, Locale locale,
-        X509CertInfo info, String value)
-        throws EPropertyException {
+            X509CertInfo info, String value)
+            throws EPropertyException {
 
-			CMS.debug("nsHKeySubjectNameDefault: in setValue, value="+value);
+        CMS.debug("nsHKeySubjectNameDefault: in setValue, value=" + value);
 
         if (name == null) {
-            throw new EPropertyException(CMS.getUserMessage( 
+            throw new EPropertyException(CMS.getUserMessage(
                         locale, "CMS_INVALID_PROPERTY", name));
         }
         if (name.equals(VAL_NAME)) {
@@ -111,26 +110,26 @@ public class nsHKeySubjectNameDefault extends EnrollDefault {
             }
             CMS.debug("nsHKeySubjectNameDefault: setValue name=" + x500name);
             try {
-                info.set(X509CertInfo.SUBJECT, 
-                    new CertificateSubjectName(x500name));
+                info.set(X509CertInfo.SUBJECT,
+                        new CertificateSubjectName(x500name));
             } catch (Exception e) {
                 // failed to insert subject name
                 CMS.debug("nsHKeySubjectNameDefault: setValue " + e.toString());
-                throw new EPropertyException(CMS.getUserMessage( 
+                throw new EPropertyException(CMS.getUserMessage(
                             locale, "CMS_INVALID_PROPERTY", name));
             }
         } else {
-            throw new EPropertyException(CMS.getUserMessage( 
+            throw new EPropertyException(CMS.getUserMessage(
                         locale, "CMS_INVALID_PROPERTY", name));
         }
     }
 
     public String getValue(String name, Locale locale,
-        X509CertInfo info)
-        throws EPropertyException {
-		CMS.debug("nsHKeySubjectNameDefault: in getValue, name="+name);
+            X509CertInfo info)
+            throws EPropertyException {
+        CMS.debug("nsHKeySubjectNameDefault: in getValue, name=" + name);
         if (name == null) {
-            throw new EPropertyException(CMS.getUserMessage( 
+            throw new EPropertyException(CMS.getUserMessage(
                         locale, "CMS_INVALID_PROPERTY", name));
         }
         if (name.equals(VAL_NAME)) {
@@ -145,19 +144,19 @@ public class nsHKeySubjectNameDefault extends EnrollDefault {
             } catch (Exception e) {
                 // nothing
                 CMS.debug("nsHKeySubjectNameDefault: getValue " + e.toString());
-		
+
             }
-            throw new EPropertyException(CMS.getUserMessage( 
+            throw new EPropertyException(CMS.getUserMessage(
                         locale, "CMS_INVALID_PROPERTY", name));
         } else {
-            throw new EPropertyException(CMS.getUserMessage( 
+            throw new EPropertyException(CMS.getUserMessage(
                         locale, "CMS_INVALID_PROPERTY", name));
         }
     }
 
     public String getText(Locale locale) {
-		CMS.debug("nsHKeySubjectNameDefault: in getText");
-        return CMS.getUserMessage(locale, "CMS_PROFILE_SUBJECT_NAME", 
+        CMS.debug("nsHKeySubjectNameDefault: in getText");
+        return CMS.getUserMessage(locale, "CMS_PROFILE_SUBJECT_NAME",
                 getConfig(CONFIG_DNPATTERN));
     }
 
@@ -165,15 +164,15 @@ public class nsHKeySubjectNameDefault extends EnrollDefault {
      * Populates the request with this policy default.
      */
     public void populate(IRequest request, X509CertInfo info)
-        throws EProfileException {
+            throws EProfileException {
         X500Name name = null;
-		CMS.debug("nsHKeySubjectNameDefault: in populate");
+        CMS.debug("nsHKeySubjectNameDefault: in populate");
 
         try {
-			String subjectName = getSubjectName(request);
-			CMS.debug("subjectName=" + subjectName);
-			if (subjectName == null || subjectName.equals(""))
-				return;
+            String subjectName = getSubjectName(request);
+            CMS.debug("subjectName=" + subjectName);
+            if (subjectName == null || subjectName.equals(""))
+                return;
 
             name = new X500Name(subjectName);
         } catch (IOException e) {
@@ -184,32 +183,32 @@ public class nsHKeySubjectNameDefault extends EnrollDefault {
             // failed to build x500 name
         }
         try {
-            info.set(X509CertInfo.SUBJECT, 
-                new CertificateSubjectName(name));
+            info.set(X509CertInfo.SUBJECT,
+                    new CertificateSubjectName(name));
         } catch (Exception e) {
             // failed to insert subject name
             CMS.debug("nsHKeySubjectNameDefault: populate " + e.toString());
         }
     }
 
-	private String getSubjectName(IRequest request)
-		throws EProfileException, IOException {
+    private String getSubjectName(IRequest request)
+            throws EProfileException, IOException {
+
+        CMS.debug("nsHKeySubjectNameDefault: in getSubjectName");
 
-		CMS.debug("nsHKeySubjectNameDefault: in getSubjectName");
+        String pattern = getConfig(CONFIG_DNPATTERN);
+        if (pattern == null || pattern.equals("")) {
+            pattern = " ";
+        }
 
-		String pattern = getConfig(CONFIG_DNPATTERN);
-		if (pattern == null || pattern.equals("")) {
-			pattern = " ";
-		}
-		
-		String sbjname = "";
+        String sbjname = "";
 
-		if (request != null)  {
-			CMS.debug("pattern = "+pattern);
-			sbjname = mapPattern(request, pattern);
-			CMS.debug("nsHKeySubjectNameDefault: getSubjectName(): subject name mapping done");
-		}
+        if (request != null) {
+            CMS.debug("pattern = " + pattern);
+            sbjname = mapPattern(request, pattern);
+            CMS.debug("nsHKeySubjectNameDefault: getSubjectName(): subject name mapping done");
+        }
 
-		return sbjname;
-	}
+        return sbjname;
+    }
 }
diff --git a/pki/base/common/src/com/netscape/cms/profile/def/nsNKeySubjectNameDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/nsNKeySubjectNameDefault.java
index 3a1d1c6e..13e766fa 100644
--- a/pki/base/common/src/com/netscape/cms/profile/def/nsNKeySubjectNameDefault.java
+++ b/pki/base/common/src/com/netscape/cms/profile/def/nsNKeySubjectNameDefault.java
@@ -42,16 +42,15 @@ import com.netscape.certsrv.property.IDescriptor;
 import com.netscape.certsrv.request.IRequest;
 
 /**
- * This class implements an enrollment default policy
- * that populates server-side configurable subject name
- * into the certificate template.
- *
+ * This class implements an enrollment default policy that populates server-side
+ * configurable subject name into the certificate template.
+ * 
  * @version $Revision$, $Date$
  */
 public class nsNKeySubjectNameDefault extends EnrollDefault {
 
-	public static final String PROP_LDAP = "ldap";
-	public static final String PROP_PARAMS = "params";
+    public static final String PROP_LDAP = "ldap";
+    public static final String PROP_PARAMS = "params";
     public static final String CONFIG_DNPATTERN = "dnpattern";
     public static final String CONFIG_LDAP_STRING_ATTRS = "ldapStringAttributes";
     public static final String CONFIG_LDAP_HOST = "ldap.ldapconn.host";
@@ -64,130 +63,132 @@ public class nsNKeySubjectNameDefault extends EnrollDefault {
 
     public static final String VAL_NAME = "name";
 
-    public static final String CONFIG_LDAP_VERS = 
-      "2,3";
+    public static final String CONFIG_LDAP_VERS =
+            "2,3";
 
     /* default dn pattern if left blank or not set in the config */
-    protected static String DEFAULT_DNPATTERN = 
-        "CN=$request.aoluid$, E=$request.mail$";
+    protected static String DEFAULT_DNPATTERN =
+            "CN=$request.aoluid$, E=$request.mail$";
 
     /* ldap configuration sub-store */
-	boolean mInitialized = false;
+    boolean mInitialized = false;
     protected IConfigStore mInstConfig;
     protected IConfigStore mLdapConfig;
     protected IConfigStore mParamsConfig;
 
-	    /* ldap base dn */
+    /* ldap base dn */
     protected String mBaseDN = null;
 
     /* factory of anonymous ldap connections */
     protected ILdapConnFactory mConnFactory = null;
 
-    /* the list of LDAP attributes with string values to retrieve to
-     * form the subject dn. */
+    /*
+     * the list of LDAP attributes with string values to retrieve to form the
+     * subject dn.
+     */
     protected String[] mLdapStringAttrs = null;
 
     public nsNKeySubjectNameDefault() {
         super();
         addConfigName(CONFIG_DNPATTERN);
-		addConfigName(CONFIG_LDAP_STRING_ATTRS);
+        addConfigName(CONFIG_LDAP_STRING_ATTRS);
         addConfigName(CONFIG_LDAP_HOST);
         addConfigName(CONFIG_LDAP_PORT);
         addConfigName(CONFIG_LDAP_SEC_CONN);
         addConfigName(CONFIG_LDAP_VER);
         addConfigName(CONFIG_LDAP_BASEDN);
-		addConfigName(CONFIG_LDAP_MIN_CONN);
-		addConfigName(CONFIG_LDAP_MAX_CONN);
+        addConfigName(CONFIG_LDAP_MIN_CONN);
+        addConfigName(CONFIG_LDAP_MAX_CONN);
 
         addValueName(CONFIG_DNPATTERN);
-		addValueName(CONFIG_LDAP_STRING_ATTRS);
+        addValueName(CONFIG_LDAP_STRING_ATTRS);
         addValueName(CONFIG_LDAP_HOST);
         addValueName(CONFIG_LDAP_PORT);
         addValueName(CONFIG_LDAP_SEC_CONN);
         addValueName(CONFIG_LDAP_VER);
         addValueName(CONFIG_LDAP_BASEDN);
-		addValueName(CONFIG_LDAP_MIN_CONN);
-		addValueName(CONFIG_LDAP_MAX_CONN);
+        addValueName(CONFIG_LDAP_MIN_CONN);
+        addValueName(CONFIG_LDAP_MAX_CONN);
     }
 
     public void init(IProfile profile, IConfigStore config)
-        throws EProfileException {
-		mInstConfig = config;
+            throws EProfileException {
+        mInstConfig = config;
         super.init(profile, config);
     }
 
-    public IDescriptor getConfigDescriptor(Locale locale, String name) { 
-		CMS.debug("nsNKeySubjectNameDefault: in getConfigDescriptor, name="+ name);
-        if (name.equals(CONFIG_DNPATTERN)) { 
-            return new Descriptor(IDescriptor.STRING, 
+    public IDescriptor getConfigDescriptor(Locale locale, String name) {
+        CMS.debug("nsNKeySubjectNameDefault: in getConfigDescriptor, name=" + name);
+        if (name.equals(CONFIG_DNPATTERN)) {
+            return new Descriptor(IDescriptor.STRING,
                     null, null, CMS.getUserMessage(locale,
-                        "CMS_PROFILE_SUBJECT_NAME"));
-		} else if (name.equals(CONFIG_LDAP_STRING_ATTRS)) {
-            return new Descriptor(IDescriptor.STRING, 
-								  null,
-								  null,
-								  CMS.getUserMessage(locale,"CMS_PROFILE_NSNKEY_LDAP_STRING_ATTRS"));
-		} else if (name.equals(CONFIG_LDAP_HOST)) {
-            return new Descriptor(IDescriptor.STRING, 
-								  null,
-								  null,
-								  CMS.getUserMessage(locale,"CMS_PROFILE_NSNKEY_HOST_NAME"));
-		} else if (name.equals(CONFIG_LDAP_PORT)) {
-            return new Descriptor(IDescriptor.STRING, 
-								  null,
-								  null,
-								  CMS.getUserMessage(locale,"CMS_PROFILE_NSNKEY_PORT_NUMBER"));
-		} else if (name.equals(CONFIG_LDAP_SEC_CONN)) {
+                            "CMS_PROFILE_SUBJECT_NAME"));
+        } else if (name.equals(CONFIG_LDAP_STRING_ATTRS)) {
+            return new Descriptor(IDescriptor.STRING,
+                                  null,
+                                  null,
+                                  CMS.getUserMessage(locale, "CMS_PROFILE_NSNKEY_LDAP_STRING_ATTRS"));
+        } else if (name.equals(CONFIG_LDAP_HOST)) {
+            return new Descriptor(IDescriptor.STRING,
+                                  null,
+                                  null,
+                                  CMS.getUserMessage(locale, "CMS_PROFILE_NSNKEY_HOST_NAME"));
+        } else if (name.equals(CONFIG_LDAP_PORT)) {
+            return new Descriptor(IDescriptor.STRING,
+                                  null,
+                                  null,
+                                  CMS.getUserMessage(locale, "CMS_PROFILE_NSNKEY_PORT_NUMBER"));
+        } else if (name.equals(CONFIG_LDAP_SEC_CONN)) {
             return new Descriptor(IDescriptor.BOOLEAN,
-								  null, 
-								  "false",
-								  CMS.getUserMessage(locale, "CMS_PROFILE_NSNKEY_SECURE_CONN"));
-		} else if (name.equals(CONFIG_LDAP_VER)) {
+                                  null,
+                                  "false",
+                                  CMS.getUserMessage(locale, "CMS_PROFILE_NSNKEY_SECURE_CONN"));
+        } else if (name.equals(CONFIG_LDAP_VER)) {
             return new Descriptor(IDescriptor.CHOICE, CONFIG_LDAP_VERS,
                     "3",
                     CMS.getUserMessage(locale, "CMS_PROFILE_NSNKEY_LDAP_VERSION"));
-		} else if (name.equals(CONFIG_LDAP_BASEDN)) {
-            return new Descriptor(IDescriptor.STRING, 
-								  null,
-								  null,
-								  CMS.getUserMessage(locale,"CMS_PROFILE_NSNKEY_BASEDN"));
-		} else if (name.equals(CONFIG_LDAP_MIN_CONN)) {
-            return new Descriptor(IDescriptor.STRING, 
-								  null,
-								  null,
-								  CMS.getUserMessage(locale,"CMS_PROFILE_NSNKEY_LDAP_MIN_CONN"));
-		} else if (name.equals(CONFIG_LDAP_MAX_CONN)) {
-            return new Descriptor(IDescriptor.STRING, 
-								  null,
-								  null,
-								  CMS.getUserMessage(locale,"CMS_PROFILE_NSNKEY_LDAP_MAX_CONN"));
+        } else if (name.equals(CONFIG_LDAP_BASEDN)) {
+            return new Descriptor(IDescriptor.STRING,
+                                  null,
+                                  null,
+                                  CMS.getUserMessage(locale, "CMS_PROFILE_NSNKEY_BASEDN"));
+        } else if (name.equals(CONFIG_LDAP_MIN_CONN)) {
+            return new Descriptor(IDescriptor.STRING,
+                                  null,
+                                  null,
+                                  CMS.getUserMessage(locale, "CMS_PROFILE_NSNKEY_LDAP_MIN_CONN"));
+        } else if (name.equals(CONFIG_LDAP_MAX_CONN)) {
+            return new Descriptor(IDescriptor.STRING,
+                                  null,
+                                  null,
+                                  CMS.getUserMessage(locale, "CMS_PROFILE_NSNKEY_LDAP_MAX_CONN"));
         } else {
             return null;
         }
     }
 
     public IDescriptor getValueDescriptor(Locale locale, String name) {
-		CMS.debug("nsNKeySubjectNameDefault: in getValueDescriptor name="+name);
+        CMS.debug("nsNKeySubjectNameDefault: in getValueDescriptor name=" + name);
 
         if (name.equals(VAL_NAME)) {
             return new Descriptor(IDescriptor.STRING,
-				null,
-				null,
-				CMS.getUserMessage(locale, 
-					"CMS_PROFILE_SUBJECT_NAME"));
+                    null,
+                    null,
+                    CMS.getUserMessage(locale,
+                            "CMS_PROFILE_SUBJECT_NAME"));
         } else {
             return null;
         }
     }
 
     public void setValue(String name, Locale locale,
-        X509CertInfo info, String value)
-        throws EPropertyException {
+            X509CertInfo info, String value)
+            throws EPropertyException {
 
-			CMS.debug("nsNKeySubjectNameDefault: in setValue, value="+value);
+        CMS.debug("nsNKeySubjectNameDefault: in setValue, value=" + value);
 
         if (name == null) {
-            throw new EPropertyException(CMS.getUserMessage( 
+            throw new EPropertyException(CMS.getUserMessage(
                         locale, "CMS_INVALID_PROPERTY", name));
         }
         if (name.equals(VAL_NAME)) {
@@ -201,26 +202,26 @@ public class nsNKeySubjectNameDefault extends EnrollDefault {
             }
             CMS.debug("nsNKeySubjectNameDefault: setValue name=" + x500name);
             try {
-                info.set(X509CertInfo.SUBJECT, 
-                    new CertificateSubjectName(x500name));
+                info.set(X509CertInfo.SUBJECT,
+                        new CertificateSubjectName(x500name));
             } catch (Exception e) {
                 // failed to insert subject name
                 CMS.debug("nsNKeySubjectNameDefault: setValue " + e.toString());
-                throw new EPropertyException(CMS.getUserMessage( 
+                throw new EPropertyException(CMS.getUserMessage(
                             locale, "CMS_INVALID_PROPERTY", name));
             }
         } else {
-            throw new EPropertyException(CMS.getUserMessage( 
+            throw new EPropertyException(CMS.getUserMessage(
                         locale, "CMS_INVALID_PROPERTY", name));
         }
     }
 
     public String getValue(String name, Locale locale,
-        X509CertInfo info)
-        throws EPropertyException {
-		CMS.debug("nsNKeySubjectNameDefault: in getValue, name="+name);
+            X509CertInfo info)
+            throws EPropertyException {
+        CMS.debug("nsNKeySubjectNameDefault: in getValue, name=" + name);
         if (name == null) {
-            throw new EPropertyException(CMS.getUserMessage( 
+            throw new EPropertyException(CMS.getUserMessage(
                         locale, "CMS_INVALID_PROPERTY", name));
         }
         if (name.equals(VAL_NAME)) {
@@ -235,79 +236,80 @@ public class nsNKeySubjectNameDefault extends EnrollDefault {
             } catch (Exception e) {
                 // nothing
                 CMS.debug("nsNKeySubjectNameDefault: getValue " + e.toString());
-		
+
             }
-            throw new EPropertyException(CMS.getUserMessage( 
+            throw new EPropertyException(CMS.getUserMessage(
                         locale, "CMS_INVALID_PROPERTY", name));
         } else {
-            throw new EPropertyException(CMS.getUserMessage( 
+            throw new EPropertyException(CMS.getUserMessage(
                         locale, "CMS_INVALID_PROPERTY", name));
         }
     }
 
     public String getText(Locale locale) {
-		CMS.debug("nsNKeySubjectNameDefault: in getText");
-        return CMS.getUserMessage(locale, "CMS_PROFILE_SUBJECT_NAME", 
+        CMS.debug("nsNKeySubjectNameDefault: in getText");
+        return CMS.getUserMessage(locale, "CMS_PROFILE_SUBJECT_NAME",
                 getConfig(CONFIG_DNPATTERN));
     }
 
-	public void ldapInit()
-	    throws EProfileException {
-		if (mInitialized == true) return;
-
-		CMS.debug("nsNKeySubjectNameDefault: ldapInit(): begin");
-
-		try {
-			// cfu - XXX do more error handling here later
-			/* initialize ldap server configuration */
-			mParamsConfig = mInstConfig.getSubStore(PROP_PARAMS);
-			mLdapConfig = mParamsConfig.getSubStore(PROP_LDAP);
-			mBaseDN = mParamsConfig.getString(CONFIG_LDAP_BASEDN, null);
-			mConnFactory = CMS.getLdapAnonConnFactory();
-			mConnFactory.init(mLdapConfig);
-
-			/* initialize dn pattern */
-			String pattern = mParamsConfig.getString(CONFIG_DNPATTERN, null);
-
-			if (pattern == null || pattern.length() == 0) 
-				pattern = DEFAULT_DNPATTERN;
-
-			/* initialize ldap string attribute list */
-			String ldapStringAttrs = mParamsConfig.getString(CONFIG_LDAP_STRING_ATTRS, null);
-
-			if ((ldapStringAttrs != null) && (ldapStringAttrs.length() != 0)) {
-				StringTokenizer pAttrs = 
-					new StringTokenizer(ldapStringAttrs, ",", false);
-
-				mLdapStringAttrs = new String[pAttrs.countTokens()];
-
-				for (int i = 0; i < mLdapStringAttrs.length; i++) {
-					mLdapStringAttrs[i] = ((String) pAttrs.nextElement()).trim();
-				}
-			}
-			CMS.debug("nsNKeySubjectNameDefault: ldapInit(): done");
-			mInitialized = true;
-		} catch (Exception e) {
-			CMS.debug("nsNKeySubjectNameDefault: ldapInit(): "+e.toString());
-			// throw EProfileException...
-            throw new EProfileException("ldap init failure: "+e.toString());
-		}
-	}
+    public void ldapInit()
+            throws EProfileException {
+        if (mInitialized == true)
+            return;
+
+        CMS.debug("nsNKeySubjectNameDefault: ldapInit(): begin");
+
+        try {
+            // cfu - XXX do more error handling here later
+            /* initialize ldap server configuration */
+            mParamsConfig = mInstConfig.getSubStore(PROP_PARAMS);
+            mLdapConfig = mParamsConfig.getSubStore(PROP_LDAP);
+            mBaseDN = mParamsConfig.getString(CONFIG_LDAP_BASEDN, null);
+            mConnFactory = CMS.getLdapAnonConnFactory();
+            mConnFactory.init(mLdapConfig);
+
+            /* initialize dn pattern */
+            String pattern = mParamsConfig.getString(CONFIG_DNPATTERN, null);
+
+            if (pattern == null || pattern.length() == 0)
+                pattern = DEFAULT_DNPATTERN;
+
+            /* initialize ldap string attribute list */
+            String ldapStringAttrs = mParamsConfig.getString(CONFIG_LDAP_STRING_ATTRS, null);
+
+            if ((ldapStringAttrs != null) && (ldapStringAttrs.length() != 0)) {
+                StringTokenizer pAttrs =
+                        new StringTokenizer(ldapStringAttrs, ",", false);
+
+                mLdapStringAttrs = new String[pAttrs.countTokens()];
+
+                for (int i = 0; i < mLdapStringAttrs.length; i++) {
+                    mLdapStringAttrs[i] = ((String) pAttrs.nextElement()).trim();
+                }
+            }
+            CMS.debug("nsNKeySubjectNameDefault: ldapInit(): done");
+            mInitialized = true;
+        } catch (Exception e) {
+            CMS.debug("nsNKeySubjectNameDefault: ldapInit(): " + e.toString());
+            // throw EProfileException...
+            throw new EProfileException("ldap init failure: " + e.toString());
+        }
+    }
 
     /**
      * Populates the request with this policy default.
      */
     public void populate(IRequest request, X509CertInfo info)
-        throws EProfileException {
+            throws EProfileException {
         X500Name name = null;
-		CMS.debug("nsNKeySubjectNameDefault: in populate");
-		ldapInit();
+        CMS.debug("nsNKeySubjectNameDefault: in populate");
+        ldapInit();
         try {
-			// cfu - this goes to ldap
-			String subjectName = getSubjectName(request);
-			CMS.debug("subjectName=" + subjectName);
-			if (subjectName == null || subjectName.equals(""))
-				return;
+            // cfu - this goes to ldap
+            String subjectName = getSubjectName(request);
+            CMS.debug("subjectName=" + subjectName);
+            if (subjectName == null || subjectName.equals(""))
+                return;
 
             name = new X500Name(subjectName);
         } catch (IOException e) {
@@ -318,55 +320,55 @@ public class nsNKeySubjectNameDefault extends EnrollDefault {
             // failed to build x500 name
         }
         try {
-            info.set(X509CertInfo.SUBJECT, 
-                new CertificateSubjectName(name));
+            info.set(X509CertInfo.SUBJECT,
+                    new CertificateSubjectName(name));
         } catch (Exception e) {
             // failed to insert subject name
             CMS.debug("nsNKeySubjectNameDefault: populate " + e.toString());
         }
     }
 
-	private String getSubjectName(IRequest request)
-		throws EProfileException, IOException {
+    private String getSubjectName(IRequest request)
+            throws EProfileException, IOException {
 
-		CMS.debug("nsNKeySubjectNameDefault: in getSubjectName");
+        CMS.debug("nsNKeySubjectNameDefault: in getSubjectName");
 
-		String pattern = getConfig(CONFIG_DNPATTERN);
-		if (pattern == null || pattern.equals("")) {
-			pattern = " ";
-		}
-		
-		LDAPConnection conn = null;
+        String pattern = getConfig(CONFIG_DNPATTERN);
+        if (pattern == null || pattern.equals("")) {
+            pattern = " ";
+        }
+
+        LDAPConnection conn = null;
         String userdn = null;
-		String sbjname = "";
-		// get DN from ldap to fill request
-		try {
-			if (mConnFactory == null) {
+        String sbjname = "";
+        // get DN from ldap to fill request
+        try {
+            if (mConnFactory == null) {
                 conn = null;
                 CMS.debug("nsNKeySubjectNameDefault: getSubjectName(): no LDAP connection");
                 throw new EProfileException("no LDAP connection");
             } else {
                 conn = mConnFactory.getConn();
-                if( conn == null ) {
-                    CMS.debug( "nsNKeySubjectNameDefault::getSubjectName() - " +
-                               "no LDAP connection" );
-                    throw new EProfileException( "no LDAP connection" );
+                if (conn == null) {
+                    CMS.debug("nsNKeySubjectNameDefault::getSubjectName() - " +
+                               "no LDAP connection");
+                    throw new EProfileException("no LDAP connection");
                 }
                 CMS.debug("nsNKeySubjectNameDefault: getSubjectName(): got LDAP connection");
             }
 
-			if (request != null)  {
-				CMS.debug("pattern = "+pattern);
-				sbjname = mapPattern(request, pattern);
-				CMS.debug("nsNKeySubjectNameDefault: getSubjectName(): subject name mapping done");
-			} else {
-                CMS.debug( "nsNKeySubjectNameDefault::getSubjectName() - " +
-                           "request is null!" );
-                throw new EProfileException( "request is null" );
-			}
-			// retrieve the attributes
+            if (request != null) {
+                CMS.debug("pattern = " + pattern);
+                sbjname = mapPattern(request, pattern);
+                CMS.debug("nsNKeySubjectNameDefault: getSubjectName(): subject name mapping done");
+            } else {
+                CMS.debug("nsNKeySubjectNameDefault::getSubjectName() - " +
+                           "request is null!");
+                throw new EProfileException("request is null");
+            }
+            // retrieve the attributes
             // get user dn.
-			CMS.debug("nsNKeySubjectNameDefault: getSubjectName(): about to search with basedn = "+ mBaseDN);
+            CMS.debug("nsNKeySubjectNameDefault: getSubjectName(): about to search with basedn = " + mBaseDN);
             LDAPSearchResults res = conn.search(mBaseDN,
                     LDAPv2.SCOPE_SUB, "(aoluid=" + request.getExtDataInString("aoluid") + ")", null, false);
 
@@ -378,42 +380,43 @@ public class nsNKeySubjectNameDefault extends EnrollDefault {
                 CMS.debug("nsNKeySubjectNameDefault: getSubjectName(): screen name does not exist");
                 throw new EProfileException("screenname does not exist");
             }
-			CMS.debug("nsNKeySubjectNameDefault: getSubjectName(): retrieved entry for aoluid = "+request.getExtDataInString("aoluid"));;
-
-			LDAPEntry entry = null;
-			CMS.debug("nsNKeySubjectNameDefault: getSubjectName(): about to search with "+ mLdapStringAttrs.length +" attributes");
-			LDAPSearchResults results = 
-				conn.search(userdn, LDAPv2.SCOPE_BASE, "objectclass=*", 
-							mLdapStringAttrs, false);
-
-			if (!results.hasMoreElements()) {
-				CMS.debug("nsNKeySubjectNameDefault: getSubjectName(): no attributes");
-				throw new EProfileException("no ldap attributes found");
-			}
-			entry = results.next();
-			// set attrs into request
+            CMS.debug("nsNKeySubjectNameDefault: getSubjectName(): retrieved entry for aoluid = " + request.getExtDataInString("aoluid"));
+            ;
+
+            LDAPEntry entry = null;
+            CMS.debug("nsNKeySubjectNameDefault: getSubjectName(): about to search with " + mLdapStringAttrs.length + " attributes");
+            LDAPSearchResults results =
+                    conn.search(userdn, LDAPv2.SCOPE_BASE, "objectclass=*",
+                            mLdapStringAttrs, false);
+
+            if (!results.hasMoreElements()) {
+                CMS.debug("nsNKeySubjectNameDefault: getSubjectName(): no attributes");
+                throw new EProfileException("no ldap attributes found");
+            }
+            entry = results.next();
+            // set attrs into request
             for (int i = 0; i < mLdapStringAttrs.length; i++) {
-               LDAPAttribute la =
-				   entry.getAttribute(mLdapStringAttrs[i]);
-			   if (la != null) {
-				   String[] sla = la.getStringValueArray();
-				   			CMS.debug("nsNKeySubjectNameDefault: getSubjectName(): got attribute: "+sla[0]);
-				   request.setExtData(mLdapStringAttrs[i], sla[0]);
-			   }
+                LDAPAttribute la =
+                        entry.getAttribute(mLdapStringAttrs[i]);
+                if (la != null) {
+                    String[] sla = la.getStringValueArray();
+                    CMS.debug("nsNKeySubjectNameDefault: getSubjectName(): got attribute: " + sla[0]);
+                    request.setExtData(mLdapStringAttrs[i], sla[0]);
+                }
             }
-			CMS.debug("nsNKeySubjectNameDefault: getSubjectName(): attributes set in request");
-		} catch (Exception e) {
-			CMS.debug("nsNKeySubjectNameDefault: getSubjectName(): "+e.toString());
-            throw new EProfileException("getSubjectName() failure: "+e.toString());
-		} finally {
-			try {
-				if (conn != null)
-					mConnFactory.returnConn(conn);
-			} catch  (Exception e) {
-				throw new EProfileException("nsNKeySubjectNameDefault: getSubjectName(): connection return failure");
-			}
-		}
-		return sbjname;
-
-	}
+            CMS.debug("nsNKeySubjectNameDefault: getSubjectName(): attributes set in request");
+        } catch (Exception e) {
+            CMS.debug("nsNKeySubjectNameDefault: getSubjectName(): " + e.toString());
+            throw new EProfileException("getSubjectName() failure: " + e.toString());
+        } finally {
+            try {
+                if (conn != null)
+                    mConnFactory.returnConn(conn);
+            } catch (Exception e) {
+                throw new EProfileException("nsNKeySubjectNameDefault: getSubjectName(): connection return failure");
+            }
+        }
+        return sbjname;
+
+    }
 }
diff --git a/pki/base/common/src/com/netscape/cms/profile/def/nsTokenDeviceKeySubjectNameDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/nsTokenDeviceKeySubjectNameDefault.java
index 030470b3..31744c59 100644
--- a/pki/base/common/src/com/netscape/cms/profile/def/nsTokenDeviceKeySubjectNameDefault.java
+++ b/pki/base/common/src/com/netscape/cms/profile/def/nsTokenDeviceKeySubjectNameDefault.java
@@ -34,10 +34,9 @@ import com.netscape.certsrv.property.IDescriptor;
 import com.netscape.certsrv.request.IRequest;
 
 /**
- * This class implements an enrollment default policy
- * that populates server-side configurable subject name
- * into the certificate template.
- *
+ * This class implements an enrollment default policy that populates server-side
+ * configurable subject name into the certificate template.
+ * 
  * @version $Revision$, $Date$
  */
 public class nsTokenDeviceKeySubjectNameDefault extends EnrollDefault {
@@ -49,7 +48,7 @@ public class nsTokenDeviceKeySubjectNameDefault extends EnrollDefault {
 
     /* default dn pattern if left blank or not set in the config */
     protected static String DEFAULT_DNPATTERN =
-	"Token Key Device - $request.tokencuid$";
+            "Token Key Device - $request.tokencuid$";
 
     protected IConfigStore mParamsConfig;
 
@@ -61,43 +60,43 @@ public class nsTokenDeviceKeySubjectNameDefault extends EnrollDefault {
     }
 
     public void init(IProfile profile, IConfigStore config)
-        throws EProfileException {
+            throws EProfileException {
         super.init(profile, config);
     }
 
-    public IDescriptor getConfigDescriptor(Locale locale, String name) { 
-	CMS.debug("nsTokenDeviceKeySubjectNameDefault: in getConfigDescriptor, name="+ name);
-        if (name.equals(CONFIG_DNPATTERN)) { 
-            return new Descriptor(IDescriptor.STRING, 
+    public IDescriptor getConfigDescriptor(Locale locale, String name) {
+        CMS.debug("nsTokenDeviceKeySubjectNameDefault: in getConfigDescriptor, name=" + name);
+        if (name.equals(CONFIG_DNPATTERN)) {
+            return new Descriptor(IDescriptor.STRING,
                     null, null, CMS.getUserMessage(locale,
-                        "CMS_PROFILE_SUBJECT_NAME"));
+                            "CMS_PROFILE_SUBJECT_NAME"));
         } else {
             return null;
         }
     }
 
     public IDescriptor getValueDescriptor(Locale locale, String name) {
-	CMS.debug("nsTokenDeviceKeySubjectNameDefault: in getValueDescriptor name="+name);
+        CMS.debug("nsTokenDeviceKeySubjectNameDefault: in getValueDescriptor name=" + name);
 
         if (name.equals(VAL_NAME)) {
             return new Descriptor(IDescriptor.STRING,
-				null,
-				null,
-				CMS.getUserMessage(locale, 
-					"CMS_PROFILE_SUBJECT_NAME"));
+                    null,
+                    null,
+                    CMS.getUserMessage(locale,
+                            "CMS_PROFILE_SUBJECT_NAME"));
         } else {
             return null;
         }
     }
 
     public void setValue(String name, Locale locale,
-        X509CertInfo info, String value)
-        throws EPropertyException {
+            X509CertInfo info, String value)
+            throws EPropertyException {
 
-	CMS.debug("nsTokenDeviceKeySubjectNameDefault: in setValue, value="+value);
+        CMS.debug("nsTokenDeviceKeySubjectNameDefault: in setValue, value=" + value);
 
         if (name == null) {
-            throw new EPropertyException(CMS.getUserMessage( 
+            throw new EPropertyException(CMS.getUserMessage(
                         locale, "CMS_INVALID_PROPERTY", name));
         }
         if (name.equals(VAL_NAME)) {
@@ -111,27 +110,26 @@ public class nsTokenDeviceKeySubjectNameDefault extends EnrollDefault {
             }
             CMS.debug("nsTokenDeviceKeySubjectNameDefault: setValue name=" + x500name);
             try {
-                info.set(X509CertInfo.SUBJECT, 
-                    new CertificateSubjectName(x500name));
+                info.set(X509CertInfo.SUBJECT,
+                        new CertificateSubjectName(x500name));
             } catch (Exception e) {
                 // failed to insert subject name
                 CMS.debug("nsTokenDeviceKeySubjectNameDefault: setValue " + e.toString());
-                throw new EPropertyException(CMS.getUserMessage( 
+                throw new EPropertyException(CMS.getUserMessage(
                             locale, "CMS_INVALID_PROPERTY", name));
             }
         } else {
-            throw new EPropertyException(CMS.getUserMessage( 
+            throw new EPropertyException(CMS.getUserMessage(
                         locale, "CMS_INVALID_PROPERTY", name));
         }
     }
 
     public String getValue(String name, Locale locale,
-        X509CertInfo info)
-        throws EPropertyException
-    {
-	CMS.debug("nsTokenDeviceKeySubjectNameDefault: in getValue, name="+name);
+            X509CertInfo info)
+            throws EPropertyException {
+        CMS.debug("nsTokenDeviceKeySubjectNameDefault: in getValue, name=" + name);
         if (name == null) {
-            throw new EPropertyException(CMS.getUserMessage( 
+            throw new EPropertyException(CMS.getUserMessage(
                         locale, "CMS_INVALID_PROPERTY", name));
         }
         if (name.equals(VAL_NAME)) {
@@ -146,19 +144,19 @@ public class nsTokenDeviceKeySubjectNameDefault extends EnrollDefault {
             } catch (Exception e) {
                 // nothing
                 CMS.debug("nsTokenDeviceKeySubjectNameDefault: getValue " + e.toString());
-		
+
             }
-            throw new EPropertyException(CMS.getUserMessage( 
+            throw new EPropertyException(CMS.getUserMessage(
                         locale, "CMS_INVALID_PROPERTY", name));
         } else {
-            throw new EPropertyException(CMS.getUserMessage( 
+            throw new EPropertyException(CMS.getUserMessage(
                         locale, "CMS_INVALID_PROPERTY", name));
         }
     }
 
     public String getText(Locale locale) {
-	CMS.debug("nsTokenDeviceKeySubjectNameDefault: in getText");
-        return CMS.getUserMessage(locale, "CMS_PROFILE_SUBJECT_NAME", 
+        CMS.debug("nsTokenDeviceKeySubjectNameDefault: in getText");
+        return CMS.getUserMessage(locale, "CMS_PROFILE_SUBJECT_NAME",
                 getConfig(CONFIG_DNPATTERN));
     }
 
@@ -166,15 +164,15 @@ public class nsTokenDeviceKeySubjectNameDefault extends EnrollDefault {
      * Populates the request with this policy default.
      */
     public void populate(IRequest request, X509CertInfo info)
-        throws EProfileException {
+            throws EProfileException {
         X500Name name = null;
-	CMS.debug("nsTokenDeviceKeySubjectNameDefault: in populate");
+        CMS.debug("nsTokenDeviceKeySubjectNameDefault: in populate");
 
         try {
-	    String subjectName = getSubjectName(request);
+            String subjectName = getSubjectName(request);
             CMS.debug("subjectName=" + subjectName);
             if (subjectName == null || subjectName.equals(""))
-		return;
+                return;
 
             name = new X500Name(subjectName);
         } catch (IOException e) {
@@ -185,8 +183,8 @@ public class nsTokenDeviceKeySubjectNameDefault extends EnrollDefault {
             // failed to build x500 name
         }
         try {
-            info.set(X509CertInfo.SUBJECT, 
-                new CertificateSubjectName(name));
+            info.set(X509CertInfo.SUBJECT,
+                    new CertificateSubjectName(name));
         } catch (Exception e) {
             // failed to insert subject name
             CMS.debug("nsTokenDeviceKeySubjectNameDefault: populate " + e.toString());
@@ -194,23 +192,23 @@ public class nsTokenDeviceKeySubjectNameDefault extends EnrollDefault {
     }
 
     private String getSubjectName(IRequest request)
-	throws EProfileException, IOException {
+            throws EProfileException, IOException {
 
-	CMS.debug("nsTokenDeviceKeySubjectNameDefault: in getSubjectName");
+        CMS.debug("nsTokenDeviceKeySubjectNameDefault: in getSubjectName");
 
-	String pattern = getConfig(CONFIG_DNPATTERN);
-	if (pattern == null || pattern.equals("")) {
-	    pattern = " ";
-	}
-		
-	String sbjname = "";
+        String pattern = getConfig(CONFIG_DNPATTERN);
+        if (pattern == null || pattern.equals("")) {
+            pattern = " ";
+        }
 
-	if (request != null)  {
-	    CMS.debug("pattern = "+pattern);
-	    sbjname = mapPattern(request, pattern);
-	    CMS.debug("nsTokenDeviceKeySubjectNameDefault: getSubjectName(): subject name mapping done");
-	}
+        String sbjname = "";
+
+        if (request != null) {
+            CMS.debug("pattern = " + pattern);
+            sbjname = mapPattern(request, pattern);
+            CMS.debug("nsTokenDeviceKeySubjectNameDefault: getSubjectName(): subject name mapping done");
+        }
 
-	    return sbjname;
+        return sbjname;
     }
 }
diff --git a/pki/base/common/src/com/netscape/cms/profile/def/nsTokenUserKeySubjectNameDefault.java b/pki/base/common/src/com/netscape/cms/profile/def/nsTokenUserKeySubjectNameDefault.java
index ac98a0cb..094317f9 100644
--- a/pki/base/common/src/com/netscape/cms/profile/def/nsTokenUserKeySubjectNameDefault.java
+++ b/pki/base/common/src/com/netscape/cms/profile/def/nsTokenUserKeySubjectNameDefault.java
@@ -42,10 +42,9 @@ import com.netscape.certsrv.property.IDescriptor;
 import com.netscape.certsrv.request.IRequest;
 
 /**
- * This class implements an enrollment default policy
- * that populates server-side configurable subject name
- * into the certificate template.
- *
+ * This class implements an enrollment default policy that populates server-side
+ * configurable subject name into the certificate template.
+ * 
  * @version $Revision$, $Date$
  */
 public class nsTokenUserKeySubjectNameDefault extends EnrollDefault {
@@ -66,12 +65,12 @@ public class nsTokenUserKeySubjectNameDefault extends EnrollDefault {
 
     public static final String VAL_NAME = "name";
 
-    public static final String CONFIG_LDAP_VERS = 
-      "2,3";
+    public static final String CONFIG_LDAP_VERS =
+            "2,3";
 
     /* default dn pattern if left blank or not set in the config */
-    protected static String DEFAULT_DNPATTERN = 
-        "CN=$request.uid$, E=$request.mail$";
+    protected static String DEFAULT_DNPATTERN =
+            "CN=$request.uid$, E=$request.mail$";
 
     /* ldap configuration sub-store */
     boolean mldapInitialized = false;
@@ -86,8 +85,10 @@ public class nsTokenUserKeySubjectNameDefault extends EnrollDefault {
     /* factory of anonymous ldap connections */
     protected ILdapConnFactory mConnFactory = null;
 
-    /* the list of LDAP attributes with string values to retrieve to
-     * form the subject dn. */
+    /*
+     * the list of LDAP attributes with string values to retrieve to form the
+     * subject dn.
+     */
     protected String[] mLdapStringAttrs = null;
 
     public nsTokenUserKeySubjectNameDefault() {
@@ -118,93 +119,93 @@ public class nsTokenUserKeySubjectNameDefault extends EnrollDefault {
     }
 
     public void init(IProfile profile, IConfigStore config)
-        throws EProfileException {
+            throws EProfileException {
         mInstConfig = config;
         super.init(profile, config);
     }
 
-    public IDescriptor getConfigDescriptor(Locale locale, String name) { 
-        CMS.debug("nsTokenUserKeySubjectNameDefault: in getConfigDescriptor, name="+ name);
-        if (name.equals(CONFIG_DNPATTERN)) { 
-            return new Descriptor(IDescriptor.STRING, 
+    public IDescriptor getConfigDescriptor(Locale locale, String name) {
+        CMS.debug("nsTokenUserKeySubjectNameDefault: in getConfigDescriptor, name=" + name);
+        if (name.equals(CONFIG_DNPATTERN)) {
+            return new Descriptor(IDescriptor.STRING,
                     null, null, CMS.getUserMessage(locale,
-                        "CMS_PROFILE_SUBJECT_NAME"));
+                            "CMS_PROFILE_SUBJECT_NAME"));
         } else if (name.equals(CONFIG_LDAP_STRING_ATTRS)) {
-            return new Descriptor(IDescriptor.STRING, 
-                null,
-                null,
-                CMS.getUserMessage(locale,"CMS_PROFILE_TOKENKEY_LDAP_STRING_ATTRS"));
+            return new Descriptor(IDescriptor.STRING,
+                    null,
+                    null,
+                    CMS.getUserMessage(locale, "CMS_PROFILE_TOKENKEY_LDAP_STRING_ATTRS"));
         } else if (name.equals(CONFIG_LDAP_ENABLE)) {
-            return new Descriptor(IDescriptor.STRING, 
-                null,
-                null,
-                CMS.getUserMessage(locale,"CMS_PROFILE_TOKENKEY_LDAP_ENABLE"));
+            return new Descriptor(IDescriptor.STRING,
+                    null,
+                    null,
+                    CMS.getUserMessage(locale, "CMS_PROFILE_TOKENKEY_LDAP_ENABLE"));
         } else if (name.equals(CONFIG_LDAP_SEARCH_NAME)) {
-            return new Descriptor(IDescriptor.STRING, 
-                null,
-                null,
-                CMS.getUserMessage(locale,"CMS_PROFILE_TOKENKEY_LDAP_SEARCH_NAME"));
+            return new Descriptor(IDescriptor.STRING,
+                    null,
+                    null,
+                    CMS.getUserMessage(locale, "CMS_PROFILE_TOKENKEY_LDAP_SEARCH_NAME"));
         } else if (name.equals(CONFIG_LDAP_HOST)) {
-            return new Descriptor(IDescriptor.STRING, 
-                null,
-                null,
-                CMS.getUserMessage(locale,"CMS_PROFILE_TOKENKEY_LDAP_HOST_NAME"));
+            return new Descriptor(IDescriptor.STRING,
+                    null,
+                    null,
+                    CMS.getUserMessage(locale, "CMS_PROFILE_TOKENKEY_LDAP_HOST_NAME"));
         } else if (name.equals(CONFIG_LDAP_PORT)) {
-            return new Descriptor(IDescriptor.STRING, 
-                null,
-                null,
-                CMS.getUserMessage(locale,"CMS_PROFILE_TOKENKEY_LDAP_PORT_NUMBER"));
+            return new Descriptor(IDescriptor.STRING,
+                    null,
+                    null,
+                    CMS.getUserMessage(locale, "CMS_PROFILE_TOKENKEY_LDAP_PORT_NUMBER"));
         } else if (name.equals(CONFIG_LDAP_SEC_CONN)) {
             return new Descriptor(IDescriptor.BOOLEAN,
-                null, 
-                "false",
-                CMS.getUserMessage(locale, "CMS_PROFILE_TOKENKEY_LDAP_SECURE_CONN"));
+                    null,
+                    "false",
+                    CMS.getUserMessage(locale, "CMS_PROFILE_TOKENKEY_LDAP_SECURE_CONN"));
         } else if (name.equals(CONFIG_LDAP_VER)) {
             return new Descriptor(IDescriptor.CHOICE, CONFIG_LDAP_VERS,
                     "3",
                     CMS.getUserMessage(locale, "CMS_PROFILE_TOKENKEY_LDAP_VERSION"));
         } else if (name.equals(CONFIG_LDAP_BASEDN)) {
-            return new Descriptor(IDescriptor.STRING, 
-                null,
-                null,
-                CMS.getUserMessage(locale,"CMS_PROFILE_TOKENKEY_LDAP_BASEDN"));
+            return new Descriptor(IDescriptor.STRING,
+                    null,
+                    null,
+                    CMS.getUserMessage(locale, "CMS_PROFILE_TOKENKEY_LDAP_BASEDN"));
         } else if (name.equals(CONFIG_LDAP_MIN_CONN)) {
-            return new Descriptor(IDescriptor.STRING, 
-                null,
-                null,
-            CMS.getUserMessage(locale,"CMS_PROFILE_TOKENKEY_LDAP_MIN_CONN"));
+            return new Descriptor(IDescriptor.STRING,
+                    null,
+                    null,
+                    CMS.getUserMessage(locale, "CMS_PROFILE_TOKENKEY_LDAP_MIN_CONN"));
         } else if (name.equals(CONFIG_LDAP_MAX_CONN)) {
-            return new Descriptor(IDescriptor.STRING, 
-                null,
-                null,
-                CMS.getUserMessage(locale,"CMS_PROFILE_TOKENKEY_LDAP_MAX_CONN"));
+            return new Descriptor(IDescriptor.STRING,
+                    null,
+                    null,
+                    CMS.getUserMessage(locale, "CMS_PROFILE_TOKENKEY_LDAP_MAX_CONN"));
         } else {
             return null;
         }
     }
 
     public IDescriptor getValueDescriptor(Locale locale, String name) {
-        CMS.debug("nsTokenUserKeySubjectNameDefault: in getValueDescriptor name="+name);
+        CMS.debug("nsTokenUserKeySubjectNameDefault: in getValueDescriptor name=" + name);
 
         if (name.equals(VAL_NAME)) {
             return new Descriptor(IDescriptor.STRING,
-                null,
-                null,
-                CMS.getUserMessage(locale, 
-                  "CMS_PROFILE_SUBJECT_NAME"));
+                    null,
+                    null,
+                    CMS.getUserMessage(locale,
+                            "CMS_PROFILE_SUBJECT_NAME"));
         } else {
             return null;
         }
     }
 
     public void setValue(String name, Locale locale,
-        X509CertInfo info, String value)
-        throws EPropertyException {
+            X509CertInfo info, String value)
+            throws EPropertyException {
 
-        CMS.debug("nsTokenUserKeySubjectNameDefault: in setValue, value="+value);
+        CMS.debug("nsTokenUserKeySubjectNameDefault: in setValue, value=" + value);
 
         if (name == null) {
-            throw new EPropertyException(CMS.getUserMessage( 
+            throw new EPropertyException(CMS.getUserMessage(
                         locale, "CMS_INVALID_PROPERTY", name));
         }
         if (name.equals(VAL_NAME)) {
@@ -218,26 +219,26 @@ public class nsTokenUserKeySubjectNameDefault extends EnrollDefault {
             }
             CMS.debug("nsTokenUserKeySubjectNameDefault: setValue name=" + x500name);
             try {
-                info.set(X509CertInfo.SUBJECT, 
-                    new CertificateSubjectName(x500name));
+                info.set(X509CertInfo.SUBJECT,
+                        new CertificateSubjectName(x500name));
             } catch (Exception e) {
                 // failed to insert subject name
                 CMS.debug("nsTokenUserKeySubjectNameDefault: setValue " + e.toString());
-                throw new EPropertyException(CMS.getUserMessage( 
+                throw new EPropertyException(CMS.getUserMessage(
                             locale, "CMS_INVALID_PROPERTY", name));
             }
         } else {
-            throw new EPropertyException(CMS.getUserMessage( 
+            throw new EPropertyException(CMS.getUserMessage(
                         locale, "CMS_INVALID_PROPERTY", name));
         }
     }
 
     public String getValue(String name, Locale locale,
-        X509CertInfo info)
-        throws EPropertyException {
-        CMS.debug("nsTokenUserKeySubjectNameDefault: in getValue, name="+name);
+            X509CertInfo info)
+            throws EPropertyException {
+        CMS.debug("nsTokenUserKeySubjectNameDefault: in getValue, name=" + name);
         if (name == null) {
-            throw new EPropertyException(CMS.getUserMessage( 
+            throw new EPropertyException(CMS.getUserMessage(
                         locale, "CMS_INVALID_PROPERTY", name));
         }
         if (name.equals(VAL_NAME)) {
@@ -254,76 +255,77 @@ public class nsTokenUserKeySubjectNameDefault extends EnrollDefault {
                 CMS.debug("nsTokenUserKeySubjectNameDefault: getValue " + e.toString());
 
             }
-            throw new EPropertyException(CMS.getUserMessage( 
+            throw new EPropertyException(CMS.getUserMessage(
                         locale, "CMS_INVALID_PROPERTY", name));
         } else {
-            throw new EPropertyException(CMS.getUserMessage( 
+            throw new EPropertyException(CMS.getUserMessage(
                         locale, "CMS_INVALID_PROPERTY", name));
         }
     }
 
     public String getText(Locale locale) {
         CMS.debug("nsTokenUserKeySubjectNameDefault: in getText");
-        return CMS.getUserMessage(locale, "CMS_PROFILE_SUBJECT_NAME", 
+        return CMS.getUserMessage(locale, "CMS_PROFILE_SUBJECT_NAME",
                 getConfig(CONFIG_DNPATTERN));
     }
 
     public void ldapInit()
-        throws EProfileException {
-        if (mldapInitialized == true) return;
+            throws EProfileException {
+        if (mldapInitialized == true)
+            return;
 
         CMS.debug("nsTokenUserKeySubjectNameDefault: ldapInit(): begin");
 
         try {
-          // cfu - XXX do more error handling here later
-          /* initialize ldap server configuration */
-          mParamsConfig = mInstConfig.getSubStore(PROP_PARAMS);
-          mLdapConfig = mParamsConfig.getSubStore(PROP_LDAP);
-          mldapEnabled = mParamsConfig.getBoolean(CONFIG_LDAP_ENABLE,
-            false);
-          if (mldapEnabled == false)
-            return;
+            // cfu - XXX do more error handling here later
+            /* initialize ldap server configuration */
+            mParamsConfig = mInstConfig.getSubStore(PROP_PARAMS);
+            mLdapConfig = mParamsConfig.getSubStore(PROP_LDAP);
+            mldapEnabled = mParamsConfig.getBoolean(CONFIG_LDAP_ENABLE,
+                    false);
+            if (mldapEnabled == false)
+                return;
 
-          mBaseDN = mParamsConfig.getString(CONFIG_LDAP_BASEDN, null);
-          mConnFactory = CMS.getLdapAnonConnFactory();
-          mConnFactory.init(mLdapConfig);
+            mBaseDN = mParamsConfig.getString(CONFIG_LDAP_BASEDN, null);
+            mConnFactory = CMS.getLdapAnonConnFactory();
+            mConnFactory.init(mLdapConfig);
 
-          /* initialize dn pattern */
-          String pattern = mParamsConfig.getString(CONFIG_DNPATTERN, null);
+            /* initialize dn pattern */
+            String pattern = mParamsConfig.getString(CONFIG_DNPATTERN, null);
 
-          if (pattern == null || pattern.length() == 0) 
-              pattern = DEFAULT_DNPATTERN;
+            if (pattern == null || pattern.length() == 0)
+                pattern = DEFAULT_DNPATTERN;
 
-          /* initialize ldap string attribute list */
-          String ldapStringAttrs = mParamsConfig.getString(CONFIG_LDAP_STRING_ATTRS, null);
+            /* initialize ldap string attribute list */
+            String ldapStringAttrs = mParamsConfig.getString(CONFIG_LDAP_STRING_ATTRS, null);
 
-          if ((ldapStringAttrs != null) && (ldapStringAttrs.length() != 0)) {
-            StringTokenizer pAttrs = 
-                new StringTokenizer(ldapStringAttrs, ",", false);
+            if ((ldapStringAttrs != null) && (ldapStringAttrs.length() != 0)) {
+                StringTokenizer pAttrs =
+                        new StringTokenizer(ldapStringAttrs, ",", false);
 
-            mLdapStringAttrs = new String[pAttrs.countTokens()];
+                mLdapStringAttrs = new String[pAttrs.countTokens()];
 
-            for (int i = 0; i < mLdapStringAttrs.length; i++) {
-                mLdapStringAttrs[i] = ((String) pAttrs.nextElement()).trim();
+                for (int i = 0; i < mLdapStringAttrs.length; i++) {
+                    mLdapStringAttrs[i] = ((String) pAttrs.nextElement()).trim();
+                }
             }
-          }
-          CMS.debug("nsTokenUserKeySubjectNameDefault: ldapInit(): done");
-          mldapInitialized = true;
+            CMS.debug("nsTokenUserKeySubjectNameDefault: ldapInit(): done");
+            mldapInitialized = true;
         } catch (Exception e) {
-          CMS.debug("nsTokenUserKeySubjectNameDefault: ldapInit(): "+e.toString());
-          // throw EProfileException...
-          throw new EProfileException("ldap init failure: "+e.toString());
+            CMS.debug("nsTokenUserKeySubjectNameDefault: ldapInit(): " + e.toString());
+            // throw EProfileException...
+            throw new EProfileException("ldap init failure: " + e.toString());
         }
-      }
+    }
 
     /**
      * Populates the request with this policy default.
      */
     public void populate(IRequest request, X509CertInfo info)
-        throws EProfileException {
+            throws EProfileException {
         X500Name name = null;
         CMS.debug("nsTokenUserKeySubjectNameDefault: in populate");
-ldapInit();
+        ldapInit();
         try {
             // cfu - this goes to ldap
             String subjectName = getSubjectName(request);
@@ -340,8 +342,8 @@ ldapInit();
             // failed to build x500 name
         }
         try {
-            info.set(X509CertInfo.SUBJECT, 
-                new CertificateSubjectName(name));
+            info.set(X509CertInfo.SUBJECT,
+                    new CertificateSubjectName(name));
         } catch (Exception e) {
             // failed to insert subject name
             CMS.debug("nsTokenUserKeySubjectNameDefault: populate " + e.toString());
@@ -349,7 +351,7 @@ ldapInit();
     }
 
     private String getSubjectName(IRequest request)
-        throws EProfileException, IOException {
+            throws EProfileException, IOException {
 
         CMS.debug("nsTokenUserKeySubjectNameDefault: in getSubjectName");
 
@@ -360,10 +362,10 @@ ldapInit();
         String sbjname = "";
 
         if (mldapInitialized == false) {
-            if (request != null)  {
-              CMS.debug("pattern = "+pattern);
-              sbjname = mapPattern(request, pattern);
-              CMS.debug("nsTokenUserKeySubjectNameDefault: getSubjectName(): subject name mapping done");
+            if (request != null) {
+                CMS.debug("pattern = " + pattern);
+                sbjname = mapPattern(request, pattern);
+                CMS.debug("nsTokenUserKeySubjectNameDefault: getSubjectName(): subject name mapping done");
             }
             return sbjname;
         }
@@ -384,34 +386,34 @@ ldapInit();
                 throw new EProfileException("no LDAP connection");
             } else {
                 conn = mConnFactory.getConn();
-                if( conn == null ) {
-                    CMS.debug( "nsTokenUserKeySubjectNameDefault::getSubjectName() - " +
-                               "no LDAP connection" );
-                    throw new EProfileException( "no LDAP connection" );
+                if (conn == null) {
+                    CMS.debug("nsTokenUserKeySubjectNameDefault::getSubjectName() - " +
+                               "no LDAP connection");
+                    throw new EProfileException("no LDAP connection");
                 }
                 CMS.debug("nsTokenUserKeySubjectNameDefault: getSubjectName(): got LDAP connection");
             }
             // retrieve the attributes
             // get user dn.
-            CMS.debug("nsTokenUserKeySubjectNameDefault: getSubjectName(): about to search with basedn = "+ mBaseDN);
+            CMS.debug("nsTokenUserKeySubjectNameDefault: getSubjectName(): about to search with basedn = " + mBaseDN);
             LDAPSearchResults res = conn.search(mBaseDN,
-                    LDAPv2.SCOPE_SUB, "("+ searchName + "=" + request.getExtDataInString("uid") + ")", null, false);
+                    LDAPv2.SCOPE_SUB, "(" + searchName + "=" + request.getExtDataInString("uid") + ")", null, false);
 
             if (res.hasMoreElements()) {
                 LDAPEntry entry = res.next();
 
                 userdn = entry.getDN();
             } else {// put into property file later - cfu
-                CMS.debug("nsTokenUserKeySubjectNameDefault: getSubjectName(): "+ searchName + " does not exist");
+                CMS.debug("nsTokenUserKeySubjectNameDefault: getSubjectName(): " + searchName + " does not exist");
                 throw new EProfileException("id does not exist");
             }
-            CMS.debug("nsTokenUserKeySubjectNameDefault: getSubjectName(): retrieved entry for "+searchName + " = "+request.getExtDataInString("uid"));
+            CMS.debug("nsTokenUserKeySubjectNameDefault: getSubjectName(): retrieved entry for " + searchName + " = " + request.getExtDataInString("uid"));
 
             LDAPEntry entry = null;
-            CMS.debug("nsTokenUserKeySubjectNameDefault: getSubjectName(): about to search with "+ mLdapStringAttrs.length +" attributes");
-            LDAPSearchResults results = 
-            conn.search(userdn, LDAPv2.SCOPE_BASE, "objectclass=*", 
-            mLdapStringAttrs, false);
+            CMS.debug("nsTokenUserKeySubjectNameDefault: getSubjectName(): about to search with " + mLdapStringAttrs.length + " attributes");
+            LDAPSearchResults results =
+                    conn.search(userdn, LDAPv2.SCOPE_BASE, "objectclass=*",
+                            mLdapStringAttrs, false);
 
             if (!results.hasMoreElements()) {
                 CMS.debug("nsTokenUserKeySubjectNameDefault: getSubjectName(): no attributes");
@@ -420,28 +422,28 @@ ldapInit();
             entry = results.next();
             // set attrs into request
             for (int i = 0; i < mLdapStringAttrs.length; i++) {
-               LDAPAttribute la =
-                   entry.getAttribute(mLdapStringAttrs[i]);
-               if (la != null) {
-                   String[] sla = la.getStringValueArray();
-                   CMS.debug("nsTokenUserKeySubjectNameDefault: getSubjectName(): got attribute: "+mLdapStringAttrs[i]+
-                       "=" + escapeValueRfc1779(sla[0], false).toString());
-                       request.setExtData(mLdapStringAttrs[i], escapeValueRfc1779(sla[0], false).toString());
-               }
+                LDAPAttribute la =
+                        entry.getAttribute(mLdapStringAttrs[i]);
+                if (la != null) {
+                    String[] sla = la.getStringValueArray();
+                    CMS.debug("nsTokenUserKeySubjectNameDefault: getSubjectName(): got attribute: " + mLdapStringAttrs[i] +
+                            "=" + escapeValueRfc1779(sla[0], false).toString());
+                    request.setExtData(mLdapStringAttrs[i], escapeValueRfc1779(sla[0], false).toString());
+                }
             }
-            CMS.debug("pattern = "+pattern);
-			sbjname = mapPattern(request, pattern);
-			CMS.debug("nsTokenUserKeySubjectNameDefault: getSubjectName(): subject name mapping done");
+            CMS.debug("pattern = " + pattern);
+            sbjname = mapPattern(request, pattern);
+            CMS.debug("nsTokenUserKeySubjectNameDefault: getSubjectName(): subject name mapping done");
             CMS.debug("nsTokenUserKeySubjectNameDefault: getSubjectName(): attributes set in request");
 
         } catch (Exception e) {
-            CMS.debug("nsTokenUserKeySubjectNameDefault: getSubjectName(): "+e.toString());
-            throw new EProfileException("getSubjectName() failure: "+e.toString());
+            CMS.debug("nsTokenUserKeySubjectNameDefault: getSubjectName(): " + e.toString());
+            throw new EProfileException("getSubjectName() failure: " + e.toString());
         } finally {
             try {
                 if (conn != null)
                     mConnFactory.returnConn(conn);
-            } catch  (Exception e) {
+            } catch (Exception e) {
                 throw new EProfileException("nsTokenUserKeySubjectNameDefault: getSubjectName(): connection return failure");
             }
         }
diff --git a/pki/base/common/src/com/netscape/cms/profile/input/CMCCertReqInput.java b/pki/base/common/src/com/netscape/cms/profile/input/CMCCertReqInput.java
index d067f1e6..db3821e5 100644
--- a/pki/base/common/src/com/netscape/cms/profile/input/CMCCertReqInput.java
+++ b/pki/base/common/src/com/netscape/cms/profile/input/CMCCertReqInput.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.profile.input;
 
-
 import java.util.Locale;
 
 import netscape.security.x509.X509CertInfo;
@@ -35,23 +34,21 @@ import com.netscape.certsrv.property.IDescriptor;
 import com.netscape.certsrv.request.IRequest;
 import com.netscape.cms.profile.common.EnrollProfile;
 
-
 /**
- * This class implements the certificate request input.
- * This input populates 2 main fields to the enrollment page:
- * 1/ Certificate Request Type, 2/ Certificate Request
+ * This class implements the certificate request input. This input populates 2
+ * main fields to the enrollment page: 1/ Certificate Request Type, 2/
+ * Certificate Request
  * <p>
  * 
- * This input usually is used by an enrollment profile for
- * certificate requests.
- *
+ * This input usually is used by an enrollment profile for certificate requests.
+ * 
  * @version $Revision$, $Date$
  */
-public class CMCCertReqInput extends EnrollInput implements IProfileInput { 
-    public static final String VAL_CERT_REQUEST_TYPE = 
-        EnrollProfile.CTX_CERT_REQUEST_TYPE;
+public class CMCCertReqInput extends EnrollInput implements IProfileInput {
+    public static final String VAL_CERT_REQUEST_TYPE =
+            EnrollProfile.CTX_CERT_REQUEST_TYPE;
     public static final String VAL_CERT_REQUEST =
-        EnrollProfile.CTX_CERT_REQUEST;
+            EnrollProfile.CTX_CERT_REQUEST;
 
     public EnrollProfile mEnrollProfile = null;
 
@@ -63,7 +60,7 @@ public class CMCCertReqInput extends EnrollInput implements IProfileInput {
      * Initializes this default policy.
      */
     public void init(IProfile profile, IConfigStore config)
-        throws EProfileException {
+            throws EProfileException {
         super.init(profile, config);
 
         mEnrollProfile = (EnrollProfile) profile;
@@ -87,22 +84,22 @@ public class CMCCertReqInput extends EnrollInput implements IProfileInput {
      * Populates the request with this policy default.
      */
     public void populate(IProfileContext ctx, IRequest request)
-        throws EProfileException {
+            throws EProfileException {
         String cert_request = ctx.get(VAL_CERT_REQUEST);
         X509CertInfo info =
-            request.getExtDataInCertInfo(EnrollProfile.REQUEST_CERTINFO);
+                request.getExtDataInCertInfo(EnrollProfile.REQUEST_CERTINFO);
 
         TaggedRequest msgs[] = mEnrollProfile.parseCMC(getLocale(request), cert_request);
 
         if (msgs == null) {
-            return; 
+            return;
         }
         // This profile only handle the first request in CRMF
         Integer seqNum = request.getExtDataInInteger(EnrollProfile.REQUEST_SEQ_NUM);
         if (seqNum == null) {
-           throw new EProfileException(
-            CMS.getUserMessage(getLocale(request),
-                "CMS_PROFILE_UNKNOWN_SEQ_NUM")); 
+            throw new EProfileException(
+                    CMS.getUserMessage(getLocale(request),
+                            "CMS_PROFILE_UNKNOWN_SEQ_NUM"));
         }
 
         mEnrollProfile.fillTaggedRequest(getLocale(request), msgs[seqNum.intValue()], info, request);
@@ -110,16 +107,15 @@ public class CMCCertReqInput extends EnrollInput implements IProfileInput {
     }
 
     /**
-     * Retrieves the descriptor of the given value
-     * parameter by name.
+     * Retrieves the descriptor of the given value parameter by name.
      */
     public IDescriptor getValueDescriptor(Locale locale, String name) {
         if (name.equals(VAL_CERT_REQUEST)) {
             return new Descriptor(IDescriptor.CERT_REQUEST, null,
                     null,
                     CMS.getUserMessage(locale,
-                        "CMS_PROFILE_INPUT_CERT_REQ"));
-        } 
+                            "CMS_PROFILE_INPUT_CERT_REQ"));
+        }
         return null;
     }
 }
diff --git a/pki/base/common/src/com/netscape/cms/profile/input/CertReqInput.java b/pki/base/common/src/com/netscape/cms/profile/input/CertReqInput.java
index 12a4f549..044ba9fa 100644
--- a/pki/base/common/src/com/netscape/cms/profile/input/CertReqInput.java
+++ b/pki/base/common/src/com/netscape/cms/profile/input/CertReqInput.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.profile.input;
 
-
 import java.util.Locale;
 
 import netscape.security.pkcs.PKCS10;
@@ -38,23 +37,21 @@ import com.netscape.certsrv.property.IDescriptor;
 import com.netscape.certsrv.request.IRequest;
 import com.netscape.cms.profile.common.EnrollProfile;
 
-
 /**
- * This class implements the certificate request input.
- * This input populates 2 main fields to the enrollment page:
- * 1/ Certificate Request Type, 2/ Certificate Request
+ * This class implements the certificate request input. This input populates 2
+ * main fields to the enrollment page: 1/ Certificate Request Type, 2/
+ * Certificate Request
  * <p>
  * 
- * This input usually is used by an enrollment profile for
- * certificate requests.
- *
+ * This input usually is used by an enrollment profile for certificate requests.
+ * 
  * @version $Revision$, $Date$
  */
-public class CertReqInput extends EnrollInput implements IProfileInput { 
-    public static final String VAL_CERT_REQUEST_TYPE = 
-        EnrollProfile.CTX_CERT_REQUEST_TYPE;
+public class CertReqInput extends EnrollInput implements IProfileInput {
+    public static final String VAL_CERT_REQUEST_TYPE =
+            EnrollProfile.CTX_CERT_REQUEST_TYPE;
     public static final String VAL_CERT_REQUEST =
-        EnrollProfile.CTX_CERT_REQUEST;
+            EnrollProfile.CTX_CERT_REQUEST;
 
     public EnrollProfile mEnrollProfile = null;
 
@@ -67,7 +64,7 @@ public class CertReqInput extends EnrollInput implements IProfileInput {
      * Initializes this default policy.
      */
     public void init(IProfile profile, IConfigStore config)
-        throws EProfileException {
+            throws EProfileException {
         super.init(profile, config);
 
         mEnrollProfile = (EnrollProfile) profile;
@@ -91,19 +88,19 @@ public class CertReqInput extends EnrollInput implements IProfileInput {
      * Populates the request with this policy default.
      */
     public void populate(IProfileContext ctx, IRequest request)
-        throws EProfileException {
+            throws EProfileException {
         String cert_request_type = ctx.get(VAL_CERT_REQUEST_TYPE);
         String cert_request = ctx.get(VAL_CERT_REQUEST);
         X509CertInfo info =
-            request.getExtDataInCertInfo(EnrollProfile.REQUEST_CERTINFO);
+                request.getExtDataInCertInfo(EnrollProfile.REQUEST_CERTINFO);
 
         if (cert_request_type == null) {
-            CMS.debug("CertReqInput: populate - invalid cert request type " + 
-                "");
+            CMS.debug("CertReqInput: populate - invalid cert request type " +
+                    "");
             throw new EProfileException(
-                    CMS.getUserMessage(getLocale(request), 
-                        "CMS_PROFILE_UNKNOWN_CERT_REQ_TYPE", 
-                        ""));
+                    CMS.getUserMessage(getLocale(request),
+                            "CMS_PROFILE_UNKNOWN_CERT_REQ_TYPE",
+                            ""));
         }
 
         if (cert_request_type.equals(EnrollProfile.REQ_TYPE_PKCS10)) {
@@ -114,7 +111,7 @@ public class CertReqInput extends EnrollInput implements IProfileInput {
                             getLocale(request), "CMS_PROFILE_NO_CERT_REQ"));
             }
 
-            mEnrollProfile.fillPKCS10(getLocale(request), pkcs10, info, request);	
+            mEnrollProfile.fillPKCS10(getLocale(request), pkcs10, info, request);
         } else if (cert_request_type.startsWith(EnrollProfile.REQ_TYPE_KEYGEN)) {
             DerInputStream keygen = mEnrollProfile.parseKeyGen(getLocale(request), cert_request);
 
@@ -138,7 +135,7 @@ public class CertReqInput extends EnrollInput implements IProfileInput {
             Integer seqNum = request.getExtDataInInteger(EnrollProfile.REQUEST_SEQ_NUM);
 
             mEnrollProfile.fillCertReqMsg(getLocale(request), msgs[seqNum.intValue()], info, request
-            );
+                    );
         } else if (cert_request_type.startsWith(EnrollProfile.REQ_TYPE_CMC)) {
             TaggedRequest msgs[] = mEnrollProfile.parseCMC(getLocale(request), cert_request);
 
@@ -148,40 +145,39 @@ public class CertReqInput extends EnrollInput implements IProfileInput {
             }
             // This profile only handle the first request in CRMF
             Integer seqNum = request.getExtDataInInteger(EnrollProfile.REQUEST_SEQ_NUM);
-            if (seqNum == null) { 
-                throw new EProfileException( 
-                   CMS.getUserMessage(getLocale(request), 
-                   "CMS_PROFILE_UNKNOWN_SEQ_NUM")); 
+            if (seqNum == null) {
+                throw new EProfileException(
+                        CMS.getUserMessage(getLocale(request),
+                                "CMS_PROFILE_UNKNOWN_SEQ_NUM"));
             }
 
             mEnrollProfile.fillTaggedRequest(getLocale(request), msgs[seqNum.intValue()], info, request);
         } else {
             // error
-            CMS.debug("CertReqInput: populate - invalid cert request type " + 
-                cert_request_type);
+            CMS.debug("CertReqInput: populate - invalid cert request type " +
+                    cert_request_type);
             throw new EProfileException(
-                    CMS.getUserMessage(getLocale(request), 
-                        "CMS_PROFILE_UNKNOWN_CERT_REQ_TYPE", 
-                        cert_request_type));
+                    CMS.getUserMessage(getLocale(request),
+                            "CMS_PROFILE_UNKNOWN_CERT_REQ_TYPE",
+                            cert_request_type));
         }
         request.setExtData(EnrollProfile.REQUEST_CERTINFO, info);
     }
 
     /**
-     * Retrieves the descriptor of the given value
-     * parameter by name.
+     * Retrieves the descriptor of the given value parameter by name.
      */
     public IDescriptor getValueDescriptor(Locale locale, String name) {
         if (name.equals(VAL_CERT_REQUEST_TYPE)) {
             return new Descriptor(IDescriptor.CERT_REQUEST_TYPE, null,
                     null,
                     CMS.getUserMessage(locale,
-                        "CMS_PROFILE_INPUT_CERT_REQ_TYPE"));
+                            "CMS_PROFILE_INPUT_CERT_REQ_TYPE"));
         } else if (name.equals(VAL_CERT_REQUEST)) {
             return new Descriptor(IDescriptor.CERT_REQUEST, null,
                     null,
                     CMS.getUserMessage(locale,
-                        "CMS_PROFILE_INPUT_CERT_REQ"));
+                            "CMS_PROFILE_INPUT_CERT_REQ"));
         }
         return null;
     }
diff --git a/pki/base/common/src/com/netscape/cms/profile/input/DualKeyGenInput.java b/pki/base/common/src/com/netscape/cms/profile/input/DualKeyGenInput.java
index b887807c..b898043d 100644
--- a/pki/base/common/src/com/netscape/cms/profile/input/DualKeyGenInput.java
+++ b/pki/base/common/src/com/netscape/cms/profile/input/DualKeyGenInput.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.profile.input;
 
-
 import java.util.Locale;
 
 import netscape.security.pkcs.PKCS10;
@@ -37,26 +36,23 @@ import com.netscape.certsrv.property.IDescriptor;
 import com.netscape.certsrv.request.IRequest;
 import com.netscape.cms.profile.common.EnrollProfile;
 
-
 /**
- * This class implements the dual key generation input.
- * This input populates parameters to the enrollment 
- * pages so that a CRMF request containing 2 certificate 
- * requests will be generated.
+ * This class implements the dual key generation input. This input populates
+ * parameters to the enrollment pages so that a CRMF request containing 2
+ * certificate requests will be generated.
  * <p>
- *
- * This input can only be used with Netscape 7.x or later
- * clients.
+ * 
+ * This input can only be used with Netscape 7.x or later clients.
  * <p>
- *
+ * 
  * @version $Revision$, $Date$
  */
-public class DualKeyGenInput extends EnrollInput implements IProfileInput { 
+public class DualKeyGenInput extends EnrollInput implements IProfileInput {
 
-    public static final String VAL_KEYGEN_REQUEST_TYPE = 
-        EnrollProfile.CTX_CERT_REQUEST_TYPE;
-    public static final String VAL_KEYGEN_REQUEST = 
-        EnrollProfile.CTX_CERT_REQUEST;
+    public static final String VAL_KEYGEN_REQUEST_TYPE =
+            EnrollProfile.CTX_CERT_REQUEST_TYPE;
+    public static final String VAL_KEYGEN_REQUEST =
+            EnrollProfile.CTX_CERT_REQUEST;
 
     public EnrollProfile mEnrollProfile = null;
 
@@ -69,7 +65,7 @@ public class DualKeyGenInput extends EnrollInput implements IProfileInput {
      * Initializes this default policy.
      */
     public void init(IProfile profile, IConfigStore config)
-        throws EProfileException {
+            throws EProfileException {
         super.init(profile, config);
         mEnrollProfile = (EnrollProfile) profile;
     }
@@ -92,29 +88,29 @@ public class DualKeyGenInput extends EnrollInput implements IProfileInput {
      * Populates the request with this policy default.
      */
     public void populate(IProfileContext ctx, IRequest request)
-        throws EProfileException {
+            throws EProfileException {
         String keygen_request_type = ctx.get(VAL_KEYGEN_REQUEST_TYPE);
         String keygen_request = ctx.get(VAL_KEYGEN_REQUEST);
 
         X509CertInfo info =
-            request.getExtDataInCertInfo(EnrollProfile.REQUEST_CERTINFO);
+                request.getExtDataInCertInfo(EnrollProfile.REQUEST_CERTINFO);
 
         if (keygen_request_type == null) {
             CMS.debug("DualKeyGenInput: populate - invalid cert request type " +
-                "");
+                    "");
             throw new EProfileException(
                     CMS.getUserMessage(getLocale(request),
-                        "CMS_PROFILE_UNKNOWN_CERT_REQ_TYPE",
-                        ""));
+                            "CMS_PROFILE_UNKNOWN_CERT_REQ_TYPE",
+                            ""));
         }
         if (keygen_request_type.startsWith("pkcs10")) {
             PKCS10 pkcs10 = mEnrollProfile.parsePKCS10(getLocale(request), keygen_request);
 
-            mEnrollProfile.fillPKCS10(getLocale(request), pkcs10, info, request);	
+            mEnrollProfile.fillPKCS10(getLocale(request), pkcs10, info, request);
         } else if (keygen_request_type.startsWith("keygen")) {
             DerInputStream keygen = mEnrollProfile.parseKeyGen(getLocale(request), keygen_request);
 
-            mEnrollProfile.fillKeyGen(getLocale(request), keygen, info, request);	
+            mEnrollProfile.fillKeyGen(getLocale(request), keygen, info, request);
         } else if (keygen_request_type.startsWith("crmf")) {
             CertReqMsg msgs[] = mEnrollProfile.parseCRMF(getLocale(request), keygen_request);
 
@@ -128,28 +124,27 @@ public class DualKeyGenInput extends EnrollInput implements IProfileInput {
             // This profile only handle the first request in CRMF
             Integer seqNum = request.getExtDataInInteger(EnrollProfile.REQUEST_SEQ_NUM);
 
-            if (seqNum == null) { 
-                throw new EProfileException( 
-                    CMS.getUserMessage(getLocale(request), 
-                    "CMS_PROFILE_UNKNOWN_SEQ_NUM"));
+            if (seqNum == null) {
+                throw new EProfileException(
+                        CMS.getUserMessage(getLocale(request),
+                                "CMS_PROFILE_UNKNOWN_SEQ_NUM"));
             }
 
             mEnrollProfile.fillCertReqMsg(getLocale(request), msgs[seqNum.intValue()], info, request);
         } else {
             // error
-            CMS.debug("DualKeyGenInput: populate - " + 
-                "invalid cert request type " + keygen_request_type);
+            CMS.debug("DualKeyGenInput: populate - " +
+                    "invalid cert request type " + keygen_request_type);
             throw new EProfileException(CMS.getUserMessage(
-                        getLocale(request), 
-                        "CMS_PROFILE_UNKNOWN_CERT_REQ_TYPE", 
+                        getLocale(request),
+                        "CMS_PROFILE_UNKNOWN_CERT_REQ_TYPE",
                         keygen_request_type));
         }
         request.setExtData(EnrollProfile.REQUEST_CERTINFO, info);
     }
 
     /**
-     * Retrieves the descriptor of the given value
-     * parameter by name.
+     * Retrieves the descriptor of the given value parameter by name.
      */
     public IDescriptor getValueDescriptor(Locale locale, String name) {
         if (name.equals(VAL_KEYGEN_REQUEST_TYPE)) {
diff --git a/pki/base/common/src/com/netscape/cms/profile/input/EnrollInput.java b/pki/base/common/src/com/netscape/cms/profile/input/EnrollInput.java
index 1eaf476b..35e83a8d 100644
--- a/pki/base/common/src/com/netscape/cms/profile/input/EnrollInput.java
+++ b/pki/base/common/src/com/netscape/cms/profile/input/EnrollInput.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.profile.input;
 
-
 import java.util.Enumeration;
 import java.util.Locale;
 import java.util.Vector;
@@ -41,16 +40,15 @@ import com.netscape.certsrv.property.IDescriptor;
 import com.netscape.certsrv.request.IRequest;
 import com.netscape.cms.profile.common.EnrollProfile;
 
-
 /**
  * This class implements the base enrollment input.
- *
+ * 
  * @version $Revision$, $Date$
  */
-public abstract class EnrollInput implements IProfileInput { 
+public abstract class EnrollInput implements IProfileInput {
 
     private final static String LOGGING_SIGNED_AUDIT_PROOF_OF_POSSESSION =
-        "LOGGING_SIGNED_AUDIT_PROOF_OF_POSSESSION_2";
+            "LOGGING_SIGNED_AUDIT_PROOF_OF_POSSESSION_2";
 
     protected IConfigStore mConfig = null;
     protected Vector mValueNames = new Vector();
@@ -58,12 +56,12 @@ public abstract class EnrollInput implements IProfileInput {
     protected IProfile mProfile = null;
 
     protected ILogger mSignedAuditLogger = CMS.getSignedAuditLogger();
- 
+
     /**
      * Initializes this default policy.
      */
     public void init(IProfile profile, IConfigStore config)
-        throws EProfileException {
+            throws EProfileException {
         mConfig = config;
         mProfile = profile;
     }
@@ -74,17 +72,17 @@ public abstract class EnrollInput implements IProfileInput {
 
     /**
      * Populates the request with this policy default.
-     *
+     * 
      * @param ctx profile context
      * @param request request
      * @exception EProfileException failed to populate
      */
     public abstract void populate(IProfileContext ctx, IRequest request)
-        throws EProfileException;
+            throws EProfileException;
 
     /**
      * Retrieves the localizable name of this policy.
-     *
+     * 
      * @param locale user locale
      * @return localized input name
      */
@@ -92,23 +90,21 @@ public abstract class EnrollInput implements IProfileInput {
 
     /**
      * Retrieves the localizable description of this policy.
-     *
+     * 
      * @param locale user locale
      * @return localized input description
      */
     public abstract String getText(Locale locale);
 
     /**
-     * Retrieves the descriptor of the given value
-     * property by name.
-     *
+     * Retrieves the descriptor of the given value property by name.
+     * 
      * @param locale user locale
      * @param name property name
      * @return descriptor of the property
      */
     public abstract IDescriptor getValueDescriptor(Locale locale, String name);
 
-
     public void addValueName(String name) {
         mValueNames.addElement(name);
     }
@@ -129,7 +125,7 @@ public abstract class EnrollInput implements IProfileInput {
     }
 
     public void setConfig(String name, String value)
-        throws EPropertyException {
+            throws EPropertyException {
         if (mConfig.getSubStore("params") == null) {
             //
         } else {
@@ -141,7 +137,7 @@ public abstract class EnrollInput implements IProfileInput {
         try {
             if (mConfig == null) {
                 return null;
-	    }
+            }
             if (mConfig.getSubStore("params") != null) {
                 return mConfig.getSubStore("params").getString(name);
             }
@@ -155,7 +151,7 @@ public abstract class EnrollInput implements IProfileInput {
     }
 
     public String getValue(String name, Locale locale, IRequest request)
-        throws EProfileException {
+            throws EProfileException {
         return request.getExtDataInString(name);
     }
 
@@ -163,7 +159,7 @@ public abstract class EnrollInput implements IProfileInput {
      * Sets the value of the given value parameter by name.
      */
     public void setValue(String name, Locale locale, IRequest request,
-        String value) throws EPropertyException {
+            String value) throws EPropertyException {
         request.setExtData(name, value);
     }
 
@@ -181,16 +177,16 @@ public abstract class EnrollInput implements IProfileInput {
         return null;
     }
 
-    public void verifyPOP(Locale locale, CertReqMsg certReqMsg) 
-        throws EProfileException {
-        CMS.debug("EnrollInput ::in verifyPOP"); 
+    public void verifyPOP(Locale locale, CertReqMsg certReqMsg)
+            throws EProfileException {
+        CMS.debug("EnrollInput ::in verifyPOP");
 
         String auditMessage = null;
         String auditSubjectID = auditSubjectID();
 
-        if (!certReqMsg.hasPop()) { 
+        if (!certReqMsg.hasPop()) {
             CMS.debug("CertReqMsg has not POP, return");
-            return; 
+            return;
         }
         ProofOfPossession pop = certReqMsg.getPop();
         ProofOfPossession.Type popType = pop.getType();
@@ -202,8 +198,8 @@ public abstract class EnrollInput implements IProfileInput {
 
         try {
             if (CMS.getConfigStore().getBoolean("cms.skipPOPVerify", false)) {
-              CMS.debug("skipPOPVerify on, return");
-              return;
+                CMS.debug("skipPOPVerify on, return");
+                return;
             }
             CMS.debug("POP verification begins:");
             CryptoManager cm = CryptoManager.getInstance();
@@ -214,42 +210,42 @@ public abstract class EnrollInput implements IProfileInput {
                 CMS.debug("POP verification using internal token");
                 certReqMsg.verify();
             } else {
-                CMS.debug("POP verification using token:"+ tokenName);
+                CMS.debug("POP verification using token:" + tokenName);
                 verifyToken = cm.getTokenByName(tokenName);
                 certReqMsg.verify(verifyToken);
             }
 
             // store a message in the signed audit log file
             auditMessage = CMS.getLogMessage(
-              LOGGING_SIGNED_AUDIT_PROOF_OF_POSSESSION,
-              auditSubjectID,
-              ILogger.SUCCESS );
-            audit( auditMessage );
+                    LOGGING_SIGNED_AUDIT_PROOF_OF_POSSESSION,
+                    auditSubjectID,
+                    ILogger.SUCCESS);
+            audit(auditMessage);
         } catch (Exception e) {
 
-            CMS.debug("Failed POP verify! "+e.toString());
+            CMS.debug("Failed POP verify! " + e.toString());
             CMS.debug(e);
 
             // store a message in the signed audit log file
             auditMessage = CMS.getLogMessage(
-              LOGGING_SIGNED_AUDIT_PROOF_OF_POSSESSION,
-              auditSubjectID,
-              ILogger.FAILURE );
+                    LOGGING_SIGNED_AUDIT_PROOF_OF_POSSESSION,
+                    auditSubjectID,
+                    ILogger.FAILURE);
 
-            audit( auditMessage );
+            audit(auditMessage);
 
-            throw new EProfileException(CMS.getUserMessage(locale, 
+            throw new EProfileException(CMS.getUserMessage(locale,
                         "CMS_POP_VERIFICATION_ERROR"));
         }
     }
 
     /**
      * Signed Audit Log
-     *
-     * This method is inherited by all extended "CMSServlet"s,
-     * and is called to store messages to the signed audit log.
+     * 
+     * This method is inherited by all extended "CMSServlet"s, and is called to
+     * store messages to the signed audit log.
      * <P>
-     *
+     * 
      * @param msg signed audit log message
      */
     protected void audit(String msg) {
@@ -261,20 +257,19 @@ public abstract class EnrollInput implements IProfileInput {
         }
 
         mSignedAuditLogger.log(ILogger.EV_SIGNED_AUDIT,
-            null,
-            ILogger.S_SIGNED_AUDIT,
-            ILogger.LL_SECURITY,
-            msg);
+                null,
+                ILogger.S_SIGNED_AUDIT,
+                ILogger.LL_SECURITY,
+                msg);
     }
 
     /**
      * Signed Audit Log Subject ID
-     *
-     * This method is inherited by all extended "CMSServlet"s,
-     * and is called to obtain the "SubjectID" for
-     * a signed audit log message.
+     * 
+     * This method is inherited by all extended "CMSServlet"s, and is called to
+     * obtain the "SubjectID" for a signed audit log message.
      * <P>
-     *
+     * 
      * @return id string containing the signed audit log message SubjectID
      */
     protected String auditSubjectID() {
diff --git a/pki/base/common/src/com/netscape/cms/profile/input/FileSigningInput.java b/pki/base/common/src/com/netscape/cms/profile/input/FileSigningInput.java
index 70ede1e2..7e497c64 100644
--- a/pki/base/common/src/com/netscape/cms/profile/input/FileSigningInput.java
+++ b/pki/base/common/src/com/netscape/cms/profile/input/FileSigningInput.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.profile.input;
 
-
 import java.io.BufferedInputStream;
 import java.net.URL;
 import java.net.URLConnection;
@@ -34,15 +33,13 @@ import com.netscape.certsrv.property.Descriptor;
 import com.netscape.certsrv.property.IDescriptor;
 import com.netscape.certsrv.request.IRequest;
 
-
 /**
- * This class implements the image
- * input that collects a picture.
+ * This class implements the image input that collects a picture.
  * <p>
- *
+ * 
  * @version $Revision$, $Date$
  */
-public class FileSigningInput extends EnrollInput implements IProfileInput { 
+public class FileSigningInput extends EnrollInput implements IProfileInput {
 
     public static final String URL = "file_signing_url";
     public static final String TEXT = "file_signing_text";
@@ -59,7 +56,7 @@ public class FileSigningInput extends EnrollInput implements IProfileInput {
      * Initializes this default policy.
      */
     public void init(IProfile profile, IConfigStore config)
-        throws EProfileException {
+            throws EProfileException {
         super.init(profile, config);
     }
 
@@ -77,13 +74,12 @@ public class FileSigningInput extends EnrollInput implements IProfileInput {
         return CMS.getUserMessage(locale, "CMS_PROFILE_INPUT_FILE_SIGNING_TEXT");
     }
 
-    public String toHexString(byte data[]) 
-    {
+    public String toHexString(byte data[]) {
         StringBuffer sb = new StringBuffer();
         for (int i = 0; i < data.length; i++) {
             int v = data[i] & 0xff;
             if (v <= 9) {
-              sb.append("0");
+                sb.append("0");
             }
             sb.append(Integer.toHexString(v));
         }
@@ -94,42 +90,41 @@ public class FileSigningInput extends EnrollInput implements IProfileInput {
      * Populates the request with this policy default.
      */
     public void populate(IProfileContext ctx, IRequest request)
-        throws EProfileException {
+            throws EProfileException {
         request.setExtData(TEXT, ctx.get(TEXT));
         request.setExtData(URL, ctx.get(URL));
         request.setExtData(DIGEST_TYPE, "SHA256");
- 
+
         try {
-          // retrieve file and calculate the hash
-          URL url = new URL(ctx.get(URL));
-          URLConnection c = url.openConnection();
-          c.setAllowUserInteraction(false);
-          c.setDoInput(true);
-          c.setDoOutput(false);
-          c.setUseCaches(false);
-          c.connect();
-          int len = c.getContentLength();
-          request.setExtData(SIZE, Integer.toString(len));
-  	  BufferedInputStream is = new BufferedInputStream(c.getInputStream());
-          byte data[] = new byte[len];
-          is.read(data, 0, len);
-          is.close();
+            // retrieve file and calculate the hash
+            URL url = new URL(ctx.get(URL));
+            URLConnection c = url.openConnection();
+            c.setAllowUserInteraction(false);
+            c.setDoInput(true);
+            c.setDoOutput(false);
+            c.setUseCaches(false);
+            c.connect();
+            int len = c.getContentLength();
+            request.setExtData(SIZE, Integer.toString(len));
+            BufferedInputStream is = new BufferedInputStream(c.getInputStream());
+            byte data[] = new byte[len];
+            is.read(data, 0, len);
+            is.close();
 
-          // calculate digest
-          MessageDigest digester = MessageDigest.getInstance("SHA256");
-          byte digest[] = digester.digest(data);
-          request.setExtData(DIGEST, toHexString(digest));
-        } catch (Exception e) { 
-               CMS.debug("FileSigningInput populate failure " + e);
-               throw new EProfileException( 
-                  CMS.getUserMessage(getLocale(request), 
-                  "CMS_PROFILE_FILE_NOT_FOUND"));
+            // calculate digest
+            MessageDigest digester = MessageDigest.getInstance("SHA256");
+            byte digest[] = digester.digest(data);
+            request.setExtData(DIGEST, toHexString(digest));
+        } catch (Exception e) {
+            CMS.debug("FileSigningInput populate failure " + e);
+            throw new EProfileException(
+                    CMS.getUserMessage(getLocale(request),
+                            "CMS_PROFILE_FILE_NOT_FOUND"));
         }
     }
 
     /**
-     * Retrieves the descriptor of the given value
-     * parameter by name.
+     * Retrieves the descriptor of the given value parameter by name.
      */
     public IDescriptor getValueDescriptor(Locale locale, String name) {
         if (name.equals(URL)) {
diff --git a/pki/base/common/src/com/netscape/cms/profile/input/GenericInput.java b/pki/base/common/src/com/netscape/cms/profile/input/GenericInput.java
index 5aa85e0e..d9ce1487 100644
--- a/pki/base/common/src/com/netscape/cms/profile/input/GenericInput.java
+++ b/pki/base/common/src/com/netscape/cms/profile/input/GenericInput.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.profile.input;
 
-
 import java.util.Enumeration;
 import java.util.Locale;
 import java.util.Vector;
@@ -32,14 +31,13 @@ import com.netscape.certsrv.property.Descriptor;
 import com.netscape.certsrv.property.IDescriptor;
 import com.netscape.certsrv.request.IRequest;
 
-
 /**
  * This class implements a generic input.
  * <p>
- *
+ * 
  * @version $Revision$, $Date$
  */
-public class GenericInput extends EnrollInput implements IProfileInput { 
+public class GenericInput extends EnrollInput implements IProfileInput {
 
     public static final String CONFIG_NUM = "gi_num";
     public static final String CONFIG_DISPLAY_NAME = "gi_display_name";
@@ -49,12 +47,12 @@ public class GenericInput extends EnrollInput implements IProfileInput {
     public static final int DEF_NUM = 5;
 
     public GenericInput() {
-      int num = getNum();
-      for (int i = 0; i < num; i++) {
-        addConfigName(CONFIG_PARAM_NAME + i);
-        addConfigName(CONFIG_DISPLAY_NAME + i);
-        addConfigName(CONFIG_ENABLE + i);
-      }
+        int num = getNum();
+        for (int i = 0; i < num; i++) {
+            addConfigName(CONFIG_PARAM_NAME + i);
+            addConfigName(CONFIG_DISPLAY_NAME + i);
+            addConfigName(CONFIG_ENABLE + i);
+        }
     }
 
     protected int getNum() {
@@ -75,7 +73,7 @@ public class GenericInput extends EnrollInput implements IProfileInput {
      * Initializes this default policy.
      */
     public void init(IProfile profile, IConfigStore config)
-        throws EProfileException {
+            throws EProfileException {
         super.init(profile, config);
     }
 
@@ -97,65 +95,64 @@ public class GenericInput extends EnrollInput implements IProfileInput {
      * Returns selected value names based on the configuration.
      */
     public Enumeration getValueNames() {
-         Vector v = new Vector();
-         int num = getNum();
-         for (int i = 0; i < num; i++) {
-             String enable = getConfig(CONFIG_ENABLE + i);
-             if (enable != null && enable.equals("true")) {
-               v.addElement(getConfig(CONFIG_PARAM_NAME + i));
-             }
-         }
-         return v.elements();
+        Vector v = new Vector();
+        int num = getNum();
+        for (int i = 0; i < num; i++) {
+            String enable = getConfig(CONFIG_ENABLE + i);
+            if (enable != null && enable.equals("true")) {
+                v.addElement(getConfig(CONFIG_PARAM_NAME + i));
+            }
+        }
+        return v.elements();
     }
 
     /**
      * Populates the request with this policy default.
      */
     public void populate(IProfileContext ctx, IRequest request)
-        throws EProfileException {
+            throws EProfileException {
         int num = getNum();
         for (int i = 0; i < num; i++) {
-             String enable = getConfig(CONFIG_ENABLE + i);
-             if (enable != null && enable.equals("true")) {
+            String enable = getConfig(CONFIG_ENABLE + i);
+            if (enable != null && enable.equals("true")) {
                 String param = getConfig(CONFIG_PARAM_NAME + i);
                 request.setExtData(param, ctx.get(param));
-             }
+            }
         }
     }
 
     public IDescriptor getConfigDescriptor(Locale locale, String name) {
         int num = getNum();
         for (int i = 0; i < num; i++) {
-          if (name.equals(CONFIG_PARAM_NAME + i)) {
-            return new Descriptor(IDescriptor.STRING, null,
-                    null,
-                    CMS.getUserMessage(locale, "CMS_PROFILE_GI_PARAM_NAME") + i);
-          } else if (name.equals(CONFIG_DISPLAY_NAME + i)) {
-            return new Descriptor(IDescriptor.STRING, null,
-                    null,
-                    CMS.getUserMessage(locale, "CMS_PROFILE_GI_DISPLAY_NAME") + i);
-          } else if (name.equals(CONFIG_ENABLE + i)) {
-            return new Descriptor(IDescriptor.BOOLEAN, null,
-                    "false",
-                    CMS.getUserMessage(locale, "CMS_PROFILE_GI_ENABLE") + i);
-          }
+            if (name.equals(CONFIG_PARAM_NAME + i)) {
+                return new Descriptor(IDescriptor.STRING, null,
+                        null,
+                        CMS.getUserMessage(locale, "CMS_PROFILE_GI_PARAM_NAME") + i);
+            } else if (name.equals(CONFIG_DISPLAY_NAME + i)) {
+                return new Descriptor(IDescriptor.STRING, null,
+                        null,
+                        CMS.getUserMessage(locale, "CMS_PROFILE_GI_DISPLAY_NAME") + i);
+            } else if (name.equals(CONFIG_ENABLE + i)) {
+                return new Descriptor(IDescriptor.BOOLEAN, null,
+                        "false",
+                        CMS.getUserMessage(locale, "CMS_PROFILE_GI_ENABLE") + i);
+            }
         } // for
         return null;
     }
 
     /**
-     * Retrieves the descriptor of the given value
-     * parameter by name.
+     * Retrieves the descriptor of the given value parameter by name.
      */
     public IDescriptor getValueDescriptor(Locale locale, String name) {
         int num = getNum();
         for (int i = 0; i < num; i++) {
-             String param = getConfig(CONFIG_PARAM_NAME + i);
-             if (param != null && param.equals(name)) {
-               return new Descriptor(IDescriptor.STRING, null,
-                    null,
-                    getConfig(CONFIG_DISPLAY_NAME + i));
-             }
+            String param = getConfig(CONFIG_PARAM_NAME + i);
+            if (param != null && param.equals(name)) {
+                return new Descriptor(IDescriptor.STRING, null,
+                        null,
+                        getConfig(CONFIG_DISPLAY_NAME + i));
+            }
         }
         return null;
     }
diff --git a/pki/base/common/src/com/netscape/cms/profile/input/ImageInput.java b/pki/base/common/src/com/netscape/cms/profile/input/ImageInput.java
index 265b958d..9c8f73d7 100644
--- a/pki/base/common/src/com/netscape/cms/profile/input/ImageInput.java
+++ b/pki/base/common/src/com/netscape/cms/profile/input/ImageInput.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.profile.input;
 
-
 import java.util.Locale;
 
 import com.netscape.certsrv.apps.CMS;
@@ -30,15 +29,13 @@ import com.netscape.certsrv.property.Descriptor;
 import com.netscape.certsrv.property.IDescriptor;
 import com.netscape.certsrv.request.IRequest;
 
-
 /**
- * This class implements the image
- * input that collects a picture.
+ * This class implements the image input that collects a picture.
  * <p>
- *
+ * 
  * @version $Revision$, $Date$
  */
-public class ImageInput extends EnrollInput implements IProfileInput { 
+public class ImageInput extends EnrollInput implements IProfileInput {
 
     public static final String IMAGE_URL = "image_url";
 
@@ -50,7 +47,7 @@ public class ImageInput extends EnrollInput implements IProfileInput {
      * Initializes this default policy.
      */
     public void init(IProfile profile, IConfigStore config)
-        throws EProfileException {
+            throws EProfileException {
         super.init(profile, config);
     }
 
@@ -72,13 +69,12 @@ public class ImageInput extends EnrollInput implements IProfileInput {
      * Populates the request with this policy default.
      */
     public void populate(IProfileContext ctx, IRequest request)
-        throws EProfileException {
+            throws EProfileException {
         request.setExtData(IMAGE_URL, ctx.get(IMAGE_URL));
     }
 
     /**
-     * Retrieves the descriptor of the given value
-     * parameter by name.
+     * Retrieves the descriptor of the given value parameter by name.
      */
     public IDescriptor getValueDescriptor(Locale locale, String name) {
         if (name.equals(IMAGE_URL)) {
diff --git a/pki/base/common/src/com/netscape/cms/profile/input/KeyGenInput.java b/pki/base/common/src/com/netscape/cms/profile/input/KeyGenInput.java
index 00c0ffcf..4d7a3090 100644
--- a/pki/base/common/src/com/netscape/cms/profile/input/KeyGenInput.java
+++ b/pki/base/common/src/com/netscape/cms/profile/input/KeyGenInput.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.profile.input;
 
-
 import java.util.Locale;
 
 import netscape.security.pkcs.PKCS10;
@@ -38,25 +37,23 @@ import com.netscape.certsrv.property.IDescriptor;
 import com.netscape.certsrv.request.IRequest;
 import com.netscape.cms.profile.common.EnrollProfile;
 
-
 /**
- * This class implements the key generation input that
- * populates parameters to the enrollment page for
- * key generation.
+ * This class implements the key generation input that populates parameters to
+ * the enrollment page for key generation.
  * <p>
- *
- * This input normally is used with user-based or
- * non certificate request profile.
+ * 
+ * This input normally is used with user-based or non certificate request
+ * profile.
  * <p>
- *
+ * 
  * @version $Revision$, $Date$
  */
-public class KeyGenInput extends EnrollInput implements IProfileInput { 
+public class KeyGenInput extends EnrollInput implements IProfileInput {
 
-    public static final String VAL_KEYGEN_REQUEST_TYPE = 
-        EnrollProfile.CTX_CERT_REQUEST_TYPE;
-    public static final String VAL_KEYGEN_REQUEST = 
-        EnrollProfile.CTX_CERT_REQUEST;
+    public static final String VAL_KEYGEN_REQUEST_TYPE =
+            EnrollProfile.CTX_CERT_REQUEST_TYPE;
+    public static final String VAL_KEYGEN_REQUEST =
+            EnrollProfile.CTX_CERT_REQUEST;
 
     public EnrollProfile mEnrollProfile = null;
 
@@ -69,7 +66,7 @@ public class KeyGenInput extends EnrollInput implements IProfileInput {
      * Initializes this default policy.
      */
     public void init(IProfile profile, IConfigStore config)
-        throws EProfileException {
+            throws EProfileException {
         super.init(profile, config);
         mEnrollProfile = (EnrollProfile) profile;
     }
@@ -92,20 +89,20 @@ public class KeyGenInput extends EnrollInput implements IProfileInput {
      * Populates the request with this policy default.
      */
     public void populate(IProfileContext ctx, IRequest request)
-        throws EProfileException {
+            throws EProfileException {
         String keygen_request_type = ctx.get(VAL_KEYGEN_REQUEST_TYPE);
         String keygen_request = ctx.get(VAL_KEYGEN_REQUEST);
 
         X509CertInfo info =
-            request.getExtDataInCertInfo(EnrollProfile.REQUEST_CERTINFO);
+                request.getExtDataInCertInfo(EnrollProfile.REQUEST_CERTINFO);
 
         if (keygen_request_type == null) {
             CMS.debug("KeyGenInput: populate - invalid cert request type " +
-                "");
+                    "");
             throw new EProfileException(
                     CMS.getUserMessage(getLocale(request),
-                        "CMS_PROFILE_UNKNOWN_CERT_REQ_TYPE",
-                        ""));
+                            "CMS_PROFILE_UNKNOWN_CERT_REQ_TYPE",
+                            ""));
         }
         if (keygen_request_type.startsWith(EnrollProfile.REQ_TYPE_PKCS10)) {
             PKCS10 pkcs10 = mEnrollProfile.parsePKCS10(getLocale(request), keygen_request);
@@ -115,7 +112,7 @@ public class KeyGenInput extends EnrollInput implements IProfileInput {
                             getLocale(request), "CMS_PROFILE_NO_CERT_REQ"));
             }
 
-            mEnrollProfile.fillPKCS10(getLocale(request), pkcs10, info, request);	
+            mEnrollProfile.fillPKCS10(getLocale(request), pkcs10, info, request);
         } else if (keygen_request_type.startsWith(EnrollProfile.REQ_TYPE_KEYGEN)) {
             DerInputStream keygen = mEnrollProfile.parseKeyGen(getLocale(request), keygen_request);
 
@@ -124,7 +121,7 @@ public class KeyGenInput extends EnrollInput implements IProfileInput {
                             getLocale(request), "CMS_PROFILE_NO_CERT_REQ"));
             }
 
-            mEnrollProfile.fillKeyGen(getLocale(request), keygen, info, request);	
+            mEnrollProfile.fillKeyGen(getLocale(request), keygen, info, request);
         } else if (keygen_request_type.startsWith(EnrollProfile.REQ_TYPE_CRMF)) {
             CertReqMsg msgs[] = mEnrollProfile.parseCRMF(getLocale(request), keygen_request);
 
@@ -149,17 +146,17 @@ public class KeyGenInput extends EnrollInput implements IProfileInput {
             // This profile only handle the first request in CRMF
             Integer seqNum = request.getExtDataInInteger(EnrollProfile.REQUEST_SEQ_NUM);
 
-            if (seqNum == null) { 
-                   throw new EProfileException( 
-                    CMS.getUserMessage(getLocale(request), 
-                    "CMS_PROFILE_UNKNOWN_SEQ_NUM")); 
+            if (seqNum == null) {
+                throw new EProfileException(
+                        CMS.getUserMessage(getLocale(request),
+                                "CMS_PROFILE_UNKNOWN_SEQ_NUM"));
             }
 
             mEnrollProfile.fillTaggedRequest(getLocale(request), msgs[seqNum.intValue()], info, request);
         } else {
             // error
             CMS.debug("DualKeyGenInput: populate - " +
-                "invalid cert request type " + keygen_request_type);
+                    "invalid cert request type " + keygen_request_type);
             throw new EProfileException(CMS.getUserMessage(
                         getLocale(request),
                         "CMS_PROFILE_UNKNOWN_CERT_REQ_TYPE",
@@ -169,8 +166,7 @@ public class KeyGenInput extends EnrollInput implements IProfileInput {
     }
 
     /**
-     * Retrieves the descriptor of the given value
-     * parameter by name.
+     * Retrieves the descriptor of the given value parameter by name.
      */
     public IDescriptor getValueDescriptor(Locale locale, String name) {
         if (name.equals(VAL_KEYGEN_REQUEST_TYPE)) {
diff --git a/pki/base/common/src/com/netscape/cms/profile/input/SerialNumRenewInput.java b/pki/base/common/src/com/netscape/cms/profile/input/SerialNumRenewInput.java
index dce75c15..870f75d2 100644
--- a/pki/base/common/src/com/netscape/cms/profile/input/SerialNumRenewInput.java
+++ b/pki/base/common/src/com/netscape/cms/profile/input/SerialNumRenewInput.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.profile.input;
 
-
 import java.util.Locale;
 
 import com.netscape.certsrv.apps.CMS;
@@ -30,15 +29,13 @@ import com.netscape.certsrv.property.Descriptor;
 import com.netscape.certsrv.property.IDescriptor;
 import com.netscape.certsrv.request.IRequest;
 
-
 /**
- * This class implements the serial number input
- * for renewal
+ * This class implements the serial number input for renewal
  * <p>
- *
- * @author Christina Fu 
+ * 
+ * @author Christina Fu
  */
-public class SerialNumRenewInput extends EnrollInput implements IProfileInput { 
+public class SerialNumRenewInput extends EnrollInput implements IProfileInput {
 
     public static final String SERIAL_NUM = "serial_num";
 
@@ -50,7 +47,7 @@ public class SerialNumRenewInput extends EnrollInput implements IProfileInput {
      * Initializes this default policy.
      */
     public void init(IProfile profile, IConfigStore config)
-        throws EProfileException {
+            throws EProfileException {
         super.init(profile, config);
     }
 
@@ -72,13 +69,12 @@ public class SerialNumRenewInput extends EnrollInput implements IProfileInput {
      * Populates the request with this policy default.
      */
     public void populate(IProfileContext ctx, IRequest request)
-        throws EProfileException {
+            throws EProfileException {
         //
     }
 
     /**
-     * Retrieves the descriptor of the given value
-     * parameter by name.
+     * Retrieves the descriptor of the given value parameter by name.
      */
     public IDescriptor getValueDescriptor(Locale locale, String name) {
         if (name.equals(SERIAL_NUM)) {
diff --git a/pki/base/common/src/com/netscape/cms/profile/input/SubjectDNInput.java b/pki/base/common/src/com/netscape/cms/profile/input/SubjectDNInput.java
index 4a8f6050..18f18fad 100644
--- a/pki/base/common/src/com/netscape/cms/profile/input/SubjectDNInput.java
+++ b/pki/base/common/src/com/netscape/cms/profile/input/SubjectDNInput.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.profile.input;
 
-
 import java.util.Enumeration;
 import java.util.Locale;
 import java.util.Vector;
@@ -37,11 +36,10 @@ import com.netscape.certsrv.property.IDescriptor;
 import com.netscape.certsrv.request.IRequest;
 import com.netscape.cms.profile.common.EnrollProfile;
 
-
 /**
  * This plugin accepts subject DN from end user.
  */
-public class SubjectDNInput extends EnrollInput implements IProfileInput { 
+public class SubjectDNInput extends EnrollInput implements IProfileInput {
 
     public static final String VAL_SUBJECT = "subject";
 
@@ -52,7 +50,7 @@ public class SubjectDNInput extends EnrollInput implements IProfileInput {
      * Initializes this default policy.
      */
     public void init(IProfile profile, IConfigStore config)
-        throws EProfileException {
+            throws EProfileException {
         super.init(profile, config);
     }
 
@@ -70,37 +68,36 @@ public class SubjectDNInput extends EnrollInput implements IProfileInput {
         return CMS.getUserMessage(locale, "CMS_PROFILE_INPUT_SUBJECT_NAME_TEXT");
     }
 
-
     public String getConfig(String name) {
-	String config = super.getConfig(name);
-	if (config == null || config.equals(""))
-		return "true";
-	return config;
+        String config = super.getConfig(name);
+        if (config == null || config.equals(""))
+            return "true";
+        return config;
     }
 
     /**
      * Returns selected value names based on the configuration.
      */
     public Enumeration<String> getValueNames() {
-         Vector<String> v = new Vector<String>();
-         v.addElement(VAL_SUBJECT);
-         return v.elements();
+        Vector<String> v = new Vector<String>();
+        v.addElement(VAL_SUBJECT);
+        return v.elements();
     }
 
     /**
      * Populates the request with this policy default.
      */
     public void populate(IProfileContext ctx, IRequest request)
-        throws EProfileException {
+            throws EProfileException {
         X509CertInfo info =
-            request.getExtDataInCertInfo(EnrollProfile.REQUEST_CERTINFO);
+                request.getExtDataInCertInfo(EnrollProfile.REQUEST_CERTINFO);
         String subjectName = "";
 
         subjectName = ctx.get(VAL_SUBJECT);
         if (subjectName.equals("")) {
             throw new EProfileException(
-                    CMS.getUserMessage(getLocale(request), 
-                        "CMS_PROFILE_SUBJECT_NAME_NOT_FOUND"));
+                    CMS.getUserMessage(getLocale(request),
+                            "CMS_PROFILE_SUBJECT_NAME_NOT_FOUND"));
         }
         X500Name name = null;
 
@@ -108,10 +105,10 @@ public class SubjectDNInput extends EnrollInput implements IProfileInput {
             name = new X500Name(subjectName);
         } catch (Exception e) {
             throw new EProfileException(
-                    CMS.getUserMessage(getLocale(request), 
-                        "CMS_PROFILE_INVALID_SUBJECT_NAME", subjectName));
+                    CMS.getUserMessage(getLocale(request),
+                            "CMS_PROFILE_INVALID_SUBJECT_NAME", subjectName));
         }
-        parseSubjectName(name, info, request);	
+        parseSubjectName(name, info, request);
         request.setExtData(EnrollProfile.REQUEST_CERTINFO, info);
     }
 
@@ -120,8 +117,7 @@ public class SubjectDNInput extends EnrollInput implements IProfileInput {
     }
 
     /**
-     * Retrieves the descriptor of the given value
-     * parameter by name.
+     * Retrieves the descriptor of the given value parameter by name.
      */
     public IDescriptor getValueDescriptor(Locale locale, String name) {
         if (name.equals(VAL_SUBJECT)) {
@@ -133,13 +129,13 @@ public class SubjectDNInput extends EnrollInput implements IProfileInput {
     }
 
     protected void parseSubjectName(X500Name subj, X509CertInfo info, IRequest req)
-        throws EProfileException {
+            throws EProfileException {
         try {
             req.setExtData(EnrollProfile.REQUEST_SUBJECT_NAME,
                     new CertificateSubjectName(subj));
         } catch (Exception e) {
-            CMS.debug("SubjectNameInput: parseSubject Name " + 
-                e.toString());
+            CMS.debug("SubjectNameInput: parseSubject Name " +
+                    e.toString());
         }
     }
 }
diff --git a/pki/base/common/src/com/netscape/cms/profile/input/SubjectNameInput.java b/pki/base/common/src/com/netscape/cms/profile/input/SubjectNameInput.java
index 15f906f9..5ada65c9 100644
--- a/pki/base/common/src/com/netscape/cms/profile/input/SubjectNameInput.java
+++ b/pki/base/common/src/com/netscape/cms/profile/input/SubjectNameInput.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.profile.input;
 
-
 import java.util.Enumeration;
 import java.util.Locale;
 import java.util.Vector;
@@ -37,20 +36,18 @@ import com.netscape.certsrv.property.IDescriptor;
 import com.netscape.certsrv.request.IRequest;
 import com.netscape.cms.profile.common.EnrollProfile;
 
-
 /**
- * This class implements the subject name input
- * that populates text fields to the enrollment
- * page so that distinguished name parameters
- * can be collected from the user.
+ * This class implements the subject name input that populates text fields to
+ * the enrollment page so that distinguished name parameters can be collected
+ * from the user.
  * <p>
- * The collected parameters could be used for
- * fomulating the subject name in the certificate.
+ * The collected parameters could be used for fomulating the subject name in the
+ * certificate.
  * <p>
- *
+ * 
  * @version $Revision$, $Date$
  */
-public class SubjectNameInput extends EnrollInput implements IProfileInput { 
+public class SubjectNameInput extends EnrollInput implements IProfileInput {
 
     public static final String CONFIG_UID = "sn_uid";
     public static final String CONFIG_EMAIL = "sn_e";
@@ -88,7 +85,7 @@ public class SubjectNameInput extends EnrollInput implements IProfileInput {
      * Initializes this default policy.
      */
     public void init(IProfile profile, IConfigStore config)
-        throws EProfileException {
+            throws EProfileException {
         super.init(profile, config);
     }
 
@@ -106,101 +103,100 @@ public class SubjectNameInput extends EnrollInput implements IProfileInput {
         return CMS.getUserMessage(locale, "CMS_PROFILE_INPUT_SUBJECT_NAME_TEXT");
     }
 
-
     public String getConfig(String name) {
-	String config = super.getConfig(name);
-	if (config == null || config.equals(""))
-		return "true";
-	return config;
+        String config = super.getConfig(name);
+        if (config == null || config.equals(""))
+            return "true";
+        return config;
     }
 
     /**
      * Returns selected value names based on the configuration.
      */
     public Enumeration getValueNames() {
-         Vector v = new Vector();
-         String c_uid = getConfig(CONFIG_UID);
-         if (c_uid == null || c_uid.equals("")) {
-             v.addElement(VAL_UID); // default case
-         } else {
-           if (c_uid.equals("true")) {
-             v.addElement(VAL_UID);
-           }
-         }
-         String c_email = getConfig(CONFIG_EMAIL);
-         if (c_email == null || c_email.equals("")) {
-             v.addElement(VAL_EMAIL);
-         } else {
-           if (c_email.equals("true")) {
-             v.addElement(VAL_EMAIL);
-           }
-         }
-         String c_cn = getConfig(CONFIG_CN);
-         if (c_cn == null || c_cn.equals("")) {
-           v.addElement(VAL_CN);
-         } else {
-           if (c_cn.equals("true")) {
-             v.addElement(VAL_CN);
-	   }
-	 }
-         String c_ou3 = getConfig(CONFIG_OU3);
-         if (c_ou3 == null || c_ou3.equals("")) {
-           v.addElement(VAL_OU3);
-	 } else {
-           if (c_ou3.equals("true")) {
-           	v.addElement(VAL_OU3);
-	   }
-         }
-         String c_ou2 = getConfig(CONFIG_OU2);
-         if (c_ou2 == null || c_ou2.equals("")) {
-           v.addElement(VAL_OU2);
-	 } else {
-           if (c_ou2.equals("true")) {
-           	v.addElement(VAL_OU2);
-	   }
-         }
-         String c_ou1 = getConfig(CONFIG_OU1);
-         if (c_ou1 == null || c_ou1.equals("")) {
-           v.addElement(VAL_OU1);
-	 } else {
-           if (c_ou1.equals("true")) {
-           	v.addElement(VAL_OU1);
-	   }
-         }
-         String c_ou = getConfig(CONFIG_OU);
-         if (c_ou == null || c_ou.equals("")) {
-           v.addElement(VAL_OU);
-	 } else {
-           if (c_ou.equals("true")) {
-           	v.addElement(VAL_OU);
-	   }
-         }
-         String c_o = getConfig(CONFIG_O);
-         if (c_o == null || c_o.equals("")) {
-           v.addElement(VAL_O);
-	 } else {
-           if (c_o.equals("true")) {
-             v.addElement(VAL_O);
-	   }
-         }
-         String c_c = getConfig(CONFIG_C);
-         if (c_c == null || c_c.equals("")) {
-           v.addElement(VAL_C);
-         } else {
-           if (c_c.equals("true")) {
-             v.addElement(VAL_C);
-	   }
-         }
-         return v.elements();
+        Vector v = new Vector();
+        String c_uid = getConfig(CONFIG_UID);
+        if (c_uid == null || c_uid.equals("")) {
+            v.addElement(VAL_UID); // default case
+        } else {
+            if (c_uid.equals("true")) {
+                v.addElement(VAL_UID);
+            }
+        }
+        String c_email = getConfig(CONFIG_EMAIL);
+        if (c_email == null || c_email.equals("")) {
+            v.addElement(VAL_EMAIL);
+        } else {
+            if (c_email.equals("true")) {
+                v.addElement(VAL_EMAIL);
+            }
+        }
+        String c_cn = getConfig(CONFIG_CN);
+        if (c_cn == null || c_cn.equals("")) {
+            v.addElement(VAL_CN);
+        } else {
+            if (c_cn.equals("true")) {
+                v.addElement(VAL_CN);
+            }
+        }
+        String c_ou3 = getConfig(CONFIG_OU3);
+        if (c_ou3 == null || c_ou3.equals("")) {
+            v.addElement(VAL_OU3);
+        } else {
+            if (c_ou3.equals("true")) {
+                v.addElement(VAL_OU3);
+            }
+        }
+        String c_ou2 = getConfig(CONFIG_OU2);
+        if (c_ou2 == null || c_ou2.equals("")) {
+            v.addElement(VAL_OU2);
+        } else {
+            if (c_ou2.equals("true")) {
+                v.addElement(VAL_OU2);
+            }
+        }
+        String c_ou1 = getConfig(CONFIG_OU1);
+        if (c_ou1 == null || c_ou1.equals("")) {
+            v.addElement(VAL_OU1);
+        } else {
+            if (c_ou1.equals("true")) {
+                v.addElement(VAL_OU1);
+            }
+        }
+        String c_ou = getConfig(CONFIG_OU);
+        if (c_ou == null || c_ou.equals("")) {
+            v.addElement(VAL_OU);
+        } else {
+            if (c_ou.equals("true")) {
+                v.addElement(VAL_OU);
+            }
+        }
+        String c_o = getConfig(CONFIG_O);
+        if (c_o == null || c_o.equals("")) {
+            v.addElement(VAL_O);
+        } else {
+            if (c_o.equals("true")) {
+                v.addElement(VAL_O);
+            }
+        }
+        String c_c = getConfig(CONFIG_C);
+        if (c_c == null || c_c.equals("")) {
+            v.addElement(VAL_C);
+        } else {
+            if (c_c.equals("true")) {
+                v.addElement(VAL_C);
+            }
+        }
+        return v.elements();
     }
 
     /**
      * Populates the request with this policy default.
      */
     public void populate(IProfileContext ctx, IRequest request)
-        throws EProfileException {
+            throws EProfileException {
         X509CertInfo info =
-            request.getExtDataInCertInfo(EnrollProfile.REQUEST_CERTINFO);
+                request.getExtDataInCertInfo(EnrollProfile.REQUEST_CERTINFO);
         String subjectName = "";
 
         String uid = ctx.get(VAL_UID);
@@ -270,8 +266,8 @@ public class SubjectNameInput extends EnrollInput implements IProfileInput {
         }
         if (subjectName.equals("")) {
             throw new EProfileException(
-                    CMS.getUserMessage(getLocale(request), 
-                        "CMS_PROFILE_SUBJECT_NAME_NOT_FOUND"));
+                    CMS.getUserMessage(getLocale(request),
+                            "CMS_PROFILE_SUBJECT_NAME_NOT_FOUND"));
         }
         X500Name name = null;
 
@@ -279,10 +275,10 @@ public class SubjectNameInput extends EnrollInput implements IProfileInput {
             name = new X500Name(subjectName);
         } catch (Exception e) {
             throw new EProfileException(
-                    CMS.getUserMessage(getLocale(request), 
-                        "CMS_PROFILE_INVALID_SUBJECT_NAME", subjectName));
+                    CMS.getUserMessage(getLocale(request),
+                            "CMS_PROFILE_INVALID_SUBJECT_NAME", subjectName));
         }
-        parseSubjectName(name, info, request);	
+        parseSubjectName(name, info, request);
         request.setExtData(EnrollProfile.REQUEST_CERTINFO, info);
     }
 
@@ -329,8 +325,7 @@ public class SubjectNameInput extends EnrollInput implements IProfileInput {
     }
 
     /**
-     * Retrieves the descriptor of the given value
-     * parameter by name.
+     * Retrieves the descriptor of the given value parameter by name.
      */
     public IDescriptor getValueDescriptor(Locale locale, String name) {
         if (name.equals(VAL_UID)) {
@@ -374,13 +369,13 @@ public class SubjectNameInput extends EnrollInput implements IProfileInput {
     }
 
     protected void parseSubjectName(X500Name subj, X509CertInfo info, IRequest req)
-        throws EProfileException {
+            throws EProfileException {
         try {
             req.setExtData(EnrollProfile.REQUEST_SUBJECT_NAME,
                     new CertificateSubjectName(subj));
         } catch (Exception e) {
-            CMS.debug("SubjectNameInput: parseSubject Name " + 
-                e.toString());
+            CMS.debug("SubjectNameInput: parseSubject Name " +
+                    e.toString());
         }
     }
 }
diff --git a/pki/base/common/src/com/netscape/cms/profile/input/SubmitterInfoInput.java b/pki/base/common/src/com/netscape/cms/profile/input/SubmitterInfoInput.java
index 52df2d41..5d7be747 100644
--- a/pki/base/common/src/com/netscape/cms/profile/input/SubmitterInfoInput.java
+++ b/pki/base/common/src/com/netscape/cms/profile/input/SubmitterInfoInput.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.profile.input;
 
-
 import java.util.Locale;
 
 import com.netscape.certsrv.apps.CMS;
@@ -30,16 +29,14 @@ import com.netscape.certsrv.property.Descriptor;
 import com.netscape.certsrv.property.IDescriptor;
 import com.netscape.certsrv.request.IRequest;
 
-
 /**
- * This class implements the submitter information
- * input that collects certificate requestor's 
- * information such as name, email and phone.
+ * This class implements the submitter information input that collects
+ * certificate requestor's information such as name, email and phone.
  * <p>
- *
+ * 
  * @version $Revision$, $Date$
  */
-public class SubmitterInfoInput extends EnrollInput implements IProfileInput { 
+public class SubmitterInfoInput extends EnrollInput implements IProfileInput {
 
     public static final String NAME = "requestor_name";
     public static final String EMAIL = "requestor_email";
@@ -55,7 +52,7 @@ public class SubmitterInfoInput extends EnrollInput implements IProfileInput {
      * Initializes this default policy.
      */
     public void init(IProfile profile, IConfigStore config)
-        throws EProfileException {
+            throws EProfileException {
         super.init(profile, config);
     }
 
@@ -77,13 +74,12 @@ public class SubmitterInfoInput extends EnrollInput implements IProfileInput {
      * Populates the request with this policy default.
      */
     public void populate(IProfileContext ctx, IRequest request)
-        throws EProfileException {
+            throws EProfileException {
         //
     }
 
     /**
-     * Retrieves the descriptor of the given value
-     * parameter by name.
+     * Retrieves the descriptor of the given value parameter by name.
      */
     public IDescriptor getValueDescriptor(Locale locale, String name) {
         if (name.equals(NAME)) {
diff --git a/pki/base/common/src/com/netscape/cms/profile/input/nsHKeyCertReqInput.java b/pki/base/common/src/com/netscape/cms/profile/input/nsHKeyCertReqInput.java
index 64988fed..4e51feec 100644
--- a/pki/base/common/src/com/netscape/cms/profile/input/nsHKeyCertReqInput.java
+++ b/pki/base/common/src/com/netscape/cms/profile/input/nsHKeyCertReqInput.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.profile.input;
 
-
 import java.util.Locale;
 
 import netscape.security.x509.X509CertInfo;
@@ -33,19 +32,17 @@ import com.netscape.certsrv.property.IDescriptor;
 import com.netscape.certsrv.request.IRequest;
 import com.netscape.cms.profile.common.EnrollProfile;
 
-
 /**
- * This class implements the certificate request input from TPS.
- * This input populates 2 main fields to the enrollment "page":
- * 1/ token cuid, 2/ publickey
+ * This class implements the certificate request input from TPS. This input
+ * populates 2 main fields to the enrollment "page": 1/ token cuid, 2/ publickey
  * <p>
  * 
- * This input usually is used by an enrollment profile for
- * certificate requests coming from TPS.
- *
+ * This input usually is used by an enrollment profile for certificate requests
+ * coming from TPS.
+ * 
  * @version $Revision$, $Date$
  */
-public class nsHKeyCertReqInput extends EnrollInput implements IProfileInput { 
+public class nsHKeyCertReqInput extends EnrollInput implements IProfileInput {
     public static final String VAL_TOKEN_CUID = "tokencuid";
     public static final String VAL_PUBLIC_KEY = "publickey";
 
@@ -60,7 +57,7 @@ public class nsHKeyCertReqInput extends EnrollInput implements IProfileInput {
      * Initializes this default policy.
      */
     public void init(IProfile profile, IConfigStore config)
-        throws EProfileException {
+            throws EProfileException {
         super.init(profile, config);
 
         mEnrollProfile = (EnrollProfile) profile;
@@ -80,84 +77,82 @@ public class nsHKeyCertReqInput extends EnrollInput implements IProfileInput {
         return CMS.getUserMessage(locale, "CMS_PROFILE_INPUT_TOKENKEY_CERT_REQ_TEXT");
     }
 
-	/*
-	 * Pretty print token cuid
-	 */
-	public String toPrettyPrint(String cuid)
-	{
-		if (cuid == null)
-			return null;
-
-		if (cuid.length() != 20)
-			return null;
-
-		StringBuffer sb = new StringBuffer();
-		for (int i=0; i < cuid.length(); i++) {
-			if (i == 4 || i == 8 || i == 12 || i == 16) {
-				sb.append("-");
-			}
-			sb.append(cuid.charAt(i));
-		}
-		return sb.toString();
-	}
+    /*
+     * Pretty print token cuid
+     */
+    public String toPrettyPrint(String cuid) {
+        if (cuid == null)
+            return null;
+
+        if (cuid.length() != 20)
+            return null;
+
+        StringBuffer sb = new StringBuffer();
+        for (int i = 0; i < cuid.length(); i++) {
+            if (i == 4 || i == 8 || i == 12 || i == 16) {
+                sb.append("-");
+            }
+            sb.append(cuid.charAt(i));
+        }
+        return sb.toString();
+    }
 
     /**
      * Populates the request with this policy default.
      */
     public void populate(IProfileContext ctx, IRequest request)
-        throws EProfileException {
+            throws EProfileException {
         String tcuid = ctx.get(VAL_TOKEN_CUID);
-		// pretty print tcuid
-		String prettyPrintCuid = toPrettyPrint(tcuid);
-		if (prettyPrintCuid == null) {
+        // pretty print tcuid
+        String prettyPrintCuid = toPrettyPrint(tcuid);
+        if (prettyPrintCuid == null) {
             throw new EProfileException(
-                    CMS.getUserMessage(getLocale(request), 
-                        "CMS_PROFILE_TOKENKEY_NO_TOKENCUID", 
-                        ""));
-		}
+                    CMS.getUserMessage(getLocale(request),
+                            "CMS_PROFILE_TOKENKEY_NO_TOKENCUID",
+                            ""));
+        }
 
-		request.setExtData("pretty_print_tokencuid", prettyPrintCuid);
+        request.setExtData("pretty_print_tokencuid", prettyPrintCuid);
 
         String pk = ctx.get(VAL_PUBLIC_KEY);
         X509CertInfo info =
-            request.getExtDataInCertInfo(EnrollProfile.REQUEST_CERTINFO);
+                request.getExtDataInCertInfo(EnrollProfile.REQUEST_CERTINFO);
 
         if (tcuid == null) {
-            CMS.debug("nsHKeyCertReqInput: populate - tokencuid not found " + 
-                "");
+            CMS.debug("nsHKeyCertReqInput: populate - tokencuid not found " +
+                    "");
             throw new EProfileException(
-                    CMS.getUserMessage(getLocale(request), 
-                        "CMS_PROFILE_TOKENKEY_NO_TOKENCUID", 
-                        ""));
+                    CMS.getUserMessage(getLocale(request),
+                            "CMS_PROFILE_TOKENKEY_NO_TOKENCUID",
+                            ""));
         }
         if (pk == null) {
-            CMS.debug("nsHKeyCertReqInput: populate - public key not found " + 
-                "");
+            CMS.debug("nsHKeyCertReqInput: populate - public key not found " +
+                    "");
             throw new EProfileException(
-                    CMS.getUserMessage(getLocale(request), 
-                        "CMS_PROFILE_TOKENKEY_NO_PUBLIC_KEY", 
-                        ""));
+                    CMS.getUserMessage(getLocale(request),
+                            "CMS_PROFILE_TOKENKEY_NO_PUBLIC_KEY",
+                            ""));
         }
 
-		mEnrollProfile.fillNSHKEY(getLocale(request), tcuid, pk, info, request);	
+        mEnrollProfile.fillNSHKEY(getLocale(request), tcuid, pk, info, request);
         request.setExtData(EnrollProfile.REQUEST_CERTINFO, info);
     }
 
     /**
-     * Retrieves the descriptor of the given value
-     * parameter by name.
+     * Retrieves the descriptor of the given value parameter by name.
      */
     public IDescriptor getValueDescriptor(Locale locale, String name) {
         if (name.equals(VAL_TOKEN_CUID)) {
             return new Descriptor(IDescriptor.STRING, null,
                     null,
                     CMS.getUserMessage(locale,
-                        "CMS_PROFILE_INPUT_TOKENKEY_CERT_REQ_TOKEN_CUID"));
+                            "CMS_PROFILE_INPUT_TOKENKEY_CERT_REQ_TOKEN_CUID"));
         } else if (name.equals(VAL_PUBLIC_KEY)) {
             return new Descriptor(IDescriptor.STRING, null,
                     null,
                     CMS.getUserMessage(locale,
-                        "CMS_PROFILE_INPUT_TOKENKEY_CERT_REQ_PK"));
+                            "CMS_PROFILE_INPUT_TOKENKEY_CERT_REQ_PK"));
         }
         return null;
     }
diff --git a/pki/base/common/src/com/netscape/cms/profile/input/nsNKeyCertReqInput.java b/pki/base/common/src/com/netscape/cms/profile/input/nsNKeyCertReqInput.java
index 58984c6c..b2476a66 100644
--- a/pki/base/common/src/com/netscape/cms/profile/input/nsNKeyCertReqInput.java
+++ b/pki/base/common/src/com/netscape/cms/profile/input/nsNKeyCertReqInput.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.profile.input;
 
-
 import java.util.Locale;
 
 import netscape.security.x509.X509CertInfo;
@@ -33,19 +32,17 @@ import com.netscape.certsrv.property.IDescriptor;
 import com.netscape.certsrv.request.IRequest;
 import com.netscape.cms.profile.common.EnrollProfile;
 
-
 /**
- * This class implements the certificate request input from TPS.
- * This input populates 2 main fields to the enrollment "page":
- * 1/ id, 2/ publickey
+ * This class implements the certificate request input from TPS. This input
+ * populates 2 main fields to the enrollment "page": 1/ id, 2/ publickey
  * <p>
  * 
- * This input usually is used by an enrollment profile for
- * certificate requests coming from TPS.
- *
+ * This input usually is used by an enrollment profile for certificate requests
+ * coming from TPS.
+ * 
  * @version $Revision$, $Date$
  */
-public class nsNKeyCertReqInput extends EnrollInput implements IProfileInput { 
+public class nsNKeyCertReqInput extends EnrollInput implements IProfileInput {
     public static final String VAL_SN = "screenname";
     public static final String VAL_PUBLIC_KEY = "publickey";
 
@@ -60,7 +57,7 @@ public class nsNKeyCertReqInput extends EnrollInput implements IProfileInput {
      * Initializes this default policy.
      */
     public void init(IProfile profile, IConfigStore config)
-        throws EProfileException {
+            throws EProfileException {
         super.init(profile, config);
 
         mEnrollProfile = (EnrollProfile) profile;
@@ -84,48 +81,47 @@ public class nsNKeyCertReqInput extends EnrollInput implements IProfileInput {
      * Populates the request with this policy default.
      */
     public void populate(IProfileContext ctx, IRequest request)
-        throws EProfileException {
+            throws EProfileException {
         String sn = ctx.get(VAL_SN);
         String pk = ctx.get(VAL_PUBLIC_KEY);
         X509CertInfo info =
-            request.getExtDataInCertInfo(EnrollProfile.REQUEST_CERTINFO);
+                request.getExtDataInCertInfo(EnrollProfile.REQUEST_CERTINFO);
 
         if (sn == null) {
-            CMS.debug("nsNKeyCertReqInput: populate - id not found " + 
-                "");
+            CMS.debug("nsNKeyCertReqInput: populate - id not found " +
+                    "");
             throw new EProfileException(
-                    CMS.getUserMessage(getLocale(request), 
-                        "CMS_PROFILE_TOKENKEY_NO_ID", 
-                        ""));
+                    CMS.getUserMessage(getLocale(request),
+                            "CMS_PROFILE_TOKENKEY_NO_ID",
+                            ""));
         }
         if (pk == null) {
-            CMS.debug("nsNKeyCertReqInput: populate - public key not found " + 
-                "");
+            CMS.debug("nsNKeyCertReqInput: populate - public key not found " +
+                    "");
             throw new EProfileException(
-                    CMS.getUserMessage(getLocale(request), 
-                        "CMS_PROFILE_TOKENKEY_NO_PUBLIC_KEY", 
-                        ""));
+                    CMS.getUserMessage(getLocale(request),
+                            "CMS_PROFILE_TOKENKEY_NO_PUBLIC_KEY",
+                            ""));
         }
 
-		mEnrollProfile.fillNSNKEY(getLocale(request), sn, pk, info, request);	
+        mEnrollProfile.fillNSNKEY(getLocale(request), sn, pk, info, request);
         request.setExtData(EnrollProfile.REQUEST_CERTINFO, info);
     }
 
     /**
-     * Retrieves the descriptor of the given value
-     * parameter by name.
+     * Retrieves the descriptor of the given value parameter by name.
      */
     public IDescriptor getValueDescriptor(Locale locale, String name) {
         if (name.equals(VAL_SN)) {
             return new Descriptor(IDescriptor.STRING, null,
                     null,
                     CMS.getUserMessage(locale,
-                        "CMS_PROFILE_INPUT_TOKENKEY_CERT_REQ_UID"));
+                            "CMS_PROFILE_INPUT_TOKENKEY_CERT_REQ_UID"));
         } else if (name.equals(VAL_PUBLIC_KEY)) {
             return new Descriptor(IDescriptor.STRING, null,
                     null,
                     CMS.getUserMessage(locale,
-                        "CMS_PROFILE_INPUT_TOKENKEY_CERT_REQ_PK"));
+                            "CMS_PROFILE_INPUT_TOKENKEY_CERT_REQ_PK"));
         }
         return null;
     }
diff --git a/pki/base/common/src/com/netscape/cms/profile/output/CMMFOutput.java b/pki/base/common/src/com/netscape/cms/profile/output/CMMFOutput.java
index 999bdc67..421d5852 100644
--- a/pki/base/common/src/com/netscape/cms/profile/output/CMMFOutput.java
+++ b/pki/base/common/src/com/netscape/cms/profile/output/CMMFOutput.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.profile.output;
 
-
 import java.io.ByteArrayOutputStream;
 import java.security.cert.X509Certificate;
 import java.util.Locale;
@@ -45,14 +44,13 @@ import com.netscape.certsrv.property.IDescriptor;
 import com.netscape.certsrv.request.IRequest;
 import com.netscape.cms.profile.common.EnrollProfile;
 
-
 /**
- * This class implements the output plugin that outputs
- * CMMF response for the issued certificate.
- *
+ * This class implements the output plugin that outputs CMMF response for the
+ * issued certificate.
+ * 
  * @version $Revision$, $Date$
  */
-public class CMMFOutput extends EnrollOutput implements IProfileOutput { 
+public class CMMFOutput extends EnrollOutput implements IProfileOutput {
 
     public static final String VAL_PRETTY_CERT = "pretty_cert";
     public static final String VAL_CMMF_RESPONSE = "cmmf_response";
@@ -66,7 +64,7 @@ public class CMMFOutput extends EnrollOutput implements IProfileOutput {
      * Initializes this default policy.
      */
     public void init(IProfile profile, IConfigStore config)
-        throws EProfileException {
+            throws EProfileException {
         super.init(profile, config);
     }
 
@@ -88,72 +86,71 @@ public class CMMFOutput extends EnrollOutput implements IProfileOutput {
      * Populates the request with this policy default.
      */
     public void populate(IProfileContext ctx, IRequest request)
-        throws EProfileException {
+            throws EProfileException {
     }
 
     /**
-     * Retrieves the descriptor of the given value
-     * parameter by name.
+     * Retrieves the descriptor of the given value parameter by name.
      */
     public IDescriptor getValueDescriptor(Locale locale, String name) {
         if (name.equals(VAL_PRETTY_CERT)) {
             return new Descriptor(IDescriptor.PRETTY_PRINT, null,
                     null,
-                    CMS.getUserMessage(locale, 
-                        "CMS_PROFILE_OUTPUT_CERT_PP"));
+                    CMS.getUserMessage(locale,
+                            "CMS_PROFILE_OUTPUT_CERT_PP"));
         } else if (name.equals(VAL_CMMF_RESPONSE)) {
             return new Descriptor(IDescriptor.PRETTY_PRINT, null,
                     null,
-                    CMS.getUserMessage(locale, 
-                        "CMS_PROFILE_OUTPUT_CMMF_B64"));
+                    CMS.getUserMessage(locale,
+                            "CMS_PROFILE_OUTPUT_CMMF_B64"));
         }
         return null;
     }
 
     public String getValue(String name, Locale locale, IRequest request)
-        throws EProfileException {
+            throws EProfileException {
         if (name.equals(VAL_PRETTY_CERT)) {
             X509CertImpl cert = request.getExtDataInCert(
                     EnrollProfile.REQUEST_ISSUED_CERT);
-            ICertPrettyPrint prettyCert = CMS.getCertPrettyPrint(cert); 
+            ICertPrettyPrint prettyCert = CMS.getCertPrettyPrint(cert);
 
             return prettyCert.toString(locale);
         } else if (name.equals(VAL_CMMF_RESPONSE)) {
             try {
-              X509CertImpl cert = request.getExtDataInCert(
-                    EnrollProfile.REQUEST_ISSUED_CERT);
-              if (cert == null)
-                  return null;
-            
-              ICertificateAuthority ca = (ICertificateAuthority)
-                   CMS.getSubsystem("ca");
-              CertificateChain cachain = ca.getCACertChain(); 
-              X509Certificate[] cacerts = cachain.getChain();
-
-              byte[][] caPubs = new byte[cacerts.length][];
-
-              for (int j = 0; j < cacerts.length; j++)  {
-                caPubs[j] = ((X509CertImpl) cacerts[j]).getEncoded();
-              }   
-
-              CertRepContent certRepContent = null;
-              certRepContent = new CertRepContent(caPubs);
-
-              PKIStatusInfo status = new PKIStatusInfo(PKIStatusInfo.granted); 
-              CertifiedKeyPair certifiedKP = 
-                new CertifiedKeyPair(new CertOrEncCert(cert.getEncoded())); 
-              CertResponse resp = 
-                new CertResponse(new INTEGER(request.getRequestId().toString()), 
-                 status, certifiedKP);
-              certRepContent.addCertResponse(resp);
-
-              ByteArrayOutputStream certRepOut = new ByteArrayOutputStream(); 
-              certRepContent.encode(certRepOut); 
-              byte[] certRepBytes = certRepOut.toByteArray();
-
-              return CMS.BtoA(certRepBytes); 
+                X509CertImpl cert = request.getExtDataInCert(
+                        EnrollProfile.REQUEST_ISSUED_CERT);
+                if (cert == null)
+                    return null;
+
+                ICertificateAuthority ca = (ICertificateAuthority)
+                        CMS.getSubsystem("ca");
+                CertificateChain cachain = ca.getCACertChain();
+                X509Certificate[] cacerts = cachain.getChain();
+
+                byte[][] caPubs = new byte[cacerts.length][];
+
+                for (int j = 0; j < cacerts.length; j++) {
+                    caPubs[j] = ((X509CertImpl) cacerts[j]).getEncoded();
+                }
+
+                CertRepContent certRepContent = null;
+                certRepContent = new CertRepContent(caPubs);
+
+                PKIStatusInfo status = new PKIStatusInfo(PKIStatusInfo.granted);
+                CertifiedKeyPair certifiedKP =
+                        new CertifiedKeyPair(new CertOrEncCert(cert.getEncoded()));
+                CertResponse resp =
+                        new CertResponse(new INTEGER(request.getRequestId().toString()),
+                                status, certifiedKP);
+                certRepContent.addCertResponse(resp);
+
+                ByteArrayOutputStream certRepOut = new ByteArrayOutputStream();
+                certRepContent.encode(certRepOut);
+                byte[] certRepBytes = certRepOut.toByteArray();
+
+                return CMS.BtoA(certRepBytes);
             } catch (Exception e) {
-               return null;
+                return null;
             }
         } else {
             return null;
diff --git a/pki/base/common/src/com/netscape/cms/profile/output/CertOutput.java b/pki/base/common/src/com/netscape/cms/profile/output/CertOutput.java
index 7a2631da..676b280f 100644
--- a/pki/base/common/src/com/netscape/cms/profile/output/CertOutput.java
+++ b/pki/base/common/src/com/netscape/cms/profile/output/CertOutput.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.profile.output;
 
-
 import java.util.Locale;
 
 import netscape.security.x509.X509CertImpl;
@@ -34,14 +33,13 @@ import com.netscape.certsrv.property.IDescriptor;
 import com.netscape.certsrv.request.IRequest;
 import com.netscape.cms.profile.common.EnrollProfile;
 
-
 /**
- * This class implements the pretty print certificate output
- * that displays the issued certificate in a pretty print format.
- *
+ * This class implements the pretty print certificate output that displays the
+ * issued certificate in a pretty print format.
+ * 
  * @version $Revision$, $Date$
  */
-public class CertOutput extends EnrollOutput implements IProfileOutput { 
+public class CertOutput extends EnrollOutput implements IProfileOutput {
     public static final String VAL_PRETTY_CERT = "pretty_cert";
     public static final String VAL_B64_CERT = "b64_cert";
 
@@ -54,7 +52,7 @@ public class CertOutput extends EnrollOutput implements IProfileOutput {
      * Initializes this default policy.
      */
     public void init(IProfile profile, IConfigStore config)
-        throws EProfileException {
+            throws EProfileException {
         super.init(profile, config);
     }
 
@@ -76,36 +74,35 @@ public class CertOutput extends EnrollOutput implements IProfileOutput {
      * Populates the request with this policy default.
      */
     public void populate(IProfileContext ctx, IRequest request)
-        throws EProfileException {
+            throws EProfileException {
     }
 
     /**
-     * Retrieves the descriptor of the given value
-     * parameter by name.
+     * Retrieves the descriptor of the given value parameter by name.
      */
     public IDescriptor getValueDescriptor(Locale locale, String name) {
         if (name.equals(VAL_PRETTY_CERT)) {
             return new Descriptor(IDescriptor.PRETTY_PRINT, null,
                     null,
-                    CMS.getUserMessage(locale, 
-                        "CMS_PROFILE_OUTPUT_CERT_PP"));
+                    CMS.getUserMessage(locale,
+                            "CMS_PROFILE_OUTPUT_CERT_PP"));
         } else if (name.equals(VAL_B64_CERT)) {
             return new Descriptor(IDescriptor.PRETTY_PRINT, null,
                     null,
-                    CMS.getUserMessage(locale, 
-                        "CMS_PROFILE_OUTPUT_CERT_B64"));
+                    CMS.getUserMessage(locale,
+                            "CMS_PROFILE_OUTPUT_CERT_B64"));
         }
         return null;
     }
 
     public String getValue(String name, Locale locale, IRequest request)
-        throws EProfileException {
+            throws EProfileException {
         if (name.equals(VAL_PRETTY_CERT)) {
             X509CertImpl cert = request.getExtDataInCert(
                     EnrollProfile.REQUEST_ISSUED_CERT);
             if (cert == null)
                 return null;
-            ICertPrettyPrint prettyCert = CMS.getCertPrettyPrint(cert); 
+            ICertPrettyPrint prettyCert = CMS.getCertPrettyPrint(cert);
 
             return prettyCert.toString(locale);
         } else if (name.equals(VAL_B64_CERT)) {
@@ -113,7 +110,7 @@ public class CertOutput extends EnrollOutput implements IProfileOutput {
                     EnrollProfile.REQUEST_ISSUED_CERT);
             if (cert == null)
                 return null;
-            return CMS.getEncodedCert(cert); 
+            return CMS.getEncodedCert(cert);
         } else {
             return null;
         }
diff --git a/pki/base/common/src/com/netscape/cms/profile/output/EnrollOutput.java b/pki/base/common/src/com/netscape/cms/profile/output/EnrollOutput.java
index 5e3f077b..e0cd89da 100644
--- a/pki/base/common/src/com/netscape/cms/profile/output/EnrollOutput.java
+++ b/pki/base/common/src/com/netscape/cms/profile/output/EnrollOutput.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.profile.output;
 
-
 import java.util.Enumeration;
 import java.util.Locale;
 import java.util.Vector;
@@ -31,22 +30,21 @@ import com.netscape.certsrv.property.EPropertyException;
 import com.netscape.certsrv.property.IDescriptor;
 import com.netscape.certsrv.request.IRequest;
 
-
 /**
  * This class implements the basic enrollment output.
- *
+ * 
  * @version $Revision$, $Date$
  */
-public abstract class EnrollOutput implements IProfileOutput { 
+public abstract class EnrollOutput implements IProfileOutput {
     private IConfigStore mConfig = null;
     private Vector<String> mValueNames = new Vector<String>();
     protected Vector<String> mConfigNames = new Vector<String>();
- 
+
     /**
      * Initializes this default policy.
      */
     public void init(IProfile profile, IConfigStore config)
-        throws EProfileException {
+            throws EProfileException {
         mConfig = config;
     }
 
@@ -60,28 +58,26 @@ public abstract class EnrollOutput implements IProfileOutput {
 
     /**
      * Populates the request with this policy default.
-     *
+     * 
      * @param ctx profile context
      * @param request request
      * @exception EProfileException failed to populate
      */
     public abstract void populate(IProfileContext ctx, IRequest request)
-        throws EProfileException;
+            throws EProfileException;
 
     /**
-     * Retrieves the descriptor of the given value
-     * parameter by name.
-     *
+     * Retrieves the descriptor of the given value parameter by name.
+     * 
      * @param locale user locale
      * @param name property name
      * @return property descriptor
      */
     public abstract IDescriptor getValueDescriptor(Locale locale, String name);
 
-
     /**
      * Retrieves the localizable name of this policy.
-     *
+     * 
      * @param locale user locale
      * @return output policy name
      */
@@ -89,7 +85,7 @@ public abstract class EnrollOutput implements IProfileOutput {
 
     /**
      * Retrieves the localizable description of this policy.
-     *
+     * 
      * @param locale user locale
      * @return output policy description
      */
@@ -103,7 +99,7 @@ public abstract class EnrollOutput implements IProfileOutput {
     }
 
     public String getValue(String name, Locale locale, IRequest request)
-        throws EProfileException {
+            throws EProfileException {
         return request.getExtDataInString(name);
     }
 
@@ -111,7 +107,7 @@ public abstract class EnrollOutput implements IProfileOutput {
      * Sets the value of the given value parameter by name.
      */
     public void setValue(String name, Locale locale, IRequest request,
-        String value) throws EPropertyException {
+            String value) throws EPropertyException {
         request.setExtData(name, value);
     }
 
@@ -124,7 +120,7 @@ public abstract class EnrollOutput implements IProfileOutput {
     }
 
     public void setConfig(String name, String value)
-        throws EPropertyException {
+            throws EPropertyException {
     }
 
     public String getConfig(String name) {
diff --git a/pki/base/common/src/com/netscape/cms/profile/output/PKCS7Output.java b/pki/base/common/src/com/netscape/cms/profile/output/PKCS7Output.java
index 65718481..e2d9a08c 100644
--- a/pki/base/common/src/com/netscape/cms/profile/output/PKCS7Output.java
+++ b/pki/base/common/src/com/netscape/cms/profile/output/PKCS7Output.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.profile.output;
 
-
 import java.io.ByteArrayOutputStream;
 import java.security.cert.X509Certificate;
 import java.util.Locale;
@@ -42,14 +41,13 @@ import com.netscape.certsrv.property.IDescriptor;
 import com.netscape.certsrv.request.IRequest;
 import com.netscape.cms.profile.common.EnrollProfile;
 
-
 /**
- * This class implements the output plugin that outputs
- * PKCS7 for the issued certificate.
- *
+ * This class implements the output plugin that outputs PKCS7 for the issued
+ * certificate.
+ * 
  * @version $Revision$, $Date$
  */
-public class PKCS7Output extends EnrollOutput implements IProfileOutput { 
+public class PKCS7Output extends EnrollOutput implements IProfileOutput {
 
     public static final String VAL_PRETTY_CERT = "pretty_cert";
     public static final String VAL_PKCS7 = "pkcs7";
@@ -63,7 +61,7 @@ public class PKCS7Output extends EnrollOutput implements IProfileOutput {
      * Initializes this default policy.
      */
     public void init(IProfile profile, IConfigStore config)
-        throws EProfileException {
+            throws EProfileException {
         super.init(profile, config);
     }
 
@@ -85,72 +83,71 @@ public class PKCS7Output extends EnrollOutput implements IProfileOutput {
      * Populates the request with this policy default.
      */
     public void populate(IProfileContext ctx, IRequest request)
-        throws EProfileException {
+            throws EProfileException {
     }
 
     /**
-     * Retrieves the descriptor of the given value
-     * parameter by name.
+     * Retrieves the descriptor of the given value parameter by name.
      */
     public IDescriptor getValueDescriptor(Locale locale, String name) {
         if (name.equals(VAL_PRETTY_CERT)) {
             return new Descriptor(IDescriptor.PRETTY_PRINT, null,
                     null,
-                    CMS.getUserMessage(locale, 
-                        "CMS_PROFILE_OUTPUT_CERT_PP"));
+                    CMS.getUserMessage(locale,
+                            "CMS_PROFILE_OUTPUT_CERT_PP"));
         } else if (name.equals(VAL_PKCS7)) {
             return new Descriptor(IDescriptor.PRETTY_PRINT, null,
                     null,
-                    CMS.getUserMessage(locale, 
-                        "CMS_PROFILE_OUTPUT_PKCS7_B64"));
+                    CMS.getUserMessage(locale,
+                            "CMS_PROFILE_OUTPUT_PKCS7_B64"));
         }
         return null;
     }
 
     public String getValue(String name, Locale locale, IRequest request)
-        throws EProfileException {
+            throws EProfileException {
         if (name.equals(VAL_PRETTY_CERT)) {
             X509CertImpl cert = request.getExtDataInCert(
                     EnrollProfile.REQUEST_ISSUED_CERT);
             if (cert == null)
-                  return null;
-            ICertPrettyPrint prettyCert = CMS.getCertPrettyPrint(cert); 
+                return null;
+            ICertPrettyPrint prettyCert = CMS.getCertPrettyPrint(cert);
 
             return prettyCert.toString(locale);
         } else if (name.equals(VAL_PKCS7)) {
 
             try {
-              X509CertImpl cert = request.getExtDataInCert(
-                    EnrollProfile.REQUEST_ISSUED_CERT);
-              if (cert == null)
-                  return null;
-            
-              ICertificateAuthority ca = (ICertificateAuthority)
-                   CMS.getSubsystem("ca");
-              CertificateChain cachain = ca.getCACertChain(); 
-              X509Certificate[] cacerts = cachain.getChain();
-
-              X509CertImpl[] userChain = new X509CertImpl[cacerts.length + 1]; 
-              int m = 1, n = 0;
-
-              for (; n < cacerts.length; m++, n++) {
-                userChain[m] = (X509CertImpl) cacerts[n];
-              }
-
-              userChain[0] = cert;
-              PKCS7 p7 = new PKCS7(new AlgorithmId[0], 
-                  new ContentInfo(new byte[0]), 
-                  userChain, 
-                  new SignerInfo[0]); 
-              ByteArrayOutputStream bos = new ByteArrayOutputStream();
-
-              p7.encodeSignedData(bos); 
-              byte[] p7Bytes = bos.toByteArray(); 
-              String p7Str = CMS.BtoA(p7Bytes);
-
-              return p7Str;
+                X509CertImpl cert = request.getExtDataInCert(
+                        EnrollProfile.REQUEST_ISSUED_CERT);
+                if (cert == null)
+                    return null;
+
+                ICertificateAuthority ca = (ICertificateAuthority)
+                        CMS.getSubsystem("ca");
+                CertificateChain cachain = ca.getCACertChain();
+                X509Certificate[] cacerts = cachain.getChain();
+
+                X509CertImpl[] userChain = new X509CertImpl[cacerts.length + 1];
+                int m = 1, n = 0;
+
+                for (; n < cacerts.length; m++, n++) {
+                    userChain[m] = (X509CertImpl) cacerts[n];
+                }
+
+                userChain[0] = cert;
+                PKCS7 p7 = new PKCS7(new AlgorithmId[0],
+                        new ContentInfo(new byte[0]),
+                        userChain,
+                        new SignerInfo[0]);
+                ByteArrayOutputStream bos = new ByteArrayOutputStream();
+
+                p7.encodeSignedData(bos);
+                byte[] p7Bytes = bos.toByteArray();
+                String p7Str = CMS.BtoA(p7Bytes);
+
+                return p7Str;
             } catch (Exception e) {
-              return "";
+                return "";
             }
         } else {
             return null;
diff --git a/pki/base/common/src/com/netscape/cms/profile/output/nsNKeyOutput.java b/pki/base/common/src/com/netscape/cms/profile/output/nsNKeyOutput.java
index 90aa40a1..2ba07e6e 100644
--- a/pki/base/common/src/com/netscape/cms/profile/output/nsNKeyOutput.java
+++ b/pki/base/common/src/com/netscape/cms/profile/output/nsNKeyOutput.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.profile.output;
 
-
 import java.util.Locale;
 
 import netscape.security.x509.X509CertImpl;
@@ -33,14 +32,13 @@ import com.netscape.certsrv.property.IDescriptor;
 import com.netscape.certsrv.request.IRequest;
 import com.netscape.cms.profile.common.EnrollProfile;
 
-
 /**
- * This class implements the output plugin that outputs
- * DER for the issued certificate for token keys
- *
+ * This class implements the output plugin that outputs DER for the issued
+ * certificate for token keys
+ * 
  * @version $Revision$, $Date$
  */
-public class nsNKeyOutput extends EnrollOutput implements IProfileOutput { 
+public class nsNKeyOutput extends EnrollOutput implements IProfileOutput {
 
     public static final String VAL_DER = "der";
 
@@ -52,7 +50,7 @@ public class nsNKeyOutput extends EnrollOutput implements IProfileOutput {
      * Initializes this default policy.
      */
     public void init(IProfile profile, IConfigStore config)
-        throws EProfileException {
+            throws EProfileException {
         super.init(profile, config);
     }
 
@@ -74,35 +72,34 @@ public class nsNKeyOutput extends EnrollOutput implements IProfileOutput {
      * Populates the request with this policy default.
      */
     public void populate(IProfileContext ctx, IRequest request)
-        throws EProfileException {
+            throws EProfileException {
     }
 
     /**
-     * Retrieves the descriptor of the given value
-     * parameter by name.
+     * Retrieves the descriptor of the given value parameter by name.
      */
     public IDescriptor getValueDescriptor(Locale locale, String name) {
         if (name.equals(VAL_DER)) {
             return new Descriptor("der_b64", null,
                     null,
-                    CMS.getUserMessage(locale, 
-                        "CMS_PROFILE_OUTPUT_DER_B64"));
+                    CMS.getUserMessage(locale,
+                            "CMS_PROFILE_OUTPUT_DER_B64"));
         }
         return null;
     }
 
     public String getValue(String name, Locale locale, IRequest request)
-        throws EProfileException {
+            throws EProfileException {
         if (name.equals(VAL_DER)) {
 
             try {
-              X509CertImpl cert = request.getExtDataInCert(
-                    EnrollProfile.REQUEST_ISSUED_CERT);
-              if (cert == null)
-                  return null;
-			  return CMS.BtoA(cert.getEncoded());
+                X509CertImpl cert = request.getExtDataInCert(
+                        EnrollProfile.REQUEST_ISSUED_CERT);
+                if (cert == null)
+                    return null;
+                return CMS.BtoA(cert.getEncoded());
             } catch (Exception e) {
-              return "";
+                return "";
             }
         } else {
             return null;
diff --git a/pki/base/common/src/com/netscape/cms/profile/updater/SubsystemGroupUpdater.java b/pki/base/common/src/com/netscape/cms/profile/updater/SubsystemGroupUpdater.java
index 69803421..589763b5 100644
--- a/pki/base/common/src/com/netscape/cms/profile/updater/SubsystemGroupUpdater.java
+++ b/pki/base/common/src/com/netscape/cms/profile/updater/SubsystemGroupUpdater.java
@@ -43,8 +43,8 @@ import com.netscape.certsrv.usrgrp.IUser;
 import com.netscape.cms.profile.common.EnrollProfile;
 
 /**
- * This updater class will create the new user to the subsystem group and
- * then add the subsystem certificate to the user.
+ * This updater class will create the new user to the subsystem group and then
+ * add the subsystem certificate to the user.
  * 
  * @version $Revision$, $Date$
  */
@@ -58,7 +58,7 @@ public class SubsystemGroupUpdater implements IProfileUpdater {
     private Vector mValueNames = new Vector();
 
     private final static String LOGGING_SIGNED_AUDIT_CONFIG_ROLE =
-        "LOGGING_SIGNED_AUDIT_CONFIG_ROLE_3";
+            "LOGGING_SIGNED_AUDIT_CONFIG_ROLE_3";
     private final static String SIGNED_AUDIT_PASSWORD_VALUE = "********";
     private final static String SIGNED_AUDIT_EMPTY_NAME_VALUE_PAIR = "Unknown";
     private final static String SIGNED_AUDIT_NAME_VALUE_DELIMITER = ";;";
@@ -67,8 +67,8 @@ public class SubsystemGroupUpdater implements IProfileUpdater {
     public SubsystemGroupUpdater() {
     }
 
-    public void init(IProfile profile, IConfigStore config) 
-      throws EProfileException {
+    public void init(IProfile profile, IConfigStore config)
+            throws EProfileException {
         mConfig = config;
         mProfile = profile;
         mEnrollProfile = (EnrollProfile) profile;
@@ -82,8 +82,8 @@ public class SubsystemGroupUpdater implements IProfileUpdater {
         return null;
     }
 
-    public void setConfig(String name, String value) 
-      throws EPropertyException {
+    public void setConfig(String name, String value)
+            throws EPropertyException {
         if (mConfig.getSubStore("params") == null) {
             //
         } else {
@@ -108,8 +108,8 @@ public class SubsystemGroupUpdater implements IProfileUpdater {
         return mConfig;
     }
 
-    public void update(IRequest req, RequestStatus status) 
-      throws EProfileException {
+    public void update(IRequest req, RequestStatus status)
+            throws EProfileException {
 
         String auditMessage = null;
         String auditSubjectID = auditSubjectID();
@@ -124,33 +124,34 @@ public class SubsystemGroupUpdater implements IProfileUpdater {
             return;
 
         IConfigStore mainConfig = CMS.getConfigStore();
-        
-        int num=0;
+
+        int num = 0;
         try {
             num = mainConfig.getInteger("subsystem.count", 0);
-        } catch (Exception e) {}
+        } catch (Exception e) {
+        }
 
         IUGSubsystem system = (IUGSubsystem) (CMS.getSubsystem(IUGSubsystem.ID));
 
         String requestor_name = "subsystem";
         try {
-          requestor_name = req.getExtDataInString("requestor_name");
+            requestor_name = req.getExtDataInString("requestor_name");
         } catch (Exception e1) {
-          // ignore
+            // ignore
         }
 
         // i.e. tps-1.2.3.4-4
         String id = requestor_name;
- 
+
         num++;
         mainConfig.putInteger("subsystem.count", num);
-   
+
         try {
             mainConfig.commit(false);
         } catch (Exception e) {
         }
         String auditParams = "Scope;;users+Operation;;OP_ADD+source;;SubsystemGroupUpdater" +
-                             "+Resource;;"+ id +
+                             "+Resource;;" + id +
                              "+fullname;;" + id +
                              "+state;;1" +
                              "+userType;;agentType+email;;<null>+password;;<null>+phone;;<null>";
@@ -196,8 +197,8 @@ public class SubsystemGroupUpdater implements IProfileUpdater {
             }
 
             auditParams = "Scope;;certs+Operation;;OP_ADD+source;;SubsystemGroupUpdater" +
-                             "+Resource;;"+ id +
-                             "+cert;;"+ b64;
+                             "+Resource;;" + id +
+                             "+cert;;" + b64;
 
             system.addUserCert(user);
             CMS.debug("SubsystemGroupUpdater update: successfully add the user certificate");
@@ -216,7 +217,7 @@ public class SubsystemGroupUpdater implements IProfileUpdater {
                                    ILogger.FAILURE,
                                    auditParams);
                 audit(auditMessage);
-                throw new EProfileException(e.toString()); 
+                throw new EProfileException(e.toString());
             }
         } catch (Exception e) {
             CMS.debug("UpdateSubsystemGroup: update addUser " + e.toString());
@@ -232,17 +233,17 @@ public class SubsystemGroupUpdater implements IProfileUpdater {
         IGroup group = null;
         String groupName = "Subsystem Group";
         auditParams = "Scope;;groups+Operation;;OP_MODIFY+source;;SubsystemGroupUpdater" +
-                      "+Resource;;"+ groupName; 
+                      "+Resource;;" + groupName;
 
         try {
             group = system.getGroupFromName(groupName);
-            
+
             auditParams += "+user;;";
             Enumeration members = group.getMemberNames();
             while (members.hasMoreElements()) {
                 auditParams += (String) members.nextElement();
                 if (members.hasMoreElements()) {
-                    auditParams +=",";         
+                    auditParams += ",";
                 }
             }
 
@@ -287,10 +288,10 @@ public class SubsystemGroupUpdater implements IProfileUpdater {
         }
 
         mSignedAuditLogger.log(ILogger.EV_SIGNED_AUDIT,
-            null,
-            ILogger.S_SIGNED_AUDIT,
-            ILogger.LL_SECURITY,
-            msg);
+                null,
+                ILogger.S_SIGNED_AUDIT,
+                ILogger.LL_SECURITY,
+                msg);
     }
 
     private String auditSubjectID() {
diff --git a/pki/base/common/src/com/netscape/cms/publish/mappers/AVAPattern.java b/pki/base/common/src/com/netscape/cms/publish/mappers/AVAPattern.java
index aea489e3..ca05129c 100644
--- a/pki/base/common/src/com/netscape/cms/publish/mappers/AVAPattern.java
+++ b/pki/base/common/src/com/netscape/cms/publish/mappers/AVAPattern.java
@@ -20,7 +20,6 @@
 
 package com.netscape.cms.publish.mappers;
 
-
 ///////////////////////
 // import statements //
 ///////////////////////
@@ -49,24 +48,24 @@ import com.netscape.certsrv.ldap.ELdapException;
 import com.netscape.certsrv.publish.ECompSyntaxErr;
 import com.netscape.certsrv.request.IRequest;
 
-
 //////////////////////
 // class definition //
 //////////////////////
 
 /**
- * avaPattern is a string representing an ldap
- * attribute formulated from the certificate
- * subject name, extension or request attributes.
+ * avaPattern is a string representing an ldap attribute formulated from the
+ * certificate subject name, extension or request attributes.
  * <p>
  * 
- * The syntax is 
+ * The syntax is
+ * 
  * <pre>
  *     avaPattern := constant-value | 
  *                   "$subj" "." attrName [ "." attrNumber ] | 
  *                   "$req" "." [ prefix .] attrName [ "." attrNumber ] | 
- *                   "$ext" "." extName [ "." nameType ] [ "." attrNumber ] 
+ *                   "$ext" "." extName [ "." nameType ] [ "." attrNumber ]
  * </pre>
+ * 
  * <pre>
  * Example: <i>$ext.SubjectAlternativeName.RFC822Name.1</i>
  * cert subjectAltName is rfc822Name: jjames@mcom.com
@@ -77,15 +76,16 @@ import com.netscape.certsrv.request.IRequest;
  *     The first rfc822name value in the subjAltName extension.  <br>
  * <p>
  * </pre>
- * If a request attribute or subject DN component does not exist,
- * the attribute is skipped.
- *
+ * 
+ * If a request attribute or subject DN component does not exist, the attribute
+ * is skipped.
+ * 
  * @version $Revision$, $Date$
  */
 class AVAPattern {
-    ////////////////
+    // //////////////
     // parameters //
-    ////////////////
+    // //////////////
 
     /* the value type of the dn component */
     public static final String TYPE_REQ = "$req";
@@ -101,29 +101,30 @@ class AVAPattern {
             "EDIName",
             "URIName",
             "IPAddress",
-            "OIDName"};
+            "OIDName" };
 
     private static final char[] endChars = new char[] { '+', ',' };
 
-    private static final LdapV3DNStrConverter mLdapDNStrConverter = 
-        new LdapV3DNStrConverter();
+    private static final LdapV3DNStrConverter mLdapDNStrConverter =
+            new LdapV3DNStrConverter();
 
-    /* the list of request attributes needed by this AVA  */
+    /* the list of request attributes needed by this AVA */
     protected String[] mReqAttrs = null;
 
-    /* the list of cert attributes needed by this AVA*/
+    /* the list of cert attributes needed by this AVA */
     protected String[] mCertAttrs = null;
 
     /* value type */
     protected String mType = null;
 
-    /* value - could be name of a request  attribute or 
-     * cert subject attribute or extension name.
+    /*
+     * value - could be name of a request attribute or cert subject attribute or
+     * extension name.
      */
     protected String mValue = null;
 
-    /* value type - general name type of an 
-     *              extension attribute if any.
+    /*
+     * value type - general name type of an extension attribute if any.
      */
     protected String mGNType = null;
 
@@ -135,12 +136,12 @@ class AVAPattern {
 
     protected String mTestDN = null;
 
-    /////////////
+    // ///////////
     // methods //
-    /////////////
+    // ///////////
 
     public AVAPattern(String component)
-        throws ELdapException {
+            throws ELdapException {
         if (component == null || component.length() == 0) {
             throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX", component));
         }
@@ -148,33 +149,33 @@ class AVAPattern {
         parse(new PushbackReader(new StringReader(component)));
     }
 
-    public AVAPattern(PushbackReader in) 
-        throws ELdapException {
+    public AVAPattern(PushbackReader in)
+            throws ELdapException {
         parse(in);
     }
 
     private void parse(PushbackReader in)
-        throws ELdapException {
+            throws ELdapException {
         int c;
 
         // skip spaces
-        //System.out.println("============ AVAPattern Begin ===========");
-        //System.out.println("skip spaces");
+        // System.out.println("============ AVAPattern Begin ===========");
+        // System.out.println("skip spaces");
 
         try {
-            while ((c = in.read()) == ' ' || c == '\t') {//System.out.println("spaces read "+(char)c);
+            while ((c = in.read()) == ' ' || c == '\t') {// System.out.println("spaces read "+(char)c);
                 ;
             }
         } catch (IOException e) {
             throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX", "All blank"));
         }
 
-        if (c == -1) { 
+        if (c == -1) {
             throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX", "All blank"));
         }
 
         if (c == '$') {
-            // check for $subj $ext or $req 
+            // check for $subj $ext or $req
             try {
                 c = in.read();
             } catch (IOException e) {
@@ -189,9 +190,9 @@ class AVAPattern {
 
             if (c == 'r') {
                 try {
-                    if (in.read() != 'e' || 
-                        in.read() != 'q' || 
-                        in.read() != '.') {
+                    if (in.read() != 'e' ||
+                            in.read() != 'q' ||
+                            in.read() != '.') {
                         throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX",
                                     "expecting $req in ava pattern"));
                     }
@@ -201,13 +202,13 @@ class AVAPattern {
                 }
 
                 mType = TYPE_REQ;
-                //System.out.println("---- mtype $req");
+                // System.out.println("---- mtype $req");
             } else if (c == 's') {
                 try {
-                    if (in.read() != 'u' || 
-                        in.read() != 'b' || 
-                        in.read() != 'j' || 
-                        in.read() != '.') {
+                    if (in.read() != 'u' ||
+                            in.read() != 'b' ||
+                            in.read() != 'j' ||
+                            in.read() != '.') {
                         throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX",
                                     "expecting $subj in ava pattern"));
                     }
@@ -217,12 +218,12 @@ class AVAPattern {
                 }
 
                 mType = TYPE_SUBJ;
-                //System.out.println("----- mtype $subj");
+                // System.out.println("----- mtype $subj");
             } else if (c == 'e') {
                 try {
-                    if (in.read() != 'x' || 
-                        in.read() != 't' || 
-                        in.read() != '.') {
+                    if (in.read() != 'x' ||
+                            in.read() != 't' ||
+                            in.read() != '.') {
                         throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX",
                                     "expecting $ext in ava pattern"));
                     }
@@ -232,10 +233,10 @@ class AVAPattern {
                 }
 
                 mType = TYPE_EXT;
-                //System.out.println("----- mtype $ext");
+                // System.out.println("----- mtype $ext");
             } else {
                 throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX",
-                            "unknown keyword. expecting $subj $ext or $req.")); 
+                            "unknown keyword. expecting $subj $ext or $req."));
             }
 
             // get request attribute or
@@ -245,14 +246,14 @@ class AVAPattern {
             StringBuffer valueBuf = new StringBuffer();
 
             try {
-                while ((c = in.read()) != ',' && 
-                    c != -1 && c != '.' && c != '+') {
-                    //System.out.println("mValue read "+(char)c);
+                while ((c = in.read()) != ',' &&
+                        c != -1 && c != '.' && c != '+') {
+                    // System.out.println("mValue read "+(char)c);
                     valueBuf.append((char) c);
                 }
 
                 if (c == '+' || c == ',') { // either ',' or '+'
-                    in.unread(c);           // pushback last , or + 
+                    in.unread(c); // pushback last , or +
                 }
             } catch (IOException e) {
                 throw new ELdapException(
@@ -260,11 +261,11 @@ class AVAPattern {
             }
 
             mValue = valueBuf.toString().trim();
-            if (mValue.length() == 0) { 
+            if (mValue.length() == 0) {
                 throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX",
                             "$subj $ext or $req attribute name expected"));
             }
-            //System.out.println("----- mValue "+mValue);
+            // System.out.println("----- mValue "+mValue);
 
             // get nth dn xxx not nth request attribute .
             if (c == '.') {
@@ -272,13 +273,13 @@ class AVAPattern {
 
                 try {
                     while ((c = in.read()) != ',' && c != -1 && c != '.'
-                        && c != '+') {
-                        //System.out.println("mElement read "+(char)c);
+                            && c != '+') {
+                        // System.out.println("mElement read "+(char)c);
                         attrNumberBuf.append((char) c);
                     }
 
-                    if (c == ',' || c == '+') { // either ','  or '+'
-                        in.unread(c);           // pushback last , or +
+                    if (c == ',' || c == '+') { // either ',' or '+'
+                        in.unread(c); // pushback last , or +
                     }
                 } catch (IOException e) {
                     throw new ELdapException(
@@ -304,7 +305,7 @@ class AVAPattern {
                     } else {
                         throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX",
                                     "Invalid format in nth element " +
-                                    "$req $ext or $subj"));
+                                            "$req $ext or $subj"));
                     }
 
                     // get nth request attribute .
@@ -313,14 +314,14 @@ class AVAPattern {
 
                         try {
                             while ((c = in.read()) != ',' &&
-                                c != -1 && c != '+') {
-                                //System.out.println("mElement read "+
-                                //                   (char)c);
+                                    c != -1 && c != '+') {
+                                // System.out.println("mElement read "+
+                                // (char)c);
                                 attrNumberBuf1.append((char) c);
                             }
 
-                            if (c != -1) {     // either ',' or '+'
-                                in.unread(c);  // pushback last , or +
+                            if (c != -1) { // either ',' or '+'
+                                in.unread(c); // pushback last , or +
                             }
                         } catch (IOException ex) {
                             throw new ELdapException(
@@ -328,28 +329,28 @@ class AVAPattern {
                         }
 
                         String attrNumber1 =
-                            attrNumberBuf1.toString().trim();
+                                attrNumberBuf1.toString().trim();
 
                         if (attrNumber1.length() == 0) {
                             throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX", "nth element $req or $ext expected"));
                         }
 
-                        try { 
-                            mElement = Integer.parseInt(attrNumber1) - 1; 
+                        try {
+                            mElement = Integer.parseInt(attrNumber1) - 1;
                         } catch (NumberFormatException ex) {
                             throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX",
                                         "Invalid format in nth element " +
-                                        "$req or $ext."));
+                                                "$req or $ext."));
                         }
                     }
                 }
             }
-            //System.out.println("----- mElement "+mElement);
+            // System.out.println("----- mElement "+mElement);
         } else {
             // value is constant. treat as regular ava.
             mType = TYPE_CONSTANT;
 
-            // parse ava value. 
+            // parse ava value.
             StringBuffer valueBuf = new StringBuffer();
 
             valueBuf.append((char) c);
@@ -361,7 +362,7 @@ class AVAPattern {
                 }
 
                 if (c == '+' || c == ',') { // either ',' or '+'
-                    in.unread(c);           // pushback last , or + 
+                    in.unread(c); // pushback last , or +
                 }
             } catch (IOException e) {
                 throw new ELdapException(
@@ -370,22 +371,19 @@ class AVAPattern {
 
             mValue = valueBuf.toString().trim();
 
-            /*  try { 
-             *      AVA ava = mLdapDNStrConverter.parseAVA(
-             *                    valueBuf.toString()); 
-             *      mValue = ava.toLdapDNString();
-             *      //System.out.println("----- mValue "+mValue);
-             *  } catch (IOException e) {
-             *      throw new ECompSyntaxErr(e.toString());
-             *  }
+            /*
+             * try { AVA ava = mLdapDNStrConverter.parseAVA(
+             * valueBuf.toString()); mValue = ava.toLdapDNString();
+             * //System.out.println("----- mValue "+mValue); } catch
+             * (IOException e) { throw new ECompSyntaxErr(e.toString()); }
              */
         }
     }
 
     public String formAVA(IRequest req,
-        X500Name subject,
-        CertificateExtensions extensions)
-        throws ELdapException {
+            X500Name subject,
+            CertificateExtensions extensions)
+            throws ELdapException {
         if (TYPE_CONSTANT.equals(mType)) {
             return mValue;
         }
@@ -393,11 +391,11 @@ class AVAPattern {
         if (TYPE_SUBJ.equals(mType)) {
             String dn = subject.toString();
 
-            if (mTestDN != null) { 
+            if (mTestDN != null) {
                 dn = mTestDN;
             }
 
-            //System.out.println("AVAPattern Using dn "+mTestDN);
+            // System.out.println("AVAPattern Using dn "+mTestDN);
             String[] rdns = LDAPDN.explodeDN(dn, false);
 
             String value = null;
@@ -410,8 +408,8 @@ class AVAPattern {
                 for (int j = 0; j < avas.length; j++) {
                     String[] exploded = explodeAVA(avas[j]);
 
-                    if (exploded[0].equalsIgnoreCase(mValue) && 
-                        ++nFound == mElement) {
+                    if (exploded[0].equalsIgnoreCase(mValue) &&
+                            ++nFound == mElement) {
                         value = exploded[1];
                         break;
                     }
@@ -431,10 +429,10 @@ class AVAPattern {
 
                 for (int i = 0; i < extensions.size(); i++) {
                     Extension ext = (Extension)
-                        extensions.elementAt(i);
+                            extensions.elementAt(i);
 
                     String extName =
-                        OIDMap.getName(ext.getExtensionId());
+                            OIDMap.getName(ext.getExtensionId());
 
                     int index = extName.lastIndexOf(".");
 
@@ -450,9 +448,9 @@ class AVAPattern {
                                 SubjectAlternativeNameExtension.class.getSimpleName())) {
                             try {
                                 GeneralNames subjectNames = (GeneralNames)
-                                    ((SubjectAlternativeNameExtension)
+                                        ((SubjectAlternativeNameExtension)
                                         ext).get(
-                                        SubjectAlternativeNameExtension.SUBJECT_NAME);
+                                                SubjectAlternativeNameExtension.SUBJECT_NAME);
 
                                 if (subjectNames.size() == 0) {
                                     break;
@@ -461,11 +459,10 @@ class AVAPattern {
                                 int j = 0;
 
                                 for (Enumeration<GeneralNameInterface> n =
-                                        subjectNames.elements();
-                                    n.hasMoreElements();) {
+                                        subjectNames.elements(); n.hasMoreElements();) {
 
                                     GeneralName gn = (GeneralName)
-                                        n.nextElement();
+                                            n.nextElement();
 
                                     String gname = gn.toString();
 
@@ -476,7 +473,7 @@ class AVAPattern {
                                     }
 
                                     String gType =
-                                        gname.substring(0, index);
+                                            gname.substring(0, index);
 
                                     if (mGNType != null) {
                                         if (mGNType.equalsIgnoreCase(gType)) {
@@ -497,12 +494,12 @@ class AVAPattern {
                                         j++;
                                     }
                                 }
-                            } catch (IOException e) { 
+                            } catch (IOException e) {
                                 CMS.debug(
-                                    "AVAPattern: Publishing attr not formed " +
-                                    "from extension " +
-                                    "-- no attr : " +
-                                    mValue);
+                                        "AVAPattern: Publishing attr not formed " +
+                                                "from extension " +
+                                                "-- no attr : " +
+                                                mValue);
                             }
                         }
                     }
@@ -510,10 +507,10 @@ class AVAPattern {
             }
 
             CMS.debug(
-                "AVAPattern: Publishing:attr not formed " +
-                "from extension " +
-                "-- no attr : " +
-                mValue);
+                    "AVAPattern: Publishing:attr not formed " +
+                            "from extension " +
+                            "-- no attr : " +
+                            mValue);
 
             return null;
         }
@@ -522,8 +519,7 @@ class AVAPattern {
             // mPrefix and mValue are looked up case-insensitive
             String reqAttr = req.getExtDataInString(mPrefix, mValue);
             if (reqAttr == null) {
-                throw new
-                        ELdapException(
+                throw new ELdapException(
                         CMS.getUserMessage("CMS_LDAP_NO_REQUEST", mValue, ""));
             }
 
@@ -550,10 +546,9 @@ class AVAPattern {
     }
 
     /**
-     * Explode RDN into AVAs. 
-     * Does not handle escaped '+' 
-     * Java ldap library does not yet support multiple avas per rdn.
-     * If RDN is malformed returns empty array. 
+     * Explode RDN into AVAs. Does not handle escaped '+' Java ldap library does
+     * not yet support multiple avas per rdn. If RDN is malformed returns empty
+     * array.
      */
     public static String[] explodeRDN(String rdn) {
         int plus = rdn.indexOf('+');
@@ -578,9 +573,8 @@ class AVAPattern {
     }
 
     /**
-     * Explode AVA into name and value. 
-     * Does not handle escaped '='
-     * If AVA is malformed empty array is returned.
+     * Explode AVA into name and value. Does not handle escaped '=' If AVA is
+     * malformed empty array is returned.
      */
     public static String[] explodeAVA(String ava) {
         int equals = ava.indexOf('=');
@@ -593,4 +587,3 @@ class AVAPattern {
                 ava.substring(equals + 1).trim() };
     }
 }
-
diff --git a/pki/base/common/src/com/netscape/cms/publish/mappers/LdapCaSimpleMap.java b/pki/base/common/src/com/netscape/cms/publish/mappers/LdapCaSimpleMap.java
index 3cf1bca8..ee903016 100644
--- a/pki/base/common/src/com/netscape/cms/publish/mappers/LdapCaSimpleMap.java
+++ b/pki/base/common/src/com/netscape/cms/publish/mappers/LdapCaSimpleMap.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.publish.mappers;
 
-
 import java.io.IOException;
 import java.security.cert.X509Certificate;
 import java.util.Locale;
@@ -48,20 +47,18 @@ import com.netscape.certsrv.logging.ILogger;
 import com.netscape.certsrv.publish.ILdapMapper;
 import com.netscape.certsrv.request.IRequest;
 
-
-/** 
- * Maps a request to an entry in the LDAP server.
- * Takes a dnPattern to form the baseDN from the request attributes
- * and certificate subject name.Do a base search for the entry 
- * in the directory to publish the cert or crl.
- * The restriction of this mapper is that the ldap dn components must
- * be part of certificate subject name or request attributes or constant.
- *
+/**
+ * Maps a request to an entry in the LDAP server. Takes a dnPattern to form the
+ * baseDN from the request attributes and certificate subject name.Do a base
+ * search for the entry in the directory to publish the cert or crl. The
+ * restriction of this mapper is that the ldap dn components must be part of
+ * certificate subject name or request attributes or constant.
+ * 
  * @version $Revision$, $Date$
  */
 public class LdapCaSimpleMap implements ILdapMapper, IExtendedPluginInfo {
-    protected static final String PROP_DNPATTERN = "dnPattern";  
-    protected static final String PROP_CREATECA = "createCAEntry";  
+    protected static final String PROP_DNPATTERN = "dnPattern";
+    protected static final String PROP_CREATECA = "createCAEntry";
     protected String mDnPattern = null;
     protected boolean mCreateCAEntry = true;
 
@@ -72,20 +69,20 @@ public class LdapCaSimpleMap implements ILdapMapper, IExtendedPluginInfo {
     /* the subject DN pattern */
     protected MapDNPattern mPattern = null;
 
-    /* the list of request attriubutes to retrieve*/
+    /* the list of request attriubutes to retrieve */
     protected String[] mReqAttrs = null;
 
-    /* the list of cert attriubutes to retrieve*/
+    /* the list of cert attriubutes to retrieve */
     protected String[] mCertAttrs = null;
 
     /* default dn pattern if left blank or not set in the config */
-    public static final String DEFAULT_DNPATTERN = 
-        "UID=$req.HTTP_PARAMS.UID,  OU=people, O=$subj.o, C=$subj.c";
+    public static final String DEFAULT_DNPATTERN =
+            "UID=$req.HTTP_PARAMS.UID,  OU=people, O=$subj.o, C=$subj.c";
 
-    /** 
+    /**
      * Constructor.
-     *
-     * @param dnPattern The base DN. 
+     * 
+     * @param dnPattern The base DN.
      */
     public LdapCaSimpleMap(String dnPattern) {
         try {
@@ -93,7 +90,7 @@ public class LdapCaSimpleMap implements ILdapMapper, IExtendedPluginInfo {
         } catch (EBaseException e) {
             log(ILogger.LL_FAILURE, CMS.getLogMessage("OPERATION_ERROR", e.toString()));
         }
-		
+
     }
 
     /**
@@ -105,11 +102,11 @@ public class LdapCaSimpleMap implements ILdapMapper, IExtendedPluginInfo {
     public String[] getExtendedPluginInfo(Locale locale) {
         String params[] = {
                 "dnPattern;string;Describes how to form the Ldap Subject name in" +
-                " the directory.  Example 1:  'uid=CertMgr, o=Fedora'.  Example 2:" +
-                " 'uid=$req.HTTP_PARAMS.uid, E=$ext.SubjectAlternativeName.RFC822Name, ou=$subj.ou'. " + 
-                "$req means: take the attribute from the request. " + 
-                "$subj means: take the attribute from the certificate subject name. " + 
-                "$ext means: take the attribute from the certificate extension",
+                        " the directory.  Example 1:  'uid=CertMgr, o=Fedora'.  Example 2:" +
+                        " 'uid=$req.HTTP_PARAMS.uid, E=$ext.SubjectAlternativeName.RFC822Name, ou=$subj.ou'. " +
+                        "$req means: take the attribute from the request. " +
+                        "$subj means: take the attribute from the certificate subject name. " +
+                        "$ext means: take the attribute from the certificate extension",
                 "createCAEntry;boolean;If checked, CA entry will be created automatically",
                 IExtendedPluginInfo.HELP_TOKEN + ";configuration-ldappublish-mapper-casimplemapper",
                 IExtendedPluginInfo.HELP_TEXT + ";Describes how to form the LDAP DN of the entry to publish to"
@@ -122,11 +119,11 @@ public class LdapCaSimpleMap implements ILdapMapper, IExtendedPluginInfo {
         return mConfig;
     }
 
-    /** 
+    /**
      * for initializing from config store.
      */
-    public void init(IConfigStore config) 
-        throws EBaseException {
+    public void init(IConfigStore config)
+            throws EBaseException {
         mConfig = config;
         String dnPattern = mConfig.getString(PROP_DNPATTERN);
 
@@ -138,12 +135,12 @@ public class LdapCaSimpleMap implements ILdapMapper, IExtendedPluginInfo {
      * common initialization routine.
      */
     protected void init(String dnPattern)
-        throws EBaseException {
-        if (mInited) 
+            throws EBaseException {
+        if (mInited)
             return;
 
         mDnPattern = dnPattern;
-        if (mDnPattern == null || mDnPattern.length() == 0) 
+        if (mDnPattern == null || mDnPattern.length() == 0)
             mDnPattern = DEFAULT_DNPATTERN;
         try {
             mPattern = new MapDNPattern(mDnPattern);
@@ -151,7 +148,7 @@ public class LdapCaSimpleMap implements ILdapMapper, IExtendedPluginInfo {
             String[] mCertAttrs = mPattern.getCertAttrs();
         } catch (ELdapException e) {
             log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_DN_PATTERN_INIT", dnPattern, e.toString()));
-            throw new EBaseException("falied to init with pattern " + 
+            throw new EBaseException("falied to init with pattern " +
                     dnPattern + " " + e);
         }
 
@@ -159,29 +156,29 @@ public class LdapCaSimpleMap implements ILdapMapper, IExtendedPluginInfo {
     }
 
     /**
-     * Maps a X500 subject name to LDAP entry.
-     * Uses DN pattern to form a DN for a LDAP base search.
+     * Maps a X500 subject name to LDAP entry. Uses DN pattern to form a DN for
+     * a LDAP base search.
      * 
-     * @param conn	the LDAP connection.
-     * @param obj   the object to map.
+     * @param conn the LDAP connection.
+     * @param obj the object to map.
      * @exception ELdapException if any LDAP exceptions occured.
-     */ 
+     */
     public String map(LDAPConnection conn, Object obj)
-        throws ELdapException {
+            throws ELdapException {
         return map(conn, null, obj);
     }
 
     /**
-     * Maps a X500 subject name to LDAP entry.
-     * Uses DN pattern to form a DN for a LDAP base search.
+     * Maps a X500 subject name to LDAP entry. Uses DN pattern to form a DN for
+     * a LDAP base search.
      * 
-     * @param conn	the LDAP connection.
-     * @param req  	the request to map.
-     * @param obj   the object to map.
+     * @param conn the LDAP connection.
+     * @param req the request to map.
+     * @param obj the object to map.
      * @exception ELdapException if any LDAP exceptions occured.
-     */ 
+     */
     public String map(LDAPConnection conn, IRequest req, Object obj)
-        throws ELdapException {
+            throws ELdapException {
         if (conn == null)
             return null;
         String dn = null;
@@ -204,26 +201,26 @@ public class LdapCaSimpleMap implements ILdapMapper, IExtendedPluginInfo {
             String[] attrs = new String[] { LDAPv3.NO_ATTRS };
 
             log(ILogger.LL_INFO, "searching for dn: " + dn + " filter:"
-                + filter + " scope: base");
+                    + filter + " scope: base");
 
-            LDAPSearchResults results = 
-                conn.search(dn, scope, filter, attrs, false);
+            LDAPSearchResults results =
+                    conn.search(dn, scope, filter, attrs, false);
             LDAPEntry entry = results.next();
 
             if (results.hasMoreElements()) {
-                log(ILogger.LL_FAILURE, 
-                    CMS.getLogMessage("PUBLISH_MORE_THAN_ONE_ENTRY", dn,
-                        ((req == null) ? "" : req.getRequestId().toString()))); 
+                log(ILogger.LL_FAILURE,
+                        CMS.getLogMessage("PUBLISH_MORE_THAN_ONE_ENTRY", dn,
+                                ((req == null) ? "" : req.getRequestId().toString())));
                 throw new ELdapException(
-                        CMS.getUserMessage("CMS_LDAP_MORE_THAN_ONE_ENTRY", 
-                            ((req == null) ? "" : req.getRequestId().toString()))); 
+                        CMS.getUserMessage("CMS_LDAP_MORE_THAN_ONE_ENTRY",
+                                ((req == null) ? "" : req.getRequestId().toString())));
             }
             if (entry != null)
                 return entry.getDN();
             else {
-                log(ILogger.LL_FAILURE, 
-                    CMS.getLogMessage("PUBLISH_ENTRY_NOT_FOUND", dn,
-                        ((req == null) ? "" : req.getRequestId().toString())));
+                log(ILogger.LL_FAILURE,
+                        CMS.getLogMessage("PUBLISH_ENTRY_NOT_FOUND", dn,
+                                ((req == null) ? "" : req.getRequestId().toString())));
                 throw new ELdapException(CMS.getUserMessage("CMS_LDAP_NO_MATCH_FOUND",
                             "null entry"));
             }
@@ -232,7 +229,7 @@ public class LdapCaSimpleMap implements ILdapMapper, IExtendedPluginInfo {
                 // need to intercept this because message from LDAP is
                 // "DSA is unavailable" which confuses with DSA PKI.
                 log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("PUBLISH_NO_LDAP_SERVER"));
+                        CMS.getLogMessage("PUBLISH_NO_LDAP_SERVER"));
                 throw new ELdapServerDownException(CMS.getUserMessage("CMS_LDAP_SERVER_UNAVAILABLE", conn.getHost(), "" + conn.getPort()));
             } else if (e.getLDAPResultCode() == LDAPException.NO_SUCH_OBJECT && mCreateCAEntry) {
                 try {
@@ -246,8 +243,7 @@ public class LdapCaSimpleMap implements ILdapMapper, IExtendedPluginInfo {
                     } else {
                         log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_CA_ENTRY_NOT_CREATED1"));
                     }
-                    throw new
-                        ELdapException(CMS.getUserMessage("CMS_LDAP_CREATE_CA_FAILED", dn));
+                    throw new ELdapException(CMS.getUserMessage("CMS_LDAP_CREATE_CA_FAILED", dn));
                 }
             } else {
                 log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_DN_MAP_EXCEPTION", dn, e.toString()));
@@ -260,19 +256,19 @@ public class LdapCaSimpleMap implements ILdapMapper, IExtendedPluginInfo {
     }
 
     private void createCAEntry(LDAPConnection conn, String dn)
-        throws LDAPException {
+            throws LDAPException {
         LDAPAttributeSet attrs = new LDAPAttributeSet();
         // OID 2.5.6.16
-        String caOc[] = new String[] {"top", 
-                "person", 
-                "organizationalPerson", 
-                "inetOrgPerson"}; 
-		   
-        String oOc[] = {"top", 
-                "organization"};
-        String oiOc[] = {"top", 
-                "organizationalunit"};
-		   
+        String caOc[] = new String[] { "top",
+                "person",
+                "organizationalPerson",
+                "inetOrgPerson" };
+
+        String oOc[] = { "top",
+                "organization" };
+        String oiOc[] = { "top",
+                "organizationalunit" };
+
         DN dnobj = new DN(dn);
         String attrval[] = dnobj.explodeDN(true);
 
@@ -286,6 +282,7 @@ public class LdapCaSimpleMap implements ILdapMapper, IExtendedPluginInfo {
 
     /**
      * form a dn from component in the request and cert subject name
+     * 
      * @param req The request
      * @param obj The certificate or crl
      */
@@ -296,13 +293,13 @@ public class LdapCaSimpleMap implements ILdapMapper, IExtendedPluginInfo {
         try {
             X509Certificate cert = (X509Certificate) obj;
 
-            subjectDN = 
+            subjectDN =
                     (X500Name) ((X509Certificate) cert).getSubjectDN();
 
             CMS.debug("LdapCaSimpleMap: cert subject dn:" + subjectDN.toString());
             X509CertInfo info = (X509CertInfo)
-                ((X509CertImpl) cert).get(
-                    X509CertImpl.NAME + "." + X509CertImpl.INFO);
+                    ((X509CertImpl) cert).get(
+                            X509CertImpl.NAME + "." + X509CertImpl.INFO);
 
             certExt = (CertificateExtensions) info.get(
                         CertificateExtensions.NAME);
@@ -316,12 +313,12 @@ public class LdapCaSimpleMap implements ILdapMapper, IExtendedPluginInfo {
             try {
                 X509CRLImpl crl = (X509CRLImpl) obj;
 
-                subjectDN = 
+                subjectDN =
                         (X500Name) ((X509CRLImpl) crl).getIssuerDN();
 
                 CMS.debug("LdapCaSimpleMap: crl issuer dn: " +
-                    subjectDN.toString());
-            }catch (ClassCastException ex) {
+                        subjectDN.toString());
+            } catch (ClassCastException ex) {
                 log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_PUBLISH_OBJ_NOT_SUPPORTED",
                         ((req == null) ? "" : req.getRequestId().toString())));
                 return null;
@@ -332,9 +329,9 @@ public class LdapCaSimpleMap implements ILdapMapper, IExtendedPluginInfo {
 
             return dn;
         } catch (ELdapException e) {
-            log(ILogger.LL_FAILURE, 
-                CMS.getLogMessage("PUBLISH_CANT_FORM_DN",
-                    ((req == null) ? "" : req.getRequestId().toString()), e.toString()));
+            log(ILogger.LL_FAILURE,
+                    CMS.getLogMessage("PUBLISH_CANT_FORM_DN",
+                            ((req == null) ? "" : req.getRequestId().toString()), e.toString()));
             throw new EBaseException("falied to form dn for request: " +
                     ((req == null) ? "" : req.getRequestId().toString()) + " " + e);
         }
@@ -362,9 +359,9 @@ public class LdapCaSimpleMap implements ILdapMapper, IExtendedPluginInfo {
         try {
             if (mDnPattern == null) {
                 v.addElement(PROP_DNPATTERN + "=");
-            }else {
+            } else {
                 v.addElement(PROP_DNPATTERN + "=" +
-                    mConfig.getString(PROP_DNPATTERN));
+                        mConfig.getString(PROP_DNPATTERN));
             }
             v.addElement(PROP_CREATECA + "=" + mConfig.getBoolean(PROP_CREATECA, true));
         } catch (Exception e) {
@@ -374,8 +371,7 @@ public class LdapCaSimpleMap implements ILdapMapper, IExtendedPluginInfo {
 
     private void log(int level, String msg) {
         mLogger.log(ILogger.EV_SYSTEM, ILogger.S_LDAP, level,
-            "LdapCaSimpleMapper: " + msg);
+                "LdapCaSimpleMapper: " + msg);
     }
 
 }
-
diff --git a/pki/base/common/src/com/netscape/cms/publish/mappers/LdapCertCompsMap.java b/pki/base/common/src/com/netscape/cms/publish/mappers/LdapCertCompsMap.java
index 17c562ce..0b510472 100644
--- a/pki/base/common/src/com/netscape/cms/publish/mappers/LdapCertCompsMap.java
+++ b/pki/base/common/src/com/netscape/cms/publish/mappers/LdapCertCompsMap.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.publish.mappers;
 
-
 import java.security.cert.CRLException;
 import java.security.cert.CertificateEncodingException;
 import java.security.cert.X509Certificate;
@@ -34,22 +33,20 @@ import com.netscape.certsrv.logging.ILogger;
 import com.netscape.certsrv.publish.ILdapMapper;
 import com.netscape.certsrv.request.IRequest;
 
-
-/** 
- * Maps a X509 certificate to a LDAP entry using AVAs in the certificate's 
- * subject name to form the ldap search dn and filter.
- * Takes a optional root search dn.
- * The DN comps are used to form a LDAP entry to begin a subtree search.
- * The filter comps are used to form a search filter for the subtree.
- * If none of the DN comps matched, baseDN is used for the subtree.
- * If the baseDN is null and none of the DN comps matched, it is an error.
- * If none of the DN comps and filter comps matched, it is an error.
- * If just the filter comps is null, a base search is performed.
- *
+/**
+ * Maps a X509 certificate to a LDAP entry using AVAs in the certificate's
+ * subject name to form the ldap search dn and filter. Takes a optional root
+ * search dn. The DN comps are used to form a LDAP entry to begin a subtree
+ * search. The filter comps are used to form a search filter for the subtree. If
+ * none of the DN comps matched, baseDN is used for the subtree. If the baseDN
+ * is null and none of the DN comps matched, it is an error. If none of the DN
+ * comps and filter comps matched, it is an error. If just the filter comps is
+ * null, a base search is performed.
+ * 
  * @version $Revision$, $Date$
  */
-public class LdapCertCompsMap 
-    extends LdapDNCompsMap implements ILdapMapper {
+public class LdapCertCompsMap
+        extends LdapDNCompsMap implements ILdapMapper {
     ILogger mLogger = CMS.getLogger();
 
     public LdapCertCompsMap() {
@@ -57,22 +54,22 @@ public class LdapCertCompsMap
         // via configuration
     }
 
-    /** 
+    /**
      * Constructor.
-     *
-     * The DN comps are used to form a LDAP entry to begin a subtree search.
-     * The filter comps are used to form a search filter for the subtree.
-     * If none of the DN comps matched, baseDN is used for the subtree.
-     * If the baseDN is null and none of the DN comps matched, it is an error.
-     * If none of the DN comps and filter comps matched, it is an error.
-     * If just the filter comps is null, a base search is performed.
      * 
-     * @param baseDN The base DN. 
+     * The DN comps are used to form a LDAP entry to begin a subtree search. The
+     * filter comps are used to form a search filter for the subtree. If none of
+     * the DN comps matched, baseDN is used for the subtree. If the baseDN is
+     * null and none of the DN comps matched, it is an error. If none of the DN
+     * comps and filter comps matched, it is an error. If just the filter comps
+     * is null, a base search is performed.
+     * 
+     * @param baseDN The base DN.
      * @param dnComps Components to form the LDAP base dn for search.
      * @param filterComps Components to form the LDAP search filter.
      */
     public LdapCertCompsMap(String baseDN, ObjectIdentifier[] dnComps,
-        ObjectIdentifier[] filterComps) {
+            ObjectIdentifier[] filterComps) {
         init(baseDN, dnComps, filterComps);
     }
 
@@ -99,40 +96,38 @@ public class LdapCertCompsMap
     /**
      * constructor using non-standard certificate attribute.
      */
-    public LdapCertCompsMap(String certAttr, String baseDN, 
-        ObjectIdentifier[] dnComps,
-        ObjectIdentifier[] filterComps) {
+    public LdapCertCompsMap(String certAttr, String baseDN,
+            ObjectIdentifier[] dnComps,
+            ObjectIdentifier[] filterComps) {
         super(certAttr, baseDN, dnComps, filterComps);
     }
 
     protected void init(String baseDN, ObjectIdentifier[] dnComps,
-        ObjectIdentifier[] filterComps) {
+            ObjectIdentifier[] filterComps) {
         super.init(baseDN, dnComps, filterComps);
     }
 
     /**
-     * Maps a certificate to LDAP entry.
-     * Uses DN components and filter components to form a DN and 
-     * filter for a LDAP search.
-     * If the formed DN is null the baseDN will be used.
-     * If the formed DN is null and baseDN is null an error is thrown.
-     * If the filter is null a base search is performed.
-     * If both are null an error is thrown.
+     * Maps a certificate to LDAP entry. Uses DN components and filter
+     * components to form a DN and filter for a LDAP search. If the formed DN is
+     * null the baseDN will be used. If the formed DN is null and baseDN is null
+     * an error is thrown. If the filter is null a base search is performed. If
+     * both are null an error is thrown.
      * 
      * @param conn - the LDAP connection.
      * @param obj - the X509Certificate.
      */
     public String
-    map(LDAPConnection conn, Object obj)
-        throws ELdapException {
+            map(LDAPConnection conn, Object obj)
+                    throws ELdapException {
         if (conn == null)
             return null;
         try {
             X509Certificate cert = (X509Certificate) obj;
             String result = null;
             // form dn and filter for search.
-            X500Name subjectDN = 
-                (X500Name) ((X509Certificate) cert).getSubjectDN();
+            X500Name subjectDN =
+                    (X500Name) ((X509Certificate) cert).getSubjectDN();
 
             CMS.debug("LdapCertCompsMap: " + subjectDN.toString());
 
@@ -148,8 +143,8 @@ public class LdapCertCompsMap
             try {
                 X509CRLImpl crl = (X509CRLImpl) obj;
                 String result = null;
-                X500Name issuerDN = 
-                    (X500Name) ((X509CRLImpl) crl).getIssuerDN();
+                X500Name issuerDN =
+                        (X500Name) ((X509CRLImpl) crl).getIssuerDN();
 
                 CMS.debug("LdapCertCompsMap: " + issuerDN.toString());
 
@@ -168,14 +163,13 @@ public class LdapCertCompsMap
     }
 
     public String map(LDAPConnection conn, IRequest req, Object obj)
-        throws ELdapException {
+            throws ELdapException {
         return map(conn, obj);
     }
 
     private void log(int level, String msg) {
         mLogger.log(ILogger.EV_SYSTEM, ILogger.S_LDAP, level,
-            "LdapCertCompsMap: " + msg);
+                "LdapCertCompsMap: " + msg);
     }
 
 }
-
diff --git a/pki/base/common/src/com/netscape/cms/publish/mappers/LdapCertExactMap.java b/pki/base/common/src/com/netscape/cms/publish/mappers/LdapCertExactMap.java
index 7eded9cd..d8e95d60 100644
--- a/pki/base/common/src/com/netscape/cms/publish/mappers/LdapCertExactMap.java
+++ b/pki/base/common/src/com/netscape/cms/publish/mappers/LdapCertExactMap.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.publish.mappers;
 
-
 import java.security.cert.X509Certificate;
 import java.util.Locale;
 import java.util.Vector;
@@ -41,11 +40,10 @@ import com.netscape.certsrv.logging.ILogger;
 import com.netscape.certsrv.publish.ILdapMapper;
 import com.netscape.certsrv.request.IRequest;
 
-
-/** 
- * Maps a X509 certificate to a LDAP entry by using the subject name
- * of the certificate as the LDAP entry DN.
- *
+/**
+ * Maps a X509 certificate to a LDAP entry by using the subject name of the
+ * certificate as the LDAP entry DN.
+ * 
  * @version $Revision$, $Date$
  */
 public class LdapCertExactMap implements ILdapMapper, IExtendedPluginInfo {
@@ -64,7 +62,7 @@ public class LdapCertExactMap implements ILdapMapper, IExtendedPluginInfo {
     }
 
     public void init(IConfigStore config)
-        throws EBaseException {
+            throws EBaseException {
         if (mInited == true)
             return;
         mConfig = config;
@@ -74,9 +72,9 @@ public class LdapCertExactMap implements ILdapMapper, IExtendedPluginInfo {
     public String[] getExtendedPluginInfo(Locale locale) {
         String[] params = {
                 IExtendedPluginInfo.HELP_TOKEN +
-                ";configuration-ldappublish-mapper-certexactmapper",
+                        ";configuration-ldappublish-mapper-certexactmapper",
                 IExtendedPluginInfo.HELP_TEXT +
-                ";Literally uses the subject name of the certificate as the DN to publish to"
+                        ";Literally uses the subject name of the certificate as the DN to publish to"
             };
 
         return params;
@@ -95,7 +93,7 @@ public class LdapCertExactMap implements ILdapMapper, IExtendedPluginInfo {
 
         return v;
     }
-	
+
     public Vector<String> getInstanceParams() {
         Vector<String> v = new Vector<String>();
 
@@ -103,15 +101,15 @@ public class LdapCertExactMap implements ILdapMapper, IExtendedPluginInfo {
     }
 
     /**
-     * Finds the entry for the certificate by looking for the cert 
-     * subject name in the subject name attribute.
+     * Finds the entry for the certificate by looking for the cert subject name
+     * in the subject name attribute.
      * 
      * @param conn - the LDAP connection.
      * @param obj - the X509Certificate.
-     */ 
+     */
     public String
-    map(LDAPConnection conn, Object obj)
-        throws ELdapException {
+            map(LDAPConnection conn, Object obj)
+                    throws ELdapException {
         if (conn == null)
             return null;
 
@@ -120,7 +118,7 @@ public class LdapCertExactMap implements ILdapMapper, IExtendedPluginInfo {
         try {
             X509Certificate cert = (X509Certificate) obj;
 
-            subjectDN = 
+            subjectDN =
                     (X500Name) ((X509Certificate) cert).getSubjectDN();
 
             CMS.debug("LdapCertExactMap: cert subject dn:" + subjectDN.toString());
@@ -128,12 +126,12 @@ public class LdapCertExactMap implements ILdapMapper, IExtendedPluginInfo {
             try {
                 X509CRLImpl crl = (X509CRLImpl) obj;
 
-                subjectDN = 
+                subjectDN =
                         (X500Name) ((X509CRLImpl) crl).getIssuerDN();
 
                 CMS.debug("LdapCertExactMap: crl issuer dn: " +
-                    subjectDN.toString());
-            }catch (ClassCastException ex) {
+                        subjectDN.toString());
+            } catch (ClassCastException ex) {
                 log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_NOT_SUPPORTED_OBJECT"));
                 return null;
             }
@@ -141,19 +139,19 @@ public class LdapCertExactMap implements ILdapMapper, IExtendedPluginInfo {
         try {
             boolean hasCert = false;
             boolean hasSubjectName = false;
-            String[] attrs = new String[] { LDAPv3.NO_ATTRS }; 
+            String[] attrs = new String[] { LDAPv3.NO_ATTRS };
 
             log(ILogger.LL_INFO, "Searching for " + subjectDN.toString());
 
-            LDAPSearchResults results = 
-                conn.search(subjectDN.toString(), LDAPv2.SCOPE_BASE, 
-                    "(objectclass=*)", attrs, false);
-							
+            LDAPSearchResults results =
+                    conn.search(subjectDN.toString(), LDAPv2.SCOPE_BASE,
+                            "(objectclass=*)", attrs, false);
+
             LDAPEntry entry = results.next();
 
             if (results.hasMoreElements()) {
-                log(ILogger.LL_FAILURE, 
-                    CMS.getLogMessage("PUBLISH_MORE_THAN_ONE_ENTRY", "", subjectDN.toString()));
+                log(ILogger.LL_FAILURE,
+                        CMS.getLogMessage("PUBLISH_MORE_THAN_ONE_ENTRY", "", subjectDN.toString()));
             }
             if (entry != null) {
                 log(ILogger.LL_INFO, "entry found");
@@ -165,7 +163,7 @@ public class LdapCertExactMap implements ILdapMapper, IExtendedPluginInfo {
                 // need to intercept this because message from LDAP is
                 // "DSA is unavailable" which confuses with DSA PKI.
                 log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("PUBLISH_NO_LDAP_SERVER"));
+                        CMS.getLogMessage("PUBLISH_NO_LDAP_SERVER"));
                 throw new ELdapServerDownException(CMS.getUserMessage("CMS_LDAP_SERVER_UNAVAILABLE", conn.getHost(), "" + conn.getPort()));
             } else {
                 log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_DN_MAP_EXCEPTION", e.toString()));
@@ -174,30 +172,23 @@ public class LdapCertExactMap implements ILdapMapper, IExtendedPluginInfo {
         }
 
         /*
-         catch (IOException e) {
-         log(ILogger.LL_FAILURE, 
-         CMS.getLogMessage("PUBLISH_CANT_GET_SUBJECT", e.toString()));
-         throw new ELdapException(
-         LdapResources.GET_CERT_SUBJECT_DN_FAILED, e);
-         }
-         catch (CertificateEncodingException e) {
-         log(ILogger.LL_FAILURE, 
-         CMS.getLogMessage("PUBLISH_CANT_DECODE_CERT", e.toString()));
-         throw new ELdapException(
-         LdapResources.GET_DER_ENCODED_CERT_FAILED, e);
-         }
+         * catch (IOException e) { log(ILogger.LL_FAILURE,
+         * CMS.getLogMessage("PUBLISH_CANT_GET_SUBJECT", e.toString())); throw
+         * new ELdapException( LdapResources.GET_CERT_SUBJECT_DN_FAILED, e); }
+         * catch (CertificateEncodingException e) { log(ILogger.LL_FAILURE,
+         * CMS.getLogMessage("PUBLISH_CANT_DECODE_CERT", e.toString())); throw
+         * new ELdapException( LdapResources.GET_DER_ENCODED_CERT_FAILED, e); }
          */
     }
 
     public String map(LDAPConnection conn, IRequest req, Object obj)
-        throws ELdapException {
+            throws ELdapException {
         return map(conn, obj);
     }
 
     private void log(int level, String msg) {
-        mLogger.log(ILogger.EV_SYSTEM, ILogger.S_LDAP, level, 
-            "LdapCertExactMap: " + msg);
+        mLogger.log(ILogger.EV_SYSTEM, ILogger.S_LDAP, level,
+                "LdapCertExactMap: " + msg);
     }
 
 }
-
diff --git a/pki/base/common/src/com/netscape/cms/publish/mappers/LdapCertSubjMap.java b/pki/base/common/src/com/netscape/cms/publish/mappers/LdapCertSubjMap.java
index 42db2b27..a999cd0f 100644
--- a/pki/base/common/src/com/netscape/cms/publish/mappers/LdapCertSubjMap.java
+++ b/pki/base/common/src/com/netscape/cms/publish/mappers/LdapCertSubjMap.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.publish.mappers;
 
-
 import java.security.cert.X509Certificate;
 import java.util.Locale;
 import java.util.Vector;
@@ -41,11 +40,10 @@ import com.netscape.certsrv.logging.ILogger;
 import com.netscape.certsrv.publish.ILdapMapper;
 import com.netscape.certsrv.request.IRequest;
 
-
-/** 
- * Maps a X509 certificate to a LDAP entry by finding an LDAP entry
- * which has an attribute whose contents are equal to the cert subject name.
- *
+/**
+ * Maps a X509 certificate to a LDAP entry by finding an LDAP entry which has an
+ * attribute whose contents are equal to the cert subject name.
+ * 
  * @version $Revision$, $Date$
  */
 public class LdapCertSubjMap implements ILdapMapper, IExtendedPluginInfo {
@@ -64,8 +62,9 @@ public class LdapCertSubjMap implements ILdapMapper, IExtendedPluginInfo {
 
     /**
      * constructs a certificate subject name mapper with search base.
-     * @param searchBase the dn to start searching for the certificate 
-     * subject name.
+     * 
+     * @param searchBase the dn to start searching for the certificate subject
+     *            name.
      */
     public LdapCertSubjMap(String searchBase) {
         if (searchBase == null)
@@ -82,10 +81,10 @@ public class LdapCertSubjMap implements ILdapMapper, IExtendedPluginInfo {
      * @param certSubjNameAttr attribute for certificate subject names.
      * @param certAttr attribute to find certificate.
      */
-    public LdapCertSubjMap(String searchBase, 
-        String certSubjNameAttr, String certAttr) {
-        if (searchBase == null || 
-            certSubjNameAttr == null || certAttr == null) 
+    public LdapCertSubjMap(String searchBase,
+            String certSubjNameAttr, String certAttr) {
+        if (searchBase == null ||
+                certSubjNameAttr == null || certAttr == null)
             throw new IllegalArgumentException(
                     "a null argument to constructor " + this.getClass().getName());
         mCertSubjNameAttr = certSubjNameAttr;
@@ -93,10 +92,10 @@ public class LdapCertSubjMap implements ILdapMapper, IExtendedPluginInfo {
         mInited = true;
     }
 
-    public LdapCertSubjMap(String searchBase, 
-        String certSubjNameAttr, String certAttr, boolean useAllEntries) {
-        if (searchBase == null || 
-            certSubjNameAttr == null || certAttr == null) 
+    public LdapCertSubjMap(String searchBase,
+            String certSubjNameAttr, String certAttr, boolean useAllEntries) {
+        if (searchBase == null ||
+                certSubjNameAttr == null || certAttr == null)
             throw new IllegalArgumentException(
                     "a null argument to constructor " + this.getClass().getName());
         mCertSubjNameAttr = certSubjNameAttr;
@@ -128,15 +127,15 @@ public class LdapCertSubjMap implements ILdapMapper, IExtendedPluginInfo {
                 "searchBase;string;Base DN to search from",
                 "useAllEntries;boolean;Use all entries for publishing",
                 IExtendedPluginInfo.HELP_TOKEN +
-                ";configuration-ldappublish-mapper-certsubjmapper",
+                        ";configuration-ldappublish-mapper-certsubjmapper",
                 IExtendedPluginInfo.HELP_TEXT +
-                ";This plugin assumes you want to publish to an LDAP entry which has " +
-                "an attribute whose contents are equal to the cert subject name"
+                        ";This plugin assumes you want to publish to an LDAP entry which has " +
+                        "an attribute whose contents are equal to the cert subject name"
             };
 
         return params;
     }
-	
+
     public Vector<String> getInstanceParams() {
         Vector<String> v = new Vector<String>();
 
@@ -159,7 +158,7 @@ public class LdapCertSubjMap implements ILdapMapper, IExtendedPluginInfo {
     }
 
     public void init(IConfigStore config)
-        throws EBaseException {
+            throws EBaseException {
         if (mInited == true)
             return;
         mConfig = config;
@@ -171,15 +170,15 @@ public class LdapCertSubjMap implements ILdapMapper, IExtendedPluginInfo {
     }
 
     /**
-     * Finds the entry for the certificate by looking for the cert 
-     * subject name in the subject name attribute.
+     * Finds the entry for the certificate by looking for the cert subject name
+     * in the subject name attribute.
      * 
      * @param conn - the LDAP connection.
      * @param obj - the X509Certificate.
-     */ 
+     */
     public String
-    map(LDAPConnection conn, Object obj)
-        throws ELdapException {
+            map(LDAPConnection conn, Object obj)
+                    throws ELdapException {
         if (conn == null)
             return null;
         X500Name subjectDN = null;
@@ -187,7 +186,7 @@ public class LdapCertSubjMap implements ILdapMapper, IExtendedPluginInfo {
         try {
             X509Certificate cert = (X509Certificate) obj;
 
-            subjectDN = 
+            subjectDN =
                     (X500Name) ((X509Certificate) cert).getSubjectDN();
 
             CMS.debug("LdapCertSubjMap: cert subject dn:" + subjectDN.toString());
@@ -195,12 +194,12 @@ public class LdapCertSubjMap implements ILdapMapper, IExtendedPluginInfo {
             try {
                 X509CRLImpl crl = (X509CRLImpl) obj;
 
-                subjectDN = 
+                subjectDN =
                         (X500Name) ((X509CRLImpl) crl).getIssuerDN();
 
                 CMS.debug("LdapCertSubjMap: crl issuer dn: " +
-                    subjectDN.toString());
-            }catch (ClassCastException ex) {
+                        subjectDN.toString());
+            } catch (ClassCastException ex) {
                 log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_NOT_SUPPORTED_OBJECT"));
                 return null;
             }
@@ -208,20 +207,20 @@ public class LdapCertSubjMap implements ILdapMapper, IExtendedPluginInfo {
         try {
             boolean hasCert = false;
             boolean hasSubjectName = false;
-            String[] attrs = new String[] { LDAPv3.NO_ATTRS }; 
+            String[] attrs = new String[] { LDAPv3.NO_ATTRS };
 
             log(ILogger.LL_INFO, "search " + mSearchBase +
-                " (" + mCertSubjNameAttr + "=" + subjectDN + ") " + mCertSubjNameAttr);
+                    " (" + mCertSubjNameAttr + "=" + subjectDN + ") " + mCertSubjNameAttr);
+
+            LDAPSearchResults results =
+                    conn.search(mSearchBase, LDAPv2.SCOPE_SUB,
+                            "(" + mCertSubjNameAttr + "=" + subjectDN + ")", attrs, false);
 
-            LDAPSearchResults results = 
-                conn.search(mSearchBase, LDAPv2.SCOPE_SUB, 
-                    "(" + mCertSubjNameAttr + "=" + subjectDN + ")", attrs, false);
-							
             LDAPEntry entry = results.next();
 
             if (results.hasMoreElements()) {
-                log(ILogger.LL_FAILURE, 
-                    CMS.getLogMessage("PUBLISH_MORE_THAN_ONE_ENTRY", "", subjectDN.toString()));
+                log(ILogger.LL_FAILURE,
+                        CMS.getLogMessage("PUBLISH_MORE_THAN_ONE_ENTRY", "", subjectDN.toString()));
             }
             if (entry != null) {
                 log(ILogger.LL_INFO, "entry found");
@@ -233,38 +232,32 @@ public class LdapCertSubjMap implements ILdapMapper, IExtendedPluginInfo {
                 // need to intercept this because message from LDAP is
                 // "DSA is unavailable" which confuses with DSA PKI.
                 log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("PUBLISH_NO_LDAP_SERVER"));
+                        CMS.getLogMessage("PUBLISH_NO_LDAP_SERVER"));
                 throw new ELdapServerDownException(CMS.getUserMessage("CMS_LDAP_SERVER_UNAVAILABLE", conn.getHost(), "" + conn.getPort()));
             } else {
-                log(ILogger.LL_FAILURE, 
-                    CMS.getLogMessage("PUBLISH_DN_MAP_EXCEPTION", "LDAPException", e.toString()));
+                log(ILogger.LL_FAILURE,
+                        CMS.getLogMessage("PUBLISH_DN_MAP_EXCEPTION", "LDAPException", e.toString()));
                 throw new ELdapException(CMS.getUserMessage("CMS_LDAP_NO_MATCH_FOUND", e.toString()));
             }
         }
 
         /*
-         catch (IOException e) {
-         log(ILogger.LL_FAILURE, 
-         CMS.getLogMessage("PUBLISH_CANT_GET_SUBJECT", e.toString()));
-         throw new ELdapException(
-         LdapResources.GET_CERT_SUBJECT_DN_FAILED, e);
-         }
-         catch (CertificateEncodingException e) {
-         log(ILogger.LL_FAILURE, 
-         CMS.getLogMessage("PUBLISH_CANT_DECODE_CERT", e.toString()));
-         throw new ELdapException(
-         LdapResources.GET_DER_ENCODED_CERT_FAILED, e);
-         }
+         * catch (IOException e) { log(ILogger.LL_FAILURE,
+         * CMS.getLogMessage("PUBLISH_CANT_GET_SUBJECT", e.toString())); throw
+         * new ELdapException( LdapResources.GET_CERT_SUBJECT_DN_FAILED, e); }
+         * catch (CertificateEncodingException e) { log(ILogger.LL_FAILURE,
+         * CMS.getLogMessage("PUBLISH_CANT_DECODE_CERT", e.toString())); throw
+         * new ELdapException( LdapResources.GET_DER_ENCODED_CERT_FAILED, e); }
          */
     }
 
     public String map(LDAPConnection conn, IRequest req, Object obj)
-        throws ELdapException {
+            throws ELdapException {
         return map(conn, obj);
     }
 
     public Vector<String> mapAll(LDAPConnection conn, Object obj)
-        throws ELdapException {
+            throws ELdapException {
         Vector<String> v = new Vector<String>();
 
         if (conn == null)
@@ -282,20 +275,20 @@ public class LdapCertSubjMap implements ILdapMapper, IExtendedPluginInfo {
         try {
             boolean hasCert = false;
             boolean hasSubjectName = false;
-            String[] attrs = new String[] { LDAPv3.NO_ATTRS }; 
+            String[] attrs = new String[] { LDAPv3.NO_ATTRS };
 
             log(ILogger.LL_INFO, "search " + mSearchBase +
-                " (" + mCertSubjNameAttr + "=" + subjectDN + ") " + mCertSubjNameAttr);
+                    " (" + mCertSubjNameAttr + "=" + subjectDN + ") " + mCertSubjNameAttr);
+
+            LDAPSearchResults results =
+                    conn.search(mSearchBase, LDAPv2.SCOPE_SUB,
+                            "(" + mCertSubjNameAttr + "=" + subjectDN + ")", attrs, false);
 
-            LDAPSearchResults results = 
-                conn.search(mSearchBase, LDAPv2.SCOPE_SUB, 
-                    "(" + mCertSubjNameAttr + "=" + subjectDN + ")", attrs, false);
-			
             while (results.hasMoreElements()) {
                 LDAPEntry entry = results.next();
                 String dn = entry.getDN();
                 v.addElement(dn);
-                CMS.debug("LdapCertSubjMap: dn="+dn);
+                CMS.debug("LdapCertSubjMap: dn=" + dn);
             }
             CMS.debug("LdapCertSubjMap: Number of entries: " + v.size());
         } catch (LDAPException e) {
@@ -303,11 +296,11 @@ public class LdapCertSubjMap implements ILdapMapper, IExtendedPluginInfo {
                 // need to intercept this because message from LDAP is
                 // "DSA is unavailable" which confuses with DSA PKI.
                 log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("PUBLISH_NO_LDAP_SERVER"));
+                        CMS.getLogMessage("PUBLISH_NO_LDAP_SERVER"));
                 throw new ELdapServerDownException(CMS.getUserMessage("CMS_LDAP_SERVER_UNAVAILABLE", conn.getHost(), "" + conn.getPort()));
             } else {
-                log(ILogger.LL_FAILURE, 
-                    CMS.getLogMessage("PUBLISH_DN_MAP_EXCEPTION", "LDAPException", e.toString()));
+                log(ILogger.LL_FAILURE,
+                        CMS.getLogMessage("PUBLISH_DN_MAP_EXCEPTION", "LDAPException", e.toString()));
                 throw new ELdapException(CMS.getUserMessage("CMS_LDAP_NO_MATCH_FOUND", e.toString()));
             }
         }
@@ -316,13 +309,13 @@ public class LdapCertSubjMap implements ILdapMapper, IExtendedPluginInfo {
     }
 
     public Vector<String> mapAll(LDAPConnection conn, IRequest req, Object obj)
-        throws ELdapException {
+            throws ELdapException {
         return mapAll(conn, obj);
     }
 
     private void log(int level, String msg) {
-        mLogger.log(ILogger.EV_SYSTEM, ILogger.S_LDAP, level, 
-            "LdapCertSubjMap: " + msg);
+        mLogger.log(ILogger.EV_SYSTEM, ILogger.S_LDAP, level,
+                "LdapCertSubjMap: " + msg);
     }
 
     /**
@@ -344,4 +337,3 @@ public class LdapCertSubjMap implements ILdapMapper, IExtendedPluginInfo {
     }
 
 }
-
diff --git a/pki/base/common/src/com/netscape/cms/publish/mappers/LdapCrlIssuerCompsMap.java b/pki/base/common/src/com/netscape/cms/publish/mappers/LdapCrlIssuerCompsMap.java
index 40283e98..4155cad4 100644
--- a/pki/base/common/src/com/netscape/cms/publish/mappers/LdapCrlIssuerCompsMap.java
+++ b/pki/base/common/src/com/netscape/cms/publish/mappers/LdapCrlIssuerCompsMap.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.publish.mappers;
 
-
 import java.security.cert.CRLException;
 import java.util.Vector;
 
@@ -32,16 +31,14 @@ import com.netscape.certsrv.logging.ILogger;
 import com.netscape.certsrv.publish.ILdapMapper;
 import com.netscape.certsrv.request.IRequest;
 
-
-/** 
- * Default crl mapper. 
- * maps the crl to a ldap entry by using components in the issuer name
- * to find the CA's entry.
- *
+/**
+ * Default crl mapper. maps the crl to a ldap entry by using components in the
+ * issuer name to find the CA's entry.
+ * 
  * @version $Revision$, $Date$
  */
-public class LdapCrlIssuerCompsMap 
-    extends LdapDNCompsMap implements ILdapMapper {
+public class LdapCrlIssuerCompsMap
+        extends LdapDNCompsMap implements ILdapMapper {
     ILogger mLogger = CMS.getLogger();
 
     public LdapCrlIssuerCompsMap() {
@@ -49,31 +46,31 @@ public class LdapCrlIssuerCompsMap
         // via configuration
     }
 
-    /** 
+    /**
      * Constructor.
-     *
-     * The DN comps are used to form a LDAP entry to begin a subtree search.
-     * The filter comps are used to form a search filter for the subtree.
-     * If none of the DN comps matched, baseDN is used for the subtree.
-     * If the baseDN is null and none of the DN comps matched, it is an error.
-     * If none of the DN comps and filter comps matched, it is an error.
-     * If just the filter comps is null, a base search is performed.
      * 
-     * @param baseDN The base DN. 
+     * The DN comps are used to form a LDAP entry to begin a subtree search. The
+     * filter comps are used to form a search filter for the subtree. If none of
+     * the DN comps matched, baseDN is used for the subtree. If the baseDN is
+     * null and none of the DN comps matched, it is an error. If none of the DN
+     * comps and filter comps matched, it is an error. If just the filter comps
+     * is null, a base search is performed.
+     * 
+     * @param baseDN The base DN.
      * @param dnComps Components to form the LDAP base dn for search.
      * @param filterComps Components to form the LDAP search filter.
      */
     public LdapCrlIssuerCompsMap(String baseDN, ObjectIdentifier[] dnComps,
-        ObjectIdentifier[] filterComps) {
+            ObjectIdentifier[] filterComps) {
         init(baseDN, dnComps, filterComps);
     }
 
     /**
      * constructor using non-standard certificate attribute.
      */
-    public LdapCrlIssuerCompsMap(String crlAttr, String baseDN, 
-        ObjectIdentifier[] dnComps,
-        ObjectIdentifier[] filterComps) {
+    public LdapCrlIssuerCompsMap(String crlAttr, String baseDN,
+            ObjectIdentifier[] dnComps,
+            ObjectIdentifier[] filterComps) {
         super(crlAttr, baseDN, dnComps, filterComps);
     }
 
@@ -88,7 +85,7 @@ public class LdapCrlIssuerCompsMap
     public Vector getDefaultParams() {
         Vector v = super.getDefaultParams();
 
-        //v.addElement("crlAttr=" + LdapCrlPublisher.LDAP_CRL_ATTR);
+        // v.addElement("crlAttr=" + LdapCrlPublisher.LDAP_CRL_ATTR);
         return v;
     }
 
@@ -99,35 +96,33 @@ public class LdapCrlIssuerCompsMap
     }
 
     protected void init(String baseDN, ObjectIdentifier[] dnComps,
-        ObjectIdentifier[] filterComps) {
-        //mLdapAttr = LdapCrlPublisher.LDAP_CRL_ATTR;
+            ObjectIdentifier[] filterComps) {
+        // mLdapAttr = LdapCrlPublisher.LDAP_CRL_ATTR;
         super.init(baseDN, dnComps, filterComps);
     }
 
     /**
-     * Maps a crl to LDAP entry.
-     * Uses issuer DN components and filter components to form a DN and 
-     * filter for a LDAP search.
-     * If the formed DN is null the baseDN will be used.
-     * If the formed DN is null and baseDN is null an error is thrown.
-     * If the filter is null a base search is performed.
-     * If both are null an error is thrown.
+     * Maps a crl to LDAP entry. Uses issuer DN components and filter components
+     * to form a DN and filter for a LDAP search. If the formed DN is null the
+     * baseDN will be used. If the formed DN is null and baseDN is null an error
+     * is thrown. If the filter is null a base search is performed. If both are
+     * null an error is thrown.
      * 
      * @param conn - the LDAP connection.
      * @param obj - the X509Certificate.
      * @return the result. LdapCertMapResult is also used for CRL.
-     */ 
+     */
     public String
-    map(LDAPConnection conn, Object obj)
-        throws ELdapException {
+            map(LDAPConnection conn, Object obj)
+                    throws ELdapException {
         if (conn == null)
             return null;
         X509CRLImpl crl = (X509CRLImpl) obj;
 
         try {
             String result = null;
-            X500Name issuerDN = 
-                (X500Name) ((X509CRLImpl) crl).getIssuerDN();
+            X500Name issuerDN =
+                    (X500Name) ((X509CRLImpl) crl).getIssuerDN();
 
             CMS.debug("LdapCrlIssuerCompsMap: " + issuerDN.toString());
 
@@ -136,14 +131,14 @@ public class LdapCrlIssuerCompsMap
             result = super.map(conn, issuerDN, crlbytes);
             return result;
         } catch (CRLException e) {
-            log(ILogger.LL_FAILURE, 
-                CMS.getLogMessage("PUBLISH_CANT_DECODE_CRL", e.toString()));
+            log(ILogger.LL_FAILURE,
+                    CMS.getLogMessage("PUBLISH_CANT_DECODE_CRL", e.toString()));
             throw new ELdapException(CMS.getUserMessage("CMS_LDAP_GET_DER_ENCODED_CRL_FAILED", e.toString()));
         }
     }
 
     public String map(LDAPConnection conn, IRequest req, Object obj)
-        throws ELdapException {
+            throws ELdapException {
         return map(conn, obj);
     }
 
@@ -152,8 +147,7 @@ public class LdapCrlIssuerCompsMap
      */
     private void log(int level, String msg) {
         mLogger.log(ILogger.EV_SYSTEM, ILogger.S_LDAP, level,
-            "LdapCrlCompsMap: " + msg);
+                "LdapCrlCompsMap: " + msg);
     }
 
 }
-
diff --git a/pki/base/common/src/com/netscape/cms/publish/mappers/LdapDNCompsMap.java b/pki/base/common/src/com/netscape/cms/publish/mappers/LdapDNCompsMap.java
index a9df7dae..1d01b239 100644
--- a/pki/base/common/src/com/netscape/cms/publish/mappers/LdapDNCompsMap.java
+++ b/pki/base/common/src/com/netscape/cms/publish/mappers/LdapDNCompsMap.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.publish.mappers;
 
-
 import java.io.IOException;
 import java.util.Enumeration;
 import java.util.Locale;
@@ -46,23 +45,21 @@ import com.netscape.certsrv.ldap.ELdapServerDownException;
 import com.netscape.certsrv.logging.ILogger;
 import com.netscape.certsrv.publish.ILdapPlugin;
 
-
-/** 
- * Maps a Subject name to an entry in the LDAP server.
- * subject name to form the ldap search dn and filter.
- * Takes a optional root search dn.
- * The DN comps are used to form a LDAP entry to begin a subtree search.
- * The filter comps are used to form a search filter for the subtree.
- * If none of the DN comps matched, baseDN is used for the subtree.
- * If the baseDN is null and none of the DN comps matched, it is an error.
- * If none of the DN comps and filter comps matched, it is an error.
- * If just the filter comps is null, a base search is performed.
- *
+/**
+ * Maps a Subject name to an entry in the LDAP server. subject name to form the
+ * ldap search dn and filter. Takes a optional root search dn. The DN comps are
+ * used to form a LDAP entry to begin a subtree search. The filter comps are
+ * used to form a search filter for the subtree. If none of the DN comps
+ * matched, baseDN is used for the subtree. If the baseDN is null and none of
+ * the DN comps matched, it is an error. If none of the DN comps and filter
+ * comps matched, it is an error. If just the filter comps is null, a base
+ * search is performed.
+ * 
  * @version $Revision$, $Date$
  */
-public class LdapDNCompsMap 
-    implements ILdapPlugin, IExtendedPluginInfo {
-    //protected String mLdapAttr = null;
+public class LdapDNCompsMap
+        implements ILdapPlugin, IExtendedPluginInfo {
+    // protected String mLdapAttr = null;
     protected String mBaseDN = null;
     protected ObjectIdentifier[] mDnComps = null;
     protected ObjectIdentifier[] mFilterComps = null;
@@ -71,24 +68,24 @@ public class LdapDNCompsMap
     private boolean mInited = false;
     protected IConfigStore mConfig = null;
 
-    /** 
+    /**
      * Constructor.
-     *
-     * The DN comps are used to form a LDAP entry to begin a subtree search.
-     * The filter comps are used to form a search filter for the subtree.
-     * If none of the DN comps matched, baseDN is used for the subtree.
-     * If the baseDN is null and none of the DN comps matched, it is an error.
-     * If none of the DN comps and filter comps matched, it is an error.
-     * If just the filter comps is null, a base search is performed.
      * 
-     * @param baseDN The base DN. 
+     * The DN comps are used to form a LDAP entry to begin a subtree search. The
+     * filter comps are used to form a search filter for the subtree. If none of
+     * the DN comps matched, baseDN is used for the subtree. If the baseDN is
+     * null and none of the DN comps matched, it is an error. If none of the DN
+     * comps and filter comps matched, it is an error. If just the filter comps
+     * is null, a base search is performed.
+     * 
+     * @param baseDN The base DN.
      * @param dnComps Components to form the LDAP base dn for search.
      * @param filterComps Components to form the LDAP search filter.
      */
-    public LdapDNCompsMap(String ldapAttr, String baseDN, 
-        ObjectIdentifier[] dnComps,
-        ObjectIdentifier[] filterComps) {
-        //mLdapAttr = ldapAttr;
+    public LdapDNCompsMap(String ldapAttr, String baseDN,
+            ObjectIdentifier[] dnComps,
+            ObjectIdentifier[] filterComps) {
+        // mLdapAttr = ldapAttr;
         init(baseDN, dnComps, filterComps);
     }
 
@@ -102,17 +99,17 @@ public class LdapDNCompsMap
         return mConfig;
     }
 
-    /** 
+    /**
      * for initializing from config store.
      */
-    public void init(IConfigStore config) 
-        throws EBaseException {
+    public void init(IConfigStore config)
+            throws EBaseException {
         mConfig = config;
         String baseDN = mConfig.getString("baseDN");
-        ObjectIdentifier[] dnComps = 
-            getCompsFromString(mConfig.getString("dnComps"));
-        ObjectIdentifier[] filterComps = 
-            getCompsFromString(mConfig.getString("filterComps"));
+        ObjectIdentifier[] dnComps =
+                getCompsFromString(mConfig.getString("dnComps"));
+        ObjectIdentifier[] filterComps =
+                getCompsFromString(mConfig.getString("filterComps"));
 
         init(baseDN, dnComps, filterComps);
     }
@@ -131,12 +128,12 @@ public class LdapDNCompsMap
                 "dnComps;string;Comma-separated list of attributes to put in the DN",
                 "filterComps;string;Comma-separated list of attributes to form the filter",
                 IExtendedPluginInfo.HELP_TOKEN +
-                ";configuration-ldappublish-mapper-dncompsmapper",
+                        ";configuration-ldappublish-mapper-dncompsmapper",
                 IExtendedPluginInfo.HELP_TEXT +
-                ";More complex mapper. Used when there is not enough information " +
-                "in the cert request to form the complete LDAP DN. Using this " +
-                "plugin, you can specify additional LDAP filters to narrow down the " +
-                "search"
+                        ";More complex mapper. Used when there is not enough information " +
+                        "in the cert request to form the complete LDAP DN. Using this " +
+                        "plugin, you can specify additional LDAP filters to narrow down the " +
+                        "search"
             };
 
         return s;
@@ -163,14 +160,14 @@ public class LdapDNCompsMap
             if (mDnComps == null) {
                 v.addElement("dnComps=");
             } else {
-                v.addElement("dnComps=" + 
-                    mConfig.getString("dnComps"));
+                v.addElement("dnComps=" +
+                        mConfig.getString("dnComps"));
             }
             if (mFilterComps == null) {
                 v.addElement("filterComps=");
             } else {
-                v.addElement("filterComps=" + 
-                    mConfig.getString("filterComps"));
+                v.addElement("filterComps=" +
+                        mConfig.getString("filterComps"));
             }
         } catch (Exception e) {
         }
@@ -181,8 +178,8 @@ public class LdapDNCompsMap
      * common initialization routine.
      */
     protected void init(String baseDN, ObjectIdentifier[] dnComps,
-        ObjectIdentifier[] filterComps) {
-        if (mInited) 
+            ObjectIdentifier[] filterComps) {
+        if (mInited)
             return;
 
         mBaseDN = baseDN;
@@ -191,36 +188,34 @@ public class LdapDNCompsMap
         if (filterComps != null)
             mFilterComps = (ObjectIdentifier[]) filterComps.clone();
 
-            // log debug info.
+        // log debug info.
         for (int i = 0; i < mDnComps.length; i++) {
             CMS.debug(
-                "LdapDNCompsMap: dnComp " + X500NameAttrMap.getDefault().getName(mDnComps[i]));
+                    "LdapDNCompsMap: dnComp " + X500NameAttrMap.getDefault().getName(mDnComps[i]));
         }
         for (int i = 0; i < mFilterComps.length; i++) {
             CMS.debug("LdapDNCompsMap: filterComp " +
-                X500NameAttrMap.getDefault().getName(mFilterComps[i]));
+                    X500NameAttrMap.getDefault().getName(mFilterComps[i]));
         }
         mInited = true;
     }
 
     /**
-     * Maps a X500 subject name to LDAP entry.
-     * Uses DN components and filter components to form a DN and 
-     * filter for a LDAP search.
-     * If the formed DN is null the baseDN will be used.
-     * If the formed DN is null and baseDN is null an error is thrown.
-     * If the filter is null a base search is performed.
-     * If both are null an error is thrown.
+     * Maps a X500 subject name to LDAP entry. Uses DN components and filter
+     * components to form a DN and filter for a LDAP search. If the formed DN is
+     * null the baseDN will be used. If the formed DN is null and baseDN is null
+     * an error is thrown. If the filter is null a base search is performed. If
+     * both are null an error is thrown.
      * 
-     * @param conn	the LDAP connection.
-     * @param x500name  	the dn to map.
-     * @param obj 	the object
+     * @param conn the LDAP connection.
+     * @param x500name the dn to map.
+     * @param obj the object
      * @exception ELdapException if any LDAP exceptions occured.
      * @return the DN of the entry.
-     */ 
-    public String map(LDAPConnection conn, X500Name x500name, 
-        byte[] obj)
-        throws ELdapException {
+     */
+    public String map(LDAPConnection conn, X500Name x500name,
+            byte[] obj)
+            throws ELdapException {
         try {
             if (conn == null)
                 return null;
@@ -234,17 +229,17 @@ public class LdapDNCompsMap
             if (dn == null) {
                 // #362332
                 // if (filter == null) {
-                //	log(ILogger.LL_FAILURE, "No dn and filter formed");
-                //	throw new ELdapException(
-                //		LdapResources.NO_DN_AND_FILTER_COMPS, 
-                //		x500name.toString()); 
+                // log(ILogger.LL_FAILURE, "No dn and filter formed");
+                // throw new ELdapException(
+                // LdapResources.NO_DN_AND_FILTER_COMPS,
+                // x500name.toString());
                 // }
                 if (mBaseDN == null) {
-                    log(ILogger.LL_FAILURE, 
-                        CMS.getLogMessage("PUBLISH_NO_BASE"));
+                    log(ILogger.LL_FAILURE,
+                            CMS.getLogMessage("PUBLISH_NO_BASE"));
                     throw new ELdapException(
-                            CMS.getUserMessage("CMS_LDAP_NO_DN_COMPS_AND_BASEDN", 
-                                x500name.toString()));
+                            CMS.getUserMessage("CMS_LDAP_NO_DN_COMPS_AND_BASEDN",
+                                    x500name.toString()));
                 }
                 dn = mBaseDN;
             }
@@ -261,23 +256,23 @@ public class LdapDNCompsMap
             attrs = new String[] { LDAPv3.NO_ATTRS };
 
             log(ILogger.LL_INFO, "searching for " + dn + " " + filter + " " +
-                ((scope == LDAPv2.SCOPE_SUB) ? "sub" : "base"));
+                    ((scope == LDAPv2.SCOPE_SUB) ? "sub" : "base"));
 
-            LDAPSearchResults results = 
-                conn.search(dn, scope, filter, attrs, false);
+            LDAPSearchResults results =
+                    conn.search(dn, scope, filter, attrs, false);
             LDAPEntry entry = results.next();
 
             if (results.hasMoreElements()) {
-                log(ILogger.LL_FAILURE, 
-                    CMS.getLogMessage("PUBLISH_MORE_THAN_ONE_ENTRY", "", x500name.toString()));
-                throw new ELdapException(CMS.getUserMessage("CMS_LDAP_MORE_THAN_ONE_ENTRY", 
-                            x500name.toString())); 
+                log(ILogger.LL_FAILURE,
+                        CMS.getLogMessage("PUBLISH_MORE_THAN_ONE_ENTRY", "", x500name.toString()));
+                throw new ELdapException(CMS.getUserMessage("CMS_LDAP_MORE_THAN_ONE_ENTRY",
+                            x500name.toString()));
             }
             if (entry != null) {
                 return entry.getDN();
             } else {
-                log(ILogger.LL_FAILURE, 
-                    CMS.getLogMessage("PUBLISH_ENTRY_NOT_FOUND", "", x500name.toString()));
+                log(ILogger.LL_FAILURE,
+                        CMS.getLogMessage("PUBLISH_ENTRY_NOT_FOUND", "", x500name.toString()));
                 throw new ELdapException(CMS.getUserMessage("CMS_LDAP_NO_MATCH_FOUND",
                             "null entry"));
             }
@@ -286,11 +281,11 @@ public class LdapDNCompsMap
                 // need to intercept this because message from LDAP is
                 // "DSA is unavailable" which confuses with DSA PKI.
                 log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("PUBLISH_NO_LDAP_SERVER"));
+                        CMS.getLogMessage("PUBLISH_NO_LDAP_SERVER"));
                 throw new ELdapServerDownException(CMS.getUserMessage("CMS_LDAP_SERVER_UNAVAILABLE", conn.getHost(), "" + conn.getPort()));
             } else {
-                log(ILogger.LL_FAILURE, 
-                    CMS.getLogMessage("PUBLISH_DN_MAP_EXCEPTION", "LDAPException", e.toString()));
+                log(ILogger.LL_FAILURE,
+                        CMS.getLogMessage("PUBLISH_DN_MAP_EXCEPTION", "LDAPException", e.toString()));
                 throw new ELdapException(CMS.getUserMessage("CMS_LDAP_NO_MATCH_FOUND", e.toString()));
             }
         }
@@ -298,15 +293,16 @@ public class LdapDNCompsMap
 
     private void log(int level, String msg) {
         mLogger.log(ILogger.EV_SYSTEM, ILogger.S_LDAP, level,
-            "LdapDNCompsMap: " + msg);
+                "LdapDNCompsMap: " + msg);
     }
 
     /**
      * form a dn and filter from component in the cert subject name
+     * 
      * @param subjName subject name
      */
     public String[] formDNandFilter(X500Name subjName)
-        throws ELdapException {
+            throws ELdapException {
         Vector<RDN> dnRdns = new Vector<RDN>();
         SearchFilter filter = new SearchFilter();
         X500NameAttrMap attrMap = X500NameAttrMap.getDefault();
@@ -328,16 +324,16 @@ public class LdapDNCompsMap
                             DerValue val = ava.getValue();
                             AVA newAVA = new AVA(mailOid, val);
                             RDN newRDN = new RDN(new AVA[] { newAVA }
-                                );
+                                    );
 
-                            CMS.debug( 
-                                "LdapDNCompsMap: Converted " + rdn.toLdapDNString() + " to " +
-                                newRDN.toLdapDNString() + " in DN");
+                            CMS.debug(
+                                    "LdapDNCompsMap: Converted " + rdn.toLdapDNString() + " to " +
+                                            newRDN.toLdapDNString() + " in DN");
                             rdn = newRDN;
                         }
                         dnRdns.addElement(rdn);
                         CMS.debug(
-                            "LdapDNCompsMap: adding dn comp " + rdn.toLdapDNString());
+                                "LdapDNCompsMap: adding dn comp " + rdn.toLdapDNString());
                         break;
                     }
                 }
@@ -348,29 +344,29 @@ public class LdapDNCompsMap
                             AVA newAVA = new AVA(mailOid, val);
 
                             CMS.debug(
-                                "LdapDNCompsMap: Converted " + ava.toLdapDNString() + " to " +
-                                newAVA.toLdapDNString() + " in filter");
+                                    "LdapDNCompsMap: Converted " + ava.toLdapDNString() + " to " +
+                                            newAVA.toLdapDNString() + " in filter");
                             ava = newAVA;
                         }
                         filter.addElement(ava.toLdapDNString());
                         CMS.debug(
-                            "LdapDNCompsMap: adding filter comp " + ava.toLdapDNString());
+                                "LdapDNCompsMap: adding filter comp " + ava.toLdapDNString());
                         break;
                     }
                 }
 
-                // XXX should be an error when string is null? 
+                // XXX should be an error when string is null?
                 // return to caller to decide.
                 if (dnRdns.size() != 0) {
                     dnStr = new X500Name(dnRdns).toLdapDNString();
-                } 
+                }
                 if (filter.size() != 0) {
                     filterStr = filter.toFilterString();
                 }
             }
         } catch (IOException e) {
-            log(ILogger.LL_FAILURE, 
-                CMS.getLogMessage("PUBLISH_FROM_SUBJ_TO_DN", e.toString()));
+            log(ILogger.LL_FAILURE,
+                    CMS.getLogMessage("PUBLISH_FROM_SUBJ_TO_DN", e.toString()));
             throw new ELdapException(CMS.getUserMessage("CMS_LDAP_FORM_DN_COMPS_FAILED", e.toString()));
         }
 
@@ -386,12 +382,13 @@ public class LdapDNCompsMap
     }
 
     /**
-     * class for forming search filters for ldap searching from 
-     * name=value components. components are anded.
+     * class for forming search filters for ldap searching from name=value
+     * components. components are anded.
      */
 
     public static class SearchFilter extends Vector<Object> {
         private static final long serialVersionUID = 4210302171279891828L;
+
         public String toFilterString() {
             StringBuffer buf = new StringBuffer();
 
@@ -412,21 +409,22 @@ public class LdapDNCompsMap
     }
 
     /**
-     * useful routine for parsing components given as string to 
-     * arrays of objectidentifiers. 
-     * The string is expected to be comma separated AVA attribute names. 
-     * For example, "uid,cn,o,ou". Attribute names are case insensitive.
+     * useful routine for parsing components given as string to arrays of
+     * objectidentifiers. The string is expected to be comma separated AVA
+     * attribute names. For example, "uid,cn,o,ou". Attribute names are case
+     * insensitive.
+     * 
      * @param val the string specifying the comps
      * @exception ELdapException if any error occurs.
      */
     public static ObjectIdentifier[] getCompsFromString(String val)
-        throws ELdapException {
+            throws ELdapException {
         StringTokenizer tokens;
         ObjectIdentifier[] comps;
         String attr;
         ObjectIdentifier oid;
 
-        if (val == null || val.length() == 0) 
+        if (val == null || val.length() == 0)
             return new ObjectIdentifier[0];
 
         tokens = new StringTokenizer(val, ", \t\n\r");
@@ -439,7 +437,7 @@ public class LdapDNCompsMap
         while (tokens.hasMoreTokens()) {
             attr = tokens.nextToken().trim();
             // mail -> E hack to look for E in subject names.
-            if (attr.equalsIgnoreCase("mail")) 
+            if (attr.equalsIgnoreCase("mail"))
                 attr = "E";
             oid = X500NameAttrMap.getDefault().getOid(attr);
             if (oid != null) {
@@ -453,4 +451,3 @@ public class LdapDNCompsMap
     }
 
 }
-
diff --git a/pki/base/common/src/com/netscape/cms/publish/mappers/LdapEnhancedMap.java b/pki/base/common/src/com/netscape/cms/publish/mappers/LdapEnhancedMap.java
index e3c2fa1b..c47a3647 100644
--- a/pki/base/common/src/com/netscape/cms/publish/mappers/LdapEnhancedMap.java
+++ b/pki/base/common/src/com/netscape/cms/publish/mappers/LdapEnhancedMap.java
@@ -20,7 +20,6 @@
 
 package com.netscape.cms.publish.mappers;
 
-
 ///////////////////////
 // import statements //
 ///////////////////////
@@ -56,38 +55,30 @@ import com.netscape.certsrv.logging.ILogger;
 import com.netscape.certsrv.publish.ILdapMapper;
 import com.netscape.certsrv.request.IRequest;
 
-
 //////////////////////
 // class definition //
 //////////////////////
 
-/** 
- * Maps a request to an entry in the LDAP server.
- * Takes a dnPattern to form the baseDN from the
- * request attributes and certificate subject name.
- * Does a base search for the entry in the directory
- * to publish the cert or crl.  The restriction of
- * this mapper is that the ldap dn components must
- * be part of certificate subject name or request
- * attributes or constant.  The difference of this
- * mapper and LdapSimpleMap is that if the  ldap
- * entry is not found, it has the option to create
- * the ldap entry given the dn and attributes
- * formulated.
- *
+/**
+ * Maps a request to an entry in the LDAP server. Takes a dnPattern to form the
+ * baseDN from the request attributes and certificate subject name. Does a base
+ * search for the entry in the directory to publish the cert or crl. The
+ * restriction of this mapper is that the ldap dn components must be part of
+ * certificate subject name or request attributes or constant. The difference of
+ * this mapper and LdapSimpleMap is that if the ldap entry is not found, it has
+ * the option to create the ldap entry given the dn and attributes formulated.
+ * 
  * @version $Revision$, $Date$
  */
 public class LdapEnhancedMap
-    implements ILdapMapper, IExtendedPluginInfo {
-    ////////////////////////
+        implements ILdapMapper, IExtendedPluginInfo {
+    // //////////////////////
     // default parameters //
-    ////////////////////////
-
+    // //////////////////////
 
-
-    //////////////////////////////////////
+    // ////////////////////////////////////
     // local LdapEnhancedMap parameters //
-    //////////////////////////////////////
+    // ////////////////////////////////////
 
     private boolean mInited = false;
 
@@ -102,14 +93,14 @@ public class LdapEnhancedMap
 
     protected String[] mLdapValues = null;
 
-    ////////////////////////////
+    // //////////////////////////
     // ILdapMapper parameters //
-    ////////////////////////////
+    // //////////////////////////
 
     /* mapper plug-in fields */
-    protected static final String PROP_DNPATTERN = "dnPattern";  
+    protected static final String PROP_DNPATTERN = "dnPattern";
     protected static final String PROP_CREATE = "createEntry";
-    // the object class of the entry to be created. xxxx not done yet  
+    // the object class of the entry to be created. xxxx not done yet
     protected static final String PROP_OBJCLASS = "objectClass";
     // req/cert/ext attribute --> directory attribute table
     protected static final String PROP_ATTRNUM = "attrNum";
@@ -119,10 +110,10 @@ public class LdapEnhancedMap
     /* mapper plug-in fields initialization values */
     private static final int DEFAULT_NUM_ATTRS = 1;
 
-    /* Holds mapper plug-in fields accepted by this implementation.
-     * This list is passed to the configuration console so configuration
-     * for instances of this implementation can be configured through the
-     * console.
+    /*
+     * Holds mapper plug-in fields accepted by this implementation. This list is
+     * passed to the configuration console so configuration for instances of
+     * this implementation can be configured through the console.
      */
     private static Vector<String> defaultParams = new Vector<String>();
 
@@ -145,9 +136,9 @@ public class LdapEnhancedMap
 
     /* miscellaneous constants local to this mapper plug-in */
     // default dn pattern if left blank or not set in the config
-    public static final String DEFAULT_DNPATTERN = 
-        "UID=$req.HTTP_PARAMS.UID, " +
-        "OU=people, O=$subj.o, C=$subj.c";
+    public static final String DEFAULT_DNPATTERN =
+            "UID=$req.HTTP_PARAMS.UID, " +
+                    "OU=people, O=$subj.o, C=$subj.c";
     private static final int MAX_ATTRS = 10;
     protected static final int DEFAULT_ATTRNUM = 1;
 
@@ -155,21 +146,19 @@ public class LdapEnhancedMap
     protected IConfigStore mConfig = null;
     protected AVAPattern[] mPatterns = null;
 
-    ////////////////////////////////////
+    // //////////////////////////////////
     // IExtendedPluginInfo parameters //
-    ////////////////////////////////////
-
-
+    // //////////////////////////////////
 
-    ///////////////////////
+    // /////////////////////
     // Logger parameters //
-    ///////////////////////
+    // /////////////////////
 
     private ILogger mLogger = CMS.getLogger();
 
-    /////////////////////
+    // ///////////////////
     // default methods //
-    /////////////////////
+    // ///////////////////
 
     /**
      * Default constructor, initialization must follow.
@@ -177,22 +166,22 @@ public class LdapEnhancedMap
     public LdapEnhancedMap() {
     }
 
-    ///////////////////////////////////
+    // /////////////////////////////////
     // local LdapEnhancedMap methods //
-    ///////////////////////////////////
+    // /////////////////////////////////
 
     /**
      * common initialization routine.
      */
     protected void init(String dnPattern)
-        throws EBaseException {
+            throws EBaseException {
         if (mInited) {
             return;
         }
 
         mDnPattern = dnPattern;
         if (mDnPattern == null ||
-            mDnPattern.length() == 0) {
+                mDnPattern.length() == 0) {
             mDnPattern = DEFAULT_DNPATTERN;
         }
 
@@ -202,11 +191,11 @@ public class LdapEnhancedMap
             String[] mCertAttrs = mPattern.getCertAttrs();
         } catch (ELdapException e) {
             log(ILogger.LL_FAILURE,
-                CMS.getLogMessage("PUBLISH_DN_PATTERN_INIT",
-                    dnPattern, e.toString()));
+                    CMS.getLogMessage("PUBLISH_DN_PATTERN_INIT",
+                            dnPattern, e.toString()));
             throw new EBaseException(
-                    "falied to init with pattern " + 
-                    dnPattern + " " + e);
+                    "falied to init with pattern " +
+                            dnPattern + " " + e);
         }
 
         mInited = true;
@@ -214,43 +203,44 @@ public class LdapEnhancedMap
 
     /**
      * form a dn from component in the request and cert subject name
+     * 
      * @param req The request
      * @param obj The certificate or crl
      */
     private String formDN(IRequest req, Object obj)
-        throws EBaseException {
+            throws EBaseException {
         CertificateExtensions certExt = null;
         X500Name subjectDN = null;
 
         try {
             X509Certificate cert = (X509Certificate) obj;
 
-            subjectDN = 
+            subjectDN =
                     (X500Name) ((X509Certificate) cert).getSubjectDN();
             CMS.debug(
-                "LdapEnhancedMap: cert subject dn:" +
-                subjectDN.toString());
+                    "LdapEnhancedMap: cert subject dn:" +
+                            subjectDN.toString());
 
-            //certExt = (CertificateExtensions)
-            //          ((X509CertImpl)cert).get(
-            //              X509CertInfo.EXTENSIONS);
+            // certExt = (CertificateExtensions)
+            // ((X509CertImpl)cert).get(
+            // X509CertInfo.EXTENSIONS);
             X509CertInfo info = (X509CertInfo)
-                ((X509CertImpl) cert).get(
-                    X509CertImpl.NAME +
-                    "." +
-                    X509CertImpl.INFO);
+                    ((X509CertImpl) cert).get(
+                            X509CertImpl.NAME +
+                                    "." +
+                                    X509CertImpl.INFO);
 
             certExt = (CertificateExtensions)
                     info.get(CertificateExtensions.NAME);
         } catch (java.security.cert.CertificateParsingException e) {
             log(ILogger.LL_FAILURE,
-                CMS.getLogMessage("PUBLISH_CANT_GET_EXT", e.toString()));
+                    CMS.getLogMessage("PUBLISH_CANT_GET_EXT", e.toString()));
         } catch (IOException e) {
             log(ILogger.LL_FAILURE,
-                CMS.getLogMessage("PUBLISH_CANT_GET_EXT", e.toString()));
+                    CMS.getLogMessage("PUBLISH_CANT_GET_EXT", e.toString()));
         } catch (java.security.cert.CertificateException e) {
             log(ILogger.LL_FAILURE,
-                CMS.getLogMessage("PUBLISH_CANT_GET_EXT", e.toString()));
+                    CMS.getLogMessage("PUBLISH_CANT_GET_EXT", e.toString()));
         } catch (ClassCastException e) {
 
             try {
@@ -260,14 +250,14 @@ public class LdapEnhancedMap
                         ((X509CRLImpl) crl).getIssuerDN();
 
                 CMS.debug(
-                    "LdapEnhancedMap: crl issuer dn: " +
+                        "LdapEnhancedMap: crl issuer dn: " +
 
-                    subjectDN.toString());
+                        subjectDN.toString());
             } catch (ClassCastException ex) {
                 log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("PUBLISH_PUBLISH_OBJ_NOT_SUPPORTED",
-                        ((req == null) ? ""
-                            : req.getRequestId().toString())));
+                        CMS.getLogMessage("PUBLISH_PUBLISH_OBJ_NOT_SUPPORTED",
+                                ((req == null) ? ""
+                                        : req.getRequestId().toString())));
                 return null;
             }
         }
@@ -289,26 +279,26 @@ public class LdapEnhancedMap
             return dn;
         } catch (ELdapException e) {
             log(ILogger.LL_FAILURE,
-                CMS.getLogMessage("PUBLISH_CANT_FORM_DN",
-                    ((req == null) ? ""
-                        : req.getRequestId().toString()), e.toString()));
+                    CMS.getLogMessage("PUBLISH_CANT_FORM_DN",
+                            ((req == null) ? ""
+                                    : req.getRequestId().toString()), e.toString()));
 
             throw new EBaseException(
                     "failed to form dn for request: " +
-                    ((req == null) ? ""
-                        : req.getRequestId().toString()) +
-                    " " + e);
+                            ((req == null) ? ""
+                                    : req.getRequestId().toString()) +
+                            " " + e);
         }
     }
 
     private void createEntry(LDAPConnection conn, String dn)
-        throws LDAPException {
+            throws LDAPException {
         LDAPAttributeSet attrs = new LDAPAttributeSet();
 
         // OID 2.5.6.16
-        String caOc[] = { "top", 
-                "person", 
-                "organizationalPerson", 
+        String caOc[] = { "top",
+                "person",
+                "organizationalPerson",
                 "inetOrgPerson" };
 
         DN dnobj = new DN(dn);
@@ -319,10 +309,10 @@ public class LdapEnhancedMap
         attrs.add(new LDAPAttribute("objectclass", caOc));
 
         for (int i = 0; i < mNumAttrs; i++) {
-            if (mLdapNames[i] != null && 
-                !mLdapNames[i].trim().equals("") &&
-                mLdapValues[i] != null &&
-                !mLdapValues[i].trim().equals("")) {
+            if (mLdapNames[i] != null &&
+                    !mLdapNames[i].trim().equals("") &&
+                    mLdapValues[i] != null &&
+                    !mLdapValues[i].trim().equals("")) {
                 attrs.add(new LDAPAttribute(mLdapNames[i],
                         mLdapValues[i]));
             }
@@ -333,18 +323,17 @@ public class LdapEnhancedMap
         conn.add(entry);
     }
 
-    /////////////////////////
+    // ///////////////////////
     // ILdapMapper methods //
-    /////////////////////////
+    // ///////////////////////
 
-    /** 
+    /**
      * for initializing from config store.
-     *
-     * implementation for extended
-     * ILdapPlugin interface method
+     * 
+     * implementation for extended ILdapPlugin interface method
      */
-    public void init(IConfigStore config) 
-        throws EBaseException {
+    public void init(IConfigStore config)
+            throws EBaseException {
         mConfig = config;
 
         mDnPattern = mConfig.getString(PROP_DNPATTERN,
@@ -364,16 +353,16 @@ public class LdapEnhancedMap
         for (int i = 0; i < mNumAttrs; i++) {
             mLdapNames[i] =
                     mConfig.getString(PROP_ATTR_NAME +
-                        Integer.toString(i),
-                        "");
+                            Integer.toString(i),
+                            "");
 
             mLdapPatterns[i] =
                     mConfig.getString(PROP_ATTR_PATTERN +
-                        Integer.toString(i),
-                        "");
+                            Integer.toString(i),
+                            "");
 
             if (mLdapPatterns[i] != null &&
-                !mLdapPatterns[i].trim().equals("")) {
+                    !mLdapPatterns[i].trim().equals("")) {
                 mPatterns[i] = new AVAPattern(mLdapPatterns[i]);
             }
         }
@@ -381,9 +370,8 @@ public class LdapEnhancedMap
         init(mDnPattern);
     }
 
-    /** 
-     * implementation for extended
-     * ILdapPlugin interface method
+    /**
+     * implementation for extended ILdapPlugin interface method
      */
     public IConfigStore getConfigStore() {
         return mConfig;
@@ -407,34 +395,34 @@ public class LdapEnhancedMap
         try {
             if (mDnPattern == null) {
                 v.addElement(PROP_DNPATTERN + "=");
-            }else {
+            } else {
                 v.addElement(PROP_DNPATTERN + "=" +
-                    mConfig.getString(PROP_DNPATTERN));
+                        mConfig.getString(PROP_DNPATTERN));
             }
 
             v.addElement(PROP_CREATE + "=" +
-                mConfig.getBoolean(PROP_CREATE,
-                    true));
+                    mConfig.getBoolean(PROP_CREATE,
+                            true));
 
             v.addElement(PROP_ATTRNUM + "=" +
-                mConfig.getInteger(PROP_ATTRNUM,
-                    DEFAULT_NUM_ATTRS));
+                    mConfig.getInteger(PROP_ATTRNUM,
+                            DEFAULT_NUM_ATTRS));
 
             for (int i = 0; i < mNumAttrs; i++) {
                 if (mLdapNames[i] != null) {
                     v.addElement(PROP_ATTR_NAME + i +
-                        "=" + mLdapNames[i]);
+                            "=" + mLdapNames[i]);
                 } else {
                     v.addElement(PROP_ATTR_NAME + i +
-                        "=");
+                            "=");
                 }
 
                 if (mLdapPatterns[i] != null) {
                     v.addElement(PROP_ATTR_PATTERN + i +
-                        "=" + mLdapPatterns[i]);
+                            "=" + mLdapPatterns[i]);
                 } else {
                     v.addElement(PROP_ATTR_PATTERN + i +
-                        "=");
+                            "=");
                 }
             }
         } catch (Exception e) {
@@ -444,29 +432,29 @@ public class LdapEnhancedMap
     }
 
     /**
-     * Maps an X500 subject name to an LDAP entry.
-     * Uses DN pattern to form a DN for an LDAP base search.
+     * Maps an X500 subject name to an LDAP entry. Uses DN pattern to form a DN
+     * for an LDAP base search.
      * 
-     * @param     conn            the LDAP connection.
-     * @param     obj             the object to map.
-     * @exception ELdapException  if any LDAP exceptions occurred.
-     */ 
+     * @param conn the LDAP connection.
+     * @param obj the object to map.
+     * @exception ELdapException if any LDAP exceptions occurred.
+     */
     public String map(LDAPConnection conn, Object obj)
-        throws ELdapException {
+            throws ELdapException {
         return map(conn, null, obj);
     }
 
     /**
-     * Maps an X500 subject name to an LDAP entry.
-     * Uses DN pattern to form a DN for an LDAP base search.
+     * Maps an X500 subject name to an LDAP entry. Uses DN pattern to form a DN
+     * for an LDAP base search.
      * 
-     * @param     conn            the LDAP connection.
-     * @param     req             the request to map.
-     * @param     obj             the object to map.
-     * @exception ELdapException  if any LDAP exceptions occurred.
-     */ 
+     * @param conn the LDAP connection.
+     * @param req the request to map.
+     * @param obj the object to map.
+     * @exception ELdapException if any LDAP exceptions occurred.
+     */
     public String map(LDAPConnection conn, IRequest req, Object obj)
-        throws ELdapException {
+            throws ELdapException {
         if (conn == null) {
             return null;
         }
@@ -477,7 +465,7 @@ public class LdapEnhancedMap
             dn = formDN(req, obj);
             if (dn == null) {
                 log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("PUBLISH_DN_NOT_FORMED"));
+                        CMS.getLogMessage("PUBLISH_DN_NOT_FORMED"));
 
                 String s1 = "";
 
@@ -494,9 +482,9 @@ public class LdapEnhancedMap
             String[] attrs = new String[] { LDAPv3.NO_ATTRS };
 
             log(ILogger.LL_INFO,
-                "searching for dn: " +
-                dn + " filter:" +
-                filter + " scope: base");
+                    "searching for dn: " +
+                            dn + " filter:" +
+                            filter + " scope: base");
 
             LDAPSearchResults results = conn.search(dn,
                     scope,
@@ -508,27 +496,27 @@ public class LdapEnhancedMap
 
             if (results.hasMoreElements()) {
                 log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("PUBLISH_MORE_THAN_ONE_ENTRY",
-                        dn + 
-                        ((req == null) ? ""
-                            : req.getRequestId().toString()))); 
+                        CMS.getLogMessage("PUBLISH_MORE_THAN_ONE_ENTRY",
+                                dn +
+                                        ((req == null) ? ""
+                                                : req.getRequestId().toString())));
 
                 throw new ELdapException(
-                        CMS.getUserMessage("CMS_LDAP_MORE_THAN_ONE_ENTRY", 
-                            ((req == null) ? ""
-                                : req.getRequestId().toString()))); 
+                        CMS.getUserMessage("CMS_LDAP_MORE_THAN_ONE_ENTRY",
+                                ((req == null) ? ""
+                                        : req.getRequestId().toString())));
             }
 
             if (entry != null) {
                 return entry.getDN();
             } else {
-                log(ILogger.LL_FAILURE, 
-                    CMS.getLogMessage("PUBLISH_ENTRY_NOT_FOUND",
-                        dn +
-                        ((req == null) ? ""
-                            : req.getRequestId().toString())));
+                log(ILogger.LL_FAILURE,
+                        CMS.getLogMessage("PUBLISH_ENTRY_NOT_FOUND",
+                                dn +
+                                        ((req == null) ? ""
+                                                : req.getRequestId().toString())));
 
-                throw new ELdapException(CMS.getUserMessage("CMS_LDAP_NO_MATCH_FOUND", 
+                throw new ELdapException(CMS.getUserMessage("CMS_LDAP_NO_MATCH_FOUND",
                             "null entry"));
             }
         } catch (LDAPException e) {
@@ -536,112 +524,111 @@ public class LdapEnhancedMap
                 // need to intercept this because message from LDAP is
                 // "DSA is unavailable" which confuses with DSA PKI.
                 log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("PUBLISH_NO_LDAP_SERVER"));
+                        CMS.getLogMessage("PUBLISH_NO_LDAP_SERVER"));
 
                 throw new ELdapServerDownException(CMS.getUserMessage("CMS_LDAP_SERVER_UNAVAILABLE", conn.getHost(), "" + conn.getPort()));
             } else if (e.getLDAPResultCode() ==
-                LDAPException.NO_SUCH_OBJECT && mCreateEntry) {
+                    LDAPException.NO_SUCH_OBJECT && mCreateEntry) {
 
                 try {
                     createEntry(conn, dn);
 
                     log(ILogger.LL_INFO,
-                        "Entry " +
-                        dn +
-                        " Created");
+                            "Entry " +
+                                    dn +
+                                    " Created");
 
                     return dn;
                 } catch (LDAPException e1) {
                     log(ILogger.LL_FAILURE,
-                        CMS.getLogMessage("PUBLISH_DN_MAP_EXCEPTION",
-                            dn,
-                            e.toString()));
+                            CMS.getLogMessage("PUBLISH_DN_MAP_EXCEPTION",
+                                    dn,
+                                    e.toString()));
 
                     log(ILogger.LL_FAILURE,
-                        "Entry is not created. " +
-                        "This may because there are " +
-                        "entries in the directory " +
-                        "hierachy not exit.");
+                            "Entry is not created. " +
+                                    "This may because there are " +
+                                    "entries in the directory " +
+                                    "hierachy not exit.");
 
                     throw new ELdapException(
                             CMS.getUserMessage("CMS_LDAP_CREATE_ENTRY", dn));
                 }
             } else {
                 log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("PUBLISH_DN_MAP_EXCEPTION",
-                        dn,
-                        e.toString()));
+                        CMS.getLogMessage("PUBLISH_DN_MAP_EXCEPTION",
+                                dn,
+                                e.toString()));
 
                 throw new ELdapException(CMS.getUserMessage("CMS_LDAP_NO_MATCH_FOUND", e.toString()));
             }
         } catch (EBaseException e) {
             log(ILogger.LL_FAILURE,
-                CMS.getLogMessage("PUBLISH_EXCEPTION_CAUGHT",
-                    e.toString()));
+                    CMS.getLogMessage("PUBLISH_EXCEPTION_CAUGHT",
+                            e.toString()));
 
             throw new ELdapException(CMS.getUserMessage("CMS_LDAP_NO_MATCH_FOUND", e.toString()));
         }
     }
 
-    /////////////////////////////////
+    // ///////////////////////////////
     // IExtendedPluginInfo methods //
-    /////////////////////////////////
+    // ///////////////////////////////
 
     public String[] getExtendedPluginInfo(Locale locale) {
         Vector<String> v = new Vector<String>();
 
         v.addElement(PROP_DNPATTERN +
-            ";string;Describes how to form the Ldap " +
-            "Subject name in the directory.  " +
-            "Example 1:  'uid=CertMgr, o=Fedora'.  " +
-            "Example 2:  'uid=$req.HTTP_PARAMS.uid, " +
-            "E=$ext.SubjectAlternativeName.RFC822Name, " +
-            "ou=$subj.ou'. " + 
-            "$req means: take the attribute from the " +
-            "request. " + 
-            "$subj means: take the attribute from the " +
-            "certificate subject name. " + 
-            "$ext means: take the attribute from the " +
-            "certificate extension");
+                ";string;Describes how to form the Ldap " +
+                "Subject name in the directory.  " +
+                "Example 1:  'uid=CertMgr, o=Fedora'.  " +
+                "Example 2:  'uid=$req.HTTP_PARAMS.uid, " +
+                "E=$ext.SubjectAlternativeName.RFC822Name, " +
+                "ou=$subj.ou'. " +
+                "$req means: take the attribute from the " +
+                "request. " +
+                "$subj means: take the attribute from the " +
+                "certificate subject name. " +
+                "$ext means: take the attribute from the " +
+                "certificate extension");
         v.addElement(PROP_CREATE +
-            ";boolean;If checked, An entry will be " +
-            "created automatically");
+                ";boolean;If checked, An entry will be " +
+                "created automatically");
         v.addElement(PROP_ATTRNUM +
-            ";string;How many attributes to add.");
+                ";string;How many attributes to add.");
         v.addElement(IExtendedPluginInfo.HELP_TOKEN +
-            ";configuration-ldappublish-mapper-enhancedmapper");
+                ";configuration-ldappublish-mapper-enhancedmapper");
         v.addElement(IExtendedPluginInfo.HELP_TEXT +
-            ";Describes how to form the LDAP DN of the " +
-            "entry to publish to");
+                ";Describes how to form the LDAP DN of the " +
+                "entry to publish to");
 
         for (int i = 0; i < MAX_ATTRS; i++) {
             v.addElement(PROP_ATTR_NAME +
-                Integer.toString(i) +
-                ";string;" +
-                "The name of LDAP attribute " +
-                "to be added. e.g. mail");
+                    Integer.toString(i) +
+                    ";string;" +
+                    "The name of LDAP attribute " +
+                    "to be added. e.g. mail");
             v.addElement(PROP_ATTR_PATTERN +
-                Integer.toString(i) +
-                ";string;" +
-                "How to create the LDAP attribute value. " +
-                "e.g. $req.HTTP_PARAMS.csrRequestorEmail, " +
-                "$subj.E or " +
-                "$ext.SubjectAlternativeName.RFC822Name");
+                    Integer.toString(i) +
+                    ";string;" +
+                    "How to create the LDAP attribute value. " +
+                    "e.g. $req.HTTP_PARAMS.csrRequestorEmail, " +
+                    "$subj.E or " +
+                    "$ext.SubjectAlternativeName.RFC822Name");
         }
 
         String params[] =
-            com.netscape.cmsutil.util.Utils.getStringArrayFromVector(v);
+                com.netscape.cmsutil.util.Utils.getStringArrayFromVector(v);
 
         return params;
     }
 
-    ////////////////////
+    // //////////////////
     // Logger methods //
-    ////////////////////
+    // //////////////////
 
     private void log(int level, String msg) {
         mLogger.log(ILogger.EV_SYSTEM, ILogger.S_LDAP, level,
-            "LdapEnhancedMapper: " + msg);
+                "LdapEnhancedMapper: " + msg);
     }
 }
-
diff --git a/pki/base/common/src/com/netscape/cms/publish/mappers/LdapSimpleMap.java b/pki/base/common/src/com/netscape/cms/publish/mappers/LdapSimpleMap.java
index 192b1d30..0ac56781 100644
--- a/pki/base/common/src/com/netscape/cms/publish/mappers/LdapSimpleMap.java
+++ b/pki/base/common/src/com/netscape/cms/publish/mappers/LdapSimpleMap.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.publish.mappers;
 
-
 import java.io.IOException;
 import java.security.cert.X509Certificate;
 import java.util.Locale;
@@ -45,19 +44,17 @@ import com.netscape.certsrv.logging.ILogger;
 import com.netscape.certsrv.publish.ILdapMapper;
 import com.netscape.certsrv.request.IRequest;
 
-
-/** 
- * Maps a request to an entry in the LDAP server.
- * Takes a dnPattern to form the baseDN from the request attributes
- * and certificate subject name.Do a base search for the entry 
- * in the directory to publish the cert or crl.
- * The restriction of this mapper is that the ldap dn components must
- * be part of certificate subject name or request attributes or constant.
- *
+/**
+ * Maps a request to an entry in the LDAP server. Takes a dnPattern to form the
+ * baseDN from the request attributes and certificate subject name.Do a base
+ * search for the entry in the directory to publish the cert or crl. The
+ * restriction of this mapper is that the ldap dn components must be part of
+ * certificate subject name or request attributes or constant.
+ * 
  * @version $Revision$, $Date$
  */
 public class LdapSimpleMap implements ILdapMapper, IExtendedPluginInfo {
-    protected static final String PROP_DNPATTERN = "dnPattern";  
+    protected static final String PROP_DNPATTERN = "dnPattern";
     protected String mDnPattern = null;
 
     private ILogger mLogger = CMS.getLogger();
@@ -67,20 +64,20 @@ public class LdapSimpleMap implements ILdapMapper, IExtendedPluginInfo {
     /* the subject DN pattern */
     protected MapDNPattern mPattern = null;
 
-    /* the list of request attriubutes to retrieve*/
+    /* the list of request attriubutes to retrieve */
     protected String[] mReqAttrs = null;
 
-    /* the list of cert attriubutes to retrieve*/
+    /* the list of cert attriubutes to retrieve */
     protected String[] mCertAttrs = null;
 
     /* default dn pattern if left blank or not set in the config */
-    public static final String DEFAULT_DNPATTERN = 
-        "UID=$req.HTTP_PARAMS.UID,  OU=people, O=$subj.o, C=$subj.c";
+    public static final String DEFAULT_DNPATTERN =
+            "UID=$req.HTTP_PARAMS.UID,  OU=people, O=$subj.o, C=$subj.c";
 
-    /** 
+    /**
      * Constructor.
-     *
-     * @param dnPattern The base DN. 
+     * 
+     * @param dnPattern The base DN.
      */
     public LdapSimpleMap(String dnPattern) {
         try {
@@ -88,7 +85,7 @@ public class LdapSimpleMap implements ILdapMapper, IExtendedPluginInfo {
         } catch (EBaseException e) {
             log(ILogger.LL_FAILURE, CMS.getLogMessage("OPERATION_ERROR", e.toString()));
         }
-		
+
     }
 
     /**
@@ -100,11 +97,11 @@ public class LdapSimpleMap implements ILdapMapper, IExtendedPluginInfo {
     public String[] getExtendedPluginInfo(Locale locale) {
         String params[] = {
                 "dnPattern;string;Describes how to form the Ldap Subject name in" +
-                " the directory.  Example 1:  'uid=CertMgr, o=Fedora'.  Example 2:" +
-                " 'uid=$req.HTTP_PARAMS.uid, E=$ext.SubjectAlternativeName.RFC822Name, ou=$subj.ou'. " + 
-                "$req means: take the attribute from the request. " + 
-                "$subj means: take the attribute from the certificate subject name. " + 
-                "$ext means: take the attribute from the certificate extension",
+                        " the directory.  Example 1:  'uid=CertMgr, o=Fedora'.  Example 2:" +
+                        " 'uid=$req.HTTP_PARAMS.uid, E=$ext.SubjectAlternativeName.RFC822Name, ou=$subj.ou'. " +
+                        "$req means: take the attribute from the request. " +
+                        "$subj means: take the attribute from the certificate subject name. " +
+                        "$ext means: take the attribute from the certificate extension",
                 IExtendedPluginInfo.HELP_TOKEN + ";configuration-ldappublish-mapper-simplemapper",
                 IExtendedPluginInfo.HELP_TEXT + ";Describes how to form the LDAP DN of the entry to publish to"
             };
@@ -116,11 +113,11 @@ public class LdapSimpleMap implements ILdapMapper, IExtendedPluginInfo {
         return mConfig;
     }
 
-    /** 
+    /**
      * for initializing from config store.
      */
-    public void init(IConfigStore config) 
-        throws EBaseException {
+    public void init(IConfigStore config)
+            throws EBaseException {
         mConfig = config;
         String dnPattern = mConfig.getString(PROP_DNPATTERN);
 
@@ -131,12 +128,12 @@ public class LdapSimpleMap implements ILdapMapper, IExtendedPluginInfo {
      * common initialization routine.
      */
     protected void init(String dnPattern)
-        throws EBaseException {
-        if (mInited) 
+            throws EBaseException {
+        if (mInited)
             return;
 
         mDnPattern = dnPattern;
-        if (mDnPattern == null || mDnPattern.length() == 0) 
+        if (mDnPattern == null || mDnPattern.length() == 0)
             mDnPattern = DEFAULT_DNPATTERN;
         try {
             mPattern = new MapDNPattern(mDnPattern);
@@ -145,7 +142,7 @@ public class LdapSimpleMap implements ILdapMapper, IExtendedPluginInfo {
         } catch (ELdapException e) {
             log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_DN_PATTERN_INIT",
                     dnPattern, e.toString()));
-            throw new EBaseException("falied to init with pattern " + 
+            throw new EBaseException("falied to init with pattern " +
                     dnPattern + " " + e);
         }
 
@@ -153,29 +150,29 @@ public class LdapSimpleMap implements ILdapMapper, IExtendedPluginInfo {
     }
 
     /**
-     * Maps a X500 subject name to LDAP entry.
-     * Uses DN pattern to form a DN for a LDAP base search.
+     * Maps a X500 subject name to LDAP entry. Uses DN pattern to form a DN for
+     * a LDAP base search.
      * 
-     * @param conn	the LDAP connection.
-     * @param obj   the object to map.
+     * @param conn the LDAP connection.
+     * @param obj the object to map.
      * @exception ELdapException if any LDAP exceptions occured.
-     */ 
+     */
     public String map(LDAPConnection conn, Object obj)
-        throws ELdapException {
+            throws ELdapException {
         return map(conn, null, obj);
     }
 
     /**
-     * Maps a X500 subject name to LDAP entry.
-     * Uses DN pattern to form a DN for a LDAP base search.
+     * Maps a X500 subject name to LDAP entry. Uses DN pattern to form a DN for
+     * a LDAP base search.
      * 
-     * @param conn	the LDAP connection.
-     * @param req  	the request to map.
-     * @param obj   the object to map.
+     * @param conn the LDAP connection.
+     * @param req the request to map.
+     * @param obj the object to map.
      * @exception ELdapException if any LDAP exceptions occured.
-     */ 
+     */
     public String map(LDAPConnection conn, IRequest req, Object obj)
-        throws ELdapException {
+            throws ELdapException {
         if (conn == null)
             return null;
         String dn = null;
@@ -198,22 +195,22 @@ public class LdapSimpleMap implements ILdapMapper, IExtendedPluginInfo {
             String[] attrs = new String[] { LDAPv3.NO_ATTRS };
 
             log(ILogger.LL_INFO, "searching for dn: " + dn + " filter:"
-                + filter + " scope: base");
+                    + filter + " scope: base");
 
-            LDAPSearchResults results = 
-                conn.search(dn, scope, filter, attrs, false);
+            LDAPSearchResults results =
+                    conn.search(dn, scope, filter, attrs, false);
             LDAPEntry entry = results.next();
 
             if (results.hasMoreElements()) {
-                log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_MORE_THAN_ONE_ENTRY", dn, ((req == null) ? "" : req.getRequestId().toString()))); 
-                throw new ELdapException(CMS.getUserMessage("CMS_LDAP_MORE_THAN_ONE_ENTRY", 
-                            ((req == null) ? "" : req.getRequestId().toString()))); 
+                log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_MORE_THAN_ONE_ENTRY", dn, ((req == null) ? "" : req.getRequestId().toString())));
+                throw new ELdapException(CMS.getUserMessage("CMS_LDAP_MORE_THAN_ONE_ENTRY",
+                            ((req == null) ? "" : req.getRequestId().toString())));
             }
             if (entry != null)
                 return entry.getDN();
             else {
-                log(ILogger.LL_FAILURE, 
-                    CMS.getLogMessage("PUBLISH_ENTRY_NOT_FOUND", dn, ((req == null) ? "" : req.getRequestId().toString())));
+                log(ILogger.LL_FAILURE,
+                        CMS.getLogMessage("PUBLISH_ENTRY_NOT_FOUND", dn, ((req == null) ? "" : req.getRequestId().toString())));
                 throw new ELdapException(CMS.getUserMessage("CMS_LDAP_NO_MATCH_FOUND",
                             "null entry"));
             }
@@ -224,7 +221,7 @@ public class LdapSimpleMap implements ILdapMapper, IExtendedPluginInfo {
                 // need to intercept this because message from LDAP is
                 // "DSA is unavailable" which confuses with DSA PKI.
                 log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("PUBLISH_NO_LDAP_SERVER"));
+                        CMS.getLogMessage("PUBLISH_NO_LDAP_SERVER"));
                 throw new ELdapServerDownException(CMS.getUserMessage("CMS_LDAP_SERVER_UNAVAILABLE", conn.getHost(), "" + conn.getPort()));
             } else {
                 log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_DN_MAP_EXCEPTION", "", e.toString()));
@@ -238,6 +235,7 @@ public class LdapSimpleMap implements ILdapMapper, IExtendedPluginInfo {
 
     /**
      * form a dn from component in the request and cert subject name
+     * 
      * @param req The request
      * @param obj The certificate or crl
      */
@@ -249,15 +247,15 @@ public class LdapSimpleMap implements ILdapMapper, IExtendedPluginInfo {
         try {
             X509Certificate cert = (X509Certificate) obj;
 
-            subjectDN = 
+            subjectDN =
                     (X500Name) ((X509Certificate) cert).getSubjectDN();
 
             CMS.debug("LdapSimpleMap: cert subject dn:" + subjectDN.toString());
-            //certExt = (CertificateExtensions)
-            //        ((X509CertImpl)cert).get(X509CertInfo.EXTENSIONS);
+            // certExt = (CertificateExtensions)
+            // ((X509CertImpl)cert).get(X509CertInfo.EXTENSIONS);
             X509CertInfo info = (X509CertInfo)
-                ((X509CertImpl) cert).get(
-                    X509CertImpl.NAME + "." + X509CertImpl.INFO);
+                    ((X509CertImpl) cert).get(
+                            X509CertImpl.NAME + "." + X509CertImpl.INFO);
 
             certExt = (CertificateExtensions) info.get(
                         CertificateExtensions.NAME);
@@ -271,15 +269,15 @@ public class LdapSimpleMap implements ILdapMapper, IExtendedPluginInfo {
             try {
                 X509CRLImpl crl = (X509CRLImpl) obj;
 
-                subjectDN = 
+                subjectDN =
                         (X500Name) ((X509CRLImpl) crl).getIssuerDN();
 
                 CMS.debug("LdapSimpleMap: crl issuer dn: " +
-                    subjectDN.toString());
-            }catch (ClassCastException ex) {
-                log(ILogger.LL_FAILURE, 
-                    CMS.getLogMessage("PUBLISH_PUBLISH_OBJ_NOT_SUPPORTED", 
-                        ((req == null) ? "" : req.getRequestId().toString())));
+                        subjectDN.toString());
+            } catch (ClassCastException ex) {
+                log(ILogger.LL_FAILURE,
+                        CMS.getLogMessage("PUBLISH_PUBLISH_OBJ_NOT_SUPPORTED",
+                                ((req == null) ? "" : req.getRequestId().toString())));
                 return null;
             }
         }
@@ -315,9 +313,9 @@ public class LdapSimpleMap implements ILdapMapper, IExtendedPluginInfo {
         try {
             if (mDnPattern == null) {
                 v.addElement(PROP_DNPATTERN + "=");
-            }else {
+            } else {
                 v.addElement(PROP_DNPATTERN + "=" +
-                    mConfig.getString(PROP_DNPATTERN));
+                        mConfig.getString(PROP_DNPATTERN));
             }
         } catch (Exception e) {
         }
@@ -326,8 +324,7 @@ public class LdapSimpleMap implements ILdapMapper, IExtendedPluginInfo {
 
     private void log(int level, String msg) {
         mLogger.log(ILogger.EV_SYSTEM, ILogger.S_LDAP, level,
-            "LdapSimpleMapper: " + msg);
+                "LdapSimpleMapper: " + msg);
     }
 
 }
-
diff --git a/pki/base/common/src/com/netscape/cms/publish/mappers/MapAVAPattern.java b/pki/base/common/src/com/netscape/cms/publish/mappers/MapAVAPattern.java
index 667a7c5a..7be61610 100644
--- a/pki/base/common/src/com/netscape/cms/publish/mappers/MapAVAPattern.java
+++ b/pki/base/common/src/com/netscape/cms/publish/mappers/MapAVAPattern.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.publish.mappers;
 
-
 import java.io.IOException;
 import java.io.PushbackReader;
 import java.io.StringReader;
@@ -42,26 +41,28 @@ import com.netscape.certsrv.ldap.ELdapException;
 import com.netscape.certsrv.publish.ECompSyntaxErr;
 import com.netscape.certsrv.request.IRequest;
 
-
 /**
- * class for parsing a DN pattern used to construct a ldap dn from 
- * request attributes and cert subject name.<p>
+ * class for parsing a DN pattern used to construct a ldap dn from request
+ * attributes and cert subject name.
+ * <p>
+ * 
+ * dnpattern is a string representing a ldap dn pattern to formulate from the
+ * certificate subject name attributes and request attributes . If empty or not
+ * set, the certificate subject name will be used as the ldap dn.
+ * <p>
  * 
- * dnpattern is a string representing a ldap dn pattern to formulate from 
- * the certificate subject name attributes and request attributes . 
- * If empty or not set, the certificate subject name 
- * will be used as the ldap dn. <p>
+ * The syntax is
  * 
- * The syntax is 
  * <pre>
- *		dnPattern := rdnPattern *[ "," rdnPattern ]
- *		rdnPattern := avaPattern *[ "+" avaPattern ]
+ * 	dnPattern := rdnPattern *[ "," rdnPattern ]
+ * 	rdnPattern := avaPattern *[ "+" avaPattern ]
  * 		avaPattern := name "=" value | 
- *				      name "=" "$subj" "." attrName [ "." attrNumber ] | 
- *				      name "=" "$ext" "." extName [ "." nameType ] [ "." attrNumber ] 
- *				      name "=" "$req" "." attrName [ "." attrNumber ] | 
- *				 	  "$rdn" "." number
+ * 			      name "=" "$subj" "." attrName [ "." attrNumber ] | 
+ * 			      name "=" "$ext" "." extName [ "." nameType ] [ "." attrNumber ] 
+ * 			      name "=" "$req" "." attrName [ "." attrNumber ] | 
+ * 			 	  "$rdn" "." number
  * </pre>
+ * 
  * <pre>
  * Example1: <i>cn=Certificate Manager,ou=people,o=mcom.com</i>
  * cert subject name: dn:  CN=Certificate Manager, OU=people, O=mcom.com
@@ -72,7 +73,7 @@ import com.netscape.certsrv.request.IRequest;
  * <p>
  * note: Subordinate ca enrollment will use ca mapper. Use predicate
  * to distinguish the ca itself and the subordinates.
- *
+ * 
  * Example2: <i>UID=$req.HTTP_PARAMS.uid, OU=$subj.ou, OU=people, , O=mcom.com</i>
  * cert subject name: dn:  UID=jjames, OU=IS, OU=people, , O=mcom.com
  * request attributes: uid: cmanager 
@@ -97,10 +98,10 @@ import com.netscape.certsrv.request.IRequest;
  *     O = the string mcom.com. <br>
  * <p>
  * </pre>
- * If an request attribute or subject DN component does not exist,
- * the attribute is skipped. There is potential risk that a wrong dn
- * will be mapped into.
- *
+ * 
+ * If an request attribute or subject DN component does not exist, the attribute
+ * is skipped. There is potential risk that a wrong dn will be mapped into.
+ * 
  * @version $Revision$, $Date$
  */
 class MapAVAPattern {
@@ -120,26 +121,28 @@ class MapAVAPattern {
             "EDIName",
             "URIName",
             "IPAddress",
-            "OIDName"};
+            "OIDName" };
     private static final char[] endChars = new char[] { '+', ',' };
 
-    private static final LdapV3DNStrConverter mLdapDNStrConverter = 
-        new LdapV3DNStrConverter();
+    private static final LdapV3DNStrConverter mLdapDNStrConverter =
+            new LdapV3DNStrConverter();
 
-    /* the list of request attributes needed by this AVA  */
+    /* the list of request attributes needed by this AVA */
     protected String[] mReqAttrs = null;
 
-    /* the list of cert attributes needed by this AVA*/
+    /* the list of cert attributes needed by this AVA */
     protected String[] mCertAttrs = null;
 
     /* value type */
     protected String mType = null;
 
     /* the attribute in the AVA pair */
-    protected String mAttr = null; 
+    protected String mAttr = null;
 
-    /* value - could be name of a request  attribute or 
-     * cert subject dn attribute. */
+    /*
+     * value - could be name of a request attribute or cert subject dn
+     * attribute.
+     */
     protected String mValue = null;
 
     /* value type - general name type of an extension attribute if any. */
@@ -154,47 +157,47 @@ class MapAVAPattern {
     protected String mTestDN = null;
 
     public MapAVAPattern(String component)
-        throws ELdapException {
-        if (component == null || component.length() == 0) 
+            throws ELdapException {
+        if (component == null || component.length() == 0)
             throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX", component));
         parse(new PushbackReader(new StringReader(component)));
     }
 
-    public MapAVAPattern(PushbackReader in) 
-        throws ELdapException {
+    public MapAVAPattern(PushbackReader in)
+            throws ELdapException {
         parse(in);
     }
 
     private void parse(PushbackReader in)
-        throws ELdapException {
+            throws ELdapException {
         int c;
 
         // mark ava beginning.
 
         // skip spaces
-        //System.out.println("============ AVAPattern Begin ===========");
-        //System.out.println("skip spaces");
+        // System.out.println("============ AVAPattern Begin ===========");
+        // System.out.println("skip spaces");
 
         try {
-            while ((c = in.read()) == ' ' || c == '\t') {//System.out.println("spaces read "+(char)c);
+            while ((c = in.read()) == ' ' || c == '\t') {// System.out.println("spaces read "+(char)c);
                 ;
             }
         } catch (IOException e) {
             throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX", "All blank"));
         }
-        if (c == -1) 
+        if (c == -1)
             throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX", "All blank"));
 
-            // $rdn "." number syntax. 
+        // $rdn "." number syntax.
 
         if (c == '$') {
-            //System.out.println("$rdn syntax");
+            // System.out.println("$rdn syntax");
             mType = TYPE_RDN;
             try {
-                if (in.read() != 'r' || 
-                    in.read() != 'd' || 
-                    in.read() != 'n' || 
-                    in.read() != '.') 
+                if (in.read() != 'r' ||
+                        in.read() != 'd' ||
+                        in.read() != 'n' ||
+                        in.read() != '.')
                     throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX", "Invalid $ syntax, expecting $rdn"));
             } catch (IOException e) {
                 throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX", "Invalid $ syntax, expecting $rdn"));
@@ -204,7 +207,7 @@ class MapAVAPattern {
 
             try {
                 while ((c = in.read()) != ',' && c != -1 && c != '+') {
-                    //System.out.println("rdnNumber read "+(char)c);
+                    // System.out.println("rdnNumber read "+(char)c);
                     rdnNumberBuf.append((char) c);
                 }
                 if (c != -1) // either ',' or '+'
@@ -216,7 +219,7 @@ class MapAVAPattern {
 
             String rdnNumber = rdnNumberBuf.toString().trim();
 
-            if (rdnNumber.length() == 0) 
+            if (rdnNumber.length() == 0)
                 throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX", "$rdn number not set in ava pattern"));
             try {
                 mElement = Integer.parseInt(rdnNumber) - 1;
@@ -226,20 +229,20 @@ class MapAVAPattern {
             return;
         }
 
-        // name "=" ... syntax. 
+        // name "=" ... syntax.
 
-        // read name 
-        //System.out.println("reading name");
+        // read name
+        // System.out.println("reading name");
 
-        StringBuffer attrBuf = new StringBuffer(); 
+        StringBuffer attrBuf = new StringBuffer();
 
         try {
             while (c != '=' && c != -1 && c != ',' && c != '+') {
                 attrBuf.append((char) c);
                 c = in.read();
-                //System.out.println("name read "+(char)c);
-            } 
-            if (c == ',' || c == '+') 
+                // System.out.println("name read "+(char)c);
+            }
+            if (c == ',' || c == '+')
                 in.unread(c);
         } catch (IOException e) {
             throw new ELdapException(
@@ -248,39 +251,39 @@ class MapAVAPattern {
         if (c != '=')
             throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX", "Missing \"=\" in ava pattern"));
 
-            // read value 
-            //System.out.println("reading value");
+        // read value
+        // System.out.println("reading value");
 
-            // skip spaces 
-            //System.out.println("skip spaces for value");
+        // skip spaces
+        // System.out.println("skip spaces for value");
         try {
-            while ((c = in.read()) == ' ' || c == '\t') {//System.out.println("spaces2 read "+(char)c);
+            while ((c = in.read()) == ' ' || c == '\t') {// System.out.println("spaces2 read "+(char)c);
                 ;
             }
         } catch (IOException e) {
             throw new ELdapException(
                     CMS.getUserMessage("CMS_LDAP_INTERNAL_ERROR", e.toString()));
         }
-        if (c == -1) 
+        if (c == -1)
             throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX", "no value after = in ava pattern"));
 
         if (c == '$') {
-            // check for $subj $ext or $req 
+            // check for $subj $ext or $req
             try {
                 c = in.read();
-                //System.out.println("check $dn or $attr read "+(char)c);
+                // System.out.println("check $dn or $attr read "+(char)c);
             } catch (IOException e) {
                 throw new ELdapException(
                         CMS.getUserMessage("CMS_LDAP_INTERNAL_ERROR", e.toString()));
             }
-            if (c == -1) 
+            if (c == -1)
                 throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX",
                             "expecting $subj or $req in ava pattern"));
             if (c == 'r') {
                 try {
-                    if (in.read() != 'e' || 
-                        in.read() != 'q' || 
-                        in.read() != '.') 
+                    if (in.read() != 'e' ||
+                            in.read() != 'q' ||
+                            in.read() != '.')
                         throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX",
                                     "expecting $req in ava pattern"));
                 } catch (IOException e) {
@@ -288,13 +291,13 @@ class MapAVAPattern {
                             CMS.getUserMessage("CMS_LDAP_INTERNAL_ERROR", e.toString()));
                 }
                 mType = TYPE_REQ;
-                //System.out.println("---- mtype $req");
+                // System.out.println("---- mtype $req");
             } else if (c == 's') {
                 try {
-                    if (in.read() != 'u' || 
-                        in.read() != 'b' || 
-                        in.read() != 'j' || 
-                        in.read() != '.') 
+                    if (in.read() != 'u' ||
+                            in.read() != 'b' ||
+                            in.read() != 'j' ||
+                            in.read() != '.')
                         throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX",
                                     "expecting $subj in ava pattern"));
                 } catch (IOException e) {
@@ -302,43 +305,40 @@ class MapAVAPattern {
                             CMS.getUserMessage("CMS_LDAP_INTERNAL_ERROR", e.toString()));
                 }
                 mType = TYPE_SUBJ;
-                //System.out.println("----- mtype $subj");
+                // System.out.println("----- mtype $subj");
             } else if (c == 'e') {
                 try {
-                    if (in.read() != 'x' || 
-                        in.read() != 't' || 
-                        in.read() != '.') 
-                        throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX", 
+                    if (in.read() != 'x' ||
+                            in.read() != 't' ||
+                            in.read() != '.')
+                        throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX",
                                     "expecting $ext in ava pattern"));
                 } catch (IOException e) {
                     throw new ELdapException(
                             CMS.getUserMessage("CMS_LDAP_INTERNAL_ERROR", e.toString()));
                 }
                 mType = TYPE_EXT;
-                //System.out.println("----- mtype $ext");
+                // System.out.println("----- mtype $ext");
             } else {
                 throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX",
-                            "unknown keyword. expecting $subj $ext or $req.")); 
+                            "unknown keyword. expecting $subj $ext or $req."));
             }
 
-            // get request attr name of subject dn pattern from above. 
+            // get request attr name of subject dn pattern from above.
             String attrName = attrBuf.toString().trim();
 
-            //System.out.println("----- attrName "+attrName);
-            if (attrName.length() == 0) 
+            // System.out.println("----- attrName "+attrName);
+            if (attrName.length() == 0)
                 throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX", "attribute name expected"));
-            mAttr = attrName;		
+            mAttr = attrName;
 
             /*
-             try { 
-             ObjectIdentifier attrOid = 
-             mLdapDNStrConverter.parseAVAKeyword(attrName); 
-             mAttr = mLdapDNStrConverter.encodeOID(attrOid);		
-             //System.out.println("----- mAttr "+mAttr);
-             }
-             catch (IOException e) {
-             throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX", e.toString()));
-             }
+             * try { ObjectIdentifier attrOid =
+             * mLdapDNStrConverter.parseAVAKeyword(attrName); mAttr =
+             * mLdapDNStrConverter.encodeOID(attrOid);
+             * //System.out.println("----- mAttr "+mAttr); } catch (IOException
+             * e) { throw new ECompSyntaxErr(CMS.getUserMessage(
+             * "CMS_AUTHENTICATION_COMPONENT_SYNTAX", e.toString())); }
              */
 
             // get request attribute or cert subject dn attribute
@@ -346,44 +346,44 @@ class MapAVAPattern {
             StringBuffer valueBuf = new StringBuffer();
 
             try {
-                while ((c = in.read()) != ',' && 
-                    c != -1 && c != '.' && c != '+') {
-                    //System.out.println("mValue read "+(char)c);
+                while ((c = in.read()) != ',' &&
+                        c != -1 && c != '.' && c != '+') {
+                    // System.out.println("mValue read "+(char)c);
                     valueBuf.append((char) c);
                 }
                 if (c == '+' || c == ',') // either ',' or '+'
-                    in.unread(c); // pushback last , or + 
+                    in.unread(c); // pushback last , or +
             } catch (IOException e) {
                 throw new ELdapException(
                         CMS.getUserMessage("CMS_LDAP_INTERNAL_ERROR", e.toString()));
             }
 
             mValue = valueBuf.toString().trim();
-            if (mValue.length() == 0) 
+            if (mValue.length() == 0)
                 throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX",
                             "$subj or $req attribute name expected"));
-                //System.out.println("----- mValue "+mValue);
+            // System.out.println("----- mValue "+mValue);
 
-                // get nth dn xxx not nth request attribute .
+            // get nth dn xxx not nth request attribute .
             if (c == '.') {
                 StringBuffer attrNumberBuf = new StringBuffer();
 
                 try {
                     while ((c = in.read()) != ',' && c != -1 && c != '.'
-                        && c != '+') {
-                        //System.out.println("mElement read "+(char)c);
+                            && c != '+') {
+                        // System.out.println("mElement read "+(char)c);
                         attrNumberBuf.append((char) c);
                     }
-                    if (c == ',' || c == '+') // either ','  or '+'
-                        in.unread(c);  // pushback last , or +
+                    if (c == ',' || c == '+') // either ',' or '+'
+                        in.unread(c); // pushback last , or +
                 } catch (IOException e) {
                     throw new ELdapException(
                             CMS.getUserMessage("CMS_LDAP_INTERNAL_ERROR", e.toString()));
                 }
                 String attrNumber = attrNumberBuf.toString().trim();
 
-                if (attrNumber.length() == 0) 
-                    throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX", 
+                if (attrNumber.length() == 0)
+                    throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX",
                                 "nth element $req $ext or $subj expected"));
                 try {
                     mElement = Integer.parseInt(attrNumber) - 1;
@@ -393,67 +393,67 @@ class MapAVAPattern {
                         mValue = attrNumber;
                     } else if (TYPE_EXT.equals(mType)) {
                         mGNType = attrNumber;
-                    } else 
-                        throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX", 
+                    } else
+                        throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX",
                                     "Invalid format in nth element $req $ext or $subj"));
 
-                        // get nth request attribute .
+                    // get nth request attribute .
                     if (c == '.') {
                         StringBuffer attrNumberBuf1 = new StringBuffer();
 
                         try {
                             while ((c = in.read()) != ',' && c != -1 && c != '+') {
-                                //System.out.println("mElement read "+(char)c);
+                                // System.out.println("mElement read "+(char)c);
                                 attrNumberBuf1.append((char) c);
                             }
                             if (c != -1) // either ',' or '+'
-                                in.unread(c);  // pushback last , or +
+                                in.unread(c); // pushback last , or +
                         } catch (IOException ex) {
                             throw new ELdapException(
                                     CMS.getUserMessage("CMS_LDAP_INTERNAL_ERROR", ex.toString()));
                         }
                         String attrNumber1 = attrNumberBuf1.toString().trim();
 
-                        if (attrNumber1.length() == 0) 
-                            throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX", 
+                        if (attrNumber1.length() == 0)
+                            throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX",
                                         "nth element $req expected"));
-                        try { 
-                            mElement = Integer.parseInt(attrNumber1) - 1; 
+                        try {
+                            mElement = Integer.parseInt(attrNumber1) - 1;
                         } catch (NumberFormatException ex) {
                             throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX",
                                         "Invalid format in nth element $req."));
-					
+
                         }
                     }
                 }
             }
-            //System.out.println("----- mElement "+mElement);
+            // System.out.println("----- mElement "+mElement);
         } else {
             // value is constant. treat as regular ava.
             mType = TYPE_CONSTANT;
-            //System.out.println("----- mType constant");
-            // parse ava value. 
+            // System.out.println("----- mType constant");
+            // parse ava value.
             StringBuffer valueBuf = new StringBuffer();
 
             valueBuf.append((char) c);
             // read forward to get attribute value
             try {
-                while ((c = in.read()) != ',' && 
-                    c != -1) {
+                while ((c = in.read()) != ',' &&
+                        c != -1) {
                     valueBuf.append((char) c);
                 }
                 if (c == '+' || c == ',') { // either ',' or '+'
-                    in.unread(c); // pushback last , or + 
+                    in.unread(c); // pushback last , or +
                 }
             } catch (IOException e) {
                 throw new ELdapException(
                         CMS.getUserMessage("CMS_LDAP_INTERNAL_ERROR", e.toString()));
             }
-            try { 
-                AVA ava = mLdapDNStrConverter.parseAVA(attrBuf + "=" + valueBuf); 
+            try {
+                AVA ava = mLdapDNStrConverter.parseAVA(attrBuf + "=" + valueBuf);
 
                 mValue = ava.toLdapDNString();
-                //System.out.println("----- mValue "+mValue);
+                // System.out.println("----- mValue "+mValue);
             } catch (IOException e) {
                 throw new ECompSyntaxErr(CMS.getUserMessage("CMS_AUTHENTICATION_COMPONENT_SYNTAX", e.toString()));
             }
@@ -461,19 +461,19 @@ class MapAVAPattern {
     }
 
     public String formAVA(IRequest req, X500Name subject, CertificateExtensions extensions)
-        throws ELdapException {
+            throws ELdapException {
         if (TYPE_CONSTANT.equals(mType))
             return mValue;
 
         if (TYPE_RDN.equals(mType)) {
             String dn = subject.toString();
 
-            if (mTestDN != null) 
+            if (mTestDN != null)
                 dn = mTestDN;
-                //System.out.println("AVAPattern Using dn "+mTestDN);
+            // System.out.println("AVAPattern Using dn "+mTestDN);
             String[] rdns = LDAPDN.explodeDN(dn, false);
 
-            if (mElement >= rdns.length) 
+            if (mElement >= rdns.length)
                 return null;
             return rdns[mElement];
         }
@@ -481,9 +481,9 @@ class MapAVAPattern {
         if (TYPE_SUBJ.equals(mType)) {
             String dn = subject.toString();
 
-            if (mTestDN != null) 
+            if (mTestDN != null)
                 dn = mTestDN;
-                //System.out.println("AVAPattern Using dn "+mTestDN);
+            // System.out.println("AVAPattern Using dn "+mTestDN);
             String[] rdns = LDAPDN.explodeDN(dn, false);
             String value = null;
             int nFound = -1;
@@ -494,8 +494,8 @@ class MapAVAPattern {
                 for (int j = 0; j < avas.length; j++) {
                     String[] exploded = explodeAVA(avas[j]);
 
-                    if (exploded[0].equalsIgnoreCase(mValue) && 
-                        ++nFound == mElement) {
+                    if (exploded[0].equalsIgnoreCase(mValue) &&
+                            ++nFound == mElement) {
                         value = exploded[1];
                         break;
                     }
@@ -503,10 +503,10 @@ class MapAVAPattern {
             }
             if (value == null) {
                 CMS.debug(
-                    "MapAVAPattern: attr " + mAttr + 
-                    " not formed from: cert subject " +
-                    dn +
-                    "-- no subject component : " + mValue);
+                        "MapAVAPattern: attr " + mAttr +
+                                " not formed from: cert subject " +
+                                dn +
+                                "-- no subject component : " + mValue);
                 return null;
             }
             return mAttr + "=" + value;
@@ -516,21 +516,19 @@ class MapAVAPattern {
             if (extensions != null) {
                 for (int i = 0; i < extensions.size(); i++) {
                     Extension ext = (Extension)
-                        extensions.elementAt(i);
+                            extensions.elementAt(i);
                     String extName = OIDMap.getName(ext.getExtensionId());
                     int index = extName.lastIndexOf(".");
 
                     if (index != -1)
                         extName = extName.substring(index + 1);
-                    if (
-                        extName.equals(mValue)) {
+                    if (extName.equals(mValue)) {
                         // Check the extensions one by one.
                         // For now, just give subjectAltName as an example.
-                        if
-                        (mValue.equalsIgnoreCase(SubjectAlternativeNameExtension.class.getSimpleName())) {
+                        if (mValue.equalsIgnoreCase(SubjectAlternativeNameExtension.class.getSimpleName())) {
                             try {
                                 GeneralNames subjectNames = (GeneralNames)
-                                    ((SubjectAlternativeNameExtension) ext).get(SubjectAlternativeNameExtension.SUBJECT_NAME);
+                                        ((SubjectAlternativeNameExtension) ext).get(SubjectAlternativeNameExtension.SUBJECT_NAME);
 
                                 if (subjectNames.size() == 0)
                                     break;
@@ -541,7 +539,8 @@ class MapAVAPattern {
                                     String gname = gn.toString();
 
                                     index = gname.indexOf(":");
-                                    if (index == -1) break;
+                                    if (index == -1)
+                                        break;
                                     String gType = gname.substring(0, index);
 
                                     if (mGNType != null) {
@@ -563,18 +562,18 @@ class MapAVAPattern {
                                         j++;
                                     }
                                 }
-                            } catch (IOException e) { 
+                            } catch (IOException e) {
                                 CMS.debug(
-                                    "MapAVAPattern: Publishing attr not formed from extension." +
-                                    "-- no attr : " + mValue);
+                                        "MapAVAPattern: Publishing attr not formed from extension." +
+                                                "-- no attr : " + mValue);
                             }
                         }
                     }
                 }
             }
             CMS.debug(
-                "MapAVAPattern: Publishing:attr not formed from extension " +
-                "-- no attr : " + mValue);
+                    "MapAVAPattern: Publishing:attr not formed from extension " +
+                            "-- no attr : " + mValue);
 
             return null;
         }
@@ -583,8 +582,7 @@ class MapAVAPattern {
             // mPrefix and mValue are looked up case-insensitive
             String reqAttr = req.getExtDataInString(mPrefix, mValue);
             if (reqAttr == null) {
-                throw new
-                        ELdapException(CMS.getUserMessage("CMS_LDAP_NO_REQUEST",
+                throw new ELdapException(CMS.getUserMessage("CMS_LDAP_NO_REQUEST",
                         mValue, mAttr));
             }
             return mAttr + "=" + reqAttr;
@@ -608,20 +606,19 @@ class MapAVAPattern {
     }
 
     /**
-     * Explode RDN into AVAs. 
-     * Does not handle escaped '+' 
-     * Java ldap library does not yet support multiple avas per rdn.
-     * If RDN is malformed returns empty array. 
+     * Explode RDN into AVAs. Does not handle escaped '+' Java ldap library does
+     * not yet support multiple avas per rdn. If RDN is malformed returns empty
+     * array.
      */
     public static String[] explodeRDN(String rdn) {
         int plus = rdn.indexOf('+');
 
-        if (plus == -1) 
+        if (plus == -1)
             return new String[] { rdn };
         Vector<String> avas = new Vector<String>();
         StringTokenizer token = new StringTokenizer(rdn, "+");
 
-        while (token.hasMoreTokens()) 
+        while (token.hasMoreTokens())
             avas.addElement(token.nextToken());
         String[] theAvas = new String[avas.size()];
 
@@ -630,17 +627,15 @@ class MapAVAPattern {
     }
 
     /**
-     * Explode AVA into name and value. 
-     * Does not handle escaped '='
-     * If AVA is malformed empty array is returned.
+     * Explode AVA into name and value. Does not handle escaped '=' If AVA is
+     * malformed empty array is returned.
      */
     public static String[] explodeAVA(String ava) {
         int equals = ava.indexOf('=');
 
-        if (equals == -1) 
+        if (equals == -1)
             return null;
         return new String[] {
-                ava.substring(0, equals).trim(), ava.substring(equals + 1).trim()};
+                ava.substring(0, equals).trim(), ava.substring(equals + 1).trim() };
     }
 }
-
diff --git a/pki/base/common/src/com/netscape/cms/publish/mappers/MapDNPattern.java b/pki/base/common/src/com/netscape/cms/publish/mappers/MapDNPattern.java
index 5de5e3dd..07405443 100644
--- a/pki/base/common/src/com/netscape/cms/publish/mappers/MapDNPattern.java
+++ b/pki/base/common/src/com/netscape/cms/publish/mappers/MapDNPattern.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.publish.mappers;
 
-
 import java.io.IOException;
 import java.io.PushbackReader;
 import java.io.StringReader;
@@ -31,25 +30,27 @@ import com.netscape.certsrv.base.EBaseException;
 import com.netscape.certsrv.ldap.ELdapException;
 import com.netscape.certsrv.request.IRequest;
 
-
 /**
- * class for parsing a DN pattern used to construct a ldap dn from 
- * request attributes and cert subject name.<p>
+ * class for parsing a DN pattern used to construct a ldap dn from request
+ * attributes and cert subject name.
+ * <p>
  * 
- * dnpattern is a string representing a ldap dn pattern to formulate from 
- * the certificate subject name attributes and request attributes . 
- * If empty or not set, the certificate subject name 
- * will be used as the ldap dn. <p>
+ * dnpattern is a string representing a ldap dn pattern to formulate from the
+ * certificate subject name attributes and request attributes . If empty or not
+ * set, the certificate subject name will be used as the ldap dn.
+ * <p>
+ * 
+ * The syntax is
  * 
- * The syntax is 
  * <pre>
- *		dnPattern := rdnPattern *[ "," rdnPattern ]
- *		rdnPattern := avaPattern *[ "+" avaPattern ]
+ * 	dnPattern := rdnPattern *[ "," rdnPattern ]
+ * 	rdnPattern := avaPattern *[ "+" avaPattern ]
  * 		avaPattern := name "=" value | 
- *				      name "=" "$subj" "." attrName [ "." attrNumber ] | 
- *				      name "=" "$req" "." attrName [ "." attrNumber ] | 
- *	    		 	  "$rdn" "." number
+ * 			      name "=" "$subj" "." attrName [ "." attrNumber ] | 
+ * 			      name "=" "$req" "." attrName [ "." attrNumber ] | 
+ *     		 	  "$rdn" "." number
  * </pre>
+ * 
  * <pre>
  * Example1: <i>cn=Certificate Manager,ou=people,o=mcom.com</i>
  * cert subject name: dn:  CN=Certificate Manager, OU=people, O=mcom.com
@@ -60,7 +61,7 @@ import com.netscape.certsrv.request.IRequest;
  * <p>
  * note: Subordinate ca enrollment will use ca mapper. Use predicate
  * to distinguish the ca itself and the subordinates.
- *
+ * 
  * Example2: <i>UID=$req.HTTP_PARAMS.uid, OU=$subj.ou, O=people, , O=mcom.com</i>
  * cert subject name: dn:  UID=jjames, OU=IS, O=people, , O=mcom.com
  * request attributes: uid: cmanager 
@@ -73,18 +74,18 @@ import com.netscape.certsrv.request.IRequest;
  *     O = the string people, mcom.com. <br>
  * <p>
  * </pre>
- * If an request attribute or subject DN component does not exist,
- * the attribute is skipped. There is potential risk that a wrong dn
- * will be mapped into.
- *
+ * 
+ * If an request attribute or subject DN component does not exist, the attribute
+ * is skipped. There is potential risk that a wrong dn will be mapped into.
+ * 
  * @version $Revision$, $Date$
  */
 public class MapDNPattern {
 
-    /* the list of request attriubutes to retrieve*/
+    /* the list of request attriubutes to retrieve */
     protected String[] mReqAttrs = null;
 
-    /* the list of cert attriubutes to retrieve*/
+    /* the list of cert attriubutes to retrieve */
     protected String[] mCertAttrs = null;
 
     /* rdn patterns */
@@ -95,16 +96,17 @@ public class MapDNPattern {
 
     protected String mTestDN = null;
 
-    /** 
+    /**
      * Construct a DN pattern by parsing a pattern string.
+     * 
      * @param pattern the DN pattern
-     * @exception EBaseException If parsing error occurs. 
+     * @exception EBaseException If parsing error occurs.
      */
     public MapDNPattern(String pattern)
-        throws ELdapException {
+            throws ELdapException {
         if (pattern == null || pattern.equals("")) {
             CMS.debug(
-                "MapDNPattern: null pattern");			
+                    "MapDNPattern: null pattern");
         } else {
             mPatternString = pattern;
             PushbackReader in = new PushbackReader(new StringReader(pattern));
@@ -113,13 +115,13 @@ public class MapDNPattern {
         }
     }
 
-    public MapDNPattern(PushbackReader in) 
-        throws ELdapException {
+    public MapDNPattern(PushbackReader in)
+            throws ELdapException {
         parse(in);
     }
 
     private void parse(PushbackReader in)
-        throws ELdapException {
+            throws ELdapException {
         Vector<MapRDNPattern> rdnPatterns = new Vector<MapRDNPattern>();
         MapRDNPattern rdnPattern = null;
         int lastChar = -1;
@@ -133,8 +135,7 @@ public class MapDNPattern {
                 throw new ELdapException(
                         CMS.getUserMessage("CMS_LDAP_INTERNAL_ERROR", e.toString()));
             }
-        }
-        while (lastChar == ',');
+        } while (lastChar == ',');
 
         mRDNPatterns = new MapRDNPattern[rdnPatterns.size()];
         rdnPatterns.copyInto(mRDNPatterns);
@@ -144,8 +145,8 @@ public class MapDNPattern {
         for (int i = 0; i < mRDNPatterns.length; i++) {
             String[] rdnAttrs = mRDNPatterns[i].getReqAttrs();
 
-            if (rdnAttrs != null && rdnAttrs.length > 0) 
-                for (int j = 0; j < rdnAttrs.length; j++) 
+            if (rdnAttrs != null && rdnAttrs.length > 0)
+                for (int j = 0; j < rdnAttrs.length; j++)
                     reqAttrs.addElement(rdnAttrs[j]);
         }
         mReqAttrs = new String[reqAttrs.size()];
@@ -156,8 +157,8 @@ public class MapDNPattern {
         for (int i = 0; i < mRDNPatterns.length; i++) {
             String[] rdnAttrs = mRDNPatterns[i].getCertAttrs();
 
-            if (rdnAttrs != null && rdnAttrs.length > 0) 
-                for (int j = 0; j < rdnAttrs.length; j++) 
+            if (rdnAttrs != null && rdnAttrs.length > 0)
+                for (int j = 0; j < rdnAttrs.length; j++)
                     certAttrs.addElement(rdnAttrs[j]);
         }
         mCertAttrs = new String[certAttrs.size()];
@@ -166,12 +167,13 @@ public class MapDNPattern {
 
     /**
      * Form a Ldap v3 DN string from a request and a cert subject name.
+     * 
      * @param req the request for (un)publish
      * @param subject the subjectDN of the certificate
-     * @return Ldap v3 DN string to use for base ldap search. 
+     * @return Ldap v3 DN string to use for base ldap search.
      */
     public String formDN(IRequest req, X500Name subject, CertificateExtensions ext)
-        throws ELdapException {
+            throws ELdapException {
         StringBuffer formedDN = new StringBuffer();
 
         for (int i = 0; i < mRDNPatterns.length; i++) {
@@ -180,11 +182,11 @@ public class MapDNPattern {
             String rdn = mRDNPatterns[i].formRDN(req, subject, ext);
 
             if (rdn != null && rdn.length() != 0) {
-                    if (formedDN.length() != 0) 
-                        formedDN.append(",");
-                    formedDN.append(rdn);
+                if (formedDN.length() != 0)
+                    formedDN.append(",");
+                formedDN.append(rdn);
             } else {
-		throw new ELdapException("pattern not matched");
+                throw new ELdapException("pattern not matched");
             }
         }
         return formedDN.toString();
@@ -198,4 +200,3 @@ public class MapDNPattern {
         return (String[]) mCertAttrs.clone();
     }
 }
-
diff --git a/pki/base/common/src/com/netscape/cms/publish/mappers/MapRDNPattern.java b/pki/base/common/src/com/netscape/cms/publish/mappers/MapRDNPattern.java
index 65091000..55e25ab2 100644
--- a/pki/base/common/src/com/netscape/cms/publish/mappers/MapRDNPattern.java
+++ b/pki/base/common/src/com/netscape/cms/publish/mappers/MapRDNPattern.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.publish.mappers;
 
-
 import java.io.IOException;
 import java.io.PushbackReader;
 import java.io.StringReader;
@@ -30,25 +29,27 @@ import com.netscape.certsrv.apps.CMS;
 import com.netscape.certsrv.ldap.ELdapException;
 import com.netscape.certsrv.request.IRequest;
 
-
 /**
- * class for parsing a DN pattern used to construct a ldap dn from 
- * request attributes and cert subject name.<p>
+ * class for parsing a DN pattern used to construct a ldap dn from request
+ * attributes and cert subject name.
+ * <p>
  * 
- * dnpattern is a string representing a ldap dn pattern to formulate from 
- * the certificate subject name attributes and request attributes . 
- * If empty or not set, the certificate subject name 
- * will be used as the ldap dn. <p>
+ * dnpattern is a string representing a ldap dn pattern to formulate from the
+ * certificate subject name attributes and request attributes . If empty or not
+ * set, the certificate subject name will be used as the ldap dn.
+ * <p>
+ * 
+ * The syntax is
  * 
- * The syntax is 
  * <pre>
- *		dnPattern := rdnPattern *[ "," rdnPattern ]
- *		rdnPattern := avaPattern *[ "+" avaPattern ]
+ * 	dnPattern := rdnPattern *[ "," rdnPattern ]
+ * 	rdnPattern := avaPattern *[ "+" avaPattern ]
  * 		avaPattern := name "=" value | 
- *				      name "=" "$subj" "." attrName [ "." attrNumber ] | 
- *				      name "=" "$req" "." attrName [ "." attrNumber ] | 
- *				 	  "$rdn" "." number
+ * 			      name "=" "$subj" "." attrName [ "." attrNumber ] | 
+ * 			      name "=" "$req" "." attrName [ "." attrNumber ] | 
+ * 			 	  "$rdn" "." number
  * </pre>
+ * 
  * <pre>
  * Example1: <i>cn=Certificate Manager,ou=people,o=mcom.com</i>
  * cert subject name: dn:  CN=Certificate Manager, OU=people, O=mcom.com
@@ -59,7 +60,7 @@ import com.netscape.certsrv.request.IRequest;
  * <p>
  * note: Subordinate ca enrollment will use ca mapper. Use predicate
  * to distinguish the ca itself and the subordinates.
- *
+ * 
  * Example2: <i>UID=$req.HTTP_PARAMS.uid, OU=$subj.ou, O=people, , O=mcom.com</i>
  * cert subject name: dn:  UID=jjames, OU=IS, O=people, , O=mcom.com
  * request attributes: uid: cmanager 
@@ -72,18 +73,18 @@ import com.netscape.certsrv.request.IRequest;
  *     O = the string people, mcom.com. <br>
  * <p>
  * </pre>
- * If an request attribute or subject DN component does not exist,
- * the attribute is skipped.There is potential risk that a wrong dn
- * will be mapped into.
- *
+ * 
+ * If an request attribute or subject DN component does not exist, the attribute
+ * is skipped.There is potential risk that a wrong dn will be mapped into.
+ * 
  * @version $Revision$, $Date$
  */
 class MapRDNPattern {
 
-    /* the list of request attributes needed by this RDN  */
+    /* the list of request attributes needed by this RDN */
     protected String[] mReqAttrs = null;
 
-    /* the list of cert attributes needed by this RDN  */
+    /* the list of cert attributes needed by this RDN */
     protected String[] mCertAttrs = null;
 
     /* AVA patterns */
@@ -94,16 +95,17 @@ class MapRDNPattern {
 
     protected String mTestDN = null;
 
-    /** 
+    /**
      * Construct a DN pattern by parsing a pattern string.
+     * 
      * @param pattenr the DN pattern
-     * @exception ELdapException If parsing error occurs. 
+     * @exception ELdapException If parsing error occurs.
      */
     public MapRDNPattern(String pattern)
-        throws ELdapException {
+            throws ELdapException {
         if (pattern == null || pattern.equals("")) {
             CMS.debug(
-                "MapDNPattern: null pattern");			
+                    "MapDNPattern: null pattern");
         } else {
             mPatternString = pattern;
             PushbackReader in = new PushbackReader(new StringReader(pattern));
@@ -113,16 +115,16 @@ class MapRDNPattern {
     }
 
     /**
-     * Construct a DN pattern from a input stream of pattern 
+     * Construct a DN pattern from a input stream of pattern
      */
-    public MapRDNPattern(PushbackReader in) 
-        throws ELdapException {
+    public MapRDNPattern(PushbackReader in)
+            throws ELdapException {
         parse(in);
     }
 
     private void parse(PushbackReader in)
-        throws ELdapException {
-        //System.out.println("_________ begin rdn _________");
+            throws ELdapException {
+        // System.out.println("_________ begin rdn _________");
         Vector<MapAVAPattern> avaPatterns = new Vector<MapAVAPattern>();
         MapAVAPattern avaPattern = null;
         int lastChar;
@@ -130,23 +132,22 @@ class MapRDNPattern {
         do {
             avaPattern = new MapAVAPattern(in);
             avaPatterns.addElement(avaPattern);
-            //System.out.println("added AVAPattern"+
-            //" mType "+avaPattern.mType+
-            //" mAttr "+avaPattern.mAttr+
-            //" mValue "+avaPattern.mValue+
-            //" mElement "+avaPattern.mElement);
-            try { 
-                lastChar = in.read(); 
+            // System.out.println("added AVAPattern"+
+            // " mType "+avaPattern.mType+
+            // " mAttr "+avaPattern.mAttr+
+            // " mValue "+avaPattern.mValue+
+            // " mElement "+avaPattern.mElement);
+            try {
+                lastChar = in.read();
             } catch (IOException e) {
                 throw new ELdapException(
                         CMS.getUserMessage("CMS_LDAP_INTERNAL_ERROR", e.toString()));
             }
-        }
-        while (lastChar == '+');
+        } while (lastChar == '+');
 
         if (lastChar != -1) {
             try {
-                in.unread(lastChar);	// pushback last , 
+                in.unread(lastChar); // pushback last ,
             } catch (IOException e) {
                 throw new ELdapException(
                         CMS.getUserMessage("CMS_LDAP_INTERNAL_ERROR", e.toString()));
@@ -161,7 +162,7 @@ class MapRDNPattern {
         for (int i = 0; i < mAVAPatterns.length; i++) {
             String avaAttr = mAVAPatterns[i].getReqAttr();
 
-            if (avaAttr == null || avaAttr.length() == 0) 
+            if (avaAttr == null || avaAttr.length() == 0)
                 continue;
             reqAttrs.addElement(avaAttr);
         }
@@ -173,7 +174,7 @@ class MapRDNPattern {
         for (int i = 0; i < mAVAPatterns.length; i++) {
             String avaAttr = mAVAPatterns[i].getCertAttr();
 
-            if (avaAttr == null || avaAttr.length() == 0) 
+            if (avaAttr == null || avaAttr.length() == 0)
                 continue;
             certAttrs.addElement(avaAttr);
         }
@@ -183,16 +184,17 @@ class MapRDNPattern {
 
     /**
      * Form a Ldap v3 DN string from a request and a cert subject name.
+     * 
      * @param req the request for (un)publish
      * @param subject the subjectDN of the certificate
-     * @return Ldap v3 DN string to use for base ldap search. 
+     * @return Ldap v3 DN string to use for base ldap search.
      */
     public String formRDN(IRequest req, X500Name subject, CertificateExtensions ext)
-        throws ELdapException {
+            throws ELdapException {
         StringBuffer formedRDN = new StringBuffer();
 
         for (int i = 0; i < mAVAPatterns.length; i++) {
-            if (mTestDN != null) 
+            if (mTestDN != null)
                 mAVAPatterns[i].mTestDN = mTestDN;
             String ava = mAVAPatterns[i].formAVA(req, subject, ext);
 
@@ -202,7 +204,7 @@ class MapRDNPattern {
                 formedRDN.append(ava);
             }
         }
-        //System.out.println("formed RDN "+formedRDN.toString());
+        // System.out.println("formed RDN "+formedRDN.toString());
         return formedRDN.toString();
     }
 
diff --git a/pki/base/common/src/com/netscape/cms/publish/mappers/NoMap.java b/pki/base/common/src/com/netscape/cms/publish/mappers/NoMap.java
index b1d10902..db1747d4 100644
--- a/pki/base/common/src/com/netscape/cms/publish/mappers/NoMap.java
+++ b/pki/base/common/src/com/netscape/cms/publish/mappers/NoMap.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.publish.mappers;
 
-
 import java.util.Locale;
 import java.util.Vector;
 
@@ -30,10 +29,9 @@ import com.netscape.certsrv.ldap.ELdapException;
 import com.netscape.certsrv.publish.ILdapMapper;
 import com.netscape.certsrv.request.IRequest;
 
-
-/** 
+/**
  * No Map
- *
+ * 
  * @version $Revision$, $Date$
  */
 public class NoMap implements ILdapMapper, IExtendedPluginInfo {
@@ -56,32 +54,32 @@ public class NoMap implements ILdapMapper, IExtendedPluginInfo {
     }
 
     public IConfigStore getConfigStore() {
-         return mConfig;
+        return mConfig;
     }
 
-    /** 
+    /**
      * for initializing from config store.
      */
-    public void init(IConfigStore config) 
-        throws EBaseException {
+    public void init(IConfigStore config)
+            throws EBaseException {
         mConfig = config;
     }
 
     /**
-     * Maps a X500 subject name to LDAP entry.
-     * Uses DN pattern to form a DN for a LDAP base search.
+     * Maps a X500 subject name to LDAP entry. Uses DN pattern to form a DN for
+     * a LDAP base search.
      * 
-     * @param conn	the LDAP connection.
-     * @param obj   the object to map.
+     * @param conn the LDAP connection.
+     * @param obj the object to map.
      * @exception ELdapException if any LDAP exceptions occured.
-     */ 
+     */
     public String map(LDAPConnection conn, Object obj)
-        throws ELdapException {
+            throws ELdapException {
         return null;
     }
 
     public String map(LDAPConnection conn, IRequest req, Object obj)
-         throws ELdapException {
+            throws ELdapException {
         return null;
     }
 
diff --git a/pki/base/common/src/com/netscape/cms/publish/publishers/FileBasedPublisher.java b/pki/base/common/src/com/netscape/cms/publish/publishers/FileBasedPublisher.java
index f0154e44..ab5f2785 100644
--- a/pki/base/common/src/com/netscape/cms/publish/publishers/FileBasedPublisher.java
+++ b/pki/base/common/src/com/netscape/cms/publish/publishers/FileBasedPublisher.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.publish.publishers;
 
-
 import java.io.ByteArrayOutputStream;
 import java.io.File;
 import java.io.FileOutputStream;
@@ -47,10 +46,9 @@ import com.netscape.certsrv.ldap.ELdapException;
 import com.netscape.certsrv.logging.ILogger;
 import com.netscape.certsrv.publish.ILdapPublisher;
 
-/** 
- * This publisher writes certificate and CRL into
- * a directory.
- *
+/**
+ * This publisher writes certificate and CRL into a directory.
+ * 
  * @version $Revision$, $Date$
  */
 public class FileBasedPublisher implements ILdapPublisher, IExtendedPluginInfo {
@@ -74,10 +72,10 @@ public class FileBasedPublisher implements ILdapPublisher, IExtendedPluginInfo {
     protected String mLinkExt = null;
     protected int mZipLevel = 9;
 
-    public void setIssuingPointId(String crlIssuingPointId)
-    {
+    public void setIssuingPointId(String crlIssuingPointId) {
         mCrlIssuingPointId = crlIssuingPointId;
     }
+
     /**
      * Returns the implementation name.
      */
@@ -99,14 +97,14 @@ public class FileBasedPublisher implements ILdapPublisher, IExtendedPluginInfo {
                 PROP_DER + ";boolean;Store certificates or CRLs into *.der files.",
                 PROP_B64 + ";boolean;Store certificates or CRLs into *.b64 files.",
                 PROP_GMT + ";choice(LocalTime,GMT);Use local time or GMT to time stamp CRL file name with CRL's 'thisUpdate' field.",
-                PROP_LNK + ";boolean;Generate link to the latest binary CRL. It requires '"+PROP_DER+"' to be enabled.",
+                PROP_LNK + ";boolean;Generate link to the latest binary CRL. It requires '" + PROP_DER + "' to be enabled.",
                 PROP_EXT + ";string;Name extension used by link to the latest CRL. Default name extension is 'der'.",
                 PROP_ZIP + ";boolean;Generate compressed CRLs.",
                 PROP_LEV + ";choice(0,1,2,3,4,5,6,7,8,9);Set compression level from 0 to 9.",
                 IExtendedPluginInfo.HELP_TOKEN +
-                ";configuration-ldappublish-publisher-filepublisher",
+                        ";configuration-ldappublish-publisher-filepublisher",
                 IExtendedPluginInfo.HELP_TEXT +
-                ";Stores the certificates or CRLs into files. Certificate is named as cert-<serialno>.der or *.b64, and CRL is named as <IssuingPoint>-<thisUpdate-time>.der or *.b64."
+                        ";Stores the certificates or CRLs into files. Certificate is named as cert-<serialno>.der or *.b64, and CRL is named as <IssuingPoint>-<thisUpdate-time>.der or *.b64."
             };
 
         return params;
@@ -139,14 +137,14 @@ public class FileBasedPublisher implements ILdapPublisher, IExtendedPluginInfo {
         try {
             if (mTimeStamp == null || (!mTimeStamp.equals("GMT")))
                 mTimeStamp = "LocalTime";
-            v.addElement(PROP_DIR+"=" + dir);
-            v.addElement(PROP_DER+"=" + mConfig.getBoolean(PROP_DER,true));
-            v.addElement(PROP_B64+"=" + mConfig.getBoolean(PROP_B64,false));
-            v.addElement(PROP_GMT+"=" + mTimeStamp);
-            v.addElement(PROP_LNK+"=" + mConfig.getBoolean(PROP_LNK,false));
-            v.addElement(PROP_EXT+"=" + ext);
-            v.addElement(PROP_ZIP+"=" + mConfig.getBoolean(PROP_ZIP,false));
-            v.addElement(PROP_LEV+"=" + mZipLevel);
+            v.addElement(PROP_DIR + "=" + dir);
+            v.addElement(PROP_DER + "=" + mConfig.getBoolean(PROP_DER, true));
+            v.addElement(PROP_B64 + "=" + mConfig.getBoolean(PROP_B64, false));
+            v.addElement(PROP_GMT + "=" + mTimeStamp);
+            v.addElement(PROP_LNK + "=" + mConfig.getBoolean(PROP_LNK, false));
+            v.addElement(PROP_EXT + "=" + ext);
+            v.addElement(PROP_ZIP + "=" + mConfig.getBoolean(PROP_ZIP, false));
+            v.addElement(PROP_LEV + "=" + mZipLevel);
         } catch (Exception e) {
         }
         return v;
@@ -158,14 +156,14 @@ public class FileBasedPublisher implements ILdapPublisher, IExtendedPluginInfo {
     public Vector<String> getDefaultParams() {
         Vector<String> v = new Vector<String>();
 
-        v.addElement(PROP_DIR+"=");
-        v.addElement(PROP_DER+"=true");
-        v.addElement(PROP_B64+"=false");
-        v.addElement(PROP_GMT+"=LocalTime");
-        v.addElement(PROP_LNK+"=false");
-        v.addElement(PROP_EXT+"=");
-        v.addElement(PROP_ZIP+"=false");
-        v.addElement(PROP_LEV+"=9");
+        v.addElement(PROP_DIR + "=");
+        v.addElement(PROP_DER + "=true");
+        v.addElement(PROP_B64 + "=false");
+        v.addElement(PROP_GMT + "=LocalTime");
+        v.addElement(PROP_LNK + "=false");
+        v.addElement(PROP_EXT + "=");
+        v.addElement(PROP_ZIP + "=false");
+        v.addElement(PROP_LEV + "=9");
         return v;
     }
 
@@ -193,7 +191,7 @@ public class FileBasedPublisher implements ILdapPublisher, IExtendedPluginInfo {
         }
 
         // convert to forward slash
-        dir = dir.replace('\\', '/'); 
+        dir = dir.replace('\\', '/');
         config.putString(PROP_DIR, dir);
 
         File dirCheck = new File(dir);
@@ -209,7 +207,7 @@ public class FileBasedPublisher implements ILdapPublisher, IExtendedPluginInfo {
             } catch (Exception e) {
                 throw new RuntimeException("Invalid Instance Dir " + e);
             }
-            dirCheck = new File(mInstanceRoot + 
+            dirCheck = new File(mInstanceRoot +
                         File.separator + dir);
             if (dirCheck.isDirectory()) {
                 mDir = mInstanceRoot + File.separator + dir;
@@ -224,7 +222,7 @@ public class FileBasedPublisher implements ILdapPublisher, IExtendedPluginInfo {
     }
 
     private String[] getCrlNamePrefix(X509CRL crl, boolean useGMT) {
-        String[] namePrefix = {"crl", "crl"};
+        String[] namePrefix = { "crl", "crl" };
 
         if (mCrlIssuingPointId != null && mCrlIssuingPointId.length() != 0) {
             namePrefix[0] = mCrlIssuingPointId;
@@ -232,10 +230,11 @@ public class FileBasedPublisher implements ILdapPublisher, IExtendedPluginInfo {
         }
         java.text.SimpleDateFormat format = new java.text.SimpleDateFormat("yyyyMMdd-HHmmss");
         TimeZone tz = TimeZone.getTimeZone("GMT");
-        if (useGMT) format.setTimeZone(tz);
+        if (useGMT)
+            format.setTimeZone(tz);
         String timeStamp = format.format(crl.getThisUpdate()).toString();
         namePrefix[0] += "-" + timeStamp;
-        if (((netscape.security.x509.X509CRLImpl)crl).isDeltaCRL()) {
+        if (((netscape.security.x509.X509CRLImpl) crl).isDeltaCRL()) {
             namePrefix[0] += "-delta";
             namePrefix[1] += "-delta";
         }
@@ -243,23 +242,23 @@ public class FileBasedPublisher implements ILdapPublisher, IExtendedPluginInfo {
         return namePrefix;
     }
 
-    private void createLink(String linkName,  String fileName) {
+    private void createLink(String linkName, String fileName) {
         String cmd = "ln -s " + fileName + " " + linkName + ".new";
         if (com.netscape.cmsutil.util.Utils.exec(cmd)) {
             File oldLink = new File(linkName + ".old");
-            if (oldLink.exists()) {     // remove old link if exists
+            if (oldLink.exists()) { // remove old link if exists
                 oldLink.delete();
             }
             File link = new File(linkName);
-            if (link.exists()) {        // current link becomes an old link 
+            if (link.exists()) { // current link becomes an old link
                 link.renameTo(new File(linkName + ".old"));
             }
             File newLink = new File(linkName + ".new");
-            if (newLink.exists()) {     // new link becomes current link
+            if (newLink.exists()) { // new link becomes current link
                 newLink.renameTo(new File(linkName));
             }
             oldLink = new File(linkName + ".old");
-            if (oldLink.exists()) {     // remove a new old link
+            if (oldLink.exists()) { // remove a new old link
                 oldLink.delete();
             }
         } else {
@@ -270,38 +269,34 @@ public class FileBasedPublisher implements ILdapPublisher, IExtendedPluginInfo {
     /**
      * Publishs a object to the ldap directory.
      * 
-     * @param conn a Ldap connection 
-     *        (null if LDAP publishing is not enabled)
-     * @param dn dn of the ldap entry to publish cert
-     *        (null if LDAP publishing is not enabled)
-     * @param object object to publish
-     *        (java.security.cert.X509Certificate or,
-     *         java.security.cert.X509CRL)
+     * @param conn a Ldap connection (null if LDAP publishing is not enabled)
+     * @param dn dn of the ldap entry to publish cert (null if LDAP publishing
+     *            is not enabled)
+     * @param object object to publish (java.security.cert.X509Certificate or,
+     *            java.security.cert.X509CRL)
      */
     public void publish(LDAPConnection conn, String dn, Object object)
-        throws ELdapException {
+            throws ELdapException {
         CMS.debug("FileBasedPublisher: publish");
         try {
             if (object instanceof X509Certificate) {
                 X509Certificate cert = (X509Certificate) object;
                 BigInteger sno = cert.getSerialNumber();
                 String name = mDir +
-                    File.separator + "cert-" + 
-                    sno.toString();
-                if (mDerAttr)
-                {
+                        File.separator + "cert-" +
+                        sno.toString();
+                if (mDerAttr) {
                     String fileName = name + ".der";
                     FileOutputStream fos = new FileOutputStream(fileName);
                     fos.write(cert.getEncoded());
                     fos.close();
                 }
-                if (mB64Attr)
-                {
+                if (mB64Attr) {
                     String fileName = name + ".b64";
                     FileOutputStream fos = new FileOutputStream(fileName);
                     ByteArrayOutputStream output = new ByteArrayOutputStream();
                     Base64OutputStream b64 =
-                        new Base64OutputStream(new PrintStream(new FilterOutputStream(output)));
+                            new Base64OutputStream(new PrintStream(new FilterOutputStream(output)));
                     b64.write(cert.getEncoded());
                     b64.flush();
                     (new PrintStream(fos)).print(output.toString("8859_1"));
@@ -314,7 +309,7 @@ public class FileBasedPublisher implements ILdapPublisher, IExtendedPluginInfo {
                 String tempFile = baseName + ".temp";
                 FileOutputStream fos;
                 ZipOutputStream zos;
-                byte [] encodedArray = null;
+                byte[] encodedArray = null;
                 File destFile = null;
                 String destName = null;
                 File renameFile = null;
@@ -325,16 +320,16 @@ public class FileBasedPublisher implements ILdapPublisher, IExtendedPluginInfo {
                     fos.write(encodedArray);
                     fos.close();
                     if (mZipCRL) {
-                        zos = new ZipOutputStream(new FileOutputStream(baseName+".zip"));
+                        zos = new ZipOutputStream(new FileOutputStream(baseName + ".zip"));
                         zos.setLevel(mZipLevel);
-                        zos.putNextEntry(new ZipEntry(baseName+".der"));
+                        zos.putNextEntry(new ZipEntry(baseName + ".der"));
                         zos.write(encodedArray, 0, encodedArray.length);
                         zos.closeEntry();
                         zos.close();
                     }
                     destName = baseName + ".der";
                     destFile = new File(destName);
-                
+
                     if (destFile.exists())
                         destFile.delete();
                     renameFile = new File(tempFile);
@@ -348,58 +343,55 @@ public class FileBasedPublisher implements ILdapPublisher, IExtendedPluginInfo {
                             linkExt += "der";
                         }
                         String linkName = mDir + File.separator + namePrefix[1] + linkExt;
-                        createLink(linkName,  destName);
+                        createLink(linkName, destName);
                         if (mZipCRL) {
                             linkName = mDir + File.separator + namePrefix[1] + ".zip";
-                            createLink(linkName,  baseName+".zip");
+                            createLink(linkName, baseName + ".zip");
                         }
                     }
                 }
-                
+
                 // output base64 file
-                if(mB64Attr==true)
-                {
-                if (encodedArray ==null)
-                    encodedArray = crl.getEncoded();
-                   
-                ByteArrayOutputStream os = new ByteArrayOutputStream();
-
-                 fos = new FileOutputStream(tempFile);
-                fos.write(com.netscape.osutil.OSUtil.BtoA(encodedArray).getBytes());
-                fos.close();
-                destName = baseName + ".b64";
-                destFile = new File(destName);
-                
-                if(destFile.exists())
-                    destFile.delete();
-                renameFile = new File(tempFile);
-                renameFile.renameTo(destFile);
-                }          
+                if (mB64Attr == true) {
+                    if (encodedArray == null)
+                        encodedArray = crl.getEncoded();
+
+                    ByteArrayOutputStream os = new ByteArrayOutputStream();
+
+                    fos = new FileOutputStream(tempFile);
+                    fos.write(com.netscape.osutil.OSUtil.BtoA(encodedArray).getBytes());
+                    fos.close();
+                    destName = baseName + ".b64";
+                    destFile = new File(destName);
+
+                    if (destFile.exists())
+                        destFile.delete();
+                    renameFile = new File(tempFile);
+                    renameFile.renameTo(destFile);
+                }
             }
         } catch (IOException e) {
-            mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER, 
-                ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_FILE_PUBLISHER_ERROR", e.toString()));
+            mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER,
+                    ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_FILE_PUBLISHER_ERROR", e.toString()));
         } catch (CertificateEncodingException e) {
-            mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER, 
-                ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_FILE_PUBLISHER_ERROR", e.toString()));
+            mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER,
+                    ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_FILE_PUBLISHER_ERROR", e.toString()));
         } catch (CRLException e) {
-            mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER, 
-                ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_FILE_PUBLISHER_ERROR", e.toString()));
+            mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER,
+                    ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_FILE_PUBLISHER_ERROR", e.toString()));
         }
     }
 
     /**
      * Unpublishs a object to the ldap directory.
-     *
-     * @param conn the Ldap connection
-     *        (null if LDAP publishing is not enabled)
-     * @param dn dn of the ldap entry to unpublish cert
-     *        (null if LDAP publishing is not enabled)
-     * @param object object to unpublish 
-     *        (java.security.cert.X509Certificate)
+     * 
+     * @param conn the Ldap connection (null if LDAP publishing is not enabled)
+     * @param dn dn of the ldap entry to unpublish cert (null if LDAP publishing
+     *            is not enabled)
+     * @param object object to unpublish (java.security.cert.X509Certificate)
      */
     public void unpublish(LDAPConnection conn, String dn, Object object)
-        throws ELdapException {
+            throws ELdapException {
         CMS.debug("FileBasedPublisher: unpublish");
         String name = mDir + File.separator;
         String fileName;
@@ -425,13 +417,15 @@ public class FileBasedPublisher implements ILdapPublisher, IExtendedPluginInfo {
         f = new File(fileName);
         f.delete();
     }
-   /**
+
+    /**
      * returns the Der attribute where it'll be published.
      */
     public boolean getDerAttr() {
         return mDerAttr;
     }
-   /**
+
+    /**
      * returns the B64 attribute where it'll be published.
      */
     public boolean getB64Attr() {
diff --git a/pki/base/common/src/com/netscape/cms/publish/publishers/LdapCaCertPublisher.java b/pki/base/common/src/com/netscape/cms/publish/publishers/LdapCaCertPublisher.java
index 4727a690..746d9118 100644
--- a/pki/base/common/src/com/netscape/cms/publish/publishers/LdapCaCertPublisher.java
+++ b/pki/base/common/src/com/netscape/cms/publish/publishers/LdapCaCertPublisher.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.publish.publishers;
 
-
 import java.security.cert.CertificateEncodingException;
 import java.security.cert.X509Certificate;
 import java.util.Locale;
@@ -42,14 +41,13 @@ import com.netscape.certsrv.ldap.ELdapServerDownException;
 import com.netscape.certsrv.logging.ILogger;
 import com.netscape.certsrv.publish.ILdapPublisher;
 
-
-/** 
- * Interface for publishing a CA certificate to 
- *
+/**
+ * Interface for publishing a CA certificate to
+ * 
  * @version $Revision$, $Date$
  */
-public class LdapCaCertPublisher 
-    implements ILdapPublisher, IExtendedPluginInfo {
+public class LdapCaCertPublisher
+        implements ILdapPublisher, IExtendedPluginInfo {
     public static final String LDAP_CACERT_ATTR = "caCertificate;binary";
     public static final String LDAP_CA_OBJECTCLASS = "pkiCA";
     public static final String LDAP_ARL_ATTR = "authorityRevocationList;binary";
@@ -64,7 +62,6 @@ public class LdapCaCertPublisher
     private boolean mInited = false;
     protected IConfigStore mConfig = null;
     private String mcrlIssuingPointId;
-    
 
     /**
      * constructor constructs default values.
@@ -76,13 +73,13 @@ public class LdapCaCertPublisher
         String s[] = {
                 "caCertAttr;string;Name of Ldap attribute in which to store certificate",
                 "caObjectClass;string;The name of the objectclasses which should be " +
-                "added to this entry, if they do not already exist. This can be " +
-                "'certificationAuthority' (if using RFC 2256) or 'pkiCA' (if using RFC 4523)",
+                        "added to this entry, if they do not already exist. This can be " +
+                        "'certificationAuthority' (if using RFC 2256) or 'pkiCA' (if using RFC 4523)",
                 IExtendedPluginInfo.HELP_TOKEN +
-                ";configuration-ldappublish-publisher-cacertpublisher",
+                        ";configuration-ldappublish-publisher-cacertpublisher",
                 IExtendedPluginInfo.HELP_TEXT +
-                ";This plugin knows how to publish the CA cert to " +
-                "'certificateAuthority' and 'pkiCA' -type entries"
+                        ";This plugin knows how to publish the CA cert to " +
+                        "'certificateAuthority' and 'pkiCA' -type entries"
             };
 
         return s;
@@ -117,12 +114,12 @@ public class LdapCaCertPublisher
     }
 
     public void init(IConfigStore config)
-        throws EBaseException {
-        if (mInited) 
+            throws EBaseException {
+        if (mInited)
             return;
         mConfig = config;
         mCaCertAttr = mConfig.getString("caCertAttr", LDAP_CACERT_ATTR);
-        mCaObjectclass = mConfig.getString("caObjectClass", 
+        mCaObjectclass = mConfig.getString("caObjectClass",
                     LDAP_CA_OBJECTCLASS);
         mObjAdded = mConfig.getString("caObjectClassAdded", "");
         mObjDeleted = mConfig.getString("caObjectClassDeleted", "");
@@ -151,16 +148,16 @@ public class LdapCaCertPublisher
     }
 
     /**
-     * publish a CA certificate
-     * Adds the cert to the multi-valued certificate attribute as a
-     * DER encoded binary blob. Does not check if cert already exists.
-     * Converts the class to certificateAuthority.
+     * publish a CA certificate Adds the cert to the multi-valued certificate
+     * attribute as a DER encoded binary blob. Does not check if cert already
+     * exists. Converts the class to certificateAuthority.
+     * 
      * @param conn the LDAP connection
      * @param dn dn of the entry to publish the certificate
-     * @param certObj the certificate  object.
+     * @param certObj the certificate object.
      */
     public void publish(LDAPConnection conn, String dn, Object certObj)
-        throws ELdapException {
+            throws ELdapException {
         if (conn == null) {
             log(ILogger.LL_INFO, "LdapCaCertPublisher: no LDAP connection");
             return;
@@ -176,31 +173,30 @@ public class LdapCaCertPublisher
         // see if we should create local connection
         LDAPConnection altConn = null;
         try {
-          String host = mConfig.getString("host", null);
-          String port = mConfig.getString("port", null);
-          if (host != null && port != null) {
-            int portVal = Integer.parseInt(port);
-            int version = Integer.parseInt(mConfig.getString("version", "2"));
-            String cert_nick = mConfig.getString("clientCertNickname", null);
-            LDAPSSLSocketFactoryExt sslSocket = null;
-            if (cert_nick != null) {
-                sslSocket = CMS.getLdapJssSSLSocketFactory(cert_nick);
+            String host = mConfig.getString("host", null);
+            String port = mConfig.getString("port", null);
+            if (host != null && port != null) {
+                int portVal = Integer.parseInt(port);
+                int version = Integer.parseInt(mConfig.getString("version", "2"));
+                String cert_nick = mConfig.getString("clientCertNickname", null);
+                LDAPSSLSocketFactoryExt sslSocket = null;
+                if (cert_nick != null) {
+                    sslSocket = CMS.getLdapJssSSLSocketFactory(cert_nick);
+                }
+                String mgr_dn = mConfig.getString("bindDN", null);
+                String mgr_pwd = mConfig.getString("bindPWD", null);
+
+                altConn = CMS.getBoundConnection(host, portVal,
+                        version,
+                        sslSocket, mgr_dn, mgr_pwd);
+                conn = altConn;
             }
-            String mgr_dn = mConfig.getString("bindDN", null);
-            String mgr_pwd = mConfig.getString("bindPWD", null);
-
-            altConn = CMS.getBoundConnection(host, portVal,
-               version,
-               sslSocket, mgr_dn, mgr_pwd);
-            conn = altConn;
-          }
         } catch (LDAPException e) {
-          CMS.debug("Failed to create alt connection " + e);
+            CMS.debug("Failed to create alt connection " + e);
         } catch (EBaseException e) {
-          CMS.debug("Failed to create alt connection " + e);
+            CMS.debug("Failed to create alt connection " + e);
         }
 
-
         if (!(certObj instanceof X509Certificate))
             throw new IllegalArgumentException("Illegal arg to publish");
 
@@ -210,40 +206,40 @@ public class LdapCaCertPublisher
             byte[] certEnc = cert.getEncoded();
 
             /* search for attribute names to determine existence of attributes */
-            LDAPSearchResults res = 
-                conn.search(dn, LDAPv2.SCOPE_BASE, "(objectclass=*)", 
-                    new String[] { LDAP_CRL_ATTR, LDAP_ARL_ATTR }, true);
+            LDAPSearchResults res =
+                    conn.search(dn, LDAPv2.SCOPE_BASE, "(objectclass=*)",
+                            new String[] { LDAP_CRL_ATTR, LDAP_ARL_ATTR }, true);
             LDAPEntry entry = res.next();
             LDAPAttribute arls = entry.getAttribute(LDAP_ARL_ATTR);
             LDAPAttribute crls = entry.getAttribute(LDAP_CRL_ATTR);
 
             /* search for objectclass and caCert values */
-            LDAPSearchResults res1 = 
-                conn.search(dn, LDAPv2.SCOPE_BASE, "(objectclass=*)", 
-                    new String[] { "objectclass", mCaCertAttr }, false);
+            LDAPSearchResults res1 =
+                    conn.search(dn, LDAPv2.SCOPE_BASE, "(objectclass=*)",
+                            new String[] { "objectclass", mCaCertAttr }, false);
             LDAPEntry entry1 = res1.next();
             LDAPAttribute ocs = entry1.getAttribute("objectclass");
             LDAPAttribute certs = entry1.getAttribute(mCaCertAttr);
 
-            boolean hasCert = 
-                LdapUserCertPublisher.ByteValueExists(certs, certEnc);
+            boolean hasCert =
+                    LdapUserCertPublisher.ByteValueExists(certs, certEnc);
 
             LDAPModificationSet modSet = new LDAPModificationSet();
 
             if (hasCert) {
                 log(ILogger.LL_INFO, "publish: CA " + dn + " already has Cert");
-            }  else {
+            } else {
                 /*
-                 fix for 360458 - if no cert, use add, if has cert but
-                 not equal, use replace
+                 * fix for 360458 - if no cert, use add, if has cert but not
+                 * equal, use replace
                  */
                 if (certs == null) {
-                    modSet.add(LDAPModification.ADD, 
-                        new LDAPAttribute(mCaCertAttr, certEnc));
+                    modSet.add(LDAPModification.ADD,
+                            new LDAPAttribute(mCaCertAttr, certEnc));
                     log(ILogger.LL_INFO, "CA cert added");
                 } else {
-                    modSet.add(LDAPModification.REPLACE, 
-                        new LDAPAttribute(mCaCertAttr, certEnc));
+                    modSet.add(LDAPModification.REPLACE,
+                            new LDAPAttribute(mCaCertAttr, certEnc));
                     log(ILogger.LL_INFO, "CA cert replaced");
                 }
             }
@@ -251,22 +247,22 @@ public class LdapCaCertPublisher
             String[] oclist = mCaObjectclass.split(",");
 
             boolean attrsAdded = false;
-            for (int i=0; i < oclist.length; i++) {
+            for (int i = 0; i < oclist.length; i++) {
                 String oc = oclist[i].trim();
                 boolean hasoc = LdapUserCertPublisher.StringValueExists(ocs, oc);
                 if (!hasoc) {
                     log(ILogger.LL_INFO, "adding CA objectclass " + oc + " to " + dn);
                     modSet.add(LDAPModification.ADD,
-                        new LDAPAttribute("objectclass", oc));
+                            new LDAPAttribute("objectclass", oc));
 
                     if ((!attrsAdded) && oc.equalsIgnoreCase("certificationAuthority")) {
                         // add MUST attributes
-                        if (arls == null) 
+                        if (arls == null)
                             modSet.add(LDAPModification.ADD,
-                                new LDAPAttribute(LDAP_ARL_ATTR, ""));
+                                    new LDAPAttribute(LDAP_ARL_ATTR, ""));
                         if (crls == null)
                             modSet.add(LDAPModification.ADD,
-                                new LDAPAttribute(LDAP_CRL_ATTR, ""));
+                                    new LDAPAttribute(LDAP_CRL_ATTR, ""));
                         attrsAdded = true;
                     }
                 }
@@ -275,15 +271,15 @@ public class LdapCaCertPublisher
             // delete objectclasses that have been deleted from config
             String[] delList = mObjDeleted.split(",");
             if (delList.length > 0) {
-                for (int i=0; i< delList.length; i++) {
+                for (int i = 0; i < delList.length; i++) {
                     String deloc = delList[i].trim();
                     boolean hasoc = LdapUserCertPublisher.StringValueExists(ocs, deloc);
                     boolean match = false;
-                    for (int j=0; j< oclist.length; j++) {
+                    for (int j = 0; j < oclist.length; j++) {
                         if ((oclist[j].trim()).equals(deloc)) {
                             match = true;
                             break;
-                        } 
+                        }
                     }
                     if (!match && hasoc) {
                         log(ILogger.LL_INFO, "deleting CA objectclass " + deloc + " from " + dn);
@@ -294,7 +290,7 @@ public class LdapCaCertPublisher
             }
 
             // reset mObjAdded and mObjDeleted, if needed
-            if ((!mObjAdded.equals("")) || (!mObjDeleted.equals(""))) { 
+            if ((!mObjAdded.equals("")) || (!mObjDeleted.equals(""))) {
                 mObjAdded = "";
                 mObjDeleted = "";
                 mConfig.putString("caObjectClassAdded", "");
@@ -305,8 +301,9 @@ public class LdapCaCertPublisher
                     log(ILogger.LL_INFO, "Failure in updating mObjAdded and mObjDeleted");
                 }
             }
-                    
-            if (modSet.size() > 0) conn.modify(dn, modSet); 
+
+            if (modSet.size() > 0)
+                conn.modify(dn, modSet);
         } catch (CertificateEncodingException e) {
             log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_CANT_DECODE_CERT", dn));
             throw new ELdapException(CMS.getUserMessage("CMS_LDAP_GET_DER_ENCODED_CERT_FAILED", e.toString()));
@@ -315,32 +312,31 @@ public class LdapCaCertPublisher
                 // need to intercept this because message from LDAP is
                 // "DSA is unavailable" which confuses with DSA PKI.
                 log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("PUBLISH_NO_LDAP_SERVER"));
+                        CMS.getLogMessage("PUBLISH_NO_LDAP_SERVER"));
                 throw new ELdapServerDownException(CMS.getUserMessage("CMS_LDAP_SERVER_UNAVAILABLE", conn.getHost(), "" + conn.getPort()));
             } else {
                 log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_PUBLISHER_EXCEPTION", "", e.toString()));
                 throw new ELdapException(CMS.getUserMessage("CMS_LDAP_PUBLISH_CACERT_ERROR", e.toString()));
             }
         } finally {
-          if (altConn != null) {
-             try {
-                altConn.disconnect();
-             } catch (LDAPException e) {
-                // safely ignored
-             }
-          }
+            if (altConn != null) {
+                try {
+                    altConn.disconnect();
+                } catch (LDAPException e) {
+                    // safely ignored
+                }
+            }
         }
 
         return;
     }
 
     /**
-     * deletes the certificate from CA's certificate attribute.
-     * if it's the last cert will also remove the certificateAuthority
-     * objectclass.
+     * deletes the certificate from CA's certificate attribute. if it's the last
+     * cert will also remove the certificateAuthority objectclass.
      */
     public void unpublish(LDAPConnection conn, String dn, Object certObj)
-        throws ELdapException {
+            throws ELdapException {
         if (!(certObj instanceof X509Certificate))
             throw new IllegalArgumentException("Illegal arg to publish");
 
@@ -355,43 +351,43 @@ public class LdapCaCertPublisher
         try {
             byte[] certEnc = cert.getEncoded();
 
-            LDAPSearchResults res = 
-                conn.search(dn, LDAPv2.SCOPE_BASE, "(objectclass=*)", 
-                    new String[] { mCaCertAttr, "objectclass" }, false);
+            LDAPSearchResults res =
+                    conn.search(dn, LDAPv2.SCOPE_BASE, "(objectclass=*)",
+                            new String[] { mCaCertAttr, "objectclass" }, false);
 
             LDAPEntry entry = res.next();
             LDAPAttribute certs = entry.getAttribute(mCaCertAttr);
             LDAPAttribute ocs = entry.getAttribute("objectclass");
 
-            boolean hasCert = 
-                LdapUserCertPublisher.ByteValueExists(certs, certEnc);
+            boolean hasCert =
+                    LdapUserCertPublisher.ByteValueExists(certs, certEnc);
 
             if (!hasCert) {
                 log(ILogger.LL_INFO, "unpublish: " + dn + " has not cert already");
-                //throw new ELdapException(
-                //		  LdapResources.ALREADY_UNPUBLISHED_1, dn);
+                // throw new ELdapException(
+                // LdapResources.ALREADY_UNPUBLISHED_1, dn);
                 return;
             }
 
             LDAPModificationSet modSet = new LDAPModificationSet();
 
             modSet.add(LDAPModification.DELETE,
-                new LDAPAttribute(mCaCertAttr, certEnc));
+                    new LDAPAttribute(mCaCertAttr, certEnc));
             if (certs.size() == 1) {
                 // if last ca cert, remove oc also.
 
-                String[]  oclist = mCaObjectclass.split(",");
-                for (int i =0 ; i < oclist.length; i++) {
+                String[] oclist = mCaObjectclass.split(",");
+                for (int i = 0; i < oclist.length; i++) {
                     String oc = oclist[i].trim();
-                    boolean hasOC =  LdapUserCertPublisher.StringValueExists(ocs, oc);
+                    boolean hasOC = LdapUserCertPublisher.StringValueExists(ocs, oc);
                     if (hasOC) {
                         log(ILogger.LL_INFO, "unpublish: deleting CA oc" + oc + " from " + dn);
                         modSet.add(LDAPModification.DELETE,
-                            new LDAPAttribute("objectclass", oc));
+                                new LDAPAttribute("objectclass", oc));
                     }
-                } 
+                }
             }
-            conn.modify(dn, modSet); 
+            conn.modify(dn, modSet);
         } catch (CertificateEncodingException e) {
             CMS.debug("LdapCaCertPublisher: unpublish: Cannot decode cert for " + dn);
             throw new ELdapException(CMS.getUserMessage("CMS_LDAP_GET_DER_ENCODED_CERT_FAILED", e.toString()));
@@ -400,7 +396,7 @@ public class LdapCaCertPublisher
                 // need to intercept this because message from LDAP is
                 // "DSA is unavailable" which confuses with DSA PKI.
                 log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("PUBLISH_NO_LDAP_SERVER"));
+                        CMS.getLogMessage("PUBLISH_NO_LDAP_SERVER"));
                 throw new ELdapServerDownException(CMS.getUserMessage("CMS_LDAP_SERVER_UNAVAILABLE", conn.getHost(), "" + conn.getPort()));
             } else {
                 log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_UNPUBLISH_ERROR", e.toString()));
@@ -415,7 +411,7 @@ public class LdapCaCertPublisher
      */
     private void log(int level, String msg) {
         mLogger.log(ILogger.EV_SYSTEM, ILogger.S_LDAP, level,
-            "LdapCaPublisher: " + msg);
+                "LdapCaPublisher: " + msg);
     }
 
 }
diff --git a/pki/base/common/src/com/netscape/cms/publish/publishers/LdapCertSubjPublisher.java b/pki/base/common/src/com/netscape/cms/publish/publishers/LdapCertSubjPublisher.java
index 50cfd7c5..2abb9e0a 100644
--- a/pki/base/common/src/com/netscape/cms/publish/publishers/LdapCertSubjPublisher.java
+++ b/pki/base/common/src/com/netscape/cms/publish/publishers/LdapCertSubjPublisher.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.publish.publishers;
 
-
 import java.io.IOException;
 import java.security.cert.CertificateEncodingException;
 import java.security.cert.CertificateException;
@@ -44,12 +43,11 @@ import com.netscape.certsrv.ldap.ELdapServerDownException;
 import com.netscape.certsrv.logging.ILogger;
 import com.netscape.certsrv.publish.ILdapPublisher;
 
-
-/** 
- * Interface for mapping a X509 certificate to a LDAP entry 
- * Publishes a certificate as binary and its subject name.
- * there is one subject name value for each certificate. 
- *
+/**
+ * Interface for mapping a X509 certificate to a LDAP entry Publishes a
+ * certificate as binary and its subject name. there is one subject name value
+ * for each certificate.
+ * 
  * @version $Revision$, $Date$
  */
 public class LdapCertSubjPublisher implements ILdapPublisher {
@@ -97,20 +95,20 @@ public class LdapCertSubjPublisher implements ILdapPublisher {
     }
 
     public void init(IConfigStore config)
-        throws EBaseException {
+            throws EBaseException {
         if (mInited)
             return;
         mConfig = config;
-        mCertAttr = mConfig.getString("certAttr", 
+        mCertAttr = mConfig.getString("certAttr",
                     LdapUserCertPublisher.LDAP_USERCERT_ATTR);
-        mSubjNameAttr = mConfig.getString("certSubjectName", 
+        mSubjNameAttr = mConfig.getString("certSubjectName",
                     LDAP_CERTSUBJNAME_ATTR);
         mInited = true;
     }
 
     /**
-     * constrcutor using specified certificate attribute and 
-     * certificate subject name attribute.
+     * constrcutor using specified certificate attribute and certificate subject
+     * name attribute.
      */
     public LdapCertSubjPublisher(String certAttr, String subjNameAttr) {
         mCertAttr = certAttr;
@@ -134,19 +132,21 @@ public class LdapCertSubjPublisher implements ILdapPublisher {
     }
 
     /**
-     * publish a user certificate
-     * Adds the cert to the multi-valued certificate attribute as a
-     * DER encoded binary blob. Does not check if cert already exists.
-     * Then adds the subject name of the cert to the subject name attribute.
+     * publish a user certificate Adds the cert to the multi-valued certificate
+     * attribute as a DER encoded binary blob. Does not check if cert already
+     * exists. Then adds the subject name of the cert to the subject name
+     * attribute.
+     * 
      * @param conn the LDAP connection
      * @param dn dn of the entry to publish the certificate
-     * @param certObj the certificate  object.
-     * @exception ELdapException if cert or subject name already exists, 
-     * 				if cert encoding fails, if getting cert subject name fails.
-     *			Use ELdapException.getException() to find underlying exception.
+     * @param certObj the certificate object.
+     * @exception ELdapException if cert or subject name already exists, if cert
+     *                encoding fails, if getting cert subject name fails. Use
+     *                ELdapException.getException() to find underlying
+     *                exception.
      */
     public void publish(LDAPConnection conn, String dn, Object certObj)
-        throws ELdapException {
+            throws ELdapException {
         if (conn == null) {
             log(ILogger.LL_INFO, "LdapCertSubjPublisher: no LDAP connection");
             return;
@@ -162,9 +162,9 @@ public class LdapCertSubjPublisher implements ILdapPublisher {
             byte[] certEnc = cert.getEncoded();
             String subjName = ((X500Name) cert.getSubjectDN()).toLdapDNString();
 
-            LDAPSearchResults res = 
-                conn.search(dn, LDAPv2.SCOPE_BASE, "(objectclass=*)", 
-                    new String[] { mCertAttr, mSubjNameAttr }, false);
+            LDAPSearchResults res =
+                    conn.search(dn, LDAPv2.SCOPE_BASE, "(objectclass=*)",
+                            new String[] { mCertAttr, mSubjNameAttr }, false);
 
             LDAPEntry entry = res.next();
             LDAPAttribute certs = entry.getAttribute(mCertAttr);
@@ -177,14 +177,14 @@ public class LdapCertSubjPublisher implements ILdapPublisher {
 
             // check if has subject name already.
             if (subjnames != null) {
-                hasSubjname = 
+                hasSubjname =
                         LdapUserCertPublisher.StringValueExists(subjnames, subjName);
             }
 
             // if has both, done.
             if (hasCert && hasSubjname) {
-                log(ILogger.LL_INFO, 
-                    "publish: " + subjName + " already has cert & subject name");
+                log(ILogger.LL_INFO,
+                        "publish: " + subjName + " already has cert & subject name");
                 return;
             }
 
@@ -193,14 +193,14 @@ public class LdapCertSubjPublisher implements ILdapPublisher {
 
             if (!hasCert) {
                 log(ILogger.LL_INFO, "publish: adding cert to " + subjName);
-                modSet.add(LDAPModification.ADD, 
-                    new LDAPAttribute(mCertAttr, certEnc)); 
+                modSet.add(LDAPModification.ADD,
+                        new LDAPAttribute(mCertAttr, certEnc));
             }
             // add subject name if not already there.
             if (!hasSubjname) {
                 log(ILogger.LL_INFO, "publish: adding " + subjName + " to " + dn);
-                modSet.add(LDAPModification.ADD, 
-                    new LDAPAttribute(mSubjNameAttr, subjName)); 
+                modSet.add(LDAPModification.ADD,
+                        new LDAPAttribute(mSubjNameAttr, subjName));
             }
             conn.modify(dn, modSet);
         } catch (CertificateEncodingException e) {
@@ -211,7 +211,7 @@ public class LdapCertSubjPublisher implements ILdapPublisher {
                 // need to intercept this because message from LDAP is
                 // "DSA is unavailable" which confuses with DSA PKI.
                 log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("PUBLISH_NO_LDAP_SERVER"));
+                        CMS.getLogMessage("PUBLISH_NO_LDAP_SERVER"));
                 throw new ELdapServerDownException(CMS.getUserMessage("CMS_LDAP_SERVER_UNAVAILABLE", conn.getHost(), "" + conn.getPort()));
             } else {
                 log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_PUBLISHER_EXCEPTION", "", e.toString()));
@@ -224,13 +224,12 @@ public class LdapCertSubjPublisher implements ILdapPublisher {
     }
 
     /**
-     * deletes the certificate from the list of certificates.
-     * does not check if certificate is already there.
-     * also takes out the subject name if no other certificate remain
-     * with the same subject name.
+     * deletes the certificate from the list of certificates. does not check if
+     * certificate is already there. also takes out the subject name if no other
+     * certificate remain with the same subject name.
      */
     public void unpublish(LDAPConnection conn, String dn, Object certObj)
-        throws ELdapException {
+            throws ELdapException {
         if (!(certObj instanceof X509Certificate))
             throw new IllegalArgumentException("Illegal arg to publish");
 
@@ -242,9 +241,9 @@ public class LdapCertSubjPublisher implements ILdapPublisher {
 
             byte[] certEnc = cert.getEncoded();
 
-            LDAPSearchResults res = 
-                conn.search(dn, LDAPv2.SCOPE_BASE, "(objectclass=*)", 
-                    new String[] { mCertAttr, mSubjNameAttr }, false);
+            LDAPSearchResults res =
+                    conn.search(dn, LDAPv2.SCOPE_BASE, "(objectclass=*)",
+                            new String[] { mCertAttr, mSubjNameAttr }, false);
 
             LDAPEntry entry = res.next();
             LDAPAttribute certs = entry.getAttribute(mCertAttr);
@@ -266,8 +265,8 @@ public class LdapCertSubjPublisher implements ILdapPublisher {
                     try {
                         X509CertImpl certval = new X509CertImpl(val);
                         // XXX use some sort of X500name equals function here.
-                        String subjnam = 
-                            ((X500Name) certval.getSubjectDN()).toLdapDNString();
+                        String subjnam =
+                                ((X500Name) certval.getSubjectDN()).toLdapDNString();
 
                         if (subjnam.equalsIgnoreCase(subjName)) {
                             hasAnotherCert = true;
@@ -275,45 +274,45 @@ public class LdapCertSubjPublisher implements ILdapPublisher {
                     } catch (CertificateEncodingException e) {
                         // ignore this certificate.
                         CMS.debug(
-                            "LdapCertSubjPublisher: unpublish: an invalid cert in dn entry encountered");
+                                "LdapCertSubjPublisher: unpublish: an invalid cert in dn entry encountered");
                     } catch (CertificateException e) {
                         // ignore this certificate.
                         CMS.debug(
-                            "LdapCertSubjPublisher: unpublish: an invalid cert in dn entry encountered");
+                                "LdapCertSubjPublisher: unpublish: an invalid cert in dn entry encountered");
                     }
                 }
             }
 
             // check if doesn't have subject name already.
             if (subjnames != null) {
-                hasSubjname = 
+                hasSubjname =
                         LdapUserCertPublisher.StringValueExists(subjnames, subjName);
             }
 
             // if doesn't have both, done.
             if (!hasCert && !hasSubjname) {
-                log(ILogger.LL_INFO, 
-                    "unpublish: " + subjName + " already has not cert & subjname");
+                log(ILogger.LL_INFO,
+                        "unpublish: " + subjName + " already has not cert & subjname");
                 return;
             }
 
-            // delete cert if there. 
+            // delete cert if there.
             LDAPModificationSet modSet = new LDAPModificationSet();
 
             if (hasCert) {
-                log(ILogger.LL_INFO, 
-                    "unpublish: deleting cert " + subjName + " from " + dn);
+                log(ILogger.LL_INFO,
+                        "unpublish: deleting cert " + subjName + " from " + dn);
                 modSet.add(LDAPModification.DELETE,
-                    new LDAPAttribute(mCertAttr, certEnc));
+                        new LDAPAttribute(mCertAttr, certEnc));
             }
             // delete subject name if no other cert has the same name.
             if (hasSubjname && !hasAnotherCert) {
-                log(ILogger.LL_INFO, 
-                    "unpublish: deleting subject name " + subjName + " from " + dn);
+                log(ILogger.LL_INFO,
+                        "unpublish: deleting subject name " + subjName + " from " + dn);
                 modSet.add(LDAPModification.DELETE,
-                    new LDAPAttribute(mSubjNameAttr, subjName));
+                        new LDAPAttribute(mSubjNameAttr, subjName));
             }
-            conn.modify(dn, modSet); 
+            conn.modify(dn, modSet);
         } catch (CertificateEncodingException e) {
             log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_UNPUBLISH_ERROR", e.toString()));
             throw new ELdapException(CMS.getUserMessage("CMS_LDAP_GET_DER_ENCODED_CERT_FAILED", e.toString()));
@@ -325,7 +324,7 @@ public class LdapCertSubjPublisher implements ILdapPublisher {
                 // need to intercept this because message from LDAP is
                 // "DSA is unavailable" which confuses with DSA PKI.
                 log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("PUBLISH_NO_LDAP_SERVER"));
+                        CMS.getLogMessage("PUBLISH_NO_LDAP_SERVER"));
                 throw new ELdapServerDownException(CMS.getUserMessage("CMS_LDAP_SERVER_UNAVAILABLE", conn.getHost(), "" + conn.getPort()));
             } else {
                 log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_UNPUBLISH_ERROR", e.toString()));
@@ -337,7 +336,7 @@ public class LdapCertSubjPublisher implements ILdapPublisher {
 
     private void log(int level, String msg) {
         mLogger.log(ILogger.EV_SYSTEM, ILogger.S_LDAP, level,
-            "LdapCertSubjPublisher: " + msg);
+                "LdapCertSubjPublisher: " + msg);
     }
 
 }
diff --git a/pki/base/common/src/com/netscape/cms/publish/publishers/LdapCertificatePairPublisher.java b/pki/base/common/src/com/netscape/cms/publish/publishers/LdapCertificatePairPublisher.java
index e4a7e0b7..60c07570 100644
--- a/pki/base/common/src/com/netscape/cms/publish/publishers/LdapCertificatePairPublisher.java
+++ b/pki/base/common/src/com/netscape/cms/publish/publishers/LdapCertificatePairPublisher.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.publish.publishers;
 
-
 import java.util.Locale;
 import java.util.Vector;
 
@@ -39,15 +38,14 @@ import com.netscape.certsrv.ldap.ELdapServerDownException;
 import com.netscape.certsrv.logging.ILogger;
 import com.netscape.certsrv.publish.ILdapPublisher;
 
-
-/** 
- * module for publishing a cross certificate pair to ldap
- * crossCertificatePair attribute
- *
+/**
+ * module for publishing a cross certificate pair to ldap crossCertificatePair
+ * attribute
+ * 
  * @version $Revision$, $Date$
  */
-public class LdapCertificatePairPublisher 
-    implements ILdapPublisher, IExtendedPluginInfo {
+public class LdapCertificatePairPublisher
+        implements ILdapPublisher, IExtendedPluginInfo {
     public static final String LDAP_CROSS_CERT_PAIR_ATTR = "crossCertificatePair;binary";
     public static final String LDAP_CA_OBJECTCLASS = "pkiCA";
     public static final String LDAP_ARL_ATTR = "authorityRevocationList;binary";
@@ -73,13 +71,13 @@ public class LdapCertificatePairPublisher
         String s[] = {
                 "crossCertPairAttr;string;Name of Ldap attribute in which to store cross certificates",
                 "caObjectClass;string;The name of the objectclasses which should be " +
-                "added to this entry, if they do not already exist. This can be " +
-                "'certificationAuthority' (if using RFC 2256) or 'pkiCA' (if using RFC 4523)",
+                        "added to this entry, if they do not already exist. This can be " +
+                        "'certificationAuthority' (if using RFC 2256) or 'pkiCA' (if using RFC 4523)",
                 IExtendedPluginInfo.HELP_TOKEN +
-                ";configuration-ldappublish-publisher-crosscertpairpublisher",
+                        ";configuration-ldappublish-publisher-crosscertpairpublisher",
                 IExtendedPluginInfo.HELP_TEXT +
-                ";This plugin knows how to publish the CA cert to " +
-                "'certificateAuthority' and 'pkiCA' -type entries"
+                        ";This plugin knows how to publish the CA cert to " +
+                        "'certificateAuthority' and 'pkiCA' -type entries"
             };
 
         return s;
@@ -118,12 +116,12 @@ public class LdapCertificatePairPublisher
     }
 
     public void init(IConfigStore config)
-        throws EBaseException {
-        if (mInited) 
+            throws EBaseException {
+        if (mInited)
             return;
         mConfig = config;
         mCrossCertPairAttr = mConfig.getString("crossCertPairAttr", LDAP_CROSS_CERT_PAIR_ATTR);
-        mCaObjectclass = mConfig.getString("caObjectClass", 
+        mCaObjectclass = mConfig.getString("caObjectClass",
                     LDAP_CA_OBJECTCLASS);
         mObjAdded = mConfig.getString("caObjectClassAdded", "");
         mObjDeleted = mConfig.getString("caObjectClassDeleted", "");
@@ -153,27 +151,27 @@ public class LdapCertificatePairPublisher
     }
 
     /**
-     * publish a certificatePair
-     *    -should not be called from listeners.
+     * publish a certificatePair -should not be called from listeners.
+     * 
      * @param conn the LDAP connection
      * @param dn dn of the entry to publish the XcertificatePair
-     * @param pair the Xcertificate bytes  object.
+     * @param pair the Xcertificate bytes object.
      */
     public synchronized void publish(LDAPConnection conn, String dn, Object pair)
-        throws ELdapException {
+            throws ELdapException {
         publish(conn, dn, (byte[]) pair);
     }
 
     /**
-     * publish a certificatePair
-     *    -should not be called from listeners.
+     * publish a certificatePair -should not be called from listeners.
+     * 
      * @param conn the LDAP connection
      * @param dn dn of the entry to publish the XcertificatePair
      * @param pair the cross cert bytes
      */
     public synchronized void publish(LDAPConnection conn, String dn,
-        byte[] pair)
-        throws ELdapException {
+            byte[] pair)
+            throws ELdapException {
 
         if (conn == null) {
             log(ILogger.LL_INFO, "LdapCertificatePairPublisher: no LDAP connection");
@@ -189,17 +187,17 @@ public class LdapCertificatePairPublisher
         try {
             // search for attributes to determine if they exist
             LDAPSearchResults res =
-                conn.search(dn, LDAPv2.SCOPE_BASE, "(objectclass=*)",
-                    new String[] { LDAP_CACERT_ATTR, LDAP_CRL_ATTR, LDAP_ARL_ATTR }, true);
+                    conn.search(dn, LDAPv2.SCOPE_BASE, "(objectclass=*)",
+                            new String[] { LDAP_CACERT_ATTR, LDAP_CRL_ATTR, LDAP_ARL_ATTR }, true);
             LDAPEntry entry = res.next();
             LDAPAttribute certs = entry.getAttribute(LDAP_CACERT_ATTR);
             LDAPAttribute arls = entry.getAttribute(LDAP_ARL_ATTR);
             LDAPAttribute crls = entry.getAttribute(LDAP_CRL_ATTR);
 
             // search for objectclass and crosscertpair attributes and values
-            LDAPSearchResults res1 = 
-                conn.search(dn, LDAPv2.SCOPE_BASE, "(objectclass=*)", 
-                    new String[] { "objectclass", mCrossCertPairAttr }, false);
+            LDAPSearchResults res1 =
+                    conn.search(dn, LDAPv2.SCOPE_BASE, "(objectclass=*)",
+                            new String[] { "objectclass", mCrossCertPairAttr }, false);
             LDAPEntry entry1 = res1.next();
             LDAPAttribute ocs = entry1.getAttribute("objectclass");
             LDAPAttribute certPairs = entry1.getAttribute("crosscertificatepair;binary");
@@ -207,53 +205,53 @@ public class LdapCertificatePairPublisher
             LDAPModificationSet modSet = new LDAPModificationSet();
 
             boolean hasCert = LdapUserCertPublisher.ByteValueExists(certPairs, pair);
-            if (LdapUserCertPublisher.ByteValueExists(certPairs, pair)) { 
+            if (LdapUserCertPublisher.ByteValueExists(certPairs, pair)) {
                 CMS.debug("LdapCertificatePairPublisher: cross cert pair bytes exist in publishing directory, do not publish again.");
                 return;
             }
             if (hasCert) {
                 log(ILogger.LL_INFO, "publish: CA " + dn + " already has cross cert pair bytes");
             } else {
-                modSet.add(LDAPModification.ADD, 
-                    new LDAPAttribute(mCrossCertPairAttr, pair));
+                modSet.add(LDAPModification.ADD,
+                        new LDAPAttribute(mCrossCertPairAttr, pair));
                 log(ILogger.LL_INFO, "cross cert pair published with dn=" + dn);
             }
 
             String[] oclist = mCaObjectclass.split(",");
 
             boolean attrsAdded = false;
-            for (int i=0; i < oclist.length; i++) {
+            for (int i = 0; i < oclist.length; i++) {
                 String oc = oclist[i].trim();
                 boolean hasoc = LdapUserCertPublisher.StringValueExists(ocs, oc);
                 if (!hasoc) {
                     log(ILogger.LL_INFO, "adding CA objectclass " + oc + " to " + dn);
                     modSet.add(LDAPModification.ADD,
-                        new LDAPAttribute("objectclass", oc));
+                            new LDAPAttribute("objectclass", oc));
 
                     if ((!attrsAdded) && oc.equalsIgnoreCase("certificationAuthority")) {
                         // add MUST attributes
-                        if (arls == null) 
+                        if (arls == null)
                             modSet.add(LDAPModification.ADD,
-                                new LDAPAttribute(LDAP_ARL_ATTR, ""));
+                                    new LDAPAttribute(LDAP_ARL_ATTR, ""));
                         if (crls == null)
                             modSet.add(LDAPModification.ADD,
-                                new LDAPAttribute(LDAP_CRL_ATTR, ""));
+                                    new LDAPAttribute(LDAP_CRL_ATTR, ""));
                         if (certs == null)
-                            modSet.add(LDAPModification.ADD, 
-                                new LDAPAttribute(LDAP_CACERT_ATTR, ""));
+                            modSet.add(LDAPModification.ADD,
+                                    new LDAPAttribute(LDAP_CACERT_ATTR, ""));
                         attrsAdded = true;
                     }
                 }
-            } 
+            }
 
             // delete objectclasses that have been deleted from config
             String[] delList = mObjDeleted.split(",");
             if (delList.length > 0) {
-                for (int i=0; i< delList.length; i++) {
+                for (int i = 0; i < delList.length; i++) {
                     String deloc = delList[i].trim();
                     boolean hasoc = LdapUserCertPublisher.StringValueExists(ocs, deloc);
                     boolean match = false;
-                    for (int j=0; j< oclist.length; j++) {
+                    for (int j = 0; j < oclist.length; j++) {
                         if ((oclist[j].trim()).equals(deloc)) {
                             match = true;
                             break;
@@ -280,14 +278,15 @@ public class LdapCertificatePairPublisher
                 }
             }
 
-            if (modSet.size() > 0) conn.modify(dn, modSet); 
+            if (modSet.size() > 0)
+                conn.modify(dn, modSet);
             CMS.debug("LdapCertificatePairPublisher: in publish() just published");
         } catch (LDAPException e) {
             if (e.getLDAPResultCode() == LDAPException.UNAVAILABLE) {
                 // need to intercept this because message from LDAP is
                 // "DSA is unavailable" which confuses with DSA PKI.
                 log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("PUBLISH_NO_LDAP_SERVER"));
+                        CMS.getLogMessage("PUBLISH_NO_LDAP_SERVER"));
                 throw new ELdapServerDownException(CMS.getUserMessage("CMS_LDAP_SERVER_UNAVAILABLE", conn.getHost(), "" + conn.getPort()));
             } else {
                 log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_PUBLISHER_EXCEPTION", "", e.toString()));
@@ -301,7 +300,7 @@ public class LdapCertificatePairPublisher
      * unsupported
      */
     public void unpublish(LDAPConnection conn, String dn, Object certObj)
-        throws ELdapException {
+            throws ELdapException {
         CMS.debug("LdapCertificatePairPublisher: unpublish() is unsupported in this revision");
     }
 
@@ -310,7 +309,7 @@ public class LdapCertificatePairPublisher
      */
     private void log(int level, String msg) {
         mLogger.log(ILogger.EV_SYSTEM, ILogger.S_LDAP, level,
-            "LdapCertificatePairPublisher: " + msg);
+                "LdapCertificatePairPublisher: " + msg);
     }
 
 }
diff --git a/pki/base/common/src/com/netscape/cms/publish/publishers/LdapCrlPublisher.java b/pki/base/common/src/com/netscape/cms/publish/publishers/LdapCrlPublisher.java
index 22dc1294..a87791d3 100644
--- a/pki/base/common/src/com/netscape/cms/publish/publishers/LdapCrlPublisher.java
+++ b/pki/base/common/src/com/netscape/cms/publish/publishers/LdapCrlPublisher.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.publish.publishers;
 
-
 import java.security.cert.CRLException;
 import java.security.cert.X509CRL;
 import java.util.Locale;
@@ -42,10 +41,9 @@ import com.netscape.certsrv.ldap.ELdapServerDownException;
 import com.netscape.certsrv.logging.ILogger;
 import com.netscape.certsrv.publish.ILdapPublisher;
 
-
 /**
- * For publishing master or global CRL. 
- * Publishes (replaces) the CRL in the CA's LDAP entry.
+ * For publishing master or global CRL. Publishes (replaces) the CRL in the CA's
+ * LDAP entry.
  * 
  * @version $Revision$, $Date$
  */
@@ -82,14 +80,14 @@ public class LdapCrlPublisher implements ILdapPublisher, IExtendedPluginInfo {
         String[] params = {
                 "crlAttr;string;Name of Ldap attribute in which to store the CRL",
                 "crlObjectClass;string;The name of the objectclasses which should be " +
-                "added to this entry, if they do not already exist. This can be a comma-" +
-                "separated list such as 'certificationAuthority,certificationAuthority-V2' " +
-                "(if using RFC 2256) or 'pkiCA, deltaCRL' (if using RFC 4523)",
+                        "added to this entry, if they do not already exist. This can be a comma-" +
+                        "separated list such as 'certificationAuthority,certificationAuthority-V2' " +
+                        "(if using RFC 2256) or 'pkiCA, deltaCRL' (if using RFC 4523)",
                 IExtendedPluginInfo.HELP_TOKEN +
-                ";configuration-ldappublish-publisher-crlpublisher",
+                        ";configuration-ldappublish-publisher-crlpublisher",
                 IExtendedPluginInfo.HELP_TEXT +
-                ";This plugin knows how to publish CRL's to " +
-                "'certificateAuthority' and 'pkiCA' -type entries"
+                        ";This plugin knows how to publish CRL's to " +
+                        "'certificateAuthority' and 'pkiCA' -type entries"
             };
 
         return params;
@@ -115,14 +113,14 @@ public class LdapCrlPublisher implements ILdapPublisher, IExtendedPluginInfo {
         return mConfig;
     }
 
-    public void init(IConfigStore config) 
-        throws EBaseException {
+    public void init(IConfigStore config)
+            throws EBaseException {
         if (mInited)
             return;
         mConfig = config;
         mCrlAttr = mConfig.getString("crlAttr", LDAP_CRL_ATTR);
         mCrlObjectClass = mConfig.getString("crlObjectClass",
-            LDAP_CRL_OBJECTCLASS);
+                LDAP_CRL_OBJECTCLASS);
         mObjAdded = mConfig.getString("crlObjectClassAdded", "");
         mObjDeleted = mConfig.getString("crlObjectClassDeleted", "");
 
@@ -142,11 +140,11 @@ public class LdapCrlPublisher implements ILdapPublisher, IExtendedPluginInfo {
     }
 
     /**
-     * Replaces the CRL in the certificateRevocationList attribute.
-     * CRL's are published as a DER encoded blob.
+     * Replaces the CRL in the certificateRevocationList attribute. CRL's are
+     * published as a DER encoded blob.
      */
     public void publish(LDAPConnection conn, String dn, Object crlObj)
-        throws ELdapException {
+            throws ELdapException {
         if (conn == null) {
             log(ILogger.LL_INFO, "publish CRL: no LDAP connection");
             return;
@@ -162,28 +160,28 @@ public class LdapCrlPublisher implements ILdapPublisher, IExtendedPluginInfo {
         // see if we should create local connection
         LDAPConnection altConn = null;
         try {
-          String host = mConfig.getString("host", null);
-          String port = mConfig.getString("port", null);
-          if (host != null && port != null) {
-            int portVal = Integer.parseInt(port);
-            int version = Integer.parseInt(mConfig.getString("version", "2"));
-            String cert_nick = mConfig.getString("clientCertNickname", null);
-            LDAPSSLSocketFactoryExt sslSocket = null;
-            if (cert_nick != null) {
-                sslSocket = CMS.getLdapJssSSLSocketFactory(cert_nick);
+            String host = mConfig.getString("host", null);
+            String port = mConfig.getString("port", null);
+            if (host != null && port != null) {
+                int portVal = Integer.parseInt(port);
+                int version = Integer.parseInt(mConfig.getString("version", "2"));
+                String cert_nick = mConfig.getString("clientCertNickname", null);
+                LDAPSSLSocketFactoryExt sslSocket = null;
+                if (cert_nick != null) {
+                    sslSocket = CMS.getLdapJssSSLSocketFactory(cert_nick);
+                }
+                String mgr_dn = mConfig.getString("bindDN", null);
+                String mgr_pwd = mConfig.getString("bindPWD", null);
+
+                altConn = CMS.getBoundConnection(host, portVal,
+                        version,
+                        sslSocket, mgr_dn, mgr_pwd);
+                conn = altConn;
             }
-            String mgr_dn = mConfig.getString("bindDN", null);
-            String mgr_pwd = mConfig.getString("bindPWD", null);
-
-            altConn = CMS.getBoundConnection(host, portVal,
-               version,
-               sslSocket, mgr_dn, mgr_pwd);
-            conn = altConn;
-          }
         } catch (LDAPException e) {
-          CMS.debug("Failed to create alt connection " + e);
+            CMS.debug("Failed to create alt connection " + e);
         } catch (EBaseException e) {
-          CMS.debug("Failed to create alt connection " + e);
+            CMS.debug("Failed to create alt connection " + e);
         }
 
         try {
@@ -194,10 +192,10 @@ public class LdapCrlPublisher implements ILdapPublisher, IExtendedPluginInfo {
             LDAPSearchResults res = null;
             if (mCrlAttr.equals(LDAP_CRL_ATTR)) {
                 res = conn.search(dn, LDAPv2.SCOPE_BASE, "(objectclass=*)",
-                    new String[] { LDAP_CACERT_ATTR, LDAP_ARL_ATTR }, true);
+                        new String[] { LDAP_CACERT_ATTR, LDAP_ARL_ATTR }, true);
             } else {
                 res = conn.search(dn, LDAPv2.SCOPE_BASE, "(objectclass=*)",
-                    new String[] { LDAP_CRL_ATTR, LDAP_CACERT_ATTR, LDAP_ARL_ATTR }, true);
+                        new String[] { LDAP_CRL_ATTR, LDAP_CACERT_ATTR, LDAP_ARL_ATTR }, true);
             }
 
             LDAPEntry entry = res.next();
@@ -216,26 +214,26 @@ public class LdapCrlPublisher implements ILdapPublisher, IExtendedPluginInfo {
 
             String[] oclist = mCrlObjectClass.split(",");
             boolean attrsAdded = false;
-            for (int i=0; i < oclist.length; i++) {
+            for (int i = 0; i < oclist.length; i++) {
                 String oc = oclist[i].trim();
                 boolean hasoc = LdapUserCertPublisher.StringValueExists(ocs, oc);
                 if (!hasoc) {
                     log(ILogger.LL_INFO, "adding CRL objectclass " + oc + " to " + dn);
                     modSet.add(LDAPModification.ADD,
-                        new LDAPAttribute("objectclass", oc));
+                            new LDAPAttribute("objectclass", oc));
 
                     if ((!attrsAdded) && oc.equalsIgnoreCase("certificationAuthority")) {
                         // add MUST attributes
                         if (arls == null)
                             modSet.add(LDAPModification.ADD,
-                                new LDAPAttribute(LDAP_ARL_ATTR, ""));
+                                    new LDAPAttribute(LDAP_ARL_ATTR, ""));
                         if (certs == null)
                             modSet.add(LDAPModification.ADD,
-                                new LDAPAttribute(LDAP_CACERT_ATTR, ""));
+                                    new LDAPAttribute(LDAP_CACERT_ATTR, ""));
 
-                        if ((crls == null) && (!mCrlAttr.equals(LDAP_CRL_ATTR))) 
+                        if ((crls == null) && (!mCrlAttr.equals(LDAP_CRL_ATTR)))
                             modSet.add(LDAPModification.ADD,
-                                new LDAPAttribute(LDAP_CRL_ATTR, ""));
+                                    new LDAPAttribute(LDAP_CRL_ATTR, ""));
                         attrsAdded = true;
                     }
                 }
@@ -246,11 +244,11 @@ public class LdapCrlPublisher implements ILdapPublisher, IExtendedPluginInfo {
             // delete objectclasses that have been deleted from config
             String[] delList = mObjDeleted.split(",");
             if (delList.length > 0) {
-                for (int i=0; i< delList.length; i++) {
+                for (int i = 0; i < delList.length; i++) {
                     String deloc = delList[i].trim();
                     boolean hasoc = LdapUserCertPublisher.StringValueExists(ocs, deloc);
                     boolean match = false;
-                    for (int j=0; j< oclist.length; j++) {
+                    for (int j = 0; j < oclist.length; j++) {
                         if ((oclist[j].trim()).equals(deloc)) {
                             match = true;
                             break;
@@ -275,7 +273,7 @@ public class LdapCrlPublisher implements ILdapPublisher, IExtendedPluginInfo {
                 } catch (Exception e) {
                     log(ILogger.LL_INFO, "Failure in updating mObjAdded and mObjDeleted");
                 }
-            }  
+            }
 
             conn.modify(dn, modSet);
         } catch (CRLException e) {
@@ -286,31 +284,31 @@ public class LdapCrlPublisher implements ILdapPublisher, IExtendedPluginInfo {
                 // need to intercept this because message from LDAP is
                 // "DSA is unavailable" which confuses with DSA PKI.
                 log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("PUBLISH_NO_LDAP_SERVER"));
+                        CMS.getLogMessage("PUBLISH_NO_LDAP_SERVER"));
                 throw new ELdapServerDownException(CMS.getUserMessage("CMS_LDAP_SERVER_UNAVAILABLE", conn.getHost(), "" + conn.getPort()));
             } else {
                 log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_PUBLISH_ERROR", e.toString()));
                 throw new ELdapException(CMS.getUserMessage("CMS_LDAP_PUBLISH_CRL_ERROR", e.toString()));
             }
         } finally {
-          if (altConn != null) {
-             try {
-                altConn.disconnect();
-             } catch (LDAPException e) {
-                // safely ignored
-             }
-          }
+            if (altConn != null) {
+                try {
+                    altConn.disconnect();
+                } catch (LDAPException e) {
+                    // safely ignored
+                }
+            }
         }
 
     }
 
     /**
-     * There shouldn't be a need to call this. 
-     * CRLs are always replaced but this is implemented anyway in case 
-     * there is ever a reason to remove a global CRL.
+     * There shouldn't be a need to call this. CRLs are always replaced but this
+     * is implemented anyway in case there is ever a reason to remove a global
+     * CRL.
      */
     public void unpublish(LDAPConnection conn, String dn, Object crlObj)
-        throws ELdapException {
+            throws ELdapException {
         try {
             byte[] crlEnc = ((X509CRL) crlObj).getEncoded();
 
@@ -320,7 +318,6 @@ public class LdapCrlPublisher implements ILdapPublisher, IExtendedPluginInfo {
             } catch (EBaseException e) {
             }
 
-
             LDAPSearchResults res = conn.search(dn, LDAPv2.SCOPE_BASE,
                     "(objectclass=*)", new String[] { mCrlAttr, "objectclass" }, false);
             LDAPEntry e = res.next();
@@ -330,21 +327,21 @@ public class LdapCrlPublisher implements ILdapPublisher, IExtendedPluginInfo {
             LDAPModificationSet modSet = new LDAPModificationSet();
 
             boolean hasOC = false;
-            boolean hasCRL = 
-                LdapUserCertPublisher.ByteValueExists(crls, crlEnc);
+            boolean hasCRL =
+                    LdapUserCertPublisher.ByteValueExists(crls, crlEnc);
 
             if (hasCRL) {
-                modSet.add(LDAPModification.DELETE, 
-                    new LDAPAttribute(mCrlAttr, crlEnc));
+                modSet.add(LDAPModification.DELETE,
+                        new LDAPAttribute(mCrlAttr, crlEnc));
             }
-          
+
             String[] oclist = mCrlObjectClass.split(",");
-            for (int i=0; i < oclist.length; i++) {
+            for (int i = 0; i < oclist.length; i++) {
                 String oc = oclist[i].trim();
                 if (LdapUserCertPublisher.StringValueExists(ocs, oc)) {
                     log(ILogger.LL_INFO, "unpublish: deleting CRL object class " + oc + " from " + dn);
-                    modSet.add(LDAPModification.DELETE, 
-                        new LDAPAttribute("objectClass", oc));
+                    modSet.add(LDAPModification.DELETE,
+                            new LDAPAttribute("objectClass", oc));
                     hasOC = true;
                 }
             }
@@ -353,7 +350,7 @@ public class LdapCrlPublisher implements ILdapPublisher, IExtendedPluginInfo {
                 conn.modify(dn, modSet);
             } else {
                 log(ILogger.LL_INFO,
-                    "unpublish: " + dn + " already has not CRL");
+                        "unpublish: " + dn + " already has not CRL");
             }
         } catch (CRLException e) {
             log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_UNPUBLISH_ERROR", e.toString()));
@@ -363,7 +360,7 @@ public class LdapCrlPublisher implements ILdapPublisher, IExtendedPluginInfo {
                 // need to intercept this because message from LDAP is
                 // "DSA is unavailable" which confuses with DSA PKI.
                 log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("PUBLISH_NO_LDAP_SERVER"));
+                        CMS.getLogMessage("PUBLISH_NO_LDAP_SERVER"));
                 throw new ELdapServerDownException(CMS.getUserMessage("CMS_LDAP_SERVER_UNAVAILABLE", conn.getHost(), "" + conn.getPort()));
             } else {
                 log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_UNPUBLISH_ERROR", e.toString()));
@@ -375,6 +372,6 @@ public class LdapCrlPublisher implements ILdapPublisher, IExtendedPluginInfo {
 
     private void log(int level, String msg) {
         mLogger.log(ILogger.EV_SYSTEM, ILogger.S_LDAP, level,
-            "LdapCrlPublisher: " + msg);
+                "LdapCrlPublisher: " + msg);
     }
 }
diff --git a/pki/base/common/src/com/netscape/cms/publish/publishers/LdapEncryptCertPublisher.java b/pki/base/common/src/com/netscape/cms/publish/publishers/LdapEncryptCertPublisher.java
index f4dcbb3c..d9e60df4 100644
--- a/pki/base/common/src/com/netscape/cms/publish/publishers/LdapEncryptCertPublisher.java
+++ b/pki/base/common/src/com/netscape/cms/publish/publishers/LdapEncryptCertPublisher.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.publish.publishers;
 
-
 import java.io.IOException;
 import java.math.BigInteger;
 import java.security.cert.CertificateEncodingException;
@@ -51,10 +50,9 @@ import com.netscape.certsrv.ldap.ELdapServerDownException;
 import com.netscape.certsrv.logging.ILogger;
 import com.netscape.certsrv.publish.ILdapPublisher;
 
-
-/** 
- * Interface for mapping a X509 certificate to a LDAP entry 
- *
+/**
+ * Interface for mapping a X509 certificate to a LDAP entry
+ * 
  * @version $Revision$, $Date$
  */
 public class LdapEncryptCertPublisher implements ILdapPublisher, IExtendedPluginInfo {
@@ -82,9 +80,9 @@ public class LdapEncryptCertPublisher implements ILdapPublisher, IExtendedPlugin
         String[] params = {
                 "certAttr;string;LDAP attribute in which to store the certificate",
                 IExtendedPluginInfo.HELP_TOKEN +
-                ";configuration-ldappublish-publisher-usercertpublisher",
+                        ";configuration-ldappublish-publisher-usercertpublisher",
                 IExtendedPluginInfo.HELP_TEXT +
-                ";This plugin knows how to publish user certificates"
+                        ";This plugin knows how to publish user certificates"
             };
 
         return params;
@@ -110,7 +108,7 @@ public class LdapEncryptCertPublisher implements ILdapPublisher, IExtendedPlugin
     }
 
     public void init(IConfigStore config)
-        throws EBaseException {
+            throws EBaseException {
         if (mInited)
             return;
         mConfig = config;
@@ -124,16 +122,16 @@ public class LdapEncryptCertPublisher implements ILdapPublisher, IExtendedPlugin
     }
 
     /**
-     * publish a user certificate
-     * Adds the cert to the multi-valued certificate attribute as a
-     * DER encoded binary blob. Does not check if cert already exists.
+     * publish a user certificate Adds the cert to the multi-valued certificate
+     * attribute as a DER encoded binary blob. Does not check if cert already
+     * exists.
      * 
      * @param conn the LDAP connection
      * @param dn dn of the entry to publish the certificate
-     * @param certObj the certificate  object.
+     * @param certObj the certificate object.
      */
     public void publish(LDAPConnection conn, String dn, Object certObj)
-        throws ELdapException {
+            throws ELdapException {
         if (conn == null)
             return;
 
@@ -147,7 +145,7 @@ public class LdapEncryptCertPublisher implements ILdapPublisher, IExtendedPlugin
             byte[] certEnc = cert.getEncoded();
 
             // check if cert already exists.
-            LDAPSearchResults res = conn.search(dn, LDAPv2.SCOPE_BASE, 
+            LDAPSearchResults res = conn.search(dn, LDAPv2.SCOPE_BASE,
                     "(objectclass=*)", new String[] { mCertAttr }, false);
             LDAPEntry entry = res.next();
             LDAPAttribute attr = getModificationAttribute(entry.getAttribute(mCertAttr), certEnc);
@@ -157,10 +155,10 @@ public class LdapEncryptCertPublisher implements ILdapPublisher, IExtendedPlugin
                 return;
             }
 
-            // publish 
+            // publish
             LDAPModification mod = new LDAPModification(LDAPModification.REPLACE, attr);
 
-            conn.modify(dn, mod); 
+            conn.modify(dn, mod);
         } catch (CertificateEncodingException e) {
             CMS.debug("LdapEncryptCertPublisher: error in publish: " + e.toString());
             throw new ELdapException(CMS.getUserMessage("CMS_LDAP_GET_DER_ENCODED_CERT_FAILED", e.toString()));
@@ -169,7 +167,7 @@ public class LdapEncryptCertPublisher implements ILdapPublisher, IExtendedPlugin
                 // need to intercept this because message from LDAP is
                 // "DSA is unavailable" which confuses with DSA PKI.
                 log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("PUBLISH_NO_LDAP_SERVER"));
+                        CMS.getLogMessage("PUBLISH_NO_LDAP_SERVER"));
                 throw new ELdapServerDownException(CMS.getUserMessage("CMS_LDAP_SERVER_UNAVAILABLE", conn.getHost(), "" + conn.getPort()));
             } else {
                 log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_PUBLISH_ERROR", e.toString()));
@@ -180,12 +178,11 @@ public class LdapEncryptCertPublisher implements ILdapPublisher, IExtendedPlugin
     }
 
     /**
-     * unpublish a user certificate 
-     * deletes the certificate from the list of certificates.
-     * does not check if certificate is already there.
+     * unpublish a user certificate deletes the certificate from the list of
+     * certificates. does not check if certificate is already there.
      */
     public void unpublish(LDAPConnection conn, String dn, Object certObj)
-        throws ELdapException {
+            throws ELdapException {
         if (!(certObj instanceof X509Certificate))
             throw new IllegalArgumentException("Illegal arg to publish");
 
@@ -195,7 +192,7 @@ public class LdapEncryptCertPublisher implements ILdapPublisher, IExtendedPlugin
             byte[] certEnc = cert.getEncoded();
 
             // check if cert already deleted.
-            LDAPSearchResults res = conn.search(dn, LDAPv2.SCOPE_BASE, 
+            LDAPSearchResults res = conn.search(dn, LDAPv2.SCOPE_BASE,
                     "(objectclass=*)", new String[] { mCertAttr }, false);
             LDAPEntry entry = res.next();
 
@@ -207,7 +204,7 @@ public class LdapEncryptCertPublisher implements ILdapPublisher, IExtendedPlugin
             LDAPModification mod = new LDAPModification(LDAPModification.DELETE,
                     new LDAPAttribute(mCertAttr, certEnc));
 
-            conn.modify(dn, mod); 
+            conn.modify(dn, mod);
         } catch (CertificateEncodingException e) {
             log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_UNPUBLISH_ERROR", e.toString()));
             throw new ELdapException(CMS.getUserMessage("CMS_LDAP_GET_DER_ENCODED_CERT_FAILED", e.toString()));
@@ -216,7 +213,7 @@ public class LdapEncryptCertPublisher implements ILdapPublisher, IExtendedPlugin
                 // need to intercept this because message from LDAP is
                 // "DSA is unavailable" which confuses with DSA PKI.
                 log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("PUBLISH_NO_LDAP_SERVER"));
+                        CMS.getLogMessage("PUBLISH_NO_LDAP_SERVER"));
                 throw new ELdapServerDownException(CMS.getUserMessage("CMS_LDAP_SERVER_UNAVAILABLE", conn.getHost(), "" + conn.getPort()));
             } else {
                 log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_UNPUBLISH_ERROR", e.toString()));
@@ -228,11 +225,11 @@ public class LdapEncryptCertPublisher implements ILdapPublisher, IExtendedPlugin
 
     private void log(int level, String msg) {
         mLogger.log(ILogger.EV_SYSTEM, ILogger.S_LDAP, level,
-            "LdapUserCertPublisher: " + msg);
+                "LdapUserCertPublisher: " + msg);
     }
 
     public LDAPAttribute getModificationAttribute(
-        LDAPAttribute attr, byte[] bval) {
+            LDAPAttribute attr, byte[] bval) {
 
         LDAPAttribute at = new LDAPAttribute(attr.getName(), bval);
         // determine if the given cert is a signing or an encryption
@@ -248,7 +245,7 @@ public class LdapEncryptCertPublisher implements ILdapPublisher, IExtendedPlugin
         }
 
         @SuppressWarnings("unchecked")
-		Enumeration<byte[]> vals = attr.getByteValues();
+        Enumeration<byte[]> vals = attr.getByteValues();
         byte[] val = null;
 
         while (vals.hasMoreElements()) {
@@ -258,12 +255,12 @@ public class LdapEncryptCertPublisher implements ILdapPublisher, IExtendedPlugin
 
                 log(ILogger.LL_INFO, "Checking " + cert);
                 if (CMS.isEncryptionCert(thisCert) &&
-                    CMS.isEncryptionCert(cert)) {
+                        CMS.isEncryptionCert(cert)) {
                     // skip
                     log(ILogger.LL_INFO, "SKIP ENCRYPTION " + cert);
                     revokeCert(cert);
                 } else if (CMS.isSigningCert(thisCert) &&
-                    CMS.isSigningCert(cert)) {
+                        CMS.isSigningCert(cert)) {
                     // skip
                     log(ILogger.LL_INFO, "SKIP SIGNING " + cert);
                     revokeCert(cert);
@@ -278,8 +275,8 @@ public class LdapEncryptCertPublisher implements ILdapPublisher, IExtendedPlugin
     }
 
     private RevokedCertImpl formCRLEntry(
-        BigInteger serialNo, RevocationReason reason)
-        throws EBaseException {
+            BigInteger serialNo, RevocationReason reason)
+            throws EBaseException {
         CRLReasonExtension reasonExt = new CRLReasonExtension(reason);
         CRLExtensions crlentryexts = new CRLExtensions();
 
@@ -291,13 +288,13 @@ public class LdapEncryptCertPublisher implements ILdapPublisher, IExtendedPlugin
             throw new ELdapException(CMS.getUserMessage("CMS_LDAP_INTERNAL_ERROR", e.toString()));
         }
         RevokedCertImpl crlentry =
-            new RevokedCertImpl(serialNo, new Date(), crlentryexts);
+                new RevokedCertImpl(serialNo, new Date(), crlentryexts);
 
         return crlentry;
     }
 
     private void revokeCert(X509CertImpl cert)
-        throws EBaseException { 
+            throws EBaseException {
         try {
             if (mConfig.getBoolean(PROP_REVOKE_CERT, true) == false) {
                 return;
@@ -308,7 +305,7 @@ public class LdapEncryptCertPublisher implements ILdapPublisher, IExtendedPlugin
         BigInteger serialNum = cert.getSerialNumber();
         // need to revoke certificate also
         ICertificateAuthority ca = (ICertificateAuthority)
-            CMS.getSubsystem("ca");
+                CMS.getSubsystem("ca");
         ICAService service = (ICAService) ca.getCAService();
         RevokedCertImpl crlEntry = formCRLEntry(
                 serialNum, RevocationReason.KEY_COMPROMISE);
@@ -324,7 +321,7 @@ public class LdapEncryptCertPublisher implements ILdapPublisher, IExtendedPlugin
             return false;
         }
         @SuppressWarnings("unchecked")
-		Enumeration<byte[]> vals = attr.getByteValues();
+        Enumeration<byte[]> vals = attr.getByteValues();
         byte[] val = null;
 
         while (vals.hasMoreElements()) {
@@ -344,7 +341,7 @@ public class LdapEncryptCertPublisher implements ILdapPublisher, IExtendedPlugin
             return false;
         }
         @SuppressWarnings("unchecked")
-		Enumeration<String> vals = attr.getStringValues();
+        Enumeration<String> vals = attr.getStringValues();
         String val = null;
 
         while (vals.hasMoreElements()) {
@@ -357,4 +354,3 @@ public class LdapEncryptCertPublisher implements ILdapPublisher, IExtendedPlugin
     }
 
 }
-
diff --git a/pki/base/common/src/com/netscape/cms/publish/publishers/LdapUserCertPublisher.java b/pki/base/common/src/com/netscape/cms/publish/publishers/LdapUserCertPublisher.java
index f612d005..f904c102 100644
--- a/pki/base/common/src/com/netscape/cms/publish/publishers/LdapUserCertPublisher.java
+++ b/pki/base/common/src/com/netscape/cms/publish/publishers/LdapUserCertPublisher.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.publish.publishers;
 
-
 import java.security.cert.CertificateEncodingException;
 import java.security.cert.X509Certificate;
 import java.util.Enumeration;
@@ -43,10 +42,9 @@ import com.netscape.certsrv.logging.AuditFormat;
 import com.netscape.certsrv.logging.ILogger;
 import com.netscape.certsrv.publish.ILdapPublisher;
 
-
-/** 
- * Interface for mapping a X509 certificate to a LDAP entry 
- *
+/**
+ * Interface for mapping a X509 certificate to a LDAP entry
+ * 
  * @version $Revision$, $Date$
  */
 public class LdapUserCertPublisher implements ILdapPublisher, IExtendedPluginInfo {
@@ -72,9 +70,9 @@ public class LdapUserCertPublisher implements ILdapPublisher, IExtendedPluginInf
         String[] params = {
                 "certAttr;string;LDAP attribute in which to store the certificate",
                 IExtendedPluginInfo.HELP_TOKEN +
-                ";configuration-ldappublish-publisher-usercertpublisher",
+                        ";configuration-ldappublish-publisher-usercertpublisher",
                 IExtendedPluginInfo.HELP_TEXT +
-                ";This plugin knows how to publish user certificates"
+                        ";This plugin knows how to publish user certificates"
             };
 
         return params;
@@ -100,7 +98,7 @@ public class LdapUserCertPublisher implements ILdapPublisher, IExtendedPluginInf
     }
 
     public void init(IConfigStore config)
-        throws EBaseException {
+            throws EBaseException {
         if (mInited)
             return;
         mConfig = config;
@@ -113,16 +111,16 @@ public class LdapUserCertPublisher implements ILdapPublisher, IExtendedPluginInf
     }
 
     /**
-     * publish a user certificate
-     * Adds the cert to the multi-valued certificate attribute as a
-     * DER encoded binary blob. Does not check if cert already exists.
+     * publish a user certificate Adds the cert to the multi-valued certificate
+     * attribute as a DER encoded binary blob. Does not check if cert already
+     * exists.
      * 
      * @param conn the LDAP connection
      * @param dn dn of the entry to publish the certificate
-     * @param certObj the certificate  object.
+     * @param certObj the certificate object.
      */
     public void publish(LDAPConnection conn, String dn, Object certObj)
-        throws ELdapException {
+            throws ELdapException {
         if (conn == null)
             return;
 
@@ -130,28 +128,28 @@ public class LdapUserCertPublisher implements ILdapPublisher, IExtendedPluginInf
         // see if we should create local connection
         LDAPConnection altConn = null;
         try {
-  	  String host = mConfig.getString("host", null);
-	  String port = mConfig.getString("port", null);
-          if (host != null && port != null) {
-            int portVal = Integer.parseInt(port);
-	    int version = Integer.parseInt(mConfig.getString("version", "2"));
-	    String cert_nick = mConfig.getString("clientCertNickname", null);
-            LDAPSSLSocketFactoryExt sslSocket = null;
-            if (cert_nick != null) {
-                sslSocket = CMS.getLdapJssSSLSocketFactory(cert_nick);
+            String host = mConfig.getString("host", null);
+            String port = mConfig.getString("port", null);
+            if (host != null && port != null) {
+                int portVal = Integer.parseInt(port);
+                int version = Integer.parseInt(mConfig.getString("version", "2"));
+                String cert_nick = mConfig.getString("clientCertNickname", null);
+                LDAPSSLSocketFactoryExt sslSocket = null;
+                if (cert_nick != null) {
+                    sslSocket = CMS.getLdapJssSSLSocketFactory(cert_nick);
+                }
+                String mgr_dn = mConfig.getString("bindDN", null);
+                String mgr_pwd = mConfig.getString("bindPWD", null);
+
+                altConn = CMS.getBoundConnection(host, portVal,
+                        version,
+                        sslSocket, mgr_dn, mgr_pwd);
+                conn = altConn;
             }
-	    String mgr_dn = mConfig.getString("bindDN", null);
-	    String mgr_pwd = mConfig.getString("bindPWD", null);
-
-            altConn = CMS.getBoundConnection(host, portVal,
-               version, 
-	       sslSocket, mgr_dn, mgr_pwd); 
-            conn = altConn;
-          }
         } catch (LDAPException e) {
-	  CMS.debug("Failed to create alt connection " + e);
+            CMS.debug("Failed to create alt connection " + e);
         } catch (EBaseException e) {
-	  CMS.debug("Failed to create alt connection " + e);
+            CMS.debug("Failed to create alt connection " + e);
         }
 
         if (!(certObj instanceof X509Certificate))
@@ -169,7 +167,7 @@ public class LdapUserCertPublisher implements ILdapPublisher, IExtendedPluginInf
             byte[] certEnc = cert.getEncoded();
 
             // check if cert already exists.
-            LDAPSearchResults res = conn.search(dn, LDAPv2.SCOPE_BASE, 
+            LDAPSearchResults res = conn.search(dn, LDAPv2.SCOPE_BASE,
                     "(objectclass=*)", new String[] { mCertAttr }, false);
             LDAPEntry entry = res.next();
 
@@ -178,26 +176,26 @@ public class LdapUserCertPublisher implements ILdapPublisher, IExtendedPluginInf
                 return;
             }
 
-            // publish 
+            // publish
             LDAPModification mod = null;
             if (deleteCert) {
-               mod = new LDAPModification(LDAPModification.REPLACE,
-                    new LDAPAttribute(mCertAttr, certEnc));
+                mod = new LDAPModification(LDAPModification.REPLACE,
+                        new LDAPAttribute(mCertAttr, certEnc));
             } else {
-               mod = new LDAPModification(LDAPModification.ADD,
-                    new LDAPAttribute(mCertAttr, certEnc));
+                mod = new LDAPModification(LDAPModification.ADD,
+                        new LDAPAttribute(mCertAttr, certEnc));
             }
 
-            conn.modify(dn, mod); 
+            conn.modify(dn, mod);
 
             // log a successful message to the "transactions" log
-            mLogger.log( ILogger.EV_AUDIT,
+            mLogger.log(ILogger.EV_AUDIT,
                          ILogger.S_LDAP,
                          ILogger.LL_INFO,
                          AuditFormat.LDAP_PUBLISHED_FORMAT,
                          new Object[] { "LdapUserCertPublisher",
                                         cert.getSerialNumber().toString(16),
-                                        cert.getSubjectDN() } );
+                                        cert.getSubjectDN() });
         } catch (CertificateEncodingException e) {
             CMS.debug("LdapUserCertPublisher: error in publish: " + e.toString());
             throw new ELdapException(CMS.getUserMessage("CMS_LDAP_GET_DER_ENCODED_CERT_FAILED", e.toString()));
@@ -206,31 +204,30 @@ public class LdapUserCertPublisher implements ILdapPublisher, IExtendedPluginInf
                 // need to intercept this because message from LDAP is
                 // "DSA is unavailable" which confuses with DSA PKI.
                 log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("PUBLISH_NO_LDAP_SERVER"));
+                        CMS.getLogMessage("PUBLISH_NO_LDAP_SERVER"));
                 throw new ELdapServerDownException(CMS.getUserMessage("CMS_LDAP_SERVER_UNAVAILABLE", conn.getHost(), "" + conn.getPort()));
             } else {
                 log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_PUBLISH_ERROR", e.toString()));
                 throw new ELdapException(CMS.getUserMessage("CMS_LDAP_PUBLISH_USERCERT_ERROR", e.toString()));
             }
         } finally {
-          if (altConn != null) {
-             try {
-		altConn.disconnect();
-             } catch (LDAPException e) {
-                // safely ignored
-             }
-          }
+            if (altConn != null) {
+                try {
+                    altConn.disconnect();
+                } catch (LDAPException e) {
+                    // safely ignored
+                }
+            }
         }
         return;
     }
 
     /**
-     * unpublish a user certificate 
-     * deletes the certificate from the list of certificates.
-     * does not check if certificate is already there.
+     * unpublish a user certificate deletes the certificate from the list of
+     * certificates. does not check if certificate is already there.
      */
     public void unpublish(LDAPConnection conn, String dn, Object certObj)
-        throws ELdapException {
+            throws ELdapException {
 
         boolean disableUnpublish = false;
         try {
@@ -239,8 +236,8 @@ public class LdapUserCertPublisher implements ILdapPublisher, IExtendedPluginInf
         }
 
         if (disableUnpublish) {
-           CMS.debug("UserCertPublisher: disable unpublish");
-           return;
+            CMS.debug("UserCertPublisher: disable unpublish");
+            return;
         }
 
         if (!(certObj instanceof X509Certificate))
@@ -252,7 +249,7 @@ public class LdapUserCertPublisher implements ILdapPublisher, IExtendedPluginInf
             byte[] certEnc = cert.getEncoded();
 
             // check if cert already deleted.
-            LDAPSearchResults res = conn.search(dn, LDAPv2.SCOPE_BASE, 
+            LDAPSearchResults res = conn.search(dn, LDAPv2.SCOPE_BASE,
                     "(objectclass=*)", new String[] { mCertAttr }, false);
             LDAPEntry entry = res.next();
 
@@ -264,7 +261,7 @@ public class LdapUserCertPublisher implements ILdapPublisher, IExtendedPluginInf
             LDAPModification mod = new LDAPModification(LDAPModification.DELETE,
                     new LDAPAttribute(mCertAttr, certEnc));
 
-            conn.modify(dn, mod); 
+            conn.modify(dn, mod);
         } catch (CertificateEncodingException e) {
             log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_UNPUBLISH_ERROR", e.toString()));
             throw new ELdapException(CMS.getUserMessage("CMS_LDAP_GET_DER_ENCODED_CERT_FAILED", e.toString()));
@@ -273,7 +270,7 @@ public class LdapUserCertPublisher implements ILdapPublisher, IExtendedPluginInf
                 // need to intercept this because message from LDAP is
                 // "DSA is unavailable" which confuses with DSA PKI.
                 log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("PUBLISH_NO_LDAP_SERVER"));
+                        CMS.getLogMessage("PUBLISH_NO_LDAP_SERVER"));
                 throw new ELdapServerDownException(CMS.getUserMessage("CMS_LDAP_SERVER_UNAVAILABLE", conn.getHost(), "" + conn.getPort()));
             } else {
                 log(ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_UNPUBLISH_ERROR"));
@@ -285,7 +282,7 @@ public class LdapUserCertPublisher implements ILdapPublisher, IExtendedPluginInf
 
     private void log(int level, String msg) {
         mLogger.log(ILogger.EV_SYSTEM, ILogger.S_LDAP, level,
-            "LdapUserCertPublisher: " + msg);
+                "LdapUserCertPublisher: " + msg);
     }
 
     /**
diff --git a/pki/base/common/src/com/netscape/cms/publish/publishers/OCSPPublisher.java b/pki/base/common/src/com/netscape/cms/publish/publishers/OCSPPublisher.java
index ad37a666..feca23ff 100644
--- a/pki/base/common/src/com/netscape/cms/publish/publishers/OCSPPublisher.java
+++ b/pki/base/common/src/com/netscape/cms/publish/publishers/OCSPPublisher.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.publish.publishers;
 
-
 import java.io.DataInputStream;
 import java.io.IOException;
 import java.io.OutputStream;
@@ -42,11 +41,9 @@ import com.netscape.certsrv.publish.ILdapPublisher;
 import com.netscape.cmsutil.http.HttpRequest;
 import com.netscape.cmsutil.http.JssSSLSocketFactory;
 
-
-/** 
- * This publisher writes certificate and CRL into
- * a directory.
- *
+/**
+ * This publisher writes certificate and CRL into a directory.
+ * 
  * @version $Revision$, $Date$
  */
 public class OCSPPublisher implements ILdapPublisher, IExtendedPluginInfo {
@@ -86,9 +83,9 @@ public class OCSPPublisher implements ILdapPublisher, IExtendedPluginInfo {
                 PROP_NICK + ";string;Nickname of cert used for client authentication",
                 PROP_CLIENT_AUTH_ENABLE + ";boolean;Client Authentication enabled",
                 IExtendedPluginInfo.HELP_TOKEN +
-                ";configuration-ldappublish-publisher-ocsppublisher",
+                        ";configuration-ldappublish-publisher-ocsppublisher",
                 IExtendedPluginInfo.HELP_TEXT +
-                ";Publishes CRLs to a Online Certificate Status Manager, an OCSP responder provided by CMS."
+                        ";Publishes CRLs to a Online Certificate Status Manager, an OCSP responder provided by CMS."
             };
 
         return params;
@@ -146,11 +143,10 @@ public class OCSPPublisher implements ILdapPublisher, IExtendedPluginInfo {
             nickname = config.getString("ca.subsystem.nickname", "");
             String tokenname = config.getString("ca.subsystem.tokenname", "");
             if (!tokenname.equals("internal") && !tokenname.equals("Internal Key Storage Token"))
-                nickname = tokenname+":"+nickname;
+                nickname = tokenname + ":" + nickname;
         } catch (Exception e) {
         }
 
-
         v.addElement(PROP_HOST + "=");
         v.addElement(PROP_PORT + "=");
         v.addElement(PROP_PATH + "=/ocsp/agent/ocsp/addCRL");
@@ -178,45 +174,42 @@ public class OCSPPublisher implements ILdapPublisher, IExtendedPluginInfo {
         return mConfig;
     }
 
-    protected Socket Connect(String host, boolean secure, JssSSLSocketFactory factory) 
-    {
-            Socket socket = null;
-               StringTokenizer st = new StringTokenizer(host, " ");
-               while (st.hasMoreTokens()) {
-                  String hp = st.nextToken(); // host:port
-                  StringTokenizer st1 = new StringTokenizer(hp, ":");
-                  String h = st1.nextToken();
-                  int p = Integer.parseInt(st1.nextToken());
-                  try {
-                     if (secure) {
-                        socket = factory.makeSocket(h, p);
-                     } else {
-                        socket = new Socket(h, p);
-                     }
-                     return socket;
-                  }  catch (Exception e) {
-                  }
-                  try {
-                     Thread.sleep(5000); // 5 seconds delay
-                  }  catch (Exception e) {
-                  }
-               }
-               return null;
+    protected Socket Connect(String host, boolean secure, JssSSLSocketFactory factory) {
+        Socket socket = null;
+        StringTokenizer st = new StringTokenizer(host, " ");
+        while (st.hasMoreTokens()) {
+            String hp = st.nextToken(); // host:port
+            StringTokenizer st1 = new StringTokenizer(hp, ":");
+            String h = st1.nextToken();
+            int p = Integer.parseInt(st1.nextToken());
+            try {
+                if (secure) {
+                    socket = factory.makeSocket(h, p);
+                } else {
+                    socket = new Socket(h, p);
+                }
+                return socket;
+            } catch (Exception e) {
+            }
+            try {
+                Thread.sleep(5000); // 5 seconds delay
+            } catch (Exception e) {
+            }
+        }
+        return null;
     }
 
     /**
      * Publishs a object to the ldap directory.
      * 
-     * @param conn a Ldap connection 
-     *        (null if LDAP publishing is not enabled)
-     * @param dn dn of the ldap entry to publish cert
-     *        (null if LDAP publishing is not enabled)
-     * @param object object to publish
-     *        (java.security.cert.X509Certificate or,
-     *         java.security.cert.X509CRL)
+     * @param conn a Ldap connection (null if LDAP publishing is not enabled)
+     * @param dn dn of the ldap entry to publish cert (null if LDAP publishing
+     *            is not enabled)
+     * @param object object to publish (java.security.cert.X509Certificate or,
+     *            java.security.cert.X509CRL)
      */
     public synchronized void publish(LDAPConnection conn, String dn, Object object)
-        throws ELdapException {
+            throws ELdapException {
         try {
             if (!(object instanceof X509CRL))
                 return;
@@ -226,18 +219,18 @@ public class OCSPPublisher implements ILdapPublisher, IExtendedPluginInfo {
 
             // open the connection and prepare it to POST
             boolean secure = true;
-	 
+
             String host = mHost;
             int port = Integer.parseInt(mPort);
             String path = mPath;
 
-            mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER, 
-                ILogger.LL_INFO, "OCSPPublisher: " + 
-                "Host='" + host + "' Port='" + port + 
-                "' URL='" + path + "'");
-            CMS.debug("OCSPPublisher: " + 
-                "Host='" + host + "' Port='" + port + 
-                "' URL='" + path + "'");
+            mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER,
+                    ILogger.LL_INFO, "OCSPPublisher: " +
+                            "Host='" + host + "' Port='" + port +
+                            "' URL='" + path + "'");
+            CMS.debug("OCSPPublisher: " +
+                    "Host='" + host + "' Port='" + port +
+                    "' URL='" + path + "'");
 
             StringBuffer query = new StringBuffer();
             query.append("crl=");
@@ -256,23 +249,23 @@ public class OCSPPublisher implements ILdapPublisher, IExtendedPluginInfo {
             }
 
             if (mHost != null && mHost.indexOf(' ') != -1) {
-               // support failover hosts configuration
-               // host parameter can be
-               // "directory.knowledge.com:1050 people.catalog.com 199.254.1.2"
-               do {
-                   socket = Connect(mHost, secure, factory);
-               } while (socket == null);
+                // support failover hosts configuration
+                // host parameter can be
+                // "directory.knowledge.com:1050 people.catalog.com 199.254.1.2"
+                do {
+                    socket = Connect(mHost, secure, factory);
+                } while (socket == null);
             } else {
-              if (secure) {
-                socket = factory.makeSocket(host, port);
-              } else {
-                socket = new Socket(host, port);
-              }
+                if (secure) {
+                    socket = factory.makeSocket(host, port);
+                } else {
+                    socket = new Socket(host, port);
+                }
             }
 
-            if( socket == null ) {
-                CMS.debug( "OCSPPublisher::publish() - socket is null!" );
-                throw new ELdapException( "socket is null" );
+            if (socket == null) {
+                CMS.debug("OCSPPublisher::publish() - socket is null!");
+                throw new ELdapException("socket is null");
             }
 
             // use HttpRequest and POST
@@ -283,17 +276,17 @@ public class OCSPPublisher implements ILdapPublisher, IExtendedPluginInfo {
             httpReq.setHeader("Connection", "Keep-Alive");
 
             httpReq.setHeader("Content-Type",
-                "application/x-www-form-urlencoded");
+                    "application/x-www-form-urlencoded");
             httpReq.setHeader("Content-Transfer-Encoding", "7bit");
 
-            httpReq.setHeader("Content-Length", 
-                Integer.toString(query.length()));
+            httpReq.setHeader("Content-Length",
+                    Integer.toString(query.length()));
             httpReq.setContent(query.toString());
             OutputStream os = socket.getOutputStream();
             OutputStreamWriter outputStreamWriter = new OutputStreamWriter(os, "UTF8");
 
-            mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER, 
-                ILogger.LL_INFO, "OCSPPublisher: start sending CRL");
+            mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER,
+                    ILogger.LL_INFO, "OCSPPublisher: start sending CRL");
             long startTime = CMS.getCurrentDate().getTime();
             CMS.debug("OCSPPublisher: start CRL sending startTime=" + startTime);
             httpReq.write(outputStreamWriter);
@@ -301,8 +294,8 @@ public class OCSPPublisher implements ILdapPublisher, IExtendedPluginInfo {
             CMS.debug("OCSPPublisher: done CRL sending endTime=" + endTime + " diff=" + (endTime - startTime));
 
             // Read the response
-            mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER, 
-                ILogger.LL_INFO, "OCSPPublisher: start getting response");
+            mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER,
+                    ILogger.LL_INFO, "OCSPPublisher: start getting response");
             DataInputStream dis = new DataInputStream(socket.getInputStream());
             String nextline;
             String line = "";
@@ -321,40 +314,38 @@ public class OCSPPublisher implements ILdapPublisher, IExtendedPluginInfo {
             }
             dis.close();
             if (status) {
-                mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER, 
-                    ILogger.LL_INFO, "OCSPPublisher: successful");
+                mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER,
+                        ILogger.LL_INFO, "OCSPPublisher: successful");
             } else {
-                mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER, 
-                    ILogger.LL_INFO, "OCSPPublisher: failed - " + error);
+                mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER,
+                        ILogger.LL_INFO, "OCSPPublisher: failed - " + error);
             }
-				
+
         } catch (IOException e) {
             CMS.debug("OCSPPublisher: publish failed " + e.toString());
-            mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER, 
-                ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_OCSP_PUBLISHER_ERROR", e.toString()));
+            mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER,
+                    ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_OCSP_PUBLISHER_ERROR", e.toString()));
         } catch (CRLException e) {
             CMS.debug("OCSPPublisher: publish failed " + e.toString());
-            mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER, 
-                ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_OCSP_PUBLISHER_ERROR", e.toString()));
+            mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER,
+                    ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_OCSP_PUBLISHER_ERROR", e.toString()));
         } catch (Exception e) {
             CMS.debug("OCSPPublisher: publish failed " + e.toString());
-            mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER, 
-                ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_OCSP_PUBLISHER_ERROR", e.toString()));
+            mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER,
+                    ILogger.LL_FAILURE, CMS.getLogMessage("PUBLISH_OCSP_PUBLISHER_ERROR", e.toString()));
         }
     }
 
     /**
      * Unpublishs a object to the ldap directory.
-     *
-     * @param conn the Ldap connection
-     *        (null if LDAP publishing is not enabled)
-     * @param dn dn of the ldap entry to unpublish cert
-     *        (null if LDAP publishing is not enabled)
-     * @param object object to unpublish 
-     *        (java.security.cert.X509Certificate)
+     * 
+     * @param conn the Ldap connection (null if LDAP publishing is not enabled)
+     * @param dn dn of the ldap entry to unpublish cert (null if LDAP publishing
+     *            is not enabled)
+     * @param object object to unpublish (java.security.cert.X509Certificate)
      */
     public void unpublish(LDAPConnection conn, String dn, Object object)
-        throws ELdapException {
+            throws ELdapException {
         // NOT USED
     }
 }
diff --git a/pki/base/common/src/com/netscape/cms/publish/publishers/Utils.java b/pki/base/common/src/com/netscape/cms/publish/publishers/Utils.java
index d5717aad..6232fa23 100644
--- a/pki/base/common/src/com/netscape/cms/publish/publishers/Utils.java
+++ b/pki/base/common/src/com/netscape/cms/publish/publishers/Utils.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.publish.publishers;
 
-
 import java.io.BufferedReader;
 import java.io.IOException;
 import java.io.InputStream;
@@ -29,10 +28,9 @@ import java.text.SimpleDateFormat;
 import java.util.Date;
 import java.util.Vector;
 
-
 /**
  * Publisher utility class.
- *
+ * 
  * @version $Revision$, $Date$
  */
 public class Utils {
@@ -58,8 +56,8 @@ public class Utils {
         }
     }
 
-    /// Sorts an array of Strings.
-    // Java currently has no general sort function.  Sorting Strings is
+    // / Sorts an array of Strings.
+    // Java currently has no general sort function. Sorting Strings is
     // common enough that it's worth making a special case.
     public static void sortStrings(String[] strings) {
         // Just does a bubblesort.
@@ -75,8 +73,8 @@ public class Utils {
         }
     }
 
-    /// Returns a date string formatted in Unix ls style - if it's within
-    // six months of now, Mmm dd hh:ss, else Mmm dd  yyyy.
+    // / Returns a date string formatted in Unix ls style - if it's within
+    // six months of now, Mmm dd hh:ss, else Mmm dd yyyy.
     public static String lsDateStr(Date date) {
         long dateTime = date.getTime();
 
@@ -104,9 +102,10 @@ public class Utils {
         }
         return true;
     }
-    
+
     /**
      * strips out double quotes around String parameter
+     * 
      * @param s the string potentially bracketed with double quotes
      * @return string stripped of surrounding double quotes
      */
@@ -123,9 +122,8 @@ public class Utils {
     }
 
     /**
-     * returns an array of strings from a vector of Strings
-     * there'll be trouble if the Vector contains something other
-     * than just Strings
+     * returns an array of strings from a vector of Strings there'll be trouble
+     * if the Vector contains something other than just Strings
      */
     public static String[] getStringArrayFromVector(Vector v) {
         String s[] = new String[v.size()];
diff --git a/pki/base/common/src/com/netscape/cms/request/RequestScheduler.java b/pki/base/common/src/com/netscape/cms/request/RequestScheduler.java
index b48af995..ad4672a6 100644
--- a/pki/base/common/src/com/netscape/cms/request/RequestScheduler.java
+++ b/pki/base/common/src/com/netscape/cms/request/RequestScheduler.java
@@ -17,18 +17,15 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.request;
 
-
 import java.util.Vector;
 
 import com.netscape.certsrv.request.IRequest;
 import com.netscape.certsrv.request.IRequestScheduler;
 
-
 /**
- * This class represents a request scheduler that prioritizes
- * the threads based on the request processing order.
- * The request that enters the request queue first should
- * be processed first.
+ * This class represents a request scheduler that prioritizes the threads based
+ * on the request processing order. The request that enters the request queue
+ * first should be processed first.
  * 
  * @version $Revision$, $Date$
  */
@@ -37,7 +34,7 @@ public class RequestScheduler implements IRequestScheduler {
 
     /**
      * Request entered the request queue processing.
-     *
+     * 
      * @param r request
      */
     public synchronized void requestIn(IRequest r) {
@@ -51,10 +48,10 @@ public class RequestScheduler implements IRequestScheduler {
 
     /**
      * Request exited the request queue processing.
-     *
+     * 
      * @param r request
      */
-    public synchronized void requestOut(IRequest r) { 
+    public synchronized void requestOut(IRequest r) {
         Thread current = Thread.currentThread();
         Thread first = (Thread) mRequestThreads.elementAt(0);
 
diff --git a/pki/base/common/src/com/netscape/cms/selftests/ASelfTest.java b/pki/base/common/src/com/netscape/cms/selftests/ASelfTest.java
index df7f02bc..bda3fd51 100644
--- a/pki/base/common/src/com/netscape/cms/selftests/ASelfTest.java
+++ b/pki/base/common/src/com/netscape/cms/selftests/ASelfTest.java
@@ -20,7 +20,6 @@
 
 package com.netscape.cms.selftests;
 
-
 ///////////////////////
 // import statements //
 ///////////////////////
@@ -37,7 +36,6 @@ import com.netscape.certsrv.selftests.ESelfTestException;
 import com.netscape.certsrv.selftests.ISelfTest;
 import com.netscape.certsrv.selftests.ISelfTestSubsystem;
 
-
 //////////////////////
 // class definition //
 //////////////////////
@@ -51,16 +49,14 @@ import com.netscape.certsrv.selftests.ISelfTestSubsystem;
  * @version $Revision$, $Date$
  */
 public abstract class ASelfTest
-    implements ISelfTest {
-    ////////////////////////
+        implements ISelfTest {
+    // //////////////////////
     // default parameters //
-    ////////////////////////
-
-
+    // //////////////////////
 
-    //////////////////////////
+    // ////////////////////////
     // ISelfTest parameters //
-    //////////////////////////
+    // ////////////////////////
 
     // parameter information
     private static final String SELF_TEST_NAME = "ASelfTest";
@@ -71,32 +67,30 @@ public abstract class ASelfTest
     protected IConfigStore mConfig = null;
     protected String mPrefix = null;
 
-    /////////////////////
+    // ///////////////////
     // default methods //
-    /////////////////////
+    // ///////////////////
 
-
-
-    ///////////////////////
+    // /////////////////////
     // ISelfTest methods //
-    ///////////////////////
+    // /////////////////////
 
     /**
-     * Initializes this subsystem with the configuration store
-     * associated with this instance name.
+     * Initializes this subsystem with the configuration store associated with
+     * this instance name.
      * <P>
-     *
+     * 
      * @param subsystem the associated subsystem
-     * @param instanceName the name of this self test instance 
+     * @param instanceName the name of this self test instance
      * @param parameters configuration store (self test parameters)
      * @exception EDuplicateSelfTestException subsystem has duplicate name/value
      * @exception EInvalidSelfTestException subsystem has invalid name/value
      * @exception EMissingSelfTestException subsystem has missing name/value
      */
     public void initSelfTest(ISelfTestSubsystem subsystem,
-        String instanceName,
-        IConfigStore parameters)
-        throws EDuplicateSelfTestException,
+            String instanceName,
+            IConfigStore parameters)
+            throws EDuplicateSelfTestException,
             EInvalidSelfTestException,
             EMissingSelfTestException {
         // store individual self test class values for this instance
@@ -108,9 +102,9 @@ public abstract class ASelfTest
             instanceName = instanceName.trim();
         } else {
             mSelfTestSubsystem.log(mSelfTestSubsystem.getSelfTestLogger(),
-                CMS.getLogMessage(
-                    "SELFTESTS_PARAMETER_WAS_NULL",
-                    SELF_TEST_NAME));
+                    CMS.getLogMessage(
+                            "SELFTESTS_PARAMETER_WAS_NULL",
+                            SELF_TEST_NAME));
 
             throw new EMissingSelfTestException();
         }
@@ -124,14 +118,14 @@ public abstract class ASelfTest
         mConfig = parameters.getSubStore(pluginPath);
 
         if ((mConfig != null) &&
-            (mConfig.getName() != null) &&
-            (mConfig.getName() != "")) {
+                (mConfig.getName() != null) &&
+                (mConfig.getName() != "")) {
             mPrefix = mConfig.getName().trim();
         } else {
             mSelfTestSubsystem.log(mSelfTestSubsystem.getSelfTestLogger(),
-                CMS.getLogMessage(
-                    "SELFTESTS_PARAMETER_WAS_NULL",
-                    SELF_TEST_NAME));
+                    CMS.getLogMessage(
+                            "SELFTESTS_PARAMETER_WAS_NULL",
+                            SELF_TEST_NAME));
 
             throw new EMissingSelfTestException();
         }
@@ -142,24 +136,24 @@ public abstract class ASelfTest
     /**
      * Notifies this subsystem if it is in execution mode.
      * <P>
-     *
+     * 
      * @exception ESelfTestException failed to start
      */
     public abstract void startupSelfTest()
-        throws ESelfTestException;
+            throws ESelfTestException;
 
     /**
-     * Stops this subsystem. The subsystem may call shutdownSelfTest
-     * anytime after initialization.
+     * Stops this subsystem. The subsystem may call shutdownSelfTest anytime
+     * after initialization.
      * <P>
      */
     public abstract void shutdownSelfTest();
 
     /**
-     * Returns the name associated with this self test. This method may
-     * return null if the self test has not been intialized.
+     * Returns the name associated with this self test. This method may return
+     * null if the self test has not been intialized.
      * <P>
-     *
+     * 
      * @return instanceName of this self test
      */
     public String getSelfTestName() {
@@ -167,10 +161,10 @@ public abstract class ASelfTest
     }
 
     /**
-     * Returns the root configuration storage (self test parameters)
-     * associated with this subsystem.
+     * Returns the root configuration storage (self test parameters) associated
+     * with this subsystem.
      * <P>
-     *
+     * 
      * @return configuration store (self test parameters) of this subsystem
      */
     public IConfigStore getSelfTestConfigStore() {
@@ -178,10 +172,10 @@ public abstract class ASelfTest
     }
 
     /**
-     * Retrieves description associated with an individual self test.
-     * This method may return null.
+     * Retrieves description associated with an individual self test. This
+     * method may return null.
      * <P>
-     *
+     * 
      * @param locale locale of the client that requests the description
      * @return description of self test
      */
@@ -190,11 +184,10 @@ public abstract class ASelfTest
     /**
      * Execute an individual self test.
      * <P>
-     *
+     * 
      * @param logger specifies logging subsystem
      * @exception ESelfTestException self test exception
      */
     public abstract void runSelfTest(ILogEventListener logger)
-        throws ESelfTestException;
+            throws ESelfTestException;
 }
-
diff --git a/pki/base/common/src/com/netscape/cms/selftests/ca/CAPresence.java b/pki/base/common/src/com/netscape/cms/selftests/ca/CAPresence.java
index cf3338ef..6d7a8de7 100644
--- a/pki/base/common/src/com/netscape/cms/selftests/ca/CAPresence.java
+++ b/pki/base/common/src/com/netscape/cms/selftests/ca/CAPresence.java
@@ -20,8 +20,6 @@
 
 package com.netscape.cms.selftests.ca;
 
-
-
 ///////////////////////
 // import statements //
 ///////////////////////
@@ -44,8 +42,6 @@ import com.netscape.certsrv.selftests.ESelfTestException;
 import com.netscape.certsrv.selftests.ISelfTestSubsystem;
 import com.netscape.cms.selftests.ASelfTest;
 
-
-
 //////////////////////
 // class definition //
 //////////////////////
@@ -59,83 +55,75 @@ import com.netscape.cms.selftests.ASelfTest;
  * @version $Revision$, $Date$
  */
 public class CAPresence
-extends ASelfTest
-{
-    ////////////////////////
+        extends ASelfTest {
+    // //////////////////////
     // default parameters //
-    ////////////////////////
-
+    // //////////////////////
 
-
-    ///////////////////////////
+    // /////////////////////////
     // CAPresence parameters //
-    ///////////////////////////
+    // /////////////////////////
 
     // parameter information
     public static final String PROP_CA_SUB_ID = "CaSubId";
-    private String mCaSubId                   = null;
-
+    private String mCaSubId = null;
 
-
-    /////////////////////
+    // ///////////////////
     // default methods //
-    /////////////////////
-
+    // ///////////////////
 
-
-    ////////////////////////
+    // //////////////////////
     // CAPresence methods //
-    ////////////////////////
+    // //////////////////////
 
     /**
-     * Initializes this subsystem with the configuration store
-     * associated with this instance name.
+     * Initializes this subsystem with the configuration store associated with
+     * this instance name.
      * <P>
-     *
+     * 
      * @param subsystem the associated subsystem
-     * @param instanceName the name of this self test instance 
+     * @param instanceName the name of this self test instance
      * @param parameters configuration store (self test parameters)
      * @exception EDuplicateSelfTestException subsystem has duplicate name/value
      * @exception EInvalidSelfTestException subsystem has invalid name/value
      * @exception EMissingSelfTestException subsystem has missing name/value
      */
-    public void initSelfTest( ISelfTestSubsystem subsystem,
+    public void initSelfTest(ISelfTestSubsystem subsystem,
                               String instanceName,
-                              IConfigStore parameters )
-    throws EDuplicateSelfTestException,
-           EInvalidSelfTestException,
-           EMissingSelfTestException
-    {
-        super.initSelfTest( subsystem, instanceName, parameters );
+                              IConfigStore parameters)
+            throws EDuplicateSelfTestException,
+            EInvalidSelfTestException,
+            EMissingSelfTestException {
+        super.initSelfTest(subsystem, instanceName, parameters);
 
         // retrieve mandatory parameter(s)
         try {
-            mCaSubId = mConfig.getString( PROP_CA_SUB_ID );
-            if( mCaSubId != null ) {
+            mCaSubId = mConfig.getString(PROP_CA_SUB_ID);
+            if (mCaSubId != null) {
                 mCaSubId = mCaSubId.trim();
             } else {
-                mSelfTestSubsystem.log( mSelfTestSubsystem.getSelfTestLogger(),
+                mSelfTestSubsystem.log(mSelfTestSubsystem.getSelfTestLogger(),
                                         CMS.getLogMessage(
-                                        "SELFTESTS_MISSING_VALUES",
-                                        getSelfTestName(),
-                                        mPrefix
-                                      + "."
-                                      + PROP_CA_SUB_ID ) );
+                                                "SELFTESTS_MISSING_VALUES",
+                                                getSelfTestName(),
+                                                mPrefix
+                                                        + "."
+                                                        + PROP_CA_SUB_ID));
 
-                throw new EMissingSelfTestException( PROP_CA_SUB_ID );
+                throw new EMissingSelfTestException(PROP_CA_SUB_ID);
             }
-        } catch( EBaseException e ) {
-            mSelfTestSubsystem.log( mSelfTestSubsystem.getSelfTestLogger(),
+        } catch (EBaseException e) {
+            mSelfTestSubsystem.log(mSelfTestSubsystem.getSelfTestLogger(),
                                     CMS.getLogMessage(
-                                    "SELFTESTS_MISSING_NAME",
-                                    getSelfTestName(),
-                                    mPrefix
-                                  + "."
-                                  + PROP_CA_SUB_ID ) );
+                                            "SELFTESTS_MISSING_NAME",
+                                            getSelfTestName(),
+                                            mPrefix
+                                                    + "."
+                                                    + PROP_CA_SUB_ID));
 
-            throw new EMissingSelfTestException( mPrefix,
+            throw new EMissingSelfTestException(mPrefix,
                                                  PROP_CA_SUB_ID,
-                                                 null );
+                                                 null);
         }
 
         // retrieve optional parameter(s)
@@ -143,145 +131,132 @@ extends ASelfTest
         return;
     }
 
-
     /**
      * Notifies this subsystem if it is in execution mode.
      * <P>
-     *
+     * 
      * @exception ESelfTestException failed to start
      */
     public void startupSelfTest()
-    throws ESelfTestException
-    {
+            throws ESelfTestException {
         return;
     }
 
-
     /**
-     * Stops this subsystem. The subsystem may call shutdownSelfTest
-     * anytime after initialization.
+     * Stops this subsystem. The subsystem may call shutdownSelfTest anytime
+     * after initialization.
      * <P>
      */
-    public void shutdownSelfTest()
-    {
+    public void shutdownSelfTest() {
         return;
     }
 
-
     /**
-     * Returns the name associated with this self test. This method may
-     * return null if the self test has not been intialized.
+     * Returns the name associated with this self test. This method may return
+     * null if the self test has not been intialized.
      * <P>
-     *
+     * 
      * @return instanceName of this self test
      */
-    public String getSelfTestName()
-    {
+    public String getSelfTestName() {
         return super.getSelfTestName();
     }
 
-
     /**
-     * Returns the root configuration storage (self test parameters)
-     * associated with this subsystem.
+     * Returns the root configuration storage (self test parameters) associated
+     * with this subsystem.
      * <P>
-     *
+     * 
      * @return configuration store (self test parameters) of this subsystem
      */
-    public IConfigStore getSelfTestConfigStore()
-    {
+    public IConfigStore getSelfTestConfigStore() {
         return super.getSelfTestConfigStore();
     }
 
-
     /**
-     * Retrieves description associated with an individual self test.
-     * This method may return null.
+     * Retrieves description associated with an individual self test. This
+     * method may return null.
      * <P>
-     *
+     * 
      * @param locale locale of the client that requests the description
      * @return description of self test
      */
-    public String getSelfTestDescription( Locale locale )
-    {
-        return CMS.getUserMessage( locale,
-                                   "CMS_SELFTESTS_CA_PRESENCE_DESCRIPTION" );
+    public String getSelfTestDescription(Locale locale) {
+        return CMS.getUserMessage(locale,
+                                   "CMS_SELFTESTS_CA_PRESENCE_DESCRIPTION");
     }
 
-
     /**
      * Execute an individual self test.
      * <P>
-     *
+     * 
      * @param logger specifies logging subsystem
      * @exception ESelfTestException self test exception
      */
-    public void runSelfTest( ILogEventListener logger )
-    throws ESelfTestException
-    {
+    public void runSelfTest(ILogEventListener logger)
+            throws ESelfTestException {
         String logMessage = null;
         ICertificateAuthority ca = null;
         X509CertImpl caCert = null;
         X509Key caPubKey = null;
 
-        ca = ( ICertificateAuthority ) CMS.getSubsystem( mCaSubId );
+        ca = (ICertificateAuthority) CMS.getSubsystem(mCaSubId);
 
-        if( ca == null ) {
+        if (ca == null) {
             // log that the CA is not installed
-            logMessage = CMS.getLogMessage( "SELFTESTS_CA_IS_NOT_PRESENT",
-                                            getSelfTestName() );
+            logMessage = CMS.getLogMessage("SELFTESTS_CA_IS_NOT_PRESENT",
+                                            getSelfTestName());
 
-            mSelfTestSubsystem.log( logger,
-                                    logMessage );
+            mSelfTestSubsystem.log(logger,
+                                    logMessage);
 
-            throw new ESelfTestException( logMessage );
+            throw new ESelfTestException(logMessage);
         } else {
             // Retrieve the CA certificate
             caCert = ca.getCACert();
 
-            if( caCert == null ) {
+            if (caCert == null) {
                 // log that the CA is not yet initialized
-                logMessage = CMS.getLogMessage( 
+                logMessage = CMS.getLogMessage(
                              "SELFTESTS_CA_IS_NOT_INITIALIZED",
-                             getSelfTestName() );
+                             getSelfTestName());
 
-                mSelfTestSubsystem.log( logger,
-                                        logMessage );
+                mSelfTestSubsystem.log(logger,
+                                        logMessage);
 
-                throw new ESelfTestException( logMessage );
+                throw new ESelfTestException(logMessage);
             }
 
             // Retrieve the CA certificate public key
             try {
-                caPubKey = ( X509Key ) caCert.get( X509CertImpl.PUBLIC_KEY );
+                caPubKey = (X509Key) caCert.get(X509CertImpl.PUBLIC_KEY);
 
-                if( caPubKey == null ) {
+                if (caPubKey == null) {
                     // log that something is seriously wrong with the CA
-                    logMessage = CMS.getLogMessage( "SELFTESTS_CA_IS_CORRUPT",
-                                                    getSelfTestName() );
+                    logMessage = CMS.getLogMessage("SELFTESTS_CA_IS_CORRUPT",
+                                                    getSelfTestName());
 
-                    mSelfTestSubsystem.log( logger,
-                                            logMessage );
+                    mSelfTestSubsystem.log(logger,
+                                            logMessage);
 
-                    throw new ESelfTestException( logMessage );
+                    throw new ESelfTestException(logMessage);
                 }
-            } catch( CertificateParsingException e ) {
+            } catch (CertificateParsingException e) {
                 // log that something is seriously wrong with the CA
-                mSelfTestSubsystem.log( logger,
-                                        e.toString() );
+                mSelfTestSubsystem.log(logger,
+                                        e.toString());
 
-                throw new ESelfTestException( e.toString() );
+                throw new ESelfTestException(e.toString());
             }
 
             // log that the CA is present
-            logMessage = CMS.getLogMessage( "SELFTESTS_CA_IS_PRESENT",
-                                            getSelfTestName() );
+            logMessage = CMS.getLogMessage("SELFTESTS_CA_IS_PRESENT",
+                                            getSelfTestName());
 
-            mSelfTestSubsystem.log( logger,
-                                    logMessage );
+            mSelfTestSubsystem.log(logger,
+                                    logMessage);
         }
 
         return;
     }
 }
-
diff --git a/pki/base/common/src/com/netscape/cms/selftests/ca/CAValidity.java b/pki/base/common/src/com/netscape/cms/selftests/ca/CAValidity.java
index cff35ce5..cdda0a0d 100644
--- a/pki/base/common/src/com/netscape/cms/selftests/ca/CAValidity.java
+++ b/pki/base/common/src/com/netscape/cms/selftests/ca/CAValidity.java
@@ -20,8 +20,6 @@
 
 package com.netscape.cms.selftests.ca;
 
-
-
 ///////////////////////
 // import statements //
 ///////////////////////
@@ -44,14 +42,12 @@ import com.netscape.certsrv.selftests.ESelfTestException;
 import com.netscape.certsrv.selftests.ISelfTestSubsystem;
 import com.netscape.cms.selftests.ASelfTest;
 
-
-
 //////////////////////
 // class definition //
 //////////////////////
 
 /**
- * This class implements a self test to check the validity of the CA. 
+ * This class implements a self test to check the validity of the CA.
  * <P>
  * 
  * @author mharmsen
@@ -59,83 +55,75 @@ import com.netscape.cms.selftests.ASelfTest;
  * @version $Revision$, $Date$
  */
 public class CAValidity
-extends ASelfTest
-{
-    ////////////////////////
+        extends ASelfTest {
+    // //////////////////////
     // default parameters //
-    ////////////////////////
-
+    // //////////////////////
 
-
-    ///////////////////////////
+    // /////////////////////////
     // CAValidity parameters //
-    ///////////////////////////
+    // /////////////////////////
 
     // parameter information
     public static final String PROP_CA_SUB_ID = "CaSubId";
-    private String mCaSubId                   = null;
-
+    private String mCaSubId = null;
 
-
-    /////////////////////
+    // ///////////////////
     // default methods //
-    /////////////////////
-
+    // ///////////////////
 
-
-    ////////////////////////
+    // //////////////////////
     // CAValidity methods //
-    ////////////////////////
+    // //////////////////////
 
     /**
-     * Initializes this subsystem with the configuration store
-     * associated with this instance name.
+     * Initializes this subsystem with the configuration store associated with
+     * this instance name.
      * <P>
-     *
+     * 
      * @param subsystem the associated subsystem
-     * @param instanceName the name of this self test instance 
+     * @param instanceName the name of this self test instance
      * @param parameters configuration store (self test parameters)
      * @exception EDuplicateSelfTestException subsystem has duplicate name/value
      * @exception EInvalidSelfTestException subsystem has invalid name/value
      * @exception EMissingSelfTestException subsystem has missing name/value
      */
-    public void initSelfTest( ISelfTestSubsystem subsystem,
+    public void initSelfTest(ISelfTestSubsystem subsystem,
                               String instanceName,
-                              IConfigStore parameters )
-    throws EDuplicateSelfTestException,
-           EInvalidSelfTestException,
-           EMissingSelfTestException
-    {
-        super.initSelfTest( subsystem, instanceName, parameters );
+                              IConfigStore parameters)
+            throws EDuplicateSelfTestException,
+            EInvalidSelfTestException,
+            EMissingSelfTestException {
+        super.initSelfTest(subsystem, instanceName, parameters);
 
         // retrieve mandatory parameter(s)
         try {
-            mCaSubId = mConfig.getString( PROP_CA_SUB_ID );
-            if( mCaSubId != null ) {
+            mCaSubId = mConfig.getString(PROP_CA_SUB_ID);
+            if (mCaSubId != null) {
                 mCaSubId = mCaSubId.trim();
             } else {
-                mSelfTestSubsystem.log( mSelfTestSubsystem.getSelfTestLogger(),
+                mSelfTestSubsystem.log(mSelfTestSubsystem.getSelfTestLogger(),
                                         CMS.getLogMessage(
-                                        "SELFTESTS_MISSING_VALUES",
-                                        getSelfTestName(),
-                                        mPrefix
-                                      + "."
-                                      + PROP_CA_SUB_ID ) );
+                                                "SELFTESTS_MISSING_VALUES",
+                                                getSelfTestName(),
+                                                mPrefix
+                                                        + "."
+                                                        + PROP_CA_SUB_ID));
 
-                throw new EMissingSelfTestException( PROP_CA_SUB_ID );
+                throw new EMissingSelfTestException(PROP_CA_SUB_ID);
             }
-        } catch( EBaseException e ) {
-            mSelfTestSubsystem.log( mSelfTestSubsystem.getSelfTestLogger(),
+        } catch (EBaseException e) {
+            mSelfTestSubsystem.log(mSelfTestSubsystem.getSelfTestLogger(),
                                     CMS.getLogMessage(
-                                    "SELFTESTS_MISSING_NAME",
-                                    getSelfTestName(),
-                                    mPrefix
-                                  + "."
-                                  + PROP_CA_SUB_ID ) );
+                                            "SELFTESTS_MISSING_NAME",
+                                            getSelfTestName(),
+                                            mPrefix
+                                                    + "."
+                                                    + PROP_CA_SUB_ID));
 
-            throw new EMissingSelfTestException( mPrefix,
+            throw new EMissingSelfTestException(mPrefix,
                                                  PROP_CA_SUB_ID,
-                                                 null );
+                                                 null);
         }
 
         // retrieve optional parameter(s)
@@ -143,145 +131,132 @@ extends ASelfTest
         return;
     }
 
-
     /**
      * Notifies this subsystem if it is in execution mode.
      * <P>
-     *
+     * 
      * @exception ESelfTestException failed to start
      */
     public void startupSelfTest()
-    throws ESelfTestException
-    {
+            throws ESelfTestException {
         return;
     }
 
-
     /**
-     * Stops this subsystem. The subsystem may call shutdownSelfTest
-     * anytime after initialization.
+     * Stops this subsystem. The subsystem may call shutdownSelfTest anytime
+     * after initialization.
      * <P>
      */
-    public void shutdownSelfTest()
-    {
+    public void shutdownSelfTest() {
         return;
     }
 
-
     /**
-     * Returns the name associated with this self test. This method may
-     * return null if the self test has not been intialized.
+     * Returns the name associated with this self test. This method may return
+     * null if the self test has not been intialized.
      * <P>
-     *
+     * 
      * @return instanceName of this self test
      */
-    public String getSelfTestName()
-    {
+    public String getSelfTestName() {
         return super.getSelfTestName();
     }
 
-
     /**
-     * Returns the root configuration storage (self test parameters)
-     * associated with this subsystem.
+     * Returns the root configuration storage (self test parameters) associated
+     * with this subsystem.
      * <P>
-     *
+     * 
      * @return configuration store (self test parameters) of this subsystem
      */
-    public IConfigStore getSelfTestConfigStore()
-    {
+    public IConfigStore getSelfTestConfigStore() {
         return super.getSelfTestConfigStore();
     }
 
-
     /**
-     * Retrieves description associated with an individual self test.
-     * This method may return null.
+     * Retrieves description associated with an individual self test. This
+     * method may return null.
      * <P>
-     *
+     * 
      * @param locale locale of the client that requests the description
      * @return description of self test
      */
-    public String getSelfTestDescription( Locale locale )
-    {
-        return CMS.getUserMessage( locale,
-                                   "CMS_SELFTESTS_CA_VALIDITY_DESCRIPTION" );
+    public String getSelfTestDescription(Locale locale) {
+        return CMS.getUserMessage(locale,
+                                   "CMS_SELFTESTS_CA_VALIDITY_DESCRIPTION");
     }
 
-
     /**
      * Execute an individual self test.
      * <P>
-     *
+     * 
      * @param logger specifies logging subsystem
      * @exception ESelfTestException self test exception
      */
-    public void runSelfTest( ILogEventListener logger )
-    throws ESelfTestException
-    {
+    public void runSelfTest(ILogEventListener logger)
+            throws ESelfTestException {
         String logMessage = null;
         ICertificateAuthority ca = null;
         X509CertImpl caCert = null;
 
-        ca = ( ICertificateAuthority ) CMS.getSubsystem( mCaSubId );
+        ca = (ICertificateAuthority) CMS.getSubsystem(mCaSubId);
 
-        if( ca == null ) {
+        if (ca == null) {
             // log that the CA is not installed
-            logMessage = CMS.getLogMessage( "SELFTESTS_CA_IS_NOT_PRESENT",
-                                            getSelfTestName() );
+            logMessage = CMS.getLogMessage("SELFTESTS_CA_IS_NOT_PRESENT",
+                                            getSelfTestName());
 
-            mSelfTestSubsystem.log( logger,
-                                    logMessage );
+            mSelfTestSubsystem.log(logger,
+                                    logMessage);
 
-            throw new ESelfTestException( logMessage );
+            throw new ESelfTestException(logMessage);
         } else {
             // Retrieve the CA certificate
             caCert = ca.getCACert();
 
-            if( caCert == null ) {
+            if (caCert == null) {
                 // log that the CA is not yet initialized
-                logMessage = CMS.getLogMessage( 
+                logMessage = CMS.getLogMessage(
                              "SELFTESTS_CA_IS_NOT_INITIALIZED",
-                             getSelfTestName() );
+                             getSelfTestName());
 
-                mSelfTestSubsystem.log( logger,
-                                        logMessage );
+                mSelfTestSubsystem.log(logger,
+                                        logMessage);
 
-                throw new ESelfTestException( logMessage );
+                throw new ESelfTestException(logMessage);
             }
 
             // Retrieve the CA validity period
             try {
                 caCert.checkValidity();
-            } catch( CertificateNotYetValidException e ) {
+            } catch (CertificateNotYetValidException e) {
                 // log that the CA is not yet valid
-                logMessage = CMS.getLogMessage( "SELFTESTS_CA_IS_NOT_YET_VALID",
-                                                getSelfTestName() );
+                logMessage = CMS.getLogMessage("SELFTESTS_CA_IS_NOT_YET_VALID",
+                                                getSelfTestName());
 
-                mSelfTestSubsystem.log( logger,
-                                        logMessage );
+                mSelfTestSubsystem.log(logger,
+                                        logMessage);
 
-                throw new ESelfTestException( logMessage );
-            } catch( CertificateExpiredException e ) {
+                throw new ESelfTestException(logMessage);
+            } catch (CertificateExpiredException e) {
                 // log that the CA is expired
-                logMessage = CMS.getLogMessage( "SELFTESTS_CA_IS_EXPIRED",
-                                                getSelfTestName() );
+                logMessage = CMS.getLogMessage("SELFTESTS_CA_IS_EXPIRED",
+                                                getSelfTestName());
 
-                mSelfTestSubsystem.log( logger,
-                                        logMessage );
+                mSelfTestSubsystem.log(logger,
+                                        logMessage);
 
-                throw new ESelfTestException( logMessage );
+                throw new ESelfTestException(logMessage);
             }
 
             // log that the CA is valid
-            logMessage = CMS.getLogMessage( "SELFTESTS_CA_IS_VALID",
-                                            getSelfTestName() );
+            logMessage = CMS.getLogMessage("SELFTESTS_CA_IS_VALID",
+                                            getSelfTestName());
 
-            mSelfTestSubsystem.log( logger,
-                                    logMessage );
+            mSelfTestSubsystem.log(logger,
+                                    logMessage);
         }
 
         return;
     }
 }
-
diff --git a/pki/base/common/src/com/netscape/cms/selftests/common/SystemCertsVerification.java b/pki/base/common/src/com/netscape/cms/selftests/common/SystemCertsVerification.java
index b3388d9e..a85d5ba4 100644
--- a/pki/base/common/src/com/netscape/cms/selftests/common/SystemCertsVerification.java
+++ b/pki/base/common/src/com/netscape/cms/selftests/common/SystemCertsVerification.java
@@ -20,8 +20,6 @@
 
 package com.netscape.cms.selftests.common;
 
-
-
 ///////////////////////
 // import statements //
 ///////////////////////
@@ -39,97 +37,86 @@ import com.netscape.certsrv.selftests.ESelfTestException;
 import com.netscape.certsrv.selftests.ISelfTestSubsystem;
 import com.netscape.cms.selftests.ASelfTest;
 
-
-
 //////////////////////
 // class definition //
 //////////////////////
 
 /**
- * This class implements a self test to check the system certs
- * of the subsystem
+ * This class implements a self test to check the system certs of the subsystem
  * <P>
  * 
- * @version $Revision: $, $Date:  $
+ * @version $Revision: $, $Date: $
  */
 public class SystemCertsVerification
-extends ASelfTest
-{
-    ////////////////////////
+        extends ASelfTest {
+    // //////////////////////
     // default parameters //
-    ////////////////////////
-
+    // //////////////////////
 
-
-    ///////////////////////////
+    // /////////////////////////
     // SystemCertsVerification parameters //
-    ///////////////////////////
+    // /////////////////////////
 
     // parameter information
     public static final String PROP_SUB_ID = "SubId";
-    private String mSubId                   = null;
-
+    private String mSubId = null;
 
-
-    /////////////////////
+    // ///////////////////
     // default methods //
-    /////////////////////
-
+    // ///////////////////
 
-
-    ////////////////////////
+    // //////////////////////
     // SystemCertsVerification methods //
-    ////////////////////////
+    // //////////////////////
 
     /**
-     * Initializes this subsystem with the configuration store
-     * associated with this instance name.
+     * Initializes this subsystem with the configuration store associated with
+     * this instance name.
      * <P>
-     *
+     * 
      * @param subsystem the associated subsystem
-     * @param instanceName the name of this self test instance 
+     * @param instanceName the name of this self test instance
      * @param parameters configuration store (self test parameters)
      * @exception EDuplicateSelfTestException subsystem has duplicate name/value
      * @exception EInvalidSelfTestException subsystem has invalid name/value
      * @exception EMissingSelfTestException subsystem has missing name/value
      */
-    public void initSelfTest( ISelfTestSubsystem subsystem,
+    public void initSelfTest(ISelfTestSubsystem subsystem,
                               String instanceName,
-                              IConfigStore parameters )
-    throws EDuplicateSelfTestException,
-           EInvalidSelfTestException,
-           EMissingSelfTestException
-    {
-        super.initSelfTest( subsystem, instanceName, parameters );
+                              IConfigStore parameters)
+            throws EDuplicateSelfTestException,
+            EInvalidSelfTestException,
+            EMissingSelfTestException {
+        super.initSelfTest(subsystem, instanceName, parameters);
 
         // retrieve mandatory parameter(s)
         try {
-            mSubId = mConfig.getString( PROP_SUB_ID );
-            if( mSubId != null ) {
+            mSubId = mConfig.getString(PROP_SUB_ID);
+            if (mSubId != null) {
                 mSubId = mSubId.trim();
             } else {
-                mSelfTestSubsystem.log( mSelfTestSubsystem.getSelfTestLogger(),
+                mSelfTestSubsystem.log(mSelfTestSubsystem.getSelfTestLogger(),
                                         CMS.getLogMessage(
-                                        "SELFTESTS_MISSING_VALUES",
-                                        getSelfTestName(),
-                                        mPrefix
-                                      + "."
-                                      + PROP_SUB_ID ) );
+                                                "SELFTESTS_MISSING_VALUES",
+                                                getSelfTestName(),
+                                                mPrefix
+                                                        + "."
+                                                        + PROP_SUB_ID));
 
-                throw new EMissingSelfTestException( PROP_SUB_ID );
+                throw new EMissingSelfTestException(PROP_SUB_ID);
             }
-        } catch( EBaseException e ) {
-            mSelfTestSubsystem.log( mSelfTestSubsystem.getSelfTestLogger(),
+        } catch (EBaseException e) {
+            mSelfTestSubsystem.log(mSelfTestSubsystem.getSelfTestLogger(),
                                     CMS.getLogMessage(
-                                    "SELFTESTS_MISSING_NAME",
-                                    getSelfTestName(),
-                                    mPrefix
-                                  + "."
-                                  + PROP_SUB_ID ) );
+                                            "SELFTESTS_MISSING_NAME",
+                                            getSelfTestName(),
+                                            mPrefix
+                                                    + "."
+                                                    + PROP_SUB_ID));
 
-            throw new EMissingSelfTestException( mPrefix,
+            throw new EMissingSelfTestException(mPrefix,
                                                  PROP_SUB_ID,
-                                                 null );
+                                                 null);
         }
 
         // retrieve optional parameter(s)
@@ -137,102 +124,89 @@ extends ASelfTest
         return;
     }
 
-
     /**
      * Notifies this subsystem if it is in execution mode.
      * <P>
-     *
+     * 
      * @exception ESelfTestException failed to start
      */
     public void startupSelfTest()
-    throws ESelfTestException
-    {
+            throws ESelfTestException {
         return;
     }
 
-
     /**
-     * Stops this subsystem. The subsystem may call shutdownSelfTest
-     * anytime after initialization.
+     * Stops this subsystem. The subsystem may call shutdownSelfTest anytime
+     * after initialization.
      * <P>
      */
-    public void shutdownSelfTest()
-    {
+    public void shutdownSelfTest() {
         return;
     }
 
-
     /**
-     * Returns the name associated with this self test. This method may
-     * return null if the self test has not been intialized.
+     * Returns the name associated with this self test. This method may return
+     * null if the self test has not been intialized.
      * <P>
-     *
+     * 
      * @return instanceName of this self test
      */
-    public String getSelfTestName()
-    {
+    public String getSelfTestName() {
         return super.getSelfTestName();
     }
 
-
     /**
-     * Returns the root configuration storage (self test parameters)
-     * associated with this subsystem.
+     * Returns the root configuration storage (self test parameters) associated
+     * with this subsystem.
      * <P>
-     *
+     * 
      * @return configuration store (self test parameters) of this subsystem
      */
-    public IConfigStore getSelfTestConfigStore()
-    {
+    public IConfigStore getSelfTestConfigStore() {
         return super.getSelfTestConfigStore();
     }
 
-
     /**
-     * Retrieves description associated with an individual self test.
-     * This method may return null.
+     * Retrieves description associated with an individual self test. This
+     * method may return null.
      * <P>
-     *
+     * 
      * @param locale locale of the client that requests the description
      * @return description of self test
      */
-    public String getSelfTestDescription( Locale locale )
-    {
-        return CMS.getUserMessage( locale,
-                                   "CMS_SELFTESTS_SYSTEM_CERTS_VERIFICATION_DESCRIPTION" );
+    public String getSelfTestDescription(Locale locale) {
+        return CMS.getUserMessage(locale,
+                                   "CMS_SELFTESTS_SYSTEM_CERTS_VERIFICATION_DESCRIPTION");
     }
 
-
     /**
      * Execute an individual self test.
      * <P>
-     *
+     * 
      * @param logger specifies logging subsystem
      * @exception ESelfTestException self test exception
      */
-    public void runSelfTest( ILogEventListener logger )
-    throws ESelfTestException
-    {
+    public void runSelfTest(ILogEventListener logger)
+            throws ESelfTestException {
         String logMessage = null;
         boolean rc = false;
 
         rc = CMS.verifySystemCerts();
         if (rc == true) {
-            logMessage = CMS.getLogMessage( "SELFTESTS_COMMON_SYSTEM_CERTS_VERIFICATION_SUCCESS",
-                                                getSelfTestName() );
+            logMessage = CMS.getLogMessage("SELFTESTS_COMMON_SYSTEM_CERTS_VERIFICATION_SUCCESS",
+                                                getSelfTestName());
 
-            mSelfTestSubsystem.log( logger,
-                                        logMessage );
+            mSelfTestSubsystem.log(logger,
+                                        logMessage);
         } else {
-            logMessage = CMS.getLogMessage( "SELFTESTS_COMMON_SYSTEM_CERTS_VERIFICATION_FAILURE",
-                                            getSelfTestName() );
+            logMessage = CMS.getLogMessage("SELFTESTS_COMMON_SYSTEM_CERTS_VERIFICATION_FAILURE",
+                                            getSelfTestName());
 
-            mSelfTestSubsystem.log( logger,
-                                    logMessage );
-            throw new ESelfTestException( logMessage );
+            mSelfTestSubsystem.log(logger,
+                                    logMessage);
+            throw new ESelfTestException(logMessage);
         }
 
         return;
     }
 }
-
diff --git a/pki/base/common/src/com/netscape/cms/selftests/kra/KRAPresence.java b/pki/base/common/src/com/netscape/cms/selftests/kra/KRAPresence.java
index 52255e24..1c86bb5c 100644
--- a/pki/base/common/src/com/netscape/cms/selftests/kra/KRAPresence.java
+++ b/pki/base/common/src/com/netscape/cms/selftests/kra/KRAPresence.java
@@ -20,8 +20,6 @@
 
 package com.netscape.cms.selftests.kra;
 
-
-
 ///////////////////////
 // import statements //
 ///////////////////////
@@ -41,8 +39,6 @@ import com.netscape.certsrv.selftests.ESelfTestException;
 import com.netscape.certsrv.selftests.ISelfTestSubsystem;
 import com.netscape.cms.selftests.ASelfTest;
 
-
-
 //////////////////////
 // class definition //
 //////////////////////
@@ -56,83 +52,75 @@ import com.netscape.cms.selftests.ASelfTest;
  * @version $Revision$, $Date$
  */
 public class KRAPresence
-extends ASelfTest
-{
-    ////////////////////////
+        extends ASelfTest {
+    // //////////////////////
     // default parameters //
-    ////////////////////////
-
+    // //////////////////////
 
-
-    ///////////////////////////
+    // /////////////////////////
     // KRAPresence parameters //
-    ///////////////////////////
+    // /////////////////////////
 
     // parameter information
     public static final String PROP_KRA_SUB_ID = "SubId";
-    private String mSubId                   = null;
-
+    private String mSubId = null;
 
-
-    /////////////////////
+    // ///////////////////
     // default methods //
-    /////////////////////
-
+    // ///////////////////
 
-
-    ////////////////////////
+    // //////////////////////
     // KRAPresence methods //
-    ////////////////////////
+    // //////////////////////
 
     /**
-     * Initializes this subsystem with the configuration store
-     * associated with this instance name.
+     * Initializes this subsystem with the configuration store associated with
+     * this instance name.
      * <P>
-     *
+     * 
      * @param subsystem the associated subsystem
-     * @param instanceName the name of this self test instance 
+     * @param instanceName the name of this self test instance
      * @param parameters configuration store (self test parameters)
      * @exception EDuplicateSelfTestException subsystem has duplicate name/value
      * @exception EInvalidSelfTestException subsystem has invalid name/value
      * @exception EMissingSelfTestException subsystem has missing name/value
      */
-    public void initSelfTest( ISelfTestSubsystem subsystem,
+    public void initSelfTest(ISelfTestSubsystem subsystem,
                               String instanceName,
-                              IConfigStore parameters )
-    throws EDuplicateSelfTestException,
-           EInvalidSelfTestException,
-           EMissingSelfTestException
-    {
-        super.initSelfTest( subsystem, instanceName, parameters );
+                              IConfigStore parameters)
+            throws EDuplicateSelfTestException,
+            EInvalidSelfTestException,
+            EMissingSelfTestException {
+        super.initSelfTest(subsystem, instanceName, parameters);
 
         // retrieve mandatory parameter(s)
         try {
-            mSubId = mConfig.getString( PROP_KRA_SUB_ID );
-            if( mSubId != null ) {
+            mSubId = mConfig.getString(PROP_KRA_SUB_ID);
+            if (mSubId != null) {
                 mSubId = mSubId.trim();
             } else {
-                mSelfTestSubsystem.log( mSelfTestSubsystem.getSelfTestLogger(),
+                mSelfTestSubsystem.log(mSelfTestSubsystem.getSelfTestLogger(),
                                         CMS.getLogMessage(
-                                        "SELFTESTS_MISSING_VALUES",
-                                        getSelfTestName(),
-                                        mPrefix
-                                      + "."
-                                      + PROP_KRA_SUB_ID ) );
+                                                "SELFTESTS_MISSING_VALUES",
+                                                getSelfTestName(),
+                                                mPrefix
+                                                        + "."
+                                                        + PROP_KRA_SUB_ID));
 
-                throw new EMissingSelfTestException( PROP_KRA_SUB_ID );
+                throw new EMissingSelfTestException(PROP_KRA_SUB_ID);
             }
-        } catch( EBaseException e ) {
-            mSelfTestSubsystem.log( mSelfTestSubsystem.getSelfTestLogger(),
+        } catch (EBaseException e) {
+            mSelfTestSubsystem.log(mSelfTestSubsystem.getSelfTestLogger(),
                                     CMS.getLogMessage(
-                                    "SELFTESTS_MISSING_NAME",
-                                    getSelfTestName(),
-                                    mPrefix
-                                  + "."
-                                  + PROP_KRA_SUB_ID ) );
+                                            "SELFTESTS_MISSING_NAME",
+                                            getSelfTestName(),
+                                            mPrefix
+                                                    + "."
+                                                    + PROP_KRA_SUB_ID));
 
-            throw new EMissingSelfTestException( mPrefix,
+            throw new EMissingSelfTestException(mPrefix,
                                                  PROP_KRA_SUB_ID,
-                                                 null );
+                                                 null);
         }
 
         // retrieve optional parameter(s)
@@ -140,137 +128,124 @@ extends ASelfTest
         return;
     }
 
-
     /**
      * Notifies this subsystem if it is in execution mode.
      * <P>
-     *
+     * 
      * @exception ESelfTestException failed to start
      */
     public void startupSelfTest()
-    throws ESelfTestException
-    {
+            throws ESelfTestException {
         return;
     }
 
-
     /**
-     * Stops this subsystem. The subsystem may call shutdownSelfTest
-     * anytime after initialization.
+     * Stops this subsystem. The subsystem may call shutdownSelfTest anytime
+     * after initialization.
      * <P>
      */
-    public void shutdownSelfTest()
-    {
+    public void shutdownSelfTest() {
         return;
     }
 
-
     /**
-     * Returns the name associated with this self test. This method may
-     * return null if the self test has not been intialized.
+     * Returns the name associated with this self test. This method may return
+     * null if the self test has not been intialized.
      * <P>
-     *
+     * 
      * @return instanceName of this self test
      */
-    public String getSelfTestName()
-    {
+    public String getSelfTestName() {
         return super.getSelfTestName();
     }
 
-
     /**
-     * Returns the root configuration storage (self test parameters)
-     * associated with this subsystem.
+     * Returns the root configuration storage (self test parameters) associated
+     * with this subsystem.
      * <P>
-     *
+     * 
      * @return configuration store (self test parameters) of this subsystem
      */
-    public IConfigStore getSelfTestConfigStore()
-    {
+    public IConfigStore getSelfTestConfigStore() {
         return super.getSelfTestConfigStore();
     }
 
-
     /**
-     * Retrieves description associated with an individual self test.
-     * This method may return null.
+     * Retrieves description associated with an individual self test. This
+     * method may return null.
      * <P>
-     *
+     * 
      * @param locale locale of the client that requests the description
      * @return description of self test
      */
-    public String getSelfTestDescription( Locale locale )
-    {
-        return CMS.getUserMessage( locale,
-                                   "CMS_SELFTESTS_KRA_PRESENCE_DESCRIPTION" );
+    public String getSelfTestDescription(Locale locale) {
+        return CMS.getUserMessage(locale,
+                                   "CMS_SELFTESTS_KRA_PRESENCE_DESCRIPTION");
     }
 
-
     /**
      * Execute an individual self test.
      * <P>
-     *
+     * 
      * @param logger specifies logging subsystem
      * @exception ESelfTestException self test exception
      */
-    public void runSelfTest( ILogEventListener logger )
-    throws ESelfTestException
-    {
+    public void runSelfTest(ILogEventListener logger)
+            throws ESelfTestException {
         String logMessage = null;
         IKeyRecoveryAuthority kra = null;
         org.mozilla.jss.crypto.X509Certificate kraCert = null;
         PublicKey kraPubKey = null;
 
-        kra = ( IKeyRecoveryAuthority ) CMS.getSubsystem( mSubId );
+        kra = (IKeyRecoveryAuthority) CMS.getSubsystem(mSubId);
 
-        if( kra == null ) {
+        if (kra == null) {
             // log that the KRA is not installed
-            logMessage = CMS.getLogMessage( "SELFTESTS_KRA_IS_NOT_PRESENT",
-                                            getSelfTestName() );
+            logMessage = CMS.getLogMessage("SELFTESTS_KRA_IS_NOT_PRESENT",
+                                            getSelfTestName());
 
-            mSelfTestSubsystem.log( logger,
-                                    logMessage );
+            mSelfTestSubsystem.log(logger,
+                                    logMessage);
 
-            throw new ESelfTestException( logMessage );
+            throw new ESelfTestException(logMessage);
         } else {
             // Retrieve the KRA certificate
             kraCert = kra.getTransportCert();
 
-            if( kraCert == null ) {
+            if (kraCert == null) {
                 // log that the RA is not yet initialized
-                logMessage = CMS.getLogMessage( 
+                logMessage = CMS.getLogMessage(
                              "SELFTESTS_KRA_IS_NOT_INITIALIZED",
-                             getSelfTestName() );
+                             getSelfTestName());
 
-                mSelfTestSubsystem.log( logger,
-                                        logMessage );
+                mSelfTestSubsystem.log(logger,
+                                        logMessage);
 
-                throw new ESelfTestException( logMessage );
+                throw new ESelfTestException(logMessage);
             }
 
             // Retrieve the KRA certificate public key
-            kraPubKey = ( PublicKey ) kraCert.getPublicKey();
+            kraPubKey = (PublicKey) kraCert.getPublicKey();
 
-            if( kraPubKey == null ) {
+            if (kraPubKey == null) {
                 // log that something is seriously wrong with the KRA
-                logMessage = CMS.getLogMessage( "SELFTESTS_KRA_IS_CORRUPT",
-                                                getSelfTestName() );
+                logMessage = CMS.getLogMessage("SELFTESTS_KRA_IS_CORRUPT",
+                                                getSelfTestName());
 
-                mSelfTestSubsystem.log( logger,
-                                        logMessage );
+                mSelfTestSubsystem.log(logger,
+                                        logMessage);
 
-                throw new ESelfTestException( logMessage );
+                throw new ESelfTestException(logMessage);
             }
 
             // log that the KRA is present
-            logMessage = CMS.getLogMessage( "SELFTESTS_KRA_IS_PRESENT",
-                                            getSelfTestName() );
+            logMessage = CMS.getLogMessage("SELFTESTS_KRA_IS_PRESENT",
+                                            getSelfTestName());
 
-            mSelfTestSubsystem.log( logger,
-                                    logMessage );
+            mSelfTestSubsystem.log(logger,
+                                    logMessage);
         }
 
         return;
     }
 }
-
diff --git a/pki/base/common/src/com/netscape/cms/selftests/ocsp/OCSPPresence.java b/pki/base/common/src/com/netscape/cms/selftests/ocsp/OCSPPresence.java
index 507148bd..cfdb20af 100644
--- a/pki/base/common/src/com/netscape/cms/selftests/ocsp/OCSPPresence.java
+++ b/pki/base/common/src/com/netscape/cms/selftests/ocsp/OCSPPresence.java
@@ -20,8 +20,6 @@
 
 package com.netscape.cms.selftests.ocsp;
 
-
-
 ///////////////////////
 // import statements //
 ///////////////////////
@@ -45,8 +43,6 @@ import com.netscape.certsrv.selftests.ESelfTestException;
 import com.netscape.certsrv.selftests.ISelfTestSubsystem;
 import com.netscape.cms.selftests.ASelfTest;
 
-
-
 //////////////////////
 // class definition //
 //////////////////////
@@ -60,83 +56,75 @@ import com.netscape.cms.selftests.ASelfTest;
  * @version $Revision$, $Date$
  */
 public class OCSPPresence
-extends ASelfTest
-{
-    ////////////////////////
+        extends ASelfTest {
+    // //////////////////////
     // default parameters //
-    ////////////////////////
-
-
+    // //////////////////////
 
-    /////////////////////////////
+    // ///////////////////////////
     // OCSPPresence parameters //
-    /////////////////////////////
+    // ///////////////////////////
 
     // parameter information
     public static final String PROP_OCSP_SUB_ID = "OcspSubId";
-    private String mOcspSubId                   = null;
+    private String mOcspSubId = null;
 
-
-
-    /////////////////////
+    // ///////////////////
     // default methods //
-    /////////////////////
-
+    // ///////////////////
 
-
-    //////////////////////////
+    // ////////////////////////
     // OCSPPresence methods //
-    //////////////////////////
+    // ////////////////////////
 
     /**
-     * Initializes this subsystem with the configuration store
-     * associated with this instance name.
+     * Initializes this subsystem with the configuration store associated with
+     * this instance name.
      * <P>
-     *
+     * 
      * @param subsystem the associated subsystem
-     * @param instanceName the name of this self test instance 
+     * @param instanceName the name of this self test instance
      * @param parameters configuration store (self test parameters)
      * @exception EDuplicateSelfTestException subsystem has duplicate name/value
      * @exception EInvalidSelfTestException subsystem has invalid name/value
      * @exception EMissingSelfTestException subsystem has missing name/value
      */
-    public void initSelfTest( ISelfTestSubsystem subsystem,
+    public void initSelfTest(ISelfTestSubsystem subsystem,
                               String instanceName,
-                              IConfigStore parameters )
-    throws EDuplicateSelfTestException,
-           EInvalidSelfTestException,
-           EMissingSelfTestException
-    {
-        super.initSelfTest( subsystem, instanceName, parameters );
+                              IConfigStore parameters)
+            throws EDuplicateSelfTestException,
+            EInvalidSelfTestException,
+            EMissingSelfTestException {
+        super.initSelfTest(subsystem, instanceName, parameters);
 
         // retrieve mandatory parameter(s)
         try {
-            mOcspSubId = mConfig.getString( PROP_OCSP_SUB_ID );
-            if( mOcspSubId != null ) {
+            mOcspSubId = mConfig.getString(PROP_OCSP_SUB_ID);
+            if (mOcspSubId != null) {
                 mOcspSubId = mOcspSubId.trim();
             } else {
-                mSelfTestSubsystem.log( mSelfTestSubsystem.getSelfTestLogger(),
+                mSelfTestSubsystem.log(mSelfTestSubsystem.getSelfTestLogger(),
                                         CMS.getLogMessage(
-                                        "SELFTESTS_MISSING_VALUES",
-                                        getSelfTestName(),
-                                        mPrefix
-                                      + "."
-                                      + PROP_OCSP_SUB_ID ) );
+                                                "SELFTESTS_MISSING_VALUES",
+                                                getSelfTestName(),
+                                                mPrefix
+                                                        + "."
+                                                        + PROP_OCSP_SUB_ID));
 
-                throw new EMissingSelfTestException( PROP_OCSP_SUB_ID );
+                throw new EMissingSelfTestException(PROP_OCSP_SUB_ID);
             }
-        } catch( EBaseException e ) {
-            mSelfTestSubsystem.log( mSelfTestSubsystem.getSelfTestLogger(),
+        } catch (EBaseException e) {
+            mSelfTestSubsystem.log(mSelfTestSubsystem.getSelfTestLogger(),
                                     CMS.getLogMessage(
-                                    "SELFTESTS_MISSING_NAME",
-                                    getSelfTestName(),
-                                    mPrefix
-                                  + "."
-                                  + PROP_OCSP_SUB_ID ) );
+                                            "SELFTESTS_MISSING_NAME",
+                                            getSelfTestName(),
+                                            mPrefix
+                                                    + "."
+                                                    + PROP_OCSP_SUB_ID));
 
-            throw new EMissingSelfTestException( mPrefix,
+            throw new EMissingSelfTestException(mPrefix,
                                                  PROP_OCSP_SUB_ID,
-                                                 null );
+                                                 null);
         }
 
         // retrieve optional parameter(s)
@@ -144,162 +132,149 @@ extends ASelfTest
         return;
     }
 
-
     /**
      * Notifies this subsystem if it is in execution mode.
      * <P>
-     *
+     * 
      * @exception ESelfTestException failed to start
      */
     public void startupSelfTest()
-    throws ESelfTestException
-    {
+            throws ESelfTestException {
         return;
     }
 
-
     /**
-     * Stops this subsystem. The subsystem may call shutdownSelfTest
-     * anytime after initialization.
+     * Stops this subsystem. The subsystem may call shutdownSelfTest anytime
+     * after initialization.
      * <P>
      */
-    public void shutdownSelfTest()
-    {
+    public void shutdownSelfTest() {
         return;
     }
 
-
     /**
-     * Returns the name associated with this self test. This method may
-     * return null if the self test has not been intialized.
+     * Returns the name associated with this self test. This method may return
+     * null if the self test has not been intialized.
      * <P>
-     *
+     * 
      * @return instanceName of this self test
      */
-    public String getSelfTestName()
-    {
+    public String getSelfTestName() {
         return super.getSelfTestName();
     }
 
-
     /**
-     * Returns the root configuration storage (self test parameters)
-     * associated with this subsystem.
+     * Returns the root configuration storage (self test parameters) associated
+     * with this subsystem.
      * <P>
-     *
+     * 
      * @return configuration store (self test parameters) of this subsystem
      */
-    public IConfigStore getSelfTestConfigStore()
-    {
+    public IConfigStore getSelfTestConfigStore() {
         return super.getSelfTestConfigStore();
     }
 
-
     /**
-     * Retrieves description associated with an individual self test.
-     * This method may return null.
+     * Retrieves description associated with an individual self test. This
+     * method may return null.
      * <P>
-     *
+     * 
      * @param locale locale of the client that requests the description
      * @return description of self test
      */
-    public String getSelfTestDescription( Locale locale )
-    {
-        return CMS.getUserMessage( locale,
-                                   "CMS_SELFTESTS_OCSP_PRESENCE_DESCRIPTION" );
+    public String getSelfTestDescription(Locale locale) {
+        return CMS.getUserMessage(locale,
+                                   "CMS_SELFTESTS_OCSP_PRESENCE_DESCRIPTION");
     }
 
-
     /**
      * Execute an individual self test.
      * <P>
-     *
+     * 
      * @param logger specifies logging subsystem
      * @exception ESelfTestException self test exception
      */
-    public void runSelfTest( ILogEventListener logger )
-    throws ESelfTestException
-    {
+    public void runSelfTest(ILogEventListener logger)
+            throws ESelfTestException {
         String logMessage = null;
         IOCSPAuthority ocsp = null;
         ISigningUnit ocspSigningUnit = null;
         X509CertImpl ocspCert = null;
         X509Key ocspPubKey = null;
 
-        ocsp = ( IOCSPAuthority ) CMS.getSubsystem( mOcspSubId );
+        ocsp = (IOCSPAuthority) CMS.getSubsystem(mOcspSubId);
 
-        if( ocsp == null ) {
+        if (ocsp == null) {
             // log that the OCSP is not installed
-            logMessage = CMS.getLogMessage( "SELFTESTS_OCSP_IS_NOT_PRESENT",
-                                            getSelfTestName() );
+            logMessage = CMS.getLogMessage("SELFTESTS_OCSP_IS_NOT_PRESENT",
+                                            getSelfTestName());
 
-            mSelfTestSubsystem.log( logger,
-                                    logMessage );
+            mSelfTestSubsystem.log(logger,
+                                    logMessage);
 
-            throw new ESelfTestException( logMessage );
+            throw new ESelfTestException(logMessage);
         } else {
             // Retrieve the OCSP signing unit
             ocspSigningUnit = ocsp.getSigningUnit();
 
-            if( ocspSigningUnit == null ) {
+            if (ocspSigningUnit == null) {
                 // log that the OCSP is not yet initialized
-                logMessage = CMS.getLogMessage( 
+                logMessage = CMS.getLogMessage(
                              "SELFTESTS_OCSP_IS_NOT_INITIALIZED",
-                             getSelfTestName() );
-  
-                mSelfTestSubsystem.log( logger,
-                                        logMessage );
-  
-                throw new ESelfTestException( logMessage );
+                             getSelfTestName());
+
+                mSelfTestSubsystem.log(logger,
+                                        logMessage);
+
+                throw new ESelfTestException(logMessage);
             }
 
             // Retrieve the OCSP certificate
             ocspCert = ocspSigningUnit.getCertImpl();
 
-            if( ocspCert == null ) {
+            if (ocspCert == null) {
                 // log that the OCSP is not yet initialized
-                logMessage = CMS.getLogMessage( 
+                logMessage = CMS.getLogMessage(
                              "SELFTESTS_OCSP_IS_NOT_INITIALIZED",
-                             getSelfTestName() );
-  
-                mSelfTestSubsystem.log( logger,
-                                        logMessage );
-  
-                throw new ESelfTestException( logMessage );
+                             getSelfTestName());
+
+                mSelfTestSubsystem.log(logger,
+                                        logMessage);
+
+                throw new ESelfTestException(logMessage);
             }
 
             // Retrieve the OCSP certificate public key
             try {
-                ocspPubKey = ( X509Key )
-                             ocspCert.get( X509CertImpl.PUBLIC_KEY );
+                ocspPubKey = (X509Key)
+                             ocspCert.get(X509CertImpl.PUBLIC_KEY);
 
-                if( ocspPubKey == null ) {
+                if (ocspPubKey == null) {
                     // log that something is seriously wrong with the OCSP
-                    logMessage = CMS.getLogMessage( "SELFTESTS_OCSP_IS_CORRUPT",
-                                                    getSelfTestName() );
+                    logMessage = CMS.getLogMessage("SELFTESTS_OCSP_IS_CORRUPT",
+                                                    getSelfTestName());
 
-                    mSelfTestSubsystem.log( logger,
-                                            logMessage );
+                    mSelfTestSubsystem.log(logger,
+                                            logMessage);
 
-                    throw new ESelfTestException( logMessage );
+                    throw new ESelfTestException(logMessage);
                 }
-            } catch( CertificateParsingException e ) {
+            } catch (CertificateParsingException e) {
                 // log that something is seriously wrong with the OCSP
-                mSelfTestSubsystem.log( logger,
-                                        e.toString() );
+                mSelfTestSubsystem.log(logger,
+                                        e.toString());
 
-                throw new ESelfTestException( e.toString() );
+                throw new ESelfTestException(e.toString());
             }
 
             // log that the OCSP is present
-            logMessage = CMS.getLogMessage( "SELFTESTS_OCSP_IS_PRESENT",
-                                            getSelfTestName() );
+            logMessage = CMS.getLogMessage("SELFTESTS_OCSP_IS_PRESENT",
+                                            getSelfTestName());
 
-            mSelfTestSubsystem.log( logger,
-                                    logMessage );
+            mSelfTestSubsystem.log(logger,
+                                    logMessage);
         }
 
         return;
     }
 }
-
diff --git a/pki/base/common/src/com/netscape/cms/selftests/ocsp/OCSPValidity.java b/pki/base/common/src/com/netscape/cms/selftests/ocsp/OCSPValidity.java
index e6516b2a..e1ff529b 100644
--- a/pki/base/common/src/com/netscape/cms/selftests/ocsp/OCSPValidity.java
+++ b/pki/base/common/src/com/netscape/cms/selftests/ocsp/OCSPValidity.java
@@ -20,8 +20,6 @@
 
 package com.netscape.cms.selftests.ocsp;
 
-
-
 ///////////////////////
 // import statements //
 ///////////////////////
@@ -45,14 +43,12 @@ import com.netscape.certsrv.selftests.ESelfTestException;
 import com.netscape.certsrv.selftests.ISelfTestSubsystem;
 import com.netscape.cms.selftests.ASelfTest;
 
-
-
 //////////////////////
 // class definition //
 //////////////////////
 
 /**
- * This class implements a self test to check the validity of the OCSP. 
+ * This class implements a self test to check the validity of the OCSP.
  * <P>
  * 
  * @author mharmsen
@@ -60,83 +56,75 @@ import com.netscape.cms.selftests.ASelfTest;
  * @version $Revision$, $Date$
  */
 public class OCSPValidity
-extends ASelfTest
-{
-    ////////////////////////
+        extends ASelfTest {
+    // //////////////////////
     // default parameters //
-    ////////////////////////
-
-
+    // //////////////////////
 
-    /////////////////////////////
+    // ///////////////////////////
     // OCSPValidity parameters //
-    /////////////////////////////
+    // ///////////////////////////
 
     // parameter information
     public static final String PROP_OCSP_SUB_ID = "OcspSubId";
-    private String mOcspSubId                   = null;
+    private String mOcspSubId = null;
 
-
-
-    /////////////////////
+    // ///////////////////
     // default methods //
-    /////////////////////
-
+    // ///////////////////
 
-
-    //////////////////////////
+    // ////////////////////////
     // OCSPValidity methods //
-    //////////////////////////
+    // ////////////////////////
 
     /**
-     * Initializes this subsystem with the configuration store
-     * associated with this instance name.
+     * Initializes this subsystem with the configuration store associated with
+     * this instance name.
      * <P>
-     *
+     * 
      * @param subsystem the associated subsystem
-     * @param instanceName the name of this self test instance 
+     * @param instanceName the name of this self test instance
      * @param parameters configuration store (self test parameters)
      * @exception EDuplicateSelfTestException subsystem has duplicate name/value
      * @exception EInvalidSelfTestException subsystem has invalid name/value
      * @exception EMissingSelfTestException subsystem has missing name/value
      */
-    public void initSelfTest( ISelfTestSubsystem subsystem,
+    public void initSelfTest(ISelfTestSubsystem subsystem,
                               String instanceName,
-                              IConfigStore parameters )
-    throws EDuplicateSelfTestException,
-           EInvalidSelfTestException,
-           EMissingSelfTestException
-    {
-        super.initSelfTest( subsystem, instanceName, parameters );
+                              IConfigStore parameters)
+            throws EDuplicateSelfTestException,
+            EInvalidSelfTestException,
+            EMissingSelfTestException {
+        super.initSelfTest(subsystem, instanceName, parameters);
 
         // retrieve mandatory parameter(s)
         try {
-            mOcspSubId = mConfig.getString( PROP_OCSP_SUB_ID );
-            if( mOcspSubId != null ) {
+            mOcspSubId = mConfig.getString(PROP_OCSP_SUB_ID);
+            if (mOcspSubId != null) {
                 mOcspSubId = mOcspSubId.trim();
             } else {
-                mSelfTestSubsystem.log( mSelfTestSubsystem.getSelfTestLogger(),
+                mSelfTestSubsystem.log(mSelfTestSubsystem.getSelfTestLogger(),
                                         CMS.getLogMessage(
-                                        "SELFTESTS_MISSING_VALUES",
-                                        getSelfTestName(),
-                                        mPrefix
-                                      + "."
-                                      + PROP_OCSP_SUB_ID ) );
+                                                "SELFTESTS_MISSING_VALUES",
+                                                getSelfTestName(),
+                                                mPrefix
+                                                        + "."
+                                                        + PROP_OCSP_SUB_ID));
 
-                throw new EMissingSelfTestException( PROP_OCSP_SUB_ID );
+                throw new EMissingSelfTestException(PROP_OCSP_SUB_ID);
             }
-        } catch( EBaseException e ) {
-            mSelfTestSubsystem.log( mSelfTestSubsystem.getSelfTestLogger(),
+        } catch (EBaseException e) {
+            mSelfTestSubsystem.log(mSelfTestSubsystem.getSelfTestLogger(),
                                     CMS.getLogMessage(
-                                    "SELFTESTS_MISSING_NAME",
-                                    getSelfTestName(),
-                                    mPrefix
-                                  + "."
-                                  + PROP_OCSP_SUB_ID ) );
+                                            "SELFTESTS_MISSING_NAME",
+                                            getSelfTestName(),
+                                            mPrefix
+                                                    + "."
+                                                    + PROP_OCSP_SUB_ID));
 
-            throw new EMissingSelfTestException( mPrefix,
+            throw new EMissingSelfTestException(mPrefix,
                                                  PROP_OCSP_SUB_ID,
-                                                 null );
+                                                 null);
         }
 
         // retrieve optional parameter(s)
@@ -144,162 +132,149 @@ extends ASelfTest
         return;
     }
 
-
     /**
      * Notifies this subsystem if it is in execution mode.
      * <P>
-     *
+     * 
      * @exception ESelfTestException failed to start
      */
     public void startupSelfTest()
-    throws ESelfTestException
-    {
+            throws ESelfTestException {
         return;
     }
 
-
     /**
-     * Stops this subsystem. The subsystem may call shutdownSelfTest
-     * anytime after initialization.
+     * Stops this subsystem. The subsystem may call shutdownSelfTest anytime
+     * after initialization.
      * <P>
      */
-    public void shutdownSelfTest()
-    {
+    public void shutdownSelfTest() {
         return;
     }
 
-
     /**
-     * Returns the name associated with this self test. This method may
-     * return null if the self test has not been intialized.
+     * Returns the name associated with this self test. This method may return
+     * null if the self test has not been intialized.
      * <P>
-     *
+     * 
      * @return instanceName of this self test
      */
-    public String getSelfTestName()
-    {
+    public String getSelfTestName() {
         return super.getSelfTestName();
     }
 
-
     /**
-     * Returns the root configuration storage (self test parameters)
-     * associated with this subsystem.
+     * Returns the root configuration storage (self test parameters) associated
+     * with this subsystem.
      * <P>
-     *
+     * 
      * @return configuration store (self test parameters) of this subsystem
      */
-    public IConfigStore getSelfTestConfigStore()
-    {
+    public IConfigStore getSelfTestConfigStore() {
         return super.getSelfTestConfigStore();
     }
 
-
     /**
-     * Retrieves description associated with an individual self test.
-     * This method may return null.
+     * Retrieves description associated with an individual self test. This
+     * method may return null.
      * <P>
-     *
+     * 
      * @param locale locale of the client that requests the description
      * @return description of self test
      */
-    public String getSelfTestDescription( Locale locale )
-    {
-        return CMS.getUserMessage( locale,
-                                   "CMS_SELFTESTS_OCSP_VALIDITY_DESCRIPTION" );
+    public String getSelfTestDescription(Locale locale) {
+        return CMS.getUserMessage(locale,
+                                   "CMS_SELFTESTS_OCSP_VALIDITY_DESCRIPTION");
     }
 
-
     /**
      * Execute an individual self test.
      * <P>
-     *
+     * 
      * @param logger specifies logging subsystem
      * @exception ESelfTestException self test exception
      */
-    public void runSelfTest( ILogEventListener logger )
-    throws ESelfTestException
-    {
+    public void runSelfTest(ILogEventListener logger)
+            throws ESelfTestException {
         String logMessage = null;
         IOCSPAuthority ocsp = null;
         ISigningUnit ocspSigningUnit = null;
         X509CertImpl ocspCert = null;
 
-        ocsp = ( IOCSPAuthority ) CMS.getSubsystem( mOcspSubId );
+        ocsp = (IOCSPAuthority) CMS.getSubsystem(mOcspSubId);
 
-        if( ocsp == null ) {
+        if (ocsp == null) {
             // log that the OCSP is not installed
-            logMessage = CMS.getLogMessage( "SELFTESTS_OCSP_IS_NOT_PRESENT",
-                                            getSelfTestName() );
+            logMessage = CMS.getLogMessage("SELFTESTS_OCSP_IS_NOT_PRESENT",
+                                            getSelfTestName());
 
-            mSelfTestSubsystem.log( logger,
-                                    logMessage );
+            mSelfTestSubsystem.log(logger,
+                                    logMessage);
 
-            throw new ESelfTestException( logMessage );
+            throw new ESelfTestException(logMessage);
         } else {
             // Retrieve the OCSP signing unit
             ocspSigningUnit = ocsp.getSigningUnit();
 
-            if( ocspSigningUnit == null ) {
+            if (ocspSigningUnit == null) {
                 // log that the OCSP is not yet initialized
-                logMessage = CMS.getLogMessage( 
+                logMessage = CMS.getLogMessage(
                              "SELFTESTS_OCSP_IS_NOT_INITIALIZED",
-                             getSelfTestName() );
-  
-                mSelfTestSubsystem.log( logger,
-                                        logMessage );
-  
-                throw new ESelfTestException( logMessage );
+                             getSelfTestName());
+
+                mSelfTestSubsystem.log(logger,
+                                        logMessage);
+
+                throw new ESelfTestException(logMessage);
             }
 
             // Retrieve the OCSP certificate
             ocspCert = ocspSigningUnit.getCertImpl();
 
-            if( ocspCert == null ) {
+            if (ocspCert == null) {
                 // log that the OCSP is not yet initialized
-                logMessage = CMS.getLogMessage( 
+                logMessage = CMS.getLogMessage(
                              "SELFTESTS_OCSP_IS_NOT_INITIALIZED",
-                             getSelfTestName() );
+                             getSelfTestName());
 
-                mSelfTestSubsystem.log( logger,
-                                        logMessage );
+                mSelfTestSubsystem.log(logger,
+                                        logMessage);
 
-                throw new ESelfTestException( logMessage );
+                throw new ESelfTestException(logMessage);
             }
 
             // Retrieve the OCSP validity period
             try {
                 ocspCert.checkValidity();
-            } catch( CertificateNotYetValidException e ) {
+            } catch (CertificateNotYetValidException e) {
                 // log that the OCSP is not yet valid
                 logMessage = CMS.getLogMessage(
                                  "SELFTESTS_OCSP_IS_NOT_YET_VALID",
-                                 getSelfTestName() );
+                                 getSelfTestName());
 
-                mSelfTestSubsystem.log( logger,
-                                        logMessage );
+                mSelfTestSubsystem.log(logger,
+                                        logMessage);
 
-                throw new ESelfTestException( logMessage );
-            } catch( CertificateExpiredException e ) {
+                throw new ESelfTestException(logMessage);
+            } catch (CertificateExpiredException e) {
                 // log that the OCSP is expired
-                logMessage = CMS.getLogMessage( "SELFTESTS_OCSP_IS_EXPIRED",
-                                                getSelfTestName() );
+                logMessage = CMS.getLogMessage("SELFTESTS_OCSP_IS_EXPIRED",
+                                                getSelfTestName());
 
-                mSelfTestSubsystem.log( logger,
-                                        logMessage );
+                mSelfTestSubsystem.log(logger,
+                                        logMessage);
 
-                throw new ESelfTestException( logMessage );
+                throw new ESelfTestException(logMessage);
             }
 
             // log that the OCSP is valid
-            logMessage = CMS.getLogMessage( "SELFTESTS_OCSP_IS_VALID",
-                                            getSelfTestName() );
+            logMessage = CMS.getLogMessage("SELFTESTS_OCSP_IS_VALID",
+                                            getSelfTestName());
 
-            mSelfTestSubsystem.log( logger,
-                                    logMessage );
+            mSelfTestSubsystem.log(logger,
+                                    logMessage);
         }
 
         return;
     }
 }
-
diff --git a/pki/base/common/src/com/netscape/cms/selftests/ra/RAPresence.java b/pki/base/common/src/com/netscape/cms/selftests/ra/RAPresence.java
index 1a8b4c3e..0163cdf3 100644
--- a/pki/base/common/src/com/netscape/cms/selftests/ra/RAPresence.java
+++ b/pki/base/common/src/com/netscape/cms/selftests/ra/RAPresence.java
@@ -20,8 +20,6 @@
 
 package com.netscape.cms.selftests.ra;
 
-
-
 ///////////////////////
 // import statements //
 ///////////////////////
@@ -41,8 +39,6 @@ import com.netscape.certsrv.selftests.ESelfTestException;
 import com.netscape.certsrv.selftests.ISelfTestSubsystem;
 import com.netscape.cms.selftests.ASelfTest;
 
-
-
 //////////////////////
 // class definition //
 //////////////////////
@@ -50,6 +46,7 @@ import com.netscape.cms.selftests.ASelfTest;
 /**
  * This class implements a self test to check for RA presence.
  * <P>
+ * 
  * <PRE>
  * NOTE:  This self-test is for Registration Authorities prior to
  *        Netscape Certificate Management System 7.0.  It does NOT
@@ -65,83 +62,75 @@ import com.netscape.cms.selftests.ASelfTest;
  * @version $Revision$, $Date$
  */
 public class RAPresence
-extends ASelfTest
-{
-    ////////////////////////
+        extends ASelfTest {
+    // //////////////////////
     // default parameters //
-    ////////////////////////
+    // //////////////////////
 
-
-
-    ///////////////////////////
+    // /////////////////////////
     // RAPresence parameters //
-    ///////////////////////////
+    // /////////////////////////
 
     // parameter information
     public static final String PROP_RA_SUB_ID = "RaSubId";
-    private String mRaSubId                   = null;
-
-
+    private String mRaSubId = null;
 
-    /////////////////////
+    // ///////////////////
     // default methods //
-    /////////////////////
+    // ///////////////////
 
-
-
-    ////////////////////////
+    // //////////////////////
     // RAPresence methods //
-    ////////////////////////
+    // //////////////////////
 
     /**
-     * Initializes this subsystem with the configuration store
-     * associated with this instance name.
+     * Initializes this subsystem with the configuration store associated with
+     * this instance name.
      * <P>
-     *
+     * 
      * @param subsystem the associated subsystem
-     * @param instanceName the name of this self test instance 
+     * @param instanceName the name of this self test instance
      * @param parameters configuration store (self test parameters)
      * @exception EDuplicateSelfTestException subsystem has duplicate name/value
      * @exception EInvalidSelfTestException subsystem has invalid name/value
      * @exception EMissingSelfTestException subsystem has missing name/value
      */
-    public void initSelfTest( ISelfTestSubsystem subsystem,
+    public void initSelfTest(ISelfTestSubsystem subsystem,
                               String instanceName,
-                              IConfigStore parameters )
-    throws EDuplicateSelfTestException,
-           EInvalidSelfTestException,
-           EMissingSelfTestException
-    {
-        super.initSelfTest( subsystem, instanceName, parameters );
+                              IConfigStore parameters)
+            throws EDuplicateSelfTestException,
+            EInvalidSelfTestException,
+            EMissingSelfTestException {
+        super.initSelfTest(subsystem, instanceName, parameters);
 
         // retrieve mandatory parameter(s)
         try {
-            mRaSubId = mConfig.getString( PROP_RA_SUB_ID );
-            if( mRaSubId != null ) {
+            mRaSubId = mConfig.getString(PROP_RA_SUB_ID);
+            if (mRaSubId != null) {
                 mRaSubId = mRaSubId.trim();
             } else {
-                mSelfTestSubsystem.log( mSelfTestSubsystem.getSelfTestLogger(),
+                mSelfTestSubsystem.log(mSelfTestSubsystem.getSelfTestLogger(),
                                         CMS.getLogMessage(
-                                        "SELFTESTS_MISSING_VALUES",
-                                        getSelfTestName(),
-                                        mPrefix
-                                      + "."
-                                      + PROP_RA_SUB_ID ) );
+                                                "SELFTESTS_MISSING_VALUES",
+                                                getSelfTestName(),
+                                                mPrefix
+                                                        + "."
+                                                        + PROP_RA_SUB_ID));
 
-                throw new EMissingSelfTestException( PROP_RA_SUB_ID );
+                throw new EMissingSelfTestException(PROP_RA_SUB_ID);
             }
-        } catch( EBaseException e ) {
-            mSelfTestSubsystem.log( mSelfTestSubsystem.getSelfTestLogger(),
+        } catch (EBaseException e) {
+            mSelfTestSubsystem.log(mSelfTestSubsystem.getSelfTestLogger(),
                                     CMS.getLogMessage(
-                                    "SELFTESTS_MISSING_NAME",
-                                    getSelfTestName(),
-                                    mPrefix
-                                  + "."
-                                  + PROP_RA_SUB_ID ) );
+                                            "SELFTESTS_MISSING_NAME",
+                                            getSelfTestName(),
+                                            mPrefix
+                                                    + "."
+                                                    + PROP_RA_SUB_ID));
 
-            throw new EMissingSelfTestException( mPrefix,
+            throw new EMissingSelfTestException(mPrefix,
                                                  PROP_RA_SUB_ID,
-                                                 null );
+                                                 null);
         }
 
         // retrieve optional parameter(s)
@@ -149,137 +138,124 @@ extends ASelfTest
         return;
     }
 
-
     /**
      * Notifies this subsystem if it is in execution mode.
      * <P>
-     *
+     * 
      * @exception ESelfTestException failed to start
      */
     public void startupSelfTest()
-    throws ESelfTestException
-    {
+            throws ESelfTestException {
         return;
     }
 
-
     /**
-     * Stops this subsystem. The subsystem may call shutdownSelfTest
-     * anytime after initialization.
+     * Stops this subsystem. The subsystem may call shutdownSelfTest anytime
+     * after initialization.
      * <P>
      */
-    public void shutdownSelfTest()
-    {
+    public void shutdownSelfTest() {
         return;
     }
 
-
     /**
-     * Returns the name associated with this self test. This method may
-     * return null if the self test has not been intialized.
+     * Returns the name associated with this self test. This method may return
+     * null if the self test has not been intialized.
      * <P>
-     *
+     * 
      * @return instanceName of this self test
      */
-    public String getSelfTestName()
-    {
+    public String getSelfTestName() {
         return super.getSelfTestName();
     }
 
-
     /**
-     * Returns the root configuration storage (self test parameters)
-     * associated with this subsystem.
+     * Returns the root configuration storage (self test parameters) associated
+     * with this subsystem.
      * <P>
-     *
+     * 
      * @return configuration store (self test parameters) of this subsystem
      */
-    public IConfigStore getSelfTestConfigStore()
-    {
+    public IConfigStore getSelfTestConfigStore() {
         return super.getSelfTestConfigStore();
     }
 
-
     /**
-     * Retrieves description associated with an individual self test.
-     * This method may return null.
+     * Retrieves description associated with an individual self test. This
+     * method may return null.
      * <P>
-     *
+     * 
      * @param locale locale of the client that requests the description
      * @return description of self test
      */
-    public String getSelfTestDescription( Locale locale )
-    {
-        return CMS.getUserMessage( locale,
-                                   "CMS_SELFTESTS_RA_PRESENCE_DESCRIPTION" );
+    public String getSelfTestDescription(Locale locale) {
+        return CMS.getUserMessage(locale,
+                                   "CMS_SELFTESTS_RA_PRESENCE_DESCRIPTION");
     }
 
-
     /**
      * Execute an individual self test.
      * <P>
-     *
+     * 
      * @param logger specifies logging subsystem
      * @exception ESelfTestException self test exception
      */
-    public void runSelfTest( ILogEventListener logger )
-    throws ESelfTestException
-    {
+    public void runSelfTest(ILogEventListener logger)
+            throws ESelfTestException {
         String logMessage = null;
         IRegistrationAuthority ra = null;
         org.mozilla.jss.crypto.X509Certificate raCert = null;
         PublicKey raPubKey = null;
 
-        ra = ( IRegistrationAuthority ) CMS.getSubsystem( mRaSubId );
+        ra = (IRegistrationAuthority) CMS.getSubsystem(mRaSubId);
 
-        if( ra == null ) {
+        if (ra == null) {
             // log that the RA is not installed
-            logMessage = CMS.getLogMessage( "SELFTESTS_RA_IS_NOT_PRESENT",
-                                            getSelfTestName() );
+            logMessage = CMS.getLogMessage("SELFTESTS_RA_IS_NOT_PRESENT",
+                                            getSelfTestName());
 
-            mSelfTestSubsystem.log( logger,
-                                    logMessage );
+            mSelfTestSubsystem.log(logger,
+                                    logMessage);
 
-            throw new ESelfTestException( logMessage );
+            throw new ESelfTestException(logMessage);
         } else {
             // Retrieve the RA certificate
             raCert = ra.getRACert();
 
-            if( raCert == null ) {
+            if (raCert == null) {
                 // log that the RA is not yet initialized
-                logMessage = CMS.getLogMessage( 
+                logMessage = CMS.getLogMessage(
                              "SELFTESTS_RA_IS_NOT_INITIALIZED",
-                             getSelfTestName() );
+                             getSelfTestName());
 
-                mSelfTestSubsystem.log( logger,
-                                        logMessage );
+                mSelfTestSubsystem.log(logger,
+                                        logMessage);
 
-                throw new ESelfTestException( logMessage );
+                throw new ESelfTestException(logMessage);
             }
 
             // Retrieve the RA certificate public key
-            raPubKey = ( PublicKey ) raCert.getPublicKey();
+            raPubKey = (PublicKey) raCert.getPublicKey();
 
-            if( raPubKey == null ) {
+            if (raPubKey == null) {
                 // log that something is seriously wrong with the RA
-                logMessage = CMS.getLogMessage( "SELFTESTS_RA_IS_CORRUPT",
-                                                getSelfTestName() );
+                logMessage = CMS.getLogMessage("SELFTESTS_RA_IS_CORRUPT",
+                                                getSelfTestName());
 
-                mSelfTestSubsystem.log( logger,
-                                        logMessage );
+                mSelfTestSubsystem.log(logger,
+                                        logMessage);
 
-                throw new ESelfTestException( logMessage );
+                throw new ESelfTestException(logMessage);
             }
 
             // log that the RA is present
-            logMessage = CMS.getLogMessage( "SELFTESTS_RA_IS_PRESENT",
-                                            getSelfTestName() );
+            logMessage = CMS.getLogMessage("SELFTESTS_RA_IS_PRESENT",
+                                            getSelfTestName());
 
-            mSelfTestSubsystem.log( logger,
-                                    logMessage );
+            mSelfTestSubsystem.log(logger,
+                                    logMessage);
         }
 
         return;
     }
 }
-
diff --git a/pki/base/common/src/com/netscape/cms/selftests/tks/TKSKnownSessionKey.java b/pki/base/common/src/com/netscape/cms/selftests/tks/TKSKnownSessionKey.java
index ba0ae3cb..e01d68b8 100644
--- a/pki/base/common/src/com/netscape/cms/selftests/tks/TKSKnownSessionKey.java
+++ b/pki/base/common/src/com/netscape/cms/selftests/tks/TKSKnownSessionKey.java
@@ -20,8 +20,6 @@
 
 package com.netscape.cms.selftests.tks;
 
-
-
 ///////////////////////
 // import statements //
 ///////////////////////
@@ -42,8 +40,6 @@ import com.netscape.certsrv.selftests.ISelfTestSubsystem;
 import com.netscape.cms.selftests.ASelfTest;
 import com.netscape.symkey.SessionKey;
 
-
-
 //////////////////////
 // class definition //
 //////////////////////
@@ -58,46 +54,43 @@ import com.netscape.symkey.SessionKey;
  * @version $Revision$, $Date$
  */
 public class TKSKnownSessionKey
-extends ASelfTest
-{
+        extends ASelfTest {
     // parameter information
     public static final String PROP_TKS_SUB_ID = "TksSubId";
-    private String mTksSubId      = null;
-    private String mToken         = null;
-    private String mUseSoftToken  = null;
-    private String mKeyName       = null;
-    private byte[] mKeyInfo       = null;
+    private String mTksSubId = null;
+    private String mToken = null;
+    private String mUseSoftToken = null;
+    private String mKeyName = null;
+    private byte[] mKeyInfo = null;
     private byte[] mCardChallenge = null;
     private byte[] mHostChallenge = null;
-    private byte[] mCUID          = null;
-    private byte[] mMacKey        = null;
-    private byte[] mSessionKey    = null;
-
+    private byte[] mCUID = null;
+    private byte[] mMacKey = null;
+    private byte[] mSessionKey = null;
 
     /**
-     * Initializes this subsystem with the configuration store
-     * associated with this instance name.
+     * Initializes this subsystem with the configuration store associated with
+     * this instance name.
      * <P>
-     *
+     * 
      * @param subsystem the associated subsystem
-     * @param instanceName the name of this self test instance 
+     * @param instanceName the name of this self test instance
      * @param parameters configuration store (self test parameters)
      * @exception EDuplicateSelfTestException subsystem has duplicate name/value
      * @exception EInvalidSelfTestException subsystem has invalid name/value
      * @exception EMissingSelfTestException subsystem has missing name/value
      */
-    public void initSelfTest (ISelfTestSubsystem subsystem,
+    public void initSelfTest(ISelfTestSubsystem subsystem,
                               String instanceName,
                               IConfigStore parameters)
-    throws EDuplicateSelfTestException,
-           EInvalidSelfTestException,
-           EMissingSelfTestException
-    {
+            throws EDuplicateSelfTestException,
+            EInvalidSelfTestException,
+            EMissingSelfTestException {
         ISubsystem tks = null;
         IConfigStore tksConfig = null;
         String logMessage = null;
 
-        super.initSelfTest( subsystem, instanceName, parameters );
+        super.initSelfTest(subsystem, instanceName, parameters);
 
         mTksSubId = getConfigString(PROP_TKS_SUB_ID);
         mToken = getConfigString("token");
@@ -128,34 +121,34 @@ extends ASelfTest
         if (defKeySetMacKey == null) {
             CMS.debug("TKSKnownSessionKey: invalid mac key");
             CMS.debug("TKSKnownSessionKey self test FAILED");
-            mSelfTestSubsystem.log (mSelfTestSubsystem.getSelfTestLogger(),
+            mSelfTestSubsystem.log(mSelfTestSubsystem.getSelfTestLogger(),
                                     CMS.getLogMessage("SELFTESTS_INVALID_VALUES",
-                                    getSelfTestName(), mPrefix + "." + "macKey"));
-            throw new EInvalidSelfTestException (mPrefix, "macKey", null);
+                                            getSelfTestName(), mPrefix + "." + "macKey"));
+            throw new EInvalidSelfTestException(mPrefix, "macKey", null);
         }
-     
+
         try {
             mSessionKey = getConfigByteArray("sessionKey", 16);
         } catch (EMissingSelfTestException e) {
             if (mSessionKey == null) {
-                mSessionKey = SessionKey.ComputeSessionKey (mToken, mKeyName,
+                mSessionKey = SessionKey.ComputeSessionKey(mToken, mKeyName,
                                                             mCardChallenge, mHostChallenge,
                                                             mKeyInfo, mCUID, mMacKey, mUseSoftToken, null, null);
                 if (mSessionKey == null || mSessionKey.length != 16) {
-                    mSelfTestSubsystem.log (mSelfTestSubsystem.getSelfTestLogger(),
+                    mSelfTestSubsystem.log(mSelfTestSubsystem.getSelfTestLogger(),
                                             CMS.getLogMessage("SELFTESTS_MISSING_VALUES",
-                                            getSelfTestName(), mPrefix + ".sessionKey"));
-                    throw new EMissingSelfTestException ("sessionKey");
+                                                    getSelfTestName(), mPrefix + ".sessionKey"));
+                    throw new EMissingSelfTestException("sessionKey");
                 }
                 String sessionKey = SpecialEncode(mSessionKey);
                 mConfig.putString("sessionKey", sessionKey);
                 try {
                     CMS.getConfigStore().commit(true);
                 } catch (EBaseException be) {
-                    mSelfTestSubsystem.log (mSelfTestSubsystem.getSelfTestLogger(),
+                    mSelfTestSubsystem.log(mSelfTestSubsystem.getSelfTestLogger(),
                                             CMS.getLogMessage("SELFTESTS_MISSING_VALUES",
-                                            getSelfTestName(), mPrefix + ".sessionKey"));
-                    throw new EMissingSelfTestException ("sessionKey");
+                                                    getSelfTestName(), mPrefix + ".sessionKey"));
+                    throw new EMissingSelfTestException("sessionKey");
                 }
             }
         }
@@ -163,9 +156,7 @@ extends ASelfTest
         return;
     }
 
-
-    private String SpecialEncode (byte data[])
-    {
+    private String SpecialEncode(byte data[]) {
         StringBuffer sb = new StringBuffer();
 
         for (int i = 0; i < data.length; i++) {
@@ -179,9 +170,7 @@ extends ASelfTest
         return sb.toString();
     }
 
-
-    private String getConfigString (String name) throws EMissingSelfTestException
-    {
+    private String getConfigString(String name) throws EMissingSelfTestException {
         String value = null;
 
         try {
@@ -189,137 +178,124 @@ extends ASelfTest
             if (value != null) {
                 value = value.trim();
             } else {
-                mSelfTestSubsystem.log (mSelfTestSubsystem.getSelfTestLogger(),
+                mSelfTestSubsystem.log(mSelfTestSubsystem.getSelfTestLogger(),
                                         CMS.getLogMessage("SELFTESTS_MISSING_VALUES",
-                                        getSelfTestName(), mPrefix + "." + name));
-                throw new EMissingSelfTestException (name);
+                                                getSelfTestName(), mPrefix + "." + name));
+                throw new EMissingSelfTestException(name);
             }
         } catch (EBaseException e) {
-            mSelfTestSubsystem.log (mSelfTestSubsystem.getSelfTestLogger(),
+            mSelfTestSubsystem.log(mSelfTestSubsystem.getSelfTestLogger(),
                                     CMS.getLogMessage("SELFTESTS_MISSING_NAME",
-                                    getSelfTestName(), mPrefix + "." + name));
-            throw new EMissingSelfTestException (mPrefix, name, null);
+                                            getSelfTestName(), mPrefix + "." + name));
+            throw new EMissingSelfTestException(mPrefix, name, null);
         }
 
         return value;
     }
 
-
-    private byte[] getConfigByteArray (String name, int size) throws EMissingSelfTestException,
-                                                                     EInvalidSelfTestException
-    {
+    private byte[] getConfigByteArray(String name, int size) throws EMissingSelfTestException,
+                                                                     EInvalidSelfTestException {
         String stringValue = getConfigString(name);
 
         byte byteValue[] = com.netscape.cmsutil.util.Utils.SpecialDecode(stringValue);
         if (byteValue == null) {
-            mSelfTestSubsystem.log (mSelfTestSubsystem.getSelfTestLogger(),
+            mSelfTestSubsystem.log(mSelfTestSubsystem.getSelfTestLogger(),
                                     CMS.getLogMessage("SELFTESTS_MISSING_NAME",
-                                    getSelfTestName(), mPrefix + "." + name));
-            throw new EMissingSelfTestException (name);
+                                            getSelfTestName(), mPrefix + "." + name));
+            throw new EMissingSelfTestException(name);
         }
         if (byteValue.length != size) {
-            mSelfTestSubsystem.log (mSelfTestSubsystem.getSelfTestLogger(),
+            mSelfTestSubsystem.log(mSelfTestSubsystem.getSelfTestLogger(),
                                     CMS.getLogMessage("SELFTESTS_INVALID_VALUES",
-                                    getSelfTestName(), mPrefix + "." + name));
-            throw new EInvalidSelfTestException (mPrefix, name, stringValue);
+                                            getSelfTestName(), mPrefix + "." + name));
+            throw new EInvalidSelfTestException(mPrefix, name, stringValue);
         }
 
         return byteValue;
     }
 
-
     /**
      * Notifies this subsystem if it is in execution mode.
      * <P>
-     *
+     * 
      * @exception ESelfTestException failed to start
      */
     public void startupSelfTest()
-    throws ESelfTestException
-    {
+            throws ESelfTestException {
         return;
     }
 
-
     /**
-     * Stops this subsystem. The subsystem may call shutdownSelfTest
-     * anytime after initialization.
+     * Stops this subsystem. The subsystem may call shutdownSelfTest anytime
+     * after initialization.
      * <P>
      */
-    public void shutdownSelfTest()
-    {
+    public void shutdownSelfTest() {
         return;
     }
 
-
     /**
-     * Returns the name associated with this self test. This method may
-     * return null if the self test has not been intialized.
+     * Returns the name associated with this self test. This method may return
+     * null if the self test has not been intialized.
      * <P>
-     *
+     * 
      * @return instanceName of this self test
      */
-    public String getSelfTestName()
-    {
+    public String getSelfTestName() {
         return super.getSelfTestName();
     }
 
-
     /**
-     * Returns the root configuration storage (self test parameters)
-     * associated with this subsystem.
+     * Returns the root configuration storage (self test parameters) associated
+     * with this subsystem.
      * <P>
-     *
+     * 
      * @return configuration store (self test parameters) of this subsystem
      */
-    public IConfigStore getSelfTestConfigStore()
-    {
+    public IConfigStore getSelfTestConfigStore() {
         return super.getSelfTestConfigStore();
     }
 
-
     /**
-     * Retrieves description associated with an individual self test.
-     * This method may return null.
+     * Retrieves description associated with an individual self test. This
+     * method may return null.
      * <P>
-     *
+     * 
      * @param locale locale of the client that requests the description
      * @return description of self test
      */
-    public String getSelfTestDescription( Locale locale )
-    {
-        return CMS.getUserMessage (locale, "CMS_SELFTESTS_TKS_PRESENCE_DESCRIPTION");
+    public String getSelfTestDescription(Locale locale) {
+        return CMS.getUserMessage(locale, "CMS_SELFTESTS_TKS_PRESENCE_DESCRIPTION");
     }
 
-
     /**
      * Execute an individual self test.
      * <P>
-     *
+     * 
      * @param logger specifies logging subsystem
      * @exception ESelfTestException self test exception
      */
-    public void runSelfTest (ILogEventListener logger)
-    throws ESelfTestException
-    {
+    public void runSelfTest(ILogEventListener logger)
+            throws ESelfTestException {
         String logMessage = null;
         String keySet = "defKeySet";
 
-        byte[] sessionKey = SessionKey.ComputeSessionKey (mToken, mKeyName,
+        byte[] sessionKey = SessionKey.ComputeSessionKey(mToken, mKeyName,
                                                           mCardChallenge, mHostChallenge,
                                                           mKeyInfo, mCUID, mMacKey, mUseSoftToken, keySet, null);
 
         // Now we just see if we can successfully generate a session key.
-        // For FIPS compliance, the routine now returns a wrapped key, which can't be extracted and compared.
+        // For FIPS compliance, the routine now returns a wrapped key, which
+        // can't be extracted and compared.
         if (sessionKey == null) {
             CMS.debug("TKSKnownSessionKey: generated no session key");
             CMS.debug("TKSKnownSessionKey self test FAILED");
-            logMessage = CMS.getLogMessage ("SELFTESTS_TKS_FAILED", getSelfTestName(), getSelfTestName());
-            mSelfTestSubsystem.log (logger, logMessage);
-            throw new ESelfTestException( logMessage );
-        } else {  
-            logMessage = CMS.getLogMessage ("SELFTESTS_TKS_SUCCEEDED", getSelfTestName(), getSelfTestName());
-            mSelfTestSubsystem.log (logger, logMessage);
+            logMessage = CMS.getLogMessage("SELFTESTS_TKS_FAILED", getSelfTestName(), getSelfTestName());
+            mSelfTestSubsystem.log(logger, logMessage);
+            throw new ESelfTestException(logMessage);
+        } else {
+            logMessage = CMS.getLogMessage("SELFTESTS_TKS_SUCCEEDED", getSelfTestName(), getSelfTestName());
+            mSelfTestSubsystem.log(logger, logMessage);
             CMS.debug("TKSKnownSessionKey self test SUCCEEDED");
         }
 
diff --git a/pki/base/common/src/com/netscape/cms/servlet/admin/ACLAdminServlet.java b/pki/base/common/src/com/netscape/cms/servlet/admin/ACLAdminServlet.java
index 4737e2f7..b805cc96 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/admin/ACLAdminServlet.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/admin/ACLAdminServlet.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.servlet.admin;
 
-
 import java.io.IOException;
 import java.util.Enumeration;
 import java.util.Hashtable;
@@ -45,10 +44,9 @@ import com.netscape.certsrv.logging.ILogger;
 import com.netscape.certsrv.usrgrp.IUGSubsystem;
 import com.netscape.certsrv.usrgrp.IUser;
 
-
 /**
  * Manage Access Control List configuration
- *
+ * 
  * @version $Revision$, $Date$
  */
 public class ACLAdminServlet extends AdminServlet {
@@ -64,7 +62,7 @@ public class ACLAdminServlet extends AdminServlet {
     private IAuthzManager mAuthzMgr = null;
 
     private final static String LOGGING_SIGNED_AUDIT_CONFIG_ACL =
-        "LOGGING_SIGNED_AUDIT_CONFIG_ACL_3";
+            "LOGGING_SIGNED_AUDIT_CONFIG_ACL_3";
 
     /**
      * Constructs servlet.
@@ -74,17 +72,18 @@ public class ACLAdminServlet extends AdminServlet {
         mUG = (IUGSubsystem) CMS.getSubsystem(CMS.SUBSYSTEM_UG);
     }
 
-   /**
-     * initialize the servlet. 
+    /**
+     * initialize the servlet.
      * <ul>
      * <li>http.param OP_TYPE = OP_SEARCH,
      * <li>http.param OP_SCOPE - the scope of the request operation:
-     *  <ul><LI>"impl" ACL implementations
-     *      <LI>"acls" ACL rules
-     *      <LI>"evaluatorTypes" ACL evaluators.
-     *  </ul>
+     * <ul>
+     * <LI>"impl" ACL implementations
+     * <LI>"acls" ACL rules
+     * <LI>"evaluatorTypes" ACL evaluators.
      * </ul>
-     *
+     * </ul>
+     * 
      * @param config servlet configuration, read from the web.xml file
      */
     public void init(ServletConfig config) throws ServletException {
@@ -99,24 +98,24 @@ public class ACLAdminServlet extends AdminServlet {
         return INFO;
     }
 
-   /**
+    /**
      * Process the HTTP request.
-     *
+     * 
      * @param req the object holding the request information
      * @param resp the object holding the response information
      */
 
     public void service(HttpServletRequest req, HttpServletResponse resp)
-        throws ServletException, IOException {
+            throws ServletException, IOException {
 
         String scope = super.getParameter(req, Constants.OP_SCOPE);
         String op = super.getParameter(req, Constants.OP_TYPE);
 
         if (op == null) {
             log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_INVALID_PROTOCOL"));
-            sendResponse(ERROR, 
-                CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_PROTOCOL"),
-                null, resp);
+            sendResponse(ERROR,
+                    CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_PROTOCOL"),
+                    null, resp);
             return;
         }
 
@@ -126,8 +125,8 @@ public class ACLAdminServlet extends AdminServlet {
             super.authenticate(req);
         } catch (IOException e) {
             log(ILogger.LL_SECURITY, CMS.getLogMessage("ADMIN_SRVLT_FAIL_AUTHS"));
-            sendResponse(ERROR, CMS.getUserMessage(getLocale(req),"CMS_ADMIN_SRVLT_AUTHS_FAILED"),
-                null, resp);
+            sendResponse(ERROR, CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHS_FAILED"),
+                    null, resp);
             return;
         }
 
@@ -141,8 +140,8 @@ public class ACLAdminServlet extends AdminServlet {
         } catch (Exception e) {
             log(ILogger.LL_FAILURE, e.toString());
             sendResponse(ERROR,
-                CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_PERFORM_FAILED"),
-                null, resp);
+                    CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_PERFORM_FAILED"),
+                    null, resp);
             return;
         }
 
@@ -152,9 +151,9 @@ public class ACLAdminServlet extends AdminServlet {
             if (op.equals(OpDef.OP_SEARCH)) {
                 mOp = "read";
                 if ((mToken = super.authorize(req)) == null) {
-                    sendResponse(ERROR, 
-                      CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
-                        null, resp);
+                    sendResponse(ERROR,
+                            CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
+                            null, resp);
                     return;
                 }
                 if (scope.equals(ScopeDef.SC_ACL)) {
@@ -171,8 +170,8 @@ public class ACLAdminServlet extends AdminServlet {
                 mOp = "read";
                 if ((mToken = super.authorize(req)) == null) {
                     sendResponse(ERROR,
-                      CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
-                        null, resp);
+                            CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
+                            null, resp);
                     return;
                 }
                 if (scope.equals(ScopeDef.SC_ACL)) {
@@ -183,8 +182,8 @@ public class ACLAdminServlet extends AdminServlet {
                 mOp = "modify";
                 if ((mToken = super.authorize(req)) == null) {
                     sendResponse(ERROR,
-                      CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
-                        null, resp);
+                            CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
+                            null, resp);
                     return;
                 }
                 if (scope.equals(ScopeDef.SC_ACL)) {
@@ -195,8 +194,8 @@ public class ACLAdminServlet extends AdminServlet {
                 mOp = "modify";
                 if ((mToken = super.authorize(req)) == null) {
                     sendResponse(ERROR,
-                      CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
-                        null, resp);
+                            CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
+                            null, resp);
                     return;
                 }
                 if (scope.equals(ScopeDef.SC_ACL_IMPLS)) {
@@ -207,8 +206,8 @@ public class ACLAdminServlet extends AdminServlet {
                 mOp = "modify";
                 if ((mToken = super.authorize(req)) == null) {
                     sendResponse(ERROR,
-                      CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
-                        null, resp);
+                            CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
+                            null, resp);
                     return;
                 }
                 if (scope.equals(ScopeDef.SC_ACL_IMPLS)) {
@@ -218,38 +217,38 @@ public class ACLAdminServlet extends AdminServlet {
             } else {
                 log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_INVALID_OP_SCOPE"));
                 sendResponse(ERROR,
-                    CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"),
-                    null, resp);
+                        CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"),
+                        null, resp);
                 return;
             }
         } catch (EBaseException e) {
             log(ILogger.LL_FAILURE, e.toString());
             sendResponse(ERROR, e.toString(getLocale(req)),
-                null, resp);
+                    null, resp);
             return;
         } catch (Exception e) {
             log(ILogger.LL_FAILURE, e.toString());
             log(ILogger.LL_DEBUG, "SRVLT_FAIL_PERFORM 2");
 
             sendResponse(ERROR,
-                CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_PERFORM_FAILED"),
-                null, resp);
+                    CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_PERFORM_FAILED"),
+                    null, resp);
             return;
         }
 
         log(ILogger.LL_DEBUG, "SRVLT_FAIL_PERFORM 3");
 
         sendResponse(ERROR,
-            CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_PERFORM_FAILED"),
-            null, resp);
+                CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_PERFORM_FAILED"),
+                null, resp);
         return;
     }
 
     /**
      * list acls resources by name
      */
-    private void listResources(HttpServletRequest req, 
-        HttpServletResponse resp) throws ServletException, IOException,
+    private void listResources(HttpServletRequest req,
+            HttpServletResponse resp) throws ServletException, IOException,
             EBaseException {
 
         NameValuePairs params = new NameValuePairs();
@@ -260,7 +259,7 @@ public class ACLAdminServlet extends AdminServlet {
             ACL acl = (ACL) res.nextElement();
             String desc = acl.getDescription();
 
-            if (desc == null) 
+            if (desc == null)
                 params.add(acl.getName(), "");
             else
                 params.add(acl.getName(), desc);
@@ -272,19 +271,19 @@ public class ACLAdminServlet extends AdminServlet {
     /**
      * get acls information for a resource
      */
-    private void getResourceACL(HttpServletRequest req, 
-        HttpServletResponse resp) throws ServletException, IOException,
+    private void getResourceACL(HttpServletRequest req,
+            HttpServletResponse resp) throws ServletException, IOException,
             EBaseException {
 
         NameValuePairs params = new NameValuePairs();
-        //get resource id first
+        // get resource id first
         String resourceId = super.getParameter(req, Constants.RS_ID);
 
         if (resourceId == null) {
             log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_NULL_RS_ID"));
             sendResponse(ERROR,
-                CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
-                null, resp);
+                    CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
+                    null, resp);
             return;
         }
 
@@ -295,7 +294,7 @@ public class ACLAdminServlet extends AdminServlet {
 
             StringBuffer rights = new StringBuffer();
 
-			if (rightsEnum.hasMoreElements()) {
+            if (rightsEnum.hasMoreElements()) {
                 while (rightsEnum.hasMoreElements()) {
                     if (rights.length() != 0) {
                         rights.append(",");
@@ -332,8 +331,8 @@ public class ACLAdminServlet extends AdminServlet {
         } else {
             log(ILogger.LL_FAILURE, CMS.getLogMessage("ACLS_SRVLT_RESOURCE_NOT_FOUND"));
             sendResponse(ERROR,
-                CMS.getUserMessage(getLocale(req),"CMS_ACL_RESOURCE_NOT_FOUND"),
-                null, resp);
+                    CMS.getUserMessage(getLocale(req), "CMS_ACL_RESOURCE_NOT_FOUND"),
+                    null, resp);
             return;
         }
     }
@@ -341,19 +340,20 @@ public class ACLAdminServlet extends AdminServlet {
     /**
      * modify acls information for a resource
      * <P>
-     *
+     * 
      * <ul>
      * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_ACL used when configuring
      * Access Control List (ACL) information
      * </ul>
+     * 
      * @param req HTTP servlet request
      * @param resp HTTP servlet response
      * @exception ServletException a servlet error has occurred
      * @exception IOException an input/output error has occurred
      * @exception EBaseException an error has occurred
      */
-    private void updateResources(HttpServletRequest req, 
-        HttpServletResponse resp) throws ServletException, IOException,
+    private void updateResources(HttpServletRequest req,
+            HttpServletResponse resp) throws ServletException, IOException,
             EBaseException {
 
         String auditMessage = null;
@@ -378,15 +378,15 @@ public class ACLAdminServlet extends AdminServlet {
                 audit(auditMessage);
 
                 sendResponse(ERROR,
-                    CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
-                    null, resp);
+                        CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
+                        null, resp);
                 return;
             }
 
             // get resource acls
             String resourceACLs = super.getParameter(req, Constants.PR_ACI);
             String rights = super.getParameter(req, Constants.PR_ACL_RIGHTS);
-            String desc = super.getParameter(req, Constants.PR_ACL_DESC); 
+            String desc = super.getParameter(req, Constants.PR_ACL_DESC);
 
             try {
                 mAuthzMgr.updateACLs(resourceId, rights, resourceACLs, desc);
@@ -417,22 +417,22 @@ public class ACLAdminServlet extends AdminServlet {
                 audit(auditMessage);
 
                 sendResponse(ERROR,
-                    CMS.getUserMessage(getLocale(req),"CMS_ACL_UPDATE_FAIL"),
-                    null, resp);
+                        CMS.getUserMessage(getLocale(req), "CMS_ACL_UPDATE_FAIL"),
+                        null, resp);
                 return;
             }
             // } catch( EBaseException eAudit1 ) {
-            //     // store a message in the signed audit log file
-            //     auditMessage = CMS.getLogMessage(
-            //                        LOGGING_SIGNED_AUDIT_CONFIG_ACL,
-            //                        auditSubjectID,
-            //                        ILogger.FAILURE,
-            //                        auditParams( req ) );
+            // // store a message in the signed audit log file
+            // auditMessage = CMS.getLogMessage(
+            // LOGGING_SIGNED_AUDIT_CONFIG_ACL,
+            // auditSubjectID,
+            // ILogger.FAILURE,
+            // auditParams( req ) );
             //
-            //     audit( auditMessage );
+            // audit( auditMessage );
             //
-            //     // rethrow the specific exception to be handled later
-            //     throw eAudit1;
+            // // rethrow the specific exception to be handled later
+            // throw eAudit1;
         } catch (IOException eAudit2) {
             // store a message in the signed audit log file
             auditMessage = CMS.getLogMessage(
@@ -446,31 +446,31 @@ public class ACLAdminServlet extends AdminServlet {
             // rethrow the specific exception to be handled later
             throw eAudit2;
             // } catch( ServletException eAudit3 ) {
-            //     // store a message in the signed audit log file
-            //     auditMessage = CMS.getLogMessage(
-            //                        LOGGING_SIGNED_AUDIT_CONFIG_ACL,
-            //                        auditSubjectID,
-            //                        ILogger.FAILURE,
-            //                        auditParams( req ) );
+            // // store a message in the signed audit log file
+            // auditMessage = CMS.getLogMessage(
+            // LOGGING_SIGNED_AUDIT_CONFIG_ACL,
+            // auditSubjectID,
+            // ILogger.FAILURE,
+            // auditParams( req ) );
             //
-            //     audit( auditMessage );
+            // audit( auditMessage );
             //
-            //     // rethrow the specific exception to be handled later
-            //     throw eAudit3;
+            // // rethrow the specific exception to be handled later
+            // throw eAudit3;
         }
     }
-	
+
     /**
      * list access evaluators by types and class paths
      */
-    private void listACLsEvaluators(HttpServletRequest req, 
-        HttpServletResponse resp) throws ServletException, IOException,
+    private void listACLsEvaluators(HttpServletRequest req,
+            HttpServletResponse resp) throws ServletException, IOException,
             EBaseException {
         NameValuePairs params = new NameValuePairs();
         Enumeration<IAccessEvaluator> res = mAuthzMgr.aclEvaluatorElements();
 
         while (res.hasMoreElements()) {
-            IAccessEvaluator evaluator =  res.nextElement();
+            IAccessEvaluator evaluator = res.nextElement();
 
             // params.add(evaluator.getType(), evaluator.getDescription());
             params.add(evaluator.getType(), evaluator.getClass().getName());
@@ -480,18 +480,18 @@ public class ACLAdminServlet extends AdminServlet {
     }
 
     private void listACLsEvaluatorTypes(HttpServletRequest req,
-        HttpServletResponse resp) throws ServletException, IOException,
+            HttpServletResponse resp) throws ServletException, IOException,
             EBaseException {
         NameValuePairs params = new NameValuePairs();
         Enumeration<IAccessEvaluator> res = mAuthzMgr.aclEvaluatorElements();
 
         while (res.hasMoreElements()) {
-            IAccessEvaluator evaluator =  res.nextElement();
+            IAccessEvaluator evaluator = res.nextElement();
             String[] operators = evaluator.getSupportedOperators();
             StringBuffer str = new StringBuffer();
 
             for (int i = 0; i < operators.length; i++) {
-                if (str.length() > 0) 
+                if (str.length() > 0)
                     str.append(",");
                 str.append(operators[i]);
             }
@@ -505,22 +505,23 @@ public class ACLAdminServlet extends AdminServlet {
     /**
      * add access evaluators
      * <P>
-     *
+     * 
      * <ul>
      * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_ACL used when configuring
      * Access Control List (ACL) information
      * </ul>
+     * 
      * @param req HTTP servlet request
      * @param resp HTTP servlet response
      * @param scope string used to obtain the contents of this ACL evaluator's
-     * substore
+     *            substore
      * @exception ServletException a servlet error has occurred
      * @exception IOException an input/output error has occurred
      * @exception EBaseException an error has occurred
      */
-    private synchronized void addACLsEvaluator(HttpServletRequest req, 
-        HttpServletResponse resp, String scope)
-        throws ServletException, IOException, EBaseException {
+    private synchronized void addACLsEvaluator(HttpServletRequest req,
+            HttpServletResponse resp, String scope)
+            throws ServletException, IOException, EBaseException {
 
         String auditMessage = null;
         String auditSubjectID = auditSubjectID();
@@ -543,26 +544,25 @@ public class ACLAdminServlet extends AdminServlet {
 
                 log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_NULL_RS_ID"));
                 sendResponse(ERROR,
-                    CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
-                    null, resp);
+                        CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
+                        null, resp);
                 return;
             }
 
             // is the evaluator type unique?
             /*
-             if (!mACLs.isTypeUnique(type)) {
-             String infoMsg = "replacing existing type: "+ type;
-             log(ILogger.LL_WARN, infoMsg);
-             }
+             * if (!mACLs.isTypeUnique(type)) { String infoMsg =
+             * "replacing existing type: "+ type; log(ILogger.LL_WARN, infoMsg);
+             * }
              */
 
             // get class
             String classPath = super.getParameter(req, Constants.PR_ACL_CLASS);
 
             IConfigStore destStore =
-                mConfig.getSubStore(PROP_EVAL);
+                    mConfig.getSubStore(PROP_EVAL);
             IConfigStore mStore =
-                destStore.getSubStore(ScopeDef.SC_ACL_IMPLS);
+                    destStore.getSubStore(ScopeDef.SC_ACL_IMPLS);
 
             // Does the class exist?
             Class<?> newImpl = null;
@@ -584,17 +584,16 @@ public class ACLAdminServlet extends AdminServlet {
                 audit(auditMessage);
 
                 sendResponse(ERROR,
-                    CMS.getUserMessage(getLocale(req),"CMS_ACL_CLASS_LOAD_FAIL"),
-                    null, resp);
+                        CMS.getUserMessage(getLocale(req), "CMS_ACL_CLASS_LOAD_FAIL"),
+                        null, resp);
                 return;
             }
 
             // is the class an IAccessEvaluator?
             try {
-                if
-                (Class.forName("com.netscape.certsrv.evaluators.IAccessEvaluator").isAssignableFrom(newImpl) == false) {
+                if (Class.forName("com.netscape.certsrv.evaluators.IAccessEvaluator").isAssignableFrom(newImpl) == false) {
                     String errMsg = "class not com.netscape.certsrv.evaluators.IAccessEvaluator" +
-                        classPath;
+                            classPath;
 
                     log(ILogger.LL_FAILURE, errMsg);
 
@@ -608,13 +607,13 @@ public class ACLAdminServlet extends AdminServlet {
                     audit(auditMessage);
 
                     sendResponse(ERROR,
-                        CMS.getUserMessage(getLocale(req),"CMS_ACL_ILL_CLASS"),
-                        null, resp);
+                            CMS.getUserMessage(getLocale(req), "CMS_ACL_ILL_CLASS"),
+                            null, resp);
                     return;
                 }
             } catch (Exception e) {
                 String errMsg = "class not com.netscape.certsrv.evaluators.IAccessEvaluator" +
-                    classPath;
+                        classPath;
 
                 log(ILogger.LL_FAILURE, errMsg);
 
@@ -628,8 +627,8 @@ public class ACLAdminServlet extends AdminServlet {
                 audit(auditMessage);
 
                 sendResponse(ERROR,
-                    CMS.getUserMessage(getLocale(req),"CMS_ACL_ILL_CLASS"),
-                    null, resp);
+                        CMS.getUserMessage(getLocale(req), "CMS_ACL_ILL_CLASS"),
+                        null, resp);
                 return;
             }
 
@@ -653,8 +652,8 @@ public class ACLAdminServlet extends AdminServlet {
                 audit(auditMessage);
 
                 sendResponse(ERROR,
-                    CMS.getUserMessage(getLocale(req),"CMS_ACL_COMMIT_FAIL"),
-                    null, resp);
+                        CMS.getUserMessage(getLocale(req), "CMS_ACL_COMMIT_FAIL"),
+                        null, resp);
                 return;
             }
 
@@ -676,8 +675,8 @@ public class ACLAdminServlet extends AdminServlet {
                 audit(auditMessage);
 
                 sendResponse(ERROR,
-                    CMS.getUserMessage(getLocale(req),"CMS_ACL_INST_CLASS_FAIL"),
-                    null, resp);
+                        CMS.getUserMessage(getLocale(req), "CMS_ACL_INST_CLASS_FAIL"),
+                        null, resp);
                 return;
             }
 
@@ -688,7 +687,7 @@ public class ACLAdminServlet extends AdminServlet {
                 mAuthzMgr.registerEvaluator(type, evaluator);
             }
 
-            //...
+            // ...
             NameValuePairs params = new NameValuePairs();
 
             // store a message in the signed audit log file
@@ -702,17 +701,17 @@ public class ACLAdminServlet extends AdminServlet {
 
             sendResponse(SUCCESS, null, params, resp);
             // } catch( EBaseException eAudit1 ) {
-            //     // store a message in the signed audit log file
-            //     auditMessage = CMS.getLogMessage(
-            //                        LOGGING_SIGNED_AUDIT_CONFIG_ACL,
-            //                        auditSubjectID,
-            //                        ILogger.FAILURE,
-            //                        auditParams( req ) );
+            // // store a message in the signed audit log file
+            // auditMessage = CMS.getLogMessage(
+            // LOGGING_SIGNED_AUDIT_CONFIG_ACL,
+            // auditSubjectID,
+            // ILogger.FAILURE,
+            // auditParams( req ) );
             //
-            //     audit( auditMessage );
+            // audit( auditMessage );
             //
-            //     // rethrow the specific exception to be handled later
-            //     throw eAudit1;
+            // // rethrow the specific exception to be handled later
+            // throw eAudit1;
         } catch (IOException eAudit2) {
             // store a message in the signed audit log file
             auditMessage = CMS.getLogMessage(
@@ -726,38 +725,39 @@ public class ACLAdminServlet extends AdminServlet {
             // rethrow the specific exception to be handled later
             throw eAudit2;
             // } catch( ServletException eAudit3 ) {
-            //     // store a message in the signed audit log file
-            //     auditMessage = CMS.getLogMessage(
-            //                        LOGGING_SIGNED_AUDIT_CONFIG_ACL,
-            //                        auditSubjectID,
-            //                        ILogger.FAILURE,
-            //                        auditParams( req ) );
+            // // store a message in the signed audit log file
+            // auditMessage = CMS.getLogMessage(
+            // LOGGING_SIGNED_AUDIT_CONFIG_ACL,
+            // auditSubjectID,
+            // ILogger.FAILURE,
+            // auditParams( req ) );
             //
-            //     audit( auditMessage );
+            // audit( auditMessage );
             //
-            //     // rethrow the specific exception to be handled later
-            //     throw eAudit3;
+            // // rethrow the specific exception to be handled later
+            // throw eAudit3;
         }
     }
 
     /**
      * remove access evaluators
      * <P>
-     *
+     * 
      * <ul>
      * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_ACL used when configuring
      * Access Control List (ACL) information
      * </ul>
+     * 
      * @param req HTTP servlet request
      * @param resp HTTP servlet response
      * @param scope string used to obtain the contents of this ACL evaluator's
-     * substore
+     *            substore
      * @exception ServletException a servlet error has occurred
      * @exception IOException an input/output error has occurred
      * @exception EBaseException an error has occurred
      */
-    private synchronized void deleteACLsEvaluator(HttpServletRequest req, 
-        HttpServletResponse resp, String scope) throws ServletException, 
+    private synchronized void deleteACLsEvaluator(HttpServletRequest req,
+            HttpServletResponse resp, String scope) throws ServletException,
             IOException, EBaseException {
 
         String auditMessage = null;
@@ -782,8 +782,8 @@ public class ACLAdminServlet extends AdminServlet {
                 audit(auditMessage);
 
                 sendResponse(ERROR,
-                    CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
-                    null, resp);
+                        CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
+                        null, resp);
                 return;
             }
 
@@ -803,8 +803,8 @@ public class ACLAdminServlet extends AdminServlet {
                 audit(auditMessage);
 
                 sendResponse(ERROR,
-                    CMS.getUserMessage(getLocale(req),"CMS_ACL_EVAL_NOT_FOUND"),
-                    null, resp);
+                        CMS.getUserMessage(getLocale(req), "CMS_ACL_EVAL_NOT_FOUND"),
+                        null, resp);
                 return;
             }
 
@@ -814,13 +814,13 @@ public class ACLAdminServlet extends AdminServlet {
 
             try {
                 IConfigStore destStore =
-                    mConfig.getSubStore(PROP_EVAL);
+                        mConfig.getSubStore(PROP_EVAL);
                 IConfigStore mStore =
-                    destStore.getSubStore(ScopeDef.SC_ACL_IMPLS);
+                        destStore.getSubStore(ScopeDef.SC_ACL_IMPLS);
 
                 mStore.removeSubStore(id);
             } catch (Exception eeee) {
-                //CMS.debugStackTrace(eeee);
+                // CMS.debugStackTrace(eeee);
             }
             // commiting
             try {
@@ -838,8 +838,8 @@ public class ACLAdminServlet extends AdminServlet {
                 audit(auditMessage);
 
                 sendResponse(ERROR,
-                    CMS.getUserMessage(getLocale(req),"CMS_ACL_COMMIT_FAIL"),
-                    null, resp);
+                        CMS.getUserMessage(getLocale(req), "CMS_ACL_COMMIT_FAIL"),
+                        null, resp);
                 return;
             }
 
@@ -855,17 +855,17 @@ public class ACLAdminServlet extends AdminServlet {
             sendResponse(SUCCESS, null, params, resp);
             return;
             // } catch( EBaseException eAudit1 ) {
-            //     // store a message in the signed audit log file
-            //     auditMessage = CMS.getLogMessage(
-            //                        LOGGING_SIGNED_AUDIT_CONFIG_ACL,
-            //                        auditSubjectID,
-            //                        ILogger.FAILURE,
-            //                        auditParams( req ) );
+            // // store a message in the signed audit log file
+            // auditMessage = CMS.getLogMessage(
+            // LOGGING_SIGNED_AUDIT_CONFIG_ACL,
+            // auditSubjectID,
+            // ILogger.FAILURE,
+            // auditParams( req ) );
             //
-            //     audit( auditMessage );
+            // audit( auditMessage );
             //
-            //     // rethrow the specific exception to be handled later
-            //     throw eAudit1;
+            // // rethrow the specific exception to be handled later
+            // throw eAudit1;
         } catch (IOException eAudit2) {
             // store a message in the signed audit log file
             auditMessage = CMS.getLogMessage(
@@ -879,50 +879,43 @@ public class ACLAdminServlet extends AdminServlet {
             // rethrow the specific exception to be handled later
             throw eAudit2;
             // } catch( ServletException eAudit3 ) {
-            //     // store a message in the signed audit log file
-            //     auditMessage = CMS.getLogMessage(
-            //                        LOGGING_SIGNED_AUDIT_CONFIG_ACL,
-            //                        auditSubjectID,
-            //                        ILogger.FAILURE,
-            //                        auditParams( req ) );
+            // // store a message in the signed audit log file
+            // auditMessage = CMS.getLogMessage(
+            // LOGGING_SIGNED_AUDIT_CONFIG_ACL,
+            // auditSubjectID,
+            // ILogger.FAILURE,
+            // auditParams( req ) );
             //
-            //     audit( auditMessage );
+            // audit( auditMessage );
             //
-            //     // rethrow the specific exception to be handled later
-            //     throw eAudit3;
+            // // rethrow the specific exception to be handled later
+            // throw eAudit3;
         }
     }
-	
+
     /**
      * Searchs for certificate requests.
      */
-    
+
     /*
-     private void getACLs(HttpServletRequest req, 
-     HttpServletResponse resp) throws ServletException, IOException,
-     EBaseException {
-     NameValuePairs params = new NameValuePairs();
-     ByteArrayOutputStream bos = new ByteArrayOutputStream();
-     ObjectOutputStream oos = new ObjectOutputStream(bos);
-     String names = getParameter(req, Constants.PT_NAMES);
-     StringTokenizer st = new StringTokenizer(names, ",");
-     while (st.hasMoreTokens()) {
-     String target = st.nextToken();
-     ACL acl = AccessManager.getInstance().getACL(target);
-     oos.writeObject(acl);
-     }
-     // BASE64Encoder encoder = new BASE64Encoder();
-     // params.add(Constants.PT_ACLS, encoder.encodeBuffer(bos.toByteArray()));
-     params.add(Constants.PT_ACLS, CMS.BtoA(bos.toByteArray()));
-     sendResponse(SUCCESS, null, params, resp);
-     }
+     * private void getACLs(HttpServletRequest req, HttpServletResponse resp)
+     * throws ServletException, IOException, EBaseException { NameValuePairs
+     * params = new NameValuePairs(); ByteArrayOutputStream bos = new
+     * ByteArrayOutputStream(); ObjectOutputStream oos = new
+     * ObjectOutputStream(bos); String names = getParameter(req,
+     * Constants.PT_NAMES); StringTokenizer st = new StringTokenizer(names,
+     * ","); while (st.hasMoreTokens()) { String target = st.nextToken(); ACL
+     * acl = AccessManager.getInstance().getACL(target); oos.writeObject(acl); }
+     * // BASE64Encoder encoder = new BASE64Encoder(); //
+     * params.add(Constants.PT_ACLS, encoder.encodeBuffer(bos.toByteArray()));
+     * params.add(Constants.PT_ACLS, CMS.BtoA(bos.toByteArray()));
+     * sendResponse(SUCCESS, null, params, resp); }
      */
 
     private void log(int level, String msg) {
         if (mLogger == null)
             return;
         mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_ACLS,
-            level, "ACLAdminServlet: " + msg);
+                level, "ACLAdminServlet: " + msg);
     }
-}    
-
+}
diff --git a/pki/base/common/src/com/netscape/cms/servlet/admin/AdminResources.java b/pki/base/common/src/com/netscape/cms/servlet/admin/AdminResources.java
index 2024e496..038355f0 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/admin/AdminResources.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/admin/AdminResources.java
@@ -17,13 +17,11 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.servlet.admin;
 
-
 import java.util.ListResourceBundle;
 
-
 /**
  * A class represents a resource bundle for the remote admin.
- *
+ * 
  * @version $Revision$, $Date$
  * @see java.util.ListResourceBundle
  */
@@ -37,8 +35,7 @@ public class AdminResources extends ListResourceBundle {
     }
 
     /**
-     * Constants. The suffix represents the number of
-     * possible parameters.
+     * Constants. The suffix represents the number of possible parameters.
      */
     static final Object[][] contents = {};
 }
diff --git a/pki/base/common/src/com/netscape/cms/servlet/admin/AdminServlet.java b/pki/base/common/src/com/netscape/cms/servlet/admin/AdminServlet.java
index 0f2a6ec7..c7bc1554 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/admin/AdminServlet.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/admin/AdminServlet.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.servlet.admin;
 
-
 import java.io.ByteArrayOutputStream;
 import java.io.DataOutputStream;
 import java.io.IOException;
@@ -56,32 +55,27 @@ import com.netscape.certsrv.usrgrp.IUGSubsystem;
 import com.netscape.certsrv.usrgrp.IUser;
 import com.netscape.cms.servlet.base.UserInfo;
 
-
 /**
- * A class represents an administration servlet that
- * is responsible to serve administrative
- * operation such as configuration parameter updates.
- *
- * Since each administration servlet needs to perform
- * authentication information parsing and response
- * formulation, it makes sense to encapsulate the
+ * A class represents an administration servlet that is responsible to serve
+ * administrative operation such as configuration parameter updates.
+ * 
+ * Since each administration servlet needs to perform authentication information
+ * parsing and response formulation, it makes sense to encapsulate the
  * commonalities into this class.
- *
- * By extending this serlvet, the subclass does not
- * need to re-implement the request parsing code
- * (i.e. authentication information parsing).
- *
- * If a subsystem needs to expose configuration
- * parameters management, it should create an
- * administration servlet (i.e. CAAdminServlet)
- * and register it to RemoteAdmin subsystem.
- *
+ * 
+ * By extending this serlvet, the subclass does not need to re-implement the
+ * request parsing code (i.e. authentication information parsing).
+ * 
+ * If a subsystem needs to expose configuration parameters management, it should
+ * create an administration servlet (i.e. CAAdminServlet) and register it to
+ * RemoteAdmin subsystem.
+ * 
  * <code>
  * public class CAAdminServlet extends AdminServlet {
  *   ...
  * }
  * </code>
- *
+ * 
  * @version $Revision$, $Date$
  */
 public class AdminServlet extends HttpServlet {
@@ -117,8 +111,8 @@ public class AdminServlet extends HttpServlet {
     public final static String AUTHZ_SRC_TYPE = "sourceType";
     public final static String AUTHZ_SRC_LDAP = "ldap";
     public final static String AUTHZ_SRC_XML = "web.xml";
-    public static final String CERT_ATTR = 
-        "javax.servlet.request.X509Certificate";
+    public static final String CERT_ATTR =
+            "javax.servlet.request.X509Certificate";
 
     public final static String SIGNED_AUDIT_SCOPE = "Scope";
     public final static String SIGNED_AUDIT_OPERATION = "Operation";
@@ -130,19 +124,19 @@ public class AdminServlet extends HttpServlet {
     public final static String SIGNED_AUDIT_NAME_VALUE_PAIRS_DELIMITER = "+";
 
     private final static String LOGGING_SIGNED_AUDIT_AUTH_FAIL =
-        "LOGGING_SIGNED_AUDIT_AUTH_FAIL_4";
+            "LOGGING_SIGNED_AUDIT_AUTH_FAIL_4";
     private final static String LOGGING_SIGNED_AUDIT_AUTH_SUCCESS =
-        "LOGGING_SIGNED_AUDIT_AUTH_SUCCESS_3";
+            "LOGGING_SIGNED_AUDIT_AUTH_SUCCESS_3";
     private final static String LOGGING_SIGNED_AUDIT_AUTHZ_FAIL =
-        "LOGGING_SIGNED_AUDIT_AUTHZ_FAIL_4";
+            "LOGGING_SIGNED_AUDIT_AUTHZ_FAIL_4";
     private final static String LOGGING_SIGNED_AUDIT_AUTHZ_SUCCESS =
-        "LOGGING_SIGNED_AUDIT_AUTHZ_SUCCESS_4";
+            "LOGGING_SIGNED_AUDIT_AUTHZ_SUCCESS_4";
     private final static String LOGGING_SIGNED_AUDIT_ROLE_ASSUME =
-        "LOGGING_SIGNED_AUDIT_ROLE_ASSUME_3";
+            "LOGGING_SIGNED_AUDIT_ROLE_ASSUME_3";
     private final static String CERTUSERDB =
-        IAuthSubsystem.CERTUSERDB_AUTHMGR_ID;
+            IAuthSubsystem.CERTUSERDB_AUTHMGR_ID;
     private final static String PASSWDUSERDB =
-        IAuthSubsystem.PASSWDUSERDB_AUTHMGR_ID;
+            IAuthSubsystem.PASSWDUSERDB_AUTHMGR_ID;
 
     /**
      * Constructs generic administration servlet.
@@ -175,8 +169,8 @@ public class AdminServlet extends HttpServlet {
 
         if (srcType.equalsIgnoreCase(AUTHZ_SRC_XML)) {
             CMS.debug("AdminServlet: " + CMS.getLogMessage("ADMIN_SRVLT_AUTHZ_INITED", ""));
-            // get authz mgr from xml file;  if not specified, use
-            //			ldap by default
+            // get authz mgr from xml file; if not specified, use
+            // ldap by default
             mAclMethod = getSCparam(sc, PROP_AUTHZ_MGR, AUTHZ_MGR_LDAP);
 
             if (mAclMethod.equalsIgnoreCase(AUTHZ_MGR_BASIC)) {
@@ -185,7 +179,7 @@ public class AdminServlet extends HttpServlet {
                 if (aclInfo != null) {
                     try {
                         addACLInfo(aclInfo);
-                        //mAuthz.authzMgrAccessInit(mAclMethod, aclInfo);
+                        // mAuthz.authzMgrAccessInit(mAclMethod, aclInfo);
                     } catch (EBaseException e) {
                         log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_AUTHZ_MGR_INIT_FAIL"));
                         throw new ServletException("failed to init authz info from xml config file");
@@ -204,45 +198,44 @@ public class AdminServlet extends HttpServlet {
         }
     }
 
-    public void outputHttpParameters(HttpServletRequest httpReq)
-    {
+    public void outputHttpParameters(HttpServletRequest httpReq) {
         CMS.debug("AdminServlet:service() uri = " + httpReq.getRequestURI());
         Enumeration paramNames = httpReq.getParameterNames();
         while (paramNames.hasMoreElements()) {
-            String pn = (String)paramNames.nextElement();
+            String pn = (String) paramNames.nextElement();
             // added this facility so that password can be hidden,
-            // all sensitive parameters should be prefixed with 
+            // all sensitive parameters should be prefixed with
             // __ (double underscores); however, in the event that
             // a security parameter slips through, we perform multiple
             // additional checks to insure that it is NOT displayed
-            if( pn.startsWith("__")                         ||
-                pn.endsWith("password")                     ||
-                pn.endsWith("passwd")                       ||
-                pn.endsWith("pwd")                          ||
-                pn.equalsIgnoreCase("admin_password_again") ||
-                pn.equalsIgnoreCase("directoryManagerPwd")  ||
-                pn.equalsIgnoreCase("bindpassword")         ||
-                pn.equalsIgnoreCase("bindpwd")              ||
-                pn.equalsIgnoreCase("passwd")               ||
-                pn.equalsIgnoreCase("password")             ||
-                pn.equalsIgnoreCase("pin")                  ||
-                pn.equalsIgnoreCase("pwd")                  ||
-                pn.equalsIgnoreCase("pwdagain")             ||
-                pn.equalsIgnoreCase("uPasswd") ) {
-               CMS.debug("AdminServlet::service() param name='" + pn +
-                         "' value='(sensitive)'" );
+            if (pn.startsWith("__") ||
+                    pn.endsWith("password") ||
+                    pn.endsWith("passwd") ||
+                    pn.endsWith("pwd") ||
+                    pn.equalsIgnoreCase("admin_password_again") ||
+                    pn.equalsIgnoreCase("directoryManagerPwd") ||
+                    pn.equalsIgnoreCase("bindpassword") ||
+                    pn.equalsIgnoreCase("bindpwd") ||
+                    pn.equalsIgnoreCase("passwd") ||
+                    pn.equalsIgnoreCase("password") ||
+                    pn.equalsIgnoreCase("pin") ||
+                    pn.equalsIgnoreCase("pwd") ||
+                    pn.equalsIgnoreCase("pwdagain") ||
+                    pn.equalsIgnoreCase("uPasswd")) {
+                CMS.debug("AdminServlet::service() param name='" + pn +
+                         "' value='(sensitive)'");
             } else {
-               CMS.debug("AdminServlet::service() param name='" + pn +
-                         "' value='" + httpReq.getParameter(pn) + "'" );
+                CMS.debug("AdminServlet::service() param name='" + pn +
+                         "' value='" + httpReq.getParameter(pn) + "'");
             }
         }
     }
-                                                                                
+
     /**
      * Serves HTTP admin request.
      */
     public void service(HttpServletRequest req, HttpServletResponse resp)
-        throws ServletException, IOException {
+            throws ServletException, IOException {
         boolean running_state = CMS.isInRunningState();
 
         if (!running_state)
@@ -250,7 +243,7 @@ public class AdminServlet extends HttpServlet {
                     "CMS server is not ready to serve.");
 
         if (CMS.debugOn()) {
-          outputHttpParameters(req);
+            outputHttpParameters(req);
         }
     }
 
@@ -274,18 +267,18 @@ public class AdminServlet extends HttpServlet {
     }
 
     /**
-     * Authenticates to the identity scope with the given
-     * userid and password via identity manager.
+     * Authenticates to the identity scope with the given userid and password
+     * via identity manager.
      * <P>
-     *
+     * 
      * <ul>
      * <li>signed.audit LOGGING_SIGNED_AUDIT_AUTH_FAIL used when authentication
-     * fails (in case of SSL-client auth, only webserver env can pick up the
-     * SSL violation; CMS authMgr can pick up cert mis-match, so this event
-     * is used)
-     * <li>signed.audit LOGGING_SIGNED_AUDIT_AUTH_SUCCESS used when authentication
-     * succeeded
+     * fails (in case of SSL-client auth, only webserver env can pick up the SSL
+     * violation; CMS authMgr can pick up cert mis-match, so this event is used)
+     * <li>signed.audit LOGGING_SIGNED_AUDIT_AUTH_SUCCESS used when
+     * authentication succeeded
      * </ul>
+     * 
      * @exception IOException an input/output error has occurred
      */
     protected void authenticate(HttpServletRequest req) throws
@@ -307,12 +300,12 @@ public class AdminServlet extends HttpServlet {
                 // do nothing for now.
             }
             IAuthSubsystem auth = (IAuthSubsystem)
-                CMS.getSubsystem(CMS.SUBSYSTEM_AUTH);
+                    CMS.getSubsystem(CMS.SUBSYSTEM_AUTH);
             X509Certificate cert = null;
 
             if (authType.equals("sslclientauth")) {
                 X509Certificate[] allCerts =
-                    (X509Certificate[]) req.getAttribute(CERT_ATTR);
+                        (X509Certificate[]) req.getAttribute(CERT_ATTR);
 
                 if (allCerts == null || allCerts.length == 0) {
                     // store a message in the signed audit log file
@@ -362,10 +355,9 @@ public class AdminServlet extends HttpServlet {
                     mServletID));
             try {
                 if (authType.equals("sslclientauth")) {
-                    IAuthManager
-                        authMgr = auth.get(IAuthSubsystem.CERTUSERDB_AUTHMGR_ID);
+                    IAuthManager authMgr = auth.get(IAuthSubsystem.CERTUSERDB_AUTHMGR_ID);
                     IAuthCredentials authCreds =
-                        getAuthCreds(authMgr, cert);
+                            getAuthCreds(authMgr, cert);
 
                     token = (AuthToken) authMgr.authenticate(authCreds);
                 } else {
@@ -400,15 +392,14 @@ public class AdminServlet extends HttpServlet {
                             mServletID));
                 }
             } catch (EBaseException e) {
-                //will fix it later for authorization
+                // will fix it later for authorization
                 /*
-                 String errMsg = "authenticate(): " +
-                 AdminResources.SRVLT_FAIL_AUTHS +": "+userid +":"+
-                 e.getMessage();
-                 log(ILogger.LL_FAILURE,
-                 CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAIL",
-                 CMS.getLogMessage("ADMIN_SRVLT_FAIL_AUTHS"),
-                 userid,e.getMessage()));
+                 * String errMsg = "authenticate(): " +
+                 * AdminResources.SRVLT_FAIL_AUTHS +": "+userid +":"+
+                 * e.getMessage(); log(ILogger.LL_FAILURE,
+                 * CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAIL",
+                 * CMS.getLogMessage("ADMIN_SRVLT_FAIL_AUTHS"),
+                 * userid,e.getMessage()));
                  */
 
                 if (authType.equals("sslclientauth")) {
@@ -441,9 +432,9 @@ public class AdminServlet extends HttpServlet {
 
                 if (tuserid == null) {
                     mLogger.log(
-                        ILogger.EV_SYSTEM, ILogger.S_OTHER, ILogger.LL_FAILURE,
-                        CMS.getLogMessage("ADMIN_SRVLT_NO_AUTH_TOKEN",
-                            tuserid));
+                            ILogger.EV_SYSTEM, ILogger.S_OTHER, ILogger.LL_FAILURE,
+                            CMS.getLogMessage("ADMIN_SRVLT_NO_AUTH_TOKEN",
+                                    tuserid));
 
                     if (authType.equals("sslclientauth")) {
                         // store a message in the signed audit log file
@@ -477,9 +468,9 @@ public class AdminServlet extends HttpServlet {
 
                 if (user == null) {
                     mLogger.log(
-                        ILogger.EV_SYSTEM, ILogger.S_OTHER, ILogger.LL_FAILURE,
-                        CMS.getLogMessage("ADMIN_SRVLT_USER_NOT_FOUND",
-                            tuserid));
+                            ILogger.EV_SYSTEM, ILogger.S_OTHER, ILogger.LL_FAILURE,
+                            CMS.getLogMessage("ADMIN_SRVLT_USER_NOT_FOUND",
+                                    tuserid));
 
                     if (authType.equals("sslclientauth")) {
                         // store a message in the signed audit log file
@@ -515,7 +506,7 @@ public class AdminServlet extends HttpServlet {
                 sessionContext.put(SessionContext.USER, user);
             } catch (EUsrGrpException e) {
                 mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER, ILogger.LL_FAILURE,
-                    CMS.getLogMessage("ADMIN_SRVLT_USR_GRP_ERR", e.toString()));
+                        CMS.getLogMessage("ADMIN_SRVLT_USR_GRP_ERR", e.toString()));
 
                 if (authType.equals("sslclientauth")) {
                     // store a message in the signed audit log file
@@ -595,8 +586,8 @@ public class AdminServlet extends HttpServlet {
     }
 
     public static AuthCredentials getAuthCreds(
-        IAuthManager authMgr, X509Certificate clientCert)
-        throws EBaseException {
+            IAuthManager authMgr, X509Certificate clientCert)
+            throws EBaseException {
         // get credentials from http parameters.
         String[] reqCreds = authMgr.getRequiredCreds();
         AuthCredentials creds = new AuthCredentials();
@@ -606,8 +597,8 @@ public class AdminServlet extends HttpServlet {
 
             if (reqCred.equals(IAuthManager.CRED_SSL_CLIENT_CERT)) {
                 // cert could be null;
-                creds.set(reqCred, new X509Certificate[] { clientCert}
-                );
+                creds.set(reqCred, new X509Certificate[] { clientCert }
+                        );
             }
         }
         return creds;
@@ -616,15 +607,16 @@ public class AdminServlet extends HttpServlet {
     /**
      * Authorize must occur after Authenticate
      * <P>
-     *
+     * 
      * <ul>
      * <li>signed.audit LOGGING_SIGNED_AUDIT_AUTHZ_FAIL used when authorization
      * has failed
-     * <li>signed.audit LOGGING_SIGNED_AUDIT_AUTHZ_SUCCESS used when authorization
-     * is successful
-     * <li>signed.audit LOGGING_SIGNED_AUDIT_ROLE_ASSUME used when user assumes a
-     * role (in current CMS that's when one accesses a role port)
+     * <li>signed.audit LOGGING_SIGNED_AUDIT_AUTHZ_SUCCESS used when
+     * authorization is successful
+     * <li>signed.audit LOGGING_SIGNED_AUDIT_ROLE_ASSUME used when user assumes
+     * a role (in current CMS that's when one accesses a role port)
      * </ul>
+     * 
      * @param req HTTP servlet request
      * @return the authorization token
      */
@@ -646,7 +638,7 @@ public class AdminServlet extends HttpServlet {
         // hardcoded for now .. just testing
         try {
             // we check both "read" and "write" for now. later within
-            //			each servlet, they can break it down
+            // each servlet, they can break it down
             authzTok = mAuthz.authorize(mAclMethod, authToken, AUTHZ_RES_NAME, mOp);
             // initialize the ACL resource, overwriting "auditACLResource"
             // if it is not null
@@ -779,15 +771,15 @@ public class AdminServlet extends HttpServlet {
 
     /**
      * Sends response.
-     *
+     * 
      * @param returnCode return code
      * @param errorMsg localized error message
      * @param params result parameters
      * @param resp HTTP servlet response
      */
     protected void sendResponse(int returnCode, String errorMsg,
-        NameValuePairs params, HttpServletResponse resp)
-        throws IOException {
+            NameValuePairs params, HttpServletResponse resp)
+            throws IOException {
         ByteArrayOutputStream bos = new ByteArrayOutputStream();
         DataOutputStream dos = new DataOutputStream(bos);
 
@@ -806,8 +798,8 @@ public class AdminServlet extends HttpServlet {
                     String value = java.net.URLEncoder.encode((String)
                             params.getValue(name));
 
-                    buf.append(java.net.URLEncoder.encode(name) + 
-                        "=" + value);
+                    buf.append(java.net.URLEncoder.encode(name) +
+                            "=" + value);
                     if (e.hasMoreElements())
                         buf.append("&");
                 }
@@ -850,7 +842,7 @@ public class AdminServlet extends HttpServlet {
 
     protected String getParameter(HttpServletRequest req, String name) {
         // Servlet framework already apply URLdecode
-        //   return URLdecode(req.getParameter(name));
+        // return URLdecode(req.getParameter(name));
         return req.getParameter(name);
     }
 
@@ -858,8 +850,8 @@ public class AdminServlet extends HttpServlet {
      * Generic configuration store get operation.
      */
     protected synchronized void getConfig(
-        IConfigStore config, HttpServletRequest req,
-        HttpServletResponse resp) throws ServletException,
+            IConfigStore config, HttpServletRequest req,
+            HttpServletResponse resp) throws ServletException,
             IOException, EBaseException {
         NameValuePairs params = new NameValuePairs();
         Enumeration e = req.getParameterNames();
@@ -867,8 +859,8 @@ public class AdminServlet extends HttpServlet {
         while (e.hasMoreElements()) {
             String name = (String) e.nextElement();
 
-            //if (name.equals(Constants.PT_OP))
-            //	continue;
+            // if (name.equals(Constants.PT_OP))
+            // continue;
             if (name.equals(Constants.OP_TYPE))
                 continue;
             if (name.equals(Constants.RS_ID))
@@ -876,21 +868,20 @@ public class AdminServlet extends HttpServlet {
             if (name.equals(Constants.OP_SCOPE))
                 continue;
 
-                //System.out.println(name);
-                //System.out.println(name+","+config.getString(name));
+            // System.out.println(name);
+            // System.out.println(name+","+config.getString(name));
             params.add(name, config.getString(name));
         }
         sendResponse(SUCCESS, null, params, resp);
     }
 
     /**
-     * Generic configuration store set operation.
-     * The caller is responsible to do validiation before
-     * calling this, and commit changes after this call.
+     * Generic configuration store set operation. The caller is responsible to
+     * do validiation before calling this, and commit changes after this call.
      */
     protected synchronized void setConfig(
-        IConfigStore config, HttpServletRequest req,
-        HttpServletResponse resp) throws ServletException,
+            IConfigStore config, HttpServletRequest req,
+            HttpServletResponse resp) throws ServletException,
             IOException, EBaseException {
         NameValuePairs params = new NameValuePairs();
         Enumeration e = req.getParameterNames();
@@ -898,16 +889,16 @@ public class AdminServlet extends HttpServlet {
         while (e.hasMoreElements()) {
             String name = (String) e.nextElement();
 
-            //if (name.equals(Constants.PT_OP))
-            //	continue;
+            // if (name.equals(Constants.PT_OP))
+            // continue;
             if (name.equals(Constants.OP_TYPE))
                 continue;
             if (name.equals(Constants.RS_ID))
                 continue;
             if (name.equals(Constants.OP_SCOPE))
                 continue;
-                // XXX Need validation...
-                // XXX what if update failed
+            // XXX Need validation...
+            // XXX what if update failed
             config.putString(name, req.getParameter(name));
         }
         commit(true);
@@ -918,8 +909,8 @@ public class AdminServlet extends HttpServlet {
      * Lists configuration store.
      */
     protected synchronized void listConfig(
-        IConfigStore config, HttpServletRequest req,
-        HttpServletResponse resp) throws ServletException,
+            IConfigStore config, HttpServletRequest req,
+            HttpServletResponse resp) throws ServletException,
             IOException, EBaseException {
         Enumeration e = config.getPropertyNames();
         NameValuePairs params = new NameValuePairs();
@@ -938,14 +929,14 @@ public class AdminServlet extends HttpServlet {
     public boolean authorize(IAuthToken token) throws EBaseException {
         String mGroupNames[] = { "Administrators" };
         boolean mAnd = true;
-	
+
         try {
             String userid = token.getInString("userid");
 
             if (userid == null) {
                 mLogger.log(
-                    ILogger.EV_SYSTEM, ILogger.S_OTHER, ILogger.LL_FAILURE,
-                    CMS.getLogMessage("ADMIN_SRVLT_GRP_AUTHZ_FAIL", userid));
+                        ILogger.EV_SYSTEM, ILogger.S_OTHER, ILogger.LL_FAILURE,
+                        CMS.getLogMessage("ADMIN_SRVLT_GRP_AUTHZ_FAIL", userid));
                 return false;
             }
 
@@ -955,8 +946,8 @@ public class AdminServlet extends HttpServlet {
 
             if (user == null) {
                 mLogger.log(
-                    ILogger.EV_SYSTEM, ILogger.S_OTHER, ILogger.LL_FAILURE,
-                    CMS.getLogMessage("ADMIN_SRVLT_USER_NOT_IN_DB", userid));
+                        ILogger.EV_SYSTEM, ILogger.S_OTHER, ILogger.LL_FAILURE,
+                        CMS.getLogMessage("ADMIN_SRVLT_USER_NOT_IN_DB", userid));
                 return false;
             }
 
@@ -973,9 +964,9 @@ public class AdminServlet extends HttpServlet {
                 for (int i = 0; i < mGroupNames.length; i++) {
                     if (!mUG.isMemberOf(user, mGroupNames[i])) {
                         mLogger.log(
-                            ILogger.EV_SYSTEM, ILogger.S_OTHER, ILogger.LL_FAILURE,
-                            CMS.getLogMessage("ADMIN_SRVLT_USER_NOT_IN_GRP", userid,
-                                mGroupNames[i]));
+                                ILogger.EV_SYSTEM, ILogger.S_OTHER, ILogger.LL_FAILURE,
+                                CMS.getLogMessage("ADMIN_SRVLT_USER_NOT_IN_GRP", userid,
+                                        mGroupNames[i]));
                         return false;
                     }
                 }
@@ -984,9 +975,9 @@ public class AdminServlet extends HttpServlet {
                 for (int i = 0; i < mGroupNames.length; i++) {
                     if (mUG.isMemberOf(user, mGroupNames[i])) {
                         mLogger.log(ILogger.EV_SYSTEM,
-                            ILogger.S_OTHER, ILogger.LL_INFO,
-                            CMS.getLogMessage("ADMIN_SRVLT_GRP_AUTH_SUCC_USER", userid,
-                                mGroupNames[i]));
+                                ILogger.S_OTHER, ILogger.LL_INFO,
+                                CMS.getLogMessage("ADMIN_SRVLT_GRP_AUTH_SUCC_USER", userid,
+                                        mGroupNames[i]));
                         return true;
                     }
                 }
@@ -998,24 +989,24 @@ public class AdminServlet extends HttpServlet {
                     groups.append(mGroupNames[j]);
                 }
                 mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER,
-                    ILogger.LL_FAILURE,
-                    CMS.getLogMessage("ADMIN_SRVLT_USER_NOT_ANY_GRP", userid, groups.toString()));
+                        ILogger.LL_FAILURE,
+                        CMS.getLogMessage("ADMIN_SRVLT_USER_NOT_ANY_GRP", userid, groups.toString()));
                 return false;
             }
         } catch (EUsrGrpException e) {
             mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER, ILogger.LL_FAILURE,
-                CMS.getLogMessage("ADMIN_SRVLT_USR_GRP_ERR", e.toString()));
+                    CMS.getLogMessage("ADMIN_SRVLT_USR_GRP_ERR", e.toString()));
             return false;
         }
     }
 
     /**
      * FileConfigStore functionality
-     *
-     * The original config file is moved to <filename>.<date>.
-     * Commits the current properties to the configuration file.
+     * 
+     * The original config file is moved to <filename>.<date>. Commits the
+     * current properties to the configuration file.
      * <P>
-     *
+     * 
      * @param createBackup true if a backup file should be created
      */
     protected void commit(boolean createBackup) throws EBaseException {
@@ -1026,16 +1017,16 @@ public class AdminServlet extends HttpServlet {
         if (mLogger == null)
             return;
         mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_ADMIN,
-            level, "AdminServlet: " + msg);
+                level, "AdminServlet: " + msg);
     }
 
     /**
      * Signed Audit Log
-     *
-     * This method is inherited by all extended admin servlets
-     * and is called to store messages to the signed audit log.
+     * 
+     * This method is inherited by all extended admin servlets and is called to
+     * store messages to the signed audit log.
      * <P>
-     *
+     * 
      * @param msg signed audit log message
      */
     protected void audit(String msg) {
@@ -1047,20 +1038,19 @@ public class AdminServlet extends HttpServlet {
         }
 
         mSignedAuditLogger.log(ILogger.EV_SIGNED_AUDIT,
-            null,
-            ILogger.S_SIGNED_AUDIT,
-            ILogger.LL_SECURITY,
-            msg);
+                null,
+                ILogger.S_SIGNED_AUDIT,
+                ILogger.LL_SECURITY,
+                msg);
     }
 
     /**
      * Signed Audit Log Subject ID
-     *
-     * This method is inherited by all extended "CMSServlet"s,
-     * and is called to obtain the "SubjectID" for
-     * a signed audit log message.
+     * 
+     * This method is inherited by all extended "CMSServlet"s, and is called to
+     * obtain the "SubjectID" for a signed audit log message.
      * <P>
-     *
+     * 
      * @return id string containing the signed audit log message SubjectID
      */
     protected String auditSubjectID() {
@@ -1092,13 +1082,13 @@ public class AdminServlet extends HttpServlet {
 
     /**
      * Signed Audit Parameters
-     *
-     * This method is inherited by all extended admin servlets and
-     * is called to extract parameters from the HttpServletRequest
-     * and return a string of name;;value pairs separated by a '+'
-     * if more than one name;;value pair exists.
+     * 
+     * This method is inherited by all extended admin servlets and is called to
+     * extract parameters from the HttpServletRequest and return a string of
+     * name;;value pairs separated by a '+' if more than one name;;value pair
+     * exists.
      * <P>
-     *
+     * 
      * @param req HTTP servlet request
      * @return a delimited string of one or more delimited name/value pairs
      */
@@ -1172,26 +1162,27 @@ public class AdminServlet extends HttpServlet {
                     //
                     // To fix Blackflag Bug # 613800:
                     //
-                    //     Check "com.netscape.certsrv.common.Constants" for
-                    //     case-insensitive "password", "pwd", and "passwd"
-                    //     name fields, and hide any password values:
+                    // Check "com.netscape.certsrv.common.Constants" for
+                    // case-insensitive "password", "pwd", and "passwd"
+                    // name fields, and hide any password values:
                     //
- /* "password" */   if( name.equals( Constants.PASSWORDTYPE )             ||
-                        name.equals( Constants.TYPE_PASSWORD )            ||
-                        name.equals( Constants.PR_USER_PASSWORD )         ||
-                        name.equals( Constants.PT_OLD_PASSWORD )          ||
-                        name.equals( Constants.PT_NEW_PASSWORD )          ||
-                        name.equals( Constants.PT_DIST_STORE )            ||
-                        name.equals( Constants.PT_DIST_EMAIL )            ||
- /* "pwd" */            name.equals( Constants.PR_AUTH_ADMIN_PWD )        ||
-    // ignore this one  name.equals( Constants.PR_BINDPWD_PROMPT )        ||
-                        name.equals( Constants.PR_DIRECTORY_MANAGER_PWD ) ||
-                        name.equals( Constants.PR_OLD_AGENT_PWD )         ||
-                        name.equals( Constants.PR_AGENT_PWD )             ||
-                        name.equals( Constants.PT_PUBLISH_PWD )           ||
- /* "passwd" */         name.equals( Constants.PR_BIND_PASSWD )           ||
-                        name.equals( Constants.PR_BIND_PASSWD_AGAIN )     ||
-                        name.equals( Constants.PR_TOKEN_PASSWD ) ) {
+                    /* "password" */if (name.equals(Constants.PASSWORDTYPE) ||
+                            name.equals(Constants.TYPE_PASSWORD) ||
+                            name.equals(Constants.PR_USER_PASSWORD) ||
+                            name.equals(Constants.PT_OLD_PASSWORD) ||
+                            name.equals(Constants.PT_NEW_PASSWORD) ||
+                            name.equals(Constants.PT_DIST_STORE) ||
+                            name.equals(Constants.PT_DIST_EMAIL) ||
+                            /* "pwd" */name.equals(Constants.PR_AUTH_ADMIN_PWD) ||
+                            // ignore this one name.equals(
+                            // Constants.PR_BINDPWD_PROMPT ) ||
+                            name.equals(Constants.PR_DIRECTORY_MANAGER_PWD) ||
+                            name.equals(Constants.PR_OLD_AGENT_PWD) ||
+                            name.equals(Constants.PR_AGENT_PWD) ||
+                            name.equals(Constants.PT_PUBLISH_PWD) ||
+                            /* "passwd" */name.equals(Constants.PR_BIND_PASSWD) ||
+                            name.equals(Constants.PR_BIND_PASSWD_AGAIN) ||
+                            name.equals(Constants.PR_TOKEN_PASSWD)) {
 
                         // hide password value
                         parameters += name
@@ -1216,14 +1207,14 @@ public class AdminServlet extends HttpServlet {
 
     /**
      * Signed Audit Groups
-     *
-     * This method is called to extract all "groups" associated
-     * with the "auditSubjectID()".
+     * 
+     * This method is called to extract all "groups" associated with the
+     * "auditSubjectID()".
      * <P>
-     *
+     * 
      * @param SubjectID string containing the signed audit log message SubjectID
-     * @return a delimited string of groups associated
-     *      with the "auditSubjectID()"
+     * @return a delimited string of groups associated with the
+     *         "auditSubjectID()"
      */
     private String auditGroups(String SubjectID) {
         // if no signed audit object exists, bail
@@ -1232,7 +1223,7 @@ public class AdminServlet extends HttpServlet {
         }
 
         if ((SubjectID == null) ||
-            (SubjectID.equals(ILogger.UNIDENTIFIED))) {
+                (SubjectID.equals(ILogger.UNIDENTIFIED))) {
             return ILogger.SIGNED_AUDIT_EMPTY_VALUE;
         }
 
@@ -1250,7 +1241,7 @@ public class AdminServlet extends HttpServlet {
             IGroup group = (IGroup) groups.nextElement();
 
             if (group.isMember(SubjectID) == true) {
-                if (membersString.length()!=0) {
+                if (membersString.length() != 0) {
                     membersString.append(", ");
                 }
 
@@ -1258,7 +1249,7 @@ public class AdminServlet extends HttpServlet {
             }
         }
 
-        if (membersString.length()!= 0) {
+        if (membersString.length() != 0) {
             return membersString.toString();
         } else {
             return ILogger.SIGNED_AUDIT_EMPTY_VALUE;
@@ -1266,7 +1257,8 @@ public class AdminServlet extends HttpServlet {
     }
 
     protected NameValuePairs convertStringArrayToNVPairs(String[] s) {
-        if (s == null) return null;
+        if (s == null)
+            return null;
         NameValuePairs nvps = new NameValuePairs();
         int i;
 
diff --git a/pki/base/common/src/com/netscape/cms/servlet/admin/AuthAdminServlet.java b/pki/base/common/src/com/netscape/cms/servlet/admin/AuthAdminServlet.java
index 4a7329c9..28a25216 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/admin/AuthAdminServlet.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/admin/AuthAdminServlet.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.servlet.admin;
 
-
 import java.io.IOException;
 import java.util.Enumeration;
 import java.util.Locale;
@@ -46,13 +45,12 @@ import com.netscape.certsrv.common.ScopeDef;
 import com.netscape.certsrv.ldap.ILdapAuthInfo;
 import com.netscape.certsrv.logging.ILogger;
 
-
 /**
- * A class representing an administration servlet for the
- * Authentication Management subsystem.  This servlet is responsible
- * to serve configuration requests for the Auths Management subsystem.
+ * A class representing an administration servlet for the Authentication
+ * Management subsystem. This servlet is responsible to serve configuration
+ * requests for the Auths Management subsystem.
+ * 
  * 
- *
  * @version $Revision$, $Date$
  */
 public class AuthAdminServlet extends AdminServlet {
@@ -64,13 +62,13 @@ public class AuthAdminServlet extends AdminServlet {
     private final static String INFO = "AuthAdminServlet";
     private IAuthSubsystem mAuths = null;
 
-    private final static String PW_PASSWORD_CACHE_ADD = 
-        "PASSWORD_CACHE_ADD";
+    private final static String PW_PASSWORD_CACHE_ADD =
+            "PASSWORD_CACHE_ADD";
     private final static String VIEW = ";" + Constants.VIEW;
     private final static String EDIT = ";" + Constants.EDIT;
 
     private final static String LOGGING_SIGNED_AUDIT_CONFIG_AUTH =
-        "LOGGING_SIGNED_AUDIT_CONFIG_AUTH_3";
+            "LOGGING_SIGNED_AUDIT_CONFIG_AUTH_3";
 
     public AuthAdminServlet() {
         super();
@@ -88,18 +86,18 @@ public class AuthAdminServlet extends AdminServlet {
     /**
      * Returns serlvet information.
      */
-    public String getServletInfo() { 
-        return INFO; 
+    public String getServletInfo() {
+        return INFO;
     }
 
     /**
-     * retrieve extended plugin info such as brief description, type info
-     * from policy, authentication,
-     *   need to add: listener, mapper and publishing plugins
-     * --- same as policy, should we move this into extendedpluginhelper?
+     * retrieve extended plugin info such as brief description, type info from
+     * policy, authentication, need to add: listener, mapper and publishing
+     * plugins --- same as policy, should we move this into
+     * extendedpluginhelper?
      */
     private void getExtendedPluginInfo(HttpServletRequest req,
-        HttpServletResponse resp) throws ServletException,
+            HttpServletResponse resp) throws ServletException,
             IOException, EBaseException {
 
         String id = req.getParameter(Constants.RS_ID);
@@ -110,7 +108,7 @@ public class AuthAdminServlet extends AdminServlet {
         String implName = id.substring(colon + 1);
 
         NameValuePairs params =
-            getExtendedPluginInfo(getLocale(req), implType, implName);
+                getExtendedPluginInfo(getLocale(req), implType, implName);
 
         sendResponse(SUCCESS, null, params, resp);
     }
@@ -142,42 +140,43 @@ public class AuthAdminServlet extends AdminServlet {
      * Serves HTTP admin request.
      */
     public void service(HttpServletRequest req, HttpServletResponse resp)
-        throws ServletException, IOException {
+            throws ServletException, IOException {
         super.service(req, resp);
 
         String scope = req.getParameter(Constants.OP_SCOPE);
         String op = req.getParameter(Constants.OP_TYPE);
 
         if (op == null) {
-            //System.out.println("SRVLT_INVALID_PROTOCOL");
-            sendResponse(ERROR, 
-                CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_PROTOCOL"),
-                null, resp);
+            // System.out.println("SRVLT_INVALID_PROTOCOL");
+            sendResponse(ERROR,
+                    CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_PROTOCOL"),
+                    null, resp);
             return;
         }
 
         // if it is not authentication, that means it is for CSC admin ping.
         // the best way to do is to define another protocol for ping and move
         // it to the generic servlet which is admin servlet.
-        if (!op.equals(OpDef.OP_AUTH)) { 
+        if (!op.equals(OpDef.OP_AUTH)) {
             if (scope.equals(ScopeDef.SC_AUTH)) {
                 String id = req.getParameter(Constants.RS_ID);
 
                 // for CSC admin ping only
                 if (op.equals(OpDef.OP_READ) &&
-                    id.equals(Constants.RS_ID_CONFIG)) {
+                        id.equals(Constants.RS_ID_CONFIG)) {
 
-                    // no need to authenticate this. if we're alive, return true.
+                    // no need to authenticate this. if we're alive, return
+                    // true.
                     NameValuePairs params = new NameValuePairs();
 
                     params.add(Constants.PR_PING, Constants.TRUE);
                     sendResponse(SUCCESS, null, params, resp);
                     return;
                 } else {
-                    //System.out.println("SRVLT_INVALID_OP_TYPE");
+                    // System.out.println("SRVLT_INVALID_OP_TYPE");
                     sendResponse(ERROR,
-                        CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_TYPE", op),
-                        null, resp);
+                            CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_TYPE", op),
+                            null, resp);
                     return;
                 }
             }
@@ -186,7 +185,7 @@ public class AuthAdminServlet extends AdminServlet {
         try {
             if (op.equals(OpDef.OP_AUTH)) {
                 if (scope.equals(ScopeDef.SC_AUTHTYPE)) {
-                    IConfigStore configStore = CMS.getConfigStore(); 
+                    IConfigStore configStore = CMS.getConfigStore();
                     String val = configStore.getString("authType", "pwd");
                     NameValuePairs params = new NameValuePairs();
 
@@ -196,11 +195,11 @@ public class AuthAdminServlet extends AdminServlet {
                 }
             }
         } catch (Exception e) {
-            sendResponse(ERROR,CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHS_FAILED"),
-                null, resp);
+            sendResponse(ERROR, CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHS_FAILED"),
+                    null, resp);
             return;
         }
-        // for the rest					
+        // for the rest
         try {
             super.authenticate(req);
             if (op.equals(OpDef.OP_AUTH)) { // for admin authentication only
@@ -208,9 +207,9 @@ public class AuthAdminServlet extends AdminServlet {
                 return;
             }
         } catch (IOException e) {
-            //System.out.println("SRVLT_FAIL_AUTHS");
-            sendResponse(ERROR,CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHS_FAILED"),
-                null, resp);
+            // System.out.println("SRVLT_FAIL_AUTHS");
+            sendResponse(ERROR, CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHS_FAILED"),
+                    null, resp);
             return;
         }
 
@@ -223,8 +222,8 @@ public class AuthAdminServlet extends AdminServlet {
                         mOp = "read";
                         if ((mToken = super.authorize(req)) == null) {
                             sendResponse(ERROR,
-                              CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
-                                null, resp);
+                                    CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
+                                    null, resp);
                             return;
                         }
                         getExtendedPluginInfo(req, resp);
@@ -238,8 +237,8 @@ public class AuthAdminServlet extends AdminServlet {
                     mOp = "read";
                     if ((mToken = super.authorize(req)) == null) {
                         sendResponse(ERROR,
-                          CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
-                            null, resp);
+                                CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
+                                null, resp);
                         return;
                     }
                     if (scope.equals(ScopeDef.SC_AUTH_IMPLS)) {
@@ -249,17 +248,17 @@ public class AuthAdminServlet extends AdminServlet {
                         listAuthMgrInsts(req, resp);
                         return;
                     } else {
-                        sendResponse(ERROR, 
-                            CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"),
-                            null, resp);
+                        sendResponse(ERROR,
+                                CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"),
+                                null, resp);
                         return;
                     }
                 } else if (op.equals(OpDef.OP_READ)) {
                     mOp = "read";
                     if ((mToken = super.authorize(req)) == null) {
                         sendResponse(ERROR,
-                          CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
-                            null, resp);
+                                CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
+                                null, resp);
                         return;
                     }
                     if (scope.equals(ScopeDef.SC_AUTH_IMPLS)) {
@@ -269,17 +268,17 @@ public class AuthAdminServlet extends AdminServlet {
                         getInstConfig(req, resp);
                         return;
                     } else {
-                        sendResponse(ERROR, 
-                            CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"),
-                            null, resp);
+                        sendResponse(ERROR,
+                                CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"),
+                                null, resp);
                         return;
                     }
                 } else if (op.equals(OpDef.OP_ADD)) {
                     mOp = "modify";
                     if ((mToken = super.authorize(req)) == null) {
                         sendResponse(ERROR,
-                          CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
-                            null, resp);
+                                CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
+                                null, resp);
                         return;
                     }
                     if (scope.equals(ScopeDef.SC_AUTH_IMPLS)) {
@@ -289,17 +288,17 @@ public class AuthAdminServlet extends AdminServlet {
                         addAuthMgrInst(req, resp, scope);
                         return;
                     } else {
-                        sendResponse(ERROR, 
-                            CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"),
-                            null, resp);
+                        sendResponse(ERROR,
+                                CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"),
+                                null, resp);
                         return;
                     }
                 } else if (op.equals(OpDef.OP_DELETE)) {
                     mOp = "modify";
                     if ((mToken = super.authorize(req)) == null) {
                         sendResponse(ERROR,
-                          CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
-                            null, resp);
+                                CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
+                                null, resp);
                         return;
                     }
                     if (scope.equals(ScopeDef.SC_AUTH_IMPLS)) {
@@ -309,17 +308,17 @@ public class AuthAdminServlet extends AdminServlet {
                         delAuthMgrInst(req, resp, scope);
                         return;
                     } else {
-                        sendResponse(ERROR, 
-                            CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"),
-                            null, resp);
+                        sendResponse(ERROR,
+                                CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"),
+                                null, resp);
                         return;
                     }
                 } else if (op.equals(OpDef.OP_MODIFY)) {
                     mOp = "modify";
                     if ((mToken = super.authorize(req)) == null) {
                         sendResponse(ERROR,
-                          CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
-                            null, resp);
+                                CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
+                                null, resp);
                         return;
                     }
                     if (scope.equals(ScopeDef.SC_AUTH_MGR_INSTANCE)) {
@@ -328,18 +327,18 @@ public class AuthAdminServlet extends AdminServlet {
                     }
                 } else {
                     sendResponse(ERROR,
-                        CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"),
-                        null, resp);
+                            CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"),
+                            null, resp);
                     return;
                 }
-            } 
+            }
         } catch (EBaseException e) {
             sendResponse(ERROR, e.toString(getLocale(req)), null, resp);
             return;
-        } 
+        }
         sendResponse(ERROR,
-            CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_PERFORM_FAILED"),
-            null, resp);
+                CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_PERFORM_FAILED"),
+                null, resp);
         return;
     }
 
@@ -356,23 +355,24 @@ public class AuthAdminServlet extends AdminServlet {
     /**
      * Add authentication manager plug-in
      * <P>
-     *
+     * 
      * <ul>
      * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_AUTH used when configuring
      * authentication
      * </ul>
+     * 
      * @param req HTTP servlet request
      * @param resp HTTP servlet response
      * @param scope string used to obtain the contents of this authentication
-     * manager's substore
+     *            manager's substore
      * @exception ServletException a servlet error has occurred
      * @exception IOException an input/output error has occurred
      * @exception EBaseException an error has occurred
      */
-    
-	private synchronized void addAuthMgrPlugin(HttpServletRequest req, 
-        HttpServletResponse resp, String scope)
-        throws ServletException, IOException, EBaseException {
+
+    private synchronized void addAuthMgrPlugin(HttpServletRequest req,
+            HttpServletResponse resp, String scope)
+            throws ServletException, IOException, EBaseException {
 
         String auditMessage = null;
         String auditSubjectID = auditSubjectID();
@@ -392,10 +392,10 @@ public class AuthAdminServlet extends AdminServlet {
 
                 audit(auditMessage);
 
-                //System.out.println("SRVLT_NULL_RS_ID");
+                // System.out.println("SRVLT_NULL_RS_ID");
                 sendResponse(ERROR,
-                    CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
-                    null, resp);
+                        CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
+                        null, resp);
                 return;
             }
             // is the manager id unique?
@@ -410,8 +410,8 @@ public class AuthAdminServlet extends AdminServlet {
                 audit(auditMessage);
 
                 sendResponse(ERROR,
-                    new EAuthException(CMS.getUserMessage(getLocale(req),"CMS_AUTHENTICATION_DUP_MGR_PLUGIN_ID", id)).toString(),
-                    null, resp);
+                        new EAuthException(CMS.getUserMessage(getLocale(req), "CMS_AUTHENTICATION_DUP_MGR_PLUGIN_ID", id)).toString(),
+                        null, resp);
                 return;
             }
 
@@ -428,13 +428,13 @@ public class AuthAdminServlet extends AdminServlet {
                 audit(auditMessage);
 
                 sendResponse(ERROR,
-                    CMS.getUserMessage(getLocale(req),"CMS_AUTHENTICATION_NULL_AUTHMGR_CLASSNAME"),
-                    null, resp);
+                        CMS.getUserMessage(getLocale(req), "CMS_AUTHENTICATION_NULL_AUTHMGR_CLASSNAME"),
+                        null, resp);
                 return;
             }
 
             if (classPath.equals("com.netscape.cmscore.authentication.PasswdUserDBAuthentication") ||
-                classPath.equals("com.netscape.cmscore.authentication.CertUserDBAuthentication")) {
+                    classPath.equals("com.netscape.cmscore.authentication.CertUserDBAuthentication")) {
                 // store a message in the signed audit log file
                 auditMessage = CMS.getLogMessage(
                             LOGGING_SIGNED_AUDIT_CONFIG_AUTH,
@@ -445,17 +445,17 @@ public class AuthAdminServlet extends AdminServlet {
                 audit(auditMessage);
 
                 sendResponse(ERROR,
-                    CMS.getUserMessage(getLocale(req), "CMS_BASE_PERMISSION_DENIED"), null, resp);
+                        CMS.getUserMessage(getLocale(req), "CMS_BASE_PERMISSION_DENIED"), null, resp);
                 return;
             }
 
             IConfigStore destStore =
-                mConfig.getSubStore(DestDef.DEST_AUTH_ADMIN);
+                    mConfig.getSubStore(DestDef.DEST_AUTH_ADMIN);
             IConfigStore instancesConfig =
-                destStore.getSubStore(scope);
+                    destStore.getSubStore(scope);
 
             // Does the class exist?
-            
+
             Class<IAuthManager> newImpl = null;
 
             try {
@@ -473,8 +473,8 @@ public class AuthAdminServlet extends AdminServlet {
                 audit(auditMessage);
 
                 sendResponse(ERROR,
-                    CMS.getUserMessage(getLocale(req),"CMS_AUTHENTICATION_AUTHMGR_PLUGIN_NOT_FOUND"),
-                    null, resp);
+                        CMS.getUserMessage(getLocale(req), "CMS_AUTHENTICATION_AUTHMGR_PLUGIN_NOT_FOUND"),
+                        null, resp);
                 return;
             } catch (IllegalArgumentException e) {
                 // store a message in the signed audit log file
@@ -487,8 +487,8 @@ public class AuthAdminServlet extends AdminServlet {
                 audit(auditMessage);
 
                 sendResponse(ERROR,
-                    CMS.getUserMessage(getLocale(req),"CMS_AUTHENTICATION_AUTHMGR_PLUGIN_NOT_FOUND"),
-                    null, resp);
+                        CMS.getUserMessage(getLocale(req), "CMS_AUTHENTICATION_AUTHMGR_PLUGIN_NOT_FOUND"),
+                        null, resp);
                 return;
             }
 
@@ -505,11 +505,12 @@ public class AuthAdminServlet extends AdminServlet {
                     audit(auditMessage);
 
                     sendResponse(ERROR,
-                        CMS.getUserMessage(getLocale(req),"CMS_AUTHENTICATION_ILL_CLASS"),
-                        null, resp);
+                            CMS.getUserMessage(getLocale(req), "CMS_AUTHENTICATION_ILL_CLASS"),
+                            null, resp);
                     return;
                 }
-            } catch (NullPointerException e) { // unlikely, only if newImpl null.
+            } catch (NullPointerException e) { // unlikely, only if newImpl
+                                               // null.
                 // store a message in the signed audit log file
                 auditMessage = CMS.getLogMessage(
                             LOGGING_SIGNED_AUDIT_CONFIG_AUTH,
@@ -520,8 +521,8 @@ public class AuthAdminServlet extends AdminServlet {
                 audit(auditMessage);
 
                 sendResponse(ERROR,
-                    CMS.getUserMessage(getLocale(req),"CMS_AUTHENTICATION_ILL_CLASS"),
-                    null, resp);
+                        CMS.getUserMessage(getLocale(req), "CMS_AUTHENTICATION_ILL_CLASS"),
+                        null, resp);
                 return;
             }
 
@@ -542,10 +543,10 @@ public class AuthAdminServlet extends AdminServlet {
 
                 audit(auditMessage);
 
-                //System.out.println("SRVLT_FAIL_COMMIT");
+                // System.out.println("SRVLT_FAIL_COMMIT");
                 sendResponse(ERROR,
-                    CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"),
-                    null, resp);
+                        CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"),
+                        null, resp);
                 return;
             }
 
@@ -553,8 +554,8 @@ public class AuthAdminServlet extends AdminServlet {
             AuthMgrPlugin plugin = new AuthMgrPlugin(id, classPath);
 
             mAuths.getPlugins().put(id, plugin);
-            mAuths.log(ILogger.LL_INFO, 
-                CMS.getLogMessage("ADMIN_SRVLT_PLUGIN_ADD", id));
+            mAuths.log(ILogger.LL_INFO,
+                    CMS.getLogMessage("ADMIN_SRVLT_PLUGIN_ADD", id));
 
             NameValuePairs params = new NameValuePairs();
 
@@ -570,17 +571,17 @@ public class AuthAdminServlet extends AdminServlet {
             sendResponse(SUCCESS, null, params, resp);
             return;
             // } catch( EBaseException eAudit1 ) {
-            //     // store a message in the signed audit log file
-            //     auditMessage = CMS.getLogMessage(
-            //                        LOGGING_SIGNED_AUDIT_CONFIG_AUTH,
-            //                        auditSubjectID,
-            //                        ILogger.FAILURE,
-            //                        auditParams( req ) );
+            // // store a message in the signed audit log file
+            // auditMessage = CMS.getLogMessage(
+            // LOGGING_SIGNED_AUDIT_CONFIG_AUTH,
+            // auditSubjectID,
+            // ILogger.FAILURE,
+            // auditParams( req ) );
             //
-            //     audit( auditMessage );
+            // audit( auditMessage );
             //
-            //     // rethrow the specific exception to be handled later
-            //     throw eAudit1;
+            // // rethrow the specific exception to be handled later
+            // throw eAudit1;
         } catch (IOException eAudit2) {
             // store a message in the signed audit log file
             auditMessage = CMS.getLogMessage(
@@ -594,39 +595,40 @@ public class AuthAdminServlet extends AdminServlet {
             // rethrow the specific exception to be handled later
             throw eAudit2;
             // } catch( ServletException eAudit3 ) {
-            //     // store a message in the signed audit log file
-            //     auditMessage = CMS.getLogMessage(
-            //                        LOGGING_SIGNED_AUDIT_CONFIG_AUTH,
-            //                        auditSubjectID,
-            //                        ILogger.FAILURE,
-            //                        auditParams( req ) );
+            // // store a message in the signed audit log file
+            // auditMessage = CMS.getLogMessage(
+            // LOGGING_SIGNED_AUDIT_CONFIG_AUTH,
+            // auditSubjectID,
+            // ILogger.FAILURE,
+            // auditParams( req ) );
             //
-            //     audit( auditMessage );
+            // audit( auditMessage );
             //
-            //     // rethrow the specific exception to be handled later
-            //     throw eAudit3;
+            // // rethrow the specific exception to be handled later
+            // throw eAudit3;
         }
     }
 
     /**
      * Add authentication manager instance
      * <P>
-     *
+     * 
      * <ul>
      * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_AUTH used when configuring
      * authentication
      * </ul>
+     * 
      * @param req HTTP servlet request
      * @param resp HTTP servlet response
      * @param scope string used to obtain the contents of this authentication
-     * manager's substore
+     *            manager's substore
      * @exception ServletException a servlet error has occurred
      * @exception IOException an input/output error has occurred
      * @exception EBaseException an error has occurred
      */
-    private synchronized void addAuthMgrInst(HttpServletRequest req, 
-        HttpServletResponse resp, String scope)
-        throws ServletException, IOException, EBaseException {
+    private synchronized void addAuthMgrInst(HttpServletRequest req,
+            HttpServletResponse resp, String scope)
+            throws ServletException, IOException, EBaseException {
 
         String auditMessage = null;
         String auditSubjectID = auditSubjectID();
@@ -647,8 +649,8 @@ public class AuthAdminServlet extends AdminServlet {
                 audit(auditMessage);
 
                 sendResponse(ERROR,
-                    CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
-                    null, resp);
+                        CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
+                        null, resp);
                 return;
             }
 
@@ -664,8 +666,8 @@ public class AuthAdminServlet extends AdminServlet {
                 audit(auditMessage);
 
                 sendResponse(ERROR,
-                    CMS.getUserMessage(getLocale(req),"CMS_AUTHENTICATION_ILL_MGR_INST_ID"),
-                    null, resp);
+                        CMS.getUserMessage(getLocale(req), "CMS_AUTHENTICATION_ILL_MGR_INST_ID"),
+                        null, resp);
                 return;
             }
 
@@ -685,21 +687,21 @@ public class AuthAdminServlet extends AdminServlet {
                 audit(auditMessage);
 
                 sendResponse(ERROR,
-                    CMS.getUserMessage(getLocale(req),"CMS_AUTHENTICATION_MISSING_PARAMS"),
-                    null, resp);
+                        CMS.getUserMessage(getLocale(req), "CMS_AUTHENTICATION_MISSING_PARAMS"),
+                        null, resp);
                 return;
             }
 
             // prevent agent & admin creation.
             if (implname.equals(IAuthSubsystem.PASSWDUSERDB_PLUGIN_ID) ||
-                implname.equals(IAuthSubsystem.CERTUSERDB_PLUGIN_ID)) {
+                    implname.equals(IAuthSubsystem.CERTUSERDB_PLUGIN_ID)) {
                 sendResponse(ERROR,
-                    CMS.getUserMessage(getLocale(req), "CMS_BASE_PERMISSION_DENIED"), null, resp);
+                        CMS.getUserMessage(getLocale(req), "CMS_BASE_PERMISSION_DENIED"), null, resp);
             }
 
             // check if implementation exists.
             AuthMgrPlugin plugin =
-                (AuthMgrPlugin) mAuths.getPlugins().get(implname);
+                    (AuthMgrPlugin) mAuths.getPlugins().get(implname);
 
             if (plugin == null) {
                 // store a message in the signed audit log file
@@ -712,8 +714,8 @@ public class AuthAdminServlet extends AdminServlet {
                 audit(auditMessage);
 
                 sendResponse(ERROR,
-                    new EAuthMgrPluginNotFound(CMS.getUserMessage(getLocale(req),"CMS_AUTHENTICATION_AUTHMGR_NOT_FOUND", implname)).toString(),
-                    null, resp);
+                        new EAuthMgrPluginNotFound(CMS.getUserMessage(getLocale(req), "CMS_AUTHENTICATION_AUTHMGR_NOT_FOUND", implname)).toString(),
+                        null, resp);
                 return;
             }
 
@@ -723,9 +725,9 @@ public class AuthAdminServlet extends AdminServlet {
             String[] configParams = mAuths.getConfigParams(implname);
 
             IConfigStore destStore =
-                mConfig.getSubStore(DestDef.DEST_AUTH_ADMIN);
+                    mConfig.getSubStore(DestDef.DEST_AUTH_ADMIN);
             IConfigStore instancesConfig =
-                destStore.getSubStore(scope);
+                    destStore.getSubStore(scope);
             IConfigStore substore = instancesConfig.makeSubStore(id);
 
             if (configParams != null) {
@@ -765,8 +767,8 @@ public class AuthAdminServlet extends AdminServlet {
                 // cleanup
                 instancesConfig.removeSubStore(id);
                 sendResponse(ERROR,
-                    new EAuthException(CMS.getUserMessage(getLocale(req),"CMS_AUTHENTICATION_LOAD_CLASS_FAIL", className)).toString(),
-                    null, resp);
+                        new EAuthException(CMS.getUserMessage(getLocale(req), "CMS_AUTHENTICATION_LOAD_CLASS_FAIL", className)).toString(),
+                        null, resp);
                 return;
             } catch (InstantiationException e) {
                 // store a message in the signed audit log file
@@ -780,8 +782,8 @@ public class AuthAdminServlet extends AdminServlet {
 
                 instancesConfig.removeSubStore(id);
                 sendResponse(ERROR,
-                    new EAuthException(CMS.getUserMessage(getLocale(req),"CMS_AUTHENTICATION_LOAD_CLASS_FAIL", className)).toString(),
-                    null, resp);
+                        new EAuthException(CMS.getUserMessage(getLocale(req), "CMS_AUTHENTICATION_LOAD_CLASS_FAIL", className)).toString(),
+                        null, resp);
                 return;
             } catch (IllegalAccessException e) {
                 // store a message in the signed audit log file
@@ -795,8 +797,8 @@ public class AuthAdminServlet extends AdminServlet {
 
                 instancesConfig.removeSubStore(id);
                 sendResponse(ERROR,
-                    new EAuthException(CMS.getUserMessage(getLocale(req),"CMS_AUTHENTICATION_LOAD_CLASS_FAIL", className)).toString(),
-                    null, resp);
+                        new EAuthException(CMS.getUserMessage(getLocale(req), "CMS_AUTHENTICATION_LOAD_CLASS_FAIL", className)).toString(),
+                        null, resp);
                 return;
             }
 
@@ -835,16 +837,16 @@ public class AuthAdminServlet extends AdminServlet {
                 // clean up.
                 instancesConfig.removeSubStore(id);
                 sendResponse(ERROR,
-                    CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"),
-                    null, resp);
+                        CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"),
+                        null, resp);
                 return;
             }
 
             // inited and commited ok. now add manager instance to list.
             mAuths.add(id, authMgrInst);
 
-            mAuths.log(ILogger.LL_INFO, 
-                CMS.getLogMessage("ADMIN_SRVLT_AUTH_MGR_ADD", id));
+            mAuths.log(ILogger.LL_INFO,
+                    CMS.getLogMessage("ADMIN_SRVLT_AUTH_MGR_ADD", id));
 
             NameValuePairs params = new NameValuePairs();
 
@@ -886,22 +888,22 @@ public class AuthAdminServlet extends AdminServlet {
             // rethrow the specific exception to be handled later
             throw eAudit2;
             // } catch( ServletException eAudit3 ) {
-            //     // store a message in the signed audit log file
-            //     auditMessage = CMS.getLogMessage(
-            //                        LOGGING_SIGNED_AUDIT_CONFIG_AUTH,
-            //                        auditSubjectID,
-            //                        ILogger.FAILURE,
-            //                        auditParams( req ) );
+            // // store a message in the signed audit log file
+            // auditMessage = CMS.getLogMessage(
+            // LOGGING_SIGNED_AUDIT_CONFIG_AUTH,
+            // auditSubjectID,
+            // ILogger.FAILURE,
+            // auditParams( req ) );
             //
-            //     audit( auditMessage );
+            // audit( auditMessage );
             //
-            //     // rethrow the specific exception to be handled later
-            //     throw eAudit3;
+            // // rethrow the specific exception to be handled later
+            // throw eAudit3;
         }
     }
 
-    private synchronized void listAuthMgrPlugins(HttpServletRequest req, 
-        HttpServletResponse resp) throws ServletException, 
+    private synchronized void listAuthMgrPlugins(HttpServletRequest req,
+            HttpServletResponse resp) throws ServletException,
             IOException, EBaseException {
 
         NameValuePairs params = new NameValuePairs();
@@ -909,8 +911,8 @@ public class AuthAdminServlet extends AdminServlet {
 
         while (e.hasMoreElements()) {
             String name = (String) e.nextElement();
-            AuthMgrPlugin value = (AuthMgrPlugin) 
-                mAuths.getPlugins().get(name);
+            AuthMgrPlugin value = (AuthMgrPlugin)
+                    mAuths.getPlugins().get(name);
 
             if (value.isVisible()) {
                 params.add(name, value.getClassPath() + EDIT);
@@ -920,14 +922,13 @@ public class AuthAdminServlet extends AdminServlet {
         return;
     }
 
-    private synchronized void listAuthMgrInsts(HttpServletRequest req, 
-        HttpServletResponse resp) throws ServletException, 
+    private synchronized void listAuthMgrInsts(HttpServletRequest req,
+            HttpServletResponse resp) throws ServletException,
             IOException, EBaseException {
 
         NameValuePairs params = new NameValuePairs();
 
-        for (Enumeration<?> e = mAuths.getInstances().keys();
-            e.hasMoreElements();) {
+        for (Enumeration<?> e = mAuths.getInstances().keys(); e.hasMoreElements();) {
             String name = (String) e.nextElement();
             AuthManagerProxy proxy = (AuthManagerProxy) mAuths.getInstances().get(name);
             IAuthManager value = proxy.getAuthManager();
@@ -938,7 +939,7 @@ public class AuthAdminServlet extends AdminServlet {
             }
 
             AuthMgrPlugin amgrplugin = (AuthMgrPlugin)
-                mAuths.getPlugins().get(value.getImplName());
+                    mAuths.getPlugins().get(value.getImplName());
 
             if (!amgrplugin.isVisible()) {
                 params.add(name, value.getImplName() + ";invisible;" + enableStr);
@@ -953,21 +954,22 @@ public class AuthAdminServlet extends AdminServlet {
     /**
      * Delete authentication manager plug-in
      * <P>
-     *
+     * 
      * <ul>
      * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_AUTH used when configuring
      * authentication
      * </ul>
+     * 
      * @param req HTTP servlet request
      * @param resp HTTP servlet response
      * @param scope string used to obtain the contents of this authentication
-     * manager's substore
+     *            manager's substore
      * @exception ServletException a servlet error has occurred
      * @exception IOException an input/output error has occurred
      * @exception EBaseException an error has occurred
      */
-    private synchronized void delAuthMgrPlugin(HttpServletRequest req, 
-        HttpServletResponse resp, String scope) throws ServletException, 
+    private synchronized void delAuthMgrPlugin(HttpServletRequest req,
+            HttpServletResponse resp, String scope) throws ServletException,
             IOException, EBaseException {
 
         String auditMessage = null;
@@ -989,18 +991,18 @@ public class AuthAdminServlet extends AdminServlet {
 
                 audit(auditMessage);
 
-                //System.out.println("SRVLT_NULL_RS_ID");
+                // System.out.println("SRVLT_NULL_RS_ID");
                 sendResponse(ERROR,
-                    CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
-                    null, resp);
+                        CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
+                        null, resp);
                 return;
             }
 
             // prevent deletion of admin and agent.
             if (id.equals(IAuthSubsystem.PASSWDUSERDB_PLUGIN_ID) ||
-                id.equals(IAuthSubsystem.CERTUSERDB_PLUGIN_ID)) {
+                    id.equals(IAuthSubsystem.CERTUSERDB_PLUGIN_ID)) {
                 sendResponse(ERROR,
-                    CMS.getUserMessage(getLocale(req), "CMS_BASE_PERMISSION_DENIED"), null, resp);
+                        CMS.getUserMessage(getLocale(req), "CMS_BASE_PERMISSION_DENIED"), null, resp);
             }
 
             // does auth manager exist?
@@ -1015,15 +1017,14 @@ public class AuthAdminServlet extends AdminServlet {
                 audit(auditMessage);
 
                 sendResponse(ERROR,
-                    new EAuthMgrPluginNotFound(CMS.getUserMessage(getLocale(req), "CMS_AUTHENTICATION_DUP_MGR_PLUGIN_ID", id)).toString(),
-                    null, resp);
+                        new EAuthMgrPluginNotFound(CMS.getUserMessage(getLocale(req), "CMS_AUTHENTICATION_DUP_MGR_PLUGIN_ID", id)).toString(),
+                        null, resp);
                 return;
             }
 
             // first check if any instances from this auth manager
             // DON'T remove auth manager if any instance
-            for (Enumeration<?> e = mAuths.getInstances().keys();
-                e.hasMoreElements();) {
+            for (Enumeration<?> e = mAuths.getInstances().keys(); e.hasMoreElements();) {
                 IAuthManager authMgr = (IAuthManager) mAuths.get((String) e.nextElement());
 
                 if (authMgr.getImplName() == id) {
@@ -1037,19 +1038,19 @@ public class AuthAdminServlet extends AdminServlet {
                     audit(auditMessage);
 
                     sendResponse(ERROR,
-                        CMS.getUserMessage(getLocale(req),"CMS_AUTHENTICATION_MGR_IN_USE"),
-                        null, resp);
+                            CMS.getUserMessage(getLocale(req), "CMS_AUTHENTICATION_MGR_IN_USE"),
+                            null, resp);
                     return;
                 }
             }
-		
+
             // then delete this auth manager
             mAuths.getPlugins().remove((Object) id);
 
             IConfigStore destStore =
-                mConfig.getSubStore(DestDef.DEST_AUTH_ADMIN);
+                    mConfig.getSubStore(DestDef.DEST_AUTH_ADMIN);
             IConfigStore instancesConfig =
-                destStore.getSubStore(scope);
+                    destStore.getSubStore(scope);
 
             instancesConfig.removeSubStore(id);
             // commiting
@@ -1066,8 +1067,8 @@ public class AuthAdminServlet extends AdminServlet {
                 audit(auditMessage);
 
                 sendResponse(ERROR,
-                    CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"),
-                    null, resp);
+                        CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"),
+                        null, resp);
                 return;
             }
 
@@ -1083,17 +1084,17 @@ public class AuthAdminServlet extends AdminServlet {
             sendResponse(SUCCESS, null, params, resp);
             return;
             // } catch( EBaseException eAudit1 ) {
-            //     // store a message in the signed audit log file
-            //     auditMessage = CMS.getLogMessage(
-            //                        LOGGING_SIGNED_AUDIT_CONFIG_AUTH,
-            //                        auditSubjectID,
-            //                        ILogger.FAILURE,
-            //                        auditParams( req ) );
+            // // store a message in the signed audit log file
+            // auditMessage = CMS.getLogMessage(
+            // LOGGING_SIGNED_AUDIT_CONFIG_AUTH,
+            // auditSubjectID,
+            // ILogger.FAILURE,
+            // auditParams( req ) );
             //
-            //     audit( auditMessage );
+            // audit( auditMessage );
             //
-            //     // rethrow the specific exception to be handled later
-            //     throw eAudit1;
+            // // rethrow the specific exception to be handled later
+            // throw eAudit1;
         } catch (IOException eAudit2) {
             // store a message in the signed audit log file
             auditMessage = CMS.getLogMessage(
@@ -1107,38 +1108,39 @@ public class AuthAdminServlet extends AdminServlet {
             // rethrow the specific exception to be handled later
             throw eAudit2;
             // } catch( ServletException eAudit1 ) {
-            //     // store a message in the signed audit log file
-            //     auditMessage = CMS.getLogMessage(
-            //                        LOGGING_SIGNED_AUDIT_CONFIG_AUTH,
-            //                        auditSubjectID,
-            //                        ILogger.FAILURE,
-            //                        auditParams( req ) );
+            // // store a message in the signed audit log file
+            // auditMessage = CMS.getLogMessage(
+            // LOGGING_SIGNED_AUDIT_CONFIG_AUTH,
+            // auditSubjectID,
+            // ILogger.FAILURE,
+            // auditParams( req ) );
             //
-            //     audit( auditMessage );
+            // audit( auditMessage );
             //
-            //     // rethrow the specific exception to be handled later
-            //     throw eAudit1;
+            // // rethrow the specific exception to be handled later
+            // throw eAudit1;
         }
     }
 
     /**
      * Delete authentication manager instance
      * <P>
-     *
+     * 
      * <ul>
      * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_AUTH used when configuring
      * authentication
      * </ul>
+     * 
      * @param req HTTP servlet request
      * @param resp HTTP servlet response
      * @param scope string used to obtain the contents of this authentication
-     * manager's substore
+     *            manager's substore
      * @exception ServletException a servlet error has occurred
      * @exception IOException an input/output error has occurred
      * @exception EBaseException an error has occurred
      */
-    private synchronized void delAuthMgrInst(HttpServletRequest req, 
-        HttpServletResponse resp, String scope) throws ServletException, 
+    private synchronized void delAuthMgrInst(HttpServletRequest req,
+            HttpServletResponse resp, String scope) throws ServletException,
             IOException, EBaseException {
 
         String auditMessage = null;
@@ -1160,18 +1162,18 @@ public class AuthAdminServlet extends AdminServlet {
 
                 audit(auditMessage);
 
-                //System.out.println("SRVLT_NULL_RS_ID");
+                // System.out.println("SRVLT_NULL_RS_ID");
                 sendResponse(ERROR,
-                    CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
-                    null, resp);
+                        CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
+                        null, resp);
                 return;
             }
 
             // prevent deletion of admin and agent.
             if (id.equals(IAuthSubsystem.PASSWDUSERDB_AUTHMGR_ID) ||
-                id.equals(IAuthSubsystem.CERTUSERDB_AUTHMGR_ID)) {
+                    id.equals(IAuthSubsystem.CERTUSERDB_AUTHMGR_ID)) {
                 sendResponse(ERROR,
-                    CMS.getUserMessage(getLocale(req), "CMS_BASE_PERMISSION_DENIED"), null, resp);
+                        CMS.getUserMessage(getLocale(req), "CMS_BASE_PERMISSION_DENIED"), null, resp);
             }
 
             // does auth manager instance exist?
@@ -1186,23 +1188,23 @@ public class AuthAdminServlet extends AdminServlet {
                 audit(auditMessage);
 
                 sendResponse(ERROR,
-                    new EAuthMgrNotFound(CMS.getUserMessage(getLocale(req),"CMS_AUTHENTICATION_AUTHMGR_NOT_FOUND", id)).toString(),
-                    null, resp);
+                        new EAuthMgrNotFound(CMS.getUserMessage(getLocale(req), "CMS_AUTHENTICATION_AUTHMGR_NOT_FOUND", id)).toString(),
+                        null, resp);
                 return;
             }
 
             // only remove from memory
             // cannot shutdown because we don't keep track of whether it's
-            // being used. 
+            // being used.
             IAuthManager mgrInst = (IAuthManager) mAuths.get(id);
 
             mAuths.getInstances().remove((Object) id);
 
             // remove the configuration.
             IConfigStore destStore =
-                mConfig.getSubStore(DestDef.DEST_AUTH_ADMIN);
+                    mConfig.getSubStore(DestDef.DEST_AUTH_ADMIN);
             IConfigStore instancesConfig =
-                destStore.getSubStore(scope);
+                    destStore.getSubStore(scope);
 
             instancesConfig.removeSubStore(id);
             // commiting
@@ -1218,15 +1220,15 @@ public class AuthAdminServlet extends AdminServlet {
 
                 audit(auditMessage);
 
-                //System.out.println("SRVLT_FAIL_COMMIT");
+                // System.out.println("SRVLT_FAIL_COMMIT");
                 sendResponse(ERROR,
-                    CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"),
-                    null, resp);
+                        CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"),
+                        null, resp);
                 return;
             }
 
-            //This only works in the fact that we only support one instance per
-            //auth plugin.
+            // This only works in the fact that we only support one instance per
+            // auth plugin.
             ILdapAuthInfo authInfo = CMS.getLdapAuthInfo();
 
             authInfo.removePassword("Rule " + id);
@@ -1243,17 +1245,17 @@ public class AuthAdminServlet extends AdminServlet {
             sendResponse(SUCCESS, null, params, resp);
             return;
             // } catch( EBaseException eAudit1 ) {
-            //     // store a message in the signed audit log file
-            //     auditMessage = CMS.getLogMessage(
-            //                        LOGGING_SIGNED_AUDIT_CONFIG_AUTH,
-            //                        auditSubjectID,
-            //                        ILogger.FAILURE,
-            //                        auditParams( req ) );
+            // // store a message in the signed audit log file
+            // auditMessage = CMS.getLogMessage(
+            // LOGGING_SIGNED_AUDIT_CONFIG_AUTH,
+            // auditSubjectID,
+            // ILogger.FAILURE,
+            // auditParams( req ) );
             //
-            //     audit( auditMessage );
+            // audit( auditMessage );
             //
-            //     // rethrow the specific exception to be handled later
-            //     throw eAudit1;
+            // // rethrow the specific exception to be handled later
+            // throw eAudit1;
         } catch (IOException eAudit2) {
             // store a message in the signed audit log file
             auditMessage = CMS.getLogMessage(
@@ -1267,40 +1269,39 @@ public class AuthAdminServlet extends AdminServlet {
             // rethrow the specific exception to be handled later
             throw eAudit2;
             // } catch( ServletException eAudit3 ) {
-            //     // store a message in the signed audit log file
-            //     auditMessage = CMS.getLogMessage(
-            //                        LOGGING_SIGNED_AUDIT_CONFIG_AUTH,
-            //                        auditSubjectID,
-            //                        ILogger.FAILURE,
-            //                        auditParams( req ) );
+            // // store a message in the signed audit log file
+            // auditMessage = CMS.getLogMessage(
+            // LOGGING_SIGNED_AUDIT_CONFIG_AUTH,
+            // auditSubjectID,
+            // ILogger.FAILURE,
+            // auditParams( req ) );
             //
-            //     audit( auditMessage );
+            // audit( auditMessage );
             //
-            //     // rethrow the specific exception to be handled later
-            //     throw eAudit3;
+            // // rethrow the specific exception to be handled later
+            // throw eAudit3;
         }
     }
 
     /**
-     * used for getting the required configuration parameters (with
-     *	 possible default values) for a particular auth manager plugin
-     * implementation name specified in the RS_ID.  Actually, there is
-     *	 no logic in here to set any default value here...there's no
-     *	 default value for any parameter in this authentication subsystem
-     *	 at this point.  Later, if we do have one (or some), it can be
-     *	 added.  The interface remains the same.
+     * used for getting the required configuration parameters (with possible
+     * default values) for a particular auth manager plugin implementation name
+     * specified in the RS_ID. Actually, there is no logic in here to set any
+     * default value here...there's no default value for any parameter in this
+     * authentication subsystem at this point. Later, if we do have one (or
+     * some), it can be added. The interface remains the same.
      */
-    private synchronized void getConfig(HttpServletRequest req, 
-        HttpServletResponse resp)
-        throws ServletException, IOException, EBaseException {
+    private synchronized void getConfig(HttpServletRequest req,
+            HttpServletResponse resp)
+            throws ServletException, IOException, EBaseException {
 
         String implname = req.getParameter(Constants.RS_ID);
 
         if (implname == null) {
-            //System.out.println("SRVLT_NULL_RS_ID");
+            // System.out.println("SRVLT_NULL_RS_ID");
             sendResponse(ERROR,
-                CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
-                null, resp);
+                    CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
+                    null, resp);
             return;
         }
 
@@ -1318,25 +1319,25 @@ public class AuthAdminServlet extends AdminServlet {
         return;
     }
 
-    private synchronized void getInstConfig(HttpServletRequest req, 
-        HttpServletResponse resp) throws ServletException, 
+    private synchronized void getInstConfig(HttpServletRequest req,
+            HttpServletResponse resp) throws ServletException,
             IOException, EBaseException {
 
         String id = req.getParameter(Constants.RS_ID);
 
         if (id == null) {
-            //System.out.println("SRVLT_NULL_RS_ID");
+            // System.out.println("SRVLT_NULL_RS_ID");
             sendResponse(ERROR,
-                CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
-                null, resp);
+                    CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
+                    null, resp);
             return;
         }
 
         // does auth manager instance exist?
         if (mAuths.getInstances().containsKey(id) == false) {
             sendResponse(ERROR,
-                new EAuthMgrNotFound(CMS.getUserMessage(getLocale(req),"CMS_AUTHENTICATION_AUTHMGR_NOT_FOUND", id)).toString(),
-                null, resp);
+                    new EAuthMgrNotFound(CMS.getUserMessage(getLocale(req), "CMS_AUTHENTICATION_AUTHMGR_NOT_FOUND", id)).toString(),
+                    null, resp);
             return;
         }
 
@@ -1365,29 +1366,29 @@ public class AuthAdminServlet extends AdminServlet {
     }
 
     /**
-     * Modify authentication manager instance
-     * This will actually create a new instance with new configuration 
-     * parameters and replace the old instance if the new instance is
-     * created and initialized successfully.
-     * The old instance is left running, so this is very expensive.
-     * Restart of server recommended.
+     * Modify authentication manager instance This will actually create a new
+     * instance with new configuration parameters and replace the old instance
+     * if the new instance is created and initialized successfully. The old
+     * instance is left running, so this is very expensive. Restart of server
+     * recommended.
      * <P>
-     *
+     * 
      * <ul>
      * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_AUTH used when configuring
      * authentication
      * </ul>
+     * 
      * @param req HTTP servlet request
      * @param resp HTTP servlet response
      * @param scope string used to obtain the contents of this authentication
-     * manager's substore
+     *            manager's substore
      * @exception ServletException a servlet error has occurred
      * @exception IOException an input/output error has occurred
      * @exception EBaseException an error has occurred
      */
-    private synchronized void modAuthMgrInst(HttpServletRequest req, 
-        HttpServletResponse resp, String scope)
-        throws ServletException, IOException, EBaseException {
+    private synchronized void modAuthMgrInst(HttpServletRequest req,
+            HttpServletResponse resp, String scope)
+            throws ServletException, IOException, EBaseException {
 
         // expensive operation.
 
@@ -1409,18 +1410,18 @@ public class AuthAdminServlet extends AdminServlet {
 
                 audit(auditMessage);
 
-                //System.out.println("SRVLT_NULL_RS_ID");
+                // System.out.println("SRVLT_NULL_RS_ID");
                 sendResponse(ERROR,
-                    CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
-                    null, resp);
+                        CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
+                        null, resp);
                 return;
             }
 
             // prevent modification of admin and agent.
             if (id.equals(IAuthSubsystem.PASSWDUSERDB_AUTHMGR_ID) ||
-                id.equals(IAuthSubsystem.CERTUSERDB_AUTHMGR_ID)) {
+                    id.equals(IAuthSubsystem.CERTUSERDB_AUTHMGR_ID)) {
                 sendResponse(ERROR,
-                    CMS.getUserMessage(getLocale(req), "CMS_BASE_PERMISSION_DENIED"), null, resp);
+                        CMS.getUserMessage(getLocale(req), "CMS_BASE_PERMISSION_DENIED"), null, resp);
             }
 
             // Does the manager instance exist?
@@ -1435,8 +1436,8 @@ public class AuthAdminServlet extends AdminServlet {
                 audit(auditMessage);
 
                 sendResponse(ERROR,
-                    CMS.getUserMessage("CMS_AUTHENTICATION_MGR_IMPL_NOT_FOUND"),
-                    null, resp);
+                        CMS.getUserMessage("CMS_AUTHENTICATION_MGR_IMPL_NOT_FOUND"),
+                        null, resp);
                 return;
             }
 
@@ -1454,14 +1455,14 @@ public class AuthAdminServlet extends AdminServlet {
                 audit(auditMessage);
 
                 sendResponse(ERROR,
-                    CMS.getUserMessage("CMS_AUTHENTICATION_MISSING_PARAMS"),
-                    null, resp);
+                        CMS.getUserMessage("CMS_AUTHENTICATION_MISSING_PARAMS"),
+                        null, resp);
                 return;
             }
 
-            // get plugin for implementation 
+            // get plugin for implementation
             AuthMgrPlugin plugin =
-                (AuthMgrPlugin) mAuths.getPlugins().get(implname);
+                    (AuthMgrPlugin) mAuths.getPlugins().get(implname);
 
             if (plugin == null) {
                 // store a message in the signed audit log file
@@ -1474,15 +1475,15 @@ public class AuthAdminServlet extends AdminServlet {
                 audit(auditMessage);
 
                 sendResponse(ERROR,
-                    new EAuthMgrPluginNotFound(CMS.getUserMessage(getLocale(req),"CMS_AUTHENTICATION_AUTHMGR_NOT_FOUND", implname)).toString(),
-                    null, resp);
+                        new EAuthMgrPluginNotFound(CMS.getUserMessage(getLocale(req), "CMS_AUTHENTICATION_AUTHMGR_NOT_FOUND", implname)).toString(),
+                        null, resp);
                 return;
             }
 
-            // save old instance substore params in case new one fails. 
+            // save old instance substore params in case new one fails.
 
-            IAuthManager oldinst = 
-                (IAuthManager) mAuths.get(id);
+            IAuthManager oldinst =
+                    (IAuthManager) mAuths.get(id);
             IConfigStore oldConfig = oldinst.getConfigStore();
 
             String[] oldConfigParms = oldinst.getConfigParams();
@@ -1490,7 +1491,7 @@ public class AuthAdminServlet extends AdminServlet {
 
             // implName is always required so always include it it.
             saveParams.add(IAuthSubsystem.PROP_PLUGIN,
-                (String) oldConfig.get(IAuthSubsystem.PROP_PLUGIN));
+                    (String) oldConfig.get(IAuthSubsystem.PROP_PLUGIN));
             if (oldConfigParms != null) {
                 for (int i = 0; i < oldConfigParms.length; i++) {
                     String key = oldConfigParms[i];
@@ -1507,9 +1508,9 @@ public class AuthAdminServlet extends AdminServlet {
             // remove old substore.
 
             IConfigStore destStore =
-                mConfig.getSubStore(DestDef.DEST_AUTH_ADMIN);
+                    mConfig.getSubStore(DestDef.DEST_AUTH_ADMIN);
             IConfigStore instancesConfig =
-                destStore.getSubStore(scope);
+                    destStore.getSubStore(scope);
 
             instancesConfig.removeSubStore(id);
 
@@ -1551,8 +1552,8 @@ public class AuthAdminServlet extends AdminServlet {
                 // cleanup
                 restore(instancesConfig, id, saveParams);
                 sendResponse(ERROR,
-                    new EAuthException(CMS.getUserMessage(getLocale(req),"CMS_AUTHENTICATION_LOAD_CLASS_FAIL", className)).toString(),
-                    null, resp);
+                        new EAuthException(CMS.getUserMessage(getLocale(req), "CMS_AUTHENTICATION_LOAD_CLASS_FAIL", className)).toString(),
+                        null, resp);
                 return;
             } catch (InstantiationException e) {
                 // store a message in the signed audit log file
@@ -1566,8 +1567,8 @@ public class AuthAdminServlet extends AdminServlet {
 
                 restore(instancesConfig, id, saveParams);
                 sendResponse(ERROR,
-                    new EAuthException(CMS.getUserMessage(getLocale(req),"CMS_AUTHENTICATION_LOAD_CLASS_FAIL", className)).toString(),
-                    null, resp);
+                        new EAuthException(CMS.getUserMessage(getLocale(req), "CMS_AUTHENTICATION_LOAD_CLASS_FAIL", className)).toString(),
+                        null, resp);
                 return;
             } catch (IllegalAccessException e) {
                 // store a message in the signed audit log file
@@ -1581,8 +1582,8 @@ public class AuthAdminServlet extends AdminServlet {
 
                 restore(instancesConfig, id, saveParams);
                 sendResponse(ERROR,
-                    new EAuthException(CMS.getUserMessage(getLocale(req),"CMS_AUTHENTICATION_LOAD_CLASS_FAIL", className)).toString(),
-                    null, resp);
+                        new EAuthException(CMS.getUserMessage(getLocale(req), "CMS_AUTHENTICATION_LOAD_CLASS_FAIL", className)).toString(),
+                        null, resp);
                 return;
             }
 
@@ -1606,7 +1607,7 @@ public class AuthAdminServlet extends AdminServlet {
                 return;
             }
 
-            // initialized ok.  commiting
+            // initialized ok. commiting
             try {
                 mConfig.commit(true);
             } catch (EBaseException e) {
@@ -1621,10 +1622,10 @@ public class AuthAdminServlet extends AdminServlet {
 
                 // clean up.
                 restore(instancesConfig, id, saveParams);
-                //System.out.println("SRVLT_FAIL_COMMIT");
+                // System.out.println("SRVLT_FAIL_COMMIT");
                 sendResponse(ERROR,
-                    CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"),
-                    null, resp);
+                        CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"),
+                        null, resp);
                 return;
             }
 
@@ -1632,8 +1633,8 @@ public class AuthAdminServlet extends AdminServlet {
 
             mAuths.add(id, newMgrInst);
 
-            mAuths.log(ILogger.LL_INFO, 
-                CMS.getLogMessage("ADMIN_SRVLT_AUTH_MGR_REPL", id));
+            mAuths.log(ILogger.LL_INFO,
+                    CMS.getLogMessage("ADMIN_SRVLT_AUTH_MGR_REPL", id));
 
             NameValuePairs params = new NameValuePairs();
 
@@ -1673,23 +1674,23 @@ public class AuthAdminServlet extends AdminServlet {
             // rethrow the specific exception to be handled later
             throw eAudit2;
             // } catch( ServletException eAudit3 ) {
-            //     // store a message in the signed audit log file
-            //     auditMessage = CMS.getLogMessage(
-            //                        LOGGING_SIGNED_AUDIT_CONFIG_AUTH,
-            //                        auditSubjectID,
-            //                        ILogger.FAILURE,
-            //                        auditParams( req ) );
+            // // store a message in the signed audit log file
+            // auditMessage = CMS.getLogMessage(
+            // LOGGING_SIGNED_AUDIT_CONFIG_AUTH,
+            // auditSubjectID,
+            // ILogger.FAILURE,
+            // auditParams( req ) );
             //
-            //     audit( auditMessage );
+            // audit( auditMessage );
             //
-            //     // rethrow the specific exception to be handled later
-            //     throw eAudit3;
+            // // rethrow the specific exception to be handled later
+            // throw eAudit3;
         }
     }
 
     // convenience routine.
-    private static void restore(IConfigStore store, 
-        String id, NameValuePairs saveParams) {
+    private static void restore(IConfigStore store,
+            String id, NameValuePairs saveParams) {
         store.removeSubStore(id);
         IConfigStore rstore = store.makeSubStore(id);
 
@@ -1699,7 +1700,7 @@ public class AuthAdminServlet extends AdminServlet {
             String key = (String) keys.nextElement();
             String value = saveParams.getValue(key);
 
-            if (value != null) 
+            if (value != null)
                 rstore.put(key, value);
         }
     }
diff --git a/pki/base/common/src/com/netscape/cms/servlet/admin/AuthCredentials.java b/pki/base/common/src/com/netscape/cms/servlet/admin/AuthCredentials.java
index bfa9cccd..cca86dce 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/admin/AuthCredentials.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/admin/AuthCredentials.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.servlet.admin;
 
-
 import java.util.Enumeration;
 import java.util.Hashtable;
 
@@ -25,11 +24,10 @@ import com.netscape.certsrv.authentication.IAuthCredentials;
 import com.netscape.certsrv.base.EBaseException;
 import com.netscape.certsrv.base.IArgBlock;
 
-
 /**
  * Authentication Credentials as input to the authMgr
  * <P>
- *
+ * 
  * @version $Revision$, $Date$
  */
 public class AuthCredentials implements IAuthCredentials {
@@ -38,21 +36,23 @@ public class AuthCredentials implements IAuthCredentials {
      */
     private static final long serialVersionUID = -6938644716486895814L;
     private Hashtable authCreds = null;
-    // Inserted by bskim 
+    // Inserted by bskim
     private IArgBlock argblk = null;
+
     // Insert end
-    
+
     public AuthCredentials() {
         authCreds = new Hashtable();
     }
 
     /**
      * sets a credential with credential name and the credential
+     * 
      * @param name credential name
      * @param cred credential
      * @exception com.netscape.certsrv.base.EBaseException NullPointerException
      */
-    public void set(String name, Object cred)throws EBaseException {
+    public void set(String name, Object cred) throws EBaseException {
         if (cred == null) {
             throw new EBaseException("AuthCredentials.set()");
         }
@@ -62,7 +62,8 @@ public class AuthCredentials implements IAuthCredentials {
 
     /**
      * returns the credential to which the specified name is mapped in this
-     *	 credential set
+     * credential set
+     * 
      * @param name credential name
      * @return the named authentication credential
      */
@@ -71,9 +72,10 @@ public class AuthCredentials implements IAuthCredentials {
     }
 
     /**
-     * removes the name and its corresponding credential from this
-     *	 credential set.  This method does nothing if the named
-     *	 credential is not in the credential set.
+     * removes the name and its corresponding credential from this credential
+     * set. This method does nothing if the named credential is not in the
+     * credential set.
+     * 
      * @param name credential name
      */
     public void delete(String name) {
@@ -81,27 +83,27 @@ public class AuthCredentials implements IAuthCredentials {
     }
 
     /**
-     * returns an enumeration of the credentials in this credential
-     *	 set.  Use the Enumeration methods on the returned object to
-     *	 fetch the elements sequentially.
+     * returns an enumeration of the credentials in this credential set. Use the
+     * Enumeration methods on the returned object to fetch the elements
+     * sequentially.
+     * 
      * @return an enumeration of the values in this credential set
      * @see java.util.Enumeration
      */
     public Enumeration getElements() {
         return (authCreds.elements());
     }
-    
+
     // Inserted by bskim
     public void setArgBlock(IArgBlock blk) {
         argblk = blk;
         return;
-    }        
+    }
 
     // Insert end
-    
+
     public IArgBlock getArgBlock() {
         return argblk;
-    }        
+    }
     // Insert end
 }
-
diff --git a/pki/base/common/src/com/netscape/cms/servlet/admin/CAAdminServlet.java b/pki/base/common/src/com/netscape/cms/servlet/admin/CAAdminServlet.java
index 0ae51ce4..a70d5130 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/admin/CAAdminServlet.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/admin/CAAdminServlet.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.servlet.admin;
 
-
 import java.io.File;
 import java.io.IOException;
 import java.net.UnknownHostException;
@@ -45,13 +44,11 @@ import com.netscape.certsrv.logging.ILogger;
 import com.netscape.certsrv.request.IRequestListener;
 import com.netscape.cmsutil.util.Utils;
 
-
 /**
- * A class representings an administration servlet for Certificate
- * Authority. This servlet is responsible to serve CA 
- * administrative operations such as configuration parameter 
- * updates.
- *
+ * A class representings an administration servlet for Certificate Authority.
+ * This servlet is responsible to serve CA administrative operations such as
+ * configuration parameter updates.
+ * 
  * @version $Revision$, $Date$
  */
 public class CAAdminServlet extends AdminServlet {
@@ -66,7 +63,7 @@ public class CAAdminServlet extends AdminServlet {
     private final static String INFO = "CAAdminServlet";
 
     private final static String LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE =
-        "LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE_3";
+            "LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE_3";
 
     private ICertificateAuthority mCA = null;
     protected static final String PROP_ENABLED = "enabled";
@@ -94,22 +91,22 @@ public class CAAdminServlet extends AdminServlet {
     }
 
     /**
-     * Serves HTTP request. Each request is authenticated to
-     * the authenticate manager.
+     * Serves HTTP request. Each request is authenticated to the authenticate
+     * manager.
      */
     public void service(HttpServletRequest req, HttpServletResponse resp)
-        throws ServletException, IOException {
+            throws ServletException, IOException {
         super.service(req, resp);
-			    
-        //get all operational flags
+
+        // get all operational flags
         String op = req.getParameter(Constants.OP_TYPE);
         String scope = req.getParameter(Constants.OP_SCOPE);
 
-        //check operational flags
+        // check operational flags
         if ((op == null) || (scope == null)) {
             sendResponse(1, "Invalid Protocol", null, resp);
             return;
-        }			    
+        }
 
         super.authenticate(req);
 
@@ -120,8 +117,8 @@ public class CAAdminServlet extends AdminServlet {
                     mOp = "read";
                     if ((mToken = super.authorize(req)) == null) {
                         sendResponse(ERROR,
-                          CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
-                            null, resp);
+                                CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
+                                null, resp);
                         return;
                     }
                     getExtendedPluginInfo(req, resp);
@@ -135,8 +132,8 @@ public class CAAdminServlet extends AdminServlet {
                 mOp = "read";
                 if ((mToken = super.authorize(req)) == null) {
                     sendResponse(ERROR,
-                        CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
-                        null, resp);
+                            CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
+                            null, resp);
                     return;
                 }
                 if (scope.equals(ScopeDef.SC_GENERAL))
@@ -159,8 +156,8 @@ public class CAAdminServlet extends AdminServlet {
                 mOp = "modify";
                 if ((mToken = super.authorize(req)) == null) {
                     sendResponse(ERROR,
-                        CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
-                        null, resp);
+                            CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
+                            null, resp);
                     return;
                 }
                 if (scope.equals(ScopeDef.SC_GENERAL))
@@ -171,9 +168,9 @@ public class CAAdminServlet extends AdminServlet {
                     setCRLIPsConfig(req, resp);
                 else if (scope.equals(ScopeDef.SC_CRL))
                     setCRLConfig(req, resp);
-                else if (scope.equals(ScopeDef.SC_NOTIFICATION_REQ_COMP)) 
+                else if (scope.equals(ScopeDef.SC_NOTIFICATION_REQ_COMP))
                     setNotificationReqCompConfig(req, resp);
-                else if (scope.equals(ScopeDef.SC_NOTIFICATION_REV_COMP)) 
+                else if (scope.equals(ScopeDef.SC_NOTIFICATION_REV_COMP))
                     setNotificationRevCompConfig(req, resp);
                 else if (scope.equals(ScopeDef.SC_NOTIFICATION_RIQ))
                     setNotificationRIQConfig(req, resp);
@@ -183,8 +180,8 @@ public class CAAdminServlet extends AdminServlet {
                 mOp = "read";
                 if ((mToken = super.authorize(req)) == null) {
                     sendResponse(ERROR,
-                        CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
-                        null, resp);
+                            CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
+                            null, resp);
                     return;
                 }
                 if (scope.equals(ScopeDef.SC_CRLEXTS_RULES))
@@ -195,8 +192,8 @@ public class CAAdminServlet extends AdminServlet {
                 mOp = "modify";
                 if ((mToken = super.authorize(req)) == null) {
                     sendResponse(ERROR,
-                        CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
-                        null, resp);
+                            CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
+                            null, resp);
                     return;
                 }
                 if (scope.equals(ScopeDef.SC_CRLIPS))
@@ -205,8 +202,8 @@ public class CAAdminServlet extends AdminServlet {
                 mOp = "modify";
                 if ((mToken = super.authorize(req)) == null) {
                     sendResponse(ERROR,
-                        CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
-                        null, resp);
+                            CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
+                            null, resp);
                     return;
                 }
                 if (scope.equals(ScopeDef.SC_CRLIPS))
@@ -220,23 +217,24 @@ public class CAAdminServlet extends AdminServlet {
         }
     }
 
-    /*==========================================================
-     * private methods
-     *==========================================================*/
-    
+    /*
+     * ========================================================== private
+     * methods==========================================================
+     */
+
     /*
      * handle request completion (cert issued) notification config requests
      */
     private void getNotificationCompConfig(HttpServletRequest req,
-        HttpServletResponse resp, IConfigStore rc) throws ServletException,
+            HttpServletResponse resp, IConfigStore rc) throws ServletException,
             IOException, EBaseException {
-         
+
         NameValuePairs params = new NameValuePairs();
         Enumeration e = req.getParameterNames();
-        
+
         while (e.hasMoreElements()) {
             String name = (String) e.nextElement();
-            
+
             if (name.equals(Constants.OP_TYPE))
                 continue;
             if (name.equals(Constants.RS_ID))
@@ -247,33 +245,33 @@ public class CAAdminServlet extends AdminServlet {
                 continue;
             params.add(name, rc.getString(name, ""));
         }
-        
+
         params.add(Constants.PR_ENABLE,
-            rc.getString(PROP_ENABLED, Constants.FALSE));
+                rc.getString(PROP_ENABLED, Constants.FALSE));
         sendResponse(SUCCESS, null, params, resp);
     }
-    
+
     private void getNotificationRevCompConfig(HttpServletRequest req,
-        HttpServletResponse resp) throws ServletException,
+            HttpServletResponse resp) throws ServletException,
             IOException, EBaseException {
-        
+
         IConfigStore config = mCA.getConfigStore();
         IConfigStore nc =
-            config.getSubStore(ICertificateAuthority.PROP_NOTIFY_SUBSTORE);
+                config.getSubStore(ICertificateAuthority.PROP_NOTIFY_SUBSTORE);
         IConfigStore rc = nc.getSubStore(ICertificateAuthority.PROP_CERT_REVOKED_SUBSTORE);
-        
+
         getNotificationCompConfig(req, resp, rc);
     }
-    
+
     private void getNotificationReqCompConfig(HttpServletRequest req,
-        HttpServletResponse resp) throws ServletException,
+            HttpServletResponse resp) throws ServletException,
             IOException, EBaseException {
-        
+
         IConfigStore config = mCA.getConfigStore();
         IConfigStore nc =
-            config.getSubStore(ICertificateAuthority.PROP_NOTIFY_SUBSTORE);
+                config.getSubStore(ICertificateAuthority.PROP_NOTIFY_SUBSTORE);
         IConfigStore rc = nc.getSubStore(ICertificateAuthority.PROP_CERT_ISSUED_SUBSTORE);
-        
+
         getNotificationCompConfig(req, resp, rc);
     }
 
@@ -281,14 +279,14 @@ public class CAAdminServlet extends AdminServlet {
      * handle getting request in queue notification config info
      */
     private void getNotificationRIQConfig(HttpServletRequest req,
-        HttpServletResponse resp) throws ServletException,
+            HttpServletResponse resp) throws ServletException,
             IOException, EBaseException {
 
         NameValuePairs params = new NameValuePairs();
 
         IConfigStore config = mCA.getConfigStore();
         IConfigStore nc =
-            config.getSubStore(ICertificateAuthority.PROP_NOTIFY_SUBSTORE);
+                config.getSubStore(ICertificateAuthority.PROP_NOTIFY_SUBSTORE);
 
         IConfigStore riq = nc.getSubStore(ICertificateAuthority.PROP_REQ_IN_Q_SUBSTORE);
 
@@ -308,8 +306,8 @@ public class CAAdminServlet extends AdminServlet {
             params.add(name, riq.getString(name, ""));
         }
 
-        params.add(Constants.PR_ENABLE, 
-            riq.getString(PROP_ENABLED, Constants.FALSE));
+        params.add(Constants.PR_ENABLE,
+                riq.getString(PROP_ENABLED, Constants.FALSE));
         sendResponse(SUCCESS, null, params, resp);
     }
 
@@ -317,15 +315,15 @@ public class CAAdminServlet extends AdminServlet {
      * handle setting request in queue notification config info
      */
     private void setNotificationRIQConfig(HttpServletRequest req,
-        HttpServletResponse resp) throws ServletException,
+            HttpServletResponse resp) throws ServletException,
             IOException, EBaseException {
         IConfigStore config = mCA.getConfigStore();
         IConfigStore nc =
-            config.getSubStore(ICertificateAuthority.PROP_NOTIFY_SUBSTORE);
+                config.getSubStore(ICertificateAuthority.PROP_NOTIFY_SUBSTORE);
 
         IConfigStore riq = nc.getSubStore(ICertificateAuthority.PROP_REQ_IN_Q_SUBSTORE);
 
-        //set rest of the parameters
+        // set rest of the parameters
         Enumeration e = req.getParameterNames();
 
         while (e.hasMoreElements()) {
@@ -346,15 +344,15 @@ public class CAAdminServlet extends AdminServlet {
                 File template = new File(val);
 
                 if ((!template.exists()) || (!template.canRead())
-                    || (template.isDirectory())) {
+                        || (template.isDirectory())) {
                     String error =
-                        "Template: " + val + " does not exist or invalid";
+                            "Template: " + val + " does not exist or invalid";
 
                     log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_INVALID_PATH"));
 
                     sendResponse(ERROR,
-                        CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_PATH"),
-                        null, resp);
+                            CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_PATH"),
+                            null, resp);
                     return;
                 }
             }
@@ -377,10 +375,10 @@ public class CAAdminServlet extends AdminServlet {
      * handle setting request complete notification config info
      */
     private void setNotificationCompConfig(HttpServletRequest req,
-        HttpServletResponse resp, IConfigStore rc, IRequestListener thisListener) throws ServletException,
+            HttpServletResponse resp, IConfigStore rc, IRequestListener thisListener) throws ServletException,
             IOException, EBaseException {
- 
-        //set rest of the parameters
+
+        // set rest of the parameters
         Enumeration e = req.getParameterNames();
 
         while (e.hasMoreElements()) {
@@ -401,15 +399,15 @@ public class CAAdminServlet extends AdminServlet {
                 File template = new File(val);
 
                 if ((!template.exists()) || (!template.canRead())
-                    || (template.isDirectory())) {
+                        || (template.isDirectory())) {
                     String error =
-                        "Template: " + val + " does not exist or invalid";
+                            "Template: " + val + " does not exist or invalid";
 
                     log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_INVALID_PATH"));
 
                     sendResponse(ERROR,
-                        CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_PATH"),
-                        null, resp);
+                            CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_PATH"),
+                            null, resp);
                     return;
                 }
             }
@@ -429,23 +427,23 @@ public class CAAdminServlet extends AdminServlet {
     }
 
     private void setNotificationRevCompConfig(HttpServletRequest req,
-        HttpServletResponse resp) throws ServletException,
+            HttpServletResponse resp) throws ServletException,
             IOException, EBaseException {
         IConfigStore config = mCA.getConfigStore();
         IConfigStore nc =
-            config.getSubStore(ICertificateAuthority.PROP_NOTIFY_SUBSTORE);
+                config.getSubStore(ICertificateAuthority.PROP_NOTIFY_SUBSTORE);
 
-        IConfigStore rc = nc.getSubStore(ICertificateAuthority.PROP_CERT_REVOKED_SUBSTORE);  
+        IConfigStore rc = nc.getSubStore(ICertificateAuthority.PROP_CERT_REVOKED_SUBSTORE);
 
         setNotificationCompConfig(req, resp, rc, mCA.getCertRevokedListener());
-    }            
+    }
 
     private void setNotificationReqCompConfig(HttpServletRequest req,
-        HttpServletResponse resp) throws ServletException,
+            HttpServletResponse resp) throws ServletException,
             IOException, EBaseException {
         IConfigStore config = mCA.getConfigStore();
         IConfigStore nc =
-            config.getSubStore(ICertificateAuthority.PROP_NOTIFY_SUBSTORE);
+                config.getSubStore(ICertificateAuthority.PROP_NOTIFY_SUBSTORE);
 
         IConfigStore rc = nc.getSubStore(ICertificateAuthority.PROP_CERT_ISSUED_SUBSTORE);
 
@@ -454,8 +452,8 @@ public class CAAdminServlet extends AdminServlet {
     }
 
     private void listCRLIPsConfig(HttpServletRequest req,
-        HttpServletResponse resp)
-        throws ServletException, IOException, EBaseException {
+            HttpServletResponse resp)
+            throws ServletException, IOException, EBaseException {
         NameValuePairs params = new NameValuePairs();
 
         Enumeration ips = mCA.getCRLIssuingPoints();
@@ -469,16 +467,16 @@ public class CAAdminServlet extends AdminServlet {
                 if (ipId != null && ipId.length() > 0)
                     params.add(ipId, ip.getDescription());
                 params.add(ipId + "." + Constants.PR_ENABLED,
-                    (Boolean.valueOf(ip.isCRLIssuingPointEnabled())).toString());
+                        (Boolean.valueOf(ip.isCRLIssuingPointEnabled())).toString());
             }
         }
-            
+
         sendResponse(SUCCESS, null, params, resp);
     }
 
     private void getCRLIPsConfig(HttpServletRequest req,
-        HttpServletResponse resp)
-        throws ServletException, IOException, EBaseException {
+            HttpServletResponse resp)
+            throws ServletException, IOException, EBaseException {
         NameValuePairs params = new NameValuePairs();
 
         String id = req.getParameter(Constants.RS_ID);
@@ -518,11 +516,12 @@ public class CAAdminServlet extends AdminServlet {
     /**
      * Add CRL issuing points configuration
      * <P>
-     *
+     * 
      * <ul>
      * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE used when
      * configuring CRL profile (extensions, frequency, CRL format)
      * </ul>
+     * 
      * @param req HTTP servlet request
      * @param resp HTTP servlet response
      * @exception ServletException a servlet error has occurred
@@ -530,8 +529,8 @@ public class CAAdminServlet extends AdminServlet {
      * @exception EBaseException an error has occurred
      */
     private void addCRLIPsConfig(HttpServletRequest req,
-        HttpServletResponse resp)
-        throws ServletException, IOException, EBaseException {
+            HttpServletResponse resp)
+            throws ServletException, IOException, EBaseException {
         String auditMessage = null;
         String auditSubjectID = auditSubjectID();
 
@@ -578,7 +577,7 @@ public class CAAdminServlet extends AdminServlet {
             boolean enable = true;
 
             if (sEnable != null && sEnable.length() > 0 &&
-                sEnable.equalsIgnoreCase(Constants.FALSE)) {
+                    sEnable.equalsIgnoreCase(Constants.FALSE)) {
                 enable = false;
                 params.add(Constants.PR_ENABLED, Constants.FALSE);
             } else {
@@ -586,7 +585,7 @@ public class CAAdminServlet extends AdminServlet {
             }
 
             IConfigStore crlSubStore =
-                mCA.getConfigStore().getSubStore(ICertificateAuthority.PROP_CRL_SUBSTORE);
+                    mCA.getConfigStore().getSubStore(ICertificateAuthority.PROP_CRL_SUBSTORE);
             Enumeration crlNames = crlSubStore.getSubStoreNames();
 
             while (crlNames.hasMoreElements()) {
@@ -656,28 +655,29 @@ public class CAAdminServlet extends AdminServlet {
             // rethrow the specific exception to be handled later
             throw eAudit2;
             // } catch( ServletException eAudit3 ) {
-            //     // store a message in the signed audit log file
-            //     auditMessage = CMS.getLogMessage(
-            //                        LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE,
-            //                        auditSubjectID,
-            //                        ILogger.FAILURE,
-            //                        auditParams( req ) );
+            // // store a message in the signed audit log file
+            // auditMessage = CMS.getLogMessage(
+            // LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE,
+            // auditSubjectID,
+            // ILogger.FAILURE,
+            // auditParams( req ) );
             //
-            //     audit( auditMessage );
+            // audit( auditMessage );
             //
-            //     // rethrow the specific exception to be handled later
-            //     throw eAudit3;
+            // // rethrow the specific exception to be handled later
+            // throw eAudit3;
         }
     }
 
     /**
      * Set CRL issuing points configuration
      * <P>
-     *
+     * 
      * <ul>
      * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE used when
      * configuring CRL profile (extensions, frequency, CRL format)
      * </ul>
+     * 
      * @param req HTTP servlet request
      * @param resp HTTP servlet response
      * @exception ServletException a servlet error has occurred
@@ -685,8 +685,8 @@ public class CAAdminServlet extends AdminServlet {
      * @exception EBaseException an error has occurred
      */
     private void setCRLIPsConfig(HttpServletRequest req,
-        HttpServletResponse resp)
-        throws ServletException, IOException, EBaseException {
+            HttpServletResponse resp)
+            throws ServletException, IOException, EBaseException {
         String auditMessage = null;
         String auditSubjectID = auditSubjectID();
 
@@ -733,7 +733,7 @@ public class CAAdminServlet extends AdminServlet {
             boolean enable = true;
 
             if (sEnable != null && sEnable.length() > 0 &&
-                sEnable.equalsIgnoreCase(Constants.FALSE)) {
+                    sEnable.equalsIgnoreCase(Constants.FALSE)) {
                 enable = false;
                 params.add(Constants.PR_ENABLED, Constants.FALSE);
             } else {
@@ -741,7 +741,7 @@ public class CAAdminServlet extends AdminServlet {
             }
 
             IConfigStore crlSubStore =
-                mCA.getConfigStore().getSubStore(ICertificateAuthority.PROP_CRL_SUBSTORE);
+                    mCA.getConfigStore().getSubStore(ICertificateAuthority.PROP_CRL_SUBSTORE);
             boolean done = false;
             Enumeration crlNames = crlSubStore.getSubStoreNames();
 
@@ -759,8 +759,8 @@ public class CAAdminServlet extends AdminServlet {
 
                     if (c != null) {
                         c.putString(Constants.PR_DESCRIPTION, desc);
-                        c.putString(Constants.PR_ENABLED, 
-                            (enable) ? Constants.TRUE : Constants.FALSE);
+                        c.putString(Constants.PR_ENABLED,
+                                (enable) ? Constants.TRUE : Constants.FALSE);
                     }
                     done = true;
                     break;
@@ -816,28 +816,29 @@ public class CAAdminServlet extends AdminServlet {
             // rethrow the specific exception to be handled later
             throw eAudit2;
             // } catch( ServletException eAudit3 ) {
-            //     // store a message in the signed audit log file
-            //     auditMessage = CMS.getLogMessage(
-            //                        LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE,
-            //                        auditSubjectID,
-            //                        ILogger.FAILURE,
-            //                        auditParams( req ) );
+            // // store a message in the signed audit log file
+            // auditMessage = CMS.getLogMessage(
+            // LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE,
+            // auditSubjectID,
+            // ILogger.FAILURE,
+            // auditParams( req ) );
             //
-            //     audit( auditMessage );
+            // audit( auditMessage );
             //
-            //     // rethrow the specific exception to be handled later
-            //     throw eAudit3;
+            // // rethrow the specific exception to be handled later
+            // throw eAudit3;
         }
     }
 
     /**
      * Delete CRL issuing points configuration
      * <P>
-     *
+     * 
      * <ul>
      * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE used when
      * configuring CRL profile (extensions, frequency, CRL format)
      * </ul>
+     * 
      * @param req HTTP servlet request
      * @param resp HTTP servlet response
      * @exception ServletException a servlet error has occurred
@@ -845,8 +846,8 @@ public class CAAdminServlet extends AdminServlet {
      * @exception EBaseException an error has occurred
      */
     private void deleteCRLIPsConfig(HttpServletRequest req,
-        HttpServletResponse resp)
-        throws ServletException, IOException, EBaseException {
+            HttpServletResponse resp)
+            throws ServletException, IOException, EBaseException {
         String auditMessage = null;
         String auditSubjectID = auditSubjectID();
 
@@ -859,7 +860,7 @@ public class CAAdminServlet extends AdminServlet {
 
             if (id != null && id.length() > 0) {
                 IConfigStore crlSubStore =
-                    mCA.getConfigStore().getSubStore(ICertificateAuthority.PROP_CRL_SUBSTORE);
+                        mCA.getConfigStore().getSubStore(ICertificateAuthority.PROP_CRL_SUBSTORE);
                 boolean done = false;
                 Enumeration crlNames = crlSubStore.getSubStoreNames();
 
@@ -923,23 +924,23 @@ public class CAAdminServlet extends AdminServlet {
             // rethrow the specific exception to be handled later
             throw eAudit2;
             // } catch( ServletException eAudit3 ) {
-            //     // store a message in the signed audit log file
-            //     auditMessage = CMS.getLogMessage(
-            //                        LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE,
-            //                        auditSubjectID,
-            //                        ILogger.FAILURE,
-            //                        auditParams( req ) );
+            // // store a message in the signed audit log file
+            // auditMessage = CMS.getLogMessage(
+            // LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE,
+            // auditSubjectID,
+            // ILogger.FAILURE,
+            // auditParams( req ) );
             //
-            //     audit( auditMessage );
+            // audit( auditMessage );
             //
-            //     // rethrow the specific exception to be handled later
-            //     throw eAudit3;
+            // // rethrow the specific exception to be handled later
+            // throw eAudit3;
         }
     }
 
     private void getCRLExtsConfig(HttpServletRequest req,
-        HttpServletResponse resp)
-        throws ServletException, IOException, EBaseException {
+            HttpServletResponse resp)
+            throws ServletException, IOException, EBaseException {
         NameValuePairs params = new NameValuePairs();
 
         String ipId = null;
@@ -974,11 +975,12 @@ public class CAAdminServlet extends AdminServlet {
     /**
      * Delete CRL extensions configuration
      * <P>
-     *
+     * 
      * <ul>
      * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE used when
      * configuring CRL profile (extensions, frequency, CRL format)
      * </ul>
+     * 
      * @param req HTTP servlet request
      * @param resp HTTP servlet response
      * @exception ServletException a servlet error has occurred
@@ -986,8 +988,8 @@ public class CAAdminServlet extends AdminServlet {
      * @exception EBaseException an error has occurred
      */
     private void setCRLExtsConfig(HttpServletRequest req,
-        HttpServletResponse resp)
-        throws ServletException, IOException, EBaseException {
+            HttpServletResponse resp)
+            throws ServletException, IOException, EBaseException {
         String auditMessage = null;
         String auditSubjectID = auditSubjectID();
 
@@ -1007,10 +1009,10 @@ public class CAAdminServlet extends AdminServlet {
 
             IConfigStore config = mCA.getConfigStore();
             IConfigStore crlsSubStore =
-                config.getSubStore(ICertificateAuthority.PROP_CRL_SUBSTORE);
+                    config.getSubStore(ICertificateAuthority.PROP_CRL_SUBSTORE);
             IConfigStore crlSubStore = crlsSubStore.getSubStore(ipId);
             IConfigStore crlExtsSubStore =
-                crlSubStore.getSubStore(ICertificateAuthority.PROP_CRLEXT_SUBSTORE);
+                    crlSubStore.getSubStore(ICertificateAuthority.PROP_CRLEXT_SUBSTORE);
 
             String id = req.getParameter(Constants.RS_ID);
 
@@ -1077,23 +1079,23 @@ public class CAAdminServlet extends AdminServlet {
             // rethrow the specific exception to be handled later
             throw eAudit2;
             // } catch( ServletException eAudit3 ) {
-            //     // store a message in the signed audit log file
-            //     auditMessage = CMS.getLogMessage(
-            //                        LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE,
-            //                        auditSubjectID,
-            //                        ILogger.FAILURE,
-            //                        auditParams( req ) );
+            // // store a message in the signed audit log file
+            // auditMessage = CMS.getLogMessage(
+            // LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE,
+            // auditSubjectID,
+            // ILogger.FAILURE,
+            // auditParams( req ) );
             //
-            //     audit( auditMessage );
+            // audit( auditMessage );
             //
-            //     // rethrow the specific exception to be handled later
-            //     throw eAudit3;
+            // // rethrow the specific exception to be handled later
+            // throw eAudit3;
         }
     }
 
     private void listCRLExtsConfig(HttpServletRequest req,
-        HttpServletResponse resp)
-        throws ServletException, IOException, EBaseException {
+            HttpServletResponse resp)
+            throws ServletException, IOException, EBaseException {
         NameValuePairs params = new NameValuePairs();
 
         String id = req.getParameter(Constants.PR_ID);
@@ -1130,12 +1132,12 @@ public class CAAdminServlet extends AdminServlet {
         sendResponse(SUCCESS, null, params, resp);
     }
 
-    /** 
-     * retrieve extended plugin info such as brief description,
-     * type info from CRL extensions
+    /**
+     * retrieve extended plugin info such as brief description, type info from
+     * CRL extensions
      */
     private void getExtendedPluginInfo(HttpServletRequest req,
-        HttpServletResponse resp) throws ServletException,
+            HttpServletResponse resp) throws ServletException,
             IOException, EBaseException {
         String id = req.getParameter(Constants.RS_ID);
         int colon = id.indexOf(':');
@@ -1143,8 +1145,8 @@ public class CAAdminServlet extends AdminServlet {
         String implType = id.substring(0, colon);
         String implName = id.substring(colon + 1);
 
-        NameValuePairs params = 
-            getExtendedPluginInfo(getLocale(req), implType, implName);
+        NameValuePairs params =
+                getExtendedPluginInfo(getLocale(req), implType, implName);
 
         sendResponse(SUCCESS, null, params, resp);
     }
@@ -1191,11 +1193,12 @@ public class CAAdminServlet extends AdminServlet {
     /**
      * Set CRL configuration
      * <P>
-     *
+     * 
      * <ul>
      * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE used when
      * configuring CRL profile (extensions, frequency, CRL format)
      * </ul>
+     * 
      * @param req HTTP servlet request
      * @param resp HTTP servlet response
      * @exception ServletException a servlet error has occurred
@@ -1203,7 +1206,7 @@ public class CAAdminServlet extends AdminServlet {
      * @exception EBaseException an error has occurred
      */
     private void setCRLConfig(HttpServletRequest req, HttpServletResponse resp)
-        throws ServletException, IOException, EBaseException {
+            throws ServletException, IOException, EBaseException {
         String auditMessage = null;
         String auditSubjectID = auditSubjectID();
 
@@ -1215,17 +1218,17 @@ public class CAAdminServlet extends AdminServlet {
             String id = req.getParameter(Constants.RS_ID);
 
             if (id == null || id.length() <= 0 ||
-                id.equals(Constants.RS_ID_CONFIG)) {
+                    id.equals(Constants.RS_ID_CONFIG)) {
                 id = ICertificateAuthority.PROP_MASTER_CRL;
             }
             ICRLIssuingPoint ip = mCA.getCRLIssuingPoint(id);
 
-            //Save New Settings to the config file
+            // Save New Settings to the config file
             IConfigStore config = mCA.getConfigStore();
             IConfigStore crlsSubStore = config.getSubStore(ICertificateAuthority.PROP_CRL_SUBSTORE);
             IConfigStore crlSubStore = crlsSubStore.getSubStore(id);
 
-            //set reset of the parameters
+            // set reset of the parameters
             Enumeration e = req.getParameterNames();
 
             while (e.hasMoreElements()) {
@@ -1286,22 +1289,22 @@ public class CAAdminServlet extends AdminServlet {
             // rethrow the specific exception to be handled later
             throw eAudit2;
             // } catch( ServletException eAudit3 ) {
-            //     // store a message in the signed audit log file
-            //     auditMessage = CMS.getLogMessage(
-            //                        LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE,
-            //                        auditSubjectID,
-            //                        ILogger.FAILURE,
-            //                        auditParams( req ) );
+            // // store a message in the signed audit log file
+            // auditMessage = CMS.getLogMessage(
+            // LOGGING_SIGNED_AUDIT_CONFIG_CRL_PROFILE,
+            // auditSubjectID,
+            // ILogger.FAILURE,
+            // auditParams( req ) );
             //
-            //     audit( auditMessage );
+            // audit( auditMessage );
             //
-            //     // rethrow the specific exception to be handled later
-            //     throw eAudit3;
+            // // rethrow the specific exception to be handled later
+            // throw eAudit3;
         }
     }
 
     private void getCRLConfig(HttpServletRequest req,
-        HttpServletResponse resp) throws ServletException,
+            HttpServletResponse resp) throws ServletException,
             IOException, EBaseException {
 
         NameValuePairs params = new NameValuePairs();
@@ -1309,11 +1312,11 @@ public class CAAdminServlet extends AdminServlet {
         String id = req.getParameter(Constants.RS_ID);
 
         if (id == null || id.length() <= 0 ||
-            id.equals(Constants.RS_ID_CONFIG)) {
+                id.equals(Constants.RS_ID_CONFIG)) {
             id = ICertificateAuthority.PROP_MASTER_CRL;
         }
         IConfigStore crlsSubStore =
-            mCA.getConfigStore().getSubStore(ICertificateAuthority.PROP_CRL_SUBSTORE);
+                mCA.getConfigStore().getSubStore(ICertificateAuthority.PROP_CRL_SUBSTORE);
         IConfigStore crlSubStore = crlsSubStore.getSubStore(id);
 
         Enumeration e = req.getParameterNames();
@@ -1335,9 +1338,9 @@ public class CAAdminServlet extends AdminServlet {
         getSigningAlgConfig(params);
         sendResponse(SUCCESS, null, params, resp);
     }
-     
+
     private void getConnectorConfig(HttpServletRequest req,
-        HttpServletResponse resp) throws ServletException,
+            HttpServletResponse resp) throws ServletException,
             IOException, EBaseException {
         IConfigStore caConfig = mCA.getConfigStore();
         IConfigStore connectorConfig = caConfig.getSubStore("connector");
@@ -1370,14 +1373,14 @@ public class CAAdminServlet extends AdminServlet {
     }
 
     private void setConnectorConfig(HttpServletRequest req,
-        HttpServletResponse resp) throws ServletException,
+            HttpServletResponse resp) throws ServletException,
             IOException, EBaseException {
 
         IConfigStore caConfig = mCA.getConfigStore();
         IConfigStore connectorConfig = caConfig.getSubStore("connector");
         IConfigStore caConnectorConfig = null;
 
-//        String nickname = CMS.getServerCertNickname();
+        // String nickname = CMS.getServerCertNickname();
 
         if (isKRAConnector(req)) {
             caConnectorConfig = connectorConfig.getSubStore("KRA");
@@ -1397,12 +1400,10 @@ public class CAAdminServlet extends AdminServlet {
                     continue;
                 if (name.equals(Constants.OP_SCOPE))
                     continue;
-/*
-                if (name.equals("nickName")) {
-                    caConnectorConfig.putString(name, nickname);
-                    continue;
-                }
-*/
+                /*
+                 * if (name.equals("nickName")) {
+                 * caConnectorConfig.putString(name, nickname); continue; }
+                 */
                 if (name.equals("host")) {
                     try {
                         Utils.checkHost(req.getParameter("host"));
@@ -1456,27 +1457,23 @@ public class CAAdminServlet extends AdminServlet {
     }
 
     private void getGeneralConfig(HttpServletRequest req,
-        HttpServletResponse resp) throws ServletException,
+            HttpServletResponse resp) throws ServletException,
             IOException, EBaseException {
 
         NameValuePairs params = new NameValuePairs();
         String value = "false";
 
         /*
-         ISubsystem eeGateway = 
-         SubsystemRegistry.getInstance().get("eeGateway");
-         if (eeGateway != null) {
-         IConfigStore eeConfig = eeGateway.getConfigStore();
-         if (eeConfig != null) 
-         value = eeConfig.getString("enabled", "true");
-         String ocspValue = "true";
-         ocspValue = eeConfig.getString("enableOCSP", "true");
-         params.add(Constants.PR_OCSP_ENABLED, ocspValue);
-         }
-         params.add(Constants.PR_EE_ENABLED, value);
+         * ISubsystem eeGateway =
+         * SubsystemRegistry.getInstance().get("eeGateway"); if (eeGateway !=
+         * null) { IConfigStore eeConfig = eeGateway.getConfigStore(); if
+         * (eeConfig != null) value = eeConfig.getString("enabled", "true");
+         * String ocspValue = "true"; ocspValue =
+         * eeConfig.getString("enableOCSP", "true");
+         * params.add(Constants.PR_OCSP_ENABLED, ocspValue); }
+         * params.add(Constants.PR_EE_ENABLED, value);
          */
 
-
         IConfigStore caConfig = mCA.getConfigStore();
 
         value = caConfig.getString(ICertificateAuthority.PROP_ENABLE_PAST_CATIME, "false");
@@ -1485,18 +1482,18 @@ public class CAAdminServlet extends AdminServlet {
         getSigningAlgConfig(params);
         getSerialConfig(params);
         getMaxSerialConfig(params);
-  
+
         sendResponse(SUCCESS, null, params, resp);
     }
 
     private void getSigningAlgConfig(NameValuePairs params) {
         params.add(Constants.PR_DEFAULT_ALGORITHM,
-            mCA.getDefaultAlgorithm());
+                mCA.getDefaultAlgorithm());
         String[] algorithms = mCA.getCASigningAlgorithms();
         StringBuffer algorStr = new StringBuffer();
 
         for (int i = 0; i < algorithms.length; i++) {
-            if (i == 0) 
+            if (i == 0)
                 algorStr.append(algorithms[i]);
             else {
                 algorStr.append(":");
@@ -1508,23 +1505,23 @@ public class CAAdminServlet extends AdminServlet {
 
     private void getSerialConfig(NameValuePairs params) {
         params.add(Constants.PR_SERIAL,
-            mCA.getStartSerial());
+                mCA.getStartSerial());
     }
 
     private void getMaxSerialConfig(NameValuePairs params) {
         params.add(Constants.PR_MAXSERIAL,
-            mCA.getMaxSerial());
+                mCA.getMaxSerial());
     }
 
     private void setGeneralConfig(HttpServletRequest req,
-        HttpServletResponse resp) throws ServletException,
+            HttpServletResponse resp) throws ServletException,
             IOException, EBaseException {
 
         ISubsystem eeGateway = null;
 
         /*
-         ISubsystem eeGateway = 
-         SubsystemRegistry.getInstance().get("eeGateway");
+         * ISubsystem eeGateway =
+         * SubsystemRegistry.getInstance().get("eeGateway");
          */
         IConfigStore eeConfig = null;
 
@@ -1533,7 +1530,7 @@ public class CAAdminServlet extends AdminServlet {
         Enumeration enum1 = req.getParameterNames();
         boolean restart = false;
 
-        //mCA.setMaxSerial("");
+        // mCA.setMaxSerial("");
         while (enum1.hasMoreElements()) {
             String key = (String) enum1.nextElement();
             String value = req.getParameter(key);
@@ -1541,15 +1538,11 @@ public class CAAdminServlet extends AdminServlet {
             if (key.equals(Constants.PR_EE_ENABLED)) {
 
                 /*
-                 if (eeConfig != null) {
-                 if (((EEGateway)eeGateway).isEnabled() &&
-                 value.equals("false") || 
-                 !((EEGateway)eeGateway).isEnabled() &&
-                 value.equals("true")) {
-                 restart=true;;
-                 }
-                 eeConfig.putString("enabled", value);
-                 }
+                 * if (eeConfig != null) { if
+                 * (((EEGateway)eeGateway).isEnabled() && value.equals("false")
+                 * || !((EEGateway)eeGateway).isEnabled() &&
+                 * value.equals("true")) { restart=true;; }
+                 * eeConfig.putString("enabled", value); }
                  */
             } else if (key.equals(Constants.PR_VALIDITY)) {
                 mCA.setValidity(value);
@@ -1573,6 +1566,6 @@ public class CAAdminServlet extends AdminServlet {
         if (mLogger == null)
             return;
         mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_OTHER,
-            level, "CAAdminServlet: " + msg);
+                level, "CAAdminServlet: " + msg);
     }
-}    
+}
diff --git a/pki/base/common/src/com/netscape/cms/servlet/admin/CMSAdminServlet.java b/pki/base/common/src/com/netscape/cms/servlet/admin/CMSAdminServlet.java
index 3251e46b..f55ba57b 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/admin/CMSAdminServlet.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/admin/CMSAdminServlet.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.servlet.admin;
 
-
 import java.io.BufferedReader;
 import java.io.File;
 import java.io.FileInputStream;
@@ -82,11 +81,10 @@ import com.netscape.cmsutil.util.Cert;
 import com.netscape.symkey.SessionKey;
 
 /**
- * A class representings an administration servlet. This
- * servlet is responsible to serve Certificate Server
- * level administrative operations such as configuration
- * parameter updates.
- *
+ * A class representings an administration servlet. This servlet is responsible
+ * to serve Certificate Server level administrative operations such as
+ * configuration parameter updates.
+ * 
  * @version $Revision$, $Date$
  */
 public final class CMSAdminServlet extends AdminServlet {
@@ -108,13 +106,13 @@ public final class CMSAdminServlet extends AdminServlet {
     private ILogger mSignedAuditLogger = CMS.getSignedAuditLogger();
     private final static byte EOL[] = { Character.LINE_SEPARATOR };
     private final static String LOGGING_SIGNED_AUDIT_CONFIG_ENCRYPTION =
-        "LOGGING_SIGNED_AUDIT_CONFIG_ENCRYPTION_3";
+            "LOGGING_SIGNED_AUDIT_CONFIG_ENCRYPTION_3";
     private final static String LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY =
-        "LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY_3";
+            "LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY_3";
     private final static String LOGGING_SIGNED_AUDIT_KEY_GEN_ASYMMETRIC =
-        "LOGGING_SIGNED_AUDIT_KEY_GEN_ASYMMETRIC_3";
+            "LOGGING_SIGNED_AUDIT_KEY_GEN_ASYMMETRIC_3";
     private final static String LOGGING_SIGNED_AUDIT_SELFTESTS_EXECUTION =
-        "LOGGING_SIGNED_AUDIT_SELFTESTS_EXECUTION_2";
+            "LOGGING_SIGNED_AUDIT_SELFTESTS_EXECUTION_2";
     private final static String LOGGING_SIGNED_AUDIT_CIMC_CERT_VERIFICATION =
             "LOGGING_SIGNED_AUDIT_CIMC_CERT_VERIFICATION_3";
 
@@ -145,13 +143,13 @@ public final class CMSAdminServlet extends AdminServlet {
      * Serves HTTP request.
      */
     public void service(HttpServletRequest req, HttpServletResponse resp)
-        throws ServletException, IOException {
+            throws ServletException, IOException {
         super.service(req, resp);
         try {
             super.authenticate(req);
         } catch (IOException e) {
             sendResponse(ERROR, CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHS_FAILED"),
-                null, resp);
+                    null, resp);
             return;
         }
 
@@ -164,8 +162,8 @@ public final class CMSAdminServlet extends AdminServlet {
                 mOp = "read";
                 if ((mToken = super.authorize(req)) == null) {
                     sendResponse(ERROR,
-                        CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
-                        null, resp);
+                            CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
+                            null, resp);
                     return;
                 }
                 getEnv(req, resp);
@@ -175,8 +173,8 @@ public final class CMSAdminServlet extends AdminServlet {
                 mOp = "read";
                 if ((mToken = super.authorize(req)) == null) {
                     sendResponse(ERROR,
-                        CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
-                        null, resp);
+                            CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
+                            null, resp);
                     return;
                 }
                 if (scope.equals(ScopeDef.SC_LDAP))
@@ -199,13 +197,13 @@ public final class CMSAdminServlet extends AdminServlet {
                 mOp = "modify";
                 if ((mToken = super.authorize(req)) == null) {
                     sendResponse(ERROR,
-                        CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
-                        null, resp);
+                            CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
+                            null, resp);
                     return;
                 }
                 if (scope.equals(ScopeDef.SC_LDAP))
                     setDBConfig(req, resp);
-                else if (scope.equals(ScopeDef.SC_SMTP)) 
+                else if (scope.equals(ScopeDef.SC_SMTP))
                     modifySMTPConfig(req, resp);
                 else if (scope.equals(ScopeDef.SC_TASKS))
                     performTasks(req, resp);
@@ -213,9 +211,9 @@ public final class CMSAdminServlet extends AdminServlet {
                     modifyEncryption(req, resp);
                 else if (scope.equals(ScopeDef.SC_ISSUE_IMPORT_CERT))
                     issueImportCert(req, resp);
-                else if (scope.equals(ScopeDef.SC_INSTALL_CERT)) 
+                else if (scope.equals(ScopeDef.SC_INSTALL_CERT))
                     installCert(req, resp);
-                else if (scope.equals(ScopeDef.SC_IMPORT_CROSS_CERT)) 
+                else if (scope.equals(ScopeDef.SC_IMPORT_CROSS_CERT))
                     importXCert(req, resp);
                 else if (scope.equals(ScopeDef.SC_DELETE_CERTS))
                     deleteCerts(req, resp);
@@ -229,8 +227,8 @@ public final class CMSAdminServlet extends AdminServlet {
                 mOp = "read";
                 if ((mToken = super.authorize(req)) == null) {
                     sendResponse(ERROR,
-                        CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
-                        null, resp);
+                            CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
+                            null, resp);
                     return;
                 }
                 if (scope.equals(ScopeDef.SC_SUBSYSTEM))
@@ -239,11 +237,11 @@ public final class CMSAdminServlet extends AdminServlet {
                     getCACerts(req, resp);
                 else if (scope.equals(ScopeDef.SC_ALL_CERTLIST))
                     getAllCertsManage(req, resp);
-                else if (scope.equals(ScopeDef.SC_USERCERTSLIST)) 
+                else if (scope.equals(ScopeDef.SC_USERCERTSLIST))
                     getUserCerts(req, resp);
-                else if (scope.equals(ScopeDef.SC_TKSKEYSLIST)) 
+                else if (scope.equals(ScopeDef.SC_TKSKEYSLIST))
                     getTKSKeys(req, resp);
-                else if (scope.equals(ScopeDef.SC_TOKEN)) 
+                else if (scope.equals(ScopeDef.SC_TOKEN))
                     getAllTokenNames(req, resp);
                 else if (scope.equals(ScopeDef.SC_ROOTCERTSLIST))
                     getRootCerts(req, resp);
@@ -251,21 +249,21 @@ public final class CMSAdminServlet extends AdminServlet {
                 mOp = "delete";
                 if ((mToken = super.authorize(req)) == null) {
                     sendResponse(ERROR,
-                        CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
-                        null, resp);
+                            CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
+                            null, resp);
                     return;
                 }
                 if (scope.equals(ScopeDef.SC_ROOTCERTSLIST)) {
                     deleteRootCert(req, resp);
                 } else if (scope.equals(ScopeDef.SC_USERCERTSLIST)) {
-                    deleteUserCert(req,resp);
+                    deleteUserCert(req, resp);
                 }
             } else if (op.equals(OpDef.OP_PROCESS)) {
                 mOp = "modify";
                 if ((mToken = super.authorize(req)) == null) {
                     sendResponse(ERROR,
-                        CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
-                        null, resp);
+                            CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
+                            null, resp);
                     return;
                 }
                 if (scope.equals(ScopeDef.SC_CERT_REQUEST))
@@ -282,14 +280,14 @@ public final class CMSAdminServlet extends AdminServlet {
                     checkTokenStatus(req, resp);
                 else if (scope.equals(ScopeDef.SC_SELFTESTS))
                     runSelfTestsOnDemand(req, resp);
-				else if (scope.equals(ScopeDef.SC_TKSKEYSLIST))
+                else if (scope.equals(ScopeDef.SC_TKSKEYSLIST))
                     createMasterKey(req, resp);
             } else if (op.equals(OpDef.OP_VALIDATE)) {
                 mOp = "modify";
                 if ((mToken = super.authorize(req)) == null) {
                     sendResponse(ERROR,
-                        CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
-                        null, resp);
+                            CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
+                            null, resp);
                     return;
                 }
                 if (scope.equals(ScopeDef.SC_SUBJECT_NAME))
@@ -303,7 +301,7 @@ public final class CMSAdminServlet extends AdminServlet {
             }
         } catch (EBaseException e) {
             sendResponse(ERROR, e.toString(getLocale(req)),
-                null, resp);
+                    null, resp);
             return;
         } catch (Exception e) {
             StringWriter sw = new StringWriter();
@@ -316,7 +314,7 @@ public final class CMSAdminServlet extends AdminServlet {
     }
 
     private void getEnv(HttpServletRequest req,
-        HttpServletResponse resp) throws ServletException,
+            HttpServletResponse resp) throws ServletException,
             IOException, EBaseException {
         NameValuePairs params = new NameValuePairs();
 
@@ -324,16 +322,16 @@ public final class CMSAdminServlet extends AdminServlet {
             params.add(Constants.PR_NT, Constants.TRUE);
         else
             params.add(Constants.PR_NT, Constants.FALSE);
-        
+
         sendResponse(SUCCESS, null, params, resp);
     }
 
     private void getAllTokenNames(HttpServletRequest req,
-        HttpServletResponse resp) throws ServletException,
+            HttpServletResponse resp) throws ServletException,
             IOException, EBaseException {
 
         ICryptoSubsystem jssSubSystem = (ICryptoSubsystem)
-            CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO);
+                CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO);
         NameValuePairs params = new NameValuePairs();
 
         params.add(Constants.PR_TOKEN_LIST, jssSubSystem.getTokenList());
@@ -342,15 +340,15 @@ public final class CMSAdminServlet extends AdminServlet {
     }
 
     private void getAllNicknames(HttpServletRequest req,
-        HttpServletResponse resp) throws ServletException,
+            HttpServletResponse resp) throws ServletException,
             IOException, EBaseException {
 
         NameValuePairs params = new NameValuePairs();
         ICryptoSubsystem jssSubSystem = (ICryptoSubsystem)
-            CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO);
+                CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO);
 
         params.add(Constants.PR_ALL_NICKNAMES, jssSubSystem.getAllCerts());
- 
+
         sendResponse(SUCCESS, null, params, resp);
     }
 
@@ -361,18 +359,18 @@ public final class CMSAdminServlet extends AdminServlet {
             String type = "";
             ISubsystem sys = (ISubsystem) e.nextElement();
 
-            //get subsystem type
+            // get subsystem type
             if ((sys instanceof IKeyRecoveryAuthority) &&
-                subsystem.equals("kra"))
+                    subsystem.equals("kra"))
                 return true;
             else if ((sys instanceof IRegistrationAuthority) &&
-                subsystem.equals("ra"))
+                    subsystem.equals("ra"))
                 return true;
             else if ((sys instanceof ICertificateAuthority) &&
-                subsystem.equals("ca"))
+                    subsystem.equals("ca"))
                 return true;
             else if ((sys instanceof IOCSPAuthority) &&
-                subsystem.equals("ocsp"))
+                    subsystem.equals("ocsp"))
                 return true;
         }
 
@@ -380,7 +378,7 @@ public final class CMSAdminServlet extends AdminServlet {
     }
 
     private void readEncryption(HttpServletRequest req,
-        HttpServletResponse resp) throws ServletException,
+            HttpServletResponse resp) throws ServletException,
             IOException, EBaseException {
 
         Enumeration<ISubsystem> e = CMS.getSubsystems();
@@ -394,7 +392,7 @@ public final class CMSAdminServlet extends AdminServlet {
             String type = "";
             ISubsystem sys = (ISubsystem) e.nextElement();
 
-            //get subsystem type
+            // get subsystem type
             if (sys instanceof IKeyRecoveryAuthority)
                 isKRAInstalled = true;
             else if (sys instanceof IRegistrationAuthority)
@@ -405,17 +403,17 @@ public final class CMSAdminServlet extends AdminServlet {
                 isOCSPInstalled = true;
             else if (sys instanceof ITKSAuthority)
                 isTKSInstalled = true;
-				
-	        }
+
+        }
 
         ICryptoSubsystem jssSubSystem = (ICryptoSubsystem)
-            CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO);
+                CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO);
         String caTokenName = "";
 
         NameValuePairs params = new NameValuePairs();
 
         params.add(Constants.PR_CIPHER_VERSION,
-            jssSubSystem.getCipherVersion());
+                jssSubSystem.getCipherVersion());
         params.add(Constants.PR_CIPHER_FORTEZZA, jssSubSystem.isCipherFortezza());
         params.add(Constants.PR_CIPHER_PREF, jssSubSystem.getCipherPreferences());
 
@@ -427,7 +425,7 @@ public final class CMSAdminServlet extends AdminServlet {
         while (tokenizer.hasMoreElements()) {
             String tokenName = (String) tokenizer.nextElement();
             String certs = jssSubSystem.getCertListWithoutTokenName(tokenName);
-  
+
             if (certs.equals(""))
                 continue;
             if (tokenNewList.equals(""))
@@ -451,13 +449,13 @@ public final class CMSAdminServlet extends AdminServlet {
 
             String caNickName = signingUnit.getNickname();
 
-            //params.add(Constants.PR_CERT_CA, caTokenName+","+caNickName);
+            // params.add(Constants.PR_CERT_CA, caTokenName+","+caNickName);
             params.add(Constants.PR_CERT_CA, getCertNickname(caNickName));
         }
 
         if (isRAInstalled) {
             IRegistrationAuthority ra = (IRegistrationAuthority)
-                CMS.getSubsystem(CMS.SUBSYSTEM_RA);
+                    CMS.getSubsystem(CMS.SUBSYSTEM_RA);
             String raNickname = ra.getNickname();
 
             params.add(Constants.PR_CERT_RA, getCertNickname(raNickname));
@@ -465,17 +463,17 @@ public final class CMSAdminServlet extends AdminServlet {
 
         if (isKRAInstalled) {
             IKeyRecoveryAuthority kra = (IKeyRecoveryAuthority)
-                CMS.getSubsystem(CMS.SUBSYSTEM_KRA);
+                    CMS.getSubsystem(CMS.SUBSYSTEM_KRA);
             String kraNickname = kra.getNickname();
 
             params.add(Constants.PR_CERT_TRANS, getCertNickname(kraNickname));
         }
         if (isTKSInstalled) {
             ITKSAuthority tks = (ITKSAuthority)
-				CMS.getSubsystem(CMS.SUBSYSTEM_TKS);
+                    CMS.getSubsystem(CMS.SUBSYSTEM_TKS);
         }
         String nickName = CMS.getServerCertNickname();
-		
+
         params.add(Constants.PR_CERT_SERVER, getCertNickname(nickName));
 
         sendResponse(SUCCESS, null, params, resp);
@@ -517,17 +515,18 @@ public final class CMSAdminServlet extends AdminServlet {
     /**
      * Modify encryption configuration
      * <P>
-     *
+     * 
      * <ul>
      * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_ENCRYPTION used when
      * configuring encryption (cert settings and SSL cipher preferences)
      * </ul>
+     * 
      * @exception ServletException a servlet error has occurred
      * @exception IOException an input/output error has occurred
      * @exception EBaseException failed to modify encryption configuration
      */
     private void modifyEncryption(HttpServletRequest req,
-        HttpServletResponse resp) throws ServletException,
+            HttpServletResponse resp) throws ServletException,
             IOException, EBaseException {
 
         String auditMessage = null;
@@ -537,10 +536,10 @@ public final class CMSAdminServlet extends AdminServlet {
         // to the signed audit log and stored as failures
         try {
             @SuppressWarnings("unchecked")
-			Enumeration<String> enum1 = req.getParameterNames();
+            Enumeration<String> enum1 = req.getParameterNames();
             NameValuePairs params = new NameValuePairs();
             ICryptoSubsystem jssSubSystem = (ICryptoSubsystem)
-                CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO);
+                    CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO);
 
             jssSubSystem.getInternalTokenName();
             Enumeration<ISubsystem> e = CMS.getSubsystems();
@@ -554,7 +553,7 @@ public final class CMSAdminServlet extends AdminServlet {
                 String type = "";
                 ISubsystem sys = (ISubsystem) e.nextElement();
 
-                //get subsystem type
+                // get subsystem type
                 if (sys instanceof IKeyRecoveryAuthority)
                     isKRAInstalled = true;
                 else if (sys instanceof IRegistrationAuthority)
@@ -563,14 +562,14 @@ public final class CMSAdminServlet extends AdminServlet {
                     isCAInstalled = true;
                 else if (sys instanceof IOCSPAuthority)
                     isOCSPInstalled = true;
-               else if (sys instanceof ITKSAuthority)
+                else if (sys instanceof ITKSAuthority)
                     isTKSInstalled = true;
             }
 
-            ICertificateAuthority  ca = null;
+            ICertificateAuthority ca = null;
             IRegistrationAuthority ra = null;
             IKeyRecoveryAuthority kra = null;
-            ITKSAuthority		  tks = null;
+            ITKSAuthority tks = null;
 
             if (isCAInstalled)
                 ca = (ICertificateAuthority) CMS.getSubsystem(CMS.SUBSYSTEM_CA);
@@ -693,19 +692,19 @@ public final class CMSAdminServlet extends AdminServlet {
 
             // rethrow the specific exception to be handled later
             throw eAudit2;
-    // } catch( ServletException eAudit3 ) {
-    //     // store a message in the signed audit log file
-    //     auditMessage = CMS.getLogMessage(
-    //                        LOGGING_SIGNED_AUDIT_CONFIG_ENCRYPTION,
-    //                        auditSubjectID,
-    //                        ILogger.FAILURE,
-    //                        auditParams( req ) );
-    //
-    //     audit( auditMessage );
-    //
-    //     // rethrow the specific exception to be handled later
-    //     throw eAudit3;
-       }
+            // } catch( ServletException eAudit3 ) {
+            // // store a message in the signed audit log file
+            // auditMessage = CMS.getLogMessage(
+            // LOGGING_SIGNED_AUDIT_CONFIG_ENCRYPTION,
+            // auditSubjectID,
+            // ILogger.FAILURE,
+            // auditParams( req ) );
+            //
+            // audit( auditMessage );
+            //
+            // // rethrow the specific exception to be handled later
+            // throw eAudit3;
+        }
     }
 
     private String getCertConfigNickname(String val) throws EBaseException {
@@ -727,9 +726,9 @@ public final class CMSAdminServlet extends AdminServlet {
         CMS.setServerCertNickname(nickName);
 
         /*
-         RemoteAdmin raAdmin = (RemoteAdmin)RemoteAdmin.getInstance();
-         HTTPService httpsService = raAdmin.getHttpsService();
-         httpsService.setNickName(nickName);
+         * RemoteAdmin raAdmin = (RemoteAdmin)RemoteAdmin.getInstance();
+         * HTTPService httpsService = raAdmin.getHttpsService();
+         * httpsService.setNickName(nickName);
          */
     }
 
@@ -737,9 +736,9 @@ public final class CMSAdminServlet extends AdminServlet {
         CMS.setServerCertNickname(nickName);
 
         /*
-         AgentGateway gateway = (AgentGateway)mReg.get(AgentGateway.ID);
-         HTTPService httpsService = gateway.getHttpsService();
-         httpsService.setNickName(nickName);
+         * AgentGateway gateway = (AgentGateway)mReg.get(AgentGateway.ID);
+         * HTTPService httpsService = gateway.getHttpsService();
+         * httpsService.setNickName(nickName);
          */
     }
 
@@ -747,9 +746,9 @@ public final class CMSAdminServlet extends AdminServlet {
         CMS.setServerCertNickname(nickName);
 
         /*
-         HTTPSubsystem eeGateway = ra.getHTTPSubsystem();
-         HTTPService httpsService = eeGateway.getHttpsService();
-         httpsService.setNickName(nickName);
+         * HTTPSubsystem eeGateway = ra.getHTTPSubsystem(); HTTPService
+         * httpsService = eeGateway.getHttpsService();
+         * httpsService.setNickName(nickName);
          */
     }
 
@@ -757,9 +756,9 @@ public final class CMSAdminServlet extends AdminServlet {
         CMS.setServerCertNickname(nickName);
 
         /*
-         HTTPSubsystem caGateway = ca.getHTTPSubsystem();
-         HTTPService httpsService = caGateway.getHttpsService();
-         httpsService.setNickName(nickName);
+         * HTTPSubsystem caGateway = ca.getHTTPSubsystem(); HTTPService
+         * httpsService = caGateway.getHttpsService();
+         * httpsService.setNickName(nickName);
          */
     }
 
@@ -767,21 +766,21 @@ public final class CMSAdminServlet extends AdminServlet {
      * Performs Server Tasks: RESTART/STOP operation
      */
     private void performTasks(HttpServletRequest req,
-        HttpServletResponse resp) throws ServletException,
+            HttpServletResponse resp) throws ServletException,
             IOException, EBaseException {
         String restart = req.getParameter(Constants.PR_SERVER_RESTART);
         String stop = req.getParameter(Constants.PR_SERVER_STOP);
         NameValuePairs params = new NameValuePairs();
 
         if (restart != null) {
-            //XXX Uncommented afetr watchdog is implemented
+            // XXX Uncommented afetr watchdog is implemented
             sendResponse(SUCCESS, null, params, resp);
-            //mServer.restart();
+            // mServer.restart();
             return;
         }
 
         if (stop != null) {
-            //XXX Send response first then shutdown
+            // XXX Send response first then shutdown
             sendResponse(SUCCESS, null, params, resp);
             CMS.shutdown();
             return;
@@ -795,7 +794,7 @@ public final class CMSAdminServlet extends AdminServlet {
      * Reads subsystems that server has loaded with.
      */
     private void readSubsystem(HttpServletRequest req,
-        HttpServletResponse resp) throws ServletException,
+            HttpServletResponse resp) throws ServletException,
             IOException, EBaseException {
         NameValuePairs params = new NameValuePairs();
         Enumeration<ISubsystem> e = CMS.getSubsystems();
@@ -805,7 +804,7 @@ public final class CMSAdminServlet extends AdminServlet {
             String type = "";
             ISubsystem sys = (ISubsystem) e.nextElement();
 
-            //get subsystem type
+            // get subsystem type
             if (sys instanceof IKeyRecoveryAuthority)
                 type = Constants.PR_KRA_INSTANCE;
             if (sys instanceof IRegistrationAuthority)
@@ -814,7 +813,7 @@ public final class CMSAdminServlet extends AdminServlet {
                 type = Constants.PR_CA_INSTANCE;
             if (sys instanceof IOCSPAuthority)
                 type = Constants.PR_OCSP_INSTANCE;
-			if (sys instanceof ITKSAuthority)
+            if (sys instanceof ITKSAuthority)
                 type = Constants.PR_TKS_INSTANCE;
             if (!type.trim().equals(""))
                 params.add(sys.getId(), type);
@@ -827,7 +826,7 @@ public final class CMSAdminServlet extends AdminServlet {
      * Reads server statistics.
      */
     private void readStat(HttpServletRequest req,
-        HttpServletResponse resp) throws ServletException,
+            HttpServletResponse resp) throws ServletException,
             IOException, EBaseException {
         NameValuePairs params = new NameValuePairs();
         IConfigStore cs = CMS.getConfigStore();
@@ -850,9 +849,9 @@ public final class CMSAdminServlet extends AdminServlet {
         }
 
         params.add(Constants.PR_STAT_STARTUP,
-            (new Date(CMS.getStartupTime())).toString());
+                (new Date(CMS.getStartupTime())).toString());
         params.add(Constants.PR_STAT_TIME,
-            (new Date(System.currentTimeMillis())).toString());
+                (new Date(System.currentTimeMillis())).toString());
         sendResponse(SUCCESS, null, params, resp);
     }
 
@@ -860,12 +859,12 @@ public final class CMSAdminServlet extends AdminServlet {
      * Modifies database information.
      */
     private void setDBConfig(HttpServletRequest req,
-        HttpServletResponse resp) throws ServletException,
+            HttpServletResponse resp) throws ServletException,
             IOException, EBaseException {
 
         IConfigStore dbConfig = mConfig.getSubStore(PROP_INTERNAL_DB);
         @SuppressWarnings("unchecked")
-		Enumeration<String> enum1 = req.getParameterNames();
+        Enumeration<String> enum1 = req.getParameterNames();
 
         while (enum1.hasMoreElements()) {
             String key = (String) enum1.nextElement();
@@ -876,117 +875,112 @@ public final class CMSAdminServlet extends AdminServlet {
                 continue;
             if (key.equals(Constants.OP_SCOPE))
                 continue;
-            
-            dbConfig.putString(key, req.getParameter(key)); 
+
+            dbConfig.putString(key, req.getParameter(key));
         }
 
         sendResponse(RESTART, null, null, resp);
         mConfig.commit(true);
     }
-	 /**
+
+    /**
      * Create Master Key
      */
-private void 	createMasterKey(HttpServletRequest req,
-        HttpServletResponse resp) throws ServletException,
+    private void createMasterKey(HttpServletRequest req,
+            HttpServletResponse resp) throws ServletException,
             IOException, EBaseException {
 
         NameValuePairs params = new NameValuePairs();
         @SuppressWarnings("unchecked")
-		Enumeration<String> e = req.getParameterNames();
-		String newKeyName = null, selectedToken = null;
+        Enumeration<String> e = req.getParameterNames();
+        String newKeyName = null, selectedToken = null;
         while (e.hasMoreElements()) {
             String name = (String) e.nextElement();
 
-            if (name.equals(Constants.PR_KEY_LIST))
-            {
-				newKeyName = req.getParameter(name);
-			}
-            if (name.equals(Constants.PR_TOKEN_LIST))
-            {
-				selectedToken = req.getParameter(name);
-			}
-
+            if (name.equals(Constants.PR_KEY_LIST)) {
+                newKeyName = req.getParameter(name);
+            }
+            if (name.equals(Constants.PR_TOKEN_LIST)) {
+                selectedToken = req.getParameter(name);
+            }
 
         }
-		if(selectedToken!=null && newKeyName!=null)
-		{
-		String symKeys = SessionKey.GenMasterKey(selectedToken,newKeyName);
-		CMS.getConfigStore().putString("tks.defaultSlot", selectedToken);
-		String masterKeyPrefix = CMS.getConfigStore().getString("tks.master_key_prefix", null);
-
-		SessionKey.SetDefaultPrefix(masterKeyPrefix);
-		params.add(Constants.PR_KEY_LIST, newKeyName);
- 		params.add(Constants.PR_TOKEN_LIST, selectedToken);
-		}
-		sendResponse(SUCCESS, null, params, resp);
-}
+        if (selectedToken != null && newKeyName != null) {
+            String symKeys = SessionKey.GenMasterKey(selectedToken, newKeyName);
+            CMS.getConfigStore().putString("tks.defaultSlot", selectedToken);
+            String masterKeyPrefix = CMS.getConfigStore().getString("tks.master_key_prefix", null);
+
+            SessionKey.SetDefaultPrefix(masterKeyPrefix);
+            params.add(Constants.PR_KEY_LIST, newKeyName);
+            params.add(Constants.PR_TOKEN_LIST, selectedToken);
+        }
+        sendResponse(SUCCESS, null, params, resp);
+    }
 
-   /**
+    /**
      * Reads secmod.db
      */
     private void getTKSKeys(HttpServletRequest req,
-        HttpServletResponse resp) throws ServletException,
+            HttpServletResponse resp) throws ServletException,
             IOException, EBaseException {
 
         NameValuePairs params = new NameValuePairs();
         @SuppressWarnings("unchecked")
-		Enumeration<String> e = req.getParameterNames();
+        Enumeration<String> e = req.getParameterNames();
 
         while (e.hasMoreElements()) {
             String name = (String) e.nextElement();
 
-            if (name.equals(Constants.PR_TOKEN_LIST))
-            {
-				String selectedToken = req.getParameter(name);
-
-				int         count      = 0;
-				int         keys_found = 0;
-
-				ICryptoSubsystem jssSubSystem = (ICryptoSubsystem)CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO);
-				
-				CryptoToken token = null;
-				CryptoManager mCryptoManager = null;
-				try {
-					mCryptoManager = CryptoManager.getInstance();
-				} catch (Exception e2) {
-				}
-
-				if(!jssSubSystem.isTokenLoggedIn(selectedToken))
-				{
-					PasswordCallback cpcb = new ConsolePasswordCallback();
-					while (true) {
+            if (name.equals(Constants.PR_TOKEN_LIST)) {
+                String selectedToken = req.getParameter(name);
+
+                int count = 0;
+                int keys_found = 0;
+
+                ICryptoSubsystem jssSubSystem = (ICryptoSubsystem) CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO);
+
+                CryptoToken token = null;
+                CryptoManager mCryptoManager = null;
+                try {
+                    mCryptoManager = CryptoManager.getInstance();
+                } catch (Exception e2) {
+                }
+
+                if (!jssSubSystem.isTokenLoggedIn(selectedToken)) {
+                    PasswordCallback cpcb = new ConsolePasswordCallback();
+                    while (true) {
                         try {
- 							token = mCryptoManager.getTokenByName(selectedToken);
-				            token.login(cpcb);
+                            token = mCryptoManager.getTokenByName(selectedToken);
+                            token.login(cpcb);
                             break;
                         } catch (Exception e3) {
-                            //log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_INCORRECT_PWD"));
+                            // log(ILogger.LL_FAILURE,
+                            // CMS.getLogMessage("CMSCORE_SECURITY_INCORRECT_PWD"));
                             continue;
                         }
-						}
-				}
-				// String symKeys = new String("key1,key2"); 
-				String symKeys = SessionKey.ListSymmetricKeys(selectedToken);
-				params.add(Constants.PR_TOKEN_LIST, symKeys);
+                    }
+                }
+                // String symKeys = new String("key1,key2");
+                String symKeys = SessionKey.ListSymmetricKeys(selectedToken);
+                params.add(Constants.PR_TOKEN_LIST, symKeys);
 
-			}
+            }
         }
         sendResponse(SUCCESS, null, params, resp);
     }
-	
-		
+
     /**
      * Reads database information.
      */
     private void getDBConfig(HttpServletRequest req,
-        HttpServletResponse resp) throws ServletException,
+            HttpServletResponse resp) throws ServletException,
             IOException, EBaseException {
         IConfigStore dbConfig = mConfig.getSubStore(PROP_DB);
         IConfigStore ldapConfig = dbConfig.getSubStore("ldap");
         NameValuePairs params = new NameValuePairs();
         @SuppressWarnings("unchecked")
-		Enumeration<String> e = req.getParameterNames();
-       
+        Enumeration<String> e = req.getParameterNames();
+
         while (e.hasMoreElements()) {
             String name = (String) e.nextElement();
 
@@ -998,7 +992,7 @@ private void 	createMasterKey(HttpServletRequest req,
                 continue;
             if (name.equals(Constants.PR_SECURE_PORT_ENABLED))
                 params.add(name, ldapConfig.getString(name, "Constants.FALSE"));
-            else 
+            else
                 params.add(name, ldapConfig.getString(name, ""));
         }
         sendResponse(SUCCESS, null, params, resp);
@@ -1008,7 +1002,7 @@ private void 	createMasterKey(HttpServletRequest req,
      * Modifies SMTP configuration.
      */
     private void modifySMTPConfig(HttpServletRequest req,
-        HttpServletResponse resp) throws ServletException,
+            HttpServletResponse resp) throws ServletException,
             IOException, EBaseException {
         // XXX
         IConfigStore sConfig = mConfig.getSubStore(PROP_SMTP);
@@ -1022,7 +1016,7 @@ private void 	createMasterKey(HttpServletRequest req,
 
         if (port != null)
             sConfig.putString("port", port);
-			
+
         commit(true);
 
         sendResponse(SUCCESS, null, null, resp);
@@ -1032,23 +1026,23 @@ private void 	createMasterKey(HttpServletRequest req,
      * Reads SMTP configuration.
      */
     private void readSMTPConfig(HttpServletRequest req,
-        HttpServletResponse resp) throws ServletException,
+            HttpServletResponse resp) throws ServletException,
             IOException, EBaseException {
         IConfigStore dbConfig = mConfig.getSubStore(PROP_SMTP);
         NameValuePairs params = new NameValuePairs();
 
         params.add(Constants.PR_SERVER_NAME,
-            dbConfig.getString("host"));
+                dbConfig.getString("host"));
         params.add(Constants.PR_PORT,
-            dbConfig.getString("port"));
+                dbConfig.getString("port"));
         sendResponse(SUCCESS, null, params, resp);
     }
 
     private void loggedInToken(HttpServletRequest req,
-        HttpServletResponse resp) throws ServletException,
+            HttpServletResponse resp) throws ServletException,
             IOException, EBaseException {
         @SuppressWarnings("unchecked")
-		Enumeration<String> enum1 = req.getParameterNames();
+        Enumeration<String> enum1 = req.getParameterNames();
         String tokenName = "";
         String pwd = "";
 
@@ -1064,7 +1058,7 @@ private void 	createMasterKey(HttpServletRequest req,
         }
 
         ICryptoSubsystem jssSubSystem = (ICryptoSubsystem)
-            CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO);
+                CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO);
 
         jssSubSystem.loggedInToken(tokenName, pwd);
 
@@ -1074,10 +1068,10 @@ private void 	createMasterKey(HttpServletRequest req,
     }
 
     private void checkTokenStatus(HttpServletRequest req,
-        HttpServletResponse resp) throws ServletException,
+            HttpServletResponse resp) throws ServletException,
             IOException, EBaseException {
         @SuppressWarnings("unchecked")
-		Enumeration<String> enum1 = req.getParameterNames();
+        Enumeration<String> enum1 = req.getParameterNames();
         String key = "";
         String value = "";
 
@@ -1090,7 +1084,7 @@ private void 	createMasterKey(HttpServletRequest req,
         }
 
         ICryptoSubsystem jssSubSystem = (ICryptoSubsystem)
-            CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO);
+                CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO);
         boolean status = jssSubSystem.isTokenLoggedIn(value);
 
         NameValuePairs params = new NameValuePairs();
@@ -1103,17 +1097,18 @@ private void 	createMasterKey(HttpServletRequest req,
     /**
      * Retrieve a certificate request
      * <P>
-     *
+     * 
      * <ul>
      * <li>signed.audit LOGGING_SIGNED_AUDIT_KEY_GEN_ASYMMETRIC used when
      * asymmetric keys are generated
      * </ul>
+     * 
      * @exception ServletException a servlet error has occurred
      * @exception IOException an input/output error has occurred
      * @exception EBaseException failed to retrieve certificate request
      */
     private void getCertRequest(HttpServletRequest req,
-        HttpServletResponse resp) throws ServletException,
+            HttpServletResponse resp) throws ServletException,
             IOException, EBaseException {
         String auditMessage = null;
         String auditSubjectID = auditSubjectID();
@@ -1124,7 +1119,7 @@ private void 	createMasterKey(HttpServletRequest req,
         try {
             NameValuePairs params = new NameValuePairs();
             @SuppressWarnings("unchecked")
-			Enumeration<String> enum1 = req.getParameterNames();
+            Enumeration<String> enum1 = req.getParameterNames();
             String tokenName = Constants.PR_INTERNAL_TOKEN_NAME;
             String keyType = "";
             int keyLength = 512;
@@ -1164,10 +1159,10 @@ private void 	createMasterKey(HttpServletRequest req,
             }
 
             pathname = mConfig.getString("instanceRoot", "")
-              + File.separator + "conf" + File.separator;
+                    + File.separator + "conf" + File.separator;
             dir = pathname;
             ICryptoSubsystem jssSubSystem = (ICryptoSubsystem)
-                CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO);
+                    CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO);
 
             KeyPair keypair = null;
             PQGParams pqgParams = null;
@@ -1208,9 +1203,9 @@ private void 	createMasterKey(HttpServletRequest req,
                 if (keyType.equals("ECC")) {
                     // get ECC keypair
                     keypair = jssSubSystem.getECCKeyPair(tokenName, keyCurveName, certType);
-                } else { //DSA or RSA
+                } else { // DSA or RSA
                     if (keyType.equals("DSA"))
-                        pqgParams = jssSubSystem.getPQG(keyLength); 
+                        pqgParams = jssSubSystem.getPQG(keyLength);
                     keypair = jssSubSystem.getKeyPair(tokenName, keyType, keyLength, pqgParams);
                 }
             }
@@ -1289,25 +1284,25 @@ private void 	createMasterKey(HttpServletRequest req,
 
             // rethrow the specific exception to be handled later
             throw eAudit2;
-    // } catch( ServletException eAudit3 ) {
-    //     // store a message in the signed audit log file
-    //     auditMessage = CMS.getLogMessage(
-    //                        LOGGING_SIGNED_AUDIT_KEY_GEN_ASYMMETRIC,
-    //                        auditSubjectID,
-    //                        ILogger.FAILURE,
-    //                        auditPublicKey );
-    //
-    //     audit( auditMessage );
-    //
-    //     // rethrow the specific exception to be handled later
-    //     throw eAudit3;
-       }
-    }
-
-    private void setCANewnickname(String tokenName, String nickname) 
-        throws EBaseException {
+            // } catch( ServletException eAudit3 ) {
+            // // store a message in the signed audit log file
+            // auditMessage = CMS.getLogMessage(
+            // LOGGING_SIGNED_AUDIT_KEY_GEN_ASYMMETRIC,
+            // auditSubjectID,
+            // ILogger.FAILURE,
+            // auditPublicKey );
+            //
+            // audit( auditMessage );
+            //
+            // // rethrow the specific exception to be handled later
+            // throw eAudit3;
+        }
+    }
+
+    private void setCANewnickname(String tokenName, String nickname)
+            throws EBaseException {
         ICertificateAuthority ca = (ICertificateAuthority)
-            CMS.getSubsystem(CMS.SUBSYSTEM_CA);
+                CMS.getSubsystem(CMS.SUBSYSTEM_CA);
         ISigningUnit signingUnit = ca.getSigningUnit();
 
         if (tokenName.equals(Constants.PR_INTERNAL_TOKEN_NAME))
@@ -1322,16 +1317,16 @@ private void 	createMasterKey(HttpServletRequest req,
 
     private String getCANewnickname() throws EBaseException {
         ICertificateAuthority ca = (ICertificateAuthority)
-            CMS.getSubsystem(CMS.SUBSYSTEM_CA);
+                CMS.getSubsystem(CMS.SUBSYSTEM_CA);
         ISigningUnit signingUnit = ca.getSigningUnit();
 
-        return signingUnit.getNewNickName(); 
+        return signingUnit.getNewNickName();
     }
 
     private void setRANewnickname(String tokenName, String nickname)
-        throws EBaseException {
+            throws EBaseException {
         IRegistrationAuthority ra = (IRegistrationAuthority)
-            CMS.getSubsystem(CMS.SUBSYSTEM_RA);
+                CMS.getSubsystem(CMS.SUBSYSTEM_RA);
 
         if (tokenName.equals(Constants.PR_INTERNAL_TOKEN_NAME))
             ra.setNewNickName(nickname);
@@ -1345,13 +1340,13 @@ private void 	createMasterKey(HttpServletRequest req,
 
     private String getRANewnickname() throws EBaseException {
         IRegistrationAuthority ra = (IRegistrationAuthority)
-            CMS.getSubsystem(CMS.SUBSYSTEM_RA);
+                CMS.getSubsystem(CMS.SUBSYSTEM_RA);
 
         return ra.getNewNickName();
     }
 
     private void setOCSPNewnickname(String tokenName, String nickname)
-        throws EBaseException {
+            throws EBaseException {
         IOCSPAuthority ocsp = (IOCSPAuthority) CMS.getSubsystem(CMS.SUBSYSTEM_OCSP);
 
         if (ocsp != null) {
@@ -1367,7 +1362,7 @@ private void 	createMasterKey(HttpServletRequest req,
             }
         } else {
             ICertificateAuthority ca = (ICertificateAuthority)
-                CMS.getSubsystem(CMS.SUBSYSTEM_CA);
+                    CMS.getSubsystem(CMS.SUBSYSTEM_CA);
             ISigningUnit signingUnit = ca.getOCSPSigningUnit();
 
             if (tokenName.equals(Constants.PR_INTERNAL_TOKEN_NAME))
@@ -1387,20 +1382,20 @@ private void 	createMasterKey(HttpServletRequest req,
         if (ocsp != null) {
             ISigningUnit signingUnit = ocsp.getSigningUnit();
 
-            return signingUnit.getNewNickName(); 
+            return signingUnit.getNewNickName();
         } else {
             ICertificateAuthority ca = (ICertificateAuthority)
-                CMS.getSubsystem(CMS.SUBSYSTEM_CA);
+                    CMS.getSubsystem(CMS.SUBSYSTEM_CA);
             ISigningUnit signingUnit = ca.getOCSPSigningUnit();
 
-            return signingUnit.getNewNickName(); 
+            return signingUnit.getNewNickName();
         }
     }
 
-    private void setKRANewnickname(String tokenName, String nickname) 
-        throws EBaseException {
+    private void setKRANewnickname(String tokenName, String nickname)
+            throws EBaseException {
         IKeyRecoveryAuthority kra = (IKeyRecoveryAuthority)
-            CMS.getSubsystem(CMS.SUBSYSTEM_KRA);
+                CMS.getSubsystem(CMS.SUBSYSTEM_KRA);
 
         if (tokenName.equals(Constants.PR_INTERNAL_TOKEN_NAME))
             kra.setNewNickName(nickname);
@@ -1418,81 +1413,76 @@ private void 	createMasterKey(HttpServletRequest req,
         return kra.getNewNickName();
     }
 
-    private void setRADMNewnickname(String tokenName, String nickName) 
-        throws EBaseException {
+    private void setRADMNewnickname(String tokenName, String nickName)
+            throws EBaseException {
         CMS.setServerCertNickname(tokenName, nickName);
 
         /*
-         RemoteAdmin raAdmin = (RemoteAdmin)RemoteAdmin.getInstance();
-         HTTPService httpsService = raAdmin.getHttpsService();
-         if (tokenName.equals(Constants.PR_INTERNAL_TOKEN_NAME))
-         httpsService.setNewNickName(nickName);
-         else {
-         if (tokenName.equals("") && nickName.equals(""))
-         httpsService.setNewNickName("");
-         else
-         httpsService.setNewNickName(tokenName+":"+nickName);
-         }
+         * RemoteAdmin raAdmin = (RemoteAdmin)RemoteAdmin.getInstance();
+         * HTTPService httpsService = raAdmin.getHttpsService(); if
+         * (tokenName.equals(Constants.PR_INTERNAL_TOKEN_NAME))
+         * httpsService.setNewNickName(nickName); else { if
+         * (tokenName.equals("") && nickName.equals(""))
+         * httpsService.setNewNickName(""); else
+         * httpsService.setNewNickName(tokenName+":"+nickName); }
          */
     }
 
-    private String getRADMNewnickname() 
-        throws EBaseException {
+    private String getRADMNewnickname()
+            throws EBaseException {
         // assuming the nickname does not change.
         return CMS.getServerCertNickname();
 
         /*
-         RemoteAdmin raAdmin = (RemoteAdmin)RemoteAdmin.getInstance();
-         HTTPService httpsService = raAdmin.getHttpsService();
-         return httpsService.getNewNickName();
+         * RemoteAdmin raAdmin = (RemoteAdmin)RemoteAdmin.getInstance();
+         * HTTPService httpsService = raAdmin.getHttpsService(); return
+         * httpsService.getNewNickName();
          */
     }
 
     private void setAgentNewnickname(String tokenName, String nickName)
-        throws EBaseException {
+            throws EBaseException {
         CMS.setServerCertNickname(tokenName, nickName);
 
         /*
-         AgentGateway gateway = (AgentGateway)mReg.get(AgentGateway.ID);
-         HTTPService httpsService = gateway.getHttpsService();
-         if (tokenName.equals(Constants.PR_INTERNAL_TOKEN_NAME))
-         httpsService.setNewNickName(nickName);
-         else {
-         if (tokenName.equals("") && nickName.equals(""))
-         httpsService.setNewNickName("");
-         else
-         httpsService.setNewNickName(tokenName+":"+nickName);
-         }
+         * AgentGateway gateway = (AgentGateway)mReg.get(AgentGateway.ID);
+         * HTTPService httpsService = gateway.getHttpsService(); if
+         * (tokenName.equals(Constants.PR_INTERNAL_TOKEN_NAME))
+         * httpsService.setNewNickName(nickName); else { if
+         * (tokenName.equals("") && nickName.equals(""))
+         * httpsService.setNewNickName(""); else
+         * httpsService.setNewNickName(tokenName+":"+nickName); }
          */
     }
 
-    private String getAgentNewnickname() 
-        throws EBaseException {
+    private String getAgentNewnickname()
+            throws EBaseException {
         // assuming the nickname does not change.
         return CMS.getServerCertNickname();
 
         /*
-         AgentGateway gateway = (AgentGateway)mReg.get(AgentGateway.ID);
-         HTTPService httpsService = gateway.getHttpsService();
-         return httpsService.getNewNickName();
+         * AgentGateway gateway = (AgentGateway)mReg.get(AgentGateway.ID);
+         * HTTPService httpsService = gateway.getHttpsService(); return
+         * httpsService.getNewNickName();
          */
     }
 
     /**
      * Issue import certificate
      * <P>
-     *
+     * 
      * <ul>
      * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY used when
-     * "Certificate Setup Wizard" is used to import CA certs into the 
+     * "Certificate Setup Wizard" is used to import CA certs into the
      * certificate database
      * </ul>
+     * 
      * @exception ServletException a servlet error has occurred
      * @exception IOException an input/output error has occurred
      * @exception EBaseException failed to issue an import certificate
      */
     private void issueImportCert(HttpServletRequest req,
-        HttpServletResponse resp) throws ServletException,
+            HttpServletResponse resp) throws ServletException,
             IOException, EBaseException {
         String auditMessage = null;
         String auditSubjectID = auditSubjectID();
@@ -1501,7 +1491,7 @@ private void 	createMasterKey(HttpServletRequest req,
         // to the signed audit log and stored as failures
         try {
             @SuppressWarnings("unchecked")
-			Enumeration<String> enum1 = req.getParameterNames();
+            Enumeration<String> enum1 = req.getParameterNames();
             String pkcs = "";
             String type = "";
             String tokenName = Constants.PR_INTERNAL_TOKEN_NAME;
@@ -1518,7 +1508,7 @@ private void 	createMasterKey(HttpServletRequest req,
                 String key = (String) enum1.nextElement();
                 String value = req.getParameter(key);
 
-                if (key.equals("pathname")) { 
+                if (key.equals("pathname")) {
                     configPath = mConfig.getString("instanceRoot", "")
                                + File.separator + "conf" + File.separator;
                     pathname = configPath + value;
@@ -1532,16 +1522,16 @@ private void 	createMasterKey(HttpServletRequest req,
             String certType = (String) properties.get(Constants.RS_ID);
 
             ICryptoSubsystem jssSubSystem = (ICryptoSubsystem)
-                CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO);
+                    CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO);
             IDBSubsystem dbs = (IDBSubsystem)
-                CMS.getSubsystem(CMS.SUBSYSTEM_DBS);
+                    CMS.getSubsystem(CMS.SUBSYSTEM_DBS);
             ICertificateAuthority ca = (ICertificateAuthority)
-            CMS.getSubsystem(CMS.SUBSYSTEM_CA);
+                    CMS.getSubsystem(CMS.SUBSYSTEM_CA);
             ICertificateRepository repository =
-                (ICertificateRepository) ca.getCertificateRepository();
+                    (ICertificateRepository) ca.getCertificateRepository();
             ISigningUnit signingUnit = ca.getSigningUnit();
             String oldtokenname = null;
-            //this is the old nick name
+            // this is the old nick name
             String nickname = getNickname(certType);
             String nicknameWithoutTokenName = "";
             String oldcatokenname = signingUnit.getTokenName();
@@ -1566,8 +1556,7 @@ private void 	createMasterKey(HttpServletRequest req,
 
                 audit(auditMessage);
 
-                throw new
-                    EBaseException(CMS.getLogMessage("BASE_CERT_NOT_FOUND"));
+                throw new EBaseException(CMS.getLogMessage("BASE_CERT_NOT_FOUND"));
             }
 
             if (newtokenname == null)
@@ -1587,13 +1576,12 @@ private void 	createMasterKey(HttpServletRequest req,
 
                 audit(auditMessage);
 
-                throw new
-                    EBaseException(CMS.getLogMessage("BASE_CERT_NOT_FOUND"));
+                throw new EBaseException(CMS.getLogMessage("BASE_CERT_NOT_FOUND"));
             }
 
-            //xxx renew ca ,use old issuer?
+            // xxx renew ca ,use old issuer?
             properties.setIssuerName(
-                jssSubSystem.getCertSubjectName(oldcatokenname,
+                    jssSubSystem.getCertSubjectName(oldcatokenname,
                                                 canicknameWithoutTokenName));
 
             KeyPair pair = null;
@@ -1608,11 +1596,10 @@ private void 	createMasterKey(HttpServletRequest req,
 
                 audit(auditMessage);
 
-                throw new
-                    EBaseException(CMS.getLogMessage("BASE_CERT_NOT_FOUND"));
+                throw new EBaseException(CMS.getLogMessage("BASE_CERT_NOT_FOUND"));
             }
 
-            //xxx set to old nickname?
+            // xxx set to old nickname?
             properties.setCertNickname(nickname);
             if (!certType.equals(Constants.PR_CA_SIGNING_CERT)) {
                 CertificateExtensions exts = jssSubSystem.getExtensions(
@@ -1633,14 +1620,14 @@ private void 	createMasterKey(HttpServletRequest req,
                     defaultOCSPSigningAlg = properties.getHashType();
                 }
             }
-    
+
             // create a new CA certificate or ssl server cert
-            if (properties.getKeyCurveName() != null) { //new ECC
+            if (properties.getKeyCurveName() != null) { // new ECC
                 CMS.debug("CMSAdminServlet: issueImportCert: generating ECC keys");
                 pair = jssSubSystem.getECCKeyPair(properties);
-                if (certType.equals(Constants.PR_CA_SIGNING_CERT)) 
+                if (certType.equals(Constants.PR_CA_SIGNING_CERT))
                     caKeyPair = pair;
-            } else if (properties.getKeyLength() != null) { //new RSA or DSA
+            } else if (properties.getKeyLength() != null) { // new RSA or DSA
                 keyType = properties.getKeyType();
                 String keyLen = properties.getKeyLength();
                 PQGParams pqgParams = null;
@@ -1648,10 +1635,10 @@ private void 	createMasterKey(HttpServletRequest req,
                 if (keyType.equals("DSA")) {
                     pqgParams = jssSubSystem.getCAPQG(Integer.parseInt(keyLen),
                                                       mConfig);
-                    //properties.put(Constants.PR_PQGPARAMS, pqgParams);
+                    // properties.put(Constants.PR_PQGPARAMS, pqgParams);
                 }
                 pair = jssSubSystem.getKeyPair(properties);
-                if (certType.equals(Constants.PR_CA_SIGNING_CERT)) 
+                if (certType.equals(Constants.PR_CA_SIGNING_CERT))
                     caKeyPair = pair;
                 // renew the CA certificate or ssl server cert
             } else {
@@ -1664,11 +1651,12 @@ private void 	createMasterKey(HttpServletRequest req,
                 }
 
                 /*
-                 String alg = jssSubSystem.getSignatureAlgorithm(nickname);
-                 SignatureAlgorithm sigAlg = SigningUnit.mapAlgorithmToJss(alg);
-                 properties.setSignatureAlgorithm(sigAlg);
-                 properties.setAlgorithmId(
-                 jssSubSystem.getAlgorithmId(alg, mConfig));
+                 * String alg = jssSubSystem.getSignatureAlgorithm(nickname);
+                 * SignatureAlgorithm sigAlg =
+                 * SigningUnit.mapAlgorithmToJss(alg);
+                 * properties.setSignatureAlgorithm(sigAlg);
+                 * properties.setAlgorithmId( jssSubSystem.getAlgorithmId(alg,
+                 * mConfig));
                  */
             }
 
@@ -1684,7 +1672,7 @@ private void 	createMasterKey(HttpServletRequest req,
                 properties.setAlgorithmId(jssSubSystem.getAlgorithmId(alg, mConfig));
             }
 
-            if (pair == null) 
+            if (pair == null)
                 CMS.debug("CMSAdminServlet: issueImportCert: key pair is null");
 
             BigInteger nextSerialNo = repository.getNextSerialNumber();
@@ -1692,36 +1680,34 @@ private void 	createMasterKey(HttpServletRequest req,
             properties.setSerialNumber(nextSerialNo);
             properties.setKeyPair(pair);
             properties.setConfigFile(mConfig);
-            //        properties.put(Constants.PR_CA_KEYPAIR, pair);
+            // properties.put(Constants.PR_CA_KEYPAIR, pair);
             properties.put(Constants.PR_CA_KEYPAIR, caKeyPair);
 
-            X509CertImpl signedCert = 
-                jssSubSystem.getSignedCert(properties, certType,
+            X509CertImpl signedCert =
+                    jssSubSystem.getSignedCert(properties, certType,
                                            caKeyPair.getPrivate());
 
-            if (signedCert == null) 
-                CMS.debug("CMSAdminServlet: issueImportCert: signedCert is null"); 
+            if (signedCert == null)
+                CMS.debug("CMSAdminServlet: issueImportCert: signedCert is null");
 
-            /* bug 600124
-             try {
-                 jssSubSystem.deleteTokenCertificate(nickname, pathname);
-             } catch (Throwable e) {
-                 //skip it
-             }
+            /*
+             * bug 600124 try { jssSubSystem.deleteTokenCertificate(nickname,
+             * pathname); } catch (Throwable e) { //skip it }
              */
 
             boolean nicknameChanged = false;
 
-            //xxx import cert with nickname without token name?
-            //jss adds the token prefix!!!
-            //log(ILogger.LL_DEBUG,"import as alias"+ nicknameWithoutTokenName);
+            // xxx import cert with nickname without token name?
+            // jss adds the token prefix!!!
+            // log(ILogger.LL_DEBUG,"import as alias"+
+            // nicknameWithoutTokenName);
             try {
                 CMS.debug("CMSAdminServlet: issueImportCert: Importing cert: " + nicknameWithoutTokenName);
                 jssSubSystem.importCert(signedCert, nicknameWithoutTokenName,
                                         certType);
             } catch (EBaseException e) {
                 // if it fails, let use a different nickname to try
-                Date now = new Date();	
+                Date now = new Date();
                 String newNickname = nicknameWithoutTokenName
                                    + "-" + now.getTime();
 
@@ -1746,20 +1732,20 @@ private void 	createMasterKey(HttpServletRequest req,
             if (certType.equals(Constants.PR_CA_SIGNING_CERT)) {
                 try {
                     X509CertInfo certInfo = (X509CertInfo) signedCert.get(
-                        X509CertImpl.NAME + "." + X509CertImpl.INFO);
+                            X509CertImpl.NAME + "." + X509CertImpl.INFO);
                     CertificateExtensions extensions = (CertificateExtensions)
-                        certInfo.get(X509CertInfo.EXTENSIONS);
+                            certInfo.get(X509CertInfo.EXTENSIONS);
 
                     if (extensions != null) {
                         BasicConstraintsExtension basic =
-                            (BasicConstraintsExtension)
-                            extensions.get(BasicConstraintsExtension.class.getSimpleName());
+                                (BasicConstraintsExtension)
+                                extensions.get(BasicConstraintsExtension.class.getSimpleName());
 
                         if (basic == null)
                             log(CMS.getLogMessage("ADMIN_SRVLT_BASIC_CONSTRAIN_NULL"));
                         else {
                             Integer pathlen = (Integer)
-                                basic.get(BasicConstraintsExtension.PATH_LEN);
+                                    basic.get(BasicConstraintsExtension.PATH_LEN);
                             int num = pathlen.intValue();
 
                             if (num == 0)
@@ -1776,7 +1762,7 @@ private void 	createMasterKey(HttpServletRequest req,
                 }
             }
 
-		    CMS.debug("CMSAdminServlet: oldtoken:" + oldtokenname
+            CMS.debug("CMSAdminServlet: oldtoken:" + oldtokenname
                     + " newtoken:" + newtokenname + " nickname:" + nickname);
             if ((newtokenname != null &&
                     !newtokenname.equals(oldtokenname)) || nicknameChanged) {
@@ -1786,10 +1772,10 @@ private void 	createMasterKey(HttpServletRequest req,
                                                  newtokenname);
                     } else {
                         signingUnit.updateConfig(newtokenname + ":" +
-                                                 nicknameWithoutTokenName, 
+                                                 nicknameWithoutTokenName,
                                                  newtokenname);
                     }
-                } else  if (certType.equals(Constants.PR_SERVER_CERT)) {
+                } else if (certType.equals(Constants.PR_SERVER_CERT)) {
                     if (newtokenname.equals(Constants.PR_INTERNAL_TOKEN_NAME)) {
                         nickname = nicknameWithoutTokenName;
                     } else {
@@ -1797,13 +1783,13 @@ private void 	createMasterKey(HttpServletRequest req,
                                  + nicknameWithoutTokenName;
                     }
 
-                    //setRADMNewnickname("","");
-                    //modifyRADMCert(nickname);
+                    // setRADMNewnickname("","");
+                    // modifyRADMCert(nickname);
                     modifyAgentGatewayCert(nickname);
                     if (isSubsystemInstalled("ra")) {
                         IRegistrationAuthority ra =
-                            (IRegistrationAuthority)
-                            CMS.getSubsystem(CMS.SUBSYSTEM_RA);
+                                (IRegistrationAuthority)
+                                CMS.getSubsystem(CMS.SUBSYSTEM_RA);
 
                         modifyEEGatewayCert(ra, nickname);
                     }
@@ -1820,23 +1806,23 @@ private void 	createMasterKey(HttpServletRequest req,
 
                     modifyRADMCert(nickname);
                 } else if (certType.equals(Constants.PR_OCSP_SIGNING_CERT)) {
-                    if (ca != null) { 
+                    if (ca != null) {
                         ISigningUnit ocspSigningUnit = ca.getOCSPSigningUnit();
 
                         if (newtokenname.equals(Constants.PR_INTERNAL_TOKEN_NAME)) {
                             ocspSigningUnit.updateConfig(
-                                nicknameWithoutTokenName, newtokenname);
+                                    nicknameWithoutTokenName, newtokenname);
                         } else {
                             ocspSigningUnit.updateConfig(newtokenname + ":" +
-                                nicknameWithoutTokenName, 
-                                newtokenname);
+                                    nicknameWithoutTokenName,
+                                    newtokenname);
                         }
                     }
                 }
             }
-  
+
             // set signing algorithms if needed
-            if (certType.equals(Constants.PR_CA_SIGNING_CERT)) 
+            if (certType.equals(Constants.PR_CA_SIGNING_CERT))
                 signingUnit.setDefaultAlgorithm(defaultSigningAlg);
 
             if (defaultOCSPSigningAlg != null) {
@@ -1884,46 +1870,47 @@ private void 	createMasterKey(HttpServletRequest req,
 
             // rethrow the specific exception to be handled later
             throw eAudit2;
-    // } catch( ServletException eAudit3 ) {
-    //     // store a message in the signed audit log file
-    //     auditMessage = CMS.getLogMessage(
-    //                        LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY,
-    //                        auditSubjectID,
-    //                        ILogger.FAILURE,
-    //                        auditParams( req ) );
-    //
-    //     audit( auditMessage );
-    //
-    //     // rethrow the specific exception to be handled later
-    //     throw eAudit3;
-       }
-    }
-
-    private void updateCASignature(String nickname, KeyCertData properties, 
-        ICryptoSubsystem jssSubSystem) throws EBaseException {
+            // } catch( ServletException eAudit3 ) {
+            // // store a message in the signed audit log file
+            // auditMessage = CMS.getLogMessage(
+            // LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY,
+            // auditSubjectID,
+            // ILogger.FAILURE,
+            // auditParams( req ) );
+            //
+            // audit( auditMessage );
+            //
+            // // rethrow the specific exception to be handled later
+            // throw eAudit3;
+        }
+    }
+
+    private void updateCASignature(String nickname, KeyCertData properties,
+            ICryptoSubsystem jssSubSystem) throws EBaseException {
         String alg = jssSubSystem.getSignatureAlgorithm(nickname);
         SignatureAlgorithm sigAlg = Cert.mapAlgorithmToJss(alg);
 
         properties.setSignatureAlgorithm(sigAlg);
         properties.setAlgorithmId(
-            jssSubSystem.getAlgorithmId(alg, mConfig));
+                jssSubSystem.getAlgorithmId(alg, mConfig));
     }
 
     /**
      * Install certificates
      * <P>
-     *
+     * 
      * <ul>
      * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY used when
-     * "Certificate Setup Wizard" is used to import CA certs into the 
+     * "Certificate Setup Wizard" is used to import CA certs into the
      * certificate database
      * </ul>
+     * 
      * @exception ServletException a servlet error has occurred
      * @exception IOException an input/output error has occurred
      * @exception EBaseException failed to install a certificate
      */
     private void installCert(HttpServletRequest req,
-        HttpServletResponse resp) throws ServletException,
+            HttpServletResponse resp) throws ServletException,
             IOException, EBaseException {
         String auditMessage = null;
         String auditSubjectID = auditSubjectID();
@@ -1940,37 +1927,37 @@ private void 	createMasterKey(HttpServletRequest req,
             String serverID = "";
             String certpath = "";
             @SuppressWarnings("unchecked")
-			Enumeration<String> enum1 = req.getParameterNames();
+            Enumeration<String> enum1 = req.getParameterNames();
 
             while (enum1.hasMoreElements()) {
                 String key = (String) enum1.nextElement();
                 String value = req.getParameter(key);
 
-                if (key.equals(Constants.PR_PKCS10)) 
+                if (key.equals(Constants.PR_PKCS10))
                     pkcs = value;
                 else if (key.equals(Constants.RS_ID))
                     certType = value;
                 else if (key.equals(Constants.PR_NICKNAME))
                     nickname = value;
-                else if (key.equals("pathname")) 
+                else if (key.equals("pathname"))
                     pathname = value;
                 else if (key.equals(Constants.PR_SERVER_ROOT))
                     serverRoot = value;
-                else if (key.equals(Constants.PR_SERVER_ID)) 
+                else if (key.equals(Constants.PR_SERVER_ID))
                     serverID = value;
-                else if (key.equals(Constants.PR_CERT_FILEPATH)) 
+                else if (key.equals(Constants.PR_CERT_FILEPATH))
                     certpath = value;
             }
- 
+
             try {
                 if (pkcs == null || pkcs.equals("")) {
                     if (certpath == null || certpath.equals("")) {
                         // store a message in the signed audit log file
                         auditMessage = CMS.getLogMessage(
-                            LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY,
-                            auditSubjectID,
-                            ILogger.FAILURE,
-                            auditParams(req));
+                                LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY,
+                                auditSubjectID,
+                                ILogger.FAILURE,
+                                auditParams(req));
 
                         audit(auditMessage);
 
@@ -1981,7 +1968,7 @@ private void 	createMasterKey(HttpServletRequest req,
                     } else {
                         FileInputStream in = new FileInputStream(certpath);
                         BufferedReader d =
-                            new BufferedReader(new InputStreamReader(in));
+                                new BufferedReader(new InputStreamReader(in));
                         String content = "";
 
                         pkcs = "";
@@ -2009,7 +1996,7 @@ private void 	createMasterKey(HttpServletRequest req,
                 audit(auditMessage);
 
                 throw new EBaseException(
-                    CMS.getLogMessage("BASE_OPEN_FILE_FAILED"));
+                        CMS.getLogMessage("BASE_OPEN_FILE_FAILED"));
             }
 
             pkcs = pkcs.trim();
@@ -2017,8 +2004,8 @@ private void 	createMasterKey(HttpServletRequest req,
                      + File.separator + "config" + File.separator + pathname;
 
             ICryptoSubsystem jssSubSystem = (ICryptoSubsystem)
-                CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO);
-            //String nickname = getNickname(certType);
+                    CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO);
+            // String nickname = getNickname(certType);
             String nicknameWithoutTokenName = "";
 
             int index = nickname.indexOf(":");
@@ -2039,72 +2026,62 @@ private void 	createMasterKey(HttpServletRequest req,
                 audit(auditMessage);
 
                 throw new EBaseException(
-                    CMS.getLogMessage("BASE_CERT_NOT_FOUND"));
+                        CMS.getLogMessage("BASE_CERT_NOT_FOUND"));
             }
 
             /*
-            if (certType.equals(Constants.PR_CA_SIGNING_CERT) ||
-                certType.equals(Constants.PR_RA_SIGNING_CERT) ||
-                certType.equals(Constants.PR_OCSP_SIGNING_CERT) ||
-                certType.equals(Constants.PR_KRA_TRANSPORT_CERT) ||
-                certType.equals(Constants.PR_SERVER_CERT) ||
-                certType.equals(Constants.PR_SERVER_CERT_RADM)) {
-                    String oldnickname = getNickname(certType);
-                    try {
-                        jssSubsystem.deleteTokenCertificate(oldnickname,
-                                                            pathname);
-                        //jssSubsystem.deleteTokenCertificate(nickname,
-                                                              pathname);
-                    } catch (EBaseException e) {
-                        // skip it
-                    }
-            } else {
-                try {
-                    jssSubsystem.deleteTokenCertificate(nickname, pathname);
-                } catch (EBaseException e) {
-                    // skip it
-                }
-            }
-            */
+             * if (certType.equals(Constants.PR_CA_SIGNING_CERT) ||
+             * certType.equals(Constants.PR_RA_SIGNING_CERT) ||
+             * certType.equals(Constants.PR_OCSP_SIGNING_CERT) ||
+             * certType.equals(Constants.PR_KRA_TRANSPORT_CERT) ||
+             * certType.equals(Constants.PR_SERVER_CERT) ||
+             * certType.equals(Constants.PR_SERVER_CERT_RADM)) { String
+             * oldnickname = getNickname(certType); try {
+             * jssSubsystem.deleteTokenCertificate(oldnickname, pathname);
+             * //jssSubsystem.deleteTokenCertificate(nickname, pathname); }
+             * catch (EBaseException e) { // skip it } } else { try {
+             * jssSubsystem.deleteTokenCertificate(nickname, pathname); } catch
+             * (EBaseException e) { // skip it } }
+             */
 
             // 600124 - renewal of SSL crash the server
             // we now do not delete previously installed certificates.
 
-            // Same Subject   | Same Nickname |  Same Key  |     Legal 
-            // ----------------------------------------------------------- 
-            // 1.   Yes             Yes            No              Yes 
-            // 2.   Yes             Yes            Yes             Yes 
-            // 3.   No              No             Yes             Yes 
-            // 4.   No              No             No              Yes 
-            // 5.   No              Yes            Yes             No 
-            // 6.   No              Yes            No              No 
-            // 7.   Yes             No             Yes             No 
-            // 8.   Yes             No             No              No
+            // Same Subject | Same Nickname | Same Key | Legal
+            // -----------------------------------------------------------
+            // 1. Yes Yes No Yes
+            // 2. Yes Yes Yes Yes
+            // 3. No No Yes Yes
+            // 4. No No No Yes
+            // 5. No Yes Yes No
+            // 6. No Yes No No
+            // 7. Yes No Yes No
+            // 8. Yes No No No
 
             // Based on above table, the following cases are permitted:
             // Existing Key:
-            // 	(a) Same Subject & Same Nickname	        --- (2)
-            // 	(b) Different Subject & Different Nickname	--- (3)
-            //          (In order to support Case b., we need to use a different
-            //		nickname).
+            // (a) Same Subject & Same Nickname --- (2)
+            // (b) Different Subject & Different Nickname --- (3)
+            // (In order to support Case b., we need to use a different
+            // nickname).
             // New Key:
-            //      (c) Same Subject & Same Nickname                --- (1)
-            // 	(d) Different Subject & Different Nickname	--- (4)
-            //          (In order to support Case b., we need to use a different
-            //		nickname).
+            // (c) Same Subject & Same Nickname --- (1)
+            // (d) Different Subject & Different Nickname --- (4)
+            // (In order to support Case b., we need to use a different
+            // nickname).
             //
 
-            CMS.debug("CMSAdminServlet.installCert(): About to try jssSubSystem.importCert: "+ nicknameWithoutTokenName);
+            CMS.debug("CMSAdminServlet.installCert(): About to try jssSubSystem.importCert: " + nicknameWithoutTokenName);
             try {
-                jssSubSystem.importCert(pkcs, nicknameWithoutTokenName, 
-                    certType);
+                jssSubSystem.importCert(pkcs, nicknameWithoutTokenName,
+                        certType);
             } catch (EBaseException e) {
 
                 boolean certFound = false;
 
                 String eString = e.toString();
-                if(eString.contains("Failed to find certificate that was just imported")) {
-                    CMS.debug("CMSAdminServlet.installCert(): nickname="+nicknameWithoutTokenName + " TokenException: " + eString);
+                if (eString.contains("Failed to find certificate that was just imported")) {
+                    CMS.debug("CMSAdminServlet.installCert(): nickname=" + nicknameWithoutTokenName + " TokenException: " + eString);
 
                     X509Certificate cert = null;
                     try {
@@ -2116,11 +2093,11 @@ private void 	createMasterKey(HttpServletRequest req,
                     } catch (Exception ex) {
                         CMS.debug("CMSAdminServlet.installCert() Can't find cert just imported: " + ex.toString());
                     }
-                } 
+                }
 
                 if (!certFound) {
                     // if it fails, let use a different nickname to try
-                    Date now = new Date();	
+                    Date now = new Date();
                     String newNickname = nicknameWithoutTokenName + "-" +
                                      now.getTime();
 
@@ -2131,16 +2108,16 @@ private void 	createMasterKey(HttpServletRequest req,
                     } else {
                         nickname = tokenName + ":" + newNickname;
                     }
-                    CMS.debug("CMSAdminServlet: installCert():  After second install attempt following initial error: nickname="+nickname);
-               }
+                    CMS.debug("CMSAdminServlet: installCert():  After second install attempt following initial error: nickname=" + nickname);
+                }
             }
 
             if (certType.equals(Constants.PR_CA_SIGNING_CERT)) {
                 ICertificateAuthority ca =
-                    (ICertificateAuthority) CMS.getSubsystem(CMS.SUBSYSTEM_CA);
+                        (ICertificateAuthority) CMS.getSubsystem(CMS.SUBSYSTEM_CA);
                 ISigningUnit signingUnit = ca.getSigningUnit();
                 String signatureAlg =
-                    jssSubSystem.getSignatureAlgorithm(nickname);
+                        jssSubSystem.getSignatureAlgorithm(nickname);
 
                 signingUnit.setDefaultAlgorithm(signatureAlg);
                 setCANewnickname("", "");
@@ -2149,26 +2126,26 @@ private void 	createMasterKey(HttpServletRequest req,
 
                     if (nickname.equals(nicknameWithoutTokenName)) {
                         signingUnit.updateConfig(nickname,
-                            Constants.PR_INTERNAL_TOKEN_NAME);
+                                Constants.PR_INTERNAL_TOKEN_NAME);
                         extensions = jssSubSystem.getExtensions(
-                            Constants.PR_INTERNAL_TOKEN_NAME, nickname);
+                                Constants.PR_INTERNAL_TOKEN_NAME, nickname);
                     } else {
                         String tokenname1 = nickname.substring(0, index);
 
                         signingUnit.updateConfig(nickname, tokenname1);
                         extensions = jssSubSystem.getExtensions(tokenname1,
-                            nicknameWithoutTokenName);
+                                nicknameWithoutTokenName);
                     }
                     if (extensions != null) {
                         BasicConstraintsExtension basic =
-                            (BasicConstraintsExtension)
-                            extensions.get(BasicConstraintsExtension.class.getSimpleName());
+                                (BasicConstraintsExtension)
+                                extensions.get(BasicConstraintsExtension.class.getSimpleName());
 
                         if (basic == null)
                             log(CMS.getLogMessage("ADMIN_SRVLT_BASIC_CONSTRAIN_NULL"));
                         else {
                             Integer pathlen = (Integer)
-                                basic.get(BasicConstraintsExtension.PATH_LEN);
+                                    basic.get(BasicConstraintsExtension.PATH_LEN);
                             int num = pathlen.intValue();
 
                             if (num == 0)
@@ -2187,34 +2164,34 @@ private void 	createMasterKey(HttpServletRequest req,
             } else if (certType.equals(Constants.PR_RA_SIGNING_CERT)) {
                 setRANewnickname("", "");
                 IRegistrationAuthority ra =
-                    (IRegistrationAuthority) CMS.getSubsystem(CMS.SUBSYSTEM_RA);
+                        (IRegistrationAuthority) CMS.getSubsystem(CMS.SUBSYSTEM_RA);
 
                 ra.setNickname(nickname);
             } else if (certType.equals(Constants.PR_OCSP_SIGNING_CERT)) {
                 setOCSPNewnickname("", "");
                 IOCSPAuthority ocsp =
-                    (IOCSPAuthority) CMS.getSubsystem(CMS.SUBSYSTEM_OCSP);
+                        (IOCSPAuthority) CMS.getSubsystem(CMS.SUBSYSTEM_OCSP);
 
                 if (ocsp != null) {
                     ISigningUnit signingUnit = ocsp.getSigningUnit();
 
                     if (nickname.equals(nicknameWithoutTokenName)) {
                         signingUnit.updateConfig(nickname,
-                            Constants.PR_INTERNAL_TOKEN_NAME);
+                                Constants.PR_INTERNAL_TOKEN_NAME);
                     } else {
                         String tokenname1 = nickname.substring(0, index);
 
                         signingUnit.updateConfig(nickname, tokenname1);
                     }
-                } else { 
+                } else {
                     ICertificateAuthority ca =
-                        (ICertificateAuthority)
-                        CMS.getSubsystem(CMS.SUBSYSTEM_CA);
+                            (ICertificateAuthority)
+                            CMS.getSubsystem(CMS.SUBSYSTEM_CA);
                     ISigningUnit signingUnit = ca.getOCSPSigningUnit();
 
                     if (nickname.equals(nicknameWithoutTokenName)) {
                         signingUnit.updateConfig(nickname,
-                            Constants.PR_INTERNAL_TOKEN_NAME);
+                                Constants.PR_INTERNAL_TOKEN_NAME);
                     } else {
                         String tokenname1 = nickname.substring(0, index);
 
@@ -2224,24 +2201,24 @@ private void 	createMasterKey(HttpServletRequest req,
             } else if (certType.equals(Constants.PR_KRA_TRANSPORT_CERT)) {
                 setKRANewnickname("", "");
                 IKeyRecoveryAuthority kra =
-                    (IKeyRecoveryAuthority) CMS.getSubsystem(CMS.SUBSYSTEM_KRA);
+                        (IKeyRecoveryAuthority) CMS.getSubsystem(CMS.SUBSYSTEM_KRA);
 
                 kra.setNickname(nickname);
             } else if (certType.equals(Constants.PR_SERVER_CERT)) {
                 setAgentNewnickname("", "");
-                //modifyRADMCert(nickname);
+                // modifyRADMCert(nickname);
                 modifyAgentGatewayCert(nickname);
                 if (isSubsystemInstalled("ra")) {
                     IRegistrationAuthority ra =
-                        (IRegistrationAuthority)
-                        CMS.getSubsystem(CMS.SUBSYSTEM_RA);
+                            (IRegistrationAuthority)
+                            CMS.getSubsystem(CMS.SUBSYSTEM_RA);
 
                     modifyEEGatewayCert(ra, nickname);
                 }
                 if (isSubsystemInstalled("ca")) {
                     ICertificateAuthority ca =
-                        (ICertificateAuthority)
-                        CMS.getSubsystem(CMS.SUBSYSTEM_CA);
+                            (ICertificateAuthority)
+                            CMS.getSubsystem(CMS.SUBSYSTEM_CA);
 
                     modifyCAGatewayCert(ca, nickname);
                 }
@@ -2252,7 +2229,7 @@ private void 	createMasterKey(HttpServletRequest req,
 
             boolean verified = CMS.verifySystemCertByNickname(nickname, null);
             if (verified == true) {
-                CMS.debug("CMSAdminServlet: installCert(): verifySystemCertByNickname() succeeded:"+ nickname);
+                CMS.debug("CMSAdminServlet: installCert(): verifySystemCertByNickname() succeeded:" + nickname);
                 auditMessage = CMS.getLogMessage(
                         LOGGING_SIGNED_AUDIT_CIMC_CERT_VERIFICATION,
                         auditSubjectID,
@@ -2261,7 +2238,7 @@ private void 	createMasterKey(HttpServletRequest req,
 
                 audit(auditMessage);
             } else {
-                CMS.debug("CMSAdminServlet: installCert(): verifySystemCertByNickname() failed:"+ nickname);
+                CMS.debug("CMSAdminServlet: installCert(): verifySystemCertByNickname() failed:" + nickname);
                 auditMessage = CMS.getLogMessage(
                                 LOGGING_SIGNED_AUDIT_CIMC_CERT_VERIFICATION,
                                 auditSubjectID,
@@ -2280,11 +2257,11 @@ private void 	createMasterKey(HttpServletRequest req,
             audit(auditMessage);
 
             mConfig.commit(true);
-            if(verified == true) {
+            if (verified == true) {
                 sendResponse(SUCCESS, null, null, resp);
             } else {
                 sendResponse(ERROR, CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_CERT_VALIDATE_FAILED"),
-                null, resp);
+                        null, resp);
             }
         } catch (EBaseException eAudit1) {
             // store a message in the signed audit log file
@@ -2310,37 +2287,38 @@ private void 	createMasterKey(HttpServletRequest req,
 
             // rethrow the specific exception to be handled later
             throw eAudit2;
-    // } catch( ServletException eAudit3 ) {
-    //     // store a message in the signed audit log file
-    //     auditMessage = CMS.getLogMessage(
-    //                        LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY,
-    //                        auditSubjectID,
-    //                        ILogger.FAILURE,
-    //                        auditParams( req ) );
-    //
-    //     audit( auditMessage );
-    //
-    //     // rethrow the specific exception to be handled later
-    //     throw eAudit3;
-       }
+            // } catch( ServletException eAudit3 ) {
+            // // store a message in the signed audit log file
+            // auditMessage = CMS.getLogMessage(
+            // LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY,
+            // auditSubjectID,
+            // ILogger.FAILURE,
+            // auditParams( req ) );
+            //
+            // audit( auditMessage );
+            //
+            // // rethrow the specific exception to be handled later
+            // throw eAudit3;
+        }
     }
 
     /**
-     * For "importing" cross-signed cert into internal db for further
-     * cross pair matching and publishing
+     * For "importing" cross-signed cert into internal db for further cross pair
+     * matching and publishing
      * <P>
-     *
+     * 
      * <ul>
      * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY used when
      * "Certificate Setup Wizard" is used to import a CA cross-signed
      * certificate into the database
      * </ul>
+     * 
      * @exception ServletException a servlet error has occurred
      * @exception IOException an input/output error has occurred
      * @exception EBaseException failed to import a cross-certificate pair
      */
     private void importXCert(HttpServletRequest req,
-        HttpServletResponse resp) throws ServletException,
+            HttpServletResponse resp) throws ServletException,
             IOException, EBaseException {
         String auditMessage = null;
         String auditSubjectID = auditSubjectID();
@@ -2355,7 +2333,7 @@ private void 	createMasterKey(HttpServletRequest req,
             String serverID = "";
             String certpath = "";
             @SuppressWarnings("unchecked")
-			Enumeration<String> enum1 = req.getParameterNames();
+            Enumeration<String> enum1 = req.getParameterNames();
             NameValuePairs results = new NameValuePairs();
 
             while (enum1.hasMoreElements()) {
@@ -2363,29 +2341,29 @@ private void 	createMasterKey(HttpServletRequest req,
                 String value = req.getParameter(key);
 
                 // really should be PR_CERT_CONTENT
-                if (key.equals(Constants.PR_PKCS10)) 
+                if (key.equals(Constants.PR_PKCS10))
                     b64Cert = value;
                 else if (key.equals(Constants.RS_ID))
                     certType = value;
-                else if (key.equals("pathname")) 
+                else if (key.equals("pathname"))
                     pathname = value;
                 else if (key.equals(Constants.PR_SERVER_ROOT))
                     serverRoot = value;
-                else if (key.equals(Constants.PR_SERVER_ID)) 
+                else if (key.equals(Constants.PR_SERVER_ID))
                     serverID = value;
-                else if (key.equals(Constants.PR_CERT_FILEPATH)) 
+                else if (key.equals(Constants.PR_CERT_FILEPATH))
                     certpath = value;
             }
- 
+
             try {
                 if (b64Cert == null || b64Cert.equals("")) {
                     if (certpath == null || certpath.equals("")) {
                         // store a message in the signed audit log file
                         auditMessage = CMS.getLogMessage(
-                            LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY,
-                            auditSubjectID,
-                            ILogger.FAILURE,
-                            auditParams(req));
+                                LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY,
+                                auditSubjectID,
+                                ILogger.FAILURE,
+                                auditParams(req));
 
                         audit(auditMessage);
 
@@ -2396,7 +2374,7 @@ private void 	createMasterKey(HttpServletRequest req,
                     } else {
                         FileInputStream in = new FileInputStream(certpath);
                         BufferedReader d =
-                            new BufferedReader(new InputStreamReader(in));
+                                new BufferedReader(new InputStreamReader(in));
                         String content = "";
 
                         b64Cert = "";
@@ -2423,7 +2401,7 @@ private void 	createMasterKey(HttpServletRequest req,
                 audit(auditMessage);
 
                 throw new EBaseException(
-                    CMS.getLogMessage("BASE_OPEN_FILE_FAILED"));
+                        CMS.getLogMessage("BASE_OPEN_FILE_FAILED"));
             }
             CMS.debug("CMSAdminServlet: got b64Cert");
             b64Cert = Cert.stripBrackets(b64Cert.trim());
@@ -2441,10 +2419,10 @@ private void 	createMasterKey(HttpServletRequest req,
                      + File.separator + "config" + File.separator + pathname;
 
             ICrossCertPairSubsystem ccps =
-                (ICrossCertPairSubsystem) CMS.getSubsystem("CrossCertPair");
+                    (ICrossCertPairSubsystem) CMS.getSubsystem("CrossCertPair");
 
             try {
-                //this will import into internal ldap crossCerts entry
+                // this will import into internal ldap crossCerts entry
                 ccps.importCert(bCert);
             } catch (Exception e) {
                 // store a message in the signed audit log file
@@ -2480,8 +2458,8 @@ private void 	createMasterKey(HttpServletRequest req,
             }
 
             ICryptoSubsystem jssSubSystem = (ICryptoSubsystem)
-                CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO);
-            String content = jssSubSystem.getCertPrettyPrint(b64Cert, 
+                    CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO);
+            String content = jssSubSystem.getCertPrettyPrint(b64Cert,
                     super.getLocale(req));
 
             results.add(Constants.PR_NICKNAME, "FBCA cross-signed cert");
@@ -2521,19 +2499,19 @@ private void 	createMasterKey(HttpServletRequest req,
 
             // rethrow the specific exception to be handled later
             throw eAudit2;
-    // } catch( ServletException eAudit3 ) {
-    //     // store a message in the signed audit log file
-    //     auditMessage = CMS.getLogMessage(
-    //                        LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY,
-    //                        auditSubjectID,
-    //                        ILogger.FAILURE,
-    //                        auditParams( req ) );
-    //
-    //     audit( auditMessage );
-    //
-    //     // rethrow the specific exception to be handled later
-    //     throw eAudit3;
-       }
+            // } catch( ServletException eAudit3 ) {
+            // // store a message in the signed audit log file
+            // auditMessage = CMS.getLogMessage(
+            // LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY,
+            // auditSubjectID,
+            // ILogger.FAILURE,
+            // auditParams( req ) );
+            //
+            // audit( auditMessage );
+            //
+            // // rethrow the specific exception to be handled later
+            // throw eAudit3;
+        }
     }
 
     private String getNickname(String certType) throws EBaseException {
@@ -2541,13 +2519,13 @@ private void 	createMasterKey(HttpServletRequest req,
 
         if (certType.equals(Constants.PR_CA_SIGNING_CERT)) {
             ICertificateAuthority ca =
-                (ICertificateAuthority) CMS.getSubsystem(CMS.SUBSYSTEM_CA);
+                    (ICertificateAuthority) CMS.getSubsystem(CMS.SUBSYSTEM_CA);
             ISigningUnit signingUnit = ca.getSigningUnit();
 
             nickname = signingUnit.getNickname();
         } else if (certType.equals(Constants.PR_OCSP_SIGNING_CERT)) {
             IOCSPAuthority ocsp =
-                (IOCSPAuthority) CMS.getSubsystem(CMS.SUBSYSTEM_OCSP);
+                    (IOCSPAuthority) CMS.getSubsystem(CMS.SUBSYSTEM_OCSP);
 
             if (ocsp == null) {
                 // this is a local CA service
@@ -2562,28 +2540,28 @@ private void 	createMasterKey(HttpServletRequest req,
             }
         } else if (certType.equals(Constants.PR_RA_SIGNING_CERT)) {
             IRegistrationAuthority ra =
-                (IRegistrationAuthority) CMS.getSubsystem(CMS.SUBSYSTEM_RA);
+                    (IRegistrationAuthority) CMS.getSubsystem(CMS.SUBSYSTEM_RA);
 
             nickname = ra.getNickname();
         } else if (certType.equals(Constants.PR_KRA_TRANSPORT_CERT)) {
             IKeyRecoveryAuthority kra =
-                (IKeyRecoveryAuthority) CMS.getSubsystem(CMS.SUBSYSTEM_KRA);
+                    (IKeyRecoveryAuthority) CMS.getSubsystem(CMS.SUBSYSTEM_KRA);
 
             nickname = kra.getNickname();
         } else if (certType.equals(Constants.PR_SERVER_CERT)) {
             nickname = CMS.getServerCertNickname();
         } else if (certType.equals(Constants.PR_SERVER_CERT_RADM)) {
             nickname = CMS.getServerCertNickname();
-        } 
+        }
 
         return nickname;
     }
 
     private void getCertInfo(HttpServletRequest req,
-        HttpServletResponse resp) throws ServletException,
+            HttpServletResponse resp) throws ServletException,
             IOException, EBaseException {
         @SuppressWarnings("unchecked")
-		Enumeration<String> enum1 = req.getParameterNames();
+        Enumeration<String> enum1 = req.getParameterNames();
         NameValuePairs results = new NameValuePairs();
         String pkcs = "";
         String path = "";
@@ -2616,7 +2594,7 @@ private void 	createMasterKey(HttpServletRequest req,
                 } else {
                     FileInputStream in = new FileInputStream(path);
                     BufferedReader d =
-                        new BufferedReader(new InputStreamReader(in));
+                            new BufferedReader(new InputStreamReader(in));
                     String content = "";
 
                     pkcs = "";
@@ -2640,7 +2618,7 @@ private void 	createMasterKey(HttpServletRequest req,
         int totalLen = pkcs.length();
 
         if (pkcs.indexOf(BEGIN_HEADER) != 0 ||
-            pkcs.indexOf(END_HEADER) != (totalLen - 25)) {
+                pkcs.indexOf(END_HEADER) != (totalLen - 25)) {
             throw (new EBaseException(CMS.getLogMessage("BASE_INVALID_CERT_FORMAT")));
         }
 
@@ -2665,25 +2643,25 @@ private void 	createMasterKey(HttpServletRequest req,
             nickname = getNickname(certType);
 
         ICryptoSubsystem jssSubSystem = (ICryptoSubsystem)
-            CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO);
+                CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO);
         String content = jssSubSystem.getCertPrettyPrint(pkcs,
                 super.getLocale(req));
 
         if (nickname != null && !nickname.equals(""))
             results.add(Constants.PR_NICKNAME, nickname);
         results.add(Constants.PR_CERT_CONTENT, content);
-        //results = jssSubSystem.getCertInfo(value);
+        // results = jssSubSystem.getCertInfo(value);
 
         sendResponse(SUCCESS, null, results, resp);
     }
 
     private void getCertPrettyPrint(HttpServletRequest req,
-        HttpServletResponse resp) throws ServletException,
+            HttpServletResponse resp) throws ServletException,
             IOException, EBaseException {
-    	@SuppressWarnings("unchecked")
+        @SuppressWarnings("unchecked")
         Enumeration<String> enum1 = req.getParameterNames();
         ICryptoSubsystem jssSubSystem = (ICryptoSubsystem)
-            CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO);
+                CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO);
         String nickname = "";
         String serialno = "";
         String issuername = "";
@@ -2703,7 +2681,7 @@ private void 	createMasterKey(HttpServletRequest req,
             if (key.equals(Constants.PR_NICK_NAME)) {
                 nickname = value;
                 continue;
-            } 
+            }
             if (key.equals(Constants.PR_SERIAL_NUMBER)) {
                 serialno = value;
                 continue;
@@ -2714,20 +2692,20 @@ private void 	createMasterKey(HttpServletRequest req,
             }
         }
 
-        String print = jssSubSystem.getCertPrettyPrintAndFingerPrint(nickname, 
-          serialno, issuername, locale);
+        String print = jssSubSystem.getCertPrettyPrintAndFingerPrint(nickname,
+                serialno, issuername, locale);
         pairs.add(nickname, print);
 
         sendResponse(SUCCESS, null, pairs, resp);
     }
 
     private void getRootCertTrustBit(HttpServletRequest req,
-        HttpServletResponse resp) throws ServletException,
+            HttpServletResponse resp) throws ServletException,
             IOException, EBaseException {
-    	@SuppressWarnings("unchecked")
+        @SuppressWarnings("unchecked")
         Enumeration<String> enum1 = req.getParameterNames();
         ICryptoSubsystem jssSubSystem = (ICryptoSubsystem)
-            CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO);
+                CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO);
         String nickname = "";
         String serialno = "";
         String issuername = "";
@@ -2759,92 +2737,92 @@ private void 	createMasterKey(HttpServletRequest req,
         }
 
         String trustbit = jssSubSystem.getRootCertTrustBit(nickname,
-          serialno, issuername);
+                serialno, issuername);
         pairs.add(nickname, trustbit);
 
         sendResponse(SUCCESS, null, pairs, resp);
     }
 
     private void getCACerts(HttpServletRequest req,
-        HttpServletResponse resp) throws ServletException,
+            HttpServletResponse resp) throws ServletException,
             IOException, EBaseException {
         ICryptoSubsystem jssSubSystem = (ICryptoSubsystem)
-            CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO);
+                CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO);
         NameValuePairs pairs = jssSubSystem.getCACerts();
 
         sendResponse(SUCCESS, null, pairs, resp);
     }
 
     private void deleteRootCert(HttpServletRequest req,
-        HttpServletResponse resp) throws ServletException,
+            HttpServletResponse resp) throws ServletException,
             IOException, EBaseException {
 
         String id = req.getParameter(Constants.RS_ID);
         ICryptoSubsystem jssSubSystem = (ICryptoSubsystem)
-          CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO);
+                CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO);
         int mindex = id.indexOf(":SERIAL#<");
         String nickname = id.substring(0, mindex);
         String sstr1 = id.substring(mindex);
         int lindex = sstr1.indexOf(">");
         String serialno = sstr1.substring(9, lindex);
-        String issuername = sstr1.substring(lindex+1);
+        String issuername = sstr1.substring(lindex + 1);
         jssSubSystem.deleteRootCert(nickname, serialno, issuername);
         sendResponse(SUCCESS, null, null, resp);
     }
 
     private void deleteUserCert(HttpServletRequest req,
-        HttpServletResponse resp) throws ServletException,
+            HttpServletResponse resp) throws ServletException,
             IOException, EBaseException {
 
         String id = req.getParameter(Constants.RS_ID);
         ICryptoSubsystem jssSubSystem = (ICryptoSubsystem)
-          CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO);
+                CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO);
         int mindex = id.indexOf(":SERIAL#<");
         String nickname = id.substring(0, mindex);
         String sstr1 = id.substring(mindex);
         int lindex = sstr1.indexOf(">");
         String serialno = sstr1.substring(9, lindex);
-        String issuername = sstr1.substring(lindex+1);
+        String issuername = sstr1.substring(lindex + 1);
         jssSubSystem.deleteUserCert(nickname, serialno, issuername);
         sendResponse(SUCCESS, null, null, resp);
     }
 
     private void getRootCerts(HttpServletRequest req,
-        HttpServletResponse resp) throws ServletException,
+            HttpServletResponse resp) throws ServletException,
             IOException, EBaseException {
         ICryptoSubsystem jssSubSystem = (ICryptoSubsystem)
-            CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO);
+                CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO);
         NameValuePairs pairs = jssSubSystem.getRootCerts();
 
         sendResponse(SUCCESS, null, pairs, resp);
     }
 
     private void getAllCertsManage(HttpServletRequest req,
-        HttpServletResponse resp) throws ServletException,
+            HttpServletResponse resp) throws ServletException,
             IOException, EBaseException {
         ICryptoSubsystem jssSubSystem = (ICryptoSubsystem)
-            CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO);
+                CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO);
         NameValuePairs pairs = jssSubSystem.getAllCertsManage();
 
         sendResponse(SUCCESS, null, pairs, resp);
     }
 
     private void getUserCerts(HttpServletRequest req,
-        HttpServletResponse resp) throws ServletException,
+            HttpServletResponse resp) throws ServletException,
             IOException, EBaseException {
         ICryptoSubsystem jssSubSystem = (ICryptoSubsystem)
-            CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO);
+                CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO);
         NameValuePairs pairs = jssSubSystem.getUserCerts();
         sendResponse(SUCCESS, null, pairs, resp);
     }
 
     private void deleteCerts(HttpServletRequest req,
-        HttpServletResponse resp) throws ServletException,
+            HttpServletResponse resp) throws ServletException,
             IOException, EBaseException {
-    	@SuppressWarnings("unchecked")
+        @SuppressWarnings("unchecked")
         Enumeration<String> enum1 = req.getParameterNames();
         ICryptoSubsystem jssSubSystem = (ICryptoSubsystem)
-            CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO);
+                CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO);
         String nickname = "";
         String date = "";
 
@@ -2862,19 +2840,19 @@ private void 	createMasterKey(HttpServletRequest req,
 
             nickname = value.substring(0, index);
             date = value.substring(index + 1);
-            // cant use this one now since jss doesnt have the interface to 
+            // cant use this one now since jss doesnt have the interface to
             // do it.
             jssSubSystem.deleteCert(nickname, date);
-            //            jssSubsystem.deleteCACert(nickname, date);
+            // jssSubsystem.deleteCACert(nickname, date);
         }
 
         sendResponse(SUCCESS, null, null, resp);
     }
 
     private void validateSubjectName(HttpServletRequest req,
-        HttpServletResponse resp) throws ServletException,
+            HttpServletResponse resp) throws ServletException,
             IOException, EBaseException {
-    	@SuppressWarnings("unchecked")
+        @SuppressWarnings("unchecked")
         Enumeration<String> enum1 = req.getParameterNames();
 
         while (enum1.hasMoreElements()) {
@@ -2883,19 +2861,19 @@ private void 	createMasterKey(HttpServletRequest req,
 
             if (key.equals(Constants.PR_SUBJECT_NAME)) {
                 ICryptoSubsystem jssSubSystem = (ICryptoSubsystem)
-                    CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO);
+                        CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO);
 
                 jssSubSystem.isX500DN(value);
             }
         }
 
         sendResponse(SUCCESS, null, null, resp);
-    } 
+    }
 
     private void validateKeyLength(HttpServletRequest req,
-        HttpServletResponse resp) throws ServletException,
+            HttpServletResponse resp) throws ServletException,
             IOException, EBaseException {
-    	@SuppressWarnings("unchecked")
+        @SuppressWarnings("unchecked")
         Enumeration<String> enum1 = req.getParameterNames();
         String keyType = "RSA";
         String keyLen = "512";
@@ -2917,16 +2895,16 @@ private void 	createMasterKey(HttpServletRequest req,
         int minKey = mConfig.getInteger(
                 ConfigConstants.PR_RSA_MIN_KEYLENGTH, 512);
         ICryptoSubsystem jssSubSystem = (ICryptoSubsystem)
-            CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO);
+                CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO);
 
         // jssSubSystem.checkKeyLength(keyType, keyLength, certType, minKey);
         sendResponse(SUCCESS, null, null, resp);
     }
 
     private void validateCurveName(HttpServletRequest req,
-        HttpServletResponse resp) throws ServletException,
+            HttpServletResponse resp) throws ServletException,
             IOException, EBaseException {
-    	@SuppressWarnings("unchecked")
+        @SuppressWarnings("unchecked")
         Enumeration<String> enum1 = req.getParameterNames();
         String curveName = null;
 
@@ -2942,7 +2920,7 @@ private void 	createMasterKey(HttpServletRequest req,
         String curveList = mConfig.getString("keys.ecc.curve.list", "nistp521");
         String[] curves = curveList.split(",");
         boolean match = false;
-        for (int i=0; i<curves.length; i++) {
+        for (int i = 0; i < curves.length; i++) {
             if (curves[i].equals(curveName)) {
                 match = true;
             }
@@ -2955,9 +2933,9 @@ private void 	createMasterKey(HttpServletRequest req,
     }
 
     private void validateCertExtension(HttpServletRequest req,
-        HttpServletResponse resp) throws ServletException,
+            HttpServletResponse resp) throws ServletException,
             IOException, EBaseException {
-    	@SuppressWarnings("unchecked")
+        @SuppressWarnings("unchecked")
         Enumeration<String> enum1 = req.getParameterNames();
         String certExt = "";
 
@@ -2972,19 +2950,19 @@ private void 	createMasterKey(HttpServletRequest req,
         }
 
         ICryptoSubsystem jssSubSystem = (ICryptoSubsystem)
-            CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO);
+                CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO);
 
         jssSubSystem.checkCertificateExt(certExt);
         sendResponse(SUCCESS, null, null, resp);
     }
 
     private void getSubjectName(HttpServletRequest req,
-        HttpServletResponse resp) throws ServletException,
+            HttpServletResponse resp) throws ServletException,
             IOException, EBaseException {
         NameValuePairs params = new NameValuePairs();
         @SuppressWarnings("unchecked")
         Enumeration<String> enum1 = req.getParameterNames();
- 
+
         String nickname = "";
         String keyType = "RSA";
         String keyLen = "512";
@@ -3003,7 +2981,7 @@ private void 	createMasterKey(HttpServletRequest req,
         }
 
         ICryptoSubsystem jssSubSystem = (ICryptoSubsystem)
-            CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO);
+                CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO);
         String subjectName = jssSubSystem.getSubjectDN(nickname);
 
         params.add(Constants.PR_SUBJECT_NAME, subjectName);
@@ -3011,7 +2989,7 @@ private void 	createMasterKey(HttpServletRequest req,
     }
 
     private void processSubjectName(HttpServletRequest req,
-        HttpServletResponse resp) throws ServletException,
+            HttpServletResponse resp) throws ServletException,
             IOException, EBaseException {
         NameValuePairs params = new NameValuePairs();
         @SuppressWarnings("unchecked")
@@ -3033,7 +3011,7 @@ private void 	createMasterKey(HttpServletRequest req,
         }
 
         ICryptoSubsystem jssSubSystem = (ICryptoSubsystem)
-            CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO);
+                CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO);
         String subjectName = jssSubSystem.getSubjectDN(nickname);
 
         params.add(Constants.PR_SUBJECT_NAME, subjectName);
@@ -3041,7 +3019,7 @@ private void 	createMasterKey(HttpServletRequest req,
     }
 
     public void setRootCertTrust(HttpServletRequest req,
-        HttpServletResponse resp) throws ServletException,
+            HttpServletResponse resp) throws ServletException,
             IOException, EBaseException {
         String auditMessage = null;
         String auditSubjectID = auditSubjectID();
@@ -3053,10 +3031,10 @@ private void 	createMasterKey(HttpServletRequest req,
         CMS.debug("CMSAdminServlet: setRootCertTrust()");
 
         ICryptoSubsystem jssSubSystem = (ICryptoSubsystem)
-            CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO);
+                CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO);
         try {
             jssSubSystem.setRootCertTrust(nickname, serialno, issuername, trust);
-        } catch  (EBaseException e) {
+        } catch (EBaseException e) {
             auditMessage = CMS.getLogMessage(
                         LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY,
                         auditSubjectID,
@@ -3083,18 +3061,19 @@ private void 	createMasterKey(HttpServletRequest req,
     /**
      * Establish trust of a CA certificate
      * <P>
-     *
+     * 
      * <ul>
      * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY used when
-     * "Manage Certificate" is used to edit the trustness of certs and
-     * deletion of certs
+     * "Manage Certificate" is used to edit the trustness of certs and deletion
+     * of certs
      * </ul>
+     * 
      * @exception ServletException a servlet error has occurred
      * @exception IOException an input/output error has occurred
      * @exception EBaseException failed to establish CA certificate trust
      */
     private void trustCACert(HttpServletRequest req,
-        HttpServletResponse resp) throws ServletException,
+            HttpServletResponse resp) throws ServletException,
             IOException, EBaseException {
         String auditMessage = null;
         String auditSubjectID = auditSubjectID();
@@ -3104,10 +3083,10 @@ private void 	createMasterKey(HttpServletRequest req,
         // ensure that any low-level exceptions are reported
         // to the signed audit log and stored as failures
         try {
-        	@SuppressWarnings("unchecked")
+            @SuppressWarnings("unchecked")
             Enumeration<String> enum1 = req.getParameterNames();
             ICryptoSubsystem jssSubSystem = (ICryptoSubsystem)
-                CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO);
+                    CMS.getSubsystem(CMS.SUBSYSTEM_CRYPTO);
             String trust = "";
 
             while (enum1.hasMoreElements()) {
@@ -3134,7 +3113,7 @@ private void 	createMasterKey(HttpServletRequest req,
 
             audit(auditMessage);
 
-            //sendResponse(SUCCESS, null, null, resp);
+            // sendResponse(SUCCESS, null, null, resp);
             sendResponse(RESTART, null, null, resp);
         } catch (EBaseException eAudit1) {
             // store a message in the signed audit log file
@@ -3160,41 +3139,42 @@ private void 	createMasterKey(HttpServletRequest req,
 
             // rethrow the specific exception to be handled later
             throw eAudit2;
-    // } catch( ServletException eAudit3 ) {
-    //     // store a message in the signed audit log file
-    //     auditMessage = CMS.getLogMessage(
-    //                        LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY,
-    //                        auditSubjectID,
-    //                        ILogger.FAILURE,
-    //                        auditParams( req ) );
-    //
-    //     audit( auditMessage );
-    //
-    //     // rethrow the specific exception to be handled later
-    //     throw eAudit3;
-       }
+            // } catch( ServletException eAudit3 ) {
+            // // store a message in the signed audit log file
+            // auditMessage = CMS.getLogMessage(
+            // LOGGING_SIGNED_AUDIT_CONFIG_TRUSTED_PUBLIC_KEY,
+            // auditSubjectID,
+            // ILogger.FAILURE,
+            // auditParams( req ) );
+            //
+            // audit( auditMessage );
+            //
+            // // rethrow the specific exception to be handled later
+            // throw eAudit3;
+        }
     }
 
     /**
      * Execute all self tests specified to be run on demand.
      * <P>
-     *
+     * 
      * <ul>
      * <li>signed.audit LOGGING_SIGNED_AUDIT_SELFTESTS_EXECUTION used when self
      * tests are run on demand
      * </ul>
-     * @exception EMissingSelfTestException a self test plugin instance
-     * property name was missing
+     * 
+     * @exception EMissingSelfTestException a self test plugin instance property
+     *                name was missing
      * @exception ESelfTestException a self test is missing a required
-     * configuration parameter
+     *                configuration parameter
      * @exception IOException an input/output error has occurred
      */
     private synchronized void
-    runSelfTestsOnDemand(HttpServletRequest req,
-        HttpServletResponse resp)
-        throws EMissingSelfTestException,
-            ESelfTestException,
-            IOException {
+            runSelfTestsOnDemand(HttpServletRequest req,
+                    HttpServletResponse resp)
+                    throws EMissingSelfTestException,
+                    ESelfTestException,
+                    IOException {
         String auditMessage = null;
         String auditSubjectID = auditSubjectID();
 
@@ -3203,7 +3183,7 @@ private void 	createMasterKey(HttpServletRequest req,
         try {
             if (CMS.debugOn()) {
                 CMS.debug("CMSAdminServlet::runSelfTestsOnDemand():"
-                    + "  ENTERING . . .");
+                        + "  ENTERING . . .");
             }
             @SuppressWarnings("unchecked")
             Enumeration<String> enum1 = req.getParameterNames();
@@ -3224,10 +3204,10 @@ private void 	createMasterKey(HttpServletRequest req,
             }
 
             ISelfTestSubsystem mSelfTestSubsystem = (ISelfTestSubsystem)
-                CMS.getSubsystem(CMS.SUBSYSTEM_SELFTESTS);
+                    CMS.getSubsystem(CMS.SUBSYSTEM_SELFTESTS);
 
             if ((request == null) ||
-                (request.equals(""))) {
+                    (request.equals(""))) {
                 // self test plugin run on demand request parameter was missing
                 // log the error
                 logMessage = CMS.getLogMessage("SELFTESTS_RUN_ON_DEMAND_REQUEST",
@@ -3236,7 +3216,7 @@ private void 	createMasterKey(HttpServletRequest req,
                         );
 
                 mSelfTestSubsystem.log(mSelfTestSubsystem.getSelfTestLogger(),
-                    logMessage);
+                        logMessage);
 
                 // store a message in the signed audit log file
                 auditMessage = CMS.getLogMessage(
@@ -3264,7 +3244,7 @@ private void 	createMasterKey(HttpServletRequest req,
                             getServletInfo());
 
                 mSelfTestSubsystem.log(mSelfTestSubsystem.getSelfTestLogger(),
-                    logMessage);
+                        logMessage);
 
                 // store this information for console notification
                 content += logMessage
@@ -3288,8 +3268,8 @@ private void 	createMasterKey(HttpServletRequest req,
                                     getServletInfo());
 
                         mSelfTestSubsystem.log(
-                            mSelfTestSubsystem.getSelfTestLogger(),
-                            logMessage);
+                                mSelfTestSubsystem.getSelfTestLogger(),
+                                logMessage);
 
                         // store a message in the signed audit log file
                         auditMessage = CMS.getLogMessage(
@@ -3309,18 +3289,19 @@ private void 	createMasterKey(HttpServletRequest req,
                     }
 
                     ISelfTest test = (ISelfTest)
-                        mSelfTestSubsystem.getSelfTest(instanceName);
+                            mSelfTestSubsystem.getSelfTest(instanceName);
 
                     if (test == null) {
-                        // self test plugin instance property name is not present
+                        // self test plugin instance property name is not
+                        // present
                         // log the error
                         logMessage = CMS.getLogMessage("SELFTESTS_MISSING_NAME",
                                     getServletInfo(),
                                     instanceFullName);
 
                         mSelfTestSubsystem.log(
-                            mSelfTestSubsystem.getSelfTestLogger(),
-                            logMessage);
+                                mSelfTestSubsystem.getSelfTestLogger(),
+                                logMessage);
 
                         // store a message in the signed audit log file
                         auditMessage = CMS.getLogMessage(
@@ -3342,9 +3323,9 @@ private void 	createMasterKey(HttpServletRequest req,
                     try {
                         if (CMS.debugOn()) {
                             CMS.debug("CMSAdminServlet::runSelfTestsOnDemand():"
-                                + "    running \""
-                                + test.getSelfTestName()
-                                + "\"");
+                                    + "    running \""
+                                    + test.getSelfTestName()
+                                    + "\"");
                         }
 
                         // store this information for console notification
@@ -3368,8 +3349,8 @@ private void 	createMasterKey(HttpServletRequest req,
                                         instanceFullName);
 
                             mSelfTestSubsystem.log(
-                                mSelfTestSubsystem.getSelfTestLogger(),
-                                logMessage);
+                                    mSelfTestSubsystem.getSelfTestLogger(),
+                                    logMessage);
 
                             // store a message in the signed audit log file
                             auditMessage = CMS.getLogMessage(
@@ -3401,7 +3382,7 @@ private void 	createMasterKey(HttpServletRequest req,
                 logMessage = CMS.getLogMessage("SELFTESTS_RUN_ON_DEMAND_SUCCEEDED",
                             getServletInfo());
                 mSelfTestSubsystem.log(mSelfTestSubsystem.getSelfTestLogger(),
-                    logMessage);
+                        logMessage);
 
                 // store this information for console notification
                 content += logMessage
@@ -3412,7 +3393,7 @@ private void 	createMasterKey(HttpServletRequest req,
                             getServletInfo());
 
                 mSelfTestSubsystem.log(mSelfTestSubsystem.getSelfTestLogger(),
-                    logMessage);
+                        logMessage);
 
                 // store this information for console notification
                 content += logMessage
@@ -3429,14 +3410,14 @@ private void 	createMasterKey(HttpServletRequest req,
 
             // notify console of SUCCESS
             results.add(Constants.PR_RUN_SELFTESTS_ON_DEMAND_CLASS,
-                CMSAdminServlet.class.getName());
+                    CMSAdminServlet.class.getName());
             results.add(Constants.PR_RUN_SELFTESTS_ON_DEMAND_CONTENT,
-                content);
+                    content);
             sendResponse(SUCCESS, null, results, resp);
 
             if (CMS.debugOn()) {
                 CMS.debug("CMSAdminServlet::runSelfTestsOnDemand():"
-                    + "  EXITING.");
+                        + "  EXITING.");
             }
         } catch (EMissingSelfTestException eAudit1) {
             // store a message in the signed audit log file
@@ -3475,16 +3456,16 @@ private void 	createMasterKey(HttpServletRequest req,
     }
 
     public void log(int level, String msg) {
-        mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER, level, "CMSAdminServlet: " + msg); 
+        mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER, level, "CMSAdminServlet: " + msg);
     }
 
     /**
      * Signed Audit Log Public Key
-     *
+     * 
      * This method is called to obtain the public key from the passed in
      * "KeyPair" object for a signed audit log message.
      * <P>
-     *
+     * 
      * @param object a Key Pair Object
      * @return key string containing the public key
      */
@@ -3533,4 +3514,3 @@ private void 	createMasterKey(HttpServletRequest req,
         }
     }
 }
-
diff --git a/pki/base/common/src/com/netscape/cms/servlet/admin/JobsAdminServlet.java b/pki/base/common/src/com/netscape/cms/servlet/admin/JobsAdminServlet.java
index 7f18d94e..dffa4034 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/admin/JobsAdminServlet.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/admin/JobsAdminServlet.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.servlet.admin;
 
-
 import java.io.IOException;
 import java.util.Enumeration;
 import java.util.Locale;
@@ -42,10 +41,9 @@ import com.netscape.certsrv.jobs.IJobsScheduler;
 import com.netscape.certsrv.jobs.JobPlugin;
 import com.netscape.certsrv.logging.ILogger;
 
-
 /**
- * A class representing an administration servlet for the
- * Jobs Scheduler and it's scheduled jobs.
+ * A class representing an administration servlet for the Jobs Scheduler and
+ * it's scheduled jobs.
  * 
  * @version $Revision$, $Date$
  */
@@ -82,16 +80,16 @@ public class JobsAdminServlet extends AdminServlet {
     /**
      * Returns serlvet information.
      */
-    public String getServletInfo() { 
-        return INFO; 
+    public String getServletInfo() {
+        return INFO;
     }
 
-    /** 
-     * retrieve extended plugin info such as brief description, type info
-     * from jobs
+    /**
+     * retrieve extended plugin info such as brief description, type info from
+     * jobs
      */
     private void getExtendedPluginInfo(HttpServletRequest req,
-        HttpServletResponse resp) throws ServletException,
+            HttpServletResponse resp) throws ServletException,
             IOException, EBaseException {
         String id = req.getParameter(Constants.RS_ID);
 
@@ -100,8 +98,8 @@ public class JobsAdminServlet extends AdminServlet {
         String implType = id.substring(0, colon);
         String implName = id.substring(colon + 1);
 
-        NameValuePairs params = 
-            getExtendedPluginInfo(getLocale(req), implType, implName);
+        NameValuePairs params =
+                getExtendedPluginInfo(getLocale(req), implType, implName);
 
         sendResponse(SUCCESS, null, params, resp);
     }
@@ -111,7 +109,7 @@ public class JobsAdminServlet extends AdminServlet {
         Object impl = null;
 
         JobPlugin jp =
-            (JobPlugin) mJobsSched.getPlugins().get(implName);
+                (JobPlugin) mJobsSched.getPlugins().get(implName);
 
         if (jp != null)
             impl = getClassByNameAsExtendedPluginInfo(jp.getClassPath());
@@ -137,25 +135,25 @@ public class JobsAdminServlet extends AdminServlet {
      * Serves HTTP admin request.
      */
     public void service(HttpServletRequest req, HttpServletResponse resp)
-        throws ServletException, IOException {
+            throws ServletException, IOException {
         super.service(req, resp);
 
         String scope = req.getParameter(Constants.OP_SCOPE);
         String op = req.getParameter(Constants.OP_TYPE);
 
         if (op == null) {
-            //System.out.println("SRVLT_INVALID_PROTOCOL");
-            sendResponse(ERROR, 
-                CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_PROTOCOL"),
-                null, resp);
+            // System.out.println("SRVLT_INVALID_PROTOCOL");
+            sendResponse(ERROR,
+                    CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_PROTOCOL"),
+                    null, resp);
             return;
         }
 
         try {
             super.authenticate(req);
         } catch (IOException e) {
-            sendResponse(ERROR,CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHS_FAILED"), 
-                null, resp);
+            sendResponse(ERROR, CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHS_FAILED"),
+                    null, resp);
             return;
         }
 
@@ -165,8 +163,8 @@ public class JobsAdminServlet extends AdminServlet {
                 mOp = "read";
                 if ((mToken = super.authorize(req)) == null) {
                     sendResponse(ERROR,
-                        CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
-                        null, resp);
+                            CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
+                            null, resp);
                     return;
                 }
                 if (scope.equals(ScopeDef.SC_JOBS))
@@ -174,27 +172,27 @@ public class JobsAdminServlet extends AdminServlet {
                 else if (scope.equals(ScopeDef.SC_JOBS_IMPLS))
                     getConfig(req, resp);
                 else if (scope.equals(ScopeDef.SC_JOBS_INSTANCE))
-                    getInstConfig(req, resp); 
+                    getInstConfig(req, resp);
                 else if (scope.equals(ScopeDef.SC_EXTENDED_PLUGIN_INFO)) {
-                    try { 
-                      getExtendedPluginInfo(req, resp); 
-                    } catch (EBaseException e) { 
-                      sendResponse(ERROR, e.toString(getLocale(req)), null, resp); 
-                      return; 
+                    try {
+                        getExtendedPluginInfo(req, resp);
+                    } catch (EBaseException e) {
+                        sendResponse(ERROR, e.toString(getLocale(req)), null, resp);
+                        return;
                     }
                 } else {
-                    //System.out.println("SRVLT_INVALID_OP_SCOPE");
-                    sendResponse(ERROR, 
-                        CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"),
-                        null, resp);
+                    // System.out.println("SRVLT_INVALID_OP_SCOPE");
+                    sendResponse(ERROR,
+                            CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"),
+                            null, resp);
                     return;
                 }
             } else if (op.equals(OpDef.OP_MODIFY)) {
                 mOp = "modify";
                 if ((mToken = super.authorize(req)) == null) {
                     sendResponse(ERROR,
-                        CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
-                        null, resp);
+                            CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
+                            null, resp);
                     return;
                 }
                 if (scope.equals(ScopeDef.SC_JOBS)) {
@@ -202,17 +200,17 @@ public class JobsAdminServlet extends AdminServlet {
                 } else if (scope.equals(ScopeDef.SC_JOBS_INSTANCE)) {
                     modJobsInst(req, resp, scope);
                 } else {
-                    sendResponse(ERROR, 
-                        CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"),
-                        null, resp);
+                    sendResponse(ERROR,
+                            CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"),
+                            null, resp);
                     return;
                 }
             } else if (op.equals(OpDef.OP_SEARCH)) {
                 mOp = "read";
                 if ((mToken = super.authorize(req)) == null) {
                     sendResponse(ERROR,
-                        CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
-                        null, resp);
+                            CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
+                            null, resp);
                     return;
                 }
                 if (scope.equals(ScopeDef.SC_JOBS_IMPLS))
@@ -220,18 +218,18 @@ public class JobsAdminServlet extends AdminServlet {
                 else if (scope.equals(ScopeDef.SC_JOBS_INSTANCE))
                     listJobsInsts(req, resp);
                 else {
-                    //System.out.println("SRVLT_INVALID_OP_SCOPE");
-                    sendResponse(ERROR, 
-                        CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"),
-                        null, resp);
+                    // System.out.println("SRVLT_INVALID_OP_SCOPE");
+                    sendResponse(ERROR,
+                            CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"),
+                            null, resp);
                     return;
                 }
             } else if (op.equals(OpDef.OP_ADD)) {
                 mOp = "modify";
                 if ((mToken = super.authorize(req)) == null) {
                     sendResponse(ERROR,
-                        CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
-                        null, resp);
+                            CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
+                            null, resp);
                     return;
                 }
                 if (scope.equals(ScopeDef.SC_JOBS_IMPLS))
@@ -239,18 +237,18 @@ public class JobsAdminServlet extends AdminServlet {
                 else if (scope.equals(ScopeDef.SC_JOBS_INSTANCE))
                     addJobsInst(req, resp, scope);
                 else {
-                    //System.out.println("SRVLT_INVALID_OP_SCOPE");
-                    sendResponse(ERROR, 
-                        CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"),
-                        null, resp);
+                    // System.out.println("SRVLT_INVALID_OP_SCOPE");
+                    sendResponse(ERROR,
+                            CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"),
+                            null, resp);
                     return;
                 }
             } else if (op.equals(OpDef.OP_DELETE)) {
                 mOp = "modify";
                 if ((mToken = super.authorize(req)) == null) {
                     sendResponse(ERROR,
-                        CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
-                        null, resp);
+                            CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
+                            null, resp);
                     return;
                 }
                 if (scope.equals(ScopeDef.SC_JOBS_IMPLS))
@@ -258,42 +256,42 @@ public class JobsAdminServlet extends AdminServlet {
                 else if (scope.equals(ScopeDef.SC_JOBS_INSTANCE))
                     delJobsInst(req, resp, scope);
                 else {
-                    //System.out.println("SRVLT_INVALID_OP_SCOPE");
-                    sendResponse(ERROR, 
-                        CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"),
-                        null, resp);
+                    // System.out.println("SRVLT_INVALID_OP_SCOPE");
+                    sendResponse(ERROR,
+                            CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"),
+                            null, resp);
                     return;
                 }
             } else {
                 sendResponse(ERROR,
-                    CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_TYPE", op),
-                    null, resp);
+                        CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_TYPE", op),
+                        null, resp);
                 return;
             }
         } catch (EBaseException e) {
             sendResponse(ERROR, e.toString(getLocale(req)), null, resp);
             return;
-        } 
+        }
     }
 
-    private synchronized void addJobPlugin(HttpServletRequest req, 
-        HttpServletResponse resp, String scope)
-        throws ServletException, IOException, EBaseException {
+    private synchronized void addJobPlugin(HttpServletRequest req,
+            HttpServletResponse resp, String scope)
+            throws ServletException, IOException, EBaseException {
 
         String id = req.getParameter(Constants.RS_ID);
 
         if (id == null) {
-            //System.out.println("SRVLT_NULL_RS_ID");
+            // System.out.println("SRVLT_NULL_RS_ID");
             sendResponse(ERROR,
-                CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
-                null, resp);
+                    CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
+                    null, resp);
             return;
         }
         // is the job plugin id unique?
         if (mJobsSched.getPlugins().containsKey((Object) id)) {
             sendResponse(ERROR,
-                new EJobsException(CMS.getUserMessage(getLocale(req),"CMS_JOB_SRVLT_ILL_JOB_PLUGIN_ID", id)).toString(),
-                null, resp);
+                    new EJobsException(CMS.getUserMessage(getLocale(req), "CMS_JOB_SRVLT_ILL_JOB_PLUGIN_ID", id)).toString(),
+                    null, resp);
             return;
         }
 
@@ -301,15 +299,15 @@ public class JobsAdminServlet extends AdminServlet {
 
         if (classPath == null) {
             sendResponse(ERROR,
-                    CMS.getUserMessage(getLocale(req),"CMS_JOB_SRVLT_NULL_CLASS"),
-                null, resp);
+                    CMS.getUserMessage(getLocale(req), "CMS_JOB_SRVLT_NULL_CLASS"),
+                    null, resp);
             return;
         }
 
         IConfigStore destStore =
-            mConfig.getSubStore(DestDef.DEST_JOBS_ADMIN);
+                mConfig.getSubStore(DestDef.DEST_JOBS_ADMIN);
         IConfigStore instancesConfig =
-            destStore.getSubStore(scope);
+                destStore.getSubStore(scope);
 
         // Does the class exist?
         Class newImpl = null;
@@ -318,13 +316,13 @@ public class JobsAdminServlet extends AdminServlet {
             newImpl = Class.forName(classPath);
         } catch (ClassNotFoundException e) {
             sendResponse(ERROR,
-                    CMS.getUserMessage(getLocale(req),"CMS_JOB_SRVLT_NO_CLASS"),
-                null, resp);
+                    CMS.getUserMessage(getLocale(req), "CMS_JOB_SRVLT_NO_CLASS"),
+                    null, resp);
             return;
         } catch (IllegalArgumentException e) {
             sendResponse(ERROR,
-                    CMS.getUserMessage(getLocale(req),"CMS_JOB_SRVLT_NO_CLASS"),
-                null, resp);
+                    CMS.getUserMessage(getLocale(req), "CMS_JOB_SRVLT_NO_CLASS"),
+                    null, resp);
             return;
         }
 
@@ -332,14 +330,14 @@ public class JobsAdminServlet extends AdminServlet {
         try {
             if (IJob.class.isAssignableFrom(newImpl) == false) {
                 sendResponse(ERROR,
-                        CMS.getUserMessage(getLocale(req),"CMS_JOB_SRVLT_ILL_CLASS"),
-                    null, resp);
+                        CMS.getUserMessage(getLocale(req), "CMS_JOB_SRVLT_ILL_CLASS"),
+                        null, resp);
                 return;
             }
         } catch (NullPointerException e) { // unlikely, only if newImpl null.
             sendResponse(ERROR,
-                    CMS.getUserMessage(getLocale(req),"CMS_JOB_SRVLT_ILL_CLASS"),
-                null, resp);
+                    CMS.getUserMessage(getLocale(req), "CMS_JOB_SRVLT_ILL_CLASS"),
+                    null, resp);
             return;
         }
 
@@ -351,10 +349,10 @@ public class JobsAdminServlet extends AdminServlet {
         try {
             mConfig.commit(true);
         } catch (EBaseException e) {
-            //System.out.println("SRVLT_FAIL_COMMIT");
+            // System.out.println("SRVLT_FAIL_COMMIT");
             sendResponse(ERROR,
-                CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"),
-                null, resp);
+                    CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"),
+                    null, resp);
             return;
         }
 
@@ -362,8 +360,8 @@ public class JobsAdminServlet extends AdminServlet {
         JobPlugin plugin = new JobPlugin(id, classPath);
 
         mJobsSched.getPlugins().put(id, plugin);
-        mJobsSched.log(ILogger.LL_INFO, 
-            CMS.getLogMessage("ADMIN_SRVLT_JS_PLUGIN_ADD", id));
+        mJobsSched.log(ILogger.LL_INFO,
+                CMS.getLogMessage("ADMIN_SRVLT_JS_PLUGIN_ADD", id));
 
         NameValuePairs params = new NameValuePairs();
 
@@ -371,24 +369,24 @@ public class JobsAdminServlet extends AdminServlet {
         return;
     }
 
-    private synchronized void addJobsInst(HttpServletRequest req, 
-        HttpServletResponse resp, String scope)
-        throws ServletException, IOException, EBaseException {
+    private synchronized void addJobsInst(HttpServletRequest req,
+            HttpServletResponse resp, String scope)
+            throws ServletException, IOException, EBaseException {
 
         String id = req.getParameter(Constants.RS_ID);
 
         if (id == null) {
             sendResponse(ERROR,
-                CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
-                null, resp);
+                    CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
+                    null, resp);
             return;
         }
 
         // is the job instance id unique?
         if (mJobsSched.getInstances().containsKey((Object) id)) {
             sendResponse(ERROR,
-                    CMS.getUserMessage(getLocale(req),"CMS_JOB_SRVLT_ILL_JOB_INST_ID"),
-                null, resp);
+                    CMS.getUserMessage(getLocale(req), "CMS_JOB_SRVLT_ILL_JOB_INST_ID"),
+                    null, resp);
             return;
         }
 
@@ -399,21 +397,21 @@ public class JobsAdminServlet extends AdminServlet {
 
         if (implname == null) {
             sendResponse(ERROR,
-                    CMS.getUserMessage(getLocale(req),"CMS_JOB_SRVLT_ADD_MISSING_PARAMS"),
-                null, resp);
+                    CMS.getUserMessage(getLocale(req), "CMS_JOB_SRVLT_ADD_MISSING_PARAMS"),
+                    null, resp);
             return;
         }
 
         // check if implementation exists.
         JobPlugin plugin =
-            (JobPlugin) mJobsSched.getPlugins().get(implname);
+                (JobPlugin) mJobsSched.getPlugins().get(implname);
 
         if (plugin == null) {
             sendResponse(ERROR,
-                new
-                EJobsException(CMS.getUserMessage(getLocale(req),"CMS_JOB_SRVLT_JOB_PLUGIN_NOT_FOUND",
-                    id)).toString(),
-                null, resp);
+                    new
+                    EJobsException(CMS.getUserMessage(getLocale(req), "CMS_JOB_SRVLT_JOB_PLUGIN_NOT_FOUND",
+                            id)).toString(),
+                    null, resp);
             return;
         }
 
@@ -423,9 +421,9 @@ public class JobsAdminServlet extends AdminServlet {
         String[] configParams = mJobsSched.getConfigParams(implname);
 
         IConfigStore destStore =
-            mConfig.getSubStore(DestDef.DEST_JOBS_ADMIN);
+                mConfig.getSubStore(DestDef.DEST_JOBS_ADMIN);
         IConfigStore instancesConfig =
-            destStore.getSubStore(scope);
+                destStore.getSubStore(scope);
         IConfigStore substore = instancesConfig.makeSubStore(id);
 
         if (configParams != null) {
@@ -437,10 +435,10 @@ public class JobsAdminServlet extends AdminServlet {
                     substore.put(key, val);
                 } else if (!key.equals("profileId")) {
                     sendResponse(ERROR,
-                        new
-                        EJobsException(CMS.getUserMessage(getLocale(req),"CMS_JOB_SRVLT_MISSING_INST_PARAM_VAL",
-                            key)).toString(),
-                        null, resp);
+                            new
+                            EJobsException(CMS.getUserMessage(getLocale(req), "CMS_JOB_SRVLT_MISSING_INST_PARAM_VAL",
+                                    key)).toString(),
+                            null, resp);
                     return;
                 }
             }
@@ -458,28 +456,28 @@ public class JobsAdminServlet extends AdminServlet {
             // cleanup
             instancesConfig.removeSubStore(id);
             sendResponse(ERROR,
-                new EJobsException(
-                  CMS.getUserMessage(getLocale(req),"CMS_JOB_LOAD_CLASS_FAILED", className)).toString(),
-                null, resp);
+                    new EJobsException(
+                            CMS.getUserMessage(getLocale(req), "CMS_JOB_LOAD_CLASS_FAILED", className)).toString(),
+                    null, resp);
             return;
         } catch (InstantiationException e) {
             instancesConfig.removeSubStore(id);
             sendResponse(ERROR,
-                new EJobsException(
-                  CMS.getUserMessage(getLocale(req),"CMS_JOB_LOAD_CLASS_FAILED", className)).toString(),
-                null, resp);
+                    new EJobsException(
+                            CMS.getUserMessage(getLocale(req), "CMS_JOB_LOAD_CLASS_FAILED", className)).toString(),
+                    null, resp);
             return;
         } catch (IllegalAccessException e) {
             instancesConfig.removeSubStore(id);
             sendResponse(ERROR,
-                new EJobsException(
-                  CMS.getUserMessage(getLocale(req),"CMS_JOB_LOAD_CLASS_FAILED", className)).toString(),
-                null, resp);
+                    new EJobsException(
+                            CMS.getUserMessage(getLocale(req), "CMS_JOB_LOAD_CLASS_FAILED", className)).toString(),
+                    null, resp);
             return;
         }
-		
+
         IJobsScheduler scheduler = (IJobsScheduler)
-            CMS.getSubsystem(CMS.SUBSYSTEM_JOBS);
+                CMS.getSubsystem(CMS.SUBSYSTEM_JOBS);
 
         // initialize the job plugin
         try {
@@ -498,16 +496,16 @@ public class JobsAdminServlet extends AdminServlet {
             // clean up.
             instancesConfig.removeSubStore(id);
             sendResponse(ERROR,
-                CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"),
-                null, resp);
+                    CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"),
+                    null, resp);
             return;
         }
 
         // inited and commited ok. now add manager instance to list.
         mJobsSched.getInstances().put(id, jobsInst);
 
-        mJobsSched.log(ILogger.LL_INFO, 
-            CMS.getLogMessage("ADMIN_SRVLT_JOB_INST_ADD", id));
+        mJobsSched.log(ILogger.LL_INFO,
+                CMS.getLogMessage("ADMIN_SRVLT_JOB_INST_ADD", id));
 
         NameValuePairs params = new NameValuePairs();
 
@@ -516,8 +514,8 @@ public class JobsAdminServlet extends AdminServlet {
         return;
     }
 
-    private synchronized void listJobPlugins(HttpServletRequest req, 
-        HttpServletResponse resp) throws ServletException, 
+    private synchronized void listJobPlugins(HttpServletRequest req,
+            HttpServletResponse resp) throws ServletException,
             IOException, EBaseException {
 
         NameValuePairs params = new NameValuePairs();
@@ -525,83 +523,81 @@ public class JobsAdminServlet extends AdminServlet {
 
         while (e.hasMoreElements()) {
             String name = (String) e.nextElement();
-            JobPlugin value = (JobPlugin) 
-                mJobsSched.getPlugins().get(name);
+            JobPlugin value = (JobPlugin)
+                    mJobsSched.getPlugins().get(name);
 
             params.add(name, value.getClassPath());
-            //				params.add(name, value.getClassPath()+EDIT);
+            // params.add(name, value.getClassPath()+EDIT);
         }
         sendResponse(SUCCESS, null, params, resp);
         return;
     }
 
-    private synchronized void listJobsInsts(HttpServletRequest req, 
-        HttpServletResponse resp) throws ServletException, 
+    private synchronized void listJobsInsts(HttpServletRequest req,
+            HttpServletResponse resp) throws ServletException,
             IOException, EBaseException {
 
         NameValuePairs params = new NameValuePairs();
 
-        for (Enumeration e = mJobsSched.getInstances().keys();
-            e.hasMoreElements();) {
+        for (Enumeration e = mJobsSched.getInstances().keys(); e.hasMoreElements();) {
             String name = (String) e.nextElement();
-            IJob value = (IJob) 
-                mJobsSched.getInstances().get((Object) name);
+            IJob value = (IJob)
+                    mJobsSched.getInstances().get((Object) name);
 
-            //				params.add(name, value.getImplName());
+            // params.add(name, value.getImplName());
             params.add(name, value.getImplName() + VISIBLE +
-                (value.isEnabled() ? ENABLED : DISABLED)
-            );
+                    (value.isEnabled() ? ENABLED : DISABLED)
+                    );
         }
         sendResponse(SUCCESS, null, params, resp);
         return;
     }
 
-    private synchronized void delJobPlugin(HttpServletRequest req, 
-        HttpServletResponse resp, String scope) throws ServletException, 
+    private synchronized void delJobPlugin(HttpServletRequest req,
+            HttpServletResponse resp, String scope) throws ServletException,
             IOException, EBaseException {
 
         NameValuePairs params = new NameValuePairs();
         String id = req.getParameter(Constants.RS_ID);
 
         if (id == null) {
-            //System.out.println("SRVLT_NULL_RS_ID");
+            // System.out.println("SRVLT_NULL_RS_ID");
             sendResponse(ERROR,
-                CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
-                null, resp);
+                    CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
+                    null, resp);
             return;
         }
 
         // does this job plugin exist?
         if (mJobsSched.getPlugins().containsKey(id) == false) {
             sendResponse(ERROR,
-                new
-                EJobsException(CMS.getUserMessage(getLocale(req),"CMS_JOB_SRVLT_JOB_PLUGIN_NOT_FOUND",
-                    id)).toString(),
-                null, resp);
+                    new
+                    EJobsException(CMS.getUserMessage(getLocale(req), "CMS_JOB_SRVLT_JOB_PLUGIN_NOT_FOUND",
+                            id)).toString(),
+                    null, resp);
             return;
         }
 
         // first check if any instances from this job plugin
         // DON'T remove job plugin if any instance
-        for (Enumeration e = mJobsSched.getInstances().elements();
-            e.hasMoreElements();) {
+        for (Enumeration e = mJobsSched.getInstances().elements(); e.hasMoreElements();) {
             IJob jobs = (IJob) e.nextElement();
 
             if ((jobs.getImplName()).equals(id)) {
                 sendResponse(ERROR,
-                        CMS.getUserMessage(getLocale(req),"CMS_JOB_SRVLT_JOB_IN_USE"),
-                    null, resp);
+                        CMS.getUserMessage(getLocale(req), "CMS_JOB_SRVLT_JOB_IN_USE"),
+                        null, resp);
                 return;
             }
         }
-		
+
         // then delete this job plugin
         mJobsSched.getPlugins().remove((Object) id);
 
         IConfigStore destStore =
-            mConfig.getSubStore(DestDef.DEST_JOBS_ADMIN);
+                mConfig.getSubStore(DestDef.DEST_JOBS_ADMIN);
         IConfigStore instancesConfig =
-            destStore.getSubStore(scope);
+                destStore.getSubStore(scope);
 
         instancesConfig.removeSubStore(id);
         // commiting
@@ -609,8 +605,8 @@ public class JobsAdminServlet extends AdminServlet {
             mConfig.commit(true);
         } catch (EBaseException e) {
             sendResponse(ERROR,
-                CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"),
-                null, resp);
+                    CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"),
+                    null, resp);
             return;
         }
 
@@ -618,52 +614,52 @@ public class JobsAdminServlet extends AdminServlet {
         return;
     }
 
-    private synchronized void delJobsInst(HttpServletRequest req, 
-        HttpServletResponse resp, String scope) throws ServletException, 
+    private synchronized void delJobsInst(HttpServletRequest req,
+            HttpServletResponse resp, String scope) throws ServletException,
             IOException, EBaseException {
 
         NameValuePairs params = new NameValuePairs();
         String id = req.getParameter(Constants.RS_ID);
 
         if (id == null) {
-            //System.out.println("SRVLT_NULL_RS_ID");
+            // System.out.println("SRVLT_NULL_RS_ID");
             sendResponse(ERROR,
-                CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
-                null, resp);
+                    CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
+                    null, resp);
             return;
         }
 
         // does job plugin instance exist?
         if (mJobsSched.getInstances().containsKey(id) == false) {
             sendResponse(ERROR,
-                new EJobsException(CMS.getUserMessage(getLocale(req),"CMS_JOB_SRVLT_JOB_NOT_FOUND",
-                    id)).toString(),
-                null, resp);
+                    new EJobsException(CMS.getUserMessage(getLocale(req), "CMS_JOB_SRVLT_JOB_NOT_FOUND",
+                            id)).toString(),
+                    null, resp);
             return;
         }
 
         // only remove from memory
         // cannot shutdown because we don't keep track of whether it's
-        // being used. 
+        // being used.
         IJob jobInst = (IJob) mJobsSched.getInstances().get(id);
 
         mJobsSched.getInstances().remove((Object) id);
 
         // remove the configuration.
         IConfigStore destStore =
-            mConfig.getSubStore(DestDef.DEST_JOBS_ADMIN);
+                mConfig.getSubStore(DestDef.DEST_JOBS_ADMIN);
         IConfigStore instancesConfig =
-            destStore.getSubStore(scope);
+                destStore.getSubStore(scope);
 
         instancesConfig.removeSubStore(id);
         // commiting
         try {
             mConfig.commit(true);
         } catch (EBaseException e) {
-            //System.out.println("SRVLT_FAIL_COMMIT");
+            // System.out.println("SRVLT_FAIL_COMMIT");
             sendResponse(ERROR,
-                CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"),
-                null, resp);
+                    CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"),
+                    null, resp);
             return;
         }
 
@@ -672,25 +668,24 @@ public class JobsAdminServlet extends AdminServlet {
     }
 
     /**
-     * used for getting the required configuration parameters (with
-     *	 possible default values) for a particular job plugin
-     * implementation name specified in the RS_ID.  Actually, there is
-     *	 no logic in here to set any default value here...there's no
-     *	 default value for any parameter in this job scheduler subsystem
-     *	 at this point.  Later, if we do have one (or some), it can be
-     *	 added.  The interface remains the same.
+     * used for getting the required configuration parameters (with possible
+     * default values) for a particular job plugin implementation name specified
+     * in the RS_ID. Actually, there is no logic in here to set any default
+     * value here...there's no default value for any parameter in this job
+     * scheduler subsystem at this point. Later, if we do have one (or some), it
+     * can be added. The interface remains the same.
      */
-    private synchronized void getConfig(HttpServletRequest req, 
-        HttpServletResponse resp)
-        throws ServletException, IOException, EBaseException {
+    private synchronized void getConfig(HttpServletRequest req,
+            HttpServletResponse resp)
+            throws ServletException, IOException, EBaseException {
 
         String implname = req.getParameter(Constants.RS_ID);
 
         if (implname == null) {
-            //System.out.println("SRVLT_NULL_RS_ID");
+            // System.out.println("SRVLT_NULL_RS_ID");
             sendResponse(ERROR,
-                CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
-                null, resp);
+                    CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
+                    null, resp);
             return;
         }
 
@@ -708,25 +703,25 @@ public class JobsAdminServlet extends AdminServlet {
         return;
     }
 
-    private synchronized void getInstConfig(HttpServletRequest req, 
-        HttpServletResponse resp) throws ServletException, 
+    private synchronized void getInstConfig(HttpServletRequest req,
+            HttpServletResponse resp) throws ServletException,
             IOException, EBaseException {
         String id = req.getParameter(Constants.RS_ID);
 
         if (id == null) {
-            //System.out.println("SRVLT_NULL_RS_ID");
+            // System.out.println("SRVLT_NULL_RS_ID");
             sendResponse(ERROR,
-                CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
-                null, resp);
+                    CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
+                    null, resp);
             return;
         }
 
         // does job plugin instance exist?
         if (mJobsSched.getInstances().containsKey(id) == false) {
             sendResponse(ERROR,
-                new EJobsException(CMS.getUserMessage(getLocale(req),"CMS_JOB_SRVLT_JOB_NOT_FOUND",
-                    id)).toString(),
-                null, resp);
+                    new EJobsException(CMS.getUserMessage(getLocale(req), "CMS_JOB_SRVLT_JOB_NOT_FOUND",
+                            id)).toString(),
+                    null, resp);
             return;
         }
 
@@ -757,34 +752,32 @@ public class JobsAdminServlet extends AdminServlet {
     }
 
     /**
-     * Modify job plugin instance.
-     * This will actually create a new instance with new configuration 
-     * parameters and replace the old instance, if the new instance 
-     * created and initialized successfully.
-     * The old instance is left running. so this is very expensive.
-     * Restart of server recommended.
+     * Modify job plugin instance. This will actually create a new instance with
+     * new configuration parameters and replace the old instance, if the new
+     * instance created and initialized successfully. The old instance is left
+     * running. so this is very expensive. Restart of server recommended.
      */
-    private synchronized void modJobsInst(HttpServletRequest req, 
-        HttpServletResponse resp, String scope)
-        throws ServletException, IOException, EBaseException {
+    private synchronized void modJobsInst(HttpServletRequest req,
+            HttpServletResponse resp, String scope)
+            throws ServletException, IOException, EBaseException {
 
         // expensive operation.
 
         String id = req.getParameter(Constants.RS_ID);
 
         if (id == null) {
-            //System.out.println("SRVLT_NULL_RS_ID");
+            // System.out.println("SRVLT_NULL_RS_ID");
             sendResponse(ERROR,
-                CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
-                null, resp);
+                    CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
+                    null, resp);
             return;
         }
 
         // Does the job instance exist?
         if (!mJobsSched.getInstances().containsKey((Object) id)) {
             sendResponse(ERROR,
-                    CMS.getUserMessage(getLocale(req),"CMS_JOB_SRVLT_ILL_JOB_INST_ID"),
-                null, resp);
+                    CMS.getUserMessage(getLocale(req), "CMS_JOB_SRVLT_ILL_JOB_INST_ID"),
+                    null, resp);
             return;
         }
 
@@ -793,27 +786,27 @@ public class JobsAdminServlet extends AdminServlet {
 
         if (implname == null) {
             sendResponse(ERROR,
-                    CMS.getUserMessage(getLocale(req),"CMS_JOB_SRVLT_ADD_MISSING_PARAMS"),
-                null, resp);
+                    CMS.getUserMessage(getLocale(req), "CMS_JOB_SRVLT_ADD_MISSING_PARAMS"),
+                    null, resp);
             return;
         }
 
-        // get plugin for implementation 
+        // get plugin for implementation
         JobPlugin plugin =
-            (JobPlugin) mJobsSched.getPlugins().get(implname);
+                (JobPlugin) mJobsSched.getPlugins().get(implname);
 
         if (plugin == null) {
             sendResponse(ERROR,
-                new EJobsException(CMS.getUserMessage(getLocale(req),"CMS_JOB_SRVLT_JOB_PLUGIN_NOT_FOUND",
-                    id)).toString(),
-                null, resp);
+                    new EJobsException(CMS.getUserMessage(getLocale(req), "CMS_JOB_SRVLT_JOB_PLUGIN_NOT_FOUND",
+                            id)).toString(),
+                    null, resp);
             return;
         }
 
-        // save old instance substore params in case new one fails. 
+        // save old instance substore params in case new one fails.
 
-        IJob oldinst = 
-            (IJob) mJobsSched.getInstances().get((Object) id);
+        IJob oldinst =
+                (IJob) mJobsSched.getInstances().get((Object) id);
         IConfigStore oldConfig = oldinst.getConfigStore();
 
         String[] oldConfigParms = oldinst.getConfigParams();
@@ -821,7 +814,7 @@ public class JobsAdminServlet extends AdminServlet {
 
         // implName is always required so always include it it.
         saveParams.add(IJobsScheduler.PROP_PLUGIN,
-            (String) oldConfig.get(IJobsScheduler.PROP_PLUGIN));
+                (String) oldConfig.get(IJobsScheduler.PROP_PLUGIN));
         if (oldConfigParms != null) {
             for (int i = 0; i < oldConfigParms.length; i++) {
                 String key = oldConfigParms[i];
@@ -838,9 +831,9 @@ public class JobsAdminServlet extends AdminServlet {
         // remove old substore.
 
         IConfigStore destStore =
-            mConfig.getSubStore(DestDef.DEST_JOBS_ADMIN);
+                mConfig.getSubStore(DestDef.DEST_JOBS_ADMIN);
         IConfigStore instancesConfig =
-            destStore.getSubStore(scope);
+                destStore.getSubStore(scope);
 
         instancesConfig.removeSubStore(id);
 
@@ -861,10 +854,10 @@ public class JobsAdminServlet extends AdminServlet {
                 } else if (!key.equals("profileId")) {
                     restore(instancesConfig, id, saveParams);
                     sendResponse(ERROR,
-                        new
-                        EJobsException(CMS.getUserMessage(getLocale(req),"CMS_JOB_SRVLT_MISSING_INST_PARAM_VAL",
-                            key)).toString(),
-                        null, resp);
+                            new
+                            EJobsException(CMS.getUserMessage(getLocale(req), "CMS_JOB_SRVLT_MISSING_INST_PARAM_VAL",
+                                    key)).toString(),
+                            null, resp);
                     return;
                 }
             }
@@ -880,30 +873,30 @@ public class JobsAdminServlet extends AdminServlet {
             // cleanup
             restore(instancesConfig, id, saveParams);
             sendResponse(ERROR,
-                new EJobsException(
-                  CMS.getUserMessage(getLocale(req),"CMS_JOB_LOAD_CLASS_FAILED", className)).toString(),
-                null, resp);
+                    new EJobsException(
+                            CMS.getUserMessage(getLocale(req), "CMS_JOB_LOAD_CLASS_FAILED", className)).toString(),
+                    null, resp);
             return;
         } catch (InstantiationException e) {
             restore(instancesConfig, id, saveParams);
             sendResponse(ERROR,
-                new EJobsException(
-                  CMS.getUserMessage(getLocale(req),"CMS_JOB_LOAD_CLASS_FAILED", className)).toString(),
-                null, resp);
+                    new EJobsException(
+                            CMS.getUserMessage(getLocale(req), "CMS_JOB_LOAD_CLASS_FAILED", className)).toString(),
+                    null, resp);
             return;
         } catch (IllegalAccessException e) {
             restore(instancesConfig, id, saveParams);
             sendResponse(ERROR,
-                new EJobsException(
-                  CMS.getUserMessage(getLocale(req),"CMS_JOB_LOAD_CLASS_FAILED", className)).toString(),
-                null, resp);
+                    new EJobsException(
+                            CMS.getUserMessage(getLocale(req), "CMS_JOB_LOAD_CLASS_FAILED", className)).toString(),
+                    null, resp);
             return;
         }
 
         // initialize the job plugin
 
         IJobsScheduler scheduler = (IJobsScheduler)
-            CMS.getSubsystem(CMS.SUBSYSTEM_JOBS);
+                CMS.getSubsystem(CMS.SUBSYSTEM_JOBS);
 
         try {
             newJobInst.init(scheduler, id, implname, substore);
@@ -919,17 +912,17 @@ public class JobsAdminServlet extends AdminServlet {
             return;
         }
 
-        // initialized ok.  commiting
+        // initialized ok. commiting
         try {
             mConfig.commit(true);
 
         } catch (EBaseException e) {
             // clean up.
             restore(instancesConfig, id, saveParams);
-            //System.out.println("SRVLT_FAIL_COMMIT");
+            // System.out.println("SRVLT_FAIL_COMMIT");
             sendResponse(ERROR,
-                CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"),
-                null, resp);
+                    CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"),
+                    null, resp);
             return;
         }
 
@@ -937,8 +930,8 @@ public class JobsAdminServlet extends AdminServlet {
 
         mJobsSched.getInstances().put(id, newJobInst);
 
-        mJobsSched.log(ILogger.LL_INFO, 
-            CMS.getLogMessage("ADMIN_SRVLT_JOB_INST_REP", id));
+        mJobsSched.log(ILogger.LL_INFO,
+                CMS.getLogMessage("ADMIN_SRVLT_JOB_INST_REP", id));
 
         NameValuePairs params = new NameValuePairs();
 
@@ -947,25 +940,25 @@ public class JobsAdminServlet extends AdminServlet {
     }
 
     private void getSettings(HttpServletRequest req,
-        HttpServletResponse resp) throws ServletException,
+            HttpServletResponse resp) throws ServletException,
             IOException, EBaseException {
         NameValuePairs params = new NameValuePairs();
         IConfigStore config = mConfig.getSubStore(DestDef.DEST_JOBS_ADMIN);
 
-        params.add(Constants.PR_ENABLE, 
-            config.getString(IJobsScheduler.PROP_ENABLED,
-                Constants.FALSE));
+        params.add(Constants.PR_ENABLE,
+                config.getString(IJobsScheduler.PROP_ENABLED,
+                        Constants.FALSE));
         // default 1 minute
-        params.add(Constants.PR_JOBS_FREQUENCY, 
-            config.getString(IJobsScheduler.PROP_INTERVAL, "1"));
+        params.add(Constants.PR_JOBS_FREQUENCY,
+                config.getString(IJobsScheduler.PROP_INTERVAL, "1"));
 
-        //System.out.println("Send: "+params.toString());
+        // System.out.println("Send: "+params.toString());
         sendResponse(SUCCESS, null, params, resp);
     }
 
     private void setSettings(HttpServletRequest req, HttpServletResponse resp)
-        throws ServletException, IOException, EBaseException {
-        //Save New Settings to the config file
+            throws ServletException, IOException, EBaseException {
+        // Save New Settings to the config file
         IConfigStore config = mConfig.getSubStore(DestDef.DEST_JOBS_ADMIN);
 
         String enabled = config.getString(IJobsScheduler.PROP_ENABLED);
@@ -978,14 +971,14 @@ public class JobsAdminServlet extends AdminServlet {
             config.putString(IJobsScheduler.PROP_ENABLED, enabledSetTo);
         }
 
-        //set frequency
+        // set frequency
         String interval =
-            req.getParameter(Constants.PR_JOBS_FREQUENCY);
+                req.getParameter(Constants.PR_JOBS_FREQUENCY);
 
         if (interval != null) {
             config.putString(IJobsScheduler.PROP_INTERVAL, interval);
             mJobsSched.setInterval(
-                config.getInteger(IJobsScheduler.PROP_INTERVAL));
+                    config.getInteger(IJobsScheduler.PROP_INTERVAL));
         }
 
         if (enabledChanged == true) {
@@ -999,8 +992,8 @@ public class JobsAdminServlet extends AdminServlet {
     }
 
     // convenience routine.
-    private static void restore(IConfigStore store, 
-        String id, NameValuePairs saveParams) {
+    private static void restore(IConfigStore store,
+            String id, NameValuePairs saveParams) {
         store.removeSubStore(id);
         IConfigStore rstore = store.makeSubStore(id);
 
@@ -1010,7 +1003,7 @@ public class JobsAdminServlet extends AdminServlet {
             String key = (String) keys.nextElement();
             String value = saveParams.getValue(key);
 
-            if (!value.equals("")) 
+            if (!value.equals(""))
                 rstore.put(key, value);
         }
     }
diff --git a/pki/base/common/src/com/netscape/cms/servlet/admin/KRAAdminServlet.java b/pki/base/common/src/com/netscape/cms/servlet/admin/KRAAdminServlet.java
index e4138d74..feb4ea9b 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/admin/KRAAdminServlet.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/admin/KRAAdminServlet.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.servlet.admin;
 
-
 import java.io.IOException;
 import java.util.Enumeration;
 
@@ -35,13 +34,11 @@ import com.netscape.certsrv.common.ScopeDef;
 import com.netscape.certsrv.kra.IKeyRecoveryAuthority;
 import com.netscape.certsrv.logging.ILogger;
 
-
 /**
- * A class representings an administration servlet for Key
- * Recovery Authority. This servlet is responsible to serve 
- * KRA administrative operation such as configuration 
- * parameter updates.
- *
+ * A class representings an administration servlet for Key Recovery Authority.
+ * This servlet is responsible to serve KRA administrative operation such as
+ * configuration parameter updates.
+ * 
  * @version $Revision$, $Date$
  */
 public class KRAAdminServlet extends AdminServlet {
@@ -57,7 +54,7 @@ public class KRAAdminServlet extends AdminServlet {
     private IKeyRecoveryAuthority mKRA = null;
 
     private final static String LOGGING_SIGNED_AUDIT_CONFIG_DRM =
-        "LOGGING_SIGNED_AUDIT_CONFIG_DRM_3";
+            "LOGGING_SIGNED_AUDIT_CONFIG_DRM_3";
 
     /**
      * Constructs KRA servlet.
@@ -73,63 +70,60 @@ public class KRAAdminServlet extends AdminServlet {
 
     /**
      * Returns serlvet information.
-     *
+     * 
      * @return name of this servlet
      */
-    public String getServletInfo() { 
-        return INFO; 
+    public String getServletInfo() {
+        return INFO;
     }
 
     /**
      * Serves HTTP admin request.
-     *
+     * 
      * @param req HTTP request
      * @param resp HTTP response
      */
     public void service(HttpServletRequest req, HttpServletResponse resp)
-        throws ServletException, IOException {
+            throws ServletException, IOException {
         super.service(req, resp);
 
         super.authenticate(req);
         String scope = req.getParameter(Constants.OP_SCOPE);
 
         if (scope == null) {
-            sendResponse(ERROR, 
-                CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"),
-                null, resp);
+            sendResponse(ERROR,
+                    CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"),
+                    null, resp);
             return;
         }
         String op = req.getParameter(Constants.OP_TYPE);
 
         if (op == null) {
             sendResponse(ERROR,
-                CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_TYPE", op),
-                null, resp);
+                    CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_TYPE", op),
+                    null, resp);
             return;
         }
-		
+
         try {
             AUTHZ_RES_NAME = "certServer.kra.configuration";
             if (op.equals(OpDef.OP_READ)) {
                 mOp = "read";
                 if ((mToken = super.authorize(req)) == null) {
                     sendResponse(ERROR,
-                        CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
-                        null, resp);
+                            CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
+                            null, resp);
                     return;
                 }
-                /* Functions not implemented in console
-                if (scope.equals(ScopeDef.SC_AUTO_RECOVERY)) {
-                    readAutoRecoveryConfig(req, resp);
-                    return;
-                } else if (scope.equals(ScopeDef.SC_RECOVERY)) {
-                    readRecoveryConfig(req, resp);
-                    return;
-                } else if (scope.equals(ScopeDef.SC_NOTIFICATION_RIQ)) {
-                    getNotificationRIQConfig(req, resp);
-                    return;
-                } else
-                */ 
+                /*
+                 * Functions not implemented in console if
+                 * (scope.equals(ScopeDef.SC_AUTO_RECOVERY)) {
+                 * readAutoRecoveryConfig(req, resp); return; } else if
+                 * (scope.equals(ScopeDef.SC_RECOVERY)) {
+                 * readRecoveryConfig(req, resp); return; } else if
+                 * (scope.equals(ScopeDef.SC_NOTIFICATION_RIQ)) {
+                 * getNotificationRIQConfig(req, resp); return; } else
+                 */
                 if (scope.equals(ScopeDef.SC_GENERAL)) {
                     getGeneralConfig(req, resp);
                     return;
@@ -138,44 +132,39 @@ public class KRAAdminServlet extends AdminServlet {
                 mOp = "modify";
                 if ((mToken = super.authorize(req)) == null) {
                     sendResponse(ERROR,
-                        CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
-                        null, resp);
+                            CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
+                            null, resp);
                     return;
                 }
-                /* Functions not implemented in console
-                if (scope.equals(ScopeDef.SC_AUTO_RECOVERY)) {
-                    modifyAutoRecoveryConfig(req, resp);
-                    return;
-                } else if (scope.equals(ScopeDef.SC_AGENT_PWD)) {
-                    changeAgentPwd(req, resp);
-                    return;
-                } else if (scope.equals(ScopeDef.SC_MNSCHEME)) {
-                    changeMNScheme(req, resp);
-                    return;
-                } else if (scope.equals(ScopeDef.SC_NOTIFICATION_RIQ)) {
-                    setNotificationRIQConfig(req, resp);
-                    return;
-                } else 
-                */
+                /*
+                 * Functions not implemented in console if
+                 * (scope.equals(ScopeDef.SC_AUTO_RECOVERY)) {
+                 * modifyAutoRecoveryConfig(req, resp); return; } else if
+                 * (scope.equals(ScopeDef.SC_AGENT_PWD)) { changeAgentPwd(req,
+                 * resp); return; } else if (scope.equals(ScopeDef.SC_MNSCHEME))
+                 * { changeMNScheme(req, resp); return; } else if
+                 * (scope.equals(ScopeDef.SC_NOTIFICATION_RIQ)) {
+                 * setNotificationRIQConfig(req, resp); return; } else
+                 */
                 if (scope.equals(ScopeDef.SC_GENERAL)) {
-                    setGeneralConfig(req,resp);
+                    setGeneralConfig(req, resp);
                 }
-            } 
+            }
         } catch (EBaseException e) {
             // convert exception into locale-specific message
-            sendResponse(ERROR, e.toString(getLocale(req)), 
-                null, resp);
+            sendResponse(ERROR, e.toString(getLocale(req)),
+                    null, resp);
             return;
         } catch (Exception e) {
             e.printStackTrace();
         }
         sendResponse(ERROR,
-            CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_PROTOCOL"),
-            null, resp);
+                CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_PROTOCOL"),
+                null, resp);
     }
 
     private void getGeneralConfig(HttpServletRequest req,
-        HttpServletResponse resp) throws ServletException,
+            HttpServletResponse resp) throws ServletException,
             IOException, EBaseException {
 
         NameValuePairs params = new NameValuePairs();
@@ -188,7 +177,7 @@ public class KRAAdminServlet extends AdminServlet {
     }
 
     private void setGeneralConfig(HttpServletRequest req,
-        HttpServletResponse resp) throws ServletException,
+            HttpServletResponse resp) throws ServletException,
             IOException, EBaseException {
         Enumeration enum1 = req.getParameterNames();
         boolean restart = false;
@@ -202,14 +191,14 @@ public class KRAAdminServlet extends AdminServlet {
 
             if (key.equals(Constants.PR_NO_OF_REQUIRED_RECOVERY_AGENTS)) {
                 try {
-                    int number = Integer.parseInt(value); 
+                    int number = Integer.parseInt(value);
                     mKRA.setNoOfRequiredAgents(number);
                 } catch (NumberFormatException e) {
                     auditMessage = CMS.getLogMessage(
-                        LOGGING_SIGNED_AUDIT_CONFIG_DRM,
-                        auditSubjectID,
-                        ILogger.FAILURE,
-                        auditParams(req));
+                            LOGGING_SIGNED_AUDIT_CONFIG_DRM,
+                            auditSubjectID,
+                            ILogger.FAILURE,
+                            auditParams(req));
 
                     audit(auditMessage);
                     throw new EBaseException("Number of agents must be an integer");
@@ -220,10 +209,10 @@ public class KRAAdminServlet extends AdminServlet {
         commit(true);
 
         auditMessage = CMS.getLogMessage(
-            LOGGING_SIGNED_AUDIT_CONFIG_DRM,
-            auditSubjectID,
-            ILogger.SUCCESS,
-            auditParams(req));
+                LOGGING_SIGNED_AUDIT_CONFIG_DRM,
+                auditSubjectID,
+                ILogger.SUCCESS,
+                auditParams(req));
 
         audit(auditMessage);
 
diff --git a/pki/base/common/src/com/netscape/cms/servlet/admin/LogAdminServlet.java b/pki/base/common/src/com/netscape/cms/servlet/admin/LogAdminServlet.java
index 08d6fcf5..4dc862a5 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/admin/LogAdminServlet.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/admin/LogAdminServlet.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.servlet.admin;
 
-
 import java.io.IOException;
 import java.util.Enumeration;
 import java.util.Hashtable;
@@ -45,13 +44,11 @@ import com.netscape.certsrv.logging.ILogSubsystem;
 import com.netscape.certsrv.logging.ILogger;
 import com.netscape.certsrv.logging.LogPlugin;
 
-
 /**
- * A class representings an administration servlet for logging
- * subsystem. This servlet is responsible to serve
- * logging administrative operation such as configuration
- * parameter updates and log retriever.
- *
+ * A class representings an administration servlet for logging subsystem. This
+ * servlet is responsible to serve logging administrative operation such as
+ * configuration parameter updates and log retriever.
+ * 
  * @version $Revision$, $Date$
  */
 public class LogAdminServlet extends AdminServlet {
@@ -70,11 +67,11 @@ public class LogAdminServlet extends AdminServlet {
 
     private final static String SIGNED_AUDIT_LOG_TYPE = "SignedAudit";
     private final static String LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT =
-        "LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT_3";
+            "LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT_3";
     private final static String LOGGING_SIGNED_AUDIT_LOG_PATH_CHANGE =
-        "LOGGING_SIGNED_AUDIT_LOG_PATH_CHANGE_4";
+            "LOGGING_SIGNED_AUDIT_LOG_PATH_CHANGE_4";
     private final static String LOGGING_SIGNED_AUDIT_LOG_EXPIRATION_CHANGE =
-        "LOGGING_SIGNED_AUDIT_LOG_EXPIRATION_CHANGE_4";
+            "LOGGING_SIGNED_AUDIT_LOG_EXPIRATION_CHANGE_4";
 
     /**
      * Constructs Log servlet.
@@ -114,15 +111,15 @@ public class LogAdminServlet extends AdminServlet {
      * Serves HTTP admin request.
      */
     public void service(HttpServletRequest req, HttpServletResponse resp)
-        throws ServletException, IOException {
+            throws ServletException, IOException {
         super.service(req, resp);
 
         String op = req.getParameter(Constants.OP_TYPE);
 
         if (op == null) {
             sendResponse(ERROR,
-                CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_PROTOCOL"),
-                null, resp);
+                    CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_PROTOCOL"),
+                    null, resp);
             return;
         }
 
@@ -138,8 +135,8 @@ public class LogAdminServlet extends AdminServlet {
                     mOp = "read";
                     if ((mToken = super.authorize(req)) == null) {
                         sendResponse(ERROR,
-                            CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
-                            null, resp);
+                                CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
+                                null, resp);
                         return;
                     }
                     try {
@@ -155,8 +152,8 @@ public class LogAdminServlet extends AdminServlet {
                     mOp = "read";
                     if ((mToken = super.authorize(req)) == null) {
                         sendResponse(ERROR,
-                            CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
-                            null, resp);
+                                CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
+                                null, resp);
                         return;
                     }
 
@@ -169,17 +166,17 @@ public class LogAdminServlet extends AdminServlet {
                     } else if (scope.equals(ScopeDef.SC_GENERAL)) {
                         getGeneralConfig(req, resp);
                     } else {
-                        sendResponse(ERROR, 
-                            CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"),
-                            null, resp);
+                        sendResponse(ERROR,
+                                CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"),
+                                null, resp);
                         return;
                     }
                 } else if (op.equals(OpDef.OP_DELETE)) {
                     mOp = "modify";
                     if ((mToken = super.authorize(req)) == null) {
                         sendResponse(ERROR,
-                            CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
-                            null, resp);
+                                CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
+                                null, resp);
                         return;
                     }
 
@@ -190,17 +187,17 @@ public class LogAdminServlet extends AdminServlet {
                         delLogInst(req, resp, scope);
                         return;
                     } else {
-                        sendResponse(ERROR, 
-                            CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"),
-                            null, resp);
+                        sendResponse(ERROR,
+                                CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"),
+                                null, resp);
                         return;
                     }
                 } else if (op.equals(OpDef.OP_ADD)) {
                     mOp = "modify";
                     if ((mToken = super.authorize(req)) == null) {
                         sendResponse(ERROR,
-                            CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
-                            null, resp);
+                                CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
+                                null, resp);
                         return;
                     }
 
@@ -211,9 +208,9 @@ public class LogAdminServlet extends AdminServlet {
                         addLogInst(req, resp, scope);
                         return;
                     } else {
-                        sendResponse(ERROR, 
-                            CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"),
-                            null, resp);
+                        sendResponse(ERROR,
+                                CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"),
+                                null, resp);
                         return;
                     }
                 } else if (op.equals(OpDef.OP_MODIFY)) {
@@ -221,8 +218,8 @@ public class LogAdminServlet extends AdminServlet {
                     mOp = "modify";
                     if ((mToken = super.authorize(req)) == null) {
                         sendResponse(ERROR,
-                            CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
-                            null, resp);
+                                CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
+                                null, resp);
                         return;
                     }
 
@@ -232,17 +229,17 @@ public class LogAdminServlet extends AdminServlet {
                     } else if (scope.equals(ScopeDef.SC_GENERAL)) {
                         setGeneralConfig(req, resp);
                     } else {
-                        sendResponse(ERROR, 
-                            CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"),
-                            null, resp);
+                        sendResponse(ERROR,
+                                CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"),
+                                null, resp);
                         return;
                     }
                 } else if (op.equals(OpDef.OP_SEARCH)) {
                     mOp = "read";
                     if ((mToken = super.authorize(req)) == null) {
                         sendResponse(ERROR,
-                            CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
-                            null, resp);
+                                CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
+                                null, resp);
                         return;
                     }
                     if (scope.equals(ScopeDef.SC_LOG_IMPLS)) {
@@ -268,13 +265,13 @@ public class LogAdminServlet extends AdminServlet {
                         mOp = "read";
                         if ((mToken = super.authorize(req)) == null) {
                             sendResponse(ERROR,
-                                CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
-                                null, resp);
+                                    CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
+                                    null, resp);
                             return;
                         }
 
                         ILogEventListener loginst =
-                            mSys.getLogInstance(instName);
+                                mSys.getLogInstance(instName);
 
                         if (loginst != null) {
                             NameValuePairs nvps = loginst.retrieveLogContent(toHashtable(req));
@@ -296,12 +293,12 @@ public class LogAdminServlet extends AdminServlet {
                         mOp = "read";
                         if ((mToken = super.authorize(req)) == null) {
                             sendResponse(ERROR,
-                                CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
-                                null, resp);
+                                    CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
+                                    null, resp);
                             return;
                         }
                         ILogEventListener loginst =
-                            mSys.getLogInstance(instName);
+                                mSys.getLogInstance(instName);
 
                         if (loginst != null) {
                             NameValuePairs nvps = loginst.retrieveLogList(toHashtable(req));
@@ -310,15 +307,15 @@ public class LogAdminServlet extends AdminServlet {
                         }
                         return;
                     } else {
-                        sendResponse(ERROR, 
-                            CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"),
-                            null, resp);
+                        sendResponse(ERROR,
+                                CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"),
+                                null, resp);
                         return;
                     }
                 } else {
-                    sendResponse(ERROR, 
-                        CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_TYPE", op),
-                        null, resp);
+                    sendResponse(ERROR,
+                            CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_TYPE", op),
+                            null, resp);
                     return;
                 }
             }
@@ -329,15 +326,15 @@ public class LogAdminServlet extends AdminServlet {
             System.out.println("XXX >>>" + e.toString() + "<<<");
             e.printStackTrace();
             sendResponse(ERROR,
-                CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_PROTOCOL"),
-                null, resp);
+                    CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_PROTOCOL"),
+                    null, resp);
         }
 
         return;
     }
 
-    private synchronized void listLogInsts(HttpServletRequest req, 
-        HttpServletResponse resp, boolean all) throws ServletException, 
+    private synchronized void listLogInsts(HttpServletRequest req,
+            HttpServletResponse resp, boolean all) throws ServletException,
             IOException, EBaseException {
 
         NameValuePairs params = new NameValuePairs();
@@ -351,9 +348,9 @@ public class LogAdminServlet extends AdminServlet {
             if (value == null)
                 continue;
             String pName = mSys.getLogPluginName(value);
-            LogPlugin pClass = (LogPlugin) 
-                mSys.getLogPlugins().get(pName);
-            String c = pClass.getClassPath();	
+            LogPlugin pClass = (LogPlugin)
+                    mSys.getLogPlugins().get(pName);
+            String c = pClass.getClassPath();
 
             // not show ntEventlog here
             if (all || (!all && !c.endsWith("NTEventLog")))
@@ -363,12 +360,12 @@ public class LogAdminServlet extends AdminServlet {
         return;
     }
 
-    /** 
-     * retrieve extended plugin info such as brief description, type info
-     * from logging
+    /**
+     * retrieve extended plugin info such as brief description, type info from
+     * logging
      */
     private void getExtendedPluginInfo(HttpServletRequest req,
-        HttpServletResponse resp) throws ServletException,
+            HttpServletResponse resp) throws ServletException,
             IOException, EBaseException {
         String id = req.getParameter(Constants.RS_ID);
 
@@ -381,10 +378,10 @@ public class LogAdminServlet extends AdminServlet {
         sendResponse(SUCCESS, null, params, resp);
     }
 
-    private NameValuePairs getExtendedPluginInfo(Locale locale, String implType, String implName) { 
-        IExtendedPluginInfo ext_info = null; 
+    private NameValuePairs getExtendedPluginInfo(Locale locale, String implType, String implName) {
+        IExtendedPluginInfo ext_info = null;
         Object impl = null;
-        LogPlugin lp = (LogPlugin) mSys.getLogPlugins().get(implName); 
+        LogPlugin lp = (LogPlugin) mSys.getLogPlugins().get(implName);
 
         if (lp != null) {
             impl = getClassByNameAsExtendedPluginInfo(lp.getClassPath());
@@ -410,11 +407,12 @@ public class LogAdminServlet extends AdminServlet {
     /**
      * Add log plug-in
      * <P>
-     *
+     * 
      * <ul>
      * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT used when
      * configuring signedAudit
      * </ul>
+     * 
      * @param req HTTP servlet request
      * @param resp HTTP servlet response
      * @param scope string used to obtain the contents of the log's substore
@@ -423,9 +421,9 @@ public class LogAdminServlet extends AdminServlet {
      * @exception EBaseException an error has occurred
      */
     @SuppressWarnings("unchecked")
-	private synchronized void addLogPlugin(HttpServletRequest req,
-        HttpServletResponse resp, String scope)
-        throws ServletException, IOException, EBaseException {
+    private synchronized void addLogPlugin(HttpServletRequest req,
+            HttpServletResponse resp, String scope)
+            throws ServletException, IOException, EBaseException {
         String auditMessage = null;
         String auditSubjectID = auditSubjectID();
 
@@ -443,7 +441,7 @@ public class LogAdminServlet extends AdminServlet {
             }
 
             if (id == null) {
-                //System.out.println("SRVLT_NULL_RS_ID");
+                // System.out.println("SRVLT_NULL_RS_ID");
 
                 // store a message in the signed audit log file
                 if (logType.equals(SIGNED_AUDIT_LOG_TYPE)) {
@@ -457,8 +455,8 @@ public class LogAdminServlet extends AdminServlet {
                 }
 
                 sendResponse(ERROR,
-                    CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
-                    null, resp);
+                        CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
+                        null, resp);
                 return;
             }
 
@@ -476,8 +474,8 @@ public class LogAdminServlet extends AdminServlet {
                 }
 
                 sendResponse(ERROR,
-                    new ELogException(CMS.getUserMessage(getLocale(req),"CMS_LOG_SRVLT_ILL_PLUGIN_ID", id)).toString(),
-                    null, resp);
+                        new ELogException(CMS.getUserMessage(getLocale(req), "CMS_LOG_SRVLT_ILL_PLUGIN_ID", id)).toString(),
+                        null, resp);
                 return;
             }
 
@@ -496,8 +494,8 @@ public class LogAdminServlet extends AdminServlet {
                 }
 
                 sendResponse(ERROR,
-                        CMS.getUserMessage(getLocale(req),"CMS_LOG_SRVLT_NULL_CLASS"), 
-                    null, resp);
+                        CMS.getUserMessage(getLocale(req), "CMS_LOG_SRVLT_NULL_CLASS"),
+                        null, resp);
                 return;
             }
 
@@ -505,7 +503,7 @@ public class LogAdminServlet extends AdminServlet {
 
             destStore = mConfig.getSubStore("log");
             IConfigStore instancesConfig =
-                destStore.getSubStore("impl");
+                    destStore.getSubStore("impl");
 
             // Does the class exist?
             Class<ILogEventListener> newImpl = null;
@@ -525,8 +523,8 @@ public class LogAdminServlet extends AdminServlet {
                 }
 
                 sendResponse(ERROR,
-                        CMS.getUserMessage(getLocale(req),"CMS_LOG_SRVLT_NO_CLASS"), 
-                    null, resp);
+                        CMS.getUserMessage(getLocale(req), "CMS_LOG_SRVLT_NO_CLASS"),
+                        null, resp);
                 return;
             } catch (IllegalArgumentException e) {
                 // store a message in the signed audit log file
@@ -541,8 +539,8 @@ public class LogAdminServlet extends AdminServlet {
                 }
 
                 sendResponse(ERROR,
-                        CMS.getUserMessage(getLocale(req),"CMS_LOG_SRVLT_NO_CLASS"), 
-                    null, resp);
+                        CMS.getUserMessage(getLocale(req), "CMS_LOG_SRVLT_NO_CLASS"),
+                        null, resp);
                 return;
             }
 
@@ -561,11 +559,12 @@ public class LogAdminServlet extends AdminServlet {
                     }
 
                     sendResponse(ERROR,
-                            CMS.getUserMessage(getLocale(req),"CMS_LOG_SRVLT_ILL_CLASS"), 
-                        null, resp);
+                            CMS.getUserMessage(getLocale(req), "CMS_LOG_SRVLT_ILL_CLASS"),
+                            null, resp);
                     return;
                 }
-            } catch (NullPointerException e) { // unlikely, only if newImpl null.
+            } catch (NullPointerException e) { // unlikely, only if newImpl
+                                               // null.
                 // store a message in the signed audit log file
                 if (logType.equals(SIGNED_AUDIT_LOG_TYPE)) {
                     auditMessage = CMS.getLogMessage(
@@ -578,8 +577,8 @@ public class LogAdminServlet extends AdminServlet {
                 }
 
                 sendResponse(ERROR,
-                        CMS.getUserMessage(getLocale(req),"CMS_LOG_SRVLT_ILL_CLASS"), 
-                    null, resp);
+                        CMS.getUserMessage(getLocale(req), "CMS_LOG_SRVLT_ILL_CLASS"),
+                        null, resp);
                 return;
             }
 
@@ -591,7 +590,7 @@ public class LogAdminServlet extends AdminServlet {
             try {
                 mConfig.commit(true);
             } catch (EBaseException e) {
-                //System.out.println("SRVLT_FAIL_COMMIT");
+                // System.out.println("SRVLT_FAIL_COMMIT");
 
                 // store a message in the signed audit log file
                 if (logType.equals(SIGNED_AUDIT_LOG_TYPE)) {
@@ -605,8 +604,8 @@ public class LogAdminServlet extends AdminServlet {
                 }
 
                 sendResponse(ERROR,
-                    CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"),
-                    null, resp);
+                        CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"),
+                        null, resp);
                 return;
             }
 
@@ -631,17 +630,17 @@ public class LogAdminServlet extends AdminServlet {
             sendResponse(SUCCESS, null, params, resp);
             return;
             // } catch( EBaseException eAudit1 ) {
-            //     // store a message in the signed audit log file
-            //     auditMessage = CMS.getLogMessage(
-            //                        LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT,
-            //                        auditSubjectID,
-            //                        ILogger.FAILURE,
-            //                        auditParams( req ) );
+            // // store a message in the signed audit log file
+            // auditMessage = CMS.getLogMessage(
+            // LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT,
+            // auditSubjectID,
+            // ILogger.FAILURE,
+            // auditParams( req ) );
             //
-            //     audit( auditMessage );
+            // audit( auditMessage );
             //
-            //     // rethrow the specific exception to be handled later
-            //     throw eAudit1;
+            // // rethrow the specific exception to be handled later
+            // throw eAudit1;
         } catch (IOException eAudit2) {
             // store a message in the signed audit log file
             auditMessage = CMS.getLogMessage(
@@ -655,17 +654,17 @@ public class LogAdminServlet extends AdminServlet {
             // rethrow the specific exception to be handled later
             throw eAudit2;
             // } catch( ServletException eAudit3 ) {
-            //     // store a message in the signed audit log file
-            //     auditMessage = CMS.getLogMessage(
-            //                        LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT,
-            //                        auditSubjectID,
-            //                        ILogger.FAILURE,
-            //                        auditParams( req ) );
+            // // store a message in the signed audit log file
+            // auditMessage = CMS.getLogMessage(
+            // LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT,
+            // auditSubjectID,
+            // ILogger.FAILURE,
+            // auditParams( req ) );
             //
-            //     audit( auditMessage );
+            // audit( auditMessage );
             //
-            //     // rethrow the specific exception to be handled later
-            //     throw eAudit3;
+            // // rethrow the specific exception to be handled later
+            // throw eAudit3;
         }
     }
 
@@ -682,11 +681,12 @@ public class LogAdminServlet extends AdminServlet {
     /**
      * Add log instance
      * <P>
-     *
+     * 
      * <ul>
      * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT used when
      * configuring signedAudit
      * </ul>
+     * 
      * @param req HTTP servlet request
      * @param resp HTTP servlet response
      * @param scope string used to obtain the contents of the log's substore
@@ -694,9 +694,9 @@ public class LogAdminServlet extends AdminServlet {
      * @exception IOException an input/output error has occurred
      * @exception EBaseException an error has occurred
      */
-    private synchronized void addLogInst(HttpServletRequest req, 
-        HttpServletResponse resp, String scope)
-        throws ServletException, IOException, EBaseException {
+    private synchronized void addLogInst(HttpServletRequest req,
+            HttpServletResponse resp, String scope)
+            throws ServletException, IOException, EBaseException {
         String auditMessage = null;
         String auditSubjectID = auditSubjectID();
 
@@ -726,8 +726,8 @@ public class LogAdminServlet extends AdminServlet {
                 }
 
                 sendResponse(ERROR,
-                    CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
-                    null, resp);
+                        CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
+                        null, resp);
                 return;
             }
 
@@ -743,8 +743,8 @@ public class LogAdminServlet extends AdminServlet {
                     audit(auditMessage);
                 }
 
-                sendResponse(ERROR, "Invalid ID '" + id + "'", 
-                    null, resp);
+                sendResponse(ERROR, "Invalid ID '" + id + "'",
+                        null, resp);
                 return;
             }
 
@@ -761,8 +761,8 @@ public class LogAdminServlet extends AdminServlet {
                 }
 
                 sendResponse(ERROR,
-                        CMS.getUserMessage(getLocale(req),"CMS_LOG_SRVLT_ILL_INST_ID"), 
-                    null, resp);
+                        CMS.getUserMessage(getLocale(req), "CMS_LOG_SRVLT_ILL_INST_ID"),
+                        null, resp);
                 return;
             }
 
@@ -783,15 +783,15 @@ public class LogAdminServlet extends AdminServlet {
                 }
 
                 sendResponse(ERROR,
-                        CMS.getUserMessage(getLocale(req),"CMS_LOG_SRVLT_ADD_MISSING_PARAMS"),
-                    null, resp);
+                        CMS.getUserMessage(getLocale(req), "CMS_LOG_SRVLT_ADD_MISSING_PARAMS"),
+                        null, resp);
                 return;
             }
 
             // check if implementation exists.
             LogPlugin plugin =
-                (LogPlugin) mSys.getLogPlugins().get(
-                    implname);
+                    (LogPlugin) mSys.getLogPlugins().get(
+                            implname);
 
             if (plugin == null) {
                 // store a message in the signed audit log file
@@ -806,17 +806,17 @@ public class LogAdminServlet extends AdminServlet {
                 }
 
                 sendResponse(ERROR,
-                    new ELogPluginNotFound(CMS.getUserMessage(getLocale(req), "CMS_LOG_PLUGIN_NOT_FOUND",implname)).toString(),
-                    null, resp);
+                        new ELogPluginNotFound(CMS.getUserMessage(getLocale(req), "CMS_LOG_PLUGIN_NOT_FOUND", implname)).toString(),
+                        null, resp);
                 return;
             }
 
             Vector<String> configParams = mSys.getLogDefaultParams(implname);
 
             IConfigStore destStore =
-                mConfig.getSubStore("log");
+                    mConfig.getSubStore("log");
             IConfigStore instancesConfig =
-                destStore.getSubStore("instance");
+                    destStore.getSubStore("instance");
             IConfigStore substore = instancesConfig.makeSubStore(id);
 
             if (configParams != null) {
@@ -826,17 +826,17 @@ public class LogAdminServlet extends AdminServlet {
                     String val = req.getParameter(kv.substring(0, index));
 
                     if (val == null) {
-                        substore.put(kv.substring(0, index), 
-                            kv.substring(index + 1));
+                        substore.put(kv.substring(0, index),
+                                kv.substring(index + 1));
                     } else {
-                        substore.put(kv.substring(0, index), 
-                            val);
+                        substore.put(kv.substring(0, index),
+                                val);
                     }
                 }
             }
             substore.put("pluginName", implname);
 
-            // Fix Blackflag Bug #615603:  Currently, although expiring log
+            // Fix Blackflag Bug #615603: Currently, although expiring log
             // files is no longer supported, it is still a required parameter
             // that must be present during the creation and modification of
             // custom log plugins.
@@ -864,8 +864,8 @@ public class LogAdminServlet extends AdminServlet {
                 }
 
                 sendResponse(ERROR,
-                    new ELogException(CMS.getUserMessage(getLocale(req),"CMS_LOG_LOAD_CLASS_FAIL", className)).toString(),
-                    null, resp);
+                        new ELogException(CMS.getUserMessage(getLocale(req), "CMS_LOG_LOAD_CLASS_FAIL", className)).toString(),
+                        null, resp);
                 return;
             } catch (InstantiationException e) {
                 instancesConfig.removeSubStore(id);
@@ -882,8 +882,8 @@ public class LogAdminServlet extends AdminServlet {
                 }
 
                 sendResponse(ERROR,
-                    new ELogException(CMS.getUserMessage(getLocale(req),"CMS_LOG_LOAD_CLASS_FAIL", className)).toString(),
-                    null, resp);
+                        new ELogException(CMS.getUserMessage(getLocale(req), "CMS_LOG_LOAD_CLASS_FAIL", className)).toString(),
+                        null, resp);
                 return;
             } catch (IllegalAccessException e) {
                 instancesConfig.removeSubStore(id);
@@ -900,8 +900,8 @@ public class LogAdminServlet extends AdminServlet {
                 }
 
                 sendResponse(ERROR,
-                    new ELogException(CMS.getUserMessage(getLocale(req),"CMS_LOG_LOAD_CLASS_FAIL", className)).toString(),
-                    null, resp);
+                        new ELogException(CMS.getUserMessage(getLocale(req), "CMS_LOG_LOAD_CLASS_FAIL", className)).toString(),
+                        null, resp);
                 return;
             }
 
@@ -962,8 +962,8 @@ public class LogAdminServlet extends AdminServlet {
                 }
 
                 sendResponse(ERROR,
-                    CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"),
-                    null, resp);
+                        CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"),
+                        null, resp);
                 return;
             }
 
@@ -988,17 +988,17 @@ public class LogAdminServlet extends AdminServlet {
             sendResponse(SUCCESS, null, params, resp);
             return;
             // } catch( EBaseException eAudit1 ) {
-            //     // store a message in the signed audit log file
-            //     auditMessage = CMS.getLogMessage(
-            //                        LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT,
-            //                        auditSubjectID,
-            //                        ILogger.FAILURE,
-            //                        auditParams( req ) );
+            // // store a message in the signed audit log file
+            // auditMessage = CMS.getLogMessage(
+            // LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT,
+            // auditSubjectID,
+            // ILogger.FAILURE,
+            // auditParams( req ) );
             //
-            //     audit( auditMessage );
+            // audit( auditMessage );
             //
-            //     // rethrow the specific exception to be handled later
-            //     throw eAudit1;
+            // // rethrow the specific exception to be handled later
+            // throw eAudit1;
         } catch (IOException eAudit2) {
             // store a message in the signed audit log file
             auditMessage = CMS.getLogMessage(
@@ -1012,42 +1012,42 @@ public class LogAdminServlet extends AdminServlet {
             // rethrow the specific exception to be handled later
             throw eAudit2;
             // } catch( ServletException eAudit3 ) {
-            //     // store a message in the signed audit log file
-            //     auditMessage = CMS.getLogMessage(
-            //                        LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT,
-            //                        auditSubjectID,
-            //                        ILogger.FAILURE,
-            //                        auditParams( req ) );
+            // // store a message in the signed audit log file
+            // auditMessage = CMS.getLogMessage(
+            // LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT,
+            // auditSubjectID,
+            // ILogger.FAILURE,
+            // auditParams( req ) );
             //
-            //     audit( auditMessage );
+            // audit( auditMessage );
             //
-            //     // rethrow the specific exception to be handled later
-            //     throw eAudit3;
+            // // rethrow the specific exception to be handled later
+            // throw eAudit3;
         }
     }
 
-    private synchronized void listLogPlugins(HttpServletRequest req, 
-        HttpServletResponse resp) throws ServletException, 
+    private synchronized void listLogPlugins(HttpServletRequest req,
+            HttpServletResponse resp) throws ServletException,
             IOException, EBaseException {
         NameValuePairs params = new NameValuePairs();
         Enumeration<String> e = mSys.getLogPlugins().keys();
 
         while (e.hasMoreElements()) {
             String name = (String) e.nextElement();
-            LogPlugin value = (LogPlugin) 
-                mSys.getLogPlugins().get(name);
+            LogPlugin value = (LogPlugin)
+                    mSys.getLogPlugins().get(name);
             // get Description
-            String c = value.getClassPath();	
+            String c = value.getClassPath();
             String desc = "unknown";
 
             try {
                 ILogEventListener lp = (ILogEventListener)
-                    Class.forName(c).newInstance();
+                        Class.forName(c).newInstance();
 
                 desc = lp.getDescription();
             } catch (Exception exp) {
-                sendResponse(ERROR, exp.toString(), null, 
-                    resp);
+                sendResponse(ERROR, exp.toString(), null,
+                        resp);
                 return;
             }
             params.add(name, value.getClassPath() + "," + desc);
@@ -1069,11 +1069,12 @@ public class LogAdminServlet extends AdminServlet {
     /**
      * Delete log instance
      * <P>
-     *
+     * 
      * <ul>
      * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT used when
      * configuring signedAudit
      * </ul>
+     * 
      * @param req HTTP servlet request
      * @param resp HTTP servlet response
      * @param scope string used to obtain the contents of the log's substore
@@ -1081,9 +1082,9 @@ public class LogAdminServlet extends AdminServlet {
      * @exception IOException an input/output error has occurred
      * @exception EBaseException an error has occurred
      */
-    private synchronized void delLogInst(HttpServletRequest req, 
-        HttpServletResponse resp, String scope) 
-        throws ServletException, IOException, EBaseException {
+    private synchronized void delLogInst(HttpServletRequest req,
+            HttpServletResponse resp, String scope)
+            throws ServletException, IOException, EBaseException {
         String auditMessage = null;
         String auditSubjectID = auditSubjectID();
 
@@ -1102,7 +1103,7 @@ public class LogAdminServlet extends AdminServlet {
             }
 
             if (id == null) {
-                //System.out.println("SRVLT_NULL_RS_ID");
+                // System.out.println("SRVLT_NULL_RS_ID");
 
                 // store a message in the signed audit log file
                 if (logType.equals(SIGNED_AUDIT_LOG_TYPE)) {
@@ -1116,8 +1117,8 @@ public class LogAdminServlet extends AdminServlet {
                 }
 
                 sendResponse(ERROR,
-                    CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
-                    null, resp);
+                        CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
+                        null, resp);
                 return;
             }
 
@@ -1135,31 +1136,31 @@ public class LogAdminServlet extends AdminServlet {
                 }
 
                 sendResponse(ERROR,
-                    new ELogNotFound(CMS.getUserMessage(getLocale(req), "CMS_LOG_INSTANCE_NOT_FOUND",id)).toString(),
-                    null, resp);
+                        new ELogNotFound(CMS.getUserMessage(getLocale(req), "CMS_LOG_INSTANCE_NOT_FOUND", id)).toString(),
+                        null, resp);
                 return;
             }
 
             // only remove from memory
             // cannot shutdown because we don't keep track of whether it's
-            // being used. 
+            // being used.
             ILogEventListener logInst = (ILogEventListener)
-                mSys.getLogInstance(id);
+                    mSys.getLogInstance(id);
 
             mSys.getLogInsts().remove((Object) id);
 
             // remove the configuration.
             IConfigStore destStore =
-                mConfig.getSubStore("log");
+                    mConfig.getSubStore("log");
             IConfigStore instancesConfig =
-                destStore.getSubStore("instance");
+                    destStore.getSubStore("instance");
 
             instancesConfig.removeSubStore(id);
             // commiting
             try {
                 mConfig.commit(true);
             } catch (EBaseException e) {
-                //System.out.println("SRVLT_FAIL_COMMIT");
+                // System.out.println("SRVLT_FAIL_COMMIT");
 
                 // store a message in the signed audit log file
                 if (logType.equals(SIGNED_AUDIT_LOG_TYPE)) {
@@ -1173,8 +1174,8 @@ public class LogAdminServlet extends AdminServlet {
                 }
 
                 sendResponse(ERROR,
-                    CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"),
-                    null, resp);
+                        CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"),
+                        null, resp);
                 return;
             }
 
@@ -1192,17 +1193,17 @@ public class LogAdminServlet extends AdminServlet {
             sendResponse(SUCCESS, null, params, resp);
             return;
             // } catch( EBaseException eAudit1 ) {
-            //     // store a message in the signed audit log file
-            //     auditMessage = CMS.getLogMessage(
-            //                        LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT,
-            //                        auditSubjectID,
-            //                        ILogger.FAILURE,
-            //                        auditParams( req ) );
+            // // store a message in the signed audit log file
+            // auditMessage = CMS.getLogMessage(
+            // LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT,
+            // auditSubjectID,
+            // ILogger.FAILURE,
+            // auditParams( req ) );
             //
-            //     audit( auditMessage );
+            // audit( auditMessage );
             //
-            //     // rethrow the specific exception to be handled later
-            //     throw eAudit1;
+            // // rethrow the specific exception to be handled later
+            // throw eAudit1;
         } catch (IOException eAudit2) {
             // store a message in the signed audit log file
             auditMessage = CMS.getLogMessage(
@@ -1216,28 +1217,29 @@ public class LogAdminServlet extends AdminServlet {
             // rethrow the specific exception to be handled later
             throw eAudit2;
             // } catch( ServletException eAudit3 ) {
-            //     // store a message in the signed audit log file
-            //     auditMessage = CMS.getLogMessage(
-            //                        LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT,
-            //                        auditSubjectID,
-            //                        ILogger.FAILURE,
-            //                        auditParams( req ) );
+            // // store a message in the signed audit log file
+            // auditMessage = CMS.getLogMessage(
+            // LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT,
+            // auditSubjectID,
+            // ILogger.FAILURE,
+            // auditParams( req ) );
             //
-            //     audit( auditMessage );
+            // audit( auditMessage );
             //
-            //     // rethrow the specific exception to be handled later
-            //     throw eAudit3;
+            // // rethrow the specific exception to be handled later
+            // throw eAudit3;
         }
     }
 
     /**
      * Delete log plug-in
      * <P>
-     *
+     * 
      * <ul>
      * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT used when
      * configuring signedAudit
      * </ul>
+     * 
      * @param req HTTP servlet request
      * @param resp HTTP servlet response
      * @param scope string used to obtain the contents of the log's substore
@@ -1245,9 +1247,9 @@ public class LogAdminServlet extends AdminServlet {
      * @exception IOException an input/output error has occurred
      * @exception EBaseException an error has occurred
      */
-    private synchronized void delLogPlugin(HttpServletRequest req, 
-        HttpServletResponse resp, String scope) 
-        throws ServletException, IOException, EBaseException {
+    private synchronized void delLogPlugin(HttpServletRequest req,
+            HttpServletResponse resp, String scope)
+            throws ServletException, IOException, EBaseException {
         String auditMessage = null;
         String auditSubjectID = auditSubjectID();
 
@@ -1266,7 +1268,7 @@ public class LogAdminServlet extends AdminServlet {
             }
 
             if (id == null) {
-                //System.out.println("SRVLT_NULL_RS_ID");
+                // System.out.println("SRVLT_NULL_RS_ID");
 
                 // store a message in the signed audit log file
                 if (logType.equals(SIGNED_AUDIT_LOG_TYPE)) {
@@ -1280,8 +1282,8 @@ public class LogAdminServlet extends AdminServlet {
                 }
 
                 sendResponse(ERROR,
-                    CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
-                    null, resp);
+                        CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
+                        null, resp);
                 return;
             }
 
@@ -1298,15 +1300,14 @@ public class LogAdminServlet extends AdminServlet {
                 }
 
                 sendResponse(ERROR,
-                    new ELogPluginNotFound(CMS.getUserMessage(getLocale(req),"CMS_LOG_PLUGIN_NOT_FOUND",id)).toString(),
-                    null, resp);
+                        new ELogPluginNotFound(CMS.getUserMessage(getLocale(req), "CMS_LOG_PLUGIN_NOT_FOUND", id)).toString(),
+                        null, resp);
                 return;
             }
 
             // first check if any instances from this log
             // DON'T remove log if any instance
-            for (Enumeration<String> e = mSys.getLogInsts().keys();
-                e.hasMoreElements();) {
+            for (Enumeration<String> e = mSys.getLogInsts().keys(); e.hasMoreElements();) {
                 String name = (String) e.nextElement();
                 ILogEventListener log = mSys.getLogInstance(name);
 
@@ -1323,19 +1324,19 @@ public class LogAdminServlet extends AdminServlet {
                     }
 
                     sendResponse(ERROR,
-                            CMS.getUserMessage(getLocale(req),"CMS_LOG_SRVLT_IN_USE"), 
-                        null, resp);
+                            CMS.getUserMessage(getLocale(req), "CMS_LOG_SRVLT_IN_USE"),
+                            null, resp);
                     return;
                 }
             }
-		
+
             // then delete this log
             mSys.getLogPlugins().remove((Object) id);
 
             IConfigStore destStore =
-                mConfig.getSubStore("log");
+                    mConfig.getSubStore("log");
             IConfigStore instancesConfig =
-                destStore.getSubStore("impl");
+                    destStore.getSubStore("impl");
 
             instancesConfig.removeSubStore(id);
             // commiting
@@ -1354,8 +1355,8 @@ public class LogAdminServlet extends AdminServlet {
                 }
 
                 sendResponse(ERROR,
-                    CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"),
-                    null, resp);
+                        CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"),
+                        null, resp);
                 return;
             }
 
@@ -1373,17 +1374,17 @@ public class LogAdminServlet extends AdminServlet {
             sendResponse(SUCCESS, null, params, resp);
             return;
             // } catch( EBaseException eAudit1 ) {
-            //     // store a message in the signed audit log file
-            //     auditMessage = CMS.getLogMessage(
-            //                        LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT,
-            //                        auditSubjectID,
-            //                        ILogger.FAILURE,
-            //                        auditParams( req ) );
+            // // store a message in the signed audit log file
+            // auditMessage = CMS.getLogMessage(
+            // LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT,
+            // auditSubjectID,
+            // ILogger.FAILURE,
+            // auditParams( req ) );
             //
-            //     audit( auditMessage );
+            // audit( auditMessage );
             //
-            //     // rethrow the specific exception to be handled later
-            //     throw eAudit1;
+            // // rethrow the specific exception to be handled later
+            // throw eAudit1;
         } catch (IOException eAudit2) {
             // store a message in the signed audit log file
             auditMessage = CMS.getLogMessage(
@@ -1397,35 +1398,36 @@ public class LogAdminServlet extends AdminServlet {
             // rethrow the specific exception to be handled later
             throw eAudit2;
             // } catch( ServletException eAudit3 ) {
-            //     // store a message in the signed audit log file
-            //     auditMessage = CMS.getLogMessage(
-            //                        LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT,
-            //                        auditSubjectID,
-            //                        ILogger.FAILURE,
-            //                        auditParams( req ) );
+            // // store a message in the signed audit log file
+            // auditMessage = CMS.getLogMessage(
+            // LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT,
+            // auditSubjectID,
+            // ILogger.FAILURE,
+            // auditParams( req ) );
             //
-            //     audit( auditMessage );
+            // audit( auditMessage );
             //
-            //     // rethrow the specific exception to be handled later
-            //     throw eAudit3;
+            // // rethrow the specific exception to be handled later
+            // throw eAudit3;
         }
     }
 
     /**
      * Modify log instance
      * <P>
-     *
+     * 
      * <ul>
      * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT used when
      * configuring signedAudit
      * <li>signed.audit LOGGING_SIGNED_AUDIT_LOG_PATH_CHANGE used when log file
-     * name (including any path changes) for any of audit, system, transaction, 
+     * name (including any path changes) for any of audit, system, transaction,
      * or other customized log file change is attempted (authorization should
      * not allow, but make sure it's written after the attempt)
      * <li>signed.audit LOGGING_SIGNED_AUDIT_LOG_EXPIRATION_CHANGE used when log
      * expiration time change is attempted (authorization should not allow, but
      * make sure it's written after the attempt)
      * </ul>
+     * 
      * @param req HTTP servlet request
      * @param resp HTTP servlet response
      * @param scope string used to obtain the contents of the log's substore
@@ -1433,9 +1435,9 @@ public class LogAdminServlet extends AdminServlet {
      * @exception IOException an input/output error has occurred
      * @exception EBaseException an error has occurred
      */
-    private synchronized void modLogInst(HttpServletRequest req, 
-        HttpServletResponse resp, String scope)
-        throws ServletException, IOException, EBaseException {
+    private synchronized void modLogInst(HttpServletRequest req,
+            HttpServletResponse resp, String scope)
+            throws ServletException, IOException, EBaseException {
 
         String auditMessage = null;
         String auditSubjectID = auditSubjectID();
@@ -1476,7 +1478,7 @@ public class LogAdminServlet extends AdminServlet {
             }
 
             if (id == null) {
-                //System.out.println("SRVLT_NULL_RS_ID");
+                // System.out.println("SRVLT_NULL_RS_ID");
 
                 // store a message in the signed audit log file
                 if (logType.equals(SIGNED_AUDIT_LOG_TYPE)) {
@@ -1490,8 +1492,8 @@ public class LogAdminServlet extends AdminServlet {
                 }
 
                 sendResponse(ERROR,
-                    CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
-                    null, resp);
+                        CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
+                        null, resp);
                 return;
             }
 
@@ -1509,8 +1511,8 @@ public class LogAdminServlet extends AdminServlet {
                 }
 
                 sendResponse(ERROR,
-                        CMS.getUserMessage(getLocale(req),"CMS_LOG_SRVLT_ILL_INST_ID"),
-                    null, resp);
+                        CMS.getUserMessage(getLocale(req), "CMS_LOG_SRVLT_ILL_INST_ID"),
+                        null, resp);
                 return;
             }
 
@@ -1530,14 +1532,14 @@ public class LogAdminServlet extends AdminServlet {
                 }
 
                 sendResponse(ERROR,
-                        CMS.getUserMessage(getLocale(req),"CMS_LOG_SRVLT_ADD_MISSING_PARAMS"),
+                        CMS.getUserMessage(getLocale(req), "CMS_LOG_SRVLT_ADD_MISSING_PARAMS"),
 
-                    null, resp);
+                        null, resp);
                 return;
             }
             // get plugin for implementation
             LogPlugin plugin =
-                (LogPlugin) mSys.getLogPlugins().get(implname);
+                    (LogPlugin) mSys.getLogPlugins().get(implname);
 
             if (plugin == null) {
                 // store a message in the signed audit log file
@@ -1552,14 +1554,14 @@ public class LogAdminServlet extends AdminServlet {
                 }
 
                 sendResponse(ERROR,
-                    new ELogPluginNotFound(CMS.getUserMessage(getLocale(req),"CMS_LOG_PLUGIN_NOT_FOUND",implname)).toString(), null, resp);
+                        new ELogPluginNotFound(CMS.getUserMessage(getLocale(req), "CMS_LOG_PLUGIN_NOT_FOUND", implname)).toString(), null, resp);
                 return;
             }
 
             // save old instance substore params in case new one fails.
 
             ILogEventListener oldinst =
-                (ILogEventListener) mSys.getLogInstance(id);
+                    (ILogEventListener) mSys.getLogInstance(id);
             Vector<String> oldConfigParms = oldinst.getInstanceParams();
             NameValuePairs saveParams = new NameValuePairs();
 
@@ -1571,7 +1573,7 @@ public class LogAdminServlet extends AdminServlet {
                     int index = kv.indexOf('=');
 
                     saveParams.add(kv.substring(0, index),
-                        kv.substring(index + 1));
+                            kv.substring(index + 1));
                 }
             }
 
@@ -1580,27 +1582,27 @@ public class LogAdminServlet extends AdminServlet {
             // remove old substore.
 
             IConfigStore destStore =
-                mConfig.getSubStore("log");
+                    mConfig.getSubStore("log");
             IConfigStore instancesConfig =
-                destStore.getSubStore("instance");
+                    destStore.getSubStore("instance");
 
             // create new substore.
 
             Vector<String> configParams = mSys.getLogInstanceParams(id);
 
-            //instancesConfig.removeSubStore(id);
+            // instancesConfig.removeSubStore(id);
 
             IConfigStore substore = instancesConfig.makeSubStore(id);
 
             substore.put("pluginName", implname);
 
-            // Fix Blackflag Bug #615603:  Currently, although expiring log
+            // Fix Blackflag Bug #615603: Currently, although expiring log
             // files is no longer supported, it is still a required parameter
             // that must be present during the creation and modification of
             // custom log plugins.
             substore.put("expirationTime", "0");
 
-            // IMPORTANT:  save a copy of the original log file path
+            // IMPORTANT: save a copy of the original log file path
             origLogPath = substore.getString(Constants.PR_LOG_FILENAME);
             newLogPath = origLogPath;
 
@@ -1612,7 +1614,7 @@ public class LogAdminServlet extends AdminServlet {
                 newLogPath = "";
             }
 
-            // IMPORTANT:  save a copy of the original log expiration time
+            // IMPORTANT: save a copy of the original log expiration time
             origExpirationTime = substore.getString(
                         Constants.PR_LOG_EXPIRED_TIME);
             newExpirationTime = origExpirationTime;
@@ -1627,16 +1629,15 @@ public class LogAdminServlet extends AdminServlet {
 
             if (configParams != null) {
                 for (int i = 0; i < configParams.size(); i++) {
-                    AUTHZ_RES_NAME = 
+                    AUTHZ_RES_NAME =
                             "certServer.log.configuration";
                     String kv = (String) configParams.elementAt(i);
                     int index = kv.indexOf('=');
                     String key = kv.substring(0, index);
                     String val = req.getParameter(key);
 
-                    if
-                    (key.equals("level")) {
-                        if (val.equals(ILogger.LL_DEBUG_STRING)) 
+                    if (key.equals("level")) {
+                        if (val.equals(ILogger.LL_DEBUG_STRING))
                             val = "0";
                         else if (val.equals(ILogger.LL_INFO_STRING))
                             val = "1";
@@ -1653,9 +1654,8 @@ public class LogAdminServlet extends AdminServlet {
 
                     }
 
-                    if
-                    (key.equals("rolloverInterval")) {
-                        if (val.equals("Hourly")) 
+                    if (key.equals("rolloverInterval")) {
+                        if (val.equals("Hourly"))
                             val = Integer.toString(60 * 60);
                         else if (val.equals("Daily"))
                             val = Integer.toString(60 * 60 * 24);
@@ -1667,8 +1667,7 @@ public class LogAdminServlet extends AdminServlet {
                             val = Integer.toString(60 * 60 * 24 * 365);
                     }
 
-                    if
-                    (key.equals(Constants.PR_LOG_TYPE)) {
+                    if (key.equals(Constants.PR_LOG_TYPE)) {
                         type = val;
                     }
 
@@ -1679,7 +1678,7 @@ public class LogAdminServlet extends AdminServlet {
                             val = val.trim();
                             newLogPath = val;
                             if (!val.equals(origVal.trim())) {
-                                AUTHZ_RES_NAME = 
+                                AUTHZ_RES_NAME =
                                         "certServer.log.configuration.fileName";
                                 mOp = "modify";
                                 if ((mToken = super.authorize(req)) == null) {
@@ -1709,58 +1708,45 @@ public class LogAdminServlet extends AdminServlet {
                                     }
 
                                     sendResponse(ERROR,
-                                        CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
-                                        null, resp);
-                                    return;
-                                }
-                            }
-                        }
-/*
-                        if (key.equals("expirationTime")) {
-                            String origVal = substore.getString(key);
-
-                            val = val.trim();
-                            newExpirationTime = val;
-                            if (!val.equals(origVal.trim())) {
-                                if (id.equals(SIGNED_AUDIT_LOG_TYPE)) {
-                                    AUTHZ_RES_NAME = 
-                                            "certServer.log.configuration.signedAudit.expirationTime";
-                                }
-                                mOp = "modify";
-                                if ((mToken = super.authorize(req)) == null) {
-                                    // store a message in the signed audit log
-                                    // file (regardless of logType)
-                                    if (!(newExpirationTime.equals(origExpirationTime))) {
-                                        auditMessage = CMS.getLogMessage(
-                                                    LOGGING_SIGNED_AUDIT_LOG_EXPIRATION_CHANGE,
-                                                    auditSubjectID,
-                                                    ILogger.FAILURE,
-                                                    logType,
-                                                    newExpirationTime);
-
-                                        audit(auditMessage);
-                                    }
-
-                                    // store a message in the signed audit log
-                                    // file
-                                    if (logType.equals(SIGNED_AUDIT_LOG_TYPE)) {
-                                        auditMessage = CMS.getLogMessage(
-                                                    LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT,
-                                                    auditSubjectID,
-                                                    ILogger.FAILURE,
-                                                    auditParams(req));
-
-                                        audit(auditMessage);
-                                    }
-
-                                    sendResponse(ERROR,
-                                        CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
-                                        null, resp);
+                                            CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
+                                            null, resp);
                                     return;
                                 }
                             }
                         }
-*/
+                        /*
+                         * if (key.equals("expirationTime")) { String origVal =
+                         * substore.getString(key);
+                         * 
+                         * val = val.trim(); newExpirationTime = val; if
+                         * (!val.equals(origVal.trim())) { if
+                         * (id.equals(SIGNED_AUDIT_LOG_TYPE)) { AUTHZ_RES_NAME =
+                         * "certServer.log.configuration.signedAudit.expirationTime"
+                         * ; } mOp = "modify"; if ((mToken =
+                         * super.authorize(req)) == null) { // store a message
+                         * in the signed audit log // file (regardless of
+                         * logType) if
+                         * (!(newExpirationTime.equals(origExpirationTime))) {
+                         * auditMessage = CMS.getLogMessage(
+                         * LOGGING_SIGNED_AUDIT_LOG_EXPIRATION_CHANGE,
+                         * auditSubjectID, ILogger.FAILURE, logType,
+                         * newExpirationTime);
+                         * 
+                         * audit(auditMessage); }
+                         * 
+                         * // store a message in the signed audit log // file if
+                         * (logType.equals(SIGNED_AUDIT_LOG_TYPE)) {
+                         * auditMessage = CMS.getLogMessage(
+                         * LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT,
+                         * auditSubjectID, ILogger.FAILURE, auditParams(req));
+                         * 
+                         * audit(auditMessage); }
+                         * 
+                         * sendResponse(ERROR,
+                         * CMS.getUserMessage(getLocale(req),
+                         * "CMS_ADMIN_SRVLT_AUTHZ_FAILED"), null, resp); return;
+                         * } } }
+                         */
                         substore.put(key, val);
                     }
                 }
@@ -1772,7 +1758,7 @@ public class LogAdminServlet extends AdminServlet {
             ILogEventListener newMgrInst = null;
 
             try {
-                newMgrInst = (ILogEventListener) 
+                newMgrInst = (ILogEventListener)
                         Class.forName(className).newInstance();
             } catch (ClassNotFoundException e) {
                 // check to see if the log file path parameter was changed
@@ -1800,16 +1786,13 @@ public class LogAdminServlet extends AdminServlet {
                 // store a message in the signed audit log file
                 // (regardless of logType)
                 /*
-                if (!(newExpirationTime.equals(origExpirationTime))) {
-                    auditMessage = CMS.getLogMessage(
-                                LOGGING_SIGNED_AUDIT_LOG_EXPIRATION_CHANGE,
-                                auditSubjectID,
-                                ILogger.FAILURE,
-                                logType,
-                                newExpirationTime);
-
-                    audit(auditMessage);
-                }*/
+                 * if (!(newExpirationTime.equals(origExpirationTime))) {
+                 * auditMessage = CMS.getLogMessage(
+                 * LOGGING_SIGNED_AUDIT_LOG_EXPIRATION_CHANGE, auditSubjectID,
+                 * ILogger.FAILURE, logType, newExpirationTime);
+                 * 
+                 * audit(auditMessage); }
+                 */
 
                 // store a message in the signed audit log file
                 if (logType.equals(SIGNED_AUDIT_LOG_TYPE)) {
@@ -1823,15 +1806,15 @@ public class LogAdminServlet extends AdminServlet {
                 }
 
                 sendResponse(ERROR,
-                    new ELogException(CMS.getUserMessage(getLocale(req),"CMS_LOG_LOAD_CLASS_FAIL", className)).toString(),
-                    null, resp);
+                        new ELogException(CMS.getUserMessage(getLocale(req), "CMS_LOG_LOAD_CLASS_FAIL", className)).toString(),
+                        null, resp);
                 return;
             } catch (InstantiationException e) {
                 // check to see if the log file path parameter was changed
                 newLogPath = auditCheckLogPath(req);
 
                 // check to see if the log expiration time parameter was changed
-                //newExpirationTime = auditCheckLogExpirationTime(req);
+                // newExpirationTime = auditCheckLogExpirationTime(req);
 
                 restore(instancesConfig, id, saveParams);
 
@@ -1850,16 +1833,14 @@ public class LogAdminServlet extends AdminServlet {
 
                 // store a message in the signed audit log file
                 // (regardless of logType)
-                /*if (!(newExpirationTime.equals(origExpirationTime))) {
-                    auditMessage = CMS.getLogMessage(
-                                LOGGING_SIGNED_AUDIT_LOG_EXPIRATION_CHANGE,
-                                auditSubjectID,
-                                ILogger.FAILURE,
-                                logType,
-                                newExpirationTime);
-
-                    audit(auditMessage);
-                }*/
+                /*
+                 * if (!(newExpirationTime.equals(origExpirationTime))) {
+                 * auditMessage = CMS.getLogMessage(
+                 * LOGGING_SIGNED_AUDIT_LOG_EXPIRATION_CHANGE, auditSubjectID,
+                 * ILogger.FAILURE, logType, newExpirationTime);
+                 * 
+                 * audit(auditMessage); }
+                 */
 
                 // store a message in the signed audit log file
                 if (logType.equals(SIGNED_AUDIT_LOG_TYPE)) {
@@ -1873,15 +1854,15 @@ public class LogAdminServlet extends AdminServlet {
                 }
 
                 sendResponse(ERROR,
-                    new ELogException(CMS.getUserMessage(getLocale(req),"CMS_LOG_LOAD_CLASS_FAIL", className)).toString(),
-                    null, resp);
+                        new ELogException(CMS.getUserMessage(getLocale(req), "CMS_LOG_LOAD_CLASS_FAIL", className)).toString(),
+                        null, resp);
                 return;
             } catch (IllegalAccessException e) {
                 // check to see if the log file path parameter was changed
                 newLogPath = auditCheckLogPath(req);
 
                 // check to see if the log expiration time parameter was changed
-                //newExpirationTime = auditCheckLogExpirationTime(req);
+                // newExpirationTime = auditCheckLogExpirationTime(req);
 
                 restore(instancesConfig, id, saveParams);
 
@@ -1900,16 +1881,14 @@ public class LogAdminServlet extends AdminServlet {
 
                 // store a message in the signed audit log file
                 // (regardless of logType)
-                /* if (!(newExpirationTime.equals(origExpirationTime))) {
-                    auditMessage = CMS.getLogMessage(
-                                LOGGING_SIGNED_AUDIT_LOG_EXPIRATION_CHANGE,
-                                auditSubjectID,
-                                ILogger.FAILURE,
-                                logType,
-                                newExpirationTime);
-
-                    audit(auditMessage);
-                } */
+                /*
+                 * if (!(newExpirationTime.equals(origExpirationTime))) {
+                 * auditMessage = CMS.getLogMessage(
+                 * LOGGING_SIGNED_AUDIT_LOG_EXPIRATION_CHANGE, auditSubjectID,
+                 * ILogger.FAILURE, logType, newExpirationTime);
+                 * 
+                 * audit(auditMessage); }
+                 */
 
                 // store a message in the signed audit log file
                 if (logType.equals(SIGNED_AUDIT_LOG_TYPE)) {
@@ -1923,13 +1902,13 @@ public class LogAdminServlet extends AdminServlet {
                 }
 
                 sendResponse(ERROR,
-                    new ELogException(CMS.getUserMessage(getLocale(req),"CMS_LOG_LOAD_CLASS_FAIL", className)).toString(),
-                    null, resp);
+                        new ELogException(CMS.getUserMessage(getLocale(req), "CMS_LOG_LOAD_CLASS_FAIL", className)).toString(),
+                        null, resp);
                 return;
             }
             // initialize the log
 
-            // initialized ok.  commiting
+            // initialized ok. commiting
             try {
                 mConfig.commit(true);
             } catch (EBaseException e) {
@@ -1941,7 +1920,7 @@ public class LogAdminServlet extends AdminServlet {
 
                 // clean up.
                 restore(instancesConfig, id, saveParams);
-                //System.out.println("SRVLT_FAIL_COMMIT");
+                // System.out.println("SRVLT_FAIL_COMMIT");
 
                 // store a message in the signed audit log file
                 // (regardless of logType)
@@ -1958,16 +1937,14 @@ public class LogAdminServlet extends AdminServlet {
 
                 // store a message in the signed audit log file
                 // (regardless of logType)
-                /* if (!(newExpirationTime.equals(origExpirationTime))) {
-                    auditMessage = CMS.getLogMessage(
-                                LOGGING_SIGNED_AUDIT_LOG_EXPIRATION_CHANGE,
-                                auditSubjectID,
-                                ILogger.FAILURE,
-                                logType,
-                                newExpirationTime);
-
-                    audit(auditMessage);
-                }*/
+                /*
+                 * if (!(newExpirationTime.equals(origExpirationTime))) {
+                 * auditMessage = CMS.getLogMessage(
+                 * LOGGING_SIGNED_AUDIT_LOG_EXPIRATION_CHANGE, auditSubjectID,
+                 * ILogger.FAILURE, logType, newExpirationTime);
+                 * 
+                 * audit(auditMessage); }
+                 */
 
                 // store a message in the signed audit log file
                 if (logType.equals(SIGNED_AUDIT_LOG_TYPE)) {
@@ -1981,18 +1958,19 @@ public class LogAdminServlet extends AdminServlet {
                 }
 
                 sendResponse(ERROR,
-                    CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"),
-                    null, resp);
+                        CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"),
+                        null, resp);
                 return;
             }
 
             // commited ok. replace instance.
 
-			// REMOVED - we didn't do anything to shut off the old instance
-			// so, it will still be running at this point. You'd have two
-			// log isntances writing to the same file - this would be a big PROBLEM!!!
+            // REMOVED - we didn't do anything to shut off the old instance
+            // so, it will still be running at this point. You'd have two
+            // log isntances writing to the same file - this would be a big
+            // PROBLEM!!!
 
-            //mSys.getLogInsts().put(id, newMgrInst);
+            // mSys.getLogInsts().put(id, newMgrInst);
 
             NameValuePairs params = new NameValuePairs();
 
@@ -2000,7 +1978,7 @@ public class LogAdminServlet extends AdminServlet {
             newLogPath = auditCheckLogPath(req);
 
             // check to see if the log expiration time parameter was changed
-            //newExpirationTime = auditCheckLogExpirationTime(req);
+            // newExpirationTime = auditCheckLogExpirationTime(req);
 
             // store a message in the signed audit log file
             // (regardless of logType)
@@ -2017,16 +1995,14 @@ public class LogAdminServlet extends AdminServlet {
 
             // store a message in the signed audit log file
             // (regardless of logType)
-            /*if (!(newExpirationTime.equals(origExpirationTime))) {
-                auditMessage = CMS.getLogMessage(
-                            LOGGING_SIGNED_AUDIT_LOG_EXPIRATION_CHANGE,
-                            auditSubjectID,
-                            ILogger.SUCCESS,
-                            logType,
-                            newExpirationTime);
-
-                audit(auditMessage);
-            }*/
+            /*
+             * if (!(newExpirationTime.equals(origExpirationTime))) {
+             * auditMessage = CMS.getLogMessage(
+             * LOGGING_SIGNED_AUDIT_LOG_EXPIRATION_CHANGE, auditSubjectID,
+             * ILogger.SUCCESS, logType, newExpirationTime);
+             * 
+             * audit(auditMessage); }
+             */
 
             // store a message in the signed audit log file
             if (logType.equals(SIGNED_AUDIT_LOG_TYPE)) {
@@ -2063,16 +2039,14 @@ public class LogAdminServlet extends AdminServlet {
 
             // store a message in the signed audit log file
             // (regardless of logType)
-            /* if (!(newExpirationTime.equals(origExpirationTime))) {
-                auditMessage = CMS.getLogMessage(
-                            LOGGING_SIGNED_AUDIT_LOG_EXPIRATION_CHANGE,
-                            auditSubjectID,
-                            ILogger.FAILURE,
-                            logType,
-                            newExpirationTime);
-
-                audit(auditMessage);
-            } */
+            /*
+             * if (!(newExpirationTime.equals(origExpirationTime))) {
+             * auditMessage = CMS.getLogMessage(
+             * LOGGING_SIGNED_AUDIT_LOG_EXPIRATION_CHANGE, auditSubjectID,
+             * ILogger.FAILURE, logType, newExpirationTime);
+             * 
+             * audit(auditMessage); }
+             */
 
             // store a message in the signed audit log file
             if (logType.equals(SIGNED_AUDIT_LOG_TYPE)) {
@@ -2109,16 +2083,14 @@ public class LogAdminServlet extends AdminServlet {
 
             // store a message in the signed audit log file
             // (regardless of logType)
-            /*if (!(newExpirationTime.equals(origExpirationTime))) {
-                auditMessage = CMS.getLogMessage(
-                            LOGGING_SIGNED_AUDIT_LOG_EXPIRATION_CHANGE,
-                            auditSubjectID,
-                            ILogger.FAILURE,
-                            logType,
-                            newExpirationTime);
-
-                audit(auditMessage);
-            }*/
+            /*
+             * if (!(newExpirationTime.equals(origExpirationTime))) {
+             * auditMessage = CMS.getLogMessage(
+             * LOGGING_SIGNED_AUDIT_LOG_EXPIRATION_CHANGE, auditSubjectID,
+             * ILogger.FAILURE, logType, newExpirationTime);
+             * 
+             * audit(auditMessage); }
+             */
 
             // store a message in the signed audit log file
             if (logType.equals(SIGNED_AUDIT_LOG_TYPE)) {
@@ -2134,74 +2106,73 @@ public class LogAdminServlet extends AdminServlet {
             // rethrow the specific exception to be handled later
             throw eAudit2;
             // } catch( ServletException eAudit3 ) {
-            //     // check to see if the log file path parameter was changed
-            //     newLogPath = auditCheckLogPath( req );
+            // // check to see if the log file path parameter was changed
+            // newLogPath = auditCheckLogPath( req );
             //
-            //     // check to see if the log expiration time parameter was changed
-            //     newExpirationTime = auditCheckLogExpirationTime( req );
+            // // check to see if the log expiration time parameter was changed
+            // newExpirationTime = auditCheckLogExpirationTime( req );
             //
-            //     // store a message in the signed audit log file
-            //     // (regardless of logType)
-            //     if( !( newLogPath.equals( origLogPath ) ) ) {
-            //         auditMessage = CMS.getLogMessage(
-            //                            LOGGING_SIGNED_AUDIT_LOG_PATH_CHANGE,
-            //                            auditSubjectID,
-            //                            ILogger.FAILURE,
-            //                            logType,
-            //                            newLogPath );
+            // // store a message in the signed audit log file
+            // // (regardless of logType)
+            // if( !( newLogPath.equals( origLogPath ) ) ) {
+            // auditMessage = CMS.getLogMessage(
+            // LOGGING_SIGNED_AUDIT_LOG_PATH_CHANGE,
+            // auditSubjectID,
+            // ILogger.FAILURE,
+            // logType,
+            // newLogPath );
             //
-            //         audit( auditMessage );
-            //     }
+            // audit( auditMessage );
+            // }
             //
-            //     // store a message in the signed audit log file
-            //     // (regardless of logType)
-            //     if( !( newExpirationTime.equals( origExpirationTime ) ) ) {
-            //         auditMessage = CMS.getLogMessage(
-            //                            LOGGING_SIGNED_AUDIT_LOG_EXPIRATION_CHANGE,
-            //                            auditSubjectID,
-            //                            ILogger.FAILURE,
-            //                            logType,
-            //                            newExpirationTime );
+            // // store a message in the signed audit log file
+            // // (regardless of logType)
+            // if( !( newExpirationTime.equals( origExpirationTime ) ) ) {
+            // auditMessage = CMS.getLogMessage(
+            // LOGGING_SIGNED_AUDIT_LOG_EXPIRATION_CHANGE,
+            // auditSubjectID,
+            // ILogger.FAILURE,
+            // logType,
+            // newExpirationTime );
             //
-            //         audit( auditMessage );
-            //     }
+            // audit( auditMessage );
+            // }
             //
-            //     // store a message in the signed audit log file
-            //     if( logType.equals( SIGNED_AUDIT_LOG_TYPE ) ) {
-            //         auditMessage = CMS.getLogMessage(
-            //                            LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT,
-            //                            auditSubjectID,
-            //                            ILogger.FAILURE,
-            //                            auditParams( req ) );
+            // // store a message in the signed audit log file
+            // if( logType.equals( SIGNED_AUDIT_LOG_TYPE ) ) {
+            // auditMessage = CMS.getLogMessage(
+            // LOGGING_SIGNED_AUDIT_CONFIG_SIGNED_AUDIT,
+            // auditSubjectID,
+            // ILogger.FAILURE,
+            // auditParams( req ) );
             //
-            //         audit( auditMessage );
-            //     }
+            // audit( auditMessage );
+            // }
             //
-            //     // rethrow the specific exception to be handled later
-            //     throw eAudit3;
+            // // rethrow the specific exception to be handled later
+            // throw eAudit3;
         }
     }
 
     /**
-     * used for getting the required configuration parameters (with
-     *	 possible default values) for a particular  plugin
-     * implementation name specified in the RS_ID.  Actually, there is
-     *	 no logic in here to set any default value here...there's no
-     *	 default value for any parameter in this log subsystem
-     *	 at this point.  Later, if we do have one (or some), it can be
-     *	 added.  The interface remains the same.
+     * used for getting the required configuration parameters (with possible
+     * default values) for a particular plugin implementation name specified in
+     * the RS_ID. Actually, there is no logic in here to set any default value
+     * here...there's no default value for any parameter in this log subsystem
+     * at this point. Later, if we do have one (or some), it can be added. The
+     * interface remains the same.
      */
-    private synchronized void getConfig(HttpServletRequest req, 
-        HttpServletResponse resp)
-        throws ServletException, IOException, EBaseException {
+    private synchronized void getConfig(HttpServletRequest req,
+            HttpServletResponse resp)
+            throws ServletException, IOException, EBaseException {
 
         String implname = req.getParameter(Constants.RS_ID);
 
         if (implname == null) {
-            //System.out.println("SRVLT_NULL_RS_ID");
+            // System.out.println("SRVLT_NULL_RS_ID");
             sendResponse(ERROR,
-                CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
-                null, resp);
+                    CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
+                    null, resp);
             return;
         }
 
@@ -2218,8 +2189,8 @@ public class LogAdminServlet extends AdminServlet {
                 if (index == -1) {
                     params.add(kv, "");
                 } else {
-                    params.add(kv.substring(0, index), 
-                        kv.substring(index + 1));
+                    params.add(kv.substring(0, index),
+                            kv.substring(index + 1));
                 }
             }
         }
@@ -2227,43 +2198,43 @@ public class LogAdminServlet extends AdminServlet {
         return;
     }
 
-    private synchronized void getInstConfig(HttpServletRequest req, 
-        HttpServletResponse resp) throws ServletException, 
+    private synchronized void getInstConfig(HttpServletRequest req,
+            HttpServletResponse resp) throws ServletException,
             IOException, EBaseException {
 
         String id = req.getParameter(Constants.RS_ID);
 
         if (id == null) {
-            //System.out.println("SRVLT_NULL_RS_ID");
+            // System.out.println("SRVLT_NULL_RS_ID");
             sendResponse(ERROR,
-                CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
-                null, resp);
+                    CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
+                    null, resp);
             return;
         }
 
         // does log instance exist?
         if (mSys.getLogInsts().containsKey(id) == false) {
             sendResponse(ERROR,
-                new ELogNotFound(CMS.getUserMessage(getLocale(req),"CMS_LOG_INSTANCE_NOT_FOUND",id)).toString(),
-                null, resp);
+                    new ELogNotFound(CMS.getUserMessage(getLocale(req), "CMS_LOG_INSTANCE_NOT_FOUND", id)).toString(),
+                    null, resp);
             return;
         }
 
         ILogEventListener logInst = (ILogEventListener)
-            mSys.getLogInstance(id);
+                mSys.getLogInstance(id);
         Vector<String> configParams = logInst.getInstanceParams();
         NameValuePairs params = new NameValuePairs();
 
-        params.add(Constants.PR_LOG_IMPL_NAME, 
-            getLogPluginName(logInst));
+        params.add(Constants.PR_LOG_IMPL_NAME,
+                getLogPluginName(logInst));
         // implName is always required so always send it.
         if (configParams != null) {
             for (int i = 0; i < configParams.size(); i++) {
                 String kv = (String) configParams.elementAt(i);
                 int index = kv.indexOf('=');
 
-                params.add(kv.substring(0, index), 
-                    kv.substring(index + 1));
+                params.add(kv.substring(0, index),
+                        kv.substring(index + 1));
             }
         }
 
@@ -2272,8 +2243,8 @@ public class LogAdminServlet extends AdminServlet {
     }
 
     // convenience routine.
-    private static void restore(IConfigStore store, 
-        String id, NameValuePairs saveParams) {
+    private static void restore(IConfigStore store,
+            String id, NameValuePairs saveParams) {
         store.removeSubStore(id);
         IConfigStore rstore = store.makeSubStore(id);
 
@@ -2283,17 +2254,17 @@ public class LogAdminServlet extends AdminServlet {
             String key = (String) keys.nextElement();
             String value = saveParams.getValue(key);
 
-            if (value != null) 
+            if (value != null)
                 rstore.put(key, value);
         }
     }
 
     /**
      * Signed Audit Check Log Path
-     *
+     * 
      * This method is called to extract the log file path.
      * <P>
-     *
+     * 
      * @param req http servlet request
      * @return a string containing the log file path
      */
@@ -2311,7 +2282,7 @@ public class LogAdminServlet extends AdminServlet {
     }
 
     private void getGeneralConfig(HttpServletRequest req,
-        HttpServletResponse resp) throws ServletException,
+            HttpServletResponse resp) throws ServletException,
             IOException, EBaseException {
 
         NameValuePairs params = new NameValuePairs();
@@ -2327,11 +2298,11 @@ public class LogAdminServlet extends AdminServlet {
     }
 
     private void setGeneralConfig(HttpServletRequest req,
-        HttpServletResponse resp) throws ServletException,
+            HttpServletResponse resp) throws ServletException,
             IOException, EBaseException {
 
         @SuppressWarnings("unchecked")
-		Enumeration<String> enum1 = req.getParameterNames();
+        Enumeration<String> enum1 = req.getParameterNames();
         boolean restart = false;
 
         while (enum1.hasMoreElements()) {
@@ -2353,7 +2324,7 @@ public class LogAdminServlet extends AdminServlet {
                     CMS.debug("setGeneralConfig: Invalid value for " + Constants.PR_DEBUG_LOG_LEVEL + ": " + value);
                     throw new EBaseException("Invalid value for " + Constants.PR_DEBUG_LOG_LEVEL);
                 }
-            } 
+            }
         }
 
         mConfig.commit(true);
@@ -2365,4 +2336,3 @@ public class LogAdminServlet extends AdminServlet {
     }
 
 }
-
diff --git a/pki/base/common/src/com/netscape/cms/servlet/admin/OCSPAdminServlet.java b/pki/base/common/src/com/netscape/cms/servlet/admin/OCSPAdminServlet.java
index 152b364f..263878f0 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/admin/OCSPAdminServlet.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/admin/OCSPAdminServlet.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.servlet.admin;
 
-
 import java.io.IOException;
 import java.util.Enumeration;
 import java.util.Locale;
@@ -39,13 +38,11 @@ import com.netscape.certsrv.logging.ILogger;
 import com.netscape.certsrv.ocsp.IOCSPAuthority;
 import com.netscape.certsrv.ocsp.IOCSPStore;
 
-
 /**
- * A class representings an administration servlet for Certificate
- * Authority. This servlet is responsible to serve OCSP 
- * administrative operations such as configuration parameter 
- * updates.
- *
+ * A class representings an administration servlet for Certificate Authority.
+ * This servlet is responsible to serve OCSP administrative operations such as
+ * configuration parameter updates.
+ * 
  * @version $Revision$, $Date$
  */
 public class OCSPAdminServlet extends AdminServlet {
@@ -60,7 +57,7 @@ public class OCSPAdminServlet extends AdminServlet {
     private final static String INFO = "OCSPAdminServlet";
 
     private final static String LOGGING_SIGNED_AUDIT_CONFIG_OCSP_PROFILE =
-        "LOGGING_SIGNED_AUDIT_CONFIG_OCSP_PROFILE_3";
+            "LOGGING_SIGNED_AUDIT_CONFIG_OCSP_PROFILE_3";
 
     private IOCSPAuthority mOCSP = null;
 
@@ -84,33 +81,33 @@ public class OCSPAdminServlet extends AdminServlet {
     }
 
     /**
-     * Serves HTTP request. Each request is authenticated to
-     * the authenticate manager.
+     * Serves HTTP request. Each request is authenticated to the authenticate
+     * manager.
      */
     public void service(HttpServletRequest req, HttpServletResponse resp)
-        throws ServletException, IOException {
+            throws ServletException, IOException {
         super.service(req, resp);
-			    
-        //get all operational flags
+
+        // get all operational flags
         String op = req.getParameter(Constants.OP_TYPE);
         String scope = req.getParameter(Constants.OP_SCOPE);
 
-        //check operational flags
+        // check operational flags
         if ((op == null) || (scope == null)) {
             sendResponse(1, "Invalid Protocol", null, resp);
             return;
-        }			    
+        }
 
         super.authenticate(req);
-		
+
         try {
             AUTHZ_RES_NAME = "certServer.ocsp.configuration";
             if (scope.equals(ScopeDef.SC_EXTENDED_PLUGIN_INFO)) {
                 mOp = "read";
                 if ((mToken = super.authorize(req)) == null) {
                     sendResponse(ERROR,
-                        CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
-                        null, resp);
+                            CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
+                            null, resp);
                     return;
                 }
                 try {
@@ -126,8 +123,8 @@ public class OCSPAdminServlet extends AdminServlet {
                     mOp = "modify";
                     if ((mToken = super.authorize(req)) == null) {
                         sendResponse(ERROR,
-                            CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
-                            null, resp);
+                                CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
+                                null, resp);
                         return;
                     }
                     setDefaultStore(req, resp);
@@ -139,8 +136,8 @@ public class OCSPAdminServlet extends AdminServlet {
                 mOp = "read";
                 if ((mToken = super.authorize(req)) == null) {
                     sendResponse(ERROR,
-                        CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
-                        null, resp);
+                            CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
+                            null, resp);
                     return;
                 }
                 if (scope.equals(ScopeDef.SC_GENERAL)) {
@@ -154,8 +151,8 @@ public class OCSPAdminServlet extends AdminServlet {
                 mOp = "modify";
                 if ((mToken = super.authorize(req)) == null) {
                     sendResponse(ERROR,
-                        CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
-                        null, resp);
+                            CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
+                            null, resp);
                     return;
                 }
                 if (scope.equals(ScopeDef.SC_GENERAL)) {
@@ -169,8 +166,8 @@ public class OCSPAdminServlet extends AdminServlet {
                 mOp = "read";
                 if ((mToken = super.authorize(req)) == null) {
                     sendResponse(ERROR,
-                        CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
-                        null, resp);
+                            CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
+                            null, resp);
                     return;
                 }
                 if (scope.equals(ScopeDef.SC_OCSPSTORES_RULES)) {
@@ -185,11 +182,11 @@ public class OCSPAdminServlet extends AdminServlet {
     }
 
     /**
-     * retrieve extended plugin info such as brief description,
-     * type info from CRL extensions
+     * retrieve extended plugin info such as brief description, type info from
+     * CRL extensions
      */
     private void getExtendedPluginInfo(HttpServletRequest req,
-        HttpServletResponse resp) throws ServletException,
+            HttpServletResponse resp) throws ServletException,
             IOException, EBaseException {
         String id = req.getParameter(Constants.RS_ID);
         int colon = id.indexOf(':');
@@ -198,7 +195,7 @@ public class OCSPAdminServlet extends AdminServlet {
         String implName = id.substring(colon + 1);
 
         NameValuePairs params =
-            getExtendedPluginInfo(getLocale(req), implType, implName);
+                getExtendedPluginInfo(getLocale(req), implType, implName);
 
         sendResponse(SUCCESS, null, params, resp);
     }
@@ -229,12 +226,13 @@ public class OCSPAdminServlet extends AdminServlet {
     /**
      * Set default OCSP store
      * <P>
-     *
+     * 
      * <ul>
      * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_OCSP_PROFILE used when
      * configuring OCSP profile (everything under Online Certificate Status
      * Manager)
      * </ul>
+     * 
      * @param req HTTP servlet request
      * @param resp HTTP servlet response
      * @exception ServletException a servlet error has occurred
@@ -242,8 +240,8 @@ public class OCSPAdminServlet extends AdminServlet {
      * @exception EBaseException an error has occurred
      */
     private void setDefaultStore(HttpServletRequest req,
-        HttpServletResponse resp)
-        throws ServletException, IOException, EBaseException {
+            HttpServletResponse resp)
+            throws ServletException, IOException, EBaseException {
         String auditMessage = null;
         String auditSubjectID = auditSubjectID();
 
@@ -253,7 +251,7 @@ public class OCSPAdminServlet extends AdminServlet {
             String id = req.getParameter(Constants.RS_ID);
 
             mOCSP.getConfigStore().putString(IOCSPAuthority.PROP_DEF_STORE_ID,
-                id);
+                    id);
             commit(true);
 
             // store a message in the signed audit log file
@@ -291,23 +289,23 @@ public class OCSPAdminServlet extends AdminServlet {
             // rethrow the specific exception to be handled later
             throw eAudit2;
             // } catch( ServletException eAudit3 ) {
-            //     // store a message in the signed audit log file
-            //     auditMessage = CMS.getLogMessage(
-            //                        LOGGING_SIGNED_AUDIT_CONFIG_OCSP_PROFILE,
-            //                        auditSubjectID,
-            //                        ILogger.FAILURE,
-            //                        auditParams( req ) );
+            // // store a message in the signed audit log file
+            // auditMessage = CMS.getLogMessage(
+            // LOGGING_SIGNED_AUDIT_CONFIG_OCSP_PROFILE,
+            // auditSubjectID,
+            // ILogger.FAILURE,
+            // auditParams( req ) );
             //
-            //     audit( auditMessage );
+            // audit( auditMessage );
             //
-            //     // rethrow the specific exception to be handled later
-            //     throw eAudit3;
+            // // rethrow the specific exception to be handled later
+            // throw eAudit3;
         }
     }
 
     private void getOCSPStoresConfig(HttpServletRequest req,
-        HttpServletResponse resp)
-        throws ServletException, IOException, EBaseException {
+            HttpServletResponse resp)
+            throws ServletException, IOException, EBaseException {
         String id = req.getParameter(Constants.RS_ID);
 
         IOCSPStore store = mOCSP.getOCSPStore(id);
@@ -319,12 +317,13 @@ public class OCSPAdminServlet extends AdminServlet {
     /**
      * Set OCSP store configuration
      * <P>
-     *
+     * 
      * <ul>
      * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_OCSP_PROFILE used when
      * configuring OCSP profile (everything under Online Certificate Status
      * Manager)
      * </ul>
+     * 
      * @param req HTTP servlet request
      * @param resp HTTP servlet response
      * @exception ServletException a servlet error has occurred
@@ -332,8 +331,8 @@ public class OCSPAdminServlet extends AdminServlet {
      * @exception EBaseException an error has occurred
      */
     private void setOCSPStoresConfig(HttpServletRequest req,
-        HttpServletResponse resp)
-        throws ServletException, IOException, EBaseException {
+            HttpServletResponse resp)
+            throws ServletException, IOException, EBaseException {
         String auditMessage = null;
         String auditSubjectID = auditSubjectID();
 
@@ -403,23 +402,23 @@ public class OCSPAdminServlet extends AdminServlet {
             // rethrow the specific exception to be handled later
             throw eAudit2;
             // } catch( ServletException eAudit3 ) {
-            //     // store a message in the signed audit log file
-            //     auditMessage = CMS.getLogMessage(
-            //                        LOGGING_SIGNED_AUDIT_CONFIG_OCSP_PROFILE,
-            //                        auditSubjectID,
-            //                        ILogger.FAILURE,
-            //                        auditParams( req ) );
+            // // store a message in the signed audit log file
+            // auditMessage = CMS.getLogMessage(
+            // LOGGING_SIGNED_AUDIT_CONFIG_OCSP_PROFILE,
+            // auditSubjectID,
+            // ILogger.FAILURE,
+            // auditParams( req ) );
             //
-            //     audit( auditMessage );
+            // audit( auditMessage );
             //
-            //     // rethrow the specific exception to be handled later
-            //     throw eAudit3;
+            // // rethrow the specific exception to be handled later
+            // throw eAudit3;
         }
     }
 
     private void listOCSPStoresConfig(HttpServletRequest req,
-        HttpServletResponse resp)
-        throws ServletException, IOException, EBaseException {
+            HttpServletResponse resp)
+            throws ServletException, IOException, EBaseException {
         NameValuePairs params = new NameValuePairs();
         IConfigStore config = mOCSP.getConfigStore();
         String defStore = config.getString(IOCSPAuthority.PROP_DEF_STORE_ID);
@@ -439,7 +438,7 @@ public class OCSPAdminServlet extends AdminServlet {
     }
 
     private void getGeneralConfig(HttpServletRequest req,
-        HttpServletResponse resp) throws ServletException,
+            HttpServletResponse resp) throws ServletException,
             IOException, EBaseException {
 
         NameValuePairs params = new NameValuePairs();
@@ -451,7 +450,7 @@ public class OCSPAdminServlet extends AdminServlet {
 
     private void getSigningAlgConfig(NameValuePairs params) {
         params.add(Constants.PR_DEFAULT_ALGORITHM,
-            mOCSP.getDefaultAlgorithm());
+                mOCSP.getDefaultAlgorithm());
         String[] algorithms = mOCSP.getOCSPSigningAlgorithms();
         StringBuffer algorStr = new StringBuffer();
 
@@ -460,7 +459,7 @@ public class OCSPAdminServlet extends AdminServlet {
                 algorStr.append(algorithms[i]);
             else
                 algorStr.append(":");
-                algorStr.append(algorithms[i]);
+            algorStr.append(algorithms[i]);
         }
         params.add(Constants.PR_ALL_ALGORITHMS, algorStr.toString());
     }
@@ -468,12 +467,13 @@ public class OCSPAdminServlet extends AdminServlet {
     /**
      * Set general OCSP configuration
      * <P>
-     *
+     * 
      * <ul>
      * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_OCSP_PROFILE used when
      * configuring OCSP profile (everything under Online Certificate Status
      * Manager)
      * </ul>
+     * 
      * @param req HTTP servlet request
      * @param resp HTTP servlet response
      * @exception ServletException a servlet error has occurred
@@ -481,7 +481,7 @@ public class OCSPAdminServlet extends AdminServlet {
      * @exception EBaseException an error has occurred
      */
     private void setGeneralConfig(HttpServletRequest req,
-        HttpServletResponse resp) throws ServletException,
+            HttpServletResponse resp) throws ServletException,
             IOException, EBaseException {
 
         String auditMessage = null;
@@ -538,7 +538,7 @@ public class OCSPAdminServlet extends AdminServlet {
 
             // rethrow the specific exception to be handled later
             throw eAudit2;
-            
+
         }
     }
-}    
+}
diff --git a/pki/base/common/src/com/netscape/cms/servlet/admin/PolicyAdminServlet.java b/pki/base/common/src/com/netscape/cms/servlet/admin/PolicyAdminServlet.java
index 10a768a2..2216c2c3 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/admin/PolicyAdminServlet.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/admin/PolicyAdminServlet.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.servlet.admin;
 
-
 import java.io.IOException;
 import java.util.Enumeration;
 import java.util.Hashtable;
@@ -44,14 +43,12 @@ import com.netscape.certsrv.policy.IPolicyProcessor;
 import com.netscape.certsrv.policy.IPolicyRule;
 import com.netscape.certsrv.ra.IRegistrationAuthority;
 
-
 /**
  * This class is an administration servlet for policy management.
- *
- * Each service (CA, KRA, RA) should be responsible
- * for registering an instance of this with the remote
- * administration subsystem.
- *
+ * 
+ * Each service (CA, KRA, RA) should be responsible for registering an instance
+ * of this with the remote administration subsystem.
+ * 
  * @version $Revision$, $Date$
  */
 public class PolicyAdminServlet extends AdminServlet {
@@ -63,8 +60,8 @@ public class PolicyAdminServlet extends AdminServlet {
     public final static String PROP_AUTHORITY = "authority";
 
     private final static String INFO = "PolicyAdminServlet";
-    private final static String PW_PASSWORD_CACHE_ADD = 
-        "PASSWORD_CACHE_ADD";
+    private final static String PW_PASSWORD_CACHE_ADD =
+            "PASSWORD_CACHE_ADD";
 
     public final static String PROP_PREDICATE = "predicate";
     private IPolicyProcessor mProcessor = null;
@@ -85,7 +82,7 @@ public class PolicyAdminServlet extends AdminServlet {
     public static String MISSING_POLICY_ORDERING = "Missing policy ordering";
 
     private final static String LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY =
-        "LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY_3";
+            "LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY_3";
 
     /**
      * Constructs administration servlet.
@@ -102,7 +99,7 @@ public class PolicyAdminServlet extends AdminServlet {
         String authority = config.getInitParameter(PROP_AUTHORITY);
         String policyStatus = null;
 
-        CMS.debug( "PolicyAdminServlet: In Policy Admin Servlet init!" );
+        CMS.debug("PolicyAdminServlet: In Policy Admin Servlet init!");
 
         // CMS 6.1 began utilizing the "Certificate Profiles" framework
         // instead of the legacy "Certificate Policies" framework.
@@ -112,22 +109,22 @@ public class PolicyAdminServlet extends AdminServlet {
         // that this legacy "Certificate Policies" framework would be
         // deprecated and disabled by default (see Bugzilla Bug #472597).
         //
-        // NOTE:  The "Certificate Policies" framework ONLY applied to
-        //        to CA, KRA, and legacy RA (pre-CMS 7.0) subsystems.
+        // NOTE: The "Certificate Policies" framework ONLY applied to
+        // to CA, KRA, and legacy RA (pre-CMS 7.0) subsystems.
         //
-        //        Further, the "PolicyAdminServlet.java" servlet is ONLY used 
-        //        by the CA Console for the following:
+        // Further, the "PolicyAdminServlet.java" servlet is ONLY used
+        // by the CA Console for the following:
         //
-        //            SERVLET-NAME           URL-PATTERN
-        //            ====================================================
-        //            capolicy               ca/capolicy
+        // SERVLET-NAME URL-PATTERN
+        // ====================================================
+        // capolicy ca/capolicy
         //
-        //        Finally, the "PolicyAdminServlet.java" servlet is ONLY used 
-        //        by the KRA Console for the following:
+        // Finally, the "PolicyAdminServlet.java" servlet is ONLY used
+        // by the KRA Console for the following:
         //
-        //            SERVLET-NAME           URL-PATTERN
-        //            ====================================================
-        //            krapolicy              kra/krapolicy
+        // SERVLET-NAME URL-PATTERN
+        // ====================================================
+        // krapolicy kra/krapolicy
         //
         if (authority != null)
             mAuthority = (IAuthority) CMS.getSubsystem(authority);
@@ -138,28 +135,28 @@ public class PolicyAdminServlet extends AdminServlet {
                     policyStatus = ICertificateAuthority.ID
                                  + "." + "Policy"
                                  + "." + IPolicyProcessor.PROP_ENABLE;
-                    if( mConfig.getBoolean( policyStatus, true ) == true ) {
-                        // NOTE:  If "ca.Policy.enable=<boolean>" is missing,
-                        //        then the referenced instance existed prior
-                        //        to this name=value pair existing in its
-                        //        'CS.cfg' file, and thus we err on the
-                        //        side that the user may still need to
-                        //        use the policy framework.
-                        CMS.debug( "PolicyAdminServlet::init "
+                    if (mConfig.getBoolean(policyStatus, true) == true) {
+                        // NOTE: If "ca.Policy.enable=<boolean>" is missing,
+                        // then the referenced instance existed prior
+                        // to this name=value pair existing in its
+                        // 'CS.cfg' file, and thus we err on the
+                        // side that the user may still need to
+                        // use the policy framework.
+                        CMS.debug("PolicyAdminServlet::init "
                                  + "Certificate Policy Framework (deprecated) "
-                                 + "is ENABLED" );
+                                 + "is ENABLED");
                     } else {
-                        // CS 8.1 Default:  ca.Policy.enable=false
-                        CMS.debug( "PolicyAdminServlet::init "
+                        // CS 8.1 Default: ca.Policy.enable=false
+                        CMS.debug("PolicyAdminServlet::init "
                                  + "Certificate Policy Framework (deprecated) "
-                                 + "is DISABLED" );
-                        return; 
+                                 + "is DISABLED");
+                        return;
                     }
-                } catch( EBaseException e ) {
-                    throw new ServletException( authority
+                } catch (EBaseException e) {
+                    throw new ServletException(authority
                                               + " does not have a "
                                               + "master policy switch called '"
-                                              + policyStatus + "'" );
+                                              + policyStatus + "'");
                 }
             } else if (mAuthority instanceof IRegistrationAuthority) {
                 // this refers to the legacy RA (pre-CMS 7.0)
@@ -167,34 +164,34 @@ public class PolicyAdminServlet extends AdminServlet {
             } else if (mAuthority instanceof IKeyRecoveryAuthority) {
                 mProcessor = ((IKeyRecoveryAuthority) mAuthority).getPolicyProcessor();
                 try {
-                   policyStatus = IKeyRecoveryAuthority.ID
+                    policyStatus = IKeyRecoveryAuthority.ID
                                 + "." + "Policy"
                                 + "." + IPolicyProcessor.PROP_ENABLE;
-                    if( mConfig.getBoolean( policyStatus, true ) == true ) {
-                        // NOTE:  If "kra.Policy.enable=<boolean>" is missing,
-                        //        then the referenced instance existed prior
-                        //        to this name=value pair existing in its
-                        //        'CS.cfg' file, and thus we err on the
-                        //        side that the user may still need to
-                        //        use the policy framework.
-                        CMS.debug( "PolicyAdminServlet::init "
+                    if (mConfig.getBoolean(policyStatus, true) == true) {
+                        // NOTE: If "kra.Policy.enable=<boolean>" is missing,
+                        // then the referenced instance existed prior
+                        // to this name=value pair existing in its
+                        // 'CS.cfg' file, and thus we err on the
+                        // side that the user may still need to
+                        // use the policy framework.
+                        CMS.debug("PolicyAdminServlet::init "
                                  + "Certificate Policy Framework (deprecated) "
-                                 + "is ENABLED" );
+                                 + "is ENABLED");
                     } else {
-                        // CS 8.1 Default:  kra.Policy.enable=false
-                        CMS.debug( "PolicyAdminServlet::init "
+                        // CS 8.1 Default: kra.Policy.enable=false
+                        CMS.debug("PolicyAdminServlet::init "
                                  + "Certificate Policy Framework (deprecated) "
-                                 + "is DISABLED" );
-                        return; 
+                                 + "is DISABLED");
+                        return;
                     }
-                } catch( EBaseException e ) {
-                    throw new ServletException( authority
+                } catch (EBaseException e) {
+                    throw new ServletException(authority
                                               + " does not have a "
                                               + "master policy switch called '"
-                                              + policyStatus + "'" );
+                                              + policyStatus + "'");
                 }
-            } else 
-                throw new ServletException(authority + "  does not have policy processor!"); 
+            } else
+                throw new ServletException(authority + "  does not have policy processor!");
     }
 
     /**
@@ -204,15 +201,15 @@ public class PolicyAdminServlet extends AdminServlet {
         return INFO;
     }
 
-    /** 
-     * retrieve extended plugin info such as brief description, type info
-     * from policy, authentication, 
-     *   need to add: listener, mapper and publishing plugins
+    /**
+     * retrieve extended plugin info such as brief description, type info from
+     * policy, authentication, need to add: listener, mapper and publishing
+     * plugins
      */
     private void getExtendedPluginInfo(HttpServletRequest req,
-        HttpServletResponse resp) throws ServletException,
+            HttpServletResponse resp) throws ServletException,
             IOException, EBaseException {
-       
+
         if (!readAuthorize(req, resp))
             return;
         String id = req.getParameter(Constants.RS_ID);
@@ -248,27 +245,27 @@ public class PolicyAdminServlet extends AdminServlet {
                 ext_info = (IExtendedPluginInfo) impl;
             }
         }
-		
+
         NameValuePairs nvps = null;
-		
+
         if (ext_info == null) {
             nvps = new NameValuePairs();
         } else {
             nvps = convertStringArrayToNVPairs(ext_info.getExtendedPluginInfo(locale));
         }
-		
+
         return nvps;
     }
 
     public NameValuePairs getExtendedPluginInfo(Locale locale, String pluginType,
-        String implName,
-        String instName) {
+            String implName,
+            String instName) {
         IExtendedPluginInfo ext_info = null;
 
         Object impl = null;
 
         IPolicyRule policy = mProcessor.getPolicyInstance(instName);
-		
+
         impl = policy;
         if (impl == null) {
             impl = mProcessor.getPolicyImpl(implName);
@@ -313,8 +310,8 @@ public class PolicyAdminServlet extends AdminServlet {
      * Serves HTTP admin request.
      */
     public void service(HttpServletRequest req,
-        HttpServletResponse resp)
-        throws ServletException, IOException {
+            HttpServletResponse resp)
+            throws ServletException, IOException {
         super.service(req, resp);
 
         super.authenticate(req);
@@ -332,30 +329,30 @@ public class PolicyAdminServlet extends AdminServlet {
             } catch (EBaseException e) {
                 sendResponse(ERROR, e.toString(getLocale(req)), null, resp);
                 return;
-            } 
+            }
         } else
             sendResponse(ERROR, INVALID_POLICY_SCOPE, null, resp);
     }
 
-    private boolean readAuthorize(HttpServletRequest req, 
-        HttpServletResponse resp) throws IOException {
+    private boolean readAuthorize(HttpServletRequest req,
+            HttpServletResponse resp) throws IOException {
         mOp = "read";
         if ((mToken = super.authorize(req)) == null) {
             sendResponse(ERROR,
-                CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
-                null, resp);
+                    CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
+                    null, resp);
             return false;
         }
         return true;
     }
 
-    private boolean modifyAuthorize(HttpServletRequest req, 
-        HttpServletResponse resp) throws IOException {
+    private boolean modifyAuthorize(HttpServletRequest req,
+            HttpServletResponse resp) throws IOException {
         mOp = "modify";
         if ((mToken = super.authorize(req)) == null) {
             sendResponse(ERROR,
-                CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
-                null, resp);
+                    CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
+                    null, resp);
             return false;
         }
         return true;
@@ -365,8 +362,8 @@ public class PolicyAdminServlet extends AdminServlet {
      * Process Policy Implementation Management.
      */
     public void processPolicyImplMgmt(HttpServletRequest req,
-        HttpServletResponse resp)
-        throws ServletException, IOException {
+            HttpServletResponse resp)
+            throws ServletException, IOException {
         // Get operation type
         String op = req.getParameter(Constants.OP_TYPE);
 
@@ -388,12 +385,12 @@ public class PolicyAdminServlet extends AdminServlet {
             addPolicyImpl(req, resp);
         } else
             sendResponse(ERROR, INVALID_POLICY_IMPL_OP,
-                null, resp);
+                    null, resp);
     }
 
     public void processPolicyRuleMgmt(HttpServletRequest req,
-        HttpServletResponse resp)
-        throws ServletException, IOException {
+            HttpServletResponse resp)
+            throws ServletException, IOException {
         // Get operation type
         String op = req.getParameter(Constants.OP_TYPE);
 
@@ -424,17 +421,17 @@ public class PolicyAdminServlet extends AdminServlet {
                 modifyPolicyInstance(req, resp);
         } else
             sendResponse(ERROR, INVALID_POLICY_IMPL_OP,
-                null, resp);
+                    null, resp);
     }
 
     public void listPolicyImpls(HttpServletRequest req,
-        HttpServletResponse resp)
-        throws ServletException, IOException {
+            HttpServletResponse resp)
+            throws ServletException, IOException {
         Enumeration policyImplNames = mProcessor.getPolicyImplsInfo();
         Enumeration policyImpls = mProcessor.getPolicyImpls();
 
         if (policyImplNames == null ||
-            policyImpls == null) {
+                policyImpls == null) {
             sendResponse(ERROR, INVALID_POLICY_IMPL_CONFIG, null, resp);
             return;
         }
@@ -443,12 +440,12 @@ public class PolicyAdminServlet extends AdminServlet {
         NameValuePairs nvp = new NameValuePairs();
 
         while (policyImplNames.hasMoreElements() &&
-            policyImpls.hasMoreElements()) {
+                policyImpls.hasMoreElements()) {
             String id = (String) policyImplNames.nextElement();
             IPolicyRule impl = (IPolicyRule)
-                policyImpls.nextElement();
+                    policyImpls.nextElement();
             String className =
-                impl.getClass().getName();
+                    impl.getClass().getName();
             String desc = impl.getDescription();
 
             nvp.add(id, className + "," + desc);
@@ -457,8 +454,8 @@ public class PolicyAdminServlet extends AdminServlet {
     }
 
     public void listPolicyInstances(HttpServletRequest req,
-        HttpServletResponse resp)
-        throws ServletException, IOException {
+            HttpServletResponse resp)
+            throws ServletException, IOException {
         Enumeration instancesInfo = mProcessor.getPolicyInstancesInfo();
 
         if (instancesInfo == null) {
@@ -475,7 +472,7 @@ public class PolicyAdminServlet extends AdminServlet {
             int i = info.indexOf(";");
 
             nvp.add(info.substring(0, i), info.substring(i + 1));
-			
+
         }
         sendResponse(SUCCESS, null, nvp, resp);
     }
@@ -483,19 +480,20 @@ public class PolicyAdminServlet extends AdminServlet {
     /**
      * Delete policy implementation
      * <P>
-     *
+     * 
      * <ul>
      * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY used when
      * configuring cert policy constraints and extensions
      * </ul>
+     * 
      * @param req HTTP servlet request
      * @param resp HTTP servlet response
      * @exception ServletException a servlet error has occurred
      * @exception IOException an input/output error has occurred
      */
     public void deletePolicyImpl(HttpServletRequest req,
-        HttpServletResponse resp)
-        throws ServletException, IOException {
+            HttpServletResponse resp)
+            throws ServletException, IOException {
         String auditMessage = null;
         String auditSubjectID = auditSubjectID();
 
@@ -533,7 +531,7 @@ public class PolicyAdminServlet extends AdminServlet {
 
                 sendResponse(SUCCESS, null, null, resp);
             } catch (Exception e) {
-                //e.printStackTrace();
+                // e.printStackTrace();
 
                 // store a message in the signed audit log file
                 auditMessage = CMS.getLogMessage(
@@ -559,23 +557,23 @@ public class PolicyAdminServlet extends AdminServlet {
             // rethrow the specific exception to be handled later
             throw eAudit1;
             // } catch( ServletException eAudit2 ) {
-            //     // store a message in the signed audit log file
-            //     auditMessage = CMS.getLogMessage(
-            //                        LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY,
-            //                        auditSubjectID,
-            //                        ILogger.FAILURE,
-            //                        auditParams( req ) );
+            // // store a message in the signed audit log file
+            // auditMessage = CMS.getLogMessage(
+            // LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY,
+            // auditSubjectID,
+            // ILogger.FAILURE,
+            // auditParams( req ) );
             //
-            //     audit( auditMessage );
+            // audit( auditMessage );
             //
-            //     // rethrow the specific exception to be handled later
-            //     throw eAudit2;
+            // // rethrow the specific exception to be handled later
+            // throw eAudit2;
         }
     }
 
     public void getPolicyImplConfig(HttpServletRequest req,
-        HttpServletResponse resp)
-        throws ServletException, IOException {
+            HttpServletResponse resp)
+            throws ServletException, IOException {
         // Get the policy impl id.
         String id = req.getParameter(Constants.RS_ID);
 
@@ -604,19 +602,20 @@ public class PolicyAdminServlet extends AdminServlet {
     /**
      * Add policy implementation
      * <P>
-     *
+     * 
      * <ul>
      * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY used when
      * configuring cert policy constraints and extensions
      * </ul>
+     * 
      * @param req HTTP servlet request
      * @param resp HTTP servlet response
      * @exception ServletException a servlet error has occurred
      * @exception IOException an input/output error has occurred
      */
     public void addPolicyImpl(HttpServletRequest req,
-        HttpServletResponse resp)
-        throws ServletException, IOException {
+            HttpServletResponse resp)
+            throws ServletException, IOException {
         String auditMessage = null;
         String auditSubjectID = auditSubjectID();
 
@@ -693,36 +692,37 @@ public class PolicyAdminServlet extends AdminServlet {
             // rethrow the specific exception to be handled later
             throw eAudit1;
             // } catch( ServletException eAudit2 ) {
-            //     // store a message in the signed audit log file
-            //     auditMessage = CMS.getLogMessage(
-            //                        LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY,
-            //                        auditSubjectID,
-            //                        ILogger.FAILURE,
-            //                        auditParams( req ) );
+            // // store a message in the signed audit log file
+            // auditMessage = CMS.getLogMessage(
+            // LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY,
+            // auditSubjectID,
+            // ILogger.FAILURE,
+            // auditParams( req ) );
             //
-            //     audit( auditMessage );
+            // audit( auditMessage );
             //
-            //     // rethrow the specific exception to be handled later
-            //     throw eAudit2;
+            // // rethrow the specific exception to be handled later
+            // throw eAudit2;
         }
     }
 
     /**
      * Delete policy instance
      * <P>
-     *
+     * 
      * <ul>
      * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY used when
      * configuring cert policy constraints and extensions
      * </ul>
+     * 
      * @param req HTTP servlet request
      * @param resp HTTP servlet response
      * @exception ServletException a servlet error has occurred
      * @exception IOException an input/output error has occurred
      */
     public void deletePolicyInstance(HttpServletRequest req,
-        HttpServletResponse resp)
-        throws ServletException, IOException {
+            HttpServletResponse resp)
+            throws ServletException, IOException {
         String auditMessage = null;
         String auditSubjectID = auditSubjectID();
 
@@ -760,7 +760,7 @@ public class PolicyAdminServlet extends AdminServlet {
 
                 sendResponse(SUCCESS, null, null, resp);
             } catch (Exception e) {
-                //e.printStackTrace();
+                // e.printStackTrace();
 
                 // store a message in the signed audit log file
                 auditMessage = CMS.getLogMessage(
@@ -786,23 +786,23 @@ public class PolicyAdminServlet extends AdminServlet {
             // rethrow the specific exception to be handled later
             throw eAudit1;
             // } catch( ServletException eAudit2 ) {
-            //     // store a message in the signed audit log file
-            //     auditMessage = CMS.getLogMessage(
-            //                        LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY,
-            //                        auditSubjectID,
-            //                        ILogger.FAILURE,
-            //                        auditParams( req ) );
+            // // store a message in the signed audit log file
+            // auditMessage = CMS.getLogMessage(
+            // LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY,
+            // auditSubjectID,
+            // ILogger.FAILURE,
+            // auditParams( req ) );
             //
-            //     audit( auditMessage );
+            // audit( auditMessage );
             //
-            //     // rethrow the specific exception to be handled later
-            //     throw eAudit2;
+            // // rethrow the specific exception to be handled later
+            // throw eAudit2;
         }
     }
 
     public void getPolicyInstanceConfig(HttpServletRequest req,
-        HttpServletResponse resp)
-        throws ServletException, IOException {
+            HttpServletResponse resp)
+            throws ServletException, IOException {
         // Get the policy rule id.
         String id = req.getParameter(Constants.RS_ID).trim();
 
@@ -836,7 +836,7 @@ public class PolicyAdminServlet extends AdminServlet {
     }
 
     public void
-    putUserPWPair(String combo) {
+            putUserPWPair(String combo) {
         int semicolon;
 
         semicolon = combo.indexOf(";");
@@ -849,19 +849,20 @@ public class PolicyAdminServlet extends AdminServlet {
     /**
      * Add policy instance
      * <P>
-     *
+     * 
      * <ul>
      * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY used when
      * configuring cert policy constraints and extensions
      * </ul>
+     * 
      * @param req HTTP servlet request
      * @param resp HTTP servlet response
      * @exception ServletException a servlet error has occurred
      * @exception IOException an input/output error has occurred
      */
     public void addPolicyInstance(HttpServletRequest req,
-        HttpServletResponse resp)
-        throws ServletException, IOException {
+            HttpServletResponse resp)
+            throws ServletException, IOException {
         String auditMessage = null;
         String auditSubjectID = auditSubjectID();
 
@@ -988,36 +989,37 @@ public class PolicyAdminServlet extends AdminServlet {
             // rethrow the specific exception to be handled later
             throw eAudit1;
             // } catch( ServletException eAudit2 ) {
-            //     // store a message in the signed audit log file
-            //     auditMessage = CMS.getLogMessage(
-            //                        LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY,
-            //                        auditSubjectID,
-            //                        ILogger.FAILURE,
-            //                        auditParams( req ) );
+            // // store a message in the signed audit log file
+            // auditMessage = CMS.getLogMessage(
+            // LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY,
+            // auditSubjectID,
+            // ILogger.FAILURE,
+            // auditParams( req ) );
             //
-            //     audit( auditMessage );
+            // audit( auditMessage );
             //
-            //     // rethrow the specific exception to be handled later
-            //     throw eAudit2;
+            // // rethrow the specific exception to be handled later
+            // throw eAudit2;
         }
     }
 
     /**
      * Change ordering of policy instances
      * <P>
-     *
+     * 
      * <ul>
      * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY used when
      * configuring cert policy constraints and extensions
      * </ul>
+     * 
      * @param req HTTP servlet request
      * @param resp HTTP servlet response
      * @exception ServletException a servlet error has occurred
      * @exception IOException an input/output error has occurred
      */
     public void changePolicyInstanceOrdering(HttpServletRequest req,
-        HttpServletResponse resp)
-        throws ServletException, IOException {
+            HttpServletResponse resp)
+            throws ServletException, IOException {
         String auditMessage = null;
         String auditSubjectID = auditSubjectID();
 
@@ -1025,7 +1027,7 @@ public class PolicyAdminServlet extends AdminServlet {
         // to the signed audit log and stored as failures
         try {
             String policyOrder =
-                req.getParameter(Constants.PR_POLICY_ORDER);
+                    req.getParameter(Constants.PR_POLICY_ORDER);
 
             if (policyOrder == null) {
                 // store a message in the signed audit log file
@@ -1078,36 +1080,37 @@ public class PolicyAdminServlet extends AdminServlet {
             // rethrow the specific exception to be handled later
             throw eAudit1;
             // } catch( ServletException eAudit2 ) {
-            //     // store a message in the signed audit log file
-            //     auditMessage = CMS.getLogMessage(
-            //                        LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY,
-            //                        auditSubjectID,
-            //                        ILogger.FAILURE,
-            //                        auditParams( req ) );
+            // // store a message in the signed audit log file
+            // auditMessage = CMS.getLogMessage(
+            // LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY,
+            // auditSubjectID,
+            // ILogger.FAILURE,
+            // auditParams( req ) );
             //
-            //     audit( auditMessage );
+            // audit( auditMessage );
             //
-            //     // rethrow the specific exception to be handled later
-            //     throw eAudit2;
+            // // rethrow the specific exception to be handled later
+            // throw eAudit2;
         }
     }
 
     /**
      * Modify policy instance
      * <P>
-     *
+     * 
      * <ul>
      * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY used when
      * configuring cert policy constraints and extensions
      * </ul>
+     * 
      * @param req HTTP servlet request
      * @param resp HTTP servlet response
      * @exception ServletException a servlet error has occurred
      * @exception IOException an input/output error has occurred
      */
     public void modifyPolicyInstance(HttpServletRequest req,
-        HttpServletResponse resp)
-        throws ServletException, IOException {
+            HttpServletResponse resp)
+            throws ServletException, IOException {
         String auditMessage = null;
         String auditSubjectID = auditSubjectID();
 
@@ -1179,7 +1182,7 @@ public class PolicyAdminServlet extends AdminServlet {
                 sendResponse(ERROR, INVALID_POLICY_IMPL_ID, null, resp);
                 return;
             }
-            // XXX 
+            // XXX
             for (Enumeration n = req.getParameterNames(); n.hasMoreElements();) {
                 String p = (String) n.nextElement();
                 String l = (String) req.getParameter(p);
@@ -1189,15 +1192,10 @@ public class PolicyAdminServlet extends AdminServlet {
             }
 
             /*
-             for(Enumeration e = v.elements(); e.hasMoreElements(); )
-             {
-             String nv = (String)e.nextElement();
-             int index = nv.indexOf("=");
-             String key = nv.substring(0, index);
-             val = req.getParameter(key);
-             if (val != null)
-             ht.put(key, val);
-             }
+             * for(Enumeration e = v.elements(); e.hasMoreElements(); ) { String
+             * nv = (String)e.nextElement(); int index = nv.indexOf("="); String
+             * key = nv.substring(0, index); val = req.getParameter(key); if
+             * (val != null) ht.put(key, val); }
              */
 
             try {
@@ -1238,18 +1236,17 @@ public class PolicyAdminServlet extends AdminServlet {
             // rethrow the specific exception to be handled later
             throw eAudit1;
             // } catch( ServletException eAudit2 ) {
-            //     // store a message in the signed audit log file
-            //     auditMessage = CMS.getLogMessage(
-            //                        LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY,
-            //                        auditSubjectID,
-            //                        ILogger.FAILURE,
-            //                        auditParams( req ) );
+            // // store a message in the signed audit log file
+            // auditMessage = CMS.getLogMessage(
+            // LOGGING_SIGNED_AUDIT_CONFIG_CERT_POLICY,
+            // auditSubjectID,
+            // ILogger.FAILURE,
+            // auditParams( req ) );
             //
-            //     audit( auditMessage );
+            // audit( auditMessage );
             //
-            //     // rethrow the specific exception to be handled later
-            //     throw eAudit2;
+            // // rethrow the specific exception to be handled later
+            // throw eAudit2;
         }
     }
 }
-
diff --git a/pki/base/common/src/com/netscape/cms/servlet/admin/ProfileAdminServlet.java b/pki/base/common/src/com/netscape/cms/servlet/admin/ProfileAdminServlet.java
index 9c83a30c..02eafb28 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/admin/ProfileAdminServlet.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/admin/ProfileAdminServlet.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.servlet.admin;
 
-
 import java.io.File;
 import java.io.IOException;
 import java.util.Enumeration;
@@ -53,14 +52,12 @@ import com.netscape.certsrv.registry.IPluginInfo;
 import com.netscape.certsrv.registry.IPluginRegistry;
 import com.netscape.cms.profile.common.ProfilePolicy;
 
-
 /**
  * This class is an administration servlet for policy management.
- *
- * Each service (CA, KRA, RA) should be responsible
- * for registering an instance of this with the remote
- * administration subsystem.
- *
+ * 
+ * Each service (CA, KRA, RA) should be responsible for registering an instance
+ * of this with the remote administration subsystem.
+ * 
  * @version $Revision$, $Date$
  */
 public class ProfileAdminServlet extends AdminServlet {
@@ -72,8 +69,8 @@ public class ProfileAdminServlet extends AdminServlet {
     public final static String PROP_AUTHORITY = "authority";
 
     private final static String INFO = "ProfileAdminServlet";
-    private final static String PW_PASSWORD_CACHE_ADD = 
-        "PASSWORD_CACHE_ADD";
+    private final static String PW_PASSWORD_CACHE_ADD =
+            "PASSWORD_CACHE_ADD";
 
     public final static String PROP_PREDICATE = "predicate";
     private IAuthority mAuthority = null;
@@ -97,7 +94,7 @@ public class ProfileAdminServlet extends AdminServlet {
     public static String BAD_CONFIGURATION_VAL = "Invalid configuration value.";
 
     private final static String LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE =
-        "LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE_3";
+            "LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE_3";
 
     /**
      * Constructs administration servlet.
@@ -130,8 +127,8 @@ public class ProfileAdminServlet extends AdminServlet {
      * Serves HTTP admin request.
      */
     public void service(HttpServletRequest req,
-        HttpServletResponse resp)
-        throws ServletException, IOException {
+            HttpServletResponse resp)
+            throws ServletException, IOException {
         super.service(req, resp);
 
         super.authenticate(req);
@@ -139,7 +136,7 @@ public class ProfileAdminServlet extends AdminServlet {
         AUTHZ_RES_NAME = "certServer.profile.configuration";
         String scope = req.getParameter(Constants.OP_SCOPE);
 
-         CMS.debug("ProfileAdminServlet: service scope: " + scope);
+        CMS.debug("ProfileAdminServlet: service scope: " + scope);
         if (scope.equals(ScopeDef.SC_PROFILE_RULES)) {
             processProfileRuleMgmt(req, resp);
         } else if (scope.equals(ScopeDef.SC_PROFILE_POLICIES)) {
@@ -162,33 +159,33 @@ public class ProfileAdminServlet extends AdminServlet {
             sendResponse(ERROR, INVALID_POLICY_SCOPE, null, resp);
     }
 
-    private boolean readAuthorize(HttpServletRequest req, 
-        HttpServletResponse resp) throws IOException {
+    private boolean readAuthorize(HttpServletRequest req,
+            HttpServletResponse resp) throws IOException {
         mOp = "read";
         if ((mToken = super.authorize(req)) == null) {
             sendResponse(ERROR,
-                CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
-                null, resp);
+                    CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
+                    null, resp);
             return false;
         }
         return true;
     }
 
-    private boolean modifyAuthorize(HttpServletRequest req, 
-        HttpServletResponse resp) throws IOException {
+    private boolean modifyAuthorize(HttpServletRequest req,
+            HttpServletResponse resp) throws IOException {
         mOp = "modify";
         if ((mToken = super.authorize(req)) == null) {
             sendResponse(ERROR,
-                CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
-                null, resp);
+                    CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
+                    null, resp);
             return false;
         }
         return true;
     }
 
     public void processProfilePolicy(HttpServletRequest req,
-        HttpServletResponse resp)
-        throws ServletException, IOException {
+            HttpServletResponse resp)
+            throws ServletException, IOException {
         // Get operation type
         String op = req.getParameter(Constants.OP_TYPE);
 
@@ -208,8 +205,8 @@ public class ProfileAdminServlet extends AdminServlet {
     }
 
     public void processProfileInput(HttpServletRequest req,
-        HttpServletResponse resp)
-        throws ServletException, IOException {
+            HttpServletResponse resp)
+            throws ServletException, IOException {
         // Get operation type
         String op = req.getParameter(Constants.OP_TYPE);
         String scope = super.getParameter(req, Constants.OP_SCOPE);
@@ -230,8 +227,8 @@ public class ProfileAdminServlet extends AdminServlet {
     }
 
     public void processProfileOutput(HttpServletRequest req,
-        HttpServletResponse resp)
-        throws ServletException, IOException {
+            HttpServletResponse resp)
+            throws ServletException, IOException {
         // Get operation type
         String op = req.getParameter(Constants.OP_TYPE);
         String scope = super.getParameter(req, Constants.OP_SCOPE);
@@ -252,8 +249,8 @@ public class ProfileAdminServlet extends AdminServlet {
     }
 
     public void processProfileInputConfig(HttpServletRequest req,
-        HttpServletResponse resp)
-        throws ServletException, IOException {
+            HttpServletResponse resp)
+            throws ServletException, IOException {
         // Get operation type
         String op = req.getParameter(Constants.OP_TYPE);
 
@@ -269,8 +266,8 @@ public class ProfileAdminServlet extends AdminServlet {
     }
 
     public void processProfileOutputConfig(HttpServletRequest req,
-        HttpServletResponse resp)
-        throws ServletException, IOException {
+            HttpServletResponse resp)
+            throws ServletException, IOException {
         // Get operation type
         String op = req.getParameter(Constants.OP_TYPE);
 
@@ -286,8 +283,8 @@ public class ProfileAdminServlet extends AdminServlet {
     }
 
     public void processPolicyDefaultConfig(HttpServletRequest req,
-        HttpServletResponse resp)
-        throws ServletException, IOException {
+            HttpServletResponse resp)
+            throws ServletException, IOException {
         // Get operation type
         String op = req.getParameter(Constants.OP_TYPE);
 
@@ -307,8 +304,8 @@ public class ProfileAdminServlet extends AdminServlet {
     }
 
     public void processPolicyConstraintConfig(HttpServletRequest req,
-        HttpServletResponse resp)
-        throws ServletException, IOException {
+            HttpServletResponse resp)
+            throws ServletException, IOException {
         // Get operation type
         String op = req.getParameter(Constants.OP_TYPE);
 
@@ -332,8 +329,8 @@ public class ProfileAdminServlet extends AdminServlet {
      * Process Policy Implementation Management.
      */
     public void processPolicyImplMgmt(HttpServletRequest req,
-        HttpServletResponse resp)
-        throws ServletException, IOException {
+            HttpServletResponse resp)
+            throws ServletException, IOException {
         // Get operation type
         String op = req.getParameter(Constants.OP_TYPE);
 
@@ -343,12 +340,12 @@ public class ProfileAdminServlet extends AdminServlet {
             listProfileImpls(req, resp);
         } else
             sendResponse(ERROR, INVALID_POLICY_IMPL_OP,
-                null, resp);
+                    null, resp);
     }
 
     public void processProfileRuleMgmt(HttpServletRequest req,
-        HttpServletResponse resp)
-        throws ServletException, IOException {
+            HttpServletResponse resp)
+            throws ServletException, IOException {
         // Get operation type
         String op = req.getParameter(Constants.OP_TYPE);
 
@@ -374,15 +371,15 @@ public class ProfileAdminServlet extends AdminServlet {
             modifyProfileInstance(req, resp);
         } else
             sendResponse(ERROR, INVALID_POLICY_IMPL_OP,
-                null, resp);
+                    null, resp);
     }
 
     /**
      * Lists all registered profile impementations
      */
     public void listProfileImpls(HttpServletRequest req,
-        HttpServletResponse resp)
-        throws ServletException, IOException {
+            HttpServletResponse resp)
+            throws ServletException, IOException {
 
         Enumeration<String> impls = mRegistry.getIds("profile");
         NameValuePairs nvp = new NameValuePairs();
@@ -391,29 +388,30 @@ public class ProfileAdminServlet extends AdminServlet {
             String id = (String) impls.nextElement();
             IPluginInfo info = mRegistry.getPluginInfo("profile", id);
 
-            nvp.add(id, info.getClassName() + "," + 
-                info.getDescription(getLocale(req)));
-        } 
+            nvp.add(id, info.getClassName() + "," +
+                    info.getDescription(getLocale(req)));
+        }
         sendResponse(SUCCESS, null, nvp, resp);
     }
 
     /**
      * Add policy profile
      * <P>
-     *
+     * 
      * <ul>
      * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE used when
      * configuring cert profile (general settings and cert profile; obsoletes
      * extensions and constraints policies)
      * </ul>
+     * 
      * @param req HTTP servlet request
      * @param resp HTTP servlet response
      * @exception ServletException a servlet error has occurred
      * @exception IOException an input/output error has occurred
      */
     public void addProfilePolicy(HttpServletRequest req,
-        HttpServletResponse resp)
-        throws ServletException, IOException {
+            HttpServletResponse resp)
+            throws ServletException, IOException {
         String auditMessage = null;
         String auditSubjectID = auditSubjectID();
 
@@ -451,10 +449,10 @@ public class ProfileAdminServlet extends AdminServlet {
 
             if (mProfileSub.isProfileEnable(profileId)) {
                 sendResponse(ERROR,
-                    CMS.getUserMessage(getLocale(req), 
-                    "CMS_PROFILE_CREATE_POLICY_FAILED",
-                    "Profile is currently enabled"),
-                    null, resp);
+                        CMS.getUserMessage(getLocale(req),
+                                "CMS_PROFILE_CREATE_POLICY_FAILED",
+                                "Profile is currently enabled"),
+                        null, resp);
                 return;
             }
 
@@ -466,27 +464,27 @@ public class ProfileAdminServlet extends AdminServlet {
 
             try {
                 if (!isValidId(setId)) {
-                  sendResponse(ERROR,
-                    CMS.getUserMessage(getLocale(req), 
-                    "CMS_PROFILE_CREATE_POLICY_FAILED",
-                    "Invalid set id " + setId),
-                    null, resp);
-                  return;
+                    sendResponse(ERROR,
+                            CMS.getUserMessage(getLocale(req),
+                                    "CMS_PROFILE_CREATE_POLICY_FAILED",
+                                    "Invalid set id " + setId),
+                            null, resp);
+                    return;
                 }
                 if (!isValidId(pId)) {
-                  sendResponse(ERROR,
-                    CMS.getUserMessage(getLocale(req), 
-                    "CMS_PROFILE_CREATE_POLICY_FAILED",
-                    "Invalid policy id " + pId),
-                    null, resp);
-                  return;
+                    sendResponse(ERROR,
+                            CMS.getUserMessage(getLocale(req),
+                                    "CMS_PROFILE_CREATE_POLICY_FAILED",
+                                    "Invalid policy id " + pId),
+                            null, resp);
+                    return;
                 }
                 policy = profile.createProfilePolicy(setId, pId,
                             defImpl, conImpl);
             } catch (EBaseException e1) {
                 // error
                 CMS.debug("ProfileAdminServlet: addProfilePolicy " +
-                    e1.toString());
+                        e1.toString());
 
                 // store a message in the signed audit log file
                 auditMessage = CMS.getLogMessage(
@@ -498,9 +496,9 @@ public class ProfileAdminServlet extends AdminServlet {
                 audit(auditMessage);
 
                 sendResponse(ERROR,
-                    CMS.getUserMessage(getLocale(req), "CMS_PROFILE_CREATE_POLICY_FAILED",
-                    e1.toString()),
-                    null, resp);
+                        CMS.getUserMessage(getLocale(req), "CMS_PROFILE_CREATE_POLICY_FAILED",
+                                e1.toString()),
+                        null, resp);
                 return;
             }
             NameValuePairs nvp = new NameValuePairs();
@@ -528,37 +526,38 @@ public class ProfileAdminServlet extends AdminServlet {
             // rethrow the specific exception to be handled later
             throw eAudit1;
             // } catch( ServletException eAudit2 ) {
-            //     // store a message in the signed audit log file
-            //     auditMessage = CMS.getLogMessage(
-            //                        LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE,
-            //                        auditSubjectID,
-            //                        ILogger.FAILURE,
-            //                        auditParams( req ) );
+            // // store a message in the signed audit log file
+            // auditMessage = CMS.getLogMessage(
+            // LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE,
+            // auditSubjectID,
+            // ILogger.FAILURE,
+            // auditParams( req ) );
             //
-            //     audit( auditMessage );
+            // audit( auditMessage );
             //
-            //     // rethrow the specific exception to be handled later
-            //     throw eAudit2;
+            // // rethrow the specific exception to be handled later
+            // throw eAudit2;
         }
     }
 
     /**
      * Add profile input
      * <P>
-     *
+     * 
      * <ul>
      * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE used when
      * configuring cert profile (general settings and cert profile; obsoletes
      * extensions and constraints policies)
      * </ul>
+     * 
      * @param req HTTP servlet request
      * @param resp HTTP servlet response
      * @exception ServletException a servlet error has occurred
      * @exception IOException an input/output error has occurred
      */
     public void addProfileInput(HttpServletRequest req,
-        HttpServletResponse resp)
-        throws ServletException, IOException {
+            HttpServletResponse resp)
+            throws ServletException, IOException {
         String auditMessage = null;
         String auditSubjectID = auditSubjectID();
 
@@ -594,11 +593,11 @@ public class ProfileAdminServlet extends AdminServlet {
 
             IProfileInput input = null;
             @SuppressWarnings("unchecked")
-			Enumeration<String> names = req.getParameterNames();
+            Enumeration<String> names = req.getParameterNames();
             NameValuePairs nvps = new NameValuePairs();
 
             while (names.hasMoreElements()) {
-                String name =  names.nextElement();
+                String name = names.nextElement();
 
                 if (name.equals("OP_SCOPE"))
                     continue;
@@ -623,9 +622,9 @@ public class ProfileAdminServlet extends AdminServlet {
 
                 audit(auditMessage);
                 sendResponse(ERROR,
-                    CMS.getUserMessage(getLocale(req), "CMS_PROFILE_CREATE_INPUT_FAILED",
-                    e1.toString()),
-                    null, resp);
+                        CMS.getUserMessage(getLocale(req), "CMS_PROFILE_CREATE_INPUT_FAILED",
+                                e1.toString()),
+                        null, resp);
 
                 return;
             }
@@ -655,37 +654,38 @@ public class ProfileAdminServlet extends AdminServlet {
             // rethrow the specific exception to be handled later
             throw eAudit1;
             // } catch( ServletException eAudit2 ) {
-            //     // store a message in the signed audit log file
-            //     auditMessage = CMS.getLogMessage(
-            //                        LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE,
-            //                        auditSubjectID,
-            //                        ILogger.FAILURE,
-            //                        auditParams( req ) );
+            // // store a message in the signed audit log file
+            // auditMessage = CMS.getLogMessage(
+            // LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE,
+            // auditSubjectID,
+            // ILogger.FAILURE,
+            // auditParams( req ) );
             //
-            //     audit( auditMessage );
+            // audit( auditMessage );
             //
-            //     // rethrow the specific exception to be handled later
-            //     throw eAudit2;
+            // // rethrow the specific exception to be handled later
+            // throw eAudit2;
         }
     }
 
     /**
      * Add profile output
      * <P>
-     *
+     * 
      * <ul>
      * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE used when
      * configuring cert profile (general settings and cert profile; obsoletes
      * extensions and constraints policies)
      * </ul>
+     * 
      * @param req HTTP servlet request
      * @param resp HTTP servlet response
      * @exception ServletException a servlet error has occurred
      * @exception IOException an input/output error has occurred
      */
     public void addProfileOutput(HttpServletRequest req,
-        HttpServletResponse resp)
-        throws ServletException, IOException {
+            HttpServletResponse resp)
+            throws ServletException, IOException {
         String auditMessage = null;
         String auditSubjectID = auditSubjectID();
 
@@ -721,11 +721,11 @@ public class ProfileAdminServlet extends AdminServlet {
 
             IProfileOutput output = null;
             @SuppressWarnings("unchecked")
-			Enumeration<String> names = req.getParameterNames();
+            Enumeration<String> names = req.getParameterNames();
             NameValuePairs nvps = new NameValuePairs();
 
             while (names.hasMoreElements()) {
-                String name =  names.nextElement();
+                String name = names.nextElement();
 
                 if (name.equals("OP_SCOPE"))
                     continue;
@@ -751,9 +751,9 @@ public class ProfileAdminServlet extends AdminServlet {
 
                 audit(auditMessage);
                 sendResponse(ERROR,
-                    CMS.getUserMessage(getLocale(req), "CMS_PROFILE_CREATE_OUTPUT_FAILED", 
-                    e1.toString()),
-                    null, resp);
+                        CMS.getUserMessage(getLocale(req), "CMS_PROFILE_CREATE_OUTPUT_FAILED",
+                                e1.toString()),
+                        null, resp);
 
                 return;
             }
@@ -783,37 +783,38 @@ public class ProfileAdminServlet extends AdminServlet {
             // rethrow the specific exception to be handled later
             throw eAudit1;
             // } catch( ServletException eAudit2 ) {
-            //     // store a message in the signed audit log file
-            //     auditMessage = CMS.getLogMessage(
-            //                        LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE,
-            //                        auditSubjectID,
-            //                        ILogger.FAILURE,
-            //                        auditParams( req ) );
+            // // store a message in the signed audit log file
+            // auditMessage = CMS.getLogMessage(
+            // LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE,
+            // auditSubjectID,
+            // ILogger.FAILURE,
+            // auditParams( req ) );
             //
-            //     audit( auditMessage );
+            // audit( auditMessage );
             //
-            //     // rethrow the specific exception to be handled later
-            //     throw eAudit2;
+            // // rethrow the specific exception to be handled later
+            // throw eAudit2;
         }
     }
 
     /**
      * Delete policy profile
      * <P>
-     *
+     * 
      * <ul>
      * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE used when
      * configuring cert profile (general settings and cert profile; obsoletes
      * extensions and constraints policies)
      * </ul>
+     * 
      * @param req HTTP servlet request
      * @param resp HTTP servlet response
      * @exception ServletException a servlet error has occurred
      * @exception IOException an input/output error has occurred
      */
     public void deleteProfilePolicy(HttpServletRequest req,
-        HttpServletResponse resp)
-        throws ServletException, IOException {
+            HttpServletResponse resp)
+            throws ServletException, IOException {
         String auditMessage = null;
         String auditSubjectID = auditSubjectID();
 
@@ -823,10 +824,10 @@ public class ProfileAdminServlet extends AdminServlet {
             String profileId = "";
             String policyId = "";
             @SuppressWarnings("unchecked")
-			Enumeration<String> names = req.getParameterNames();
+            Enumeration<String> names = req.getParameterNames();
 
             while (names.hasMoreElements()) {
-                String name =  names.nextElement();
+                String name = names.nextElement();
 
                 if (name.equals("OP_SCOPE"))
                     continue;
@@ -904,37 +905,38 @@ public class ProfileAdminServlet extends AdminServlet {
             // rethrow the specific exception to be handled later
             throw eAudit1;
             // } catch( ServletException eAudit2 ) {
-            //     // store a message in the signed audit log file
-            //     auditMessage = CMS.getLogMessage(
-            //                        LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE,
-            //                        auditSubjectID,
-            //                        ILogger.FAILURE,
-            //                        auditParams( req ) );
+            // // store a message in the signed audit log file
+            // auditMessage = CMS.getLogMessage(
+            // LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE,
+            // auditSubjectID,
+            // ILogger.FAILURE,
+            // auditParams( req ) );
             //
-            //     audit( auditMessage );
+            // audit( auditMessage );
             //
-            //     // rethrow the specific exception to be handled later
-            //     throw eAudit2;
+            // // rethrow the specific exception to be handled later
+            // throw eAudit2;
         }
     }
 
     /**
      * Delete profile input
      * <P>
-     *
+     * 
      * <ul>
      * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE used when
      * configuring cert profile (general settings and cert profile; obsoletes
      * extensions and constraints policies)
      * </ul>
+     * 
      * @param req HTTP servlet request
      * @param resp HTTP servlet response
      * @exception ServletException a servlet error has occurred
      * @exception IOException an input/output error has occurred
      */
     public void deleteProfileInput(HttpServletRequest req,
-        HttpServletResponse resp)
-        throws ServletException, IOException {
+            HttpServletResponse resp)
+            throws ServletException, IOException {
         String auditMessage = null;
         String auditSubjectID = auditSubjectID();
 
@@ -944,7 +946,7 @@ public class ProfileAdminServlet extends AdminServlet {
             String profileId = "";
             String inputId = "";
             @SuppressWarnings("unchecked")
-			Enumeration<String> names = req.getParameterNames();
+            Enumeration<String> names = req.getParameterNames();
 
             while (names.hasMoreElements()) {
                 String name = names.nextElement();
@@ -1022,37 +1024,38 @@ public class ProfileAdminServlet extends AdminServlet {
             // rethrow the specific exception to be handled later
             throw eAudit1;
             // } catch( ServletException eAudit2 ) {
-            //     // store a message in the signed audit log file
-            //     auditMessage = CMS.getLogMessage(
-            //                        LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE,
-            //                        auditSubjectID,
-            //                        ILogger.FAILURE,
-            //                        auditParams( req ) );
+            // // store a message in the signed audit log file
+            // auditMessage = CMS.getLogMessage(
+            // LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE,
+            // auditSubjectID,
+            // ILogger.FAILURE,
+            // auditParams( req ) );
             //
-            //     audit( auditMessage );
+            // audit( auditMessage );
             //
-            //     // rethrow the specific exception to be handled later
-            //     throw eAudit2;
+            // // rethrow the specific exception to be handled later
+            // throw eAudit2;
         }
     }
 
     /**
      * Delete profile output
      * <P>
-     *
+     * 
      * <ul>
      * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE used when
      * configuring cert profile (general settings and cert profile; obsoletes
      * extensions and constraints policies)
      * </ul>
+     * 
      * @param req HTTP servlet request
      * @param resp HTTP servlet response
      * @exception ServletException a servlet error has occurred
      * @exception IOException an input/output error has occurred
      */
     public void deleteProfileOutput(HttpServletRequest req,
-        HttpServletResponse resp)
-        throws ServletException, IOException {
+            HttpServletResponse resp)
+            throws ServletException, IOException {
         String auditMessage = null;
         String auditSubjectID = auditSubjectID();
 
@@ -1062,7 +1065,7 @@ public class ProfileAdminServlet extends AdminServlet {
             String profileId = "";
             String outputId = "";
             @SuppressWarnings("unchecked")
-			Enumeration<String> names = req.getParameterNames();
+            Enumeration<String> names = req.getParameterNames();
 
             while (names.hasMoreElements()) {
                 String name = (String) names.nextElement();
@@ -1140,37 +1143,38 @@ public class ProfileAdminServlet extends AdminServlet {
             // rethrow the specific exception to be handled later
             throw eAudit1;
             // } catch( ServletException eAudit2 ) {
-            //     // store a message in the signed audit log file
-            //     auditMessage = CMS.getLogMessage(
-            //                        LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE,
-            //                        auditSubjectID,
-            //                        ILogger.FAILURE,
-            //                        auditParams( req ) );
+            // // store a message in the signed audit log file
+            // auditMessage = CMS.getLogMessage(
+            // LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE,
+            // auditSubjectID,
+            // ILogger.FAILURE,
+            // auditParams( req ) );
             //
-            //     audit( auditMessage );
+            // audit( auditMessage );
             //
-            //     // rethrow the specific exception to be handled later
-            //     throw eAudit2;
+            // // rethrow the specific exception to be handled later
+            // throw eAudit2;
         }
     }
 
     /**
      * Add default policy profile configuration
      * <P>
-     *
+     * 
      * <ul>
      * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE used when
      * configuring cert profile (general settings and cert profile; obsoletes
      * extensions and constraints policies)
      * </ul>
+     * 
      * @param req HTTP servlet request
      * @param resp HTTP servlet response
      * @exception ServletException a servlet error has occurred
      * @exception IOException an input/output error has occurred
      */
     public void addPolicyDefaultConfig(HttpServletRequest req,
-        HttpServletResponse resp)
-        throws ServletException, IOException {
+            HttpServletResponse resp)
+            throws ServletException, IOException {
         String auditMessage = null;
         String auditSubjectID = auditSubjectID();
 
@@ -1201,7 +1205,7 @@ public class ProfileAdminServlet extends AdminServlet {
 
                 sendResponse(ERROR, null, null, resp);
                 return;
-            } 
+            }
 
             StringTokenizer ss = new StringTokenizer(policyId, ":");
             String setId = ss.nextToken();
@@ -1210,9 +1214,9 @@ public class ProfileAdminServlet extends AdminServlet {
             IProfilePolicy policy = profile.getProfilePolicy(setId, pId);
             IPolicyDefault def = policy.getDefault();
             IConfigStore defConfig = def.getConfigStore();
-        
+
             @SuppressWarnings("unchecked")
-			Enumeration<String> names = req.getParameterNames();
+            Enumeration<String> names = req.getParameterNames();
 
             while (names.hasMoreElements()) {
                 String name = (String) names.nextElement();
@@ -1224,18 +1228,20 @@ public class ProfileAdminServlet extends AdminServlet {
                 if (name.equals("RS_ID"))
                     continue;
                 try {
-                    def.setConfig(name,req.getParameter(name));
+                    def.setConfig(name, req.getParameter(name));
 
                 } catch (EPropertyException e) {
 
-                   CMS.debug("ProfileAdminServlet: modifyPolicyDefConfig setConfig exception.");
-                   try {
-                     profile.deleteProfilePolicy(setId, pId);
-                   } catch (Exception e11) {}
-                   sendResponse(ERROR,BAD_CONFIGURATION_VAL,null,resp);
-                   return;
+                    CMS.debug("ProfileAdminServlet: modifyPolicyDefConfig setConfig exception.");
+                    try {
+                        profile.deleteProfilePolicy(setId, pId);
+                    } catch (Exception e11) {
+                    }
+                    sendResponse(ERROR, BAD_CONFIGURATION_VAL, null, resp);
+                    return;
                 }
-                // defConfig.putString("params." + name, req.getParameter(name));
+                // defConfig.putString("params." + name,
+                // req.getParameter(name));
             }
             try {
                 profile.getConfigStore().commit(false);
@@ -1277,37 +1283,38 @@ public class ProfileAdminServlet extends AdminServlet {
             // rethrow the specific exception to be handled later
             throw eAudit1;
             // } catch( ServletException eAudit2 ) {
-            //     // store a message in the signed audit log file
-            //     auditMessage = CMS.getLogMessage(
-            //                        LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE,
-            //                        auditSubjectID,
-            //                        ILogger.FAILURE,
-            //                        auditParams( req ) );
+            // // store a message in the signed audit log file
+            // auditMessage = CMS.getLogMessage(
+            // LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE,
+            // auditSubjectID,
+            // ILogger.FAILURE,
+            // auditParams( req ) );
             //
-            //     audit( auditMessage );
+            // audit( auditMessage );
             //
-            //     // rethrow the specific exception to be handled later
-            //     throw eAudit2;
+            // // rethrow the specific exception to be handled later
+            // throw eAudit2;
         }
     }
 
     /**
      * Add policy constraints profile configuration
      * <P>
-     *
+     * 
      * <ul>
      * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE used when
      * configuring cert profile (general settings and cert profile; obsoletes
      * extensions and constraints policies)
      * </ul>
+     * 
      * @param req HTTP servlet request
      * @param resp HTTP servlet response
      * @exception ServletException a servlet error has occurred
      * @exception IOException an input/output error has occurred
      */
     public void addPolicyConstraintConfig(HttpServletRequest req,
-        HttpServletResponse resp)
-        throws ServletException, IOException {
+            HttpServletResponse resp)
+            throws ServletException, IOException {
         String auditMessage = null;
         String auditSubjectID = auditSubjectID();
 
@@ -1338,7 +1345,7 @@ public class ProfileAdminServlet extends AdminServlet {
 
                 sendResponse(ERROR, null, null, resp);
                 return;
-            } 
+            }
 
             StringTokenizer ss = new StringTokenizer(policyId, ":");
             String setId = ss.nextToken();
@@ -1349,10 +1356,10 @@ public class ProfileAdminServlet extends AdminServlet {
             IConfigStore conConfig = con.getConfigStore();
 
             @SuppressWarnings("unchecked")
-			Enumeration<String> names = req.getParameterNames();
+            Enumeration<String> names = req.getParameterNames();
 
             while (names.hasMoreElements()) {
-                String name =  names.nextElement();
+                String name = names.nextElement();
 
                 if (name.equals("OP_SCOPE"))
                     continue;
@@ -1362,18 +1369,20 @@ public class ProfileAdminServlet extends AdminServlet {
                     continue;
 
                 try {
-                    con.setConfig(name,req.getParameter(name));
+                    con.setConfig(name, req.getParameter(name));
 
                 } catch (EPropertyException e) {
 
-                   CMS.debug("ProfileAdminServlet: addPolicyConstraintsConfig setConfig exception.");
-                   try {
-                     profile.deleteProfilePolicy(setId, pId);
-                   } catch (Exception e11) {}
-                   sendResponse(ERROR,BAD_CONFIGURATION_VAL,null,resp);
-                   return;
+                    CMS.debug("ProfileAdminServlet: addPolicyConstraintsConfig setConfig exception.");
+                    try {
+                        profile.deleteProfilePolicy(setId, pId);
+                    } catch (Exception e11) {
+                    }
+                    sendResponse(ERROR, BAD_CONFIGURATION_VAL, null, resp);
+                    return;
                 }
-                // conConfig.putString("params." + name, req.getParameter(name));
+                // conConfig.putString("params." + name,
+                // req.getParameter(name));
             }
             try {
                 profile.getConfigStore().commit(false);
@@ -1416,37 +1425,38 @@ public class ProfileAdminServlet extends AdminServlet {
             // rethrow the specific exception to be handled later
             throw eAudit1;
             // } catch( ServletException eAudit2 ) {
-            //     // store a message in the signed audit log file
-            //     auditMessage = CMS.getLogMessage(
-            //                        LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE,
-            //                        auditSubjectID,
-            //                        ILogger.FAILURE,
-            //                        auditParams( req ) );
+            // // store a message in the signed audit log file
+            // auditMessage = CMS.getLogMessage(
+            // LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE,
+            // auditSubjectID,
+            // ILogger.FAILURE,
+            // auditParams( req ) );
             //
-            //     audit( auditMessage );
+            // audit( auditMessage );
             //
-            //     // rethrow the specific exception to be handled later
-            //     throw eAudit2;
+            // // rethrow the specific exception to be handled later
+            // throw eAudit2;
         }
     }
 
     /**
      * Modify default policy profile configuration
      * <P>
-     *
+     * 
      * <ul>
      * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE used when
      * configuring cert profile (general settings and cert profile; obsoletes
      * extensions and constraints policies)
      * </ul>
+     * 
      * @param req HTTP servlet request
      * @param resp HTTP servlet response
      * @exception ServletException a servlet error has occurred
      * @exception IOException an input/output error has occurred
      */
     public void modifyPolicyDefaultConfig(HttpServletRequest req,
-        HttpServletResponse resp)
-        throws ServletException, IOException {
+            HttpServletResponse resp)
+            throws ServletException, IOException {
         String auditMessage = null;
         String auditSubjectID = auditSubjectID();
 
@@ -1477,7 +1487,7 @@ public class ProfileAdminServlet extends AdminServlet {
 
                 sendResponse(ERROR, null, null, resp);
                 return;
-            } 
+            }
 
             StringTokenizer ss = new StringTokenizer(policyId, ":");
             String setId = ss.nextToken();
@@ -1485,9 +1495,9 @@ public class ProfileAdminServlet extends AdminServlet {
             IProfilePolicy policy = profile.getProfilePolicy(setId, pId);
             IPolicyDefault def = policy.getDefault();
             IConfigStore defConfig = def.getConfigStore();
-        
+
             @SuppressWarnings("unchecked")
-			Enumeration<String> names = req.getParameterNames();
+            Enumeration<String> names = req.getParameterNames();
 
             while (names.hasMoreElements()) {
                 String name = (String) names.nextElement();
@@ -1499,15 +1509,16 @@ public class ProfileAdminServlet extends AdminServlet {
                 if (name.equals("RS_ID"))
                     continue;
                 try {
-                    def.setConfig(name,req.getParameter(name));
+                    def.setConfig(name, req.getParameter(name));
 
                 } catch (EPropertyException e) {
 
-                   CMS.debug("ProfileAdminServlet: modifyPolicyDefConfig setConfig exception.");
-                   sendResponse(ERROR,BAD_CONFIGURATION_VAL,null,resp);
-                   return;
+                    CMS.debug("ProfileAdminServlet: modifyPolicyDefConfig setConfig exception.");
+                    sendResponse(ERROR, BAD_CONFIGURATION_VAL, null, resp);
+                    return;
                 }
-               //  defConfig.putString("params." + name, req.getParameter(name));
+                // defConfig.putString("params." + name,
+                // req.getParameter(name));
             }
             try {
                 profile.getConfigStore().commit(false);
@@ -1549,37 +1560,38 @@ public class ProfileAdminServlet extends AdminServlet {
             // rethrow the specific exception to be handled later
             throw eAudit1;
             // } catch( ServletException eAudit2 ) {
-            //     // store a message in the signed audit log file
-            //     auditMessage = CMS.getLogMessage(
-            //                        LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE,
-            //                        auditSubjectID,
-            //                        ILogger.FAILURE,
-            //                        auditParams( req ) );
+            // // store a message in the signed audit log file
+            // auditMessage = CMS.getLogMessage(
+            // LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE,
+            // auditSubjectID,
+            // ILogger.FAILURE,
+            // auditParams( req ) );
             //
-            //     audit( auditMessage );
+            // audit( auditMessage );
             //
-            //     // rethrow the specific exception to be handled later
-            //     throw eAudit2;
+            // // rethrow the specific exception to be handled later
+            // throw eAudit2;
         }
     }
 
     /**
      * Modify profile input configuration
      * <P>
-     *
+     * 
      * <ul>
      * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE used when
      * configuring cert profile (general settings and cert profile; obsoletes
      * extensions and constraints policies)
      * </ul>
+     * 
      * @param req HTTP servlet request
      * @param resp HTTP servlet response
      * @exception ServletException a servlet error has occurred
      * @exception IOException an input/output error has occurred
      */
     public void modifyInputConfig(HttpServletRequest req,
-        HttpServletResponse resp)
-        throws ServletException, IOException {
+            HttpServletResponse resp)
+            throws ServletException, IOException {
         String auditMessage = null;
         String auditSubjectID = auditSubjectID();
 
@@ -1616,7 +1628,7 @@ public class ProfileAdminServlet extends AdminServlet {
             IConfigStore inputConfig = input.getConfigStore();
 
             @SuppressWarnings("unchecked")
-			Enumeration<String> names = req.getParameterNames();
+            Enumeration<String> names = req.getParameterNames();
 
             while (names.hasMoreElements()) {
                 String name = (String) names.nextElement();
@@ -1669,37 +1681,38 @@ public class ProfileAdminServlet extends AdminServlet {
             // rethrow the specific exception to be handled later
             throw eAudit1;
             // } catch( ServletException eAudit2 ) {
-            //     // store a message in the signed audit log file
-            //     auditMessage = CMS.getLogMessage(
-            //                        LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE,
-            //                        auditSubjectID,
-            //                        ILogger.FAILURE,
-            //                        auditParams( req ) );
+            // // store a message in the signed audit log file
+            // auditMessage = CMS.getLogMessage(
+            // LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE,
+            // auditSubjectID,
+            // ILogger.FAILURE,
+            // auditParams( req ) );
             //
-            //     audit( auditMessage );
+            // audit( auditMessage );
             //
-            //     // rethrow the specific exception to be handled later
-            //     throw eAudit2;
+            // // rethrow the specific exception to be handled later
+            // throw eAudit2;
         }
     }
 
     /**
      * Modify profile output configuration
      * <P>
-     *
+     * 
      * <ul>
      * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE used when
      * configuring cert profile (general settings and cert profile; obsoletes
      * extensions and constraints policies)
      * </ul>
+     * 
      * @param req HTTP servlet request
      * @param resp HTTP servlet response
      * @exception ServletException a servlet error has occurred
      * @exception IOException an input/output error has occurred
      */
     public void modifyOutputConfig(HttpServletRequest req,
-        HttpServletResponse resp)
-        throws ServletException, IOException {
+            HttpServletResponse resp)
+            throws ServletException, IOException {
         String auditMessage = null;
         String auditSubjectID = auditSubjectID();
 
@@ -1736,7 +1749,7 @@ public class ProfileAdminServlet extends AdminServlet {
             IConfigStore outputConfig = output.getConfigStore();
 
             @SuppressWarnings("unchecked")
-			Enumeration<String> names = req.getParameterNames();
+            Enumeration<String> names = req.getParameterNames();
 
             while (names.hasMoreElements()) {
                 String name = (String) names.nextElement();
@@ -1748,7 +1761,7 @@ public class ProfileAdminServlet extends AdminServlet {
                 if (name.equals("RS_ID"))
                     continue;
                 outputConfig.putString("params." + name,
-                    req.getParameter(name));
+                        req.getParameter(name));
             }
             try {
                 profile.getConfigStore().commit(false);
@@ -1790,37 +1803,38 @@ public class ProfileAdminServlet extends AdminServlet {
             // rethrow the specific exception to be handled later
             throw eAudit1;
             // } catch( ServletException eAudit2 ) {
-            //     // store a message in the signed audit log file
-            //     auditMessage = CMS.getLogMessage(
-            //                        LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE,
-            //                        auditSubjectID,
-            //                        ILogger.FAILURE,
-            //                        auditParams( req ) );
+            // // store a message in the signed audit log file
+            // auditMessage = CMS.getLogMessage(
+            // LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE,
+            // auditSubjectID,
+            // ILogger.FAILURE,
+            // auditParams( req ) );
             //
-            //     audit( auditMessage );
+            // audit( auditMessage );
             //
-            //     // rethrow the specific exception to be handled later
-            //     throw eAudit2;
+            // // rethrow the specific exception to be handled later
+            // throw eAudit2;
         }
     }
 
     /**
      * Modify policy constraints profile configuration
      * <P>
-     *
+     * 
      * <ul>
      * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE used when
      * configuring cert profile (general settings and cert profile; obsoletes
      * extensions and constraints policies)
      * </ul>
+     * 
      * @param req HTTP servlet request
      * @param resp HTTP servlet response
      * @exception ServletException a servlet error has occurred
      * @exception IOException an input/output error has occurred
      */
     public void modifyPolicyConstraintConfig(HttpServletRequest req,
-        HttpServletResponse resp)
-        throws ServletException, IOException {
+            HttpServletResponse resp)
+            throws ServletException, IOException {
         String auditMessage = null;
         String auditSubjectID = auditSubjectID();
 
@@ -1851,7 +1865,7 @@ public class ProfileAdminServlet extends AdminServlet {
 
                 sendResponse(ERROR, null, null, resp);
                 return;
-            } 
+            }
 
             StringTokenizer ss = new StringTokenizer(policyId, ":");
             String setId = ss.nextToken();
@@ -1861,9 +1875,9 @@ public class ProfileAdminServlet extends AdminServlet {
             IConfigStore conConfig = con.getConfigStore();
 
             @SuppressWarnings("unchecked")
-			Enumeration<String> names = req.getParameterNames();
+            Enumeration<String> names = req.getParameterNames();
 
-            CMS.debug("ProfileAdminServlet: modifyPolicyConstraintConfig policy " + policy + " con " + con); 
+            CMS.debug("ProfileAdminServlet: modifyPolicyConstraintConfig policy " + policy + " con " + con);
             while (names.hasMoreElements()) {
                 String name = (String) names.nextElement();
 
@@ -1874,17 +1888,19 @@ public class ProfileAdminServlet extends AdminServlet {
                 if (name.equals("RS_ID"))
                     continue;
 
-             //   CMS.debug("ProfileAdminServlet: modifyPolicyConstraintConfig name" + name  + " val " + req.getParameter(name));
+                // CMS.debug("ProfileAdminServlet: modifyPolicyConstraintConfig name"
+                // + name + " val " + req.getParameter(name));
                 try {
-                    con.setConfig(name,req.getParameter(name));
+                    con.setConfig(name, req.getParameter(name));
 
                 } catch (EPropertyException e) {
 
-                   CMS.debug("ProfileAdminServlet: modifyPolicyConstraintsConfig setConfig exception.");
-                   sendResponse(ERROR,BAD_CONFIGURATION_VAL,null,resp);
-                   return;
+                    CMS.debug("ProfileAdminServlet: modifyPolicyConstraintsConfig setConfig exception.");
+                    sendResponse(ERROR, BAD_CONFIGURATION_VAL, null, resp);
+                    return;
                 }
-                //conConfig.putString("params." + name, req.getParameter(name));
+                // conConfig.putString("params." + name,
+                // req.getParameter(name));
             }
             try {
                 profile.getConfigStore().commit(false);
@@ -1927,23 +1943,23 @@ public class ProfileAdminServlet extends AdminServlet {
             // rethrow the specific exception to be handled later
             throw eAudit1;
             // } catch( ServletException eAudit2 ) {
-            //     // store a message in the signed audit log file
-            //     auditMessage = CMS.getLogMessage(
-            //                        LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE,
-            //                        auditSubjectID,
-            //                        ILogger.FAILURE,
-            //                        auditParams( req ) );
+            // // store a message in the signed audit log file
+            // auditMessage = CMS.getLogMessage(
+            // LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE,
+            // auditSubjectID,
+            // ILogger.FAILURE,
+            // auditParams( req ) );
             //
-            //     audit( auditMessage );
+            // audit( auditMessage );
             //
-            //     // rethrow the specific exception to be handled later
-            //     throw eAudit2;
+            // // rethrow the specific exception to be handled later
+            // throw eAudit2;
         }
     }
 
     public void getPolicyDefaultConfig(HttpServletRequest req,
-        HttpServletResponse resp)
-        throws ServletException, IOException {
+            HttpServletResponse resp)
+            throws ServletException, IOException {
         String id = req.getParameter(Constants.RS_ID);
 
         StringTokenizer st = new StringTokenizer(id, ";");
@@ -1955,9 +1971,9 @@ public class ProfileAdminServlet extends AdminServlet {
         try {
             profile = mProfileSub.getProfile(profileId);
         } catch (EBaseException e1) {
-            CMS.debug( "ProfileAdminServlet::getPolicyDefaultConfig() - " +
-                       "profile is null!" );
-            throw new ServletException( e1.toString() );
+            CMS.debug("ProfileAdminServlet::getPolicyDefaultConfig() - " +
+                       "profile is null!");
+            throw new ServletException(e1.toString());
         }
 
         IProfilePolicy policy = null;
@@ -1987,15 +2003,15 @@ public class ProfileAdminServlet extends AdminServlet {
     }
 
     public void getPolicyConstraintConfig(HttpServletRequest req,
-        HttpServletResponse resp)
-        throws ServletException, IOException {
+            HttpServletResponse resp)
+            throws ServletException, IOException {
         String id = req.getParameter(Constants.RS_ID);
         String constraintsList = req.getParameter(Constants.PR_CONSTRAINTS_LIST);
 
         // this one gets called when one of the elements in the default list get
         // selected, then it returns the list of supported constraintsPolicy
         if (constraintsList != null) {
-            
+
         }
 
         StringTokenizer st = new StringTokenizer(id, ";");
@@ -2007,9 +2023,9 @@ public class ProfileAdminServlet extends AdminServlet {
         try {
             profile = mProfileSub.getProfile(profileId);
         } catch (EBaseException e1) {
-            CMS.debug( "ProfileAdminServlet::getPolicyConstraintConfig() - " +
-                       "profile is null!" );
-            throw new ServletException( e1.toString() );
+            CMS.debug("ProfileAdminServlet::getPolicyConstraintConfig() - " +
+                       "profile is null!");
+            throw new ServletException(e1.toString());
         }
 
         StringTokenizer ss = new StringTokenizer(policyId, ":");
@@ -2035,8 +2051,8 @@ public class ProfileAdminServlet extends AdminServlet {
     }
 
     public void getProfilePolicy(HttpServletRequest req,
-        HttpServletResponse resp)
-        throws ServletException, IOException {
+            HttpServletResponse resp)
+            throws ServletException, IOException {
         String id = req.getParameter(Constants.RS_ID);
 
         // only allow profile retrival if it is disabled
@@ -2046,9 +2062,9 @@ public class ProfileAdminServlet extends AdminServlet {
         try {
             profile = mProfileSub.getProfile(id);
         } catch (EBaseException e1) {
-            CMS.debug( "ProfileAdminServlet::getProfilePolicy() - " +
-                       "profile is null!" );
-            throw new ServletException( e1.toString() );
+            CMS.debug("ProfileAdminServlet::getProfilePolicy() - " +
+                       "profile is null!");
+            throw new ServletException(e1.toString());
         }
 
         NameValuePairs nvp = new NameValuePairs();
@@ -2070,9 +2086,9 @@ public class ProfileAdminServlet extends AdminServlet {
                 IPolicyConstraint con = policy.getConstraint();
                 IConfigStore conConfig = con.getConfigStore();
 
-                nvp.add(setId + ":" + policy.getId(), 
-                    def.getName(getLocale(req)) + ";" + 
-                    con.getName(getLocale(req)));
+                nvp.add(setId + ":" + policy.getId(),
+                        def.getName(getLocale(req)) + ";" +
+                                con.getName(getLocale(req)));
             }
         }
 
@@ -2080,17 +2096,17 @@ public class ProfileAdminServlet extends AdminServlet {
     }
 
     public void getProfileOutput(HttpServletRequest req,
-        HttpServletResponse resp)
-        throws ServletException, IOException {
+            HttpServletResponse resp)
+            throws ServletException, IOException {
         String id = req.getParameter(Constants.RS_ID);
         IProfile profile = null;
 
         try {
             profile = mProfileSub.getProfile(id);
         } catch (EBaseException e1) {
-            CMS.debug( "ProfileAdminServlet::getProfileOutput() - " +
-                       "profile is null!" );
-            throw new ServletException( e1.toString() );
+            CMS.debug("ProfileAdminServlet::getProfileOutput() - " +
+                       "profile is null!");
+            throw new ServletException(e1.toString());
         }
 
         NameValuePairs nvp = new NameValuePairs();
@@ -2107,17 +2123,17 @@ public class ProfileAdminServlet extends AdminServlet {
     }
 
     public void getProfileInput(HttpServletRequest req,
-        HttpServletResponse resp)
-        throws ServletException, IOException {
+            HttpServletResponse resp)
+            throws ServletException, IOException {
         String id = req.getParameter(Constants.RS_ID);
         IProfile profile = null;
 
         try {
             profile = mProfileSub.getProfile(id);
         } catch (EBaseException e1) {
-            CMS.debug( "ProfileAdminServlet::getProfileInput() - " +
-                       "profile is null!" );
-            throw new ServletException( e1.toString() );
+            CMS.debug("ProfileAdminServlet::getProfileInput() - " +
+                       "profile is null!");
+            throw new ServletException(e1.toString());
         }
 
         NameValuePairs nvp = new NameValuePairs();
@@ -2134,9 +2150,9 @@ public class ProfileAdminServlet extends AdminServlet {
     }
 
     public void getInputConfig(HttpServletRequest req,
-        HttpServletResponse resp)
-        throws ServletException, IOException {
-        
+            HttpServletResponse resp)
+            throws ServletException, IOException {
+
         String id = req.getParameter(Constants.RS_ID);
         StringTokenizer st = new StringTokenizer(id, ";");
         String profileId = st.nextToken();
@@ -2146,9 +2162,9 @@ public class ProfileAdminServlet extends AdminServlet {
         try {
             profile = mProfileSub.getProfile(profileId);
         } catch (EBaseException e1) {
-            CMS.debug( "ProfileAdminServlet::getInputConfig() - " +
-                       "profile is null!" );
-            throw new ServletException( e1.toString() );
+            CMS.debug("ProfileAdminServlet::getInputConfig() - " +
+                       "profile is null!");
+            throw new ServletException(e1.toString());
         }
 
         IProfileInput profileInput = null;
@@ -2160,14 +2176,14 @@ public class ProfileAdminServlet extends AdminServlet {
         while (names.hasMoreElements()) {
             String name = names.nextElement();
             IDescriptor desc = profileInput.getConfigDescriptor(
-		getLocale(req), name);
+                    getLocale(req), name);
             if (desc == null) {
                 nvp.add(name, ";" + ";" + profileInput.getConfig(name));
             } else {
-                nvp.add(name, desc.getSyntax() + ";" + 
+                nvp.add(name, desc.getSyntax() + ";" +
                         getNonNull(desc.getConstraint()) + ";" +
                         desc.getDescription(getLocale(req)) + ";" +
-			profileInput.getConfig(name));
+                        profileInput.getConfig(name));
             }
         }
 
@@ -2175,8 +2191,8 @@ public class ProfileAdminServlet extends AdminServlet {
     }
 
     public void getOutputConfig(HttpServletRequest req,
-        HttpServletResponse resp)
-        throws ServletException, IOException {
+            HttpServletResponse resp)
+            throws ServletException, IOException {
 
         String id = req.getParameter(Constants.RS_ID);
         StringTokenizer st = new StringTokenizer(id, ";");
@@ -2187,9 +2203,9 @@ public class ProfileAdminServlet extends AdminServlet {
         try {
             profile = mProfileSub.getProfile(profileId);
         } catch (EBaseException e1) {
-            CMS.debug( "ProfileAdminServlet::getOutputConfig() - " +
-                       "profile is null!" );
-            throw new ServletException( e1.toString() );
+            CMS.debug("ProfileAdminServlet::getOutputConfig() - " +
+                       "profile is null!");
+            throw new ServletException(e1.toString());
         }
 
         IProfileOutput profileOutput = null;
@@ -2201,14 +2217,14 @@ public class ProfileAdminServlet extends AdminServlet {
         while (names.hasMoreElements()) {
             String name = names.nextElement();
             IDescriptor desc = profileOutput.getConfigDescriptor(
-		getLocale(req), name);
+                    getLocale(req), name);
             if (desc == null) {
                 nvp.add(name, ";" + ";" + profileOutput.getConfig(name));
             } else {
-                nvp.add(name, desc.getSyntax() + ";" + 
+                nvp.add(name, desc.getSyntax() + ";" +
                         getNonNull(desc.getConstraint()) + ";" +
                         desc.getDescription(getLocale(req)) + ";" +
-			profileOutput.getConfig(name));
+                        profileOutput.getConfig(name));
             }
         }
 
@@ -2216,14 +2232,14 @@ public class ProfileAdminServlet extends AdminServlet {
     }
 
     public void listProfileInstances(HttpServletRequest req,
-        HttpServletResponse resp)
-        throws ServletException, IOException {
+            HttpServletResponse resp)
+            throws ServletException, IOException {
 
         NameValuePairs nvp = new NameValuePairs();
         Enumeration<String> e = mProfileSub.getProfileIds();
 
         while (e.hasMoreElements()) {
-            String profileId =  e.nextElement();
+            String profileId = e.nextElement();
             IProfile profile = null;
 
             try {
@@ -2231,7 +2247,7 @@ public class ProfileAdminServlet extends AdminServlet {
             } catch (EBaseException e1) {
                 // error
             }
-        
+
             String status = null;
 
             if (mProfileSub.isProfileEnable(profileId)) {
@@ -2247,8 +2263,8 @@ public class ProfileAdminServlet extends AdminServlet {
     }
 
     public void getProfileInstanceConfig(HttpServletRequest req,
-        HttpServletResponse resp)
-        throws ServletException, IOException {
+            HttpServletResponse resp)
+            throws ServletException, IOException {
 
         String id = req.getParameter(Constants.RS_ID);
         IProfile profile = null;
@@ -2256,9 +2272,9 @@ public class ProfileAdminServlet extends AdminServlet {
         try {
             profile = mProfileSub.getProfile(id);
         } catch (EBaseException e1) {
-            CMS.debug( "ProfileAdminServlet::getProfileInstanceConfig() - " +
-                       "profile is null!" );
-            throw new ServletException( e1.toString() );
+            CMS.debug("ProfileAdminServlet::getProfileInstanceConfig() - " +
+                       "profile is null!");
+            throw new ServletException(e1.toString());
         }
 
         NameValuePairs nvp = new NameValuePairs();
@@ -2285,20 +2301,21 @@ public class ProfileAdminServlet extends AdminServlet {
     /**
      * Delete profile instance
      * <P>
-     *
+     * 
      * <ul>
      * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE used when
      * configuring cert profile (general settings and cert profile; obsoletes
      * extensions and constraints policies)
      * </ul>
+     * 
      * @param req HTTP servlet request
      * @param resp HTTP servlet response
      * @exception ServletException a servlet error has occurred
      * @exception IOException an input/output error has occurred
      */
     public void deleteProfileInstance(HttpServletRequest req,
-        HttpServletResponse resp)
-        throws ServletException, IOException {
+            HttpServletResponse resp)
+            throws ServletException, IOException {
         String auditMessage = null;
         String auditSubjectID = auditSubjectID();
 
@@ -2324,14 +2341,14 @@ public class ProfileAdminServlet extends AdminServlet {
 
             String config = null;
 
-            ISubsystem subsystem = CMS.getSubsystem("ca"); 
+            ISubsystem subsystem = CMS.getSubsystem("ca");
             String subname = "ca";
 
-            if (subsystem == null) 
-                 subname = "ra";
+            if (subsystem == null)
+                subname = "ra";
 
             try {
-                config = CMS.getConfigStore().getString("instanceRoot") + 
+                config = CMS.getConfigStore().getString("instanceRoot") +
                         "/profiles/" + subname + "/" + id + ".cfg";
             } catch (EBaseException e) {
                 // store a message in the signed audit log file
@@ -2346,7 +2363,7 @@ public class ProfileAdminServlet extends AdminServlet {
                 sendResponse(ERROR, null, null, resp);
                 return;
             }
-        
+
             try {
                 mProfileSub.deleteProfile(id, config);
             } catch (EProfileException e) {
@@ -2386,22 +2403,22 @@ public class ProfileAdminServlet extends AdminServlet {
             // rethrow the specific exception to be handled later
             throw eAudit1;
             // } catch( ServletException eAudit2 ) {
-            //     // store a message in the signed audit log file
-            //     auditMessage = CMS.getLogMessage(
-            //                        LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE,
-            //                        auditSubjectID,
-            //                        ILogger.FAILURE,
-            //                        auditParams( req ) );
+            // // store a message in the signed audit log file
+            // auditMessage = CMS.getLogMessage(
+            // LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE,
+            // auditSubjectID,
+            // ILogger.FAILURE,
+            // auditParams( req ) );
             //
-            //     audit( auditMessage );
+            // audit( auditMessage );
             //
-            //     // rethrow the specific exception to be handled later
-            //     throw eAudit2;
+            // // rethrow the specific exception to be handled later
+            // throw eAudit2;
         }
     }
 
     public void
-    putUserPWPair(String combo) {
+            putUserPWPair(String combo) {
         int semicolon;
 
         semicolon = combo.indexOf(";");
@@ -2411,12 +2428,11 @@ public class ProfileAdminServlet extends AdminServlet {
         CMS.putPasswordCache(user, pw);
     }
 
-    public boolean isValidId(String id)
-    {
+    public boolean isValidId(String id) {
         for (int i = 0; i < id.length(); i++) {
-           char c = id.charAt(i);
-           if (!Character.isLetterOrDigit(c))
-             return false;
+            char c = id.charAt(i);
+            if (!Character.isLetterOrDigit(c))
+                return false;
         }
         return true;
     }
@@ -2424,20 +2440,21 @@ public class ProfileAdminServlet extends AdminServlet {
     /**
      * Add profile instance
      * <P>
-     *
+     * 
      * <ul>
      * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE used when
      * configuring cert profile (general settings and cert profile; obsoletes
      * extensions and constraints policies)
      * </ul>
+     * 
      * @param req HTTP servlet request
      * @param resp HTTP servlet response
      * @exception ServletException a servlet error has occurred
      * @exception IOException an input/output error has occurred
      */
     public void addProfileInstance(HttpServletRequest req,
-        HttpServletResponse resp)
-        throws ServletException, IOException {
+            HttpServletResponse resp)
+            throws ServletException, IOException {
         String auditMessage = null;
         String auditSubjectID = auditSubjectID();
 
@@ -2465,14 +2482,14 @@ public class ProfileAdminServlet extends AdminServlet {
             IProfile p = null;
 
             try {
-                p = mProfileSub.getProfile(id); 
+                p = mProfileSub.getProfile(id);
             } catch (EProfileException e1) {
             }
             if (p != null) {
                 sendResponse(ERROR, POLICY_INST_ID_ALREADY_USED, null, resp);
                 return;
             }
-            
+
             String impl = req.getParameter("impl");
             String name = req.getParameter("name");
             String desc = req.getParameter("desc");
@@ -2516,8 +2533,8 @@ public class ProfileAdminServlet extends AdminServlet {
                 profile = mProfileSub.createProfile(id, impl,
                             info.getClassName(),
                             config);
-                profile.setName(getLocale(req), name); 
-                profile.setDescription(getLocale(req), name); 
+                profile.setName(getLocale(req), name);
+                profile.setDescription(getLocale(req), name);
                 if (visible != null && visible.equals("true")) {
                     profile.setVisible(true);
                 } else {
@@ -2528,10 +2545,10 @@ public class ProfileAdminServlet extends AdminServlet {
 
                 mProfileSub.createProfileConfig(id, impl, config);
                 if (profile instanceof IProfileEx) {
-                  // populates profile specific plugins such as
- 	          // policies, inputs and outputs
-                  ((IProfileEx)profile).populate();
-                }  
+                    // populates profile specific plugins such as
+                    // policies, inputs and outputs
+                    ((IProfileEx) profile).populate();
+                }
             } catch (Exception e) {
                 CMS.debug("ProfileAdminServlet: " + e.toString());
 
@@ -2571,37 +2588,38 @@ public class ProfileAdminServlet extends AdminServlet {
             // rethrow the specific exception to be handled later
             throw eAudit1;
             // } catch( ServletException eAudit2 ) {
-            //     // store a message in the signed audit log file
-            //     auditMessage = CMS.getLogMessage(
-            //                        LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE,
-            //                        auditSubjectID,
-            //                        ILogger.FAILURE,
-            //                        auditParams( req ) );
+            // // store a message in the signed audit log file
+            // auditMessage = CMS.getLogMessage(
+            // LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE,
+            // auditSubjectID,
+            // ILogger.FAILURE,
+            // auditParams( req ) );
             //
-            //     audit( auditMessage );
+            // audit( auditMessage );
             //
-            //     // rethrow the specific exception to be handled later
-            //     throw eAudit2;
+            // // rethrow the specific exception to be handled later
+            // throw eAudit2;
         }
     }
 
     /**
      * Modify profile instance
      * <P>
-     *
+     * 
      * <ul>
      * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE used when
      * configuring cert profile (general settings and cert profile; obsoletes
      * extensions and constraints policies)
      * </ul>
+     * 
      * @param req HTTP servlet request
      * @param resp HTTP servlet response
      * @exception ServletException a servlet error has occurred
      * @exception IOException an input/output error has occurred
      */
     public void modifyProfileInstance(HttpServletRequest req,
-        HttpServletResponse resp)
-        throws ServletException, IOException {
+            HttpServletResponse resp)
+            throws ServletException, IOException {
         String auditMessage = null;
         String auditSubjectID = auditSubjectID();
 
@@ -2656,7 +2674,7 @@ public class ProfileAdminServlet extends AdminServlet {
             audit(auditMessage);
 
             try {
-              profile.getConfigStore().commit(false);
+                profile.getConfigStore().commit(false);
             } catch (Exception e) {
             }
 
@@ -2674,25 +2692,24 @@ public class ProfileAdminServlet extends AdminServlet {
             // rethrow the specific exception to be handled later
             throw eAudit1;
             // } catch( ServletException eAudit2 ) {
-            //     // store a message in the signed audit log file
-            //     auditMessage = CMS.getLogMessage(
-            //                        LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE,
-            //                        auditSubjectID,
-            //                        ILogger.FAILURE,
-            //                        auditParams( req ) );
+            // // store a message in the signed audit log file
+            // auditMessage = CMS.getLogMessage(
+            // LOGGING_SIGNED_AUDIT_CONFIG_CERT_PROFILE,
+            // auditSubjectID,
+            // ILogger.FAILURE,
+            // auditParams( req ) );
             //
-            //     audit( auditMessage );
+            // audit( auditMessage );
             //
-            //     // rethrow the specific exception to be handled later
-            //     throw eAudit2;
+            // // rethrow the specific exception to be handled later
+            // throw eAudit2;
         }
     }
 
-   protected String getNonNull(String s) {
-       if (s == null)
-           return "";
-       return s;
-   }
+    protected String getNonNull(String s) {
+        if (s == null)
+            return "";
+        return s;
+    }
 
 }
-
diff --git a/pki/base/common/src/com/netscape/cms/servlet/admin/PublisherAdminServlet.java b/pki/base/common/src/com/netscape/cms/servlet/admin/PublisherAdminServlet.java
index 2842542e..b71bf4f1 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/admin/PublisherAdminServlet.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/admin/PublisherAdminServlet.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.servlet.admin;
 
-
 import java.io.IOException;
 import java.util.Enumeration;
 import java.util.Locale;
@@ -68,12 +67,11 @@ import com.netscape.certsrv.publish.RulePlugin;
 import com.netscape.certsrv.security.ICryptoSubsystem;
 import com.netscape.cmsutil.password.IPasswordStore;
 
-
 /**
- * A class representing an publishing servlet for the
- * Publishing subsystem.  This servlet is responsible
- * to serve configuration requests for the Publishing subsystem.
- *
+ * A class representing an publishing servlet for the Publishing subsystem. This
+ * servlet is responsible to serve configuration requests for the Publishing
+ * subsystem.
+ * 
  * @version $Revision$, $Date$
  */
 public class PublisherAdminServlet extends AdminServlet {
@@ -85,8 +83,8 @@ public class PublisherAdminServlet extends AdminServlet {
     public final static String PROP_AUTHORITY = "authority";
 
     private final static String INFO = "PublisherAdminServlet";
-    private final static String PW_TAG_CA_LDAP_PUBLISHING = 
-        "CA LDAP Publishing";
+    private final static String PW_TAG_CA_LDAP_PUBLISHING =
+            "CA LDAP Publishing";
     public final static String NOMAPPER = "<NONE>";
     private IPublisherProcessor mProcessor = null;
     private IAuthority mAuth = null;
@@ -110,22 +108,22 @@ public class PublisherAdminServlet extends AdminServlet {
         if (mAuth != null)
             if (mAuth instanceof ICertificateAuthority) {
                 mProcessor = ((ICertificateAuthority) mAuth).getPublisherProcessor();
-            } else 
-                throw new ServletException(authority + "  does not have publishing processor!"); 
+            } else
+                throw new ServletException(authority + "  does not have publishing processor!");
     }
 
     /**
      * Returns serlvet information.
      */
-    public String getServletInfo() { 
-        return INFO; 
+    public String getServletInfo() {
+        return INFO;
     }
 
     /**
      * Serves HTTP admin request.
      */
     public void service(HttpServletRequest req, HttpServletResponse resp)
-        throws ServletException, IOException {
+            throws ServletException, IOException {
         super.service(req, resp);
 
         CMS.debug("PublisherAdminServlet: in service");
@@ -133,14 +131,14 @@ public class PublisherAdminServlet extends AdminServlet {
         String op = req.getParameter(Constants.OP_TYPE);
 
         if (op == null) {
-            //System.out.println("SRVLT_INVALID_PROTOCOL");
-            sendResponse(ERROR, 
-                CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_PROTOCOL"),
-                null, resp);
+            // System.out.println("SRVLT_INVALID_PROTOCOL");
+            sendResponse(ERROR,
+                    CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_PROTOCOL"),
+                    null, resp);
             return;
         }
 
-        // for the rest					
+        // for the rest
         try {
             super.authenticate(req);
 
@@ -149,8 +147,8 @@ public class PublisherAdminServlet extends AdminServlet {
                 return;
             }
         } catch (IOException e) {
-            sendResponse(ERROR, CMS.getUserMessage(getLocale(req),"CMS_ADMIN_SRVLT_AUTHS_FAILED"), 
-                null, resp);
+            sendResponse(ERROR, CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHS_FAILED"),
+                    null, resp);
             return;
         }
         try {
@@ -160,8 +158,8 @@ public class PublisherAdminServlet extends AdminServlet {
                     mOp = "read";
                     if ((mToken = super.authorize(req)) == null) {
                         sendResponse(ERROR,
-                            CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
-                            null, resp);
+                                CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
+                                null, resp);
                         return;
                     }
                     if (scope.equals(ScopeDef.SC_LDAP)) {
@@ -188,13 +186,13 @@ public class PublisherAdminServlet extends AdminServlet {
                     } else if (scope.equals(ScopeDef.SC_RULE_RULES)) {
                         getRuleInstConfig(req, resp);
                         return;
-                    } 
+                    }
                 } else if (op.equals(OpDef.OP_MODIFY)) {
                     mOp = "modify";
                     if ((mToken = super.authorize(req)) == null) {
                         sendResponse(ERROR,
-                            CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
-                            null, resp);
+                                CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
+                                null, resp);
                         return;
                     }
                     if (scope.equals(ScopeDef.SC_LDAP)) {
@@ -214,20 +212,20 @@ public class PublisherAdminServlet extends AdminServlet {
                     mOp = "modify";
                     if ((mToken = super.authorize(req)) == null) {
                         sendResponse(ERROR,
-                            CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
-                            null, resp);
+                                CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
+                                null, resp);
                         return;
                     }
                     if (scope.equals(ScopeDef.SC_LDAP)) {
                         testSetLDAPDest(req, resp);
                         return;
-                    } 
+                    }
                 } else if (op.equals(OpDef.OP_SEARCH)) {
                     mOp = "read";
                     if ((mToken = super.authorize(req)) == null) {
                         sendResponse(ERROR,
-                            CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
-                            null, resp);
+                                CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
+                                null, resp);
                         return;
                     }
                     if (scope.equals(ScopeDef.SC_PUBLISHER_IMPLS)) {
@@ -242,7 +240,7 @@ public class PublisherAdminServlet extends AdminServlet {
                     } else if (scope.equals(ScopeDef.SC_MAPPER_RULES)) {
                         listMapperInsts(req, resp);
                         return;
-                    } else if (scope.equals(ScopeDef.SC_RULE_IMPLS)) { 
+                    } else if (scope.equals(ScopeDef.SC_RULE_IMPLS)) {
                         listRulePlugins(req, resp);
                         return;
                     } else if (scope.equals(ScopeDef.SC_RULE_RULES)) {
@@ -253,8 +251,8 @@ public class PublisherAdminServlet extends AdminServlet {
                     mOp = "modify";
                     if ((mToken = super.authorize(req)) == null) {
                         sendResponse(ERROR,
-                            CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
-                            null, resp);
+                                CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
+                                null, resp);
                         return;
                     }
                     if (scope.equals(ScopeDef.SC_PUBLISHER_IMPLS)) {
@@ -275,13 +273,13 @@ public class PublisherAdminServlet extends AdminServlet {
                     } else if (scope.equals(ScopeDef.SC_RULE_RULES)) {
                         addRuleInst(req, resp, scope);
                         return;
-                    } 
+                    }
                 } else if (op.equals(OpDef.OP_DELETE)) {
                     mOp = "modify";
                     if ((mToken = super.authorize(req)) == null) {
                         sendResponse(ERROR,
-                            CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
-                            null, resp);
+                                CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
+                                null, resp);
                         return;
                     }
                     if (scope.equals(ScopeDef.SC_PUBLISHER_IMPLS)) {
@@ -304,31 +302,31 @@ public class PublisherAdminServlet extends AdminServlet {
                         return;
                     }
                 } else {
-                    sendResponse(ERROR, 
-                        CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_TYPE", op),
-                        null, resp);
+                    sendResponse(ERROR,
+                            CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_TYPE", op),
+                            null, resp);
                     return;
                 }
             } else {
-                //System.out.println("SRVLT_INVALID_OP_SCOPE");
-                sendResponse(ERROR, 
-                    CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"),
-                    null, resp);
+                // System.out.println("SRVLT_INVALID_OP_SCOPE");
+                sendResponse(ERROR,
+                        CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"),
+                        null, resp);
                 return;
             }
         } catch (EBaseException e) {
             sendResponse(ERROR, e.toString(getLocale(req)), null, resp);
             return;
-        } 
-        //System.out.println("SRVLT_FAIL_PERFORM 2");
+        }
+        // System.out.println("SRVLT_FAIL_PERFORM 2");
         sendResponse(ERROR,
-            CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_PERFORM_FAILED"),
-            null, resp);
+                CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_PERFORM_FAILED"),
+                null, resp);
         return;
     }
 
     private IExtendedPluginInfo getExtendedPluginInfo(IPublisherProcessor
-        p) {
+            p) {
         Enumeration mappers = p.getMapperInsts().keys();
         Enumeration publishers = p.getPublisherInsts().keys();
 
@@ -337,11 +335,11 @@ public class PublisherAdminServlet extends AdminServlet {
         for (; mappers.hasMoreElements();) {
             String name = (String) mappers.nextElement();
 
-            if (map.length()== 0) {
-              map.append(name);
+            if (map.length() == 0) {
+                map.append(name);
             } else {
-              map.append(",");
-              map.append(name);
+                map.append(",");
+                map.append(name);
             }
         }
         StringBuffer publish = new StringBuffer();
@@ -374,17 +372,17 @@ public class PublisherAdminServlet extends AdminServlet {
 
             // Should get the registered rules from processor
             // instead of plugin
-            // OLD: impl = getClassByNameAsExtendedPluginInfo(plugin.getClassPath());
+            // OLD: impl =
+            // getClassByNameAsExtendedPluginInfo(plugin.getClassPath());
             impl = getExtendedPluginInfo(p_processor);
         } else if (implType.equals(Constants.PR_EXT_PLUGIN_IMPLTYPE_MAPPER)) {
             IPublisherProcessor p_processor = mProcessor;
             Plugin plugin = (Plugin) p_processor.getMapperPlugins().get(implName
-                );
+                    );
 
             impl = getClassByNameAsExtendedPluginInfo(plugin.getClassPath());
 
-        } else if (implType.equals(Constants.PR_EXT_PLUGIN_IMPLTYPE_PUBLISHER)
-        ) {
+        } else if (implType.equals(Constants.PR_EXT_PLUGIN_IMPLTYPE_PUBLISHER)) {
             IPublisherProcessor p_processor = mProcessor;
             Plugin plugin = (Plugin) p_processor.getPublisherPlugins().get(implName);
 
@@ -408,13 +406,13 @@ public class PublisherAdminServlet extends AdminServlet {
 
     }
 
-    /** 
-     * retrieve extended plugin info such as brief description, type info
-     * from policy, authentication, 
-     *   need to add: listener, mapper and publishing plugins
+    /**
+     * retrieve extended plugin info such as brief description, type info from
+     * policy, authentication, need to add: listener, mapper and publishing
+     * plugins
      */
     private void getExtendedPluginInfo(HttpServletRequest req,
-        HttpServletResponse resp) throws ServletException,
+            HttpServletResponse resp) throws ServletException,
             IOException, EBaseException {
         String id = req.getParameter(Constants.RS_ID);
 
@@ -423,14 +421,14 @@ public class PublisherAdminServlet extends AdminServlet {
         String implType = id.substring(0, colon);
         String implName = id.substring(colon + 1);
 
-        NameValuePairs params = 
-            getExtendedPluginInfo(getLocale(req), implType, implName);
+        NameValuePairs params =
+                getExtendedPluginInfo(getLocale(req), implType, implName);
 
         sendResponse(SUCCESS, null, params, resp);
     }
-	
+
     private void getLDAPDest(HttpServletRequest req,
-        HttpServletResponse resp) throws ServletException,
+            HttpServletResponse resp) throws ServletException,
             IOException, EBaseException {
         NameValuePairs params = new NameValuePairs();
         IConfigStore config = mAuth.getConfigStore();
@@ -482,34 +480,34 @@ public class PublisherAdminServlet extends AdminServlet {
                 params.add(name, value);
             }
         }
-        params.add(Constants.PR_PUBLISHING_ENABLE, 
-            publishcfg.getString(IPublisherProcessor.PROP_ENABLE, Constants.FALSE));
+        params.add(Constants.PR_PUBLISHING_ENABLE,
+                publishcfg.getString(IPublisherProcessor.PROP_ENABLE, Constants.FALSE));
         params.add(Constants.PR_PUBLISHING_QUEUE_ENABLE,
-            publishcfg.getString(Constants.PR_PUBLISHING_QUEUE_ENABLE, Constants.TRUE));
+                publishcfg.getString(Constants.PR_PUBLISHING_QUEUE_ENABLE, Constants.TRUE));
         params.add(Constants.PR_PUBLISHING_QUEUE_THREADS,
-            publishcfg.getString(Constants.PR_PUBLISHING_QUEUE_THREADS, "3"));
+                publishcfg.getString(Constants.PR_PUBLISHING_QUEUE_THREADS, "3"));
         params.add(Constants.PR_PUBLISHING_QUEUE_PAGE_SIZE,
-            publishcfg.getString(Constants.PR_PUBLISHING_QUEUE_PAGE_SIZE, "40"));
+                publishcfg.getString(Constants.PR_PUBLISHING_QUEUE_PAGE_SIZE, "40"));
         params.add(Constants.PR_PUBLISHING_QUEUE_PRIORITY,
-            publishcfg.getString(Constants.PR_PUBLISHING_QUEUE_PRIORITY, "0"));
+                publishcfg.getString(Constants.PR_PUBLISHING_QUEUE_PRIORITY, "0"));
         params.add(Constants.PR_PUBLISHING_QUEUE_STATUS,
-            publishcfg.getString(Constants.PR_PUBLISHING_QUEUE_STATUS, "200"));
-        params.add(Constants.PR_ENABLE, 
-            ldapcfg.getString(IPublisherProcessor.PROP_ENABLE, Constants.FALSE));
+                publishcfg.getString(Constants.PR_PUBLISHING_QUEUE_STATUS, "200"));
+        params.add(Constants.PR_ENABLE,
+                ldapcfg.getString(IPublisherProcessor.PROP_ENABLE, Constants.FALSE));
         sendResponse(SUCCESS, null, params, resp);
     }
 
     private void setLDAPDest(HttpServletRequest req, HttpServletResponse resp)
-        throws ServletException, IOException, EBaseException {
+            throws ServletException, IOException, EBaseException {
         NameValuePairs params = new NameValuePairs();
 
-        //Save New Settings to the config file
+        // Save New Settings to the config file
         IConfigStore config = mAuth.getConfigStore();
         IConfigStore publishcfg = config.getSubStore(IPublisherProcessor.PROP_PUBLISH_SUBSTORE);
         IConfigStore ldapcfg = publishcfg.getSubStore(IPublisherProcessor.PROP_LDAP_PUBLISH_SUBSTORE);
         IConfigStore ldap = ldapcfg.getSubStore(IPublisherProcessor.PROP_LDAP);
 
-        //set enable flag
+        // set enable flag
         publishcfg.putString(IPublisherProcessor.PROP_ENABLE, req.getParameter(Constants.PR_PUBLISHING_ENABLE));
         String enable = req.getParameter(Constants.PR_ENABLE);
 
@@ -518,8 +516,8 @@ public class PublisherAdminServlet extends AdminServlet {
             // need to disable the ldap module here
             mProcessor.setLdapConnModule(null);
         }
-			
-        //set reset of the parameters
+
+        // set reset of the parameters
         Enumeration e = req.getParameterNames();
         String pwd = null;
 
@@ -536,9 +534,9 @@ public class PublisherAdminServlet extends AdminServlet {
                 continue;
             if (name.equals(Constants.PR_PUBLISHING_ENABLE))
                 continue;
-                // don't store password in the config file.
-            if (name.equals(Constants.PR_BIND_PASSWD)) 
-                continue;		// old style password read from config.
+            // don't store password in the config file.
+            if (name.equals(Constants.PR_BIND_PASSWD))
+                continue; // old style password read from config.
             if (name.equals(Constants.PR_DIRECTORY_MANAGER_PWD)) {
                 pwd = req.getParameter(name);
                 continue;
@@ -567,40 +565,36 @@ public class PublisherAdminServlet extends AdminServlet {
             /* Don't enter the publishing pw into the config store */
             ldap.putString(name, req.getParameter(name));
         }
-			
+
         commit(true);
 
-        /* Do a "PUT" of the new pw to the watchdog" 
-         ** do not remove - cfu
-        if (pwd != null)
-            CMS.putPasswordCache(PW_TAG_CA_LDAP_PUBLISHING, pwd);
+        /*
+         * Do a "PUT" of the new pw to the watchdog"* do not remove - cfu if
+         * (pwd != null) CMS.putPasswordCache(PW_TAG_CA_LDAP_PUBLISHING, pwd);
          */
 
         // support publishing dirsrv with different pwd than internaldb
         // update passwordFile
         String prompt = ldap.getString(Constants.PR_BINDPWD_PROMPT);
         IPasswordStore pwdStore = CMS.getPasswordStore();
-        CMS.debug("PublisherAdminServlet: setLDAPDest(): saving password for "+            prompt + " to password file");
+        CMS.debug("PublisherAdminServlet: setLDAPDest(): saving password for " + prompt + " to password file");
         pwdStore.putPassword(prompt, pwd);
         pwdStore.commit();
         CMS.debug("PublisherAdminServlet: setLDAPDest(): password saved");
 
-/* we'll shut down and restart the PublisherProcessor instead
-        // what a hack to  do this without require restart server
-//        ILdapAuthInfo authInfo = CMS.getLdapAuthInfo();
-        ILdapConnModule connModule = mProcessor.getLdapConnModule();
-        ILdapAuthInfo authInfo = null;
-        if (connModule != null) {
-            authInfo = connModule.getLdapAuthInfo();
-        }
-
-//        authInfo.addPassword(PW_TAG_CA_LDAP_PUBLISHING, pwd);
-        if (authInfo != null) {
-            CMS.debug("PublisherAdminServlet: setLDAPDest(): adding password to memory cache");
-            authInfo.addPassword(prompt, pwd);
-        } else
-            CMS.debug("PublisherAdminServlet: setLDAPDest(): authInfo null");
-*/
+        /*
+         * we'll shut down and restart the PublisherProcessor instead // what a
+         * hack to do this without require restart server // ILdapAuthInfo
+         * authInfo = CMS.getLdapAuthInfo(); ILdapConnModule connModule =
+         * mProcessor.getLdapConnModule(); ILdapAuthInfo authInfo = null; if
+         * (connModule != null) { authInfo = connModule.getLdapAuthInfo(); }
+         * 
+         * // authInfo.addPassword(PW_TAG_CA_LDAP_PUBLISHING, pwd); if (authInfo
+         * != null) { CMS.debug(
+         * "PublisherAdminServlet: setLDAPDest(): adding password to memory cache"
+         * ); authInfo.addPassword(prompt, pwd); } else
+         * CMS.debug("PublisherAdminServlet: setLDAPDest(): authInfo null");
+         */
 
         try {
             CMS.debug("PublisherAdminServlet: setLDAPDest(): restarting publishing processor");
@@ -613,24 +607,24 @@ public class PublisherAdminServlet extends AdminServlet {
             log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_FAIL_RES_LDAP", ex.toString()));
         }
 
-        //XXX See if we can dynamically in B2
+        // XXX See if we can dynamically in B2
         sendResponse(SUCCESS, null, null, resp);
     }
 
     private void testSetLDAPDest(HttpServletRequest req, HttpServletResponse resp)
-        throws ServletException, IOException, EBaseException {
+            throws ServletException, IOException, EBaseException {
         NameValuePairs params = new NameValuePairs();
 
         CMS.debug("PublisherAdmineServlet: in testSetLDAPDest");
-        //Save New Settings to the config file
+        // Save New Settings to the config file
         IConfigStore config = mAuth.getConfigStore();
         IConfigStore publishcfg = config.getSubStore(IPublisherProcessor.PROP_PUBLISH_SUBSTORE);
         IConfigStore ldapcfg = publishcfg.getSubStore(IPublisherProcessor.PROP_LDAP_PUBLISH_SUBSTORE);
         IConfigStore ldap = ldapcfg.getSubStore(IPublisherProcessor.PROP_LDAP);
 
-        //set enable flag
-        publishcfg.putString(IPublisherProcessor.PROP_ENABLE, 
-            req.getParameter(Constants.PR_PUBLISHING_ENABLE));
+        // set enable flag
+        publishcfg.putString(IPublisherProcessor.PROP_ENABLE,
+                req.getParameter(Constants.PR_PUBLISHING_ENABLE));
         String ldapPublish = req.getParameter(Constants.PR_ENABLE);
 
         ldapcfg.putString(IPublisherProcessor.PROP_ENABLE, ldapPublish);
@@ -639,7 +633,7 @@ public class PublisherAdminServlet extends AdminServlet {
             mProcessor.setLdapConnModule(null);
         }
 
-        //set reset of the parameters
+        // set reset of the parameters
         Enumeration e = req.getParameterNames();
         String pwd = null;
 
@@ -656,9 +650,9 @@ public class PublisherAdminServlet extends AdminServlet {
                 continue;
             if (name.equals(Constants.PR_PUBLISHING_ENABLE))
                 continue;
-                // don't store password in the config file.
-            if (name.equals(Constants.PR_BIND_PASSWD)) 
-                continue;		// old style password read from config.
+            // don't store password in the config file.
+            if (name.equals(Constants.PR_BIND_PASSWD))
+                continue; // old style password read from config.
             if (name.equals(Constants.PR_DIRECTORY_MANAGER_PWD)) {
                 pwd = req.getParameter(name);
                 continue;
@@ -687,25 +681,25 @@ public class PublisherAdminServlet extends AdminServlet {
             /* Don't enter the publishing pw into the config store */
             ldap.putString(name, req.getParameter(name));
         }
-	
+
         // test before commit
         if (publishcfg.getBoolean(IPublisherProcessor.PROP_ENABLE) &&
-            ldapcfg.getBoolean(IPublisherProcessor.PROP_ENABLE)) {
-            params.add("title", 
-                "You've attempted to configure CMS to connect" +
-                " to a LDAP directory. The connection status is" +
-                " as follows:\n \n");
+                ldapcfg.getBoolean(IPublisherProcessor.PROP_ENABLE)) {
+            params.add("title",
+                    "You've attempted to configure CMS to connect" +
+                            " to a LDAP directory. The connection status is" +
+                            " as follows:\n \n");
             LDAPConnection conn = null;
             ILdapConnInfo connInfo =
-                CMS.getLdapConnInfo(ldap.getSubStore(
-                        ILdapBoundConnFactory.PROP_LDAPCONNINFO));
-            //LdapAuthInfo authInfo =
-            //new LdapAuthInfo(ldap.getSubStore(
-            //			   ILdapBoundConnFactory.PROP_LDAPAUTHINFO));
-            String host = connInfo.getHost(); 
+                    CMS.getLdapConnInfo(ldap.getSubStore(
+                            ILdapBoundConnFactory.PROP_LDAPCONNINFO));
+            // LdapAuthInfo authInfo =
+            // new LdapAuthInfo(ldap.getSubStore(
+            // ILdapBoundConnFactory.PROP_LDAPAUTHINFO));
+            String host = connInfo.getHost();
             int port = connInfo.getPort();
             boolean secure = connInfo.getSecure();
-            //int authType = authInfo.getAuthType();
+            // int authType = authInfo.getAuthType();
             String authType = ldap.getSubStore(
                     ILdapBoundConnFactory.PROP_LDAPAUTHINFO).getString(ILdapAuthInfo.PROP_LDAPAUTHTYPE);
             int version = connInfo.getVersion();
@@ -714,57 +708,57 @@ public class PublisherAdminServlet extends AdminServlet {
 
             if (authType.equals(ILdapAuthInfo.LDAP_SSLCLIENTAUTH_STR)) {
                 try {
-                    //certNickName = authInfo.getParms()[0];
+                    // certNickName = authInfo.getParms()[0];
                     certNickName = ldap.getSubStore(
                                 ILdapBoundConnFactory.PROP_LDAPAUTHINFO).getString(ILdapAuthInfo.PROP_CLIENTCERTNICKNAME);
                     conn = new LDAPConnection(CMS.getLdapJssSSLSocketFactory(
                                     certNickName));
                     CMS.debug("Publishing Test certNickName=" + certNickName);
-                    params.add(Constants.PR_CONN_INITED, 
-                        "Create ssl LDAPConnection with certificate: " + 
-                        certNickName + dashes(70 - 44 - certNickName.length()) + " Success");
+                    params.add(Constants.PR_CONN_INITED,
+                            "Create ssl LDAPConnection with certificate: " +
+                                    certNickName + dashes(70 - 44 - certNickName.length()) + " Success");
                 } catch (Exception ex) {
-                    params.add(Constants.PR_CONN_INIT_FAIL, 
-                        "Create ssl LDAPConnection with certificate: " + 
-                        certNickName + dashes(70 - 44 - certNickName.length()) + " failure\n" + " exception: " + ex);
-                    params.add(Constants.PR_SAVE_NOT, 
-                        "\n \nIf the problem is not fixed then LDAP publishing will fail.\n" + 
-                        "Do you want to save the configuration anyway?");
+                    params.add(Constants.PR_CONN_INIT_FAIL,
+                            "Create ssl LDAPConnection with certificate: " +
+                                    certNickName + dashes(70 - 44 - certNickName.length()) + " failure\n" + " exception: " + ex);
+                    params.add(Constants.PR_SAVE_NOT,
+                            "\n \nIf the problem is not fixed then LDAP publishing will fail.\n" +
+                                    "Do you want to save the configuration anyway?");
                     sendResponse(SUCCESS, null, params, resp);
                     return;
                 }
                 try {
                     conn.connect(host, port);
-                    params.add(Constants.PR_CONN_OK, 
-                        "Connect to directory server " + 
-                        host + " at port " + port +
-                        dashes(70 - 37 - host.length() - (Integer.valueOf(port)).toString().length()) + " Success");
-                    params.add(Constants.PR_AUTH_OK, 
-                        "Authentication: SSL client authentication" +
-                        dashes(70 - 41) + " Success" +
-                        "\nBind to the directory as: " + certNickName +
-                        dashes(70 - 26 - certNickName.length()) + " Success");
+                    params.add(Constants.PR_CONN_OK,
+                            "Connect to directory server " +
+                                    host + " at port " + port +
+                                    dashes(70 - 37 - host.length() - (Integer.valueOf(port)).toString().length()) + " Success");
+                    params.add(Constants.PR_AUTH_OK,
+                            "Authentication: SSL client authentication" +
+                                    dashes(70 - 41) + " Success" +
+                                    "\nBind to the directory as: " + certNickName +
+                                    dashes(70 - 26 - certNickName.length()) + " Success");
                 } catch (LDAPException ex) {
                     if (ex.getLDAPResultCode() == LDAPException.UNAVAILABLE) {
                         // need to intercept this because message from LDAP is
                         // "DSA is unavailable" which confuses with DSA PKI.
-                        params.add(Constants.PR_CONN_FAIL, 
-                            "Connect to directory server " + 
-                            host + " at port " + port +
-                            dashes(70 - 37 - host.length() - (Integer.valueOf(port)).toString().length()) + 
-                            " Failure\n" + 
-                            " error: server unavailable");
+                        params.add(Constants.PR_CONN_FAIL,
+                                "Connect to directory server " +
+                                        host + " at port " + port +
+                                        dashes(70 - 37 - host.length() - (Integer.valueOf(port)).toString().length()) +
+                                        " Failure\n" +
+                                        " error: server unavailable");
                     } else {
-                        params.add(Constants.PR_CONN_FAIL, 
-                            "Connect to directory server " + 
-                            host + " at port " + port +
-                            dashes(70 - 37 - host.length() - (Integer.valueOf(port)).toString().length()) + 
-                            " Failure");
+                        params.add(Constants.PR_CONN_FAIL,
+                                "Connect to directory server " +
+                                        host + " at port " + port +
+                                        dashes(70 - 37 - host.length() - (Integer.valueOf(port)).toString().length()) +
+                                        " Failure");
                     }
-                    params.add(Constants.PR_SAVE_NOT, 
-                        "\n \nIf the problem is not fixed then " +
-                        "LDAP publishing will fail.\n" + 
-                        "Do you want to save the configuration anyway?");
+                    params.add(Constants.PR_SAVE_NOT,
+                            "\n \nIf the problem is not fixed then " +
+                                    "LDAP publishing will fail.\n" +
+                                    "Do you want to save the configuration anyway?");
                     sendResponse(SUCCESS, null, params, resp);
                     return;
                 }
@@ -773,99 +767,97 @@ public class PublisherAdminServlet extends AdminServlet {
                     if (secure) {
                         conn = new LDAPConnection(
                                     CMS.getLdapJssSSLSocketFactory());
-                        params.add(Constants.PR_CONN_INITED, 
-                            "Create ssl LDAPConnection" +
-                            dashes(70 - 25) + " Success");
+                        params.add(Constants.PR_CONN_INITED,
+                                "Create ssl LDAPConnection" +
+                                        dashes(70 - 25) + " Success");
                     } else {
                         conn = new LDAPConnection();
-                        params.add(Constants.PR_CONN_INITED, 
-                            "Create LDAPConnection" +
-                            dashes(70 - 21) + " Success");
+                        params.add(Constants.PR_CONN_INITED,
+                                "Create LDAPConnection" +
+                                        dashes(70 - 21) + " Success");
                     }
                 } catch (Exception ex) {
-                    params.add(Constants.PR_CONN_INIT_FAIL, 
-                        "Create LDAPConnection" +
-                        dashes(70 - 21) + " Failure\n" +
-                        "exception: " + ex);
-                    params.add(Constants.PR_SAVE_NOT, 
-                        "\n \nIf the problem is not fixed then " +
-                        "LDAP publishing will fail.\n" + 
-                        "Do you want to save the configuration anyway?");
+                    params.add(Constants.PR_CONN_INIT_FAIL,
+                            "Create LDAPConnection" +
+                                    dashes(70 - 21) + " Failure\n" +
+                                    "exception: " + ex);
+                    params.add(Constants.PR_SAVE_NOT,
+                            "\n \nIf the problem is not fixed then " +
+                                    "LDAP publishing will fail.\n" +
+                                    "Do you want to save the configuration anyway?");
                     sendResponse(SUCCESS, null, params, resp);
                     return;
                 }
                 try {
                     conn.connect(host, port);
-                    params.add(Constants.PR_CONN_OK, 
-                        "Connect to directory server " + 
-                        host + " at port " + port +
-                        dashes(70 - 37 - host.length() - (Integer.valueOf(port)).toString().length()) + " Success");
+                    params.add(Constants.PR_CONN_OK,
+                            "Connect to directory server " +
+                                    host + " at port " + port +
+                                    dashes(70 - 37 - host.length() - (Integer.valueOf(port)).toString().length()) + " Success");
                 } catch (LDAPException ex) {
                     if (ex.getLDAPResultCode() == LDAPException.UNAVAILABLE) {
                         // need to intercept this because message from LDAP is
                         // "DSA is unavailable" which confuses with DSA PKI.
-                        params.add(Constants.PR_CONN_FAIL, 
-                            "Connect to directory server " + 
-                            host + " at port " + port + 
-                            dashes(70 - 37 - host.length() - (Integer.valueOf(port)).toString().length()) + " Failure" +
-                            "\nerror: server unavailable");
+                        params.add(Constants.PR_CONN_FAIL,
+                                "Connect to directory server " +
+                                        host + " at port " + port +
+                                        dashes(70 - 37 - host.length() - (Integer.valueOf(port)).toString().length()) + " Failure" +
+                                        "\nerror: server unavailable");
                     } else {
-                        params.add(Constants.PR_CONN_FAIL, 
-                            "Connect to directory server " +  
-                            host + " at port " + port + 
-                            dashes(70 - 37 - host.length() - (Integer.valueOf(port)).toString().length()) + " Failure" +
-                            "\nexception: " + ex);
+                        params.add(Constants.PR_CONN_FAIL,
+                                "Connect to directory server " +
+                                        host + " at port " + port +
+                                        dashes(70 - 37 - host.length() - (Integer.valueOf(port)).toString().length()) + " Failure" +
+                                        "\nexception: " + ex);
                     }
-                    params.add(Constants.PR_SAVE_NOT, 
-                        "\n \nIf the problem is not fixed then " +
-                        "LDAP publishing will fail.\n" + 
-                        "Do you want to save the configuration anyway?");
+                    params.add(Constants.PR_SAVE_NOT,
+                            "\n \nIf the problem is not fixed then " +
+                                    "LDAP publishing will fail.\n" +
+                                    "Do you want to save the configuration anyway?");
                     sendResponse(SUCCESS, null, params, resp);
                     return;
                 }
                 try {
-                    //bindAs = authInfo.getParms()[0];
+                    // bindAs = authInfo.getParms()[0];
                     bindAs = ldap.getSubStore(
                                 ILdapBoundConnFactory.PROP_LDAPAUTHINFO).getString(ILdapAuthInfo.PROP_BINDDN);
                     conn.authenticate(version, bindAs, pwd);
-                    params.add(Constants.PR_AUTH_OK, 
-                        "Authentication: Basic authentication" + 
-                        dashes(70 - 36) + " Success" +
-                        "\nBind to the directory as: " + bindAs + 
-                        dashes(70 - 26 - bindAs.length()) + " Success");
+                    params.add(Constants.PR_AUTH_OK,
+                            "Authentication: Basic authentication" +
+                                    dashes(70 - 36) + " Success" +
+                                    "\nBind to the directory as: " + bindAs +
+                                    dashes(70 - 26 - bindAs.length()) + " Success");
                 } catch (LDAPException ex) {
-                    if (ex.getLDAPResultCode() == 
-                        LDAPException.NO_SUCH_OBJECT) {
-                        params.add(Constants.PR_AUTH_FAIL, 
-                            "Authentication: Basic authentication" + 
-                            dashes(70 - 36) + "Failure" +
-                            "\nBind to the directory as: " + bindAs +
-                            dashes(70 - 26 - bindAs.length()) + 
-                            "Failure" + "\nThe object doesn't exist. " +
-                            "Please correct the value assigned in the" +
-                            " \"Directory manager DN\" field.");
-                    } else if (ex.getLDAPResultCode() == 
-                        LDAPException.INVALID_CREDENTIALS) {
-                        params.add(Constants.PR_AUTH_FAIL, 
-                            "Authentication: Basic authentication" + 
-                            dashes(70 - 36) + " Failure" +
-                            "\nBind to the directory as: " + bindAs +
-                            dashes(70 - 26 - bindAs.length()) + 
-                            " Failure" + "\nInvalid password. " +
-                            "Please correct the value assigned in the" +
-                            " \"Password\" field.");
+                    if (ex.getLDAPResultCode() == LDAPException.NO_SUCH_OBJECT) {
+                        params.add(Constants.PR_AUTH_FAIL,
+                                "Authentication: Basic authentication" +
+                                        dashes(70 - 36) + "Failure" +
+                                        "\nBind to the directory as: " + bindAs +
+                                        dashes(70 - 26 - bindAs.length()) +
+                                        "Failure" + "\nThe object doesn't exist. " +
+                                        "Please correct the value assigned in the" +
+                                        " \"Directory manager DN\" field.");
+                    } else if (ex.getLDAPResultCode() == LDAPException.INVALID_CREDENTIALS) {
+                        params.add(Constants.PR_AUTH_FAIL,
+                                "Authentication: Basic authentication" +
+                                        dashes(70 - 36) + " Failure" +
+                                        "\nBind to the directory as: " + bindAs +
+                                        dashes(70 - 26 - bindAs.length()) +
+                                        " Failure" + "\nInvalid password. " +
+                                        "Please correct the value assigned in the" +
+                                        " \"Password\" field.");
                     } else {
-                        params.add(Constants.PR_AUTH_FAIL, 
-                            "Authentication: Basic authentication" + 
-                            dashes(70 - 36) + " Failure" +
-                            "\nBind to the directory as: " + bindAs +
-                            dashes(70 - 26 - bindAs.length()) + 
-                            " Failure");
+                        params.add(Constants.PR_AUTH_FAIL,
+                                "Authentication: Basic authentication" +
+                                        dashes(70 - 36) + " Failure" +
+                                        "\nBind to the directory as: " + bindAs +
+                                        dashes(70 - 26 - bindAs.length()) +
+                                        " Failure");
                     }
-                    params.add(Constants.PR_SAVE_NOT, 
-                        "\n \nIf the problem is not fixed then " +
-                        "LDAP publishing will fail.\n" + 
-                        "Do you want to save the configuration anyway?");
+                    params.add(Constants.PR_SAVE_NOT,
+                            "\n \nIf the problem is not fixed then " +
+                                    "LDAP publishing will fail.\n" +
+                                    "Do you want to save the configuration anyway?");
                     sendResponse(SUCCESS, null, params, resp);
                     return;
                 }
@@ -873,55 +865,55 @@ public class PublisherAdminServlet extends AdminServlet {
 
         }
 
-        //commit(true);
+        // commit(true);
         if (ldapcfg.getBoolean(IPublisherProcessor.PROP_ENABLE) &&
-            pwd != null) {
+                pwd != null) {
 
-            /* Do a "PUT" of the new pw to the watchdog"
-             ** do not remove - cfu
-            CMS.putPasswordCache(PW_TAG_CA_LDAP_PUBLISHING, pwd);
+            /*
+             * Do a "PUT" of the new pw to the watchdog"* do not remove - cfu
+             * CMS.putPasswordCache(PW_TAG_CA_LDAP_PUBLISHING, pwd);
              */
 
             // support publishing dirsrv with different pwd than internaldb
             // update passwordFile
             String prompt = ldap.getString(Constants.PR_BINDPWD_PROMPT);
             IPasswordStore pwdStore = CMS.getPasswordStore();
-            CMS.debug("PublisherAdminServlet: testSetLDAPDest(): saving password for "+
-                prompt + " to password file");
+            CMS.debug("PublisherAdminServlet: testSetLDAPDest(): saving password for " +
+                    prompt + " to password file");
             pwdStore.putPassword(prompt, pwd);
             pwdStore.commit();
             CMS.debug("PublisherAdminServlet: testSetLDAPDest(): password saved");
-/* we'll shut down and restart the PublisherProcessor instead
-             // what a hack to  do this without require restart server
-//        ILdapAuthInfo authInfo = CMS.getLdapAuthInfo();
-            ILdapConnModule connModule = mProcessor.getLdapConnModule();
-            ILdapAuthInfo authInfo = null;
-            if (connModule != null) {
-                authInfo = connModule.getLdapAuthInfo();
-            } else
-                CMS.debug("PublisherAdminServlet: testSetLDAPDest(): connModule null");
-
-//        authInfo.addPassword(PW_TAG_CA_LDAP_PUBLISHING, pwd);
-            if (authInfo != null) {
-                CMS.debug("PublisherAdminServlet: testSetLDAPDest(): adding password to memory cache");
-                authInfo.addPassword(prompt, pwd);
-            } else
-                CMS.debug("PublisherAdminServlet: testSetLDAPDest(): authInfo null");
-*/
+            /*
+             * we'll shut down and restart the PublisherProcessor instead //
+             * what a hack to do this without require restart server //
+             * ILdapAuthInfo authInfo = CMS.getLdapAuthInfo(); ILdapConnModule
+             * connModule = mProcessor.getLdapConnModule(); ILdapAuthInfo
+             * authInfo = null; if (connModule != null) { authInfo =
+             * connModule.getLdapAuthInfo(); } else
+             * CMS.debug("PublisherAdminServlet: testSetLDAPDest(): connModule null"
+             * );
+             * 
+             * // authInfo.addPassword(PW_TAG_CA_LDAP_PUBLISHING, pwd); if
+             * (authInfo != null) { CMS.debug(
+             * "PublisherAdminServlet: testSetLDAPDest(): adding password to memory cache"
+             * ); authInfo.addPassword(prompt, pwd); } else
+             * CMS.debug("PublisherAdminServlet: testSetLDAPDest(): authInfo null"
+             * );
+             */
         }
-        //params.add(Constants.PR_SAVE_OK, 
-        //		   "\n \nConfiguration changes are now committed.");
+        // params.add(Constants.PR_SAVE_OK,
+        // "\n \nConfiguration changes are now committed.");
 
         mProcessor.shutdown();
 
         if (publishcfg.getBoolean(IPublisherProcessor.PROP_ENABLE)) {
             mProcessor.startup();
-            //params.add("restarted", "Publishing is restarted.");
+            // params.add("restarted", "Publishing is restarted.");
 
             if (ldapcfg.getBoolean(IPublisherProcessor.PROP_ENABLE)) {
                 ICertAuthority authority = (ICertAuthority) mProcessor.getAuthority();
 
-                if (!(authority instanceof ICertificateAuthority)) 
+                if (!(authority instanceof ICertificateAuthority))
                     return;
                 ICertificateAuthority ca = (ICertificateAuthority) authority;
 
@@ -929,26 +921,26 @@ public class PublisherAdminServlet extends AdminServlet {
                 try {
                     mProcessor.publishCACert(ca.getCACert());
                     CMS.debug("PublisherAdminServlet: " + CMS.getLogMessage("ADMIN_SRVLT_PUB_CA_CERT"));
-                    params.add("publishCA", 
-                        "CA certificate is published.");
+                    params.add("publishCA",
+                            "CA certificate is published.");
                 } catch (Exception ex) {
                     // exception not thrown - not seen as a fatal error.
-                    log(ILogger.LL_FAILURE, 
-                        CMS.getLogMessage("ADMIN_SRVLT_NO_PUB_CA_CERT", ex.toString()));
-                    params.add("publishCA", 
-                        "Failed to publish CA certificate.");
+                    log(ILogger.LL_FAILURE,
+                            CMS.getLogMessage("ADMIN_SRVLT_NO_PUB_CA_CERT", ex.toString()));
+                    params.add("publishCA",
+                            "Failed to publish CA certificate.");
                     int index = ex.toString().indexOf("Failed to create CA");
 
                     if (index > -1) {
                         params.add("createError",
-                            ex.toString().substring(index));
+                                ex.toString().substring(index));
                     }
                     mProcessor.shutdown();
                     // Do you want to enable LDAP publishing anyway
-                    params.add(Constants.PR_SAVE_NOT, 
-                        "\n \nIf the problem is not fixed then " +
-                        "the CA certificate won't be published.\n" + 
-                        "Do you want to enable LDAP publishing anyway?");
+                    params.add(Constants.PR_SAVE_NOT,
+                            "\n \nIf the problem is not fixed then " +
+                                    "the CA certificate won't be published.\n" +
+                                    "Do you want to enable LDAP publishing anyway?");
                     sendResponse(SUCCESS, null, params, resp);
                     return;
 
@@ -958,65 +950,65 @@ public class PublisherAdminServlet extends AdminServlet {
                     CMS.debug("PublisherAdminServlet: about to update CRL");
                     ca.publishCRLNow();
                     CMS.debug(CMS.getLogMessage("ADMIN_SRVLT_PUB_CRL"));
-                    params.add("publishCRL", 
-                        "CRL is published.");
+                    params.add("publishCRL",
+                            "CRL is published.");
                 } catch (Exception ex) {
                     // exception not thrown - not seen as a fatal error.
-                    log(ILogger.LL_FAILURE, 
-                        "Could not publish crl " + ex.toString());
-                    params.add("publishCRL", 
-                        "Failed to publish CRL.");
+                    log(ILogger.LL_FAILURE,
+                            "Could not publish crl " + ex.toString());
+                    params.add("publishCRL",
+                            "Failed to publish CRL.");
                     mProcessor.shutdown();
                     // Do you want to enable LDAP publishing anyway
-                    params.add(Constants.PR_SAVE_NOT, 
-                        "\n \nIf the problem is not fixed then " +
-                        "the CRL won't be published.\n" + 
-                        "Do you want to enable LDAP publishing anyway?");
+                    params.add(Constants.PR_SAVE_NOT,
+                            "\n \nIf the problem is not fixed then " +
+                                    "the CRL won't be published.\n" +
+                                    "Do you want to enable LDAP publishing anyway?");
                     sendResponse(SUCCESS, null, params, resp);
                     return;
                 }
             }
             commit(true);
-            params.add(Constants.PR_SAVE_OK, 
-                "\n \nConfiguration changes are now committed.");
+            params.add(Constants.PR_SAVE_OK,
+                    "\n \nConfiguration changes are now committed.");
             params.add("restarted", "Publishing is restarted.");
         } else {
             commit(true);
-            params.add(Constants.PR_SAVE_OK, 
-                "\n \nConfiguration changes are now committed.");
-            params.add("stopped", 
-                "Publishing is stopped.");
+            params.add(Constants.PR_SAVE_OK,
+                    "\n \nConfiguration changes are now committed.");
+            params.add("stopped",
+                    "Publishing is stopped.");
         }
 
-        //XXX See if we can dynamically in B2
+        // XXX See if we can dynamically in B2
         sendResponse(SUCCESS, null, params, resp);
     }
 
-    private synchronized void addMapperPlugin(HttpServletRequest req, 
-        HttpServletResponse resp, String scope)
-        throws ServletException, IOException, EBaseException {
+    private synchronized void addMapperPlugin(HttpServletRequest req,
+            HttpServletResponse resp, String scope)
+            throws ServletException, IOException, EBaseException {
         String id = req.getParameter(Constants.RS_ID);
 
         if (id == null) {
-            //System.out.println("SRVLT_NULL_RS_ID");
+            // System.out.println("SRVLT_NULL_RS_ID");
             sendResponse(ERROR,
-                CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
-                null, resp);
+                    CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
+                    null, resp);
             return;
         }
 
         // is the manager id unique?
         if (mProcessor.getMapperPlugins().containsKey((Object) id)) {
             sendResponse(ERROR,
-                new ELdapException(CMS.getUserMessage(getLocale(req),"CMS_LDAP_SRVLT_ILL_PLUGIN_ID", id)).toString(),
-                null, resp);
+                    new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_SRVLT_ILL_PLUGIN_ID", id)).toString(),
+                    null, resp);
             return;
         }
 
         String classPath = req.getParameter(Constants.PR_MAPPER_CLASS);
 
         if (classPath == null) {
-            sendResponse(ERROR, CMS.getUserMessage(getLocale(req),"CMS_LDAP_SRVLT_NULL_CLASS"), null, resp);
+            sendResponse(ERROR, CMS.getUserMessage(getLocale(req), "CMS_LDAP_SRVLT_NULL_CLASS"), null, resp);
             return;
         }
 
@@ -1057,10 +1049,10 @@ public class PublisherAdminServlet extends AdminServlet {
         try {
             mConfig.commit(true);
         } catch (EBaseException e) {
-            //System.out.println("SRVLT_FAIL_COMMIT");
+            // System.out.println("SRVLT_FAIL_COMMIT");
             sendResponse(ERROR,
-                CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"),
-                null, resp);
+                    CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"),
+                    null, resp);
             return;
         }
 
@@ -1068,8 +1060,8 @@ public class PublisherAdminServlet extends AdminServlet {
         MapperPlugin plugin = new MapperPlugin(id, classPath);
 
         mProcessor.getMapperPlugins().put(id, plugin);
-        mProcessor.log(ILogger.LL_INFO, 
-            CMS.getLogMessage("ADMIN_SRVLT_MAPPER_ADDED", ""));
+        mProcessor.log(ILogger.LL_INFO,
+                CMS.getLogMessage("ADMIN_SRVLT_MAPPER_ADDED", ""));
 
         NameValuePairs params = new NameValuePairs();
 
@@ -1087,27 +1079,27 @@ public class PublisherAdminServlet extends AdminServlet {
         return true;
     }
 
-    private synchronized void addMapperInst(HttpServletRequest req, 
-        HttpServletResponse resp, String scope)
-        throws ServletException, IOException, EBaseException {
+    private synchronized void addMapperInst(HttpServletRequest req,
+            HttpServletResponse resp, String scope)
+            throws ServletException, IOException, EBaseException {
         String id = req.getParameter(Constants.RS_ID);
 
         if (id == null) {
             sendResponse(ERROR,
-                CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
-                null, resp);
+                    CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
+                    null, resp);
             return;
         }
 
         if (!isValidID(id)) {
-            sendResponse(ERROR, "Invalid ID '" + id + "'", 
-                null, resp);
+            sendResponse(ERROR, "Invalid ID '" + id + "'",
+                    null, resp);
             return;
         }
 
         if (mProcessor.getMapperInsts().containsKey((Object) id)) {
             sendResponse(ERROR, CMS.getUserMessage(getLocale(req), "CMS_LDAP_SRVLT_ILL_INST_ID", id),
-                null, resp);
+                    null, resp);
             return;
         }
 
@@ -1122,13 +1114,13 @@ public class PublisherAdminServlet extends AdminServlet {
 
         // check if implementation exists.
         MapperPlugin plugin =
-            (MapperPlugin) mProcessor.getMapperPlugins().get(
-                implname);
+                (MapperPlugin) mProcessor.getMapperPlugins().get(
+                        implname);
 
         if (plugin == null) {
             sendResponse(ERROR,
-                new EMapperPluginNotFound(CMS.getUserMessage(getLocale(req), "CMS_LDAP_MAPPER_PLUGIN_NOT_FOUND", implname)).toString(),
-                null, resp);
+                    new EMapperPluginNotFound(CMS.getUserMessage(getLocale(req), "CMS_LDAP_MAPPER_PLUGIN_NOT_FOUND", implname)).toString(),
+                    null, resp);
             return;
         }
 
@@ -1145,11 +1137,11 @@ public class PublisherAdminServlet extends AdminServlet {
                 String val = req.getParameter(kv.substring(0, index));
 
                 if (val == null) {
-                    substore.put(kv.substring(0, index), 
-                        kv.substring(index + 1));
+                    substore.put(kv.substring(0, index),
+                            kv.substring(index + 1));
                 } else {
-                    substore.put(kv.substring(0, index), 
-                        val);
+                    substore.put(kv.substring(0, index),
+                            val);
                 }
             }
         }
@@ -1165,20 +1157,20 @@ public class PublisherAdminServlet extends AdminServlet {
             // cleanup
             instancesConfig.removeSubStore(id);
             sendResponse(ERROR,
-                new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_FAIL_LOAD_CLASS", className)).toString(),
-                null, resp);
+                    new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_FAIL_LOAD_CLASS", className)).toString(),
+                    null, resp);
             return;
         } catch (InstantiationException e) {
             instancesConfig.removeSubStore(id);
             sendResponse(ERROR,
-                new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_FAIL_LOAD_CLASS", className)).toString(),
-                null, resp);
+                    new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_FAIL_LOAD_CLASS", className)).toString(),
+                    null, resp);
             return;
         } catch (IllegalAccessException e) {
             instancesConfig.removeSubStore(id);
             sendResponse(ERROR,
-                new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_FAIL_LOAD_CLASS", className)).toString(),
-                null, resp);
+                    new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_FAIL_LOAD_CLASS", className)).toString(),
+                    null, resp);
             return;
         }
 
@@ -1203,46 +1195,46 @@ public class PublisherAdminServlet extends AdminServlet {
             // clean up.
             instancesConfig.removeSubStore(id);
             sendResponse(ERROR,
-                CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"),
-                null, resp);
+                    CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"),
+                    null, resp);
             return;
         }
 
         // inited and commited ok. now add mapper instance to list.
         mProcessor.getMapperInsts().put(id, new MapperProxy(true, mapperInst));
 
-        mProcessor.log(ILogger.LL_INFO, 
-            CMS.getLogMessage("ADMIN_SRVLT_MAPPER_INST_ADDED", id));
+        mProcessor.log(ILogger.LL_INFO,
+                CMS.getLogMessage("ADMIN_SRVLT_MAPPER_INST_ADDED", id));
 
         NameValuePairs params = new NameValuePairs();
 
         params.add(Constants.PR_MAPPER_IMPL_NAME, implname);
         sendResponse(SUCCESS, null, params, resp);
         return;
-    }	
+    }
 
-    private synchronized void listMapperPlugins(HttpServletRequest req, 
-        HttpServletResponse resp) throws ServletException, 
+    private synchronized void listMapperPlugins(HttpServletRequest req,
+            HttpServletResponse resp) throws ServletException,
             IOException, EBaseException {
         NameValuePairs params = new NameValuePairs();
         Enumeration e = mProcessor.getMapperPlugins().keys();
 
         while (e.hasMoreElements()) {
             String name = (String) e.nextElement();
-            MapperPlugin value = (MapperPlugin) 
-                mProcessor.getMapperPlugins().get(name);
+            MapperPlugin value = (MapperPlugin)
+                    mProcessor.getMapperPlugins().get(name);
             // get Description
-            String c = value.getClassPath();	
+            String c = value.getClassPath();
             String desc = "unknown";
 
             try {
                 ILdapMapper lp = (ILdapMapper)
-                    Class.forName(c).newInstance();
+                        Class.forName(c).newInstance();
 
                 desc = lp.getDescription();
             } catch (Exception exp) {
-                sendResponse(ERROR, exp.toString(), null, 
-                    resp);
+                sendResponse(ERROR, exp.toString(), null,
+                        resp);
                 return;
             }
             params.add(name, value.getClassPath() + "," + desc);
@@ -1261,8 +1253,8 @@ public class PublisherAdminServlet extends AdminServlet {
         }
     }
 
-    private synchronized void listMapperInsts(HttpServletRequest req, 
-        HttpServletResponse resp) throws ServletException, 
+    private synchronized void listMapperInsts(HttpServletRequest req,
+            HttpServletResponse resp) throws ServletException,
             IOException, EBaseException {
 
         NameValuePairs params = new NameValuePairs();
@@ -1278,40 +1270,40 @@ public class PublisherAdminServlet extends AdminServlet {
         return;
     }
 
-    private synchronized void delMapperInst(HttpServletRequest req, 
-        HttpServletResponse resp, String scope) 
-        throws ServletException, IOException, EBaseException {
+    private synchronized void delMapperInst(HttpServletRequest req,
+            HttpServletResponse resp, String scope)
+            throws ServletException, IOException, EBaseException {
         NameValuePairs params = new NameValuePairs();
         String id = req.getParameter(Constants.RS_ID);
 
         if (id == null) {
-            //System.out.println("SRVLT_NULL_RS_ID");
+            // System.out.println("SRVLT_NULL_RS_ID");
             sendResponse(ERROR,
-                CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
-                null, resp);
+                    CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
+                    null, resp);
             return;
         }
 
         // does a`mapper instance exist?
         if (mProcessor.getMapperInsts().containsKey(id) == false) {
             sendResponse(ERROR,
-                new EMapperNotFound(CMS.getUserMessage(getLocale(req), "CMS_LDAP_MAPPER_NOT_FOUND", id)).toString(),
-                null, resp);
+                    new EMapperNotFound(CMS.getUserMessage(getLocale(req), "CMS_LDAP_MAPPER_NOT_FOUND", id)).toString(),
+                    null, resp);
             return;
         }
 
         // only remove from memory
         // cannot shutdown because we don't keep track of whether it's
-        // being used. 
+        // being used.
         ILdapMapper mapperInst = (ILdapMapper)
-            mProcessor.getMapperInstance(id);
+                mProcessor.getMapperInstance(id);
 
         mProcessor.getMapperInsts().remove((Object) id);
 
         // remove the configuration.
         IConfigStore destStore =
-            mConfig.getSubStore(
-                mAuth.getId() + ".publish.mapper");
+                mConfig.getSubStore(
+                        mAuth.getId() + ".publish.mapper");
         IConfigStore instancesConfig = destStore.getSubStore("instance");
 
         instancesConfig.removeSubStore(id);
@@ -1319,41 +1311,40 @@ public class PublisherAdminServlet extends AdminServlet {
         try {
             mConfig.commit(true);
         } catch (EBaseException e) {
-            //System.out.println("SRVLT_FAIL_COMMIT");
+            // System.out.println("SRVLT_FAIL_COMMIT");
             sendResponse(ERROR,
-                CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"),
-                null, resp);
+                    CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"),
+                    null, resp);
             return;
         }
         sendResponse(SUCCESS, null, params, resp);
         return;
-    }	
+    }
 
-    private synchronized void delMapperPlugin(HttpServletRequest req, 
-        HttpServletResponse resp, String scope) 
-        throws ServletException, IOException, EBaseException {
+    private synchronized void delMapperPlugin(HttpServletRequest req,
+            HttpServletResponse resp, String scope)
+            throws ServletException, IOException, EBaseException {
         NameValuePairs params = new NameValuePairs();
         String id = req.getParameter(Constants.RS_ID);
 
         if (id == null) {
-            //System.out.println("SRVLT_NULL_RS_ID");
+            // System.out.println("SRVLT_NULL_RS_ID");
             sendResponse(ERROR,
-                CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
-                null, resp);
+                    CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
+                    null, resp);
             return;
         }
 
         if (mProcessor.getMapperPlugins().containsKey(id) == false) {
             sendResponse(ERROR,
-                new EMapperPluginNotFound(CMS.getUserMessage(getLocale(req), "CMS_LDAP_MAPPER_PLUGIN_NOT_FOUND", id)).toString(),
-                null, resp);
+                    new EMapperPluginNotFound(CMS.getUserMessage(getLocale(req), "CMS_LDAP_MAPPER_PLUGIN_NOT_FOUND", id)).toString(),
+                    null, resp);
             return;
         }
 
         // first check if any instances from this mapper
         // DON'T remove mapper if any instance
-        for (Enumeration e = mProcessor.getMapperInsts().keys();
-            e.hasMoreElements();) {
+        for (Enumeration e = mProcessor.getMapperInsts().keys(); e.hasMoreElements();) {
             String name = (String) e.nextElement();
             ILdapMapper mapper = mProcessor.getMapperInstance(name);
 
@@ -1362,15 +1353,15 @@ public class PublisherAdminServlet extends AdminServlet {
                 return;
             }
         }
-		
+
         // then delete this mapper
         mProcessor.getMapperPlugins().remove((Object) id);
 
         IConfigStore destStore =
-            mConfig.getSubStore(
-                mAuth.getId() + ".publish.mapper");
+                mConfig.getSubStore(
+                        mAuth.getId() + ".publish.mapper");
         IConfigStore instancesConfig =
-            destStore.getSubStore("impl");
+                destStore.getSubStore("impl");
 
         instancesConfig.removeSubStore(id);
         // commiting
@@ -1378,26 +1369,26 @@ public class PublisherAdminServlet extends AdminServlet {
             mConfig.commit(true);
         } catch (EBaseException e) {
             sendResponse(ERROR,
-                CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"),
-                null, resp);
+                    CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"),
+                    null, resp);
             return;
         }
 
         sendResponse(SUCCESS, null, params, resp);
         return;
-    }	
+    }
 
-    private synchronized void getMapperConfig(HttpServletRequest req, 
-        HttpServletResponse resp)
-        throws ServletException, IOException, EBaseException {
+    private synchronized void getMapperConfig(HttpServletRequest req,
+            HttpServletResponse resp)
+            throws ServletException, IOException, EBaseException {
 
         String implname = req.getParameter(Constants.RS_ID);
 
         if (implname == null) {
-            //System.out.println("SRVLT_NULL_RS_ID");
+            // System.out.println("SRVLT_NULL_RS_ID");
             sendResponse(ERROR,
-                CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
-                null, resp);
+                    CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
+                    null, resp);
             return;
         }
 
@@ -1411,50 +1402,50 @@ public class PublisherAdminServlet extends AdminServlet {
                 String kv = (String) configParams.elementAt(i);
                 int index = kv.indexOf('=');
 
-                params.add(kv.substring(0, index), 
-                    kv.substring(index + 1));
+                params.add(kv.substring(0, index),
+                        kv.substring(index + 1));
             }
         }
         sendResponse(0, null, params, resp);
         return;
     }
 
-    private synchronized void getMapperInstConfig(HttpServletRequest req, 
-        HttpServletResponse resp) throws ServletException, 
+    private synchronized void getMapperInstConfig(HttpServletRequest req,
+            HttpServletResponse resp) throws ServletException,
             IOException, EBaseException {
         String id = req.getParameter(Constants.RS_ID);
 
         if (id == null) {
-            //System.out.println("SRVLT_NULL_RS_ID");
+            // System.out.println("SRVLT_NULL_RS_ID");
             sendResponse(ERROR,
-                CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
-                null, resp);
+                    CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
+                    null, resp);
             return;
         }
 
         // does mapper instance exist?
         if (mProcessor.getMapperInsts().containsKey(id) == false) {
             sendResponse(ERROR,
-                new EMapperNotFound(CMS.getUserMessage(getLocale(req), "CMS_LDAP_MAPPER_NOT_FOUND", id)).toString(),
-                null, resp);
+                    new EMapperNotFound(CMS.getUserMessage(getLocale(req), "CMS_LDAP_MAPPER_NOT_FOUND", id)).toString(),
+                    null, resp);
             return;
         }
 
         ILdapMapper mapperInst = (ILdapMapper)
-            mProcessor.getMapperInstance(id);
+                mProcessor.getMapperInstance(id);
         Vector configParams = mapperInst.getInstanceParams();
         NameValuePairs params = new NameValuePairs();
 
-        params.add(Constants.PR_MAPPER_IMPL_NAME, 
-            getMapperPluginName(mapperInst));
+        params.add(Constants.PR_MAPPER_IMPL_NAME,
+                getMapperPluginName(mapperInst));
         // implName is always required so always send it.
         if (configParams != null) {
             for (int i = 0; i < configParams.size(); i++) {
                 String kv = (String) configParams.elementAt(i);
                 int index = kv.indexOf('=');
 
-                params.add(kv.substring(0, index), 
-                    kv.substring(index + 1));
+                params.add(kv.substring(0, index),
+                        kv.substring(index + 1));
             }
         }
 
@@ -1462,24 +1453,24 @@ public class PublisherAdminServlet extends AdminServlet {
         return;
     }
 
-    private synchronized void modMapperInst(HttpServletRequest req, 
-        HttpServletResponse resp, String scope)
-        throws ServletException, IOException, EBaseException {
+    private synchronized void modMapperInst(HttpServletRequest req,
+            HttpServletResponse resp, String scope)
+            throws ServletException, IOException, EBaseException {
 
         String id = req.getParameter(Constants.RS_ID);
 
         if (id == null) {
-            //System.out.println("SRVLT_NULL_RS_ID");
+            // System.out.println("SRVLT_NULL_RS_ID");
             sendResponse(ERROR,
-                CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
-                null, resp);
+                    CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
+                    null, resp);
             return;
         }
 
         // Does the manager instance exist?
         if (!mProcessor.getMapperInsts().containsKey((Object) id)) {
             sendResponse(ERROR, CMS.getUserMessage(getLocale(req), "CMS_LDAP_SRVLT_ILL_INST_ID", id),
-                null, resp);
+                    null, resp);
             return;
         }
 
@@ -1492,19 +1483,19 @@ public class PublisherAdminServlet extends AdminServlet {
         }
         // get plugin for implementation
         MapperPlugin plugin =
-            (MapperPlugin) mProcessor.getMapperPlugins().get(implname);
+                (MapperPlugin) mProcessor.getMapperPlugins().get(implname);
 
         if (plugin == null) {
             sendResponse(ERROR,
-                new EMapperPluginNotFound(CMS.getUserMessage(getLocale(req), "CMS_LDAP_MAPPER_PLUGIN_NOT_FOUND", implname)).toString(),
-                null, resp);
+                    new EMapperPluginNotFound(CMS.getUserMessage(getLocale(req), "CMS_LDAP_MAPPER_PLUGIN_NOT_FOUND", implname)).toString(),
+                    null, resp);
             return;
         }
 
         // save old instance substore params in case new one fails.
 
         ILdapMapper oldinst =
-            (ILdapMapper) mProcessor.getMapperInstance(id);
+                (ILdapMapper) mProcessor.getMapperInstance(id);
         Vector oldConfigParms = oldinst.getInstanceParams();
         NameValuePairs saveParams = new NameValuePairs();
 
@@ -1516,7 +1507,7 @@ public class PublisherAdminServlet extends AdminServlet {
                 int index = kv.indexOf('=');
 
                 saveParams.add(kv.substring(0, index),
-                    kv.substring(index + 1));
+                        kv.substring(index + 1));
             }
         }
 
@@ -1525,8 +1516,8 @@ public class PublisherAdminServlet extends AdminServlet {
         // remove old substore.
 
         IConfigStore destStore =
-            mConfig.getSubStore(mAuth.getId() +
-                ".publish.mapper");
+                mConfig.getSubStore(mAuth.getId() +
+                        ".publish.mapper");
         IConfigStore instancesConfig = destStore.getSubStore("instance");
 
         // create new substore.
@@ -1557,26 +1548,26 @@ public class PublisherAdminServlet extends AdminServlet {
         ILdapMapper newMgrInst = null;
 
         try {
-            newMgrInst = (ILdapMapper) 
+            newMgrInst = (ILdapMapper)
                     Class.forName(className).newInstance();
         } catch (ClassNotFoundException e) {
             // cleanup
             restore(instancesConfig, id, saveParams);
             sendResponse(ERROR,
-                new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_FAIL_LOAD_CLASS", className)).toString(),
-                null, resp);
+                    new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_FAIL_LOAD_CLASS", className)).toString(),
+                    null, resp);
             return;
         } catch (InstantiationException e) {
             restore(instancesConfig, id, saveParams);
             sendResponse(ERROR,
-                new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_FAIL_LOAD_CLASS", className)).toString(),
-                null, resp);
+                    new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_FAIL_LOAD_CLASS", className)).toString(),
+                    null, resp);
             return;
         } catch (IllegalAccessException e) {
             restore(instancesConfig, id, saveParams);
             sendResponse(ERROR,
-                new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_FAIL_LOAD_CLASS", className)).toString(),
-                null, resp);
+                    new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_FAIL_LOAD_CLASS", className)).toString(),
+                    null, resp);
             return;
         }
         // initialize the mapper
@@ -1586,26 +1577,26 @@ public class PublisherAdminServlet extends AdminServlet {
         } catch (EBaseException e) {
             // don't commit in this case and cleanup the new substore.
             restore(instancesConfig, id, saveParams);
-            sendResponse(ERROR, e.toString(getLocale(req)), null, 
-                resp);
+            sendResponse(ERROR, e.toString(getLocale(req)), null,
+                    resp);
             return;
         } catch (Throwable e) {
             restore(instancesConfig, id, saveParams);
-            sendResponse(ERROR, e.toString(), null, 
-                resp);
+            sendResponse(ERROR, e.toString(), null,
+                    resp);
             return;
         }
 
-        // initialized ok.  commiting
+        // initialized ok. commiting
         try {
             mConfig.commit(true);
         } catch (EBaseException e) {
             // clean up.
             restore(instancesConfig, id, saveParams);
-            //System.out.println("SRVLT_FAIL_COMMIT");
+            // System.out.println("SRVLT_FAIL_COMMIT");
             sendResponse(ERROR,
-                CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"),
-                null, resp);
+                    CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"),
+                    null, resp);
             return;
         }
 
@@ -1614,31 +1605,31 @@ public class PublisherAdminServlet extends AdminServlet {
         mProcessor.getMapperInsts().put(id, new MapperProxy(true, newMgrInst));
 
         mProcessor.log(ILogger.LL_INFO,
-            CMS.getLogMessage("ADMIN_SRVLT_MAPPER_REPLACED", id));
+                CMS.getLogMessage("ADMIN_SRVLT_MAPPER_REPLACED", id));
         NameValuePairs params = new NameValuePairs();
 
         sendResponse(SUCCESS, null, params, resp);
         return;
     }
 
-    private synchronized void addRulePlugin(HttpServletRequest req, 
-        HttpServletResponse resp, String scope)
-        throws ServletException, IOException, EBaseException {
+    private synchronized void addRulePlugin(HttpServletRequest req,
+            HttpServletResponse resp, String scope)
+            throws ServletException, IOException, EBaseException {
         String id = req.getParameter(Constants.RS_ID);
 
         if (id == null) {
-            //System.out.println("SRVLT_NULL_RS_ID");
+            // System.out.println("SRVLT_NULL_RS_ID");
             sendResponse(ERROR,
-                CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
-                null, resp);
+                    CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
+                    null, resp);
             return;
         }
 
         // is the rule id unique?
         if (mProcessor.getRulePlugins().containsKey((Object) id)) {
             sendResponse(ERROR,
-                new ELdapException(CMS.getUserMessage("CMS_LDAP_SRVLT_ILL_PLUGIN_ID", id)).toString(getLocale(req)),
-                null, resp);
+                    new ELdapException(CMS.getUserMessage("CMS_LDAP_SRVLT_ILL_PLUGIN_ID", id)).toString(getLocale(req)),
+                    null, resp);
             return;
         }
 
@@ -1687,10 +1678,10 @@ public class PublisherAdminServlet extends AdminServlet {
         try {
             mConfig.commit(true);
         } catch (EBaseException e) {
-            //System.out.println("SRVLT_FAIL_COMMIT");
+            // System.out.println("SRVLT_FAIL_COMMIT");
             sendResponse(ERROR,
-                CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"),
-                null, resp);
+                    CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"),
+                    null, resp);
             return;
         }
 
@@ -1698,8 +1689,8 @@ public class PublisherAdminServlet extends AdminServlet {
         RulePlugin plugin = new RulePlugin(id, classPath);
 
         mProcessor.getRulePlugins().put(id, plugin);
-        mProcessor.log(ILogger.LL_INFO, 
-            CMS.getLogMessage("ADMIN_SRVLT_RULE_PLUG_ADDED", id));
+        mProcessor.log(ILogger.LL_INFO,
+                CMS.getLogMessage("ADMIN_SRVLT_RULE_PLUG_ADDED", id));
 
         NameValuePairs params = new NameValuePairs();
 
@@ -1707,26 +1698,26 @@ public class PublisherAdminServlet extends AdminServlet {
         return;
     }
 
-    private synchronized void addRuleInst(HttpServletRequest req, 
-        HttpServletResponse resp, String scope)
-        throws ServletException, IOException, EBaseException {
+    private synchronized void addRuleInst(HttpServletRequest req,
+            HttpServletResponse resp, String scope)
+            throws ServletException, IOException, EBaseException {
         String id = req.getParameter(Constants.RS_ID);
 
         if (id == null) {
             sendResponse(ERROR,
-                CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
-                null, resp);
+                    CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
+                    null, resp);
             return;
         }
         if (!isValidID(id)) {
-            sendResponse(ERROR, "Invalid ID '" + id + "'", 
-                null, resp);
+            sendResponse(ERROR, "Invalid ID '" + id + "'",
+                    null, resp);
             return;
         }
 
         if (mProcessor.getRuleInsts().containsKey((Object) id)) {
             sendResponse(ERROR, CMS.getUserMessage(getLocale(req), "CMS_LDAP_SRVLT_ILL_INST_ID", id),
-                null, resp);
+                    null, resp);
             return;
         }
 
@@ -1741,23 +1732,23 @@ public class PublisherAdminServlet extends AdminServlet {
 
         // check if implementation exists.
         RulePlugin plugin =
-            (RulePlugin) mProcessor.getRulePlugins().get(
-                implname);
+                (RulePlugin) mProcessor.getRulePlugins().get(
+                        implname);
 
         if (plugin == null) {
             sendResponse(ERROR,
-                new EPublisherPluginNotFound(CMS.getUserMessage(getLocale(req), "CMS_LDAP_PUBLISHER_PLUGIN_NOT_FOUND", implname)).toString(),
-                null, resp);
+                    new EPublisherPluginNotFound(CMS.getUserMessage(getLocale(req), "CMS_LDAP_PUBLISHER_PLUGIN_NOT_FOUND", implname)).toString(),
+                    null, resp);
             return;
         }
 
         Vector configParams = mProcessor.getRuleDefaultParams(implname);
 
         IConfigStore destStore =
-            mConfig.getSubStore(mAuth.getId()
-                + ".publish.rule");
+                mConfig.getSubStore(mAuth.getId()
+                        + ".publish.rule");
         IConfigStore instancesConfig =
-            destStore.getSubStore("instance");
+                destStore.getSubStore("instance");
         IConfigStore substore = instancesConfig.makeSubStore(id);
 
         if (configParams != null) {
@@ -1767,13 +1758,13 @@ public class PublisherAdminServlet extends AdminServlet {
                 String val = req.getParameter(kv.substring(0, index));
 
                 if (val == null) {
-                    substore.put(kv.substring(0, index), 
-                        kv.substring(index + 1));
+                    substore.put(kv.substring(0, index),
+                            kv.substring(index + 1));
                 } else {
                     if (val.equals(NOMAPPER))
                         val = "";
-                    substore.put(kv.substring(0, index), 
-                        val);
+                    substore.put(kv.substring(0, index),
+                            val);
                 }
             }
         }
@@ -1789,20 +1780,20 @@ public class PublisherAdminServlet extends AdminServlet {
             // cleanup
             instancesConfig.removeSubStore(id);
             sendResponse(ERROR,
-                new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_FAIL_LOAD_CLASS", className)).toString(),
-                null, resp);
+                    new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_FAIL_LOAD_CLASS", className)).toString(),
+                    null, resp);
             return;
         } catch (InstantiationException e) {
             instancesConfig.removeSubStore(id);
             sendResponse(ERROR,
-                new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_FAIL_LOAD_CLASS", className)).toString(),
-                null, resp);
+                    new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_FAIL_LOAD_CLASS", className)).toString(),
+                    null, resp);
             return;
         } catch (IllegalAccessException e) {
             instancesConfig.removeSubStore(id);
             sendResponse(ERROR,
-                new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_FAIL_LOAD_CLASS", className)).toString(),
-                null, resp);
+                    new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_FAIL_LOAD_CLASS", className)).toString(),
+                    null, resp);
             return;
         }
 
@@ -1828,40 +1819,40 @@ public class PublisherAdminServlet extends AdminServlet {
             // clean up.
             instancesConfig.removeSubStore(id);
             sendResponse(ERROR,
-                CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"),
-                null, resp);
+                    CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"),
+                    null, resp);
             return;
         }
         // inited and commited ok. now add manager instance to list.
         mProcessor.getRuleInsts().put(id, ruleInst);
 
-        mProcessor.log(ILogger.LL_INFO, 
-            CMS.getLogMessage("ADMIN_SRVLT_RULE_INST_ADDED", id));
+        mProcessor.log(ILogger.LL_INFO,
+                CMS.getLogMessage("ADMIN_SRVLT_RULE_INST_ADDED", id));
 
         NameValuePairs params = new NameValuePairs();
 
         params.add(Constants.PR_RULE_IMPL_NAME, implname);
         sendResponse(SUCCESS, null, params, resp);
         return;
-    }	
+    }
 
-    private synchronized void listRulePlugins(HttpServletRequest req, 
-        HttpServletResponse resp) throws ServletException, 
+    private synchronized void listRulePlugins(HttpServletRequest req,
+            HttpServletResponse resp) throws ServletException,
             IOException, EBaseException {
         NameValuePairs params = new NameValuePairs();
         Enumeration e = mProcessor.getRulePlugins().keys();
 
         while (e.hasMoreElements()) {
             String name = (String) e.nextElement();
-            RulePlugin value = (RulePlugin) 
-                mProcessor.getRulePlugins().get(name);
+            RulePlugin value = (RulePlugin)
+                    mProcessor.getRulePlugins().get(name);
             // get Description
-            String c = value.getClassPath();	
+            String c = value.getClassPath();
             String desc = "unknown";
 
             try {
                 ILdapRule lp = (ILdapRule)
-                    Class.forName(c).newInstance();
+                        Class.forName(c).newInstance();
 
                 desc = lp.getDescription();
             } catch (Exception exp) {
@@ -1872,8 +1863,8 @@ public class PublisherAdminServlet extends AdminServlet {
         return;
     }
 
-    private synchronized void listRuleInsts(HttpServletRequest req, 
-        HttpServletResponse resp) throws ServletException, 
+    private synchronized void listRuleInsts(HttpServletRequest req,
+            HttpServletResponse resp) throws ServletException,
             IOException, EBaseException {
         NameValuePairs params = new NameValuePairs();
         String insts = null;
@@ -1881,8 +1872,8 @@ public class PublisherAdminServlet extends AdminServlet {
 
         for (; e.hasMoreElements();) {
             String name = (String) e.nextElement();
-            ILdapRule value = (ILdapRule) 
-                mProcessor.getRuleInsts().get((Object) name);
+            ILdapRule value = (ILdapRule)
+                    mProcessor.getRuleInsts().get((Object) name);
             String enabled = value.enabled() ? "enabled" : "disabled";
 
             params.add(name, value.getInstanceName() + ";visible;" + enabled);
@@ -1901,47 +1892,46 @@ public class PublisherAdminServlet extends AdminServlet {
         }
     }
 
-    private synchronized void delRulePlugin(HttpServletRequest req, 
-        HttpServletResponse resp, String scope) 
-        throws ServletException, IOException, EBaseException {
+    private synchronized void delRulePlugin(HttpServletRequest req,
+            HttpServletResponse resp, String scope)
+            throws ServletException, IOException, EBaseException {
         NameValuePairs params = new NameValuePairs();
         String id = req.getParameter(Constants.RS_ID);
 
         if (id == null) {
-            //System.out.println("SRVLT_NULL_RS_ID");
+            // System.out.println("SRVLT_NULL_RS_ID");
             sendResponse(ERROR,
-                CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
-                null, resp);
+                    CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
+                    null, resp);
             return;
         }
 
         // does rule exist?
         if (mProcessor.getRulePlugins().containsKey(id) == false) {
             sendResponse(ERROR,
-                new ERulePluginNotFound(CMS.getUserMessage(getLocale(req), "CMS_LDAP_RULE_PLUGIN_NOT_FOUND", id)).toString(),
-                null, resp);
+                    new ERulePluginNotFound(CMS.getUserMessage(getLocale(req), "CMS_LDAP_RULE_PLUGIN_NOT_FOUND", id)).toString(),
+                    null, resp);
             return;
         }
 
         // first check if any instances from this rule
         // DON'T remove rule if any instance
-        for (Enumeration e = mProcessor.getRuleInsts().elements();
-            e.hasMoreElements();) {
-            ILdapRule rule = (ILdapRule) 
-                e.nextElement();
+        for (Enumeration e = mProcessor.getRuleInsts().elements(); e.hasMoreElements();) {
+            ILdapRule rule = (ILdapRule)
+                    e.nextElement();
 
             if (id.equals(getRulePluginName(rule))) {
                 sendResponse(ERROR, CMS.getUserMessage(getLocale(req), "CMS_LDAP_SRVLT_IN_USE"), null, resp);
                 return;
             }
         }
-		
+
         // then delete this rule
         mProcessor.getRulePlugins().remove((Object) id);
 
         IConfigStore destStore =
-            mConfig.getSubStore(
-                mAuth.getId() + ".rule");
+                mConfig.getSubStore(
+                        mAuth.getId() + ".rule");
         IConfigStore instancesConfig = destStore.getSubStore("impl");
 
         instancesConfig.removeSubStore(id);
@@ -1950,26 +1940,26 @@ public class PublisherAdminServlet extends AdminServlet {
             mConfig.commit(true);
         } catch (EBaseException e) {
             sendResponse(ERROR,
-                CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"),
-                null, resp);
+                    CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"),
+                    null, resp);
             return;
         }
 
         sendResponse(SUCCESS, null, params, resp);
         return;
-    }	
+    }
 
-    private synchronized void delRuleInst(HttpServletRequest req, 
-        HttpServletResponse resp, String scope) 
-        throws ServletException, IOException, EBaseException {
+    private synchronized void delRuleInst(HttpServletRequest req,
+            HttpServletResponse resp, String scope)
+            throws ServletException, IOException, EBaseException {
         NameValuePairs params = new NameValuePairs();
         String id = req.getParameter(Constants.RS_ID);
 
         if (id == null) {
-            //System.out.println("SRVLT_NULL_RS_ID");
+            // System.out.println("SRVLT_NULL_RS_ID");
             sendResponse(ERROR,
-                CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
-                null, resp);
+                    CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
+                    null, resp);
             return;
         }
 
@@ -1978,23 +1968,23 @@ public class PublisherAdminServlet extends AdminServlet {
         // does rule instance exist?
         if (mProcessor.getRuleInsts().containsKey(id) == false) {
             sendResponse(ERROR,
-                new ERuleNotFound(CMS.getUserMessage(getLocale(req), "CMS_LDAP_RULE_NOT_FOUND", id)).toString(),
-                null, resp);
+                    new ERuleNotFound(CMS.getUserMessage(getLocale(req), "CMS_LDAP_RULE_NOT_FOUND", id)).toString(),
+                    null, resp);
             return;
         }
 
         // only remove from memory
         // cannot shutdown because we don't keep track of whether it's
-        // being used. 
+        // being used.
         ILdapRule ruleInst = (ILdapRule)
-            mProcessor.getRuleInsts().get(id);
+                mProcessor.getRuleInsts().get(id);
 
         mProcessor.getRuleInsts().remove((Object) id);
 
         // remove the configuration.
         IConfigStore destStore =
-            mConfig.getSubStore(
-                mAuth.getId() + ".publish.rule");
+                mConfig.getSubStore(
+                        mAuth.getId() + ".publish.rule");
         IConfigStore instancesConfig = destStore.getSubStore("instance");
 
         instancesConfig.removeSubStore(id);
@@ -2002,26 +1992,26 @@ public class PublisherAdminServlet extends AdminServlet {
         try {
             mConfig.commit(true);
         } catch (EBaseException e) {
-            //System.out.println("SRVLT_FAIL_COMMIT");
+            // System.out.println("SRVLT_FAIL_COMMIT");
             sendResponse(ERROR,
-                CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"),
-                null, resp);
+                    CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"),
+                    null, resp);
             return;
         }
         sendResponse(SUCCESS, null, params, resp);
         return;
-    }	
+    }
 
-    private synchronized void getRuleConfig(HttpServletRequest req, 
-        HttpServletResponse resp)
-        throws ServletException, IOException, EBaseException {
+    private synchronized void getRuleConfig(HttpServletRequest req,
+            HttpServletResponse resp)
+            throws ServletException, IOException, EBaseException {
         String implname = req.getParameter(Constants.RS_ID);
 
         if (implname == null) {
-            //System.out.println("SRVLT_NULL_RS_ID");
+            // System.out.println("SRVLT_NULL_RS_ID");
             sendResponse(ERROR,
-                CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
-                null, resp);
+                    CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
+                    null, resp);
             return;
         }
 
@@ -2035,50 +2025,50 @@ public class PublisherAdminServlet extends AdminServlet {
                 String kv = (String) configParams.elementAt(i);
                 int index = kv.indexOf('=');
 
-                params.add(kv.substring(0, index), 
-                    kv.substring(index + 1));
+                params.add(kv.substring(0, index),
+                        kv.substring(index + 1));
             }
         }
         sendResponse(0, null, params, resp);
         return;
     }
 
-    private synchronized void getRuleInstConfig(HttpServletRequest req, 
-        HttpServletResponse resp) throws ServletException, 
+    private synchronized void getRuleInstConfig(HttpServletRequest req,
+            HttpServletResponse resp) throws ServletException,
             IOException, EBaseException {
         String id = req.getParameter(Constants.RS_ID);
 
         if (id == null) {
-            //System.out.println("SRVLT_NULL_RS_ID");
+            // System.out.println("SRVLT_NULL_RS_ID");
             sendResponse(ERROR,
-                CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
-                null, resp);
+                    CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
+                    null, resp);
             return;
         }
 
         // does rule instance exist?
         if (mProcessor.getRuleInsts().containsKey(id) == false) {
             sendResponse(ERROR,
-                new ERuleNotFound(CMS.getUserMessage(getLocale(req), "CMS_LDAP_RULE_NOT_FOUND", id)).toString(),
-                null, resp);
+                    new ERuleNotFound(CMS.getUserMessage(getLocale(req), "CMS_LDAP_RULE_NOT_FOUND", id)).toString(),
+                    null, resp);
             return;
         }
 
         ILdapRule ruleInst = (ILdapRule)
-            mProcessor.getRuleInsts().get(id);
+                mProcessor.getRuleInsts().get(id);
         Vector configParams = ruleInst.getInstanceParams();
         NameValuePairs params = new NameValuePairs();
 
-        params.add(Constants.PR_RULE_IMPL_NAME, 
-            getRulePluginName(ruleInst));
+        params.add(Constants.PR_RULE_IMPL_NAME,
+                getRulePluginName(ruleInst));
         // implName is always required so always send it.
         if (configParams != null) {
             for (int i = 0; i < configParams.size(); i++) {
                 String kv = (String) configParams.elementAt(i);
                 int index = kv.indexOf('=');
 
-                params.add(kv.substring(0, index), 
-                    kv.substring(index + 1));
+                params.add(kv.substring(0, index),
+                        kv.substring(index + 1));
             }
         }
 
@@ -2086,23 +2076,23 @@ public class PublisherAdminServlet extends AdminServlet {
         return;
     }
 
-    private synchronized void modRuleInst(HttpServletRequest req, 
-        HttpServletResponse resp, String scope)
-        throws ServletException, IOException, EBaseException {
+    private synchronized void modRuleInst(HttpServletRequest req,
+            HttpServletResponse resp, String scope)
+            throws ServletException, IOException, EBaseException {
         String id = req.getParameter(Constants.RS_ID);
 
         if (id == null) {
-            //System.out.println("SRVLT_NULL_RS_ID");
+            // System.out.println("SRVLT_NULL_RS_ID");
             sendResponse(ERROR,
-                CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
-                null, resp);
+                    CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
+                    null, resp);
             return;
         }
 
         // Does the manager instance exist?
         if (!mProcessor.getRuleInsts().containsKey((Object) id)) {
             sendResponse(ERROR, CMS.getUserMessage(getLocale(req), "CMS_LDAP_SRVLT_ILL_INST_ID", id),
-                null, resp);
+                    null, resp);
             return;
         }
 
@@ -2114,22 +2104,23 @@ public class PublisherAdminServlet extends AdminServlet {
             return;
         }
 
-        // get plugin for implementation 
+        // get plugin for implementation
         RulePlugin plugin =
-            (RulePlugin) mProcessor.getRulePlugins().get(implname);
+                (RulePlugin) mProcessor.getRulePlugins().get(implname);
 
         if (plugin == null) {
             sendResponse(ERROR,
-                //new ERulePluginNotFound(implname).toString(getLocale(req)),
-                "",
-                null, resp);
+                    // new
+                    // ERulePluginNotFound(implname).toString(getLocale(req)),
+                    "",
+                    null, resp);
             return;
         }
 
-        // save old instance substore params in case new one fails. 
+        // save old instance substore params in case new one fails.
 
-        ILdapRule oldinst = 
-            (ILdapRule) mProcessor.getRuleInsts().get((Object) id);
+        ILdapRule oldinst =
+                (ILdapRule) mProcessor.getRuleInsts().get((Object) id);
         Vector oldConfigParms = oldinst.getInstanceParams();
         NameValuePairs saveParams = new NameValuePairs();
 
@@ -2141,7 +2132,7 @@ public class PublisherAdminServlet extends AdminServlet {
                 int index = kv.indexOf('=');
 
                 saveParams.add(kv.substring(0, index),
-                    kv.substring(index + 1));
+                        kv.substring(index + 1));
             }
         }
 
@@ -2150,8 +2141,8 @@ public class PublisherAdminServlet extends AdminServlet {
         // remove old substore.
 
         IConfigStore destStore =
-            mConfig.getSubStore(
-                mAuth.getId() + ".publish.rule");
+                mConfig.getSubStore(
+                        mAuth.getId() + ".publish.rule");
         IConfigStore instancesConfig = destStore.getSubStore("instance");
 
         // create new substore.
@@ -2171,8 +2162,8 @@ public class PublisherAdminServlet extends AdminServlet {
                 String val = req.getParameter(key);
 
                 if (val == null) {
-                    substore.put(key, 
-                        kv.substring(index + 1));
+                    substore.put(key,
+                            kv.substring(index + 1));
                 } else {
                     if (val.equals(NOMAPPER))
                         val = "";
@@ -2192,20 +2183,20 @@ public class PublisherAdminServlet extends AdminServlet {
             // cleanup
             restore(instancesConfig, id, saveParams);
             sendResponse(ERROR,
-                new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_FAIL_LOAD_CLASS", className)).toString(),
-                null, resp);
+                    new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_FAIL_LOAD_CLASS", className)).toString(),
+                    null, resp);
             return;
         } catch (InstantiationException e) {
             restore(instancesConfig, id, saveParams);
             sendResponse(ERROR,
-                new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_FAIL_LOAD_CLASS", className)).toString(),
-                null, resp);
+                    new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_FAIL_LOAD_CLASS", className)).toString(),
+                    null, resp);
             return;
         } catch (IllegalAccessException e) {
             restore(instancesConfig, id, saveParams);
             sendResponse(ERROR,
-                new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_FAIL_LOAD_CLASS", className)).toString(),
-                null, resp);
+                    new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_FAIL_LOAD_CLASS", className)).toString(),
+                    null, resp);
             return;
         }
 
@@ -2224,16 +2215,16 @@ public class PublisherAdminServlet extends AdminServlet {
             return;
         }
 
-        // initialized ok.  commiting
+        // initialized ok. commiting
         try {
             mConfig.commit(true);
         } catch (EBaseException e) {
             // clean up.
             restore(instancesConfig, id, saveParams);
-            //System.out.println("SRVLT_FAIL_COMMIT");
+            // System.out.println("SRVLT_FAIL_COMMIT");
             sendResponse(ERROR,
-                CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"),
-                null, resp);
+                    CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"),
+                    null, resp);
             return;
         }
 
@@ -2241,40 +2232,40 @@ public class PublisherAdminServlet extends AdminServlet {
 
         mProcessor.getRuleInsts().put(id, newRuleInst);
 
-        mProcessor.log(ILogger.LL_INFO, 
-            CMS.getLogMessage("ADMIN_SRVLT_RULE_INST_REP", id));
+        mProcessor.log(ILogger.LL_INFO,
+                CMS.getLogMessage("ADMIN_SRVLT_RULE_INST_REP", id));
         NameValuePairs params = new NameValuePairs();
 
         sendResponse(SUCCESS, null, params, resp);
         return;
     }
 
-    private synchronized void addPublisherPlugin(HttpServletRequest req, 
-        HttpServletResponse resp, String scope)
-        throws ServletException, IOException, EBaseException {
+    private synchronized void addPublisherPlugin(HttpServletRequest req,
+            HttpServletResponse resp, String scope)
+            throws ServletException, IOException, EBaseException {
 
         String id = req.getParameter(Constants.RS_ID);
 
         if (id == null) {
-            //System.out.println("SRVLT_NULL_RS_ID");
+            // System.out.println("SRVLT_NULL_RS_ID");
             sendResponse(ERROR,
-                CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
-                null, resp);
+                    CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
+                    null, resp);
             return;
         }
 
         // is the manager id unique?
         if (mProcessor.getPublisherPlugins().containsKey((Object) id)) {
             sendResponse(ERROR,
-                new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_SRVLT_ILL_PLUGIN_ID", id)).toString(),
-                null, resp);
+                    new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_SRVLT_ILL_PLUGIN_ID", id)).toString(),
+                    null, resp);
             return;
         }
 
         String classPath = req.getParameter(Constants.PR_PUBLISHER_CLASS);
 
         if (classPath == null) {
-            sendResponse(ERROR, CMS.getUserMessage(getLocale(req),"CMS_LDAP_SRVLT_NULL_CLASS"), null, resp);
+            sendResponse(ERROR, CMS.getUserMessage(getLocale(req), "CMS_LDAP_SRVLT_NULL_CLASS"), null, resp);
             return;
         }
 
@@ -2316,10 +2307,10 @@ public class PublisherAdminServlet extends AdminServlet {
         try {
             mConfig.commit(true);
         } catch (EBaseException e) {
-            //System.out.println("SRVLT_FAIL_COMMIT");
+            // System.out.println("SRVLT_FAIL_COMMIT");
             sendResponse(ERROR,
-                CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"),
-                null, resp);
+                    CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"),
+                    null, resp);
             return;
         }
 
@@ -2327,8 +2318,8 @@ public class PublisherAdminServlet extends AdminServlet {
         PublisherPlugin plugin = new PublisherPlugin(id, classPath);
 
         mProcessor.getPublisherPlugins().put(id, plugin);
-        mProcessor.log(ILogger.LL_INFO, 
-            CMS.getLogMessage("ADMIN_SRVLT_PUB_PLUG_ADDED", id));
+        mProcessor.log(ILogger.LL_INFO,
+                CMS.getLogMessage("ADMIN_SRVLT_PUB_PLUG_ADDED", id));
 
         NameValuePairs params = new NameValuePairs();
 
@@ -2336,28 +2327,28 @@ public class PublisherAdminServlet extends AdminServlet {
         return;
     }
 
-    private synchronized void addPublisherInst(HttpServletRequest req, 
-        HttpServletResponse resp, String scope)
-        throws ServletException, IOException, EBaseException {
+    private synchronized void addPublisherInst(HttpServletRequest req,
+            HttpServletResponse resp, String scope)
+            throws ServletException, IOException, EBaseException {
 
         String id = req.getParameter(Constants.RS_ID);
 
         if (id == null) {
             sendResponse(ERROR,
-                CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
-                null, resp);
+                    CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
+                    null, resp);
             return;
         }
 
         if (!isValidID(id)) {
-            sendResponse(ERROR, "Invalid ID '" + id + "'", 
-                null, resp);
+            sendResponse(ERROR, "Invalid ID '" + id + "'",
+                    null, resp);
             return;
         }
 
         if (mProcessor.getPublisherInsts().containsKey((Object) id)) {
             sendResponse(ERROR, CMS.getUserMessage(getLocale(req), "CMS_LDAP_SRVLT_ILL_INST_ID", id),
-                null, resp);
+                    null, resp);
             return;
         }
 
@@ -2372,20 +2363,20 @@ public class PublisherAdminServlet extends AdminServlet {
 
         // check if implementation exists.
         PublisherPlugin plugin =
-            (PublisherPlugin) mProcessor.getPublisherPlugins().get(
-                implname);
+                (PublisherPlugin) mProcessor.getPublisherPlugins().get(
+                        implname);
 
         if (plugin == null) {
             sendResponse(ERROR,
-                new EPublisherPluginNotFound(CMS.getUserMessage(getLocale(req), "CMS_LDAP_PUBLISHER_PLUGIN_NOT_FOUND", implname)).toString(),
-                null, resp);
+                    new EPublisherPluginNotFound(CMS.getUserMessage(getLocale(req), "CMS_LDAP_PUBLISHER_PLUGIN_NOT_FOUND", implname)).toString(),
+                    null, resp);
             return;
         }
 
         Vector configParams = mProcessor.getPublisherDefaultParams(implname);
 
         IConfigStore destStore =
-            mConfig.getSubStore(mAuth.getId() + ".publish.publisher");
+                mConfig.getSubStore(mAuth.getId() + ".publish.publisher");
         IConfigStore instancesConfig = destStore.getSubStore("instance");
         IConfigStore substore = instancesConfig.makeSubStore(id);
 
@@ -2404,15 +2395,15 @@ public class PublisherAdminServlet extends AdminServlet {
                     if (index == -1) {
                         substore.put(kv, "");
                     } else {
-                        substore.put(kv.substring(0, index), 
-                            kv.substring(index + 1));
+                        substore.put(kv.substring(0, index),
+                                kv.substring(index + 1));
                     }
                 } else {
                     if (index == -1) {
                         substore.put(kv, val);
                     } else {
-                        substore.put(kv.substring(0, index), 
-                            val);
+                        substore.put(kv.substring(0, index),
+                                val);
                     }
                 }
             }
@@ -2429,20 +2420,20 @@ public class PublisherAdminServlet extends AdminServlet {
             // cleanup
             instancesConfig.removeSubStore(id);
             sendResponse(ERROR,
-                new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_FAIL_LOAD_CLASS", className)).toString(),
-                null, resp);
+                    new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_FAIL_LOAD_CLASS", className)).toString(),
+                    null, resp);
             return;
         } catch (InstantiationException e) {
             instancesConfig.removeSubStore(id);
             sendResponse(ERROR,
-                new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_FAIL_LOAD_CLASS", className)).toString(),
-                null, resp);
+                    new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_FAIL_LOAD_CLASS", className)).toString(),
+                    null, resp);
             return;
         } catch (IllegalAccessException e) {
             instancesConfig.removeSubStore(id);
             sendResponse(ERROR,
-                new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_FAIL_LOAD_CLASS", className)).toString(),
-                null, resp);
+                    new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_FAIL_LOAD_CLASS", className)).toString(),
+                    null, resp);
             return;
         }
 
@@ -2467,16 +2458,16 @@ public class PublisherAdminServlet extends AdminServlet {
             // clean up.
             instancesConfig.removeSubStore(id);
             sendResponse(ERROR,
-                CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"),
-                null, resp);
+                    CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"),
+                    null, resp);
             return;
         }
 
         // inited and commited ok. now add manager instance to list.
         mProcessor.getPublisherInsts().put(id, new PublisherProxy(true, publisherInst));
 
-        mProcessor.log(ILogger.LL_INFO, 
-            CMS.getLogMessage("ADMIN_SRVLT_PUB_INST_ADDED", id));
+        mProcessor.log(ILogger.LL_INFO,
+                CMS.getLogMessage("ADMIN_SRVLT_PUB_INST_ADDED", id));
 
         NameValuePairs params = new NameValuePairs();
 
@@ -2485,8 +2476,8 @@ public class PublisherAdminServlet extends AdminServlet {
         return;
     }
 
-    private synchronized void listPublisherPlugins(HttpServletRequest req, 
-        HttpServletResponse resp) throws ServletException, 
+    private synchronized void listPublisherPlugins(HttpServletRequest req,
+            HttpServletResponse resp) throws ServletException,
             IOException, EBaseException {
 
         NameValuePairs params = new NameValuePairs();
@@ -2494,15 +2485,15 @@ public class PublisherAdminServlet extends AdminServlet {
 
         while (e.hasMoreElements()) {
             String name = (String) e.nextElement();
-            PublisherPlugin value = (PublisherPlugin) 
-                mProcessor.getPublisherPlugins().get(name);
+            PublisherPlugin value = (PublisherPlugin)
+                    mProcessor.getPublisherPlugins().get(name);
             // get Description
-            String c = value.getClassPath();	
+            String c = value.getClassPath();
             String desc = "unknown";
 
             try {
                 ILdapPublisher lp = (ILdapPublisher)
-                    Class.forName(c).newInstance();
+                        Class.forName(c).newInstance();
 
                 desc = lp.getDescription();
             } catch (Exception exp) {
@@ -2523,8 +2514,8 @@ public class PublisherAdminServlet extends AdminServlet {
         }
     }
 
-    private synchronized void listPublisherInsts(HttpServletRequest req, 
-        HttpServletResponse resp) throws ServletException, 
+    private synchronized void listPublisherInsts(HttpServletRequest req,
+            HttpServletResponse resp) throws ServletException,
             IOException, EBaseException {
 
         NameValuePairs params = new NameValuePairs();
@@ -2543,48 +2534,47 @@ public class PublisherAdminServlet extends AdminServlet {
         return;
     }
 
-    private synchronized void delPublisherPlugin(HttpServletRequest req, 
-        HttpServletResponse resp, String scope) throws ServletException, 
+    private synchronized void delPublisherPlugin(HttpServletRequest req,
+            HttpServletResponse resp, String scope) throws ServletException,
             IOException, EBaseException {
 
         NameValuePairs params = new NameValuePairs();
         String id = req.getParameter(Constants.RS_ID);
 
         if (id == null) {
-            //System.out.println("SRVLT_NULL_RS_ID");
+            // System.out.println("SRVLT_NULL_RS_ID");
             sendResponse(ERROR,
-                CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
-                null, resp);
+                    CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
+                    null, resp);
             return;
         }
 
         // does publisher exist?
         if (mProcessor.getPublisherPlugins().containsKey(id) == false) {
             sendResponse(ERROR,
-                new EPublisherPluginNotFound(CMS.getUserMessage(getLocale(req), "CMS_LDAP_PUBLISHER_PLUGIN_NOT_FOUND", id)).toString(),
-                null, resp);
+                    new EPublisherPluginNotFound(CMS.getUserMessage(getLocale(req), "CMS_LDAP_PUBLISHER_PLUGIN_NOT_FOUND", id)).toString(),
+                    null, resp);
             return;
         }
 
         // first check if any instances from this publisher
         // DON'T remove publisher if any instance
-        for (Enumeration e = mProcessor.getPublisherInsts().keys();
-            e.hasMoreElements();) {
+        for (Enumeration e = mProcessor.getPublisherInsts().keys(); e.hasMoreElements();) {
             String name = (String) e.nextElement();
-            ILdapPublisher publisher = 
-                mProcessor.getPublisherInstance(name);
+            ILdapPublisher publisher =
+                    mProcessor.getPublisherInstance(name);
 
             if (id.equals(getPublisherPluginName(publisher))) {
                 sendResponse(ERROR, CMS.getUserMessage(getLocale(req), "CMS_LDAP_SRVLT_IN_USE"), null, resp);
                 return;
             }
         }
-		
+
         // then delete this publisher
         mProcessor.getPublisherPlugins().remove((Object) id);
 
         IConfigStore destStore =
-            mConfig.getSubStore(mAuth.getId() + ".publish.publisher");
+                mConfig.getSubStore(mAuth.getId() + ".publish.publisher");
         IConfigStore instancesConfig = destStore.getSubStore("impl");
 
         instancesConfig.removeSubStore(id);
@@ -2593,8 +2583,8 @@ public class PublisherAdminServlet extends AdminServlet {
             mConfig.commit(true);
         } catch (EBaseException e) {
             sendResponse(ERROR,
-                CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"),
-                null, resp);
+                    CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"),
+                    null, resp);
             return;
         }
 
@@ -2602,18 +2592,18 @@ public class PublisherAdminServlet extends AdminServlet {
         return;
     }
 
-    private synchronized void delPublisherInst(HttpServletRequest req, 
-        HttpServletResponse resp, String scope) throws ServletException, 
+    private synchronized void delPublisherInst(HttpServletRequest req,
+            HttpServletResponse resp, String scope) throws ServletException,
             IOException, EBaseException {
 
         NameValuePairs params = new NameValuePairs();
         String id = req.getParameter(Constants.RS_ID);
 
         if (id == null) {
-            //System.out.println("SRVLT_NULL_RS_ID");
+            // System.out.println("SRVLT_NULL_RS_ID");
             sendResponse(ERROR,
-                CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
-                null, resp);
+                    CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
+                    null, resp);
             return;
         }
 
@@ -2622,21 +2612,21 @@ public class PublisherAdminServlet extends AdminServlet {
         // does publisher instance exist?
         if (mProcessor.getPublisherInsts().containsKey(id) == false) {
             sendResponse(ERROR,
-                new EPublisherNotFound(CMS.getUserMessage(getLocale(req), "CMS_LDAP_PUBLISHER_NOT_FOUND", id)).toString(),
-                null, resp);
+                    new EPublisherNotFound(CMS.getUserMessage(getLocale(req), "CMS_LDAP_PUBLISHER_NOT_FOUND", id)).toString(),
+                    null, resp);
             return;
         }
 
         // only remove from memory
         // cannot shutdown because we don't keep track of whether it's
-        // being used. 
+        // being used.
         ILdapPublisher publisherInst = mProcessor.getPublisherInstance(id);
 
         mProcessor.getPublisherInsts().remove((Object) id);
 
         // remove the configuration.
         IConfigStore destStore =
-            mConfig.getSubStore(mAuth.getId() + ".publish.publisher");
+                mConfig.getSubStore(mAuth.getId() + ".publish.publisher");
         IConfigStore instancesConfig = destStore.getSubStore("instance");
 
         instancesConfig.removeSubStore(id);
@@ -2644,10 +2634,10 @@ public class PublisherAdminServlet extends AdminServlet {
         try {
             mConfig.commit(true);
         } catch (EBaseException e) {
-            //System.out.println("SRVLT_FAIL_COMMIT");
+            // System.out.println("SRVLT_FAIL_COMMIT");
             sendResponse(ERROR,
-                CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"),
-                null, resp);
+                    CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"),
+                    null, resp);
             return;
         }
         sendResponse(SUCCESS, null, params, resp);
@@ -2655,25 +2645,24 @@ public class PublisherAdminServlet extends AdminServlet {
     }
 
     /**
-     * used for getting the required configuration parameters (with
-     *	 possible default values) for a particular  plugin
-     * implementation name specified in the RS_ID.  Actually, there is
-     *	 no logic in here to set any default value here...there's no
-     *	 default value for any parameter in this publishing subsystem
-     *	 at this point.  Later, if we do have one (or some), it can be
-     *	 added.  The interface remains the same.
+     * used for getting the required configuration parameters (with possible
+     * default values) for a particular plugin implementation name specified in
+     * the RS_ID. Actually, there is no logic in here to set any default value
+     * here...there's no default value for any parameter in this publishing
+     * subsystem at this point. Later, if we do have one (or some), it can be
+     * added. The interface remains the same.
      */
-    private synchronized void getConfig(HttpServletRequest req, 
-        HttpServletResponse resp)
-        throws ServletException, IOException, EBaseException {
+    private synchronized void getConfig(HttpServletRequest req,
+            HttpServletResponse resp)
+            throws ServletException, IOException, EBaseException {
 
         String implname = req.getParameter(Constants.RS_ID);
 
         if (implname == null) {
-            //System.out.println("SRVLT_NULL_RS_ID");
+            // System.out.println("SRVLT_NULL_RS_ID");
             sendResponse(ERROR,
-                CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
-                null, resp);
+                    CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
+                    null, resp);
             return;
         }
 
@@ -2690,8 +2679,8 @@ public class PublisherAdminServlet extends AdminServlet {
                 if (index == -1) {
                     params.add(kv, "");
                 } else {
-                    params.add(kv.substring(0, index), 
-                        kv.substring(index + 1));
+                    params.add(kv.substring(0, index),
+                            kv.substring(index + 1));
                 }
             }
         }
@@ -2699,43 +2688,43 @@ public class PublisherAdminServlet extends AdminServlet {
         return;
     }
 
-    private synchronized void getInstConfig(HttpServletRequest req, 
-        HttpServletResponse resp) throws ServletException, 
+    private synchronized void getInstConfig(HttpServletRequest req,
+            HttpServletResponse resp) throws ServletException,
             IOException, EBaseException {
 
         String id = req.getParameter(Constants.RS_ID);
 
         if (id == null) {
-            //System.out.println("SRVLT_NULL_RS_ID");
+            // System.out.println("SRVLT_NULL_RS_ID");
             sendResponse(ERROR,
-                CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
-                null, resp);
+                    CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
+                    null, resp);
             return;
         }
 
         // does publisher instance exist?
         if (mProcessor.getPublisherInsts().containsKey(id) == false) {
             sendResponse(ERROR,
-                new EPublisherNotFound(CMS.getUserMessage(getLocale(req), "CMS_LDAP_PUBLISHER_NOT_FOUND", id)).toString(),
-                null, resp);
+                    new EPublisherNotFound(CMS.getUserMessage(getLocale(req), "CMS_LDAP_PUBLISHER_NOT_FOUND", id)).toString(),
+                    null, resp);
             return;
         }
 
         ILdapPublisher publisherInst = (ILdapPublisher)
-            mProcessor.getPublisherInstance(id);
+                mProcessor.getPublisherInstance(id);
         Vector configParams = publisherInst.getInstanceParams();
         NameValuePairs params = new NameValuePairs();
 
-        params.add(Constants.PR_PUBLISHER_IMPL_NAME, 
-            getPublisherPluginName(publisherInst));
+        params.add(Constants.PR_PUBLISHER_IMPL_NAME,
+                getPublisherPluginName(publisherInst));
         // implName is always required so always send it.
         if (configParams != null) {
             for (int i = 0; i < configParams.size(); i++) {
                 String kv = (String) configParams.elementAt(i);
                 int index = kv.indexOf('=');
 
-                params.add(kv.substring(0, index), 
-                    kv.substring(index + 1));
+                params.add(kv.substring(0, index),
+                        kv.substring(index + 1));
             }
         }
 
@@ -2744,33 +2733,31 @@ public class PublisherAdminServlet extends AdminServlet {
     }
 
     /**
-     * Modify publisher instance.
-     * This will actually create a new instance with new configuration 
-     * parameters and replace the old instance, if the new instance 
-     * created and initialized successfully.
-     * The old instance is left running. so this is very expensive.
-     * Restart of server recommended.
+     * Modify publisher instance. This will actually create a new instance with
+     * new configuration parameters and replace the old instance, if the new
+     * instance created and initialized successfully. The old instance is left
+     * running. so this is very expensive. Restart of server recommended.
      */
-    private synchronized void modPublisherInst(HttpServletRequest req, 
-        HttpServletResponse resp, String scope)
-        throws ServletException, IOException, EBaseException {
+    private synchronized void modPublisherInst(HttpServletRequest req,
+            HttpServletResponse resp, String scope)
+            throws ServletException, IOException, EBaseException {
 
         // expensive operation.
 
         String id = req.getParameter(Constants.RS_ID);
 
         if (id == null) {
-            //System.out.println("SRVLT_NULL_RS_ID");
+            // System.out.println("SRVLT_NULL_RS_ID");
             sendResponse(ERROR,
-                CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
-                null, resp);
+                    CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
+                    null, resp);
             return;
         }
 
         // Does the manager instance exist?
         if (!mProcessor.getPublisherInsts().containsKey((Object) id)) {
             sendResponse(ERROR, CMS.getUserMessage(getLocale(req), "CMS_LDAP_SRVLT_ILL_INST_ID", id),
-                null, resp);
+                    null, resp);
             return;
         }
 
@@ -2782,18 +2769,18 @@ public class PublisherAdminServlet extends AdminServlet {
             return;
         }
 
-        // get plugin for implementation 
+        // get plugin for implementation
         PublisherPlugin plugin =
-            (PublisherPlugin) mProcessor.getPublisherPlugins().get(implname);
+                (PublisherPlugin) mProcessor.getPublisherPlugins().get(implname);
 
         if (plugin == null) {
             sendResponse(ERROR,
-                new EPublisherPluginNotFound(CMS.getUserMessage(getLocale(req), "CMS_LDAP_PUBLISHER_PLUGIN_NOT_FOUND", implname)).toString(),
-                null, resp);
+                    new EPublisherPluginNotFound(CMS.getUserMessage(getLocale(req), "CMS_LDAP_PUBLISHER_PLUGIN_NOT_FOUND", implname)).toString(),
+                    null, resp);
             return;
         }
 
-        // save old instance substore params in case new one fails. 
+        // save old instance substore params in case new one fails.
 
         ILdapPublisher oldinst = mProcessor.getPublisherInstance(id);
         Vector oldConfigParms = oldinst.getInstanceParams();
@@ -2813,8 +2800,8 @@ public class PublisherAdminServlet extends AdminServlet {
                         pubType = "crl";
                     }
 
-                    saveParams.add(kv.substring(0, index), 
-                        kv.substring(index + 1));
+                    saveParams.add(kv.substring(0, index),
+                            kv.substring(index + 1));
                 }
             }
         }
@@ -2824,7 +2811,7 @@ public class PublisherAdminServlet extends AdminServlet {
         // remove old substore.
 
         IConfigStore destStore =
-            mConfig.getSubStore(mAuth.getId() + ".publish.publisher");
+                mConfig.getSubStore(mAuth.getId() + ".publish.publisher");
         IConfigStore instancesConfig = destStore.getSubStore("instance");
 
         // get objects added and deleted
@@ -2859,9 +2846,9 @@ public class PublisherAdminServlet extends AdminServlet {
         }
 
         // process any changes to the ldap object class definitions
-        if (pubType.equals("cacert"))  {
+        if (pubType.equals("cacert")) {
             processChangedOC(saveParams, substore, "caObjectClass");
-            substore.put("pubtype", "cacert"); 
+            substore.put("pubtype", "cacert");
         }
 
         if (pubType.equals("crl")) {
@@ -2880,20 +2867,20 @@ public class PublisherAdminServlet extends AdminServlet {
             // cleanup
             restore(instancesConfig, id, saveParams);
             sendResponse(ERROR,
-                new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_FAIL_LOAD_CLASS", className)).toString(),
-                null, resp);
+                    new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_FAIL_LOAD_CLASS", className)).toString(),
+                    null, resp);
             return;
         } catch (InstantiationException e) {
             restore(instancesConfig, id, saveParams);
             sendResponse(ERROR,
-                new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_FAIL_LOAD_CLASS", className)).toString(),
-                null, resp);
+                    new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_FAIL_LOAD_CLASS", className)).toString(),
+                    null, resp);
             return;
         } catch (IllegalAccessException e) {
             restore(instancesConfig, id, saveParams);
             sendResponse(ERROR,
-                new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_FAIL_LOAD_CLASS", className)).toString(),
-                null, resp);
+                    new ELdapException(CMS.getUserMessage(getLocale(req), "CMS_LDAP_FAIL_LOAD_CLASS", className)).toString(),
+                    null, resp);
             return;
         }
 
@@ -2912,16 +2899,16 @@ public class PublisherAdminServlet extends AdminServlet {
             return;
         }
 
-        // initialized ok.  commiting
+        // initialized ok. commiting
         try {
             mConfig.commit(true);
         } catch (EBaseException e) {
             // clean up.
             restore(instancesConfig, id, saveParams);
-            //System.out.println("SRVLT_FAIL_COMMIT");
+            // System.out.println("SRVLT_FAIL_COMMIT");
             sendResponse(ERROR,
-                CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"),
-                null, resp);
+                    CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_COMMIT_FAILED"),
+                    null, resp);
             return;
         }
 
@@ -2929,8 +2916,8 @@ public class PublisherAdminServlet extends AdminServlet {
 
         mProcessor.getPublisherInsts().put(id, new PublisherProxy(true, newMgrInst));
 
-        mProcessor.log(ILogger.LL_INFO, 
-            CMS.getLogMessage("ADMIN_SRVLT_PUB_INST_REP", id));
+        mProcessor.log(ILogger.LL_INFO,
+                CMS.getLogMessage("ADMIN_SRVLT_PUB_INST_REP", id));
 
         NameValuePairs params = new NameValuePairs();
 
@@ -2938,54 +2925,57 @@ public class PublisherAdminServlet extends AdminServlet {
         return;
     }
 
-    // convenience function - takes list1, list2.  Returns what is in list1
+    // convenience function - takes list1, list2. Returns what is in list1
     // but not in list2
     private String[] getExtras(String[] list1, String[] list2) {
-        Vector <String> extras = new Vector<String>();
-        for (int i=0; i< list1.length; i++) {
-           boolean match=false;
-           for (int j=0; j < list2.length; j++) {
-               if ((list1[i].trim()).equalsIgnoreCase(list2[j].trim())) {
-                   match = true;
-                   break;
-               }
-           }
-           if (!match) extras.add(list1[i].trim());
-        }
-        
-        return (String[])extras.toArray(new String[extras.size()]); 
+        Vector<String> extras = new Vector<String>();
+        for (int i = 0; i < list1.length; i++) {
+            boolean match = false;
+            for (int j = 0; j < list2.length; j++) {
+                if ((list1[i].trim()).equalsIgnoreCase(list2[j].trim())) {
+                    match = true;
+                    break;
+                }
+            }
+            if (!match)
+                extras.add(list1[i].trim());
+        }
+
+        return (String[]) extras.toArray(new String[extras.size()]);
     }
 
-    // convenience function - takes list1, list2.  Concatenates the two
+    // convenience function - takes list1, list2. Concatenates the two
     // lists removing duplicates
     private String[] joinLists(String[] list1, String[] list2) {
-        Vector <String> sum = new Vector<String>();
-        for (int i=0; i< list1.length; i++) {
-           sum.add(list1[i]);
-        }
-        
-        for (int i=0; i < list2.length; i++) {
-           boolean match=false;
-           for (int j=0; j < list1.length; j++) {
-               if ((list2[i].trim()).equalsIgnoreCase(list1[j].trim())) {
-                   match = true;
-                   break;
-               }
-           }
-           if (!match) sum.add(list2[i].trim());
-        }
-        
-        return (String[])sum.toArray(new String[sum.size()]); 
+        Vector<String> sum = new Vector<String>();
+        for (int i = 0; i < list1.length; i++) {
+            sum.add(list1[i]);
+        }
+
+        for (int i = 0; i < list2.length; i++) {
+            boolean match = false;
+            for (int j = 0; j < list1.length; j++) {
+                if ((list2[i].trim()).equalsIgnoreCase(list1[j].trim())) {
+                    match = true;
+                    break;
+                }
+            }
+            if (!match)
+                sum.add(list2[i].trim());
+        }
+
+        return (String[]) sum.toArray(new String[sum.size()]);
     }
 
     // convenience funtion. Takes a string array and delimiter
     // and returns a String with the concatenation
     private static String join(String[] s, String delimiter) {
-        if (s.length == 0) return "";
+        if (s.length == 0)
+            return "";
 
         StringBuffer buffer = new StringBuffer(s[0]);
         if (s.length > 1) {
-            for (int i=1; i< s.length; i++) {
+            for (int i = 1; i < s.length; i++) {
                 buffer.append(delimiter).append(s[i].trim());
             }
         }
@@ -3005,36 +2995,38 @@ public class PublisherAdminServlet extends AdminServlet {
         oldAdded = saveParams.getValue(objName + "Added");
         oldDeleted = saveParams.getValue(objName + "Deleted");
 
-        if ((oldOC == null) || (newOC == null)) return;
-        if (oldOC.equalsIgnoreCase(newOC)) return;
+        if ((oldOC == null) || (newOC == null))
+            return;
+        if (oldOC.equalsIgnoreCase(newOC))
+            return;
 
-        String [] oldList = oldOC.split(",");
-        String [] newList = newOC.split(",");
-        String [] deletedList = getExtras(oldList, newList);
-        String [] addedList = getExtras(newList, oldList);
+        String[] oldList = oldOC.split(",");
+        String[] newList = newOC.split(",");
+        String[] deletedList = getExtras(oldList, newList);
+        String[] addedList = getExtras(newList, oldList);
 
         // CMS.debug("addedList = " + join(addedList, ","));
         // CMS.debug("deletedList = " + join(deletedList, ","));
 
-        if ((addedList.length ==0) && (deletedList.length == 0)) 
-            return;  // no changes
+        if ((addedList.length == 0) && (deletedList.length == 0))
+            return; // no changes
 
         if (oldAdded != null) {
             // CMS.debug("oldAdded is " + oldAdded);
-            String [] oldAddedList = oldAdded.split(",");
+            String[] oldAddedList = oldAdded.split(",");
             addedList = joinLists(addedList, oldAddedList);
         }
 
         if (oldDeleted != null) {
             // CMS.debug("oldDeleted is " + oldDeleted);
-            String [] oldDeletedList = oldDeleted.split(",");
+            String[] oldDeletedList = oldDeleted.split(",");
             deletedList = joinLists(deletedList, oldDeletedList);
         }
 
         String[] addedList1 = getExtras(addedList, deletedList);
         String[] deletedList1 = getExtras(deletedList, addedList);
 
-        //create the final strings and write to config
+        // create the final strings and write to config
         String addedListStr = join(addedList1, ",");
         String deletedListStr = join(deletedList1, ",");
 
@@ -3046,8 +3038,8 @@ public class PublisherAdminServlet extends AdminServlet {
     }
 
     // convenience routine.
-    private static void restore(IConfigStore store, 
-        String id, NameValuePairs saveParams) {
+    private static void restore(IConfigStore store,
+            String id, NameValuePairs saveParams) {
         store.removeSubStore(id);
         IConfigStore rstore = store.makeSubStore(id);
 
@@ -3057,7 +3049,7 @@ public class PublisherAdminServlet extends AdminServlet {
             String key = (String) keys.nextElement();
             String value = saveParams.getValue(key);
 
-            if (value != null) 
+            if (value != null)
                 rstore.put(key, value);
         }
     }
@@ -3078,7 +3070,7 @@ public class PublisherAdminServlet extends AdminServlet {
     public void log(int level, String msg) {
         if (mLogger == null)
             return;
-        mLogger.log(ILogger.EV_SYSTEM, 
-            ILogger.S_LDAP, level, "PublishingAdminServlet: " + msg);
+        mLogger.log(ILogger.EV_SYSTEM,
+                ILogger.S_LDAP, level, "PublishingAdminServlet: " + msg);
     }
 }
diff --git a/pki/base/common/src/com/netscape/cms/servlet/admin/RAAdminServlet.java b/pki/base/common/src/com/netscape/cms/servlet/admin/RAAdminServlet.java
index 35bbb91a..ddea62d6 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/admin/RAAdminServlet.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/admin/RAAdminServlet.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.servlet.admin;
 
-
 import java.io.IOException;
 import java.util.Enumeration;
 
@@ -36,13 +35,11 @@ import com.netscape.certsrv.common.ScopeDef;
 import com.netscape.certsrv.ra.IRegistrationAuthority;
 import com.netscape.certsrv.request.IRequestListener;
 
-
 /**
- * A class representings an administration servlet for Registration
- * Authority. This servlet is responsible to serve RA
- * administrative operations such as configuration parameter
- * updates.
- *
+ * A class representings an administration servlet for Registration Authority.
+ * This servlet is responsible to serve RA administrative operations such as
+ * configuration parameter updates.
+ * 
  * @version $Revision$, $Date$
  */
 public class RAAdminServlet extends AdminServlet {
@@ -53,15 +50,17 @@ public class RAAdminServlet extends AdminServlet {
 
     protected static final String PROP_ENABLED = "enabled";
 
-    /*==========================================================
-     * variables
-     *==========================================================*/
+    /*
+     * ========================================================== variables
+     * ==========================================================
+     */
     private final static String INFO = "RAAdminServlet";
     private IRegistrationAuthority mRA = null;
 
-    /*==========================================================
-     * constructors
-     *==========================================================*/
+    /*
+     * ========================================================== constructors
+     * ==========================================================
+     */
 
     /**
      * Constructs RA servlet.
@@ -70,9 +69,10 @@ public class RAAdminServlet extends AdminServlet {
         super();
     }
 
-    /*==========================================================
-     * public methods
-     *==========================================================*/
+    /*
+     * ========================================================== public methods
+     * ==========================================================
+     */
 
     /**
      * Initializes this servlet.
@@ -90,35 +90,35 @@ public class RAAdminServlet extends AdminServlet {
     }
 
     /**
-     * Serves HTTP request. Each request is authenticated to
-     * the authenticate manager.
+     * Serves HTTP request. Each request is authenticated to the authenticate
+     * manager.
      */
     public void service(HttpServletRequest req, HttpServletResponse resp)
-        throws ServletException, IOException {
+            throws ServletException, IOException {
         super.service(req, resp);
 
-        //get all operational flags
+        // get all operational flags
         String op = req.getParameter(Constants.OP_TYPE);
         String scope = req.getParameter(Constants.OP_SCOPE);
 
-        //check operational flags
+        // check operational flags
         if ((op == null) || (scope == null)) {
             sendResponse(1, "Invalid Protocol", null, resp);
             return;
         }
 
-        //authenticate the user
+        // authenticate the user
         super.authenticate(req);
 
-        //perform services
+        // perform services
         try {
             AUTHZ_RES_NAME = "certServer.ra.configuration";
             if (op.equals(OpDef.OP_READ)) {
                 mOp = "read";
                 if ((mToken = super.authorize(req)) == null) {
                     sendResponse(ERROR,
-                        CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
-                        null, resp);
+                            CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
+                            null, resp);
                     return;
                 }
                 if (scope.equals(ScopeDef.SC_GENERAL)) {
@@ -144,8 +144,8 @@ public class RAAdminServlet extends AdminServlet {
                 mOp = "modify";
                 if ((mToken = super.authorize(req)) == null) {
                     sendResponse(ERROR,
-                        CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
-                        null, resp);
+                            CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
+                            null, resp);
                     return;
                 }
                 if (scope.equals(ScopeDef.SC_GENERAL)) {
@@ -157,7 +157,7 @@ public class RAAdminServlet extends AdminServlet {
                 } else if (scope.equals(ScopeDef.SC_NOTIFICATION_REQ_COMP)) {
                     setNotificationReqCompConfig(req, resp);
                     return;
-                }else if (scope.equals(ScopeDef.SC_NOTIFICATION_REV_COMP)) {
+                } else if (scope.equals(ScopeDef.SC_NOTIFICATION_REV_COMP)) {
                     setNotificationRevCompConfig(req, resp);
                     return;
                 } else if (scope.equals(ScopeDef.SC_NOTIFICATION_RIQ)) {
@@ -169,22 +169,23 @@ public class RAAdminServlet extends AdminServlet {
                 }
             }
         } catch (Exception e) {
-            //System.out.println("XXX >>>" + e.toString() + "<<<");
+            // System.out.println("XXX >>>" + e.toString() + "<<<");
             sendResponse(1, "Unknown operation", null, resp);
         }
 
         return;
     }
 
-    /*==========================================================
-     * private methods
-     *==========================================================*/
-    
+    /*
+     * ========================================================== private
+     * methods==========================================================
+     */
+
     /*
      * handle getting completion (cert issued) notification config info
      */
     private void getNotificationCompConfig(HttpServletRequest req,
-        HttpServletResponse resp, IConfigStore rc) throws ServletException,
+            HttpServletResponse resp, IConfigStore rc) throws ServletException,
             IOException, EBaseException {
         NameValuePairs params = new NameValuePairs();
         Enumeration e = req.getParameterNames();
@@ -203,19 +204,19 @@ public class RAAdminServlet extends AdminServlet {
             params.add(name, rc.getString(name, ""));
         }
 
-        params.add(Constants.PR_ENABLE, 
-            rc.getString(PROP_ENABLED, Constants.FALSE));
-        //System.out.println("Send: "+params.toString());
+        params.add(Constants.PR_ENABLE,
+                rc.getString(PROP_ENABLED, Constants.FALSE));
+        // System.out.println("Send: "+params.toString());
         sendResponse(SUCCESS, null, params, resp);
     }
 
     private void getNotificationReqCompConfig(HttpServletRequest req,
-        HttpServletResponse resp) throws ServletException,
+            HttpServletResponse resp) throws ServletException,
             IOException, EBaseException {
 
         IConfigStore config = mRA.getConfigStore();
         IConfigStore nc =
-            config.getSubStore(IRegistrationAuthority.PROP_NOTIFY_SUBSTORE);
+                config.getSubStore(IRegistrationAuthority.PROP_NOTIFY_SUBSTORE);
 
         IConfigStore rc = nc.getSubStore(IRegistrationAuthority.PROP_CERT_ISSUED_SUBSTORE);
 
@@ -224,12 +225,12 @@ public class RAAdminServlet extends AdminServlet {
     }
 
     private void getNotificationRevCompConfig(HttpServletRequest req,
-        HttpServletResponse resp) throws ServletException,
+            HttpServletResponse resp) throws ServletException,
             IOException, EBaseException {
 
         IConfigStore config = mRA.getConfigStore();
         IConfigStore nc =
-            config.getSubStore(IRegistrationAuthority.PROP_NOTIFY_SUBSTORE);
+                config.getSubStore(IRegistrationAuthority.PROP_NOTIFY_SUBSTORE);
 
         IConfigStore rc = nc.getSubStore(IRegistrationAuthority.PROP_CERT_REVOKED_SUBSTORE);
 
@@ -241,14 +242,14 @@ public class RAAdminServlet extends AdminServlet {
      * handle getting request in queue notification config info
      */
     private void getNotificationRIQConfig(HttpServletRequest req,
-        HttpServletResponse resp) throws ServletException,
+            HttpServletResponse resp) throws ServletException,
             IOException, EBaseException {
 
         NameValuePairs params = new NameValuePairs();
 
         IConfigStore config = mRA.getConfigStore();
         IConfigStore nc =
-            config.getSubStore(IRegistrationAuthority.PROP_NOTIFY_SUBSTORE);
+                config.getSubStore(IRegistrationAuthority.PROP_NOTIFY_SUBSTORE);
 
         IConfigStore riq = nc.getSubStore(IRegistrationAuthority.PROP_REQ_IN_Q_SUBSTORE);
 
@@ -268,9 +269,9 @@ public class RAAdminServlet extends AdminServlet {
             params.add(name, riq.getString(name, ""));
         }
 
-        params.add(Constants.PR_ENABLE, 
-            riq.getString(PROP_ENABLED, Constants.FALSE));
-        //System.out.println("Send: "+params.toString());
+        params.add(Constants.PR_ENABLE,
+                riq.getString(PROP_ENABLED, Constants.FALSE));
+        // System.out.println("Send: "+params.toString());
         sendResponse(SUCCESS, null, params, resp);
     }
 
@@ -278,15 +279,15 @@ public class RAAdminServlet extends AdminServlet {
      * handle setting request in queue notification config info
      */
     private void setNotificationRIQConfig(HttpServletRequest req,
-        HttpServletResponse resp) throws ServletException,
+            HttpServletResponse resp) throws ServletException,
             IOException, EBaseException {
         IConfigStore config = mRA.getConfigStore();
         IConfigStore nc =
-            config.getSubStore(IRegistrationAuthority.PROP_NOTIFY_SUBSTORE);
+                config.getSubStore(IRegistrationAuthority.PROP_NOTIFY_SUBSTORE);
 
         IConfigStore riq = nc.getSubStore(IRegistrationAuthority.PROP_REQ_IN_Q_SUBSTORE);
 
-        //set rest of the parameters
+        // set rest of the parameters
         Enumeration e = req.getParameterNames();
 
         while (e.hasMoreElements()) {
@@ -321,9 +322,9 @@ public class RAAdminServlet extends AdminServlet {
      * handle setting request complete notification config info
      */
     private void setNotificationCompConfig(HttpServletRequest req,
-        HttpServletResponse resp, IConfigStore rc, IRequestListener thisListener) throws ServletException,
+            HttpServletResponse resp, IConfigStore rc, IRequestListener thisListener) throws ServletException,
             IOException, EBaseException {
-        //set rest of the parameters
+        // set rest of the parameters
         Enumeration e = req.getParameterNames();
 
         while (e.hasMoreElements()) {
@@ -355,24 +356,24 @@ public class RAAdminServlet extends AdminServlet {
     }
 
     private void setNotificationReqCompConfig(HttpServletRequest req,
-        HttpServletResponse resp) throws ServletException,
+            HttpServletResponse resp) throws ServletException,
             IOException, EBaseException {
         IConfigStore config = mRA.getConfigStore();
         IConfigStore nc =
-            config.getSubStore(IRegistrationAuthority.PROP_NOTIFY_SUBSTORE);
+                config.getSubStore(IRegistrationAuthority.PROP_NOTIFY_SUBSTORE);
 
         IConfigStore rc = nc.getSubStore(IRegistrationAuthority.PROP_CERT_ISSUED_SUBSTORE);
 
         setNotificationCompConfig(req, resp, rc, mRA.getCertIssuedListener());
- 
+
     }
 
     private void setNotificationRevCompConfig(HttpServletRequest req,
-        HttpServletResponse resp) throws ServletException,
+            HttpServletResponse resp) throws ServletException,
             IOException, EBaseException {
         IConfigStore config = mRA.getConfigStore();
         IConfigStore nc =
-            config.getSubStore(IRegistrationAuthority.PROP_NOTIFY_SUBSTORE);
+                config.getSubStore(IRegistrationAuthority.PROP_NOTIFY_SUBSTORE);
 
         IConfigStore rc = nc.getSubStore(IRegistrationAuthority.PROP_CERT_REVOKED_SUBSTORE);
 
@@ -380,7 +381,7 @@ public class RAAdminServlet extends AdminServlet {
     }
 
     private void getConnectorConfig(HttpServletRequest req,
-        HttpServletResponse resp) throws ServletException,
+            HttpServletResponse resp) throws ServletException,
             IOException, EBaseException {
         IConfigStore raConfig = mRA.getConfigStore();
         IConfigStore connectorConfig = raConfig.getSubStore("connector");
@@ -395,15 +396,10 @@ public class RAAdminServlet extends AdminServlet {
         }
 
         /*
-         Enumeration enum = req.getParameterNames();
-         NameValuePairs params = new NameValuePairs();
-         while (enum.hasMoreElements()) {
-         String key = (String)enum.nextElement();
-         if (key.equals("RS_ID")) {
-         String val = req.getParameter(key);
-         if (val.equals("CA Connector"))
-         }
-         }
+         * Enumeration enum = req.getParameterNames(); NameValuePairs params =
+         * new NameValuePairs(); while (enum.hasMoreElements()) { String key =
+         * (String)enum.nextElement(); if (key.equals("RS_ID")) { String val =
+         * req.getParameter(key); if (val.equals("CA Connector")) } }
          */
 
         Enumeration enum1 = req.getParameterNames();
@@ -427,13 +423,13 @@ public class RAAdminServlet extends AdminServlet {
     }
 
     private void setConnectorConfig(HttpServletRequest req,
-        HttpServletResponse resp) throws ServletException,
+            HttpServletResponse resp) throws ServletException,
             IOException, EBaseException {
 
         IConfigStore raConfig = mRA.getConfigStore();
         IConfigStore connectorConfig = raConfig.getSubStore("connector");
         IConfigStore caConnectorConfig = null;
- //       String nickname = raConfig.getString("certNickname", "");
+        // String nickname = raConfig.getString("certNickname", "");
 
         if (isCAConnector(req)) {
             caConnectorConfig = connectorConfig.getSubStore("CA");
@@ -455,12 +451,10 @@ public class RAAdminServlet extends AdminServlet {
                     continue;
                 if (name.equals(Constants.OP_SCOPE))
                     continue;
-/*
-                if (name.equals("nickName")) {
-                    caConnectorConfig.putString(name, nickname);
-                    continue;
-                }
-*/
+                /*
+                 * if (name.equals("nickName")) {
+                 * caConnectorConfig.putString(name, nickname); continue; }
+                 */
                 caConnectorConfig.putString(name, req.getParameter(name));
             }
         }
@@ -526,50 +520,41 @@ public class RAAdminServlet extends AdminServlet {
         return false;
     }
 
-    //reading the RA general information
+    // reading the RA general information
     private void readGeneralConfig(HttpServletRequest req,
-        HttpServletResponse resp) throws ServletException,
+            HttpServletResponse resp) throws ServletException,
             IOException, EBaseException {
 
         NameValuePairs params = new NameValuePairs();
 
         /*
-         ISubsystem eeGateway =
-         SubsystemRegistry.getInstance().get("eeGateway");
-         String value = "false";
-         if (eeGateway != null) {
-         IConfigStore eeConfig = eeGateway.getConfigStore();
-         if (eeConfig != null)
-         value = eeConfig.getString("enabled", "true");
-         }
-         params.add(Constants.PR_EE_ENABLED, value);
+         * ISubsystem eeGateway =
+         * SubsystemRegistry.getInstance().get("eeGateway"); String value =
+         * "false"; if (eeGateway != null) { IConfigStore eeConfig =
+         * eeGateway.getConfigStore(); if (eeConfig != null) value =
+         * eeConfig.getString("enabled", "true"); }
+         * params.add(Constants.PR_EE_ENABLED, value);
          */
-  
+
         sendResponse(SUCCESS, null, params, resp);
     }
 
-    //mdify RA General Information
+    // mdify RA General Information
     private void modifyGeneralConfig(HttpServletRequest req,
-        HttpServletResponse resp) throws ServletException,
+            HttpServletResponse resp) throws ServletException,
             IOException, EBaseException {
 
         /*
-         ISubsystem eeGateway =
-         SubsystemRegistry.getInstance().get("eeGateway");
-         IConfigStore eeConfig = null;
-         if (eeGateway != null)
-         eeConfig = eeGateway.getConfigStore();
-
-         Enumeration enum = req.getParameterNames();
-         while (enum.hasMoreElements()) {
-         String key = (String)enum.nextElement();
-         if (key.equals(Constants.PR_EE_ENABLED)) {
-         if (eeConfig != null) 
-         eeConfig.putString("enabled",
-         req.getParameter(Constants.PR_EE_ENABLED));
-         } 
-         }
-
+         * ISubsystem eeGateway =
+         * SubsystemRegistry.getInstance().get("eeGateway"); IConfigStore
+         * eeConfig = null; if (eeGateway != null) eeConfig =
+         * eeGateway.getConfigStore();
+         * 
+         * Enumeration enum = req.getParameterNames(); while
+         * (enum.hasMoreElements()) { String key = (String)enum.nextElement();
+         * if (key.equals(Constants.PR_EE_ENABLED)) { if (eeConfig != null)
+         * eeConfig.putString("enabled",
+         * req.getParameter(Constants.PR_EE_ENABLED)); } }
          */
         sendResponse(RESTART, null, null, resp);
         commit(true);
diff --git a/pki/base/common/src/com/netscape/cms/servlet/admin/RegistryAdminServlet.java b/pki/base/common/src/com/netscape/cms/servlet/admin/RegistryAdminServlet.java
index 7605eb2e..36cc7100 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/admin/RegistryAdminServlet.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/admin/RegistryAdminServlet.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.servlet.admin;
 
-
 import java.io.IOException;
 import java.util.Enumeration;
 
@@ -41,7 +40,7 @@ import com.netscape.certsrv.registry.IPluginRegistry;
 
 /**
  * This implements the administration servlet for registry subsystem.
- *
+ * 
  * @version $Revision$, $Date$
  */
 public class RegistryAdminServlet extends AdminServlet {
@@ -53,8 +52,8 @@ public class RegistryAdminServlet extends AdminServlet {
     public final static String PROP_AUTHORITY = "authority";
 
     private final static String INFO = "RegistryAdminServlet";
-    private final static String PW_PASSWORD_CACHE_ADD = 
-        "PASSWORD_CACHE_ADD";
+    private final static String PW_PASSWORD_CACHE_ADD =
+            "PASSWORD_CACHE_ADD";
 
     public final static String PROP_PREDICATE = "predicate";
     private IAuthority mAuthority = null;
@@ -104,8 +103,8 @@ public class RegistryAdminServlet extends AdminServlet {
      * Serves HTTP admin request.
      */
     public void service(HttpServletRequest req,
-        HttpServletResponse resp)
-        throws ServletException, IOException {
+            HttpServletResponse resp)
+            throws ServletException, IOException {
         super.service(req, resp);
 
         super.authenticate(req);
@@ -113,7 +112,7 @@ public class RegistryAdminServlet extends AdminServlet {
         AUTHZ_RES_NAME = "certServer.registry.configuration";
         String scope = req.getParameter(Constants.OP_SCOPE);
         String op = req.getParameter(Constants.OP_TYPE);
-    
+
         if (scope.equals(ScopeDef.SC_SUPPORTED_CONSTRAINTPOLICIES)) {
             if (op.equals(OpDef.OP_READ))
                 if (!readAuthorize(req, resp))
@@ -124,25 +123,25 @@ public class RegistryAdminServlet extends AdminServlet {
         }
     }
 
-    private boolean readAuthorize(HttpServletRequest req, 
-        HttpServletResponse resp) throws IOException {
+    private boolean readAuthorize(HttpServletRequest req,
+            HttpServletResponse resp) throws IOException {
         mOp = "read";
         if ((mToken = super.authorize(req)) == null) {
             sendResponse(ERROR,
-                CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
-                null, resp);
+                    CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
+                    null, resp);
             return false;
         }
         return true;
     }
 
-    private boolean modifyAuthorize(HttpServletRequest req, 
-        HttpServletResponse resp) throws IOException {
+    private boolean modifyAuthorize(HttpServletRequest req,
+            HttpServletResponse resp) throws IOException {
         mOp = "modify";
         if ((mToken = super.authorize(req)) == null) {
             sendResponse(ERROR,
-                CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
-                null, resp);
+                    CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
+                    null, resp);
             return false;
         }
         return true;
@@ -152,8 +151,8 @@ public class RegistryAdminServlet extends AdminServlet {
      * Process Policy Implementation Management.
      */
     public void processImplMgmt(HttpServletRequest req,
-        HttpServletResponse resp)
-        throws ServletException, IOException {
+            HttpServletResponse resp)
+            throws ServletException, IOException {
         // Get operation type
         String op = req.getParameter(Constants.OP_TYPE);
         String scope = req.getParameter(Constants.OP_SCOPE);
@@ -176,16 +175,16 @@ public class RegistryAdminServlet extends AdminServlet {
             addImpl(req, resp);
         } else
             sendResponse(ERROR, INVALID_POLICY_IMPL_OP,
-                null, resp);
+                    null, resp);
     }
 
     public void addImpl(HttpServletRequest req,
-        HttpServletResponse resp)
-        throws ServletException, IOException {
+            HttpServletResponse resp)
+            throws ServletException, IOException {
 
         // Get the policy impl id.
         String id = req.getParameter(Constants.RS_ID);
-        String scope = req.getParameter(Constants.OP_SCOPE); 
+        String scope = req.getParameter(Constants.OP_SCOPE);
         String classPath = req.getParameter(Constants.PR_POLICY_CLASS);
         String desc = req.getParameter(Constants.PR_POLICY_DESC);
 
@@ -198,17 +197,17 @@ public class RegistryAdminServlet extends AdminServlet {
 
         IPluginInfo info = mRegistry.createPluginInfo(id, desc, classPath);
         try {
-          mRegistry.addPluginInfo(scope, id, info);
+            mRegistry.addPluginInfo(scope, id, info);
         } catch (Exception e) {
-          CMS.debug(e.toString());
+            CMS.debug(e.toString());
         }
 
         sendResponse(SUCCESS, null, nvp, resp);
     }
 
     public void deleteImpl(HttpServletRequest req,
-        HttpServletResponse resp)
-        throws ServletException, IOException {
+            HttpServletResponse resp)
+            throws ServletException, IOException {
 
         // Get the policy impl id.
         String id = req.getParameter(Constants.RS_ID);
@@ -225,13 +224,13 @@ public class RegistryAdminServlet extends AdminServlet {
             sendResponse(ERROR, MISSING_POLICY_IMPL_ID, null, resp);
             return;
         }
-       
+
         NameValuePairs nvp = new NameValuePairs();
 
         try {
-          mRegistry.removePluginInfo(scope, id);
+            mRegistry.removePluginInfo(scope, id);
         } catch (Exception e) {
-          CMS.debug(e.toString());
+            CMS.debug(e.toString());
         }
 
         sendResponse(SUCCESS, null, nvp, resp);
@@ -241,26 +240,26 @@ public class RegistryAdminServlet extends AdminServlet {
      * Lists all registered profile impementations
      */
     public void listImpls(HttpServletRequest req,
-        HttpServletResponse resp)
-        throws ServletException, IOException {
+            HttpServletResponse resp)
+            throws ServletException, IOException {
 
         String scope = req.getParameter(Constants.OP_SCOPE);
         Enumeration<String> impls = mRegistry.getIds(scope);
         NameValuePairs nvp = new NameValuePairs();
 
         while (impls.hasMoreElements()) {
-            String id =  impls.nextElement();
+            String id = impls.nextElement();
             IPluginInfo info = mRegistry.getPluginInfo(scope, id);
 
-            nvp.add(id, info.getClassName() + "," + 
-                info.getDescription(getLocale(req)) + "," + info.getName(getLocale(req)));
-        } 
+            nvp.add(id, info.getClassName() + "," +
+                    info.getDescription(getLocale(req)) + "," + info.getName(getLocale(req)));
+        }
 
         sendResponse(SUCCESS, null, nvp, resp);
     }
 
-    public void getSupportedConstraintPolicies(HttpServletRequest req, 
-        HttpServletResponse resp) throws ServletException, IOException {
+    public void getSupportedConstraintPolicies(HttpServletRequest req,
+            HttpServletResponse resp) throws ServletException, IOException {
         String id = req.getParameter(Constants.RS_ID);
 
         if (id == null) {
@@ -273,7 +272,7 @@ public class RegistryAdminServlet extends AdminServlet {
             IPluginInfo info = mRegistry.getPluginInfo("defaultPolicy", id);
             String className = info.getClassName();
             IPolicyDefault policyDefaultClass = (IPolicyDefault)
-                Class.forName(className).newInstance();
+                    Class.forName(className).newInstance();
 
             if (policyDefaultClass != null) {
                 Enumeration<String> impls = mRegistry.getIds("constraintPolicy");
@@ -283,14 +282,14 @@ public class RegistryAdminServlet extends AdminServlet {
                     IPluginInfo constraintInfo = mRegistry.getPluginInfo(
                             "constraintPolicy", constraintID);
                     IPolicyConstraint policyConstraintClass = (IPolicyConstraint)
-                        Class.forName(constraintInfo.getClassName()).newInstance();
+                            Class.forName(constraintInfo.getClassName()).newInstance();
 
                     CMS.debug("RegistryAdminServlet: getSUpportedConstraint " + constraintInfo.getClassName());
 
                     if (policyConstraintClass.isApplicable(policyDefaultClass)) {
                         CMS.debug("RegistryAdminServlet: getSUpportedConstraint isApplicable " + constraintInfo.getClassName());
                         nvp.add(constraintID, constraintInfo.getClassName() + "," +
-                            constraintInfo.getDescription(getLocale(req)) + "," + constraintInfo.getName(getLocale(req)));
+                                constraintInfo.getDescription(getLocale(req)) + "," + constraintInfo.getName(getLocale(req)));
                     }
                 }
             }
@@ -302,8 +301,8 @@ public class RegistryAdminServlet extends AdminServlet {
     }
 
     public void getProfileImplConfig(HttpServletRequest req,
-        HttpServletResponse resp)
-        throws ServletException, IOException {
+            HttpServletResponse resp)
+            throws ServletException, IOException {
 
         // Get the policy impl id.
         String id = req.getParameter(Constants.RS_ID);
@@ -320,7 +319,7 @@ public class RegistryAdminServlet extends AdminServlet {
             sendResponse(ERROR, MISSING_POLICY_IMPL_ID, null, resp);
             return;
         }
-       
+
         NameValuePairs nvp = new NameValuePairs();
 
         String className = info.getClassName();
@@ -337,19 +336,19 @@ public class RegistryAdminServlet extends AdminServlet {
             if (names != null) {
                 while (names.hasMoreElements()) {
                     String name = names.nextElement();
-                        CMS.debug("RegistryAdminServlet: getProfileImpl descriptor " + name);
+                    CMS.debug("RegistryAdminServlet: getProfileImpl descriptor " + name);
                     IDescriptor desc = template.getConfigDescriptor(getLocale(req), name);
 
                     if (desc != null) {
-                      try {
-                        String value = getNonNull(desc.getSyntax()) + ";" + getNonNull(desc.getConstraint()) + ";" + desc.getDescription(getLocale(req)) + ";" + getNonNull(desc.getDefaultValue());
-
-                        CMS.debug("RegistryAdminServlet: getProfileImpl " + value);
-                        nvp.add(name, value);
-                      } catch (Exception e) {
-                  
-                        CMS.debug("RegistryAdminServlet: getProfileImpl skipped descriptor for " + name);
-                      }
+                        try {
+                            String value = getNonNull(desc.getSyntax()) + ";" + getNonNull(desc.getConstraint()) + ";" + desc.getDescription(getLocale(req)) + ";" + getNonNull(desc.getDefaultValue());
+
+                            CMS.debug("RegistryAdminServlet: getProfileImpl " + value);
+                            nvp.add(name, value);
+                        } catch (Exception e) {
+
+                            CMS.debug("RegistryAdminServlet: getProfileImpl skipped descriptor for " + name);
+                        }
                     } else {
                         CMS.debug("RegistryAdminServlet: getProfileImpl cannot find descriptor for " + name);
                     }
diff --git a/pki/base/common/src/com/netscape/cms/servlet/admin/UsrGrpAdminServlet.java b/pki/base/common/src/com/netscape/cms/servlet/admin/UsrGrpAdminServlet.java
index fe8d1826..4074ba9f 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/admin/UsrGrpAdminServlet.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/admin/UsrGrpAdminServlet.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.servlet.admin;
 
-
 import java.io.IOException;
 import java.security.cert.CertificateException;
 import java.security.cert.CertificateExpiredException;
@@ -58,16 +57,14 @@ import com.netscape.certsrv.usrgrp.IUGSubsystem;
 import com.netscape.certsrv.usrgrp.IUser;
 import com.netscape.cmsutil.util.Cert;
 
-
 /**
- * A class representing an administration servlet for 
- * User/Group Manager. It communicates with client
- * SDK to allow remote administration of User/Group
+ * A class representing an administration servlet for User/Group Manager. It
+ * communicates with client SDK to allow remote administration of User/Group
  * manager.
- *
- * This servlet will be registered to remote 
- * administration subsystem by usrgrp manager.
- *
+ * 
+ * This servlet will be registered to remote administration subsystem by usrgrp
+ * manager.
+ * 
  * @version $Revision$, $Date$
  */
 public class UsrGrpAdminServlet extends AdminServlet {
@@ -83,22 +80,21 @@ public class UsrGrpAdminServlet extends AdminServlet {
     private final static String RES_OCSP_GROUP = "certServer.ocsp.group";
     private final static String RES_TKS_GROUP = "certServer.tks.group";
     private final static String SYSTEM_USER = "$System$";
-    //	private final static String RES_GROUP = "root.common.goldfish";
+    // private final static String RES_GROUP = "root.common.goldfish";
 
     private final static String BACK_SLASH = "\\";
 
     private final static String LOGGING_SIGNED_AUDIT_CONFIG_ROLE =
-        "LOGGING_SIGNED_AUDIT_CONFIG_ROLE_3";
+            "LOGGING_SIGNED_AUDIT_CONFIG_ROLE_3";
 
     private IUGSubsystem mMgr = null;
 
     private IAuthzSubsystem mAuthz = null;
 
-    private static String [] mMultiRoleGroupEnforceList = null;
-    private final static String MULTI_ROLE_ENABLE= "multiroles.enable";
+    private static String[] mMultiRoleGroupEnforceList = null;
+    private final static String MULTI_ROLE_ENABLE = "multiroles.enable";
     private final static String MULTI_ROLE_ENFORCE_GROUP_LIST = "multiroles.false.groupEnforceList";
 
-
     /**
      * Constructs User/Group manager servlet.
      */
@@ -126,7 +122,7 @@ public class UsrGrpAdminServlet extends AdminServlet {
      * Serves incoming User/Group management request.
      */
     public void service(HttpServletRequest req, HttpServletResponse resp)
-        throws ServletException, IOException {
+            throws ServletException, IOException {
         super.service(req, resp);
 
         String scope = super.getParameter(req, Constants.OP_SCOPE);
@@ -134,9 +130,9 @@ public class UsrGrpAdminServlet extends AdminServlet {
 
         if (op == null) {
             log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_INVALID_PROTOCOL"));
-            sendResponse(ERROR, 
-                CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_PROTOCOL"),
-                null, resp);
+            sendResponse(ERROR,
+                    CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_PROTOCOL"),
+                    null, resp);
             return;
         }
 
@@ -148,63 +144,57 @@ public class UsrGrpAdminServlet extends AdminServlet {
             log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_FAIL_AUTHS"));
 
             sendResponse(ERROR, CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHS_FAILED"),
-                null, resp);
+                    null, resp);
             return;
         }
 
         // authorization
         // temporary test before servlets are exposed with authtoken
         /*
-         SessionContext sc = SessionContext.getContext();
-         AuthToken authToken = (AuthToken) sc.get(SessionContext.AUTH_TOKEN);
-
-         AuthzToken authzTok = null;
-         CMS.debug("UserGrpAdminServlet: " + CMS.getLogMessage("ADMIN_SRVLT_CHECK_AUTHZ_SUB"));
-         // hardcoded for now .. just testing
-         try {
-         authzTok = mAuthz.authorize("DirAclAuthz", authToken, RES_GROUP, "read");
-         } catch (EBaseException e) {
-         log(ILogger.LL_FAILURE,  CMS.getLogMessage("ADMIN_SRVLT_AUTH_CALL_FAIL",e.toString()));
-         }
-         if (AuthzToken.AUTHZ_STATUS_FAIL.equals(authzTok.get(AuthzToken.TOKEN_AUTHZ_STATUS))) {
-         // audit would have been needed here if this weren't just a test...
-
-         log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_FAIL_AUTHS"));
-
-         sendResponse(ERROR, 
-         MessageFormatter.getLocalizedString(
-         getLocale(req),
-         AdminResources.class.getName(),
-         AdminResources.SRVLT_FAIL_AUTHS), 
-         null, resp);
-         return;
-         }
+         * SessionContext sc = SessionContext.getContext(); AuthToken authToken
+         * = (AuthToken) sc.get(SessionContext.AUTH_TOKEN);
+         * 
+         * AuthzToken authzTok = null; CMS.debug("UserGrpAdminServlet: " +
+         * CMS.getLogMessage("ADMIN_SRVLT_CHECK_AUTHZ_SUB")); // hardcoded for
+         * now .. just testing try { authzTok = mAuthz.authorize("DirAclAuthz",
+         * authToken, RES_GROUP, "read"); } catch (EBaseException e) {
+         * log(ILogger.LL_FAILURE,
+         * CMS.getLogMessage("ADMIN_SRVLT_AUTH_CALL_FAIL",e.toString())); } if
+         * (AuthzToken
+         * .AUTHZ_STATUS_FAIL.equals(authzTok.get(AuthzToken.TOKEN_AUTHZ_STATUS
+         * ))) { // audit would have been needed here if this weren't just a
+         * test...
+         * 
+         * log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_FAIL_AUTHS"));
+         * 
+         * sendResponse(ERROR, MessageFormatter.getLocalizedString(
+         * getLocale(req), AdminResources.class.getName(),
+         * AdminResources.SRVLT_FAIL_AUTHS), null, resp); return; }
          */
 
-
         try {
             ISubsystem subsystem = CMS.getSubsystem("ca");
-            if (subsystem != null) 
+            if (subsystem != null)
                 AUTHZ_RES_NAME = RES_CA_GROUP;
             subsystem = CMS.getSubsystem("ra");
-            if (subsystem != null) 
+            if (subsystem != null)
                 AUTHZ_RES_NAME = RES_RA_GROUP;
             subsystem = CMS.getSubsystem("kra");
-            if (subsystem != null) 
+            if (subsystem != null)
                 AUTHZ_RES_NAME = RES_KRA_GROUP;
             subsystem = CMS.getSubsystem("ocsp");
-            if (subsystem != null) 
+            if (subsystem != null)
                 AUTHZ_RES_NAME = RES_OCSP_GROUP;
             subsystem = CMS.getSubsystem("tks");
-            if (subsystem != null) 
+            if (subsystem != null)
                 AUTHZ_RES_NAME = RES_TKS_GROUP;
             if (scope != null) {
                 if (scope.equals(ScopeDef.SC_USER_TYPE)) {
                     mOp = "read";
                     if ((mToken = super.authorize(req)) == null) {
                         sendResponse(ERROR,
-                            CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
-                            null, resp);
+                                CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
+                                null, resp);
                         return;
                     }
 
@@ -216,8 +206,8 @@ public class UsrGrpAdminServlet extends AdminServlet {
                     mOp = "read";
                     if ((mToken = super.authorize(req)) == null) {
                         sendResponse(ERROR,
-                            CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
-                            null, resp);
+                                CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
+                                null, resp);
                         return;
                     }
                     if (scope.equals(ScopeDef.SC_GROUPS)) {
@@ -234,8 +224,8 @@ public class UsrGrpAdminServlet extends AdminServlet {
                     mOp = "modify";
                     if ((mToken = super.authorize(req)) == null) {
                         sendResponse(ERROR,
-                            CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
-                            null, resp);
+                                CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
+                                null, resp);
                         return;
                     }
                     if (scope.equals(ScopeDef.SC_GROUPS)) {
@@ -252,8 +242,8 @@ public class UsrGrpAdminServlet extends AdminServlet {
                     mOp = "modify";
                     if ((mToken = super.authorize(req)) == null) {
                         sendResponse(ERROR,
-                            CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
-                            null, resp);
+                                CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
+                                null, resp);
                         return;
                     }
                     if (scope.equals(ScopeDef.SC_GROUPS)) {
@@ -270,8 +260,8 @@ public class UsrGrpAdminServlet extends AdminServlet {
                     mOp = "modify";
                     if ((mToken = super.authorize(req)) == null) {
                         sendResponse(ERROR,
-                            CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
-                            null, resp);
+                                CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
+                                null, resp);
                         return;
                     }
                     if (scope.equals(ScopeDef.SC_GROUPS)) {
@@ -285,8 +275,8 @@ public class UsrGrpAdminServlet extends AdminServlet {
                     mOp = "read";
                     if ((mToken = super.authorize(req)) == null) {
                         sendResponse(ERROR,
-                            CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
-                            null, resp);
+                                CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_AUTHZ_FAILED"),
+                                null, resp);
                         return;
                     }
                     if (scope.equals(ScopeDef.SC_GROUPS)) {
@@ -296,11 +286,11 @@ public class UsrGrpAdminServlet extends AdminServlet {
                         findUsers(req, resp);
                         return;
                     } else {
-                        log(ILogger.LL_FAILURE, 
-                            CMS.getLogMessage("ADMIN_SRVLT_INVALID_OP_SCOPE"));
+                        log(ILogger.LL_FAILURE,
+                                CMS.getLogMessage("ADMIN_SRVLT_INVALID_OP_SCOPE"));
                         sendResponse(ERROR,
-                            CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"),
-                            null, resp);
+                                CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_INVALID_OP_SCOPE"),
+                                null, resp);
                         return;
                     }
                 }
@@ -308,21 +298,21 @@ public class UsrGrpAdminServlet extends AdminServlet {
         } catch (EBaseException e) {
             log(ILogger.LL_FAILURE, e.toString());
             sendResponse(ERROR, e.toString(getLocale(req)),
-                null, resp);
+                    null, resp);
             return;
         } catch (Exception e) {
             log(ILogger.LL_FAILURE, e.toString());
             log(ILogger.LL_FAILURE, CMS.getLogMessage(" ADMIN_SRVLT_FAIL_PERFORM"));
             sendResponse(ERROR,
-                CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_PERFORM_FAILED"),
-                null, resp);
+                    CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_PERFORM_FAILED"),
+                    null, resp);
             return;
         }
     }
 
     private void getUserType(HttpServletRequest req,
-        HttpServletResponse resp) throws ServletException,
-            IOException, EBaseException { 
+            HttpServletResponse resp) throws ServletException,
+            IOException, EBaseException {
 
         String id = super.getParameter(req, Constants.RS_ID);
         IUser user = mMgr.getUser(id);
@@ -337,14 +327,14 @@ public class UsrGrpAdminServlet extends AdminServlet {
     }
 
     /**
-     * Searches for users in LDAP directory.  List uids only
-     *
+     * Searches for users in LDAP directory. List uids only
+     * 
      * Request/Response Syntax:
-     *   http://warp.mcom.com/server/certificate/columbo/design/
-     *        ui/admin-protocol-definition.html#user-admin
+     * http://warp.mcom.com/server/certificate/columbo/design/
+     * ui/admin-protocol-definition.html#user-admin
      */
-    private synchronized void findUsers(HttpServletRequest req, 
-        HttpServletResponse resp) throws ServletException, 
+    private synchronized void findUsers(HttpServletRequest req,
+            HttpServletResponse resp) throws ServletException,
             IOException, EBaseException {
 
         NameValuePairs params = new NameValuePairs();
@@ -355,7 +345,7 @@ public class UsrGrpAdminServlet extends AdminServlet {
             e = mMgr.listUsers("*");
         } catch (Exception ex) {
             sendResponse(ERROR,
-                CMS.getUserMessage(getLocale(req), "CMS_INTERNAL_ERROR"), null, resp);
+                    CMS.getUserMessage(getLocale(req), "CMS_INTERNAL_ERROR"), null, resp);
             return;
         }
 
@@ -383,27 +373,26 @@ public class UsrGrpAdminServlet extends AdminServlet {
     }
 
     /**
-     * List user information. Certificates covered in a separate
-     *	 protocol for findUserCerts().  List of group memberships are
-     *	 also provided.
-     *
+     * List user information. Certificates covered in a separate protocol for
+     * findUserCerts(). List of group memberships are also provided.
+     * 
      * Request/Response Syntax:
-     *   http://warp.mcom.com/server/certificate/columbo/design/
-     *        ui/admin-protocol-definition.html#user-admin
+     * http://warp.mcom.com/server/certificate/columbo/design/
+     * ui/admin-protocol-definition.html#user-admin
      */
-    private synchronized void findUser(HttpServletRequest req, 
-        HttpServletResponse resp) throws ServletException, 
+    private synchronized void findUser(HttpServletRequest req,
+            HttpServletResponse resp) throws ServletException,
             IOException, EBaseException {
 
-        //get id first
+        // get id first
         String id = super.getParameter(req, Constants.RS_ID);
 
         if (id == null) {
             log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_NULL_RS_ID"));
 
             sendResponse(ERROR,
-                CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
-                null, resp);
+                    CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
+                    null, resp);
             return;
         }
 
@@ -416,7 +405,7 @@ public class UsrGrpAdminServlet extends AdminServlet {
         } catch (Exception e) {
             e.printStackTrace();
             sendResponse(ERROR,
-                CMS.getUserMessage(getLocale(req), "CMS_INTERNAL_ERROR"), null, resp);
+                    CMS.getUserMessage(getLocale(req), "CMS_INTERNAL_ERROR"), null, resp);
             return;
         }
 
@@ -427,7 +416,7 @@ public class UsrGrpAdminServlet extends AdminServlet {
             params.add(Constants.PR_USER_STATE, user.getState());
 
             // get list of groups, and get a list of those that this
-            //			uid belongs to
+            // uid belongs to
             Enumeration e = null;
 
             try {
@@ -435,7 +424,7 @@ public class UsrGrpAdminServlet extends AdminServlet {
             } catch (Exception ex) {
                 ex.printStackTrace();
                 sendResponse(ERROR,
-                    CMS.getUserMessage(getLocale(req), "CMS_INTERNAL_ERROR"), null, resp);
+                        CMS.getUserMessage(getLocale(req), "CMS_INTERNAL_ERROR"), null, resp);
                 return;
             }
 
@@ -445,7 +434,7 @@ public class UsrGrpAdminServlet extends AdminServlet {
                 IGroup group = (IGroup) e.nextElement();
 
                 if (group.isMember(id) == true) {
-                    if (grpString.length()!=0) {
+                    if (grpString.length() != 0) {
                         grpString.append(",");
                     }
                     grpString.append(group.getGroupID());
@@ -461,31 +450,31 @@ public class UsrGrpAdminServlet extends AdminServlet {
         log(ILogger.LL_FAILURE, CMS.getLogMessage("USRGRP_SRVLT_USER_NOT_EXIST"));
 
         sendResponse(ERROR,
-            CMS.getUserMessage(getLocale(req), "CMS_USRGRP_SRVLT_USER_NOT_EXIST"), null, resp);
+                CMS.getUserMessage(getLocale(req), "CMS_USRGRP_SRVLT_USER_NOT_EXIST"), null, resp);
         return;
     }
 
     /**
      * List user certificate(s)
-     *
+     * 
      * Request/Response Syntax:
-     *   http://warp.mcom.com/server/certificate/columbo/design/
-     *        ui/admin-protocol-definition.html#user-admin
+     * http://warp.mcom.com/server/certificate/columbo/design/
+     * ui/admin-protocol-definition.html#user-admin
      */
-    private synchronized void findUserCerts(HttpServletRequest req, 
-        HttpServletResponse resp, Locale clientLocale)
-        throws ServletException, 
+    private synchronized void findUserCerts(HttpServletRequest req,
+            HttpServletResponse resp, Locale clientLocale)
+            throws ServletException,
             IOException, EBaseException {
 
-        //get id first
+        // get id first
         String id = super.getParameter(req, Constants.RS_ID);
 
         if (id == null) {
             log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_NULL_RS_ID"));
 
             sendResponse(ERROR,
-                CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
-                null, resp);
+                    CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
+                    null, resp);
             return;
         }
 
@@ -498,7 +487,7 @@ public class UsrGrpAdminServlet extends AdminServlet {
         } catch (Exception e) {
             e.printStackTrace();
             sendResponse(ERROR,
-                CMS.getUserMessage(getLocale(req), "CMS_USRGRP_SRVLT_USER_NOT_EXIST"), null, resp);
+                    CMS.getUserMessage(getLocale(req), "CMS_USRGRP_SRVLT_USER_NOT_EXIST"), null, resp);
             return;
         }
 
@@ -506,23 +495,23 @@ public class UsrGrpAdminServlet extends AdminServlet {
             log(ILogger.LL_FAILURE, CMS.getLogMessage("USRGRP_SRVLT_USER_NOT_EXIST"));
 
             sendResponse(ERROR,
-                CMS.getUserMessage(getLocale(req), "CMS_USRGRP_SRVLT_USER_NOT_EXIST"), null, resp);
+                    CMS.getUserMessage(getLocale(req), "CMS_USRGRP_SRVLT_USER_NOT_EXIST"), null, resp);
             return;
         }
 
         X509Certificate[] certs =
-            (X509Certificate[]) user.getX509Certificates();
+                (X509Certificate[]) user.getX509Certificates();
 
         if (certs != null) {
             for (int i = 0; i < certs.length; i++) {
                 ICertPrettyPrint print = CMS.getCertPrettyPrint(certs[i]);
 
-		// add base64 encoding
-		String base64 = CMS.getEncodedCert(certs[i]);	
-		
+                // add base64 encoding
+                String base64 = CMS.getEncodedCert(certs[i]);
+
                 // pretty print certs
                 params.add(getCertificateString(certs[i]),
-                    print.toString(clientLocale) + "\n" + base64);
+                        print.toString(clientLocale) + "\n" + base64);
             }
             sendResponse(SUCCESS, null, params, resp);
             return;
@@ -542,18 +531,18 @@ public class UsrGrpAdminServlet extends AdminServlet {
 
         // note that it did not represent a certificate fully
         return cert.getVersion() + ";" + cert.getSerialNumber().toString() +
-            ";" + cert.getIssuerDN() + ";" + cert.getSubjectDN();
+                ";" + cert.getIssuerDN() + ";" + cert.getSubjectDN();
     }
 
     /**
      * Searchess for groups in LDAP server
-     *
+     * 
      * Request/Response Syntax:
-     *   http://warp.mcom.com/server/certificate/columbo/design/
-     *        ui/admin-protocol-definition.html#group
+     * http://warp.mcom.com/server/certificate/columbo/design/
+     * ui/admin-protocol-definition.html#group
      */
-    private synchronized void findGroups(HttpServletRequest req, 
-        HttpServletResponse resp) throws ServletException, 
+    private synchronized void findGroups(HttpServletRequest req,
+            HttpServletResponse resp) throws ServletException,
             IOException, EBaseException {
         NameValuePairs params = new NameValuePairs();
 
@@ -582,25 +571,24 @@ public class UsrGrpAdminServlet extends AdminServlet {
     }
 
     /**
-     * finds a group
-     * Request/Response Syntax:
-     *   http://warp.mcom.com/server/certificate/columbo/design/
-     *        ui/admin-protocol-definition.html#user-admin
+     * finds a group Request/Response Syntax:
+     * http://warp.mcom.com/server/certificate/columbo/design/
+     * ui/admin-protocol-definition.html#user-admin
      */
-    private synchronized void findGroup(HttpServletRequest req, 
-        HttpServletResponse resp) throws ServletException, 
+    private synchronized void findGroup(HttpServletRequest req,
+            HttpServletResponse resp) throws ServletException,
             IOException, EBaseException {
         NameValuePairs params = new NameValuePairs();
 
-        //get id first
+        // get id first
         String id = super.getParameter(req, Constants.RS_ID);
 
         if (id == null) {
             log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_NULL_RS_ID"));
 
             sendResponse(ERROR,
-                CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
-                null, resp);
+                    CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
+                    null, resp);
             return;
         }
 
@@ -619,14 +607,14 @@ public class UsrGrpAdminServlet extends AdminServlet {
 
             params.add(Constants.PR_GROUP_GROUP, group.getGroupID());
             params.add(Constants.PR_GROUP_DESC,
-                group.getDescription());
+                    group.getDescription());
 
             Enumeration members = group.getMemberNames();
             StringBuffer membersString = new StringBuffer();
 
             if (members != null) {
                 while (members.hasMoreElements()) {
-                    if (membersString.length()!=0) {
+                    if (membersString.length() != 0) {
                         membersString.append(", ");
                     }
 
@@ -644,7 +632,7 @@ public class UsrGrpAdminServlet extends AdminServlet {
             log(ILogger.LL_FAILURE, CMS.getLogMessage("USRGRP_SRVLT_GROUP_NOT_EXIST"));
 
             sendResponse(ERROR,
-                CMS.getUserMessage(getLocale(req), "CMS_USRGRP_SRVLT_GROUP_NOT_EXIST"), null, resp);
+                    CMS.getUserMessage(getLocale(req), "CMS_USRGRP_SRVLT_GROUP_NOT_EXIST"), null, resp);
             return;
 
         }
@@ -653,24 +641,25 @@ public class UsrGrpAdminServlet extends AdminServlet {
     /**
      * Adds a new user to LDAP server
      * <P>
-     *
+     * 
      * Request/Response Syntax:
-     *   http://warp.mcom.com/server/certificate/columbo/design/
-     *        ui/admin-protocol-definition.html#user-admin
+     * http://warp.mcom.com/server/certificate/columbo/design/
+     * ui/admin-protocol-definition.html#user-admin
      * <P>
-     *
+     * 
      * <ul>
      * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_ROLE used when configuring
      * role information (anything under users/groups)
      * </ul>
+     * 
      * @param req HTTP servlet request
      * @param resp HTTP servlet response
      * @exception ServletException a servlet error has occurred
      * @exception IOException an input/output error has occurred
      * @exception EBaseException an error has occurred
      */
-    private synchronized void addUser(HttpServletRequest req, 
-        HttpServletResponse resp) throws ServletException, 
+    private synchronized void addUser(HttpServletRequest req,
+            HttpServletResponse resp) throws ServletException,
             IOException, EBaseException {
 
         String auditMessage = null;
@@ -694,8 +683,8 @@ public class UsrGrpAdminServlet extends AdminServlet {
                 audit(auditMessage);
 
                 sendResponse(ERROR,
-                    CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
-                    null, resp);
+                        CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
+                        null, resp);
                 return;
             }
 
@@ -713,8 +702,8 @@ public class UsrGrpAdminServlet extends AdminServlet {
                 audit(auditMessage);
 
                 sendResponse(ERROR,
-                    CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_RS_ID_BS"),
-                    null, resp);
+                        CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_RS_ID_BS"),
+                        null, resp);
                 return;
             }
 
@@ -732,8 +721,8 @@ public class UsrGrpAdminServlet extends AdminServlet {
                 audit(auditMessage);
 
                 sendResponse(ERROR,
-                    CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_SPECIAL_ID", id),
-                    null, resp);
+                        CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_SPECIAL_ID", id),
+                        null, resp);
                 return;
             }
 
@@ -756,7 +745,7 @@ public class UsrGrpAdminServlet extends AdminServlet {
 
                 sendResponse(ERROR, msg, null, resp);
                 return;
-            } else 
+            } else
                 user.setFullName(fname);
 
             String email = super.getParameter(req, Constants.PR_USER_EMAIL);
@@ -783,7 +772,7 @@ public class UsrGrpAdminServlet extends AdminServlet {
 
                     throw new EUsrGrpException(passwdCheck.getReason(pword));
 
-                    //UsrGrpResources.BAD_PASSWD);
+                    // UsrGrpResources.BAD_PASSWD);
                 }
 
                 user.setPassword(pword);
@@ -835,10 +824,10 @@ public class UsrGrpAdminServlet extends AdminServlet {
                         audit(auditMessage);
 
                         sendResponse(ERROR,
-                            CMS.getUserMessage(getLocale(req), "CMS_USRGRP_USER_ADD_FAILED"), null, resp);
+                                CMS.getUserMessage(getLocale(req), "CMS_USRGRP_USER_ADD_FAILED"), null, resp);
                         return;
                     }
-				
+
                     if (e.hasMoreElements()) {
                         IGroup group = (IGroup) e.nextElement();
 
@@ -858,18 +847,18 @@ public class UsrGrpAdminServlet extends AdminServlet {
                             audit(auditMessage);
 
                             sendResponse(ERROR,
-                                CMS.getUserMessage(getLocale(req), "CMS_USRGRP_USER_ADD_FAILED"), null, resp);
+                                    CMS.getUserMessage(getLocale(req), "CMS_USRGRP_USER_ADD_FAILED"), null, resp);
                             return;
                         }
                     }
                     // for audit log
                     SessionContext sContext = SessionContext.getContext();
                     String adminId = (String) sContext.get(SessionContext.USER_ID);
-				
+
                     mLogger.log(ILogger.EV_AUDIT, ILogger.S_USRGRP,
-                        AuditFormat.LEVEL, AuditFormat.ADDUSERGROUPFORMAT,
-                        new Object[] {adminId, id, groupName}
-                    );
+                            AuditFormat.LEVEL, AuditFormat.ADDUSERGROUPFORMAT,
+                            new Object[] { adminId, id, groupName }
+                            );
                 }
 
                 NameValuePairs params = new NameValuePairs();
@@ -899,10 +888,10 @@ public class UsrGrpAdminServlet extends AdminServlet {
 
                 if (user.getUserID() == null) {
                     sendResponse(ERROR,
-                        CMS.getUserMessage(getLocale(req), "CMS_USRGRP_USER_ADD_FAILED_1", "uid"), null, resp);
+                            CMS.getUserMessage(getLocale(req), "CMS_USRGRP_USER_ADD_FAILED_1", "uid"), null, resp);
                 } else {
                     sendResponse(ERROR,
-                        CMS.getUserMessage(getLocale(req), "CMS_USRGRP_USER_ADD_FAILED"), null, resp);
+                            CMS.getUserMessage(getLocale(req), "CMS_USRGRP_USER_ADD_FAILED"), null, resp);
                 }
                 return;
             } catch (LDAPException e) {
@@ -920,7 +909,7 @@ public class UsrGrpAdminServlet extends AdminServlet {
                 audit(auditMessage);
 
                 sendResponse(ERROR,
-                    CMS.getUserMessage(getLocale(req), "CMS_USRGRP_USER_ADD_FAILED"), null, resp);
+                        CMS.getUserMessage(getLocale(req), "CMS_USRGRP_USER_ADD_FAILED"), null, resp);
                 return;
             } catch (Exception e) {
                 log(ILogger.LL_FAILURE, e.toString());
@@ -935,7 +924,7 @@ public class UsrGrpAdminServlet extends AdminServlet {
                 audit(auditMessage);
 
                 sendResponse(ERROR,
-                    CMS.getUserMessage(getLocale(req), "CMS_USRGRP_USER_ADD_FAILED"), null, resp);
+                        CMS.getUserMessage(getLocale(req), "CMS_USRGRP_USER_ADD_FAILED"), null, resp);
                 return;
             }
         } catch (EBaseException eAudit1) {
@@ -963,41 +952,42 @@ public class UsrGrpAdminServlet extends AdminServlet {
             // rethrow the specific exception to be handled later
             throw eAudit2;
             // } catch( ServletException eAudit3 ) {
-            //     // store a message in the signed audit log file
-            //     auditMessage = CMS.getLogMessage(
-            //                        LOGGING_SIGNED_AUDIT_CONFIG_ROLE,
-            //                        auditSubjectID,
-            //                        ILogger.FAILURE,
-            //                        auditParams( req ) );
+            // // store a message in the signed audit log file
+            // auditMessage = CMS.getLogMessage(
+            // LOGGING_SIGNED_AUDIT_CONFIG_ROLE,
+            // auditSubjectID,
+            // ILogger.FAILURE,
+            // auditParams( req ) );
             //
-            //     audit( auditMessage );
+            // audit( auditMessage );
             //
-            //     // rethrow the specific exception to be handled later
-            //     throw eAudit3;
+            // // rethrow the specific exception to be handled later
+            // throw eAudit3;
         }
     }
 
     /**
      * Adds a certificate to a user
      * <P>
-     *
+     * 
      * Request/Response Syntax:
-     *   http://warp.mcom.com/server/certificate/columbo/design/
-     *        ui/admin-protocol-definition.html#user-admin
+     * http://warp.mcom.com/server/certificate/columbo/design/
+     * ui/admin-protocol-definition.html#user-admin
      * <P>
-     *
+     * 
      * <ul>
      * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_ROLE used when configuring
      * role information (anything under users/groups)
      * </ul>
+     * 
      * @param req HTTP servlet request
      * @param resp HTTP servlet response
      * @exception ServletException a servlet error has occurred
      * @exception IOException an input/output error has occurred
      * @exception EBaseException an error has occurred
      */
-    private synchronized void addUserCert(HttpServletRequest req, 
-        HttpServletResponse resp) throws ServletException, 
+    private synchronized void addUserCert(HttpServletRequest req,
+            HttpServletResponse resp) throws ServletException,
             IOException, EBaseException {
 
         String auditMessage = null;
@@ -1021,8 +1011,8 @@ public class UsrGrpAdminServlet extends AdminServlet {
                 audit(auditMessage);
 
                 sendResponse(ERROR,
-                    CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
-                    null, resp);
+                        CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
+                        null, resp);
                 return;
             }
 
@@ -1068,7 +1058,7 @@ public class UsrGrpAdminServlet extends AdminServlet {
 
                 try {
                     CryptoManager manager = CryptoManager.getInstance();
-			
+
                     PKCS7 pkcs7 = new PKCS7(p7Cert);
 
                     X509Certificate p7certs[] = pkcs7.getCertificates();
@@ -1084,7 +1074,7 @@ public class UsrGrpAdminServlet extends AdminServlet {
                         audit(auditMessage);
 
                         sendResponse(ERROR,
-                            CMS.getUserMessage(getLocale(req), "CMS_USRGRP_SRVLT_CERT_ERROR"), null, resp);
+                                CMS.getUserMessage(getLocale(req), "CMS_USRGRP_SRVLT_CERT_ERROR"), null, resp);
                         return;
                     }
                     // fix for 370099 - cert ordering can not be assumed
@@ -1095,7 +1085,7 @@ public class UsrGrpAdminServlet extends AdminServlet {
                     // the ordering
                     if (p7certs[0].getSubjectDN().toString().equals(
                             p7certs[0].getIssuerDN().toString()) &&
-                        (p7certs.length == 1)) {
+                            (p7certs.length == 1)) {
                         certs[0] = p7certs[0];
                         CMS.debug("UsrGrpAdminServlet: " + CMS.getLogMessage("ADMIN_SRVLT_SINGLE_CERT_IMPORT"));
                     } else if (p7certs[0].getIssuerDN().toString().equals(p7certs[1].getSubjectDN().toString())) {
@@ -1119,7 +1109,7 @@ public class UsrGrpAdminServlet extends AdminServlet {
                         audit(auditMessage);
 
                         sendResponse(ERROR,
-                            CMS.getUserMessage(getLocale(req), "CMS_USRGRP_SRVLT_CERT_ERROR"), null, resp);
+                                CMS.getUserMessage(getLocale(req), "CMS_USRGRP_SRVLT_CERT_ERROR"), null, resp);
                         return;
                     }
 
@@ -1140,8 +1130,8 @@ public class UsrGrpAdminServlet extends AdminServlet {
                     for (j = jBegin; j < jEnd; j++) {
                         CMS.debug("UsrGrpAdminServlet: " + CMS.getLogMessage("ADMIN_SRVLT_CERT_IN_CHAIN", String.valueOf(j), String.valueOf(p7certs[j].getSubjectDN())));
                         org.mozilla.jss.crypto.X509Certificate leafCert =
-                            null;
-				
+                                null;
+
                         leafCert =
                                 manager.importCACertPackage(p7certs[j].getEncoded());
 
@@ -1152,10 +1142,10 @@ public class UsrGrpAdminServlet extends AdminServlet {
                         }
 
                         if (leafCert instanceof InternalCertificate) {
-                            ((InternalCertificate) leafCert).setSSLTrust(	
-                                InternalCertificate.VALID_CA |
-                                InternalCertificate.TRUSTED_CA |
-                                InternalCertificate.TRUSTED_CLIENT_CA);
+                            ((InternalCertificate) leafCert).setSSLTrust(
+                                    InternalCertificate.VALID_CA |
+                                            InternalCertificate.TRUSTED_CA |
+                                            InternalCertificate.TRUSTED_CLIENT_CA);
                         } else {
                             log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_NOT_INTERNAL_CERT",
                                     String.valueOf(p7certs[j].getSubjectDN())));
@@ -1163,13 +1153,15 @@ public class UsrGrpAdminServlet extends AdminServlet {
                     }
 
                     /*
-                     } catch (CryptoManager.UserCertConflictException ex) {
-                     // got a "user cert" in the chain, most likely the CA
-                    // cert of this instance, which has a private key.  Ignore
-                    log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_PKS7_IGNORED", ex.toString()));
-                    */
+                     * } catch (CryptoManager.UserCertConflictException ex) { //
+                     * got a "user cert" in the chain, most likely the CA //
+                     * cert of this instance, which has a private key. Ignore
+                     * log(ILogger.LL_FAILURE,
+                     * CMS.getLogMessage("ADMIN_SRVLT_PKS7_IGNORED",
+                     * ex.toString()));
+                     */
                 } catch (Exception ex) {
-                    //-----
+                    // -----
                     log(ILogger.LL_FAILURE, CMS.getLogMessage("USRGRP_SRVLT_CERT_ERROR", ex.toString()));
 
                     // store a message in the signed audit log file
@@ -1182,7 +1174,7 @@ public class UsrGrpAdminServlet extends AdminServlet {
                     audit(auditMessage);
 
                     sendResponse(ERROR,
-                        CMS.getUserMessage(getLocale(req), "CMS_USRGRP_SRVLT_CERT_ERROR"), null, resp);
+                            CMS.getUserMessage(getLocale(req), "CMS_USRGRP_SRVLT_CERT_ERROR"), null, resp);
                     return;
                 }
             } catch (Exception e) {
@@ -1198,7 +1190,7 @@ public class UsrGrpAdminServlet extends AdminServlet {
                 audit(auditMessage);
 
                 sendResponse(ERROR,
-                    CMS.getUserMessage(getLocale(req), "CMS_USRGRP_SRVLT_CERT_O_ERROR"), null, resp);
+                        CMS.getUserMessage(getLocale(req), "CMS_USRGRP_SRVLT_CERT_O_ERROR"), null, resp);
                 return;
             }
 
@@ -1236,10 +1228,10 @@ public class UsrGrpAdminServlet extends AdminServlet {
                 audit(auditMessage);
 
                 sendResponse(ERROR,
-                    CMS.getUserMessage(getLocale(req), "CMS_USRGRP_SRVLT_CERT_EXPIRED"), null, resp);
+                        CMS.getUserMessage(getLocale(req), "CMS_USRGRP_SRVLT_CERT_EXPIRED"), null, resp);
                 return;
             } catch (CertificateNotYetValidException e) {
-                log(ILogger.LL_FAILURE, CMS.getLogMessage("USRGRP_SRVLT_CERT_NOT_YET_VALID", 
+                log(ILogger.LL_FAILURE, CMS.getLogMessage("USRGRP_SRVLT_CERT_NOT_YET_VALID",
                         String.valueOf(certs[0].getSubjectDN())));
 
                 // store a message in the signed audit log file
@@ -1252,7 +1244,7 @@ public class UsrGrpAdminServlet extends AdminServlet {
                 audit(auditMessage);
 
                 sendResponse(ERROR,
-                    CMS.getUserMessage(getLocale(req), "CMS_USRGRP_SRVLT_CERT_NOT_YET_VALID"), null, resp);
+                        CMS.getUserMessage(getLocale(req), "CMS_USRGRP_SRVLT_CERT_NOT_YET_VALID"), null, resp);
                 return;
 
             } catch (LDAPException e) {
@@ -1265,13 +1257,12 @@ public class UsrGrpAdminServlet extends AdminServlet {
 
                 audit(auditMessage);
 
-                if (e.getLDAPResultCode() ==
-                    LDAPException.ATTRIBUTE_OR_VALUE_EXISTS) {
+                if (e.getLDAPResultCode() == LDAPException.ATTRIBUTE_OR_VALUE_EXISTS) {
                     sendResponse(ERROR,
-                        CMS.getUserMessage(getLocale(req), "CMS_USRGRP_SRVLT_USER_CERT_EXISTS"), null, resp);
+                            CMS.getUserMessage(getLocale(req), "CMS_USRGRP_SRVLT_USER_CERT_EXISTS"), null, resp);
                 } else {
                     sendResponse(ERROR,
-                        CMS.getUserMessage(getLocale(req), "CMS_USRGRP_USER_MOD_FAILED"), null, resp);
+                            CMS.getUserMessage(getLocale(req), "CMS_USRGRP_USER_MOD_FAILED"), null, resp);
                 }
                 return;
             } catch (Exception e) {
@@ -1287,21 +1278,21 @@ public class UsrGrpAdminServlet extends AdminServlet {
                 audit(auditMessage);
 
                 sendResponse(ERROR,
-                    CMS.getUserMessage(getLocale(req), "CMS_USRGRP_USER_MOD_FAILED"), null, resp);
+                        CMS.getUserMessage(getLocale(req), "CMS_USRGRP_USER_MOD_FAILED"), null, resp);
                 return;
             }
             // } catch( EBaseException eAudit1 ) {
-            //     // store a message in the signed audit log file
-            //     auditMessage = CMS.getLogMessage(
-            //                        LOGGING_SIGNED_AUDIT_CONFIG_ROLE,
-            //                        auditSubjectID,
-            //                        ILogger.FAILURE,
-            //                        auditParams( req ) );
+            // // store a message in the signed audit log file
+            // auditMessage = CMS.getLogMessage(
+            // LOGGING_SIGNED_AUDIT_CONFIG_ROLE,
+            // auditSubjectID,
+            // ILogger.FAILURE,
+            // auditParams( req ) );
             //
-            //     audit( auditMessage );
+            // audit( auditMessage );
             //
-            //     // rethrow the specific exception to be handled later
-            //     throw eAudit1;
+            // // rethrow the specific exception to be handled later
+            // throw eAudit1;
         } catch (IOException eAudit2) {
             // store a message in the signed audit log file
             auditMessage = CMS.getLogMessage(
@@ -1315,45 +1306,46 @@ public class UsrGrpAdminServlet extends AdminServlet {
             // rethrow the specific exception to be handled later
             throw eAudit2;
             // } catch( ServletException eAudit3 ) {
-            //     // store a message in the signed audit log file
-            //     auditMessage = CMS.getLogMessage(
-            //                        LOGGING_SIGNED_AUDIT_CONFIG_ROLE,
-            //                        auditSubjectID,
-            //                        ILogger.FAILURE,
-            //                        auditParams( req ) );
+            // // store a message in the signed audit log file
+            // auditMessage = CMS.getLogMessage(
+            // LOGGING_SIGNED_AUDIT_CONFIG_ROLE,
+            // auditSubjectID,
+            // ILogger.FAILURE,
+            // auditParams( req ) );
             //
-            //     audit( auditMessage );
+            // audit( auditMessage );
             //
-            //     // rethrow the specific exception to be handled later
-            //     throw eAudit3;
+            // // rethrow the specific exception to be handled later
+            // throw eAudit3;
         }
     }
 
     /**
      * Removes a certificate for a user
      * <P>
-     *
+     * 
      * Request/Response Syntax:
-     *   http://warp.mcom.com/server/certificate/columbo/design/
-     *        ui/admin-protocol-definition.html#user-admin
+     * http://warp.mcom.com/server/certificate/columbo/design/
+     * ui/admin-protocol-definition.html#user-admin
      * <P>
-     *
+     * 
      * In this method, "certDN" is actually a combination of version,
-     *	 serialNumber, issuerDN, and SubjectDN.
+     * serialNumber, issuerDN, and SubjectDN.
      * <P>
-     *
+     * 
      * <ul>
      * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_ROLE used when configuring
      * role information (anything under users/groups)
      * </ul>
+     * 
      * @param req HTTP servlet request
      * @param resp HTTP servlet response
      * @exception ServletException a servlet error has occurred
      * @exception IOException an input/output error has occurred
      * @exception EBaseException an error has occurred
      */
-    private synchronized void modifyUserCert(HttpServletRequest req, 
-        HttpServletResponse resp) throws ServletException, 
+    private synchronized void modifyUserCert(HttpServletRequest req,
+            HttpServletResponse resp) throws ServletException,
             IOException, EBaseException {
 
         String auditMessage = null;
@@ -1377,8 +1369,8 @@ public class UsrGrpAdminServlet extends AdminServlet {
                 audit(auditMessage);
 
                 sendResponse(ERROR,
-                    CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
-                    null, resp);
+                        CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
+                        null, resp);
                 return;
             }
 
@@ -1431,21 +1423,21 @@ public class UsrGrpAdminServlet extends AdminServlet {
                 audit(auditMessage);
 
                 sendResponse(ERROR,
-                    CMS.getUserMessage(getLocale(req), "CMS_USRGRP_USER_MOD_FAILED"), null, resp);
+                        CMS.getUserMessage(getLocale(req), "CMS_USRGRP_USER_MOD_FAILED"), null, resp);
                 return;
             }
             // } catch( EBaseException eAudit1 ) {
-            //     // store a message in the signed audit log file
-            //     auditMessage = CMS.getLogMessage(
-            //                        LOGGING_SIGNED_AUDIT_CONFIG_ROLE,
-            //                        auditSubjectID,
-            //                        ILogger.FAILURE,
-            //                        auditParams( req ) );
+            // // store a message in the signed audit log file
+            // auditMessage = CMS.getLogMessage(
+            // LOGGING_SIGNED_AUDIT_CONFIG_ROLE,
+            // auditSubjectID,
+            // ILogger.FAILURE,
+            // auditParams( req ) );
             //
-            //     audit( auditMessage );
+            // audit( auditMessage );
             //
-            //     // rethrow the specific exception to be handled later
-            //     throw eAudit1;
+            // // rethrow the specific exception to be handled later
+            // throw eAudit1;
         } catch (IOException eAudit2) {
             // store a message in the signed audit log file
             auditMessage = CMS.getLogMessage(
@@ -1459,44 +1451,44 @@ public class UsrGrpAdminServlet extends AdminServlet {
             // rethrow the specific exception to be handled later
             throw eAudit2;
             // } catch( ServletException eAudit3 ) {
-            //     // store a message in the signed audit log file
-            //     auditMessage = CMS.getLogMessage(
-            //                        LOGGING_SIGNED_AUDIT_CONFIG_ROLE,
-            //                        auditSubjectID,
-            //                        ILogger.FAILURE,
-            //                        auditParams( req ) );
+            // // store a message in the signed audit log file
+            // auditMessage = CMS.getLogMessage(
+            // LOGGING_SIGNED_AUDIT_CONFIG_ROLE,
+            // auditSubjectID,
+            // ILogger.FAILURE,
+            // auditParams( req ) );
             //
-            //     audit( auditMessage );
+            // audit( auditMessage );
             //
-            //     // rethrow the specific exception to be handled later
-            //     throw eAudit3;
+            // // rethrow the specific exception to be handled later
+            // throw eAudit3;
         }
     }
 
     /**
-     * removes a user.  user not removed if belongs to any group
-     *	 (Administrators should remove the user from "uniquemember" of
-     *	 any group he/she belongs to before trying to remove the user
-     *	 itself.
+     * removes a user. user not removed if belongs to any group (Administrators
+     * should remove the user from "uniquemember" of any group he/she belongs to
+     * before trying to remove the user itself.
      * <P>
-     *
+     * 
      * Request/Response Syntax:
-     *   http://warp.mcom.com/server/certificate/columbo/design/
-     *        ui/admin-protocol-definition.html#user-admin
+     * http://warp.mcom.com/server/certificate/columbo/design/
+     * ui/admin-protocol-definition.html#user-admin
      * <P>
-     *
+     * 
      * <ul>
      * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_ROLE used when configuring
      * role information (anything under users/groups)
      * </ul>
+     * 
      * @param req HTTP servlet request
      * @param resp HTTP servlet response
      * @exception ServletException a servlet error has occurred
      * @exception IOException an input/output error has occurred
      * @exception EBaseException an error has occurred
      */
-    private synchronized void removeUser(HttpServletRequest req, 
-        HttpServletResponse resp) throws ServletException, 
+    private synchronized void removeUser(HttpServletRequest req,
+            HttpServletResponse resp) throws ServletException,
             IOException, EBaseException {
 
         String auditMessage = null;
@@ -1505,7 +1497,7 @@ public class UsrGrpAdminServlet extends AdminServlet {
         // ensure that any low-level exceptions are reported
         // to the signed audit log and stored as failures
         try {
-            //get id first
+            // get id first
             String id = super.getParameter(req, Constants.RS_ID);
             boolean mustDelete = false;
             int index = 0;
@@ -1528,8 +1520,8 @@ public class UsrGrpAdminServlet extends AdminServlet {
                 audit(auditMessage);
 
                 sendResponse(ERROR,
-                    CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
-                    null, resp);
+                        CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
+                        null, resp);
                 return;
             }
             // get list of groups, and see if uid belongs to any
@@ -1570,8 +1562,8 @@ public class UsrGrpAdminServlet extends AdminServlet {
                         audit(auditMessage);
 
                         sendResponse(ERROR,
-                            CMS.getUserMessage(getLocale(req), "CMS_USRGRP_SRVLT_FAIL_USER_RMV_G"),
-                            null, resp);
+                                CMS.getUserMessage(getLocale(req), "CMS_USRGRP_SRVLT_FAIL_USER_RMV_G"),
+                                null, resp);
                         return;
                     }
                 }
@@ -1604,7 +1596,7 @@ public class UsrGrpAdminServlet extends AdminServlet {
                 audit(auditMessage);
 
                 sendResponse(ERROR,
-                    CMS.getUserMessage(getLocale(req), "CMS_USRGRP_SRVLT_FAIL_USER_RMV"), null, resp);
+                        CMS.getUserMessage(getLocale(req), "CMS_USRGRP_SRVLT_FAIL_USER_RMV"), null, resp);
                 return;
             }
         } catch (EBaseException eAudit1) {
@@ -1632,41 +1624,42 @@ public class UsrGrpAdminServlet extends AdminServlet {
             // rethrow the specific exception to be handled later
             throw eAudit2;
             // } catch( ServletException eAudit3 ) {
-            //     // store a message in the signed audit log file
-            //     auditMessage = CMS.getLogMessage(
-            //                        LOGGING_SIGNED_AUDIT_CONFIG_ROLE,
-            //                        auditSubjectID,
-            //                        ILogger.FAILURE,
-            //                        auditParams( req ) );
+            // // store a message in the signed audit log file
+            // auditMessage = CMS.getLogMessage(
+            // LOGGING_SIGNED_AUDIT_CONFIG_ROLE,
+            // auditSubjectID,
+            // ILogger.FAILURE,
+            // auditParams( req ) );
             //
-            //     audit( auditMessage );
+            // audit( auditMessage );
             //
-            //     // rethrow the specific exception to be handled later
-            //     throw eAudit3;
+            // // rethrow the specific exception to be handled later
+            // throw eAudit3;
         }
     }
 
     /**
      * Adds a new group in local scope.
      * <P>
-     *
+     * 
      * Request/Response Syntax:
-     *   http://warp.mcom.com/server/certificate/columbo/design/
-     *        ui/admin-protocol-definition.html#group
+     * http://warp.mcom.com/server/certificate/columbo/design/
+     * ui/admin-protocol-definition.html#group
      * <P>
-     *
+     * 
      * <ul>
      * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_ROLE used when configuring
      * role information (anything under users/groups)
      * </ul>
+     * 
      * @param req HTTP servlet request
      * @param resp HTTP servlet response
      * @exception ServletException a servlet error has occurred
      * @exception IOException an input/output error has occurred
      * @exception EBaseException an error has occurred
      */
-    private synchronized void addGroup(HttpServletRequest req, 
-        HttpServletResponse resp) throws ServletException, 
+    private synchronized void addGroup(HttpServletRequest req,
+            HttpServletResponse resp) throws ServletException,
             IOException, EBaseException {
 
         String auditMessage = null;
@@ -1675,7 +1668,7 @@ public class UsrGrpAdminServlet extends AdminServlet {
         // ensure that any low-level exceptions are reported
         // to the signed audit log and stored as failures
         try {
-            //get id first
+            // get id first
             String id = super.getParameter(req, Constants.RS_ID);
 
             if (id == null) {
@@ -1691,8 +1684,8 @@ public class UsrGrpAdminServlet extends AdminServlet {
                 audit(auditMessage);
 
                 sendResponse(ERROR,
-                    CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
-                    null, resp);
+                        CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
+                        null, resp);
                 return;
             }
 
@@ -1743,8 +1736,8 @@ public class UsrGrpAdminServlet extends AdminServlet {
                 audit(auditMessage);
 
                 sendResponse(ERROR,
-                    CMS.getUserMessage(getLocale(req), "CMS_USRGRP_GROUP_ADD_FAILED"),
-                    null, resp);
+                        CMS.getUserMessage(getLocale(req), "CMS_USRGRP_GROUP_ADD_FAILED"),
+                        null, resp);
                 return;
             }
         } catch (EBaseException eAudit1) {
@@ -1772,41 +1765,42 @@ public class UsrGrpAdminServlet extends AdminServlet {
             // rethrow the specific exception to be handled later
             throw eAudit2;
             // } catch( ServletException eAudit3 ) {
-            //     // store a message in the signed audit log file
-            //     auditMessage = CMS.getLogMessage(
-            //                        LOGGING_SIGNED_AUDIT_CONFIG_ROLE,
-            //                        auditSubjectID,
-            //                        ILogger.FAILURE,
-            //                        auditParams( req ) );
+            // // store a message in the signed audit log file
+            // auditMessage = CMS.getLogMessage(
+            // LOGGING_SIGNED_AUDIT_CONFIG_ROLE,
+            // auditSubjectID,
+            // ILogger.FAILURE,
+            // auditParams( req ) );
             //
-            //     audit( auditMessage );
+            // audit( auditMessage );
             //
-            //     // rethrow the specific exception to be handled later
-            //     throw eAudit3;
+            // // rethrow the specific exception to be handled later
+            // throw eAudit3;
         }
     }
 
     /**
      * removes a group
      * <P>
-     *
+     * 
      * Request/Response Syntax:
-     *   http://warp.mcom.com/server/certificate/columbo/design/
-     *        ui/admin-protocol-definition.html#group
+     * http://warp.mcom.com/server/certificate/columbo/design/
+     * ui/admin-protocol-definition.html#group
      * <P>
-     *
+     * 
      * <ul>
      * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_ROLE used when configuring
      * role information (anything under users/groups)
      * </ul>
+     * 
      * @param req HTTP servlet request
      * @param resp HTTP servlet response
      * @exception ServletException a servlet error has occurred
      * @exception IOException an input/output error has occurred
      * @exception EBaseException an error has occurred
      */
-    private synchronized void removeGroup(HttpServletRequest req, 
-        HttpServletResponse resp) throws ServletException, 
+    private synchronized void removeGroup(HttpServletRequest req,
+            HttpServletResponse resp) throws ServletException,
             IOException, EBaseException {
 
         String auditMessage = null;
@@ -1815,7 +1809,7 @@ public class UsrGrpAdminServlet extends AdminServlet {
         // ensure that any low-level exceptions are reported
         // to the signed audit log and stored as failures
         try {
-            //get id first
+            // get id first
             String id = super.getParameter(req, Constants.RS_ID);
 
             if (id == null) {
@@ -1831,8 +1825,8 @@ public class UsrGrpAdminServlet extends AdminServlet {
                 audit(auditMessage);
 
                 sendResponse(ERROR,
-                    CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
-                    null, resp);
+                        CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
+                        null, resp);
                 return;
             }
 
@@ -1875,44 +1869,45 @@ public class UsrGrpAdminServlet extends AdminServlet {
             // rethrow the specific exception to be handled later
             throw eAudit2;
             // } catch( ServletException eAudit3 ) {
-            //     // store a message in the signed audit log file
-            //     auditMessage = CMS.getLogMessage(
-            //                        LOGGING_SIGNED_AUDIT_CONFIG_ROLE,
-            //                        auditSubjectID,
-            //                        ILogger.FAILURE,
-            //                        auditParams( req ) );
+            // // store a message in the signed audit log file
+            // auditMessage = CMS.getLogMessage(
+            // LOGGING_SIGNED_AUDIT_CONFIG_ROLE,
+            // auditSubjectID,
+            // ILogger.FAILURE,
+            // auditParams( req ) );
             //
-            //     audit( auditMessage );
+            // audit( auditMessage );
             //
-            //     // rethrow the specific exception to be handled later
-            //     throw eAudit3;
+            // // rethrow the specific exception to be handled later
+            // throw eAudit3;
         }
     }
 
     /**
      * modifies a group
      * <P>
-     *
-     *  last person of the super power group "Certificate
-     *	 Server Administrators" can never be removed.
+     * 
+     * last person of the super power group "Certificate Server Administrators"
+     * can never be removed.
      * <P>
-     *
-     *   http://warp.mcom.com/server/certificate/columbo/design/
-     *        ui/admin-protocol-definition.html#group
+     * 
+     * http://warp.mcom.com/server/certificate/columbo/design/
+     * ui/admin-protocol-definition.html#group
      * <P>
-     *
+     * 
      * <ul>
      * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_ROLE used when configuring
      * role information (anything under users/groups)
      * </ul>
+     * 
      * @param req HTTP servlet request
      * @param resp HTTP servlet response
      * @exception ServletException a servlet error has occurred
      * @exception IOException an input/output error has occurred
      * @exception EBaseException an error has occurred
      */
-    private synchronized void modifyGroup(HttpServletRequest req, 
-        HttpServletResponse resp) throws ServletException, 
+    private synchronized void modifyGroup(HttpServletRequest req,
+            HttpServletResponse resp) throws ServletException,
             IOException, EBaseException {
 
         String auditMessage = null;
@@ -1921,7 +1916,7 @@ public class UsrGrpAdminServlet extends AdminServlet {
         // ensure that any low-level exceptions are reported
         // to the signed audit log and stored as failures
         try {
-            //get id first
+            // get id first
             String id = super.getParameter(req, Constants.RS_ID);
 
             if (id == null) {
@@ -1937,8 +1932,8 @@ public class UsrGrpAdminServlet extends AdminServlet {
                 audit(auditMessage);
 
                 sendResponse(ERROR,
-                    CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
-                    null, resp);
+                        CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
+                        null, resp);
                 return;
             }
 
@@ -1968,7 +1963,7 @@ public class UsrGrpAdminServlet extends AdminServlet {
                     if (multiRole) {
                         group.addMemberName(memberName);
                     } else {
-                        if( isGroupInMultiRoleEnforceList(groupName)) {
+                        if (isGroupInMultiRoleEnforceList(groupName)) {
                             if (!isDuplicate(groupName, memberName)) {
                                 group.addMemberName(memberName);
                             } else {
@@ -2019,8 +2014,8 @@ public class UsrGrpAdminServlet extends AdminServlet {
                 audit(auditMessage);
 
                 sendResponse(ERROR,
-                    CMS.getUserMessage(getLocale(req), "CMS_USRGRP_GROUP_MODIFY_FAILED"),
-                    null, resp);
+                        CMS.getUserMessage(getLocale(req), "CMS_USRGRP_GROUP_MODIFY_FAILED"),
+                        null, resp);
                 return;
             }
         } catch (EBaseException eAudit1) {
@@ -2048,50 +2043,49 @@ public class UsrGrpAdminServlet extends AdminServlet {
             // rethrow the specific exception to be handled later
             throw eAudit2;
             // } catch( ServletException eAudit3 ) {
-            //     // store a message in the signed audit log file
-            //     auditMessage = CMS.getLogMessage(
-            //                        LOGGING_SIGNED_AUDIT_CONFIG_ROLE,
-            //                        auditSubjectID,
-            //                        ILogger.FAILURE,
-            //                        auditParams( req ) );
+            // // store a message in the signed audit log file
+            // auditMessage = CMS.getLogMessage(
+            // LOGGING_SIGNED_AUDIT_CONFIG_ROLE,
+            // auditSubjectID,
+            // ILogger.FAILURE,
+            // auditParams( req ) );
             //
-            //     audit( auditMessage );
+            // audit( auditMessage );
             //
-            //     // rethrow the specific exception to be handled later
-            //     throw eAudit3;
+            // // rethrow the specific exception to be handled later
+            // throw eAudit3;
         }
     }
 
-    private boolean isGroupInMultiRoleEnforceList(String groupName)
-    {
+    private boolean isGroupInMultiRoleEnforceList(String groupName) {
         String groupList = null;
 
         if (groupName == null || groupName.equals("")) {
             return true;
         }
         if (mMultiRoleGroupEnforceList == null) {
-           try {
-               groupList = mConfig.getString(MULTI_ROLE_ENFORCE_GROUP_LIST); 
-           } catch (Exception e) {
-           }
-
-           if (groupList != null && !groupList.equals("")) {
-               mMultiRoleGroupEnforceList = groupList.split(",");
-               for (int j = 0 ; j < mMultiRoleGroupEnforceList.length; j++) {
-                   mMultiRoleGroupEnforceList[j] = mMultiRoleGroupEnforceList[j].trim();
-               }
-           }
-       }
-
-       if (mMultiRoleGroupEnforceList == null)
-           return true;
-
-       for (int i = 0; i < mMultiRoleGroupEnforceList.length; i++) {
-           if (groupName.equals(mMultiRoleGroupEnforceList[i])) {
-               return true;
-           }
-       }
-       return false;
+            try {
+                groupList = mConfig.getString(MULTI_ROLE_ENFORCE_GROUP_LIST);
+            } catch (Exception e) {
+            }
+
+            if (groupList != null && !groupList.equals("")) {
+                mMultiRoleGroupEnforceList = groupList.split(",");
+                for (int j = 0; j < mMultiRoleGroupEnforceList.length; j++) {
+                    mMultiRoleGroupEnforceList[j] = mMultiRoleGroupEnforceList[j].trim();
+                }
+            }
+        }
+
+        if (mMultiRoleGroupEnforceList == null)
+            return true;
+
+        for (int i = 0; i < mMultiRoleGroupEnforceList.length; i++) {
+            if (groupName.equals(mMultiRoleGroupEnforceList[i])) {
+                return true;
+            }
+        }
+        return false;
     }
 
     private boolean isDuplicate(String groupName, String memberName) {
@@ -2100,7 +2094,7 @@ public class UsrGrpAdminServlet extends AdminServlet {
         // Let's not mess with users that are already a member of this group
         boolean isMember = false;
         try {
-            isMember = mMgr.isMemberOf(memberName,groupName);
+            isMember = mMgr.isMemberOf(memberName, groupName);
         } catch (Exception e) {
         }
 
@@ -2134,24 +2128,25 @@ public class UsrGrpAdminServlet extends AdminServlet {
     /**
      * Modifies an existing user in local scope.
      * <P>
-     *
+     * 
      * Request/Response Syntax:
-     *   http://warp.mcom.com/server/certificate/columbo/design/
-     *        ui/admin-protocol-definition.html#user-admin
+     * http://warp.mcom.com/server/certificate/columbo/design/
+     * ui/admin-protocol-definition.html#user-admin
      * <P>
-     *
+     * 
      * <ul>
      * <li>signed.audit LOGGING_SIGNED_AUDIT_CONFIG_ROLE used when configuring
      * role information (anything under users/groups)
      * </ul>
+     * 
      * @param req HTTP servlet request
      * @param resp HTTP servlet response
      * @exception ServletException a servlet error has occurred
      * @exception IOException an input/output error has occurred
      * @exception EBaseException an error has occurred
      */
-    private synchronized void modifyUser(HttpServletRequest req, 
-        HttpServletResponse resp) throws ServletException, 
+    private synchronized void modifyUser(HttpServletRequest req,
+            HttpServletResponse resp) throws ServletException,
             IOException, EBaseException {
 
         String auditMessage = null;
@@ -2160,7 +2155,7 @@ public class UsrGrpAdminServlet extends AdminServlet {
         // ensure that any low-level exceptions are reported
         // to the signed audit log and stored as failures
         try {
-            //get id first
+            // get id first
             String id = super.getParameter(req, Constants.RS_ID);
 
             if (id == null) {
@@ -2176,8 +2171,8 @@ public class UsrGrpAdminServlet extends AdminServlet {
                 audit(auditMessage);
 
                 sendResponse(ERROR,
-                    CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
-                    null, resp);
+                        CMS.getUserMessage(getLocale(req), "CMS_ADMIN_SRVLT_NULL_RS_ID"),
+                        null, resp);
                 return;
             }
 
@@ -2186,7 +2181,7 @@ public class UsrGrpAdminServlet extends AdminServlet {
 
             if ((fname == null) || (fname.length() == 0)) {
                 String msg =
-                    CMS.getUserMessage(getLocale(req), "CMS_USRGRP_USER_MOD_FAILED", "full name");
+                        CMS.getUserMessage(getLocale(req), "CMS_USRGRP_USER_MOD_FAILED", "full name");
 
                 log(ILogger.LL_FAILURE, msg);
 
@@ -2226,7 +2221,7 @@ public class UsrGrpAdminServlet extends AdminServlet {
 
                     throw new EUsrGrpException(passwdCheck.getReason(pword));
 
-                    //UsrGrpResources.BAD_PASSWD);
+                    // UsrGrpResources.BAD_PASSWD);
                 }
 
                 user.setPassword(pword);
@@ -2270,7 +2265,7 @@ public class UsrGrpAdminServlet extends AdminServlet {
                 audit(auditMessage);
 
                 sendResponse(ERROR,
-                    CMS.getUserMessage(getLocale(req), "CMS_USRGRP_USER_MOD_FAILED"), null, resp);
+                        CMS.getUserMessage(getLocale(req), "CMS_USRGRP_USER_MOD_FAILED"), null, resp);
                 return;
             }
         } catch (EBaseException eAudit1) {
@@ -2298,17 +2293,17 @@ public class UsrGrpAdminServlet extends AdminServlet {
             // rethrow the specific exception to be handled later
             throw eAudit2;
             // } catch( ServletException eAudit3 ) {
-            //     // store a message in the signed audit log file
-            //     auditMessage = CMS.getLogMessage(
-            //                        LOGGING_SIGNED_AUDIT_CONFIG_ROLE,
-            //                        auditSubjectID,
-            //                        ILogger.FAILURE,
-            //                        auditParams( req ) );
+            // // store a message in the signed audit log file
+            // auditMessage = CMS.getLogMessage(
+            // LOGGING_SIGNED_AUDIT_CONFIG_ROLE,
+            // auditSubjectID,
+            // ILogger.FAILURE,
+            // auditParams( req ) );
             //
-            //     audit( auditMessage );
+            // audit( auditMessage );
             //
-            //     // rethrow the specific exception to be handled later
-            //     throw eAudit3;
+            // // rethrow the specific exception to be handled later
+            // throw eAudit3;
         }
     }
 
@@ -2316,6 +2311,6 @@ public class UsrGrpAdminServlet extends AdminServlet {
         if (mLogger == null)
             return;
         mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_USRGRP,
-            level, "UsrGrpAdminServlet: " + msg);
+                level, "UsrGrpAdminServlet: " + msg);
     }
 }
diff --git a/pki/base/common/src/com/netscape/cms/servlet/base/CMSServlet.java b/pki/base/common/src/com/netscape/cms/servlet/base/CMSServlet.java
index 696b091e..7df37706 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/base/CMSServlet.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/base/CMSServlet.java
@@ -99,10 +99,9 @@ import com.netscape.cms.servlet.common.ICMSTemplateFiller;
 import com.netscape.cms.servlet.common.Utils;
 import com.netscape.cmsutil.xml.XMLObject;
 
-
 /**
  * This is the base class of all CS servlet.
- *
+ * 
  * @version $Revision$, $Date$
  */
 public abstract class CMSServlet extends HttpServlet {
@@ -127,76 +126,55 @@ public abstract class CMSServlet extends HttpServlet {
     public final static String AUTHZ_CONFIG_STORE = "authz";
     public final static String AUTHZ_SRC_XML = "web.xml";
     public final static String PROP_AUTHZ_MGR = "AuthzMgr";
-    public final static String PROP_ACL = "ACLinfo";    
+    public final static String PROP_ACL = "ACLinfo";
     public final static String AUTHZ_MGR_BASIC = "BasicAclAuthz";
     public final static String AUTHZ_MGR_LDAP = "DirAclAuthz";
     private final static String FAILED = "1";
     private final static String HDR_LANG = "accept-language";
-	
-    // final error message - if error and exception templates don't work 
+
+    // final error message - if error and exception templates don't work
     // send out this text string directly to output.
 
     public final static String PROP_FINAL_ERROR_MSG = "finalErrorMsg";
     public final static String ERROR_MSG_TOKEN = "$ERROR_MSG";
-    public final static String FINAL_ERROR_MSG = 
-        "<HTML>\n" +
-        "<BODY BGCOLOR=white>\n" +
-        "<P>\n" +
-        "The Certificate System has encountered " +
-        "an unrecoverable error.\n" +
-        "<P>\n" +
-        "Error Message:<BR>\n" +
-        "<I>$ERROR_MSG</I>\n" +
-        "<P>\n" +
-        "Please contact your local administrator for assistance.\n" +
-        "</BODY>\n" +
-        "</HTML>\n";
+    public final static String FINAL_ERROR_MSG =
+            "<HTML>\n" +
+                    "<BODY BGCOLOR=white>\n" +
+                    "<P>\n" +
+                    "The Certificate System has encountered " +
+                    "an unrecoverable error.\n" +
+                    "<P>\n" +
+                    "Error Message:<BR>\n" +
+                    "<I>$ERROR_MSG</I>\n" +
+                    "<P>\n" +
+                    "Please contact your local administrator for assistance.\n" +
+                    "</BODY>\n" +
+                    "</HTML>\n";
 
     // properties from configuration.
 
-    protected final static String 
-        PROP_UNAUTHORIZED_TEMPLATE = "unauthorizedTemplate";
-    protected final static String 
-        UNAUTHORIZED_TEMPLATE = "/GenUnauthorized.template";
-    protected final static String 
-        PROP_SUCCESS_TEMPLATE = "successTemplate";
-    protected final static String 
-        SUCCESS_TEMPLATE = "/GenSuccess.template";
-    protected final static String 
-        PROP_PENDING_TEMPLATE = "pendingTemplate";
-    protected final static String 
-        PENDING_TEMPLATE = "/GenPending.template";
-    protected final static String 
-        PROP_SVC_PENDING_TEMPLATE = "svcpendingTemplate";
-    protected final static String 
-        SVC_PENDING_TEMPLATE = "/GenSvcPending.template";
-    protected final static String 
-        PROP_REJECTED_TEMPLATE = "rejectedTemplate";
-    protected final static String 
-        REJECTED_TEMPLATE = "/GenRejected.template";
-    protected final static String 
-        PROP_ERROR_TEMPLATE = "errorTemplate";
-    protected final static String 
-        ERROR_TEMPLATE = "/GenError.template";
-    protected final static String 
-        PROP_EXCEPTION_TEMPLATE = "unexpectedErrorTemplate"; 
-    protected final static String 
-        EXCEPTION_TEMPLATE = "/GenUnexpectedError.template";
-
-    private final static String 
-        PROP_UNAUTHOR_TEMPLATE_FILLER = "unauthorizedTemplateFiller"; 
-    protected final static String 
-        PROP_SUCCESS_TEMPLATE_FILLER = "successTemplateFiller"; 
-    private final static String 
-        PROP_ERROR_TEMPLATE_FILLER = "errorTemplateFiller"; 
-    private final static String 
-        PROP_PENDING_TEMPLATE_FILLER = "pendingTemplateFiller"; 
-    private final static String 
-        PROP_SVC_PENDING_TEMPLATE_FILLER = "svcpendingTemplateFiller"; 
-    private final static String 
-        PROP_REJECTED_TEMPLATE_FILLER = "rejectedTemplateFiller"; 
-    private final static String 
-        PROP_EXCEPTION_TEMPLATE_FILLER = "exceptionTemplateFiller"; 
+    protected final static String PROP_UNAUTHORIZED_TEMPLATE = "unauthorizedTemplate";
+    protected final static String UNAUTHORIZED_TEMPLATE = "/GenUnauthorized.template";
+    protected final static String PROP_SUCCESS_TEMPLATE = "successTemplate";
+    protected final static String SUCCESS_TEMPLATE = "/GenSuccess.template";
+    protected final static String PROP_PENDING_TEMPLATE = "pendingTemplate";
+    protected final static String PENDING_TEMPLATE = "/GenPending.template";
+    protected final static String PROP_SVC_PENDING_TEMPLATE = "svcpendingTemplate";
+    protected final static String SVC_PENDING_TEMPLATE = "/GenSvcPending.template";
+    protected final static String PROP_REJECTED_TEMPLATE = "rejectedTemplate";
+    protected final static String REJECTED_TEMPLATE = "/GenRejected.template";
+    protected final static String PROP_ERROR_TEMPLATE = "errorTemplate";
+    protected final static String ERROR_TEMPLATE = "/GenError.template";
+    protected final static String PROP_EXCEPTION_TEMPLATE = "unexpectedErrorTemplate";
+    protected final static String EXCEPTION_TEMPLATE = "/GenUnexpectedError.template";
+
+    private final static String PROP_UNAUTHOR_TEMPLATE_FILLER = "unauthorizedTemplateFiller";
+    protected final static String PROP_SUCCESS_TEMPLATE_FILLER = "successTemplateFiller";
+    private final static String PROP_ERROR_TEMPLATE_FILLER = "errorTemplateFiller";
+    private final static String PROP_PENDING_TEMPLATE_FILLER = "pendingTemplateFiller";
+    private final static String PROP_SVC_PENDING_TEMPLATE_FILLER = "svcpendingTemplateFiller";
+    private final static String PROP_REJECTED_TEMPLATE_FILLER = "rejectedTemplateFiller";
+    private final static String PROP_EXCEPTION_TEMPLATE_FILLER = "exceptionTemplateFiller";
 
     protected final static String RA_AGENT_GROUP = "Registration Manager Agents";
     protected final static String CA_AGENT_GROUP = "Certificate Manager Agents";
@@ -206,25 +184,18 @@ public abstract class CMSServlet extends HttpServlet {
     protected final static String ADMIN_GROUP = "Administrators";
 
     // default http params NOT to save in request.(config values added to list )
-    private static final String 
-        PROP_DONT_SAVE_HTTP_PARAMS = "dontSaveHttpParams";
-    private static final String[] 
-        DONT_SAVE_HTTP_PARAMS = { "pwd", "password", "passwd", 
+    private static final String PROP_DONT_SAVE_HTTP_PARAMS = "dontSaveHttpParams";
+    private static final String[] DONT_SAVE_HTTP_PARAMS = { "pwd", "password", "passwd",
             "challengePassword", "confirmChallengePassword" };
 
     // default http headers to save in request. (config values added to list)
-    private static final String 
-        PROP_SAVE_HTTP_HEADERS = "saveHttpHeaders";
-    private static final String[] 
-        SAVE_HTTP_HEADERS = { "accept-language", "user-agent", };
+    private static final String PROP_SAVE_HTTP_HEADERS = "saveHttpHeaders";
+    private static final String[] SAVE_HTTP_HEADERS = { "accept-language", "user-agent", };
 
     // request prefixes to distinguish from other request attributes.
-    public static final String 
-        PFX_HTTP_HEADER = "HTTP_HEADER";
-    public static final String 
-        PFX_HTTP_PARAM = "HTTP_PARAM";
-    public static final String 
-        PFX_AUTH_TOKEN = "AUTH_TOKEN";
+    public static final String PFX_HTTP_HEADER = "HTTP_HEADER";
+    public static final String PFX_HTTP_PARAM = "HTTP_PARAM";
+    public static final String PFX_AUTH_TOKEN = "AUTH_TOKEN";
 
     /* input http params */
     protected final static String AUTHMGR_PARAM = "authenticator";
@@ -232,10 +203,10 @@ public abstract class CMSServlet extends HttpServlet {
     /* fixed credential passed to auth managers */
     protected final static String CERT_AUTH_CRED = "sslClientCert";
 
-    public static final String CERT_ATTR = 
-        "javax.servlet.request.X509Certificate";
+    public static final String CERT_ATTR =
+            "javax.servlet.request.X509Certificate";
 
-    // members. 
+    // members.
 
     protected boolean mRenderResult = true;
     protected String mFinalErrorMsg = FINAL_ERROR_MSG;
@@ -243,7 +214,7 @@ public abstract class CMSServlet extends HttpServlet {
 
     protected ServletConfig mServletConfig = null;
     protected ServletContext mServletContext = null;
-    private   CMSFileLoader mFileLoader = null;
+    private CMSFileLoader mFileLoader = null;
 
     protected Vector<String> mDontSaveHttpParams = new Vector<String>();
     protected Vector<String> mSaveHttpHeaders = new Vector<String>();
@@ -251,14 +222,14 @@ public abstract class CMSServlet extends HttpServlet {
     protected String mId = null;
     protected IConfigStore mConfig = null;
 
-    // the authority, RA, CA, KRA this servlet is serving. 
+    // the authority, RA, CA, KRA this servlet is serving.
     protected IAuthority mAuthority = null;
     protected IRequestQueue mRequestQueue = null;
 
     // system logger.
     protected ILogger mLogger = CMS.getLogger();
     protected int mLogCategory = ILogger.S_OTHER;
-    private   MessageDigest mSHADigest = null;
+    private MessageDigest mSHADigest = null;
 
     protected String mGetClientCert = "false";
     protected String mAuthMgr = null;
@@ -270,18 +241,18 @@ public abstract class CMSServlet extends HttpServlet {
     protected ILogger mSignedAuditLogger = CMS.getSignedAuditLogger();
     protected String mOutputTemplatePath = null;
     private IUGSubsystem mUG = (IUGSubsystem)
-        CMS.getSubsystem(CMS.SUBSYSTEM_UG);
+            CMS.getSubsystem(CMS.SUBSYSTEM_UG);
 
     private final static String LOGGING_SIGNED_AUDIT_AUTH_FAIL =
-        "LOGGING_SIGNED_AUDIT_AUTH_FAIL_4";
+            "LOGGING_SIGNED_AUDIT_AUTH_FAIL_4";
     private final static String LOGGING_SIGNED_AUDIT_AUTH_SUCCESS =
-        "LOGGING_SIGNED_AUDIT_AUTH_SUCCESS_3";
+            "LOGGING_SIGNED_AUDIT_AUTH_SUCCESS_3";
     private final static String LOGGING_SIGNED_AUDIT_AUTHZ_FAIL =
-        "LOGGING_SIGNED_AUDIT_AUTHZ_FAIL_4";
+            "LOGGING_SIGNED_AUDIT_AUTHZ_FAIL_4";
     private final static String LOGGING_SIGNED_AUDIT_AUTHZ_SUCCESS =
-        "LOGGING_SIGNED_AUDIT_AUTHZ_SUCCESS_4";
+            "LOGGING_SIGNED_AUDIT_AUTHZ_SUCCESS_4";
     private final static String LOGGING_SIGNED_AUDIT_ROLE_ASSUME =
-        "LOGGING_SIGNED_AUDIT_ROLE_ASSUME_3";
+            "LOGGING_SIGNED_AUDIT_ROLE_ASSUME_3";
 
     public CMSServlet() {
     }
@@ -328,33 +299,33 @@ public abstract class CMSServlet extends HttpServlet {
         if (mAuthority != null)
             mRequestQueue = mAuthority.getRequestQueue();
 
-            // set default templates.
+        // set default templates.
         setDefaultTemplates(sc);
 
         // for logging to the right authority category.
         if (mAuthority == null) {
             mLogCategory = ILogger.S_OTHER;
         } else {
-            if (mAuthority instanceof ICertificateAuthority) 
+            if (mAuthority instanceof ICertificateAuthority)
                 mLogCategory = ILogger.S_CA;
-            else if (mAuthority instanceof IRegistrationAuthority) 
+            else if (mAuthority instanceof IRegistrationAuthority)
                 mLogCategory = ILogger.S_RA;
-            else if (mAuthority instanceof IKeyRecoveryAuthority) 
+            else if (mAuthority instanceof IKeyRecoveryAuthority)
                 mLogCategory = ILogger.S_KRA;
-            else 
+            else
                 mLogCategory = ILogger.S_OTHER;
         }
 
         try {
-            // get final error message. 
+            // get final error message.
             // used when templates can't even be loaded.
-            String eMsg = 
-                sc.getInitParameter(PROP_FINAL_ERROR_MSG);
+            String eMsg =
+                    sc.getInitParameter(PROP_FINAL_ERROR_MSG);
 
             if (eMsg != null)
                 mFinalErrorMsg = eMsg;
 
-                // get any configured templates.
+            // get any configured templates.
             Enumeration<CMSLoadTemplate> templs = mTemplates.elements();
 
             while (templs.hasMoreElements()) {
@@ -363,13 +334,13 @@ public abstract class CMSServlet extends HttpServlet {
                 if (templ == null || templ.mPropName == null) {
                     continue;
                 }
-                String tName = 
-                    sc.getInitParameter(templ.mPropName);
+                String tName =
+                        sc.getInitParameter(templ.mPropName);
 
                 if (tName != null)
                     templ.mTemplateName = tName;
-                String fillerName = 
-                    sc.getInitParameter(templ.mFillerPropName);
+                String fillerName =
+                        sc.getInitParameter(templ.mFillerPropName);
 
                 if (fillerName != null) {
                     ICMSTemplateFiller filler = newFillerObject(fillerName);
@@ -379,32 +350,32 @@ public abstract class CMSServlet extends HttpServlet {
                 }
             }
 
-            // get http params NOT to store in a IRequest and  
-            // get http headers TO store in a IRequest. 
+            // get http params NOT to store in a IRequest and
+            // get http headers TO store in a IRequest.
             getDontSaveHttpParams(sc);
             getSaveHttpHeaders(sc);
         } catch (Exception e) {
-            // should never occur since we provide defaults above. 
-            log(ILogger.LL_FAILURE, 
-                CMS.getLogMessage("CMSGW_ERR_CONF_TEMP_PARAMS",
-                    e.toString()));
+            // should never occur since we provide defaults above.
+            log(ILogger.LL_FAILURE,
+                    CMS.getLogMessage("CMSGW_ERR_CONF_TEMP_PARAMS",
+                            e.toString()));
             throw new ServletException(e.toString());
         }
 
         try {
             mSHADigest = MessageDigest.getInstance("SHA1");
         } catch (NoSuchAlgorithmException e) {
-            log(ILogger.LL_FAILURE, 
-                CMS.getLogMessage("CMSGW_ERR_CONF_TEMP_PARAMS",
-                    e.toString()));
+            log(ILogger.LL_FAILURE,
+                    CMS.getLogMessage("CMSGW_ERR_CONF_TEMP_PARAMS",
+                            e.toString()));
             throw new ServletException(e.toString());
         }
     }
-   
+
     public String getId() {
         return mId;
     }
- 
+
     public String getAuthMgr() {
         return mAuthMgr;
     }
@@ -416,44 +387,43 @@ public abstract class CMSServlet extends HttpServlet {
             return false;
     }
 
-    public void outputHttpParameters(HttpServletRequest httpReq)
-    {
-	CMS.debug("CMSServlet:service() uri = " + httpReq.getRequestURI());
+    public void outputHttpParameters(HttpServletRequest httpReq) {
+        CMS.debug("CMSServlet:service() uri = " + httpReq.getRequestURI());
         Enumeration<?> paramNames = httpReq.getParameterNames();
         while (paramNames.hasMoreElements()) {
-            String pn = (String)paramNames.nextElement();
+            String pn = (String) paramNames.nextElement();
             // added this facility so that password can be hidden,
-            // all sensitive parameters should be prefixed with 
+            // all sensitive parameters should be prefixed with
             // __ (double underscores); however, in the event that
             // a security parameter slips through, we perform multiple
             // additional checks to insure that it is NOT displayed
-            if( pn.startsWith("__")                         ||
-                pn.endsWith("password")                     ||
-                pn.endsWith("passwd")                       ||
-                pn.endsWith("pwd")                          ||
-                pn.equalsIgnoreCase("admin_password_again") ||
-                pn.equalsIgnoreCase("directoryManagerPwd")  ||
-                pn.equalsIgnoreCase("bindpassword")         ||
-                pn.equalsIgnoreCase("bindpwd")              ||
-                pn.equalsIgnoreCase("passwd")               ||
-                pn.equalsIgnoreCase("password")             ||
-                pn.equalsIgnoreCase("pin")                  ||
-                pn.equalsIgnoreCase("pwd")                  ||
-                pn.equalsIgnoreCase("pwdagain")             ||
-                pn.startsWith("p12Password")                ||
-                pn.equalsIgnoreCase("uPasswd") ) {
-              CMS.debug("CMSServlet::service() param name='" + pn +
-                        "' value='(sensitive)'" );
+            if (pn.startsWith("__") ||
+                    pn.endsWith("password") ||
+                    pn.endsWith("passwd") ||
+                    pn.endsWith("pwd") ||
+                    pn.equalsIgnoreCase("admin_password_again") ||
+                    pn.equalsIgnoreCase("directoryManagerPwd") ||
+                    pn.equalsIgnoreCase("bindpassword") ||
+                    pn.equalsIgnoreCase("bindpwd") ||
+                    pn.equalsIgnoreCase("passwd") ||
+                    pn.equalsIgnoreCase("password") ||
+                    pn.equalsIgnoreCase("pin") ||
+                    pn.equalsIgnoreCase("pwd") ||
+                    pn.equalsIgnoreCase("pwdagain") ||
+                    pn.startsWith("p12Password") ||
+                    pn.equalsIgnoreCase("uPasswd")) {
+                CMS.debug("CMSServlet::service() param name='" + pn +
+                        "' value='(sensitive)'");
             } else {
-              CMS.debug("CMSServlet::service() param name='" + pn +
-                        "' value='" + httpReq.getParameter(pn) + "'" );
+                CMS.debug("CMSServlet::service() param name='" + pn +
+                        "' value='" + httpReq.getParameter(pn) + "'");
             }
         }
     }
 
-    public void service(HttpServletRequest httpReq, 
-        HttpServletResponse httpResp) 
-        throws ServletException, IOException {
+    public void service(HttpServletRequest httpReq,
+            HttpServletResponse httpResp)
+            throws ServletException, IOException {
 
         boolean running_state = CMS.isInRunningState();
 
@@ -473,16 +443,16 @@ public abstract class CMSServlet extends HttpServlet {
         httpReq.setCharacterEncoding("UTF-8");
 
         if (CMS.debugOn()) {
-          outputHttpParameters(httpReq);
+            outputHttpParameters(httpReq);
         }
         CMS.debug("CMSServlet: " + mId + " start to service.");
         String className = this.getClass().getName();
 
-        // get a cms request 
+        // get a cms request
         CMSRequest cmsRequest = newCMSRequest();
 
-        // set argblock 
-        cmsRequest.setHttpParams(CMS.createArgBlock("http-request-params",toHashtable(httpReq)));
+        // set argblock
+        cmsRequest.setHttpParams(CMS.createArgBlock("http-request-params", toHashtable(httpReq)));
 
         // set http request
         cmsRequest.setHttpReq(httpReq);
@@ -516,21 +486,22 @@ public abstract class CMSServlet extends HttpServlet {
                 renderResult(cmsRequest);
                 SessionContext.releaseContext();
                 return;
-            } 
+            }
             long startTime = CMS.getCurrentDate().getTime();
             process(cmsRequest);
             renderResult(cmsRequest);
             Date endDate = CMS.getCurrentDate();
             long endTime = endDate.getTime();
             if (CMS.debugOn()) {
-              CMS.debug(CMS.DEBUG_INFORM, "CMSServlet: curDate=" + endDate + " id=" + mId + " time=" + (endTime - startTime));
+                CMS.debug(CMS.DEBUG_INFORM, "CMSServlet: curDate=" + endDate + " id=" + mId + " time=" + (endTime - startTime));
             }
             iCommandQueue.unRegisterProccess((Object) cmsRequest, (Object) this);
         } catch (EBaseException e) {
             iCommandQueue.unRegisterProccess((Object) cmsRequest, (Object) this);
-            // ByteArrayOutputStream os = new ByteArrayOutputStream(); for debugging only
+            // ByteArrayOutputStream os = new ByteArrayOutputStream(); for
+            // debugging only
             // PrintStream ps = new PrintStream(os);
-            //e.printStackTrace(ps);
+            // e.printStackTrace(ps);
             log(e.toString());
             renderException(cmsRequest, e);
         } catch (Exception ex) {
@@ -551,39 +522,38 @@ public abstract class CMSServlet extends HttpServlet {
 
     /**
      * Create a new CMSRequest object. This should be overriden by servlets
-	 * implementing different types of request
-	 * @return a new CMSRequest object
+     * implementing different types of request
+     * 
+     * @return a new CMSRequest object
      */
     protected CMSRequest newCMSRequest() {
         return new CMSRequest();
     }
 
     /**
-     * process an HTTP request. Servlets must override this with their
-	 * own implementation
-	 * @throws EBaseException if the servlet was unable to satisfactorily
-	 * process the request
+     * process an HTTP request. Servlets must override this with their own
+     * implementation
+     * 
+     * @throws EBaseException if the servlet was unable to satisfactorily
+     *             process the request
      */
-    protected void process(CMSRequest cmsRequest) 
-        throws EBaseException 
-    {
+    protected void process(CMSRequest cmsRequest)
+            throws EBaseException {
     }
-   
 
     /**
-     * Output a template. 
-     * If an error occurs while outputing the template the exception template
-     * is used to display the error.
+     * Output a template. If an error occurs while outputing the template the
+     * exception template is used to display the error.
      * 
      * @param cmsReq the CS request
      */
     protected void renderResult(CMSRequest cmsReq)
-        throws IOException {
+            throws IOException {
 
         if (!mRenderResult)
             return;
         Integer status = cmsReq.getStatus();
-        
+
         CMSLoadTemplate ltempl = (CMSLoadTemplate) mTemplates.get(status);
 
         if (ltempl == null || ltempl.mTemplateName == null) {
@@ -594,13 +564,12 @@ public abstract class CMSServlet extends HttpServlet {
 
         renderTemplate(cmsReq, ltempl.mTemplateName, filler);
     }
-	
+
     private static final String PRESERVED = "preserved";
     public static final String TEMPLATE_NAME = "templateName";
-			
+
     protected void outputArgBlockAsXML(XMLObject xmlObj, Node parent,
-                                       String argBlockName, IArgBlock argBlock) 
-    {
+                                       String argBlockName, IArgBlock argBlock) {
         Node argBlockContainer = xmlObj.createContainer(parent, argBlockName);
 
         if (argBlock != null) {
@@ -614,15 +583,14 @@ public abstract class CMSServlet extends HttpServlet {
         }
     }
 
-    protected void outputXML(HttpServletResponse httpResp, CMSTemplateParams params)
-    {
+    protected void outputXML(HttpServletResponse httpResp, CMSTemplateParams params) {
         XMLObject xmlObj = null;
         try {
             xmlObj = new XMLObject();
 
             Node root = xmlObj.createRoot("xml");
             outputArgBlockAsXML(xmlObj, root, "header", params.getHeader());
-            outputArgBlockAsXML(xmlObj, root, "fixed",  params.getFixed());
+            outputArgBlockAsXML(xmlObj, root, "fixed", params.getFixed());
 
             Enumeration<IArgBlock> records = params.queryRecords();
             Node recordsNode = xmlObj.createContainer(root, "records");
@@ -645,14 +613,14 @@ public abstract class CMSServlet extends HttpServlet {
     }
 
     protected void renderTemplate(
-        CMSRequest cmsReq, String templateName, ICMSTemplateFiller filler) 
-        throws IOException {
+            CMSRequest cmsReq, String templateName, ICMSTemplateFiller filler)
+            throws IOException {
         try {
             IArgBlock httpParams = cmsReq.getHttpParams();
 
             Locale[] locale = new Locale[1];
             CMSTemplate template =
-                getTemplate(templateName, cmsReq.getHttpReq(), locale);
+                    getTemplate(templateName, cmsReq.getHttpReq(), locale);
             CMSTemplateParams templateParams = null;
 
             if (filler != null) {
@@ -670,20 +638,20 @@ public abstract class CMSServlet extends HttpServlet {
             }
 
             if (httpParams != null) {
-                String httpTemplateName = 
-                    httpParams.getValueAsString(
-                        TEMPLATE_NAME, null);
+                String httpTemplateName =
+                        httpParams.getValueAsString(
+                                TEMPLATE_NAME, null);
 
                 if (httpTemplateName != null) {
                     templateName = httpTemplateName;
                 }
             }
 
-            if (templateParams == null) 
+            if (templateParams == null)
                 templateParams = new CMSTemplateParams(null, null);
 
-                // #359630
-                // inject preserved http parameter into the template
+            // #359630
+            // inject preserved http parameter into the template
             if (httpParams != null) {
                 String preserved = httpParams.getValueAsString(
                         PRESERVED, null);
@@ -704,40 +672,40 @@ public abstract class CMSServlet extends HttpServlet {
             cmsReq.getHttpResp().setContentLength(bos.size());
             bos.writeTo(cmsReq.getHttpResp().getOutputStream());
         } catch (Exception e) {
-            log(ILogger.LL_FAILURE, 
-                CMS.getLogMessage("CMSGW_ERR_OUT_TEMPLATE", templateName, e.toString()));
-            renderException(cmsReq, 
-                new ECMSGWException(CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE")));
+            log(ILogger.LL_FAILURE,
+                    CMS.getLogMessage("CMSGW_ERR_OUT_TEMPLATE", templateName, e.toString()));
+            renderException(cmsReq,
+                    new ECMSGWException(CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE")));
             return;
         }
     }
 
     /**
-     * Output exception (unexpected error) template 
-     * This is different from other templates in that if an exception occurs
-     * while rendering the exception a message is printed out directly. 
-     * If the message gets an error an IOException is thrown. 
-     * In others if an exception occurs while rendering the template the 
-     * exception template (this) is called. 
+     * Output exception (unexpected error) template This is different from other
+     * templates in that if an exception occurs while rendering the exception a
+     * message is printed out directly. If the message gets an error an
+     * IOException is thrown. In others if an exception occurs while rendering
+     * the template the exception template (this) is called.
      * <p>
+     * 
      * @param cmsReq the CS request to pass to template filler if any.
      * @param e the unexpected exception
      */
-    protected void renderException(CMSRequest cmsReq, EBaseException e) 
-        throws IOException {
+    protected void renderException(CMSRequest cmsReq, EBaseException e)
+            throws IOException {
         try {
             Locale[] locale = new Locale[1];
-            CMSLoadTemplate loadTempl = 
-                (CMSLoadTemplate) mTemplates.get(CMSRequest.EXCEPTION);
-            CMSTemplate template = getTemplate(loadTempl.mTemplateName, 
+            CMSLoadTemplate loadTempl =
+                    (CMSLoadTemplate) mTemplates.get(CMSRequest.EXCEPTION);
+            CMSTemplate template = getTemplate(loadTempl.mTemplateName,
                     cmsReq.getHttpReq(), locale);
             ICMSTemplateFiller filler = loadTempl.mFiller;
             CMSTemplateParams templateParams = null;
 
             // When an exception occurs the exit is non-local which probably
             // will leave the requestStatus value set to something other
-            // than CMSRequest.EXCEPTION, so force the requestStatus to 
-            // EXCEPTION since it must be that if we're here. 
+            // than CMSRequest.EXCEPTION, so force the requestStatus to
+            // EXCEPTION since it must be that if we're here.
             cmsReq.setStatus(CMSRequest.EXCEPTION);
 
             if (filler != null) {
@@ -749,7 +717,7 @@ public abstract class CMSServlet extends HttpServlet {
             }
             if (e != null) {
                 templateParams.getFixed().set(
-                    ICMSTemplateFiller.EXCEPTION, e.toString(locale[0]));
+                        ICMSTemplateFiller.EXCEPTION, e.toString(locale[0]));
             }
 
             // just output arg blocks as XML
@@ -772,25 +740,25 @@ public abstract class CMSServlet extends HttpServlet {
         }
     }
 
-    public void renderFinalError(CMSRequest cmsReq, Exception ex) 
-        throws IOException {
-        // this template is the last resort for all other unexpected 
-        // errors in other templates so we can only output text. 
+    public void renderFinalError(CMSRequest cmsReq, Exception ex)
+            throws IOException {
+        // this template is the last resort for all other unexpected
+        // errors in other templates so we can only output text.
         HttpServletResponse httpResp = cmsReq.getHttpResp();
 
         httpResp.setContentType("text/html");
         ServletOutputStream out = httpResp.getOutputStream();
-	
-        // replace $ERRORMSG with exception message if included. 
+
+        // replace $ERRORMSG with exception message if included.
         String finalErrMsg = mFinalErrorMsg;
         int tokenIdx = mFinalErrorMsg.indexOf(ERROR_MSG_TOKEN);
 
         if (tokenIdx != -1) {
-            finalErrMsg = 
+            finalErrMsg =
                     mFinalErrorMsg.substring(0, tokenIdx) +
-                    ex.toString() + 
-                    mFinalErrorMsg.substring(
-                        tokenIdx + ERROR_MSG_TOKEN.length());
+                            ex.toString() +
+                            mFinalErrorMsg.substring(
+                                    tokenIdx + ERROR_MSG_TOKEN.length());
         }
         out.println(finalErrMsg);
         return;
@@ -803,31 +771,23 @@ public abstract class CMSServlet extends HttpServlet {
         SSLSocket s = null;
 
         /*
-         try {
-         s = (SSLSocket) ((HTTPRequest) httpReq).getConnection().getSocket(); 
-         } catch (ClassCastException e) {
-         CMS.getLogger().log(
-         ILogger.EV_SYSTEM, ILogger.S_OTHER, ILogger.LL_WARN, 
-         CMS.getLogMessage("CMSGW_SSL_NO_INVALIDATE"));
-         // ignore.
-         return;
-         }
-         try {
-         s.invalidateSession();
-         s.resetHandshake();
-         }catch (SocketException se) {
-         }
+         * try { s = (SSLSocket) ((HTTPRequest)
+         * httpReq).getConnection().getSocket(); } catch (ClassCastException e)
+         * { CMS.getLogger().log( ILogger.EV_SYSTEM, ILogger.S_OTHER,
+         * ILogger.LL_WARN, CMS.getLogMessage("CMSGW_SSL_NO_INVALIDATE")); //
+         * ignore. return; } try { s.invalidateSession(); s.resetHandshake();
+         * }catch (SocketException se) { }
          */
         return;
     }
 
     /**
-     * construct a authentication credentials to pass into authentication 
+     * construct a authentication credentials to pass into authentication
      * manager.
      */
     public static AuthCredentials getAuthCreds(
-        IAuthManager authMgr, IArgBlock argBlock, X509Certificate clientCert) 
-        throws EBaseException {
+            IAuthManager authMgr, IArgBlock argBlock, X509Certificate clientCert)
+            throws EBaseException {
         // get credentials from http parameters.
         String[] reqCreds = authMgr.getRequiredCreds();
         AuthCredentials creds = new AuthCredentials();
@@ -837,8 +797,8 @@ public abstract class CMSServlet extends HttpServlet {
 
             if (reqCred.equals(IAuthManager.CRED_SSL_CLIENT_CERT)) {
                 // cert could be null;
-                creds.set(reqCred, new X509Certificate[] { clientCert}
-                ); 
+                creds.set(reqCred, new X509Certificate[] { clientCert }
+                        );
             } else {
                 String value = argBlock.getValueAsString(reqCred);
 
@@ -854,19 +814,19 @@ public abstract class CMSServlet extends HttpServlet {
     /**
      * get ssl client authenticated certificate
      */
-    protected X509Certificate 
-    getSSLClientCertificate(HttpServletRequest httpReq) 
-        throws EBaseException {
+    protected X509Certificate
+            getSSLClientCertificate(HttpServletRequest httpReq)
+                    throws EBaseException {
 
         X509Certificate cert = null;
 
-        mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER, ILogger.LL_INFO, 
-            CMS.getLogMessage("CMSGW_GETTING_SSL_CLIENT_CERT"));
+        mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER, ILogger.LL_INFO,
+                CMS.getLogMessage("CMSGW_GETTING_SSL_CLIENT_CERT"));
 
-        // iws60 support Java Servlet Spec V2.2, attribute 
+        // iws60 support Java Servlet Spec V2.2, attribute
         // javax.servlet.request.X509Certificate now contains array
         // of X509Certificates instead of one X509Certificate object
-        X509Certificate[] allCerts = (X509Certificate[]) httpReq.getAttribute(CERT_ATTR); 
+        X509Certificate[] allCerts = (X509Certificate[]) httpReq.getAttribute(CERT_ATTR);
 
         if (allCerts == null || allCerts.length == 0) {
             throw new EBaseException("You did not provide a valid certificate for this operation");
@@ -876,10 +836,10 @@ public abstract class CMSServlet extends HttpServlet {
 
         if (cert == null) {
             // just don't have a cert.
-            mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER, ILogger.LL_FAILURE, 
-                CMS.getLogMessage("CMSGW_SSL_CL_CERT_FAIL"));
+            mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER, ILogger.LL_FAILURE,
+                    CMS.getLogMessage("CMSGW_SSL_CL_CERT_FAIL"));
             return null;
-        } 
+        }
 
         // convert to sun's x509 cert interface.
         try {
@@ -888,53 +848,53 @@ public abstract class CMSServlet extends HttpServlet {
             cert = new X509CertImpl(certEncoded);
         } catch (CertificateEncodingException e) {
             mLogger.log(
-                ILogger.EV_SYSTEM, ILogger.S_OTHER, ILogger.LL_FAILURE, 
-                CMS.getLogMessage("CMSGW_SSL_CL_CERT_FAIL_ENCODE", e.getMessage()));
+                    ILogger.EV_SYSTEM, ILogger.S_OTHER, ILogger.LL_FAILURE,
+                    CMS.getLogMessage("CMSGW_SSL_CL_CERT_FAIL_ENCODE", e.getMessage()));
             return null;
         } catch (CertificateException e) {
             mLogger.log(
-                ILogger.EV_SYSTEM, ILogger.S_OTHER, ILogger.LL_FAILURE, 
-                CMS.getLogMessage("CMSGW_SSL_CL_CERT_FAIL_DECODE", e.getMessage()));
+                    ILogger.EV_SYSTEM, ILogger.S_OTHER, ILogger.LL_FAILURE,
+                    CMS.getLogMessage("CMSGW_SSL_CL_CERT_FAIL_DECODE", e.getMessage()));
             return null;
         }
-        return cert; 
+        return cert;
     }
 
     /**
      * get a template based on result status.
      */
     protected CMSTemplate getTemplate(
-        String templateName, HttpServletRequest httpReq, Locale[] locale)
-        throws EBaseException, IOException {
+            String templateName, HttpServletRequest httpReq, Locale[] locale)
+            throws EBaseException, IOException {
         // this converts to system dependent file seperator char.
         if (mServletConfig == null) {
-	        CMS.debug( "CMSServlet:getTemplate() - mServletConfig is null!" );
+            CMS.debug("CMSServlet:getTemplate() - mServletConfig is null!");
             return null;
         }
         if (mServletConfig.getServletContext() == null) {
         }
         if (templateName == null) {
         }
-        String realpath = 
-            mServletConfig.getServletContext().getRealPath("/" + templateName);
+        String realpath =
+                mServletConfig.getServletContext().getRealPath("/" + templateName);
 
         if (realpath == null) {
             mLogger.log(
-                ILogger.EV_SYSTEM, ILogger.S_OTHER, ILogger.LL_FAILURE, 
-                CMS.getLogMessage("CMSGW_NO_FIND_TEMPLATE", templateName));
+                    ILogger.EV_SYSTEM, ILogger.S_OTHER, ILogger.LL_FAILURE,
+                    CMS.getLogMessage("CMSGW_NO_FIND_TEMPLATE", templateName));
             throw new ECMSGWException(CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE"));
         }
 
         File realpathFile = new File(realpath);
-        File templateFile = 
-            getLangFile(httpReq, realpathFile, locale);
+        File templateFile =
+                getLangFile(httpReq, realpathFile, locale);
         String charSet = httpReq.getCharacterEncoding();
 
         if (charSet == null) {
             charSet = "UTF8";
         }
-        CMSTemplate template = 
-            (CMSTemplate) mFileLoader.getCMSFile(templateFile, charSet);
+        CMSTemplate template =
+                (CMSTemplate) mFileLoader.getCMSFile(templateFile, charSet);
 
         return template;
     }
@@ -943,13 +903,13 @@ public abstract class CMSServlet extends HttpServlet {
      * log according to authority category.
      */
     protected void log(int event, int level, String msg) {
-        mLogger.log(event, mLogCategory, level, 
-            "Servlet " + mId + ": " + msg);
+        mLogger.log(event, mLogCategory, level,
+                "Servlet " + mId + ": " + msg);
     }
 
     protected void log(int level, String msg) {
-        mLogger.log(ILogger.EV_SYSTEM, mLogCategory, level, 
-            "Servlet " + mId + ": " + msg);
+        mLogger.log(ILogger.EV_SYSTEM, mLogCategory, level,
+                "Servlet " + mId + ": " + msg);
     }
 
     /**
@@ -965,8 +925,8 @@ public abstract class CMSServlet extends HttpServlet {
             dontSaveParams = sc.getInitParameter(
                         PROP_DONT_SAVE_HTTP_PARAMS);
             if (dontSaveParams != null) {
-                StringTokenizer params = 
-                    new StringTokenizer(dontSaveParams, ",");
+                StringTokenizer params =
+                        new StringTokenizer(dontSaveParams, ",");
 
                 while (params.hasMoreTokens()) {
                     String param = params.nextToken();
@@ -976,8 +936,8 @@ public abstract class CMSServlet extends HttpServlet {
             }
         } catch (Exception e) {
             // should never happen
-            log(ILogger.LL_WARN, 
-                CMS.getLogMessage("CMSGW_NO_CONFIG_VALUE", PROP_DONT_SAVE_HTTP_PARAMS, e.toString()));
+            log(ILogger.LL_WARN,
+                    CMS.getLogMessage("CMSGW_NO_CONFIG_VALUE", PROP_DONT_SAVE_HTTP_PARAMS, e.toString()));
             // default just in case.
             for (int i = 0; i < DONT_SAVE_HTTP_PARAMS.length; i++) {
                 mDontSaveHttpParams.addElement(DONT_SAVE_HTTP_PARAMS[i]);
@@ -997,12 +957,12 @@ public abstract class CMSServlet extends HttpServlet {
             }
 
             // now get from config file if there's more.
-            String saveHeaders = 
-                sc.getInitParameter(PROP_SAVE_HTTP_HEADERS);
+            String saveHeaders =
+                    sc.getInitParameter(PROP_SAVE_HTTP_HEADERS);
 
-            if (saveHeaders != null) { 
-                StringTokenizer headers = 
-                    new StringTokenizer(saveHeaders, ",");
+            if (saveHeaders != null) {
+                StringTokenizer headers =
+                        new StringTokenizer(saveHeaders, ",");
 
                 while (headers.hasMoreTokens()) {
                     String hdr = headers.nextToken();
@@ -1021,8 +981,8 @@ public abstract class CMSServlet extends HttpServlet {
      * save http headers in a IRequest.
      */
     protected void saveHttpHeaders(
-        HttpServletRequest httpReq, IRequest req)
-        throws EBaseException {
+            HttpServletRequest httpReq, IRequest req)
+            throws EBaseException {
         Hashtable<String, String> headers = new Hashtable<String, String>();
         Enumeration<String> hdrs = mSaveHttpHeaders.elements();
 
@@ -1041,7 +1001,7 @@ public abstract class CMSServlet extends HttpServlet {
      * save http headers in a IRequest.
      */
     protected void saveHttpParams(
-        IArgBlock httpParams, IRequest req) {
+            IArgBlock httpParams, IRequest req) {
         Hashtable<String, String> saveParams = new Hashtable<String, String>();
 
         Enumeration<String> names = httpParams.elements();
@@ -1075,14 +1035,14 @@ public abstract class CMSServlet extends HttpServlet {
      * handy routine for getting a cert record given a serial number.
      */
     protected ICertRecord getCertRecord(BigInteger serialNo) {
-        if (mAuthority == null || 
-            !(mAuthority instanceof ICertificateAuthority)) {
-            log(ILogger.LL_WARN, 
-                CMS.getLogMessage("CMSGW_NON_CERT_AUTH"));
+        if (mAuthority == null ||
+                !(mAuthority instanceof ICertificateAuthority)) {
+            log(ILogger.LL_WARN,
+                    CMS.getLogMessage("CMSGW_NON_CERT_AUTH"));
             return null;
         }
-        ICertificateRepository certdb = 
-            (ICertificateRepository) ((ICertificateAuthority) mAuthority).getCertificateRepository();
+        ICertificateRepository certdb =
+                (ICertificateRepository) ((ICertificateAuthority) mAuthority).getCertificateRepository();
 
         if (certdb == null) {
             log(ILogger.LL_WARN, CMS.getLogMessage("CMSGW_CERT_DB_NULL", mAuthority.toString()));
@@ -1093,16 +1053,16 @@ public abstract class CMSServlet extends HttpServlet {
         try {
             certRecord = certdb.readCertificateRecord(serialNo);
         } catch (EBaseException e) {
-            log(ILogger.LL_FAILURE, 
-                CMS.getLogMessage("CMSGW_NO_CERT_REC", serialNo.toString(16), e.toString()));
+            log(ILogger.LL_FAILURE,
+                    CMS.getLogMessage("CMSGW_NO_CERT_REC", serialNo.toString(16), e.toString()));
             return null;
         }
         return certRecord;
     }
 
     /**
-     * handy routine for validating if a cert is from this CA.
-     * mAuthority must be a CA.
+     * handy routine for validating if a cert is from this CA. mAuthority must
+     * be a CA.
      */
     protected boolean isCertFromCA(X509Certificate cert) {
         BigInteger serialno = cert.getSerialNumber();
@@ -1114,8 +1074,8 @@ public abstract class CMSServlet extends HttpServlet {
     }
 
     /**
-     * handy routine for checking if a list of certs is from this CA.
-     * mAuthortiy must be a CA.
+     * handy routine for checking if a list of certs is from this CA. mAuthortiy
+     * must be a CA.
      */
     protected boolean areCertsFromCA(X509Certificate[] certs) {
         for (int i = certs.length - 1; i >= 0; i--) {
@@ -1126,18 +1086,18 @@ public abstract class CMSServlet extends HttpServlet {
     }
 
     /**
-     * handy routine for getting a certificate from the certificate 
-     * repository. mAuthority must be a CA.
+     * handy routine for getting a certificate from the certificate repository.
+     * mAuthority must be a CA.
      */
     protected X509Certificate getX509Certificate(BigInteger serialNo) {
-        if (mAuthority == null || 
-            !(mAuthority instanceof ICertificateAuthority)) {
-            log(ILogger.LL_FAILURE, 
-                CMS.getLogMessage("CMSGW_NOT_CERT_AUTH"));
+        if (mAuthority == null ||
+                !(mAuthority instanceof ICertificateAuthority)) {
+            log(ILogger.LL_FAILURE,
+                    CMS.getLogMessage("CMSGW_NOT_CERT_AUTH"));
             return null;
         }
-        ICertificateRepository certdb = 
-            (ICertificateRepository) ((ICertificateAuthority) mAuthority).getCertificateRepository();
+        ICertificateRepository certdb =
+                (ICertificateRepository) ((ICertificateAuthority) mAuthority).getCertificateRepository();
 
         if (certdb == null) {
             log(ILogger.LL_WARN, CMS.getLogMessage("CMSGW_CERT_DB_NULL", mAuthority.toString()));
@@ -1148,15 +1108,16 @@ public abstract class CMSServlet extends HttpServlet {
         try {
             cert = certdb.getX509Certificate(serialNo);
         } catch (EBaseException e) {
-            log(ILogger.LL_FAILURE, 
-                CMS.getLogMessage("CMSGW_NO_CERT_REC", serialNo.toString(16), e.toString()));
+            log(ILogger.LL_FAILURE,
+                    CMS.getLogMessage("CMSGW_NO_CERT_REC", serialNo.toString(16), e.toString()));
             return null;
         }
         return cert;
     }
 
     /**
-     * instantiate a new filler from a class name, 
+     * instantiate a new filler from a class name,
+     * 
      * @return null if can't be instantiated, new instance otherwise.
      */
     protected ICMSTemplateFiller newFillerObject(String fillerClass) {
@@ -1169,8 +1130,8 @@ public abstract class CMSServlet extends HttpServlet {
             if ((e instanceof RuntimeException)) {
                 throw (RuntimeException) e;
             } else {
-                log(ILogger.LL_WARN, 
-                    CMS.getLogMessage("CMSGW_CANT_LOAD_FILLER", fillerClass, e.toString()));
+                log(ILogger.LL_WARN,
+                        CMS.getLogMessage("CMSGW_CANT_LOAD_FILLER", fillerClass, e.toString()));
                 return null;
             }
         }
@@ -1178,18 +1139,17 @@ public abstract class CMSServlet extends HttpServlet {
     }
 
     /**
-     * set default templates. 
-     * subclasses can override, and should override at least the success 
-     * template
+     * set default templates. subclasses can override, and should override at
+     * least the success template
      */
     protected void setDefaultTemplates(ServletConfig sc) {
         // Subclasses should override these for diff templates and params in
-        // their constructors. 
-        // Set a template name to null to not use these standard ones. 
-        // When template name is set to null nothing will be displayed. 
+        // their constructors.
+        // Set a template name to null to not use these standard ones.
+        // When template name is set to null nothing will be displayed.
         // Servlet is assumed to have rendered its own output.
-        // The only exception is the unexpected error template where the 
-        // default one will always be used if template name is null. 
+        // The only exception is the unexpected error template where the
+        // default one will always be used if template name is null.
         String successTemplate = null;
         String errorTemplate = null;
         String unauthorizedTemplate = null;
@@ -1210,17 +1170,17 @@ public abstract class CMSServlet extends HttpServlet {
             if (successTemplate == null) {
                 successTemplate = SUCCESS_TEMPLATE;
                 if (gateway != null)
-                    //successTemplate = "/"+gateway+successTemplate;
-                    successTemplate = "/"+gateway+successTemplate;
+                    // successTemplate = "/"+gateway+successTemplate;
+                    successTemplate = "/" + gateway + successTemplate;
             }
 
             errorTemplate = sc.getInitParameter(
                         PROP_ERROR_TEMPLATE);
             if (errorTemplate == null) {
                 errorTemplate = ERROR_TEMPLATE;
-                if (gateway != null) 
-                    //errorTemplate = "/"+gateway+errorTemplate;
-                    errorTemplate = "/"+gateway+errorTemplate;
+                if (gateway != null)
+                    // errorTemplate = "/"+gateway+errorTemplate;
+                    errorTemplate = "/" + gateway + errorTemplate;
             }
 
             unauthorizedTemplate = sc.getInitParameter(
@@ -1228,8 +1188,8 @@ public abstract class CMSServlet extends HttpServlet {
             if (unauthorizedTemplate == null) {
                 unauthorizedTemplate = UNAUTHORIZED_TEMPLATE;
                 if (gateway != null)
-                    //unauthorizedTemplate = "/"+gateway+unauthorizedTemplate;
-                    unauthorizedTemplate = "/"+gateway+unauthorizedTemplate;
+                    // unauthorizedTemplate = "/"+gateway+unauthorizedTemplate;
+                    unauthorizedTemplate = "/" + gateway + unauthorizedTemplate;
             }
 
             pendingTemplate = sc.getInitParameter(
@@ -1237,8 +1197,8 @@ public abstract class CMSServlet extends HttpServlet {
             if (pendingTemplate == null) {
                 pendingTemplate = PENDING_TEMPLATE;
                 if (gateway != null)
-                    //pendingTemplate = "/"+gateway+pendingTemplate;
-                    pendingTemplate = "/"+gateway+pendingTemplate;
+                    // pendingTemplate = "/"+gateway+pendingTemplate;
+                    pendingTemplate = "/" + gateway + pendingTemplate;
             }
 
             svcpendingTemplate = sc.getInitParameter(
@@ -1246,8 +1206,8 @@ public abstract class CMSServlet extends HttpServlet {
             if (svcpendingTemplate == null) {
                 svcpendingTemplate = SVC_PENDING_TEMPLATE;
                 if (gateway != null)
-                    //svcpendingTemplate = "/"+gateway+svcpendingTemplate;
-                    svcpendingTemplate = "/"+gateway+svcpendingTemplate;
+                    // svcpendingTemplate = "/"+gateway+svcpendingTemplate;
+                    svcpendingTemplate = "/" + gateway + svcpendingTemplate;
             }
 
             rejectedTemplate = sc.getInitParameter(
@@ -1255,8 +1215,8 @@ public abstract class CMSServlet extends HttpServlet {
             if (rejectedTemplate == null) {
                 rejectedTemplate = REJECTED_TEMPLATE;
                 if (gateway != null)
-                    //rejectedTemplate = "/"+gateway+rejectedTemplate;
-                    rejectedTemplate = "/"+gateway+rejectedTemplate;
+                    // rejectedTemplate = "/"+gateway+rejectedTemplate;
+                    rejectedTemplate = "/" + gateway + rejectedTemplate;
             }
 
             unexpectedErrorTemplate = sc.getInitParameter(
@@ -1264,51 +1224,52 @@ public abstract class CMSServlet extends HttpServlet {
             if (unexpectedErrorTemplate == null) {
                 unexpectedErrorTemplate = EXCEPTION_TEMPLATE;
                 if (gateway != null)
-                    //unexpectedErrorTemplate = "/"+gateway+unexpectedErrorTemplate;
-                    unexpectedErrorTemplate = "/"+gateway+unexpectedErrorTemplate;
+                    // unexpectedErrorTemplate =
+                    // "/"+gateway+unexpectedErrorTemplate;
+                    unexpectedErrorTemplate = "/" + gateway + unexpectedErrorTemplate;
             }
         } catch (Exception e) {
-            // this should never happen. 
-            log(ILogger.LL_FAILURE, 
-                CMS.getLogMessage("CMSGW_IMP_INIT_SERV_ERR", e.toString(),
-                    mId));
+            // this should never happen.
+            log(ILogger.LL_FAILURE,
+                    CMS.getLogMessage("CMSGW_IMP_INIT_SERV_ERR", e.toString(),
+                            mId));
         }
 
         mTemplates.put(
-            CMSRequest.UNAUTHORIZED, 
-            new CMSLoadTemplate(
-                PROP_UNAUTHORIZED_TEMPLATE, PROP_UNAUTHOR_TEMPLATE_FILLER,
-                unauthorizedTemplate, null));  
+                CMSRequest.UNAUTHORIZED,
+                new CMSLoadTemplate(
+                        PROP_UNAUTHORIZED_TEMPLATE, PROP_UNAUTHOR_TEMPLATE_FILLER,
+                        unauthorizedTemplate, null));
         mTemplates.put(
-            CMSRequest.SUCCESS, 
-            new CMSLoadTemplate(
-                PROP_SUCCESS_TEMPLATE, PROP_SUCCESS_TEMPLATE_FILLER,
-                successTemplate, new GenSuccessTemplateFiller()));  
+                CMSRequest.SUCCESS,
+                new CMSLoadTemplate(
+                        PROP_SUCCESS_TEMPLATE, PROP_SUCCESS_TEMPLATE_FILLER,
+                        successTemplate, new GenSuccessTemplateFiller()));
         mTemplates.put(
-            CMSRequest.PENDING, 
-            new CMSLoadTemplate(
-                PROP_PENDING_TEMPLATE, PROP_PENDING_TEMPLATE_FILLER,
-                pendingTemplate, new GenPendingTemplateFiller()));
+                CMSRequest.PENDING,
+                new CMSLoadTemplate(
+                        PROP_PENDING_TEMPLATE, PROP_PENDING_TEMPLATE_FILLER,
+                        pendingTemplate, new GenPendingTemplateFiller()));
         mTemplates.put(
-            CMSRequest.SVC_PENDING, 
-            new CMSLoadTemplate(
-                PROP_SVC_PENDING_TEMPLATE, PROP_SVC_PENDING_TEMPLATE_FILLER,
-                svcpendingTemplate, new GenSvcPendingTemplateFiller()));
+                CMSRequest.SVC_PENDING,
+                new CMSLoadTemplate(
+                        PROP_SVC_PENDING_TEMPLATE, PROP_SVC_PENDING_TEMPLATE_FILLER,
+                        svcpendingTemplate, new GenSvcPendingTemplateFiller()));
         mTemplates.put(
-            CMSRequest.REJECTED, 
-            new CMSLoadTemplate(
-                PROP_REJECTED_TEMPLATE, PROP_REJECTED_TEMPLATE_FILLER,
-                rejectedTemplate, new GenRejectedTemplateFiller()));
+                CMSRequest.REJECTED,
+                new CMSLoadTemplate(
+                        PROP_REJECTED_TEMPLATE, PROP_REJECTED_TEMPLATE_FILLER,
+                        rejectedTemplate, new GenRejectedTemplateFiller()));
         mTemplates.put(
-            CMSRequest.ERROR, 
-            new CMSLoadTemplate(
-                PROP_ERROR_TEMPLATE, PROP_ERROR_TEMPLATE_FILLER,
-                errorTemplate, new GenErrorTemplateFiller()));
+                CMSRequest.ERROR,
+                new CMSLoadTemplate(
+                        PROP_ERROR_TEMPLATE, PROP_ERROR_TEMPLATE_FILLER,
+                        errorTemplate, new GenErrorTemplateFiller()));
         mTemplates.put(
-            CMSRequest.EXCEPTION, 
-            new CMSLoadTemplate(
-                PROP_EXCEPTION_TEMPLATE, PROP_EXCEPTION_TEMPLATE_FILLER,
-                unexpectedErrorTemplate, new GenUnexpectedErrorTemplateFiller()));
+                CMSRequest.EXCEPTION,
+                new CMSLoadTemplate(
+                        PROP_EXCEPTION_TEMPLATE, PROP_EXCEPTION_TEMPLATE_FILLER,
+                        unexpectedErrorTemplate, new GenUnexpectedErrorTemplateFiller()));
     }
 
     /**
@@ -1317,8 +1278,8 @@ public abstract class CMSServlet extends HttpServlet {
     public static boolean clientIsNav(HttpServletRequest httpReq) {
         String useragent = httpReq.getHeader("user-agent");
 
-        if (useragent.startsWith("Mozilla") && 
-            useragent.indexOf("MSIE") == -1)
+        if (useragent.startsWith("Mozilla") &&
+                useragent.indexOf("MSIE") == -1)
             return true;
         return false;
     }
@@ -1339,40 +1300,36 @@ public abstract class CMSServlet extends HttpServlet {
      * set using cartman JS. (no other way to tell)
      */
     private static String CMMF_RESPONSE = "cmmfResponse";
+
     public static boolean doCMMFResponse(IArgBlock httpParams) {
         if (httpParams.getValueAsBoolean(CMMF_RESPONSE, false))
             return true;
-        else 
+        else
             return false;
     }
 
     private static final String IMPORT_CERT = "importCert";
     private static final String IMPORT_CHAIN = "importCAChain";
     private static final String IMPORT_CERT_MIME_TYPE = "importCertMimeType";
-    // default mime type 
-    private static final String 
-        NS_X509_USER_CERT = "application/x-x509-user-cert";
-    private static final String 
-        NS_X509_EMAIL_CERT = "application/x-x509-email-cert";
+    // default mime type
+    private static final String NS_X509_USER_CERT = "application/x-x509-user-cert";
+    private static final String NS_X509_EMAIL_CERT = "application/x-x509-email-cert";
 
     // CMC mime types
-    public static final String
-        SIMPLE_ENROLLMENT_REQUEST = "application/pkcs10";
-    public static final String
-        SIMPLE_ENROLLMENT_RESPONSE = "application/pkcs7-mime";
-    public static final String
-        FULL_ENROLLMENT_REQUEST = "application/pkcs7-mime";
-    public static final String
-        FULL_ENROLLMENT_RESPONSE = "application/pkcs7-mime";
+    public static final String SIMPLE_ENROLLMENT_REQUEST = "application/pkcs10";
+    public static final String SIMPLE_ENROLLMENT_RESPONSE = "application/pkcs7-mime";
+    public static final String FULL_ENROLLMENT_REQUEST = "application/pkcs7-mime";
+    public static final String FULL_ENROLLMENT_RESPONSE = "application/pkcs7-mime";
 
     /**
      * handy routine to check if client want full enrollment response
      */
     public static String FULL_RESPONSE = "fullResponse";
+
     public static boolean doFullResponse(IArgBlock httpParams) {
         if (httpParams.getValueAsBoolean(FULL_RESPONSE, false))
             return true;
-        else 
+        else
             return false;
     }
 
@@ -1381,23 +1338,23 @@ public abstract class CMSServlet extends HttpServlet {
      * @return true if import cert directly is true and import cert.
      */
     protected boolean checkImportCertToNav(
-        HttpServletResponse httpResp, IArgBlock httpParams, X509CertImpl cert)
-        throws EBaseException {
+            HttpServletResponse httpResp, IArgBlock httpParams, X509CertImpl cert)
+            throws EBaseException {
         if (!httpParams.getValueAsBoolean(IMPORT_CERT, false)) {
             return false;
         }
         boolean importCAChain =
-            httpParams.getValueAsBoolean(IMPORT_CHAIN, true);
+                httpParams.getValueAsBoolean(IMPORT_CHAIN, true);
         // XXX Temporary workaround because of problem with passing Mime type
         boolean emailCert =
-            httpParams.getValueAsBoolean("emailCert", false);
+                httpParams.getValueAsBoolean("emailCert", false);
         String importMimeType = (emailCert) ?
-            httpParams.getValueAsString(IMPORT_CERT_MIME_TYPE, NS_X509_EMAIL_CERT) :
-            httpParams.getValueAsString(IMPORT_CERT_MIME_TYPE, NS_X509_USER_CERT);
+                httpParams.getValueAsString(IMPORT_CERT_MIME_TYPE, NS_X509_EMAIL_CERT) :
+                httpParams.getValueAsString(IMPORT_CERT_MIME_TYPE, NS_X509_USER_CERT);
 
-        //		String importMimeType =
-        //			httpParams.getValueAsString(
-        //				IMPORT_CERT_MIME_TYPE, NS_X509_USER_CERT);
+        // String importMimeType =
+        // httpParams.getValueAsString(
+        // IMPORT_CERT_MIME_TYPE, NS_X509_USER_CERT);
         importCertToNav(httpResp, cert, importMimeType, importCAChain);
         return true;
     }
@@ -1406,17 +1363,17 @@ public abstract class CMSServlet extends HttpServlet {
      * handy routine to import cert to old navigator in nav mime type.
      */
     public void importCertToNav(
-        HttpServletResponse httpResp, X509CertImpl cert, 
-        String contentType, boolean importCAChain)
-        throws EBaseException {
+            HttpServletResponse httpResp, X509CertImpl cert,
+            String contentType, boolean importCAChain)
+            throws EBaseException {
         ServletOutputStream out = null;
         byte[] encoding = null;
 
-        CMS.debug("CMSServlet: importCertToNav " + 
-                       "contentType=" + contentType + " " + 
+        CMS.debug("CMSServlet: importCertToNav " +
+                       "contentType=" + contentType + " " +
                        "importCAChain=" + importCAChain);
-        try { 
-            out = httpResp.getOutputStream(); 
+        try {
+            out = httpResp.getOutputStream();
             // CA chain.
             if (importCAChain) {
                 CertificateChain caChain = null;
@@ -1426,9 +1383,9 @@ public abstract class CMSServlet extends HttpServlet {
                 caChain = ((ICertAuthority) mAuthority).getCACertChain();
                 caCerts = caChain.getChain();
 
-                // set user + CA cert chain in pkcs7 
-                X509CertImpl[] userChain = 
-                    new X509CertImpl[caCerts.length + 1];
+                // set user + CA cert chain in pkcs7
+                X509CertImpl[] userChain =
+                        new X509CertImpl[caCerts.length + 1];
 
                 userChain[0] = cert;
                 int m = 1, n = 0;
@@ -1437,8 +1394,8 @@ public abstract class CMSServlet extends HttpServlet {
                     userChain[m] = (X509CertImpl) caCerts[n];
 
                     /*
-                     System.out.println(
-                     m+"th Cert "+userChain[m].toString());
+                     * System.out.println(
+                     * m+"th Cert "+userChain[m].toString());
                      */
                 }
                 p7 = new PKCS7(new AlgorithmId[0],
@@ -1456,16 +1413,16 @@ public abstract class CMSServlet extends HttpServlet {
             }
             httpResp.setContentType(contentType);
             out.write(encoding);
-        } catch (IOException e) { 
-            mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER, 
-                ILogger.LL_FAILURE, 
-                CMS.getLogMessage("CMSGW_RET_CERT_IMPORT_ERR", e.toString()));
+        } catch (IOException e) {
+            mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER,
+                    ILogger.LL_FAILURE,
+                    CMS.getLogMessage("CMSGW_RET_CERT_IMPORT_ERR", e.toString()));
             throw new ECMSGWException(
                     CMS.getLogMessage("CMSGW_ERROR_RETURNING_CERT"));
         } catch (CertificateEncodingException e) {
-            mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER, 
-                ILogger.LL_FAILURE, 
-                CMS.getLogMessage("CMSGW_NO_ENCODED_IMP_CERT", e.toString()));
+            mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER,
+                    ILogger.LL_FAILURE,
+                    CMS.getLogMessage("CMSGW_NO_ENCODED_IMP_CERT", e.toString()));
             throw new ECMSGWException(
                     CMS.getLogMessage("CMSGW_ERROR_ENCODING_ISSUED_CERT"));
         }
@@ -1511,75 +1468,76 @@ public abstract class CMSServlet extends HttpServlet {
      * handy routine for getting agent's relative path
      */
     protected String getRelPath(IAuthority authority) {
-        if (authority instanceof ICertificateAuthority) 
+        if (authority instanceof ICertificateAuthority)
             return "ca/";
-        else if (authority instanceof IRegistrationAuthority) 
+        else if (authority instanceof IRegistrationAuthority)
             return "ra/";
-        else if (authority instanceof IKeyRecoveryAuthority) 
+        else if (authority instanceof IKeyRecoveryAuthority)
             return "kra/";
-        else 
+        else
             return "/";
     }
 
     /**
-     * A system certificate such as the CA signing certificate
-     * should not be allowed to delete.
-     * The main purpose is to avoid revoking the self signed
+     * A system certificate such as the CA signing certificate should not be
+     * allowed to delete. The main purpose is to avoid revoking the self signed
      * CA certificate accidentially.
      */
     protected boolean isSystemCertificate(BigInteger serialNo) {
         if (!(mAuthority instanceof ICertificateAuthority)) {
             return false;
         }
-        X509Certificate caCert = 
-            ((ICertificateAuthority)mAuthority).getCACert();
+        X509Certificate caCert =
+                ((ICertificateAuthority) mAuthority).getCACert();
         if (caCert != null) {
-          /* only check this if we are self-signed */
-          if (caCert.getSubjectDN().equals(caCert.getIssuerDN())) {
-            if (caCert.getSerialNumber().equals(serialNo)) {
-              return true;
+            /* only check this if we are self-signed */
+            if (caCert.getSubjectDN().equals(caCert.getIssuerDN())) {
+                if (caCert.getSerialNumber().equals(serialNo)) {
+                    return true;
+                }
             }
-          }
         }
         return false;
     }
 
     /**
      * make a CRL entry from a serial number and revocation reason.
+     * 
      * @return a RevokedCertImpl that can be entered in a CRL.
      */
     protected RevokedCertImpl formCRLEntry(
-        BigInteger serialNo, RevocationReason reason)
-        throws EBaseException {
+            BigInteger serialNo, RevocationReason reason)
+            throws EBaseException {
         CRLReasonExtension reasonExt = new CRLReasonExtension(reason);
         CRLExtensions crlentryexts = new CRLExtensions();
 
         try {
             crlentryexts.set(CRLReasonExtension.class.getSimpleName(), reasonExt);
         } catch (IOException e) {
-            log(ILogger.LL_FAILURE, 
-                CMS.getLogMessage("CMSGW_ERR_CRL_REASON", reason.toString(), e.toString()));
+            log(ILogger.LL_FAILURE,
+                    CMS.getLogMessage("CMSGW_ERR_CRL_REASON", reason.toString(), e.toString()));
             throw new ECMSGWException(
                     CMS.getLogMessage("CMSGW_ERROR_SETTING_CRLREASON"));
         }
-        RevokedCertImpl crlentry = 
-            new RevokedCertImpl(serialNo, CMS.getCurrentDate(), crlentryexts);
+        RevokedCertImpl crlentry =
+                new RevokedCertImpl(serialNo, CMS.getCurrentDate(), crlentryexts);
 
         return crlentry;
     }
 
     /**
      * check if a certificate (serial number) is revoked on a CA.
+     * 
      * @return true if cert is marked revoked in the CA's database.
-     * @return false if cert is not marked revoked.  
+     * @return false if cert is not marked revoked.
      */
-    protected boolean certIsRevoked(BigInteger serialNum) 
-        throws EBaseException {
+    protected boolean certIsRevoked(BigInteger serialNum)
+            throws EBaseException {
         ICertRecord certRecord = getCertRecord(serialNum);
 
         if (certRecord == null) {
-            log(ILogger.LL_FAILURE, 
-                CMS.getLogMessage("CMSGW_BAD_CERT_SER_NUM", String.valueOf(serialNum)));
+            log(ILogger.LL_FAILURE,
+                    CMS.getLogMessage("CMSGW_BAD_CERT_SER_NUM", String.valueOf(serialNum)));
             throw new ECMSGWException(
                     CMS.getLogMessage("CMSGW_INVALID_CERT"));
         }
@@ -1590,7 +1548,7 @@ public abstract class CMSServlet extends HttpServlet {
 
     public static String generateSalt() {
         Random rnd = new Random();
-        String salt = new Integer( rnd.nextInt() ).toString();
+        String salt = new Integer(rnd.nextInt()).toString();
         return salt;
     }
 
@@ -1608,8 +1566,8 @@ public abstract class CMSServlet extends HttpServlet {
      * @param locale array of at least one to be filled with locale found.
      */
     public static File getLangFile(
-        HttpServletRequest req, File realpathFile, Locale[] locale)
-        throws IOException {
+            HttpServletRequest req, File realpathFile, Locale[] locale)
+            throws IOException {
         File file = null;
         String acceptLang = req.getHeader("accept-language");
 
@@ -1626,7 +1584,7 @@ public abstract class CMSServlet extends HttpServlet {
                 }
                 String name = realpathFile.getName();
 
-                if (name == null) {  // filename should never be null.
+                if (name == null) { // filename should never be null.
                     throw new IOException("file has no name");
                 }
                 int i;
@@ -1655,8 +1613,8 @@ public abstract class CMSServlet extends HttpServlet {
                     }
 
                     String langfilepath =
-                        parent + File.separatorChar +
-                        lang + File.separatorChar + name;
+                            parent + File.separatorChar +
+                                    lang + File.separatorChar + name;
 
                     file = new File(langfilepath);
                     if (file.exists()) {
@@ -1688,18 +1646,18 @@ public abstract class CMSServlet extends HttpServlet {
     }
 
     public IAuthToken authenticate(CMSRequest req)
-        throws EBaseException {
+            throws EBaseException {
         return authenticate(req, mAuthMgr);
     }
 
     public IAuthToken authenticate(HttpServletRequest httpReq)
-        throws EBaseException {
+            throws EBaseException {
         return authenticate(httpReq, mAuthMgr);
     }
 
-    public IAuthToken authenticate(CMSRequest req, String authMgrName) 
-        throws EBaseException {
-        IAuthToken authToken = authenticate(req.getHttpReq(), 
+    public IAuthToken authenticate(CMSRequest req, String authMgrName)
+            throws EBaseException {
+        IAuthToken authToken = authenticate(req.getHttpReq(),
                 authMgrName);
 
         saveAuthToken(authToken, req.getIRequest());
@@ -1709,19 +1667,19 @@ public abstract class CMSServlet extends HttpServlet {
     /**
      * Authentication
      * <P>
-     *
+     * 
      * <ul>
      * <li>signed.audit LOGGING_SIGNED_AUDIT_AUTH_FAIL used when authentication
-     * fails (in case of SSL-client auth, only webserver env can pick up the
-     * SSL violation; CS authMgr can pick up cert mis-match, so this event
-     * is used)
-     * <li>signed.audit LOGGING_SIGNED_AUDIT_AUTH_SUCCESS used when authentication
-     * succeeded
+     * fails (in case of SSL-client auth, only webserver env can pick up the SSL
+     * violation; CS authMgr can pick up cert mis-match, so this event is used)
+     * <li>signed.audit LOGGING_SIGNED_AUDIT_AUTH_SUCCESS used when
+     * authentication succeeded
      * </ul>
+     * 
      * @exception EBaseException an error has occurred
      */
     public IAuthToken authenticate(HttpServletRequest httpReq, String authMgrName)
-        throws EBaseException { 
+            throws EBaseException {
         String auditMessage = null;
         String auditSubjectID = ILogger.UNIDENTIFIED;
         String auditAuthMgrID = ILogger.UNIDENTIFIED;
@@ -1750,19 +1708,19 @@ public abstract class CMSServlet extends HttpServlet {
             //
             // check ssl client authentication if specified.
             //
-            X509Certificate clientCert = null; 
+            X509Certificate clientCert = null;
 
-            if (getClientCert != null && getClientCert.equals("true")) { 
+            if (getClientCert != null && getClientCert.equals("true")) {
                 CMS.debug("CMSServlet: retrieving SSL certificate");
                 clientCert = getSSLClientCertificate(httpReq);
             }
 
             //
             // check authentication by auth manager if any.
-            // 
+            //
             if (authMgrName == null) {
 
-                // Fixed Blackflag Bug #613900:  Since this code block does
+                // Fixed Blackflag Bug #613900: Since this code block does
                 // NOT actually constitute an authentication failure, but
                 // rather the case in which a given servlet has been correctly
                 // configured to NOT require an authentication manager, the
@@ -1795,10 +1753,10 @@ public abstract class CMSServlet extends HttpServlet {
             }
             AuthToken authToken = CMSGateway.checkAuthManager(httpReq,
                     httpArgs,
-                    clientCert, 
+                    clientCert,
                     authMgrName);
             if (authToken == null) {
-              return null;
+                return null;
             }
             String userid = authToken.getInString(IAuthToken.USER_ID);
 
@@ -1807,7 +1765,7 @@ public abstract class CMSServlet extends HttpServlet {
             if (userid != null) {
                 ctx.put(SessionContext.USER_ID, userid);
             }
-        
+
             // reset the "auditSubjectID"
             auditSubjectID = auditSubjectID();
 
@@ -1828,7 +1786,7 @@ public abstract class CMSServlet extends HttpServlet {
                         auditSubjectID,
                         ILogger.FAILURE,
                         auditAuthMgrID,
-                        auditUID); 
+                        auditUID);
             audit(auditMessage);
 
             // rethrow the specific exception to be handled later
@@ -1837,7 +1795,7 @@ public abstract class CMSServlet extends HttpServlet {
     }
 
     public AuthzToken authorize(String authzMgrName, String resource, IAuthToken authToken,
-      String exp) throws EBaseException {
+            String exp) throws EBaseException {
         AuthzToken authzToken = null;
         String auditMessage = null;
         String auditSubjectID = auditSubjectID();
@@ -1911,29 +1869,30 @@ public abstract class CMSServlet extends HttpServlet {
     /**
      * Authorize must occur after Authenticate
      * <P>
-     *
+     * 
      * <ul>
      * <li>signed.audit LOGGING_SIGNED_AUDIT_AUTHZ_FAIL used when authorization
      * has failed
-     * <li>signed.audit LOGGING_SIGNED_AUDIT_AUTHZ_SUCCESS used when authorization
-     * is successful
-     * <li>signed.audit LOGGING_SIGNED_AUDIT_ROLE_ASSUME used when user assumes a
-     * role (in current CS that's when one accesses a role port)
+     * <li>signed.audit LOGGING_SIGNED_AUDIT_AUTHZ_SUCCESS used when
+     * authorization is successful
+     * <li>signed.audit LOGGING_SIGNED_AUDIT_ROLE_ASSUME used when user assumes
+     * a role (in current CS that's when one accesses a role port)
      * </ul>
+     * 
      * @param authzMgrName string representing the name of the authorization
-     * manager
+     *            manager
      * @param authToken the authentication token
      * @param resource a string representing the ACL resource id as defined in
-     * the ACL resource list
+     *            the ACL resource list
      * @param operation a string representing one of the operations as defined
-     * within the ACL statement (e. g. - "read" for an ACL statement containing
-     * "(read,write)")
+     *            within the ACL statement (e. g. - "read" for an ACL statement
+     *            containing "(read,write)")
      * @exception EBaseException an error has occurred
      * @return the authorization token
      */
     public AuthzToken authorize(String authzMgrName, IAuthToken authToken,
-        String resource, String operation)
-        throws EBaseException {
+            String resource, String operation)
+            throws EBaseException {
         String auditMessage = null;
         String auditSubjectID = auditSubjectID();
         String auditGroupID = auditGroupID();
@@ -1941,19 +1900,18 @@ public abstract class CMSServlet extends HttpServlet {
         String auditACLResource = resource;
         String auditOperation = operation;
 
-
         SessionContext auditContext = SessionContext.getExistingContext();
         String authManagerId = null;
 
-        if(auditContext != null) {
+        if (auditContext != null) {
             authManagerId = (String) auditContext.get(SessionContext.AUTH_MANAGER_ID);
-    
-            if(authManagerId != null && authManagerId.equals("TokenAuth")) {
-               if (auditSubjectID.equals(ILogger.NONROLEUSER) ||
-                   auditSubjectID.equals(ILogger.UNIDENTIFIED)) {
-                   CMS.debug("CMSServlet: in authorize... TokenAuth auditSubjectID unavailable, changing to auditGroupID");
-                   auditID = auditGroupID;  
-               }
+
+            if (authManagerId != null && authManagerId.equals("TokenAuth")) {
+                if (auditSubjectID.equals(ILogger.NONROLEUSER) ||
+                        auditSubjectID.equals(ILogger.UNIDENTIFIED)) {
+                    CMS.debug("CMSServlet: in authorize... TokenAuth auditSubjectID unavailable, changing to auditGroupID");
+                    auditID = auditGroupID;
+                }
             }
         }
 
@@ -1968,7 +1926,7 @@ public abstract class CMSServlet extends HttpServlet {
         }
 
         if (authzMgrName == null) {
-            // Fixed Blackflag Bug #613900:  Since this code block does
+            // Fixed Blackflag Bug #613900: Since this code block does
             // NOT actually constitute an authorization failure, but
             // rather the case in which a given servlet has been correctly
             // configured to NOT require an authorization manager, the
@@ -2073,11 +2031,11 @@ public abstract class CMSServlet extends HttpServlet {
 
     /**
      * Signed Audit Log
-     *
-     * This method is inherited by all extended "CMSServlet"s,
-     * and is called to store messages to the signed audit log.
+     * 
+     * This method is inherited by all extended "CMSServlet"s, and is called to
+     * store messages to the signed audit log.
      * <P>
-     *
+     * 
      * @param msg signed audit log message
      */
     protected void audit(String msg) {
@@ -2089,20 +2047,19 @@ public abstract class CMSServlet extends HttpServlet {
         }
 
         mSignedAuditLogger.log(ILogger.EV_SIGNED_AUDIT,
-            null,
-            ILogger.S_SIGNED_AUDIT,
-            ILogger.LL_SECURITY,
-            msg);
+                null,
+                ILogger.S_SIGNED_AUDIT,
+                ILogger.LL_SECURITY,
+                msg);
     }
 
     /**
      * Signed Audit Log Subject ID
-     *
-     * This method is inherited by all extended "CMSServlet"s,
-     * and is called to obtain the "SubjectID" for
-     * a signed audit log message.
+     * 
+     * This method is inherited by all extended "CMSServlet"s, and is called to
+     * obtain the "SubjectID" for a signed audit log message.
      * <P>
-     *
+     * 
      * @return id string containing the signed audit log message SubjectID
      */
     protected String auditSubjectID() {
@@ -2137,12 +2094,11 @@ public abstract class CMSServlet extends HttpServlet {
 
     /**
      * Signed Audit Log Group ID
-     *
-     * This method is inherited by all extended "CMSServlet"s,
-     * and is called to obtain the "gid" for
-     * a signed audit log message.
+     * 
+     * This method is inherited by all extended "CMSServlet"s, and is called to
+     * obtain the "gid" for a signed audit log message.
      * <P>
-     *
+     * 
      * @return id string containing the signed audit log message SubjectID
      */
     protected String auditGroupID() {
@@ -2177,14 +2133,14 @@ public abstract class CMSServlet extends HttpServlet {
 
     /**
      * Signed Audit Groups
-     *
-     * This method is called to extract all "groups" associated
-     * with the "auditSubjectID()".
+     * 
+     * This method is called to extract all "groups" associated with the
+     * "auditSubjectID()".
      * <P>
-     *
+     * 
      * @param id string containing the signed audit log message SubjectID
-     * @return a delimited string of groups associated
-     *      with the "auditSubjectID()"
+     * @return a delimited string of groups associated with the
+     *         "auditSubjectID()"
      */
     private String auditGroups(String SubjectID) {
         // if no signed audit object exists, bail
@@ -2193,7 +2149,7 @@ public abstract class CMSServlet extends HttpServlet {
         }
 
         if ((SubjectID == null) ||
-            (SubjectID.equals(ILogger.UNIDENTIFIED))) {
+                (SubjectID.equals(ILogger.UNIDENTIFIED))) {
             return ILogger.SIGNED_AUDIT_EMPTY_VALUE;
         }
 
@@ -2211,7 +2167,7 @@ public abstract class CMSServlet extends HttpServlet {
             IGroup group = (IGroup) groups.nextElement();
 
             if (group.isMember(SubjectID) == true) {
-                if (membersString.length()!= 0) {
+                if (membersString.length() != 0) {
                     membersString.append(", ");
                 }
 
@@ -2219,7 +2175,7 @@ public abstract class CMSServlet extends HttpServlet {
             }
         }
 
-        if (membersString.length()!=0) {
+        if (membersString.length() != 0) {
             return membersString.toString();
         } else {
             return ILogger.SIGNED_AUDIT_EMPTY_VALUE;
@@ -2243,18 +2199,18 @@ public abstract class CMSServlet extends HttpServlet {
         return locale;
     }
 
-    protected void outputResult(HttpServletResponse httpResp, 
-      String contentType, byte[] content) {
+    protected void outputResult(HttpServletResponse httpResp,
+            String contentType, byte[] content) {
         try {
             OutputStream os = httpResp.getOutputStream();
-    
+
             httpResp.setContentType(contentType);
             httpResp.setContentLength(content.length);
             os.write(content);
             os.flush();
         } catch (IOException e) {
             log(ILogger.LL_FAILURE,
-                CMS.getLogMessage("CMSGW_ERR_BAD_SERV_OUT_STREAM", "", e.toString()));
+                    CMS.getLogMessage("CMSGW_ERR_BAD_SERV_OUT_STREAM", "", e.toString()));
             return;
         }
     }
@@ -2288,34 +2244,36 @@ public abstract class CMSServlet extends HttpServlet {
         } catch (Exception ee) {
             CMS.debug("Failed to send XML output to the server.");
             log(ILogger.LL_FAILURE,
-                CMS.getLogMessage("CMSGW_ERR_BAD_SERV_OUT_STREAM", "", ee.toString()));
+                    CMS.getLogMessage("CMSGW_ERR_BAD_SERV_OUT_STREAM", "", ee.toString()));
         }
     }
 
-    protected StringBuffer escapeValueRfc1779(String v, boolean doubleEscape)
-    {
+    protected StringBuffer escapeValueRfc1779(String v, boolean doubleEscape) {
         StringBuffer result = new StringBuffer();
 
         // Do we need to escape any characters
         for (int i = 0; i < v.length(); i++) {
             int c = v.charAt(i);
             if (c == ',' || c == '=' || c == '+' || c == '<' ||
-                c == '>' || c == '#' || c == ';' || c == '\r' ||
-                c == '\n' || c == '\\' || c == '"') {
-                if ((c == 0x5c) && ((i+1) < v.length())) {
-                    int nextC = v.charAt(i+1);
+                    c == '>' || c == '#' || c == ';' || c == '\r' ||
+                    c == '\n' || c == '\\' || c == '"') {
+                if ((c == 0x5c) && ((i + 1) < v.length())) {
+                    int nextC = v.charAt(i + 1);
                     if ((c == 0x5c) && (nextC == ',' || nextC == '=' || nextC == '+' ||
                                         nextC == '<' || nextC == '>' || nextC == '#' ||
                                         nextC == ';' || nextC == '\r' || nextC == '\n' ||
                                         nextC == '\\' || nextC == '"')) {
-                        if (doubleEscape) result.append('\\');
+                        if (doubleEscape)
+                            result.append('\\');
                     } else {
                         result.append('\\');
-                        if (doubleEscape) result.append('\\');
+                        if (doubleEscape)
+                            result.append('\\');
                     }
                 } else {
                     result.append('\\');
-                    if (doubleEscape) result.append('\\');
+                    if (doubleEscape)
+                        result.append('\\');
                 }
             }
             if (c == '\r') {
@@ -2323,11 +2281,10 @@ public abstract class CMSServlet extends HttpServlet {
             } else if (c == '\n') {
                 result.append("0A");
             } else {
-                result.append((char)c);
+                result.append((char) c);
             }
         }
         return result;
     }
 
 }
-
diff --git a/pki/base/common/src/com/netscape/cms/servlet/base/CMSStartServlet.java b/pki/base/common/src/com/netscape/cms/servlet/base/CMSStartServlet.java
index 64c59c5a..99e12555 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/base/CMSStartServlet.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/base/CMSStartServlet.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.servlet.base;
 
-
 import java.io.File;
 import java.io.IOException;
 import java.io.PrintWriter;
@@ -32,11 +31,10 @@ import com.netscape.certsrv.apps.CMS;
 import com.netscape.certsrv.base.EBaseException;
 import com.netscape.cmsutil.util.Utils;
 
-
 /**
- * This servlet is started by the web server at startup, and
- * it starts the CMS framework.
- *
+ * This servlet is started by the web server at startup, and it starts the CMS
+ * framework.
+ * 
  * @version $Revision$, $Date$
  */
 public class CMSStartServlet extends HttpServlet {
@@ -55,34 +53,34 @@ public class CMSStartServlet extends HttpServlet {
         if (!f.exists()) {
             int index = path.lastIndexOf("CS.cfg");
             if (index != -1) {
-                old_path = path.substring(0, index)+"CMS.cfg";
+                old_path = path.substring(0, index) + "CMS.cfg";
             }
             File f1 = new File(old_path);
             if (f1.exists()) {
                 // The following block of code moves "CMS.cfg" to "CS.cfg".
                 try {
-                    if( Utils.isNT() ) {
+                    if (Utils.isNT()) {
                         // NT is very picky on the path
-                        Utils.exec( "copy " +
-                                    f1.getAbsolutePath().replace( '/', '\\' ) +
+                        Utils.exec("copy " +
+                                    f1.getAbsolutePath().replace('/', '\\') +
                                     " " +
-                                    f.getAbsolutePath().replace( '/', '\\' ) );
+                                    f.getAbsolutePath().replace('/', '\\'));
                     } else {
                         // Create a copy of the original file which
                         // preserves the original file permissions.
-                        Utils.exec( "cp -p " + f1.getAbsolutePath() + " " +
-                                    f.getAbsolutePath() );
+                        Utils.exec("cp -p " + f1.getAbsolutePath() + " " +
+                                    f.getAbsolutePath());
                     }
 
                     // Remove the original file if and only if
                     // the backup copy was successful.
-                    if( f.exists() ) {
+                    if (f.exists()) {
                         f1.delete();
 
                         // Make certain that the new file has
                         // the correct permissions.
-                        if( !Utils.isNT() ) {
-                            Utils.exec( "chmod 00660 " + f.getAbsolutePath() );
+                        if (!Utils.isNT()) {
+                            Utils.exec("chmod 00660 " + f.getAbsolutePath());
                         }
                     }
                 } catch (Exception e) {
@@ -96,7 +94,7 @@ public class CMSStartServlet extends HttpServlet {
     }
 
     public void doGet(HttpServletRequest req, HttpServletResponse res)
-        throws ServletException, IOException {
+            throws ServletException, IOException {
         res.setContentType("text/html");
 
         PrintWriter out = res.getWriter();
diff --git a/pki/base/common/src/com/netscape/cms/servlet/base/DisplayHtmlServlet.java b/pki/base/common/src/com/netscape/cms/servlet/base/DisplayHtmlServlet.java
index 8d853f0b..7499c781 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/base/DisplayHtmlServlet.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/base/DisplayHtmlServlet.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.servlet.base;
 
-
 import java.io.ByteArrayOutputStream;
 import java.io.File;
 import java.io.FileInputStream;
@@ -33,10 +32,10 @@ import com.netscape.certsrv.logging.ILogger;
 import com.netscape.cms.servlet.common.CMSRequest;
 import com.netscape.cms.servlet.common.ECMSGWException;
 
-
 /**
- * This is the servlet that displays the html page for the corresponding input id.
- *
+ * This is the servlet that displays the html page for the corresponding input
+ * id.
+ * 
  * @version $Revision$, $Date$
  */
 public class DisplayHtmlServlet extends CMSServlet {
@@ -55,7 +54,7 @@ public class DisplayHtmlServlet extends CMSServlet {
 
     public void init(ServletConfig sc) throws ServletException {
         super.init(sc);
-        mHTMLPath = sc.getInitParameter(PROP_HTML_PATH); 
+        mHTMLPath = sc.getInitParameter(PROP_HTML_PATH);
         mTemplates.remove(CMSRequest.SUCCESS);
     }
 
@@ -68,18 +67,18 @@ public class DisplayHtmlServlet extends CMSServlet {
         IAuthToken authToken = authenticate(cmsReq);
 
         try {
-            String realpath = 
-              mServletConfig.getServletContext().getRealPath("/" + mHTMLPath);
+            String realpath =
+                    mServletConfig.getServletContext().getRealPath("/" + mHTMLPath);
 
             if (realpath == null) {
                 mLogger.log(
-                  ILogger.EV_SYSTEM, ILogger.S_OTHER, ILogger.LL_FAILURE,
-                  CMS.getLogMessage("CMSGW_NO_FIND_TEMPLATE", mHTMLPath));
-                throw new ECMSGWException(CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE")) ;
+                        ILogger.EV_SYSTEM, ILogger.S_OTHER, ILogger.LL_FAILURE,
+                        CMS.getLogMessage("CMSGW_NO_FIND_TEMPLATE", mHTMLPath));
+                throw new ECMSGWException(CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE"));
             }
             File file = new File(realpath);
             long flen = file.length();
-            byte[] bin = new byte[(int)flen];
+            byte[] bin = new byte[(int) flen];
             FileInputStream ins = new FileInputStream(file);
 
             int len = 0;
@@ -92,9 +91,9 @@ public class DisplayHtmlServlet extends CMSServlet {
             ins.close();
             bos.close();
         } catch (IOException e) {
-            log(ILogger.LL_FAILURE, 
-              CMS.getLogMessage("CMSGW_ERR_OUT_TEMPLATE", mHTMLPath, e.toString()));
-            throw new ECMSGWException(CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE")); 
+            log(ILogger.LL_FAILURE,
+                    CMS.getLogMessage("CMSGW_ERR_OUT_TEMPLATE", mHTMLPath, e.toString()));
+            throw new ECMSGWException(CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE"));
         }
     }
 }
diff --git a/pki/base/common/src/com/netscape/cms/servlet/base/DynamicVariablesServlet.java b/pki/base/common/src/com/netscape/cms/servlet/base/DynamicVariablesServlet.java
index 9607fbe2..84fcf347 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/base/DynamicVariablesServlet.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/base/DynamicVariablesServlet.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.servlet.base;
 
-
 import java.io.IOException;
 import java.util.Date;
 import java.util.Enumeration;
@@ -39,14 +38,13 @@ import com.netscape.certsrv.authentication.IAuthToken;
 import com.netscape.certsrv.base.EBaseException;
 import com.netscape.certsrv.base.IConfigStore;
 
-
 /**
- * Return some javascript to the request which contains the list of
- * dynamic data in the CMS system.
+ * Return some javascript to the request which contains the list of dynamic data
+ * in the CMS system.
  * <p>
- * This allows the requestor (browser) to make decisions about what
- * to present in the UI, depending on how CMS is configured
- *
+ * This allows the requestor (browser) to make decisions about what to present
+ * in the UI, depending on how CMS is configured
+ * 
  * @version $Revision$, $Date$
  */
 public class DynamicVariablesServlet extends CMSServlet {
@@ -83,10 +81,10 @@ public class DynamicVariablesServlet extends CMSServlet {
     private static final String VAR_CLA_CRL_URL_STRING = "clacrlurl()";
     private static final Integer VAR_CLA_CRL_URL = Integer.valueOf(6);
     private String VAR_CLA_CRL_URL_VALUE = null;
-	
+
     private String mAuthMgrCacheString = "";
-    private long   mAuthMgrCacheTime = 0;
-    private final int AUTHMGRCACHE = 10;   	//number of seconds to cache list of
+    private long mAuthMgrCacheTime = 0;
+    private final int AUTHMGRCACHE = 10; // number of seconds to cache list of
     // authmanagers for
     private Hashtable dynvars = null;
     private String mGetClientCert = "false";
@@ -99,7 +97,7 @@ public class DynamicVariablesServlet extends CMSServlet {
         IConfigStore config = CMS.getConfigStore().getSubStore(PROP_CLONING);
 
         try {
-            mCrlurl = 
+            mCrlurl =
                     config.getString(PROP_CRLURL, "");
         } catch (EBaseException e) {
         }
@@ -119,33 +117,38 @@ public class DynamicVariablesServlet extends CMSServlet {
     /**
      * Reads the following variables from the servlet config:
      * <ul>
-     *   <li><strong>AuthMgr</strong>  - the authentication manager to use to authenticate the request
-     *   <li><strong>GetClientCert</strong> - whether to request client auth for this request
-     *   <li><strong>authority</strong>  - the authority (ca, ra, drm) to return to the client
-     *   <li><strong>dynamicVariables</strong> - a string of the form:
-     *         serverdate=serverdate(),subsystemname=subsystemname(),
-     *         http=http(),authmgrs=authmgrs(),clacrlurl=clacrlurl()
+     * <li><strong>AuthMgr</strong> - the authentication manager to use to
+     * authenticate the request
+     * <li><strong>GetClientCert</strong> - whether to request client auth for
+     * this request
+     * <li><strong>authority</strong> - the authority (ca, ra, drm) to return to
+     * the client
+     * <li><strong>dynamicVariables</strong> - a string of the form:
+     * serverdate=serverdate(),subsystemname=subsystemname(),
+     * http=http(),authmgrs=authmgrs(),clacrlurl=clacrlurl()
      * </ul>
-     * The dynamicVariables string is parsed by splitting on commas.
-     * When services, the HTTP request provides a piece of javascript
-     * code as follows.
+     * The dynamicVariables string is parsed by splitting on commas. When
+     * services, the HTTP request provides a piece of javascript code as
+     * follows.
      * <p>
      * Each sub expression "lhs=rhs()" forms a javascript statement of the form
-     * <i>lhs=xxx;</i>  Where  lhs is xxx is the result of 'evaluating' the
-     * rhs. The possible values for the rhs() function are:
+     * <i>lhs=xxx;</i> Where lhs is xxx is the result of 'evaluating' the rhs.
+     * The possible values for the rhs() function are:
      * <ul>
-     * <li><strong>serverdate()</strong>  - the timestamp of the server (used to ensure that the client
-     *        clock is set correctly)
+     * <li><strong>serverdate()</strong> - the timestamp of the server (used to
+     * ensure that the client clock is set correctly)
      * <li><strong>subsystemname()</strong>
-     * <li><strong>http()</strong> - "true" or "false" - is this an http connection (as opposed to https)
+     * <li><strong>http()</strong> - "true" or "false" - is this an http
+     * connection (as opposed to https)
      * <li>authmgrs() - a comma separated list of authentication managers
-     * <li>clacrlurl() - the URL to get the CRL from, in the case of a Clone CA. This is
-     *    defined in the CMS configuration parameter 'cloning.cloneMasterCrlUrl'
+     * <li>clacrlurl() - the URL to get the CRL from, in the case of a Clone CA.
+     * This is defined in the CMS configuration parameter
+     * 'cloning.cloneMasterCrlUrl'
      * </ul>
+     * 
      * @see javax.servlet.Servlet#init(ServletConfig)
      */
 
-
     public void init(ServletConfig sc) throws ServletException {
         super.init(sc);
         mAuthMgr = sc.getInitParameter(PROP_AUTHMGR);
@@ -194,8 +197,8 @@ public class DynamicVariablesServlet extends CMSServlet {
     }
 
     public void service(HttpServletRequest httpReq,
-        HttpServletResponse httpResp)
-        throws ServletException, IOException {
+            HttpServletResponse httpResp)
+            throws ServletException, IOException {
         boolean running_state = CMS.isInRunningState();
 
         if (!running_state)
@@ -214,7 +217,7 @@ public class DynamicVariablesServlet extends CMSServlet {
 
         httpResp.setContentType("application/x-javascript");
         httpResp.setHeader("Pragma", "no-cache");
-		
+
         try {
             ServletOutputStream os = httpResp.getOutputStream();
 
diff --git a/pki/base/common/src/com/netscape/cms/servlet/base/GetStats.java b/pki/base/common/src/com/netscape/cms/servlet/base/GetStats.java
index 3b8f8bd4..b4f1aed1 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/base/GetStats.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/base/GetStats.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.servlet.base;
 
-
 import java.io.IOException;
 import java.util.Date;
 import java.util.Enumeration;
@@ -43,10 +42,9 @@ import com.netscape.cms.servlet.common.CMSTemplate;
 import com.netscape.cms.servlet.common.CMSTemplateParams;
 import com.netscape.cms.servlet.common.ECMSGWException;
 
-
 /**
  * Retrieve information.
- *
+ * 
  * @version $Revision$, $Date$
  */
 public class GetStats extends CMSServlet {
@@ -62,9 +60,9 @@ public class GetStats extends CMSServlet {
     }
 
     /**
-     * initialize the servlet. This servlet uses the template
-     * file "getOCSPInfo.template" to render the result page.
-     *
+     * initialize the servlet. This servlet uses the template file
+     * "getOCSPInfo.template" to render the result page.
+     * 
      * @param sc servlet configuration, read from the web.xml file
      */
     public void init(ServletConfig sc) throws ServletException {
@@ -79,14 +77,13 @@ public class GetStats extends CMSServlet {
         mTemplates.remove(CMSRequest.SUCCESS);
     }
 
-
     /**
-	 * Process the HTTP request. 
-     *
+     * Process the HTTP request.
+     * 
      * @param cmsReq the object holding the request and response information
      */
     protected void process(CMSRequest cmsReq)
-        throws EBaseException {
+            throws EBaseException {
         HttpServletRequest httpReq = cmsReq.getHttpReq();
         HttpServletResponse httpResp = cmsReq.getHttpResp();
 
@@ -98,10 +95,10 @@ public class GetStats extends CMSServlet {
                         mAuthzResourceName, "read");
         } catch (EAuthzAccessDenied e) {
             log(ILogger.LL_FAILURE,
-                CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+                    CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
         } catch (Exception e) {
             log(ILogger.LL_FAILURE,
-                CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+                    CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
         }
 
         if (authzToken == null) {
@@ -118,10 +115,10 @@ public class GetStats extends CMSServlet {
         try {
             form = getTemplate(mFormPath, httpReq, locale);
         } catch (IOException e) {
-            log(ILogger.LL_FAILURE, 
-                CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString()));
+            log(ILogger.LL_FAILURE,
+                    CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString()));
             cmsReq.setError(new ECMSGWException(
-              CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")));
+                    CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")));
             cmsReq.setStatus(CMSRequest.ERROR);
             return;
         }
@@ -130,12 +127,12 @@ public class GetStats extends CMSServlet {
         IArgBlock fixed = CMS.createArgBlock();
         CMSTemplateParams argSet = new CMSTemplateParams(header, fixed);
 
-        IStatsSubsystem statsSub = (IStatsSubsystem)CMS.getSubsystem("stats");
+        IStatsSubsystem statsSub = (IStatsSubsystem) CMS.getSubsystem("stats");
         StatsEvent st = statsSub.getMainStatsEvent();
 
         String op = httpReq.getParameter("op");
         if (op != null && op.equals("clear")) {
-          statsSub.resetCounters();
+            statsSub.resetCounters();
         }
 
         header.addStringValue("startTime", statsSub.getStartTime().toString());
@@ -149,43 +146,42 @@ public class GetStats extends CMSServlet {
             form.renderOutput(out, argSet);
             cmsReq.setStatus(CMSRequest.SUCCESS);
         } catch (IOException e) {
-            log(ILogger.LL_FAILURE, 
-                CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString()));
+            log(ILogger.LL_FAILURE,
+                    CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString()));
             cmsReq.setError(new ECMSGWException(
-              CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")));
+                    CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")));
             cmsReq.setStatus(CMSRequest.ERROR);
         }
         cmsReq.setStatus(CMSRequest.SUCCESS);
         return;
     }
 
-    public String getSep(int level)
-    {
-      StringBuffer s = new StringBuffer();
-      for (int i = 0; i < level; i++) {
-        s.append("-");
-      }
-      return s.toString();
+    public String getSep(int level) {
+        StringBuffer s = new StringBuffer();
+        for (int i = 0; i < level; i++) {
+            s.append("-");
+        }
+        return s.toString();
     }
 
     public void parse(CMSTemplateParams argSet, StatsEvent st, int level) {
         Enumeration names = st.getSubEventNames();
         while (names.hasMoreElements()) {
-          String name = (String)names.nextElement();
-          StatsEvent subSt = st.getSubEvent(name);
-
-          IArgBlock rarg = CMS.createArgBlock();
-          rarg.addStringValue("name", getSep(level) + " " + subSt.getName());
-          rarg.addLongValue("noOfOp", subSt.getNoOfOperations());
-          rarg.addLongValue("timeTaken", subSt.getTimeTaken());
-          rarg.addLongValue("max", subSt.getMax());
-          rarg.addLongValue("min", subSt.getMin());
-          rarg.addLongValue("percentage", subSt.getPercentage());
-          rarg.addLongValue("avg", subSt.getAvg());
-          rarg.addLongValue("stddev", subSt.getStdDev());
-          argSet.addRepeatRecord(rarg); 
-
-          parse(argSet, subSt, level+1);
+            String name = (String) names.nextElement();
+            StatsEvent subSt = st.getSubEvent(name);
+
+            IArgBlock rarg = CMS.createArgBlock();
+            rarg.addStringValue("name", getSep(level) + " " + subSt.getName());
+            rarg.addLongValue("noOfOp", subSt.getNoOfOperations());
+            rarg.addLongValue("timeTaken", subSt.getTimeTaken());
+            rarg.addLongValue("max", subSt.getMax());
+            rarg.addLongValue("min", subSt.getMin());
+            rarg.addLongValue("percentage", subSt.getPercentage());
+            rarg.addLongValue("avg", subSt.getAvg());
+            rarg.addLongValue("stddev", subSt.getStdDev());
+            argSet.addRepeatRecord(rarg);
+
+            parse(argSet, subSt, level + 1);
         }
     }
 }
diff --git a/pki/base/common/src/com/netscape/cms/servlet/base/IndexServlet.java b/pki/base/common/src/com/netscape/cms/servlet/base/IndexServlet.java
index 89179b57..a4b72121 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/base/IndexServlet.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/base/IndexServlet.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.servlet.base;
 
-
 import java.io.IOException;
 
 import javax.servlet.ServletConfig;
@@ -32,11 +31,9 @@ import com.netscape.cms.servlet.common.CMSRequest;
 import com.netscape.cms.servlet.common.ECMSGWException;
 import com.netscape.cms.servlet.common.IndexTemplateFiller;
 
-
 /**
- * This is the servlet that builds the index page in
- * various ports.
- *
+ * This is the servlet that builds the index page in various ports.
+ * 
  * @version $Revision$, $Date$
  */
 public class IndexServlet extends CMSServlet {
@@ -68,10 +65,9 @@ public class IndexServlet extends CMSServlet {
         mTemplateName = sc.getInitParameter(PROP_TEMPLATE);
 
         /*
-         mTemplates.put(CMSRequest.SUCCESS,
-         new CMSLoadTemplate(
-         PROP_SUCCESS_TEMPLATE, PROP_SUCCESS_TEMPLATE_FILLER,
-         mTemplateName, new IndexTemplateFiller()));
+         * mTemplates.put(CMSRequest.SUCCESS, new CMSLoadTemplate(
+         * PROP_SUCCESS_TEMPLATE, PROP_SUCCESS_TEMPLATE_FILLER, mTemplateName,
+         * new IndexTemplateFiller()));
          */
         mTemplates.remove(CMSRequest.SUCCESS);
     }
@@ -91,26 +87,26 @@ public class IndexServlet extends CMSServlet {
      * Serves HTTP request.
      */
     public void process(CMSRequest cmsReq) throws EBaseException {
-        if (CMSGateway.getEnableAdminEnroll() && 
-            mAuthority != null && 
-            mAuthority instanceof ICertificateAuthority) {
+        if (CMSGateway.getEnableAdminEnroll() &&
+                mAuthority != null &&
+                mAuthority instanceof ICertificateAuthority) {
             try {
                 cmsReq.getHttpResp().sendRedirect("/ca/adminEnroll.html");
             } catch (IOException e) {
-                log(ILogger.LL_FAILURE, 
-                    CMS.getLogMessage("CMSGW_FAIL_REDIRECT_ADMIN_ENROLL", e.toString()));
+                log(ILogger.LL_FAILURE,
+                        CMS.getLogMessage("CMSGW_FAIL_REDIRECT_ADMIN_ENROLL", e.toString()));
                 throw new ECMSGWException(
                         CMS.getLogMessage("CMSGW_ERROR_REDIRECTING_ADMINENROLL1",
-                            e.toString()));
+                                e.toString()));
             }
             return;
         } else {
             try {
                 renderTemplate(
-                    cmsReq, mTemplateName, new IndexTemplateFiller());
+                        cmsReq, mTemplateName, new IndexTemplateFiller());
             } catch (IOException e) {
-                log(ILogger.LL_FAILURE, 
-                    CMS.getLogMessage("CMSGW_FAIL_RENDER_TEMPLATE", mTemplateName, e.toString()));
+                log(ILogger.LL_FAILURE,
+                        CMS.getLogMessage("CMSGW_FAIL_RENDER_TEMPLATE", mTemplateName, e.toString()));
                 throw new ECMSGWException(
                         CMS.getLogMessage("CMSG_ERROR_DISPLAY_TEMPLATE"));
             }
diff --git a/pki/base/common/src/com/netscape/cms/servlet/base/PortsServlet.java b/pki/base/common/src/com/netscape/cms/servlet/base/PortsServlet.java
index 4c3dec80..6c84b88d 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/base/PortsServlet.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/base/PortsServlet.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.servlet.base;
 
-
 import java.io.IOException;
 
 import javax.servlet.ServletConfig;
@@ -34,7 +33,7 @@ import com.netscape.cmsutil.xml.XMLObject;
 
 /**
  * This servlet returns port information.
- *
+ * 
  * @version $Revision$, $Date$
  */
 public class PortsServlet extends CMSServlet {
@@ -50,7 +49,7 @@ public class PortsServlet extends CMSServlet {
 
     public void init(ServletConfig sc) throws ServletException {
         super.init(sc);
-        // override these to output directly ourselves. 
+        // override these to output directly ourselves.
         mTemplates.remove(CMSRequest.SUCCESS);
         mTemplates.remove(CMSRequest.ERROR);
     }
@@ -67,10 +66,10 @@ public class PortsServlet extends CMSServlet {
         String port = null;
 
         if (secure.equals("true"))
-            port = CMS.getEESSLPort(); 
+            port = CMS.getEESSLPort();
         else
             port = CMS.getEENonSSLPort();
-     
+
         try {
             XMLObject xmlObj = null;
             xmlObj = new XMLObject();
diff --git a/pki/base/common/src/com/netscape/cms/servlet/base/ProxyServlet.java b/pki/base/common/src/com/netscape/cms/servlet/base/ProxyServlet.java
index 15bfb306..382d8821 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/base/ProxyServlet.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/base/ProxyServlet.java
@@ -2,7 +2,6 @@
 
 package com.netscape.cms.servlet.base;
 
-
 import java.io.IOException;
 import java.util.HashMap;
 import java.util.Iterator;
@@ -21,34 +20,29 @@ import javax.servlet.http.HttpServletResponse;
 
 import com.netscape.certsrv.apps.CMS;
 
-
 /**
  * This is a servlet that proxies request to another servlet.
- *
- * SERVLET REDIRECTION
- * Specify the URL of a servlet to forward the request to
- *     destServlet: /ee/ca/newservlet
- *
- * PARAMETER MAPPING
- * In the servlet configuration (as an init-param in web.xml) you 
- * can optionally specify a value for the parameter 'parameterMap' 
- * which contains a list of HTTP parameters which should be
- * translated to new names.
  * 
- *     parameterMap:  name1->newname1,name2->newname2
- *
+ * SERVLET REDIRECTION Specify the URL of a servlet to forward the request to
+ * destServlet: /ee/ca/newservlet
+ * 
+ * PARAMETER MAPPING In the servlet configuration (as an init-param in web.xml)
+ * you can optionally specify a value for the parameter 'parameterMap' which
+ * contains a list of HTTP parameters which should be translated to new names.
+ * 
+ * parameterMap: name1->newname1,name2->newname2
+ * 
  * Optionally, names can be set to static values:
- *
- *     parameterMap: name1->name2=value
- *
- * Examples:
- * Consider the following HTTP input parameters:
- *   vehicle:car  make:ford  model:explorer
  * 
- * The following config strings will have this effect:
- *   parameterMap: make->manufacturer,model->name=expedition,->suv=true
- *   output:       vehicle:car manufactuer:ford model:expedition suv:true
- *
+ * parameterMap: name1->name2=value
+ * 
+ * Examples: Consider the following HTTP input parameters: vehicle:car make:ford
+ * model:explorer
+ * 
+ * The following config strings will have this effect: parameterMap:
+ * make->manufacturer,model->name=expedition,->suv=true output: vehicle:car
+ * manufactuer:ford model:expedition suv:true
+ * 
  * @version $Revision$, $Date$
  */
 public class ProxyServlet extends HttpServlet {
@@ -64,40 +58,41 @@ public class ProxyServlet extends HttpServlet {
     private Vector mMatchStrings = new Vector();
     private String mDestServletOnNoMatch = null;
     private String mAppendPathInfoOnNoMatch = null;
-	private Map mParamMap = new HashMap();
-	private Map mParamValue = new HashMap();
+    private Map mParamMap = new HashMap();
+    private Map mParamValue = new HashMap();
 
     public ProxyServlet() {
     }
 
-	private void parseParamTable(String s) {
-		if (s == null) return;
-
-		String[] params = s.split(",");
-		for (int i=0;i<params.length;i++) {
-			String p = params[i];
-			if (p != null) {
-				String[] paramNames = p.split("->");
-				if (paramNames.length != 2) {
-				}
-				String from = paramNames[0];
-				String to   = paramNames[1];
-				if (from != null && to != null) {
-					String[] splitTo = to.split("=");
-					String toName  = splitTo[0];
-					if (from.length() >0) {
-						mParamMap.put(from,toName);
-					}
-					if (splitTo.length == 2) {
-						String toValue = splitTo[1];
-						String toValues[] = new String[1];
-						toValues[0] = toValue;
-						mParamValue.put(toName,toValues);
-					}
-				}
-			}
-		}
-	}
+    private void parseParamTable(String s) {
+        if (s == null)
+            return;
+
+        String[] params = s.split(",");
+        for (int i = 0; i < params.length; i++) {
+            String p = params[i];
+            if (p != null) {
+                String[] paramNames = p.split("->");
+                if (paramNames.length != 2) {
+                }
+                String from = paramNames[0];
+                String to = paramNames[1];
+                if (from != null && to != null) {
+                    String[] splitTo = to.split("=");
+                    String toName = splitTo[0];
+                    if (from.length() > 0) {
+                        mParamMap.put(from, toName);
+                    }
+                    if (splitTo.length == 2) {
+                        String toValue = splitTo[1];
+                        String toValues[] = new String[1];
+                        toValues[0] = toValue;
+                        mParamValue.put(toName, toValues);
+                    }
+                }
+            }
+        }
+    }
 
     public void init(ServletConfig sc) throws ServletException {
         super.init(sc);
@@ -115,14 +110,13 @@ public class ProxyServlet extends HttpServlet {
         mAppendPathInfo = sc.getInitParameter("appendPathInfo");
         mAppendPathInfoOnNoMatch = sc.getInitParameter("appendPathInfoOnNoMatch");
         String map = sc.getInitParameter("parameterMap");
-		if (map != null) {
-			parseParamTable(map);
-		}
+        if (map != null) {
+            parseParamTable(map);
+        }
     }
 
     public void service(HttpServletRequest req, HttpServletResponse res) throws
-          IOException, ServletException
-    {
+            IOException, ServletException {
         RequestDispatcher dispatcher = null;
         String dest = mDest;
         String uri = req.getRequestURI();
@@ -132,120 +126,118 @@ public class ProxyServlet extends HttpServlet {
         if (mMatchStrings.size() != 0) {
             boolean matched = false;
             for (int i = 0; i < mMatchStrings.size(); i++) {
-                String t = (String)mMatchStrings.elementAt(i);
-                if (uri.indexOf(t) != -1)  {
+                String t = (String) mMatchStrings.elementAt(i);
+                if (uri.indexOf(t) != -1) {
                     matched = true;
                 }
             }
             if (!matched) {
                 dest = mDestServletOnNoMatch;
                 // append Path info for OCSP request in Get method
-                if (mAppendPathInfoOnNoMatch != null && 
-                   !mAppendPathInfoOnNoMatch.equals("")) {
+                if (mAppendPathInfoOnNoMatch != null &&
+                        !mAppendPathInfoOnNoMatch.equals("")) {
                     dest = dest + uri.replace(mAppendPathInfoOnNoMatch, "");
                 }
             }
         }
         if (dest == null || dest.equals("")) {
-          // mapping everything
-          dest = uri;
-          dest = dest.replaceFirst(mSrcContext, "");
+            // mapping everything
+            dest = uri;
+            dest = dest.replaceFirst(mSrcContext, "");
         }
         if (mAppendPathInfo != null && !mAppendPathInfo.equals("")) {
-          dest = dest + uri.replace(mAppendPathInfo, "");
+            dest = dest + uri.replace(mAppendPathInfo, "");
         }
         if (mDestContext != null && !mDestContext.equals("")) {
-             dispatcher = getServletContext().getContext(mDestContext).getRequestDispatcher(dest);
+            dispatcher = getServletContext().getContext(mDestContext).getRequestDispatcher(dest);
         } else {
-             dispatcher = req.getRequestDispatcher(dest);
+            dispatcher = req.getRequestDispatcher(dest);
         }
 
-		// If a parameter map was specified
-		if (mParamMap != null && !mParamMap.isEmpty()) {
-			// Make a new wrapper with the new parameters
-			ProxyWrapper r = new ProxyWrapper(req);
-			r.setParameterMapAndValue(mParamMap,mParamValue);
-			req = r;
-		}
-		
-        dispatcher.forward(req, res);  
+        // If a parameter map was specified
+        if (mParamMap != null && !mParamMap.isEmpty()) {
+            // Make a new wrapper with the new parameters
+            ProxyWrapper r = new ProxyWrapper(req);
+            r.setParameterMapAndValue(mParamMap, mParamValue);
+            req = r;
+        }
+
+        dispatcher.forward(req, res);
     }
 }
 
-class ProxyWrapper extends HttpServletRequestWrapper
-{
-	private Map mMap = null;
-	private Map mValueMap = null;
-
-	public ProxyWrapper(HttpServletRequest req)
-	{
-		super(req);
-	}
-
-	public void setParameterMapAndValue(Map m,Map v)
-	{
-		if (m != null) mMap = m;
-		if (v != null) mValueMap = v;
-	}
-
-	public Map getParameterMap()
-	{
-		try {
-		// If we haven't specified any parameter mapping, just
-		// use the regular implementation
-		if (mMap == null) return super.getParameterMap();
-		else {
-			// Make a new Map for us to put stuff in
-			Map n = new HashMap();
-			// get the HTTP parameters the user supplied.
-			Map m = super.getParameterMap();
-			Set s = m.entrySet();
-			Iterator i = s.iterator();
-			while (i.hasNext()) {
-				Map.Entry me = (Map.Entry) i.next();
-				String name  = (String) me.getKey();
-				String[] values = (String[])(me.getValue());
-				String newname = null;
-				if (name != null) {
-					newname = (String) mMap.get(name);
-				}
-
-				// No mapping specified, just use existing name/value
-				if (newname == null || mValueMap == null) {
-					n.put(name,values);
-				} else { // new name specified
-					Object o = mValueMap.get(newname);
-					// check if new (static) value specified
-					if (o==null) {
-						n.put(newname,values);
-					} else {
-						String newvalues[] = (String[])mValueMap.get(newname);
-						n.put(newname,newvalues);
-					}
-				}
-			}
-			// Now, deal with static values set in the config 
-			// which weren't set in the HTTP request
-			Set s2 = mValueMap.entrySet();
-			Iterator i2 = s2.iterator();
-			// Cycle through all the static values
-			while (i2.hasNext()) {
-				Map.Entry me2 = (Map.Entry) i2.next();
-				String name2  = (String) me2.getKey();
-				if (n.get(name2) == null) {
-					String[] values2 = (String[])me2.getValue();
-					// If the parameter is not set in the map
-					// Set it now
-					n.put(name2,values2);
-				}
-			}
-			
-			return n;
-		}
-		} catch (NullPointerException npe) {
-			CMS.debug(npe);
-			return null;
-		}
-	}
-}
+class ProxyWrapper extends HttpServletRequestWrapper {
+    private Map mMap = null;
+    private Map mValueMap = null;
+
+    public ProxyWrapper(HttpServletRequest req) {
+        super(req);
+    }
+
+    public void setParameterMapAndValue(Map m, Map v) {
+        if (m != null)
+            mMap = m;
+        if (v != null)
+            mValueMap = v;
+    }
 
+    public Map getParameterMap() {
+        try {
+            // If we haven't specified any parameter mapping, just
+            // use the regular implementation
+            if (mMap == null)
+                return super.getParameterMap();
+            else {
+                // Make a new Map for us to put stuff in
+                Map n = new HashMap();
+                // get the HTTP parameters the user supplied.
+                Map m = super.getParameterMap();
+                Set s = m.entrySet();
+                Iterator i = s.iterator();
+                while (i.hasNext()) {
+                    Map.Entry me = (Map.Entry) i.next();
+                    String name = (String) me.getKey();
+                    String[] values = (String[]) (me.getValue());
+                    String newname = null;
+                    if (name != null) {
+                        newname = (String) mMap.get(name);
+                    }
+
+                    // No mapping specified, just use existing name/value
+                    if (newname == null || mValueMap == null) {
+                        n.put(name, values);
+                    } else { // new name specified
+                        Object o = mValueMap.get(newname);
+                        // check if new (static) value specified
+                        if (o == null) {
+                            n.put(newname, values);
+                        } else {
+                            String newvalues[] = (String[]) mValueMap.get(newname);
+                            n.put(newname, newvalues);
+                        }
+                    }
+                }
+                // Now, deal with static values set in the config
+                // which weren't set in the HTTP request
+                Set s2 = mValueMap.entrySet();
+                Iterator i2 = s2.iterator();
+                // Cycle through all the static values
+                while (i2.hasNext()) {
+                    Map.Entry me2 = (Map.Entry) i2.next();
+                    String name2 = (String) me2.getKey();
+                    if (n.get(name2) == null) {
+                        String[] values2 = (String[]) me2.getValue();
+                        // If the parameter is not set in the map
+                        // Set it now
+                        n.put(name2, values2);
+                    }
+                }
+
+                return n;
+            }
+        } catch (NullPointerException npe) {
+            CMS.debug(npe);
+            return null;
+        }
+    }
+}
diff --git a/pki/base/common/src/com/netscape/cms/servlet/base/SystemInfoServlet.java b/pki/base/common/src/com/netscape/cms/servlet/base/SystemInfoServlet.java
index 5daac065..a708483f 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/base/SystemInfoServlet.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/base/SystemInfoServlet.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.servlet.base;
 
-
 import java.io.IOException;
 import java.util.Date;
 
@@ -30,15 +29,14 @@ import javax.servlet.http.HttpServletResponse;
 import com.netscape.certsrv.apps.CMS;
 
 /**
- * Displays detailed information about java VM internals, including
- * current JVM memory usage, and detailed information about each
- * thread.
+ * Displays detailed information about java VM internals, including current JVM
+ * memory usage, and detailed information about each thread.
  * <p>
  * Also allows user to trigger a new garbage collection
- *
+ * 
  * @version $Revision$, $Date$
  */
-public class SystemInfoServlet extends HttpServlet { 
+public class SystemInfoServlet extends HttpServlet {
 
     /**
      *
@@ -53,21 +51,24 @@ public class SystemInfoServlet extends HttpServlet {
     }
 
     /**
-     * service the request, returning HTML to the client.
-     * This method has different behaviour depending on the
-     * value of the 'op' HTTP parameter.
+     * service the request, returning HTML to the client. This method has
+     * different behaviour depending on the value of the 'op' HTTP parameter.
      * <UL>
-     * <LI>op = <i>undefined</i> - display a menu with links to the other functionality of this servlet
-     * <li>op = gc - tell the JVM that we want to do a garbage collection and to run finalizers
-     *    (@see java.lang.Runtime.getRuntime#gc() )
-     * <li>op = general  - display information about memory, and other JVM informatino
-     * <li>op = thread  - display details about each thread.
+     * <LI>op = <i>undefined</i> - display a menu with links to the other
+     * functionality of this servlet
+     * <li>op = gc - tell the JVM that we want to do a garbage collection and to
+     * run finalizers (@see java.lang.Runtime.getRuntime#gc() )
+     * <li>op = general - display information about memory, and other JVM
+     * informatino
+     * <li>op = thread - display details about each thread.
      * </UL>
-     * @see javax.servlet.http.HttpServlet#service(HttpServletRequest, HttpServletResponse)
+     * 
+     * @see javax.servlet.http.HttpServlet#service(HttpServletRequest,
+     *      HttpServletResponse)
      */
-    public void service(HttpServletRequest request, 
-        HttpServletResponse response)
-        throws ServletException, IOException { 
+    public void service(HttpServletRequest request,
+            HttpServletResponse response)
+            throws ServletException, IOException {
         boolean collect = false;
         String op = request.getParameter("op");
 
@@ -83,9 +84,9 @@ public class SystemInfoServlet extends HttpServlet {
         }
     }
 
-    private void mainMenu(HttpServletRequest request, 
-        HttpServletResponse response)
-        throws ServletException, IOException { 
+    private void mainMenu(HttpServletRequest request,
+            HttpServletResponse response)
+            throws ServletException, IOException {
         response.getWriter().println("<HTML>");
         response.getWriter().println("<H1>");
         response.getWriter().println("<a href=" + request.getServletPath() + ">");
@@ -122,9 +123,9 @@ public class SystemInfoServlet extends HttpServlet {
         response.getWriter().println("</HTML>");
     }
 
-    private void gc(HttpServletRequest request, 
-        HttpServletResponse response)
-        throws ServletException, IOException { 
+    private void gc(HttpServletRequest request,
+            HttpServletResponse response)
+            throws ServletException, IOException {
         java.lang.Runtime.getRuntime().gc();
         java.lang.Runtime.getRuntime().runFinalization();
         response.getWriter().println("<HTML>");
@@ -140,9 +141,9 @@ public class SystemInfoServlet extends HttpServlet {
         response.getWriter().println("</HTML>");
     }
 
-    private void general(HttpServletRequest request, 
-        HttpServletResponse response)
-        throws ServletException, IOException { 
+    private void general(HttpServletRequest request,
+            HttpServletResponse response)
+            throws ServletException, IOException {
         response.getWriter().println("<HTML>");
         response.getWriter().println("<H1>");
         response.getWriter().println("<a href=" + request.getServletPath() + ">");
@@ -221,9 +222,9 @@ public class SystemInfoServlet extends HttpServlet {
         response.getWriter().println("</HTML>");
     }
 
-    private void thread(HttpServletRequest request, 
-        HttpServletResponse response)
-        throws ServletException, IOException { 
+    private void thread(HttpServletRequest request,
+            HttpServletResponse response)
+            throws ServletException, IOException {
         response.getWriter().println("</table>");
         response.getWriter().println("<HTML>");
         response.getWriter().println("<H1>");
diff --git a/pki/base/common/src/com/netscape/cms/servlet/base/UserInfo.java b/pki/base/common/src/com/netscape/cms/servlet/base/UserInfo.java
index 02ab5b52..ca829561 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/base/UserInfo.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/base/UserInfo.java
@@ -17,11 +17,10 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.servlet.base;
 
-
 /**
- * This class represents information about the client e.g. version,
- * langauge, vendor.
- *
+ * This class represents information about the client e.g. version, langauge,
+ * vendor.
+ * 
  * @version $Revision$, $Date$
  */
 public class UserInfo {
@@ -36,7 +35,7 @@ public class UserInfo {
 
     /**
      * Returns the user language.
-     *
+     * 
      * @param s user language info from the browser
      * @return user language
      */
@@ -53,7 +52,7 @@ public class UserInfo {
 
     /**
      * Returns the user country.
-     *
+     * 
      * @param s user language info from the browser
      * @return user country
      */
@@ -67,10 +66,10 @@ public class UserInfo {
         }
         return "";
     }
-    
+
     /**
      * Returns the users agent.
-     *
+     * 
      * @param s user language info from the browser
      * @return user agent
      */
@@ -79,7 +78,7 @@ public class UserInfo {
         if (s.indexOf(MSIE) != -1) {
             return MSIE;
         }
-        
+
         // Check for Netscape i.e. Mozilla
         if (s.indexOf(MOZILLA) != -1) {
             return MOZILLA;
@@ -87,5 +86,5 @@ public class UserInfo {
 
         // Don't know agent. Return empty string.
         return "";
-    }        
+    }
 }
diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/CMCRevReqServlet.java b/pki/base/common/src/com/netscape/cms/servlet/cert/CMCRevReqServlet.java
index 15d069e3..8b912032 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/cert/CMCRevReqServlet.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/cert/CMCRevReqServlet.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.servlet.cert;
 
-
 import java.io.IOException;
 import java.math.BigInteger;
 import java.security.cert.CertificateException;
@@ -67,10 +66,9 @@ import com.netscape.cms.servlet.common.CMSTemplate;
 import com.netscape.cms.servlet.common.CMSTemplateParams;
 import com.netscape.cms.servlet.common.ECMSGWException;
 
-
 /**
  * Revoke a certificate with a CMC-formatted revocation request
- *
+ * 
  * @version $Revision$, $Date$
  */
 public class CMCRevReqServlet extends CMSServlet {
@@ -83,7 +81,7 @@ public class CMCRevReqServlet extends CMSServlet {
     // revocation templates.
     private final static String TPL_FILE = "revocationResult.template";
     public static final String CRED_CMC = "cmcRequest";
-    
+
     private ICertificateRepository mCertDB = null;
     private String mFormPath = null;
     private IRequestQueue mQueue = null;
@@ -92,29 +90,28 @@ public class CMCRevReqServlet extends CMSServlet {
     private final static String REVOKE = "revoke";
     private final static String ON_HOLD = "on-hold";
     private final static int ON_HOLD_REASON = 6;
-    private final static String
-        LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST =
-        "LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_5";
-    private final static String
-        LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED =
-        "LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED_7";
-
-    // http params 
+    private final static String LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST =
+            "LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_5";
+    private final static String LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED =
+            "LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED_7";
+
+    // http params
     public static final String SERIAL_NO = TOKEN_CERT_SERIAL;
     public static final String REASON_CODE = "reasonCode";
     public static final String CHALLENGE_PHRASE = "challengePhrase";
 
     // request attributes
     public static final String SERIALNO_ARRAY = "serialNoArray";
-    
+
     public CMCRevReqServlet() {
         super();
     }
 
-	/**
+    /**
      * initialize the servlet.
-	 * @param sc servlet configuration, read from the web.xml file
-	 */
+     * 
+     * @param sc servlet configuration, read from the web.xml file
+     */
     public void init(ServletConfig sc) throws ServletException {
 
         super.init(sc);
@@ -136,26 +133,26 @@ public class CMCRevReqServlet extends CMSServlet {
             mFormPath = mOutputTemplatePath;
     }
 
-
-    /** 
-	 * Process the HTTP request. 
-	 *
-	 * <ul>
-	 * <li>http.param cmcRequest the base-64 encoded CMC request
-	 * </ul>
-	 * @param cmsReq the object holding the request and response information
+    /**
+     * Process the HTTP request.
+     * 
+     * <ul>
+     * <li>http.param cmcRequest the base-64 encoded CMC request
+     * </ul>
+     * 
+     * @param cmsReq the object holding the request and response information
      */
     protected void process(CMSRequest cmsReq) throws EBaseException {
 
         String cmcAgentSerialNumber = null;
         IArgBlock httpParams = cmsReq.getHttpParams();
         HttpServletRequest req = cmsReq.getHttpReq();
-        HttpServletResponse resp = cmsReq.getHttpResp();        
-        
+        HttpServletResponse resp = cmsReq.getHttpResp();
+
         CMSTemplate form = null;
         Locale[] locale = new Locale[1];
 
-CMS.debug("**** mFormPath = "+mFormPath);
+        CMS.debug("**** mFormPath = " + mFormPath);
         try {
             form = getTemplate(mFormPath, req, locale);
         } catch (IOException e) {
@@ -167,12 +164,11 @@ CMS.debug("**** mFormPath = "+mFormPath);
         IArgBlock header = CMS.createArgBlock();
         IArgBlock ctx = CMS.createArgBlock();
         CMSTemplateParams argSet = new CMSTemplateParams(header, ctx);
-        
 
         String cmc = (String) httpParams.get(CRED_CMC);
         if (cmc == null) {
             throw new EMissingCredential(
-				CMS.getUserMessage("CMS_AUTHENTICATION_NULL_CREDENTIAL", CRED_CMC));
+                    CMS.getUserMessage("CMS_AUTHENTICATION_NULL_CREDENTIAL", CRED_CMC));
         }
 
         IAuthToken authToken = authenticate(cmsReq);
@@ -189,10 +185,10 @@ CMS.debug("**** mFormPath = "+mFormPath);
             return;
         }
 
-        //IAuthToken authToken = getAuthToken(cmsReq);
-        //Object subject = authToken.get(CMCAuth.TOKEN_CERT_SERIAL);
-        //Object uid = authToken.get("uid");
-        //===========================
+        // IAuthToken authToken = getAuthToken(cmsReq);
+        // Object subject = authToken.get(CMCAuth.TOKEN_CERT_SERIAL);
+        // Object uid = authToken.get("uid");
+        // ===========================
         String authMgr = AuditFormat.NOAUTH;
         BigInteger[] serialNoArray = null;
 
@@ -200,8 +196,8 @@ CMS.debug("**** mFormPath = "+mFormPath);
             serialNoArray = authToken.getInBigIntegerArray(TOKEN_CERT_SERIAL);
         }
 
-        Integer reasonCode = Integer.valueOf(0); 
-         if (authToken != null) {
+        Integer reasonCode = Integer.valueOf(0);
+        if (authToken != null) {
             reasonCode = authToken.getInInteger(REASON_CODE);
         }
         RevocationReason reason = RevocationReason.fromInt(reasonCode.intValue());
@@ -211,15 +207,15 @@ CMS.debug("**** mFormPath = "+mFormPath);
         String revokeAll = null;
         int verifiedRecordCount = 0;
         int totalRecordCount = 0;
-  
+
         if (serialNoArray != null) {
             totalRecordCount = serialNoArray.length;
             verifiedRecordCount = serialNoArray.length;
         }
-        
+
         X509CertImpl[] certs = null;
 
-        //for audit log.
+        // for audit log.
         String initiative = null;
 
         if (mAuthMgr != null && mAuthMgr.equals("CMCAuth")) {
@@ -247,7 +243,7 @@ CMS.debug("**** mFormPath = "+mFormPath);
                 IRequest getCertsChallengeReq = null;
 
                 getCertsChallengeReq = mQueue.newRequest(
-                            GETCERTS_FOR_CHALLENGE_REQUEST); 
+                            GETCERTS_FOR_CHALLENGE_REQUEST);
                 getCertsChallengeReq.setExtData(SERIALNO_ARRAY, serialNoArray);
                 mQueue.processRequest(getCertsChallengeReq);
                 RequestStatus status = getCertsChallengeReq.getRequestStatus();
@@ -257,7 +253,7 @@ CMS.debug("**** mFormPath = "+mFormPath);
                     header.addStringValue("request", getCertsChallengeReq.getRequestId().toString());
                     mRequestID = getCertsChallengeReq.getRequestId().toString();
                 } else {
-                    log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_FAIL_GET_CERT_CHALL_PWRD")); 
+                    log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_FAIL_GET_CERT_CHALL_PWRD"));
                 }
             }
 
@@ -268,22 +264,22 @@ CMS.debug("**** mFormPath = "+mFormPath);
                 IArgBlock rarg = CMS.createArgBlock();
 
                 rarg.addBigIntegerValue("serialNumber",
-                    serialNoArray[i], 16);
+                        serialNoArray[i], 16);
                 rarg.addStringValue("subject",
-                    certs[i].getSubjectDN().toString());
+                        certs[i].getSubjectDN().toString());
                 rarg.addLongValue("validNotBefore",
-                    certs[i].getNotBefore().getTime() / 1000);
+                        certs[i].getNotBefore().getTime() / 1000);
                 rarg.addLongValue("validNotAfter",
-                    certs[i].getNotAfter().getTime() / 1000);
-                //argSet.addRepeatRecord(rarg);
+                        certs[i].getNotAfter().getTime() / 1000);
+                // argSet.addRepeatRecord(rarg);
             }
 
             revokeAll = "(|(certRecordId=" + serialNoArray[0].toString() + "))";
-            cmcAgentSerialNumber=  authToken.getInString(IAuthManager.CRED_SSL_CLIENT_CERT);
+            cmcAgentSerialNumber = authToken.getInString(IAuthManager.CRED_SSL_CLIENT_CERT);
             process(argSet, header, reasonCode.intValue(), invalidityDate, initiative, req, resp,
-                verifiedRecordCount, revokeAll, totalRecordCount,
-                comments, locale[0],cmcAgentSerialNumber);
-            
+                    verifiedRecordCount, revokeAll, totalRecordCount,
+                    comments, locale[0], cmcAgentSerialNumber);
+
         } else {
             header.addIntegerValue("totalRecordCount", 0);
             header.addIntegerValue("verifiedRecordCount", 0);
@@ -292,7 +288,7 @@ CMS.debug("**** mFormPath = "+mFormPath);
         try {
             ServletOutputStream out = resp.getOutputStream();
 
-            if ((serialNoArray== null) || (serialNoArray.length == 0)) {
+            if ((serialNoArray == null) || (serialNoArray.length == 0)) {
                 cmsReq.setStatus(CMSRequest.ERROR);
                 EBaseException ee = new EBaseException("No matched certificate is found");
 
@@ -300,16 +296,16 @@ CMS.debug("**** mFormPath = "+mFormPath);
             } else {
                 String xmlOutput = req.getParameter("xml");
                 if (xmlOutput != null && xmlOutput.equals("true")) {
-                  outputXML(resp, argSet);
+                    outputXML(resp, argSet);
                 } else {
-                  resp.setContentType("text/html");
-                  form.renderOutput(out, argSet);
-                  cmsReq.setStatus(CMSRequest.SUCCESS);
+                    resp.setContentType("text/html");
+                    form.renderOutput(out, argSet);
+                    cmsReq.setStatus(CMSRequest.SUCCESS);
                 }
             }
         } catch (IOException e) {
             log(ILogger.LL_FAILURE,
-                CMS.getLogMessage("ADMIN_SRVLT_ERR_STREAM_TEMPLATE", e.toString()));
+                    CMS.getLogMessage("ADMIN_SRVLT_ERR_STREAM_TEMPLATE", e.toString()));
             throw new ECMSGWException(CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE"));
         }
     }
@@ -318,56 +314,57 @@ CMS.debug("**** mFormPath = "+mFormPath);
      * Process cert status change request using the Certificate Management
      * protocol using CMS (CMC)
      * <P>
-     *
+     * 
      * (Certificate Request - an "EE" cert status change request)
      * <P>
-     *
+     * 
      * (Certificate Request Processed - an "EE" cert status change request)
      * <P>
-     *
+     * 
      * <ul>
-     * <li>signed.audit LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST used when
-     * a cert status change request (e. g. - "revocation") is made (before
+     * <li>signed.audit LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST used
+     * when a cert status change request (e. g. - "revocation") is made (before
      * approval process)
-     * <li>signed.audit LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED
-     * used when a certificate status is changed (revoked, expired, on-hold,
-     * off-hold)
+     * <li>signed.audit
+     * LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED used when a
+     * certificate status is changed (revoked, expired, on-hold, off-hold)
      * </ul>
+     * 
      * @param argSet CMS template parameters
      * @param header argument block
-     * @param reason revocation reason (0 - Unspecified, 1 - Key compromised,
-     * 2 - CA key compromised; should not be used, 3 - Affiliation changed,
-     * 4 - Certificate superceded, 5 - Cessation of operation, or
-     * 6 - Certificate is on hold)
+     * @param reason revocation reason (0 - Unspecified, 1 - Key compromised, 2
+     *            - CA key compromised; should not be used, 3 - Affiliation
+     *            changed, 4 - Certificate superceded, 5 - Cessation of
+     *            operation, or 6 - Certificate is on hold)
      * @param invalidityDate certificate validity date
      * @param initiative string containing the audit format
      * @param req HTTP servlet request
      * @param resp HTTP servlet response
      * @param verifiedRecordCount number of verified records
-     * @param revokeAll string containing information on all of the
-     * certificates to be revoked
+     * @param revokeAll string containing information on all of the certificates
+     *            to be revoked
      * @param totalRecordCount total number of records (verified and unverified)
      * @param comments string containing certificate comments
      * @param locale the system locale
      * @exception EBaseException an error has occurred
      */
     private void process(CMSTemplateParams argSet, IArgBlock header,
-        int reason, Date invalidityDate,
-        String initiative,
-        HttpServletRequest req,
-        HttpServletResponse resp,
-        int verifiedRecordCount,
-        String revokeAll,
-        int totalRecordCount,
-        String comments,
-        Locale locale,String cmcAgentSerialNumber)
-        throws EBaseException {
+            int reason, Date invalidityDate,
+            String initiative,
+            HttpServletRequest req,
+            HttpServletResponse resp,
+            int verifiedRecordCount,
+            String revokeAll,
+            int totalRecordCount,
+            String comments,
+            Locale locale, String cmcAgentSerialNumber)
+            throws EBaseException {
         String eeSerialNumber = null;
-        if(cmcAgentSerialNumber!=null) {
+        if (cmcAgentSerialNumber != null) {
             eeSerialNumber = cmcAgentSerialNumber;
-        }else{
-            X509CertImpl sslCert = ( X509CertImpl ) getSSLClientCertificate( req );
-            if( sslCert != null ) {
+        } else {
+            X509CertImpl sslCert = (X509CertImpl) getSSLClientCertificate(req);
+            if (sslCert != null) {
                 eeSerialNumber = sslCert.getSerialNumber().toString();
             }
         }
@@ -375,11 +372,11 @@ CMS.debug("**** mFormPath = "+mFormPath);
         boolean auditRequest = true;
         String auditMessage = null;
         String auditSubjectID = auditSubjectID();
-        String auditRequesterID = auditRequesterID( req );
-        String auditSerialNumber = auditSerialNumber( eeSerialNumber );
-        String auditRequestType = auditRequestType( reason );
+        String auditRequesterID = auditRequesterID(req);
+        String auditSerialNumber = auditSerialNumber(eeSerialNumber);
+        String auditRequestType = auditRequestType(reason);
         String auditApprovalStatus = ILogger.SIGNED_AUDIT_EMPTY_VALUE;
-        String auditReasonNum = String.valueOf( reason );
+        String auditReasonNum = String.valueOf(reason);
 
         try {
             int count = 0;
@@ -418,18 +415,18 @@ CMS.debug("**** mFormPath = "+mFormPath);
                     IArgBlock rarg = CMS.createArgBlock();
 
                     rarg.addBigIntegerValue("serialNumber",
-                        cert.getSerialNumber(), 16);
+                            cert.getSerialNumber(), 16);
 
                     if (rec.getStatus().equals(ICertRecord.STATUS_REVOKED)) {
                         rarg.addStringValue("error", "Certificate " +
-                            cert.getSerialNumber().toString() +
-                            " is already revoked.");
+                                cert.getSerialNumber().toString() +
+                                " is already revoked.");
                     } else {
                         oldCertsV.addElement(cert);
 
                         RevokedCertImpl revCertImpl =
-                            new RevokedCertImpl(cert.getSerialNumber(),
-                                CMS.getCurrentDate(), entryExtn);
+                                new RevokedCertImpl(cert.getSerialNumber(),
+                                        CMS.getCurrentDate(), entryExtn);
 
                         revCertImplsV.addElement(revCertImpl);
                         count++;
@@ -441,14 +438,12 @@ CMS.debug("**** mFormPath = "+mFormPath);
             } else if (mAuthority instanceof IRegistrationAuthority) {
                 String reqIdStr = null;
 
-                if (mRequestID != null && mRequestID.length() > 0) 
+                if (mRequestID != null && mRequestID.length() > 0)
                     reqIdStr = mRequestID;
                 Vector<String> serialNumbers = new Vector<String>();
 
                 if (revokeAll != null && revokeAll.length() > 0) {
-                    for (int i = revokeAll.indexOf('=');
-                        i < revokeAll.length() && i > -1;
-                        i = revokeAll.indexOf('=', i)) {
+                    for (int i = revokeAll.indexOf('='); i < revokeAll.length() && i > -1; i = revokeAll.indexOf('=', i)) {
                         if (i > -1) {
                             i++;
                             while (i < revokeAll.length() && revokeAll.charAt(i) == ' ') {
@@ -457,8 +452,8 @@ CMS.debug("**** mFormPath = "+mFormPath);
                             String legalDigits = "0123456789";
                             int j = i;
 
-                            while (j < revokeAll.length() && 
-                                legalDigits.indexOf(revokeAll.charAt(j)) != -1) {
+                            while (j < revokeAll.length() &&
+                                    legalDigits.indexOf(revokeAll.charAt(j)) != -1) {
                                 j++;
                             }
                             if (j > i) {
@@ -485,12 +480,12 @@ CMS.debug("**** mFormPath = "+mFormPath);
                             IArgBlock rarg = CMS.createArgBlock();
 
                             rarg.addBigIntegerValue("serialNumber",
-                                certs[i].getSerialNumber(), 16);
+                                    certs[i].getSerialNumber(), 16);
                             oldCertsV.addElement(certs[i]);
 
                             RevokedCertImpl revCertImpl =
-                                new RevokedCertImpl(certs[i].getSerialNumber(),
-                                    CMS.getCurrentDate(), entryExtn);
+                                    new RevokedCertImpl(certs[i].getSerialNumber(),
+                                            CMS.getCurrentDate(), entryExtn);
 
                             revCertImplsV.addElement(revCertImpl);
                             count++;
@@ -507,12 +502,12 @@ CMS.debug("**** mFormPath = "+mFormPath);
                         IArgBlock rarg = CMS.createArgBlock();
 
                         rarg.addBigIntegerValue("serialNumber",
-                            cert.getSerialNumber(), 16);
+                                cert.getSerialNumber(), 16);
                         oldCertsV.addElement(cert);
 
                         RevokedCertImpl revCertImpl =
-                            new RevokedCertImpl(cert.getSerialNumber(),
-                                CMS.getCurrentDate(), entryExtn);
+                                new RevokedCertImpl(cert.getSerialNumber(),
+                                        CMS.getCurrentDate(), entryExtn);
 
                         revCertImplsV.addElement(revCertImpl);
                         count++;
@@ -533,7 +528,7 @@ CMS.debug("**** mFormPath = "+mFormPath);
             }
 
             IRequest revReq =
-                mQueue.newRequest(IRequest.REVOCATION_REQUEST);
+                    mQueue.newRequest(IRequest.REVOCATION_REQUEST);
 
             // store a message in the signed audit log file
             auditMessage = CMS.getLogMessage(
@@ -573,29 +568,29 @@ CMS.debug("**** mFormPath = "+mFormPath);
 
                 if (result.equals(IRequest.RES_ERROR)) {
                     String[] svcErrors =
-                        revReq.getExtDataInStringArray(IRequest.SVCERRORS);
+                            revReq.getExtDataInStringArray(IRequest.SVCERRORS);
 
                     if (svcErrors != null && svcErrors.length > 0) {
                         for (int i = 0; i < svcErrors.length; i++) {
                             String err = svcErrors[i];
 
                             if (err != null) {
-                                //cmsReq.setErrorDescription(err);
+                                // cmsReq.setErrorDescription(err);
                                 for (int j = 0; j < count; j++) {
                                     if (oldCerts[j] != null) {
                                         mLogger.log(ILogger.EV_AUDIT,
-                                            ILogger.S_OTHER,
-                                            AuditFormat.LEVEL,
-                                            AuditFormat.DOREVOKEFORMAT,
-                                            new Object[] {
-                                                revReq.getRequestId(),
-                                                initiative,
-                                                "completed with error: " +
-                                                err,
-                                                oldCerts[j].getSubjectDN(),
-                                                oldCerts[j].getSerialNumber().toString(16),
-                                                RevocationReason.fromInt(reason).toString()}
-                                        );
+                                                ILogger.S_OTHER,
+                                                AuditFormat.LEVEL,
+                                                AuditFormat.DOREVOKEFORMAT,
+                                                new Object[] {
+                                                        revReq.getRequestId(),
+                                                        initiative,
+                                                        "completed with error: " +
+                                                                err,
+                                                        oldCerts[j].getSubjectDN(),
+                                                        oldCerts[j].getSerialNumber().toString(16),
+                                                        RevocationReason.fromInt(reason).toString() }
+                                                );
                                     }
                                 }
                             }
@@ -608,23 +603,23 @@ CMS.debug("**** mFormPath = "+mFormPath);
                 for (int j = 0; j < count; j++) {
                     if (oldCerts[j] != null) {
                         mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER,
-                            AuditFormat.LEVEL,
-                            AuditFormat.DOREVOKEFORMAT,
-                            new Object[] {
-                                revReq.getRequestId(),
-                                initiative,
-                                "completed",
-                                oldCerts[j].getSubjectDN(),
-                                oldCerts[j].getSerialNumber().toString(16),
-                                RevocationReason.fromInt(reason).toString()}
-                        );
+                                AuditFormat.LEVEL,
+                                AuditFormat.DOREVOKEFORMAT,
+                                new Object[] {
+                                        revReq.getRequestId(),
+                                        initiative,
+                                        "completed",
+                                        oldCerts[j].getSubjectDN(),
+                                        oldCerts[j].getSerialNumber().toString(16),
+                                        RevocationReason.fromInt(reason).toString() }
+                                );
                     }
                 }
 
                 header.addStringValue("revoked", "yes");
 
                 Integer updateCRLResult =
-                    revReq.getExtDataInInteger(IRequest.CRL_UPDATE_STATUS);
+                        revReq.getExtDataInInteger(IRequest.CRL_UPDATE_STATUS);
 
                 if (updateCRLResult != null) {
                     header.addStringValue("updateCRL", "yes");
@@ -633,15 +628,15 @@ CMS.debug("**** mFormPath = "+mFormPath);
                     } else {
                         header.addStringValue("updateCRLSuccess", "no");
                         String crlError =
-                            revReq.getExtDataInString(IRequest.CRL_UPDATE_ERROR);
+                                revReq.getExtDataInString(IRequest.CRL_UPDATE_ERROR);
 
                         if (crlError != null)
                             header.addStringValue("updateCRLError",
-                                crlError);
+                                    crlError);
                     }
                     // let known crl publishing status too.
                     Integer publishCRLResult =
-                        revReq.getExtDataInInteger(IRequest.CRL_PUBLISH_STATUS);
+                            revReq.getExtDataInInteger(IRequest.CRL_PUBLISH_STATUS);
 
                     if (publishCRLResult != null) {
                         if (publishCRLResult.equals(IRequest.RES_SUCCESS)) {
@@ -649,22 +644,22 @@ CMS.debug("**** mFormPath = "+mFormPath);
                         } else {
                             header.addStringValue("publishCRLSuccess", "no");
                             String publError =
-                                revReq.getExtDataInString(IRequest.CRL_PUBLISH_ERROR);
+                                    revReq.getExtDataInString(IRequest.CRL_PUBLISH_ERROR);
 
                             if (publError != null)
                                 header.addStringValue("publishCRLError",
-                                    publError);
+                                        publError);
                         }
                     }
                 }
                 if (mAuthority instanceof ICertificateAuthority) {
                     // let known update and publish status of all crls.
                     Enumeration<ICRLIssuingPoint> otherCRLs =
-                        ((ICertificateAuthority) mAuthority).getCRLIssuingPoints();
+                            ((ICertificateAuthority) mAuthority).getCRLIssuingPoints();
 
                     while (otherCRLs.hasMoreElements()) {
                         ICRLIssuingPoint crl = (ICRLIssuingPoint)
-                            otherCRLs.nextElement();
+                                otherCRLs.nextElement();
                         String crlId = crl.getId();
 
                         if (crlId.equals(ICertificateAuthority.PROP_MASTER_CRL))
@@ -674,25 +669,25 @@ CMS.debug("**** mFormPath = "+mFormPath);
 
                         if (updateResult != null) {
                             if (updateResult.equals(IRequest.RES_SUCCESS)) {
-                                CMS.debug("CMCRevReqServlet: " + CMS.getLogMessage("ADMIN_SRVLT_ADDING_HEADER", 
+                                CMS.debug("CMCRevReqServlet: " + CMS.getLogMessage("ADMIN_SRVLT_ADDING_HEADER",
                                         updateStatusStr));
                                 header.addStringValue(updateStatusStr, "yes");
                             } else {
                                 String updateErrorStr = crl.getCrlUpdateErrorStr();
 
-                                CMS.debug("CMCRevReqServlet: " + CMS.getLogMessage("ADMIN_SRVLT_ADDING_HEADER_NO", 
+                                CMS.debug("CMCRevReqServlet: " + CMS.getLogMessage("ADMIN_SRVLT_ADDING_HEADER_NO",
                                         updateStatusStr));
                                 header.addStringValue(updateStatusStr, "no");
                                 String error =
-                                    revReq.getExtDataInString(updateErrorStr);
+                                        revReq.getExtDataInString(updateErrorStr);
 
                                 if (error != null)
                                     header.addStringValue(updateErrorStr,
-                                        error);
+                                            error);
                             }
                             String publishStatusStr = crl.getCrlPublishStatusStr();
                             Integer publishResult =
-                                revReq.getExtDataInInteger(publishStatusStr);
+                                    revReq.getExtDataInInteger(publishStatusStr);
 
                             if (publishResult == null)
                                 continue;
@@ -700,15 +695,15 @@ CMS.debug("**** mFormPath = "+mFormPath);
                                 header.addStringValue(publishStatusStr, "yes");
                             } else {
                                 String publishErrorStr =
-                                    crl.getCrlPublishErrorStr();
+                                        crl.getCrlPublishErrorStr();
 
                                 header.addStringValue(publishStatusStr, "no");
                                 String error =
-                                    revReq.getExtDataInString(publishErrorStr);
+                                        revReq.getExtDataInString(publishErrorStr);
 
                                 if (error != null)
                                     header.addStringValue(
-                                        publishErrorStr, error);
+                                            publishErrorStr, error);
                             }
                         }
                     }
@@ -717,7 +712,7 @@ CMS.debug("**** mFormPath = "+mFormPath);
                 if (mPublisherProcessor != null && mPublisherProcessor.ldapEnabled()) {
                     header.addStringValue("dirEnabled", "yes");
                     Integer[] ldapPublishStatus =
-                        revReq.getExtDataInIntegerArray("ldapPublishStatus");
+                            revReq.getExtDataInIntegerArray("ldapPublishStatus");
                     int certsToUpdate = 0;
                     int certsUpdated = 0;
 
@@ -734,11 +729,11 @@ CMS.debug("**** mFormPath = "+mFormPath);
 
                     // add crl publishing status.
                     String publError =
-                        revReq.getExtDataInString(IRequest.CRL_PUBLISH_ERROR);
+                            revReq.getExtDataInString(IRequest.CRL_PUBLISH_ERROR);
 
                     if (publError != null) {
                         header.addStringValue("crlPublishError",
-                            publError);
+                                publError);
                     }
                 } else {
                     header.addStringValue("dirEnabled", "no");
@@ -752,16 +747,16 @@ CMS.debug("**** mFormPath = "+mFormPath);
                 for (int j = 0; j < count; j++) {
                     if (oldCerts[j] != null) {
                         mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER,
-                            AuditFormat.LEVEL,
-                            AuditFormat.DOREVOKEFORMAT,
-                            new Object[] {
-                                revReq.getRequestId(),
-                                initiative,
-                                "pending",
-                                oldCerts[j].getSubjectDN(),
-                                oldCerts[j].getSerialNumber().toString(16),
-                                RevocationReason.fromInt(reason).toString()}
-                        );
+                                AuditFormat.LEVEL,
+                                AuditFormat.DOREVOKEFORMAT,
+                                new Object[] {
+                                        revReq.getRequestId(),
+                                        initiative,
+                                        "pending",
+                                        oldCerts[j].getSubjectDN(),
+                                        oldCerts[j].getSerialNumber().toString(16),
+                                        RevocationReason.fromInt(reason).toString() }
+                                );
                     }
                 }
 
@@ -771,7 +766,8 @@ CMS.debug("**** mFormPath = "+mFormPath);
 
                 if (errors != null && errors.size() > 0) {
                     for (int ii = 0; ii < errors.size(); ii++) {
-                        errorStr.append(errors.elementAt(ii));;
+                        errorStr.append(errors.elementAt(ii));
+                        ;
                     }
                 }
                 header.addStringValue("error", errorStr.toString());
@@ -780,16 +776,16 @@ CMS.debug("**** mFormPath = "+mFormPath);
                 for (int j = 0; j < count; j++) {
                     if (oldCerts[j] != null) {
                         mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER,
-                            AuditFormat.LEVEL,
-                            AuditFormat.DOREVOKEFORMAT,
-                            new Object[] {
-                                revReq.getRequestId(),
-                                initiative,
-                                stat.toString(),
-                                oldCerts[j].getSubjectDN(),
-                                oldCerts[j].getSerialNumber().toString(16),
-                                RevocationReason.fromInt(reason).toString()}
-                        );
+                                AuditFormat.LEVEL,
+                                AuditFormat.DOREVOKEFORMAT,
+                                new Object[] {
+                                        revReq.getRequestId(),
+                                        initiative,
+                                        stat.toString(),
+                                        oldCerts[j].getSubjectDN(),
+                                        oldCerts[j].getSerialNumber().toString(16),
+                                        RevocationReason.fromInt(reason).toString() }
+                                );
                     }
                 }
             }
@@ -798,17 +794,17 @@ CMS.debug("**** mFormPath = "+mFormPath);
             // if and only if "auditApprovalStatus" is
             // "complete", "revoked", or "canceled"
             if ((auditApprovalStatus.equals(RequestStatus.COMPLETE_STRING))
-            ||  (auditApprovalStatus.equals(RequestStatus.REJECTED_STRING))
-            ||  (auditApprovalStatus.equals(RequestStatus.CANCELED_STRING))) {
+                    || (auditApprovalStatus.equals(RequestStatus.REJECTED_STRING))
+                    || (auditApprovalStatus.equals(RequestStatus.CANCELED_STRING))) {
                 auditMessage = CMS.getLogMessage(
-                    LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED,
-                    auditSubjectID,
-                    ILogger.SUCCESS,
-                    auditRequesterID,
-                    auditSerialNumber,
-                    auditRequestType,
-                    auditReasonNum,
-                    auditApprovalStatus);
+                        LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED,
+                        auditSubjectID,
+                        ILogger.SUCCESS,
+                        auditRequesterID,
+                        auditSerialNumber,
+                        auditRequestType,
+                        auditReasonNum,
+                        auditApprovalStatus);
 
                 audit(auditMessage);
             }
@@ -818,12 +814,12 @@ CMS.debug("**** mFormPath = "+mFormPath);
                 // store a "CERT_STATUS_CHANGE_REQUEST" failure
                 // message in the signed audit log file
                 auditMessage = CMS.getLogMessage(
-                    LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST,
-                    auditSubjectID,
-                    ILogger.FAILURE,
-                    auditRequesterID,
-                    auditSerialNumber,
-                    auditRequestType);
+                        LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST,
+                        auditSubjectID,
+                        ILogger.FAILURE,
+                        auditRequesterID,
+                        auditSerialNumber,
+                        auditRequestType);
 
                 audit(auditMessage);
             } else {
@@ -832,11 +828,10 @@ CMS.debug("**** mFormPath = "+mFormPath);
                 // if and only if "auditApprovalStatus" is
                 // "complete", "revoked", or "canceled"
                 if ((auditApprovalStatus.equals(RequestStatus.COMPLETE_STRING))
-                ||  (auditApprovalStatus.equals(RequestStatus.REJECTED_STRING))
-                ||  (auditApprovalStatus.equals(RequestStatus.CANCELED_STRING)))
-                {
+                        || (auditApprovalStatus.equals(RequestStatus.REJECTED_STRING))
+                        || (auditApprovalStatus.equals(RequestStatus.CANCELED_STRING))) {
                     auditMessage = CMS.getLogMessage(
-                        LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED,
+                            LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED,
                             auditSubjectID,
                             ILogger.FAILURE,
                             auditRequesterID,
@@ -857,12 +852,12 @@ CMS.debug("**** mFormPath = "+mFormPath);
                 // store a "CERT_STATUS_CHANGE_REQUEST" failure
                 // message in the signed audit log file
                 auditMessage = CMS.getLogMessage(
-                    LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST,
-                    auditSubjectID,
-                    ILogger.FAILURE,
-                    auditRequesterID,
-                    auditSerialNumber,
-                    auditRequestType);
+                        LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST,
+                        auditSubjectID,
+                        ILogger.FAILURE,
+                        auditRequesterID,
+                        auditSerialNumber,
+                        auditRequestType);
 
                 audit(auditMessage);
             } else {
@@ -871,18 +866,17 @@ CMS.debug("**** mFormPath = "+mFormPath);
                 // if and only if "auditApprovalStatus" is
                 // "complete", "revoked", or "canceled"
                 if ((auditApprovalStatus.equals(RequestStatus.COMPLETE_STRING))
-                ||  (auditApprovalStatus.equals(RequestStatus.REJECTED_STRING))
-                ||  (auditApprovalStatus.equals(RequestStatus.CANCELED_STRING)))
-                {
+                        || (auditApprovalStatus.equals(RequestStatus.REJECTED_STRING))
+                        || (auditApprovalStatus.equals(RequestStatus.CANCELED_STRING))) {
                     auditMessage = CMS.getLogMessage(
-                        LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED,
-                        auditSubjectID,
-                        ILogger.FAILURE,
-                        auditRequesterID,
-                        auditSerialNumber,
-                        auditRequestType,
-                        auditReasonNum,
-                        auditApprovalStatus);
+                            LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED,
+                            auditSubjectID,
+                            ILogger.FAILURE,
+                            auditRequesterID,
+                            auditSerialNumber,
+                            auditRequestType,
+                            auditReasonNum,
+                            auditApprovalStatus);
 
                     audit(auditMessage);
                 }
@@ -891,18 +885,18 @@ CMS.debug("**** mFormPath = "+mFormPath);
             throw e;
         } catch (IOException e) {
             log(ILogger.LL_FAILURE,
-                CMS.getLogMessage("CMSGW_ERROR_MARKING_CERT_REVOKED", e.toString()));
+                    CMS.getLogMessage("CMSGW_ERROR_MARKING_CERT_REVOKED", e.toString()));
 
             if (auditRequest) {
                 // store a "CERT_STATUS_CHANGE_REQUEST" failure
                 // message in the signed audit log file
                 auditMessage = CMS.getLogMessage(
-                    LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST,
-                    auditSubjectID,
-                    ILogger.FAILURE,
-                    auditRequesterID,
-                    auditSerialNumber,
-                    auditRequestType);
+                        LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST,
+                        auditSubjectID,
+                        ILogger.FAILURE,
+                        auditRequesterID,
+                        auditSerialNumber,
+                        auditRequestType);
 
                 audit(auditMessage);
             } else {
@@ -911,18 +905,17 @@ CMS.debug("**** mFormPath = "+mFormPath);
                 // if and only if "auditApprovalStatus" is
                 // "complete", "revoked", or "canceled"
                 if ((auditApprovalStatus.equals(RequestStatus.COMPLETE_STRING))
-                ||  (auditApprovalStatus.equals(RequestStatus.REJECTED_STRING))
-                ||  (auditApprovalStatus.equals(RequestStatus.CANCELED_STRING)))
-                {
+                        || (auditApprovalStatus.equals(RequestStatus.REJECTED_STRING))
+                        || (auditApprovalStatus.equals(RequestStatus.CANCELED_STRING))) {
                     auditMessage = CMS.getLogMessage(
-                        LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED,
-                        auditSubjectID,
-                        ILogger.FAILURE,
-                        auditRequesterID,
-                        auditSerialNumber,
-                        auditRequestType,
-                        auditReasonNum,
-                        auditApprovalStatus);
+                            LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED,
+                            auditSubjectID,
+                            ILogger.FAILURE,
+                            auditRequesterID,
+                            auditSerialNumber,
+                            auditRequestType,
+                            auditReasonNum,
+                            auditApprovalStatus);
 
                     audit(auditMessage);
                 }
@@ -934,12 +927,12 @@ CMS.debug("**** mFormPath = "+mFormPath);
                 // store a "CERT_STATUS_CHANGE_REQUEST" failure
                 // message in the signed audit log file
                 auditMessage = CMS.getLogMessage(
-                    LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST,
-                    auditSubjectID,
-                    ILogger.FAILURE,
-                    auditRequesterID,
-                    auditSerialNumber,
-                    auditRequestType);
+                        LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST,
+                        auditSubjectID,
+                        ILogger.FAILURE,
+                        auditRequesterID,
+                        auditSerialNumber,
+                        auditRequestType);
 
                 audit(auditMessage);
             } else {
@@ -948,18 +941,17 @@ CMS.debug("**** mFormPath = "+mFormPath);
                 // if and only if "auditApprovalStatus" is
                 // "complete", "revoked", or "canceled"
                 if ((auditApprovalStatus.equals(RequestStatus.COMPLETE_STRING))
-                ||  (auditApprovalStatus.equals(RequestStatus.REJECTED_STRING))
-                ||  (auditApprovalStatus.equals(RequestStatus.CANCELED_STRING)))
-                {
+                        || (auditApprovalStatus.equals(RequestStatus.REJECTED_STRING))
+                        || (auditApprovalStatus.equals(RequestStatus.CANCELED_STRING))) {
                     auditMessage = CMS.getLogMessage(
-                        LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED,
-                        auditSubjectID,
-                        ILogger.FAILURE,
-                        auditRequesterID,
-                        auditSerialNumber,
-                        auditRequestType,
-                        auditReasonNum,
-                        auditApprovalStatus);
+                            LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED,
+                            auditSubjectID,
+                            ILogger.FAILURE,
+                            auditRequesterID,
+                            auditSerialNumber,
+                            auditRequestType,
+                            auditReasonNum,
+                            auditApprovalStatus);
 
                     audit(auditMessage);
                 }
@@ -973,11 +965,11 @@ CMS.debug("**** mFormPath = "+mFormPath);
 
     /**
      * Signed Audit Log Requester ID
-     *
-     * This method is called to obtain the "RequesterID" for
-     * a signed audit log message.
+     * 
+     * This method is called to obtain the "RequesterID" for a signed audit log
+     * message.
      * <P>
-     *
+     * 
      * @param req HTTP request
      * @return id string containing the signed audit log message RequesterID
      */
@@ -1003,11 +995,11 @@ CMS.debug("**** mFormPath = "+mFormPath);
 
     /**
      * Signed Audit Log Serial Number
-     *
+     * 
      * This method is called to obtain the serial number of the certificate
      * whose status is to be changed for a signed audit log message.
      * <P>
-     *
+     * 
      * @param eeSerialNumber a string containing the un-normalized serialNumber
      * @return id string containing the signed audit log message RequesterID
      */
@@ -1026,7 +1018,7 @@ CMS.debug("**** mFormPath = "+mFormPath);
             // convert it to hexadecimal
             serialNumber = "0x"
                     + Integer.toHexString(
-                        Integer.valueOf(serialNumber).intValue());
+                            Integer.valueOf(serialNumber).intValue());
         } else {
             serialNumber = ILogger.SIGNED_AUDIT_EMPTY_VALUE;
         }
@@ -1036,11 +1028,11 @@ CMS.debug("**** mFormPath = "+mFormPath);
 
     /**
      * Signed Audit Log Request Type
-     *
-     * This method is called to obtain the "Request Type" for
-     * a signed audit log message.
+     * 
+     * This method is called to obtain the "Request Type" for a signed audit log
+     * message.
      * <P>
-     *
+     * 
      * @param reason an integer denoting the revocation reason
      * @return string containing REVOKE or ON_HOLD
      */
@@ -1062,4 +1054,3 @@ CMS.debug("**** mFormPath = "+mFormPath);
         return requestType;
     }
 }
-
diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/ChallengeRevocationServlet1.java b/pki/base/common/src/com/netscape/cms/servlet/cert/ChallengeRevocationServlet1.java
index 181e6e9c..f467652c 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/cert/ChallengeRevocationServlet1.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/cert/ChallengeRevocationServlet1.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.servlet.cert;
 
-
 import java.io.IOException;
 import java.math.BigInteger;
 import java.security.cert.CertificateException;
@@ -66,11 +65,11 @@ import com.netscape.cms.servlet.common.CMSTemplate;
 import com.netscape.cms.servlet.common.CMSTemplateParams;
 import com.netscape.cms.servlet.common.ECMSGWException;
 
-
 /**
- * Takes the certificate info (serial number) and optional challenge phrase, creates a 
- * revocation request and submits it to the authority subsystem for processing
- *
+ * Takes the certificate info (serial number) and optional challenge phrase,
+ * creates a revocation request and submits it to the authority subsystem for
+ * processing
+ * 
  * @version $Revision$, $Date$
  */
 public class ChallengeRevocationServlet1 extends CMSServlet {
@@ -89,7 +88,7 @@ public class ChallengeRevocationServlet1 extends CMSServlet {
     private IPublisherProcessor mPublisherProcessor = null;
     private String mRequestID = null;
 
-    // http params 
+    // http params
     public static final String SERIAL_NO = TOKEN_CERT_SERIAL;
     public static final String REASON_CODE = "reasonCode";
     public static final String CHALLENGE_PHRASE = "challengePhrase";
@@ -102,10 +101,10 @@ public class ChallengeRevocationServlet1 extends CMSServlet {
     }
 
     /**
-     * Initialize the servlet. This servlet uses the file 
-	 * revocationResult.template for the response
-     *
-	 * @param sc servlet configuration, read from the web.xml file
+     * Initialize the servlet. This servlet uses the file
+     * revocationResult.template for the response
+     * 
+     * @param sc servlet configuration, read from the web.xml file
      */
     public void init(ServletConfig sc) throws ServletException {
         super.init(sc);
@@ -125,17 +124,17 @@ public class ChallengeRevocationServlet1 extends CMSServlet {
         mQueue = mAuthority.getRequestQueue();
     }
 
-	/**
-     * Process the HTTP request. 
+    /**
+     * Process the HTTP request.
      * <ul>
      * <li>http.param REASON_CODE the revocation reason
-	 * <li>http.param b64eCertificate the base-64 encoded certificate to revoke
+     * <li>http.param b64eCertificate the base-64 encoded certificate to revoke
      * </ul>
-     *
+     * 
      * @param cmsReq the object holding the request and response information
      */
-    protected void process(CMSRequest cmsReq) 
-        throws EBaseException {
+    protected void process(CMSRequest cmsReq)
+            throws EBaseException {
         IArgBlock httpParams = cmsReq.getHttpParams();
         HttpServletRequest req = cmsReq.getHttpReq();
         HttpServletResponse resp = cmsReq.getHttpResp();
@@ -159,27 +158,27 @@ public class ChallengeRevocationServlet1 extends CMSServlet {
         // for audit log
         IAuthToken authToken = authenticate(cmsReq);
         String authMgr = AuditFormat.NOAUTH;
-		
+
         BigInteger[] serialNoArray = null;
 
         if (authToken != null) {
             serialNoArray = authToken.getInBigIntegerArray(SERIAL_NO);
         }
         // set revocation reason, default to unspecified if not set.
-        int reasonCode = 
-            httpParams.getValueAsInt(REASON_CODE, 0); 
-        //        header.addIntegerValue("reason", reasonCode);
+        int reasonCode =
+                httpParams.getValueAsInt(REASON_CODE, 0);
+        // header.addIntegerValue("reason", reasonCode);
         RevocationReason reason = RevocationReason.fromInt(reasonCode);
 
         String comments = req.getParameter(IRequest.REQUESTOR_COMMENTS);
         Date invalidityDate = null;
         String revokeAll = null;
-        int totalRecordCount = (serialNoArray != null)? serialNoArray.length:0;
-        int verifiedRecordCount = (serialNoArray != null)? serialNoArray.length:0;
+        int totalRecordCount = (serialNoArray != null) ? serialNoArray.length : 0;
+        int verifiedRecordCount = (serialNoArray != null) ? serialNoArray.length : 0;
 
         X509CertImpl[] certs = null;
 
-        //for audit log.
+        // for audit log.
         String initiative = null;
 
         if (mAuthMgr != null && mAuthMgr.equals(IAuthSubsystem.CERTUSERDB_AUTHMGR_ID)) {
@@ -198,11 +197,11 @@ public class ChallengeRevocationServlet1 extends CMSServlet {
         AuthzToken authzToken = null;
 
         try {
-            authzToken = authorize(mAclMethod, authToken, 
+            authzToken = authorize(mAclMethod, authToken,
                         mAuthzResourceName, "revoke");
         } catch (Exception e) {
-            log(ILogger.LL_FAILURE, 
-                CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+            log(ILogger.LL_FAILURE,
+                    CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
         }
 
         if (authzToken == null) {
@@ -222,7 +221,7 @@ public class ChallengeRevocationServlet1 extends CMSServlet {
                 IRequest getCertsChallengeReq = null;
 
                 getCertsChallengeReq = mQueue.newRequest(
-                            GETCERTS_FOR_CHALLENGE_REQUEST); 
+                            GETCERTS_FOR_CHALLENGE_REQUEST);
                 getCertsChallengeReq.setExtData(SERIALNO_ARRAY, serialNoArray);
                 mQueue.processRequest(getCertsChallengeReq);
                 RequestStatus status = getCertsChallengeReq.getRequestStatus();
@@ -232,7 +231,7 @@ public class ChallengeRevocationServlet1 extends CMSServlet {
                     header.addStringValue("request", getCertsChallengeReq.getRequestId().toString());
                     mRequestID = getCertsChallengeReq.getRequestId().toString();
                 } else {
-                    log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_FAIL_GET_CERT_CHALL_PWRD")); 
+                    log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_FAIL_GET_CERT_CHALL_PWRD"));
                 }
             }
 
@@ -243,20 +242,20 @@ public class ChallengeRevocationServlet1 extends CMSServlet {
                 IArgBlock rarg = CMS.createArgBlock();
 
                 rarg.addBigIntegerValue("serialNumber",
-                    serialNoArray[i], 16);
+                        serialNoArray[i], 16);
                 rarg.addStringValue("subject",
-                    certs[i].getSubjectDN().toString());
+                        certs[i].getSubjectDN().toString());
                 rarg.addLongValue("validNotBefore",
-                    certs[i].getNotBefore().getTime() / 1000);
+                        certs[i].getNotBefore().getTime() / 1000);
                 rarg.addLongValue("validNotAfter",
-                    certs[i].getNotAfter().getTime() / 1000);
-                //argSet.addRepeatRecord(rarg);
+                        certs[i].getNotAfter().getTime() / 1000);
+                // argSet.addRepeatRecord(rarg);
             }
 
             revokeAll = "(|(certRecordId=" + serialNoArray[0].toString() + "))";
             process(argSet, header, reasonCode, invalidityDate, initiative, req, resp,
-                verifiedRecordCount, revokeAll, totalRecordCount,
-                comments, locale[0]);
+                    verifiedRecordCount, revokeAll, totalRecordCount,
+                    comments, locale[0]);
         } else {
             header.addIntegerValue("totalRecordCount", 0);
             header.addIntegerValue("verifiedRecordCount", 0);
@@ -265,10 +264,10 @@ public class ChallengeRevocationServlet1 extends CMSServlet {
         try {
             ServletOutputStream out = resp.getOutputStream();
 
-            if( serialNoArray == null ) {
-                CMS.debug( "ChallengeRevcationServlet1::process() - " +
-                           " serialNoArray is null!" );
-                EBaseException ee = new EBaseException( "No matched certificate is found" );
+            if (serialNoArray == null) {
+                CMS.debug("ChallengeRevcationServlet1::process() - " +
+                           " serialNoArray is null!");
+                EBaseException ee = new EBaseException("No matched certificate is found");
 
                 cmsReq.setError(ee);
                 return;
@@ -282,31 +281,31 @@ public class ChallengeRevocationServlet1 extends CMSServlet {
             } else {
                 String xmlOutput = req.getParameter("xml");
                 if (xmlOutput != null && xmlOutput.equals("true")) {
-                  outputXML(resp, argSet);
+                    outputXML(resp, argSet);
                 } else {
-                  resp.setContentType("text/html");
-                  form.renderOutput(out, argSet);
-                  cmsReq.setStatus(CMSRequest.SUCCESS);
+                    resp.setContentType("text/html");
+                    form.renderOutput(out, argSet);
+                    cmsReq.setStatus(CMSRequest.SUCCESS);
                 }
             }
         } catch (IOException e) {
             log(ILogger.LL_FAILURE,
-                CMS.getLogMessage("ADMIN_SRVLT_ERR_STREAM_TEMPLATE", e.toString()));
+                    CMS.getLogMessage("ADMIN_SRVLT_ERR_STREAM_TEMPLATE", e.toString()));
             throw new ECMSGWException(CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE"));
         }
     }
 
     private void process(CMSTemplateParams argSet, IArgBlock header,
-        int reason, Date invalidityDate,
-        String initiative,
-        HttpServletRequest req,
-        HttpServletResponse resp,
-        int verifiedRecordCount,
-        String revokeAll,
-        int totalRecordCount,
-        String comments,
-        Locale locale)
-        throws EBaseException {
+            int reason, Date invalidityDate,
+            String initiative,
+            HttpServletRequest req,
+            HttpServletResponse resp,
+            int verifiedRecordCount,
+            String revokeAll,
+            int totalRecordCount,
+            String comments,
+            Locale locale)
+            throws EBaseException {
         try {
             int count = 0;
             Vector<X509CertImpl> oldCertsV = new Vector<X509CertImpl>();
@@ -344,18 +343,18 @@ public class ChallengeRevocationServlet1 extends CMSServlet {
                     IArgBlock rarg = CMS.createArgBlock();
 
                     rarg.addBigIntegerValue("serialNumber",
-                        cert.getSerialNumber(), 16);
+                            cert.getSerialNumber(), 16);
 
                     if (rec.getStatus().equals(ICertRecord.STATUS_REVOKED)) {
                         rarg.addStringValue("error", "Certificate " +
-                            cert.getSerialNumber().toString() +
-                            " is already revoked.");
+                                cert.getSerialNumber().toString() +
+                                " is already revoked.");
                     } else {
                         oldCertsV.addElement(cert);
 
                         RevokedCertImpl revCertImpl =
-                            new RevokedCertImpl(cert.getSerialNumber(),
-                                CMS.getCurrentDate(), entryExtn);
+                                new RevokedCertImpl(cert.getSerialNumber(),
+                                        CMS.getCurrentDate(), entryExtn);
 
                         revCertImplsV.addElement(revCertImpl);
                         count++;
@@ -367,14 +366,12 @@ public class ChallengeRevocationServlet1 extends CMSServlet {
             } else if (mAuthority instanceof IRegistrationAuthority) {
                 String reqIdStr = null;
 
-                if (mRequestID != null && mRequestID.length() > 0) 
+                if (mRequestID != null && mRequestID.length() > 0)
                     reqIdStr = mRequestID;
                 Vector<String> serialNumbers = new Vector<String>();
 
                 if (revokeAll != null && revokeAll.length() > 0) {
-                    for (int i = revokeAll.indexOf('=');
-                        i < revokeAll.length() && i > -1;
-                        i = revokeAll.indexOf('=', i)) {
+                    for (int i = revokeAll.indexOf('='); i < revokeAll.length() && i > -1; i = revokeAll.indexOf('=', i)) {
                         if (i > -1) {
                             i++;
                             while (i < revokeAll.length() && revokeAll.charAt(i) == ' ') {
@@ -383,8 +380,8 @@ public class ChallengeRevocationServlet1 extends CMSServlet {
                             String legalDigits = "0123456789";
                             int j = i;
 
-                            while (j < revokeAll.length() && 
-                                legalDigits.indexOf(revokeAll.charAt(j)) != -1) {
+                            while (j < revokeAll.length() &&
+                                    legalDigits.indexOf(revokeAll.charAt(j)) != -1) {
                                 j++;
                             }
                             if (j > i) {
@@ -411,12 +408,12 @@ public class ChallengeRevocationServlet1 extends CMSServlet {
                             IArgBlock rarg = CMS.createArgBlock();
 
                             rarg.addBigIntegerValue("serialNumber",
-                                certs[i].getSerialNumber(), 16);
+                                    certs[i].getSerialNumber(), 16);
                             oldCertsV.addElement(certs[i]);
 
                             RevokedCertImpl revCertImpl =
-                                new RevokedCertImpl(certs[i].getSerialNumber(),
-                                    CMS.getCurrentDate(), entryExtn);
+                                    new RevokedCertImpl(certs[i].getSerialNumber(),
+                                            CMS.getCurrentDate(), entryExtn);
 
                             revCertImplsV.addElement(revCertImpl);
                             count++;
@@ -433,12 +430,12 @@ public class ChallengeRevocationServlet1 extends CMSServlet {
                         IArgBlock rarg = CMS.createArgBlock();
 
                         rarg.addBigIntegerValue("serialNumber",
-                            cert.getSerialNumber(), 16);
+                                cert.getSerialNumber(), 16);
                         oldCertsV.addElement(cert);
 
                         RevokedCertImpl revCertImpl =
-                            new RevokedCertImpl(cert.getSerialNumber(),
-                                CMS.getCurrentDate(), entryExtn);
+                                new RevokedCertImpl(cert.getSerialNumber(),
+                                        CMS.getCurrentDate(), entryExtn);
 
                         revCertImplsV.addElement(revCertImpl);
                         count++;
@@ -459,7 +456,7 @@ public class ChallengeRevocationServlet1 extends CMSServlet {
             }
 
             IRequest revReq =
-                mQueue.newRequest(IRequest.REVOCATION_REQUEST);
+                    mQueue.newRequest(IRequest.REVOCATION_REQUEST);
 
             revReq.setExtData(IRequest.CERT_INFO, revCertImpls);
             revReq.setExtData(IRequest.REQ_TYPE, IRequest.REVOCATION_REQUEST);
@@ -479,29 +476,29 @@ public class ChallengeRevocationServlet1 extends CMSServlet {
 
                 if (result.equals(IRequest.RES_ERROR)) {
                     String[] svcErrors =
-                        revReq.getExtDataInStringArray(IRequest.SVCERRORS);
+                            revReq.getExtDataInStringArray(IRequest.SVCERRORS);
 
                     if (svcErrors != null && svcErrors.length > 0) {
                         for (int i = 0; i < svcErrors.length; i++) {
                             String err = svcErrors[i];
 
                             if (err != null) {
-                                //cmsReq.setErrorDescription(err);
+                                // cmsReq.setErrorDescription(err);
                                 for (int j = 0; j < count; j++) {
                                     if (oldCerts[j] != null) {
                                         mLogger.log(ILogger.EV_AUDIT,
-                                            ILogger.S_OTHER,
-                                            AuditFormat.LEVEL,
-                                            AuditFormat.DOREVOKEFORMAT,
-                                            new Object[] {
-                                                revReq.getRequestId(),
-                                                initiative,
-                                                "completed with error: " +
-                                                err,
-                                                oldCerts[j].getSubjectDN(),
-                                                oldCerts[j].getSerialNumber().toString(16),
-                                                RevocationReason.fromInt(reason).toString()}
-                                        );
+                                                ILogger.S_OTHER,
+                                                AuditFormat.LEVEL,
+                                                AuditFormat.DOREVOKEFORMAT,
+                                                new Object[] {
+                                                        revReq.getRequestId(),
+                                                        initiative,
+                                                        "completed with error: " +
+                                                                err,
+                                                        oldCerts[j].getSubjectDN(),
+                                                        oldCerts[j].getSerialNumber().toString(16),
+                                                        RevocationReason.fromInt(reason).toString() }
+                                                );
                                     }
                                 }
                             }
@@ -514,23 +511,23 @@ public class ChallengeRevocationServlet1 extends CMSServlet {
                 for (int j = 0; j < count; j++) {
                     if (oldCerts[j] != null) {
                         mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER,
-                            AuditFormat.LEVEL,
-                            AuditFormat.DOREVOKEFORMAT,
-                            new Object[] {
-                                revReq.getRequestId(),
-                                initiative,
-                                "completed",
-                                oldCerts[j].getSubjectDN(),
-                                oldCerts[j].getSerialNumber().toString(16),
-                                RevocationReason.fromInt(reason).toString()}
-                        );
+                                AuditFormat.LEVEL,
+                                AuditFormat.DOREVOKEFORMAT,
+                                new Object[] {
+                                        revReq.getRequestId(),
+                                        initiative,
+                                        "completed",
+                                        oldCerts[j].getSubjectDN(),
+                                        oldCerts[j].getSerialNumber().toString(16),
+                                        RevocationReason.fromInt(reason).toString() }
+                                );
                     }
                 }
 
                 header.addStringValue("revoked", "yes");
 
                 Integer updateCRLResult =
-                    revReq.getExtDataInInteger(IRequest.CRL_UPDATE_STATUS);
+                        revReq.getExtDataInInteger(IRequest.CRL_UPDATE_STATUS);
 
                 if (updateCRLResult != null) {
                     header.addStringValue("updateCRL", "yes");
@@ -539,15 +536,15 @@ public class ChallengeRevocationServlet1 extends CMSServlet {
                     } else {
                         header.addStringValue("updateCRLSuccess", "no");
                         String crlError =
-                            revReq.getExtDataInString(IRequest.CRL_UPDATE_ERROR);
+                                revReq.getExtDataInString(IRequest.CRL_UPDATE_ERROR);
 
                         if (crlError != null)
                             header.addStringValue("updateCRLError",
-                                crlError);
+                                    crlError);
                     }
                     // let known crl publishing status too.
                     Integer publishCRLResult =
-                        revReq.getExtDataInInteger(IRequest.CRL_PUBLISH_STATUS);
+                            revReq.getExtDataInInteger(IRequest.CRL_PUBLISH_STATUS);
 
                     if (publishCRLResult != null) {
                         if (publishCRLResult.equals(IRequest.RES_SUCCESS)) {
@@ -555,22 +552,22 @@ public class ChallengeRevocationServlet1 extends CMSServlet {
                         } else {
                             header.addStringValue("publishCRLSuccess", "no");
                             String publError =
-                                revReq.getExtDataInString(IRequest.CRL_PUBLISH_ERROR);
+                                    revReq.getExtDataInString(IRequest.CRL_PUBLISH_ERROR);
 
                             if (publError != null)
                                 header.addStringValue("publishCRLError",
-                                    publError);
+                                        publError);
                         }
                     }
                 }
                 if (mAuthority instanceof ICertificateAuthority) {
                     // let known update and publish status of all crls.
                     Enumeration<ICRLIssuingPoint> otherCRLs =
-                        ((ICertificateAuthority) mAuthority).getCRLIssuingPoints();
+                            ((ICertificateAuthority) mAuthority).getCRLIssuingPoints();
 
                     while (otherCRLs.hasMoreElements()) {
                         ICRLIssuingPoint crl = (ICRLIssuingPoint)
-                            otherCRLs.nextElement();
+                                otherCRLs.nextElement();
                         String crlId = crl.getId();
 
                         if (crlId.equals(ICertificateAuthority.PROP_MASTER_CRL))
@@ -580,25 +577,25 @@ public class ChallengeRevocationServlet1 extends CMSServlet {
 
                         if (updateResult != null) {
                             if (updateResult.equals(IRequest.RES_SUCCESS)) {
-                                CMS.debug("ChallengeRevcationServlet1: " + CMS.getLogMessage("ADMIN_SRVLT_ADDING_HEADER", 
+                                CMS.debug("ChallengeRevcationServlet1: " + CMS.getLogMessage("ADMIN_SRVLT_ADDING_HEADER",
                                         updateStatusStr));
                                 header.addStringValue(updateStatusStr, "yes");
                             } else {
                                 String updateErrorStr = crl.getCrlUpdateErrorStr();
 
-                                CMS.debug("ChallengeRevcationServlet1: " + CMS.getLogMessage("ADMIN_SRVLT_ADDING_HEADER_NO", 
+                                CMS.debug("ChallengeRevcationServlet1: " + CMS.getLogMessage("ADMIN_SRVLT_ADDING_HEADER_NO",
                                         updateStatusStr));
                                 header.addStringValue(updateStatusStr, "no");
                                 String error =
-                                    revReq.getExtDataInString(updateErrorStr);
+                                        revReq.getExtDataInString(updateErrorStr);
 
                                 if (error != null)
                                     header.addStringValue(updateErrorStr,
-                                        error);
+                                            error);
                             }
                             String publishStatusStr = crl.getCrlPublishStatusStr();
                             Integer publishResult =
-                                revReq.getExtDataInInteger(publishStatusStr);
+                                    revReq.getExtDataInInteger(publishStatusStr);
 
                             if (publishResult == null)
                                 continue;
@@ -606,15 +603,15 @@ public class ChallengeRevocationServlet1 extends CMSServlet {
                                 header.addStringValue(publishStatusStr, "yes");
                             } else {
                                 String publishErrorStr =
-                                    crl.getCrlPublishErrorStr();
+                                        crl.getCrlPublishErrorStr();
 
                                 header.addStringValue(publishStatusStr, "no");
                                 String error =
-                                    revReq.getExtDataInString(publishErrorStr);
+                                        revReq.getExtDataInString(publishErrorStr);
 
                                 if (error != null)
                                     header.addStringValue(
-                                        publishErrorStr, error);
+                                            publishErrorStr, error);
                             }
                         }
                     }
@@ -623,7 +620,7 @@ public class ChallengeRevocationServlet1 extends CMSServlet {
                 if (mPublisherProcessor != null && mPublisherProcessor.ldapEnabled()) {
                     header.addStringValue("dirEnabled", "yes");
                     Integer[] ldapPublishStatus =
-                        revReq.getExtDataInIntegerArray("ldapPublishStatus");
+                            revReq.getExtDataInIntegerArray("ldapPublishStatus");
                     int certsToUpdate = 0;
                     int certsUpdated = 0;
 
@@ -640,11 +637,11 @@ public class ChallengeRevocationServlet1 extends CMSServlet {
 
                     // add crl publishing status.
                     String publError =
-                        revReq.getExtDataInString(IRequest.CRL_PUBLISH_ERROR);
+                            revReq.getExtDataInString(IRequest.CRL_PUBLISH_ERROR);
 
                     if (publError != null) {
                         header.addStringValue("crlPublishError",
-                            publError);
+                                publError);
                     }
                 } else {
                     header.addStringValue("dirEnabled", "no");
@@ -658,16 +655,16 @@ public class ChallengeRevocationServlet1 extends CMSServlet {
                 for (int j = 0; j < count; j++) {
                     if (oldCerts[j] != null) {
                         mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER,
-                            AuditFormat.LEVEL,
-                            AuditFormat.DOREVOKEFORMAT,
-                            new Object[] {
-                                revReq.getRequestId(),
-                                initiative,
-                                "pending",
-                                oldCerts[j].getSubjectDN(),
-                                oldCerts[j].getSerialNumber().toString(16),
-                                RevocationReason.fromInt(reason).toString()}
-                        );
+                                AuditFormat.LEVEL,
+                                AuditFormat.DOREVOKEFORMAT,
+                                new Object[] {
+                                        revReq.getRequestId(),
+                                        initiative,
+                                        "pending",
+                                        oldCerts[j].getSubjectDN(),
+                                        oldCerts[j].getSerialNumber().toString(16),
+                                        RevocationReason.fromInt(reason).toString() }
+                                );
                     }
                 }
 
@@ -686,16 +683,16 @@ public class ChallengeRevocationServlet1 extends CMSServlet {
                 for (int j = 0; j < count; j++) {
                     if (oldCerts[j] != null) {
                         mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER,
-                            AuditFormat.LEVEL,
-                            AuditFormat.DOREVOKEFORMAT,
-                            new Object[] {
-                                revReq.getRequestId(),
-                                initiative,
-                                stat.toString(),
-                                oldCerts[j].getSubjectDN(),
-                                oldCerts[j].getSerialNumber().toString(16),
-                                RevocationReason.fromInt(reason).toString()}
-                        );
+                                AuditFormat.LEVEL,
+                                AuditFormat.DOREVOKEFORMAT,
+                                new Object[] {
+                                        revReq.getRequestId(),
+                                        initiative,
+                                        stat.toString(),
+                                        oldCerts[j].getSubjectDN(),
+                                        oldCerts[j].getSerialNumber().toString(16),
+                                        RevocationReason.fromInt(reason).toString() }
+                                );
                     }
                 }
             }
@@ -706,7 +703,7 @@ public class ChallengeRevocationServlet1 extends CMSServlet {
             throw e;
         } catch (IOException e) {
             log(ILogger.LL_FAILURE,
-                CMS.getLogMessage("CMSGW_ERROR_MARKING_CERT_REVOKED", e.toString()));
+                    CMS.getLogMessage("CMSGW_ERROR_MARKING_CERT_REVOKED", e.toString()));
             throw new ECMSGWException(CMS.getLogMessage("CMSGW_ERROR_MARKING_CERT_REVOKED"));
         } catch (Exception e) {
             e.printStackTrace();
@@ -715,4 +712,3 @@ public class ChallengeRevocationServlet1 extends CMSServlet {
         return;
     }
 }
-
diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/CloneRedirect.java b/pki/base/common/src/com/netscape/cms/servlet/cert/CloneRedirect.java
index b3693a53..fb531759 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/cert/CloneRedirect.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/cert/CloneRedirect.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.servlet.cert;
 
-
 import java.io.IOException;
 import java.util.Locale;
 
@@ -39,12 +38,11 @@ import com.netscape.cms.servlet.common.CMSTemplate;
 import com.netscape.cms.servlet.common.CMSTemplateParams;
 import com.netscape.cms.servlet.common.ECMSGWException;
 
-
 /**
- * Redirect a request to the Master. This servlet is used in
- * a clone when a requested service (such as CRL) is not available. 
- * It redirects the user to the master.
- *
+ * Redirect a request to the Master. This servlet is used in a clone when a
+ * requested service (such as CRL) is not available. It redirects the user to
+ * the master.
+ * 
  * @version $Revision$, $Date$
  */
 public class CloneRedirect extends CMSServlet {
@@ -71,7 +69,8 @@ public class CloneRedirect extends CMSServlet {
 
     /**
      * Initialize the servlet.
-	 * @param sc servlet configuration, read from the web.xml file
+     * 
+     * @param sc servlet configuration, read from the web.xml file
      */
     public void init(ServletConfig sc) throws ServletException {
         super.init(sc);
@@ -93,8 +92,8 @@ public class CloneRedirect extends CMSServlet {
 
         if (mAuthority instanceof ICertificateAuthority)
             mCA = (ICertificateAuthority) mAuthority;
-		
-            // override success to do output with our own template.
+
+        // override success to do output with our own template.
         mTemplates.remove(CMSRequest.SUCCESS);
     }
 
@@ -117,28 +116,28 @@ public class CloneRedirect extends CMSServlet {
         try {
             form = getTemplate(mFormPath, req, locale);
         } catch (IOException e) {
-            log(ILogger.LL_FAILURE, 
-                CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE"));
+            log(ILogger.LL_FAILURE,
+                    CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE"));
             throw new ECMSGWException(
                     CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE"));
         }
 
-        CMS.debug("CloneRedirect: " + CMS.getLogMessage("ADMIN_SRVLT_ADD_MASTER_URL", mNewUrl)); 
+        CMS.debug("CloneRedirect: " + CMS.getLogMessage("ADMIN_SRVLT_ADD_MASTER_URL", mNewUrl));
         header.addStringValue("masterURL", mNewUrl);
         try {
             ServletOutputStream out = resp.getOutputStream();
 
             String xmlOutput = req.getParameter("xml");
-			if (xmlOutput != null && xmlOutput.equals("true")) {
-			  outputXML(resp, argSet);
-			} else {
-			  resp.setContentType("text/html");
-			  form.renderOutput(out, argSet);
-			  cmsReq.setStatus(CMSRequest.SUCCESS);
-			}
+            if (xmlOutput != null && xmlOutput.equals("true")) {
+                outputXML(resp, argSet);
+            } else {
+                resp.setContentType("text/html");
+                form.renderOutput(out, argSet);
+                cmsReq.setStatus(CMSRequest.SUCCESS);
+            }
         } catch (IOException e) {
-            log(ILogger.LL_FAILURE, 
-                CMS.getLogMessage("ADMIN_SRVLT_ERR_STREAM_TEMPLATE", e.toString()));
+            log(ILogger.LL_FAILURE,
+                    CMS.getLogMessage("ADMIN_SRVLT_ERR_STREAM_TEMPLATE", e.toString()));
             throw new ECMSGWException(CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE"));
         }
     }
diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/DirAuthServlet.java b/pki/base/common/src/com/netscape/cms/servlet/cert/DirAuthServlet.java
index 0ccf7f18..03c909cc 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/cert/DirAuthServlet.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/cert/DirAuthServlet.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.servlet.cert;
 
-
 import java.io.IOException;
 import java.util.Date;
 import java.util.Locale;
@@ -45,10 +44,9 @@ import com.netscape.cms.servlet.common.CMSTemplate;
 import com.netscape.cms.servlet.common.CMSTemplateParams;
 import com.netscape.cms.servlet.common.ECMSGWException;
 
-
 /**
  * 'Face-to-face' certificate enrollment.
- *
+ * 
  * @version $Revision$, $Date$
  */
 public class DirAuthServlet extends CMSServlet {
@@ -64,8 +62,9 @@ public class DirAuthServlet extends CMSServlet {
         super();
     }
 
-	/**
+    /**
      * initialize the servlet.
+     * 
      * @param sc servlet configuration, read from the web.xml file
      */
     public void init(ServletConfig sc) throws ServletException {
@@ -81,15 +80,14 @@ public class DirAuthServlet extends CMSServlet {
         mTemplates.remove(CMSRequest.SUCCESS);
     }
 
-
-	/**
+    /**
      * Process the HTTP request. This servlet reads configuration information
-	 * from the hashDirEnrollment configuration substore
-     *
+     * from the hashDirEnrollment configuration substore
+     * 
      * @param cmsReq the object holding the request and response information
      */
     protected void process(CMSRequest cmsReq)
-        throws EBaseException {
+            throws EBaseException {
         HttpServletRequest httpReq = cmsReq.getHttpReq();
         HttpServletResponse httpResp = cmsReq.getHttpResp();
 
@@ -112,8 +110,8 @@ public class DirAuthServlet extends CMSServlet {
         try {
             form = getTemplate(mFormPath, httpReq, locale);
         } catch (IOException e) {
-            log(ILogger.LL_FAILURE, 
-                CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE"));
+            log(ILogger.LL_FAILURE,
+                    CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE"));
             cmsReq.setError(new ECMSGWException(
                     CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE")));
             cmsReq.setStatus(CMSRequest.ERROR);
@@ -166,7 +164,7 @@ public class DirAuthServlet extends CMSServlet {
             printError(cmsReq, "2");
             cmsReq.setStatus(CMSRequest.SUCCESS);
             return;
-        }  
+        }
 
         mgr.setLastLogin(reqHost, currTime);
 
@@ -176,11 +174,11 @@ public class DirAuthServlet extends CMSServlet {
 
         mgr.addAuthToken(pageID, authToken);
 
-        header.addStringValue("pageID", pageID); 
+        header.addStringValue("pageID", pageID);
         header.addStringValue("uid", uid);
         header.addStringValue("fingerprint", mgr.hashFingerprint(reqHost, pageID, uid));
         header.addStringValue("hostname", reqHost);
-  
+
         try {
             ServletOutputStream out = httpResp.getOutputStream();
 
@@ -188,8 +186,8 @@ public class DirAuthServlet extends CMSServlet {
             form.renderOutput(out, argSet);
             cmsReq.setStatus(CMSRequest.SUCCESS);
         } catch (IOException e) {
-            log(ILogger.LL_FAILURE, 
-                CMS.getLogMessage("ADMIN_SRVLT_ERR_STREAM_TEMPLATE", e.toString()));
+            log(ILogger.LL_FAILURE,
+                    CMS.getLogMessage("ADMIN_SRVLT_ERR_STREAM_TEMPLATE", e.toString()));
             cmsReq.setError(new ECMSGWException(
                     CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE")));
             cmsReq.setStatus(CMSRequest.ERROR);
@@ -199,7 +197,7 @@ public class DirAuthServlet extends CMSServlet {
     }
 
     private void printError(CMSRequest cmsReq, String errorCode)
-        throws EBaseException {
+            throws EBaseException {
         IArgBlock httpParams = cmsReq.getHttpParams();
         HttpServletRequest httpReq = cmsReq.getHttpReq();
         HttpServletResponse httpResp = cmsReq.getHttpResp();
@@ -219,7 +217,7 @@ public class DirAuthServlet extends CMSServlet {
             form = getTemplate(formPath, httpReq, locale);
         } catch (IOException e) {
             log(ILogger.LL_FAILURE,
-                CMS.getLogMessage("ADMIN_SRVLT_ERR_GET_TEMPLATE", formPath, e.toString()));
+                    CMS.getLogMessage("ADMIN_SRVLT_ERR_GET_TEMPLATE", formPath, e.toString()));
             cmsReq.setError(new ECMSGWException(
                     CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE")));
             cmsReq.setStatus(CMSRequest.ERROR);
@@ -234,7 +232,7 @@ public class DirAuthServlet extends CMSServlet {
             cmsReq.setStatus(CMSRequest.SUCCESS);
         } catch (IOException e) {
             log(ILogger.LL_FAILURE,
-                CMS.getLogMessage("ADMIN_SRVLT_ERR_STREAM_TEMPLATE", e.toString()));
+                    CMS.getLogMessage("ADMIN_SRVLT_ERR_STREAM_TEMPLATE", e.toString()));
             cmsReq.setError(new ECMSGWException(
                     CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE")));
             cmsReq.setStatus(CMSRequest.ERROR);
diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/DisableEnrollResult.java b/pki/base/common/src/com/netscape/cms/servlet/cert/DisableEnrollResult.java
index 9f353312..a5cdc98e 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/cert/DisableEnrollResult.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/cert/DisableEnrollResult.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.servlet.cert;
 
-
 import java.io.IOException;
 import java.security.cert.X509Certificate;
 import java.util.Locale;
@@ -45,10 +44,9 @@ import com.netscape.cms.servlet.common.CMSTemplate;
 import com.netscape.cms.servlet.common.CMSTemplateParams;
 import com.netscape.cms.servlet.common.ECMSGWException;
 
-
 /**
  * For Face-to-face enrollment, disable EE enrollment feature
- *
+ * 
  * @version $Revision$, $Date$
  * @see com.netscape.cms.servlet.cert.EnableEnrollResult
  */
@@ -83,7 +81,7 @@ public class DisableEnrollResult extends CMSServlet {
      * Services the request
      */
     protected void process(CMSRequest cmsReq)
-        throws EBaseException {
+            throws EBaseException {
         HttpServletRequest httpReq = cmsReq.getHttpReq();
         HttpServletResponse httpResp = cmsReq.getHttpResp();
 
@@ -125,10 +123,10 @@ public class DisableEnrollResult extends CMSServlet {
         try {
             form = getTemplate(mFormPath, httpReq, locale);
         } catch (IOException e) {
-            log(ILogger.LL_FAILURE, 
-                CMS.getLogMessage("ADMIN_SRVLT_ERR_GET_TEMPLATE", mFormPath, e.toString()));
+            log(ILogger.LL_FAILURE,
+                    CMS.getLogMessage("ADMIN_SRVLT_ERR_GET_TEMPLATE", mFormPath, e.toString()));
             cmsReq.setError(new ECMSGWException(
-              CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")));
+                    CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")));
             cmsReq.setStatus(CMSRequest.ERROR);
             return;
         }
@@ -162,10 +160,10 @@ public class DisableEnrollResult extends CMSServlet {
             form.renderOutput(out, argSet);
             cmsReq.setStatus(CMSRequest.SUCCESS);
         } catch (IOException e) {
-            log(ILogger.LL_FAILURE, 
-                CMS.getLogMessage("ADMIN_SRVLT_ERR_STREAM_TEMPLATE", e.toString()));
+            log(ILogger.LL_FAILURE,
+                    CMS.getLogMessage("ADMIN_SRVLT_ERR_STREAM_TEMPLATE", e.toString()));
             cmsReq.setError(new ECMSGWException(
-              CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")));
+                    CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")));
             cmsReq.setStatus(CMSRequest.ERROR);
         }
         cmsReq.setStatus(CMSRequest.SUCCESS);
diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/DisplayBySerial.java b/pki/base/common/src/com/netscape/cms/servlet/cert/DisplayBySerial.java
index ea62b9cb..2a32b594 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/cert/DisplayBySerial.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/cert/DisplayBySerial.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.servlet.cert;
 
-
 import java.io.ByteArrayOutputStream;
 import java.io.IOException;
 import java.math.BigInteger;
@@ -67,13 +66,12 @@ import com.netscape.cms.servlet.common.CMSTemplate;
 import com.netscape.cms.servlet.common.CMSTemplateParams;
 import com.netscape.cms.servlet.common.ECMSGWException;
 
-
 /**
  * Display detailed information about a certificate
- *
- * The template 'displayBySerial.template' is used to
- * render the response for this servlet.
- *
+ * 
+ * The template 'displayBySerial.template' is used to render the response for
+ * this servlet.
+ * 
  * @version $Revision$, $Date$
  */
 public class DisplayBySerial extends CMSServlet {
@@ -99,6 +97,7 @@ public class DisplayBySerial extends CMSServlet {
 
     /**
      * initialize the servlet.
+     * 
      * @param sc servlet configuration, read from the web.xml file
      */
     public void init(ServletConfig sc) throws ServletException {
@@ -109,16 +108,16 @@ public class DisplayBySerial extends CMSServlet {
         try {
             mCACerts = ((ICertAuthority) mAuthority).getCACertChain().getChain();
         } catch (Exception e) {
-            log(ILogger.LL_FAILURE, 
-                CMS.getLogMessage("CMSGW_CA_CHAIN_NOT_AVAILABLE"));
+            log(ILogger.LL_FAILURE,
+                    CMS.getLogMessage("CMSGW_CA_CHAIN_NOT_AVAILABLE"));
         }
         // coming from ee
         mForm1Path = "/" + mAuthority.getId() + "/" + TPL_FILE1;
-      
-        if (mOutputTemplatePath != null) 
+
+        if (mOutputTemplatePath != null)
             mForm1Path = mOutputTemplatePath;
 
-        // override success and error templates to null - 
+        // override success and error templates to null -
         // handle templates locally.
         mTemplates.remove(CMSRequest.SUCCESS);
     }
@@ -126,8 +125,8 @@ public class DisplayBySerial extends CMSServlet {
     /**
      * Serves HTTP request. The format of this request is as follows:
      * <ul>
-     * <li>http.param serialNumber Decimal serial number of certificate to display
-     *   (or hex if serialNumber preceded by 0x)
+     * <li>http.param serialNumber Decimal serial number of certificate to
+     * display (or hex if serialNumber preceded by 0x)
      * </ul>
      */
     public void process(CMSRequest cmsReq) throws EBaseException {
@@ -151,7 +150,7 @@ public class DisplayBySerial extends CMSServlet {
                             mAuthzResourceName, "read");
             } catch (Exception e) {
                 log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+                        CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
             }
 
             if (authzToken == null) {
@@ -170,8 +169,8 @@ public class DisplayBySerial extends CMSServlet {
 
             error = new ECMSGWException(CMS.getLogMessage("BASE_INVALID_NUMBER_FORMAT"));
         } catch (IOException e) {
-            log(ILogger.LL_FAILURE, 
-                CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mForm1Path, e.toString()));
+            log(ILogger.LL_FAILURE,
+                    CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mForm1Path, e.toString()));
             throw new ECMSGWException(
                     CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE"));
         } catch (EDBRecordNotFoundException e) {
@@ -185,15 +184,15 @@ public class DisplayBySerial extends CMSServlet {
 
         try {
             if (serialNumber.compareTo(MINUS_ONE) > 0) {
-                process(argSet, header, serialNumber, 
-                    req, resp, locale[0]);
+                process(argSet, header, serialNumber,
+                        req, resp, locale[0]);
             } else {
                 error = new ECMSGWException(
                             CMS.getLogMessage("CMSGW_INVALID_SERIAL_NUMBER"));
             }
         } catch (EBaseException e) {
             error = e;
-        } 
+        }
 
         try {
             ServletOutputStream out = resp.getOutputStream();
@@ -201,19 +200,19 @@ public class DisplayBySerial extends CMSServlet {
             if (error == null) {
                 String xmlOutput = req.getParameter("xml");
                 if (xmlOutput != null && xmlOutput.equals("true")) {
-                  outputXML(resp, argSet);
+                    outputXML(resp, argSet);
                 } else {
-                  resp.setContentType("text/html");
-                  form.renderOutput(out, argSet);
-                  cmsReq.setStatus(CMSRequest.SUCCESS);
+                    resp.setContentType("text/html");
+                    form.renderOutput(out, argSet);
+                    cmsReq.setStatus(CMSRequest.SUCCESS);
                 }
             } else {
                 cmsReq.setStatus(CMSRequest.ERROR);
                 cmsReq.setError(error);
             }
         } catch (IOException e) {
-            log(ILogger.LL_FAILURE, 
-                CMS.getLogMessage("CMSGW_ERR_BAD_SERV_OUT_STREAM", e.toString()));
+            log(ILogger.LL_FAILURE,
+                    CMS.getLogMessage("CMSGW_ERR_BAD_SERV_OUT_STREAM", e.toString()));
             throw new ECMSGWException(CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE"));
         }
 
@@ -223,53 +222,53 @@ public class DisplayBySerial extends CMSServlet {
      * Display information about a particular certificate
      */
     private void process(CMSTemplateParams argSet, IArgBlock header,
-        BigInteger seq, HttpServletRequest req, 
-        HttpServletResponse resp, 
-        Locale locale)
-        throws EBaseException {
+            BigInteger seq, HttpServletRequest req,
+            HttpServletResponse resp,
+            Locale locale)
+            throws EBaseException {
         String certType[] = new String[1];
 
         try {
             ICertRecord rec = getCertRecord(seq, certType);
-				
+
             if (certType[0].equalsIgnoreCase("x509")) {
                 processX509(argSet, header, seq, req, resp, locale);
                 return;
             }
         } catch (EBaseException e) {
-            log(ILogger.LL_FAILURE, 
-                CMS.getLogMessage("CMSGW_ERR_DISP_BY_SERIAL", e.toString()));
+            log(ILogger.LL_FAILURE,
+                    CMS.getLogMessage("CMSGW_ERR_DISP_BY_SERIAL", e.toString()));
             throw e;
         }
-		
+
         return;
     }
-	
+
     private void processX509(CMSTemplateParams argSet, IArgBlock header,
-        BigInteger seq, HttpServletRequest req, 
-        HttpServletResponse resp, 
-        Locale locale)
-        throws EBaseException {
+            BigInteger seq, HttpServletRequest req,
+            HttpServletResponse resp,
+            Locale locale)
+            throws EBaseException {
         try {
             ICertRecord rec = (ICertRecord) mCertDB.readCertificateRecord(seq);
-            if (rec == null)  {
-              CMS.debug("DisplayBySerial: failed to read record");
-              throw new ECMSGWException(
-                    CMS.getLogMessage("CMSGW_ERROR_ENCODING_ISSUED_CERT"));
+            if (rec == null) {
+                CMS.debug("DisplayBySerial: failed to read record");
+                throw new ECMSGWException(
+                        CMS.getLogMessage("CMSGW_ERROR_ENCODING_ISSUED_CERT"));
             }
             X509CertImpl cert = rec.getCertificate();
-            if (cert == null)  {
-              CMS.debug("DisplayBySerial: no certificate in record");
-              throw new ECMSGWException(
-                    CMS.getLogMessage("CMSGW_ERROR_ENCODING_ISSUED_CERT"));
+            if (cert == null) {
+                CMS.debug("DisplayBySerial: no certificate in record");
+                throw new ECMSGWException(
+                        CMS.getLogMessage("CMSGW_ERROR_ENCODING_ISSUED_CERT"));
             }
 
             try {
                 X509CertInfo info = (X509CertInfo) cert.get(X509CertImpl.NAME + "." + X509CertImpl.INFO);
-                if (info == null)  {
-                  CMS.debug("DisplayBySerial: no info found");
-                  throw new ECMSGWException(
-                    CMS.getLogMessage("CMSGW_ERROR_ENCODING_ISSUED_CERT"));
+                if (info == null) {
+                    CMS.debug("DisplayBySerial: no info found");
+                    throw new ECMSGWException(
+                            CMS.getLogMessage("CMSGW_ERROR_ENCODING_ISSUED_CERT"));
                 }
                 CertificateExtensions extensions = (CertificateExtensions) info.get(X509CertInfo.EXTENSIONS);
 
@@ -287,11 +286,11 @@ public class DisplayBySerial extends CMSServlet {
                         }
                         if (ext instanceof KeyUsageExtension) {
                             KeyUsageExtension usage =
-                                (KeyUsageExtension) ext;
+                                    (KeyUsageExtension) ext;
 
                             try {
                                 if (((Boolean) usage.get(KeyUsageExtension.DIGITAL_SIGNATURE)).booleanValue() ||
-                                    ((Boolean) usage.get(KeyUsageExtension.DATA_ENCIPHERMENT)).booleanValue())
+                                        ((Boolean) usage.get(KeyUsageExtension.DATA_ENCIPHERMENT)).booleanValue())
                                     emailCert = true;
                             } catch (ArrayIndexOutOfBoundsException e) {
                                 // bug356108:
@@ -321,8 +320,8 @@ public class DisplayBySerial extends CMSServlet {
                 header.addBooleanValue("noCertImport", noCertImport);
 
             } catch (Exception e) {
-                log(ILogger.LL_FAILURE, 
-                    CMS.getLogMessage("CMSGW_ERROR_PARSING_EXTENS", e.toString()));
+                log(ILogger.LL_FAILURE,
+                        CMS.getLogMessage("CMSGW_ERROR_PARSING_EXTENS", e.toString()));
             }
 
             IRevocationInfo revocationInfo = rec.getRevocationInfo();
@@ -347,20 +346,16 @@ public class DisplayBySerial extends CMSServlet {
 
             ICertPrettyPrint certDetails = CMS.getCertPrettyPrint(cert);
 
-            header.addStringValue("certPrettyPrint", 
-                certDetails.toString(locale));
+            header.addStringValue("certPrettyPrint",
+                    certDetails.toString(locale));
 
             /*
-             String scheme = req.getScheme();
-             if (scheme.equals("http") && connectionIsSSL(req)) 
-             scheme = "https";
-             String requestURI = req.getRequestURI();
-             int i = requestURI.indexOf('?');
-             String newRequestURI = 
-             (i > -1)? requestURI.substring(0, i): requestURI;
-             header.addStringValue("serviceURL", scheme +"://"+
-             req.getServerName() + ":"+
-             req.getServerPort() + newRequestURI);
+             * String scheme = req.getScheme(); if (scheme.equals("http") &&
+             * connectionIsSSL(req)) scheme = "https"; String requestURI =
+             * req.getRequestURI(); int i = requestURI.indexOf('?'); String
+             * newRequestURI = (i > -1)? requestURI.substring(0, i): requestURI;
+             * header.addStringValue("serviceURL", scheme +"://"+
+             * req.getServerName() + ":"+ req.getServerPort() + newRequestURI);
              */
             header.addStringValue("authorityid", mAuthority.getId());
 
@@ -369,8 +364,8 @@ public class DisplayBySerial extends CMSServlet {
             try {
                 certFingerprints = CMS.getFingerPrints(cert);
             } catch (Exception e) {
-                log(ILogger.LL_FAILURE, 
-                    CMS.getLogMessage("CMSGW_ERR_DIGESTING_CERT", e.toString()));
+                log(ILogger.LL_FAILURE,
+                        CMS.getLogMessage("CMSGW_ERR_DIGESTING_CERT", e.toString()));
             }
             if (certFingerprints.length() > 0)
                 header.addStringValue("certFingerprint", certFingerprints);
@@ -382,12 +377,12 @@ public class DisplayBySerial extends CMSServlet {
             header.addStringValue("serialNumber", seq.toString(16));
 
             /*
-             String userAgent = req.getHeader("user-agent");
-             String agent = 
-             (userAgent != null)? UserInfo.getUserAgent(userAgent): "";
+             * String userAgent = req.getHeader("user-agent"); String agent =
+             * (userAgent != null)? UserInfo.getUserAgent(userAgent): "";
              */
             // Now formulate a PKCS#7 blob
-            X509CertImpl[] certsInChain = new X509CertImpl[1];; 
+            X509CertImpl[] certsInChain = new X509CertImpl[1];
+            ;
             if (mCACerts != null) {
                 for (int i = 0; i < mCACerts.length; i++) {
                     if (cert.equals(mCACerts[i])) {
@@ -398,10 +393,10 @@ public class DisplayBySerial extends CMSServlet {
                     certsInChain = new X509CertImpl[mCACerts.length + 1];
                 }
             }
-			
+
             // Set the EE cert
             certsInChain[0] = cert;
-			
+
             // Set the Ca certificate chain
             if (mCACerts != null) {
                 for (int i = 0; i < mCACerts.length; i++) {
@@ -414,43 +409,43 @@ public class DisplayBySerial extends CMSServlet {
             String p7Str;
 
             try {
-                PKCS7 p7 = new PKCS7(new AlgorithmId[0], 
+                PKCS7 p7 = new PKCS7(new AlgorithmId[0],
                         new ContentInfo(new byte[0]),
                         certsInChain,
                         new SignerInfo[0]);
                 ByteArrayOutputStream bos = new ByteArrayOutputStream();
 
-                p7.encodeSignedData(bos,false);
+                p7.encodeSignedData(bos, false);
                 byte[] p7Bytes = bos.toByteArray();
 
-				p7Str = com.netscape.osutil.OSUtil.BtoA(p7Bytes);
+                p7Str = com.netscape.osutil.OSUtil.BtoA(p7Bytes);
                 header.addStringValue("pkcs7ChainBase64", p7Str);
             } catch (Exception e) {
-                //p7Str = "PKCS#7 B64 Encoding error - " + e.toString() 
-                //+ "; Please contact your administrator";
-                log(ILogger.LL_FAILURE, 
-                    CMS.getLogMessage("CMSGW_ERROR_FORMING_PKCS7_1", e.toString())); 
+                // p7Str = "PKCS#7 B64 Encoding error - " + e.toString()
+                // + "; Please contact your administrator";
+                log(ILogger.LL_FAILURE,
+                        CMS.getLogMessage("CMSGW_ERROR_FORMING_PKCS7_1", e.toString()));
                 throw new ECMSGWException(
                         CMS.getLogMessage("CMSGW_ERROR_FORMING_PKCS7"));
             }
         } catch (EBaseException e) {
-            log(ILogger.LL_FAILURE, 
-                CMS.getLogMessage("MSGW_ERR_DISP_BY_SERIAL", e.toString()));
+            log(ILogger.LL_FAILURE,
+                    CMS.getLogMessage("MSGW_ERR_DISP_BY_SERIAL", e.toString()));
             throw e;
         } catch (CertificateEncodingException e) {
-            log(ILogger.LL_FAILURE, 
-                CMS.getLogMessage("CMSGW_ERR_ENCODE_CERT", e.toString()));
+            log(ILogger.LL_FAILURE,
+                    CMS.getLogMessage("CMSGW_ERR_ENCODE_CERT", e.toString()));
             throw new ECMSGWException(
                     CMS.getLogMessage("CMSGW_ERROR_ENCODING_ISSUED_CERT"));
         }
 
         return;
     }
-	
+
     private ICertRecord getCertRecord(BigInteger seq, String certtype[])
-        throws EBaseException {
+            throws EBaseException {
         ICertRecord rec = null;
-		
+
         try {
             rec = (ICertRecord) mCertDB.readCertificateRecord(seq);
             X509CertImpl x509cert = rec.getCertificate();
@@ -460,16 +455,16 @@ public class DisplayBySerial extends CMSServlet {
                 return rec;
             }
         } catch (EBaseException e) {
-            log(ILogger.LL_FAILURE, 
-                CMS.getLogMessage("CMSGW_ERR_DISP_BY_SERIAL", e.toString()));
+            log(ILogger.LL_FAILURE,
+                    CMS.getLogMessage("CMSGW_ERR_DISP_BY_SERIAL", e.toString()));
             throw e;
         }
-		
+
         return rec;
     }
 
     private BigInteger getSerialNumber(HttpServletRequest req)
-        throws NumberFormatException {
+            throws NumberFormatException {
         String serialNumString = req.getParameter("serialNumber");
 
         if (serialNumString != null) {
@@ -477,11 +472,10 @@ public class DisplayBySerial extends CMSServlet {
             if (serialNumString.startsWith("0x") || serialNumString.startsWith("0X")) {
                 return new BigInteger(serialNumString.substring(2), 16);
             } else {
-                return  new BigInteger(serialNumString);
+                return new BigInteger(serialNumString);
             }
-        } else {	
+        } else {
             throw new NumberFormatException();
-        }			
+        }
     }
 }
-
diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/DisplayCRL.java b/pki/base/common/src/com/netscape/cms/servlet/cert/DisplayCRL.java
index 3a5f3f06..cb0e1cf9 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/cert/DisplayCRL.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/cert/DisplayCRL.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.servlet.cert;
 
-
 import java.io.IOException;
 import java.math.BigInteger;
 import java.security.cert.CRLException;
@@ -50,10 +49,9 @@ import com.netscape.cms.servlet.common.CMSTemplate;
 import com.netscape.cms.servlet.common.CMSTemplateParams;
 import com.netscape.cms.servlet.common.ECMSGWException;
 
-
 /**
  * Decode the CRL and display it to the requester.
- *
+ * 
  * @version $Revision$, $Date$
  */
 public class DisplayCRL extends CMSServlet {
@@ -64,8 +62,8 @@ public class DisplayCRL extends CMSServlet {
     private static final long serialVersionUID = 1152016798229054027L;
     private final static String INFO = "DisplayCRL";
     private final static String TPL_FILE = "displayCRL.template";
-    //private final static String E_TPL_FILE = "error.template";
-    //private final static String OUT_ERROR = "errorDetails";
+    // private final static String E_TPL_FILE = "error.template";
+    // private final static String OUT_ERROR = "errorDetails";
 
     private String mFormPath = null;
     private ICertificateAuthority mCA = null;
@@ -78,9 +76,10 @@ public class DisplayCRL extends CMSServlet {
     }
 
     /**
-     * Initialize the servlet. This servlet uses the 'displayCRL.template' file to
-     * to render the response to the client.
-	 * @param sc servlet configuration, read from the web.xml file
+     * Initialize the servlet. This servlet uses the 'displayCRL.template' file
+     * to to render the response to the client.
+     * 
+     * @param sc servlet configuration, read from the web.xml file
      */
     public void init(ServletConfig sc) throws ServletException {
         super.init(sc);
@@ -96,15 +95,16 @@ public class DisplayCRL extends CMSServlet {
     }
 
     /**
-	 * Process the HTTP request
+     * Process the HTTP request
      * <ul>
-     * <li>http.param  crlIssuingPoint number
-     * <li>http.param  crlDisplayType entireCRL or crlHeader or base64Encoded or deltaCRL
-     * <li>http.param  pageStart which page to start displaying from
-     * <li>http.param  pageSize number of entries to show per page
+     * <li>http.param crlIssuingPoint number
+     * <li>http.param crlDisplayType entireCRL or crlHeader or base64Encoded or
+     * deltaCRL
+     * <li>http.param pageStart which page to start displaying from
+     * <li>http.param pageSize number of entries to show per page
      * </ul>
+     * 
      * @param cmsReq the Request to service.
-
      */
     public void process(CMSRequest cmsReq) throws EBaseException {
         HttpServletRequest req = cmsReq.getHttpReq();
@@ -132,8 +132,8 @@ public class DisplayCRL extends CMSServlet {
         try {
             form = getTemplate(mFormPath, req, locale);
         } catch (IOException e) {
-            log(ILogger.LL_FAILURE, 
-                CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE_1", mFormPath, e.toString()));
+            log(ILogger.LL_FAILURE,
+                    CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE_1", mFormPath, e.toString()));
             throw new ECMSGWException(
                     CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE"));
         }
@@ -148,22 +148,22 @@ public class DisplayCRL extends CMSServlet {
         String crlIssuingPointId = req.getParameter("crlIssuingPoint");
 
         process(argSet, header, req, resp, crlIssuingPointId,
-            locale[0]);
+                locale[0]);
 
         try {
             ServletOutputStream out = resp.getOutputStream();
 
             String xmlOutput = req.getParameter("xml");
-			if (xmlOutput != null && xmlOutput.equals("true")) {
-			  outputXML(resp, argSet);
-			} else {
-			  resp.setContentType("text/html");
-			  form.renderOutput(out, argSet);
-			  cmsReq.setStatus(CMSRequest.SUCCESS);
-			}
+            if (xmlOutput != null && xmlOutput.equals("true")) {
+                outputXML(resp, argSet);
+            } else {
+                resp.setContentType("text/html");
+                form.renderOutput(out, argSet);
+                cmsReq.setStatus(CMSRequest.SUCCESS);
+            }
         } catch (IOException e) {
-            log(ILogger.LL_FAILURE, 
-                CMS.getLogMessage("CMSGW_ERR_BAD_SERV_OUT_STREAM", e.toString()));
+            log(ILogger.LL_FAILURE,
+                    CMS.getLogMessage("CMSGW_ERR_BAD_SERV_OUT_STREAM", e.toString()));
             throw new ECMSGWException(CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE"));
         }
     }
@@ -192,24 +192,25 @@ public class DisplayCRL extends CMSServlet {
             masterHost = CMS.getConfigStore().getString("master.ca.agent.host", "");
             masterPort = CMS.getConfigStore().getString("master.ca.agent.port", "");
             if (masterHost != null && masterHost.length() > 0 &&
-                masterPort != null && masterPort.length() > 0) {
+                    masterPort != null && masterPort.length() > 0) {
                 clonedCA = true;
                 ipNames = crlRepository.getIssuingPointsNames();
             }
         } catch (EBaseException e) {
         }
-            
+
         if (clonedCA) {
             if (crlIssuingPointId != null) {
                 if (ipNames != null && ipNames.size() > 0) {
                     int i;
                     for (i = 0; i < ipNames.size(); i++) {
-                        String ipName = (String)ipNames.elementAt(i);
+                        String ipName = (String) ipNames.elementAt(i);
                         if (crlIssuingPointId.equals(ipName)) {
                             break;
                         }
                     }
-                    if (i >= ipNames.size()) crlIssuingPointId = null;
+                    if (i >= ipNames.size())
+                        crlIssuingPointId = null;
                 } else {
                     crlIssuingPointId = null;
                 }
@@ -226,13 +227,14 @@ public class DisplayCRL extends CMSServlet {
                         isCRLCacheEnabled = ip.isCRLCacheEnabled();
                         break;
                     }
-                    if (!ips.hasMoreElements()) crlIssuingPointId = null;
+                    if (!ips.hasMoreElements())
+                        crlIssuingPointId = null;
                 }
             }
         }
         if (crlIssuingPointId == null) {
             header.addStringValue("error",
-                "Request to unspecified or non-existing CRL issuing point: "+ipId);
+                    "Request to unspecified or non-existing CRL issuing point: " + ipId);
             return;
         }
 
@@ -240,22 +242,23 @@ public class DisplayCRL extends CMSServlet {
 
         String crlDisplayType = req.getParameter("crlDisplayType");
 
-        if (crlDisplayType == null) crlDisplayType = "cachedCRL";
+        if (crlDisplayType == null)
+            crlDisplayType = "cachedCRL";
         header.addStringValue("crlDisplayType", crlDisplayType);
 
         try {
-            crlRecord = 
+            crlRecord =
                     (ICRLIssuingPointRecord) mCA.getCRLRepository().readCRLIssuingPointRecord(crlIssuingPointId);
         } catch (EBaseException e) {
             header.addStringValue("error", e.toString(locale));
             return;
         }
         if (crlRecord == null) {
-            log(ILogger.LL_FAILURE, 
-                CMS.getLogMessage("CMSGW_CRL_NOT_YET_UPDATED_1", crlIssuingPointId));
-            header.addStringValue("error", 
-                new ECMSGWException(CMS.getUserMessage(locale, "CMS_GW_CRL_NOT_YET_UPDATED")).toString());
-            return; 
+            log(ILogger.LL_FAILURE,
+                    CMS.getLogMessage("CMSGW_CRL_NOT_YET_UPDATED_1", crlIssuingPointId));
+            header.addStringValue("error",
+                    new ECMSGWException(CMS.getUserMessage(locale, "CMS_GW_CRL_NOT_YET_UPDATED")).toString());
+            return;
         }
 
         header.addStringValue("crlIssuingPoint", crlIssuingPointId);
@@ -283,10 +286,10 @@ public class DisplayCRL extends CMSServlet {
             byte[] crlbytes = crlRecord.getCRL();
 
             if (crlbytes == null) {
-                log(ILogger.LL_FAILURE, 
-                    CMS.getLogMessage("CMSGW_CRL_NOT_YET_UPDATED_1", crlIssuingPointId));
-                header.addStringValue("error", 
-                    new ECMSGWException(CMS.getUserMessage(locale, "CMS_GW_CRL_NOT_YET_UPDATED")).toString());
+                log(ILogger.LL_FAILURE,
+                        CMS.getLogMessage("CMSGW_CRL_NOT_YET_UPDATED_1", crlIssuingPointId));
+                header.addStringValue("error",
+                        new ECMSGWException(CMS.getUserMessage(locale, "CMS_GW_CRL_NOT_YET_UPDATED")).toString());
                 return;
             }
 
@@ -299,8 +302,8 @@ public class DisplayCRL extends CMSServlet {
 
             } catch (Exception e) {
                 log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ERR_DECODE_CRL", e.toString()));
-                header.addStringValue("error", 
-                    new ECMSGWException(CMS.getUserMessage(locale, "CMS_GW_DECODE_CRL_FAILED")).toString());
+                header.addStringValue("error",
+                        new ECMSGWException(CMS.getUserMessage(locale, "CMS_GW_DECODE_CRL_FAILED")).toString());
             }
         }
 
@@ -320,24 +323,25 @@ public class DisplayCRL extends CMSServlet {
                     long lPageStart = new Long(pageStart).longValue();
                     long lPageSize = new Long(pageSize).longValue();
 
-                    if (lPageStart < 1) lPageStart = 1;
+                    if (lPageStart < 1)
+                        lPageStart = 1;
                     // if (lPageStart + lPageSize - lCRLSize > 1)
-                    //     lPageStart = lCRLSize - lPageSize + 1;
+                    // lPageStart = lCRLSize - lPageSize + 1;
 
                     header.addStringValue(
-                        "crlPrettyPrint", crlDetails.toString(locale,
-                            lCRLSize, lPageStart, lPageSize));
+                            "crlPrettyPrint", crlDetails.toString(locale,
+                                    lCRLSize, lPageStart, lPageSize));
                     header.addLongValue("pageStart", lPageStart);
                     header.addLongValue("pageSize", lPageSize);
                 } else {
                     header.addStringValue(
-                        "crlPrettyPrint", crlDetails.toString(locale));
+                            "crlPrettyPrint", crlDetails.toString(locale));
                 }
             } else if (crlDisplayType.equals("crlHeader")) {
                 ICRLPrettyPrint crlDetails = CMS.getCRLPrettyPrint(crl);
 
                 header.addStringValue(
-                    "crlPrettyPrint", crlDetails.toString(locale, lCRLSize, 0, 0));
+                        "crlPrettyPrint", crlDetails.toString(locale, lCRLSize, 0, 0));
             } else if (crlDisplayType.equals("base64Encoded")) {
                 try {
                     byte[] ba = crl.getEncoded();
@@ -377,14 +381,14 @@ public class DisplayCRL extends CMSServlet {
                 } catch (CRLException e) {
                 }
             } else if (crlDisplayType.equals("deltaCRL")) {
-                if ((clonedCA && crlRecord.getDeltaCRLSize() != null && 
-                     crlRecord.getDeltaCRLSize().longValue() > -1) ||
-                    (crlIP != null && crlIP.isDeltaCRLEnabled())) {
+                if ((clonedCA && crlRecord.getDeltaCRLSize() != null &&
+                        crlRecord.getDeltaCRLSize().longValue() > -1) ||
+                        (crlIP != null && crlIP.isDeltaCRLEnabled())) {
                     byte[] deltaCRLBytes = crlRecord.getDeltaCRL();
 
                     if (deltaCRLBytes == null) {
-                        log(ILogger.LL_FAILURE, 
-                            CMS.getLogMessage("CMSGW_ERR_NO_DELTA_CRL", crlIssuingPointId));
+                        log(ILogger.LL_FAILURE,
+                                CMS.getLogMessage("CMSGW_ERR_NO_DELTA_CRL", crlIssuingPointId));
                         header.addStringValue("error", "Delta CRL is not available");
                     } else {
                         X509CRLImpl deltaCRL = null;
@@ -393,23 +397,23 @@ public class DisplayCRL extends CMSServlet {
                             deltaCRL = new X509CRLImpl(deltaCRLBytes);
                         } catch (Exception e) {
                             log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ERR_DECODE_DELTA_CRL", e.toString()));
-                            header.addStringValue("error", 
-                              new ECMSGWException(CMS.getUserMessage(locale, "CMS_GW_DECODE_CRL_FAILED")).toString());
+                            header.addStringValue("error",
+                                    new ECMSGWException(CMS.getUserMessage(locale, "CMS_GW_DECODE_CRL_FAILED")).toString());
                         }
                         if (deltaCRL != null) {
                             BigInteger crlNumber = crlRecord.getCRLNumber();
                             BigInteger deltaNumber = crlRecord.getDeltaCRLNumber();
                             if ((clonedCA && crlNumber != null && deltaNumber != null &&
-                                 deltaNumber.compareTo(crlNumber) >= 0) ||
-                                (crlIP != null && crlIP.isThisCurrentDeltaCRL(deltaCRL))) {
+                                    deltaNumber.compareTo(crlNumber) >= 0) ||
+                                    (crlIP != null && crlIP.isThisCurrentDeltaCRL(deltaCRL))) {
 
                                 header.addIntegerValue("deltaCRLSize",
-                                    deltaCRL.getNumberOfRevokedCertificates());
+                                        deltaCRL.getNumberOfRevokedCertificates());
 
                                 ICRLPrettyPrint crlDetails = CMS.getCRLPrettyPrint(deltaCRL);
 
                                 header.addStringValue(
-                                    "crlPrettyPrint", crlDetails.toString(locale, 0, 0, 0));
+                                        "crlPrettyPrint", crlDetails.toString(locale, 0, 0, 0));
 
                                 try {
                                     byte[] ba = deltaCRL.getEncoded();
@@ -455,8 +459,8 @@ public class DisplayCRL extends CMSServlet {
                     }
                 } else {
                     header.addStringValue("error", "Delta CRL is not enabled for " +
-                        crlIssuingPointId +
-                        " issuing point");
+                            crlIssuingPointId +
+                            " issuing point");
                 }
             }
 
@@ -464,10 +468,10 @@ public class DisplayCRL extends CMSServlet {
             header.addStringValue("error", CMS.getUserMessage(locale, "CMS_GW_CRL_CACHE_IS_NOT_ENABLED", crlIssuingPointId));
             header.addStringValue("crlPrettyPrint", CMS.getUserMessage(locale, "CMS_GW_CRL_CACHE_IS_NOT_ENABLED", crlIssuingPointId));
         } else {
-            header.addStringValue("error", 
-                new ECMSGWException(CMS.getUserMessage(locale, "CMS_GW_DECODE_CRL_FAILED")).toString());
-            header.addStringValue("crlPrettyPrint", 
-                new ECMSGWException(CMS.getUserMessage(locale, "CMS_GW_DECODE_CRL_FAILED")).toString());
+            header.addStringValue("error",
+                    new ECMSGWException(CMS.getUserMessage(locale, "CMS_GW_DECODE_CRL_FAILED")).toString());
+            header.addStringValue("crlPrettyPrint",
+                    new ECMSGWException(CMS.getUserMessage(locale, "CMS_GW_DECODE_CRL_FAILED")).toString());
         }
         return;
     }
diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/DisplayHashUserEnroll.java b/pki/base/common/src/com/netscape/cms/servlet/cert/DisplayHashUserEnroll.java
index 6efda2bb..8d2be7a4 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/cert/DisplayHashUserEnroll.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/cert/DisplayHashUserEnroll.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.servlet.cert;
 
-
 import java.io.IOException;
 import java.util.Date;
 import java.util.Locale;
@@ -45,11 +44,10 @@ import com.netscape.cms.servlet.common.CMSTemplate;
 import com.netscape.cms.servlet.common.CMSTemplateParams;
 import com.netscape.cms.servlet.common.ECMSGWException;
 
-
 /**
- * Servlet to report the status, ie, the agent-initiated user
- * enrollment is enabled or disabled.
- *
+ * Servlet to report the status, ie, the agent-initiated user enrollment is
+ * enabled or disabled.
+ * 
  * @version $Revision$, $Date$
  */
 public class DisplayHashUserEnroll extends CMSServlet {
@@ -90,7 +88,7 @@ public class DisplayHashUserEnroll extends CMSServlet {
      * Services the request
      */
     protected void process(CMSRequest cmsReq)
-        throws EBaseException {
+            throws EBaseException {
         HttpServletRequest httpReq = cmsReq.getHttpReq();
         HttpServletResponse httpResp = cmsReq.getHttpResp();
 
@@ -117,7 +115,7 @@ public class DisplayHashUserEnroll extends CMSServlet {
         if (!(mAuthority instanceof IRegistrationAuthority)) {
             log(ILogger.LL_FAILURE, CMS.getLogMessage("ADMIN_SRVLT_ERR_GET_TEMPLATE"));
             cmsReq.setError(new ECMSGWException(
-              CMS.getUserMessage("CMS_GW_NOT_YET_IMPLEMENTED")));
+                    CMS.getUserMessage("CMS_GW_NOT_YET_IMPLEMENTED")));
             cmsReq.setStatus(CMSRequest.ERROR);
             return;
         }
@@ -152,7 +150,7 @@ public class DisplayHashUserEnroll extends CMSServlet {
             printError(cmsReq, "2");
             cmsReq.setStatus(CMSRequest.SUCCESS);
             return;
-        }  
+        }
 
         mgr.setLastLogin(reqHost, currTime);
 
@@ -162,10 +160,10 @@ public class DisplayHashUserEnroll extends CMSServlet {
         try {
             form = getTemplate(mFormPath, httpReq, locale);
         } catch (IOException e) {
-            log(ILogger.LL_FAILURE, 
-                CMS.getLogMessage("ADMIN_SRVLT_ERR_GET_TEMPLATE", mFormPath, e.toString()));
+            log(ILogger.LL_FAILURE,
+                    CMS.getLogMessage("ADMIN_SRVLT_ERR_GET_TEMPLATE", mFormPath, e.toString()));
             cmsReq.setError(new ECMSGWException(
-              CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")));
+                    CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")));
             cmsReq.setStatus(CMSRequest.ERROR);
             return;
         }
@@ -177,10 +175,10 @@ public class DisplayHashUserEnroll extends CMSServlet {
             form.renderOutput(out, argSet);
             cmsReq.setStatus(CMSRequest.SUCCESS);
         } catch (IOException e) {
-            log(ILogger.LL_FAILURE, 
-                CMS.getLogMessage("CMSGW_ERR_OUT_STREAM_TEMPLATE", e.toString()));
+            log(ILogger.LL_FAILURE,
+                    CMS.getLogMessage("CMSGW_ERR_OUT_STREAM_TEMPLATE", e.toString()));
             cmsReq.setError(new ECMSGWException(
-              CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")));
+                    CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")));
             cmsReq.setStatus(CMSRequest.ERROR);
         }
         cmsReq.setStatus(CMSRequest.SUCCESS);
@@ -188,7 +186,7 @@ public class DisplayHashUserEnroll extends CMSServlet {
     }
 
     private void printError(CMSRequest cmsReq, String errorCode)
-        throws EBaseException {
+            throws EBaseException {
         IArgBlock httpParams = cmsReq.getHttpParams();
         HttpServletRequest httpReq = cmsReq.getHttpReq();
         HttpServletResponse httpResp = cmsReq.getHttpResp();
@@ -208,9 +206,9 @@ public class DisplayHashUserEnroll extends CMSServlet {
             form = getTemplate(formPath, httpReq, locale);
         } catch (IOException e) {
             log(ILogger.LL_FAILURE,
-                CMS.getLogMessage("ADMIN_SRVLT_ERR_GET_TEMPLATE", formPath, e.toString()));
+                    CMS.getLogMessage("ADMIN_SRVLT_ERR_GET_TEMPLATE", formPath, e.toString()));
             cmsReq.setError(new ECMSGWException(
-              CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")));
+                    CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")));
             cmsReq.setStatus(CMSRequest.ERROR);
             return;
         }
@@ -223,10 +221,10 @@ public class DisplayHashUserEnroll extends CMSServlet {
             cmsReq.setStatus(CMSRequest.SUCCESS);
         } catch (IOException e) {
             log(ILogger.LL_FAILURE,
-                CMS.getLogMessage("CMSGW_ERR_BAD_SERV_OUT_STREAM", "", e.toString()));
+                    CMS.getLogMessage("CMSGW_ERR_BAD_SERV_OUT_STREAM", "", e.toString()));
 
             cmsReq.setError(new ECMSGWException(
-              CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")));
+                    CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")));
             cmsReq.setStatus(CMSRequest.ERROR);
         }
     }
diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/DoRevoke.java b/pki/base/common/src/com/netscape/cms/servlet/cert/DoRevoke.java
index 3c562d65..e95d6dbe 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/cert/DoRevoke.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/cert/DoRevoke.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.servlet.cert;
 
-
 import java.io.IOException;
 import java.security.cert.CertificateException;
 import java.security.cert.X509Certificate;
@@ -71,10 +70,9 @@ import com.netscape.cms.servlet.common.CMSTemplate;
 import com.netscape.cms.servlet.common.CMSTemplateParams;
 import com.netscape.cms.servlet.common.ECMSGWException;
 
-
 /**
  * Revoke a Certificate
- *
+ * 
  * @version $Revision$, $Date$
  */
 public class DoRevoke extends CMSServlet {
@@ -98,20 +96,19 @@ public class DoRevoke extends CMSServlet {
     private final static String REVOKE = "revoke";
     private final static String ON_HOLD = "on-hold";
     private final static int ON_HOLD_REASON = 6;
-    private final static String
-        LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST =
-        "LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_5";
-    private final static String
-        LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED =
-        "LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED_7";
+    private final static String LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST =
+            "LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_5";
+    private final static String LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED =
+            "LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED_7";
 
     public DoRevoke() {
         super();
     }
 
     /**
-     * initialize the servlet. This servlet uses the template
-	 * file "revocationResult.template" to render the result
+     * initialize the servlet. This servlet uses the template file
+     * "revocationResult.template" to render the result
+     * 
      * @param sc servlet configuration, read from the web.xml file
      */
     public void init(ServletConfig sc) throws ServletException {
@@ -145,16 +142,20 @@ public class DoRevoke extends CMSServlet {
     }
 
     /**
-     * Serves HTTP request. The http parameters used by this request are as follows:
+     * Serves HTTP request. The http parameters used by this request are as
+     * follows:
+     * 
      * <pre>
      * serialNumber Serial number of certificate to revoke (in HEX)
      * revocationReason Revocation reason (Described below)
      * totalRecordCount [number]
      * verifiedRecordCount [number]
      * invalidityDate [number of seconds in Jan 1,1970]
-     *
+     * 
      * </pre>
+     * 
      * revocationReason can be one of these values:
+     * 
      * <pre>
      * 0 = Unspecified   (default)
      * 1 = Key compromised
@@ -204,7 +205,7 @@ public class DoRevoke extends CMSServlet {
             if (req.getParameter("verifiedRecordCount") != null) {
                 verifiedRecordCount = Integer.parseInt(
                             req.getParameter(
-                                "verifiedRecordCount"));
+                                    "verifiedRecordCount"));
             }
             if (req.getParameter("invalidityDate") != null) {
                 long l = Long.parseLong(req.getParameter(
@@ -228,8 +229,8 @@ public class DoRevoke extends CMSServlet {
                     try {
                         user = (IUser) mUL.locateUser(new Certificates(certChain));
                     } catch (Exception e) {
-                        CMS.debug("DoRevoke:  Failed to map certificate '"+
-                                   cert2.getSubjectDN().getName()+"' to user.");
+                        CMS.debug("DoRevoke:  Failed to map certificate '" +
+                                   cert2.getSubjectDN().getName() + "' to user.");
                     }
                     if (mUG.isMemberOf(user, "Subsystem Group")) {
                         skipNonceVerification = true;
@@ -249,8 +250,8 @@ public class DoRevoke extends CMSServlet {
                 } else {
                     CMS.debug("DoRevoke:  Missing nonce");
                 }
-                CMS.debug("DoRevoke:  nonceVerified="+nonceVerified);
-                CMS.debug("DoRevoke:  skipNonceVerification="+skipNonceVerification);
+                CMS.debug("DoRevoke:  nonceVerified=" + nonceVerified);
+                CMS.debug("DoRevoke:  skipNonceVerification=" + skipNonceVerification);
                 if ((!nonceVerified) && (!skipNonceVerification)) {
                     cmsReq.setStatus(CMSRequest.UNAUTHORIZED);
                     return;
@@ -261,7 +262,7 @@ public class DoRevoke extends CMSServlet {
             String eeSubjectDN = null;
             String eeSerialNumber = null;
 
-            //for audit log.
+            // for audit log.
             String initiative = null;
 
             String authMgr = AuditFormat.NOAUTH;
@@ -275,25 +276,24 @@ public class DoRevoke extends CMSServlet {
                             mAuthzResourceName, "revoke");
             } catch (EAuthzAccessDenied e) {
                 log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+                        CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
             } catch (Exception e) {
                 log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+                        CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
             }
 
             if (authzToken == null) {
                 cmsReq.setStatus(CMSRequest.UNAUTHORIZED);
                 return;
             }
- 
-            
+
             if (mAuthMgr != null && mAuthMgr.equals(IAuthSubsystem.CERTUSERDB_AUTHMGR_ID)) {
                 if (authToken != null) {
 
                     String serialNumber = req.getParameter("serialNumber");
                     X509CertImpl sslCert = (X509CertImpl) getSSLClientCertificate(req);
 
-                    if (serialNumber != null)  {
+                    if (serialNumber != null) {
                         eeSerialNumber = serialNumber;
                     }
 
@@ -306,12 +306,12 @@ public class DoRevoke extends CMSServlet {
             } else {
                 // request is fromUser.
                 initiative = AuditFormat.FROMUSER;
-                
+
                 String serialNumber = req.getParameter("serialNumber");
                 X509CertImpl sslCert = (X509CertImpl) getSSLClientCertificate(req);
 
                 if (serialNumber == null || sslCert == null ||
-                    !(serialNumber.equals(sslCert.getSerialNumber().toString(16)))) {
+                        !(serialNumber.equals(sslCert.getSerialNumber().toString(16)))) {
                     authorized = false;
                 } else {
                     eeSubjectDN = sslCert.getSubjectDN().toString();
@@ -322,29 +322,24 @@ public class DoRevoke extends CMSServlet {
 
             if (authorized) {
                 process(argSet, header, reason, invalidityDate, initiative,
-                    req, resp, verifiedRecordCount, revokeAll,
-                    totalRecordCount, eeSerialNumber, eeSubjectDN,
-                    comments, locale[0]);
+                        req, resp, verifiedRecordCount, revokeAll,
+                        totalRecordCount, eeSerialNumber, eeSubjectDN,
+                        comments, locale[0]);
             }
 
         } catch (NumberFormatException e) {
-            log(ILogger.LL_FAILURE, 
-                CMS.getLogMessage("BASE_INVALID_NUMBER_FORMAT"));
+            log(ILogger.LL_FAILURE,
+                    CMS.getLogMessage("BASE_INVALID_NUMBER_FORMAT"));
             error = new EBaseException(CMS.getLogMessage("BASE_INVALID_NUMBER_FORMAT"));
         } catch (EBaseException e) {
             error = e;
         }
 
         /*
-         catch (Exception e) {
-         noError = false;
-         header.addStringValue(OUT_ERROR,
-         MessageFormatter.getLocalizedString(
-         errorlocale[0],
-         BaseResources.class.getName(),
-         BaseResources.INTERNAL_ERROR_1,
-         e.toString()));
-         }
+         * catch (Exception e) { noError = false;
+         * header.addStringValue(OUT_ERROR, MessageFormatter.getLocalizedString(
+         * errorlocale[0], BaseResources.class.getName(),
+         * BaseResources.INTERNAL_ERROR_1, e.toString())); }
          */
 
         try {
@@ -353,11 +348,11 @@ public class DoRevoke extends CMSServlet {
             if (error == null && authorized) {
                 String xmlOutput = req.getParameter("xml");
                 if (xmlOutput != null && xmlOutput.equals("true")) {
-                  outputXML(resp, argSet);
+                    outputXML(resp, argSet);
                 } else {
-                  resp.setContentType("text/html");
-                  form.renderOutput(out, argSet);
-                  cmsReq.setStatus(CMSRequest.SUCCESS);
+                    resp.setContentType("text/html");
+                    form.renderOutput(out, argSet);
+                    cmsReq.setStatus(CMSRequest.SUCCESS);
                 }
             } else if (!authorized) {
                 cmsReq.setStatus(CMSRequest.UNAUTHORIZED);
@@ -366,8 +361,8 @@ public class DoRevoke extends CMSServlet {
                 cmsReq.setError(error);
             }
         } catch (IOException e) {
-            log(ILogger.LL_FAILURE, 
-                CMS.getLogMessage("CMSGW_ERR_OUT_STREAM_TEMPLATE", e.toString()));
+            log(ILogger.LL_FAILURE,
+                    CMS.getLogMessage("CMSGW_ERR_OUT_STREAM_TEMPLATE", e.toString()));
             throw new ECMSGWException(CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE"));
         }
     }
@@ -375,58 +370,59 @@ public class DoRevoke extends CMSServlet {
     /**
      * Process cert status change request
      * <P>
-     *
-     * (Certificate Request - either an "agent" cert status change request,
-     *  or an "EE" cert status change request)
+     * 
+     * (Certificate Request - either an "agent" cert status change request, or
+     * an "EE" cert status change request)
      * <P>
-     *
-     * (Certificate Request Processed -  either an "agent" cert status change
-     *  request, or an "EE" cert status change request)
+     * 
+     * (Certificate Request Processed - either an "agent" cert status change
+     * request, or an "EE" cert status change request)
      * <P>
-     *
+     * 
      * <ul>
-     * <li>signed.audit LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST used when
-     * a cert status change request (e. g. - "revocation") is made (before
+     * <li>signed.audit LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST used
+     * when a cert status change request (e. g. - "revocation") is made (before
      * approval process)
-     * <li>signed.audit LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED
-     * used when a certificate status is changed (revoked, expired, on-hold,
-     * off-hold)
+     * <li>signed.audit
+     * LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED used when a
+     * certificate status is changed (revoked, expired, on-hold, off-hold)
      * </ul>
+     * 
      * @param argSet CMS template parameters
      * @param header argument block
-     * @param reason revocation reason (0 - Unspecified, 1 - Key compromised,
-     * 2 - CA key compromised; should not be used, 3 - Affiliation changed,
-     * 4 - Certificate superceded, 5 - Cessation of operation, or
-     * 6 - Certificate is on hold)
+     * @param reason revocation reason (0 - Unspecified, 1 - Key compromised, 2
+     *            - CA key compromised; should not be used, 3 - Affiliation
+     *            changed, 4 - Certificate superceded, 5 - Cessation of
+     *            operation, or 6 - Certificate is on hold)
      * @param invalidityDate certificate validity date
      * @param initiative string containing the audit format
      * @param req HTTP servlet request
      * @param resp HTTP servlet response
      * @param verifiedRecordCount number of verified records
-     * @param revokeAll string containing information on all of the
-     * certificates to be revoked
+     * @param revokeAll string containing information on all of the certificates
+     *            to be revoked
      * @param totalRecordCount total number of records (verified and unverified)
-     * @param eeSerialNumber string containing the end-entity certificate
-     * serial number
+     * @param eeSerialNumber string containing the end-entity certificate serial
+     *            number
      * @param eeSubjectDN string containing the end-entity certificate subject
-     * distinguished name (DN)
+     *            distinguished name (DN)
      * @param comments string containing certificate comments
      * @param locale the system locale
      * @exception EBaseException an error has occurred
      */
     private void process(CMSTemplateParams argSet, IArgBlock header,
-        int reason, Date invalidityDate,
-        String initiative,
-        HttpServletRequest req,
-        HttpServletResponse resp,
-        int verifiedRecordCount,
-        String revokeAll,
-        int totalRecordCount,
-        String eeSerialNumber,
-        String eeSubjectDN,
-        String comments,
-        Locale locale) 
-        throws EBaseException {
+            int reason, Date invalidityDate,
+            String initiative,
+            HttpServletRequest req,
+            HttpServletResponse resp,
+            int verifiedRecordCount,
+            String revokeAll,
+            int totalRecordCount,
+            String eeSerialNumber,
+            String eeSubjectDN,
+            String comments,
+            Locale locale)
+            throws EBaseException {
         boolean auditRequest = true;
         String auditMessage = null;
         String auditSubjectID = auditSubjectID();
@@ -436,7 +432,7 @@ public class DoRevoke extends CMSServlet {
         String auditApprovalStatus = ILogger.SIGNED_AUDIT_EMPTY_VALUE;
         String auditReasonNum = String.valueOf(reason);
 
-         CMS.debug("DoRevoke: eeSerialNumber: " + eeSerialNumber + " auditSerialNumber: " + auditSerialNumber);
+        CMS.debug("DoRevoke: eeSerialNumber: " + eeSerialNumber + " auditSerialNumber: " + auditSerialNumber);
         long startTime = CMS.getCurrentDate().getTime();
 
         try {
@@ -483,16 +479,16 @@ public class DoRevoke extends CMSServlet {
                         CMS.debug("DoRevoke: skipped revocation request for system certificate " + xcert.getSerialNumber());
                         continue;
                     }
-					
+
                     if (xcert != null) {
                         rarg.addStringValue("serialNumber",
-                            xcert.getSerialNumber().toString(16));
+                                xcert.getSerialNumber().toString(16));
 
                         if (eeSerialNumber != null &&
-                            (eeSerialNumber.equals(xcert.getSerialNumber().toString())) &&
-                            rec.getStatus().equals(ICertRecord.STATUS_REVOKED)) {
+                                (eeSerialNumber.equals(xcert.getSerialNumber().toString())) &&
+                                rec.getStatus().equals(ICertRecord.STATUS_REVOKED)) {
                             log(ILogger.LL_FAILURE,
-                                CMS.getLogMessage("CA_CERTIFICATE_ALREADY_REVOKED_1", xcert.getSerialNumber().toString(16)));
+                                    CMS.getLogMessage("CA_CERTIFICATE_ALREADY_REVOKED_1", xcert.getSerialNumber().toString(16)));
 
                             // store a message in the signed audit log file
                             auditMessage = CMS.getLogMessage(
@@ -508,19 +504,19 @@ public class DoRevoke extends CMSServlet {
                             throw new ECMSGWException(CMS.getLogMessage("CMSGW_UNAUTHORIZED"));
                         } else if (rec.getStatus().equals(ICertRecord.STATUS_REVOKED)) {
                             rarg.addStringValue("error", "Certificate 0x" +
-                                xcert.getSerialNumber().toString(16) +
-                                " is already revoked.");
+                                    xcert.getSerialNumber().toString(16) +
+                                    " is already revoked.");
                         } else if (eeSubjectDN != null &&
-                            (!eeSubjectDN.equals(xcert.getSubjectDN().toString()))) {
+                                (!eeSubjectDN.equals(xcert.getSubjectDN().toString()))) {
                             rarg.addStringValue("error", "Certificate 0x" +
-                                xcert.getSerialNumber().toString(16) +
-                                " belongs to different subject.");
+                                    xcert.getSerialNumber().toString(16) +
+                                    " belongs to different subject.");
                         } else {
                             oldCertsV.addElement(xcert);
 
                             RevokedCertImpl revCertImpl =
-                                new RevokedCertImpl(xcert.getSerialNumber(),
-                                    CMS.getCurrentDate(), entryExtn);
+                                    new RevokedCertImpl(xcert.getSerialNumber(),
+                                            CMS.getCurrentDate(), entryExtn);
 
                             revCertImplsV.addElement(revCertImpl);
                             count++;
@@ -535,9 +531,7 @@ public class DoRevoke extends CMSServlet {
                 Vector<String> serialNumbers = new Vector<String>();
 
                 if (revokeAll != null && revokeAll.length() > 0) {
-                    for (int i = revokeAll.indexOf('=');
-                        i < revokeAll.length() && i > -1;
-                        i = revokeAll.indexOf('=', i)) {
+                    for (int i = revokeAll.indexOf('='); i < revokeAll.length() && i > -1; i = revokeAll.indexOf('=', i)) {
                         if (i > -1) {
                             i++;
                             while (i < revokeAll.length() && revokeAll.charAt(i) == ' ') {
@@ -564,29 +558,28 @@ public class DoRevoke extends CMSServlet {
                     for (int i = 0; i < certs.length; i++) {
                         boolean addToList = false;
 
-                        for (int j = 0; j < serialNumbers.size();
-                            j++) {
-                            //xxxxx serial number in decimal? 
+                        for (int j = 0; j < serialNumbers.size(); j++) {
+                            // xxxxx serial number in decimal?
                             if (certs[i].getSerialNumber().toString().equals((String) serialNumbers.elementAt(j)) &&
-                                eeSubjectDN != null && eeSubjectDN.equals(certs[i].getSubjectDN().toString())) {
+                                    eeSubjectDN != null && eeSubjectDN.equals(certs[i].getSubjectDN().toString())) {
                                 addToList = true;
                                 break;
                             }
                         }
                         if (eeSerialNumber != null &&
-                            eeSerialNumber.equals(certs[i].getSerialNumber().toString())) {
+                                eeSerialNumber.equals(certs[i].getSerialNumber().toString())) {
                             authorized = true;
                         }
                         if (addToList) {
                             IArgBlock rarg = CMS.createArgBlock();
 
                             rarg.addStringValue("serialNumber",
-                                certs[i].getSerialNumber().toString(16));
+                                    certs[i].getSerialNumber().toString(16));
                             oldCertsV.addElement(certs[i]);
 
                             RevokedCertImpl revCertImpl =
-                                new RevokedCertImpl(certs[i].getSerialNumber(),
-                                    CMS.getCurrentDate(), entryExtn);
+                                    new RevokedCertImpl(certs[i].getSerialNumber(),
+                                            CMS.getCurrentDate(), entryExtn);
 
                             revCertImplsV.addElement(revCertImpl);
                             count++;
@@ -596,7 +589,7 @@ public class DoRevoke extends CMSServlet {
                     }
                     if (!authorized) {
                         log(ILogger.LL_FAILURE,
-                            CMS.getLogMessage("CMSGW_REQ_AUTH_REVOKED_CERT"));
+                                CMS.getLogMessage("CMSGW_REQ_AUTH_REVOKED_CERT"));
 
                         // store a message in the signed audit log file
                         auditMessage = CMS.getLogMessage(
@@ -615,19 +608,19 @@ public class DoRevoke extends CMSServlet {
                     String b64eCert = req.getParameter("b64eCertificate");
 
                     if (b64eCert != null) {
-                        //  BASE64Decoder decoder = new BASE64Decoder();
-                        //  byte[] certBytes = decoder.decodeBuffer(b64eCert);
+                        // BASE64Decoder decoder = new BASE64Decoder();
+                        // byte[] certBytes = decoder.decodeBuffer(b64eCert);
                         byte[] certBytes = CMS.AtoB(b64eCert);
                         X509CertImpl cert = new X509CertImpl(certBytes);
                         IArgBlock rarg = CMS.createArgBlock();
 
                         rarg.addStringValue("serialNumber",
-                            cert.getSerialNumber().toString(16));
+                                cert.getSerialNumber().toString(16));
                         oldCertsV.addElement(cert);
 
                         RevokedCertImpl revCertImpl =
-                            new RevokedCertImpl(cert.getSerialNumber(),
-                                CMS.getCurrentDate(), entryExtn);
+                                new RevokedCertImpl(cert.getSerialNumber(),
+                                        CMS.getCurrentDate(), entryExtn);
 
                         revCertImplsV.addElement(revCertImpl);
                         count++;
@@ -636,8 +629,8 @@ public class DoRevoke extends CMSServlet {
                     }
                 }
             }
-            if (count == 0) { 
-                log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_REV_CERTS_ZERO")); 
+            if (count == 0) {
+                log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_REV_CERTS_ZERO"));
 
                 // store a message in the signed audit log file
                 auditMessage = CMS.getLogMessage(
@@ -656,7 +649,7 @@ public class DoRevoke extends CMSServlet {
             header.addIntegerValue("totalRecordCount", count);
 
             X509CertImpl[] oldCerts = new X509CertImpl[count];
-            //Certificate[] oldCerts = new Certificate[count];
+            // Certificate[] oldCerts = new Certificate[count];
             RevokedCertImpl[] revCertImpls = new RevokedCertImpl[count];
 
             for (int i = 0; i < count; i++) {
@@ -665,7 +658,7 @@ public class DoRevoke extends CMSServlet {
             }
 
             IRequest revReq =
-                mQueue.newRequest(IRequest.REVOCATION_REQUEST);
+                    mQueue.newRequest(IRequest.REVOCATION_REQUEST);
 
             // store a message in the signed audit log file
             auditMessage = CMS.getLogMessage(
@@ -680,7 +673,7 @@ public class DoRevoke extends CMSServlet {
 
             revReq.setExtData(IRequest.CERT_INFO, revCertImpls);
             revReq.setExtData(IRequest.REQ_TYPE, IRequest.REVOCATION_REQUEST);
-            if(initiative.equals(AuditFormat.FROMUSER))
+            if (initiative.equals(AuditFormat.FROMUSER))
                 revReq.setExtData(IRequest.REQUESTOR_TYPE, IRequest.REQUESTOR_EE);
             else
                 revReq.setExtData(IRequest.REQUESTOR_TYPE, IRequest.REQUESTOR_AGENT);
@@ -708,37 +701,37 @@ public class DoRevoke extends CMSServlet {
             // that is meant for the Master CA. From Clone's point of view
             // the request is complete
             if ((stat == RequestStatus.COMPLETE) || ((type.equals(IRequest.CLA_CERT4CRL_REQUEST)) && (stat == RequestStatus.SVC_PENDING))) {
-                // audit log the error 
+                // audit log the error
                 Integer result = revReq.getExtDataInInteger(IRequest.RESULT);
 
                 if (result.equals(IRequest.RES_ERROR)) {
                     String[] svcErrors =
-                        revReq.getExtDataInStringArray(IRequest.SVCERRORS);
+                            revReq.getExtDataInStringArray(IRequest.SVCERRORS);
 
                     if (svcErrors != null && svcErrors.length > 0) {
                         for (int i = 0; i < svcErrors.length; i++) {
                             String err = svcErrors[i];
 
                             if (err != null) {
-                                //cmsReq.setErrorDescription(err);
+                                // cmsReq.setErrorDescription(err);
                                 for (int j = 0; j < count; j++) {
                                     if (oldCerts[j] instanceof X509CertImpl) {
                                         X509CertImpl cert = (X509CertImpl) oldCerts[j];
 
                                         if (oldCerts[j] != null) {
                                             mLogger.log(ILogger.EV_AUDIT,
-                                                ILogger.S_OTHER,
-                                                AuditFormat.LEVEL,
-                                                AuditFormat.DOREVOKEFORMAT,
-                                                new Object[] {
-                                                    revReq.getRequestId(), 
-                                                    initiative,
-                                                    "completed with error: " +
-                                                    err,
-                                                    cert.getSubjectDN(),
-                                                    cert.getSerialNumber().toString(16),
-                                                    RevocationReason.fromInt(reason).toString()}
-                                            );
+                                                    ILogger.S_OTHER,
+                                                    AuditFormat.LEVEL,
+                                                    AuditFormat.DOREVOKEFORMAT,
+                                                    new Object[] {
+                                                            revReq.getRequestId(),
+                                                            initiative,
+                                                            "completed with error: " +
+                                                                    err,
+                                                            cert.getSubjectDN(),
+                                                            cert.getSerialNumber().toString(16),
+                                                            RevocationReason.fromInt(reason).toString() }
+                                                    );
                                         }
                                     }
                                 }
@@ -751,10 +744,10 @@ public class DoRevoke extends CMSServlet {
                     // "complete", "revoked", or "canceled"
                     if ((auditApprovalStatus.equals(
                                 RequestStatus.COMPLETE_STRING)) ||
-                        (auditApprovalStatus.equals(
-                                RequestStatus.REJECTED_STRING)) ||
-                        (auditApprovalStatus.equals(
-                                RequestStatus.CANCELED_STRING))) {
+                            (auditApprovalStatus.equals(
+                                    RequestStatus.REJECTED_STRING)) ||
+                            (auditApprovalStatus.equals(
+                                    RequestStatus.CANCELED_STRING))) {
                         auditMessage = CMS.getLogMessage(
                                     LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED,
                                     auditSubjectID,
@@ -768,7 +761,7 @@ public class DoRevoke extends CMSServlet {
                         audit(auditMessage);
                     }
 
-                    return; 
+                    return;
                 }
 
                 long endTime = CMS.getCurrentDate().getTime();
@@ -780,24 +773,24 @@ public class DoRevoke extends CMSServlet {
                             X509CertImpl cert = (X509CertImpl) oldCerts[j];
 
                             mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER,
-                                AuditFormat.LEVEL,
-                                AuditFormat.DOREVOKEFORMAT,
-                                new Object[] {
-                                    revReq.getRequestId(), 
-                                    initiative,
-                                    "completed",
-                                    cert.getSubjectDN(),
-                                    cert.getSerialNumber().toString(16),
-                                    RevocationReason.fromInt(reason).toString() + " time: " + (endTime - startTime)}
-                            );
+                                    AuditFormat.LEVEL,
+                                    AuditFormat.DOREVOKEFORMAT,
+                                    new Object[] {
+                                            revReq.getRequestId(),
+                                            initiative,
+                                            "completed",
+                                            cert.getSubjectDN(),
+                                            cert.getSerialNumber().toString(16),
+                                            RevocationReason.fromInt(reason).toString() + " time: " + (endTime - startTime) }
+                                    );
                         }
                     }
                 }
 
                 header.addStringValue("revoked", "yes");
 
-                Integer updateCRLResult = 
-                    revReq.getExtDataInInteger(IRequest.CRL_UPDATE_STATUS);
+                Integer updateCRLResult =
+                        revReq.getExtDataInInteger(IRequest.CRL_UPDATE_STATUS);
 
                 if (updateCRLResult != null) {
                     header.addStringValue("updateCRL", "yes");
@@ -806,15 +799,15 @@ public class DoRevoke extends CMSServlet {
                     } else {
                         header.addStringValue("updateCRLSuccess", "no");
                         String crlError =
-                            revReq.getExtDataInString(IRequest.CRL_UPDATE_ERROR);
+                                revReq.getExtDataInString(IRequest.CRL_UPDATE_ERROR);
 
-                        if (crlError != null) 
-                            header.addStringValue("updateCRLError", 
-                                crlError);
+                        if (crlError != null)
+                            header.addStringValue("updateCRLError",
+                                    crlError);
                     }
                     // let known crl publishing status too.
                     Integer publishCRLResult =
-                        revReq.getExtDataInInteger(IRequest.CRL_PUBLISH_STATUS);
+                            revReq.getExtDataInInteger(IRequest.CRL_PUBLISH_STATUS);
 
                     if (publishCRLResult != null) {
                         if (publishCRLResult.equals(IRequest.RES_SUCCESS)) {
@@ -822,23 +815,23 @@ public class DoRevoke extends CMSServlet {
                         } else {
                             header.addStringValue("publishCRLSuccess", "no");
                             String publError =
-                                revReq.getExtDataInString(IRequest.CRL_PUBLISH_ERROR);
+                                    revReq.getExtDataInString(IRequest.CRL_PUBLISH_ERROR);
 
-                            if (publError != null) 
-                                header.addStringValue("publishCRLError", 
-                                    publError);
+                            if (publError != null)
+                                header.addStringValue("publishCRLError",
+                                        publError);
                         }
                     }
                 }
 
                 if (mAuthority instanceof ICertificateAuthority) {
-                    // let known update and publish status of all crls. 
-                    Enumeration<ICRLIssuingPoint> otherCRLs = 
-                        ((ICertificateAuthority) mAuthority).getCRLIssuingPoints();
+                    // let known update and publish status of all crls.
+                    Enumeration<ICRLIssuingPoint> otherCRLs =
+                            ((ICertificateAuthority) mAuthority).getCRLIssuingPoints();
 
                     while (otherCRLs.hasMoreElements()) {
                         ICRLIssuingPoint crl = (ICRLIssuingPoint)
-                            otherCRLs.nextElement();
+                                otherCRLs.nextElement();
                         String crlId = crl.getId();
 
                         if (crlId.equals(ICertificateAuthority.PROP_MASTER_CRL))
@@ -857,31 +850,31 @@ public class DoRevoke extends CMSServlet {
                                         updateStatusStr));
                                 header.addStringValue(updateStatusStr, "no");
                                 String error =
-                                    revReq.getExtDataInString(updateErrorStr);
+                                        revReq.getExtDataInString(updateErrorStr);
 
-                                if (error != null) 
+                                if (error != null)
                                     header.addStringValue(updateErrorStr,
-                                        error);
+                                            error);
                             }
                             String publishStatusStr = crl.getCrlPublishStatusStr();
                             Integer publishResult =
-                                revReq.getExtDataInInteger(publishStatusStr);
+                                    revReq.getExtDataInInteger(publishStatusStr);
 
-                            if (publishResult == null) 
+                            if (publishResult == null)
                                 continue;
                             if (publishResult.equals(IRequest.RES_SUCCESS)) {
                                 header.addStringValue(publishStatusStr, "yes");
                             } else {
-                                String publishErrorStr = 
-                                    crl.getCrlPublishErrorStr();
+                                String publishErrorStr =
+                                        crl.getCrlPublishErrorStr();
 
                                 header.addStringValue(publishStatusStr, "no");
                                 String error =
-                                    revReq.getExtDataInString(publishErrorStr);
+                                        revReq.getExtDataInString(publishErrorStr);
 
-                                if (error != null) 
+                                if (error != null)
                                     header.addStringValue(
-                                        publishErrorStr, error);
+                                            publishErrorStr, error);
                             }
                         }
                     }
@@ -889,8 +882,8 @@ public class DoRevoke extends CMSServlet {
 
                 if (mPublisherProcessor != null && mPublisherProcessor.ldapEnabled()) {
                     header.addStringValue("dirEnabled", "yes");
-                    Integer[] ldapPublishStatus = 
-                        revReq.getExtDataInIntegerArray("ldapPublishStatus");
+                    Integer[] ldapPublishStatus =
+                            revReq.getExtDataInIntegerArray("ldapPublishStatus");
                     int certsToUpdate = 0;
                     int certsUpdated = 0;
 
@@ -905,13 +898,13 @@ public class DoRevoke extends CMSServlet {
                     header.addIntegerValue("certsUpdated", certsUpdated);
                     header.addIntegerValue("certsToUpdate", certsToUpdate);
 
-                    // add crl publishing status. 
+                    // add crl publishing status.
                     String publError =
-                        revReq.getExtDataInString(IRequest.CRL_PUBLISH_ERROR);
+                            revReq.getExtDataInString(IRequest.CRL_PUBLISH_ERROR);
 
                     if (publError != null) {
                         header.addStringValue("crlPublishError",
-                            publError);
+                                publError);
                     }
                 } else {
                     header.addStringValue("dirEnabled", "no");
@@ -946,16 +939,16 @@ public class DoRevoke extends CMSServlet {
                             X509CertImpl cert = (X509CertImpl) oldCerts[j];
 
                             mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER,
-                                AuditFormat.LEVEL,
-                                AuditFormat.DOREVOKEFORMAT,
-                                new Object[] {
-                                    revReq.getRequestId(), 
-                                    initiative,
-                                    stat.toString(),
-                                    cert.getSubjectDN(),
-                                    cert.getSerialNumber().toString(16),
-                                    RevocationReason.fromInt(reason).toString()}
-                            );
+                                    AuditFormat.LEVEL,
+                                    AuditFormat.DOREVOKEFORMAT,
+                                    new Object[] {
+                                            revReq.getRequestId(),
+                                            initiative,
+                                            stat.toString(),
+                                            cert.getSubjectDN(),
+                                            cert.getSerialNumber().toString(16),
+                                            RevocationReason.fromInt(reason).toString() }
+                                    );
                         }
                     }
                 }
@@ -965,9 +958,8 @@ public class DoRevoke extends CMSServlet {
             // if and only if "auditApprovalStatus" is
             // "complete", "revoked", or "canceled"
             if ((auditApprovalStatus.equals(RequestStatus.COMPLETE_STRING))
-                || (auditApprovalStatus.equals(RequestStatus.REJECTED_STRING))
-                || (auditApprovalStatus.equals(RequestStatus.CANCELED_STRING))
-            ) {
+                    || (auditApprovalStatus.equals(RequestStatus.REJECTED_STRING))
+                    || (auditApprovalStatus.equals(RequestStatus.CANCELED_STRING))) {
                 auditMessage = CMS.getLogMessage(
                             LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED,
                             auditSubjectID,
@@ -1001,10 +993,10 @@ public class DoRevoke extends CMSServlet {
                 // "complete", "revoked", or "canceled"
                 if ((auditApprovalStatus.equals(
                             RequestStatus.COMPLETE_STRING)) ||
-                    (auditApprovalStatus.equals(
-                            RequestStatus.REJECTED_STRING)) ||
-                    (auditApprovalStatus.equals(
-                            RequestStatus.CANCELED_STRING))) {
+                        (auditApprovalStatus.equals(
+                                RequestStatus.REJECTED_STRING)) ||
+                        (auditApprovalStatus.equals(
+                                RequestStatus.CANCELED_STRING))) {
                     auditMessage = CMS.getLogMessage(
                                 LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED,
                                 auditSubjectID,
@@ -1042,10 +1034,10 @@ public class DoRevoke extends CMSServlet {
                 // "complete", "revoked", or "canceled"
                 if ((auditApprovalStatus.equals(
                             RequestStatus.COMPLETE_STRING)) ||
-                    (auditApprovalStatus.equals(
-                            RequestStatus.REJECTED_STRING)) ||
-                    (auditApprovalStatus.equals(
-                            RequestStatus.CANCELED_STRING))) {
+                        (auditApprovalStatus.equals(
+                                RequestStatus.REJECTED_STRING)) ||
+                        (auditApprovalStatus.equals(
+                                RequestStatus.CANCELED_STRING))) {
                     auditMessage = CMS.getLogMessage(
                                 LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED,
                                 auditSubjectID,
@@ -1062,8 +1054,8 @@ public class DoRevoke extends CMSServlet {
 
             throw e;
         } catch (IOException e) {
-            log(ILogger.LL_FAILURE, 
-                CMS.getLogMessage("CMSGW_ERROR_MARKING_CERT_REVOKED_1", e.toString()));
+            log(ILogger.LL_FAILURE,
+                    CMS.getLogMessage("CMSGW_ERROR_MARKING_CERT_REVOKED_1", e.toString()));
 
             if (auditRequest) {
                 // store a "CERT_STATUS_CHANGE_REQUEST" failure
@@ -1084,10 +1076,10 @@ public class DoRevoke extends CMSServlet {
                 // "complete", "revoked", or "canceled"
                 if ((auditApprovalStatus.equals(
                             RequestStatus.COMPLETE_STRING)) ||
-                    (auditApprovalStatus.equals(
-                            RequestStatus.REJECTED_STRING)) ||
-                    (auditApprovalStatus.equals(
-                            RequestStatus.CANCELED_STRING))) {
+                        (auditApprovalStatus.equals(
+                                RequestStatus.REJECTED_STRING)) ||
+                        (auditApprovalStatus.equals(
+                                RequestStatus.CANCELED_STRING))) {
                     auditMessage = CMS.getLogMessage(
                                 LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED,
                                 auditSubjectID,
@@ -1110,11 +1102,11 @@ public class DoRevoke extends CMSServlet {
 
     /**
      * Signed Audit Log Requester ID
-     *
-     * This method is called to obtain the "RequesterID" for
-     * a signed audit log message.
+     * 
+     * This method is called to obtain the "RequesterID" for a signed audit log
+     * message.
      * <P>
-     *
+     * 
      * @param req HTTP request
      * @return id string containing the signed audit log message RequesterID
      */
@@ -1140,11 +1132,11 @@ public class DoRevoke extends CMSServlet {
 
     /**
      * Signed Audit Log Serial Number
-     *
+     * 
      * This method is called to obtain the serial number of the certificate
      * whose status is to be changed for a signed audit log message.
      * <P>
-     *
+     * 
      * @param eeSerialNumber a string containing the un-normalized serialNumber
      * @return id string containing the signed audit log message RequesterID
      */
@@ -1163,30 +1155,30 @@ public class DoRevoke extends CMSServlet {
             // find out if the value is hex or decimal
 
             int value = -1;
-           
-            //try int 
-            try { 
-                value = Integer.parseInt(serialNumber,10);
+
+            // try int
+            try {
+                value = Integer.parseInt(serialNumber, 10);
             } catch (NumberFormatException e) {
             }
- 
-            //try hex
-            if( value == -1) {
+
+            // try hex
+            if (value == -1) {
                 try {
-                    value = Integer.parseInt(serialNumber,16);
+                    value = Integer.parseInt(serialNumber, 16);
 
                 } catch (NumberFormatException e) {
                 }
             }
             // give up if it isn't hex or dec
-            if ( value == -1)   {
+            if (value == -1) {
                 throw new NumberFormatException();
             }
 
             // convert it to hexadecimal
             serialNumber = "0x"
                     + Integer.toHexString(
-                        value);
+                            value);
         } else {
             serialNumber = ILogger.SIGNED_AUDIT_EMPTY_VALUE;
         }
@@ -1196,11 +1188,11 @@ public class DoRevoke extends CMSServlet {
 
     /**
      * Signed Audit Log Request Type
-     *
-     * This method is called to obtain the "Request Type" for
-     * a signed audit log message.
+     * 
+     * This method is called to obtain the "Request Type" for a signed audit log
+     * message.
      * <P>
-     *
+     * 
      * @param reason an integer denoting the revocation reason
      * @return string containing REVOKE or ON_HOLD
      */
@@ -1222,4 +1214,3 @@ public class DoRevoke extends CMSServlet {
         return requestType;
     }
 }
-
diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/DoRevokeTPS.java b/pki/base/common/src/com/netscape/cms/servlet/cert/DoRevokeTPS.java
index 12093661..e7b83b0c 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/cert/DoRevokeTPS.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/cert/DoRevokeTPS.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.servlet.cert;
 
-
 import java.io.IOException;
 import java.io.OutputStream;
 import java.util.Date;
@@ -63,10 +62,9 @@ import com.netscape.cms.servlet.common.CMSTemplate;
 import com.netscape.cms.servlet.common.CMSTemplateParams;
 import com.netscape.cms.servlet.common.ECMSGWException;
 
-
 /**
  * Revoke a Certificate
- *
+ * 
  * @version $Revision$, $Date$
  */
 public class DoRevokeTPS extends CMSServlet {
@@ -89,20 +87,19 @@ public class DoRevokeTPS extends CMSServlet {
     private final static String REVOKE = "revoke";
     private final static String ON_HOLD = "on-hold";
     private final static int ON_HOLD_REASON = 6;
-    private final static String
-        LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST =
-        "LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_5";
-    private final static String
-        LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED =
-        "LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED_7";
+    private final static String LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST =
+            "LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_5";
+    private final static String LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED =
+            "LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED_7";
 
     public DoRevokeTPS() {
         super();
     }
 
     /**
-     * initialize the servlet. This servlet uses the template
-	 * file "revocationResult.template" to render the result
+     * initialize the servlet. This servlet uses the template file
+     * "revocationResult.template" to render the result
+     * 
      * @param sc servlet configuration, read from the web.xml file
      */
     public void init(ServletConfig sc) throws ServletException {
@@ -131,16 +128,20 @@ public class DoRevokeTPS extends CMSServlet {
     }
 
     /**
-     * Serves HTTP request. The http parameters used by this request are as follows:
+     * Serves HTTP request. The http parameters used by this request are as
+     * follows:
+     * 
      * <pre>
      * serialNumber Serial number of certificate to revoke (in HEX)
      * revocationReason Revocation reason (Described below)
      * totalRecordCount [number]
      * verifiedRecordCount [number]
      * invalidityDate [number of seconds in Jan 1,1970]
-     *
+     * 
      * </pre>
+     * 
      * revocationReason can be one of these values:
+     * 
      * <pre>
      * 0 = Unspecified   (default)
      * 1 = Key compromised
@@ -174,7 +175,7 @@ public class DoRevokeTPS extends CMSServlet {
             log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString()));
             throw new ECMSGWException(CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE"));
         } catch (Exception e) {
-        CMS.debug("DoRevokeTPS getTemplate failed");
+            CMS.debug("DoRevokeTPS getTemplate failed");
             throw new EBaseException(CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE"));
         }
 
@@ -203,7 +204,7 @@ public class DoRevokeTPS extends CMSServlet {
             revokeAll = req.getParameter("revokeAll");
             String comments = req.getParameter(IRequest.REQUESTOR_COMMENTS);
 
-            //for audit log.
+            // for audit log.
             String initiative = null;
 
             String authMgr = AuditFormat.NOAUTH;
@@ -215,17 +216,17 @@ public class DoRevokeTPS extends CMSServlet {
                             mAuthzResourceName, "revoke");
             } catch (EAuthzAccessDenied e) {
                 log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+                        CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
             } catch (Exception e) {
                 log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+                        CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
             }
 
             if (authzToken == null) {
                 cmsReq.setStatus(CMSRequest.UNAUTHORIZED);
                 return;
             }
-            
+
             if (mAuthMgr != null && mAuthMgr.equals(IAuthSubsystem.CERTUSERDB_AUTHMGR_ID)) {
                 if (authToken != null) {
                     authMgr = authToken.getInString(AuthToken.TOKEN_AUTHMGR_INST_NAME);
@@ -242,11 +243,11 @@ public class DoRevokeTPS extends CMSServlet {
 
             if (authorized) {
                 process(argSet, header, reason, invalidityDate, initiative, req,
-                  resp, revokeAll, totalRecordCount, comments, locale[0]);
+                        resp, revokeAll, totalRecordCount, comments, locale[0]);
             }
         } catch (NumberFormatException e) {
-            log(ILogger.LL_FAILURE, 
-                CMS.getLogMessage("BASE_INVALID_NUMBER_FORMAT"));
+            log(ILogger.LL_FAILURE,
+                    CMS.getLogMessage("BASE_INVALID_NUMBER_FORMAT"));
             error = new EBaseException(CMS.getLogMessage("BASE_INVALID_NUMBER_FORMAT"));
         } catch (EBaseException e) {
             error = e;
@@ -260,10 +261,10 @@ public class DoRevokeTPS extends CMSServlet {
                 errorString = "error=unauthorized";
             } else if (error != null) {
                 o_status = "status=3";
-                errorString = "error="+error.toString();
+                errorString = "error=" + error.toString();
             }
 
-            String pp = o_status+"\n"+errorString;
+            String pp = o_status + "\n" + errorString;
             byte[] b = pp.getBytes();
             resp.setContentType("text/html");
             resp.setContentLength(b.length);
@@ -271,8 +272,8 @@ public class DoRevokeTPS extends CMSServlet {
             os.write(b);
             os.flush();
         } catch (IOException e) {
-            log(ILogger.LL_FAILURE, 
-                CMS.getLogMessage("CMSGW_ERR_OUT_STREAM_TEMPLATE", e.toString()));
+            log(ILogger.LL_FAILURE,
+                    CMS.getLogMessage("CMSGW_ERR_OUT_STREAM_TEMPLATE", e.toString()));
             throw new ECMSGWException(CMS.getLogMessage("CMSGW_ERROR_DISPLAY_TEMPLATE"));
         }
     }
@@ -280,50 +281,51 @@ public class DoRevokeTPS extends CMSServlet {
     /**
      * Process cert status change request
      * <P>
-     *
-     * (Certificate Request - either an "agent" cert status change request,
-     *  or an "EE" cert status change request)
+     * 
+     * (Certificate Request - either an "agent" cert status change request, or
+     * an "EE" cert status change request)
      * <P>
-     *
-     * (Certificate Request Processed -  either an "agent" cert status change
-     *  request, or an "EE" cert status change request)
+     * 
+     * (Certificate Request Processed - either an "agent" cert status change
+     * request, or an "EE" cert status change request)
      * <P>
-     *
+     * 
      * <ul>
-     * <li>signed.audit LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST used when
-     * a cert status change request (e. g. - "revocation") is made (before
+     * <li>signed.audit LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST used
+     * when a cert status change request (e. g. - "revocation") is made (before
      * approval process)
-     * <li>signed.audit LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED
-     * used when a certificate status is changed (revoked, expired, on-hold,
-     * off-hold)
+     * <li>signed.audit
+     * LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED used when a
+     * certificate status is changed (revoked, expired, on-hold, off-hold)
      * </ul>
+     * 
      * @param argSet CMS template parameters
      * @param header argument block
-     * @param reason revocation reason (0 - Unspecified, 1 - Key compromised,
-     * 2 - CA key compromised; should not be used, 3 - Affiliation changed,
-     * 4 - Certificate superceded, 5 - Cessation of operation, or
-     * 6 - Certificate is on hold)
+     * @param reason revocation reason (0 - Unspecified, 1 - Key compromised, 2
+     *            - CA key compromised; should not be used, 3 - Affiliation
+     *            changed, 4 - Certificate superceded, 5 - Cessation of
+     *            operation, or 6 - Certificate is on hold)
      * @param invalidityDate certificate validity date
      * @param initiative string containing the audit format
      * @param req HTTP servlet request
      * @param resp HTTP servlet response
-     * @param revokeAll string containing information on all of the
-     * certificates to be revoked
+     * @param revokeAll string containing information on all of the certificates
+     *            to be revoked
      * @param totalRecordCount total number of records (verified and unverified)
      * @param comments string containing certificate comments
      * @param locale the system locale
      * @exception EBaseException an error has occurred
      */
     private void process(CMSTemplateParams argSet, IArgBlock header,
-        int reason, Date invalidityDate,
-        String initiative,
-        HttpServletRequest req,
-        HttpServletResponse resp,
-        String revokeAll,
-        int totalRecordCount,
-        String comments,
-        Locale locale) 
-        throws EBaseException {
+            int reason, Date invalidityDate,
+            String initiative,
+            HttpServletRequest req,
+            HttpServletResponse resp,
+            String revokeAll,
+            int totalRecordCount,
+            String comments,
+            Locale locale)
+            throws EBaseException {
         boolean auditRequest = true;
         String auditMessage = null;
         String auditSubjectID = auditSubjectID();
@@ -333,21 +335,20 @@ public class DoRevokeTPS extends CMSServlet {
         String auditApprovalStatus = ILogger.SIGNED_AUDIT_EMPTY_VALUE;
         String auditReasonNum = String.valueOf(reason);
 
-
         if (revokeAll != null) {
-           CMS.debug("DoRevokeTPS.process revokeAll" + revokeAll);
+            CMS.debug("DoRevokeTPS.process revokeAll" + revokeAll);
 
-           String serial = "";
+            String serial = "";
             String[] tokens;
             tokens = revokeAll.split("=");
 
             if (tokens.length == 2) {
                 serial = tokens[1];
-                //remove the trailing paren
+                // remove the trailing paren
                 if (serial.endsWith(")")) {
-                    serial = serial.substring(0,serial.length() -1);
+                    serial = serial.substring(0, serial.length() - 1);
                 }
-                auditSerialNumber = serial;    
+                auditSerialNumber = serial;
             }
         }
 
@@ -393,7 +394,7 @@ public class DoRevokeTPS extends CMSServlet {
                 }
                 X509CertImpl xcert = rec.getCertificate();
                 IArgBlock rarg = CMS.createArgBlock();
-					
+
                 // we do not want to revoke the CA certificate accidentially
                 if (xcert != null && isSystemCertificate(xcert.getSerialNumber())) {
                     CMS.debug("DoRevokeTPS: skipped revocation request for system certificate " + xcert.getSerialNumber());
@@ -403,20 +404,20 @@ public class DoRevokeTPS extends CMSServlet {
 
                 if (xcert != null) {
                     rarg.addStringValue("serialNumber",
-                        xcert.getSerialNumber().toString(16));
+                            xcert.getSerialNumber().toString(16));
 
                     if (rec.getStatus().equals(ICertRecord.STATUS_REVOKED)) {
                         alreadyRevokedCertFound = true;
-                        CMS.debug("Certificate 0x"+xcert.getSerialNumber().toString(16) + " has been revoked.");
+                        CMS.debug("Certificate 0x" + xcert.getSerialNumber().toString(16) + " has been revoked.");
                     } else {
                         oldCertsV.addElement(xcert);
 
                         RevokedCertImpl revCertImpl =
-                            new RevokedCertImpl(xcert.getSerialNumber(),
-                                CMS.getCurrentDate(), entryExtn);
+                                new RevokedCertImpl(xcert.getSerialNumber(),
+                                        CMS.getCurrentDate(), entryExtn);
 
                         revCertImplsV.addElement(revCertImpl);
-                        CMS.debug("Certificate 0x"+xcert.getSerialNumber().toString(16)+" is going to be revoked.");
+                        CMS.debug("Certificate 0x" + xcert.getSerialNumber().toString(16) + " is going to be revoked.");
                         count++;
                     }
                 } else {
@@ -424,27 +425,27 @@ public class DoRevokeTPS extends CMSServlet {
                 }
             }
 
-            if (count == 0) { 
+            if (count == 0) {
                 // Situation where no certs were reoked here, but some certs
                 // requested happened to be already revoked. Don't return error.
                 if (alreadyRevokedCertFound == true && badCertsRequested == false) {
-                     CMS.debug("Only have previously revoked certs in the list.");
-                     // store a message in the signed audit log file
-                     auditMessage = CMS.getLogMessage(
-                        LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST,
-                        auditSubjectID,
-                        ILogger.SUCCESS,
-                        auditRequesterID,
-                        auditSerialNumber,
-                        auditRequestType);
+                    CMS.debug("Only have previously revoked certs in the list.");
+                    // store a message in the signed audit log file
+                    auditMessage = CMS.getLogMessage(
+                            LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST,
+                            auditSubjectID,
+                            ILogger.SUCCESS,
+                            auditRequesterID,
+                            auditSerialNumber,
+                            auditRequestType);
 
-                     audit(auditMessage);
-                     return; 
+                    audit(auditMessage);
+                    return;
                 }
- 
+
                 errorString = "error=No certificates are revoked.";
                 o_status = "status=2";
-                log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_REV_CERTS_ZERO")); 
+                log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_REV_CERTS_ZERO"));
 
                 // store a message in the signed audit log file
                 auditMessage = CMS.getLogMessage(
@@ -469,7 +470,7 @@ public class DoRevokeTPS extends CMSServlet {
             }
 
             IRequest revReq =
-                mQueue.newRequest(IRequest.REVOCATION_REQUEST);
+                    mQueue.newRequest(IRequest.REVOCATION_REQUEST);
 
             // store a message in the signed audit log file
             auditMessage = CMS.getLogMessage(
@@ -484,7 +485,7 @@ public class DoRevokeTPS extends CMSServlet {
 
             revReq.setExtData(IRequest.CERT_INFO, revCertImpls);
             revReq.setExtData(IRequest.REQ_TYPE, IRequest.REVOCATION_REQUEST);
-            if(initiative.equals(AuditFormat.FROMUSER)) {
+            if (initiative.equals(AuditFormat.FROMUSER)) {
                 revReq.setExtData(IRequest.REQUESTOR_TYPE, IRequest.REQUESTOR_EE);
             } else {
                 revReq.setExtData(IRequest.REQUESTOR_TYPE, IRequest.REQUESTOR_AGENT);
@@ -513,37 +514,37 @@ public class DoRevokeTPS extends CMSServlet {
             // that is meant for the Master CA. From Clone's point of view
             // the request is complete
             if ((stat == RequestStatus.COMPLETE) || ((type.equals(IRequest.CLA_CERT4CRL_REQUEST)) && (stat == RequestStatus.SVC_PENDING))) {
-                // audit log the error 
+                // audit log the error
                 Integer result = revReq.getExtDataInInteger(IRequest.RESULT);
 
                 if (result.equals(IRequest.RES_ERROR)) {
                     String[] svcErrors =
-                        revReq.getExtDataInStringArray(IRequest.SVCERRORS);
+                            revReq.getExtDataInStringArray(IRequest.SVCERRORS);
 
                     if (svcErrors != null && svcErrors.length > 0) {
                         for (int i = 0; i < svcErrors.length; i++) {
                             String err = svcErrors[i];
 
                             if (err != null) {
-                                //cmsReq.setErrorDescription(err);
+                                // cmsReq.setErrorDescription(err);
                                 for (int j = 0; j < count; j++) {
                                     if (oldCerts[j] instanceof X509CertImpl) {
                                         X509CertImpl cert = (X509CertImpl) oldCerts[j];
 
                                         if (oldCerts[j] != null) {
                                             mLogger.log(ILogger.EV_AUDIT,
-                                                ILogger.S_OTHER,
-                                                AuditFormat.LEVEL,
-                                                AuditFormat.DOREVOKEFORMAT,
-                                                new Object[] {
-                                                    revReq.getRequestId(), 
-                                                    initiative,
-                                                    "completed with error: " +
-                                                    err,
-                                                    cert.getSubjectDN(),
-                                                    cert.getSerialNumber().toString(16),
-                                                    RevocationReason.fromInt(reason).toString()}
-                                            );
+                                                    ILogger.S_OTHER,
+                                                    AuditFormat.LEVEL,
+                                                    AuditFormat.DOREVOKEFORMAT,
+                                                    new Object[] {
+                                                            revReq.getRequestId(),
+                                                            initiative,
+                                                            "completed with error: " +
+                                                                    err,
+                                                            cert.getSubjectDN(),
+                                                            cert.getSerialNumber().toString(16),
+                                                            RevocationReason.fromInt(reason).toString() }
+                                                    );
                                         }
                                     }
                                 }
@@ -556,10 +557,10 @@ public class DoRevokeTPS extends CMSServlet {
                     // "complete", "revoked", or "canceled"
                     if ((auditApprovalStatus.equals(
                                 RequestStatus.COMPLETE_STRING)) ||
-                        (auditApprovalStatus.equals(
-                                RequestStatus.REJECTED_STRING)) ||
-                        (auditApprovalStatus.equals(
-                                RequestStatus.CANCELED_STRING))) {
+                            (auditApprovalStatus.equals(
+                                    RequestStatus.REJECTED_STRING)) ||
+                            (auditApprovalStatus.equals(
+                                    RequestStatus.CANCELED_STRING))) {
                         auditMessage = CMS.getLogMessage(
                                     LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED,
                                     auditSubjectID,
@@ -573,7 +574,7 @@ public class DoRevokeTPS extends CMSServlet {
                         audit(auditMessage);
                     }
 
-                    return; 
+                    return;
                 }
 
                 long endTime = CMS.getCurrentDate().getTime();
@@ -585,24 +586,24 @@ public class DoRevokeTPS extends CMSServlet {
                             X509CertImpl cert = (X509CertImpl) oldCerts[j];
 
                             mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER,
-                                AuditFormat.LEVEL,
-                                AuditFormat.DOREVOKEFORMAT,
-                                new Object[] {
-                                    revReq.getRequestId(), 
-                                    initiative,
-                                    "completed",
-                                    cert.getSubjectDN(),
-                                    cert.getSerialNumber().toString(16),
-                                    RevocationReason.fromInt(reason).toString() + " time: " + (endTime - startTime)}
-                            );
+                                    AuditFormat.LEVEL,
+                                    AuditFormat.DOREVOKEFORMAT,
+                                    new Object[] {
+                                            revReq.getRequestId(),
+                                            initiative,
+                                            "completed",
+                                            cert.getSubjectDN(),
+                                            cert.getSerialNumber().toString(16),
+                                            RevocationReason.fromInt(reason).toString() + " time: " + (endTime - startTime) }
+                                    );
                         }
                     }
                 }
 
                 header.addStringValue("revoked", "yes");
 
-                Integer updateCRLResult = 
-                    revReq.getExtDataInInteger(IRequest.CRL_UPDATE_STATUS);
+                Integer updateCRLResult =
+                        revReq.getExtDataInInteger(IRequest.CRL_UPDATE_STATUS);
 
                 if (updateCRLResult != null) {
                     if (!updateCRLResult.equals(IRequest.RES_SUCCESS)) {
@@ -615,29 +616,29 @@ public class DoRevokeTPS extends CMSServlet {
                     }
                     // let known crl publishing status too.
                     Integer publishCRLResult =
-                        revReq.getExtDataInInteger(IRequest.CRL_PUBLISH_STATUS);
+                            revReq.getExtDataInInteger(IRequest.CRL_PUBLISH_STATUS);
 
                     if (publishCRLResult != null) {
                         if (!publishCRLResult.equals(IRequest.RES_SUCCESS)) {
                             String publError =
-                                revReq.getExtDataInString(IRequest.CRL_PUBLISH_ERROR);
+                                    revReq.getExtDataInString(IRequest.CRL_PUBLISH_ERROR);
 
                             o_status = "status=3";
                             if (publError != null) {
-                                errorString = "error="+publError;
+                                errorString = "error=" + publError;
                             }
                         }
                     }
                 }
 
                 if (mAuthority instanceof ICertificateAuthority) {
-                    // let known update and publish status of all crls. 
-                    Enumeration<ICRLIssuingPoint> otherCRLs = 
-                        ((ICertificateAuthority) mAuthority).getCRLIssuingPoints();
+                    // let known update and publish status of all crls.
+                    Enumeration<ICRLIssuingPoint> otherCRLs =
+                            ((ICertificateAuthority) mAuthority).getCRLIssuingPoints();
 
                     while (otherCRLs.hasMoreElements()) {
                         ICRLIssuingPoint crl = (ICRLIssuingPoint)
-                            otherCRLs.nextElement();
+                                otherCRLs.nextElement();
                         String crlId = crl.getId();
 
                         if (crlId.equals(ICertificateAuthority.PROP_MASTER_CRL))
@@ -652,25 +653,25 @@ public class DoRevokeTPS extends CMSServlet {
                                 CMS.debug("DoRevoke: " + CMS.getLogMessage("ADMIN_SRVLT_ADDING_HEADER_NO",
                                         updateStatusStr));
                                 String error =
-                                    revReq.getExtDataInString(updateErrorStr);
+                                        revReq.getExtDataInString(updateErrorStr);
 
                                 o_status = "status=3";
-                                if (error != null) { 
-                                    errorString = "error="+error;
+                                if (error != null) {
+                                    errorString = "error=" + error;
                                 }
                             }
                             String publishStatusStr = crl.getCrlPublishStatusStr();
                             Integer publishResult =
-                                revReq.getExtDataInInteger(publishStatusStr);
+                                    revReq.getExtDataInInteger(publishStatusStr);
 
-                            if (publishResult == null) 
+                            if (publishResult == null)
                                 continue;
                             if (!publishResult.equals(IRequest.RES_SUCCESS)) {
-                                String publishErrorStr = 
-                                    crl.getCrlPublishErrorStr();
+                                String publishErrorStr =
+                                        crl.getCrlPublishErrorStr();
 
                                 String error =
-                                    revReq.getExtDataInString(publishErrorStr);
+                                        revReq.getExtDataInString(publishErrorStr);
 
                                 o_status = "status=3";
                                 if (error != null) {
@@ -683,8 +684,8 @@ public class DoRevokeTPS extends CMSServlet {
 
                 if (mPublisherProcessor != null && mPublisherProcessor.ldapEnabled()) {
                     header.addStringValue("dirEnabled", "yes");
-                    Integer[] ldapPublishStatus = 
-                        revReq.getExtDataInIntegerArray("ldapPublishStatus");
+                    Integer[] ldapPublishStatus =
+                            revReq.getExtDataInIntegerArray("ldapPublishStatus");
                     int certsToUpdate = 0;
                     int certsUpdated = 0;
 
@@ -697,12 +698,12 @@ public class DoRevokeTPS extends CMSServlet {
                         }
                     }
 
-                    // add crl publishing status. 
+                    // add crl publishing status.
                     String publError =
-                        revReq.getExtDataInString(IRequest.CRL_PUBLISH_ERROR);
+                            revReq.getExtDataInString(IRequest.CRL_PUBLISH_ERROR);
 
                     if (publError != null) {
-                        errorString = "error="+publError;
+                        errorString = "error=" + publError;
                         o_status = "status=3";
                     }
                 } else if (mPublisherProcessor == null && mPublisherProcessor.ldapEnabled()) {
@@ -712,7 +713,7 @@ public class DoRevokeTPS extends CMSServlet {
             } else {
                 if (stat == RequestStatus.PENDING || stat == RequestStatus.REJECTED) {
                     o_status = "status=2";
-                    errorString = "error="+stat.toString();
+                    errorString = "error=" + stat.toString();
                 } else {
                     o_status = "status=2";
                     errorString = "error=Undefined request status";
@@ -743,16 +744,16 @@ public class DoRevokeTPS extends CMSServlet {
                             X509CertImpl cert = (X509CertImpl) oldCerts[j];
 
                             mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER,
-                                AuditFormat.LEVEL,
-                                AuditFormat.DOREVOKEFORMAT,
-                                new Object[] {
-                                    revReq.getRequestId(), 
-                                    initiative,
-                                    stat.toString(),
-                                    cert.getSubjectDN(),
-                                    cert.getSerialNumber().toString(16),
-                                    RevocationReason.fromInt(reason).toString()}
-                            );
+                                    AuditFormat.LEVEL,
+                                    AuditFormat.DOREVOKEFORMAT,
+                                    new Object[] {
+                                            revReq.getRequestId(),
+                                            initiative,
+                                            stat.toString(),
+                                            cert.getSubjectDN(),
+                                            cert.getSerialNumber().toString(16),
+                                            RevocationReason.fromInt(reason).toString() }
+                                    );
                         }
                     }
                 }
@@ -762,9 +763,8 @@ public class DoRevokeTPS extends CMSServlet {
             // if and only if "auditApprovalStatus" is
             // "complete", "revoked", or "canceled"
             if ((auditApprovalStatus.equals(RequestStatus.COMPLETE_STRING))
-                || (auditApprovalStatus.equals(RequestStatus.REJECTED_STRING))
-                || (auditApprovalStatus.equals(RequestStatus.CANCELED_STRING))
-            ) {
+                    || (auditApprovalStatus.equals(RequestStatus.REJECTED_STRING))
+                    || (auditApprovalStatus.equals(RequestStatus.CANCELED_STRING))) {
                 auditMessage = CMS.getLogMessage(
                             LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED,
                             auditSubjectID,
@@ -799,10 +799,10 @@ public class DoRevokeTPS extends CMSServlet {
                 // "complete", "revoked", or "canceled"
                 if ((auditApprovalStatus.equals(
                             RequestStatus.COMPLETE_STRING)) ||
-                    (auditApprovalStatus.equals(
-                            RequestStatus.REJECTED_STRING)) ||
-                    (auditApprovalStatus.equals(
-                            RequestStatus.CANCELED_STRING))) {
+                        (auditApprovalStatus.equals(
+                                RequestStatus.REJECTED_STRING)) ||
+                        (auditApprovalStatus.equals(
+                                RequestStatus.CANCELED_STRING))) {
                     auditMessage = CMS.getLogMessage(
                                 LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED,
                                 auditSubjectID,
@@ -819,8 +819,8 @@ public class DoRevokeTPS extends CMSServlet {
 
             throw e;
         } catch (IOException e) {
-            log(ILogger.LL_FAILURE, 
-                CMS.getLogMessage("CMSGW_ERROR_MARKING_CERT_REVOKED_1", e.toString()));
+            log(ILogger.LL_FAILURE,
+                    CMS.getLogMessage("CMSGW_ERROR_MARKING_CERT_REVOKED_1", e.toString()));
 
             if (auditRequest) {
                 // store a "CERT_STATUS_CHANGE_REQUEST" failure
@@ -841,10 +841,10 @@ public class DoRevokeTPS extends CMSServlet {
                 // "complete", "revoked", or "canceled"
                 if ((auditApprovalStatus.equals(
                             RequestStatus.COMPLETE_STRING)) ||
-                    (auditApprovalStatus.equals(
-                            RequestStatus.REJECTED_STRING)) ||
-                    (auditApprovalStatus.equals(
-                            RequestStatus.CANCELED_STRING))) {
+                        (auditApprovalStatus.equals(
+                                RequestStatus.REJECTED_STRING)) ||
+                        (auditApprovalStatus.equals(
+                                RequestStatus.CANCELED_STRING))) {
                     auditMessage = CMS.getLogMessage(
                                 LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED,
                                 auditSubjectID,
@@ -867,11 +867,11 @@ public class DoRevokeTPS extends CMSServlet {
 
     /**
      * Signed Audit Log Requester ID
-     *
-     * This method is called to obtain the "RequesterID" for
-     * a signed audit log message.
+     * 
+     * This method is called to obtain the "RequesterID" for a signed audit log
+     * message.
      * <P>
-     *
+     * 
      * @param req HTTP request
      * @return id string containing the signed audit log message RequesterID
      */
@@ -897,11 +897,11 @@ public class DoRevokeTPS extends CMSServlet {
 
     /**
      * Signed Audit Log Serial Number
-     *
+     * 
      * This method is called to obtain the serial number of the certificate
      * whose status is to be changed for a signed audit log message.
      * <P>
-     *
+     * 
      * @param eeSerialNumber a string containing the un-normalized serialNumber
      * @return id string containing the signed audit log message RequesterID
      */
@@ -920,7 +920,7 @@ public class DoRevokeTPS extends CMSServlet {
             // convert it to hexadecimal
             serialNumber = "0x"
                     + Integer.toHexString(
-                        Integer.valueOf(serialNumber).intValue());
+                            Integer.valueOf(serialNumber).intValue());
         } else {
             serialNumber = ILogger.SIGNED_AUDIT_EMPTY_VALUE;
         }
@@ -930,11 +930,11 @@ public class DoRevokeTPS extends CMSServlet {
 
     /**
      * Signed Audit Log Request Type
-     *
-     * This method is called to obtain the "Request Type" for
-     * a signed audit log message.
+     * 
+     * This method is called to obtain the "Request Type" for a signed audit log
+     * message.
      * <P>
-     *
+     * 
      * @param reason an integer denoting the revocation reason
      * @return string containing REVOKE or ON_HOLD
      */
@@ -956,4 +956,3 @@ public class DoRevokeTPS extends CMSServlet {
         return requestType;
     }
 }
-
diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/DoUnrevoke.java b/pki/base/common/src/com/netscape/cms/servlet/cert/DoUnrevoke.java
index e1791045..0b7c6f85 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/cert/DoUnrevoke.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/cert/DoUnrevoke.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.servlet.cert;
 
-
 import java.io.IOException;
 import java.math.BigInteger;
 import java.util.Enumeration;
@@ -56,11 +55,10 @@ import com.netscape.cms.servlet.common.CMSTemplate;
 import com.netscape.cms.servlet.common.CMSTemplateParams;
 import com.netscape.cms.servlet.common.ECMSGWException;
 
-
 /**
- * 'Unrevoke' a certificate. (For certificates that are on-hold only,
- * take them off-hold)
- *
+ * 'Unrevoke' a certificate. (For certificates that are on-hold only, take them
+ * off-hold)
+ * 
  * @version $Revision$, $Date$
  */
 public class DoUnrevoke extends CMSServlet {
@@ -80,19 +78,18 @@ public class DoUnrevoke extends CMSServlet {
 
     private final static String OFF_HOLD = "off-hold";
     private final static int OFF_HOLD_REASON = 6;
-    private final static String
-        LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST =
-        "LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_5";
-    private final static String
-        LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED =
-        "LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED_7";
-    
+    private final static String LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST =
+            "LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_5";
+    private final static String LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED =
+            "LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED_7";
+
     public DoUnrevoke() {
         super();
     }
 
     /**
      * initialize the servlet.
+     * 
      * @param sc servlet configuration, read from the web.xml file
      */
     public void init(ServletConfig sc) throws ServletException {
@@ -112,14 +109,14 @@ public class DoUnrevoke extends CMSServlet {
     }
 
     /**
-     * Process the HTTP request. 
+     * Process the HTTP request.
      * <ul>
-     * <li>http.param serialNumber Decimal serial number of certificate to unrevoke. The
-	 *   certificate must be revoked with a revovcation reason 'on hold' for this
-	 *   operation to succeed. The serial number may be expressed as a hex number by
-	 *   prefixing '0x' to the serialNumber string
+     * <li>http.param serialNumber Decimal serial number of certificate to
+     * unrevoke. The certificate must be revoked with a revovcation reason 'on
+     * hold' for this operation to succeed. The serial number may be expressed
+     * as a hex number by prefixing '0x' to the serialNumber string
      * </ul>
-     *
+     * 
      * @param cmsReq the object holding the request and response information
      */
     public void process(CMSRequest cmsReq) throws EBaseException {
@@ -136,10 +133,10 @@ public class DoUnrevoke extends CMSServlet {
         try {
             form = getTemplate(mFormPath, req, locale);
         } catch (IOException e) {
-            log(ILogger.LL_FAILURE, 
-                CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", e.toString()));
+            log(ILogger.LL_FAILURE,
+                    CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", e.toString()));
             throw new ECMSGWException(
-              CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
+                    CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
         }
 
         IArgBlock header = CMS.createArgBlock();
@@ -149,20 +146,20 @@ public class DoUnrevoke extends CMSServlet {
         try {
             serialNumber = getSerialNumbers(req);
 
-            //for audit log.
+            // for audit log.
             IAuthToken authToken = authenticate(cmsReq);
             String authMgr = AuditFormat.NOAUTH;
-        
+
             if (authToken != null) {
                 authMgr =
                         authToken.getInString(AuthToken.TOKEN_AUTHMGR_INST_NAME);
-            } else {    
-                CMS.debug( "DoUnrevoke::process() -  authToken is null!" );
+            } else {
+                CMS.debug("DoUnrevoke::process() -  authToken is null!");
                 return;
             }
             String agentID = authToken.getInString("userid");
             String initiative = AuditFormat.FROMAGENT + " agentID: " + agentID
-                + " authenticated by " + authMgr;
+                    + " authenticated by " + authMgr;
 
             AuthzToken authzToken = null;
 
@@ -171,10 +168,10 @@ public class DoUnrevoke extends CMSServlet {
                             mAuthzResourceName, "unrevoke");
             } catch (EAuthzAccessDenied e) {
                 log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+                        CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
             } catch (Exception e) {
                 log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+                        CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
             }
 
             if (authzToken == null) {
@@ -186,7 +183,7 @@ public class DoUnrevoke extends CMSServlet {
 
         } catch (NumberFormatException e) {
             log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_INVALID_SERIAL_NUM_FORMAT"));
-            error = new EBaseException(CMS.getUserMessage(getLocale(req),"CMS_BASE_INVALID_NUMBER_FORMAT"));
+            error = new EBaseException(CMS.getUserMessage(getLocale(req), "CMS_BASE_INVALID_NUMBER_FORMAT"));
         } catch (EBaseException e) {
             error = e;
         }
@@ -197,44 +194,45 @@ public class DoUnrevoke extends CMSServlet {
             if (error == null) {
                 String xmlOutput = req.getParameter("xml");
                 if (xmlOutput != null && xmlOutput.equals("true")) {
-                  outputXML(resp, argSet);
+                    outputXML(resp, argSet);
                 } else {
-                  resp.setContentType("text/html");
-                  form.renderOutput(out, argSet);
-                  cmsReq.setStatus(CMSRequest.SUCCESS);
+                    resp.setContentType("text/html");
+                    form.renderOutput(out, argSet);
+                    cmsReq.setStatus(CMSRequest.SUCCESS);
                 }
             } else {
                 cmsReq.setStatus(CMSRequest.ERROR);
                 cmsReq.setError(error);
             }
         } catch (IOException e) {
-            log(ILogger.LL_FAILURE, 
-                CMS.getLogMessage("ADMIN_SRVLT_ERR_STREAM_TEMPLATE", e.toString()));
+            log(ILogger.LL_FAILURE,
+                    CMS.getLogMessage("ADMIN_SRVLT_ERR_STREAM_TEMPLATE", e.toString()));
             throw new ECMSGWException(
-              CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
+                    CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
         }
     }
 
-	
     /**
      * Process X509 cert status change request
      * <P>
-     *
-     * (Certificate Request - an "agent" cert status change request to take
-     *  a certificate off-hold)
+     * 
+     * (Certificate Request - an "agent" cert status change request to take a
+     * certificate off-hold)
      * <P>
-     *
-     * (Certificate Request Processed -  an "agent" cert status change request
-     *  to take a certificate off-hold)
+     * 
+     * (Certificate Request Processed - an "agent" cert status change request to
+     * take a certificate off-hold)
      * <P>
-     *
+     * 
      * <ul>
-     * <li>signed.audit LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST used when
-     * a cert status change request (e. g. - "revocation") is made (before
+     * <li>signed.audit LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST used
+     * when a cert status change request (e. g. - "revocation") is made (before
      * approval process)
-     * <li>signed.audit LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED
-     * used when a certificate status is changed (taken off-hold)
+     * <li>signed.audit
+     * LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED used when a
+     * certificate status is changed (taken off-hold)
      * </ul>
+     * 
      * @param argSet CMS template parameters
      * @param header argument block
      * @param serialNumbers the serial number of the certificate
@@ -245,11 +243,11 @@ public class DoUnrevoke extends CMSServlet {
      * @exception EBaseException an error has occurred
      */
     private void process(CMSTemplateParams argSet, IArgBlock header,
-        BigInteger[] serialNumbers,
-        HttpServletRequest req,
-        HttpServletResponse resp,
-        Locale locale, String initiative)
-        throws EBaseException {
+            BigInteger[] serialNumbers,
+            HttpServletRequest req,
+            HttpServletResponse resp,
+            Locale locale, String initiative)
+            throws EBaseException {
         boolean auditRequest = true;
         String auditMessage = null;
         String auditSubjectID = auditSubjectID();
@@ -262,11 +260,13 @@ public class DoUnrevoke extends CMSServlet {
         try {
             StringBuffer snList = new StringBuffer();
 
-            // certs are for old cloning and they should be removed as soon as possible
+            // certs are for old cloning and they should be removed as soon as
+            // possible
             X509CertImpl[] certs = new X509CertImpl[serialNumbers.length];
             for (int i = 0; i < serialNumbers.length; i++) {
-                certs[i] = (X509CertImpl)getX509Certificate(serialNumbers[i]);
-                if (snList.length() > 0) snList.append(", ");
+                certs[i] = (X509CertImpl) getX509Certificate(serialNumbers[i]);
+                if (snList.length() > 0)
+                    snList.append(", ");
                 snList.append("0x");
                 snList.append(serialNumbers[i].toString(16));
             }
@@ -310,15 +310,15 @@ public class DoUnrevoke extends CMSServlet {
                     header.addStringValue("unrevoked", "yes");
                     if (certs[0] != null) {
                         mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER,
-                            AuditFormat.LEVEL,
-                            AuditFormat.DOUNREVOKEFORMAT,
-                            new Object[] {
-                                unrevReq.getRequestId(),
-                                initiative,
-                                "completed",
-                                certs[0].getSubjectDN(),
-                                "0x" + serialNumbers[0].toString(16)}
-                        );
+                                AuditFormat.LEVEL,
+                                AuditFormat.DOUNREVOKEFORMAT,
+                                new Object[] {
+                                        unrevReq.getRequestId(),
+                                        initiative,
+                                        "completed",
+                                        certs[0].getSubjectDN(),
+                                        "0x" + serialNumbers[0].toString(16) }
+                                );
                     }
                 } else {
                     header.addStringValue("unrevoked", "no");
@@ -328,59 +328,59 @@ public class DoUnrevoke extends CMSServlet {
                         header.addStringValue("error", error);
                         if (certs[0] != null) {
                             mLogger.log(ILogger.EV_AUDIT,
-                                ILogger.S_OTHER,
-                                AuditFormat.LEVEL,
-                                AuditFormat.DOUNREVOKEFORMAT,
-                                new Object[] {
-                                    unrevReq.getRequestId(),
-                                    initiative,
-                                    "completed with error: " +
-                                    error,
-                                    certs[0].getSubjectDN(),
-                                    "0x" + serialNumbers[0].toString(16)}
-                            );
+                                    ILogger.S_OTHER,
+                                    AuditFormat.LEVEL,
+                                    AuditFormat.DOUNREVOKEFORMAT,
+                                    new Object[] {
+                                            unrevReq.getRequestId(),
+                                            initiative,
+                                            "completed with error: " +
+                                                    error,
+                                            certs[0].getSubjectDN(),
+                                            "0x" + serialNumbers[0].toString(16) }
+                                    );
                         }
 
                         /****************************************************/
-                    
-                        /* IMPORTANT:  In the event that the following      */
-                    
-                        /*             "throw error;" statement is          */
-                    
-                        /*             uncommented, uncomment the following */
-                    
-                        /*             signed audit log message, also!!!    */
-                    
+
+                        /* IMPORTANT: In the event that the following */
+
+                        /* "throw error;" statement is */
+
+                        /* uncommented, uncomment the following */
+
+                        /* signed audit log message, also!!! */
+
                         /****************************************************/
 
-                        //                  // store a message in the signed audit log file
-                        //                  // if and only if "auditApprovalStatus" is
-                        //                  // "complete", "revoked", or "canceled"
-                        //                  if( ( auditApprovalStatus.equals(
-                        //                            RequestStatus.COMPLETE_STRING ) ) ||
-                        //                      ( auditApprovalStatus.equals(
-                        //                            RequestStatus.REJECTED_STRING ) ) ||
-                        //                      ( auditApprovalStatus.equals(
-                        //                            RequestStatus.CANCELED_STRING ) ) ) {
-                        //                          auditMessage = CMS.getLogMessage(
-                        //                              LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED,
-                        //                              auditSubjectID,
-                        //                              ILogger.FAILURE,
-                        //                              auditRequesterID,
-                        //                              auditSerialNumber,
-                        //                              auditRequestType,
-                        //                              auditReasonNum,
-                        //                              auditApprovalStatus );
+                        // // store a message in the signed audit log file
+                        // // if and only if "auditApprovalStatus" is
+                        // // "complete", "revoked", or "canceled"
+                        // if( ( auditApprovalStatus.equals(
+                        // RequestStatus.COMPLETE_STRING ) ) ||
+                        // ( auditApprovalStatus.equals(
+                        // RequestStatus.REJECTED_STRING ) ) ||
+                        // ( auditApprovalStatus.equals(
+                        // RequestStatus.CANCELED_STRING ) ) ) {
+                        // auditMessage = CMS.getLogMessage(
+                        // LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED,
+                        // auditSubjectID,
+                        // ILogger.FAILURE,
+                        // auditRequesterID,
+                        // auditSerialNumber,
+                        // auditRequestType,
+                        // auditReasonNum,
+                        // auditApprovalStatus );
                         //
-                        //                          audit( auditMessage );
-                        //                      }
+                        // audit( auditMessage );
+                        // }
 
-                        //                      throw error;
+                        // throw error;
                     }
                 }
 
-                Integer updateCRLResult = 
-                    unrevReq.getExtDataInInteger(IRequest.CRL_UPDATE_STATUS);
+                Integer updateCRLResult =
+                        unrevReq.getExtDataInInteger(IRequest.CRL_UPDATE_STATUS);
 
                 if (updateCRLResult != null) {
                     header.addStringValue("updateCRL", "yes");
@@ -389,15 +389,15 @@ public class DoUnrevoke extends CMSServlet {
                     } else {
                         header.addStringValue("updateCRLSuccess", "no");
                         String crlError =
-                            unrevReq.getExtDataInString(IRequest.CRL_UPDATE_ERROR);
+                                unrevReq.getExtDataInString(IRequest.CRL_UPDATE_ERROR);
 
-                        if (crlError != null) 
-                            header.addStringValue("updateCRLError", 
-                                crlError);
+                        if (crlError != null)
+                            header.addStringValue("updateCRLError",
+                                    crlError);
                     }
                     // let known crl publishing status too.
-                    Integer publishCRLResult = 
-                        unrevReq.getExtDataInInteger(IRequest.CRL_PUBLISH_STATUS);
+                    Integer publishCRLResult =
+                            unrevReq.getExtDataInInteger(IRequest.CRL_PUBLISH_STATUS);
 
                     if (publishCRLResult != null) {
                         if (publishCRLResult.equals(IRequest.RES_SUCCESS)) {
@@ -405,22 +405,22 @@ public class DoUnrevoke extends CMSServlet {
                         } else {
                             header.addStringValue("publishCRLSuccess", "no");
                             String publError =
-                                unrevReq.getExtDataInString(IRequest.CRL_PUBLISH_ERROR);
+                                    unrevReq.getExtDataInString(IRequest.CRL_PUBLISH_ERROR);
 
-                            if (publError != null) 
-                                header.addStringValue("publishCRLError", 
-                                    publError);
+                            if (publError != null)
+                                header.addStringValue("publishCRLError",
+                                        publError);
                         }
                     }
                 }
 
-                // let known update and publish status of all crls. 
-                Enumeration otherCRLs = 
-                    ((ICertificateAuthority) mAuthority).getCRLIssuingPoints();
+                // let known update and publish status of all crls.
+                Enumeration otherCRLs =
+                        ((ICertificateAuthority) mAuthority).getCRLIssuingPoints();
 
                 while (otherCRLs.hasMoreElements()) {
                     ICRLIssuingPoint crl = (ICRLIssuingPoint)
-                        otherCRLs.nextElement();
+                            otherCRLs.nextElement();
                     String crlId = crl.getId();
 
                     if (crlId.equals(ICertificateAuthority.PROP_MASTER_CRL))
@@ -431,48 +431,48 @@ public class DoUnrevoke extends CMSServlet {
                     if (updateResult != null) {
                         if (updateResult.equals(IRequest.RES_SUCCESS)) {
                             CMS.debug("DoUnrevoke: adding header " +
-                                updateStatusStr + " yes ");
+                                    updateStatusStr + " yes ");
                             header.addStringValue(updateStatusStr, "yes");
                         } else {
                             String updateErrorStr = crl.getCrlUpdateErrorStr();
 
                             CMS.debug("DoUnrevoke: adding header " +
-                                updateStatusStr + " no ");
+                                    updateStatusStr + " no ");
                             header.addStringValue(updateStatusStr, "no");
                             String error =
-                                unrevReq.getExtDataInString(updateErrorStr);
+                                    unrevReq.getExtDataInString(updateErrorStr);
 
-                            if (error != null) 
+                            if (error != null)
                                 header.addStringValue(
-                                    updateErrorStr, error);
+                                        updateErrorStr, error);
                         }
                         String publishStatusStr = crl.getCrlPublishStatusStr();
                         Integer publishResult =
-                            unrevReq.getExtDataInInteger(publishStatusStr);
+                                unrevReq.getExtDataInInteger(publishStatusStr);
 
-                        if (publishResult == null) 
+                        if (publishResult == null)
                             continue;
                         if (publishResult.equals(IRequest.RES_SUCCESS)) {
                             header.addStringValue(publishStatusStr, "yes");
                         } else {
-                            String publishErrorStr = 
-                                crl.getCrlPublishErrorStr();
+                            String publishErrorStr =
+                                    crl.getCrlPublishErrorStr();
 
                             header.addStringValue(publishStatusStr, "no");
                             String error =
-                                unrevReq.getExtDataInString(publishErrorStr);
+                                    unrevReq.getExtDataInString(publishErrorStr);
 
-                            if (error != null) 
+                            if (error != null)
                                 header.addStringValue(
-                                    publishErrorStr, error);
+                                        publishErrorStr, error);
                         }
                     }
                 }
 
                 if (mPublisherProcessor != null && mPublisherProcessor.ldapEnabled()) {
                     header.addStringValue("dirEnabled", "yes");
-                    Integer[] ldapPublishStatus = 
-                        unrevReq.getExtDataInIntegerArray("ldapPublishStatus");
+                    Integer[] ldapPublishStatus =
+                            unrevReq.getExtDataInIntegerArray("ldapPublishStatus");
 
                     if (ldapPublishStatus != null) {
                         if (ldapPublishStatus[0] == IRequest.RES_SUCCESS) {
@@ -490,30 +490,30 @@ public class DoUnrevoke extends CMSServlet {
                 header.addStringValue("unrevoked", "pending");
                 if (certs[0] != null) {
                     mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER,
-                        AuditFormat.LEVEL,
-                        AuditFormat.DOUNREVOKEFORMAT,
-                        new Object[] {
-                            unrevReq.getRequestId(),
-                            initiative,
-                            "pending",
-                            certs[0].getSubjectDN(),
-                            "0x" + serialNumbers[0].toString(16)}
-                    );
+                            AuditFormat.LEVEL,
+                            AuditFormat.DOUNREVOKEFORMAT,
+                            new Object[] {
+                                    unrevReq.getRequestId(),
+                                    initiative,
+                                    "pending",
+                                    certs[0].getSubjectDN(),
+                                    "0x" + serialNumbers[0].toString(16) }
+                            );
                 }
             } else {
                 header.addStringValue("error", "Request Status.Error");
                 header.addStringValue("unrevoked", "no");
                 if (certs[0] != null) {
                     mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER,
-                        AuditFormat.LEVEL,
-                        AuditFormat.DOUNREVOKEFORMAT,
-                        new Object[] {
-                            unrevReq.getRequestId(),
-                            initiative,
-                            status.toString(),
-                            certs[0].getSubjectDN(),
-                            "0x" + serialNumbers[0].toString(16)}
-                    );
+                            AuditFormat.LEVEL,
+                            AuditFormat.DOUNREVOKEFORMAT,
+                            new Object[] {
+                                    unrevReq.getRequestId(),
+                                    initiative,
+                                    status.toString(),
+                                    certs[0].getSubjectDN(),
+                                    "0x" + serialNumbers[0].toString(16) }
+                            );
                 }
             }
 
@@ -521,9 +521,8 @@ public class DoUnrevoke extends CMSServlet {
             // if and only if "auditApprovalStatus" is
             // "complete", "revoked", or "canceled"
             if ((auditApprovalStatus.equals(RequestStatus.COMPLETE_STRING))
-                || (auditApprovalStatus.equals(RequestStatus.REJECTED_STRING))
-                || (auditApprovalStatus.equals(RequestStatus.CANCELED_STRING))
-            ) {
+                    || (auditApprovalStatus.equals(RequestStatus.REJECTED_STRING))
+                    || (auditApprovalStatus.equals(RequestStatus.CANCELED_STRING))) {
                 auditMessage = CMS.getLogMessage(
                             LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED,
                             auditSubjectID,
@@ -557,10 +556,10 @@ public class DoUnrevoke extends CMSServlet {
                 // "complete", "revoked", or "canceled"
                 if ((auditApprovalStatus.equals(
                             RequestStatus.COMPLETE_STRING)) ||
-                    (auditApprovalStatus.equals(
-                            RequestStatus.REJECTED_STRING)) ||
-                    (auditApprovalStatus.equals(
-                            RequestStatus.CANCELED_STRING))) {
+                        (auditApprovalStatus.equals(
+                                RequestStatus.REJECTED_STRING)) ||
+                        (auditApprovalStatus.equals(
+                                RequestStatus.CANCELED_STRING))) {
                     auditMessage = CMS.getLogMessage(
                                 LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED,
                                 auditSubjectID,
@@ -580,7 +579,7 @@ public class DoUnrevoke extends CMSServlet {
     }
 
     private BigInteger[] getSerialNumbers(HttpServletRequest req)
-        throws NumberFormatException {
+            throws NumberFormatException {
         String serialNumString = req.getParameter("serialNumber");
 
         StringTokenizer snList = new StringTokenizer(serialNumString, " ");
@@ -601,7 +600,7 @@ public class DoUnrevoke extends CMSServlet {
                 biList.addElement(bi);
             } else {
                 throw new NumberFormatException();
-            } 
+            }
         }
         if (biList.size() < 1) {
             throw new NumberFormatException();
@@ -617,11 +616,11 @@ public class DoUnrevoke extends CMSServlet {
 
     /**
      * Signed Audit Log Requester ID
-     *
-     * This method is called to obtain the "RequesterID" for
-     * a signed audit log message.
+     * 
+     * This method is called to obtain the "RequesterID" for a signed audit log
+     * message.
      * <P>
-     *
+     * 
      * @param req HTTP request
      * @return id string containing the signed audit log message RequesterID
      */
@@ -647,11 +646,11 @@ public class DoUnrevoke extends CMSServlet {
 
     /**
      * Signed Audit Log Serial Number
-     *
+     * 
      * This method is called to obtain the serial number of the certificate
      * whose status is to be changed for a signed audit log message.
      * <P>
-     *
+     * 
      * @param eeSerialNumber a string containing the un-normalized serialNumber
      * @return id string containing the signed audit log message RequesterID
      */
@@ -670,7 +669,7 @@ public class DoUnrevoke extends CMSServlet {
             // convert it to hexadecimal
             serialNumber = "0x"
                     + Integer.toHexString(
-                        Integer.valueOf(serialNumber).intValue());
+                            Integer.valueOf(serialNumber).intValue());
         } else {
             serialNumber = ILogger.SIGNED_AUDIT_EMPTY_VALUE;
         }
@@ -678,4 +677,3 @@ public class DoUnrevoke extends CMSServlet {
         return serialNumber;
     }
 }
-
diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/DoUnrevokeTPS.java b/pki/base/common/src/com/netscape/cms/servlet/cert/DoUnrevokeTPS.java
index 8f46ee9c..4472d0e5 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/cert/DoUnrevokeTPS.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/cert/DoUnrevokeTPS.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.servlet.cert;
 
-
 import java.io.IOException;
 import java.io.OutputStream;
 import java.math.BigInteger;
@@ -55,11 +54,10 @@ import com.netscape.cms.servlet.common.CMSRequest;
 import com.netscape.cms.servlet.common.CMSTemplate;
 import com.netscape.cms.servlet.common.ECMSGWException;
 
-
 /**
- * 'Unrevoke' a certificate. (For certificates that are on-hold only,
- * take them off-hold)
- *
+ * 'Unrevoke' a certificate. (For certificates that are on-hold only, take them
+ * off-hold)
+ * 
  * @version $Revision$, $Date$
  */
 public class DoUnrevokeTPS extends CMSServlet {
@@ -81,19 +79,18 @@ public class DoUnrevokeTPS extends CMSServlet {
 
     private final static String OFF_HOLD = "off-hold";
     private final static int OFF_HOLD_REASON = 6;
-    private final static String
-        LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST =
-        "LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_5";
-    private final static String
-        LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED =
-        "LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED_7";
-    
+    private final static String LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST =
+            "LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_5";
+    private final static String LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED =
+            "LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED_7";
+
     public DoUnrevokeTPS() {
         super();
     }
 
     /**
      * initialize the servlet.
+     * 
      * @param sc servlet configuration, read from the web.xml file
      */
     public void init(ServletConfig sc) throws ServletException {
@@ -112,14 +109,14 @@ public class DoUnrevokeTPS extends CMSServlet {
     }
 
     /**
-     * Process the HTTP request. 
+     * Process the HTTP request.
      * <ul>
-     * <li>http.param serialNumber Decimal serial number of certificate to unrevoke. The
-	 *   certificate must be revoked with a revovcation reason 'on hold' for this
-	 *   operation to succeed. The serial number may be expressed as a hex number by
-	 *   prefixing '0x' to the serialNumber string
+     * <li>http.param serialNumber Decimal serial number of certificate to
+     * unrevoke. The certificate must be revoked with a revovcation reason 'on
+     * hold' for this operation to succeed. The serial number may be expressed
+     * as a hex number by prefixing '0x' to the serialNumber string
      * </ul>
-     *
+     * 
      * @param cmsReq the object holding the request and response information
      */
     public void process(CMSRequest cmsReq) throws EBaseException {
@@ -133,34 +130,31 @@ public class DoUnrevokeTPS extends CMSServlet {
 
         Locale[] locale = new Locale[1];
 
-/*
-        try {
-            form = getTemplate(mFormPath, req, locale);
-        } catch (IOException e) {
-            log(ILogger.LL_FAILURE, 
-                CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", e.toString()));
-            throw new ECMSGWException(
-              CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
-        }
-*/
+        /*
+         * try { form = getTemplate(mFormPath, req, locale); } catch
+         * (IOException e) { log(ILogger.LL_FAILURE,
+         * CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", e.toString())); throw new
+         * ECMSGWException(
+         * CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")); }
+         */
 
         try {
             serialNumbers = getSerialNumbers(req);
 
-            //for audit log.
+            // for audit log.
             IAuthToken authToken = authenticate(cmsReq);
             String authMgr = AuditFormat.NOAUTH;
-        
+
             if (authToken != null) {
                 authMgr =
                         authToken.getInString(AuthToken.TOKEN_AUTHMGR_INST_NAME);
-            } else {    
-                CMS.debug( "DoUnrevokeTPS::process() -  authToken is null!" );
+            } else {
+                CMS.debug("DoUnrevokeTPS::process() -  authToken is null!");
                 return;
-            }    
+            }
             String agentID = authToken.getInString("userid");
             String initiative = AuditFormat.FROMAGENT + " agentID: " + agentID
-                + " authenticated by " + authMgr;
+                    + " authenticated by " + authMgr;
 
             AuthzToken authzToken = null;
 
@@ -169,17 +163,17 @@ public class DoUnrevokeTPS extends CMSServlet {
                             mAuthzResourceName, "unrevoke");
             } catch (EAuthzAccessDenied e) {
                 log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+                        CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
             } catch (Exception e) {
                 log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+                        CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
             }
 
             if (authzToken == null) {
                 cmsReq.setStatus(CMSRequest.UNAUTHORIZED);
                 o_status = "status=3";
                 errorString = "error=unauthorized";
-                String pp = o_status+"\n"+errorString;
+                String pp = o_status + "\n" + errorString;
                 byte[] b = pp.getBytes();
                 resp.setContentType("text/html");
                 resp.setContentLength(b.length);
@@ -192,7 +186,7 @@ public class DoUnrevokeTPS extends CMSServlet {
             process(serialNumbers, req, resp, locale[0], initiative);
         } catch (NumberFormatException e) {
             log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_INVALID_SERIAL_NUM_FORMAT"));
-            error = new EBaseException(CMS.getUserMessage(getLocale(req),"CMS_BASE_INVALID_NUMBER_FORMAT"));
+            error = new EBaseException(CMS.getUserMessage(getLocale(req), "CMS_BASE_INVALID_NUMBER_FORMAT"));
         } catch (EBaseException e) {
             error = e;
         } catch (IOException e) {
@@ -206,10 +200,10 @@ public class DoUnrevokeTPS extends CMSServlet {
                 errorString = "error=";
             } else {
                 o_status = "status=3";
-                errorString = "error="+error.toString();
+                errorString = "error=" + error.toString();
             }
 
-            String pp = o_status+"\n"+errorString;
+            String pp = o_status + "\n" + errorString;
             byte[] b = pp.getBytes();
             resp.setContentType("text/html");
             resp.setContentLength(b.length);
@@ -217,33 +211,34 @@ public class DoUnrevokeTPS extends CMSServlet {
             os.write(b);
             os.flush();
         } catch (IOException e) {
-            log(ILogger.LL_FAILURE, 
-                CMS.getLogMessage("ADMIN_SRVLT_ERR_STREAM_TEMPLATE", e.toString()));
+            log(ILogger.LL_FAILURE,
+                    CMS.getLogMessage("ADMIN_SRVLT_ERR_STREAM_TEMPLATE", e.toString()));
             throw new ECMSGWException(
-              CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
+                    CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
         }
     }
 
-	
     /**
      * Process X509 cert status change request
      * <P>
-     *
-     * (Certificate Request - an "agent" cert status change request to take
-     *  a certificate off-hold)
+     * 
+     * (Certificate Request - an "agent" cert status change request to take a
+     * certificate off-hold)
      * <P>
-     *
-     * (Certificate Request Processed -  an "agent" cert status change request
-     *  to take a certificate off-hold)
+     * 
+     * (Certificate Request Processed - an "agent" cert status change request to
+     * take a certificate off-hold)
      * <P>
-     *
+     * 
      * <ul>
-     * <li>signed.audit LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST used when
-     * a cert status change request (e. g. - "revocation") is made (before
+     * <li>signed.audit LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST used
+     * when a cert status change request (e. g. - "revocation") is made (before
      * approval process)
-     * <li>signed.audit LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED
-     * used when a certificate status is changed (taken off-hold)
+     * <li>signed.audit
+     * LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED used when a
+     * certificate status is changed (taken off-hold)
      * </ul>
+     * 
      * @param serialNumbers the serial number of the certificate
      * @param req HTTP servlet request
      * @param resp HTTP servlet response
@@ -252,10 +247,10 @@ public class DoUnrevokeTPS extends CMSServlet {
      * @exception EBaseException an error has occurred
      */
     private void process(BigInteger[] serialNumbers,
-        HttpServletRequest req,
-        HttpServletResponse resp,
-        Locale locale, String initiative)
-        throws EBaseException {
+            HttpServletRequest req,
+            HttpServletResponse resp,
+            Locale locale, String initiative)
+            throws EBaseException {
         boolean auditRequest = true;
         String auditMessage = null;
         String auditSubjectID = auditSubjectID();
@@ -268,11 +263,13 @@ public class DoUnrevokeTPS extends CMSServlet {
         try {
             String snList = "";
 
-            // certs are for old cloning and they should be removed as soon as possible
+            // certs are for old cloning and they should be removed as soon as
+            // possible
             X509CertImpl[] certs = new X509CertImpl[serialNumbers.length];
             for (int i = 0; i < serialNumbers.length; i++) {
-                certs[i] = (X509CertImpl)getX509Certificate(serialNumbers[i]);
-                if (snList.length() > 0) snList += ", ";
+                certs[i] = (X509CertImpl) getX509Certificate(serialNumbers[i]);
+                if (snList.length() > 0)
+                    snList += ", ";
                 snList += "0x" + serialNumbers[i].toString(16);
             }
 
@@ -313,76 +310,76 @@ public class DoUnrevokeTPS extends CMSServlet {
                 if (result != null && result.equals(IRequest.RES_SUCCESS)) {
                     if (certs[0] != null) {
                         mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER,
-                            AuditFormat.LEVEL,
-                            AuditFormat.DOUNREVOKEFORMAT,
-                            new Object[] {
-                                unrevReq.getRequestId(),
-                                initiative,
-                                "completed",
-                                certs[0].getSubjectDN(),
-                                "0x" + serialNumbers[0].toString(16)}
-                        );
+                                AuditFormat.LEVEL,
+                                AuditFormat.DOUNREVOKEFORMAT,
+                                new Object[] {
+                                        unrevReq.getRequestId(),
+                                        initiative,
+                                        "completed",
+                                        certs[0].getSubjectDN(),
+                                        "0x" + serialNumbers[0].toString(16) }
+                                );
                     }
                 } else {
                     String error = unrevReq.getExtDataInString(IRequest.ERROR);
 
                     if (error != null) {
                         o_status = "status=3";
-                        errorString = "error="+error;
+                        errorString = "error=" + error;
                         if (certs[0] != null) {
                             mLogger.log(ILogger.EV_AUDIT,
-                                ILogger.S_OTHER,
-                                AuditFormat.LEVEL,
-                                AuditFormat.DOUNREVOKEFORMAT,
-                                new Object[] {
-                                    unrevReq.getRequestId(),
-                                    initiative,
-                                    "completed with error: " +
-                                    error,
-                                    certs[0].getSubjectDN(),
-                                    "0x" + serialNumbers[0].toString(16)}
-                            );
+                                    ILogger.S_OTHER,
+                                    AuditFormat.LEVEL,
+                                    AuditFormat.DOUNREVOKEFORMAT,
+                                    new Object[] {
+                                            unrevReq.getRequestId(),
+                                            initiative,
+                                            "completed with error: " +
+                                                    error,
+                                            certs[0].getSubjectDN(),
+                                            "0x" + serialNumbers[0].toString(16) }
+                                    );
                         }
                     }
                 }
 
-                Integer updateCRLResult = 
-                    unrevReq.getExtDataInInteger(IRequest.CRL_UPDATE_STATUS);
+                Integer updateCRLResult =
+                        unrevReq.getExtDataInInteger(IRequest.CRL_UPDATE_STATUS);
 
                 if (updateCRLResult != null) {
                     if (!updateCRLResult.equals(IRequest.RES_SUCCESS)) {
                         String crlError =
-                            unrevReq.getExtDataInString(IRequest.CRL_UPDATE_ERROR);
+                                unrevReq.getExtDataInString(IRequest.CRL_UPDATE_ERROR);
 
                         if (crlError != null) {
                             o_status = "status=3";
-                            errorString = "error="+crlError;
+                            errorString = "error=" + crlError;
                         }
                     }
                     // let known crl publishing status too.
-                    Integer publishCRLResult = 
-                        unrevReq.getExtDataInInteger(IRequest.CRL_PUBLISH_STATUS);
+                    Integer publishCRLResult =
+                            unrevReq.getExtDataInInteger(IRequest.CRL_PUBLISH_STATUS);
 
                     if (publishCRLResult != null) {
                         if (!publishCRLResult.equals(IRequest.RES_SUCCESS)) {
                             String publError =
-                                unrevReq.getExtDataInString(IRequest.CRL_PUBLISH_ERROR);
+                                    unrevReq.getExtDataInString(IRequest.CRL_PUBLISH_ERROR);
 
                             if (publError != null) {
                                 o_status = "status=3";
-                                errorString = "error="+publError;
+                                errorString = "error=" + publError;
                             }
                         }
                     }
                 }
 
-                // let known update and publish status of all crls. 
-                Enumeration otherCRLs = 
-                    ((ICertificateAuthority) mAuthority).getCRLIssuingPoints();
+                // let known update and publish status of all crls.
+                Enumeration otherCRLs =
+                        ((ICertificateAuthority) mAuthority).getCRLIssuingPoints();
 
                 while (otherCRLs.hasMoreElements()) {
                     ICRLIssuingPoint crl = (ICRLIssuingPoint)
-                        otherCRLs.nextElement();
+                            otherCRLs.nextElement();
                     String crlId = crl.getId();
 
                     if (crlId.equals(ICertificateAuthority.PROP_MASTER_CRL))
@@ -394,37 +391,37 @@ public class DoUnrevokeTPS extends CMSServlet {
                         if (!updateResult.equals(IRequest.RES_SUCCESS)) {
                             String updateErrorStr = crl.getCrlUpdateErrorStr();
                             String error =
-                                unrevReq.getExtDataInString(updateErrorStr);
+                                    unrevReq.getExtDataInString(updateErrorStr);
 
                             if (error != null) {
                                 o_status = "status=3";
-                                errorString = "error="+error;
+                                errorString = "error=" + error;
                             }
                         }
                         String publishStatusStr = crl.getCrlPublishStatusStr();
                         Integer publishResult =
-                            unrevReq.getExtDataInInteger(publishStatusStr);
+                                unrevReq.getExtDataInInteger(publishStatusStr);
 
-                        if (publishResult == null) 
+                        if (publishResult == null)
                             continue;
                         if (!publishResult.equals(IRequest.RES_SUCCESS)) {
-                            String publishErrorStr = 
-                                crl.getCrlPublishErrorStr();
+                            String publishErrorStr =
+                                    crl.getCrlPublishErrorStr();
 
                             String error =
-                                unrevReq.getExtDataInString(publishErrorStr);
+                                    unrevReq.getExtDataInString(publishErrorStr);
 
                             if (error != null) {
                                 o_status = "status=3";
-                                errorString = "error="+error;
+                                errorString = "error=" + error;
                             }
                         }
                     }
                 }
 
                 if (mPublisherProcessor != null && mPublisherProcessor.ldapEnabled()) {
-                    Integer[] ldapPublishStatus = 
-                        unrevReq.getExtDataInIntegerArray("ldapPublishStatus");
+                    Integer[] ldapPublishStatus =
+                            unrevReq.getExtDataInIntegerArray("ldapPublishStatus");
 
                     if (ldapPublishStatus != null) {
                         if (ldapPublishStatus[0] != IRequest.RES_SUCCESS) {
@@ -432,25 +429,25 @@ public class DoUnrevokeTPS extends CMSServlet {
                             errorString = "error=Problem in publishing to LDAP";
                         }
                     }
-                } else if (mPublisherProcessor == null || (! mPublisherProcessor.ldapEnabled())) {
+                } else if (mPublisherProcessor == null || (!mPublisherProcessor.ldapEnabled())) {
                     o_status = "status=3";
                     errorString = "error=LDAP Publisher not enabled";
                 }
 
             } else if (status == RequestStatus.PENDING) {
                 o_status = "status=2";
-                errorString = "error="+status.toString();
+                errorString = "error=" + status.toString();
                 if (certs[0] != null) {
                     mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER,
-                        AuditFormat.LEVEL,
-                        AuditFormat.DOUNREVOKEFORMAT,
-                        new Object[] {
-                            unrevReq.getRequestId(),
-                            initiative,
-                            "pending",
-                            certs[0].getSubjectDN(),
-                            "0x" + serialNumbers[0].toString(16)}
-                    );
+                            AuditFormat.LEVEL,
+                            AuditFormat.DOUNREVOKEFORMAT,
+                            new Object[] {
+                                    unrevReq.getRequestId(),
+                                    initiative,
+                                    "pending",
+                                    certs[0].getSubjectDN(),
+                                    "0x" + serialNumbers[0].toString(16) }
+                            );
                 }
             } else {
                 o_status = "status=2";
@@ -458,15 +455,15 @@ public class DoUnrevokeTPS extends CMSServlet {
 
                 if (certs[0] != null) {
                     mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER,
-                        AuditFormat.LEVEL,
-                        AuditFormat.DOUNREVOKEFORMAT,
-                        new Object[] {
-                            unrevReq.getRequestId(),
-                            initiative,
-                            status.toString(),
-                            certs[0].getSubjectDN(),
-                            "0x" + serialNumbers[0].toString(16)}
-                    );
+                            AuditFormat.LEVEL,
+                            AuditFormat.DOUNREVOKEFORMAT,
+                            new Object[] {
+                                    unrevReq.getRequestId(),
+                                    initiative,
+                                    status.toString(),
+                                    certs[0].getSubjectDN(),
+                                    "0x" + serialNumbers[0].toString(16) }
+                            );
                 }
             }
 
@@ -474,9 +471,8 @@ public class DoUnrevokeTPS extends CMSServlet {
             // if and only if "auditApprovalStatus" is
             // "complete", "revoked", or "canceled"
             if ((auditApprovalStatus.equals(RequestStatus.COMPLETE_STRING))
-                || (auditApprovalStatus.equals(RequestStatus.REJECTED_STRING))
-                || (auditApprovalStatus.equals(RequestStatus.CANCELED_STRING))
-            ) {
+                    || (auditApprovalStatus.equals(RequestStatus.REJECTED_STRING))
+                    || (auditApprovalStatus.equals(RequestStatus.CANCELED_STRING))) {
                 auditMessage = CMS.getLogMessage(
                             LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED,
                             auditSubjectID,
@@ -510,10 +506,10 @@ public class DoUnrevokeTPS extends CMSServlet {
                 // "complete", "revoked", or "canceled"
                 if ((auditApprovalStatus.equals(
                             RequestStatus.COMPLETE_STRING)) ||
-                    (auditApprovalStatus.equals(
-                            RequestStatus.REJECTED_STRING)) ||
-                    (auditApprovalStatus.equals(
-                            RequestStatus.CANCELED_STRING))) {
+                        (auditApprovalStatus.equals(
+                                RequestStatus.REJECTED_STRING)) ||
+                        (auditApprovalStatus.equals(
+                                RequestStatus.CANCELED_STRING))) {
                     auditMessage = CMS.getLogMessage(
                                 LOGGING_SIGNED_AUDIT_CERT_STATUS_CHANGE_REQUEST_PROCESSED,
                                 auditSubjectID,
@@ -533,7 +529,7 @@ public class DoUnrevokeTPS extends CMSServlet {
     }
 
     private BigInteger[] getSerialNumbers(HttpServletRequest req)
-        throws NumberFormatException {
+            throws NumberFormatException {
         String serialNumString = req.getParameter("serialNumber");
 
         StringTokenizer snList = new StringTokenizer(serialNumString, " ");
@@ -554,7 +550,7 @@ public class DoUnrevokeTPS extends CMSServlet {
                 biList.addElement(bi);
             } else {
                 throw new NumberFormatException();
-            } 
+            }
         }
         if (biList.size() < 1) {
             throw new NumberFormatException();
@@ -570,11 +566,11 @@ public class DoUnrevokeTPS extends CMSServlet {
 
     /**
      * Signed Audit Log Requester ID
-     *
-     * This method is called to obtain the "RequesterID" for
-     * a signed audit log message.
+     * 
+     * This method is called to obtain the "RequesterID" for a signed audit log
+     * message.
      * <P>
-     *
+     * 
      * @param req HTTP request
      * @return id string containing the signed audit log message RequesterID
      */
@@ -600,11 +596,11 @@ public class DoUnrevokeTPS extends CMSServlet {
 
     /**
      * Signed Audit Log Serial Number
-     *
+     * 
      * This method is called to obtain the serial number of the certificate
      * whose status is to be changed for a signed audit log message.
      * <P>
-     *
+     * 
      * @param eeSerialNumber a string containing the un-normalized serialNumber
      * @return id string containing the signed audit log message RequesterID
      */
@@ -623,7 +619,7 @@ public class DoUnrevokeTPS extends CMSServlet {
             // convert it to hexadecimal
             serialNumber = "0x"
                     + Integer.toHexString(
-                        Integer.valueOf(serialNumber).intValue());
+                            Integer.valueOf(serialNumber).intValue());
         } else {
             serialNumber = ILogger.SIGNED_AUDIT_EMPTY_VALUE;
         }
@@ -631,4 +627,3 @@ public class DoUnrevokeTPS extends CMSServlet {
         return serialNumber;
     }
 }
-
diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/EnableEnrollResult.java b/pki/base/common/src/com/netscape/cms/servlet/cert/EnableEnrollResult.java
index b1d89426..2a143b66 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/cert/EnableEnrollResult.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/cert/EnableEnrollResult.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.servlet.cert;
 
-
 import java.io.IOException;
 import java.security.cert.X509Certificate;
 import java.util.Locale;
@@ -46,10 +45,9 @@ import com.netscape.cms.servlet.common.CMSTemplate;
 import com.netscape.cms.servlet.common.CMSTemplateParams;
 import com.netscape.cms.servlet.common.ECMSGWException;
 
-
 /**
  * For Face-to-face enrollment, enable EE enrollment feature
- *
+ * 
  * @version $Revision$, $Date$
  * @see com.netscape.cms.servlet.cert.DisableEnrollResult
  */
@@ -88,7 +86,7 @@ public class EnableEnrollResult extends CMSServlet {
      * Services the request
      */
     protected void process(CMSRequest cmsReq)
-        throws EBaseException {
+            throws EBaseException {
         HttpServletRequest httpReq = cmsReq.getHttpReq();
         HttpServletResponse httpResp = cmsReq.getHttpResp();
 
@@ -119,7 +117,7 @@ public class EnableEnrollResult extends CMSServlet {
         if (!(mAuthority instanceof IRegistrationAuthority)) {
             log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_CA_FROM_RA_NOT_IMP"));
             cmsReq.setError(new ECMSGWException(
-              CMS.getUserMessage("CMS_GW_NOT_YET_IMPLEMENTED")));
+                    CMS.getUserMessage("CMS_GW_NOT_YET_IMPLEMENTED")));
             cmsReq.setStatus(CMSRequest.ERROR);
             return;
         }
@@ -130,10 +128,10 @@ public class EnableEnrollResult extends CMSServlet {
         try {
             form = getTemplate(mFormPath, httpReq, locale);
         } catch (IOException e) {
-            log(ILogger.LL_FAILURE, 
-                CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString()));
+            log(ILogger.LL_FAILURE,
+                    CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString()));
             cmsReq.setError(new ECMSGWException(
-              CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")));
+                    CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")));
             cmsReq.setStatus(CMSRequest.ERROR);
             return;
         }
@@ -162,7 +160,7 @@ public class EnableEnrollResult extends CMSServlet {
             String timeout = args.getValueAsString("timeout", "600");
 
             mgr.createEntry(host, dn, Long.parseLong(timeout) * 1000,
-                random.nextLong() + "", 0);
+                    random.nextLong() + "", 0);
             header.addStringValue("code", "0");
         }
 
@@ -173,10 +171,10 @@ public class EnableEnrollResult extends CMSServlet {
             form.renderOutput(out, argSet);
             cmsReq.setStatus(CMSRequest.SUCCESS);
         } catch (IOException e) {
-            log(ILogger.LL_FAILURE, 
-                CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString()));
+            log(ILogger.LL_FAILURE,
+                    CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString()));
             cmsReq.setError(new ECMSGWException(
-              CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")));
+                    CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")));
             cmsReq.setStatus(CMSRequest.ERROR);
         }
         cmsReq.setStatus(CMSRequest.SUCCESS);
diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/EnrollServlet.java b/pki/base/common/src/com/netscape/cms/servlet/cert/EnrollServlet.java
index 44d0c509..ecad6d8a 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/cert/EnrollServlet.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/cert/EnrollServlet.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.servlet.cert;
 
-
 import java.io.IOException;
 import java.math.BigInteger;
 import java.security.cert.CertificateEncodingException;
@@ -75,10 +74,9 @@ import com.netscape.cms.servlet.processors.KeyGenProcessor;
 import com.netscape.cms.servlet.processors.PKCS10Processor;
 import com.netscape.cms.servlet.processors.PKIProcessor;
 
-
 /**
  * Submit a Certificate Enrollment request
- *
+ * 
  * @version $Revision$, $Date$
  */
 public class EnrollServlet extends CMSServlet {
@@ -90,10 +88,9 @@ public class EnrollServlet extends CMSServlet {
     public final static String ADMIN_ENROLL_SERVLET_ID = "caadminEnroll";
 
     // enrollment templates.
-    public static final String 
-        ENROLL_SUCCESS_TEMPLATE = "EnrollSuccess.template";
+    public static final String ENROLL_SUCCESS_TEMPLATE = "EnrollSuccess.template";
 
-    // http params 
+    // http params
     public static final String OLD_CERT_TYPE = "csrCertType";
     public static final String CERT_TYPE = "certType";
     // same as in ConfigConstant.java
@@ -116,8 +113,7 @@ public class EnrollServlet extends CMSServlet {
 
     private boolean mAuthTokenOverride = true;
     private String mEnrollSuccessTemplate = null;
-    private ICMSTemplateFiller 
-        mEnrollSuccessFiller = new ImportCertsTemplateFiller();
+    private ICMSTemplateFiller mEnrollSuccessFiller = new ImportCertsTemplateFiller();
 
     ICertificateAuthority mCa = null;
     ICertificateRepository mRepository = null;
@@ -126,55 +122,55 @@ public class EnrollServlet extends CMSServlet {
 
     private String auditServiceID = ILogger.UNIDENTIFIED;
     private final static String ADMIN_CA_ENROLLMENT_SERVLET =
-        "caadminEnroll";
+            "caadminEnroll";
     private final static String AGENT_CA_BULK_ENROLLMENT_SERVLET =
-        "cabulkissuance";
+            "cabulkissuance";
     private final static String AGENT_RA_BULK_ENROLLMENT_SERVLET =
-        "rabulkissuance";
+            "rabulkissuance";
     private final static String EE_CA_CERT_BASED_ENROLLMENT_SERVLET =
-        "cacertbasedenrollment";
+            "cacertbasedenrollment";
     private final static String EE_CA_ENROLLMENT_SERVLET =
-        "caenrollment";
+            "caenrollment";
     private final static String EE_RA_CERT_BASED_ENROLLMENT_SERVLET =
-        "racertbasedenrollment";
+            "racertbasedenrollment";
     private final static String EE_RA_ENROLLMENT_SERVLET =
-        "raenrollment";
+            "raenrollment";
     private final static byte EOL[] = { Character.LINE_SEPARATOR };
-    private final static String[]
-        SIGNED_AUDIT_AUTOMATED_REJECTION_REASON = new String[] {
-            
-            /* 0 */ "automated non-profile cert request rejection:  "
+    private final static String[] SIGNED_AUDIT_AUTOMATED_REJECTION_REASON = new String[] {
+
+    /* 0 */"automated non-profile cert request rejection:  "
             + "unable to render OLD_CERT_TYPE response",
-            
-            /* 1 */ "automated non-profile cert request rejection:  "
+
+    /* 1 */"automated non-profile cert request rejection:  "
             + "unable to complete handleEnrollAuditLog() method",
-            
-            /* 2 */ "automated non-profile cert request rejection:  "
+
+    /* 2 */"automated non-profile cert request rejection:  "
             + "unable to render success template",
-            
-            /* 3 */ "automated non-profile cert request rejection:  "
+
+    /* 3 */"automated non-profile cert request rejection:  "
             + "indeterminate reason for inability to process "
             + "cert request due to an EBaseException"
         };
-    private final static String
-        LOGGING_SIGNED_AUDIT_NON_PROFILE_CERT_REQUEST =
-        "LOGGING_SIGNED_AUDIT_NON_PROFILE_CERT_REQUEST_5";
-    private final static String
-        LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED =
-        "LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED_5";
- 
+    private final static String LOGGING_SIGNED_AUDIT_NON_PROFILE_CERT_REQUEST =
+            "LOGGING_SIGNED_AUDIT_NON_PROFILE_CERT_REQUEST_5";
+    private final static String LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED =
+            "LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED_5";
+
     private static final String HEADER = "-----BEGIN NEW CERTIFICATE REQUEST-----";
     private static final String TRAILER = "-----END NEW CERTIFICATE REQUEST-----";
-    
+
     public EnrollServlet() {
         super();
     }
 
     /**
-     * initialize the servlet.<p>
-	 * the following parameters are read from the servlet config:
-	 * <ul><li>CMSServlet.PROP_ID - ID for signed audit log messages
-	 *     <li>CMSServlet.PROP_SUCCESS_TEMPLATE - success template file
+     * initialize the servlet.
+     * <p>
+     * the following parameters are read from the servlet config:
+     * <ul>
+     * <li>CMSServlet.PROP_ID - ID for signed audit log messages
+     * <li>CMSServlet.PROP_SUCCESS_TEMPLATE - success template file
+     * 
      * @param sc servlet configuration, read from the web.xml file
      */
     public void init(ServletConfig sc) throws ServletException {
@@ -185,8 +181,8 @@ public class EnrollServlet extends CMSServlet {
 
             try {
                 IConfigStore configStore = CMS.getConfigStore();
-                String PKI_Subsystem = configStore.getString( "subsystem.0.id",
-                                                              null );
+                String PKI_Subsystem = configStore.getString("subsystem.0.id",
+                                                              null);
 
                 // CMS 6.1 began utilizing the "Certificate Profiles" framework
                 // instead of the legacy "Certificate Policies" framework.
@@ -197,51 +193,51 @@ public class EnrollServlet extends CMSServlet {
                 // framework would be deprecated and disabled by default
                 // (see Bugzilla Bug #472597).
                 //
-                // NOTE:  The "Certificate Policies" framework ONLY applied to
-                //        to CA, KRA, and legacy RA (pre-CMS 7.0) subsystems.
+                // NOTE: The "Certificate Policies" framework ONLY applied to
+                // to CA, KRA, and legacy RA (pre-CMS 7.0) subsystems.
                 //
-                //        Further, the "EnrollServlet.java" servlet is ONLY
-                //        used by the CA for the following:
+                // Further, the "EnrollServlet.java" servlet is ONLY
+                // used by the CA for the following:
                 //
-                //        SERVLET-NAME           URL-PATTERN
-                //        ====================================================
-                //        caadminEnroll          ca/admin/ca/adminEnroll.html
-                //        cabulkissuance         ca/agent/ca/bulkissuance.html
-                //        cacertbasedenrollment  ca/certbasedenrollment.html
-                //        caenrollment           ca/enrollment.html
+                // SERVLET-NAME URL-PATTERN
+                // ====================================================
+                // caadminEnroll ca/admin/ca/adminEnroll.html
+                // cabulkissuance ca/agent/ca/bulkissuance.html
+                // cacertbasedenrollment ca/certbasedenrollment.html
+                // caenrollment ca/enrollment.html
                 //
-                //        The "EnrollServlet.java" servlet is NOT used by
-                //        the KRA.
+                // The "EnrollServlet.java" servlet is NOT used by
+                // the KRA.
                 //
-                if( PKI_Subsystem.trim().equalsIgnoreCase( "ca" ) ) {
+                if (PKI_Subsystem.trim().equalsIgnoreCase("ca")) {
                     String policyStatus = PKI_Subsystem.trim().toLowerCase()
                                         + "." + "Policy"
                                         + "." + IPolicyProcessor.PROP_ENABLE;
 
-                    if( configStore.getBoolean( policyStatus, true ) == true ) {
-                        // NOTE:  If "<subsystem>.Policy.enable=<boolean>"
-                        //        is missing, then the referenced instance
-                        //        existed prior to this name=value pair
-                        //        existing in its 'CS.cfg' file, and thus
-                        //        we err on the side that the user may
-                        //        still need to use the policy framework.
-                        CMS.debug( "EnrollServlet::init Certificate "
+                    if (configStore.getBoolean(policyStatus, true) == true) {
+                        // NOTE: If "<subsystem>.Policy.enable=<boolean>"
+                        // is missing, then the referenced instance
+                        // existed prior to this name=value pair
+                        // existing in its 'CS.cfg' file, and thus
+                        // we err on the side that the user may
+                        // still need to use the policy framework.
+                        CMS.debug("EnrollServlet::init Certificate "
                                  + "Policy Framework (deprecated) "
-                                 + "is ENABLED" );
+                                 + "is ENABLED");
                     } else {
-                        // CS 8.1 Default:  <subsystem>.Policy.enable=false
-                        CMS.debug( "EnrollServlet::init Certificate "
+                        // CS 8.1 Default: <subsystem>.Policy.enable=false
+                        CMS.debug("EnrollServlet::init Certificate "
                                  + "Policy Framework (deprecated) "
-                                 + "is DISABLED" );
+                                 + "is DISABLED");
                         return;
                     }
                 }
-            } catch( EBaseException e ) {
-                throw new ServletException( "EnrollServlet::init - "
+            } catch (EBaseException e) {
+                throw new ServletException("EnrollServlet::init - "
                                           + "EBaseException:  "
                                           + "Unable to initialize "
                                           + "Certificate Policy Framework "
-                                          + "(deprecated)" );
+                                          + "(deprecated)");
             }
 
             // override success template to allow direct import of keygen certs.
@@ -254,18 +250,18 @@ public class EnrollServlet extends CMSServlet {
                 if (id != null) {
                     if (!(auditServiceID.equals(
                                 ADMIN_CA_ENROLLMENT_SERVLET))
-                        && !(auditServiceID.equals(
-                                AGENT_CA_BULK_ENROLLMENT_SERVLET))
-                        && !(auditServiceID.equals(
-                                AGENT_RA_BULK_ENROLLMENT_SERVLET))
-                        && !(auditServiceID.equals(
-                                EE_CA_CERT_BASED_ENROLLMENT_SERVLET))
-                        && !(auditServiceID.equals(
-                                EE_CA_ENROLLMENT_SERVLET))
-                        && !(auditServiceID.equals(
-                                EE_RA_CERT_BASED_ENROLLMENT_SERVLET))
-                        && !(auditServiceID.equals(
-                                EE_RA_ENROLLMENT_SERVLET))) {
+                            && !(auditServiceID.equals(
+                                    AGENT_CA_BULK_ENROLLMENT_SERVLET))
+                            && !(auditServiceID.equals(
+                                    AGENT_RA_BULK_ENROLLMENT_SERVLET))
+                            && !(auditServiceID.equals(
+                                    EE_CA_CERT_BASED_ENROLLMENT_SERVLET))
+                            && !(auditServiceID.equals(
+                                    EE_CA_ENROLLMENT_SERVLET))
+                            && !(auditServiceID.equals(
+                                    EE_RA_CERT_BASED_ENROLLMENT_SERVLET))
+                            && !(auditServiceID.equals(
+                                    EE_RA_ENROLLMENT_SERVLET))) {
                         auditServiceID = ILogger.UNIDENTIFIED;
                     } else {
                         auditServiceID = id.trim();
@@ -282,7 +278,7 @@ public class EnrollServlet extends CMSServlet {
                 if (fillername != null) {
                     ICMSTemplateFiller filler = newFillerObject(fillername);
 
-                    if (filler != null) 
+                    if (filler != null)
                         mEnrollSuccessFiller = filler;
                 }
 
@@ -291,10 +287,10 @@ public class EnrollServlet extends CMSServlet {
 
                 init_testbed_hack(mConfig);
             } catch (Exception e) {
-                // this should never happen. 
-                log(ILogger.LL_FAILURE, 
-                    CMS.getLogMessage("CMSGW_IMP_INIT_SERV_ERR",
-                        e.toString(), mId));
+                // this should never happen.
+                log(ILogger.LL_FAILURE,
+                        CMS.getLogMessage("CMSGW_IMP_INIT_SERV_ERR",
+                                e.toString(), mId));
             }
         } catch (ServletException eAudit1) {
             // rethrow caught exception
@@ -302,64 +298,61 @@ public class EnrollServlet extends CMSServlet {
         }
     }
 
-
-	/**
-	 * XXX (SHOULD CHANGE TO READ FROM Servletconfig)
-     *  Getter method to see if Proof of Posession checking is enabled. 
-	 * this value is set in the CMS.cfg filem with the parameter 
-	 * "enrollment.enforcePop". It defaults to false
-	 * @return true if user is required to Prove that they possess the 
-	 * private key corresponding to the public key in the certificate
-	 * request they are submitting 
-	 */
+    /**
+     * XXX (SHOULD CHANGE TO READ FROM Servletconfig) Getter method to see if
+     * Proof of Posession checking is enabled. this value is set in the CMS.cfg
+     * filem with the parameter "enrollment.enforcePop". It defaults to false
+     * 
+     * @return true if user is required to Prove that they possess the private
+     *         key corresponding to the public key in the certificate request
+     *         they are submitting
+     */
     public boolean getEnforcePop() {
         return enforcePop;
     }
 
     /**
-     * Process the HTTP request. 
-	 * <UL><LI>If the request is coming through the admin port, it is only
-	 * allowed to continue if 'admin enrollment' is enabled in the CMS.cfg file
-	 * <LI>If the CMS.cfg parameter useThreadNaming is true, the current thread is
-	 * renamed with more information about the current request ID
-	 * <LI>The request is preprocessed, then processed further in one
-	 * of the cert request processor classes: KeyGenProcessor, PKCS10Processor,
-	 * CMCProcessor, CRMFProcessor
-	 * </UL>
-     *
+     * Process the HTTP request.
+     * <UL>
+     * <LI>If the request is coming through the admin port, it is only allowed
+     * to continue if 'admin enrollment' is enabled in the CMS.cfg file
+     * <LI>If the CMS.cfg parameter useThreadNaming is true, the current thread
+     * is renamed with more information about the current request ID
+     * <LI>The request is preprocessed, then processed further in one of the
+     * cert request processor classes: KeyGenProcessor, PKCS10Processor,
+     * CMCProcessor, CRMFProcessor
+     * </UL>
+     * 
      * @param cmsReq the object holding the request and response information
      */
-    protected void process(CMSRequest cmsReq) 
-        throws EBaseException {
+    protected void process(CMSRequest cmsReq)
+            throws EBaseException {
         // SPECIAL CASE:
         // if it is adminEnroll servlet,check if it's enabled
         if (mId.equals(ADMIN_ENROLL_SERVLET_ID) &&
-            !CMSGateway.getEnableAdminEnroll()) {
-            log(ILogger.LL_SECURITY, 
-                CMS.getLogMessage("ADMIN_SRVLT_ENROLL_ACCESS_AFTER_SETUP"));
+                !CMSGateway.getEnableAdminEnroll()) {
+            log(ILogger.LL_SECURITY,
+                    CMS.getLogMessage("ADMIN_SRVLT_ENROLL_ACCESS_AFTER_SETUP"));
             throw new ECMSGWException(
-              CMS.getUserMessage("CMS_GW_REDIRECTING_ADMINENROLL_ERROR", "Attempt to access adminEnroll after already setup."));
+                    CMS.getUserMessage("CMS_GW_REDIRECTING_ADMINENROLL_ERROR", "Attempt to access adminEnroll after already setup."));
         }
 
-        processX509(cmsReq); 
+        processX509(cmsReq);
     }
 
     private boolean getCertAuthEnrollStatus(IArgBlock httpParams) {
 
         /*
-         * === certAuth based enroll ===
-         * "certAuthEnroll" is on.
-         * "certauthEnrollType can be one of the three:
-         *               single - it's for single cert enrollment
-         *               dual - it's for dual certs enrollment
-         *               encryption - getting the encryption cert only via
-         *                    authentication of the signing cert
-         *                    (crmf or keyGenInfo)
+         * === certAuth based enroll === "certAuthEnroll" is on.
+         * "certauthEnrollType can be one of the three: single - it's for single
+         * cert enrollment dual - it's for dual certs enrollment encryption -
+         * getting the encryption cert only via authentication of the signing
+         * cert (crmf or keyGenInfo)
          */
         boolean certAuthEnroll = false;
 
         String certAuthEnrollOn =
-            httpParams.getValueAsString("certauthEnroll", null);
+                httpParams.getValueAsString("certauthEnroll", null);
 
         if ((certAuthEnrollOn != null) && (certAuthEnrollOn.equals("on"))) {
             certAuthEnroll = true;
@@ -371,7 +364,7 @@ public class EnrollServlet extends CMSServlet {
     }
 
     private String getCertAuthEnrollType(IArgBlock httpParams, boolean certAuthEnroll)
-        throws EBaseException {
+            throws EBaseException {
 
         String certauthEnrollType = null;
 
@@ -387,53 +380,53 @@ public class EnrollServlet extends CMSServlet {
                     CMS.debug("EnrollServlet: certauthEnrollType is single");
                 } else {
                     log(ILogger.LL_FAILURE,
-                        CMS.getLogMessage("CMSGW_INVALID_CERTAUTH_ENROLL_TYPE_1", certauthEnrollType));
+                            CMS.getLogMessage("CMSGW_INVALID_CERTAUTH_ENROLL_TYPE_1", certauthEnrollType));
                     throw new ECMSGWException(
-                      CMS.getUserMessage("CMS_GW_INVALID_CERTAUTH_ENROLL_TYPE"));
+                            CMS.getUserMessage("CMS_GW_INVALID_CERTAUTH_ENROLL_TYPE"));
                 }
             } else {
                 log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("MSGW_MISSING_CERTAUTH_ENROLL_TYPE"));
+                        CMS.getLogMessage("MSGW_MISSING_CERTAUTH_ENROLL_TYPE"));
                 throw new ECMSGWException(
-                  CMS.getUserMessage("CMS_GW_MISSING_CERTAUTH_ENROLL_TYPE"));
+                        CMS.getUserMessage("CMS_GW_MISSING_CERTAUTH_ENROLL_TYPE"));
             }
         }
-               
+
         return certauthEnrollType;
-           
+
     }
 
     private boolean checkClientCertSigningOnly(X509Certificate sslClientCert)
-        throws EBaseException {
+            throws EBaseException {
         if ((CMS.isSigningCert((X509CertImpl) sslClientCert) ==
                 false) ||
-            ((CMS.isSigningCert((X509CertImpl) sslClientCert) ==
+                ((CMS.isSigningCert((X509CertImpl) sslClientCert) ==
                     true) &&
                 (CMS.isEncryptionCert((X509CertImpl) sslClientCert) ==
                     true))) {
 
             // either it's not a signing cert, or it's a dual cert
             log(ILogger.LL_FAILURE,
-                CMS.getLogMessage("CMSGW_INVALID_CERT_TYPE"));
+                    CMS.getLogMessage("CMSGW_INVALID_CERT_TYPE"));
             throw new ECMSGWException(
-              CMS.getUserMessage("CMS_GW_INVALID_CERT_TYPE"));
+                    CMS.getUserMessage("CMS_GW_INVALID_CERT_TYPE"));
         }
 
         return true;
     }
-	
+
     private X509CertInfo[] handleCertAuthDual(X509CertInfo certInfo, IAuthToken authToken, X509Certificate sslClientCert,
-        ICertificateAuthority mCa, String certBasedOldSubjectDN,
-        BigInteger certBasedOldSerialNum)
-        throws EBaseException {
-      
+            ICertificateAuthority mCa, String certBasedOldSubjectDN,
+            BigInteger certBasedOldSerialNum)
+            throws EBaseException {
+
         CMS.debug("EnrollServlet: In handleCertAuthDual!");
- 
+
         if (mCa == null) {
             log(ILogger.LL_FAILURE,
-                CMS.getLogMessage("CMSGW_NOT_A_CA"));
+                    CMS.getLogMessage("CMSGW_NOT_A_CA"));
             throw new ECMSGWException(
-                CMS.getUserMessage("CMS_GW_NOT_A_CA"));
+                    CMS.getUserMessage("CMS_GW_NOT_A_CA"));
         }
 
         // first, make sure the client cert is indeed a
@@ -456,20 +449,20 @@ public class EnrollServlet extends CMSServlet {
             certInfo.set(X509CertInfo.KEY, new CertificateX509Key(key));
         } catch (CertificateException e) {
             log(ILogger.LL_FAILURE,
-                CMS.getLogMessage("CMSGW_FAILED_SET_KEY_FROM_CERT_AUTH_ENROLL_1", e.toString()));
+                    CMS.getLogMessage("CMSGW_FAILED_SET_KEY_FROM_CERT_AUTH_ENROLL_1", e.toString()));
             throw new ECMSGWException(
-              CMS.getUserMessage("CMS_GW_SET_KEY_FROM_CERT_AUTH_ENROLL_FAILED", e.toString()));
+                    CMS.getUserMessage("CMS_GW_SET_KEY_FROM_CERT_AUTH_ENROLL_FAILED", e.toString()));
         } catch (IOException e) {
             log(ILogger.LL_FAILURE,
-                CMS.getLogMessage("CMSGW_FAILED_SET_KEY_FROM_CERT_AUTH_ENROLL_IO", e.toString()));
+                    CMS.getLogMessage("CMSGW_FAILED_SET_KEY_FROM_CERT_AUTH_ENROLL_IO", e.toString()));
             throw new ECMSGWException(
-              CMS.getUserMessage("CMS_GW_SET_KEY_FROM_CERT_AUTH_ENROLL_FAILED", e.toString()));
+                    CMS.getUserMessage("CMS_GW_SET_KEY_FROM_CERT_AUTH_ENROLL_FAILED", e.toString()));
         }
 
         String filter =
-            "(&(x509cert.subject=" + certBasedOldSubjectDN + ")(!(x509cert.serialNumber=" + certBasedOldSerialNum + "))(certStatus=VALID))";
+                "(&(x509cert.subject=" + certBasedOldSubjectDN + ")(!(x509cert.serialNumber=" + certBasedOldSerialNum + "))(certStatus=VALID))";
         ICertRecordList list =
-            (ICertRecordList) mCa.getCertificateRepository().findCertRecordsInList(filter, null, 10);
+                (ICertRecordList) mCa.getCertificateRepository().findCertRecordsInList(filter, null, 10);
         int size = list.getSize();
         Enumeration<ICertRecord> en = list.getCertRecords(0, size - 1);
         boolean gotEncCert = false;
@@ -482,8 +475,8 @@ public class EnrollServlet extends CMSServlet {
             // pairing encryption cert not found
         } else {
             X509CertInfo encCertInfo = CMS.getDefaultX509CertInfo();
-            X509CertInfo[] cInfoArray = new X509CertInfo[] {certInfo,
-                    encCertInfo};
+            X509CertInfo[] cInfoArray = new X509CertInfo[] { certInfo,
+                    encCertInfo };
             int i = 1;
 
             boolean encCertFound = false;
@@ -494,7 +487,7 @@ public class EnrollServlet extends CMSServlet {
 
                 // if not encryption cert only, try next one
                 if ((CMS.isEncryptionCert(cert) == false) ||
-                    ((CMS.isEncryptionCert(cert) == true) &&
+                        ((CMS.isEncryptionCert(cert) == true) &&
                         (CMS.isSigningCert(cert) == true))) {
 
                     CMS.debug("EnrollServlet: Not encryption only cert, will try next one.");
@@ -508,27 +501,27 @@ public class EnrollServlet extends CMSServlet {
                 try {
                     encCertInfo = (X509CertInfo)
                             cert.get(
-                                X509CertImpl.NAME + "." + X509CertImpl.INFO);
+                                    X509CertImpl.NAME + "." + X509CertImpl.INFO);
 
                 } catch (CertificateParsingException ex) {
                     log(ILogger.LL_FAILURE,
-                        CMS.getLogMessage("CMSGW_MISSING_CERTINFO_ENCRYPT_CERT"));
+                            CMS.getLogMessage("CMSGW_MISSING_CERTINFO_ENCRYPT_CERT"));
                     throw new ECMSGWException(
-                      CMS.getUserMessage("CMS_GW_MISSING_CERTINFO"));
+                            CMS.getUserMessage("CMS_GW_MISSING_CERTINFO"));
                 }
 
                 try {
                     encCertInfo.set(X509CertInfo.KEY, new CertificateX509Key(key));
                 } catch (CertificateException e) {
                     log(ILogger.LL_FAILURE,
-                        CMS.getLogMessage("CMSGW_FAILED_SET_KEY_FROM_CERT_AUTH_ENROLL_1", e.toString()));
+                            CMS.getLogMessage("CMSGW_FAILED_SET_KEY_FROM_CERT_AUTH_ENROLL_1", e.toString()));
                     throw new ECMSGWException(
-                      CMS.getUserMessage("CMS_GW_SET_KEY_FROM_CERT_AUTH_ENROLL_FAILED", e.toString()));
+                            CMS.getUserMessage("CMS_GW_SET_KEY_FROM_CERT_AUTH_ENROLL_FAILED", e.toString()));
                 } catch (IOException e) {
                     log(ILogger.LL_FAILURE,
-                        CMS.getLogMessage("CMSGW_FAILED_SET_KEY_FROM_CERT_AUTH_ENROLL_1", e.toString()));
+                            CMS.getLogMessage("CMSGW_FAILED_SET_KEY_FROM_CERT_AUTH_ENROLL_1", e.toString()));
                     throw new ECMSGWException(
-                      CMS.getUserMessage("CMS_GW_SET_KEY_FROM_CERT_AUTH_ENROLL_FAILED", e.toString()));
+                            CMS.getUserMessage("CMS_GW_SET_KEY_FROM_CERT_AUTH_ENROLL_FAILED", e.toString()));
                 }
 
                 CMS.debug("EnrollServlet: About to fillCertInfoFromAuthToken!");
@@ -545,14 +538,14 @@ public class EnrollServlet extends CMSServlet {
 
             CMS.debug("EnrollServlet: returning cInfoArray of length " + cInfoArray.length);
             return cInfoArray;
-        }     
+        }
 
     }
 
     private boolean handleEnrollAuditLog(IRequest req, CMSRequest cmsReq, String authMgr, IAuthToken authToken,
-        X509CertInfo certInfo, long startTime)
-        throws EBaseException {
-        //for audit log
+            X509CertInfo certInfo, long startTime)
+            throws EBaseException {
+        // for audit log
 
         String initiative = null;
         String agentID = null;
@@ -563,7 +556,7 @@ public class EnrollServlet extends CMSServlet {
         } else {
             agentID = authToken.getInString("userid");
             initiative = AuditFormat.FROMAGENT + " agentID: " + agentID;
-        }      
+        }
 
         // if service not complete return standard templates.
         RequestStatus status = req.getRequestStatus();
@@ -584,54 +577,54 @@ public class EnrollServlet extends CMSServlet {
                             wholeMsg.append(msgs.nextElement());
                         }
                         mLogger.log(ILogger.EV_AUDIT,
-                            ILogger.S_OTHER,
-                            AuditFormat.LEVEL,
-                            AuditFormat.ENROLLMENTFORMAT,
-                            new Object[] {
-                                req.getRequestId(),
-                                initiative,
-                                authMgr,
-                                status.toString(),
-                                certInfo.get(X509CertInfo.SUBJECT),
-                                " violation: " +
-                                wholeMsg.toString()}
-                        );
+                                ILogger.S_OTHER,
+                                AuditFormat.LEVEL,
+                                AuditFormat.ENROLLMENTFORMAT,
+                                new Object[] {
+                                        req.getRequestId(),
+                                        initiative,
+                                        authMgr,
+                                        status.toString(),
+                                        certInfo.get(X509CertInfo.SUBJECT),
+                                        " violation: " +
+                                                wholeMsg.toString() }
+                                );
                     } else { // no policy violation, from agent
                         mLogger.log(ILogger.EV_AUDIT,
-                            ILogger.S_OTHER,
-                            AuditFormat.LEVEL,
-                            AuditFormat.ENROLLMENTFORMAT,
-                            new Object[] {
-                                req.getRequestId(),
-                                initiative,
-                                authMgr,
-                                status.toString(),
-                                certInfo.get(X509CertInfo.SUBJECT), ""}
-                        );
+                                ILogger.S_OTHER,
+                                AuditFormat.LEVEL,
+                                AuditFormat.ENROLLMENTFORMAT,
+                                new Object[] {
+                                        req.getRequestId(),
+                                        initiative,
+                                        authMgr,
+                                        status.toString(),
+                                        certInfo.get(X509CertInfo.SUBJECT), "" }
+                                );
                     }
                 } else { // other imcomplete status
                     long endTime = CMS.getCurrentDate().getTime();
 
                     mLogger.log(ILogger.EV_AUDIT,
-                        ILogger.S_OTHER,
-                        AuditFormat.LEVEL,
-                        AuditFormat.ENROLLMENTFORMAT,
-                        new Object[] {
-                            req.getRequestId(),
-                            initiative,
-                            authMgr,
-                            status.toString(),
-                            certInfo.get(X509CertInfo.SUBJECT) + " time: " + (endTime - startTime), ""}
-                    );
+                            ILogger.S_OTHER,
+                            AuditFormat.LEVEL,
+                            AuditFormat.ENROLLMENTFORMAT,
+                            new Object[] {
+                                    req.getRequestId(),
+                                    initiative,
+                                    authMgr,
+                                    status.toString(),
+                                    certInfo.get(X509CertInfo.SUBJECT) + " time: " + (endTime - startTime), "" }
+                            );
                 }
             } catch (IOException e) {
                 log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("CMSGW_CANT_GET_CERT_SUBJ_AUDITING",
-                        e.toString()));
+                        CMS.getLogMessage("CMSGW_CANT_GET_CERT_SUBJ_AUDITING",
+                                e.toString()));
             } catch (CertificateException e) {
                 log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("CMSGW_CANT_GET_CERT_SUBJ_AUDITING",
-                        e.toString()));
+                        CMS.getLogMessage("CMSGW_CANT_GET_CERT_SUBJ_AUDITING",
+                                e.toString()));
             }
             return false;
         }
@@ -643,40 +636,40 @@ public class EnrollServlet extends CMSServlet {
             cmsReq.setStatus(CMSRequest.ERROR);
             cmsReq.setError(req.getExtDataInString(IRequest.ERROR));
             String[] svcErrors =
-                req.getExtDataInStringArray(IRequest.SVCERRORS);
+                    req.getExtDataInStringArray(IRequest.SVCERRORS);
 
             if (svcErrors != null && svcErrors.length > 0) {
                 for (int i = 0; i < svcErrors.length; i++) {
                     String err = svcErrors[i];
 
                     if (err != null) {
-                        //System.out.println(
-                        //"revocation servlet: setting error description "+
-                        //err.toString());
+                        // System.out.println(
+                        // "revocation servlet: setting error description "+
+                        // err.toString());
                         cmsReq.setErrorDescription(err);
                         // audit log the error
                         try {
                             mLogger.log(ILogger.EV_AUDIT,
-                                ILogger.S_OTHER,
-                                AuditFormat.LEVEL,
-                                AuditFormat.ENROLLMENTFORMAT,
-                                new Object[] {
-                                    req.getRequestId(),
-                                    initiative,
-                                    authMgr,
-                                    "completed with error: " +
-                                    err,
-                                    certInfo.get(X509CertInfo.SUBJECT), ""
+                                    ILogger.S_OTHER,
+                                    AuditFormat.LEVEL,
+                                    AuditFormat.ENROLLMENTFORMAT,
+                                    new Object[] {
+                                            req.getRequestId(),
+                                            initiative,
+                                            authMgr,
+                                            "completed with error: " +
+                                                    err,
+                                            certInfo.get(X509CertInfo.SUBJECT), ""
                                 }
-                            );
+                                    );
                         } catch (IOException e) {
                             log(ILogger.LL_FAILURE,
-                                CMS.getLogMessage("CMSGW_CANT_GET_CERT_SUBJ_AUDITING",
-                                    e.toString()));
+                                    CMS.getLogMessage("CMSGW_CANT_GET_CERT_SUBJ_AUDITING",
+                                            e.toString()));
                         } catch (CertificateException e) {
                             log(ILogger.LL_FAILURE,
-                                CMS.getLogMessage("CMSGW_CANT_GET_CERT_SUBJ_AUDITING",
-                                    e.toString()));
+                                    CMS.getLogMessage("CMSGW_CANT_GET_CERT_SUBJ_AUDITING",
+                                            e.toString()));
                         }
 
                     }
@@ -693,29 +686,30 @@ public class EnrollServlet extends CMSServlet {
     /**
      * Process X509 certificate enrollment request
      * <P>
-     *
+     * 
      * (Certificate Request - either an "admin" cert request for an admin
-     *  certificate, an "agent" cert request for "bulk enrollment", or
-     *  an "EE" standard cert request)
+     * certificate, an "agent" cert request for "bulk enrollment", or an "EE"
+     * standard cert request)
      * <P>
-     *
+     * 
      * (Certificate Request Processed - either an automated "admin" non-profile
-     *  based CA admin cert acceptance, an automated "admin" non-profile based
-     *  CA admin cert rejection, an automated "EE" non-profile based cert
-     *  acceptance, or an automated "EE" non-profile based cert rejection)
+     * based CA admin cert acceptance, an automated "admin" non-profile based CA
+     * admin cert rejection, an automated "EE" non-profile based cert
+     * acceptance, or an automated "EE" non-profile based cert rejection)
      * <P>
-     *
+     * 
      * <ul>
-     * <li>signed.audit LOGGING_SIGNED_AUDIT_NON_PROFILE_CERT_REQUEST used when a
-     * non-profile cert request is made (before approval process)
+     * <li>signed.audit LOGGING_SIGNED_AUDIT_NON_PROFILE_CERT_REQUEST used when
+     * a non-profile cert request is made (before approval process)
      * <li>signed.audit LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED used when a
      * certificate request has just been through the approval process
      * </ul>
+     * 
      * @param cmsReq a certificate enrollment request
      * @exception EBaseException an error has occurred
      */
-    protected void processX509(CMSRequest cmsReq) 
-        throws EBaseException {
+    protected void processX509(CMSRequest cmsReq)
+            throws EBaseException {
         String auditMessage = null;
         String auditSubjectID = auditSubjectID();
         String auditRequesterID = ILogger.UNIDENTIFIED;
@@ -733,7 +727,7 @@ public class EnrollServlet extends CMSServlet {
 
         IConfigStore configStore = CMS.getConfigStore();
 
-		/* XXX shouldn't we read this from ServletConfig at init time? */
+        /* XXX shouldn't we read this from ServletConfig at init time? */
         enforcePop = configStore.getBoolean("enrollment.enforcePop", false);
         CMS.debug("EnrollServlet: enforcePop " + enforcePop);
 
@@ -743,7 +737,7 @@ public class EnrollServlet extends CMSServlet {
             startTime = CMS.getCurrentDate().getTime();
             httpParams = cmsReq.getHttpParams();
             httpReq = cmsReq.getHttpReq();
-            if (mAuthMgr != null) { 
+            if (mAuthMgr != null) {
                 authToken = authenticate(cmsReq);
             }
 
@@ -752,10 +746,10 @@ public class EnrollServlet extends CMSServlet {
                             mAuthzResourceName, "submit");
             } catch (EAuthzAccessDenied e) {
                 log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+                        CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
             } catch (Exception e) {
                 log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+                        CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
             }
 
             if (authzToken == null) {
@@ -763,8 +757,8 @@ public class EnrollServlet extends CMSServlet {
 
                 // store a message in the signed audit log file
                 // (either an "admin" cert request for an admin certificate,
-                //  an "agent" cert request for "bulk enrollment", or
-                //  an "EE" standard cert request)
+                // an "agent" cert request for "bulk enrollment", or
+                // an "EE" standard cert request)
                 auditMessage = CMS.getLogMessage(
                             LOGGING_SIGNED_AUDIT_NON_PROFILE_CERT_REQUEST,
                             auditSubjectID,
@@ -791,27 +785,24 @@ public class EnrollServlet extends CMSServlet {
             }
 
             try {
-                if (CMS.getConfigStore().getBoolean("useThreadNaming", false)) { 
-                    String currentName = Thread.currentThread().getName(); 
+                if (CMS.getConfigStore().getBoolean("useThreadNaming", false)) {
+                    String currentName = Thread.currentThread().getName();
 
                     Thread.currentThread().setName(currentName
-                        + "-request-"
-                        + req.getRequestId().toString()
-                        + "-"
-                        + (new Date()).getTime());
+                            + "-request-"
+                            + req.getRequestId().toString()
+                            + "-"
+                            + (new Date()).getTime());
                 }
             } catch (Exception e) {
             }
 
             /*
-             * === certAuth based enroll ===
-             * "certAuthEnroll" is on.
-             * "certauthEnrollType can be one of the three:
-             *       single - it's for single cert enrollment 
-             *       dual - it's for dual certs enrollment
-             *       encryption - getting the encryption cert only via
-             *                    authentication of the signing cert
-             *                    (crmf or keyGenInfo)
+             * === certAuth based enroll === "certAuthEnroll" is on.
+             * "certauthEnrollType can be one of the three: single - it's for
+             * single cert enrollment dual - it's for dual certs enrollment
+             * encryption - getting the encryption cert only via authentication
+             * of the signing cert (crmf or keyGenInfo)
              */
             boolean certAuthEnroll = false;
             String certauthEnrollType = null;
@@ -826,8 +817,8 @@ public class EnrollServlet extends CMSServlet {
             } catch (ECMSGWException e) {
                 // store a message in the signed audit log file
                 // (either an "admin" cert request for an admin certificate,
-                //  an "agent" cert request for "bulk enrollment", or
-                //  an "EE" standard cert request)
+                // an "agent" cert request for "bulk enrollment", or
+                // an "EE" standard cert request)
                 auditMessage = CMS.getLogMessage(
                             LOGGING_SIGNED_AUDIT_NON_PROFILE_CERT_REQUEST,
                             auditSubjectID,
@@ -844,7 +835,7 @@ public class EnrollServlet extends CMSServlet {
             CMS.debug("EnrollServlet: In EnrollServlet.processX509!");
             CMS.debug("EnrollServlet: certAuthEnroll " + certAuthEnroll);
             CMS.debug("EnrollServlet: certauthEnrollType " + certauthEnrollType);
-            
+
             String challengePassword = httpParams.getValueAsString(
                     "challengePassword", "");
 
@@ -859,18 +850,18 @@ public class EnrollServlet extends CMSServlet {
             BigInteger certBasedOldSerialNum = null;
 
             // check if request was authenticated, if so set authtoken &
-            // certInfo.  also if authenticated, take certInfo from authToken.
+            // certInfo. also if authenticated, take certInfo from authToken.
             certInfo = null;
             if (certAuthEnroll == true) {
                 sslClientCert = getSSLClientCertificate(httpReq);
                 if (sslClientCert == null) {
                     log(ILogger.LL_FAILURE,
-                        CMS.getLogMessage("CMSGW_MISSING_SSL_CLIENT_CERT"));
+                            CMS.getLogMessage("CMSGW_MISSING_SSL_CLIENT_CERT"));
 
                     // store a message in the signed audit log file
                     // (either an "admin" cert request for an admin certificate,
-                    //  an "agent" cert request for "bulk enrollment", or
-                    //  an "EE" standard cert request)
+                    // an "agent" cert request for "bulk enrollment", or
+                    // an "EE" standard cert request)
                     auditMessage = CMS.getLogMessage(
                                 LOGGING_SIGNED_AUDIT_NON_PROFILE_CERT_REQUEST,
                                 auditSubjectID,
@@ -882,7 +873,7 @@ public class EnrollServlet extends CMSServlet {
                     audit(auditMessage);
 
                     throw new ECMSGWException(
-                      CMS.getUserMessage("CMS_GW_MISSING_SSL_CLIENT_CERT"));
+                            CMS.getUserMessage("CMS_GW_MISSING_SSL_CLIENT_CERT"));
                 }
 
                 certBasedOldSubjectDN = (String)
@@ -896,23 +887,23 @@ public class EnrollServlet extends CMSServlet {
                 // if the cert subject name is NOT MISSING, retrieve the
                 // actual "auditCertificateSubjectName" and "normalize" it
                 if (certBasedOldSubjectDN != null) {
-                    // NOTE:  This is ok even if the cert subject name
-                    //        is "" (empty)!
+                    // NOTE: This is ok even if the cert subject name
+                    // is "" (empty)!
                     auditCertificateSubjectName = certBasedOldSubjectDN.trim();
                 }
 
                 try {
                     certInfo = (X509CertInfo)
                             ((X509CertImpl) sslClientCert).get(
-                                X509CertImpl.NAME + "." + X509CertImpl.INFO);
+                                    X509CertImpl.NAME + "." + X509CertImpl.INFO);
                 } catch (CertificateParsingException ex) {
                     log(ILogger.LL_FAILURE,
-                        CMS.getLogMessage("CMSGW_MISSING_CERTINFO"));
+                            CMS.getLogMessage("CMSGW_MISSING_CERTINFO"));
 
                     // store a message in the signed audit log file
                     // (either an "admin" cert request for an admin certificate,
-                    //  an "agent" cert request for "bulk enrollment", or
-                    //  an "EE" standard cert request)
+                    // an "agent" cert request for "bulk enrollment", or
+                    // an "EE" standard cert request)
                     auditMessage = CMS.getLogMessage(
                                 LOGGING_SIGNED_AUDIT_NON_PROFILE_CERT_REQUEST,
                                 auditSubjectID,
@@ -924,14 +915,14 @@ public class EnrollServlet extends CMSServlet {
                     audit(auditMessage);
 
                     throw new ECMSGWException(
-                      CMS.getUserMessage(getLocale(httpReq), "CMS_GW_MISSING_CERTINFO"));
+                            CMS.getUserMessage(getLocale(httpReq), "CMS_GW_MISSING_CERTINFO"));
                 }
             } else {
                 CMS.debug("EnrollServlet: No CertAuthEnroll.");
                 certInfo = CMS.getDefaultX509CertInfo();
             }
 
-            X509CertInfo[] certInfoArray = new X509CertInfo[] {certInfo};
+            X509CertInfo[] certInfoArray = new X509CertInfo[] { certInfo };
 
             X509CertInfo authCertInfo = null;
             String authMgr = AuditFormat.NOAUTH;
@@ -940,15 +931,15 @@ public class EnrollServlet extends CMSServlet {
             if (authToken != null) {
                 authMgr =
                         authToken.getInString(AuthToken.TOKEN_AUTHMGR_INST_NAME);
-                // don't store agent token in request. 
-                // agent currently used for bulk issuance. 
+                // don't store agent token in request.
+                // agent currently used for bulk issuance.
                 // if (!authMgr.equals(AuthSubsystem.CERTUSERDB_AUTHMGR_ID)) {
-                log(ILogger.LL_INFO, 
-                    "Enrollment request was authenticated by " +
-                    authToken.getInString(AuthToken.TOKEN_AUTHMGR_INST_NAME));
+                log(ILogger.LL_INFO,
+                        "Enrollment request was authenticated by " +
+                                authToken.getInString(AuthToken.TOKEN_AUTHMGR_INST_NAME));
 
                 PKIProcessor.fillCertInfoFromAuthToken(certInfo,
-                    authToken);
+                        authToken);
                 // save authtoken attrs to request directly
                 // (for policy use)
                 saveAuthToken(authToken, req);
@@ -960,17 +951,17 @@ public class EnrollServlet extends CMSServlet {
 
             if (certAuthEnroll == true) {
                 // log(ILogger.LL_DEBUG,
-                //     "just gotten subjectDN and serialNumber " +
-                //     "from ssl client cert");
+                // "just gotten subjectDN and serialNumber " +
+                // "from ssl client cert");
                 if (authToken == null) {
                     // authToken is null, can't match to anyone; bail!
-                    log(ILogger.LL_FAILURE, 
-                        CMS.getLogMessage("CMSGW_ERR_PROCESS_ENROLL_NO_AUTH"));
+                    log(ILogger.LL_FAILURE,
+                            CMS.getLogMessage("CMSGW_ERR_PROCESS_ENROLL_NO_AUTH"));
 
                     // store a message in the signed audit log file
                     // (either an "admin" cert request for an admin certificate,
-                    //  an "agent" cert request for "bulk enrollment", or
-                    //  an "EE" standard cert request)
+                    // an "agent" cert request for "bulk enrollment", or
+                    // an "EE" standard cert request)
                     auditMessage = CMS.getLogMessage(
                                 LOGGING_SIGNED_AUDIT_NON_PROFILE_CERT_REQUEST,
                                 auditSubjectID,
@@ -1028,7 +1019,7 @@ public class EnrollServlet extends CMSServlet {
                     }
                 }
 
-                //pkcs10 = httpParams.getValuePKCS10(PKCS10_REQUEST, null);
+                // pkcs10 = httpParams.getValuePKCS10(PKCS10_REQUEST, null);
 
             } else {
                 try {
@@ -1039,24 +1030,23 @@ public class EnrollServlet extends CMSServlet {
                     ex.printStackTrace();
                 }
             }
-            
+
             String cmc = null;
             String asciiBASE64Blob = httpParams.getValueAsString(CMC_REQUEST, null);
-            
-            if(asciiBASE64Blob!=null)
-            {
-            int startIndex = asciiBASE64Blob.indexOf(HEADER);
-            int endIndex = asciiBASE64Blob.indexOf(TRAILER);
-            if (startIndex!= -1 && endIndex!=-1) {
-                startIndex = startIndex + HEADER.length();
-                cmc=asciiBASE64Blob.substring(startIndex, endIndex);
-            }else
-                cmc = asciiBASE64Blob;
-            CMS.debug("EnrollServlet: cmc " + cmc);
+
+            if (asciiBASE64Blob != null) {
+                int startIndex = asciiBASE64Blob.indexOf(HEADER);
+                int endIndex = asciiBASE64Blob.indexOf(TRAILER);
+                if (startIndex != -1 && endIndex != -1) {
+                    startIndex = startIndex + HEADER.length();
+                    cmc = asciiBASE64Blob.substring(startIndex, endIndex);
+                } else
+                    cmc = asciiBASE64Blob;
+                CMS.debug("EnrollServlet: cmc " + cmc);
             }
-            
+
             String crmf = httpParams.getValueAsString(CRMF_REQUEST, null);
-            
+
             CMS.debug("EnrollServlet: crmf " + crmf);
 
             if (certAuthEnroll == true) {
@@ -1066,7 +1056,7 @@ public class EnrollServlet extends CMSServlet {
                 // for dual certs
                 if (certauthEnrollType.equals(CERT_AUTH_DUAL)) {
 
-                    CMS.debug("EnrollServlet: Attempting CERT_AUTH_DUAL"); 
+                    CMS.debug("EnrollServlet: Attempting CERT_AUTH_DUAL");
                     boolean gotEncCert = false;
                     X509CertInfo[] cInfoArray = null;
 
@@ -1078,8 +1068,8 @@ public class EnrollServlet extends CMSServlet {
                     } catch (ECMSGWException e) {
                         // store a message in the signed audit log file
                         // (either an "admin" cert request for an admin
-                        //  certificate, an "agent" cert request for
-                        //  "bulk enrollment", or an "EE" standard cert request)
+                        // certificate, an "agent" cert request for
+                        // "bulk enrollment", or an "EE" standard cert request)
                         auditMessage = CMS.getLogMessage(
                                     LOGGING_SIGNED_AUDIT_NON_PROFILE_CERT_REQUEST,
                                     auditSubjectID,
@@ -1103,13 +1093,13 @@ public class EnrollServlet extends CMSServlet {
                     if (gotEncCert == false) {
                         // encryption cert not found, bail
                         log(ILogger.LL_FAILURE,
-                            CMS.getLogMessage(
-                                "CMSGW_ENCRYPTION_CERT_NOT_FOUND"));
+                                CMS.getLogMessage(
+                                        "CMSGW_ENCRYPTION_CERT_NOT_FOUND"));
 
                         // store a message in the signed audit log file
                         // (either an "admin" cert request for an admin
-                        //  certificate, an "agent" cert request for
-                        //  "bulk enrollment", or an "EE" standard cert request)
+                        // certificate, an "agent" cert request for
+                        // "bulk enrollment", or an "EE" standard cert request)
                         auditMessage = CMS.getLogMessage(
                                     LOGGING_SIGNED_AUDIT_NON_PROFILE_CERT_REQUEST,
                                     auditSubjectID,
@@ -1121,7 +1111,7 @@ public class EnrollServlet extends CMSServlet {
                         audit(auditMessage);
 
                         throw new ECMSGWException(
-                          CMS.getUserMessage("CMS_GW_ENCRYPTION_CERT_NOT_FOUND"));
+                                CMS.getUserMessage("CMS_GW_ENCRYPTION_CERT_NOT_FOUND"));
                     }
 
                 } else if (certauthEnrollType.equals(CERT_AUTH_ENCRYPTION)) {
@@ -1135,8 +1125,8 @@ public class EnrollServlet extends CMSServlet {
                     } catch (ECMSGWException e) {
                         // store a message in the signed audit log file
                         // (either an "admin" cert request for an admin
-                        //  certificate, an "agent" cert request for
-                        //  "bulk enrollment", or an "EE" standard cert request)
+                        // certificate, an "agent" cert request for
+                        // "bulk enrollment", or an "EE" standard cert request)
                         auditMessage = CMS.getLogMessage(
                                     LOGGING_SIGNED_AUDIT_NON_PROFILE_CERT_REQUEST,
                                     auditSubjectID,
@@ -1158,12 +1148,12 @@ public class EnrollServlet extends CMSServlet {
                                 this);
 
                         keyGenProc.fillCertInfo(null, certInfo,
-                            authToken, httpParams);
+                                authToken, httpParams);
 
                         req.setExtData(CLIENT_ISSUER,
-                            sslClientCert.getIssuerDN().toString());
+                                sslClientCert.getIssuerDN().toString());
                         CMS.debug("EnrollServlet: sslClientCert issuerDN = " +
-                            sslClientCert.getIssuerDN().toString());
+                                sslClientCert.getIssuerDN().toString());
                     } else if (crmf != null && crmf != "") {
                         CRMFProcessor crmfProc = new CRMFProcessor(cmsReq, this, enforcePop);
 
@@ -1173,18 +1163,18 @@ public class EnrollServlet extends CMSServlet {
                                     req);
 
                         req.setExtData(CLIENT_ISSUER,
-                            sslClientCert.getIssuerDN().toString());
+                                sslClientCert.getIssuerDN().toString());
                         CMS.debug("EnrollServlet: sslClientCert issuerDN = " +
-                            sslClientCert.getIssuerDN().toString());
+                                sslClientCert.getIssuerDN().toString());
                     } else {
-                        log(ILogger.LL_FAILURE, 
-                            CMS.getLogMessage("CMSGW_CANT_PROCESS_ENROLL_REQ") +
-                            CMS.getLogMessage("CMSGW_MISSING_KEYGEN_INFO"));
+                        log(ILogger.LL_FAILURE,
+                                CMS.getLogMessage("CMSGW_CANT_PROCESS_ENROLL_REQ") +
+                                        CMS.getLogMessage("CMSGW_MISSING_KEYGEN_INFO"));
 
                         // store a message in the signed audit log file
                         // (either an "admin" cert request for an admin
-                        //  certificate, an "agent" cert request for
-                        //  "bulk enrollment", or an "EE" standard cert request)
+                        // certificate, an "agent" cert request for
+                        // "bulk enrollment", or an "EE" standard cert request)
                         auditMessage = CMS.getLogMessage(
                                     LOGGING_SIGNED_AUDIT_NON_PROFILE_CERT_REQUEST,
                                     auditSubjectID,
@@ -1196,7 +1186,7 @@ public class EnrollServlet extends CMSServlet {
                         audit(auditMessage);
 
                         throw new ECMSGWException(
-                          CMS.getUserMessage(getLocale(httpReq), "CMS_GW_MISSING_KEYGEN_INFO"));
+                                CMS.getUserMessage(getLocale(httpReq), "CMS_GW_MISSING_KEYGEN_INFO"));
                     }
 
                 } else if (certauthEnrollType.equals(CERT_AUTH_SINGLE)) {
@@ -1208,13 +1198,13 @@ public class EnrollServlet extends CMSServlet {
                                 this);
 
                         keyGenProc.fillCertInfo(null, certInfo,
-                            authToken, httpParams);
+                                authToken, httpParams);
                     } else if (pkcs10 != null) {
                         PKCS10Processor pkcs10Proc = new PKCS10Processor(cmsReq,
                                 this);
 
                         pkcs10Proc.fillCertInfo(pkcs10, certInfo,
-                            authToken, httpParams); 
+                                authToken, httpParams);
                     } else if (cmc != null && cmc != "") {
                         CMCProcessor cmcProc = new CMCProcessor(cmsReq, this, enforcePop);
 
@@ -1230,14 +1220,14 @@ public class EnrollServlet extends CMSServlet {
                                     httpParams,
                                     req);
                     } else {
-                        log(ILogger.LL_FAILURE, 
-                            CMS.getLogMessage("CMSGW_CANT_PROCESS_ENROLL_REQ") +
-                            CMS.getLogMessage("CMSGW_MISSING_KEYGEN_INFO"));
+                        log(ILogger.LL_FAILURE,
+                                CMS.getLogMessage("CMSGW_CANT_PROCESS_ENROLL_REQ") +
+                                        CMS.getLogMessage("CMSGW_MISSING_KEYGEN_INFO"));
 
                         // store a message in the signed audit log file
                         // (either an "admin" cert request for an admin
-                        //  certificate, an "agent" cert request for
-                        //  "bulk enrollment", or an "EE" standard cert request)
+                        // certificate, an "agent" cert request for
+                        // "bulk enrollment", or an "EE" standard cert request)
                         auditMessage = CMS.getLogMessage(
                                     LOGGING_SIGNED_AUDIT_NON_PROFILE_CERT_REQUEST,
                                     auditSubjectID,
@@ -1249,10 +1239,10 @@ public class EnrollServlet extends CMSServlet {
                         audit(auditMessage);
 
                         throw new ECMSGWException(
-                          CMS.getUserMessage(getLocale(httpReq), "CMS_GW_MISSING_KEYGEN_INFO"));
+                                CMS.getUserMessage(getLocale(httpReq), "CMS_GW_MISSING_KEYGEN_INFO"));
                     }
                     req.setExtData(CLIENT_ISSUER,
-                        sslClientCert.getIssuerDN().toString());
+                            sslClientCert.getIssuerDN().toString());
                 }
 
             } else if (keyGenInfo != null) {
@@ -1279,14 +1269,14 @@ public class EnrollServlet extends CMSServlet {
                 certInfoArray = crmfProc.fillCertInfoArray(crmf, authToken,
                             httpParams, req);
             } else {
-                log(ILogger.LL_FAILURE, 
-                    CMS.getLogMessage("CMSGW_CANT_PROCESS_ENROLL_REQ") +
-                    CMS.getLogMessage("CMSGW_MISSING_KEYGEN_INFO"));
+                log(ILogger.LL_FAILURE,
+                        CMS.getLogMessage("CMSGW_CANT_PROCESS_ENROLL_REQ") +
+                                CMS.getLogMessage("CMSGW_MISSING_KEYGEN_INFO"));
 
                 // store a message in the signed audit log file
                 // (either an "admin" cert request for an admin certificate,
-                //  an "agent" cert request for "bulk enrollment", or
-                //  an "EE" standard cert request)
+                // an "agent" cert request for "bulk enrollment", or
+                // an "EE" standard cert request)
                 auditMessage = CMS.getLogMessage(
                             LOGGING_SIGNED_AUDIT_NON_PROFILE_CERT_REQUEST,
                             auditSubjectID,
@@ -1300,28 +1290,26 @@ public class EnrollServlet extends CMSServlet {
                 throw new ECMSGWException(CMS.getUserMessage(getLocale(httpReq), "CMS_GW_MISSING_KEYGEN_INFO"));
             }
 
-
             // if ca, fill in default signing alg here
-       
+
             try {
-              ICertificateAuthority caSub = 
-               (ICertificateAuthority) CMS.getSubsystem("ca");
-              if (certInfoArray != null && caSub != null) {
-                for (int ix = 0; ix < certInfoArray.length; ix++) {
-                   X509CertInfo ci = (X509CertInfo)certInfoArray[ix];
-                   String defaultSig = caSub.getDefaultAlgorithm(); 
-                   AlgorithmId algid = AlgorithmId.get(defaultSig);
-                   ci.set(X509CertInfo.ALGORITHM_ID,
-                      new CertificateAlgorithmId(algid));
+                ICertificateAuthority caSub =
+                        (ICertificateAuthority) CMS.getSubsystem("ca");
+                if (certInfoArray != null && caSub != null) {
+                    for (int ix = 0; ix < certInfoArray.length; ix++) {
+                        X509CertInfo ci = (X509CertInfo) certInfoArray[ix];
+                        String defaultSig = caSub.getDefaultAlgorithm();
+                        AlgorithmId algid = AlgorithmId.get(defaultSig);
+                        ci.set(X509CertInfo.ALGORITHM_ID,
+                                new CertificateAlgorithmId(algid));
+                    }
                 }
-              }
             } catch (Exception e) {
-              CMS.debug("Failed to set signing alg to certinfo " + e.toString());
+                CMS.debug("Failed to set signing alg to certinfo " + e.toString());
             }
 
             req.setExtData(IRequest.CERT_INFO, certInfoArray);
 
-
             if (challengePassword != null && !challengePassword.equals("")) {
                 String pwd = hashPassword(challengePassword);
 
@@ -1330,8 +1318,8 @@ public class EnrollServlet extends CMSServlet {
 
             // store a message in the signed audit log file
             // (either an "admin" cert request for an admin certificate,
-            //  an "agent" cert request for "bulk enrollment", or
-            //  an "EE" standard cert request)
+            // an "agent" cert request for "bulk enrollment", or
+            // an "EE" standard cert request)
             auditMessage = CMS.getLogMessage(
                         LOGGING_SIGNED_AUDIT_NON_PROFILE_CERT_REQUEST,
                         auditSubjectID,
@@ -1345,8 +1333,8 @@ public class EnrollServlet extends CMSServlet {
         } catch (EBaseException eAudit1) {
             // store a message in the signed audit log file
             // (either an "admin" cert request for an admin certificate,
-            //  an "agent" cert request for "bulk enrollment", or
-            //  an "EE" standard cert request)
+            // an "agent" cert request for "bulk enrollment", or
+            // an "EE" standard cert request)
             auditMessage = CMS.getLogMessage(
                         LOGGING_SIGNED_AUDIT_NON_PROFILE_CERT_REQUEST,
                         auditSubjectID,
@@ -1365,9 +1353,9 @@ public class EnrollServlet extends CMSServlet {
         // ensure that any low-level exceptions are reported
         // to the signed audit log and stored as failures
         try {
-            // send request to request queue. 
+            // send request to request queue.
             mRequestQueue.processRequest(req);
-            // process result. 
+            // process result.
 
             // render OLD_CERT_TYPE's response differently, we
             // do not want any javascript in HTML, and need to
@@ -1379,11 +1367,11 @@ public class EnrollServlet extends CMSServlet {
 
                     issuedCerts =
                             cmsReq.getIRequest().getExtDataInCertArray(
-                                IRequest.ISSUED_CERTS);
+                                    IRequest.ISSUED_CERTS);
 
                     for (int i = 0; i < issuedCerts.length; i++) {
                         // (automated "agent" cert request processed
-                        //  - "accepted")
+                        // - "accepted")
                         auditMessage = CMS.getLogMessage(
                                     LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED,
                                     auditSubjectID,
@@ -1449,27 +1437,27 @@ public class EnrollServlet extends CMSServlet {
             // audit log the success.
             long endTime = CMS.getCurrentDate().getTime();
 
-            mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER, 
-                AuditFormat.LEVEL,
-                AuditFormat.ENROLLMENTFORMAT,
-                new Object[]
-                { req.getRequestId(), 
-                    initiative,
-                    mAuthMgr,
-                    "completed",
-                    issuedCerts[0].getSubjectDN(),
-                    "cert issued serial number: 0x" +
-                    issuedCerts[0].getSerialNumber().toString(16) +
-                    " time: " +
-                    (endTime - startTime) }
-            );
+            mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER,
+                    AuditFormat.LEVEL,
+                    AuditFormat.ENROLLMENTFORMAT,
+                    new Object[]
+                { req.getRequestId(),
+                        initiative,
+                        mAuthMgr,
+                        "completed",
+                        issuedCerts[0].getSubjectDN(),
+                        "cert issued serial number: 0x" +
+                                issuedCerts[0].getSerialNumber().toString(16) +
+                                " time: " +
+                                (endTime - startTime) }
+                    );
 
             // handle initial admin enrollment if in adminEnroll mode.
             checkAdminEnroll(cmsReq, issuedCerts);
 
             // return cert as mime type binary if requested.
             if (checkImportCertToNav(cmsReq.getHttpResp(),
-                    httpParams, issuedCerts[0])) { 
+                    httpParams, issuedCerts[0])) {
                 cmsReq.setStatus(CMSRequest.SUCCESS);
 
                 for (int i = 0; i < issuedCerts.length; i++) {
@@ -1490,10 +1478,10 @@ public class EnrollServlet extends CMSServlet {
 
             // use success template.
             try {
-                cmsReq.setResult(issuedCerts); 
-                renderTemplate(cmsReq, mEnrollSuccessTemplate, 
-                    mEnrollSuccessFiller);
-                cmsReq.setStatus(CMSRequest.SUCCESS); 
+                cmsReq.setResult(issuedCerts);
+                renderTemplate(cmsReq, mEnrollSuccessTemplate,
+                        mEnrollSuccessFiller);
+                cmsReq.setStatus(CMSRequest.SUCCESS);
 
                 for (int i = 0; i < issuedCerts.length; i++) {
                     // (automated "agent" cert request processed - "accepted")
@@ -1508,10 +1496,10 @@ public class EnrollServlet extends CMSServlet {
                     audit(auditMessage);
                 }
             } catch (IOException e) {
-                log(ILogger.LL_FAILURE, 
-                    CMS.getLogMessage("CMSGW_TEMP_REND_ERR",
-                        mEnrollSuccessFiller.toString(),
-                        e.toString()));
+                log(ILogger.LL_FAILURE,
+                        CMS.getLogMessage("CMSGW_TEMP_REND_ERR",
+                                mEnrollSuccessFiller.toString(),
+                                e.toString()));
 
                 // (automated "agent" cert request processed - "rejected")
                 auditMessage = CMS.getLogMessage(
@@ -1525,7 +1513,7 @@ public class EnrollServlet extends CMSServlet {
                 audit(auditMessage);
 
                 throw new ECMSGWException(
-                  CMS.getUserMessage("CMS_GW_RETURNING_RESULT_ERROR"));
+                        CMS.getUserMessage("CMS_GW_RETURNING_RESULT_ERROR"));
             }
         } catch (EBaseException eAudit1) {
             // store a message in the signed audit log file
@@ -1547,11 +1535,11 @@ public class EnrollServlet extends CMSServlet {
     }
 
     /**
-     * check if this is first enroll from admin enroll.
-     * If so disable admin enroll from here on. 
+     * check if this is first enroll from admin enroll. If so disable admin
+     * enroll from here on.
      */
     protected void checkAdminEnroll(CMSRequest cmsReq, X509CertImpl[] issuedCerts)
-        throws EBaseException {
+            throws EBaseException {
         // this is special case, get the admin certificate
         if (mAuthMgr != null && mAuthMgr.equals(IAuthSubsystem.PASSWDUSERDB_AUTHMGR_ID)) {
             addAdminAgent(cmsReq, issuedCerts);
@@ -1559,8 +1547,8 @@ public class EnrollServlet extends CMSServlet {
         }
     }
 
-    protected void addAdminAgent(CMSRequest cmsReq, X509CertImpl[] issuedCerts) 
-        throws EBaseException {
+    protected void addAdminAgent(CMSRequest cmsReq, X509CertImpl[] issuedCerts)
+            throws EBaseException {
         String userid = cmsReq.getHttpParams().getValueAsString("uid");
         IUGSubsystem ug = (IUGSubsystem) CMS.getSubsystem(CMS.SUBSYSTEM_UG);
 
@@ -1571,13 +1559,13 @@ public class EnrollServlet extends CMSServlet {
             ug.addUserCert(adminuser);
         } catch (netscape.ldap.LDAPException e) {
             CMS.debug(
-                "EnrollServlet: Cannot add admin's certificate to its entry in the " +
-                "user group database. Error " + e);
+                    "EnrollServlet: Cannot add admin's certificate to its entry in the " +
+                            "user group database. Error " + e);
             throw new ECMSGWException(
-              CMS.getUserMessage("CMS_GW_ADDING_ADMIN_CERT_ERROR", e.toString()));
+                    CMS.getUserMessage("CMS_GW_ADDING_ADMIN_CERT_ERROR", e.toString()));
         }
-        IGroup agentGroup = 
-            ug.getGroupFromName(CA_AGENT_GROUP);
+        IGroup agentGroup =
+                ug.getGroupFromName(CA_AGENT_GROUP);
 
         if (agentGroup != null) {
             // add user to the group if necessary
@@ -1585,15 +1573,15 @@ public class EnrollServlet extends CMSServlet {
                 agentGroup.addMemberName(userid);
                 ug.modifyGroup(agentGroup);
                 mLogger.log(ILogger.EV_AUDIT, ILogger.S_USRGRP,
-                    AuditFormat.LEVEL, AuditFormat.ADDUSERGROUPFORMAT,
-                    new Object[] {userid, userid, CA_AGENT_GROUP}
-                );
+                        AuditFormat.LEVEL, AuditFormat.ADDUSERGROUPFORMAT,
+                        new Object[] { userid, userid, CA_AGENT_GROUP }
+                        );
 
             }
         } else {
             String msg = "Cannot add admin to the " +
-                CA_AGENT_GROUP +
-                " group: Group does not exist.";
+                    CA_AGENT_GROUP +
+                    " group: Group does not exist.";
 
             CMS.debug("EnrollServlet: " + msg);
             throw new ECMSGWException(CMS.getUserMessage("CMS_GW_ADDING_ADMIN_ERROR"));
@@ -1620,7 +1608,11 @@ public class EnrollServlet extends CMSServlet {
             out.println("<H1>");
             out.println("SUCCESS");
             out.println("</H1>");
-            out.println("Your request is submitted and approved. Please cut and paste the certificate into your server."); // XXX - localize the message
+            out.println("Your request is submitted and approved. Please cut and paste the certificate into your server."); // XXX
+                                                                                                                           // -
+                                                                                                                           // localize
+                                                                                                                           // the
+                                                                                                                           // message
             out.println("<P>");
             out.println("Request Creation Time: ");
             out.println(cmsReq.getIRequest().getCreationTime().toString());
@@ -1635,24 +1627,28 @@ public class EnrollServlet extends CMSServlet {
             out.println("<P>");
             out.println("<PRE>");
             X509CertImpl certs[] =
-                cmsReq.getIRequest().getExtDataInCertArray(IRequest.ISSUED_CERTS);
+                    cmsReq.getIRequest().getExtDataInCertArray(IRequest.ISSUED_CERTS);
 
             out.println(CMS.getEncodedCert(certs[0]));
             out.println("</PRE>");
             out.println("<P>");
             out.println("<!HTTP_OUTPUT REQUEST_CREATION_TIME=" +
-                cmsReq.getIRequest().getCreationTime().toString() + ">");
-            out.println("<!HTTP_OUTPUT REQUEST_STATUS=" + 
-                cmsReq.getStatus().toString() + ">");
-            out.println("<!HTTP_OUTPUT REQUEST_ID=" + 
-                cmsReq.getIRequest().getRequestId().toString() + ">");
+                    cmsReq.getIRequest().getCreationTime().toString() + ">");
+            out.println("<!HTTP_OUTPUT REQUEST_STATUS=" +
+                    cmsReq.getStatus().toString() + ">");
+            out.println("<!HTTP_OUTPUT REQUEST_ID=" +
+                    cmsReq.getIRequest().getRequestId().toString() + ">");
             out.println("<!HTTP_OUTPUT X509_CERTIFICATE=" +
-                CMS.getEncodedCert(certs[0]) + ">");
+                    CMS.getEncodedCert(certs[0]) + ">");
         } else if (cmsReq.getIRequest().getRequestStatus().equals(RequestStatus.PENDING)) {
             out.println("<H1>");
             out.println("PENDING");
             out.println("</H1>");
-            out.println("Your request is submitted. You can check on the status of your request with an authorized agent or local administrator by referring to the request ID."); // XXX - localize the message
+            out.println("Your request is submitted. You can check on the status of your request with an authorized agent or local administrator by referring to the request ID."); // XXX
+                                                                                                                                                                                   // -
+                                                                                                                                                                                   // localize
+                                                                                                                                                                                   // the
+                                                                                                                                                                                   // message
             out.println("<P>");
             out.println("Request Creation Time: ");
             out.println(cmsReq.getIRequest().getCreationTime().toString());
@@ -1664,17 +1660,21 @@ public class EnrollServlet extends CMSServlet {
             out.println(cmsReq.getIRequest().getRequestId().toString());
             out.println("<P>");
             out.println("<!HTTP_OUTPUT REQUEST_CREATION_TIME=" +
-                cmsReq.getIRequest().getCreationTime().toString() + ">");
-            out.println("<!HTTP_OUTPUT REQUEST_STATUS=" + 
-                cmsReq.getStatus().toString() + ">");
-            out.println("<!HTTP_OUTPUT REQUEST_ID=" + 
-                cmsReq.getIRequest().getRequestId().toString() + ">");
+                    cmsReq.getIRequest().getCreationTime().toString() + ">");
+            out.println("<!HTTP_OUTPUT REQUEST_STATUS=" +
+                    cmsReq.getStatus().toString() + ">");
+            out.println("<!HTTP_OUTPUT REQUEST_ID=" +
+                    cmsReq.getIRequest().getRequestId().toString() + ">");
         } else {
             out.println("<H1>");
             out.println("ERROR");
             out.println("</H1>");
             out.println("<!INFO>");
-            out.println("Please consult your local administrator for assistance."); // XXX - localize the message
+            out.println("Please consult your local administrator for assistance."); // XXX
+                                                                                    // -
+                                                                                    // localize
+                                                                                    // the
+                                                                                    // message
             out.println("<!/INFO>");
             out.println("<P>");
             out.println("Request Status: ");
@@ -1683,47 +1683,43 @@ public class EnrollServlet extends CMSServlet {
             out.println("Error: ");
             out.println(cmsReq.getError()); // XXX - need to parse in Locale
             out.println("<P>");
-            out.println("<!HTTP_OUTPUT REQUEST_STATUS=" + 
-                cmsReq.getStatus().toString() + ">");
-            out.println("<!HTTP_OUTPUT ERROR=" + 
-                cmsReq.getError() + ">");
+            out.println("<!HTTP_OUTPUT REQUEST_STATUS=" +
+                    cmsReq.getStatus().toString() + ">");
+            out.println("<!HTTP_OUTPUT ERROR=" +
+                    cmsReq.getError() + ">");
         }
 
         /**
-         // include all the input data
-         ArgBlock args = cmsReq.getHttpParams();
-         Enumeration ele = args.getElements();
-         while (ele.hasMoreElements()) {
-         String eleT = (String)ele.nextElement();
-         out.println("<!HTTP_INPUT " + eleT + "=" + 
-         args.get(eleT) + ">");
-         }
+         * // include all the input data ArgBlock args = cmsReq.getHttpParams();
+         * Enumeration ele = args.getElements(); while (ele.hasMoreElements()) {
+         * String eleT = (String)ele.nextElement(); out.println("<!HTTP_INPUT "
+         * + eleT + "=" + args.get(eleT) + ">"); }
          **/
 
         out.println("</HTML>");
     }
 
-    // XXX ALERT !! 
-    // Remove the following and calls to them when we bundle a cartman 
-    // later than alpha1. 
-    // These are here to cover up problem in cartman where the 
-    // key usage extension always ends up being digital signature only 
+    // XXX ALERT !!
+    // Remove the following and calls to them when we bundle a cartman
+    // later than alpha1.
+    // These are here to cover up problem in cartman where the
+    // key usage extension always ends up being digital signature only
     // and for rsa-ex ends up having no bits set.
 
     private boolean mIsTestBed = false;
 
-    private void init_testbed_hack(IConfigStore config) 
-        throws EBaseException {
+    private void init_testbed_hack(IConfigStore config)
+            throws EBaseException {
         mIsTestBed = config.getBoolean("isTestBed", true);
     }
 
     /**
      * Signed Audit Log Info Certificate Value
-     *
+     * 
      * This method is called to obtain the certificate from the passed in
      * "X509CertImpl" for a signed audit log message.
      * <P>
-     *
+     * 
      * @param x509cert an X509CertImpl
      * @return cert string containing the certificate
      */
@@ -1776,4 +1772,3 @@ public class EnrollServlet extends CMSServlet {
         }
     }
 }
-
diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/GetBySerial.java b/pki/base/common/src/com/netscape/cms/servlet/cert/GetBySerial.java
index a723cb52..0d11600c 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/cert/GetBySerial.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/cert/GetBySerial.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.servlet.cert;
 
-
 import java.io.ByteArrayOutputStream;
 import java.io.IOException;
 import java.math.BigInteger;
@@ -58,7 +57,6 @@ import com.netscape.cms.servlet.common.ECMSGWException;
 import com.netscape.cms.servlet.common.ICMSTemplateFiller;
 import com.netscape.cmsutil.crypto.CryptoUtil;
 
-
 /**
  * Retrieve certificate by serial number.
  * 
@@ -83,10 +81,11 @@ public class GetBySerial extends CMSServlet {
         super();
     }
 
-	 /**
+    /**
      * Initialize the servlet. This servlet uses the template file
-	 * "ImportCert.template" to import the cert to the users browser,
-	 * if that is what the user requested
+     * "ImportCert.template" to import the cert to the users browser, if that is
+     * what the user requested
+     * 
      * @param sc servlet configuration, read from the web.xml file
      */
     public void init(ServletConfig sc) throws ServletException {
@@ -102,7 +101,7 @@ public class GetBySerial extends CMSServlet {
         }
         mImportTemplateFiller = new ImportCertsTemplateFiller();
 
-        // override success and error templates to null - 
+        // override success and error templates to null -
         // handle templates locally.
         mTemplates.remove(CMSRequest.SUCCESS);
 
@@ -115,11 +114,11 @@ public class GetBySerial extends CMSServlet {
     }
 
     /**
-	 * Process the HTTP request. 
+     * Process the HTTP request.
      * <ul>
-     * <li>http.param  serialNumber serial number of certificate in HEX
+     * <li>http.param serialNumber serial number of certificate in HEX
      * </ul>
-     *
+     * 
      * @param cmsReq the object holding the request and response information
      */
     public void process(CMSRequest cmsReq) throws EBaseException {
@@ -139,10 +138,10 @@ public class GetBySerial extends CMSServlet {
                         mAuthzResourceName, "import");
         } catch (EAuthzAccessDenied e) {
             log(ILogger.LL_FAILURE,
-                CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+                    CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
         } catch (Exception e) {
             log(ILogger.LL_FAILURE,
-                CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+                    CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
         }
 
         if (authzToken == null) {
@@ -160,18 +159,18 @@ public class GetBySerial extends CMSServlet {
             serialNo = null;
         }
         if (serial == null || serialNo == null) {
-            log(ILogger.LL_FAILURE, 
-                CMS.getLogMessage("CMSGW_INVALID_SERIAL_NUMBER"));
+            log(ILogger.LL_FAILURE,
+                    CMS.getLogMessage("CMSGW_INVALID_SERIAL_NUMBER"));
             cmsReq.setError(new ECMSGWException(
-              CMS.getUserMessage("CMS_GW_INVALID_SERIAL_NUMBER")));
+                    CMS.getUserMessage("CMS_GW_INVALID_SERIAL_NUMBER")));
             cmsReq.setStatus(CMSRequest.ERROR);
             return;
         }
 
         ICertRecord certRecord = (ICertRecord) getCertRecord(serialNo);
         if (certRecord == null) {
-            log(ILogger.LL_FAILURE, 
-                CMS.getLogMessage("CMSGW_CERT_SERIAL_NOT_FOUND_1", serialNo.toString(16)));
+            log(ILogger.LL_FAILURE,
+                    CMS.getLogMessage("CMSGW_CERT_SERIAL_NOT_FOUND_1", serialNo.toString(16)));
             cmsReq.setError(new ECMSGWException(
                     CMS.getUserMessage("CMS_GW_CERT_SERIAL_NOT_FOUND", "0x" + serialNo.toString(16))));
             cmsReq.setStatus(CMSRequest.ERROR);
@@ -181,37 +180,37 @@ public class GetBySerial extends CMSServlet {
         // if RA, needs requestOwner to match
         // first, find the user's group
         if (authToken != null) {
-          String group = authToken.getInString("group");
- 
-          if ((group != null) && (group != "")) {
-            CMS.debug("GetBySerial process: auth group="+group);
-            if (group.equals("Registration Manager Agents")) {
-              boolean groupMatched = false;
-              // find the cert record's orig. requestor's group
-              MetaInfo metai = certRecord.getMetaInfo();
-              if (metai != null) {
-                String reqId = (String) metai.get(ICertRecord.META_REQUEST_ID);
-                RequestId rid = new RequestId(reqId);
-                IRequest creq = mReqQ.findRequest(rid);
-                if (creq != null) {
-                  String reqOwner = creq.getRequestOwner();
-                  if (reqOwner != null) {
-                    CMS.debug("GetBySerial process: req owner="+reqOwner);
-                    if (reqOwner.equals(group))
-                      groupMatched = true;
-                  }
+            String group = authToken.getInString("group");
+
+            if ((group != null) && (group != "")) {
+                CMS.debug("GetBySerial process: auth group=" + group);
+                if (group.equals("Registration Manager Agents")) {
+                    boolean groupMatched = false;
+                    // find the cert record's orig. requestor's group
+                    MetaInfo metai = certRecord.getMetaInfo();
+                    if (metai != null) {
+                        String reqId = (String) metai.get(ICertRecord.META_REQUEST_ID);
+                        RequestId rid = new RequestId(reqId);
+                        IRequest creq = mReqQ.findRequest(rid);
+                        if (creq != null) {
+                            String reqOwner = creq.getRequestOwner();
+                            if (reqOwner != null) {
+                                CMS.debug("GetBySerial process: req owner=" + reqOwner);
+                                if (reqOwner.equals(group))
+                                    groupMatched = true;
+                            }
+                        }
+                    }
+                    if (groupMatched == false) {
+                        log(ILogger.LL_FAILURE,
+                                CMS.getLogMessage("CMSGW_CERT_SERIAL_NOT_FOUND_1", serialNo.toString(16)));
+                        cmsReq.setError(new ECMSGWException(
+                                CMS.getUserMessage("CMS_GW_CERT_SERIAL_NOT_FOUND", "0x" + serialNo.toString(16))));
+                        cmsReq.setStatus(CMSRequest.ERROR);
+                        return;
+                    }
                 }
-              }
-              if (groupMatched == false) {
-                log(ILogger.LL_FAILURE, 
-                    CMS.getLogMessage("CMSGW_CERT_SERIAL_NOT_FOUND_1", serialNo.toString(16)));
-                 cmsReq.setError(new ECMSGWException(
-                    CMS.getUserMessage("CMS_GW_CERT_SERIAL_NOT_FOUND", "0x" + serialNo.toString(16))));
-                 cmsReq.setStatus(CMSRequest.ERROR);
-                 return;
-              }
             }
-          }
         }
 
         X509CertImpl cert = certRecord.getCertificate();
@@ -224,7 +223,7 @@ public class GetBySerial extends CMSServlet {
                 IArgBlock ctx = CMS.createArgBlock();
                 Locale[] locale = new Locale[1];
                 CMSTemplateParams argSet = new CMSTemplateParams(header, ctx);
-                ICertificateAuthority ca = (ICertificateAuthority)CMS.getSubsystem("ca");
+                ICertificateAuthority ca = (ICertificateAuthority) CMS.getSubsystem("ca");
                 CertificateChain cachain = ca.getCACertChain();
                 X509Certificate[] cacerts = cachain.getChain();
                 X509CertImpl[] userChain = new X509CertImpl[cacerts.length + 1];
@@ -236,7 +235,7 @@ public class GetBySerial extends CMSServlet {
 
                 userChain[0] = cert;
                 PKCS7 p7 = new PKCS7(new AlgorithmId[0],
-                  new ContentInfo(new byte[0]), userChain, new SignerInfo[0]);
+                        new ContentInfo(new byte[0]), userChain, new SignerInfo[0]);
                 ByteArrayOutputStream bos = new ByteArrayOutputStream();
 
                 try {
@@ -246,7 +245,7 @@ public class GetBySerial extends CMSServlet {
 
                 byte[] p7Bytes = bos.toByteArray();
                 String p7Str = CMS.BtoA(p7Bytes);
-        
+
                 header.addStringValue("pkcs7", CryptoUtil.normalizeCertStr(p7Str));
                 try {
                     CMSTemplate form = getTemplate(mIETemplate, req, locale);
@@ -256,16 +255,16 @@ public class GetBySerial extends CMSServlet {
                     form.renderOutput(out, argSet);
                     return;
                 } catch (Exception ee) {
-                    CMS.debug("GetBySerial process: Exception="+ee.toString());
+                    CMS.debug("GetBySerial process: Exception=" + ee.toString());
                 }
-            } //browser is IE
- 
+            } // browser is IE
+
             MetaInfo metai = certRecord.getMetaInfo();
             String crmfReqId = null;
 
             if (metai != null) {
                 crmfReqId = (String) metai.get(ICertRecord.META_CRMF_REQID);
-                if (crmfReqId != null) 
+                if (crmfReqId != null)
                     cmsReq.setResult(IRequest.CRMF_REQID, crmfReqId);
             }
 
@@ -283,7 +282,7 @@ public class GetBySerial extends CMSServlet {
             cmsReq.setStatus(CMSRequest.SUCCESS);
 
             // XXX follow request in cert record to set certtype, which will
-            // import cert only if it's client. For now assume "client" if 
+            // import cert only if it's client. For now assume "client" if
             // someone clicked to import this cert.
             cmsReq.getHttpParams().set("certType", "client");
 
@@ -294,8 +293,7 @@ public class GetBySerial extends CMSServlet {
                 throw new ECMSGWException(CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
             }
         }
-		
+
         return;
     }
 }
-
diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/GetCAChain.java b/pki/base/common/src/com/netscape/cms/servlet/cert/GetCAChain.java
index b765a2cb..c0029d9c 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/cert/GetCAChain.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/cert/GetCAChain.java
@@ -15,10 +15,9 @@
 // (C) 2007 Red Hat, Inc.
 // All rights reserved.
 // --- END COPYRIGHT BLOCK ---
-	package com.netscape.cms.servlet.cert;
+package com.netscape.cms.servlet.cert;
 
-
-	import java.io.ByteArrayOutputStream;
+import java.io.ByteArrayOutputStream;
 import java.io.IOException;
 import java.security.cert.CertificateEncodingException;
 import java.security.cert.X509Certificate;
@@ -49,236 +48,237 @@ import com.netscape.cms.servlet.common.CMSTemplate;
 import com.netscape.cms.servlet.common.CMSTemplateParams;
 import com.netscape.cms.servlet.common.ECMSGWException;
 
-
-	/**
-	 * Retrieve the Certificates comprising the CA Chain for this CA.
-	 *
-	 * @version $Revision$, $Date$
-	 */
-	public class GetCAChain extends CMSServlet {
-	    /**
+/**
+ * Retrieve the Certificates comprising the CA Chain for this CA.
+ * 
+ * @version $Revision$, $Date$
+ */
+public class GetCAChain extends CMSServlet {
+    /**
          *
          */
-        private static final long serialVersionUID = -8189048155415074581L;
-        private final static String TPL_FILE = "displayCaCert.template";
-	    private String mFormPath = null;
-
-	    public GetCAChain() {
-		super();
-	    }
-
-	    /**
-	     * initialize the servlet.
-	     * @param sc servlet configuration, read from the web.xml file
-	     */
-	    public void init(ServletConfig sc) throws ServletException {
-		super.init(sc);
-
-		// override success to display own output.
-		mTemplates.remove(CMSRequest.SUCCESS);
-		// coming from ee
-		mFormPath = "/" + mAuthority.getId() + "/" + TPL_FILE;
-	    }
-
-	    /**
-	     * Process the HTTP request. 
-	     * <ul>
-	     * <li>http.param op 'downloadBIN' - return the binary certificate chain
-	     * <li>http.param op 'displayIND' - display pretty-print of certificate chain components
-	     * </ul>
-	     * @param cmsReq the object holding the request and response information
-	     */
-	    protected void process(CMSRequest cmsReq)
-		throws EBaseException {
-		HttpServletRequest httpReq = cmsReq.getHttpReq();
-		HttpServletResponse httpResp = cmsReq.getHttpResp();
-
-		IAuthToken authToken = authenticate(cmsReq);
-
-		// Construct an ArgBlock
-		IArgBlock args = cmsReq.getHttpParams();
-
-		// Get the operation code
-		String op = null;
-
-		op = args.getValueAsString("op", null);
-		if (op == null) {
-		    log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_NO_OPTIONS_SELECTED"));
-		    throw new ECMSGWException(
-		      CMS.getUserMessage("CMS_GW_NO_OPTIONS_SELECTED"));
-		}
-
-		cmsReq.setStatus(CMSRequest.SUCCESS);
-
-		AuthzToken authzToken = null;
-
-		if (op.startsWith("download")) {
-		    try {
-			authzToken = authorize(mAclMethod, authToken,
-				    mAuthzResourceName, "download");
-		    } catch (EAuthzAccessDenied e) {
-			log(ILogger.LL_FAILURE,
-			    CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
-		    } catch (Exception e) {
-			log(ILogger.LL_FAILURE,
-			    CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
-		    }
-
-		    if (authzToken == null) {
-			cmsReq.setStatus(CMSRequest.UNAUTHORIZED);
-			return;
-		    }
-
-		    downloadChain(op, args, httpReq, httpResp, cmsReq);
-		} else if (op.startsWith("display")) {
-		    try {
-			authzToken = mAuthz.authorize(mAclMethod, authToken,
-				    mAuthzResourceName, "read");
-		    } catch (EAuthzAccessDenied e) {
-			log(ILogger.LL_FAILURE,
-			    CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
-		    } catch (Exception e) {
-			log(ILogger.LL_FAILURE,
-			    CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
-		    }
-
-		    if (authzToken == null) {
-			cmsReq.setStatus(CMSRequest.UNAUTHORIZED);
-			return;
-		    }
-
-		    displayChain(op, args, httpReq, httpResp, cmsReq);
-		} else {
-		    log(ILogger.LL_FAILURE, 
-			CMS.getLogMessage("CMSGW_INVALID_OPTIONS_CA_CHAIN"));
-		    throw new ECMSGWException(
-		      CMS.getUserMessage("CMS_GW_INVALID_OPTIONS_SELECTED"));
-		}
-		//		cmsReq.setResult(null);
-		return;
-	    }
-
-	    private void downloadChain(String op, 
-		IArgBlock args, 
-		HttpServletRequest httpReq, 
-		HttpServletResponse httpResp,
-		CMSRequest cmsReq)
-		throws EBaseException {
-
-		/* check browser info ? */
-		
-		/* check if pkcs7 will work for both nav and ie */
-
-		byte[] bytes = null;
-
-		/*
-		 * Some IE actions - IE doesn't want PKCS7 for "download" CA Cert.
-		 * This means that we can only hand out the root CA, and not
-		 * the whole chain.
-		 */
-
-		if (clientIsMSIE(httpReq) && (op.equals("download") || op.equals("downloadBIN"))) {
-		    X509Certificate[] caCerts = 
-			((ICertAuthority) mAuthority).getCACertChain().getChain();
-
-		    try {
-			bytes = caCerts[0].getEncoded();
-		    } catch (CertificateEncodingException e) {
-			cmsReq.setStatus(CMSRequest.ERROR);
-			log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ERROR_GETTING_CACERT_ENCODED", e.toString()));
-			throw new ECMSGWException(
-			  CMS.getUserMessage("CMS_GW_GETTING_CA_CERT_ERROR"));
-		    }
-		} else {
-		    CertificateChain certChain = 
-			((ICertAuthority) mAuthority).getCACertChain();
-
-		    if (certChain == null) {
-			log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_CA_CHAIN_EMPTY"));
-			throw new ECMSGWException(
-			  CMS.getUserMessage("CMS_GW_CA_CHAIN_EMPTY"));
-		    }
-				
-		    try {
-			ByteArrayOutputStream encoded = new ByteArrayOutputStream();
-
-			certChain.encode(encoded, false);
-			bytes = encoded.toByteArray();
-		    } catch (IOException e) {
-			cmsReq.setStatus(CMSRequest.ERROR);
-			log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ERROR_ENCODING_CA_CHAIN_1", e.toString()));
-			throw new ECMSGWException(
-			  CMS.getUserMessage("CMS_GW_ENCODING_CA_CHAIN_ERROR"));
-		    }
-		}
-
-		String mimeType = null;
-
-		if (op.equals("downloadBIN")) {
-		    mimeType = "application/octet-stream";
-		} else {
-		    try {
-			mimeType = args.getValueAsString("mimeType");
-		    } catch (EBaseException e) {
-			mimeType = "application/octet-stream";
-		    }
-		}
-
-		try {
-		    if (op.equals("downloadBIN")) {
-		        // file suffixes changed to comply with RFC 5280
-		        // requirements for AIA extensions
-		        if (clientIsMSIE(httpReq)) {
-		            httpResp.setHeader("Content-disposition",
-		                "attachment; filename=ca.cer");
-		        } else {
-		            httpResp.setHeader("Content-disposition",
-		                "attachment; filename=ca.p7c");
-		        }
-		    }
-		    httpResp.setContentType(mimeType);
-		    httpResp.getOutputStream().write(bytes);
-		    httpResp.setContentLength(bytes.length);
-		    httpResp.getOutputStream().flush();
-		} catch (IOException e) {
-		    cmsReq.setStatus(CMSRequest.ERROR);
-		    log(ILogger.LL_FAILURE, 
-			CMS.getLogMessage("CMSGW_ERROR_DISPLAYING_CACHAIN_1", e.toString()));
-		    throw new ECMSGWException(
-		      CMS.getUserMessage("CMS_GW_DISPLAYING_CACHAIN_ERROR"));
-		}
-	    }
-
-	    private void displayChain(String op, 
-		IArgBlock args, 
-		HttpServletRequest httpReq, 
-		HttpServletResponse httpResp,
-		CMSRequest cmsReq)
-		throws EBaseException {
-		String outputString = null;
-
-		CertificateChain certChain = 
-		    ((ICertAuthority) mAuthority).getCACertChain();
-
-		if (certChain == null) {
-		    cmsReq.setStatus(CMSRequest.ERROR);
-		    log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_CA_CHAIN_NOT_AVAILABLE"));
-		    throw new ECMSGWException(
-		      CMS.getUserMessage("CMS_GW_CA_CHAIN_NOT_AVAILABLE"));
-		}
-
-		CMSTemplate form = null;
-		Locale[] locale = new Locale[1];
-
-		if (mOutputTemplatePath != null)
-		    mFormPath = mOutputTemplatePath;
+    private static final long serialVersionUID = -8189048155415074581L;
+    private final static String TPL_FILE = "displayCaCert.template";
+    private String mFormPath = null;
+
+    public GetCAChain() {
+        super();
+    }
+
+    /**
+     * initialize the servlet.
+     * 
+     * @param sc servlet configuration, read from the web.xml file
+     */
+    public void init(ServletConfig sc) throws ServletException {
+        super.init(sc);
+
+        // override success to display own output.
+        mTemplates.remove(CMSRequest.SUCCESS);
+        // coming from ee
+        mFormPath = "/" + mAuthority.getId() + "/" + TPL_FILE;
+    }
+
+    /**
+     * Process the HTTP request.
+     * <ul>
+     * <li>http.param op 'downloadBIN' - return the binary certificate chain
+     * <li>http.param op 'displayIND' - display pretty-print of certificate
+     * chain components
+     * </ul>
+     * 
+     * @param cmsReq the object holding the request and response information
+     */
+    protected void process(CMSRequest cmsReq)
+            throws EBaseException {
+        HttpServletRequest httpReq = cmsReq.getHttpReq();
+        HttpServletResponse httpResp = cmsReq.getHttpResp();
+
+        IAuthToken authToken = authenticate(cmsReq);
+
+        // Construct an ArgBlock
+        IArgBlock args = cmsReq.getHttpParams();
+
+        // Get the operation code
+        String op = null;
+
+        op = args.getValueAsString("op", null);
+        if (op == null) {
+            log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_NO_OPTIONS_SELECTED"));
+            throw new ECMSGWException(
+                    CMS.getUserMessage("CMS_GW_NO_OPTIONS_SELECTED"));
+        }
+
+        cmsReq.setStatus(CMSRequest.SUCCESS);
+
+        AuthzToken authzToken = null;
+
+        if (op.startsWith("download")) {
+            try {
+                authzToken = authorize(mAclMethod, authToken,
+                        mAuthzResourceName, "download");
+            } catch (EAuthzAccessDenied e) {
+                log(ILogger.LL_FAILURE,
+                        CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+            } catch (Exception e) {
+                log(ILogger.LL_FAILURE,
+                        CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+            }
+
+            if (authzToken == null) {
+                cmsReq.setStatus(CMSRequest.UNAUTHORIZED);
+                return;
+            }
+
+            downloadChain(op, args, httpReq, httpResp, cmsReq);
+        } else if (op.startsWith("display")) {
+            try {
+                authzToken = mAuthz.authorize(mAclMethod, authToken,
+                        mAuthzResourceName, "read");
+            } catch (EAuthzAccessDenied e) {
+                log(ILogger.LL_FAILURE,
+                        CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+            } catch (Exception e) {
+                log(ILogger.LL_FAILURE,
+                        CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+            }
+
+            if (authzToken == null) {
+                cmsReq.setStatus(CMSRequest.UNAUTHORIZED);
+                return;
+            }
+
+            displayChain(op, args, httpReq, httpResp, cmsReq);
+        } else {
+            log(ILogger.LL_FAILURE,
+                    CMS.getLogMessage("CMSGW_INVALID_OPTIONS_CA_CHAIN"));
+            throw new ECMSGWException(
+                    CMS.getUserMessage("CMS_GW_INVALID_OPTIONS_SELECTED"));
+        }
+        // cmsReq.setResult(null);
+        return;
+    }
+
+    private void downloadChain(String op,
+            IArgBlock args,
+            HttpServletRequest httpReq,
+            HttpServletResponse httpResp,
+            CMSRequest cmsReq)
+            throws EBaseException {
+
+        /* check browser info ? */
+
+        /* check if pkcs7 will work for both nav and ie */
+
+        byte[] bytes = null;
+
+        /*
+         * Some IE actions - IE doesn't want PKCS7 for "download" CA Cert. This
+         * means that we can only hand out the root CA, and not the whole chain.
+         */
+
+        if (clientIsMSIE(httpReq) && (op.equals("download") || op.equals("downloadBIN"))) {
+            X509Certificate[] caCerts =
+                    ((ICertAuthority) mAuthority).getCACertChain().getChain();
+
+            try {
+                bytes = caCerts[0].getEncoded();
+            } catch (CertificateEncodingException e) {
+                cmsReq.setStatus(CMSRequest.ERROR);
+                log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ERROR_GETTING_CACERT_ENCODED", e.toString()));
+                throw new ECMSGWException(
+                        CMS.getUserMessage("CMS_GW_GETTING_CA_CERT_ERROR"));
+            }
+        } else {
+            CertificateChain certChain =
+                    ((ICertAuthority) mAuthority).getCACertChain();
+
+            if (certChain == null) {
+                log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_CA_CHAIN_EMPTY"));
+                throw new ECMSGWException(
+                        CMS.getUserMessage("CMS_GW_CA_CHAIN_EMPTY"));
+            }
+
+            try {
+                ByteArrayOutputStream encoded = new ByteArrayOutputStream();
+
+                certChain.encode(encoded, false);
+                bytes = encoded.toByteArray();
+            } catch (IOException e) {
+                cmsReq.setStatus(CMSRequest.ERROR);
+                log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ERROR_ENCODING_CA_CHAIN_1", e.toString()));
+                throw new ECMSGWException(
+                        CMS.getUserMessage("CMS_GW_ENCODING_CA_CHAIN_ERROR"));
+            }
+        }
+
+        String mimeType = null;
+
+        if (op.equals("downloadBIN")) {
+            mimeType = "application/octet-stream";
+        } else {
+            try {
+                mimeType = args.getValueAsString("mimeType");
+            } catch (EBaseException e) {
+                mimeType = "application/octet-stream";
+            }
+        }
+
+        try {
+            if (op.equals("downloadBIN")) {
+                // file suffixes changed to comply with RFC 5280
+                // requirements for AIA extensions
+                if (clientIsMSIE(httpReq)) {
+                    httpResp.setHeader("Content-disposition",
+                            "attachment; filename=ca.cer");
+                } else {
+                    httpResp.setHeader("Content-disposition",
+                            "attachment; filename=ca.p7c");
+                }
+            }
+            httpResp.setContentType(mimeType);
+            httpResp.getOutputStream().write(bytes);
+            httpResp.setContentLength(bytes.length);
+            httpResp.getOutputStream().flush();
+        } catch (IOException e) {
+            cmsReq.setStatus(CMSRequest.ERROR);
+            log(ILogger.LL_FAILURE,
+                    CMS.getLogMessage("CMSGW_ERROR_DISPLAYING_CACHAIN_1", e.toString()));
+            throw new ECMSGWException(
+                    CMS.getUserMessage("CMS_GW_DISPLAYING_CACHAIN_ERROR"));
+        }
+    }
+
+    private void displayChain(String op,
+            IArgBlock args,
+            HttpServletRequest httpReq,
+            HttpServletResponse httpResp,
+            CMSRequest cmsReq)
+            throws EBaseException {
+        String outputString = null;
+
+        CertificateChain certChain =
+                ((ICertAuthority) mAuthority).getCACertChain();
+
+        if (certChain == null) {
+            cmsReq.setStatus(CMSRequest.ERROR);
+            log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_CA_CHAIN_NOT_AVAILABLE"));
+            throw new ECMSGWException(
+                    CMS.getUserMessage("CMS_GW_CA_CHAIN_NOT_AVAILABLE"));
+        }
+
+        CMSTemplate form = null;
+        Locale[] locale = new Locale[1];
+
+        if (mOutputTemplatePath != null)
+            mFormPath = mOutputTemplatePath;
         try {
             form = getTemplate(mFormPath, httpReq, locale);
         } catch (IOException e) {
-            log(ILogger.LL_FAILURE, 
-                CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", e.toString()));
+            log(ILogger.LL_FAILURE,
+                    CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", e.toString()));
             cmsReq.setError(new ECMSGWException(
-              CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")));
+                    CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")));
             cmsReq.setStatus(CMSRequest.ERROR);
             return;
         }
@@ -306,7 +306,7 @@ import com.netscape.cms.servlet.common.ECMSGWException;
             byte[] bytes = null;
 
             try {
-                subjectdn = 
+                subjectdn =
                         certChain.getFirstCertificate().getSubjectDN().toString();
                 ByteArrayOutputStream encoded = new ByteArrayOutputStream();
 
@@ -315,14 +315,14 @@ import com.netscape.cms.servlet.common.ECMSGWException;
             } catch (IOException e) {
                 log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ERROR_ENCODING_CA_CHAIN_1", e.toString()));
                 throw new ECMSGWException(
-                  CMS.getUserMessage("CMS_GW_ENCODING_CA_CHAIN_ERROR"));
+                        CMS.getUserMessage("CMS_GW_ENCODING_CA_CHAIN_ERROR"));
             }
 
             String chainBase64 = getBase64(bytes);
 
             header.addStringValue("subjectdn", subjectdn);
             header.addStringValue("chainBase64", chainBase64);
-        } else { 
+        } else {
             try {
                 X509Certificate[] certs = certChain.getChain();
 
@@ -339,13 +339,13 @@ import com.netscape.cms.servlet.common.ECMSGWException;
                     String subjectdn = certs[i].getSubjectDN().toString();
                     String finger = null;
                     try {
-			finger = CMS.getFingerPrints(certs[i]);
+                        finger = CMS.getFingerPrints(certs[i]);
                     } catch (Exception e) {
                         throw new IOException("Internal Error");
                     }
 
-                    ICertPrettyPrint certDetails = 
-                        CMS.getCertPrettyPrint((X509CertImpl) certs[i]);
+                    ICertPrettyPrint certDetails =
+                            CMS.getCertPrettyPrint((X509CertImpl) certs[i]);
 
                     IArgBlock rarg = CMS.createArgBlock();
 
@@ -353,14 +353,14 @@ import com.netscape.cms.servlet.common.ECMSGWException;
                     rarg.addStringValue("subjectdn", subjectdn);
                     rarg.addStringValue("base64", getBase64(bytes));
                     rarg.addStringValue("certDetails",
-                        certDetails.toString(locale[0]));
+                            certDetails.toString(locale[0]));
                     argSet.addRepeatRecord(rarg);
                 }
             } catch (IOException e) {
-                log(ILogger.LL_FAILURE, 
-                    CMS.getLogMessage("CMSGW_ERROR_DISPLAYING_CACHAIN_1", e.toString()));
+                log(ILogger.LL_FAILURE,
+                        CMS.getLogMessage("CMSGW_ERROR_DISPLAYING_CACHAIN_1", e.toString()));
                 throw new ECMSGWException(
-                  CMS.getUserMessage("CMS_GW_DISPLAYING_CACHAIN_ERROR"));
+                        CMS.getUserMessage("CMS_GW_DISPLAYING_CACHAIN_ERROR"));
             }
         }
 
@@ -371,10 +371,10 @@ import com.netscape.cms.servlet.common.ECMSGWException;
             form.renderOutput(out, argSet);
             cmsReq.setStatus(CMSRequest.SUCCESS);
         } catch (IOException e) {
-            log(ILogger.LL_FAILURE, 
-                CMS.getLogMessage("CMSGW_ERR_BAD_SERV_OUT_STREAM", "", e.toString()));
+            log(ILogger.LL_FAILURE,
+                    CMS.getLogMessage("CMSGW_ERR_BAD_SERV_OUT_STREAM", "", e.toString()));
             cmsReq.setError(new ECMSGWException(
-              CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")));
+                    CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")));
             cmsReq.setStatus(CMSRequest.ERROR);
         }
 
diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/GetCRL.java b/pki/base/common/src/com/netscape/cms/servlet/cert/GetCRL.java
index 2bbec482..68d38aab 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/cert/GetCRL.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/cert/GetCRL.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.servlet.cert;
 
-
 import java.io.IOException;
 import java.math.BigInteger;
 import java.security.cert.CRLException;
@@ -48,10 +47,9 @@ import com.netscape.cms.servlet.common.CMSTemplate;
 import com.netscape.cms.servlet.common.CMSTemplateParams;
 import com.netscape.cms.servlet.common.ECMSGWException;
 
-
 /**
  * Retrieve CRL for a Certificate Authority
- *
+ * 
  * @version $Revision$, $Date$
  */
 public class GetCRL extends CMSServlet {
@@ -68,6 +66,7 @@ public class GetCRL extends CMSServlet {
 
     /**
      * initialize the servlet.
+     * 
      * @param sc servlet configuration, read from the web.xml file
      */
     public void init(ServletConfig sc) throws ServletException {
@@ -79,15 +78,14 @@ public class GetCRL extends CMSServlet {
             mFormPath = mOutputTemplatePath;
     }
 
-
     /**
-     * Process the HTTP request. 
-     *
+     * Process the HTTP request.
+     * 
      * @param cmsReq the object holding the request and response information
-	 * @see DisplayCRL#process
+     * @see DisplayCRL#process
      */
     protected void process(CMSRequest cmsReq)
-        throws EBaseException {
+            throws EBaseException {
         HttpServletRequest httpReq = cmsReq.getHttpReq();
         HttpServletResponse httpResp = cmsReq.getHttpResp();
 
@@ -100,10 +98,10 @@ public class GetCRL extends CMSServlet {
                         mAuthzResourceName, "read");
         } catch (EAuthzAccessDenied e) {
             log(ILogger.LL_FAILURE,
-                CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+                    CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
         } catch (Exception e) {
             log(ILogger.LL_FAILURE,
-                CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+                    CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
         }
 
         if (authzToken == null) {
@@ -117,7 +115,7 @@ public class GetCRL extends CMSServlet {
         if (!(mAuthority instanceof ICertificateAuthority)) {
             log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_CA_FROM_RA_NOT_IMP"));
             cmsReq.setError(new ECMSGWException(
-              CMS.getUserMessage("CMS_GW_NOT_YET_IMPLEMENTED")));
+                    CMS.getUserMessage("CMS_GW_NOT_YET_IMPLEMENTED")));
             cmsReq.setStatus(CMSRequest.ERROR);
             return;
         }
@@ -125,14 +123,14 @@ public class GetCRL extends CMSServlet {
         CMSTemplate form = null;
         Locale[] locale = new Locale[1];
 
-CMS.debug("**** mFormPath before getTemplate = "+mFormPath);
+        CMS.debug("**** mFormPath before getTemplate = " + mFormPath);
         try {
             form = getTemplate(mFormPath, httpReq, locale);
         } catch (IOException e) {
-            log(ILogger.LL_FAILURE, 
-                CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString()));
+            log(ILogger.LL_FAILURE,
+                    CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString()));
             cmsReq.setError(new ECMSGWException(
-              CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")));
+                    CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")));
             cmsReq.setStatus(CMSRequest.ERROR);
             return;
         }
@@ -150,14 +148,14 @@ CMS.debug("**** mFormPath before getTemplate = "+mFormPath);
         if (op == null) {
             log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_NO_OPTIONS_SELECTED"));
             cmsReq.setError(new ECMSGWException(
-              CMS.getUserMessage("CMS_GW_NO_OPTIONS_SELECTED")));
+                    CMS.getUserMessage("CMS_GW_NO_OPTIONS_SELECTED")));
             cmsReq.setStatus(CMSRequest.ERROR);
             return;
         }
         if (crlId == null) {
             log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_NO_CRL_ISSUING_POINT"));
             cmsReq.setError(new ECMSGWException(
-              CMS.getUserMessage("CMS_GW_NO_CRL_SELECTED")));
+                    CMS.getUserMessage("CMS_GW_NO_CRL_SELECTED")));
             cmsReq.setStatus(CMSRequest.ERROR);
             return;
         }
@@ -165,23 +163,24 @@ CMS.debug("**** mFormPath before getTemplate = "+mFormPath);
         ICRLIssuingPointRecord crlRecord = null;
         ICertificateAuthority ca = (ICertificateAuthority) mAuthority;
         ICRLIssuingPoint crlIP = null;
-        if (ca != null) crlIP = ca.getCRLIssuingPoint(crlId);
+        if (ca != null)
+            crlIP = ca.getCRLIssuingPoint(crlId);
 
         try {
             crlRecord = (ICRLIssuingPointRecord) ca.getCRLRepository().readCRLIssuingPointRecord(crlId);
         } catch (EBaseException e) {
-            log(ILogger.LL_FAILURE, 
-                CMS.getLogMessage("CMSGW_NO_CRL_ISSUING_POINT_FOUND", crlId));
+            log(ILogger.LL_FAILURE,
+                    CMS.getLogMessage("CMSGW_NO_CRL_ISSUING_POINT_FOUND", crlId));
             cmsReq.setError(new ECMSGWException(
-              CMS.getUserMessage("CMS_GW_CRL_NOT_FOUND")));
+                    CMS.getUserMessage("CMS_GW_CRL_NOT_FOUND")));
             cmsReq.setStatus(CMSRequest.ERROR);
             return;
         }
         if (crlRecord == null) {
-            log(ILogger.LL_FAILURE, 
-                CMS.getLogMessage("CMSGW_CRL_NOT_YET_UPDATED_1", crlId));
+            log(ILogger.LL_FAILURE,
+                    CMS.getLogMessage("CMSGW_CRL_NOT_YET_UPDATED_1", crlId));
             cmsReq.setError(new ECMSGWException(
-              CMS.getUserMessage("CMS_GW_CRL_NOT_UPDATED")));
+                    CMS.getUserMessage("CMS_GW_CRL_NOT_UPDATED")));
             cmsReq.setStatus(CMSRequest.ERROR);
             return;
         }
@@ -201,12 +200,12 @@ CMS.debug("**** mFormPath before getTemplate = "+mFormPath);
         }
 
         if ((op.equals("checkCRLcache") ||
-             (op.equals("displayCRL") && crlDisplayType != null && crlDisplayType.equals("cachedCRL"))) &&
-              (crlIP == null || (!crlIP.isCRLCacheEnabled()) || crlIP.isCRLCacheEmpty())) {
+                (op.equals("displayCRL") && crlDisplayType != null && crlDisplayType.equals("cachedCRL"))) &&
+                (crlIP == null || (!crlIP.isCRLCacheEnabled()) || crlIP.isCRLCacheEmpty())) {
             cmsReq.setError(
-                CMS.getUserMessage(
-                    ((crlIP != null && crlIP.isCRLCacheEnabled() && crlIP.isCRLCacheEmpty())?
-                        "CMS_GW_CRL_CACHE_IS_EMPTY":"CMS_GW_CRL_CACHE_IS_NOT_ENABLED"), crlId));
+                    CMS.getUserMessage(
+                            ((crlIP != null && crlIP.isCRLCacheEnabled() && crlIP.isCRLCacheEmpty()) ?
+                                    "CMS_GW_CRL_CACHE_IS_EMPTY" : "CMS_GW_CRL_CACHE_IS_NOT_ENABLED"), crlId));
             cmsReq.setStatus(CMSRequest.ERROR);
             return;
         }
@@ -214,26 +213,26 @@ CMS.debug("**** mFormPath before getTemplate = "+mFormPath);
         byte[] crlbytes = null;
 
         if (op.equals("importDeltaCRL") || op.equals("getDeltaCRL") ||
-            (op.equals("displayCRL") && crlDisplayType != null &&
-             crlDisplayType.equals("deltaCRL"))) {
+                (op.equals("displayCRL") && crlDisplayType != null &&
+                crlDisplayType.equals("deltaCRL"))) {
             crlbytes = crlRecord.getDeltaCRL();
         } else if (op.equals("importCRL") || op.equals("getCRL") ||
                    op.equals("checkCRL") ||
                    (op.equals("displayCRL") &&
-                    crlDisplayType != null &&
+                           crlDisplayType != null &&
                     (crlDisplayType.equals("entireCRL") ||
-                     crlDisplayType.equals("crlHeader") ||
+                            crlDisplayType.equals("crlHeader") ||
                      crlDisplayType.equals("base64Encoded")))) {
             crlbytes = crlRecord.getCRL();
-        } 
+        }
 
         if (crlbytes == null && (!op.equals("checkCRLcache")) &&
-            (!(op.equals("displayCRL") && crlDisplayType != null &&
-               crlDisplayType.equals("cachedCRL")))) {
-            log(ILogger.LL_FAILURE, 
-                CMS.getLogMessage("CMSGW_CRL_NOT_YET_UPDATED_1", crlId));
+                (!(op.equals("displayCRL") && crlDisplayType != null &&
+                crlDisplayType.equals("cachedCRL")))) {
+            log(ILogger.LL_FAILURE,
+                    CMS.getLogMessage("CMSGW_CRL_NOT_YET_UPDATED_1", crlId));
             cmsReq.setError(new ECMSGWException(
-              CMS.getUserMessage("CMS_GW_CRL_NOT_UPDATED")));
+                    CMS.getUserMessage("CMS_GW_CRL_NOT_UPDATED")));
             cmsReq.setStatus(CMSRequest.ERROR);
             return;
         }
@@ -242,15 +241,15 @@ CMS.debug("**** mFormPath before getTemplate = "+mFormPath);
         X509CRLImpl crl = null;
 
         if (op.equals("checkCRL") || op.equals("importCRL") ||
-            op.equals("importDeltaCRL") ||
-            (op.equals("displayCRL") && crlDisplayType != null &&
-             (crlDisplayType.equals("entireCRL") ||
-              crlDisplayType.equals("crlHeader") ||
-              crlDisplayType.equals("base64Encoded") ||
-              crlDisplayType.equals("deltaCRL")))) {
+                op.equals("importDeltaCRL") ||
+                (op.equals("displayCRL") && crlDisplayType != null &&
+                (crlDisplayType.equals("entireCRL") ||
+                        crlDisplayType.equals("crlHeader") ||
+                        crlDisplayType.equals("base64Encoded") ||
+                crlDisplayType.equals("deltaCRL")))) {
             try {
                 if (op.equals("displayCRL") && crlDisplayType != null &&
-                    crlDisplayType.equals("crlHeader")) {
+                        crlDisplayType.equals("crlHeader")) {
                     crl = new X509CRLImpl(crlbytes, false);
                 } else {
                     crl = new X509CRLImpl(crlbytes);
@@ -258,25 +257,25 @@ CMS.debug("**** mFormPath before getTemplate = "+mFormPath);
             } catch (Exception e) {
                 log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_FAILED_DECODE_CRL_1", e.toString()));
                 cmsReq.setError(new ECMSGWException(
-                  CMS.getUserMessage("CMS_GW_DECODE_CRL_FAILED")));
+                        CMS.getUserMessage("CMS_GW_DECODE_CRL_FAILED")));
                 cmsReq.setStatus(CMSRequest.ERROR);
                 return;
             }
             if ((op.equals("importDeltaCRL") || (op.equals("displayCRL") &&
-                 crlDisplayType != null && crlDisplayType.equals("deltaCRL"))) &&
-                  ((!(crlIP != null && crlIP.isThisCurrentDeltaCRL(crl))) &&
-                   (crlRecord.getCRLNumber() == null ||
-                    crlRecord.getDeltaCRLNumber() == null || 
-                    crlRecord.getDeltaCRLNumber().compareTo(crlRecord.getCRLNumber()) < 0 ||
-                    crlRecord.getDeltaCRLSize() == null ||
+                    crlDisplayType != null && crlDisplayType.equals("deltaCRL"))) &&
+                    ((!(crlIP != null && crlIP.isThisCurrentDeltaCRL(crl))) &&
+                    (crlRecord.getCRLNumber() == null ||
+                            crlRecord.getDeltaCRLNumber() == null ||
+                            crlRecord.getDeltaCRLNumber().compareTo(crlRecord.getCRLNumber()) < 0 ||
+                            crlRecord.getDeltaCRLSize() == null ||
                     crlRecord.getDeltaCRLSize().longValue() == -1))) {
                 log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ERR_NO_DELTA_CRL_1"));
                 cmsReq.setError(new ECMSGWException(
-                  CMS.getUserMessage("CMS_GW_CRL_NOT_UPDATED")));
+                        CMS.getUserMessage("CMS_GW_CRL_NOT_UPDATED")));
                 cmsReq.setStatus(CMSRequest.ERROR);
                 return;
             }
-        } 
+        }
 
         String mimeType = "application/x-pkcs7-crl";
 
@@ -300,13 +299,13 @@ CMS.debug("**** mFormPath before getTemplate = "+mFormPath);
 
             if (op.equals("checkCRL")) {
                 header.addBooleanValue("isOnCRL",
-                    crl.isRevoked(new BigInteger(certSerialNumber)));
+                        crl.isRevoked(new BigInteger(certSerialNumber)));
             }
 
             if (op.equals("displayCRL")) {
                 if (crlDisplayType.equals("entireCRL") || crlDisplayType.equals("cachedCRL")) {
-                    ICRLPrettyPrint crlDetails = (crlDisplayType.equals("entireCRL"))?
-                                                    CMS.getCRLPrettyPrint(crl):
+                    ICRLPrettyPrint crlDetails = (crlDisplayType.equals("entireCRL")) ?
+                                                    CMS.getCRLPrettyPrint(crl) :
                                                     CMS.getCRLCachePrettyPrint(crlIP);
                     String pageStart = args.getValueAsString("pageStart", null);
                     String pageSize = args.getValueAsString("pageSize", null);
@@ -315,22 +314,23 @@ CMS.debug("**** mFormPath before getTemplate = "+mFormPath);
                         long lPageStart = new Long(pageStart).longValue();
                         long lPageSize = new Long(pageSize).longValue();
 
-                        if (lPageStart < 1) lPageStart = 1;
+                        if (lPageStart < 1)
+                            lPageStart = 1;
 
                         header.addStringValue("crlPrettyPrint",
                                  crlDetails.toString(locale[0],
-                                 lCRLSize, lPageStart, lPageSize));
+                                         lCRLSize, lPageStart, lPageSize));
                         header.addLongValue("pageStart", lPageStart);
                         header.addLongValue("pageSize", lPageSize);
                     } else {
                         header.addStringValue(
-                            "crlPrettyPrint", crlDetails.toString(locale[0]));
+                                "crlPrettyPrint", crlDetails.toString(locale[0]));
                     }
                 } else if (crlDisplayType.equals("crlHeader")) {
                     ICRLPrettyPrint crlDetails = CMS.getCRLPrettyPrint(crl);
 
                     header.addStringValue(
-                        "crlPrettyPrint", crlDetails.toString(locale[0], lCRLSize, 0, 0));
+                            "crlPrettyPrint", crlDetails.toString(locale[0], lCRLSize, 0, 0));
                 } else if (crlDisplayType.equals("base64Encoded")) {
                     try {
                         byte[] ba = crl.getEncoded();
@@ -365,12 +365,12 @@ CMS.debug("**** mFormPath before getTemplate = "+mFormPath);
                     }
                 } else if (crlDisplayType.equals("deltaCRL")) {
                     header.addIntegerValue("deltaCRLSize",
-                        crl.getNumberOfRevokedCertificates());
+                            crl.getNumberOfRevokedCertificates());
 
                     ICRLPrettyPrint crlDetails = CMS.getCRLPrettyPrint(crl);
 
                     header.addStringValue(
-                        "crlPrettyPrint", crlDetails.toString(locale[0], 0, 0, 0));
+                            "crlPrettyPrint", crlDetails.toString(locale[0], 0, 0, 0));
 
                     try {
                         byte[] ba = crl.getEncoded();
@@ -413,10 +413,10 @@ CMS.debug("**** mFormPath before getTemplate = "+mFormPath);
                 form.renderOutput(out, argSet);
                 cmsReq.setStatus(CMSRequest.SUCCESS);
             } catch (IOException e) {
-                log(ILogger.LL_FAILURE, 
-                    CMS.getLogMessage("CMSGW_ERR_OUT_STREAM_TEMPLATE", e.toString()));
+                log(ILogger.LL_FAILURE,
+                        CMS.getLogMessage("CMSGW_ERR_OUT_STREAM_TEMPLATE", e.toString()));
                 cmsReq.setError(new ECMSGWException(
-                  CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")));
+                        CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")));
                 cmsReq.setStatus(CMSRequest.ERROR);
             }
             return;
@@ -428,21 +428,21 @@ CMS.debug("**** mFormPath before getTemplate = "+mFormPath);
         } else if (op.equals("getCRL")) {
             mimeType = "application/octet-stream";
             httpResp.setHeader("Content-disposition",
-                "attachment; filename=" + crlId + ".crl");
+                    "attachment; filename=" + crlId + ".crl");
         } else if (op.equals("getDeltaCRL")) {
             mimeType = "application/octet-stream";
             httpResp.setHeader("Content-disposition",
-                "attachment; filename=delta-" + crlId + ".crl");
+                    "attachment; filename=delta-" + crlId + ".crl");
         } else {
             log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_INVALID_OPTIONS_SELECTED"));
             throw new ECMSGWException(
-              CMS.getUserMessage("CMS_GW_INVALID_OPTIONS_SELECTED"));
+                    CMS.getUserMessage("CMS_GW_INVALID_OPTIONS_SELECTED"));
         }
 
         try {
-            //            if (clientIsMSIE(httpReq) &&  op.equals("getCRL"))
-            //                httpResp.setHeader("Content-disposition",
-            //                  "attachment; filename=getCRL.crl");
+            // if (clientIsMSIE(httpReq) && op.equals("getCRL"))
+            // httpResp.setHeader("Content-disposition",
+            // "attachment; filename=getCRL.crl");
             httpResp.setContentType(mimeType);
             httpResp.setContentLength(bytes.length);
             httpResp.getOutputStream().write(bytes);
@@ -450,9 +450,9 @@ CMS.debug("**** mFormPath before getTemplate = "+mFormPath);
         } catch (IOException e) {
             log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ERROR_DISPLAYING_CRLINFO"));
             throw new ECMSGWException(
-              CMS.getUserMessage("CMS_GW_DISPLAYING_CRLINFO_ERROR"));
+                    CMS.getUserMessage("CMS_GW_DISPLAYING_CRLINFO_ERROR"));
         }
-        //		cmsReq.setResult(null);
+        // cmsReq.setResult(null);
         cmsReq.setStatus(CMSRequest.SUCCESS);
         return;
     }
diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/GetCertFromRequest.java b/pki/base/common/src/com/netscape/cms/servlet/cert/GetCertFromRequest.java
index 5909bc4b..3ea9d02b 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/cert/GetCertFromRequest.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/cert/GetCertFromRequest.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.servlet.cert;
 
-
 import java.io.IOException;
 import java.util.Locale;
 
@@ -52,10 +51,9 @@ import com.netscape.cms.servlet.common.CMSTemplateParams;
 import com.netscape.cms.servlet.common.ECMSGWException;
 import com.netscape.cms.servlet.common.ICMSTemplateFiller;
 
-
 /**
- * Gets a issued certificate from a request id. 
- *
+ * Gets a issued certificate from a request id.
+ * 
  * @version $Revision$, $Date$
  */
 public class GetCertFromRequest extends CMSServlet {
@@ -64,27 +62,26 @@ public class GetCertFromRequest extends CMSServlet {
      */
     private static final long serialVersionUID = 5310646832256611066L;
     private final static String PROP_IMPORT = "importCert";
-    protected static final String 
-        GET_CERT_FROM_REQUEST_TEMPLATE = "ImportCert.template";
-    protected static final String 
-        DISPLAY_CERT_FROM_REQUEST_TEMPLATE = "displayCertFromRequest.template";
+    protected static final String GET_CERT_FROM_REQUEST_TEMPLATE = "ImportCert.template";
+    protected static final String DISPLAY_CERT_FROM_REQUEST_TEMPLATE = "displayCertFromRequest.template";
 
     protected static final String REQUEST_ID = "requestId";
     protected static final String CERT_TYPE = "certtype";
 
-    protected String mCertFrReqSuccessTemplate = null; 
+    protected String mCertFrReqSuccessTemplate = null;
     protected ICMSTemplateFiller mCertFrReqFiller = null;
 
     protected IRequestQueue mQueue = null;
     protected boolean mImportCert = true;
 
-    public GetCertFromRequest() {		
+    public GetCertFromRequest() {
         super();
     }
 
     /**
      * initialize the servlet. This servlet uses the template files
-	 * "displayCertFromRequest.template" and "ImportCert.template"
+     * "displayCertFromRequest.template" and "ImportCert.template"
+     * 
      * @param sc servlet configuration, read from the web.xml file
      */
     public void init(ServletConfig sc) throws ServletException {
@@ -102,23 +99,23 @@ public class GetCertFromRequest extends CMSServlet {
 
             if (mImportCert)
                 defTemplate = GET_CERT_FROM_REQUEST_TEMPLATE;
-            else 
+            else
                 defTemplate = DISPLAY_CERT_FROM_REQUEST_TEMPLATE;
             if (mAuthority instanceof IRegistrationAuthority)
                 defTemplate = "/ra/" + defTemplate;
-            else 
+            else
                 defTemplate = "/ca/" + defTemplate;
             mCertFrReqSuccessTemplate = sc.getInitParameter(
                         PROP_SUCCESS_TEMPLATE);
             if (mCertFrReqSuccessTemplate == null)
                 mCertFrReqSuccessTemplate = defTemplate;
             String fillername =
-                sc.getInitParameter(PROP_SUCCESS_TEMPLATE_FILLER);
+                    sc.getInitParameter(PROP_SUCCESS_TEMPLATE_FILLER);
 
             if (fillername != null) {
                 ICMSTemplateFiller filler = newFillerObject(fillername);
 
-                if (filler != null) 
+                if (filler != null)
                     mCertFrReqFiller = filler;
             } else {
                 mCertFrReqFiller = new CertFrRequestFiller();
@@ -126,22 +123,21 @@ public class GetCertFromRequest extends CMSServlet {
         } catch (Exception e) {
             // should never happen.
             log(ILogger.LL_FAILURE,
-                CMS.getLogMessage("CMSGW_IMP_INIT_SERV_ERR", e.toString(),
-                    mId));
+                    CMS.getLogMessage("CMSGW_IMP_INIT_SERV_ERR", e.toString(),
+                            mId));
         }
     }
 
-
     /**
-     * Process the HTTP request. 
+     * Process the HTTP request.
      * <ul>
-     * <li>http.param  requestId  The request ID to search on
+     * <li>http.param requestId The request ID to search on
      * </ul>
-     *
+     * 
      * @param cmsReq the object holding the request and response information
      */
-    protected void process(CMSRequest cmsReq) 
-        throws EBaseException {
+    protected void process(CMSRequest cmsReq)
+            throws EBaseException {
         IArgBlock httpParams = cmsReq.getHttpParams();
         HttpServletRequest httpReq = cmsReq.getHttpReq();
 
@@ -154,10 +150,10 @@ public class GetCertFromRequest extends CMSServlet {
                         mAuthzResourceName, "read");
         } catch (EAuthzAccessDenied e) {
             log(ILogger.LL_FAILURE,
-                CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+                    CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
         } catch (Exception e) {
             log(ILogger.LL_FAILURE,
-                CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+                    CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
         }
 
         if (authzToken == null) {
@@ -165,7 +161,7 @@ public class GetCertFromRequest extends CMSServlet {
             return;
         }
 
-        String requestId = httpParams.getValueAsString(REQUEST_ID, null); 
+        String requestId = httpParams.getValueAsString(REQUEST_ID, null);
 
         if (requestId == null) {
             log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_NO_REQUEST_ID_PROVIDED"));
@@ -185,51 +181,51 @@ public class GetCertFromRequest extends CMSServlet {
         if (r == null) {
             log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_REQUEST_ID_NOT_FOUND", requestId));
             throw new ECMSGWException(
-              CMS.getUserMessage("CMS_GW_REQUEST_ID_NOT_FOUND", requestId));
+                    CMS.getUserMessage("CMS_GW_REQUEST_ID_NOT_FOUND", requestId));
         }
 
         if (authToken != null) {
-          //if RA, group and requestOwner must match
-          String group = authToken.getInString("group");
-          if ((group != null) && (group != "") &&
-               group.equals("Registration Manager Agents")) {
-            boolean groupMatched = false;
-            String reqOwner = r.getRequestOwner();
-            if (reqOwner != null) {
-              CMS.debug("GetCertFromRequest process: req owner="+reqOwner);
-              if (reqOwner.equals(group))
-                groupMatched = true;
-            }
-            if (groupMatched == false) {
-              CMS.debug("RA group unmatched");
-              log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_REQUEST_ID_NOT_FOUND", requestId));
-              throw new ECMSGWException(
-                CMS.getUserMessage("CMS_GW_REQUEST_ID_NOT_FOUND", requestId));
+            // if RA, group and requestOwner must match
+            String group = authToken.getInString("group");
+            if ((group != null) && (group != "") &&
+                    group.equals("Registration Manager Agents")) {
+                boolean groupMatched = false;
+                String reqOwner = r.getRequestOwner();
+                if (reqOwner != null) {
+                    CMS.debug("GetCertFromRequest process: req owner=" + reqOwner);
+                    if (reqOwner.equals(group))
+                        groupMatched = true;
+                }
+                if (groupMatched == false) {
+                    CMS.debug("RA group unmatched");
+                    log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_REQUEST_ID_NOT_FOUND", requestId));
+                    throw new ECMSGWException(
+                            CMS.getUserMessage("CMS_GW_REQUEST_ID_NOT_FOUND", requestId));
+                }
             }
-          }
         }
 
         if (!((r.getRequestType().equals(IRequest.ENROLLMENT_REQUEST)) || (r.getRequestType().equals(IRequest.RENEWAL_REQUEST)))) {
-            log(ILogger.LL_FAILURE, 
-                CMS.getLogMessage("CMSGW_REQUEST_NOT_ENROLLMENT_1", requestId));
+            log(ILogger.LL_FAILURE,
+                    CMS.getLogMessage("CMSGW_REQUEST_NOT_ENROLLMENT_1", requestId));
             throw new ECMSGWException(
                     CMS.getUserMessage("CMS_GW_REQUEST_NOT_ENROLLMENT", requestId));
         }
         RequestStatus status = r.getRequestStatus();
 
         if (!status.equals(RequestStatus.COMPLETE)) {
-            log(ILogger.LL_FAILURE, 
-                CMS.getLogMessage("CMSGW_REQUEST_NOT_COMPLETED_1", requestId));
+            log(ILogger.LL_FAILURE,
+                    CMS.getLogMessage("CMSGW_REQUEST_NOT_COMPLETED_1", requestId));
             throw new ECMSGWException(
-              CMS.getUserMessage("CMS_GW_REQUEST_NOT_COMPLETED", requestId));
+                    CMS.getUserMessage("CMS_GW_REQUEST_NOT_COMPLETED", requestId));
         }
         Integer result = r.getExtDataInInteger(IRequest.RESULT);
 
         if (result != null && !result.equals(IRequest.RES_SUCCESS)) {
-            log(ILogger.LL_FAILURE, 
-                CMS.getLogMessage("CMSGW_REQUEST_HAD_ERROR_1", requestId));
+            log(ILogger.LL_FAILURE,
+                    CMS.getLogMessage("CMSGW_REQUEST_HAD_ERROR_1", requestId));
             throw new ECMSGWException(
-              CMS.getUserMessage("CMS_GW_REQUEST_HAD_ERROR", requestId));
+                    CMS.getUserMessage("CMS_GW_REQUEST_HAD_ERROR", requestId));
         }
         Object o = r.getExtDataInCertArray(IRequest.ISSUED_CERTS);
 
@@ -242,19 +238,19 @@ public class GetCertFromRequest extends CMSServlet {
             o = certs;
         }
         if (o == null || !(o instanceof X509CertImpl[])) {
-            log(ILogger.LL_FAILURE, 
-                CMS.getLogMessage("CMSGW_REQUEST_HAD_NO_CERTS_1", requestId));
+            log(ILogger.LL_FAILURE,
+                    CMS.getLogMessage("CMSGW_REQUEST_HAD_NO_CERTS_1", requestId));
             throw new ECMSGWException(
-              CMS.getUserMessage("CMS_GW_REQUEST_HAD_NO_CERTS", requestId));
+                    CMS.getUserMessage("CMS_GW_REQUEST_HAD_NO_CERTS", requestId));
         }
         if (o instanceof X509CertImpl[]) {
             X509CertImpl[] certs = (X509CertImpl[]) o;
 
             if (certs == null || certs.length == 0 || certs[0] == null) {
-                log(ILogger.LL_FAILURE, 
-                    CMS.getLogMessage("CMSGW_REQUEST_HAD_NO_CERTS_1", requestId));
+                log(ILogger.LL_FAILURE,
+                        CMS.getLogMessage("CMSGW_REQUEST_HAD_NO_CERTS_1", requestId));
                 throw new ECMSGWException(
-                  CMS.getUserMessage("CMS_GW_REQUEST_HAD_NO_CERTS", requestId));
+                        CMS.getUserMessage("CMS_GW_REQUEST_HAD_NO_CERTS", requestId));
             }
 
             // for importsCert to get the crmf_reqid.
@@ -263,7 +259,7 @@ public class GetCertFromRequest extends CMSServlet {
             cmsReq.setStatus(CMSRequest.SUCCESS);
 
             if (mImportCert &&
-                checkImportCertToNav(cmsReq.getHttpResp(), httpParams, certs[0])) {
+                    checkImportCertToNav(cmsReq.getHttpResp(), httpParams, certs[0])) {
                 return;
             }
             try {
@@ -271,26 +267,25 @@ public class GetCertFromRequest extends CMSServlet {
                 renderTemplate(cmsReq, mCertFrReqSuccessTemplate, mCertFrReqFiller);
             } catch (IOException e) {
                 log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("CMSGE_ERROR_DISPLAY_TEMPLATE_1",
-                        mCertFrReqSuccessTemplate, e.toString()));
+                        CMS.getLogMessage("CMSGE_ERROR_DISPLAY_TEMPLATE_1",
+                                mCertFrReqSuccessTemplate, e.toString()));
                 throw new ECMSGWException(
-                  CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
+                        CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
             }
         }
         return;
     }
 }
 
-
 class CertFrRequestFiller extends ImportCertsTemplateFiller {
     public CertFrRequestFiller() {
     }
 
     public CMSTemplateParams getTemplateParams(
-        CMSRequest cmsReq, IAuthority authority, Locale locale, Exception e)
-        throws Exception {
-        CMSTemplateParams tparams = 
-            super.getTemplateParams(cmsReq, authority, locale, e);
+            CMSRequest cmsReq, IAuthority authority, Locale locale, Exception e)
+            throws Exception {
+        CMSTemplateParams tparams =
+                super.getTemplateParams(cmsReq, authority, locale, e);
         String reqId = cmsReq.getHttpParams().getValueAsString(
                 GetCertFromRequest.REQUEST_ID);
 
@@ -329,11 +324,11 @@ class CertFrRequestFiller extends ImportCertsTemplateFiller {
                             }
                             if (ext instanceof KeyUsageExtension) {
                                 KeyUsageExtension usage =
-                                    (KeyUsageExtension) ext;
+                                        (KeyUsageExtension) ext;
 
                                 try {
                                     if (((Boolean) usage.get(KeyUsageExtension.DIGITAL_SIGNATURE)).booleanValue() ||
-                                        ((Boolean) usage.get(KeyUsageExtension.DATA_ENCIPHERMENT)).booleanValue())
+                                            ((Boolean) usage.get(KeyUsageExtension.DATA_ENCIPHERMENT)).booleanValue())
                                         emailCert = true;
                                 } catch (ArrayIndexOutOfBoundsException e0) {
                                     // bug356108:
diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/GetEnableStatus.java b/pki/base/common/src/com/netscape/cms/servlet/cert/GetEnableStatus.java
index 8b5536ea..e589cc06 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/cert/GetEnableStatus.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/cert/GetEnableStatus.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.servlet.cert;
 
-
 import java.io.IOException;
 import java.util.Enumeration;
 import java.util.Locale;
@@ -45,10 +44,9 @@ import com.netscape.cms.servlet.common.CMSTemplate;
 import com.netscape.cms.servlet.common.CMSTemplateParams;
 import com.netscape.cms.servlet.common.ECMSGWException;
 
-
 /**
  * Servlet to get the enrollment status, enable or disable.
- *
+ * 
  * @version $Revision$, $Date$
  */
 public class GetEnableStatus extends CMSServlet {
@@ -64,7 +62,8 @@ public class GetEnableStatus extends CMSServlet {
     }
 
     /**
-	 * initialize the servlet.
+     * initialize the servlet.
+     * 
      * @param sc servlet configuration, read from the web.xml file
      */
     public void init(ServletConfig sc) throws ServletException {
@@ -80,15 +79,15 @@ public class GetEnableStatus extends CMSServlet {
     }
 
     /**
-     * Process the HTTP request. 
+     * Process the HTTP request.
      * <ul>
      * <li>http.param
      * </ul>
-     *
+     * 
      * @param cmsReq the object holding the request and response information
      */
     protected void process(CMSRequest cmsReq)
-        throws EBaseException {
+            throws EBaseException {
         HttpServletRequest httpReq = cmsReq.getHttpReq();
         HttpServletResponse httpResp = cmsReq.getHttpResp();
 
@@ -115,7 +114,7 @@ public class GetEnableStatus extends CMSServlet {
         if (!(mAuthority instanceof IRegistrationAuthority)) {
             log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_CA_FROM_RA_NOT_IMP"));
             cmsReq.setError(new ECMSGWException(
-              CMS.getUserMessage("CMS_GW_NOT_YET_IMPLEMENTED")));
+                    CMS.getUserMessage("CMS_GW_NOT_YET_IMPLEMENTED")));
             cmsReq.setStatus(CMSRequest.ERROR);
             return;
         }
@@ -126,11 +125,11 @@ public class GetEnableStatus extends CMSServlet {
         try {
             form = getTemplate(mFormPath, httpReq, locale);
         } catch (IOException e) {
-            log(ILogger.LL_FAILURE, 
-                CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE",
-                    mFormPath, e.toString()));
+            log(ILogger.LL_FAILURE,
+                    CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE",
+                            mFormPath, e.toString()));
             cmsReq.setError(new ECMSGWException(
-              CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")));
+                    CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")));
             cmsReq.setStatus(CMSRequest.ERROR);
             return;
         }
@@ -164,10 +163,10 @@ public class GetEnableStatus extends CMSServlet {
             form.renderOutput(out, argSet);
             cmsReq.setStatus(CMSRequest.SUCCESS);
         } catch (IOException e) {
-            log(ILogger.LL_FAILURE, 
-                CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString()));
+            log(ILogger.LL_FAILURE,
+                    CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString()));
             cmsReq.setError(new ECMSGWException(
-              CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")));
+                    CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")));
             cmsReq.setStatus(CMSRequest.ERROR);
         }
         cmsReq.setStatus(CMSRequest.SUCCESS);
diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/GetInfo.java b/pki/base/common/src/com/netscape/cms/servlet/cert/GetInfo.java
index 9d83d430..3548caa0 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/cert/GetInfo.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/cert/GetInfo.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.servlet.cert;
 
-
 import java.io.IOException;
 import java.math.BigInteger;
 import java.util.Enumeration;
@@ -49,10 +48,9 @@ import com.netscape.cms.servlet.common.CMSTemplate;
 import com.netscape.cms.servlet.common.CMSTemplateParams;
 import com.netscape.cms.servlet.common.ECMSGWException;
 
-
 /**
  * Get detailed information about CA CRL processing
- *
+ * 
  * @version $Revision$, $Date$
  */
 public class GetInfo extends CMSServlet {
@@ -76,6 +74,7 @@ public class GetInfo extends CMSServlet {
 
     /**
      * initialize the servlet.
+     * 
      * @param sc servlet configuration, read from the web.xml file
      */
     public void init(ServletConfig sc) throws ServletException {
@@ -90,11 +89,11 @@ public class GetInfo extends CMSServlet {
     }
 
     /**
-	 * XXX Process the HTTP request. 
+     * XXX Process the HTTP request.
      * <ul>
      * <li>http.param template filename of template to use to render the result
      * </ul>
-     *
+     * 
      * @param cmsReq the object holding the request and response information
      */
     public void process(CMSRequest cmsReq) throws EBaseException {
@@ -109,10 +108,10 @@ public class GetInfo extends CMSServlet {
                         mAuthzResourceName, "read");
         } catch (EAuthzAccessDenied e) {
             log(ILogger.LL_FAILURE,
-                CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+                    CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
         } catch (Exception e) {
             log(ILogger.LL_FAILURE,
-                CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+                    CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
         }
 
         if (authzToken == null) {
@@ -129,35 +128,30 @@ public class GetInfo extends CMSServlet {
         String template = req.getParameter("template");
         String formFile = "";
 
-/*
-        for (int i = 0; ((template != null) && (i < template.length())); i++) {
-            char c = template.charAt(i);
-            if (!Character.isLetterOrDigit(c) && c != '_' && c != '-') {
-                template = null;
-                break;
-            }
-        }
-*/
-
+        /*
+         * for (int i = 0; ((template != null) && (i < template.length())); i++)
+         * { char c = template.charAt(i); if (!Character.isLetterOrDigit(c) && c
+         * != '_' && c != '-') { template = null; break; } }
+         */
 
         if (template != null) {
             formFile = template + ".template";
         } else {
             log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE_1"));
             throw new ECMSGWException(
-              CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
+                    CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
         }
 
         CMSTemplate form = null;
         Locale[] locale = new Locale[1];
 
-CMS.debug("*** formFile = "+formFile);
+        CMS.debug("*** formFile = " + formFile);
         try {
             form = getTemplate(formFile, req, locale);
         } catch (IOException e) {
             log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", formFile, e.toString()));
             throw new ECMSGWException(
-              CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
+                    CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
         }
 
         try {
@@ -172,29 +166,29 @@ CMS.debug("*** formFile = "+formFile);
             if (error == null) {
                 String xmlOutput = req.getParameter("xml");
                 if (xmlOutput != null && xmlOutput.equals("true")) {
-                  outputXML(resp, argSet);
+                    outputXML(resp, argSet);
                 } else {
-                  resp.setContentType("text/html");
-                  form.renderOutput(out, argSet);
-                  cmsReq.setStatus(CMSRequest.SUCCESS);
+                    resp.setContentType("text/html");
+                    form.renderOutput(out, argSet);
+                    cmsReq.setStatus(CMSRequest.SUCCESS);
                 }
             } else {
                 cmsReq.setStatus(CMSRequest.ERROR);
                 cmsReq.setError(error);
             }
         } catch (IOException e) {
-            log(ILogger.LL_FAILURE, 
-                CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString()));
+            log(ILogger.LL_FAILURE,
+                    CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString()));
             throw new ECMSGWException(
-              CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
+                    CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
         }
     }
 
     private void process(CMSTemplateParams argSet, IArgBlock header,
-        HttpServletRequest req,
-        HttpServletResponse resp,
-        Locale locale)
-        throws EBaseException {
+            HttpServletRequest req,
+            HttpServletResponse resp,
+            Locale locale)
+            throws EBaseException {
         if (mCA != null) {
             String crlIssuingPoints = "";
             String crlNumbers = "";
@@ -209,15 +203,15 @@ CMS.debug("*** formFile = "+formFile);
 
             String masterHost = CMS.getConfigStore().getString("master.ca.agent.host", "");
             String masterPort = CMS.getConfigStore().getString("master.ca.agent.port", "");
-            
+
             if (masterHost != null && masterHost.length() > 0 &&
-                masterPort != null && masterPort.length() > 0) {
+                    masterPort != null && masterPort.length() > 0) {
 
                 ICRLRepository crlRepository = mCA.getCRLRepository();
 
                 Vector ipNames = crlRepository.getIssuingPointsNames();
                 for (int i = 0; i < ipNames.size(); i++) {
-                    String ipName = (String)ipNames.elementAt(i);
+                    String ipName = (String) ipNames.elementAt(i);
                     ICRLIssuingPointRecord crlRecord = null;
                     try {
                         crlRecord = crlRepository.readCRLIssuingPointRecord(ipName);
@@ -236,8 +230,8 @@ CMS.debug("*** formFile = "+formFile);
 
                         if (crlSizes.length() > 0)
                             crlSizes += "+";
-                        crlSizes += ((crlRecord.getCRLSize() != null)? 
-                                      crlRecord.getCRLSize().toString(): "-1");
+                        crlSizes += ((crlRecord.getCRLSize() != null) ?
+                                      crlRecord.getCRLSize().toString() : "-1");
 
                         if (deltaSizes.length() > 0)
                             deltaSizes += "+";
@@ -307,7 +301,7 @@ CMS.debug("*** formFile = "+formFile);
                             recentChanges += "Publishing CRL #" + ip.getCRLNumber();
                         } else if (ip.isCRLUpdateInProgress() == ICRLIssuingPoint.CRL_UPDATE_STARTED) {
                             recentChanges += "Creating CRL #" + ip.getNextCRLNumber();
-                        } else {  // ip.CRL_UPDATE_DONE
+                        } else { // ip.CRL_UPDATE_DONE
                             recentChanges += ip.getNumberOfRecentlyRevokedCerts() + ", " +
                                     ip.getNumberOfRecentlyUnrevokedCerts() + ", " +
                                     ip.getNumberOfRecentlyExpiredCerts();
@@ -326,7 +320,7 @@ CMS.debug("*** formFile = "+formFile);
 
                         if (crlTesting.length() > 0)
                             crlTesting += "+";
-                        crlTesting += ((ip.isCRLCacheTestingEnabled())?"1":"0");
+                        crlTesting += ((ip.isCRLCacheTestingEnabled()) ? "1" : "0");
                     }
                 }
 
diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/HashEnrollServlet.java b/pki/base/common/src/com/netscape/cms/servlet/cert/HashEnrollServlet.java
index 5507cadf..58acbcfd 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/cert/HashEnrollServlet.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/cert/HashEnrollServlet.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.servlet.cert;
 
-
 import java.io.ByteArrayInputStream;
 import java.io.ByteArrayOutputStream;
 import java.io.IOException;
@@ -85,10 +84,9 @@ import com.netscape.cms.servlet.common.CMSTemplateParams;
 import com.netscape.cms.servlet.common.ECMSGWException;
 import com.netscape.cms.servlet.common.ICMSTemplateFiller;
 
-
 /**
  * performs face-to-face enrollment.
- *
+ * 
  * @version $Revision$, $Date$
  */
 public class HashEnrollServlet extends CMSServlet {
@@ -100,10 +98,9 @@ public class HashEnrollServlet extends CMSServlet {
     public final static String ADMIN_ENROLL_SERVLET_ID = "adminEnroll";
 
     // enrollment templates.
-    public static final String 
-        ENROLL_SUCCESS_TEMPLATE = "/ra/HashEnrollSuccess.template";
+    public static final String ENROLL_SUCCESS_TEMPLATE = "/ra/HashEnrollSuccess.template";
 
-    // http params 
+    // http params
     public static final String OLD_CERT_TYPE = "csrCertType";
     public static final String CERT_TYPE = "certType";
     // same as in ConfigConstant.java
@@ -123,8 +120,7 @@ public class HashEnrollServlet extends CMSServlet {
 
     private boolean mAuthTokenOverride = true;
     private String mEnrollSuccessTemplate = null;
-    private ICMSTemplateFiller 
-        mEnrollSuccessFiller = new ImportCertsTemplateFiller();
+    private ICMSTemplateFiller mEnrollSuccessFiller = new ImportCertsTemplateFiller();
 
     ICertificateAuthority mCa = null;
     ICertificateRepository mRepository = null;
@@ -135,6 +131,7 @@ public class HashEnrollServlet extends CMSServlet {
 
     /**
      * initialize the servlet.
+     * 
      * @param sc servlet configuration, read from the web.xml file
      */
     public void init(ServletConfig sc) throws ServletException {
@@ -146,13 +143,13 @@ public class HashEnrollServlet extends CMSServlet {
                         CMSServlet.PROP_SUCCESS_TEMPLATE);
             if (mEnrollSuccessTemplate == null)
                 mEnrollSuccessTemplate = ENROLL_SUCCESS_TEMPLATE;
-            String fillername = 
-                sc.getInitParameter(PROP_SUCCESS_TEMPLATE_FILLER);
+            String fillername =
+                    sc.getInitParameter(PROP_SUCCESS_TEMPLATE_FILLER);
 
             if (fillername != null) {
                 ICMSTemplateFiller filler = newFillerObject(fillername);
 
-                if (filler != null) 
+                if (filler != null)
                     mEnrollSuccessFiller = filler;
             }
 
@@ -161,20 +158,19 @@ public class HashEnrollServlet extends CMSServlet {
 
             init_testbed_hack(mConfig);
         } catch (Exception e) {
-            // this should never happen. 
-            log(ILogger.LL_FAILURE, 
-                CMS.getLogMessage("CMSGW_IMP_INIT_SERV_ERR", e.toString(), mId));
+            // this should never happen.
+            log(ILogger.LL_FAILURE,
+                    CMS.getLogMessage("CMSGW_IMP_INIT_SERV_ERR", e.toString(), mId));
         }
     }
 
-
     /**
-     * Process the HTTP request. 
-     *
+     * Process the HTTP request.
+     * 
      * @param cmsReq the object holding the request and response information
      */
-    protected void process(CMSRequest cmsReq) 
-        throws EBaseException {
+    protected void process(CMSRequest cmsReq)
+            throws EBaseException {
         IArgBlock httpParams = cmsReq.getHttpParams();
         HttpServletRequest httpReq = cmsReq.getHttpReq();
         HttpServletResponse httpResp = cmsReq.getHttpResp();
@@ -193,7 +189,7 @@ public class HashEnrollServlet extends CMSServlet {
         IConfigStore configStore = CMS.getConfigStore();
         String val = configStore.getString("hashDirEnrollment.name");
         IAuthSubsystem authSS = (IAuthSubsystem)
-            CMS.getSubsystem(CMS.SUBSYSTEM_AUTH);
+                CMS.getSubsystem(CMS.SUBSYSTEM_AUTH);
         IAuthManager authMgr = authSS.get(val);
         HashAuthentication mgr = (HashAuthentication) authMgr;
 
@@ -226,14 +222,15 @@ public class HashEnrollServlet extends CMSServlet {
         certType = httpParams.getValueAsString(OLD_CERT_TYPE, null);
         if (certType == null) {
             certType = httpParams.getValueAsString(CERT_TYPE, "client");
-        } else {;
-        }			
+        } else {
+            ;
+        }
 
-        processX509(cmsReq); 
+        processX509(cmsReq);
     }
-	
+
     private void printError(CMSRequest cmsReq, String errorCode)
-        throws EBaseException {
+            throws EBaseException {
         IArgBlock httpParams = cmsReq.getHttpParams();
         HttpServletRequest httpReq = cmsReq.getHttpReq();
         HttpServletResponse httpResp = cmsReq.getHttpResp();
@@ -253,9 +250,9 @@ public class HashEnrollServlet extends CMSServlet {
             form = getTemplate(formPath, httpReq, locale);
         } catch (IOException e) {
             log(ILogger.LL_FAILURE,
-                CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", formPath, e.toString()));
+                    CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", formPath, e.toString()));
             cmsReq.setError(new ECMSGWException(
-               CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")));
+                    CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")));
             cmsReq.setStatus(CMSRequest.ERROR);
             return;
         }
@@ -267,16 +264,16 @@ public class HashEnrollServlet extends CMSServlet {
             cmsReq.setStatus(CMSRequest.SUCCESS);
         } catch (IOException e) {
             log(ILogger.LL_FAILURE,
-                CMS.getLogMessage("CMSGW_ERR_BAD_SERV_OUT_STREAM",
-                    e.toString()));
+                    CMS.getLogMessage("CMSGW_ERR_BAD_SERV_OUT_STREAM",
+                            e.toString()));
             cmsReq.setError(new ECMSGWException(
-               CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")));
+                    CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")));
             cmsReq.setStatus(CMSRequest.ERROR);
         }
     }
 
-    protected void processX509(CMSRequest cmsReq) 
-        throws EBaseException {
+    protected void processX509(CMSRequest cmsReq)
+            throws EBaseException {
         IArgBlock httpParams = cmsReq.getHttpParams();
         HttpServletRequest httpReq = cmsReq.getHttpReq();
 
@@ -284,19 +281,16 @@ public class HashEnrollServlet extends CMSServlet {
         IRequest req = mRequestQueue.newRequest(IRequest.ENROLLMENT_REQUEST);
 
         /*
-         * === certAuth based enroll ===
-         * "certAuthEnroll" is on.
-         * "certauthEnrollType can be one of the three:
-         *		 single - it's for single cert enrollment 
-         *		 dual - it's for dual certs enrollment
-         *		 encryption - getting the encryption cert only via
-         *                    authentication of the signing cert
-         *                    (crmf or keyGenInfo)
+         * === certAuth based enroll === "certAuthEnroll" is on.
+         * "certauthEnrollType can be one of the three: single - it's for single
+         * cert enrollment dual - it's for dual certs enrollment encryption -
+         * getting the encryption cert only via authentication of the signing
+         * cert (crmf or keyGenInfo)
          */
         boolean certAuthEnroll = false;
 
         String certAuthEnrollOn =
-            httpParams.getValueAsString("certauthEnroll", null);
+                httpParams.getValueAsString("certauthEnroll", null);
         X509CertInfo new_certInfo = null;
 
         if ((certAuthEnrollOn != null) && (certAuthEnrollOn.equals("on"))) {
@@ -307,7 +301,7 @@ public class HashEnrollServlet extends CMSServlet {
         String certauthEnrollType = null;
 
         if (certAuthEnroll == true) {
-            certauthEnrollType = 
+            certauthEnrollType =
                     httpParams.getValueAsString("certauthEnrollType", null);
             if (certauthEnrollType != null) {
                 if (certauthEnrollType.equals("dual")) {
@@ -318,15 +312,15 @@ public class HashEnrollServlet extends CMSServlet {
                     CMS.debug("HashEnrollServlet: certauthEnrollType is single");
                 } else {
                     log(ILogger.LL_FAILURE,
-                        CMS.getLogMessage("CMSGW_INVALID_CERTAUTH_ENROLL_TYPE_1", certauthEnrollType));
+                            CMS.getLogMessage("CMSGW_INVALID_CERTAUTH_ENROLL_TYPE_1", certauthEnrollType));
                     throw new ECMSGWException(
-                      CMS.getUserMessage("CMS_GW_INVALID_CERTAUTH_ENROLL_TYPE"));
+                            CMS.getUserMessage("CMS_GW_INVALID_CERTAUTH_ENROLL_TYPE"));
                 }
             } else {
                 log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("CMSGW_MISSING_CERTAUTH_ENROLL_TYPE"));
+                        CMS.getLogMessage("CMSGW_MISSING_CERTAUTH_ENROLL_TYPE"));
                 throw new ECMSGWException(
-                   CMS.getUserMessage("CMS_GW_MISSING_CERTAUTH_ENROLL_TYPE"));
+                        CMS.getUserMessage("CMS_GW_MISSING_CERTAUTH_ENROLL_TYPE"));
             }
         }
 
@@ -356,8 +350,8 @@ public class HashEnrollServlet extends CMSServlet {
         String certBasedOldSubjectDN = null;
         BigInteger certBasedOldSerialNum = null;
 
-        // check if request was authenticated, if so set authtoken & certInfo. 
-        // also if authenticated, take certInfo from authToken. 
+        // check if request was authenticated, if so set authtoken & certInfo.
+        // also if authenticated, take certInfo from authToken.
         X509CertInfo certInfo = null;
 
         if (certAuthEnroll == true) {
@@ -365,7 +359,7 @@ public class HashEnrollServlet extends CMSServlet {
             if (sslClientCert == null) {
                 log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_MISSING_SSL_CLIENT_CERT"));
                 throw new ECMSGWException(
-                  CMS.getUserMessage("CMS_GW_MISSING_SSL_CLIENT_CERT"));
+                        CMS.getUserMessage("CMS_GW_MISSING_SSL_CLIENT_CERT"));
             }
 
             certBasedOldSubjectDN = (String) sslClientCert.getSubjectDN().toString();
@@ -373,24 +367,24 @@ public class HashEnrollServlet extends CMSServlet {
             try {
                 certInfo = (X509CertInfo)
                         ((X509CertImpl) sslClientCert).get(
-                            X509CertImpl.NAME + "." + X509CertImpl.INFO);
+                                X509CertImpl.NAME + "." + X509CertImpl.INFO);
             } catch (CertificateParsingException ex) {
                 log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("CMSGW_MISSING_CERTINFO_ENCRYPT_CERT"));
+                        CMS.getLogMessage("CMSGW_MISSING_CERTINFO_ENCRYPT_CERT"));
                 throw new ECMSGWException(
-                  CMS.getUserMessage(getLocale(httpReq), "CMS_GW_MISSING_CERTINFO"));
+                        CMS.getUserMessage(getLocale(httpReq), "CMS_GW_MISSING_CERTINFO"));
             }
         } else {
             certInfo = CMS.getDefaultX509CertInfo();
         }
 
-        X509CertInfo[] certInfoArray = new X509CertInfo[] {certInfo};
+        X509CertInfo[] certInfoArray = new X509CertInfo[] { certInfo };
 
-        //AuthToken authToken = access.getAuthToken();
+        // AuthToken authToken = access.getAuthToken();
         IConfigStore configStore = CMS.getConfigStore();
         String val = configStore.getString("hashDirEnrollment.name");
         IAuthSubsystem authSS = (IAuthSubsystem)
-            CMS.getSubsystem(CMS.SUBSYSTEM_AUTH);
+                CMS.getSubsystem(CMS.SUBSYSTEM_AUTH);
         IAuthManager authMgr1 = authSS.get(val);
         HashAuthentication mgr = (HashAuthentication) authMgr1;
         String pageID = httpParams.getValueAsString("pageID", null);
@@ -405,24 +399,24 @@ public class HashEnrollServlet extends CMSServlet {
             cmsReq.setStatus(CMSRequest.SUCCESS);
             return;
         } else {
-            authMgr = 
+            authMgr =
                     authToken.getInString(AuthToken.TOKEN_AUTHMGR_INST_NAME);
-            // don't store agent token in request. 
-            // agent currently used for bulk issuance. 
+            // don't store agent token in request.
+            // agent currently used for bulk issuance.
             // if (!authMgr.equals(IAuthSubsystem.CERTUSERDB_AUTHMGR_ID)) {
-            log(ILogger.LL_INFO, 
-                "Enrollment request was authenticated by " +
-                authToken.getInString(AuthToken.TOKEN_AUTHMGR_INST_NAME));
+            log(ILogger.LL_INFO,
+                    "Enrollment request was authenticated by " +
+                            authToken.getInString(AuthToken.TOKEN_AUTHMGR_INST_NAME));
             fillCertInfoFromAuthToken(certInfo, authToken);
-            // save authtoken attrs to request directly (for policy use) 
+            // save authtoken attrs to request directly (for policy use)
             saveAuthToken(authToken, req);
             // req.set(IRequest.AUTH_TOKEN, authToken);
             // }
         }
 
         // fill certInfo from input types: keygen, cmc, pkcs10 or crmf
-        KeyGenInfo keyGenInfo = 
-            httpParams.getValueAsKeyGenInfo(SUBJECT_KEYGEN_INFO, null);	
+        KeyGenInfo keyGenInfo =
+                httpParams.getValueAsKeyGenInfo(SUBJECT_KEYGEN_INFO, null);
 
         String certType = null;
 
@@ -441,8 +435,8 @@ public class HashEnrollServlet extends CMSServlet {
             req.setExtData(IRequest.HTTP_PARAMS, CERT_TYPE, certType);
         }
 
-        String crmf = 
-            httpParams.getValueAsString(CRMF_REQUEST, null);
+        String crmf =
+                httpParams.getValueAsString(CRMF_REQUEST, null);
 
         if (certAuthEnroll == true) {
 
@@ -452,24 +446,24 @@ public class HashEnrollServlet extends CMSServlet {
             if (certauthEnrollType.equals(CERT_AUTH_DUAL)) {
                 if (mCa == null) {
                     log(ILogger.LL_FAILURE,
-                        CMS.getLogMessage("CMSGW_NOT_A_CA"));
+                            CMS.getLogMessage("CMSGW_NOT_A_CA"));
                     throw new ECMSGWException(
-                      CMS.getUserMessage("CMS_GW_NOT_A_CA"));
+                            CMS.getUserMessage("CMS_GW_NOT_A_CA"));
                 }
 
                 // first, make sure the client cert is indeed a
-                //				signing only cert
+                // signing only cert
                 if ((CMS.isSigningCert((X509CertImpl) sslClientCert) ==
                         false) ||
-                    ((CMS.isSigningCert((X509CertImpl) sslClientCert) ==
+                        ((CMS.isSigningCert((X509CertImpl) sslClientCert) ==
                             true) &&
                         (CMS.isEncryptionCert((X509CertImpl) sslClientCert) ==
                             true))) {
                     // either it's not a signing cert, or it's a dual cert
                     log(ILogger.LL_FAILURE,
-                        CMS.getLogMessage("CMSGW_INVALID_CERT_TYPE"));
+                            CMS.getLogMessage("CMSGW_INVALID_CERT_TYPE"));
                     throw new ECMSGWException(
-                      CMS.getUserMessage("CMS_GW_INVALID_CERT_TYPE"));
+                            CMS.getUserMessage("CMS_GW_INVALID_CERT_TYPE"));
                 }
                 X509Key key = null;
 
@@ -478,22 +472,22 @@ public class HashEnrollServlet extends CMSServlet {
                 try {
                     certInfo.set(X509CertInfo.KEY, new CertificateX509Key(key));
                 } catch (CertificateException e) {
-                    log(ILogger.LL_FAILURE, 
-                        CMS.getLogMessage("CMSGW_FAILED_SET_KEY_FROM_CERT_AUTH_ENROLL_1", e.toString()));
+                    log(ILogger.LL_FAILURE,
+                            CMS.getLogMessage("CMSGW_FAILED_SET_KEY_FROM_CERT_AUTH_ENROLL_1", e.toString()));
                     throw new ECMSGWException(
-                      CMS.getUserMessage("CMS_GW_SET_KEY_FROM_CERT_AUTH_ENROLL_FAILED", e.toString()));
+                            CMS.getUserMessage("CMS_GW_SET_KEY_FROM_CERT_AUTH_ENROLL_FAILED", e.toString()));
                 } catch (IOException e) {
-                    log(ILogger.LL_FAILURE, 
-                        CMS.getLogMessage("CMSGW_FAILED_SET_KEY_FROM_CERT_AUTH_ENROLL_1", e.toString()));
+                    log(ILogger.LL_FAILURE,
+                            CMS.getLogMessage("CMSGW_FAILED_SET_KEY_FROM_CERT_AUTH_ENROLL_1", e.toString()));
                     throw new ECMSGWException(
-                      CMS.getUserMessage("CMS_GW_SET_KEY_FROM_CERT_AUTH_ENROLL_FAILED", e.toString()));
+                            CMS.getUserMessage("CMS_GW_SET_KEY_FROM_CERT_AUTH_ENROLL_FAILED", e.toString()));
                 }
 
                 String filter =
-                    "(&(x509cert.subject=" + certBasedOldSubjectDN + ")(!(x509cert.serialNumber=" + certBasedOldSerialNum + "))(certStatus=VALID))";
-                ICertRecordList list = 
-                    (ICertRecordList) mCa.getCertificateRepository().findCertRecordsInList(filter,
-                        null, 10);
+                        "(&(x509cert.subject=" + certBasedOldSubjectDN + ")(!(x509cert.serialNumber=" + certBasedOldSerialNum + "))(certStatus=VALID))";
+                ICertRecordList list =
+                        (ICertRecordList) mCa.getCertificateRepository().findCertRecordsInList(filter,
+                                null, 10);
                 int size = list.getSize();
                 Enumeration<ICertRecord> en = list.getCertRecords(0, size - 1);
                 boolean gotEncCert = false;
@@ -502,8 +496,8 @@ public class HashEnrollServlet extends CMSServlet {
                     // pairing encryption cert not found
                 } else {
                     X509CertInfo encCertInfo = CMS.getDefaultX509CertInfo();
-                    X509CertInfo[] cInfoArray = new X509CertInfo[] {certInfo,
-                            encCertInfo};
+                    X509CertInfo[] cInfoArray = new X509CertInfo[] { certInfo,
+                            encCertInfo };
                     int i = 1;
 
                     while (en.hasMoreElements()) {
@@ -512,7 +506,7 @@ public class HashEnrollServlet extends CMSServlet {
 
                         // if not encryption cert only, try next one
                         if ((CMS.isEncryptionCert(cert) == false) ||
-                            ((CMS.isEncryptionCert(cert) == true) &&
+                                ((CMS.isEncryptionCert(cert) == true) &&
                                 (CMS.isSigningCert(cert) == true))) {
                             continue;
                         }
@@ -521,27 +515,27 @@ public class HashEnrollServlet extends CMSServlet {
                         try {
                             encCertInfo = (X509CertInfo)
                                     cert.get(
-                                        X509CertImpl.NAME + "." + X509CertImpl.INFO);
+                                            X509CertImpl.NAME + "." + X509CertImpl.INFO);
 
                         } catch (CertificateParsingException ex) {
                             log(ILogger.LL_FAILURE,
-                                CMS.getLogMessage("CMSGW_MISSING_CERTINFO_ENCRYPT_CERT"));
+                                    CMS.getLogMessage("CMSGW_MISSING_CERTINFO_ENCRYPT_CERT"));
                             throw new ECMSGWException(
-                              CMS.getUserMessage(getLocale(httpReq), "CMS_GW_MISSING_CERTINFO"));
+                                    CMS.getUserMessage(getLocale(httpReq), "CMS_GW_MISSING_CERTINFO"));
                         }
 
                         try {
                             encCertInfo.set(X509CertInfo.KEY, new CertificateX509Key(key));
                         } catch (CertificateException e) {
-                            log(ILogger.LL_FAILURE, 
-                                CMS.getLogMessage("CMSGW_FAILED_SET_KEY_FROM_CERT_AUTH_ENROLL_1", e.toString()));
+                            log(ILogger.LL_FAILURE,
+                                    CMS.getLogMessage("CMSGW_FAILED_SET_KEY_FROM_CERT_AUTH_ENROLL_1", e.toString()));
                             throw new ECMSGWException(
-                              CMS.getUserMessage("CMS_GW_SET_KEY_FROM_CERT_AUTH_ENROLL_FAILED", e.toString()));
+                                    CMS.getUserMessage("CMS_GW_SET_KEY_FROM_CERT_AUTH_ENROLL_FAILED", e.toString()));
                         } catch (IOException e) {
-                            log(ILogger.LL_FAILURE, 
-                                CMS.getLogMessage("CMSGW_FAILED_SET_KEY_FROM_CERT_AUTH_ENROLL_1", e.toString()));
+                            log(ILogger.LL_FAILURE,
+                                    CMS.getLogMessage("CMSGW_FAILED_SET_KEY_FROM_CERT_AUTH_ENROLL_1", e.toString()));
                             throw new ECMSGWException(
-                              CMS.getUserMessage("CMS_GW_SET_KEY_FROM_CERT_AUTH_ENROLL_FAILED", e.toString()));
+                                    CMS.getUserMessage("CMS_GW_SET_KEY_FROM_CERT_AUTH_ENROLL_FAILED", e.toString()));
                         }
                         fillCertInfoFromAuthToken(encCertInfo, authToken);
 
@@ -555,24 +549,24 @@ public class HashEnrollServlet extends CMSServlet {
                 if (gotEncCert == false) {
                     // encryption cert not found, bail
                     log(ILogger.LL_FAILURE,
-                        CMS.getLogMessage("CMSGW_ENCRYPTION_CERT_NOT_FOUND"));
+                            CMS.getLogMessage("CMSGW_ENCRYPTION_CERT_NOT_FOUND"));
                     throw new ECMSGWException(
-                      CMS.getUserMessage("CMS_GW_ENCRYPTION_CERT_NOT_FOUND"));
+                            CMS.getUserMessage("CMS_GW_ENCRYPTION_CERT_NOT_FOUND"));
                 }
             } else if (certauthEnrollType.equals(CERT_AUTH_ENCRYPTION)) {
                 // first, make sure the client cert is indeed a
-                //				signing only cert
+                // signing only cert
                 if ((CMS.isSigningCert((X509CertImpl) sslClientCert) ==
                         false) ||
-                    ((CMS.isSigningCert((X509CertImpl) sslClientCert) ==
+                        ((CMS.isSigningCert((X509CertImpl) sslClientCert) ==
                             true) &&
                         (CMS.isEncryptionCert((X509CertImpl) sslClientCert) ==
                             true))) {
                     // either it's not a signing cert, or it's a dual cert
                     log(ILogger.LL_FAILURE,
-                        CMS.getLogMessage("CMSGW_INVALID_CERT_TYPE"));
+                            CMS.getLogMessage("CMSGW_INVALID_CERT_TYPE"));
                     throw new ECMSGWException(
-                      CMS.getUserMessage("CMS_GW_INVALID_CERT_TYPE"));
+                            CMS.getUserMessage("CMS_GW_INVALID_CERT_TYPE"));
                 }
 
                 /*
@@ -581,14 +575,14 @@ public class HashEnrollServlet extends CMSServlet {
                 if (crmf != null && crmf != "") {
                     certInfoArray = fillCRMF(crmf, authToken, httpParams, req);
                     req.setExtData(CLIENT_ISSUER,
-                        sslClientCert.getIssuerDN().toString());
+                            sslClientCert.getIssuerDN().toString());
                     CMS.debug(
-                        "HashEnrollServlet: sslClientCert issuerDN = " + sslClientCert.getIssuerDN().toString());
+                            "HashEnrollServlet: sslClientCert issuerDN = " + sslClientCert.getIssuerDN().toString());
                 } else {
-                    log(ILogger.LL_FAILURE, 
-                        CMS.getLogMessage("CMSGW_MISSING_KEYGEN_INFO"));
+                    log(ILogger.LL_FAILURE,
+                            CMS.getLogMessage("CMSGW_MISSING_KEYGEN_INFO"));
                     throw new ECMSGWException(CMS.getUserMessage(getLocale(httpReq),
-                      "CMS_GW_MISSING_KEYGEN_INFO"));
+                            "CMS_GW_MISSING_KEYGEN_INFO"));
                 }
             } else if (certauthEnrollType.equals(CERT_AUTH_SINGLE)) {
                 // have to be buried here to handle the issuer
@@ -596,21 +590,21 @@ public class HashEnrollServlet extends CMSServlet {
                 if (crmf != null && crmf != "") {
                     certInfoArray = fillCRMF(crmf, authToken, httpParams, req);
                 } else {
-                    log(ILogger.LL_FAILURE, 
-                        CMS.getLogMessage("CMSGW_MISSING_KEYGEN_INFO"));
+                    log(ILogger.LL_FAILURE,
+                            CMS.getLogMessage("CMSGW_MISSING_KEYGEN_INFO"));
                     throw new ECMSGWException(CMS.getUserMessage(getLocale(httpReq),
-                      "CMS_GW_MISSING_KEYGEN_INFO"));
+                            "CMS_GW_MISSING_KEYGEN_INFO"));
                 }
                 req.setExtData(CLIENT_ISSUER,
-                    sslClientCert.getIssuerDN().toString());
+                        sslClientCert.getIssuerDN().toString());
             }
         } else if (crmf != null && crmf != "") {
             certInfoArray = fillCRMF(crmf, authToken, httpParams, req);
         } else {
-            log(ILogger.LL_FAILURE, 
-                CMS.getLogMessage("CMSGW_MISSING_KEYGEN_INFO"));
+            log(ILogger.LL_FAILURE,
+                    CMS.getLogMessage("CMSGW_MISSING_KEYGEN_INFO"));
             throw new ECMSGWException(CMS.getUserMessage(getLocale(httpReq),
-                "CMS_GW_MISSING_KEYGEN_INFO"));
+                    "CMS_GW_MISSING_KEYGEN_INFO"));
         }
 
         req.setExtData(IRequest.CERT_INFO, certInfoArray);
@@ -621,9 +615,9 @@ public class HashEnrollServlet extends CMSServlet {
             req.setExtData(CHALLENGE_PASSWORD, pwd);
         }
 
-        // send request to request queue. 
+        // send request to request queue.
         mRequestQueue.processRequest(req);
-        // process result. 
+        // process result.
 
         // render OLD_CERT_TYPE's response differently, we
         // dont want any javascript in HTML, and need to
@@ -638,24 +632,24 @@ public class HashEnrollServlet extends CMSServlet {
             return;
         }
 
-        //for audit log
+        // for audit log
         String initiative = null;
         String agentID = null;
 
         if (!authMgr.equals(IAuthSubsystem.CERTUSERDB_AUTHMGR_ID)) {
-            // request is from eegateway, so fromUser. 
+            // request is from eegateway, so fromUser.
             initiative = AuditFormat.FROMUSER;
         } else {
             agentID = authToken.getInString("userid");
             initiative = AuditFormat.FROMAGENT + " agentID: " + agentID;
-        }	
+        }
 
         // if service not complete return standard templates.
         RequestStatus status = req.getRequestStatus();
 
         if (status != RequestStatus.COMPLETE) {
             cmsReq.setIRequestStatus(); // set status acc. to IRequest status.
-            // audit log the status 
+            // audit log the status
             try {
                 if (status == RequestStatus.REJECTED) {
                     Vector<String> messages = req.getExtDataInStringVector(IRequest.ERRORS);
@@ -668,52 +662,52 @@ public class HashEnrollServlet extends CMSServlet {
                             wholeMsg.append("\n");
                             wholeMsg.append(msgs.nextElement());
                         }
-                        mLogger.log(ILogger.EV_AUDIT, 
-                            ILogger.S_OTHER,
-                            AuditFormat.LEVEL,
-                            AuditFormat.ENROLLMENTFORMAT,
-                            new Object[] {
-                                req.getRequestId(), 
-                                initiative,
-                                authMgr,
-                                status.toString(),
-                                certInfo.get(X509CertInfo.SUBJECT),
-                                " violation: " +
-                                wholeMsg.toString()},
-                            ILogger.L_MULTILINE
-                        );
+                        mLogger.log(ILogger.EV_AUDIT,
+                                ILogger.S_OTHER,
+                                AuditFormat.LEVEL,
+                                AuditFormat.ENROLLMENTFORMAT,
+                                new Object[] {
+                                        req.getRequestId(),
+                                        initiative,
+                                        authMgr,
+                                        status.toString(),
+                                        certInfo.get(X509CertInfo.SUBJECT),
+                                        " violation: " +
+                                                wholeMsg.toString() },
+                                ILogger.L_MULTILINE
+                                );
                     } else { // no policy violation, from agent
                         mLogger.log(ILogger.EV_AUDIT,
+                                ILogger.S_OTHER,
+                                AuditFormat.LEVEL,
+                                AuditFormat.ENROLLMENTFORMAT,
+                                new Object[] {
+                                        req.getRequestId(),
+                                        initiative,
+                                        authMgr,
+                                        status.toString(),
+                                        certInfo.get(X509CertInfo.SUBJECT), "" }
+                                );
+                    }
+                } else { // other imcomplete status
+                    mLogger.log(ILogger.EV_AUDIT,
                             ILogger.S_OTHER,
                             AuditFormat.LEVEL,
                             AuditFormat.ENROLLMENTFORMAT,
                             new Object[] {
-                                req.getRequestId(), 
-                                initiative,
-                                authMgr,
-                                status.toString(),
-                                certInfo.get(X509CertInfo.SUBJECT), ""}
-                        );
-                    }
-                } else { // other imcomplete status 
-                    mLogger.log(ILogger.EV_AUDIT,
-                        ILogger.S_OTHER,
-                        AuditFormat.LEVEL,
-                        AuditFormat.ENROLLMENTFORMAT,
-                        new Object[] {
-                            req.getRequestId(), 
-                            initiative,
-                            authMgr,
-                            status.toString(),
-                            certInfo.get(X509CertInfo.SUBJECT), ""}
-                    );
+                                    req.getRequestId(),
+                                    initiative,
+                                    authMgr,
+                                    status.toString(),
+                                    certInfo.get(X509CertInfo.SUBJECT), "" }
+                            );
                 }
             } catch (IOException e) {
                 log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("CMSGW_CANT_GET_CERT_SUBJ_AUDITING", e.toString()));
+                        CMS.getLogMessage("CMSGW_CANT_GET_CERT_SUBJ_AUDITING", e.toString()));
             } catch (CertificateException e) {
                 log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("CMSGW_CANT_GET_CERT_SUBJ_AUDITING", e.toString()));
+                        CMS.getLogMessage("CMSGW_CANT_GET_CERT_SUBJ_AUDITING", e.toString()));
             }
             return;
         }
@@ -725,39 +719,39 @@ public class HashEnrollServlet extends CMSServlet {
             cmsReq.setStatus(CMSRequest.ERROR);
             cmsReq.setError(req.getExtDataInString(IRequest.ERROR));
             String[] svcErrors =
-                req.getExtDataInStringArray(IRequest.SVCERRORS);
+                    req.getExtDataInStringArray(IRequest.SVCERRORS);
 
             if (svcErrors != null && svcErrors.length > 0) {
                 for (int i = 0; i < svcErrors.length; i++) {
                     String err = svcErrors[i];
 
                     if (err != null) {
-                        //System.out.println(
-                        //"revocation servlet: setting error description "+
-                        //err.toString());
+                        // System.out.println(
+                        // "revocation servlet: setting error description "+
+                        // err.toString());
                         cmsReq.setErrorDescription(err);
                         // audit log the error
                         try {
-                            mLogger.log(ILogger.EV_AUDIT, 
-                                ILogger.S_OTHER,
-                                AuditFormat.LEVEL,
-                                AuditFormat.ENROLLMENTFORMAT,
-                                new Object[] {
-                                    req.getRequestId(), 
-                                    initiative,
-                                    authMgr,
-                                    "completed with error: " +
-                                    err,
-                                    certInfo.get(X509CertInfo.SUBJECT), ""}
-                            );
+                            mLogger.log(ILogger.EV_AUDIT,
+                                    ILogger.S_OTHER,
+                                    AuditFormat.LEVEL,
+                                    AuditFormat.ENROLLMENTFORMAT,
+                                    new Object[] {
+                                            req.getRequestId(),
+                                            initiative,
+                                            authMgr,
+                                            "completed with error: " +
+                                                    err,
+                                            certInfo.get(X509CertInfo.SUBJECT), "" }
+                                    );
                         } catch (IOException e) {
                             log(ILogger.LL_FAILURE,
-                                CMS.getLogMessage("CMSGW_CANT_GET_CERT_SUBJ_AUDITING", 
-                                    e.toString()));
+                                    CMS.getLogMessage("CMSGW_CANT_GET_CERT_SUBJ_AUDITING",
+                                            e.toString()));
                         } catch (CertificateException e) {
                             log(ILogger.LL_FAILURE,
-                                CMS.getLogMessage("CMSGW_CANT_GET_CERT_SUBJ_AUDITING", 
-                                    e.toString()));
+                                    CMS.getLogMessage("CMSGW_CANT_GET_CERT_SUBJ_AUDITING",
+                                            e.toString()));
                         }
                     }
                 }
@@ -768,143 +762,143 @@ public class HashEnrollServlet extends CMSServlet {
         // service success
         cmsReq.setStatus(CMSRequest.SUCCESS);
         X509CertImpl[] issuedCerts =
-            req.getExtDataInCertArray(IRequest.ISSUED_CERTS);
+                req.getExtDataInCertArray(IRequest.ISSUED_CERTS);
 
         // audit log the success.
-        mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER, 
-            AuditFormat.LEVEL,
-            AuditFormat.ENROLLMENTFORMAT,
-            new Object[] {
-                req.getRequestId(), 
-                initiative,
-                authMgr,
-                "completed",
-                issuedCerts[0].getSubjectDN(),
-                "cert issued serial number: 0x" +
-                issuedCerts[0].getSerialNumber().toString(16)}
-        );
+        mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER,
+                AuditFormat.LEVEL,
+                AuditFormat.ENROLLMENTFORMAT,
+                new Object[] {
+                        req.getRequestId(),
+                        initiative,
+                        authMgr,
+                        "completed",
+                        issuedCerts[0].getSubjectDN(),
+                        "cert issued serial number: 0x" +
+                                issuedCerts[0].getSerialNumber().toString(16) }
+                );
 
         // return cert as mime type binary if requested.
         if (checkImportCertToNav(
-                cmsReq.getHttpResp(), httpParams, issuedCerts[0])) { 
+                cmsReq.getHttpResp(), httpParams, issuedCerts[0])) {
             cmsReq.setStatus(CMSRequest.SUCCESS);
             return;
         }
-			
+
         // use success template.
         try {
-            cmsReq.setResult(issuedCerts); 
-            renderTemplate(cmsReq, mEnrollSuccessTemplate, 
-                mEnrollSuccessFiller);
-            cmsReq.setStatus(CMSRequest.SUCCESS); 
+            cmsReq.setResult(issuedCerts);
+            renderTemplate(cmsReq, mEnrollSuccessTemplate,
+                    mEnrollSuccessFiller);
+            cmsReq.setStatus(CMSRequest.SUCCESS);
         } catch (IOException e) {
-            log(ILogger.LL_FAILURE, 
-                CMS.getLogMessage("CMSGW_TEMP_REND_ERR", mEnrollSuccessFiller.toString(), e.toString()));
+            log(ILogger.LL_FAILURE,
+                    CMS.getLogMessage("CMSGW_TEMP_REND_ERR", mEnrollSuccessFiller.toString(), e.toString()));
             throw new ECMSGWException(
-              CMS.getUserMessage("CMS_GW_RETURNING_RESULT_ERROR"));
+                    CMS.getUserMessage("CMS_GW_RETURNING_RESULT_ERROR"));
         }
         return;
     }
 
     /**
-     * fill subject name, validity, extensions from authoken if any, 
-     * overriding what was in pkcs10. 
-     * fill subject name, extensions from http input if not authenticated. 
-     * requests not authenticated will need to be approved by an agent. 
+     * fill subject name, validity, extensions from authoken if any, overriding
+     * what was in pkcs10. fill subject name, extensions from http input if not
+     * authenticated. requests not authenticated will need to be approved by an
+     * agent.
      */
     protected void fillCertInfoFromAuthToken(
-        X509CertInfo certInfo, IAuthToken authToken)
-        throws EBaseException {
+            X509CertInfo certInfo, IAuthToken authToken)
+            throws EBaseException {
         // override subject, validity and extensions from auth token
         // CA determines algorithm, version and issuer.
-        // take key from keygen, cmc, pkcs10 or crmf. 
+        // take key from keygen, cmc, pkcs10 or crmf.
 
         // subject name.
         try {
             String subjectname =
-                authToken.getInString(AuthToken.TOKEN_CERT_SUBJECT);
+                    authToken.getInString(AuthToken.TOKEN_CERT_SUBJECT);
 
             if (subjectname != null) {
                 CertificateSubjectName certSubject = (CertificateSubjectName)
-                    new CertificateSubjectName(new X500Name(subjectname));
+                        new CertificateSubjectName(new X500Name(subjectname));
 
                 certInfo.set(X509CertInfo.SUBJECT, certSubject);
-                log(ILogger.LL_INFO, 
-                    "cert subject set to " + certSubject + " from authtoken");
+                log(ILogger.LL_INFO,
+                        "cert subject set to " + certSubject + " from authtoken");
             }
         } catch (CertificateException e) {
-            log(ILogger.LL_WARN, 
-                CMS.getLogMessage("CMSGW_ERROR_SET_SUBJECT_NAME_1", e.toString()));
+            log(ILogger.LL_WARN,
+                    CMS.getLogMessage("CMSGW_ERROR_SET_SUBJECT_NAME_1", e.toString()));
             throw new ECMSGWException(
-              CMS.getUserMessage("CMS_GW_SET_SUBJECT_NAME_ERROR"));
+                    CMS.getUserMessage("CMS_GW_SET_SUBJECT_NAME_ERROR"));
         } catch (IOException e) {
-            log(ILogger.LL_WARN, 
-                CMS.getLogMessage("CMSGW_ERROR_SET_SUBJECT_NAME_1",
-                    e.toString()));
+            log(ILogger.LL_WARN,
+                    CMS.getLogMessage("CMSGW_ERROR_SET_SUBJECT_NAME_1",
+                            e.toString()));
             throw new ECMSGWException(
-              CMS.getUserMessage("CMS_GW_SET_SUBJECT_NAME_ERROR"));
+                    CMS.getUserMessage("CMS_GW_SET_SUBJECT_NAME_ERROR"));
         }
 
         // validity
         try {
             CertificateValidity validity = null;
-            Date notBefore = 
-                authToken.getInDate(AuthToken.TOKEN_CERT_NOTBEFORE);
-            Date notAfter = 
-                authToken.getInDate(AuthToken.TOKEN_CERT_NOTAFTER);
+            Date notBefore =
+                    authToken.getInDate(AuthToken.TOKEN_CERT_NOTBEFORE);
+            Date notAfter =
+                    authToken.getInDate(AuthToken.TOKEN_CERT_NOTAFTER);
 
             if (notBefore != null && notAfter != null) {
                 validity = new CertificateValidity(notBefore, notAfter);
                 certInfo.set(X509CertInfo.VALIDITY, validity);
-                log(ILogger.LL_INFO, 
-                    "cert validity set to " + validity + " from authtoken");
+                log(ILogger.LL_INFO,
+                        "cert validity set to " + validity + " from authtoken");
             }
         } catch (CertificateException e) {
-            log(ILogger.LL_WARN, 
-                CMS.getLogMessage("CMSGW_ERROR_SET_VALIDITY_1",
-                    e.toString()));
+            log(ILogger.LL_WARN,
+                    CMS.getLogMessage("CMSGW_ERROR_SET_VALIDITY_1",
+                            e.toString()));
             throw new ECMSGWException(
-              CMS.getUserMessage("CMS_GW_SET_VALIDITY_ERROR"));
+                    CMS.getUserMessage("CMS_GW_SET_VALIDITY_ERROR"));
         } catch (IOException e) {
-            log(ILogger.LL_WARN, 
-                CMS.getLogMessage("CMSGW_ERROR_SET_VALIDITY_1", e.toString()));
+            log(ILogger.LL_WARN,
+                    CMS.getLogMessage("CMSGW_ERROR_SET_VALIDITY_1", e.toString()));
             throw new ECMSGWException(
-              CMS.getUserMessage("CMS_GW_SET_VALIDITY_ERROR"));
+                    CMS.getUserMessage("CMS_GW_SET_VALIDITY_ERROR"));
         }
-	
+
         // extensions
         try {
             CertificateExtensions extensions =
-                authToken.getInCertExts(X509CertInfo.EXTENSIONS);
+                    authToken.getInCertExts(X509CertInfo.EXTENSIONS);
 
             if (extensions != null) {
                 certInfo.set(X509CertInfo.EXTENSIONS, extensions);
                 log(ILogger.LL_INFO, "cert extensions set from authtoken");
             }
         } catch (CertificateException e) {
-            log(ILogger.LL_WARN, 
-                CMS.getLogMessage("CMSGW_ERROR_SET_EXTENSIONS_1", e.toString()));
+            log(ILogger.LL_WARN,
+                    CMS.getLogMessage("CMSGW_ERROR_SET_EXTENSIONS_1", e.toString()));
             throw new ECMSGWException(
-              CMS.getUserMessage("CMS_GW_SET_EXTENSIONS_ERROR"));
+                    CMS.getUserMessage("CMS_GW_SET_EXTENSIONS_ERROR"));
         } catch (IOException e) {
-            log(ILogger.LL_WARN, 
-                CMS.getLogMessage("CMSGW_ERROR_SET_EXTENSIONS_1",
-                    e.toString()));
+            log(ILogger.LL_WARN,
+                    CMS.getLogMessage("CMSGW_ERROR_SET_EXTENSIONS_1",
+                            e.toString()));
             throw new ECMSGWException(
-              CMS.getUserMessage("CMS_GW_SET_EXTENSIONS_ERROR"));
+                    CMS.getUserMessage("CMS_GW_SET_EXTENSIONS_ERROR"));
         }
     }
 
     protected X509CertInfo[] fillCRMF(
-        String crmf, IAuthToken authToken, IArgBlock httpParams, IRequest req) 
-        throws EBaseException {
+            String crmf, IAuthToken authToken, IArgBlock httpParams, IRequest req)
+            throws EBaseException {
         try {
             byte[] crmfBlob = CMS.AtoB(crmf);
             ByteArrayInputStream crmfBlobIn =
-                new ByteArrayInputStream(crmfBlob);
-			
+                    new ByteArrayInputStream(crmfBlob);
+
             SEQUENCE crmfMsgs = (SEQUENCE)
-                new SEQUENCE.OF_Template(new CertReqMsg.Template()).decode(crmfBlobIn);
+                    new SEQUENCE.OF_Template(new CertReqMsg.Template()).decode(crmfBlobIn);
 
             int nummsgs = crmfMsgs.size();
             X509CertInfo[] certInfoArray = new X509CertInfo[nummsgs];
@@ -914,17 +908,11 @@ public class HashEnrollServlet extends CMSServlet {
                 CertReqMsg certReqMsg = (CertReqMsg) crmfMsgs.elementAt(i);
 
                 /*
-                 if (certReqMsg.hasPop()) {
-                 try {
-                 certReqMsg.verify();
-                 } catch (ChallengeResponseException ex) {
-                 // create and save the challenge
-                 // construct the cmmf message together
-                 // in a sequence to challenge the requestor
-                 } catch (Exception e) {
-                 // failed, should only affect one request
-                 }
-                 }
+                 * if (certReqMsg.hasPop()) { try { certReqMsg.verify(); } catch
+                 * (ChallengeResponseException ex) { // create and save the
+                 * challenge // construct the cmmf message together // in a
+                 * sequence to challenge the requestor } catch (Exception e) {
+                 * // failed, should only affect one request } }
                  */
                 CertRequest certReq = certReqMsg.getCertReq();
                 INTEGER certReqId = certReq.getCertReqId();
@@ -951,92 +939,92 @@ public class HashEnrollServlet extends CMSServlet {
                 if (certTemplate.getNotBefore() != null || certTemplate.getNotAfter() != null) {
                     CertificateValidity certValidity = new CertificateValidity(certTemplate.getNotBefore(), certTemplate.getNotAfter());
 
-                    certInfo.set(X509CertInfo.VALIDITY, certValidity);	
+                    certInfo.set(X509CertInfo.VALIDITY, certValidity);
                 }
 
                 if (certTemplate.hasSubject()) {
                     Name subjectdn = certTemplate.getSubject();
-                    ByteArrayOutputStream subjectEncStream = 
-                        new ByteArrayOutputStream();
+                    ByteArrayOutputStream subjectEncStream =
+                            new ByteArrayOutputStream();
 
                     subjectdn.encode(subjectEncStream);
                     byte[] subjectEnc = subjectEncStream.toByteArray();
                     X500Name subject = new X500Name(subjectEnc);
 
-                    certInfo.set(X509CertInfo.SUBJECT, 
-                        new CertificateSubjectName(subject));
-                } else if (authToken == null || 
-                    authToken.getInString(AuthToken.TOKEN_CERT_SUBJECT) == null) {
-                    // No subject name - error! 
-                    log(ILogger.LL_FAILURE, 
-                        CMS.getLogMessage("CMSGW_MISSING_SUBJECT_NAME_FROM_AUTHTOKEN"));
+                    certInfo.set(X509CertInfo.SUBJECT,
+                            new CertificateSubjectName(subject));
+                } else if (authToken == null ||
+                        authToken.getInString(AuthToken.TOKEN_CERT_SUBJECT) == null) {
+                    // No subject name - error!
+                    log(ILogger.LL_FAILURE,
+                            CMS.getLogMessage("CMSGW_MISSING_SUBJECT_NAME_FROM_AUTHTOKEN"));
                     throw new ECMSGWException(
-                      CMS.getUserMessage("CMS_GW_MISSING_SUBJECT_NAME_FROM_AUTHTOKEN"));
+                            CMS.getUserMessage("CMS_GW_MISSING_SUBJECT_NAME_FROM_AUTHTOKEN"));
                 }
 
-                // get extensions 
+                // get extensions
                 CertificateExtensions extensions = null;
 
                 try {
                     extensions = (CertificateExtensions)
-                            certInfo.get(X509CertInfo.EXTENSIONS); 
+                            certInfo.get(X509CertInfo.EXTENSIONS);
                 } catch (CertificateException e) {
                     extensions = null;
                 } catch (IOException e) {
                     extensions = null;
                 }
                 if (certTemplate.hasExtensions()) {
-                    // put each extension from CRMF into CertInfo. 
-                    // index by extension name, consistent with 
+                    // put each extension from CRMF into CertInfo.
+                    // index by extension name, consistent with
                     // CertificateExtensions.parseExtension() method.
-                    if (extensions == null) 
+                    if (extensions == null)
                         extensions = new CertificateExtensions();
                     int numexts = certTemplate.numExtensions();
 
                     for (int j = 0; j < numexts; j++) {
-                        org.mozilla.jss.pkix.cert.Extension jssext = 
-                            certTemplate.extensionAt(j);
+                        org.mozilla.jss.pkix.cert.Extension jssext =
+                                certTemplate.extensionAt(j);
                         boolean isCritical = jssext.getCritical();
-                        org.mozilla.jss.asn1.OBJECT_IDENTIFIER jssoid = 
-                            jssext.getExtnId();
+                        org.mozilla.jss.asn1.OBJECT_IDENTIFIER jssoid =
+                                jssext.getExtnId();
                         long[] numbers = jssoid.getNumbers();
                         int[] oidNumbers = new int[numbers.length];
 
                         for (int k = numbers.length - 1; k >= 0; k--) {
                             oidNumbers[k] = (int) numbers[k];
                         }
-                        ObjectIdentifier oid = 
-                            new ObjectIdentifier(oidNumbers);
-                        org.mozilla.jss.asn1.OCTET_STRING jssvalue = 
-                            jssext.getExtnValue();
-                        ByteArrayOutputStream jssvalueout = 
-                            new ByteArrayOutputStream();
+                        ObjectIdentifier oid =
+                                new ObjectIdentifier(oidNumbers);
+                        org.mozilla.jss.asn1.OCTET_STRING jssvalue =
+                                jssext.getExtnValue();
+                        ByteArrayOutputStream jssvalueout =
+                                new ByteArrayOutputStream();
 
                         jssvalue.encode(jssvalueout);
                         byte[] extValue = jssvalueout.toByteArray();
 
-                        Extension ext = 
-                            new Extension(oid, isCritical, extValue);
+                        Extension ext =
+                                new Extension(oid, isCritical, extValue);
 
                         extensions.parseExtension(ext);
                     }
 
-                    certInfo.set(X509CertInfo.VERSION, 
-                        new CertificateVersion(CertificateVersion.V3));
+                    certInfo.set(X509CertInfo.VERSION,
+                            new CertificateVersion(CertificateVersion.V3));
                     certInfo.set(X509CertInfo.EXTENSIONS, extensions);
 
                 }
 
-                // Added a new configuration parameter 
+                // Added a new configuration parameter
                 // eeGateway.Enrollment.authTokenOverride=[true|false]
                 // By default, it is set to true. In most
                 // of the case, administrator would want
                 // to have the control of the subject name
                 // formulation.
                 // -- CRMFfillCert
-                if (authToken != null && 
-                    authToken.getInString(AuthToken.TOKEN_CERT_SUBJECT) != null) {
-                    // if authenticated override subect name, validity and 
+                if (authToken != null &&
+                        authToken.getInString(AuthToken.TOKEN_CERT_SUBJECT) != null) {
+                    // if authenticated override subect name, validity and
                     // extensions if any from authtoken.
                     fillCertInfoFromAuthToken(certInfo, authToken);
                 }
@@ -1048,27 +1036,27 @@ public class HashEnrollServlet extends CMSServlet {
 
             return certInfoArray;
         } catch (CertificateException e) {
-            log(ILogger.LL_FAILURE, 
-                CMS.getLogMessage("CMSGW_ERROR_CRMF_TO_CERTINFO_1", e.toString()));
+            log(ILogger.LL_FAILURE,
+                    CMS.getLogMessage("CMSGW_ERROR_CRMF_TO_CERTINFO_1", e.toString()));
             throw new ECMSGWException(
-              CMS.getUserMessage("CMS_GW_CRMF_TO_CERTINFO_ERROR"));
+                    CMS.getUserMessage("CMS_GW_CRMF_TO_CERTINFO_ERROR"));
         } catch (IOException e) {
-            log(ILogger.LL_FAILURE, 
-                CMS.getLogMessage("CMSGW_ERROR_CRMF_TO_CERTINFO_1",
-                    e.toString()));
+            log(ILogger.LL_FAILURE,
+                    CMS.getLogMessage("CMSGW_ERROR_CRMF_TO_CERTINFO_1",
+                            e.toString()));
             throw new ECMSGWException(
-              CMS.getUserMessage("CMS_GW_CRMF_TO_CERTINFO_ERROR"));
+                    CMS.getUserMessage("CMS_GW_CRMF_TO_CERTINFO_ERROR"));
         } catch (InvalidBERException e) {
-            log(ILogger.LL_FAILURE, 
-                CMS.getLogMessage("CMSGW_ERROR_CRMF_TO_CERTINFO_1", e.toString()));
+            log(ILogger.LL_FAILURE,
+                    CMS.getLogMessage("CMSGW_ERROR_CRMF_TO_CERTINFO_1", e.toString()));
             throw new ECMSGWException(
-              CMS.getUserMessage("CMS_GW_CRMF_TO_CERTINFO_ERROR"));
+                    CMS.getUserMessage("CMS_GW_CRMF_TO_CERTINFO_ERROR"));
         } catch (InvalidKeyException e) {
-            log(ILogger.LL_FAILURE, 
-                CMS.getLogMessage("CMSGW_ERROR_CRMF_TO_CERTINFO_1",
-                    e.toString()));
+            log(ILogger.LL_FAILURE,
+                    CMS.getLogMessage("CMSGW_ERROR_CRMF_TO_CERTINFO_1",
+                            e.toString()));
             throw new ECMSGWException(
-              CMS.getUserMessage("CMS_GW_CRMF_TO_CERTINFO_ERROR"));
+                    CMS.getUserMessage("CMS_GW_CRMF_TO_CERTINFO_ERROR"));
         }
     }
 
@@ -1092,7 +1080,11 @@ public class HashEnrollServlet extends CMSServlet {
             out.println("<H1>");
             out.println("SUCCESS");
             out.println("</H1>");
-            out.println("Your request is submitted and approved. Please cut and paste the certificate into your server."); // XXX - localize the message
+            out.println("Your request is submitted and approved. Please cut and paste the certificate into your server."); // XXX
+                                                                                                                           // -
+                                                                                                                           // localize
+                                                                                                                           // the
+                                                                                                                           // message
             out.println("<P>");
             out.println("Request Creation Time: ");
             out.println(cmsReq.getIRequest().getCreationTime().toString());
@@ -1107,24 +1099,28 @@ public class HashEnrollServlet extends CMSServlet {
             out.println("<P>");
             out.println("<PRE>");
             X509CertImpl certs[] =
-                cmsReq.getIRequest().getExtDataInCertArray(IRequest.ISSUED_CERTS);
+                    cmsReq.getIRequest().getExtDataInCertArray(IRequest.ISSUED_CERTS);
 
             out.println(CMS.getEncodedCert(certs[0]));
             out.println("</PRE>");
             out.println("<P>");
             out.println("<!HTTP_OUTPUT REQUEST_CREATION_TIME=" +
-                cmsReq.getIRequest().getCreationTime().toString() + ">");
-            out.println("<!HTTP_OUTPUT REQUEST_STATUS=" + 
-                cmsReq.getStatus().toString() + ">");
-            out.println("<!HTTP_OUTPUT REQUEST_ID=" + 
-                cmsReq.getIRequest().getRequestId().toString() + ">");
+                    cmsReq.getIRequest().getCreationTime().toString() + ">");
+            out.println("<!HTTP_OUTPUT REQUEST_STATUS=" +
+                    cmsReq.getStatus().toString() + ">");
+            out.println("<!HTTP_OUTPUT REQUEST_ID=" +
+                    cmsReq.getIRequest().getRequestId().toString() + ">");
             out.println("<!HTTP_OUTPUT X509_CERTIFICATE=" +
-                CMS.getEncodedCert(certs[0]) + ">");
+                    CMS.getEncodedCert(certs[0]) + ">");
         } else if (cmsReq.getIRequest().getRequestStatus().equals(RequestStatus.PENDING)) {
             out.println("<H1>");
             out.println("PENDING");
             out.println("</H1>");
-            out.println("Your request is submitted. You can check on the status of your request with an authorized agent or local administrator by referring to the request ID."); // XXX - localize the message
+            out.println("Your request is submitted. You can check on the status of your request with an authorized agent or local administrator by referring to the request ID."); // XXX
+                                                                                                                                                                                   // -
+                                                                                                                                                                                   // localize
+                                                                                                                                                                                   // the
+                                                                                                                                                                                   // message
             out.println("<P>");
             out.println("Request Creation Time: ");
             out.println(cmsReq.getIRequest().getCreationTime().toString());
@@ -1136,17 +1132,21 @@ public class HashEnrollServlet extends CMSServlet {
             out.println(cmsReq.getIRequest().getRequestId().toString());
             out.println("<P>");
             out.println("<!HTTP_OUTPUT REQUEST_CREATION_TIME=" +
-                cmsReq.getIRequest().getCreationTime().toString() + ">");
-            out.println("<!HTTP_OUTPUT REQUEST_STATUS=" + 
-                cmsReq.getStatus().toString() + ">");
-            out.println("<!HTTP_OUTPUT REQUEST_ID=" + 
-                cmsReq.getIRequest().getRequestId().toString() + ">");
+                    cmsReq.getIRequest().getCreationTime().toString() + ">");
+            out.println("<!HTTP_OUTPUT REQUEST_STATUS=" +
+                    cmsReq.getStatus().toString() + ">");
+            out.println("<!HTTP_OUTPUT REQUEST_ID=" +
+                    cmsReq.getIRequest().getRequestId().toString() + ">");
         } else {
             out.println("<H1>");
             out.println("ERROR");
             out.println("</H1>");
             out.println("<!INFO>");
-            out.println("Please consult your local administrator for assistance."); // XXX - localize the message
+            out.println("Please consult your local administrator for assistance."); // XXX
+                                                                                    // -
+                                                                                    // localize
+                                                                                    // the
+                                                                                    // message
             out.println("<!/INFO>");
             out.println("<P>");
             out.println("Request Status: ");
@@ -1155,62 +1155,58 @@ public class HashEnrollServlet extends CMSServlet {
             out.println("Error: ");
             out.println(cmsReq.getError()); // XXX - need to parse in Locale
             out.println("<P>");
-            out.println("<!HTTP_OUTPUT REQUEST_STATUS=" + 
-                cmsReq.getStatus().toString() + ">");
-            out.println("<!HTTP_OUTPUT ERROR=" + 
-                cmsReq.getError() + ">");
+            out.println("<!HTTP_OUTPUT REQUEST_STATUS=" +
+                    cmsReq.getStatus().toString() + ">");
+            out.println("<!HTTP_OUTPUT ERROR=" +
+                    cmsReq.getError() + ">");
         }
 
         /**
-         // include all the input data
-         IArgBlock args = cmsReq.getHttpParams();
-         Enumeration ele = args.getElements();
-         while (ele.hasMoreElements()) {
-         String eleT = (String)ele.nextElement();
-         out.println("<!HTTP_INPUT " + eleT + "=" + 
-         args.get(eleT) + ">");
-         }
+         * // include all the input data IArgBlock args =
+         * cmsReq.getHttpParams(); Enumeration ele = args.getElements(); while
+         * (ele.hasMoreElements()) { String eleT = (String)ele.nextElement();
+         * out.println("<!HTTP_INPUT " + eleT + "=" + args.get(eleT) + ">"); }
          **/
 
         out.println("</HTML>");
     }
 
-    // XXX ALERT !! 
-    // Remove the following and calls to them when we bundle a cartman 
-    // later than alpha1. 
-    // These are here to cover up problem in cartman where the 
-    // key usage extension always ends up being digital signature only 
+    // XXX ALERT !!
+    // Remove the following and calls to them when we bundle a cartman
+    // later than alpha1.
+    // These are here to cover up problem in cartman where the
+    // key usage extension always ends up being digital signature only
     // and for rsa-ex ends up having no bits set.
 
     private boolean mIsTestBed = false;
 
-    private void init_testbed_hack(IConfigStore config) 
-        throws EBaseException {
+    private void init_testbed_hack(IConfigStore config)
+            throws EBaseException {
         mIsTestBed = config.getBoolean("isTestBed", true);
     }
 
     private void do_testbed_hack(
-        int nummsgs, X509CertInfo[] certinfo, IArgBlock httpParams) 
-        throws EBaseException {
-        if (!mIsTestBed) 
+            int nummsgs, X509CertInfo[] certinfo, IArgBlock httpParams)
+            throws EBaseException {
+        if (!mIsTestBed)
             return;
 
-            // get around bug in cartman - bits are off by one byte.
+        // get around bug in cartman - bits are off by one byte.
         for (int i = 0; i < certinfo.length; i++) {
             try {
                 X509CertInfo cert = certinfo[i];
                 CertificateExtensions exts = (CertificateExtensions)
-                    cert.get(CertificateExtensions.NAME);
+                        cert.get(CertificateExtensions.NAME);
 
                 if (exts == null) {
                     // should not happen.
                     continue;
                 }
                 KeyUsageExtension ext = (KeyUsageExtension)
-                    exts.get(KeyUsageExtension.class.getSimpleName());
+                        exts.get(KeyUsageExtension.class.getSimpleName());
 
-                if (ext == null) 
-                    // should not happen 
+                if (ext == null)
+                    // should not happen
                     continue;
                 byte[] value = ext.getExtensionValue();
 
@@ -1221,13 +1217,12 @@ public class HashEnrollServlet extends CMSServlet {
                     newvalue[1] = 0x03;
                     newvalue[2] = 0x07;
                     newvalue[3] = value[3];
-                    // force encryption certs to have digitial signature 
+                    // force encryption certs to have digitial signature
                     // set too so smime can find the cert for encryption.
                     if (value[3] == 0x20) {
 
                         /*
-                         newvalue[3] = 0x3f;
-                         newvalue[4] = (byte)0x80;
+                         * newvalue[3] = 0x3f; newvalue[4] = (byte)0x80;
                          */
                         if (httpParams.getValueAsBoolean(
                                 "dual-use-hack", true)) {
@@ -1235,22 +1230,21 @@ public class HashEnrollServlet extends CMSServlet {
                         }
                     }
                     newvalue[4] = 0;
-                    KeyUsageExtension newext = 
-                        new KeyUsageExtension(Boolean.valueOf(true), 
-                            (Object) newvalue);
+                    KeyUsageExtension newext =
+                            new KeyUsageExtension(Boolean.valueOf(true),
+                                    (Object) newvalue);
 
                     exts.delete(KeyUsageExtension.class.getSimpleName());
                     exts.set(KeyUsageExtension.class.getSimpleName(), newext);
                 }
             } catch (IOException e) {
-                // should never happen 
+                // should never happen
                 continue;
             } catch (CertificateException e) {
-                // should never happen 
+                // should never happen
                 continue;
             }
         }
 
     }
 }
-
diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/ImportCertsTemplateFiller.java b/pki/base/common/src/com/netscape/cms/servlet/cert/ImportCertsTemplateFiller.java
index 75726730..58822812 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/cert/ImportCertsTemplateFiller.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/cert/ImportCertsTemplateFiller.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.servlet.cert;
 
-
 import java.io.BufferedReader;
 import java.io.ByteArrayOutputStream;
 import java.io.StringReader;
@@ -58,25 +57,25 @@ import com.netscape.cms.servlet.common.CMSTemplateParams;
 import com.netscape.cms.servlet.common.ECMSGWException;
 import com.netscape.cms.servlet.common.ICMSTemplateFiller;
 
-
 /**
  * Set up HTTP response to import certificate into browsers
  * 
- * The result must have been populate with the set of certificates
- * to return.
+ * The result must have been populate with the set of certificates to return.
+ * 
  * <pre>
  * inputs: certtype.
  * outputs: 
- *		- cert type from http input (if any)
+ * 	- cert type from http input (if any)
  *      - CA chain 
- *		- authority name (RM, CM, DRM)
+ * 	- authority name (RM, CM, DRM)
  *      - scheme:host:port of server.
- *	 array of one or more 
+ *  array of one or more 
  *      - cert serial number
  *      - cert pretty print
- *		- cert in base 64 encoding.
- *		- cmmf blob to import 
+ * 	- cert in base 64 encoding.
+ * 	- cmmf blob to import
  * </pre>
+ * 
  * @version $Revision$, $Date$
  */
 public class ImportCertsTemplateFiller implements ICMSTemplateFiller {
@@ -88,7 +87,7 @@ public class ImportCertsTemplateFiller implements ICMSTemplateFiller {
     public static final String CERT_FINGERPRINT = "certFingerprint"; // cisco
     public static final String CERT_NICKNAME = "certNickname";
     public static final String CMMF_RESP = "cmmfResponse";
-    public static final String PKCS7_RESP = "pkcs7ChainBase64";  // for MSIE
+    public static final String PKCS7_RESP = "pkcs7ChainBase64"; // for MSIE
 
     public ImportCertsTemplateFiller() {
     }
@@ -100,32 +99,32 @@ public class ImportCertsTemplateFiller implements ICMSTemplateFiller {
      * @param e unexpected exception e. ignored.
      */
     public CMSTemplateParams getTemplateParams(
-        CMSRequest cmsReq, IAuthority authority, Locale locale, Exception e) 
-        throws Exception {
+            CMSRequest cmsReq, IAuthority authority, Locale locale, Exception e)
+            throws Exception {
         Certificate[] certs = (Certificate[]) cmsReq.getResult();
 
         if (certs instanceof X509CertImpl[])
-            return 	getX509TemplateParams(cmsReq, authority, locale, e);
+            return getX509TemplateParams(cmsReq, authority, locale, e);
         else
             return null;
     }
-	
+
     public CMSTemplateParams getX509TemplateParams(
-        CMSRequest cmsReq, IAuthority authority, Locale locale, Exception e) 
-        throws Exception {
+            CMSRequest cmsReq, IAuthority authority, Locale locale, Exception e)
+            throws Exception {
         IArgBlock header = CMS.createArgBlock();
         IArgBlock fixed = CMS.createArgBlock();
         CMSTemplateParams params = new CMSTemplateParams(header, fixed);
 
-        // set host name and port. 
+        // set host name and port.
         HttpServletRequest httpReq = cmsReq.getHttpReq();
         String host = httpReq.getServerName();
         int port = httpReq.getServerPort();
         String scheme = httpReq.getScheme();
         String format = httpReq.getParameter("format");
-        if(format!=null && format.equals("cmc"))
+        if (format != null && format.equals("cmc"))
             fixed.set("importCMC", "false");
-        String agentPort = ""+port;
+        String agentPort = "" + port;
         fixed.set("agentHost", host);
         fixed.set("agentPort", agentPort);
         fixed.set(ICMSTemplateFiller.HOST, host);
@@ -148,33 +147,34 @@ public class ImportCertsTemplateFiller implements ICMSTemplateFiller {
 
         // set cert type.
         IArgBlock httpParams = cmsReq.getHttpParams();
-        String certType = 
-            httpParams.getValueAsString(CERT_TYPE, null);
+        String certType =
+                httpParams.getValueAsString(CERT_TYPE, null);
 
-        if (certType != null) 
+        if (certType != null)
             fixed.set(CERT_TYPE, certType);
 
-            // this authority
-        fixed.set(ICMSTemplateFiller.AUTHORITY, 
-            (String) authority.getOfficialName());
+        // this authority
+        fixed.set(ICMSTemplateFiller.AUTHORITY,
+                (String) authority.getOfficialName());
 
         // CA chain.
-        CertificateChain cachain = 
-            ((ICertAuthority) authority).getCACertChain();
+        CertificateChain cachain =
+                ((ICertAuthority) authority).getCACertChain();
         X509Certificate[] cacerts = cachain.getChain();
 
         String replyTo = httpParams.getValueAsString("replyTo", null);
 
-        if (replyTo != null) fixed.set("replyTo", replyTo);
+        if (replyTo != null)
+            fixed.set("replyTo", replyTo);
 
-            // set user + CA cert chain and pkcs7 for MSIE. 
+        // set user + CA cert chain and pkcs7 for MSIE.
         X509CertImpl[] userChain = new X509CertImpl[cacerts.length + 1];
         int m = 1, n = 0;
 
-        for (; n < cacerts.length; m++, n++) 
+        for (; n < cacerts.length; m++, n++)
             userChain[m] = (X509CertImpl) cacerts[n];
 
-            // certs. 
+        // certs.
         X509CertImpl[] certs = (X509CertImpl[]) cmsReq.getResult();
 
         // expose CRMF request id
@@ -188,7 +188,7 @@ public class ImportCertsTemplateFiller implements ICMSTemplateFiller {
             fixed.set(CRMF_REQID, crmfReqId);
         }
 
-        // set CA certs in cmmf, initialize CertRepContent 
+        // set CA certs in cmmf, initialize CertRepContent
         // note cartman can't trust ca certs yet but it'll import them.
         // also set cert nickname for cartman.
         CertRepContent certRepContent = null;
@@ -196,23 +196,23 @@ public class ImportCertsTemplateFiller implements ICMSTemplateFiller {
         if (CMSServlet.doCMMFResponse(httpParams)) {
             byte[][] caPubs = new byte[cacerts.length][];
 
-            for (int j = 0; j < cacerts.length; j++) 
+            for (int j = 0; j < cacerts.length; j++)
                 caPubs[j] = ((X509CertImpl) cacerts[j]).getEncoded();
             certRepContent = new CertRepContent(caPubs);
 
-            String certnickname = 
-                cmsReq.getHttpParams().getValueAsString(CERT_NICKNAME, null);
+            String certnickname =
+                    cmsReq.getHttpParams().getValueAsString(CERT_NICKNAME, null);
 
             // if nickname is not requested set to subject name by default.
-            if (certnickname == null) 
+            if (certnickname == null)
                 fixed.set(CERT_NICKNAME, certs[0].getSubjectDN().toString());
             else
                 fixed.set(CERT_NICKNAME, certnickname);
         }
 
-        // make pkcs7 for MSIE 
-        if (CMSServlet.clientIsMSIE(cmsReq.getHttpReq()) && 
-            (certType == null || certType.equals("client"))) {
+        // make pkcs7 for MSIE
+        if (CMSServlet.clientIsMSIE(cmsReq.getHttpReq()) &&
+                (certType == null || certType.equals("client"))) {
             userChain[0] = certs[0];
             PKCS7 p7 = new PKCS7(new AlgorithmId[0],
                     new ContentInfo(new byte[0]),
@@ -222,7 +222,7 @@ public class ImportCertsTemplateFiller implements ICMSTemplateFiller {
 
             p7.encodeSignedData(bos);
             byte[] p7Bytes = bos.toByteArray();
-            //		String p7Str = encoder.encodeBuffer(p7Bytes);
+            // String p7Str = encoder.encodeBuffer(p7Bytes);
             String p7Str = CMS.BtoA(p7Bytes);
 
             header.set(PKCS7_RESP, p7Str);
@@ -234,24 +234,24 @@ public class ImportCertsTemplateFiller implements ICMSTemplateFiller {
             X509CertImpl cert = certs[i];
 
             // set serial number.
-            BigInteger serialNo = 
-                ((X509Certificate) cert).getSerialNumber();
+            BigInteger serialNo =
+                    ((X509Certificate) cert).getSerialNumber();
 
             repeat.addBigIntegerValue(ISSUED_CERT_SERIAL, serialNo, 16);
 
             // set base64 encoded blob.
             byte[] certEncoded = cert.getEncoded();
-            //			String b64 = encoder.encodeBuffer(certEncoded);
+            // String b64 = encoder.encodeBuffer(certEncoded);
             String b64 = CMS.BtoA(certEncoded);
             String b64cert = "-----BEGIN CERTIFICATE-----\n" +
-                b64 + "\n-----END CERTIFICATE-----";
+                    b64 + "\n-----END CERTIFICATE-----";
 
             repeat.set(BASE64_CERT, b64cert);
-			
+
             // set cert pretty print.
-			
+
             String prettyPrintRequested =
-                cmsReq.getHttpParams().getValueAsString(CERT_PRETTYPRINT, null);
+                    cmsReq.getHttpParams().getValueAsString(CERT_PRETTYPRINT, null);
 
             if (prettyPrintRequested == null) {
                 prettyPrintRequested = "true";
@@ -266,7 +266,8 @@ public class ImportCertsTemplateFiller implements ICMSTemplateFiller {
             repeat.set(CERT_PRETTYPRINT, ppStr);
 
             // Now formulate a PKCS#7 blob
-            X509CertImpl[] certsInChain = new X509CertImpl[1];; 
+            X509CertImpl[] certsInChain = new X509CertImpl[1];
+            ;
             if (cacerts != null) {
                 for (int j = 0; j < cacerts.length; j++) {
                     if (cert.equals(cacerts[j])) {
@@ -277,10 +278,10 @@ public class ImportCertsTemplateFiller implements ICMSTemplateFiller {
                     certsInChain = new X509CertImpl[cacerts.length + 1];
                 }
             }
-			
+
             // Set the EE cert
             certsInChain[0] = cert;
-			
+
             // Set the Ca certificate chain
             if (cacerts != null) {
                 for (int j = 0; j < cacerts.length; j++) {
@@ -292,7 +293,7 @@ public class ImportCertsTemplateFiller implements ICMSTemplateFiller {
             String p7Str;
 
             try {
-                PKCS7 p7 = new PKCS7(new AlgorithmId[0], 
+                PKCS7 p7 = new PKCS7(new AlgorithmId[0],
                         new ContentInfo(new byte[0]),
                         certsInChain,
                         new SignerInfo[0]);
@@ -301,14 +302,14 @@ public class ImportCertsTemplateFiller implements ICMSTemplateFiller {
                 p7.encodeSignedData(bos);
                 byte[] p7Bytes = bos.toByteArray();
 
-                //p7Str = encoder.encodeBuffer(p7Bytes);
+                // p7Str = encoder.encodeBuffer(p7Bytes);
                 p7Str = CMS.BtoA(p7Bytes);
                 repeat.addStringValue("pkcs7ChainBase64", p7Str);
             } catch (Exception ex) {
-                //p7Str = "PKCS#7 B64 Encoding error - " + ex.toString() 
-                //+ "; Please contact your administrator";
+                // p7Str = "PKCS#7 B64 Encoding error - " + ex.toString()
+                // + "; Please contact your administrator";
                 throw new ECMSGWException(
-                  CMS.getUserMessage("CMS_GW_FORMING_PKCS7_ERROR"));
+                        CMS.getUserMessage("CMS_GW_FORMING_PKCS7_ERROR"));
             }
 
             // set cert fingerprint (for Cisco routers)
@@ -325,18 +326,18 @@ public class ImportCertsTemplateFiller implements ICMSTemplateFiller {
                 throw new EBaseException(
                         CMS.getUserMessage(locale, "CMS_BASE_INTERNAL_ERROR", ex.toString()));
             }
-            if (fingerprint != null && fingerprint.length() > 0) 
+            if (fingerprint != null && fingerprint.length() > 0)
                 repeat.set(CERT_FINGERPRINT, fingerprint);
 
-                // cmmf response for this cert.
+            // cmmf response for this cert.
             if (CMSServlet.doCMMFResponse(httpParams) && crmfReqId != null &&
-                (certType == null || certType.equals("client"))) {
+                    (certType == null || certType.equals("client"))) {
                 PKIStatusInfo status = new PKIStatusInfo(PKIStatusInfo.granted);
-                CertifiedKeyPair certifiedKP = 
-                    new CertifiedKeyPair(new CertOrEncCert(certEncoded));
-                CertResponse resp = 
-                    new CertResponse(new INTEGER(crmfReqId), status, 
-                        certifiedKP);
+                CertifiedKeyPair certifiedKP =
+                        new CertifiedKeyPair(new CertOrEncCert(certEncoded));
+                CertResponse resp =
+                        new CertResponse(new INTEGER(crmfReqId), status,
+                                certifiedKP);
 
                 certRepContent.addCertResponse(resp);
             }
@@ -352,19 +353,19 @@ public class ImportCertsTemplateFiller implements ICMSTemplateFiller {
             byte[] certRepBytes = certRepOut.toByteArray();
             String certRepB64 = com.netscape.osutil.OSUtil.BtoA(certRepBytes);
             // add CR to each return as required by cartman
-            BufferedReader certRepB64lines = 
-                new BufferedReader(new StringReader(certRepB64));
+            BufferedReader certRepB64lines =
+                    new BufferedReader(new StringReader(certRepB64));
             StringWriter certRepStringOut = new StringWriter();
             String oneLine = null;
             boolean first = true;
 
             while ((oneLine = certRepB64lines.readLine()) != null) {
                 if (first) {
-                    //certRepStringOut.write("\""+oneLine+"\"");
+                    // certRepStringOut.write("\""+oneLine+"\"");
                     certRepStringOut.write(oneLine);
                     first = false;
                 } else {
-                    //certRepStringOut.write("+\"\\n"+oneLine+"\"");
+                    // certRepStringOut.write("+\"\\n"+oneLine+"\"");
                     certRepStringOut.write("\n" + oneLine);
                 }
             }
@@ -376,4 +377,3 @@ public class ImportCertsTemplateFiller implements ICMSTemplateFiller {
         return params;
     }
 }
-
diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/ListCerts.java b/pki/base/common/src/com/netscape/cms/servlet/cert/ListCerts.java
index a65be25a..9e89bb1a 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/cert/ListCerts.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/cert/ListCerts.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.servlet.cert;
 
-
 import java.io.IOException;
 import java.math.BigInteger;
 import java.security.PublicKey;
@@ -57,10 +56,9 @@ import com.netscape.cms.servlet.common.CMSTemplate;
 import com.netscape.cms.servlet.common.CMSTemplateParams;
 import com.netscape.cms.servlet.common.ECMSGWException;
 
-
 /**
  * Retrieve a paged list of certs matching the specified query
- *
+ * 
  * @version $Revision$, $Date$
  */
 public class ListCerts extends CMSServlet {
@@ -78,8 +76,8 @@ public class ListCerts extends CMSServlet {
     private ICertificateRepository mCertDB = null;
     private X500Name mAuthName = null;
     private String mFormPath = null;
-    private boolean  mReverse = false;
-    private boolean  mHardJumpTo = false; //jump to the end
+    private boolean mReverse = false;
+    private boolean mHardJumpTo = false; // jump to the end
     private String mDirection = null;
     private boolean mUseClientFilter = false;
     private Vector<String> mAllowedClientFilters = new Vector<String>();
@@ -95,7 +93,7 @@ public class ListCerts extends CMSServlet {
     /**
      * initialize the servlet. This servlet uses the template file
      * "queryCert.template" to render the response
-     *
+     * 
      * @param sc servlet configuration, read from the web.xml file
      */
     public void init(ServletConfig sc) throws ServletException {
@@ -120,28 +118,29 @@ public class ListCerts extends CMSServlet {
             /* do nothing, just use the default if integer parsing failed */
         }
 
-        /* useClientFilter should be off by default. We keep
-           this parameter around so that we do not break
-           the client applications that submits raw LDAP
-           filter into this servlet.  */
+        /*
+         * useClientFilter should be off by default. We keep this parameter
+         * around so that we do not break the client applications that submits
+         * raw LDAP filter into this servlet.
+         */
         if (sc.getInitParameter(USE_CLIENT_FILTER) != null &&
-              sc.getInitParameter(USE_CLIENT_FILTER).equalsIgnoreCase("true")) {            mUseClientFilter = true;
+                sc.getInitParameter(USE_CLIENT_FILTER).equalsIgnoreCase("true")) {
+            mUseClientFilter = true;
         }
         if (sc.getInitParameter(ALLOWED_CLIENT_FILTERS) == null || sc.getInitParameter(ALLOWED_CLIENT_FILTERS).equals("")) {
-             mAllowedClientFilters.addElement("(certStatus=*)");
-             mAllowedClientFilters.addElement("(certStatus=VALID)");
-             mAllowedClientFilters.addElement("(|(certStatus=VALID)(certStatus=INVALID)(certStatus=EXPIRED))");
-             mAllowedClientFilters.addElement("(|(certStatus=VALID)(certStatus=REVOKED))");
+            mAllowedClientFilters.addElement("(certStatus=*)");
+            mAllowedClientFilters.addElement("(certStatus=VALID)");
+            mAllowedClientFilters.addElement("(|(certStatus=VALID)(certStatus=INVALID)(certStatus=EXPIRED))");
+            mAllowedClientFilters.addElement("(|(certStatus=VALID)(certStatus=REVOKED))");
         } else {
             StringTokenizer st = new StringTokenizer(sc.getInitParameter(ALLOWED_CLIENT_FILTERS), ",");
             while (st.hasMoreTokens()) {
-              mAllowedClientFilters.addElement(st.nextToken());
+                mAllowedClientFilters.addElement(st.nextToken());
             }
         }
     }
 
-    public String buildFilter(HttpServletRequest req)
-    {
+    public String buildFilter(HttpServletRequest req) {
         String queryCertFilter = req.getParameter("queryCertFilter");
 
         com.netscape.certsrv.apps.CMS.debug("client queryCertFilter=" + queryCertFilter);
@@ -151,7 +150,7 @@ public class ListCerts extends CMSServlet {
             Enumeration<String> filters = mAllowedClientFilters.elements();
             // check to see if the filter is allowed
             while (filters.hasMoreElements()) {
-                String filter = (String)filters.nextElement();
+                String filter = (String) filters.nextElement();
                 com.netscape.certsrv.apps.CMS.debug("Comparing filter=" + filter + " queryCertFilter=" + queryCertFilter);
                 if (filter.equals(queryCertFilter)) {
                     return queryCertFilter;
@@ -166,34 +165,37 @@ public class ListCerts extends CMSServlet {
         boolean skipRevoked = false;
         boolean skipNonValid = false;
         if (req.getParameter("skipRevoked") != null &&
-            req.getParameter("skipRevoked").equals("on")) {
+                req.getParameter("skipRevoked").equals("on")) {
             skipRevoked = true;
         }
         if (req.getParameter("skipNonValid") != null &&
-            req.getParameter("skipNonValid").equals("on")) {
+                req.getParameter("skipNonValid").equals("on")) {
             skipNonValid = true;
         }
 
         if (!skipRevoked && !skipNonValid) {
-            queryCertFilter = "(certStatus=*)"; 
-        } else if (skipRevoked && skipNonValid) { 
-            queryCertFilter = "(certStatus=VALID)"; 
-        } else if (skipRevoked) { 
-            queryCertFilter = "(|(certStatus=VALID)(certStatus=INVALID)(certStatus=EXPIRED))"; 
-        } else if (skipNonValid) { 
-            queryCertFilter = "(|(certStatus=VALID)(certStatus=REVOKED))"; 
+            queryCertFilter = "(certStatus=*)";
+        } else if (skipRevoked && skipNonValid) {
+            queryCertFilter = "(certStatus=VALID)";
+        } else if (skipRevoked) {
+            queryCertFilter = "(|(certStatus=VALID)(certStatus=INVALID)(certStatus=EXPIRED))";
+        } else if (skipNonValid) {
+            queryCertFilter = "(|(certStatus=VALID)(certStatus=REVOKED))";
         }
         return queryCertFilter;
     }
 
     /**
-     * Process the HTTP request. 
-	 * <ul>
-	 * <li>http.param maxCount Number of certificates to show
+     * Process the HTTP request.
+     * <ul>
+     * <li>http.param maxCount Number of certificates to show
      * <li>http.param queryFilter and ldap style filter specifying the
-     *         certificates to show
-     * <li>http.param querySentinelDown the serial number of the first certificate to show  (default decimal, or hex if prefixed with 0x) when paging down
-     * <li>http.param querySentinelUp the serial number of the first certificate to show  (default decimal, or hex if prefixed with 0x) when paging up
+     * certificates to show
+     * <li>http.param querySentinelDown the serial number of the first
+     * certificate to show (default decimal, or hex if prefixed with 0x) when
+     * paging down
+     * <li>http.param querySentinelUp the serial number of the first certificate
+     * to show (default decimal, or hex if prefixed with 0x) when paging up
      * <li>http.param direction "up", "down", "begin", or "end"
      * </ul>
      */
@@ -232,24 +234,24 @@ public class ListCerts extends CMSServlet {
         try {
             form = getTemplate(mFormPath, req, locale);
         } catch (IOException e) {
-            log(ILogger.LL_FAILURE, 
-                com.netscape.certsrv.apps.CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString()));
+            log(ILogger.LL_FAILURE,
+                    com.netscape.certsrv.apps.CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString()));
             throw new ECMSGWException(
-              com.netscape.certsrv.apps.CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
+                    com.netscape.certsrv.apps.CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
         }
 
-	mHardJumpTo = false;
+        mHardJumpTo = false;
         try {
 
-	    if (req.getParameter("direction") != null) {
-		mDirection = req.getParameter("direction").trim();
-		mReverse = mDirection.equals("up");
-		if (mReverse)
-		    com.netscape.certsrv.apps.CMS.debug("reverse is true");
-		else
-		    com.netscape.certsrv.apps.CMS.debug("reverse is false");
+            if (req.getParameter("direction") != null) {
+                mDirection = req.getParameter("direction").trim();
+                mReverse = mDirection.equals("up");
+                if (mReverse)
+                    com.netscape.certsrv.apps.CMS.debug("reverse is true");
+                else
+                    com.netscape.certsrv.apps.CMS.debug("reverse is false");
 
-	    }
+            }
 
             if (req.getParameter("maxCount") != null) {
                 maxCount = Integer.parseInt(req.getParameter("maxCount"));
@@ -259,19 +261,19 @@ public class ListCerts extends CMSServlet {
                 maxCount = mMaxReturns;
             }
 
-	    String sentinelStr = "";
-	    if (mReverse) {
-		sentinelStr = req.getParameter("querySentinelUp");
-	    } else if (mDirection.equals("end")) {
-		// this servlet will figure out the end
-		sentinelStr = "0";
-		mReverse = true;
-		mHardJumpTo = true;
-	    } else if (mDirection.equals("down")) {
-		 sentinelStr = req.getParameter("querySentinelDown");
-	    } else
-		sentinelStr = "0";
-	//begin and non-specified have sentinel default "0"
+            String sentinelStr = "";
+            if (mReverse) {
+                sentinelStr = req.getParameter("querySentinelUp");
+            } else if (mDirection.equals("end")) {
+                // this servlet will figure out the end
+                sentinelStr = "0";
+                mReverse = true;
+                mHardJumpTo = true;
+            } else if (mDirection.equals("down")) {
+                sentinelStr = req.getParameter("querySentinelDown");
+            } else
+                sentinelStr = "0";
+            // begin and non-specified have sentinel default "0"
 
             if (sentinelStr != null) {
                 if (sentinelStr.trim().startsWith("0x")) {
@@ -286,9 +288,9 @@ public class ListCerts extends CMSServlet {
             if (mAuthority instanceof ICertificateAuthority) {
                 X509CertImpl caCert = ((ICertificateAuthority) mAuthority).getSigningUnit().getCertImpl();
 
-                //if (isCertFromCA(caCert))
+                // if (isCertFromCA(caCert))
                 header.addStringValue("caSerialNumber",
-                    caCert.getSerialNumber().toString(16));
+                        caCert.getSerialNumber().toString(16));
             }
 
             // constructs the ldap filter on the server side
@@ -298,7 +300,7 @@ public class ListCerts extends CMSServlet {
                 cmsReq.setStatus(CMSRequest.UNAUTHORIZED);
                 return;
             }
- 
+
             com.netscape.certsrv.apps.CMS.debug("queryCertFilter=" + queryCertFilter);
 
             int totalRecordCount = -1;
@@ -307,16 +309,16 @@ public class ListCerts extends CMSServlet {
                 totalRecordCount = Integer.parseInt(req.getParameter("totalRecordCount"));
             } catch (Exception e) {
             }
-            processCertFilter(argSet, header, maxCount, 
-                  sentinel,
-                  totalRecordCount,
-                  req.getParameter("serialTo"), 
-                  queryCertFilter,
-                  req, resp, revokeAll, locale[0]);
+            processCertFilter(argSet, header, maxCount,
+                    sentinel,
+                    totalRecordCount,
+                    req.getParameter("serialTo"),
+                    queryCertFilter,
+                    req, resp, revokeAll, locale[0]);
         } catch (NumberFormatException e) {
             log(ILogger.LL_FAILURE, com.netscape.certsrv.apps.CMS.getLogMessage("BASE_INVALID_NUMBER_FORMAT"));
-				
-            error = new EBaseException(com.netscape.certsrv.apps.CMS.getUserMessage(getLocale(req),"CMS_BASE_INVALID_NUMBER_FORMAT"));
+
+            error = new EBaseException(com.netscape.certsrv.apps.CMS.getUserMessage(getLocale(req), "CMS_BASE_INVALID_NUMBER_FORMAT"));
         } catch (EBaseException e) {
             error = e;
         }
@@ -329,36 +331,36 @@ public class ListCerts extends CMSServlet {
             if (error == null) {
                 String xmlOutput = req.getParameter("xml");
                 if (xmlOutput != null && xmlOutput.equals("true")) {
-                  outputXML(resp, argSet);
+                    outputXML(resp, argSet);
                 } else {
-                  cmsReq.setStatus(CMSRequest.SUCCESS);
-                  resp.setContentType("text/html");
-                  form.renderOutput(out, argSet);
+                    cmsReq.setStatus(CMSRequest.SUCCESS);
+                    resp.setContentType("text/html");
+                    form.renderOutput(out, argSet);
                 }
             } else {
                 cmsReq.setStatus(CMSRequest.ERROR);
                 cmsReq.setError(error);
             }
         } catch (IOException e) {
-            log(ILogger.LL_FAILURE, 
-                com.netscape.certsrv.apps.CMS.getLogMessage("CMSGW_ERR_OUT_STREAM_TEMPLATE", e.toString()));
+            log(ILogger.LL_FAILURE,
+                    com.netscape.certsrv.apps.CMS.getLogMessage("CMSGW_ERR_OUT_STREAM_TEMPLATE", e.toString()));
             throw new ECMSGWException(
-              com.netscape.certsrv.apps.CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
+                    com.netscape.certsrv.apps.CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
         }
     }
 
-    private void processCertFilter(CMSTemplateParams argSet, 
-        IArgBlock header, 
-        int maxCount,
-        BigInteger sentinel,	
-        int totalRecordCount,	
-        String serialTo, 
-        String filter, 
-        HttpServletRequest req,
-        HttpServletResponse resp,
-        String revokeAll, 
-        Locale locale
-    ) throws EBaseException {
+    private void processCertFilter(CMSTemplateParams argSet,
+            IArgBlock header,
+            int maxCount,
+            BigInteger sentinel,
+            int totalRecordCount,
+            String serialTo,
+            String filter,
+            HttpServletRequest req,
+            HttpServletResponse resp,
+            String revokeAll,
+            Locale locale
+            ) throws EBaseException {
         BigInteger serialToVal = MINUS_ONE;
 
         try {
@@ -376,31 +378,31 @@ public class ListCerts extends CMSServlet {
         }
 
         String jumpTo = sentinel.toString();
-	int pSize = 0;
-	if (mReverse) {
-	    if (!mHardJumpTo) //reverse gets one more
-		pSize = -1*maxCount-1;
-	    else
-		pSize = -1*maxCount;
-	} else
-	    pSize = maxCount;
+        int pSize = 0;
+        if (mReverse) {
+            if (!mHardJumpTo) // reverse gets one more
+                pSize = -1 * maxCount - 1;
+            else
+                pSize = -1 * maxCount;
+        } else
+            pSize = maxCount;
 
         ICertRecordList list = (ICertRecordList) mCertDB.findCertRecordsInList(
-	       filter, (String[]) null, jumpTo, mHardJumpTo, "serialno",
-	       pSize);
+                filter, (String[]) null, jumpTo, mHardJumpTo, "serialno",
+                pSize);
         // retrive maxCount + 1 entries
 
-        Enumeration<ICertRecord> e = list.getCertRecords(0, maxCount); 
+        Enumeration<ICertRecord> e = list.getCertRecords(0, maxCount);
 
         ICertRecordList tolist = null;
         int toCurIndex = 0;
 
         if (!serialToVal.equals(MINUS_ONE)) {
-            // if user specify a range, we need to 
+            // if user specify a range, we need to
             // calculate the totalRecordCount
             tolist = (ICertRecordList) mCertDB.findCertRecordsInList(
-                        filter, 
-                        (String[]) null, serialTo, 
+                        filter,
+                        (String[]) null, serialTo,
                         "serialno", maxCount);
             Enumeration<ICertRecord> en = tolist.getCertRecords(0, 0);
 
@@ -420,82 +422,85 @@ public class ListCerts extends CMSServlet {
                 }
             }
         }
-	
+
         int curIndex = list.getCurrentIndex();
 
         int count = 0;
-	BigInteger firstSerial = new BigInteger("0");
-	BigInteger curSerial = new BigInteger("0");
-	ICertRecord[] recs = new ICertRecord[maxCount];
-	int rcount = 0;
+        BigInteger firstSerial = new BigInteger("0");
+        BigInteger curSerial = new BigInteger("0");
+        ICertRecord[] recs = new ICertRecord[maxCount];
+        int rcount = 0;
 
         if (e != null) {
-	    /* in reverse (page up), because the sentinel is the one after the
-	     * last item to be displayed, we need to skip it
-	     */
-            while ((count < ((mReverse &&!mHardJumpTo)? (maxCount+1):maxCount)) && e.hasMoreElements()) {
+            /*
+             * in reverse (page up), because the sentinel is the one after the
+             * last item to be displayed, we need to skip it
+             */
+            while ((count < ((mReverse && !mHardJumpTo) ? (maxCount + 1) : maxCount)) && e.hasMoreElements()) {
                 ICertRecord rec = (ICertRecord) e.nextElement();
 
                 if (rec == null) {
-		com.netscape.certsrv.apps.CMS.debug("record "+count+" is null");
+                    com.netscape.certsrv.apps.CMS.debug("record " + count + " is null");
                     break;
-		}
+                }
                 curSerial = rec.getSerialNumber();
-		com.netscape.certsrv.apps.CMS.debug("record "+count+" is serial#"+curSerial);
-
-		if (count == 0) {
-		    firstSerial = curSerial;
-		    if (mReverse && !mHardJumpTo) {//reverse got one more, skip
-			count++;
-			continue;
-		    }
-		}
-
-                    // DS has a problem where last record will be returned
-                    // even though the filter is not matched. 
-		/*cfu -  is this necessary?  it breaks when paging up
-		if (curSerial.compareTo(sentinel) == -1) {
-			com.netscape.certsrv.apps.CMS.debug("curSerial compare sentinel -1 break...");
-
-			break;
-		    }
-		*/
+                com.netscape.certsrv.apps.CMS.debug("record " + count + " is serial#" + curSerial);
+
+                if (count == 0) {
+                    firstSerial = curSerial;
+                    if (mReverse && !mHardJumpTo) {// reverse got one more, skip
+                        count++;
+                        continue;
+                    }
+                }
+
+                // DS has a problem where last record will be returned
+                // even though the filter is not matched.
+                /*
+                 * cfu - is this necessary? it breaks when paging up if
+                 * (curSerial.compareTo(sentinel) == -1) {
+                 * com.netscape.certsrv.apps
+                 * .CMS.debug("curSerial compare sentinel -1 break...");
+                 * 
+                 * break; }
+                 */
                 if (!serialToVal.equals(MINUS_ONE)) {
                     // check if we go over the limit
                     if (curSerial.compareTo(serialToVal) == 1) {
-		com.netscape.certsrv.apps.CMS.debug("curSerial compare serialToVal 1 breaking...");
+                        com.netscape.certsrv.apps.CMS.debug("curSerial compare serialToVal 1 breaking...");
                         break;
-		    }
+                    }
                 }
 
-		if (mReverse) {
-		    recs[rcount++] = rec;
-		} else {
+                if (mReverse) {
+                    recs[rcount++] = rec;
+                } else {
 
-		    IArgBlock rarg = com.netscape.certsrv.apps.CMS.createArgBlock();
+                    IArgBlock rarg = com.netscape.certsrv.apps.CMS.createArgBlock();
 
-		    fillRecordIntoArg(rec, rarg);
-		    argSet.addRepeatRecord(rarg);
-		}
+                    fillRecordIntoArg(rec, rarg);
+                    argSet.addRepeatRecord(rarg);
+                }
                 count++;
             }
         } else {
             com.netscape.certsrv.apps.CMS.debug(
-                "ListCerts::processCertFilter() - no Cert Records found!" );
+                    "ListCerts::processCertFilter() - no Cert Records found!");
             return;
         }
 
-	if (mReverse) {
-	// fill records into arg block and argSet
-	for (int ii = rcount-1; ii>= 0; ii--) {
-	    if (recs[ii] != null) {
-                IArgBlock rarg = com.netscape.certsrv.apps.CMS.createArgBlock();
-		//com.netscape.certsrv.apps.CMS.debug("item "+ii+" is serial # "+ recs[ii].getSerialNumber());
-                fillRecordIntoArg(recs[ii], rarg);
-                argSet.addRepeatRecord(rarg);
-	    }
-	}
-	}
+        if (mReverse) {
+            // fill records into arg block and argSet
+            for (int ii = rcount - 1; ii >= 0; ii--) {
+                if (recs[ii] != null) {
+                    IArgBlock rarg = com.netscape.certsrv.apps.CMS.createArgBlock();
+                    // com.netscape.certsrv.apps.CMS.debug("item "+ii+" is serial # "+
+                    // recs[ii].getSerialNumber());
+                    fillRecordIntoArg(recs[ii], rarg);
+                    argSet.addRepeatRecord(rarg);
+                }
+            }
+        }
 
         // peek ahead
         ICertRecord nextRec = null;
@@ -519,58 +524,58 @@ public class ListCerts extends CMSServlet {
         if (totalRecordCount == -1) {
             if (!serialToVal.equals(MINUS_ONE)) {
                 totalRecordCount = toCurIndex - curIndex + 1;
-		com.netscape.certsrv.apps.CMS.debug("totalRecordCount="+totalRecordCount);
+                com.netscape.certsrv.apps.CMS.debug("totalRecordCount=" + totalRecordCount);
             } else {
-                totalRecordCount = list.getSize() - 
+                totalRecordCount = list.getSize() -
                         list.getCurrentIndex();
-		com.netscape.certsrv.apps.CMS.debug("totalRecordCount="+totalRecordCount);
+                com.netscape.certsrv.apps.CMS.debug("totalRecordCount=" + totalRecordCount);
             }
         }
 
         header.addIntegerValue("totalRecordCount", totalRecordCount);
-        header.addIntegerValue("currentRecordCount", list.getSize() - 
-            list.getCurrentIndex());
-
-	String qs = "";
-	if (mReverse)
-	    qs = "querySentinelUp";
-	else
-	    qs = "querySentinelDown";
-
-	if (mHardJumpTo) {
-	  com.netscape.certsrv.apps.CMS.debug("curSerial added to querySentinelUp:"+ curSerial.toString());
-
-	  header.addStringValue("querySentinelUp", curSerial.toString());
-	} else {
-        if (nextRec == null) {
-            header.addStringValue(qs, null);
-	    com.netscape.certsrv.apps.CMS.debug("nextRec is null");
-	    if (mReverse) {
-		com.netscape.certsrv.apps.CMS.debug("curSerial added to querySentinelUp:"+ curSerial.toString());
-
-		header.addStringValue("querySentinelUp", curSerial.toString());
-	    }
+        header.addIntegerValue("currentRecordCount", list.getSize() -
+                list.getCurrentIndex());
+
+        String qs = "";
+        if (mReverse)
+            qs = "querySentinelUp";
+        else
+            qs = "querySentinelDown";
+
+        if (mHardJumpTo) {
+            com.netscape.certsrv.apps.CMS.debug("curSerial added to querySentinelUp:" + curSerial.toString());
+
+            header.addStringValue("querySentinelUp", curSerial.toString());
         } else {
-            BigInteger nextRecNo = nextRec.getSerialNumber();
+            if (nextRec == null) {
+                header.addStringValue(qs, null);
+                com.netscape.certsrv.apps.CMS.debug("nextRec is null");
+                if (mReverse) {
+                    com.netscape.certsrv.apps.CMS.debug("curSerial added to querySentinelUp:" + curSerial.toString());
 
-            if (serialToVal.equals(MINUS_ONE)) {
-                header.addStringValue(
-                    qs, nextRecNo.toString());
+                    header.addStringValue("querySentinelUp", curSerial.toString());
+                }
             } else {
-                if (nextRecNo.compareTo(serialToVal) <= 0) {
+                BigInteger nextRecNo = nextRec.getSerialNumber();
+
+                if (serialToVal.equals(MINUS_ONE)) {
                     header.addStringValue(
-                        qs, nextRecNo.toString());
+                            qs, nextRecNo.toString());
                 } else {
-                    header.addStringValue(qs, 
-                        null);
+                    if (nextRecNo.compareTo(serialToVal) <= 0) {
+                        header.addStringValue(
+                                qs, nextRecNo.toString());
+                    } else {
+                        header.addStringValue(qs,
+                                null);
+                    }
                 }
+                com.netscape.certsrv.apps.CMS.debug("querySentinel " + qs + " = " + nextRecNo.toString());
             }
-	    com.netscape.certsrv.apps.CMS.debug("querySentinel "+qs+" = "+nextRecNo.toString());
-        }
-	} // !mHardJumpto
+        } // !mHardJumpto
 
-	header.addStringValue(!mReverse? "querySentinelUp":"querySentinelDown", 
-				  firstSerial.toString());
+        header.addStringValue(!mReverse ? "querySentinelUp" : "querySentinelDown",
+                  firstSerial.toString());
 
     }
 
@@ -578,7 +583,7 @@ public class ListCerts extends CMSServlet {
      * Fills cert record into argument block.
      */
     private void fillRecordIntoArg(ICertRecord rec, IArgBlock rarg)
-        throws EBaseException {
+            throws EBaseException {
 
         X509CertImpl xcert = rec.getCertificate();
 
@@ -586,9 +591,9 @@ public class ListCerts extends CMSServlet {
             fillX509RecordIntoArg(rec, rarg);
         }
     }
-	
+
     private void fillX509RecordIntoArg(ICertRecord rec, IArgBlock rarg)
-        throws EBaseException {
+            throws EBaseException {
 
         X509CertImpl cert = rec.getCertificate();
 
@@ -631,12 +636,13 @@ public class ListCerts extends CMSServlet {
         rarg.addStringValue("signatureAlgorithm", cert.getSigAlgOID());
         String issuedBy = rec.getIssuedBy();
 
-        if (issuedBy == null) issuedBy = "";
+        if (issuedBy == null)
+            issuedBy = "";
         rarg.addStringValue("issuedBy", issuedBy); // cert.getIssuerDN().toString()
         rarg.addLongValue("issuedOn", rec.getCreateTime().getTime() / 1000);
 
         rarg.addStringValue("revokedBy",
-            ((rec.getRevokedBy() == null) ? "" : rec.getRevokedBy()));
+                ((rec.getRevokedBy() == null) ? "" : rec.getRevokedBy()));
         if (rec.getRevokedOn() == null) {
             rarg.addStringValue("revokedOn", null);
         } else {
@@ -665,4 +671,3 @@ public class ListCerts extends CMSServlet {
         }
     }
 }
-
diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/Monitor.java b/pki/base/common/src/com/netscape/cms/servlet/cert/Monitor.java
index db77d039..b248d2bd 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/cert/Monitor.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/cert/Monitor.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.servlet.cert;
 
-
 import java.io.IOException;
 import java.util.Calendar;
 import java.util.Date;
@@ -51,10 +50,9 @@ import com.netscape.cms.servlet.common.CMSTemplate;
 import com.netscape.cms.servlet.common.CMSTemplateParams;
 import com.netscape.cms.servlet.common.ECMSGWException;
 
-
 /**
  * Provide statistical queries of request and certificate records.
- *
+ * 
  * @version $Revision$, $Date$
  */
 public class Monitor extends CMSServlet {
@@ -83,8 +81,8 @@ public class Monitor extends CMSServlet {
 
     /**
      * initialize the servlet. This servlet uses the template file
-	 * 'monitor.template' to render the response.
-     *
+     * 'monitor.template' to render the response.
+     * 
      * @param sc servlet configuration, read from the web.xml file
      */
 
@@ -111,8 +109,8 @@ public class Monitor extends CMSServlet {
      * Process the HTTP request.
      * <ul>
      * <li>http.param startTime start of time period to query
-     * <li>http.param  endTime   end of time period to query
-     * <li>http.param interval  time between queries
+     * <li>http.param endTime end of time period to query
+     * <li>http.param interval time between queries
      * <li>http.param numberOfIntervals number of queries to run
      * <li>http.param maxResults =number
      * <li>http.param timeLimit =time
@@ -130,10 +128,10 @@ public class Monitor extends CMSServlet {
                         mAuthzResourceName, "read");
         } catch (EAuthzAccessDenied e) {
             log(ILogger.LL_FAILURE,
-                CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+                    CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
         } catch (Exception e) {
             log(ILogger.LL_FAILURE,
-                CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+                    CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
         }
 
         if (authzToken == null) {
@@ -158,8 +156,8 @@ public class Monitor extends CMSServlet {
         try {
             form = getTemplate(mFormPath, req, locale);
         } catch (IOException e) {
-            log(ILogger.LL_FAILURE, 
-                CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString()));
+            log(ILogger.LL_FAILURE,
+                    CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString()));
             throw new ECMSGWException(CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
         }
 
@@ -172,7 +170,7 @@ public class Monitor extends CMSServlet {
             process(argSet, header, startTime, endTime, interval, numberOfIntervals, locale[0]);
         } catch (EBaseException e) {
             log(ILogger.LL_FAILURE,
-                CMS.getLogMessage("CMSGW_ERR_PROCESSING_REQ", e.toString()));
+                    CMS.getLogMessage("CMSGW_ERR_PROCESSING_REQ", e.toString()));
             error = e;
         }
 
@@ -182,29 +180,29 @@ public class Monitor extends CMSServlet {
             if (error == null) {
                 String xmlOutput = req.getParameter("xml");
                 if (xmlOutput != null && xmlOutput.equals("true")) {
-                  outputXML(resp, argSet);
+                    outputXML(resp, argSet);
                 } else {
-                  resp.setContentType("text/html");
-                  form.renderOutput(out, argSet);
-                  cmsReq.setStatus(CMSRequest.SUCCESS);
+                    resp.setContentType("text/html");
+                    form.renderOutput(out, argSet);
+                    cmsReq.setStatus(CMSRequest.SUCCESS);
                 }
             } else {
                 cmsReq.setStatus(CMSRequest.ERROR);
                 cmsReq.setError(error);
             }
         } catch (IOException e) {
-            log(ILogger.LL_FAILURE, 
-                CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE",
-                    e.toString()));
+            log(ILogger.LL_FAILURE,
+                    CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE",
+                            e.toString()));
             throw new ECMSGWException(CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
         }
     }
 
-    private void process(CMSTemplateParams argSet, IArgBlock header, 
-        String startTime, String endTime,
-        String interval, String numberOfIntervals,
-        Locale locale)
-        throws EBaseException {
+    private void process(CMSTemplateParams argSet, IArgBlock header,
+            String startTime, String endTime,
+            String interval, String numberOfIntervals,
+            Locale locale)
+            throws EBaseException {
         if (interval == null || interval.length() == 0) {
             header.addStringValue("error", "Invalid interval: " + interval);
             return;
@@ -270,7 +268,7 @@ public class Monitor extends CMSServlet {
 
         return;
     }
-    
+
     Date nextDate(Date d, int seconds) {
         Date date = new Date((d.getTime()) + ((long) (seconds * 1000)));
 
@@ -326,12 +324,12 @@ public class Monitor extends CMSServlet {
                     mTotalReqs += count;
                 }
             } catch (Exception ex) {
-                return "Exception: " + ex; 
+                return "Exception: " + ex;
             }
 
             return null;
         } else {
-            return "Missing start or end date"; 
+            return "Missing start or end date";
         }
     }
 
@@ -348,12 +346,12 @@ public class Monitor extends CMSServlet {
                 int hour = Integer.parseInt(z.substring(8, 10));
                 int minute = Integer.parseInt(z.substring(10, 12));
                 int second = Integer.parseInt(z.substring(12, 14));
-                Calendar calendar= Calendar.getInstance();
+                Calendar calendar = Calendar.getInstance();
                 calendar.set(year, month, date, hour, minute, second);
                 d = calendar.getTime();
             } catch (NumberFormatException nfe) {
             }
-        } else if (z != null && z.length() > 1 && z.charAt(0) == '-') {  // -5
+        } else if (z != null && z.length() > 1 && z.charAt(0) == '-') { // -5
             try {
                 int i = Integer.parseInt(z);
 
@@ -370,23 +368,27 @@ public class Monitor extends CMSServlet {
         Calendar calendar = Calendar.getInstance();
         calendar.setTime(d);
 
-
         String time = "" + (calendar.get(Calendar.YEAR));
         int i = calendar.get(Calendar.MONTH) + 1;
 
-        if (i < 10) time += "0";
+        if (i < 10)
+            time += "0";
         time += i;
-        i =  calendar.get(Calendar.DAY_OF_MONTH);
-        if (i < 10) time += "0";
+        i = calendar.get(Calendar.DAY_OF_MONTH);
+        if (i < 10)
+            time += "0";
         time += i;
         i = calendar.get(Calendar.HOUR_OF_DAY);
-        if (i < 10) time += "0";
+        if (i < 10)
+            time += "0";
         time += i;
         i = calendar.get(Calendar.MINUTE);
-        if (i < 10) time += "0";
+        if (i < 10)
+            time += "0";
         time += i;
         i = calendar.get(Calendar.SECOND);
-        if (i < 10) time += "0";
+        if (i < 10)
+            time += "0";
         time += i + "Z";
         return time;
     }
@@ -403,4 +405,3 @@ public class Monitor extends CMSServlet {
         return filter;
     }
 }
-
diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/ReasonToRevoke.java b/pki/base/common/src/com/netscape/cms/servlet/cert/ReasonToRevoke.java
index 50296cf1..db09fae9 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/cert/ReasonToRevoke.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/cert/ReasonToRevoke.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.servlet.cert;
 
-
 import java.io.IOException;
 import java.util.Enumeration;
 import java.util.Locale;
@@ -48,10 +47,9 @@ import com.netscape.cms.servlet.common.CMSTemplate;
 import com.netscape.cms.servlet.common.CMSTemplateParams;
 import com.netscape.cms.servlet.common.ECMSGWException;
 
-
 /**
  * Specify the RevocationReason when revoking a certificate
- *
+ * 
  * @version $Revision$, $Date$
  */
 public class ReasonToRevoke extends CMSServlet {
@@ -75,9 +73,9 @@ public class ReasonToRevoke extends CMSServlet {
     }
 
     /**
-	 * initialize the servlet. This servlet uses the template file
-	 * 'reasonToRevoke.template' to render the response
- 	 *
+     * initialize the servlet. This servlet uses the template file
+     * 'reasonToRevoke.template' to render the response
+     * 
      * @param sc servlet configuration, read from the web.xml file
      */
     public void init(ServletConfig sc) throws ServletException {
@@ -108,13 +106,13 @@ public class ReasonToRevoke extends CMSServlet {
     /**
      * Returns serlvet information.
      */
-    public String getServletInfo() { 
-        return INFO; 
+    public String getServletInfo() {
+        return INFO;
     }
 
     /**
-     * Process the HTTP request. 
-     *
+     * Process the HTTP request.
+     * 
      * @param cmsReq the object holding the request and response information
      */
     public void process(CMSRequest cmsReq) throws EBaseException {
@@ -130,10 +128,10 @@ public class ReasonToRevoke extends CMSServlet {
                         mAuthzResourceName, "revoke");
         } catch (EAuthzAccessDenied e) {
             log(ILogger.LL_FAILURE,
-                CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+                    CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
         } catch (Exception e) {
             log(ILogger.LL_FAILURE,
-                CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+                    CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
         }
 
         if (authzToken == null) {
@@ -151,10 +149,10 @@ public class ReasonToRevoke extends CMSServlet {
         try {
             form = getTemplate(mFormPath, req, locale);
         } catch (IOException e) {
-            log(ILogger.LL_FAILURE, 
-                CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString()));
+            log(ILogger.LL_FAILURE,
+                    CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString()));
             throw new ECMSGWException(
-              CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
+                    CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
         }
 
         IArgBlock header = CMS.createArgBlock();
@@ -163,31 +161,26 @@ public class ReasonToRevoke extends CMSServlet {
 
         try {
             if (req.getParameter("totalRecordCount") != null) {
-                totalRecordCount = 
+                totalRecordCount =
                         Integer.parseInt(req.getParameter("totalRecordCount"));
             }
 
             revokeAll = req.getParameter("revokeAll");
 
-            process(argSet, header, req, resp, 
-                revokeAll, totalRecordCount, locale[0]);
+            process(argSet, header, req, resp,
+                    revokeAll, totalRecordCount, locale[0]);
         } catch (EBaseException e) {
             error = e;
         } catch (NumberFormatException e) {
             log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_INVALID_RECORD_COUNT_FORMAT"));
             error = new EBaseException(CMS.getUserMessage(getLocale(req), "CMS_BASE_INVALID_NUMBER_FORMAT"));
-        } 
+        }
 
         /*
-         catch (Exception e) {
-         noError = false;
-         header.addStringValue(OUT_ERROR,
-         MessageFormatter.getLocalizedString(
-         errorlocale[0],
-         BaseResources.class.getName(),
-         BaseResources.INTERNAL_ERROR_1,
-         e.toString()));
-         }
+         * catch (Exception e) { noError = false;
+         * header.addStringValue(OUT_ERROR, MessageFormatter.getLocalizedString(
+         * errorlocale[0], BaseResources.class.getName(),
+         * BaseResources.INTERNAL_ERROR_1, e.toString())); }
          */
 
         try {
@@ -196,30 +189,30 @@ public class ReasonToRevoke extends CMSServlet {
             if (error == null) {
                 String xmlOutput = req.getParameter("xml");
                 if (xmlOutput != null && xmlOutput.equals("true")) {
-                  outputXML(resp, argSet);
+                    outputXML(resp, argSet);
                 } else {
-                  resp.setContentType("text/html");
-                  form.renderOutput(out, argSet);
-                  cmsReq.setStatus(CMSRequest.SUCCESS);
+                    resp.setContentType("text/html");
+                    form.renderOutput(out, argSet);
+                    cmsReq.setStatus(CMSRequest.SUCCESS);
                 }
             } else {
                 cmsReq.setStatus(CMSRequest.ERROR);
                 cmsReq.setError(error);
             }
         } catch (IOException e) {
-            log(ILogger.LL_FAILURE, 
-                CMS.getLogMessage("CMSGW_ERR_OUT_STREAM_TEMPLATE", e.toString()));
+            log(ILogger.LL_FAILURE,
+                    CMS.getLogMessage("CMSGW_ERR_OUT_STREAM_TEMPLATE", e.toString()));
             throw new ECMSGWException(
-              CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
+                    CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
         }
     }
 
     private void process(CMSTemplateParams argSet, IArgBlock header,
-        HttpServletRequest req,
-        HttpServletResponse resp,
-        String revokeAll, int totalRecordCount,
-        Locale locale) 
-        throws EBaseException {
+            HttpServletRequest req,
+            HttpServletResponse resp,
+            String revokeAll, int totalRecordCount,
+            Locale locale)
+            throws EBaseException {
 
         header.addStringValue("revokeAll", revokeAll);
         header.addIntegerValue("totalRecordCount", totalRecordCount);
@@ -238,14 +231,14 @@ public class ReasonToRevoke extends CMSServlet {
 
                 if (isCertFromCA(caCert)) {
                     header.addStringValue("caSerialNumber",
-                        caCert.getSerialNumber().toString(16));
+                            caCert.getSerialNumber().toString(16));
                 }
             }
 
             /**
-             ICertRecordList list = mCertDB.findCertRecordsInList(
-             revokeAll, null, totalRecordCount);
-             Enumeration e = list.getCertRecords(0, totalRecordCount - 1);
+             * ICertRecordList list = mCertDB.findCertRecordsInList( revokeAll,
+             * null, totalRecordCount); Enumeration e = list.getCertRecords(0,
+             * totalRecordCount - 1);
              **/
             Enumeration e = mCertDB.searchCertificates(revokeAll,
                     totalRecordCount, mTimeLimits);
@@ -265,16 +258,16 @@ public class ReasonToRevoke extends CMSServlet {
                         count++;
                         IArgBlock rarg = CMS.createArgBlock();
 
-                        rarg.addStringValue("serialNumber", 
-                            xcert.getSerialNumber().toString(16));
-                        rarg.addStringValue("serialNumberDecimal", 
-                            xcert.getSerialNumber().toString());
-                        rarg.addStringValue("subject", 
-                            xcert.getSubjectDN().toString());
-                        rarg.addLongValue("validNotBefore", 
-                            xcert.getNotBefore().getTime() / 1000);
-                        rarg.addLongValue("validNotAfter", 
-                            xcert.getNotAfter().getTime() / 1000);
+                        rarg.addStringValue("serialNumber",
+                                xcert.getSerialNumber().toString(16));
+                        rarg.addStringValue("serialNumberDecimal",
+                                xcert.getSerialNumber().toString());
+                        rarg.addStringValue("subject",
+                                xcert.getSubjectDN().toString());
+                        rarg.addLongValue("validNotBefore",
+                                xcert.getNotBefore().getTime() / 1000);
+                        rarg.addLongValue("validNotAfter",
+                                xcert.getNotAfter().getTime() / 1000);
                         argSet.addRepeatRecord(rarg);
                     }
             }
@@ -288,4 +281,3 @@ public class ReasonToRevoke extends CMSServlet {
         return;
     }
 }
-
diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/RemoteAuthConfig.java b/pki/base/common/src/com/netscape/cms/servlet/cert/RemoteAuthConfig.java
index 9c414b9c..c1d95acf 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/cert/RemoteAuthConfig.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/cert/RemoteAuthConfig.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.servlet.cert;
 
-
 import java.io.IOException;
 import java.util.Calendar;
 import java.util.Date;
@@ -54,7 +53,6 @@ import com.netscape.cms.servlet.common.CMSTemplate;
 import com.netscape.cms.servlet.common.CMSTemplateParams;
 import com.netscape.cms.servlet.common.ECMSGWException;
 
-
 /**
  * Allow agent to turn on/off authentication managers
  * 
@@ -89,11 +87,11 @@ public class RemoteAuthConfig extends CMSServlet {
 
     /**
      * Initializes the servlet.
-     *
-     * Presence of "auths.enableRemoteConfiguration=true" in CMS.cfg
-     * enables remote configuration for authentication plugins.
-     * List of remotely set instances can be found in CMS.cfg
-     * at "auths.remotelySetInstances=<name1>,<name2>,...,<nameN>"
+     * 
+     * Presence of "auths.enableRemoteConfiguration=true" in CMS.cfg enables
+     * remote configuration for authentication plugins. List of remotely set
+     * instances can be found in CMS.cfg at
+     * "auths.remotelySetInstances=<name1>,<name2>,...,<nameN>"
      */
     public void init(ServletConfig sc) throws ServletException {
         super.init(sc);
@@ -104,7 +102,8 @@ public class RemoteAuthConfig extends CMSServlet {
         try {
             mEnableRemoteConfiguration = mAuthConfig.getBoolean(ENABLE_REMOTE_CONFIG, false);
         } catch (EBaseException eb) {
-            // Thanks to design of getBoolean we have to catch but we will never get anything.
+            // Thanks to design of getBoolean we have to catch but we will never
+            // get anything.
         }
 
         String remoteList = null;
@@ -112,7 +111,8 @@ public class RemoteAuthConfig extends CMSServlet {
         try {
             remoteList = mAuthConfig.getString(REMOTELY_SET_INSTANCES, null);
         } catch (EBaseException eb) {
-            // Thanks to design of getString we have to catch but we will never get anything.
+            // Thanks to design of getString we have to catch but we will never
+            // get anything.
         }
         if (remoteList != null) {
             StringTokenizer s = new StringTokenizer(remoteList, ",");
@@ -133,16 +133,10 @@ public class RemoteAuthConfig extends CMSServlet {
 
     /**
      * Serves HTTPS request. The format of this request is as follows:
-     *   https://host:ee-port/remoteAuthConfig?
-     *                        op="add"|"delete"&
-     *                        instance=<instanceName>&
-     *                        of=<authPluginName>&
-     *                        host=<hostName>&
-     *                        port=<portNumber>&
-     *                        password=<password>&
-     *                        [adminDN=<adminDN>]&
-     *                        [uid=<uid>]&
-     *                        [baseDN=<baseDN>]
+     * https://host:ee-port/remoteAuthConfig? op="add"|"delete"&
+     * instance=<instanceName>& of=<authPluginName>& host=<hostName>&
+     * port=<portNumber>& password=<password>& [adminDN=<adminDN>]& [uid=<uid>]&
+     * [baseDN=<baseDN>]
      */
     public void process(CMSRequest cmsReq) throws EBaseException {
         HttpServletRequest req = cmsReq.getHttpReq();
@@ -201,7 +195,7 @@ public class RemoteAuthConfig extends CMSServlet {
                                     }
                                 } else {
                                     header.addStringValue("error", "Unknown instance " +
-                                        instance + ".");
+                                            instance + ".");
                                 }
                             } else {
                                 header.addStringValue("error", "Unknown plugin name: " + plugin);
@@ -217,7 +211,7 @@ public class RemoteAuthConfig extends CMSServlet {
                                 }
                                 if (isInstanceListed(instance)) {
                                     header.addStringValue("error", "Instance name " +
-                                        instance + " is already in use.");
+                                            instance + " is already in use.");
                                 } else {
                                     errMsg = addInstance(instance, plugin,
                                                 host, port, baseDN,
@@ -253,7 +247,7 @@ public class RemoteAuthConfig extends CMSServlet {
         } catch (IOException e) {
             log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", e.toString()));
             throw new ECMSGWException(
-              CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
+                    CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
         }
 
         try {
@@ -263,15 +257,15 @@ public class RemoteAuthConfig extends CMSServlet {
             form.renderOutput(out, argSet);
             cmsReq.setStatus(CMSRequest.SUCCESS);
         } catch (IOException e) {
-            log(ILogger.LL_FAILURE, 
-                CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString()));
+            log(ILogger.LL_FAILURE,
+                    CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString()));
             throw new ECMSGWException(
-              CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
+                    CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
         }
     }
 
     private String authenticateRemoteAdmin(String host, String port,
-        String adminDN, String password) {
+            String adminDN, String password) {
         if (host == null || host.length() == 0) {
             return "Missing host name.";
         }
@@ -339,13 +333,11 @@ public class RemoteAuthConfig extends CMSServlet {
             } catch (LDAPException e) {
 
                 /*
-                 switch (e.getLDAPResultCode()) {
-                 case LDAPException.NO_SUCH_OBJECT:
-                 case LDAPException.INVALID_CREDENTIALS:
-                 case LDAPException.INSUFFICIENT_ACCESS_RIGHTS:
-                 case LDAPException.LDAP_PARTIAL_RESULTS:
-                 default:
-                 }
+                 * switch (e.getLDAPResultCode()) { case
+                 * LDAPException.NO_SUCH_OBJECT: case
+                 * LDAPException.INVALID_CREDENTIALS: case
+                 * LDAPException.INSUFFICIENT_ACCESS_RIGHTS: case
+                 * LDAPException.LDAP_PARTIAL_RESULTS: default: }
                  */
                 c.disconnect();
                 return "LDAP error: " + e.toString();
@@ -362,8 +354,8 @@ public class RemoteAuthConfig extends CMSServlet {
     }
 
     private String authenticateRemoteAdmin(String host, String port,
-        String uid, String baseDN,
-        String password) {
+            String uid, String baseDN,
+            String password) {
         if (host == null || host.length() == 0) {
             return "Missing host name.";
         }
@@ -473,8 +465,8 @@ public class RemoteAuthConfig extends CMSServlet {
     }
 
     private String addInstance(String instance, String plugin,
-        String host, String port,
-        String baseDN, String dnPattern) {
+            String host, String port,
+            String baseDN, String dnPattern) {
         if (host == null || host.length() == 0) {
             return "Missing host name.";
         }
@@ -516,7 +508,8 @@ public class RemoteAuthConfig extends CMSServlet {
         StringBuffer list = new StringBuffer();
 
         for (int i = 0; i < mRemotelySetInstances.size(); i++) {
-            if (i > 0) list.append(",");
+            if (i > 0)
+                list.append(",");
             list.append((String) mRemotelySetInstances.elementAt(i));
         }
 
@@ -542,7 +535,8 @@ public class RemoteAuthConfig extends CMSServlet {
             StringBuffer list = new StringBuffer();
 
             for (int i = 0; i < mRemotelySetInstances.size(); i++) {
-                if (i > 0) list.append(",");
+                if (i > 0)
+                    list.append(",");
                 list.append((String) mRemotelySetInstances.elementAt(i));
             }
 
@@ -602,17 +596,21 @@ public class RemoteAuthConfig extends CMSServlet {
         int y = now.get(Calendar.YEAR);
         String name = "R" + y;
 
-        if (now.get(Calendar.MONTH) < 10) name += "0";
+        if (now.get(Calendar.MONTH) < 10)
+            name += "0";
         name += now.get(Calendar.MONTH);
-        if (now.get(Calendar.DAY_OF_MONTH) < 10) name += "0";
+        if (now.get(Calendar.DAY_OF_MONTH) < 10)
+            name += "0";
         name += now.get(Calendar.DAY_OF_MONTH);
-        if (now.get(Calendar.HOUR_OF_DAY) < 10) name += "0";
+        if (now.get(Calendar.HOUR_OF_DAY) < 10)
+            name += "0";
         name += now.get(Calendar.HOUR_OF_DAY);
-        if (now.get(Calendar.MINUTE) < 10) name += "0";
+        if (now.get(Calendar.MINUTE) < 10)
+            name += "0";
         name += now.get(Calendar.MINUTE);
-        if (now.get(Calendar.SECOND) < 10) name += "0";
+        if (now.get(Calendar.SECOND) < 10)
+            name += "0";
         name += now.get(Calendar.SECOND);
         return name;
     }
 }
-
diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/RenewalServlet.java b/pki/base/common/src/com/netscape/cms/servlet/cert/RenewalServlet.java
index 050dd36d..e603103a 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/cert/RenewalServlet.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/cert/RenewalServlet.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.servlet.cert;
 
-
 import java.io.IOException;
 import java.math.BigInteger;
 import java.security.cert.CertificateException;
@@ -59,7 +58,7 @@ import com.netscape.cms.servlet.common.ICMSTemplateFiller;
 
 /**
  * Certificate Renewal
- *
+ * 
  * @version $Revision$, $Date$
  */
 public class RenewalServlet extends CMSServlet {
@@ -69,29 +68,27 @@ public class RenewalServlet extends CMSServlet {
     private static final long serialVersionUID = -3094124661102395244L;
 
     // renewal templates.
-    public static final String 
-        RENEWAL_SUCCESS_TEMPLATE = "RenewalSuccess.template";
+    public static final String RENEWAL_SUCCESS_TEMPLATE = "RenewalSuccess.template";
 
-    // http params 
+    // http params
     public static final String CERT_TYPE = "certType";
     public static final String SERIAL_NO = "serialNo";
-    // XXX can't do pkcs10 cause it's got no serial no. 
+    // XXX can't do pkcs10 cause it's got no serial no.
     // (unless put serial no in pki attributes)
-    // public static final String PKCS10 = "pkcs10";	
+    // public static final String PKCS10 = "pkcs10";
     public static final String IMPORT_CERT = "importCert";
 
     private String mRenewalSuccessTemplate = RENEWAL_SUCCESS_TEMPLATE;
-    private ICMSTemplateFiller 
-        mRenewalSuccessFiller = new ImportCertsTemplateFiller();
+    private ICMSTemplateFiller mRenewalSuccessFiller = new ImportCertsTemplateFiller();
 
     public RenewalServlet() {
         super();
     }
 
     /**
-     * initialize the servlet. This servlet makes use of the
-     * template file "RenewalSuccess.template" to render the
-     * response
+     * initialize the servlet. This servlet makes use of the template file
+     * "RenewalSuccess.template" to render the response
+     * 
      * @param sc servlet configuration, read from the web.xml file
      */
     public void init(ServletConfig sc) throws ServletException {
@@ -103,43 +100,42 @@ public class RenewalServlet extends CMSServlet {
                         PROP_SUCCESS_TEMPLATE);
             if (mRenewalSuccessTemplate == null)
                 mRenewalSuccessTemplate = RENEWAL_SUCCESS_TEMPLATE;
-            String fillername = 
-                sc.getInitParameter(PROP_SUCCESS_TEMPLATE_FILLER);
+            String fillername =
+                    sc.getInitParameter(PROP_SUCCESS_TEMPLATE_FILLER);
 
             if (fillername != null) {
                 ICMSTemplateFiller filler = newFillerObject(fillername);
 
-                if (filler != null) 
+                if (filler != null)
                     mRenewalSuccessFiller = filler;
             }
         } catch (Exception e) {
-            // this should never happen. 
-            log(ILogger.LL_FAILURE, 
-                CMS.getLogMessage("CMSGW_IMP_INIT_SERV_ERR", e.toString(),
-                    mId));
+            // this should never happen.
+            log(ILogger.LL_FAILURE,
+                    CMS.getLogMessage("CMSGW_IMP_INIT_SERV_ERR", e.toString(),
+                            mId));
         }
 
     }
 
-
     /**
-     * Process the HTTP request. 
-     *
+     * Process the HTTP request.
+     * 
      * @param cmsReq the object holding the request and response information
      */
-    protected void process(CMSRequest cmsReq) 
-        throws EBaseException {
+    protected void process(CMSRequest cmsReq)
+            throws EBaseException {
         long startTime = CMS.getCurrentDate().getTime();
         IArgBlock httpParams = cmsReq.getHttpParams();
         HttpServletRequest httpReq = cmsReq.getHttpReq();
 
-        // renewal requires either: 
-        //  - coming from ee: 
-        //		- old cert from ssl client auth 
-        //		- old certs from auth manager
-        // 	- coming from agent or trusted RA: 
-        //  	- serial no of cert to be renewed. 
-		
+        // renewal requires either:
+        // - coming from ee:
+        // - old cert from ssl client auth
+        // - old certs from auth manager
+        // - coming from agent or trusted RA:
+        // - serial no of cert to be renewed.
+
         BigInteger old_serial_no = null;
         X509CertImpl old_cert = null;
         X509CertImpl renewed_cert = null;
@@ -156,10 +152,10 @@ public class RenewalServlet extends CMSServlet {
                         mAuthzResourceName, "renew");
         } catch (EAuthzAccessDenied e) {
             log(ILogger.LL_FAILURE,
-                CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+                    CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
         } catch (Exception e) {
             log(ILogger.LL_FAILURE,
-                CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+                    CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
         }
 
         if (authzToken == null) {
@@ -174,7 +170,7 @@ public class RenewalServlet extends CMSServlet {
                     authToken.getInString(AuthToken.TOKEN_AUTHMGR_INST_NAME);
         }
 
-        // coming from agent 
+        // coming from agent
         if (mAuthMgr != null && mAuthMgr.equals(IAuthSubsystem.CERTUSERDB_AUTHMGR_ID)) {
             X509Certificate[] cert = new X509Certificate[1];
 
@@ -190,7 +186,7 @@ public class RenewalServlet extends CMSServlet {
             int endDate = httpParams.getValueAsInt("endDate", -1);
 
             if (beginYear != -1 && beginMonth != -1 && beginDate != -1 &&
-                endYear != -1 && endMonth != -1 && endDate != -1) {
+                    endYear != -1 && endMonth != -1 && endDate != -1) {
                 Calendar calendar = Calendar.getInstance();
                 calendar.set(beginYear, beginMonth, beginDate);
                 notBefore = calendar.getTime();
@@ -199,7 +195,7 @@ public class RenewalServlet extends CMSServlet {
             }
         } // coming from client
         else {
-            // from auth manager 
+            // from auth manager
             X509CertImpl[] cert = new X509CertImpl[1];
 
             old_serial_no = getCertFromAuthMgr(authToken, cert);
@@ -213,44 +209,44 @@ public class RenewalServlet extends CMSServlet {
             X509CertInfo new_certInfo = null;
 
             req = mRequestQueue.newRequest(IRequest.RENEWAL_REQUEST);
-            req.setExtData(IRequest.OLD_SERIALS, new BigInteger[] {old_serial_no});
+            req.setExtData(IRequest.OLD_SERIALS, new BigInteger[] { old_serial_no });
             if (old_cert != null) {
                 req.setExtData(IRequest.OLD_CERTS,
-                    new X509CertImpl[] { old_cert }
-                );
-                // create new certinfo from old_cert contents. 
+                        new X509CertImpl[] { old_cert }
+                        );
+                // create new certinfo from old_cert contents.
                 X509CertInfo old_certInfo = (X509CertInfo)
-                    ((X509CertImpl) old_cert).get(
-                        X509CertImpl.NAME + "." + X509CertImpl.INFO);
+                        ((X509CertImpl) old_cert).get(
+                                X509CertImpl.NAME + "." + X509CertImpl.INFO);
 
                 new_certInfo = new X509CertInfo(old_certInfo.getEncodedInfo());
             } else {
-                // if no old cert (came from RA agent) create new cert info 
-                // (serializable) to pass through policies. And set the old 
+                // if no old cert (came from RA agent) create new cert info
+                // (serializable) to pass through policies. And set the old
                 // serial number to pick up.
                 new_certInfo = new CertInfo();
-                new_certInfo.set(X509CertInfo.SERIAL_NUMBER, 
-                    new CertificateSerialNumber(old_serial_no));
+                new_certInfo.set(X509CertInfo.SERIAL_NUMBER,
+                        new CertificateSerialNumber(old_serial_no));
             }
-			
+
             if (notBefore == null || notAfter == null) {
                 notBefore = new Date(0);
                 notAfter = new Date(0);
             }
-            new_certInfo.set(X509CertInfo.VALIDITY, 
-                new CertificateValidity(notBefore, notAfter));
+            new_certInfo.set(X509CertInfo.VALIDITY,
+                    new CertificateValidity(notBefore, notAfter));
             req.setExtData(IRequest.CERT_INFO, new X509CertInfo[] { new_certInfo }
-            );
+                    );
         } catch (CertificateException e) {
-            log(ILogger.LL_FAILURE, 
-                CMS.getLogMessage("CMSGW_ERROR_SETTING_RENEWAL_VALIDITY_1", e.toString()));
+            log(ILogger.LL_FAILURE,
+                    CMS.getLogMessage("CMSGW_ERROR_SETTING_RENEWAL_VALIDITY_1", e.toString()));
             throw new ECMSGWException(
-              CMS.getUserMessage("CMS_GW_SETTING_RENEWAL_VALIDITY_ERROR"));
+                    CMS.getUserMessage("CMS_GW_SETTING_RENEWAL_VALIDITY_ERROR"));
         } catch (IOException e) {
-            log(ILogger.LL_FAILURE, 
-                CMS.getLogMessage("CMSGW_ERROR_SETTING_RENEWAL_VALIDITY_1", e.toString()));
+            log(ILogger.LL_FAILURE,
+                    CMS.getLogMessage("CMSGW_ERROR_SETTING_RENEWAL_VALIDITY_1", e.toString()));
             throw new ECMSGWException(
-              CMS.getUserMessage("CMS_GW_SETTING_RENEWAL_VALIDITY_ERROR"));
+                    CMS.getUserMessage("CMS_GW_SETTING_RENEWAL_VALIDITY_ERROR"));
         }
 
         saveHttpHeaders(httpReq, req);
@@ -259,7 +255,7 @@ public class RenewalServlet extends CMSServlet {
             saveAuthToken(authToken, req);
         cmsReq.setIRequest(req);
 
-        // send request to request queue. 
+        // send request to request queue.
         mRequestQueue.processRequest(req);
 
         // for audit log
@@ -269,12 +265,12 @@ public class RenewalServlet extends CMSServlet {
         if (mAuthMgr != null && mAuthMgr.equals(IAuthSubsystem.CERTUSERDB_AUTHMGR_ID)) {
             agentID = authToken.getInString("userid");
             initiative = AuditFormat.FROMAGENT + " agentID: " + agentID;
-        }else {
+        } else {
             // request is from eegateway, so fromUser.
             initiative = AuditFormat.FROMUSER;
         }
 
-        // check resulting status 
+        // check resulting status
         RequestStatus status = req.getRequestStatus();
 
         if (status != RequestStatus.COMPLETE) {
@@ -292,92 +288,92 @@ public class RenewalServlet extends CMSServlet {
                         wholeMsg.append(msgs.nextElement());
                     }
 
-                    mLogger.log(ILogger.EV_AUDIT, 
-                        ILogger.S_OTHER,
-                        AuditFormat.LEVEL,
-                        AuditFormat.RENEWALFORMAT,
-                        new Object[] {
-                            req.getRequestId(), 
-                            initiative,
-                            authMgr,
-                            status.toString(),
-                            old_cert.getSubjectDN(),
-                            old_cert.getSerialNumber().toString(16),
-                            "violation: " +
-                            wholeMsg.toString()}
-                        // wholeMsg},
-                        // ILogger.L_MULTILINE
-                    );
+                    mLogger.log(ILogger.EV_AUDIT,
+                            ILogger.S_OTHER,
+                            AuditFormat.LEVEL,
+                            AuditFormat.RENEWALFORMAT,
+                            new Object[] {
+                                    req.getRequestId(),
+                                    initiative,
+                                    authMgr,
+                                    status.toString(),
+                                    old_cert.getSubjectDN(),
+                                    old_cert.getSerialNumber().toString(16),
+                                    "violation: " +
+                                            wholeMsg.toString() }
+                            // wholeMsg},
+                            // ILogger.L_MULTILINE
+                            );
                 } else { // no policy violation, from agent
                     mLogger.log(ILogger.EV_AUDIT,
+                            ILogger.S_OTHER,
+                            AuditFormat.LEVEL,
+                            AuditFormat.RENEWALFORMAT,
+                            new Object[] {
+                                    req.getRequestId(),
+                                    initiative,
+                                    authMgr,
+                                    status.toString(),
+                                    old_cert.getSubjectDN(),
+                                    old_cert.getSerialNumber().toString(16),
+                                    "" }
+                            );
+                }
+            } else { // other imcomplete status
+                mLogger.log(ILogger.EV_AUDIT,
                         ILogger.S_OTHER,
                         AuditFormat.LEVEL,
                         AuditFormat.RENEWALFORMAT,
                         new Object[] {
-                            req.getRequestId(), 
-                            initiative,
-                            authMgr,
-                            status.toString(),
-                            old_cert.getSubjectDN(),
-                            old_cert.getSerialNumber().toString(16),
-                            "" }
-                    );
-                }
-            } else { // other imcomplete status 
-                mLogger.log(ILogger.EV_AUDIT,
-                    ILogger.S_OTHER,
-                    AuditFormat.LEVEL,
-                    AuditFormat.RENEWALFORMAT,
-                    new Object[] {
-                        req.getRequestId(), 
-                        initiative,
-                        authMgr,
-                        status.toString(),
-                        old_cert.getSubjectDN(),
-                        old_cert.getSerialNumber().toString(16),
-                        "" }
-                );
+                                req.getRequestId(),
+                                initiative,
+                                authMgr,
+                                status.toString(),
+                                old_cert.getSubjectDN(),
+                                old_cert.getSerialNumber().toString(16),
+                                "" }
+                        );
             }
             return;
         }
 
-        // service error 
+        // service error
         Integer result = req.getExtDataInInteger(IRequest.RESULT);
 
         CMS.debug(
-            "RenewalServlet: Result for request " + req.getRequestId() + " is " + result);
+                "RenewalServlet: Result for request " + req.getRequestId() + " is " + result);
         if (result.equals(IRequest.RES_ERROR)) {
             CMS.debug(
-                "RenewalServlet: Result for request " + req.getRequestId() + " is error.");
+                    "RenewalServlet: Result for request " + req.getRequestId() + " is error.");
 
             cmsReq.setStatus(CMSRequest.ERROR);
             cmsReq.setError(req.getExtDataInString(IRequest.ERROR));
             String[] svcErrors =
-                req.getExtDataInStringArray(IRequest.SVCERRORS);
+                    req.getExtDataInStringArray(IRequest.SVCERRORS);
 
             if (svcErrors != null && svcErrors.length > 0) {
                 for (int i = 0; i < svcErrors.length; i++) {
                     String err = svcErrors[i];
 
                     if (err != null) {
-                        //System.out.println(
-                        //"revocation servlet: setting error description "+
-                        //err.toString());
+                        // System.out.println(
+                        // "revocation servlet: setting error description "+
+                        // err.toString());
                         cmsReq.setErrorDescription(err);
                         mLogger.log(ILogger.EV_AUDIT,
-                            ILogger.S_OTHER,
-                            AuditFormat.LEVEL,
-                            AuditFormat.RENEWALFORMAT,
-                            new Object[] {
-                                req.getRequestId(), 
-                                initiative,
-                                authMgr,
-                                "completed with error: " +
-                                err,
-                                old_cert.getSubjectDN(),
-                                old_cert.getSerialNumber().toString(16),
-                                "" }
-                        );
+                                ILogger.S_OTHER,
+                                AuditFormat.LEVEL,
+                                AuditFormat.RENEWALFORMAT,
+                                new Object[] {
+                                        req.getRequestId(),
+                                        initiative,
+                                        authMgr,
+                                        "completed with error: " +
+                                                err,
+                                        old_cert.getSubjectDN(),
+                                        old_cert.getSerialNumber().toString(16),
+                                        "" }
+                                );
 
                     }
                 }
@@ -393,31 +389,31 @@ public class RenewalServlet extends CMSServlet {
         long endTime = CMS.getCurrentDate().getTime();
 
         mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER,
-            AuditFormat.LEVEL,
-            AuditFormat.RENEWALFORMAT,
-            new Object[] {
-                req.getRequestId(), 
-                initiative,
-                authMgr,
-                "completed",
-                old_cert.getSubjectDN(),
-                old_cert.getSerialNumber().toString(16),
-                "new serial number: 0x" +
-                renewed_cert.getSerialNumber().toString(16) + " time: " + (endTime - startTime)}
-        );
+                AuditFormat.LEVEL,
+                AuditFormat.RENEWALFORMAT,
+                new Object[] {
+                        req.getRequestId(),
+                        initiative,
+                        authMgr,
+                        "completed",
+                        old_cert.getSubjectDN(),
+                        old_cert.getSerialNumber().toString(16),
+                        "new serial number: 0x" +
+                                renewed_cert.getSerialNumber().toString(16) + " time: " + (endTime - startTime) }
+                );
 
         return;
     }
 
     private void respondSuccess(
-        CMSRequest cmsReq, X509CertImpl renewed_cert)
-        throws EBaseException {
-        cmsReq.setResult(new X509CertImpl[] {renewed_cert}
-        );
+            CMSRequest cmsReq, X509CertImpl renewed_cert)
+            throws EBaseException {
+        cmsReq.setResult(new X509CertImpl[] { renewed_cert }
+                );
         cmsReq.setStatus(CMSRequest.SUCCESS);
 
-        // check if cert should be imported. 
-        // browser must have input type set to nav or cartman since 
+        // check if cert should be imported.
+        // browser must have input type set to nav or cartman since
         // there's no other way to tell
 
         IArgBlock httpParams = cmsReq.getHttpParams();
@@ -425,45 +421,45 @@ public class RenewalServlet extends CMSServlet {
         String certType = httpParams.getValueAsString(CERT_TYPE, "client");
         String agent = httpReq.getHeader("user-agent");
 
-        if (checkImportCertToNav(cmsReq.getHttpResp(), 
+        if (checkImportCertToNav(cmsReq.getHttpResp(),
                 httpParams, renewed_cert)) {
             return;
         } else {
             try {
-                renderTemplate(cmsReq, 
-                    mRenewalSuccessTemplate, mRenewalSuccessFiller);
+                renderTemplate(cmsReq,
+                        mRenewalSuccessTemplate, mRenewalSuccessFiller);
             } catch (IOException e) {
-                log(ILogger.LL_FAILURE, 
-                    CMS.getLogMessage("CMSGE_ERROR_DISPLAY_TEMPLATE_1",
-                        mRenewalSuccessTemplate, e.toString()));
+                log(ILogger.LL_FAILURE,
+                        CMS.getLogMessage("CMSGE_ERROR_DISPLAY_TEMPLATE_1",
+                                mRenewalSuccessTemplate, e.toString()));
                 throw new ECMSGWException(
-                  CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
+                        CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
             }
         }
         return;
     }
 
-    protected BigInteger getRenewedCert(ICertRecord certRec) 
-        throws EBaseException {
+    protected BigInteger getRenewedCert(ICertRecord certRec)
+            throws EBaseException {
         BigInteger renewedCert = null;
         String serial = null;
-        MetaInfo meta = certRec.getMetaInfo(); 
+        MetaInfo meta = certRec.getMetaInfo();
 
         if (meta == null) {
-            log(ILogger.LL_INFO, 
-                "no meta info in cert serial 0x" + certRec.getSerialNumber().toString(16));
+            log(ILogger.LL_INFO,
+                    "no meta info in cert serial 0x" + certRec.getSerialNumber().toString(16));
             return null;
         }
         serial = (String) meta.get(ICertRecord.META_RENEWED_CERT);
         if (serial == null) {
-            log(ILogger.LL_INFO, 
-                "no renewed cert in cert 0x" + certRec.getSerialNumber().toString(16));
+            log(ILogger.LL_INFO,
+                    "no renewed cert in cert 0x" + certRec.getSerialNumber().toString(16));
             return null;
         }
         renewedCert = new BigInteger(serial);
-        log(ILogger.LL_INFO, 
-            "renewed cert serial 0x" + renewedCert.toString(16) + "found for 0x" +
-            certRec.getSerialNumber().toString(16));
+        log(ILogger.LL_INFO,
+                "renewed cert serial 0x" + renewedCert.toString(16) + "found for 0x" +
+                        certRec.getSerialNumber().toString(16));
         return renewedCert;
     }
 
@@ -471,27 +467,27 @@ public class RenewalServlet extends CMSServlet {
      * get certs to renew from agent.
      */
     private BigInteger getCertFromAgent(
-        IArgBlock httpParams, X509Certificate[] certContainer)
-        throws EBaseException {
+            IArgBlock httpParams, X509Certificate[] certContainer)
+            throws EBaseException {
         BigInteger serialno = null;
         X509Certificate cert = null;
 
         // get serial no
         serialno = httpParams.getValueAsBigInteger(SERIAL_NO, null);
         if (serialno == null) {
-            log(ILogger.LL_FAILURE, 
-                CMS.getLogMessage("CMSGW_MISSING_SERIALNO_FOR_RENEW"));
+            log(ILogger.LL_FAILURE,
+                    CMS.getLogMessage("CMSGW_MISSING_SERIALNO_FOR_RENEW"));
             throw new ECMSGWException(
-              CMS.getUserMessage("CMS_GW_MISSING_SERIALNO_FOR_RENEW"));
+                    CMS.getUserMessage("CMS_GW_MISSING_SERIALNO_FOR_RENEW"));
         }
         // get cert from db if we're cert authority.
         if (mAuthority instanceof ICertificateAuthority) {
             cert = getX509Certificate(serialno);
             if (cert == null) {
-                log(ILogger.LL_FAILURE, 
-                    CMS.getLogMessage("CMSGW_MISSING_SERIALNO_FOR_RENEW_1", serialno.toString(16)));
+                log(ILogger.LL_FAILURE,
+                        CMS.getLogMessage("CMSGW_MISSING_SERIALNO_FOR_RENEW_1", serialno.toString(16)));
                 throw new ECMSGWException(
-                  CMS.getUserMessage("CMS_GW_INVALID_CERT_FOR_RENEWAL"));
+                        CMS.getUserMessage("CMS_GW_INVALID_CERT_FOR_RENEWAL"));
             }
         }
         certContainer[0] = cert;
@@ -502,23 +498,23 @@ public class RenewalServlet extends CMSServlet {
      * get cert to renew from auth manager
      */
     private BigInteger getCertFromAuthMgr(
-        IAuthToken authToken, X509Certificate[] certContainer) 
-        throws EBaseException {
+            IAuthToken authToken, X509Certificate[] certContainer)
+            throws EBaseException {
         X509CertImpl cert =
-            authToken.getInCert(AuthToken.TOKEN_CERT);
+                authToken.getInCert(AuthToken.TOKEN_CERT);
 
         if (cert == null) {
-            log(ILogger.LL_FAILURE, 
-                CMS.getLogMessage("CMSGW_MISSING_CERTS_RENEW_FROM_AUTHMGR"));
+            log(ILogger.LL_FAILURE,
+                    CMS.getLogMessage("CMSGW_MISSING_CERTS_RENEW_FROM_AUTHMGR"));
             throw new ECMSGWException(
-              CMS.getUserMessage("CMS_GW_MISSING_CERTS_RENEW_FROM_AUTHMGR"));
+                    CMS.getUserMessage("CMS_GW_MISSING_CERTS_RENEW_FROM_AUTHMGR"));
         }
-        if (mAuthority instanceof ICertificateAuthority && 
-            !isCertFromCA(cert)) {
+        if (mAuthority instanceof ICertificateAuthority &&
+                !isCertFromCA(cert)) {
             log(ILogger.LL_FAILURE, "certficate from auth manager for " +
-                " renewal is not from this ca.");
+                    " renewal is not from this ca.");
             throw new ECMSGWException(
-                  CMS.getUserMessage("CMS_GW_INVALID_CERT_FOR_RENEWAL"));
+                    CMS.getUserMessage("CMS_GW_INVALID_CERT_FOR_RENEWAL"));
         }
         certContainer[0] = cert;
         BigInteger serialno = ((X509Certificate) cert).getSerialNumber();
diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/RevocationServlet.java b/pki/base/common/src/com/netscape/cms/servlet/cert/RevocationServlet.java
index 9b39acc7..78d2b8b9 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/cert/RevocationServlet.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/cert/RevocationServlet.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.servlet.cert;
 
-
 import java.io.IOException;
 import java.math.BigInteger;
 import java.security.cert.CertificateEncodingException;
@@ -57,10 +56,9 @@ import com.netscape.cms.servlet.common.CMSTemplate;
 import com.netscape.cms.servlet.common.CMSTemplateParams;
 import com.netscape.cms.servlet.common.ECMSGWException;
 
-
 /**
  * Perform the first step in revoking a certificate
- *
+ * 
  * @version $Revision$, $Date$
  */
 public class RevocationServlet extends CMSServlet {
@@ -72,11 +70,11 @@ public class RevocationServlet extends CMSServlet {
     // revocation templates.
     private final static String TPL_FILE = "reasonToRevoke.template";
 
-    // http params 
+    // http params
     public static final String SERIAL_NO = "serialNo";
-    // XXX can't do pkcs10 cause it's got no serial no. 
+    // XXX can't do pkcs10 cause it's got no serial no.
     // (unless put serial no in pki attributes)
-    // public static final String PKCS10 = "pkcs10";	
+    // public static final String PKCS10 = "pkcs10";
     public static final String REASON_CODE = "reasonCode";
 
     private String mFormPath = null;
@@ -85,15 +83,14 @@ public class RevocationServlet extends CMSServlet {
     private Random mRandom = null;
     private Nonces mNonces = null;
 
-
     public RevocationServlet() {
         super();
     }
 
     /**
-     * initialize the servlet. This servlet uses 
-	 * the template file "reasonToRevoke.template" to render the
-     * result. 
+     * initialize the servlet. This servlet uses the template file
+     * "reasonToRevoke.template" to render the result.
+     * 
      * @param sc servlet configuration, read from the web.xml file
      */
     public void init(ServletConfig sc) throws ServletException {
@@ -115,7 +112,7 @@ public class RevocationServlet extends CMSServlet {
                 }
             }
 
-                // set to false by revokeByDN=false in web.xml
+            // set to false by revokeByDN=false in web.xml
             mRevokeByDN = false;
             String tmp = sc.getInitParameter(PROP_REVOKEBYDN);
 
@@ -127,28 +124,27 @@ public class RevocationServlet extends CMSServlet {
         }
     }
 
-
     /**
-     * Process the HTTP request.  Note that this servlet does not
-	 * actually perform the certificate revocation. This is the first
-	 * step in the multi-step revocation process. (the next step is
-     * in the ReasonToRevoke servlet.
-     *
+     * Process the HTTP request. Note that this servlet does not actually
+     * perform the certificate revocation. This is the first step in the
+     * multi-step revocation process. (the next step is in the ReasonToRevoke
+     * servlet.
+     * 
      * @param cmsReq the object holding the request and response information
      */
-    protected void process(CMSRequest cmsReq) 
-        throws EBaseException {
+    protected void process(CMSRequest cmsReq)
+            throws EBaseException {
         IArgBlock httpParams = cmsReq.getHttpParams();
         HttpServletRequest httpReq = cmsReq.getHttpReq();
         HttpServletResponse httpResp = cmsReq.getHttpResp();
 
-        // revocation requires either: 
-        //  - coming from ee: 
-        //		- old cert from ssl client auth 
-        //		- old certs from auth manager
-        // 	- coming from agent or trusted RA: 
-        //  	- serial no of cert to be revoked. 
-		
+        // revocation requires either:
+        // - coming from ee:
+        // - old cert from ssl client auth
+        // - old certs from auth manager
+        // - coming from agent or trusted RA:
+        // - serial no of cert to be revoked.
+
         BigInteger old_serial_no = null;
         X509CertImpl old_cert = null;
         String revokeAll = null;
@@ -159,10 +155,10 @@ public class RevocationServlet extends CMSServlet {
         try {
             form = getTemplate(mFormPath, httpReq, locale);
         } catch (IOException e) {
-            log(ILogger.LL_FAILURE, 
-                CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString()));
+            log(ILogger.LL_FAILURE,
+                    CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString()));
             throw new ECMSGWException(
-              CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
+                    CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
         }
 
         IArgBlock header = CMS.createArgBlock();
@@ -178,18 +174,18 @@ public class RevocationServlet extends CMSServlet {
                         mAuthzResourceName, "submit");
         } catch (EAuthzAccessDenied e) {
             log(ILogger.LL_FAILURE,
-                CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+                    CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
         } catch (Exception e) {
             log(ILogger.LL_FAILURE,
-                CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+                    CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
         }
 
         if (authzToken == null) {
             cmsReq.setStatus(CMSRequest.UNAUTHORIZED);
             return;
         }
-        
-        // coming from agent 
+
+        // coming from agent
         if (mAuthMgr != null && mAuthMgr.equals(IAuthSubsystem.CERTUSERDB_AUTHMGR_ID)) {
             X509Certificate[] cert = new X509Certificate[1];
 
@@ -197,22 +193,24 @@ public class RevocationServlet extends CMSServlet {
             old_cert = (X509CertImpl) cert[0];
         } // coming from client
         else {
-            // from auth manager 
+            // from auth manager
             X509CertImpl[] cert = new X509CertImpl[1];
-            
+
             old_serial_no = getCertFromAuthMgr(authToken, cert);
             old_cert = cert[0];
         }
 
         header.addStringValue("serialNumber", old_cert.getSerialNumber().toString(16));
         header.addStringValue("serialNumberDecimal", old_cert.getSerialNumber().toString());
-        //		header.addStringValue("subject", old_cert.getSubjectDN().toString());
-        //		header.addLongValue("validNotBefore", old_cert.getNotBefore().getTime()/1000);
-        //		header.addLongValue("validNotAfter", old_cert.getNotAfter().getTime()/1000);
+        // header.addStringValue("subject", old_cert.getSubjectDN().toString());
+        // header.addLongValue("validNotBefore",
+        // old_cert.getNotBefore().getTime()/1000);
+        // header.addLongValue("validNotAfter",
+        // old_cert.getNotAfter().getTime()/1000);
 
         if (mNonces != null) {
             long n = mRandom.nextLong();
-            long m = mNonces.addNonce(n, (X509Certificate)old_cert);
+            long m = mNonces.addNonce(n, (X509Certificate) old_cert);
             if ((n + m) != 0) {
                 header.addStringValue("nonce", Long.toString(m));
             }
@@ -229,12 +227,12 @@ public class RevocationServlet extends CMSServlet {
         } else if (mAuthority instanceof IRegistrationAuthority) {
             IRequest req = mRequestQueue.newRequest(IRequest.GETCERTS_REQUEST);
             String filter = "(&(" + ICertRecord.ATTR_X509CERT + "." +
-                X509CertInfo.SUBJECT + "=" +
-                old_cert.getSubjectDN().toString() + ")(|(" +
-                ICertRecord.ATTR_CERT_STATUS + "=" +
-                ICertRecord.STATUS_VALID + ")(" +
-                ICertRecord.ATTR_CERT_STATUS + "=" +
-                ICertRecord.STATUS_EXPIRED + ")))";
+                    X509CertInfo.SUBJECT + "=" +
+                    old_cert.getSubjectDN().toString() + ")(|(" +
+                    ICertRecord.ATTR_CERT_STATUS + "=" +
+                    ICertRecord.STATUS_VALID + ")(" +
+                    ICertRecord.ATTR_CERT_STATUS + "=" +
+                    ICertRecord.STATUS_EXPIRED + ")))";
 
             req.setExtData(IRequest.CERT_FILTER, filter);
             mRequestQueue.processRequest(req);
@@ -271,8 +269,8 @@ public class RevocationServlet extends CMSServlet {
 
         if (!noInfo && (certsToRevoke == null || certsToRevoke.length == 0 ||
                 (!authorized))) {
-            log(ILogger.LL_FAILURE, 
-                CMS.getLogMessage("CA_CERT_ALREADY_REVOKED_1", old_serial_no.toString(16)));
+            log(ILogger.LL_FAILURE,
+                    CMS.getLogMessage("CA_CERT_ALREADY_REVOKED_1", old_serial_no.toString(16)));
             throw new ECMSGWException(CMS.getUserMessage("CMS_GW_CERT_ALREADY_REVOKED"));
         }
 
@@ -296,15 +294,15 @@ public class RevocationServlet extends CMSServlet {
                 IArgBlock rarg = CMS.createArgBlock();
 
                 rarg.addStringValue("serialNumber",
-                    certsToRevoke[i].getSerialNumber().toString(16));
+                        certsToRevoke[i].getSerialNumber().toString(16));
                 rarg.addStringValue("serialNumberDecimal",
-                    certsToRevoke[i].getSerialNumber().toString());
+                        certsToRevoke[i].getSerialNumber().toString());
                 rarg.addStringValue("subject",
-                    certsToRevoke[i].getSubjectDN().toString());
+                        certsToRevoke[i].getSubjectDN().toString());
                 rarg.addLongValue("validNotBefore",
-                    certsToRevoke[i].getNotBefore().getTime() / 1000);
+                        certsToRevoke[i].getNotBefore().getTime() / 1000);
                 rarg.addLongValue("validNotAfter",
-                    certsToRevoke[i].getNotAfter().getTime() / 1000);
+                        certsToRevoke[i].getNotAfter().getTime() / 1000);
                 argSet.addRepeatRecord(rarg);
             }
         } else {
@@ -313,7 +311,7 @@ public class RevocationServlet extends CMSServlet {
         }
 
         // set revocation reason, default to unspecified if not set.
-        int reasonCode = httpParams.getValueAsInt(REASON_CODE, 0); 
+        int reasonCode = httpParams.getValueAsInt(REASON_CODE, 0);
 
         header.addIntegerValue("reason", reasonCode);
 
@@ -324,10 +322,10 @@ public class RevocationServlet extends CMSServlet {
             form.renderOutput(out, argSet);
             cmsReq.setStatus(CMSRequest.SUCCESS);
         } catch (IOException e) {
-            log(ILogger.LL_FAILURE, 
-                CMS.getLogMessage("CMSGW_ERR_OUT_STREAM_TEMPLATE", e.toString()));
+            log(ILogger.LL_FAILURE,
+                    CMS.getLogMessage("CMSGW_ERR_OUT_STREAM_TEMPLATE", e.toString()));
             throw new ECMSGWException(
-              CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
+                    CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
         }
 
         return;
@@ -337,28 +335,28 @@ public class RevocationServlet extends CMSServlet {
      * get cert to revoke from agent.
      */
     private BigInteger getCertFromAgent(
-        IArgBlock httpParams, X509Certificate[] certContainer)
-        throws EBaseException {
+            IArgBlock httpParams, X509Certificate[] certContainer)
+            throws EBaseException {
         BigInteger serialno = null;
         X509Certificate cert = null;
 
         // get serial no
         serialno = httpParams.getValueAsBigInteger(SERIAL_NO, null);
         if (serialno == null) {
-            log(ILogger.LL_FAILURE, 
-                CMS.getLogMessage("CMSGW_MISSING_SERIALNO_FOR_REVOKE"));
+            log(ILogger.LL_FAILURE,
+                    CMS.getLogMessage("CMSGW_MISSING_SERIALNO_FOR_REVOKE"));
             throw new ECMSGWException(
-              CMS.getUserMessage("CMS_GW_MISSING_SERIALNO_FOR_REVOKE"));
+                    CMS.getUserMessage("CMS_GW_MISSING_SERIALNO_FOR_REVOKE"));
         }
 
         // get cert from db if we're cert authority.
         if (mAuthority instanceof ICertificateAuthority) {
             cert = getX509Certificate(serialno);
             if (cert == null) {
-                log(ILogger.LL_FAILURE, 
-                    CMS.getLogMessage("CMSGW_INVALID_CERT_FOR_REVOCATION"));
+                log(ILogger.LL_FAILURE,
+                        CMS.getLogMessage("CMSGW_INVALID_CERT_FOR_REVOCATION"));
                 throw new ECMSGWException(
-                  CMS.getUserMessage("CMS_GW_INVALID_CERT_FOR_REVOCATION"));
+                        CMS.getUserMessage("CMS_GW_INVALID_CERT_FOR_REVOCATION"));
             }
         }
         certContainer[0] = cert;
@@ -369,22 +367,22 @@ public class RevocationServlet extends CMSServlet {
      * get cert to revoke from auth manager
      */
     private BigInteger getCertFromAuthMgr(
-        IAuthToken authToken, X509Certificate[] certContainer) 
-        throws EBaseException {
+            IAuthToken authToken, X509Certificate[] certContainer)
+            throws EBaseException {
         X509CertImpl cert =
-            authToken.getInCert(AuthToken.TOKEN_CERT);
+                authToken.getInCert(AuthToken.TOKEN_CERT);
 
         if (cert == null) {
-            log(ILogger.LL_FAILURE, 
-                CMS.getLogMessage("CMSGW_MISSING_CERTS_REVOKE_FROM_AUTHMGR"));
+            log(ILogger.LL_FAILURE,
+                    CMS.getLogMessage("CMSGW_MISSING_CERTS_REVOKE_FROM_AUTHMGR"));
             throw new ECMSGWException(
-              CMS.getUserMessage("CMS_GW_MISSING_CERTS_REVOKE_FROM_AUTHMGR"));
+                    CMS.getUserMessage("CMS_GW_MISSING_CERTS_REVOKE_FROM_AUTHMGR"));
         }
-        if (mAuthority instanceof ICertificateAuthority && 
-            !isCertFromCA(cert)) {
+        if (mAuthority instanceof ICertificateAuthority &&
+                !isCertFromCA(cert)) {
             log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_INVALID_CERT_FOR_REVOCATION"));
             throw new ECMSGWException(
-                  CMS.getUserMessage("CMS_GW_INVALID_CERT_FOR_REVOCATION"));
+                    CMS.getUserMessage("CMS_GW_INVALID_CERT_FOR_REVOCATION"));
         }
         certContainer[0] = cert;
         BigInteger serialno = ((X509Certificate) cert).getSerialNumber();
@@ -393,4 +391,3 @@ public class RevocationServlet extends CMSServlet {
     }
 
 }
-
diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/RevocationSuccessTemplateFiller.java b/pki/base/common/src/com/netscape/cms/servlet/cert/RevocationSuccessTemplateFiller.java
index 3a571d44..bd983a6c 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/cert/RevocationSuccessTemplateFiller.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/cert/RevocationSuccessTemplateFiller.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.servlet.cert;
 
-
 import java.util.Locale;
 
 import javax.servlet.http.HttpServletRequest;
@@ -31,21 +30,13 @@ import com.netscape.cms.servlet.common.CMSRequest;
 import com.netscape.cms.servlet.common.CMSTemplateParams;
 import com.netscape.cms.servlet.common.ICMSTemplateFiller;
 
-
 /**
- * Certificates Template filler. 
- * must have list of certificates in result. 
- * looks at inputs: certtype.
- * outputs: 
- *		- cert type from http input (if any)
- *      - CA chain 
- *		- authority name (RM, CM, DRM)
- *      - scheme:host:port of server.
- *	 array of one or more 
- *      - cert serial number
- *      - cert pretty print
- *		- cert in base 64 encoding.
- *		- cmmf blob to import 
+ * Certificates Template filler. must have list of certificates in result. looks
+ * at inputs: certtype. outputs: - cert type from http input (if any) - CA chain
+ * - authority name (RM, CM, DRM) - scheme:host:port of server. array of one or
+ * more - cert serial number - cert pretty print - cert in base 64 encoding. -
+ * cmmf blob to import
+ * 
  * @version $Revision$, $Date$
  */
 class RevocationSuccessTemplateFiller implements ICMSTemplateFiller {
@@ -61,12 +52,12 @@ class RevocationSuccessTemplateFiller implements ICMSTemplateFiller {
      * @param e unexpected exception e. ignored.
      */
     public CMSTemplateParams getTemplateParams(
-        CMSRequest cmsReq, IAuthority authority, Locale locale, Exception e) 
-        throws Exception {
+            CMSRequest cmsReq, IAuthority authority, Locale locale, Exception e)
+            throws Exception {
         IArgBlock fixed = CMS.createArgBlock();
         CMSTemplateParams params = new CMSTemplateParams(null, fixed);
 
-        // set host name and port. 
+        // set host name and port.
         HttpServletRequest httpReq = cmsReq.getHttpReq();
         String host = httpReq.getServerName();
         int port = httpReq.getServerPort();
@@ -77,15 +68,15 @@ class RevocationSuccessTemplateFiller implements ICMSTemplateFiller {
         fixed.set(ICMSTemplateFiller.SCHEME, scheme);
 
         // this authority
-        fixed.set(ICMSTemplateFiller.AUTHORITY, 
-            (String) authority.getOfficialName());
+        fixed.set(ICMSTemplateFiller.AUTHORITY,
+                (String) authority.getOfficialName());
 
         // XXX CA chain.
 
-        RevokedCertImpl[] revoked = 
-            (RevokedCertImpl[]) cmsReq.getResult();
+        RevokedCertImpl[] revoked =
+                (RevokedCertImpl[]) cmsReq.getResult();
 
-        // revoked certs. 
+        // revoked certs.
         for (int i = 0; i < revoked.length; i++) {
             IArgBlock repeat = CMS.createArgBlock();
 
@@ -96,4 +87,3 @@ class RevocationSuccessTemplateFiller implements ICMSTemplateFiller {
         return params;
     }
 }
-
diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/SrchCerts.java b/pki/base/common/src/com/netscape/cms/servlet/cert/SrchCerts.java
index 17bad7a1..dfd735f0 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/cert/SrchCerts.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/cert/SrchCerts.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.servlet.cert;
 
-
 import java.io.IOException;
 import java.math.BigInteger;
 import java.security.PublicKey;
@@ -61,10 +60,9 @@ import com.netscape.cms.servlet.common.CMSTemplate;
 import com.netscape.cms.servlet.common.CMSTemplateParams;
 import com.netscape.cms.servlet.common.ECMSGWException;
 
-
 /**
  * Search for certificates matching complex query filter
- *
+ * 
  * @version $Revision$, $Date$
  */
 public class SrchCerts extends CMSServlet {
@@ -96,8 +94,9 @@ public class SrchCerts extends CMSServlet {
     }
 
     /**
-	 * initialize the servlet. This servlet uses srchCert.template
-	 * to render the response
+     * initialize the servlet. This servlet uses srchCert.template to render the
+     * response
+     * 
      * @param sc servlet configuration, read from the web.xml file
      */
     public void init(ServletConfig sc) throws ServletException {
@@ -140,20 +139,20 @@ public class SrchCerts extends CMSServlet {
             /* do nothing, just use the default if integer parsing failed */
         }
 
-        /* useClientFilter should be off by default. We keep
-           this parameter around so that we do not break
-           the client applications that submits raw LDAP
-           filter into this servlet.  */
+        /*
+         * useClientFilter should be off by default. We keep this parameter
+         * around so that we do not break the client applications that submits
+         * raw LDAP filter into this servlet.
+         */
         if (sc.getInitParameter("useClientFilter") != null &&
-              sc.getInitParameter("useClientFilter").equalsIgnoreCase("true")) {
+                sc.getInitParameter("useClientFilter").equalsIgnoreCase("true")) {
             mUseClientFilter = true;
         }
     }
 
-    private boolean isOn(HttpServletRequest req, String name) 
-    {
+    private boolean isOn(HttpServletRequest req, String name) {
         String inUse = req.getParameter(name);
-        if (inUse == null)  {
+        if (inUse == null) {
             return false;
         }
         if (inUse.equals("on")) {
@@ -162,10 +161,9 @@ public class SrchCerts extends CMSServlet {
         return false;
     }
 
-    private boolean isOff(HttpServletRequest req, String name) 
-    {
+    private boolean isOff(HttpServletRequest req, String name) {
         String inUse = req.getParameter(name);
-        if (inUse == null)  {
+        if (inUse == null) {
             return false;
         }
         if (inUse.equals("off")) {
@@ -174,8 +172,7 @@ public class SrchCerts extends CMSServlet {
         return false;
     }
 
-    private void buildCertStatusFilter(HttpServletRequest req, StringBuffer filter) 
-    {
+    private void buildCertStatusFilter(HttpServletRequest req, StringBuffer filter) {
         if (!isOn(req, "statusInUse")) {
             return;
         }
@@ -185,8 +182,7 @@ public class SrchCerts extends CMSServlet {
         filter.append(")");
     }
 
-    private void buildProfileFilter(HttpServletRequest req, StringBuffer filter) 
-    {
+    private void buildProfileFilter(HttpServletRequest req, StringBuffer filter) {
         if (!isOn(req, "profileInUse")) {
             return;
         }
@@ -196,16 +192,14 @@ public class SrchCerts extends CMSServlet {
         filter.append(")");
     }
 
-    private void buildBasicConstraintsFilter(HttpServletRequest req, StringBuffer filter) 
-    {
+    private void buildBasicConstraintsFilter(HttpServletRequest req, StringBuffer filter) {
         if (!isOn(req, "basicConstraintsInUse")) {
             return;
         }
         filter.append("(x509cert.BasicConstraints.isCA=on)");
     }
 
-    private void buildSerialNumberRangeFilter(HttpServletRequest req, StringBuffer filter) 
-    {
+    private void buildSerialNumberRangeFilter(HttpServletRequest req, StringBuffer filter) {
         if (!isOn(req, "serialNumberRangeInUse")) {
             return;
         }
@@ -225,9 +219,8 @@ public class SrchCerts extends CMSServlet {
         }
     }
 
-    private void buildAVAFilter(HttpServletRequest req, String paramName, 
-                                 String avaName, StringBuffer lf, String match)
-    {
+    private void buildAVAFilter(HttpServletRequest req, String paramName,
+                                 String avaName, StringBuffer lf, String match) {
         String val = req.getParameter(paramName);
         if (val != null && !val.equals("")) {
             if (match != null && match.equals("exact")) {
@@ -254,8 +247,7 @@ public class SrchCerts extends CMSServlet {
         }
     }
 
-    private void buildSubjectFilter(HttpServletRequest req, StringBuffer filter) 
-    {
+    private void buildSubjectFilter(HttpServletRequest req, StringBuffer filter) {
         if (!isOn(req, "subjectInUse")) {
             return;
         }
@@ -286,9 +278,8 @@ public class SrchCerts extends CMSServlet {
         }
     }
 
-    private void buildRevokedByFilter(HttpServletRequest req, 
-                                      StringBuffer filter) 
-    {
+    private void buildRevokedByFilter(HttpServletRequest req,
+                                      StringBuffer filter) {
         if (!isOn(req, "revokedByInUse")) {
             return;
         }
@@ -302,10 +293,9 @@ public class SrchCerts extends CMSServlet {
         }
     }
 
-    private void buildDateFilter(HttpServletRequest req, String prefix, 
+    private void buildDateFilter(HttpServletRequest req, String prefix,
                                    String outStr, long adjustment,
-                                   StringBuffer filter)
-    {
+                                   StringBuffer filter) {
         String queryCertFilter = null;
         long epoch = 0;
         try {
@@ -324,19 +314,17 @@ public class SrchCerts extends CMSServlet {
     }
 
     private void buildRevokedOnFilter(HttpServletRequest req,
-                                      StringBuffer filter) 
-    {
+                                      StringBuffer filter) {
         if (!isOn(req, "revokedOnInUse")) {
             return;
         }
         buildDateFilter(req, "revokedOnFrom", "certRevokedOn>=", 0, filter);
-        buildDateFilter(req, "revokedOnTo", "certRevokedOn<=", 86399999, 
+        buildDateFilter(req, "revokedOnTo", "certRevokedOn<=", 86399999,
                         filter);
     }
 
     private void buildRevocationReasonFilter(HttpServletRequest req,
-                                             StringBuffer filter) 
-    {
+                                             StringBuffer filter) {
         if (!isOn(req, "revocationReasonInUse")) {
             return;
         }
@@ -347,23 +335,22 @@ public class SrchCerts extends CMSServlet {
         String queryCertFilter = null;
         StringTokenizer st = new StringTokenizer(reasons, ",");
         if (st.hasMoreTokens()) {
-          filter.append("(|");
-          while (st.hasMoreTokens()) {
-              String token = st.nextToken();
-              if (queryCertFilter == null) {
-                  queryCertFilter = "";
-              } 
-              filter.append("(x509cert.certRevoInfo=");
-              filter.append(token);
-              filter.append(")");
-          }
-          filter.append(")");
+            filter.append("(|");
+            while (st.hasMoreTokens()) {
+                String token = st.nextToken();
+                if (queryCertFilter == null) {
+                    queryCertFilter = "";
+                }
+                filter.append("(x509cert.certRevoInfo=");
+                filter.append(token);
+                filter.append(")");
+            }
+            filter.append(")");
         }
     }
 
-    private void buildIssuedByFilter(HttpServletRequest req, 
-                                      StringBuffer filter) 
-    {
+    private void buildIssuedByFilter(HttpServletRequest req,
+                                      StringBuffer filter) {
         if (!isOn(req, "issuedByInUse")) {
             return;
         }
@@ -378,43 +365,39 @@ public class SrchCerts extends CMSServlet {
     }
 
     private void buildIssuedOnFilter(HttpServletRequest req,
-                                      StringBuffer filter) 
-    {
+                                      StringBuffer filter) {
         if (!isOn(req, "issuedOnInUse")) {
             return;
         }
         buildDateFilter(req, "issuedOnFrom", "certCreateTime>=", 0, filter);
-        buildDateFilter(req, "issuedOnTo", "certCreateTime<=", 86399999, 
+        buildDateFilter(req, "issuedOnTo", "certCreateTime<=", 86399999,
                         filter);
     }
 
     private void buildValidNotBeforeFilter(HttpServletRequest req,
-                                      StringBuffer filter) 
-    {
+                                      StringBuffer filter) {
         if (!isOn(req, "validNotBeforeInUse")) {
             return;
         }
-        buildDateFilter(req, "validNotBeforeFrom", "x509cert.notBefore>=", 
+        buildDateFilter(req, "validNotBeforeFrom", "x509cert.notBefore>=",
                         0, filter);
-        buildDateFilter(req, "validNotBeforeTo", "x509cert.notBefore<=", 
+        buildDateFilter(req, "validNotBeforeTo", "x509cert.notBefore<=",
                         86399999, filter);
     }
 
     private void buildValidNotAfterFilter(HttpServletRequest req,
-                                      StringBuffer filter) 
-    {
+                                      StringBuffer filter) {
         if (!isOn(req, "validNotAfterInUse")) {
             return;
         }
-        buildDateFilter(req, "validNotAfterFrom", "x509cert.notAfter>=", 
+        buildDateFilter(req, "validNotAfterFrom", "x509cert.notAfter>=",
                         0, filter);
-        buildDateFilter(req, "validNotAfterTo", "x509cert.notAfter<=", 
+        buildDateFilter(req, "validNotAfterTo", "x509cert.notAfter<=",
                         86399999, filter);
     }
 
     private void buildValidityLengthFilter(HttpServletRequest req,
-                                      StringBuffer filter) 
-    {
+                                      StringBuffer filter) {
         if (!isOn(req, "validityLengthInUse")) {
             return;
         }
@@ -439,8 +422,7 @@ public class SrchCerts extends CMSServlet {
     }
 
     private void buildCertTypeFilter(HttpServletRequest req,
-                                      StringBuffer filter) 
-    {
+                                      StringBuffer filter) {
         if (!isOn(req, "certTypeInUse")) {
             return;
         }
@@ -471,8 +453,7 @@ public class SrchCerts extends CMSServlet {
         }
     }
 
-    public String buildFilter(HttpServletRequest req) 
-    {
+    public String buildFilter(HttpServletRequest req) {
         String queryCertFilter = req.getParameter("queryCertFilter");
 
         StringBuffer filter = new StringBuffer();
@@ -504,10 +485,8 @@ public class SrchCerts extends CMSServlet {
 
     /**
      * Serves HTTP request. This format of this request is as follows:
-     *   queryCert?
-     *     [maxCount=<number>]
-     *     [queryFilter=<filter>]
-     *     [revokeAll=<filter>]
+     * queryCert? [maxCount=<number>] [queryFilter=<filter>]
+     * [revokeAll=<filter>]
      */
     public void process(CMSRequest cmsReq) throws EBaseException {
         HttpServletRequest req = cmsReq.getHttpReq();
@@ -522,10 +501,10 @@ public class SrchCerts extends CMSServlet {
                         mAuthzResourceName, "list");
         } catch (EAuthzAccessDenied e) {
             log(ILogger.LL_FAILURE,
-                CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+                    CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
         } catch (Exception e) {
             log(ILogger.LL_FAILURE,
-                CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+                    CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
         }
 
         if (authzToken == null) {
@@ -551,10 +530,10 @@ public class SrchCerts extends CMSServlet {
         try {
             form = getTemplate(mFormPath, req, locale);
         } catch (IOException e) {
-            log(ILogger.LL_FAILURE, 
-                CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", e.toString()));
+            log(ILogger.LL_FAILURE,
+                    CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", e.toString()));
             throw new ECMSGWException(
-              CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
+                    CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
         }
 
         try {
@@ -571,10 +550,10 @@ public class SrchCerts extends CMSServlet {
 
             String queryCertFilter = buildFilter(req);
             process(argSet, header, queryCertFilter,
-                revokeAll, maxResults, timeLimit, req, resp, locale[0]);
+                    revokeAll, maxResults, timeLimit, req, resp, locale[0]);
         } catch (NumberFormatException e) {
             log(ILogger.LL_FAILURE, CMS.getLogMessage("BASE_INVALID_NUMBER_FORMAT"));
-            error = new EBaseException(CMS.getUserMessage(getLocale(req),"CMS_BASE_INVALID_NUMBER_FORMAT"));
+            error = new EBaseException(CMS.getUserMessage(getLocale(req), "CMS_BASE_INVALID_NUMBER_FORMAT"));
         } catch (EBaseException e) {
             error = e;
         }
@@ -585,33 +564,33 @@ public class SrchCerts extends CMSServlet {
             if (error == null) {
                 String xmlOutput = req.getParameter("xml");
                 if (xmlOutput != null && xmlOutput.equals("true")) {
-                  outputXML(resp, argSet);
+                    outputXML(resp, argSet);
                 } else {
-                  cmsReq.setStatus(CMSRequest.SUCCESS);
-                  resp.setContentType("text/html");
-                  form.renderOutput(out, argSet);
+                    cmsReq.setStatus(CMSRequest.SUCCESS);
+                    resp.setContentType("text/html");
+                    form.renderOutput(out, argSet);
                 }
             } else {
                 cmsReq.setStatus(CMSRequest.ERROR);
                 cmsReq.setError(error);
             }
         } catch (IOException e) {
-            log(ILogger.LL_FAILURE, 
-                CMS.getLogMessage("CMSGW_ERR_OUT_STREAM_TEMPLATE", e.toString()));
+            log(ILogger.LL_FAILURE,
+                    CMS.getLogMessage("CMSGW_ERR_OUT_STREAM_TEMPLATE", e.toString()));
             throw new ECMSGWException(
-              CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
+                    CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
         }
     }
 
     /**
      * Process the key search.
      */
-    private void process(CMSTemplateParams argSet, IArgBlock header, 
-        String filter, String revokeAll,
-        int maxResults, int timeLimit,
-        HttpServletRequest req, HttpServletResponse resp,
-        Locale locale)
-        throws EBaseException {
+    private void process(CMSTemplateParams argSet, IArgBlock header,
+            String filter, String revokeAll,
+            int maxResults, int timeLimit,
+            HttpServletRequest req, HttpServletResponse resp,
+            Locale locale)
+            throws EBaseException {
         try {
             long startTime = CMS.getCurrentDate().getTime();
 
@@ -629,7 +608,7 @@ public class SrchCerts extends CMSServlet {
                 timeLimit = mTimeLimits;
             }
             CMS.debug("Start searching ... " + "filter=" + filter + " maxreturns=" + maxResults + " timelimit=" + timeLimit);
-            Enumeration<ICertRecord > e = mCertDB.searchCertificates(filter, maxResults, timeLimit);
+            Enumeration<ICertRecord> e = mCertDB.searchCertificates(filter, maxResults, timeLimit);
 
             int count = 0;
 
@@ -671,7 +650,8 @@ public class SrchCerts extends CMSServlet {
         int i = filter.indexOf(CURRENT_TIME, k);
 
         while (i > -1) {
-            if (now == null) now = new Date();
+            if (now == null)
+                now = new Date();
             newFilter.append(filter.substring(k, i));
             newFilter.append(now.getTime());
             k = i + CURRENT_TIME.length();
@@ -687,7 +667,7 @@ public class SrchCerts extends CMSServlet {
      * Fills cert record into argument block.
      */
     private void fillRecordIntoArg(ICertRecord rec, IArgBlock rarg)
-        throws EBaseException {
+            throws EBaseException {
 
         X509CertImpl xcert = rec.getCertificate();
 
@@ -695,9 +675,9 @@ public class SrchCerts extends CMSServlet {
             fillX509RecordIntoArg(rec, rarg);
         }
     }
-	
+
     private void fillX509RecordIntoArg(ICertRecord rec, IArgBlock rarg)
-        throws EBaseException {
+            throws EBaseException {
 
         X509CertImpl cert = rec.getCertificate();
 
@@ -708,7 +688,7 @@ public class SrchCerts extends CMSServlet {
         String subject = (String) cert.getSubjectDN().toString();
 
         if (subject.equals("")) {
-            rarg.addStringValue("subject", " "); 
+            rarg.addStringValue("subject", " ");
         } else {
             rarg.addStringValue("subject", subject);
 
@@ -744,12 +724,13 @@ public class SrchCerts extends CMSServlet {
         rarg.addStringValue("signatureAlgorithm", cert.getSigAlgOID());
         String issuedBy = rec.getIssuedBy();
 
-        if (issuedBy == null) issuedBy = "";
+        if (issuedBy == null)
+            issuedBy = "";
         rarg.addStringValue("issuedBy", issuedBy); // cert.getIssuerDN().toString()
         rarg.addLongValue("issuedOn", rec.getCreateTime().getTime() / 1000);
 
         rarg.addStringValue("revokedBy",
-            ((rec.getRevokedBy() == null) ? "" : rec.getRevokedBy()));
+                ((rec.getRevokedBy() == null) ? "" : rec.getRevokedBy()));
         if (rec.getRevokedOn() == null) {
             rarg.addStringValue("revokedOn", null);
         } else {
diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/UpdateCRL.java b/pki/base/common/src/com/netscape/cms/servlet/cert/UpdateCRL.java
index b10086e1..45544583 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/cert/UpdateCRL.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/cert/UpdateCRL.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.servlet.cert;
 
-
 import java.io.IOException;
 import java.math.BigInteger;
 import java.util.Date;
@@ -60,10 +59,9 @@ import com.netscape.cms.servlet.common.CMSTemplate;
 import com.netscape.cms.servlet.common.CMSTemplateParams;
 import com.netscape.cms.servlet.common.ECMSGWException;
 
-
 /**
  * Force the CRL to be updated now.
- *
+ * 
  * @version $Revision$, $Date$
  */
 public class UpdateCRL extends CMSServlet {
@@ -88,40 +86,41 @@ public class UpdateCRL extends CMSServlet {
     }
 
     /**
-     * Initializes the servlet. This servlet uses updateCRL.template
-     * to render the result
+     * Initializes the servlet. This servlet uses updateCRL.template to render
+     * the result
      */
     public void init(ServletConfig sc) throws ServletException {
         super.init(sc);
         mFormPath = "/" + mAuthority.getId() + "/" + TPL_FILE;
         if (mAuthority instanceof ICertificateAuthority)
             mCA = (ICertificateAuthority) mAuthority;
-		
-            // override success to do output orw own template.
+
+        // override success to do output orw own template.
         mTemplates.remove(CMSRequest.SUCCESS);
         if (mOutputTemplatePath != null)
             mFormPath = mOutputTemplatePath;
     }
 
     /**
-     * Process the HTTP request. 
+     * Process the HTTP request.
      * <ul>
      * <li>http.param signatureAlgorithm the algorithm to use to sign the CRL
-	 * <li>http.param waitForUpdate true/false - should the servlet wait until
-	 *     the CRL update is complete?
+     * <li>http.param waitForUpdate true/false - should the servlet wait until
+     * the CRL update is complete?
      * <li>http.param clearCRLCache true/false - should the CRL cache cleared
-     *     before the CRL is generated?
+     * before the CRL is generated?
      * <li>http.param crlIssuingPoint the CRL Issuing Point to Update
      * </ul>
+     * 
      * @param cmsReq the object holding the request and response information
      */
     public void process(CMSRequest cmsReq) throws EBaseException {
         HttpServletRequest req = cmsReq.getHttpReq();
         HttpServletResponse resp = cmsReq.getHttpResp();
 
-        IStatsSubsystem statsSub = (IStatsSubsystem)CMS.getSubsystem("stats");
+        IStatsSubsystem statsSub = (IStatsSubsystem) CMS.getSubsystem("stats");
         if (statsSub != null) {
-          statsSub.startTiming("crl", true /* main action */);
+            statsSub.startTiming("crl", true /* main action */);
         }
 
         long startTime = CMS.getCurrentDate().getTime();
@@ -133,16 +132,16 @@ public class UpdateCRL extends CMSServlet {
                         mAuthzResourceName, "update");
         } catch (EAuthzAccessDenied e) {
             log(ILogger.LL_FAILURE,
-                CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+                    CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
         } catch (Exception e) {
             log(ILogger.LL_FAILURE,
-                CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+                    CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
         }
 
         if (authzToken == null) {
             cmsReq.setStatus(CMSRequest.UNAUTHORIZED);
             if (statsSub != null) {
-              statsSub.endTiming("crl");
+                statsSub.endTiming("crl");
             }
             return;
         }
@@ -159,21 +158,21 @@ public class UpdateCRL extends CMSServlet {
         try {
             form = getTemplate(mFormPath, req, locale);
         } catch (IOException e) {
-            log(ILogger.LL_FAILURE, 
-                CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString()));
+            log(ILogger.LL_FAILURE,
+                    CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString()));
             if (statsSub != null) {
-              statsSub.endTiming("crl");
+                statsSub.endTiming("crl");
             }
             throw new ECMSGWException(
-              CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
+                    CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
         }
 
         try {
-            String signatureAlgorithm = 
-                req.getParameter("signatureAlgorithm");
+            String signatureAlgorithm =
+                    req.getParameter("signatureAlgorithm");
 
-            process(argSet, header, req, resp, 
-                signatureAlgorithm, locale[0]);
+            process(argSet, header, req, resp,
+                    signatureAlgorithm, locale[0]);
         } catch (EBaseException e) {
             error = e;
         }
@@ -184,42 +183,43 @@ public class UpdateCRL extends CMSServlet {
             if (error == null) {
                 String xmlOutput = req.getParameter("xml");
                 if (xmlOutput != null && xmlOutput.equals("true")) {
-                  outputXML(resp, argSet);
+                    outputXML(resp, argSet);
                 } else {
-                  resp.setContentType("text/html");
-                  form.renderOutput(out, argSet);
-                  cmsReq.setStatus(CMSRequest.SUCCESS);
+                    resp.setContentType("text/html");
+                    form.renderOutput(out, argSet);
+                    cmsReq.setStatus(CMSRequest.SUCCESS);
                 }
             } else {
                 cmsReq.setStatus(CMSRequest.ERROR);
                 cmsReq.setError(error);
             }
         } catch (IOException e) {
-            log(ILogger.LL_FAILURE, 
-                CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE",
-                    e.toString()));
+            log(ILogger.LL_FAILURE,
+                    CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE",
+                            e.toString()));
             if (statsSub != null) {
-              statsSub.endTiming("crl");
+                statsSub.endTiming("crl");
             }
             throw new ECMSGWException(
-              CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
+                    CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
         }
         if (statsSub != null) {
-          statsSub.endTiming("crl");
+            statsSub.endTiming("crl");
         }
     }
 
-    private CRLExtensions crlEntryExtensions (String reason, String invalidity) {
+    private CRLExtensions crlEntryExtensions(String reason, String invalidity) {
         CRLExtensions entryExts = new CRLExtensions();
 
         CRLReasonExtension crlReasonExtn = null;
         if (reason != null && reason.length() > 0) {
             try {
                 RevocationReason revReason = RevocationReason.fromInt(Integer.parseInt(reason));
-                if (revReason == null) revReason = RevocationReason.UNSPECIFIED;
+                if (revReason == null)
+                    revReason = RevocationReason.UNSPECIFIED;
                 crlReasonExtn = new CRLReasonExtension(revReason);
             } catch (Exception e) {
-                CMS.debug("Invalid revocation reason: "+reason);
+                CMS.debug("Invalid revocation reason: " + reason);
             }
         }
 
@@ -229,15 +229,15 @@ public class UpdateCRL extends CMSServlet {
             Date invalidityDate = null;
             try {
                 long backInTime = Long.parseLong(invalidity);
-                invalidityDate = new Date(now-(backInTime*60000));
+                invalidityDate = new Date(now - (backInTime * 60000));
             } catch (Exception e) {
-                CMS.debug("Invalid invalidity time offset: "+invalidity);
+                CMS.debug("Invalid invalidity time offset: " + invalidity);
             }
             if (invalidityDate != null) {
                 try {
                     invalidityDateExtn = new InvalidityDateExtension(invalidityDate);
                 } catch (Exception e) {
-                    CMS.debug("Error creating invalidity extension: "+e);
+                    CMS.debug("Error creating invalidity extension: " + e);
                 }
             }
         }
@@ -246,7 +246,7 @@ public class UpdateCRL extends CMSServlet {
             try {
                 entryExts.set(crlReasonExtn.getName(), crlReasonExtn);
             } catch (Exception e) {
-                CMS.debug("Error adding revocation reason extension to entry extensions: "+e);
+                CMS.debug("Error adding revocation reason extension to entry extensions: " + e);
             }
         }
 
@@ -254,7 +254,7 @@ public class UpdateCRL extends CMSServlet {
             try {
                 entryExts.set(invalidityDateExtn.getName(), invalidityDateExtn);
             } catch (Exception e) {
-                CMS.debug("Error adding invalidity date extension to entry extensions: "+e);
+                CMS.debug("Error adding invalidity date extension to entry extensions: " + e);
             }
         }
 
@@ -293,18 +293,18 @@ public class UpdateCRL extends CMSServlet {
     }
 
     private void process(CMSTemplateParams argSet, IArgBlock header,
-        HttpServletRequest req,
-        HttpServletResponse resp,
-        String signatureAlgorithm,
-        Locale locale)
-        throws EBaseException {
+            HttpServletRequest req,
+            HttpServletResponse resp,
+            String signatureAlgorithm,
+            Locale locale)
+            throws EBaseException {
         long startTime = CMS.getCurrentDate().getTime();
-        String waitForUpdate = 
-            req.getParameter("waitForUpdate");
-        String clearCache = 
-            req.getParameter("clearCRLCache");
-        String crlIssuingPointId = 
-            req.getParameter("crlIssuingPoint");
+        String waitForUpdate =
+                req.getParameter("waitForUpdate");
+        String clearCache =
+                req.getParameter("clearCRLCache");
+        String crlIssuingPointId =
+                req.getParameter("crlIssuingPoint");
         String test = req.getParameter("test");
         String add = req.getParameter("add");
         String from = req.getParameter("from");
@@ -317,45 +317,46 @@ public class UpdateCRL extends CMSServlet {
             Enumeration<ICRLIssuingPoint> ips = mCA.getCRLIssuingPoints();
 
             while (ips.hasMoreElements()) {
-                ICRLIssuingPoint ip =  ips.nextElement();
+                ICRLIssuingPoint ip = ips.nextElement();
 
                 if (crlIssuingPointId.equals(ip.getId())) {
                     break;
                 }
-                if (!ips.hasMoreElements()) crlIssuingPointId = null;
+                if (!ips.hasMoreElements())
+                    crlIssuingPointId = null;
             }
         }
         if (crlIssuingPointId == null) {
             crlIssuingPointId = ICertificateAuthority.PROP_MASTER_CRL;
         }
 
-        ICRLIssuingPoint crlIssuingPoint = 
-            mCA.getCRLIssuingPoint(crlIssuingPointId);
+        ICRLIssuingPoint crlIssuingPoint =
+                mCA.getCRLIssuingPoint(crlIssuingPointId);
         header.addStringValue("crlIssuingPoint", crlIssuingPointId);
         IPublisherProcessor lpm = mCA.getPublisherProcessor();
 
         if (crlIssuingPoint != null) {
             if (clearCache != null && clearCache.equals("true") &&
-                crlIssuingPoint.isCRLGenerationEnabled() &&
-                crlIssuingPoint.isCRLUpdateInProgress() == ICRLIssuingPoint.CRL_UPDATE_DONE &&
-                crlIssuingPoint.isCRLIssuingPointInitialized()
+                    crlIssuingPoint.isCRLGenerationEnabled() &&
+                    crlIssuingPoint.isCRLUpdateInProgress() == ICRLIssuingPoint.CRL_UPDATE_DONE &&
+                    crlIssuingPoint.isCRLIssuingPointInitialized()
                                 == ICRLIssuingPoint.CRL_IP_INITIALIZED) {
                 crlIssuingPoint.clearCRLCache();
             }
             if (waitForUpdate != null && waitForUpdate.equals("true") &&
-                crlIssuingPoint.isCRLGenerationEnabled() &&
-                crlIssuingPoint.isCRLUpdateInProgress() == ICRLIssuingPoint.CRL_UPDATE_DONE &&
-                crlIssuingPoint.isCRLIssuingPointInitialized()
+                    crlIssuingPoint.isCRLGenerationEnabled() &&
+                    crlIssuingPoint.isCRLUpdateInProgress() == ICRLIssuingPoint.CRL_UPDATE_DONE &&
+                    crlIssuingPoint.isCRLIssuingPointInitialized()
                                 == ICRLIssuingPoint.CRL_IP_INITIALIZED) {
                 if (test != null && test.equals("true") &&
-                    crlIssuingPoint.isCRLCacheTestingEnabled() &&
-                    (!mTesting.contains(crlIssuingPointId))) {
+                        crlIssuingPoint.isCRLCacheTestingEnabled() &&
+                        (!mTesting.contains(crlIssuingPointId))) {
                     CMS.debug("CRL test started.");
                     mTesting.add(crlIssuingPointId);
                     BigInteger addLen = null;
                     BigInteger startFrom = null;
                     if (add != null && add.length() > 0 &&
-                        from != null && from.length() > 0) {
+                            from != null && from.length() > 0) {
                         try {
                             addLen = new BigInteger(add);
                             startFrom = new BigInteger(from);
@@ -366,7 +367,7 @@ public class UpdateCRL extends CMSServlet {
                         Date revocationDate = CMS.getCurrentDate();
                         String err = null;
 
-                        CRLExtensions entryExts = crlEntryExtensions (reason, invalidity);
+                        CRLExtensions entryExts = crlEntryExtensions(reason, invalidity);
 
                         BigInteger serialNumber = startFrom;
                         BigInteger counter = addLen;
@@ -380,16 +381,16 @@ public class UpdateCRL extends CMSServlet {
 
                         long t1 = System.currentTimeMillis();
                         long t2 = 0;
-                       
+
                         while (counter.compareTo(BigInteger.ZERO) > 0) {
                             RevokedCertImpl revokedCert =
-                                new RevokedCertImpl(serialNumber, revocationDate, entryExts);
+                                    new RevokedCertImpl(serialNumber, revocationDate, entryExts);
                             crlIssuingPoint.addRevokedCert(serialNumber, revokedCert);
                             serialNumber = serialNumber.add(BigInteger.ONE);
                             counter = counter.subtract(BigInteger.ONE);
 
                             if ((counter.compareTo(BigInteger.ZERO) == 0) ||
-                                (stepBy != null && ((counter.mod(stepBy)).compareTo(BigInteger.ZERO) == 0))) {
+                                    (stepBy != null && ((counter.mod(stepBy)).compareTo(BigInteger.ZERO) == 0))) {
                                 t2 = System.currentTimeMillis();
                                 long t0 = t2 - t1;
                                 t1 = t2;
@@ -465,40 +466,40 @@ public class UpdateCRL extends CMSServlet {
                         String agentId = (String) sContext.get(SessionContext.USER_ID);
                         IAuthToken authToken = (IAuthToken) sContext.get(SessionContext.AUTH_TOKEN);
                         String authMgr = AuditFormat.NOAUTH;
-        
+
                         if (authToken != null) {
                             authMgr = authToken.getInString(AuthToken.TOKEN_AUTHMGR_INST_NAME);
                         }
                         long endTime = CMS.getCurrentDate().getTime();
 
                         if (crlIssuingPoint.getNextUpdate() != null) {
-                            mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER, 
-                                AuditFormat.LEVEL,
-                                AuditFormat.CRLUPDATEFORMAT,
-                                new Object[] { 
-                                    AuditFormat.FROMAGENT + " agentID: " + agentId,
-                                    authMgr,
-                                    "completed",
-                                    crlIssuingPoint.getId(),
-                                    crlIssuingPoint.getCRLNumber(),
-                                    crlIssuingPoint.getLastUpdate(),
-                                    crlIssuingPoint.getNextUpdate(),
-                                    Long.toString(crlIssuingPoint.getCRLSize()) + " time: " + (endTime - startTime)}
-                            );
-                        }else {
-                            mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER, 
-                                AuditFormat.LEVEL,
-                                AuditFormat.CRLUPDATEFORMAT,
-                                new Object[] { 
-                                    AuditFormat.FROMAGENT + " agentID: " + agentId,
-                                    authMgr,
-                                    "completed",
-                                    crlIssuingPoint.getId(),
-                                    crlIssuingPoint.getCRLNumber(),
-                                    crlIssuingPoint.getLastUpdate(),
-                                    "not set",
-                                    Long.toString(crlIssuingPoint.getCRLSize()) + " time: " + (endTime - startTime)}
-                            );
+                            mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER,
+                                    AuditFormat.LEVEL,
+                                    AuditFormat.CRLUPDATEFORMAT,
+                                    new Object[] {
+                                            AuditFormat.FROMAGENT + " agentID: " + agentId,
+                                            authMgr,
+                                            "completed",
+                                            crlIssuingPoint.getId(),
+                                            crlIssuingPoint.getCRLNumber(),
+                                            crlIssuingPoint.getLastUpdate(),
+                                            crlIssuingPoint.getNextUpdate(),
+                                            Long.toString(crlIssuingPoint.getCRLSize()) + " time: " + (endTime - startTime) }
+                                    );
+                        } else {
+                            mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER,
+                                    AuditFormat.LEVEL,
+                                    AuditFormat.CRLUPDATEFORMAT,
+                                    new Object[] {
+                                            AuditFormat.FROMAGENT + " agentID: " + agentId,
+                                            authMgr,
+                                            "completed",
+                                            crlIssuingPoint.getId(),
+                                            crlIssuingPoint.getCRLNumber(),
+                                            crlIssuingPoint.getLastUpdate(),
+                                            "not set",
+                                            Long.toString(crlIssuingPoint.getCRLSize()) + " time: " + (endTime - startTime) }
+                                    );
                         }
                     } catch (EBaseException e) {
                         log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ERR_UPDATE_CRL", e.toString()));
@@ -511,8 +512,7 @@ public class UpdateCRL extends CMSServlet {
                     }
                 }
             } else {
-                if (crlIssuingPoint.isCRLIssuingPointInitialized()
-                           != ICRLIssuingPoint.CRL_IP_INITIALIZED) {
+                if (crlIssuingPoint.isCRLIssuingPointInitialized() != ICRLIssuingPoint.CRL_IP_INITIALIZED) {
                     header.addStringValue("crlUpdate", "notInitialized");
                 } else if (crlIssuingPoint.isCRLUpdateInProgress()
                            != ICRLIssuingPoint.CRL_UPDATE_DONE ||
diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/UpdateDir.java b/pki/base/common/src/com/netscape/cms/servlet/cert/UpdateDir.java
index ccba3362..5b7688c5 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/cert/UpdateDir.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/cert/UpdateDir.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.servlet.cert;
 
-
 import java.io.IOException;
 import java.math.BigInteger;
 import java.util.Enumeration;
@@ -58,10 +57,9 @@ import com.netscape.cms.servlet.common.CMSTemplate;
 import com.netscape.cms.servlet.common.CMSTemplateParams;
 import com.netscape.cms.servlet.common.ECMSGWException;
 
-
 /**
  * Update the configured LDAP server with specified objects
- *
+ * 
  * @version $Revision$, $Date$
  */
 public class UpdateDir extends CMSServlet {
@@ -85,12 +83,12 @@ public class UpdateDir extends CMSServlet {
     private final static int REVOKED_FROM = 10;
     private final static int REVOKED_TO = 11;
     private final static int CHECK_FLAG = 12;
-    private final static String[] updateName = 
-        {"updateAll", "updateCRL", "updateCA",
-            "updateValid", "validFrom", "validTo",
-            "updateExpired", "expiredFrom", "expiredTo",
-            "updateRevoked", "revokedFrom", "revokedTo",
-            "checkFlag"};
+    private final static String[] updateName =
+        { "updateAll", "updateCRL", "updateCA",
+                "updateValid", "validFrom", "validTo",
+                "updateExpired", "expiredFrom", "expiredTo",
+                "updateRevoked", "revokedFrom", "revokedTo",
+                "checkFlag" };
 
     private String mFormPath = null;
     private ICertificateAuthority mCA = null;
@@ -112,7 +110,7 @@ public class UpdateDir extends CMSServlet {
     public void init(ServletConfig sc) throws ServletException {
         super.init(sc);
 
-        if( mAuthority != null ) {
+        if (mAuthority != null) {
             mFormPath = "/" + mAuthority.getId() + "/" + TPL_FILE;
             if (mAuthority instanceof ICertificateAuthority) {
                 mCA = (ICertificateAuthority) mAuthority;
@@ -129,8 +127,8 @@ public class UpdateDir extends CMSServlet {
     }
 
     /**
-     * Process the HTTP request. 
-     *
+     * Process the HTTP request.
+     * 
      * @param cmsReq the object holding the request and response information
      */
     public void process(CMSRequest cmsReq) throws EBaseException {
@@ -146,10 +144,10 @@ public class UpdateDir extends CMSServlet {
                         mAuthzResourceName, "update");
         } catch (EAuthzAccessDenied e) {
             log(ILogger.LL_FAILURE,
-                CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+                    CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
         } catch (Exception e) {
             log(ILogger.LL_FAILURE,
-                CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+                    CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
         }
 
         if (authzToken == null) {
@@ -169,17 +167,17 @@ public class UpdateDir extends CMSServlet {
         try {
             form = getTemplate(mFormPath, req, locale);
         } catch (IOException e) {
-            log(ILogger.LL_FAILURE, 
-                CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString()));
+            log(ILogger.LL_FAILURE,
+                    CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString()));
             throw new ECMSGWException(
-              CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
+                    CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
         }
 
         try {
             String crlIssuingPointId = req.getParameter("crlIssuingPoint");
 
             if (mPublisherProcessor == null ||
-                !mPublisherProcessor.enabled())
+                    !mPublisherProcessor.enabled())
                 throw new ECMSGWException(CMS.getUserMessage("CMS_GW_NO_PUB_MODULE"));
 
             String[] updateValue = new String[updateName.length];
@@ -191,7 +189,7 @@ public class UpdateDir extends CMSServlet {
             String masterHost = CMS.getConfigStore().getString("master.ca.agent.host", "");
             String masterPort = CMS.getConfigStore().getString("master.ca.agent.port", "");
             if (masterHost != null && masterHost.length() > 0 &&
-                masterPort != null && masterPort.length() > 0) {
+                    masterPort != null && masterPort.length() > 0) {
                 mClonedCA = true;
             }
 
@@ -206,29 +204,29 @@ public class UpdateDir extends CMSServlet {
             if (error == null) {
                 String xmlOutput = req.getParameter("xml");
                 if (xmlOutput != null && xmlOutput.equals("true")) {
-                  outputXML(resp, argSet);
+                    outputXML(resp, argSet);
                 } else {
-                  resp.setContentType("text/html");
-                  form.renderOutput(out, argSet);
-                  cmsReq.setStatus(CMSRequest.SUCCESS);
+                    resp.setContentType("text/html");
+                    form.renderOutput(out, argSet);
+                    cmsReq.setStatus(CMSRequest.SUCCESS);
                 }
             } else {
                 cmsReq.setStatus(CMSRequest.ERROR);
                 cmsReq.setError(error);
             }
         } catch (IOException e) {
-            log(ILogger.LL_FAILURE, 
-                CMS.getLogMessage("CMSGW_ERR_OUT_STREAM_TEMPLATE", e.toString()));
+            log(ILogger.LL_FAILURE,
+                    CMS.getLogMessage("CMSGW_ERR_OUT_STREAM_TEMPLATE", e.toString()));
             throw new ECMSGWException(
-              CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
+                    CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
         }
     }
 
     private void updateCRLIssuingPoint(
-        IArgBlock header, 
-        String crlIssuingPointId,
-        ICRLIssuingPoint crlIssuingPoint,
-        Locale locale) {
+            IArgBlock header,
+            String crlIssuingPointId,
+            ICRLIssuingPoint crlIssuingPoint,
+            Locale locale) {
         SessionContext sc = SessionContext.getContext();
 
         sc.put(ICRLIssuingPoint.SC_ISSUING_POINT_ID, crlIssuingPointId);
@@ -237,28 +235,28 @@ public class UpdateDir extends CMSServlet {
 
         try {
             if (mCRLRepository != null) {
-                crlRecord = (ICRLIssuingPointRecord)mCRLRepository.readCRLIssuingPointRecord(crlIssuingPointId);
+                crlRecord = (ICRLIssuingPointRecord) mCRLRepository.readCRLIssuingPointRecord(crlIssuingPointId);
             }
         } catch (EBaseException e) {
             log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ERR_GET_CRL_RECORD", e.toString()));
         }
 
         if (crlRecord == null) {
-            log(ILogger.LL_FAILURE, 
-                CMS.getLogMessage("CMSGW_CRL_NOT_YET_UPDATED_1", crlIssuingPointId));
+            log(ILogger.LL_FAILURE,
+                    CMS.getLogMessage("CMSGW_CRL_NOT_YET_UPDATED_1", crlIssuingPointId));
             header.addStringValue("crlPublished", "Failure");
             header.addStringValue("crlError",
-                new ECMSGWException(CMS.getUserMessage(locale, "CMS_GW_CRL_NOT_YET_UPDATED")).toString());
+                    new ECMSGWException(CMS.getUserMessage(locale, "CMS_GW_CRL_NOT_YET_UPDATED")).toString());
         } else {
-            String publishDN = (crlIssuingPoint != null)? crlIssuingPoint.getPublishDN(): null;
+            String publishDN = (crlIssuingPoint != null) ? crlIssuingPoint.getPublishDN() : null;
             byte[] crlbytes = crlRecord.getCRL();
 
             if (crlbytes == null) {
-                log(ILogger.LL_FAILURE, 
-                    CMS.getLogMessage("CMSGW_CRL_NOT_YET_UPDATED_1", ""));
+                log(ILogger.LL_FAILURE,
+                        CMS.getLogMessage("CMSGW_CRL_NOT_YET_UPDATED_1", ""));
                 header.addStringValue("crlPublished", "Failure");
                 header.addStringValue("crlError",
-                    new ECMSGWException(CMS.getUserMessage(locale, "CMS_GW_CRL_NOT_YET_UPDATED")).toString());
+                        new ECMSGWException(CMS.getUserMessage(locale, "CMS_GW_CRL_NOT_YET_UPDATED")).toString());
             } else {
                 X509CRLImpl crl = null;
 
@@ -271,13 +269,13 @@ public class UpdateDir extends CMSServlet {
                 if (crl == null) {
                     header.addStringValue("crlPublished", "Failure");
                     header.addStringValue("crlError",
-                        new ECMSGWException(CMS.getUserMessage(locale,"CMS_GW_DECODE_CRL_FAILED")).toString());
+                            new ECMSGWException(CMS.getUserMessage(locale, "CMS_GW_DECODE_CRL_FAILED")).toString());
                 } else {
                     try {
                         if (publishDN != null) {
                             mPublisherProcessor.publishCRL(publishDN, crl);
                         } else {
-                            mPublisherProcessor.publishCRL(crl,crlIssuingPointId);
+                            mPublisherProcessor.publishCRL(crl, crlIssuingPointId);
                         }
                         header.addStringValue("crlPublished", "Success");
                     } catch (ELdapException e) {
@@ -307,20 +305,20 @@ public class UpdateDir extends CMSServlet {
                     BigInteger deltaNumber = crlRecord.getDeltaCRLNumber();
                     Long deltaCRLSize = crlRecord.getDeltaCRLSize();
                     if (deltaCRLSize != null && deltaCRLSize.longValue() > -1 &&
-                        crlNumber != null && deltaNumber != null &&
-                        deltaNumber.compareTo(crlNumber) >= 0) {
+                            crlNumber != null && deltaNumber != null &&
+                            deltaNumber.compareTo(crlNumber) >= 0) {
                         goodDelta = true;
                     }
                 }
 
                 if (deltaCrl != null && ((mClonedCA && goodDelta) ||
-                    (crlIssuingPoint != null &&
-                     crlIssuingPoint.isThisCurrentDeltaCRL(deltaCrl)))) {
+                        (crlIssuingPoint != null &&
+                        crlIssuingPoint.isThisCurrentDeltaCRL(deltaCrl)))) {
                     try {
                         if (publishDN != null) {
                             mPublisherProcessor.publishCRL(publishDN, deltaCrl);
                         } else {
-                            mPublisherProcessor.publishCRL(deltaCrl,crlIssuingPointId);
+                            mPublisherProcessor.publishCRL(deltaCrl, crlIssuingPointId);
                         }
                     } catch (ELdapException e) {
                         log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ERR_PUBLISH_DELTA_CRL", e.toString()));
@@ -331,16 +329,16 @@ public class UpdateDir extends CMSServlet {
     }
 
     private void process(CMSTemplateParams argSet, IArgBlock header,
-        HttpServletRequest req,
-        HttpServletResponse resp,
-        String crlIssuingPointId,
-        String[] updateValue,
-        Locale locale)
-        throws EBaseException {
+            HttpServletRequest req,
+            HttpServletResponse resp,
+            String crlIssuingPointId,
+            String[] updateValue,
+            Locale locale)
+            throws EBaseException {
         // all or crl
         if ((updateValue[UPDATE_ALL] != null &&
                 updateValue[UPDATE_ALL].equalsIgnoreCase("yes")) ||
-            (updateValue[UPDATE_CRL] != null &&
+                (updateValue[UPDATE_CRL] != null &&
                 updateValue[UPDATE_CRL].equalsIgnoreCase("yes"))) {
             // check if received issuing point ID is known to the server
             if (crlIssuingPointId != null) {
@@ -352,7 +350,8 @@ public class UpdateDir extends CMSServlet {
                     if (crlIssuingPointId.equals(ip.getId())) {
                         break;
                     }
-                    if (!ips.hasMoreElements()) crlIssuingPointId = null;
+                    if (!ips.hasMoreElements())
+                        crlIssuingPointId = null;
                 }
             }
             if (crlIssuingPointId == null) {
@@ -361,7 +360,7 @@ public class UpdateDir extends CMSServlet {
                     Vector ipNames = mCRLRepository.getIssuingPointsNames();
                     if (ipNames != null && ipNames.size() > 0) {
                         for (int i = 0; i < ipNames.size(); i++) {
-                            String ipName = (String)ipNames.elementAt(i);
+                            String ipName = (String) ipNames.elementAt(i);
 
                             updateCRLIssuingPoint(header, ipName, null, locale);
                         }
@@ -377,11 +376,11 @@ public class UpdateDir extends CMSServlet {
                 }
             } else {
                 ICRLIssuingPoint crlIssuingPoint =
-                    mCA.getCRLIssuingPoint(crlIssuingPointId);
+                        mCA.getCRLIssuingPoint(crlIssuingPointId);
                 ICRLIssuingPointRecord crlRecord = null;
 
-                updateCRLIssuingPoint(header, crlIssuingPointId, 
-                    crlIssuingPoint, locale);
+                updateCRLIssuingPoint(header, crlIssuingPointId,
+                        crlIssuingPoint, locale);
             }
         }
 
@@ -390,7 +389,7 @@ public class UpdateDir extends CMSServlet {
         // all or ca
         if ((updateValue[UPDATE_ALL] != null &&
                 updateValue[UPDATE_ALL].equalsIgnoreCase("yes")) ||
-            (updateValue[UPDATE_CA] != null &&
+                (updateValue[UPDATE_CA] != null &&
                 updateValue[UPDATE_CA].equalsIgnoreCase("yes"))) {
             X509CertImpl caCert = mCA.getSigningUnit().getCertImpl();
 
@@ -408,7 +407,7 @@ public class UpdateDir extends CMSServlet {
         // all or valid
         if ((updateValue[UPDATE_ALL] != null &&
                 updateValue[UPDATE_ALL].equalsIgnoreCase("yes")) ||
-            (updateValue[UPDATE_VALID] != null &&
+                (updateValue[UPDATE_VALID] != null &&
                 updateValue[UPDATE_VALID].equalsIgnoreCase("yes"))) {
             if (certificateRepository != null) {
                 if (updateValue[VALID_FROM].startsWith("0x")) {
@@ -420,16 +419,16 @@ public class UpdateDir extends CMSServlet {
                 Enumeration validCerts = null;
 
                 if (updateValue[CHECK_FLAG] != null &&
-                    updateValue[CHECK_FLAG].equalsIgnoreCase("yes")) {
-                    validCerts = 
+                        updateValue[CHECK_FLAG].equalsIgnoreCase("yes")) {
+                    validCerts =
                             certificateRepository.getValidNotPublishedCertificates(
-                                updateValue[VALID_FROM],
-                                updateValue[VALID_TO]);
+                                    updateValue[VALID_FROM],
+                                    updateValue[VALID_TO]);
                 } else {
-                    validCerts = 
+                    validCerts =
                             certificateRepository.getValidCertificates(
-                                updateValue[VALID_FROM],
-                                updateValue[VALID_TO]);
+                                    updateValue[VALID_FROM],
+                                    updateValue[VALID_TO]);
                 }
                 int i = 0;
                 int l = 0;
@@ -438,8 +437,8 @@ public class UpdateDir extends CMSServlet {
                 if (validCerts != null) {
                     while (validCerts.hasMoreElements()) {
                         ICertRecord certRecord =
-                            (ICertRecord) validCerts.nextElement();
-                        //X509CertImpl cert = certRecord.getCertificate();
+                                (ICertRecord) validCerts.nextElement();
+                        // X509CertImpl cert = certRecord.getCertificate();
                         X509CertImpl cert = null;
                         Object o = certRecord.getCertificate();
 
@@ -454,9 +453,9 @@ public class UpdateDir extends CMSServlet {
                             // ca's self signed signing cert and
                             // server cert has no related request and
                             // have no metaInfo
-                            log(ILogger.LL_FAILURE,					
-                                CMS.getLogMessage("CMSGW_FAIL_GET_ICERT_RECORD",
-                                    cert.getSerialNumber().toString(16)));
+                            log(ILogger.LL_FAILURE,
+                                    CMS.getLogMessage("CMSGW_FAIL_GET_ICERT_RECORD",
+                                            cert.getSerialNumber().toString(16)));
                         } else {
                             ridString = (String) metaInfo.get(ICertRecord.META_REQUEST_ID);
                         }
@@ -465,55 +464,55 @@ public class UpdateDir extends CMSServlet {
 
                         if (ridString != null) {
                             RequestId rid = new RequestId(ridString);
-						
+
                             r = mCA.getRequestQueue().findRequest(rid);
-                        } 
+                        }
 
                         try {
                             l++;
-                            SessionContext sc = SessionContext.getContext();                                
+                            SessionContext sc = SessionContext.getContext();
 
                             if (r == null) {
                                 if (CMS.isEncryptionCert(cert))
                                     sc.put((Object) "isEncryptionCert", (Object) "true");
-                                else 
+                                else
                                     sc.put((Object) "isEncryptionCert", (Object) "false");
                                 mPublisherProcessor.publishCert(cert, null);
                             } else {
                                 if (CMS.isEncryptionCert(cert))
                                     r.setExtData("isEncryptionCert", "true");
-                                else 
+                                else
                                     r.setExtData("isEncryptionCert", "false");
                                 mPublisherProcessor.publishCert(cert, r);
                             }
                             i++;
                         } catch (Exception e) {
-                            log(ILogger.LL_FAILURE, 
-                                CMS.getLogMessage("CMSGW_FAIL_PUBLISH_CERT", certRecord.getSerialNumber().toString(16),
-                                    e.toString()));
+                            log(ILogger.LL_FAILURE,
+                                    CMS.getLogMessage("CMSGW_FAIL_PUBLISH_CERT", certRecord.getSerialNumber().toString(16),
+                                            e.toString()));
                             validCertsError +=
                                     "Failed to publish certificate: 0x" +
-                                    certRecord.getSerialNumber().toString(16) +
-                                    ".\n <BR> &nbsp;&nbsp;&nbsp;&nbsp;";
+                                            certRecord.getSerialNumber().toString(16) +
+                                            ".\n <BR> &nbsp;&nbsp;&nbsp;&nbsp;";
                         }
                     }
                 }
                 if (i > 0 && i == l) {
                     header.addStringValue("validCertsPublished",
-                        "Success");
+                            "Success");
                     if (i == 1)
-                        header.addStringValue("validCertsError", i + 
-                            " valid certificate is published in the directory.");
+                        header.addStringValue("validCertsError", i +
+                                " valid certificate is published in the directory.");
                     else
-                        header.addStringValue("validCertsError", i + 
-                            " valid certificates are published in the directory.");
+                        header.addStringValue("validCertsError", i +
+                                " valid certificates are published in the directory.");
                 } else {
                     if (l == 0) {
                         header.addStringValue("validCertsPublished", "No");
                     } else {
                         header.addStringValue("validCertsPublished", "Failure");
-                        header.addStringValue("validCertsError", 
-                            validCertsError);
+                        header.addStringValue("validCertsError",
+                                validCertsError);
                     }
                 }
             } else {
@@ -525,7 +524,7 @@ public class UpdateDir extends CMSServlet {
         // all or expired
         if ((updateValue[UPDATE_ALL] != null &&
                 updateValue[UPDATE_ALL].equalsIgnoreCase("yes")) ||
-            (updateValue[UPDATE_EXPIRED] != null &&
+                (updateValue[UPDATE_EXPIRED] != null &&
                 updateValue[UPDATE_EXPIRED].equalsIgnoreCase("yes"))) {
             if (certificateRepository != null) {
                 if (updateValue[EXPIRED_FROM].startsWith("0x")) {
@@ -537,26 +536,26 @@ public class UpdateDir extends CMSServlet {
                 Enumeration expiredCerts = null;
 
                 if (updateValue[CHECK_FLAG] != null &&
-                    updateValue[CHECK_FLAG].equalsIgnoreCase("yes")) {
+                        updateValue[CHECK_FLAG].equalsIgnoreCase("yes")) {
                     expiredCerts =
                             certificateRepository.getExpiredPublishedCertificates(
-                                updateValue[EXPIRED_FROM],
-                                updateValue[EXPIRED_TO]);
+                                    updateValue[EXPIRED_FROM],
+                                    updateValue[EXPIRED_TO]);
                 } else {
                     expiredCerts =
                             certificateRepository.getExpiredCertificates(
-                                updateValue[EXPIRED_FROM],
-                                updateValue[EXPIRED_TO]);
+                                    updateValue[EXPIRED_FROM],
+                                    updateValue[EXPIRED_TO]);
                 }
                 int i = 0;
                 int l = 0;
                 StringBuffer expiredCertsError = new StringBuffer();
 
-                if (expiredCerts != null) { 
+                if (expiredCerts != null) {
                     while (expiredCerts.hasMoreElements()) {
                         ICertRecord certRecord =
-                            (ICertRecord) expiredCerts.nextElement();
-                        //X509CertImpl cert = certRecord.getCertificate();
+                                (ICertRecord) expiredCerts.nextElement();
+                        // X509CertImpl cert = certRecord.getCertificate();
                         X509CertImpl cert = null;
                         Object o = certRecord.getCertificate();
 
@@ -571,9 +570,9 @@ public class UpdateDir extends CMSServlet {
                             // ca's self signed signing cert and
                             // server cert has no related request and
                             // have no metaInfo
-                            log(ILogger.LL_FAILURE,					
-                                CMS.getLogMessage("CMSGW_FAIL_GET_ICERT_RECORD",
-                                    cert.getSerialNumber().toString(16)));
+                            log(ILogger.LL_FAILURE,
+                                    CMS.getLogMessage("CMSGW_FAIL_GET_ICERT_RECORD",
+                                            cert.getSerialNumber().toString(16)));
                         } else {
                             ridString = (String) metaInfo.get(ICertRecord.META_REQUEST_ID);
                         }
@@ -582,9 +581,9 @@ public class UpdateDir extends CMSServlet {
 
                         if (ridString != null) {
                             RequestId rid = new RequestId(ridString);
-						
+
                             r = mCA.getRequestQueue().findRequest(rid);
-                        } 
+                        }
 
                         try {
                             l++;
@@ -595,10 +594,10 @@ public class UpdateDir extends CMSServlet {
                             }
                             i++;
                         } catch (Exception e) {
-                            log(ILogger.LL_FAILURE, 
-                                CMS.getLogMessage("LDAP_ERROR_UNPUBLISH_CERT",
-                                    certRecord.getSerialNumber().toString(16),
-                                    e.toString()));
+                            log(ILogger.LL_FAILURE,
+                                    CMS.getLogMessage("LDAP_ERROR_UNPUBLISH_CERT",
+                                            certRecord.getSerialNumber().toString(16),
+                                            e.toString()));
                             expiredCertsError.append(
                                     "Failed to unpublish certificate: 0x");
                             expiredCertsError.append(
@@ -611,18 +610,18 @@ public class UpdateDir extends CMSServlet {
                 if (i > 0 && i == l) {
                     header.addStringValue("expiredCertsUnpublished", "Success");
                     if (i == 1)
-                        header.addStringValue("expiredCertsError", i + 
-                            " expired certificate is unpublished in the directory.");
+                        header.addStringValue("expiredCertsError", i +
+                                " expired certificate is unpublished in the directory.");
                     else
-                        header.addStringValue("expiredCertsError", i + 
-                            " expired certificates are unpublished in the directory.");
+                        header.addStringValue("expiredCertsError", i +
+                                " expired certificates are unpublished in the directory.");
                 } else {
                     if (l == 0) {
                         header.addStringValue("expiredCertsUnpublished", "No");
                     } else {
                         header.addStringValue("expiredCertsUnpublished", "Failure");
-                        header.addStringValue("expiredCertsError", 
-                            expiredCertsError.toString());
+                        header.addStringValue("expiredCertsError",
+                                expiredCertsError.toString());
                     }
                 }
             } else {
@@ -634,7 +633,7 @@ public class UpdateDir extends CMSServlet {
         // all or revoked
         if ((updateValue[UPDATE_ALL] != null &&
                 updateValue[UPDATE_ALL].equalsIgnoreCase("yes")) ||
-            (updateValue[UPDATE_REVOKED] != null &&
+                (updateValue[UPDATE_REVOKED] != null &&
                 updateValue[UPDATE_REVOKED].equalsIgnoreCase("yes"))) {
             if (certificateRepository != null) {
                 if (updateValue[REVOKED_FROM].startsWith("0x")) {
@@ -646,26 +645,26 @@ public class UpdateDir extends CMSServlet {
                 Enumeration revokedCerts = null;
 
                 if (updateValue[CHECK_FLAG] != null &&
-                    updateValue[CHECK_FLAG].equalsIgnoreCase("yes")) {
+                        updateValue[CHECK_FLAG].equalsIgnoreCase("yes")) {
                     revokedCerts =
                             certificateRepository.getRevokedPublishedCertificates(
-                                updateValue[REVOKED_FROM],
-                                updateValue[REVOKED_TO]);
+                                    updateValue[REVOKED_FROM],
+                                    updateValue[REVOKED_TO]);
                 } else {
                     revokedCerts =
                             certificateRepository.getRevokedCertificates(
-                                updateValue[REVOKED_FROM],
-                                updateValue[REVOKED_TO]);
+                                    updateValue[REVOKED_FROM],
+                                    updateValue[REVOKED_TO]);
                 }
                 int i = 0;
                 int l = 0;
                 String revokedCertsError = "";
 
-                if (revokedCerts != null) { 
+                if (revokedCerts != null) {
                     while (revokedCerts.hasMoreElements()) {
                         ICertRecord certRecord =
-                            (ICertRecord) revokedCerts.nextElement();
-                        //X509CertImpl cert = certRecord.getCertificate();
+                                (ICertRecord) revokedCerts.nextElement();
+                        // X509CertImpl cert = certRecord.getCertificate();
                         X509CertImpl cert = null;
                         Object o = certRecord.getCertificate();
 
@@ -680,9 +679,9 @@ public class UpdateDir extends CMSServlet {
                             // ca's self signed signing cert and
                             // server cert has no related request and
                             // have no metaInfo
-                            log(ILogger.LL_FAILURE,					
-                                CMS.getLogMessage("CMSGW_FAIL_GET_ICERT_RECORD",
-                                    cert.getSerialNumber().toString(16)));
+                            log(ILogger.LL_FAILURE,
+                                    CMS.getLogMessage("CMSGW_FAIL_GET_ICERT_RECORD",
+                                            cert.getSerialNumber().toString(16)));
                         } else {
                             ridString = (String) metaInfo.get(ICertRecord.META_REQUEST_ID);
                         }
@@ -691,9 +690,9 @@ public class UpdateDir extends CMSServlet {
 
                         if (ridString != null) {
                             RequestId rid = new RequestId(ridString);
-						
+
                             r = mCA.getRequestQueue().findRequest(rid);
-                        } 
+                        }
 
                         try {
                             l++;
@@ -704,32 +703,32 @@ public class UpdateDir extends CMSServlet {
                             }
                             i++;
                         } catch (Exception e) {
-                            log(ILogger.LL_FAILURE, 
-                                CMS.getLogMessage("LDAP_ERROR_UNPUBLISH_CERT",
-                                    certRecord.getSerialNumber().toString(16),
-                                    e.toString()));
+                            log(ILogger.LL_FAILURE,
+                                    CMS.getLogMessage("LDAP_ERROR_UNPUBLISH_CERT",
+                                            certRecord.getSerialNumber().toString(16),
+                                            e.toString()));
                             revokedCertsError +=
                                     "Failed to unpublish certificate: 0x" +
-                                    certRecord.getSerialNumber().toString(16) +
-                                    ".\n <BR> &nbsp;&nbsp;&nbsp;&nbsp;";
+                                            certRecord.getSerialNumber().toString(16) +
+                                            ".\n <BR> &nbsp;&nbsp;&nbsp;&nbsp;";
                         }
                     }
                 }
                 if (i > 0 && i == l) {
                     header.addStringValue("revokedCertsUnpublished", "Success");
                     if (i == 1)
-                        header.addStringValue("revokedCertsError", i + 
-                            " revoked certificate is unpublished in the directory.");
+                        header.addStringValue("revokedCertsError", i +
+                                " revoked certificate is unpublished in the directory.");
                     else
-                        header.addStringValue("revokedCertsError", i + 
-                            " revoked certificates are unpublished in the directory.");
+                        header.addStringValue("revokedCertsError", i +
+                                " revoked certificates are unpublished in the directory.");
                 } else {
                     if (l == 0) {
                         header.addStringValue("revokedCertsUnpublished", "No");
                     } else {
                         header.addStringValue("revokedCertsUnpublished", "Failure");
-                        header.addStringValue("revokedCertsError", 
-                            revokedCertsError);
+                        header.addStringValue("revokedCertsError",
+                                revokedCertsError);
                     }
                 }
             } else {
diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/scep/CRSEnrollment.java b/pki/base/common/src/com/netscape/cms/servlet/cert/scep/CRSEnrollment.java
index f181e156..ad28c921 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/cert/scep/CRSEnrollment.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/cert/scep/CRSEnrollment.java
@@ -122,242 +122,234 @@ import com.netscape.certsrv.request.RequestStatus;
 import com.netscape.cms.servlet.profile.SSLClientCertProvider;
 import com.netscape.cmsutil.scep.CRSPKIMessage;
 
-
 /**
- * This servlet deals with PKCS#10-based certificate requests from
- * CRS, now called SCEP, and defined at:
- *    http://search.ietf.org/internet-drafts/draft-nourse-scep-02.txt
+ * This servlet deals with PKCS#10-based certificate requests from CRS, now
+ * called SCEP, and defined at:
+ * http://search.ietf.org/internet-drafts/draft-nourse-scep-02.txt
  * 
  * The router is hardcoded to look for the http://host:80/cgi-bin/pkiclient.exe
- *
- * The HTTP parameters are 'operation' and 'message'
- * operation can be either 'GetCACert' or 'PKIOperation'
- *
+ * 
+ * The HTTP parameters are 'operation' and 'message' operation can be either
+ * 'GetCACert' or 'PKIOperation'
+ * 
  * @version $Revision$, $Date$
  */
-public class CRSEnrollment extends HttpServlet
-{
-  /**
+public class CRSEnrollment extends HttpServlet {
+    /**
      *
      */
     private static final long serialVersionUID = 8483002540957382369L;
-protected IProfileSubsystem     mProfileSubsystem = null;
-  protected String                mProfileId = null;
-  protected ICertAuthority        mAuthority;
-  protected IConfigStore          mConfig = null;
-  protected IAuthSubsystem        mAuthSubsystem;
-  protected String                mAppendDN=null;
-  protected String                mEntryObjectclass=null;
-  protected boolean               mCreateEntry=false;
-  protected boolean               mFlattenDN=false;
-
-  private   String                mAuthManagerName;
-  private   String                mSubstoreName;
-  private   boolean               mEnabled = false;
-  private   boolean               mUseCA = true;
-  private   String                mNickname = null;
-  private   String                mTokenName = "";
-  private   String                mHashAlgorithm = "SHA1";
-  private   String                mHashAlgorithmList = null;
-  private   String[]              mAllowedHashAlgorithm;
-  private   String                mConfiguredEncryptionAlgorithm = "DES3";
-  private   String                mEncryptionAlgorithm = "DES3";
-  private   String                mEncryptionAlgorithmList = null;
-  private   String[]              mAllowedEncryptionAlgorithm;
-  private   Random                mRandom = null;
-  private   int                   mNonceSizeLimit = 0;
-  protected ILogger mLogger =      CMS.getLogger();
-  private ICertificateAuthority ca;
-		/* for hashing challenge password */
-  protected MessageDigest mSHADigest = null;
-    
-  private static final String PROP_SUBSTORENAME   = "substorename";
-  private static final String PROP_AUTHORITY   = "authority";
-  private static final String PROP_CRS        = "crs";
-  private static final String PROP_CRSCA      = "casubsystem";
-  private static final String PROP_CRSAUTHMGR = "authName";
-  private static final String PROP_APPENDDN   = "appendDN";
-  private static final String PROP_CREATEENTRY= "createEntry";
-  private static final String PROP_FLATTENDN  = "flattenDN";
-  private static final String PROP_ENTRYOC    = "entryObjectclass";
-    
-  // URL parameters
-  private static final String URL_OPERATION   = "operation";
-  private static final String URL_MESSAGE     = "message";
-
-  // possible values for 'operation'
-  private static final String OP_GETCACERT    = "GetCACert";
-  private static final String OP_PKIOPERATION = "PKIOperation";
-
-  public static final String AUTH_PASSWORD    = "pwd";
-
-  public static final String AUTH_CREDS       = "AuthCreds";
-  public static final String AUTH_TOKEN       = "AuthToken";
-  public static final String AUTH_FAILED      = "AuthFailed";
- 
-  public static final String SANE_DNSNAME     = "DNSName";
-  public static final String SANE_IPADDRESS   = "IPAddress";
-
-  public static final String CERTINFO         = "CertInfo";
-  public static final String SUBJECTNAME      = "SubjectName";
-
-
-  public static ObjectIdentifier OID_UNSTRUCTUREDNAME    = null;
-  public static ObjectIdentifier OID_UNSTRUCTUREDADDRESS = null;
-  public static ObjectIdentifier OID_SERIALNUMBER        = null;
-
-  public CRSEnrollment(){}
-
-  public static Hashtable<String, String> toHashtable(HttpServletRequest req) {
-       Hashtable<String, String> httpReqHash = new Hashtable<String, String>();
-       @SuppressWarnings("unchecked")
-	Enumeration<String> names = req.getParameterNames();
-       while (names.hasMoreElements()) {
-               String name = (String)names.nextElement();
-               httpReqHash.put(name, req.getParameter(name));
-       }
-       return httpReqHash;
-   }
-
-  public void init(ServletConfig sc) {
-      // Find the CertificateAuthority we should use for CRS.
-	  String crsCA = sc.getInitParameter(PROP_AUTHORITY);
-	  if (crsCA == null)
-		  crsCA = "ca";
-	  mAuthority = (ICertAuthority) CMS.getSubsystem(crsCA);
-	  ca = (ICertificateAuthority)mAuthority;
-
-	  if (mAuthority == null) {
-          log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_CANT_FIND_AUTHORITY",crsCA));
-	  }
-
-      try {
-          if (mAuthority instanceof ISubsystem) {
-              IConfigStore authorityConfig = ((ISubsystem)mAuthority).getConfigStore();
-              IConfigStore scepConfig = authorityConfig.getSubStore("scep");
-              mEnabled = scepConfig.getBoolean("enable", false);
-              mHashAlgorithm = scepConfig.getString("hashAlgorithm", "SHA1");
-              mConfiguredEncryptionAlgorithm = scepConfig.getString("encryptionAlgorithm", "DES3");
-              mNonceSizeLimit = scepConfig.getInteger("nonceSizeLimit", 0);
-              mHashAlgorithmList = scepConfig.getString("allowedHashAlgorithms", "SHA1,SHA256,SHA512");
-              mAllowedHashAlgorithm = mHashAlgorithmList.split(",");
-              mEncryptionAlgorithmList = scepConfig.getString("allowedEncryptionAlgorithms", "DES3");
-              mAllowedEncryptionAlgorithm = mEncryptionAlgorithmList.split(",");
-              mNickname = scepConfig.getString("nickname", ca.getNickname());
-              if (mNickname.equals(ca.getNickname())) {
-                  mTokenName = ca.getSigningUnit().getTokenName();
-              } else {
-                  mTokenName = scepConfig.getString("tokenname", "");
-                  mUseCA = false;
-              }
-              if (!(mTokenName.equalsIgnoreCase(Constants.PR_INTERNAL_TOKEN) ||
-                    mTokenName.equalsIgnoreCase("Internal Key Storage Token") ||
-                    mTokenName.length() == 0)) {
-                  int i = mNickname.indexOf(':');
-                  if (!((i > -1) && (mTokenName.length() == i) && (mNickname.startsWith(mTokenName)))) {
-                      mNickname = mTokenName + ":" + mNickname;
-                  }
-              }
-          }
-      } catch (EBaseException e) {
-          CMS.debug("CRSEnrollment: init: EBaseException: "+e);
-      } 
-      mEncryptionAlgorithm = mConfiguredEncryptionAlgorithm;
-      CMS.debug("CRSEnrollment: init: SCEP support is "+((mEnabled)?"enabled":"disabled")+".");
-      CMS.debug("CRSEnrollment: init: SCEP nickname: "+mNickname);
-      CMS.debug("CRSEnrollment: init:   CA nickname: "+ca.getNickname());
-      CMS.debug("CRSEnrollment: init:    Token name: "+mTokenName);
-      CMS.debug("CRSEnrollment: init: Is SCEP using CA keys: "+mUseCA);
-      CMS.debug("CRSEnrollment: init: mNonceSizeLimit: "+mNonceSizeLimit);
-      CMS.debug("CRSEnrollment: init: mHashAlgorithm: "+mHashAlgorithm);
-      CMS.debug("CRSEnrollment: init: mHashAlgorithmList: "+mHashAlgorithmList);
-      for (int i = 0; i < mAllowedHashAlgorithm.length; i++) {
-          mAllowedHashAlgorithm[i] = mAllowedHashAlgorithm[i].trim();
-          CMS.debug("CRSEnrollment: init: mAllowedHashAlgorithm["+i+"]="+mAllowedHashAlgorithm[i]);
-      }
-      CMS.debug("CRSEnrollment: init: mEncryptionAlgorithm: "+mEncryptionAlgorithm);
-      CMS.debug("CRSEnrollment: init: mEncryptionAlgorithmList: "+mEncryptionAlgorithmList);
-      for (int i = 0; i < mAllowedEncryptionAlgorithm.length; i++) {
-          mAllowedEncryptionAlgorithm[i] = mAllowedEncryptionAlgorithm[i].trim();
-          CMS.debug("CRSEnrollment: init: mAllowedEncryptionAlgorithm["+i+"]="+mAllowedEncryptionAlgorithm[i]);
-      }
-
-      try {
-	      mProfileSubsystem = (IProfileSubsystem)CMS.getSubsystem("profile");
-          mProfileId  = sc.getInitParameter("profileId");
-          CMS.debug("CRSEnrollment: init: mProfileId="+mProfileId);
-
-	      mAuthSubsystem   = (IAuthSubsystem)CMS.getSubsystem(CMS.SUBSYSTEM_AUTH);
-          mAuthManagerName  = sc.getInitParameter(PROP_CRSAUTHMGR);
-          mAppendDN         = sc.getInitParameter(PROP_APPENDDN);
-		  String tmp = sc.getInitParameter(PROP_CREATEENTRY);
-		  if (tmp != null && tmp.trim().equalsIgnoreCase("true"))
-			  mCreateEntry = true;
-		  else
-			  mCreateEntry = false;
-		  tmp = sc.getInitParameter(PROP_FLATTENDN);
-		  if (tmp != null && tmp.trim().equalsIgnoreCase("true"))
-			  mFlattenDN = true;
-		  else
-			  mFlattenDN = false;
-          mEntryObjectclass = sc.getInitParameter(PROP_ENTRYOC);
-		  if (mEntryObjectclass == null)
-			  mEntryObjectclass = "cep";
-          mSubstoreName = sc.getInitParameter(PROP_SUBSTORENAME);
-		  if (mSubstoreName == null)
-			  mSubstoreName = "default";
-      } catch (Exception e) {
-      } 
-
-      OID_UNSTRUCTUREDNAME    = X500NameAttrMap.getDefault().getOid("UNSTRUCTUREDNAME");
-      OID_UNSTRUCTUREDADDRESS = X500NameAttrMap.getDefault().getOid("UNSTRUCTUREDADDRESS");
-      OID_SERIALNUMBER        = X500NameAttrMap.getDefault().getOid("SERIALNUMBER");
-
-
-	try {
-      mSHADigest = MessageDigest.getInstance("SHA1");
+    protected IProfileSubsystem mProfileSubsystem = null;
+    protected String mProfileId = null;
+    protected ICertAuthority mAuthority;
+    protected IConfigStore mConfig = null;
+    protected IAuthSubsystem mAuthSubsystem;
+    protected String mAppendDN = null;
+    protected String mEntryObjectclass = null;
+    protected boolean mCreateEntry = false;
+    protected boolean mFlattenDN = false;
+
+    private String mAuthManagerName;
+    private String mSubstoreName;
+    private boolean mEnabled = false;
+    private boolean mUseCA = true;
+    private String mNickname = null;
+    private String mTokenName = "";
+    private String mHashAlgorithm = "SHA1";
+    private String mHashAlgorithmList = null;
+    private String[] mAllowedHashAlgorithm;
+    private String mConfiguredEncryptionAlgorithm = "DES3";
+    private String mEncryptionAlgorithm = "DES3";
+    private String mEncryptionAlgorithmList = null;
+    private String[] mAllowedEncryptionAlgorithm;
+    private Random mRandom = null;
+    private int mNonceSizeLimit = 0;
+    protected ILogger mLogger = CMS.getLogger();
+    private ICertificateAuthority ca;
+    /* for hashing challenge password */
+    protected MessageDigest mSHADigest = null;
+
+    private static final String PROP_SUBSTORENAME = "substorename";
+    private static final String PROP_AUTHORITY = "authority";
+    private static final String PROP_CRS = "crs";
+    private static final String PROP_CRSCA = "casubsystem";
+    private static final String PROP_CRSAUTHMGR = "authName";
+    private static final String PROP_APPENDDN = "appendDN";
+    private static final String PROP_CREATEENTRY = "createEntry";
+    private static final String PROP_FLATTENDN = "flattenDN";
+    private static final String PROP_ENTRYOC = "entryObjectclass";
+
+    // URL parameters
+    private static final String URL_OPERATION = "operation";
+    private static final String URL_MESSAGE = "message";
+
+    // possible values for 'operation'
+    private static final String OP_GETCACERT = "GetCACert";
+    private static final String OP_PKIOPERATION = "PKIOperation";
+
+    public static final String AUTH_PASSWORD = "pwd";
+
+    public static final String AUTH_CREDS = "AuthCreds";
+    public static final String AUTH_TOKEN = "AuthToken";
+    public static final String AUTH_FAILED = "AuthFailed";
+
+    public static final String SANE_DNSNAME = "DNSName";
+    public static final String SANE_IPADDRESS = "IPAddress";
+
+    public static final String CERTINFO = "CertInfo";
+    public static final String SUBJECTNAME = "SubjectName";
+
+    public static ObjectIdentifier OID_UNSTRUCTUREDNAME = null;
+    public static ObjectIdentifier OID_UNSTRUCTUREDADDRESS = null;
+    public static ObjectIdentifier OID_SERIALNUMBER = null;
+
+    public CRSEnrollment() {
+    }
+
+    public static Hashtable<String, String> toHashtable(HttpServletRequest req) {
+        Hashtable<String, String> httpReqHash = new Hashtable<String, String>();
+        @SuppressWarnings("unchecked")
+        Enumeration<String> names = req.getParameterNames();
+        while (names.hasMoreElements()) {
+            String name = (String) names.nextElement();
+            httpReqHash.put(name, req.getParameter(name));
+        }
+        return httpReqHash;
+    }
+
+    public void init(ServletConfig sc) {
+        // Find the CertificateAuthority we should use for CRS.
+        String crsCA = sc.getInitParameter(PROP_AUTHORITY);
+        if (crsCA == null)
+            crsCA = "ca";
+        mAuthority = (ICertAuthority) CMS.getSubsystem(crsCA);
+        ca = (ICertificateAuthority) mAuthority;
+
+        if (mAuthority == null) {
+            log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_CANT_FIND_AUTHORITY", crsCA));
+        }
+
+        try {
+            if (mAuthority instanceof ISubsystem) {
+                IConfigStore authorityConfig = ((ISubsystem) mAuthority).getConfigStore();
+                IConfigStore scepConfig = authorityConfig.getSubStore("scep");
+                mEnabled = scepConfig.getBoolean("enable", false);
+                mHashAlgorithm = scepConfig.getString("hashAlgorithm", "SHA1");
+                mConfiguredEncryptionAlgorithm = scepConfig.getString("encryptionAlgorithm", "DES3");
+                mNonceSizeLimit = scepConfig.getInteger("nonceSizeLimit", 0);
+                mHashAlgorithmList = scepConfig.getString("allowedHashAlgorithms", "SHA1,SHA256,SHA512");
+                mAllowedHashAlgorithm = mHashAlgorithmList.split(",");
+                mEncryptionAlgorithmList = scepConfig.getString("allowedEncryptionAlgorithms", "DES3");
+                mAllowedEncryptionAlgorithm = mEncryptionAlgorithmList.split(",");
+                mNickname = scepConfig.getString("nickname", ca.getNickname());
+                if (mNickname.equals(ca.getNickname())) {
+                    mTokenName = ca.getSigningUnit().getTokenName();
+                } else {
+                    mTokenName = scepConfig.getString("tokenname", "");
+                    mUseCA = false;
+                }
+                if (!(mTokenName.equalsIgnoreCase(Constants.PR_INTERNAL_TOKEN) ||
+                        mTokenName.equalsIgnoreCase("Internal Key Storage Token") || mTokenName.length() == 0)) {
+                    int i = mNickname.indexOf(':');
+                    if (!((i > -1) && (mTokenName.length() == i) && (mNickname.startsWith(mTokenName)))) {
+                        mNickname = mTokenName + ":" + mNickname;
+                    }
+                }
+            }
+        } catch (EBaseException e) {
+            CMS.debug("CRSEnrollment: init: EBaseException: " + e);
+        }
+        mEncryptionAlgorithm = mConfiguredEncryptionAlgorithm;
+        CMS.debug("CRSEnrollment: init: SCEP support is " + ((mEnabled) ? "enabled" : "disabled") + ".");
+        CMS.debug("CRSEnrollment: init: SCEP nickname: " + mNickname);
+        CMS.debug("CRSEnrollment: init:   CA nickname: " + ca.getNickname());
+        CMS.debug("CRSEnrollment: init:    Token name: " + mTokenName);
+        CMS.debug("CRSEnrollment: init: Is SCEP using CA keys: " + mUseCA);
+        CMS.debug("CRSEnrollment: init: mNonceSizeLimit: " + mNonceSizeLimit);
+        CMS.debug("CRSEnrollment: init: mHashAlgorithm: " + mHashAlgorithm);
+        CMS.debug("CRSEnrollment: init: mHashAlgorithmList: " + mHashAlgorithmList);
+        for (int i = 0; i < mAllowedHashAlgorithm.length; i++) {
+            mAllowedHashAlgorithm[i] = mAllowedHashAlgorithm[i].trim();
+            CMS.debug("CRSEnrollment: init: mAllowedHashAlgorithm[" + i + "]=" + mAllowedHashAlgorithm[i]);
+        }
+        CMS.debug("CRSEnrollment: init: mEncryptionAlgorithm: " + mEncryptionAlgorithm);
+        CMS.debug("CRSEnrollment: init: mEncryptionAlgorithmList: " + mEncryptionAlgorithmList);
+        for (int i = 0; i < mAllowedEncryptionAlgorithm.length; i++) {
+            mAllowedEncryptionAlgorithm[i] = mAllowedEncryptionAlgorithm[i].trim();
+            CMS.debug("CRSEnrollment: init: mAllowedEncryptionAlgorithm[" + i + "]=" + mAllowedEncryptionAlgorithm[i]);
+        }
+
+        try {
+            mProfileSubsystem = (IProfileSubsystem) CMS.getSubsystem("profile");
+            mProfileId = sc.getInitParameter("profileId");
+            CMS.debug("CRSEnrollment: init: mProfileId=" + mProfileId);
+
+            mAuthSubsystem = (IAuthSubsystem) CMS.getSubsystem(CMS.SUBSYSTEM_AUTH);
+            mAuthManagerName = sc.getInitParameter(PROP_CRSAUTHMGR);
+            mAppendDN = sc.getInitParameter(PROP_APPENDDN);
+            String tmp = sc.getInitParameter(PROP_CREATEENTRY);
+            if (tmp != null && tmp.trim().equalsIgnoreCase("true"))
+                mCreateEntry = true;
+            else
+                mCreateEntry = false;
+            tmp = sc.getInitParameter(PROP_FLATTENDN);
+            if (tmp != null && tmp.trim().equalsIgnoreCase("true"))
+                mFlattenDN = true;
+            else
+                mFlattenDN = false;
+            mEntryObjectclass = sc.getInitParameter(PROP_ENTRYOC);
+            if (mEntryObjectclass == null)
+                mEntryObjectclass = "cep";
+            mSubstoreName = sc.getInitParameter(PROP_SUBSTORENAME);
+            if (mSubstoreName == null)
+                mSubstoreName = "default";
+        } catch (Exception e) {
+        }
+
+        OID_UNSTRUCTUREDNAME = X500NameAttrMap.getDefault().getOid("UNSTRUCTUREDNAME");
+        OID_UNSTRUCTUREDADDRESS = X500NameAttrMap.getDefault().getOid("UNSTRUCTUREDADDRESS");
+        OID_SERIALNUMBER = X500NameAttrMap.getDefault().getOid("SERIALNUMBER");
+
+        try {
+            mSHADigest = MessageDigest.getInstance("SHA1");
+        } catch (NoSuchAlgorithmException e) {
+        }
+
+        mRandom = new Random();
     }
-    catch (NoSuchAlgorithmException e) {
-      }
-
-      mRandom = new Random();
-  }
-
-
-  /**
-   *
-   * Service a CRS Request. It all starts here. This is where the message from the
-   * router is processed
-   *
-   * @param httpReq     The HttpServletRequest.
-   * @param httpResp    The HttpServletResponse.
-   *
-   */
-  public void service(HttpServletRequest httpReq,
+
+    /**
+     * 
+     * Service a CRS Request. It all starts here. This is where the message from
+     * the router is processed
+     * 
+     * @param httpReq The HttpServletRequest.
+     * @param httpResp The HttpServletResponse.
+     * 
+     */
+    public void service(HttpServletRequest httpReq,
                       HttpServletResponse httpResp)
-    throws ServletException
-    {
-		boolean running_state = CMS.isInRunningState();
-		if (!running_state)
-			throw new ServletException(
-				"CMS server is not ready to serve.");
+            throws ServletException {
+        boolean running_state = CMS.isInRunningState();
+        if (!running_state)
+            throw new ServletException(
+                    "CMS server is not ready to serve.");
 
         String operation = null;
-        String message   = null;
+        String message = null;
         mEncryptionAlgorithm = mConfiguredEncryptionAlgorithm;
-        
-      
+
         // Parse the URL from the HTTP Request. Split it up into
         // a structure which enables us to read the form elements
         IArgBlock input = CMS.createArgBlock(toHashtable(httpReq));
-        
-        try {            
+
+        try {
             // Read in two form parameters - the router sets these
-            operation = (String)input.get(URL_OPERATION);
+            operation = (String) input.get(URL_OPERATION);
             CMS.debug("operation=" + operation);
-            message   = (String)input.get(URL_MESSAGE);
+            message = (String) input.get(URL_MESSAGE);
             CMS.debug("message=" + message);
-            
+
             if (!mEnabled) {
                 CMS.debug("CRSEnrollment: SCEP support is disabled.");
                 throw new ServletException("SCEP support is disabled.");
@@ -366,55 +358,48 @@ protected IProfileSubsystem     mProfileSubsystem = null;
                 // 'operation' is mandatory.
                 throw new ServletException("Bad request: operation missing from URL");
             }
-            
-            /** 
-             *  the router can make two kinds of requests
-             *  1) simple request for CA cert
-             *  2) encoded, signed, enveloped request for anything else (PKIOperation)
+
+            /**
+             * the router can make two kinds of requests 1) simple request for
+             * CA cert 2) encoded, signed, enveloped request for anything else
+             * (PKIOperation)
              */
-            
+
             if (operation.equals(OP_GETCACERT)) {
-                handleGetCACert(httpReq, httpResp);  
-            }
-            else if (operation.equals(OP_PKIOPERATION)) {
-                String decodeMode   = (String)input.get("decode");
+                handleGetCACert(httpReq, httpResp);
+            } else if (operation.equals(OP_PKIOPERATION)) {
+                String decodeMode = (String) input.get("decode");
                 if (decodeMode == null || decodeMode.equals("false")) {
-                  handlePKIOperation(httpReq, httpResp, message);
+                    handlePKIOperation(httpReq, httpResp, message);
                 } else {
-                  decodePKIMessage(httpReq, httpResp, message);
+                    decodePKIMessage(httpReq, httpResp, message);
                 }
-            }
-            else {
+            } else {
                 CMS.debug("Invalid operation " + operation);
-                throw new ServletException("unknown operation requested: "+operation);
+                throw new ServletException("unknown operation requested: " + operation);
             }
-                    
-        }
-        catch (ServletException e)
-        {
+
+        } catch (ServletException e) {
             CMS.debug("ServletException " + e);
             throw new ServletException(e.getMessage().toString());
+        } catch (Exception e) {
+            CMS.debug("Service exception " + e);
+            log(ILogger.LL_FAILURE, e.getMessage());
         }
-        catch (Exception e)
-            {
-                CMS.debug("Service exception " + e);
-                log(ILogger.LL_FAILURE,e.getMessage());
-            }
-        
+
     }
 
     /**
-     *  Log a message to the system log
+     * Log a message to the system log
      */
 
-
     private void log(int level, String msg) {
-        
+
         mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER,
-                    level, "CEP Enrollment: "+msg);
+                    level, "CEP Enrollment: " + msg);
     }
 
-    private boolean isAlgorithmAllowed (String[] allowedAlgorithm, String algorithm) {
+    private boolean isAlgorithmAllowed(String[] allowedAlgorithm, String algorithm) {
         boolean allowed = false;
 
         if (algorithm != null && algorithm.length() > 0) {
@@ -429,7 +414,7 @@ protected IProfileSubsystem     mProfileSubsystem = null;
     }
 
     public IAuthToken authenticate(AuthCredentials credentials, IProfileAuthenticator authenticator,
-        HttpServletRequest request)  throws EBaseException {
+            HttpServletRequest request) throws EBaseException {
 
         // build credential
         Enumeration<String> authNames = authenticator.getValueNames();
@@ -445,314 +430,301 @@ protected IProfileSubsystem     mProfileSubsystem = null;
         credentials.set("clientHost", request.getRemoteHost());
         IAuthToken authToken = authenticator.authenticate(credentials);
         if (authToken == null) {
-          return null;
+            return null;
         }
         SessionContext sc = SessionContext.getContext();
         if (sc != null) {
-          sc.put(SessionContext.AUTH_MANAGER_ID, authenticator.getName());
-          String userid = authToken.getInString(IAuthToken.USER_ID);
-          if (userid != null) {
-            sc.put(SessionContext.USER_ID, userid);
-          }
+            sc.put(SessionContext.AUTH_MANAGER_ID, authenticator.getName());
+            String userid = authToken.getInString(IAuthToken.USER_ID);
+            if (userid != null) {
+                sc.put(SessionContext.USER_ID, userid);
+            }
         }
 
         return authToken;
     }
 
-  /**
-   *  Return the CA certificate back to the requestor.
-   *  This needs to be changed so that if the CA has a certificate chain,
-   *  the whole thing should get packaged as a PKIMessage (degnerate PKCS7 - no
-   *  signerInfo)
-   */
-    
-  public void handleGetCACert(HttpServletRequest httpReq,
-                              HttpServletResponse httpResp) 
-    throws ServletException {
-      java.security.cert.X509Certificate[]  chain = null;
-
-      CertificateChain certChain = mAuthority.getCACertChain();
-        
-      try {
-          if (certChain == null) {
-              throw new ServletException("Internal Error: cannot get CA Cert");
-          }
-
-          chain = certChain.getChain();
-        
-          byte[] bytes = null;
-		  
-          int i = 0;
-          String message   = (String)httpReq.getParameter(URL_MESSAGE);
-          CMS.debug("handleGetCACert message=" + message);
-          if (message != null) {
-            try {
-              int j = Integer.parseInt(message);
-              if (j < chain.length) {
-                i = j;
-              }
-            } catch (NumberFormatException e1) {
+    /**
+     * Return the CA certificate back to the requestor. This needs to be changed
+     * so that if the CA has a certificate chain, the whole thing should get
+     * packaged as a PKIMessage (degnerate PKCS7 - no signerInfo)
+     */
+
+    public void handleGetCACert(HttpServletRequest httpReq,
+                              HttpServletResponse httpResp)
+            throws ServletException {
+        java.security.cert.X509Certificate[] chain = null;
+
+        CertificateChain certChain = mAuthority.getCACertChain();
+
+        try {
+            if (certChain == null) {
+                throw new ServletException("Internal Error: cannot get CA Cert");
+            }
+
+            chain = certChain.getChain();
+
+            byte[] bytes = null;
+
+            int i = 0;
+            String message = (String) httpReq.getParameter(URL_MESSAGE);
+            CMS.debug("handleGetCACert message=" + message);
+            if (message != null) {
+                try {
+                    int j = Integer.parseInt(message);
+                    if (j < chain.length) {
+                        i = j;
+                    }
+                } catch (NumberFormatException e1) {
+                }
+            }
+            CMS.debug("handleGetCACert selected chain=" + i);
+
+            if (mUseCA) {
+                bytes = chain[i].getEncoded();
+            } else {
+                CryptoContext cx = new CryptoContext();
+                bytes = cx.getSigningCert().getEncoded();
             }
-          }
-          CMS.debug("handleGetCACert selected chain=" + i);
-
-          if (mUseCA) {
-              bytes = chain[i].getEncoded();
-          } else {
-              CryptoContext cx = new CryptoContext();
-              bytes = cx.getSigningCert().getEncoded();
-          }
-
-          httpResp.setContentType("application/x-x509-ca-cert");
-
-
-// The following code may be used one day to encode
-// the RA/CA cert chain for RA mode, but it will need some
-// work.
-
-  /******
-              SET certs  = new SET();
-              for (int i=0; i<chain.length; i++) {
-                  ANY cert   = new ANY(chain[i].getEncoded());
-                  certs.addElement(cert);
-              }
-
-              SignedData crsd  = new SignedData(
-                      new SET(),         // empty set of digestAlgorithmID's
-                      new ContentInfo(
-                      new OBJECT_IDENTIFIER(new long[] {1,2,840,113549,1,7,1}),
-                                             null), //empty content
-                      certs,
-                      null,     // no CRL's
-                      new SET() // empty SignerInfos
-                      );
-
-              ContentInfo wrap = new ContentInfo(ContentInfo.SIGNED_DATA, crsd);
-
-              ByteArrayOutputStream baos = new ByteArrayOutputStream();
-              wrap.encode(baos);
-
-              bytes = baos.toByteArray();
-
-              httpResp.setContentType("application/x-x509-ca-ra-cert");
-  *****/ 
-
-          httpResp.setContentLength(bytes.length);
-          httpResp.getOutputStream().write(bytes);
-          httpResp.getOutputStream().flush();
-
-          CMS.debug("Output certificate chain:");
-          CMS.debug(bytes);
-      }
-      catch (Exception e) {
-          CMS.debug("handleGetCACert exception " + e);
-          log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ERROR_SENDING_DER_ENCODE_CERT",e.getMessage()));
-          throw new ServletException("Failed sending DER encoded version of CA cert to client");
-      }
-
-  }
-    
-  public String getPasswordFromP10(PKCS10 p10) 
-  {
-     PKCS10Attributes p10atts = p10.getAttributes();
-     Enumeration<PKCS10Attribute> e = p10atts.getElements();
-              
-     try {
-       while (e.hasMoreElements()) {
-         PKCS10Attribute p10a = (PKCS10Attribute)e.nextElement();
-         CertAttrSet attr = p10a.getAttributeValue();
-
-         if (attr.getName().equals(ChallengePassword.NAME)) {
-           if (attr.get(ChallengePassword.PASSWORD) != null) {
-             return (String)attr.get(ChallengePassword.PASSWORD);
-           }
-         }
-       }
-     } catch(Exception e1) {
-       // do nothing
-     }
-     return null;
-  }
-
-  /**
-   *  If the 'operation' is 'PKIOperation', the 'message' part of the URL is a
-   *  PKIMessage structure. We decode it to see what type message it is.
-   */
-
-  /**
-   * Decodes the PKI message and return information to RA.
-   */
-  public void decodePKIMessage(HttpServletRequest httpReq,
+
+            httpResp.setContentType("application/x-x509-ca-cert");
+
+            // The following code may be used one day to encode
+            // the RA/CA cert chain for RA mode, but it will need some
+            // work.
+
+            /******
+             * SET certs = new SET(); for (int i=0; i<chain.length; i++) { ANY
+             * cert = new ANY(chain[i].getEncoded()); certs.addElement(cert); }
+             * 
+             * SignedData crsd = new SignedData( new SET(), // empty set of
+             * digestAlgorithmID's new ContentInfo( new OBJECT_IDENTIFIER(new
+             * long[] {1,2,840,113549,1,7,1}), null), //empty content certs,
+             * null, // no CRL's new SET() // empty SignerInfos );
+             * 
+             * ContentInfo wrap = new ContentInfo(ContentInfo.SIGNED_DATA,
+             * crsd);
+             * 
+             * ByteArrayOutputStream baos = new ByteArrayOutputStream();
+             * wrap.encode(baos);
+             * 
+             * bytes = baos.toByteArray();
+             * 
+             * httpResp.setContentType("application/x-x509-ca-ra-cert");
+             *****/
+
+            httpResp.setContentLength(bytes.length);
+            httpResp.getOutputStream().write(bytes);
+            httpResp.getOutputStream().flush();
+
+            CMS.debug("Output certificate chain:");
+            CMS.debug(bytes);
+        } catch (Exception e) {
+            CMS.debug("handleGetCACert exception " + e);
+            log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ERROR_SENDING_DER_ENCODE_CERT", e.getMessage()));
+            throw new ServletException("Failed sending DER encoded version of CA cert to client");
+        }
+
+    }
+
+    public String getPasswordFromP10(PKCS10 p10) {
+        PKCS10Attributes p10atts = p10.getAttributes();
+        Enumeration<PKCS10Attribute> e = p10atts.getElements();
+
+        try {
+            while (e.hasMoreElements()) {
+                PKCS10Attribute p10a = (PKCS10Attribute) e.nextElement();
+                CertAttrSet attr = p10a.getAttributeValue();
+
+                if (attr.getName().equals(ChallengePassword.NAME)) {
+                    if (attr.get(ChallengePassword.PASSWORD) != null) {
+                        return (String) attr.get(ChallengePassword.PASSWORD);
+                    }
+                }
+            }
+        } catch (Exception e1) {
+            // do nothing
+        }
+        return null;
+    }
+
+    /**
+     * If the 'operation' is 'PKIOperation', the 'message' part of the URL is a
+     * PKIMessage structure. We decode it to see what type message it is.
+     */
+
+    /**
+     * Decodes the PKI message and return information to RA.
+     */
+    public void decodePKIMessage(HttpServletRequest httpReq,
                                  HttpServletResponse httpResp,
                                  String msg)
-    throws ServletException {
-
-      CryptoContext cx=null;
-
-      CRSPKIMessage req=null;
-        
-      byte[] decodedPKIMessage;
-      byte[] response=null;
-      String responseData = "";
-        
-      decodedPKIMessage = com.netscape.osutil.OSUtil.AtoB(msg);
-            
-      try {
-          ByteArrayInputStream is = new ByteArrayInputStream(decodedPKIMessage);
-
-          // We make two CRSPKIMessages. One of them, is the request, so we initialize
-          // it from the DER given to us from the router.
-          // The second is the response, and we'll fill this in as we go.
-
-          if (decodedPKIMessage.length < 50) {
-		  	throw new ServletException("CRS request is too small to be a real request ("+
-				decodedPKIMessage.length+" bytes)");
-			}
-		  try {
-          	req = new CRSPKIMessage(is);
-          	String ea = req.getEncryptionAlgorithm();
-            if (!isAlgorithmAllowed (mAllowedEncryptionAlgorithm, ea)) {
-                CMS.debug("CRSEnrollment: decodePKIMessage:  Encryption algorithm '"+ea+
-                          "' is not allowed ("+mEncryptionAlgorithmList+").");
-                throw new ServletException("Encryption algorithm '"+ea+
-                                           "' is not allowed ("+mEncryptionAlgorithmList+").");
+            throws ServletException {
+
+        CryptoContext cx = null;
+
+        CRSPKIMessage req = null;
+
+        byte[] decodedPKIMessage;
+        byte[] response = null;
+        String responseData = "";
+
+        decodedPKIMessage = com.netscape.osutil.OSUtil.AtoB(msg);
+
+        try {
+            ByteArrayInputStream is = new ByteArrayInputStream(decodedPKIMessage);
+
+            // We make two CRSPKIMessages. One of them, is the request, so we
+            // initialize
+            // it from the DER given to us from the router.
+            // The second is the response, and we'll fill this in as we go.
+
+            if (decodedPKIMessage.length < 50) {
+                throw new ServletException("CRS request is too small to be a real request (" +
+                        decodedPKIMessage.length + " bytes)");
+            }
+            try {
+                req = new CRSPKIMessage(is);
+                String ea = req.getEncryptionAlgorithm();
+                if (!isAlgorithmAllowed(mAllowedEncryptionAlgorithm, ea)) {
+                    CMS.debug("CRSEnrollment: decodePKIMessage:  Encryption algorithm '" + ea +
+                            "' is not allowed (" + mEncryptionAlgorithmList + ").");
+                    throw new ServletException("Encryption algorithm '" + ea +
+                                           "' is not allowed (" + mEncryptionAlgorithmList + ").");
+                }
+                String da = req.getDigestAlgorithmName();
+                if (!isAlgorithmAllowed(mAllowedHashAlgorithm, da)) {
+                    CMS.debug("CRSEnrollment: decodePKIMessage:  Hashing algorithm '" + da +
+                            "' is not allowed (" + mHashAlgorithmList + ").");
+                    throw new ServletException("Hashing algorithm '" + da +
+                                           "' is not allowed (" + mHashAlgorithmList + ").");
+                }
+                if (ea != null) {
+                    mEncryptionAlgorithm = ea;
+                }
+            } catch (Exception e) {
+                CMS.debug(e);
+                throw new ServletException("Could not decode the request.");
             }
-          	String da = req.getDigestAlgorithmName();
-            if (!isAlgorithmAllowed (mAllowedHashAlgorithm, da)) {
-                CMS.debug("CRSEnrollment: decodePKIMessage:  Hashing algorithm '"+da+
-                          "' is not allowed ("+mHashAlgorithmList+").");
-                throw new ServletException("Hashing algorithm '"+da+
-                                           "' is not allowed ("+mHashAlgorithmList+").");
+
+            // Create a new crypto context for doing all the crypto operations
+            cx = new CryptoContext();
+
+            // Verify Signature on message (throws exception if sig bad)
+            verifyRequest(req, cx);
+            unwrapPKCS10(req, cx);
+
+            IProfile profile = mProfileSubsystem.getProfile(mProfileId);
+            if (profile == null) {
+                CMS.debug("Profile '" + mProfileId + "' not found.");
+                throw new ServletException("Profile '" + mProfileId + "' not found.");
+            } else {
+                CMS.debug("Found profile '" + mProfileId + "'.");
             }
-          	if (ea != null) {
-          	    mEncryptionAlgorithm = ea;
-          	}
-		  }
-		  catch (Exception e) {
-            CMS.debug(e);
-		  	throw new ServletException("Could not decode the request.");
-		  }
-                
-          // Create a new crypto context for doing all the crypto operations
-          cx = new CryptoContext();
-
-          // Verify Signature on message (throws exception if sig bad)
-          verifyRequest(req,cx);
-          unwrapPKCS10(req,cx);
-
-          IProfile profile = mProfileSubsystem.getProfile(mProfileId);
-          if (profile == null) {
-              CMS.debug("Profile '" + mProfileId + "' not found.");
-              throw new ServletException("Profile '" + mProfileId + "' not found.");
-          } else {
-              CMS.debug("Found profile '" + mProfileId + "'.");
-          }
-
-          IProfileAuthenticator authenticator = null;
-          try {
-              CMS.debug("Retrieving authenticator");
-              authenticator = profile.getAuthenticator();
-              if (authenticator == null) {
-                  CMS.debug("Authenticator not found.");
-                  throw new ServletException("Authenticator not found.");
-              } else {
-                  CMS.debug("Got authenticator=" + authenticator.getClass().getName());
-              }
-          } catch (EProfileException e) {
-              throw new ServletException("Authenticator not found.");
-          }
-          AuthCredentials credentials = new AuthCredentials();
-          IAuthToken authToken = null;
-          // for ssl authentication; pass in servlet for retrieving
-          // ssl client certificates
-          SessionContext context = SessionContext.getContext();
-
-          // insert profile context so that input parameter can be retrieved
-          context.put("sslClientCertProvider", new SSLClientCertProvider(httpReq));
-
-          try {
-              authToken = authenticate(credentials, authenticator, httpReq);
-          } catch (Exception e) {
-              CMS.debug("Authentication failure: "+ e.getMessage());
-              throw new ServletException("Authentication failure: "+ e.getMessage());
-          }
-          if (authToken == null) {
-              CMS.debug("Authentication failure.");
-              throw new ServletException("Authentication failure.");
-          }
-
-          // Deal with Transaction ID
-          String transactionID = req.getTransactionID();
-          responseData = responseData + 
-              "<TransactionID>" + transactionID + "</TransactionID>";
-
-          // End-User or RA's IP address
-          responseData = responseData + 
-              "<RemoteAddr>" + httpReq.getRemoteAddr() + "</RemoteAddr>";
-
-          responseData = responseData + 
-              "<RemoteHost>" + httpReq.getRemoteHost() + "</RemoteHost>";
-                
-          // Deal with Nonces
-          byte[] sn = req.getSenderNonce();
-                
-          // Deal with message type
-          String mt = req.getMessageType();
-          responseData = responseData + 
-              "<MessageType>" + mt + "</MessageType>";
-
-          PKCS10 p10 = (PKCS10)req.getP10();
-          X500Name p10subject      = p10.getSubjectName();
-          responseData = responseData + 
-              "<SubjectName>" + p10subject.toString() + "</SubjectName>";
-
-          String pkcs10Attr = "";
-              PKCS10Attributes p10atts = p10.getAttributes();
-              Enumeration<PKCS10Attribute> e = p10atts.getElements();
-              
-              while (e.hasMoreElements()) {
-                  PKCS10Attribute p10a = (PKCS10Attribute)e.nextElement();
-                  CertAttrSet attr = p10a.getAttributeValue();
-
-
-                  if (attr.getName().equals(ChallengePassword.NAME)) {
-					  if (attr.get(ChallengePassword.PASSWORD) != null) {
-                                pkcs10Attr = pkcs10Attr + 
-                                         "<ChallengePassword><Password>" + (String)attr.get(ChallengePassword.PASSWORD) + "</Password></ChallengePassword>";
-                      }
-                  
-                  }
-                  String extensionsStr = "";
-                  if (attr.getName().equals(ExtensionsRequested.NAME)) {
-
-					Enumeration<Extension> exts = ((ExtensionsRequested)attr).getExtensions().elements();
-					while (exts.hasMoreElements()) {
-						Extension ext =  exts.nextElement();
-
-						if (ext.getExtensionId().equals(
-							OIDMap.getOID(SubjectAlternativeNameExtension.IDENT)) ) {
-							DerOutputStream dos = new DerOutputStream();
-							SubjectAlternativeNameExtension sane = new SubjectAlternativeNameExtension(
-									Boolean.valueOf(false),  // noncritical
-									ext.getExtensionValue());
-
-								
-							@SuppressWarnings("unchecked")
-							Vector<GeneralNameInterface> v = 
-                              (Vector<GeneralNameInterface>) sane.get(SubjectAlternativeNameExtension. SUBJECT_NAME);
-
-							Enumeration<GeneralNameInterface> gne = v.elements();
+
+            IProfileAuthenticator authenticator = null;
+            try {
+                CMS.debug("Retrieving authenticator");
+                authenticator = profile.getAuthenticator();
+                if (authenticator == null) {
+                    CMS.debug("Authenticator not found.");
+                    throw new ServletException("Authenticator not found.");
+                } else {
+                    CMS.debug("Got authenticator=" + authenticator.getClass().getName());
+                }
+            } catch (EProfileException e) {
+                throw new ServletException("Authenticator not found.");
+            }
+            AuthCredentials credentials = new AuthCredentials();
+            IAuthToken authToken = null;
+            // for ssl authentication; pass in servlet for retrieving
+            // ssl client certificates
+            SessionContext context = SessionContext.getContext();
+
+            // insert profile context so that input parameter can be retrieved
+            context.put("sslClientCertProvider", new SSLClientCertProvider(httpReq));
+
+            try {
+                authToken = authenticate(credentials, authenticator, httpReq);
+            } catch (Exception e) {
+                CMS.debug("Authentication failure: " + e.getMessage());
+                throw new ServletException("Authentication failure: " + e.getMessage());
+            }
+            if (authToken == null) {
+                CMS.debug("Authentication failure.");
+                throw new ServletException("Authentication failure.");
+            }
+
+            // Deal with Transaction ID
+            String transactionID = req.getTransactionID();
+            responseData = responseData +
+                    "<TransactionID>" + transactionID + "</TransactionID>";
+
+            // End-User or RA's IP address
+            responseData = responseData +
+                    "<RemoteAddr>" + httpReq.getRemoteAddr() + "</RemoteAddr>";
+
+            responseData = responseData +
+                    "<RemoteHost>" + httpReq.getRemoteHost() + "</RemoteHost>";
+
+            // Deal with Nonces
+            byte[] sn = req.getSenderNonce();
+
+            // Deal with message type
+            String mt = req.getMessageType();
+            responseData = responseData +
+                    "<MessageType>" + mt + "</MessageType>";
+
+            PKCS10 p10 = (PKCS10) req.getP10();
+            X500Name p10subject = p10.getSubjectName();
+            responseData = responseData +
+                    "<SubjectName>" + p10subject.toString() + "</SubjectName>";
+
+            String pkcs10Attr = "";
+            PKCS10Attributes p10atts = p10.getAttributes();
+            Enumeration<PKCS10Attribute> e = p10atts.getElements();
+
+            while (e.hasMoreElements()) {
+                PKCS10Attribute p10a = (PKCS10Attribute) e.nextElement();
+                CertAttrSet attr = p10a.getAttributeValue();
+
+                if (attr.getName().equals(ChallengePassword.NAME)) {
+                    if (attr.get(ChallengePassword.PASSWORD) != null) {
+                        pkcs10Attr = pkcs10Attr +
+                                         "<ChallengePassword><Password>" + (String) attr.get(ChallengePassword.PASSWORD) + "</Password></ChallengePassword>";
+                    }
+
+                }
+                String extensionsStr = "";
+                if (attr.getName().equals(ExtensionsRequested.NAME)) {
+
+                    Enumeration<Extension> exts = ((ExtensionsRequested) attr).getExtensions().elements();
+                    while (exts.hasMoreElements()) {
+                        Extension ext = exts.nextElement();
+
+                        if (ext.getExtensionId().equals(
+                                OIDMap.getOID(SubjectAlternativeNameExtension.IDENT))) {
+                            DerOutputStream dos = new DerOutputStream();
+                            SubjectAlternativeNameExtension sane = new SubjectAlternativeNameExtension(
+                                    Boolean.valueOf(false), // noncritical
+                                    ext.getExtensionValue());
+
+                            @SuppressWarnings("unchecked")
+                            Vector<GeneralNameInterface> v =
+                                    (Vector<GeneralNameInterface>) sane.get(SubjectAlternativeNameExtension.SUBJECT_NAME);
+
+                            Enumeration<GeneralNameInterface> gne = v.elements();
 
                             StringBuffer subjAltNameStr = new StringBuffer();
-							while (gne.hasMoreElements()) {
-								GeneralNameInterface gni =  gne.nextElement();
-								if (gni instanceof GeneralName) {
-									GeneralName genName = (GeneralName) gni;
+                            while (gne.hasMoreElements()) {
+                                GeneralNameInterface gni = gne.nextElement();
+                                if (gni instanceof GeneralName) {
+                                    GeneralName genName = (GeneralName) gni;
 
-									String gn = genName.toString();
-									int colon = gn.indexOf(':');
-									String gnType = gn.substring(0,colon).trim();
-									String gnValue = gn.substring(colon+1).trim();
+                                    String gn = genName.toString();
+                                    int colon = gn.indexOf(':');
+                                    String gnType = gn.substring(0, colon).trim();
+                                    String gnValue = gn.substring(colon + 1).trim();
 
                                     subjAltNameStr.append("<");
                                     subjAltNameStr.append(gnType);
@@ -761,1453 +733,1398 @@ protected IProfileSubsystem     mProfileSubsystem = null;
                                     subjAltNameStr.append("</");
                                     subjAltNameStr.append(gnType);
                                     subjAltNameStr.append(">");
-								}
-							} // while
+                                }
+                            } // while
                             extensionsStr = "<SubjAltName>" +
-                                 subjAltNameStr.toString() + "</SubjAltName>";
-						} // if
-					} // while
-                    pkcs10Attr = pkcs10Attr + 
+                                    subjAltNameStr.toString() + "</SubjAltName>";
+                        } // if
+                    } // while
+                    pkcs10Attr = pkcs10Attr +
                                          "<Extensions>" + extensionsStr + "</Extensions>";
-				} // if extensions
-              } // while
-          responseData = responseData + 
-              "<PKCS10>" + pkcs10Attr + "</PKCS10>";
-
-      } catch (ServletException e) {
-          throw new ServletException(e.getMessage().toString());
-      } catch (CRSInvalidSignatureException e) {
-          CMS.debug("handlePKIMessage exception " + e);
-          CMS.debug(e);
-      } catch (Exception e) {
-          CMS.debug("handlePKIMessage exception " + e);
-          CMS.debug(e);
-          throw new ServletException("Failed to process message in CEP servlet: "+ e.getMessage());
-      }
-
-      // We have now processed the request, and need to make the response message
-      
-      try {   
-
-          responseData = "<XMLResponse>" + responseData + "</XMLResponse>";
-          // Get the response coding
-          response = responseData.getBytes();
-            
-          // Encode the httpResp into B64
-          httpResp.setContentType("application/xml");
-          httpResp.setContentLength(response.length);
-          httpResp.getOutputStream().write(response);
-          httpResp.getOutputStream().flush();
-
-          int i1 = responseData.indexOf("<Password>");
-          if (i1 > -1) {
-              i1 += 10; // 10 is a length of "<Password>"
-              int i2 = responseData.indexOf("</Password>", i1);
-              if (i2 > -1) {
-                  responseData = responseData.substring(0, i1) + "********" +
+                } // if extensions
+            } // while
+            responseData = responseData +
+                    "<PKCS10>" + pkcs10Attr + "</PKCS10>";
+
+        } catch (ServletException e) {
+            throw new ServletException(e.getMessage().toString());
+        } catch (CRSInvalidSignatureException e) {
+            CMS.debug("handlePKIMessage exception " + e);
+            CMS.debug(e);
+        } catch (Exception e) {
+            CMS.debug("handlePKIMessage exception " + e);
+            CMS.debug(e);
+            throw new ServletException("Failed to process message in CEP servlet: " + e.getMessage());
+        }
+
+        // We have now processed the request, and need to make the response
+        // message
+
+        try {
+
+            responseData = "<XMLResponse>" + responseData + "</XMLResponse>";
+            // Get the response coding
+            response = responseData.getBytes();
+
+            // Encode the httpResp into B64
+            httpResp.setContentType("application/xml");
+            httpResp.setContentLength(response.length);
+            httpResp.getOutputStream().write(response);
+            httpResp.getOutputStream().flush();
+
+            int i1 = responseData.indexOf("<Password>");
+            if (i1 > -1) {
+                i1 += 10; // 10 is a length of "<Password>"
+                int i2 = responseData.indexOf("</Password>", i1);
+                if (i2 > -1) {
+                    responseData = responseData.substring(0, i1) + "********" +
                                  responseData.substring(i2, responseData.length());
-              }
-          }
-
-          CMS.debug("Output (decoding) PKIOperation response:");
-          CMS.debug(responseData);
-      }
-      catch (Exception e) {
-          throw new ServletException("Failed to create response for CEP message"+e.getMessage());
-      }
-
-  }
-    
-  
-  /**
-   *   finds a request with this transaction ID.
-   *   If could not find any request - return null
-   *   If could only find 'rejected' or 'cancelled' requests, return null
-   *   If found 'pending' or 'completed' request - return that request
-   */
-    
-    
-  public void handlePKIOperation(HttpServletRequest httpReq,
+                }
+            }
+
+            CMS.debug("Output (decoding) PKIOperation response:");
+            CMS.debug(responseData);
+        } catch (Exception e) {
+            throw new ServletException("Failed to create response for CEP message" + e.getMessage());
+        }
+
+    }
+
+    /**
+     * finds a request with this transaction ID. If could not find any request -
+     * return null If could only find 'rejected' or 'cancelled' requests, return
+     * null If found 'pending' or 'completed' request - return that request
+     */
+
+    public void handlePKIOperation(HttpServletRequest httpReq,
                                  HttpServletResponse httpResp,
                                  String msg)
-    throws ServletException {
-
-
-      CryptoContext cx=null;
-
-      CRSPKIMessage req=null;
-      CRSPKIMessage crsResp=null;
-        
-      byte[] decodedPKIMessage;
-      byte[] response=null;
-      X509CertImpl cert = null;
-        
-      decodedPKIMessage = com.netscape.osutil.OSUtil.AtoB(msg);
-            
-      try {
-          ByteArrayInputStream is = new ByteArrayInputStream(decodedPKIMessage);
-
-          // We make two CRSPKIMessages. One of them, is the request, so we initialize
-          // it from the DER given to us from the router.
-          // The second is the response, and we'll fill this in as we go.
-
-          if (decodedPKIMessage.length < 50) {
-		  	throw new ServletException("CRS request is too small to be a real request ("+
-				decodedPKIMessage.length+" bytes)");
-			}
-		  try {
-          	req = new CRSPKIMessage(is);
-          	String ea = req.getEncryptionAlgorithm();
-            if (!isAlgorithmAllowed (mAllowedEncryptionAlgorithm, ea)) {
-                CMS.debug("CRSEnrollment: handlePKIOperation:  Encryption algorithm '"+ea+
-                          "' is not allowed ("+mEncryptionAlgorithmList+").");
-                throw new ServletException("Encryption algorithm '"+ea+
-                                           "' is not allowed ("+mEncryptionAlgorithmList+").");
+            throws ServletException {
+
+        CryptoContext cx = null;
+
+        CRSPKIMessage req = null;
+        CRSPKIMessage crsResp = null;
+
+        byte[] decodedPKIMessage;
+        byte[] response = null;
+        X509CertImpl cert = null;
+
+        decodedPKIMessage = com.netscape.osutil.OSUtil.AtoB(msg);
+
+        try {
+            ByteArrayInputStream is = new ByteArrayInputStream(decodedPKIMessage);
+
+            // We make two CRSPKIMessages. One of them, is the request, so we
+            // initialize
+            // it from the DER given to us from the router.
+            // The second is the response, and we'll fill this in as we go.
+
+            if (decodedPKIMessage.length < 50) {
+                throw new ServletException("CRS request is too small to be a real request (" +
+                        decodedPKIMessage.length + " bytes)");
+            }
+            try {
+                req = new CRSPKIMessage(is);
+                String ea = req.getEncryptionAlgorithm();
+                if (!isAlgorithmAllowed(mAllowedEncryptionAlgorithm, ea)) {
+                    CMS.debug("CRSEnrollment: handlePKIOperation:  Encryption algorithm '" + ea +
+                            "' is not allowed (" + mEncryptionAlgorithmList + ").");
+                    throw new ServletException("Encryption algorithm '" + ea +
+                                           "' is not allowed (" + mEncryptionAlgorithmList + ").");
+                }
+                String da = req.getDigestAlgorithmName();
+                if (!isAlgorithmAllowed(mAllowedHashAlgorithm, da)) {
+                    CMS.debug("CRSEnrollment: handlePKIOperation:  Hashing algorithm '" + da +
+                            "' is not allowed (" + mHashAlgorithmList + ").");
+                    throw new ServletException("Hashing algorithm '" + da +
+                                           "' is not allowed (" + mHashAlgorithmList + ").");
+                }
+                if (ea != null) {
+                    mEncryptionAlgorithm = ea;
+                }
+                crsResp = new CRSPKIMessage();
+            } catch (ServletException e) {
+                throw new ServletException(e.getMessage().toString());
+            } catch (Exception e) {
+                CMS.debug(e);
+                throw new ServletException("Could not decode the request.");
+            }
+            crsResp.setMessageType(CRSPKIMessage.mType_CertRep);
+
+            // Create a new crypto context for doing all the crypto operations
+            cx = new CryptoContext();
+
+            // Verify Signature on message (throws exception if sig bad)
+            verifyRequest(req, cx);
+
+            // Deal with Transaction ID
+            String transactionID = req.getTransactionID();
+            if (transactionID == null) {
+                throw new ServletException("Error: malformed PKIMessage - missing transactionID");
+            } else {
+                crsResp.setTransactionID(transactionID);
+            }
+
+            // Deal with Nonces
+            byte[] sn = req.getSenderNonce();
+            if (sn == null) {
+                throw new ServletException("Error: malformed PKIMessage - missing sendernonce");
+            } else {
+                if (mNonceSizeLimit > 0 && sn.length > mNonceSizeLimit) {
+                    byte[] snLimited = (mNonceSizeLimit > 0) ? new byte[mNonceSizeLimit] : null;
+                    System.arraycopy(sn, 0, snLimited, 0, mNonceSizeLimit);
+                    crsResp.setRecipientNonce(snLimited);
+                } else {
+                    crsResp.setRecipientNonce(sn);
+                }
+                byte[] serverNonce = new byte[16];
+                mRandom.nextBytes(serverNonce);
+                crsResp.setSenderNonce(serverNonce);
+                // crsResp.setSenderNonce(new byte[] {0});
             }
-          	String da = req.getDigestAlgorithmName();
-            if (!isAlgorithmAllowed (mAllowedHashAlgorithm, da)) {
-                CMS.debug("CRSEnrollment: handlePKIOperation:  Hashing algorithm '"+da+
-                          "' is not allowed ("+mHashAlgorithmList+").");
-                throw new ServletException("Hashing algorithm '"+da+
-                                           "' is not allowed ("+mHashAlgorithmList+").");
+
+            // Deal with message type
+            String mt = req.getMessageType();
+            if (mt == null) {
+                throw new ServletException("Error: malformed PKIMessage - missing messageType");
             }
-          	if (ea != null) {
-          	    mEncryptionAlgorithm = ea;
-          	}
-          	crsResp = new CRSPKIMessage();
-		  }
-          catch (ServletException e) {
-              throw new ServletException(e.getMessage().toString());
-          }
-		  catch (Exception e) {
+
+            // now run appropriate code, depending on message type
+            if (mt.equals(CRSPKIMessage.mType_PKCSReq)) {
+                CMS.debug("Processing PKCSReq");
+                try {
+                    // Check if there is an existing request. If this returns
+                    // non-null,
+                    // then the request is 'active' (either pending or
+                    // completed) in
+                    // which case, we compare the hash of the new request to the
+                    // hash of the
+                    // one in the queue - if they are the same, I return the
+                    // state of the
+                    // original request - as if it was 'getCertInitial' message.
+                    // If the hashes are different, then the user attempted to
+                    // enroll
+                    // for a new request with the same txid, which is not
+                    // allowed -
+                    // so we return 'failure'.
+
+                    IRequest cmsRequest = findRequestByTransactionID(req.getTransactionID(), true);
+
+                    // If there was no request (with a cert) with this
+                    // transaction ID,
+                    // process it as a new request
+
+                    cert = handlePKCSReq(httpReq, cmsRequest, req, crsResp, cx);
+
+                } catch (CRSFailureException e) {
+                    throw new ServletException("Couldn't handle CEP request (PKCSReq) - " + e.getMessage());
+                }
+            } else if (mt.equals(CRSPKIMessage.mType_GetCertInitial)) {
+                CMS.debug("Processing GetCertInitial");
+                cert = handleGetCertInitial(req, crsResp);
+            } else {
+                CMS.debug("Invalid request type " + mt);
+            }
+        } catch (ServletException e) {
+            throw new ServletException(e.getMessage().toString());
+        } catch (CRSInvalidSignatureException e) {
+            CMS.debug("handlePKIMessage exception " + e);
+            CMS.debug(e);
+            crsResp.setFailInfo(CRSPKIMessage.mFailInfo_badMessageCheck);
+        } catch (Exception e) {
+            CMS.debug("handlePKIMessage exception " + e);
             CMS.debug(e);
-		  	throw new ServletException("Could not decode the request.");
-		  }
-		  crsResp.setMessageType(CRSPKIMessage.mType_CertRep);
-                
-          // Create a new crypto context for doing all the crypto operations
-          cx = new CryptoContext();
-
-          // Verify Signature on message (throws exception if sig bad)
-          verifyRequest(req,cx);
-                
-          // Deal with Transaction ID
-          String transactionID = req.getTransactionID();
-          if (transactionID == null) {
-              throw new ServletException("Error: malformed PKIMessage - missing transactionID");
-          }
-          else {
-              crsResp.setTransactionID(transactionID);
-          }
-                
-          // Deal with Nonces
-          byte[] sn = req.getSenderNonce();
-          if (sn == null) {
-              throw new ServletException("Error: malformed PKIMessage - missing sendernonce");
-          }
-          else {
-              if (mNonceSizeLimit > 0 && sn.length > mNonceSizeLimit) {
-                  byte[] snLimited = (mNonceSizeLimit > 0)? new byte[mNonceSizeLimit]: null;
-                  System.arraycopy(sn, 0, snLimited, 0, mNonceSizeLimit);
-                  crsResp.setRecipientNonce(snLimited);
-              } else {
-                  crsResp.setRecipientNonce(sn);
-              }
-              byte[] serverNonce = new byte[16];
-              mRandom.nextBytes(serverNonce);
-              crsResp.setSenderNonce(serverNonce);
-              // crsResp.setSenderNonce(new byte[] {0});
-          }
-                
-          // Deal with message type
-          String mt = req.getMessageType();
-          if (mt == null) {
-              throw new ServletException("Error: malformed PKIMessage - missing messageType");
-          }
-
-          // now run appropriate code, depending on message type
-          if (mt.equals(CRSPKIMessage.mType_PKCSReq)) {
-              CMS.debug("Processing PKCSReq");
-              try {
-                // Check if there is an existing request. If this returns non-null,
-				// then the request is 'active' (either pending or completed) in 
-				// which case, we compare the hash of the new request to the hash of the
-                // one in the queue - if they are the same, I return the state of the 
-                // original request - as if it was 'getCertInitial' message.
-                // If the hashes are different, then the user attempted to enroll
-                // for a new request with the same txid, which is not allowed - 
-                // so we return 'failure'.
-
-				IRequest cmsRequest= findRequestByTransactionID(req.getTransactionID(),true);
-
-                // If there was no request (with a cert) with this transaction ID, 
-                // process it as a new request
-
-                cert = handlePKCSReq(httpReq, cmsRequest,req,crsResp,cx);
-                
-              }
-              catch (CRSFailureException e) {
-                  throw new ServletException("Couldn't handle CEP request (PKCSReq) - "+e.getMessage());
-              }
-          }
-          else if (mt.equals(CRSPKIMessage.mType_GetCertInitial)) {
-              CMS.debug("Processing GetCertInitial");
-              cert = handleGetCertInitial(req,crsResp);
-          } else {
-              CMS.debug("Invalid request type " + mt);
-          }
-      }
-      catch (ServletException e) {
-          throw new ServletException(e.getMessage().toString());
-      }
-      catch (CRSInvalidSignatureException e) {
-          CMS.debug("handlePKIMessage exception " + e);
-          CMS.debug(e);
-          crsResp.setFailInfo(CRSPKIMessage.mFailInfo_badMessageCheck);
-      }
-      catch (Exception e) {
-          CMS.debug("handlePKIMessage exception " + e);
-          CMS.debug(e);
-          throw new ServletException("Failed to process message in CEP servlet: "+ e.getMessage());
-      }
-
-      // We have now processed the request, and need to make the response message
-      
-      try {   
-          // make the response
-          processCertRep(cx, cert,crsResp, req);
-
-          // Get the response coding
-          response = crsResp.getResponse();
-            
-          // Encode the crsResp into B64
-          httpResp.setContentType("application/x-pki-message");
-          httpResp.setContentLength(response.length);
-          httpResp.getOutputStream().write(response);
-          httpResp.getOutputStream().flush();
-
-          CMS.debug("Output PKIOperation response:");
-          CMS.debug(CMS.BtoA(response));
-      }
-      catch (Exception e) {
-          throw new ServletException("Failed to create response for CEP message"+e.getMessage());
-      }
-
-  }
-    
-  
-  /**
-   *   finds a request with this transaction ID.
-   *   If could not find any request - return null
-   *   If could only find 'rejected' or 'cancelled' requests, return null
-   *   If found 'pending' or 'completed' request - return that request
-   */
-    
-  public IRequest findRequestByTransactionID(String txid, boolean ignoreRejected)
-    throws EBaseException {
-
-      /* Check if certificate request has been completed */
-        
-      IRequestQueue rq  = ca.getRequestQueue();
-      IRequest foundRequest = null;
-
-      Enumeration<RequestId> rids    = rq.findRequestsBySourceId(txid);
-	  if (rids == null) { return null; }
-
-      int count=0;
-      while (rids.hasMoreElements()) {
-			RequestId rid =  rids.nextElement();
-			if (rid == null) {
-				continue;
-			}
-			
-      		IRequest request = rq.findRequest(rid);
-			if (request == null) {
-				continue;
-			}
-			if ( !ignoreRejected || 
-				request.getRequestStatus().equals(RequestStatus.PENDING) ||
-			    request.getRequestStatus().equals(RequestStatus.COMPLETE)) {
-				if (foundRequest != null) {
-				}
-			foundRequest = request;
-			}
-		}
-	 return foundRequest;
-  }
-    
-  /** 
-   *  Called if the router is requesting us to send it its certificate
-   *  Examine request queue for a request matching the transaction ID.
-   *  Ignore any rejected or cancelled requests.
-   *
-   *  If a request is found in the pending state, the response should be
-   *  'pending'
-   *
-   *  If a request is found in the completed state, the response should be
-   *  to return the certificate
-   *
-   *  If no request is found, the response should be to return null
-   *
-   */
-
-  public X509CertImpl handleGetCertInitial(CRSPKIMessage req,CRSPKIMessage resp) 
-  {
-      IRequest foundRequest=null;
-
-      // already done by handlePKIOperation
-      // resp.setRecipientNonce(req.getSenderNonce());
-      // resp.setSenderNonce(null);
-
-	  try {
-	  	foundRequest = findRequestByTransactionID(req.getTransactionID(),false);
-	  } catch (EBaseException e) {
-      }
-
-	  if (foundRequest == null) {
-	  	resp.setFailInfo(CRSPKIMessage.mFailInfo_badCertId);
-	  	resp.setPKIStatus(CRSPKIMessage.mStatus_FAILURE);
-		return null;
-	  }
-
-      return makeResponseFromRequest(req,resp,foundRequest);
-  }
-
-
-  public void verifyRequest(CRSPKIMessage req, CryptoContext cx)     
-    throws  CRSInvalidSignatureException {
-
-      // Get Signed Data
-      
-      byte[] reqAAbytes = req.getAA();
-      byte[] reqAAsig = req.getAADigest();
-        
-  }
-
-
-  /**
-   *  Create an entry for this user in the publishing directory
-   *
-   */
-
-   private boolean createEntry(String dn)
-   {
-      boolean result = false;
-
-      IPublisherProcessor ldapPub = mAuthority.getPublisherProcessor();
-      if (ldapPub == null || !ldapPub.enabled()) {
-          log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ERROR_CREATE_ENTRY_FROM_CEP")); 
-
-          return result;
-      }
-
-      ILdapConnFactory connFactory = ((IPublisherProcessor)ldapPub).getLdapConnModule().getLdapConnFactory();
-      if (connFactory == null) {
-          return result;
-      }
-
-      LDAPConnection connection=null;
-      try {
-         connection = connFactory.getConn();
-         String[] objectclasses = { "top", mEntryObjectclass };
-         LDAPAttribute ocAttrs = new LDAPAttribute("objectclass",objectclasses);
-
-         LDAPAttributeSet attrSet = new LDAPAttributeSet();
-         attrSet.add(ocAttrs);
-
-         LDAPEntry newEntry = new LDAPEntry(dn, attrSet);
-         connection.add(newEntry);
-         result=true;
-      }
-      catch (Exception e) {
-          log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_FAIL_CREAT_ENTRY_EXISTS",dn));
-      }
-      finally {
-          try {
-             connFactory.returnConn(connection);
-          }
-          catch (Exception f) {}
-      }
-      return result;
+            throw new ServletException("Failed to process message in CEP servlet: " + e.getMessage());
+        }
+
+        // We have now processed the request, and need to make the response
+        // message
+
+        try {
+            // make the response
+            processCertRep(cx, cert, crsResp, req);
+
+            // Get the response coding
+            response = crsResp.getResponse();
+
+            // Encode the crsResp into B64
+            httpResp.setContentType("application/x-pki-message");
+            httpResp.setContentLength(response.length);
+            httpResp.getOutputStream().write(response);
+            httpResp.getOutputStream().flush();
+
+            CMS.debug("Output PKIOperation response:");
+            CMS.debug(CMS.BtoA(response));
+        } catch (Exception e) {
+            throw new ServletException("Failed to create response for CEP message" + e.getMessage());
+        }
+
+    }
+
+    /**
+     * finds a request with this transaction ID. If could not find any request -
+     * return null If could only find 'rejected' or 'cancelled' requests, return
+     * null If found 'pending' or 'completed' request - return that request
+     */
+
+    public IRequest findRequestByTransactionID(String txid, boolean ignoreRejected)
+            throws EBaseException {
+
+        /* Check if certificate request has been completed */
+
+        IRequestQueue rq = ca.getRequestQueue();
+        IRequest foundRequest = null;
+
+        Enumeration<RequestId> rids = rq.findRequestsBySourceId(txid);
+        if (rids == null) {
+            return null;
+        }
+
+        int count = 0;
+        while (rids.hasMoreElements()) {
+            RequestId rid = rids.nextElement();
+            if (rid == null) {
+                continue;
+            }
+
+            IRequest request = rq.findRequest(rid);
+            if (request == null) {
+                continue;
+            }
+            if (!ignoreRejected ||
+                    request.getRequestStatus().equals(RequestStatus.PENDING) ||
+                    request.getRequestStatus().equals(RequestStatus.COMPLETE)) {
+                if (foundRequest != null) {
+                }
+                foundRequest = request;
+            }
+        }
+        return foundRequest;
+    }
+
+    /**
+     * Called if the router is requesting us to send it its certificate Examine
+     * request queue for a request matching the transaction ID. Ignore any
+     * rejected or cancelled requests.
+     * 
+     * If a request is found in the pending state, the response should be
+     * 'pending'
+     * 
+     * If a request is found in the completed state, the response should be to
+     * return the certificate
+     * 
+     * If no request is found, the response should be to return null
+     * 
+     */
+
+    public X509CertImpl handleGetCertInitial(CRSPKIMessage req, CRSPKIMessage resp) {
+        IRequest foundRequest = null;
+
+        // already done by handlePKIOperation
+        // resp.setRecipientNonce(req.getSenderNonce());
+        // resp.setSenderNonce(null);
+
+        try {
+            foundRequest = findRequestByTransactionID(req.getTransactionID(), false);
+        } catch (EBaseException e) {
+        }
+
+        if (foundRequest == null) {
+            resp.setFailInfo(CRSPKIMessage.mFailInfo_badCertId);
+            resp.setPKIStatus(CRSPKIMessage.mStatus_FAILURE);
+            return null;
+        }
+
+        return makeResponseFromRequest(req, resp, foundRequest);
+    }
+
+    public void verifyRequest(CRSPKIMessage req, CryptoContext cx)
+            throws CRSInvalidSignatureException {
+
+        // Get Signed Data
+
+        byte[] reqAAbytes = req.getAA();
+        byte[] reqAAsig = req.getAADigest();
+
     }
 
+    /**
+     * Create an entry for this user in the publishing directory
+     * 
+     */
 
+    private boolean createEntry(String dn) {
+        boolean result = false;
 
-  /**
-   *  Here we decrypt the PKCS10 message from the client
-   *
-   */
-    
-  public void unwrapPKCS10(CRSPKIMessage req, CryptoContext cx)
-    throws   ServletException, 
+        IPublisherProcessor ldapPub = mAuthority.getPublisherProcessor();
+        if (ldapPub == null || !ldapPub.enabled()) {
+            log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ERROR_CREATE_ENTRY_FROM_CEP"));
+
+            return result;
+        }
+
+        ILdapConnFactory connFactory = ((IPublisherProcessor) ldapPub).getLdapConnModule().getLdapConnFactory();
+        if (connFactory == null) {
+            return result;
+        }
+
+        LDAPConnection connection = null;
+        try {
+            connection = connFactory.getConn();
+            String[] objectclasses = { "top", mEntryObjectclass };
+            LDAPAttribute ocAttrs = new LDAPAttribute("objectclass", objectclasses);
+
+            LDAPAttributeSet attrSet = new LDAPAttributeSet();
+            attrSet.add(ocAttrs);
+
+            LDAPEntry newEntry = new LDAPEntry(dn, attrSet);
+            connection.add(newEntry);
+            result = true;
+        } catch (Exception e) {
+            log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_FAIL_CREAT_ENTRY_EXISTS", dn));
+        } finally {
+            try {
+                connFactory.returnConn(connection);
+            } catch (Exception f) {
+            }
+        }
+        return result;
+    }
+
+    /**
+     * Here we decrypt the PKCS10 message from the client
+     * 
+     */
+
+    public void unwrapPKCS10(CRSPKIMessage req, CryptoContext cx)
+            throws ServletException,
              CryptoManager.NotInitializedException,
-			 CryptoContext.CryptoContextException,
+             CryptoContext.CryptoContextException,
              CRSFailureException {
-        
-      byte[] decryptedP10bytes = null;
-      SymmetricKey sk;
-      SymmetricKey skinternal;
-      SymmetricKey.Type skt;
-      KeyWrapper kw;
-      Cipher cip;
-      EncryptionAlgorithm ea;
-      boolean errorInRequest = false;
-
-      // Unwrap the session key with the Cert server key
-	try {
-      kw = cx.getKeyWrapper();
-
-      kw.initUnwrap(cx.getPrivateKey(),null);
-
-      skt = SymmetricKey.Type.DES;
-      ea = EncryptionAlgorithm.DES_CBC;
-      if (mEncryptionAlgorithm != null && mEncryptionAlgorithm.equals("DES3")) {
-          skt = SymmetricKey.Type.DES3;
-          ea = EncryptionAlgorithm.DES3_CBC;
-      }
-
-      sk = kw.unwrapSymmetric(req.getWrappedKey(),
+
+        byte[] decryptedP10bytes = null;
+        SymmetricKey sk;
+        SymmetricKey skinternal;
+        SymmetricKey.Type skt;
+        KeyWrapper kw;
+        Cipher cip;
+        EncryptionAlgorithm ea;
+        boolean errorInRequest = false;
+
+        // Unwrap the session key with the Cert server key
+        try {
+            kw = cx.getKeyWrapper();
+
+            kw.initUnwrap(cx.getPrivateKey(), null);
+
+            skt = SymmetricKey.Type.DES;
+            ea = EncryptionAlgorithm.DES_CBC;
+            if (mEncryptionAlgorithm != null && mEncryptionAlgorithm.equals("DES3")) {
+                skt = SymmetricKey.Type.DES3;
+                ea = EncryptionAlgorithm.DES3_CBC;
+            }
+
+            sk = kw.unwrapSymmetric(req.getWrappedKey(),
                               skt,
                               SymmetricKey.Usage.DECRYPT,
-                              0);  // keylength is ignored
-          
-     skinternal = cx.getDESKeyGenerator().clone(sk);
-          
-     cip = skinternal.getOwningToken().getCipherContext(ea);
-          
-     cip.initDecrypt(skinternal,(new IVParameterSpec(req.getIV())));
-        
-     decryptedP10bytes = cip.doFinal(req.getEncryptedPkcs10());
-     CMS.debug("decryptedP10bytes:");
-     CMS.debug(decryptedP10bytes);
-          
-     req.setP10(new PKCS10(decryptedP10bytes));
-     } catch (Exception e) {
-        CMS.debug("failed to unwrap PKCS10 " + e);
-		throw new CRSFailureException("Could not unwrap PKCS10 blob: "+e.getMessage());
-     }
-          
-  }
-
-
-
-private void getDetailFromRequest(CRSPKIMessage req, CRSPKIMessage crsResp)
-  throws CRSFailureException {
-
-      IRequest issueReq = null;
-      X509CertImpl issuedCert=null;
-      SubjectAlternativeNameExtension sane = null;
-      CertAttrSet requested_ext = null;
-
-      try {
-             PKCS10 p10 = req.getP10();
-
-             if (p10 == null) {
-			     crsResp.setFailInfo(CRSPKIMessage.mFailInfo_badMessageCheck);
-		  	     crsResp.setPKIStatus(CRSPKIMessage.mStatus_FAILURE);
-			     throw new CRSFailureException("Failed to decode pkcs10 from CEP request");
-		      }
-                
-              AuthCredentials authCreds = new AuthCredentials();
-
-              String challengePassword = null;
-              // Here, we make a new CertInfo - it's a new start for a certificate
-                    
-              X509CertInfo certInfo = CMS.getDefaultX509CertInfo();
-                
-              // get some stuff out of the request
-              X509Key key              = p10.getSubjectPublicKeyInfo();
-              X500Name p10subject      = p10.getSubjectName();
-
-              X500Name subject=null;
-
-              // The following code will copy all the attributes
-			  // into the AuthCredentials so they can be used for
-			  // authentication
-			  //
-			  // Optionally, you can re-map the subject name from:
-              //   one RDN, with many AVA's    to
-              //   many RDN's with one AVA in each.
-
-              Enumeration<RDN> rdne     = p10subject.getRDNs();
-              Vector<RDN>      rdnv = new Vector<RDN>();
-
-			  Hashtable<String, String> sanehash = new Hashtable<String, String>();
-
-              X500NameAttrMap xnap = X500NameAttrMap.getDefault();
-              while (rdne.hasMoreElements()) {
-                  RDN rdn = (RDN) rdne.nextElement();
-                  int i=0;
-                  AVA[] oldavas = rdn.getAssertion();
-                  for (i=0; i<rdn.getAssertionLength(); i++) {
-                      AVA[] newavas = new AVA[1];
-                      newavas[0]    = oldavas[i];
-					  
-				      authCreds.set(xnap.getName(oldavas[i].getOid()),
-					        oldavas[i].getValue().getAsString());
-					  
-					  if (oldavas[i].getOid().equals(OID_UNSTRUCTUREDNAME)) {
-						
-						  sanehash.put(SANE_DNSNAME,oldavas[i].getValue().getAsString());
-					  }	
-					  if (oldavas[i].getOid().equals(OID_UNSTRUCTUREDADDRESS)) {
-						  sanehash.put(SANE_IPADDRESS,oldavas[i].getValue().getAsString());
-					  }	
-
-                      RDN newrdn    = new RDN(newavas);
-					  if (mFlattenDN) {
-                          rdnv.addElement(newrdn);
-                      }
-                  }
-              }
-
-              if (mFlattenDN) subject  = new X500Name(rdnv);
-              else subject = p10subject;
-
-                
-				// create default key usage extension
-              KeyUsageExtension kue = new KeyUsageExtension();
-              kue.set(KeyUsageExtension.DIGITAL_SIGNATURE, Boolean.valueOf(true));
-              kue.set(KeyUsageExtension.KEY_ENCIPHERMENT, Boolean.valueOf(true));
-
-
-              PKCS10Attributes p10atts = p10.getAttributes();
-              Enumeration<PKCS10Attribute> e = p10atts.getElements();
-              
-              while (e.hasMoreElements()) {
-                  PKCS10Attribute p10a = (PKCS10Attribute)e.nextElement();
-                  CertAttrSet attr = p10a.getAttributeValue();
-
-
-                  if (attr.getName().equals(ChallengePassword.NAME)) {
-					  if (attr.get(ChallengePassword.PASSWORD) != null) {
-		              		req.put(AUTH_PASSWORD,
-									(String)attr.get(ChallengePassword.PASSWORD));
-		              		req.put(ChallengePassword.NAME,
-                           		hashPassword(
-									(String)attr.get(ChallengePassword.PASSWORD)));
-							}
-                      }
-                  
-                  if (attr.getName().equals(ExtensionsRequested.NAME)) {
-
-					Enumeration<Extension> exts = ((ExtensionsRequested)attr).getExtensions().elements();
-					while (exts.hasMoreElements()) {
-						Extension ext = exts.nextElement();
-
-						if (ext.getExtensionId().equals(
-							OIDMap.getOID(KeyUsageExtension.IDENT)) ) {
-							
-							kue = new KeyUsageExtension(
-									new Boolean(false), // noncritical
-									ext.getExtensionValue());
-						}
-
-						if (ext.getExtensionId().equals(
-							OIDMap.getOID(SubjectAlternativeNameExtension.IDENT)) ) {
-							DerOutputStream dos = new DerOutputStream();
-							sane = new SubjectAlternativeNameExtension(
-									new Boolean(false),  // noncritical
-									ext.getExtensionValue());
-
-								
-							@SuppressWarnings("unchecked")
-							Vector<GeneralNameInterface> v =
-									(Vector<GeneralNameInterface>) sane.get(SubjectAlternativeNameExtension. SUBJECT_NAME);
-
-							Enumeration<GeneralNameInterface> gne = v.elements();
-
-							while (gne.hasMoreElements()) {
-								GeneralNameInterface gni = (GeneralNameInterface) gne.nextElement();
-								if (gni instanceof GeneralName) {
-									GeneralName genName = (GeneralName) gni;
-
-									String gn = genName.toString();
-									int colon = gn.indexOf(':');
-									String gnType = gn.substring(0,colon).trim();
-									String gnValue = gn.substring(colon+1).trim();
-
-				      				authCreds.set(gnType,gnValue);
-								}
-							}
-						}
-					}
-                  }
-              }
-
-			  if (authCreds != null) req.put(AUTH_CREDS,authCreds);
-
-			try {
-			  if (sane == null)  sane = makeDefaultSubjectAltName(sanehash);
-			} catch (Exception sane_e) {
-				log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ENROLL_FAIL_NO_SUBJ_ALT_NAME",
-						sane_e.getMessage()));
-			}
-				
-                    
-
-		  try {
-              if (mAppendDN != null && ! mAppendDN.equals("")) {
-
-				  X500Name newSubject = new X500Name(subject.toString());
-                  subject = new X500Name( subject.toString().concat(","+mAppendDN));
-              }
-
-		  } catch (Exception sne) {
-	     	log(ILogger.LL_INFO, "Unable to use appendDN parameter: "+mAppendDN+". Error is "+sne.getMessage()+" Using unmodified subjectname");
-		  }
-
-			  if (subject != null) req.put(SUBJECTNAME, subject);
-
-              if (key == null || subject == null) {
-                  // log 
-                  //throw new ERegistrationException(RegistrationResources.ERROR_MALFORMED_P10);
-              }
-
-
-
-              certInfo.set(X509CertInfo.VERSION,
+                              0); // keylength is ignored
+
+            skinternal = cx.getDESKeyGenerator().clone(sk);
+
+            cip = skinternal.getOwningToken().getCipherContext(ea);
+
+            cip.initDecrypt(skinternal, (new IVParameterSpec(req.getIV())));
+
+            decryptedP10bytes = cip.doFinal(req.getEncryptedPkcs10());
+            CMS.debug("decryptedP10bytes:");
+            CMS.debug(decryptedP10bytes);
+
+            req.setP10(new PKCS10(decryptedP10bytes));
+        } catch (Exception e) {
+            CMS.debug("failed to unwrap PKCS10 " + e);
+            throw new CRSFailureException("Could not unwrap PKCS10 blob: " + e.getMessage());
+        }
+
+    }
+
+    private void getDetailFromRequest(CRSPKIMessage req, CRSPKIMessage crsResp)
+            throws CRSFailureException {
+
+        IRequest issueReq = null;
+        X509CertImpl issuedCert = null;
+        SubjectAlternativeNameExtension sane = null;
+        CertAttrSet requested_ext = null;
+
+        try {
+            PKCS10 p10 = req.getP10();
+
+            if (p10 == null) {
+                crsResp.setFailInfo(CRSPKIMessage.mFailInfo_badMessageCheck);
+                crsResp.setPKIStatus(CRSPKIMessage.mStatus_FAILURE);
+                throw new CRSFailureException("Failed to decode pkcs10 from CEP request");
+            }
+
+            AuthCredentials authCreds = new AuthCredentials();
+
+            String challengePassword = null;
+            // Here, we make a new CertInfo - it's a new start for a certificate
+
+            X509CertInfo certInfo = CMS.getDefaultX509CertInfo();
+
+            // get some stuff out of the request
+            X509Key key = p10.getSubjectPublicKeyInfo();
+            X500Name p10subject = p10.getSubjectName();
+
+            X500Name subject = null;
+
+            // The following code will copy all the attributes
+            // into the AuthCredentials so they can be used for
+            // authentication
+            //
+            // Optionally, you can re-map the subject name from:
+            // one RDN, with many AVA's to
+            // many RDN's with one AVA in each.
+
+            Enumeration<RDN> rdne = p10subject.getRDNs();
+            Vector<RDN> rdnv = new Vector<RDN>();
+
+            Hashtable<String, String> sanehash = new Hashtable<String, String>();
+
+            X500NameAttrMap xnap = X500NameAttrMap.getDefault();
+            while (rdne.hasMoreElements()) {
+                RDN rdn = (RDN) rdne.nextElement();
+                int i = 0;
+                AVA[] oldavas = rdn.getAssertion();
+                for (i = 0; i < rdn.getAssertionLength(); i++) {
+                    AVA[] newavas = new AVA[1];
+                    newavas[0] = oldavas[i];
+
+                    authCreds.set(xnap.getName(oldavas[i].getOid()),
+                            oldavas[i].getValue().getAsString());
+
+                    if (oldavas[i].getOid().equals(OID_UNSTRUCTUREDNAME)) {
+
+                        sanehash.put(SANE_DNSNAME, oldavas[i].getValue().getAsString());
+                    }
+                    if (oldavas[i].getOid().equals(OID_UNSTRUCTUREDADDRESS)) {
+                        sanehash.put(SANE_IPADDRESS, oldavas[i].getValue().getAsString());
+                    }
+
+                    RDN newrdn = new RDN(newavas);
+                    if (mFlattenDN) {
+                        rdnv.addElement(newrdn);
+                    }
+                }
+            }
+
+            if (mFlattenDN)
+                subject = new X500Name(rdnv);
+            else
+                subject = p10subject;
+
+            // create default key usage extension
+            KeyUsageExtension kue = new KeyUsageExtension();
+            kue.set(KeyUsageExtension.DIGITAL_SIGNATURE, Boolean.valueOf(true));
+            kue.set(KeyUsageExtension.KEY_ENCIPHERMENT, Boolean.valueOf(true));
+
+            PKCS10Attributes p10atts = p10.getAttributes();
+            Enumeration<PKCS10Attribute> e = p10atts.getElements();
+
+            while (e.hasMoreElements()) {
+                PKCS10Attribute p10a = (PKCS10Attribute) e.nextElement();
+                CertAttrSet attr = p10a.getAttributeValue();
+
+                if (attr.getName().equals(ChallengePassword.NAME)) {
+                    if (attr.get(ChallengePassword.PASSWORD) != null) {
+                        req.put(AUTH_PASSWORD,
+                                    (String) attr.get(ChallengePassword.PASSWORD));
+                        req.put(ChallengePassword.NAME,
+                                hashPassword(
+                                    (String) attr.get(ChallengePassword.PASSWORD)));
+                    }
+                }
+
+                if (attr.getName().equals(ExtensionsRequested.NAME)) {
+
+                    Enumeration<Extension> exts = ((ExtensionsRequested) attr).getExtensions().elements();
+                    while (exts.hasMoreElements()) {
+                        Extension ext = exts.nextElement();
+
+                        if (ext.getExtensionId().equals(
+                                OIDMap.getOID(KeyUsageExtension.IDENT))) {
+
+                            kue = new KeyUsageExtension(
+                                    new Boolean(false), // noncritical
+                                    ext.getExtensionValue());
+                        }
+
+                        if (ext.getExtensionId().equals(
+                                OIDMap.getOID(SubjectAlternativeNameExtension.IDENT))) {
+                            DerOutputStream dos = new DerOutputStream();
+                            sane = new SubjectAlternativeNameExtension(
+                                    new Boolean(false), // noncritical
+                                    ext.getExtensionValue());
+
+                            @SuppressWarnings("unchecked")
+                            Vector<GeneralNameInterface> v =
+                                    (Vector<GeneralNameInterface>) sane.get(SubjectAlternativeNameExtension.SUBJECT_NAME);
+
+                            Enumeration<GeneralNameInterface> gne = v.elements();
+
+                            while (gne.hasMoreElements()) {
+                                GeneralNameInterface gni = (GeneralNameInterface) gne.nextElement();
+                                if (gni instanceof GeneralName) {
+                                    GeneralName genName = (GeneralName) gni;
+
+                                    String gn = genName.toString();
+                                    int colon = gn.indexOf(':');
+                                    String gnType = gn.substring(0, colon).trim();
+                                    String gnValue = gn.substring(colon + 1).trim();
+
+                                    authCreds.set(gnType, gnValue);
+                                }
+                            }
+                        }
+                    }
+                }
+            }
+
+            if (authCreds != null)
+                req.put(AUTH_CREDS, authCreds);
+
+            try {
+                if (sane == null)
+                    sane = makeDefaultSubjectAltName(sanehash);
+            } catch (Exception sane_e) {
+                log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ENROLL_FAIL_NO_SUBJ_ALT_NAME",
+                        sane_e.getMessage()));
+            }
+
+            try {
+                if (mAppendDN != null && !mAppendDN.equals("")) {
+
+                    X500Name newSubject = new X500Name(subject.toString());
+                    subject = new X500Name(subject.toString().concat("," + mAppendDN));
+                }
+
+            } catch (Exception sne) {
+                log(ILogger.LL_INFO, "Unable to use appendDN parameter: " + mAppendDN + ". Error is " + sne.getMessage() + " Using unmodified subjectname");
+            }
+
+            if (subject != null)
+                req.put(SUBJECTNAME, subject);
+
+            if (key == null || subject == null) {
+                // log
+                // throw new
+                // ERegistrationException(RegistrationResources.ERROR_MALFORMED_P10);
+            }
+
+            certInfo.set(X509CertInfo.VERSION,
                            new CertificateVersion(CertificateVersion.V3));
-                    
-              certInfo.set(X509CertInfo.SUBJECT,
+
+            certInfo.set(X509CertInfo.SUBJECT,
                            new CertificateSubjectName(subject));
-                    
-              certInfo.set(X509CertInfo.KEY,
+
+            certInfo.set(X509CertInfo.KEY,
                            new CertificateX509Key(key));
-              
-              CertificateExtensions ext = new CertificateExtensions();
-
-              if (kue != null) {
-                  ext.set(KeyUsageExtension.class.getSimpleName(), kue);
-              }
-
-              // add subjectAltName extension, if present
-              if (sane != null) {
-                  ext.set(SubjectAlternativeNameExtension.class.getSimpleName(), sane);
-              }
-
-              certInfo.set(X509CertInfo.EXTENSIONS,ext);
-
-			  req.put(CERTINFO, certInfo);
-      } catch (Exception e) {
-	     crsResp.setFailInfo(CRSPKIMessage.mFailInfo_badMessageCheck);
-	     crsResp.setPKIStatus(CRSPKIMessage.mStatus_FAILURE);
-	     return ;
-	  }   // NEED TO FIX
-  }
-                  
-
-  private SubjectAlternativeNameExtension makeDefaultSubjectAltName(Hashtable<String, String> ht) {
-
-    // if no subjectaltname extension was requested, we try to make it up
-    // from some of the elements of the subject name
-
-	int itemCount = ht.size();
-	GeneralNameInterface[] gn = new GeneralNameInterface[ht.size()];
-
-	itemCount = 0;
-	Enumeration<String> en = ht.keys();
-    while (en.hasMoreElements()) {
-		String key = (String) en.nextElement();
-		if (key.equals(SANE_DNSNAME)) {
-			gn[itemCount++] = new DNSName((String)ht.get(key));
-		}
-		if (key.equals(SANE_IPADDRESS)) {
-			gn[itemCount++] = new IPAddressName((String)ht.get(key));
+
+            CertificateExtensions ext = new CertificateExtensions();
+
+            if (kue != null) {
+                ext.set(KeyUsageExtension.class.getSimpleName(), kue);
+            }
+
+            // add subjectAltName extension, if present
+            if (sane != null) {
+                ext.set(SubjectAlternativeNameExtension.class.getSimpleName(), sane);
+            }
+
+            certInfo.set(X509CertInfo.EXTENSIONS, ext);
+
+            req.put(CERTINFO, certInfo);
+        } catch (Exception e) {
+            crsResp.setFailInfo(CRSPKIMessage.mFailInfo_badMessageCheck);
+            crsResp.setPKIStatus(CRSPKIMessage.mStatus_FAILURE);
+            return;
+        } // NEED TO FIX
+    }
+
+    private SubjectAlternativeNameExtension makeDefaultSubjectAltName(Hashtable<String, String> ht) {
+
+        // if no subjectaltname extension was requested, we try to make it up
+        // from some of the elements of the subject name
+
+        int itemCount = ht.size();
+        GeneralNameInterface[] gn = new GeneralNameInterface[ht.size()];
+
+        itemCount = 0;
+        Enumeration<String> en = ht.keys();
+        while (en.hasMoreElements()) {
+            String key = (String) en.nextElement();
+            if (key.equals(SANE_DNSNAME)) {
+                gn[itemCount++] = new DNSName((String) ht.get(key));
+            }
+            if (key.equals(SANE_IPADDRESS)) {
+                gn[itemCount++] = new IPAddressName((String) ht.get(key));
+            }
+        }
+
+        try {
+            return new SubjectAlternativeNameExtension(new GeneralNames(gn));
+        } catch (Exception e) {
+            log(ILogger.LL_INFO, CMS.getLogMessage("CMSGW_ENROLL_FAIL_NO_SUBJ_ALT_NAME",
+                    e.getMessage()));
+            return null;
         }
     }
 
-	try {
-		return new SubjectAlternativeNameExtension( new GeneralNames(gn) );
-	} catch (Exception e) {
-		log(ILogger.LL_INFO, CMS.getLogMessage("CMSGW_ENROLL_FAIL_NO_SUBJ_ALT_NAME",
-			e.getMessage()));	  
-		return null;
-	}
-  }
-              
-
-
-  // Perform authentication
-
-  /*
-   * if the authentication is set up for CEP, and the user provides
-   * some credential, an attempt is made to authenticate the user
-   * If this fails, this method will return true
-   * If it is sucessful, this method will return true and
-   * an authtoken will be in the request
-   *
-   * If authentication is not configured, this method will
-   * return false. The request will be processed in the usual
-   * way, but no authtoken will be in the request.
-   *
-   * In other word, this method returns true if the request
-   * should be aborted, false otherwise.
-   */
-
-  private boolean authenticateUser(CRSPKIMessage req) {
-		  boolean authenticationFailed = true;
-
-		  if (mAuthManagerName == null) {
-			return false;
-		  }
-
-		  String password = (String)req.get(AUTH_PASSWORD);
-
-          AuthCredentials authCreds = (AuthCredentials)req.get(AUTH_CREDS);
-
-		  if (authCreds == null) {
-			  authCreds = new AuthCredentials();
-		  }
-
-		  // authtoken starts as null
-          AuthToken token = null;
-
-          	  if (password != null && !password.equals(""))  {
-				try {
-               		authCreds.set(AUTH_PASSWORD,password);
-				} catch (Exception e) {}
-			  }
-			  
+    // Perform authentication
+
+    /*
+     * if the authentication is set up for CEP, and the user provides some
+     * credential, an attempt is made to authenticate the user If this fails,
+     * this method will return true If it is sucessful, this method will return
+     * true and an authtoken will be in the request
+     * 
+     * If authentication is not configured, this method will return false. The
+     * request will be processed in the usual way, but no authtoken will be in
+     * the request.
+     * 
+     * In other word, this method returns true if the request should be aborted,
+     * false otherwise.
+     */
 
-                try {
-                 token = (AuthToken)mAuthSubsystem.authenticate(authCreds,mAuthManagerName);
-                   authCreds.delete(AUTH_PASSWORD);
-				// if we got here, the authenticate call must not have thrown
-				// an exception
-                   authenticationFailed = false;
-              	}
-              	catch (EInvalidCredentials ex) {
-                   // Invalid credentials - we must reject the request
-                   authenticationFailed = true;
-              	}
-              	catch (EMissingCredential mc) {
-                   // Misssing credential - we'll log, and process manually
-                   authenticationFailed = false;
-              	}
-              	catch (EBaseException ex) {
-                  // If there's some other error, we'll reject
-                  // So, we just continue on, - AUTH_TOKEN will not be set.
-              	}
-
-	 	 if (token != null) {
-	     	req.put(AUTH_TOKEN,token);
-		 }
-
-         return authenticationFailed;
-   }
-
-  private boolean areFingerprintsEqual(IRequest req, Hashtable<String, byte[]> fingerprints)
-  {
-	
-	Hashtable<String, Object> old_fprints = req.getExtDataInHashtable(IRequest.FINGERPRINTS);
-	if (old_fprints == null) { return false; }
-
-    byte[] old_md5 = CMS.AtoB((String) old_fprints.get("MD5"));
-	byte[] new_md5 = (byte[]) fingerprints.get("MD5");
-
-	if (old_md5.length != new_md5.length) return false;
-	
-	for (int i=0;i<old_md5.length; i++) {
-		if (old_md5[i] != new_md5[i]) return false;
-	}
-	return true;
-  }
-
-  public X509CertImpl handlePKCSReq(HttpServletRequest httpReq,
-                                 IRequest cmsRequest, CRSPKIMessage req, 
-									CRSPKIMessage crsResp, CryptoContext cx)
-    throws   ServletException, 
+    private boolean authenticateUser(CRSPKIMessage req) {
+        boolean authenticationFailed = true;
+
+        if (mAuthManagerName == null) {
+            return false;
+        }
+
+        String password = (String) req.get(AUTH_PASSWORD);
+
+        AuthCredentials authCreds = (AuthCredentials) req.get(AUTH_CREDS);
+
+        if (authCreds == null) {
+            authCreds = new AuthCredentials();
+        }
+
+        // authtoken starts as null
+        AuthToken token = null;
+
+        if (password != null && !password.equals("")) {
+            try {
+                authCreds.set(AUTH_PASSWORD, password);
+            } catch (Exception e) {
+            }
+        }
+
+        try {
+            token = (AuthToken) mAuthSubsystem.authenticate(authCreds, mAuthManagerName);
+            authCreds.delete(AUTH_PASSWORD);
+            // if we got here, the authenticate call must not have thrown
+            // an exception
+            authenticationFailed = false;
+        } catch (EInvalidCredentials ex) {
+            // Invalid credentials - we must reject the request
+            authenticationFailed = true;
+        } catch (EMissingCredential mc) {
+            // Misssing credential - we'll log, and process manually
+            authenticationFailed = false;
+        } catch (EBaseException ex) {
+            // If there's some other error, we'll reject
+            // So, we just continue on, - AUTH_TOKEN will not be set.
+        }
+
+        if (token != null) {
+            req.put(AUTH_TOKEN, token);
+        }
+
+        return authenticationFailed;
+    }
+
+    private boolean areFingerprintsEqual(IRequest req, Hashtable<String, byte[]> fingerprints) {
+
+        Hashtable<String, Object> old_fprints = req.getExtDataInHashtable(IRequest.FINGERPRINTS);
+        if (old_fprints == null) {
+            return false;
+        }
+
+        byte[] old_md5 = CMS.AtoB((String) old_fprints.get("MD5"));
+        byte[] new_md5 = (byte[]) fingerprints.get("MD5");
+
+        if (old_md5.length != new_md5.length)
+            return false;
+
+        for (int i = 0; i < old_md5.length; i++) {
+            if (old_md5[i] != new_md5[i])
+                return false;
+        }
+        return true;
+    }
+
+    public X509CertImpl handlePKCSReq(HttpServletRequest httpReq,
+                                 IRequest cmsRequest, CRSPKIMessage req,
+                                    CRSPKIMessage crsResp, CryptoContext cx)
+            throws ServletException,
              CryptoManager.NotInitializedException,
              CRSFailureException {
 
-	try {
-       unwrapPKCS10(req,cx);
-	   Hashtable<String, byte[]> fingerprints = makeFingerPrints(req);
-
-       if (cmsRequest != null) {
-			if (areFingerprintsEqual(cmsRequest, fingerprints)) {
-               CMS.debug("created response from request");
-				return makeResponseFromRequest(req,crsResp,cmsRequest);
-			}
-			else {
-                CMS.debug("duplicated transaction id");
-		  		log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ENROLL_FAIL_DUP_TRANS_ID"));	  
-		  		crsResp.setFailInfo(CRSPKIMessage.mFailInfo_badRequest);
-		  		crsResp.setPKIStatus(CRSPKIMessage.mStatus_FAILURE);
-		  		return null;
-			}
-		}
-
-	   getDetailFromRequest(req,crsResp);
-	   boolean authFailed = authenticateUser(req);
- 
-	   if (authFailed) {
-          CMS.debug("authentication failed");
-		  log(ILogger.LL_SECURITY, CMS.getLogMessage("CMSGW_ENROLL_FAIL_NO_AUTH"));	  
-		  crsResp.setFailInfo(CRSPKIMessage.mFailInfo_badIdentity);
-		  crsResp.setPKIStatus(CRSPKIMessage.mStatus_FAILURE);
-
-
-          // perform audit log
-          String auditMessage = CMS.getLogMessage(
+        try {
+            unwrapPKCS10(req, cx);
+            Hashtable<String, byte[]> fingerprints = makeFingerPrints(req);
+
+            if (cmsRequest != null) {
+                if (areFingerprintsEqual(cmsRequest, fingerprints)) {
+                    CMS.debug("created response from request");
+                    return makeResponseFromRequest(req, crsResp, cmsRequest);
+                } else {
+                    CMS.debug("duplicated transaction id");
+                    log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ENROLL_FAIL_DUP_TRANS_ID"));
+                    crsResp.setFailInfo(CRSPKIMessage.mFailInfo_badRequest);
+                    crsResp.setPKIStatus(CRSPKIMessage.mStatus_FAILURE);
+                    return null;
+                }
+            }
+
+            getDetailFromRequest(req, crsResp);
+            boolean authFailed = authenticateUser(req);
+
+            if (authFailed) {
+                CMS.debug("authentication failed");
+                log(ILogger.LL_SECURITY, CMS.getLogMessage("CMSGW_ENROLL_FAIL_NO_AUTH"));
+                crsResp.setFailInfo(CRSPKIMessage.mFailInfo_badIdentity);
+                crsResp.setPKIStatus(CRSPKIMessage.mStatus_FAILURE);
+
+                // perform audit log
+                String auditMessage = CMS.getLogMessage(
                             "LOGGING_SIGNED_AUDIT_NON_PROFILE_CERT_REQUEST_5",
                             httpReq.getRemoteAddr(),
                             ILogger.FAILURE,
                             req.getTransactionID(),
                             "CRSEnrollment",
                             ILogger.SIGNED_AUDIT_EMPTY_VALUE);
-          ILogger signedAuditLogger = CMS.getSignedAuditLogger();
-          if (signedAuditLogger != null) {
-            signedAuditLogger.log(ILogger.EV_SIGNED_AUDIT,
-                     null, ILogger.S_SIGNED_AUDIT,
-                     ILogger.LL_SECURITY, auditMessage);
-          }
-
-		  return null;
-	   }
-	   else {
-		  IRequest ireq = postRequest(httpReq, req,crsResp);
-		
-
-          CMS.debug("created response");
-		  return makeResponseFromRequest(req,crsResp, ireq);
-	   }
-	} catch (CryptoContext.CryptoContextException e) {
-        CMS.debug("failed to decrypt the request " + e);
-		log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ENROLL_FAIL_NO_DECRYPT_PKCS10",
-			e.getMessage()));	  
-		crsResp.setFailInfo(CRSPKIMessage.mFailInfo_badMessageCheck);
-		crsResp.setPKIStatus(CRSPKIMessage.mStatus_FAILURE);
-	} catch (EBaseException e) {
-        CMS.debug("operation failure - " + e);
-		log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ERNOLL_FAIL_NO_NEW_REQUEST_POSTED",
-			e.getMessage()));	  
-		crsResp.setFailInfo(CRSPKIMessage.mFailInfo_internalCAError);
-		crsResp.setPKIStatus(CRSPKIMessage.mStatus_FAILURE);
-	}
-	return null;
-  }
-
-
-//////   post the request 
-
-/*
-  needed:
-
-  token (authtoken)
-  certInfo
-  fingerprints       x
-  req.transactionID
-  crsResp
-*/  
-
-private IRequest postRequest(HttpServletRequest httpReq, CRSPKIMessage req, CRSPKIMessage crsResp) 
-throws EBaseException {
-	 X500Name subject = (X500Name)req.get(SUBJECTNAME);
-
-     if (mCreateEntry) {
-		 if (subject == null) {
-             CMS.debug( "CRSEnrollment::postRequest() - subject is null!" );
-             return null;
-		 }
-         createEntry(subject.toString());
-     }
-
-     // use profile framework to handle SCEP
-     if (mProfileId != null) {
-       PKCS10 pkcs10data = req.getP10();
-       String pkcs10blob = CMS.BtoA(pkcs10data.toByteArray());
-
-       // XXX authentication handling
-       CMS.debug("Found profile=" + mProfileId);
-       IProfile profile = mProfileSubsystem.getProfile(mProfileId);
-       if (profile == null) {
-         CMS.debug("profile " + mProfileId + " not found");
-         return null;
-       }
-       IProfileContext ctx = profile.createContext();
-
-       IProfileAuthenticator authenticator = null;
-       try {
-            CMS.debug("Retrieving authenticator");
-            authenticator = profile.getAuthenticator();
+                ILogger signedAuditLogger = CMS.getSignedAuditLogger();
+                if (signedAuditLogger != null) {
+                    signedAuditLogger.log(ILogger.EV_SIGNED_AUDIT,
+                            null, ILogger.S_SIGNED_AUDIT,
+                            ILogger.LL_SECURITY, auditMessage);
+                }
+
+                return null;
+            } else {
+                IRequest ireq = postRequest(httpReq, req, crsResp);
+
+                CMS.debug("created response");
+                return makeResponseFromRequest(req, crsResp, ireq);
+            }
+        } catch (CryptoContext.CryptoContextException e) {
+            CMS.debug("failed to decrypt the request " + e);
+            log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ENROLL_FAIL_NO_DECRYPT_PKCS10",
+                    e.getMessage()));
+            crsResp.setFailInfo(CRSPKIMessage.mFailInfo_badMessageCheck);
+            crsResp.setPKIStatus(CRSPKIMessage.mStatus_FAILURE);
+        } catch (EBaseException e) {
+            CMS.debug("operation failure - " + e);
+            log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ERNOLL_FAIL_NO_NEW_REQUEST_POSTED",
+                    e.getMessage()));
+            crsResp.setFailInfo(CRSPKIMessage.mFailInfo_internalCAError);
+            crsResp.setPKIStatus(CRSPKIMessage.mStatus_FAILURE);
+        }
+        return null;
+    }
+
+    // //// post the request
+
+    /*
+     * needed:
+     * 
+     * token (authtoken) certInfo fingerprints x req.transactionID crsResp
+     */
+
+    private IRequest postRequest(HttpServletRequest httpReq, CRSPKIMessage req, CRSPKIMessage crsResp)
+            throws EBaseException {
+        X500Name subject = (X500Name) req.get(SUBJECTNAME);
+
+        if (mCreateEntry) {
+            if (subject == null) {
+                CMS.debug("CRSEnrollment::postRequest() - subject is null!");
+                return null;
+            }
+            createEntry(subject.toString());
+        }
+
+        // use profile framework to handle SCEP
+        if (mProfileId != null) {
+            PKCS10 pkcs10data = req.getP10();
+            String pkcs10blob = CMS.BtoA(pkcs10data.toByteArray());
+
+            // XXX authentication handling
+            CMS.debug("Found profile=" + mProfileId);
+            IProfile profile = mProfileSubsystem.getProfile(mProfileId);
+            if (profile == null) {
+                CMS.debug("profile " + mProfileId + " not found");
+                return null;
+            }
+            IProfileContext ctx = profile.createContext();
+
+            IProfileAuthenticator authenticator = null;
+            try {
+                CMS.debug("Retrieving authenticator");
+                authenticator = profile.getAuthenticator();
+                if (authenticator == null) {
+                    CMS.debug("No authenticator Found");
+                } else {
+                    CMS.debug("Got authenticator=" + authenticator.getClass().getName());
+                }
+            } catch (EProfileException e) {
+                // authenticator not installed correctly
+            }
+
+            IAuthToken authToken = null;
+
+            // for ssl authentication; pass in servlet for retrieving
+            // ssl client certificates
+            SessionContext context = SessionContext.getContext();
+
+            // insert profile context so that input parameter can be retrieved
+            context.put("profileContext", ctx);
+            context.put("sslClientCertProvider",
+                    new SSLClientCertProvider(httpReq));
+
+            String p10Password = getPasswordFromP10(pkcs10data);
+            AuthCredentials credentials = new AuthCredentials();
+            credentials.set("UID", httpReq.getRemoteAddr());
+            credentials.set("PWD", p10Password);
+
             if (authenticator == null) {
-              CMS.debug("No authenticator Found");
+                // XXX - to help caRouterCert to work, we need to
+                // add authentication to caRouterCert
+                authToken = new AuthToken(null);
             } else {
-              CMS.debug("Got authenticator=" + authenticator.getClass().getName());
+                authToken = authenticate(credentials, authenticator, httpReq);
             }
-       } catch (EProfileException e) {
-            // authenticator not installed correctly
-       }
-
-       IAuthToken authToken = null;
-
-       // for ssl authentication; pass in servlet for retrieving
-       // ssl client certificates
-       SessionContext context = SessionContext.getContext();
-
-
-        // insert profile context so that input parameter can be retrieved
-       context.put("profileContext", ctx);
-       context.put("sslClientCertProvider",
-            new SSLClientCertProvider(httpReq));
-
-       String p10Password = getPasswordFromP10(pkcs10data);
-        AuthCredentials credentials = new AuthCredentials();
-        credentials.set("UID", httpReq.getRemoteAddr());
-        credentials.set("PWD", p10Password);
-
-       if (authenticator == null) {
-          // XXX - to help caRouterCert to work, we need to 
-          // add authentication to caRouterCert
-          authToken = new AuthToken(null);
-       } else { 
-         authToken = authenticate(credentials, authenticator, httpReq);
-       }
-
-       IRequest reqs[] = null;
-       CMS.debug("CRSEnrollment: Creating profile requests");
-       ctx.set(IEnrollProfile.CTX_CERT_REQUEST_TYPE, "pkcs10");
-       ctx.set(IEnrollProfile.CTX_CERT_REQUEST, pkcs10blob);
-       Locale locale = Locale.getDefault();
-       reqs = profile.createRequests(ctx, locale);
-       if (reqs == null) {
-         CMS.debug("CRSEnrollment: No request has been created");
-         return null;
-       } else {
-         CMS.debug("CRSEnrollment: Request (" + reqs.length + ") have been created");
-       }
-       // set transaction id
-       reqs[0].setSourceId(req.getTransactionID());
-       reqs[0].setExtData("profile", "true");
-       reqs[0].setExtData("profileId", mProfileId);
-       reqs[0].setExtData(IEnrollProfile.CTX_CERT_REQUEST_TYPE, IEnrollProfile.REQ_TYPE_PKCS10);
-       reqs[0].setExtData(IEnrollProfile.CTX_CERT_REQUEST, pkcs10blob);
-       reqs[0].setExtData("requestor_name", "");
-       reqs[0].setExtData("requestor_email", "");
-       reqs[0].setExtData("requestor_phone", "");
-       reqs[0].setExtData("profileRemoteHost", httpReq.getRemoteHost());
-       reqs[0].setExtData("profileRemoteAddr", httpReq.getRemoteAddr());
-       reqs[0].setExtData("profileApprovedBy", profile.getApprovedBy());
-
-       CMS.debug("CRSEnrollment: Populating inputs");
-       profile.populateInput(ctx, reqs[0]);
-       CMS.debug("CRSEnrollment: Populating requests");
-       profile.populate(reqs[0]);
-
-       CMS.debug("CRSEnrollment: Submitting request");
-       profile.submit(authToken, reqs[0]);
-       CMS.debug("CRSEnrollment: Done submitting request");
-       profile.getRequestQueue().markAsServiced(reqs[0]);
-       CMS.debug("CRSEnrollment: Request marked as serviced");
-
-       return reqs[0];
-
-     }
-
-     IRequestQueue rq = ca.getRequestQueue();
-     IRequest pkiReq = rq.newRequest(IRequest.ENROLLMENT_REQUEST);
-
-	 AuthToken token = (AuthToken) req.get(AUTH_TOKEN);
-     if (token != null) { 
-          pkiReq.setExtData(IRequest.AUTH_TOKEN,token);
-     }
-
-     pkiReq.setExtData(IRequest.HTTP_PARAMS, IRequest.CERT_TYPE, IRequest.CEP_CERT);
-	 X509CertInfo certInfo = (X509CertInfo) req.get(CERTINFO);
-     pkiReq.setExtData(IRequest.CERT_INFO, new X509CertInfo[] { certInfo } );
-     pkiReq.setExtData("cepsubstore", mSubstoreName);
-
-	 try {
-	 	String chpwd = (String)req.get(ChallengePassword.NAME);
-        if (chpwd != null) {
-	 		pkiReq.setExtData("challengePhrase",
-				chpwd );
-		}
-	 } catch (Exception pwex) {
-	 }
-
-     Hashtable<?, ?> fingerprints = (Hashtable<?, ?>)req.get(IRequest.FINGERPRINTS);
-     if (fingerprints.size() > 0) {
-         Hashtable<String, String> encodedPrints = new Hashtable<String, String>(fingerprints.size());
-         Enumeration<?> e = fingerprints.keys();
-         while (e.hasMoreElements()) {
-             String key = (String)e.nextElement();
-             byte[] value = (byte[])fingerprints.get(key);
-             encodedPrints.put(key, CMS.BtoA(value));
-         }
-         pkiReq.setExtData(IRequest.FINGERPRINTS, encodedPrints);
-	 }
-
-     pkiReq.setSourceId(req.getTransactionID());
-                 
-     rq.processRequest(pkiReq);
-
-     crsResp.setPKIStatus(CRSPKIMessage.mStatus_SUCCESS);
-
-     mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER,
+
+            IRequest reqs[] = null;
+            CMS.debug("CRSEnrollment: Creating profile requests");
+            ctx.set(IEnrollProfile.CTX_CERT_REQUEST_TYPE, "pkcs10");
+            ctx.set(IEnrollProfile.CTX_CERT_REQUEST, pkcs10blob);
+            Locale locale = Locale.getDefault();
+            reqs = profile.createRequests(ctx, locale);
+            if (reqs == null) {
+                CMS.debug("CRSEnrollment: No request has been created");
+                return null;
+            } else {
+                CMS.debug("CRSEnrollment: Request (" + reqs.length + ") have been created");
+            }
+            // set transaction id
+            reqs[0].setSourceId(req.getTransactionID());
+            reqs[0].setExtData("profile", "true");
+            reqs[0].setExtData("profileId", mProfileId);
+            reqs[0].setExtData(IEnrollProfile.CTX_CERT_REQUEST_TYPE, IEnrollProfile.REQ_TYPE_PKCS10);
+            reqs[0].setExtData(IEnrollProfile.CTX_CERT_REQUEST, pkcs10blob);
+            reqs[0].setExtData("requestor_name", "");
+            reqs[0].setExtData("requestor_email", "");
+            reqs[0].setExtData("requestor_phone", "");
+            reqs[0].setExtData("profileRemoteHost", httpReq.getRemoteHost());
+            reqs[0].setExtData("profileRemoteAddr", httpReq.getRemoteAddr());
+            reqs[0].setExtData("profileApprovedBy", profile.getApprovedBy());
+
+            CMS.debug("CRSEnrollment: Populating inputs");
+            profile.populateInput(ctx, reqs[0]);
+            CMS.debug("CRSEnrollment: Populating requests");
+            profile.populate(reqs[0]);
+
+            CMS.debug("CRSEnrollment: Submitting request");
+            profile.submit(authToken, reqs[0]);
+            CMS.debug("CRSEnrollment: Done submitting request");
+            profile.getRequestQueue().markAsServiced(reqs[0]);
+            CMS.debug("CRSEnrollment: Request marked as serviced");
+
+            return reqs[0];
+
+        }
+
+        IRequestQueue rq = ca.getRequestQueue();
+        IRequest pkiReq = rq.newRequest(IRequest.ENROLLMENT_REQUEST);
+
+        AuthToken token = (AuthToken) req.get(AUTH_TOKEN);
+        if (token != null) {
+            pkiReq.setExtData(IRequest.AUTH_TOKEN, token);
+        }
+
+        pkiReq.setExtData(IRequest.HTTP_PARAMS, IRequest.CERT_TYPE, IRequest.CEP_CERT);
+        X509CertInfo certInfo = (X509CertInfo) req.get(CERTINFO);
+        pkiReq.setExtData(IRequest.CERT_INFO, new X509CertInfo[] { certInfo });
+        pkiReq.setExtData("cepsubstore", mSubstoreName);
+
+        try {
+            String chpwd = (String) req.get(ChallengePassword.NAME);
+            if (chpwd != null) {
+                pkiReq.setExtData("challengePhrase",
+                        chpwd);
+            }
+        } catch (Exception pwex) {
+        }
+
+        Hashtable<?, ?> fingerprints = (Hashtable<?, ?>) req.get(IRequest.FINGERPRINTS);
+        if (fingerprints.size() > 0) {
+            Hashtable<String, String> encodedPrints = new Hashtable<String, String>(fingerprints.size());
+            Enumeration<?> e = fingerprints.keys();
+            while (e.hasMoreElements()) {
+                String key = (String) e.nextElement();
+                byte[] value = (byte[]) fingerprints.get(key);
+                encodedPrints.put(key, CMS.BtoA(value));
+            }
+            pkiReq.setExtData(IRequest.FINGERPRINTS, encodedPrints);
+        }
+
+        pkiReq.setSourceId(req.getTransactionID());
+
+        rq.processRequest(pkiReq);
+
+        crsResp.setPKIStatus(CRSPKIMessage.mStatus_SUCCESS);
+
+        mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER,
                             AuditFormat.LEVEL,
                             AuditFormat.ENROLLMENTFORMAT,
                             new Object[] {
-                            pkiReq.getRequestId(),
-                            AuditFormat.FROMROUTER,
-                            mAuthManagerName == null ? AuditFormat.NOAUTH : mAuthManagerName,
-                            "pending",
-                            subject ,
-                            ""}
+                                    pkiReq.getRequestId(),
+                                    AuditFormat.FROMROUTER,
+                                    mAuthManagerName == null ? AuditFormat.NOAUTH : mAuthManagerName,
+                                    "pending",
+                                    subject,
+                                    "" }
                             );
-                  
-	  return pkiReq;
-  }
-
 
+        return pkiReq;
+    }
 
-  public Hashtable<String, byte[]> makeFingerPrints(CRSPKIMessage req) {
+    public Hashtable<String, byte[]> makeFingerPrints(CRSPKIMessage req) {
         Hashtable<String, byte[]> fingerprints = new Hashtable<String, byte[]>();
 
         MessageDigest md;
-        String[] hashes = new String[] {"MD2", "MD5", "SHA1", "SHA256", "SHA512"};
-        PKCS10 p10 = (PKCS10)req.getP10();
+        String[] hashes = new String[] { "MD2", "MD5", "SHA1", "SHA256", "SHA512" };
+        PKCS10 p10 = (PKCS10) req.getP10();
 
-        for (int i=0;i<hashes.length;i++) {
-		    try {
-               	md = MessageDigest.getInstance(hashes[i]);
-               	md.update(p10.getCertRequestInfo());
-               	fingerprints.put(hashes[i],md.digest());
-			}
-			catch (NoSuchAlgorithmException nsa) {}
+        for (int i = 0; i < hashes.length; i++) {
+            try {
+                md = MessageDigest.getInstance(hashes[i]);
+                md.update(p10.getCertRequestInfo());
+                fingerprints.put(hashes[i], md.digest());
+            } catch (NoSuchAlgorithmException nsa) {
+            }
         }
 
-		if (fingerprints != null) {
-	    	req.put(IRequest.FINGERPRINTS,fingerprints);
-		}
-		return fingerprints;
-  }
-
-  
-  // Take a look to see if the request was successful, and fill
-  // in the response message
+        if (fingerprints != null) {
+            req.put(IRequest.FINGERPRINTS, fingerprints);
+        }
+        return fingerprints;
+    }
 
+    // Take a look to see if the request was successful, and fill
+    // in the response message
 
-  private X509CertImpl makeResponseFromRequest(CRSPKIMessage crsReq, CRSPKIMessage crsResp,
-                                      IRequest pkiReq)
-    {
+    private X509CertImpl makeResponseFromRequest(CRSPKIMessage crsReq, CRSPKIMessage crsResp,
+                                      IRequest pkiReq) {
 
-        X509CertImpl issuedCert=null;
+        X509CertImpl issuedCert = null;
 
         RequestStatus status = pkiReq.getRequestStatus();
 
         String profileId = pkiReq.getExtDataInString("profileId");
         if (profileId != null) {
-          CMS.debug("CRSEnrollment: Found profile request");
-          X509CertImpl cert =
-                 pkiReq.getExtDataInCert(IEnrollProfile.REQUEST_ISSUED_CERT);
-          if (cert == null) {
-            CMS.debug("CRSEnrollment: No certificate has been found");
-          } else {
-            CMS.debug("CRSEnrollment: Found certificate");
-          }
-          crsResp.setPKIStatus(CRSPKIMessage.mStatus_SUCCESS);
-          return cert;
+            CMS.debug("CRSEnrollment: Found profile request");
+            X509CertImpl cert =
+                    pkiReq.getExtDataInCert(IEnrollProfile.REQUEST_ISSUED_CERT);
+            if (cert == null) {
+                CMS.debug("CRSEnrollment: No certificate has been found");
+            } else {
+                CMS.debug("CRSEnrollment: Found certificate");
+            }
+            crsResp.setPKIStatus(CRSPKIMessage.mStatus_SUCCESS);
+            return cert;
         }
 
-
-        if ( status.equals(RequestStatus.COMPLETE)) {
+        if (status.equals(RequestStatus.COMPLETE)) {
             Integer success = pkiReq.getExtDataInInteger(IRequest.RESULT);
 
-
             if (success.equals(IRequest.RES_SUCCESS)) {
                 // The cert was issued, lets send it back to the router
                 X509CertImpl[] issuedCertBuf =
-                  pkiReq.getExtDataInCertArray(IRequest.ISSUED_CERTS);
+                        pkiReq.getExtDataInCertArray(IRequest.ISSUED_CERTS);
                 if (issuedCertBuf == null || issuedCertBuf.length == 0) {
-                    //  writeError("Internal Error: Bad operation",httpReq,httpResp);
-                    CMS.debug( "CRSEnrollment::makeResponseFromRequest() - " +
-                               "Bad operation" );
+                    // writeError("Internal Error: Bad operation",httpReq,httpResp);
+                    CMS.debug("CRSEnrollment::makeResponseFromRequest() - " +
+                               "Bad operation");
                     return null;
                 }
                 issuedCert = issuedCertBuf[0];
                 crsResp.setPKIStatus(CRSPKIMessage.mStatus_SUCCESS);
-                            
-            }
-            else {  // status is not 'success' - there must've been a problem
-                            
+
+            } else { // status is not 'success' - there must've been a problem
+
                 crsResp.setPKIStatus(CRSPKIMessage.mStatus_FAILURE);
                 crsResp.setFailInfo(CRSPKIMessage.mFailInfo_badAlg);
             }
-        }
-        else if (status.equals(RequestStatus.REJECTED_STRING) ||
+        } else if (status.equals(RequestStatus.REJECTED_STRING) ||
                  status.equals(RequestStatus.CANCELED_STRING)) {
-                crsResp.setPKIStatus(CRSPKIMessage.mStatus_FAILURE);
-                crsResp.setFailInfo(CRSPKIMessage.mFailInfo_badRequest);
-            }
-        else  {   // not complete
+            crsResp.setPKIStatus(CRSPKIMessage.mStatus_FAILURE);
+            crsResp.setFailInfo(CRSPKIMessage.mFailInfo_badRequest);
+        } else { // not complete
             crsResp.setPKIStatus(CRSPKIMessage.mStatus_PENDING);
         }
 
         return issuedCert;
     }
 
+    protected String hashPassword(String pwd) {
+        String salt = "lala123";
+        byte[] pwdDigest = mSHADigest.digest((salt + pwd).getBytes());
+        String b64E = com.netscape.osutil.OSUtil.BtoA(pwdDigest);
+        return "{SHA}" + b64E;
+    }
 
+    /**
+     * Make the CRSPKIMESSAGE response
+     */
 
+    private void processCertRep(CryptoContext cx,
+                              X509CertImpl issuedCert,
+                              CRSPKIMessage crsResp,
+                              CRSPKIMessage crsReq)
+            throws CRSFailureException {
+        byte[] msgdigest = null;
+        byte[] encryptedDesKey = null;
 
+        try {
+            if (issuedCert != null) {
 
+                SymmetricKey sk;
+                SymmetricKey skinternal;
 
-  protected String hashPassword(String pwd) {
-        String salt = "lala123";
-        byte[] pwdDigest = mSHADigest.digest((salt+pwd).getBytes());
-        String b64E = com.netscape.osutil.OSUtil.BtoA(pwdDigest);
-        return "{SHA}"+b64E;
-    }
+                KeyGenAlgorithm kga = KeyGenAlgorithm.DES;
+                EncryptionAlgorithm ea = EncryptionAlgorithm.DES_CBC;
+                if (mEncryptionAlgorithm != null && mEncryptionAlgorithm.equals("DES3")) {
+                    kga = KeyGenAlgorithm.DES3;
+                    ea = EncryptionAlgorithm.DES3_CBC;
+                }
 
+                // 1. Make the Degenerated PKCS7 with the recipient's
+                // certificate in it
 
+                byte toBeEncrypted[] =
+                        crsResp.makeSignedRep(1, // version
+                                issuedCert.getEncoded()
+                                      );
 
+                // 2. Encrypt the above byte array with a new random DES key
 
-  /**
-   *  Make the CRSPKIMESSAGE response
-   */
+                sk = cx.getDESKeyGenerator().generate();
 
+                skinternal = cx.getInternalToken().getKeyGenerator(kga).clone(sk);
 
-  private void processCertRep(CryptoContext cx,
-                              X509CertImpl issuedCert,
-                              CRSPKIMessage crsResp,
-                              CRSPKIMessage crsReq) 
-    throws CRSFailureException {
-      byte[] msgdigest = null;
-      byte[] encryptedDesKey = null;
-        
-      try {
-          if (issuedCert != null) {
-                
-              SymmetricKey sk;
-              SymmetricKey skinternal;
-
-              KeyGenAlgorithm kga = KeyGenAlgorithm.DES;
-              EncryptionAlgorithm ea = EncryptionAlgorithm.DES_CBC;
-              if (mEncryptionAlgorithm != null && mEncryptionAlgorithm.equals("DES3")) {
-                  kga = KeyGenAlgorithm.DES3;
-                  ea = EncryptionAlgorithm.DES3_CBC;
-              }
-
-              // 1. Make the Degenerated PKCS7 with the recipient's certificate in it
-                
-              byte toBeEncrypted[] =
-                crsResp.makeSignedRep(1,  // version
-                                      issuedCert.getEncoded()
-                                      );
-                
-              // 2. Encrypt the above byte array with a new random DES key
-                
-              sk = cx.getDESKeyGenerator().generate();
-                
-              skinternal = cx.getInternalToken().getKeyGenerator(kga).clone(sk);
-                
-              byte[] padded = Cipher.pad(toBeEncrypted, ea.getBlockSize());
-
-
-              // This should be changed to generate proper DES IV.
-
-              Cipher cipher = cx.getInternalToken().getCipherContext(ea);
-              IVParameterSpec desIV =
-                new IVParameterSpec(new byte[]{
-                    (byte)0xff, (byte)0x00,
-                      (byte)0xff, (byte)0x00,
-                      (byte)0xff, (byte)0x00,
-                      (byte)0xff, (byte)0x00 } );
-                
-              cipher.initEncrypt(sk,desIV);
-              byte[] encryptedData = cipher.doFinal(padded);
-                
-              crsResp.makeEncryptedContentInfo(desIV.getIV(),encryptedData, mEncryptionAlgorithm);
-                
-              // 3. Extract the recipient's public key
-                
-              PublicKey rcpPK = crsReq.getSignerPublicKey();
-                
-                
-              // 4. Encrypt the DES key with the public key
-                
-              // we have to move the key onto the interal token.
-              //skinternal = cx.getInternalKeyStorageToken().cloneKey(sk);
-              skinternal = cx.getInternalToken().cloneKey(sk);
-                
-              KeyWrapper kw = cx.getInternalKeyWrapper();
-              kw.initWrap(rcpPK, null);
-              encryptedDesKey = kw.wrap(skinternal);
-                
-              crsResp.setRcpIssuerAndSerialNumber(crsReq.getSgnIssuerAndSerialNumber());
-              crsResp.makeRecipientInfo(0, encryptedDesKey );
-                
-          }
-
-                
-          byte[] ed = crsResp.makeEnvelopedData(0);
-
-          // 7. Make Digest of SignedData Content 
-          MessageDigest md = MessageDigest.getInstance(mHashAlgorithm);
-          msgdigest = md.digest(ed);
-
-          crsResp.setMsgDigest(msgdigest);
-                
-      }
-        
-      catch (Exception e) {
-          throw new CRSFailureException("Failed to create inner response to CEP message: "+e.getMessage());
-      }
-        
-                        
-      // 5. Make a RecipientInfo
-        
-      // The issuer name & serial number here, should be that of
-      // the EE's self-signed Certificate
-      // [I can get it from the req blob, but later, I should
-      //  store the recipient's self-signed certificate with the request
-      //  so I can get at it later. I need to do this to support
-      //  'PENDING']
-        
-        
-      try {
-            
-          // 8. Make Authenticated Attributes
-          // we can just pull the transaction ID out of the request.
-          // Later, we will have to put it out of the Request queue,
-          // so we can support PENDING
-          crsResp.setTransactionID(crsReq.getTransactionID());
-          // recipientNonce and SenderNonce have already been set
-            
-          crsResp.makeAuthenticatedAttributes();
-          //      crsResp.makeAuthenticatedAttributes_old();                  
-            
-
-
-          // now package up the rest of the SignerInfo
-          {
-              byte[] signingcertbytes = cx.getSigningCert().getEncoded();
-                
-
-              Certificate.Template sgncert_t = new Certificate.Template();
-              Certificate sgncert =
-                (Certificate) sgncert_t.decode(new ByteArrayInputStream(signingcertbytes));
-                
-              IssuerAndSerialNumber sgniasn =
-                new IssuerAndSerialNumber(sgncert.getInfo().getIssuer(),
+                byte[] padded = Cipher.pad(toBeEncrypted, ea.getBlockSize());
+
+                // This should be changed to generate proper DES IV.
+
+                Cipher cipher = cx.getInternalToken().getCipherContext(ea);
+                IVParameterSpec desIV =
+                        new IVParameterSpec(new byte[] {
+                                (byte) 0xff, (byte) 0x00,
+                                (byte) 0xff, (byte) 0x00,
+                                (byte) 0xff, (byte) 0x00,
+                                (byte) 0xff, (byte) 0x00 });
+
+                cipher.initEncrypt(sk, desIV);
+                byte[] encryptedData = cipher.doFinal(padded);
+
+                crsResp.makeEncryptedContentInfo(desIV.getIV(), encryptedData, mEncryptionAlgorithm);
+
+                // 3. Extract the recipient's public key
+
+                PublicKey rcpPK = crsReq.getSignerPublicKey();
+
+                // 4. Encrypt the DES key with the public key
+
+                // we have to move the key onto the interal token.
+                // skinternal = cx.getInternalKeyStorageToken().cloneKey(sk);
+                skinternal = cx.getInternalToken().cloneKey(sk);
+
+                KeyWrapper kw = cx.getInternalKeyWrapper();
+                kw.initWrap(rcpPK, null);
+                encryptedDesKey = kw.wrap(skinternal);
+
+                crsResp.setRcpIssuerAndSerialNumber(crsReq.getSgnIssuerAndSerialNumber());
+                crsResp.makeRecipientInfo(0, encryptedDesKey);
+
+            }
+
+            byte[] ed = crsResp.makeEnvelopedData(0);
+
+            // 7. Make Digest of SignedData Content
+            MessageDigest md = MessageDigest.getInstance(mHashAlgorithm);
+            msgdigest = md.digest(ed);
+
+            crsResp.setMsgDigest(msgdigest);
+
+        }
+
+        catch (Exception e) {
+            throw new CRSFailureException("Failed to create inner response to CEP message: " + e.getMessage());
+        }
+
+        // 5. Make a RecipientInfo
+
+        // The issuer name & serial number here, should be that of
+        // the EE's self-signed Certificate
+        // [I can get it from the req blob, but later, I should
+        // store the recipient's self-signed certificate with the request
+        // so I can get at it later. I need to do this to support
+        // 'PENDING']
+
+        try {
+
+            // 8. Make Authenticated Attributes
+            // we can just pull the transaction ID out of the request.
+            // Later, we will have to put it out of the Request queue,
+            // so we can support PENDING
+            crsResp.setTransactionID(crsReq.getTransactionID());
+            // recipientNonce and SenderNonce have already been set
+
+            crsResp.makeAuthenticatedAttributes();
+            // crsResp.makeAuthenticatedAttributes_old();
+
+            // now package up the rest of the SignerInfo
+            {
+                byte[] signingcertbytes = cx.getSigningCert().getEncoded();
+
+                Certificate.Template sgncert_t = new Certificate.Template();
+                Certificate sgncert =
+                        (Certificate) sgncert_t.decode(new ByteArrayInputStream(signingcertbytes));
+
+                IssuerAndSerialNumber sgniasn =
+                        new IssuerAndSerialNumber(sgncert.getInfo().getIssuer(),
                                           sgncert.getInfo().getSerialNumber());
-                
-              crsResp.setSgnIssuerAndSerialNumber(sgniasn);
-                
-              // 10. Make SignerInfo
-              crsResp.makeSignerInfo(1, cx.getPrivateKey(), mHashAlgorithm);
-
-              // 11. Make SignedData
-              crsResp.makeSignedData(1, signingcertbytes, mHashAlgorithm);
-
-              crsResp.debug();
-          }
-      }
-      catch (Exception e) {
-          throw new CRSFailureException("Failed to create outer response to CEP request: "+e.getMessage());
-      }
-        
-        
-      // if debugging, dump out the response into a file
-        
-  }
-
-
-
-  class CryptoContext {
-    private CryptoManager cm;
-    private CryptoToken internalToken;
-    private CryptoToken keyStorageToken;
-    private CryptoToken internalKeyStorageToken;
-    private KeyGenerator DESkg;
-	private Enumeration<?> externalTokens = null;
-    private org.mozilla.jss.crypto.X509Certificate signingCert;
-    private org.mozilla.jss.crypto.PrivateKey signingCertPrivKey;
-	private int signingCertKeySize = 0;
-
-
-    class CryptoContextException extends Exception {
-      /**
+
+                crsResp.setSgnIssuerAndSerialNumber(sgniasn);
+
+                // 10. Make SignerInfo
+                crsResp.makeSignerInfo(1, cx.getPrivateKey(), mHashAlgorithm);
+
+                // 11. Make SignedData
+                crsResp.makeSignedData(1, signingcertbytes, mHashAlgorithm);
+
+                crsResp.debug();
+            }
+        } catch (Exception e) {
+            throw new CRSFailureException("Failed to create outer response to CEP request: " + e.getMessage());
+        }
+
+        // if debugging, dump out the response into a file
+
+    }
+
+    class CryptoContext {
+        private CryptoManager cm;
+        private CryptoToken internalToken;
+        private CryptoToken keyStorageToken;
+        private CryptoToken internalKeyStorageToken;
+        private KeyGenerator DESkg;
+        private Enumeration<?> externalTokens = null;
+        private org.mozilla.jss.crypto.X509Certificate signingCert;
+        private org.mozilla.jss.crypto.PrivateKey signingCertPrivKey;
+        private int signingCertKeySize = 0;
+
+        class CryptoContextException extends Exception {
+            /**
          *
          */
-        private static final long serialVersionUID = -1124116326126256475L;
-    public CryptoContextException() { super(); }
-      public CryptoContextException(String s) { super(s); }
-    }
+            private static final long serialVersionUID = -1124116326126256475L;
 
-    public CryptoContext()
-      throws CryptoContextException
-      {
-          try {
-              KeyGenAlgorithm kga = KeyGenAlgorithm.DES;
-              if (mEncryptionAlgorithm != null && mEncryptionAlgorithm.equals("DES3")) {
-                  kga = KeyGenAlgorithm.DES3;
-              }
-              cm = CryptoManager.getInstance();
-              internalToken = cm.getInternalCryptoToken();
-              DESkg = internalToken.getKeyGenerator(kga);
-              if (mTokenName.equalsIgnoreCase(Constants.PR_INTERNAL_TOKEN) ||
-                  mTokenName.equalsIgnoreCase("Internal Key Storage Token") ||
-                  mTokenName.length() == 0) {
-                  keyStorageToken = cm.getInternalKeyStorageToken();
-                  internalKeyStorageToken = keyStorageToken;
-                  CMS.debug("CRSEnrollment: CryptoContext: internal token name: '"+mTokenName+"'");
-              } else {
-                  keyStorageToken = cm.getTokenByName(mTokenName);
-                  internalKeyStorageToken = null;
-              }
-              if (!mUseCA && internalKeyStorageToken == null) {
-                  PasswordCallback cb = CMS.getPasswordCallback(); 
-                  keyStorageToken.login(cb); // ONE_TIME by default.
-              }
-              signingCert = cm.findCertByNickname(mNickname);
-              signingCertPrivKey = cm.findPrivKeyByCert(signingCert);
-			  byte[] encPubKeyInfo = signingCert.getPublicKey().getEncoded();
-			  SEQUENCE.Template outer = SEQUENCE.getTemplate();
-			  outer.addElement( ANY.getTemplate() ); // algid
-			  outer.addElement( BIT_STRING.getTemplate() );
-			  SEQUENCE outerSeq = (SEQUENCE) ASN1Util.decode(outer, encPubKeyInfo);
-			  BIT_STRING bs = (BIT_STRING) outerSeq.elementAt(1);
-			  byte[] encPubKey = bs.getBits();
-			  if( bs.getPadCount() != 0) {
-			  	  throw new CryptoContextException("Internal error: Invalid Public key. Not an integral number of bytes.");
-			  }
-			  SEQUENCE.Template inner = new SEQUENCE.Template();
-			  inner.addElement( INTEGER.getTemplate());
-			  inner.addElement( INTEGER.getTemplate());
-			  SEQUENCE pubKeySeq = (SEQUENCE) ASN1Util.decode(inner, encPubKey);
-			  INTEGER modulus = (INTEGER) pubKeySeq.elementAt(0);
-			  signingCertKeySize = modulus.bitLength();
-			  
-			  try {
-              FileOutputStream fos = new FileOutputStream("pubkey.der");
-              fos.write(signingCert.getPublicKey().getEncoded());
-              fos.close();
-			  } catch (Exception e) {}
-
-          }
-		  catch (InvalidBERException e) {
-		  	  throw new CryptoContextException("Internal Error: Bad internal Certificate Representation. Not a valid RSA-signed certificate");
-			  }
-          catch (CryptoManager.NotInitializedException e) {
-              throw new CryptoContextException("Crypto Manager not initialized");
-          }
-          catch (NoSuchAlgorithmException e) {
-              throw new CryptoContextException("Cannot create DES key generator");
-          }
-          catch (ObjectNotFoundException e) {
-              throw new CryptoContextException("Certificate not found: "+ca.getNickname());
-          }
-          catch (TokenException e) {
-              throw new CryptoContextException("Problem with Crypto Token: "+e.getMessage());
-          }
-          catch (NoSuchTokenException e) {
-              throw new CryptoContextException("Crypto Token not found: "+e.getMessage());
-          }
-          catch (IncorrectPasswordException e) {
-              throw new CryptoContextException("Incorrect Password.");
-          }
-      }
-
-
-    public KeyGenerator getDESKeyGenerator() {
-        return DESkg;
-    }
+            public CryptoContextException() {
+                super();
+            }
 
-    public CryptoToken getInternalToken() {
-        return internalToken;
-    }
+            public CryptoContextException(String s) {
+                super(s);
+            }
+        }
 
-    public void setExternalTokens( Enumeration<?> tokens ) {
-        externalTokens = tokens;
-    }
+        public CryptoContext()
+                throws CryptoContextException {
+            try {
+                KeyGenAlgorithm kga = KeyGenAlgorithm.DES;
+                if (mEncryptionAlgorithm != null && mEncryptionAlgorithm.equals("DES3")) {
+                    kga = KeyGenAlgorithm.DES3;
+                }
+                cm = CryptoManager.getInstance();
+                internalToken = cm.getInternalCryptoToken();
+                DESkg = internalToken.getKeyGenerator(kga);
+                if (mTokenName.equalsIgnoreCase(Constants.PR_INTERNAL_TOKEN) ||
+                        mTokenName.equalsIgnoreCase("Internal Key Storage Token") ||
+                        mTokenName.length() == 0) {
+                    keyStorageToken = cm.getInternalKeyStorageToken();
+                    internalKeyStorageToken = keyStorageToken;
+                    CMS.debug("CRSEnrollment: CryptoContext: internal token name: '" + mTokenName + "'");
+                } else {
+                    keyStorageToken = cm.getTokenByName(mTokenName);
+                    internalKeyStorageToken = null;
+                }
+                if (!mUseCA && internalKeyStorageToken == null) {
+                    PasswordCallback cb = CMS.getPasswordCallback();
+                    keyStorageToken.login(cb); // ONE_TIME by default.
+                }
+                signingCert = cm.findCertByNickname(mNickname);
+                signingCertPrivKey = cm.findPrivKeyByCert(signingCert);
+                byte[] encPubKeyInfo = signingCert.getPublicKey().getEncoded();
+                SEQUENCE.Template outer = SEQUENCE.getTemplate();
+                outer.addElement(ANY.getTemplate()); // algid
+                outer.addElement(BIT_STRING.getTemplate());
+                SEQUENCE outerSeq = (SEQUENCE) ASN1Util.decode(outer, encPubKeyInfo);
+                BIT_STRING bs = (BIT_STRING) outerSeq.elementAt(1);
+                byte[] encPubKey = bs.getBits();
+                if (bs.getPadCount() != 0) {
+                    throw new CryptoContextException("Internal error: Invalid Public key. Not an integral number of bytes.");
+                }
+                SEQUENCE.Template inner = new SEQUENCE.Template();
+                inner.addElement(INTEGER.getTemplate());
+                inner.addElement(INTEGER.getTemplate());
+                SEQUENCE pubKeySeq = (SEQUENCE) ASN1Util.decode(inner, encPubKey);
+                INTEGER modulus = (INTEGER) pubKeySeq.elementAt(0);
+                signingCertKeySize = modulus.bitLength();
 
-    public Enumeration<?> getExternalTokens() {
-        return externalTokens;
-    }
+                try {
+                    FileOutputStream fos = new FileOutputStream("pubkey.der");
+                    fos.write(signingCert.getPublicKey().getEncoded());
+                    fos.close();
+                } catch (Exception e) {
+                }
 
-    public CryptoToken getInternalKeyStorageToken() {
-        return internalKeyStorageToken;
-    }
+            } catch (InvalidBERException e) {
+                throw new CryptoContextException("Internal Error: Bad internal Certificate Representation. Not a valid RSA-signed certificate");
+            } catch (CryptoManager.NotInitializedException e) {
+                throw new CryptoContextException("Crypto Manager not initialized");
+            } catch (NoSuchAlgorithmException e) {
+                throw new CryptoContextException("Cannot create DES key generator");
+            } catch (ObjectNotFoundException e) {
+                throw new CryptoContextException("Certificate not found: " + ca.getNickname());
+            } catch (TokenException e) {
+                throw new CryptoContextException("Problem with Crypto Token: " + e.getMessage());
+            } catch (NoSuchTokenException e) {
+                throw new CryptoContextException("Crypto Token not found: " + e.getMessage());
+            } catch (IncorrectPasswordException e) {
+                throw new CryptoContextException("Incorrect Password.");
+            }
+        }
 
-    public CryptoToken getKeyStorageToken() {
-        return keyStorageToken;
-    }
+        public KeyGenerator getDESKeyGenerator() {
+            return DESkg;
+        }
 
-    public CryptoManager getCryptoManager() {
-        return cm;
-    }
+        public CryptoToken getInternalToken() {
+            return internalToken;
+        }
 
-    public KeyWrapper getKeyWrapper() 
-      throws CryptoContextException {
-        try {
-            return signingCertPrivKey.getOwningToken().getKeyWrapper(KeyWrapAlgorithm.RSA);
+        public void setExternalTokens(Enumeration<?> tokens) {
+            externalTokens = tokens;
         }
-        catch (TokenException e) {
-            throw new CryptoContextException("Problem with Crypto Token: "+e.getMessage());
+
+        public Enumeration<?> getExternalTokens() {
+            return externalTokens;
         }
-        catch (NoSuchAlgorithmException e) {
-            throw new CryptoContextException(e.getMessage());
+
+        public CryptoToken getInternalKeyStorageToken() {
+            return internalKeyStorageToken;
         }
-    }
 
-    public KeyWrapper getInternalKeyWrapper() 
-      throws CryptoContextException {
-        try {
-            return getInternalToken().getKeyWrapper(KeyWrapAlgorithm.RSA);
+        public CryptoToken getKeyStorageToken() {
+            return keyStorageToken;
         }
-        catch (TokenException e) {
-            throw new CryptoContextException("Problem with Crypto Token: "+e.getMessage());
+
+        public CryptoManager getCryptoManager() {
+            return cm;
         }
-        catch (NoSuchAlgorithmException e) {
-            throw new CryptoContextException(e.getMessage());
+
+        public KeyWrapper getKeyWrapper()
+                throws CryptoContextException {
+            try {
+                return signingCertPrivKey.getOwningToken().getKeyWrapper(KeyWrapAlgorithm.RSA);
+            } catch (TokenException e) {
+                throw new CryptoContextException("Problem with Crypto Token: " + e.getMessage());
+            } catch (NoSuchAlgorithmException e) {
+                throw new CryptoContextException(e.getMessage());
+            }
         }
-    }
 
-    public org.mozilla.jss.crypto.PrivateKey getPrivateKey() {
-        return signingCertPrivKey;
-    }
+        public KeyWrapper getInternalKeyWrapper()
+                throws CryptoContextException {
+            try {
+                return getInternalToken().getKeyWrapper(KeyWrapAlgorithm.RSA);
+            } catch (TokenException e) {
+                throw new CryptoContextException("Problem with Crypto Token: " + e.getMessage());
+            } catch (NoSuchAlgorithmException e) {
+                throw new CryptoContextException(e.getMessage());
+            }
+        }
 
-    public org.mozilla.jss.crypto.X509Certificate getSigningCert() {
-        return signingCert;
-    }
-        
-  }
+        public org.mozilla.jss.crypto.PrivateKey getPrivateKey() {
+            return signingCertPrivKey;
+        }
 
+        public org.mozilla.jss.crypto.X509Certificate getSigningCert() {
+            return signingCert;
+        }
 
-  /* General failure. The request/response cannot be processed. */
+    }
 
+    /* General failure. The request/response cannot be processed. */
 
-  class CRSFailureException extends Exception {
-    /**
+    class CRSFailureException extends Exception {
+        /**
      *
      */
-    private static final long serialVersionUID = 1962741611501549051L;
-    public CRSFailureException() { super(); }
-    public CRSFailureException(String s) { super(s); }
-  }
+        private static final long serialVersionUID = 1962741611501549051L;
 
-  class CRSInvalidSignatureException extends Exception {
-    /**
+        public CRSFailureException() {
+            super();
+        }
+
+        public CRSFailureException(String s) {
+            super(s);
+        }
+    }
+
+    class CRSInvalidSignatureException extends Exception {
+        /**
      *
      */
-    private static final long serialVersionUID = 9096408193567657944L;
-    public CRSInvalidSignatureException() { super(); }
-    public CRSInvalidSignatureException(String s) { super(s); }
-  }
+        private static final long serialVersionUID = 9096408193567657944L;
+
+        public CRSInvalidSignatureException() {
+            super();
+        }
 
-    
+        public CRSInvalidSignatureException(String s) {
+            super(s);
+        }
+    }
 
-  class CRSPolicyException extends Exception {
-      /**
+    class CRSPolicyException extends Exception {
+        /**
      *
      */
-    private static final long serialVersionUID = 5846593800658787396L;
-    public CRSPolicyException() { super(); }
-      public CRSPolicyException(String s) { super(s); }
-  }
+        private static final long serialVersionUID = 5846593800658787396L;
 
-}
+        public CRSPolicyException() {
+            super();
+        }
 
+        public CRSPolicyException(String s) {
+            super(s);
+        }
+    }
+
+}
diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/scep/ChallengePassword.java b/pki/base/common/src/com/netscape/cms/servlet/cert/scep/ChallengePassword.java
index 49a591f0..79110442 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/cert/scep/ChallengePassword.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/cert/scep/ChallengePassword.java
@@ -29,115 +29,113 @@ import netscape.security.util.DerValue;
 import netscape.security.x509.CertAttrSet;
 
 /**
- * Class for handling the decoding of a SCEP Challenge Password
- * object. Currently this class cannot be used for encoding
- * thus some fo the methods are unimplemented
+ * Class for handling the decoding of a SCEP Challenge Password object.
+ * Currently this class cannot be used for encoding thus some fo the methods are
+ * unimplemented
  */
 public class ChallengePassword implements CertAttrSet {
 
-  public static final String NAME = "ChallengePassword";
-  public static final String PASSWORD = "password";
-
-  private String cpw;
-
-
-  /**
-   * Get the password marshalled in this object
-   * @return the challenge password
-   */
-  public String toString() {
-    return cpw;
-  }
-
-  /**
-   * Create a ChallengePassword object
-   * @param stuff (must be of type byte[]) a DER-encoded by array following
-   *   The ASN.1 template for ChallenegePassword specified in the SCEP
-   *    documentation 
-   * @throws IOException if the DER encoded byt array was malformed, or if it
-   *     did not match the template
-   */
-   
-  public ChallengePassword(Object stuff) 
-  throws IOException {
-
-      ByteArrayInputStream is = new ByteArrayInputStream((byte[])stuff);
-      try {
-          decode(is);
-      } catch (Exception e) {
-          throw new IOException(e.getMessage());
-      }
-      
-  }
-
-  /**
-   * Currently Unimplemented 
-   */
-  public void encode(OutputStream out) 
-    throws CertificateException, IOException
-    { }
-
-  public void decode(InputStream in) 
-    throws CertificateException, IOException
-    { 
+    public static final String NAME = "ChallengePassword";
+    public static final String PASSWORD = "password";
+
+    private String cpw;
+
+    /**
+     * Get the password marshalled in this object
+     * 
+     * @return the challenge password
+     */
+    public String toString() {
+        return cpw;
+    }
+
+    /**
+     * Create a ChallengePassword object
+     * 
+     * @param stuff (must be of type byte[]) a DER-encoded by array following
+     *            The ASN.1 template for ChallenegePassword specified in the
+     *            SCEP documentation
+     * @throws IOException if the DER encoded byt array was malformed, or if it
+     *             did not match the template
+     */
+
+    public ChallengePassword(Object stuff)
+            throws IOException {
+
+        ByteArrayInputStream is = new ByteArrayInputStream((byte[]) stuff);
+        try {
+            decode(is);
+        } catch (Exception e) {
+            throw new IOException(e.getMessage());
+        }
+
+    }
+
+    /**
+     * Currently Unimplemented
+     */
+    public void encode(OutputStream out)
+            throws CertificateException, IOException {
+    }
+
+    public void decode(InputStream in)
+            throws CertificateException, IOException {
         DerValue derVal = new DerValue(in);
 
         construct(derVal);
-        
+
+    }
+
+    private void construct(DerValue derVal) throws IOException {
+        try {
+            cpw = derVal.getPrintableString();
+        } catch (NullPointerException e) {
+            cpw = "";
+        }
+    }
+
+    /**
+     * Currently Unimplemented
+     */
+    public void set(String name, Object obj)
+            throws CertificateException, IOException {
     }
 
-  private void construct(DerValue derVal) throws IOException {
-	  try {
-      	cpw = derVal.getPrintableString();
-		}
-	  catch (NullPointerException e) {
-	  	cpw = "";
-		}
-  }
-
-  
-  /**
-   * Currently Unimplemented 
-   */
-  public void set(String name, Object obj)
-    throws CertificateException, IOException
-    { }
-
-  /**
-   * Get an attribute of this object. 
-   * @param name the name of the attribute of this object to get. The only 
-   * supported attribute is "password"
-   */
-  public Object get(String name) 
-    throws CertificateException, IOException 
-    { 
+    /**
+     * Get an attribute of this object.
+     * 
+     * @param name the name of the attribute of this object to get. The only
+     *            supported attribute is "password"
+     */
+    public Object get(String name)
+            throws CertificateException, IOException {
         if (name.equalsIgnoreCase(PASSWORD)) {
             return cpw;
-        }
-        else {
-            throw new IOException("Attribute name not recognized by "+
+        } else {
+            throw new IOException("Attribute name not recognized by " +
                                   "CertAttrSet: ChallengePassword");
         }
     }
-  
-  /**
-   * Currently Unimplemented
-   */
-  public void  delete(String name) 
-    throws CertificateException, IOException 
-    { }
-
-  /**
-   * @return an empty set of elements
-   */
-  public Enumeration<String> getAttributeNames()
-    { return (new Vector<String>()).elements();}
-
-  /**
-   * @return the String "ChallengePassword"
-   */
-  public String getName()
-    { return NAME;}
-
-   
+
+    /**
+     * Currently Unimplemented
+     */
+    public void delete(String name)
+            throws CertificateException, IOException {
+    }
+
+    /**
+     * @return an empty set of elements
+     */
+    public Enumeration<String> getAttributeNames() {
+        return (new Vector<String>()).elements();
+    }
+
+    /**
+     * @return the String "ChallengePassword"
+     */
+    public String getName() {
+        return NAME;
+    }
+
 }
diff --git a/pki/base/common/src/com/netscape/cms/servlet/cert/scep/ExtensionsRequested.java b/pki/base/common/src/com/netscape/cms/servlet/cert/scep/ExtensionsRequested.java
index 6f689b34..eb1433aa 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/cert/scep/ExtensionsRequested.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/cert/scep/ExtensionsRequested.java
@@ -30,51 +30,46 @@ import netscape.security.util.DerValue;
 import netscape.security.x509.CertAttrSet;
 import netscape.security.x509.Extension;
 
-
 public class ExtensionsRequested implements CertAttrSet {
 
+    public static final String NAME = "EXTENSIONS_REQUESTED";
 
-    public static final String  NAME = "EXTENSIONS_REQUESTED";
-    
     public static final String KUE_DIGITAL_SIGNATURE = "kue_digital_signature";
-    public static final String KUE_KEY_ENCIPHERMENT  = "kue_key_encipherment";
+    public static final String KUE_KEY_ENCIPHERMENT = "kue_key_encipherment";
 
     private String kue_digital_signature = "false";
-    private String kue_key_encipherment  = "false";
-    
+    private String kue_key_encipherment = "false";
+
     private Vector<Extension> exts = new Vector<Extension>();
 
     public ExtensionsRequested(Object stuff) throws IOException {
         ByteArrayInputStream is = new ByteArrayInputStream((byte[]) stuff);
-        
+
         try {
             decode(is);
-        }
-        catch (Exception e) {
+        } catch (Exception e) {
             e.printStackTrace();
             throw new IOException(e.getMessage());
         }
     }
-    
-    public void encode(OutputStream out) 
-        throws CertificateException, IOException
-    { }
-    
-    public void decode(InputStream in) 
-        throws CertificateException, IOException
-    { 
+
+    public void encode(OutputStream out)
+            throws CertificateException, IOException {
+    }
+
+    public void decode(InputStream in)
+            throws CertificateException, IOException {
         DerValue derVal = new DerValue(in);
-        
+
         construct(derVal);
     }
-    
+
     public void set(String name, Object obj)
-        throws CertificateException, IOException
-    { }
-    
-    public Object get(String name) 
-        throws CertificateException, IOException 
-    { 
+            throws CertificateException, IOException {
+    }
+
+    public Object get(String name)
+            throws CertificateException, IOException {
         if (name.equalsIgnoreCase(KUE_DIGITAL_SIGNATURE)) {
             return kue_digital_signature;
         }
@@ -84,107 +79,83 @@ public class ExtensionsRequested implements CertAttrSet {
 
         throw new IOException("Unsupported attribute queried");
     }
-    
-    public void  delete(String name) 
-        throws CertificateException, IOException 
-    { 
+
+    public void delete(String name)
+            throws CertificateException, IOException {
+    }
+
+    public Enumeration<String> getAttributeNames() {
+        return (new Vector<String>()).elements();
+    }
+
+    public String getName() {
+        return NAME;
     }
 
-    public Enumeration<String> getAttributeNames()
-    { return (new Vector<String>()).elements();}
-    
-    public String getName()
-    { return NAME;}
-    
-
-
-/**
-   construct - expects this in the inputstream (from the router):
-
- 211 30   31:       SEQUENCE {
- 213 06   10:         OBJECT IDENTIFIER '2 16 840 1 113733 1 9 8'
- 225 31   17:         SET {
- 227 04   15:           OCTET STRING, encapsulates {
- 229 30   13:               SEQUENCE {
- 231 30   11:                 SEQUENCE {
- 233 06    3:                   OBJECT IDENTIFIER keyUsage (2 5 29 15)
- 238 04    4:                   OCTET STRING
-            :                   03 02 05 A0
-            :                   }
-            :                 }
-            :               }
-
-  or this (from IRE client):
-
- 262 30   51:       SEQUENCE {
- 264 06    9:         OBJECT IDENTIFIER extensionReq (1 2 840 113549 1 9 14)
- 275 31   38:         SET {
- 277 30   36:           SEQUENCE {
- 279 30   34:             SEQUENCE {
- 281 06    3:               OBJECT IDENTIFIER subjectAltName (2 5 29 17)
- 286 04   27:               OCTET STRING
-            :                 30 19 87 04 D0 0C 3E 6F 81 03 61 61 61 82 0C 61
-            :                 61 61 2E 6D 63 6F 6D 2E 63 6F 6D
-            :               }
-            :             }
-            :           }
-			:         }
-
-
- */
+    /**
+     * construct - expects this in the inputstream (from the router):
+     * 
+     * 211 30 31: SEQUENCE { 213 06 10: OBJECT IDENTIFIER '2 16 840 1 113733 1 9
+     * 8' 225 31 17: SET { 227 04 15: OCTET STRING, encapsulates { 229 30 13:
+     * SEQUENCE { 231 30 11: SEQUENCE { 233 06 3: OBJECT IDENTIFIER keyUsage (2
+     * 5 29 15) 238 04 4: OCTET STRING : 03 02 05 A0 : } : } : }
+     * 
+     * or this (from IRE client):
+     * 
+     * 262 30 51: SEQUENCE { 264 06 9: OBJECT IDENTIFIER extensionReq (1 2 840
+     * 113549 1 9 14) 275 31 38: SET { 277 30 36: SEQUENCE { 279 30 34: SEQUENCE
+     * { 281 06 3: OBJECT IDENTIFIER subjectAltName (2 5 29 17) 286 04 27: OCTET
+     * STRING : 30 19 87 04 D0 0C 3E 6F 81 03 61 61 61 82 0C 61 : 61 61 2E 6D 63
+     * 6F 6D 2E 63 6F 6D : } : } : } : }
+     */
     private void construct(DerValue dv) throws IOException {
 
-		DerInputStream stream = null;
-		DerValue[] dvs;
+        DerInputStream stream = null;
+        DerValue[] dvs;
 
-       	try {      // try decoding as sequence first
+        try { // try decoding as sequence first
 
-			stream = dv.toDerInputStream();
+            stream = dv.toDerInputStream();
 
-			DerValue stream_dv = stream.getDerValue();
-			stream.reset();
-	
+            DerValue stream_dv = stream.getDerValue();
+            stream.reset();
 
-           	dvs = stream.getSequence(2);
-       	}
-		catch (IOException ioe) {
-				// if it failed, the outer sequence may be
-				// encapsulated in an octet string, as in the first
-				// example above
+            dvs = stream.getSequence(2);
+        } catch (IOException ioe) {
+            // if it failed, the outer sequence may be
+            // encapsulated in an octet string, as in the first
+            // example above
 
-      		byte[]  octet_string = dv.getOctetString();
+            byte[] octet_string = dv.getOctetString();
 
-   		     	// Make a new input stream from the byte array,
-				// and re-parse it as a sequence.
+            // Make a new input stream from the byte array,
+            // and re-parse it as a sequence.
 
-   	 		dv = new DerValue(octet_string);
+            dv = new DerValue(octet_string);
 
-           	stream = dv.toDerInputStream();
-           	dvs = stream.getSequence(2);
-		}
+            stream = dv.toDerInputStream();
+            dvs = stream.getSequence(2);
+        }
 
-		// now, the stream will be in the correct format
-		stream.reset();
+        // now, the stream will be in the correct format
+        stream.reset();
 
-		while (true) {
-			DerValue ext_dv=null;
-			try {
-				ext_dv = stream.getDerValue();
-			}
-			catch (IOException ex) {
-				break;
-			}
+        while (true) {
+            DerValue ext_dv = null;
+            try {
+                ext_dv = stream.getDerValue();
+            } catch (IOException ex) {
+                break;
+            }
 
-			Extension ext = new Extension(ext_dv);
-			exts.addElement(ext);
-		}
+            Extension ext = new Extension(ext_dv);
+            exts.addElement(ext);
+        }
 
     }
 
-	public Vector<Extension> getExtensions() {
-		return exts;
-	}
+    public Vector<Extension> getExtensions() {
+        return exts;
+    }
 
 }
-
-
diff --git a/pki/base/common/src/com/netscape/cms/servlet/common/AuthCredentials.java b/pki/base/common/src/com/netscape/cms/servlet/common/AuthCredentials.java
index 759238d9..3d0f788e 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/common/AuthCredentials.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/common/AuthCredentials.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.servlet.common;
 
-
 import java.util.Enumeration;
 import java.util.Hashtable;
 
@@ -25,11 +24,10 @@ import com.netscape.certsrv.authentication.IAuthCredentials;
 import com.netscape.certsrv.base.EBaseException;
 import com.netscape.certsrv.base.IArgBlock;
 
-
 /**
  * Authentication Credentials as input to the authMgr
  * <P>
- *
+ * 
  * @version $Revision$, $Date$
  */
 public class AuthCredentials implements IAuthCredentials {
@@ -38,21 +36,23 @@ public class AuthCredentials implements IAuthCredentials {
      */
     private static final long serialVersionUID = -5995164231849154265L;
     private Hashtable authCreds = null;
-    // Inserted by bskim 
+    // Inserted by bskim
     private IArgBlock argblk = null;
+
     // Insert end
-    
+
     public AuthCredentials() {
         authCreds = new Hashtable();
     }
 
     /**
      * sets a credential with credential name and the credential
+     * 
      * @param name credential name
      * @param cred credential
      * @exception com.netscape.certsrv.base.EBaseException NullPointerException
      */
-    public void set(String name, Object cred)throws EBaseException {
+    public void set(String name, Object cred) throws EBaseException {
         if (cred == null) {
             throw new EBaseException("AuthCredentials.set()");
         }
@@ -62,7 +62,8 @@ public class AuthCredentials implements IAuthCredentials {
 
     /**
      * returns the credential to which the specified name is mapped in this
-     *	 credential set
+     * credential set
+     * 
      * @param name credential name
      * @return the named authentication credential
      */
@@ -71,9 +72,10 @@ public class AuthCredentials implements IAuthCredentials {
     }
 
     /**
-     * removes the name and its corresponding credential from this
-     *	 credential set.  This method does nothing if the named
-     *	 credential is not in the credential set.
+     * removes the name and its corresponding credential from this credential
+     * set. This method does nothing if the named credential is not in the
+     * credential set.
+     * 
      * @param name credential name
      */
     public void delete(String name) {
@@ -81,27 +83,27 @@ public class AuthCredentials implements IAuthCredentials {
     }
 
     /**
-     * returns an enumeration of the credentials in this credential
-     *	 set.  Use the Enumeration methods on the returned object to
-     *	 fetch the elements sequentially.
+     * returns an enumeration of the credentials in this credential set. Use the
+     * Enumeration methods on the returned object to fetch the elements
+     * sequentially.
+     * 
      * @return an enumeration of the values in this credential set
      * @see java.util.Enumeration
      */
     public Enumeration getElements() {
         return (authCreds.elements());
     }
-    
+
     // Inserted by bskim
     public void setArgBlock(IArgBlock blk) {
         argblk = blk;
         return;
-    }        
+    }
 
     // Insert end
-    
+
     public IArgBlock getArgBlock() {
         return argblk;
-    }        
+    }
     // Insert end
 }
-
diff --git a/pki/base/common/src/com/netscape/cms/servlet/common/CMCOutputTemplate.java b/pki/base/common/src/com/netscape/cms/servlet/common/CMCOutputTemplate.java
index 3fac4a63..9fbb04e0 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/common/CMCOutputTemplate.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/common/CMCOutputTemplate.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.servlet.common;
 
-
 import java.io.ByteArrayInputStream;
 import java.io.ByteArrayOutputStream;
 import java.io.IOException;
@@ -94,33 +93,33 @@ import com.netscape.certsrv.request.RequestStatus;
 
 /**
  * Utility CMCOutputTemplate
- *
+ * 
  * @version $ $, $Date$
  */
 public class CMCOutputTemplate {
     public CMCOutputTemplate() {
     }
 
-    public void createFullResponseWithFailedStatus(HttpServletResponse resp, 
-      SEQUENCE bpids, int code, UTF8String s) {
+    public void createFullResponseWithFailedStatus(HttpServletResponse resp,
+            SEQUENCE bpids, int code, UTF8String s) {
         SEQUENCE controlSeq = new SEQUENCE();
         SEQUENCE cmsSeq = new SEQUENCE();
         SEQUENCE otherMsgSeq = new SEQUENCE();
 
         int bpid = 1;
-        OtherInfo otherInfo = new OtherInfo(OtherInfo.FAIL, 
-          new INTEGER(code), null);
+        OtherInfo otherInfo = new OtherInfo(OtherInfo.FAIL,
+                new INTEGER(code), null);
         CMCStatusInfo cmcStatusInfo = new CMCStatusInfo(
-          new INTEGER(CMCStatusInfo.FAILED),
-          bpids, s, otherInfo);
+                new INTEGER(CMCStatusInfo.FAILED),
+                bpids, s, otherInfo);
         TaggedAttribute tagattr = new TaggedAttribute(
-          new INTEGER(bpid++),
-          OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo);
+                new INTEGER(bpid++),
+                OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo);
         controlSeq.addElement(tagattr);
 
         try {
             ResponseBody respBody = new ResponseBody(controlSeq,
-              cmsSeq, otherMsgSeq);
+                    cmsSeq, otherMsgSeq);
 
             SET certs = new SET();
             ContentInfo contentInfo = getContentInfo(respBody, certs);
@@ -137,13 +136,13 @@ public class CMCOutputTemplate {
             os.write(contentBytes);
             os.flush();
         } catch (Exception e) {
-            CMS.debug("CMCOutputTemplate createFullResponseWithFailedStatus Exception: "+e.toString());
+            CMS.debug("CMCOutputTemplate createFullResponseWithFailedStatus Exception: " + e.toString());
             return;
         }
     }
 
-    public void createFullResponse(HttpServletResponse resp, IRequest []reqs,
-      String cert_request_type, int[] error_codes) {
+    public void createFullResponse(HttpServletResponse resp, IRequest[] reqs,
+            String cert_request_type, int[] error_codes) {
 
         SEQUENCE controlSeq = new SEQUENCE();
         SEQUENCE cmsSeq = new SEQUENCE();
@@ -157,32 +156,32 @@ public class CMCOutputTemplate {
         SEQUENCE success_bpids = null;
         SEQUENCE failed_bpids = null;
         if (cert_request_type.equals("crmf") ||
-          cert_request_type.equals("pkcs10")) {
+                cert_request_type.equals("pkcs10")) {
             String reqId = reqs[0].getRequestId().toString();
             OtherInfo otherInfo = null;
             if (error_codes[0] == 2) {
                 PendInfo pendInfo = new PendInfo(reqId, new Date());
                 otherInfo = new OtherInfo(OtherInfo.PEND, null,
-                  pendInfo);
+                        pendInfo);
             } else {
-                otherInfo = new OtherInfo(OtherInfo.FAIL, 
-                  new INTEGER(OtherInfo.BAD_REQUEST), null);
+                otherInfo = new OtherInfo(OtherInfo.FAIL,
+                        new INTEGER(OtherInfo.BAD_REQUEST), null);
             }
- 
+
             SEQUENCE bpids = new SEQUENCE();
             bpids.addElement(new INTEGER(1));
             CMCStatusInfo cmcStatusInfo = new CMCStatusInfo(CMCStatusInfo.PENDING,
-              bpids, (String)null, otherInfo);
+                    bpids, (String) null, otherInfo);
             TaggedAttribute tagattr = new TaggedAttribute(
-              new INTEGER(bpid++),
-              OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo);
+                    new INTEGER(bpid++),
+                    OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo);
             controlSeq.addElement(tagattr);
         } else if (cert_request_type.equals("cmc")) {
             pending_bpids = new SEQUENCE();
             success_bpids = new SEQUENCE();
             failed_bpids = new SEQUENCE();
             if (reqs != null) {
-                for (int i=0; i<reqs.length; i++) {
+                for (int i = 0; i < reqs.length; i++) {
                     if (error_codes[i] == 0) {
                         success_bpids.addElement(new INTEGER(
                                 reqs[i].getExtDataInBigInteger("bodyPartId")));
@@ -192,77 +191,77 @@ public class CMCOutputTemplate {
                     } else {
                         failed_bpids.addElement(new INTEGER(
                                 reqs[i].getExtDataInBigInteger("bodyPartId")));
-                    } 
+                    }
                 }
             }
 
             TaggedAttribute tagattr = null;
             CMCStatusInfo cmcStatusInfo = null;
-            SEQUENCE identityBpids = (SEQUENCE)context.get("identityProof");
+            SEQUENCE identityBpids = (SEQUENCE) context.get("identityProof");
             if (identityBpids != null && identityBpids.size() > 0) {
-                OtherInfo otherInfo = new OtherInfo(OtherInfo.FAIL, 
-                  new INTEGER(OtherInfo.BAD_IDENTITY), null);
+                OtherInfo otherInfo = new OtherInfo(OtherInfo.FAIL,
+                        new INTEGER(OtherInfo.BAD_IDENTITY), null);
                 cmcStatusInfo = new CMCStatusInfo(CMCStatusInfo.FAILED,
-                  identityBpids, (String)null, otherInfo);
+                        identityBpids, (String) null, otherInfo);
                 tagattr = new TaggedAttribute(
-                  new INTEGER(bpid++),  
-                  OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo);
+                        new INTEGER(bpid++),
+                        OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo);
                 controlSeq.addElement(tagattr);
             }
 
-            SEQUENCE POPLinkWitnessBpids = (SEQUENCE)context.get("POPLinkWitness");
+            SEQUENCE POPLinkWitnessBpids = (SEQUENCE) context.get("POPLinkWitness");
             if (POPLinkWitnessBpids != null && POPLinkWitnessBpids.size() > 0) {
                 OtherInfo otherInfo = new OtherInfo(OtherInfo.FAIL,
-                  new INTEGER(OtherInfo.BAD_REQUEST), null); 
+                        new INTEGER(OtherInfo.BAD_REQUEST), null);
                 cmcStatusInfo = new CMCStatusInfo(CMCStatusInfo.FAILED,
-                  POPLinkWitnessBpids, (String)null, otherInfo);
+                        POPLinkWitnessBpids, (String) null, otherInfo);
                 tagattr = new TaggedAttribute(
-                  new INTEGER(bpid++),  
-                  OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo);
+                        new INTEGER(bpid++),
+                        OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo);
                 controlSeq.addElement(tagattr);
             }
 
             if (pending_bpids.size() > 0) {
-                cmcStatusInfo = new CMCStatusInfo(CMCStatusInfo.PENDING, 
-                  pending_bpids, (String)null, null);
+                cmcStatusInfo = new CMCStatusInfo(CMCStatusInfo.PENDING,
+                        pending_bpids, (String) null, null);
                 tagattr = new TaggedAttribute(
-                  new INTEGER(bpid++),
-                  OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo);
-                controlSeq.addElement(tagattr); 
-            } 
+                        new INTEGER(bpid++),
+                        OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo);
+                controlSeq.addElement(tagattr);
+            }
 
             if (success_bpids.size() > 0) {
                 boolean confirmRequired = false;
                 try {
-                  confirmRequired = 
-                    CMS.getConfigStore().getBoolean("cmc.cert.confirmRequired", 
-                    false);
-                } catch (Exception e) {        
+                    confirmRequired =
+                            CMS.getConfigStore().getBoolean("cmc.cert.confirmRequired",
+                                    false);
+                } catch (Exception e) {
                 }
                 if (confirmRequired) {
                     CMS.debug("CMCOutputTemplate: confirmRequired in the request");
-                    cmcStatusInfo = 
-                    new CMCStatusInfo(CMCStatusInfo.CONFIRM_REQUIRED, 
-                    success_bpids, (String)null, null);
+                    cmcStatusInfo =
+                            new CMCStatusInfo(CMCStatusInfo.CONFIRM_REQUIRED,
+                                    success_bpids, (String) null, null);
                 } else {
-                    cmcStatusInfo = new CMCStatusInfo(CMCStatusInfo.SUCCESS, 
-                      success_bpids, (String)null, null);
+                    cmcStatusInfo = new CMCStatusInfo(CMCStatusInfo.SUCCESS,
+                            success_bpids, (String) null, null);
                 }
                 tagattr = new TaggedAttribute(
-                  new INTEGER(bpid++),
-                  OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo);
-                controlSeq.addElement(tagattr); 
+                        new INTEGER(bpid++),
+                        OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo);
+                controlSeq.addElement(tagattr);
             }
 
             if (failed_bpids.size() > 0) {
-                OtherInfo otherInfo = new OtherInfo(OtherInfo.FAIL, 
-                  new INTEGER(OtherInfo.BAD_REQUEST), null);
-                cmcStatusInfo = new CMCStatusInfo(CMCStatusInfo.FAILED, 
-                  failed_bpids, (String)null, otherInfo);
+                OtherInfo otherInfo = new OtherInfo(OtherInfo.FAIL,
+                        new INTEGER(OtherInfo.BAD_REQUEST), null);
+                cmcStatusInfo = new CMCStatusInfo(CMCStatusInfo.FAILED,
+                        failed_bpids, (String) null, otherInfo);
                 tagattr = new TaggedAttribute(
-                  new INTEGER(bpid++),
-                  OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo);
-                controlSeq.addElement(tagattr); 
+                        new INTEGER(bpid++),
+                        OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo);
+                controlSeq.addElement(tagattr);
             }
         }
 
@@ -270,80 +269,80 @@ public class CMCOutputTemplate {
 
         try {
             // deal with controls
-            Integer nums = (Integer)(context.get("numOfControls"));
+            Integer nums = (Integer) (context.get("numOfControls"));
             if (nums != null && nums.intValue() > 0) {
                 TaggedAttribute attr =
-                  (TaggedAttribute)(context.get(OBJECT_IDENTIFIER.id_cmc_getCert));
+                        (TaggedAttribute) (context.get(OBJECT_IDENTIFIER.id_cmc_getCert));
                 if (attr != null) {
                     try {
                         processGetCertControl(attr, certs);
                     } catch (EBaseException ee) {
-                        CMS.debug("CMCOutputTemplate: "+ee.toString());
+                        CMS.debug("CMCOutputTemplate: " + ee.toString());
                         OtherInfo otherInfo1 = new OtherInfo(OtherInfo.FAIL,
-                          new INTEGER(OtherInfo.BAD_CERT_ID), null); 
+                                new INTEGER(OtherInfo.BAD_CERT_ID), null);
                         SEQUENCE bpids1 = new SEQUENCE();
                         bpids1.addElement(attr.getBodyPartID());
                         CMCStatusInfo cmcStatusInfo1 = new CMCStatusInfo(
-                          new INTEGER(CMCStatusInfo.FAILED),
-                          bpids1, null, otherInfo1);
+                                new INTEGER(CMCStatusInfo.FAILED),
+                                bpids1, null, otherInfo1);
                         TaggedAttribute tagattr1 = new TaggedAttribute(
-                          new INTEGER(bpid++),
-                          OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo1);
+                                new INTEGER(bpid++),
+                                OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo1);
                         controlSeq.addElement(tagattr1);
                     }
                 }
 
-                attr = 
-                  (TaggedAttribute)(context.get(OBJECT_IDENTIFIER.id_cmc_dataReturn));
+                attr =
+                        (TaggedAttribute) (context.get(OBJECT_IDENTIFIER.id_cmc_dataReturn));
                 if (attr != null)
                     bpid = processDataReturnControl(attr, controlSeq, bpid);
 
                 attr =
-                  (TaggedAttribute)context.get(OBJECT_IDENTIFIER.id_cmc_transactionId); 
+                        (TaggedAttribute) context.get(OBJECT_IDENTIFIER.id_cmc_transactionId);
                 if (attr != null)
                     bpid = processTransactionControl(attr, controlSeq, bpid);
 
                 attr =
-                  (TaggedAttribute)context.get(OBJECT_IDENTIFIER.id_cmc_senderNonce); 
+                        (TaggedAttribute) context.get(OBJECT_IDENTIFIER.id_cmc_senderNonce);
                 if (attr != null)
                     bpid = processSenderNonceControl(attr, controlSeq, bpid);
 
                 attr =
-                  (TaggedAttribute)context.get(OBJECT_IDENTIFIER.id_cmc_QueryPending); 
+                        (TaggedAttribute) context.get(OBJECT_IDENTIFIER.id_cmc_QueryPending);
                 if (attr != null)
-                    bpid = processQueryPendingControl(attr, controlSeq, bpid); 
+                    bpid = processQueryPendingControl(attr, controlSeq, bpid);
 
-                attr = 
-                  (TaggedAttribute)context.get(OBJECT_IDENTIFIER.id_cmc_idConfirmCertAcceptance);
+                attr =
+                        (TaggedAttribute) context.get(OBJECT_IDENTIFIER.id_cmc_idConfirmCertAcceptance);
 
-                if (attr != null) 
+                if (attr != null)
                     bpid = processConfirmCertAcceptanceControl(attr, controlSeq,
-                      bpid);
+                            bpid);
 
-                attr = 
-                  (TaggedAttribute)context.get(OBJECT_IDENTIFIER.id_cmc_revokeRequest);
+                attr =
+                        (TaggedAttribute) context.get(OBJECT_IDENTIFIER.id_cmc_revokeRequest);
 
-                if (attr != null) 
+                if (attr != null)
                     bpid = processRevokeRequestControl(attr, controlSeq,
-                      bpid);
+                            bpid);
             }
 
             if (success_bpids != null && success_bpids.size() > 0) {
-                for (int i=0; i<reqs.length; i++) {
+                for (int i = 0; i < reqs.length; i++) {
                     if (error_codes[i] == 0) {
-                        X509CertImpl impl = 
-                          (reqs[i].getExtDataInCert(IEnrollProfile.REQUEST_ISSUED_CERT));
+                        X509CertImpl impl =
+                                (reqs[i].getExtDataInCert(IEnrollProfile.REQUEST_ISSUED_CERT));
                         byte[] bin = impl.getEncoded();
                         Certificate.Template certTemplate = new Certificate.Template();
-                        Certificate cert = (Certificate)certTemplate.decode(
-                          new ByteArrayInputStream(bin));
+                        Certificate cert = (Certificate) certTemplate.decode(
+                                new ByteArrayInputStream(bin));
                         certs.addElement(cert);
                     }
                 }
             }
 
             ResponseBody respBody = new ResponseBody(controlSeq,
-              cmsSeq, otherMsgSeq);
+                    cmsSeq, otherMsgSeq);
 
             ContentInfo contentInfo = getContentInfo(respBody, certs);
             ByteArrayOutputStream fos = new ByteArrayOutputStream();
@@ -354,16 +353,16 @@ public class CMCOutputTemplate {
             resp.setContentType("application/pkcs7-mime");
             resp.setContentLength(contentBytes.length);
             OutputStream os = resp.getOutputStream();
-            os.write(contentBytes);  
+            os.write(contentBytes);
             os.flush();
         } catch (java.security.cert.CertificateEncodingException e) {
-            CMS.debug("CMCOutputTemplate exception: "+e.toString());
+            CMS.debug("CMCOutputTemplate exception: " + e.toString());
         } catch (InvalidBERException e) {
-            CMS.debug("CMCOutputTemplate exception: "+e.toString());
+            CMS.debug("CMCOutputTemplate exception: " + e.toString());
         } catch (IOException e) {
-            CMS.debug("CMCOutputTemplate exception: "+e.toString());
+            CMS.debug("CMCOutputTemplate exception: " + e.toString());
         } catch (Exception e) {
-            CMS.debug("Exception: "+e.toString());
+            CMS.debug("Exception: " + e.toString());
         }
     }
 
@@ -371,48 +370,46 @@ public class CMCOutputTemplate {
         try {
             ICertificateAuthority ca = null;
             // add CA cert chain
-            ca = (ICertificateAuthority)CMS.getSubsystem("ca");
+            ca = (ICertificateAuthority) CMS.getSubsystem("ca");
             CertificateChain certchains = ca.getCACertChain();
             java.security.cert.X509Certificate[] chains = certchains.getChain();
 
-            for (int i=0; i<chains.length; i++) {
+            for (int i = 0; i < chains.length; i++) {
                 Certificate.Template certTemplate = new Certificate.Template();
-                Certificate cert = (Certificate)certTemplate.decode(
-                  new ByteArrayInputStream(chains[i].getEncoded()));
+                Certificate cert = (Certificate) certTemplate.decode(
+                        new ByteArrayInputStream(chains[i].getEncoded()));
                 certs.addElement(cert);
             }
-    
+
             EncapsulatedContentInfo enContentInfo = new EncapsulatedContentInfo(
-              OBJECT_IDENTIFIER.id_cct_PKIResponse, respBody);
+                    OBJECT_IDENTIFIER.id_cct_PKIResponse, respBody);
             org.mozilla.jss.crypto.X509Certificate x509CAcert = null;
             x509CAcert = ca.getCaX509Cert();
             X509CertImpl caimpl = new X509CertImpl(x509CAcert.getEncoded());
-            X500Name issuerName = (X500Name)caimpl.getIssuerDN();
+            X500Name issuerName = (X500Name) caimpl.getIssuerDN();
             byte[] issuerByte = issuerName.getEncoded();
-            ByteArrayInputStream istream = new  ByteArrayInputStream(issuerByte);
+            ByteArrayInputStream istream = new ByteArrayInputStream(issuerByte);
             Name issuer = (Name) Name.getTemplate().decode(istream);
             IssuerAndSerialNumber ias = new IssuerAndSerialNumber(
-              issuer, new INTEGER(x509CAcert.getSerialNumber().toString()));
+                    issuer, new INTEGER(x509CAcert.getSerialNumber().toString()));
             SignerIdentifier si = new SignerIdentifier(
-              SignerIdentifier.ISSUER_AND_SERIALNUMBER, ias, null);
+                    SignerIdentifier.ISSUER_AND_SERIALNUMBER, ias, null);
             // use CA instance's default signature and digest algorithm
             SignatureAlgorithm signAlg = ca.getDefaultSignatureAlgorithm();
             org.mozilla.jss.crypto.PrivateKey privKey =
-              CryptoManager.getInstance().findPrivKeyByCert(x509CAcert);
-/*
-            org.mozilla.jss.crypto.PrivateKey.Type keyType = privKey.getType();
-            if( keyType.equals( org.mozilla.jss.crypto.PrivateKey.RSA ) ) {
-                signAlg = SignatureAlgorithm.RSASignatureWithSHA1Digest;
-            } else if( keyType.equals( org.mozilla.jss.crypto.PrivateKey.DSA ) ) {
-                signAlg = SignatureAlgorithm.DSASignatureWithSHA1Digest;
-            } else if( keyType.equals( org.mozilla.jss.crypto.PrivateKey.EC ) ) {
-                 signAlg = SignatureAlgorithm.ECSignatureWithSHA1Digest;
-            } else {
-                CMS.debug( "CMCOutputTemplate::getContentInfo() - "
-                         + "signAlg is unsupported!" );
-                return null;
-            }
-*/
+                    CryptoManager.getInstance().findPrivKeyByCert(x509CAcert);
+            /*
+             * org.mozilla.jss.crypto.PrivateKey.Type keyType =
+             * privKey.getType(); if( keyType.equals(
+             * org.mozilla.jss.crypto.PrivateKey.RSA ) ) { signAlg =
+             * SignatureAlgorithm.RSASignatureWithSHA1Digest; } else if(
+             * keyType.equals( org.mozilla.jss.crypto.PrivateKey.DSA ) ) {
+             * signAlg = SignatureAlgorithm.DSASignatureWithSHA1Digest; } else
+             * if( keyType.equals( org.mozilla.jss.crypto.PrivateKey.EC ) ) {
+             * signAlg = SignatureAlgorithm.ECSignatureWithSHA1Digest; } else {
+             * CMS.debug( "CMCOutputTemplate::getContentInfo() - " +
+             * "signAlg is unsupported!" ); return null; }
+             */
             DigestAlgorithm digestAlg = signAlg.getDigestAlg();
             MessageDigest msgDigest = null;
             byte[] digest = null;
@@ -425,9 +422,9 @@ public class CMCOutputTemplate {
             digest = msgDigest.digest(ostream.toByteArray());
 
             SignerInfo signInfo = new
-              SignerInfo(si, null, null,
-              OBJECT_IDENTIFIER.id_cct_PKIResponse,
-              digest, signAlg, privKey);
+                    SignerInfo(si, null, null,
+                            OBJECT_IDENTIFIER.id_cct_PKIResponse,
+                            digest, signAlg, privKey);
             SET signInfos = new SET();
 
             signInfos.addElement(signInfo);
@@ -436,30 +433,30 @@ public class CMCOutputTemplate {
 
             if (digestAlg != null) {
                 AlgorithmIdentifier ai = new
-                  AlgorithmIdentifier(digestAlg.toOID(), null);
-    
+                        AlgorithmIdentifier(digestAlg.toOID(), null);
+
                 digestAlgs.addElement(ai);
             }
             SignedData signedData = new SignedData(digestAlgs,
-              enContentInfo, certs, null, signInfos);
+                    enContentInfo, certs, null, signInfos);
 
             ContentInfo contentInfo = new ContentInfo(signedData);
             CMS.debug("CMCOutputTemplate::getContentInfo() - done");
             return contentInfo;
         } catch (Exception e) {
-            CMS.debug("CMCOutputTemplate: Failed to create CMCContentInfo. Exception: "+e.toString());
+            CMS.debug("CMCOutputTemplate: Failed to create CMCContentInfo. Exception: " + e.toString());
         }
-        return null;     
+        return null;
     }
 
-    public void createSimpleResponse(HttpServletResponse resp, IRequest []reqs) {
+    public void createSimpleResponse(HttpServletResponse resp, IRequest[] reqs) {
         SET certs = new SET();
         SessionContext context = SessionContext.getContext();
         try {
-            TaggedAttribute attr = 
-              (TaggedAttribute)(context.get(OBJECT_IDENTIFIER.id_cmc_getCert));
+            TaggedAttribute attr =
+                    (TaggedAttribute) (context.get(OBJECT_IDENTIFIER.id_cmc_getCert));
             processGetCertControl(attr, certs);
-        } catch (Exception e) { 
+        } catch (Exception e) {
             CMS.debug("CMCOutputTemplate: No certificate is found.");
         }
 
@@ -472,34 +469,34 @@ public class CMCOutputTemplate {
 
         try {
             if (reqs != null) {
-                for (int i=0; i<reqs.length; i++) {
-                    X509CertImpl impl = 
-                      (reqs[i].getExtDataInCert(IEnrollProfile.REQUEST_ISSUED_CERT));
+                for (int i = 0; i < reqs.length; i++) {
+                    X509CertImpl impl =
+                            (reqs[i].getExtDataInCert(IEnrollProfile.REQUEST_ISSUED_CERT));
                     byte[] bin = impl.getEncoded();
                     Certificate.Template certTemplate = new Certificate.Template();
-                    Certificate cert = 
-                      (Certificate)certTemplate.decode(new ByteArrayInputStream(bin));
+                    Certificate cert =
+                            (Certificate) certTemplate.decode(new ByteArrayInputStream(bin));
 
                     certs.addElement(cert);
                 }
 
                 // Get CA certs
-                ICertificateAuthority ca = (ICertificateAuthority)CMS.getSubsystem("ca");
+                ICertificateAuthority ca = (ICertificateAuthority) CMS.getSubsystem("ca");
                 CertificateChain certchains = ca.getCACertChain();
                 java.security.cert.X509Certificate[] chains = certchains.getChain();
 
-                for (int i=0; i<chains.length; i++) {
+                for (int i = 0; i < chains.length; i++) {
                     Certificate.Template certTemplate = new Certificate.Template();
-                    Certificate cert = (Certificate)certTemplate.decode(
-                      new ByteArrayInputStream(chains[i].getEncoded()));
+                    Certificate cert = (Certificate) certTemplate.decode(
+                            new ByteArrayInputStream(chains[i].getEncoded()));
                     certs.addElement(cert);
                 }
             }
-       
+
             if (certs.size() == 0)
                 return;
             SignedData signedData = new SignedData(digestAlgorithms,
-              enContentInfo, certs, null, signedInfos);
+                    enContentInfo, certs, null, signedInfos);
 
             ContentInfo contentInfo = new ContentInfo(signedData);
             ByteArrayOutputStream fos = new ByteArrayOutputStream();
@@ -510,48 +507,48 @@ public class CMCOutputTemplate {
             resp.setContentType("application/pkcs7-mime");
             resp.setContentLength(contentBytes.length);
             OutputStream os = resp.getOutputStream();
-            os.write(contentBytes);  
+            os.write(contentBytes);
             os.flush();
         } catch (java.security.cert.CertificateEncodingException e) {
-            CMS.debug("CMCOutputTemplate exception: "+e.toString());
+            CMS.debug("CMCOutputTemplate exception: " + e.toString());
         } catch (InvalidBERException e) {
-            CMS.debug("CMCOutputTemplate exception: "+e.toString());
+            CMS.debug("CMCOutputTemplate exception: " + e.toString());
         } catch (IOException e) {
-            CMS.debug("CMCOutputTemplate exception: "+e.toString());
+            CMS.debug("CMCOutputTemplate exception: " + e.toString());
         }
     }
 
     private int processConfirmCertAcceptanceControl(
-      TaggedAttribute attr, SEQUENCE controlSeq, int bpid) {
+            TaggedAttribute attr, SEQUENCE controlSeq, int bpid) {
         if (attr != null) {
             INTEGER bodyId = attr.getBodyPartID();
             SEQUENCE seq = new SEQUENCE();
-            seq.addElement(bodyId); 
+            seq.addElement(bodyId);
             SET values = attr.getValues();
             if (values != null && values.size() > 0) {
                 try {
-                    CMCCertId cmcCertId = 
-                      (CMCCertId)(ASN1Util.decode(CMCCertId.getTemplate(),
-                      ASN1Util.encode(values.elementAt(0))));
-                    BigInteger serialno = (BigInteger)(cmcCertId.getSerial());
-                    SEQUENCE issuers = cmcCertId.getIssuer(); 
-                    //ANY issuer = (ANY)issuers.elementAt(0);
-                    ANY issuer = 
-                      (ANY)(ASN1Util.decode(ANY.getTemplate(),
-                      ASN1Util.encode(issuers.elementAt(0))));
+                    CMCCertId cmcCertId =
+                            (CMCCertId) (ASN1Util.decode(CMCCertId.getTemplate(),
+                                    ASN1Util.encode(values.elementAt(0))));
+                    BigInteger serialno = (BigInteger) (cmcCertId.getSerial());
+                    SEQUENCE issuers = cmcCertId.getIssuer();
+                    // ANY issuer = (ANY)issuers.elementAt(0);
+                    ANY issuer =
+                            (ANY) (ASN1Util.decode(ANY.getTemplate(),
+                                    ASN1Util.encode(issuers.elementAt(0))));
                     byte[] b = issuer.getEncoded();
                     X500Name n = new X500Name(b);
                     ICertificateAuthority ca = null;
-                    ca = (ICertificateAuthority)CMS.getSubsystem("ca");
+                    ca = (ICertificateAuthority) CMS.getSubsystem("ca");
                     X500Name caName = ca.getX500Name();
                     boolean confirmAccepted = false;
                     if (n.toString().equalsIgnoreCase(caName.toString())) {
                         CMS.debug("CMCOutputTemplate: Issuer names are equal");
                         ICertificateRepository repository =
-                          (ICertificateRepository)ca.getCertificateRepository();
+                                (ICertificateRepository) ca.getCertificateRepository();
                         X509CertImpl impl = null;
                         try {
-                            repository.getX509Certificate(serialno); 
+                            repository.getX509Certificate(serialno);
                         } catch (EBaseException ee) {
                             CMS.debug("CMCOutputTemplate: Certificate in the confirm acceptance control was not found");
                         }
@@ -559,77 +556,77 @@ public class CMCOutputTemplate {
                     CMCStatusInfo cmcStatusInfo = null;
                     if (confirmAccepted) {
                         CMS.debug("CMCOutputTemplate: Confirm Acceptance received. The certificate exists in the certificate repository.");
-                        cmcStatusInfo = 
-                          new CMCStatusInfo(CMCStatusInfo.SUCCESS, seq,
-                          (String)null, null);
+                        cmcStatusInfo =
+                                new CMCStatusInfo(CMCStatusInfo.SUCCESS, seq,
+                                        (String) null, null);
                     } else {
                         CMS.debug("CMCOutputTemplate: Confirm Acceptance received. The certificate does not exist in the certificate repository.");
-                        OtherInfo otherInfo = new OtherInfo(OtherInfo.FAIL, 
-                          new INTEGER(OtherInfo.BAD_CERT_ID), null);
-                        cmcStatusInfo = 
-                          new CMCStatusInfo(CMCStatusInfo.FAILED, seq,
-                          (String)null, otherInfo);
+                        OtherInfo otherInfo = new OtherInfo(OtherInfo.FAIL,
+                                new INTEGER(OtherInfo.BAD_CERT_ID), null);
+                        cmcStatusInfo =
+                                new CMCStatusInfo(CMCStatusInfo.FAILED, seq,
+                                        (String) null, otherInfo);
                     }
                     TaggedAttribute statustagattr = new TaggedAttribute(
-                      new INTEGER(bpid++),
-                      OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo);
-                    controlSeq.addElement(statustagattr); 
+                            new INTEGER(bpid++),
+                            OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo);
+                    controlSeq.addElement(statustagattr);
                 } catch (Exception e) {
-                    CMS.debug("CMCOutputTemplate exception: "+e.toString());
+                    CMS.debug("CMCOutputTemplate exception: " + e.toString());
                 }
-            } 
+            }
         }
         return bpid;
     }
 
     private void processGetCertControl(TaggedAttribute attr, SET certs)
-      throws InvalidBERException, java.security.cert.CertificateEncodingException,
-      IOException, EBaseException {
+            throws InvalidBERException, java.security.cert.CertificateEncodingException,
+            IOException, EBaseException {
         if (attr != null) {
             SET vals = attr.getValues();
 
             if (vals.size() == 1) {
                 GetCert getCert =
-                  (GetCert)(ASN1Util.decode(GetCert.getTemplate(),
-                  ASN1Util.encode(vals.elementAt(0))));
-                BigInteger serialno = (BigInteger)(getCert.getSerialNumber());
-                ANY issuer = (ANY)getCert.getIssuer();
+                        (GetCert) (ASN1Util.decode(GetCert.getTemplate(),
+                                ASN1Util.encode(vals.elementAt(0))));
+                BigInteger serialno = (BigInteger) (getCert.getSerialNumber());
+                ANY issuer = (ANY) getCert.getIssuer();
                 byte b[] = issuer.getEncoded();
                 X500Name n = new X500Name(b);
-                ICertificateAuthority ca = (ICertificateAuthority)CMS.getSubsystem("ca");
+                ICertificateAuthority ca = (ICertificateAuthority) CMS.getSubsystem("ca");
                 X500Name caName = ca.getX500Name();
                 if (!n.toString().equalsIgnoreCase(caName.toString())) {
                     CMS.debug("CMCOutputTemplate: Issuer names are equal in the GetCert Control");
                     throw new EBaseException("Certificate is not found");
                 }
                 ICertificateRepository repository =
-                  (ICertificateRepository)ca.getCertificateRepository();
+                        (ICertificateRepository) ca.getCertificateRepository();
                 X509CertImpl impl = repository.getX509Certificate(serialno);
                 byte[] bin = impl.getEncoded();
                 Certificate.Template certTemplate = new Certificate.Template();
                 Certificate cert =
-                  (Certificate)certTemplate.decode(new ByteArrayInputStream(bin));
+                        (Certificate) certTemplate.decode(new ByteArrayInputStream(bin));
                 certs.addElement(cert);
             }
         }
     }
- 
+
     private int processQueryPendingControl(TaggedAttribute attr,
-      SEQUENCE controlSeq, int bpid) {
+            SEQUENCE controlSeq, int bpid) {
         if (attr != null) {
             SET values = attr.getValues();
-            if (values != null  && values.size() > 0) {
+            if (values != null && values.size() > 0) {
                 SEQUENCE pending_bpids = new SEQUENCE();
                 SEQUENCE success_bpids = new SEQUENCE();
                 SEQUENCE failed_bpids = new SEQUENCE();
-                for (int i=0; i<values.size(); i++) {
+                for (int i = 0; i < values.size(); i++) {
                     try {
                         INTEGER reqId = (INTEGER)
-                          ASN1Util.decode(INTEGER.getTemplate(),
-                          ASN1Util.encode(values.elementAt(i)));
+                                ASN1Util.decode(INTEGER.getTemplate(),
+                                        ASN1Util.encode(values.elementAt(i)));
                         String requestId = new String(reqId.toByteArray());
 
-                        ICertificateAuthority ca = (ICertificateAuthority)CMS.getSubsystem("ca");
+                        ICertificateAuthority ca = (ICertificateAuthority) CMS.getSubsystem("ca");
                         IRequestQueue queue = ca.getRequestQueue();
                         IRequest r = queue.findRequest(new RequestId(requestId));
                         if (r != null) {
@@ -649,43 +646,43 @@ public class CMCOutputTemplate {
 
                 if (pending_bpids.size() > 0) {
                     CMCStatusInfo cmcStatusInfo = new CMCStatusInfo(CMCStatusInfo.PENDING,
-                      pending_bpids, (String)null, null);
+                            pending_bpids, (String) null, null);
                     TaggedAttribute tagattr = new TaggedAttribute(
-                      new INTEGER(bpid++),
-                      OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo);
+                            new INTEGER(bpid++),
+                            OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo);
                     controlSeq.addElement(tagattr);
                 }
                 if (success_bpids.size() > 0) {
                     CMCStatusInfo cmcStatusInfo = new CMCStatusInfo(CMCStatusInfo.SUCCESS,
-                      pending_bpids, (String)null, null);
+                            pending_bpids, (String) null, null);
                     TaggedAttribute tagattr = new TaggedAttribute(
-                      new INTEGER(bpid++),
-                      OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo);
+                            new INTEGER(bpid++),
+                            OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo);
                     controlSeq.addElement(tagattr);
                 }
 
                 if (failed_bpids.size() > 0) {
                     CMCStatusInfo cmcStatusInfo = new CMCStatusInfo(CMCStatusInfo.FAILED,
-                      pending_bpids, (String)null, null);
+                            pending_bpids, (String) null, null);
                     TaggedAttribute tagattr = new TaggedAttribute(
-                      new INTEGER(bpid++),
-                      OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo);
+                            new INTEGER(bpid++),
+                            OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo);
                     controlSeq.addElement(tagattr);
                 }
 
-            } 
+            }
         }
         return bpid;
     }
 
-    private int processTransactionControl(TaggedAttribute attr, 
-      SEQUENCE controlSeq, int bpid) {
+    private int processTransactionControl(TaggedAttribute attr,
+            SEQUENCE controlSeq, int bpid) {
         if (attr != null) {
             SET transIds = attr.getValues();
             if (transIds != null) {
                 TaggedAttribute tagattr = new TaggedAttribute(
-                  new INTEGER(bpid++), OBJECT_IDENTIFIER.id_cmc_transactionId,
-                  transIds);
+                        new INTEGER(bpid++), OBJECT_IDENTIFIER.id_cmc_transactionId,
+                        transIds);
                 controlSeq.addElement(tagattr);
             }
         }
@@ -694,16 +691,16 @@ public class CMCOutputTemplate {
     }
 
     private int processSenderNonceControl(TaggedAttribute attr,
-      SEQUENCE controlSeq, int bpid) {
+            SEQUENCE controlSeq, int bpid) {
         if (attr != null) {
             SET sNonce = attr.getValues();
             if (sNonce != null) {
                 TaggedAttribute tagattr = new TaggedAttribute(
-                  new INTEGER(bpid++), OBJECT_IDENTIFIER.id_cmc_recipientNonce,
-                  sNonce);
+                        new INTEGER(bpid++), OBJECT_IDENTIFIER.id_cmc_recipientNonce,
+                        sNonce);
                 controlSeq.addElement(tagattr);
                 Date date = new Date();
-                String salt = "lala123"+date.toString();
+                String salt = "lala123" + date.toString();
                 byte[] dig;
                 try {
                     MessageDigest SHA1Digest = MessageDigest.getInstance("SHA1");
@@ -714,8 +711,8 @@ public class CMCOutputTemplate {
 
                 String b64E = CMS.BtoA(dig);
                 tagattr = new TaggedAttribute(
-                  new INTEGER(bpid++), OBJECT_IDENTIFIER.id_cmc_senderNonce,
-                  new OCTET_STRING(b64E.getBytes()));
+                        new INTEGER(bpid++), OBJECT_IDENTIFIER.id_cmc_senderNonce,
+                        new OCTET_STRING(b64E.getBytes()));
                 controlSeq.addElement(tagattr);
             }
         }
@@ -723,29 +720,29 @@ public class CMCOutputTemplate {
         return bpid;
     }
 
-    private int processDataReturnControl(TaggedAttribute attr, 
-      SEQUENCE controlSeq, int bpid) throws InvalidBERException {
+    private int processDataReturnControl(TaggedAttribute attr,
+            SEQUENCE controlSeq, int bpid) throws InvalidBERException {
 
         if (attr != null) {
             SET vals = attr.getValues();
-    
+
             if (vals.size() > 0) {
-                OCTET_STRING str = 
-                  (OCTET_STRING)(ASN1Util.decode(OCTET_STRING.getTemplate(),
-                  ASN1Util.encode(vals.elementAt(0)))); 
+                OCTET_STRING str =
+                        (OCTET_STRING) (ASN1Util.decode(OCTET_STRING.getTemplate(),
+                                ASN1Util.encode(vals.elementAt(0))));
                 TaggedAttribute tagattr = new TaggedAttribute(
-                  new INTEGER(bpid++),
-                  OBJECT_IDENTIFIER.id_cmc_dataReturn, str);
-                controlSeq.addElement(tagattr); 
+                        new INTEGER(bpid++),
+                        OBJECT_IDENTIFIER.id_cmc_dataReturn, str);
+                controlSeq.addElement(tagattr);
             }
-        }      
+        }
 
         return bpid;
     }
 
-    private int processRevokeRequestControl(TaggedAttribute attr, 
-      SEQUENCE controlSeq, int bpid) throws InvalidBERException, EBaseException,
-      IOException {
+    private int processRevokeRequestControl(TaggedAttribute attr,
+            SEQUENCE controlSeq, int bpid) throws InvalidBERException, EBaseException,
+            IOException {
         boolean revoke = false;
         SessionContext context = SessionContext.getContext();
         if (attr != null) {
@@ -754,10 +751,10 @@ public class CMCOutputTemplate {
             SET vals = attr.getValues();
             if (vals.size() > 0) {
                 RevRequest revRequest =
-                  (RevRequest)(ASN1Util.decode(new RevRequest.Template(),
-                  ASN1Util.encode(vals.elementAt(0))));
+                        (RevRequest) (ASN1Util.decode(new RevRequest.Template(),
+                                ASN1Util.encode(vals.elementAt(0))));
                 OCTET_STRING str = revRequest.getSharedSecret();
-                INTEGER pid = attr.getBodyPartID(); 
+                INTEGER pid = attr.getBodyPartID();
                 TaggedAttribute tagattr = null;
                 INTEGER revokeCertSerial = revRequest.getSerialNumber();
                 BigInteger revokeSerial = new BigInteger(revokeCertSerial.toByteArray());
@@ -767,25 +764,25 @@ public class CMCOutputTemplate {
                         needVerify = CMS.getConfigStore().getBoolean("cmc.revokeCert.verify", true);
                     } catch (Exception e) {
                     }
-                    
+
                     if (needVerify) {
-                        Integer num1 = (Integer)context.get("numOfOtherMsgs");
+                        Integer num1 = (Integer) context.get("numOfOtherMsgs");
                         int num = num1.intValue();
-                        for (int i=0; i<num; i++) {
-                            OtherMsg data = (OtherMsg)context.get("otherMsg"+i);
-                            INTEGER dpid = data.getBodyPartID(); 
+                        for (int i = 0; i < num; i++) {
+                            OtherMsg data = (OtherMsg) context.get("otherMsg" + i);
+                            INTEGER dpid = data.getBodyPartID();
                             if (pid.longValue() == dpid.longValue()) {
-                                ANY msgValue = data.getOtherMsgValue(); 
-                                SignedData msgData = 
-                                  (SignedData)msgValue.decodeWith(SignedData.getTemplate());
+                                ANY msgValue = data.getOtherMsgValue();
+                                SignedData msgData =
+                                        (SignedData) msgValue.decodeWith(SignedData.getTemplate());
                                 if (!verifyRevRequestSignature(msgData)) {
                                     OtherInfo otherInfo = new OtherInfo(OtherInfo.FAIL, new INTEGER(OtherInfo.BAD_MESSAGE_CHECK), null);
                                     SEQUENCE failed_bpids = new SEQUENCE();
                                     failed_bpids.addElement(attrbpid);
-                                    cmcStatusInfo = new CMCStatusInfo(CMCStatusInfo.FAILED, failed_bpids, (String)null, otherInfo);
+                                    cmcStatusInfo = new CMCStatusInfo(CMCStatusInfo.FAILED, failed_bpids, (String) null, otherInfo);
                                     tagattr = new TaggedAttribute(
-                                      new INTEGER(bpid++),
-                                      OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo);
+                                            new INTEGER(bpid++),
+                                            OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo);
                                     controlSeq.addElement(tagattr);
                                     return bpid;
                                 }
@@ -794,7 +791,7 @@ public class CMCOutputTemplate {
                     }
 
                     revoke = true;
-                // check shared secret 
+                    // check shared secret
                 } else {
                     ISharedToken tokenClass = null;
                     boolean sharedSecretFound = true;
@@ -810,15 +807,15 @@ public class CMCOutputTemplate {
                     }
 
                     try {
-                        tokenClass = (ISharedToken)Class.forName(name).newInstance();
+                        tokenClass = (ISharedToken) Class.forName(name).newInstance();
                     } catch (ClassNotFoundException e) {
-                        CMS.debug("EnrollProfile: Failed to find class name: "+name);
+                        CMS.debug("EnrollProfile: Failed to find class name: " + name);
                         sharedSecretFound = false;
                     } catch (InstantiationException e) {
-                        CMS.debug("EnrollProfile: Failed to instantiate class: "+name);
+                        CMS.debug("EnrollProfile: Failed to instantiate class: " + name);
                         sharedSecretFound = false;
                     } catch (IllegalAccessException e) {
-                        CMS.debug("EnrollProfile: Illegal access: "+name);
+                        CMS.debug("EnrollProfile: Illegal access: " + name);
                         sharedSecretFound = false;
                     }
 
@@ -827,10 +824,10 @@ public class CMCOutputTemplate {
                         OtherInfo otherInfo = new OtherInfo(OtherInfo.FAIL, new INTEGER(OtherInfo.INTERNAL_CA_ERROR), null);
                         SEQUENCE failed_bpids = new SEQUENCE();
                         failed_bpids.addElement(attrbpid);
-                        cmcStatusInfo = new CMCStatusInfo(CMCStatusInfo.FAILED, failed_bpids, (String)null, otherInfo);
+                        cmcStatusInfo = new CMCStatusInfo(CMCStatusInfo.FAILED, failed_bpids, (String) null, otherInfo);
                         tagattr = new TaggedAttribute(
-                          new INTEGER(bpid++),
-                          OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo);
+                                new INTEGER(bpid++),
+                                OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo);
                         controlSeq.addElement(tagattr);
                         return bpid;
                     }
@@ -846,10 +843,10 @@ public class CMCOutputTemplate {
                         OtherInfo otherInfo = new OtherInfo(OtherInfo.FAIL, new INTEGER(OtherInfo.INTERNAL_CA_ERROR), null);
                         SEQUENCE failed_bpids = new SEQUENCE();
                         failed_bpids.addElement(attrbpid);
-                        cmcStatusInfo = new CMCStatusInfo(CMCStatusInfo.FAILED, failed_bpids, (String)null, otherInfo);
+                        cmcStatusInfo = new CMCStatusInfo(CMCStatusInfo.FAILED, failed_bpids, (String) null, otherInfo);
                         tagattr = new TaggedAttribute(
-                          new INTEGER(bpid++),
-                          OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo);
+                                new INTEGER(bpid++),
+                                OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo);
                         controlSeq.addElement(tagattr);
                         return bpid;
                     }
@@ -864,23 +861,23 @@ public class CMCOutputTemplate {
                         OtherInfo otherInfo = new OtherInfo(OtherInfo.FAIL, new INTEGER(OtherInfo.BAD_MESSAGE_CHECK), null);
                         SEQUENCE failed_bpids = new SEQUENCE();
                         failed_bpids.addElement(attrbpid);
-                        cmcStatusInfo = new CMCStatusInfo(CMCStatusInfo.FAILED, failed_bpids, (String)null, otherInfo);
+                        cmcStatusInfo = new CMCStatusInfo(CMCStatusInfo.FAILED, failed_bpids, (String) null, otherInfo);
                         tagattr = new TaggedAttribute(
-                          new INTEGER(bpid++),
-                          OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo);
+                                new INTEGER(bpid++),
+                                OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo);
                         controlSeq.addElement(tagattr);
                         return bpid;
                     }
-                } 
+                }
 
                 if (revoke) {
-                    ICertificateAuthority ca  = (ICertificateAuthority)CMS.getSubsystem("ca");
-                    ICertificateRepository repository = (ICertificateRepository)ca.getCertificateRepository();
+                    ICertificateAuthority ca = (ICertificateAuthority) CMS.getSubsystem("ca");
+                    ICertificateRepository repository = (ICertificateRepository) ca.getCertificateRepository();
                     ICertRecord record = null;
                     try {
                         record = repository.readCertificateRecord(revokeSerial);
                     } catch (EBaseException ee) {
-                        CMS.debug("CMCOutputTemplate: Exception: "+ee.toString());
+                        CMS.debug("CMCOutputTemplate: Exception: " + ee.toString());
                     }
 
                     if (record == null) {
@@ -888,10 +885,10 @@ public class CMCOutputTemplate {
                         OtherInfo otherInfo = new OtherInfo(OtherInfo.FAIL, new INTEGER(OtherInfo.BAD_CERT_ID), null);
                         SEQUENCE failed_bpids = new SEQUENCE();
                         failed_bpids.addElement(attrbpid);
-                        cmcStatusInfo = new CMCStatusInfo(CMCStatusInfo.FAILED, failed_bpids, (String)null, otherInfo);
+                        cmcStatusInfo = new CMCStatusInfo(CMCStatusInfo.FAILED, failed_bpids, (String) null, otherInfo);
                         tagattr = new TaggedAttribute(
-                          new INTEGER(bpid++),
-                          OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo);
+                                new INTEGER(bpid++),
+                                OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo);
                         controlSeq.addElement(tagattr);
                         return bpid;
                     }
@@ -901,10 +898,10 @@ public class CMCOutputTemplate {
                         SEQUENCE success_bpids = new SEQUENCE();
                         success_bpids.addElement(attrbpid);
                         cmcStatusInfo = new CMCStatusInfo(CMCStatusInfo.SUCCESS,
-                          success_bpids, (String)null, null);
+                                success_bpids, (String) null, null);
                         tagattr = new TaggedAttribute(
-                          new INTEGER(bpid++),
-                          OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo);
+                                new INTEGER(bpid++),
+                                OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo);
                         controlSeq.addElement(tagattr);
                         return bpid;
                     }
@@ -928,7 +925,7 @@ public class CMCOutputTemplate {
                     RevokedCertImpl revCertImpl = new RevokedCertImpl(impl.getSerialNumber(), CMS.getCurrentDate(), entryExtn);
                     RevokedCertImpl[] revCertImpls = new RevokedCertImpl[1];
                     revCertImpls[0] = revCertImpl;
-                    IRequestQueue queue =  ca.getRequestQueue();
+                    IRequestQueue queue = ca.getRequestQueue();
                     IRequest revReq = queue.newRequest(IRequest.REVOCATION_REQUEST);
                     revReq.setExtData(IRequest.CERT_INFO, revCertImpls);
                     revReq.setExtData(IRequest.REVOKED_REASON,
@@ -941,17 +938,17 @@ public class CMCOutputTemplate {
                     RequestStatus stat = revReq.getRequestStatus();
                     if (stat == RequestStatus.COMPLETE) {
                         Integer result = revReq.getExtDataInInteger(IRequest.RESULT);
-                        CMS.debug("CMCOutputTemplate: revReq result = "+result);
+                        CMS.debug("CMCOutputTemplate: revReq result = " + result);
                         if (result.equals(IRequest.RES_ERROR)) {
                             CMS.debug("CMCOutputTemplate: revReq exception: " +
                                     revReq.getExtDataInString(IRequest.ERROR));
                             OtherInfo otherInfo = new OtherInfo(OtherInfo.FAIL, new INTEGER(OtherInfo.BAD_REQUEST), null);
                             SEQUENCE failed_bpids = new SEQUENCE();
                             failed_bpids.addElement(attrbpid);
-                            cmcStatusInfo = new CMCStatusInfo(CMCStatusInfo.FAILED, failed_bpids, (String)null, otherInfo);
+                            cmcStatusInfo = new CMCStatusInfo(CMCStatusInfo.FAILED, failed_bpids, (String) null, otherInfo);
                             tagattr = new TaggedAttribute(
-                              new INTEGER(bpid++),
-                              OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo);
+                                    new INTEGER(bpid++),
+                                    OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo);
                             controlSeq.addElement(tagattr);
                             return bpid;
                         }
@@ -960,36 +957,36 @@ public class CMCOutputTemplate {
                     ILogger logger = CMS.getLogger();
                     String initiative = AuditFormat.FROMUSER;
                     logger.log(ILogger.EV_AUDIT, ILogger.S_OTHER, AuditFormat.LEVEL,
-                      AuditFormat.DOREVOKEFORMAT, new Object[] {
-                      revReq.getRequestId(), initiative, "completed",
-                      impl.getSubjectDN(), 
-                      impl.getSerialNumber().toString(16),
-                      reason.toString()});
+                            AuditFormat.DOREVOKEFORMAT, new Object[] {
+                                    revReq.getRequestId(), initiative, "completed",
+                                    impl.getSubjectDN(),
+                                    impl.getSerialNumber().toString(16),
+                                    reason.toString() });
                     CMS.debug("CMCOutputTemplate: Certificate get revoked.");
                     SEQUENCE success_bpids = new SEQUENCE();
                     success_bpids.addElement(attrbpid);
                     cmcStatusInfo = new CMCStatusInfo(CMCStatusInfo.SUCCESS,
-                      success_bpids, (String)null, null);
+                            success_bpids, (String) null, null);
                     tagattr = new TaggedAttribute(
-                      new INTEGER(bpid++),
-                      OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo);
+                            new INTEGER(bpid++),
+                            OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo);
                     controlSeq.addElement(tagattr);
                     return bpid;
                 } else {
                     OtherInfo otherInfo = new OtherInfo(OtherInfo.FAIL, new INTEGER(OtherInfo.BAD_MESSAGE_CHECK), null);
                     SEQUENCE failed_bpids = new SEQUENCE();
                     failed_bpids.addElement(attrbpid);
-                    cmcStatusInfo = new CMCStatusInfo(CMCStatusInfo.FAILED, failed_bpids, (String)null, otherInfo);
+                    cmcStatusInfo = new CMCStatusInfo(CMCStatusInfo.FAILED, failed_bpids, (String) null, otherInfo);
                     tagattr = new TaggedAttribute(
-                      new INTEGER(bpid++),
-                      OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo);
+                            new INTEGER(bpid++),
+                            OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo, cmcStatusInfo);
                     controlSeq.addElement(tagattr);
                     return bpid;
                 }
             }
         }
 
-        return bpid; 
+        return bpid;
     }
 
     private RevocationReason toRevocationReason(ENUMERATED n) {
@@ -998,7 +995,7 @@ public class CMCOutputTemplate {
             return RevocationReason.UNSPECIFIED;
         else if (code == RevRequest.affiliationChanged.getValue())
             return RevocationReason.AFFILIATION_CHANGED;
-        else if (code == RevRequest.cACompromise.getValue()) 
+        else if (code == RevRequest.cACompromise.getValue())
             return RevocationReason.CA_COMPROMISE;
         else if (code == RevRequest.certificateHold.getValue())
             return RevocationReason.CERTIFICATE_HOLD;
@@ -1022,33 +1019,33 @@ public class CMCOutputTemplate {
             EncapsulatedContentInfo ci = msgData.getContentInfo();
             OCTET_STRING content = ci.getContent();
             ByteArrayInputStream s = new ByteArrayInputStream(content.toByteArray());
-            TaggedAttribute tattr = (TaggedAttribute)(new TaggedAttribute.Template()).decode(s);
+            TaggedAttribute tattr = (TaggedAttribute) (new TaggedAttribute.Template()).decode(s);
             SET values = tattr.getValues();
             RevRequest revRequest = null;
             if (values != null && values.size() > 0)
                 revRequest =
-                  (RevRequest)(ASN1Util.decode(new RevRequest.Template(),
-                  ASN1Util.encode(values.elementAt(0))));
+                        (RevRequest) (ASN1Util.decode(new RevRequest.Template(),
+                                ASN1Util.encode(values.elementAt(0))));
 
             SET dias = msgData.getDigestAlgorithmIdentifiers();
             int numDig = dias.size();
             Hashtable<String, byte[]> digs = new Hashtable<String, byte[]>();
-            for (int i=0; i<numDig; i++) {
+            for (int i = 0; i < numDig; i++) {
                 AlgorithmIdentifier dai =
-                  (AlgorithmIdentifier) dias.elementAt(i);
+                        (AlgorithmIdentifier) dias.elementAt(i);
                 String name =
-                  DigestAlgorithm.fromOID(dai.getOID()).toString();
+                        DigestAlgorithm.fromOID(dai.getOID()).toString();
                 MessageDigest md =
-                  MessageDigest.getInstance(name);
+                        MessageDigest.getInstance(name);
                 byte[] digest = md.digest(content.toByteArray());
                 digs.put(name, digest);
             }
 
             SET sis = msgData.getSignerInfos();
-            int numSis = sis.size(); 
-            for (int i=0; i<numSis; i++) {
+            int numSis = sis.size();
+            for (int i = 0; i < numSis; i++) {
                 org.mozilla.jss.pkix.cms.SignerInfo si =
-                  (org.mozilla.jss.pkix.cms.SignerInfo)sis.elementAt(i);
+                        (org.mozilla.jss.pkix.cms.SignerInfo) sis.elementAt(i);
                 String name = si.getDigestAlgorithm().toString();
                 byte[] digest = digs.get(name);
                 if (digest == null) {
@@ -1060,21 +1057,21 @@ public class CMCOutputTemplate {
                 SignerIdentifier sid = si.getSignerIdentifier();
                 if (sid.getType().equals(SignerIdentifier.ISSUER_AND_SERIALNUMBER)) {
                     org.mozilla.jss.pkix.cms.IssuerAndSerialNumber issuerAndSerialNumber =
-                      sid.getIssuerAndSerialNumber();
+                            sid.getIssuerAndSerialNumber();
                     java.security.cert.X509Certificate cert = null;
                     if (msgData.hasCertificates()) {
                         SET certs = msgData.getCertificates();
                         int numCerts = certs.size();
-                        for (int j=0; j<numCerts; j++) {
+                        for (int j = 0; j < numCerts; j++) {
                             org.mozilla.jss.pkix.cert.Certificate certJss =
-                              (Certificate) certs.elementAt(j);
-                            org.mozilla.jss.pkix.cert.CertificateInfo certI = 
-                              certJss.getInfo();
+                                    (Certificate) certs.elementAt(j);
+                            org.mozilla.jss.pkix.cert.CertificateInfo certI =
+                                    certJss.getInfo();
                             Name issuer = certI.getIssuer();
                             byte[] issuerB = ASN1Util.encode(issuer);
                             INTEGER sn = certI.getSerialNumber();
                             if (new String(issuerB).equalsIgnoreCase(new String(ASN1Util.encode(issuerAndSerialNumber.getIssuer()))) &&
-                              sn.toString().equals(issuerAndSerialNumber.getSerialNumber().toString())) {
+                                    sn.toString().equals(issuerAndSerialNumber.getSerialNumber().toString())) {
                                 ByteArrayOutputStream os = new ByteArrayOutputStream();
                                 certJss.encode(os);
                                 cert = new X509CertImpl(os.toByteArray());
@@ -1082,23 +1079,23 @@ public class CMCOutputTemplate {
                             }
                         }
                     }
-    
+
                     if (cert != null) {
                         PublicKey pbKey = cert.getPublicKey();
-                        String type = ((X509Key)pbKey).getAlgorithm();
+                        String type = ((X509Key) pbKey).getAlgorithm();
                         PrivateKey.Type kType = PrivateKey.RSA;
                         if (type.equals("DSA"))
                             kType = PrivateKey.DSA;
-                        PK11PubKey pubK = PK11PubKey.fromRaw(kType, ((X509Key)pbKey).getKey());
+                        PK11PubKey pubK = PK11PubKey.fromRaw(kType, ((X509Key) pbKey).getKey());
                         si.verify(digest, ci.getContentType(), pubK);
                         return true;
                     }
-                } 
-            } 
-             
+                }
+            }
+
             return false;
         } catch (Exception e) {
-            CMS.debug("CMCOutputTemplate: verifyRevRequestSignature. Exception: "+e.toString());
+            CMS.debug("CMCOutputTemplate: verifyRevRequestSignature. Exception: " + e.toString());
             return false;
         }
     }
diff --git a/pki/base/common/src/com/netscape/cms/servlet/common/CMSFile.java b/pki/base/common/src/com/netscape/cms/servlet/common/CMSFile.java
index 7f89297c..4d7c4cdd 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/common/CMSFile.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/common/CMSFile.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.servlet.common;
 
-
 import java.io.File;
 import java.io.FileInputStream;
 import java.io.IOException;
@@ -27,10 +26,9 @@ import com.netscape.certsrv.apps.CMS;
 import com.netscape.certsrv.base.EBaseException;
 import com.netscape.certsrv.logging.ILogger;
 
-
 /**
  * CMSFile represents a file from the filesystem cached in memory
- *
+ * 
  * @version $Revision$, $Date$
  */
 public class CMSFile {
diff --git a/pki/base/common/src/com/netscape/cms/servlet/common/CMSFileLoader.java b/pki/base/common/src/com/netscape/cms/servlet/common/CMSFileLoader.java
index bf4c3cf6..1d1d3479 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/common/CMSFileLoader.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/common/CMSFileLoader.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.servlet.common;
 
-
 import java.io.File;
 import java.io.IOException;
 import java.util.Enumeration;
@@ -26,10 +25,9 @@ import java.util.Hashtable;
 import com.netscape.certsrv.base.EBaseException;
 import com.netscape.certsrv.base.IConfigStore;
 
-
 /**
  * CMSFileLoader - file cache.
- *
+ * 
  * @version $Revision$, $Date$
  */
 
@@ -45,14 +43,14 @@ public class CMSFileLoader {
     // property to cache templates only
     public final String PROP_CACHE_TEMPLATES_ONLY = "cacheTemplatesOnly";
 
-    // hash of files to their content. 
+    // hash of files to their content.
     private Hashtable mLoadedFiles = new Hashtable();
 
-    // max number of files 
+    // max number of files
     private int mMaxSize = MAX_SIZE;
 
     // number of files to clear when max is reached.
-    private int mClearSize = CLEAR_SIZE;  
+    private int mClearSize = CLEAR_SIZE;
 
     // whether to cache templates and forms only.
     private boolean mCacheTemplatesOnly = true;
@@ -63,15 +61,15 @@ public class CMSFileLoader {
     public void init(IConfigStore config) throws EBaseException {
         mMaxSize = config.getInteger(PROP_MAX_SIZE, MAX_SIZE);
         mClearSize = config.getInteger(PROP_CLEAR_SIZE, CLEAR_SIZE);
-        mCacheTemplatesOnly = 
+        mCacheTemplatesOnly =
                 config.getBoolean(PROP_CACHE_TEMPLATES_ONLY, true);
     }
 
     // Changed by bskim
-    //public byte[] get(String absPath) throws EBaseException, IOException {
-    //	File file = new File(absPath);
-    //	return get(file);
-    //}
+    // public byte[] get(String absPath) throws EBaseException, IOException {
+    // File file = new File(absPath);
+    // return get(file);
+    // }
     public byte[] get(String absPath, String enc) throws EBaseException, IOException {
         File file = new File(absPath);
 
@@ -81,19 +79,19 @@ public class CMSFileLoader {
     // Change end
 
     // Changed by bskim
-    //public byte[] get(File file) throws EBaseException, IOException {
-    //	CMSFile cmsFile = getCMSFile(file);
+    // public byte[] get(File file) throws EBaseException, IOException {
+    // CMSFile cmsFile = getCMSFile(file);
     public byte[] get(File file, String enc) throws EBaseException, IOException {
         CMSFile cmsFile = getCMSFile(file, enc);
 
-        // Change end	    
+        // Change end
         return cmsFile.getContent();
     }
 
     // Changed by bskim
-    //public CMSFile getCMSFile(File file) throws EBaseException, IOException {
+    // public CMSFile getCMSFile(File file) throws EBaseException, IOException {
     public CMSFile getCMSFile(File file, String enc) throws EBaseException, IOException {
-        // Change end	    
+        // Change end
         String absPath = file.getAbsolutePath();
         long modified = file.lastModified();
         CMSFile cmsFile = (CMSFile) mLoadedFiles.get(absPath);
@@ -102,8 +100,8 @@ public class CMSFileLoader {
         // new file.
         if (cmsFile == null || modified != lastModified) {
             // Changed by bskim
-            //cmsFile = updateFile(absPath, file); 
-            cmsFile = updateFile(absPath, file, enc); 
+            // cmsFile = updateFile(absPath, file);
+            cmsFile = updateFile(absPath, file, enc);
             // Change end
         }
         cmsFile.setLastAccess(System.currentTimeMillis());
@@ -111,10 +109,10 @@ public class CMSFileLoader {
     }
 
     // Changed by bskim
-    //private CMSFile updateFile(String absPath, File file) 
-    private CMSFile updateFile(String absPath, File file, String enc) 
-        // Change end
-        throws EBaseException, IOException {
+    // private CMSFile updateFile(String absPath, File file)
+    private CMSFile updateFile(String absPath, File file, String enc)
+            // Change end
+            throws EBaseException, IOException {
         // clear if cache size exceeded.
         if (mLoadedFiles.size() >= mMaxSize) {
             clearSomeFiles();
@@ -125,24 +123,24 @@ public class CMSFileLoader {
         // check if file is a js template or plain template by its first String
         if (absPath.endsWith(CMSTemplate.SUFFIX)) {
             // Changed by bskim
-            //cmsFile = new CMSTemplate(file);
+            // cmsFile = new CMSTemplate(file);
             cmsFile = new CMSTemplate(file, enc);
             // End of Change
         } else {
             cmsFile = new CMSFile(file);
         }
-        mLoadedFiles.put(absPath, cmsFile);  // replace old one if any.
+        mLoadedFiles.put(absPath, cmsFile); // replace old one if any.
         return cmsFile;
     }
 
     private synchronized void clearSomeFiles() {
 
         // recheck this in case some other thread has cleared it.
-        if (mLoadedFiles.size() < mMaxSize) 
+        if (mLoadedFiles.size() < mMaxSize)
             return;
 
-            // remove the LRU files.
-            // XXX could be optimized more.
+        // remove the LRU files.
+        // XXX could be optimized more.
         Enumeration elements = mLoadedFiles.elements();
 
         for (int i = mClearSize; i > 0; i--) {
@@ -160,4 +158,3 @@ public class CMSFileLoader {
         }
     }
 }
-
diff --git a/pki/base/common/src/com/netscape/cms/servlet/common/CMSGWResources.java b/pki/base/common/src/com/netscape/cms/servlet/common/CMSGWResources.java
index a76b1c75..c3854935 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/common/CMSGWResources.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/common/CMSGWResources.java
@@ -17,14 +17,12 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.servlet.common;
 
-
 import java.util.ListResourceBundle;
 
-
 /**
  * A class represents a resource bundle for cms gateway.
  * <P>
- *
+ * 
  * @version $Revision$, $Date$
  * @see java.util.ListResourceBundle
  */
@@ -38,8 +36,7 @@ public class CMSGWResources extends ListResourceBundle {
     }
 
     /*
-     * Constants. The suffix represents the number of
-     * possible parameters.
+     * Constants. The suffix represents the number of possible parameters.
      */
 
     static final Object[][] contents = {};
diff --git a/pki/base/common/src/com/netscape/cms/servlet/common/CMSGateway.java b/pki/base/common/src/com/netscape/cms/servlet/common/CMSGateway.java
index b5c6e3c7..8fa9471e 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/common/CMSGateway.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/common/CMSGateway.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.servlet.common;
 
-
 import java.io.File;
 import java.io.IOException;
 import java.security.cert.X509Certificate;
@@ -41,10 +40,9 @@ import com.netscape.certsrv.base.IArgBlock;
 import com.netscape.certsrv.base.IConfigStore;
 import com.netscape.certsrv.logging.ILogger;
 
-
 /**
  * This class is to hold some general method for servlets.
- *
+ * 
  * @version $Revision$, $Date$
  */
 public class CMSGateway {
@@ -52,8 +50,8 @@ public class CMSGateway {
     private final static String PROP_ENABLE_ADMIN_ENROLL = "enableAdminEnroll";
 
     private final static String PROP_SERVER_XML = "server.xml";
-    public static final String CERT_ATTR = 
-        "javax.servlet.request.X509Certificate";
+    public static final String CERT_ATTR =
+            "javax.servlet.request.X509Certificate";
 
     protected static CMSFileLoader mFileLoader = new CMSFileLoader();
 
@@ -68,11 +66,11 @@ public class CMSGateway {
         mEnableFileServing = true;
         mConfig = CMS.getConfigStore().getSubStore(PROP_CMSGATEWAY);
         try {
-            mEnableAdminEnroll = 
+            mEnableAdminEnroll =
                     mConfig.getBoolean(PROP_ENABLE_ADMIN_ENROLL, false);
         } catch (EBaseException e) {
-            mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER, ILogger.LL_FAILURE, 
-                CMS.getLogMessage("CMSGW_BAD_CONFIG_PARAM"));
+            mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER, ILogger.LL_FAILURE,
+                    CMS.getLogMessage("CMSGW_BAD_CONFIG_PARAM"));
         }
     }
 
@@ -88,7 +86,7 @@ public class CMSGateway {
 
             httpReqHash.put(name, req.getParameter(name));
         }
-        
+
         String ip = req.getRemoteAddr();
         if (ip != null)
             httpReqHash.put("clientHost", ip);
@@ -99,11 +97,11 @@ public class CMSGateway {
         return mEnableAdminEnroll;
     }
 
-    public static void setEnableAdminEnroll(boolean enableAdminEnroll) 
-        throws EBaseException {
+    public static void setEnableAdminEnroll(boolean enableAdminEnroll)
+            throws EBaseException {
         IConfigStore mainConfig = CMS.getConfigStore();
 
-        //!!! Is it thread safe? xxxx
+        // !!! Is it thread safe? xxxx
         mEnableAdminEnroll = enableAdminEnroll;
         mConfig.putBoolean(PROP_ENABLE_ADMIN_ENROLL, enableAdminEnroll);
         mainConfig.commit(true);
@@ -112,9 +110,9 @@ public class CMSGateway {
     public static void disableAdminEnroll() throws EBaseException {
         setEnableAdminEnroll(false);
 
-        /* need to do this in web.xml and restart ws
-         removeServlet("/ca/adminEnroll", "AdminEnroll");
-         initGateway();
+        /*
+         * need to do this in web.xml and restart ws
+         * removeServlet("/ca/adminEnroll", "AdminEnroll"); initGateway();
          */
     }
 
@@ -123,14 +121,14 @@ public class CMSGateway {
      * manager.
      */
     public static AuthCredentials getAuthCreds(
-        IAuthManager authMgr, IArgBlock argBlock, X509Certificate clientCert)
-        throws EBaseException {
+            IAuthManager authMgr, IArgBlock argBlock, X509Certificate clientCert)
+            throws EBaseException {
         // get credentials from http parameters.
         if (authMgr == null)
-          return null;
+            return null;
         String[] reqCreds = authMgr.getRequiredCreds();
         AuthCredentials creds = new AuthCredentials();
-        
+
         if (clientCert instanceof java.security.cert.X509Certificate) {
             try {
                 clientCert = new netscape.security.x509.X509CertImpl(clientCert.getEncoded());
@@ -144,8 +142,8 @@ public class CMSGateway {
 
             if (reqCred.equals(IAuthManager.CRED_SSL_CLIENT_CERT)) {
                 // cert could be null;
-                creds.set(reqCred, new X509Certificate[] { clientCert}
-                );
+                creds.set(reqCred, new X509Certificate[] { clientCert }
+                        );
             } else {
                 String value = argBlock.getValueAsString(reqCred);
 
@@ -163,9 +161,9 @@ public class CMSGateway {
     protected final static String AUTHMGR_PARAM = "authenticator";
 
     public static AuthToken checkAuthManager(
-        HttpServletRequest httpReq, IArgBlock httpParams, 
-        X509Certificate cert, String authMgrName)
-        throws EBaseException {
+            HttpServletRequest httpReq, IArgBlock httpParams,
+            X509Certificate cert, String authMgrName)
+            throws EBaseException {
         IArgBlock httpArgs = httpParams;
 
         if (httpArgs == null)
@@ -181,43 +179,43 @@ public class CMSGateway {
         }
 
         if (authMgrName == null || authMgrName.length() == 0) {
-            throw new EBaseException(CMS.getLogMessage("BASE_INTERNAL_ERROR_1", 
+            throw new EBaseException(CMS.getLogMessage("BASE_INTERNAL_ERROR_1",
                         CMS.getLogMessage("CMSGW_AUTH_MAN_EXPECTED")));
         }
-		
-        IAuthManager authMgr = 
-            authSub.getAuthManager(IAuthSubsystem.CERTUSERDB_AUTHMGR_ID);
+
+        IAuthManager authMgr =
+                authSub.getAuthManager(IAuthSubsystem.CERTUSERDB_AUTHMGR_ID);
 
         authMgr = authSub.getAuthManager(authMgrName);
         if (authMgr == null)
             return null;
-        IAuthCredentials creds = 
-            getAuthCreds(authMgr, CMS.createArgBlock(toHashtable(httpReq)), cert);
+        IAuthCredentials creds =
+                getAuthCreds(authMgr, CMS.createArgBlock(toHashtable(httpReq)), cert);
         AuthToken authToken = null;
 
         try {
-            authToken = (AuthToken) authMgr.authenticate(creds);	
+            authToken = (AuthToken) authMgr.authenticate(creds);
         } catch (EBaseException e) {
             throw e;
         } catch (Exception e) {
             CMS.debug("CMSGateway: " + e);
             // catch all errors from authentication manager.
-            throw new ECMSGWException(CMS.getLogMessage("CMSGW_AUTH_ERROR_2", 
+            throw new ECMSGWException(CMS.getLogMessage("CMSGW_AUTH_ERROR_2",
                         e.toString(), e.getMessage()));
         }
         return authToken;
     }
 
     public static void renderTemplate(
-        String templateName, 
-        HttpServletRequest req, 
-        HttpServletResponse resp,
-        ServletConfig servletConfig, 
-        CMSFileLoader fileLoader)
-        throws EBaseException, IOException {
-        CMSTemplate template = 
-            getTemplate(templateName, req, 
-                servletConfig, fileLoader, new Locale[1]);
+            String templateName,
+            HttpServletRequest req,
+            HttpServletResponse resp,
+            ServletConfig servletConfig,
+            CMSFileLoader fileLoader)
+            throws EBaseException, IOException {
+        CMSTemplate template =
+                getTemplate(templateName, req,
+                        servletConfig, fileLoader, new Locale[1]);
         ServletOutputStream out = resp.getOutputStream();
 
         template.renderOutput(out, new CMSTemplateParams(null, null));
@@ -240,8 +238,8 @@ public class CMSGateway {
      * @param locale array of at least one to be filled with locale found.
      */
     public static File getLangFile(
-        HttpServletRequest req, File realpathFile, Locale[] locale)
-        throws IOException {
+            HttpServletRequest req, File realpathFile, Locale[] locale)
+            throws IOException {
         File file = null;
         String acceptLang = req.getHeader("accept-language");
 
@@ -258,7 +256,7 @@ public class CMSGateway {
                 }
                 String name = realpathFile.getName();
 
-                if (name == null) {  // filename should never be null.
+                if (name == null) { // filename should never be null.
                     throw new IOException("file has no name");
                 }
                 int i;
@@ -287,8 +285,8 @@ public class CMSGateway {
                     }
 
                     String langfilepath =
-                        parent + File.separatorChar +
-                        lang + File.separatorChar + name;
+                            parent + File.separatorChar +
+                                    lang + File.separatorChar + name;
 
                     file = new File(langfilepath);
                     if (file.exists()) {
@@ -311,54 +309,54 @@ public class CMSGateway {
     }
 
     /**
-     * get a template 
+     * get a template
      */
     protected static CMSTemplate getTemplate(
-        String templateName, 
-        HttpServletRequest httpReq, 
-        ServletConfig servletConfig, 
-        CMSFileLoader fileLoader, 
-        Locale[] locale)
-        throws EBaseException, IOException {
+            String templateName,
+            HttpServletRequest httpReq,
+            ServletConfig servletConfig,
+            CMSFileLoader fileLoader,
+            Locale[] locale)
+            throws EBaseException, IOException {
         // this converts to system dependent file seperator char.
         if (servletConfig == null) {
-	        CMS.debug( "CMSGateway:getTemplate() - servletConfig is null!" );
+            CMS.debug("CMSGateway:getTemplate() - servletConfig is null!");
             return null;
         }
         if (servletConfig.getServletContext() == null) {
         }
         if (templateName == null) {
         }
-        String realpath = 
-            servletConfig.getServletContext().getRealPath("/" + templateName);
+        String realpath =
+                servletConfig.getServletContext().getRealPath("/" + templateName);
         File realpathFile = new File(realpath);
-        File templateFile = 
-            getLangFile(httpReq, realpathFile, locale);
-        CMSTemplate template = 
-            //(CMSTemplate)fileLoader.getCMSFile(templateFile);
-            (CMSTemplate) fileLoader.getCMSFile(templateFile, httpReq.getCharacterEncoding());
+        File templateFile =
+                getLangFile(httpReq, realpathFile, locale);
+        CMSTemplate template =
+                // (CMSTemplate)fileLoader.getCMSFile(templateFile);
+                (CMSTemplate) fileLoader.getCMSFile(templateFile, httpReq.getCharacterEncoding());
 
         return template;
     }
 
     /**
-     * Get the If-Modified-Since header and compare it to the millisecond
-     * epoch value passed in.  If there is no header, or there is a problem
-     * parsing the value, or if the file has been modified this will return 
-     * true, indicating the file has changed.
-     *
+     * Get the If-Modified-Since header and compare it to the millisecond epoch
+     * value passed in. If there is no header, or there is a problem parsing the
+     * value, or if the file has been modified this will return true, indicating
+     * the file has changed.
+     * 
      * @param lastModified The time value in milliseconds past the epoch to
-     * compare the If-Modified-Since header to.
+     *            compare the If-Modified-Since header to.
      */
     public static boolean modifiedSince(HttpServletRequest req, long lastModified) {
         long ifModSinceStr;
 
         try {
             ifModSinceStr = req.getDateHeader("If-Modified-Since");
-        }catch (IllegalArgumentException e) {
+        } catch (IllegalArgumentException e) {
             return true;
         }
-			
+
         if (ifModSinceStr < 0) {
             return true;
         }
@@ -371,4 +369,3 @@ public class CMSGateway {
     }
 
 }
-
diff --git a/pki/base/common/src/com/netscape/cms/servlet/common/CMSLoadTemplate.java b/pki/base/common/src/com/netscape/cms/servlet/common/CMSLoadTemplate.java
index ca5abf03..62276df1 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/common/CMSLoadTemplate.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/common/CMSLoadTemplate.java
@@ -17,12 +17,9 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.servlet.common;
 
-
-
-
 /**
- * handy class containing cms templates to load & fill. 
- *
+ * handy class containing cms templates to load & fill.
+ * 
  * @version $Revision$, $Date$
  */
 public class CMSLoadTemplate {
@@ -35,9 +32,9 @@ public class CMSLoadTemplate {
     }
 
     public CMSLoadTemplate(
-        String propName, String fillerPropName, 
-        String templateName, ICMSTemplateFiller filler) {
-		
+            String propName, String fillerPropName,
+            String templateName, ICMSTemplateFiller filler) {
+
         mPropName = propName;
         mFillerPropName = fillerPropName;
         mTemplateName = templateName;
diff --git a/pki/base/common/src/com/netscape/cms/servlet/common/CMSRequest.java b/pki/base/common/src/com/netscape/cms/servlet/common/CMSRequest.java
index 27f1d3a5..53f9ac22 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/common/CMSRequest.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/common/CMSRequest.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.servlet.common;
 
-
 import java.util.Hashtable;
 import java.util.Vector;
 
@@ -35,7 +34,7 @@ import com.netscape.certsrv.request.RequestStatus;
 
 /**
  * This represents a user request.
- *
+ * 
  * @version $Revision$, $Date$
  */
 public class CMSRequest {
@@ -46,7 +45,8 @@ public class CMSRequest {
     public static final Integer SVC_PENDING = Integer.valueOf(4);
     public static final Integer REJECTED = Integer.valueOf(5);
     public static final Integer ERROR = Integer.valueOf(6);
-    public static final Integer EXCEPTION = Integer.valueOf(7); // unexpected error.
+    public static final Integer EXCEPTION = Integer.valueOf(7); // unexpected
+                                                                // error.
 
     private static final String RESULT = "cmsRequestResult";
 
@@ -59,7 +59,7 @@ public class CMSRequest {
     // http headers & other info.
     private HttpServletRequest mHttpReq = null;
 
-    // http response. 
+    // http response.
     private HttpServletResponse mHttpResp = null;
 
     // http servlet config.
@@ -68,11 +68,11 @@ public class CMSRequest {
     // http servlet context.
     private ServletContext mServletContext = null;
 
-    // permanent request in request queue. 
+    // permanent request in request queue.
     private IRequest mRequest = null;
 
     // whether request processed successfully
-    private Integer mStatus = SUCCESS; 
+    private Integer mStatus = SUCCESS;
 
     // exception message containing error that occured.
     // note exception could also be thrown seperately.
@@ -85,13 +85,13 @@ public class CMSRequest {
     Object mResult = null;
     Hashtable mResults = new Hashtable();
 
-	/**
+    /**
      * Constructor
      */
     public CMSRequest() {
     }
 
-    // set methods use by servlets. 
+    // set methods use by servlets.
 
     /**
      * set the HTTP parameters
@@ -115,46 +115,46 @@ public class CMSRequest {
     }
 
     /**
-     * set the HTTP Response object which is used to create the
-     * HTTP response which is sent back to the user
+     * set the HTTP Response object which is used to create the HTTP response
+     * which is sent back to the user
      */
     public void setHttpResp(HttpServletResponse httpResp) {
         mHttpResp = httpResp;
     }
 
     /**
-     * set the servlet configuration. The servlet configuration is
-     * read from the WEB-APPS/web.xml file under the &lt;servlet&gt;
-     * XML definition. The parameters are delimited by init-param
-     * param-name/param-value options as described in the servlet
-     * documentation.
+     * set the servlet configuration. The servlet configuration is read from the
+     * WEB-APPS/web.xml file under the &lt;servlet&gt; XML definition. The
+     * parameters are delimited by init-param param-name/param-value options as
+     * described in the servlet documentation.
      */
     public void setServletConfig(ServletConfig servletConfig) {
         mServletConfig = servletConfig;
     }
 
-	/* 
-     * set the servlet context. the servletcontext has detail
-     * about the currently running request
+    /*
+     * set the servlet context. the servletcontext has detail about the
+     * currently running request
      */
     public void setServletContext(ServletContext servletContext) {
         mServletContext = servletContext;
     }
 
-	/**
-	 * Set request status. 
-	 * @param status request status. Allowed values are
-     * UNAUTHORIZED, SUCCESS, REJECTED, PENDING,  ERROR, SVC_PENDING
+    /**
+     * Set request status.
+     * 
+     * @param status request status. Allowed values are UNAUTHORIZED, SUCCESS,
+     *            REJECTED, PENDING, ERROR, SVC_PENDING
      * @throws IllegalArgumentException if status is not one of the above values
      */
     public void setStatus(Integer status) {
-        if ( !status.equals( UNAUTHORIZED ) && 
-             !status.equals( SUCCESS )      &&
-             !status.equals( REJECTED )     && 
-             !status.equals( PENDING )      &&
-             !status.equals( ERROR )        && 
-             !status.equals( SVC_PENDING )  &&
-             !status.equals( EXCEPTION ) ) { 
+        if (!status.equals(UNAUTHORIZED) &&
+                !status.equals(SUCCESS) &&
+                !status.equals(REJECTED) &&
+                !status.equals(PENDING) &&
+                !status.equals(ERROR) &&
+                !status.equals(SVC_PENDING) &&
+                !status.equals(EXCEPTION)) {
             throw new IllegalArgumentException(CMS.getLogMessage("CMSGW_BAD_REQ_STATUS"));
         }
         mStatus = status;
@@ -169,9 +169,9 @@ public class CMSRequest {
     }
 
     public void setErrorDescription(String descr) {
-        if (mErrorDescr == null) 
+        if (mErrorDescr == null)
             mErrorDescr = new Vector();
-        mErrorDescr.addElement(descr); 
+        mErrorDescr.addElement(descr);
     }
 
     public void setResult(Object result) {
@@ -235,7 +235,7 @@ public class CMSRequest {
         return reason;
     }
 
-    // handy routines for IRequest. 
+    // handy routines for IRequest.
 
     public void setExtData(String type, String value) {
         if (mRequest != null) {
@@ -251,7 +251,7 @@ public class CMSRequest {
         }
     }
 
-    // policy errors; set on rejection or possibly deferral. 
+    // policy errors; set on rejection or possibly deferral.
     public Vector getPolicyMessages() {
         if (mRequest != null) {
             return mRequest.getExtDataInStringVector(IRequest.ERRORS);
@@ -259,13 +259,13 @@ public class CMSRequest {
         return null;
     }
 
-    /** 
-     * set default CMS status according to IRequest status. 
+    /**
+     * set default CMS status according to IRequest status.
      */
     public void setIRequestStatus() throws EBaseException {
         if (mRequest == null) {
-            EBaseException e = 
-                new ECMSGWException(CMS.getLogMessage("CMSGW_MISSING_REQUEST"));
+            EBaseException e =
+                    new ECMSGWException(CMS.getLogMessage("CMSGW_MISSING_REQUEST"));
 
             throw e;
         }
@@ -277,11 +277,11 @@ public class CMSRequest {
             mStatus = CMSRequest.SUCCESS;
             return;
         }
-        // unexpected resulting request status. 
+        // unexpected resulting request status.
         if (status == RequestStatus.REJECTED) {
             mStatus = CMSRequest.REJECTED;
             return;
-        } // pending or service pending. 
+        } // pending or service pending.
         else if (status == RequestStatus.PENDING) {
             mStatus = CMSRequest.PENDING;
             return;
@@ -292,8 +292,8 @@ public class CMSRequest {
             RequestId reqId = mRequest.getRequestId();
 
             throw new ECMSGWException(
-                    CMS.getLogMessage("CMSGW_UNEXPECTED_REQUEST_STATUS_2", 
-                        status.toString(), reqId.toString()));
+                    CMS.getLogMessage("CMSGW_UNEXPECTED_REQUEST_STATUS_2",
+                            status.toString(), reqId.toString()));
         }
     }
 
diff --git a/pki/base/common/src/com/netscape/cms/servlet/common/CMSTemplate.java b/pki/base/common/src/com/netscape/cms/servlet/common/CMSTemplate.java
index b90278fa..748b769e 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/common/CMSTemplate.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/common/CMSTemplate.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.servlet.common;
 
-
 import java.io.BufferedReader;
 import java.io.File;
 import java.io.FileInputStream;
@@ -39,23 +38,21 @@ import com.netscape.certsrv.base.EBaseException;
 import com.netscape.certsrv.base.IArgBlock;
 import com.netscape.certsrv.logging.ILogger;
 
-
 /**
- * File templates. This implementation will take 
- * an HTML file with a special customer tag
- * &lt;CMS_TEMPLATE&gt; and replace the tag with
- * a series of javascript variable definitions
- * (depending on the servlet)
- *
+ * File templates. This implementation will take an HTML file with a special
+ * customer tag &lt;CMS_TEMPLATE&gt; and replace the tag with a series of
+ * javascript variable definitions (depending on the servlet)
+ * 
  * @version $Revision$, $Date$
  */
 public class CMSTemplate extends CMSFile {
 
     public static final String SUFFIX = ".template";
 
-    /*==========================================================
-     * variables
-     *==========================================================*/
+    /*
+     * ========================================================== variables
+     * ==========================================================
+     */
 
     /* private variables */
     private String mTemplateFileName = "";
@@ -68,19 +65,21 @@ public class CMSTemplate extends CMSFile {
     public static final String TEMPLATE_TAG = "<CMS_TEMPLATE>";
 
     /* Character set for i18n */
-    
+
     /* Will be set by CMSServlet.getTemplate() */
     private String mCharset = null;
 
-    /*==========================================================
-     * constructors
-     *==========================================================*/
+    /*
+     * ========================================================== constructors
+     * ==========================================================
+     */
 
     /**
      * Constructor
+     * 
      * @param file template file to load
      * @param charset character set
-	 * @throws IOException if the there was an error opening the file
+     * @throws IOException if the there was an error opening the file
      */
     public CMSTemplate(File file, String charset) throws IOException, EBaseException {
         mCharset = charset;
@@ -89,8 +88,8 @@ public class CMSTemplate extends CMSFile {
         try {
             init(file);
         } catch (IOException e) {
-            log(ILogger.LL_FAILURE, 
-                CMS.getLogMessage("CMSGW_CANT_LOAD_TEMPLATE", mAbsPath, e.toString()));
+            log(ILogger.LL_FAILURE,
+                    CMS.getLogMessage("CMSGW_CANT_LOAD_TEMPLATE", mAbsPath, e.toString()));
             throw new ECMSGWException(
                     CMS.getLogMessage("CMSGW_ERROR_LOADING_TEMPLATE"));
         }
@@ -99,16 +98,17 @@ public class CMSTemplate extends CMSFile {
         mContent = content.getBytes(mCharset);
     }
 
-    /*==========================================================
-     * public methods
-     *==========================================================*/
+    /*
+     * ========================================================== public methods
+     * ==========================================================
+     */
 
     /* *
-     * Load the form from the file and setup the
-     * pre/post output buffer if it is a template
-     * file. Otherwise, only post output buffer is
-     * filled.
+     * Load the form from the file and setup the pre/post output buffer if it is
+     * a template file. Otherwise, only post output buffer is filled.
+     * 
      * @param template the template file to load
+     * 
      * @return true if successful
      */
     public boolean init(File template) throws EBaseException, IOException {
@@ -128,8 +128,9 @@ public class CMSTemplate extends CMSFile {
 
         mTimeStamp = now.getTime();
 
-        /* if template file, find template tag substring and set
-         * pre/post output string
+        /*
+         * if template file, find template tag substring and set pre/post output
+         * string
          */
         int location = content.indexOf(TEMPLATE_TAG);
 
@@ -137,8 +138,8 @@ public class CMSTemplate extends CMSFile {
             log(ILogger.LL_FAILURE, CMS.getLogMessage(
                     "CMSGW_TEMPLATE_MISSING", mAbsPath, TEMPLATE_TAG));
             throw new ECMSGWException(
-                    CMS.getLogMessage("CMSGW_MISSING_TEMPLATE_TAG_2", 
-                        TEMPLATE_TAG, mAbsPath));
+                    CMS.getLogMessage("CMSGW_MISSING_TEMPLATE_TAG_2",
+                            TEMPLATE_TAG, mAbsPath));
         }
         mPreOutput = content.substring(0, location);
         mPostOutput = content.substring(TEMPLATE_TAG.length() + location);
@@ -146,16 +147,17 @@ public class CMSTemplate extends CMSFile {
         return true;
     }
 
-	/**
-	 * Write a javascript representation of 'input' 
-     * surrounded by SCRIPT tags to the outputstream
+    /**
+     * Write a javascript representation of 'input' surrounded by SCRIPT tags to
+     * the outputstream
+     * 
      * @param rout the outputstream to write to
      * @param input the parameters to write
      */
     public void renderOutput(OutputStream rout, CMSTemplateParams input)
-        throws IOException {
+            throws IOException {
         Enumeration<String> e = null;
-        Enumeration<IArgBlock>  q = null;
+        Enumeration<IArgBlock> q = null;
         IArgBlock r = null;
         boolean headerBlock = false, fixedBlock = false, queryBlock = false;
         CMSTemplateParams data = (CMSTemplateParams) input;
@@ -165,7 +167,7 @@ public class CMSTemplate extends CMSFile {
             http_out = new HTTPOutputStreamWriter(rout);
         else
             http_out = new HTTPOutputStreamWriter(rout, mCharset);
-        
+
         try {
             templateLine out = new templateLine();
 
@@ -179,7 +181,7 @@ public class CMSTemplate extends CMSFile {
             out.println("var recordSet = new Array;");
             out.println("var result = new Object();");
 
-            // hack 
+            // hack
             out.println("var httpParamsCount = 0;");
             out.println("var httpHeadersCount = 0;");
             out.println("var authTokenCount = 0;");
@@ -194,7 +196,7 @@ public class CMSTemplate extends CMSFile {
                 e = r.elements();
                 while (e.hasMoreElements()) {
                     headerBlock = true;
-                    String n =  e.nextElement();
+                    String n = e.nextElement();
                     Object v = r.getValue(n);
 
                     out.println("header." + n + " = " + renderValue(v) + ";");
@@ -228,7 +230,7 @@ public class CMSTemplate extends CMSFile {
                     out.println("record.SERVER_ATTRS = new Array;");
 
                     // Get a query record
-                    r =  q.nextElement();
+                    r = q.nextElement();
                     e = r.elements();
                     while (e.hasMoreElements()) {
                         String n = e.nextElement();
@@ -241,11 +243,11 @@ public class CMSTemplate extends CMSFile {
                 out.println("record.recordSet = recordSet;");
             }
 
-            //if (headerBlock)
+            // if (headerBlock)
             out.println("result.header = header;");
-            //if (fixedBlock)
+            // if (fixedBlock)
             out.println("result.fixed = fixed;");
-            //if (queryBlock)
+            // if (queryBlock)
             out.println("result.recordSet = recordSet;");
             out.println("</SCRIPT>");
             out.println(mPostOutput);
@@ -257,15 +259,14 @@ public class CMSTemplate extends CMSFile {
     }
 
     /**
-     * Ouput the pre-amble HTML Header including
-     * the pre-output buffer.
-     *
+     * Ouput the pre-amble HTML Header including the pre-output buffer.
+     * 
      * @param out output stream specified
      * @return success or error
      */
     public boolean outputProlog(PrintWriter out) {
 
-        //Debug.trace("FormCache:outputProlog");
+        // Debug.trace("FormCache:outputProlog");
 
         /* output pre-output buffer */
         out.print(mPreOutput);
@@ -279,9 +280,8 @@ public class CMSTemplate extends CMSFile {
     }
 
     /**
-     * Output the post HTML tags and post-output
-     * buffer.
-     *
+     * Output the post HTML tags and post-output buffer.
+     * 
      * @param out output stream specified
      * @return success or error
      */
@@ -300,11 +300,12 @@ public class CMSTemplate extends CMSFile {
         return mAbsPath;
     }
 
-    // inherit getabspath, getContent, get last access and set last access 
+    // inherit getabspath, getContent, get last access and set last access
 
-    /*==========================================================
-     * private methods
-     *==========================================================*/
+    /*
+     * ========================================================== private
+     * methods==========================================================
+     */
 
     /* load file into string */
     private String loadFile(File template) throws IOException {
@@ -313,7 +314,8 @@ public class CMSTemplate extends CMSFile {
 
         /* create input stream, can throw IOException */
         FileInputStream inStream = new FileInputStream(template);
-        InputStreamReader inReader = new InputStreamReader(inStream, mCharset);;
+        InputStreamReader inReader = new InputStreamReader(inStream, mCharset);
+        ;
         BufferedReader in = new BufferedReader(inReader);
         StringBuffer buf = new StringBuffer();
         String line;
@@ -326,8 +328,8 @@ public class CMSTemplate extends CMSFile {
             in.close();
             inStream.close();
         } catch (IOException e) {
-            log(ILogger.LL_WARN, 
-                CMS.getLogMessage("CMSGW_ERR_CLOSE_TEMPL_FILE", mAbsPath, e.getMessage()));
+            log(ILogger.LL_WARN,
+                    CMS.getLogMessage("CMSGW_ERR_CLOSE_TEMPL_FILE", mAbsPath, e.getMessage()));
         }
         return buf.toString();
     }
@@ -354,8 +356,8 @@ public class CMSTemplate extends CMSFile {
             }
         } else if (v instanceof BigInteger) {
             s = ((BigInteger) v).toString(10);
-        } else if (v instanceof Character && 
-            ((Character) v).equals(Character.valueOf((char) 0))) {
+        } else if (v instanceof Character &&
+                ((Character) v).equals(Character.valueOf((char) 0))) {
             s = "null";
         } else {
             s = "\"" + v.toString() + "\"";
@@ -365,10 +367,10 @@ public class CMSTemplate extends CMSFile {
     }
 
     /**
-     * Escape the contents of src string in preparation to be enclosed in
-     * double quotes as a JavaScript String Literal within an <script>
-     * portion of an HTML document.
-     * stevep - performance improvements - about 4 times faster than before.
+     * Escape the contents of src string in preparation to be enclosed in double
+     * quotes as a JavaScript String Literal within an <script> portion of an
+     * HTML document. stevep - performance improvements - about 4 times faster
+     * than before.
      */
     public static String escapeJavaScriptString(String v) {
         int l = v.length();
@@ -381,25 +383,25 @@ public class CMSTemplate extends CMSFile {
         for (int i = 0; i < l; i++) {
             char c = in[i];
 
-            if ((c > 0x23) && (c!= 0x5c) && (c!= 0x3c) && (c!= 0x3e)) {
+            if ((c > 0x23) && (c != 0x5c) && (c != 0x3c) && (c != 0x3e)) {
                 out[j++] = c;
                 continue;
             }
 
-            if ((c == 0x5c) && ((i+1)<l) && (in[i+1] == 'n' ||
-                 in[i+1] == 'r' || in[i+1] == 'f' || in[i+1] == 't' ||
-                 in[i+1] == '<' || in[i+1] == '>' ||
-                 in[i+1] == '\"' || in[i+1] == '\'' || in[i+1] == '\\')) {
-                if (in[i+1] == 'x' && ((i+3)<l) && in[i+2] == '3' &&
-                    (in[i+3] == 'c' || in[i+3] == 'e')) {
+            if ((c == 0x5c) && ((i + 1) < l) && (in[i + 1] == 'n' ||
+                    in[i + 1] == 'r' || in[i + 1] == 'f' || in[i + 1] == 't' ||
+                    in[i + 1] == '<' || in[i + 1] == '>' ||
+                    in[i + 1] == '\"' || in[i + 1] == '\'' || in[i + 1] == '\\')) {
+                if (in[i + 1] == 'x' && ((i + 3) < l) && in[i + 2] == '3' &&
+                        (in[i + 3] == 'c' || in[i + 3] == 'e')) {
                     out[j++] = '\\';
-                    out[j++] = in[i+1];
-                    out[j++] = in[i+2];
-                    out[j++] = in[i+3];
+                    out[j++] = in[i + 1];
+                    out[j++] = in[i + 2];
+                    out[j++] = in[i + 3];
                     i += 3;
-                } else { 
+                } else {
                     out[j++] = '\\';
-                    out[j++] = in[i+1];
+                    out[j++] = in[i + 1];
                     i++;
                 }
                 continue;
@@ -457,9 +459,9 @@ public class CMSTemplate extends CMSFile {
         return new String(out, 0, j);
     }
 
-    /** 
-     * Like escapeJavaScriptString(String s) but also escape '[' for 
-     * HTML processing. 
+    /**
+     * Like escapeJavaScriptString(String s) but also escape '[' for HTML
+     * processing.
      */
     public static String escapeJavaScriptStringHTML(String v) {
         int l = v.length();
@@ -477,20 +479,20 @@ public class CMSTemplate extends CMSFile {
                 continue;
             }
 
-            if ((c == 0x5c) && ((i+1)<l) && (in[i+1] == 'n' ||
-                 in[i+1] == 'r' || in[i+1] == 'f' || in[i+1] == 't' ||
-                 in[i+1] == '<' || in[i+1] == '>' ||
-                 in[i+1] == '\"' || in[i+1] == '\'' || in[i+1] == '\\')) {
-                if (in[i+1] == 'x' && ((i+3)<l) && in[i+2] == '3' &&
-                    (in[i+3] == 'c' || in[i+3] == 'e')) {
+            if ((c == 0x5c) && ((i + 1) < l) && (in[i + 1] == 'n' ||
+                    in[i + 1] == 'r' || in[i + 1] == 'f' || in[i + 1] == 't' ||
+                    in[i + 1] == '<' || in[i + 1] == '>' ||
+                    in[i + 1] == '\"' || in[i + 1] == '\'' || in[i + 1] == '\\')) {
+                if (in[i + 1] == 'x' && ((i + 3) < l) && in[i + 2] == '3' &&
+                        (in[i + 3] == 'c' || in[i + 3] == 'e')) {
                     out[j++] = '\\';
-                    out[j++] = in[i+1];
-                    out[j++] = in[i+2];
-                    out[j++] = in[i+3];
+                    out[j++] = in[i + 1];
+                    out[j++] = in[i + 2];
+                    out[j++] = in[i + 3];
                     i += 3;
-                } else { 
+                } else {
                     out[j++] = '\\';
-                    out[j++] = in[i+1];
+                    out[j++] = in[i + 1];
                     i++;
                 }
                 continue;
@@ -551,25 +553,24 @@ public class CMSTemplate extends CMSFile {
      * for debugging, return contents that would've been outputed.
      */
     public String getOutput(CMSTemplateParams input)
-        throws IOException {
+            throws IOException {
         debugOutputStream out = new debugOutputStream();
 
         renderOutput(out, input);
         return out.toString();
     }
 
-    private
-    class HTTPOutputStreamWriter extends OutputStreamWriter {
+    private class HTTPOutputStreamWriter extends OutputStreamWriter {
         public HTTPOutputStreamWriter(OutputStream out)
-            throws UnsupportedEncodingException {
+                throws UnsupportedEncodingException {
             super(out);
         }
-    
+
         public HTTPOutputStreamWriter(OutputStream out, String enc)
-            throws UnsupportedEncodingException {
+                throws UnsupportedEncodingException {
             super(out, enc);
         }
-    
+
         public void print(String s) throws IOException {
             write(s, 0, s.length());
             flush();
@@ -577,9 +578,9 @@ public class CMSTemplate extends CMSFile {
         }
     }
 
-
     private class templateLine {
         private StringBuffer s = new StringBuffer();
+
         void println(String p) {
             s.append('\n');
             s.append(p);
@@ -595,7 +596,6 @@ public class CMSTemplate extends CMSFile {
 
     }
 
-
     private static class debugOutputStream extends ServletOutputStream {
         private StringWriter mStringWriter = new StringWriter();
 
@@ -604,7 +604,7 @@ public class CMSTemplate extends CMSFile {
         }
 
         public void write(int b) throws IOException {
-            mStringWriter.write(b);			
+            mStringWriter.write(b);
         }
 
         public String toString() {
diff --git a/pki/base/common/src/com/netscape/cms/servlet/common/CMSTemplateParams.java b/pki/base/common/src/com/netscape/cms/servlet/common/CMSTemplateParams.java
index 4f8cfc2a..ce2c26c3 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/common/CMSTemplateParams.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/common/CMSTemplateParams.java
@@ -17,16 +17,14 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.servlet.common;
 
-
 import java.util.Enumeration;
 import java.util.Vector;
 
 import com.netscape.certsrv.base.IArgBlock;
 
-
 /**
  * Holds template parameters
- *
+ * 
  * @version $Revision$, $Date$
  */
 public class CMSTemplateParams {
diff --git a/pki/base/common/src/com/netscape/cms/servlet/common/ECMSGWException.java b/pki/base/common/src/com/netscape/cms/servlet/common/ECMSGWException.java
index 0cd1102d..e8b848f7 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/common/ECMSGWException.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/common/ECMSGWException.java
@@ -17,14 +17,12 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.servlet.common;
 
-
 import com.netscape.certsrv.base.EBaseException;
 
-
 /**
  * A class represents a CMS gateway exception.
  * <P>
- *
+ * 
  * @version $Revision$, $Date$
  */
 public class ECMSGWException extends EBaseException {
@@ -36,7 +34,7 @@ public class ECMSGWException extends EBaseException {
     /**
      * CA resource class name.
      */
-    private static final String CMSGW_RESOURCES = CMSGWResources.class.getName();		
+    private static final String CMSGW_RESOURCES = CMSGWResources.class.getName();
 
     /**
      * Constructs a CMS Gateway exception.
diff --git a/pki/base/common/src/com/netscape/cms/servlet/common/GenErrorTemplateFiller.java b/pki/base/common/src/com/netscape/cms/servlet/common/GenErrorTemplateFiller.java
index 6debd2c7..b0032479 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/common/GenErrorTemplateFiller.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/common/GenErrorTemplateFiller.java
@@ -16,7 +16,6 @@
 // All rights reserved.
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.servlet.common;
- 
 
 import java.util.Enumeration;
 import java.util.Locale;
@@ -27,10 +26,9 @@ import com.netscape.certsrv.authority.IAuthority;
 import com.netscape.certsrv.base.EBaseException;
 import com.netscape.certsrv.base.IArgBlock;
 
-
 /**
- * Default error template filler 
- *
+ * Default error template filler
+ * 
  * @version $Revision$, $Date$
  */
 public class GenErrorTemplateFiller implements ICMSTemplateFiller {
@@ -38,14 +36,15 @@ public class GenErrorTemplateFiller implements ICMSTemplateFiller {
     }
 
     /**
-     * fill error details and description if any. 
+     * fill error details and description if any.
+     * 
      * @param cmsReq the CMS Request.
      * @param authority the authority
      * @param locale the locale of template.
      * @param e unexpected error. ignored.
      */
     public CMSTemplateParams getTemplateParams(
-        CMSRequest cmsReq, IAuthority authority, Locale locale, Exception e) {
+            CMSRequest cmsReq, IAuthority authority, Locale locale, Exception e) {
         IArgBlock fixed = CMS.createArgBlock();
         CMSTemplateParams params = new CMSTemplateParams(null, fixed);
 
@@ -53,21 +52,22 @@ public class GenErrorTemplateFiller implements ICMSTemplateFiller {
         if (cmsReq != null) {
             Integer sts = cmsReq.getStatus();
 
-            if (sts != null) 
+            if (sts != null)
                 fixed.set(ICMSTemplateFiller.REQUEST_STATUS, sts.toString());
         } else {
-            CMS.debug( "GenErrorTemplateFiller::getTemplateParams() - " +
-                       "cmsReq is null!" );
+            CMS.debug("GenErrorTemplateFiller::getTemplateParams() - " +
+                       "cmsReq is null!");
             return null;
         }
-		
-        // error 
+
+        // error
         String ex = cmsReq.getError();
 
         // Changed by beomsuk
-        /*if (ex == null) 
-         ex = new EBaseException(CMS.getLogMessage("BASE_UNKNOWN_ERROR"));
-         fixed.set(ICMSTemplateFiller.ERROR, ex.toString(locale));
+        /*
+         * if (ex == null) ex = new
+         * EBaseException(CMS.getLogMessage("BASE_UNKNOWN_ERROR"));
+         * fixed.set(ICMSTemplateFiller.ERROR, ex.toString(locale));
          */
         if ((ex == null) && (cmsReq.getReason() == null))
             ex = new EBaseException(CMS.getLogMessage("BASE_UNKNOWN_ERROR")).toString();
@@ -75,9 +75,9 @@ public class GenErrorTemplateFiller implements ICMSTemplateFiller {
             fixed.set(ICMSTemplateFiller.ERROR, ex);
         else if (cmsReq.getReason() != null)
             fixed.set(ICMSTemplateFiller.ERROR, cmsReq.getReason());
-            // Change end
-        
-            // error description if any.
+        // Change end
+
+        // error description if any.
         Vector descr = cmsReq.getErrorDescr();
 
         if (descr != null) {
@@ -85,20 +85,19 @@ public class GenErrorTemplateFiller implements ICMSTemplateFiller {
 
             while (num.hasMoreElements()) {
                 String elem = (String) num.nextElement();
-                //System.out.println("Setting description "+elem.toString());
+                // System.out.println("Setting description "+elem.toString());
                 IArgBlock argBlock = CMS.createArgBlock();
 
-                argBlock.set(ICMSTemplateFiller.ERROR_DESCR, 
-                    elem);
+                argBlock.set(ICMSTemplateFiller.ERROR_DESCR,
+                        elem);
                 params.addRepeatRecord(argBlock);
             }
         }
 
         // this authority
-        if (authority != null) 
-            fixed.set(ICMSTemplateFiller.AUTHORITY, 
-                authority.getOfficialName());
+        if (authority != null)
+            fixed.set(ICMSTemplateFiller.AUTHORITY,
+                    authority.getOfficialName());
         return params;
     }
 }
-
diff --git a/pki/base/common/src/com/netscape/cms/servlet/common/GenPendingTemplateFiller.java b/pki/base/common/src/com/netscape/cms/servlet/common/GenPendingTemplateFiller.java
index 15456865..c5a0d9a5 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/common/GenPendingTemplateFiller.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/common/GenPendingTemplateFiller.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.servlet.common;
 
-
 import java.io.ByteArrayInputStream;
 import java.io.ByteArrayOutputStream;
 import java.io.OutputStream;
@@ -59,10 +58,9 @@ import com.netscape.certsrv.ra.IRegistrationAuthority;
 import com.netscape.certsrv.request.IRequest;
 import com.netscape.certsrv.request.RequestId;
 
-
 /**
- * default Pending template filler 
- *
+ * default Pending template filler
+ * 
  * @version $Revision$, $Date$
  */
 public class GenPendingTemplateFiller implements ICMSTemplateFiller {
@@ -72,28 +70,29 @@ public class GenPendingTemplateFiller implements ICMSTemplateFiller {
     }
 
     /**
-     * fill error details and description if any. 
+     * fill error details and description if any.
+     * 
      * @param cmsReq CMS Request
      * @param authority this authority
      * @param locale locale of template.
      * @param e unexpected exception e. ignored.
      */
     public CMSTemplateParams getTemplateParams(
-        CMSRequest cmsReq, IAuthority authority, Locale locale, Exception e) {
+            CMSRequest cmsReq, IAuthority authority, Locale locale, Exception e) {
         IArgBlock fixed = CMS.createArgBlock();
         CMSTemplateParams params = new CMSTemplateParams(null, fixed);
 
-        if( cmsReq == null ) {
+        if (cmsReq == null) {
             return null;
         }
 
         // request status if any.
         Integer sts = cmsReq.getStatus();
 
-        if (sts != null) 
+        if (sts != null)
             fixed.set(ICMSTemplateFiller.REQUEST_STATUS, sts.toString());
 
-        // request id 
+        // request id
         IRequest req = cmsReq.getIRequest();
 
         if (req != null) {
@@ -109,17 +108,17 @@ public class GenPendingTemplateFiller implements ICMSTemplateFiller {
                 PendInfo pendInfo = new PendInfo(reqId.toString(), new
                         Date());
                 OtherInfo otherInfo = new
-                    OtherInfo(OtherInfo.PEND, null, pendInfo);
+                        OtherInfo(OtherInfo.PEND, null, pendInfo);
                 SEQUENCE bpids = new SEQUENCE();
                 String[] reqIdArray =
-                    req.getExtDataInStringArray(IRequest.CMC_REQIDS);
+                        req.getExtDataInStringArray(IRequest.CMC_REQIDS);
 
                 for (int i = 0; i < reqIdArray.length; i++) {
                     bpids.addElement(new INTEGER(reqIdArray[i]));
                 }
                 CMCStatusInfo cmcStatusInfo = new
-                    CMCStatusInfo(CMCStatusInfo.PENDING, bpids,
-                        (String) null, otherInfo);
+                        CMCStatusInfo(CMCStatusInfo.PENDING, bpids,
+                                (String) null, otherInfo);
                 TaggedAttribute ta = new TaggedAttribute(new
                         INTEGER(bpid++),
                         OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo,
@@ -130,7 +129,7 @@ public class GenPendingTemplateFiller implements ICMSTemplateFiller {
                 // create recipientNonce
                 // create responseInfo if regInfo exist
                 String[] transIds =
-                    req.getExtDataInStringArray(IRequest.CMC_TRANSID);
+                        req.getExtDataInStringArray(IRequest.CMC_TRANSID);
                 SET ids = new SET();
 
                 for (int i = 0; i < transIds.length; i++) {
@@ -167,7 +166,7 @@ public class GenPendingTemplateFiller implements ICMSTemplateFiller {
                     dig = salt.getBytes();
                 }
                 String b64E = CMS.BtoA(dig);
-                String[] newNonce = {b64E};
+                String[] newNonce = { b64E };
 
                 ta = new TaggedAttribute(new
                             INTEGER(bpid++),
@@ -180,13 +179,13 @@ public class GenPendingTemplateFiller implements ICMSTemplateFiller {
                         SEQUENCE(), new
                         SEQUENCE());
                 EncapsulatedContentInfo ci = new
-                    EncapsulatedContentInfo(OBJECT_IDENTIFIER.id_cct_PKIResponse,
-                        rb);
+                        EncapsulatedContentInfo(OBJECT_IDENTIFIER.id_cct_PKIResponse,
+                                rb);
                 org.mozilla.jss.crypto.X509Certificate x509cert = null;
 
                 if (authority instanceof ICertificateAuthority) {
                     x509cert = ((ICertificateAuthority) authority).getCaX509Cert();
-                }else if (authority instanceof IRegistrationAuthority) {
+                } else if (authority instanceof IRegistrationAuthority) {
                     x509cert = ((IRegistrationAuthority) authority).getRACert();
                 }
                 if (x509cert == null)
@@ -194,12 +193,12 @@ public class GenPendingTemplateFiller implements ICMSTemplateFiller {
                 try {
                     X509CertImpl cert = new X509CertImpl(x509cert.getEncoded());
                     ByteArrayInputStream issuer1 = new
-                        ByteArrayInputStream(((X500Name) cert.getIssuerDN()).getEncoded());
+                            ByteArrayInputStream(((X500Name) cert.getIssuerDN()).getEncoded());
                     Name issuer = (Name) Name.getTemplate().decode(issuer1);
                     IssuerAndSerialNumber ias = new
-                        IssuerAndSerialNumber(issuer, new INTEGER(cert.getSerialNumber().toString()));
+                            IssuerAndSerialNumber(issuer, new INTEGER(cert.getSerialNumber().toString()));
                     SignerIdentifier si = new
-                        SignerIdentifier(SignerIdentifier.ISSUER_AND_SERIALNUMBER, ias, null);
+                            SignerIdentifier(SignerIdentifier.ISSUER_AND_SERIALNUMBER, ias, null);
 
                     // SHA1 is the default digest Alg for now.
                     DigestAlgorithm digestAlg = null;
@@ -207,14 +206,14 @@ public class GenPendingTemplateFiller implements ICMSTemplateFiller {
                     org.mozilla.jss.crypto.PrivateKey privKey = CryptoManager.getInstance().findPrivKeyByCert(x509cert);
                     org.mozilla.jss.crypto.PrivateKey.Type keyType = privKey.getType();
 
-                    if( keyType.equals(org.mozilla.jss.crypto.PrivateKey.RSA ) ) {
+                    if (keyType.equals(org.mozilla.jss.crypto.PrivateKey.RSA)) {
                         signAlg = SignatureAlgorithm.RSASignatureWithSHA1Digest;
-                    } else if( keyType.equals(org.mozilla.jss.crypto.PrivateKey.DSA ) ) {
+                    } else if (keyType.equals(org.mozilla.jss.crypto.PrivateKey.DSA)) {
                         signAlg = SignatureAlgorithm.DSASignatureWithSHA1Digest;
                     } else {
-                        CMS.debug( "GenPendingTemplateFiller::getTemplateParams() - "
+                        CMS.debug("GenPendingTemplateFiller::getTemplateParams() - "
                                  + "keyType " + keyType.toString()
-                                 + " is unsupported!" );
+                                 + " is unsupported!");
                         return null;
                     }
 
@@ -224,41 +223,41 @@ public class GenPendingTemplateFiller implements ICMSTemplateFiller {
                     try {
                         SHADigest = MessageDigest.getInstance("SHA1");
                         digestAlg = DigestAlgorithm.SHA1;
-					
+
                         ByteArrayOutputStream ostream = new ByteArrayOutputStream();
 
                         rb.encode((OutputStream) ostream);
                         digest = SHADigest.digest(ostream.toByteArray());
                     } catch (NoSuchAlgorithmException ex) {
-                        //log("digest fail");
+                        // log("digest fail");
                     }
 
                     SignerInfo signInfo = new
-                        SignerInfo(si, null, null,
-                            OBJECT_IDENTIFIER.id_cct_PKIResponse,
-                            digest, signAlg,
-                            privKey);
+                            SignerInfo(si, null, null,
+                                    OBJECT_IDENTIFIER.id_cct_PKIResponse,
+                                    digest, signAlg,
+                                    privKey);
                     SET signInfos = new SET();
 
                     signInfos.addElement(signInfo);
-					
+
                     SET digestAlgs = new SET();
 
                     if (digestAlg != null) {
                         AlgorithmIdentifier ai = new
-                            AlgorithmIdentifier(digestAlg.toOID(),
-                                null);
+                                AlgorithmIdentifier(digestAlg.toOID(),
+                                        null);
 
                         digestAlgs.addElement(ai);
                     }
-					
+
                     SignedData fResponse = new
-                        SignedData(digestAlgs, ci,
-                            null, null, signInfos);
+                            SignedData(digestAlgs, ci,
+                                    null, null, signInfos);
                     ContentInfo fullResponse = new
-                        ContentInfo(ContentInfo.SIGNED_DATA, fResponse);
+                            ContentInfo(ContentInfo.SIGNED_DATA, fResponse);
                     ByteArrayOutputStream ostream = new
-                        ByteArrayOutputStream();
+                            ByteArrayOutputStream();
 
                     fullResponse.encode((OutputStream) ostream);
                     byte[] fr = ostream.toByteArray();
@@ -270,9 +269,9 @@ public class GenPendingTemplateFiller implements ICMSTemplateFiller {
             }
         }
         // this authority
-        if (authority != null) 
-            fixed.set(ICMSTemplateFiller.AUTHORITY, 
-                authority.getOfficialName());
+        if (authority != null)
+            fixed.set(ICMSTemplateFiller.AUTHORITY,
+                    authority.getOfficialName());
         return params;
     }
 
@@ -286,4 +285,3 @@ public class GenPendingTemplateFiller implements ICMSTemplateFiller {
             return false;
     }
 }
-
diff --git a/pki/base/common/src/com/netscape/cms/servlet/common/GenRejectedTemplateFiller.java b/pki/base/common/src/com/netscape/cms/servlet/common/GenRejectedTemplateFiller.java
index 798b7f0d..d1396b79 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/common/GenRejectedTemplateFiller.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/common/GenRejectedTemplateFiller.java
@@ -16,7 +16,6 @@
 // All rights reserved.
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.servlet.common;
- 
 
 import java.util.Enumeration;
 import java.util.Locale;
@@ -27,10 +26,9 @@ import com.netscape.certsrv.authority.IAuthority;
 import com.netscape.certsrv.base.IArgBlock;
 import com.netscape.certsrv.request.IRequest;
 
-
 /**
- * default Service Pending template filler 
- *
+ * default Service Pending template filler
+ * 
  * @version $Revision$, $Date$
  */
 public class GenRejectedTemplateFiller implements ICMSTemplateFiller {
@@ -46,7 +44,7 @@ public class GenRejectedTemplateFiller implements ICMSTemplateFiller {
      * @param e unexpected exception e. ignored.
      */
     public CMSTemplateParams getTemplateParams(
-        CMSRequest cmsReq, IAuthority authority, Locale locale, Exception e) {
+            CMSRequest cmsReq, IAuthority authority, Locale locale, Exception e) {
         IArgBlock fixed = CMS.createArgBlock();
         CMSTemplateParams params = new CMSTemplateParams(null, fixed);
 
@@ -54,15 +52,15 @@ public class GenRejectedTemplateFiller implements ICMSTemplateFiller {
         if (cmsReq != null) {
             Integer sts = cmsReq.getStatus();
 
-            if (sts != null) 
+            if (sts != null)
                 fixed.set(ICMSTemplateFiller.REQUEST_STATUS, sts.toString());
         } else {
-            CMS.debug( "GenRejectedTemplateFiller::getTemplateParams() - " +
-                       "cmsReq is null!" );
+            CMS.debug("GenRejectedTemplateFiller::getTemplateParams() - " +
+                       "cmsReq is null!");
             return null;
         }
 
-        // request id 
+        // request id
         IRequest req = cmsReq.getIRequest();
 
         if (req != null) {
@@ -76,7 +74,7 @@ public class GenRejectedTemplateFiller implements ICMSTemplateFiller {
 
                 while (msgs.hasMoreElements()) {
                     String ex = (String) msgs.nextElement();
-                    IArgBlock messageArgBlock = CMS.createArgBlock(); 
+                    IArgBlock messageArgBlock = CMS.createArgBlock();
 
                     messageArgBlock.set(POLICY_MESSAGE, ex);
                     params.addRepeatRecord(messageArgBlock);
@@ -86,10 +84,9 @@ public class GenRejectedTemplateFiller implements ICMSTemplateFiller {
 
         // this authority
 
-        if (authority != null) 
-            fixed.set(ICMSTemplateFiller.AUTHORITY, 
-                authority.getOfficialName());
+        if (authority != null)
+            fixed.set(ICMSTemplateFiller.AUTHORITY,
+                    authority.getOfficialName());
         return params;
     }
 }
-
diff --git a/pki/base/common/src/com/netscape/cms/servlet/common/GenSuccessTemplateFiller.java b/pki/base/common/src/com/netscape/cms/servlet/common/GenSuccessTemplateFiller.java
index ff3d4f8c..67cad94f 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/common/GenSuccessTemplateFiller.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/common/GenSuccessTemplateFiller.java
@@ -16,7 +16,6 @@
 // All rights reserved.
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.servlet.common;
- 
 
 import java.util.Locale;
 
@@ -24,10 +23,9 @@ import com.netscape.certsrv.apps.CMS;
 import com.netscape.certsrv.authority.IAuthority;
 import com.netscape.certsrv.base.IArgBlock;
 
-
 /**
- * default Success template filler 
- *
+ * default Success template filler
+ * 
  * @version $Revision$, $Date$
  */
 public class GenSuccessTemplateFiller implements ICMSTemplateFiller {
@@ -36,14 +34,15 @@ public class GenSuccessTemplateFiller implements ICMSTemplateFiller {
     }
 
     /**
-     * fill error details and description if any. 
+     * fill error details and description if any.
+     * 
      * @param cmsReq CMS Request
      * @param authority this authority
      * @param locale locale of template.
      * @param e unexpected exception e. ignored.
      */
     public CMSTemplateParams getTemplateParams(
-        CMSRequest cmsReq, IAuthority authority, Locale locale, Exception e) {
+            CMSRequest cmsReq, IAuthority authority, Locale locale, Exception e) {
         IArgBlock fixed = CMS.createArgBlock();
         CMSTemplateParams params = new CMSTemplateParams(null, fixed);
 
@@ -51,15 +50,14 @@ public class GenSuccessTemplateFiller implements ICMSTemplateFiller {
         if (cmsReq != null) {
             Integer sts = cmsReq.getStatus();
 
-            if (sts != null) 
+            if (sts != null)
                 fixed.set(ICMSTemplateFiller.REQUEST_STATUS, sts.toString());
         }
 
-        // this authority 
-        if (authority != null) 
-            fixed.set(ICMSTemplateFiller.AUTHORITY, 
-                authority.getOfficialName());
+        // this authority
+        if (authority != null)
+            fixed.set(ICMSTemplateFiller.AUTHORITY,
+                    authority.getOfficialName());
         return params;
     }
 }
-
diff --git a/pki/base/common/src/com/netscape/cms/servlet/common/GenSvcPendingTemplateFiller.java b/pki/base/common/src/com/netscape/cms/servlet/common/GenSvcPendingTemplateFiller.java
index d08b83a8..ec1b9777 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/common/GenSvcPendingTemplateFiller.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/common/GenSvcPendingTemplateFiller.java
@@ -16,7 +16,6 @@
 // All rights reserved.
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.servlet.common;
- 
 
 import java.util.Locale;
 
@@ -25,10 +24,9 @@ import com.netscape.certsrv.authority.IAuthority;
 import com.netscape.certsrv.base.IArgBlock;
 import com.netscape.certsrv.request.IRequest;
 
-
 /**
- * default Service Pending template filler 
- *
+ * default Service Pending template filler
+ * 
  * @version $Revision$, $Date$
  */
 public class GenSvcPendingTemplateFiller implements ICMSTemplateFiller {
@@ -38,14 +36,15 @@ public class GenSvcPendingTemplateFiller implements ICMSTemplateFiller {
     }
 
     /**
-     * fill error details and description if any. 
+     * fill error details and description if any.
+     * 
      * @param cmsReq CMS Request
      * @param authority this authority
      * @param locale locale of template.
      * @param e unexpected exception e. ignored.
      */
     public CMSTemplateParams getTemplateParams(
-        CMSRequest cmsReq, IAuthority authority, Locale locale, Exception e) {
+            CMSRequest cmsReq, IAuthority authority, Locale locale, Exception e) {
         IArgBlock fixed = CMS.createArgBlock();
         CMSTemplateParams params = new CMSTemplateParams(null, fixed);
 
@@ -72,10 +71,9 @@ public class GenSvcPendingTemplateFiller implements ICMSTemplateFiller {
         }
 
         // this authority
-        if (authority != null) 
-            fixed.set(ICMSTemplateFiller.AUTHORITY, 
-                authority.getOfficialName());
+        if (authority != null)
+            fixed.set(ICMSTemplateFiller.AUTHORITY,
+                    authority.getOfficialName());
         return params;
     }
 }
-
diff --git a/pki/base/common/src/com/netscape/cms/servlet/common/GenUnauthorizedTemplateFiller.java b/pki/base/common/src/com/netscape/cms/servlet/common/GenUnauthorizedTemplateFiller.java
index befacf83..567b01d0 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/common/GenUnauthorizedTemplateFiller.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/common/GenUnauthorizedTemplateFiller.java
@@ -16,7 +16,6 @@
 // All rights reserved.
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.servlet.common;
- 
 
 import java.util.Locale;
 
@@ -24,10 +23,9 @@ import com.netscape.certsrv.apps.CMS;
 import com.netscape.certsrv.authority.IAuthority;
 import com.netscape.certsrv.base.IArgBlock;
 
-
 /**
- * default Unauthorized template filler 
- *
+ * default Unauthorized template filler
+ * 
  * @version $Revision$, $Date$
  */
 public class GenUnauthorizedTemplateFiller implements ICMSTemplateFiller {
@@ -36,14 +34,15 @@ public class GenUnauthorizedTemplateFiller implements ICMSTemplateFiller {
     }
 
     /**
-     * fill error details and description if any. 
+     * fill error details and description if any.
+     * 
      * @param cmsReq CMS Request
      * @param authority this authority
      * @param locale locale of template.
      * @param e unexpected exception e. ignored.
      */
     public CMSTemplateParams getTemplateParams(
-        CMSRequest cmsReq, IAuthority authority, Locale locale, Exception e) {
+            CMSRequest cmsReq, IAuthority authority, Locale locale, Exception e) {
         IArgBlock fixed = CMS.createArgBlock();
         CMSTemplateParams params = new CMSTemplateParams(null, fixed);
 
@@ -51,19 +50,18 @@ public class GenUnauthorizedTemplateFiller implements ICMSTemplateFiller {
         if (cmsReq != null) {
             Integer sts = cmsReq.getStatus();
 
-            if (sts != null) 
+            if (sts != null)
                 fixed.set(ICMSTemplateFiller.REQUEST_STATUS, sts.toString());
         }
 
         // set unauthorized error
-        fixed.set(ICMSTemplateFiller.ERROR, 
-            new ECMSGWException(CMS.getLogMessage("CMSGW_UNAUTHORIZED")));
+        fixed.set(ICMSTemplateFiller.ERROR,
+                new ECMSGWException(CMS.getLogMessage("CMSGW_UNAUTHORIZED")));
 
-        // this authority 
-        if (authority != null) 
-            fixed.set(ICMSTemplateFiller.AUTHORITY, 
-                authority.getOfficialName());
+        // this authority
+        if (authority != null)
+            fixed.set(ICMSTemplateFiller.AUTHORITY,
+                    authority.getOfficialName());
         return params;
     }
 }
-
diff --git a/pki/base/common/src/com/netscape/cms/servlet/common/GenUnexpectedErrorTemplateFiller.java b/pki/base/common/src/com/netscape/cms/servlet/common/GenUnexpectedErrorTemplateFiller.java
index 1ae6ee45..757440b1 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/common/GenUnexpectedErrorTemplateFiller.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/common/GenUnexpectedErrorTemplateFiller.java
@@ -16,7 +16,6 @@
 // All rights reserved.
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.servlet.common;
- 
 
 import java.util.Locale;
 
@@ -25,10 +24,9 @@ import com.netscape.certsrv.authority.IAuthority;
 import com.netscape.certsrv.base.EBaseException;
 import com.netscape.certsrv.base.IArgBlock;
 
-
 /**
- * default unexpected error template filler 
- *
+ * default unexpected error template filler
+ * 
  * @version $Revision$, $Date$
  */
 public class GenUnexpectedErrorTemplateFiller implements ICMSTemplateFiller {
@@ -37,41 +35,42 @@ public class GenUnexpectedErrorTemplateFiller implements ICMSTemplateFiller {
     }
 
     /**
-     * fill error details and description if any. 
+     * fill error details and description if any.
+     * 
      * @param cmsReq CMS Request
      * @param authority this authority
      * @param locale locale of template.
      * @param e unexpected exception e. ignored.
      */
     public CMSTemplateParams getTemplateParams(
-        CMSRequest cmsReq, IAuthority authority, Locale locale, Exception e) {
+            CMSRequest cmsReq, IAuthority authority, Locale locale, Exception e) {
         IArgBlock fixed = CMS.createArgBlock();
         CMSTemplateParams params = new CMSTemplateParams(null, fixed);
-		
+
         // When an exception occurs the exit is non-local which probably
         // will leave the requestStatus value set to something other
-        // than CMSRequest.EXCEPTION, so force the requestStatus to 
-        // EXCEPTION since it must be that if we're here. 
+        // than CMSRequest.EXCEPTION, so force the requestStatus to
+        // EXCEPTION since it must be that if we're here.
         Integer sts = CMSRequest.EXCEPTION;
-        if (cmsReq != null) cmsReq.setStatus(sts);
+        if (cmsReq != null)
+            cmsReq.setStatus(sts);
         fixed.set(ICMSTemplateFiller.REQUEST_STATUS, sts.toString());
 
         // the unexpected error (exception)
-        if (e == null) 
+        if (e == null)
             e = new EBaseException(CMS.getLogMessage("BASE_UNKNOWN_ERROR"));
         String errMsg = null;
 
-        if (e instanceof EBaseException) 
+        if (e instanceof EBaseException)
             errMsg = ((EBaseException) e).toString(locale);
-        else 
+        else
             errMsg = e.toString();
         fixed.set(ICMSTemplateFiller.EXCEPTION, errMsg);
 
         // this authority
-        if (authority != null) 
-            fixed.set(ICMSTemplateFiller.AUTHORITY, 
-                authority.getOfficialName());
+        if (authority != null)
+            fixed.set(ICMSTemplateFiller.AUTHORITY,
+                    authority.getOfficialName());
         return params;
     }
 }
-
diff --git a/pki/base/common/src/com/netscape/cms/servlet/common/ICMSTemplateFiller.java b/pki/base/common/src/com/netscape/cms/servlet/common/ICMSTemplateFiller.java
index ddd6f0a1..b8c84e7d 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/common/ICMSTemplateFiller.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/common/ICMSTemplateFiller.java
@@ -17,35 +17,33 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.servlet.common;
 
-
 import java.util.Locale;
 
 import com.netscape.certsrv.authority.IAuthority;
 
-
 /**
  * This interface represents a template filler.
- *
+ * 
  * @version $Revision$, $Date$
  */
 public interface ICMSTemplateFiller {
-    // common template variables. 
+    // common template variables.
     public final static String ERROR = "errorDetails";
     public final static String ERROR_DESCR = "errorDescription";
     public final static String EXCEPTION = "unexpectedError";
 
-    public static final String HOST = "host"; 
-    public static final String PORT = "port"; 
-    public static final String SCHEME = "scheme"; 
+    public static final String HOST = "host";
+    public static final String PORT = "port";
+    public static final String SCHEME = "scheme";
 
-    public static final String AUTHORITY = "authorityName"; 
+    public static final String AUTHORITY = "authorityName";
 
-    public static final String REQUEST_STATUS = "requestStatus"; 
+    public static final String REQUEST_STATUS = "requestStatus";
 
-    public static final String KEYREC_ID = "keyrecId"; 
-    public static final String REQUEST_ID = "requestId"; 
+    public static final String KEYREC_ID = "keyrecId";
+    public static final String REQUEST_ID = "requestId";
 
     public CMSTemplateParams getTemplateParams(
-        CMSRequest cmsReq, IAuthority mAuthority, Locale locale, Exception e)
-        throws Exception;
+            CMSRequest cmsReq, IAuthority mAuthority, Locale locale, Exception e)
+            throws Exception;
 }
diff --git a/pki/base/common/src/com/netscape/cms/servlet/common/IRawJS.java b/pki/base/common/src/com/netscape/cms/servlet/common/IRawJS.java
index 27ea5ec1..827f24f1 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/common/IRawJS.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/common/IRawJS.java
@@ -17,10 +17,9 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.servlet.common;
 
-
 /**
  * This represents raw JS parameters.
- *
+ * 
  * @version $Revision$, $Date$
  */
 public interface IRawJS {
diff --git a/pki/base/common/src/com/netscape/cms/servlet/common/IndexTemplateFiller.java b/pki/base/common/src/com/netscape/cms/servlet/common/IndexTemplateFiller.java
index ce1a5082..23f962e5 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/common/IndexTemplateFiller.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/common/IndexTemplateFiller.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.servlet.common;
 
-
 import java.util.Locale;
 
 import com.netscape.certsrv.apps.CMS;
@@ -26,15 +25,13 @@ import com.netscape.certsrv.base.EBaseException;
 import com.netscape.certsrv.base.IArgBlock;
 import com.netscape.certsrv.base.ISubsystem;
 
-
 /**
- * A class represents a certificate server kernel. This
- * kernel contains a list of resident subsystems such
- * as logging, security, remote administration. Additional
- * subsystems can be loaded into this kernel by specifying
- * parameters in the configuration store.
+ * A class represents a certificate server kernel. This kernel contains a list
+ * of resident subsystems such as logging, security, remote administration.
+ * Additional subsystems can be loaded into this kernel by specifying parameters
+ * in the configuration store.
  * <P>
- *
+ * 
  * @version $Revision$, $Date$
  */
 public class IndexTemplateFiller implements ICMSTemplateFiller {
@@ -53,7 +50,7 @@ public class IndexTemplateFiller implements ICMSTemplateFiller {
     }
 
     public CMSTemplateParams getTemplateParams(
-        CMSRequest cmsReq, IAuthority mAuthority, Locale locale, Exception e) {
+            CMSRequest cmsReq, IAuthority mAuthority, Locale locale, Exception e) {
         IArgBlock header = CMS.createArgBlock();
         IArgBlock ctx = CMS.createArgBlock();
         CMSTemplateParams params = new CMSTemplateParams(header, ctx);
@@ -103,11 +100,11 @@ public class IndexTemplateFiller implements ICMSTemplateFiller {
             count++;
         }
         // information about what is selected is provided
-        // from the caller. This parameter (selected) is used 
+        // from the caller. This parameter (selected) is used
         // by header servlet
         try {
-            header.addStringValue("selected", 
-                cmsReq.getHttpParams().getValueAsString("selected"));
+            header.addStringValue("selected",
+                    cmsReq.getHttpParams().getValueAsString("selected"));
         } catch (EBaseException ex) {
         }
         header.addIntegerValue(OUT_TOTAL_COUNT, count);
diff --git a/pki/base/common/src/com/netscape/cms/servlet/common/RawJS.java b/pki/base/common/src/com/netscape/cms/servlet/common/RawJS.java
index fb31fec1..f936e075 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/common/RawJS.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/common/RawJS.java
@@ -17,10 +17,9 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.servlet.common;
 
-
 /**
  * This represents raw JS parameters.
- *
+ * 
  * @version $Revision$, $Date$
  */
 public class RawJS implements IRawJS {
diff --git a/pki/base/common/src/com/netscape/cms/servlet/common/Utils.java b/pki/base/common/src/com/netscape/cms/servlet/common/Utils.java
index 580909cb..9c728c03 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/common/Utils.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/common/Utils.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.servlet.common;
 
-
 import java.util.StringTokenizer;
 
 import javax.servlet.ServletConfig;
@@ -28,10 +27,9 @@ import com.netscape.certsrv.authorization.IAuthzSubsystem;
 import com.netscape.certsrv.base.EBaseException;
 import com.netscape.certsrv.base.IConfigStore;
 
-
 /**
  * Utility class
- *
+ * 
  * @version $Revision$, $Date$
  */
 public class Utils {
@@ -45,13 +43,13 @@ public class Utils {
     public final static String AUTHZ_MGR_BASIC = "BasicAclAuthz";
     public final static String AUTHZ_MGR_LDAP = "DirAclAuthz";
 
-    public static String initializeAuthz(ServletConfig sc, 
-        IAuthzSubsystem authz, String id) throws ServletException {
+    public static String initializeAuthz(ServletConfig sc,
+            IAuthzSubsystem authz, String id) throws ServletException {
         String srcType = AUTHZ_SRC_LDAP;
 
         try {
             IConfigStore authzConfig =
-                CMS.getConfigStore().getSubStore(AUTHZ_CONFIG_STORE);
+                    CMS.getConfigStore().getSubStore(AUTHZ_CONFIG_STORE);
 
             srcType = authzConfig.getString(AUTHZ_SRC_TYPE, AUTHZ_SRC_LDAP);
         } catch (EBaseException e) {
@@ -64,7 +62,7 @@ public class Utils {
             CMS.debug(CMS.getLogMessage("ADMIN_SRVLT_AUTHZ_INITED", ""));
             aclMethod = sc.getInitParameter(PROP_AUTHZ_MGR);
             if (aclMethod != null &&
-                aclMethod.equalsIgnoreCase(AUTHZ_MGR_BASIC)) {
+                    aclMethod.equalsIgnoreCase(AUTHZ_MGR_BASIC)) {
                 String aclInfo = sc.getInitParameter(PROP_ACL);
 
                 if (aclInfo != null) {
@@ -95,7 +93,7 @@ public class Utils {
     }
 
     public static void addACLInfo(IAuthzSubsystem authz, String aclMethod,
-        String aclInfo) throws EBaseException {
+            String aclInfo) throws EBaseException {
 
         StringTokenizer tokenizer = new StringTokenizer(aclInfo, "#");
 
diff --git a/pki/base/common/src/com/netscape/cms/servlet/connector/CloneServlet.java b/pki/base/common/src/com/netscape/cms/servlet/connector/CloneServlet.java
index b3809579..439b201a 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/connector/CloneServlet.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/connector/CloneServlet.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.servlet.connector;
 
-
 import java.io.BufferedReader;
 import java.io.IOException;
 import java.io.InputStream;
@@ -58,12 +57,10 @@ import com.netscape.certsrv.request.RequestStatus;
 import com.netscape.cms.servlet.base.CMSServlet;
 import com.netscape.cms.servlet.common.CMSRequest;
 
-
 /**
- * Clone servlet - part of the Clone Authority (CLA)
- * processes Revoked certs from its dependant clone CAs
- * service request and return status. 
- *
+ * Clone servlet - part of the Clone Authority (CLA) processes Revoked certs
+ * from its dependant clone CAs service request and return status.
+ * 
  * @version $Revision$, $Date$
  */
 public class CloneServlet extends CMSServlet {
@@ -94,8 +91,8 @@ public class CloneServlet extends CMSServlet {
         mAuthSubsystem = (IAuthSubsystem) CMS.getSubsystem(CMS.SUBSYSTEM_AUTH);
     }
 
-    public void service(HttpServletRequest req, 
-        HttpServletResponse resp) throws ServletException, IOException {
+    public void service(HttpServletRequest req,
+            HttpServletResponse resp) throws ServletException, IOException {
         boolean running_state = CMS.isInRunningState();
 
         if (!running_state)
@@ -130,14 +127,14 @@ public class CloneServlet extends CMSServlet {
         IRequest r = null;
         IRequest reply = null;
 
-        // NOTE must read all bufer before redoing handshake for 
+        // NOTE must read all bufer before redoing handshake for
         // ssl client auth for client auth to work.
 
         // get request method
-        method = req.getMethod(); 
+        method = req.getMethod();
 
         // get content length
-        len = req.getContentLength(); 
+        len = req.getContentLength();
 
         // get content, a base 64 encoded serialized request.
         if (len > 0) {
@@ -159,16 +156,16 @@ public class CloneServlet extends CMSServlet {
 
         // force client auth handshake, validate clone CA (CCA)
         // and get CCA's Id.
-        // NOTE must do this after all contents are read for ssl 
-        // redohandshake to work 
+        // NOTE must do this after all contents are read for ssl
+        // redohandshake to work
 
         X509Certificate peerCert;
 
         try {
             peerCert = getPeerCert(req);
-        }catch (EBaseException e) {
-            mAuthority.log(ILogger.LL_SECURITY, 
-                CMS.getLogMessage("CMSGW_HAS_NO_CLIENT_CERT"));
+        } catch (EBaseException e) {
+            mAuthority.log(ILogger.LL_SECURITY,
+                    CMS.getLogMessage("CMSGW_HAS_NO_CLIENT_CERT"));
             resp.sendError(HttpServletResponse.SC_UNAUTHORIZED);
             return;
         }
@@ -190,7 +187,7 @@ public class CloneServlet extends CMSServlet {
             CMS.debug("CloneServlet: about to authenticate");
             token = authenticate(peerCert);
             // cfu maybe don't need CCA_Id, because the above check
-            //			was good enough
+            // was good enough
             CCAUserId = token.getInString("userid");
             CCA_Id = (String) peerCert.getSubjectDN().toString();
         } catch (EInvalidCredentials e) {
@@ -203,8 +200,8 @@ public class CloneServlet extends CMSServlet {
             return;
         }
 
-        mAuthority.log(ILogger.LL_INFO, 
-            "Clone Certificate Authority authenticated: " + peerCert.getSubjectDN());
+        mAuthority.log(ILogger.LL_INFO,
+                "Clone Certificate Authority authenticated: " + peerCert.getSubjectDN());
 
         // authorize, any authenticated user are authorized
         AuthzToken authzToken = null;
@@ -232,29 +229,29 @@ public class CloneServlet extends CMSServlet {
         }
 
         // now process CCA request - should just be posting revoked
-        //		certs for now
+        // certs for now
 
         try {
             // decode request.
             CMS.debug("Cloneservlet: before decoding request, encodedreq= " + encodedreq);
             msg = (IPKIMessage) mReqEncoder.decode(encodedreq);
-            // process request 
+            // process request
             CMS.debug("Cloneservlet: decoded request");
             replymsg = processRequest(CCA_Id, CCAUserId, msg, token);
         } catch (IOException e) {
             e.printStackTrace();
-            mAuthority.log(ILogger.LL_FAILURE, 
-                CMS.getLogMessage("CMSGW_IO_ERROR_REMOTE_REQUEST", e.toString()));
+            mAuthority.log(ILogger.LL_FAILURE,
+                    CMS.getLogMessage("CMSGW_IO_ERROR_REMOTE_REQUEST", e.toString()));
             resp.sendError(HttpServletResponse.SC_BAD_REQUEST);
             return;
         } catch (EBaseException e) {
-            mAuthority.log(ILogger.LL_FAILURE, 
-                CMS.getLogMessage("CMSGW_IO_ERROR_REMOTE_REQUEST", e.toString()));
+            mAuthority.log(ILogger.LL_FAILURE,
+                    CMS.getLogMessage("CMSGW_IO_ERROR_REMOTE_REQUEST", e.toString()));
             resp.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
             return;
         }
 
-        // encode reply 
+        // encode reply
         String encodedrep = mReqEncoder.encode(replymsg);
 
         resp.setStatus(HttpServletResponse.SC_OK);
@@ -271,46 +268,46 @@ public class CloneServlet extends CMSServlet {
         out.flush();
     }
 
-    //cfu ++change this to just check the subject and signer
+    // cfu ++change this to just check the subject and signer
     protected IAuthToken authenticate(
-        X509Certificate peerCert)
-        throws EBaseException {
+            X509Certificate peerCert)
+            throws EBaseException {
         try {
-            // XXX using agent authentication now since we're only 
-            // verifying that the cert belongs to a user in the db. 
-            // XXX change this to ACL in the future. 
+            // XXX using agent authentication now since we're only
+            // verifying that the cert belongs to a user in the db.
+            // XXX change this to ACL in the future.
 
             // build JAVA X509Certificate from peerCert.
             X509CertImpl cert = new X509CertImpl(peerCert.getEncoded());
 
             AuthCredentials creds = new AuthCredentials();
 
-            creds.set(IAuthManager.CRED_SSL_CLIENT_CERT, 
-                new X509Certificate[] {cert}
-            );
+            creds.set(IAuthManager.CRED_SSL_CLIENT_CERT,
+                    new X509Certificate[] { cert }
+                    );
 
-            IAuthToken token = mAuthSubsystem.authenticate(creds, 
+            IAuthToken token = mAuthSubsystem.authenticate(creds,
                     IAuthSubsystem.CERTUSERDB_AUTHMGR_ID);
 
             return token;
         } catch (CertificateException e) {
-            mAuthority.log(ILogger.LL_SECURITY, 
-                CMS.getLogMessage("CMSGW_REMOTE_AUTHORITY_AUTH_FAILURE", peerCert.getSubjectDN().toString()));
+            mAuthority.log(ILogger.LL_SECURITY,
+                    CMS.getLogMessage("CMSGW_REMOTE_AUTHORITY_AUTH_FAILURE", peerCert.getSubjectDN().toString()));
             throw new EBaseException(CMS.getUserMessage("CMS_BASE_INTERNAL_ERROR", e.toString()));
         } catch (EInvalidCredentials e) {
-            mAuthority.log(ILogger.LL_SECURITY, 
-                CMS.getLogMessage("CMSGW_REMOTE_AUTHORITY_AUTH_FAILURE", peerCert.getSubjectDN().toString()));
+            mAuthority.log(ILogger.LL_SECURITY,
+                    CMS.getLogMessage("CMSGW_REMOTE_AUTHORITY_AUTH_FAILURE", peerCert.getSubjectDN().toString()));
             throw e;
         } catch (EBaseException e) {
-            mAuthority.log(ILogger.LL_FAILURE, 
-                CMS.getLogMessage("CMSGW_REMOTE_AUTHORITY_AUTH_FAILURE", peerCert.getSubjectDN().toString()));
+            mAuthority.log(ILogger.LL_FAILURE,
+                    CMS.getLogMessage("CMSGW_REMOTE_AUTHORITY_AUTH_FAILURE", peerCert.getSubjectDN().toString()));
             throw e;
         }
     }
 
     protected IPKIMessage processRequest(
-        String source, String sourceUserId, IPKIMessage msg, IAuthToken token) 
-        throws EBaseException {
+            String source, String sourceUserId, IPKIMessage msg, IAuthToken token)
+            throws EBaseException {
         IPKIMessage replymsg = null;
         IRequest r = null;
         IRequestQueue queue = mAuthority.getRequestQueue();
@@ -331,8 +328,8 @@ public class CloneServlet extends CMSServlet {
                 mAuthority.log(ILogger.LL_FAILURE, errormsg);
                 throw new EBaseException(errormsg);
             } else {
-                mAuthority.log(ILogger.LL_INFO, 
-                    "Found request " + thisreqid + " for " + srcid);
+                mAuthority.log(ILogger.LL_INFO,
+                        "Found request " + thisreqid + " for " + srcid);
                 replymsg = CMS.getHttpPKIMessage();
                 replymsg.fromRequest(thisreq);
                 return replymsg;
@@ -348,7 +345,7 @@ public class CloneServlet extends CMSServlet {
         // setting requestor type must come after copy contents. because
         // requestor is a regular attribute.
         thisreq.setExtData(IRequest.REQUESTOR_TYPE,
-            IRequest.REQUESTOR_RA);
+                IRequest.REQUESTOR_RA);
         mAuthority.log(ILogger.LL_INFO, "Processing remote request " + srcid);
 
         // Set this so that request's updateBy is recorded
@@ -362,17 +359,17 @@ public class CloneServlet extends CMSServlet {
         replymsg = CMS.getHttpPKIMessage();
         replymsg.fromRequest(thisreq);
 
-        //for audit log
+        // for audit log
         String agentID = sourceUserId;
         String initiative = AuditFormat.FROMRA + " trustedManagerID: " +
-            agentID + " remote reqID " + msg.getReqId();
+                agentID + " remote reqID " + msg.getReqId();
         String authMgr = AuditFormat.NOAUTH;
 
         if (token != null) {
-            authMgr = 
+            authMgr =
                     token.getInString(AuthToken.TOKEN_AUTHMGR_INST_NAME);
         }
-		
+
         // Get the certificate info from the request
         X509CertInfo certInfo[] = thisreq.getExtDataInCertInfoArray(IRequest.CERT_INFO);
 
@@ -380,36 +377,35 @@ public class CloneServlet extends CMSServlet {
             if (!thisreq.getRequestStatus().equals(RequestStatus.COMPLETE)) {
                 if (certInfo != null) {
                     for (int i = 0; i < certInfo.length; i++) {
-                        mLogger.log(ILogger.EV_AUDIT, 
+                        mLogger.log(ILogger.EV_AUDIT,
+                                ILogger.S_OTHER,
+                                AuditFormat.LEVEL,
+                                AuditFormat.FORMAT,
+                                new Object[] {
+                                        thisreq.getRequestType(),
+                                        thisreq.getRequestId(),
+                                        initiative,
+                                        authMgr,
+                                        thisreq.getRequestStatus(),
+                                        certInfo[i].get(X509CertInfo.SUBJECT),
+                                        "" }
+                                );
+                    }
+                } else {
+                    mLogger.log(ILogger.EV_AUDIT,
                             ILogger.S_OTHER,
                             AuditFormat.LEVEL,
-                            AuditFormat.FORMAT,
+                            AuditFormat.NODNFORMAT,
                             new Object[] {
-                                thisreq.getRequestType(),
-                                thisreq.getRequestId(),
-                                initiative,
-                                authMgr,
-                                thisreq.getRequestStatus(),
-                                certInfo[i].get(X509CertInfo.SUBJECT),
-                                ""}
-                        );
-                    }
-                } else {
-                    mLogger.log(ILogger.EV_AUDIT, 
-                        ILogger.S_OTHER,
-                        AuditFormat.LEVEL,
-                        AuditFormat.NODNFORMAT,
-                        new Object[] {
-                            thisreq.getRequestType(),
-                            thisreq.getRequestId(),
-                            initiative,
-                            authMgr,
-                            thisreq.getRequestStatus()}
-                    );
+                                    thisreq.getRequestType(),
+                                    thisreq.getRequestId(),
+                                    initiative,
+                                    authMgr,
+                                    thisreq.getRequestStatus() }
+                            );
                 }
             } else {
-                if
-                (thisreq.getRequestType().equals(IRequest.CLA_CERT4CRL_REQUEST)) {
+                if (thisreq.getRequestType().equals(IRequest.CLA_CERT4CRL_REQUEST)) {
                     Integer result = thisreq.getExtDataInInteger(IRequest.RESULT);
 
                     if (result.equals(IRequest.RES_ERROR)) {
@@ -420,155 +416,83 @@ public class CloneServlet extends CMSServlet {
                     }
                 }
 
-                /* cfu ---
-                 if (thisreq.getRequestType().equals(IRequest.ENROLLMENT_REQUEST)) {
-                 // XXX make the repeat record.
-                // Get the certificate(s) from the request
-                X509CertImpl issuedCerts[] =
-                (X509CertImpl[])thisreq.get(IRequest.ISSUED_CERTS);
-                // return potentially more than one certificates. 
-                if (issuedCerts != null) {
-                for (int i = 0; i < issuedCerts.length; i++) {
-                mLogger.log(ILogger.EV_AUDIT, 
-                ILogger.S_OTHER,
-                AuditFormat.LEVEL,
-                AuditFormat.FORMAT,
-                new Object[] {
-                thisreq.getRequestType(),
-                thisreq.getRequestId() ,
-                initiative ,
-                authMgr ,
-                "completed",
-                issuedCerts[i].getSubjectDN() ,
-                "cert issued serial number: 0x" +
-                issuedCerts[i].getSerialNumber().toString(16)}
-                );
-                }
-                } else {
-                mLogger.log(ILogger.EV_AUDIT, 
-                ILogger.S_OTHER,
-                AuditFormat.LEVEL,
-                AuditFormat.NODNFORMAT,
-                new Object[] {
-                thisreq.getRequestType(),
-                thisreq.getRequestId() ,
-                initiative ,
-                authMgr ,
-                "completed"}
-                );
-                }
-                } else if (thisreq.getRequestType().equals(IRequest.RENEWAL_REQUEST)) {
-                X509CertImpl[] certs = (X509CertImpl[])thisreq.get(IRequest.OLD_CERTS);
-                X509CertImpl old_cert = certs[0];
-                certs = (X509CertImpl[])thisreq.get(IRequest.ISSUED_CERTS);
-                X509CertImpl renewed_cert = certs[0];
-                if (old_cert != null && renewed_cert != null) {
-                mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER,
-                AuditFormat.LEVEL,
-                AuditFormat.RENEWALFORMAT,
-                new Object[] {
-                thisreq.getRequestId(), 
-                initiative ,
-                authMgr ,
-                "completed",
-                old_cert.getSubjectDN() ,
-                old_cert.getSerialNumber().toString(16) ,
-                "new serial number: 0x" +
-                renewed_cert.getSerialNumber().toString(16)}
-                );
-                } else {
-                mLogger.log(ILogger.EV_AUDIT, 
-                ILogger.S_OTHER,
-                AuditFormat.LEVEL,
-                AuditFormat.NODNFORMAT,
-                new Object[] {
-                thisreq.getRequestType(),
-                thisreq.getRequestId() ,
-                initiative ,
-                authMgr ,
-                "completed with error"}
-                );
-                }
-                } else if (thisreq.getRequestType().equals(IRequest.REVOCATION_REQUEST)) {
-                X509CertImpl[] oldCerts = (X509CertImpl[])thisreq.get(IRequest.OLD_CERTS);
-                RevokedCertImpl crlentries[] =
-                (RevokedCertImpl[])thisreq.get(IRequest.REVOKED_CERTS);
-                CRLExtensions crlExts = crlentries[0].getExtensions();
-                int reason = 0;
-                if (crlExts != null) {
-                Enumeration enum = crlExts.getElements();
-                while(enum.hasMoreElements()){
-                Extension ext = (Extension) enum.nextElement();
-                if (ext instanceof CRLReasonExtension) {
-                reason = ((CRLReasonExtension)ext).getReason().toInt
-                ();							
-                break;
-                }
-                }
-                }
-
-                int count = oldCerts.length;
-                Integer result = (Integer)thisreq.get(IRequest.RESULT);
-                if (result.equals(IRequest.RES_ERROR)) {
-                EBaseException ex = (EBaseException)thisreq.get(IRequest.ERROR);
-                EBaseException[] svcErrors = 
-                (EBaseException[])thisreq.get(IRequest.SVCERRORS);
-                if (svcErrors != null && svcErrors.length > 0) {
-                for (int i = 0; i < svcErrors.length; i++) {
-                EBaseException err = svcErrors[i];
-                if (err != null) {
-                for (int j = 0; j < count; j++) {
-                if (oldCerts[j] != null) {
-                mLogger.log(ILogger.EV_AUDIT,
-                ILogger.S_OTHER,
-                AuditFormat.LEVEL,
-                AuditFormat.DOREVOKEFORMAT,
-                new Object[] {
-                thisreq.getRequestId(), 
-                initiative ,
-                "completed with error: " +
-                err.toString() ,
-                oldCerts[j].getSubjectDN() ,
-                oldCerts[j].getSerialNumber().toString(16),
-                RevocationReason.fromInt(reason).toString()}
-                );
-                }
-                }
-                }
-                }
-                }
-                } else {
-                // the success.
-                for (int j = 0; j < count; j++) {
-                if (oldCerts[j] != null) {
-                mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER,
-                AuditFormat.LEVEL,
-                AuditFormat.DOREVOKEFORMAT,
-                new Object[] {
-                thisreq.getRequestId(), 
-                initiative ,
-                "completed" ,
-                oldCerts[j].getSubjectDN() ,
-                oldCerts[j].getSerialNumber().toString(16),
-                RevocationReason.fromInt(reason).toString()}
-                );
-                }
-                }
-                }
-                } else {
-                mLogger.log(ILogger.EV_AUDIT, 
-                ILogger.S_OTHER,
-                AuditFormat.LEVEL,
-                AuditFormat.NODNFORMAT,
-                new Object[] {
-                thisreq.getRequestType(),
-                thisreq.getRequestId() ,
-                initiative ,
-                authMgr ,
-                "completed"}
-                );
-                }
-                cfu */
+                /*
+                 * cfu --- if
+                 * (thisreq.getRequestType().equals(IRequest.ENROLLMENT_REQUEST
+                 * )) { // XXX make the repeat record. // Get the certificate(s)
+                 * from the request X509CertImpl issuedCerts[] =
+                 * (X509CertImpl[])thisreq.get(IRequest.ISSUED_CERTS); // return
+                 * potentially more than one certificates. if (issuedCerts !=
+                 * null) { for (int i = 0; i < issuedCerts.length; i++) {
+                 * mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER,
+                 * AuditFormat.LEVEL, AuditFormat.FORMAT, new Object[] {
+                 * thisreq.getRequestType(), thisreq.getRequestId() , initiative
+                 * , authMgr , "completed", issuedCerts[i].getSubjectDN() ,
+                 * "cert issued serial number: 0x" +
+                 * issuedCerts[i].getSerialNumber().toString(16)} ); } } else {
+                 * mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER,
+                 * AuditFormat.LEVEL, AuditFormat.NODNFORMAT, new Object[] {
+                 * thisreq.getRequestType(), thisreq.getRequestId() , initiative
+                 * , authMgr , "completed"} ); } } else if
+                 * (thisreq.getRequestType().equals(IRequest.RENEWAL_REQUEST)) {
+                 * X509CertImpl[] certs =
+                 * (X509CertImpl[])thisreq.get(IRequest.OLD_CERTS); X509CertImpl
+                 * old_cert = certs[0]; certs =
+                 * (X509CertImpl[])thisreq.get(IRequest.ISSUED_CERTS);
+                 * X509CertImpl renewed_cert = certs[0]; if (old_cert != null &&
+                 * renewed_cert != null) { mLogger.log(ILogger.EV_AUDIT,
+                 * ILogger.S_OTHER, AuditFormat.LEVEL,
+                 * AuditFormat.RENEWALFORMAT, new Object[] {
+                 * thisreq.getRequestId(), initiative , authMgr , "completed",
+                 * old_cert.getSubjectDN() ,
+                 * old_cert.getSerialNumber().toString(16) ,
+                 * "new serial number: 0x" +
+                 * renewed_cert.getSerialNumber().toString(16)} ); } else {
+                 * mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER,
+                 * AuditFormat.LEVEL, AuditFormat.NODNFORMAT, new Object[] {
+                 * thisreq.getRequestType(), thisreq.getRequestId() , initiative
+                 * , authMgr , "completed with error"} ); } } else if
+                 * (thisreq.getRequestType
+                 * ().equals(IRequest.REVOCATION_REQUEST)) { X509CertImpl[]
+                 * oldCerts = (X509CertImpl[])thisreq.get(IRequest.OLD_CERTS);
+                 * RevokedCertImpl crlentries[] =
+                 * (RevokedCertImpl[])thisreq.get(IRequest.REVOKED_CERTS);
+                 * CRLExtensions crlExts = crlentries[0].getExtensions(); int
+                 * reason = 0; if (crlExts != null) { Enumeration enum =
+                 * crlExts.getElements(); while(enum.hasMoreElements()){
+                 * Extension ext = (Extension) enum.nextElement(); if (ext
+                 * instanceof CRLReasonExtension) { reason =
+                 * ((CRLReasonExtension)ext).getReason().toInt (); break; } } }
+                 * 
+                 * int count = oldCerts.length; Integer result =
+                 * (Integer)thisreq.get(IRequest.RESULT); if
+                 * (result.equals(IRequest.RES_ERROR)) { EBaseException ex =
+                 * (EBaseException)thisreq.get(IRequest.ERROR); EBaseException[]
+                 * svcErrors =
+                 * (EBaseException[])thisreq.get(IRequest.SVCERRORS); if
+                 * (svcErrors != null && svcErrors.length > 0) { for (int i = 0;
+                 * i < svcErrors.length; i++) { EBaseException err =
+                 * svcErrors[i]; if (err != null) { for (int j = 0; j < count;
+                 * j++) { if (oldCerts[j] != null) {
+                 * mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER,
+                 * AuditFormat.LEVEL, AuditFormat.DOREVOKEFORMAT, new Object[] {
+                 * thisreq.getRequestId(), initiative , "completed with error: "
+                 * + err.toString() , oldCerts[j].getSubjectDN() ,
+                 * oldCerts[j].getSerialNumber().toString(16),
+                 * RevocationReason.fromInt(reason).toString()} ); } } } } } }
+                 * else { // the success. for (int j = 0; j < count; j++) { if
+                 * (oldCerts[j] != null) { mLogger.log(ILogger.EV_AUDIT,
+                 * ILogger.S_OTHER, AuditFormat.LEVEL,
+                 * AuditFormat.DOREVOKEFORMAT, new Object[] {
+                 * thisreq.getRequestId(), initiative , "completed" ,
+                 * oldCerts[j].getSubjectDN() ,
+                 * oldCerts[j].getSerialNumber().toString(16),
+                 * RevocationReason.fromInt(reason).toString()} ); } } } } else
+                 * { mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER,
+                 * AuditFormat.LEVEL, AuditFormat.NODNFORMAT, new Object[] {
+                 * thisreq.getRequestType(), thisreq.getRequestId() , initiative
+                 * , authMgr , "completed"} ); } cfu
+                 */
             }
         } catch (IOException e) {
         } catch (CertificateException e) {
@@ -578,7 +502,7 @@ public class CloneServlet extends CMSServlet {
     }
 
     protected X509Certificate
-    getPeerCert(HttpServletRequest req) throws EBaseException {
+            getPeerCert(HttpServletRequest req) throws EBaseException {
         return getSSLClientCertificate(req);
     }
 
diff --git a/pki/base/common/src/com/netscape/cms/servlet/connector/ConnectorServlet.java b/pki/base/common/src/com/netscape/cms/servlet/connector/ConnectorServlet.java
index 67956bd8..cc496bd6 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/connector/ConnectorServlet.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/connector/ConnectorServlet.java
@@ -72,12 +72,10 @@ import com.netscape.certsrv.request.RequestStatus;
 import com.netscape.cms.servlet.base.CMSServlet;
 import com.netscape.cms.servlet.common.CMSRequest;
 
-
 /**
- * Connector servlet
- * process requests from remote authority -
- * service request or return status. 
- *
+ * Connector servlet process requests from remote authority - service request or
+ * return status.
+ * 
  * @version $Revision$, $Date$
  */
 public class ConnectorServlet extends CMSServlet {
@@ -96,13 +94,13 @@ public class ConnectorServlet extends CMSServlet {
     protected ILogger mSignedAuditLogger = CMS.getSignedAuditLogger();
     private final static String SIGNED_AUDIT_PROTECTION_METHOD_SSL = "ssl";
     private final static String SIGNED_AUDIT_PROTECTION_METHOD_UNKNOWN =
-        "unknown";
+            "unknown";
     private final static String LOGGING_SIGNED_AUDIT_INTER_BOUNDARY_SUCCESS =
-        "LOGGING_SIGNED_AUDIT_INTER_BOUNDARY_SUCCESS_5";
+            "LOGGING_SIGNED_AUDIT_INTER_BOUNDARY_SUCCESS_5";
     private final static String LOGGING_SIGNED_AUDIT_PROFILE_CERT_REQUEST =
-        "LOGGING_SIGNED_AUDIT_PROFILE_CERT_REQUEST_5";
+            "LOGGING_SIGNED_AUDIT_PROFILE_CERT_REQUEST_5";
     private final static String LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED =
-        "LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED_5";
+            "LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED_5";
 
     private final static byte EOL[] = { Character.LINE_SEPARATOR };
 
@@ -118,13 +116,13 @@ public class ConnectorServlet extends CMSServlet {
             mAuthority = (IAuthority)
                     CMS.getSubsystem(authority);
         mReqEncoder = CMS.getHttpRequestEncoder();
-		
+
         mAuthSubsystem = (IAuthSubsystem) CMS.getSubsystem(CMS.SUBSYSTEM_AUTH);
     }
 
-    public void service(HttpServletRequest request, 
-        HttpServletResponse response)
-        throws ServletException, IOException {
+    public void service(HttpServletRequest request,
+            HttpServletResponse response)
+            throws ServletException, IOException {
 
         boolean running_state = CMS.isInRunningState();
 
@@ -163,14 +161,14 @@ public class ConnectorServlet extends CMSServlet {
         IRequest r = null;
         IRequest reply = null;
 
-        // NOTE must read all bufer before redoing handshake for 
+        // NOTE must read all bufer before redoing handshake for
         // ssl client auth for client auth to work.
 
         // get request method
-        method = req.getMethod(); 
+        method = req.getMethod();
 
         // get content length
-        len = request.getContentLength(); 
+        len = request.getContentLength();
 
         // get content, a base 64 encoded serialized request.
         if (len > 0) {
@@ -191,16 +189,16 @@ public class ConnectorServlet extends CMSServlet {
         }
 
         // force client auth handshake, validate RA and get RA's Id.
-        // NOTE must do this after all contents are read for ssl 
-        // redohandshake to work 
+        // NOTE must do this after all contents are read for ssl
+        // redohandshake to work
 
         X509Certificate peerCert;
 
         try {
             peerCert = getPeerCert(req);
-        }catch (EBaseException e) {
-            mAuthority.log(ILogger.LL_SECURITY, 
-                CMS.getLogMessage("CMSGW_HAS_NO_CLIENT_CERT"));
+        } catch (EBaseException e) {
+            mAuthority.log(ILogger.LL_SECURITY,
+                    CMS.getLogMessage("CMSGW_HAS_NO_CLIENT_CERT"));
             resp.sendError(HttpServletResponse.SC_UNAUTHORIZED);
             return;
         }
@@ -211,7 +209,7 @@ public class ConnectorServlet extends CMSServlet {
             return;
         }
 
-        // authenticate RA 
+        // authenticate RA
 
         String RA_Id = null;
         String raUserId = null;
@@ -231,8 +229,8 @@ public class ConnectorServlet extends CMSServlet {
             return;
         }
 
-        mAuthority.log(ILogger.LL_INFO, 
-            "Remote Authority authenticated: " + peerCert.getSubjectDN());
+        mAuthority.log(ILogger.LL_INFO,
+                "Remote Authority authenticated: " + peerCert.getSubjectDN());
 
         // authorize
         AuthzToken authzToken = null;
@@ -265,20 +263,20 @@ public class ConnectorServlet extends CMSServlet {
         try {
             // decode request.
             msg = (IPKIMessage) mReqEncoder.decode(encodedreq);
-            // process request 
+            // process request
             replymsg = processRequest(RA_Id, raUserId, msg, token);
         } catch (IOException e) {
             CMS.debug("ConnectorServlet: service " + e.toString());
             CMS.debug(e);
-            mAuthority.log(ILogger.LL_FAILURE, 
-                CMS.getLogMessage("CMSGW_IO_ERROR_REMOTE_REQUEST", e.toString()));
+            mAuthority.log(ILogger.LL_FAILURE,
+                    CMS.getLogMessage("CMSGW_IO_ERROR_REMOTE_REQUEST", e.toString()));
             resp.sendError(HttpServletResponse.SC_BAD_REQUEST);
             return;
         } catch (EBaseException e) {
             CMS.debug("ConnectorServlet: service " + e.toString());
             CMS.debug(e);
-            mAuthority.log(ILogger.LL_FAILURE, 
-                CMS.getLogMessage("CMSGW_IO_ERROR_REMOTE_REQUEST", e.toString()));
+            mAuthority.log(ILogger.LL_FAILURE,
+                    CMS.getLogMessage("CMSGW_IO_ERROR_REMOTE_REQUEST", e.toString()));
             resp.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
             return;
         } catch (Exception e) {
@@ -288,7 +286,7 @@ public class ConnectorServlet extends CMSServlet {
 
         CMS.debug("ConnectorServlet: done processRequest");
 
-        // encode reply 
+        // encode reply
         try {
             String encodedrep = mReqEncoder.encode(replymsg);
 
@@ -328,8 +326,8 @@ public class ConnectorServlet extends CMSServlet {
         try {
             info = request.getExtDataInCertInfo(IEnrollProfile.REQUEST_CERTINFO);
 
-         //   request.set(IEnrollProfile.REQUEST_SEQ_NUM, new Integer("0"));
-            CertificateX509Key certKey = (CertificateX509Key)info.get(X509CertInfo.KEY);
+            // request.set(IEnrollProfile.REQUEST_SEQ_NUM, new Integer("0"));
+            CertificateX509Key certKey = (CertificateX509Key) info.get(X509CertInfo.KEY);
             if (certKey != null) {
                 byteStream = new ByteArrayOutputStream();
                 certKey.encode(byteStream);
@@ -369,16 +367,16 @@ public class ConnectorServlet extends CMSServlet {
                         certAlgOut.toByteArray());
             }
         } catch (Exception e) {
-            CMS.debug("ConnectorServlet: profile normalization " + 
-                e.toString());
+            CMS.debug("ConnectorServlet: profile normalization " +
+                    e.toString());
         }
 
         String profileId = request.getExtDataInString("profileId");
         IProfileSubsystem ps = (IProfileSubsystem)
-            CMS.getSubsystem("profile");
+                CMS.getSubsystem("profile");
         IEnrollProfile profile = null;
 
-        // profile subsystem may not be available. In case of KRA for 
+        // profile subsystem may not be available. In case of KRA for
         // example
         if (ps == null) {
             CMS.debug("ConnectorServlet: Profile Subsystem not found ");
@@ -399,15 +397,15 @@ public class ConnectorServlet extends CMSServlet {
     /**
      * Process request
      * <P>
-     *
+     * 
      * (Certificate Request - all "agent" profile cert requests made through a
-     *  connector)
+     * connector)
      * <P>
-     *
-     * (Certificate Request Processed - all automated "agent" profile based
-     *  cert acceptance made through a connector)
+     * 
+     * (Certificate Request Processed - all automated "agent" profile based cert
+     * acceptance made through a connector)
      * <P>
-     *
+     * 
      * <ul>
      * <li>signed.audit LOGGING_SIGNED_AUDIT_PROFILE_CERT_REQUEST used when a
      * profile cert request is made (before approval process)
@@ -417,6 +415,7 @@ public class ConnectorServlet extends CMSServlet {
      * inter-CIMC_Boundary data transfer is successful (this is used when data
      * does not need to be captured)
      * </ul>
+     * 
      * @param source string containing source
      * @param sourceUserId string containing source user ID
      * @param msg PKI message
@@ -425,8 +424,8 @@ public class ConnectorServlet extends CMSServlet {
      * @return PKI message
      */
     protected IPKIMessage processRequest(
-        String source, String sourceUserId, IPKIMessage msg, IAuthToken token) 
-        throws EBaseException {
+            String source, String sourceUserId, IPKIMessage msg, IAuthToken token)
+            throws EBaseException {
         String auditMessage = null;
         String auditSubjectID = sourceUserId;
         String auditProtectionMethod = SIGNED_AUDIT_PROTECTION_METHOD_SSL;
@@ -477,12 +476,12 @@ public class ConnectorServlet extends CMSServlet {
                 if (thisreq == null) {
                     // strange case.
                     String errormsg = "Cannot find request in request queue " +
-                        thisreqid;
+                            thisreqid;
 
                     mAuthority.log(ILogger.LL_FAILURE,
-                        CMS.getLogMessage(
-                            "CMSGW_REQUEST_ID_NOT_FOUND_1",
-                            thisreqid.toString()));
+                            CMS.getLogMessage(
+                                    "CMSGW_REQUEST_ID_NOT_FOUND_1",
+                                    thisreqid.toString()));
 
                     // store a message in the signed audit log file
                     auditMessage = CMS.getLogMessage(
@@ -495,14 +494,14 @@ public class ConnectorServlet extends CMSServlet {
 
                     audit(auditMessage);
 
-                    // NOTE:  The signed audit event
-                    //        LOGGING_SIGNED_AUDIT_PROFILE_CERT_REQUEST
-                    //        does not yet matter at this point!
+                    // NOTE: The signed audit event
+                    // LOGGING_SIGNED_AUDIT_PROFILE_CERT_REQUEST
+                    // does not yet matter at this point!
 
                     throw new EBaseException(errormsg);
                 } else {
-                    mAuthority.log(ILogger.LL_INFO, 
-                        "Found request " + thisreqid + " for " + srcid);
+                    mAuthority.log(ILogger.LL_INFO,
+                            "Found request " + thisreqid + " for " + srcid);
                     replymsg = CMS.getHttpPKIMessage();
                     replymsg.fromRequest(thisreq);
 
@@ -517,9 +516,9 @@ public class ConnectorServlet extends CMSServlet {
 
                     audit(auditMessage);
 
-                    // NOTE:  The signed audit event
-                    //        LOGGING_SIGNED_AUDIT_PROFILE_CERT_REQUEST
-                    //        does not yet matter at this point!
+                    // NOTE: The signed audit event
+                    // LOGGING_SIGNED_AUDIT_PROFILE_CERT_REQUEST
+                    // does not yet matter at this point!
 
                     return replymsg;
                 }
@@ -527,77 +526,77 @@ public class ConnectorServlet extends CMSServlet {
 
             // if not found process request.
             thisreq = queue.newRequest(msg.getReqType());
-            CMS.debug("ConnectorServlet: created requestId=" + 
-                thisreq.getRequestId().toString());
+            CMS.debug("ConnectorServlet: created requestId=" +
+                    thisreq.getRequestId().toString());
             thisreq.setSourceId(srcid);
 
-            // NOTE:  For the following signed audit message, since we only
-            //        care about the "msg.toRequest( thisreq );" command, and
-            //        since this command does not throw an EBaseException
-            //        (which is the only exception designated by this method),
-            //        then this code does NOT need to be contained within its
-            //        own special try/catch block.
-            msg.toRequest( thisreq );
+            // NOTE: For the following signed audit message, since we only
+            // care about the "msg.toRequest( thisreq );" command, and
+            // since this command does not throw an EBaseException
+            // (which is the only exception designated by this method),
+            // then this code does NOT need to be contained within its
+            // own special try/catch block.
+            msg.toRequest(thisreq);
 
-            if( isProfileRequest( thisreq ) ) {
+            if (isProfileRequest(thisreq)) {
                 X509CertInfo info =
                                     thisreq.getExtDataInCertInfo(
-                                        IEnrollProfile.REQUEST_CERTINFO );
+                                            IEnrollProfile.REQUEST_CERTINFO);
 
                 try {
-                    CertificateSubjectName sn = ( CertificateSubjectName )
-                        info.get( X509CertInfo.SUBJECT );
+                    CertificateSubjectName sn = (CertificateSubjectName)
+                            info.get(X509CertInfo.SUBJECT);
 
                     // if the cert subject name is NOT MISSING, retrieve the
                     // actual "auditCertificateSubjectName" and "normalize"
                     // it
-                    if( sn != null ) {
+                    if (sn != null) {
                         subject = sn.toString();
-                        if( subject != null ) {
-                            // NOTE:  This is ok even if the cert subject
-                            //        name is "" (empty)!
+                        if (subject != null) {
+                            // NOTE: This is ok even if the cert subject
+                            // name is "" (empty)!
                             auditCertificateSubjectName = subject.trim();
                         }
                     }
 
                     // store a message in the signed audit log file
                     auditMessage = CMS.getLogMessage(
-                        LOGGING_SIGNED_AUDIT_PROFILE_CERT_REQUEST,
-                        auditSubjectID,
-                        ILogger.SUCCESS,
-                        auditRequesterID,
-                        auditProfileID(),
-                        auditCertificateSubjectName );
+                            LOGGING_SIGNED_AUDIT_PROFILE_CERT_REQUEST,
+                            auditSubjectID,
+                            ILogger.SUCCESS,
+                            auditRequesterID,
+                            auditProfileID(),
+                            auditCertificateSubjectName);
 
-                    audit( auditMessage );
-                } catch( CertificateException e ) {
-                    CMS.debug( "ConnectorServlet: processRequest "
-                             + e.toString() );
+                    audit(auditMessage);
+                } catch (CertificateException e) {
+                    CMS.debug("ConnectorServlet: processRequest "
+                             + e.toString());
 
                     // store a message in the signed audit log file
                     auditMessage = CMS.getLogMessage(
-                        LOGGING_SIGNED_AUDIT_PROFILE_CERT_REQUEST,
-                        auditSubjectID,
-                        ILogger.FAILURE,
-                        auditRequesterID,
-                        auditProfileID(),
-                        auditCertificateSubjectName );
+                            LOGGING_SIGNED_AUDIT_PROFILE_CERT_REQUEST,
+                            auditSubjectID,
+                            ILogger.FAILURE,
+                            auditRequesterID,
+                            auditProfileID(),
+                            auditCertificateSubjectName);
 
-                    audit( auditMessage );
-                } catch( IOException e ) {
-                    CMS.debug( "ConnectorServlet: processRequest "
-                             + e.toString() );
+                    audit(auditMessage);
+                } catch (IOException e) {
+                    CMS.debug("ConnectorServlet: processRequest "
+                             + e.toString());
 
                     // store a message in the signed audit log file
                     auditMessage = CMS.getLogMessage(
-                        LOGGING_SIGNED_AUDIT_PROFILE_CERT_REQUEST,
-                        auditSubjectID,
-                        ILogger.FAILURE,
-                        auditRequesterID,
-                        auditProfileID(),
-                        auditCertificateSubjectName );
+                            LOGGING_SIGNED_AUDIT_PROFILE_CERT_REQUEST,
+                            auditSubjectID,
+                            ILogger.FAILURE,
+                            auditRequesterID,
+                            auditProfileID(),
+                            auditCertificateSubjectName);
 
-                    audit( auditMessage );
+                    audit(auditMessage);
                 }
             }
 
@@ -606,9 +605,9 @@ public class ConnectorServlet extends CMSServlet {
             // setting requestor type must come after copy contents. because
             // requestor is a regular attribute.
             thisreq.setExtData(IRequest.REQUESTOR_TYPE,
-                IRequest.REQUESTOR_RA);
+                    IRequest.REQUESTOR_RA);
             mAuthority.log(ILogger.LL_INFO, "Processing remote request " +
-                srcid);
+                    srcid);
 
             // Set this so that request's updateBy is recorded
             SessionContext s = SessionContext.getContext();
@@ -622,52 +621,52 @@ public class ConnectorServlet extends CMSServlet {
             }
 
             CMS.debug("ConnectorServlet: calling processRequest instance=" +
-                thisreq);
+                    thisreq);
             if (isProfileRequest(thisreq)) {
                 normalizeProfileRequest(thisreq);
             }
 
             try {
-                queue.processRequest( thisreq );
+                queue.processRequest(thisreq);
 
-                if( isProfileRequest( thisreq ) ) {
+                if (isProfileRequest(thisreq)) {
                     // reset the "auditInfoCertValue"
-                    auditInfoCertValue = auditInfoCertValue( thisreq );
+                    auditInfoCertValue = auditInfoCertValue(thisreq);
 
-                    if( auditInfoCertValue != null ) {
-                        if( !( auditInfoCertValue.equals(
-                                   ILogger.SIGNED_AUDIT_EMPTY_VALUE ) ) ) {
+                    if (auditInfoCertValue != null) {
+                        if (!(auditInfoCertValue.equals(
+                                   ILogger.SIGNED_AUDIT_EMPTY_VALUE))) {
                             // store a message in the signed audit log file
                             auditMessage = CMS.getLogMessage(
-                                LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED,
-                                auditSubjectID,
-                                ILogger.SUCCESS,
-                                auditRequesterID,
-                                ILogger.SIGNED_AUDIT_ACCEPTANCE,
-                                auditInfoCertValue );
-
-                            audit( auditMessage );
+                                    LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED,
+                                    auditSubjectID,
+                                    ILogger.SUCCESS,
+                                    auditRequesterID,
+                                    ILogger.SIGNED_AUDIT_ACCEPTANCE,
+                                    auditInfoCertValue);
+
+                            audit(auditMessage);
                         }
                     }
                 }
-            } catch( EBaseException eAudit1 ) {
-                if( isProfileRequest( thisreq ) ) {
+            } catch (EBaseException eAudit1) {
+                if (isProfileRequest(thisreq)) {
                     // reset the "auditInfoCertValue"
-                    auditInfoCertValue = auditInfoCertValue( thisreq );
+                    auditInfoCertValue = auditInfoCertValue(thisreq);
 
-                    if( auditInfoCertValue != null ) {
-                        if( !( auditInfoCertValue.equals(
-                                   ILogger.SIGNED_AUDIT_EMPTY_VALUE ) ) ) {
+                    if (auditInfoCertValue != null) {
+                        if (!(auditInfoCertValue.equals(
+                                   ILogger.SIGNED_AUDIT_EMPTY_VALUE))) {
                             // store a message in the signed audit log file
                             auditMessage = CMS.getLogMessage(
-                                LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED,
-                                auditSubjectID,
-                                ILogger.FAILURE,
-                                auditRequesterID,
-                                ILogger.SIGNED_AUDIT_ACCEPTANCE,
-                                auditInfoCertValue );
-
-                            audit( auditMessage );
+                                    LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED,
+                                    auditSubjectID,
+                                    ILogger.FAILURE,
+                                    auditRequesterID,
+                                    ILogger.SIGNED_AUDIT_ACCEPTANCE,
+                                    auditInfoCertValue);
+
+                            audit(auditMessage);
                         }
                     }
                 }
@@ -681,23 +680,23 @@ public class ConnectorServlet extends CMSServlet {
             replymsg.fromRequest(thisreq);
 
             CMS.debug("ConnectorServlet: replymsg.reqStatus=" +
-                replymsg.getReqStatus());
+                    replymsg.getReqStatus());
 
-            //for audit log
+            // for audit log
             String agentID = sourceUserId;
             String initiative = AuditFormat.FROMRA + " trustedManagerID: " +
-                agentID + " remote reqID " + msg.getReqId();
+                    agentID + " remote reqID " + msg.getReqId();
             String authMgr = AuditFormat.NOAUTH;
 
             if (token != null) {
-                authMgr = 
+                authMgr =
                         token.getInString(AuthToken.TOKEN_AUTHMGR_INST_NAME);
             }
 
             if (isProfileRequest(thisreq)) {
                 // XXX audit log
-                CMS.debug("ConnectorServlet: done requestId=" + 
-                    thisreq.getRequestId().toString());
+                CMS.debug("ConnectorServlet: done requestId=" +
+                        thisreq.getRequestId().toString());
 
                 // store a message in the signed audit log file
                 auditMessage = CMS.getLogMessage(
@@ -710,9 +709,9 @@ public class ConnectorServlet extends CMSServlet {
 
                 audit(auditMessage);
 
-                // NOTE:  The signed audit event
-                //        LOGGING_SIGNED_AUDIT_PROFILE_CERT_REQUEST
-                //        has already been logged at this point!
+                // NOTE: The signed audit event
+                // LOGGING_SIGNED_AUDIT_PROFILE_CERT_REQUEST
+                // has already been logged at this point!
 
                 return replymsg;
             }
@@ -724,32 +723,32 @@ public class ConnectorServlet extends CMSServlet {
                 if (!thisreq.getRequestStatus().equals(RequestStatus.COMPLETE)) {
                     if (x509Info != null) {
                         for (int i = 0; i < x509Info.length; i++) {
-                            mLogger.log(ILogger.EV_AUDIT, 
+                            mLogger.log(ILogger.EV_AUDIT,
+                                    ILogger.S_OTHER,
+                                    AuditFormat.LEVEL,
+                                    AuditFormat.FORMAT,
+                                    new Object[] {
+                                            thisreq.getRequestType(),
+                                            thisreq.getRequestId(),
+                                            initiative,
+                                            authMgr,
+                                            thisreq.getRequestStatus(),
+                                            x509Info[i].get(X509CertInfo.SUBJECT),
+                                            "" }
+                                    );
+                        }
+                    } else {
+                        mLogger.log(ILogger.EV_AUDIT,
                                 ILogger.S_OTHER,
                                 AuditFormat.LEVEL,
-                                AuditFormat.FORMAT,
+                                AuditFormat.NODNFORMAT,
                                 new Object[] {
-                                    thisreq.getRequestType(),
-                                    thisreq.getRequestId(),
-                                    initiative,
-                                    authMgr,
-                                    thisreq.getRequestStatus(),
-                                    x509Info[i].get(X509CertInfo.SUBJECT),
-                                    ""}
-                            );
-                        }
-                    } else {
-                        mLogger.log(ILogger.EV_AUDIT, 
-                            ILogger.S_OTHER,
-                            AuditFormat.LEVEL,
-                            AuditFormat.NODNFORMAT,
-                            new Object[] {
-                                thisreq.getRequestType(),
-                                thisreq.getRequestId(),
-                                initiative,
-                                authMgr,
-                                thisreq.getRequestStatus()}
-                        );
+                                        thisreq.getRequestType(),
+                                        thisreq.getRequestId(),
+                                        initiative,
+                                        authMgr,
+                                        thisreq.getRequestStatus() }
+                                );
                     }
                 } else {
                     if (thisreq.getRequestType().equals(IRequest.ENROLLMENT_REQUEST)) {
@@ -761,40 +760,40 @@ public class ConnectorServlet extends CMSServlet {
                             x509Certs =
                                     thisreq.getExtDataInCertArray(IRequest.ISSUED_CERTS);
 
-                            // return potentially more than one certificates. 
+                        // return potentially more than one certificates.
                         if (x509Certs != null) {
                             for (int i = 0; i < x509Certs.length; i++) {
-                                mLogger.log(ILogger.EV_AUDIT, 
+                                mLogger.log(ILogger.EV_AUDIT,
+                                        ILogger.S_OTHER,
+                                        AuditFormat.LEVEL,
+                                        AuditFormat.FORMAT,
+                                        new Object[] {
+                                                thisreq.getRequestType(),
+                                                thisreq.getRequestId(),
+                                                initiative,
+                                                authMgr,
+                                                "completed",
+                                                x509Certs[i].getSubjectDN(),
+                                                "cert issued serial number: 0x" +
+                                                        x509Certs[i].getSerialNumber().toString(16) }
+                                        );
+                            }
+                        } else {
+                            mLogger.log(ILogger.EV_AUDIT,
                                     ILogger.S_OTHER,
                                     AuditFormat.LEVEL,
-                                    AuditFormat.FORMAT,
+                                    AuditFormat.NODNFORMAT,
                                     new Object[] {
-                                        thisreq.getRequestType(),
-                                        thisreq.getRequestId(),
-                                        initiative,
-                                        authMgr,
-                                        "completed",
-                                        x509Certs[i].getSubjectDN(),
-                                        "cert issued serial number: 0x" +
-                                        x509Certs[i].getSerialNumber().toString(16)}
-                                );
-                            }
-                        } else {
-                            mLogger.log(ILogger.EV_AUDIT, 
-                                ILogger.S_OTHER,
-                                AuditFormat.LEVEL,
-                                AuditFormat.NODNFORMAT,
-                                new Object[] {
-                                    thisreq.getRequestType(),
-                                    thisreq.getRequestId(),
-                                    initiative,
-                                    authMgr,
-                                    "completed"}
-                            );
+                                            thisreq.getRequestType(),
+                                            thisreq.getRequestId(),
+                                            initiative,
+                                            authMgr,
+                                            "completed" }
+                                    );
                         }
                     } else if (thisreq.getRequestType().equals(IRequest.RENEWAL_REQUEST)) {
                         X509CertImpl[] certs =
-                            thisreq.getExtDataInCertArray(IRequest.OLD_CERTS);
+                                thisreq.getExtDataInCertArray(IRequest.OLD_CERTS);
                         X509CertImpl old_cert = certs[0];
 
                         certs = thisreq.getExtDataInCertArray(IRequest.ISSUED_CERTS);
@@ -802,36 +801,36 @@ public class ConnectorServlet extends CMSServlet {
 
                         if (old_cert != null && renewed_cert != null) {
                             mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER,
-                                AuditFormat.LEVEL,
-                                AuditFormat.RENEWALFORMAT,
-                                new Object[] {
-                                    thisreq.getRequestId(), 
-                                    initiative,
-                                    authMgr,
-                                    "completed",
-                                    old_cert.getSubjectDN(),
-                                    old_cert.getSerialNumber().toString(16),
-                                    "new serial number: 0x" +
-                                    renewed_cert.getSerialNumber().toString(16)}
-                            );
+                                    AuditFormat.LEVEL,
+                                    AuditFormat.RENEWALFORMAT,
+                                    new Object[] {
+                                            thisreq.getRequestId(),
+                                            initiative,
+                                            authMgr,
+                                            "completed",
+                                            old_cert.getSubjectDN(),
+                                            old_cert.getSerialNumber().toString(16),
+                                            "new serial number: 0x" +
+                                                    renewed_cert.getSerialNumber().toString(16) }
+                                    );
                         } else {
-                            mLogger.log(ILogger.EV_AUDIT, 
-                                ILogger.S_OTHER,
-                                AuditFormat.LEVEL,
-                                AuditFormat.NODNFORMAT,
-                                new Object[] {
-                                    thisreq.getRequestType(),
-                                    thisreq.getRequestId(),
-                                    initiative,
-                                    authMgr,
-                                    "completed with error"}
-                            );
+                            mLogger.log(ILogger.EV_AUDIT,
+                                    ILogger.S_OTHER,
+                                    AuditFormat.LEVEL,
+                                    AuditFormat.NODNFORMAT,
+                                    new Object[] {
+                                            thisreq.getRequestType(),
+                                            thisreq.getRequestId(),
+                                            initiative,
+                                            authMgr,
+                                            "completed with error" }
+                                    );
                         }
                     } else if (thisreq.getRequestType().equals(IRequest.REVOCATION_REQUEST)) {
                         Certificate[] oldCerts =
-                            thisreq.getExtDataInCertArray(IRequest.OLD_CERTS);
+                                thisreq.getExtDataInCertArray(IRequest.OLD_CERTS);
                         RevokedCertImpl crlentries[] =
-                            thisreq.getExtDataInRevokedCertArray(IRequest.REVOKED_CERTS);
+                                thisreq.getExtDataInRevokedCertArray(IRequest.REVOKED_CERTS);
                         CRLExtensions crlExts = crlentries[0].getExtensions();
                         int reason = 0;
 
@@ -839,7 +838,7 @@ public class ConnectorServlet extends CMSServlet {
                             Enumeration<Extension> enum1 = crlExts.getElements();
 
                             while (enum1.hasMoreElements()) {
-                                Extension ext =  enum1.nextElement();
+                                Extension ext = enum1.nextElement();
 
                                 if (ext instanceof CRLReasonExtension) {
                                     reason = ((CRLReasonExtension) ext).getReason().toInt();
@@ -853,7 +852,7 @@ public class ConnectorServlet extends CMSServlet {
 
                         if (result.equals(IRequest.RES_ERROR)) {
                             String[] svcErrors =
-                                thisreq.getExtDataInStringArray(IRequest.SVCERRORS);
+                                    thisreq.getExtDataInStringArray(IRequest.SVCERRORS);
 
                             if (svcErrors != null && svcErrors.length > 0) {
                                 for (int i = 0; i < svcErrors.length; i++) {
@@ -866,18 +865,18 @@ public class ConnectorServlet extends CMSServlet {
                                                     X509CertImpl cert = (X509CertImpl) oldCerts[j];
 
                                                     mLogger.log(ILogger.EV_AUDIT,
-                                                        ILogger.S_OTHER,
-                                                        AuditFormat.LEVEL,
-                                                        AuditFormat.DOREVOKEFORMAT,
-                                                        new Object[] {
-                                                            thisreq.getRequestId(), 
-                                                            initiative,
-                                                            "completed with error: " +
-                                                            err,
-                                                            cert.getSubjectDN(),
-                                                            cert.getSerialNumber().toString(16),
-                                                            RevocationReason.fromInt(reason).toString()}
-                                                    );
+                                                            ILogger.S_OTHER,
+                                                            AuditFormat.LEVEL,
+                                                            AuditFormat.DOREVOKEFORMAT,
+                                                            new Object[] {
+                                                                    thisreq.getRequestId(),
+                                                                    initiative,
+                                                                    "completed with error: " +
+                                                                            err,
+                                                                    cert.getSubjectDN(),
+                                                                    cert.getSerialNumber().toString(16),
+                                                                    RevocationReason.fromInt(reason).toString() }
+                                                            );
                                                 }
                                             }
                                         }
@@ -892,32 +891,32 @@ public class ConnectorServlet extends CMSServlet {
                                         X509CertImpl cert = (X509CertImpl) oldCerts[j];
 
                                         mLogger.log(ILogger.EV_AUDIT, ILogger.S_OTHER,
-                                            AuditFormat.LEVEL,
-                                            AuditFormat.DOREVOKEFORMAT,
-                                            new Object[] {
-                                                thisreq.getRequestId(), 
-                                                initiative,
-                                                "completed",
-                                                cert.getSubjectDN(),
-                                                cert.getSerialNumber().toString(16),
-                                                RevocationReason.fromInt(reason).toString()}
-                                        );
+                                                AuditFormat.LEVEL,
+                                                AuditFormat.DOREVOKEFORMAT,
+                                                new Object[] {
+                                                        thisreq.getRequestId(),
+                                                        initiative,
+                                                        "completed",
+                                                        cert.getSubjectDN(),
+                                                        cert.getSerialNumber().toString(16),
+                                                        RevocationReason.fromInt(reason).toString() }
+                                                );
                                     }
                                 }
                             }
                         }
                     } else {
-                        mLogger.log(ILogger.EV_AUDIT, 
-                            ILogger.S_OTHER,
-                            AuditFormat.LEVEL,
-                            AuditFormat.NODNFORMAT,
-                            new Object[] {
-                                thisreq.getRequestType(),
-                                thisreq.getRequestId(),
-                                initiative,
-                                authMgr,
-                                "completed"}
-                        );
+                        mLogger.log(ILogger.EV_AUDIT,
+                                ILogger.S_OTHER,
+                                AuditFormat.LEVEL,
+                                AuditFormat.NODNFORMAT,
+                                new Object[] {
+                                        thisreq.getRequestType(),
+                                        thisreq.getRequestId(),
+                                        initiative,
+                                        authMgr,
+                                        "completed" }
+                                );
                     }
                 }
 
@@ -974,9 +973,9 @@ public class ConnectorServlet extends CMSServlet {
                 SessionContext.releaseContext();
             }
 
-            // NOTE:  The signed audit event
-            //        LOGGING_SIGNED_AUDIT_PROFILE_CERT_REQUEST
-            //        has already been logged at this point!
+            // NOTE: The signed audit event
+            // LOGGING_SIGNED_AUDIT_PROFILE_CERT_REQUEST
+            // has already been logged at this point!
 
             return replymsg;
         } catch (EBaseException e) {
@@ -991,17 +990,17 @@ public class ConnectorServlet extends CMSServlet {
 
             audit(auditMessage);
 
-            // NOTE:  The signed audit event
-            //        LOGGING_SIGNED_AUDIT_PROFILE_CERT_REQUEST
-            //        has either already been logged, or
-            //        does not yet matter at this point!
+            // NOTE: The signed audit event
+            // LOGGING_SIGNED_AUDIT_PROFILE_CERT_REQUEST
+            // has either already been logged, or
+            // does not yet matter at this point!
 
             return replymsg;
         }
     }
 
     protected X509Certificate
-    getPeerCert(HttpServletRequest req) throws EBaseException {
+            getPeerCert(HttpServletRequest req) throws EBaseException {
         return getSSLClientCertificate(req);
     }
 
@@ -1011,11 +1010,11 @@ public class ConnectorServlet extends CMSServlet {
 
     /**
      * Signed Audit Log
-     *
-     * This method is inherited by all extended "CMSServlet"s,
-     * and is called to store messages to the signed audit log.
+     * 
+     * This method is inherited by all extended "CMSServlet"s, and is called to
+     * store messages to the signed audit log.
      * <P>
-     *
+     * 
      * @param msg signed audit log message
      */
     protected void audit(String msg) {
@@ -1027,20 +1026,19 @@ public class ConnectorServlet extends CMSServlet {
         }
 
         mSignedAuditLogger.log(ILogger.EV_SIGNED_AUDIT,
-            null,
-            ILogger.S_SIGNED_AUDIT,
-            ILogger.LL_SECURITY,
-            msg);
+                null,
+                ILogger.S_SIGNED_AUDIT,
+                ILogger.LL_SECURITY,
+                msg);
     }
 
     /**
      * Signed Audit Log Profile ID
-     *
-     * This method is inherited by all extended "EnrollProfile"s,
-     * and is called to obtain the "ProfileID" for
-     * a signed audit log message.
+     * 
+     * This method is inherited by all extended "EnrollProfile"s, and is called
+     * to obtain the "ProfileID" for a signed audit log message.
      * <P>
-     *
+     * 
      * @return id string containing the signed audit log message ProfileID
      */
     protected String auditProfileID() {
@@ -1062,11 +1060,11 @@ public class ConnectorServlet extends CMSServlet {
 
     /**
      * Signed Audit Log Info Certificate Value
-     *
+     * 
      * This method is called to obtain the certificate from the passed in
      * "X509CertImpl" for a signed audit log message.
      * <P>
-     *
+     * 
      * @param request a Request containing an X509CertImpl
      * @return cert string containing the certificate
      */
@@ -1122,4 +1120,3 @@ public class ConnectorServlet extends CMSServlet {
         }
     }
 }
-
diff --git a/pki/base/common/src/com/netscape/cms/servlet/connector/GenerateKeyPairServlet.java b/pki/base/common/src/com/netscape/cms/servlet/connector/GenerateKeyPairServlet.java
index 2a024c3a..7c5f1fea 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/connector/GenerateKeyPairServlet.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/connector/GenerateKeyPairServlet.java
@@ -40,17 +40,14 @@ import com.netscape.certsrv.request.IRequestQueue;
 import com.netscape.cms.servlet.base.CMSServlet;
 import com.netscape.cms.servlet.common.CMSRequest;
 
-
-
 /**
- * GenerateKeyPairServlet
- *   handles "server-side key pair generation" requests from the
- * netkey RA. 
- *
+ * GenerateKeyPairServlet handles "server-side key pair generation" requests
+ * from the netkey RA.
+ * 
  * @author Christina Fu (cfu)
  * @version $Revision$, $Date$
  */
-//XXX add auditing later
+// XXX add auditing later
 public class GenerateKeyPairServlet extends CMSServlet {
 
     /**
@@ -68,7 +65,7 @@ public class GenerateKeyPairServlet extends CMSServlet {
 
     /**
      * Constructs GenerateKeyPair servlet.
-     *
+     * 
      */
     public GenerateKeyPairServlet() {
         super();
@@ -82,35 +79,29 @@ public class GenerateKeyPairServlet extends CMSServlet {
         if (authority != null)
             mAuthority = (IAuthority)
                     CMS.getSubsystem(authority);
-        
+
         mAuthSubsystem = (IAuthSubsystem) CMS.getSubsystem(CMS.SUBSYSTEM_AUTH);
     }
 
     /**
      * Returns serlvet information.
-     *
+     * 
      * @return name of this servlet
      */
-    public String getServletInfo() { 
-        return INFO; 
+    public String getServletInfo() {
+        return INFO;
     }
 
     /*
-     * processServerSideKeyGen -
-     *   handles netkey DRM serverside keygen.
-     * netkey operations: 
-     *  1. generate keypair (archive user priv key)
-     *  2. unwrap des key with transport key, then url decode it
-     *  3. wrap user priv key with des key
-     *  4. send the following to RA:
-     *      * des key wrapped(user priv key)
-     *      * user public key
-     *     (note: RA should have kek-wrapped des key from TKS)
-     *      * recovery blob (used for recovery)
+     * processServerSideKeyGen - handles netkey DRM serverside keygen. netkey
+     * operations: 1. generate keypair (archive user priv key) 2. unwrap des key
+     * with transport key, then url decode it 3. wrap user priv key with des key
+     * 4. send the following to RA: * des key wrapped(user priv key) * user
+     * public key (note: RA should have kek-wrapped des key from TKS) * recovery
+     * blob (used for recovery)
      */
     private void processServerSideKeyGen(HttpServletRequest req,
-      HttpServletResponse resp) throws EBaseException
-    {
+            HttpServletResponse resp) throws EBaseException {
         IRequestQueue queue = mAuthority.getRequestQueue();
         IRequest thisreq = null;
 
@@ -123,8 +114,8 @@ public class GenerateKeyPairServlet extends CMSServlet {
         String rCUID = req.getParameter("CUID");
         String rUserid = req.getParameter("userid");
         String rdesKeyString = req.getParameter("drm_trans_desKey");
-	String rArchive = req.getParameter("archive");
-	String rKeysize = req.getParameter("keysize");
+        String rArchive = req.getParameter("archive");
+        String rKeysize = req.getParameter("keysize");
 
         if ((rCUID == null) || (rCUID.equals(""))) {
             CMS.debug("GenerateKeyPairServlet: processServerSideKeygen(): missing request parameter: CUID");
@@ -136,19 +127,19 @@ public class GenerateKeyPairServlet extends CMSServlet {
             missingParam = true;
         }
 
-	if ((rKeysize == null) || (rKeysize.equals(""))) {
-	    rKeysize = "1024"; // default to 1024
-	}
+        if ((rKeysize == null) || (rKeysize.equals(""))) {
+            rKeysize = "1024"; // default to 1024
+        }
 
         if ((rdesKeyString == null) ||
-            (rdesKeyString.equals(""))) {
+                (rdesKeyString.equals(""))) {
             CMS.debug("GenerateKeyPairServlet: processServerSideKeygen(): missing request parameter: DRM-transportKey-wrapped DES key");
             missingParam = true;
         }
 
         if ((rArchive == null) || (rArchive.equals(""))) {
             CMS.debug("GenerateKeyPairServlet: processServerSideKeygen(): missing key archival flag 'archive' ,default to true");
-	    rArchive = "true";
+            rArchive = "true";
         }
 
         String selectedToken = null;
@@ -160,17 +151,17 @@ public class GenerateKeyPairServlet extends CMSServlet {
             thisreq.setExtData(IRequest.NETKEY_ATTR_CUID, rCUID);
             thisreq.setExtData(IRequest.NETKEY_ATTR_USERID, rUserid);
             thisreq.setExtData(IRequest.NETKEY_ATTR_DRMTRANS_DES_KEY, rdesKeyString);
-	    thisreq.setExtData(IRequest.NETKEY_ATTR_ARCHIVE_FLAG, rArchive);
-	    thisreq.setExtData(IRequest.NETKEY_ATTR_KEY_SIZE, rKeysize);
+            thisreq.setExtData(IRequest.NETKEY_ATTR_ARCHIVE_FLAG, rArchive);
+            thisreq.setExtData(IRequest.NETKEY_ATTR_KEY_SIZE, rKeysize);
 
-            queue.processRequest( thisreq );
+            queue.processRequest(thisreq);
             Integer result = thisreq.getExtDataInInteger(IRequest.RESULT);
             if (result != null) {
-		// sighs!  tps thinks 0 is good, and DRM thinks 1 is good
-		if (result.intValue() == 1)
-		    status = "0";
-		else
-		    status = result.toString();
+                // sighs! tps thinks 0 is good, and DRM thinks 1 is good
+                if (result.intValue() == 1)
+                    status = "0";
+                else
+                    status = result.toString();
             } else
                 status = "7";
 
@@ -184,40 +175,39 @@ public class GenerateKeyPairServlet extends CMSServlet {
         String wrappedPrivKeyString = "";
         String publicKeyString = "";
 
-        if( thisreq == null ) {
-            CMS.debug( "GenerateKeyPairServlet::processServerSideKeyGen() - "
-                     + "thisreq is null!" );
-            throw new EBaseException( "thisreq is null" );
+        if (thisreq == null) {
+            CMS.debug("GenerateKeyPairServlet::processServerSideKeyGen() - "
+                     + "thisreq is null!");
+            throw new EBaseException("thisreq is null");
         }
 
         publicKeyString = thisreq.getExtDataInString("public_key");
         wrappedPrivKeyString = thisreq.getExtDataInString("wrappedUserPrivate");
 
-	String ivString = thisreq.getExtDataInString("iv_s");
+        String ivString = thisreq.getExtDataInString("iv_s");
 
         /*
-          if (selectedToken == null)
-          status = "4";
-        */
-        if (!status.equals("0")) 
-            value = "status="+status;
+         * if (selectedToken == null) status = "4";
+         */
+        if (!status.equals("0"))
+            value = "status=" + status;
         else {
             StringBuffer sb = new StringBuffer();
             sb.append("status=0&");
-			sb.append("wrapped_priv_key=");
-			sb.append(wrappedPrivKeyString);
-			sb.append("&iv_param=");
-			sb.append(ivString);
+            sb.append("wrapped_priv_key=");
+            sb.append(wrappedPrivKeyString);
+            sb.append("&iv_param=");
+            sb.append(ivString);
             sb.append("&public_key=");
-			sb.append(publicKeyString);
+            sb.append(publicKeyString);
             value = sb.toString();
 
         }
-        CMS.debug("processServerSideKeyGen:outputString.encode " +value);
+        CMS.debug("processServerSideKeyGen:outputString.encode " + value);
 
-        try{
+        try {
             resp.setContentLength(value.length());
-            CMS.debug("GenerateKeyPairServlet:outputString.length " +value.length());
+            CMS.debug("GenerateKeyPairServlet:outputString.length " + value.length());
             OutputStream ooss = resp.getOutputStream();
             ooss.write(value.getBytes());
             ooss.flush();
@@ -227,20 +217,14 @@ public class GenerateKeyPairServlet extends CMSServlet {
         }
     }
 
-
-    /* 
-    
-     *   For GenerateKeyPair:
-     *
-     *   input:
-     *   CUID=value0
-     *   trans-wrapped-desKey=value1
-     *
-     *   output:
-     *   status=value0
-     *   publicKey=value1
-     *   desKey-wrapped-userPrivateKey=value2
-     *   proofOfArchival=value3
+    /*
+     * 
+     * For GenerateKeyPair:
+     * 
+     * input: CUID=value0 trans-wrapped-desKey=value1
+     * 
+     * output: status=value0 publicKey=value1
+     * desKey-wrapped-userPrivateKey=value2 proofOfArchival=value3
      */
 
     public void process(CMSRequest cmsReq) throws EBaseException {
@@ -258,7 +242,7 @@ public class GenerateKeyPairServlet extends CMSServlet {
 
         if (authzToken == null) {
 
-            try{
+            try {
                 resp.setContentType("text/html");
                 String value = "unauthorized=";
                 CMS.debug("GenerateKeyPairServlet: Unauthorized");
@@ -268,7 +252,7 @@ public class GenerateKeyPairServlet extends CMSServlet {
                 ooss.write(value.getBytes());
                 ooss.flush();
                 mRenderResult = false;
-            }catch (Exception e) {
+            } catch (Exception e) {
                 CMS.debug("GenerateKeyPairServlet: " + e.toString());
             }
 
@@ -277,28 +261,28 @@ public class GenerateKeyPairServlet extends CMSServlet {
         }
 
         // begin Netkey serverSideKeyGen and archival
-	CMS.debug("GenerateKeyPairServlet: processServerSideKeyGen would be called");
-	processServerSideKeyGen(req, resp);
-	return;
+        CMS.debug("GenerateKeyPairServlet: processServerSideKeyGen would be called");
+        processServerSideKeyGen(req, resp);
+        return;
         // end Netkey functions
 
     }
 
-    /** XXX remember tocheck peer SSL cert and get RA id later
-     *
+    /**
+     * XXX remember tocheck peer SSL cert and get RA id later
+     * 
      * Serves HTTP admin request.
-     *
+     * 
      * @param req HTTP request
      * @param resp HTTP response
      */
     public void service(HttpServletRequest req, HttpServletResponse resp)
-        throws ServletException, IOException {
+            throws ServletException, IOException {
         String scope = req.getParameter(Constants.OP_SCOPE);
         String op = req.getParameter(Constants.OP_TYPE);
 
-       super.service(req, resp);
+        super.service(req, resp);
 
- 
     }
 
 }
diff --git a/pki/base/common/src/com/netscape/cms/servlet/connector/TokenKeyRecoveryServlet.java b/pki/base/common/src/com/netscape/cms/servlet/connector/TokenKeyRecoveryServlet.java
index fa454bd6..758fb423 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/connector/TokenKeyRecoveryServlet.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/connector/TokenKeyRecoveryServlet.java
@@ -39,16 +39,14 @@ import com.netscape.certsrv.request.IRequestQueue;
 import com.netscape.cms.servlet.base.CMSServlet;
 import com.netscape.cms.servlet.common.CMSRequest;
 
-
 /**
- * TokenKeyRecoveryServlet
- *   handles "key recovery service" requests from the
+ * TokenKeyRecoveryServlet handles "key recovery service" requests from the
  * netkey TPS
- *
+ * 
  * @author Christina Fu (cfu)
  * @version $Revision$, $Date$
  */
-//XXX add auditing later
+// XXX add auditing later
 public class TokenKeyRecoveryServlet extends CMSServlet {
 
     /**
@@ -65,7 +63,7 @@ public class TokenKeyRecoveryServlet extends CMSServlet {
 
     /**
      * Constructs TokenKeyRecovery servlet.
-     *
+     * 
      */
     public TokenKeyRecoveryServlet() {
         super();
@@ -79,25 +77,25 @@ public class TokenKeyRecoveryServlet extends CMSServlet {
         if (authority != null)
             mAuthority = (IAuthority)
                     CMS.getSubsystem(authority);
-        
+
         mAuthSubsystem = (IAuthSubsystem) CMS.getSubsystem(CMS.SUBSYSTEM_AUTH);
     }
 
     /**
      * Returns serlvet information.
-     *
+     * 
      * @return name of this servlet
      */
-    public String getServletInfo() { 
-        return INFO; 
+    public String getServletInfo() {
+        return INFO;
     }
 
-   /**
+    /**
      * Process the HTTP request.
-     *
+     * 
      * @param s The URL to decode
      */
-     protected String URLdecode(String s) {
+    protected String URLdecode(String s) {
         if (s == null)
             return null;
         ByteArrayOutputStream out = new ByteArrayOutputStream(s.length());
@@ -117,39 +115,30 @@ public class TokenKeyRecoveryServlet extends CMSServlet {
             }
         } // end for
         return out.toString();
-     }
+    }
 
     /*
-     * processTokenKeyRecovery
-     *   handles netkey key recovery requests
-     * input params are:
-     *  CUID - the CUID of the old token where the keys/certs were initially for
-     *  userid - the userid that belongs to both the old token and the new token
-     *  drm_trans_desKey - the des key generated for the NEW token
-     *                            wrapped with DRM transport key
-     *  cert - the user cert corresponding to the key to be recovered
-     *
-     * operations: 
-     *  1. unwrap des key with transport key, then url decode it
-     *  2. retrieve user private key
-     *  3. wrap user priv key with des key
-     *  4. send the following to RA:
-     *      * des key wrapped(user priv key)
-     *     (note: RA should have kek-wrapped des key from TKS)
-     *      * recovery blob (used for recovery)
-     *
-     * output params are:
-     *   status=value0
-     *   publicKey=value1
-     *   desKey-wrapped-userPrivateKey=value2
+     * processTokenKeyRecovery handles netkey key recovery requests input params
+     * are: CUID - the CUID of the old token where the keys/certs were initially
+     * for userid - the userid that belongs to both the old token and the new
+     * token drm_trans_desKey - the des key generated for the NEW token wrapped
+     * with DRM transport key cert - the user cert corresponding to the key to
+     * be recovered
+     * 
+     * operations: 1. unwrap des key with transport key, then url decode it 2.
+     * retrieve user private key 3. wrap user priv key with des key 4. send the
+     * following to RA: * des key wrapped(user priv key) (note: RA should have
+     * kek-wrapped des key from TKS) * recovery blob (used for recovery)
+     * 
+     * output params are: status=value0 publicKey=value1
+     * desKey-wrapped-userPrivateKey=value2
      */
     private void processTokenKeyRecovery(HttpServletRequest req,
-      HttpServletResponse resp) throws EBaseException
-    {
+            HttpServletResponse resp) throws EBaseException {
         IRequestQueue queue = mAuthority.getRequestQueue();
         IRequest thisreq = null;
-        
-	//        IConfigStore sconfig = CMS.getConfigStore();
+
+        // IConfigStore sconfig = CMS.getConfigStore();
         boolean missingParam = false;
         String status = "0";
 
@@ -158,7 +147,7 @@ public class TokenKeyRecoveryServlet extends CMSServlet {
         String rCUID = req.getParameter("CUID");
         String rUserid = req.getParameter("userid");
         String rdesKeyString = req.getParameter("drm_trans_desKey");
-	String rCert = req.getParameter("cert");
+        String rCert = req.getParameter("cert");
 
         if ((rCUID == null) || (rCUID.equals(""))) {
             CMS.debug("TokenKeyRecoveryServlet: processTokenKeyRecovery(): missing request parameter: CUID");
@@ -171,7 +160,7 @@ public class TokenKeyRecoveryServlet extends CMSServlet {
         }
 
         if ((rdesKeyString == null) ||
-            (rdesKeyString.equals(""))) {
+                (rdesKeyString.equals(""))) {
             CMS.debug("TokenKeyRecoveryServlet: processTokenKeyRecovery(): missing request parameter: DRM-transportKey-wrapped des key");
             missingParam = true;
         }
@@ -192,18 +181,18 @@ public class TokenKeyRecoveryServlet extends CMSServlet {
             thisreq.setExtData(IRequest.NETKEY_ATTR_DRMTRANS_DES_KEY, rdesKeyString);
             thisreq.setExtData(IRequest.NETKEY_ATTR_USER_CERT, rCert);
 
-	    //XXX auto process for netkey
-	    queue.processRequest( thisreq );
-	    //	    IService svc = (IService) new TokenKeyRecoveryService(kra);
-	    //	    svc.serviceRequest(thisreq);
+            // XXX auto process for netkey
+            queue.processRequest(thisreq);
+            // IService svc = (IService) new TokenKeyRecoveryService(kra);
+            // svc.serviceRequest(thisreq);
 
             Integer result = thisreq.getExtDataInInteger(IRequest.RESULT);
             if (result != null) {
-		// sighs!  tps thinks 0 is good, and drm thinks 1 is good
-		if (result.intValue() == 1)
-		    status ="0";
-		else
-		    status = result.toString();
+                // sighs! tps thinks 0 is good, and drm thinks 1 is good
+                if (result.intValue() == 1)
+                    status = "0";
+                else
+                    status = result.toString();
             } else
                 status = "7";
 
@@ -218,25 +207,25 @@ public class TokenKeyRecoveryServlet extends CMSServlet {
         String wrappedPrivKeyString = "";
         String publicKeyString = "";
         String ivString = "";
-	/* if is RECOVERY_PROTOTYPE
-        String recoveryBlobString = "";
-
-        IKeyRecord kr = (IKeyRecord) thisreq.get("keyRecord");
-        byte publicKey_b[] = kr.getPublicKeyData();
-
-        BigInteger serialNo = kr.getSerialNumber();
-
-        String serialNumberString =
-            com.netscape.cmsutil.util.Utils.SpecialEncode(serialNo.toByteArray());
-
-        recoveryBlobString = (String)
-            thisreq.get("recoveryBlob");
-	*/
-
-        if( thisreq == null ) {
-            CMS.debug( "TokenKeyRecoveryServlet::processTokenKeyRecovery() - "
-                     + "thisreq is null!" );
-            throw new EBaseException( "thisreq is null" );
+        /*
+         * if is RECOVERY_PROTOTYPE String recoveryBlobString = "";
+         * 
+         * IKeyRecord kr = (IKeyRecord) thisreq.get("keyRecord"); byte
+         * publicKey_b[] = kr.getPublicKeyData();
+         * 
+         * BigInteger serialNo = kr.getSerialNumber();
+         * 
+         * String serialNumberString =
+         * com.netscape.cmsutil.util.Utils.SpecialEncode
+         * (serialNo.toByteArray());
+         * 
+         * recoveryBlobString = (String) thisreq.get("recoveryBlob");
+         */
+
+        if (thisreq == null) {
+            CMS.debug("TokenKeyRecoveryServlet::processTokenKeyRecovery() - "
+                     + "thisreq is null!");
+            throw new EBaseException("thisreq is null");
         }
 
         publicKeyString = thisreq.getExtDataInString("public_key");
@@ -244,11 +233,10 @@ public class TokenKeyRecoveryServlet extends CMSServlet {
 
         ivString = thisreq.getExtDataInString("iv_s");
         /*
-          if (selectedToken == null)
-          status = "4";
-        */
-        if (!status.equals("0")) 
-            value = "status="+status;
+         * if (selectedToken == null) status = "4";
+         */
+        if (!status.equals("0"))
+            value = "status=" + status;
         else {
             StringBuffer sb = new StringBuffer();
             sb.append("status=0&");
@@ -259,13 +247,13 @@ public class TokenKeyRecoveryServlet extends CMSServlet {
             sb.append("&iv_param=");
             sb.append(ivString);
             value = sb.toString();
-            
+
         }
-        CMS.debug("ProcessTokenKeyRecovery:outputString.encode " +value);
+        CMS.debug("ProcessTokenKeyRecovery:outputString.encode " + value);
 
-        try{
+        try {
             resp.setContentLength(value.length());
-            CMS.debug("TokenKeyRecoveryServlet:outputString.length " +value.length());
+            CMS.debug("TokenKeyRecoveryServlet:outputString.length " + value.length());
             OutputStream ooss = resp.getOutputStream();
             ooss.write(value.getBytes());
             ooss.flush();
@@ -275,19 +263,13 @@ public class TokenKeyRecoveryServlet extends CMSServlet {
         }
     }
 
-
-    /* 
-     *   For TokenKeyRecovery
-     *
-     *   input:
-     *   CUID=value0
-     *   trans-wrapped-desKey=value1
-     *
-     *   output:
-     *   status=value0
-     *   publicKey=value1
-     *   desKey-wrapped-userPrivateKey=value2
-     *   proofOfArchival=value3
+    /*
+     * For TokenKeyRecovery
+     * 
+     * input: CUID=value0 trans-wrapped-desKey=value1
+     * 
+     * output: status=value0 publicKey=value1
+     * desKey-wrapped-userPrivateKey=value2 proofOfArchival=value3
      */
 
     public void process(CMSRequest cmsReq) throws EBaseException {
@@ -305,7 +287,7 @@ public class TokenKeyRecoveryServlet extends CMSServlet {
 
         if (authzToken == null) {
 
-            try{
+            try {
                 resp.setContentType("text/html");
                 String value = "unauthorized=";
                 CMS.debug("TokenKeyRecoveryServlet: Unauthorized");
@@ -315,7 +297,7 @@ public class TokenKeyRecoveryServlet extends CMSServlet {
                 ooss.write(value.getBytes());
                 ooss.flush();
                 mRenderResult = false;
-            }catch (Exception e) {
+            } catch (Exception e) {
                 CMS.debug("TokenKeyRecoveryServlet: " + e.toString());
             }
 
@@ -324,28 +306,28 @@ public class TokenKeyRecoveryServlet extends CMSServlet {
         }
 
         // begin Netkey serverSideKeyGen and archival
-	CMS.debug("TokenKeyRecoveryServlet: processTokenKeyRecovery would be called");
-	processTokenKeyRecovery(req, resp);
-	return;
+        CMS.debug("TokenKeyRecoveryServlet: processTokenKeyRecovery would be called");
+        processTokenKeyRecovery(req, resp);
+        return;
         // end Netkey functions
 
     }
 
-    /** XXX remember to check peer SSL cert and get RA id later
-     *
+    /**
+     * XXX remember to check peer SSL cert and get RA id later
+     * 
      * Serves HTTP admin request.
-     *
+     * 
      * @param req HTTP request
      * @param resp HTTP response
      */
     public void service(HttpServletRequest req, HttpServletResponse resp)
-        throws ServletException, IOException {
+            throws ServletException, IOException {
         String scope = req.getParameter(Constants.OP_SCOPE);
         String op = req.getParameter(Constants.OP_TYPE);
 
-       super.service(req, resp);
+        super.service(req, resp);
 
- 
     }
 
 }
diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/AdminAuthenticatePanel.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/AdminAuthenticatePanel.java
index a2509287..8482e71b 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/AdminAuthenticatePanel.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/AdminAuthenticatePanel.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.servlet.csadmin;
 
-
 import java.io.IOException;
 import java.util.StringTokenizer;
 
@@ -41,19 +40,20 @@ import com.netscape.cms.servlet.wizard.WizardServlet;
 
 public class AdminAuthenticatePanel extends WizardPanelBase {
 
-    public AdminAuthenticatePanel() {}
+    public AdminAuthenticatePanel() {
+    }
 
     /**
      * Initializes this panel.
      */
-    public void init(ServletConfig config, int panelno) 
-        throws ServletException {
+    public void init(ServletConfig config, int panelno)
+            throws ServletException {
         setPanelNo(panelno);
         setName("Admin Authentication");
     }
 
     public void init(WizardServlet servlet, ServletConfig config, int panelno, String id)
-        throws ServletException {
+            throws ServletException {
         setPanelNo(panelno);
         setName("Admin Authentication");
         setId(id);
@@ -62,24 +62,24 @@ public class AdminAuthenticatePanel extends WizardPanelBase {
     public boolean isSubPanel() {
         return true;
     }
-                                                                                
+
     /**
      * Should we skip this panel for the configuration.
      */
     public boolean shouldSkip() {
         CMS.debug("AdminAuthenticatePanel: should skip");
-                                                                                
+
         IConfigStore cs = CMS.getConfigStore();
         // if we are root, no need to get the certificate chain.
-                                                                                
+
         try {
-            String select = cs.getString("preop.subsystem.select","");
+            String select = cs.getString("preop.subsystem.select", "");
             if (select.equals("new")) {
                 return true;
             }
         } catch (EBaseException e) {
         }
-                                                                                
+
         return false;
     }
 
@@ -103,15 +103,16 @@ public class AdminAuthenticatePanel extends WizardPanelBase {
             } else {
                 return true;
             }
-        } catch (EBaseException e) {}
+        } catch (EBaseException e) {
+        }
         return false;
     }
 
     public PropertySet getUsage() {
         PropertySet set = new PropertySet();
-                                                                                
+
         /* XXX */
-                                                                                
+
         return set;
     }
 
@@ -125,12 +126,12 @@ public class AdminAuthenticatePanel extends WizardPanelBase {
         IConfigStore config = CMS.getConfigStore();
 
         if (isPanelDone()) {
-            
+
             try {
                 String s = config.getString("preop.master.admin.uid", "");
                 String type = config.getString("preop.subsystem.select", "");
                 if (type.equals("clone"))
-                    context.put("uid", s); 
+                    context.put("uid", s);
                 else
                     context.put("uid", "");
             } catch (Exception e) {
@@ -170,7 +171,7 @@ public class AdminAuthenticatePanel extends WizardPanelBase {
         cstype = toLowerCaseSubsystemType(cstype);
 
         if (subsystemtype.equals("clone")) {
-            CMS.debug("AdminAuthenticatePanel: this is the clone subsystem"); 
+            CMS.debug("AdminAuthenticatePanel: this is the clone subsystem");
             String uid = HttpInput.getUID(request, "uid");
             if (uid == null) {
                 context.put("errorString", "Uid is empty");
@@ -185,7 +186,7 @@ public class AdminAuthenticatePanel extends WizardPanelBase {
             try {
                 host = config.getString("preop.master.hostname");
             } catch (Exception e) {
-                CMS.debug("AdminAuthenticatePanel update: "+e.toString());
+                CMS.debug("AdminAuthenticatePanel update: " + e.toString());
                 context.put("errorString", "Missing hostname for master");
                 throw new IOException("Missing hostname");
             }
@@ -193,7 +194,7 @@ public class AdminAuthenticatePanel extends WizardPanelBase {
             try {
                 httpsport = config.getInteger("preop.master.httpsadminport");
             } catch (Exception e) {
-                CMS.debug("AdminAuthenticatePanel update: "+e.toString());
+                CMS.debug("AdminAuthenticatePanel update: " + e.toString());
                 context.put("errorString", "Missing port for master");
                 throw new IOException("Missing port");
             }
@@ -235,10 +236,10 @@ public class AdminAuthenticatePanel extends WizardPanelBase {
                 c1.append("cloning.");
                 c1.append(t1);
                 c1.append(".pubkey.encoded");
-                
-                if (s1.length()!=0)
+
+                if (s1.length() != 0)
                     s1.append(",");
- 
+
                 s1.append(cstype);
                 s1.append(".");
                 s1.append(t1);
@@ -248,11 +249,11 @@ public class AdminAuthenticatePanel extends WizardPanelBase {
                 c1.append(",preop.ca.hostname,preop.ca.httpport,preop.ca.httpsport,preop.ca.list,preop.ca.pkcs7,preop.ca.type");
             }
 
-            String content = "uid="+uid+"&pwd="+pwd+"&op=get&names=cloning.module.token,instanceId,internaldb.basedn,internaldb.ldapauth.password,internaldb.replication.password,internaldb.ldapconn.host,internaldb.ldapconn.port,internaldb.ldapauth.bindDN"+c1.toString()+"&substores="+s1.toString();
+            String content = "uid=" + uid + "&pwd=" + pwd + "&op=get&names=cloning.module.token,instanceId,internaldb.basedn,internaldb.ldapauth.password,internaldb.replication.password,internaldb.ldapconn.host,internaldb.ldapconn.port,internaldb.ldapauth.bindDN" + c1.toString() + "&substores=" + s1.toString();
 
             boolean success = updateConfigEntries(host, httpsport, true,
-              "/"+cstype+"/admin/"+cstype+"/getConfigEntries", content, config,
-              response);
+                    "/" + cstype + "/admin/" + cstype + "/getConfigEntries", content, config,
+                    response);
 
             try {
                 config.commit(false);
@@ -285,16 +286,15 @@ public class AdminAuthenticatePanel extends WizardPanelBase {
      * If validiate() returns false, this method will be called.
      */
     public void displayError(HttpServletRequest request,
-        HttpServletResponse response,
-        Context context)
-    {
+            HttpServletResponse response,
+            Context context) {
         context.put("title", "Admin Authentication");
         context.put("password", "");
         context.put("panel", "admin/console/config/adminauthenticatepanel.vm");
     }
 
     private boolean isCertdbCloned(HttpServletRequest request,
-      Context context) {
+            Context context) {
         IConfigStore config = CMS.getConfigStore();
         String certList = "";
         try {
@@ -306,13 +306,13 @@ public class AdminAuthenticatePanel extends WizardPanelBase {
                 String tokenname = config.getString("preop.module.token", "");
                 CryptoToken tok = cm.getTokenByName(tokenname);
                 CryptoStore store = tok.getCryptoStore();
-                String name1 = "preop.master."+token+".nickname";
+                String name1 = "preop.master." + token + ".nickname";
                 String nickname = config.getString(name1, "");
                 if (!tokenname.equals("Internal Key Storage Token") &&
-                  !tokenname.equals("internal"))
-                    nickname = tokenname+":"+nickname;
+                        !tokenname.equals("internal"))
+                    nickname = tokenname + ":" + nickname;
 
-                CMS.debug("AdminAuthenticatePanel isCertdbCloned: "+nickname);
+                CMS.debug("AdminAuthenticatePanel isCertdbCloned: " + nickname);
                 X509Certificate cert = cm.findCertByNickname(nickname);
                 if (cert == null)
                     return false;
diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/AdminPanel.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/AdminPanel.java
index 78bb9485..c865741c 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/AdminPanel.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/AdminPanel.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.servlet.csadmin;
 
-
 import java.io.ByteArrayInputStream;
 import java.io.ByteArrayOutputStream;
 import java.io.File;
@@ -70,13 +69,14 @@ public class AdminPanel extends WizardPanelBase {
     private static final String ADMIN_UID = "admin";
     private final static String CERT_TAG = "admin";
 
-    public AdminPanel() {}
+    public AdminPanel() {
+    }
 
     /**
      * Initializes this panel.
      */
-    public void init(ServletConfig config, int panelno) 
-        throws ServletException {
+    public void init(ServletConfig config, int panelno)
+            throws ServletException {
         setPanelNo(panelno);
         setName("Administrator");
     }
@@ -101,27 +101,37 @@ public class AdminPanel extends WizardPanelBase {
             } else {
                 return true;
             }
-        } catch (Exception e) {}
+        } catch (Exception e) {
+        }
 
         return false;
     }
 
     public PropertySet getUsage() {
         PropertySet set = new PropertySet();
-                                                                                
-        Descriptor emailDesc = new Descriptor(IDescriptor.STRING, null, /* no constraint */
+
+        Descriptor emailDesc = new Descriptor(IDescriptor.STRING, null, /*
+                                                                         * no
+                                                                         * constraint
+                                                                         */
                 null, /* no default parameter */
                 "Email address for an administrator");
 
         set.add("admin_email", emailDesc);
 
-        Descriptor pwdDesc = new Descriptor(IDescriptor.STRING, null, /* no constraint */
+        Descriptor pwdDesc = new Descriptor(IDescriptor.STRING, null, /*
+                                                                       * no
+                                                                       * constraint
+                                                                       */
                 null, /* no default parameter */
                 "Administrator's password");
 
         set.add("pwd", pwdDesc);
 
-        Descriptor pwdAgainDesc = new Descriptor(IDescriptor.STRING, null, /* no constraint */
+        Descriptor pwdAgainDesc = new Descriptor(IDescriptor.STRING, null, /*
+                                                                            * no
+                                                                            * constraint
+                                                                            */
                 null, /* no default parameter */
                 "Administrator's password again");
 
@@ -152,7 +162,8 @@ public class AdminPanel extends WizardPanelBase {
         try {
             type = cs.getString("preop.ca.type", "");
             subsystemtype = cs.getString("cs.type", "");
-        } catch (Exception e) {}
+        } catch (Exception e) {
+        }
 
         if (isPanelDone()) {
             try {
@@ -161,11 +172,12 @@ public class AdminPanel extends WizardPanelBase {
                 context.put("admin_pwd", "");
                 context.put("admin_pwd_again", "");
                 context.put("admin_uid", cs.getString("preop.admin.uid"));
-            } catch (Exception e) {}
+            } catch (Exception e) {
+            }
         } else {
             String def_admin_name = "";
             try {
-              def_admin_name = cs.getString("cs.type") + " Administrator of Instance " + cs.getString("instanceId");
+                def_admin_name = cs.getString("cs.type") + " Administrator of Instance " + cs.getString("instanceId");
             } catch (EBaseException e) {
             }
             context.put("admin_name", def_admin_name);
@@ -176,7 +188,7 @@ public class AdminPanel extends WizardPanelBase {
         }
         ISubsystem ca = (ISubsystem) CMS.getSubsystem("ca");
 
-        if (ca == null) { 
+        if (ca == null) {
             context.put("ca", "false");
         } else {
             context.put("ca", "true");
@@ -186,13 +198,14 @@ public class AdminPanel extends WizardPanelBase {
         String domainname = "";
         try {
             domainname = cs.getString("securitydomain.name", "");
-        } catch (EBaseException e1) {}
+        } catch (EBaseException e1) {
+        }
         context.put("securityDomain", domainname);
         context.put("title", "Administrator");
         context.put("panel", "admin/console/config/adminpanel.vm");
         context.put("errorString", "");
         context.put("info", info);
-        
+
     }
 
     /**
@@ -200,8 +213,7 @@ public class AdminPanel extends WizardPanelBase {
      */
     public void validate(HttpServletRequest request,
             HttpServletResponse response,
-            Context context) throws IOException
-    {
+            Context context) throws IOException {
         String pwd = HttpInput.getPassword(request, "__pwd");
         String pwd_again = HttpInput.getPassword(request, "__admin_password_again");
         String email = HttpInput.getEmail(request, "email");
@@ -256,13 +268,14 @@ public class AdminPanel extends WizardPanelBase {
         try {
             type = config.getString(PRE_CA_TYPE, "");
             subsystemtype = config.getString("cs.type", "");
-            security_domain_type = config.getString("securitydomain.select","");
+            security_domain_type = config.getString("securitydomain.select", "");
             selected_hierarchy = config.getString("preop.hierarchy.select", "");
-        } catch (Exception e) {}
+        } catch (Exception e) {
+        }
 
         ISubsystem ca = (ISubsystem) CMS.getSubsystem("ca");
 
-        if (ca == null) { 
+        if (ca == null) {
             context.put("ca", "false");
         } else {
             context.put("ca", "true");
@@ -286,13 +299,13 @@ public class AdminPanel extends WizardPanelBase {
             throw e;
         }
 
-        // REMINDER:  This panel is NOT used by "clones"
-        if( ca != null ) {
-            if( selected_hierarchy.equals( "root" ) ) {
-                CMS.debug( "AdminPanel update:  "
+        // REMINDER: This panel is NOT used by "clones"
+        if (ca != null) {
+            if (selected_hierarchy.equals("root")) {
+                CMS.debug("AdminPanel update:  "
                          + "Root CA subsystem");
             } else {
-                CMS.debug( "AdminPanel update:  "
+                CMS.debug("AdminPanel update:  "
                          + "Subordinate CA subsystem");
             }
 
@@ -309,10 +322,10 @@ public class AdminPanel extends WizardPanelBase {
             String ca_hostname = null;
             int ca_port = -1;
 
-            // REMINDER:  This panel is NOT used by "clones"
-            CMS.debug( "AdminPanel update:  "
+            // REMINDER: This panel is NOT used by "clones"
+            CMS.debug("AdminPanel update:  "
                          + subsystemtype
-                         + " subsystem" );
+                         + " subsystem");
 
             if (type.equals("sdca")) {
                 try {
@@ -339,10 +352,11 @@ public class AdminPanel extends WizardPanelBase {
 
         try {
             config.commit(false);
-        } catch (Exception e) {}
+        } catch (Exception e) {
+        }
 
         context.put("updateStatus", "success");
-    
+
     }
 
     private void createAdmin(HttpServletRequest request) throws IOException {
@@ -459,13 +473,15 @@ public class AdminPanel extends WizardPanelBase {
         try {
             sd_hostname = config.getString("securitydomain.host", "");
             sd_port = config.getInteger("securitydomain.httpseeport");
-        } catch (Exception e) {}
+        } catch (Exception e) {
+        }
 
         String profileId = HttpInput.getID(request, "profileId");
         if (profileId == null) {
             try {
                 profileId = config.getString("preop.admincert.profile", "caAdminCert");
-            } catch (Exception e) {}
+            } catch (Exception e) {
+            }
         }
 
         String cert_request_type = HttpInput.getID(request, "cert_request_type");
@@ -474,7 +490,7 @@ public class AdminPanel extends WizardPanelBase {
         String session_id = CMS.getConfigSDSessionId();
         String subjectDN = HttpInput.getString(request, "subject");
 
-        String content = "profileId="+profileId+"&cert_request_type="+cert_request_type+"&cert_request="+cert_request+"&xmlOutput=true&sessionID="+session_id+"&subject="+subjectDN;
+        String content = "profileId=" + profileId + "&cert_request_type=" + cert_request_type + "&cert_request=" + cert_request + "&xmlOutput=true&sessionID=" + session_id + "&subject=" + subjectDN;
 
         HttpClient httpclient = new HttpClient();
         String c = null;
@@ -497,7 +513,7 @@ public class AdminPanel extends WizardPanelBase {
 
             c = httpresponse.getContent();
             CMS.debug("AdminPanel submitRequest: content=" + c);
-            
+
             // retrieve the request Id ad admin certificate
             if (c != null) {
                 try {
@@ -508,15 +524,15 @@ public class AdminPanel extends WizardPanelBase {
                     try {
                         parser = new XMLObject(bis);
                     } catch (Exception e) {
-                        CMS.debug( "AdminPanel::submitRequest() - "
-                                 + "Exception="+e.toString() );
-                        throw new IOException( e.toString() );
+                        CMS.debug("AdminPanel::submitRequest() - "
+                                 + "Exception=" + e.toString());
+                        throw new IOException(e.toString());
                     }
                     String status = parser.getValue("Status");
 
                     CMS.debug("AdminPanel update: status=" + status);
                     if (status.equals("2")) {
-                        //relogin to the security domain
+                        // relogin to the security domain
                         reloginSecurityDomain(response);
                         return;
                     } else if (!status.equals("0")) {
@@ -525,7 +541,7 @@ public class AdminPanel extends WizardPanelBase {
                         context.put("errorString", error);
                         throw new IOException(error);
                     }
- 
+
                     IConfigStore cs = CMS.getConfigStore();
                     String id = parser.getValue("Id");
 
@@ -539,7 +555,7 @@ public class AdminPanel extends WizardPanelBase {
                             + File.separator + "admin.b64";
 
                     cs.putString("preop.admincert.b64", dir);
-                    PrintStream ps = new PrintStream(new FileOutputStream(dir)); 
+                    PrintStream ps = new PrintStream(new FileOutputStream(dir));
 
                     ps.println(b64);
                     ps.flush();
@@ -564,9 +580,9 @@ public class AdminPanel extends WizardPanelBase {
         String cert_request_type = HttpInput.getID(request, "cert_request_type");
         IConfigStore cs = CMS.getConfigStore();
 
-        if( cs == null ) {
-            CMS.debug( "AdminPanel::createAdminCertificate() - cs is null!" );
-            throw new IOException( "cs is null" );
+        if (cs == null) {
+            CMS.debug("AdminPanel::createAdminCertificate() - cs is null!");
+            throw new IOException("cs is null");
         }
 
         String subject = "";
@@ -582,10 +598,10 @@ public class AdminPanel extends WizardPanelBase {
                         "AdminPanel createAdminCertificate: Exception="
                                 + e.toString());
             }
-        // this request is from IE. The VBScript has problem of generating
-        // certificate request if the subject name has E and UID components.
-        // For now, we always hardcoded the subject DN to be cn=NAME in 
-        // the IE browser.
+            // this request is from IE. The VBScript has problem of generating
+            // certificate request if the subject name has E and UID components.
+            // For now, we always hardcoded the subject DN to be cn=NAME in
+            // the IE browser.
         } else if (cert_request_type.equals("pkcs10")) {
             try {
                 byte[] b = CMS.AtoB(cert_request);
@@ -594,33 +610,33 @@ public class AdminPanel extends WizardPanelBase {
                 x509key = pkcs10.getSubjectPublicKeyInfo();
             } catch (Exception e) {
                 CMS.debug("AdminPanel createAdminCertificate: Exception="
-                  + e.toString());
+                        + e.toString());
             }
         }
 
-        if( x509key == null ) {
-            CMS.debug( "AdminPanel::createAdminCertificate() - x509key is null!" );
-            throw new IOException( "x509key is null" );
+        if (x509key == null) {
+            CMS.debug("AdminPanel::createAdminCertificate() - x509key is null!");
+            throw new IOException("x509key is null");
         }
 
         try {
             cs.putString(PCERT_PREFIX + CERT_TAG + ".dn", subject);
             String caType = cs.getString(PCERT_PREFIX + CERT_TAG + ".type", "local");
             X509CertImpl impl = CertUtil.createLocalCert(cs, x509key,
-              PCERT_PREFIX, CERT_TAG, caType, context);
+                    PCERT_PREFIX, CERT_TAG, caType, context);
 
             // update the locally created request for renewal
-            CertUtil.updateLocalRequest(cs, CERT_TAG, cert_request,cert_request_type, subject);
+            CertUtil.updateLocalRequest(cs, CERT_TAG, cert_request, cert_request_type, subject);
 
             ISubsystem ca = (ISubsystem) CMS.getSubsystem("ca");
             if (ca != null) {
                 createPKCS7(impl);
             }
             cs.putString("preop.admincert.serialno.0",
-              impl.getSerialNumber().toString(16));
+                    impl.getSerialNumber().toString(16));
         } catch (Exception e) {
             CMS.debug("AdminPanel createAdminCertificate: Exception="
-              + e.toString());
+                    + e.toString());
         }
     }
 
@@ -640,8 +656,9 @@ public class AdminPanel extends WizardPanelBase {
 
         try {
             type = cs.getString("preop.ca.type", "");
-        } catch (Exception e) {}
-        if (ca == null && type.equals("otherca")) { 
+        } catch (Exception e) {
+        }
+        if (ca == null && type.equals("otherca")) {
             info = "Since you do not join the Redhat CA network, the administrator's certificate will not be generated automatically.";
         }
         context.put("info", info);
@@ -655,7 +672,7 @@ public class AdminPanel extends WizardPanelBase {
     public boolean shouldSkip() {
         try {
             IConfigStore c = CMS.getConfigStore();
-            String s = c.getString("preop.subsystem.select",null);
+            String s = c.getString("preop.subsystem.select", null);
             if (s != null && s.equals("clone")) {
                 return true;
             }
@@ -665,11 +682,10 @@ public class AdminPanel extends WizardPanelBase {
         return false;
     }
 
-
     private void createPKCS7(X509CertImpl cert) {
         try {
             IConfigStore cs = CMS.getConfigStore();
-            ICertificateAuthority ca = (ICertificateAuthority)CMS.getSubsystem("ca");
+            ICertificateAuthority ca = (ICertificateAuthority) CMS.getSubsystem("ca");
             CertificateChain cachain = ca.getCACertChain();
             X509Certificate[] cacerts = cachain.getChain();
             X509CertImpl[] userChain = new X509CertImpl[cacerts.length + 1];
@@ -681,7 +697,7 @@ public class AdminPanel extends WizardPanelBase {
 
             userChain[0] = cert;
             PKCS7 p7 = new PKCS7(new AlgorithmId[0],
-              new ContentInfo(new byte[0]), userChain, new SignerInfo[0]);
+                    new ContentInfo(new byte[0]), userChain, new SignerInfo[0]);
             ByteArrayOutputStream bos = new ByteArrayOutputStream();
 
             p7.encodeSignedData(bos);
@@ -689,7 +705,7 @@ public class AdminPanel extends WizardPanelBase {
             String p7Str = CMS.BtoA(p7Bytes);
             cs.putString("preop.admincert.pkcs7", CryptoUtil.normalizeCertStr(p7Str));
         } catch (Exception e) {
-            CMS.debug("AdminPanel createPKCS7: Failed to create pkcs7 file. Exception: "+e.toString());
+            CMS.debug("AdminPanel createPKCS7: Failed to create pkcs7 file. Exception: " + e.toString());
         }
     }
 }
diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/AgentAuthenticatePanel.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/AgentAuthenticatePanel.java
index a62b22b7..4e2ab363 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/AgentAuthenticatePanel.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/AgentAuthenticatePanel.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.servlet.csadmin;
 
-
 import java.io.IOException;
 
 import javax.servlet.ServletConfig;
@@ -36,19 +35,20 @@ import com.netscape.cms.servlet.wizard.WizardServlet;
 
 public class AgentAuthenticatePanel extends WizardPanelBase {
 
-    public AgentAuthenticatePanel() {}
+    public AgentAuthenticatePanel() {
+    }
 
     /**
      * Initializes this panel.
      */
-    public void init(ServletConfig config, int panelno) 
-        throws ServletException {
+    public void init(ServletConfig config, int panelno)
+            throws ServletException {
         setPanelNo(panelno);
         setName("Agent Authentication");
     }
 
     public void init(WizardServlet servlet, ServletConfig config, int panelno, String id)
-        throws ServletException {
+            throws ServletException {
         setPanelNo(panelno);
         setName("Agent Authentication");
         setId(id);
@@ -57,18 +57,18 @@ public class AgentAuthenticatePanel extends WizardPanelBase {
     public boolean isSubPanel() {
         return true;
     }
-                                                                                
+
     /**
      * Should we skip this panel for the configuration.
      */
     public boolean shouldSkip() {
         CMS.debug("DisplayCertChainPanel: should skip");
-                                                                                
+
         IConfigStore cs = CMS.getConfigStore();
         // if we are root, no need to get the certificate chain.
-                                                                                
+
         try {
-            String select = cs.getString("securitydomain.select","");
+            String select = cs.getString("securitydomain.select", "");
             if (select.equals("new")) {
                 return true;
             }
@@ -78,7 +78,7 @@ public class AgentAuthenticatePanel extends WizardPanelBase {
                 return true;
         } catch (EBaseException e) {
         }
-                                                                                
+
         return false;
     }
 
@@ -96,15 +96,16 @@ public class AgentAuthenticatePanel extends WizardPanelBase {
             } else {
                 return true;
             }
-        } catch (EBaseException e) {}
+        } catch (EBaseException e) {
+        }
         return false;
     }
 
     public PropertySet getUsage() {
         PropertySet set = new PropertySet();
-                                                                                
+
         /* XXX */
-                                                                                
+
         return set;
     }
 
@@ -118,14 +119,14 @@ public class AgentAuthenticatePanel extends WizardPanelBase {
         IConfigStore config = CMS.getConfigStore();
 
         if (isPanelDone()) {
-            
+
             try {
                 String s = config.getString("preop.ca.agent.uid", "");
                 String type = config.getString("preop.hierarchy.select", "");
                 if (type.equals("root"))
                     context.put("uid", "");
                 else
-                    context.put("uid", s); 
+                    context.put("uid", s);
             } catch (Exception e) {
                 CMS.debug(e.toString());
             }
@@ -143,8 +144,7 @@ public class AgentAuthenticatePanel extends WizardPanelBase {
      */
     public void validate(HttpServletRequest request,
             HttpServletResponse response,
-            Context context) throws IOException 
-    {
+            Context context) throws IOException {
     }
 
     /**
@@ -182,34 +182,34 @@ public class AgentAuthenticatePanel extends WizardPanelBase {
             try {
                 host = config.getString("preop.ca.hostname");
             } catch (Exception e) {
-                CMS.debug("AgentAuthenticatePanel update: "+e.toString());
+                CMS.debug("AgentAuthenticatePanel update: " + e.toString());
                 context.put("errorString", "Missing hostname");
                 throw new IOException("Missing hostname");
             }
-         
+
             try {
                 httpsport = config.getInteger("preop.ca.httpsport");
             } catch (Exception e) {
-                CMS.debug("AgentAuthenticatePanel update: "+e.toString());
+                CMS.debug("AgentAuthenticatePanel update: " + e.toString());
                 context.put("errorString", "Missing port");
                 throw new IOException("Missing port");
             }
 
-/*
-             // Bugzilla Bug #583825 - CC: Obsolete servlets to be removed from
-             //                        web.xml as part of CC interface review
-             boolean authenticated = authenticate(host, httpsport, true,
-             "/ca/ee/ca/checkIdentity", "uid="+uid+"&pwd="+pwd);
-
-             if (!authenticated) {
-                 context.put("errorString", "Wrong user id or password");
-                 throw new IOException("Wrong user id or password");
-             }
-*/
+            /*
+             * // Bugzilla Bug #583825 - CC: Obsolete servlets to be removed
+             * from // web.xml as part of CC interface review boolean
+             * authenticated = authenticate(host, httpsport, true,
+             * "/ca/ee/ca/checkIdentity", "uid="+uid+"&pwd="+pwd);
+             * 
+             * if (!authenticated) { context.put("errorString",
+             * "Wrong user id or password"); throw new
+             * IOException("Wrong user id or password"); }
+             */
 
             try {
                 config.commit(false);
-            } catch (EBaseException e) {}
+            } catch (EBaseException e) {
+            }
         }
     }
 
@@ -217,9 +217,8 @@ public class AgentAuthenticatePanel extends WizardPanelBase {
      * If validiate() returns false, this method will be called.
      */
     public void displayError(HttpServletRequest request,
-        HttpServletResponse response,
-        Context context)
-    {
+            HttpServletResponse response,
+            Context context) {
         context.put("password", "");
         context.put("title", "Agent Authentication");
         context.put("panel", "admin/console/config/agentauthenticatepanel.vm");
diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/AuthenticatePanel.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/AuthenticatePanel.java
index ceab1d8d..6700b931 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/AuthenticatePanel.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/AuthenticatePanel.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.servlet.csadmin;
 
-
 import java.io.IOException;
 
 import javax.servlet.ServletConfig;
@@ -36,19 +35,20 @@ import com.netscape.cms.servlet.wizard.WizardServlet;
 
 public class AuthenticatePanel extends WizardPanelBase {
 
-    public AuthenticatePanel() {}
+    public AuthenticatePanel() {
+    }
 
     /**
      * Initializes this panel.
      */
-    public void init(ServletConfig config, int panelno) 
-        throws ServletException {
+    public void init(ServletConfig config, int panelno)
+            throws ServletException {
         setPanelNo(panelno);
         setName("Authentication");
     }
 
     public void init(WizardServlet servlet, ServletConfig config, int panelno, String id)
-        throws ServletException {
+            throws ServletException {
         setPanelNo(panelno);
         setName("Authentication");
         setId(id);
@@ -62,21 +62,22 @@ public class AuthenticatePanel extends WizardPanelBase {
     public boolean isPanelDone() {
         IConfigStore cs = CMS.getConfigStore();
         try {
-            String s = cs.getString("preop.ca.agent.uid","");
+            String s = cs.getString("preop.ca.agent.uid", "");
             if (s == null || s.equals("")) {
                 return false;
             } else {
                 return true;
             }
-        } catch (EBaseException e) {}
+        } catch (EBaseException e) {
+        }
         return false;
     }
 
     public PropertySet getUsage() {
         PropertySet set = new PropertySet();
-                                                                                
+
         /* XXX */
-                                                                                
+
         return set;
     }
 
@@ -90,14 +91,14 @@ public class AuthenticatePanel extends WizardPanelBase {
         IConfigStore config = CMS.getConfigStore();
 
         if (isPanelDone()) {
-            
+
             try {
                 String s = config.getString("preop.ca.agent.uid", "");
                 String type = config.getString("preop.hierarchy.select", "");
                 if (type.equals("root"))
                     context.put("uid", "");
                 else
-                    context.put("uid", s); 
+                    context.put("uid", s);
             } catch (Exception e) {
                 CMS.debug(e.toString());
             }
@@ -151,30 +152,31 @@ public class AuthenticatePanel extends WizardPanelBase {
             try {
                 host = config.getString("preop.ca.hostname");
             } catch (Exception e) {
-                CMS.debug("AuthenticatePanel update: "+e.toString());
+                CMS.debug("AuthenticatePanel update: " + e.toString());
                 context.put("errorString", "Missing hostname");
                 throw new IOException("Missing hostname");
             }
-         
+
             try {
                 httpsport = config.getInteger("preop.ca.httpsport");
             } catch (Exception e) {
-                CMS.debug("AuthenticatePanel update: "+e.toString());
+                CMS.debug("AuthenticatePanel update: " + e.toString());
                 context.put("errorString", "Missing port");
                 throw new IOException("Missing port");
             }
 
-             boolean authenticated = authenticate(host, httpsport, true,
-             "/ca/ee/ca/configSubsystem", "uid="+uid+"&pwd="+pwd);
+            boolean authenticated = authenticate(host, httpsport, true,
+                    "/ca/ee/ca/configSubsystem", "uid=" + uid + "&pwd=" + pwd);
 
-             if (!authenticated) {
-                 context.put("errorString", "Wrong user id or password");
-                 throw new IOException("Wrong user id or password");
-             }
+            if (!authenticated) {
+                context.put("errorString", "Wrong user id or password");
+                throw new IOException("Wrong user id or password");
+            }
 
             try {
                 config.commit(false);
-            } catch (EBaseException e) {}
+            } catch (EBaseException e) {
+            }
         }
     }
 
@@ -182,9 +184,8 @@ public class AuthenticatePanel extends WizardPanelBase {
      * If validiate() returns false, this method will be called.
      */
     public void displayError(HttpServletRequest request,
-        HttpServletResponse response,
-        Context context)
-    {
+            HttpServletResponse response,
+            Context context) {
         context.put("password", "");
         context.put("panel", "admin/console/config/authenticatepanel.vm");
     }
diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/BackupKeyCertPanel.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/BackupKeyCertPanel.java
index 77977808..d7f35540 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/BackupKeyCertPanel.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/BackupKeyCertPanel.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.servlet.csadmin;
 
-
 import java.io.ByteArrayOutputStream;
 import java.io.CharConversionException;
 import java.io.IOException;
@@ -71,19 +70,20 @@ import com.netscape.cmsutil.crypto.CryptoUtil;
 
 public class BackupKeyCertPanel extends WizardPanelBase {
 
-    public BackupKeyCertPanel() {}
+    public BackupKeyCertPanel() {
+    }
 
     /**
      * Initializes this panel.
      */
-    public void init(ServletConfig config, int panelno) 
-        throws ServletException {
+    public void init(ServletConfig config, int panelno)
+            throws ServletException {
         setPanelNo(panelno);
         setName("Export Keys and Certificates");
     }
 
     public void init(WizardServlet servlet, ServletConfig config, int panelno, String id)
-        throws ServletException {
+            throws ServletException {
         setPanelNo(panelno);
         setName("Export Keys and Certificates");
         setId(id);
@@ -105,11 +105,11 @@ public class BackupKeyCertPanel extends WizardPanelBase {
 
         try {
             String s = cs.getString("preop.module.token", "");
-            if (s.equals("Internal Key Storage Token")) 
+            if (s.equals("Internal Key Storage Token"))
                 return false;
         } catch (Exception e) {
         }
- 
+
         return true;
     }
 
@@ -122,15 +122,16 @@ public class BackupKeyCertPanel extends WizardPanelBase {
             } else {
                 return true;
             }
-        } catch (EBaseException e) {}
+        } catch (EBaseException e) {
+        }
         return false;
     }
 
     public PropertySet getUsage() {
         PropertySet set = new PropertySet();
-                                                                                
+
         /* XXX */
-                                                                                
+
         return set;
     }
 
@@ -170,7 +171,7 @@ public class BackupKeyCertPanel extends WizardPanelBase {
      * Checks if the given parameters are valid.
      */
     public void validate(HttpServletRequest request,
-      HttpServletResponse response, Context context) throws IOException {
+            HttpServletResponse response, Context context) throws IOException {
         String select = HttpInput.getID(request, "choice");
         if (select.equals("backupkey")) {
             String pwd = request.getParameter("__pwd");
@@ -219,9 +220,8 @@ public class BackupKeyCertPanel extends WizardPanelBase {
      * If validiate() returns false, this method will be called.
      */
     public void displayError(HttpServletRequest request,
-        HttpServletResponse response,
-        Context context)
-    {
+            HttpServletResponse response,
+            Context context) {
         String select = "";
         try {
             select = HttpInput.getID(request, "choice");
@@ -242,8 +242,8 @@ public class BackupKeyCertPanel extends WizardPanelBase {
         context.put("panel", "admin/console/config/backupkeycertpanel.vm");
     }
 
-    public void backupKeysCerts(HttpServletRequest request) 
-      throws IOException {
+    public void backupKeysCerts(HttpServletRequest request)
+            throws IOException {
         CMS.debug("BackupKeyCertPanel backupKeysCerts: start");
         IConfigStore cs = CMS.getConfigStore();
         String certlist = "";
@@ -257,9 +257,9 @@ public class BackupKeyCertPanel extends WizardPanelBase {
         try {
             cm = CryptoManager.getInstance();
         } catch (Exception e) {
-            CMS.debug( "BackupKeyCertPanel::backupKeysCerts() - "
-                     + "Exception="+e.toString() );
-            throw new IOException( e.toString() );
+            CMS.debug("BackupKeyCertPanel::backupKeysCerts() - "
+                     + "Exception=" + e.toString());
+            throw new IOException(e.toString());
         }
 
         String pwd = request.getParameter("__pwd");
@@ -273,12 +273,12 @@ public class BackupKeyCertPanel extends WizardPanelBase {
             String nickname = "";
             String modname = "";
             try {
-                nickname = cs.getString("preop.cert."+t+".nickname");
+                nickname = cs.getString("preop.cert." + t + ".nickname");
                 modname = cs.getString("preop.module.token");
             } catch (Exception e) {
             }
             if (!modname.equals("Internal Key Storage Token"))
-                nickname = modname+":"+nickname;
+                nickname = modname + ":" + nickname;
 
             X509Certificate x509cert = null;
             byte localKeyId[] = null;
@@ -288,7 +288,7 @@ public class BackupKeyCertPanel extends WizardPanelBase {
             } catch (IOException e) {
                 throw e;
             } catch (Exception e) {
-                CMS.debug("BackupKeyCertPanel: Exception="+e.toString());
+                CMS.debug("BackupKeyCertPanel: Exception=" + e.toString());
                 throw new IOException("Failed to create pkcs12 file.");
             }
 
@@ -296,22 +296,22 @@ public class BackupKeyCertPanel extends WizardPanelBase {
                 PrivateKey pkey = cm.findPrivKeyByCert(x509cert);
                 addKeyBag(pkey, x509cert, pass, localKeyId, encSafeContents);
             } catch (Exception e) {
-                CMS.debug("BackupKeyCertPanel: Exception="+e.toString());
+                CMS.debug("BackupKeyCertPanel: Exception=" + e.toString());
                 throw new IOException("Failed to create pkcs12 file.");
             }
-        } //while loop
-   
+        } // while loop
+
         X509Certificate[] cacerts = cm.getCACerts();
 
-        for (int i=0; i<cacerts.length; i++) {
-            //String nickname = cacerts[i].getSubjectDN().toString();
+        for (int i = 0; i < cacerts.length; i++) {
+            // String nickname = cacerts[i].getSubjectDN().toString();
             String nickname = null;
             try {
                 byte[] localKeyId = addCertBag(cacerts[i], nickname, safeContents);
             } catch (IOException e) {
                 throw e;
             } catch (Exception e) {
-                CMS.debug("BackupKeyCertPanel backKeysCerts: Exception="+e.toString());
+                CMS.debug("BackupKeyCertPanel backKeysCerts: Exception=" + e.toString());
                 throw new IOException("Failed to create pkcs12 file.");
             }
         }
@@ -319,9 +319,9 @@ public class BackupKeyCertPanel extends WizardPanelBase {
         try {
             AuthenticatedSafes authSafes = new AuthenticatedSafes();
             authSafes.addSafeContents(safeContents);
-            authSafes.addSafeContents(encSafeContents);                  
+            authSafes.addSafeContents(encSafeContents);
             PFX pfx = new PFX(authSafes);
-            pfx.computeMacData(pass, null, 5); 
+            pfx.computeMacData(pass, null, 5);
             ByteArrayOutputStream bos = new ByteArrayOutputStream();
             pfx.encode(bos);
             byte[] output = bos.toByteArray();
@@ -329,13 +329,13 @@ public class BackupKeyCertPanel extends WizardPanelBase {
             pass.clear();
             cs.commit(false);
         } catch (Exception e) {
-            CMS.debug("BackupKeyCertPanel backupKeysCerts: Exception="+e.toString());
+            CMS.debug("BackupKeyCertPanel backupKeysCerts: Exception=" + e.toString());
         }
     }
 
     private void addKeyBag(PrivateKey pkey, X509Certificate x509cert,
-      Password pass, byte[] localKeyId, SEQUENCE safeContents) 
-      throws IOException {
+            Password pass, byte[] localKeyId, SEQUENCE safeContents)
+            throws IOException {
         try {
             PasswordConverter passConverter = new PasswordConverter();
 
@@ -344,23 +344,23 @@ public class BackupKeyCertPanel extends WizardPanelBase {
             byte[] priData = getEncodedKey(pkey);
 
             PrivateKeyInfo pki = (PrivateKeyInfo)
-              ASN1Util.decode(PrivateKeyInfo.getTemplate(), priData);
+                    ASN1Util.decode(PrivateKeyInfo.getTemplate(), priData);
             ASN1Value key = EncryptedPrivateKeyInfo.createPBE(
-              PBEAlgorithm.PBE_SHA1_DES3_CBC,
-              pass, salt, 1, passConverter, pki);
+                    PBEAlgorithm.PBE_SHA1_DES3_CBC,
+                    pass, salt, 1, passConverter, pki);
             SET keyAttrs = createBagAttrs(
-              x509cert.getSubjectDN().toString(), localKeyId);
-            SafeBag keyBag = new SafeBag(SafeBag.PKCS8_SHROUDED_KEY_BAG, 
-              key, keyAttrs);
+                    x509cert.getSubjectDN().toString(), localKeyId);
+            SafeBag keyBag = new SafeBag(SafeBag.PKCS8_SHROUDED_KEY_BAG,
+                    key, keyAttrs);
             safeContents.addElement(keyBag);
         } catch (Exception e) {
-            CMS.debug("BackupKeyCertPanel getKeyBag: Exception="+e.toString());
+            CMS.debug("BackupKeyCertPanel getKeyBag: Exception=" + e.toString());
             throw new IOException("Failed to create pk12 file.");
         }
     }
 
-    private byte[] addCertBag(X509Certificate x509cert, String nickname, 
-      SEQUENCE safeContents) throws IOException {
+    private byte[] addCertBag(X509Certificate x509cert, String nickname,
+            SEQUENCE safeContents) throws IOException {
         byte[] localKeyId = null;
         try {
             ASN1Value cert = new OCTET_STRING(x509cert.getEncoded());
@@ -369,10 +369,10 @@ public class BackupKeyCertPanel extends WizardPanelBase {
             if (nickname != null)
                 certAttrs = createBagAttrs(nickname, localKeyId);
             SafeBag certBag = new SafeBag(SafeBag.CERT_BAG,
-              new CertBag(CertBag.X509_CERT_TYPE, cert), certAttrs);
+                    new CertBag(CertBag.X509_CERT_TYPE, cert), certAttrs);
             safeContents.addElement(certBag);
         } catch (Exception e) {
-            CMS.debug("BackupKeyCertPanel addCertBag: "+e.toString());
+            CMS.debug("BackupKeyCertPanel addCertBag: " + e.toString());
             throw new IOException("Failed to create pk12 file.");
         }
 
@@ -386,7 +386,7 @@ public class BackupKeyCertPanel extends WizardPanelBase {
             KeyGenerator kg = token.getKeyGenerator(KeyGenAlgorithm.DES3);
             SymmetricKey sk = kg.generate();
             KeyWrapper wrapper = token.getKeyWrapper(KeyWrapAlgorithm.DES3_CBC_PAD);
-            byte iv[] = {0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1};
+            byte iv[] = { 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1 };
             IVParameterSpec param = new IVParameterSpec(iv);
             wrapper.initWrap(sk, param);
             byte[] enckey = wrapper.wrap(pkey);
@@ -395,14 +395,14 @@ public class BackupKeyCertPanel extends WizardPanelBase {
             byte[] recovered = c.doFinal(enckey);
             return recovered;
         } catch (Exception e) {
-            CMS.debug("BackupKeyCertPanel getEncodedKey: Exception="+e.toString());
+            CMS.debug("BackupKeyCertPanel getEncodedKey: Exception=" + e.toString());
         }
 
         return null;
     }
 
-    private byte[] createLocalKeyId(X509Certificate cert) 
-      throws IOException {
+    private byte[] createLocalKeyId(X509Certificate cert)
+            throws IOException {
         try {
             // SHA1 hash of the X509Cert der encoding
             byte certDer[] = cert.getEncoded();
@@ -412,16 +412,16 @@ public class BackupKeyCertPanel extends WizardPanelBase {
             md.update(certDer);
             return md.digest();
         } catch (CertificateEncodingException e) {
-            CMS.debug("BackupKeyCertPanel createLocalKeyId: Exception: "+e.toString());
+            CMS.debug("BackupKeyCertPanel createLocalKeyId: Exception: " + e.toString());
             throw new IOException("Failed to encode certificate.");
         } catch (NoSuchAlgorithmException e) {
-            CMS.debug("BackupKeyCertPanel createLocalKeyId: Exception: "+e.toString());
+            CMS.debug("BackupKeyCertPanel createLocalKeyId: Exception: " + e.toString());
             throw new IOException("No such algorithm supported.");
         }
     }
 
     private SET createBagAttrs(String nickName, byte localKeyId[])
-      throws IOException {
+            throws IOException {
         try {
             SET attrs = new SET();
             SEQUENCE nickNameAttr = new SEQUENCE();
@@ -442,7 +442,7 @@ public class BackupKeyCertPanel extends WizardPanelBase {
             attrs.addElement(localKeyAttr);
             return attrs;
         } catch (CharConversionException e) {
-            CMS.debug("BackupKeyCertPanel createBagAttrs: Exception="+e.toString());
+            CMS.debug("BackupKeyCertPanel createBagAttrs: Exception=" + e.toString());
             throw new IOException("Failed to create PKCS12 file.");
         }
     }
diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/BaseServlet.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/BaseServlet.java
index 01d06631..46371017 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/BaseServlet.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/BaseServlet.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.servlet.csadmin;
 
-
 import java.io.IOException;
 import java.util.Enumeration;
 
@@ -30,7 +29,6 @@ import org.apache.velocity.servlet.VelocityServlet;
 
 import com.netscape.certsrv.apps.CMS;
 
-
 public class BaseServlet extends VelocityServlet {
 
     /**
@@ -53,7 +51,8 @@ public class BaseServlet extends VelocityServlet {
         if (pin == null) {
             try {
                 response.sendRedirect("login");
-            } catch (IOException e) {}
+            } catch (IOException e) {
+            }
             return false;
         }
         return true;
@@ -66,29 +65,29 @@ public class BaseServlet extends VelocityServlet {
         while (paramNames.hasMoreElements()) {
             String pn = (String) paramNames.nextElement();
             // added this facility so that password can be hidden,
-            // all sensitive parameters should be prefixed with 
+            // all sensitive parameters should be prefixed with
             // __ (double underscores); however, in the event that
             // a security parameter slips through, we perform multiple
             // additional checks to insure that it is NOT displayed
-            if( pn.startsWith("__")                         ||
-                pn.endsWith("password")                     ||
-                pn.endsWith("passwd")                       ||
-                pn.endsWith("pwd")                          ||
-                pn.equalsIgnoreCase("admin_password_again") ||
-                pn.equalsIgnoreCase("directoryManagerPwd")  ||
-                pn.equalsIgnoreCase("bindpassword")         ||
-                pn.equalsIgnoreCase("bindpwd")              ||
-                pn.equalsIgnoreCase("passwd")               ||
-                pn.equalsIgnoreCase("password")             ||
-                pn.equalsIgnoreCase("pin")                  ||
-                pn.equalsIgnoreCase("pwd")                  ||
-                pn.equalsIgnoreCase("pwdagain")             ||
-                pn.equalsIgnoreCase("uPasswd") ) {
-               CMS.debug("BaseServlet::service() param name='" + pn +
-                         "' value='(sensitive)'" );
+            if (pn.startsWith("__") ||
+                    pn.endsWith("password") ||
+                    pn.endsWith("passwd") ||
+                    pn.endsWith("pwd") ||
+                    pn.equalsIgnoreCase("admin_password_again") ||
+                    pn.equalsIgnoreCase("directoryManagerPwd") ||
+                    pn.equalsIgnoreCase("bindpassword") ||
+                    pn.equalsIgnoreCase("bindpwd") ||
+                    pn.equalsIgnoreCase("passwd") ||
+                    pn.equalsIgnoreCase("password") ||
+                    pn.equalsIgnoreCase("pin") ||
+                    pn.equalsIgnoreCase("pwd") ||
+                    pn.equalsIgnoreCase("pwdagain") ||
+                    pn.equalsIgnoreCase("uPasswd")) {
+                CMS.debug("BaseServlet::service() param name='" + pn +
+                         "' value='(sensitive)'");
             } else {
-               CMS.debug("BaseServlet::service() param name='" + pn +
-                         "' value='" + httpReq.getParameter(pn) + "'" );
+                CMS.debug("BaseServlet::service() param name='" + pn +
+                         "' value='" + httpReq.getParameter(pn) + "'");
             }
         }
     }
diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/CAInfoPanel.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/CAInfoPanel.java
index 33a0ff69..f48f4d2f 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/CAInfoPanel.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/CAInfoPanel.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.servlet.csadmin;
 
-
 import java.io.IOException;
 import java.net.URL;
 import java.util.StringTokenizer;
@@ -39,19 +38,20 @@ import com.netscape.cms.servlet.wizard.WizardServlet;
 
 public class CAInfoPanel extends WizardPanelBase {
 
-    public CAInfoPanel() {}
+    public CAInfoPanel() {
+    }
 
     /**
      * Initializes this panel.
      */
-    public void init(ServletConfig config, int panelno) 
-        throws ServletException {
+    public void init(ServletConfig config, int panelno)
+            throws ServletException {
         setPanelNo(panelno);
         setName("CA Information");
     }
 
-    public void init(WizardServlet servlet, ServletConfig config, int panelno, String id) 
-        throws ServletException {
+    public void init(WizardServlet servlet, ServletConfig config, int panelno, String id)
+            throws ServletException {
         setPanelNo(panelno);
         setName("CA Information");
         setId(id);
@@ -82,14 +82,15 @@ public class CAInfoPanel extends WizardPanelBase {
             } else {
                 return true;
             }
-        } catch (Exception e) {}
+        } catch (Exception e) {
+        }
 
         return false;
     }
 
     public PropertySet getUsage() {
         PropertySet set = new PropertySet();
-                                                                                
+
         return set;
     }
 
@@ -118,15 +119,18 @@ public class CAInfoPanel extends WizardPanelBase {
 
             try {
                 hostname = cs.getString("preop.ca.hostname");
-            } catch (Exception e) {}
+            } catch (Exception e) {
+            }
 
             try {
                 httpport = cs.getString("preop.ca.httpport");
-            } catch (Exception e) {}
+            } catch (Exception e) {
+            }
 
             try {
                 httpsport = cs.getString("preop.ca.httpsport");
-            } catch (Exception e) {}
+            } catch (Exception e) {
+            }
 
             if (type.equals("sdca")) {
                 context.put("check_sdca", "checked");
@@ -143,12 +147,11 @@ public class CAInfoPanel extends WizardPanelBase {
         String cstype = "CA";
         String portType = "SecurePort";
 
-/*
-        try {
-            cstype = cs.getString("cs.type", "");
-        } catch (EBaseException e) {}
-*/
-                                                                                
+        /*
+         * try { cstype = cs.getString("cs.type", ""); } catch (EBaseException
+         * e) {}
+         */
+
         CMS.debug("CAInfoPanel: Ready to get url");
         Vector v = getUrlListFromSecurityDomain(cs, cstype, portType);
         v.addElement("External CA");
@@ -163,12 +166,13 @@ public class CAInfoPanel extends WizardPanelBase {
                 list.append(",");
             }
         }
-                                                                                
+
         try {
             cs.putString("preop.ca.list", list.toString());
             cs.commit(false);
-        } catch (Exception e) {}
-                                                                                
+        } catch (Exception e) {
+        }
+
         context.put("urls", v);
 
         context.put("sdcaHostname", hostname);
@@ -196,11 +200,9 @@ public class CAInfoPanel extends WizardPanelBase {
             Context context) throws IOException {
 
         /*
-         String select = request.getParameter("choice");
-         if (select == null) {
-         CMS.debug("CAInfoPanel: choice not found");
-         throw new IOException("choice not found");
-         }
+         * String select = request.getParameter("choice"); if (select == null) {
+         * CMS.debug("CAInfoPanel: choice not found"); throw new
+         * IOException("choice not found"); }
          */
         IConfigStore config = CMS.getConfigStore();
 
@@ -213,25 +215,26 @@ public class CAInfoPanel extends WizardPanelBase {
 
         String select = null;
         String index = request.getParameter("urls");
-        String url = ""; 
+        String url = "";
         if (index.startsWith("http")) {
-           // user may submit url directlry
-           url = index;
+            // user may submit url directlry
+            url = index;
         } else {
-          try {
-            int x = Integer.parseInt(index);
-            String list = config.getString("preop.ca.list", "");
-            StringTokenizer tokenizer = new StringTokenizer(list, ",");
-            int counter = 0;
-
-            while (tokenizer.hasMoreTokens()) {
-                url = tokenizer.nextToken();
-                if (counter == x) {
-                    break;
+            try {
+                int x = Integer.parseInt(index);
+                String list = config.getString("preop.ca.list", "");
+                StringTokenizer tokenizer = new StringTokenizer(list, ",");
+                int counter = 0;
+
+                while (tokenizer.hasMoreTokens()) {
+                    url = tokenizer.nextToken();
+                    if (counter == x) {
+                        break;
+                    }
+                    counter++;
                 }
-                counter++;
+            } catch (Exception e) {
             }
-          } catch (Exception e) {}
         }
 
         URL urlx = null;
@@ -240,7 +243,7 @@ public class CAInfoPanel extends WizardPanelBase {
             select = "otherca";
             config.putString("preop.ca.pkcs7", "");
             config.putInteger("preop.ca.certchain.size", 0);
-        } else { 
+        } else {
             select = "sdca";
 
             // parse URL (CA1 - https://...)
@@ -272,7 +275,8 @@ public class CAInfoPanel extends WizardPanelBase {
 
         try {
             config.commit(false);
-        } catch (Exception e) {}
+        } catch (Exception e) {
+        }
     }
 
     private void sdca(HttpServletRequest request, Context context, String hostname, String httpsPortStr) throws IOException {
@@ -301,9 +305,9 @@ public class CAInfoPanel extends WizardPanelBase {
         config.putString("preop.ca.hostname", hostname);
         config.putString("preop.ca.httpsport", httpsPortStr);
         ConfigCertApprovalCallback certApprovalCallback = new ConfigCertApprovalCallback();
-        updateCertChainUsingSecureEEPort( config, "ca", hostname,
+        updateCertChainUsingSecureEEPort(config, "ca", hostname,
                                           httpsport, true, context,
-                                          certApprovalCallback );
+                                          certApprovalCallback);
     }
 
     /**
diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/Cert.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/Cert.java
index fb8c2d9c..0aedded8 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/Cert.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/Cert.java
@@ -17,9 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.servlet.csadmin;
 
-
-
-
 public class Cert {
     private String mNickname = "";
     private String mTokenname = "";
@@ -116,8 +113,8 @@ public class Cert {
     }
 
     public String escapeForHTML(String s) {
-      s = s.replaceAll("\"", "&quot;");
-      return s;
+        s = s.replaceAll("\"", "&quot;");
+        return s;
     }
 
     public String getEscapedDN() {
diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/CertPrettyPrintPanel.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/CertPrettyPrintPanel.java
index 30bcc78d..119dead0 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/CertPrettyPrintPanel.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/CertPrettyPrintPanel.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.servlet.csadmin;
 
-
 import java.io.IOException;
 import java.util.Locale;
 import java.util.StringTokenizer;
@@ -42,19 +41,20 @@ import com.netscape.cmsutil.crypto.CryptoUtil;
 public class CertPrettyPrintPanel extends WizardPanelBase {
     private Vector mCerts = null;
 
-    public CertPrettyPrintPanel() {}
+    public CertPrettyPrintPanel() {
+    }
 
     /**
      * Initializes this panel.
      */
-    public void init(ServletConfig config, int panelno) 
-        throws ServletException {
+    public void init(ServletConfig config, int panelno)
+            throws ServletException {
         setPanelNo(panelno);
         setName("Certificates");
     }
 
     public void init(WizardServlet servlet, ServletConfig config, int panelno, String id)
-        throws ServletException {
+            throws ServletException {
         setPanelNo(panelno);
         setName("Certificates");
         setId(id);
@@ -63,7 +63,7 @@ public class CertPrettyPrintPanel extends WizardPanelBase {
     public PropertySet getUsage() {
         // expects no input from client
         PropertySet set = new PropertySet();
-                                                                                
+
         return set;
     }
 
@@ -83,7 +83,8 @@ public class CertPrettyPrintPanel extends WizardPanelBase {
             } else {
                 return true;
             }
-        } catch (EBaseException e) {}
+        } catch (EBaseException e) {
+        }
 
         return false;
     }
@@ -153,7 +154,7 @@ public class CertPrettyPrintPanel extends WizardPanelBase {
                 } catch (Exception e) {
                     CMS.debug(
                             "CertPrettyPrintPanel: display() certTag " + certTag
-                            + " Exception caught: " + e.toString());
+                                    + " Exception caught: " + e.toString());
                 }
             }
         } catch (Exception e) {
@@ -192,7 +193,7 @@ public class CertPrettyPrintPanel extends WizardPanelBase {
             config.commit(false);
         } catch (EBaseException e) {
             CMS.debug(
-                  "CertPrettyPrintPanel: update() Exception caught at config commit: "
+                    "CertPrettyPrintPanel: update() Exception caught at config commit: "
                             + e.toString());
         }
     }
diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/CertRequestPanel.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/CertRequestPanel.java
index 5e783b1a..d8710c08 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/CertRequestPanel.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/CertRequestPanel.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.servlet.csadmin;
 
-
 import java.io.IOException;
 import java.math.BigInteger;
 import java.security.Principal;
@@ -58,35 +57,39 @@ public class CertRequestPanel extends WizardPanelBase {
     private Vector mCerts = null;
     private WizardServlet mServlet = null;
 
-    public CertRequestPanel() {}
+    public CertRequestPanel() {
+    }
 
     /**
      * Initializes this panel.
      */
-    public void init(ServletConfig config, int panelno) 
-        throws ServletException {
+    public void init(ServletConfig config, int panelno)
+            throws ServletException {
         setPanelNo(panelno);
         setName("Requests & Certificates");
     }
 
     public void init(WizardServlet servlet, ServletConfig config, int panelno, String id)
-        throws ServletException {
+            throws ServletException {
         setPanelNo(panelno);
         setName("Requests and Certificates");
         mServlet = servlet;
         setId(id);
     }
 
-    // XXX how do you do this?  There could be multiple certs.
+    // XXX how do you do this? There could be multiple certs.
     public PropertySet getUsage() {
         PropertySet set = new PropertySet();
-                                                                                
-        Descriptor certDesc = new Descriptor(IDescriptor.STRING, null, /* no constraint */
+
+        Descriptor certDesc = new Descriptor(IDescriptor.STRING, null, /*
+                                                                        * no
+                                                                        * constraint
+                                                                        */
                 null, /* no default parameters */
                 null);
 
         set.add("cert", certDesc);
-                                                                                
+
         return set;
     }
 
@@ -95,13 +98,13 @@ public class CertRequestPanel extends WizardPanelBase {
      */
     public boolean showApplyButton() {
         if (isPanelDone())
-          return false;
+            return false;
         else
-          return true;
+            return true;
     }
 
-    private boolean findCertificate(String tokenname, String nickname) 
-      throws IOException {
+    private boolean findCertificate(String tokenname, String nickname)
+            throws IOException {
         IConfigStore cs = CMS.getConfigStore();
         CryptoManager cm = null;
         try {
@@ -114,7 +117,7 @@ public class CertRequestPanel extends WizardPanelBase {
         boolean hardware = false;
         if (!tokenname.equals("internal") && !tokenname.equals("Internal Key Storage Token")) {
             hardware = true;
-            fullnickname = tokenname+":"+nickname;
+            fullnickname = tokenname + ":" + nickname;
         }
 
         try {
@@ -126,16 +129,16 @@ public class CertRequestPanel extends WizardPanelBase {
                 return true;
             } catch (Exception ee) {
                 if (hardware) {
-                    CMS.debug("CertRequestPanel findCertificate: The certificate with the same nickname: "+ fullnickname +" has been found on HSM. Please remove it before proceeding.");
-                    throw new IOException("The certificate with the same nickname: "+ fullnickname +" has been found on HSM. Please remove it before proceeding.");
+                    CMS.debug("CertRequestPanel findCertificate: The certificate with the same nickname: " + fullnickname + " has been found on HSM. Please remove it before proceeding.");
+                    throw new IOException("The certificate with the same nickname: " + fullnickname + " has been found on HSM. Please remove it before proceeding.");
                 }
                 return true;
             }
         } catch (IOException e) {
-            CMS.debug("CertRequestPanel findCertificate: throw exception:"+e.toString());
+            CMS.debug("CertRequestPanel findCertificate: throw exception:" + e.toString());
             throw e;
         } catch (Exception e) {
-            CMS.debug("CertRequestPanel findCertificate: Exception="+e.toString());
+            CMS.debug("CertRequestPanel findCertificate: Exception=" + e.toString());
             return false;
         }
     }
@@ -148,13 +151,13 @@ public class CertRequestPanel extends WizardPanelBase {
         try {
             select = cs.getString("preop.subsystem.select", "");
             list = cs.getString("preop.cert.list", "");
-            tokenname = cs.getString("preop.module.token", "");      
+            tokenname = cs.getString("preop.module.token", "");
         } catch (Exception e) {
         }
 
         ICertificateAuthority ca = (ICertificateAuthority) CMS.getSubsystem(
-          ICertificateAuthority.ID);
-        
+                ICertificateAuthority.ID);
+
         if (ca != null) {
             CMS.debug("CertRequestPanel cleanup: get certificate repository");
             BigInteger beginS = null;
@@ -176,27 +179,26 @@ public class CertRequestPanel extends WizardPanelBase {
                 try {
                     cr.removeCertRecords(beginS, endS);
                 } catch (Exception e) {
-                    CMS.debug("CertRequestPanel cleanUp exception in removing all objects: "+e.toString());
+                    CMS.debug("CertRequestPanel cleanUp exception in removing all objects: " + e.toString());
                 }
-      
+
                 try {
-                    cr.resetSerialNumber(new BigInteger(beginNum,16));
+                    cr.resetSerialNumber(new BigInteger(beginNum, 16));
                 } catch (Exception e) {
-                    CMS.debug("CertRequestPanel cleanUp exception in resetting serial number: "+e.toString());
+                    CMS.debug("CertRequestPanel cleanUp exception in resetting serial number: " + e.toString());
                 }
             }
         }
 
-
         StringTokenizer st = new StringTokenizer(list, ",");
         String nickname = "";
         boolean enable = false;
         while (st.hasMoreTokens()) {
             String t = st.nextToken();
-          
+
             try {
-                enable = cs.getBoolean(PCERT_PREFIX+t+".enable", true);
-                nickname = cs.getString(PCERT_PREFIX +t+".nickname", "");
+                enable = cs.getBoolean(PCERT_PREFIX + t + ".enable", true);
+                nickname = cs.getString(PCERT_PREFIX + t + ".nickname", "");
             } catch (Exception e) {
             }
 
@@ -208,10 +210,10 @@ public class CertRequestPanel extends WizardPanelBase {
 
             if (findCertificate(tokenname, nickname)) {
                 try {
-                    CMS.debug("CertRequestPanel cleanup: deleting certificate ("+nickname+").");
-                        deleteCert(tokenname, nickname);
+                    CMS.debug("CertRequestPanel cleanup: deleting certificate (" + nickname + ").");
+                    deleteCert(tokenname, nickname);
                 } catch (Exception e) {
-                    CMS.debug("CertRequestPanel cleanup: failed to delete certificate (" +nickname+"). Exception: " +e.toString());
+                    CMS.debug("CertRequestPanel cleanup: failed to delete certificate (" + nickname + "). Exception: " + e.toString());
                 }
             }
         }
@@ -235,7 +237,8 @@ public class CertRequestPanel extends WizardPanelBase {
             } else {
                 return true;
             }
-        } catch (EBaseException e) {}
+        } catch (EBaseException e) {
+        }
 
         return false;
     }
@@ -254,19 +257,19 @@ public class CertRequestPanel extends WizardPanelBase {
 
                 CMS.debug(
                         "CertRequestPanel getCert: certTag=" + certTag
-                        + " cert=" + certs);
-                //get and set formated cert
-                if (!certs.startsWith("...")) { 
+                                + " cert=" + certs);
+                // get and set formated cert
+                if (!certs.startsWith("...")) {
                     certf = CryptoUtil.certFormat(certs);
                 }
                 cert.setCert(certf);
 
-                //get and set cert pretty print
+                // get and set cert pretty print
                 byte[] certb = CryptoUtil.base64Decode(certs);
                 CertPrettyPrint pp = new CertPrettyPrint(certb);
                 cert.setCertpp(pp.toString(Locale.getDefault()));
             } else {
-                CMS.debug( "CertRequestPanel::getCert() - cert is null!" );
+                CMS.debug("CertRequestPanel::getCert() - cert is null!");
                 return;
             }
             String userfriendlyname = config.getString(
@@ -285,18 +288,16 @@ public class CertRequestPanel extends WizardPanelBase {
     }
 
     public X509Key getECCX509Key(IConfigStore config, String certTag)
-                     throws Exception
-    {
+                     throws Exception {
         X509Key pubk = null;
         String pubKeyEncoded = config.getString(
                     PCERT_PREFIX + certTag + ".pubkey.encoded");
-        pubk = CryptoUtil.getPublicX509ECCKey(CryptoUtil.string2byte(pubKeyEncoded)); 
+        pubk = CryptoUtil.getPublicX509ECCKey(CryptoUtil.string2byte(pubKeyEncoded));
         return pubk;
     }
 
     public X509Key getRSAX509Key(IConfigStore config, String certTag)
-                     throws Exception
-    {
+                     throws Exception {
         X509Key pubk = null;
 
         String pubKeyModulus = config.getString(
@@ -305,7 +306,7 @@ public class CertRequestPanel extends WizardPanelBase {
                     PCERT_PREFIX + certTag + ".pubkey.exponent");
         pubk = CryptoUtil.getPublicX509Key(
                    CryptoUtil.string2byte(pubKeyModulus),
-                   CryptoUtil.string2byte(pubKeyPublicExponent)); 
+                   CryptoUtil.string2byte(pubKeyPublicExponent));
         return pubk;
     }
 
@@ -323,8 +324,8 @@ public class CertRequestPanel extends WizardPanelBase {
             } else if (pubKeyType.equals("ecc")) {
                 pubk = getECCX509Key(config, certTag);
             } else {
-                CMS.debug( "CertRequestPanel::handleCertRequest() - "
-                         + "pubKeyType " + pubKeyType + " is unsupported!" );
+                CMS.debug("CertRequestPanel::handleCertRequest() - "
+                         + "pubKeyType " + pubKeyType + " is unsupported!");
                 return;
             }
 
@@ -341,7 +342,7 @@ public class CertRequestPanel extends WizardPanelBase {
                     PCERT_PREFIX + certTag + ".privkey.id");
             CMS.debug("CertRequestPanel: privKeyID=" + privKeyID);
             byte[] keyIDb = CryptoUtil.string2byte(privKeyID);
-	      
+
             PrivateKey privk = CryptoUtil.findPrivateKeyFromID(keyIDb);
 
             if (privk != null) {
@@ -349,7 +350,7 @@ public class CertRequestPanel extends WizardPanelBase {
             } else {
                 CMS.debug("CertRequestPanel: error getting private key null");
             }
-	    
+
             // construct cert request
             String caDN = config.getString(PCERT_PREFIX + certTag + ".dn");
 
@@ -361,7 +362,7 @@ public class CertRequestPanel extends WizardPanelBase {
             byte[] certReqb = certReq.toByteArray();
             String certReqs = CryptoUtil.base64Encode(certReqb);
             String certReqf = CryptoUtil.reqFormat(certReqs);
-		
+
             String subsystem = config.getString(
                             PCERT_PREFIX + certTag + ".subsystem");
             config.putString(subsystem + "." + certTag + ".certreq", certReqs);
@@ -410,7 +411,7 @@ public class CertRequestPanel extends WizardPanelBase {
                             PCERT_PREFIX + certTag + ".type");
 
                     c.setType(type);
-                    boolean enable = config.getBoolean(PCERT_PREFIX+certTag+".enable", true);
+                    boolean enable = config.getBoolean(PCERT_PREFIX + certTag + ".enable", true);
                     c.setEnable(enable);
                     getCert(config, context, certTag, c);
 
@@ -458,7 +459,7 @@ public class CertRequestPanel extends WizardPanelBase {
             if (issuerDN.equals(subjectDN))
                 return true;
         } catch (Exception e) {
-            CMS.debug("CertRequestPanel findBootstrapServerCert Exception="+e.toString());
+            CMS.debug("CertRequestPanel findBootstrapServerCert Exception=" + e.toString());
         }
 
         return false;
@@ -472,7 +473,7 @@ public class CertRequestPanel extends WizardPanelBase {
 
             deleteCert("Internal Key Storage Token", nickname);
         } catch (Exception e) {
-            CMS.debug("CertRequestPanel deleteBootstrapServerCert Exception="+e.toString());
+            CMS.debug("CertRequestPanel deleteBootstrapServerCert Exception=" + e.toString());
         }
     }
 
@@ -502,7 +503,7 @@ public class CertRequestPanel extends WizardPanelBase {
 
             String tokenname = "";
             try {
-                tokenname = config.getString("preop.module.token", "");      
+                tokenname = config.getString("preop.module.token", "");
             } catch (Exception e) {
             }
 
@@ -510,11 +511,11 @@ public class CertRequestPanel extends WizardPanelBase {
                 Cert cert = (Cert) c.nextElement();
                 String certTag = cert.getCertTag();
                 String subsystem = cert.getSubsystem();
-                boolean enable = config.getBoolean(PCERT_PREFIX+certTag+".enable", true);
+                boolean enable = config.getBoolean(PCERT_PREFIX + certTag + ".enable", true);
                 if (!enable)
                     continue;
 
-                if (hasErr) 
+                if (hasErr)
                     continue;
 
                 String nickname = cert.getNickname();
@@ -522,7 +523,8 @@ public class CertRequestPanel extends WizardPanelBase {
                 CMS.debug(
                         "CertRequestPanel: update() for cert tag "
                                 + cert.getCertTag());
-                // String b64 = config.getString(CERT_PREFIX+ certTag +".cert", "");
+                // String b64 = config.getString(CERT_PREFIX+ certTag +".cert",
+                // "");
                 String b64 = HttpInput.getCert(request, certTag);
 
                 if (cert.getType().equals("local")
@@ -533,20 +535,20 @@ public class CertRequestPanel extends WizardPanelBase {
                             PCERT_PREFIX + certTag + ".keytype");
                     X509Key x509key = null;
                     if (pubKeyType.equals("rsa")) {
-                      x509key = getRSAX509Key(config, certTag);
+                        x509key = getRSAX509Key(config, certTag);
                     } else if (pubKeyType.equals("ecc")) {
-                      x509key = getECCX509Key(config, certTag);
+                        x509key = getECCX509Key(config, certTag);
                     }
-                        
+
                     if (findCertificate(tokenname, nickname)) {
                         if (!certTag.equals("sslserver"))
-                            continue; 
+                            continue;
                     }
-                    X509CertImpl impl = CertUtil.createLocalCert(config, x509key, 
+                    X509CertImpl impl = CertUtil.createLocalCert(config, x509key,
                             PCERT_PREFIX, certTag, cert.getType(), context);
 
                     if (impl != null) {
-                        byte[] certb = impl.getEncoded(); 
+                        byte[] certb = impl.getEncoded();
                         String certs = CryptoUtil.base64Encode(certb);
 
                         cert.setCert(certs);
@@ -574,13 +576,13 @@ public class CertRequestPanel extends WizardPanelBase {
                                             + certTag + " Exception: "
                                             + ee.toString());
                             CMS.debug("ok");
-//                            hasErr = true;
+                            // hasErr = true;
                         }
                     }
                 } else if (cert.getType().equals("remote")) {
                     if (b64 != null && b64.length() > 0
                             && !b64.startsWith("...")) {
-                        String b64chain = HttpInput.getCertChain(request, certTag+"_cc");
+                        String b64chain = HttpInput.getCertChain(request, certTag + "_cc");
                         CMS.debug(
                                 "CertRequestPanel: in update() process remote...import cert");
 
@@ -590,11 +592,11 @@ public class CertRequestPanel extends WizardPanelBase {
                             try {
                                 if (certTag.equals("sslserver") && findBootstrapServerCert())
                                     deleteBootstrapServerCert();
-                                if (findCertificate(tokenname, nickname)) { 
-                                        deleteCert(tokenname, nickname);
+                                if (findCertificate(tokenname, nickname)) {
+                                    deleteCert(tokenname, nickname);
                                 }
                             } catch (Exception e) {
-                                CMS.debug("CertRequestPanel update (remote): deleteCert Exception="+e.toString());
+                                CMS.debug("CertRequestPanel update (remote): deleteCert Exception=" + e.toString());
                             }
                             input = CryptoUtil.stripCertBrackets(input.trim());
                             String certs = CryptoUtil.normalizeCertStr(input);
@@ -619,21 +621,21 @@ public class CertRequestPanel extends WizardPanelBase {
                                     leaf = certchains[certchains.length - 1];
                                 }
 
-                                if( leaf == null ) {
-                                    CMS.debug( "CertRequestPanel::update() - "
-                                             + "leaf is null!" );
-                                    throw new IOException( "leaf is null" );
+                                if (leaf == null) {
+                                    CMS.debug("CertRequestPanel::update() - "
+                                             + "leaf is null!");
+                                    throw new IOException("leaf is null");
                                 }
 
-                                if (/*(certchains.length <= 1) &&*/
-				    (b64chain != null && b64chain.length() != 0)) {
-                                  CMS.debug("CertRequestPanel: cert might not have contained chain...calling importCertificateChain: " + b64chain);
-                                  try {
-                                    CryptoUtil.importCertificateChain(
-				      CryptoUtil.normalizeCertAndReq(b64chain));
-                                  } catch (Exception e) {
-                                      CMS.debug("CertRequestPanel: importCertChain: Exception: "+e.toString());
-                                  }
+                                if (/* (certchains.length <= 1) && */
+                                (b64chain != null && b64chain.length() != 0)) {
+                                    CMS.debug("CertRequestPanel: cert might not have contained chain...calling importCertificateChain: " + b64chain);
+                                    try {
+                                        CryptoUtil.importCertificateChain(
+                                                CryptoUtil.normalizeCertAndReq(b64chain));
+                                    } catch (Exception e) {
+                                        CMS.debug("CertRequestPanel: importCertChain: Exception: " + e.toString());
+                                    }
                                 }
 
                                 InternalCertificate icert = (InternalCertificate) leaf;
@@ -651,17 +653,17 @@ public class CertRequestPanel extends WizardPanelBase {
                                                 + certTag + " Exception: "
                                                 + ee.toString());
                                 CMS.debug("ok");
-//                                hasErr=true;
+                                // hasErr=true;
                             }
                         } else {
                             CMS.debug("CertRequestPanel: in update() input null");
                             hasErr = true;
                         }
                     } else {
-                       CMS.debug("CertRequestPanel: in update() b64 not set");
-                       hasErr=true;
+                        CMS.debug("CertRequestPanel: in update() b64 not set");
+                        hasErr = true;
                     }
-                    
+
                 } else {
                     b64 = CryptoUtil.stripCertBrackets(b64.trim());
                     String certs = CryptoUtil.normalizeCertStr(b64);
@@ -671,10 +673,10 @@ public class CertRequestPanel extends WizardPanelBase {
                         if (certTag.equals("sslserver") && findBootstrapServerCert())
                             deleteBootstrapServerCert();
                         if (findCertificate(tokenname, nickname)) {
-                                deleteCert(tokenname, nickname);
+                            deleteCert(tokenname, nickname);
                         }
                     } catch (Exception ee) {
-                        CMS.debug("CertRequestPanel update: deleteCert Exception="+ee.toString());
+                        CMS.debug("CertRequestPanel update: deleteCert Exception=" + ee.toString());
                     }
 
                     try {
@@ -683,12 +685,13 @@ public class CertRequestPanel extends WizardPanelBase {
                         else
                             CryptoUtil.importUserCertificate(impl, nickname, false);
                     } catch (Exception ee) {
-                        CMS.debug("CertRequestPanel: Failed to import user certificate."+ee.toString());
-                        hasErr=true;
+                        CMS.debug("CertRequestPanel: Failed to import user certificate." + ee.toString());
+                        hasErr = true;
                     }
                 }
 
-                //update requests in request queue for local certs to allow renewal
+                // update requests in request queue for local certs to allow
+                // renewal
                 if ((cert.getType().equals("local")) || (cert.getType().equals("selfsign"))) {
                     CertUtil.updateLocalRequest(config, certTag, cert.getRequest(), "pkcs10", null);
                 }
@@ -696,16 +699,16 @@ public class CertRequestPanel extends WizardPanelBase {
                 if (certTag.equals("signing") && subsystem.equals("ca")) {
                     String NickName = nickname;
                     if (!tokenname.equals("internal") && !tokenname.equals("Internal Key Storage Token"))
-                        NickName = tokenname+ ":"+ nickname;
+                        NickName = tokenname + ":" + nickname;
 
-                    CMS.debug("CertRequestPanel update: set trust on CA signing cert "+NickName);
+                    CMS.debug("CertRequestPanel update: set trust on CA signing cert " + NickName);
                     CryptoUtil.trustCertByNickname(NickName);
                     CMS.reinit(ICertificateAuthority.ID);
-                } 
-            } //while loop
+                }
+            } // while loop
 
             if (hasErr == false) {
-              config.putBoolean("preop.CertRequestPanel.done", true);
+                config.putBoolean("preop.CertRequestPanel.done", true);
             }
             config.commit(false);
         } catch (Exception e) {
@@ -713,7 +716,7 @@ public class CertRequestPanel extends WizardPanelBase {
             System.err.println("Exception caught: " + e.toString());
         }
 
-        //reset the attribute of the user certificate to u,u,u
+        // reset the attribute of the user certificate to u,u,u
         String certlist = "";
         try {
             certlist = config.getString("preop.cert.list", "");
@@ -723,13 +726,13 @@ public class CertRequestPanel extends WizardPanelBase {
                 String tag = tokenizer.nextToken();
                 if (tag.equals("signing"))
                     continue;
-                String nickname = config.getString("preop.cert."+tag+".nickname", "");
+                String nickname = config.getString("preop.cert." + tag + ".nickname", "");
                 String tokenname = config.getString("preop.module.token", "");
                 if (!tokenname.equals("Internal Key Storage Token"))
-                    nickname = tokenname+":"+nickname;
+                    nickname = tokenname + ":" + nickname;
                 X509Certificate c = cm.findCertByNickname(nickname);
                 if (c instanceof InternalCertificate) {
-                    InternalCertificate ic = (InternalCertificate)c;
+                    InternalCertificate ic = (InternalCertificate) c;
                     ic.setSSLTrust(InternalCertificate.USER);
                     ic.setEmailTrust(InternalCertificate.USER);
                     if (tag.equals("audit_signing")) {
@@ -738,10 +741,10 @@ public class CertRequestPanel extends WizardPanelBase {
                         ic.setObjectSigningTrust(InternalCertificate.USER);
                     }
                 }
-            }  
+            }
         } catch (Exception e) {
         }
-        if (!hasErr) { 
+        if (!hasErr) {
             context.put("updateStatus", "success");
         } else {
             context.put("updateStatus", "failure");
diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/CertUtil.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/CertUtil.java
index 3725149d..dc81d3e4 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/CertUtil.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/CertUtil.java
@@ -64,13 +64,12 @@ import com.netscape.cmsutil.http.HttpResponse;
 import com.netscape.cmsutil.http.JssSSLSocketFactory;
 import com.netscape.cmsutil.xml.XMLObject;
 
-
 public class CertUtil {
     static final int LINE_COUNT = 76;
 
-    public static X509CertImpl createRemoteCert(String hostname, 
-      int port, String content, HttpServletResponse response, WizardPanelBase panel)
-      throws IOException {
+    public static X509CertImpl createRemoteCert(String hostname,
+            int port, String content, HttpServletResponse response, WizardPanelBase panel)
+            throws IOException {
         HttpClient httpclient = new HttpClient();
         String c = null;
         CMS.debug("CertUtil createRemoteCert: content " + content);
@@ -104,15 +103,15 @@ public class CertUtil {
                 try {
                     parser = new XMLObject(bis);
                 } catch (Exception e) {
-                    CMS.debug( "CertUtil::createRemoteCert() - "
-                             + "Exception="+e.toString() );
-                    throw new IOException( e.toString() );
+                    CMS.debug("CertUtil::createRemoteCert() - "
+                             + "Exception=" + e.toString());
+                    throw new IOException(e.toString());
                 }
                 String status = parser.getValue("Status");
 
                 CMS.debug("CertUtil createRemoteCert: status=" + status);
                 if (status.equals("2")) {
-                    //relogin to the security domain
+                    // relogin to the security domain
                     panel.reloginSecurityDomain(response);
                     return null;
                 } else if (!status.equals("0")) {
@@ -136,7 +135,7 @@ public class CertUtil {
         return null;
     }
 
-    public static String getPKCS10(IConfigStore config, String prefix, 
+    public static String getPKCS10(IConfigStore config, String prefix,
             Cert certObj, Context context) throws IOException {
         String certTag = certObj.getCertTag();
 
@@ -147,29 +146,29 @@ public class CertUtil {
             String algorithm = config.getString(
                         prefix + certTag + ".keyalgorithm");
             if (pubKeyType.equals("rsa")) {
-              String pubKeyModulus = config.getString(
-                    prefix + certTag + ".pubkey.modulus");
-              String pubKeyPublicExponent = config.getString(
-                    prefix + certTag + ".pubkey.exponent");
-              pubk = CryptoUtil.getPublicX509Key(
-                    CryptoUtil.string2byte(pubKeyModulus),
-                    CryptoUtil.string2byte(pubKeyPublicExponent));
+                String pubKeyModulus = config.getString(
+                        prefix + certTag + ".pubkey.modulus");
+                String pubKeyPublicExponent = config.getString(
+                        prefix + certTag + ".pubkey.exponent");
+                pubk = CryptoUtil.getPublicX509Key(
+                        CryptoUtil.string2byte(pubKeyModulus),
+                        CryptoUtil.string2byte(pubKeyPublicExponent));
             } else if (pubKeyType.equals("ecc")) {
-                  String pubKeyEncoded = config.getString(
+                String pubKeyEncoded = config.getString(
                         prefix + certTag + ".pubkey.encoded");
-               pubk = CryptoUtil.getPublicX509ECCKey(
-                     CryptoUtil.string2byte(pubKeyEncoded));
+                pubk = CryptoUtil.getPublicX509ECCKey(
+                        CryptoUtil.string2byte(pubKeyEncoded));
             } else {
-               CMS.debug( "CertRequestPanel::getPKCS10() - "
-                        + "public key type is unsupported!" );
-                throw new IOException( "public key type is unsupported" );
+                CMS.debug("CertRequestPanel::getPKCS10() - "
+                        + "public key type is unsupported!");
+                throw new IOException("public key type is unsupported");
             }
 
             if (pubk != null) {
                 CMS.debug("CertRequestPanel: got public key");
             } else {
                 CMS.debug("CertRequestPanel: error getting public key null");
-                throw new IOException( "public key is null" );
+                throw new IOException("public key is null");
             }
             // get private key
             String privKeyID = config.getString(prefix + certTag + ".privkey.id");
@@ -201,15 +200,14 @@ public class CertUtil {
         }
     }
 
-
-/*
- * create requests so renewal can work on these initial certs
- */
+    /*
+     * create requests so renewal can work on these initial certs
+     */
     public static IRequest createLocalRequest(IRequestQueue queue, String serialNum, X509CertInfo info) throws EBaseException {
-//        RequestId rid = new RequestId(serialNum);
+        // RequestId rid = new RequestId(serialNum);
         // just need a request, no need to get into a queue
-//        IRequest r = new EnrollmentRequest(rid);
-        CMS.debug("CertUtil: createLocalRequest for serial: "+ serialNum);
+        // IRequest r = new EnrollmentRequest(rid);
+        CMS.debug("CertUtil: createLocalRequest for serial: " + serialNum);
         IRequest req = queue.newRequest("enrollment");
         CMS.debug("certUtil: newRequest called");
         req.setExtData("profile", "true");
@@ -224,7 +222,7 @@ public class CertUtil {
         req.setExtData("requestor_phone", "");
         req.setExtData("profileRemoteHost", "");
         req.setExtData("profileRemoteAddr", "");
-        req.setExtData("requestnotes","");
+        req.setExtData("requestnotes", "");
         req.setExtData("isencryptioncert", "false");
         req.setExtData("profileapprovedby", "system");
 
@@ -235,13 +233,12 @@ public class CertUtil {
         return req;
     }
 
-/**
- * update local cert request with the actual request
- * called from CertRequestPanel.java
- */
-    public static void updateLocalRequest(IConfigStore config, String certTag, String certReq, String reqType, String subjectName)
-    {
-        try { 
+    /**
+     * update local cert request with the actual request called from
+     * CertRequestPanel.java
+     */
+    public static void updateLocalRequest(IConfigStore config, String certTag, String certReq, String reqType, String subjectName) {
+        try {
             CMS.debug("Updating local request... certTag=" + certTag);
             RequestId rid = new RequestId(config.getString("preop.cert." + certTag + ".reqId"));
 
@@ -262,54 +259,56 @@ public class CertUtil {
                 }
                 queue.updateRequest(req);
             } else {
-		CMS.debug("CertUtil:updateLocalRequest - request queue = null");
+                CMS.debug("CertUtil:updateLocalRequest - request queue = null");
             }
         } catch (Exception e) {
             CMS.debug("CertUtil:updateLocalRequest - Exception:" + e.toString());
         }
     }
 
-/**
- * reads from the admin cert profile caAdminCert.profile and takes the first 
- * entry in the list of allowed algorithms.  Users that wish a different algorithm 
- * can specify it in the profile using default.params.signingAlg
- */
+    /**
+     * reads from the admin cert profile caAdminCert.profile and takes the first
+     * entry in the list of allowed algorithms. Users that wish a different
+     * algorithm can specify it in the profile using default.params.signingAlg
+     */
 
     public static String getAdminProfileAlgorithm(IConfigStore config) {
         String algorithm = "SHA256withRSA";
         try {
-            String caSigningKeyType = config.getString("preop.cert.signing.keytype","rsa");
+            String caSigningKeyType = config.getString("preop.cert.signing.keytype", "rsa");
             String pfile = config.getString("profile.caAdminCert.config");
             FileInputStream fis = new FileInputStream(pfile);
             DataInputStream in = new DataInputStream(fis);
             BufferedReader br = new BufferedReader(new InputStreamReader(in));
 
-           String strLine;
-           while ((strLine = br.readLine()) != null) {
-               String marker2 = "default.params.signingAlg=";
-               int indx = strLine.indexOf(marker2);
-               if (indx != -1) {
-                   String alg = strLine.substring(indx + marker2.length());
-                   if ((alg.length() > 0) && (!alg.equals("-"))) {
-                       algorithm = alg;
-                       break;
-                   };
-               };
-
-               String marker = "signingAlgsAllowed=";
-               indx = strLine.indexOf(marker);
-               if (indx != -1) {
-                   String[] algs = strLine.substring(indx + marker.length()).split(",");
-                   for (int i=0; i<algs.length; i++) {
-                       if ((caSigningKeyType.equals("rsa") && (algs[i].indexOf("RSA") != -1)) ||
-                           (caSigningKeyType.equals("ecc") && (algs[i].indexOf("EC" ) != -1)) ) {
-                           algorithm = algs[i];
-                           break;
-                       }
-                   }
-               }
-           }
-           in.close();
+            String strLine;
+            while ((strLine = br.readLine()) != null) {
+                String marker2 = "default.params.signingAlg=";
+                int indx = strLine.indexOf(marker2);
+                if (indx != -1) {
+                    String alg = strLine.substring(indx + marker2.length());
+                    if ((alg.length() > 0) && (!alg.equals("-"))) {
+                        algorithm = alg;
+                        break;
+                    }
+                    ;
+                }
+                ;
+
+                String marker = "signingAlgsAllowed=";
+                indx = strLine.indexOf(marker);
+                if (indx != -1) {
+                    String[] algs = strLine.substring(indx + marker.length()).split(",");
+                    for (int i = 0; i < algs.length; i++) {
+                        if ((caSigningKeyType.equals("rsa") && (algs[i].indexOf("RSA") != -1)) ||
+                                (caSigningKeyType.equals("ecc") && (algs[i].indexOf("EC") != -1))) {
+                            algorithm = algs[i];
+                            break;
+                        }
+                    }
+                }
+            }
+            in.close();
         } catch (Exception e) {
             CMS.debug("getAdminProfleAlgorithm: exception: " + e);
         }
@@ -324,14 +323,15 @@ public class CertUtil {
 
         try {
             profile = config.getString(prefix + certTag + ".profile");
-        } catch (Exception e) {}
+        } catch (Exception e) {
+        }
 
         X509CertImpl cert = null;
         ICertificateAuthority ca = null;
         ICertificateRepository cr = null;
         RequestId reqId = null;
         String profileId = null;
-        IRequestQueue queue = null; 
+        IRequestQueue queue = null;
         IRequest req = null;
 
         try {
@@ -355,7 +355,7 @@ public class CertUtil {
                 CMS.debug("Creating local certificate... dn=" + dn);
                 info = CryptoUtil.createX509CertInfo(x509key, serialNo.intValue(), dn, dn, date,
                         date, keyAlgorithm);
-            } else { 
+            } else {
                 String issuerdn = config.getString("preop.cert.signing.dn", "");
                 CMS.debug("Creating local certificate... issuerdn=" + issuerdn);
                 CMS.debug("Creating local certificate... dn=" + dn);
@@ -375,7 +375,7 @@ public class CertUtil {
                 queue = ca.getRequestQueue();
                 if (queue != null) {
                     req = createLocalRequest(queue, serialNo.toString(), info);
-                    CMS.debug("CertUtil profile name= "+profile);
+                    CMS.debug("CertUtil profile name= " + profile);
                     req.setExtData("req_key", x509key.toString());
 
                     // store original profile id in cert request
@@ -387,7 +387,7 @@ public class CertUtil {
                         String name = profile.substring(0, idx);
                         req.setExtData("origprofileid", name);
                     }
-                    
+
                     // store mapped profile ID for use in renewal
                     profileId = processor.getProfileIDMapping();
                     req.setExtData("profileid", profileId);
@@ -399,7 +399,7 @@ public class CertUtil {
                     CMS.debug("certUtil: requestQueue null");
                 }
             } catch (Exception e) {
-                CMS.debug("Creating local request exception:"+e.toString());
+                CMS.debug("Creating local request exception:" + e.toString());
             }
 
             processor.populate(info);
@@ -410,36 +410,36 @@ public class CertUtil {
             PrivateKey caPrik = CryptoUtil.findPrivateKeyFromID(
                     keyIDb);
 
-            if( caPrik == null ) {
-                CMS.debug( "CertUtil::createSelfSignedCert() - "
-                         + "CA private key is null!" );
-                throw new IOException( "CA private key is null" );
+            if (caPrik == null) {
+                CMS.debug("CertUtil::createSelfSignedCert() - "
+                         + "CA private key is null!");
+                throw new IOException("CA private key is null");
             } else {
                 CMS.debug("CertUtil createSelfSignedCert: got CA private key");
             }
 
             String keyAlgo = x509key.getAlgorithm();
             CMS.debug("key algorithm is " + keyAlgo);
-            String caSigningKeyType = 
-                 config.getString("preop.cert.signing.keytype","rsa");
-            String caSigningKeyAlgo = ""; 
-            if (type.equals("selfsign")) { 
-                 caSigningKeyAlgo = config.getString("preop.cert.signing.keyalgorithm","SHA256withRSA");
+            String caSigningKeyType =
+                    config.getString("preop.cert.signing.keytype", "rsa");
+            String caSigningKeyAlgo = "";
+            if (type.equals("selfsign")) {
+                caSigningKeyAlgo = config.getString("preop.cert.signing.keyalgorithm", "SHA256withRSA");
             } else {
-                 caSigningKeyAlgo = config.getString("preop.cert.signing.signingalgorithm","SHA256withRSA");
+                caSigningKeyAlgo = config.getString("preop.cert.signing.signingalgorithm", "SHA256withRSA");
             }
 
             CMS.debug("CA Signing Key type " + caSigningKeyType);
             CMS.debug("CA Signing Key algorithm " + caSigningKeyAlgo);
 
             if (caSigningKeyType.equals("ecc")) {
-              CMS.debug("CA signing cert is ECC");
-              cert = CryptoUtil.signECCCert(caPrik, info,
-                      caSigningKeyAlgo);
+                CMS.debug("CA signing cert is ECC");
+                cert = CryptoUtil.signECCCert(caPrik, info,
+                        caSigningKeyAlgo);
             } else {
-              CMS.debug("CA signing cert is not ecc");
-              cert = CryptoUtil.signCert(caPrik, info,
-                      caSigningKeyAlgo);
+                CMS.debug("CA signing cert is not ecc");
+                cert = CryptoUtil.signCert(caPrik, info,
+                        caSigningKeyAlgo);
             }
 
             if (cert != null) {
@@ -462,13 +462,13 @@ public class CertUtil {
             if (reqId != null) {
                 meta.set(ICertRecord.META_REQUEST_ID, reqId.toString());
             }
-        
+
             meta.set(ICertRecord.META_PROFILE_ID, profileId);
             record = (ICertRecord) cr.createCertRecord(
-                cert.getSerialNumber(), cert, meta);
+                    cert.getSerialNumber(), cert, meta);
         } catch (Exception e) {
             CMS.debug(
-                "NamePanel configCert: failed to add metainfo. Exception: " + e.toString());
+                    "NamePanel configCert: failed to add metainfo. Exception: " + e.toString());
         }
 
         try {
@@ -488,10 +488,10 @@ public class CertUtil {
         }
 
         if (req != null) {
-            // update request with cert 
+            // update request with cert
             req.setExtData(IEnrollProfile.REQUEST_ISSUED_CERT, cert);
 
-            // store request in db 
+            // store request in db
             try {
                 CMS.debug("certUtil: before updateRequest");
                 if (queue != null) {
@@ -507,21 +507,21 @@ public class CertUtil {
 
     public static void addUserCertificate(X509CertImpl cert) {
         IConfigStore cs = CMS.getConfigStore();
-        int num=0;
+        int num = 0;
         try {
             num = cs.getInteger("preop.subsystem.count", 0);
         } catch (Exception e) {
         }
         IUGSubsystem system = (IUGSubsystem) (CMS.getSubsystem(IUGSubsystem.ID));
-        String id = "user"+num;
+        String id = "user" + num;
 
-        try { 
-          String sysType = cs.getString("cs.type", "");
-          String machineName = cs.getString("machineName", "");
-          String securePort = cs.getString("service.securePort", "");
-          id = sysType + "-" + machineName + "-" + securePort;
+        try {
+            String sysType = cs.getString("cs.type", "");
+            String machineName = cs.getString("machineName", "");
+            String securePort = cs.getString("service.securePort", "");
+            id = sysType + "-" + machineName + "-" + securePort;
         } catch (Exception e1) {
-          // ignore
+            // ignore
         }
 
         num++;
@@ -566,7 +566,7 @@ public class CertUtil {
             system.addUserCert(user);
             CMS.debug("CertUtil addUserCertificate: successfully add the user certificate");
         } catch (Exception e) {
-            CMS.debug("CertUtil addUserCertificate exception="+e.toString());
+            CMS.debug("CertUtil addUserCertificate exception=" + e.toString());
         }
 
         IGroup group = null;
@@ -603,17 +603,17 @@ public class CertUtil {
         }
         if (content.length() > 0)
             result.append(content);
-            result.append("\n");
+        result.append("\n");
 
         return result.toString();
     }
 
     public static boolean privateKeyExistsOnToken(String certTag,
-      String tokenname, String nickname) {
+            String tokenname, String nickname) {
         IConfigStore cs = CMS.getConfigStore();
         String givenid = "";
         try {
-            givenid = cs.getString("preop.cert."+certTag+".privkey.id");
+            givenid = cs.getString("preop.cert." + certTag + ".privkey.id");
         } catch (Exception e) {
             CMS.debug("CertUtil privateKeyExistsOnToken: we did not generate private key yet.");
             return false;
@@ -624,7 +624,7 @@ public class CertUtil {
         boolean hardware = false;
         if (!tokenname.equals("internal") && !tokenname.equals("Internal Key Storage Token")) {
             hardware = true;
-            fullnickname = tokenname+":"+nickname;
+            fullnickname = tokenname + ":" + nickname;
         }
 
         X509Certificate cert = null;
@@ -633,7 +633,7 @@ public class CertUtil {
             cm = CryptoManager.getInstance();
             cert = cm.findCertByNickname(fullnickname);
         } catch (Exception e) {
-            CMS.debug("CertUtil privateKeyExistsOnToken: nickname="+fullnickname+" Exception:"+e.toString());
+            CMS.debug("CertUtil privateKeyExistsOnToken: nickname=" + fullnickname + " Exception:" + e.toString());
             return false;
         }
 
@@ -641,19 +641,19 @@ public class CertUtil {
         try {
             privKey = cm.findPrivKeyByCert(cert);
         } catch (Exception e) {
-            CMS.debug("CertUtil privateKeyExistsOnToken: cant find private key ("+fullnickname+") exception: "+e.toString());
+            CMS.debug("CertUtil privateKeyExistsOnToken: cant find private key (" + fullnickname + ") exception: " + e.toString());
             return false;
         }
 
         if (privKey == null) {
-            CMS.debug("CertUtil privateKeyExistsOnToken: cant find private key ("+fullnickname+")");
+            CMS.debug("CertUtil privateKeyExistsOnToken: cant find private key (" + fullnickname + ")");
             return false;
         } else {
             String str = "";
             try {
                 str = CryptoUtil.byte2string(privKey.getUniqueID());
             } catch (Exception e) {
-            CMS.debug("CertUtil privateKeyExistsOnToken: encode string Exception: "+e.toString());
+                CMS.debug("CertUtil privateKeyExistsOnToken: encode string Exception: " + e.toString());
             }
 
             if (str.equals(givenid)) {
diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/CheckIdentity.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/CheckIdentity.java
index b3c10b6e..a28ae76b 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/CheckIdentity.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/CheckIdentity.java
@@ -36,7 +36,6 @@ import com.netscape.cms.servlet.base.UserInfo;
 import com.netscape.cms.servlet.common.CMSRequest;
 import com.netscape.cmsutil.xml.XMLObject;
 
-
 public class CheckIdentity extends CMSServlet {
 
     /**
@@ -52,6 +51,7 @@ public class CheckIdentity extends CMSServlet {
 
     /**
      * initialize the servlet.
+     * 
      * @param sc servlet configuration, read from the web.xml file
      */
     public void init(ServletConfig sc) throws ServletException {
@@ -61,7 +61,8 @@ public class CheckIdentity extends CMSServlet {
     }
 
     /**
-     * Process the HTTP request. 
+     * Process the HTTP request.
+     * 
      * @param cmsReq the object holding the request and response information
      */
     protected void process(CMSRequest cmsReq) throws EBaseException {
@@ -74,12 +75,12 @@ public class CheckIdentity extends CMSServlet {
             authToken = authenticate(cmsReq);
         } catch (Exception e) {
             CMS.debug("CheckIdentity authentication failed");
-            log(ILogger.LL_FAILURE, 
+            log(ILogger.LL_FAILURE,
                     CMS.getLogMessage("CMSGW_ERR_BAD_SERV_OUT_STREAM", "",
-                    e.toString()));
+                            e.toString()));
             outputError(httpResp, "Error: Not authenticated");
             return;
-        } 
+        }
 
         try {
             XMLObject xmlObj = null;
diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigBaseServlet.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigBaseServlet.java
index f2587300..b538dbb5 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigBaseServlet.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigBaseServlet.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.servlet.csadmin;
 
-
 import java.util.Enumeration;
 
 import javax.servlet.http.HttpServletRequest;
@@ -28,7 +27,6 @@ import org.apache.velocity.context.Context;
 
 import com.netscape.certsrv.apps.CMS;
 
-
 public abstract class ConfigBaseServlet extends BaseServlet {
     /**
      *
@@ -50,7 +48,7 @@ public abstract class ConfigBaseServlet extends BaseServlet {
     public abstract void display(HttpServletRequest request,
             HttpServletResponse response, Context context);
 
-    public abstract void update(HttpServletRequest request, 
+    public abstract void update(HttpServletRequest request,
             HttpServletResponse response, Context context);
 
     public abstract Template getTemplate(HttpServletRequest request,
@@ -64,29 +62,29 @@ public abstract class ConfigBaseServlet extends BaseServlet {
         while (paramNames.hasMoreElements()) {
             String pn = (String) paramNames.nextElement();
             // added this facility so that password can be hidden,
-            // all sensitive parameters should be prefixed with 
+            // all sensitive parameters should be prefixed with
             // __ (double underscores); however, in the event that
             // a security parameter slips through, we perform multiple
             // additional checks to insure that it is NOT displayed
-            if( pn.startsWith("__")                         ||
-                pn.endsWith("password")                     ||
-                pn.endsWith("passwd")                       ||
-                pn.endsWith("pwd")                          ||
-                pn.equalsIgnoreCase("admin_password_again") ||
-                pn.equalsIgnoreCase("directoryManagerPwd")  ||
-                pn.equalsIgnoreCase("bindpassword")         ||
-                pn.equalsIgnoreCase("bindpwd")              ||
-                pn.equalsIgnoreCase("passwd")               ||
-                pn.equalsIgnoreCase("password")             ||
-                pn.equalsIgnoreCase("pin")                  ||
-                pn.equalsIgnoreCase("pwd")                  ||
-                pn.equalsIgnoreCase("pwdagain")             ||
-                pn.equalsIgnoreCase("uPasswd") ) {
-               CMS.debug("ConfigBaseServlet::service() param name='" + pn +
-                         "' value='(sensitive)'" );
+            if (pn.startsWith("__") ||
+                    pn.endsWith("password") ||
+                    pn.endsWith("passwd") ||
+                    pn.endsWith("pwd") ||
+                    pn.equalsIgnoreCase("admin_password_again") ||
+                    pn.equalsIgnoreCase("directoryManagerPwd") ||
+                    pn.equalsIgnoreCase("bindpassword") ||
+                    pn.equalsIgnoreCase("bindpwd") ||
+                    pn.equalsIgnoreCase("passwd") ||
+                    pn.equalsIgnoreCase("password") ||
+                    pn.equalsIgnoreCase("pin") ||
+                    pn.equalsIgnoreCase("pwd") ||
+                    pn.equalsIgnoreCase("pwdagain") ||
+                    pn.equalsIgnoreCase("uPasswd")) {
+                CMS.debug("ConfigBaseServlet::service() param name='" + pn +
+                         "' value='(sensitive)'");
             } else {
-               CMS.debug("ConfigBaseServlet::service() param name='" + pn +
-                         "' value='" + httpReq.getParameter(pn) + "'" );
+                CMS.debug("ConfigBaseServlet::service() param name='" + pn +
+                         "' value='" + httpReq.getParameter(pn) + "'");
             }
         }
     }
@@ -97,7 +95,7 @@ public abstract class ConfigBaseServlet extends BaseServlet {
     public Template process(HttpServletRequest request,
             HttpServletResponse response,
             Context context) {
-                                                                                
+
         if (CMS.debugOn()) {
             outputHttpParameters(request);
         }
@@ -107,16 +105,16 @@ public abstract class ConfigBaseServlet extends BaseServlet {
         } else {
             update(request, response, context);
         }
-                                                                                
+
         Template template = null;
-                                                                                
+
         try {
             context.put("name", "Velocity Test");
             template = getTemplate(request, response, context);
         } catch (Exception e) {
             System.err.println("Exception caught: " + e.getMessage());
         }
-                                                                                
+
         return template;
     }
 }
diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigCertApprovalCallback.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigCertApprovalCallback.java
index d95c85d1..956c285b 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigCertApprovalCallback.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigCertApprovalCallback.java
@@ -20,16 +20,14 @@ package com.netscape.cms.servlet.csadmin;
 import org.mozilla.jss.crypto.X509Certificate;
 import org.mozilla.jss.ssl.SSLCertificateApprovalCallback;
 
-
-public class ConfigCertApprovalCallback 
-  implements SSLCertificateApprovalCallback {
+public class ConfigCertApprovalCallback
+        implements SSLCertificateApprovalCallback {
 
     public ConfigCertApprovalCallback() {
     }
 
     public boolean approve(X509Certificate cert,
-      SSLCertificateApprovalCallback.ValidityStatus status) {
-      return true;
+            SSLCertificateApprovalCallback.ValidityStatus status) {
+        return true;
     }
 }
-
diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigCertReqServlet.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigCertReqServlet.java
index 37493b6b..b04de414 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigCertReqServlet.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigCertReqServlet.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.servlet.csadmin;
 
-
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
@@ -25,7 +24,6 @@ import org.apache.velocity.Template;
 import org.apache.velocity.app.Velocity;
 import org.apache.velocity.context.Context;
 
-
 public class ConfigCertReqServlet extends BaseServlet {
 
     /**
diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigCloneServlet.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigCloneServlet.java
index e7d88a35..ed1d9cc0 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigCloneServlet.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigCloneServlet.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.servlet.csadmin;
 
-
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
@@ -25,7 +24,6 @@ import org.apache.velocity.Template;
 import org.apache.velocity.app.Velocity;
 import org.apache.velocity.context.Context;
 
-
 public class ConfigCloneServlet extends BaseServlet {
 
     /**
diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigDatabaseServlet.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigDatabaseServlet.java
index 08ebf08e..2b4a82a0 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigDatabaseServlet.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigDatabaseServlet.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.servlet.csadmin;
 
-
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
@@ -28,7 +27,6 @@ import org.apache.velocity.context.Context;
 import com.netscape.certsrv.apps.CMS;
 import com.netscape.certsrv.base.IConfigStore;
 
-
 public class ConfigDatabaseServlet extends ConfigBaseServlet {
 
     /**
@@ -47,7 +45,8 @@ public class ConfigDatabaseServlet extends ConfigBaseServlet {
 
         try {
             modified = cs.getString("preop.configDatabase.modified", "");
-        } catch (Exception e) {}
+        } catch (Exception e) {
+        }
 
         if (modified.equals("true")) {
             return true;
@@ -75,7 +74,8 @@ public class ConfigDatabaseServlet extends ConfigBaseServlet {
                 basedn = cs.getString("internaldb.basedn", "");
                 binddn = cs.getString("internaldb.ldapauth.bindDN", "");
                 database = cs.getString("internaldb.database", "");
-            } catch (Exception e) {}
+            } catch (Exception e) {
+            }
         } else {
             hostname = HOST;
             portStr = PORT;
@@ -113,7 +113,7 @@ public class ConfigDatabaseServlet extends ConfigBaseServlet {
             int port = -1;
 
             try {
-                port = Integer.parseInt(portStr); 
+                port = Integer.parseInt(portStr);
                 cs.putInteger("internaldb.ldapconn.port", port);
             } catch (Exception e) {
                 errorString = "Port is invalid";
@@ -159,7 +159,7 @@ public class ConfigDatabaseServlet extends ConfigBaseServlet {
                 CMS.debug("ConfigDatabaseServlet update: " + e.toString());
                 return;
             }
-            psStore.putString("internaldb", bindpwd); 
+            psStore.putString("internaldb", bindpwd);
         } else {
             errorString = "Bind password is empty string";
         }
@@ -189,7 +189,8 @@ public class ConfigDatabaseServlet extends ConfigBaseServlet {
             Context context) {
         try {
             return Velocity.getTemplate("admin/console/config/config_db.vm");
-        } catch (Exception e) {}
+        } catch (Exception e) {
+        }
         return null;
     }
 }
diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigHSMLoginPanel.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigHSMLoginPanel.java
index d04fbf2f..fa9dbb05 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigHSMLoginPanel.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigHSMLoginPanel.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.servlet.csadmin;
 
-
 import java.io.FileNotFoundException;
 import java.io.IOException;
 
@@ -46,7 +45,8 @@ public class ConfigHSMLoginPanel extends WizardPanelBase {
     private CryptoManager mCryptoManager = null;
     private String mPwdFilePath = "";
 
-    public ConfigHSMLoginPanel() {}
+    public ConfigHSMLoginPanel() {
+    }
 
     public void init(ServletConfig config, int panelno) throws ServletException {
         try {
@@ -132,7 +132,7 @@ public class ConfigHSMLoginPanel extends WizardPanelBase {
             CMS.debug("ConfigHSMLoginPanel: passwrd file path: " + e.toString());
         }
         CMS.debug("ConfigHSMLoginPanel: checking if passwd in cache");
-        String tokPwd = pr.getPassword("hardware-"+tokName);
+        String tokPwd = pr.getPassword("hardware-" + tokName);
 
         boolean loggedIn = false;
 
@@ -157,48 +157,52 @@ public class ConfigHSMLoginPanel extends WizardPanelBase {
         password = new Password(tokPwd.toCharArray());
 
         try {
-		    if (token.passwordIsInitialized()) {
-		        CMS.debug(
-		                "ConfigHSMLoginPanel: loginToken():token password is initialized");
-		        if (!token.isLoggedIn()) {
-		            CMS.debug(
-		                    "ConfigHSMLoginPanel: loginToken():Token is not logged in, try it");
-		            token.login(password);
-		            context.put("status", "justLoggedIn");
-		        } else {
-		            CMS.debug(
-		                    "ConfigHSMLoginPanel:Token has already logged on");
-		            context.put("status", "alreadyLoggedIn");
-		        }
-		    } else {
-		        CMS.debug(
-		                "ConfigHSMLoginPanel: loginToken():Token password not initialized");
-		        context.put("status", "tokenPasswordNotInitialized");
-		        rv = false;
-		    }
-
-		} catch (IncorrectPasswordException e) {
-		    context.put("status", "incorrectPassword");
-		    context.put("errorString", e.toString());
-		    CMS.debug("ConfigHSMLoginPanel: loginToken():" + e.toString());
-		    rv = false;
-		} catch (Exception e) {
-		    CMS.debug("ConfigHSMLoginPanel: loginToken():" + e.toString());
-		    context.put("errorString", e.toString());
-		    rv = false;
-		}
+            if (token.passwordIsInitialized()) {
+                CMS.debug(
+                        "ConfigHSMLoginPanel: loginToken():token password is initialized");
+                if (!token.isLoggedIn()) {
+                    CMS.debug(
+                            "ConfigHSMLoginPanel: loginToken():Token is not logged in, try it");
+                    token.login(password);
+                    context.put("status", "justLoggedIn");
+                } else {
+                    CMS.debug(
+                            "ConfigHSMLoginPanel:Token has already logged on");
+                    context.put("status", "alreadyLoggedIn");
+                }
+            } else {
+                CMS.debug(
+                        "ConfigHSMLoginPanel: loginToken():Token password not initialized");
+                context.put("status", "tokenPasswordNotInitialized");
+                rv = false;
+            }
+
+        } catch (IncorrectPasswordException e) {
+            context.put("status", "incorrectPassword");
+            context.put("errorString", e.toString());
+            CMS.debug("ConfigHSMLoginPanel: loginToken():" + e.toString());
+            rv = false;
+        } catch (Exception e) {
+            CMS.debug("ConfigHSMLoginPanel: loginToken():" + e.toString());
+            context.put("errorString", e.toString());
+            rv = false;
+        }
         return rv;
     }
 
     // XXX how do you do this?
     public PropertySet getUsage() {
         PropertySet set = new PropertySet();
-                                                                                
-        Descriptor choiceDesc = new Descriptor(IDescriptor.CHOICE, "", "", null); /* no default parameters */
+
+        Descriptor choiceDesc = new Descriptor(IDescriptor.CHOICE, "", "", null); /*
+                                                                                   * no
+                                                                                   * default
+                                                                                   * parameters
+                                                                                   */
 
         set.add(
                 "choice", choiceDesc);
-                                                                                
+
         return set;
     }
 
@@ -220,10 +224,10 @@ public class ConfigHSMLoginPanel extends WizardPanelBase {
             select = cs.getString("preop.subsystem.select", "");
         } catch (Exception e) {
         }
-     
-//        if (select.equals("clone"))
- //           return;
-      
+
+        // if (select.equals("clone"))
+        // return;
+
         CMS.debug("ConfigHSMLoginPanel: in update()");
 
         String uTokName = null;
@@ -233,7 +237,7 @@ public class ConfigHSMLoginPanel extends WizardPanelBase {
             uPasswd = HttpInput.getPassword(request, "__uPasswd");
         } catch (Exception e) {
         }
-     
+
         if (uPasswd == null) {
             CMS.debug("ConfigHSMLoginPanel: password not found");
             context.put("error", "no password");
@@ -270,13 +274,13 @@ public class ConfigHSMLoginPanel extends WizardPanelBase {
                 PlainPasswordWriter pw = new PlainPasswordWriter();
 
                 pw.init(mPwdFilePath);
-                pw.putPassword("hardware-"+uTokName, uPasswd);
+                pw.putPassword("hardware-" + uTokName, uPasswd);
                 pw.commit();
 
             } catch (FileNotFoundException e) {
                 CMS.debug(
                         "ConfigHSMLoginPanel: update(): Exception caught: "
-                                + e.toString() + " writing to "+ mPwdFilePath);
+                                + e.toString() + " writing to " + mPwdFilePath);
                 CMS.debug(
                         "ConfigHSMLoginPanel: update(): password not written to cache");
                 System.err.println("Exception caught: " + e.toString());
@@ -288,7 +292,7 @@ public class ConfigHSMLoginPanel extends WizardPanelBase {
                 System.err.println("Exception caught: " + e.toString());
                 context.put("error", "Exception:" + e.toString());
             }
-	    
+
         } // found password
 
         context.put("panel", "admin/console/config/config_hsmloginpanel.vm");
@@ -308,4 +312,3 @@ public class ConfigHSMLoginPanel extends WizardPanelBase {
         context.put("panel", "admin/console/config/config_hsmloginpanel.vm");
     }
 }
-
diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigHSMServlet.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigHSMServlet.java
index bfc6e278..9428ecce 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigHSMServlet.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigHSMServlet.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.servlet.csadmin;
 
-
 import java.util.Enumeration;
 import java.util.Hashtable;
 import java.util.Vector;
@@ -39,7 +38,6 @@ import com.netscape.certsrv.apps.CMS;
 import com.netscape.certsrv.base.IConfigStore;
 import com.netscape.cmsutil.crypto.Module;
 
-
 public class ConfigHSMServlet extends ConfigBaseServlet {
     /**
      *
@@ -131,9 +129,9 @@ public class ConfigHSMServlet extends ConfigBaseServlet {
                 } else {
                     CMS.debug(
                             "ConfigHSMServlet: token " + token.getName()
-                            + " not to be added");
+                                    + " not to be added");
                 }
-			    
+
             } catch (TokenException ex) {
                 CMS.debug("ConfigHSMServlet:" + ex.toString());
             }
@@ -165,11 +163,11 @@ public class ConfigHSMServlet extends ConfigBaseServlet {
                 if ((cn == null) || (cn.equals(""))) {
                     break;
                 }
-		
+
                 CMS.debug("ConfigHSMServlet: got from config module: " + cn);
                 // create a Module object
                 Module module = new Module(cn, pn, img);
-		
+
                 if (mCurrModTable.containsKey(cn)) {
                     CMS.debug("ConfigHSMServlet: module found: " + cn);
                     module.setFound(true);
@@ -178,7 +176,7 @@ public class ConfigHSMServlet extends ConfigBaseServlet {
 
                     loadModTokens(module, m);
                 }
-		
+
                 CMS.debug("ConfigHSMServlet: adding module " + cn);
                 // add module to set
                 if (!mSupportedModules.contains(module)) {
@@ -290,8 +288,8 @@ public class ConfigHSMServlet extends ConfigBaseServlet {
             Context context) {
         try {
             return Velocity.getTemplate("admin/console/config/config_hsm.vm");
-        } catch (Exception e) {}
+        } catch (Exception e) {
+        }
         return null;
     }
 }
-
diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigImportCertServlet.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigImportCertServlet.java
index 3b3b8a64..c65e559d 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigImportCertServlet.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigImportCertServlet.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.servlet.csadmin;
 
-
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
@@ -25,7 +24,6 @@ import org.apache.velocity.Template;
 import org.apache.velocity.app.Velocity;
 import org.apache.velocity.context.Context;
 
-
 public class ConfigImportCertServlet extends BaseServlet {
 
     /**
diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigJoinServlet.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigJoinServlet.java
index 01917303..5d50193c 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigJoinServlet.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigJoinServlet.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.servlet.csadmin;
 
-
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
@@ -30,7 +29,6 @@ import com.netscape.certsrv.base.EBaseException;
 import com.netscape.certsrv.base.IConfigStore;
 import com.netscape.cmsutil.crypto.CryptoUtil;
 
-
 public class ConfigJoinServlet extends ConfigBaseServlet {
 
     /**
@@ -52,12 +50,13 @@ public class ConfigJoinServlet extends ConfigBaseServlet {
 
     public boolean isPanelModified() {
         IConfigStore config = CMS.getConfigStore();
-      
+
         String cert = null;
 
         try {
             cert = config.getString("preop.join.cert", null);
-        } catch (EBaseException e) {}
+        } catch (EBaseException e) {
+        }
         if (cert == null || cert.equals("")) {
             return false;
         } else {
@@ -69,7 +68,7 @@ public class ConfigJoinServlet extends ConfigBaseServlet {
      * Displays panel.
      */
     public void display(HttpServletRequest request,
-            HttpServletResponse response, 
+            HttpServletResponse response,
             Context context) {
         IConfigStore config = CMS.getConfigStore();
 
@@ -85,7 +84,8 @@ public class ConfigJoinServlet extends ConfigBaseServlet {
                     CryptoUtil.string2byte(pubKeyPublicExponent),
                     CryptoUtil.string2byte(priKeyID));
             context.put("certreq", pkcs10);
-        } catch (Exception e) {}
+        } catch (Exception e) {
+        }
 
         String select = "auto";
         boolean select_manual = true;
@@ -94,8 +94,8 @@ public class ConfigJoinServlet extends ConfigBaseServlet {
             try {
                 select = config.getString("preop.join.select", null);
             } catch (EBaseException e) {
-                CMS.debug( "ConfigJoinServlet::display() - "
-                         + "Exception="+e.toString() );
+                CMS.debug("ConfigJoinServlet::display() - "
+                         + "Exception=" + e.toString());
                 return;
             }
             if (select.equals("auto")) {
@@ -109,12 +109,13 @@ public class ConfigJoinServlet extends ConfigBaseServlet {
                     String cert = config.getString("preop.join.cert", "");
 
                     context.put("cert", cert);
-                } catch (EBaseException e) {}
+                } catch (EBaseException e) {
+                }
             }
         } else {
             context.put("cert", "");
         }
-        if (select_manual) { 
+        if (select_manual) {
             context.put("check_manual", "checked");
             context.put("check_auto", "");
         } else {
@@ -128,7 +129,7 @@ public class ConfigJoinServlet extends ConfigBaseServlet {
      * Updates panel.
      */
     public void update(HttpServletRequest request,
-            HttpServletResponse response, 
+            HttpServletResponse response,
             Context context) {
         CMS.debug("JoinServlet: update");
         IConfigStore config = CMS.getConfigStore();
@@ -160,9 +161,10 @@ public class ConfigJoinServlet extends ConfigBaseServlet {
             }
             config.putString("preop.join.select", select);
             config.commit(false);
-        } catch (Exception e) {}
+        } catch (Exception e) {
+        }
     }
-                                                                                
+
     public Template getTemplate(HttpServletRequest request,
             HttpServletResponse response,
             Context context) {
diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigRootCAServlet.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigRootCAServlet.java
index 895c75ac..44046fdc 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigRootCAServlet.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/ConfigRootCAServlet.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.servlet.csadmin;
 
-
 import java.util.Vector;
 
 import javax.servlet.http.HttpServletRequest;
@@ -32,7 +31,6 @@ import com.netscape.certsrv.base.EBaseException;
 import com.netscape.certsrv.base.IConfigStore;
 import com.netscape.certsrv.profile.CertInfoProfile;
 
-
 public class ConfigRootCAServlet extends ConfigBaseServlet {
 
     /**
@@ -54,12 +52,13 @@ public class ConfigRootCAServlet extends ConfigBaseServlet {
 
     public boolean isPanelModified() {
         IConfigStore config = CMS.getConfigStore();
-      
+
         String profile = null;
 
         try {
             profile = config.getString("preop.hierarchy.profile", null);
-        } catch (EBaseException e) {}
+        } catch (EBaseException e) {
+        }
         if (profile == null || profile.equals("")) {
             return false;
         } else {
@@ -73,7 +72,8 @@ public class ConfigRootCAServlet extends ConfigBaseServlet {
 
         try {
             instancePath = config.getString("instanceRoot");
-        } catch (EBaseException e) {}
+        } catch (EBaseException e) {
+        }
         String p[] = { "caCert.profile" };
         Vector profiles = new Vector();
 
@@ -81,13 +81,14 @@ public class ConfigRootCAServlet extends ConfigBaseServlet {
             try {
                 profiles.addElement(
                         new CertInfoProfile(instancePath + "/conf/" + p[i]));
-            } catch (Exception e) {}
+            } catch (Exception e) {
+            }
         }
         return profiles;
     }
 
     public void display(HttpServletRequest request,
-            HttpServletResponse response, 
+            HttpServletResponse response,
             Context context) {
         IConfigStore config = CMS.getConfigStore();
         String profile = null;
@@ -95,7 +96,8 @@ public class ConfigRootCAServlet extends ConfigBaseServlet {
         if (isPanelModified()) {
             try {
                 profile = config.getString("preop.hierarchy.profile", null);
-            } catch (EBaseException e) {}
+            } catch (EBaseException e) {
+            }
         }
         if (profile == null) {
             profile = "caCert.profile";
@@ -108,15 +110,16 @@ public class ConfigRootCAServlet extends ConfigBaseServlet {
     }
 
     public void update(HttpServletRequest request,
-            HttpServletResponse response, 
+            HttpServletResponse response,
             Context context) {
         String profile = request.getParameter("profile");
         IConfigStore config = CMS.getConfigStore();
 
         config.putString("preop.hierarchy.profile", profile);
         try {
-            config.commit(false); 
-        } catch (Exception e) {}
+            config.commit(false);
+        } catch (Exception e) {
+        }
         context.put("status", "update");
         context.put("error", "");
         Vector profiles = getProfiles();
@@ -124,7 +127,7 @@ public class ConfigRootCAServlet extends ConfigBaseServlet {
         context.put("profiles", profiles);
         context.put("selected_profile_id", profile);
     }
-                                                                                
+
     public Template getTemplate(HttpServletRequest request,
             HttpServletResponse response,
             Context context) {
diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/CreateSubsystemPanel.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/CreateSubsystemPanel.java
index daf14c9e..377043d5 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/CreateSubsystemPanel.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/CreateSubsystemPanel.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.servlet.csadmin;
 
-
 import java.io.IOException;
 import java.net.URL;
 import java.util.StringTokenizer;
@@ -39,19 +38,20 @@ import com.netscape.cms.servlet.wizard.WizardServlet;
 
 public class CreateSubsystemPanel extends WizardPanelBase {
 
-    public CreateSubsystemPanel() {}
+    public CreateSubsystemPanel() {
+    }
 
     /**
      * Initializes this panel.
      */
-    public void init(ServletConfig config, int panelno) 
-        throws ServletException {
+    public void init(ServletConfig config, int panelno)
+            throws ServletException {
         setPanelNo(panelno);
         setName("Subsystem Selection");
     }
 
     public void init(WizardServlet servlet, ServletConfig config, int panelno, String id)
-        throws ServletException {
+            throws ServletException {
         setPanelNo(panelno);
         setName("Subsystem Type");
         setId(id);
@@ -72,15 +72,16 @@ public class CreateSubsystemPanel extends WizardPanelBase {
             } else {
                 return true;
             }
-        } catch (EBaseException e) {}
+        } catch (EBaseException e) {
+        }
         return false;
     }
 
     public PropertySet getUsage() {
         PropertySet set = new PropertySet();
-                                                                                
+
         /* XXX */
-                                                                                
+
         return set;
     }
 
@@ -112,8 +113,8 @@ public class CreateSubsystemPanel extends WizardPanelBase {
                     context.put("check_newsubsystem", "");
                     context.put("check_clonesubsystem", "checked");
                 }
-                context.put("subsystemName", 
-                   config.getString("preop.subsystem.name"));
+                context.put("subsystemName",
+                        config.getString("preop.subsystem.name"));
             } catch (Exception e) {
                 CMS.debug(e.toString());
             }
@@ -121,8 +122,8 @@ public class CreateSubsystemPanel extends WizardPanelBase {
             context.put("check_newsubsystem", "checked");
             context.put("check_clonesubsystem", "");
             try {
-              context.put("subsystemName", 
-               config.getString("preop.system.fullname"));
+                context.put("subsystemName",
+                        config.getString("preop.system.fullname"));
             } catch (Exception e) {
                 CMS.debug(e.toString());
             }
@@ -144,7 +145,7 @@ public class CreateSubsystemPanel extends WizardPanelBase {
         } catch (EBaseException e) {
         }
 
-        Vector v = getUrlListFromSecurityDomain(config, cstype, "SecurePort" );
+        Vector v = getUrlListFromSecurityDomain(config, cstype, "SecurePort");
 
         StringBuffer list = new StringBuffer();
         int size = v.size();
@@ -164,7 +165,7 @@ public class CreateSubsystemPanel extends WizardPanelBase {
             errorString = "Internal error, cs.type is missing from CS.cfg";
         }
 
-        if (list.length()==0)
+        if (list.length() == 0)
             context.put("disableClone", "true");
 
         context.put("panel", "admin/console/config/createsubsystempanel.vm");
@@ -196,8 +197,8 @@ public class CreateSubsystemPanel extends WizardPanelBase {
             throw new IOException("choice not found");
         }
 
-        config.putString("preop.subsystem.name", 
-              HttpInput.getName(request, "subsystemName"));
+        config.putString("preop.subsystem.name",
+                HttpInput.getName(request, "subsystemName"));
         if (select.equals("newsubsystem")) {
             config.putString("preop.subsystem.select", "new");
             config.putString("subsystem.select", "New");
@@ -209,7 +210,7 @@ public class CreateSubsystemPanel extends WizardPanelBase {
             }
 
             cstype = toLowerCaseSubsystemType(cstype);
-      
+
             config.putString("preop.subsystem.select", "clone");
             config.putString("subsystem.select", "Clone");
 
@@ -223,9 +224,9 @@ public class CreateSubsystemPanel extends WizardPanelBase {
             while (t.hasMoreTokens()) {
                 String tag = t.nextToken();
                 if (tag.equals("sslserver"))
-                    config.putBoolean(PCERT_PREFIX+tag+".enable", true);
-                else 
-                    config.putBoolean(PCERT_PREFIX+tag+".enable", false);
+                    config.putBoolean(PCERT_PREFIX + tag + ".enable", true);
+                else
+                    config.putBoolean(PCERT_PREFIX + tag + ".enable", false);
             }
 
             // get the master CA
@@ -254,10 +255,10 @@ public class CreateSubsystemPanel extends WizardPanelBase {
             String host = u.getHost();
             int https_ee_port = u.getPort();
 
-            String https_admin_port = getSecurityDomainAdminPort( config,
+            String https_admin_port = getSecurityDomainAdminPort(config,
                                                                   host,
                                                                   String.valueOf(https_ee_port),
-                                                                  cstype );
+                                                                  cstype);
 
             config.putString("preop.master.hostname", host);
             config.putInteger("preop.master.httpsport", https_ee_port);
@@ -265,12 +266,12 @@ public class CreateSubsystemPanel extends WizardPanelBase {
 
             ConfigCertApprovalCallback certApprovalCallback = new ConfigCertApprovalCallback();
             if (cstype.equals("ca")) {
-                updateCertChainUsingSecureEEPort( config, "clone", host, https_ee_port,
-                                 true, context, certApprovalCallback );
+                updateCertChainUsingSecureEEPort(config, "clone", host, https_ee_port,
+                                 true, context, certApprovalCallback);
             }
 
-            getTokenInfo(config, cstype, host, https_ee_port, true, context, 
-              certApprovalCallback);
+            getTokenInfo(config, cstype, host, https_ee_port, true, context,
+                    certApprovalCallback);
         } else {
             CMS.debug("CreateSubsystemPanel: invalid choice " + select);
             errorString = "Invalid choice";
diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/DatabasePanel.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/DatabasePanel.java
index e18d86cf..a69f462a 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/DatabasePanel.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/DatabasePanel.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.servlet.csadmin;
 
-
 import java.io.BufferedReader;
 import java.io.File;
 import java.io.FileOutputStream;
@@ -64,7 +63,7 @@ import com.netscape.cmsutil.ldap.LDAPUtil;
 public class DatabasePanel extends WizardPanelBase {
 
     private static final String HOST = "localhost";
-    private static final String CLONE_HOST="Enter FQDN here";
+    private static final String CLONE_HOST = "Enter FQDN here";
     private static final String PORT = "389";
     private static final String BASEDN = "o=netscapeCertificateServer";
     private static final String BINDDN = "cn=Directory Manager";
@@ -74,19 +73,20 @@ public class DatabasePanel extends WizardPanelBase {
 
     private WizardServlet mServlet = null;
 
-    public DatabasePanel() {}
+    public DatabasePanel() {
+    }
 
     /**
      * Initializes this panel.
      */
-    public void init(ServletConfig config, int panelno) 
-        throws ServletException {
+    public void init(ServletConfig config, int panelno)
+            throws ServletException {
         setPanelNo(panelno);
         setName("Internal Database");
     }
 
     public void init(WizardServlet servlet, ServletConfig config, int panelno, String id)
-        throws ServletException {
+            throws ServletException {
         setPanelNo(panelno);
         setName("Internal Database");
         setId(id);
@@ -109,7 +109,8 @@ public class DatabasePanel extends WizardPanelBase {
             } else {
                 return true;
             }
-        } catch (EBaseException e) {}
+        } catch (EBaseException e) {
+        }
 
         return false;
     }
@@ -120,7 +121,7 @@ public class DatabasePanel extends WizardPanelBase {
                 "Host name");
 
         set.add("hostname", hostDesc);
-      
+
         Descriptor portDesc = new Descriptor(IDescriptor.INTEGER, null, null,
                 "Port");
 
@@ -130,14 +131,14 @@ public class DatabasePanel extends WizardPanelBase {
                 "Base DN");
 
         set.add("basedn", basednDesc);
- 
+
         Descriptor binddnDesc = new Descriptor(IDescriptor.STRING, null, null,
                 "Bind DN");
 
         set.add("binddn", binddnDesc);
 
         Descriptor bindpwdDesc = new Descriptor(IDescriptor.PASSWORD, null, null,
-                "Bind Password"); 
+                "Bind Password");
 
         set.add("bindpwd", bindpwdDesc);
 
@@ -187,8 +188,8 @@ public class DatabasePanel extends WizardPanelBase {
                 basedn = cs.getString("internaldb.basedn", "");
                 binddn = cs.getString("internaldb.ldapauth.bindDN", "");
                 database = cs.getString("internaldb.database", "");
-            	secure =  cs.getString("internaldb.ldapconn.secureConn", "");
-            	cloneStartTLS =  cs.getString("internaldb.ldapconn.cloneStartTLS", "");
+                secure = cs.getString("internaldb.ldapconn.secureConn", "");
+                cloneStartTLS = cs.getString("internaldb.ldapconn.cloneStartTLS", "");
                 errorString = cs.getString("preop.database.errorString", "");
             } catch (Exception e) {
                 CMS.debug("DatabasePanel display: " + e.toString());
@@ -199,12 +200,12 @@ public class DatabasePanel extends WizardPanelBase {
             try {
                 basedn = cs.getString("internaldb.basedn", "");
             } catch (Exception e) {
-                CMS.debug( "DatabasePanel::display() - "
-                         + "Exception="+e.toString() );
+                CMS.debug("DatabasePanel::display() - "
+                         + "Exception=" + e.toString());
                 return;
             }
             binddn = BINDDN;
-            database = basedn.substring(basedn.lastIndexOf('=')+1);
+            database = basedn.substring(basedn.lastIndexOf('=') + 1);
             CMS.debug("Clone: database=" + database);
         } else {
             hostname = HOST;
@@ -223,11 +224,10 @@ public class DatabasePanel extends WizardPanelBase {
             boolean multipleEnable = false;
             try {
                 multipleEnable = cs.getBoolean(
-                  "internaldb.multipleSuffix.enable", false);
+                        "internaldb.multipleSuffix.enable", false);
             } catch (Exception e) {
             }
-      
-        
+
             if (multipleEnable)
                 basedn = "ou=" + instanceId + "," + suffix;
             else
@@ -243,15 +243,14 @@ public class DatabasePanel extends WizardPanelBase {
         context.put("binddn", binddn);
         context.put("bindpwd", bindpwd);
         context.put("database", database);
-        context.put("secureConn", (secure.equals("true")? "on":"off"));
-        context.put("cloneStartTLS", (cloneStartTLS.equals("true")? "on":"off"));
+        context.put("secureConn", (secure.equals("true") ? "on" : "off"));
+        context.put("cloneStartTLS", (cloneStartTLS.equals("true") ? "on" : "off"));
         context.put("panel", "admin/console/config/databasepanel.vm");
         context.put("errorString", errorString);
     }
 
     public void initParams(HttpServletRequest request, Context context)
-                   throws IOException
-    {
+                   throws IOException {
         IConfigStore config = CMS.getConfigStore();
         String select = "";
         try {
@@ -323,7 +322,7 @@ public class DatabasePanel extends WizardPanelBase {
             } catch (Exception e) {
             }
 
-            //get the real host name
+            // get the real host name
             String realhostname = "";
             if (hostname.equals("localhost")) {
                 try {
@@ -395,8 +394,7 @@ public class DatabasePanel extends WizardPanelBase {
     }
 
     private LDAPConnection getLocalLDAPConn(Context context, String secure)
-                throws IOException
-    {
+                throws IOException {
         IConfigStore cs = CMS.getConfigStore();
 
         String host = "";
@@ -409,7 +407,7 @@ public class DatabasePanel extends WizardPanelBase {
             host = cs.getString("internaldb.ldapconn.host");
             port = cs.getString("internaldb.ldapconn.port");
             binddn = cs.getString("internaldb.ldapauth.bindDN");
-            pwd = (String) context.get("bindpwd");    
+            pwd = (String) context.get("bindpwd");
             security = cs.getString("internaldb.ldapconn.secureConn");
         } catch (Exception e) {
             CMS.debug("DatabasePanel populateDB: " + e.toString());
@@ -428,12 +426,12 @@ public class DatabasePanel extends WizardPanelBase {
 
         LDAPConnection conn = null;
         if (security.equals("true")) {
-          CMS.debug("DatabasePanel populateDB: creating secure (SSL) connection for internal ldap");
-          conn = new LDAPConnection(CMS.getLdapJssSSLSocketFactory());
-	} else {
-          CMS.debug("DatabasePanel populateDB: creating non-secure (non-SSL) connection for internal ldap");
-          conn = new LDAPConnection();
-	}
+            CMS.debug("DatabasePanel populateDB: creating secure (SSL) connection for internal ldap");
+            conn = new LDAPConnection(CMS.getLdapJssSSLSocketFactory());
+        } else {
+            CMS.debug("DatabasePanel populateDB: creating non-secure (non-SSL) connection for internal ldap");
+            conn = new LDAPConnection();
+        }
 
         CMS.debug("DatabasePanel connecting to " + host + ":" + p);
         try {
@@ -443,81 +441,78 @@ public class DatabasePanel extends WizardPanelBase {
             throw new IOException("Failed to connect to the internal database.");
         }
 
-      return conn;
+        return conn;
     }
 
-    private boolean deleteDir(File dir) 
-    {
+    private boolean deleteDir(File dir) {
         if (dir.isDirectory()) {
             String[] children = dir.list();
-            for (int i=0; i<children.length; i++) {
+            for (int i = 0; i < children.length; i++) {
                 boolean success = deleteDir(new File(dir, children[i]));
                 if (!success) {
                     return false;
                 }
             }
         }
-    
+
         // The directory is now empty so delete it
         return dir.delete();
-    } 
+    }
 
-    private void cleanupDB(LDAPConnection conn, String baseDN, String database) 
-    {
+    private void cleanupDB(LDAPConnection conn, String baseDN, String database) {
         String[] entries = {};
         String filter = "objectclass=*";
         LDAPSearchConstraints cons = null;
         String[] attrs = null;
-        String dn="";
+        String dn = "";
         try {
             CMS.debug("Deleting baseDN: " + baseDN);
             LDAPSearchResults res = conn.search(baseDN, LDAPConnection.SCOPE_BASE, filter,
-                attrs, true, cons);
-            if (res != null) 
-            	deleteEntries(res, conn, baseDN, entries);
+                    attrs, true, cons);
+            if (res != null)
+                deleteEntries(res, conn, baseDN, entries);
+        } catch (LDAPException e) {
         }
-        catch (LDAPException e) {}
-        
+
         try {
-           dn="cn=mapping tree, cn=config";
-           filter = "nsslapd-backend=" + database;
-           LDAPSearchResults res = conn.search(dn, LDAPConnection.SCOPE_ONE, filter,
-              attrs, true, cons);
-          if (res != null) {
-              while (res.hasMoreElements()) {
-                  dn = res.next().getDN();
-                  filter = "objectclass=*";
-                  LDAPSearchResults res2 = conn.search(dn, LDAPConnection.SCOPE_BASE, filter,
-                      attrs, true, cons);
-                  if (res2 != null) 
-              	      deleteEntries(res2, conn, dn, entries);
-              }
-          }
-        }
-        catch (LDAPException e) {}
+            dn = "cn=mapping tree, cn=config";
+            filter = "nsslapd-backend=" + database;
+            LDAPSearchResults res = conn.search(dn, LDAPConnection.SCOPE_ONE, filter,
+                    attrs, true, cons);
+            if (res != null) {
+                while (res.hasMoreElements()) {
+                    dn = res.next().getDN();
+                    filter = "objectclass=*";
+                    LDAPSearchResults res2 = conn.search(dn, LDAPConnection.SCOPE_BASE, filter,
+                            attrs, true, cons);
+                    if (res2 != null)
+                        deleteEntries(res2, conn, dn, entries);
+                }
+            }
+        } catch (LDAPException e) {
+        }
 
         try {
             dn = "cn=" + database + ",cn=ldbm database, cn=plugins, cn=config";
             LDAPSearchResults res = conn.search(dn, LDAPConnection.SCOPE_BASE, filter,
-                attrs, true, cons);
+                    attrs, true, cons);
             if (res != null) {
                 deleteEntries(res, conn, dn, entries);
-                String dbdir = getInstanceDir(conn) + "/db/" + database; 
-                if (dbdir != null) { 
-            	    CMS.debug(" Deleting dbdir " + dbdir);
+                String dbdir = getInstanceDir(conn) + "/db/" + database;
+                if (dbdir != null) {
+                    CMS.debug(" Deleting dbdir " + dbdir);
                     boolean success = deleteDir(new File(dbdir));
                     if (!success) {
                         CMS.debug("Unable to delete database directory " + dbdir);
                     }
                 }
             }
+        } catch (LDAPException e) {
         }
-        catch (LDAPException e) {}
     }
 
-
-    private void populateDB(HttpServletRequest request, Context context, String secure) 
-        throws IOException {
+    private void populateDB(HttpServletRequest request, Context context, String secure)
+            throws IOException {
         IConfigStore cs = CMS.getConfigStore();
 
         String baseDN = "";
@@ -542,41 +537,44 @@ public class DatabasePanel extends WizardPanelBase {
         boolean foundDatabase = false;
         try {
             LDAPEntry entry = conn.read(baseDN);
-            if (entry != null) foundBaseDN = true;
+            if (entry != null)
+                foundBaseDN = true;
         } catch (LDAPException e) {
-            switch( e.getLDAPResultCode() ) {
-                case LDAPException.NO_SUCH_OBJECT:
-                    break;
-                default:
-                    CMS.debug("DatabasePanel update: LDAPException " + e.toString());
-                    throw new IOException("Failed to create the database");
+            switch (e.getLDAPResultCode()) {
+            case LDAPException.NO_SUCH_OBJECT:
+                break;
+            default:
+                CMS.debug("DatabasePanel update: LDAPException " + e.toString());
+                throw new IOException("Failed to create the database");
             }
         }
 
         try {
             dn = "cn=" + database + ",cn=ldbm database, cn=plugins, cn=config";
             LDAPEntry entry = conn.read(dn);
-            if (entry != null) foundDatabase = true;
+            if (entry != null)
+                foundDatabase = true;
         } catch (LDAPException e) {
-            switch( e.getLDAPResultCode() ) {
-                case LDAPException.NO_SUCH_OBJECT:
-                    break;
-                default:
-                    CMS.debug("DatabasePanel update: LDAPException " + e.toString());
-                    throw new IOException("Failed to create the database");
+            switch (e.getLDAPResultCode()) {
+            case LDAPException.NO_SUCH_OBJECT:
+                break;
+            default:
+                CMS.debug("DatabasePanel update: LDAPException " + e.toString());
+                throw new IOException("Failed to create the database");
             }
         }
         try {
             dn = "cn=\"" + baseDN + "\",cn=mapping tree, cn=config";
             LDAPEntry entry = conn.read(dn);
-            if (entry != null) foundDatabase = true;
+            if (entry != null)
+                foundDatabase = true;
         } catch (LDAPException e) {
-            switch( e.getLDAPResultCode() ) {
-                case LDAPException.NO_SUCH_OBJECT:
-                    break;
-                default:
-                    CMS.debug("DatabasePanel update: LDAPException " + e.toString());
-                    throw new IOException("Failed to create the database");
+            switch (e.getLDAPResultCode()) {
+            case LDAPException.NO_SUCH_OBJECT:
+                break;
+            default:
+                CMS.debug("DatabasePanel update: LDAPException " + e.toString());
+                throw new IOException("Failed to create the database");
             }
         }
 
@@ -584,8 +582,7 @@ public class DatabasePanel extends WizardPanelBase {
             CMS.debug("DatabasePanel update: This database has already been used.");
             if (remove == null) {
                 throw new IOException("This database has already been used. Select the checkbox below to remove all data and reuse this database");
-            }
-            else {
+            } else {
                 CMS.debug("DatabasePanel update: Deleting existing DB and reusing base DN");
                 cleanupDB(conn, baseDN, database);
                 foundBaseDN = false;
@@ -596,9 +593,8 @@ public class DatabasePanel extends WizardPanelBase {
         if (foundBaseDN) {
             CMS.debug("DatabasePanel update: This base DN has already been used.");
             if (remove == null) {
-                throw new IOException("This base DN ("+baseDN+") has already been used. Select the checkbox below to remove all data and reuse this base DN");
-            }
-            else {
+                throw new IOException("This base DN (" + baseDN + ") has already been used. Select the checkbox below to remove all data and reuse this base DN");
+            } else {
                 CMS.debug("DatabasePanel update: Deleting existing DB and reusing base DN");
                 cleanupDB(conn, baseDN, database);
                 foundBaseDN = false;
@@ -609,7 +605,7 @@ public class DatabasePanel extends WizardPanelBase {
         // create database
         try {
             LDAPAttributeSet attrs = new LDAPAttributeSet();
-            String oc[] = { "top", "extensibleObject", "nsBackendInstance"};
+            String oc[] = { "top", "extensibleObject", "nsBackendInstance" };
             attrs.add(new LDAPAttribute("objectClass", oc));
             attrs.add(new LDAPAttribute("cn", database));
             attrs.add(new LDAPAttribute("nsslapd-suffix", baseDN));
@@ -623,7 +619,7 @@ public class DatabasePanel extends WizardPanelBase {
 
         try {
             LDAPAttributeSet attrs = new LDAPAttributeSet();
-            String oc2[] = { "top", "extensibleObject", "nsMappingTree"};
+            String oc2[] = { "top", "extensibleObject", "nsMappingTree" };
             attrs.add(new LDAPAttribute("objectClass", oc2));
             attrs.add(new LDAPAttribute("cn", baseDN));
             attrs.add(new LDAPAttribute("nsslapd-backend", database));
@@ -644,19 +640,19 @@ public class DatabasePanel extends WizardPanelBase {
             String n = st.nextToken();
             String v = st.nextToken();
             LDAPAttributeSet attrs = new LDAPAttributeSet();
-            String oc3[] = { "top", "domain"};
+            String oc3[] = { "top", "domain" };
             if (n.equals("o")) {
-              oc3[1] = "organization";
+                oc3[1] = "organization";
             } else if (n.equals("ou")) {
-              oc3[1] = "organizationalUnit";
-            } 
+                oc3[1] = "organizationalUnit";
+            }
             attrs.add(new LDAPAttribute("objectClass", oc3));
             attrs.add(new LDAPAttribute(n, v));
             LDAPEntry entry = new LDAPEntry(baseDN, attrs);
             conn.add(entry);
         } catch (Exception e) {
             CMS.debug("Warning: suffix creation error - " + e.toString());
-            throw new IOException("Failed to create the base DN: "+baseDN);
+            throw new IOException("Failed to create the base DN: " + baseDN);
         }
 
         // check to see if the base dn exists
@@ -666,15 +662,17 @@ public class DatabasePanel extends WizardPanelBase {
             LDAPEntry entry = conn.read(baseDN);
 
             if (entry != null) {
-                foundBaseDN = true; 
+                foundBaseDN = true;
             }
-        } catch (LDAPException e) {}
+        } catch (LDAPException e) {
+        }
         boolean createBaseDN = true;
 
         boolean testing = false;
         try {
             testing = cs.getBoolean("internaldb.multipleSuffix.enable", false);
-        } catch (Exception e) {}
+        } catch (Exception e) {
+        }
 
         if (!foundBaseDN) {
             if (!testing) {
@@ -697,7 +695,7 @@ public class DatabasePanel extends WizardPanelBase {
                 // support only one level creation - create new entry
                 // right under the suffix
                 LDAPAttributeSet attrs = new LDAPAttributeSet();
-                String oc[] = { "top", "organizationalUnit"};
+                String oc[] = { "top", "organizationalUnit" };
 
                 attrs.add(new LDAPAttribute("objectClass", oc));
                 attrs.add(new LDAPAttribute("ou", dns2[0]));
@@ -705,7 +703,7 @@ public class DatabasePanel extends WizardPanelBase {
 
                 try {
                     conn.add(entry);
-                    foundBaseDN = true; 
+                    foundBaseDN = true;
                     CMS.debug("DatabasePanel added " + baseDN);
                 } catch (LDAPException e) {
                     throw new IOException("Failed to create " + baseDN);
@@ -723,25 +721,26 @@ public class DatabasePanel extends WizardPanelBase {
         }
 
         if (select.equals("clone")) {
-          // if this is clone, add index before replication
-          // don't put in the schema or bad things will happen
-          
-          importLDIFS("preop.internaldb.ldif", conn);
-          importLDIFS("preop.internaldb.index_ldif", conn);
+            // if this is clone, add index before replication
+            // don't put in the schema or bad things will happen
+
+            importLDIFS("preop.internaldb.ldif", conn);
+            importLDIFS("preop.internaldb.index_ldif", conn);
         } else {
-          // data will be replicated from the master to the clone
-          // so clone does not need the data
-          //
+            // data will be replicated from the master to the clone
+            // so clone does not need the data
+            //
 
-          importLDIFS("preop.internaldb.schema.ldif", conn);         
-          importLDIFS("preop.internaldb.ldif", conn); 
-          importLDIFS("preop.internaldb.data_ldif", conn);
-          importLDIFS("preop.internaldb.index_ldif", conn);
+            importLDIFS("preop.internaldb.schema.ldif", conn);
+            importLDIFS("preop.internaldb.ldif", conn);
+            importLDIFS("preop.internaldb.data_ldif", conn);
+            importLDIFS("preop.internaldb.index_ldif", conn);
         }
 
         try {
             conn.disconnect();
-        } catch (LDAPException e) {}
+        } catch (LDAPException e) {
+        }
     }
 
     private void importLDIFS(String param, LDAPConnection conn) throws IOException {
@@ -751,11 +750,11 @@ public class DatabasePanel extends WizardPanelBase {
         CMS.debug("DatabasePanel populateDB param=" + param);
         try {
             v = cs.getString(param);
-        } catch (EBaseException e) {  
+        } catch (EBaseException e) {
             CMS.debug("DatabasePanel populateDB: " + e.toString());
             throw new IOException("Cant find ldif files.");
         }
- 
+
         StringTokenizer tokenizer = new StringTokenizer(v, ",");
         String baseDN = null;
         String database = null;
@@ -787,13 +786,12 @@ public class DatabasePanel extends WizardPanelBase {
         String instanceId = null;
 
         try {
-            instanceId = cs.getString("instanceId"); 
+            instanceId = cs.getString("instanceId");
         } catch (EBaseException e) {
             throw new IOException("instanceId is missing");
         }
 
-
-        String configDir = instancePath + File.separator + "conf"; 
+        String configDir = instancePath + File.separator + "conf";
 
         while (tokenizer.hasMoreTokens()) {
             String token = tokenizer.nextToken().trim();
@@ -846,11 +844,11 @@ public class DatabasePanel extends WizardPanelBase {
                         if (!endOfline) {
                             ps.println(s);
                         }
-                    } 
+                    }
                 }
                 in.close();
                 ps.close();
-            } catch (Exception e) { 
+            } catch (Exception e) {
                 CMS.debug("DBSubsystem popuateDB: " + e.toString());
                 throw new IOException(
                         "Problem of copying ldif file: " + filename);
@@ -867,7 +865,7 @@ public class DatabasePanel extends WizardPanelBase {
             HttpServletResponse response,
             Context context) throws IOException {
         IConfigStore cs = CMS.getConfigStore();
-	boolean hasErr = false;
+        boolean hasErr = false;
 
         boolean firsttime = false;
         context.put("firsttime", "false");
@@ -903,17 +901,19 @@ public class DatabasePanel extends WizardPanelBase {
         cs.putString("internaldb.ldapauth.bindDN", binddn);
         cs.putString("internaldb.database", database2);
         String secure = HttpInput.getCheckbox(request, "secureConn");
-        cs.putString("internaldb.ldapconn.secureConn", (secure.equals("on")?"true":"false"));
+        cs.putString("internaldb.ldapconn.secureConn", (secure.equals("on") ? "true" : "false"));
         String cloneStartTLS = HttpInput.getCheckbox(request, "cloneStartTLS");
-        cs.putString("internaldb.ldapconn.cloneStartTLS", (cloneStartTLS.equals("on")?"true":"false"));
+        cs.putString("internaldb.ldapconn.cloneStartTLS", (cloneStartTLS.equals("on") ? "true" : "false"));
 
         String remove = HttpInput.getID(request, "removeData");
         if (isPanelDone() && (remove == null || remove.equals(""))) {
-             /* if user submits the same data, they just want to skip 
-                to the next panel, no database population is required. */
-            if (hostname1.equals(hostname2) && 
-                portStr1.equals(portStr2) && 
-                database1.equals(database2)) {
+            /*
+             * if user submits the same data, they just want to skip to the next
+             * panel, no database population is required.
+             */
+            if (hostname1.equals(hostname2) &&
+                    portStr1.equals(portStr2) &&
+                    database1.equals(database2)) {
                 context.put("updateStatus", "success");
                 return;
             }
@@ -921,15 +921,14 @@ public class DatabasePanel extends WizardPanelBase {
 
         mServlet.cleanUpFromPanel(mServlet.getPanelNo(request));
 
-
         try {
-            populateDB(request, context, (secure.equals("on")?"true":"false"));
+            populateDB(request, context, (secure.equals("on") ? "true" : "false"));
         } catch (IOException e) {
-            CMS.debug("DatabasePanel update: populateDB Exception: "+e.toString());
+            CMS.debug("DatabasePanel update: populateDB Exception: " + e.toString());
             context.put("updateStatus", "failure");
             throw e;
         } catch (Exception e) {
-            CMS.debug("DatabasePanel update: populateDB Exception: "+e.toString());
+            CMS.debug("DatabasePanel update: populateDB Exception: " + e.toString());
             context.put("errorString", e.toString());
             cs.putString("preop.database.errorString", e.toString());
             context.put("updateStatus", "failure");
@@ -950,11 +949,11 @@ public class DatabasePanel extends WizardPanelBase {
         } catch (Exception e) {
             CMS.debug("ConfigDatabaseServlet update: " + e.toString());
             context.put("updateStatus", "failure");
-            throw new IOException( e.toString() );
+            throw new IOException(e.toString());
         }
         psStore.putString("internaldb", bindpwd);
         psStore.putString("replicationdb", replicationpwd);
-        cs.putString("preop.internaldb.replicationpwd" , replicationpwd);
+        cs.putString("preop.internaldb.replicationpwd", replicationpwd);
         cs.putString("preop.database.removeData", "false");
 
         try {
@@ -983,57 +982,58 @@ public class DatabasePanel extends WizardPanelBase {
 
         // always populate the index the last
         try {
-          CMS.debug("Populating local indexes");
-          LDAPConnection conn = getLocalLDAPConn(context, 
-                            (secure.equals("on")?"true":"false"));
-          importLDIFS("preop.internaldb.post_ldif", conn);
-
-          /* For vlvtask, we need to check if the task has 
-             been completed or not.  Presence of nsTaskExitCode means task is complete
-           */
-          String wait_dn = cs.getString("preop.internaldb.wait_dn", "");
-          if (!wait_dn.equals("")) {
-            int i = 0;
-            LDAPEntry task = null;
-            boolean taskComplete = false;
-            CMS.debug("Checking wait_dn " + wait_dn);
-            do {
-              Thread.sleep(1000);
-              try {
-                task = conn.read(wait_dn, (String[])null);
-                if (task != null) {
-                   LDAPAttribute attr = task.getAttribute("nsTaskExitCode");
-                   if (attr != null) {
-                       taskComplete = true;
-                       String val = (String) attr.getStringValues().nextElement();
-                       if (val.compareTo("0") != 0) {
-                           CMS.debug("Error in populating local indexes: nsTaskExitCode=" + val);
-                       } 
-                   } 
+            CMS.debug("Populating local indexes");
+            LDAPConnection conn = getLocalLDAPConn(context,
+                            (secure.equals("on") ? "true" : "false"));
+            importLDIFS("preop.internaldb.post_ldif", conn);
+
+            /*
+             * For vlvtask, we need to check if the task has been completed or
+             * not. Presence of nsTaskExitCode means task is complete
+             */
+            String wait_dn = cs.getString("preop.internaldb.wait_dn", "");
+            if (!wait_dn.equals("")) {
+                int i = 0;
+                LDAPEntry task = null;
+                boolean taskComplete = false;
+                CMS.debug("Checking wait_dn " + wait_dn);
+                do {
+                    Thread.sleep(1000);
+                    try {
+                        task = conn.read(wait_dn, (String[]) null);
+                        if (task != null) {
+                            LDAPAttribute attr = task.getAttribute("nsTaskExitCode");
+                            if (attr != null) {
+                                taskComplete = true;
+                                String val = (String) attr.getStringValues().nextElement();
+                                if (val.compareTo("0") != 0) {
+                                    CMS.debug("Error in populating local indexes: nsTaskExitCode=" + val);
+                                }
+                            }
+                        }
+                    } catch (LDAPException le) {
+                        CMS.debug("Still checking wait_dn '" + wait_dn + "' (" + le.toString() + ")");
+                    } catch (Exception e) {
+                        CMS.debug("Still checking wait_dn '" + wait_dn + "' (" + e.toString() + ").");
+                    }
+                } while ((!taskComplete) && (i < 20));
+                if (i < 20) {
+                    CMS.debug("Done checking wait_dn " + wait_dn);
+                } else {
+                    CMS.debug("Done checking wait_dn " + wait_dn + " due to timeout.");
                 }
-              } catch (LDAPException le) {
-                CMS.debug("Still checking wait_dn '" + wait_dn + "' (" + le.toString() + ")");
-              } catch (Exception e) {
-                CMS.debug("Still checking wait_dn '" + wait_dn + "' (" + e.toString() + ").");
-              }
-            } while ((!taskComplete) && (i < 20));
-            if (i < 20) {
-              CMS.debug("Done checking wait_dn " + wait_dn);
-            } else {
-              CMS.debug("Done checking wait_dn " + wait_dn + " due to timeout.");
             }
-          }
 
-          conn.disconnect();
-          CMS.debug("Done populating local indexes");
+            conn.disconnect();
+            CMS.debug("Done populating local indexes");
         } catch (Exception e) {
-          CMS.debug("Populating index failure - " + e);
+            CMS.debug("Populating index failure - " + e);
         }
 
         // setup replication after indexes have been created
         if (select.equals("clone")) {
             CMS.debug("Start setting up replication.");
-            setupReplication(request, context, (secure.equals("on")?"true":"false"), (cloneStartTLS.equals("on")?"true":"false"));
+            setupReplication(request, context, (secure.equals("on") ? "true" : "false"), (cloneStartTLS.equals("on") ? "true" : "false"));
             CMS.debug("Finish setting up replication.");
 
             try {
@@ -1048,25 +1048,24 @@ public class DatabasePanel extends WizardPanelBase {
             }
         }
 
-
         if (hasErr == false) {
-          cs.putBoolean("preop.Database.done", true);
-          try {
-            cs.commit(false);
-          } catch (EBaseException e) { 
-            CMS.debug(
-                  "DatabasePanel: update() Exception caught at config commit: "
-                            + e.toString());
-	  }
-	}
+            cs.putBoolean("preop.Database.done", true);
+            try {
+                cs.commit(false);
+            } catch (EBaseException e) {
+                CMS.debug(
+                        "DatabasePanel: update() Exception caught at config commit: "
+                                + e.toString());
+            }
+        }
         context.put("updateStatus", "success");
     }
 
     private void setupReplication(HttpServletRequest request,
-				  Context context, String secure, String cloneStartTLS) throws IOException {
+                  Context context, String secure, String cloneStartTLS) throws IOException {
         String bindpwd = HttpInput.getPassword(request, "__bindpwd");
         IConfigStore cs = CMS.getConfigStore();
- 
+
         String cstype = "";
         String machinename = "";
         String instanceId = "";
@@ -1078,13 +1077,12 @@ public class DatabasePanel extends WizardPanelBase {
         } catch (Exception e) {
         }
 
-
-        //setup replication agreement
-        String masterAgreementName = "masterAgreement1-"+machinename+"-"+instanceId;
+        // setup replication agreement
+        String masterAgreementName = "masterAgreement1-" + machinename + "-" + instanceId;
         cs.putString("internaldb.replication.master", masterAgreementName);
-        String cloneAgreementName = "cloneAgreement1-"+machinename+"-"+instanceId;
+        String cloneAgreementName = "cloneAgreement1-" + machinename + "-" + instanceId;
         cs.putString("internaldb.replication.consumer", cloneAgreementName);
- 
+
         try {
             cs.commit(false);
         } catch (Exception e) {
@@ -1119,18 +1117,18 @@ public class DatabasePanel extends WizardPanelBase {
             master2_replicationpwd = cs.getString("preop.internaldb.replicationpwd", "");
         } catch (Exception e) {
         }
-  
+
         LDAPConnection conn1 = null;
         LDAPConnection conn2 = null;
         if (secure.equals("true")) {
-          CMS.debug("DatabasePanel setupReplication: creating secure (SSL) connections for internal ldap");
-          conn1 = new LDAPConnection(CMS.getLdapJssSSLSocketFactory());
-          conn2 = new LDAPConnection(CMS.getLdapJssSSLSocketFactory());
-	} else {
-          CMS.debug("DatabasePanel setupreplication: creating non-secure (non-SSL) connections for internal ldap");
-          conn1 = new LDAPConnection();
-          conn2 = new LDAPConnection();
-	}
+            CMS.debug("DatabasePanel setupReplication: creating secure (SSL) connections for internal ldap");
+            conn1 = new LDAPConnection(CMS.getLdapJssSSLSocketFactory());
+            conn2 = new LDAPConnection(CMS.getLdapJssSSLSocketFactory());
+        } else {
+            CMS.debug("DatabasePanel setupreplication: creating non-secure (non-SSL) connections for internal ldap");
+            conn1 = new LDAPConnection();
+            conn2 = new LDAPConnection();
+        }
 
         String basedn = "";
         try {
@@ -1140,13 +1138,13 @@ public class DatabasePanel extends WizardPanelBase {
 
         try {
             conn1.connect(master1_hostname, master1_port, master1_binddn,
-              master1_bindpwd);
+                    master1_bindpwd);
             conn2.connect(master2_hostname, master2_port, master2_binddn,
-              master2_bindpwd);
+                    master2_bindpwd);
             String suffix = cs.getString("internaldb.basedn", "");
 
-            String replicadn = "cn=replica,cn=\""+suffix+"\",cn=mapping tree,cn=config";
-            CMS.debug("DatabasePanel setupReplication: replicadn="+replicadn);
+            String replicadn = "cn=replica,cn=\"" + suffix + "\",cn=mapping tree,cn=config";
+            CMS.debug("DatabasePanel setupReplication: replicadn=" + replicadn);
 
             String masterBindUser = "Replication Manager " + masterAgreementName;
             String cloneBindUser = "Replication Manager " + cloneAgreementName;
@@ -1168,16 +1166,16 @@ public class DatabasePanel extends WizardPanelBase {
 
             CMS.debug("DatabasePanel setupReplication: Finished enabling replication");
 
-            createReplicationAgreement(replicadn, conn1, masterAgreementName, 
-              master2_hostname, master2_port, master2_replicationpwd, basedn, cloneBindUser, secure, cloneStartTLS);
+            createReplicationAgreement(replicadn, conn1, masterAgreementName,
+                    master2_hostname, master2_port, master2_replicationpwd, basedn, cloneBindUser, secure, cloneStartTLS);
 
-            createReplicationAgreement(replicadn, conn2, cloneAgreementName, 
-              master1_hostname, master1_port, master1_replicationpwd, basedn, masterBindUser, secure, cloneStartTLS);
+            createReplicationAgreement(replicadn, conn2, cloneAgreementName,
+                    master1_hostname, master1_port, master1_replicationpwd, basedn, masterBindUser, secure, cloneStartTLS);
 
             // initialize consumer
             initializeConsumer(replicadn, conn1, masterAgreementName);
 
-            while (! replicationDone(replicadn, conn1, masterAgreementName)) {
+            while (!replicationDone(replicadn, conn1, masterAgreementName)) {
                 CMS.debug("DatabasePanel setupReplication: Waiting for replication to complete");
                 Thread.sleep(1000);
             }
@@ -1185,12 +1183,12 @@ public class DatabasePanel extends WizardPanelBase {
             String status = replicationStatus(replicadn, conn1, masterAgreementName);
             if (!status.startsWith("0 ")) {
                 CMS.debug("DatabasePanel setupReplication: consumer initialization failed. " +
-                    status);
+                        status);
                 throw new IOException("consumer initialization failed. " + status);
-            } 
+            }
 
         } catch (Exception e) {
-            CMS.debug("DatabasePanel setupReplication: "+e.toString());
+            CMS.debug("DatabasePanel setupReplication: " + e.toString());
             throw new IOException("Failed to setup the replication for cloning.");
         }
     }
@@ -1203,15 +1201,15 @@ public class DatabasePanel extends WizardPanelBase {
             Context context) {
 
         try {
-          initParams(request, context);
-        } catch (IOException e) { 
+            initParams(request, context);
+        } catch (IOException e) {
         }
         context.put("title", "Database");
         context.put("panel", "admin/console/config/databasepanel.vm");
     }
 
     private void createReplicationManager(LDAPConnection conn, String bindUser, String pwd)
-      throws LDAPException {
+            throws LDAPException {
         LDAPAttributeSet attrs = null;
         LDAPEntry entry = null;
         String dn = "cn=" + bindUser + ",cn=config";
@@ -1231,11 +1229,11 @@ public class DatabasePanel extends WizardPanelBase {
                     conn.delete(dn);
                     conn.add(entry);
                 } catch (LDAPException ee) {
-                    CMS.debug("DatabasePanel createReplicationManager: "+ee.toString());
+                    CMS.debug("DatabasePanel createReplicationManager: " + ee.toString());
                 }
                 return;
             } else {
-                CMS.debug("DatabasePanel createReplicationManager: Failed to create replication manager. Exception: "+e.toString());
+                CMS.debug("DatabasePanel createReplicationManager: Failed to create replication manager. Exception: " + e.toString());
                 throw e;
             }
         }
@@ -1244,7 +1242,7 @@ public class DatabasePanel extends WizardPanelBase {
     }
 
     private void createChangeLog(LDAPConnection conn, String dir)
-      throws LDAPException {
+            throws LDAPException {
         LDAPAttributeSet attrs = null;
         LDAPEntry entry = null;
         String dn = "cn=changelog5,cn=config";
@@ -1259,17 +1257,15 @@ public class DatabasePanel extends WizardPanelBase {
         } catch (LDAPException e) {
             if (e.getLDAPResultCode() == LDAPException.ENTRY_ALREADY_EXISTS) {
                 CMS.debug("DatabasePanel createChangeLog: Changelog entry has already used");
-/* leave it, dont delete it because it will have operation error
-                try {
-                    conn.delete(dn);
-                    conn.add(entry);
-                } catch (LDAPException ee) {
-                    CMS.debug("DatabasePanel createChangeLog: "+ee.toString());
-                }
-*/
+                /*
+                 * leave it, dont delete it because it will have operation error
+                 * try { conn.delete(dn); conn.add(entry); } catch
+                 * (LDAPException ee) {
+                 * CMS.debug("DatabasePanel createChangeLog: "+ee.toString()); }
+                 */
                 return;
             } else {
-                CMS.debug("DatabasePanel createChangeLog: Failed to create changelog entry. Exception: "+e.toString());
+                CMS.debug("DatabasePanel createChangeLog: Failed to create changelog entry. Exception: " + e.toString());
                 throw e;
             }
         }
@@ -1278,8 +1274,8 @@ public class DatabasePanel extends WizardPanelBase {
     }
 
     private int enableReplication(String replicadn, LDAPConnection conn, String bindUser, String basedn, int id)
-      throws LDAPException {
-        CMS.debug("DatabasePanel enableReplication: replicadn: "+replicadn);
+            throws LDAPException {
+        CMS.debug("DatabasePanel enableReplication: replicadn: " + replicadn);
         LDAPAttributeSet attrs = null;
         LDAPEntry entry = null;
         try {
@@ -1290,7 +1286,7 @@ public class DatabasePanel extends WizardPanelBase {
             attrs.add(new LDAPAttribute("nsDS5ReplicaRoot", basedn));
             attrs.add(new LDAPAttribute("nsDS5ReplicaType", "3"));
             attrs.add(new LDAPAttribute("nsDS5ReplicaBindDN",
-              "cn=" + bindUser + ",cn=config"));
+                    "cn=" + bindUser + ",cn=config"));
             attrs.add(new LDAPAttribute("cn", "replica"));
             attrs.add(new LDAPAttribute("nsDS5ReplicaId", Integer.toString(id)));
             attrs.add(new LDAPAttribute("nsds5flags", "1"));
@@ -1298,49 +1294,51 @@ public class DatabasePanel extends WizardPanelBase {
             conn.add(entry);
         } catch (LDAPException e) {
             if (e.getLDAPResultCode() == LDAPException.ENTRY_ALREADY_EXISTS) {
-                /* BZ 470918 -we cant just add the new dn.  We need to do a replace instead 
-                 * until the DS code is fixed */
-                CMS.debug("DatabasePanel enableReplication: "+replicadn+" has already been used");
-                
+                /*
+                 * BZ 470918 -we cant just add the new dn. We need to do a
+                 * replace instead until the DS code is fixed
+                 */
+                CMS.debug("DatabasePanel enableReplication: " + replicadn + " has already been used");
+
                 try {
                     entry = conn.read(replicadn);
                     LDAPAttribute attr = entry.getAttribute("nsDS5ReplicaBindDN");
-                    attr.addValue( "cn=" + bindUser + ",cn=config");
+                    attr.addValue("cn=" + bindUser + ",cn=config");
                     LDAPModification mod = new LDAPModification(LDAPModification.REPLACE, attr);
                     conn.modify(replicadn, mod);
                 } catch (LDAPException ee) {
-                    CMS.debug("DatabasePanel enableReplication: Failed to modify " 
-                        +replicadn+" entry. Exception: "+e.toString());
+                    CMS.debug("DatabasePanel enableReplication: Failed to modify "
+                            + replicadn + " entry. Exception: " + e.toString());
                 }
                 return id;
             } else {
-                CMS.debug("DatabasePanel enableReplication: Failed to create "+replicadn+" entry. Exception: "+e.toString());
+                CMS.debug("DatabasePanel enableReplication: Failed to create " + replicadn + " entry. Exception: " + e.toString());
                 return id;
             }
         }
 
-        CMS.debug("DatabasePanel enableReplication: Successfully create "+replicadn+" entry.");
+        CMS.debug("DatabasePanel enableReplication: Successfully create " + replicadn + " entry.");
         return id + 1;
     }
 
-    private void createReplicationAgreement(String replicadn, 
-      LDAPConnection conn, String name, String replicahost, int replicaport, 
-      String replicapwd, String basedn, String bindUser, String secure, String cloneStartTLS) throws LDAPException {
-        String dn = "cn="+name+","+replicadn;
-        CMS.debug("DatabasePanel createReplicationAgreement: dn: "+dn);
+    private void createReplicationAgreement(String replicadn,
+            LDAPConnection conn, String name, String replicahost, int replicaport,
+            String replicapwd, String basedn, String bindUser, String secure, String cloneStartTLS) throws LDAPException {
+        String dn = "cn=" + name + "," + replicadn;
+        CMS.debug("DatabasePanel createReplicationAgreement: dn: " + dn);
         LDAPEntry entry = null;
         LDAPAttributeSet attrs = null;
         try {
             attrs = new LDAPAttributeSet();
             attrs.add(new LDAPAttribute("objectclass", "top"));
             attrs.add(new LDAPAttribute("objectclass",
-              "nsds5replicationagreement"));
+                    "nsds5replicationagreement"));
             attrs.add(new LDAPAttribute("cn", name));
             attrs.add(new LDAPAttribute("nsDS5ReplicaRoot", basedn));
             attrs.add(new LDAPAttribute("nsDS5ReplicaHost", replicahost));
-            attrs.add(new LDAPAttribute("nsDS5ReplicaPort", ""+replicaport));
+            attrs.add(new LDAPAttribute("nsDS5ReplicaPort", "" + replicaport));
             attrs.add(new LDAPAttribute("nsDS5ReplicaBindDN",
-              "cn=" + bindUser + ",cn=config"));
+                    "cn=" + bindUser + ",cn=config"));
             attrs.add(new LDAPAttribute("nsDS5ReplicaBindMethod", "Simple"));
             attrs.add(new LDAPAttribute("nsds5replicacredentials", replicapwd));
 
@@ -1351,50 +1349,50 @@ public class DatabasePanel extends WizardPanelBase {
             }
 
             CMS.debug("About to set description attr to " + name);
-            attrs.add(new LDAPAttribute("description",name));
+            attrs.add(new LDAPAttribute("description", name));
 
             entry = new LDAPEntry(dn, attrs);
             conn.add(entry);
         } catch (LDAPException e) {
             if (e.getLDAPResultCode() == LDAPException.ENTRY_ALREADY_EXISTS) {
-                CMS.debug("DatabasePanel createReplicationAgreement: "+dn+" has already used");
+                CMS.debug("DatabasePanel createReplicationAgreement: " + dn + " has already used");
                 try {
                     conn.delete(dn);
                 } catch (LDAPException ee) {
-                    CMS.debug("DatabasePanel createReplicationAgreement: "+ee.toString());
+                    CMS.debug("DatabasePanel createReplicationAgreement: " + ee.toString());
                     throw ee;
                 }
 
                 try {
                     conn.add(entry);
                 } catch (LDAPException ee) {
-                    CMS.debug("DatabasePanel createReplicationAgreement: "+ee.toString());
+                    CMS.debug("DatabasePanel createReplicationAgreement: " + ee.toString());
                     throw ee;
                 }
             } else {
-                CMS.debug("DatabasePanel createReplicationAgreement: Failed to create "+dn+" entry. Exception: "+e.toString());
+                CMS.debug("DatabasePanel createReplicationAgreement: Failed to create " + dn + " entry. Exception: " + e.toString());
                 throw e;
             }
         }
 
-        CMS.debug("DatabasePanel createReplicationAgreement: Successfully create replication agreement "+name);
+        CMS.debug("DatabasePanel createReplicationAgreement: Successfully create replication agreement " + name);
     }
 
-    private void initializeConsumer(String replicadn, LDAPConnection conn, 
-      String name) {
-        String dn = "cn="+name+","+replicadn;
-        CMS.debug("DatabasePanel initializeConsumer: initializeConsumer dn: "+dn);
-        CMS.debug("DatabasePanel initializeConsumer: initializeConsumer host: "+conn.getHost() + " port: " + conn.getPort());
+    private void initializeConsumer(String replicadn, LDAPConnection conn,
+            String name) {
+        String dn = "cn=" + name + "," + replicadn;
+        CMS.debug("DatabasePanel initializeConsumer: initializeConsumer dn: " + dn);
+        CMS.debug("DatabasePanel initializeConsumer: initializeConsumer host: " + conn.getHost() + " port: " + conn.getPort());
         try {
             LDAPAttribute attr = new LDAPAttribute("nsds5beginreplicarefresh",
-              "start");
+                    "start");
             LDAPModification mod = new LDAPModification(
-              LDAPModification.REPLACE, attr);
+                    LDAPModification.REPLACE, attr);
             CMS.debug("DatabasePanel initializeConsumer: start modifying");
             conn.modify(dn, mod);
             CMS.debug("DatabasePanel initializeConsumer: Finish modification.");
         } catch (LDAPException e) {
-            CMS.debug("DatabasePanel initializeConsumer: Failed to modify "+dn+" entry. Exception: "+e.toString());
+            CMS.debug("DatabasePanel initializeConsumer: Failed to modify " + dn + " entry. Exception: " + e.toString());
             return;
         } catch (Exception e) {
             CMS.debug("DatabasePanel initializeConsumer: exception " + e);
@@ -1405,33 +1403,33 @@ public class DatabasePanel extends WizardPanelBase {
             Thread.sleep(5000);
             CMS.debug("DatabasePanel initializeConsumer: finish sleeping.");
         } catch (InterruptedException ee) {
-            CMS.debug("DatabasePanel initializeConsumer: exception: "+ee.toString());
+            CMS.debug("DatabasePanel initializeConsumer: exception: " + ee.toString());
         }
 
         CMS.debug("DatabasePanel initializeConsumer: Successfully initialize consumer");
     }
 
-    private boolean replicationDone(String replicadn, LDAPConnection conn, String name) 
-      throws IOException {
-        String dn = "cn="+name+","+replicadn;
+    private boolean replicationDone(String replicadn, LDAPConnection conn, String name)
+            throws IOException {
+        String dn = "cn=" + name + "," + replicadn;
         String filter = "(objectclass=*)";
-        String[] attrs = {"nsds5beginreplicarefresh"};
+        String[] attrs = { "nsds5beginreplicarefresh" };
 
-        CMS.debug("DatabasePanel replicationDone: dn: "+dn);
+        CMS.debug("DatabasePanel replicationDone: dn: " + dn);
         try {
             LDAPSearchResults results = conn.search(dn, LDAPConnection.SCOPE_BASE, filter,
-              attrs, true);
+                    attrs, true);
 
             int count = results.getCount();
             if (count < 1) {
                 throw new IOException("Replication entry not found");
-            } 
-           
+            }
+
             LDAPEntry entry = results.next();
             LDAPAttribute refresh = entry.getAttribute("nsds5beginreplicarefresh");
             if (refresh == null) {
                 return true;
-            } 
+            }
             return false;
         } catch (Exception e) {
             CMS.debug("DatabasePanel replicationDone: exception " + e);
@@ -1439,29 +1437,29 @@ public class DatabasePanel extends WizardPanelBase {
         }
     }
 
-    private String replicationStatus(String replicadn, LDAPConnection conn, String name) 
-      throws IOException {
-        String dn = "cn="+name+","+replicadn;
+    private String replicationStatus(String replicadn, LDAPConnection conn, String name)
+            throws IOException {
+        String dn = "cn=" + name + "," + replicadn;
         String filter = "(objectclass=*)";
-        String[] attrs = {"nsds5replicalastinitstatus"};
+        String[] attrs = { "nsds5replicalastinitstatus" };
         String status = null;
 
-        CMS.debug("DatabasePanel replicationStatus: dn: "+dn);
+        CMS.debug("DatabasePanel replicationStatus: dn: " + dn);
         try {
             LDAPSearchResults results = conn.search(dn, LDAPConnection.SCOPE_BASE, filter,
-              attrs, false);
+                    attrs, false);
 
             int count = results.getCount();
             if (count < 1) {
                 throw new IOException("Replication entry not found");
-            } 
+            }
 
             LDAPEntry entry = results.next();
             LDAPAttribute attr = entry.getAttribute("nsds5replicalastinitstatus");
             if (attr != null) {
                 Enumeration valsInAttr = attr.getStringValues();
                 if (valsInAttr.hasMoreElements()) {
-                    return  (String)valsInAttr.nextElement();
+                    return (String) valsInAttr.nextElement();
                 } else {
                     throw new IOException("No value returned for nsds5replicalastinitstatus");
                 }
@@ -1475,35 +1473,35 @@ public class DatabasePanel extends WizardPanelBase {
     }
 
     private String getInstanceDir(LDAPConnection conn) {
-        String instancedir="";
+        String instancedir = "";
         try {
             String filter = "(objectclass=*)";
-            String[] attrs = {"nsslapd-directory"};
+            String[] attrs = { "nsslapd-directory" };
             LDAPSearchResults results = conn.search("cn=config,cn=ldbm database,cn=plugins,cn=config", LDAPv3.SCOPE_SUB,
-              filter, attrs, false);
+                    filter, attrs, false);
 
             while (results.hasMoreElements()) {
                 LDAPEntry entry = results.next();
                 String dn = entry.getDN();
-                CMS.debug("DatabasePanel getInstanceDir: DN for storing nsslapd-directory: "+dn);
+                CMS.debug("DatabasePanel getInstanceDir: DN for storing nsslapd-directory: " + dn);
                 LDAPAttributeSet entryAttrs = entry.getAttributeSet();
                 Enumeration attrsInSet = entryAttrs.getAttributes();
                 while (attrsInSet.hasMoreElements()) {
-                    LDAPAttribute nextAttr = (LDAPAttribute)attrsInSet.nextElement();
+                    LDAPAttribute nextAttr = (LDAPAttribute) attrsInSet.nextElement();
                     String attrName = nextAttr.getName();
-                    CMS.debug("DatabasePanel getInstanceDir: attribute name: "+attrName);
+                    CMS.debug("DatabasePanel getInstanceDir: attribute name: " + attrName);
                     Enumeration valsInAttr = nextAttr.getStringValues();
-                    while ( valsInAttr.hasMoreElements() ) {
-                        String nextValue = (String)valsInAttr.nextElement();
+                    while (valsInAttr.hasMoreElements()) {
+                        String nextValue = (String) valsInAttr.nextElement();
                         if (attrName.equalsIgnoreCase("nsslapd-directory")) {
-                            CMS.debug("DatabasePanel getInstanceDir: instanceDir="+nextValue);
-                            return nextValue.substring(0,nextValue.lastIndexOf("/db"));
+                            CMS.debug("DatabasePanel getInstanceDir: instanceDir=" + nextValue);
+                            return nextValue.substring(0, nextValue.lastIndexOf("/db"));
                         }
                     }
                 }
             }
         } catch (LDAPException e) {
-            CMS.debug("DatabasePanel getInstanceDir: Error in retrieving the instance directory. Exception: "+e.toString());
+            CMS.debug("DatabasePanel getInstanceDir: Error in retrieving the instance directory. Exception: " + e.toString());
         }
 
         return instancedir;
diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/DatabaseServlet.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/DatabaseServlet.java
index d8fd7526..c44f6113 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/DatabaseServlet.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/DatabaseServlet.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.servlet.csadmin;
 
-
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
@@ -25,7 +24,6 @@ import org.apache.velocity.Template;
 import org.apache.velocity.app.Velocity;
 import org.apache.velocity.context.Context;
 
-
 public class DatabaseServlet extends BaseServlet {
 
     /**
diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/DisplayCertChainPanel.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/DisplayCertChainPanel.java
index 1e1b6dec..f0a995fe 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/DisplayCertChainPanel.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/DisplayCertChainPanel.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.servlet.csadmin;
 
-
 import java.io.IOException;
 import java.net.URLEncoder;
 import java.util.Locale;
@@ -42,25 +41,26 @@ import com.netscape.cmsutil.crypto.CryptoUtil;
 
 public class DisplayCertChainPanel extends WizardPanelBase {
 
-    public DisplayCertChainPanel() {}
+    public DisplayCertChainPanel() {
+    }
 
     /**
      * Initializes this panel.
      */
-    public void init(ServletConfig config, int panelno) 
-        throws ServletException {
+    public void init(ServletConfig config, int panelno)
+            throws ServletException {
         setPanelNo(panelno);
         setName("Display Certificate Chain");
     }
 
     public void init(WizardServlet servlet, ServletConfig config, int panelno, String id)
-        throws ServletException {
+            throws ServletException {
         setPanelNo(panelno);
         setName("Display Certificate Chain");
         setId(id);
     }
- 
-    public boolean isSubPanel() { 
+
+    public boolean isSubPanel() {
         return true;
     }
 
@@ -70,7 +70,7 @@ public class DisplayCertChainPanel extends WizardPanelBase {
 
     public PropertySet getUsage() {
         PropertySet set = new PropertySet();
-                                                                                
+
         return set;
     }
 
@@ -86,8 +86,8 @@ public class DisplayCertChainPanel extends WizardPanelBase {
         IConfigStore cs = CMS.getConfigStore();
         // if we are root, no need to get the certificate chain.
 
-        try { 
-            String select = cs.getString("securitydomain.select","");
+        try {
+            String select = cs.getString("securitydomain.select", "");
             String type = cs.getString("preop.subsystem.select", "");
             String hierarchy = cs.getString("preop.hierarchy.select", "");
 
@@ -117,7 +117,7 @@ public class DisplayCertChainPanel extends WizardPanelBase {
             Context context) {
         CMS.debug("DisplayCertChainPanel: display");
 
-        // update session id 
+        // update session id
         String session_id = request.getParameter("session_id");
         if (session_id != null) {
             CMS.debug("DisplayCertChainPanel setting session id.");
@@ -132,7 +132,8 @@ public class DisplayCertChainPanel extends WizardPanelBase {
 
         try {
             certchain_size = cs.getString(certChainConfigName, "");
-        } catch (Exception e) {}
+        } catch (Exception e) {
+        }
 
         int size = 0;
         Vector v = new Vector();
@@ -140,20 +141,22 @@ public class DisplayCertChainPanel extends WizardPanelBase {
         if (!certchain_size.equals("")) {
             try {
                 size = Integer.parseInt(certchain_size);
-            } catch (Exception e) {}         
+            } catch (Exception e) {
+            }
             for (int i = 0; i < size; i++) {
                 certChainConfigName = "preop." + type + ".certchain." + i;
                 try {
                     String c = cs.getString(certChainConfigName, "");
                     byte[] b_c = CryptoUtil.base64Decode(c);
                     CertPrettyPrint pp = new CertPrettyPrint(
-                            new X509CertImpl(b_c));                
+                            new X509CertImpl(b_c));
 
                     v.addElement(pp.toString(Locale.getDefault()));
-                } catch (Exception e) {}
+                } catch (Exception e) {
+                }
             }
         }
-       
+
         if (getId().equals("securitydomain")) {
             context.put("panelid", "securitydomain");
             context.put("panelname", "Security Domain Trust Verification");
@@ -184,7 +187,7 @@ public class DisplayCertChainPanel extends WizardPanelBase {
         importCertChain(getId());
 
         if (getId().equals("securitydomain")) {
-            int panel = getPanelNo()+1;
+            int panel = getPanelNo() + 1;
             IConfigStore cs = CMS.getConfigStore();
             try {
                 String sd_hostname = cs.getString("securitydomain.host", "");
@@ -192,23 +195,23 @@ public class DisplayCertChainPanel extends WizardPanelBase {
                 String cs_hostname = cs.getString("machineName", "");
                 int cs_port = cs.getInteger("pkicreate.admin_secure_port", -1);
                 String subsystem = cs.getString("cs.type", "");
-                String urlVal = "https://"+cs_hostname+":"+cs_port+"/"+toLowerCaseSubsystemType(subsystem)+"/admin/console/config/wizard?p="+panel+"&subsystem="+subsystem;
+                String urlVal = "https://" + cs_hostname + ":" + cs_port + "/" + toLowerCaseSubsystemType(subsystem) + "/admin/console/config/wizard?p=" + panel + "&subsystem=" + subsystem;
                 String encodedValue = URLEncoder.encode(urlVal, "UTF-8");
-                String sdurl =  "https://"+sd_hostname+":"+sd_port+"/ca/admin/ca/securityDomainLogin?url="+encodedValue;
+                String sdurl = "https://" + sd_hostname + ":" + sd_port + "/ca/admin/ca/securityDomainLogin?url=" + encodedValue;
                 response.sendRedirect(sdurl);
 
                 // The user previously specified the CA Security Domain's
                 // SSL Admin port in the "Security Domain Panel";
                 // now retrieve this specified CA Security Domain's
                 // non-SSL EE, SSL Agent, and SSL EE ports:
-                cs.putString( "securitydomain.httpport", 
-                              getSecurityDomainPort( cs, "UnSecurePort" ) );
-                cs.putString("securitydomain.httpsagentport", 
-                              getSecurityDomainPort( cs, "SecureAgentPort" ) );
-                cs.putString("securitydomain.httpseeport", 
-                              getSecurityDomainPort( cs, "SecurePort" ) );
+                cs.putString("securitydomain.httpport",
+                              getSecurityDomainPort(cs, "UnSecurePort"));
+                cs.putString("securitydomain.httpsagentport",
+                              getSecurityDomainPort(cs, "SecureAgentPort"));
+                cs.putString("securitydomain.httpseeport",
+                              getSecurityDomainPort(cs, "SecurePort"));
             } catch (Exception ee) {
-                CMS.debug("DisplayCertChainPanel Exception="+ee.toString());
+                CMS.debug("DisplayCertChainPanel Exception=" + ee.toString());
             }
         }
         context.put("updateStatus", "success");
diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/DisplayServlet.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/DisplayServlet.java
index 00871921..3bb8c73c 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/DisplayServlet.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/DisplayServlet.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.servlet.csadmin;
 
-
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
@@ -25,7 +24,6 @@ import org.apache.velocity.Template;
 import org.apache.velocity.app.Velocity;
 import org.apache.velocity.context.Context;
 
-
 public class DisplayServlet extends BaseServlet {
 
     /**
diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/DonePanel.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/DonePanel.java
index 9669ddb1..ed12465f 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/DonePanel.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/DonePanel.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.servlet.csadmin;
 
-
 import java.io.IOException;
 import java.math.BigInteger;
 import java.net.URLEncoder;
@@ -58,22 +57,23 @@ public class DonePanel extends WizardPanelBase {
     public static final BigInteger BIG_ZERO = new BigInteger("0");
     public static final Long MINUS_ONE = Long.valueOf(-1);
     public static final String RESTART_SERVER_AFTER_CONFIGURATION =
-        "restart_server_after_configuration";
+            "restart_server_after_configuration";
     public static final String PKI_SECURITY_DOMAIN = "pki_security_domain";
 
-    public DonePanel() {}
+    public DonePanel() {
+    }
 
     /**
      * Initializes this panel.
      */
-    public void init(ServletConfig config, int panelno) 
-        throws ServletException {
+    public void init(ServletConfig config, int panelno)
+            throws ServletException {
         setPanelNo(panelno);
         setName("Done");
     }
 
     public void init(WizardServlet servlet, ServletConfig config, int panelno, String id)
-        throws ServletException {
+            throws ServletException {
         setPanelNo(panelno);
         setName("Done");
         setId(id);
@@ -88,15 +88,14 @@ public class DonePanel extends WizardPanelBase {
 
     public PropertySet getUsage() {
         PropertySet set = new PropertySet();
-                                                                                
+
         /* XXX */
-                                                                                
+
         return set;
     }
 
     private LDAPConnection getLDAPConn(Context context)
-            throws IOException
-    {
+            throws IOException {
         IConfigStore cs = CMS.getConfigStore();
 
         String host = "";
@@ -112,8 +111,8 @@ public class DonePanel extends WizardPanelBase {
             pwd = pwdStore.getPassword("internaldb");
         }
 
-        if ( pwd == null) {
-           throw new IOException("DonePanel: Failed to obtain password from password store");
+        if (pwd == null) {
+            throw new IOException("DonePanel: Failed to obtain password from password store");
         }
 
         try {
@@ -138,11 +137,11 @@ public class DonePanel extends WizardPanelBase {
 
         LDAPConnection conn = null;
         if (security.equals("true")) {
-          CMS.debug("DonePanel getLDAPConn: creating secure (SSL) connection for internal ldap");
-          conn = new LDAPConnection(CMS.getLdapJssSSLSocketFactory());
+            CMS.debug("DonePanel getLDAPConn: creating secure (SSL) connection for internal ldap");
+            conn = new LDAPConnection(CMS.getLdapJssSSLSocketFactory());
         } else {
-          CMS.debug("DonePanel getLDAPConn: creating non-secure (non-SSL) connection for internal ldap");
-          conn = new LDAPConnection();
+            CMS.debug("DonePanel getLDAPConn: creating non-secure (non-SSL) connection for internal ldap");
+            conn = new LDAPConnection();
         }
 
         CMS.debug("DonePanel connecting to " + host + ":" + p);
@@ -153,10 +152,9 @@ public class DonePanel extends WizardPanelBase {
             throw new IOException("Failed to connect to the internal database.");
         }
 
-      return conn;
+        return conn;
     }
 
-
     /**
      * Display the panel.
      */
@@ -165,7 +163,7 @@ public class DonePanel extends WizardPanelBase {
             Context context) {
         CMS.debug("DonePanel: display()");
 
-        // update session id 
+        // update session id
         String session_id = request.getParameter("session_id");
         if (session_id != null) {
             CMS.debug("NamePanel setting session id.");
@@ -193,31 +191,32 @@ public class DonePanel extends WizardPanelBase {
             instanceRoot = cs.getString("instanceRoot");
             select = cs.getString("preop.subsystem.select", "");
             systemdService = cs.getString("pkicreate.systemd.servicename", "");
-        } catch (Exception e) {}
+        } catch (Exception e) {
+        }
 
         String initDaemon = "";
         if (type.equals("CA")) {
-			initDaemon = "pki-cad";
+            initDaemon = "pki-cad";
         } else if (type.equals("KRA")) {
-			initDaemon = "pki-krad";
+            initDaemon = "pki-krad";
         } else if (type.equals("OCSP")) {
-			initDaemon = "pki-ocspd";
+            initDaemon = "pki-ocspd";
         } else if (type.equals("TKS")) {
-			initDaemon = "pki-tksd";
+            initDaemon = "pki-tksd";
         }
-        String os = System.getProperty( "os.name" );
-        if( os.equalsIgnoreCase( "Linux" ) ) {
-            if (! systemdService.equals("")) {
-                context.put( "initCommand", "/bin/systemctl");
-                context.put( "instanceId", systemdService );
+        String os = System.getProperty("os.name");
+        if (os.equalsIgnoreCase("Linux")) {
+            if (!systemdService.equals("")) {
+                context.put("initCommand", "/bin/systemctl");
+                context.put("instanceId", systemdService);
             } else {
-                context.put( "initCommand", "/sbin/service " + initDaemon );
-                context.put( "instanceId", instanceId );
+                context.put("initCommand", "/sbin/service " + initDaemon);
+                context.put("instanceId", instanceId);
             }
         } else {
-            /* default case:  e. g. - ( os.equalsIgnoreCase( "SunOS" ) */
-            context.put( "initCommand", "/etc/init.d/" + initDaemon );
-            context.put( "instanceId", instanceId );
+            /* default case: e. g. - ( os.equalsIgnoreCase( "SunOS" ) */
+            context.put("initCommand", "/etc/init.d/" + initDaemon);
+            context.put("instanceId", instanceId);
         }
         context.put("title", "Done");
         context.put("panel", "admin/console/config/donepanel.vm");
@@ -233,7 +232,7 @@ public class DonePanel extends WizardPanelBase {
                 return;
             } else
                 context.put("csstate", "0");
-       
+
         } catch (Exception e) {
         }
 
@@ -280,11 +279,11 @@ public class DonePanel extends WizardPanelBase {
                 String basedn = cs.getString("internaldb.basedn");
                 String secdomain = cs.getString("securitydomain.name");
 
-                try {                
+                try {
                     // Create security domain ldap entry
                     String dn = "ou=Security Domain," + basedn;
                     CMS.debug("DonePanel: creating ldap entry : " + dn);
-                 
+
                     LDAPEntry entry = null;
                     LDAPAttributeSet attrs = null;
                     attrs = new LDAPAttributeSet();
@@ -305,10 +304,10 @@ public class DonePanel extends WizardPanelBase {
                     throw e;
                 }
 
-                try { 
+                try {
                     // create list containers
-                    String clist[] = {"CAList", "OCSPList", "KRAList", "RAList", "TKSList", "TPSList"};
-                    for (int i=0; i< clist.length; i++) {
+                    String clist[] = { "CAList", "OCSPList", "KRAList", "RAList", "TKSList", "TPSList" };
+                    for (int i = 0; i < clist.length; i++) {
                         LDAPEntry entry = null;
                         LDAPAttributeSet attrs = null;
                         String dn = "cn=" + clist[i] + ",ou=Security Domain," + basedn;
@@ -320,12 +319,12 @@ public class DonePanel extends WizardPanelBase {
                         conn.add(entry);
                     }
                 } catch (Exception e) {
-                    CMS.debug("Unable to create security domain list groups" );
+                    CMS.debug("Unable to create security domain list groups");
                     throw e;
-                }  
+                }
 
                 try {
-                    // Add this host (only CA can create new domain) 
+                    // Add this host (only CA can create new domain)
                     String cn = ownhost + ":" + ownadminsport;
                     String dn = "cn=" + cn + ",cn=CAList,ou=Security Domain," + basedn;
                     LDAPEntry entry = null;
@@ -340,8 +339,8 @@ public class DonePanel extends WizardPanelBase {
                     attrs.add(new LDAPAttribute("SecureAdminPort",
                               ownadminsport));
                     if (owneeclientauthsport != null) {
-                        attrs.add(new LDAPAttribute("SecureEEClientAuthPort", 
-                              owneeclientauthsport));
+                        attrs.add(new LDAPAttribute("SecureEEClientAuthPort",
+                                owneeclientauthsport));
                     }
                     attrs.add(new LDAPAttribute("UnSecurePort", ownport));
                     attrs.add(new LDAPAttribute("Clone", "FALSE"));
@@ -357,31 +356,32 @@ public class DonePanel extends WizardPanelBase {
                 CMS.debug("DonePanel display: finish updating domain info");
                 conn.disconnect();
             } catch (Exception e) {
-                CMS.debug("DonePanel display: "+e.toString());
+                CMS.debug("DonePanel display: " + e.toString());
             }
 
             int sd_admin_port_int = -1;
             try {
-                sd_admin_port_int = Integer.parseInt( sd_admin_port );
+                sd_admin_port_int = Integer.parseInt(sd_admin_port);
             } catch (Exception e) {
             }
 
             try {
                 // Fetch the "new" security domain and display it
-                CMS.debug( "Dump contents of new Security Domain . . ." );
-                String c = getDomainXML( sd_host, sd_admin_port_int, true );
-            } catch( Exception e ) {}
+                CMS.debug("Dump contents of new Security Domain . . .");
+                String c = getDomainXML(sd_host, sd_admin_port_int, true);
+            } catch (Exception e) {
+            }
 
             // Since this instance is a new Security Domain,
             // create an empty file to designate this fact.
             String security_domain = instanceRoot + "/conf/"
                                    + PKI_SECURITY_DOMAIN;
-            if( !Utils.isNT() ) {
-                Utils.exec( "touch " + security_domain );
-                Utils.exec( "chmod 00660 " + security_domain );
+            if (!Utils.isNT()) {
+                Utils.exec("touch " + security_domain);
+                Utils.exec("chmod 00660 " + security_domain);
             }
 
-        } else { //existing domain
+        } else { // existing domain
             int sd_agent_port_int = -1;
             int sd_admin_port_int = -1;
             try {
@@ -398,34 +398,34 @@ public class DonePanel extends WizardPanelBase {
                     cloneStr = "&clone=false";
 
                 String domainMasterStr = "";
-                if (cloneMaster) 
+                if (cloneMaster)
                     domainMasterStr = "&dm=true";
-                else 
-                    domainMasterStr = "&dm=false"; 
+                else
+                    domainMasterStr = "&dm=false";
                 String eecaStr = "";
-                if (owneeclientauthsport != null) 
-                    eecaStr="&eeclientauthsport=" + owneeclientauthsport;
+                if (owneeclientauthsport != null)
+                    eecaStr = "&eeclientauthsport=" + owneeclientauthsport;
 
-                updateDomainXML( sd_host, sd_agent_port_int, true,
-                                 "/ca/agent/ca/updateDomainXML", 
+                updateDomainXML(sd_host, sd_agent_port_int, true,
+                                 "/ca/agent/ca/updateDomainXML",
                                  "list=" + s
-                               + "&type=" + type
-                               + "&host=" + ownhost
-                               + "&name=" + subsystemName
-                               + "&sport=" + ownsport
-                               + domainMasterStr 
-                               + cloneStr
-                               + "&agentsport=" + ownagentsport
-                               + "&adminsport=" + ownadminsport
-                               + eecaStr 
-                               + "&httpport=" + ownport );
+                                         + "&type=" + type
+                                         + "&host=" + ownhost
+                                         + "&name=" + subsystemName
+                                         + "&sport=" + ownsport
+                                         + domainMasterStr
+                                         + cloneStr
+                                         + "&agentsport=" + ownagentsport
+                                         + "&adminsport=" + ownadminsport
+                                         + eecaStr
+                                         + "&httpport=" + ownport);
 
                 // Fetch the "updated" security domain and display it
-                CMS.debug( "Dump contents of updated Security Domain . . ." );
-                String c = getDomainXML( sd_host, sd_admin_port_int, true );
+                CMS.debug("Dump contents of updated Security Domain . . .");
+                String c = getDomainXML(sd_host, sd_admin_port_int, true);
             } catch (Exception e) {
                 context.put("errorString", "Failed to update the security domain on the domain master.");
-                //return;
+                // return;
             }
         }
 
@@ -439,7 +439,6 @@ public class DonePanel extends WizardPanelBase {
             CMS.debug("DonePanel: exception in adding service.securityDomainPort to CS.cfg" + e);
         }
 
-
         // need to push connector information to the CA
         if (type.equals("KRA") && !ca_host.equals("")) {
             try {
@@ -469,7 +468,7 @@ public class DonePanel extends WizardPanelBase {
 
             setupClientAuthUser();
         }
-        
+
         if (!select.equals("clone")) {
             if (type.equals("CA") || type.equals("KRA")) {
                 String beginRequestNumStr = "";
@@ -478,7 +477,7 @@ public class DonePanel extends WizardPanelBase {
                 String endSerialNumStr = "";
                 String requestIncStr = "";
                 String serialIncStr = "";
-              
+
                 try {
                     endRequestNumStr = cs.getString("dbs.endRequestNumber", "");
                     endSerialNumStr = cs.getString("dbs.endSerialNumber", "");
@@ -495,25 +494,26 @@ public class DonePanel extends WizardPanelBase {
                         serialdn = "ou=certificateRepository,ou=" + type.toLowerCase() + "," + basedn;
                     } else {
                         serialdn = "ou=keyRepository,ou=" + type.toLowerCase() + "," + basedn;
-                    } 
-                    LDAPAttribute attrSerialNextRange = new LDAPAttribute( "nextRange", endSerialNum.add(oneNum).toString());
-                    LDAPModification serialmod = new LDAPModification( LDAPModification.REPLACE, attrSerialNextRange );
-                    conn.modify( serialdn, serialmod );
+                    }
+                    LDAPAttribute attrSerialNextRange = new LDAPAttribute("nextRange", endSerialNum.add(oneNum).toString());
+                    LDAPModification serialmod = new LDAPModification(LDAPModification.REPLACE, attrSerialNextRange);
+                    conn.modify(serialdn, serialmod);
 
                     String requestdn = "ou=" + type.toLowerCase() + ",ou=requests," + basedn;
-                    LDAPAttribute attrRequestNextRange = new LDAPAttribute( "nextRange", endRequestNum.add(oneNum).toString());
-                    LDAPModification requestmod = new LDAPModification( LDAPModification.REPLACE, attrRequestNextRange );
-                    conn.modify( requestdn, requestmod );      
+                    LDAPAttribute attrRequestNextRange = new LDAPAttribute("nextRange", endRequestNum.add(oneNum).toString());
+                    LDAPModification requestmod = new LDAPModification(LDAPModification.REPLACE, attrRequestNextRange);
+                    conn.modify(requestdn, requestmod);
 
-                    conn.disconnect();            
+                    conn.disconnect();
                 } catch (Exception e) {
                     CMS.debug("Unable to update global next range numbers: " + e);
-                } 
+                }
             }
-        } 
+        }
 
         if (cloneMaster) {
-            // cloning a domain master CA, the clone is also master of its domain
+            // cloning a domain master CA, the clone is also master of its
+            // domain
             try {
                 cs.putString("securitydomain.host", ownhost);
                 cs.putString("securitydomain.httpport", ownport);
@@ -550,24 +550,30 @@ public class DonePanel extends WizardPanelBase {
 
             // more cloning variables needed for non-ca clones
 
-            if (! type.equals("CA")) {
+            if (!type.equals("CA")) {
                 String val = cs.getString("preop.ca.hostname", "");
-                if (val.compareTo("") != 0) cs.putString("cloning.ca.hostname", val);
+                if (val.compareTo("") != 0)
+                    cs.putString("cloning.ca.hostname", val);
 
                 val = cs.getString("preop.ca.httpport", "");
-                if (val.compareTo("") != 0) cs.putString("cloning.ca.httpport", val);
+                if (val.compareTo("") != 0)
+                    cs.putString("cloning.ca.httpport", val);
 
-                val =  cs.getString("preop.ca.httpsport", "");
-                if (val.compareTo("") != 0) cs.putString("cloning.ca.httpsport", val);
+                val = cs.getString("preop.ca.httpsport", "");
+                if (val.compareTo("") != 0)
+                    cs.putString("cloning.ca.httpsport", val);
 
                 val = cs.getString("preop.ca.list", "");
-                if (val.compareTo("") != 0) cs.putString("cloning.ca.list", val);
+                if (val.compareTo("") != 0)
+                    cs.putString("cloning.ca.list", val);
 
                 val = cs.getString("preop.ca.pkcs7", "");
-                if (val.compareTo("") != 0) cs.putString("cloning.ca.pkcs7", val);
+                if (val.compareTo("") != 0)
+                    cs.putString("cloning.ca.pkcs7", val);
 
                 val = cs.getString("preop.ca.type", "");
-                if (val.compareTo("") != 0) cs.putString("cloning.ca.type", val);
+                if (val.compareTo("") != 0)
+                    cs.putString("cloning.ca.type", val);
             }
 
             // save EC type for sslserver cert (if present)
@@ -581,9 +587,9 @@ public class DonePanel extends WizardPanelBase {
             // been restarted!
             String restart_server = instanceRoot + "/conf/"
                                   + RESTART_SERVER_AFTER_CONFIGURATION;
-            if( !Utils.isNT() ) {
-                Utils.exec( "touch " + restart_server );
-                Utils.exec( "chmod 00660 " + restart_server );
+            if (!Utils.isNT()) {
+                Utils.exec("touch " + restart_server);
+                Utils.exec("chmod 00660 " + restart_server);
             }
 
         } catch (Exception e) {
@@ -593,13 +599,12 @@ public class DonePanel extends WizardPanelBase {
         context.put("csstate", "1");
     }
 
-    private void setupClientAuthUser()
-    {
+    private void setupClientAuthUser() {
         IConfigStore cs = CMS.getConfigStore();
 
         // retrieve CA subsystem certificate from the CA
         IUGSubsystem system =
-          (IUGSubsystem) (CMS.getSubsystem(IUGSubsystem.ID));
+                (IUGSubsystem) (CMS.getSubsystem(IUGSubsystem.ID));
         String id = "";
         try {
             String b64 = getCASubsystemCert();
@@ -640,9 +645,8 @@ public class DonePanel extends WizardPanelBase {
         }
     }
 
-
-    private void updateOCSPConfig(HttpServletResponse response) 
-      throws IOException {
+    private void updateOCSPConfig(HttpServletResponse response)
+            throws IOException {
         IConfigStore config = CMS.getConfigStore();
         String cahost = "";
         int caport = -1;
@@ -661,7 +665,7 @@ public class DonePanel extends WizardPanelBase {
         int ocspport = Integer.parseInt(CMS.getAgentPort());
         int ocspagentport = Integer.parseInt(CMS.getAgentPort());
         String session_id = CMS.getConfigSDSessionId();
-        String content = "xmlOutput=true&sessionID="+session_id+"&ocsp_host="+ocsphost+"&ocsp_port="+ocspport;
+        String content = "xmlOutput=true&sessionID=" + session_id + "&ocsp_host=" + ocsphost + "&ocsp_port=" + ocspport;
 
         updateOCSPConfig(cahost, caport, true, content, response);
     }
@@ -675,7 +679,7 @@ public class DonePanel extends WizardPanelBase {
 
             if (b64.equals(""))
                 throw new IOException("Failed to get certificate chain.");
-  
+
             try {
                 // this could be a chain
                 X509Certificate[] certs = Cert.mapCertFromPKCS7(b64);
@@ -686,9 +690,9 @@ public class DonePanel extends WizardPanelBase {
                     } else {
                         leafCert = certs[0];
                     }
- 
-                    IOCSPAuthority ocsp = 
-                      (IOCSPAuthority)CMS.getSubsystem(IOCSPAuthority.ID);
+
+                    IOCSPAuthority ocsp =
+                            (IOCSPAuthority) CMS.getSubsystem(IOCSPAuthority.ID);
                     IDefStore defStore = ocsp.getDefaultStore();
 
                     // (1) need to normalize (sort) the chain
@@ -696,9 +700,9 @@ public class DonePanel extends WizardPanelBase {
                     // (2) store certificate (and certificate chain) into
                     // database
                     ICRLIssuingPointRecord rec = defStore.createCRLIssuingPointRecord(
-                      leafCert.getSubjectDN().getName(),
-                      BIG_ZERO,
-                      MINUS_ONE, null, null);
+                            leafCert.getSubjectDN().getName(),
+                            BIG_ZERO,
+                            MINUS_ONE, null, null);
 
                     try {
                         rec.set(ICRLIssuingPointRecord.ATTR_CA_CERT, leafCert.getEncoded());
@@ -706,7 +710,9 @@ public class DonePanel extends WizardPanelBase {
                         // error
                     }
                     defStore.addCRLIssuingPoint(leafCert.getSubjectDN().getName(), rec);
-                    //log(ILogger.EV_AUDIT, AuditFormat.LEVEL, "Added CA certificate " + leafCert.getSubjectDN().getName());
+                    // log(ILogger.EV_AUDIT, AuditFormat.LEVEL,
+                    // "Added CA certificate " +
+                    // leafCert.getSubjectDN().getName());
 
                     CMS.debug("DonePanel importCACertToOCSP: Added CA certificate.");
                 }
@@ -748,7 +754,7 @@ public class DonePanel extends WizardPanelBase {
     }
 
     private void updateConnectorInfo(String ownagenthost, String ownagentsport)
-      throws IOException {
+            throws IOException {
         IConfigStore cs = CMS.getConfigStore();
         int port = -1;
         String url = "";
@@ -757,21 +763,21 @@ public class DonePanel extends WizardPanelBase {
         try {
             url = cs.getString("preop.ca.url", "");
             if (!url.equals("")) {
-              host = cs.getString("preop.ca.hostname", "");
-              port = cs.getInteger("preop.ca.httpsadminport", -1);
-              transportCert = cs.getString("kra.transport.cert", "");
+                host = cs.getString("preop.ca.hostname", "");
+                port = cs.getInteger("preop.ca.httpsadminport", -1);
+                transportCert = cs.getString("kra.transport.cert", "");
             }
         } catch (Exception e) {
         }
 
         if (host == null) {
-          CMS.debug("DonePanel: preop.ca.url is not defined. External CA selected. No transport certificate setup is required");
+            CMS.debug("DonePanel: preop.ca.url is not defined. External CA selected. No transport certificate setup is required");
         } else {
-          CMS.debug("DonePanel: Transport certificate is being setup in " + url);
-          String session_id = CMS.getConfigSDSessionId();
-          String content = "ca.connector.KRA.enable=true&ca.connector.KRA.local=false&ca.connector.KRA.timeout=30&ca.connector.KRA.uri=/kra/agent/kra/connector&ca.connector.KRA.host="+ownagenthost+"&ca.connector.KRA.port="+ownagentsport+"&ca.connector.KRA.transportCert="+URLEncoder.encode(transportCert)+"&sessionID="+session_id; 
+            CMS.debug("DonePanel: Transport certificate is being setup in " + url);
+            String session_id = CMS.getConfigSDSessionId();
+            String content = "ca.connector.KRA.enable=true&ca.connector.KRA.local=false&ca.connector.KRA.timeout=30&ca.connector.KRA.uri=/kra/agent/kra/connector&ca.connector.KRA.host=" + ownagenthost + "&ca.connector.KRA.port=" + ownagentsport + "&ca.connector.KRA.transportCert=" + URLEncoder.encode(transportCert) + "&sessionID=" + session_id;
 
-          updateConnectorInfo(host, port, true, content);
+            updateConnectorInfo(host, port, true, content);
         }
     }
 
@@ -802,12 +808,14 @@ public class DonePanel extends WizardPanelBase {
      */
     public void update(HttpServletRequest request,
             HttpServletResponse response,
-            Context context) throws IOException {}
+            Context context) throws IOException {
+    }
 
     /**
      * If validiate() returns false, this method will be called.
      */
     public void displayError(HttpServletRequest request,
             HttpServletResponse response,
-            Context context) {/* This should never be called */}
+            Context context) {/* This should never be called */
+    }
 }
diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/DownloadPKCS12.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/DownloadPKCS12.java
index 9d7fc22a..25332d86 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/DownloadPKCS12.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/DownloadPKCS12.java
@@ -50,6 +50,7 @@ public class DownloadPKCS12 extends CMSServlet {
 
     /**
      * initialize the servlet.
+     * 
      * @param sc servlet configuration, read from the web.xml file
      */
     public void init(ServletConfig sc) throws ServletException {
@@ -59,7 +60,7 @@ public class DownloadPKCS12 extends CMSServlet {
     }
 
     /**
-     * Process the HTTP request. 
+     * Process the HTTP request.
      */
     protected void process(CMSRequest cmsReq) throws EBaseException {
         CMS.debug("DownloadPKCS12: processing...");
@@ -70,7 +71,7 @@ public class DownloadPKCS12 extends CMSServlet {
         mRenderResult = false;
 
         // check the pin from the session
-        String pin = (String)httpReq.getSession().getAttribute("pin");
+        String pin = (String) httpReq.getSession().getAttribute("pin");
         if (pin == null) {
             CMS.debug("DownloadPKCS12 process: Failed to get the pin from the cookie.");
             outputError(httpResp, AUTH_FAILURE, "Error: Not authenticated");
@@ -101,18 +102,27 @@ public class DownloadPKCS12 extends CMSServlet {
             httpResp.getOutputStream().write(pkcs12);
             return;
         } catch (Exception e) {
-            CMS.debug("DownloadPKCS12 process: Exception="+e.toString());
+            CMS.debug("DownloadPKCS12 process: Exception=" + e.toString());
         }
     }
 
-    protected void setDefaultTemplates(ServletConfig sc) {}
+    protected void setDefaultTemplates(ServletConfig sc) {
+    }
 
     protected void renderTemplate(
             CMSRequest cmsReq, String templateName, ICMSTemplateFiller filler)
-        throws IOException {// do nothing
-    } 
+            throws IOException {// do nothing
+    }
 
-    protected void renderResult(CMSRequest cmsReq) throws IOException {// do nothing, ie, it will not return the default javascript.
+    protected void renderResult(CMSRequest cmsReq) throws IOException {// do
+                                                                       // nothing,
+                                                                       // ie, it
+                                                                       // will
+                                                                       // not
+                                                                       // return
+                                                                       // the
+                                                                       // default
+                                                                       // javascript.
     }
 
     /**
diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetCertChain.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetCertChain.java
index 87cb7a7c..452ead98 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetCertChain.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetCertChain.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.servlet.csadmin;
 
-
 import java.io.ByteArrayOutputStream;
 import java.io.IOException;
 import java.util.Locale;
@@ -40,7 +39,6 @@ import com.netscape.cms.servlet.base.UserInfo;
 import com.netscape.cms.servlet.common.CMSRequest;
 import com.netscape.cmsutil.xml.XMLObject;
 
-
 public class GetCertChain extends CMSServlet {
 
     /**
@@ -56,6 +54,7 @@ public class GetCertChain extends CMSServlet {
 
     /**
      * initialize the servlet.
+     * 
      * @param sc servlet configuration, read from the web.xml file
      */
     public void init(ServletConfig sc) throws ServletException {
@@ -63,11 +62,13 @@ public class GetCertChain extends CMSServlet {
     }
 
     /**
-     * Process the HTTP request. 
+     * Process the HTTP request.
      * <ul>
      * <li>http.param op 'downloadBIN' - return the binary certificate chain
-     * <li>http.param op 'displayIND' - display pretty-print of certificate chain components
+     * <li>http.param op 'displayIND' - display pretty-print of certificate
+     * chain components
      * </ul>
+     * 
      * @param cmsReq the object holding the request and response information
      */
     protected void process(CMSRequest cmsReq) throws EBaseException {
@@ -95,7 +96,7 @@ public class GetCertChain extends CMSServlet {
         } catch (IOException e) {
             log(ILogger.LL_FAILURE,
                     CMS.getLogMessage("CMSGW_ERROR_ENCODING_CA_CHAIN_1",
-                    e.toString()));
+                            e.toString()));
             outputError(httpResp,
                     "Error: Failed to encode the certificate chain");
         }
@@ -121,7 +122,15 @@ public class GetCertChain extends CMSServlet {
         }
     }
 
-    protected void renderResult(CMSRequest cmsReq) throws IOException {// do nothing, ie, it will not return the default javascript.
+    protected void renderResult(CMSRequest cmsReq) throws IOException {// do
+                                                                       // nothing,
+                                                                       // ie, it
+                                                                       // will
+                                                                       // not
+                                                                       // return
+                                                                       // the
+                                                                       // default
+                                                                       // javascript.
     }
 
     /**
diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetConfigEntries.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetConfigEntries.java
index c1010b46..456bf6c1 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetConfigEntries.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetConfigEntries.java
@@ -59,6 +59,7 @@ public class GetConfigEntries extends CMSServlet {
 
     /**
      * initialize the servlet.
+     * 
      * @param sc servlet configuration, read from the web.xml file
      */
     public void init(ServletConfig sc) throws ServletException {
@@ -67,11 +68,13 @@ public class GetConfigEntries extends CMSServlet {
     }
 
     /**
-     * Process the HTTP request. 
+     * Process the HTTP request.
      * <ul>
      * <li>http.param op 'downloadBIN' - return the binary certificate chain
-     * <li>http.param op 'displayIND' - display pretty-print of certificate chain components
+     * <li>http.param op 'displayIND' - display pretty-print of certificate
+     * chain components
      * </ul>
+     * 
      * @param cmsReq the object holding the request and response information
      */
     protected void process(CMSRequest cmsReq) throws EBaseException {
@@ -84,12 +87,12 @@ public class GetConfigEntries extends CMSServlet {
             authToken = authenticate(cmsReq);
         } catch (Exception e) {
             CMS.debug("GetConfigEntries authentication failed");
-            log(ILogger.LL_FAILURE, 
+            log(ILogger.LL_FAILURE,
                     CMS.getLogMessage("CMSGW_ERR_BAD_SERV_OUT_STREAM", "",
-                    e.toString()));
+                            e.toString()));
             outputError(httpResp, AUTH_FAILURE, "Error: Not authenticated");
             return;
-        } 
+        }
 
         // Construct an ArgBlock
         IArgBlock args = cmsReq.getHttpParams();
@@ -104,32 +107,32 @@ public class GetConfigEntries extends CMSServlet {
         try {
             xmlObj = new XMLObject();
         } catch (Exception e) {
-            CMS.debug("GetConfigEntries process: Exception: "+e.toString());
-            throw new EBaseException( e.toString() );
+            CMS.debug("GetConfigEntries process: Exception: " + e.toString());
+            throw new EBaseException(e.toString());
         }
 
         Node root = xmlObj.createRoot("XMLResponse");
         AuthzToken authzToken = null;
 
         try {
-           authzToken = authorize(mAclMethod, authToken, mAuthzResourceName, 
+            authzToken = authorize(mAclMethod, authToken, mAuthzResourceName,
                     "read");
         } catch (EAuthzAccessDenied e) {
-                log(ILogger.LL_FAILURE,
+            log(ILogger.LL_FAILURE,
                     CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
-                outputError(httpResp, "Error: Not authorized");
-                return;
+            outputError(httpResp, "Error: Not authorized");
+            return;
         } catch (Exception e) {
-                log(ILogger.LL_FAILURE,
+            log(ILogger.LL_FAILURE,
                     CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
-                outputError(httpResp,
+            outputError(httpResp,
                     "Error: Encountered problem during authorization.");
-                return;
+            return;
         }
 
         if (authzToken == null) {
-                outputError(httpResp, "Error: Not authorized");
-                return;
+            outputError(httpResp, "Error: Not authorized");
+            return;
         }
 
         if (op != null) {
@@ -140,9 +143,9 @@ public class GetConfigEntries extends CMSServlet {
                 String name1 = t.nextToken();
                 IConfigStore cs = config.getSubStore(name1);
                 Enumeration enum1 = cs.getPropertyNames();
-             
+
                 while (enum1.hasMoreElements()) {
-                    String name = name1+"."+enum1.nextElement();
+                    String name = name1 + "." + enum1.nextElement();
                     try {
                         String value = config.getString(name);
                         Node container = xmlObj.createContainer(root, "Config");
@@ -171,10 +174,10 @@ public class GetConfigEntries extends CMSServlet {
                         value = getLDAPPassword();
                     } else if (name.equals("internaldb.replication.password")) {
                         value = getReplicationPassword();
-                    } else 
+                    } else
                         continue;
                 }
-             
+
                 Node container = xmlObj.createContainer(root, "Config");
                 xmlObj.addItemToContainer(container, "name", name);
                 xmlObj.addItemToContainer(container, "value", value);
@@ -208,7 +211,15 @@ public class GetConfigEntries extends CMSServlet {
         return locale;
     }
 
-    protected void renderResult(CMSRequest cmsReq) throws IOException {// do nothing, ie, it will not return the default javascript.
+    protected void renderResult(CMSRequest cmsReq) throws IOException {// do
+                                                                       // nothing,
+                                                                       // ie, it
+                                                                       // will
+                                                                       // not
+                                                                       // return
+                                                                       // the
+                                                                       // default
+                                                                       // javascript.
     }
 
     private String getLDAPPassword() {
diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetCookie.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetCookie.java
index 74edda79..daa60911 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetCookie.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetCookie.java
@@ -45,7 +45,6 @@ import com.netscape.cms.servlet.common.CMSTemplate;
 import com.netscape.cms.servlet.common.CMSTemplateParams;
 import com.netscape.cms.servlet.common.ECMSGWException;
 
-
 public class GetCookie extends CMSServlet {
 
     /**
@@ -58,9 +57,9 @@ public class GetCookie extends CMSServlet {
     private String mFormPath = null;
 
     private final static String LOGGING_SIGNED_AUDIT_SECURITY_DOMAIN_UPDATE =
-        "LOGGING_SIGNED_AUDIT_SECURITY_DOMAIN_UPDATE_1";
+            "LOGGING_SIGNED_AUDIT_SECURITY_DOMAIN_UPDATE_1";
     private final static String LOGGING_SIGNED_AUDIT_ROLE_ASSUME =
-        "LOGGING_SIGNED_AUDIT_ROLE_ASSUME_3";
+            "LOGGING_SIGNED_AUDIT_ROLE_ASSUME_3";
 
     public GetCookie() {
         super();
@@ -68,6 +67,7 @@ public class GetCookie extends CMSServlet {
 
     /**
      * initialize the servlet.
+     * 
      * @param sc servlet configuration, read from the web.xml file
      */
     public void init(ServletConfig sc) throws ServletException {
@@ -78,12 +78,13 @@ public class GetCookie extends CMSServlet {
         mRandom = new Random();
         mErrorFormPath = sc.getInitParameter("errorTemplatePath");
         if (mOutputTemplatePath != null) {
-          mFormPath = mOutputTemplatePath;
+            mFormPath = mOutputTemplatePath;
         }
     }
 
     /**
-     * Process the HTTP request. 
+     * Process the HTTP request.
+     * 
      * @param cmsReq the object holding the request and response information
      */
     protected void process(CMSRequest cmsReq) throws EBaseException {
@@ -100,14 +101,14 @@ public class GetCookie extends CMSServlet {
         }
 
         IArgBlock header = CMS.createArgBlock();
-        IArgBlock ctx = CMS.createArgBlock(); 
+        IArgBlock ctx = CMS.createArgBlock();
         CMSTemplateParams argSet = new CMSTemplateParams(header, ctx);
 
         CMSTemplate form = null;
         Locale[] locale = new Locale[1];
 
         String url = httpReq.getParameter("url");
-        CMS.debug("GetCookie before auth, url ="+url);
+        CMS.debug("GetCookie before auth, url =" + url);
         String url_e = "";
         URL u = null;
         try {
@@ -115,13 +116,13 @@ public class GetCookie extends CMSServlet {
             u = new URL(url_e);
         } catch (Exception eee) {
             throw new ECMSGWException(
-                  "GetCookie missing parameter: url");
+                    "GetCookie missing parameter: url");
         }
 
         int index2 = url_e.indexOf("subsystem=");
         String subsystem = "";
         if (index2 > 0) {
-            subsystem = url.substring(index2+10);
+            subsystem = url.substring(index2 + 10);
             int index1 = subsystem.indexOf("&");
             if (index1 > 0)
                 subsystem = subsystem.substring(0, index1);
@@ -131,9 +132,9 @@ public class GetCookie extends CMSServlet {
             authToken = authenticate(cmsReq);
         } catch (Exception e) {
             CMS.debug("GetCookie authentication failed");
-            log(ILogger.LL_FAILURE, 
+            log(ILogger.LL_FAILURE,
                     CMS.getLogMessage("CMSGW_ERR_BAD_SERV_OUT_STREAM", "",
-                    e.toString()));
+                            e.toString()));
             header.addStringValue("sd_uid", "");
             header.addStringValue("sd_pwd", "");
             header.addStringValue("host", u.getHost());
@@ -149,17 +150,17 @@ public class GetCookie extends CMSServlet {
                 form = getTemplate(mErrorFormPath, httpReq, locale);
             } catch (IOException eee) {
                 CMS.debug("GetCookie process: cant locate the form");
-/*
-                log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", e.toString()));
-                throw new ECMSGWException(
-                  CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
-*/
-            }   
+                /*
+                 * log(ILogger.LL_FAILURE,
+                 * CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", e.toString()));
+                 * throw new ECMSGWException(
+                 * CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
+                 */
+            }
 
-            if( form == null ) {
+            if (form == null) {
                 CMS.debug("GetCookie::process() - form is null!");
-                throw new EBaseException( "form is null" );
+                throw new EBaseException("form is null");
             }
 
             try {
@@ -170,16 +171,16 @@ public class GetCookie extends CMSServlet {
                 form.renderOutput(out, argSet);
             } catch (IOException ee) {
                 log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("CMSGW_ERR_OUT_STREAM_TEMPLATE", ee.toString()));
-                    throw new ECMSGWException(
-                      CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
+                        CMS.getLogMessage("CMSGW_ERR_OUT_STREAM_TEMPLATE", ee.toString()));
+                throw new ECMSGWException(
+                        CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
             }
             return;
-        } 
+        }
 
         String cookie = "";
         String auditMessage = "";
-       
+
         if (authToken != null) {
             String uid = authToken.getInString("uid");
             String groupname = getGroupName(uid, subsystem);
@@ -195,7 +196,7 @@ public class GetCookie extends CMSServlet {
 
                 // assign cookie
                 long num = mRandom.nextLong();
-                cookie = num+"";
+                cookie = num + "";
                 ISecurityDomainSessionTable ctable = CMS.getSecurityDomainSessionTable();
                 String addr = "";
                 try {
@@ -207,11 +208,11 @@ public class GetCookie extends CMSServlet {
                     ip = InetAddress.getByName(addr).toString();
                     int index = ip.indexOf("/");
                     if (index > 0)
-                        ip = ip.substring(index+1);
+                        ip = ip.substring(index + 1);
                 } catch (Exception e) {
                 }
 
-                String auditParams = "operation;;issue_token+token;;"+ cookie + "+ip;;" + ip +
+                String auditParams = "operation;;issue_token+token;;" + cookie + "+ip;;" + ip +
                               "+uid;;" + uid + "+groupname;;" + groupname;
 
                 int status = ctable.addEntry(cookie, ip, uid, groupname);
@@ -232,18 +233,19 @@ public class GetCookie extends CMSServlet {
                 }
 
                 try {
-                    String sd_url = "https://"+CMS.getEESSLHost()+":"+CMS.getEESSLPort();
+                    String sd_url = "https://" + CMS.getEESSLHost() + ":" + CMS.getEESSLPort();
                     if (!url.startsWith("$")) {
                         try {
                             form = getTemplate(mFormPath, httpReq, locale);
                         } catch (IOException e) {
                             CMS.debug("GetCookie process: cant locate the form");
-/*
-                            log(ILogger.LL_FAILURE,
-                              CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", e.toString()));
-                            throw new ECMSGWException(
-                              CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
-*/
+                            /*
+                             * log(ILogger.LL_FAILURE,
+                             * CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE",
+                             * e.toString())); throw new ECMSGWException(
+                             * CMS.getUserMessage
+                             * ("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
+                             */
                         }
 
                         header.addStringValue("url", url);
@@ -254,13 +256,13 @@ public class GetCookie extends CMSServlet {
                             ServletOutputStream out = httpResp.getOutputStream();
 
                             cmsReq.setStatus(CMSRequest.SUCCESS);
-							httpResp.setContentType("text/html");
-							form.renderOutput(out, argSet);
+                            httpResp.setContentType("text/html");
+                            form.renderOutput(out, argSet);
                         } catch (IOException e) {
                             log(ILogger.LL_FAILURE,
-                                CMS.getLogMessage("CMSGW_ERR_OUT_STREAM_TEMPLATE", e.toString()));
+                                    CMS.getLogMessage("CMSGW_ERR_OUT_STREAM_TEMPLATE", e.toString()));
                             throw new ECMSGWException(
-                              CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
+                                    CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
                         }
                     }
                 } catch (Exception e) {
@@ -278,25 +280,25 @@ public class GetCookie extends CMSServlet {
 
     private String getGroupName(String uid, String subsystemname) {
         String groupname = "";
-        IUGSubsystem subsystem = 
-          (IUGSubsystem)(CMS.getSubsystem(IUGSubsystem.ID)); 
-        if (subsystem.isMemberOf(uid, "Enterprise CA Administrators") && 
-          subsystemname.equals("CA")) {
+        IUGSubsystem subsystem =
+                (IUGSubsystem) (CMS.getSubsystem(IUGSubsystem.ID));
+        if (subsystem.isMemberOf(uid, "Enterprise CA Administrators") &&
+                subsystemname.equals("CA")) {
             return "Enterprise CA Administrators";
         } else if (subsystem.isMemberOf(uid, "Enterprise KRA Administrators") &&
-          subsystemname.equals("KRA")) {
+                subsystemname.equals("KRA")) {
             return "Enterprise KRA Administrators";
         } else if (subsystem.isMemberOf(uid, "Enterprise OCSP Administrators") &&
-          subsystemname.equals("OCSP")) {
+                subsystemname.equals("OCSP")) {
             return "Enterprise OCSP Administrators";
         } else if (subsystem.isMemberOf(uid, "Enterprise TKS Administrators") &&
-          subsystemname.equals("TKS")) {
+                subsystemname.equals("TKS")) {
             return "Enterprise TKS Administrators";
         } else if (subsystem.isMemberOf(uid, "Enterprise RA Administrators") &&
-          subsystemname.equals("RA")) {
+                subsystemname.equals("RA")) {
             return "Enterprise RA Administrators";
         } else if (subsystem.isMemberOf(uid, "Enterprise TPS Administrators") &&
-          subsystemname.equals("TPS")) {
+                subsystemname.equals("TPS")) {
             return "Enterprise TPS Administrators";
         }
 
diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetDomainXML.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetDomainXML.java
index f9e6c70e..d983e4a1 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetDomainXML.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetDomainXML.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.servlet.csadmin;
 
-
 import java.io.FileInputStream;
 import java.io.IOException;
 import java.util.Enumeration;
@@ -48,7 +47,6 @@ import com.netscape.cms.servlet.common.CMSRequest;
 import com.netscape.cms.servlet.common.ICMSTemplateFiller;
 import com.netscape.cmsutil.xml.XMLObject;
 
-
 public class GetDomainXML extends CMSServlet {
 
     /**
@@ -64,6 +62,7 @@ public class GetDomainXML extends CMSServlet {
 
     /**
      * initialize the servlet.
+     * 
      * @param sc servlet configuration, read from the web.xml file
      */
     public void init(ServletConfig sc) throws ServletException {
@@ -73,11 +72,13 @@ public class GetDomainXML extends CMSServlet {
     }
 
     /**
-     * Process the HTTP request. 
+     * Process the HTTP request.
      * <ul>
      * <li>http.param op 'downloadBIN' - return the binary certificate chain
-     * <li>http.param op 'displayIND' - display pretty-print of certificate chain components
+     * <li>http.param op 'displayIND' - display pretty-print of certificate
+     * chain components
      * </ul>
+     * 
      * @param cmsReq the object holding the request and response information
      */
     protected void process(CMSRequest cmsReq) throws EBaseException {
@@ -95,8 +96,7 @@ public class GetDomainXML extends CMSServlet {
         try {
             secstore = cs.getString("securitydomain.store");
             basedn = cs.getString("internaldb.basedn");
-        }    
-        catch (Exception e)  {
+        } catch (Exception e) {
             CMS.debug("Unable to determine the security domain name or internal basedn. Please run the domaininfo migration script");
         }
 
@@ -120,16 +120,16 @@ public class GetDomainXML extends CMSServlet {
                     connFactory.init(ldapConfig);
                     conn = connFactory.getConn();
 
-                    // get the security domain name 
+                    // get the security domain name
                     String secdomain = (String) conn.read(dn).getAttribute("name").getStringValues().nextElement();
 
                     XMLObject xmlObj = new XMLObject();
                     Node domainInfo = xmlObj.createRoot("DomainInfo");
                     xmlObj.addItemToContainer(domainInfo, "Name", secdomain);
 
-                    // this should return CAList, KRAList etc. 
+                    // this should return CAList, KRAList etc.
                     LDAPSearchResults res = conn.search(dn, LDAPConnection.SCOPE_ONE, filter,
-                        attrs, true, cons);
+                            attrs, true, cons);
 
                     while (res.hasMoreElements()) {
                         int count = 0;
@@ -137,10 +137,10 @@ public class GetDomainXML extends CMSServlet {
                         String listName = dn.substring(3, dn.indexOf(","));
                         String subType = listName.substring(0, listName.indexOf("List"));
                         Node listNode = xmlObj.createContainer(domainInfo, listName);
-                        
+
                         filter = "objectclass=pkiSubsystem";
-                        LDAPSearchResults res2 = conn.search(dn, LDAPConnection.SCOPE_ONE, filter, 
-                            attrs, false, cons);
+                        LDAPSearchResults res2 = conn.search(dn, LDAPConnection.SCOPE_ONE, filter,
+                                attrs, false, cons);
                         while (res2.hasMoreElements()) {
                             Node node = xmlObj.createContainer(listNode, subType);
                             LDAPEntry entry = res2.next();
@@ -149,32 +149,29 @@ public class GetDomainXML extends CMSServlet {
                             while (attrsInSet.hasMoreElements()) {
                                 LDAPAttribute nextAttr = (LDAPAttribute) attrsInSet.nextElement();
                                 String attrName = nextAttr.getName();
-                                if ((! attrName.equals("cn")) && (! attrName.equals("objectClass"))) {
+                                if ((!attrName.equals("cn")) && (!attrName.equals("objectClass"))) {
                                     String attrValue = (String) nextAttr.getStringValues().nextElement();
                                     xmlObj.addItemToContainer(node, securityDomainLDAPtoXML(attrName), attrValue);
                                 }
                             }
-                            count ++;
-                        }   
+                            count++;
+                        }
                         xmlObj.addItemToContainer(listNode, "SubsystemCount", Integer.toString(count));
                     }
 
                     // Add new xml object as string to response.
                     response.addItemToContainer(root, "DomainInfo", xmlObj.toXMLString());
-                }
-                catch (Exception e) {
+                } catch (Exception e) {
                     CMS.debug("GetDomainXML: Failed to read domain.xml from ldap " + e.toString());
                     status = FAILED;
-                }
-                finally {
-                    if ((conn != null) && (connFactory!= null)) {
+                } finally {
+                    if ((conn != null) && (connFactory != null)) {
                         CMS.debug("Releasing ldap connection");
                         connFactory.returnConn(conn);
                     }
                 }
-            }
-            else {
-                 // get data from file store
+            } else {
+                // get data from file store
 
                 String path = CMS.getConfigStore().getString("instanceRoot", "")
                         + "/conf/domain.xml";
@@ -194,10 +191,9 @@ public class GetDomainXML extends CMSServlet {
                     CMS.debug("GetDomainXML: Done Reading domain.xml...");
 
                     response.addItemToContainer(root, "DomainInfo", new String(buf));
-                }
-                catch (Exception e) {
-                   CMS.debug("Failed to read domain.xml from file" + e.toString());
-                   status = FAILED;
+                } catch (Exception e) {
+                    CMS.debug("Failed to read domain.xml from file" + e.toString());
+                    status = FAILED;
                 }
             }
 
@@ -211,18 +207,29 @@ public class GetDomainXML extends CMSServlet {
     }
 
     protected String securityDomainLDAPtoXML(String attribute) {
-        if (attribute.equals("host")) return "Host";
-        else return attribute;
+        if (attribute.equals("host"))
+            return "Host";
+        else
+            return attribute;
     }
 
-    protected void setDefaultTemplates(ServletConfig sc) {}
+    protected void setDefaultTemplates(ServletConfig sc) {
+    }
 
     protected void renderTemplate(
             CMSRequest cmsReq, String templateName, ICMSTemplateFiller filler)
-        throws IOException {// do nothing
-    } 
+            throws IOException {// do nothing
+    }
 
-    protected void renderResult(CMSRequest cmsReq) throws IOException {// do nothing, ie, it will not return the default javascript.
+    protected void renderResult(CMSRequest cmsReq) throws IOException {// do
+                                                                       // nothing,
+                                                                       // ie, it
+                                                                       // will
+                                                                       // not
+                                                                       // return
+                                                                       // the
+                                                                       // default
+                                                                       // javascript.
     }
 
     /**
diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetStatus.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetStatus.java
index 02fe36c1..623acf9a 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetStatus.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetStatus.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.servlet.csadmin;
 
-
 import java.io.IOException;
 import java.util.Locale;
 
@@ -36,7 +35,6 @@ import com.netscape.cms.servlet.base.UserInfo;
 import com.netscape.cms.servlet.common.CMSRequest;
 import com.netscape.cmsutil.xml.XMLObject;
 
-
 public class GetStatus extends CMSServlet {
 
     /**
@@ -52,6 +50,7 @@ public class GetStatus extends CMSServlet {
 
     /**
      * initialize the servlet.
+     * 
      * @param sc servlet configuration, read from the web.xml file
      */
     public void init(ServletConfig sc) throws ServletException {
@@ -59,18 +58,19 @@ public class GetStatus extends CMSServlet {
     }
 
     /**
-     * Process the HTTP request. 
+     * Process the HTTP request.
+     * 
      * @param cmsReq the object holding the request and response information
      */
     protected void process(CMSRequest cmsReq) throws EBaseException {
         HttpServletRequest httpReq = cmsReq.getHttpReq();
         HttpServletResponse httpResp = cmsReq.getHttpResp();
-	IConfigStore config = CMS.getConfigStore();
+        IConfigStore config = CMS.getConfigStore();
 
         String outputString = null;
 
-	String state = config.getString("cs.state", "");
-	String type = config.getString("cs.type", "");
+        String state = config.getString("cs.state", "");
+        String type = config.getString("cs.type", "");
 
         try {
             XMLObject xmlObj = null;
@@ -89,7 +89,15 @@ public class GetStatus extends CMSServlet {
         }
     }
 
-    protected void renderResult(CMSRequest cmsReq) throws IOException {// do nothing, ie, it will not return the default javascript.
+    protected void renderResult(CMSRequest cmsReq) throws IOException {// do
+                                                                       // nothing,
+                                                                       // ie, it
+                                                                       // will
+                                                                       // not
+                                                                       // return
+                                                                       // the
+                                                                       // default
+                                                                       // javascript.
     }
 
     /**
diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetSubsystemCert.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetSubsystemCert.java
index c1bf138e..59e135a1 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetSubsystemCert.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetSubsystemCert.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.servlet.csadmin;
 
-
 import java.io.IOException;
 import java.util.Locale;
 
@@ -39,7 +38,6 @@ import com.netscape.cms.servlet.common.CMSRequest;
 import com.netscape.cmsutil.crypto.CryptoUtil;
 import com.netscape.cmsutil.xml.XMLObject;
 
-
 public class GetSubsystemCert extends CMSServlet {
 
     /**
@@ -55,6 +53,7 @@ public class GetSubsystemCert extends CMSServlet {
 
     /**
      * initialize the servlet.
+     * 
      * @param sc servlet configuration, read from the web.xml file
      */
     public void init(ServletConfig sc) throws ServletException {
@@ -62,7 +61,7 @@ public class GetSubsystemCert extends CMSServlet {
     }
 
     /**
-     * Process the HTTP request. 
+     * Process the HTTP request.
      */
     protected void process(CMSRequest cmsReq) throws EBaseException {
         HttpServletRequest httpReq = cmsReq.getHttpReq();
@@ -76,16 +75,16 @@ public class GetSubsystemCert extends CMSServlet {
             nickname = cs.getString("ca.subsystem.nickname", "");
             String tokenname = cs.getString("ca.subsystem.tokenname", "");
             if (!tokenname.equals("internal") && !tokenname.equals("Internal Key Storage Token"))
-                nickname = tokenname+":"+nickname;
+                nickname = tokenname + ":" + nickname;
         } catch (Exception e) {
         }
 
-        CMS.debug("GetSubsystemCert process: nickname="+nickname);
+        CMS.debug("GetSubsystemCert process: nickname=" + nickname);
         String s = "";
         try {
             CryptoManager cm = CryptoManager.getInstance();
             X509Certificate cert = cm.findCertByNickname(nickname);
- 
+
             if (cert == null) {
                 CMS.debug("GetSubsystemCert process: subsystem cert is null");
                 outputError(httpResp, "Error: Failed to get subsystem certificate.");
@@ -95,7 +94,7 @@ public class GetSubsystemCert extends CMSServlet {
             byte[] bytes = cert.getEncoded();
             s = CryptoUtil.normalizeCertStr(CryptoUtil.base64Encode(bytes));
         } catch (Exception e) {
-            CMS.debug("GetSubsystemCert process: exception: "+e.toString());
+            CMS.debug("GetSubsystemCert process: exception: " + e.toString());
         }
 
         try {
@@ -111,7 +110,15 @@ public class GetSubsystemCert extends CMSServlet {
         }
     }
 
-    protected void renderResult(CMSRequest cmsReq) throws IOException {// do nothing, ie, it will not return the default javascript.
+    protected void renderResult(CMSRequest cmsReq) throws IOException {// do
+                                                                       // nothing,
+                                                                       // ie, it
+                                                                       // will
+                                                                       // not
+                                                                       // return
+                                                                       // the
+                                                                       // default
+                                                                       // javascript.
     }
 
     /**
diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetTokenInfo.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetTokenInfo.java
index d7af0740..f4d68392 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetTokenInfo.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetTokenInfo.java
@@ -52,6 +52,7 @@ public class GetTokenInfo extends CMSServlet {
 
     /**
      * initialize the servlet.
+     * 
      * @param sc servlet configuration, read from the web.xml file
      */
     public void init(ServletConfig sc) throws ServletException {
@@ -60,11 +61,13 @@ public class GetTokenInfo extends CMSServlet {
     }
 
     /**
-     * Process the HTTP request. 
+     * Process the HTTP request.
      * <ul>
      * <li>http.param op 'downloadBIN' - return the binary certificate chain
-     * <li>http.param op 'displayIND' - display pretty-print of certificate chain components
+     * <li>http.param op 'displayIND' - display pretty-print of certificate
+     * chain components
      * </ul>
+     * 
      * @param cmsReq the object holding the request and response information
      */
     protected void process(CMSRequest cmsReq) throws EBaseException {
@@ -78,8 +81,8 @@ public class GetTokenInfo extends CMSServlet {
         try {
             xmlObj = new XMLObject();
         } catch (Exception e) {
-            CMS.debug("GetTokenInfo process: Exception: "+e.toString());
-            throw new EBaseException( e.toString() );
+            CMS.debug("GetTokenInfo process: Exception: " + e.toString());
+            throw new EBaseException(e.toString());
         }
 
         Node root = xmlObj.createRoot("XMLResponse");
@@ -97,7 +100,7 @@ public class GetTokenInfo extends CMSServlet {
             String name = t1.nextToken();
             if (name.equals("sslserver"))
                 continue;
-            name = "cloning."+name+".nickname";
+            name = "cloning." + name + ".nickname";
             String value = "";
 
             try {
@@ -105,7 +108,7 @@ public class GetTokenInfo extends CMSServlet {
             } catch (Exception ee) {
                 continue;
             }
-             
+
             Node container = xmlObj.createContainer(root, "Config");
             xmlObj.addItemToContainer(container, "name", name);
             xmlObj.addItemToContainer(container, "value", value);
@@ -149,6 +152,14 @@ public class GetTokenInfo extends CMSServlet {
         return locale;
     }
 
-    protected void renderResult(CMSRequest cmsReq) throws IOException {// do nothing, ie, it will not return the default javascript.
+    protected void renderResult(CMSRequest cmsReq) throws IOException {// do
+                                                                       // nothing,
+                                                                       // ie, it
+                                                                       // will
+                                                                       // not
+                                                                       // return
+                                                                       // the
+                                                                       // default
+                                                                       // javascript.
     }
 }
diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetTransportCert.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetTransportCert.java
index bc29b34a..2722b0f7 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetTransportCert.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/GetTransportCert.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.servlet.csadmin;
 
-
 import java.io.IOException;
 import java.security.cert.CertificateEncodingException;
 import java.util.Locale;
@@ -63,6 +62,7 @@ public class GetTransportCert extends CMSServlet {
 
     /**
      * initialize the servlet.
+     * 
      * @param sc servlet configuration, read from the web.xml file
      */
     public void init(ServletConfig sc) throws ServletException {
@@ -72,7 +72,7 @@ public class GetTransportCert extends CMSServlet {
     }
 
     /**
-     * Process the HTTP request. 
+     * Process the HTTP request.
      */
     protected void process(CMSRequest cmsReq) throws EBaseException {
         CMS.debug("UpdateUpdater: processing...");
@@ -86,9 +86,9 @@ public class GetTransportCert extends CMSServlet {
             CMS.debug("GetTransportCert authentication successful.");
         } catch (Exception e) {
             CMS.debug("GetTransportCert: authentication failed.");
-            log(ILogger.LL_FAILURE, 
+            log(ILogger.LL_FAILURE,
                     CMS.getLogMessage("CMSGW_ERR_BAD_SERV_OUT_STREAM", "",
-                    e.toString()));
+                            e.toString()));
             outputError(httpResp, AUTH_FAILURE, "Error: Not authenticated");
             return;
         }
@@ -101,19 +101,19 @@ public class GetTransportCert extends CMSServlet {
 
         AuthzToken authzToken = null;
         try {
-            authzToken = authorize(mAclMethod, authToken, mAuthzResourceName, 
-              "read");
+            authzToken = authorize(mAclMethod, authToken, mAuthzResourceName,
+                    "read");
             CMS.debug("GetTransportCert authorization successful.");
         } catch (EAuthzAccessDenied e) {
             log(ILogger.LL_FAILURE,
-                CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+                    CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
             outputError(httpResp, "Error: Not authorized");
             return;
         } catch (Exception e) {
             log(ILogger.LL_FAILURE,
-                CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+                    CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
             outputError(httpResp,
-                "Error: Encountered problem during authorization.");
+                    "Error: Encountered problem during authorization.");
             return;
         }
 
@@ -126,17 +126,17 @@ public class GetTransportCert extends CMSServlet {
 
         IKeyRecoveryAuthority kra =
                 (IKeyRecoveryAuthority) mAuthority;
-            ITransportKeyUnit tu = kra.getTransportKeyUnit();
-            org.mozilla.jss.crypto.X509Certificate transportCert =
+        ITransportKeyUnit tu = kra.getTransportKeyUnit();
+        org.mozilla.jss.crypto.X509Certificate transportCert =
                 tu.getCertificate();
 
-            String mime64 = "";
+        String mime64 = "";
         try {
             mime64 = CMS.BtoA(transportCert.getEncoded());
             mime64 = com.netscape.cmsutil.util.Cert.normalizeCertStrAndReq(mime64);
-         } catch (CertificateEncodingException eee) {
+        } catch (CertificateEncodingException eee) {
             CMS.debug("GetTransportCert: Failed to encode certificate");
-         }
+        }
 
         // send success status back to the requestor
         try {
@@ -154,14 +154,23 @@ public class GetTransportCert extends CMSServlet {
         }
     }
 
-    protected void setDefaultTemplates(ServletConfig sc) {}
+    protected void setDefaultTemplates(ServletConfig sc) {
+    }
 
     protected void renderTemplate(
             CMSRequest cmsReq, String templateName, ICMSTemplateFiller filler)
-        throws IOException {// do nothing
-    } 
+            throws IOException {// do nothing
+    }
 
-    protected void renderResult(CMSRequest cmsReq) throws IOException {// do nothing, ie, it will not return the default javascript.
+    protected void renderResult(CMSRequest cmsReq) throws IOException {// do
+                                                                       // nothing,
+                                                                       // ie, it
+                                                                       // will
+                                                                       // not
+                                                                       // return
+                                                                       // the
+                                                                       // default
+                                                                       // javascript.
     }
 
     /**
diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/HierarchyPanel.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/HierarchyPanel.java
index a00b0fb7..b42bdb7d 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/HierarchyPanel.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/HierarchyPanel.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.servlet.csadmin;
 
-
 import java.io.IOException;
 
 import javax.servlet.ServletConfig;
@@ -36,19 +35,20 @@ import com.netscape.cms.servlet.wizard.WizardServlet;
 
 public class HierarchyPanel extends WizardPanelBase {
 
-    public HierarchyPanel() {}
+    public HierarchyPanel() {
+    }
 
     /**
      * Initializes this panel.
      */
-    public void init(ServletConfig config, int panelno) 
-        throws ServletException {
+    public void init(ServletConfig config, int panelno)
+            throws ServletException {
         setPanelNo(panelno);
         setName("PKI Hierarchy");
     }
 
     public void init(WizardServlet servlet, ServletConfig config, int panelno, String id)
-        throws ServletException {
+            throws ServletException {
         setPanelNo(panelno);
         setName("PKI Hierarchy");
         setId(id);
@@ -56,7 +56,7 @@ public class HierarchyPanel extends WizardPanelBase {
 
     public boolean shouldSkip() {
 
-        // we dont need to ask the hierachy if we are 
+        // we dont need to ask the hierachy if we are
         // setting up a clone
         try {
             IConfigStore c = CMS.getConfigStore();
@@ -64,8 +64,8 @@ public class HierarchyPanel extends WizardPanelBase {
                     null);
             if (s != null && s.equals("clone")) {
                 // mark this panel as done
-                c.putString("preop.hierarchy.select","root");
-                c.putString("hierarchy.select","Clone");
+                c.putString("preop.hierarchy.select", "root");
+                c.putString("hierarchy.select", "Clone");
                 return true;
             }
         } catch (EBaseException e) {
@@ -89,15 +89,16 @@ public class HierarchyPanel extends WizardPanelBase {
             } else {
                 return true;
             }
-        } catch (EBaseException e) {}
+        } catch (EBaseException e) {
+        }
         return false;
     }
 
     public PropertySet getUsage() {
         PropertySet set = new PropertySet();
-                                                                                
+
         /* XXX */
-                                                                                
+
         return set;
     }
 
@@ -117,7 +118,7 @@ public class HierarchyPanel extends WizardPanelBase {
                 if (s.equals("root")) {
                     context.put("check_root", "checked");
                 } else if (s.equals("join")) {
-                    context.put("check_join", "checked"); 
+                    context.put("check_join", "checked");
                 }
             } catch (Exception e) {
                 CMS.debug(e.toString());
@@ -163,16 +164,17 @@ public class HierarchyPanel extends WizardPanelBase {
         }
 
         if (select.equals("root")) {
-            config.putString("preop.hierarchy.select", "root"); 
-            config.putString("hierarchy.select", "Root"); 
+            config.putString("preop.hierarchy.select", "root");
+            config.putString("hierarchy.select", "Root");
             config.putString("preop.ca.type", "sdca");
             try {
                 config.commit(false);
-            } catch (EBaseException e) {}
+            } catch (EBaseException e) {
+            }
         } else if (select.equals("join")) {
             config.putString(PCERT_PREFIX + "signing.type", "remote");
             config.putString("preop.hierarchy.select", "join");
-            config.putString("hierarchy.select", "Subordinate"); 
+            config.putString("hierarchy.select", "Subordinate");
         } else {
             config.putString(PCERT_PREFIX + "signing.type", "remote");
             CMS.debug("HierarchyPanel: invalid choice " + select);
@@ -187,5 +189,6 @@ public class HierarchyPanel extends WizardPanelBase {
      */
     public void displayError(HttpServletRequest request,
             HttpServletResponse response,
-            Context context) {}
+            Context context) {
+    }
 }
diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/ImportAdminCertPanel.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/ImportAdminCertPanel.java
index d4f93a9b..991bb49b 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/ImportAdminCertPanel.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/ImportAdminCertPanel.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.servlet.csadmin;
 
-
 import java.io.BufferedReader;
 import java.io.FileReader;
 import java.io.IOException;
@@ -47,19 +46,20 @@ import com.netscape.cmsutil.crypto.CryptoUtil;
 
 public class ImportAdminCertPanel extends WizardPanelBase {
 
-    public ImportAdminCertPanel() {}
+    public ImportAdminCertPanel() {
+    }
 
     /**
      * Initializes this panel.
      */
-    public void init(ServletConfig config, int panelno) 
-        throws ServletException {
+    public void init(ServletConfig config, int panelno)
+            throws ServletException {
         setPanelNo(panelno);
         setName("Import Administrator's Certificate");
     }
 
     public void init(WizardServlet servlet, ServletConfig config, int panelno, String id)
-        throws ServletException {
+            throws ServletException {
         setPanelNo(panelno);
         setName("Import Administrator's Certificate");
         setId(id);
@@ -102,11 +102,12 @@ public class ImportAdminCertPanel extends WizardPanelBase {
         try {
             type = cs.getString("preop.ca.type", "");
             subsystemtype = cs.getString("cs.type", "");
-        } catch (Exception e) {}
+        } catch (Exception e) {
+        }
 
         try {
             String serialno = cs.getString("preop.admincert.serialno.0");
-            
+
             context.put("serialNumber", serialno);
         } catch (Exception e) {
             context.put("errorString", "Failed to get serial number.");
@@ -129,21 +130,26 @@ public class ImportAdminCertPanel extends WizardPanelBase {
         if (ca == null) {
             if (type.equals("otherca")) {
                 try {
-                    // this is a non-CA system that has elected to have its certificates 
+                    // this is a non-CA system that has elected to have its
+                    // certificates
                     // signed by a CA outside of the security domain.
-                    // in this case, we submitted the cert request for the admin cert to
+                    // in this case, we submitted the cert request for the admin
+                    // cert to
                     // to security domain host.
                     caHost = cs.getString("securitydomain.host", "");
                     caPort = cs.getString("securitydomain.httpsadminport", "");
-                } catch (Exception e) {}
+                } catch (Exception e) {
+                }
             } else if (type.equals("sdca")) {
                 try {
                     // this is a non-CA system that submitted its certs to a CA
-                    // within the security domain.  In this case, we submitted the cert
+                    // within the security domain. In this case, we submitted
+                    // the cert
                     // request for the admin cert to this CA
                     caHost = cs.getString("preop.ca.hostname", "");
                     caPort = cs.getString("preop.ca.httpsadminport", "");
-                } catch (Exception e) {}
+                } catch (Exception e) {
+                }
             }
         } else {
             // for CAs, we always generate our own admin certs
@@ -151,7 +157,8 @@ public class ImportAdminCertPanel extends WizardPanelBase {
             try {
                 caHost = cs.getString("service.machineName", "");
                 caPort = cs.getString("pkicreate.admin_secure_port", "");
-            } catch (Exception e) {}
+            } catch (Exception e) {
+            }
         }
 
         String pkcs7 = "";
@@ -192,12 +199,13 @@ public class ImportAdminCertPanel extends WizardPanelBase {
             subsystemtype = cs.getString("cs.type", "");
             security_domain_type = cs.getString("securitydomain.select", "");
             selected_hierarchy = cs.getString("preop.hierarchy.select", "");
-        } catch (Exception e) {}
+        } catch (Exception e) {
+        }
 
         ICertificateAuthority ca = (ICertificateAuthority) CMS.getSubsystem(
                 ICertificateAuthority.ID);
 
-        if (ca == null) { 
+        if (ca == null) {
             context.put("ca", "false");
         } else {
             context.put("ca", "true");
@@ -206,18 +214,18 @@ public class ImportAdminCertPanel extends WizardPanelBase {
 
         X509CertImpl certs[] = new X509CertImpl[1];
 
-        // REMINDER:  This panel is NOT used by "clones"
-        if( ca != null ) {
+        // REMINDER: This panel is NOT used by "clones"
+        if (ca != null) {
             String serialno = null;
 
-            if( selected_hierarchy.equals( "root" ) ) {
-                CMS.debug( "ImportAdminCertPanel update:  "
+            if (selected_hierarchy.equals("root")) {
+                CMS.debug("ImportAdminCertPanel update:  "
                          + "Root CA subsystem - "
-                         + "(new Security Domain)" );
+                         + "(new Security Domain)");
             } else {
-                CMS.debug( "ImportAdminCertPanel update:  "
+                CMS.debug("ImportAdminCertPanel update:  "
                          + "Subordinate CA subsystem - "
-                         + "(new Security Domain)" );
+                         + "(new Security Domain)");
             }
 
             try {
@@ -234,35 +242,37 @@ public class ImportAdminCertPanel extends WizardPanelBase {
             try {
                 certs[0] = repost.getX509Certificate(
                         new BigInteger(serialno, 16));
-            } catch (Exception ee) {}
+            } catch (Exception ee) {
+            }
         } else {
             String dir = null;
 
-            // REMINDER:  This panel is NOT used by "clones"
-            if( subsystemtype.equals( "CA" ) ) {
-                if( selected_hierarchy.equals( "root" ) ) {
-                    CMS.debug( "ImportAdminCertPanel update:  "
+            // REMINDER: This panel is NOT used by "clones"
+            if (subsystemtype.equals("CA")) {
+                if (selected_hierarchy.equals("root")) {
+                    CMS.debug("ImportAdminCertPanel update:  "
                              + "Root CA subsystem - "
-                             + "(existing Security Domain)" );
+                             + "(existing Security Domain)");
                 } else {
-                    CMS.debug( "ImportAdminCertPanel update:  "
+                    CMS.debug("ImportAdminCertPanel update:  "
                              + "Subordinate CA subsystem - "
-                             + "(existing Security Domain)" );
+                             + "(existing Security Domain)");
                 }
             } else {
-                CMS.debug( "ImportAdminCertPanel update:  "
+                CMS.debug("ImportAdminCertPanel update:  "
                          + subsystemtype
-                         + " subsystem" );
+                         + " subsystem");
             }
 
             try {
-                dir = cs.getString("preop.admincert.b64", ""); 
+                dir = cs.getString("preop.admincert.b64", "");
                 CMS.debug("ImportAdminCertPanel update: dir=" + dir);
-            } catch (Exception ee) {}
+            } catch (Exception ee) {
+            }
 
             try {
                 BufferedReader reader = new BufferedReader(
-                  new FileReader(dir));
+                        new FileReader(dir));
                 String b64 = "";
 
                 StringBuffer sb = new StringBuffer();
@@ -289,7 +299,7 @@ public class ImportAdminCertPanel extends WizardPanelBase {
             user.setX509Certificates(certs);
             ug.addUserCert(user);
         } catch (LDAPException e) {
-            CMS.debug("ImportAdminCertPanel update: failed to add certificate to the internal database. Exception: "+e.toString());
+            CMS.debug("ImportAdminCertPanel update: failed to add certificate to the internal database. Exception: " + e.toString());
             if (e.getLDAPResultCode() != LDAPException.ATTRIBUTE_OR_VALUE_EXISTS) {
                 context.put("updateStatus", "failure");
                 throw new IOException(e.toString());
@@ -312,7 +322,7 @@ public class ImportAdminCertPanel extends WizardPanelBase {
     public boolean shouldSkip() {
         try {
             IConfigStore c = CMS.getConfigStore();
-            String s = c.getString("preop.subsystem.select",null);
+            String s = c.getString("preop.subsystem.select", null);
             if (s != null && s.equals("clone")) {
                 return true;
             }
@@ -322,7 +332,6 @@ public class ImportAdminCertPanel extends WizardPanelBase {
         return false;
     }
 
-
     /**
      * If validiate() returns false, this method will be called.
      */
diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/ImportCAChainPanel.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/ImportCAChainPanel.java
index 0c2e7fa0..a26b2dc2 100755
--- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/ImportCAChainPanel.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/ImportCAChainPanel.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.servlet.csadmin;
 
-
 import java.io.IOException;
 
 import javax.servlet.ServletConfig;
@@ -36,19 +35,20 @@ import com.netscape.cms.servlet.wizard.WizardServlet;
 
 public class ImportCAChainPanel extends WizardPanelBase {
 
-    public ImportCAChainPanel() {}
+    public ImportCAChainPanel() {
+    }
 
     /**
      * Initializes this panel.
      */
-    public void init(ServletConfig config, int panelno) 
-        throws ServletException {
+    public void init(ServletConfig config, int panelno)
+            throws ServletException {
         setPanelNo(panelno);
         setName("Import CA's Certificate Chain");
     }
 
     public void init(WizardServlet servlet, ServletConfig config, int panelno, String id)
-        throws ServletException {
+            throws ServletException {
         setPanelNo(panelno);
         setName("Import CA's Certificate Chain");
         setId(id);
@@ -89,7 +89,7 @@ public class ImportCAChainPanel extends WizardPanelBase {
             context.put("https_port", cs.getString("pkicreate.ee_secure_port"));
             context.put("http_port", cs.getString("pkicreate.unsecure_port"));
         } catch (EBaseException e) {
-            CMS.debug("ImportCACertChain:display: Exception: " + e.toString()); 
+            CMS.debug("ImportCACertChain:display: Exception: " + e.toString());
             context.put("errorString", "Error loading values for Import CA Certificate Panel");
         }
 
@@ -119,7 +119,6 @@ public class ImportCAChainPanel extends WizardPanelBase {
             Context context) throws IOException {
         IConfigStore cs = CMS.getConfigStore();
 
-
         context.put("errorString", "");
         context.put("title", "Import CA's Certificate Chain");
         context.put("panel", "admin/console/config/importcachainpanel.vm");
@@ -141,6 +140,7 @@ public class ImportCAChainPanel extends WizardPanelBase {
             context.put("http_port", cs.getString("pkicreate.unsecure_port"));
             context.put("title", "Import CA's Certificate Chain");
             context.put("panel", "admin/console/config/importcachainpanel.vm");
-        } catch (EBaseException e) {}
+        } catch (EBaseException e) {
+        }
     }
 }
diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/ImportTransportCert.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/ImportTransportCert.java
index 3f54ec1c..2cfc6cad 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/ImportTransportCert.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/ImportTransportCert.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.servlet.csadmin;
 
-
 import java.io.IOException;
 import java.util.Locale;
 
@@ -61,6 +60,7 @@ public class ImportTransportCert extends CMSServlet {
 
     /**
      * initialize the servlet.
+     * 
      * @param sc servlet configuration, read from the web.xml file
      */
     public void init(ServletConfig sc) throws ServletException {
@@ -70,7 +70,7 @@ public class ImportTransportCert extends CMSServlet {
     }
 
     /**
-     * Process the HTTP request. 
+     * Process the HTTP request.
      */
     protected void process(CMSRequest cmsReq) throws EBaseException {
         CMS.debug("UpdateUpdater: processing...");
@@ -84,9 +84,9 @@ public class ImportTransportCert extends CMSServlet {
             CMS.debug("ImportTransportCert authentication successful.");
         } catch (Exception e) {
             CMS.debug("ImportTransportCert: authentication failed.");
-            log(ILogger.LL_FAILURE, 
+            log(ILogger.LL_FAILURE,
                     CMS.getLogMessage("CMSGW_ERR_BAD_SERV_OUT_STREAM", "",
-                    e.toString()));
+                            e.toString()));
             outputError(httpResp, AUTH_FAILURE, "Error: Not authenticated");
             return;
         }
@@ -99,19 +99,19 @@ public class ImportTransportCert extends CMSServlet {
 
         AuthzToken authzToken = null;
         try {
-            authzToken = authorize(mAclMethod, authToken, mAuthzResourceName, 
-              "modify");
+            authzToken = authorize(mAclMethod, authToken, mAuthzResourceName,
+                    "modify");
             CMS.debug("ImportTransportCert authorization successful.");
         } catch (EAuthzAccessDenied e) {
             log(ILogger.LL_FAILURE,
-                CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+                    CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
             outputError(httpResp, "Error: Not authorized");
             return;
         } catch (Exception e) {
             log(ILogger.LL_FAILURE,
-                CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+                    CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
             outputError(httpResp,
-                "Error: Encountered problem during authorization.");
+                    "Error: Encountered problem during authorization.");
             return;
         }
 
@@ -126,17 +126,17 @@ public class ImportTransportCert extends CMSServlet {
         String certsString = httpReq.getParameter("certificate");
 
         try {
-          CryptoManager cm = CryptoManager.getInstance();
-          CMS.debug("ImportTransportCert: Importing certificate");
-          org.mozilla.jss.crypto.X509Certificate cert = 
-            cm.importCACertPackage(CMS.AtoB(certsString));
-          String nickName = cert.getNickname();
-          CMS.debug("ImportTransportCert: nickname " + nickName);
-          cs.putString("tks.drm_transport_cert_nickname", nickName);
-          CMS.debug("ImportTransportCert: Commiting configuration");
-          cs.commit(false);
-
-        // send success status back to the requestor
+            CryptoManager cm = CryptoManager.getInstance();
+            CMS.debug("ImportTransportCert: Importing certificate");
+            org.mozilla.jss.crypto.X509Certificate cert =
+                    cm.importCACertPackage(CMS.AtoB(certsString));
+            String nickName = cert.getNickname();
+            CMS.debug("ImportTransportCert: nickname " + nickName);
+            cs.putString("tks.drm_transport_cert_nickname", nickName);
+            CMS.debug("ImportTransportCert: Commiting configuration");
+            cs.commit(false);
+
+            // send success status back to the requestor
             CMS.debug("ImportTransportCert: Sending response");
             XMLObject xmlObj = new XMLObject();
             Node root = xmlObj.createRoot("XMLResponse");
@@ -150,14 +150,23 @@ public class ImportTransportCert extends CMSServlet {
         }
     }
 
-    protected void setDefaultTemplates(ServletConfig sc) {}
+    protected void setDefaultTemplates(ServletConfig sc) {
+    }
 
     protected void renderTemplate(
             CMSRequest cmsReq, String templateName, ICMSTemplateFiller filler)
-        throws IOException {// do nothing
-    } 
+            throws IOException {// do nothing
+    }
 
-    protected void renderResult(CMSRequest cmsReq) throws IOException {// do nothing, ie, it will not return the default javascript.
+    protected void renderResult(CMSRequest cmsReq) throws IOException {// do
+                                                                       // nothing,
+                                                                       // ie, it
+                                                                       // will
+                                                                       // not
+                                                                       // return
+                                                                       // the
+                                                                       // default
+                                                                       // javascript.
     }
 
     /**
diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/LDAPSecurityDomainSessionTable.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/LDAPSecurityDomainSessionTable.java
index a421302b..d661a318 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/LDAPSecurityDomainSessionTable.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/LDAPSecurityDomainSessionTable.java
@@ -36,11 +36,11 @@ import com.netscape.certsrv.base.ISecurityDomainSessionTable;
 import com.netscape.cmsutil.password.IPasswordStore;
 
 /**
- * This object stores the values for IP, uid and group based on the cookie id in LDAP.
- * Entries are stored under ou=Security Domain, ou=sessions, $basedn
+ * This object stores the values for IP, uid and group based on the cookie id in
+ * LDAP. Entries are stored under ou=Security Domain, ou=sessions, $basedn
  */
-public class LDAPSecurityDomainSessionTable 
-  implements ISecurityDomainSessionTable {
+public class LDAPSecurityDomainSessionTable
+        implements ISecurityDomainSessionTable {
 
     private long m_timeToLive;
 
@@ -48,8 +48,8 @@ public class LDAPSecurityDomainSessionTable
         m_timeToLive = timeToLive;
     }
 
-    public int addEntry(String sessionId, String ip, 
-      String uid, String group) {
+    public int addEntry(String sessionId, String ip,
+            String uid, String group) {
         IConfigStore cs = CMS.getConfigStore();
         LDAPConnection conn = null;
         boolean sessions_exists = true;
@@ -77,14 +77,14 @@ public class LDAPSecurityDomainSessionTable
             attrs.add(new LDAPAttribute("ou", "sessions"));
             entry = new LDAPEntry(sessionsdn, attrs);
             conn.add(entry);
-         } catch (Exception e) {
+        } catch (Exception e) {
             if ((e instanceof LDAPException) && (((LDAPException) e).getLDAPResultCode() == LDAPException.ENTRY_ALREADY_EXISTS)) {
                 // continue
             } else {
                 CMS.debug("SecurityDomainSessionTable: unable to create ou=sessions:" + e);
                 sessions_exists = false;
             }
-         }
+        }
 
         // add new entry
         try {
@@ -106,9 +106,9 @@ public class LDAPSecurityDomainSessionTable
                 CMS.debug("SecurityDomainSessionTable: added session entry" + sessionId);
                 status = SUCCESS;
             }
-        } catch(Exception e) {
+        } catch (Exception e) {
             CMS.debug("SecurityDomainSessionTable: unable to create session entry" + sessionId + ": " + e);
-        } 
+        }
 
         try {
             conn.disconnect();
@@ -155,8 +155,9 @@ public class LDAPSecurityDomainSessionTable
 
             conn = getLDAPConn();
             LDAPSearchResults res = conn.search(sessionsdn, LDAPv2.SCOPE_SUB, filter, attrs, false);
-            if (res.getCount() > 0) ret = true;
-        } catch(Exception e) {
+            if (res.getCount() > 0)
+                ret = true;
+        } catch (Exception e) {
             CMS.debug("SecurityDomainSessionTable: unable to query session " + sessionId + ": " + e);
         }
 
@@ -168,7 +169,6 @@ public class LDAPSecurityDomainSessionTable
         return ret;
     }
 
-
     public Enumeration<String> getSessionIds() {
         IConfigStore cs = CMS.getConfigStore();
         LDAPConnection conn = null;
@@ -188,13 +188,13 @@ public class LDAPSecurityDomainSessionTable
             }
         } catch (LDAPException e) {
             switch (e.getLDAPResultCode()) {
-                case LDAPException.NO_SUCH_OBJECT:
-                    CMS.debug("SecurityDomainSessionTable: getSessionIds():  no sessions have been created");
-                    break;
-                default:
-                    CMS.debug("SecurityDomainSessionTable: unable to query sessionIds due to ldap exception: " + e);
+            case LDAPException.NO_SUCH_OBJECT:
+                CMS.debug("SecurityDomainSessionTable: getSessionIds():  no sessions have been created");
+                break;
+            default:
+                CMS.debug("SecurityDomainSessionTable: unable to query sessionIds due to ldap exception: " + e);
             }
-        } catch(Exception e) {
+        } catch (Exception e) {
             CMS.debug("SecurityDomainSessionTable: unable to query sessionIds: " + e);
         }
 
@@ -211,18 +211,18 @@ public class LDAPSecurityDomainSessionTable
         IConfigStore cs = CMS.getConfigStore();
         LDAPConnection conn = null;
         String ret = null;
-        try { 
+        try {
             String basedn = cs.getString("internaldb.basedn");
             String sessionsdn = "ou=sessions,ou=Security Domain," + basedn;
             String filter = "(cn=" + sessionId + ")";
             String[] attrs = { attr };
             conn = getLDAPConn();
             LDAPSearchResults res = conn.search(sessionsdn, LDAPv2.SCOPE_SUB, filter, attrs, false);
-            if (res.getCount() > 0) { 
+            if (res.getCount() > 0) {
                 LDAPEntry entry = res.next();
                 ret = entry.getAttribute(attr).getStringValueArray()[0];
             }
-        } catch(Exception e) {
+        } catch (Exception e) {
             CMS.debug("SecurityDomainSessionTable: unable to query session " + sessionId + ": " + e);
         }
 
@@ -261,7 +261,7 @@ public class LDAPSecurityDomainSessionTable
     public int getSize() {
         IConfigStore cs = CMS.getConfigStore();
         LDAPConnection conn = null;
-        int ret =0;
+        int ret = 0;
 
         try {
             String basedn = cs.getString("internaldb.basedn");
@@ -272,7 +272,7 @@ public class LDAPSecurityDomainSessionTable
             conn = getLDAPConn();
             LDAPSearchResults res = conn.search(sessionsdn, LDAPv2.SCOPE_SUB, filter, attrs, false);
             ret = res.getCount();
-        } catch(Exception e) {
+        } catch (Exception e) {
             CMS.debug("SecurityDomainSessionTable: unable to query sessionIds: " + e);
         }
 
@@ -286,8 +286,7 @@ public class LDAPSecurityDomainSessionTable
     }
 
     private LDAPConnection getLDAPConn()
-            throws IOException
-    {
+            throws IOException {
         IConfigStore cs = CMS.getConfigStore();
 
         String host = "";
@@ -299,12 +298,12 @@ public class LDAPSecurityDomainSessionTable
         IPasswordStore pwdStore = CMS.getPasswordStore();
 
         if (pwdStore != null) {
-            //CMS.debug("SecurityDomainSessionTable: getLDAPConn: password store available");
+            // CMS.debug("SecurityDomainSessionTable: getLDAPConn: password store available");
             pwd = pwdStore.getPassword("internaldb");
         }
 
-        if ( pwd == null) {
-           throw new IOException("SecurityDomainSessionTable: Failed to obtain password from password store");
+        if (pwd == null) {
+            throw new IOException("SecurityDomainSessionTable: Failed to obtain password from password store");
         }
 
         try {
@@ -329,14 +328,15 @@ public class LDAPSecurityDomainSessionTable
 
         LDAPConnection conn = null;
         if (security.equals("true")) {
-          //CMS.debug("SecurityDomainSessionTable getLDAPConn: creating secure (SSL) connection for internal ldap");
-          conn = new LDAPConnection(CMS.getLdapJssSSLSocketFactory());
+            // CMS.debug("SecurityDomainSessionTable getLDAPConn: creating secure (SSL) connection for internal ldap");
+            conn = new LDAPConnection(CMS.getLdapJssSSLSocketFactory());
         } else {
-          //CMS.debug("SecurityDomainSessionTable getLDAPConn: creating non-secure (non-SSL) connection for internal ldap");
-          conn = new LDAPConnection();
+            // CMS.debug("SecurityDomainSessionTable getLDAPConn: creating non-secure (non-SSL) connection for internal ldap");
+            conn = new LDAPConnection();
         }
 
-        //CMS.debug("SecurityDomainSessionTable connecting to " + host + ":" + p);
+        // CMS.debug("SecurityDomainSessionTable connecting to " + host + ":" +
+        // p);
         try {
             conn.connect(host, p, binddn, pwd);
         } catch (LDAPException e) {
diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/LoginServlet.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/LoginServlet.java
index e7fdbe3f..713cb170 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/LoginServlet.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/LoginServlet.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.servlet.csadmin;
 
-
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
@@ -27,7 +26,6 @@ import org.apache.velocity.context.Context;
 
 import com.netscape.certsrv.apps.CMS;
 
-
 public class LoginServlet extends BaseServlet {
 
     /**
@@ -52,7 +50,7 @@ public class LoginServlet extends BaseServlet {
             if (pin == null) {
                 context.put("error", "");
             } else {
-                String cspin = CMS.getConfigStore().getString("preop.pin");   
+                String cspin = CMS.getConfigStore().getString("preop.pin");
 
                 if (cspin != null && cspin.equals(pin)) {
                     // create session
@@ -62,7 +60,7 @@ public class LoginServlet extends BaseServlet {
                     return null;
                 } else {
                     context.put("error", "Login Failed");
-                } 
+                }
             }
             template = Velocity.getTemplate("admin/console/config/login.vm");
         } catch (Exception e) {
diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/MainPageServlet.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/MainPageServlet.java
index a91ca979..2c68ee02 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/MainPageServlet.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/MainPageServlet.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.servlet.csadmin;
 
-
 import java.io.IOException;
 import java.util.Locale;
 
@@ -43,7 +42,7 @@ public class MainPageServlet extends CMSServlet {
      *
      */
     private static final long serialVersionUID = 2425301522251239666L;
-    private static final String PROP_AUTHORITY_ID="authorityId";
+    private static final String PROP_AUTHORITY_ID = "authorityId";
     private String mAuthorityId = null;
     private String mFormPath = null;
 
@@ -75,12 +74,12 @@ public class MainPageServlet extends CMSServlet {
             form = getTemplate(mFormPath, request, locale);
         } catch (IOException e) {
             CMS.debug("MainPageServlet process: cant locate the form");
-/*
-            log(ILogger.LL_FAILURE,
-                CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", e.toString()));
-            throw new ECMSGWException(
-              CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
-*/
+            /*
+             * log(ILogger.LL_FAILURE,
+             * CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", e.toString())); throw
+             * new ECMSGWException(
+             * CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
+             */
         }
 
         process(argSet, header, ctx, request, response);
@@ -90,21 +89,21 @@ public class MainPageServlet extends CMSServlet {
             ServletOutputStream out = response.getOutputStream();
 
             cmsReq.setStatus(CMSRequest.SUCCESS);
-			response.setContentType("text/html");
-			form.renderOutput(out, argSet);
+            response.setContentType("text/html");
+            form.renderOutput(out, argSet);
         } catch (IOException e) {
             log(ILogger.LL_FAILURE,
-                CMS.getLogMessage("CMSGW_ERR_OUT_STREAM_TEMPLATE", e.toString()));
+                    CMS.getLogMessage("CMSGW_ERR_OUT_STREAM_TEMPLATE", e.toString()));
             throw new ECMSGWException(
-              CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
+                    CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
         }
     }
 
     private void process(CMSTemplateParams argSet, IArgBlock header,
-      IArgBlock ctx, HttpServletRequest req, HttpServletResponse resp)
-      throws EBaseException {
+            IArgBlock ctx, HttpServletRequest req, HttpServletResponse resp)
+            throws EBaseException {
 
-        int num = 0;        
+        int num = 0;
         IArgBlock rarg = null;
         IConfigStore cs = CMS.getConfigStore();
         int state = 0;
@@ -125,8 +124,8 @@ public class MainPageServlet extends CMSServlet {
             rarg = CMS.createArgBlock();
             rarg.addStringValue("type", "admin");
             rarg.addStringValue("prefix", "http");
-            rarg.addIntegerValue("port", 
-              Integer.valueOf(CMS.getEENonSSLPort()).intValue());
+            rarg.addIntegerValue("port",
+                    Integer.valueOf(CMS.getEENonSSLPort()).intValue());
             rarg.addStringValue("host", host);
             rarg.addStringValue("uri", adminInterface);
             argSet.addRepeatRecord(rarg);
@@ -136,8 +135,8 @@ public class MainPageServlet extends CMSServlet {
                 rarg = CMS.createArgBlock();
                 rarg.addStringValue("type", "ee");
                 rarg.addStringValue("prefix", "https");
-                rarg.addIntegerValue("port", 
-                  Integer.valueOf(CMS.getEESSLPort()).intValue());
+                rarg.addIntegerValue("port",
+                        Integer.valueOf(CMS.getEESSLPort()).intValue());
                 rarg.addStringValue("host", host);
                 rarg.addStringValue("uri", eeInterface);
                 argSet.addRepeatRecord(rarg);
@@ -147,8 +146,8 @@ public class MainPageServlet extends CMSServlet {
                 rarg = CMS.createArgBlock();
                 rarg.addStringValue("type", "agent");
                 rarg.addStringValue("prefix", "https");
-                rarg.addIntegerValue("port", 
-                  Integer.valueOf(CMS.getAgentPort()).intValue());
+                rarg.addIntegerValue("port",
+                        Integer.valueOf(CMS.getAgentPort()).intValue());
                 rarg.addStringValue("host", host);
                 rarg.addStringValue("uri", agentInterface);
                 argSet.addRepeatRecord(rarg);
diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/ModulePanel.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/ModulePanel.java
index 38185a33..e98df72a 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/ModulePanel.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/ModulePanel.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.servlet.csadmin;
 
-
 import java.io.IOException;
 import java.util.Enumeration;
 import java.util.Hashtable;
@@ -50,19 +49,21 @@ public class ModulePanel extends WizardPanelBase {
     private Vector mOtherModules = null;
     private Hashtable mCurrModTable = new Hashtable();
     private WizardServlet mServlet = null;
-    public ModulePanel() {}
+
+    public ModulePanel() {
+    }
 
     /**
      * Initializes this panel.
      */
-    public void init(ServletConfig config, int panelno) 
-        throws ServletException {
+    public void init(ServletConfig config, int panelno)
+            throws ServletException {
         setPanelNo(panelno);
         setName("Key Store");
     }
 
     public void init(WizardServlet servlet, ServletConfig config, int panelno, String id)
-        throws ServletException {
+            throws ServletException {
         setPanelNo(panelno);
         setName("Key Store");
         setId(id);
@@ -71,7 +72,7 @@ public class ModulePanel extends WizardPanelBase {
 
     public void cleanUp() throws IOException {
         IConfigStore cs = CMS.getConfigStore();
-        cs.putBoolean("preop.ModulePanel.done",false);
+        cs.putBoolean("preop.ModulePanel.done", false);
     }
 
     public void loadCurrModTable() {
@@ -142,14 +143,14 @@ public class ModulePanel extends WizardPanelBase {
                 CMS.debug("ModulePanel: token logged in?" + token.isLoggedIn());
                 CMS.debug("ModulePanel: token is present?" + token.isPresent());
                 if (!token.getName().equals("Internal Crypto Services Token") &&
-                   !token.getName().equals("NSS Generic Crypto Services")) {
+                        !token.getName().equals("NSS Generic Crypto Services")) {
                     module.addToken(token);
                 } else {
                     CMS.debug(
                             "ModulePanel: token " + token.getName()
-                            + " not to be added");
+                                    + " not to be added");
                 }
-			    
+
             } catch (TokenException ex) {
                 CMS.debug("ModulePanel:" + ex.toString());
             }
@@ -181,11 +182,11 @@ public class ModulePanel extends WizardPanelBase {
                 if ((cn == null) || (cn.equals(""))) {
                     break;
                 }
-		
+
                 CMS.debug("ModulePanel: got from config module: " + cn);
                 // create a Module object
                 Module module = new Module(cn, pn, img);
-		
+
                 if (mCurrModTable.containsKey(cn)) {
                     CMS.debug("ModulePanel: module found: " + cn);
                     module.setFound(true);
@@ -194,7 +195,7 @@ public class ModulePanel extends WizardPanelBase {
 
                     loadModTokens(module, m);
                 }
-		
+
                 CMS.debug("ModulePanel: adding module " + cn);
                 // add module to set
                 if (!mSupportedModules.contains(module)) {
@@ -211,16 +212,19 @@ public class ModulePanel extends WizardPanelBase {
     }
 
     public PropertySet getUsage() {
-        // it a token choice.  Available tokens are discovered dynamically so
+        // it a token choice. Available tokens are discovered dynamically so
         // can't be a real CHOICE
         PropertySet set = new PropertySet();
-                                                                                
-        Descriptor tokenDesc = new Descriptor(IDescriptor.STRING, null, /* no constraint */
+
+        Descriptor tokenDesc = new Descriptor(IDescriptor.STRING, null, /*
+                                                                         * no
+                                                                         * constraint
+                                                                         */
                 null, /* default parameter */
                 "module token selection");
 
         set.add("choice", tokenDesc);
-                                                                                
+
         return set;
     }
 
@@ -235,7 +239,8 @@ public class ModulePanel extends WizardPanelBase {
             } else {
                 return true;
             }
-        } catch (EBaseException e) {}
+        } catch (EBaseException e) {
+        }
 
         return false;
     }
@@ -272,8 +277,8 @@ public class ModulePanel extends WizardPanelBase {
         context.put("oms", mOtherModules);
         context.put("sms", mSupportedModules);
         // context.put("status_token", "None");
-        String subpanelno =  String.valueOf(getPanelNo()+1);
-        CMS.debug("ModulePanel subpanelno =" +subpanelno);
+        String subpanelno = String.valueOf(getPanelNo() + 1);
+        CMS.debug("ModulePanel subpanelno =" + subpanelno);
         context.put("subpanelno", subpanelno);
         context.put("panel", "admin/console/config/modulepanel.vm");
     }
@@ -292,7 +297,7 @@ public class ModulePanel extends WizardPanelBase {
     public void update(HttpServletRequest request,
             HttpServletResponse response,
             Context context) throws IOException {
-	boolean hasErr = false;
+        boolean hasErr = false;
 
         try {
             // get the value of the choice
@@ -306,13 +311,13 @@ public class ModulePanel extends WizardPanelBase {
 
             IConfigStore config = CMS.getConfigStore();
             String oldtokenname = config.getString("preop.module.token", "");
-            if (!oldtokenname.equals(select)) 
+            if (!oldtokenname.equals(select))
                 mServlet.cleanUpFromPanel(mServlet.getPanelNo(request));
 
-	    if (hasErr == false) {
-              config.putString("preop.module.token", select);
-              config.putBoolean("preop.ModulePanel.done", true);
-	    }
+            if (hasErr == false) {
+                config.putString("preop.module.token", select);
+                config.putBoolean("preop.ModulePanel.done", true);
+            }
             config.commit(false);
             context.put("updateStatus", "success");
         } catch (Exception e) {
diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/ModuleServlet.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/ModuleServlet.java
index a0a627ee..53a297e5 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/ModuleServlet.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/ModuleServlet.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.servlet.csadmin;
 
-
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
@@ -27,7 +26,6 @@ import org.apache.velocity.context.Context;
 
 import com.netscape.certsrv.apps.CMS;
 
-
 public class ModuleServlet extends BaseServlet {
 
     /**
@@ -36,14 +34,12 @@ public class ModuleServlet extends BaseServlet {
     private static final long serialVersionUID = 6518965840466227888L;
 
     /**
-     * Collect information on where keys are to be generated.
-     * Once collected, write to CS.cfg:
-     *    "preop.module=soft"
-     *      or
-     *    "preop.module=hard"
-     *
+     * Collect information on where keys are to be generated. Once collected,
+     * write to CS.cfg: "preop.module=soft" or "preop.module=hard"
+     * 
      * <ul>
-     * <li>http.param selection "soft" or "hard" for software token or hardware token
+     * <li>http.param selection "soft" or "hard" for software token or hardware
+     * token
      * </ul>
      */
     public Template process(HttpServletRequest request,
@@ -76,7 +72,7 @@ public class ModuleServlet extends BaseServlet {
                     CMS.debug("ModuleServlet: illegal selection: " + selection);
                     context.put("error", "failed selection");
                 }
-		
+
             } else {
                 CMS.debug("ModuleServlet: no selection");
             }
diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/NamePanel.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/NamePanel.java
index ec3686e9..45239586 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/NamePanel.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/NamePanel.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.servlet.csadmin;
 
-
 import java.io.File;
 import java.io.FileOutputStream;
 import java.io.IOException;
@@ -54,19 +53,20 @@ public class NamePanel extends WizardPanelBase {
     private Vector mCerts = null;
     private WizardServlet mServlet = null;
 
-    public NamePanel() {}
+    public NamePanel() {
+    }
 
     /**
      * Initializes this panel.
      */
-    public void init(ServletConfig config, int panelno) 
-        throws ServletException {
+    public void init(ServletConfig config, int panelno)
+            throws ServletException {
         setPanelNo(panelno);
         setName("Subject Names");
     }
 
     public void init(WizardServlet servlet, ServletConfig config, int panelno, String id)
-        throws ServletException {
+            throws ServletException {
         setPanelNo(panelno);
         setName("Subject Names");
         setId(id);
@@ -79,26 +79,38 @@ public class NamePanel extends WizardPanelBase {
     public PropertySet getUsage() {
         PropertySet set = new PropertySet();
 
-        Descriptor caDN = new Descriptor(IDescriptor.STRING, null, /* no constraint */
-                null, /* no default parameter */ 
+        Descriptor caDN = new Descriptor(IDescriptor.STRING, null, /*
+                                                                    * no
+                                                                    * constraint
+                                                                    */
+                null, /* no default parameter */
                 "CA Signing Certificate's DN");
 
         set.add("caDN", caDN);
 
-        Descriptor sslDN = new Descriptor(IDescriptor.STRING, null, /* no constraint */
-                null, /* no default parameter */ 
+        Descriptor sslDN = new Descriptor(IDescriptor.STRING, null, /*
+                                                                     * no
+                                                                     * constraint
+                                                                     */
+                null, /* no default parameter */
                 "SSL Server Certificate's DN");
 
         set.add("sslDN", sslDN);
 
-        Descriptor subsystemDN = new Descriptor(IDescriptor.STRING, null, /* no constraint */
-                null, /* no default parameter */ 
+        Descriptor subsystemDN = new Descriptor(IDescriptor.STRING, null, /*
+                                                                           * no
+                                                                           * constraint
+                                                                           */
+                null, /* no default parameter */
                 "CA Subsystem Certificate's DN");
 
         set.add("subsystemDN", subsystemDN);
 
-        Descriptor ocspDN = new Descriptor(IDescriptor.STRING, null, /* no constraint */
-                null, /* no default parameter */ 
+        Descriptor ocspDN = new Descriptor(IDescriptor.STRING, null, /*
+                                                                      * no
+                                                                      * constraint
+                                                                      */
+                null, /* no default parameter */
                 "OCSP Signing Certificate's DN");
 
         set.add("ocspDN", ocspDN);
@@ -124,7 +136,7 @@ public class NamePanel extends WizardPanelBase {
         StringTokenizer st = new StringTokenizer(list, ",");
         while (st.hasMoreTokens()) {
             String t = st.nextToken();
-            cs.remove("preop.cert."+t+".done");
+            cs.remove("preop.cert." + t + ".done");
         }
 
         try {
@@ -142,7 +154,8 @@ public class NamePanel extends WizardPanelBase {
             } else {
                 return true;
             }
-        } catch (EBaseException e) {}
+        } catch (EBaseException e) {
+        }
 
         return false;
     }
@@ -164,7 +177,7 @@ public class NamePanel extends WizardPanelBase {
         CMS.debug("NamePanel: display()");
         context.put("title", "Subject Names");
 
-        // update session id 
+        // update session id
         String session_id = request.getParameter("session_id");
         if (session_id != null) {
             CMS.debug("NamePanel setting session id.");
@@ -179,16 +192,16 @@ public class NamePanel extends WizardPanelBase {
         String hselect = "";
         String cstype = "";
         try {
-            //if CA, at the hierarchy panel, was it root or subord?
+            // if CA, at the hierarchy panel, was it root or subord?
             hselect = config.getString("preop.hierarchy.select", "");
             select = config.getString("preop.subsystem.select", "");
             cstype = config.getString("cs.type", "");
             context.put("select", select);
             if (cstype.equals("CA") && hselect.equals("root")) {
-                CMS.debug("NamePanel ca is root"); 
+                CMS.debug("NamePanel ca is root");
                 context.put("isRoot", "true");
             } else {
-                CMS.debug("NamePanel not ca or not root"); 
+                CMS.debug("NamePanel not ca or not root");
                 context.put("isRoot", "false");
             }
         } catch (Exception e) {
@@ -227,27 +240,27 @@ public class NamePanel extends WizardPanelBase {
 
                 String type = config.getString(PCERT_PREFIX + certTag + ".type");
                 c.setType(type);
-                boolean enable = config.getBoolean(PCERT_PREFIX+certTag+".enable", true);
+                boolean enable = config.getBoolean(PCERT_PREFIX + certTag + ".enable", true);
                 c.setEnable(enable);
 
-                String cert = config.getString(subsystem +"."+certTag +".cert", "");
-                String certreq = 
-                  config.getString(subsystem + "." +certTag +".certreq", "");
+                String cert = config.getString(subsystem + "." + certTag + ".cert", "");
+                String certreq =
+                        config.getString(subsystem + "." + certTag + ".certreq", "");
 
                 String dn = config.getString(PCERT_PREFIX + certTag + ".dn");
-                boolean override = config.getBoolean(PCERT_PREFIX + certTag + 
-                  ".cncomponent.override", true);
-		//o_sd is to add o=secritydomainname
+                boolean override = config.getBoolean(PCERT_PREFIX + certTag +
+                        ".cncomponent.override", true);
+                // o_sd is to add o=secritydomainname
                 boolean o_sd = config.getBoolean(PCERT_PREFIX + certTag +
-						 "o_securitydomain", true);
-		domainname = config.getString("securitydomain.name", "");
-		CMS.debug("NamePanel: display() override is "+override);
-		CMS.debug("NamePanel: display() o_securitydomain is "+o_sd);
-		CMS.debug("NamePanel: display() domainname is "+domainname);
+                         "o_securitydomain", true);
+                domainname = config.getString("securitydomain.name", "");
+                CMS.debug("NamePanel: display() override is " + override);
+                CMS.debug("NamePanel: display() o_securitydomain is " + o_sd);
+                CMS.debug("NamePanel: display() domainname is " + domainname);
 
                 boolean dnUpdated = false;
                 try {
-                    dnUpdated = config.getBoolean(PCERT_PREFIX+certTag+".updatedDN");
+                    dnUpdated = config.getBoolean(PCERT_PREFIX + certTag + ".updatedDN");
                 } catch (Exception e) {
                 }
 
@@ -259,16 +272,16 @@ public class NamePanel extends WizardPanelBase {
                     if (select.equals("clone") || dnUpdated) {
                         c.setDN(dn);
                     } else if (count != 0 && override && (cert.equals("") || certreq.equals(""))) {
-                        CMS.debug("NamePanel subsystemCount = "+count);
-                        c.setDN(dn + " "+count+ 
-                          ((!instanceId.equals(""))? (",OU=" + instanceId):"") +
-                          ((o_sd)? (",O=" + domainname):""));
-                        config.putBoolean(PCERT_PREFIX+certTag+".updatedDN", true);
+                        CMS.debug("NamePanel subsystemCount = " + count);
+                        c.setDN(dn + " " + count +
+                                ((!instanceId.equals("")) ? (",OU=" + instanceId) : "") +
+                                ((o_sd) ? (",O=" + domainname) : ""));
+                        config.putBoolean(PCERT_PREFIX + certTag + ".updatedDN", true);
                     } else {
-                        c.setDN(dn + 
-                            ((!instanceId.equals(""))? (",OU=" + instanceId):"") +
-                            ((o_sd)? (",O=" + domainname):""));
-                        config.putBoolean(PCERT_PREFIX+certTag+".updatedDN", true);
+                        c.setDN(dn +
+                                ((!instanceId.equals("")) ? (",OU=" + instanceId) : "") +
+                                ((o_sd) ? (",O=" + domainname) : ""));
+                        config.putBoolean(PCERT_PREFIX + certTag + ".updatedDN", true);
                     }
                 }
 
@@ -302,7 +315,8 @@ public class NamePanel extends WizardPanelBase {
         try {
             config.putString("preop.ca.list", list.toString());
             config.commit(false);
-        } catch (Exception e) {}
+        } catch (Exception e) {
+        }
 
         context.put("urls", v);
 
@@ -334,24 +348,24 @@ public class NamePanel extends WizardPanelBase {
         } // while
     }
 
-    /* 
+    /*
      * update some parameters for clones
      */
     public void updateCloneConfig(IConfigStore config)
-        throws EBaseException, IOException {
+            throws EBaseException, IOException {
         String cstype = config.getString("cs.type", null);
         cstype = toLowerCaseSubsystemType(cstype);
         if (cstype.equals("kra")) {
             String token = config.getString(PRE_CONF_CA_TOKEN);
             if (!token.equals("Internal Key Storage Token")) {
-                CMS.debug("NamePanel: updating configuration for KRA clone with hardware token");        
+                CMS.debug("NamePanel: updating configuration for KRA clone with hardware token");
                 String subsystem = config.getString(PCERT_PREFIX + "storage.subsystem");
                 String storageNickname = getNickname(config, "storage");
                 String transportNickname = getNickname(config, "transport");
 
                 config.putString(subsystem + ".storageUnit.hardware", token);
-                config.putString(subsystem + ".storageUnit.nickName", token+":"+storageNickname);
-                config.putString(subsystem + ".transportUnit.nickName", token+":"+transportNickname);
+                config.putString(subsystem + ".storageUnit.nickName", token + ":" + storageNickname);
+                config.putString(subsystem + ".transportUnit.nickName", token + ":" + transportNickname);
                 config.commit(false);
             } else { // software token
                 // parameters already set
@@ -361,12 +375,12 @@ public class NamePanel extends WizardPanelBase {
         // audit signing cert
         String audit_nn = config.getString(cstype + ".audit_signing" + ".nickname", "");
         String audit_tk = config.getString(cstype + ".audit_signing" + ".tokenname", "");
-	    if (!audit_tk.equals("Internal Key Storage Token") && !audit_tk.equals("")) {
+        if (!audit_tk.equals("Internal Key Storage Token") && !audit_tk.equals("")) {
             config.putString("log.instance.SignedAudit.signedAuditCertNickname",
-                audit_tk + ":" + audit_nn);
+                    audit_tk + ":" + audit_nn);
         } else {
             config.putString("log.instance.SignedAudit.signedAuditCertNickname",
-                audit_nn);
+                    audit_nn);
         }
     }
 
@@ -374,7 +388,7 @@ public class NamePanel extends WizardPanelBase {
      * get some of the "preop" parameters to persisting parameters
      */
     public void updateConfig(IConfigStore config, String certTag)
-        throws EBaseException, IOException {
+            throws EBaseException, IOException {
         String token = config.getString(PRE_CONF_CA_TOKEN);
         String subsystem = config.getString(PCERT_PREFIX + certTag + ".subsystem");
         CMS.debug("NamePanel: subsystem " + subsystem);
@@ -389,34 +403,35 @@ public class NamePanel extends WizardPanelBase {
             config.putString(subsystem + "." + certTag + ".certnickname", nickname);
         }
 
-        // if KRA, hardware token needs param "kra.storageUnit.hardware" in CS.cfg
+        // if KRA, hardware token needs param "kra.storageUnit.hardware" in
+        // CS.cfg
         String cstype = config.getString("cs.type", null);
         cstype = toLowerCaseSubsystemType(cstype);
         if (cstype.equals("kra")) {
-	    if (!token.equals("Internal Key Storage Token")) {
-	      if (certTag.equals("storage")) {
-                config.putString(subsystem + ".storageUnit.hardware", token);
-                config.putString(subsystem + ".storageUnit.nickName", token+":"+nickname);
-	      } else if (certTag.equals("transport")) {
-                config.putString(subsystem + ".transportUnit.nickName", token+":"+nickname);
-          }
-	    } else { // software token
-	      if (certTag.equals("storage")) {
-                config.putString(subsystem + ".storageUnit.nickName", nickname);
-	      } else if (certTag.equals("transport")) {
-                config.putString(subsystem + ".transportUnit.nickName", nickname);
-              }
-	    }
+            if (!token.equals("Internal Key Storage Token")) {
+                if (certTag.equals("storage")) {
+                    config.putString(subsystem + ".storageUnit.hardware", token);
+                    config.putString(subsystem + ".storageUnit.nickName", token + ":" + nickname);
+                } else if (certTag.equals("transport")) {
+                    config.putString(subsystem + ".transportUnit.nickName", token + ":" + nickname);
+                }
+            } else { // software token
+                if (certTag.equals("storage")) {
+                    config.putString(subsystem + ".storageUnit.nickName", nickname);
+                } else if (certTag.equals("transport")) {
+                    config.putString(subsystem + ".transportUnit.nickName", nickname);
+                }
+            }
         }
 
         String serverCertNickname = nickname;
         String path = CMS.getConfigStore().getString("instanceRoot", "");
         if (certTag.equals("sslserver")) {
-	        if (!token.equals("Internal Key Storage Token")) {
-                serverCertNickname = token+":"+nickname;
+            if (!token.equals("Internal Key Storage Token")) {
+                serverCertNickname = token + ":" + nickname;
             }
-            File file = new File(path+"/conf/serverCertNick.conf");
-            PrintStream ps = new PrintStream(new FileOutputStream(path+"/conf/serverCertNick.conf"));
+            File file = new File(path + "/conf/serverCertNick.conf");
+            PrintStream ps = new PrintStream(new FileOutputStream(path + "/conf/serverCertNick.conf"));
             ps.println(serverCertNickname);
             ps.close();
         }
@@ -424,23 +439,23 @@ public class NamePanel extends WizardPanelBase {
         config.putString(subsystem + "." + certTag + ".nickname", nickname);
         config.putString(subsystem + "." + certTag + ".tokenname", token);
         if (certTag.equals("audit_signing")) {
-	      if (!token.equals("Internal Key Storage Token") && !token.equals("")) {
-            config.putString("log.instance.SignedAudit.signedAuditCertNickname",
-                token + ":" + nickname);
-          } else {
-            config.putString("log.instance.SignedAudit.signedAuditCertNickname",
-                nickname);
-          }
+            if (!token.equals("Internal Key Storage Token") && !token.equals("")) {
+                config.putString("log.instance.SignedAudit.signedAuditCertNickname",
+                        token + ":" + nickname);
+            } else {
+                config.putString("log.instance.SignedAudit.signedAuditCertNickname",
+                        nickname);
+            }
         }
         /*
-        config.putString(CERT_PREFIX + certTag + ".defaultSigningAlgorithm",
-                "SHA1withRSA");
+         * config.putString(CERT_PREFIX + certTag + ".defaultSigningAlgorithm",
+         * "SHA1withRSA");
          */
 
         // for system certs verification
-	    if (!token.equals("Internal Key Storage Token") && !token.equals("")) {
+        if (!token.equals("Internal Key Storage Token") && !token.equals("")) {
             config.putString(subsystem + ".cert." + certTag + ".nickname",
-                token + ":" +  nickname);
+                    token + ":" + nickname);
         } else {
             config.putString(subsystem + ".cert." + certTag + ".nickname", nickname);
         }
@@ -459,7 +474,7 @@ public class NamePanel extends WizardPanelBase {
 
         IConfigStore config = CMS.getConfigStore();
         String caType = certObj.getType();
-        CMS.debug("NamePanel: in configCert caType is "+ caType);
+        CMS.debug("NamePanel: in configCert caType is " + caType);
         X509CertImpl cert = null;
         String certTag = certObj.getCertTag();
 
@@ -469,13 +484,13 @@ public class NamePanel extends WizardPanelBase {
                 String v = config.getString("preop.ca.type", "");
 
                 CMS.debug("NamePanel configCert: remote CA");
-                String pkcs10 = CertUtil.getPKCS10(config, PCERT_PREFIX, 
-                  certObj, context);
+                String pkcs10 = CertUtil.getPKCS10(config, PCERT_PREFIX,
+                        certObj, context);
                 certObj.setRequest(pkcs10);
                 String subsystem = config.getString(
                         PCERT_PREFIX + certTag + ".subsystem");
                 config.putString(subsystem + "." + certTag + ".certreq", pkcs10);
-                String profileId = config.getString(PCERT_PREFIX+certTag+".profile");
+                String profileId = config.getString(PCERT_PREFIX + certTag + ".profile");
                 String session_id = CMS.getConfigSDSessionId();
                 String sd_hostname = "";
                 int sd_ee_port = -1;
@@ -483,15 +498,15 @@ public class NamePanel extends WizardPanelBase {
                     sd_hostname = config.getString("securitydomain.host", "");
                     sd_ee_port = config.getInteger("securitydomain.httpseeport", -1);
                 } catch (Exception ee) {
-                    CMS.debug("NamePanel: configCert() exception caught:"+ee.toString());
+                    CMS.debug("NamePanel: configCert() exception caught:" + ee.toString());
                 }
                 String sysType = config.getString("cs.type", "");
                 String machineName = config.getString("machineName", "");
                 String securePort = config.getString("service.securePort", "");
                 if (certTag.equals("subsystem")) {
-                    String content = "requestor_name=" + sysType + "-" + machineName + "-" + securePort + "&profileId="+profileId+"&cert_request_type=pkcs10&cert_request="+URLEncoder.encode(pkcs10, "UTF-8")+"&xmlOutput=true&sessionID="+session_id;
-                    cert = CertUtil.createRemoteCert(sd_hostname, sd_ee_port, 
-                      content, response, this);
+                    String content = "requestor_name=" + sysType + "-" + machineName + "-" + securePort + "&profileId=" + profileId + "&cert_request_type=pkcs10&cert_request=" + URLEncoder.encode(pkcs10, "UTF-8") + "&xmlOutput=true&sessionID=" + session_id;
+                    cert = CertUtil.createRemoteCert(sd_hostname, sd_ee_port,
+                            content, response, this);
                     if (cert == null) {
                         throw new IOException("Error: remote certificate is null");
                     }
@@ -504,18 +519,18 @@ public class NamePanel extends WizardPanelBase {
                     } catch (Exception ee) {
                     }
 
-                    String content = "requestor_name=" + sysType + "-" + machineName + "-" + securePort + "&profileId="+profileId+"&cert_request_type=pkcs10&cert_request="+URLEncoder.encode(pkcs10, "UTF-8")+"&xmlOutput=true&sessionID="+session_id;
-                    cert = CertUtil.createRemoteCert(ca_hostname, ca_port, 
-                      content, response, this);
+                    String content = "requestor_name=" + sysType + "-" + machineName + "-" + securePort + "&profileId=" + profileId + "&cert_request_type=pkcs10&cert_request=" + URLEncoder.encode(pkcs10, "UTF-8") + "&xmlOutput=true&sessionID=" + session_id;
+                    cert = CertUtil.createRemoteCert(ca_hostname, ca_port,
+                            content, response, this);
                     if (cert == null) {
                         throw new IOException("Error: remote certificate is null");
                     }
                 } else if (v.equals("otherca")) {
                     config.putString(subsystem + "." + certTag + ".cert",
                             "...paste certificate here...");
-                } else {  
+                } else {
                     CMS.debug("NamePanel: no preop.ca.type is provided");
-                }    
+                }
             } else { // not remote CA, ie, self-signed or local
                 ISubsystem ca = CMS.getSubsystem(ICertificateAuthority.ID);
 
@@ -524,76 +539,76 @@ public class NamePanel extends WizardPanelBase {
 
                     CMS.debug(
                             "The value for " + s
-                            + " should be remote, nothing else.");
+                                    + " should be remote, nothing else.");
                     throw new IOException(
                             "The value for " + s + " should be remote");
-                } 
-      
+                }
+
                 String pubKeyType = config.getString(
                         PCERT_PREFIX + certTag + ".keytype");
                 if (pubKeyType.equals("rsa")) {
 
-                  String pubKeyModulus = config.getString(
-                        PCERT_PREFIX + certTag + ".pubkey.modulus");
-                  String pubKeyPublicExponent = config.getString(
-                        PCERT_PREFIX + certTag + ".pubkey.exponent");
-                  String subsystem = config.getString(
-                        PCERT_PREFIX + certTag + ".subsystem");
+                    String pubKeyModulus = config.getString(
+                            PCERT_PREFIX + certTag + ".pubkey.modulus");
+                    String pubKeyPublicExponent = config.getString(
+                            PCERT_PREFIX + certTag + ".pubkey.exponent");
+                    String subsystem = config.getString(
+                            PCERT_PREFIX + certTag + ".subsystem");
 
-                  if (certTag.equals("signing")) {
-                    X509Key x509key = CryptoUtil.getPublicX509Key(
-                            CryptoUtil.string2byte(pubKeyModulus),
-                            CryptoUtil.string2byte(pubKeyPublicExponent));
-
-                    cert = CertUtil.createLocalCert(config, x509key,
-                            PCERT_PREFIX, certTag, caType, context);
-                  } else {
-                    String cacert = config.getString("ca.signing.cert", "");
-
-                    if (cacert.equals("") || cacert.startsWith("...")) {
-                        certObj.setCert(
-                                "...certificate be generated internally...");
-                        config.putString(subsystem + "." + certTag + ".cert",
-                                "...certificate be generated internally...");
-                    } else {
+                    if (certTag.equals("signing")) {
                         X509Key x509key = CryptoUtil.getPublicX509Key(
                                 CryptoUtil.string2byte(pubKeyModulus),
                                 CryptoUtil.string2byte(pubKeyPublicExponent));
 
                         cert = CertUtil.createLocalCert(config, x509key,
                                 PCERT_PREFIX, certTag, caType, context);
+                    } else {
+                        String cacert = config.getString("ca.signing.cert", "");
+
+                        if (cacert.equals("") || cacert.startsWith("...")) {
+                            certObj.setCert(
+                                    "...certificate be generated internally...");
+                            config.putString(subsystem + "." + certTag + ".cert",
+                                    "...certificate be generated internally...");
+                        } else {
+                            X509Key x509key = CryptoUtil.getPublicX509Key(
+                                    CryptoUtil.string2byte(pubKeyModulus),
+                                    CryptoUtil.string2byte(pubKeyPublicExponent));
+
+                            cert = CertUtil.createLocalCert(config, x509key,
+                                    PCERT_PREFIX, certTag, caType, context);
+                        }
                     }
-                  }
                 } else if (pubKeyType.equals("ecc")) {
-                  String pubKeyEncoded = config.getString(
-                        PCERT_PREFIX + certTag + ".pubkey.encoded");
-                  String subsystem = config.getString(
-                        PCERT_PREFIX + certTag + ".subsystem");
-
-                  if (certTag.equals("signing")) {
+                    String pubKeyEncoded = config.getString(
+                            PCERT_PREFIX + certTag + ".pubkey.encoded");
+                    String subsystem = config.getString(
+                            PCERT_PREFIX + certTag + ".subsystem");
 
-                    X509Key x509key = CryptoUtil.getPublicX509ECCKey(CryptoUtil.string2byte(pubKeyEncoded));
-                    cert = CertUtil.createLocalCert(config, x509key,
-                            PCERT_PREFIX, certTag, caType, context);
-                  } else {
-                    String cacert = config.getString("ca.signing.cert", "");
-
-                    if (cacert.equals("") || cacert.startsWith("...")) {
-                        certObj.setCert(
-                                "...certificate be generated internally...");
-                        config.putString(subsystem + "." + certTag + ".cert",
-                                "...certificate be generated internally...");
-                    } else {
-                        X509Key x509key = CryptoUtil.getPublicX509ECCKey(
-                                CryptoUtil.string2byte(pubKeyEncoded));
+                    if (certTag.equals("signing")) {
 
+                        X509Key x509key = CryptoUtil.getPublicX509ECCKey(CryptoUtil.string2byte(pubKeyEncoded));
                         cert = CertUtil.createLocalCert(config, x509key,
                                 PCERT_PREFIX, certTag, caType, context);
+                    } else {
+                        String cacert = config.getString("ca.signing.cert", "");
+
+                        if (cacert.equals("") || cacert.startsWith("...")) {
+                            certObj.setCert(
+                                    "...certificate be generated internally...");
+                            config.putString(subsystem + "." + certTag + ".cert",
+                                    "...certificate be generated internally...");
+                        } else {
+                            X509Key x509key = CryptoUtil.getPublicX509ECCKey(
+                                    CryptoUtil.string2byte(pubKeyEncoded));
+
+                            cert = CertUtil.createLocalCert(config, x509key,
+                                    PCERT_PREFIX, certTag, caType, context);
+                        }
                     }
-                  }
                 } else {
-                   // invalid key type
-                   CMS.debug("Invalid key type " + pubKeyType);
+                    // invalid key type
+                    CMS.debug("Invalid key type " + pubKeyType);
                 }
                 if (cert != null) {
                     if (certTag.equals("subsystem"))
@@ -605,7 +620,7 @@ public class NamePanel extends WizardPanelBase {
                 byte[] certb = cert.getEncoded();
                 String certs = CryptoUtil.base64Encode(certb);
 
-               // certObj.setCert(certs);
+                // certObj.setCert(certs);
                 String subsystem = config.getString(
                         PCERT_PREFIX + certTag + ".subsystem");
                 config.putString(subsystem + "." + certTag + ".cert", certs);
@@ -617,58 +632,57 @@ public class NamePanel extends WizardPanelBase {
             CMS.debug("NamePanel configCert() exception caught:" + e.toString());
         }
     }
- 
+
     public void configCertWithTag(HttpServletRequest request,
             HttpServletResponse response,
-            Context context, String tag) throws IOException 
-   {
-            CMS.debug("NamePanel: configCertWithTag start");
-            Enumeration c = mCerts.elements();
-            IConfigStore config = CMS.getConfigStore();
-         
-            while (c.hasMoreElements()) {
-                Cert cert = (Cert) c.nextElement();
-                String ct = cert.getCertTag(); 
-                CMS.debug("NamePanel: configCertWithTag ct=" + ct + 
-                        " tag=" +tag);
-                if (ct.equals(tag)) {
-                    try {
-                        String nickname = HttpInput.getNickname(request, ct + "_nick");
-                        if (nickname != null) {
-                            CMS.debug("configCertWithTag: Setting nickname for " + ct + " to " + nickname);
-                            config.putString(PCERT_PREFIX  + ct + ".nickname", nickname);
-                            cert.setNickname(nickname);
-                            config.commit(false);
-			}
-                        String dn = HttpInput.getDN(request, ct);
-                        if (dn != null) {
-                            config.putString(PCERT_PREFIX + ct + ".dn", dn);
-                            config.commit(false);
-                        }
-                    } catch (Exception e) {
-                        CMS.debug("NamePanel: configCertWithTag: Exception in setting nickname for " + ct + ": " + e.toString());
-                    }
+            Context context, String tag) throws IOException {
+        CMS.debug("NamePanel: configCertWithTag start");
+        Enumeration c = mCerts.elements();
+        IConfigStore config = CMS.getConfigStore();
 
-                    configCert(request, response, context, cert);
-                    CMS.debug("NamePanel: configCertWithTag done with tag=" + tag);
-                    return;
+        while (c.hasMoreElements()) {
+            Cert cert = (Cert) c.nextElement();
+            String ct = cert.getCertTag();
+            CMS.debug("NamePanel: configCertWithTag ct=" + ct +
+                        " tag=" + tag);
+            if (ct.equals(tag)) {
+                try {
+                    String nickname = HttpInput.getNickname(request, ct + "_nick");
+                    if (nickname != null) {
+                        CMS.debug("configCertWithTag: Setting nickname for " + ct + " to " + nickname);
+                        config.putString(PCERT_PREFIX + ct + ".nickname", nickname);
+                        cert.setNickname(nickname);
+                        config.commit(false);
+                    }
+                    String dn = HttpInput.getDN(request, ct);
+                    if (dn != null) {
+                        config.putString(PCERT_PREFIX + ct + ".dn", dn);
+                        config.commit(false);
+                    }
+                } catch (Exception e) {
+                    CMS.debug("NamePanel: configCertWithTag: Exception in setting nickname for " + ct + ": " + e.toString());
                 }
-           }
-            CMS.debug("NamePanel: configCertWithTag done");
+
+                configCert(request, response, context, cert);
+                CMS.debug("NamePanel: configCertWithTag done with tag=" + tag);
+                return;
+            }
+        }
+        CMS.debug("NamePanel: configCertWithTag done");
     }
 
     private boolean inputChanged(HttpServletRequest request)
-      throws IOException {
-        IConfigStore config = CMS.getConfigStore();         
-       
+            throws IOException {
+        IConfigStore config = CMS.getConfigStore();
+
         boolean hasChanged = false;
         try {
             Enumeration c = mCerts.elements();
 
             while (c.hasMoreElements()) {
                 Cert cert = (Cert) c.nextElement();
-                String ct = cert.getCertTag(); 
-                boolean enable = config.getBoolean(PCERT_PREFIX+ct+".enable", true);
+                String ct = cert.getCertTag();
+                boolean enable = config.getBoolean(PCERT_PREFIX + ct + ".enable", true);
                 if (!enable)
                     continue;
 
@@ -679,10 +693,10 @@ public class NamePanel extends WizardPanelBase {
                 if (!olddn.equals(dn))
                     hasChanged = true;
 
-               String oldnick = config.getString(PCERT_PREFIX + ct + ".nickname");
-               String nick = HttpInput.getNickname(request, ct + "_nick");
-               if (!oldnick.equals(nick))
-                   hasChanged = true;
+                String oldnick = config.getString(PCERT_PREFIX + ct + ".nickname");
+                String nick = HttpInput.getNickname(request, ct + "_nick");
+                if (!oldnick.equals(nick))
+                    hasChanged = true;
 
             }
         } catch (Exception e) {
@@ -690,34 +704,34 @@ public class NamePanel extends WizardPanelBase {
 
         return hasChanged;
     }
-   
-    public String getURL(HttpServletRequest request, IConfigStore config)
-    {
+
+    public String getURL(HttpServletRequest request, IConfigStore config) {
         String index = request.getParameter("urls");
-        if (index == null){
-          return null;
+        if (index == null) {
+            return null;
         }
         String url = "";
         if (index.startsWith("http")) {
-           // user may submit url directlry
-           url = index;
+            // user may submit url directlry
+            url = index;
         } else {
-          try {
-            int x = Integer.parseInt(index);
-            String list = config.getString("preop.ca.list", "");
-            StringTokenizer tokenizer = new StringTokenizer(list, ",");
-            int counter = 0;
-
-            while (tokenizer.hasMoreTokens()) {
-                url = tokenizer.nextToken();
-                if (counter == x) {
-                    break;
+            try {
+                int x = Integer.parseInt(index);
+                String list = config.getString("preop.ca.list", "");
+                StringTokenizer tokenizer = new StringTokenizer(list, ",");
+                int counter = 0;
+
+                while (tokenizer.hasMoreTokens()) {
+                    url = tokenizer.nextToken();
+                    if (counter == x) {
+                        break;
+                    }
+                    counter++;
                 }
-                counter++;
+            } catch (Exception e) {
             }
-          } catch (Exception e) {}
         }
-       return url;
+        return url;
     }
 
     /**
@@ -727,7 +741,7 @@ public class NamePanel extends WizardPanelBase {
             HttpServletResponse response,
             Context context) throws IOException {
         CMS.debug("NamePanel: in update()");
-	boolean hasErr = false;
+        boolean hasErr = false;
 
         if (inputChanged(request)) {
             mServlet.cleanUpFromPanel(mServlet.getPanelNo(request));
@@ -736,12 +750,12 @@ public class NamePanel extends WizardPanelBase {
             return;
         }
 
-        IConfigStore config = CMS.getConfigStore();         
+        IConfigStore config = CMS.getConfigStore();
 
         String hselect = "";
         ISubsystem subsystem = CMS.getSubsystem(ICertificateAuthority.ID);
         try {
-            //if CA, at the hierarchy panel, was it root or subord?
+            // if CA, at the hierarchy panel, was it root or subord?
             hselect = config.getString("preop.hierarchy.select", "");
             String cstype = config.getString("preop.subsystem.select", "");
             if (cstype.equals("clone")) {
@@ -750,13 +764,14 @@ public class NamePanel extends WizardPanelBase {
                 configCertWithTag(request, response, context, "sslserver");
                 String url = getURL(request, config);
                 if (url != null && !url.equals("External CA")) {
-                   // preop.ca.url and admin port are required for setting KRA connector
-                   url = url.substring(url.indexOf("https"));
-                   config.putString("preop.ca.url", url);
+                    // preop.ca.url and admin port are required for setting KRA
+                    // connector
+                    url = url.substring(url.indexOf("https"));
+                    config.putString("preop.ca.url", url);
 
-                   URL urlx = new URL(url);
-                   updateCloneSDCAInfo(request, context, urlx.getHost(),
-                        Integer.toString(urlx.getPort()));
+                    URL urlx = new URL(url);
+                    updateCloneSDCAInfo(request, context, urlx.getHost(),
+                            Integer.toString(urlx.getPort()));
 
                 }
                 updateCloneConfig(config);
@@ -770,50 +785,51 @@ public class NamePanel extends WizardPanelBase {
             return;
         }
 
-        //if no hselect, then not CA
-      if (hselect.equals("") || hselect.equals("join")) {
-        String select = null;
-        String url = getURL(request, config);
+        // if no hselect, then not CA
+        if (hselect.equals("") || hselect.equals("join")) {
+            String select = null;
+            String url = getURL(request, config);
 
-        URL urlx = null;
+            URL urlx = null;
 
-        if (url.equals("External CA")) {
-            CMS.debug("NamePanel: external CA selected");
-            select = "otherca";
-            config.putString("preop.ca.type", "otherca");
-            if (subsystem != null) {
-                config.putString(PCERT_PREFIX+"signing.type", "remote");
-            }
+            if (url.equals("External CA")) {
+                CMS.debug("NamePanel: external CA selected");
+                select = "otherca";
+                config.putString("preop.ca.type", "otherca");
+                if (subsystem != null) {
+                    config.putString(PCERT_PREFIX + "signing.type", "remote");
+                }
 
-            config.putString("preop.ca.pkcs7", "");
-            config.putInteger("preop.ca.certchain.size", 0);
-            context.put("check_otherca", "checked");
-            CMS.debug("NamePanel: update: this is the external CA.");
-        } else {
-            CMS.debug("NamePanel: local CA selected");
-            select = "sdca";
-            // parse URL (CA1 - https://...)
-            url = url.substring(url.indexOf("https"));
-            config.putString("preop.ca.url", url);
-
-            urlx = new URL(url);
-            config.putString("preop.ca.type", "sdca");
-            CMS.debug("NamePanel: update: this is a CA in the security domain.");
-            context.put("check_sdca", "checked");
-            sdca(request, context, urlx.getHost(),
-                    Integer.toString(urlx.getPort()));
-            if (subsystem != null) {
-                config.putString(PCERT_PREFIX + "signing.type", "remote");
-                config.putString(PCERT_PREFIX + "signing.profile",
-                        "caInstallCACert");
+                config.putString("preop.ca.pkcs7", "");
+                config.putInteger("preop.ca.certchain.size", 0);
+                context.put("check_otherca", "checked");
+                CMS.debug("NamePanel: update: this is the external CA.");
+            } else {
+                CMS.debug("NamePanel: local CA selected");
+                select = "sdca";
+                // parse URL (CA1 - https://...)
+                url = url.substring(url.indexOf("https"));
+                config.putString("preop.ca.url", url);
+
+                urlx = new URL(url);
+                config.putString("preop.ca.type", "sdca");
+                CMS.debug("NamePanel: update: this is a CA in the security domain.");
+                context.put("check_sdca", "checked");
+                sdca(request, context, urlx.getHost(),
+                        Integer.toString(urlx.getPort()));
+                if (subsystem != null) {
+                    config.putString(PCERT_PREFIX + "signing.type", "remote");
+                    config.putString(PCERT_PREFIX + "signing.profile",
+                            "caInstallCACert");
+                }
             }
-        }
 
-        try {
-            config.commit(false);
-        } catch (Exception e) {}
+            try {
+                config.commit(false);
+            } catch (Exception e) {
+            }
 
-     }
+        }
 
         try {
 
@@ -821,13 +837,13 @@ public class NamePanel extends WizardPanelBase {
 
             while (c.hasMoreElements()) {
                 Cert cert = (Cert) c.nextElement();
-                String ct = cert.getCertTag(); 
+                String ct = cert.getCertTag();
                 String tokenname = cert.getTokenname();
-                boolean enable = config.getBoolean(PCERT_PREFIX+ct+".enable", true);
+                boolean enable = config.getBoolean(PCERT_PREFIX + ct + ".enable", true);
                 if (!enable)
                     continue;
 
-                boolean certDone = config.getBoolean(PCERT_PREFIX+ct+".done", false);
+                boolean certDone = config.getBoolean(PCERT_PREFIX + ct + ".done", false);
                 if (certDone)
                     continue;
 
@@ -850,32 +866,32 @@ public class NamePanel extends WizardPanelBase {
 
                 try {
                     configCert(request, response, context, cert);
-                    config.putBoolean("preop.cert."+cert.getCertTag()+".done", 
-                      true);
+                    config.putBoolean("preop.cert." + cert.getCertTag() + ".done",
+                            true);
                     config.commit(false);
                 } catch (Exception e) {
                     CMS.debug(
                             "NamePanel: update() exception caught:"
                                     + e.toString());
-		    hasErr = true;
+                    hasErr = true;
                     System.err.println("Exception caught: " + e.toString());
                 }
 
-            } // while 
-	        if (hasErr == false) {
-              config.putBoolean("preop.NamePanel.done", true);
-              config.commit(false);
-	        }
+            } // while
+            if (hasErr == false) {
+                config.putBoolean("preop.NamePanel.done", true);
+                config.commit(false);
+            }
 
         } catch (Exception e) {
             CMS.debug("NamePanel: Exception caught: " + e.toString());
             System.err.println("Exception caught: " + e.toString());
         }// try
 
-
         try {
             config.commit(false);
-        } catch (Exception e) {}
+        } catch (Exception e) {
+        }
 
         if (!hasErr) {
             context.put("updateStatus", "success");
@@ -897,15 +913,15 @@ public class NamePanel extends WizardPanelBase {
 
         // Retrieve the associated HTTPS Admin port so that it
         // may be stored for use with ImportAdminCertPanel
-        https_admin_port = getSecurityDomainAdminPort( config,
+        https_admin_port = getSecurityDomainAdminPort(config,
                                                        hostname,
                                                        httpsPortStr,
-                                                       "CA" );
+                                                       "CA");
 
         int httpsport = -1;
 
         try {
-             httpsport = Integer.parseInt(httpsPortStr);
+            httpsport = Integer.parseInt(httpsPortStr);
         } catch (Exception e) {
             CMS.debug(
                     "NamePanel update: Https port is not valid. Exception: "
@@ -934,15 +950,15 @@ public class NamePanel extends WizardPanelBase {
 
         // Retrieve the associated HTTPS Admin port so that it
         // may be stored for use with ImportAdminCertPanel
-        https_admin_port = getSecurityDomainAdminPort( config,
+        https_admin_port = getSecurityDomainAdminPort(config,
                                                        hostname,
                                                        httpsPortStr,
-                                                       "CA" );
+                                                       "CA");
 
         int httpsport = -1;
 
         try {
-             httpsport = Integer.parseInt(httpsPortStr);
+            httpsport = Integer.parseInt(httpsPortStr);
         } catch (Exception e) {
             CMS.debug(
                     "NamePanel update: Https port is not valid. Exception: "
@@ -954,21 +970,19 @@ public class NamePanel extends WizardPanelBase {
         config.putString("preop.ca.httpsport", httpsPortStr);
         config.putString("preop.ca.httpsadminport", https_admin_port);
         ConfigCertApprovalCallback certApprovalCallback = new ConfigCertApprovalCallback();
-        updateCertChainUsingSecureEEPort( config, "ca", hostname,
+        updateCertChainUsingSecureEEPort(config, "ca", hostname,
                                           httpsport, true, context,
-                                          certApprovalCallback );
+                                          certApprovalCallback);
         try {
-           CMS.debug("Importing CA chain");
-           importCertChain("ca");
+            CMS.debug("Importing CA chain");
+            importCertChain("ca");
         } catch (Exception e1) {
-           CMS.debug("Failed in importing CA chain");
+            CMS.debug("Failed in importing CA chain");
         }
     }
 
-
     public void initParams(HttpServletRequest request, Context context)
-                   throws IOException
-    {
+                   throws IOException {
         context.put("certs", mCerts);
     }
 
@@ -977,10 +991,9 @@ public class NamePanel extends WizardPanelBase {
      */
     public void displayError(HttpServletRequest request,
             HttpServletResponse response,
-            Context context) 
-    {
+            Context context) {
         try {
-          initParams(request, context);
+            initParams(request, context);
         } catch (IOException e) {
         }
         context.put("title", "Subject Names");
diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/RegisterUser.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/RegisterUser.java
index cf37fdff..28fdfd84 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/RegisterUser.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/RegisterUser.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.servlet.csadmin;
 
-
 import java.io.IOException;
 import java.security.cert.X509Certificate;
 import java.util.Enumeration;
@@ -50,11 +49,9 @@ import com.netscape.cms.servlet.common.ICMSTemplateFiller;
 import com.netscape.cmsutil.xml.XMLObject;
 
 /**
- * This servlet creates a TPS user in the CA,
- * and it associates TPS's server certificate to
- * the user. Finally, it addes the user to the
- * administrator group. This procedure will 
- * allows TPS to connect to the CA for certificate
+ * This servlet creates a TPS user in the CA, and it associates TPS's server
+ * certificate to the user. Finally, it addes the user to the administrator
+ * group. This procedure will allows TPS to connect to the CA for certificate
  * issuance.
  */
 public class RegisterUser extends CMSServlet {
@@ -68,8 +65,7 @@ public class RegisterUser extends CMSServlet {
     private final static String AUTH_FAILURE = "2";
     private String mGroupName = null;
     private final static String LOGGING_SIGNED_AUDIT_CONFIG_ROLE =
-        "LOGGING_SIGNED_AUDIT_CONFIG_ROLE_3";
-
+            "LOGGING_SIGNED_AUDIT_CONFIG_ROLE_3";
 
     public RegisterUser() {
         super();
@@ -77,6 +73,7 @@ public class RegisterUser extends CMSServlet {
 
     /**
      * initialize the servlet.
+     * 
      * @param sc servlet configuration, read from the web.xml file
      */
     public void init(ServletConfig sc) throws ServletException {
@@ -88,7 +85,7 @@ public class RegisterUser extends CMSServlet {
     }
 
     /**
-     * Process the HTTP request. 
+     * Process the HTTP request.
      */
     protected void process(CMSRequest cmsReq) throws EBaseException {
         CMS.debug("UpdateUpdater: processing...");
@@ -102,9 +99,9 @@ public class RegisterUser extends CMSServlet {
             CMS.debug("RegisterUser authentication successful.");
         } catch (Exception e) {
             CMS.debug("RegisterUser: authentication failed.");
-            log(ILogger.LL_FAILURE, 
+            log(ILogger.LL_FAILURE,
                     CMS.getLogMessage("CMSGW_ERR_BAD_SERV_OUT_STREAM", "",
-                    e.toString()));
+                            e.toString()));
             outputError(httpResp, AUTH_FAILURE, "Error: Not authenticated");
             return;
         }
@@ -117,19 +114,19 @@ public class RegisterUser extends CMSServlet {
 
         AuthzToken authzToken = null;
         try {
-            authzToken = authorize(mAclMethod, authToken, mAuthzResourceName, 
-              "modify");
+            authzToken = authorize(mAclMethod, authToken, mAuthzResourceName,
+                    "modify");
             CMS.debug("RegisterUser authorization successful.");
         } catch (EAuthzAccessDenied e) {
             log(ILogger.LL_FAILURE,
-                CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+                    CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
             outputError(httpResp, "Error: Not authorized");
             return;
         } catch (Exception e) {
             log(ILogger.LL_FAILURE,
-                CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+                    CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
             outputError(httpResp,
-                "Error: Encountered problem during authorization.");
+                    "Error: Encountered problem during authorization.");
             return;
         }
 
@@ -150,93 +147,93 @@ public class RegisterUser extends CMSServlet {
 
         String auditMessage = null;
         String auditSubjectID = auditSubjectID();
-        String auditParams = "Scope;;users+Operation;;OP_ADD+source;;RegisterUser" + 
-                             "+Resource;;"+ uid +
-                             "+fullname;;"+ name + 
+        String auditParams = "Scope;;users+Operation;;OP_ADD+source;;RegisterUser" +
+                             "+Resource;;" + uid +
+                             "+fullname;;" + name +
                              "+state;;1" +
                              "+userType;;<null>+email;;<null>+password;;<null>+phone;;<null>";
 
-        IUGSubsystem ugsys = (IUGSubsystem)CMS.getSubsystem(CMS.SUBSYSTEM_UG);
+        IUGSubsystem ugsys = (IUGSubsystem) CMS.getSubsystem(CMS.SUBSYSTEM_UG);
 
         IUser user = null;
         boolean foundByCert = false;
         X509Certificate certs[] = new X509Certificate[1];
         try {
 
-          byte bCert[] = null;
-          X509CertImpl cert = null;
-          bCert = (byte[]) (com.netscape.osutil.OSUtil.AtoB(certsString));
-          cert = new X509CertImpl(bCert);
-          certs[0] = (X509Certificate)cert;
-
-          // test to see if the cert already belongs to a user
-          ICertUserLocator cul = ugsys.getCertUserLocator();
-          com.netscape.certsrv.usrgrp.Certificates c =
-            new com.netscape.certsrv.usrgrp.Certificates(certs);
-          user = (IUser) cul.locateUser(c);
+            byte bCert[] = null;
+            X509CertImpl cert = null;
+            bCert = (byte[]) (com.netscape.osutil.OSUtil.AtoB(certsString));
+            cert = new X509CertImpl(bCert);
+            certs[0] = (X509Certificate) cert;
+
+            // test to see if the cert already belongs to a user
+            ICertUserLocator cul = ugsys.getCertUserLocator();
+            com.netscape.certsrv.usrgrp.Certificates c =
+                    new com.netscape.certsrv.usrgrp.Certificates(certs);
+            user = (IUser) cul.locateUser(c);
         } catch (Exception ec) {
-            CMS.debug("RegisterUser: exception thrown: "+ec.toString());
+            CMS.debug("RegisterUser: exception thrown: " + ec.toString());
         }
         if (user == null) {
-          CMS.debug("RegisterUser NOT found user by cert");
-          try { 
-            user = ugsys.getUser(uid);
-            CMS.debug("RegisterUser found user by uid "+uid);
-          } catch (Exception eee) {
-          } 
+            CMS.debug("RegisterUser NOT found user by cert");
+            try {
+                user = ugsys.getUser(uid);
+                CMS.debug("RegisterUser found user by uid " + uid);
+            } catch (Exception eee) {
+            }
         } else {
-          foundByCert = true;
-          CMS.debug("RegisterUser found user by cert");
+            foundByCert = true;
+            CMS.debug("RegisterUser found user by cert");
         }
-    
-        try { 
-
-          if (user == null) {
-            // create user only if such user does not exist
-            user = ugsys.createUser(uid);
-            user.setFullName(name);
-            user.setState("1");
-            user.setUserType("");
-            user.setEmail("");
-            user.setPhone("");
-            user.setPassword("");
-
-            ugsys.addUser(user);
-            CMS.debug("RegisterUser created user " + uid);
-            auditMessage = CMS.getLogMessage(
+
+        try {
+
+            if (user == null) {
+                // create user only if such user does not exist
+                user = ugsys.createUser(uid);
+                user.setFullName(name);
+                user.setState("1");
+                user.setUserType("");
+                user.setEmail("");
+                user.setPhone("");
+                user.setPassword("");
+
+                ugsys.addUser(user);
+                CMS.debug("RegisterUser created user " + uid);
+                auditMessage = CMS.getLogMessage(
                               LOGGING_SIGNED_AUDIT_CONFIG_ROLE,
                               auditSubjectID,
                               ILogger.SUCCESS,
                               auditParams);
-            audit(auditMessage);
-          }
-
-          // extract all line separators
-          StringBuffer sb = new StringBuffer();
-          for (int i = 0; i < certsString.length(); i++) {
-              if (!Character.isWhitespace(certsString.charAt(i))) {
-                  sb.append(certsString.charAt(i));
-              }
-          }
-          certsString = sb.toString();
-
-          auditParams = "Scope;;certs+Operation;;OP_ADD+source;;RegisterUser" +
-                        "+Resource;;"+ uid +
-                        "+cert;;"+certsString;
-
-          user.setX509Certificates(certs);
-          if (!foundByCert) {
-            ugsys.addUserCert(user);
-            CMS.debug("RegisterUser added user certificate");
-            auditMessage = CMS.getLogMessage(
+                audit(auditMessage);
+            }
+
+            // extract all line separators
+            StringBuffer sb = new StringBuffer();
+            for (int i = 0; i < certsString.length(); i++) {
+                if (!Character.isWhitespace(certsString.charAt(i))) {
+                    sb.append(certsString.charAt(i));
+                }
+            }
+            certsString = sb.toString();
+
+            auditParams = "Scope;;certs+Operation;;OP_ADD+source;;RegisterUser" +
+                        "+Resource;;" + uid +
+                        "+cert;;" + certsString;
+
+            user.setX509Certificates(certs);
+            if (!foundByCert) {
+                ugsys.addUserCert(user);
+                CMS.debug("RegisterUser added user certificate");
+                auditMessage = CMS.getLogMessage(
                               LOGGING_SIGNED_AUDIT_CONFIG_ROLE,
                               auditSubjectID,
                               ILogger.SUCCESS,
                               auditParams);
-            audit(auditMessage);
-          } else
-            CMS.debug("RegisterUser no need to add user certificate");
-         } catch (Exception eee) {
+                audit(auditMessage);
+            } else
+                CMS.debug("RegisterUser no need to add user certificate");
+        } catch (Exception eee) {
             CMS.debug("RegisterUser error " + eee.toString());
             auditMessage = CMS.getLogMessage(
                                 LOGGING_SIGNED_AUDIT_CONFIG_ROLE,
@@ -249,20 +246,19 @@ public class RegisterUser extends CMSServlet {
             return;
         }
 
-
         // add user to the group
         auditParams = "Scope;;groups+Operation;;OP_MODIFY+source;;RegisterUser" +
-                      "+Resource;;"+ mGroupName;
+                      "+Resource;;" + mGroupName;
         try {
             Enumeration groups = ugsys.findGroups(mGroupName);
-            IGroup group = (IGroup)groups.nextElement();
+            IGroup group = (IGroup) groups.nextElement();
 
             auditParams += "+user;;";
             Enumeration members = group.getMemberNames();
             while (members.hasMoreElements()) {
                 auditParams += (String) members.nextElement();
                 if (members.hasMoreElements()) {
-                    auditParams +=",";
+                    auditParams += ",";
                 }
             }
 
@@ -280,15 +276,15 @@ public class RegisterUser extends CMSServlet {
 
                 audit(auditMessage);
             }
-         } catch (Exception e) {
-             auditMessage = CMS.getLogMessage(
+        } catch (Exception e) {
+            auditMessage = CMS.getLogMessage(
                                LOGGING_SIGNED_AUDIT_CONFIG_ROLE,
                                auditSubjectID,
                                ILogger.FAILURE,
                                auditParams);
 
-             audit(auditMessage);
-         }
+            audit(auditMessage);
+        }
 
         // send success status back to the requestor
         try {
@@ -305,14 +301,23 @@ public class RegisterUser extends CMSServlet {
         }
     }
 
-    protected void setDefaultTemplates(ServletConfig sc) {}
+    protected void setDefaultTemplates(ServletConfig sc) {
+    }
 
     protected void renderTemplate(
             CMSRequest cmsReq, String templateName, ICMSTemplateFiller filler)
-        throws IOException {// do nothing
-    } 
+            throws IOException {// do nothing
+    }
 
-    protected void renderResult(CMSRequest cmsReq) throws IOException {// do nothing, ie, it will not return the default javascript.
+    protected void renderResult(CMSRequest cmsReq) throws IOException {// do
+                                                                       // nothing,
+                                                                       // ie, it
+                                                                       // will
+                                                                       // not
+                                                                       // return
+                                                                       // the
+                                                                       // default
+                                                                       // javascript.
     }
 
     /**
diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/RestoreKeyCertPanel.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/RestoreKeyCertPanel.java
index 76f5a749..4763f814 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/RestoreKeyCertPanel.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/RestoreKeyCertPanel.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.servlet.csadmin;
 
-
 import java.io.ByteArrayInputStream;
 import java.io.ByteArrayOutputStream;
 import java.io.FileInputStream;
@@ -76,19 +75,20 @@ import com.netscape.cms.servlet.wizard.WizardServlet;
 
 public class RestoreKeyCertPanel extends WizardPanelBase {
 
-    public RestoreKeyCertPanel() {}
+    public RestoreKeyCertPanel() {
+    }
 
     /**
      * Initializes this panel.
      */
-    public void init(ServletConfig config, int panelno) 
-        throws ServletException {
+    public void init(ServletConfig config, int panelno)
+            throws ServletException {
         setPanelNo(panelno);
         setName("Import Keys and Certificates");
     }
 
     public void init(WizardServlet servlet, ServletConfig config, int panelno, String id)
-        throws ServletException {
+            throws ServletException {
         setPanelNo(panelno);
         setName("Import Keys and Certificates");
         setId(id);
@@ -99,18 +99,18 @@ public class RestoreKeyCertPanel extends WizardPanelBase {
      */
     public boolean shouldSkip() {
         CMS.debug("RestoreKeyCertPanel: should skip");
-                                                                                
+
         IConfigStore cs = CMS.getConfigStore();
         // if we are root, no need to get the certificate chain.
-                                                                                
+
         try {
-            String select = cs.getString("preop.subsystem.select","");
+            String select = cs.getString("preop.subsystem.select", "");
             if (select.equals("clone")) {
                 return false;
             }
         } catch (EBaseException e) {
         }
-                                                                                
+
         return true;
     }
 
@@ -138,15 +138,16 @@ public class RestoreKeyCertPanel extends WizardPanelBase {
             } else {
                 return true;
             }
-        } catch (EBaseException e) {}
+        } catch (EBaseException e) {
+        }
         return false;
     }
 
     public PropertySet getUsage() {
         PropertySet set = new PropertySet();
-                                                                                
+
         /* XXX */
-                                                                                
+
         return set;
     }
 
@@ -160,7 +161,7 @@ public class RestoreKeyCertPanel extends WizardPanelBase {
         IConfigStore config = CMS.getConfigStore();
 
         if (isPanelDone()) {
-            
+
             try {
                 String s = config.getString("preop.pk12.path", "");
                 String type = config.getString("preop.subsystem.select", "");
@@ -193,15 +194,14 @@ public class RestoreKeyCertPanel extends WizardPanelBase {
         if (!tokenname.equals("Internal Key Storage Token"))
             return;
 
-        // Path can be empty. If this case, we just want to 
+        // Path can be empty. If this case, we just want to
         // get to the next panel. Customer has HSM.
         String s = HttpInput.getString(request, "path");
         // if (s == null || s.equals("")) {
-        //    CMS.debug("RestoreKeyCertPanel validate: path is empty");
-        //    throw new IOException("Path is empty");
+        // CMS.debug("RestoreKeyCertPanel validate: path is empty");
+        // throw new IOException("Path is empty");
         // }
 
-        
         if (s != null && !s.equals("")) {
             s = HttpInput.getPassword(request, "__password");
             if (s == null || s.equals("")) {
@@ -217,15 +217,14 @@ public class RestoreKeyCertPanel extends WizardPanelBase {
      */
     public void update(HttpServletRequest request,
             HttpServletResponse response,
-            Context context) throws IOException 
-    {
+            Context context) throws IOException {
         IConfigStore config = CMS.getConfigStore();
         String path = HttpInput.getString(request, "path");
         if (path == null || path.equals("")) {
-              // skip to next panel
+            // skip to next panel
             config.putBoolean("preop.restorekeycert.done", true);
             try {
-              config.commit(false);
+                config.commit(false);
             } catch (EBaseException e) {
             }
             getConfigEntriesFromMaster(request, response, context);
@@ -233,7 +232,7 @@ public class RestoreKeyCertPanel extends WizardPanelBase {
             return;
         }
         String pwd = HttpInput.getPassword(request, "__password");
-        
+
         String tokenn = "";
         String instanceRoot = "";
 
@@ -246,7 +245,7 @@ public class RestoreKeyCertPanel extends WizardPanelBase {
         if (tokenn.equals("Internal Key Storage Token")) {
             byte b[] = new byte[1000000];
             FileInputStream fis = new FileInputStream(instanceRoot + "/alias/" + path);
-            while (fis.available() > 0) 
+            while (fis.available() > 0)
                 fis.read(b);
             fis.close();
 
@@ -256,10 +255,10 @@ public class RestoreKeyCertPanel extends WizardPanelBase {
             PFX pfx = null;
             boolean verifypfx = false;
             try {
-                pfx = (PFX)(new PFX.Template()).decode(bis);
-                verifypfx = pfx.verifyAuthSafes(password, reason); 
+                pfx = (PFX) (new PFX.Template()).decode(bis);
+                verifypfx = pfx.verifyAuthSafes(password, reason);
             } catch (Exception e) {
-                CMS.debug("RestoreKeyCertPanel update: Exception="+e.toString());
+                CMS.debug("RestoreKeyCertPanel update: Exception=" + e.toString());
             }
 
             if (verifypfx) {
@@ -267,50 +266,50 @@ public class RestoreKeyCertPanel extends WizardPanelBase {
                 AuthenticatedSafes safes = pfx.getAuthSafes();
                 Vector pkeyinfo_collection = new Vector();
                 Vector cert_collection = new Vector();
-                for (int i=0; i<safes.getSize(); i++) {
+                for (int i = 0; i < safes.getSize(); i++) {
                     try {
-                        SEQUENCE scontent = safes.getSafeContentsAt(null, i); 
-                        for (int j=0; j<scontent.size(); j++) {
-                            SafeBag bag = (SafeBag)scontent.elementAt(j);
+                        SEQUENCE scontent = safes.getSafeContentsAt(null, i);
+                        for (int j = 0; j < scontent.size(); j++) {
+                            SafeBag bag = (SafeBag) scontent.elementAt(j);
                             OBJECT_IDENTIFIER oid = bag.getBagType();
                             if (oid.equals(SafeBag.PKCS8_SHROUDED_KEY_BAG)) {
-                                EncryptedPrivateKeyInfo privkeyinfo = 
-                                  (EncryptedPrivateKeyInfo)bag.getInterpretedBagContent();
+                                EncryptedPrivateKeyInfo privkeyinfo =
+                                        (EncryptedPrivateKeyInfo) bag.getInterpretedBagContent();
                                 PasswordConverter passConverter = new PasswordConverter();
                                 PrivateKeyInfo pkeyinfo = privkeyinfo.decrypt(password, new PasswordConverter());
                                 Vector pkeyinfo_v = new Vector();
                                 pkeyinfo_v.addElement(pkeyinfo);
                                 SET bagAttrs = bag.getBagAttributes();
-                                for (int k=0; k<bagAttrs.size(); k++) {
-                                    Attribute attrs = (Attribute)bagAttrs.elementAt(k);
+                                for (int k = 0; k < bagAttrs.size(); k++) {
+                                    Attribute attrs = (Attribute) bagAttrs.elementAt(k);
                                     OBJECT_IDENTIFIER aoid = attrs.getType();
                                     if (aoid.equals(SafeBag.FRIENDLY_NAME)) {
                                         SET val = attrs.getValues();
-                                        ANY ss = (ANY)val.elementAt(0);
+                                        ANY ss = (ANY) val.elementAt(0);
                                         ByteArrayInputStream bbis = new ByteArrayInputStream(ss.getEncoded());
-                                        BMPString sss = (BMPString)(new BMPString.Template()).decode(bbis);
+                                        BMPString sss = (BMPString) (new BMPString.Template()).decode(bbis);
                                         String s = sss.toString();
                                         pkeyinfo_v.addElement(s);
                                     }
                                 }
                                 pkeyinfo_collection.addElement(pkeyinfo_v);
                             } else if (oid.equals(SafeBag.CERT_BAG)) {
-                                CertBag cbag = (CertBag)bag.getInterpretedBagContent();    
-                                OCTET_STRING str = (OCTET_STRING)cbag.getInterpretedCert();
+                                CertBag cbag = (CertBag) bag.getInterpretedBagContent();
+                                OCTET_STRING str = (OCTET_STRING) cbag.getInterpretedCert();
                                 byte[] x509cert = str.toByteArray();
                                 Vector cert_v = new Vector();
                                 cert_v.addElement(x509cert);
                                 SET bagAttrs = bag.getBagAttributes();
-                         
+
                                 if (bagAttrs != null) {
-                                    for (int k=0; k<bagAttrs.size(); k++) {
-                                        Attribute attrs = (Attribute)bagAttrs.elementAt(k);
+                                    for (int k = 0; k < bagAttrs.size(); k++) {
+                                        Attribute attrs = (Attribute) bagAttrs.elementAt(k);
                                         OBJECT_IDENTIFIER aoid = attrs.getType();
                                         if (aoid.equals(SafeBag.FRIENDLY_NAME)) {
                                             SET val = attrs.getValues();
-                                            ANY ss = (ANY)val.elementAt(0);
+                                            ANY ss = (ANY) val.elementAt(0);
                                             ByteArrayInputStream bbis = new ByteArrayInputStream(ss.getEncoded());
-                                            BMPString sss = (BMPString)(new BMPString.Template()).decode(bbis);
+                                            BMPString sss = (BMPString) (new BMPString.Template()).decode(bbis);
                                             String s = sss.toString();
                                             cert_v.addElement(s);
                                         }
@@ -321,10 +320,10 @@ public class RestoreKeyCertPanel extends WizardPanelBase {
                             }
                         }
                     } catch (Exception e) {
-                        CMS.debug("RestoreKeyCertPanel update: Exception="+e.toString());
+                        CMS.debug("RestoreKeyCertPanel update: Exception=" + e.toString());
                     }
                 }
-            
+
                 importkeycert(pkeyinfo_collection, cert_collection);
             } else {
                 context.put("updateStatus", "failure");
@@ -342,7 +341,7 @@ public class RestoreKeyCertPanel extends WizardPanelBase {
         cstype = toLowerCaseSubsystemType(cstype);
 
         if (subsystemtype.equals("clone")) {
-            CMS.debug("RestoreKeyCertPanel: this is the clone subsystem"); 
+            CMS.debug("RestoreKeyCertPanel: this is the clone subsystem");
             boolean cloneReady = isCertdbCloned(request, context);
             if (!cloneReady) {
                 CMS.debug("RestoreKeyCertPanel update: clone does not have all the certificates.");
@@ -363,7 +362,7 @@ public class RestoreKeyCertPanel extends WizardPanelBase {
     }
 
     private void getConfigEntriesFromMaster(HttpServletRequest request,
-      HttpServletResponse response, Context context) throws IOException {
+            HttpServletResponse response, Context context) throws IOException {
         try {
             IConfigStore config = CMS.getConfigStore();
             String cstype = "";
@@ -388,14 +387,14 @@ public class RestoreKeyCertPanel extends WizardPanelBase {
 
                 String content = "";
                 if (cstype.equals("ca") || cstype.equals("kra")) {
-                    content = "type=request&xmlOutput=true&sessionID="+session_id;
+                    content = "type=request&xmlOutput=true&sessionID=" + session_id;
                     CMS.debug("http content=" + content);
                     updateNumberRange(master_hostname, master_ee_port, true, content, "request", response);
 
-                    content = "type=serialNo&xmlOutput=true&sessionID="+session_id;
+                    content = "type=serialNo&xmlOutput=true&sessionID=" + session_id;
                     updateNumberRange(master_hostname, master_ee_port, true, content, "serialNo", response);
 
-                    content = "type=replicaId&xmlOutput=true&sessionID="+session_id;
+                    content = "type=replicaId&xmlOutput=true&sessionID=" + session_id;
                     updateNumberRange(master_hostname, master_ee_port, true, content, "replicaId", response);
                 }
 
@@ -406,7 +405,7 @@ public class RestoreKeyCertPanel extends WizardPanelBase {
                 }
 
                 StringBuffer c1 = new StringBuffer();
-                StringBuffer s1 = new StringBuffer(); 
+                StringBuffer s1 = new StringBuffer();
                 StringTokenizer tok = new StringTokenizer(list, ",");
                 while (tok.hasMoreTokens()) {
                     String t1 = tok.nextToken();
@@ -438,8 +437,7 @@ public class RestoreKeyCertPanel extends WizardPanelBase {
                     c1.append(t1);
                     c1.append(".pubkey.encoded");
 
-
-                    if (s1.length()!=0)
+                    if (s1.length() != 0)
                         s1.append(",");
 
                     s1.append(cstype);
@@ -449,18 +447,18 @@ public class RestoreKeyCertPanel extends WizardPanelBase {
 
                 if (!cstype.equals("ca")) {
                     c1.append(",cloning.ca.hostname,cloning.ca.httpport,cloning.ca.httpsport,cloning.ca.list,cloning.ca.pkcs7,cloning.ca.type");
-                } 
+                }
 
                 if (cstype.equals("ca")) {
                     /* get ca connector details */
-                    if (s1.length()!=0)
+                    if (s1.length() != 0)
                         s1.append(",");
                     s1.append("ca.connector.KRA");
                 }
 
-                content = "op=get&names=cloning.token,instanceId,internaldb.basedn,internaldb.ldapauth.password,internaldb.replication.password,internaldb.ldapconn.host,internaldb.ldapconn.port,internaldb.ldapauth.bindDN"+c1.toString()+"&substores="+s1.toString()+"&xmlOutput=true&sessionID="+session_id;
+                content = "op=get&names=cloning.token,instanceId,internaldb.basedn,internaldb.ldapauth.password,internaldb.replication.password,internaldb.ldapconn.host,internaldb.ldapconn.port,internaldb.ldapauth.bindDN" + c1.toString() + "&substores=" + s1.toString() + "&xmlOutput=true&sessionID=" + session_id;
                 boolean success = updateConfigEntries(master_hostname, master_port, true,
-                  "/"+cstype+"/admin/"+cstype+"/getConfigEntries", content, config, response);
+                        "/" + cstype + "/admin/" + cstype + "/getConfigEntries", content, config, response);
                 if (!success) {
                     context.put("errorString", "Failed to get configuration entries from the master");
                     throw new IOException("Failed to get configuration entries from the master");
@@ -473,7 +471,7 @@ public class RestoreKeyCertPanel extends WizardPanelBase {
             } catch (IOException eee) {
                 throw eee;
             } catch (Exception eee) {
-                CMS.debug("RestoreKeyCertPanel: update exception caught:"+eee.toString());
+                CMS.debug("RestoreKeyCertPanel: update exception caught:" + eee.toString());
             }
 
         } catch (IOException ee) {
@@ -491,38 +489,38 @@ public class RestoreKeyCertPanel extends WizardPanelBase {
                 String s = st.nextToken();
                 if (s.equals("sslserver"))
                     continue;
-                String name = "preop.master."+s+".nickname";
+                String name = "preop.master." + s + ".nickname";
                 String nickname = cs.getString(name, "");
                 CryptoManager cm = CryptoManager.getInstance();
                 X509Certificate xcert = null;
                 try {
                     xcert = cm.findCertByNickname(nickname);
                 } catch (Exception ee) {
-                    CMS.debug("RestoreKeyCertPanel deleteExistingCerts: Exception="+ee.toString());
+                    CMS.debug("RestoreKeyCertPanel deleteExistingCerts: Exception=" + ee.toString());
                 }
                 CryptoToken ct = cm.getInternalKeyStorageToken();
                 CryptoStore store = ct.getCryptoStore();
                 try {
                     store.deleteCert(xcert);
                 } catch (Exception ee) {
-                    CMS.debug("RestoreKeyCertPanel deleteExistingCerts: Exception="+ee.toString());
+                    CMS.debug("RestoreKeyCertPanel deleteExistingCerts: Exception=" + ee.toString());
                 }
             }
         } catch (Exception e) {
-            CMS.debug("RestoreKeyCertPanel deleteExistingCerts: Exception="+e.toString());
-        } 
+            CMS.debug("RestoreKeyCertPanel deleteExistingCerts: Exception=" + e.toString());
+        }
     }
 
     private org.mozilla.jss.crypto.PrivateKey.Type getPrivateKeyType(PublicKey pubkey) {
-      CMS.debug("Key Algorithm '"+pubkey.getAlgorithm()+"'");
-      if (pubkey.getAlgorithm().equals("EC")) {
-        return org.mozilla.jss.crypto.PrivateKey.Type.EC;
-      }
-      return org.mozilla.jss.crypto.PrivateKey.Type.RSA;
+        CMS.debug("Key Algorithm '" + pubkey.getAlgorithm() + "'");
+        if (pubkey.getAlgorithm().equals("EC")) {
+            return org.mozilla.jss.crypto.PrivateKey.Type.EC;
+        }
+        return org.mozilla.jss.crypto.PrivateKey.Type.RSA;
     }
 
-    private void importkeycert(Vector pkeyinfo_collection, 
-      Vector cert_collection) throws IOException {
+    private void importkeycert(Vector pkeyinfo_collection,
+            Vector cert_collection) throws IOException {
         CryptoManager cm = null;
         try {
             cm = CryptoManager.getInstance();
@@ -532,12 +530,12 @@ public class RestoreKeyCertPanel extends WizardPanelBase {
         // delete all existing certificates first
         deleteExistingCerts();
 
-        for (int i=0; i<pkeyinfo_collection.size(); i++) {
+        for (int i = 0; i < pkeyinfo_collection.size(); i++) {
             try {
-                Vector pkeyinfo_v = (Vector)pkeyinfo_collection.elementAt(i);
-                PrivateKeyInfo pkeyinfo = (PrivateKeyInfo)pkeyinfo_v.elementAt(0);
-                String nickname = (String)pkeyinfo_v.elementAt(1);
-                byte[] x509cert = getX509Cert(nickname, cert_collection); 
+                Vector pkeyinfo_v = (Vector) pkeyinfo_collection.elementAt(i);
+                PrivateKeyInfo pkeyinfo = (PrivateKeyInfo) pkeyinfo_v.elementAt(0);
+                String nickname = (String) pkeyinfo_v.elementAt(1);
+                byte[] x509cert = getX509Cert(nickname, cert_collection);
                 X509Certificate cert = cm.importCACertPackage(x509cert);
                 ByteArrayOutputStream bos = new ByteArrayOutputStream();
                 pkeyinfo.encode(bos);
@@ -550,32 +548,32 @@ public class RestoreKeyCertPanel extends WizardPanelBase {
                 try {
                     store.deleteCert(cert);
                 } catch (Exception ee) {
-                    CMS.debug("RestoreKeyCertPanel importKeyCert: Exception="+ee.toString());
+                    CMS.debug("RestoreKeyCertPanel importKeyCert: Exception=" + ee.toString());
                 }
 
                 KeyGenerator kg = token.getKeyGenerator(KeyGenAlgorithm.DES3);
                 SymmetricKey sk = kg.generate();
-                byte iv[] = {0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1};
+                byte iv[] = { 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1 };
                 IVParameterSpec param = new IVParameterSpec(iv);
                 Cipher c = token.getCipherContext(EncryptionAlgorithm.DES3_CBC_PAD);
                 c.initEncrypt(sk, param);
                 byte[] encpkey = c.doFinal(pkey);
-                
+
                 KeyWrapper wrapper = token.getKeyWrapper(KeyWrapAlgorithm.DES3_CBC_PAD);
                 wrapper.initUnwrap(sk, param);
                 org.mozilla.jss.crypto.PrivateKey pp = wrapper.unwrapPrivate(encpkey, getPrivateKeyType(publickey), publickey);
 
             } catch (Exception e) {
-                CMS.debug("RestoreKeyCertPanel importkeycert: Exception="+e.toString());
+                CMS.debug("RestoreKeyCertPanel importkeycert: Exception=" + e.toString());
             }
         }
 
-        for (int i=0; i<cert_collection.size(); i++) {
+        for (int i = 0; i < cert_collection.size(); i++) {
             try {
-                Vector cert_v = (Vector)cert_collection.elementAt(i);
-                byte[] cert = (byte[])cert_v.elementAt(0);
+                Vector cert_v = (Vector) cert_collection.elementAt(i);
+                byte[] cert = (byte[]) cert_v.elementAt(0);
                 if (cert_v.size() > 1) {
-                    String name = (String)cert_v.elementAt(1);
+                    String name = (String) cert_v.elementAt(1);
                     // we need to delete the trusted CA certificate if it is
                     // the same as the ca signing certificate
                     if (isCASigningCert(name)) {
@@ -586,10 +584,10 @@ public class RestoreKeyCertPanel extends WizardPanelBase {
                             CMS.debug("RestoreKeyCertPanel deleteCert: this is pk11store");
                             if (store instanceof PK11Store) {
                                 try {
-                                    PK11Store pk11store = (PK11Store)store;
+                                    PK11Store pk11store = (PK11Store) store;
                                     pk11store.deleteCertOnly(certchain);
                                 } catch (Exception ee) {
-                                    CMS.debug("RestoreKeyCertPanel importKeyCert: Exception="+ee.toString());
+                                    CMS.debug("RestoreKeyCertPanel importKeyCert: Exception=" + ee.toString());
                                 }
                             }
                         }
@@ -598,18 +596,18 @@ public class RestoreKeyCertPanel extends WizardPanelBase {
                     X509Certificate xcert = cm.importUserCACertPackage(cert, name);
                     if (name.startsWith("caSigningCert")) {
                         // we need to change the trust attribute to CT
-                        InternalCertificate icert = (InternalCertificate)xcert;
-                        icert.setSSLTrust(InternalCertificate.TRUSTED_CA 
-                          | InternalCertificate.TRUSTED_CLIENT_CA
-                          | InternalCertificate.VALID_CA);
+                        InternalCertificate icert = (InternalCertificate) xcert;
+                        icert.setSSLTrust(InternalCertificate.TRUSTED_CA
+                                | InternalCertificate.TRUSTED_CLIENT_CA
+                                | InternalCertificate.VALID_CA);
                     } else if (name.startsWith("auditSigningCert")) {
-                        InternalCertificate icert = (InternalCertificate)xcert;
+                        InternalCertificate icert = (InternalCertificate) xcert;
                         icert.setObjectSigningTrust(InternalCertificate.USER | InternalCertificate.VALID_PEER | InternalCertificate.TRUSTED_PEER);
                     }
                 } else
                     cm.importCACertPackage(cert);
             } catch (Exception e) {
-                CMS.debug("RestoreKeyCertPanel importkeycert: Exception="+e.toString());
+                CMS.debug("RestoreKeyCertPanel importkeycert: Exception=" + e.toString());
             }
         }
     }
@@ -628,15 +626,15 @@ public class RestoreKeyCertPanel extends WizardPanelBase {
         return false;
     }
 
-    private X509Certificate getX509CertFromToken(byte[] cert) 
-      throws IOException {
+    private X509Certificate getX509CertFromToken(byte[] cert)
+            throws IOException {
         try {
             X509CertImpl impl = new X509CertImpl(cert);
             String issuer_impl = impl.getIssuerDN().toString();
             BigInteger serial_impl = impl.getSerialNumber();
             CryptoManager cm = CryptoManager.getInstance();
             X509Certificate[] permcerts = cm.getPermCerts();
-            for (int i=0; i<permcerts.length; i++) {
+            for (int i = 0; i < permcerts.length; i++) {
                 String issuer_p = permcerts[i].getSubjectDN().toString();
                 BigInteger serial_p = permcerts[i].getSerialNumber();
                 if (issuer_p.equals(issuer_impl) && serial_p.compareTo(serial_impl) == 0) {
@@ -644,25 +642,25 @@ public class RestoreKeyCertPanel extends WizardPanelBase {
                 }
             }
         } catch (Exception e) {
-            CMS.debug("RestoreKeyCertPanel getX509CertFromToken: Exception="+e.toString());
+            CMS.debug("RestoreKeyCertPanel getX509CertFromToken: Exception=" + e.toString());
         }
 
         return null;
     }
 
-    private byte[] getX509Cert(String nickname, Vector cert_collection) 
-      throws IOException {
-        for (int i=0; i<cert_collection.size(); i++) {
-            Vector v = (Vector)cert_collection.elementAt(i);
-            byte[] b = (byte[])v.elementAt(0);
+    private byte[] getX509Cert(String nickname, Vector cert_collection)
+            throws IOException {
+        for (int i = 0; i < cert_collection.size(); i++) {
+            Vector v = (Vector) cert_collection.elementAt(i);
+            byte[] b = (byte[]) v.elementAt(0);
             X509CertImpl impl = null;
             try {
                 impl = new X509CertImpl(b);
             } catch (Exception e) {
-                CMS.debug("RestoreKeyCertPanel getX509Cert: Exception="+e.toString());
-                throw new IOException( e.toString() );
+                CMS.debug("RestoreKeyCertPanel getX509Cert: Exception=" + e.toString());
+                throw new IOException(e.toString());
             }
-            Principal subjectdn = impl.getSubjectDN();    
+            Principal subjectdn = impl.getSubjectDN();
             if (LDAPDN.equals(subjectdn.toString(), nickname))
                 return b;
         }
@@ -674,9 +672,8 @@ public class RestoreKeyCertPanel extends WizardPanelBase {
      * If validiate() returns false, this method will be called.
      */
     public void displayError(HttpServletRequest request,
-        HttpServletResponse response,
-        Context context)
-    {
+            HttpServletResponse response,
+            Context context) {
         context.put("title", "Import Keys and Certificates");
         context.put("password", "");
         context.put("path", "");
@@ -684,7 +681,7 @@ public class RestoreKeyCertPanel extends WizardPanelBase {
     }
 
     private boolean isCertdbCloned(HttpServletRequest request,
-      Context context) {
+            Context context) {
         IConfigStore config = CMS.getConfigStore();
         String certList = "";
         try {
@@ -698,13 +695,13 @@ public class RestoreKeyCertPanel extends WizardPanelBase {
                 String tokenname = config.getString("preop.module.token", "");
                 CryptoToken tok = cm.getTokenByName(tokenname);
                 CryptoStore store = tok.getCryptoStore();
-                String name1 = "preop.master."+token+".nickname";
+                String name1 = "preop.master." + token + ".nickname";
                 String nickname = config.getString(name1, "");
                 if (!tokenname.equals("Internal Key Storage Token") &&
-                  !tokenname.equals("internal"))
-                    nickname = tokenname+":"+nickname;
+                        !tokenname.equals("internal"))
+                    nickname = tokenname + ":" + nickname;
 
-                CMS.debug("RestoreKeyCertPanel isCertdbCloned: "+nickname);
+                CMS.debug("RestoreKeyCertPanel isCertdbCloned: " + nickname);
                 X509Certificate cert = cm.findCertByNickname(nickname);
                 if (cert == null)
                     return false;
diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/SavePKCS12Panel.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/SavePKCS12Panel.java
index 854e8f10..0c066268 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/SavePKCS12Panel.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/SavePKCS12Panel.java
@@ -34,19 +34,20 @@ import com.netscape.cms.servlet.wizard.WizardServlet;
 
 public class SavePKCS12Panel extends WizardPanelBase {
 
-    public SavePKCS12Panel() {}
+    public SavePKCS12Panel() {
+    }
 
     /**
      * Initializes this panel.
      */
-    public void init(ServletConfig config, int panelno) 
-        throws ServletException {
+    public void init(ServletConfig config, int panelno)
+            throws ServletException {
         setPanelNo(panelno);
         setName("Save Keys and Certificates");
     }
 
     public void init(WizardServlet servlet, ServletConfig config, int panelno, String id)
-        throws ServletException {
+            throws ServletException {
         setPanelNo(panelno);
         setName("Save Keys and Certificates");
         setId(id);
@@ -60,11 +61,11 @@ public class SavePKCS12Panel extends WizardPanelBase {
 
         try {
             boolean enable = cs.getBoolean("preop.backupkeys.enable", false);
-            if (!enable) 
+            if (!enable)
                 return true;
         } catch (Exception e) {
         }
- 
+
         return false;
     }
 
@@ -77,13 +78,14 @@ public class SavePKCS12Panel extends WizardPanelBase {
             } else {
                 return true;
             }
-        } catch (EBaseException e) {}
+        } catch (EBaseException e) {
+        }
         return false;
     }
 
     public PropertySet getUsage() {
         PropertySet set = new PropertySet();
-                                                                                
+
         return set;
     }
 
@@ -116,7 +118,7 @@ public class SavePKCS12Panel extends WizardPanelBase {
      * Checks if the given parameters are valid.
      */
     public void validate(HttpServletRequest request,
-      HttpServletResponse response, Context context) throws IOException {
+            HttpServletResponse response, Context context) throws IOException {
     }
 
     /**
@@ -134,9 +136,8 @@ public class SavePKCS12Panel extends WizardPanelBase {
      * If validiate() returns false, this method will be called.
      */
     public void displayError(HttpServletRequest request,
-        HttpServletResponse response,
-        Context context)
-    {
+            HttpServletResponse response,
+            Context context) {
         context.put("title", "Save Keys and Certificates");
         context.put("panel", "admin/console/config/savepkcs12panel.vm");
     }
diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/SecurityDomainLogin.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/SecurityDomainLogin.java
index 3a5d82d1..42165b08 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/SecurityDomainLogin.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/SecurityDomainLogin.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.servlet.csadmin;
 
-
 import java.net.URL;
 import java.net.URLDecoder;
 
@@ -59,9 +58,9 @@ public class SecurityDomainLogin extends BaseServlet {
             int index = url.indexOf("subsystem=");
             String subsystem = "";
             if (index > 0) {
-                subsystem = url.substring(index+10);
+                subsystem = url.substring(index + 10);
                 int index1 = subsystem.indexOf("&");
-                if (index1 > 0) 
+                if (index1 > 0)
                     subsystem = subsystem.substring(0, index1);
             }
             context.put("sd_uid", "");
@@ -70,14 +69,14 @@ public class SecurityDomainLogin extends BaseServlet {
             context.put("host", u.getHost());
             context.put("sdhost", CMS.getEESSLHost());
             if (subsystem.equals("KRA")) {
-              subsystem = "DRM";
+                subsystem = "DRM";
             }
             context.put("subsystem", subsystem);
             // The "securitydomain.name" property ONLY resides in the "CS.cfg"
             // associated with the CS subsystem hosting the security domain.
             IConfigStore cs = CMS.getConfigStore();
             String sdname = cs.getString("securitydomain.name", "");
-            context.put("name", sdname); 
+            context.put("name", sdname);
             template = Velocity.getTemplate("admin/console/config/securitydomainloginpanel.vm");
         } catch (Exception e) {
             System.err.println("Exception caught: " + e.getMessage());
diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/SecurityDomainPanel.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/SecurityDomainPanel.java
index 90a6aeb0..8e52aa37 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/SecurityDomainPanel.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/SecurityDomainPanel.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.servlet.csadmin;
 
-
 import java.io.IOException;
 import java.net.MalformedURLException;
 import java.net.URL;
@@ -39,19 +38,20 @@ import com.netscape.cms.servlet.wizard.WizardServlet;
 
 public class SecurityDomainPanel extends WizardPanelBase {
 
-    public SecurityDomainPanel() {}
+    public SecurityDomainPanel() {
+    }
 
     /**
      * Initializes this panel.
      */
-    public void init(ServletConfig config, int panelno) 
-        throws ServletException {
+    public void init(ServletConfig config, int panelno)
+            throws ServletException {
         setPanelNo(panelno);
         setName("Security Domain");
     }
 
     public void init(WizardServlet servlet, ServletConfig config, int panelno, String id)
-        throws ServletException {
+            throws ServletException {
         setPanelNo(panelno);
         setName("Security Domain");
         setId(id);
@@ -72,15 +72,16 @@ public class SecurityDomainPanel extends WizardPanelBase {
             } else {
                 return true;
             }
-        } catch (EBaseException e) {}
+        } catch (EBaseException e) {
+        }
         return false;
     }
 
     public PropertySet getUsage() {
         PropertySet set = new PropertySet();
-                                                                                
+
         /* XXX */
-                                                                                
+
         return set;
     }
 
@@ -136,7 +137,8 @@ public class SecurityDomainPanel extends WizardPanelBase {
             context.put("https_ee_port", CMS.getEESSLPort());
             context.put("https_admin_port", CMS.getAdminPort());
             context.put("sdomainAdminURL", default_admin_url);
-        } catch (EBaseException e) {}
+        } catch (EBaseException e) {
+        }
 
         context.put("panel", "admin/console/config/securitydomainpanel.vm");
         context.put("errorString", errorString);
@@ -157,18 +159,18 @@ public class SecurityDomainPanel extends WizardPanelBase {
                 while (st.hasMoreTokens()) {
                     count++;
                     String n = st.nextToken();
-                    if (first) { //skip the hostname
+                    if (first) { // skip the hostname
                         first = false;
                         continue;
                     }
                     if (count == numTokens) // skip the last element (e.g. com)
                         continue;
-                    sb.append((defaultDomain.length()==0)? "":" ");
+                    sb.append((defaultDomain.length() == 0) ? "" : " ");
                     sb.append(capitalize(n));
                 }
-                defaultDomain = sb.toString() + " "+ "Domain";
+                defaultDomain = sb.toString() + " " + "Domain";
                 name = defaultDomain;
-                CMS.debug("SecurityDomainPanel: defaultDomain generated:"+ name);
+                CMS.debug("SecurityDomainPanel: defaultDomain generated:" + name);
             } catch (MalformedURLException e) {
                 errorString = "Malformed URL";
                 // not being able to come up with default domain name is ok
@@ -176,54 +178,53 @@ public class SecurityDomainPanel extends WizardPanelBase {
         }
         context.put("sdomainName", name);
 
-        if( default_admin_url != null ) {
+        if (default_admin_url != null) {
             String r = null;
 
             try {
                 // check to see if "default" security domain exists
                 // on local machine
-                URL u = new URL( default_admin_url );
+                URL u = new URL(default_admin_url);
 
                 String hostname = u.getHost();
                 int port = u.getPort();
-                ConfigCertApprovalCallback
-                certApprovalCallback = new ConfigCertApprovalCallback();
-                r = pingCS( hostname, port, true, certApprovalCallback );
+                ConfigCertApprovalCallback certApprovalCallback = new ConfigCertApprovalCallback();
+                r = pingCS(hostname, port, true, certApprovalCallback);
             } catch (Exception e) {
-                CMS.debug( "SecurityDomainPanel: exception caught: "
-                         + e.toString() );
+                CMS.debug("SecurityDomainPanel: exception caught: "
+                         + e.toString());
             }
- 
-            if( r != null ) {
+
+            if (r != null) {
                 // "default" security domain exists on local machine;
                 // fill "sdomainURL" in with "default" security domain
                 // as an initial "guess"
-                CMS.debug( "SecurityDomainPanel: pingCS returns: "+r );
-                context.put( "sdomainURL", default_admin_url );
+                CMS.debug("SecurityDomainPanel: pingCS returns: " + r);
+                context.put("sdomainURL", default_admin_url);
             } else {
                 // "default" security domain does NOT exist on local machine;
                 // leave "sdomainURL" blank
-                CMS.debug( "SecurityDomainPanel: pingCS no successful response" );
-                context.put( "sdomainURL", "" );
+                CMS.debug("SecurityDomainPanel: pingCS no successful response");
+                context.put("sdomainURL", "");
             }
         }
 
         // Information for "existing" Security Domain CAs
         String initDaemon = "pki-cad";
         String instanceId = "&lt;security_domain_instance_name&gt;";
-        String os = System.getProperty( "os.name" );
-        if( os.equalsIgnoreCase( "Linux" ) ) {
-            if (! systemdService.equals("")) {
-                context.put( "initCommand", "/usr/bin/pkicontrol" );
-                context.put( "instanceId", "ca " + systemdService );
+        String os = System.getProperty("os.name");
+        if (os.equalsIgnoreCase("Linux")) {
+            if (!systemdService.equals("")) {
+                context.put("initCommand", "/usr/bin/pkicontrol");
+                context.put("instanceId", "ca " + systemdService);
             } else {
-                context.put( "initCommand", "/sbin/service " + initDaemon );
-                context.put( "instanceId", instanceId );
+                context.put("initCommand", "/sbin/service " + initDaemon);
+                context.put("instanceId", instanceId);
             }
         } else {
-            /* default case:  e. g. - ( os.equalsIgnoreCase( "SunOS" ) */
-            context.put( "initCommand", "/etc/init.d/" + initDaemon );
-            context.put( "instanceId", instanceId );
+            /* default case: e. g. - ( os.equalsIgnoreCase( "SunOS" ) */
+            context.put("initCommand", "/etc/init.d/" + initDaemon);
+            context.put("instanceId", instanceId);
         }
     }
 
@@ -231,7 +232,7 @@ public class SecurityDomainPanel extends WizardPanelBase {
         if (s.length() == 0) {
             return s;
         } else {
-            return s.substring(0,1).toUpperCase() + s.substring(1);
+            return s.substring(0, 1).toUpperCase() + s.substring(1);
         }
     }
 
@@ -241,7 +242,7 @@ public class SecurityDomainPanel extends WizardPanelBase {
     public void validate(HttpServletRequest request,
             HttpServletResponse response,
             Context context) throws IOException {
-       
+
         String select = HttpInput.getID(request, "choice");
         if (select.equals("newdomain")) {
             String name = HttpInput.getSecurityDomainName(request, "sdomainName");
@@ -251,50 +252,48 @@ public class SecurityDomainPanel extends WizardPanelBase {
                 throw new IOException("Missing name value for the security domain");
             }
         } else if (select.equals("existingdomain")) {
-            CMS.debug( "SecurityDomainPanel: validating "
-                     + "SSL Admin HTTPS . . ." );
-            String admin_url = HttpInput.getURL( request, "sdomainURL" );
-            if( admin_url == null || admin_url.equals("") ) {
-                initParams( request, context );
+            CMS.debug("SecurityDomainPanel: validating "
+                     + "SSL Admin HTTPS . . .");
+            String admin_url = HttpInput.getURL(request, "sdomainURL");
+            if (admin_url == null || admin_url.equals("")) {
+                initParams(request, context);
                 context.put("updateStatus", "validate-failure");
-                throw new IOException( "Missing SSL Admin HTTPS url value "
-                                     + "for the security domain" );
+                throw new IOException("Missing SSL Admin HTTPS url value "
+                                     + "for the security domain");
             } else {
                 String r = null;
 
                 try {
-                    URL u = new URL( admin_url );
+                    URL u = new URL(admin_url);
 
                     String hostname = u.getHost();
                     int admin_port = u.getPort();
-                    ConfigCertApprovalCallback
-                    certApprovalCallback = new ConfigCertApprovalCallback();
-                    r = pingCS( hostname, admin_port, true,
-                                certApprovalCallback );
-                } catch( Exception e ) {
-                    CMS.debug( "SecurityDomainPanel: exception caught: "
-                             + e.toString() );
+                    ConfigCertApprovalCallback certApprovalCallback = new ConfigCertApprovalCallback();
+                    r = pingCS(hostname, admin_port, true,
+                                certApprovalCallback);
+                } catch (Exception e) {
+                    CMS.debug("SecurityDomainPanel: exception caught: "
+                             + e.toString());
                     context.put("updateStatus", "validate-failure");
-                    throw new IOException( "Illegal SSL Admin HTTPS url value "
-                                         + "for the security domain" );
+                    throw new IOException("Illegal SSL Admin HTTPS url value "
+                                         + "for the security domain");
                 }
 
                 if (r != null) {
                     CMS.debug("SecurityDomainPanel: pingAdminCS returns: "
-                             + r );
-                    context.put( "sdomainURL", admin_url );
+                             + r);
+                    context.put("sdomainURL", admin_url);
                 } else {
-                    CMS.debug( "SecurityDomainPanel: pingAdminCS "
-                             + "no successful response for SSL Admin HTTPS" );
-                    context.put( "sdomainURL", "" );
+                    CMS.debug("SecurityDomainPanel: pingAdminCS "
+                             + "no successful response for SSL Admin HTTPS");
+                    context.put("sdomainURL", "");
                 }
             }
         }
     }
 
-    public void initParams(HttpServletRequest request, Context context) 
-                   throws IOException 
-    {
+    public void initParams(HttpServletRequest request, Context context)
+                   throws IOException {
         IConfigStore config = CMS.getConfigStore();
         try {
             context.put("cstype", config.getString("cs.type"));
@@ -306,7 +305,7 @@ public class SecurityDomainPanel extends WizardPanelBase {
             context.put("check_newdomain", "checked");
             context.put("check_existingdomain", "");
         } else if (select.equals("existingdomain")) {
-            context.put("check_newdomain", ""); 
+            context.put("check_newdomain", "");
             context.put("check_existingdomain", "checked");
         }
 
@@ -340,29 +339,30 @@ public class SecurityDomainPanel extends WizardPanelBase {
         if (select.equals("newdomain")) {
             config.putString("preop.securitydomain.select", "new");
             config.putString("securitydomain.select", "new");
-            config.putString("preop.securitydomain.name", 
-              HttpInput.getDomainName(request, "sdomainName"));
-            config.putString("securitydomain.name", 
-              HttpInput.getDomainName(request, "sdomainName"));
-            config.putString("securitydomain.host", 
-              CMS.getEENonSSLHost());
-            config.putString("securitydomain.httpport", 
-              CMS.getEENonSSLPort());
-            config.putString("securitydomain.httpsagentport", 
-              CMS.getAgentPort());
-            config.putString("securitydomain.httpseeport", 
-              CMS.getEESSLPort());
-            config.putString("securitydomain.httpsadminport", 
-              CMS.getAdminPort());
-
-            // make sure the subsystem certificate is issued by the security  
+            config.putString("preop.securitydomain.name",
+                    HttpInput.getDomainName(request, "sdomainName"));
+            config.putString("securitydomain.name",
+                    HttpInput.getDomainName(request, "sdomainName"));
+            config.putString("securitydomain.host",
+                    CMS.getEENonSSLHost());
+            config.putString("securitydomain.httpport",
+                    CMS.getEENonSSLPort());
+            config.putString("securitydomain.httpsagentport",
+                    CMS.getAgentPort());
+            config.putString("securitydomain.httpseeport",
+                    CMS.getEESSLPort());
+            config.putString("securitydomain.httpsadminport",
+                    CMS.getAdminPort());
+
+            // make sure the subsystem certificate is issued by the security
             // domain
             config.putString("preop.cert.subsystem.type", "local");
             config.putString("preop.cert.subsystem.profile", "subsystemCert.profile");
-   
+
             try {
                 config.commit(false);
-            } catch (EBaseException e) {}
+            } catch (EBaseException e) {
+            }
 
             String instanceRoot = "";
             try {
@@ -383,31 +383,32 @@ public class SecurityDomainPanel extends WizardPanelBase {
             String hostname = "";
             int admin_port = -1;
 
-            if( admin_url != null ) {
+            if (admin_url != null) {
                 try {
-                    URL admin_u = new URL( admin_url );
+                    URL admin_u = new URL(admin_url);
 
                     hostname = admin_u.getHost();
                     admin_port = admin_u.getPort();
-                } catch( MalformedURLException e ) {
+                } catch (MalformedURLException e) {
                     errorString = "Malformed SSL Admin HTTPS URL";
                     context.put("updateStatus", "failure");
-                    throw new IOException( errorString );
+                    throw new IOException(errorString);
                 }
 
-                context.put( "sdomainURL", admin_url );
-                config.putString( "securitydomain.host", hostname );
-                config.putInteger( "securitydomain.httpsadminport",
-                                   admin_port );
+                context.put("sdomainURL", admin_url);
+                config.putString("securitydomain.host", hostname);
+                config.putInteger("securitydomain.httpsadminport",
+                                   admin_port);
             }
 
             try {
                 config.commit(false);
-            } catch (EBaseException e) {}
+            } catch (EBaseException e) {
+            }
 
             ConfigCertApprovalCallback certApprovalCallback = new ConfigCertApprovalCallback();
-            updateCertChain( config, "securitydomain", hostname, admin_port,
-                             true, context, certApprovalCallback );
+            updateCertChain(config, "securitydomain", hostname, admin_port,
+                             true, context, certApprovalCallback);
         } else {
             CMS.debug("SecurityDomainPanel: invalid choice " + select);
             errorString = "Invalid choice";
@@ -425,7 +426,8 @@ public class SecurityDomainPanel extends WizardPanelBase {
             context.put("wizardname", config.getString("preop.wizard.name"));
             context.put("panelname", "Security Domain Configuration");
             context.put("systemname", config.getString("preop.system.name"));
-        } catch (EBaseException e) {}
+        } catch (EBaseException e) {
+        }
 
         context.put("errorString", errorString);
         context.put("updateStatus", "success");
@@ -446,32 +448,33 @@ public class SecurityDomainPanel extends WizardPanelBase {
 
         try {
             default_admin_url = config.getString("preop.securitydomain.admin_url", "");
-        } catch (Exception e) {}
+        } catch (Exception e) {
+        }
 
-        if( default_admin_url != null ) {
+        if (default_admin_url != null) {
             String r = null;
 
             try {
                 // check to see if "default" security domain exists
                 // on local machine
-                URL u = new URL( default_admin_url );
+                URL u = new URL(default_admin_url);
 
                 String hostname = u.getHost();
                 int port = u.getPort();
-                ConfigCertApprovalCallback
-                certApprovalCallback = new ConfigCertApprovalCallback();
-                r = pingCS( hostname, port, true, certApprovalCallback );
-            } catch (Exception e) {}
- 
-            if( r != null ) {
+                ConfigCertApprovalCallback certApprovalCallback = new ConfigCertApprovalCallback();
+                r = pingCS(hostname, port, true, certApprovalCallback);
+            } catch (Exception e) {
+            }
+
+            if (r != null) {
                 // "default" security domain exists on local machine;
                 // refill "sdomainURL" in with "default" security domain
                 // as an initial "guess"
-                context.put( "sdomainURL", default_admin_url );
+                context.put("sdomainURL", default_admin_url);
             } else {
                 // "default" security domain does NOT exist on local machine;
                 // leave "sdomainURL" blank
-                context.put( "sdomainURL", "" );
+                context.put("sdomainURL", "");
             }
         }
 
@@ -483,19 +486,20 @@ public class SecurityDomainPanel extends WizardPanelBase {
             context.put("https_admin_port", CMS.getAdminPort());
             context.put("sdomainAdminURL",
                         config.getString("preop.securitydomain.admin_url"));
-        } catch (EBaseException e) {}
+        } catch (EBaseException e) {
+        }
 
         // Information for "existing" Security Domain CAs
         String initDaemon = "pki-cad";
         String instanceId = "&lt;security_domain_instance_name&gt;";
-        String os = System.getProperty( "os.name" );
-        if( os.equalsIgnoreCase( "Linux" ) ) {
-            context.put( "initCommand", "/sbin/service " + initDaemon );
-            context.put( "instanceId", instanceId );
+        String os = System.getProperty("os.name");
+        if (os.equalsIgnoreCase("Linux")) {
+            context.put("initCommand", "/sbin/service " + initDaemon);
+            context.put("instanceId", instanceId);
         } else {
-            /* default case:  e. g. - ( os.equalsIgnoreCase( "SunOS" ) */
-            context.put( "initCommand", "/etc/init.d/" + initDaemon );
-            context.put( "instanceId", instanceId );
+            /* default case: e. g. - ( os.equalsIgnoreCase( "SunOS" ) */
+            context.put("initCommand", "/etc/init.d/" + initDaemon);
+            context.put("instanceId", instanceId);
         }
 
         context.put("title", "Security Domain");
diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/SecurityDomainSessionTable.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/SecurityDomainSessionTable.java
index 75cc0fb6..d15ca5ad 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/SecurityDomainSessionTable.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/SecurityDomainSessionTable.java
@@ -27,8 +27,8 @@ import com.netscape.certsrv.base.ISecurityDomainSessionTable;
 /**
  * This object stores the values for IP, uid and group based on the cookie id.
  */
-public class SecurityDomainSessionTable 
-  implements ISecurityDomainSessionTable {
+public class SecurityDomainSessionTable
+        implements ISecurityDomainSessionTable {
 
     private Hashtable<String, Vector<Comparable<?>>> m_sessions;
     private long m_timeToLive;
@@ -38,8 +38,8 @@ public class SecurityDomainSessionTable
         m_timeToLive = timeToLive;
     }
 
-    public int addEntry(String sessionId, String ip, 
-      String uid, String group) {
+    public int addEntry(String sessionId, String ip,
+            String uid, String group) {
         Vector<Comparable<?>> v = new Vector<Comparable<?>>();
         v.addElement(ip);
         v.addElement(uid);
@@ -67,28 +67,28 @@ public class SecurityDomainSessionTable
     public String getIP(String sessionId) {
         Vector<Comparable<?>> v = m_sessions.get(sessionId);
         if (v != null)
-            return (String)v.elementAt(0);
+            return (String) v.elementAt(0);
         return null;
     }
 
     public String getUID(String sessionId) {
         Vector<Comparable<?>> v = m_sessions.get(sessionId);
         if (v != null)
-            return (String)v.elementAt(1);
+            return (String) v.elementAt(1);
         return null;
     }
 
     public String getGroup(String sessionId) {
         Vector<Comparable<?>> v = m_sessions.get(sessionId);
         if (v != null)
-            return (String)v.elementAt(2);
+            return (String) v.elementAt(2);
         return null;
     }
 
     public long getBeginTime(String sessionId) {
         Vector<Comparable<?>> v = m_sessions.get(sessionId);
-        if (v != null) { 
-            Long n = (Long)v.elementAt(3);
+        if (v != null) {
+            Long n = (Long) v.elementAt(3);
             if (n != null)
                 return n.longValue();
         }
diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/SessionTimer.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/SessionTimer.java
index c3a1e325..49cadb9c 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/SessionTimer.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/SessionTimer.java
@@ -29,7 +29,7 @@ public class SessionTimer extends TimerTask {
     private ISecurityDomainSessionTable m_sessiontable = null;
     private ILogger mSignedAuditLogger = CMS.getSignedAuditLogger();
     private final static String LOGGING_SIGNED_AUDIT_SECURITY_DOMAIN_UPDATE =
-        "LOGGING_SIGNED_AUDIT_SECURITY_DOMAIN_UPDATE_1";
+            "LOGGING_SIGNED_AUDIT_SECURITY_DOMAIN_UPDATE_1";
 
     public SessionTimer(ISecurityDomainSessionTable table) {
         super();
@@ -39,15 +39,15 @@ public class SessionTimer extends TimerTask {
     public void run() {
         Enumeration keys = m_sessiontable.getSessionIds();
         while (keys.hasMoreElements()) {
-            String sessionId = (String)keys.nextElement();
+            String sessionId = (String) keys.nextElement();
             long beginTime = m_sessiontable.getBeginTime(sessionId);
             Date nowDate = new Date();
             long nowTime = nowDate.getTime();
             long timeToLive = m_sessiontable.getTimeToLive();
-            if ((nowTime-beginTime) > timeToLive) {
+            if ((nowTime - beginTime) > timeToLive) {
                 m_sessiontable.removeEntry(sessionId);
                 CMS.debug("SessionTimer run: successfully remove the session id entry from the table.");
-                
+
                 // audit message
                 String auditParams = "operation;;expire_token+token;;" + sessionId;
                 String auditMessage = CMS.getLogMessage(
@@ -62,9 +62,7 @@ public class SessionTimer extends TimerTask {
                                        ILogger.LL_SECURITY,
                                        auditMessage);
 
-                
             }
         }
     }
 }
-
diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/SizePanel.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/SizePanel.java
index 0e6a507a..8f5d6808 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/SizePanel.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/SizePanel.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.servlet.csadmin;
 
-
 import java.io.IOException;
 import java.security.KeyPair;
 import java.security.NoSuchAlgorithmException;
@@ -54,13 +53,14 @@ public class SizePanel extends WizardPanelBase {
     private String default_rsa_key_size;
     private boolean mShowSigning = false;
 
-    public SizePanel() {}
+    public SizePanel() {
+    }
 
     /**
      * Initializes this panel.
      */
-    public void init(WizardServlet servlet, ServletConfig config, int panelno, String id) 
-        throws ServletException {
+    public void init(WizardServlet servlet, ServletConfig config, int panelno, String id)
+            throws ServletException {
         setPanelNo(panelno);
         setName("Key Pairs");
         setId(id);
@@ -69,25 +69,28 @@ public class SizePanel extends WizardPanelBase {
 
     public PropertySet getUsage() {
         PropertySet set = new PropertySet();
-                                                                                
+
         Descriptor choiceDesc = new Descriptor(IDescriptor.CHOICE,
                 "default,custom", null, /* no default parameter */
                 "If 'default', the key size will be configured automatically. If 'custom', the key size will be set to the value of the parameter 'custom_size'.");
 
         set.add("choice", choiceDesc);
-                                                                                
-        Descriptor customSizeDesc = new Descriptor(IDescriptor.STRING, null, /* no constraint */
+
+        Descriptor customSizeDesc = new Descriptor(IDescriptor.STRING, null, /*
+                                                                              * no
+                                                                              * constraint
+                                                                              */
                 null, /* no default parameter */
                 "Custom Key Size");
 
         set.add("custom_size", customSizeDesc);
-                                                                                
+
         return set;
     }
 
     public void cleanUp() throws IOException {
         IConfigStore cs = CMS.getConfigStore();
-        /* clean up if necessary*/
+        /* clean up if necessary */
         try {
             boolean done = cs.getBoolean("preop.SizePanel.done");
             cs.putBoolean("preop.SizePanel.done", false);
@@ -105,7 +108,8 @@ public class SizePanel extends WizardPanelBase {
             } else {
                 return true;
             }
-        } catch (EBaseException e) {}
+        } catch (EBaseException e) {
+        }
 
         return false;
     }
@@ -118,7 +122,7 @@ public class SizePanel extends WizardPanelBase {
             Context context) {
         CMS.debug("SizePanel: display()");
         try {
-          initParams(request, context);
+            initParams(request, context);
         } catch (IOException e) {
         }
 
@@ -134,12 +138,12 @@ public class SizePanel extends WizardPanelBase {
         }
 
         try {
-            default_ecc_curve_name = config.getString("keys.ecc.curve.default", "nistp256"); 
+            default_ecc_curve_name = config.getString("keys.ecc.curve.default", "nistp256");
         } catch (Exception e) {
         }
 
         try {
-            default_rsa_key_size = config.getString("keys.rsa.keysize.default", "2048"); 
+            default_rsa_key_size = config.getString("keys.rsa.keysize.default", "2048");
         } catch (Exception e) {
         }
 
@@ -180,12 +184,13 @@ public class SizePanel extends WizardPanelBase {
                         PCERT_PREFIX + certTag + ".signing.required",
                         false);
                 c.setSigningRequired(signingRequired);
-                if (signingRequired) mShowSigning = true;
+                if (signingRequired)
+                    mShowSigning = true;
 
                 String userfriendlyname = config.getString(
                         PCERT_PREFIX + certTag + ".userfriendlyname");
                 c.setUserFriendlyName(userfriendlyname);
-                boolean enable = config.getBoolean(PCERT_PREFIX+certTag+".enable", true); 
+                boolean enable = config.getBoolean(PCERT_PREFIX + certTag + ".enable", true);
                 c.setEnable(enable);
                 mCerts.addElement(c);
             }// while
@@ -236,13 +241,13 @@ public class SizePanel extends WizardPanelBase {
             if (select1.equals("clone")) {
                 // preset the sslserver dn for cloning case
                 try {
-                   String val = config.getString("preop.cert.sslserver.dn", "");
-                   config.putString("preop.cert.sslserver.dn", val+",o=clone");
+                    String val = config.getString("preop.cert.sslserver.dn", "");
+                    config.putString("preop.cert.sslserver.dn", val + ",o=clone");
                 } catch (Exception ee) {
                 }
             }
         }
-            
+
         String token = "";
         try {
             token = config.getString(PRE_CONF_CA_TOKEN, "");
@@ -251,11 +256,13 @@ public class SizePanel extends WizardPanelBase {
             while (c.hasMoreElements()) {
                 Cert cert = (Cert) c.nextElement();
                 String ct = cert.getCertTag();
-                boolean enable = config.getBoolean(PCERT_PREFIX+ct+".enable", true); 
+                boolean enable = config.getBoolean(PCERT_PREFIX + ct + ".enable", true);
                 if (!enable)
                     continue;
 
-                String keytype = HttpInput.getKeyType(request, ct + "_keytype"); // rsa or ecc
+                String keytype = HttpInput.getKeyType(request, ct + "_keytype"); // rsa
+                                                                                 // or
+                                                                                 // ecc
 
                 String keyalgorithm = HttpInput.getString(request, ct + "_keyalgorithm");
                 if (keyalgorithm == null) {
@@ -280,28 +287,28 @@ public class SizePanel extends WizardPanelBase {
                 }
                 CMS.debug(
                         "SizePanel: update() keysize choice selected:" + select);
-                String oldkeysize = 
-                  config.getString(PCERT_PREFIX+ct+".keysize.size", "");
-                String oldkeytype = 
-                  config.getString(PCERT_PREFIX + ct + ".keytype", "");
-                String oldkeyalgorithm = 
-                  config.getString(PCERT_PREFIX + ct + ".keyalgorithm", "");
-                String oldsigningalgorithm = 
-                  config.getString(PCERT_PREFIX + ct + ".signingalgorithm", "");
+                String oldkeysize =
+                        config.getString(PCERT_PREFIX + ct + ".keysize.size", "");
+                String oldkeytype =
+                        config.getString(PCERT_PREFIX + ct + ".keytype", "");
+                String oldkeyalgorithm =
+                        config.getString(PCERT_PREFIX + ct + ".keyalgorithm", "");
+                String oldsigningalgorithm =
+                        config.getString(PCERT_PREFIX + ct + ".signingalgorithm", "");
                 String oldcurvename =
-                  config.getString(PCERT_PREFIX + ct + ".curvename.name", "");
+                        config.getString(PCERT_PREFIX + ct + ".curvename.name", "");
 
                 if (select.equals("default")) {
                     // XXXrenaming these...keep for now just in case
                     config.putString("preop.keysize.select", "default");
                     if (keytype != null && keytype.equals("ecc")) {
-                      config.putString("preop.curvename.custom_name",
-                            default_ecc_curve_name);
-                      config.putString("preop.curvename.name", default_ecc_curve_name);
+                        config.putString("preop.curvename.custom_name",
+                                default_ecc_curve_name);
+                        config.putString("preop.curvename.name", default_ecc_curve_name);
                     } else {
-                      config.putString("preop.keysize.custom_size",
-                            default_rsa_key_size);
-                      config.putString("preop.keysize.size", default_rsa_key_size);
+                        config.putString("preop.keysize.custom_size",
+                                default_rsa_key_size);
+                        config.putString("preop.keysize.size", default_rsa_key_size);
                     }
 
                     config.putString(PCERT_PREFIX + ct + ".keytype", keytype);
@@ -311,31 +318,31 @@ public class SizePanel extends WizardPanelBase {
                             "default");
 
                     if (keytype != null && keytype.equals("ecc")) {
-                      config.putString(PCERT_PREFIX + ct + 
-                            ".curvename.custom_name",
-                            default_ecc_curve_name);
-                      config.putString(PCERT_PREFIX + ct + ".curvename.name",
-                            default_ecc_curve_name);
+                        config.putString(PCERT_PREFIX + ct +
+                                ".curvename.custom_name",
+                                default_ecc_curve_name);
+                        config.putString(PCERT_PREFIX + ct + ".curvename.name",
+                                default_ecc_curve_name);
                     } else {
-                      config.putString(PCERT_PREFIX + ct + 
-                            ".keysize.custom_size",
-                            default_rsa_key_size);
-                      config.putString(PCERT_PREFIX + ct + ".keysize.size",
-                            default_rsa_key_size);
+                        config.putString(PCERT_PREFIX + ct +
+                                ".keysize.custom_size",
+                                default_rsa_key_size);
+                        config.putString(PCERT_PREFIX + ct + ".keysize.size",
+                                default_rsa_key_size);
                     }
                 } else if (select.equals("custom")) {
                     // XXXrenaming these...keep for now just in case
                     config.putString("preop.keysize.select", "custom");
                     if (keytype != null && keytype.equals("ecc")) {
-                        config.putString("preop.curvename.name", 
-                            HttpInput.getString(request, ct + "_custom_curvename"));
+                        config.putString("preop.curvename.name",
+                                HttpInput.getString(request, ct + "_custom_curvename"));
                         config.putString("preop.curvename.custom_name",
-                            HttpInput.getString(request, ct + "_custom_curvename"));
+                                HttpInput.getString(request, ct + "_custom_curvename"));
                     } else {
-                        config.putString("preop.keysize.size", 
-                            HttpInput.getKeySize(request, ct + "_custom_size", keytype));
+                        config.putString("preop.keysize.size",
+                                HttpInput.getKeySize(request, ct + "_custom_size", keytype));
                         config.putString("preop.keysize.custom_size",
-                            HttpInput.getKeySize(request, ct + "_custom_size", keytype));
+                                HttpInput.getKeySize(request, ct + "_custom_size", keytype));
                     }
 
                     config.putString(PCERT_PREFIX + ct + ".keytype", keytype);
@@ -346,42 +353,42 @@ public class SizePanel extends WizardPanelBase {
 
                     if (keytype != null && keytype.equals("ecc")) {
                         config.putString(PCERT_PREFIX + ct + ".curvename.custom_name",
-                            HttpInput.getString(request, ct + "_custom_curvename"));
+                                HttpInput.getString(request, ct + "_custom_curvename"));
                         config.putString(PCERT_PREFIX + ct + ".curvename.name",
-                            HttpInput.getString(request, ct + "_custom_curvename"));
+                                HttpInput.getString(request, ct + "_custom_curvename"));
                     } else {
                         config.putString(PCERT_PREFIX + ct + ".keysize.custom_size",
-                            HttpInput.getKeySize(request, ct + "_custom_size"));
+                                HttpInput.getKeySize(request, ct + "_custom_size"));
                         config.putString(PCERT_PREFIX + ct + ".keysize.size",
-                            HttpInput.getKeySize(request, ct + "_custom_size"));
+                                HttpInput.getKeySize(request, ct + "_custom_size"));
                     }
                 } else {
                     CMS.debug("SizePanel: invalid choice " + select);
                     throw new IOException("invalid choice " + select);
                 }
 
-                String newkeysize = 
-                  config.getString(PCERT_PREFIX+ct+".keysize.size", "");
-                String newkeytype = 
-                  config.getString(PCERT_PREFIX + ct + ".keytype", "");
-                String newkeyalgorithm = 
-                  config.getString(PCERT_PREFIX + ct + ".keyalgorithm", "");
-                String newsigningalgorithm = 
-                  config.getString(PCERT_PREFIX + ct + ".signingalgorithm", "");
-                String newcurvename = 
-                  config.getString(PCERT_PREFIX+ct+".curvename.name", "");
-
-                if (!oldkeysize.equals(newkeysize) || 
-                  !oldkeytype.equals(newkeytype) ||
-                  !oldkeyalgorithm.equals(newkeyalgorithm) ||
-                  !oldsigningalgorithm.equals(newsigningalgorithm) ||
-                  !oldcurvename.equals(newcurvename))
+                String newkeysize =
+                        config.getString(PCERT_PREFIX + ct + ".keysize.size", "");
+                String newkeytype =
+                        config.getString(PCERT_PREFIX + ct + ".keytype", "");
+                String newkeyalgorithm =
+                        config.getString(PCERT_PREFIX + ct + ".keyalgorithm", "");
+                String newsigningalgorithm =
+                        config.getString(PCERT_PREFIX + ct + ".signingalgorithm", "");
+                String newcurvename =
+                        config.getString(PCERT_PREFIX + ct + ".curvename.name", "");
+
+                if (!oldkeysize.equals(newkeysize) ||
+                        !oldkeytype.equals(newkeytype) ||
+                        !oldkeyalgorithm.equals(newkeyalgorithm) ||
+                        !oldsigningalgorithm.equals(newsigningalgorithm) ||
+                        !oldcurvename.equals(newcurvename))
                     hasChanged = true;
             }// while
 
             try {
                 config.commit(false);
-            } catch (EBaseException e) { 
+            } catch (EBaseException e) {
                 CMS.debug("SizePanel: update() Exception caught at config commit: " + e.toString());
             }
 
@@ -393,7 +400,7 @@ public class SizePanel extends WizardPanelBase {
                 context.put("updateStatus", "success");
                 return;
             }
-        } catch (IOException e) { 
+        } catch (IOException e) {
             CMS.debug("SizePanel: update() IOException caught: " + e.toString());
             context.put("updateStatus", "failure");
             throw e;
@@ -401,11 +408,11 @@ public class SizePanel extends WizardPanelBase {
             CMS.debug("SizePanel: update() NumberFormatException caught: " + e.toString());
             context.put("updateStatus", "failure");
             throw e;
-        } catch (Exception e) { 
+        } catch (Exception e) {
             CMS.debug("SizePanel: update() Exception caught: " + e.toString());
         }
 
-        // generate key pair 
+        // generate key pair
         Enumeration c = mCerts.elements();
 
         while (c.hasMoreElements()) {
@@ -414,7 +421,7 @@ public class SizePanel extends WizardPanelBase {
             String friendlyName = ct;
             boolean enable = true;
             try {
-                enable = config.getBoolean(PCERT_PREFIX+ct+".enable", true);
+                enable = config.getBoolean(PCERT_PREFIX + ct + ".enable", true);
                 friendlyName = config.getString(PCERT_PREFIX + ct + ".userfriendlyname", ct);
             } catch (Exception e) {
             }
@@ -425,15 +432,15 @@ public class SizePanel extends WizardPanelBase {
             try {
                 String keytype = config.getString(PCERT_PREFIX + ct + ".keytype");
                 String keyalgorithm = config.getString(PCERT_PREFIX + ct + ".keyalgorithm");
-                                                                               
+
                 if (keytype.equals("rsa")) {
                     int keysize = config.getInteger(
-                        PCERT_PREFIX + ct + ".keysize.size");
+                            PCERT_PREFIX + ct + ".keysize.size");
 
                     createRSAKeyPair(token, keysize, config, ct);
                 } else {
                     String curveName = config.getString(
-                        PCERT_PREFIX + ct + ".curvename.name", default_ecc_curve_name);
+                            PCERT_PREFIX + ct + ".curvename.name", default_ecc_curve_name);
                     createECCKeyPair(token, curveName, config, ct);
                 }
                 config.commit(false);
@@ -441,40 +448,39 @@ public class SizePanel extends WizardPanelBase {
                 CMS.debug(e);
                 CMS.debug("SizePanel: key generation failure: " + e.toString());
                 context.put("updateStatus", "failure");
-                throw new IOException("key generation failure for the certificate: " + friendlyName + 
+                throw new IOException("key generation failure for the certificate: " + friendlyName +
                                       ".  See the logs for details.");
             }
         } // while
 
         if (hasErr == false) {
-          config.putBoolean("preop.SizePanel.done", true);
-          try {
-            config.commit(false);
-          } catch (EBaseException e) { 
-            CMS.debug(
-                  "SizePanel: update() Exception caught at config commit: "
-                            + e.toString());
-	  }
-	}
+            config.putBoolean("preop.SizePanel.done", true);
+            try {
+                config.commit(false);
+            } catch (EBaseException e) {
+                CMS.debug(
+                        "SizePanel: update() Exception caught at config commit: "
+                                + e.toString());
+            }
+        }
         CMS.debug("SizePanel: update() done");
         context.put("updateStatus", "success");
 
     }
 
-    public void createECCKeyPair(String token, String curveName, IConfigStore config, String ct) 
-            throws NoSuchAlgorithmException, NoSuchTokenException, TokenException, CryptoManager.NotInitializedException
-    {
-        CMS.debug("Generating ECC key pair with curvename="+ curveName +
-                    ", token="+token);
+    public void createECCKeyPair(String token, String curveName, IConfigStore config, String ct)
+            throws NoSuchAlgorithmException, NoSuchTokenException, TokenException, CryptoManager.NotInitializedException {
+        CMS.debug("Generating ECC key pair with curvename=" + curveName +
+                    ", token=" + token);
         KeyPair pair = null;
         /*
-         * default ssl server cert to ECDHE unless stated otherwise
-         * note: IE only supports "ECDHE", but "ECDH" is more efficient
-         *
+         * default ssl server cert to ECDHE unless stated otherwise note: IE
+         * only supports "ECDHE", but "ECDH" is more efficient
+         * 
          * for "ECDHE", server.xml should have the following for ciphers:
          * +TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
          * -TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
-         *
+         * 
          * for "ECDH", server.xml should have the following for ciphers:
          * -TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
          * +TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
@@ -488,48 +494,48 @@ public class SizePanel extends WizardPanelBase {
 
         // ECDHE needs "SIGN" but no "DERIVE"
         org.mozilla.jss.crypto.KeyPairGeneratorSpi.Usage usages_mask[] = {
-            org.mozilla.jss.crypto.KeyPairGeneratorSpi.Usage.DERIVE
+                org.mozilla.jss.crypto.KeyPairGeneratorSpi.Usage.DERIVE
         };
 
         // ECDH needs "DERIVE" but no any kind of "SIGN"
         org.mozilla.jss.crypto.KeyPairGeneratorSpi.Usage ECDH_usages_mask[] = {
-            org.mozilla.jss.crypto.KeyPairGeneratorSpi.Usage.SIGN,
-            org.mozilla.jss.crypto.KeyPairGeneratorSpi.Usage.SIGN_RECOVER,
+                org.mozilla.jss.crypto.KeyPairGeneratorSpi.Usage.SIGN,
+                org.mozilla.jss.crypto.KeyPairGeneratorSpi.Usage.SIGN_RECOVER,
         };
 
         do {
-          if (ct.equals("sslserver") && sslType.equalsIgnoreCase("ECDH")) {
-              CMS.debug("SizePanel: createECCKeypair: sslserver cert for ECDH. Make sure server.xml is set properly with -TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,+TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA");
-              pair = CryptoUtil.generateECCKeyPair(token, curveName,
-                    null,
-                    ECDH_usages_mask);
-          } else {
-              if (ct.equals("sslserver")) {
-                CMS.debug("SizePanel: createECCKeypair: sslserver cert for ECDHE. Make sure server.xml is set properly with +TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,-TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA");
-              }
-              pair = CryptoUtil.generateECCKeyPair(token, curveName,
-                    null,
-                    usages_mask);
-          }
-
-          // XXX - store curve , w
-          byte id[] = ((org.mozilla.jss.crypto.PrivateKey) pair.getPrivate()).getUniqueID();
-          String kid = CryptoUtil.byte2string(id);
-          config.putString(PCERT_PREFIX + ct + ".privkey.id", kid);
-
-          // try to locate the private key
-            org.mozilla.jss.crypto.PrivateKey privk = 
-                CryptoUtil.findPrivateKeyFromID(CryptoUtil.string2byte(kid));
-            if (privk == null)  {
-              CMS.debug("Found bad ECC key id " + kid);
-              pair = null;
+            if (ct.equals("sslserver") && sslType.equalsIgnoreCase("ECDH")) {
+                CMS.debug("SizePanel: createECCKeypair: sslserver cert for ECDH. Make sure server.xml is set properly with -TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,+TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA");
+                pair = CryptoUtil.generateECCKeyPair(token, curveName,
+                        null,
+                        ECDH_usages_mask);
+            } else {
+                if (ct.equals("sslserver")) {
+                    CMS.debug("SizePanel: createECCKeypair: sslserver cert for ECDHE. Make sure server.xml is set properly with +TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,-TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA");
+                }
+                pair = CryptoUtil.generateECCKeyPair(token, curveName,
+                        null,
+                        usages_mask);
+            }
+
+            // XXX - store curve , w
+            byte id[] = ((org.mozilla.jss.crypto.PrivateKey) pair.getPrivate()).getUniqueID();
+            String kid = CryptoUtil.byte2string(id);
+            config.putString(PCERT_PREFIX + ct + ".privkey.id", kid);
+
+            // try to locate the private key
+            org.mozilla.jss.crypto.PrivateKey privk =
+                    CryptoUtil.findPrivateKeyFromID(CryptoUtil.string2byte(kid));
+            if (privk == null) {
+                CMS.debug("Found bad ECC key id " + kid);
+                pair = null;
             }
         } while (pair == null);
 
-        CMS.debug("Public key class " + pair.getPublic().getClass().getName()); 
+        CMS.debug("Public key class " + pair.getPublic().getClass().getName());
         byte encoded[] = pair.getPublic().getEncoded();
         config.putString(PCERT_PREFIX + ct + ".pubkey.encoded",
-          CryptoUtil.byte2string(encoded));
+                CryptoUtil.byte2string(encoded));
 
         String keyAlgo = "";
         try {
@@ -537,25 +543,24 @@ public class SizePanel extends WizardPanelBase {
         } catch (Exception e1) {
         }
 
-        setSigningAlgorithm(ct, keyAlgo, config); 
+        setSigningAlgorithm(ct, keyAlgo, config);
     }
 
-    public void createRSAKeyPair(String token, int keysize, IConfigStore config, String ct) 
-            throws NoSuchAlgorithmException, NoSuchTokenException, TokenException, CryptoManager.NotInitializedException
-    {
+    public void createRSAKeyPair(String token, int keysize, IConfigStore config, String ct)
+            throws NoSuchAlgorithmException, NoSuchTokenException, TokenException, CryptoManager.NotInitializedException {
         /* generate key pair */
         KeyPair pair = null;
         do {
-          pair = CryptoUtil.generateRSAKeyPair(token, keysize);
-          byte id[] = ((org.mozilla.jss.crypto.PrivateKey) pair.getPrivate()).getUniqueID();
-          String kid =  CryptoUtil.byte2string(id);
-          config.putString(PCERT_PREFIX + ct + ".privkey.id", kid);
-          // try to locate the private key
-          org.mozilla.jss.crypto.PrivateKey privk = 
-                CryptoUtil.findPrivateKeyFromID(CryptoUtil.string2byte(kid));
-            if (privk == null)  {
-              CMS.debug("Found bad RSA key id " + kid);
-              pair = null;
+            pair = CryptoUtil.generateRSAKeyPair(token, keysize);
+            byte id[] = ((org.mozilla.jss.crypto.PrivateKey) pair.getPrivate()).getUniqueID();
+            String kid = CryptoUtil.byte2string(id);
+            config.putString(PCERT_PREFIX + ct + ".privkey.id", kid);
+            // try to locate the private key
+            org.mozilla.jss.crypto.PrivateKey privk =
+                    CryptoUtil.findPrivateKeyFromID(CryptoUtil.string2byte(kid));
+            if (privk == null) {
+                CMS.debug("Found bad RSA key id " + kid);
+                pair = null;
             }
         } while (pair == null);
 
@@ -563,9 +568,9 @@ public class SizePanel extends WizardPanelBase {
         byte exponent[] = ((RSAPublicKey) pair.getPublic()).getPublicExponent().toByteArray();
 
         config.putString(PCERT_PREFIX + ct + ".pubkey.modulus",
-            CryptoUtil.byte2string(modulus));
+                CryptoUtil.byte2string(modulus));
         config.putString(PCERT_PREFIX + ct + ".pubkey.exponent",
-            CryptoUtil.byte2string(exponent));
+                CryptoUtil.byte2string(exponent));
 
         String keyAlgo = "";
         try {
@@ -573,41 +578,40 @@ public class SizePanel extends WizardPanelBase {
         } catch (Exception e1) {
         }
 
-        setSigningAlgorithm(ct, keyAlgo, config); 
+        setSigningAlgorithm(ct, keyAlgo, config);
     }
 
     public void setSigningAlgorithm(String ct, String keyAlgo, IConfigStore config) {
         String systemType = "";
         try {
-          systemType = config.getString("preop.system.name");
+            systemType = config.getString("preop.system.name");
         } catch (Exception e1) {
         }
         if (systemType.equalsIgnoreCase("CA")) {
-          if (ct.equals("signing")) {
-            config.putString("ca.signing.defaultSigningAlgorithm",
+            if (ct.equals("signing")) {
+                config.putString("ca.signing.defaultSigningAlgorithm",
                            keyAlgo);
-            config.putString("ca.crl.MasterCRL.signingAlgorithm",
+                config.putString("ca.crl.MasterCRL.signingAlgorithm",
                            keyAlgo);
-          } else if (ct.equals("ocsp_signing")) {
-            config.putString("ca.ocsp_signing.defaultSigningAlgorithm",
+            } else if (ct.equals("ocsp_signing")) {
+                config.putString("ca.ocsp_signing.defaultSigningAlgorithm",
                            keyAlgo);
-          }
+            }
         } else if (systemType.equalsIgnoreCase("OCSP")) {
-          if (ct.equals("signing")) {
-             config.putString("ocsp.signing.defaultSigningAlgorithm",
+            if (ct.equals("signing")) {
+                config.putString("ocsp.signing.defaultSigningAlgorithm",
                            keyAlgo);
-           }
+            }
         } else if (systemType.equalsIgnoreCase("KRA") ||
-               systemType.equalsIgnoreCase("DRM")) {
-           if (ct.equals("transport")) {
+                systemType.equalsIgnoreCase("DRM")) {
+            if (ct.equals("transport")) {
                 config.putString("kra.transportUnit.signingAlgorithm", keyAlgo);
-           }
+            }
         }
     }
 
     public void initParams(HttpServletRequest request, Context context)
-                   throws IOException
-    {
+                   throws IOException {
         IConfigStore config = CMS.getConfigStore();
         String s = "";
         try {
@@ -646,7 +650,7 @@ public class SizePanel extends WizardPanelBase {
             HttpServletResponse response,
             Context context) {
         try {
-          initParams(request, context);
+            initParams(request, context);
         } catch (IOException e) {
         }
 
diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/TokenAuthenticate.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/TokenAuthenticate.java
index cf59e07c..027ec305 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/TokenAuthenticate.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/TokenAuthenticate.java
@@ -51,6 +51,7 @@ public class TokenAuthenticate extends CMSServlet {
 
     /**
      * initialize the servlet.
+     * 
      * @param sc servlet configuration, read from the web.xml file
      */
     public void init(ServletConfig sc) throws ServletException {
@@ -58,13 +59,14 @@ public class TokenAuthenticate extends CMSServlet {
     }
 
     /**
-     * Process the HTTP request. 
+     * Process the HTTP request.
+     * 
      * @param cmsReq the object holding the request and response information
      */
     protected void process(CMSRequest cmsReq) throws EBaseException {
         HttpServletRequest httpReq = cmsReq.getHttpReq();
         HttpServletResponse httpResp = cmsReq.getHttpResp();
-	IConfigStore config = CMS.getConfigStore();
+        IConfigStore config = CMS.getConfigStore();
 
         String sessionId = httpReq.getParameter("sessionID");
         CMS.debug("TokenAuthentication: sessionId=" + sessionId);
@@ -85,9 +87,9 @@ public class TokenAuthenticate extends CMSServlet {
             CMS.debug("TokenAuthentication: found session");
             if (checkIP) {
                 String hostname = table.getIP(sessionId);
-                if (! hostname.equals(givenHost)) {
-                    CMS.debug("TokenAuthentication: hostname=" + hostname + " and givenHost=" 
-                        + givenHost + " are different");
+                if (!hostname.equals(givenHost)) {
+                    CMS.debug("TokenAuthentication: hostname=" + hostname + " and givenHost="
+                            + givenHost + " are different");
                     CMS.debug("TokenAuthenticate authenticate failed, wrong hostname.");
                     outputError(httpResp, "Error: Failed Authentication");
                     return;
@@ -122,7 +124,15 @@ public class TokenAuthenticate extends CMSServlet {
         }
     }
 
-    protected void renderResult(CMSRequest cmsReq) throws IOException {// do nothing, ie, it will not return the default javascript.
+    protected void renderResult(CMSRequest cmsReq) throws IOException {// do
+                                                                       // nothing,
+                                                                       // ie, it
+                                                                       // will
+                                                                       // not
+                                                                       // return
+                                                                       // the
+                                                                       // default
+                                                                       // javascript.
     }
 
     /**
diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/UpdateConnector.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/UpdateConnector.java
index cf699c61..f6bd23d1 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/UpdateConnector.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/UpdateConnector.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.servlet.csadmin;
 
-
 import java.io.IOException;
 import java.util.Enumeration;
 import java.util.Locale;
@@ -45,7 +44,6 @@ import com.netscape.cms.servlet.common.CMSRequest;
 import com.netscape.cms.servlet.common.ICMSTemplateFiller;
 import com.netscape.cmsutil.xml.XMLObject;
 
-
 public class UpdateConnector extends CMSServlet {
 
     /**
@@ -62,6 +60,7 @@ public class UpdateConnector extends CMSServlet {
 
     /**
      * initialize the servlet.
+     * 
      * @param sc servlet configuration, read from the web.xml file
      */
     public void init(ServletConfig sc) throws ServletException {
@@ -71,7 +70,7 @@ public class UpdateConnector extends CMSServlet {
     }
 
     /**
-     * Process the HTTP request. 
+     * Process the HTTP request.
      */
     protected void process(CMSRequest cmsReq) throws EBaseException {
         CMS.debug("UpdateConnector: processing...");
@@ -85,9 +84,9 @@ public class UpdateConnector extends CMSServlet {
             CMS.debug("UpdateConnector authentication successful.");
         } catch (Exception e) {
             CMS.debug("UpdateConnector: authentication failed.");
-            log(ILogger.LL_FAILURE, 
+            log(ILogger.LL_FAILURE,
                     CMS.getLogMessage("CMSGW_ERR_BAD_SERV_OUT_STREAM", "",
-                    e.toString()));
+                            e.toString()));
             outputError(httpResp, AUTH_FAILURE, "Error: Not authenticated");
             return;
         }
@@ -100,19 +99,19 @@ public class UpdateConnector extends CMSServlet {
 
         AuthzToken authzToken = null;
         try {
-            authzToken = authorize(mAclMethod, authToken, mAuthzResourceName, 
-              "modify");
+            authzToken = authorize(mAclMethod, authToken, mAuthzResourceName,
+                    "modify");
             CMS.debug("UpdateConnector authorization successful.");
         } catch (EAuthzAccessDenied e) {
             log(ILogger.LL_FAILURE,
-                CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+                    CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
             outputError(httpResp, "Error: Not authorized");
             return;
         } catch (Exception e) {
             log(ILogger.LL_FAILURE,
-                CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+                    CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
             outputError(httpResp,
-                "Error: Encountered problem during authorization.");
+                    "Error: Encountered problem during authorization.");
             return;
         }
 
@@ -125,7 +124,7 @@ public class UpdateConnector extends CMSServlet {
 
         Enumeration list = httpReq.getParameterNames();
         while (list.hasMoreElements()) {
-            String name = (String)list.nextElement();
+            String name = (String) list.nextElement();
             String val = httpReq.getParameter(name);
             if (name != null && name.startsWith("ca.connector")) {
                 CMS.debug("Adding connector update name=" + name + " val=" + val);
@@ -134,24 +133,24 @@ public class UpdateConnector extends CMSServlet {
                 CMS.debug("Skipping connector update name=" + name + " val=" + val);
             }
         }
- 
-        try { 
+
+        try {
             String nickname = cs.getString("ca.subsystem.nickname", "");
             String tokenname = cs.getString("ca.subsystem.tokenname", "");
             if (!tokenname.equals("Internal Key Storage Token"))
-                nickname = tokenname+":"+nickname;
+                nickname = tokenname + ":" + nickname;
             cs.putString("ca.connector.KRA.nickName", nickname);
             cs.commit(false);
         } catch (Exception e) {
         }
 
         // start the connector
-        try { 
+        try {
             ICertificateAuthority ca = (ICertificateAuthority)
-                CMS.getSubsystem("ca");
-            ICAService caService = (ICAService)ca.getCAService();
+                    CMS.getSubsystem("ca");
+            ICAService caService = (ICAService) ca.getCAService();
             IConnector kraConnector = caService.getConnector(
-                cs.getSubStore("ca.connector.KRA"));
+                    cs.getSubStore("ca.connector.KRA"));
             caService.setKRAConnector(kraConnector);
             kraConnector.start();
         } catch (Exception e) {
@@ -173,14 +172,23 @@ public class UpdateConnector extends CMSServlet {
         }
     }
 
-    protected void setDefaultTemplates(ServletConfig sc) {}
+    protected void setDefaultTemplates(ServletConfig sc) {
+    }
 
     protected void renderTemplate(
             CMSRequest cmsReq, String templateName, ICMSTemplateFiller filler)
-        throws IOException {// do nothing
-    } 
+            throws IOException {// do nothing
+    }
 
-    protected void renderResult(CMSRequest cmsReq) throws IOException {// do nothing, ie, it will not return the default javascript.
+    protected void renderResult(CMSRequest cmsReq) throws IOException {// do
+                                                                       // nothing,
+                                                                       // ie, it
+                                                                       // will
+                                                                       // not
+                                                                       // return
+                                                                       // the
+                                                                       // default
+                                                                       // javascript.
     }
 
     /**
diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/UpdateDomainXML.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/UpdateDomainXML.java
index c9fe27ef..4ca53eb5 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/UpdateDomainXML.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/UpdateDomainXML.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.servlet.csadmin;
 
-
 import java.io.FileInputStream;
 import java.io.FileOutputStream;
 import java.io.IOException;
@@ -55,7 +54,6 @@ import com.netscape.cms.servlet.common.CMSRequest;
 import com.netscape.cms.servlet.common.ICMSTemplateFiller;
 import com.netscape.cmsutil.xml.XMLObject;
 
-
 public class UpdateDomainXML extends CMSServlet {
 
     /**
@@ -65,9 +63,9 @@ public class UpdateDomainXML extends CMSServlet {
     private final static String SUCCESS = "0";
     private final static String FAILED = "1";
     private final static String LOGGING_SIGNED_AUDIT_SECURITY_DOMAIN_UPDATE =
-        "LOGGING_SIGNED_AUDIT_SECURITY_DOMAIN_UPDATE_1";
+            "LOGGING_SIGNED_AUDIT_SECURITY_DOMAIN_UPDATE_1";
     private final static String LOGGING_SIGNED_AUDIT_CONFIG_ROLE =
-        "LOGGING_SIGNED_AUDIT_CONFIG_ROLE_3";
+            "LOGGING_SIGNED_AUDIT_CONFIG_ROLE_3";
 
     public UpdateDomainXML() {
         super();
@@ -75,6 +73,7 @@ public class UpdateDomainXML extends CMSServlet {
 
     /**
      * initialize the servlet.
+     * 
      * @param sc servlet configuration, read from the web.xml file
      */
     public void init(ServletConfig sc) throws ServletException {
@@ -101,20 +100,19 @@ public class UpdateDomainXML extends CMSServlet {
                 status = FAILED;
                 CMS.debug("Failed to delete entry" + e.toString());
             }
-       } catch (Exception e) {
-            CMS.debug("Failed to delete entry" + e.toString()); 
-       } finally { 
+        } catch (Exception e) {
+            CMS.debug("Failed to delete entry" + e.toString());
+        } finally {
             try {
-                if ((conn != null) && (connFactory!= null)) {
+                if ((conn != null) && (connFactory != null)) {
                     CMS.debug("Releasing ldap connection");
                     connFactory.returnConn(conn);
                 }
-            }
-            catch (Exception e) {
+            } catch (Exception e) {
                 CMS.debug("Error releasing the ldap connection" + e.toString());
             }
-       }
-       return status;
+        }
+        return status;
     }
 
     private String modify_ldap(String dn, LDAPModification mod) {
@@ -135,23 +133,21 @@ public class UpdateDomainXML extends CMSServlet {
                 status = FAILED;
                 CMS.debug("Failed to modify entry" + e.toString());
             }
-       } catch (Exception e) {
+        } catch (Exception e) {
             CMS.debug("Failed to modify entry" + e.toString());
-       } finally {
+        } finally {
             try {
-                if ((conn != null) && (connFactory!= null)) {
+                if ((conn != null) && (connFactory != null)) {
                     CMS.debug("Releasing ldap connection");
                     connFactory.returnConn(conn);
                 }
-            }
-            catch (Exception e) {
+            } catch (Exception e) {
                 CMS.debug("Error releasing the ldap connection" + e.toString());
             }
-       }
-       return status;
+        }
+        return status;
     }
 
-
     private String add_to_ldap(LDAPEntry entry, String dn) {
         CMS.debug("UpdateDomainXML: add_to_ldap: starting");
         String status = SUCCESS;
@@ -172,37 +168,36 @@ public class UpdateDomainXML extends CMSServlet {
                     conn.delete(dn);
                     conn.add(entry);
                 } catch (LDAPException ee) {
-                    CMS.debug("UpdateDomainXML: Error when replacing existing entry "+ee.toString());
+                    CMS.debug("UpdateDomainXML: Error when replacing existing entry " + ee.toString());
                     status = FAILED;
                 }
             } else {
-                CMS.debug("UpdateDomainXML: Failed to update ldap domain info. Exception: "+e.toString());
+                CMS.debug("UpdateDomainXML: Failed to update ldap domain info. Exception: " + e.toString());
                 status = FAILED;
             }
         } catch (Exception e) {
             CMS.debug("Failed to add entry" + e.toString());
         } finally {
             try {
-                if ((conn != null) && (connFactory!= null)) {
+                if ((conn != null) && (connFactory != null)) {
                     CMS.debug("Releasing ldap connection");
                     connFactory.returnConn(conn);
                 }
-            }
-            catch (Exception e) {
+            } catch (Exception e) {
                 CMS.debug("Error releasing the ldap connection" + e.toString());
             }
-       }
-       return status;
+        }
+        return status;
     }
 
-
-
     /**
-     * Process the HTTP request. 
+     * Process the HTTP request.
      * <ul>
      * <li>http.param op 'downloadBIN' - return the binary certificate chain
-     * <li>http.param op 'displayIND' - display pretty-print of certificate chain components
+     * <li>http.param op 'displayIND' - display pretty-print of certificate
+     * chain components
      * </ul>
+     * 
      * @param cmsReq the object holding the request and response information
      */
     protected void process(CMSRequest cmsReq) throws EBaseException {
@@ -219,7 +214,7 @@ public class UpdateDomainXML extends CMSServlet {
             authToken = authenticate(cmsReq);
         } catch (Exception e) {
             log(ILogger.LL_FAILURE,
-                CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+                    CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
             outputError(httpResp, AUTH_FAILURE, "Error: Not authenticated");
             return;
         }
@@ -233,19 +228,19 @@ public class UpdateDomainXML extends CMSServlet {
         AuthzToken authzToken = null;
 
         try {
-            authzToken = authorize(mAclMethod, authToken, mAuthzResourceName, 
-                "modify");
+            authzToken = authorize(mAclMethod, authToken, mAuthzResourceName,
+                    "modify");
         } catch (EAuthzAccessDenied e) {
             log(ILogger.LL_FAILURE,
-                CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+                    CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
             outputError(httpResp, AUTH_FAILURE, "Error: Not authorized");
             return;
         } catch (Exception e) {
             log(ILogger.LL_FAILURE,
-                CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+                    CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
             outputError(httpResp,
-                AUTH_FAILURE, 
-                "Error: Encountered problem during authorization.");
+                    AUTH_FAILURE,
+                    "Error: Encountered problem during authorization.");
             return;
         }
         if (authzToken == null) {
@@ -272,7 +267,7 @@ public class UpdateDomainXML extends CMSServlet {
         String missing = "";
         if ((host == null) || host.equals("")) {
             missing += " host ";
-        } 
+        }
         if ((name == null) || name.equals("")) {
             missing += " name ";
         }
@@ -286,20 +281,20 @@ public class UpdateDomainXML extends CMSServlet {
             clone = "false";
         }
 
-        if (! missing.equals("")) {
-            CMS.debug("UpdateDomainXML process: required parameters:" + missing + 
+        if (!missing.equals("")) {
+            CMS.debug("UpdateDomainXML process: required parameters:" + missing +
                       "not provided in request");
-            outputError(httpResp, "Error: required parameters: "  + missing + 
+            outputError(httpResp, "Error: required parameters: " + missing +
                         "not provided in request");
             return;
         }
 
         String auditMessage = null;
         String auditSubjectID = auditSubjectID();
-        String auditParams = "host;;"+host+"+name;;"+name+"+sport;;"+sport+
-                             "+clone;;"+clone+"+type;;"+type;
+        String auditParams = "host;;" + host + "+name;;" + name + "+sport;;" + sport +
+                             "+clone;;" + clone + "+type;;" + type;
         if (operation != null) {
-            auditParams += "+operation;;"+operation;
+            auditParams += "+operation;;" + operation;
         } else {
             auditParams += "+operation;;add";
         }
@@ -312,8 +307,7 @@ public class UpdateDomainXML extends CMSServlet {
         try {
             basedn = cs.getString("internaldb.basedn");
             secstore = cs.getString("securitydomain.store");
-        }
-        catch (Exception e)  {
+        } catch (Exception e) {
             CMS.debug("Unable to determine security domain name or basedn. Please run the domaininfo migration script");
         }
 
@@ -326,7 +320,7 @@ public class UpdateDomainXML extends CMSServlet {
             String listName = type + "List";
             String cn = host + ":";
 
-            if ((adminsport!= null) && (adminsport != "")) {
+            if ((adminsport != null) && (adminsport != "")) {
                 cn += adminsport;
             } else {
                 cn += sport;
@@ -361,64 +355,63 @@ public class UpdateDomainXML extends CMSServlet {
             attrs.add(new LDAPAttribute("clone", clone.toUpperCase()));
             attrs.add(new LDAPAttribute("SubsystemName", name));
             entry = new LDAPEntry(dn, attrs);
- 
-            if ((operation !=  null) && (operation.equals("remove"))) {
-                    status = remove_from_ldap(dn);
-                    String adminUserDN;
-                    if ((agentsport != null) && (!agentsport.equals(""))) {
-                        adminUserDN = "uid=" + type + "-" + host + "-" + agentsport + ",ou=People," + basedn;
-                    } else {
-                        adminUserDN = "uid=" + type + "-" + host + "-" + sport + ",ou=People," + basedn;
-                    }
-                    String userAuditParams = "Scope;;users+Operation;;OP_DELETE+source;;UpdateDomainXML" +
-                                             "+resource;;"+adminUserDN;
-                    if (status.equals(SUCCESS)) {
-                        // remove the user for this subsystem's admin
-                        status2 = remove_from_ldap(adminUserDN);
-                        if (status2.equals(SUCCESS)) {
-                            auditMessage = CMS.getLogMessage(
+
+            if ((operation != null) && (operation.equals("remove"))) {
+                status = remove_from_ldap(dn);
+                String adminUserDN;
+                if ((agentsport != null) && (!agentsport.equals(""))) {
+                    adminUserDN = "uid=" + type + "-" + host + "-" + agentsport + ",ou=People," + basedn;
+                } else {
+                    adminUserDN = "uid=" + type + "-" + host + "-" + sport + ",ou=People," + basedn;
+                }
+                String userAuditParams = "Scope;;users+Operation;;OP_DELETE+source;;UpdateDomainXML" +
+                                             "+resource;;" + adminUserDN;
+                if (status.equals(SUCCESS)) {
+                    // remove the user for this subsystem's admin
+                    status2 = remove_from_ldap(adminUserDN);
+                    if (status2.equals(SUCCESS)) {
+                        auditMessage = CMS.getLogMessage(
                                                LOGGING_SIGNED_AUDIT_CONFIG_ROLE,
                                                auditSubjectID,
                                                ILogger.SUCCESS,
                                                userAuditParams);
-                            audit(auditMessage);
+                        audit(auditMessage);
 
-                            // remove this user from the subsystem group
-                            userAuditParams = "Scope;;groups+Operation;;OP_DELETE_USER" +
+                        // remove this user from the subsystem group
+                        userAuditParams = "Scope;;groups+Operation;;OP_DELETE_USER" +
                                               "+source;;UpdateDomainXML" +
-                                              "+resource;;Subsystem Group+user;;"+adminUserDN;
-                            dn = "cn=Subsystem Group, ou=groups," + basedn;
-                            LDAPModification mod = new LDAPModification(LDAPModification.DELETE, 
+                                              "+resource;;Subsystem Group+user;;" + adminUserDN;
+                        dn = "cn=Subsystem Group, ou=groups," + basedn;
+                        LDAPModification mod = new LDAPModification(LDAPModification.DELETE,
                                 new LDAPAttribute("uniqueMember", adminUserDN));
-                            status2 = modify_ldap(dn, mod);
-                            if (status2.equals(SUCCESS)) {
-                                auditMessage = CMS.getLogMessage(
+                        status2 = modify_ldap(dn, mod);
+                        if (status2.equals(SUCCESS)) {
+                            auditMessage = CMS.getLogMessage(
                                                    LOGGING_SIGNED_AUDIT_CONFIG_ROLE,
                                                    auditSubjectID,
                                                    ILogger.SUCCESS,
                                                    userAuditParams);
-                            } else {
-                                auditMessage = CMS.getLogMessage(
+                        } else {
+                            auditMessage = CMS.getLogMessage(
                                                    LOGGING_SIGNED_AUDIT_CONFIG_ROLE,
                                                    auditSubjectID,
                                                    ILogger.FAILURE,
                                                    userAuditParams);
-                            }
-                            audit(auditMessage);
-                        } else { // error deleting user
-                            auditMessage = CMS.getLogMessage(
+                        }
+                        audit(auditMessage);
+                    } else { // error deleting user
+                        auditMessage = CMS.getLogMessage(
                                                LOGGING_SIGNED_AUDIT_CONFIG_ROLE,
                                                auditSubjectID,
                                                ILogger.FAILURE,
                                                userAuditParams);
-                            audit(auditMessage);
-                        }
+                        audit(auditMessage);
                     }
+                }
             } else {
-                    status = add_to_ldap(entry, dn);
+                status = add_to_ldap(entry, dn);
             }
-        }
-        else { 
+        } else {
             // update the domain.xml file
             String path = CMS.getConfigStore().getString("instanceRoot", "")
                     + "/conf/domain.xml";
@@ -430,7 +423,7 @@ public class UpdateDomainXML extends CMSServlet {
                 CMS.debug("UpdateDomainXML: Inserting new domain info");
                 XMLObject parser = new XMLObject(new FileInputStream(path));
                 Node n = parser.getContainer(list);
-                int count =0;
+                int count = 0;
 
                 if ((operation != null) && (operation.equals("remove"))) {
                     // delete node
@@ -444,11 +437,11 @@ public class UpdateDomainXML extends CMSServlet {
                         Vector v_host = parser.getValuesFromContainer(nn, "Host");
                         Vector v_adminport = parser.getValuesFromContainer(nn, "SecureAdminPort");
                         if ((v_name.elementAt(0).equals(name)) && (v_host.elementAt(0).equals(host))
-                            && (v_adminport.elementAt(0).equals(adminsport))) {
-                                Node parent = nn.getParentNode();
-                                Node remNode = parent.removeChild(nn);
-                                count --;
-                                break;
+                                && (v_adminport.elementAt(0).equals(adminsport))) {
+                            Node parent = nn.getParentNode();
+                            Node remNode = parent.removeChild(nn);
+                            count--;
+                            break;
                         }
                     }
                 } else {
@@ -463,33 +456,33 @@ public class UpdateDomainXML extends CMSServlet {
                     parser.addItemToContainer(parent, "UnSecurePort", httpport);
                     parser.addItemToContainer(parent, "DomainManager", domainmgr.toUpperCase());
                     parser.addItemToContainer(parent, "Clone", clone.toUpperCase());
-                    count ++;
+                    count++;
                 }
-                //update count 
+                // update count
 
                 String countS = "";
                 NodeList nlist = n.getChildNodes();
                 Node countnode = null;
-                for (int i=0; i<nlist.getLength(); i++) {
-                    Element nn = (Element)nlist.item(i);
+                for (int i = 0; i < nlist.getLength(); i++) {
+                    Element nn = (Element) nlist.item(i);
                     String tagname = nn.getTagName();
                     if (tagname.equals("SubsystemCount")) {
                         countnode = nn;
                         NodeList nlist1 = nn.getChildNodes();
                         Node nn1 = nlist1.item(0);
-                        countS  = nn1.getNodeValue();
+                        countS = nn1.getNodeValue();
                         break;
                     }
                 }
 
-                CMS.debug("UpdateDomainXML process: SubsystemCount="+countS);
+                CMS.debug("UpdateDomainXML process: SubsystemCount=" + countS);
                 try {
-                        count += Integer.parseInt(countS);
+                    count += Integer.parseInt(countS);
                 } catch (Exception ee) {
                 }
 
                 Node nn2 = n.removeChild(countnode);
-                parser.addItemToContainer(n, "SubsystemCount", ""+count);
+                parser.addItemToContainer(n, "SubsystemCount", "" + count);
 
                 // recreate domain.xml
                 CMS.debug("UpdateDomainXML: Recreating domain.xml");
@@ -503,7 +496,7 @@ public class UpdateDomainXML extends CMSServlet {
             }
 
         }
-  
+
         if (status.equals(SUCCESS)) {
             auditMessage = CMS.getLogMessage(
                                LOGGING_SIGNED_AUDIT_SECURITY_DOMAIN_UPDATE,
@@ -520,11 +513,11 @@ public class UpdateDomainXML extends CMSServlet {
         }
         audit(auditMessage);
 
-       if (status.equals(SUCCESS) && status2.equals(SUCCESS)) {
-         status = SUCCESS;
-       } else {
-         status = FAILED;
-       }
+        if (status.equals(SUCCESS) && status2.equals(SUCCESS)) {
+            status = SUCCESS;
+        } else {
+            status = FAILED;
+        }
 
         try {
             // send success status back to the requestor
@@ -537,24 +530,34 @@ public class UpdateDomainXML extends CMSServlet {
 
             outputResult(httpResp, "application/xml", cb);
         } catch (Exception e) {
-                CMS.debug("UpdateDomainXML: Failed to send the XML output" + e.toString());
+            CMS.debug("UpdateDomainXML: Failed to send the XML output" + e.toString());
         }
     }
 
     protected String securityDomainXMLtoLDAP(String xmltag) {
-        if (xmltag.equals("Host")) return "host";
-        else return xmltag;
+        if (xmltag.equals("Host"))
+            return "host";
+        else
+            return xmltag;
     }
 
-
-    protected void setDefaultTemplates(ServletConfig sc) {}
+    protected void setDefaultTemplates(ServletConfig sc) {
+    }
 
     protected void renderTemplate(
             CMSRequest cmsReq, String templateName, ICMSTemplateFiller filler)
-        throws IOException {// do nothing
-    } 
+            throws IOException {// do nothing
+    }
 
-    protected void renderResult(CMSRequest cmsReq) throws IOException {// do nothing, ie, it will not return the default javascript.
+    protected void renderResult(CMSRequest cmsReq) throws IOException {// do
+                                                                       // nothing,
+                                                                       // ie, it
+                                                                       // will
+                                                                       // not
+                                                                       // return
+                                                                       // the
+                                                                       // default
+                                                                       // javascript.
     }
 
     /**
diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/UpdateNumberRange.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/UpdateNumberRange.java
index 0a1787aa..c0d0db10 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/UpdateNumberRange.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/UpdateNumberRange.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.servlet.csadmin;
 
-
 import java.io.IOException;
 import java.math.BigInteger;
 import java.util.Locale;
@@ -45,7 +44,6 @@ import com.netscape.cms.servlet.common.CMSRequest;
 import com.netscape.cms.servlet.common.ICMSTemplateFiller;
 import com.netscape.cmsutil.xml.XMLObject;
 
-
 public class UpdateNumberRange extends CMSServlet {
 
     /**
@@ -56,7 +54,7 @@ public class UpdateNumberRange extends CMSServlet {
     private final static String FAILED = "1";
     private final static String AUTH_FAILURE = "2";
     private final static String LOGGING_SIGNED_AUDIT_CONFIG_SERIAL_NUMBER =
-        "LOGGING_SIGNED_AUDIT_CONFIG_SERIAL_NUMBER_1";
+            "LOGGING_SIGNED_AUDIT_CONFIG_SERIAL_NUMBER_1";
 
     public UpdateNumberRange() {
         super();
@@ -64,6 +62,7 @@ public class UpdateNumberRange extends CMSServlet {
 
     /**
      * initialize the servlet.
+     * 
      * @param sc servlet configuration, read from the web.xml file
      */
     public void init(ServletConfig sc) throws ServletException {
@@ -73,11 +72,13 @@ public class UpdateNumberRange extends CMSServlet {
     }
 
     /**
-     * Process the HTTP request. 
+     * Process the HTTP request.
      * <ul>
      * <li>http.param op 'downloadBIN' - return the binary certificate chain
-     * <li>http.param op 'displayIND' - display pretty-print of certificate chain components
+     * <li>http.param op 'displayIND' - display pretty-print of certificate
+     * chain components
      * </ul>
+     * 
      * @param cmsReq the object holding the request and response information
      */
     protected void process(CMSRequest cmsReq) throws EBaseException {
@@ -96,18 +97,18 @@ public class UpdateNumberRange extends CMSServlet {
         AuthzToken authzToken = null;
 
         try {
-            authzToken = authorize(mAclMethod, authToken, mAuthzResourceName, 
-                "modify");
+            authzToken = authorize(mAclMethod, authToken, mAuthzResourceName,
+                    "modify");
         } catch (EAuthzAccessDenied e) {
             log(ILogger.LL_FAILURE,
-                CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+                    CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
             outputError(httpResp, "Error: Not authorized");
             return;
         } catch (Exception e) {
             log(ILogger.LL_FAILURE,
-                CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+                    CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
             outputError(httpResp,
-                "Error: Encountered problem during authorization.");
+                    "Error: Encountered problem during authorization.");
             return;
         }
         if (authzToken == null) {
@@ -131,13 +132,13 @@ public class UpdateNumberRange extends CMSServlet {
             BigInteger oneNum = new BigInteger("1");
             String endNumConfig = null;
             String cloneNumConfig = null;
-            String nextEndConfig = null; 
+            String nextEndConfig = null;
             int radix = 10;
 
             IRepository repo = null;
             if (cstype.equals("KRA")) {
                 IKeyRecoveryAuthority kra = (IKeyRecoveryAuthority) CMS.getSubsystem(
-                     IKeyRecoveryAuthority.ID);
+                        IKeyRecoveryAuthority.ID);
                 if (type.equals("request")) {
                     repo = kra.getRequestQueue().getRequestRepository();
                 } else if (type.equals("serialNo")) {
@@ -147,7 +148,7 @@ public class UpdateNumberRange extends CMSServlet {
                 }
             } else { // CA
                 ICertificateAuthority ca = (ICertificateAuthority) CMS.getSubsystem(
-                     ICertificateAuthority.ID);
+                        ICertificateAuthority.ID);
                 if (type.equals("request")) {
                     repo = ca.getRequestQueue().getRequestRepository();
                 } else if (type.equals("serialNo")) {
@@ -157,26 +158,28 @@ public class UpdateNumberRange extends CMSServlet {
                 }
             }
 
-            // checkRanges for replicaID - we do this each time a replica is created.
-            // This needs to be done beforehand to ensure that we always have enough 
+            // checkRanges for replicaID - we do this each time a replica is
+            // created.
+            // This needs to be done beforehand to ensure that we always have
+            // enough
             // replica numbers
             if (type.equals("replicaId")) {
-               CMS.debug("Checking replica number ranges");
-               repo.checkRanges();
+                CMS.debug("Checking replica number ranges");
+                repo.checkRanges();
             }
-               
+
             if (type.equals("request")) {
                 radix = 10;
                 endNumConfig = "dbs.endRequestNumber";
                 cloneNumConfig = "dbs.requestCloneTransferNumber";
                 nextEndConfig = "dbs.nextEndRequestNumber";
             } else if (type.equals("serialNo")) {
-                radix=16;
+                radix = 16;
                 endNumConfig = "dbs.endSerialNumber";
                 cloneNumConfig = "dbs.serialCloneTransferNumber";
                 nextEndConfig = "dbs.nextEndSerialNumber";
             } else if (type.equals("replicaId")) {
-                radix=10;
+                radix = 10;
                 endNumConfig = "dbs.endReplicaNumber";
                 cloneNumConfig = "dbs.replicaCloneTransferNumber";
                 nextEndConfig = "dbs.nextEndReplicaNumber";
@@ -192,11 +195,11 @@ public class UpdateNumberRange extends CMSServlet {
                 String nextEndNumStr = cs.getString(nextEndConfig, "");
                 BigInteger endNum2 = new BigInteger(nextEndNumStr, radix);
                 CMS.debug("Transferring from the end of on-deck range");
-				String newValStr = endNum2.subtract(decrement).toString(radix);
-				repo.setNextMaxSerial(newValStr);
-				cs.putString(nextEndConfig, newValStr);
-				beginNum = endNum2.subtract(decrement).add(oneNum);
-				endNum = endNum2;
+                String newValStr = endNum2.subtract(decrement).toString(radix);
+                repo.setNextMaxSerial(newValStr);
+                cs.putString(nextEndConfig, newValStr);
+                beginNum = endNum2.subtract(decrement).add(oneNum);
+                endNum = endNum2;
             } else {
                 CMS.debug("Transferring from the end of the current range");
                 String newValStr = beginNum.subtract(oneNum).toString(radix);
@@ -204,10 +207,9 @@ public class UpdateNumberRange extends CMSServlet {
                 cs.putString(endNumConfig, newValStr);
             }
 
-
-            if( beginNum == null ) {
-                CMS.debug( "UpdateNumberRange::process() - " +
-                           "beginNum is null!" );
+            if (beginNum == null) {
+                CMS.debug("UpdateNumberRange::process() - " +
+                           "beginNum is null!");
                 auditMessage = CMS.getLogMessage(
                                    LOGGING_SIGNED_AUDIT_CONFIG_SERIAL_NUMBER,
                                    auditSubjectID,
@@ -219,7 +221,7 @@ public class UpdateNumberRange extends CMSServlet {
 
             // Enable serial number management in master for certs and requests
             if (type.equals("replicaId")) {
-               repo.setEnableSerialMgmt(true);
+                repo.setEnableSerialMgmt(true);
             }
 
             // insert info
@@ -248,7 +250,7 @@ public class UpdateNumberRange extends CMSServlet {
             audit(auditMessage);
 
         } catch (Exception e) {
-            CMS.debug("UpdateNumberRange: Failed to update number range. Exception: "+e.toString());
+            CMS.debug("UpdateNumberRange: Failed to update number range. Exception: " + e.toString());
 
             auditMessage = CMS.getLogMessage(
                                LOGGING_SIGNED_AUDIT_CONFIG_SERIAL_NUMBER,
@@ -261,14 +263,23 @@ public class UpdateNumberRange extends CMSServlet {
         }
     }
 
-    protected void setDefaultTemplates(ServletConfig sc) {}
+    protected void setDefaultTemplates(ServletConfig sc) {
+    }
 
     protected void renderTemplate(
             CMSRequest cmsReq, String templateName, ICMSTemplateFiller filler)
-        throws IOException {// do nothing
-    } 
+            throws IOException {// do nothing
+    }
 
-    protected void renderResult(CMSRequest cmsReq) throws IOException {// do nothing, ie, it will not return the default javascript.
+    protected void renderResult(CMSRequest cmsReq) throws IOException {// do
+                                                                       // nothing,
+                                                                       // ie, it
+                                                                       // will
+                                                                       // not
+                                                                       // return
+                                                                       // the
+                                                                       // default
+                                                                       // javascript.
     }
 
     /**
diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/UpdateOCSPConfig.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/UpdateOCSPConfig.java
index 2339c4c7..10161f1b 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/UpdateOCSPConfig.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/UpdateOCSPConfig.java
@@ -40,7 +40,6 @@ import com.netscape.cms.servlet.common.CMSRequest;
 import com.netscape.cms.servlet.common.ICMSTemplateFiller;
 import com.netscape.cmsutil.xml.XMLObject;
 
-
 public class UpdateOCSPConfig extends CMSServlet {
 
     /**
@@ -57,6 +56,7 @@ public class UpdateOCSPConfig extends CMSServlet {
 
     /**
      * initialize the servlet.
+     * 
      * @param sc servlet configuration, read from the web.xml file
      */
     public void init(ServletConfig sc) throws ServletException {
@@ -81,18 +81,18 @@ public class UpdateOCSPConfig extends CMSServlet {
         AuthzToken authzToken = null;
 
         try {
-            authzToken = authorize(mAclMethod, authToken, mAuthzResourceName, 
-                "modify");
+            authzToken = authorize(mAclMethod, authToken, mAuthzResourceName,
+                    "modify");
         } catch (EAuthzAccessDenied e) {
             log(ILogger.LL_FAILURE,
-                CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+                    CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
             outputError(httpResp, "Error: Not authorized");
             return;
         } catch (Exception e) {
             log(ILogger.LL_FAILURE,
-                CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+                    CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
             outputError(httpResp,
-                "Error: Encountered problem during authorization.");
+                    "Error: Encountered problem during authorization.");
             return;
         }
         if (authzToken == null) {
@@ -108,31 +108,31 @@ public class UpdateOCSPConfig extends CMSServlet {
             nickname = cs.getString("ca.subsystem.nickname", "");
             String tokenname = cs.getString("ca.subsystem.tokenname", "");
             if (!tokenname.equals("internal") && !tokenname.equals("Internal Key Storage Token"))
-                nickname = tokenname+":"+nickname;
+                nickname = tokenname + ":" + nickname;
         } catch (Exception e) {
         }
 
-        CMS.debug("UpdateOCSPConfig process: nickname="+nickname);
+        CMS.debug("UpdateOCSPConfig process: nickname=" + nickname);
 
         String ocsphost = httpReq.getParameter("ocsp_host");
         String ocspport = httpReq.getParameter("ocsp_port");
         try {
             cs.putString("ca.publish.enable", "true");
-            cs.putString("ca.publish.publisher.instance.OCSPPublisher.host", 
-              ocsphost);
-            cs.putString("ca.publish.publisher.instance.OCSPPublisher.port", 
-              ocspport);
-            cs.putString("ca.publish.publisher.instance.OCSPPublisher.nickName", 
-              nickname);
+            cs.putString("ca.publish.publisher.instance.OCSPPublisher.host",
+                    ocsphost);
+            cs.putString("ca.publish.publisher.instance.OCSPPublisher.port",
+                    ocspport);
+            cs.putString("ca.publish.publisher.instance.OCSPPublisher.nickName",
+                    nickname);
             cs.putString("ca.publish.publisher.instance.OCSPPublisher.path",
-              "/ocsp/agent/ocsp/addCRL");
+                    "/ocsp/agent/ocsp/addCRL");
             cs.putString("ca.publish.publisher.instance.OCSPPublisher.pluginName", "OCSPPublisher");
             cs.putString("ca.publish.publisher.instance.OCSPPublisher.enableClientAuth", "true");
             cs.putString("ca.publish.rule.instance.ocsprule.enable", "true");
             cs.putString("ca.publish.rule.instance.ocsprule.mapper", "NoMap");
             cs.putString("ca.publish.rule.instance.ocsprule.pluginName", "Rule");
-            cs.putString("ca.publish.rule.instance.ocsprule.publisher", 
-              "OCSPPublisher");
+            cs.putString("ca.publish.rule.instance.ocsprule.publisher",
+                    "OCSPPublisher");
             cs.putString("ca.publish.rule.instance.ocsprule.type", "crl");
             cs.commit(false);
             // insert info
@@ -147,19 +147,28 @@ public class UpdateOCSPConfig extends CMSServlet {
 
             outputResult(httpResp, "application/xml", cb);
         } catch (Exception e) {
-            CMS.debug("UpdateOCSPConfig: Failed to update OCSP configuration. Exception: "+e.toString());
+            CMS.debug("UpdateOCSPConfig: Failed to update OCSP configuration. Exception: " + e.toString());
             outputError(httpResp, "Error: Failed to update OCSP configuration.");
         }
     }
 
-    protected void setDefaultTemplates(ServletConfig sc) {}
+    protected void setDefaultTemplates(ServletConfig sc) {
+    }
 
     protected void renderTemplate(
             CMSRequest cmsReq, String templateName, ICMSTemplateFiller filler)
-        throws IOException {// do nothing
-    } 
+            throws IOException {// do nothing
+    }
 
-    protected void renderResult(CMSRequest cmsReq) throws IOException {// do nothing, ie, it will not return the default javascript.
+    protected void renderResult(CMSRequest cmsReq) throws IOException {// do
+                                                                       // nothing,
+                                                                       // ie, it
+                                                                       // will
+                                                                       // not
+                                                                       // return
+                                                                       // the
+                                                                       // default
+                                                                       // javascript.
     }
 
     /**
diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/WelcomePanel.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/WelcomePanel.java
index 7b1c9959..4224c4eb 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/WelcomePanel.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/WelcomePanel.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.servlet.csadmin;
 
-
 import java.io.IOException;
 
 import javax.servlet.ServletConfig;
@@ -35,13 +34,14 @@ import com.netscape.cms.servlet.wizard.WizardServlet;
 
 public class WelcomePanel extends WizardPanelBase {
 
-    public WelcomePanel() {}
+    public WelcomePanel() {
+    }
 
     /**
      * Initializes this panel.
      */
-    public void init(WizardServlet servlet, ServletConfig config, int panelno, String id) 
-        throws ServletException {
+    public void init(WizardServlet servlet, ServletConfig config, int panelno, String id)
+            throws ServletException {
         setPanelNo(panelno);
         setName("Welcome");
         setId(id);
@@ -52,19 +52,20 @@ public class WelcomePanel extends WizardPanelBase {
         cs.putBoolean("preop.welcome.done", false);
     }
 
-    public boolean isPanelDone() { 
+    public boolean isPanelDone() {
         IConfigStore cs = CMS.getConfigStore();
         try {
             return cs.getBoolean("preop.welcome.done");
-        } catch (EBaseException e) {}
+        } catch (EBaseException e) {
+        }
         return false;
     }
 
     public PropertySet getUsage() {
         PropertySet set = new PropertySet();
-                                                                                
+
         /* XXX */
-                                                                                
+
         return set;
     }
 
@@ -80,7 +81,7 @@ public class WelcomePanel extends WizardPanelBase {
         try {
             context.put("cstype", cs.getString("cs.type"));
             context.put("wizardname", cs.getString("preop.wizard.name"));
-            context.put("panelname", 
+            context.put("panelname",
                     cs.getString("preop.system.fullname") + " Configuration Wizard");
             context.put("systemname",
                     cs.getString("preop.system.name"));
@@ -90,7 +91,8 @@ public class WelcomePanel extends WizardPanelBase {
                     cs.getString("preop.product.name"));
             context.put("productversion",
                     cs.getString("preop.product.version"));
-        } catch (EBaseException e) {}
+        } catch (EBaseException e) {
+        }
         context.put("panel", "admin/console/config/welcomepanel.vm");
     }
 
@@ -112,7 +114,8 @@ public class WelcomePanel extends WizardPanelBase {
         try {
             cs.putBoolean("preop.welcome.done", true);
             cs.commit(false);
-        } catch (EBaseException e) {}
+        } catch (EBaseException e) {
+        }
     }
 
     /**
@@ -120,5 +123,6 @@ public class WelcomePanel extends WizardPanelBase {
      */
     public void displayError(HttpServletRequest request,
             HttpServletResponse response,
-            Context context) {/* This should never be called */}
+            Context context) {/* This should never be called */
+    }
 }
diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/WelcomeServlet.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/WelcomeServlet.java
index 06eb63ff..f5a96bc8 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/WelcomeServlet.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/WelcomeServlet.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.servlet.csadmin;
 
-
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
@@ -25,7 +24,6 @@ import org.apache.velocity.Template;
 import org.apache.velocity.app.Velocity;
 import org.apache.velocity.context.Context;
 
-
 public class WelcomeServlet extends BaseServlet {
 
     /**
diff --git a/pki/base/common/src/com/netscape/cms/servlet/csadmin/WizardPanelBase.java b/pki/base/common/src/com/netscape/cms/servlet/csadmin/WizardPanelBase.java
index a2a7d5df..70b427e5 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/csadmin/WizardPanelBase.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/csadmin/WizardPanelBase.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.servlet.csadmin;
 
-
 import java.io.ByteArrayInputStream;
 import java.io.IOException;
 import java.net.ConnectException;
@@ -79,8 +78,8 @@ public class WizardPanelBase implements IWizardPanel {
     public static final String PRE_CONF_AGENT_GROUP = "preop.admin.group";
 
     /**
-     * Definition for "preop" static variables in CS.cfg
-     * -- "preop" config parameters should not assumed to exist after configuation
+     * Definition for "preop" static variables in CS.cfg -- "preop" config
+     * parameters should not assumed to exist after configuation
      */
 
     public static final String PRE_CONF_CA_TOKEN = "preop.module.token";
@@ -95,15 +94,13 @@ public class WizardPanelBase implements IWizardPanel {
     /**
      * Initializes this panel.
      */
-    public void init(ServletConfig config, int panelno) 
-        throws ServletException 
-    {
+    public void init(ServletConfig config, int panelno)
+            throws ServletException {
         mPanelNo = panelno;
     }
 
-    public void init(WizardServlet servlet, ServletConfig config, int panelno, String id) 
-        throws ServletException 
-    {
+    public void init(WizardServlet servlet, ServletConfig config, int panelno, String id)
+            throws ServletException {
         mPanelNo = panelno;
     }
 
@@ -142,7 +139,7 @@ public class WizardPanelBase implements IWizardPanel {
 
         return set;
     }
-   
+
     /**
      * Should we skip this panel?
      */
@@ -187,7 +184,8 @@ public class WizardPanelBase implements IWizardPanel {
      */
     public void display(HttpServletRequest request,
             HttpServletResponse response,
-            Context context) {}
+            Context context) {
+    }
 
     /**
      * Checks if the given parameters are valid.
@@ -202,14 +200,16 @@ public class WizardPanelBase implements IWizardPanel {
      */
     public void update(HttpServletRequest request,
             HttpServletResponse response,
-            Context context) throws IOException {}
+            Context context) throws IOException {
+    }
 
     /**
      * If validiate() returns false, this method will be called.
      */
     public void displayError(HttpServletRequest request,
             HttpServletResponse response,
-            Context context) {}
+            Context context) {
+    }
 
     /**
      * Retrieves locale based on the request.
@@ -233,7 +233,8 @@ public class WizardPanelBase implements IWizardPanel {
 
         try {
             instanceID = config.getString("instanceId", "");
-        } catch (Exception e) {}
+        } catch (Exception e) {
+        }
 
         String nickname = certTag + "Cert cert-" + instanceID;
         String preferredNickname = null;
@@ -241,7 +242,8 @@ public class WizardPanelBase implements IWizardPanel {
         try {
             preferredNickname = config.getString(
                     PCERT_PREFIX + certTag + ".nickname", null);
-        } catch (Exception e) {}
+        } catch (Exception e) {
+        }
 
         if (preferredNickname != null) {
             nickname = preferredNickname;
@@ -250,7 +252,7 @@ public class WizardPanelBase implements IWizardPanel {
     }
 
     public void updateDomainXML(String hostname, int port, boolean https,
-      String servlet, String uri) throws IOException {
+            String servlet, String uri) throws IOException {
         CMS.debug("WizardPanelBase updateDomainXML start hostname=" + hostname + " port=" + port);
         IConfigStore cs = CMS.getConfigStore();
         String nickname = "";
@@ -258,17 +260,18 @@ public class WizardPanelBase implements IWizardPanel {
         try {
             nickname = cs.getString("preop.cert.subsystem.nickname", "");
             tokenname = cs.getString("preop.module.token", "");
-        } catch (Exception e) {}
+        } catch (Exception e) {
+        }
 
         if (!tokenname.equals("") &&
-            !tokenname.equals("Internal Key Storage Token") &&
-            !tokenname.equals("internal")) {
-              nickname = tokenname+":"+nickname;
+                !tokenname.equals("Internal Key Storage Token") &&
+                !tokenname.equals("internal")) {
+            nickname = tokenname + ":" + nickname;
         }
 
         CMS.debug("WizardPanelBase updateDomainXML nickname=" + nickname);
         CMS.debug("WizardPanelBase: start sending updateDomainXML request");
-        String c = getHttpResponse(hostname, port, https, servlet, uri, nickname); 
+        String c = getHttpResponse(hostname, port, https, servlet, uri, nickname);
         CMS.debug("WizardPanelBase: done sending updateDomainXML request");
 
         if (c != null) {
@@ -278,9 +281,9 @@ public class WizardPanelBase implements IWizardPanel {
                 try {
                     obj = new XMLObject(bis);
                 } catch (Exception e) {
-                    CMS.debug( "WizardPanelBase::updateDomainXML() - "
-                             + "Exception="+e.toString() );
-                    throw new IOException( e.toString() );
+                    CMS.debug("WizardPanelBase::updateDomainXML() - "
+                             + "Exception=" + e.toString());
+                    throw new IOException(e.toString());
                 }
 
                 String status = obj.getValue("Status");
@@ -291,7 +294,7 @@ public class WizardPanelBase implements IWizardPanel {
                 } else {
                     String error = obj.getValue("Error");
                     throw new IOException(error);
-                } 
+                }
             } catch (IOException e) {
                 CMS.debug("WizardPanelBase: updateDomainXML: " + e.toString());
                 throw e;
@@ -302,8 +305,8 @@ public class WizardPanelBase implements IWizardPanel {
         }
     }
 
-    public int getSubsystemCount( String hostname, int https_admin_port,
-                                  boolean https, String type )
+    public int getSubsystemCount(String hostname, int https_admin_port,
+                                  boolean https, String type)
                                   throws IOException {
         CMS.debug("WizardPanelBase getSubsystemCount start");
         String c = getDomainXML(hostname, https_admin_port, true);
@@ -311,12 +314,12 @@ public class WizardPanelBase implements IWizardPanel {
             try {
                 ByteArrayInputStream bis = new ByteArrayInputStream(c.getBytes());
                 XMLObject obj = new XMLObject(bis);
-                String containerName = type+"List";
+                String containerName = type + "List";
                 Node n = obj.getContainer(containerName);
                 NodeList nlist = n.getChildNodes();
                 String countS = "";
-                for (int i=0; i<nlist.getLength(); i++) {
-                    Element nn = (Element)nlist.item(i);
+                for (int i = 0; i < nlist.getLength(); i++) {
+                    Element nn = (Element) nlist.item(i);
                     String tagname = nn.getTagName();
                     if (tagname.equals("SubsystemCount")) {
                         NodeList nlist1 = nn.getChildNodes();
@@ -325,7 +328,7 @@ public class WizardPanelBase implements IWizardPanel {
                         break;
                     }
                 }
-                CMS.debug("WizardPanelBase getSubsystemCount: SubsystemCount="+countS);
+                CMS.debug("WizardPanelBase getSubsystemCount: SubsystemCount=" + countS);
                 int num = 0;
 
                 if (countS != null && !countS.equals("")) {
@@ -337,7 +340,7 @@ public class WizardPanelBase implements IWizardPanel {
 
                 return num;
             } catch (Exception e) {
-                CMS.debug("WizardPanelBase: getSubsystemCount: "+e.toString());
+                CMS.debug("WizardPanelBase: getSubsystemCount: " + e.toString());
                 throw new IOException(e.toString());
             }
         }
@@ -345,12 +348,12 @@ public class WizardPanelBase implements IWizardPanel {
         return -1;
     }
 
-    public String getDomainXML( String hostname, int https_admin_port,
-                               boolean https ) 
+    public String getDomainXML(String hostname, int https_admin_port,
+                               boolean https)
                                throws IOException {
         CMS.debug("WizardPanelBase getDomainXML start");
-        String c = getHttpResponse( hostname, https_admin_port, https,
-                                    "/ca/admin/ca/getDomainXML", null, null );
+        String c = getHttpResponse(hostname, https_admin_port, https,
+                                    "/ca/admin/ca/getDomainXML", null, null);
         if (c != null) {
             try {
                 ByteArrayInputStream bis = new ByteArrayInputStream(c.getBytes());
@@ -359,9 +362,9 @@ public class WizardPanelBase implements IWizardPanel {
                 try {
                     parser = new XMLObject(bis);
                 } catch (Exception e) {
-                    CMS.debug( "WizardPanelBase::getDomainXML() - "
-                             + "Exception="+e.toString() );
-                    throw new IOException( e.toString() );
+                    CMS.debug("WizardPanelBase::getDomainXML() - "
+                             + "Exception=" + e.toString());
+                    throw new IOException(e.toString());
                 }
 
                 String status = parser.getValue("Status");
@@ -374,12 +377,12 @@ public class WizardPanelBase implements IWizardPanel {
                     CMS.debug(
                             "WizardPanelBase getDomainXML: domainInfo="
                                     + domainInfo);
-                    return domainInfo; 
+                    return domainInfo;
                 } else {
                     String error = parser.getValue("Error");
 
                     throw new IOException(error);
-                } 
+                }
             } catch (IOException e) {
                 CMS.debug("WizardPanelBase: getDomainXML: " + e.toString());
                 throw e;
@@ -392,29 +395,29 @@ public class WizardPanelBase implements IWizardPanel {
         return null;
     }
 
-    public String getSubsystemCert(String host, int port, boolean https) 
-      throws IOException {
+    public String getSubsystemCert(String host, int port, boolean https)
+            throws IOException {
         CMS.debug("WizardPanelBase getSubsystemCert start");
-        String c = getHttpResponse(host, port, https, 
-          "/ca/admin/ca/getSubsystemCert", null, null);
+        String c = getHttpResponse(host, port, https,
+                "/ca/admin/ca/getSubsystemCert", null, null);
         if (c != null) {
             try {
-                ByteArrayInputStream bis = 
-                  new ByteArrayInputStream(c.getBytes());
+                ByteArrayInputStream bis =
+                        new ByteArrayInputStream(c.getBytes());
                 XMLObject parser = null;
                 try {
                     parser = new XMLObject(bis);
                 } catch (Exception e) {
-                    CMS.debug( "WizardPanelBase::getSubsystemCert() - "
-                             + "Exception="+e.toString() );
-                    throw new IOException( e.toString() );
+                    CMS.debug("WizardPanelBase::getSubsystemCert() - "
+                             + "Exception=" + e.toString());
+                    throw new IOException(e.toString());
                 }
                 String status = parser.getValue("Status");
                 if (status.equals(SUCCESS)) {
                     String s = parser.getValue("Cert");
                     return s;
                 } else
-                    return null; 
+                    return null;
             } catch (Exception e) {
             }
         }
@@ -423,10 +426,10 @@ public class WizardPanelBase implements IWizardPanel {
     }
 
     public void updateConnectorInfo(String host, int port, boolean https,
-      String content) throws IOException {
+            String content) throws IOException {
         CMS.debug("WizardPanelBase updateConnectorInfo start");
-        String c = getHttpResponse(host, port, https, 
-          "/ca/admin/ca/updateConnector", content, null);
+        String c = getHttpResponse(host, port, https,
+                "/ca/admin/ca/updateConnector", content, null);
         if (c != null) {
             try {
                 ByteArrayInputStream bis = new ByteArrayInputStream(c.getBytes());
@@ -435,9 +438,9 @@ public class WizardPanelBase implements IWizardPanel {
                 try {
                     parser = new XMLObject(bis);
                 } catch (Exception e) {
-                    CMS.debug( "WizardPanelBase::updateConnectorInfo() - "
-                             + "Exception="+e.toString() );
-                    throw new IOException( e.toString() );
+                    CMS.debug("WizardPanelBase::updateConnectorInfo() - "
+                             + "Exception=" + e.toString());
+                    throw new IOException(e.toString());
                 }
 
                 String status = parser.getValue("Status");
@@ -447,7 +450,7 @@ public class WizardPanelBase implements IWizardPanel {
                 if (!status.equals(SUCCESS)) {
                     String error = parser.getValue("Error");
                     throw new IOException(error);
-                } 
+                }
             } catch (IOException e) {
                 CMS.debug("WizardPanelBase: updateConnectorInfo: " + e.toString());
                 throw e;
@@ -458,16 +461,16 @@ public class WizardPanelBase implements IWizardPanel {
         }
     }
 
-    public String getCertChainUsingSecureAdminPort( String hostname,
+    public String getCertChainUsingSecureAdminPort(String hostname,
                                                     int https_admin_port,
                                                     boolean https,
                                                     ConfigCertApprovalCallback
-                                                    certApprovalCallback )
+                                                    certApprovalCallback)
                                                     throws IOException {
         CMS.debug("WizardPanelBase getCertChainUsingSecureAdminPort start");
-        String c = getHttpResponse( hostname, https_admin_port, https,
+        String c = getHttpResponse(hostname, https_admin_port, https,
                                     "/ca/admin/ca/getCertChain", null, null,
-                                    certApprovalCallback );
+                                    certApprovalCallback);
 
         if (c != null) {
             try {
@@ -477,9 +480,9 @@ public class WizardPanelBase implements IWizardPanel {
                 try {
                     parser = new XMLObject(bis);
                 } catch (Exception e) {
-                    CMS.debug( "WizardPanelBase::getCertChainUsingSecureAdminPort() - "
-                             + "Exception="+e.toString() );
-                    throw new IOException( e.toString() );
+                    CMS.debug("WizardPanelBase::getCertChainUsingSecureAdminPort() - "
+                             + "Exception=" + e.toString());
+                    throw new IOException(e.toString());
                 }
 
                 String status = parser.getValue("Status");
@@ -493,12 +496,12 @@ public class WizardPanelBase implements IWizardPanel {
                     CMS.debug(
                             "WizardPanelBase getCertChainUsingSecureAdminPort: certchain="
                                     + certchain);
-                    return certchain; 
+                    return certchain;
                 } else {
                     String error = parser.getValue("Error");
 
                     throw new IOException(error);
-                } 
+                }
             } catch (IOException e) {
                 CMS.debug("WizardPanelBase: getCertChainUsingSecureAdminPort: " + e.toString());
                 throw e;
@@ -511,16 +514,16 @@ public class WizardPanelBase implements IWizardPanel {
         return null;
     }
 
-    public String getCertChainUsingSecureEEPort( String hostname,
+    public String getCertChainUsingSecureEEPort(String hostname,
                                                  int https_ee_port,
                                                  boolean https,
                                                  ConfigCertApprovalCallback
-                                                 certApprovalCallback )
+                                                 certApprovalCallback)
                                                  throws IOException {
         CMS.debug("WizardPanelBase getCertChainUsingSecureEEPort start");
-        String c = getHttpResponse( hostname, https_ee_port, https,
+        String c = getHttpResponse(hostname, https_ee_port, https,
                                     "/ca/ee/ca/getCertChain", null, null,
-                                    certApprovalCallback );
+                                    certApprovalCallback);
 
         if (c != null) {
             try {
@@ -530,9 +533,9 @@ public class WizardPanelBase implements IWizardPanel {
                 try {
                     parser = new XMLObject(bis);
                 } catch (Exception e) {
-                    CMS.debug( "WizardPanelBase::getCertChainUsingSecureEEPort() - "
-                             + "Exception="+e.toString() );
-                    throw new IOException( e.toString() );
+                    CMS.debug("WizardPanelBase::getCertChainUsingSecureEEPort() - "
+                             + "Exception=" + e.toString());
+                    throw new IOException(e.toString());
                 }
 
                 String status = parser.getValue("Status");
@@ -546,12 +549,12 @@ public class WizardPanelBase implements IWizardPanel {
                     CMS.debug(
                             "WizardPanelBase getCertChainUsingSecureEEPort: certchain="
                                     + certchain);
-                    return certchain; 
+                    return certchain;
                 } else {
                     String error = parser.getValue("Error");
 
                     throw new IOException(error);
-                } 
+                }
             } catch (IOException e) {
                 CMS.debug("WizardPanelBase: getCertChainUsingSecureEEPort: " + e.toString());
                 throw e;
@@ -565,8 +568,8 @@ public class WizardPanelBase implements IWizardPanel {
     }
 
     public boolean updateConfigEntries(String hostname, int port, boolean https,
-      String servlet, String uri, IConfigStore config, 
-      HttpServletResponse response) throws IOException {
+            String servlet, String uri, IConfigStore config,
+            HttpServletResponse response) throws IOException {
         CMS.debug("WizardPanelBase updateConfigEntries start");
         String c = getHttpResponse(hostname, port, https, servlet, uri, null);
 
@@ -578,9 +581,9 @@ public class WizardPanelBase implements IWizardPanel {
                 try {
                     parser = new XMLObject(bis);
                 } catch (Exception e) {
-                    CMS.debug( "WizardPanelBase::updateConfigEntries() - "
-                             + "Exception="+e.toString() );
-                    throw new IOException( e.toString() );
+                    CMS.debug("WizardPanelBase::updateConfigEntries() - "
+                             + "Exception=" + e.toString());
+                    throw new IOException(e.toString());
                 }
 
                 String status = parser.getValue("Status");
@@ -594,11 +597,11 @@ public class WizardPanelBase implements IWizardPanel {
                     } catch (Exception e) {
                         CMS.debug("WizardPanelBase::updateConfigEntries() - unable to get cs.type: " + e.toString());
                     }
-              
-                    Document doc = parser.getDocument(); 
+
+                    Document doc = parser.getDocument();
                     NodeList list = doc.getElementsByTagName("name");
                     int len = list.getLength();
-                    for (int i=0; i<len; i++) {
+                    for (int i = 0; i < len; i++) {
                         Node n = list.item(i);
                         NodeList nn = n.getChildNodes();
                         String name = nn.item(0).getNodeValue();
@@ -606,14 +609,14 @@ public class WizardPanelBase implements IWizardPanel {
                         nn = parent.getChildNodes();
                         int len1 = nn.getLength();
                         String v = "";
-                        for (int j=0; j<len1; j++) {
+                        for (int j = 0; j < len1; j++) {
                             Node nv = nn.item(j);
                             String val = nv.getNodeName();
                             if (val.equals("value")) {
                                 NodeList n2 = nv.getChildNodes();
                                 if (n2.getLength() > 0)
-                                    v = n2.item(0).getNodeValue(); 
-                                break;    
+                                    v = n2.item(0).getNodeValue();
+                                break;
                             }
                         }
 
@@ -625,7 +628,7 @@ public class WizardPanelBase implements IWizardPanel {
                             config.putString("preop.internaldb.master.binddn", v);
                         } else if (name.equals("internaldb.basedn")) {
                             config.putString(name, v);
-                            config.putString("preop.internaldb.master.basedn", v); 
+                            config.putString("preop.internaldb.master.basedn", v);
                         } else if (name.equals("internaldb.ldapauth.password")) {
                             config.putString("preop.internaldb.master.bindpwd", v);
                         } else if (name.equals("internaldb.replication.password")) {
@@ -649,7 +652,7 @@ public class WizardPanelBase implements IWizardPanel {
                             config.putString("preop.master.storage.nickname", v);
                             config.putString("kra.storageUnit.nickName", v);
                             config.putString("preop.cert.storage.nickname", v);
-                        } else if  (name.equals("cloning.audit_signing.nickname")) {
+                        } else if (name.equals("cloning.audit_signing.nickname")) {
                             config.putString("preop.master.audit_signing.nickname", v);
                             config.putString("preop.cert.audit_signing.nickname", v);
                             config.putString(name, v);
@@ -686,7 +689,7 @@ public class WizardPanelBase implements IWizardPanel {
                     String error = parser.getValue("Error");
 
                     throw new IOException(error);
-                } 
+                }
             } catch (IOException e) {
                 CMS.debug("WizardPanelBase: updateConfigEntries: " + e.toString());
                 throw e;
@@ -713,9 +716,9 @@ public class WizardPanelBase implements IWizardPanel {
                 try {
                     parser = new XMLObject(bis);
                 } catch (Exception e) {
-                    CMS.debug( "WizardPanelBase::authenticate() - "
-                             + "Exception="+e.toString() );
-                    throw new IOException( e.toString() );
+                    CMS.debug("WizardPanelBase::authenticate() - "
+                             + "Exception=" + e.toString());
+                    throw new IOException(e.toString());
                 }
 
                 String status = parser.getValue("Status");
@@ -729,7 +732,7 @@ public class WizardPanelBase implements IWizardPanel {
                 } else {
                     String error = parser.getValue("Error");
                     return false;
-                } 
+                }
             } catch (Exception e) {
                 CMS.debug("WizardPanelBase: authenticate: " + e.toString());
                 throw new IOException(e.toString());
@@ -739,12 +742,12 @@ public class WizardPanelBase implements IWizardPanel {
         return false;
     }
 
-    public void updateOCSPConfig(String hostname, int port, boolean https, 
-        String content, HttpServletResponse response) 
-      throws IOException {
+    public void updateOCSPConfig(String hostname, int port, boolean https,
+            String content, HttpServletResponse response)
+            throws IOException {
         CMS.debug("WizardPanelBase updateOCSPConfig start");
-        String c = getHttpResponse(hostname, port, https, 
-          "/ca/ee/ca/updateOCSPConfig", content, null);
+        String c = getHttpResponse(hostname, port, https,
+                "/ca/ee/ca/updateOCSPConfig", content, null);
         if (c == null || c.equals("")) {
             CMS.debug("WizardPanelBase updateOCSPConfig: content is null.");
             throw new IOException("The server you want to contact is not available");
@@ -756,9 +759,9 @@ public class WizardPanelBase implements IWizardPanel {
                 try {
                     parser = new XMLObject(bis);
                 } catch (Exception e) {
-                    CMS.debug( "WizardPanelBase::updateOCSPConfig() - "
-                             + "Exception="+e.toString() );
-                    throw new IOException( e.toString() );
+                    CMS.debug("WizardPanelBase::updateOCSPConfig() - "
+                             + "Exception=" + e.toString());
+                    throw new IOException(e.toString());
                 }
 
                 String status = parser.getValue("Status");
@@ -774,7 +777,7 @@ public class WizardPanelBase implements IWizardPanel {
                     String error = parser.getValue("Error");
 
                     throw new IOException(error);
-                } 
+                }
             } catch (IOException e) {
                 CMS.debug("WizardPanelBase updateOCSPConfig: " + e.toString());
                 throw e;
@@ -785,10 +788,10 @@ public class WizardPanelBase implements IWizardPanel {
         }
     }
 
-    public void updateNumberRange(String hostname, int port, boolean https, 
-        String content, String type, HttpServletResponse response) 
-      throws IOException {
-        CMS.debug("WizardPanelBase updateNumberRange start host=" + hostname + 
+    public void updateNumberRange(String hostname, int port, boolean https,
+            String content, String type, HttpServletResponse response)
+            throws IOException {
+        CMS.debug("WizardPanelBase updateNumberRange start host=" + hostname +
                                 " port=" + port);
         IConfigStore cs = CMS.getConfigStore();
         String cstype = "";
@@ -798,13 +801,13 @@ public class WizardPanelBase implements IWizardPanel {
         }
 
         cstype = toLowerCaseSubsystemType(cstype);
-        String c = getHttpResponse(hostname, port, https, 
-          "/"+cstype+"/ee/"+cstype+"/updateNumberRange", content, null);
+        String c = getHttpResponse(hostname, port, https,
+                "/" + cstype + "/ee/" + cstype + "/updateNumberRange", content, null);
         if (c == null || c.equals("")) {
             CMS.debug("WizardPanelBase updateNumberRange: content is null.");
             throw new IOException("The server you want to contact is not available");
         } else {
-            CMS.debug("content="+c);
+            CMS.debug("content=" + c);
             try {
                 ByteArrayInputStream bis = new ByteArrayInputStream(c.getBytes());
                 XMLObject parser = null;
@@ -812,9 +815,9 @@ public class WizardPanelBase implements IWizardPanel {
                 try {
                     parser = new XMLObject(bis);
                 } catch (Exception e) {
-                    CMS.debug( "WizardPanelBase::updateNumberRange() - "
-                             + "Exception="+e.toString() );
-                    throw new IOException( e.toString() );
+                    CMS.debug("WizardPanelBase::updateNumberRange() - "
+                             + "Exception=" + e.toString());
+                    throw new IOException(e.toString());
                 }
 
                 String status = parser.getValue("Status");
@@ -843,7 +846,7 @@ public class WizardPanelBase implements IWizardPanel {
                     String error = parser.getValue("Error");
 
                     throw new IOException(error);
-                } 
+                }
             } catch (IOException e) {
                 CMS.debug("WizardPanelBase: updateNumberRange: " + e.toString());
                 CMS.debug(e);
@@ -856,9 +859,9 @@ public class WizardPanelBase implements IWizardPanel {
         }
     }
 
-    public int getPort(String hostname, int port, boolean https, 
-            String portServlet, boolean sport) 
-        throws IOException {
+    public int getPort(String hostname, int port, boolean https,
+            String portServlet, boolean sport)
+            throws IOException {
         CMS.debug("WizardPanelBase getPort start");
         String c = getHttpResponse(hostname, port, https, portServlet,
                 "secure=" + sport, null);
@@ -871,9 +874,9 @@ public class WizardPanelBase implements IWizardPanel {
                 try {
                     parser = new XMLObject(bis);
                 } catch (Exception e) {
-                    CMS.debug( "WizardPanelBase::getPort() - "
-                             + "Exception="+e.toString() );
-                    throw new IOException( e.toString() );
+                    CMS.debug("WizardPanelBase::getPort() - "
+                             + "Exception=" + e.toString());
+                    throw new IOException(e.toString());
                 }
 
                 String status = parser.getValue("Status");
@@ -889,7 +892,7 @@ public class WizardPanelBase implements IWizardPanel {
                     String error = parser.getValue("Error");
 
                     throw new IOException(error);
-                } 
+                }
             } catch (IOException e) {
                 CMS.debug("WizardPanelBase: getPort: " + e.toString());
                 throw e;
@@ -903,14 +906,14 @@ public class WizardPanelBase implements IWizardPanel {
     }
 
     public String getHttpResponse(String hostname, int port, boolean secure,
-      String uri, String content, String clientnickname) throws IOException {
+            String uri, String content, String clientnickname) throws IOException {
         return getHttpResponse(hostname, port, secure, uri, content, clientnickname, null);
     }
 
-    public String getHttpResponse(String hostname, int port, boolean secure, 
-      String uri, String content, String clientnickname, 
-      SSLCertificateApprovalCallback certApprovalCallback) 
-      throws IOException {
+    public String getHttpResponse(String hostname, int port, boolean secure,
+            String uri, String content, String clientnickname,
+            SSLCertificateApprovalCallback certApprovalCallback)
+            throws IOException {
         HttpClient httpclient = null;
         String c = null;
 
@@ -960,8 +963,8 @@ public class WizardPanelBase implements IWizardPanel {
         return c;
     }
 
-    public boolean isSDHostDomainMaster (IConfigStore config) {
-        String dm="false";
+    public boolean isSDHostDomainMaster(IConfigStore config) {
+        String dm = "false";
         try {
             String hostname = config.getString("securitydomain.host");
             int httpsadminport = config.getInteger("securitydomain.httpsadminport");
@@ -971,40 +974,40 @@ public class WizardPanelBase implements IWizardPanel {
 
             CMS.debug("Getting DomainMaster from security domain");
 
-            ByteArrayInputStream bis = new ByteArrayInputStream( c.getBytes() );
-            XMLObject parser = new XMLObject( bis );
+            ByteArrayInputStream bis = new ByteArrayInputStream(c.getBytes());
+            XMLObject parser = new XMLObject(bis);
             Document doc = parser.getDocument();
-            NodeList nodeList = doc.getElementsByTagName( "CA" );
+            NodeList nodeList = doc.getElementsByTagName("CA");
 
             int len = nodeList.getLength();
-            for( int i = 0; i < len; i++ ) {
+            for (int i = 0; i < len; i++) {
                 Vector v_hostname =
-                       parser.getValuesFromContainer( nodeList.item(i),
-                                                      "Host" );
+                        parser.getValuesFromContainer(nodeList.item(i),
+                                                      "Host");
 
                 Vector v_https_admin_port =
-                       parser.getValuesFromContainer( nodeList.item(i),
-                                                      "SecureAdminPort" );
+                        parser.getValuesFromContainer(nodeList.item(i),
+                                                      "SecureAdminPort");
 
                 Vector v_domain_mgr =
-                       parser.getValuesFromContainer( nodeList.item(i),
-                                                      "DomainManager" );
+                        parser.getValuesFromContainer(nodeList.item(i),
+                                                      "DomainManager");
 
-                if( v_hostname.elementAt( 0 ).equals( hostname ) &&
-                    v_https_admin_port.elementAt( 0 ).equals( Integer.toString(httpsadminport) ) ) {
-                    dm = v_domain_mgr.elementAt( 0 ).toString();
+                if (v_hostname.elementAt(0).equals(hostname) &&
+                        v_https_admin_port.elementAt(0).equals(Integer.toString(httpsadminport))) {
+                    dm = v_domain_mgr.elementAt(0).toString();
                     break;
                 }
             }
         } catch (Exception e) {
-            CMS.debug( e.toString() );
+            CMS.debug(e.toString());
         }
         return dm.equalsIgnoreCase("true");
     }
- 
-    public Vector getMasterUrlListFromSecurityDomain( IConfigStore config,
+
+    public Vector getMasterUrlListFromSecurityDomain(IConfigStore config,
                                                       String type,
-                                                      String portType ) {
+                                                      String portType) {
         Vector v = new Vector();
 
         try {
@@ -1026,13 +1029,13 @@ public class WizardPanelBase implements IWizardPanel {
                 list = "TKSList";
             }
 
-            CMS.debug( "Getting " + portType + " from Security Domain ..." );
-            if( !portType.equals( "UnSecurePort" )    &&
-                !portType.equals( "SecureAgentPort" ) &&
-                !portType.equals( "SecurePort" )      &&
-                !portType.equals( "SecureAdminPort" ) ) {
-                CMS.debug( "getPortFromSecurityDomain:  " +
-                           "unknown port type " + portType );
+            CMS.debug("Getting " + portType + " from Security Domain ...");
+            if (!portType.equals("UnSecurePort") &&
+                    !portType.equals("SecureAgentPort") &&
+                    !portType.equals("SecurePort") &&
+                    !portType.equals("SecureAdminPort")) {
+                CMS.debug("getPortFromSecurityDomain:  " +
+                           "unknown port type " + portType);
                 return v;
             }
 
@@ -1050,8 +1053,8 @@ public class WizardPanelBase implements IWizardPanel {
             CMS.debug("Len " + len);
             for (int i = 0; i < len; i++) {
                 Vector v_clone = parser.getValuesFromContainer(nodeList.item(i),
-                  "Clone");
-                String clone = (String)v_clone.elementAt(0);
+                        "Clone");
+                String clone = (String) v_clone.elementAt(0);
                 if (clone.equalsIgnoreCase("true"))
                     continue;
                 Vector v_name = parser.getValuesFromContainer(nodeList.item(i),
@@ -1061,11 +1064,11 @@ public class WizardPanelBase implements IWizardPanel {
                 Vector v_port = parser.getValuesFromContainer(nodeList.item(i),
                         portType);
 
-                v.addElement( v_name.elementAt(0)
+                v.addElement(v_name.elementAt(0)
                             + " - https://"
                             + v_host.elementAt(0)
                             + ":"
-                            + v_port.elementAt(0) );
+                            + v_port.elementAt(0));
             }
         } catch (Exception e) {
             CMS.debug(e.toString());
@@ -1074,9 +1077,9 @@ public class WizardPanelBase implements IWizardPanel {
         return v;
     }
 
-    public Vector getUrlListFromSecurityDomain( IConfigStore config,
+    public Vector getUrlListFromSecurityDomain(IConfigStore config,
                                                 String type,
-                                                String portType ) {
+                                                String portType) {
         Vector v = new Vector();
 
         try {
@@ -1098,13 +1101,13 @@ public class WizardPanelBase implements IWizardPanel {
                 list = "TKSList";
             }
 
-            CMS.debug( "Getting " + portType + " from Security Domain ..." );
-            if( !portType.equals( "UnSecurePort" )    &&
-                !portType.equals( "SecureAgentPort" ) &&
-                !portType.equals( "SecurePort" )      &&
-                !portType.equals( "SecureAdminPort" ) ) {
-                CMS.debug( "getPortFromSecurityDomain:  " +
-                           "unknown port type " + portType );
+            CMS.debug("Getting " + portType + " from Security Domain ...");
+            if (!portType.equals("UnSecurePort") &&
+                    !portType.equals("SecureAgentPort") &&
+                    !portType.equals("SecurePort") &&
+                    !portType.equals("SecureAdminPort")) {
+                CMS.debug("getPortFromSecurityDomain:  " +
+                           "unknown port type " + portType);
                 return v;
             }
 
@@ -1132,17 +1135,17 @@ public class WizardPanelBase implements IWizardPanel {
 
                 if (v_host.elementAt(0).equals(hostname) && v_admin_port.elementAt(0).equals(new Integer(httpsadminport).toString())) {
                     // add security domain CA to the beginning of list
-                    v.add( 0, v_name.elementAt(0)
+                    v.add(0, v_name.elementAt(0)
                             + " - https://"
                             + v_host.elementAt(0)
                             + ":"
-                            + v_port.elementAt(0) );
+                            + v_port.elementAt(0));
                 } else {
-                    v.addElement( v_name.elementAt(0)
+                    v.addElement(v_name.elementAt(0)
                             + " - https://"
                             + v_host.elementAt(0)
                             + ":"
-                            + v_port.elementAt(0) );
+                            + v_port.elementAt(0));
                 }
             }
         } catch (Exception e) {
@@ -1154,155 +1157,155 @@ public class WizardPanelBase implements IWizardPanel {
 
     // Given an HTTPS Hostname and EE port,
     // retrieve the associated HTTPS Admin port
-    public String getSecurityDomainAdminPort( IConfigStore config,
+    public String getSecurityDomainAdminPort(IConfigStore config,
                                               String hostname,
                                               String https_ee_port,
-                                              String cstype ) {
+                                              String cstype) {
         String https_admin_port = new String();
 
         try {
-            String sd_hostname = config.getString( "securitydomain.host" );
+            String sd_hostname = config.getString("securitydomain.host");
             int sd_httpsadminport =
-                config.getInteger( "securitydomain.httpsadminport" );
+                    config.getInteger("securitydomain.httpsadminport");
 
-            CMS.debug( "Getting domain.xml from CA ..." );
-            String c = getDomainXML( sd_hostname, sd_httpsadminport, true );
+            CMS.debug("Getting domain.xml from CA ...");
+            String c = getDomainXML(sd_hostname, sd_httpsadminport, true);
 
-            CMS.debug( "Getting associated HTTPS Admin port from " +
+            CMS.debug("Getting associated HTTPS Admin port from " +
                        "HTTPS Hostname '" + hostname +
-                       "' and EE port '" + https_ee_port + "'" );
-            ByteArrayInputStream bis = new ByteArrayInputStream( c.getBytes() );
-            XMLObject parser = new XMLObject( bis );
+                       "' and EE port '" + https_ee_port + "'");
+            ByteArrayInputStream bis = new ByteArrayInputStream(c.getBytes());
+            XMLObject parser = new XMLObject(bis);
             Document doc = parser.getDocument();
-            NodeList nodeList = doc.getElementsByTagName( cstype.toUpperCase() );
+            NodeList nodeList = doc.getElementsByTagName(cstype.toUpperCase());
 
             int len = nodeList.getLength();
-            for( int i = 0; i < len; i++ ) {
+            for (int i = 0; i < len; i++) {
                 Vector v_hostname =
-                       parser.getValuesFromContainer( nodeList.item(i),
-                                                      "Host" );
+                        parser.getValuesFromContainer(nodeList.item(i),
+                                                      "Host");
 
                 Vector v_https_ee_port =
-                       parser.getValuesFromContainer( nodeList.item(i),
-                                                      "SecurePort" );
+                        parser.getValuesFromContainer(nodeList.item(i),
+                                                      "SecurePort");
 
                 Vector v_https_admin_port =
-                       parser.getValuesFromContainer( nodeList.item(i),
-                                                      "SecureAdminPort" );
+                        parser.getValuesFromContainer(nodeList.item(i),
+                                                      "SecureAdminPort");
 
-                if( v_hostname.elementAt( 0 ).equals( hostname ) &&
-                    v_https_ee_port.elementAt( 0 ).equals( https_ee_port ) ) {
+                if (v_hostname.elementAt(0).equals(hostname) &&
+                        v_https_ee_port.elementAt(0).equals(https_ee_port)) {
                     https_admin_port =
-                                v_https_admin_port.elementAt( 0 ).toString();
+                                v_https_admin_port.elementAt(0).toString();
                     break;
                 }
             }
         } catch (Exception e) {
-            CMS.debug( e.toString() );
+            CMS.debug(e.toString());
         }
 
-        return( https_admin_port );
+        return (https_admin_port);
     }
 
-    public String getSecurityDomainPort( IConfigStore config,
-                                         String portType ) {
+    public String getSecurityDomainPort(IConfigStore config,
+                                         String portType) {
         String port = new String();
 
         try {
-            String hostname = config.getString( "securitydomain.host" );
+            String hostname = config.getString("securitydomain.host");
             int httpsadminport =
-                config.getInteger( "securitydomain.httpsadminport" );
-
-            CMS.debug( "Getting domain.xml from CA ..." );
-            String c = getDomainXML( hostname, httpsadminport, true );
-
-            CMS.debug( "Getting " + portType + " from Security Domain ..." );
-            if( !portType.equals( "UnSecurePort" )    &&
-                !portType.equals( "SecureAgentPort" ) &&
-                !portType.equals( "SecurePort" )      &&
-                !portType.equals( "SecureAdminPort" ) ) {
-                CMS.debug( "getPortFromSecurityDomain:  " +
-                           "unknown port type " + portType );
+                    config.getInteger("securitydomain.httpsadminport");
+
+            CMS.debug("Getting domain.xml from CA ...");
+            String c = getDomainXML(hostname, httpsadminport, true);
+
+            CMS.debug("Getting " + portType + " from Security Domain ...");
+            if (!portType.equals("UnSecurePort") &&
+                    !portType.equals("SecureAgentPort") &&
+                    !portType.equals("SecurePort") &&
+                    !portType.equals("SecureAdminPort")) {
+                CMS.debug("getPortFromSecurityDomain:  " +
+                           "unknown port type " + portType);
                 return "";
             }
 
-            ByteArrayInputStream bis = new ByteArrayInputStream( c.getBytes() );
-            XMLObject parser = new XMLObject( bis );
+            ByteArrayInputStream bis = new ByteArrayInputStream(c.getBytes());
+            XMLObject parser = new XMLObject(bis);
             Document doc = parser.getDocument();
-            NodeList nodeList = doc.getElementsByTagName( "CA" );
+            NodeList nodeList = doc.getElementsByTagName("CA");
 
             int len = nodeList.getLength();
-            for( int i = 0; i < len; i++ ) {
+            for (int i = 0; i < len; i++) {
                 Vector v_admin_port =
-                       parser.getValuesFromContainer( nodeList.item(i),
-                                                      "SecureAdminPort" );
+                        parser.getValuesFromContainer(nodeList.item(i),
+                                                      "SecureAdminPort");
 
                 Vector v_port = null;
-                if( portType.equals( "UnSecurePort" ) ) {
-                    v_port = parser.getValuesFromContainer( nodeList.item(i),
-                                                            "UnSecurePort" );
-                } else if( portType.equals( "SecureAgentPort" ) ) {
-                    v_port = parser.getValuesFromContainer( nodeList.item(i),
-                                                            "SecureAgentPort" );
-                } else if( portType.equals( "SecurePort" ) ) {
-                    v_port = parser.getValuesFromContainer( nodeList.item(i),
-                                                            "SecurePort" );
-                } else if( portType.equals( "SecureAdminPort" ) ) {
-                    v_port = parser.getValuesFromContainer( nodeList.item(i),
-                                                            "SecureAdminPort" );
+                if (portType.equals("UnSecurePort")) {
+                    v_port = parser.getValuesFromContainer(nodeList.item(i),
+                                                            "UnSecurePort");
+                } else if (portType.equals("SecureAgentPort")) {
+                    v_port = parser.getValuesFromContainer(nodeList.item(i),
+                                                            "SecureAgentPort");
+                } else if (portType.equals("SecurePort")) {
+                    v_port = parser.getValuesFromContainer(nodeList.item(i),
+                                                            "SecurePort");
+                } else if (portType.equals("SecureAdminPort")) {
+                    v_port = parser.getValuesFromContainer(nodeList.item(i),
+                                                            "SecureAdminPort");
                 }
 
-                if( ( v_port != null ) &&
-                    ( v_admin_port.elementAt( 0 ).equals(
-                      Integer.toString( httpsadminport ) ) ) ) {
-                    port = v_port.elementAt( 0 ).toString();
+                if ((v_port != null) &&
+                        (v_admin_port.elementAt(0).equals(
+                                Integer.toString(httpsadminport)))) {
+                    port = v_port.elementAt(0).toString();
                     break;
                 }
             }
         } catch (Exception e) {
-            CMS.debug( e.toString() );
+            CMS.debug(e.toString());
         }
 
-        return( port );
+        return (port);
     }
 
-    public String pingCS( String hostname, int port, boolean https,
-                          SSLCertificateApprovalCallback certApprovalCallback )
-        throws IOException {
-        CMS.debug( "WizardPanelBase pingCS: started" );
+    public String pingCS(String hostname, int port, boolean https,
+                          SSLCertificateApprovalCallback certApprovalCallback)
+            throws IOException {
+        CMS.debug("WizardPanelBase pingCS: started");
 
-        String c = getHttpResponse( hostname, port, https,
-                                    "/ca/admin/ca/getStatus", 
-                                    null, null, certApprovalCallback );
+        String c = getHttpResponse(hostname, port, https,
+                                    "/ca/admin/ca/getStatus",
+                                    null, null, certApprovalCallback);
 
-        if( c != null ) {
+        if (c != null) {
             try {
                 ByteArrayInputStream bis = new
-                                           ByteArrayInputStream( c.getBytes() );
+                                           ByteArrayInputStream(c.getBytes());
                 XMLObject parser = null;
                 String state = null;
 
                 try {
-                    parser = new XMLObject( bis );
-                    CMS.debug( "WizardPanelBase pingCS: got XML parsed" );
-                    state = parser.getValue( "State" );
+                    parser = new XMLObject(bis);
+                    CMS.debug("WizardPanelBase pingCS: got XML parsed");
+                    state = parser.getValue("State");
 
-                    if( state != null ) {
-                        CMS.debug( "WizardPanelBase pingCS: state=" + state );
+                    if (state != null) {
+                        CMS.debug("WizardPanelBase pingCS: state=" + state);
                     }
                 } catch (Exception e) {
-                    CMS.debug( "WizardPanelBase: pingCS: parser failed"
-                             + e.toString() );
+                    CMS.debug("WizardPanelBase: pingCS: parser failed"
+                             + e.toString());
                 }
 
                 return state;
-            } catch( Exception e ) {
-                CMS.debug( "WizardPanelBase: pingCS: " + e.toString() );
-                throw new IOException( e.toString() );
+            } catch (Exception e) {
+                CMS.debug("WizardPanelBase: pingCS: " + e.toString());
+                throw new IOException(e.toString());
             }
         }
 
-        CMS.debug( "WizardPanelBase pingCS: stopped" );
+        CMS.debug("WizardPanelBase pingCS: stopped");
         return null;
     }
 
@@ -1311,7 +1314,7 @@ public class WizardPanelBase implements IWizardPanel {
         if (s.equals("CA")) {
             x = "ca";
         } else if (s.equals("KRA")) {
-            x = "kra"; 
+            x = "kra";
         } else if (s.equals("OCSP")) {
             x = "ocsp";
         } else if (s.equals("TKS")) {
@@ -1321,14 +1324,14 @@ public class WizardPanelBase implements IWizardPanel {
         return x;
     }
 
-    public void getTokenInfo(IConfigStore config, String type, String host, 
-      int https_ee_port, boolean https, Context context, 
-      ConfigCertApprovalCallback certApprovalCallback) throws IOException {
+    public void getTokenInfo(IConfigStore config, String type, String host,
+            int https_ee_port, boolean https, Context context,
+            ConfigCertApprovalCallback certApprovalCallback) throws IOException {
         CMS.debug("WizardPanelBase getTokenInfo start");
-        String uri = "/"+type+"/ee/"+type+"/getTokenInfo";
-        CMS.debug("WizardPanelBase getTokenInfo: uri="+uri);
+        String uri = "/" + type + "/ee/" + type + "/getTokenInfo";
+        CMS.debug("WizardPanelBase getTokenInfo: uri=" + uri);
         String c = getHttpResponse(host, https_ee_port, https, uri, null, null,
-          certApprovalCallback);
+                certApprovalCallback);
         if (c != null) {
             try {
                 ByteArrayInputStream bis = new ByteArrayInputStream(c.getBytes());
@@ -1337,9 +1340,9 @@ public class WizardPanelBase implements IWizardPanel {
                 try {
                     parser = new XMLObject(bis);
                 } catch (Exception e) {
-                    CMS.debug( "WizardPanelBase::getTokenInfo() - "
-                             + "Exception="+e.toString() );
-                    throw new IOException( e.toString() );
+                    CMS.debug("WizardPanelBase::getTokenInfo() - "
+                             + "Exception=" + e.toString());
+                    throw new IOException(e.toString());
                 }
 
                 String status = parser.getValue("Status");
@@ -1350,7 +1353,7 @@ public class WizardPanelBase implements IWizardPanel {
                     Document doc = parser.getDocument();
                     NodeList list = doc.getElementsByTagName("name");
                     int len = list.getLength();
-                    for (int i=0; i<len; i++) {
+                    for (int i = 0; i < len; i++) {
                         Node n = list.item(i);
                         NodeList nn = n.getChildNodes();
                         String name = nn.item(0).getNodeValue();
@@ -1358,17 +1361,17 @@ public class WizardPanelBase implements IWizardPanel {
                         nn = parent.getChildNodes();
                         int len1 = nn.getLength();
                         String v = "";
-                        for (int j=0; j<len1; j++) {
+                        for (int j = 0; j < len1; j++) {
                             Node nv = nn.item(j);
                             String val = nv.getNodeName();
                             if (val.equals("value")) {
                                 NodeList n2 = nv.getChildNodes();
                                 if (n2.getLength() > 0)
                                     v = n2.item(0).getNodeValue();
-                                break;    
+                                break;
                             }
                         }
-                        if (name.equals("cloning.signing.nickname")) {                            
+                        if (name.equals("cloning.signing.nickname")) {
                             config.putString("preop.master.signing.nickname", v);
                             config.putString(type + ".cert.signing.nickname", v);
                             config.putString(name, v);
@@ -1406,19 +1409,20 @@ public class WizardPanelBase implements IWizardPanel {
                     }
 
                     // reset nicknames for system cert verification
-                    String token = config.getString("preop.module.token", 
+                    String token = config.getString("preop.module.token",
                                                     "Internal Key Storage Token");
-                    if (! token.equals("Internal Key Storage Token")) {
+                    if (!token.equals("Internal Key Storage Token")) {
                         String certlist = config.getString("preop.cert.list");
 
                         StringTokenizer t1 = new StringTokenizer(certlist, ",");
                         while (t1.hasMoreTokens()) {
                             String tag = t1.nextToken();
-                            if (tag.equals("sslserver")) continue;
-                            config.putString(type + ".cert." + tag + ".nickname", 
-                                token + ":" + 
-                                config.getString(type + ".cert." + tag + ".nickname", ""));
-                        } 
+                            if (tag.equals("sslserver"))
+                                continue;
+                            config.putString(type + ".cert." + tag + ".nickname",
+                                    token + ":" +
+                                            config.getString(type + ".cert." + tag + ".nickname", ""));
+                        }
                     }
                 } else {
                     String error = parser.getValue("Error");
@@ -1431,7 +1435,7 @@ public class WizardPanelBase implements IWizardPanel {
                 CMS.debug("WizardPanelBase: getTokenInfo: " + e.toString());
                 throw new IOException(e.toString());
             }
-        }           
+        }
     }
 
     public void importCertChain(String id) throws IOException {
@@ -1442,31 +1446,32 @@ public class WizardPanelBase implements IWizardPanel {
 
         try {
             pkcs7 = config.getString(configName, "");
-        } catch (Exception e) {}
+        } catch (Exception e) {
+        }
 
         if (pkcs7.length() > 0) {
             try {
                 CryptoUtil.importCertificateChain(pkcs7);
             } catch (Exception e) {
-                CMS.debug("DisplayCertChainPanel importCertChain: Exception: "+e.toString());
+                CMS.debug("DisplayCertChainPanel importCertChain: Exception: " + e.toString());
             }
         }
     }
 
     public void updateCertChain(IConfigStore config, String name, String host,
-      int https_admin_port, boolean https, Context context) throws IOException {
-        updateCertChain( config, name, host, https_admin_port,
-                         https, context, null );
+            int https_admin_port, boolean https, Context context) throws IOException {
+        updateCertChain(config, name, host, https_admin_port,
+                         https, context, null);
     }
 
     public void updateCertChain(IConfigStore config, String name, String host,
-      int https_admin_port, boolean https, Context context, 
-      ConfigCertApprovalCallback certApprovalCallback) throws IOException {
-        String certchain = getCertChainUsingSecureAdminPort( host,
+            int https_admin_port, boolean https, Context context,
+            ConfigCertApprovalCallback certApprovalCallback) throws IOException {
+        String certchain = getCertChainUsingSecureAdminPort(host,
                                                              https_admin_port,
                                                              https,
-                                                             certApprovalCallback );
-        config.putString("preop."+name+".pkcs7", certchain);
+                                                             certApprovalCallback);
+        config.putString("preop." + name + ".pkcs7", certchain);
 
         byte[] decoded = CryptoUtil.base64Decode(certchain);
         java.security.cert.X509Certificate[] b_certchain = null;
@@ -1475,7 +1480,7 @@ public class WizardPanelBase implements IWizardPanel {
             b_certchain = CryptoUtil.getX509CertificateFromPKCS7(decoded);
         } catch (Exception e) {
             context.put("errorString",
-              "Failed to get the certificate chain.");
+                    "Failed to get the certificate chain.");
             return;
         }
 
@@ -1483,7 +1488,7 @@ public class WizardPanelBase implements IWizardPanel {
         if (b_certchain != null) {
             size = b_certchain.length;
         }
-        config.putInteger("preop."+name+".certchain.size", size);
+        config.putInteger("preop." + name + ".certchain.size", size);
         for (int i = 0; i < size; i++) {
             byte[] bb = null;
 
@@ -1491,11 +1496,11 @@ public class WizardPanelBase implements IWizardPanel {
                 bb = b_certchain[i].getEncoded();
             } catch (Exception e) {
                 context.put("errorString",
-                  "Failed to get the der-encoded certificate chain.");
+                        "Failed to get the der-encoded certificate chain.");
                 return;
             }
-            config.putString("preop."+name+".certchain." + i,
-              CryptoUtil.normalizeCertStr(CryptoUtil.base64Encode(bb)));
+            config.putString("preop." + name + ".certchain." + i,
+                    CryptoUtil.normalizeCertStr(CryptoUtil.base64Encode(bb)));
         }
 
         try {
@@ -1504,16 +1509,16 @@ public class WizardPanelBase implements IWizardPanel {
         }
     }
 
-    public void updateCertChainUsingSecureEEPort( IConfigStore config,
+    public void updateCertChainUsingSecureEEPort(IConfigStore config,
                                                   String name, String host,
                                                   int https_ee_port,
                                                   boolean https,
-                                                  Context context, 
-                                                  ConfigCertApprovalCallback certApprovalCallback ) throws IOException {
-        String certchain = getCertChainUsingSecureEEPort( host, https_ee_port,
+                                                  Context context,
+                                                  ConfigCertApprovalCallback certApprovalCallback) throws IOException {
+        String certchain = getCertChainUsingSecureEEPort(host, https_ee_port,
                                                           https,
                                                           certApprovalCallback);
-        config.putString("preop."+name+".pkcs7", certchain);
+        config.putString("preop." + name + ".pkcs7", certchain);
 
         byte[] decoded = CryptoUtil.base64Decode(certchain);
         java.security.cert.X509Certificate[] b_certchain = null;
@@ -1522,7 +1527,7 @@ public class WizardPanelBase implements IWizardPanel {
             b_certchain = CryptoUtil.getX509CertificateFromPKCS7(decoded);
         } catch (Exception e) {
             context.put("errorString",
-              "Failed to get the certificate chain.");
+                    "Failed to get the certificate chain.");
             return;
         }
 
@@ -1530,7 +1535,7 @@ public class WizardPanelBase implements IWizardPanel {
         if (b_certchain != null) {
             size = b_certchain.length;
         }
-        config.putInteger("preop."+name+".certchain.size", size);
+        config.putInteger("preop." + name + ".certchain.size", size);
         for (int i = 0; i < size; i++) {
             byte[] bb = null;
 
@@ -1538,11 +1543,11 @@ public class WizardPanelBase implements IWizardPanel {
                 bb = b_certchain[i].getEncoded();
             } catch (Exception e) {
                 context.put("errorString",
-                  "Failed to get the der-encoded certificate chain.");
+                        "Failed to get the der-encoded certificate chain.");
                 return;
             }
-            config.putString("preop."+name+".certchain." + i,
-              CryptoUtil.normalizeCertStr(CryptoUtil.base64Encode(bb)));
+            config.putString("preop." + name + ".certchain." + i,
+                    CryptoUtil.normalizeCertStr(CryptoUtil.base64Encode(bb)));
         }
 
         try {
@@ -1558,26 +1563,26 @@ public class WizardPanelBase implements IWizardPanel {
             CryptoStore store = tok.getCryptoStore();
             String fullnickname = nickname;
             if (!tokenname.equals("") &&
-                !tokenname.equals("Internal Key Storage Token") &&
-                !tokenname.equals("internal"))
-                  fullnickname = tokenname+":"+nickname;
+                    !tokenname.equals("Internal Key Storage Token") &&
+                    !tokenname.equals("internal"))
+                fullnickname = tokenname + ":" + nickname;
 
-            CMS.debug("WizardPanelBase deleteCert: nickname="+fullnickname);
+            CMS.debug("WizardPanelBase deleteCert: nickname=" + fullnickname);
             org.mozilla.jss.crypto.X509Certificate cert = cm.findCertByNickname(fullnickname);
 
             if (store instanceof PK11Store) {
                 CMS.debug("WizardPanelBase deleteCert: this is pk11store");
-                PK11Store pk11store = (PK11Store)store;
+                PK11Store pk11store = (PK11Store) store;
                 pk11store.deleteCertOnly(cert);
                 CMS.debug("WizardPanelBase deleteCert: cert deleted successfully");
             }
         } catch (Exception e) {
-            CMS.debug("WizardPanelBase deleteCert: Exception="+e.toString());
+            CMS.debug("WizardPanelBase deleteCert: Exception=" + e.toString());
         }
     }
 
     public void deleteEntries(LDAPSearchResults res, LDAPConnection conn,
-      String dn, String[] entries) {
+            String dn, String[] entries) {
         String[] attrs = null;
         LDAPSearchConstraints cons = null;
         String filter = "objectclass=*";
@@ -1595,23 +1600,23 @@ public class WizardPanelBase implements IWizardPanel {
                 }
             }
         } catch (Exception ee) {
-            CMS.debug("WizardPanelBase deleteEntries: Exception="+ee.toString());
+            CMS.debug("WizardPanelBase deleteEntries: Exception=" + ee.toString());
         }
     }
 
     public void deleteEntry(LDAPConnection conn, String dn, String[] entries) {
         try {
-            for (int i=0; i<entries.length; i++) {
+            for (int i = 0; i < entries.length; i++) {
                 if (LDAPDN.equals(dn, entries[i])) {
-                    CMS.debug("WizardPanelBase deleteEntry: entry with this dn "+dn+" is not deleted.");
+                    CMS.debug("WizardPanelBase deleteEntry: entry with this dn " + dn + " is not deleted.");
                     return;
                 }
             }
 
-            CMS.debug("WizardPanelBase deleteEntry: deleting dn="+dn);
+            CMS.debug("WizardPanelBase deleteEntry: deleting dn=" + dn);
             conn.delete(dn);
         } catch (Exception e) {
-            CMS.debug("WizardPanelBase deleteEntry: Exception="+e.toString());
+            CMS.debug("WizardPanelBase deleteEntry: Exception=" + e.toString());
         }
     }
 
@@ -1624,12 +1629,12 @@ public class WizardPanelBase implements IWizardPanel {
             int cs_port = cs.getInteger("pkicreate.admin_secure_port", -1);
             int panel = getPanelNo();
             String subsystem = cs.getString("cs.type", "");
-            String urlVal = "https://"+cs_hostname+":"+cs_port+"/"+toLowerCaseSubsystemType(subsystem)+"/admin/console/config/wizard?p="+panel+"&subsystem="+subsystem;
+            String urlVal = "https://" + cs_hostname + ":" + cs_port + "/" + toLowerCaseSubsystemType(subsystem) + "/admin/console/config/wizard?p=" + panel + "&subsystem=" + subsystem;
             String encodedValue = URLEncoder.encode(urlVal, "UTF-8");
-            String sdurl =  "https://"+hostname+":"+port+"/ca/admin/ca/securityDomainLogin?url="+encodedValue;
+            String sdurl = "https://" + hostname + ":" + port + "/ca/admin/ca/securityDomainLogin?url=" + encodedValue;
             response.sendRedirect(sdurl);
         } catch (Exception e) {
-            CMS.debug("WizardPanelBase reloginSecurityDomain: Exception="+e.toString());
+            CMS.debug("WizardPanelBase reloginSecurityDomain: Exception=" + e.toString());
         }
     }
 }
diff --git a/pki/base/common/src/com/netscape/cms/servlet/filter/AdminRequestFilter.java b/pki/base/common/src/com/netscape/cms/servlet/filter/AdminRequestFilter.java
index bbfa4b39..ca184988 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/filter/AdminRequestFilter.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/filter/AdminRequestFilter.java
@@ -28,30 +28,28 @@ import javax.servlet.http.HttpServletResponse;
 
 import com.netscape.certsrv.apps.CMS;
 
-public class AdminRequestFilter implements Filter
-{
+public class AdminRequestFilter implements Filter {
     private static final String HTTPS_SCHEME = "https";
     private static final String HTTPS_PORT = "https_port";
     private static final String HTTPS_ROLE = "Admin";
     private static final String PROXY_PORT = "proxy_port";
 
     private FilterConfig config;
-    
+
     /* Create a new AdminRequestFilter */
-    public AdminRequestFilter() {}
-    
-    public void init( FilterConfig filterConfig )
-                throws ServletException
-    {
+    public AdminRequestFilter() {
+    }
+
+    public void init(FilterConfig filterConfig)
+                throws ServletException {
         this.config = filterConfig;
     }
-    
-    public void doFilter( ServletRequest request, 
+
+    public void doFilter(ServletRequest request,
                           ServletResponse response,
-                          FilterChain chain )
+                          FilterChain chain)
                 throws java.io.IOException,
-                       ServletException
-    {
+                       ServletException {
         String filterName = getClass().getName();
 
         String scheme = null;
@@ -64,32 +62,32 @@ public class AdminRequestFilter implements Filter
         String param_active = null;
 
         // CMS.debug("Entering the admin filter");
-        param_active = config.getInitParameter( "active");
+        param_active = config.getInitParameter("active");
 
-        if( request instanceof HttpServletRequest ) {
-            HttpServletResponse resp = ( HttpServletResponse ) response;
+        if (request instanceof HttpServletRequest) {
+            HttpServletResponse resp = (HttpServletResponse) response;
 
-            // RFC 1738:  verify that scheme is "https"
+            // RFC 1738: verify that scheme is "https"
             scheme = request.getScheme();
-            if( ! scheme.equals( HTTPS_SCHEME ) ) {
+            if (!scheme.equals(HTTPS_SCHEME)) {
                 msg = "The scheme MUST be '" + HTTPS_SCHEME
-                    + "', NOT '" + scheme + "'!";
-                CMS.debug( filterName + ":  " + msg );
-                resp.sendError( HttpServletResponse.SC_UNAUTHORIZED, msg );
+                        + "', NOT '" + scheme + "'!";
+                CMS.debug(filterName + ":  " + msg);
+                resp.sendError(HttpServletResponse.SC_UNAUTHORIZED, msg);
                 return;
             }
 
             // Always obtain an "https" port from request
             port = request.getLocalPort();
-            request_port = Integer.toString( port );
+            request_port = Integer.toString(port);
 
             // Always obtain the "https" port passed in as a parameter
-            param_https_port = config.getInitParameter( HTTPS_PORT );
-            if( param_https_port == null ) {
+            param_https_port = config.getInitParameter(HTTPS_PORT);
+            if (param_https_port == null) {
                 msg = "The <param-name> '" + HTTPS_PORT
-                    + "' </param-name> " + "MUST be specified in 'web.xml'!";
-                CMS.debug( filterName + ":  " + msg );
-                resp.sendError( HttpServletResponse.SC_NOT_IMPLEMENTED, msg );
+                        + "' </param-name> " + "MUST be specified in 'web.xml'!";
+                CMS.debug(filterName + ":  " + msg);
+                resp.sendError(HttpServletResponse.SC_NOT_IMPLEMENTED, msg);
                 return;
             }
 
@@ -97,29 +95,29 @@ public class AdminRequestFilter implements Filter
             boolean bad_port = false;
 
             // Compare the request and param "https" ports
-            if( ! param_https_port.equals( request_port ) ) {
+            if (!param_https_port.equals(request_port)) {
                 String uri = ((HttpServletRequest) request).getRequestURI();
-                if (param_proxy_port != null) {  
+                if (param_proxy_port != null) {
                     if (!param_proxy_port.equals(request_port)) {
                         msg = "Use HTTPS port '" + param_https_port
-                            + "' or proxy port '" + param_proxy_port
-                            + "' instead of '" + request_port
-                            + "' when performing " + HTTPS_ROLE + " tasks!";
+                                + "' or proxy port '" + param_proxy_port
+                                + "' instead of '" + request_port
+                                + "' when performing " + HTTPS_ROLE + " tasks!";
                         bad_port = true;
                     }
                 } else {
                     msg = "Use HTTPS port '" + param_https_port
-                        + "' instead of '" + request_port
-                        + "' when performing " + HTTPS_ROLE + " tasks!";
+                            + "' instead of '" + request_port
+                            + "' when performing " + HTTPS_ROLE + " tasks!";
                     bad_port = true;
                 }
                 if (bad_port) {
-                    CMS.debug( filterName + ":  " + msg );
-                    CMS.debug( filterName + ": uri is " + uri);
-                    if ((param_active != null) &&(param_active.equals("false"))) {
+                    CMS.debug(filterName + ":  " + msg);
+                    CMS.debug(filterName + ": uri is " + uri);
+                    if ((param_active != null) && (param_active.equals("false"))) {
                         CMS.debug("Filter is disabled .. continuing");
                     } else {
-                        resp.sendError( HttpServletResponse.SC_NOT_FOUND, msg );
+                        resp.sendError(HttpServletResponse.SC_NOT_FOUND, msg);
                         return;
                     }
                 }
@@ -128,11 +126,9 @@ public class AdminRequestFilter implements Filter
 
         // CMS.debug("Exiting the admin filter");
 
-        chain.doFilter( request, response );
+        chain.doFilter(request, response);
     }
-    
-    public void destroy()
-    {
+
+    public void destroy() {
     }
 }
-
diff --git a/pki/base/common/src/com/netscape/cms/servlet/filter/AgentRequestFilter.java b/pki/base/common/src/com/netscape/cms/servlet/filter/AgentRequestFilter.java
index 1ae44a64..163e3a18 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/filter/AgentRequestFilter.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/filter/AgentRequestFilter.java
@@ -28,30 +28,28 @@ import javax.servlet.http.HttpServletResponse;
 
 import com.netscape.certsrv.apps.CMS;
 
-public class AgentRequestFilter implements Filter
-{
+public class AgentRequestFilter implements Filter {
     private static final String HTTPS_SCHEME = "https";
     private static final String HTTPS_PORT = "https_port";
     private static final String HTTPS_ROLE = "Agent";
     private static final String PROXY_PORT = "proxy_port";
 
     private FilterConfig config;
-    
+
     /* Create a new AgentRequestFilter */
-    public AgentRequestFilter() {}
-    
-    public void init( FilterConfig filterConfig )
-                throws ServletException
-    {
+    public AgentRequestFilter() {
+    }
+
+    public void init(FilterConfig filterConfig)
+                throws ServletException {
         this.config = filterConfig;
     }
-    
-    public void doFilter( ServletRequest request, 
+
+    public void doFilter(ServletRequest request,
                           ServletResponse response,
-                          FilterChain chain )
+                          FilterChain chain)
                 throws java.io.IOException,
-                       ServletException
-    {
+                       ServletException {
         String filterName = getClass().getName();
 
         String scheme = null;
@@ -65,32 +63,32 @@ public class AgentRequestFilter implements Filter
         String param_active = null;
 
         // CMS.debug("Entering the agent filter");
-        param_active = config.getInitParameter( "active");
+        param_active = config.getInitParameter("active");
 
-        if( request instanceof HttpServletRequest ) {
-            HttpServletResponse resp = ( HttpServletResponse ) response;
+        if (request instanceof HttpServletRequest) {
+            HttpServletResponse resp = (HttpServletResponse) response;
 
-            // RFC 1738:  verify that scheme is "https"
+            // RFC 1738: verify that scheme is "https"
             scheme = request.getScheme();
-            if( ! scheme.equals( HTTPS_SCHEME ) ) {
+            if (!scheme.equals(HTTPS_SCHEME)) {
                 msg = "The scheme MUST be '" + HTTPS_SCHEME
-                    + "', NOT '" + scheme + "'!";
-                CMS.debug( filterName + ":  " + msg );
-                resp.sendError( HttpServletResponse.SC_UNAUTHORIZED, msg );
+                        + "', NOT '" + scheme + "'!";
+                CMS.debug(filterName + ":  " + msg);
+                resp.sendError(HttpServletResponse.SC_UNAUTHORIZED, msg);
                 return;
             }
 
             // Always obtain an "https" port from request
             port = request.getLocalPort();
-            request_port = Integer.toString( port );
+            request_port = Integer.toString(port);
 
             // Always obtain the "https" port passed in as a parameter
-            param_https_port = config.getInitParameter( HTTPS_PORT );
-            if( param_https_port == null ) {
+            param_https_port = config.getInitParameter(HTTPS_PORT);
+            if (param_https_port == null) {
                 msg = "The <param-name> '" + HTTPS_PORT
-                    + "' </param-name> " + "MUST be specified in 'web.xml'!";
-                CMS.debug( filterName + ":  " + msg );
-                resp.sendError( HttpServletResponse.SC_NOT_IMPLEMENTED, msg );
+                        + "' </param-name> " + "MUST be specified in 'web.xml'!";
+                CMS.debug(filterName + ":  " + msg);
+                resp.sendError(HttpServletResponse.SC_NOT_IMPLEMENTED, msg);
                 return;
             }
 
@@ -98,29 +96,29 @@ public class AgentRequestFilter implements Filter
             boolean bad_port = false;
 
             // Compare the request and param "https" ports
-            if( ! param_https_port.equals( request_port ) ) {
+            if (!param_https_port.equals(request_port)) {
                 String uri = ((HttpServletRequest) request).getRequestURI();
                 if (param_proxy_port != null) {
                     if (!param_proxy_port.equals(request_port)) {
                         msg = "Use HTTPS port '" + param_https_port
-                            + "' or proxy port '" + param_proxy_port 
-                            + "' instead of '" + request_port
-                            + "' when performing " + HTTPS_ROLE + " tasks!";
+                                + "' or proxy port '" + param_proxy_port
+                                + "' instead of '" + request_port
+                                + "' when performing " + HTTPS_ROLE + " tasks!";
                         bad_port = true;
                     }
                 } else {
                     msg = "Use HTTPS port '" + param_https_port
-                        + "' instead of '" + request_port
-                        + "' when performing " + HTTPS_ROLE + " tasks!";
+                            + "' instead of '" + request_port
+                            + "' when performing " + HTTPS_ROLE + " tasks!";
                     bad_port = true;
                 }
                 if (bad_port) {
-                    CMS.debug( filterName + ":  " + msg );
-                    CMS.debug( filterName + ": uri is " + uri);
-                    if ((param_active != null) &&(param_active.equals("false"))) {
+                    CMS.debug(filterName + ":  " + msg);
+                    CMS.debug(filterName + ": uri is " + uri);
+                    if ((param_active != null) && (param_active.equals("false"))) {
                         CMS.debug("Filter is disabled .. continuing");
                     } else {
-                        resp.sendError( HttpServletResponse.SC_NOT_FOUND, msg );
+                        resp.sendError(HttpServletResponse.SC_NOT_FOUND, msg);
                         return;
                     }
                 }
@@ -128,11 +126,9 @@ public class AgentRequestFilter implements Filter
         }
         // CMS.debug("Exiting the Agent filter");
 
-        chain.doFilter( request, response );
+        chain.doFilter(request, response);
     }
-    
-    public void destroy()
-    {
+
+    public void destroy() {
     }
 }
-
diff --git a/pki/base/common/src/com/netscape/cms/servlet/filter/EEClientAuthRequestFilter.java b/pki/base/common/src/com/netscape/cms/servlet/filter/EEClientAuthRequestFilter.java
index 8b53c6c6..e734458e 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/filter/EEClientAuthRequestFilter.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/filter/EEClientAuthRequestFilter.java
@@ -28,30 +28,28 @@ import javax.servlet.http.HttpServletResponse;
 
 import com.netscape.certsrv.apps.CMS;
 
-public class EEClientAuthRequestFilter implements Filter
-{
+public class EEClientAuthRequestFilter implements Filter {
     private static final String HTTPS_SCHEME = "https";
     private static final String HTTPS_PORT = "https_port";
     private static final String HTTPS_ROLE = "EE Client Auth";
     private static final String PROXY_PORT = "proxy_port";
 
     private FilterConfig config;
-    
+
     /* Create a new EEClientAuthRequestFilter */
-    public EEClientAuthRequestFilter() {}
-    
-    public void init( FilterConfig filterConfig )
-                throws ServletException
-    {
+    public EEClientAuthRequestFilter() {
+    }
+
+    public void init(FilterConfig filterConfig)
+                throws ServletException {
         this.config = filterConfig;
     }
-    
-    public void doFilter( ServletRequest request, 
+
+    public void doFilter(ServletRequest request,
                           ServletResponse response,
-                          FilterChain chain )
+                          FilterChain chain)
                 throws java.io.IOException,
-                       ServletException
-    {
+                       ServletException {
         String filterName = getClass().getName();
 
         String scheme = null;
@@ -64,32 +62,32 @@ public class EEClientAuthRequestFilter implements Filter
         String param_proxy_port = null;
 
         // CMS.debug("Entering the EECA filter");
-        param_active = config.getInitParameter( "active");
+        param_active = config.getInitParameter("active");
 
-        if( request instanceof HttpServletRequest ) {
-            HttpServletResponse resp = ( HttpServletResponse ) response;
+        if (request instanceof HttpServletRequest) {
+            HttpServletResponse resp = (HttpServletResponse) response;
 
-            // RFC 1738:  verify that scheme is "https"
+            // RFC 1738: verify that scheme is "https"
             scheme = request.getScheme();
-            if( ! scheme.equals( HTTPS_SCHEME ) ) {
+            if (!scheme.equals(HTTPS_SCHEME)) {
                 msg = "The scheme MUST be '" + HTTPS_SCHEME
-                    + "', NOT '" + scheme + "'!";
-                CMS.debug( filterName + ":  " + msg );
-                resp.sendError( HttpServletResponse.SC_UNAUTHORIZED, msg );
+                        + "', NOT '" + scheme + "'!";
+                CMS.debug(filterName + ":  " + msg);
+                resp.sendError(HttpServletResponse.SC_UNAUTHORIZED, msg);
                 return;
             }
 
             // Always obtain an "https" port from request
             port = request.getLocalPort();
-            request_port = Integer.toString( port );
+            request_port = Integer.toString(port);
 
             // Always obtain the "https" port passed in as a parameter
-            param_https_port = config.getInitParameter( HTTPS_PORT );
-            if( param_https_port == null ) {
+            param_https_port = config.getInitParameter(HTTPS_PORT);
+            if (param_https_port == null) {
                 msg = "The <param-name> '" + HTTPS_PORT
-                    + "' </param-name> " + "MUST be specified in 'web.xml'!";
-                CMS.debug( filterName + ":  " + msg );
-                resp.sendError( HttpServletResponse.SC_NOT_IMPLEMENTED, msg );
+                        + "' </param-name> " + "MUST be specified in 'web.xml'!";
+                CMS.debug(filterName + ":  " + msg);
+                resp.sendError(HttpServletResponse.SC_NOT_IMPLEMENTED, msg);
                 return;
             }
 
@@ -97,41 +95,39 @@ public class EEClientAuthRequestFilter implements Filter
             boolean bad_port = false;
 
             // Compare the request and param "https" ports
-            if( ! param_https_port.equals( request_port ) ) {
+            if (!param_https_port.equals(request_port)) {
                 String uri = ((HttpServletRequest) request).getRequestURI();
                 if (param_proxy_port != null) {
                     if (!param_proxy_port.equals(request_port)) {
                         msg = "Use HTTPS port '" + param_https_port
-                            + "' or proxy port '" + param_proxy_port
-                            + "' instead of '" + request_port
-                            + "' when performing " + HTTPS_ROLE + " tasks!";
+                                + "' or proxy port '" + param_proxy_port
+                                + "' instead of '" + request_port
+                                + "' when performing " + HTTPS_ROLE + " tasks!";
                         bad_port = true;
                     }
                 } else {
                     msg = "Use HTTPS port '" + param_https_port
-                        + "' instead of '" + request_port
-                        + "' when performing " + HTTPS_ROLE + " tasks!";
+                            + "' instead of '" + request_port
+                            + "' when performing " + HTTPS_ROLE + " tasks!";
                     bad_port = true;
                 }
                 if (bad_port) {
-                    CMS.debug( filterName + ":  " + msg );
-                    CMS.debug( filterName + ": uri is " + uri);
-                    if ((param_active != null) &&(param_active.equals("false"))) {
+                    CMS.debug(filterName + ":  " + msg);
+                    CMS.debug(filterName + ": uri is " + uri);
+                    if ((param_active != null) && (param_active.equals("false"))) {
                         CMS.debug("Filter is disabled .. continuing");
                     } else {
-                        resp.sendError( HttpServletResponse.SC_NOT_FOUND, msg );
+                        resp.sendError(HttpServletResponse.SC_NOT_FOUND, msg);
                         return;
                     }
                 }
             }
         }
-       // CMS.debug("exiting the EECA filter");
+        // CMS.debug("exiting the EECA filter");
 
-        chain.doFilter( request, response );
+        chain.doFilter(request, response);
     }
-    
-    public void destroy()
-    {
+
+    public void destroy() {
     }
 }
-
diff --git a/pki/base/common/src/com/netscape/cms/servlet/filter/EERequestFilter.java b/pki/base/common/src/com/netscape/cms/servlet/filter/EERequestFilter.java
index f66cf087..4004702b 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/filter/EERequestFilter.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/filter/EERequestFilter.java
@@ -28,8 +28,7 @@ import javax.servlet.http.HttpServletResponse;
 
 import com.netscape.certsrv.apps.CMS;
 
-public class EERequestFilter implements Filter
-{
+public class EERequestFilter implements Filter {
     private static final String HTTP_SCHEME = "http";
     private static final String HTTP_PORT = "http_port";
     private static final String HTTP_ROLE = "EE";
@@ -40,22 +39,21 @@ public class EERequestFilter implements Filter
     private static final String PROXY_HTTP_PORT = "proxy_http_port";
 
     private FilterConfig config;
-    
+
     /* Create a new EERequestFilter */
-    public EERequestFilter() {}
-    
-    public void init( FilterConfig filterConfig )
-                throws ServletException
-    {
+    public EERequestFilter() {
+    }
+
+    public void init(FilterConfig filterConfig)
+                throws ServletException {
         this.config = filterConfig;
     }
-    
-    public void doFilter( ServletRequest request, 
+
+    public void doFilter(ServletRequest request,
                           ServletResponse response,
-                          FilterChain chain )
+                          FilterChain chain)
                 throws java.io.IOException,
-                       ServletException
-    {
+                       ServletException {
         String filterName = getClass().getName();
 
         String scheme = null;
@@ -70,45 +68,45 @@ public class EERequestFilter implements Filter
         String param_active = null;
 
         // CMS.debug("Entering the EE filter");
-        param_active = config.getInitParameter( "active");
+        param_active = config.getInitParameter("active");
 
-        if( request instanceof HttpServletRequest ) {
-            HttpServletResponse resp = ( HttpServletResponse ) response;
+        if (request instanceof HttpServletRequest) {
+            HttpServletResponse resp = (HttpServletResponse) response;
 
-            // RFC 1738:  verify that scheme is either "http" or "https"
+            // RFC 1738: verify that scheme is either "http" or "https"
             scheme = request.getScheme();
-            if( ( ! scheme.equals( HTTP_SCHEME ) ) &&
-                ( ! scheme.equals( HTTPS_SCHEME ) ) ) {
+            if ((!scheme.equals(HTTP_SCHEME)) &&
+                    (!scheme.equals(HTTPS_SCHEME))) {
                 msg = "The scheme MUST be either '" + HTTP_SCHEME
-                    + "' or '" + HTTPS_SCHEME
-                    + "', NOT '" + scheme + "'!";
-                CMS.debug( filterName + ":  " + msg );
-                resp.sendError( HttpServletResponse.SC_UNAUTHORIZED, msg );
-                return; 
+                        + "' or '" + HTTPS_SCHEME
+                        + "', NOT '" + scheme + "'!";
+                CMS.debug(filterName + ":  " + msg);
+                resp.sendError(HttpServletResponse.SC_UNAUTHORIZED, msg);
+                return;
             }
 
             // Always obtain either an "http" or an "https" port from request
             port = request.getLocalPort();
-            request_port = Integer.toString( port );
+            request_port = Integer.toString(port);
 
             // Always obtain the "http" port passed in as a parameter
-            param_http_port = config.getInitParameter( HTTP_PORT );
-            if( param_http_port == null ) {
+            param_http_port = config.getInitParameter(HTTP_PORT);
+            if (param_http_port == null) {
                 msg = "The <param-name> '" + HTTP_PORT
-                    + "' </param-name> " + "MUST be specified in 'web.xml'!";
-                CMS.debug( filterName + ":  " + msg );
-                resp.sendError( HttpServletResponse.SC_NOT_IMPLEMENTED, msg );
-                return; 
+                        + "' </param-name> " + "MUST be specified in 'web.xml'!";
+                CMS.debug(filterName + ":  " + msg);
+                resp.sendError(HttpServletResponse.SC_NOT_IMPLEMENTED, msg);
+                return;
             }
 
             // Always obtain the "https" port passed in as a parameter
-            param_https_port = config.getInitParameter( HTTPS_PORT );
-            if( param_https_port == null ) {
+            param_https_port = config.getInitParameter(HTTPS_PORT);
+            if (param_https_port == null) {
                 msg = "The <param-name> '" + HTTPS_PORT
-                    + "' </param-name> " + "MUST be specified in 'web.xml'!";
-                CMS.debug( filterName + ":  " + msg );
-                resp.sendError( HttpServletResponse.SC_NOT_IMPLEMENTED, msg );
-                return; 
+                        + "' </param-name> " + "MUST be specified in 'web.xml'!";
+                CMS.debug(filterName + ":  " + msg);
+                resp.sendError(HttpServletResponse.SC_NOT_IMPLEMENTED, msg);
+                return;
             }
 
             param_proxy_http_port = config.getInitParameter(PROXY_HTTP_PORT);
@@ -119,58 +117,58 @@ public class EERequestFilter implements Filter
             // the request and param "http" ports;
             // otherwise, if the scheme is "https", compare
             // the request and param "https" ports
-            if( scheme.equals( HTTP_SCHEME ) ) {
-                if( ! param_http_port.equals( request_port ) ) {
+            if (scheme.equals(HTTP_SCHEME)) {
+                if (!param_http_port.equals(request_port)) {
                     String uri = ((HttpServletRequest) request).getRequestURI();
-                    if (param_proxy_http_port != null) {  
+                    if (param_proxy_http_port != null) {
                         if (!param_proxy_http_port.equals(request_port)) {
                             msg = "Use HTTP port '" + param_http_port
-                                + "' or proxy port '" + param_proxy_http_port
-                                + "' instead of '" + request_port
-                                + "' when performing " + HTTP_ROLE + " tasks!";
+                                    + "' or proxy port '" + param_proxy_http_port
+                                    + "' instead of '" + request_port
+                                    + "' when performing " + HTTP_ROLE + " tasks!";
                             bad_port = true;
                         }
                     } else {
                         msg = "Use HTTP port '" + param_http_port
-                            + "' instead of '" + request_port
-                            + "' when performing " + HTTP_ROLE + " tasks!";
+                                + "' instead of '" + request_port
+                                + "' when performing " + HTTP_ROLE + " tasks!";
                         bad_port = true;
                     }
                     if (bad_port) {
-                        CMS.debug( filterName + ":  " + msg );
-                        CMS.debug( filterName + ": uri is " + uri);
-                        if ((param_active != null) &&(param_active.equals("false"))) {
+                        CMS.debug(filterName + ":  " + msg);
+                        CMS.debug(filterName + ": uri is " + uri);
+                        if ((param_active != null) && (param_active.equals("false"))) {
                             CMS.debug("Filter is disabled .. continuing");
                         } else {
-                            resp.sendError( HttpServletResponse.SC_NOT_FOUND, msg );
+                            resp.sendError(HttpServletResponse.SC_NOT_FOUND, msg);
                             return;
                         }
                     }
                 }
-            } else if( scheme.equals( HTTPS_SCHEME ) ) {
-                if( ! param_https_port.equals( request_port ) ) {
+            } else if (scheme.equals(HTTPS_SCHEME)) {
+                if (!param_https_port.equals(request_port)) {
                     String uri = ((HttpServletRequest) request).getRequestURI();
-                    if (param_proxy_port != null) {  
+                    if (param_proxy_port != null) {
                         if (!param_proxy_port.equals(request_port)) {
                             msg = "Use HTTPS port '" + param_https_port
-                                + "' or proxy port '" + param_proxy_port
-                                + "' instead of '" + request_port
-                                + "' when performing " + HTTPS_ROLE + " tasks!";
+                                    + "' or proxy port '" + param_proxy_port
+                                    + "' instead of '" + request_port
+                                    + "' when performing " + HTTPS_ROLE + " tasks!";
                             bad_port = true;
                         }
                     } else {
                         msg = "Use HTTPS port '" + param_https_port
-                            + "' instead of '" + request_port
-                            + "' when performing " + HTTPS_ROLE + " tasks!";
+                                + "' instead of '" + request_port
+                                + "' when performing " + HTTPS_ROLE + " tasks!";
                         bad_port = true;
                     }
                     if (bad_port) {
-                        CMS.debug( filterName + ":  " + msg );
-                        CMS.debug( filterName + ": uri is " + uri);
-                        if ((param_active != null) &&(param_active.equals("false"))) {
+                        CMS.debug(filterName + ":  " + msg);
+                        CMS.debug(filterName + ": uri is " + uri);
+                        if ((param_active != null) && (param_active.equals("false"))) {
                             CMS.debug("Filter is disabled .. continuing");
                         } else {
-                            resp.sendError( HttpServletResponse.SC_NOT_FOUND, msg );
+                            resp.sendError(HttpServletResponse.SC_NOT_FOUND, msg);
                             return;
                         }
                     }
@@ -180,11 +178,9 @@ public class EERequestFilter implements Filter
         }
         // CMS.debug("Exiting the EE filter");
 
-        chain.doFilter( request, response );
+        chain.doFilter(request, response);
     }
-    
-    public void destroy()
-    {
+
+    public void destroy() {
     }
 }
-
diff --git a/pki/base/common/src/com/netscape/cms/servlet/key/ConfirmRecoverBySerial.java b/pki/base/common/src/com/netscape/cms/servlet/key/ConfirmRecoverBySerial.java
index 166036a9..a5c17e28 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/key/ConfirmRecoverBySerial.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/key/ConfirmRecoverBySerial.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.servlet.key;
 
-
 import java.io.IOException;
 import java.math.BigInteger;
 import java.util.Locale;
@@ -43,13 +42,11 @@ import com.netscape.cms.servlet.common.CMSTemplate;
 import com.netscape.cms.servlet.common.CMSTemplateParams;
 import com.netscape.cms.servlet.common.ECMSGWException;
 
-
 /**
- * A class representing a recoverKey servlet. This servlet
- * shows key information and presents a list of text boxes
- * so that recovery agents can type in their identifiers
- * and passwords.
- *
+ * A class representing a recoverKey servlet. This servlet shows key information
+ * and presents a list of text boxes so that recovery agents can type in their
+ * identifiers and passwords.
+ * 
  * @version $Revision$, $Date$
  */
 public class ConfirmRecoverBySerial extends CMSServlet {
@@ -59,8 +56,8 @@ public class ConfirmRecoverBySerial extends CMSServlet {
      */
     private static final long serialVersionUID = 2221819191344494389L;
     private final static String INFO = "recoverBySerial";
-    private final static String TPL_FILE = 
-        "confirmRecoverBySerial.template";
+    private final static String TPL_FILE =
+            "confirmRecoverBySerial.template";
 
     private final static String IN_SERIALNO = "serialNumber";
     private final static String OUT_SERIALNO = IN_SERIALNO;
@@ -95,22 +92,20 @@ public class ConfirmRecoverBySerial extends CMSServlet {
     /**
      * Returns serlvet information.
      */
-    public String getServletInfo() { 
-        return INFO; 
+    public String getServletInfo() {
+        return INFO;
     }
 
     /**
-     * Serves HTTP request. The format of this request is 
-     * as follows:
-     *   confirmRecoverBySerial?
-     *     [serialNumber=<serialno>]
+     * Serves HTTP request. The format of this request is as follows:
+     * confirmRecoverBySerial? [serialNumber=<serialno>]
      */
     public void process(CMSRequest cmsReq) throws EBaseException {
 
         // Note that we should try to handle all the exceptions
-        // instead of passing it up back to the servlet 
+        // instead of passing it up back to the servlet
         // framework.
-		
+
         HttpServletRequest req = cmsReq.getHttpReq();
         HttpServletResponse resp = cmsReq.getHttpResp();
 
@@ -123,9 +118,9 @@ public class ConfirmRecoverBySerial extends CMSServlet {
             form = getTemplate(mFormPath, req, locale);
         } catch (IOException e) {
             log(ILogger.LL_FAILURE,
-                CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString()));
+                    CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString()));
             throw new ECMSGWException(
-              CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
+                    CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
         }
 
         IArgBlock header = CMS.createArgBlock();
@@ -147,8 +142,8 @@ public class ConfirmRecoverBySerial extends CMSServlet {
 
             process(argSet, header, seqNum, req, resp, locale[0]);
         } catch (NumberFormatException e) {
-            header.addStringValue(OUT_ERROR, 
-                CMS.getUserMessage(locale[0], "CMS_BASE_INTERNAL_ERROR", e.toString()));
+            header.addStringValue(OUT_ERROR,
+                    CMS.getUserMessage(locale[0], "CMS_BASE_INTERNAL_ERROR", e.toString()));
         }
 
         try {
@@ -157,10 +152,10 @@ public class ConfirmRecoverBySerial extends CMSServlet {
             resp.setContentType("text/html");
             form.renderOutput(out, argSet);
         } catch (IOException e) {
-            log(ILogger.LL_FAILURE, 
-                CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString()));
+            log(ILogger.LL_FAILURE,
+                    CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString()));
             throw new ECMSGWException(
-              CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
+                    CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
         }
         cmsReq.setStatus(CMSRequest.SUCCESS);
     }
@@ -169,17 +164,17 @@ public class ConfirmRecoverBySerial extends CMSServlet {
      * Requests for a list of agent passwords.
      */
     private void process(CMSTemplateParams argSet,
-        IArgBlock header, int seq, 
-        HttpServletRequest req, HttpServletResponse resp,
-        Locale locale) {
+            IArgBlock header, int seq,
+            HttpServletRequest req, HttpServletResponse resp,
+            Locale locale) {
         try {
             header.addIntegerValue(OUT_SERIALNO, seq);
             header.addIntegerValue(OUT_M,
-                mRecoveryService.getNoOfRequiredAgents());
+                    mRecoveryService.getNoOfRequiredAgents());
             header.addStringValue(OUT_OP,
-                req.getParameter(OUT_OP));
+                    req.getParameter(OUT_OP));
             header.addStringValue(OUT_SERVICE_URL,
-                req.getRequestURI());
+                    req.getRequestURI());
 
             IKeyRecord rec = (IKeyRecord) mKeyDB.readKeyRecord(new BigInteger(
                         Integer.toString(seq)));
diff --git a/pki/base/common/src/com/netscape/cms/servlet/key/DisplayBySerial.java b/pki/base/common/src/com/netscape/cms/servlet/key/DisplayBySerial.java
index 510f1ac3..41d7b02c 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/key/DisplayBySerial.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/key/DisplayBySerial.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.servlet.key;
 
-
 import java.io.IOException;
 import java.math.BigInteger;
 import java.util.Locale;
@@ -44,11 +43,10 @@ import com.netscape.cms.servlet.common.CMSTemplate;
 import com.netscape.cms.servlet.common.CMSTemplateParams;
 import com.netscape.cms.servlet.common.ECMSGWException;
 
-
 /**
  * Display a specific Key Archival Request
  * <P>
- *
+ * 
  * @version $Revision$, $Date$
  */
 public class DisplayBySerial extends CMSServlet {
@@ -78,7 +76,7 @@ public class DisplayBySerial extends CMSServlet {
     /**
      * initialize the servlet. This servlet uses the template file
      * "displayBySerial.template" to process the response.
-     *
+     * 
      * @param sc servlet configuration, read from the web.xml file
      */
     public void init(ServletConfig sc) throws ServletException {
@@ -94,8 +92,8 @@ public class DisplayBySerial extends CMSServlet {
     /**
      * Returns serlvet information.
      */
-    public String getServletInfo() { 
-        return INFO; 
+    public String getServletInfo() {
+        return INFO;
     }
 
     /**
@@ -103,7 +101,7 @@ public class DisplayBySerial extends CMSServlet {
      * <ul>
      * <li>http.param serialNumber serial number of the key archival request
      * </ul>
-     *
+     * 
      * @param cmsReq the object holding the request and response information
      */
     public void process(CMSRequest cmsReq) throws EBaseException {
@@ -119,10 +117,10 @@ public class DisplayBySerial extends CMSServlet {
                         mAuthzResourceName, "read");
         } catch (EAuthzAccessDenied e) {
             log(ILogger.LL_FAILURE,
-                CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+                    CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
         } catch (Exception e) {
             log(ILogger.LL_FAILURE,
-                CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+                    CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
         }
 
         if (authzToken == null) {
@@ -137,13 +135,13 @@ public class DisplayBySerial extends CMSServlet {
             form = getTemplate(mFormPath, req, locale);
         } catch (IOException e) {
             log(ILogger.LL_FAILURE,
-                CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString()));
+                    CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString()));
             throw new ECMSGWException(
-              CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
+                    CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
         }
 
         // Note that we should try to handle all the exceptions
-        // instead of passing it up back to the servlet 
+        // instead of passing it up back to the servlet
         // framework.
 
         IArgBlock header = CMS.createArgBlock();
@@ -159,7 +157,7 @@ public class DisplayBySerial extends CMSServlet {
             process(argSet, header, seqNum, req, resp, locale[0]);
         } catch (NumberFormatException e) {
             header.addStringValue(OUT_ERROR,
-                CMS.getUserMessage(locale[0], "CMS_BASE_INTERNAL_ERROR", e.toString()));
+                    CMS.getUserMessage(locale[0], "CMS_BASE_INTERNAL_ERROR", e.toString()));
         }
 
         try {
@@ -169,9 +167,9 @@ public class DisplayBySerial extends CMSServlet {
             form.renderOutput(out, argSet);
         } catch (IOException e) {
             log(ILogger.LL_FAILURE,
-                CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString()));
+                    CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString()));
             throw new ECMSGWException(
-              CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
+                    CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
         }
     }
 
@@ -179,15 +177,15 @@ public class DisplayBySerial extends CMSServlet {
      * Display information about a particular key.
      */
     private void process(CMSTemplateParams argSet,
-        IArgBlock header, int seq, 
-        HttpServletRequest req, HttpServletResponse resp,
-        Locale locale) {
+            IArgBlock header, int seq,
+            HttpServletRequest req, HttpServletResponse resp,
+            Locale locale) {
         try {
             header.addStringValue(OUT_OP,
-                req.getParameter(OUT_OP));
+                    req.getParameter(OUT_OP));
             header.addStringValue(OUT_SERVICE_URL,
-                req.getRequestURI());
-            IKeyRecord rec = (IKeyRecord) mKeyDB.readKeyRecord(new 
+                    req.getRequestURI());
+            IKeyRecord rec = (IKeyRecord) mKeyDB.readKeyRecord(new
                     BigInteger(Integer.toString(seq)));
 
             KeyRecordParser.fillRecordIntoArg(rec, header);
diff --git a/pki/base/common/src/com/netscape/cms/servlet/key/DisplayBySerialForRecovery.java b/pki/base/common/src/com/netscape/cms/servlet/key/DisplayBySerialForRecovery.java
index 2ef78c64..82d75884 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/key/DisplayBySerialForRecovery.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/key/DisplayBySerialForRecovery.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.servlet.key;
 
-
 import java.io.IOException;
 import java.math.BigInteger;
 import java.util.Locale;
@@ -45,11 +44,9 @@ import com.netscape.cms.servlet.common.CMSTemplate;
 import com.netscape.cms.servlet.common.CMSTemplateParams;
 import com.netscape.cms.servlet.common.ECMSGWException;
 
-
 /**
- * Display a Specific Key Archival Request, and initiate
- * key recovery process
- *
+ * Display a Specific Key Archival Request, and initiate key recovery process
+ * 
  * @version $Revision$, $Date$
  */
 public class DisplayBySerialForRecovery extends CMSServlet {
@@ -80,7 +77,7 @@ public class DisplayBySerialForRecovery extends CMSServlet {
     /**
      * initialize the servlet. This servlet uses the template file
      * "displayBySerialForRecovery.template" to process the response.
-     *
+     * 
      * @param sc servlet configuration, read from the web.xml file
      */
     public void init(ServletConfig sc) throws ServletException {
@@ -95,17 +92,17 @@ public class DisplayBySerialForRecovery extends CMSServlet {
     /**
      * Returns serlvet information.
      */
-    public String getServletInfo() { 
-        return INFO; 
+    public String getServletInfo() {
+        return INFO;
     }
 
     /**
      * Process the HTTP request.
      * <ul>
-     * <li>http.param serialNumber  request ID of key archival request
-     * <li>http.param publicKeyData  
+     * <li>http.param serialNumber request ID of key archival request
+     * <li>http.param publicKeyData
      * </ul>
-     *
+     * 
      * @param cmsReq the object holding the request and response information
      */
     public void process(CMSRequest cmsReq) throws EBaseException {
@@ -121,10 +118,10 @@ public class DisplayBySerialForRecovery extends CMSServlet {
                         mAuthzResourceName, "read");
         } catch (EAuthzAccessDenied e) {
             log(ILogger.LL_FAILURE,
-                CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+                    CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
         } catch (Exception e) {
             log(ILogger.LL_FAILURE,
-                CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+                    CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
         }
 
         if (authzToken == null) {
@@ -139,13 +136,13 @@ public class DisplayBySerialForRecovery extends CMSServlet {
             form = getTemplate(mFormPath, req, locale);
         } catch (IOException e) {
             log(ILogger.LL_FAILURE,
-                CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString()));
+                    CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString()));
             throw new ECMSGWException(
-              CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
+                    CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
         }
 
         // Note that we should try to handle all the exceptions
-        // instead of passing it up back to the servlet 
+        // instead of passing it up back to the servlet
         // framework.
 
         IArgBlock header = CMS.createArgBlock();
@@ -159,12 +156,12 @@ public class DisplayBySerialForRecovery extends CMSServlet {
                 seqNum = Integer.parseInt(
                             req.getParameter(IN_SERIALNO));
             }
-            process(argSet, header, 
-                req.getParameter("publicKeyData"),
-                seqNum, req, resp, locale[0]);
+            process(argSet, header,
+                    req.getParameter("publicKeyData"),
+                    seqNum, req, resp, locale[0]);
         } catch (NumberFormatException e) {
             header.addStringValue(OUT_ERROR,
-                CMS.getUserMessage(locale[0], "CMS_BASE_INTERNAL_ERROR", e.toString()));
+                    CMS.getUserMessage(locale[0], "CMS_BASE_INTERNAL_ERROR", e.toString()));
         } catch (Exception e) {
             e.printStackTrace();
             System.out.println(e.toString());
@@ -176,9 +173,9 @@ public class DisplayBySerialForRecovery extends CMSServlet {
             form.renderOutput(out, argSet);
         } catch (IOException e) {
             log(ILogger.LL_FAILURE,
-                CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString()));
+                    CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString()));
             throw new ECMSGWException(
-              CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
+                    CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
         }
         cmsReq.setStatus(CMSRequest.SUCCESS);
     }
@@ -187,23 +184,23 @@ public class DisplayBySerialForRecovery extends CMSServlet {
      * Display information about a particular key.
      */
     private synchronized void process(CMSTemplateParams argSet,
-        IArgBlock header, String publicKeyData, int seq, 
-        HttpServletRequest req, HttpServletResponse resp,
-        Locale locale) {
+            IArgBlock header, String publicKeyData, int seq,
+            HttpServletRequest req, HttpServletResponse resp,
+            Locale locale) {
         try {
             header.addIntegerValue("noOfRequiredAgents",
-                mService.getNoOfRequiredAgents());
+                    mService.getNoOfRequiredAgents());
             header.addStringValue(OUT_OP,
-                req.getParameter(OUT_OP));
+                    req.getParameter(OUT_OP));
             header.addStringValue("keySplitting",
-                CMS.getConfigStore().getString("kra.keySplitting"));
+                    CMS.getConfigStore().getString("kra.keySplitting"));
             header.addStringValue(OUT_SERVICE_URL,
-                req.getRequestURI());
+                    req.getRequestURI());
             if (publicKeyData != null) {
                 header.addStringValue("publicKeyData",
-                    publicKeyData);
+                        publicKeyData);
             }
-            IKeyRecord rec = (IKeyRecord) mKeyDB.readKeyRecord(new 
+            IKeyRecord rec = (IKeyRecord) mKeyDB.readKeyRecord(new
                     BigInteger(Integer.toString(seq)));
 
             KeyRecordParser.fillRecordIntoArg(rec, header);
diff --git a/pki/base/common/src/com/netscape/cms/servlet/key/DisplayTransport.java b/pki/base/common/src/com/netscape/cms/servlet/key/DisplayTransport.java
index d4baf181..2fd882b7 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/key/DisplayTransport.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/key/DisplayTransport.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.servlet.key;
 
-
 import javax.servlet.ServletConfig;
 import javax.servlet.ServletException;
 import javax.servlet.http.HttpServletRequest;
@@ -34,11 +33,9 @@ import com.netscape.cms.servlet.base.CMSServlet;
 import com.netscape.cms.servlet.common.CMSRequest;
 import com.netscape.cms.servlet.common.ECMSGWException;
 
-
 /**
- * Retrieve Transport Certificate used to 
- * wrap Private key Archival requests
- *
+ * Retrieve Transport Certificate used to wrap Private key Archival requests
+ * 
  * @version $Revision$, $Date$
  */
 public class DisplayTransport extends CMSServlet {
@@ -67,13 +64,13 @@ public class DisplayTransport extends CMSServlet {
     /**
      * Returns serlvet information.
      */
-    public String getServletInfo() { 
-        return INFO; 
+    public String getServletInfo() {
+        return INFO;
     }
 
     /**
      * Process the HTTP request.
-     *
+     * 
      * @param cmsReq the object holding the request and response information
      */
     public void process(CMSRequest cmsReq) throws EBaseException {
@@ -98,21 +95,21 @@ public class DisplayTransport extends CMSServlet {
         }
 
         try {
-            IKeyRecoveryAuthority kra = 
-                (IKeyRecoveryAuthority) mAuthority;
+            IKeyRecoveryAuthority kra =
+                    (IKeyRecoveryAuthority) mAuthority;
             ITransportKeyUnit tu = kra.getTransportKeyUnit();
             org.mozilla.jss.crypto.X509Certificate transportCert =
-                tu.getCertificate();
+                    tu.getCertificate();
 
             resp.setStatus(HttpServletResponse.SC_OK);
             resp.setContentType("text/html");
-            String content = ""; 
+            String content = "";
 
             content += "<HTML><PRE>";
-            String mime64 = 
-                "-----BEGIN CERTIFICATE-----\n" + 
-                CMS.BtoA(transportCert.getEncoded()) + 
-                "-----END CERTIFICATE-----\n";
+            String mime64 =
+                    "-----BEGIN CERTIFICATE-----\n" +
+                            CMS.BtoA(transportCert.getEncoded()) +
+                            "-----END CERTIFICATE-----\n";
 
             content += mime64;
             content += "</PRE></HTML>";
@@ -120,9 +117,9 @@ public class DisplayTransport extends CMSServlet {
             resp.getOutputStream().write(content.getBytes());
         } catch (Exception e) {
             log(ILogger.LL_FAILURE,
-                CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString()));
+                    CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString()));
             throw new ECMSGWException(
-              CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
+                    CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
         }
         cmsReq.setStatus(CMSRequest.SUCCESS);
     }
diff --git a/pki/base/common/src/com/netscape/cms/servlet/key/ExamineRecovery.java b/pki/base/common/src/com/netscape/cms/servlet/key/ExamineRecovery.java
index 9fbad7a6..9d569a0d 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/key/ExamineRecovery.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/key/ExamineRecovery.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.servlet.key;
 
-
 import java.io.IOException;
 import java.math.BigInteger;
 import java.util.Hashtable;
@@ -46,10 +45,9 @@ import com.netscape.cms.servlet.common.CMSTemplate;
 import com.netscape.cms.servlet.common.CMSTemplateParams;
 import com.netscape.cms.servlet.common.ECMSGWException;
 
-
 /**
- * View the Key Recovery Request 
- *
+ * View the Key Recovery Request
+ * 
  * @version $Revision$, $Date$
  */
 public class ExamineRecovery extends CMSServlet {
@@ -100,8 +98,8 @@ public class ExamineRecovery extends CMSServlet {
     /**
      * Returns serlvet information.
      */
-    public String getServletInfo() { 
-        return INFO; 
+    public String getServletInfo() {
+        return INFO;
     }
 
     /**
@@ -109,7 +107,7 @@ public class ExamineRecovery extends CMSServlet {
      * <ul>
      * <li>http.param recoveryID recovery request ID
      * </ul>
-     *
+     * 
      * @param cmsReq the object holding the request and response information
      */
 
@@ -127,10 +125,10 @@ public class ExamineRecovery extends CMSServlet {
                         mAuthzResourceName, "read");
         } catch (EAuthzAccessDenied e) {
             log(ILogger.LL_FAILURE,
-                CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+                    CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
         } catch (Exception e) {
             log(ILogger.LL_FAILURE,
-                CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+                    CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
         }
 
         if (authzToken == null) {
@@ -145,9 +143,9 @@ public class ExamineRecovery extends CMSServlet {
             form = getTemplate(mFormPath, req, locale);
         } catch (IOException e) {
             log(ILogger.LL_FAILURE,
-                CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString()));
+                    CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString()));
             throw new ECMSGWException(
-              CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
+                    CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
         }
 
         IArgBlock header = CMS.createArgBlock();
@@ -158,9 +156,9 @@ public class ExamineRecovery extends CMSServlet {
         EBaseException error = null;
 
         try {
-            process(argSet, header, 
-                req.getParameter("recoveryID"),
-                req, resp, locale[0]);
+            process(argSet, header,
+                    req.getParameter("recoveryID"),
+                    req, resp, locale[0]);
         } catch (EBaseException e) {
             error = e;
         } catch (Exception e) {
@@ -168,28 +166,23 @@ public class ExamineRecovery extends CMSServlet {
         }
 
         /*
-         catch (NumberFormatException e) {
-         error = eBaseException(
-         
-         header.addStringValue(OUT_ERROR,
-         MessageFormatter.getLocalizedString(
-         locale[0],
-         BaseResources.class.getName(),
-         BaseResources.INTERNAL_ERROR_1,
-         e.toString()));
-         }
+         * catch (NumberFormatException e) { error = eBaseException(
+         * 
+         * header.addStringValue(OUT_ERROR, MessageFormatter.getLocalizedString(
+         * locale[0], BaseResources.class.getName(),
+         * BaseResources.INTERNAL_ERROR_1, e.toString())); }
          */
 
         try {
             if (error == null) {
                 String xmlOutput = req.getParameter("xml");
                 if (xmlOutput != null && xmlOutput.equals("true")) {
-                  outputXML(resp, argSet);
+                    outputXML(resp, argSet);
                 } else {
-                  ServletOutputStream out = resp.getOutputStream();
-                  resp.setContentType("text/html");
-                  form.renderOutput(out, argSet);
-                  cmsReq.setStatus(CMSRequest.SUCCESS);
+                    ServletOutputStream out = resp.getOutputStream();
+                    resp.setContentType("text/html");
+                    form.renderOutput(out, argSet);
+                    cmsReq.setStatus(CMSRequest.SUCCESS);
                 }
             } else {
                 cmsReq.setStatus(CMSRequest.ERROR);
@@ -197,57 +190,55 @@ public class ExamineRecovery extends CMSServlet {
             }
         } catch (IOException e) {
             log(ILogger.LL_FAILURE,
-                CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString()));
+                    CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString()));
             throw new ECMSGWException(
-              CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
+                    CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
         }
     }
 
     /**
-     * Recovers a key. The p12 will be protected by the password
-     * provided by the administrator.
+     * Recovers a key. The p12 will be protected by the password provided by the
+     * administrator.
      */
     private void process(CMSTemplateParams argSet,
-        IArgBlock header, String recoveryID,
-        HttpServletRequest req, HttpServletResponse resp,
-        Locale locale) 
-        throws EBaseException {
+            IArgBlock header, String recoveryID,
+            HttpServletRequest req, HttpServletResponse resp,
+            Locale locale)
+            throws EBaseException {
         try {
             header.addStringValue(OUT_OP,
-                req.getParameter(OUT_OP));
+                    req.getParameter(OUT_OP));
             header.addStringValue(OUT_SERVICE_URL,
-                req.getRequestURI());
+                    req.getRequestURI());
             header.addStringValue("keySplitting",
-                CMS.getConfigStore().getString("kra.keySplitting"));
+                    CMS.getConfigStore().getString("kra.keySplitting"));
             Hashtable params = mService.getRecoveryParams(
                     recoveryID);
 
             if (params == null) {
-                log(ILogger.LL_FAILURE, 
-                    CMS.getLogMessage("CMSGW_NO_RECOVERY_TOKEN_FOUND_1", recoveryID));
+                log(ILogger.LL_FAILURE,
+                        CMS.getLogMessage("CMSGW_NO_RECOVERY_TOKEN_FOUND_1", recoveryID));
                 throw new ECMSGWException(
-                  CMS.getUserMessage("CMS_GW_NO_RECOVERY_TOKEN_FOUND", recoveryID));
+                        CMS.getUserMessage("CMS_GW_NO_RECOVERY_TOKEN_FOUND", recoveryID));
             }
-            String keyID = (String)params.get("keyID");
-            header.addStringValue("serialNumber", keyID); 
+            String keyID = (String) params.get("keyID");
+            header.addStringValue("serialNumber", keyID);
             header.addStringValue("recoveryID", recoveryID);
 
-            IKeyRepository mKeyDB = 
-              ((IKeyRecoveryAuthority) mAuthority).getKeyRepository();
+            IKeyRepository mKeyDB =
+                    ((IKeyRecoveryAuthority) mAuthority).getKeyRepository();
             IKeyRecord rec = (IKeyRecord) mKeyDB.readKeyRecord(new
                     BigInteger(keyID));
             KeyRecordParser.fillRecordIntoArg(rec, header);
-                                                                                
 
         } catch (EBaseException e) {
             log(ILogger.LL_FAILURE, "Error e " + e);
             throw e;
-        } 
+        }
 
         /*
-         catch (Exception e) {
-         header.addStringValue(OUT_ERROR, e.toString());
-         }
+         * catch (Exception e) { header.addStringValue(OUT_ERROR, e.toString());
+         * }
          */
     }
 }
diff --git a/pki/base/common/src/com/netscape/cms/servlet/key/GetApprovalStatus.java b/pki/base/common/src/com/netscape/cms/servlet/key/GetApprovalStatus.java
index 4bd4d45b..09a084b5 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/key/GetApprovalStatus.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/key/GetApprovalStatus.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.servlet.key;
 
-
 import java.io.IOException;
 import java.util.Enumeration;
 import java.util.Hashtable;
@@ -45,10 +44,9 @@ import com.netscape.cms.servlet.common.CMSTemplate;
 import com.netscape.cms.servlet.common.CMSTemplateParams;
 import com.netscape.cms.servlet.common.ECMSGWException;
 
-
 /**
  * Check to see if a Key Recovery Request has been approved
- *
+ * 
  * @version $Revision$, $Date$
  */
 public class GetApprovalStatus extends CMSServlet {
@@ -79,9 +77,9 @@ public class GetApprovalStatus extends CMSServlet {
 
     /**
      * initialize the servlet. This servlet uses the template files
-     * "getApprovalStatus.template" and "finishRecovery.template"
-     * to process the response.
-     *
+     * "getApprovalStatus.template" and "finishRecovery.template" to process the
+     * response.
+     * 
      * @param sc servlet configuration, read from the web.xml file
      */
     public void init(ServletConfig sc) throws ServletException {
@@ -95,8 +93,8 @@ public class GetApprovalStatus extends CMSServlet {
     /**
      * Returns serlvet information.
      */
-    public String getServletInfo() { 
-        return INFO; 
+    public String getServletInfo() {
+        return INFO;
     }
 
     /**
@@ -104,7 +102,7 @@ public class GetApprovalStatus extends CMSServlet {
      * <ul>
      * <li>http.param recoveryID request ID to check
      * </ul>
-     *
+     * 
      * @param cmsReq the object holding the request and response information
      */
     public void process(CMSRequest cmsReq) throws EBaseException {
@@ -148,12 +146,12 @@ public class GetApprovalStatus extends CMSServlet {
 
             if (params == null) {
                 log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("CMSGW_NO_RECOVERY_TOKEN_FOUND_1", recoveryID));
+                        CMS.getLogMessage("CMSGW_NO_RECOVERY_TOKEN_FOUND_1", recoveryID));
                 throw new ECMSGWException(
-                  CMS.getUserMessage("CMS_GW_NO_RECOVERY_TOKEN_FOUND", recoveryID));
+                        CMS.getUserMessage("CMS_GW_NO_RECOVERY_TOKEN_FOUND", recoveryID));
             }
             header.addStringValue("serialNumber",
-                (String) params.get("keyID"));
+                    (String) params.get("keyID"));
 
             int requiredNumber = mService.getNoOfRequiredAgents();
 
@@ -174,27 +172,21 @@ public class GetApprovalStatus extends CMSServlet {
 
                 if (pkcs12 != null) {
                     rComplete = 1;
-                    header.addStringValue(OUT_STATUS, "complete");        
+                    header.addStringValue(OUT_STATUS, "complete");
 
                     /*
-                     mService.destroyRecoveryParams(recoveryID);
-                     try {
-                     resp.setContentType("application/x-pkcs12");
-                     resp.getOutputStream().write(pkcs12);
-                     return;
-                     } catch (IOException e) {
-                     header.addStringValue(OUT_ERROR,
-                     MessageFormatter.getLocalizedString(
-                     locale[0],
-                     BaseResources.class.getName(),
-                     BaseResources.INTERNAL_ERROR_1,
-                     e.toString()));
-                     }
+                     * mService.destroyRecoveryParams(recoveryID); try {
+                     * resp.setContentType("application/x-pkcs12");
+                     * resp.getOutputStream().write(pkcs12); return; } catch
+                     * (IOException e) { header.addStringValue(OUT_ERROR,
+                     * MessageFormatter.getLocalizedString( locale[0],
+                     * BaseResources.class.getName(),
+                     * BaseResources.INTERNAL_ERROR_1, e.toString())); }
                      */
                 } else if (((IKeyRecoveryAuthority) mService).getError(recoveryID) != null) {
-                    // error in recovery process 
-                    header.addStringValue(OUT_ERROR, 
-                        ((IKeyRecoveryAuthority) mService).getError(recoveryID));
+                    // error in recovery process
+                    header.addStringValue(OUT_ERROR,
+                            ((IKeyRecoveryAuthority) mService).getError(recoveryID));
                     rComplete = 1;
                 } else {
                     // pk12 hasn't been created yet.
@@ -210,16 +202,16 @@ public class GetApprovalStatus extends CMSServlet {
                 mFormPath = "/" + ((IAuthority) mService).getId() + "/" + TPL_FINISH;
             } else {
                 mFormPath = "/" + ((IAuthority) mService).getId() + "/" + TPL_FILE;
-            }    
+            }
             if (mOutputTemplatePath != null)
                 mFormPath = mOutputTemplatePath;
             try {
                 form = getTemplate(mFormPath, req, locale);
             } catch (IOException e) {
                 log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString()));
+                        CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString()));
                 throw new ECMSGWException(
-                  CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
+                        CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
             }
 
             ServletOutputStream out = resp.getOutputStream();
@@ -228,9 +220,9 @@ public class GetApprovalStatus extends CMSServlet {
             form.renderOutput(out, argSet);
         } catch (IOException e) {
             log(ILogger.LL_FAILURE,
-                CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString()));
+                    CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString()));
             throw new ECMSGWException(
-                  CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
+                    CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
         }
 
         cmsReq.setStatus(CMSRequest.SUCCESS);
diff --git a/pki/base/common/src/com/netscape/cms/servlet/key/GetAsyncPk12.java b/pki/base/common/src/com/netscape/cms/servlet/key/GetAsyncPk12.java
index cea08af3..0a74cb26 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/key/GetAsyncPk12.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/key/GetAsyncPk12.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.servlet.key;
 
-
 import java.io.IOException;
 import java.util.Locale;
 
@@ -42,11 +41,9 @@ import com.netscape.cms.servlet.common.CMSTemplate;
 import com.netscape.cms.servlet.common.CMSTemplateParams;
 import com.netscape.cms.servlet.common.ECMSGWException;
 
-
 /**
- * Get the recovered key in PKCS#12 format
- *   - for asynchronous key recovery only
- *
+ * Get the recovered key in PKCS#12 format - for asynchronous key recovery only
+ * 
  */
 public class GetAsyncPk12 extends CMSServlet {
 
@@ -67,13 +64,11 @@ public class GetAsyncPk12 extends CMSServlet {
     private com.netscape.certsrv.kra.IKeyService mService = null;
     private final static String OUT_STATUS = "status";
 
-    private final static String
-        LOGGING_SIGNED_AUDIT_PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_SUCCESS =
-        "LOGGING_SIGNED_AUDIT_PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_SUCCESS_4";
+    private final static String LOGGING_SIGNED_AUDIT_PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_SUCCESS =
+            "LOGGING_SIGNED_AUDIT_PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_SUCCESS_4";
 
-    private final static String
-        LOGGING_SIGNED_AUDIT_PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_FAILURE =
-        "LOGGING_SIGNED_AUDIT_PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_FAILURE_4";
+    private final static String LOGGING_SIGNED_AUDIT_PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_FAILURE =
+            "LOGGING_SIGNED_AUDIT_PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_FAILURE_4";
 
     private String mFormPath = null;
 
@@ -87,7 +82,7 @@ public class GetAsyncPk12 extends CMSServlet {
     /**
      * initialize the servlet. This servlet uses the template file
      * "finishAsyncRecovery.template" to process the response.
-     *
+     * 
      * @param sc servlet configuration, read from the web.xml file
      */
     public void init(ServletConfig sc) throws ServletException {
@@ -103,8 +98,8 @@ public class GetAsyncPk12 extends CMSServlet {
     /**
      * Returns serlvet information.
      */
-    public String getServletInfo() { 
-        return INFO; 
+    public String getServletInfo() {
+        return INFO;
     }
 
     /**
@@ -112,7 +107,7 @@ public class GetAsyncPk12 extends CMSServlet {
      * <ul>
      * <li>http.param reqID request id for recovery
      * </ul>
-     *
+     * 
      * @param cmsReq the object holding the request and response information
      */
     public void process(CMSRequest cmsReq) throws EBaseException {
@@ -132,10 +127,10 @@ public class GetAsyncPk12 extends CMSServlet {
                         mAuthzResourceName, "download");
         } catch (EAuthzAccessDenied e) {
             log(ILogger.LL_FAILURE,
-                CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+                    CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
         } catch (Exception e) {
             log(ILogger.LL_FAILURE,
-                CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+                    CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
         }
 
         if (authzToken == null) {
@@ -150,9 +145,9 @@ public class GetAsyncPk12 extends CMSServlet {
             form = getTemplate(mFormPath, req, locale);
         } catch (IOException e) {
             log(ILogger.LL_FAILURE,
-                CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString()));
+                    CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString()));
             throw new ECMSGWException(
-              CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
+                    CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
         }
 
         cmsReq.setStatus(CMSRequest.SUCCESS);
@@ -173,9 +168,9 @@ public class GetAsyncPk12 extends CMSServlet {
                 agent = (String) sContext.get(SessionContext.USER_ID);
             }
 
-            if (agent == null ) {
-                CMS.debug( "GetAsyncPk12::process() - agent is null!" );
-                throw new EBaseException( "agent is null" );
+            if (agent == null) {
+                CMS.debug("GetAsyncPk12::process() - agent is null!");
+                throw new EBaseException("agent is null");
             }
 
             String initAgent = "undefined";
@@ -183,18 +178,18 @@ public class GetAsyncPk12 extends CMSServlet {
 
             if ((initAgent.equals("undefined")) || !agent.equals(initAgent)) {
                 log(ILogger.LL_SECURITY,
-                    CMS.getLogMessage("CMSGW_INVALID_AGENT_ASYNC_3",
-                        reqID, initAgent));
+                        CMS.getLogMessage("CMSGW_INVALID_AGENT_ASYNC_3",
+                                reqID, initAgent));
                 throw new ECMSGWException(
-                  CMS.getUserMessage("CMS_GW_INVALID_AGENT_ASYNC",
-                        reqID, initAgent));
+                        CMS.getUserMessage("CMS_GW_INVALID_AGENT_ASYNC",
+                                reqID, initAgent));
             }
 
             // The async recovery request must be in "approved" state
-            //  i.e. all required # of recovery agents approved
+            // i.e. all required # of recovery agents approved
             if (mService.isApprovedAsyncKeyRecovery(reqID) != true) {
                 CMS.debug("GetAsyncPk12::process() - # required recovery agents not met");
-                throw new EBaseException( "# required recovery agents not met" );
+                throw new EBaseException("# required recovery agents not met");
             }
 
             String password = req.getParameter(IN_PASSWORD);
@@ -202,11 +197,11 @@ public class GetAsyncPk12 extends CMSServlet {
 
             if (password == null || password.equals("")) {
                 header.addStringValue(OUT_ERROR, "PKCS12 password not found");
-                throw new EBaseException( "PKCS12 password not found" );
+                throw new EBaseException("PKCS12 password not found");
             }
             if (passwordAgain == null || !passwordAgain.equals(password)) {
                 header.addStringValue(OUT_ERROR, "PKCS12 password not matched");
-                throw new EBaseException( "PKCS12 password not matched" );
+                throw new EBaseException("PKCS12 password not matched");
             }
 
             // got all approval, return pk12
@@ -219,23 +214,23 @@ public class GetAsyncPk12 extends CMSServlet {
                     mRenderResult = false;
 
                     auditMessage = CMS.getLogMessage(
-                        LOGGING_SIGNED_AUDIT_PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_SUCCESS,
-                        agent,
-                        ILogger.SUCCESS,
-                        reqID,
-                        "");
+                            LOGGING_SIGNED_AUDIT_PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_SUCCESS,
+                            agent,
+                            ILogger.SUCCESS,
+                            reqID,
+                            "");
 
-                     audit(auditMessage);
+                    audit(auditMessage);
 
                     return;
                 } catch (IOException e) {
                     header.addStringValue(OUT_ERROR,
-                        CMS.getUserMessage(locale[0], "CMS_BASE_INTERNAL_ERROR", e.toString()));
+                            CMS.getUserMessage(locale[0], "CMS_BASE_INTERNAL_ERROR", e.toString()));
                 }
             } else if (((IKeyRecoveryAuthority) mService).getError(reqID) != null) {
-                // error in recovery process 
-                header.addStringValue(OUT_ERROR, 
-                    ((IKeyRecoveryAuthority) mService).getError(reqID));
+                // error in recovery process
+                header.addStringValue(OUT_ERROR,
+                        ((IKeyRecoveryAuthority) mService).getError(reqID));
             } else {
                 // pk12 hasn't been created yet. Shouldn't get here
             }
@@ -245,11 +240,11 @@ public class GetAsyncPk12 extends CMSServlet {
 
         if ((agent != null) && (reqID != null)) {
             auditMessage = CMS.getLogMessage(
-                LOGGING_SIGNED_AUDIT_PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_FAILURE,
-                agent,
-                ILogger.FAILURE,
-                reqID,
-                "");
+                    LOGGING_SIGNED_AUDIT_PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_FAILURE,
+                    agent,
+                    ILogger.FAILURE,
+                    reqID,
+                    "");
 
             audit(auditMessage);
         }
@@ -261,9 +256,9 @@ public class GetAsyncPk12 extends CMSServlet {
             form.renderOutput(out, argSet);
         } catch (IOException e) {
             log(ILogger.LL_FAILURE,
-                CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString()));
+                    CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString()));
             throw new ECMSGWException(
-              CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
+                    CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
         }
 
         cmsReq.setStatus(CMSRequest.SUCCESS);
diff --git a/pki/base/common/src/com/netscape/cms/servlet/key/GetPk12.java b/pki/base/common/src/com/netscape/cms/servlet/key/GetPk12.java
index b3651774..f27e966d 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/key/GetPk12.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/key/GetPk12.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.servlet.key;
 
-
 import java.io.IOException;
 import java.util.Hashtable;
 import java.util.Locale;
@@ -43,10 +42,9 @@ import com.netscape.cms.servlet.common.CMSTemplate;
 import com.netscape.cms.servlet.common.CMSTemplateParams;
 import com.netscape.cms.servlet.common.ECMSGWException;
 
-
 /**
  * Get the recovered key in PKCS#12 format
- *
+ * 
  * @version $Revision$, $Date$
  */
 public class GetPk12 extends CMSServlet {
@@ -66,13 +64,11 @@ public class GetPk12 extends CMSServlet {
     private com.netscape.certsrv.kra.IKeyService mService = null;
     private final static String OUT_STATUS = "status";
 
-    private final static String
-        LOGGING_SIGNED_AUDIT_PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_SUCCESS =
-        "LOGGING_SIGNED_AUDIT_PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_SUCCESS_4";
+    private final static String LOGGING_SIGNED_AUDIT_PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_SUCCESS =
+            "LOGGING_SIGNED_AUDIT_PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_SUCCESS_4";
 
-    private final static String
-        LOGGING_SIGNED_AUDIT_PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_FAILURE =
-        "LOGGING_SIGNED_AUDIT_PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_FAILURE_4";
+    private final static String LOGGING_SIGNED_AUDIT_PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_FAILURE =
+            "LOGGING_SIGNED_AUDIT_PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_FAILURE_4";
 
     private String mFormPath = null;
 
@@ -86,7 +82,7 @@ public class GetPk12 extends CMSServlet {
     /**
      * initialize the servlet. This servlet uses the template file
      * "finishRecovery.template" to process the response.
-     *
+     * 
      * @param sc servlet configuration, read from the web.xml file
      */
     public void init(ServletConfig sc) throws ServletException {
@@ -102,8 +98,8 @@ public class GetPk12 extends CMSServlet {
     /**
      * Returns serlvet information.
      */
-    public String getServletInfo() { 
-        return INFO; 
+    public String getServletInfo() {
+        return INFO;
     }
 
     /**
@@ -111,7 +107,7 @@ public class GetPk12 extends CMSServlet {
      * <ul>
      * <li>http.param recoveryID ID of request to recover
      * </ul>
-     *
+     * 
      * @param cmsReq the object holding the request and response information
      */
     public void process(CMSRequest cmsReq) throws EBaseException {
@@ -131,10 +127,10 @@ public class GetPk12 extends CMSServlet {
                         mAuthzResourceName, "download");
         } catch (EAuthzAccessDenied e) {
             log(ILogger.LL_FAILURE,
-                CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+                    CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
         } catch (Exception e) {
             log(ILogger.LL_FAILURE,
-                CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+                    CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
         }
 
         if (authzToken == null) {
@@ -149,9 +145,9 @@ public class GetPk12 extends CMSServlet {
             form = getTemplate(mFormPath, req, locale);
         } catch (IOException e) {
             log(ILogger.LL_FAILURE,
-                CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString()));
+                    CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString()));
             throw new ECMSGWException(
-              CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
+                    CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
         }
 
         cmsReq.setStatus(CMSRequest.SUCCESS);
@@ -170,9 +166,9 @@ public class GetPk12 extends CMSServlet {
 
             if (params == null) {
                 log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("CMSGW_NO_RECOVERY_TOKEN_FOUND_1", recoveryID));
+                        CMS.getLogMessage("CMSGW_NO_RECOVERY_TOKEN_FOUND_1", recoveryID));
                 throw new ECMSGWException(
-                  CMS.getUserMessage("CMS_GW_NO_RECOVERY_TOKEN_FOUND", recoveryID));
+                        CMS.getUserMessage("CMS_GW_NO_RECOVERY_TOKEN_FOUND", recoveryID));
             }
 
             // only the init DRM agent can get the pkcs12
@@ -181,26 +177,26 @@ public class GetPk12 extends CMSServlet {
                 agent = (String) sContext.get(SessionContext.USER_ID);
             }
 
-            if (agent == null ) {
-                CMS.debug( "GetPk12::process() - agent is null!" );
-                throw new EBaseException( "agent is null" );
+            if (agent == null) {
+                CMS.debug("GetPk12::process() - agent is null!");
+                throw new EBaseException("agent is null");
             }
 
-            String initAgent = (String) params.get("agent");     
+            String initAgent = (String) params.get("agent");
 
             if (!agent.equals(initAgent)) {
                 log(ILogger.LL_SECURITY,
-                    
-                    CMS.getLogMessage("CMSGW_INVALID_AGENT_3",
+
+                CMS.getLogMessage("CMSGW_INVALID_AGENT_3",
                         recoveryID,
                         initAgent));
                 throw new ECMSGWException(
-                  CMS.getUserMessage("CMS_GW_INVALID_AGENT",
-                            agent, initAgent, recoveryID));
+                        CMS.getUserMessage("CMS_GW_INVALID_AGENT",
+                                agent, initAgent, recoveryID));
             }
 
             header.addStringValue("serialNumber",
-                (String) params.get("keyID"));
+                    (String) params.get("keyID"));
 
             // got all approval, return pk12
             byte pkcs12[] = ((IKeyRecoveryAuthority) mService).getPk12(recoveryID);
@@ -213,23 +209,23 @@ public class GetPk12 extends CMSServlet {
                     mRenderResult = false;
 
                     auditMessage = CMS.getLogMessage(
-                        LOGGING_SIGNED_AUDIT_PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_SUCCESS,
-                        agent,
-                        ILogger.SUCCESS,
-                        recoveryID,
-                        "");
+                            LOGGING_SIGNED_AUDIT_PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_SUCCESS,
+                            agent,
+                            ILogger.SUCCESS,
+                            recoveryID,
+                            "");
 
                     audit(auditMessage);
 
                     return;
                 } catch (IOException e) {
                     header.addStringValue(OUT_ERROR,
-                        CMS.getUserMessage(locale[0], "CMS_BASE_INTERNAL_ERROR", e.toString()));
+                            CMS.getUserMessage(locale[0], "CMS_BASE_INTERNAL_ERROR", e.toString()));
                 }
             } else if (((IKeyRecoveryAuthority) mService).getError(recoveryID) != null) {
                 // error in recovery process
-                header.addStringValue(OUT_ERROR, 
-                    ((IKeyRecoveryAuthority) mService).getError(recoveryID));
+                header.addStringValue(OUT_ERROR,
+                        ((IKeyRecoveryAuthority) mService).getError(recoveryID));
             } else {
                 // pk12 hasn't been created yet. Shouldn't get here
             }
@@ -239,11 +235,11 @@ public class GetPk12 extends CMSServlet {
 
         if ((agent != null) && (recoveryID != null)) {
             auditMessage = CMS.getLogMessage(
-                LOGGING_SIGNED_AUDIT_PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_FAILURE,
-                agent,
-                ILogger.FAILURE,
-                recoveryID,
-                "");
+                    LOGGING_SIGNED_AUDIT_PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_FAILURE,
+                    agent,
+                    ILogger.FAILURE,
+                    recoveryID,
+                    "");
 
             audit(auditMessage);
         }
@@ -255,9 +251,9 @@ public class GetPk12 extends CMSServlet {
             form.renderOutput(out, argSet);
         } catch (IOException e) {
             log(ILogger.LL_FAILURE,
-                CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString()));
+                    CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString()));
             throw new ECMSGWException(
-              CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
+                    CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
         }
 
         cmsReq.setStatus(CMSRequest.SUCCESS);
diff --git a/pki/base/common/src/com/netscape/cms/servlet/key/GrantAsyncRecovery.java b/pki/base/common/src/com/netscape/cms/servlet/key/GrantAsyncRecovery.java
index a868f47c..a6c26dc5 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/key/GrantAsyncRecovery.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/key/GrantAsyncRecovery.java
@@ -40,10 +40,9 @@ import com.netscape.cms.servlet.common.CMSTemplate;
 import com.netscape.cms.servlet.common.CMSTemplateParams;
 import com.netscape.cms.servlet.common.ECMSGWException;
 
-
 /**
  * Approve an asynchronous key recovery request
- *
+ * 
  */
 public class GrantAsyncRecovery extends CMSServlet {
 
@@ -69,7 +68,7 @@ public class GrantAsyncRecovery extends CMSServlet {
     private String mFormPath = null;
 
     private final static String LOGGING_SIGNED_AUDIT_KEY_RECOVERY_AGENT_LOGIN =
-        "LOGGING_SIGNED_AUDIT_KEY_RECOVERY_AGENT_LOGIN_4";
+            "LOGGING_SIGNED_AUDIT_KEY_RECOVERY_AGENT_LOGIN_4";
 
     /**
      * Constructs EA servlet.
@@ -81,7 +80,7 @@ public class GrantAsyncRecovery extends CMSServlet {
     /**
      * initialize the servlet. This servlet uses the template file
      * 'grantAsyncRecovery.template' to process the response.
-     *
+     * 
      * @param sc servlet configuration, read from the web.xml file
      */
     public void init(ServletConfig sc) throws ServletException {
@@ -98,8 +97,8 @@ public class GrantAsyncRecovery extends CMSServlet {
     /**
      * Returns serlvet information.
      */
-    public String getServletInfo() { 
-        return INFO; 
+    public String getServletInfo() {
+        return INFO;
     }
 
     /**
@@ -107,9 +106,9 @@ public class GrantAsyncRecovery extends CMSServlet {
      * <ul>
      * <li>http.param reqID request ID of the request to approve
      * <li>http.param agentID User ID of the agent approving the request
-
+     * 
      * </ul>
-     *
+     * 
      * @param cmsReq the object holding the request and response information
      */
     public void process(CMSRequest cmsReq) throws EBaseException {
@@ -128,10 +127,10 @@ public class GrantAsyncRecovery extends CMSServlet {
                         mAuthzResourceName, "recover");
         } catch (EAuthzAccessDenied e) {
             log(ILogger.LL_FAILURE,
-                CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+                    CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
         } catch (Exception e) {
             log(ILogger.LL_FAILURE,
-                CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+                    CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
         }
 
         if (authzToken == null) {
@@ -146,9 +145,9 @@ public class GrantAsyncRecovery extends CMSServlet {
             form = getTemplate(mFormPath, req, locale);
         } catch (IOException e) {
             log(ILogger.LL_FAILURE,
-                CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString()));
+                    CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString()));
             throw new ECMSGWException(
-              CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
+                    CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
         }
 
         IArgBlock header = CMS.createArgBlock();
@@ -161,13 +160,13 @@ public class GrantAsyncRecovery extends CMSServlet {
         CMS.debug("GrantAsyncRecovery: process() agent uid=" + agentID);
         CMS.debug("GrantAsyncRecovery: process() request id=" + req.getParameter("reqID"));
         try {
-            process(argSet, header, 
-                req.getParameter("reqID"),
-                agentID,
-                req, resp, locale[0]);
+            process(argSet, header,
+                    req.getParameter("reqID"),
+                    agentID,
+                    req, resp, locale[0]);
         } catch (NumberFormatException e) {
             header.addStringValue(OUT_ERROR,
-                CMS.getUserMessage(locale[0], "CMS_BASE_INTERNAL_ERROR", e.toString()));
+                    CMS.getUserMessage(locale[0], "CMS_BASE_INTERNAL_ERROR", e.toString()));
         }
         try {
             ServletOutputStream out = resp.getOutputStream();
@@ -176,9 +175,9 @@ public class GrantAsyncRecovery extends CMSServlet {
             form.renderOutput(out, argSet);
         } catch (IOException e) {
             log(ILogger.LL_FAILURE,
-                CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString()));
+                    CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString()));
             throw new ECMSGWException(
-              CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
+                    CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
         }
         cmsReq.setStatus(CMSRequest.SUCCESS);
     }
@@ -186,12 +185,13 @@ public class GrantAsyncRecovery extends CMSServlet {
     /**
      * Update agent approval list
      * <P>
-     *
+     * 
      * <ul>
      * <li>signed.audit LOGGING_SIGNED_AUDIT_KEY_RECOVERY_AGENT_LOGIN used
      * whenever DRM agents login as recovery agents to approve key recovery
      * requests
      * </ul>
+     * 
      * @param argSet CMS template parameters
      * @param header argument block
      * @param reqID string containing the recovery request ID
@@ -201,10 +201,10 @@ public class GrantAsyncRecovery extends CMSServlet {
      * @param locale the system locale
      */
     private void process(CMSTemplateParams argSet,
-        IArgBlock header, String reqID,
-        String agentID,
-        HttpServletRequest req, HttpServletResponse resp,
-        Locale locale) {
+            IArgBlock header, String reqID,
+            String agentID,
+            HttpServletRequest req, HttpServletResponse resp,
+            Locale locale) {
         String auditMessage = null;
         String auditSubjectID = auditSubjectID();
         String auditRequestID = reqID;
@@ -234,9 +234,9 @@ public class GrantAsyncRecovery extends CMSServlet {
 
         try {
             header.addStringValue(OUT_OP,
-                req.getParameter(OUT_OP));
+                    req.getParameter(OUT_OP));
             header.addStringValue(OUT_SERVICE_URL,
-                req.getRequestURI());
+                    req.getRequestURI());
 
             // update approving agent list
             mService.addAgentAsyncKeyRecovery(reqID, agentID);
@@ -281,4 +281,3 @@ public class GrantAsyncRecovery extends CMSServlet {
         }
     }
 }
-
diff --git a/pki/base/common/src/com/netscape/cms/servlet/key/GrantRecovery.java b/pki/base/common/src/com/netscape/cms/servlet/key/GrantRecovery.java
index 9a7238be..a7356b3c 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/key/GrantRecovery.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/key/GrantRecovery.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.servlet.key;
 
-
 import java.io.IOException;
 import java.util.Hashtable;
 import java.util.Locale;
@@ -42,10 +41,9 @@ import com.netscape.cms.servlet.common.CMSTemplate;
 import com.netscape.cms.servlet.common.CMSTemplateParams;
 import com.netscape.cms.servlet.common.ECMSGWException;
 
-
 /**
  * Approve a key recovery request
- *
+ * 
  * @version $Revision$, $Date$
  */
 public class GrantRecovery extends CMSServlet {
@@ -74,7 +72,7 @@ public class GrantRecovery extends CMSServlet {
     private String mFormPath = null;
 
     private final static String LOGGING_SIGNED_AUDIT_KEY_RECOVERY_AGENT_LOGIN =
-        "LOGGING_SIGNED_AUDIT_KEY_RECOVERY_AGENT_LOGIN_4";
+            "LOGGING_SIGNED_AUDIT_KEY_RECOVERY_AGENT_LOGIN_4";
 
     /**
      * Constructs EA servlet.
@@ -86,7 +84,7 @@ public class GrantRecovery extends CMSServlet {
     /**
      * initialize the servlet. This servlet uses the template file
      * 'grantRecovery.template' to process the response.
-     *
+     * 
      * @param sc servlet configuration, read from the web.xml file
      */
     public void init(ServletConfig sc) throws ServletException {
@@ -103,19 +101,19 @@ public class GrantRecovery extends CMSServlet {
     /**
      * Returns serlvet information.
      */
-    public String getServletInfo() { 
-        return INFO; 
+    public String getServletInfo() {
+        return INFO;
     }
 
     /**
      * Process the HTTP request.
      * <ul>
      * <li>http.param recoveryID ID of the request to approve
-     * <li>http.param agentID    User ID of the agent approving the request
-     * <li>http.param agentPWD   Password of the agent approving the request
-
+     * <li>http.param agentID User ID of the agent approving the request
+     * <li>http.param agentPWD Password of the agent approving the request
+     * 
      * </ul>
-     *
+     * 
      * @param cmsReq the object holding the request and response information
      */
     public void process(CMSRequest cmsReq) throws EBaseException {
@@ -132,10 +130,10 @@ public class GrantRecovery extends CMSServlet {
                         mAuthzResourceName, "recover");
         } catch (EAuthzAccessDenied e) {
             log(ILogger.LL_FAILURE,
-                CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+                    CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
         } catch (Exception e) {
             log(ILogger.LL_FAILURE,
-                CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+                    CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
         }
 
         if (authzToken == null) {
@@ -150,9 +148,9 @@ public class GrantRecovery extends CMSServlet {
             form = getTemplate(mFormPath, req, locale);
         } catch (IOException e) {
             log(ILogger.LL_FAILURE,
-                CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString()));
+                    CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString()));
             throw new ECMSGWException(
-              CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
+                    CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
         }
 
         IArgBlock header = CMS.createArgBlock();
@@ -166,14 +164,14 @@ public class GrantRecovery extends CMSServlet {
             agentID = req.getParameter("agentID");
         }
         try {
-            process(argSet, header, 
-                req.getParameter("recoveryID"),
-                agentID,
-                req.getParameter("agentPWD"),
-                req, resp, locale[0]);
+            process(argSet, header,
+                    req.getParameter("recoveryID"),
+                    agentID,
+                    req.getParameter("agentPWD"),
+                    req, resp, locale[0]);
         } catch (NumberFormatException e) {
             header.addStringValue(OUT_ERROR,
-                CMS.getUserMessage(locale[0], "CMS_BASE_INTERNAL_ERROR", e.toString()));
+                    CMS.getUserMessage(locale[0], "CMS_BASE_INTERNAL_ERROR", e.toString()));
         }
         try {
             ServletOutputStream out = resp.getOutputStream();
@@ -182,23 +180,24 @@ public class GrantRecovery extends CMSServlet {
             form.renderOutput(out, argSet);
         } catch (IOException e) {
             log(ILogger.LL_FAILURE,
-                CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString()));
+                    CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString()));
             throw new ECMSGWException(
-              CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
+                    CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
         }
         cmsReq.setStatus(CMSRequest.SUCCESS);
     }
 
     /**
-     * Recovers a key. The p12 will be protected by the password
-     * provided by the administrator.
+     * Recovers a key. The p12 will be protected by the password provided by the
+     * administrator.
      * <P>
-     *
+     * 
      * <ul>
      * <li>signed.audit LOGGING_SIGNED_AUDIT_KEY_RECOVERY_AGENT_LOGIN used
      * whenever DRM agents login as recovery agents to approve key recovery
      * requests
      * </ul>
+     * 
      * @param argSet CMS template parameters
      * @param header argument block
      * @param recoveryID string containing the recovery ID
@@ -209,10 +208,10 @@ public class GrantRecovery extends CMSServlet {
      * @param locale the system locale
      */
     private void process(CMSTemplateParams argSet,
-        IArgBlock header, String recoveryID,
-        String agentID, String agentPWD,
-        HttpServletRequest req, HttpServletResponse resp,
-        Locale locale) {
+            IArgBlock header, String recoveryID,
+            String agentID, String agentPWD,
+            HttpServletRequest req, HttpServletResponse resp,
+            Locale locale) {
         String auditMessage = null;
         String auditSubjectID = auditSubjectID();
         String auditRecoveryID = recoveryID;
@@ -242,15 +241,15 @@ public class GrantRecovery extends CMSServlet {
 
         try {
             header.addStringValue(OUT_OP,
-                req.getParameter(OUT_OP));
+                    req.getParameter(OUT_OP));
             header.addStringValue(OUT_SERVICE_URL,
-                req.getRequestURI());
+                    req.getRequestURI());
 
             Hashtable h = mService.getRecoveryParams(recoveryID);
 
             if (h == null) {
-                header.addStringValue(OUT_ERROR, 
-                    "No such token found");
+                header.addStringValue(OUT_ERROR,
+                        "No such token found");
 
                 // store a message in the signed audit log file
                 auditMessage = CMS.getLogMessage(
@@ -265,13 +264,13 @@ public class GrantRecovery extends CMSServlet {
                 return;
             }
             header.addStringValue("serialNumber",
-                (String) h.get("keyID"));
+                    (String) h.get("keyID"));
 
             mService.addDistributedCredential(recoveryID, agentID, agentPWD);
             header.addStringValue("agentID",
-                agentID);
+                    agentID);
             header.addStringValue("recoveryID",
-                recoveryID);
+                    recoveryID);
 
             // store a message in the signed audit log file
             auditMessage = CMS.getLogMessage(
@@ -310,4 +309,3 @@ public class GrantRecovery extends CMSServlet {
         }
     }
 }
-
diff --git a/pki/base/common/src/com/netscape/cms/servlet/key/KeyRecordParser.java b/pki/base/common/src/com/netscape/cms/servlet/key/KeyRecordParser.java
index 9ce8585f..fc6498f5 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/key/KeyRecordParser.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/key/KeyRecordParser.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.servlet.key;
 
-
 import java.util.Date;
 
 import com.netscape.certsrv.apps.CMS;
@@ -28,7 +27,7 @@ import com.netscape.certsrv.dbs.keydb.IKeyRecord;
 
 /**
  * Output a 'pretty print' of a Key Archival record
- *
+ * 
  * @version $Revision$, $Date$
  */
 public class KeyRecordParser {
@@ -44,28 +43,27 @@ public class KeyRecordParser {
     public final static String OUT_RECOVERED_BY = "recoveredBy";
     public final static String OUT_RECOVERED_ON = "recoveredOn";
 
-
     /**
      * Fills key record into argument block.
      */
-    public static void fillRecordIntoArg(IKeyRecord rec, IArgBlock rarg) 
-        throws EBaseException {
+    public static void fillRecordIntoArg(IKeyRecord rec, IArgBlock rarg)
+            throws EBaseException {
         if (rec == null)
             return;
         rarg.addStringValue(OUT_STATE,
-            rec.getState().toString());
+                rec.getState().toString());
         rarg.addStringValue(OUT_OWNER_NAME,
-            rec.getOwnerName());
+                rec.getOwnerName());
         rarg.addIntegerValue(OUT_SERIALNO,
-            rec.getSerialNumber().intValue());
+                rec.getSerialNumber().intValue());
         rarg.addStringValue(OUT_KEY_ALGORITHM,
-            rec.getAlgorithm());
-        // Possible Enhancement: sun's BASE64Encode is not 
+                rec.getAlgorithm());
+        // Possible Enhancement: sun's BASE64Encode is not
         // fast. We may may to have our native implmenetation.
         IPrettyPrintFormat pp = CMS.getPrettyPrintFormat(":");
 
         rarg.addStringValue(OUT_PUBLIC_KEY,
-            pp.toHexString(rec.getPublicKeyData(), 0, 20));
+                pp.toHexString(rec.getPublicKeyData(), 0, 20));
         Integer keySize = rec.getKeySize();
 
         if (keySize == null) {
@@ -74,16 +72,16 @@ public class KeyRecordParser {
             rarg.addIntegerValue(OUT_KEY_LEN, keySize.intValue());
         }
         rarg.addStringValue(OUT_ARCHIVED_BY,
-            rec.getArchivedBy());
+                rec.getArchivedBy());
         rarg.addLongValue(OUT_ARCHIVED_ON,
-            rec.getCreateTime().getTime() / 1000);
+                rec.getCreateTime().getTime() / 1000);
         Date dateOfRevocation[] = rec.getDateOfRevocation();
 
         if (dateOfRevocation != null) {
-            rarg.addStringValue(OUT_RECOVERED_BY, 
-                "null");
-            rarg.addStringValue(OUT_RECOVERED_ON, 
-                "null"); 
+            rarg.addStringValue(OUT_RECOVERED_BY,
+                    "null");
+            rarg.addStringValue(OUT_RECOVERED_ON,
+                    "null");
         }
     }
 }
diff --git a/pki/base/common/src/com/netscape/cms/servlet/key/RecoverBySerial.java b/pki/base/common/src/com/netscape/cms/servlet/key/RecoverBySerial.java
index edcd2bdf..5a590a8e 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/key/RecoverBySerial.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/key/RecoverBySerial.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.servlet.key;
 
-
 import java.io.IOException;
 import java.math.BigInteger;
 import java.util.Hashtable;
@@ -51,7 +50,7 @@ import com.netscape.cmsutil.util.Cert;
 
 /**
  * A class representing a recoverBySerial servlet.
- *
+ * 
  * @version $Revision$, $Date$
  */
 public class RecoverBySerial extends CMSServlet {
@@ -108,22 +107,17 @@ public class RecoverBySerial extends CMSServlet {
     /**
      * Returns serlvet information.
      */
-    public String getServletInfo() { 
-        return INFO; 
+    public String getServletInfo() {
+        return INFO;
     }
 
     /**
      * Serves HTTP request. The format of this request is as follows:
-     *   recoverBySerial?
-     *     [serialNumber=<number>]
-     *     [uid#=<uid>]
-     *     [pwd#=<password>]
-     *     [localAgents=yes|null]
-     *     [recoveryID=recoveryID]
-     *     [pkcs12Password=<password of pkcs12>]
-     *     [pkcs12PasswordAgain=<password of pkcs12>]
-     *     [pkcs12Delivery=<delivery mechanism for pkcs12>]
-     *     [cert=<encryption certificate>]
+     * recoverBySerial? [serialNumber=<number>] [uid#=<uid>] [pwd#=<password>]
+     * [localAgents=yes|null] [recoveryID=recoveryID] [pkcs12Password=<password
+     * of pkcs12>] [pkcs12PasswordAgain=<password of pkcs12>]
+     * [pkcs12Delivery=<delivery mechanism for pkcs12>] [cert=<encryption
+     * certificate>]
      */
     public void process(CMSRequest cmsReq) throws EBaseException {
 
@@ -138,10 +132,10 @@ public class RecoverBySerial extends CMSServlet {
                         mAuthzResourceName, "recover");
         } catch (EAuthzAccessDenied e) {
             log(ILogger.LL_FAILURE,
-                CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+                    CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
         } catch (Exception e) {
             log(ILogger.LL_FAILURE,
-                CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+                    CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
         }
 
         if (authzToken == null) {
@@ -156,9 +150,9 @@ public class RecoverBySerial extends CMSServlet {
             form = getTemplate(mFormPath, req, locale);
         } catch (IOException e) {
             log(ILogger.LL_FAILURE,
-                CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString()));
+                    CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString()));
             throw new ECMSGWException(
-              CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
+                    CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
         }
 
         cmsReq.setStatus(CMSRequest.SUCCESS);
@@ -189,54 +183,52 @@ public class RecoverBySerial extends CMSServlet {
             ctx = SessionContext.getContext();
 
             /*
-               When Recovery is first initiated, if it is in asynch mode,
-               no pkcs#12 password is needed.
-               The initiating agent uid will be recorded in the recovery
-               request.
-               Later, as approving agents submit their approvals, they will
-               also be listed in the request.
+             * When Recovery is first initiated, if it is in asynch mode, no
+             * pkcs#12 password is needed. The initiating agent uid will be
+             * recorded in the recovery request. Later, as approving agents
+             * submit their approvals, they will also be listed in the request.
              */
             if ((initAsyncRecovery != null) &&
-                   initAsyncRecovery.equalsIgnoreCase("ON")) {
-              process(form, argSet, header,
-                  req.getParameter(IN_SERIALNO),
-                  req.getParameter(IN_CERT),
-                  req, resp, locale[0]);
-
-              int requiredNumber = mService.getNoOfRequiredAgents();
-              header.addIntegerValue("noOfRequiredAgents", requiredNumber);
+                    initAsyncRecovery.equalsIgnoreCase("ON")) {
+                process(form, argSet, header,
+                        req.getParameter(IN_SERIALNO),
+                        req.getParameter(IN_CERT),
+                        req, resp, locale[0]);
+
+                int requiredNumber = mService.getNoOfRequiredAgents();
+                header.addIntegerValue("noOfRequiredAgents", requiredNumber);
             } else {
                 String recoveryID = req.getParameter("recoveryID");
 
                 if (recoveryID != null && !recoveryID.equals("")) {
-                  ctx.put(SessionContext.RECOVERY_ID,
-                    req.getParameter("recoveryID"));
+                    ctx.put(SessionContext.RECOVERY_ID,
+                            req.getParameter("recoveryID"));
+                }
+                byte pkcs12[] = process(form, argSet, header,
+                        req.getParameter(IN_SERIALNO),
+                        req.getParameter("localAgents"),
+                        req.getParameter(IN_PASSWORD),
+                        req.getParameter(IN_PASSWORD_AGAIN),
+                        req.getParameter(IN_CERT),
+                        req.getParameter(IN_DELIVERY),
+                        req.getParameter(IN_NICKNAME),
+                        req, resp, locale[0]);
+
+                if (pkcs12 != null) {
+                    // resp.setStatus(HttpServletResponse.SC_OK);
+                    resp.setContentType("application/x-pkcs12");
+                    // resp.setContentLength(pkcs12.length);
+                    resp.getOutputStream().write(pkcs12);
+                    mRenderResult = false;
+                    return;
                 }
-              byte pkcs12[] = process(form, argSet, header, 
-                    req.getParameter(IN_SERIALNO), 
-                    req.getParameter("localAgents"),
-                    req.getParameter(IN_PASSWORD),
-                    req.getParameter(IN_PASSWORD_AGAIN),
-                    req.getParameter(IN_CERT),
-                    req.getParameter(IN_DELIVERY),
-                    req.getParameter(IN_NICKNAME),
-                    req, resp, locale[0]);
-
-              if (pkcs12 != null) {
-                //resp.setStatus(HttpServletResponse.SC_OK);
-                resp.setContentType("application/x-pkcs12");
-                //resp.setContentLength(pkcs12.length);
-                resp.getOutputStream().write(pkcs12);
-                mRenderResult = false;
-                return;
-              }
             }
         } catch (NumberFormatException e) {
             header.addStringValue(OUT_ERROR,
-                CMS.getUserMessage(locale[0], "CMS_BASE_INTERNAL_ERROR", e.toString()));
+                    CMS.getUserMessage(locale[0], "CMS_BASE_INTERNAL_ERROR", e.toString()));
         } catch (IOException e) {
             header.addStringValue(OUT_ERROR,
-                CMS.getUserMessage(locale[0], "CMS_BASE_INTERNAL_ERROR", e.toString()));
+                    CMS.getUserMessage(locale[0], "CMS_BASE_INTERNAL_ERROR", e.toString()));
         } finally {
             SessionContext.releaseContext();
         }
@@ -249,9 +241,9 @@ public class RecoverBySerial extends CMSServlet {
             form.renderOutput(out, argSet);
         } catch (IOException e) {
             log(ILogger.LL_FAILURE,
-                CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString()));
+                    CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString()));
             throw new ECMSGWException(
-              CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
+                    CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
         }
 
         cmsReq.setStatus(CMSRequest.SUCCESS);
@@ -260,10 +252,10 @@ public class RecoverBySerial extends CMSServlet {
     /**
      * Async Key Recovery - request initiation
      */
-    private void  process(CMSTemplate form, CMSTemplateParams argSet,
-        IArgBlock header, String seq, String cert,
-        HttpServletRequest req, HttpServletResponse resp,
-        Locale locale) {
+    private void process(CMSTemplate form, CMSTemplateParams argSet,
+            IArgBlock header, String seq, String cert,
+            HttpServletRequest req, HttpServletResponse resp,
+            Locale locale) {
 
         // seq is the key id
         if (seq == null) {
@@ -291,37 +283,37 @@ public class RecoverBySerial extends CMSServlet {
 
         try {
             String reqID = mService.initAsyncKeyRecovery(
-                  new BigInteger(seq), x509cert,
+                    new BigInteger(seq), x509cert,
                       (String) sContext.get(SessionContext.USER_ID));
             header.addStringValue(OUT_SERIALNO, req.getParameter(IN_SERIALNO));
             header.addStringValue("requestID", reqID);
         } catch (EBaseException e) {
             String error =
-                "Failed to recover key for key id " +
-                seq + ".\nException: " + e.toString();
+                    "Failed to recover key for key id " +
+                            seq + ".\nException: " + e.toString();
 
             CMS.getLogger().log(ILogger.EV_SYSTEM,
-                ILogger.S_KRA, ILogger.LL_FAILURE, error);
+                    ILogger.S_KRA, ILogger.LL_FAILURE, error);
             try {
                 ((IKeyRecoveryAuthority) mService).createError(seq, error);
             } catch (EBaseException eb) {
                 CMS.getLogger().log(ILogger.EV_SYSTEM,
-                    ILogger.S_KRA, ILogger.LL_FAILURE, eb.toString());
+                        ILogger.S_KRA, ILogger.LL_FAILURE, eb.toString());
             }
         }
         return;
     }
 
     /**
-     * Recovers a key. The p12 will be protected by the password
-     * provided by the administrator.
+     * Recovers a key. The p12 will be protected by the password provided by the
+     * administrator.
      */
     private byte[] process(CMSTemplate form, CMSTemplateParams argSet,
-        IArgBlock header, String seq, String localAgents,
-        String password, String passwordAgain,
-        String cert, String delivery, String nickname,
-        HttpServletRequest req, HttpServletResponse resp,
-        Locale locale) {
+            IArgBlock header, String seq, String localAgents,
+            String password, String passwordAgain,
+            String cert, String delivery, String nickname,
+            HttpServletRequest req, HttpServletResponse resp,
+            Locale locale) {
         if (seq == null) {
             header.addStringValue(OUT_ERROR, "sequence number not found");
             return null;
@@ -360,65 +352,65 @@ public class RecoverBySerial extends CMSServlet {
             if (sContext != null) {
                 agent = (String) sContext.get(SessionContext.USER_ID);
             }
-	   if (CMS.getConfigStore().getBoolean("kra.keySplitting")) {
-            if (localAgents == null) {
-                String recoveryID = req.getParameter("recoveryID");
+            if (CMS.getConfigStore().getBoolean("kra.keySplitting")) {
+                if (localAgents == null) {
+                    String recoveryID = req.getParameter("recoveryID");
 
-                if (recoveryID == null || recoveryID.equals("")) {
-                    header.addStringValue(OUT_ERROR, "No recovery ID specified");
-                    return null;
-                }
-                Hashtable params = mService.createRecoveryParams(recoveryID);
+                    if (recoveryID == null || recoveryID.equals("")) {
+                        header.addStringValue(OUT_ERROR, "No recovery ID specified");
+                        return null;
+                    }
+                    Hashtable params = mService.createRecoveryParams(recoveryID);
 
-                params.put("keyID", req.getParameter(IN_SERIALNO));
+                    params.put("keyID", req.getParameter(IN_SERIALNO));
 
-                header.addStringValue("recoveryID", recoveryID);
+                    header.addStringValue("recoveryID", recoveryID);
 
-                params.put("agent", agent);
+                    params.put("agent", agent);
 
-                // new thread to wait for pk12
-                Thread waitThread = new WaitApprovalThread(recoveryID,
-                        seq, password, x509cert, delivery, nickname,
-                        SessionContext.getContext());
+                    // new thread to wait for pk12
+                    Thread waitThread = new WaitApprovalThread(recoveryID,
+                            seq, password, x509cert, delivery, nickname,
+                            SessionContext.getContext());
 
-                waitThread.start();
-                return null;
-            } else {
-                Vector v = new Vector();
-
-                for (int i = 0; i < mService.getNoOfRequiredAgents(); i++) {
-                    String uid = req.getParameter(IN_UID + i);
-                    String pwd = req.getParameter(IN_PWD + i);
-
-                    if (uid != null && pwd != null && !uid.equals("") &&
-                        !pwd.equals("")) {
-                        v.addElement(new Credential(uid, pwd));
-                    } else {
+                    waitThread.start();
+                    return null;
+                } else {
+                    Vector v = new Vector();
+
+                    for (int i = 0; i < mService.getNoOfRequiredAgents(); i++) {
+                        String uid = req.getParameter(IN_UID + i);
+                        String pwd = req.getParameter(IN_PWD + i);
+
+                        if (uid != null && pwd != null && !uid.equals("") &&
+                                !pwd.equals("")) {
+                            v.addElement(new Credential(uid, pwd));
+                        } else {
+                            header.addStringValue(OUT_ERROR, "Uid(s) or password(s) are not provided");
+                            return null;
+                        }
+                    }
+                    if (v.size() != mService.getNoOfRequiredAgents()) {
                         header.addStringValue(OUT_ERROR, "Uid(s) or password(s) are not provided");
                         return null;
                     }
+                    creds = new Credential[v.size()];
+                    v.copyInto(creds);
                 }
-                if (v.size() != mService.getNoOfRequiredAgents()) {
-                    header.addStringValue(OUT_ERROR, "Uid(s) or password(s) are not provided");
-                    return null;
-                }
-                creds = new Credential[v.size()];
-                v.copyInto(creds);
-            }
 
-            header.addStringValue(OUT_OP,
-                req.getParameter(OUT_OP));
-            header.addIntegerValue(OUT_SERIALNO, 
-                Integer.parseInt(seq));
-            header.addStringValue(OUT_SERVICE_URL,
-                req.getRequestURI());
-            byte pkcs12[] = mService.doKeyRecovery(
-                    new BigInteger(seq),
-                    creds, password, x509cert,	
-                    delivery, nickname, agent);
-
-            return pkcs12;
-          } else {
+                header.addStringValue(OUT_OP,
+                        req.getParameter(OUT_OP));
+                header.addIntegerValue(OUT_SERIALNO,
+                        Integer.parseInt(seq));
+                header.addStringValue(OUT_SERVICE_URL,
+                        req.getRequestURI());
+                byte pkcs12[] = mService.doKeyRecovery(
+                        new BigInteger(seq),
+                        creds, password, x509cert,
+                        delivery, nickname, agent);
+
+                return pkcs12;
+            } else {
                 String recoveryID = req.getParameter("recoveryID");
 
                 if (recoveryID == null || recoveryID.equals("")) {
@@ -440,7 +432,7 @@ public class RecoverBySerial extends CMSServlet {
 
                 waitThread.start();
                 return null;
-          }
+            }
         } catch (EBaseException e) {
             header.addStringValue(OUT_ERROR, e.toString(locale));
         } catch (Exception e) {
@@ -450,8 +442,8 @@ public class RecoverBySerial extends CMSServlet {
     }
 
     /**
-     * Wait approval thread. Wait for recovery agents' approval
-     * exit when required number of approval received
+     * Wait approval thread. Wait for recovery agents' approval exit when
+     * required number of approval received
      */
     final class WaitApprovalThread extends Thread {
         String theRecoveryID = null;
@@ -462,24 +454,24 @@ public class RecoverBySerial extends CMSServlet {
         String theNickname = null;
         SessionContext theSc = null;
 
-        /** 
+        /**
          * Wait approval thread constructor including thread name
          */
         public WaitApprovalThread(String recoveryID, String seq,
-            String password, X509CertImpl cert,
-            String delivery, String nickname, SessionContext sc) {
+                String password, X509CertImpl cert,
+                String delivery, String nickname, SessionContext sc) {
             super();
-            super.setName("waitApproval." + recoveryID + "-" + 
-                (Thread.activeCount() + 1));
+            super.setName("waitApproval." + recoveryID + "-" +
+                    (Thread.activeCount() + 1));
             theRecoveryID = recoveryID;
             theSeq = seq;
             thePassword = password;
             theCert = cert;
             theDelivery = delivery;
             theNickname = nickname;
-            theSc = sc;    
+            theSc = sc;
         }
-        
+
         public void run() {
             SessionContext.setContext(theSc);
             Credential creds[] = null;
@@ -487,17 +479,17 @@ public class RecoverBySerial extends CMSServlet {
             try {
                 creds = mService.getDistributedCredentials(theRecoveryID);
             } catch (EBaseException e) {
-                String error = 
-                    "Failed to get required approvals for recovery id " +
-                    theRecoveryID + ".\nException: " + e.toString();
+                String error =
+                        "Failed to get required approvals for recovery id " +
+                                theRecoveryID + ".\nException: " + e.toString();
 
                 CMS.getLogger().log(ILogger.EV_SYSTEM,
-                    ILogger.S_KRA, ILogger.LL_FAILURE, error);
+                        ILogger.S_KRA, ILogger.LL_FAILURE, error);
                 try {
                     ((IKeyRecoveryAuthority) mService).createError(theRecoveryID, error);
                 } catch (EBaseException eb) {
                     CMS.getLogger().log(ILogger.EV_SYSTEM,
-                        ILogger.S_KRA, ILogger.LL_FAILURE, eb.toString());
+                            ILogger.S_KRA, ILogger.LL_FAILURE, eb.toString());
                 }
                 return;
             }
@@ -514,16 +506,16 @@ public class RecoverBySerial extends CMSServlet {
                 ((IKeyRecoveryAuthority) mService).createPk12(theRecoveryID, pkcs12);
             } catch (EBaseException e) {
                 String error =
-                    "Failed to recover key for recovery id " +
-                    theRecoveryID + ".\nException: " + e.toString();
+                        "Failed to recover key for recovery id " +
+                                theRecoveryID + ".\nException: " + e.toString();
 
                 CMS.getLogger().log(ILogger.EV_SYSTEM,
-                    ILogger.S_KRA, ILogger.LL_FAILURE, error);
+                        ILogger.S_KRA, ILogger.LL_FAILURE, error);
                 try {
                     ((IKeyRecoveryAuthority) mService).createError(theRecoveryID, error);
                 } catch (EBaseException eb) {
                     CMS.getLogger().log(ILogger.EV_SYSTEM,
-                        ILogger.S_KRA, ILogger.LL_FAILURE, eb.toString());
+                            ILogger.S_KRA, ILogger.LL_FAILURE, eb.toString());
                 }
             }
             return;
@@ -531,4 +523,3 @@ public class RecoverBySerial extends CMSServlet {
     }
 
 }
-
diff --git a/pki/base/common/src/com/netscape/cms/servlet/key/SrchKey.java b/pki/base/common/src/com/netscape/cms/servlet/key/SrchKey.java
index c0fdd02e..80eaf9a8 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/key/SrchKey.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/key/SrchKey.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.servlet.key;
 
-
 import java.io.IOException;
 import java.util.Enumeration;
 import java.util.Locale;
@@ -48,7 +47,7 @@ import com.netscape.cms.servlet.common.ECMSGWException;
 
 /**
  * Retrieve archived keys matching search criteria
- *
+ * 
  * @version $Revision$, $Date$
  */
 public class SrchKey extends CMSServlet {
@@ -74,7 +73,7 @@ public class SrchKey extends CMSServlet {
     private final static String OUT_ERROR = "errorDetails";
     private final static String OUT_ARCHIVER = "archiverName";
     private final static String OUT_SERVICE_URL = "serviceURL";
-    private final static String OUT_TOTAL_COUNT = "totalRecordCount"; 
+    private final static String OUT_TOTAL_COUNT = "totalRecordCount";
     private final static String OUT_TEMPLATE = "templateName";
 
     private IKeyRepository mKeyDB = null;
@@ -93,20 +92,21 @@ public class SrchKey extends CMSServlet {
     /**
      * initialize the servlet. This servlet uses the template file
      * "srchKey.template" to process the response.
-     *
+     * 
      * @param sc servlet configuration, read from the web.xml file
      */
     public void init(ServletConfig sc) throws ServletException {
         super.init(sc);
         mFormPath = "/" + mAuthority.getId() + "/" + TPL_FILE;
 
-		/* maxReturns doesn't seem to do anything useful in this
-           servlet!!! */
+        /*
+         * maxReturns doesn't seem to do anything useful in this servlet!!!
+         */
         try {
             String tmp =
-                sc.getInitParameter(PROP_MAX_SEARCH_RETURNS);
+                    sc.getInitParameter(PROP_MAX_SEARCH_RETURNS);
 
-            if (tmp == null)	
+            if (tmp == null)
                 mMaxReturns = 100;
             else
                 mMaxReturns = Integer.parseInt(tmp);
@@ -132,20 +132,20 @@ public class SrchKey extends CMSServlet {
     /**
      * Returns serlvet information.
      */
-    public String getServletInfo() { 
-        return INFO; 
+    public String getServletInfo() {
+        return INFO;
     }
 
     /**
      * Process the HTTP request.
      * <ul>
-     * <li>http.param maxCount      maximum number of matches to show in result
-     * <li>http.param maxResults    maximum number of matches to run in ldapsearch
-     * <li>http.param queryFilter   ldap-style filter to search with
+     * <li>http.param maxCount maximum number of matches to show in result
+     * <li>http.param maxResults maximum number of matches to run in ldapsearch
+     * <li>http.param queryFilter ldap-style filter to search with
      * <li>http.param querySentinel ID of first request to show
-     * <li>http.param timeLimit     number of seconds to limit ldap search to
+     * <li>http.param timeLimit number of seconds to limit ldap search to
      * </ul>
-     *
+     * 
      * @param cmsReq the object holding the request and response information
      */
     public void process(CMSRequest cmsReq) throws EBaseException {
@@ -162,10 +162,10 @@ public class SrchKey extends CMSServlet {
                         mAuthzResourceName, "list");
         } catch (EAuthzAccessDenied e) {
             log(ILogger.LL_FAILURE,
-                CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+                    CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
         } catch (Exception e) {
             log(ILogger.LL_FAILURE,
-                CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+                    CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
         }
 
         if (authzToken == null) {
@@ -180,9 +180,9 @@ public class SrchKey extends CMSServlet {
             form = getTemplate(mFormPath, req, locale);
         } catch (IOException e) {
             log(ILogger.LL_FAILURE,
-                CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString()));
+                    CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString()));
             throw new ECMSGWException(
-              CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
+                    CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
         }
 
         // process query if authentication is successful
@@ -213,11 +213,11 @@ public class SrchKey extends CMSServlet {
             if (timeLimitStr != null && timeLimitStr.length() > 0)
                 timeLimit = Integer.parseInt(timeLimitStr);
             process(argSet, header, ctx, maxCount, maxResults,
-                timeLimit, sentinel,
-                req.getParameter(IN_FILTER), req, resp, locale[0]);
+                    timeLimit, sentinel,
+                    req.getParameter(IN_FILTER), req, resp, locale[0]);
         } catch (NumberFormatException e) {
             header.addStringValue(OUT_ERROR,
-                CMS.getUserMessage(locale[0], "CMS_BASE_INTERNAL_ERROR", e.toString()));
+                    CMS.getUserMessage(locale[0], "CMS_BASE_INTERNAL_ERROR", e.toString()));
         }
 
         try {
@@ -227,9 +227,9 @@ public class SrchKey extends CMSServlet {
             form.renderOutput(out, argSet);
         } catch (IOException e) {
             log(ILogger.LL_FAILURE,
-                CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString()));
+                    CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString()));
             throw new ECMSGWException(
-              CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
+                    CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
         }
         cmsReq.setStatus(CMSRequest.SUCCESS);
     }
@@ -238,53 +238,53 @@ public class SrchKey extends CMSServlet {
      * Process the key search.
      */
     private void process(CMSTemplateParams argSet,
-        IArgBlock header, IArgBlock ctx, 
-        int maxCount, int maxResults, int timeLimit, int sentinel, String filter, 
-        HttpServletRequest req, HttpServletResponse resp, Locale locale) {
+            IArgBlock header, IArgBlock ctx,
+            int maxCount, int maxResults, int timeLimit, int sentinel, String filter,
+            HttpServletRequest req, HttpServletResponse resp, Locale locale) {
 
         try {
             // Fill header
-            header.addStringValue(OUT_OP, 
-                req.getParameter(OUT_OP));
+            header.addStringValue(OUT_OP,
+                    req.getParameter(OUT_OP));
             header.addStringValue(OUT_ARCHIVER,
-                mAuthName.toString());
+                    mAuthName.toString());
             // STRANGE: IE does not like the following:
-            //      header.addStringValue(OUT_SERVICE_URL,
-            //	req.getRequestURI());
+            // header.addStringValue(OUT_SERVICE_URL,
+            // req.getRequestURI());
             // XXX
             header.addStringValue(OUT_SERVICE_URL,
-                "/kra?");
+                    "/kra?");
             header.addStringValue(OUT_TEMPLATE,
-                TPL_FILE);
+                    TPL_FILE);
             header.addStringValue(OUT_FILTER,
-                filter);
+                    filter);
 
             if (timeLimit == -1 || timeLimit > mTimeLimits) {
                 CMS.debug("Resetting timelimit from " + timeLimit + " to " + mTimeLimits);
                 timeLimit = mTimeLimits;
             }
             CMS.debug("Start searching ... timelimit=" + timeLimit);
-            Enumeration e = mKeyDB.searchKeys(filter, 
+            Enumeration e = mKeyDB.searchKeys(filter,
                     maxResults, timeLimit);
             int count = 0;
 
             if (e == null) {
-                header.addStringValue(OUT_SENTINEL, 	
-                    null);
+                header.addStringValue(OUT_SENTINEL,
+                        null);
             } else {
                 while (e.hasMoreElements()) {
                     IKeyRecord rec = (IKeyRecord)
-                        e.nextElement();
+                            e.nextElement();
                     // rec is null when we specify maxResults
                     // DS will return an err=4, which triggers
                     // a LDAPException.SIZE_LIMIT_ExCEEDED
                     // in DSSearchResults.java
                     if (rec != null) {
-                      IArgBlock rarg = CMS.createArgBlock();
+                        IArgBlock rarg = CMS.createArgBlock();
 
-                      KeyRecordParser.fillRecordIntoArg(rec, rarg);
-                      argSet.addRepeatRecord(rarg);
-                      count++;
+                        KeyRecordParser.fillRecordIntoArg(rec, rarg);
+                        argSet.addRepeatRecord(rarg);
+                        count++;
                     }
                 }
             }
diff --git a/pki/base/common/src/com/netscape/cms/servlet/key/SrchKeyForRecovery.java b/pki/base/common/src/com/netscape/cms/servlet/key/SrchKeyForRecovery.java
index 56a1817e..bd9e64aa 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/key/SrchKeyForRecovery.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/key/SrchKeyForRecovery.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.servlet.key;
 
-
 import java.io.IOException;
 import java.util.Enumeration;
 import java.util.Locale;
@@ -48,8 +47,8 @@ import com.netscape.cms.servlet.common.ECMSGWException;
 
 /**
  * Retrieve archived keys matching given public key material
- *
- *
+ * 
+ * 
  * @version $Revision$, $Date$
  */
 public class SrchKeyForRecovery extends CMSServlet {
@@ -75,7 +74,7 @@ public class SrchKeyForRecovery extends CMSServlet {
     private final static String OUT_ERROR = "errorDetails";
     private final static String OUT_ARCHIVER = "archiverName";
     private final static String OUT_SERVICE_URL = "serviceURL";
-    private final static String OUT_TOTAL_COUNT = "totalRecordCount"; 
+    private final static String OUT_TOTAL_COUNT = "totalRecordCount";
     private final static String OUT_TEMPLATE = "templateName";
 
     private IKeyRepository mKeyDB = null;
@@ -94,7 +93,7 @@ public class SrchKeyForRecovery extends CMSServlet {
     /**
      * initialize the servlet. This servlet uses the template file
      * "srchKeyForRecovery.template" to process the response.
-     *
+     * 
      * @param sc servlet configuration, read from the web.xml file
      */
     public void init(ServletConfig sc) throws ServletException {
@@ -103,9 +102,9 @@ public class SrchKeyForRecovery extends CMSServlet {
 
         try {
             String tmp =
-                sc.getInitParameter(PROP_MAX_SEARCH_RETURNS);
+                    sc.getInitParameter(PROP_MAX_SEARCH_RETURNS);
 
-            if (tmp == null)	
+            if (tmp == null)
                 mMaxReturns = 100;
             else
                 mMaxReturns = Integer.parseInt(tmp);
@@ -131,20 +130,20 @@ public class SrchKeyForRecovery extends CMSServlet {
     /**
      * Returns serlvet information.
      */
-    public String getServletInfo() { 
-        return INFO; 
+    public String getServletInfo() {
+        return INFO;
     }
 
     /**
      * Process the HTTP request.
      * <ul>
-     * <li>http.param maxCount      maximum number of matches to show in result
-     * <li>http.param maxResults    maximum number of matches to run in ldapsearch
+     * <li>http.param maxCount maximum number of matches to show in result
+     * <li>http.param maxResults maximum number of matches to run in ldapsearch
      * <li>http.param publicKeyData public key data to search on
      * <li>http.param querySentinel ID of first request to show
-     * <li>http.param timeLimit     number of seconds to limit ldap search to
+     * <li>http.param timeLimit number of seconds to limit ldap search to
      * </ul>
-     *
+     * 
      * @param cmsReq the object holding the request and response information
      */
 
@@ -161,10 +160,10 @@ public class SrchKeyForRecovery extends CMSServlet {
                         mAuthzResourceName, "list");
         } catch (EAuthzAccessDenied e) {
             log(ILogger.LL_FAILURE,
-                CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+                    CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
         } catch (Exception e) {
             log(ILogger.LL_FAILURE,
-                CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+                    CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
         }
 
         if (authzToken == null) {
@@ -179,11 +178,11 @@ public class SrchKeyForRecovery extends CMSServlet {
             form = getTemplate(mFormPath, req, locale);
         } catch (IOException e) {
             log(ILogger.LL_FAILURE,
-                CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString()));
+                    CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString()));
             throw new ECMSGWException(
-              CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
+                    CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
         }
-		
+
         // process query if authentication is successful
         IArgBlock header = CMS.createArgBlock();
         IArgBlock ctx = CMS.createArgBlock();
@@ -213,29 +212,28 @@ public class SrchKeyForRecovery extends CMSServlet {
             if (timeLimitStr != null && timeLimitStr.length() > 0)
                 timeLimit = Integer.parseInt(timeLimitStr);
             process(argSet, header, ctx, maxCount, maxResults, timeLimit, sentinel,
-                req.getParameter("publicKeyData"), req.getParameter(IN_FILTER), req, resp, locale[0]);
+                    req.getParameter("publicKeyData"), req.getParameter(IN_FILTER), req, resp, locale[0]);
         } catch (NumberFormatException e) {
-            log(ILogger.LL_FAILURE, 
-                CMS.getLogMessage("BASE_INVALID_NUMBER_FORMAT"));
+            log(ILogger.LL_FAILURE,
+                    CMS.getLogMessage("BASE_INVALID_NUMBER_FORMAT"));
             error = new EBaseException(CMS.getUserMessage(getLocale(req), "CMS_BASE_INVALID_NUMBER_FORMAT"));
         }
 
         /*
-         catch (Exception e) {
-         error = new EBaseException(BaseResources.INTERNAL_ERROR_1, e);
-         }
+         * catch (Exception e) { error = new
+         * EBaseException(BaseResources.INTERNAL_ERROR_1, e); }
          */
 
         try {
             if (error == null) {
                 String xmlOutput = req.getParameter("xml");
                 if (xmlOutput != null && xmlOutput.equals("true")) {
-                  outputXML(resp, argSet);
+                    outputXML(resp, argSet);
                 } else {
-                  ServletOutputStream out = resp.getOutputStream();
-                  resp.setContentType("text/html");
-                  form.renderOutput(out, argSet);
-                  cmsReq.setStatus(CMSRequest.SUCCESS);
+                    ServletOutputStream out = resp.getOutputStream();
+                    resp.setContentType("text/html");
+                    form.renderOutput(out, argSet);
+                    cmsReq.setStatus(CMSRequest.SUCCESS);
                 }
             } else {
                 cmsReq.setStatus(CMSRequest.ERROR);
@@ -243,9 +241,9 @@ public class SrchKeyForRecovery extends CMSServlet {
             }
         } catch (IOException e) {
             log(ILogger.LL_FAILURE,
-                CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString()));
+                    CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString()));
             throw new ECMSGWException(
-              CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
+                    CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
         }
     }
 
@@ -253,31 +251,31 @@ public class SrchKeyForRecovery extends CMSServlet {
      * Process the key search.
      */
     private void process(CMSTemplateParams argSet,
-        IArgBlock header, IArgBlock ctx, 
-        int maxCount, int maxResults, int timeLimit, int sentinel, String publicKeyData,
-        String filter, 
-        HttpServletRequest req, HttpServletResponse resp, Locale locale) 
-        throws EBaseException {
+            IArgBlock header, IArgBlock ctx,
+            int maxCount, int maxResults, int timeLimit, int sentinel, String publicKeyData,
+            String filter,
+            HttpServletRequest req, HttpServletResponse resp, Locale locale)
+            throws EBaseException {
 
         try {
             // Fill header
-            header.addStringValue(OUT_OP, 
-                req.getParameter(OUT_OP));
+            header.addStringValue(OUT_OP,
+                    req.getParameter(OUT_OP));
             header.addStringValue(OUT_ARCHIVER,
-                mAuthName.toString());
+                    mAuthName.toString());
             // STRANGE: IE does not like the following:
-            //      header.addStringValue(OUT_SERVICE_URL,
-            //	req.getRequestURI());
+            // header.addStringValue(OUT_SERVICE_URL,
+            // req.getRequestURI());
             // XXX
             header.addStringValue(OUT_SERVICE_URL,
-                "/kra?");
+                    "/kra?");
             header.addStringValue(OUT_TEMPLATE,
-                TPL_FILE);
+                    TPL_FILE);
             header.addStringValue(OUT_FILTER,
-                filter);
+                    filter);
             if (publicKeyData != null) {
                 header.addStringValue("publicKeyData",
-                    publicKeyData);
+                        publicKeyData);
             }
 
             if (timeLimit == -1 || timeLimit > mTimeLimits) {
@@ -290,21 +288,21 @@ public class SrchKeyForRecovery extends CMSServlet {
 
             if (e == null) {
                 header.addStringValue(OUT_SENTINEL,
-                    null);
+                        null);
             } else {
                 while (e.hasMoreElements()) {
                     IKeyRecord rec = (IKeyRecord)
-                        e.nextElement();
+                            e.nextElement();
                     // rec is null when we specify maxResults
                     // DS will return an err=4, which triggers
-                    // a LDAPException.SIZE_LIMIT_ExCEEDED 
+                    // a LDAPException.SIZE_LIMIT_ExCEEDED
                     // in DSSearchResults.java
                     if (rec != null) {
-                      IArgBlock rarg = CMS.createArgBlock();
+                        IArgBlock rarg = CMS.createArgBlock();
 
-                      KeyRecordParser.fillRecordIntoArg(rec, rarg);
-                      argSet.addRepeatRecord(rarg);
-                      count++;
+                        KeyRecordParser.fillRecordIntoArg(rec, rarg);
+                        argSet.addRepeatRecord(rarg);
+                        count++;
                     }
                 }
             }
diff --git a/pki/base/common/src/com/netscape/cms/servlet/ocsp/AddCAServlet.java b/pki/base/common/src/com/netscape/cms/servlet/ocsp/AddCAServlet.java
index c365d0f8..59303f6e 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/ocsp/AddCAServlet.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/ocsp/AddCAServlet.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.servlet.ocsp;
 
-
 import java.io.IOException;
 import java.math.BigInteger;
 import java.security.cert.X509Certificate;
@@ -46,22 +45,21 @@ import com.netscape.cms.servlet.common.CMSTemplateParams;
 import com.netscape.cms.servlet.common.ECMSGWException;
 import com.netscape.cmsutil.util.Cert;
 
-
 /**
  * Configure the CA to respond to OCSP requests for a CA
- *
+ * 
  * @version $Revision$ $Date$
  */
 public class AddCAServlet extends CMSServlet {
-	
+
     /**
      *
      */
     private static final long serialVersionUID = 1065151608542115340L;
     public static final String BEGIN_HEADER =
-        "-----BEGIN CERTIFICATE-----";
+            "-----BEGIN CERTIFICATE-----";
     public static final String END_HEADER =
-        "-----END CERTIFICATE-----";
+            "-----END CERTIFICATE-----";
 
     public static final BigInteger BIG_ZERO = new BigInteger("0");
     public static final Long MINUS_ONE = Long.valueOf(-1);
@@ -71,9 +69,9 @@ public class AddCAServlet extends CMSServlet {
     private IOCSPAuthority mOCSPAuthority = null;
 
     private final static String LOGGING_SIGNED_AUDIT_OCSP_ADD_CA_REQUEST =
-        "LOGGING_SIGNED_AUDIT_OCSP_ADD_CA_REQUEST_3";
+            "LOGGING_SIGNED_AUDIT_OCSP_ADD_CA_REQUEST_3";
     private final static String LOGGING_SIGNED_AUDIT_OCSP_ADD_CA_REQUEST_PROCESSED =
-        "LOGGING_SIGNED_AUDIT_OCSP_ADD_CA_REQUEST_PROCESSED_3";
+            "LOGGING_SIGNED_AUDIT_OCSP_ADD_CA_REQUEST_PROCESSED_3";
 
     public AddCAServlet() {
         super();
@@ -82,7 +80,7 @@ public class AddCAServlet extends CMSServlet {
     /**
      * initialize the servlet. This servlet uses the template file
      * "addCA.template" to process the response.
-     *
+     * 
      * @param sc servlet configuration, read from the web.xml file
      */
     public void init(ServletConfig sc) throws ServletException {
@@ -100,19 +98,19 @@ public class AddCAServlet extends CMSServlet {
     /**
      * Process the HTTP request.
      * <ul>
-     * <li>http.param cert ca certificate. The format is base-64, DER
-     *    encoded, wrapped with -----BEGIN CERTIFICATE-----, 
-     *    -----END CERTIFICATE----- strings 
-     * <li>signed.audit LOGGING_SIGNED_AUDIT_OCSP_ADD_CA_REQUEST used when
-     * a CA is attempted to be added to the OCSP responder
-     * <li>signed.audit LOGGING_SIGNED_AUDIT_OCSP_ADD_CA_REQUEST_PROCESSED
-     * used when an add CA request to the OCSP Responder is processed
+     * <li>http.param cert ca certificate. The format is base-64, DER encoded,
+     * wrapped with -----BEGIN CERTIFICATE-----, -----END CERTIFICATE-----
+     * strings
+     * <li>signed.audit LOGGING_SIGNED_AUDIT_OCSP_ADD_CA_REQUEST used when a CA
+     * is attempted to be added to the OCSP responder
+     * <li>signed.audit LOGGING_SIGNED_AUDIT_OCSP_ADD_CA_REQUEST_PROCESSED used
+     * when an add CA request to the OCSP Responder is processed
      * </ul>
-     *
+     * 
      * @param cmsReq the object holding the request and response information
      */
     protected void process(CMSRequest cmsReq)
-        throws EBaseException {
+            throws EBaseException {
         HttpServletRequest req = cmsReq.getHttpReq();
         HttpServletResponse resp = cmsReq.getHttpResp();
         String auditMessage = null;
@@ -143,9 +141,9 @@ public class AddCAServlet extends CMSServlet {
             form = getTemplate(mFormPath, req, locale);
         } catch (IOException e) {
             log(ILogger.LL_FAILURE,
-                CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString()));
+                    CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString()));
             throw new ECMSGWException(
-              CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
+                    CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
         }
 
         IArgBlock header = CMS.createArgBlock();
@@ -153,10 +151,10 @@ public class AddCAServlet extends CMSServlet {
         CMSTemplateParams argSet = new CMSTemplateParams(header, fixed);
 
         if (auditSubjectID.equals(ILogger.NONROLEUSER) ||
-               auditSubjectID.equals(ILogger.UNIDENTIFIED))  {
+                auditSubjectID.equals(ILogger.UNIDENTIFIED)) {
             String uid = authToken.getInString(IAuthToken.USER_ID);
             if (uid != null) {
-                CMS.debug("AddCAServlet: auditSubjectID set to "+uid);
+                CMS.debug("AddCAServlet: auditSubjectID set to " + uid);
                 auditSubjectID = uid;
             }
         }
@@ -164,12 +162,12 @@ public class AddCAServlet extends CMSServlet {
 
         if (b64 == null) {
             auditMessage = CMS.getLogMessage(
-                LOGGING_SIGNED_AUDIT_OCSP_ADD_CA_REQUEST,
-                auditSubjectID,
-                ILogger.FAILURE,
-                ILogger.SIGNED_AUDIT_EMPTY_VALUE);
+                    LOGGING_SIGNED_AUDIT_OCSP_ADD_CA_REQUEST,
+                    auditSubjectID,
+                    ILogger.FAILURE,
+                    ILogger.SIGNED_AUDIT_EMPTY_VALUE);
 
-            audit( auditMessage );
+            audit(auditMessage);
 
             throw new ECMSGWException(CMS.getUserMessage(getLocale(req), "CMS_GW_MISSING_CA_CERT"));
         }
@@ -177,32 +175,32 @@ public class AddCAServlet extends CMSServlet {
         auditCA = Cert.normalizeCertStr(Cert.stripCertBrackets(b64.trim()));
         // record the fact that a request to add CA is made
         auditMessage = CMS.getLogMessage(
-            LOGGING_SIGNED_AUDIT_OCSP_ADD_CA_REQUEST,
-            auditSubjectID,
-            ILogger.SUCCESS,
-            auditCA);
+                LOGGING_SIGNED_AUDIT_OCSP_ADD_CA_REQUEST,
+                auditSubjectID,
+                ILogger.SUCCESS,
+                auditCA);
 
-        audit( auditMessage );
+        audit(auditMessage);
 
         if (b64.indexOf(BEGIN_HEADER) == -1) {
             auditMessage = CMS.getLogMessage(
-                LOGGING_SIGNED_AUDIT_OCSP_ADD_CA_REQUEST_PROCESSED,
-                auditSubjectID,
-                ILogger.FAILURE,
-                auditCASubjectDN);
+                    LOGGING_SIGNED_AUDIT_OCSP_ADD_CA_REQUEST_PROCESSED,
+                    auditSubjectID,
+                    ILogger.FAILURE,
+                    auditCASubjectDN);
 
-            audit( auditMessage );
+            audit(auditMessage);
 
             throw new ECMSGWException(CMS.getUserMessage(getLocale(req), "CMS_GW_MISSING_CERT_HEADER"));
         }
         if (b64.indexOf(END_HEADER) == -1) {
             auditMessage = CMS.getLogMessage(
-                LOGGING_SIGNED_AUDIT_OCSP_ADD_CA_REQUEST_PROCESSED,
-                auditSubjectID,
-                ILogger.FAILURE,
-                auditCASubjectDN);
+                    LOGGING_SIGNED_AUDIT_OCSP_ADD_CA_REQUEST_PROCESSED,
+                    auditSubjectID,
+                    ILogger.FAILURE,
+                    auditCASubjectDN);
 
-            audit( auditMessage );
+            audit(auditMessage);
 
             throw new ECMSGWException(CMS.getUserMessage(getLocale(req), "CMS_GW_MISSING_CERT_FOOTER"));
         }
@@ -215,17 +213,17 @@ public class AddCAServlet extends CMSServlet {
         try {
             X509Certificate cert = Cert.mapCert(b64);
 
-            if( cert == null ) {
-                CMS.debug( "AddCAServlet::process() - cert is null!" );
+            if (cert == null) {
+                CMS.debug("AddCAServlet::process() - cert is null!");
                 auditMessage = CMS.getLogMessage(
-                    LOGGING_SIGNED_AUDIT_OCSP_ADD_CA_REQUEST_PROCESSED,
-                    auditSubjectID,
-                    ILogger.FAILURE,
-                    auditCASubjectDN);
+                        LOGGING_SIGNED_AUDIT_OCSP_ADD_CA_REQUEST_PROCESSED,
+                        auditSubjectID,
+                        ILogger.FAILURE,
+                        auditCASubjectDN);
 
-                audit( auditMessage );
+                audit(auditMessage);
 
-                throw new EBaseException( "cert is null" );
+                throw new EBaseException("cert is null");
             } else {
                 certs = new X509Certificate[1];
             }
@@ -247,15 +245,15 @@ public class AddCAServlet extends CMSServlet {
                 auditCASubjectDN = leafCert.getSubjectDN().getName();
             } catch (Exception e) {
                 auditMessage = CMS.getLogMessage(
-                    LOGGING_SIGNED_AUDIT_OCSP_ADD_CA_REQUEST_PROCESSED,
-                    auditSubjectID,
-                    ILogger.FAILURE,
-                    auditCASubjectDN);
+                        LOGGING_SIGNED_AUDIT_OCSP_ADD_CA_REQUEST_PROCESSED,
+                        auditSubjectID,
+                        ILogger.FAILURE,
+                        auditCASubjectDN);
 
-                audit( auditMessage );
+                audit(auditMessage);
 
                 throw new ECMSGWException(
-                  CMS.getUserMessage("CMS_GW_ENCODING_CA_CHAIN_ERROR"));
+                        CMS.getUserMessage("CMS_GW_ENCODING_CA_CHAIN_ERROR"));
             }
         }
         if (certs != null && certs.length > 0) {
@@ -264,32 +262,32 @@ public class AddCAServlet extends CMSServlet {
             // (2) store certificate (and certificate chain) into
             // database
             ICRLIssuingPointRecord rec = defStore.createCRLIssuingPointRecord(
-                    leafCert.getSubjectDN().getName(),  
-                    BIG_ZERO, 
+                    leafCert.getSubjectDN().getName(),
+                    BIG_ZERO,
                     MINUS_ONE, null, null);
 
             try {
                 rec.set(ICRLIssuingPointRecord.ATTR_CA_CERT, leafCert.getEncoded());
             } catch (Exception e) {
                 auditMessage = CMS.getLogMessage(
-                    LOGGING_SIGNED_AUDIT_OCSP_ADD_CA_REQUEST_PROCESSED,
-                    auditSubjectID,
-                    ILogger.FAILURE,
-                    auditCASubjectDN);
+                        LOGGING_SIGNED_AUDIT_OCSP_ADD_CA_REQUEST_PROCESSED,
+                        auditSubjectID,
+                        ILogger.FAILURE,
+                        auditCASubjectDN);
 
-                audit( auditMessage );
+                audit(auditMessage);
 
                 // error
             }
             defStore.addCRLIssuingPoint(leafCert.getSubjectDN().getName(), rec);
             log(ILogger.EV_AUDIT, AuditFormat.LEVEL, "Added CA certificate " + leafCert.getSubjectDN().getName());
             auditMessage = CMS.getLogMessage(
-                LOGGING_SIGNED_AUDIT_OCSP_ADD_CA_REQUEST_PROCESSED,
-                auditSubjectID,
-                ILogger.SUCCESS,
-                auditCASubjectDN);
+                    LOGGING_SIGNED_AUDIT_OCSP_ADD_CA_REQUEST_PROCESSED,
+                    auditSubjectID,
+                    ILogger.SUCCESS,
+                    auditCASubjectDN);
 
-            audit( auditMessage );
+            audit(auditMessage);
         }
 
         try {
@@ -297,18 +295,18 @@ public class AddCAServlet extends CMSServlet {
             String error = null;
 
             String xmlOutput = req.getParameter("xml");
-			if (xmlOutput != null && xmlOutput.equals("true")) {
-			  outputXML(resp, argSet);
-			} else {
-			  resp.setContentType("text/html");
-			  form.renderOutput(out, argSet);
-			  cmsReq.setStatus(CMSRequest.SUCCESS);
-			}
+            if (xmlOutput != null && xmlOutput.equals("true")) {
+                outputXML(resp, argSet);
+            } else {
+                resp.setContentType("text/html");
+                form.renderOutput(out, argSet);
+                cmsReq.setStatus(CMSRequest.SUCCESS);
+            }
         } catch (IOException e) {
             log(ILogger.LL_FAILURE,
-                CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString()));
+                    CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString()));
             throw new ECMSGWException(
-              CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
+                    CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
         }
     }
 }
diff --git a/pki/base/common/src/com/netscape/cms/servlet/ocsp/AddCRLServlet.java b/pki/base/common/src/com/netscape/cms/servlet/ocsp/AddCRLServlet.java
index 029d396b..6273c8e7 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/ocsp/AddCRLServlet.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/ocsp/AddCRLServlet.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.servlet.ocsp;
 
-
 import java.io.IOException;
 import java.math.BigInteger;
 import java.security.cert.CRLException;
@@ -55,10 +54,9 @@ import com.netscape.cms.servlet.common.CMSTemplateParams;
 import com.netscape.cms.servlet.common.ECMSGWException;
 import com.netscape.cmsutil.util.Cert;
 
-
 /**
  * Update the OCSP responder with a new CRL
- *
+ * 
  * @version $Revision$ $Date$
  */
 public class AddCRLServlet extends CMSServlet {
@@ -68,18 +66,18 @@ public class AddCRLServlet extends CMSServlet {
      */
     private static final long serialVersionUID = 1476080474638590902L;
     public static final String BEGIN_HEADER =
-        "-----BEGIN CERTIFICATE REVOCATION LIST-----";
+            "-----BEGIN CERTIFICATE REVOCATION LIST-----";
     public static final String END_HEADER =
-        "-----END CERTIFICATE REVOCATION LIST-----";
+            "-----END CERTIFICATE REVOCATION LIST-----";
 
     private final static String TPL_FILE = "addCRL.template";
     private String mFormPath = null;
     private IOCSPAuthority mOCSPAuthority = null;
 
     private final static String LOGGING_SIGNED_AUDIT_CRL_RETRIEVAL =
-        "LOGGING_SIGNED_AUDIT_CRL_RETRIEVAL_3";
+            "LOGGING_SIGNED_AUDIT_CRL_RETRIEVAL_3";
     private final static String LOGGING_SIGNED_AUDIT_CRL_VALIDATION =
-        "LOGGING_SIGNED_AUDIT_CRL_VALIDATION_2";
+            "LOGGING_SIGNED_AUDIT_CRL_VALIDATION_2";
 
     public AddCRLServlet() {
         super();
@@ -88,7 +86,7 @@ public class AddCRLServlet extends CMSServlet {
     /**
      * initialize the servlet. This servlet uses the template file
      * "addCRL.template" to process the response.
-     *
+     * 
      * @param sc servlet configuration, read from the web.xml file
      */
     public void init(ServletConfig sc) throws ServletException {
@@ -105,31 +103,32 @@ public class AddCRLServlet extends CMSServlet {
     /**
      * Process the HTTP request.
      * <P>
-     *
+     * 
      * <ul>
      * <li>http.param crl certificate revocation list, base-64, DER encoded
-     *     wrapped in -----BEGIN CERTIFICATE REVOCATION LIST-----,
-     *     -----END CERTIFICATE REVOCATION LIST----- strings
+     * wrapped in -----BEGIN CERTIFICATE REVOCATION LIST-----, -----END
+     * CERTIFICATE REVOCATION LIST----- strings
      * <li>http.param noui if true, use minimal hardcoded text response
      * <li>signed.audit LOGGING_SIGNED_AUDIT_CRL_RETRIEVAL used when CRLs are
      * retrieved by the OCSP Responder ("agent" or "EE")
      * <li>signed.audit LOGGING_SIGNED_AUDIT_CRL_VALIDATION used when CRL is
      * retrieved and validation process occurs ("agent" or "EE")
      * </ul>
+     * 
      * @param cmsReq the object holding the request and response information
      * @exception EBaseException an error has occurred
      */
     protected synchronized void process(CMSRequest cmsReq)
-        throws EBaseException {
+            throws EBaseException {
         boolean CRLFetched = false;
         boolean CRLValidated = false;
         String auditMessage = null;
         String auditSubjectID = auditSubjectID();
         String auditCRLNum = ILogger.SIGNED_AUDIT_EMPTY_VALUE;
 
-        IStatsSubsystem statsSub = (IStatsSubsystem)CMS.getSubsystem("stats");
+        IStatsSubsystem statsSub = (IStatsSubsystem) CMS.getSubsystem("stats");
         if (statsSub != null) {
-          statsSub.startTiming("add_crl", true /* main action */);
+            statsSub.startTiming("add_crl", true /* main action */);
         }
 
         try {
@@ -152,42 +151,43 @@ public class AddCRLServlet extends CMSServlet {
 
                 // store a message in the signed audit log file
                 auditMessage = CMS.getLogMessage(
-                    LOGGING_SIGNED_AUDIT_CRL_RETRIEVAL,
-                    auditSubjectID,
-                    ILogger.FAILURE,
-                    auditCRLNum );
+                        LOGGING_SIGNED_AUDIT_CRL_RETRIEVAL,
+                        auditSubjectID,
+                        ILogger.FAILURE,
+                        auditCRLNum);
 
-                audit( auditMessage );
+                audit(auditMessage);
 
                 return;
             }
 
             if (auditSubjectID.equals(ILogger.NONROLEUSER) ||
-                   auditSubjectID.equals(ILogger.UNIDENTIFIED))  {
+                    auditSubjectID.equals(ILogger.UNIDENTIFIED)) {
                 if (authToken != null) {
                     String uid = authToken.getInString(IAuthToken.USER_ID);
                     if (uid != null) {
-                        CMS.debug("AddCAServlet: auditSubjectID set to "+uid);
+                        CMS.debug("AddCAServlet: auditSubjectID set to " + uid);
                         auditSubjectID = uid;
                     }
-                } 
+                }
             }
             log(ILogger.LL_INFO, "AddCRLServlet");
             String b64 = cmsReq.getHttpReq().getParameter("crl");
-            if (CMS.debugOn()) CMS.debug("AddCRLServlet: b64=" + b64);
+            if (CMS.debugOn())
+                CMS.debug("AddCRLServlet: b64=" + b64);
 
             if (b64 == null) {
                 // store a message in the signed audit log file
                 auditMessage = CMS.getLogMessage(
-                    LOGGING_SIGNED_AUDIT_CRL_RETRIEVAL,
-                    auditSubjectID,
-                    ILogger.FAILURE,
-                    auditCRLNum );
+                        LOGGING_SIGNED_AUDIT_CRL_RETRIEVAL,
+                        auditSubjectID,
+                        ILogger.FAILURE,
+                        auditCRLNum);
 
-                audit( auditMessage );
+                audit(auditMessage);
 
                 throw new ECMSGWException(
-                    CMS.getUserMessage("CMS_GW_MISSING_CRL"));
+                        CMS.getUserMessage("CMS_GW_MISSING_CRL"));
             }
 
             String nouiParm = cmsReq.getHttpReq().getParameter("noui");
@@ -209,20 +209,20 @@ public class AddCRLServlet extends CMSServlet {
                 }
             } catch (IOException e) {
                 log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath,
+                        CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath,
                                       e.toString()));
 
                 // store a message in the signed audit log file
                 auditMessage = CMS.getLogMessage(
-                    LOGGING_SIGNED_AUDIT_CRL_RETRIEVAL,
-                    auditSubjectID,
-                    ILogger.FAILURE,
-                    auditCRLNum );
+                        LOGGING_SIGNED_AUDIT_CRL_RETRIEVAL,
+                        auditSubjectID,
+                        ILogger.FAILURE,
+                        auditCRLNum);
 
-                audit( auditMessage );
+                audit(auditMessage);
 
                 throw new ECMSGWException(
-                    CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
+                        CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
             }
 
             IArgBlock header = CMS.createArgBlock();
@@ -231,32 +231,32 @@ public class AddCRLServlet extends CMSServlet {
 
             if (b64.indexOf(BEGIN_HEADER) == -1) {
                 log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("CMSGW_MISSING_CRL_HEADER"));
+                        CMS.getLogMessage("CMSGW_MISSING_CRL_HEADER"));
 
                 // store a message in the signed audit log file
                 auditMessage = CMS.getLogMessage(
-                    LOGGING_SIGNED_AUDIT_CRL_RETRIEVAL,
-                    auditSubjectID,
-                    ILogger.FAILURE,
-                    auditCRLNum );
+                        LOGGING_SIGNED_AUDIT_CRL_RETRIEVAL,
+                        auditSubjectID,
+                        ILogger.FAILURE,
+                        auditCRLNum);
 
-                audit( auditMessage );
+                audit(auditMessage);
 
                 throw new ECMSGWException(CMS.getUserMessage(getLocale(req),
                                           "CMS_GW_MISSING_CRL_HEADER"));
             }
             if (b64.indexOf(END_HEADER) == -1) {
                 log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("CMSGW_MISSING_CRL_FOOTER"));
+                        CMS.getLogMessage("CMSGW_MISSING_CRL_FOOTER"));
 
                 // store a message in the signed audit log file
                 auditMessage = CMS.getLogMessage(
-                    LOGGING_SIGNED_AUDIT_CRL_RETRIEVAL,
-                    auditSubjectID,
-                    ILogger.FAILURE,
-                    auditCRLNum );
+                        LOGGING_SIGNED_AUDIT_CRL_RETRIEVAL,
+                        auditSubjectID,
+                        ILogger.FAILURE,
+                        auditCRLNum);
 
-                audit( auditMessage );
+                audit(auditMessage);
 
                 throw new ECMSGWException(CMS.getUserMessage(getLocale(req),
                                           "CMS_GW_MISSING_CRL_FOOTER"));
@@ -270,30 +270,30 @@ public class AddCRLServlet extends CMSServlet {
                 long startTime = CMS.getCurrentDate().getTime();
                 CMS.debug("AddCRLServlet: mapCRL start startTime=" + startTime);
                 if (statsSub != null) {
-                  statsSub.startTiming("decode_crl");
+                    statsSub.startTiming("decode_crl");
                 }
-                crl = mapCRL1( b64 );
+                crl = mapCRL1(b64);
                 if (statsSub != null) {
-                  statsSub.endTiming("decode_crl");
+                    statsSub.endTiming("decode_crl");
                 }
                 long endTime = CMS.getCurrentDate().getTime();
-                CMS.debug("AddCRLServlet: mapCRL done endTime=" + endTime + 
-                   " diff=" + (endTime - startTime));
+                CMS.debug("AddCRLServlet: mapCRL done endTime=" + endTime +
+                        " diff=" + (endTime - startTime));
 
                 // Retrieve the actual CRL number
                 BigInteger crlNum = crl.getCRLNumber();
-                if( crlNum != null ) {
+                if (crlNum != null) {
                     auditCRLNum = crlNum.toString();
                 }
 
                 // store a message in the signed audit log file
                 auditMessage = CMS.getLogMessage(
-                    LOGGING_SIGNED_AUDIT_CRL_RETRIEVAL,
-                    auditSubjectID,
-                    ILogger.SUCCESS,
-                    auditCRLNum );
+                        LOGGING_SIGNED_AUDIT_CRL_RETRIEVAL,
+                        auditSubjectID,
+                        ILogger.SUCCESS,
+                        auditCRLNum);
 
-                audit( auditMessage );
+                audit(auditMessage);
 
                 // acknowledge that the CRL has been retrieved
                 CRLFetched = true;
@@ -302,18 +302,18 @@ public class AddCRLServlet extends CMSServlet {
 
                 // store a message in the signed audit log file
                 auditMessage = CMS.getLogMessage(
-                    LOGGING_SIGNED_AUDIT_CRL_RETRIEVAL,
-                    auditSubjectID,
-                    ILogger.FAILURE,
-                    auditCRLNum );
+                        LOGGING_SIGNED_AUDIT_CRL_RETRIEVAL,
+                        auditSubjectID,
+                        ILogger.FAILURE,
+                        auditCRLNum);
 
-                audit( auditMessage );
+                audit(auditMessage);
 
                 throw new ECMSGWException(
-                    CMS.getUserMessage("CMS_GW_DECODING_CRL_ERROR"));
+                        CMS.getUserMessage("CMS_GW_DECODING_CRL_ERROR"));
             }
-            log(ILogger.LL_INFO, "AddCRLServlet: CRL Issuer DN " + 
-                crl.getIssuerDN().getName());
+            log(ILogger.LL_INFO, "AddCRLServlet: CRL Issuer DN " +
+                    crl.getIssuerDN().getName());
 
             ICRLIssuingPointRecord pt = null;
 
@@ -322,101 +322,101 @@ public class AddCRLServlet extends CMSServlet {
                             crl.getIssuerDN().getName());
             } catch (Exception e) {
                 log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("CMSGW_NO_CRL_ISSUING_POINT_FOUND",
-                    crl.getIssuerDN().getName()));
+                        CMS.getLogMessage("CMSGW_NO_CRL_ISSUING_POINT_FOUND",
+                                crl.getIssuerDN().getName()));
 
                 // store a message in the signed audit log file
                 auditMessage = CMS.getLogMessage(
-                    LOGGING_SIGNED_AUDIT_CRL_VALIDATION,
-                    auditSubjectID,
-                    ILogger.FAILURE );
+                        LOGGING_SIGNED_AUDIT_CRL_VALIDATION,
+                        auditSubjectID,
+                        ILogger.FAILURE);
 
-                audit( auditMessage );
+                audit(auditMessage);
 
                 throw new ECMSGWException(
-                    CMS.getUserMessage("CMS_GW_DECODING_CRL_ERROR"));
+                        CMS.getUserMessage("CMS_GW_DECODING_CRL_ERROR"));
             }
             log(ILogger.LL_INFO, "AddCRLServlet: IssuingPoint " +
-                pt.getThisUpdate());
+                    pt.getThisUpdate());
 
             // verify CRL
             byte caCertData[] = pt.getCACert();
             if (caCertData != null) {
-              try {
-                X509CertImpl caCert = new X509CertImpl(caCertData);
-                CMS.debug("AddCRLServlet: start verify");
-
-                CryptoManager cmanager = CryptoManager.getInstance();
-                org.mozilla.jss.crypto.X509Certificate jssCert = null;
                 try {
-                      jssCert = cmanager.importCACertPackage(
-                         caCert.getEncoded());
-                } catch (Exception e2) {
-                      CMS.debug("AddCRLServlet: importCACertPackage " + 
-                        e2.toString());
-                      throw new EBaseException( e2.toString() );
-                }
+                    X509CertImpl caCert = new X509CertImpl(caCertData);
+                    CMS.debug("AddCRLServlet: start verify");
 
-                if (statsSub != null) {
-                  statsSub.startTiming("verify_crl");
-                }
-                crl.verify(jssCert.getPublicKey(), "Mozilla-JSS");
-                if (statsSub != null) {
-                  statsSub.endTiming("verify_crl");
-                }
-                CMS.debug("AddCRLServlet: done verify");
+                    CryptoManager cmanager = CryptoManager.getInstance();
+                    org.mozilla.jss.crypto.X509Certificate jssCert = null;
+                    try {
+                        jssCert = cmanager.importCACertPackage(
+                                caCert.getEncoded());
+                    } catch (Exception e2) {
+                        CMS.debug("AddCRLServlet: importCACertPackage " +
+                                e2.toString());
+                        throw new EBaseException(e2.toString());
+                    }
 
-                // store a message in the signed audit log file
-                auditMessage = CMS.getLogMessage(
-                    LOGGING_SIGNED_AUDIT_CRL_VALIDATION,
-                    auditSubjectID,
-                    ILogger.SUCCESS );
+                    if (statsSub != null) {
+                        statsSub.startTiming("verify_crl");
+                    }
+                    crl.verify(jssCert.getPublicKey(), "Mozilla-JSS");
+                    if (statsSub != null) {
+                        statsSub.endTiming("verify_crl");
+                    }
+                    CMS.debug("AddCRLServlet: done verify");
 
-                audit( auditMessage );
+                    // store a message in the signed audit log file
+                    auditMessage = CMS.getLogMessage(
+                            LOGGING_SIGNED_AUDIT_CRL_VALIDATION,
+                            auditSubjectID,
+                            ILogger.SUCCESS);
 
-                // acknowledge that the CRL has been validated
-                CRLValidated = true;
-              } catch (Exception e) {
-                CMS.debug("AddCRLServlet: failed to verify CRL " + e.toString());
-                CMS.debug(e);
-                log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("CMSGW_NO_CRL_ISSUING_POINT_FOUND",
-                    crl.getIssuerDN().getName()));
+                    audit(auditMessage);
 
-                // store a message in the signed audit log file
-                auditMessage = CMS.getLogMessage(
-                    LOGGING_SIGNED_AUDIT_CRL_VALIDATION,
-                    auditSubjectID,
-                    ILogger.FAILURE );
+                    // acknowledge that the CRL has been validated
+                    CRLValidated = true;
+                } catch (Exception e) {
+                    CMS.debug("AddCRLServlet: failed to verify CRL " + e.toString());
+                    CMS.debug(e);
+                    log(ILogger.LL_FAILURE,
+                            CMS.getLogMessage("CMSGW_NO_CRL_ISSUING_POINT_FOUND",
+                                    crl.getIssuerDN().getName()));
 
-                audit( auditMessage );
+                    // store a message in the signed audit log file
+                    auditMessage = CMS.getLogMessage(
+                            LOGGING_SIGNED_AUDIT_CRL_VALIDATION,
+                            auditSubjectID,
+                            ILogger.FAILURE);
 
-                throw new ECMSGWException(
-                    CMS.getUserMessage("CMS_GW_DECODING_CRL_ERROR"));
-              }
+                    audit(auditMessage);
+
+                    throw new ECMSGWException(
+                            CMS.getUserMessage("CMS_GW_DECODING_CRL_ERROR"));
+                }
             }
 
-            if ((pt.getThisUpdate() != null) && 
-                (pt.getThisUpdate().getTime() >=
-                 crl.getThisUpdate().getTime())) {
+            if ((pt.getThisUpdate() != null) &&
+                    (pt.getThisUpdate().getTime() >=
+                    crl.getThisUpdate().getTime())) {
                 // error, the uploaded CRL is older than the current
                 CMS.debug("AddCRLServlet: no update, CRL is older");
                 log(ILogger.LL_INFO,
-                    "AddCRLServlet: no update, received CRL is older " +
-                    "than current CRL");
+                        "AddCRLServlet: no update, received CRL is older " +
+                                "than current CRL");
                 if (noUI) {
                     try {
                         resp.setContentType("application/text");
-                        resp.getOutputStream().write("status=1\n".getBytes()); 
+                        resp.getOutputStream().write("status=1\n".getBytes());
                         resp.getOutputStream().write(
-                            "error=Sent CRL is older than the current CRL\n".getBytes()); 
+                                "error=Sent CRL is older than the current CRL\n".getBytes());
                         resp.getOutputStream().flush();
                         cmsReq.setStatus(CMSRequest.SUCCESS);
 
-                        // NOTE:  The signed audit events
-                        //        LOGGING_SIGNED_AUDIT_CRL_RETRIEVAL and
-                        //        LOGGING_SIGNED_AUDIT_CRL_VALIDATION have
-                        //        already been logged at this point!
+                        // NOTE: The signed audit events
+                        // LOGGING_SIGNED_AUDIT_CRL_RETRIEVAL and
+                        // LOGGING_SIGNED_AUDIT_CRL_VALIDATION have
+                        // already been logged at this point!
 
                         return;
                     } catch (Exception e) {
@@ -424,26 +424,26 @@ public class AddCRLServlet extends CMSServlet {
                 } else {
                     CMS.debug("AddCRLServlet: CRL is older");
 
-                    // NOTE:  The signed audit events
-                    //        LOGGING_SIGNED_AUDIT_CRL_RETRIEVAL and
-                    //        LOGGING_SIGNED_AUDIT_CRL_VALIDATION have
-                    //        already been logged at this point!
+                    // NOTE: The signed audit events
+                    // LOGGING_SIGNED_AUDIT_CRL_RETRIEVAL and
+                    // LOGGING_SIGNED_AUDIT_CRL_VALIDATION have
+                    // already been logged at this point!
 
                     throw new ECMSGWException(CMS.getUserMessage(
-                        "CMS_GW_OLD_CRL_ERROR"));
+                            "CMS_GW_OLD_CRL_ERROR"));
                 }
             }
 
             if (crl.isDeltaCRL()) {
                 CMS.debug("AddCRLServlet: no update, Delta CRLs are not supported.");
-                log(ILogger.LL_INFO, "AddCRLServlet: no update, "+
-                    CMS.getUserMessage("CMS_GW_DELTA_CRL_NOT_SUPPORTED"));
+                log(ILogger.LL_INFO, "AddCRLServlet: no update, " +
+                        CMS.getUserMessage("CMS_GW_DELTA_CRL_NOT_SUPPORTED"));
                 if (noUI) {
                     try {
                         resp.setContentType("application/text");
-                        resp.getOutputStream().write("status=1\n".getBytes()); 
+                        resp.getOutputStream().write("status=1\n".getBytes());
                         resp.getOutputStream().write(
-                            "error=Delta CRLs are not supported.\n".getBytes()); 
+                                "error=Delta CRLs are not supported.\n".getBytes());
                         resp.getOutputStream().flush();
                         cmsReq.setStatus(CMSRequest.SUCCESS);
 
@@ -465,26 +465,26 @@ public class AddCRLServlet extends CMSServlet {
 
             IRepositoryRecord repRec = defStore.createRepositoryRecord();
 
-            repRec.set(IRepositoryRecord.ATTR_SERIALNO, 
-                new BigInteger(Long.toString(crl.getThisUpdate().getTime())));
+            repRec.set(IRepositoryRecord.ATTR_SERIALNO,
+                    new BigInteger(Long.toString(crl.getThisUpdate().getTime())));
             try {
                 defStore.addRepository(
-                    crl.getIssuerDN().getName(),
-                    Long.toString(crl.getThisUpdate().getTime()),
-                    repRec);
+                        crl.getIssuerDN().getName(),
+                        Long.toString(crl.getThisUpdate().getTime()),
+                        repRec);
                 log(ILogger.EV_AUDIT, AuditFormat.LEVEL, "Added CRL Updated " +
-                    Long.toString(crl.getThisUpdate().getTime()));
+                        Long.toString(crl.getThisUpdate().getTime()));
             } catch (Exception e) {
-              CMS.debug("AddCRLServlet: add repository e=" + e.toString());
+                CMS.debug("AddCRLServlet: add repository e=" + e.toString());
             }
-            log(ILogger.LL_INFO, "AddCRLServlet: Created CRL Repository " + 
-                Long.toString(crl.getThisUpdate().getTime()));
+            log(ILogger.LL_INFO, "AddCRLServlet: Created CRL Repository " +
+                    Long.toString(crl.getThisUpdate().getTime()));
 
             if (defStore.waitOnCRLUpdate()) {
                 defStore.updateCRL(crl);
             } else {
-               // when the CRL large, the thread is terminiated by the
-               // servlet framework before it can finish its work
+                // when the CRL large, the thread is terminiated by the
+                // servlet framework before it can finish its work
                 UpdateCRLThread uct = new UpdateCRLThread(defStore, crl);
 
                 uct.start();
@@ -496,64 +496,64 @@ public class AddCRLServlet extends CMSServlet {
                 if (noUI) {
                     CMS.debug("AddCRLServlet: return result noUI=true");
                     resp.setContentType("application/text");
-                    resp.getOutputStream().write("status=0".getBytes()); 
+                    resp.getOutputStream().write("status=0".getBytes());
                     resp.getOutputStream().flush();
                     cmsReq.setStatus(CMSRequest.SUCCESS);
                 } else {
                     CMS.debug("AddCRLServlet: return result noUI=false");
                     String xmlOutput = req.getParameter("xml");
                     if (xmlOutput != null && xmlOutput.equals("true")) {
-                      outputXML(resp, argSet);
+                        outputXML(resp, argSet);
                     } else {
-                      resp.setContentType("text/html");
-                      form.renderOutput(out, argSet);
-                      cmsReq.setStatus(CMSRequest.SUCCESS);
+                        resp.setContentType("text/html");
+                        form.renderOutput(out, argSet);
+                        cmsReq.setStatus(CMSRequest.SUCCESS);
                     }
                 }
             } catch (IOException e) {
                 CMS.debug("AddCRLServlet: return result error=" + e.toString());
                 mOCSPAuthority.log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE",
-                        e.toString()));
+                        CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE",
+                                e.toString()));
 
-                // NOTE:  The signed audit events
-                //        LOGGING_SIGNED_AUDIT_CRL_RETRIEVAL and
-                //        LOGGING_SIGNED_AUDIT_CRL_VALIDATION have
-                //        already been logged at this point!
+                // NOTE: The signed audit events
+                // LOGGING_SIGNED_AUDIT_CRL_RETRIEVAL and
+                // LOGGING_SIGNED_AUDIT_CRL_VALIDATION have
+                // already been logged at this point!
 
                 throw new ECMSGWException(
-                  CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
+                        CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
             }
-        } catch( EBaseException eAudit1 ) {
-            if( !CRLFetched ) {
+        } catch (EBaseException eAudit1) {
+            if (!CRLFetched) {
                 // store a message in the signed audit log file
                 auditMessage = CMS.getLogMessage(
-                    LOGGING_SIGNED_AUDIT_CRL_RETRIEVAL,
-                    auditSubjectID,
-                    ILogger.FAILURE,
-                    auditCRLNum );
+                        LOGGING_SIGNED_AUDIT_CRL_RETRIEVAL,
+                        auditSubjectID,
+                        ILogger.FAILURE,
+                        auditCRLNum);
 
-                audit( auditMessage );
+                audit(auditMessage);
             } else {
-                if( !CRLValidated ) {
+                if (!CRLValidated) {
                     // store a message in the signed audit log file
                     auditMessage = CMS.getLogMessage(
-                        LOGGING_SIGNED_AUDIT_CRL_VALIDATION,
-                        auditSubjectID,
-                        ILogger.FAILURE );
+                            LOGGING_SIGNED_AUDIT_CRL_VALIDATION,
+                            auditSubjectID,
+                            ILogger.FAILURE);
 
-                    audit( auditMessage );
+                    audit(auditMessage);
                 }
             }
             throw eAudit1;
         }
         if (statsSub != null) {
-          statsSub.endTiming("add_crl");
+            statsSub.endTiming("add_crl");
         }
     }
 
     public X509CRLImpl mapCRL1(String mime64)
-        throws IOException {
+            throws IOException {
         mime64 = Cert.stripCRLBrackets(mime64.trim());
 
         byte rawPub[] = CMS.AtoB(mime64);
@@ -568,21 +568,20 @@ public class AddCRLServlet extends CMSServlet {
     }
 }
 
-
 class UpdateCRLThread extends Thread {
     private IDefStore mDefStore = null;
     private X509CRL mCRL = null;
 
     public UpdateCRLThread(
-        IDefStore defStore, X509CRL crl) {
+            IDefStore defStore, X509CRL crl) {
         mDefStore = defStore;
         mCRL = crl;
     }
 
     public void run() {
         try {
-            if (!((X509CRLImpl)mCRL).areEntriesIncluded())
-                mCRL = new X509CRLImpl(((X509CRLImpl)mCRL).getEncoded());
+            if (!((X509CRLImpl) mCRL).areEntriesIncluded())
+                mCRL = new X509CRLImpl(((X509CRLImpl) mCRL).getEncoded());
             mDefStore.updateCRL(mCRL);
         } catch (CRLException e) {
         } catch (X509ExtensionException e) {
diff --git a/pki/base/common/src/com/netscape/cms/servlet/ocsp/CheckCertServlet.java b/pki/base/common/src/com/netscape/cms/servlet/ocsp/CheckCertServlet.java
index 3e5d1f49..212ce6a1 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/ocsp/CheckCertServlet.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/ocsp/CheckCertServlet.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.servlet.ocsp;
 
-
 import java.io.IOException;
 import java.security.cert.X509CRLEntry;
 import java.security.cert.X509Certificate;
@@ -48,10 +47,9 @@ import com.netscape.cms.servlet.common.CMSTemplateParams;
 import com.netscape.cms.servlet.common.ECMSGWException;
 import com.netscape.cmsutil.util.Cert;
 
-
 /**
- * Check the status of a specific certificate 
- *
+ * Check the status of a specific certificate
+ * 
  * @version $Revision$ $Date$
  */
 public class CheckCertServlet extends CMSServlet {
@@ -61,9 +59,9 @@ public class CheckCertServlet extends CMSServlet {
      */
     private static final long serialVersionUID = 7782198059640825050L;
     public static final String BEGIN_HEADER =
-        "-----BEGIN CERTIFICATE-----";
+            "-----BEGIN CERTIFICATE-----";
     public static final String END_HEADER =
-        "-----END CERTIFICATE-----";
+            "-----END CERTIFICATE-----";
 
     public static final String ATTR_STATUS = "status";
     public static final String ATTR_ISSUERDN = "issuerDN";
@@ -85,7 +83,7 @@ public class CheckCertServlet extends CMSServlet {
     /**
      * initialize the servlet. This servlet uses the template file
      * "checkCert.template" to process the response.
-     *
+     * 
      * @param sc servlet configuration, read from the web.xml file
      */
     public void init(ServletConfig sc) throws ServletException {
@@ -102,14 +100,14 @@ public class CheckCertServlet extends CMSServlet {
     /**
      * Process the HTTP request.
      * <ul>
-     * <li>http.param cert certificate to check. Base64, DER encoded, wrapped
-     * in -----BEGIN CERTIFICATE-----, -----END CERTIFICATE----- strings
+     * <li>http.param cert certificate to check. Base64, DER encoded, wrapped in
+     * -----BEGIN CERTIFICATE-----, -----END CERTIFICATE----- strings
      * </ul>
-     *
+     * 
      * @param cmsReq the object holding the request and response information
      */
     protected void process(CMSRequest cmsReq)
-        throws EBaseException {
+            throws EBaseException {
         HttpServletRequest req = cmsReq.getHttpReq();
         HttpServletResponse resp = cmsReq.getHttpResp();
 
@@ -136,9 +134,9 @@ public class CheckCertServlet extends CMSServlet {
             form = getTemplate(mFormPath, req, locale);
         } catch (IOException e) {
             log(ILogger.LL_FAILURE,
-                CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString()));
+                    CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString()));
             throw new ECMSGWException(
-              CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
+                    CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
         }
 
         IArgBlock header = CMS.createArgBlock();
@@ -177,9 +175,9 @@ public class CheckCertServlet extends CMSServlet {
         header.addStringValue(ATTR_SUBJECTDN, cert.getSubjectDN().getName());
         header.addStringValue(ATTR_SERIALNO, "0x" + cert.getSerialNumber().toString(16));
         try {
-            X509CRLImpl	crl = null;
+            X509CRLImpl crl = null;
 
-            crl = new X509CRLImpl(pt.getCRL()); 
+            crl = new X509CRLImpl(pt.getCRL());
             X509CRLEntry crlentry = crl.getRevokedCertificate(cert.getSerialNumber());
 
             if (crlentry == null) {
@@ -201,18 +199,18 @@ public class CheckCertServlet extends CMSServlet {
             String error = null;
 
             String xmlOutput = req.getParameter("xml");
-			if (xmlOutput != null && xmlOutput.equals("true")) {
-			  outputXML(resp, argSet);
-			} else {
-			  resp.setContentType("text/html");
-			  form.renderOutput(out, argSet);
-			  cmsReq.setStatus(CMSRequest.SUCCESS);
-			}
+            if (xmlOutput != null && xmlOutput.equals("true")) {
+                outputXML(resp, argSet);
+            } else {
+                resp.setContentType("text/html");
+                form.renderOutput(out, argSet);
+                cmsReq.setStatus(CMSRequest.SUCCESS);
+            }
         } catch (IOException e) {
             log(ILogger.LL_FAILURE,
-                CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString()));
+                    CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString()));
             throw new ECMSGWException(
-              CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
+                    CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
         }
     }
 }
diff --git a/pki/base/common/src/com/netscape/cms/servlet/ocsp/GetOCSPInfo.java b/pki/base/common/src/com/netscape/cms/servlet/ocsp/GetOCSPInfo.java
index 704c759c..825416e3 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/ocsp/GetOCSPInfo.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/ocsp/GetOCSPInfo.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.servlet.ocsp;
 
-
 import java.io.IOException;
 import java.util.Locale;
 
@@ -41,11 +40,9 @@ import com.netscape.cms.servlet.common.CMSTemplate;
 import com.netscape.cms.servlet.common.CMSTemplateParams;
 import com.netscape.cms.servlet.common.ECMSGWException;
 
-
 /**
- * Retrieve information about the number of OCSP requests the OCSP 
- * has serviced
- *
+ * Retrieve information about the number of OCSP requests the OCSP has serviced
+ * 
  * @version $Revision$, $Date$
  */
 public class GetOCSPInfo extends CMSServlet {
@@ -61,9 +58,9 @@ public class GetOCSPInfo extends CMSServlet {
     }
 
     /**
-     * initialize the servlet. This servlet uses the template
-     * file "getOCSPInfo.template" to render the result page.
-     *
+     * initialize the servlet. This servlet uses the template file
+     * "getOCSPInfo.template" to render the result page.
+     * 
      * @param sc servlet configuration, read from the web.xml file
      */
     public void init(ServletConfig sc) throws ServletException {
@@ -79,14 +76,13 @@ public class GetOCSPInfo extends CMSServlet {
 
     }
 
-
     /**
-	 * Process the HTTP request. 
-     *
+     * Process the HTTP request.
+     * 
      * @param cmsReq the object holding the request and response information
      */
     protected void process(CMSRequest cmsReq)
-        throws EBaseException {
+            throws EBaseException {
         HttpServletRequest httpReq = cmsReq.getHttpReq();
         HttpServletResponse httpResp = cmsReq.getHttpResp();
 
@@ -98,10 +94,10 @@ public class GetOCSPInfo extends CMSServlet {
                         mAuthzResourceName, "read");
         } catch (EAuthzAccessDenied e) {
             log(ILogger.LL_FAILURE,
-                CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+                    CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
         } catch (Exception e) {
             log(ILogger.LL_FAILURE,
-                CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+                    CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
         }
 
         if (authzToken == null) {
@@ -115,7 +111,7 @@ public class GetOCSPInfo extends CMSServlet {
         if (!(mAuthority instanceof IOCSPService)) {
             log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_CA_FROM_RA_NOT_IMP"));
             cmsReq.setError(new ECMSGWException(
-              CMS.getUserMessage("CMS_GW_NOT_YET_IMPLEMENTED")));
+                    CMS.getUserMessage("CMS_GW_NOT_YET_IMPLEMENTED")));
             cmsReq.setStatus(CMSRequest.ERROR);
             return;
         }
@@ -126,10 +122,10 @@ public class GetOCSPInfo extends CMSServlet {
         try {
             form = getTemplate(mFormPath, httpReq, locale);
         } catch (IOException e) {
-            log(ILogger.LL_FAILURE, 
-                CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString()));
+            log(ILogger.LL_FAILURE,
+                    CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString()));
             cmsReq.setError(new ECMSGWException(
-              CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")));
+                    CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")));
             cmsReq.setStatus(CMSRequest.ERROR);
             return;
         }
@@ -147,8 +143,8 @@ public class GetOCSPInfo extends CMSServlet {
         header.addLongValue("totalData", ca.getOCSPTotalData());
         long secs = 0;
         if (ca.getOCSPRequestTotalTime() != 0) {
-             secs = (ca.getNumOCSPRequest() * 1000) / ca.getOCSPRequestTotalTime();
-        } 
+            secs = (ca.getNumOCSPRequest() * 1000) / ca.getOCSPRequestTotalTime();
+        }
         header.addLongValue("ReqSec", secs);
         try {
             ServletOutputStream out = httpResp.getOutputStream();
@@ -157,10 +153,10 @@ public class GetOCSPInfo extends CMSServlet {
             form.renderOutput(out, argSet);
             cmsReq.setStatus(CMSRequest.SUCCESS);
         } catch (IOException e) {
-            log(ILogger.LL_FAILURE, 
-                CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString()));
+            log(ILogger.LL_FAILURE,
+                    CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString()));
             cmsReq.setError(new ECMSGWException(
-              CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")));
+                    CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR")));
             cmsReq.setStatus(CMSRequest.ERROR);
         }
         cmsReq.setStatus(CMSRequest.SUCCESS);
diff --git a/pki/base/common/src/com/netscape/cms/servlet/ocsp/ListCAServlet.java b/pki/base/common/src/com/netscape/cms/servlet/ocsp/ListCAServlet.java
index 063d8513..6b9d2094 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/ocsp/ListCAServlet.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/ocsp/ListCAServlet.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.servlet.ocsp;
 
-
 import java.io.IOException;
 import java.math.BigInteger;
 import java.util.Date;
@@ -45,10 +44,9 @@ import com.netscape.cms.servlet.common.CMSTemplate;
 import com.netscape.cms.servlet.common.CMSTemplateParams;
 import com.netscape.cms.servlet.common.ECMSGWException;
 
-
 /**
  * Show the list of CA's that the OCSP responder can service
- *
+ * 
  * @version $Revision$ $Date$
  */
 public class ListCAServlet extends CMSServlet {
@@ -58,9 +56,9 @@ public class ListCAServlet extends CMSServlet {
      */
     private static final long serialVersionUID = 3764395161795483452L;
     public static final String BEGIN_HEADER =
-        "-----BEGIN CERTIFICATE-----";
+            "-----BEGIN CERTIFICATE-----";
     public static final String END_HEADER =
-        "-----END CERTIFICATE-----";
+            "-----END CERTIFICATE-----";
 
     private final static String TPL_FILE = "listCAs.template";
     private String mFormPath = null;
@@ -73,7 +71,7 @@ public class ListCAServlet extends CMSServlet {
     /**
      * initialize the servlet. This servlet uses the template file
      * "listCAs.template" to process the response.
-     *
+     * 
      * @param sc servlet configuration, read from the web.xml file
      */
     public void init(ServletConfig sc) throws ServletException {
@@ -89,11 +87,11 @@ public class ListCAServlet extends CMSServlet {
 
     /**
      * Process the HTTP request.
-     *
+     * 
      * @param cmsReq the object holding the request and response information
      */
     protected void process(CMSRequest cmsReq)
-        throws EBaseException {
+            throws EBaseException {
         HttpServletRequest req = cmsReq.getHttpReq();
         HttpServletResponse resp = cmsReq.getHttpResp();
 
@@ -120,9 +118,9 @@ public class ListCAServlet extends CMSServlet {
             form = getTemplate(mFormPath, req, locale);
         } catch (IOException e) {
             log(ILogger.LL_FAILURE,
-                CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString()));
+                    CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString()));
             throw new ECMSGWException(
-              CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
+                    CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
         }
 
         IArgBlock header = CMS.createArgBlock();
@@ -133,12 +131,12 @@ public class ListCAServlet extends CMSServlet {
         Enumeration recs = defStore.searchAllCRLIssuingPointRecord(100);
 
         // show the current CRL number if present
-        header.addStringValue("stateCount", 
-            Integer.toString(defStore.getStateCount()));
+        header.addStringValue("stateCount",
+                Integer.toString(defStore.getStateCount()));
 
         while (recs.hasMoreElements()) {
-            ICRLIssuingPointRecord rec = 
-                (ICRLIssuingPointRecord) recs.nextElement();
+            ICRLIssuingPointRecord rec =
+                    (ICRLIssuingPointRecord) recs.nextElement();
             IArgBlock rarg = CMS.createArgBlock();
             String thisId = rec.getId();
 
@@ -163,17 +161,17 @@ public class ListCAServlet extends CMSServlet {
                 rarg.addLongValue("NumRevoked", 0);
             } else {
                 if (rc.longValue() == -1) {
-                  rarg.addStringValue("NumRevoked", "UNKNOWN");
-		} else {
-                  rarg.addLongValue("NumRevoked", rc.longValue());
+                    rarg.addStringValue("NumRevoked", "UNKNOWN");
+                } else {
+                    rarg.addLongValue("NumRevoked", rc.longValue());
                 }
             }
 
             BigInteger crlNumber = rec.getCRLNumber();
             if (crlNumber == null || crlNumber.equals(new BigInteger("-1"))) {
-                  rarg.addStringValue("CRLNumber", "UNKNOWN");
+                rarg.addStringValue("CRLNumber", "UNKNOWN");
             } else {
-                  rarg.addStringValue("CRLNumber", crlNumber.toString());
+                rarg.addStringValue("CRLNumber", crlNumber.toString());
             }
 
             rarg.addLongValue("ReqCount", defStore.getReqCount(thisId));
@@ -185,18 +183,18 @@ public class ListCAServlet extends CMSServlet {
             String error = null;
 
             String xmlOutput = req.getParameter("xml");
-			if (xmlOutput != null && xmlOutput.equals("true")) {
-			  outputXML(resp, argSet);
-			} else {
-			  resp.setContentType("text/html");
-			  form.renderOutput(out, argSet);
-			  cmsReq.setStatus(CMSRequest.SUCCESS);
-			}
+            if (xmlOutput != null && xmlOutput.equals("true")) {
+                outputXML(resp, argSet);
+            } else {
+                resp.setContentType("text/html");
+                form.renderOutput(out, argSet);
+                cmsReq.setStatus(CMSRequest.SUCCESS);
+            }
         } catch (IOException e) {
             log(ILogger.LL_FAILURE,
-                CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString()));
+                    CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString()));
             throw new ECMSGWException(
-              CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
+                    CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
         }
     }
 }
diff --git a/pki/base/common/src/com/netscape/cms/servlet/ocsp/OCSPServlet.java b/pki/base/common/src/com/netscape/cms/servlet/ocsp/OCSPServlet.java
index cfc91975..a11a1739 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/ocsp/OCSPServlet.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/ocsp/OCSPServlet.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.servlet.ocsp;
 
-
 import java.io.ByteArrayInputStream;
 import java.io.ByteArrayOutputStream;
 import java.io.InputStream;
@@ -47,11 +46,10 @@ import com.netscape.cmsutil.ocsp.ResponseData;
 import com.netscape.cmsutil.ocsp.SingleResponse;
 import com.netscape.cmsutil.ocsp.TBSRequest;
 
-
 /**
- * Process OCSP messages, According to RFC 2560
- * See http://www.ietf.org/rfc/rfc2560.txt
- *
+ * Process OCSP messages, According to RFC 2560 See
+ * http://www.ietf.org/rfc/rfc2560.txt
+ * 
  * @version $Revision$ $Date$
  */
 public class OCSPServlet extends CMSServlet {
@@ -65,7 +63,7 @@ public class OCSPServlet extends CMSServlet {
     public final static String PROP_MAX_REQUEST_SIZE = "MaxRequestSize";
     public final static String PROP_ID = "ID";
 
-    private int m_maxRequestSize=5000;
+    private int m_maxRequestSize = 5000;
 
     public OCSPServlet() {
         super();
@@ -74,35 +72,35 @@ public class OCSPServlet extends CMSServlet {
     /**
      * initialize the servlet. This servlet uses the template file
      * "ImportCert.template" to process the response.
-     *
+     * 
      * @param sc servlet configuration, read from the web.xml file
      */
     public void init(ServletConfig sc) throws ServletException {
         super.init(sc);
         String s = sc.getInitParameter(PROP_MAX_REQUEST_SIZE);
         if (s != null) {
-        try {
-            m_maxRequestSize = Integer.parseInt(s);
-        } catch (Exception e) {}
-       }
+            try {
+                m_maxRequestSize = Integer.parseInt(s);
+            } catch (Exception e) {
+            }
+        }
 
     }
 
     /**
-     * Process the HTTP request. 
-     * This method is invoked when the OCSP service receives a OCSP
-     * request. Based on RFC 2560, the request should have the OCSP
-     * request in the HTTP body as binary blob.
-     *
+     * Process the HTTP request. This method is invoked when the OCSP service
+     * receives a OCSP request. Based on RFC 2560, the request should have the
+     * OCSP request in the HTTP body as binary blob.
+     * 
      * @param cmsReq the object holding the request and response information
      */
     protected void process(CMSRequest cmsReq) throws EBaseException {
         HttpServletRequest httpReq = cmsReq.getHttpReq();
         HttpServletResponse httpResp = cmsReq.getHttpResp();
 
-        IStatsSubsystem statsSub = (IStatsSubsystem)CMS.getSubsystem("stats");
+        IStatsSubsystem statsSub = (IStatsSubsystem) CMS.getSubsystem("stats");
         if (statsSub != null) {
-          statsSub.startTiming("ocsp", true /* main action */);
+            statsSub.startTiming("ocsp", true /* main action */);
         }
 
         IAuthToken authToken = authenticate(cmsReq);
@@ -119,12 +117,12 @@ public class OCSPServlet extends CMSServlet {
             cmsReq.setStatus(CMSRequest.UNAUTHORIZED);
             return;
         }
-        
+
         CMS.debug("Servlet Path=" + httpReq.getServletPath());
         CMS.debug("RequestURI=" + httpReq.getRequestURI());
-        String pathInfo =  httpReq.getPathInfo();
+        String pathInfo = httpReq.getPathInfo();
         if (pathInfo != null && pathInfo.indexOf('%') != -1) {
-          pathInfo = URLDecoder.decode(pathInfo);
+            pathInfo = URLDecoder.decode(pathInfo);
         }
         CMS.debug("PathInfo=" + pathInfo);
 
@@ -136,46 +134,46 @@ public class OCSPServlet extends CMSServlet {
             String method = httpReq.getMethod();
             CMS.debug("Method=" + method);
             if (method != null && method.equals("POST")) {
-              int reqlen = httpReq.getContentLength();
-
-              if (reqlen == -1) {
-                 throw new Exception("OCSPServlet: Content-Length not supplied");
-              }
-              if (reqlen == 0) {
-                 throw new Exception("OCSPServlet: Invalid Content-Length");
-              }
-              if (reqlen > m_maxRequestSize) {
-                 throw new Exception("OCSPServlet: Client sending too much OCSP request data ("+reqlen+")");
-              }
-
-              // for debugging
-              reqbuf = new byte[reqlen];
-              int bytesread = 0;
-              boolean partial = false;
-
-              while (bytesread < reqlen) {
-                int r = is.read(reqbuf, bytesread, reqlen - bytesread);
-                if (r == -1) {
-                    throw new Exception("OCSPServlet: Client did not supply enough OCSP data");
+                int reqlen = httpReq.getContentLength();
+
+                if (reqlen == -1) {
+                    throw new Exception("OCSPServlet: Content-Length not supplied");
+                }
+                if (reqlen == 0) {
+                    throw new Exception("OCSPServlet: Invalid Content-Length");
+                }
+                if (reqlen > m_maxRequestSize) {
+                    throw new Exception("OCSPServlet: Client sending too much OCSP request data (" + reqlen + ")");
                 }
-                bytesread += r;
-                if (partial == false) {
-                    if (bytesread < reqlen) {
-                        partial = true;
+
+                // for debugging
+                reqbuf = new byte[reqlen];
+                int bytesread = 0;
+                boolean partial = false;
+
+                while (bytesread < reqlen) {
+                    int r = is.read(reqbuf, bytesread, reqlen - bytesread);
+                    if (r == -1) {
+                        throw new Exception("OCSPServlet: Client did not supply enough OCSP data");
+                    }
+                    bytesread += r;
+                    if (partial == false) {
+                        if (bytesread < reqlen) {
+                            partial = true;
+                        }
                     }
                 }
-              }
-              is = new ByteArrayInputStream(reqbuf);
+                is = new ByteArrayInputStream(reqbuf);
             } else {
-              // GET method
-              if ( (pathInfo == null)              ||
-                   (pathInfo.equals( "" ) )        ||
-                   (pathInfo.substring(1) == null) ||
-                   (pathInfo.substring(1).equals( "" ) ) ) {
-                  throw new Exception("OCSPServlet: OCSP request not provided in GET method");
-              }
-              is = new ByteArrayInputStream(
-                com.netscape.osutil.OSUtil.AtoB(pathInfo.substring(1)));
+                // GET method
+                if ((pathInfo == null) ||
+                        (pathInfo.equals("")) ||
+                        (pathInfo.substring(1) == null) ||
+                        (pathInfo.substring(1).equals(""))) {
+                    throw new Exception("OCSPServlet: OCSP request not provided in GET method");
+                }
+                is = new ByteArrayInputStream(
+                        com.netscape.osutil.OSUtil.AtoB(pathInfo.substring(1)));
             }
 
             // (1) retrieve OCSP request
@@ -183,22 +181,23 @@ public class OCSPServlet extends CMSServlet {
             OCSPResponse response = null;
 
             try {
-                OCSPRequest.Template reqTemplate = 
-                    new OCSPRequest.Template();
+                OCSPRequest.Template reqTemplate =
+                        new OCSPRequest.Template();
 
-                if ( (is == null) ||
-                     (is.toString().equals( "" ) ) ) {
-                    throw new Exception( "OCSPServlet: OCSP request is "
+                if ((is == null) ||
+                        (is.toString().equals(""))) {
+                    throw new Exception("OCSPServlet: OCSP request is "
                                        + "empty or malformed");
                 }
                 ocspReq = (OCSPRequest) reqTemplate.decode(is);
-                if ( (ocspReq == null) ||
-                     (ocspReq.toString().equals( "" ) ) ) {
-                    throw new Exception( "OCSPServlet: Decoded OCSP request "
+                if ((ocspReq == null) ||
+                        (ocspReq.toString().equals(""))) {
+                    throw new Exception("OCSPServlet: Decoded OCSP request "
                                        + "is empty or malformed");
                 }
                 response = ((IOCSPService) mAuthority).validate(ocspReq);
-            } catch (Exception e) {;
+            } catch (Exception e) {
+                ;
                 CMS.debug("OCSPServlet: " + e.toString());
             }
 
@@ -219,8 +218,8 @@ public class OCSPServlet extends CMSServlet {
                     CMS.debug("OCSPServlet: " + CMS.BtoA(ASN1Util.encode(ocspReq)));
                     TBSRequest tbsReq = ocspReq.getTBSRequest();
                     for (int i = 0; i < tbsReq.getRequestCount(); i++) {
-                       com.netscape.cmsutil.ocsp.Request req = tbsReq.getRequestAt(i);
-                       CMS.debug("Serial Number: " + req.getCertID().getSerialNumber());
+                        com.netscape.cmsutil.ocsp.Request req = tbsReq.getRequestAt(i);
+                        CMS.debug("Serial Number: " + req.getCertID().getSerialNumber());
                     }
                     CMS.debug("OCSPServlet: OCSP Response Size:");
                     CMS.debug("OCSPServlet: " + Integer.toString(respbytes.length));
@@ -232,17 +231,17 @@ public class OCSPServlet extends CMSServlet {
                     } else if (rbytes.getObjectIdentifier().equals(
                                ResponseBytes.OCSP_BASIC)) {
                         BasicOCSPResponse basicRes = (BasicOCSPResponse)
-                        BasicOCSPResponse.getTemplate().decode(
-                        new ByteArrayInputStream(rbytes.getResponse().toByteArray()));
+                                BasicOCSPResponse.getTemplate().decode(
+                                        new ByteArrayInputStream(rbytes.getResponse().toByteArray()));
                         if (basicRes == null) {
                             CMS.debug("Basic Res is null");
                         } else {
                             ResponseData data = basicRes.getResponseData();
                             for (int i = 0; i < data.getResponseCount(); i++) {
                                 SingleResponse res = data.getResponseAt(i);
-                                CMS.debug("Serial Number: " + 
-                                          res.getCertID().getSerialNumber()  + 
-                                          " Status: " + 
+                                CMS.debug("Serial Number: " +
+                                          res.getCertID().getSerialNumber() +
+                                          " Status: " +
                                           res.getCertStatus().getClass().getName());
                             }
                         }
@@ -250,14 +249,14 @@ public class OCSPServlet extends CMSServlet {
                 }
 
                 httpResp.setContentType("application/ocsp-response");
-             
+
                 httpResp.setContentLength(respbytes.length);
                 OutputStream ooss = httpResp.getOutputStream();
 
                 ooss.write(respbytes);
                 ooss.flush();
                 if (statsSub != null) {
-                  statsSub.endTiming("ocsp");
+                    statsSub.endTiming("ocsp");
                 }
 
                 mRenderResult = false;
diff --git a/pki/base/common/src/com/netscape/cms/servlet/ocsp/RemoveCAServlet.java b/pki/base/common/src/com/netscape/cms/servlet/ocsp/RemoveCAServlet.java
index 3ec72bb8..2ecbdf1e 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/ocsp/RemoveCAServlet.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/ocsp/RemoveCAServlet.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.servlet.ocsp;
 
-
 import java.io.IOException;
 import java.util.Locale;
 
@@ -41,11 +40,11 @@ import com.netscape.cms.servlet.common.CMSTemplate;
 import com.netscape.cms.servlet.common.CMSTemplateParams;
 import com.netscape.cms.servlet.common.ECMSGWException;
 
-
 /**
  * Configure the CA to no longer respond to OCSP requests for a CA
- *
- * @version $Revision: 1274 $ $Date: 2010-09-07 22:14:41 -0700 (Tue, 07 Sep 2010) $
+ * 
+ * @version $Revision: 1274 $ $Date: 2010-09-07 22:14:41 -0700 (Tue, 07 Sep
+ *          2010) $
  */
 public class RemoveCAServlet extends CMSServlet {
 
@@ -58,12 +57,12 @@ public class RemoveCAServlet extends CMSServlet {
     private IOCSPAuthority mOCSPAuthority = null;
 
     private final static String LOGGING_SIGNED_AUDIT_OCSP_REMOVE_CA_REQUEST =
-        "LOGGING_SIGNED_AUDIT_OCSP_REMOVE_CA_REQUEST_3";
+            "LOGGING_SIGNED_AUDIT_OCSP_REMOVE_CA_REQUEST_3";
     private final static String LOGGING_SIGNED_AUDIT_OCSP_REMOVE_CA_REQUEST_PROCESSED_SUCCESS =
-        "LOGGING_SIGNED_AUDIT_OCSP_REMOVE_CA_REQUEST_PROCESSED_SUCCESS_3";
+            "LOGGING_SIGNED_AUDIT_OCSP_REMOVE_CA_REQUEST_PROCESSED_SUCCESS_3";
 
     private final static String LOGGING_SIGNED_AUDIT_OCSP_REMOVE_CA_REQUEST_PROCESSED_FAILURE =
-        "LOGGING_SIGNED_AUDIT_OCSP_REMOVE_CA_REQUEST_PROCESSED_FAILURE_3";
+            "LOGGING_SIGNED_AUDIT_OCSP_REMOVE_CA_REQUEST_PROCESSED_FAILURE_3";
 
     public RemoveCAServlet() {
         super();
@@ -72,7 +71,7 @@ public class RemoveCAServlet extends CMSServlet {
     /**
      * initialize the servlet. This servlet uses the template file
      * "addCA.template" to process the response.
-     *
+     * 
      * @param sc servlet configuration, read from the web.xml file
      */
     public void init(ServletConfig sc) throws ServletException {
@@ -90,18 +89,20 @@ public class RemoveCAServlet extends CMSServlet {
     /**
      * Process the HTTP request.
      * <ul>
-     * <li>http.param  ca id. The format is string.
-     * <li>signed.audit LOGGING_SIGNED_AUDIT_OCSP_REMOVE_CA_REQUEST used when
-     * a CA is attempted to be removed from the OCSP responder
-     * <li>signed.audit LOGGING_SIGNED_AUDIT_OCSP_REMOVE_CA_REQUEST_PROCESSED_SUCCESS
-     * and LOGGING_SIGNED_AUDIT_OCSP_REMOVE_CA_REQUEST_PROCESSED_FAILURE are used when 
-     * a remove CA request to the OCSP Responder is processed successfully or not.
+     * <li>http.param ca id. The format is string.
+     * <li>signed.audit LOGGING_SIGNED_AUDIT_OCSP_REMOVE_CA_REQUEST used when a
+     * CA is attempted to be removed from the OCSP responder
+     * <li>signed.audit
+     * LOGGING_SIGNED_AUDIT_OCSP_REMOVE_CA_REQUEST_PROCESSED_SUCCESS and
+     * LOGGING_SIGNED_AUDIT_OCSP_REMOVE_CA_REQUEST_PROCESSED_FAILURE are used
+     * when a remove CA request to the OCSP Responder is processed successfully
+     * or not.
      * </ul>
-     *
+     * 
      * @param cmsReq the object holding the request and response information
      */
     protected void process(CMSRequest cmsReq)
-        throws EBaseException {
+            throws EBaseException {
         HttpServletRequest req = cmsReq.getHttpReq();
         HttpServletResponse resp = cmsReq.getHttpResp();
         String auditMessage = null;
@@ -132,9 +133,9 @@ public class RemoveCAServlet extends CMSServlet {
             form = getTemplate(mFormPath, req, locale);
         } catch (IOException e) {
             log(ILogger.LL_FAILURE,
-                CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString()));
+                    CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString()));
             throw new ECMSGWException(
-              CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
+                    CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
         }
 
         IArgBlock header = CMS.createArgBlock();
@@ -142,79 +143,78 @@ public class RemoveCAServlet extends CMSServlet {
         CMSTemplateParams argSet = new CMSTemplateParams(header, fixed);
 
         if (auditSubjectID.equals(ILogger.NONROLEUSER) ||
-               auditSubjectID.equals(ILogger.UNIDENTIFIED))  {
+                auditSubjectID.equals(ILogger.UNIDENTIFIED)) {
             String uid = authToken.getInString(IAuthToken.USER_ID);
             if (uid != null) {
-                CMS.debug("RemoveCAServlet: auditSubjectID set to "+uid);
+                CMS.debug("RemoveCAServlet: auditSubjectID set to " + uid);
                 auditSubjectID = uid;
             }
         }
 
-       String caID = cmsReq.getHttpReq().getParameter("caID");
-
+        String caID = cmsReq.getHttpReq().getParameter("caID");
 
-       if (caID == null) {
-           auditMessage = CMS.getLogMessage(
-               LOGGING_SIGNED_AUDIT_OCSP_REMOVE_CA_REQUEST_PROCESSED_FAILURE,
-               auditSubjectID,
-               ILogger.FAILURE,
-               ILogger.SIGNED_AUDIT_EMPTY_VALUE);
+        if (caID == null) {
+            auditMessage = CMS.getLogMessage(
+                    LOGGING_SIGNED_AUDIT_OCSP_REMOVE_CA_REQUEST_PROCESSED_FAILURE,
+                    auditSubjectID,
+                    ILogger.FAILURE,
+                    ILogger.SIGNED_AUDIT_EMPTY_VALUE);
 
-           throw new ECMSGWException(CMS.getUserMessage(getLocale(req), "CMS_GW_MISSING_CA_ID"));
-       }
+            throw new ECMSGWException(CMS.getUserMessage(getLocale(req), "CMS_GW_MISSING_CA_ID"));
+        }
 
-       auditMessage = CMS.getLogMessage(
+        auditMessage = CMS.getLogMessage(
                 LOGGING_SIGNED_AUDIT_OCSP_REMOVE_CA_REQUEST,
                 auditSubjectID,
                 ILogger.SUCCESS,
                 caID);
 
-       audit( auditMessage );
+        audit(auditMessage);
 
-       IDefStore defStore = mOCSPAuthority.getDefaultStore();
+        IDefStore defStore = mOCSPAuthority.getDefaultStore();
 
-       try { 
-        defStore.deleteCRLIssuingPointRecord(caID);
+        try {
+            defStore.deleteCRLIssuingPointRecord(caID);
 
-       } catch (EBaseException e) {
+        } catch (EBaseException e) {
 
-           auditMessage = CMS.getLogMessage(
-               LOGGING_SIGNED_AUDIT_OCSP_REMOVE_CA_REQUEST_PROCESSED_FAILURE,
-               auditSubjectID,
-               ILogger.FAILURE,
-               caID);
-           audit( auditMessage );
+            auditMessage = CMS.getLogMessage(
+                    LOGGING_SIGNED_AUDIT_OCSP_REMOVE_CA_REQUEST_PROCESSED_FAILURE,
+                    auditSubjectID,
+                    ILogger.FAILURE,
+                    caID);
+            audit(auditMessage);
 
-           CMS.debug("RemoveCAServlet::process: Error deleting CRL IssuingPoint: " + caID);
-           throw new EBaseException(e.toString());
+            CMS.debug("RemoveCAServlet::process: Error deleting CRL IssuingPoint: " + caID);
+            throw new EBaseException(e.toString());
         }
 
         CMS.debug("RemoveCAServlet::process: CRL IssuingPoint for CA successfully removed: " + caID);
 
         auditMessage = CMS.getLogMessage(
-             LOGGING_SIGNED_AUDIT_OCSP_REMOVE_CA_REQUEST_PROCESSED_SUCCESS,
-             auditSubjectID,
-             ILogger.SUCCESS,
-             caID);
-        audit( auditMessage );
+                LOGGING_SIGNED_AUDIT_OCSP_REMOVE_CA_REQUEST_PROCESSED_SUCCESS,
+                auditSubjectID,
+                ILogger.SUCCESS,
+                caID);
+        audit(auditMessage);
 
         try {
             ServletOutputStream out = resp.getOutputStream();
             String error = null;
 
             String xmlOutput = req.getParameter("xml");
-			if (xmlOutput != null && xmlOutput.equals("true")) {
-			  outputXML(resp, argSet);
-			} else {
-			  resp.setContentType("text/html");
-			  form.renderOutput(out, argSet);
-			  cmsReq.setStatus(CMSRequest.SUCCESS);
-			}
+            if (xmlOutput != null && xmlOutput.equals("true")) {
+                outputXML(resp, argSet);
+            } else {
+                resp.setContentType("text/html");
+                form.renderOutput(out, argSet);
+                cmsReq.setStatus(CMSRequest.SUCCESS);
+            }
         } catch (IOException e) {
             log(ILogger.LL_FAILURE,
-                CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString()));
+                    CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString()));
             throw new ECMSGWException(
-              CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
+                    CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
         }
     }
 }
diff --git a/pki/base/common/src/com/netscape/cms/servlet/processors/CMCProcessor.java b/pki/base/common/src/com/netscape/cms/servlet/processors/CMCProcessor.java
index 1e44dad1..e7d63602 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/processors/CMCProcessor.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/processors/CMCProcessor.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.servlet.processors;
 
-
 import java.io.ByteArrayInputStream;
 import java.io.ByteArrayOutputStream;
 import java.io.IOException;
@@ -72,11 +71,10 @@ import com.netscape.cms.servlet.base.CMSServlet;
 import com.netscape.cms.servlet.common.CMSRequest;
 import com.netscape.cms.servlet.common.ECMSGWException;
 
-
 /**
- * Process CMC messages according to RFC 2797
- * See http://www.ietf.org/rfc/rfc2797.txt
- *
+ * Process CMC messages according to RFC 2797 See
+ * http://www.ietf.org/rfc/rfc2797.txt
+ * 
  * @version $Revision$, $Date$
  */
 public class CMCProcessor extends PKIProcessor {
@@ -95,18 +93,18 @@ public class CMCProcessor extends PKIProcessor {
     }
 
     public void process(CMSRequest cmsReq)
-        throws EBaseException {
+            throws EBaseException {
     }
 
     public void fillCertInfo(
-        String protocolString, X509CertInfo certInfo,
-        IAuthToken authToken, IArgBlock httpParams)
-        throws EBaseException {
+            String protocolString, X509CertInfo certInfo,
+            IAuthToken authToken, IArgBlock httpParams)
+            throws EBaseException {
     }
 
     public X509CertInfo[] fillCertInfoArray(
-        String protocolString, IAuthToken authToken, IArgBlock httpParams, IRequest req)
-        throws EBaseException {
+            String protocolString, IAuthToken authToken, IArgBlock httpParams, IRequest req)
+            throws EBaseException {
 
         CMS.debug("CMCProcessor: In CMCProcessor.fillCertInfoArray!");
         String cmc = protocolString;
@@ -114,17 +112,16 @@ public class CMCProcessor extends PKIProcessor {
         try {
             byte[] cmcBlob = CMS.AtoB(cmc);
             ByteArrayInputStream cmcBlobIn =
-                new ByteArrayInputStream(cmcBlob);
+                    new ByteArrayInputStream(cmcBlob);
 
             org.mozilla.jss.pkix.cms.ContentInfo cmcReq = (org.mozilla.jss.pkix.cms.ContentInfo)
-                org.mozilla.jss.pkix.cms.ContentInfo.getTemplate().decode(cmcBlobIn);
+                    org.mozilla.jss.pkix.cms.ContentInfo.getTemplate().decode(cmcBlobIn);
 
-            if
-            (!cmcReq.getContentType().equals(org.mozilla.jss.pkix.cms.ContentInfo.SIGNED_DATA) || !cmcReq.hasContent())
+            if (!cmcReq.getContentType().equals(org.mozilla.jss.pkix.cms.ContentInfo.SIGNED_DATA) || !cmcReq.hasContent())
                 throw new ECMSGWException(CMS.getUserMessage("CMS_GW_NO_CMC_CONTENT"));
 
             SignedData cmcFullReq = (SignedData)
-                cmcReq.getInterpretedContent();
+                    cmcReq.getInterpretedContent();
 
             EncapsulatedContentInfo ci = cmcFullReq.getContentInfo();
 
@@ -132,7 +129,7 @@ public class CMCProcessor extends PKIProcessor {
 
             if (!id.equals(OBJECT_IDENTIFIER.id_cct_PKIData) || !ci.hasContent()) {
                 throw new ECMSGWException(
-                  CMS.getUserMessage("CMS_GW_NO_PKIDATA"));
+                        CMS.getUserMessage("CMS_GW_NO_PKIDATA"));
             }
             OCTET_STRING content = ci.getContent();
 
@@ -144,7 +141,7 @@ public class CMCProcessor extends PKIProcessor {
             int numReqs = reqSequence.size();
             X509CertInfo[] certInfoArray = new X509CertInfo[numReqs];
             String[] reqIdArray = new String[numReqs];
-            
+
             for (int i = 0; i < numReqs; i++) {
                 // decode message.
                 TaggedRequest taggedRequest = (TaggedRequest) reqSequence.elementAt(i);
@@ -158,7 +155,7 @@ public class CMCProcessor extends PKIProcessor {
                     reqIdArray[i] = String.valueOf(p10Id);
 
                     CertificationRequest p10 =
-                        tcr.getCertificationRequest();
+                            tcr.getCertificationRequest();
 
                     // transfer to sun class
                     ByteArrayOutputStream ostream = new ByteArrayOutputStream();
@@ -169,13 +166,13 @@ public class CMCProcessor extends PKIProcessor {
 
                     try {
                         PKCS10 pkcs10 = new PKCS10(ostream.toByteArray());
-                        //xxx do we need to do anything else?
+                        // xxx do we need to do anything else?
                         X509CertInfo certInfo = CMS.getDefaultX509CertInfo();
 
                         pkcs10Processor.fillCertInfo(pkcs10, certInfo, authToken, httpParams);
 
-                        /*    fillPKCS10(pkcs10,certInfo,
-                         authToken, httpParams);
+                        /*
+                         * fillPKCS10(pkcs10,certInfo, authToken, httpParams);
                          */
 
                         certInfoArray[i] = certInfo;
@@ -195,7 +192,7 @@ public class CMCProcessor extends PKIProcessor {
 
                     reqIdArray[i] = String.valueOf(srcId);
 
-                    certInfoArray[i] = crmfProc.processIndividualRequest(crm, authToken, httpParams); 
+                    certInfoArray[i] = crmfProc.processIndividualRequest(crm, authToken, httpParams);
 
                 } else {
                     throw new ECMSGWException(CMS.getUserMessage("CMS_GW_NO_CMC_CONTENT"));
@@ -209,12 +206,12 @@ public class CMCProcessor extends PKIProcessor {
 
             for (int i = 0; i < numDig; i++) {
                 AlgorithmIdentifier dai =
-                    (AlgorithmIdentifier) dais.elementAt(i);
+                        (AlgorithmIdentifier) dais.elementAt(i);
                 String name =
-                    DigestAlgorithm.fromOID(dai.getOID()).toString();
+                        DigestAlgorithm.fromOID(dai.getOID()).toString();
 
                 MessageDigest md =
-                    MessageDigest.getInstance(name);
+                        MessageDigest.getInstance(name);
 
                 byte[] digest = md.digest(content.toByteArray());
 
@@ -226,8 +223,8 @@ public class CMCProcessor extends PKIProcessor {
 
             for (int i = 0; i < numSis; i++) {
                 org.mozilla.jss.pkix.cms.SignerInfo si =
-                    (org.mozilla.jss.pkix.cms.SignerInfo)
-                    sis.elementAt(i);
+                        (org.mozilla.jss.pkix.cms.SignerInfo)
+                        sis.elementAt(i);
 
                 String name = si.getDigestAlgorithm().toString();
                 byte[] digest = (byte[]) digs.get(name);
@@ -243,8 +240,7 @@ public class CMCProcessor extends PKIProcessor {
 
                 SignerIdentifier sid = si.getSignerIdentifier();
 
-                if
-                (sid.getType().equals(SignerIdentifier.ISSUER_AND_SERIALNUMBER)) {
+                if (sid.getType().equals(SignerIdentifier.ISSUER_AND_SERIALNUMBER)) {
                     IssuerAndSerialNumber issuerAndSerialNumber = sid.getIssuerAndSerialNumber();
                     // find from the certs in the signedData
                     X509Certificate cert = null;
@@ -255,20 +251,19 @@ public class CMCProcessor extends PKIProcessor {
 
                         for (int j = 0; j < numCerts; j++) {
                             Certificate certJss =
-                                (Certificate) certs.elementAt(j);
+                                    (Certificate) certs.elementAt(j);
                             CertificateInfo certI =
-                                certJss.getInfo();
+                                    certJss.getInfo();
                             Name issuer = certI.getIssuer();
                             byte[] issuerB = ASN1Util.encode(issuer);
 
                             INTEGER sn = certI.getSerialNumber();
 
-                            if (
-                                new String(issuerB).equals(new
+                            if (new String(issuerB).equals(new
                                     String(ASN1Util.encode(issuerAndSerialNumber.getIssuer())))
-                                && sn.toString().equals(issuerAndSerialNumber.getSerialNumber().toString())) {
+                                    && sn.toString().equals(issuerAndSerialNumber.getSerialNumber().toString())) {
                                 ByteArrayOutputStream os = new
-                                    ByteArrayOutputStream();
+                                        ByteArrayOutputStream();
 
                                 certJss.encode(os);
                                 cert = new X509CertImpl(os.toByteArray());
@@ -296,8 +291,8 @@ public class CMCProcessor extends PKIProcessor {
                         } else {
                         }
                         PK11PubKey pubK =
-                            PK11PubKey.fromRaw(keyType,
-                                ((X509Key) signKey).getKey());
+                                PK11PubKey.fromRaw(keyType,
+                                        ((X509Key) signKey).getKey());
 
                         si.verify(digest, id, pubK);
                     }
@@ -321,8 +316,7 @@ public class CMCProcessor extends PKIProcessor {
                         j++;
                     }
                     if (signKey == null) {
-                        throw new
-                            ECMSGWException(CMS.getUserMessage("CMS_GW_CMC_ERROR",
+                        throw new ECMSGWException(CMS.getUserMessage("CMS_GW_CMC_ERROR",
                                 "SubjectKeyIdentifier in SignerInfo does not match any publicKey in the request."));
                     } else {
                         PrivateKey.Type keyType = null;
@@ -352,7 +346,7 @@ public class CMCProcessor extends PKIProcessor {
 
             for (int i = 0; i < numControls; i++) {
                 TaggedAttribute control =
-                    (TaggedAttribute) controls.elementAt(i);
+                        (TaggedAttribute) controls.elementAt(i);
                 OBJECT_IDENTIFIER type = control.getType();
                 SET values = control.getValues();
                 int numVals = values.size();
@@ -364,7 +358,7 @@ public class CMCProcessor extends PKIProcessor {
                         vals = new String[numVals];
                     for (int j = 0; j < numVals; j++) {
                         ANY val = (ANY)
-                            values.elementAt(j);
+                                values.elementAt(j);
                         INTEGER transId = (INTEGER) ((ANY) val).decodeWith(
                                 INTEGER.getTemplate());
 
@@ -374,17 +368,16 @@ public class CMCProcessor extends PKIProcessor {
                     }
                     if (vals != null)
                         req.setExtData(IRequest.CMC_TRANSID, vals);
-                } else if
-                (type.equals(OBJECT_IDENTIFIER.id_cmc_senderNonce)) {
+                } else if (type.equals(OBJECT_IDENTIFIER.id_cmc_senderNonce)) {
                     String[] vals = null;
 
                     if (numVals > 0)
                         vals = new String[numVals];
                     for (int j = 0; j < numVals; j++) {
                         ANY val = (ANY)
-                            values.elementAt(j);
+                                values.elementAt(j);
                         OCTET_STRING nonce = (OCTET_STRING)
-                            ((ANY) val).decodeWith(OCTET_STRING.getTemplate());
+                                ((ANY) val).decodeWith(OCTET_STRING.getTemplate());
 
                         if (nonce != null) {
                             vals[j] = new String(nonce.toByteArray());
@@ -409,27 +402,27 @@ public class CMCProcessor extends PKIProcessor {
             return certInfoArray;
         } catch (CertificateException e) {
             log(ILogger.LL_FAILURE,
-                CMS.getLogMessage("CMSGW_ERROR_CMC_TO_CERTINFO_1", e.toString()));
+                    CMS.getLogMessage("CMSGW_ERROR_CMC_TO_CERTINFO_1", e.toString()));
             throw new ECMSGWException(
-              CMS.getUserMessage("CMS_GW_CMC_TO_CERTINFO_ERROR"));
+                    CMS.getUserMessage("CMS_GW_CMC_TO_CERTINFO_ERROR"));
         } catch (IOException e) {
             log(ILogger.LL_FAILURE,
-                CMS.getLogMessage("CMSGW_ERROR_CMC_TO_CERTINFO_1", e.toString()));
+                    CMS.getLogMessage("CMSGW_ERROR_CMC_TO_CERTINFO_1", e.toString()));
             throw new ECMSGWException(
-              CMS.getUserMessage("CMS_GW_CMC_TO_CERTINFO_ERROR"));
+                    CMS.getUserMessage("CMS_GW_CMC_TO_CERTINFO_ERROR"));
         } catch (InvalidBERException e) {
             log(ILogger.LL_FAILURE,
-                CMS.getLogMessage("CMSGW_ERROR_CMC_TO_CERTINFO_1", e.toString()));
+                    CMS.getLogMessage("CMSGW_ERROR_CMC_TO_CERTINFO_1", e.toString()));
             throw new ECMSGWException(
-              CMS.getUserMessage("CMS_GW_CMC_TO_CERTINFO_ERROR"));
+                    CMS.getUserMessage("CMS_GW_CMC_TO_CERTINFO_ERROR"));
         } catch (InvalidKeyException e) {
             log(ILogger.LL_FAILURE,
-                CMS.getLogMessage("CMSGW_ERROR_CMC_TO_CERTINFO_1", e.toString()));
+                    CMS.getLogMessage("CMSGW_ERROR_CMC_TO_CERTINFO_1", e.toString()));
             throw new ECMSGWException(
-              CMS.getUserMessage("CMS_GW_CMC_TO_CERTINFO_ERROR"));
-        }catch (Exception e) {
+                    CMS.getUserMessage("CMS_GW_CMC_TO_CERTINFO_ERROR"));
+        } catch (Exception e) {
             throw new ECMSGWException(
-              CMS.getUserMessage("CMS_GW_CMC_ERROR", e.toString()));
+                    CMS.getUserMessage("CMS_GW_CMC_ERROR", e.toString()));
         }
 
     }
diff --git a/pki/base/common/src/com/netscape/cms/servlet/processors/CRMFProcessor.java b/pki/base/common/src/com/netscape/cms/servlet/processors/CRMFProcessor.java
index 27648758..361bf594 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/processors/CRMFProcessor.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/processors/CRMFProcessor.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.servlet.processors;
 
-
 import java.io.ByteArrayInputStream;
 import java.io.ByteArrayOutputStream;
 import java.io.IOException;
@@ -56,11 +55,10 @@ import com.netscape.cms.servlet.base.CMSServlet;
 import com.netscape.cms.servlet.common.CMSRequest;
 import com.netscape.cms.servlet.common.ECMSGWException;
 
-
 /**
- * Process CRMF requests, according to RFC 2511
- * See http://www.ietf.org/rfc/rfc2511.txt
- *
+ * Process CRMF requests, according to RFC 2511 See
+ * http://www.ietf.org/rfc/rfc2511.txt
+ * 
  * @version $Revision$, $Date$
  */
 public class CRMFProcessor extends PKIProcessor {
@@ -70,7 +68,7 @@ public class CRMFProcessor extends PKIProcessor {
     private boolean enforcePop = false;
 
     private final static String LOGGING_SIGNED_AUDIT_PROOF_OF_POSSESSION =
-        "LOGGING_SIGNED_AUDIT_PROOF_OF_POSSESSION_2";
+            "LOGGING_SIGNED_AUDIT_PROOF_OF_POSSESSION_2";
 
     public CRMFProcessor() {
         super();
@@ -84,22 +82,23 @@ public class CRMFProcessor extends PKIProcessor {
     }
 
     public void process(CMSRequest cmsReq)
-        throws EBaseException {
+            throws EBaseException {
     }
 
     /**
      * Verify Proof of Possession (POP)
      * <P>
-     *
+     * 
      * <ul>
      * <li>signed.audit LOGGING_SIGNED_AUDIT_PROOF_OF_POSSESSION used when proof
      * of possession is checked during certificate enrollment
      * </ul>
+     * 
      * @param certReqMsg the certificate request message
      * @exception EBaseException an error has occurred
      */
     private void verifyPOP(CertReqMsg certReqMsg)
-        throws EBaseException {
+            throws EBaseException {
         String auditMessage = null;
         String auditSubjectID = auditSubjectID();
 
@@ -118,59 +117,59 @@ public class CRMFProcessor extends PKIProcessor {
 
                         // store a message in the signed audit log file
                         auditMessage = CMS.getLogMessage(
-                            LOGGING_SIGNED_AUDIT_PROOF_OF_POSSESSION,
-                            auditSubjectID,
-                            ILogger.SUCCESS );
+                                LOGGING_SIGNED_AUDIT_PROOF_OF_POSSESSION,
+                                auditSubjectID,
+                                ILogger.SUCCESS);
 
-                        audit( auditMessage );
+                        audit(auditMessage);
                     } catch (Exception e) {
                         CMS.debug("CRMFProcessor: Failed POP verify!");
 
                         log(ILogger.LL_FAILURE,
-                            CMS.getLogMessage("CMSGW_ERROR_POP_VERIFY"));
+                                CMS.getLogMessage("CMSGW_ERROR_POP_VERIFY"));
 
                         // store a message in the signed audit log file
                         auditMessage = CMS.getLogMessage(
-                            LOGGING_SIGNED_AUDIT_PROOF_OF_POSSESSION,
-                            auditSubjectID,
-                            ILogger.FAILURE );
+                                LOGGING_SIGNED_AUDIT_PROOF_OF_POSSESSION,
+                                auditSubjectID,
+                                ILogger.FAILURE);
 
-                        audit( auditMessage );
+                        audit(auditMessage);
 
                         throw new ECMSGWException(
-                            CMS.getLogMessage("CMSGW_ERROR_POP_VERIFY"));
+                                CMS.getLogMessage("CMSGW_ERROR_POP_VERIFY"));
                     }
                 }
             } else {
                 if (enforcePop == true) {
                     log(ILogger.LL_FAILURE,
-                        CMS.getLogMessage("CMSGW_ERROR_NO_POP"));
+                            CMS.getLogMessage("CMSGW_ERROR_NO_POP"));
 
                     // store a message in the signed audit log file
                     auditMessage = CMS.getLogMessage(
-                        LOGGING_SIGNED_AUDIT_PROOF_OF_POSSESSION,
-                        auditSubjectID,
-                        ILogger.FAILURE );
+                            LOGGING_SIGNED_AUDIT_PROOF_OF_POSSESSION,
+                            auditSubjectID,
+                            ILogger.FAILURE);
 
-                    audit( auditMessage );
+                    audit(auditMessage);
 
                     throw new ECMSGWException(
-                        CMS.getLogMessage("CMSGW_ERROR_NO_POP"));
+                            CMS.getLogMessage("CMSGW_ERROR_NO_POP"));
                 }
             }
-        } catch( EBaseException eAudit1 ) {
+        } catch (EBaseException eAudit1) {
             // store a message in the signed audit log file
             auditMessage = CMS.getLogMessage(
-                LOGGING_SIGNED_AUDIT_PROOF_OF_POSSESSION,
-                auditSubjectID,
-                ILogger.FAILURE );
+                    LOGGING_SIGNED_AUDIT_PROOF_OF_POSSESSION,
+                    auditSubjectID,
+                    ILogger.FAILURE);
 
-            audit( auditMessage );
+            audit(auditMessage);
         }
     }
 
-    public X509CertInfo  processIndividualRequest(CertReqMsg certReqMsg, IAuthToken authToken, IArgBlock httpParams)
-        throws EBaseException {
+    public X509CertInfo processIndividualRequest(CertReqMsg certReqMsg, IAuthToken authToken, IArgBlock httpParams)
+            throws EBaseException {
         CMS.debug("CRMFProcessor::processIndividualRequest!");
 
         try {
@@ -205,21 +204,21 @@ public class CRMFProcessor extends PKIProcessor {
             if (certTemplate.hasSubject()) {
                 Name subjectdn = certTemplate.getSubject();
                 ByteArrayOutputStream subjectEncStream =
-                    new ByteArrayOutputStream();
+                        new ByteArrayOutputStream();
 
                 subjectdn.encode(subjectEncStream);
                 byte[] subjectEnc = subjectEncStream.toByteArray();
                 X500Name subject = new X500Name(subjectEnc);
 
                 certInfo.set(X509CertInfo.SUBJECT,
-                    new CertificateSubjectName(subject));
+                        new CertificateSubjectName(subject));
             } else if (authToken == null ||
-                authToken.getInString(AuthToken.TOKEN_CERT_SUBJECT) == null) {
+                    authToken.getInString(AuthToken.TOKEN_CERT_SUBJECT) == null) {
                 // No subject name - error!
                 log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("CMSGW_MISSING_SUBJECT_NAME_FROM_AUTHTOKEN"));
+                        CMS.getLogMessage("CMSGW_MISSING_SUBJECT_NAME_FROM_AUTHTOKEN"));
                 throw new ECMSGWException(
-                  CMS.getUserMessage("CMS_GW_MISSING_SUBJECT_NAME_FROM_AUTHTOKEN"));
+                        CMS.getUserMessage("CMS_GW_MISSING_SUBJECT_NAME_FROM_AUTHTOKEN"));
             }
 
             // get extensions
@@ -243,10 +242,10 @@ public class CRMFProcessor extends PKIProcessor {
 
                 for (int j = 0; j < numexts; j++) {
                     org.mozilla.jss.pkix.cert.Extension jssext =
-                        certTemplate.extensionAt(j);
+                            certTemplate.extensionAt(j);
                     boolean isCritical = jssext.getCritical();
                     org.mozilla.jss.asn1.OBJECT_IDENTIFIER jssoid =
-                        jssext.getExtnId();
+                            jssext.getExtnId();
                     long[] numbers = jssoid.getNumbers();
                     int[] oidNumbers = new int[numbers.length];
 
@@ -254,23 +253,23 @@ public class CRMFProcessor extends PKIProcessor {
                         oidNumbers[k] = (int) numbers[k];
                     }
                     ObjectIdentifier oid =
-                        new ObjectIdentifier(oidNumbers);
+                            new ObjectIdentifier(oidNumbers);
                     org.mozilla.jss.asn1.OCTET_STRING jssvalue =
-                        jssext.getExtnValue();
+                            jssext.getExtnValue();
                     ByteArrayOutputStream jssvalueout =
-                        new ByteArrayOutputStream();
+                            new ByteArrayOutputStream();
 
                     jssvalue.encode(jssvalueout);
                     byte[] extValue = jssvalueout.toByteArray();
 
                     Extension ext =
-                        new Extension(oid, isCritical, extValue);
+                            new Extension(oid, isCritical, extValue);
 
                     extensions.parseExtension(ext);
                 }
 
                 certInfo.set(X509CertInfo.VERSION,
-                    new CertificateVersion(CertificateVersion.V3));
+                        new CertificateVersion(CertificateVersion.V3));
                 certInfo.set(X509CertInfo.EXTENSIONS, extensions);
 
             }
@@ -283,7 +282,7 @@ public class CRMFProcessor extends PKIProcessor {
             // formulation.
             // -- CRMFfillCert
             if (authToken != null &&
-                authToken.getInString(AuthToken.TOKEN_CERT_SUBJECT) != null) {
+                    authToken.getInString(AuthToken.TOKEN_CERT_SUBJECT) != null) {
                 // if authenticated override subect name, validity and
                 // extensions if any from authtoken.
                 fillCertInfoFromAuthToken(certInfo, authToken);
@@ -300,31 +299,31 @@ public class CRMFProcessor extends PKIProcessor {
 
         } catch (CertificateException e) {
             log(ILogger.LL_FAILURE,
-                CMS.getLogMessage("CMSGW_ERROR_CRMF_TO_CERTINFO_1", e.toString()));
+                    CMS.getLogMessage("CMSGW_ERROR_CRMF_TO_CERTINFO_1", e.toString()));
             throw new ECMSGWException(
-              CMS.getUserMessage("CMS_GW_CRMF_TO_CERTINFO_ERROR"));
+                    CMS.getUserMessage("CMS_GW_CRMF_TO_CERTINFO_ERROR"));
         } catch (IOException e) {
             log(ILogger.LL_FAILURE,
-                CMS.getLogMessage("CMSGW_ERROR_CRMF_TO_CERTINFO_1", e.toString()));
+                    CMS.getLogMessage("CMSGW_ERROR_CRMF_TO_CERTINFO_1", e.toString()));
             throw new ECMSGWException(
-              CMS.getUserMessage("CMS_GW_CRMF_TO_CERTINFO_ERROR"));
-        } /* catch (InvalidBERException e) {
-         log(ILogger.LL_FAILURE,
-         CMS.getLogMessage("CMSGW_ERROR_CRMF_TO_CERTINFO_1",e.toString()));
-         throw new ECMSGWException(
-         CMSGWResources.ERROR_CRMF_TO_CERTINFO);
-         } */ catch (InvalidKeyException e) {
+                    CMS.getUserMessage("CMS_GW_CRMF_TO_CERTINFO_ERROR"));
+        } /*
+           * catch (InvalidBERException e) { log(ILogger.LL_FAILURE,
+           * CMS.getLogMessage("CMSGW_ERROR_CRMF_TO_CERTINFO_1",e.toString()));
+           * throw new ECMSGWException( CMSGWResources.ERROR_CRMF_TO_CERTINFO);
+           * }
+           */catch (InvalidKeyException e) {
             log(ILogger.LL_FAILURE,
-                CMS.getLogMessage("CMSGW_ERROR_CRMF_TO_CERTINFO_1", e.toString()));
+                    CMS.getLogMessage("CMSGW_ERROR_CRMF_TO_CERTINFO_1", e.toString()));
             throw new ECMSGWException(
-              CMS.getUserMessage("CMS_GW_CRMF_TO_CERTINFO_ERROR"));
+                    CMS.getUserMessage("CMS_GW_CRMF_TO_CERTINFO_ERROR"));
         }
 
     }
 
     public X509CertInfo[] fillCertInfoArray(
-        String protocolString, IAuthToken authToken, IArgBlock httpParams, IRequest req)
-        throws EBaseException {
+            String protocolString, IAuthToken authToken, IArgBlock httpParams, IRequest req)
+            throws EBaseException {
 
         CMS.debug("CRMFProcessor.fillCertInfoArray!");
 
@@ -333,10 +332,10 @@ public class CRMFProcessor extends PKIProcessor {
         try {
             byte[] crmfBlob = CMS.AtoB(crmf);
             ByteArrayInputStream crmfBlobIn =
-                new ByteArrayInputStream(crmfBlob);
+                    new ByteArrayInputStream(crmfBlob);
 
             SEQUENCE crmfMsgs = (SEQUENCE)
-                new SEQUENCE.OF_Template(new CertReqMsg.Template()).decode(crmfBlobIn);
+                    new SEQUENCE.OF_Template(new CertReqMsg.Template()).decode(crmfBlobIn);
 
             int nummsgs = crmfMsgs.size();
             X509CertInfo[] certInfoArray = new X509CertInfo[nummsgs];
@@ -344,7 +343,7 @@ public class CRMFProcessor extends PKIProcessor {
             for (int i = 0; i < nummsgs; i++) {
                 // decode message.
                 CertReqMsg certReqMsg = (CertReqMsg) crmfMsgs.elementAt(i);
-             
+
                 CertRequest certReq = certReqMsg.getCertReq();
                 INTEGER certReqId = certReq.getCertReqId();
                 int srcId = certReqId.intValue();
@@ -355,20 +354,19 @@ public class CRMFProcessor extends PKIProcessor {
 
             }
 
-            //do_testbed_hack(nummsgs, certInfoArray, httpParams);
+            // do_testbed_hack(nummsgs, certInfoArray, httpParams);
 
             return certInfoArray;
         } catch (IOException e) {
             log(ILogger.LL_FAILURE,
-                CMS.getLogMessage("CMSGW_ERROR_CRMF_TO_CERTINFO_1", e.toString()));
+                    CMS.getLogMessage("CMSGW_ERROR_CRMF_TO_CERTINFO_1", e.toString()));
             throw new ECMSGWException(
-              CMS.getUserMessage("CMS_GW_CRMF_TO_CERTINFO_ERROR"));
+                    CMS.getUserMessage("CMS_GW_CRMF_TO_CERTINFO_ERROR"));
         } catch (InvalidBERException e) {
             log(ILogger.LL_FAILURE,
-                CMS.getLogMessage("CMSGW_ERROR_CRMF_TO_CERTINFO_1", e.toString()));
+                    CMS.getLogMessage("CMSGW_ERROR_CRMF_TO_CERTINFO_1", e.toString()));
             throw new ECMSGWException(
-              CMS.getUserMessage("CMS_GW_CRMF_TO_CERTINFO_ERROR"));
+                    CMS.getUserMessage("CMS_GW_CRMF_TO_CERTINFO_ERROR"));
         }
     }
 }
-
diff --git a/pki/base/common/src/com/netscape/cms/servlet/processors/IPKIProcessor.java b/pki/base/common/src/com/netscape/cms/servlet/processors/IPKIProcessor.java
index d021f653..9139f888 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/processors/IPKIProcessor.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/processors/IPKIProcessor.java
@@ -17,19 +17,17 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.servlet.processors;
 
-
 import com.netscape.certsrv.base.EBaseException;
 import com.netscape.cms.servlet.common.CMSRequest;
 
-
 /**
  * This represents the request parser.
- *
+ * 
  * @version $Revision$, $Date$
  */
 public interface IPKIProcessor {
 
     public void process(CMSRequest cmsReq)
-        throws EBaseException;
+            throws EBaseException;
 
 }
diff --git a/pki/base/common/src/com/netscape/cms/servlet/processors/KeyGenProcessor.java b/pki/base/common/src/com/netscape/cms/servlet/processors/KeyGenProcessor.java
index cc035033..810c3ff2 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/processors/KeyGenProcessor.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/processors/KeyGenProcessor.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.servlet.processors;
 
-
 import java.io.IOException;
 import java.security.cert.CertificateException;
 
@@ -37,11 +36,10 @@ import com.netscape.cms.servlet.base.CMSServlet;
 import com.netscape.cms.servlet.common.CMSRequest;
 import com.netscape.cms.servlet.common.ECMSGWException;
 
-
 /**
- * KeyGenProcess parses Certificate request matching the
- * KEYGEN tag format used by Netscape Communicator 4.x
- *
+ * KeyGenProcess parses Certificate request matching the KEYGEN tag format used
+ * by Netscape Communicator 4.x
+ * 
  * @version $Revision$, $Date$
  */
 public class KeyGenProcessor extends PKIProcessor {
@@ -56,13 +54,13 @@ public class KeyGenProcessor extends PKIProcessor {
     }
 
     public void process(CMSRequest cmsReq)
-        throws EBaseException {
+            throws EBaseException {
     }
 
     public void fillCertInfo(
-        String protocolString, X509CertInfo certInfo,
-        IAuthToken authToken, IArgBlock httpParams)
-        throws EBaseException {
+            String protocolString, X509CertInfo certInfo,
+            IAuthToken authToken, IArgBlock httpParams)
+            throws EBaseException {
 
         CMS.debug("KeyGenProcessor: fillCertInfo");
 
@@ -72,7 +70,7 @@ public class KeyGenProcessor extends PKIProcessor {
 
         KeyGenInfo keyGenInfo = httpParams.getValueAsKeyGenInfo(
                 PKIProcessor.SUBJECT_KEYGEN_INFO, null);
-    
+
         // fill key
         X509Key key = null;
 
@@ -80,20 +78,20 @@ public class KeyGenProcessor extends PKIProcessor {
         if (key == null) {
             log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_MISSING_KEY_IN_KEYGENINFO"));
             throw new ECMSGWException(
-              CMS.getUserMessage("CMS_GW_MISSING_KEY_IN_KEYGENINFO"));
+                    CMS.getUserMessage("CMS_GW_MISSING_KEY_IN_KEYGENINFO"));
         }
         try {
             certInfo.set(X509CertInfo.KEY, new CertificateX509Key(key));
         } catch (CertificateException e) {
             log(ILogger.LL_FAILURE,
-                "Could not set key into certInfo from keygen. Error " + e);
+                    "Could not set key into certInfo from keygen. Error " + e);
             throw new ECMSGWException(
-              CMS.getUserMessage("CMS_GW_SET_KEY_FROM_KEYGEN_FAILED", e.toString()));
+                    CMS.getUserMessage("CMS_GW_SET_KEY_FROM_KEYGEN_FAILED", e.toString()));
         } catch (IOException e) {
             log(ILogger.LL_FAILURE,
-                CMS.getLogMessage("CMSGW_FAILED_SET_KEY_FROM_KEYGEN_1", e.toString()));
+                    CMS.getLogMessage("CMSGW_FAILED_SET_KEY_FROM_KEYGEN_1", e.toString()));
             throw new ECMSGWException(
-              CMS.getUserMessage("CMS_GW_SET_KEY_FROM_KEYGEN_FAILED", e.toString()));
+                    CMS.getUserMessage("CMS_GW_SET_KEY_FROM_KEYGEN_FAILED", e.toString()));
         }
 
         String authMgr = mServlet.getAuthMgr();
@@ -106,12 +104,12 @@ public class KeyGenProcessor extends PKIProcessor {
             if (authToken.getInString(AuthToken.TOKEN_CERT_SUBJECT) == null) {
                 // allow special case for agent gateway in admin enroll
                 // and bulk issuance.
-                if (!authMgr.equals(IAuthSubsystem.CERTUSERDB_AUTHMGR_ID) && 
-                    !authMgr.equals(IAuthSubsystem.PASSWDUSERDB_AUTHMGR_ID)) {
+                if (!authMgr.equals(IAuthSubsystem.CERTUSERDB_AUTHMGR_ID) &&
+                        !authMgr.equals(IAuthSubsystem.PASSWDUSERDB_AUTHMGR_ID)) {
                     log(ILogger.LL_FAILURE,
-                        CMS.getLogMessage("CMSGW_MISSING_SUBJECT_NAME_FROM_AUTHTOKEN"));
+                            CMS.getLogMessage("CMSGW_MISSING_SUBJECT_NAME_FROM_AUTHTOKEN"));
                     throw new ECMSGWException(
-                      CMS.getUserMessage("CMS_GW_MISSING_SUBJECT_NAME_FROM_AUTHTOKEN"));
+                            CMS.getUserMessage("CMS_GW_MISSING_SUBJECT_NAME_FROM_AUTHTOKEN"));
                 }
                 fillCertInfoFromForm(certInfo, httpParams);
             } else {
diff --git a/pki/base/common/src/com/netscape/cms/servlet/processors/PKCS10Processor.java b/pki/base/common/src/com/netscape/cms/servlet/processors/PKCS10Processor.java
index 53d38455..5079969e 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/processors/PKCS10Processor.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/processors/PKCS10Processor.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.servlet.processors;
 
-
 import java.io.IOException;
 import java.security.cert.CertificateException;
 
@@ -46,12 +45,10 @@ import com.netscape.cms.servlet.base.CMSServlet;
 import com.netscape.cms.servlet.common.CMSRequest;
 import com.netscape.cms.servlet.common.ECMSGWException;
 
-
 /**
- * PKCS10Processor process Certificate Requests in
- * PKCS10 format, as defined here:
- * http://www.rsasecurity.com/rsalabs/pkcs/pkcs-10/index.html
- *
+ * PKCS10Processor process Certificate Requests in PKCS10 format, as defined
+ * here: http://www.rsasecurity.com/rsalabs/pkcs/pkcs-10/index.html
+ * 
  * @version $Revision$, $Date$
  */
 public class PKCS10Processor extends PKIProcessor {
@@ -61,7 +58,7 @@ public class PKCS10Processor extends PKIProcessor {
     private final String USE_INTERNAL_PKCS10 = "internal";
 
     public PKCS10Processor() {
-    
+
         super();
     }
 
@@ -71,24 +68,24 @@ public class PKCS10Processor extends PKIProcessor {
     }
 
     public void process(CMSRequest cmsReq)
-        throws EBaseException {
+            throws EBaseException {
     }
 
-    public    void fillCertInfo(
-        PKCS10 pkcs10, X509CertInfo certInfo,
-        IAuthToken authToken, IArgBlock httpParams)
-        throws EBaseException {
+    public void fillCertInfo(
+            PKCS10 pkcs10, X509CertInfo certInfo,
+            IAuthToken authToken, IArgBlock httpParams)
+            throws EBaseException {
 
         mPkcs10 = pkcs10;
-    
-        fillCertInfo(USE_INTERNAL_PKCS10, certInfo, authToken, httpParams); 
+
+        fillCertInfo(USE_INTERNAL_PKCS10, certInfo, authToken, httpParams);
 
     }
 
     public void fillCertInfo(
-        String protocolString, X509CertInfo certInfo,
-        IAuthToken authToken, IArgBlock httpParams)
-        throws EBaseException {
+            String protocolString, X509CertInfo certInfo,
+            IAuthToken authToken, IArgBlock httpParams)
+            throws EBaseException {
 
         PKCS10 p10 = null;
 
@@ -99,8 +96,8 @@ public class PKCS10Processor extends PKIProcessor {
         } else if (protocolString.equals(USE_INTERNAL_PKCS10)) {
             p10 = mPkcs10;
         } else {
-            CMS.debug( "PKCS10Processor::fillCertInfo() - p10 is null!" );
-            throw new EBaseException( "p10 is null" );
+            CMS.debug("PKCS10Processor::fillCertInfo() - p10 is null!");
+            throw new EBaseException("p10 is null");
         }
 
         if (mServlet == null) {
@@ -123,7 +120,7 @@ public class PKCS10Processor extends PKIProcessor {
             certInfo.set(X509CertInfo.KEY, certKey);
         } catch (CertificateException e) {
             EBaseException ex = new ECMSGWException(
-              CMS.getUserMessage("CMS_GW_SET_KEY_FROM_P10_FAILED", e.toString()));
+                    CMS.getUserMessage("CMS_GW_SET_KEY_FROM_P10_FAILED", e.toString()));
 
             log(ILogger.LL_FAILURE, ex.toString());
             throw ex;
@@ -140,31 +137,31 @@ public class PKCS10Processor extends PKIProcessor {
         if (subject != null) {
             try {
                 certInfo.set(X509CertInfo.SUBJECT,
-                    new CertificateSubjectName(subject));
+                        new CertificateSubjectName(subject));
                 log(ILogger.LL_INFO,
-                    "Setting subject name " + subject + " from p10.");
+                        "Setting subject name " + subject + " from p10.");
             } catch (CertificateException e) {
                 log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("CMSGW_FAILED_SET_SUBJECT_FROM_P10", e.toString()));
+                        CMS.getLogMessage("CMSGW_FAILED_SET_SUBJECT_FROM_P10", e.toString()));
                 throw new ECMSGWException(
-                  CMS.getUserMessage("CMS_GW_SET_SUBJECT_FROM_P10_FAILED", e.toString()));
+                        CMS.getUserMessage("CMS_GW_SET_SUBJECT_FROM_P10_FAILED", e.toString()));
             } catch (IOException e) {
                 log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("CMSGW_FAILED_SET_SUBJECT_FROM_P10", e.toString()));
+                        CMS.getLogMessage("CMSGW_FAILED_SET_SUBJECT_FROM_P10", e.toString()));
                 throw new ECMSGWException(
-                  CMS.getUserMessage("CMS_GW_SET_SUBJECT_FROM_P10_FAILED", e.toString()));
+                        CMS.getUserMessage("CMS_GW_SET_SUBJECT_FROM_P10_FAILED", e.toString()));
             } catch (Exception e) {
                 // if anything bad happens in X500 name parsing,
                 // this will catch it.
                 log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("CMSGW_FAILED_SET_SUBJECT_FROM_P10", e.toString()));
+                        CMS.getLogMessage("CMSGW_FAILED_SET_SUBJECT_FROM_P10", e.toString()));
                 throw new ECMSGWException(
-                  CMS.getUserMessage("CMS_GW_SET_SUBJECT_FROM_P10_FAILED", e.toString()));
+                        CMS.getUserMessage("CMS_GW_SET_SUBJECT_FROM_P10_FAILED", e.toString()));
             }
         } else if (authToken == null ||
-            authToken.getInString(AuthToken.TOKEN_CERT_SUBJECT) == null) {
+                authToken.getInString(AuthToken.TOKEN_CERT_SUBJECT) == null) {
             log(ILogger.LL_FAILURE,
-                CMS.getLogMessage("CMSGW_MISSING_SUBJECT_IN_P10"));
+                    CMS.getLogMessage("CMSGW_MISSING_SUBJECT_IN_P10"));
             throw new ECMSGWException(CMS.getUserMessage("CMS_GW_MISSING_SUBJECT_IN_P10"));
         }
 
@@ -177,12 +174,12 @@ public class PKCS10Processor extends PKIProcessor {
 
             if (p10Attrs != null) {
                 PKCS10Attribute p10Attr = (PKCS10Attribute)
-                    (p10Attrs.getAttribute(CertificateExtensions.NAME));
+                        (p10Attrs.getAttribute(CertificateExtensions.NAME));
 
                 if (p10Attr != null && p10Attr.getAttributeId().equals(
                         PKCS9Attribute.EXTENSION_REQUEST_OID)) {
                     Extensions exts0 = (Extensions)
-                        (p10Attr.getAttributeValue());
+                            (p10Attr.getAttributeValue());
                     DerOutputStream extOut = new DerOutputStream();
 
                     exts0.encode(extOut);
@@ -196,23 +193,23 @@ public class PKCS10Processor extends PKIProcessor {
                 }
             }
             CMS.debug(
-                "PKCS10Processor: Seted cert extensions from pkcs10. ");
+                    "PKCS10Processor: Seted cert extensions from pkcs10. ");
         } catch (IOException e) {
             log(ILogger.LL_FAILURE,
-                CMS.getLogMessage("CMSGW_FAILED_SET_EXTENSIONS_FROM_P10", e.toString()));
+                    CMS.getLogMessage("CMSGW_FAILED_SET_EXTENSIONS_FROM_P10", e.toString()));
             throw new ECMSGWException(
                     CMS.getUserMessage("CMS_GW_SET_KEY_FROM_P10_FAILED", e.toString()));
 
         } catch (CertificateException e) {
             log(ILogger.LL_FAILURE,
-                CMS.getLogMessage("CMSGW_FAILED_SET_EXTENSIONS_FROM_P10", e.toString()));
+                    CMS.getLogMessage("CMSGW_FAILED_SET_EXTENSIONS_FROM_P10", e.toString()));
             throw new ECMSGWException(
                     CMS.getUserMessage("CMS_GW_SET_KEY_FROM_P10_FAILED", e.toString()));
         } catch (Exception e) {
             // if anything bad happens in extensions parsing,
             // this will catch it.
             log(ILogger.LL_FAILURE,
-                CMS.getLogMessage("CMSGW_FAILED_SET_EXTENSIONS_FROM_P10", e.toString()));
+                    CMS.getLogMessage("CMSGW_FAILED_SET_EXTENSIONS_FROM_P10", e.toString()));
             throw new ECMSGWException(
                     CMS.getUserMessage("CMS_GW_SET_KEY_FROM_P10_FAILED", e.toString()));
         }
@@ -223,8 +220,8 @@ public class PKCS10Processor extends PKIProcessor {
         String authMgr = mServlet.getAuthMgr();
 
         if (authToken != null &&
-            authToken.getInString(AuthToken.TOKEN_CERT_SUBJECT) != null &&
-            !(authMgr.equals(IAuthSubsystem.PASSWDUSERDB_AUTHMGR_ID))) { 
+                authToken.getInString(AuthToken.TOKEN_CERT_SUBJECT) != null &&
+                !(authMgr.equals(IAuthSubsystem.PASSWDUSERDB_AUTHMGR_ID))) {
             fillCertInfoFromAuthToken(certInfo, authToken);
         }
 
@@ -233,12 +230,12 @@ public class PKCS10Processor extends PKIProcessor {
         // from the http parameters.
         if (mServletId.equals(PKIProcessor.ADMIN_ENROLL_SERVLET_ID)) {
             fillValidityFromForm(certInfo, httpParams);
-        }    
-      
+        }
+
     }
 
     private PKCS10 getPKCS10(IArgBlock httpParams)
-        throws EBaseException {
+            throws EBaseException {
 
         PKCS10 pkcs10 = null;
 
@@ -252,7 +249,7 @@ public class PKCS10Processor extends PKIProcessor {
         } else {
             // some policies may rely on the fact that
             // CERT_TYPE is set. So for 3.5.1 or eariler
-            // we need to set CERT_TYPE  but not here.
+            // we need to set CERT_TYPE but not here.
         }
         if (certType.equals("client")) {
             // coming from MSIE
@@ -271,13 +268,13 @@ public class PKCS10Processor extends PKIProcessor {
                 }
             }
 
-            //pkcs10 = httpParams.getValuePKCS10(PKCS10_REQUEST, null);
+            // pkcs10 = httpParams.getValuePKCS10(PKCS10_REQUEST, null);
 
         } else {
             try {
                 // coming from server cut & paste blob.
                 pkcs10 = httpParams.getValueAsPKCS10(PKIProcessor.PKCS10_REQUEST, false, null);
-            }catch (Exception ex) {
+            } catch (Exception ex) {
                 ex.printStackTrace();
             }
         }
@@ -286,4 +283,4 @@ public class PKCS10Processor extends PKIProcessor {
 
     }
 
-}  
+}
diff --git a/pki/base/common/src/com/netscape/cms/servlet/processors/PKIProcessor.java b/pki/base/common/src/com/netscape/cms/servlet/processors/PKIProcessor.java
index 625808d7..d0861573 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/processors/PKIProcessor.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/processors/PKIProcessor.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.servlet.processors;
 
-
 import java.io.IOException;
 import java.security.cert.CertificateException;
 import java.util.Date;
@@ -42,10 +41,9 @@ import com.netscape.cms.servlet.base.CMSServlet;
 import com.netscape.cms.servlet.common.CMSRequest;
 import com.netscape.cms.servlet.common.ECMSGWException;
 
-
 /**
  * Process Certificate Requests
- *
+ * 
  * @version $Revision$, $Date$
  */
 public class PKIProcessor implements IPKIProcessor {
@@ -57,7 +55,7 @@ public class PKIProcessor implements IPKIProcessor {
     public static final String PKCS10_REQUEST = "pkcs10Request";
     public static final String SUBJECT_KEYGEN_INFO = "subjectKeyGenInfo";
 
-    protected CMSRequest mRequest = null;   
+    protected CMSRequest mRequest = null;
 
     protected HttpServletRequest httpReq = null;
     protected String mServletId = null;
@@ -84,30 +82,30 @@ public class PKIProcessor implements IPKIProcessor {
     }
 
     public void process(CMSRequest cmsReq)
-        throws EBaseException {
+            throws EBaseException {
     }
 
     protected void fillCertInfo(
-        String protocolString, X509CertInfo certInfo, 
-        IAuthToken authToken, IArgBlock httpParams)
-        throws EBaseException { 
+            String protocolString, X509CertInfo certInfo,
+            IAuthToken authToken, IArgBlock httpParams)
+            throws EBaseException {
     }
 
     protected X509CertInfo[] fillCertInfoArray(
-        String protocolString, IAuthToken authToken, IArgBlock httpParams, IRequest req)
-        throws EBaseException {
+            String protocolString, IAuthToken authToken, IArgBlock httpParams, IRequest req)
+            throws EBaseException {
         return null;
     }
 
     /**
-     * fill subject name, validity, extensions from authoken if any,
-     * overriding what was in pkcs10.
-     * fill subject name, extensions from http input if not authenticated.
-     * requests not authenticated will need to be approved by an agent.
+     * fill subject name, validity, extensions from authoken if any, overriding
+     * what was in pkcs10. fill subject name, extensions from http input if not
+     * authenticated. requests not authenticated will need to be approved by an
+     * agent.
      */
     public static void fillCertInfoFromAuthToken(
-        X509CertInfo certInfo, IAuthToken authToken)
-        throws EBaseException {
+            X509CertInfo certInfo, IAuthToken authToken)
+            throws EBaseException {
         // override subject, validity and extensions from auth token
         // CA determines algorithm, version and issuer.
         // take key from keygen, cmc, pkcs10 or crmf.
@@ -116,60 +114,60 @@ public class PKIProcessor implements IPKIProcessor {
         // subject name.
         try {
             String subjectname =
-                authToken.getInString(AuthToken.TOKEN_CERT_SUBJECT);
+                    authToken.getInString(AuthToken.TOKEN_CERT_SUBJECT);
 
             if (subjectname != null) {
                 CertificateSubjectName certSubject = (CertificateSubjectName)
-                    new CertificateSubjectName(new X500Name(subjectname));
+                        new CertificateSubjectName(new X500Name(subjectname));
 
                 certInfo.set(X509CertInfo.SUBJECT, certSubject);
                 log(ILogger.LL_INFO,
-                    "cert subject set to " + certSubject + " from authtoken");
+                        "cert subject set to " + certSubject + " from authtoken");
             }
         } catch (CertificateException e) {
             log(ILogger.LL_WARN,
-                CMS.getLogMessage("CMSGW_ERROR_SET_SUBJECT_NAME_1",
-                    e.toString()));
+                    CMS.getLogMessage("CMSGW_ERROR_SET_SUBJECT_NAME_1",
+                            e.toString()));
             throw new ECMSGWException(
-              CMS.getUserMessage("CMS_GW_SET_SUBJECT_NAME_ERROR"));
+                    CMS.getUserMessage("CMS_GW_SET_SUBJECT_NAME_ERROR"));
         } catch (IOException e) {
             log(ILogger.LL_WARN,
-                CMS.getLogMessage("CMSGW_ERROR_SET_SUBJECT_NAME",
-                    e.toString()));
+                    CMS.getLogMessage("CMSGW_ERROR_SET_SUBJECT_NAME",
+                            e.toString()));
             throw new ECMSGWException(
-              CMS.getUserMessage("CMS_GW_SET_SUBJECT_NAME_ERROR"));
+                    CMS.getUserMessage("CMS_GW_SET_SUBJECT_NAME_ERROR"));
         }
 
         // validity
         try {
             CertificateValidity validity = null;
             Date notBefore =
-                authToken.getInDate(AuthToken.TOKEN_CERT_NOTBEFORE);
+                    authToken.getInDate(AuthToken.TOKEN_CERT_NOTBEFORE);
             Date notAfter =
-                authToken.getInDate(AuthToken.TOKEN_CERT_NOTAFTER);
+                    authToken.getInDate(AuthToken.TOKEN_CERT_NOTAFTER);
 
             if (notBefore != null && notAfter != null) {
                 validity = new CertificateValidity(notBefore, notAfter);
                 certInfo.set(X509CertInfo.VALIDITY, validity);
                 log(ILogger.LL_INFO,
-                    "cert validity set to " + validity + " from authtoken");
+                        "cert validity set to " + validity + " from authtoken");
             }
         } catch (CertificateException e) {
             log(ILogger.LL_WARN,
-                CMS.getLogMessage("CMSGW_ERROR_SET_VALIDITY_1", e.toString()));
+                    CMS.getLogMessage("CMSGW_ERROR_SET_VALIDITY_1", e.toString()));
             throw new ECMSGWException(
-              CMS.getUserMessage("CMS_GW_SET_VALIDITY_ERROR"));
+                    CMS.getUserMessage("CMS_GW_SET_VALIDITY_ERROR"));
         } catch (IOException e) {
             log(ILogger.LL_WARN,
-                CMS.getLogMessage("CMSGW_ERROR_SET_VALIDITY_1", e.toString()));
+                    CMS.getLogMessage("CMSGW_ERROR_SET_VALIDITY_1", e.toString()));
             throw new ECMSGWException(
-              CMS.getUserMessage("CMS_GW_SET_VALIDITY_ERROR"));
+                    CMS.getUserMessage("CMS_GW_SET_VALIDITY_ERROR"));
         }
 
         // extensions
         try {
             CertificateExtensions extensions =
-                authToken.getInCertExts(X509CertInfo.EXTENSIONS);
+                    authToken.getInCertExts(X509CertInfo.EXTENSIONS);
 
             if (extensions != null) {
                 certInfo.set(X509CertInfo.EXTENSIONS, extensions);
@@ -177,26 +175,25 @@ public class PKIProcessor implements IPKIProcessor {
             }
         } catch (CertificateException e) {
             log(ILogger.LL_WARN,
-                CMS.getLogMessage("CMSGW_ERROR_SET_EXTENSIONS_1", e.toString()));
+                    CMS.getLogMessage("CMSGW_ERROR_SET_EXTENSIONS_1", e.toString()));
             throw new ECMSGWException(
-              CMS.getUserMessage("CMS_GW_SET_EXTENSIONS_ERROR"));
+                    CMS.getUserMessage("CMS_GW_SET_EXTENSIONS_ERROR"));
         } catch (IOException e) {
             log(ILogger.LL_WARN,
-                CMS.getLogMessage("CMSGW_ERROR_SET_EXTENSIONS_1", e.toString()));
+                    CMS.getLogMessage("CMSGW_ERROR_SET_EXTENSIONS_1", e.toString()));
             throw new ECMSGWException(
-              CMS.getUserMessage("CMS_GW_SET_EXTENSIONS_ERROR"));
+                    CMS.getUserMessage("CMS_GW_SET_EXTENSIONS_ERROR"));
         }
     }
 
     /**
-     * fill subject name, extension from form.
-     * this is done for unauthenticated requests.
-     * unauthenticated requests must be approved by agents so these will
-     * all be seen by and agent.
+     * fill subject name, extension from form. this is done for unauthenticated
+     * requests. unauthenticated requests must be approved by agents so these
+     * will all be seen by and agent.
      */
     public static void fillCertInfoFromForm(
-        X509CertInfo certInfo, IArgBlock httpParams)
-        throws EBaseException {
+            X509CertInfo certInfo, IArgBlock httpParams)
+            throws EBaseException {
 
         CMS.debug("PKIProcessor: fillCertInfoFromForm");
         // subject name.
@@ -205,41 +202,41 @@ public class PKIProcessor implements IPKIProcessor {
 
             if (subject == null) {
                 throw new ECMSGWException(
-                  CMS.getUserMessage("CMS_GW_MISSING_SUBJECT_FROM_FORM"));
+                        CMS.getUserMessage("CMS_GW_MISSING_SUBJECT_FROM_FORM"));
             }
 
             X500Name x500name = new X500Name(subject);
 
             certInfo.set(
-                X509CertInfo.SUBJECT, new CertificateSubjectName(x500name));
+                    X509CertInfo.SUBJECT, new CertificateSubjectName(x500name));
 
             fillValidityFromForm(certInfo, httpParams);
         } catch (CertificateException e) {
             log(ILogger.LL_FAILURE,
-                CMS.getLogMessage("CMSGW_ERROR_SET_SUBJECT_NAME_1", e.toString()));
+                    CMS.getLogMessage("CMSGW_ERROR_SET_SUBJECT_NAME_1", e.toString()));
             throw new ECMSGWException(
-              CMS.getUserMessage("CMS_GW_SET_SUBJECT_NAME_ERROR"));
+                    CMS.getUserMessage("CMS_GW_SET_SUBJECT_NAME_ERROR"));
         } catch (IOException e) {
             log(ILogger.LL_FAILURE,
-                CMS.getLogMessage("CMSGW_ERROR_SET_SUBJECT_NAME_1", e.toString()));
+                    CMS.getLogMessage("CMSGW_ERROR_SET_SUBJECT_NAME_1", e.toString()));
             throw new ECMSGWException(
-              CMS.getUserMessage("CMS_GW_SET_SUBJECT_NAME_ERROR"));
+                    CMS.getUserMessage("CMS_GW_SET_SUBJECT_NAME_ERROR"));
         } catch (IllegalArgumentException e) {
             log(ILogger.LL_FAILURE,
-                CMS.getLogMessage("CMSGW_ERROR_SET_SUBJECT_NAME_1", e.toString()));
+                    CMS.getLogMessage("CMSGW_ERROR_SET_SUBJECT_NAME_1", e.toString()));
             log(ILogger.LL_FAILURE,
-                CMS.getLogMessage("CMSGW_REQ_ILLEGAL_CHARACTERS"));
+                    CMS.getLogMessage("CMSGW_REQ_ILLEGAL_CHARACTERS"));
             throw new ECMSGWException(
-              CMS.getUserMessage("CMS_GW_CONVERT_DN_TO_X500NAME_ERROR"));
+                    CMS.getUserMessage("CMS_GW_CONVERT_DN_TO_X500NAME_ERROR"));
         }
 
         // requested extensions.
         // let polcies form extensions from http input.
     }
 
-    public static  void fillValidityFromForm(
-        X509CertInfo certInfo, IArgBlock httpParams)
-        throws EBaseException {
+    public static void fillValidityFromForm(
+            X509CertInfo certInfo, IArgBlock httpParams)
+            throws EBaseException {
         CMS.debug("PKIProcessor: fillValidityFromForm!");
         try {
             String notValidBeforeStr = httpParams.getValueAsString("notValidBefore", null);
@@ -267,43 +264,43 @@ public class PKIProcessor implements IPKIProcessor {
                         validity = new CertificateValidity(notBefore, notAfter);
                         certInfo.set(X509CertInfo.VALIDITY, validity);
                         log(ILogger.LL_INFO,
-                            "cert validity set to " + validity + " from authtoken");
+                                "cert validity set to " + validity + " from authtoken");
                     }
                 }
             }
         } catch (CertificateException e) {
             log(ILogger.LL_FAILURE,
-                CMS.getLogMessage("CMSGW_ERROR_SET_SUBJECT_NAME_1", e.toString()));
+                    CMS.getLogMessage("CMSGW_ERROR_SET_SUBJECT_NAME_1", e.toString()));
             throw new ECMSGWException(
-              CMS.getUserMessage("CMS_GW_SET_SUBJECT_NAME_ERROR"));
+                    CMS.getUserMessage("CMS_GW_SET_SUBJECT_NAME_ERROR"));
         } catch (IOException e) {
             log(ILogger.LL_FAILURE,
-                CMS.getLogMessage("CMSGW_ERROR_SET_SUBJECT_NAME_1", e.toString()));
+                    CMS.getLogMessage("CMSGW_ERROR_SET_SUBJECT_NAME_1", e.toString()));
             throw new ECMSGWException(
-              CMS.getUserMessage("CMS_GW_SET_SUBJECT_NAME_ERROR"));
+                    CMS.getUserMessage("CMS_GW_SET_SUBJECT_NAME_ERROR"));
         }
     }
 
     /**
      * log according to authority category.
      */
-    public static void  log(int event, int level, String msg) {
+    public static void log(int event, int level, String msg) {
         CMS.getLogger().log(event, ILogger.S_OTHER, level,
-            "PKIProcessor " + ": " + msg);
+                "PKIProcessor " + ": " + msg);
     }
 
     public static void log(int level, String msg) {
         CMS.getLogger().log(ILogger.EV_SYSTEM, ILogger.S_OTHER, level,
-            "PKIProcessor " + ": " + msg);
+                "PKIProcessor " + ": " + msg);
     }
 
     /**
      * Signed Audit Log
-     *
-     * This method is inherited by all extended "CMSServlet"s,
-     * and is called to store messages to the signed audit log.
+     * 
+     * This method is inherited by all extended "CMSServlet"s, and is called to
+     * store messages to the signed audit log.
      * <P>
-     *
+     * 
      * @param msg signed audit log message
      */
     protected void audit(String msg) {
@@ -315,20 +312,19 @@ public class PKIProcessor implements IPKIProcessor {
         }
 
         mSignedAuditLogger.log(ILogger.EV_SIGNED_AUDIT,
-            null,
-            ILogger.S_SIGNED_AUDIT,
-            ILogger.LL_SECURITY,
-            msg);
+                null,
+                ILogger.S_SIGNED_AUDIT,
+                ILogger.LL_SECURITY,
+                msg);
     }
 
     /**
      * Signed Audit Log Subject ID
-     *
-     * This method is inherited by all extended "CMSServlet"s,
-     * and is called to obtain the "SubjectID" for
-     * a signed audit log message.
+     * 
+     * This method is inherited by all extended "CMSServlet"s, and is called to
+     * obtain the "SubjectID" for a signed audit log message.
      * <P>
-     *
+     * 
      * @return id string containing the signed audit log message SubjectID
      */
     protected String auditSubjectID() {
@@ -358,4 +354,3 @@ public class PKIProcessor implements IPKIProcessor {
         return subjectID;
     }
 }
-
diff --git a/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileApproveServlet.java b/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileApproveServlet.java
index da24d2c2..b5cec9da 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileApproveServlet.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileApproveServlet.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.servlet.profile;
 
-
 import java.util.Enumeration;
 import java.util.Locale;
 
@@ -46,10 +45,9 @@ import com.netscape.certsrv.template.ArgList;
 import com.netscape.certsrv.template.ArgSet;
 import com.netscape.cms.servlet.common.CMSRequest;
 
-
 /**
  * Toggle the approval state of a profile
- *
+ * 
  * @version $Revision$, $Date$
  */
 public class ProfileApproveServlet extends ProfileServlet {
@@ -59,10 +57,10 @@ public class ProfileApproveServlet extends ProfileServlet {
      */
     private static final long serialVersionUID = 3956879326742839550L;
     private static final String PROP_AUTHORITY_ID = "authorityId";
-    private String mAuthorityId = null; 
+    private String mAuthorityId = null;
 
     private final static String LOGGING_SIGNED_AUDIT_CERT_PROFILE_APPROVAL =
-        "LOGGING_SIGNED_AUDIT_CERT_PROFILE_APPROVAL_4";
+            "LOGGING_SIGNED_AUDIT_CERT_PROFILE_APPROVAL_4";
     private final static String OP_APPROVE = "approve";
     private final static String OP_DISAPPROVE = "disapprove";
 
@@ -73,7 +71,7 @@ public class ProfileApproveServlet extends ProfileServlet {
     /**
      * initialize the servlet. This servlet uses the template file
      * "ImportCert.template" to process the response.
-     *
+     * 
      * @param sc servlet configuration, read from the web.xml file
      */
     public void init(ServletConfig sc) throws ServletException {
@@ -84,13 +82,14 @@ public class ProfileApproveServlet extends ProfileServlet {
     /**
      * Process the HTTP request.
      * <P>
-     *
+     * 
      * <ul>
      * <li>http.param profileId the id of the profile to change
      * <li>signed.audit LOGGING_SIGNED_AUDIT_CERT_PROFILE_APPROVAL used when an
      * agent approves/disapproves a cert profile set by the administrator for
      * automatic approval
      * </ul>
+     * 
      * @param cmsReq the object holding the request and response information
      * @exception EBaseException an error has occurred
      */
@@ -126,8 +125,8 @@ public class ProfileApproveServlet extends ProfileServlet {
                 auditSubjectID = auditSubjectID();
                 CMS.debug(e.toString());
                 log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE",
-                        e.toString()));
+                        CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE",
+                                e.toString()));
                 args.set(ARG_ERROR_CODE, "1");
                 args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale,
                         "CMS_AUTHENTICATION_ERROR"));
@@ -153,12 +152,12 @@ public class ProfileApproveServlet extends ProfileServlet {
                             mAuthzResourceName, "approve");
             } catch (EAuthzAccessDenied e) {
                 log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE",
-                        e.toString()));
+                        CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE",
+                                e.toString()));
             } catch (Exception e) {
                 log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE",
-                        e.toString()));
+                        CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE",
+                                e.toString()));
             }
 
             if (authzToken == null) {
@@ -214,8 +213,8 @@ public class ProfileApproveServlet extends ProfileServlet {
             IAuthority authority = (IAuthority) CMS.getSubsystem(mAuthorityId);
 
             if (authority == null) {
-                CMS.debug("ProfileApproveServlet: Authority " + mAuthorityId + 
-                    " not found");
+                CMS.debug("ProfileApproveServlet: Authority " + mAuthorityId +
+                        " not found");
                 args.set(ARG_ERROR_CODE, "1");
                 args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale,
                         "CMS_INTERNAL_ERROR"));
@@ -236,8 +235,8 @@ public class ProfileApproveServlet extends ProfileServlet {
             IRequestQueue queue = authority.getRequestQueue();
 
             if (queue == null) {
-                CMS.debug("ProfileApproveServlet: Request Queue of " + 
-                    mAuthorityId + " not found");
+                CMS.debug("ProfileApproveServlet: Request Queue of " +
+                        mAuthorityId + " not found");
                 args.set(ARG_ERROR_CODE, "1");
                 args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale,
                         "CMS_INTERNAL_ERROR"));
@@ -265,31 +264,31 @@ public class ProfileApproveServlet extends ProfileServlet {
 
             try {
                 if (ps.isProfileEnable(profileId)) {
-                  if (ps.checkOwner()) {
-                    if (ps.getProfileEnableBy(profileId).equals(userid)) {
-                        ps.disableProfile(profileId);
-                    } else {
-                        // only enableBy can disable profile
-                        args.set(ARG_ERROR_CODE, "1");
-                        args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale,
-                                "CMS_PROFILE_NOT_OWNER"));
-                        outputTemplate(request, response, args); 
-
-                        // store a message in the signed audit log file
-                        auditMessage = CMS.getLogMessage(
+                    if (ps.checkOwner()) {
+                        if (ps.getProfileEnableBy(profileId).equals(userid)) {
+                            ps.disableProfile(profileId);
+                        } else {
+                            // only enableBy can disable profile
+                            args.set(ARG_ERROR_CODE, "1");
+                            args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale,
+                                    "CMS_PROFILE_NOT_OWNER"));
+                            outputTemplate(request, response, args);
+
+                            // store a message in the signed audit log file
+                            auditMessage = CMS.getLogMessage(
                                     LOGGING_SIGNED_AUDIT_CERT_PROFILE_APPROVAL,
                                     auditSubjectID,
                                     ILogger.FAILURE,
                                     auditProfileID,
                                     auditProfileOp);
 
-                        audit(auditMessage);
+                            audit(auditMessage);
 
-                        return;
+                            return;
+                        }
+                    } else {
+                        ps.disableProfile(profileId);
                     }
-                  } else {
-                     ps.disableProfile(profileId);
-                  }
                 } else {
                     ps.enableProfile(profileId, userid);
                 }
@@ -305,8 +304,8 @@ public class ProfileApproveServlet extends ProfileServlet {
                 audit(auditMessage);
             } catch (EProfileException e) {
                 // profile not enabled
-                CMS.debug("ProfileApproveServlet: profile not error " + 
-                    e.toString());
+                CMS.debug("ProfileApproveServlet: profile not error " +
+                        e.toString());
                 args.set(ARG_ERROR_CODE, "1");
                 args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale,
                         "CMS_INTERNAL_ERROR"));
@@ -338,26 +337,26 @@ public class ProfileApproveServlet extends ProfileServlet {
             // rethrow the specific exception to be handled later
             throw eAudit1;
             // } catch( ServletException eAudit2 ) {
-            //     // store a message in the signed audit log file
-            //     auditMessage = CMS.getLogMessage(
-            //                        LOGGING_SIGNED_AUDIT_CERT_PROFILE_APPROVAL,
-            //                        auditSubjectID,
-            //                        ILogger.FAILURE,
-            //                        auditProfileID,
-            //                        auditProfileOp );
+            // // store a message in the signed audit log file
+            // auditMessage = CMS.getLogMessage(
+            // LOGGING_SIGNED_AUDIT_CERT_PROFILE_APPROVAL,
+            // auditSubjectID,
+            // ILogger.FAILURE,
+            // auditProfileID,
+            // auditProfileOp );
             //
-            //     audit( auditMessage );
+            // audit( auditMessage );
             //
-            //     // rethrow the specific exception to be handled later
-            //     throw eAudit2;
+            // // rethrow the specific exception to be handled later
+            // throw eAudit2;
         }
 
         try {
             profile = ps.getProfile(profileId);
         } catch (EProfileException e) {
             // profile not found
-            CMS.debug("ProfileApproveServlet: profile not found " + 
-                e.toString());
+            CMS.debug("ProfileApproveServlet: profile not found " +
+                    e.toString());
             args.set(ARG_ERROR_CODE, "1");
             args.set(ARG_ERROR_REASON, e.toString());
             args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale,
@@ -386,13 +385,13 @@ public class ProfileApproveServlet extends ProfileServlet {
             while (policyIds.hasMoreElements()) {
                 String id = (String) policyIds.nextElement();
                 IProfilePolicy policy = (IProfilePolicy)
-                    profile.getProfilePolicy(setId, id);
+                        profile.getProfilePolicy(setId, id);
 
                 // (3) query all the profile policies
                 // (4) default plugins convert request parameters
-                //     into string http parameters
+                // into string http parameters
                 handlePolicy(list, response, locale,
-                    id, policy);
+                        id, policy);
             }
             ArgSet setArg = new ArgSet();
 
@@ -403,8 +402,8 @@ public class ProfileApproveServlet extends ProfileServlet {
         args.set(ARG_POLICY_SET_LIST, setlist);
 
         args.set(ARG_PROFILE_ID, profileId);
-        args.set(ARG_PROFILE_IS_ENABLED, 
-            Boolean.toString(ps.isProfileEnable(profileId)));
+        args.set(ARG_PROFILE_IS_ENABLED,
+                Boolean.toString(ps.isProfileEnable(profileId)));
         args.set(ARG_PROFILE_ENABLED_BY, ps.getProfileEnableBy(profileId));
         args.set(ARG_PROFILE_NAME, profile.getName(locale));
         args.set(ARG_PROFILE_DESC, profile.getDescription(locale));
@@ -413,8 +412,8 @@ public class ProfileApproveServlet extends ProfileServlet {
         outputTemplate(request, response, args);
     }
 
-    private void handlePolicy(ArgList list, ServletResponse response, 
-        Locale locale, String id, IProfilePolicy policy) {
+    private void handlePolicy(ArgList list, ServletResponse response,
+            Locale locale, String id, IProfilePolicy policy) {
         ArgSet set = new ArgSet();
 
         set.set(ARG_POLICY_ID, id);
@@ -434,19 +433,19 @@ public class ProfileApproveServlet extends ProfileServlet {
                 String defName = (String) defNames.nextElement();
                 IDescriptor defDesc = def.getValueDescriptor(locale, defName);
                 if (defDesc == null) {
-                  CMS.debug("defName=" + defName);
+                    CMS.debug("defName=" + defName);
                 } else {
-                  String defSyntax = defDesc.getSyntax();
-                  String defConstraint = defDesc.getConstraint();
-                  String defValueName = defDesc.getDescription(locale);
-                  String defValue = null;
-
-                  defset.set(ARG_DEF_ID, defName);
-                  defset.set(ARG_DEF_SYNTAX, defSyntax);
-                  defset.set(ARG_DEF_CONSTRAINT, defConstraint);
-                  defset.set(ARG_DEF_NAME, defValueName);
-                  defset.set(ARG_DEF_VAL, defValue);
-                  deflist.add(defset);
+                    String defSyntax = defDesc.getSyntax();
+                    String defConstraint = defDesc.getConstraint();
+                    String defValueName = defDesc.getDescription(locale);
+                    String defValue = null;
+
+                    defset.set(ARG_DEF_ID, defName);
+                    defset.set(ARG_DEF_SYNTAX, defSyntax);
+                    defset.set(ARG_DEF_CONSTRAINT, defConstraint);
+                    defset.set(ARG_DEF_NAME, defValueName);
+                    defset.set(ARG_DEF_VAL, defValue);
+                    deflist.add(defset);
                 }
             }
         }
@@ -463,11 +462,11 @@ public class ProfileApproveServlet extends ProfileServlet {
 
     /**
      * Signed Audit Log Profile ID
-     *
-     * This method is called to obtain the "ProfileID" for
-     * a signed audit log message.
+     * 
+     * This method is called to obtain the "ProfileID" for a signed audit log
+     * message.
      * <P>
-     *
+     * 
      * @param req HTTP request
      * @return id string containing the signed audit log message ProfileID
      */
@@ -493,14 +492,14 @@ public class ProfileApproveServlet extends ProfileServlet {
 
     /**
      * Signed Audit Log Profile Operation
-     *
-     * This method is called to obtain the "Profile Operation" for
-     * a signed audit log message.
+     * 
+     * This method is called to obtain the "Profile Operation" for a signed
+     * audit log message.
      * <P>
-     *
+     * 
      * @param req HTTP request
-     * @return operation string containing either OP_APPROVE, OP_DISAPPROVE,
-     *     or SIGNED_AUDIT_EMPTY_VALUE
+     * @return operation string containing either OP_APPROVE, OP_DISAPPROVE, or
+     *         SIGNED_AUDIT_EMPTY_VALUE
      */
     private String auditProfileOp(HttpServletRequest req) {
         // if no signed audit object exists, bail
@@ -509,12 +508,12 @@ public class ProfileApproveServlet extends ProfileServlet {
         }
 
         if (mProfileSubId == null ||
-            mProfileSubId.equals("")) {
+                mProfileSubId.equals("")) {
             mProfileSubId = IProfileSubsystem.ID;
         }
 
         IProfileSubsystem ps = (IProfileSubsystem)
-            CMS.getSubsystem(mProfileSubId);
+                CMS.getSubsystem(mProfileSubId);
 
         if (ps == null) {
             return ILogger.SIGNED_AUDIT_EMPTY_VALUE;
@@ -533,4 +532,3 @@ public class ProfileApproveServlet extends ProfileServlet {
         }
     }
 }
-
diff --git a/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileListServlet.java b/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileListServlet.java
index 4da41f7a..8581b3ca 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileListServlet.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileListServlet.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.servlet.profile;
 
-
 import java.util.Enumeration;
 import java.util.Locale;
 
@@ -38,10 +37,9 @@ import com.netscape.certsrv.template.ArgList;
 import com.netscape.certsrv.template.ArgSet;
 import com.netscape.cms.servlet.common.CMSRequest;
 
-
 /**
  * List all enabled profiles.
- *
+ * 
  * @version $Revision$, $Date$
  */
 public class ProfileListServlet extends ProfileServlet {
@@ -53,7 +51,7 @@ public class ProfileListServlet extends ProfileServlet {
 
     private static final String PROP_AUTHORITY_ID = "authorityId";
 
-    private String mAuthorityId = null; 
+    private String mAuthorityId = null;
 
     public ProfileListServlet() {
         super();
@@ -62,7 +60,7 @@ public class ProfileListServlet extends ProfileServlet {
     /**
      * initialize the servlet. This servlet uses the template file
      * "ImportCert.template" to process the response.
-     *
+     * 
      * @param sc servlet configuration, read from the web.xml file
      */
     public void init(ServletConfig sc) throws ServletException {
@@ -72,7 +70,7 @@ public class ProfileListServlet extends ProfileServlet {
 
     /**
      * Process the HTTP request.
-     *
+     * 
      * @param cmsReq the object holding the request and response information
      */
     public void process(CMSRequest cmsReq) throws EBaseException {
@@ -93,10 +91,10 @@ public class ProfileListServlet extends ProfileServlet {
                         mAuthzResourceName, "list");
         } catch (EAuthzAccessDenied e) {
             log(ILogger.LL_FAILURE,
-                CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+                    CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
         } catch (Exception e) {
             log(ILogger.LL_FAILURE,
-                CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+                    CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
         }
 
         if (authzToken == null) {
@@ -115,17 +113,17 @@ public class ProfileListServlet extends ProfileServlet {
         }
         CMS.debug("ProfileListServlet: SubId=" + mProfileSubId);
         IProfileSubsystem ps = (IProfileSubsystem)
-            CMS.getSubsystem(mProfileSubId);
+                CMS.getSubsystem(mProfileSubId);
 
         if (ps == null) {
-            CMS.debug("ProfileListServlet: ProfileSubsystem " + 
-                mProfileSubId + " not found");
+            CMS.debug("ProfileListServlet: ProfileSubsystem " +
+                    mProfileSubId + " not found");
             args.set(ARG_ERROR_CODE, "1");
             args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale,
                     "CMS_INTERNAL_ERROR"));
             outputTemplate(request, response, args);
             return;
-        } 
+        }
 
         ArgList list = new ArgList();
         Enumeration e = ps.getProfileIds();
@@ -139,13 +137,13 @@ public class ProfileListServlet extends ProfileServlet {
                     profile = ps.getProfile(id);
                 } catch (EBaseException e1) {
                     // skip bad profile
-                    CMS.debug("ProfileListServlet: profile " + id + 
-                        " not found (skipped) " + e1.toString());
+                    CMS.debug("ProfileListServlet: profile " + id +
+                            " not found (skipped) " + e1.toString());
                     continue;
                 }
                 if (profile == null) {
-                    CMS.debug("ProfileListServlet: profile " + id + 
-                        " not found (skipped)");
+                    CMS.debug("ProfileListServlet: profile " + id +
+                            " not found (skipped)");
                     continue;
                 }
 
@@ -155,16 +153,16 @@ public class ProfileListServlet extends ProfileServlet {
                 ArgSet profileArgs = new ArgSet();
 
                 profileArgs.set(ARG_PROFILE_IS_ENABLED,
-                    Boolean.toString(ps.isProfileEnable(id)));
+                        Boolean.toString(ps.isProfileEnable(id)));
                 profileArgs.set(ARG_PROFILE_ENABLED_BY,
-                    ps.getProfileEnableBy(id));
+                        ps.getProfileEnableBy(id));
                 profileArgs.set(ARG_PROFILE_ID, id);
-                profileArgs.set(ARG_PROFILE_IS_VISIBLE, 
-                    Boolean.toString(profile.isVisible()));
+                profileArgs.set(ARG_PROFILE_IS_VISIBLE,
+                        Boolean.toString(profile.isVisible()));
                 profileArgs.set(ARG_PROFILE_NAME, name);
                 profileArgs.set(ARG_PROFILE_DESC, desc);
                 list.add(profileArgs);
-            
+
             }
         }
         args.set(ARG_RECORD, list);
diff --git a/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileProcessServlet.java b/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileProcessServlet.java
index 33233275..ebfc2e9f 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileProcessServlet.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileProcessServlet.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.servlet.profile;
 
-
 import java.security.cert.CertificateEncodingException;
 import java.security.cert.X509Certificate;
 import java.util.Date;
@@ -63,10 +62,9 @@ import com.netscape.certsrv.template.ArgSet;
 import com.netscape.certsrv.util.IStatsSubsystem;
 import com.netscape.cms.servlet.common.CMSRequest;
 
-
 /**
  * This servlet approves profile-based request.
- *
+ * 
  * @version $Revision$, $Date$
  */
 public class ProfileProcessServlet extends ProfileServlet {
@@ -79,9 +77,9 @@ public class ProfileProcessServlet extends ProfileServlet {
     private Nonces mNonces = null;
 
     private final static String SIGNED_AUDIT_CERT_REQUEST_REASON =
-        "requestNotes";
+            "requestNotes";
     private final static String LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED =
-        "LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED_5";
+            "LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED_5";
 
     public ProfileProcessServlet() {
     }
@@ -103,9 +101,9 @@ public class ProfileProcessServlet extends ProfileServlet {
         HttpServletRequest request = cmsReq.getHttpReq();
         HttpServletResponse response = cmsReq.getHttpResp();
 
-        IStatsSubsystem statsSub = (IStatsSubsystem)CMS.getSubsystem("stats");
+        IStatsSubsystem statsSub = (IStatsSubsystem) CMS.getSubsystem("stats");
         if (statsSub != null) {
-          statsSub.startTiming("approval", true /* main action */);
+            statsSub.startTiming("approval", true /* main action */);
         }
 
         IAuthToken authToken = null;
@@ -119,13 +117,13 @@ public class ProfileProcessServlet extends ProfileServlet {
             } catch (EBaseException e) {
                 CMS.debug("ProfileProcessServlet: " + e.toString());
                 log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
-                args.set(ARG_ERROR_CODE, "1"); 
-                args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, 
+                        CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+                args.set(ARG_ERROR_CODE, "1");
+                args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale,
                         "CMS_AUTHENTICATION_ERROR"));
                 outputTemplate(request, response, args);
                 if (statsSub != null) {
-                  statsSub.endTiming("approval");
+                    statsSub.endTiming("approval");
                 }
                 return;
             }
@@ -138,10 +136,10 @@ public class ProfileProcessServlet extends ProfileServlet {
                         mAuthzResourceName, "approve");
         } catch (EAuthzAccessDenied e) {
             log(ILogger.LL_FAILURE,
-                CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+                    CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
         } catch (Exception e) {
             log(ILogger.LL_FAILURE,
-                CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+                    CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
         }
 
         if (authzToken == null) {
@@ -150,7 +148,7 @@ public class ProfileProcessServlet extends ProfileServlet {
                     "CMS_AUTHORIZATION_ERROR"));
             outputTemplate(request, response, args);
             if (statsSub != null) {
-              statsSub.endTiming("approval");
+                statsSub.endTiming("approval");
             }
             return;
         }
@@ -171,7 +169,7 @@ public class ProfileProcessServlet extends ProfileServlet {
             } else {
                 CMS.debug("ProfileProcessServlet:  Missing nonce");
             }
-            CMS.debug("ProfileProcessServlet:  nonceVerified="+nonceVerified);
+            CMS.debug("ProfileProcessServlet:  nonceVerified=" + nonceVerified);
             if (!nonceVerified) {
                 args.set(ARG_ERROR_CODE, "1");
                 args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale,
@@ -194,7 +192,7 @@ public class ProfileProcessServlet extends ProfileServlet {
         }
         CMS.debug("ProfileProcessServlet: SubId=" + mProfileSubId);
         IProfileSubsystem ps = (IProfileSubsystem)
-            CMS.getSubsystem(mProfileSubId);
+                CMS.getSubsystem(mProfileSubId);
 
         if (ps == null) {
             CMS.debug("ProfileProcessServlet: ProfileSubsystem not found");
@@ -203,7 +201,7 @@ public class ProfileProcessServlet extends ProfileServlet {
                     "CMS_INTERNAL_ERROR"));
             outputTemplate(request, response, args);
             if (statsSub != null) {
-              statsSub.endTiming("approval");
+                statsSub.endTiming("approval");
             }
             return;
         }
@@ -213,13 +211,13 @@ public class ProfileProcessServlet extends ProfileServlet {
 
         if (authority == null) {
             CMS.debug("ProfileProcessServlet: Authority " + mAuthorityId +
-                " not found");
+                    " not found");
             args.set(ARG_ERROR_CODE, "1");
             args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale,
                     "CMS_INTERNAL_ERROR"));
             outputTemplate(request, response, args);
             if (statsSub != null) {
-              statsSub.endTiming("approval");
+                statsSub.endTiming("approval");
             }
             return;
         }
@@ -227,13 +225,13 @@ public class ProfileProcessServlet extends ProfileServlet {
 
         if (queue == null) {
             CMS.debug("ProfileProcessServlet: Request Queue of " +
-                mAuthorityId + " not found");
+                    mAuthorityId + " not found");
             args.set(ARG_ERROR_CODE, "1");
             args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale,
                     "CMS_INTERNAL_ERROR"));
             outputTemplate(request, response, args);
             if (statsSub != null) {
-              statsSub.endTiming("approval");
+                statsSub.endTiming("approval");
             }
             return;
         }
@@ -247,7 +245,7 @@ public class ProfileProcessServlet extends ProfileServlet {
                     "CMS_REQUEST_ID_NOT_FOUND"));
             outputTemplate(request, response, args);
             if (statsSub != null) {
-              statsSub.endTiming("approval");
+                statsSub.endTiming("approval");
             }
             return;
         }
@@ -259,8 +257,8 @@ public class ProfileProcessServlet extends ProfileServlet {
             req = queue.findRequest(new RequestId(requestId));
         } catch (EBaseException e) {
             // request not found
-            CMS.debug("ProfileProcessServlet: request not found requestId=" + 
-                requestId + " " + e.toString());
+            CMS.debug("ProfileProcessServlet: request not found requestId=" +
+                    requestId + " " + e.toString());
         }
         if (req == null) {
             args.set(ARG_ERROR_CODE, "1");
@@ -268,12 +266,12 @@ public class ProfileProcessServlet extends ProfileServlet {
                     "CMS_REQUEST_NOT_FOUND", requestId));
             outputTemplate(request, response, args);
             if (statsSub != null) {
-              statsSub.endTiming("approval");
+                statsSub.endTiming("approval");
             }
             return;
         }
 
-	// check if the request is in one of the terminal states
+        // check if the request is in one of the terminal states
         if (!req.getRequestStatus().equals(RequestStatus.PENDING)) {
             args.set(ARG_ERROR_CODE, "1");
             args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale,
@@ -281,7 +279,7 @@ public class ProfileProcessServlet extends ProfileServlet {
             args.set(ARG_REQUEST_ID, requestId);
             outputTemplate(request, response, args);
             if (statsSub != null) {
-              statsSub.endTiming("approval");
+                statsSub.endTiming("approval");
             }
             return;
         }
@@ -296,7 +294,7 @@ public class ProfileProcessServlet extends ProfileServlet {
                     "CMS_PROFILE_ID_NOT_FOUND"));
             outputTemplate(request, response, args);
             if (statsSub != null) {
-              statsSub.endTiming("approval");
+                statsSub.endTiming("approval");
             }
             return;
         }
@@ -309,20 +307,19 @@ public class ProfileProcessServlet extends ProfileServlet {
                     "CMS_OP_NOT_FOUND"));
             outputTemplate(request, response, args);
             if (statsSub != null) {
-              statsSub.endTiming("approval");
+                statsSub.endTiming("approval");
             }
             return;
         }
 
-
         IProfile profile = null;
 
         try {
             profile = ps.getProfile(profileId);
         } catch (EProfileException e) {
             // profile not found
-            CMS.debug("ProfileProcessServlet: profile not found " + 
-                " " + " profileId=" + profileId + " " + e.toString());
+            CMS.debug("ProfileProcessServlet: profile not found " +
+                    " " + " profileId=" + profileId + " " + e.toString());
         }
         if (profile == null) {
             args.set(ARG_ERROR_CODE, "1");
@@ -330,7 +327,7 @@ public class ProfileProcessServlet extends ProfileServlet {
                     "CMS_PROFILE_NOT_FOUND", profileId));
             outputTemplate(request, response, args);
             if (statsSub != null) {
-              statsSub.endTiming("approval");
+                statsSub.endTiming("approval");
             }
             return;
         }
@@ -348,12 +345,11 @@ public class ProfileProcessServlet extends ProfileServlet {
                     "CMS_PROFILE_ID_NOT_ENABLED"));
             outputTemplate(request, response, args);
             if (statsSub != null) {
-              statsSub.endTiming("approval");
+                statsSub.endTiming("approval");
             }
             return;
         }
 
-
         args.set(ARG_ERROR_CODE, "0");
         args.set(ARG_ERROR_REASON, "");
 
@@ -361,7 +357,7 @@ public class ProfileProcessServlet extends ProfileServlet {
             if (op.equals("assign")) {
                 String owner = req.getRequestOwner();
 
-                // assigned owner 
+                // assigned owner
                 if (owner != null && owner.length() > 0) {
                     if (!grantPermission(req, authToken)) {
                         CMS.debug("ProfileProcessServlet: Permission not granted to assign request.");
@@ -375,7 +371,7 @@ public class ProfileProcessServlet extends ProfileServlet {
                         args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, "CMS_PROFILE_DENY_OPERATION"));
                         outputTemplate(request, response, args);
                         if (statsSub != null) {
-                          statsSub.endTiming("approval");
+                            statsSub.endTiming("approval");
                         }
                         return;
                     }
@@ -414,14 +410,14 @@ public class ProfileProcessServlet extends ProfileServlet {
                     args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, "CMS_PROFILE_DENY_OPERATION"));
                     outputTemplate(request, response, args);
                     if (statsSub != null) {
-                      statsSub.endTiming("approval");
+                        statsSub.endTiming("approval");
                     }
                     return;
                 }
             }
 
             // commit request to the storage
-            if (!op.equals("validate")) { 
+            if (!op.equals("validate")) {
                 try {
                     if (op.equals("approve")) {
                         queue.markAsServiced(req);
@@ -429,40 +425,40 @@ public class ProfileProcessServlet extends ProfileServlet {
                         queue.updateRequest(req);
                     }
                 } catch (EBaseException e) {
-                    CMS.debug("ProfileProcessServlet: Request commit error " + 
-                        e.toString());
+                    CMS.debug("ProfileProcessServlet: Request commit error " +
+                            e.toString());
                     // save request to disk
                     args.set(ARG_ERROR_CODE, "1");
                     args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale,
                             "CMS_INTERNAL_ERROR"));
                     outputTemplate(request, response, args);
                     if (statsSub != null) {
-                      statsSub.endTiming("approval");
+                        statsSub.endTiming("approval");
                     }
                     return;
                 }
             }
         } catch (ERejectException e) {
-            CMS.debug("ProfileProcessServlet: execution rejected " + 
-                e.toString());
+            CMS.debug("ProfileProcessServlet: execution rejected " +
+                    e.toString());
             args.set(ARG_ERROR_CODE, "1");
             args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale,
                     "CMS_PROFILE_REJECTED", e.toString()));
         } catch (EDeferException e) {
-            CMS.debug("ProfileProcessServlet: execution defered " + 
-                e.toString());
+            CMS.debug("ProfileProcessServlet: execution defered " +
+                    e.toString());
             args.set(ARG_ERROR_CODE, "1");
             args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale,
                     "CMS_PROFILE_DEFERRED", e.toString()));
         } catch (EPropertyException e) {
-            CMS.debug("ProfileProcessServlet: execution error " + 
-                e.toString());
+            CMS.debug("ProfileProcessServlet: execution error " +
+                    e.toString());
             args.set(ARG_ERROR_CODE, "1");
             args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale,
                     "CMS_PROFILE_PROPERTY_ERROR", e.toString()));
         } catch (EProfileException e) {
-            CMS.debug("ProfileProcessServlet: execution error " + 
-                e.toString());
+            CMS.debug("ProfileProcessServlet: execution error " +
+                    e.toString());
             args.set(ARG_ERROR_CODE, "1");
             args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale,
                     "CMS_INTERNAL_ERROR"));
@@ -475,15 +471,15 @@ public class ProfileProcessServlet extends ProfileServlet {
         args.set(ARG_PROFILE_ID, profileId);
         outputTemplate(request, response, args);
         if (statsSub != null) {
-          statsSub.endTiming("approval");
+            statsSub.endTiming("approval");
         }
     }
- 
+
     public boolean grantPermission(IRequest req, IAuthToken token) {
 
         try {
             boolean enable = CMS.getConfigStore().getBoolean("request.assignee.enable",
-              false);
+                    false);
             if (!enable)
                 return true;
             String owner = req.getRequestOwner();
@@ -496,32 +492,32 @@ public class ProfileProcessServlet extends ProfileServlet {
                 return true;
         } catch (Exception e) {
         }
-   
+
         return false;
     }
 
     /**
-     * Check if the request creation time is older than the profile
-     * lastModified attribute. 
+     * Check if the request creation time is older than the profile lastModified
+     * attribute.
      */
-    protected void checkProfileVersion(IProfile profile, IRequest req, 
-        Locale locale) throws EProfileException {
+    protected void checkProfileVersion(IProfile profile, IRequest req,
+            Locale locale) throws EProfileException {
         IConfigStore profileConfig = profile.getConfigStore();
         if (profileConfig != null) {
             String lastModified = null;
             try {
-              lastModified = profileConfig.getString("lastModified","");
+                lastModified = profileConfig.getString("lastModified", "");
             } catch (EBaseException e) {
-              CMS.debug(e.toString());
-              throw new EProfileException( e.toString() );
+                CMS.debug(e.toString());
+                throw new EProfileException(e.toString());
             }
             if (!lastModified.equals("")) {
                 Date profileModifiedAt = new Date(Long.parseLong(lastModified));
-                CMS.debug("ProfileProcessServlet: Profile Last Modified=" + 
-                  profileModifiedAt);
+                CMS.debug("ProfileProcessServlet: Profile Last Modified=" +
+                        profileModifiedAt);
                 Date reqCreatedAt = req.getCreationTime();
-                CMS.debug("ProfileProcessServlet: Request Created At=" + 
-                   reqCreatedAt);
+                CMS.debug("ProfileProcessServlet: Request Created At=" +
+                        reqCreatedAt);
                 if (profileModifiedAt.after(reqCreatedAt)) {
                     CMS.debug("Profile Newer Than Request");
                     throw new ERejectException("Profile Newer Than Request");
@@ -531,18 +527,18 @@ public class ProfileProcessServlet extends ProfileServlet {
     }
 
     protected void assignRequest(ServletRequest request, ArgSet args,
-        IRequest req, 
-        IRequestQueue queue, IProfile profile, Locale locale)
-        throws EProfileException {
+            IRequest req,
+            IRequestQueue queue, IProfile profile, Locale locale)
+            throws EProfileException {
 
         String id = auditSubjectID();
         req.setRequestOwner(id);
     }
 
     protected void unassignRequest(ServletRequest request, ArgSet args,
-        IRequest req, 
-        IRequestQueue queue, IProfile profile, Locale locale)
-        throws EProfileException {
+            IRequest req,
+            IRequestQueue queue, IProfile profile, Locale locale)
+            throws EProfileException {
 
         req.setRequestOwner("");
     }
@@ -552,13 +548,14 @@ public class ProfileProcessServlet extends ProfileServlet {
      * <P>
      * 
      * (Certificate Request Processed - a manual "agent" profile based cert
-     *  cancellation)
+     * cancellation)
      * <P>
      * 
      * <ul>
      * <li>signed.audit LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED used when a
      * certificate request has just been through the approval process
      * </ul>
+     * 
      * @param request the servlet request
      * @param args argument set
      * @param req the certificate request
@@ -566,12 +563,12 @@ public class ProfileProcessServlet extends ProfileServlet {
      * @param profile this profile
      * @param locale the system locale
      * @exception EProfileException an error related to this profile has
-     * occurred
+     *                occurred
      */
     protected void cancelRequest(ServletRequest request, ArgSet args,
-        IRequest req, 
-        IRequestQueue queue, IProfile profile, Locale locale)
-        throws EProfileException {
+            IRequest req,
+            IRequestQueue queue, IProfile profile, Locale locale)
+            throws EProfileException {
         String auditMessage = null;
         String auditSubjectID = auditSubjectID();
         String auditRequesterID = auditRequesterID(req);
@@ -591,16 +588,16 @@ public class ProfileProcessServlet extends ProfileServlet {
 
         audit(auditMessage);
         // } catch( EProfileException eAudit1 ) {
-        //     // store a message in the signed audit log file
-        //     auditMessage = CMS.getLogMessage(
-        //                        LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED,
-        //                        auditSubjectID,
-        //                        ILogger.FAILURE,
-        //                        auditRequesterID,
-        //                        ILogger.SIGNED_AUDIT_CANCELLATION,
-        //                        auditInfoValue );
+        // // store a message in the signed audit log file
+        // auditMessage = CMS.getLogMessage(
+        // LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED,
+        // auditSubjectID,
+        // ILogger.FAILURE,
+        // auditRequesterID,
+        // ILogger.SIGNED_AUDIT_CANCELLATION,
+        // auditInfoValue );
         //
-        //     audit( auditMessage );
+        // audit( auditMessage );
         // }
     }
 
@@ -609,13 +606,14 @@ public class ProfileProcessServlet extends ProfileServlet {
      * <P>
      * 
      * (Certificate Request Processed - a manual "agent" profile based cert
-     *  rejection)
+     * rejection)
      * <P>
      * 
      * <ul>
      * <li>signed.audit LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED used when a
      * certificate request has just been through the approval process
      * </ul>
+     * 
      * @param request the servlet request
      * @param args argument set
      * @param req the certificate request
@@ -623,12 +621,12 @@ public class ProfileProcessServlet extends ProfileServlet {
      * @param profile this profile
      * @param locale the system locale
      * @exception EProfileException an error related to this profile has
-     * occurred
+     *                occurred
      */
     protected void rejectRequest(ServletRequest request, ArgSet args,
-        IRequest req, 
-        IRequestQueue queue, IProfile profile, Locale locale) 
-        throws EProfileException {
+            IRequest req,
+            IRequestQueue queue, IProfile profile, Locale locale)
+            throws EProfileException {
         String auditMessage = null;
         String auditSubjectID = auditSubjectID();
         String auditRequesterID = auditRequesterID(req);
@@ -648,16 +646,16 @@ public class ProfileProcessServlet extends ProfileServlet {
 
         audit(auditMessage);
         // } catch( EProfileException eAudit1 ) {
-        //     // store a message in the signed audit log file
-        //     auditMessage = CMS.getLogMessage(
-        //                        LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED,
-        //                        auditSubjectID,
-        //                        ILogger.FAILURE,
-        //                        auditRequesterID,
-        //                        ILogger.SIGNED_AUDIT_REJECTION,
-        //                        auditInfoValue );
+        // // store a message in the signed audit log file
+        // auditMessage = CMS.getLogMessage(
+        // LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED,
+        // auditSubjectID,
+        // ILogger.FAILURE,
+        // auditRequesterID,
+        // ILogger.SIGNED_AUDIT_REJECTION,
+        // auditInfoValue );
         //
-        //     audit( auditMessage );
+        // audit( auditMessage );
         // }
     }
 
@@ -666,13 +664,14 @@ public class ProfileProcessServlet extends ProfileServlet {
      * <P>
      * 
      * (Certificate Request Processed - a manual "agent" profile based cert
-     *  acceptance)
+     * acceptance)
      * <P>
      * 
      * <ul>
      * <li>signed.audit LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED used when a
      * certificate request has just been through the approval process
      * </ul>
+     * 
      * @param request the servlet request
      * @param args argument set
      * @param req the certificate request
@@ -680,12 +679,12 @@ public class ProfileProcessServlet extends ProfileServlet {
      * @param profile this profile
      * @param locale the system locale
      * @exception EProfileException an error related to this profile has
-     * occurred
+     *                occurred
      */
-    protected void approveRequest(ServletRequest request, ArgSet args, 
-        IRequest req, 
-        IRequestQueue queue, IProfile profile, Locale locale) 
-        throws EProfileException {
+    protected void approveRequest(ServletRequest request, ArgSet args,
+            IRequest req,
+            IRequestQueue queue, IProfile profile, Locale locale)
+            throws EProfileException {
         String auditMessage = null;
         String auditSubjectID = auditSubjectID();
         String auditRequesterID = auditRequesterID(req);
@@ -709,33 +708,33 @@ public class ProfileProcessServlet extends ProfileServlet {
                         while (outputNames.hasMoreElements()) {
                             ArgSet outputset = new ArgSet();
                             String outputName =
-                                outputNames.nextElement();
+                                    outputNames.nextElement();
                             IDescriptor outputDesc =
-                                profileOutput.getValueDescriptor(locale,
-                                    outputName);
+                                    profileOutput.getValueDescriptor(locale,
+                                            outputName);
 
                             if (outputDesc == null)
                                 continue;
                             String outputSyntax = outputDesc.getSyntax();
                             String outputConstraint =
-                                outputDesc.getConstraint();
+                                    outputDesc.getConstraint();
                             String outputValueName =
-                                outputDesc.getDescription(locale);
+                                    outputDesc.getDescription(locale);
                             String outputValue = null;
 
                             try {
                                 outputValue = profileOutput.getValue(
-                                            outputName, 
+                                            outputName,
                                             locale, req);
                             } catch (EProfileException e) {
                                 CMS.debug("ProfileSubmitServlet: " +
-                                    e.toString());
+                                        e.toString());
                             }
 
                             outputset.set(ARG_OUTPUT_ID, outputName);
                             outputset.set(ARG_OUTPUT_SYNTAX, outputSyntax);
                             outputset.set(ARG_OUTPUT_CONSTRAINT,
-                                outputConstraint);
+                                    outputConstraint);
                             outputset.set(ARG_OUTPUT_NAME, outputValueName);
                             outputset.set(ARG_OUTPUT_VAL, outputValue);
                             outputlist.add(outputset);
@@ -775,13 +774,12 @@ public class ProfileProcessServlet extends ProfileServlet {
             CMS.debug("ProfileProcessServlet: about to throw EProfileException because of bad profile execute.");
             throw new EProfileException(eAudit1.toString());
 
-            
         }
     }
 
-    protected void updateValues(ServletRequest request, IRequest req, 
-        IRequestQueue queue, IProfile profile, Locale locale)
-        throws ERejectException, EDeferException, EPropertyException {
+    protected void updateValues(ServletRequest request, IRequest req,
+            IRequestQueue queue, IProfile profile, Locale locale)
+            throws ERejectException, EDeferException, EPropertyException {
         String profileSetId = req.getExtDataInString("profileSetId");
 
         Enumeration policies = profile.getProfilePolicies(profileSetId);
@@ -813,17 +811,17 @@ public class ProfileProcessServlet extends ProfileServlet {
         }
     }
 
-    protected void validate(Locale locale, int count, 
-        IProfilePolicy policy, IRequest req, ServletRequest request) 
-        throws ERejectException, EDeferException {
+    protected void validate(Locale locale, int count,
+            IProfilePolicy policy, IRequest req, ServletRequest request)
+            throws ERejectException, EDeferException {
         IPolicyConstraint con = policy.getConstraint();
 
         con.validate(req);
     }
 
-    protected void setValue(Locale locale, int count, 
-        IProfilePolicy policy, IRequest req, ServletRequest request) 
-        throws EPropertyException {
+    protected void setValue(Locale locale, int count,
+            IProfilePolicy policy, IRequest req, ServletRequest request)
+            throws EPropertyException {
         // handle default policy
         IPolicyDefault def = policy.getDefault();
         Enumeration defNames = def.getValueNames();
@@ -838,11 +836,11 @@ public class ProfileProcessServlet extends ProfileServlet {
 
     /**
      * Signed Audit Log Requester ID
-     *
-     * This method is called to obtain the "RequesterID" for
-     * a signed audit log message.
+     * 
+     * This method is called to obtain the "RequesterID" for a signed audit log
+     * message.
      * <P>
-     *
+     * 
      * @param request the actual request
      * @return id string containing the signed audit log message RequesterID
      */
@@ -868,11 +866,11 @@ public class ProfileProcessServlet extends ProfileServlet {
 
     /**
      * Signed Audit Log Info Value
-     *
-     * This method is called to obtain the "reason" for
-     * a signed audit log message.
+     * 
+     * This method is called to obtain the "reason" for a signed audit log
+     * message.
      * <P>
-     *
+     * 
      * @param request the actual request
      * @return reason string containing the signed audit log message reason
      */
@@ -887,7 +885,7 @@ public class ProfileProcessServlet extends ProfileServlet {
         if (request != null) {
             // overwrite "reason" if and only if "info" != null
             String info =
-                request.getExtDataInString(SIGNED_AUDIT_CERT_REQUEST_REASON);
+                    request.getExtDataInString(SIGNED_AUDIT_CERT_REQUEST_REASON);
 
             if (info != null) {
                 reason = info.trim();
@@ -904,11 +902,11 @@ public class ProfileProcessServlet extends ProfileServlet {
 
     /**
      * Signed Audit Log Info Certificate Value
-     *
+     * 
      * This method is called to obtain the certificate from the passed in
      * "X509CertImpl" for a signed audit log message.
      * <P>
-     *
+     * 
      * @param x509cert an X509CertImpl
      * @return cert string containing the certificate
      */
@@ -941,7 +939,7 @@ public class ProfileProcessServlet extends ProfileServlet {
             // extract all line separators from the "base64Data"
             StringBuffer sb = new StringBuffer();
             for (int i = 0; i < base64Data.length(); i++) {
-                  if (!Character.isWhitespace(base64Data.charAt(i))) {
+                if (!Character.isWhitespace(base64Data.charAt(i))) {
                     sb.append(base64Data.charAt(i));
                 }
             }
@@ -961,4 +959,3 @@ public class ProfileProcessServlet extends ProfileServlet {
         }
     }
 }
-
diff --git a/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileReviewServlet.java b/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileReviewServlet.java
index 00840dd8..7ec8596f 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileReviewServlet.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileReviewServlet.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.servlet.profile;
 
-
 import java.util.Enumeration;
 import java.util.Locale;
 import java.util.Random;
@@ -54,10 +53,9 @@ import com.netscape.certsrv.template.ArgList;
 import com.netscape.certsrv.template.ArgSet;
 import com.netscape.cms.servlet.common.CMSRequest;
 
-
 /**
  * This servlet allows reviewing of profile-based request.
- *
+ * 
  * @version $Revision$, $Date$
  */
 public class ProfileReviewServlet extends ProfileServlet {
@@ -69,7 +67,7 @@ public class ProfileReviewServlet extends ProfileServlet {
 
     private static final String PROP_AUTHORITY_ID = "authorityId";
 
-    private String mAuthorityId = null; 
+    private String mAuthorityId = null;
     private Random mRandom = null;
     private Nonces mNonces = null;
 
@@ -79,7 +77,7 @@ public class ProfileReviewServlet extends ProfileServlet {
     /**
      * initialize the servlet. This servlet uses the template file
      * "ImportCert.template" to process the response.
-     *
+     * 
      * @param sc servlet configuration, read from the web.xml file
      */
     public void init(ServletConfig sc) throws ServletException {
@@ -101,7 +99,7 @@ public class ProfileReviewServlet extends ProfileServlet {
      * <ul>
      * <li>http.param requestId the ID of the profile to review
      * </ul>
-     *
+     * 
      * @param cmsReq the object holding the request and response information
      */
     public void process(CMSRequest cmsReq) throws EBaseException {
@@ -120,13 +118,13 @@ public class ProfileReviewServlet extends ProfileServlet {
             } catch (EBaseException e) {
                 CMS.debug("ReviewReqServlet: " + e.toString());
                 log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
-                args.set(ARG_ERROR_CODE, "1"); 
-                args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, 
+                        CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+                args.set(ARG_ERROR_CODE, "1");
+                args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale,
                         "CMS_AUTHENTICATION_ERROR"));
                 outputTemplate(request, response, args);
                 return;
-            }    
+            }
         }
 
         AuthzToken authzToken = null;
@@ -136,15 +134,15 @@ public class ProfileReviewServlet extends ProfileServlet {
                         mAuthzResourceName, "read");
         } catch (EAuthzAccessDenied e) {
             log(ILogger.LL_FAILURE,
-                CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+                    CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
         } catch (Exception e) {
             log(ILogger.LL_FAILURE,
-                CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+                    CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
         }
 
         if (authzToken == null) {
-            args.set(ARG_ERROR_CODE, "1"); 
-            args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale, 
+            args.set(ARG_ERROR_CODE, "1");
+            args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale,
                     "CMS_AUTHORIZATION_ERROR"));
             outputTemplate(request, response, args);
             return;
@@ -158,7 +156,7 @@ public class ProfileReviewServlet extends ProfileServlet {
         }
         CMS.debug("ProfileReviewServlet: SubId=" + mProfileSubId);
         IProfileSubsystem ps = (IProfileSubsystem)
-            CMS.getSubsystem(mProfileSubId);
+                CMS.getSubsystem(mProfileSubId);
 
         if (ps == null) {
             CMS.debug("ProfileReviewServlet: ProfileSubsystem not found");
@@ -174,7 +172,7 @@ public class ProfileReviewServlet extends ProfileServlet {
 
         if (authority == null) {
             CMS.debug("ProfileReviewServlet: Authority " + mAuthorityId +
-                " not found");
+                    " not found");
             args.set(ARG_ERROR_CODE, "1");
             args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale,
                     "CMS_INTERNAL_ERROR"));
@@ -185,7 +183,7 @@ public class ProfileReviewServlet extends ProfileServlet {
 
         if (queue == null) {
             CMS.debug("ProfileReviewServlet: Request Queue of " +
-                mAuthorityId + " not found");
+                    mAuthorityId + " not found");
             args.set(ARG_ERROR_CODE, "1");
             args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale,
                     "CMS_INTERNAL_ERROR"));
@@ -201,8 +199,8 @@ public class ProfileReviewServlet extends ProfileServlet {
             req = queue.findRequest(new RequestId(requestId));
         } catch (EBaseException e) {
             // request not found
-            CMS.debug("ProfileReviewServlet: request not found requestId=" + 
-                requestId + " " + e.toString());
+            CMS.debug("ProfileReviewServlet: request not found requestId=" +
+                    requestId + " " + e.toString());
         }
         if (req == null) {
             args.set(ARG_ERROR_CODE, "1");
@@ -214,16 +212,16 @@ public class ProfileReviewServlet extends ProfileServlet {
 
         String profileId = req.getExtDataInString("profileId");
 
-        CMS.debug("ProfileReviewServlet: requestId=" + 
-            requestId + " profileId=" + profileId);
+        CMS.debug("ProfileReviewServlet: requestId=" +
+                requestId + " profileId=" + profileId);
         IProfile profile = null;
 
         try {
             profile = ps.getProfile(profileId);
         } catch (EProfileException e) {
             // profile not found
-            CMS.debug("ProfileReviewServlet: profile not found requestId=" + 
-                requestId + " profileId=" + profileId + " " + e.toString());
+            CMS.debug("ProfileReviewServlet: profile not found requestId=" +
+                    requestId + " profileId=" + profileId + " " + e.toString());
         }
         if (profile == null) {
             args.set(ARG_ERROR_CODE, "1");
@@ -232,27 +230,27 @@ public class ProfileReviewServlet extends ProfileServlet {
             outputTemplate(request, response, args);
             return;
         }
-		
+
         String profileSetId = req.getExtDataInString("profileSetId");
 
         CMS.debug("ProfileReviewServlet: profileSetId=" + profileSetId);
-        Enumeration policyIds = (profileSetId != null && profileSetId.length() > 0)?
-                                 profile.getProfilePolicyIds(profileSetId): null;
+        Enumeration policyIds = (profileSetId != null && profileSetId.length() > 0) ?
+                                 profile.getProfilePolicyIds(profileSetId) : null;
         int count = 0;
         ArgList list = new ArgList();
 
         if (policyIds != null) {
-            while (policyIds.hasMoreElements()) { 
+            while (policyIds.hasMoreElements()) {
                 String id = (String) policyIds.nextElement();
                 IProfilePolicy policy = (IProfilePolicy)
-                    profile.getProfilePolicy(req.getExtDataInString("profileSetId"),
-                        id);
+                        profile.getProfilePolicy(req.getExtDataInString("profileSetId"),
+                                id);
 
                 // (3) query all the profile policies
                 // (4) default plugins convert request parameters into string
-                //     http parameters
+                // http parameters
                 handlePolicy(list, response, locale,
-                    id, policy, req);
+                        id, policy, req);
                 count++;
             }
         }
@@ -269,34 +267,34 @@ public class ProfileReviewServlet extends ProfileServlet {
         args.set(ARG_REQUEST_TYPE, req.getRequestType());
         args.set(ARG_REQUEST_STATUS, req.getRequestStatus().toString());
         if (req.getRequestOwner() == null) {
-          args.set(ARG_REQUEST_OWNER, "");
+            args.set(ARG_REQUEST_OWNER, "");
         } else {
-          args.set(ARG_REQUEST_OWNER, req.getRequestOwner());
+            args.set(ARG_REQUEST_OWNER, req.getRequestOwner());
         }
         args.set(ARG_REQUEST_CREATION_TIME, req.getCreationTime().toString());
-        args.set(ARG_REQUEST_MODIFICATION_TIME, 	
-            req.getModificationTime().toString());
+        args.set(ARG_REQUEST_MODIFICATION_TIME,
+                req.getModificationTime().toString());
 
         args.set(ARG_PROFILE_ID, profileId);
-        args.set(ARG_PROFILE_APPROVED_BY, 
-            req.getExtDataInString("profileApprovedBy"));
+        args.set(ARG_PROFILE_APPROVED_BY,
+                req.getExtDataInString("profileApprovedBy"));
         args.set(ARG_PROFILE_SET_ID, req.getExtDataInString("profileSetId"));
         if (profile.isVisible()) {
-          args.set(ARG_PROFILE_IS_VISIBLE, "true");
+            args.set(ARG_PROFILE_IS_VISIBLE, "true");
         } else {
-          args.set(ARG_PROFILE_IS_VISIBLE, "false");
+            args.set(ARG_PROFILE_IS_VISIBLE, "false");
         }
         args.set(ARG_PROFILE_NAME, profile.getName(locale));
         args.set(ARG_PROFILE_DESC, profile.getDescription(locale));
-        args.set(ARG_PROFILE_REMOTE_HOST, 
-            req.getExtDataInString("profileRemoteHost"));
-        args.set(ARG_PROFILE_REMOTE_ADDR, 
-            req.getExtDataInString("profileRemoteAddr"));
+        args.set(ARG_PROFILE_REMOTE_HOST,
+                req.getExtDataInString("profileRemoteHost"));
+        args.set(ARG_PROFILE_REMOTE_ADDR,
+                req.getExtDataInString("profileRemoteAddr"));
         if (req.getExtDataInString("requestNotes") == null) {
             args.set(ARG_REQUEST_NOTES, "");
         } else {
-            args.set(ARG_REQUEST_NOTES, 
-                req.getExtDataInString("requestNotes"));
+            args.set(ARG_REQUEST_NOTES,
+                    req.getExtDataInString("requestNotes"));
         }
 
         args.set(ARG_RECORD, list);
@@ -358,7 +356,7 @@ public class ProfileReviewServlet extends ProfileServlet {
             while (outputIds.hasMoreElements()) {
                 String outputId = (String) outputIds.nextElement();
                 IProfileOutput profileOutput = profile.getProfileOutput(outputId
-                    );
+                        );
 
                 Enumeration outputNames = profileOutput.getValueNames();
 
@@ -366,9 +364,9 @@ public class ProfileReviewServlet extends ProfileServlet {
                     while (outputNames.hasMoreElements()) {
                         ArgSet outputset = new ArgSet();
                         String outputName = (String) outputNames.nextElement
-                            ();
+                                ();
                         IDescriptor outputDesc =
-                            profileOutput.getValueDescriptor(locale, outputName);
+                                profileOutput.getValueDescriptor(locale, outputName);
 
                         if (outputDesc == null)
                             continue;
@@ -382,7 +380,7 @@ public class ProfileReviewServlet extends ProfileServlet {
                                         locale, req);
                         } catch (EProfileException e) {
                             CMS.debug("ProfileSubmitServlet: " + e.toString(
-                                ));
+                                    ));
                         }
 
                         outputset.set(ARG_OUTPUT_ID, outputName);
@@ -401,9 +399,9 @@ public class ProfileReviewServlet extends ProfileServlet {
         outputTemplate(request, response, args);
     }
 
-    private void handlePolicy(ArgList list, ServletResponse response, 
-        Locale locale, String id, IProfilePolicy policy, 
-        IRequest req) {
+    private void handlePolicy(ArgList list, ServletResponse response,
+            Locale locale, String id, IProfilePolicy policy,
+            IRequest req) {
         ArgSet set = new ArgSet();
 
         set.set(ARG_POLICY_ID, id);
diff --git a/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileSelectServlet.java b/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileSelectServlet.java
index 813af8f6..d18336ae 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileSelectServlet.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileSelectServlet.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.servlet.profile;
 
-
 import java.util.Enumeration;
 import java.util.Locale;
 
@@ -48,10 +47,9 @@ import com.netscape.certsrv.template.ArgList;
 import com.netscape.certsrv.template.ArgSet;
 import com.netscape.cms.servlet.common.CMSRequest;
 
-
 /**
  * Retrieve detailed information of a particular profile.
- *
+ * 
  * @version $Revision$, $Date$
  */
 public class ProfileSelectServlet extends ProfileServlet {
@@ -61,7 +59,7 @@ public class ProfileSelectServlet extends ProfileServlet {
      */
     private static final long serialVersionUID = -3765390650830903602L;
     private static final String PROP_AUTHORITY_ID = "authorityId";
-    private String mAuthorityId = null; 
+    private String mAuthorityId = null;
 
     public ProfileSelectServlet() {
     }
@@ -76,7 +74,7 @@ public class ProfileSelectServlet extends ProfileServlet {
      * <ul>
      * <li>http.param profileId the id of the profile to select
      * </ul>
-     *
+     * 
      * @param cmsReq the object holding the request and response information
      */
     public void process(CMSRequest cmsReq) throws EBaseException {
@@ -96,7 +94,7 @@ public class ProfileSelectServlet extends ProfileServlet {
             } catch (EBaseException e) {
                 CMS.debug("ProcessReqServlet: " + e.toString());
                 log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+                        CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
                 args.set(ARG_ERROR_CODE, "1");
                 args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale,
                         "CMS_AUTHENTICATION_ERROR"));
@@ -112,10 +110,10 @@ public class ProfileSelectServlet extends ProfileServlet {
                         mAuthzResourceName, "read");
         } catch (EAuthzAccessDenied e) {
             log(ILogger.LL_FAILURE,
-                CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+                    CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
         } catch (Exception e) {
             log(ILogger.LL_FAILURE,
-                CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+                    CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
         }
 
         if (authzToken == null) {
@@ -134,7 +132,7 @@ public class ProfileSelectServlet extends ProfileServlet {
         }
         CMS.debug("ProfileSelectServlet: SubId=" + mProfileSubId);
         IProfileSubsystem ps = (IProfileSubsystem)
-            CMS.getSubsystem(mProfileSubId);
+                CMS.getSubsystem(mProfileSubId);
 
         if (ps == null) {
             CMS.debug("ProfileSelectServlet: ProfileSubsystem not found");
@@ -150,7 +148,7 @@ public class ProfileSelectServlet extends ProfileServlet {
 
         if (authority == null) {
             CMS.debug("ProfileSelectServlet: Authority " + mAuthorityId +
-                " not found");
+                    " not found");
             args.set(ARG_ERROR_CODE, "1");
             args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale,
                     "CMS_INTERNAL_ERROR"));
@@ -161,7 +159,7 @@ public class ProfileSelectServlet extends ProfileServlet {
 
         if (queue == null) {
             CMS.debug("ProfileSelectServlet: Request Queue of " +
-                mAuthorityId + " not found");
+                    mAuthorityId + " not found");
             args.set(ARG_ERROR_CODE, "1");
             args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale,
                     "CMS_INTERNAL_ERROR"));
@@ -179,8 +177,8 @@ public class ProfileSelectServlet extends ProfileServlet {
             profile = ps.getProfile(profileId);
         } catch (EProfileException e) {
             // profile not found
-            CMS.debug("ProfileSelectServlet: profile not found profileId=" + 
-                profileId + " " + e.toString());
+            CMS.debug("ProfileSelectServlet: profile not found profileId=" +
+                    profileId + " " + e.toString());
         }
         if (profile == null) {
             args.set(ARG_ERROR_CODE, "1");
@@ -189,7 +187,7 @@ public class ProfileSelectServlet extends ProfileServlet {
             outputTemplate(request, response, args);
             return;
         }
-		
+
         ArgList setlist = new ArgList();
         Enumeration policySetIds = profile.getProfilePolicySetIds();
 
@@ -204,13 +202,14 @@ public class ProfileSelectServlet extends ProfileServlet {
                     while (policyIds.hasMoreElements()) {
                         String id = (String) policyIds.nextElement();
                         IProfilePolicy policy = (IProfilePolicy)
-                            profile.getProfilePolicy(setId, id);
+                                profile.getProfilePolicy(setId, id);
 
                         // (3) query all the profile policies
-                        // (4) default plugins convert request parameters into string
-                        //     http parameters
+                        // (4) default plugins convert request parameters into
+                        // string
+                        // http parameters
                         handlePolicy(list, response, locale,
-                            id, policy);
+                                id, policy);
                     }
                 }
                 ArgSet setArg = new ArgSet();
@@ -224,29 +223,29 @@ public class ProfileSelectServlet extends ProfileServlet {
 
         args.set(ARG_PROFILE_ID, profileId);
         args.set(ARG_PROFILE_IS_ENABLED,
-            Boolean.toString(ps.isProfileEnable(profileId)));
+                Boolean.toString(ps.isProfileEnable(profileId)));
         args.set(ARG_PROFILE_ENABLED_BY, ps.getProfileEnableBy(profileId));
         args.set(ARG_PROFILE_NAME, profile.getName(locale));
-        args.set(ARG_PROFILE_DESC, profile.getDescription(locale)); 
-        args.set(ARG_PROFILE_IS_VISIBLE, 
-            Boolean.toString(profile.isVisible()));
+        args.set(ARG_PROFILE_DESC, profile.getDescription(locale));
+        args.set(ARG_PROFILE_IS_VISIBLE,
+                Boolean.toString(profile.isVisible()));
         args.set(ARG_ERROR_CODE, "0");
         args.set(ARG_ERROR_REASON, "");
 
         try {
-          boolean keyArchivalEnabled = CMS.getConfigStore().getBoolean("ca.connector.KRA.enable", false);
-          if (keyArchivalEnabled == true) {
-            CMS.debug("ProfileSelectServlet: keyArchivalEnabled is true");
-
-            // output transport certificate if present
-            args.set("transportCert", 
-            CMS.getConfigStore().getString("ca.connector.KRA.transportCert", ""));
-          } else {
-            CMS.debug("ProfileSelectServlet: keyArchivalEnabled is false");
-            args.set("transportCert",  "");
-          }
+            boolean keyArchivalEnabled = CMS.getConfigStore().getBoolean("ca.connector.KRA.enable", false);
+            if (keyArchivalEnabled == true) {
+                CMS.debug("ProfileSelectServlet: keyArchivalEnabled is true");
+
+                // output transport certificate if present
+                args.set("transportCert",
+                        CMS.getConfigStore().getString("ca.connector.KRA.transportCert", ""));
+            } else {
+                CMS.debug("ProfileSelectServlet: keyArchivalEnabled is false");
+                args.set("transportCert", "");
+            }
         } catch (EBaseException e) {
-          CMS.debug("ProfileSelectServlet: exception caught:"+e.toString());
+            CMS.debug("ProfileSelectServlet: exception caught:" + e.toString());
         }
 
         // build authentication
@@ -259,7 +258,7 @@ public class ProfileSelectServlet extends ProfileServlet {
             // authenticator not installed correctly
             args.set(ARG_ERROR_CODE, "1");
             args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale,
-                    "CMS_AUTHENTICATION_MANAGER_NOT_FOUND", 	
+                    "CMS_AUTHENTICATION_MANAGER_NOT_FOUND",
                     profile.getAuthenticatorId()));
             outputTemplate(request, response, args);
             return;
@@ -272,8 +271,8 @@ public class ProfileSelectServlet extends ProfileServlet {
                 while (authNames.hasMoreElements()) {
                     ArgSet authset = new ArgSet();
                     String authName = (String) authNames.nextElement();
-                    IDescriptor authDesc = 
-                        authenticator.getValueDescriptor(locale, authName);
+                    IDescriptor authDesc =
+                            authenticator.getValueDescriptor(locale, authName);
 
                     if (authDesc == null)
                         continue;
@@ -291,8 +290,8 @@ public class ProfileSelectServlet extends ProfileServlet {
             args.set(ARG_AUTH_LIST, authlist);
             args.set(ARG_AUTH_NAME, authenticator.getName(locale));
             args.set(ARG_AUTH_DESC, authenticator.getText(locale));
-            args.set(ARG_AUTH_IS_SSL, 
-                Boolean.toString(authenticator.isSSLClientRequired()));
+            args.set(ARG_AUTH_IS_SSL,
+                    Boolean.toString(authenticator.isSSLClientRequired()));
         }
 
         // build input list
@@ -309,10 +308,10 @@ public class ProfileSelectServlet extends ProfileServlet {
 
                     ArgSet inputpluginset = new ArgSet();
                     inputpluginset.set(ARG_INPUT_PLUGIN_ID, inputId);
-                    inputpluginset.set(ARG_INPUT_PLUGIN_NAME, 
-                        profileInput.getName(locale));
-                    inputpluginset.set(ARG_INPUT_PLUGIN_DESC, 
-                        profileInput.getText(locale));
+                    inputpluginset.set(ARG_INPUT_PLUGIN_NAME,
+                            profileInput.getName(locale));
+                    inputpluginset.set(ARG_INPUT_PLUGIN_DESC,
+                            profileInput.getText(locale));
                     inputPluginlist.add(inputpluginset);
 
                     Enumeration inputNames = profileInput.getValueNames();
@@ -352,8 +351,8 @@ public class ProfileSelectServlet extends ProfileServlet {
         outputTemplate(request, response, args);
     }
 
-    private void handlePolicy(ArgList list, ServletResponse response, 
-        Locale locale, String id, IProfilePolicy policy) {
+    private void handlePolicy(ArgList list, ServletResponse response,
+            Locale locale, String id, IProfilePolicy policy) {
         ArgSet set = new ArgSet();
 
         set.set(ARG_POLICY_ID, id);
diff --git a/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileServlet.java b/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileServlet.java
index 46f3797d..37f501b4 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileServlet.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileServlet.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.servlet.profile;
 
-
 import java.io.BufferedReader;
 import java.io.ByteArrayOutputStream;
 import java.io.FileReader;
@@ -46,10 +45,9 @@ import com.netscape.cms.servlet.base.UserInfo;
 import com.netscape.cms.servlet.common.CMSRequest;
 import com.netscape.cms.servlet.common.Utils;
 
-
 /**
  * This servlet is the base class of all profile servlets.
- *
+ * 
  * @version $Revision$, $Date$
  */
 public class ProfileServlet extends CMSServlet {
@@ -67,12 +65,12 @@ public class ProfileServlet extends CMSServlet {
     public final static String ARG_REQUEST_ID = "requestId";
     public final static String ARG_REQUEST_TYPE = "requestType";
     public final static String ARG_REQUEST_STATUS = "requestStatus";
-    public final static String ARG_REQUEST_OWNER = 
-        "requestOwner";
-    public final static String ARG_REQUEST_CREATION_TIME = 
-        "requestCreationTime";
-    public final static String ARG_REQUEST_MODIFICATION_TIME = 
-        "requestModificationTime";
+    public final static String ARG_REQUEST_OWNER =
+            "requestOwner";
+    public final static String ARG_REQUEST_CREATION_TIME =
+            "requestCreationTime";
+    public final static String ARG_REQUEST_MODIFICATION_TIME =
+            "requestModificationTime";
     public final static String ARG_REQUEST_NONCE = "nonce";
 
     public final static String ARG_AUTH_ID = "authId";
@@ -166,15 +164,15 @@ public class ProfileServlet extends CMSServlet {
         super();
     }
 
-	/**
-     * initialize the servlet. Servlets implementing this method
-     * must specify the template to use as a parameter called
-     * "templatePath" in the servletConfig
-     *
+    /**
+     * initialize the servlet. Servlets implementing this method must specify
+     * the template to use as a parameter called "templatePath" in the
+     * servletConfig
+     * 
      * @param sc servlet configuration, read from the web.xml file
      */
 
-    public void init(ServletConfig sc) throws ServletException { 
+    public void init(ServletConfig sc) throws ServletException {
         super.init(sc);
         mTemplate = sc.getServletContext().getRealPath(
                     sc.getInitParameter(PROP_TEMPLATE));
@@ -193,47 +191,44 @@ public class ProfileServlet extends CMSServlet {
         }
     }
 
-    protected String escapeXML(String v)
-    {
-       if (v == null) {
-         return "";
-       }
-       v = v.replaceAll("&", "&amp;");
-       return v;
+    protected String escapeXML(String v) {
+        if (v == null) {
+            return "";
+        }
+        v = v.replaceAll("&", "&amp;");
+        return v;
     }
 
-    protected void outputArgValueAsXML(PrintStream ps, String name, IArgValue v)
-    {
-            ps.println("<" + name + ">");
-            if (v != null) {
-              if (v instanceof ArgList) {
-                 ArgList list = (ArgList)v;
-                 ps.println("<list>");
-                 for (int i = 0; i < list.size(); i++) {
-                   outputArgValueAsXML(ps, name, list.get(i));
-                 }
-                 ps.println("</list>");
-              } else if (v instanceof ArgString) {
-                 ArgString str = (ArgString)v;
-                 ps.println(escapeXML(str.getValue()));
-              } else if (v instanceof ArgSet) {
-                 ArgSet set = (ArgSet)v;
-                  ps.println("<set>");
-                  Enumeration names = set.getNames();
-                  while (names.hasMoreElements()) {
-                    String n = (String)names.nextElement();
+    protected void outputArgValueAsXML(PrintStream ps, String name, IArgValue v) {
+        ps.println("<" + name + ">");
+        if (v != null) {
+            if (v instanceof ArgList) {
+                ArgList list = (ArgList) v;
+                ps.println("<list>");
+                for (int i = 0; i < list.size(); i++) {
+                    outputArgValueAsXML(ps, name, list.get(i));
+                }
+                ps.println("</list>");
+            } else if (v instanceof ArgString) {
+                ArgString str = (ArgString) v;
+                ps.println(escapeXML(str.getValue()));
+            } else if (v instanceof ArgSet) {
+                ArgSet set = (ArgSet) v;
+                ps.println("<set>");
+                Enumeration names = set.getNames();
+                while (names.hasMoreElements()) {
+                    String n = (String) names.nextElement();
                     outputArgValueAsXML(ps, n, set.get(n));
-                  }
-                 ps.println("</set>");
-              } else {
-                  ps.println(v);
-              }
+                }
+                ps.println("</set>");
+            } else {
+                ps.println(v);
             }
-            ps.println("</" + name + ">");
+        }
+        ps.println("</" + name + ">");
     }
 
-    protected void outputThisAsXML(ByteArrayOutputStream bos, ArgSet args)
-    {
+    protected void outputThisAsXML(ByteArrayOutputStream bos, ArgSet args) {
         PrintStream ps = new PrintStream(bos);
         ps.println("<xml>");
         outputArgValueAsXML(ps, "output", args);
@@ -241,9 +236,9 @@ public class ProfileServlet extends CMSServlet {
         ps.flush();
     }
 
-    public void outputTemplate(HttpServletRequest request, 
+    public void outputTemplate(HttpServletRequest request,
                    HttpServletResponse response, ArgSet args)
-        throws EBaseException {
+            throws EBaseException {
 
         String xmlOutput = request.getParameter("xml");
         if (xmlOutput != null && xmlOutput.equals("true")) {
@@ -251,32 +246,31 @@ public class ProfileServlet extends CMSServlet {
             ByteArrayOutputStream bos = new ByteArrayOutputStream();
             outputThisAsXML(bos, args);
             try {
-              response.setContentLength(bos.size());
-              bos.writeTo(response.getOutputStream());
+                response.setContentLength(bos.size());
+                bos.writeTo(response.getOutputStream());
             } catch (Exception e) {
                 CMS.debug("outputTemplate error " + e);
             }
             return;
         }
-        IStatsSubsystem statsSub = (IStatsSubsystem)CMS.getSubsystem("stats");
+        IStatsSubsystem statsSub = (IStatsSubsystem) CMS.getSubsystem("stats");
         if (statsSub != null) {
-          statsSub.startTiming("output_template");
+            statsSub.startTiming("output_template");
         }
         BufferedReader reader = null;
         try {
             reader = new BufferedReader(
-                    new FileReader(mTemplate));		
+                    new FileReader(mTemplate));
 
             response.setContentType("text/html; charset=UTF-8");
 
             PrintWriter writer = response.getWriter();
 
-
             // output template
             String line = null;
 
             do {
-                line = reader.readLine();	
+                line = reader.readLine();
                 if (line != null) {
                     if (line.indexOf("<CMS_TEMPLATE>") == -1) {
                         writer.println(line);
@@ -287,21 +281,20 @@ public class ProfileServlet extends CMSServlet {
                         writer.println("</script>");
                     }
                 }
-            }
-            while (line != null);
+            } while (line != null);
             reader.close();
         } catch (IOException e) {
-           CMS.debug(e);
-           throw new EBaseException(e.toString());
+            CMS.debug(e);
+            throw new EBaseException(e.toString());
         } finally {
-          if (statsSub != null) {
-            statsSub.endTiming("output_template");
-          }
+            if (statsSub != null) {
+                statsSub.endTiming("output_template");
+            }
         }
     }
 
     protected void outputArgList(PrintWriter writer, String name, ArgList list)
-        throws IOException {	
+            throws IOException {
 
         String h_name = null;
 
@@ -311,7 +304,7 @@ public class ProfileServlet extends CMSServlet {
             h_name = name.substring(name.indexOf('.') + 1);
         }
         writer.println(name + "Set = new Array;");
-        //		writer.println(h_name + "Count = 0;");
+        // writer.println(h_name + "Count = 0;");
 
         for (int i = 0; i < list.size(); i++) {
             writer.println(h_name + " = new Object;");
@@ -342,27 +335,27 @@ public class ProfileServlet extends CMSServlet {
             char c = in[i];
 
             /* presumably this gives better performance */
-            if ((c > 0x23) && (c!= 0x5c) && (c!= 0x3c) && (c!= 0x3e)) { 
+            if ((c > 0x23) && (c != 0x5c) && (c != 0x3c) && (c != 0x3e)) {
                 out[j++] = c;
                 continue;
             }
 
             /* some inputs are coming in as '\' and 'n' */
             /* see BZ 500736 for details */
-            if ((c == 0x5c) && ((i+1)<l) && (in[i+1] == 'n' ||
-                 in[i+1] == 'r' || in[i+1] == 'f' || in[i+1] == 't' ||
-                 in[i+1] == '<' || in[i+1] == '>' ||
-                 in[i+1] == '\"' || in[i+1] == '\'' || in[i+1] == '\\')) {
-                if (in[i+1] == 'x' && ((i+3)<l) && in[i+2] == '3' &&
-                    (in[i+3] == 'c' || in[i+3] == 'e')) {
+            if ((c == 0x5c) && ((i + 1) < l) && (in[i + 1] == 'n' ||
+                    in[i + 1] == 'r' || in[i + 1] == 'f' || in[i + 1] == 't' ||
+                    in[i + 1] == '<' || in[i + 1] == '>' ||
+                    in[i + 1] == '\"' || in[i + 1] == '\'' || in[i + 1] == '\\')) {
+                if (in[i + 1] == 'x' && ((i + 3) < l) && in[i + 2] == '3' &&
+                        (in[i + 3] == 'c' || in[i + 3] == 'e')) {
                     out[j++] = '\\';
-                    out[j++] = in[i+1];
-                    out[j++] = in[i+2];
-                    out[j++] = in[i+3];
+                    out[j++] = in[i + 1];
+                    out[j++] = in[i + 2];
+                    out[j++] = in[i + 3];
                     i += 3;
-                } else { 
+                } else {
                     out[j++] = '\\';
-                    out[j++] = in[i+1];
+                    out[j++] = in[i + 1];
                     i++;
                 }
                 continue;
@@ -421,18 +414,18 @@ public class ProfileServlet extends CMSServlet {
     }
 
     protected void outputArgString(PrintWriter writer, String name, ArgString str)
-        throws IOException {	
+            throws IOException {
         String s = str.getValue();
 
         // sub \n with "\n"
         if (s != null) {
-            s = escapeJavaScriptString(s); 
+            s = escapeJavaScriptString(s);
         }
         writer.println(name + "=\"" + s + "\";");
     }
 
     protected void outputArgSet(PrintWriter writer, String name, ArgSet set)
-        throws IOException {	
+            throws IOException {
         Enumeration e = set.getNames();
 
         while (e.hasMoreElements()) {
@@ -456,7 +449,7 @@ public class ProfileServlet extends CMSServlet {
     }
 
     protected void outputData(PrintWriter writer, ArgSet set)
-        throws IOException {	
+            throws IOException {
         if (set == null)
             return;
         Enumeration e = set.getNames();
@@ -486,12 +479,12 @@ public class ProfileServlet extends CMSServlet {
      */
     protected void log(int event, int level, String msg) {
         mLogger.log(event, mLogCategory, level,
-            "Servlet " + mId + ": " + msg);
+                "Servlet " + mId + ": " + msg);
     }
 
     protected void log(int level, String msg) {
         mLogger.log(ILogger.EV_SYSTEM, mLogCategory, level,
-            "Servlet " + mId + ": " + msg);
+                "Servlet " + mId + ": " + msg);
     }
 
     /**
@@ -512,8 +505,7 @@ public class ProfileServlet extends CMSServlet {
     }
 
     protected void renderResult(CMSRequest cmsReq)
-        throws IOException {
+            throws IOException {
         // do nothing
     }
 }
-
diff --git a/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileSubmitCMCServlet.java b/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileSubmitCMCServlet.java
index b00b13a9..d7dcb8ad 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileSubmitCMCServlet.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileSubmitCMCServlet.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.servlet.profile;
 
-
 import java.io.InputStream;
 import java.io.OutputStream;
 import java.security.cert.CertificateEncodingException;
@@ -65,10 +64,9 @@ import com.netscape.cms.servlet.common.AuthCredentials;
 import com.netscape.cms.servlet.common.CMCOutputTemplate;
 import com.netscape.cms.servlet.common.CMSRequest;
 
-
 /**
  * This servlet submits end-user request into the profile framework.
- *
+ * 
  * @version $Revision$, $Date$
  */
 public class ProfileSubmitCMCServlet extends ProfileServlet {
@@ -89,27 +87,26 @@ public class ProfileSubmitCMCServlet extends ProfileServlet {
     private String requestBinary = null;
     private String requestB64 = null;
 
-    private final static String[]
-        SIGNED_AUDIT_AUTOMATED_REJECTION_REASON = new String[] {
-            
-            /* 0 */ "automated profile cert request rejection:  "
+    private final static String[] SIGNED_AUDIT_AUTOMATED_REJECTION_REASON = new String[] {
+
+    /* 0 */"automated profile cert request rejection:  "
             + "indeterminate reason for inability to process "
             + "cert request due to an EBaseException"
         };
     private final static String LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED =
-        "LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED_5";
+            "LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED_5";
 
     public ProfileSubmitCMCServlet() {
     }
 
     /**
-     * initialize the servlet. And instance of this servlet can 
-     * be set up to always issue certificates against a certain profile
-     * by setting the 'profileId' configuration in the servletConfig
-     * If not, the user must specify the profileID when submitting the request
+     * initialize the servlet. And instance of this servlet can be set up to
+     * always issue certificates against a certain profile by setting the
+     * 'profileId' configuration in the servletConfig If not, the user must
+     * specify the profileID when submitting the request
      * 
      * "ImportCert.template" to process the response.
-     *
+     * 
      * @param sc servlet configuration, read from the web.xml file
      */
     public void init(ServletConfig sc) throws ServletException {
@@ -158,7 +155,7 @@ public class ProfileSubmitCMCServlet extends ProfileServlet {
     }
 
     public IAuthToken authenticate(IProfileAuthenticator authenticator,
-        HttpServletRequest request)  throws EBaseException {
+            HttpServletRequest request) throws EBaseException {
         AuthCredentials credentials = new AuthCredentials();
 
         // build credential
@@ -177,19 +174,19 @@ public class ProfileSubmitCMCServlet extends ProfileServlet {
         IAuthToken authToken = authenticator.authenticate(credentials);
 
         SessionContext sc = SessionContext.getContext();
-        if (sc != null) { 
-          sc.put(SessionContext.AUTH_MANAGER_ID, authenticator.getName()); 
-          String userid = authToken.getInString(IAuthToken.USER_ID);
-          if (userid != null) { 
-            sc.put(SessionContext.USER_ID, userid); 
-          }
+        if (sc != null) {
+            sc.put(SessionContext.AUTH_MANAGER_ID, authenticator.getName());
+            String userid = authToken.getInString(IAuthToken.USER_ID);
+            if (userid != null) {
+                sc.put(SessionContext.USER_ID, userid);
+            }
         }
 
         return authToken;
     }
 
     private void setInputsIntoRequest(HttpServletRequest request, IProfile
-profile, IRequest req) {
+            profile, IRequest req) {
         Enumeration inputIds = profile.getProfileInputIds();
 
         if (inputIds != null) {
@@ -216,7 +213,7 @@ profile, IRequest req) {
      * <P>
      * 
      * (Certificate Request Processed - either an automated "EE" profile based
-     *  cert acceptance, or an automated "EE" profile based cert rejection)
+     * cert acceptance, or an automated "EE" profile based cert rejection)
      * <P>
      * 
      * <ul>
@@ -224,6 +221,7 @@ profile, IRequest req) {
      * <li>signed.audit LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED used when a
      * certificate request has just been through the approval process
      * </ul>
+     * 
      * @param cmsReq the object holding the request and response information
      * @exception EBaseException an error has occurred
      */
@@ -233,8 +231,8 @@ profile, IRequest req) {
 
         Locale locale = getLocale(request);
         ArgSet args = new ArgSet();
-        String cert_request_type = 
-          mServletConfig.getInitParameter("cert_request_type");
+        String cert_request_type =
+                mServletConfig.getInitParameter("cert_request_type");
         String outputFormat = mServletConfig.getInitParameter("outputFormat");
 
         int reqlen = request.getContentLength();
@@ -268,29 +266,29 @@ profile, IRequest req) {
             while (paramNames.hasMoreElements()) {
                 String paramName = (String) paramNames.nextElement();
                 // added this facility so that password can be hidden,
-                // all sensitive parameters should be prefixed with 
+                // all sensitive parameters should be prefixed with
                 // __ (double underscores); however, in the event that
                 // a security parameter slips through, we perform multiple
                 // additional checks to insure that it is NOT displayed
-                if( paramName.startsWith("__")                         ||
-                    paramName.endsWith("password")                     ||
-                    paramName.endsWith("passwd")                       ||
-                    paramName.endsWith("pwd")                          ||
-                    paramName.equalsIgnoreCase("admin_password_again") ||
-                    paramName.equalsIgnoreCase("directoryManagerPwd")  ||
-                    paramName.equalsIgnoreCase("bindpassword")         ||
-                    paramName.equalsIgnoreCase("bindpwd")              ||
-                    paramName.equalsIgnoreCase("passwd")               ||
-                    paramName.equalsIgnoreCase("password")             ||
-                    paramName.equalsIgnoreCase("pin")                  ||
-                    paramName.equalsIgnoreCase("pwd")                  ||
-                    paramName.equalsIgnoreCase("pwdagain")             ||
-                    paramName.equalsIgnoreCase("uPasswd") ) {
+                if (paramName.startsWith("__") ||
+                        paramName.endsWith("password") ||
+                        paramName.endsWith("passwd") ||
+                        paramName.endsWith("pwd") ||
+                        paramName.equalsIgnoreCase("admin_password_again") ||
+                        paramName.equalsIgnoreCase("directoryManagerPwd") ||
+                        paramName.equalsIgnoreCase("bindpassword") ||
+                        paramName.equalsIgnoreCase("bindpwd") ||
+                        paramName.equalsIgnoreCase("passwd") ||
+                        paramName.equalsIgnoreCase("password") ||
+                        paramName.equalsIgnoreCase("pin") ||
+                        paramName.equalsIgnoreCase("pwd") ||
+                        paramName.equalsIgnoreCase("pwdagain") ||
+                        paramName.equalsIgnoreCase("uPasswd")) {
                     CMS.debug("ProfileSubmitCMCServlet Input Parameter " +
                               paramName + "='(sensitive)'");
                 } else {
                     CMS.debug("ProfileSubmitCMCServlet Input Parameter " +
-                              paramName + "='" + 
+                              paramName + "='" +
                               request.getParameter(paramName) + "'");
                 }
             }
@@ -303,8 +301,8 @@ profile, IRequest req) {
             mProfileSubId = IProfileSubsystem.ID;
         }
         CMS.debug("ProfileSubmitCMCServlet: SubId=" + mProfileSubId);
-        IProfileSubsystem ps = (IProfileSubsystem) 
-            CMS.getSubsystem(mProfileSubId); 
+        IProfileSubsystem ps = (IProfileSubsystem)
+                CMS.getSubsystem(mProfileSubId);
 
         if (ps == null) {
             CMS.debug("ProfileSubmitCMCServlet: ProfileSubsystem not found");
@@ -317,7 +315,7 @@ profile, IRequest req) {
             } catch (Exception ee) {
             }
             template.createFullResponseWithFailedStatus(response, seq,
-              OtherInfo.INTERNAL_CA_ERROR, s);
+                    OtherInfo.INTERNAL_CA_ERROR, s);
             return;
         }
 
@@ -331,14 +329,14 @@ profile, IRequest req) {
             profileId = mProfileId;
         }
 
-        IProfile profile = null; 
+        IProfile profile = null;
 
-        try { 
+        try {
             CMS.debug("ProfileSubmitCMCServlet: profileId " + profileId);
-            profile = ps.getProfile(profileId); 
-        } catch (EProfileException e) { 
-            CMS.debug("ProfileSubmitCMCServlet: profile not found profileId " + 
-                profileId + " " + e.toString());
+            profile = ps.getProfile(profileId);
+        } catch (EProfileException e) {
+            CMS.debug("ProfileSubmitCMCServlet: profile not found profileId " +
+                    profileId + " " + e.toString());
         }
         if (profile == null) {
             CMCOutputTemplate template = new CMCOutputTemplate();
@@ -350,13 +348,13 @@ profile, IRequest req) {
             } catch (Exception ee) {
             }
             template.createFullResponseWithFailedStatus(response, seq,
-              OtherInfo.INTERNAL_CA_ERROR, s);
+                    OtherInfo.INTERNAL_CA_ERROR, s);
             return;
         }
 
         if (!ps.isProfileEnable(profileId)) {
-            CMS.debug("ProfileSubmitCMCServlet: Profile " + profileId + 
-                " not enabled");
+            CMS.debug("ProfileSubmitCMCServlet: Profile " + profileId +
+                    " not enabled");
             CMCOutputTemplate template = new CMCOutputTemplate();
             SEQUENCE seq = new SEQUENCE();
             seq.addElement(new INTEGER(0));
@@ -366,7 +364,7 @@ profile, IRequest req) {
             } catch (Exception ee) {
             }
             template.createFullResponseWithFailedStatus(response, seq,
-              OtherInfo.INTERNAL_CA_ERROR, s);
+                    OtherInfo.INTERNAL_CA_ERROR, s);
             return;
         }
 
@@ -386,8 +384,8 @@ profile, IRequest req) {
         if (authenticator == null) {
             CMS.debug("ProfileSubmitCMCServlet: authenticator not found");
         } else {
-            CMS.debug("ProfileSubmitCMCServlet: authenticator " + 
-                authenticator.getName() + " found");
+            CMS.debug("ProfileSubmitCMCServlet: authenticator " +
+                    authenticator.getName() + " found");
             setCredentialsIntoContext(request, authenticator, ctx);
         }
 
@@ -403,39 +401,39 @@ profile, IRequest req) {
         SessionContext context = SessionContext.getContext();
 
         // insert profile context so that input parameter can be retrieved
-        context.put("profileContext", ctx); 
-        context.put("sslClientCertProvider", 
-            new SSLClientCertProvider(request));
+        context.put("profileContext", ctx);
+        context.put("sslClientCertProvider",
+                new SSLClientCertProvider(request));
         CMS.debug("ProfileSubmitCMCServlet: set sslClientCertProvider");
-        if (authenticator != null) { 
+        if (authenticator != null) {
             try {
                 authToken = authenticate(authenticator, request);
                 // authentication success
             } catch (EBaseException e) {
                 CMCOutputTemplate template = new CMCOutputTemplate();
                 SEQUENCE seq = new SEQUENCE();
-                seq.addElement(new INTEGER(0));  
+                seq.addElement(new INTEGER(0));
                 UTF8String s = null;
                 try {
-                    s = new UTF8String(e.toString()); 
+                    s = new UTF8String(e.toString());
                 } catch (Exception ee) {
                 }
-                template.createFullResponseWithFailedStatus(response, seq, 
-                  OtherInfo.BAD_REQUEST, s); 
-                CMS.debug("ProfileSubmitCMCServlet: authentication error " + 
-                    e.toString());
+                template.createFullResponseWithFailedStatus(response, seq,
+                        OtherInfo.BAD_REQUEST, s);
+                CMS.debug("ProfileSubmitCMCServlet: authentication error " +
+                        e.toString());
                 return;
             }
 
-            //authorization only makes sense when request is authenticated
+            // authorization only makes sense when request is authenticated
             AuthzToken authzToken = null;
             if (authToken != null) {
                 CMS.debug("ProfileSubmitCMCServlet authToken not null");
                 try {
                     authzToken = authorize(mAclMethod, authToken,
-                        mAuthzResourceName, "submit");
+                            mAuthzResourceName, "submit");
                 } catch (Exception e) {
-                    CMS.debug("ProfileSubmitCMCServlet authorization failure: "+e.toString());
+                    CMS.debug("ProfileSubmitCMCServlet authorization failure: " + e.toString());
                 }
             }
 
@@ -450,16 +448,16 @@ profile, IRequest req) {
                 } catch (Exception ee) {
                 }
                 template.createFullResponseWithFailedStatus(response, seq,
-                    OtherInfo.BAD_REQUEST, s);
+                        OtherInfo.BAD_REQUEST, s);
                 return;
             }
         }
 
         IRequest reqs[] = null;
 
-        ///////////////////////////////////////////////
+        // /////////////////////////////////////////////
         // create request
-        ///////////////////////////////////////////////
+        // /////////////////////////////////////////////
         try {
             reqs = profile.createRequests(ctx, locale);
         } catch (EProfileException e) {
@@ -473,7 +471,7 @@ profile, IRequest req) {
             } catch (Exception ee) {
             }
             template.createFullResponseWithFailedStatus(response, seq,
-              OtherInfo.INTERNAL_CA_ERROR, s);
+                    OtherInfo.INTERNAL_CA_ERROR, s);
             return;
         } catch (Throwable e) {
             CMS.debug("ProfileSubmitCMCServlet: createRequests " + e.toString());
@@ -486,17 +484,17 @@ profile, IRequest req) {
             } catch (Exception ee) {
             }
             template.createFullResponseWithFailedStatus(response, seq,
-              OtherInfo.INTERNAL_CA_ERROR, s);
+                    OtherInfo.INTERNAL_CA_ERROR, s);
             return;
         }
 
         TaggedAttribute attr =
-          (TaggedAttribute)(context.get(OBJECT_IDENTIFIER.id_cmc_lraPOPWitness));
+                (TaggedAttribute) (context.get(OBJECT_IDENTIFIER.id_cmc_lraPOPWitness));
         if (attr != null) {
             boolean verifyAllow = true;
             try {
                 verifyAllow = CMS.getConfigStore().getBoolean(
-                  "cmc.lraPopWitness.verify.allow", true);
+                        "cmc.lraPopWitness.verify.allow", true);
             } catch (EBaseException ee) {
             }
 
@@ -505,18 +503,18 @@ profile, IRequest req) {
                 SET vals = attr.getValues();
                 if (vals.size() > 0) {
                     try {
-                        lraPop = (LraPopWitness)(ASN1Util.decode(LraPopWitness.getTemplate(),
-                          ASN1Util.encode(vals.elementAt(0))));
+                        lraPop = (LraPopWitness) (ASN1Util.decode(LraPopWitness.getTemplate(),
+                                ASN1Util.encode(vals.elementAt(0))));
                     } catch (InvalidBERException e) {
                         CMS.debug(
-                          CMS.getUserMessage(locale, "CMS_PROFILE_ENCODING_ERROR"));
+                                CMS.getUserMessage(locale, "CMS_PROFILE_ENCODING_ERROR"));
                     }
 
                     SEQUENCE bodyIds = lraPop.getBodyIds();
 
                     CMCOutputTemplate template = new CMCOutputTemplate();
                     template.createFullResponseWithFailedStatus(response, bodyIds,
-                      OtherInfo.POP_FAILED, null);
+                            OtherInfo.POP_FAILED, null);
                     return;
                 }
             }
@@ -524,53 +522,53 @@ profile, IRequest req) {
 
         // for CMC, requests may be zero. Then check if controls exist.
         if (reqs == null) {
-            Integer nums = (Integer)(context.get("numOfControls"));
+            Integer nums = (Integer) (context.get("numOfControls"));
             CMCOutputTemplate template = new CMCOutputTemplate();
             // if there is only one control GetCert, then simple response
-            // must be returned. 
+            // must be returned.
             if (nums != null && nums.intValue() == 1) {
-                TaggedAttribute attr1 = (TaggedAttribute)(context.get(OBJECT_IDENTIFIER.id_cmc_getCert));
+                TaggedAttribute attr1 = (TaggedAttribute) (context.get(OBJECT_IDENTIFIER.id_cmc_getCert));
                 if (attr1 != null) {
                     template.createSimpleResponse(response, reqs);
                 } else
-                    template.createFullResponse(response, reqs, 
-                      cert_request_type, null);
+                    template.createFullResponse(response, reqs,
+                            cert_request_type, null);
             } else
-                template.createFullResponse(response, reqs, 
-                  cert_request_type, null);
+                template.createFullResponse(response, reqs,
+                        cert_request_type, null);
             return;
         }
 
         String errorCode = null;
-        String errorReason = null; 
+        String errorReason = null;
 
-        ///////////////////////////////////////////////
+        // /////////////////////////////////////////////
         // populate request
-        ///////////////////////////////////////////////
+        // /////////////////////////////////////////////
         for (int k = 0; k < reqs.length; k++) {
             // adding parameters to request
             setInputsIntoRequest(request, profile, reqs[k]);
 
             // serial auth token into request
             if (authToken != null) {
-               Enumeration tokenNames = authToken.getElements();
-               while (tokenNames.hasMoreElements()) {
-                   String tokenName = (String)tokenNames.nextElement();
-                   String[] vals = authToken.getInStringArray(tokenName);
-                   if (vals != null) {
-                       for (int i = 0; i < vals.length; i++) {
-                           reqs[k].setExtData(ARG_AUTH_TOKEN + "." +
-                                   tokenName + "[" + i + "]", vals[i]);
-                       }
-                   } else {
-                       String val = authToken.getInString(tokenName);
-                       if (val != null) {
-                           reqs[k].setExtData(ARG_AUTH_TOKEN + "." + tokenName,
-                                   val);
-                       }
-                   }
-               }
-            }            
+                Enumeration tokenNames = authToken.getElements();
+                while (tokenNames.hasMoreElements()) {
+                    String tokenName = (String) tokenNames.nextElement();
+                    String[] vals = authToken.getInStringArray(tokenName);
+                    if (vals != null) {
+                        for (int i = 0; i < vals.length; i++) {
+                            reqs[k].setExtData(ARG_AUTH_TOKEN + "." +
+                                    tokenName + "[" + i + "]", vals[i]);
+                        }
+                    } else {
+                        String val = authToken.getInString(tokenName);
+                        if (val != null) {
+                            reqs[k].setExtData(ARG_AUTH_TOKEN + "." + tokenName,
+                                    val);
+                        }
+                    }
+                }
+            }
 
             // put profile framework parameters into the request
             reqs[k].setExtData(ARG_PROFILE, "true");
@@ -589,7 +587,7 @@ profile, IRequest req) {
                 } catch (Exception ee) {
                 }
                 template.createFullResponseWithFailedStatus(response, seq,
-                  OtherInfo.INTERNAL_CA_ERROR, s);
+                        OtherInfo.INTERNAL_CA_ERROR, s);
                 return;
             }
 
@@ -598,13 +596,13 @@ profile, IRequest req) {
             reqs[k].setExtData(ARG_PROFILE_REMOTE_HOST, request.getRemoteHost());
             reqs[k].setExtData(ARG_PROFILE_REMOTE_ADDR, request.getRemoteAddr());
 
-            CMS.debug("ProfileSubmitCMCServlet: request " + 
-                reqs[k].getRequestId().toString());
+            CMS.debug("ProfileSubmitCMCServlet: request " +
+                    reqs[k].getRequestId().toString());
 
             try {
                 CMS.debug("ProfileSubmitCMCServlet: populating request inputs");
                 // give authenticator a chance to populate the request
-                if (authenticator != null) { 
+                if (authenticator != null) {
                     authenticator.populate(authToken, reqs[k]);
                 }
                 profile.populateInput(ctx, reqs[k]);
@@ -620,12 +618,12 @@ profile, IRequest req) {
                 } catch (Exception ee) {
                 }
                 template.createFullResponseWithFailedStatus(response, seq,
-                  OtherInfo.BAD_REQUEST, s);
+                        OtherInfo.BAD_REQUEST, s);
                 return;
             } catch (Throwable e) {
                 CMS.debug("ProfileSubmitCMCServlet: populate " + e.toString());
-                //  throw new IOException("Profile " + profileId + 
-                //          " cannot populate");
+                // throw new IOException("Profile " + profileId +
+                // " cannot populate");
                 CMCOutputTemplate template = new CMCOutputTemplate();
                 SEQUENCE seq = new SEQUENCE();
                 seq.addElement(new INTEGER(0));
@@ -635,7 +633,7 @@ profile, IRequest req) {
                 } catch (Exception ee) {
                 }
                 template.createFullResponseWithFailedStatus(response, seq,
-                  OtherInfo.INTERNAL_CA_ERROR, s);
+                        OtherInfo.INTERNAL_CA_ERROR, s);
                 return;
             }
         }
@@ -647,28 +645,27 @@ profile, IRequest req) {
 
         int responseType = 0;
         try {
-            ///////////////////////////////////////////////
+            // /////////////////////////////////////////////
             // submit request
-            ///////////////////////////////////////////////
+            // /////////////////////////////////////////////
             int error_codes[] = null;
             if (reqs != null && reqs.length > 0)
-                error_codes = new int[reqs.length]; 
+                error_codes = new int[reqs.length];
             for (int k = 0; k < reqs.length; k++) {
                 try {
                     // reset the "auditRequesterID"
                     auditRequesterID = auditRequesterID(reqs[k]);
 
-
                     // print request debug
                     if (reqs[k] != null) {
-                      Enumeration reqKeys = reqs[k].getExtDataKeys();
-                      while (reqKeys.hasMoreElements()) {
-                        String reqKey = (String)reqKeys.nextElement();
-                        String reqVal = reqs[k].getExtDataInString(reqKey);
-                        if (reqVal != null) {
-                           CMS.debug("ProfileSubmitCMCServlet: key=$request." + reqKey + "$ value=" + reqVal);
+                        Enumeration reqKeys = reqs[k].getExtDataKeys();
+                        while (reqKeys.hasMoreElements()) {
+                            String reqKey = (String) reqKeys.nextElement();
+                            String reqVal = reqs[k].getExtDataInString(reqKey);
+                            if (reqVal != null) {
+                                CMS.debug("ProfileSubmitCMCServlet: key=$request." + reqKey + "$ value=" + reqVal);
+                            }
                         }
-                      }
                     }
 
                     profile.submit(authToken, reqs[k]);
@@ -698,16 +695,16 @@ profile, IRequest req) {
                     // need to notify
                     INotify notify = profile.getRequestQueue().getPendingNotify();
                     if (notify != null) {
-                       notify.notify(reqs[k]);
+                        notify.notify(reqs[k]);
                     }
-                
+
                     CMS.debug("ProfileSubmitCMCServlet: submit " + e.toString());
                     errorCode = "2";
                     errorReason = CMS.getUserMessage(locale,
                                 "CMS_PROFILE_DEFERRED",
                                 e.toString());
                 } catch (ERejectException e) {
-                    // return error to the user 
+                    // return error to the user
                     reqs[k].setRequestStatus(RequestStatus.REJECTED);
                     CMS.debug("ProfileSubmitCMCServlet: submit " + e.toString());
                     errorCode = "3";
@@ -722,7 +719,7 @@ profile, IRequest req) {
                                 "CMS_INTERNAL_ERROR");
                 }
 
-                try { 
+                try {
                     if (errorCode == null) {
                         profile.getRequestQueue().markAsServiced(reqs[k]);
                     } else {
@@ -730,7 +727,7 @@ profile, IRequest req) {
                     }
                 } catch (EBaseException e) {
                     CMS.debug("ProfileSubmitCMCServlet: updateRequest " +
-                        e.toString());
+                            e.toString());
                 }
 
                 if (errorCode != null) {
@@ -774,40 +771,40 @@ profile, IRequest req) {
                 return;
             }
 
-            ///////////////////////////////////////////////
-            // output output list 
-            ///////////////////////////////////////////////
-
-           CMS.debug("ProfileSubmitCMCServlet: done serving");
-           CMCOutputTemplate template = new CMCOutputTemplate();
-           if (cert_request_type.equals("pkcs10") || cert_request_type.equals("crmf")) {
-
-               if (outputFormat != null &&outputFormat.equals("pkcs7")) {
-                   byte[] pkcs7 = CMS.getPKCS7(locale, reqs[0]); 
-                   response.setContentType("application/pkcs7-mime");
-                   response.setContentLength(pkcs7.length);
-                   try {
-                       OutputStream os = response.getOutputStream(); 
-                       os.write(pkcs7);
-                       os.flush();
-                   } catch (Exception ee) {
-                   }
-                   return; 
-               }
-               template.createSimpleResponse(response, reqs);
-           } else if (cert_request_type.equals("cmc")) {
-               Integer nums = (Integer)(context.get("numOfControls"));
-               if (nums != null && nums.intValue() == 1) {
-                   TaggedAttribute attr1 = 
-                     (TaggedAttribute)(context.get(OBJECT_IDENTIFIER.id_cmc_getCert));
-                   if (attr1 != null) {
-                       template.createSimpleResponse(response, reqs);
-                       return;
-                   }
-               } 
-               template.createFullResponse(response, reqs, cert_request_type, 
-                   error_codes);
-           }
+            // /////////////////////////////////////////////
+            // output output list
+            // /////////////////////////////////////////////
+
+            CMS.debug("ProfileSubmitCMCServlet: done serving");
+            CMCOutputTemplate template = new CMCOutputTemplate();
+            if (cert_request_type.equals("pkcs10") || cert_request_type.equals("crmf")) {
+
+                if (outputFormat != null && outputFormat.equals("pkcs7")) {
+                    byte[] pkcs7 = CMS.getPKCS7(locale, reqs[0]);
+                    response.setContentType("application/pkcs7-mime");
+                    response.setContentLength(pkcs7.length);
+                    try {
+                        OutputStream os = response.getOutputStream();
+                        os.write(pkcs7);
+                        os.flush();
+                    } catch (Exception ee) {
+                    }
+                    return;
+                }
+                template.createSimpleResponse(response, reqs);
+            } else if (cert_request_type.equals("cmc")) {
+                Integer nums = (Integer) (context.get("numOfControls"));
+                if (nums != null && nums.intValue() == 1) {
+                    TaggedAttribute attr1 =
+                            (TaggedAttribute) (context.get(OBJECT_IDENTIFIER.id_cmc_getCert));
+                    if (attr1 != null) {
+                        template.createSimpleResponse(response, reqs);
+                        return;
+                    }
+                }
+                template.createFullResponse(response, reqs, cert_request_type,
+                        error_codes);
+            }
         } finally {
             SessionContext.releaseContext();
         }
@@ -815,11 +812,11 @@ profile, IRequest req) {
 
     /**
      * Signed Audit Log Requester ID
-     *
-     * This method is called to obtain the "RequesterID" for
-     * a signed audit log message.
+     * 
+     * This method is called to obtain the "RequesterID" for a signed audit log
+     * message.
      * <P>
-     *
+     * 
      * @param request the actual request
      * @return id string containing the signed audit log message RequesterID
      */
@@ -845,11 +842,11 @@ profile, IRequest req) {
 
     /**
      * Signed Audit Log Info Certificate Value
-     *
+     * 
      * This method is called to obtain the certificate from the passed in
      * "X509CertImpl" for a signed audit log message.
      * <P>
-     *
+     * 
      * @param request request containing an X509CertImpl
      * @return cert string containing the certificate
      */
diff --git a/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileSubmitServlet.java b/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileSubmitServlet.java
index 3f663619..9a830dbf 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileSubmitServlet.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/profile/ProfileSubmitServlet.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.servlet.profile;
 
-
 import java.math.BigInteger;
 import java.security.cert.CertificateEncodingException;
 import java.security.cert.X509Certificate;
@@ -72,10 +71,9 @@ import com.netscape.cms.servlet.common.CMSRequest;
 import com.netscape.cmsutil.util.Cert;
 import com.netscape.cmsutil.xml.XMLObject;
 
-
 /**
  * This servlet submits end-user request into the profile framework.
- *
+ * 
  * @author Christina Fu (renewal support)
  * @version $Revision$, $Date$
  */
@@ -97,34 +95,31 @@ public class ProfileSubmitServlet extends ProfileServlet {
     private String mReqType = null;
     private String mAuthorityId = null;
 
-    private final static String[]
-        SIGNED_AUDIT_AUTOMATED_REJECTION_REASON = new String[] {
-            
-            /* 0 */ "automated profile cert request rejection:  "
+    private final static String[] SIGNED_AUDIT_AUTOMATED_REJECTION_REASON = new String[] {
+
+    /* 0 */"automated profile cert request rejection:  "
             + "indeterminate reason for inability to process "
             + "cert request due to an EBaseException"
         };
     private final static String LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED =
-        "LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED_5";
-
-
-     private final static String LOGGING_SIGNED_AUDIT_AUTH_FAIL =
-        "LOGGING_SIGNED_AUDIT_AUTH_FAIL_4";
-     private final static String LOGGING_SIGNED_AUDIT_AUTH_SUCCESS =
-        "LOGGING_SIGNED_AUDIT_AUTH_SUCCESS_3";
+            "LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED_5";
 
+    private final static String LOGGING_SIGNED_AUDIT_AUTH_FAIL =
+            "LOGGING_SIGNED_AUDIT_AUTH_FAIL_4";
+    private final static String LOGGING_SIGNED_AUDIT_AUTH_SUCCESS =
+            "LOGGING_SIGNED_AUDIT_AUTH_SUCCESS_3";
 
     public ProfileSubmitServlet() {
     }
 
     /**
-     * initialize the servlet. And instance of this servlet can 
-     * be set up to always issue certificates against a certain profile
-     * by setting the 'profileId' configuration in the servletConfig
-     * If not, the user must specify the profileID when submitting the request
+     * initialize the servlet. And instance of this servlet can be set up to
+     * always issue certificates against a certain profile by setting the
+     * 'profileId' configuration in the servletConfig If not, the user must
+     * specify the profileID when submitting the request
      * 
      * "ImportCert.template" to process the response.
-     *
+     * 
      * @param sc servlet configuration, read from the web.xml file
      */
     public void init(ServletConfig sc) throws ServletException {
@@ -146,7 +141,8 @@ public class ProfileSubmitServlet extends ProfileServlet {
                 while (inputNames.hasMoreElements()) {
                     String inputName = (String) inputNames.nextElement();
                     if (request.getParameter(inputName) != null) {
-                        // all subject name parameters start with sn_, no other input parameters do
+                        // all subject name parameters start with sn_, no other
+                        // input parameters do
                         if (inputName.matches("^sn_.*")) {
                             ctx.set(inputName, escapeValueRfc1779(request.getParameter(inputName), false).toString());
                         } else {
@@ -159,10 +155,9 @@ public class ProfileSubmitServlet extends ProfileServlet {
 
     }
 
-    /* 
-     * fill input info from "request" to context.
-     * This is expected to be used by renewal where the request
-     * is retrieved from request record
+    /*
+     * fill input info from "request" to context. This is expected to be used by
+     * renewal where the request is retrieved from request record
      */
     private void setInputsIntoContext(IRequest request, IProfile profile, IProfileContext ctx, Locale locale) {
         // passing inputs into context
@@ -185,7 +180,7 @@ public class ProfileSubmitServlet extends ProfileServlet {
                     }
 
                     if (inputValue != null) {
-                        CMS.debug("ProfileSubmitServlet: setInputsIntoContext() setting value in ctx:"+ inputValue);
+                        CMS.debug("ProfileSubmitServlet: setInputsIntoContext() setting value in ctx:" + inputValue);
                         ctx.set(inputName, inputValue);
                     } else {
                         CMS.debug("ProfileSubmitServlet: setInputsIntoContext() value null");
@@ -196,8 +191,6 @@ public class ProfileSubmitServlet extends ProfileServlet {
 
     }
 
-
-
     private void setCredentialsIntoContext(HttpServletRequest request, IProfileAuthenticator authenticator, IProfileContext ctx) {
         Enumeration<String> authIds = authenticator.getValueNames();
 
@@ -206,8 +199,8 @@ public class ProfileSubmitServlet extends ProfileServlet {
             while (authIds.hasMoreElements()) {
                 String authName = (String) authIds.nextElement();
 
-                CMS.debug("ProfileSubmitServlet:setCredentialsIntoContext() authName:"+
-                      authName);
+                CMS.debug("ProfileSubmitServlet:setCredentialsIntoContext() authName:" +
+                        authName);
                 if (request.getParameter(authName) != null) {
                     CMS.debug("ProfileSubmitServlet:setCredentialsIntoContext() authName found in request");
                     ctx.set(authName, request.getParameter(authName));
@@ -232,7 +225,7 @@ public class ProfileSubmitServlet extends ProfileServlet {
             String n = t.substring(0, i);
             if (n.equalsIgnoreCase("uid")) {
                 String v = t.substring(i + 1);
-                CMS.debug("ProfileSubmitServlet:: getUidFromDN(): uid found:"+v);
+                CMS.debug("ProfileSubmitServlet:: getUidFromDN(): uid found:" + v);
                 return v;
             } else {
                 continue;
@@ -242,70 +235,70 @@ public class ProfileSubmitServlet extends ProfileServlet {
     }
 
     /*
-     *   authenticate for renewal - more to add necessary params/values
-     *   to the session context
+     * authenticate for renewal - more to add necessary params/values to the
+     * session context
      */
     public IAuthToken authenticate(IProfileAuthenticator authenticator,
-        HttpServletRequest request, IRequest origReq, SessionContext context)
-          throws EBaseException {
-                IAuthToken authToken = authenticate(authenticator, request);
-                // For renewal, fill in necessary params
-                if (authToken!= null) {
-                  String ouid = origReq.getExtDataInString("auth_token.uid");
-                  // if the orig cert was manually approved, then there was
-                  // no auth token uid.  Try to get the uid from the cert dn
-                  // itself, if possible
-                  if (ouid == null) {
-                      String sdn = (String) context.get("origSubjectDN");
-                      if (sdn != null) {
-                        ouid = getUidFromDN(sdn);
-                        if (ouid != null)
-                          CMS.debug("ProfileSubmitServlet: renewal: authToken original uid not found");
-                      }
-                  } else {
-                      CMS.debug("ProfileSubmitServlet: renewal: authToken original uid found in orig request auth_token");
-                  }
-                  String auid = authToken.getInString("uid");
-                  if (auid != null) { // not through ssl client auth
-                    CMS.debug("ProfileSubmitServlet: renewal: authToken uid found:"+auid);
-                    // authenticated with uid
-                    // put "orig_req.auth_token.uid" so that authz with
-                    // UserOrigReqAccessEvaluator will work
-                    if (ouid != null) {
-                      context.put("orig_req.auth_token.uid", ouid); 
-                      CMS.debug("ProfileSubmitServlet: renewal: authToken original uid found:"+ouid);
-                    } else {
-                      CMS.debug("ProfileSubmitServlet: renewal: authToken original uid not found");
-                    }
-                  } else { // through ssl client auth?
-                    CMS.debug("ProfileSubmitServlet: renewal: authToken uid not found:");
-                    // put in orig_req's uid
-                    if (ouid != null) {
-                      CMS.debug("ProfileSubmitServlet: renewal: origReq uid not null:" +ouid+". Setting authtoken");
-                      authToken.set("uid", ouid);
-                      context.put(SessionContext.USER_ID, ouid); 
-                    } else {
-                      CMS.debug("ProfileSubmitServlet: renewal: origReq uid not found");
-//                      throw new EBaseException("origReq uid not found");
-                    }
-                  }
-
-                  String userdn = origReq.getExtDataInString("auth_token.userdn");
-                  if (userdn != null) {
-                      CMS.debug("ProfileSubmitServlet: renewal: origReq userdn not null:"+userdn+". Setting authtoken");
-                      authToken.set("userdn", userdn);
-                  } else {
-                      CMS.debug("ProfileSubmitServlet: renewal: origReq userdn not found");
-//                      throw new EBaseException("origReq userdn not found");
-                  }
+            HttpServletRequest request, IRequest origReq, SessionContext context)
+            throws EBaseException {
+        IAuthToken authToken = authenticate(authenticator, request);
+        // For renewal, fill in necessary params
+        if (authToken != null) {
+            String ouid = origReq.getExtDataInString("auth_token.uid");
+            // if the orig cert was manually approved, then there was
+            // no auth token uid. Try to get the uid from the cert dn
+            // itself, if possible
+            if (ouid == null) {
+                String sdn = (String) context.get("origSubjectDN");
+                if (sdn != null) {
+                    ouid = getUidFromDN(sdn);
+                    if (ouid != null)
+                        CMS.debug("ProfileSubmitServlet: renewal: authToken original uid not found");
+                }
+            } else {
+                CMS.debug("ProfileSubmitServlet: renewal: authToken original uid found in orig request auth_token");
+            }
+            String auid = authToken.getInString("uid");
+            if (auid != null) { // not through ssl client auth
+                CMS.debug("ProfileSubmitServlet: renewal: authToken uid found:" + auid);
+                // authenticated with uid
+                // put "orig_req.auth_token.uid" so that authz with
+                // UserOrigReqAccessEvaluator will work
+                if (ouid != null) {
+                    context.put("orig_req.auth_token.uid", ouid);
+                    CMS.debug("ProfileSubmitServlet: renewal: authToken original uid found:" + ouid);
+                } else {
+                    CMS.debug("ProfileSubmitServlet: renewal: authToken original uid not found");
+                }
+            } else { // through ssl client auth?
+                CMS.debug("ProfileSubmitServlet: renewal: authToken uid not found:");
+                // put in orig_req's uid
+                if (ouid != null) {
+                    CMS.debug("ProfileSubmitServlet: renewal: origReq uid not null:" + ouid + ". Setting authtoken");
+                    authToken.set("uid", ouid);
+                    context.put(SessionContext.USER_ID, ouid);
                 } else {
-                      CMS.debug("ProfileSubmitServlet: renewal: authToken null");
+                    CMS.debug("ProfileSubmitServlet: renewal: origReq uid not found");
+                    // throw new EBaseException("origReq uid not found");
                 }
-            return authToken;
+            }
+
+            String userdn = origReq.getExtDataInString("auth_token.userdn");
+            if (userdn != null) {
+                CMS.debug("ProfileSubmitServlet: renewal: origReq userdn not null:" + userdn + ". Setting authtoken");
+                authToken.set("userdn", userdn);
+            } else {
+                CMS.debug("ProfileSubmitServlet: renewal: origReq userdn not found");
+                // throw new EBaseException("origReq userdn not found");
+            }
+        } else {
+            CMS.debug("ProfileSubmitServlet: renewal: authToken null");
+        }
+        return authToken;
     }
 
     public IAuthToken authenticate(IProfileAuthenticator authenticator,
-        HttpServletRequest request)  throws EBaseException {
+            HttpServletRequest request) throws EBaseException {
         AuthCredentials credentials = new AuthCredentials();
 
         // build credential
@@ -323,12 +316,12 @@ public class ProfileSubmitServlet extends ProfileServlet {
         IAuthToken authToken = authenticator.authenticate(credentials);
 
         SessionContext sc = SessionContext.getContext();
-        if (sc != null) { 
-          sc.put(SessionContext.AUTH_MANAGER_ID, authenticator.getName()); 
-          String userid = authToken.getInString(IAuthToken.USER_ID);
-          if (userid != null) { 
-            sc.put(SessionContext.USER_ID, userid); 
-          }
+        if (sc != null) {
+            sc.put(SessionContext.AUTH_MANAGER_ID, authenticator.getName());
+            String userid = authToken.getInString(IAuthToken.USER_ID);
+            if (userid != null) {
+                sc.put(SessionContext.USER_ID, userid);
+            }
         }
 
         return authToken;
@@ -348,7 +341,8 @@ public class ProfileSubmitServlet extends ProfileServlet {
                         String inputName = (String) inputNames.nextElement();
 
                         if (request.getParameter(inputName) != null) {
-                            // special characters in subject names parameters must be escaped
+                            // special characters in subject names parameters
+                            // must be escaped
                             if (inputName.matches("^sn_.*")) {
                                 req.setExtData(inputName, escapeValueRfc1779(request.getParameter(inputName), false).toString());
                             } else {
@@ -361,10 +355,9 @@ public class ProfileSubmitServlet extends ProfileServlet {
         }
     }
 
-    /* 
-     * fill input info from orig request to the renew request.
-     * This is expected to be used by renewal where the request
-     * is retrieved from request record
+    /*
+     * fill input info from orig request to the renew request. This is expected
+     * to be used by renewal where the request is retrieved from request record
      */
     private void setInputsIntoRequest(IRequest request, IProfile profile, IRequest req, Locale locale) {
         // passing inputs into request
@@ -387,7 +380,7 @@ public class ProfileSubmitServlet extends ProfileServlet {
                     }
 
                     if (inputValue != null) {
-                        CMS.debug("ProfileSubmitServlet: setInputsIntoRequest() setting value in ctx:"+ inputValue);
+                        CMS.debug("ProfileSubmitServlet: setInputsIntoRequest() setting value in ctx:" + inputValue);
                         req.setExtData(inputName, inputValue);
                     } else {
                         CMS.debug("ProfileSubmitServlet: setInputsIntoRequest() value null");
@@ -412,8 +405,8 @@ public class ProfileSubmitServlet extends ProfileServlet {
                     while (outputNames.hasMoreElements()) {
                         ArgSet outputset = new ArgSet();
                         String outputName = (String) outputNames.nextElement();
-                        IDescriptor outputDesc = 
-                            profileOutput.getValueDescriptor(locale, outputName);
+                        IDescriptor outputDesc =
+                                profileOutput.getValueDescriptor(locale, outputName);
 
                         if (outputDesc == null)
                             continue;
@@ -423,7 +416,7 @@ public class ProfileSubmitServlet extends ProfileServlet {
                         String outputValue = null;
 
                         try {
-                            outputValue = profileOutput.getValue(outputName, 
+                            outputValue = profileOutput.getValue(outputName,
                                         locale, req);
                         } catch (EProfileException e) {
                             CMS.debug("ProfileSubmitServlet: " + e.toString());
@@ -446,7 +439,7 @@ public class ProfileSubmitServlet extends ProfileServlet {
      * <P>
      * 
      * (Certificate Request Processed - either an automated "EE" profile based
-     *  cert acceptance, or an automated "EE" profile based cert rejection)
+     * cert acceptance, or an automated "EE" profile based cert rejection)
      * <P>
      * 
      * <ul>
@@ -454,6 +447,7 @@ public class ProfileSubmitServlet extends ProfileServlet {
      * <li>signed.audit LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED used when a
      * certificate request has just been through the approval process
      * </ul>
+     * 
      * @param cmsReq the object holding the request and response information
      * @exception EBaseException an error has occurred
      */
@@ -476,9 +470,9 @@ public class ProfileSubmitServlet extends ProfileServlet {
             CMS.debug("xmlOutput false");
         }
 
-        IStatsSubsystem statsSub = (IStatsSubsystem)CMS.getSubsystem("stats");
+        IStatsSubsystem statsSub = (IStatsSubsystem) CMS.getSubsystem("stats");
         if (statsSub != null) {
-          statsSub.startTiming("enrollment", true /* main action */);
+            statsSub.startTiming("enrollment", true /* main action */);
         }
 
         long startTime = CMS.getCurrentDate().getTime();
@@ -488,34 +482,34 @@ public class ProfileSubmitServlet extends ProfileServlet {
         if (CMS.debugOn()) {
             CMS.debug("Start of ProfileSubmitServlet Input Parameters");
             @SuppressWarnings("unchecked")
-			Enumeration<String> paramNames = request.getParameterNames();
+            Enumeration<String> paramNames = request.getParameterNames();
 
             while (paramNames.hasMoreElements()) {
                 String paramName = paramNames.nextElement();
                 // added this facility so that password can be hidden,
-                // all sensitive parameters should be prefixed with 
+                // all sensitive parameters should be prefixed with
                 // __ (double underscores); however, in the event that
                 // a security parameter slips through, we perform multiple
                 // additional checks to insure that it is NOT displayed
-                if( paramName.startsWith("__")                         ||
-                    paramName.endsWith("password")                     ||
-                    paramName.endsWith("passwd")                       ||
-                    paramName.endsWith("pwd")                          ||
-                    paramName.equalsIgnoreCase("admin_password_again") ||
-                    paramName.equalsIgnoreCase("directoryManagerPwd")  ||
-                    paramName.equalsIgnoreCase("bindpassword")         ||
-                    paramName.equalsIgnoreCase("bindpwd")              ||
-                    paramName.equalsIgnoreCase("passwd")               ||
-                    paramName.equalsIgnoreCase("password")             ||
-                    paramName.equalsIgnoreCase("pin")                  ||
-                    paramName.equalsIgnoreCase("pwd")                  ||
-                    paramName.equalsIgnoreCase("pwdagain")             ||
-                    paramName.equalsIgnoreCase("uPasswd") ) {
+                if (paramName.startsWith("__") ||
+                        paramName.endsWith("password") ||
+                        paramName.endsWith("passwd") ||
+                        paramName.endsWith("pwd") ||
+                        paramName.equalsIgnoreCase("admin_password_again") ||
+                        paramName.equalsIgnoreCase("directoryManagerPwd") ||
+                        paramName.equalsIgnoreCase("bindpassword") ||
+                        paramName.equalsIgnoreCase("bindpwd") ||
+                        paramName.equalsIgnoreCase("passwd") ||
+                        paramName.equalsIgnoreCase("password") ||
+                        paramName.equalsIgnoreCase("pin") ||
+                        paramName.equalsIgnoreCase("pwd") ||
+                        paramName.equalsIgnoreCase("pwdagain") ||
+                        paramName.equalsIgnoreCase("uPasswd")) {
                     CMS.debug("ProfileSubmitServlet Input Parameter " +
                               paramName + "='(sensitive)'");
                 } else {
                     CMS.debug("ProfileSubmitServlet Input Parameter " +
-                              paramName + "='" + 
+                              paramName + "='" +
                               request.getParameter(paramName) + "'");
                 }
             }
@@ -528,44 +522,42 @@ public class ProfileSubmitServlet extends ProfileServlet {
             mProfileSubId = IProfileSubsystem.ID;
         }
         CMS.debug("ProfileSubmitServlet: SubId=" + mProfileSubId);
-        IProfileSubsystem ps = (IProfileSubsystem) 
-            CMS.getSubsystem(mProfileSubId); 
+        IProfileSubsystem ps = (IProfileSubsystem)
+                CMS.getSubsystem(mProfileSubId);
 
         if (ps == null) {
             CMS.debug("ProfileSubmitServlet: ProfileSubsystem not found");
             if (xmlOutput) {
                 outputError(response, CMS.getUserMessage(locale,
-                  "CMS_INTERNAL_ERROR"));
+                        "CMS_INTERNAL_ERROR"));
             } else {
                 args.set(ARG_ERROR_CODE, "1");
                 args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale,
-                    "CMS_INTERNAL_ERROR"));
+                        "CMS_INTERNAL_ERROR"));
                 outputTemplate(request, response, args);
             }
             if (statsSub != null) {
-              statsSub.endTiming("enrollment");
+                statsSub.endTiming("enrollment");
             }
             return;
         }
 
         /*
          * Renewal - Renewal is retrofitted into the Profile Enrollment
-         * Framework.  The authentication and authorization are taken from
-         * the renewal profile, while the input (with requests)  and grace
-         * period constraint are taken from the original cert's request record.
+         * Framework. The authentication and authorization are taken from the
+         * renewal profile, while the input (with requests) and grace period
+         * constraint are taken from the original cert's request record.
          * 
-         * Things to note:
-         * * the renew request will contain the original profile instead
-         *   of the new
-         * * there is no request for system and admin certs generated at
-         *   time of installation configuration.
+         * Things to note: * the renew request will contain the original profile
+         * instead of the new * there is no request for system and admin certs
+         * generated at time of installation configuration.
          */
         String renewal = request.getParameter("renewal");
         boolean isRenewal = false;
-        if ((renewal!= null) && (renewal.equalsIgnoreCase("true"))) {
+        if ((renewal != null) && (renewal.equalsIgnoreCase("true"))) {
             CMS.debug("ProfileSubmitServlet: isRenewal true");
             isRenewal = true;
-            request.setAttribute("reqType", (Object)"renewal");
+            request.setAttribute("reqType", (Object) "renewal");
         } else {
             CMS.debug("ProfileSubmitServlet: isRenewal false");
         }
@@ -593,11 +585,11 @@ public class ProfileSubmitServlet extends ProfileServlet {
         if (isRenewal) {
             // dig up the original request to "clone"
             renewProfileId = profileId;
-            CMS.debug("ProfileSubmitServlet: renewProfileId ="+renewProfileId);
+            CMS.debug("ProfileSubmitServlet: renewProfileId =" + renewProfileId);
             IAuthority authority = (IAuthority) CMS.getSubsystem(mAuthorityId);
             if (authority == null) {
                 CMS.debug("ProfileSubmitServlet: renewal: Authority " + mAuthorityId +
-                    " not found");
+                        " not found");
                 args.set(ARG_ERROR_CODE, "1");
                 args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale,
                         "CMS_INTERNAL_ERROR"));
@@ -608,7 +600,7 @@ public class ProfileSubmitServlet extends ProfileServlet {
 
             if (queue == null) {
                 CMS.debug("ProfileSubmitServlet: renewal: Request Queue of " +
-                    mAuthorityId + " not found");
+                        mAuthorityId + " not found");
                 args.set(ARG_ERROR_CODE, "1");
                 args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale,
                         "CMS_INTERNAL_ERROR"));
@@ -619,7 +611,7 @@ public class ProfileSubmitServlet extends ProfileServlet {
             String serial = request.getParameter("serial_num");
             BigInteger certSerial = null;
             // if serial number is sent with request, then the authentication
-            // method is not ssl client auth.  In this case, an alternative 
+            // method is not ssl client auth. In this case, an alternative
             // authentication method is used (default: ldap based)
             if (serial != null) {
                 CMS.debug("ProfileSubmitServlet: renewal: found serial_num");
@@ -638,7 +630,7 @@ public class ProfileSubmitServlet extends ProfileServlet {
                     CMS.debug("ProfileSubmitServlet: renewal: no ssl client cert chain");
                     args.set(ARG_ERROR_CODE, "1");
                     args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale,
-                        "CMS_INTERNAL_ERROR"));
+                            "CMS_INTERNAL_ERROR"));
                     outputTemplate(request, response, args);
                     return;
                 } else { // has ssl client cert
@@ -646,45 +638,45 @@ public class ProfileSubmitServlet extends ProfileServlet {
                     // shouldn't expect leaf cert to be always at the
                     // same location
                     X509Certificate clientCert = null;
-                    for (int i = 0; i< certs.length; i++) {
+                    for (int i = 0; i < certs.length; i++) {
                         clientCert = certs[i];
-                        byte [] extBytes = clientCert.getExtensionValue("2.5.29.19");
+                        byte[] extBytes = clientCert.getExtensionValue("2.5.29.19");
                         // try to see if this is a leaf cert
                         // look for BasicConstraint extension
                         if (extBytes == null) {
                             // found leaf cert
-                    CMS.debug("ProfileSubmitServlet: renewal: found leaf cert");
+                            CMS.debug("ProfileSubmitServlet: renewal: found leaf cert");
                             break;
                         } else {
-                          CMS.debug("ProfileSubmitServlet: renewal: found cert having BasicConstraints ext");
-                          // it's got BasicConstraints extension
-                          // so it's not likely to be a leaf cert,
-                          // however, check the isCA field regardless
-                          try {
-                            BasicConstraintsExtension bce =
-                              new BasicConstraintsExtension(true, extBytes);
-                            if (bce != null) {
-                                if (!(Boolean)bce.get("is_ca")) {
-                    CMS.debug("ProfileSubmitServlet: renewal: found CA cert in chain");
-                                  break;
-                                } // else found a ca cert, continue
-                            }
-                          } catch (Exception e) {
-                    CMS.debug("ProfileSubmitServlet: renewal: exception:"+
+                            CMS.debug("ProfileSubmitServlet: renewal: found cert having BasicConstraints ext");
+                            // it's got BasicConstraints extension
+                            // so it's not likely to be a leaf cert,
+                            // however, check the isCA field regardless
+                            try {
+                                BasicConstraintsExtension bce =
+                                        new BasicConstraintsExtension(true, extBytes);
+                                if (bce != null) {
+                                    if (!(Boolean) bce.get("is_ca")) {
+                                        CMS.debug("ProfileSubmitServlet: renewal: found CA cert in chain");
+                                        break;
+                                    } // else found a ca cert, continue
+                                }
+                            } catch (Exception e) {
+                                CMS.debug("ProfileSubmitServlet: renewal: exception:" +
                                         e.toString());
-                               args.set(ARG_ERROR_CODE, "1");
-                               args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale,
-                                   "CMS_INTERNAL_ERROR"));
-                               outputTemplate(request, response, args);
-                               return;
-                          }
+                                args.set(ARG_ERROR_CODE, "1");
+                                args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale,
+                                        "CMS_INTERNAL_ERROR"));
+                                outputTemplate(request, response, args);
+                                return;
+                            }
                         }
                     }
                     if (clientCert == null) {
                         CMS.debug("ProfileSubmitServlet: renewal: no client cert in chain");
                         args.set(ARG_ERROR_CODE, "1");
                         args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale,
-                            "CMS_INTERNAL_ERROR"));
+                                "CMS_INTERNAL_ERROR"));
                         outputTemplate(request, response, args);
                         return;
                     }
@@ -694,10 +686,10 @@ public class ProfileSubmitServlet extends ProfileServlet {
 
                         clientCert = new X509CertImpl(certEncoded);
                     } catch (Exception e) {
-                        CMS.debug("ProfileSubmitServlet: renewal: exception:"+e.toString());
+                        CMS.debug("ProfileSubmitServlet: renewal: exception:" + e.toString());
                         args.set(ARG_ERROR_CODE, "1");
                         args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale,
-                            "CMS_INTERNAL_ERROR"));
+                                "CMS_INTERNAL_ERROR"));
                         outputTemplate(request, response, args);
                         return;
                     }
@@ -706,7 +698,7 @@ public class ProfileSubmitServlet extends ProfileServlet {
                 }
             }
 
-            CMS.debug("ProfileSubmitServlet: renewal: serial number of cert to renew:"+ certSerial.toString());
+            CMS.debug("ProfileSubmitServlet: renewal: serial number of cert to renew:" + certSerial.toString());
 
             try {
                 ICertificateRepository certDB = null;
@@ -716,28 +708,28 @@ public class ProfileSubmitServlet extends ProfileServlet {
                 if (certDB == null) {
                     args.set(ARG_ERROR_CODE, "1");
                     args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale,
-                        "CMS_INTERNAL_ERROR"));
+                            "CMS_INTERNAL_ERROR"));
                     outputTemplate(request, response, args);
                     return;
                 }
                 ICertRecord rec = (ICertRecord) certDB.readCertificateRecord(certSerial);
-                if (rec == null)  {
-                    CMS.debug("ProfileSubmitServlet: renewal cert record not found for serial number "+ certSerial.toString());
+                if (rec == null) {
+                    CMS.debug("ProfileSubmitServlet: renewal cert record not found for serial number " + certSerial.toString());
                     args.set(ARG_ERROR_CODE, "1");
                     args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale,
-                        "CMS_INTERNAL_ERROR"));
+                            "CMS_INTERNAL_ERROR"));
                     outputTemplate(request, response, args);
                     return;
                 } else {
-                    CMS.debug("ProfileSubmitServlet: renewal cert record found for serial number:"+ certSerial.toString());
+                    CMS.debug("ProfileSubmitServlet: renewal cert record found for serial number:" + certSerial.toString());
                     // check to see if the cert is revoked or revoked_expired
                     if ((rec.getStatus().equals(ICertRecord.STATUS_REVOKED)) || (rec.getStatus().equals(ICertRecord.STATUS_REVOKED_EXPIRED))) {
-                      CMS.debug("ProfileSubmitServlet: renewal cert found to be revoked. Serial number = "+ certSerial.toString());
-                      args.set(ARG_ERROR_CODE, "1");
-                      args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale,
-                          "CMS_CA_CANNOT_RENEW_REVOKED_CERT", certSerial.toString()));
-                      outputTemplate(request, response, args);
-                      return;
+                        CMS.debug("ProfileSubmitServlet: renewal cert found to be revoked. Serial number = " + certSerial.toString());
+                        args.set(ARG_ERROR_CODE, "1");
+                        args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale,
+                                "CMS_CA_CANNOT_RENEW_REVOKED_CERT", certSerial.toString()));
+                        outputTemplate(request, response, args);
+                        return;
                     }
                     MetaInfo metaInfo = (MetaInfo) rec.get(ICertRecord.ATTR_META_INFO);
                     // note: CA's internal certs don't have request ids
@@ -748,54 +740,56 @@ public class ProfileSubmitServlet extends ProfileServlet {
                         if (rid != null) {
                             origReq = queue.findRequest(new RequestId(rid));
                             if (origReq != null) {
-                                CMS.debug("ProfileSubmitServlet: renewal: found original enrollment request id:"+ rid);
+                                CMS.debug("ProfileSubmitServlet: renewal: found original enrollment request id:" + rid);
                                 // debug: print the extData keys
                                 Enumeration<String> en = origReq.getExtDataKeys();
-/*
-                                CMS.debug("ProfileSubmitServlet: renewal: origRequest extdata key print BEGINS");
-                                while (en.hasMoreElements()) {
-                                  String next = (String) en.nextElement();
-                                  CMS.debug("ProfileSubmitServlet: renewal: origRequest extdata key:"+ next);
-                                }
-                                CMS.debug("ProfileSubmitServlet: renewal: origRequest extdata key print ENDS");
-*/
+                                /*
+                                 * CMS.debug(
+                                 * "ProfileSubmitServlet: renewal: origRequest extdata key print BEGINS"
+                                 * ); while (en.hasMoreElements()) { String next
+                                 * = (String) en.nextElement(); CMS.debug(
+                                 * "ProfileSubmitServlet: renewal: origRequest extdata key:"
+                                 * + next); } CMS.debug(
+                                 * "ProfileSubmitServlet: renewal: origRequest extdata key print ENDS"
+                                 * );
+                                 */
                                 String requestorE = origReq.getExtDataInString("requestor_email");
-                                CMS.debug("ProfileSubmitServlet: renewal original requestor email="+requestorE);
+                                CMS.debug("ProfileSubmitServlet: renewal original requestor email=" + requestorE);
                                 profileId = origReq.getExtDataInString("profileId");
                                 if (profileId != null)
-                                  CMS.debug("ProfileSubmitServlet: renewal original profileId="+profileId);
+                                    CMS.debug("ProfileSubmitServlet: renewal original profileId=" + profileId);
                                 else {
-                                  CMS.debug("ProfileSubmitServlet: renewal original profileId not found");
-                                  args.set(ARG_ERROR_CODE, "1");
-                                  args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale,
-                                    "CMS_INTERNAL_ERROR"));
-                                  outputTemplate(request, response, args);
-                                  return;
+                                    CMS.debug("ProfileSubmitServlet: renewal original profileId not found");
+                                    args.set(ARG_ERROR_CODE, "1");
+                                    args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale,
+                                            "CMS_INTERNAL_ERROR"));
+                                    outputTemplate(request, response, args);
+                                    return;
                                 }
                                 origSeqNum = origReq.getExtDataInInteger(IEnrollProfile.REQUEST_SEQ_NUM);
-                                
-                            } else { //if origReq
-                                CMS.debug("ProfileSubmitServlet: renewal original request not found for request id "+ rid);
+
+                            } else { // if origReq
+                                CMS.debug("ProfileSubmitServlet: renewal original request not found for request id " + rid);
                                 args.set(ARG_ERROR_CODE, "1");
                                 args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale,
-                                    "CMS_INTERNAL_ERROR"));
+                                        "CMS_INTERNAL_ERROR"));
                                 outputTemplate(request, response, args);
                                 return;
                             }
                         } else {
-                          CMS.debug("ProfileSubmitServlet: renewal: cert record locating request id in MetaInfo failed for serial number "+ certSerial.toString());
-                          CMS.debug("ProfileSubmitServlet: renewal: cert may be bootstrapped system cert during installation/configuration - no request record exists");
-                          args.set(ARG_ERROR_CODE, "1");
-                          args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale,
-                            "CMS_INTERNAL_ERROR"+": original request not found"));
-                          outputTemplate(request, response, args);
-                          return;
+                            CMS.debug("ProfileSubmitServlet: renewal: cert record locating request id in MetaInfo failed for serial number " + certSerial.toString());
+                            CMS.debug("ProfileSubmitServlet: renewal: cert may be bootstrapped system cert during installation/configuration - no request record exists");
+                            args.set(ARG_ERROR_CODE, "1");
+                            args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale,
+                                    "CMS_INTERNAL_ERROR" + ": original request not found"));
+                            outputTemplate(request, response, args);
+                            return;
                         }
                     } else {
-                        CMS.debug("ProfileSubmitServlet: renewal: cert record locating MetaInfo failed for serial number "+ certSerial.toString());
+                        CMS.debug("ProfileSubmitServlet: renewal: cert record locating MetaInfo failed for serial number " + certSerial.toString());
                         args.set(ARG_ERROR_CODE, "1");
                         args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale,
-                            "CMS_INTERNAL_ERROR"));
+                                "CMS_INTERNAL_ERROR"));
                         outputTemplate(request, response, args);
                         return;
                     }
@@ -803,96 +797,96 @@ public class ProfileSubmitServlet extends ProfileServlet {
                     CMS.debug("ProfileSubmitServlet: renewal: before getting origNotAfter");
                     X509CertImpl origCert = rec.getCertificate();
                     origNotAfter = origCert.getNotAfter();
-                    CMS.debug("ProfileSubmitServlet: renewal: origNotAfter ="+
-                        origNotAfter.toString());
+                    CMS.debug("ProfileSubmitServlet: renewal: origNotAfter =" +
+                            origNotAfter.toString());
                     origSubjectDN = origCert.getSubjectDN().getName();
-                    CMS.debug("ProfileSubmitServlet: renewal: orig subj dn ="+
-                        origSubjectDN);
+                    CMS.debug("ProfileSubmitServlet: renewal: orig subj dn =" +
+                            origSubjectDN);
                 }
             } catch (Exception e) {
-                CMS.debug("ProfileSubmitServlet: renewal: exception:"+e.toString());
+                CMS.debug("ProfileSubmitServlet: renewal: exception:" + e.toString());
                 args.set(ARG_ERROR_CODE, "1");
                 args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale,
-                    "CMS_INTERNAL_ERROR"));
+                        "CMS_INTERNAL_ERROR"));
                 outputTemplate(request, response, args);
                 return;
             }
         } // end isRenewal
 
-        IProfile profile = null; 
+        IProfile profile = null;
         IProfile renewProfile = null;
 
-        try { 
-            profile = ps.getProfile(profileId); 
+        try {
+            profile = ps.getProfile(profileId);
             if (isRenewal) {
                 // in case of renew, "profile" is the orig profile
                 // while "renewProfile" is the current profile used for renewal
-                renewProfile = ps.getProfile(renewProfileId); 
+                renewProfile = ps.getProfile(renewProfileId);
             }
-        } catch (EProfileException e) { 
-            if(profile == null) {
-                CMS.debug("ProfileSubmitServlet: profile not found profileId " + 
-                    profileId + " " + e.toString());
+        } catch (EProfileException e) {
+            if (profile == null) {
+                CMS.debug("ProfileSubmitServlet: profile not found profileId " +
+                        profileId + " " + e.toString());
             }
             if (renewProfile == null) {
                 CMS.debug("ProfileSubmitServlet: profile not found renewProfileId " +
-                    renewProfileId + " " + e.toString());
+                        renewProfileId + " " + e.toString());
             }
         }
         if (profile == null) {
             if (xmlOutput) {
-                outputError(response, CMS.getUserMessage(locale,"CMS_PROFILE_NOT_FOUND", profileId));
+                outputError(response, CMS.getUserMessage(locale, "CMS_PROFILE_NOT_FOUND", profileId));
             } else {
                 args.set(ARG_ERROR_CODE, "1");
                 args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale,
-                    "CMS_PROFILE_NOT_FOUND", profileId));
+                        "CMS_PROFILE_NOT_FOUND", profileId));
                 outputTemplate(request, response, args);
             }
             return;
         }
         if (isRenewal && (renewProfile == null)) {
             if (xmlOutput) {
-                outputError(response, CMS.getUserMessage(locale,"CMS_PROFILE_NOT_FOUND", renewProfileId));
+                outputError(response, CMS.getUserMessage(locale, "CMS_PROFILE_NOT_FOUND", renewProfileId));
             } else {
                 args.set(ARG_ERROR_CODE, "1");
                 args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale,
-                    "CMS_PROFILE_NOT_FOUND", renewProfileId));
+                        "CMS_PROFILE_NOT_FOUND", renewProfileId));
                 outputTemplate(request, response, args);
             }
             return;
         }
 
         if (!ps.isProfileEnable(profileId)) {
-            CMS.debug("ProfileSubmitServlet: Profile " + profileId + 
-                " not enabled");
+            CMS.debug("ProfileSubmitServlet: Profile " + profileId +
+                    " not enabled");
             if (xmlOutput) {
                 outputError(response, CMS.getUserMessage(locale, "CMS_PROFILE_NOT_FOUND", profileId));
             } else {
                 args.set(ARG_ERROR_CODE, "1");
                 args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale,
-                    "CMS_PROFILE_NOT_FOUND", profileId));
+                        "CMS_PROFILE_NOT_FOUND", profileId));
                 outputTemplate(request, response, args);
             }
             if (statsSub != null) {
-              statsSub.endTiming("enrollment");
+                statsSub.endTiming("enrollment");
             }
             return;
         }
 
         if (isRenewal) {
-          if (!ps.isProfileEnable(renewProfileId)) {
-            CMS.debug("ProfileSubmitServlet: renewal Profile " + renewProfileId + 
-                " not enabled");
-            if (xmlOutput) {
-                outputError(response, CMS.getUserMessage(locale, "CMS_PROFILE_NOT_FOUND", renewProfileId));
-            } else {
-                args.set(ARG_ERROR_CODE, "1");
-                args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale,
-                    "CMS_PROFILE_NOT_FOUND", renewProfileId));
-                outputTemplate(request, response, args);
+            if (!ps.isProfileEnable(renewProfileId)) {
+                CMS.debug("ProfileSubmitServlet: renewal Profile " + renewProfileId +
+                        " not enabled");
+                if (xmlOutput) {
+                    outputError(response, CMS.getUserMessage(locale, "CMS_PROFILE_NOT_FOUND", renewProfileId));
+                } else {
+                    args.set(ARG_ERROR_CODE, "1");
+                    args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale,
+                            "CMS_PROFILE_NOT_FOUND", renewProfileId));
+                    outputTemplate(request, response, args);
+                }
+                return;
             }
-            return;
-          }
         }
 
         IProfileContext ctx = profile.createContext();
@@ -909,40 +903,41 @@ public class ProfileSubmitServlet extends ProfileServlet {
             }
         } catch (EProfileException e) {
             // authenticator not installed correctly
-            CMS.debug("ProfileSubmitServlet: renewal: exception:"+e.toString());
+            CMS.debug("ProfileSubmitServlet: renewal: exception:" + e.toString());
             args.set(ARG_ERROR_CODE, "1");
             args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale,
-                "CMS_INTERNAL_ERROR"));
+                    "CMS_INTERNAL_ERROR"));
             outputTemplate(request, response, args);
             return;
         }
         if (authenticator == null) {
             CMS.debug("ProfileSubmitServlet: authenticator not found");
         } else {
-            CMS.debug("ProfileSubmitServlet: authenticator " + 
-                authenticator.getName() + " found");
+            CMS.debug("ProfileSubmitServlet: authenticator " +
+                    authenticator.getName() + " found");
             setCredentialsIntoContext(request, authenticator, ctx);
         }
 
-        // for renewal, this will override or add auth info to the profile context
+        // for renewal, this will override or add auth info to the profile
+        // context
         if (isRenewal) {
-           if (origAuthenticator!= null) {
-               CMS.debug("ProfileSubmitServlet: for renewal, original authenticator " + 
-                 origAuthenticator.getName() + " found");
-               setCredentialsIntoContext(request, origAuthenticator, ctx);
-           } else {
-               CMS.debug("ProfileSubmitServlet: for renewal, original authenticator not found");
-           }
+            if (origAuthenticator != null) {
+                CMS.debug("ProfileSubmitServlet: for renewal, original authenticator " +
+                        origAuthenticator.getName() + " found");
+                setCredentialsIntoContext(request, origAuthenticator, ctx);
+            } else {
+                CMS.debug("ProfileSubmitServlet: for renewal, original authenticator not found");
+            }
         }
 
         CMS.debug("ProfileSubmistServlet: set Inputs into profile Context");
         if (isRenewal) {
-        // for renewal, input needs to be retrieved from the orig req record
+            // for renewal, input needs to be retrieved from the orig req record
             CMS.debug("ProfileSubmitServlet: set original Inputs into profile Context");
             setInputsIntoContext(origReq, profile, ctx, locale);
             ctx.set(IEnrollProfile.CTX_RENEWAL, "true");
             ctx.set("renewProfileId", renewProfileId);
-            ctx.set(IEnrollProfile.CTX_RENEWAL_SEQ_NUM, origSeqNum.toString()); 
+            ctx.set(IEnrollProfile.CTX_RENEWAL_SEQ_NUM, origSeqNum.toString());
         } else {
             setInputsIntoContext(request, profile, ctx);
         }
@@ -956,14 +951,14 @@ public class ProfileSubmitServlet extends ProfileServlet {
         SessionContext context = SessionContext.getContext();
 
         // insert profile context so that input parameter can be retrieved
-        context.put("profileContext", ctx); 
-        context.put("sslClientCertProvider", 
-            new SSLClientCertProvider(request));
+        context.put("profileContext", ctx);
+        context.put("sslClientCertProvider",
+                new SSLClientCertProvider(request));
         CMS.debug("ProfileSubmitServlet: set sslClientCertProvider");
         if ((isRenewal == true) && (origSubjectDN != null))
-          context.put("origSubjectDN", origSubjectDN); 
+            context.put("origSubjectDN", origSubjectDN);
         if (statsSub != null) {
-          statsSub.startTiming("profile_authentication");
+            statsSub.startTiming("profile_authentication");
         }
 
         if (authenticator != null) {
@@ -972,23 +967,24 @@ public class ProfileSubmitServlet extends ProfileServlet {
             String uid_cred = "Unidentified";
             String uid_attempted_cred = "Unidentified";
             Enumeration<String> authIds = authenticator.getValueNames();
-            //Attempt to possibly fetch attemped uid, may not always be available.
+            // Attempt to possibly fetch attemped uid, may not always be
+            // available.
             if (authIds != null) {
                 while (authIds.hasMoreElements()) {
-                    String authName =  authIds.nextElement();
-                    String value = request.getParameter(authName); 
+                    String authName = authIds.nextElement();
+                    String value = request.getParameter(authName);
                     if (value != null) {
-                          if (authName.equals("uid")) {
-                              uid_attempted_cred = value;
-                          }
+                        if (authName.equals("uid")) {
+                            uid_attempted_cred = value;
+                        }
                     }
                 }
             }
 
-            String authSubjectID =  auditSubjectID();
+            String authSubjectID = auditSubjectID();
 
-            String authMgrID = authenticator.getName(); 
-            String auditMessage = null; 
+            String authMgrID = authenticator.getName();
+            String auditMessage = null;
             try {
                 if (isRenewal) {
                     CMS.debug("ProfileSubmitServlet: renewal authenticate begins");
@@ -998,25 +994,25 @@ public class ProfileSubmitServlet extends ProfileServlet {
                     authToken = authenticate(authenticator, request);
                 }
             } catch (EBaseException e) {
-                CMS.debug("ProfileSubmitServlet: authentication error " + 
-                    e.toString());
+                CMS.debug("ProfileSubmitServlet: authentication error " +
+                        e.toString());
                 // authentication error
                 if (xmlOutput) {
                     outputError(response, CMS.getUserMessage(locale, "CMS_AUTHENTICATION_ERROR"));
                 } else {
                     args.set(ARG_ERROR_CODE, "1");
                     args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale,
-                        "CMS_AUTHENTICATION_ERROR"));
+                            "CMS_AUTHENTICATION_ERROR"));
                     outputTemplate(request, response, args);
                 }
                 if (statsSub != null) {
-                  statsSub.endTiming("authentication");
+                    statsSub.endTiming("authentication");
                 }
                 if (statsSub != null) {
-                  statsSub.endTiming("enrollment");
+                    statsSub.endTiming("enrollment");
                 }
 
-                //audit log our authentication failure
+                // audit log our authentication failure
 
                 authSubjectID += " : " + uid_cred;
                 auditMessage = CMS.getLogMessage(
@@ -1030,9 +1026,10 @@ public class ProfileSubmitServlet extends ProfileServlet {
                 return;
             }
 
-            //Log successful authentication
+            // Log successful authentication
 
-            //Attempt to get uid from authToken, most tokens respond to the "uid" cred.
+            // Attempt to get uid from authToken, most tokens respond to the
+            // "uid" cred.
             uid_cred = authToken.getInString("uid");
 
             if (uid_cred == null || uid_cred.length() == 0) {
@@ -1040,7 +1037,7 @@ public class ProfileSubmitServlet extends ProfileServlet {
             }
 
             authSubjectID = authSubjectID + " : " + uid_cred;
-             
+
             // store a message in the signed audit log file
             auditMessage = CMS.getLogMessage(
                         LOGGING_SIGNED_AUDIT_AUTH_SUCCESS,
@@ -1052,7 +1049,7 @@ public class ProfileSubmitServlet extends ProfileServlet {
 
         }
         if (statsSub != null) {
-          statsSub.endTiming("profile_authentication");
+            statsSub.endTiming("profile_authentication");
         }
 
         // authentication success
@@ -1061,23 +1058,23 @@ public class ProfileSubmitServlet extends ProfileServlet {
             // do profile authorization
             String acl = null;
             if (isRenewal)
-              acl = renewProfile.getAuthzAcl();
+                acl = renewProfile.getAuthzAcl();
             else
-              acl = profile.getAuthzAcl();
-            CMS.debug("ProfileSubmitServlet: authz using acl: "+acl);
+                acl = profile.getAuthzAcl();
+            CMS.debug("ProfileSubmitServlet: authz using acl: " + acl);
             if (acl != null && acl.length() > 0) {
                 try {
                     String resource = profileId + ".authz.acl";
                     AuthzToken authzToken = authorize(mAclMethod, resource, authToken, acl);
                 } catch (Exception e) {
-                    CMS.debug("ProfileSubmitServlet authorize: "+e.toString());
+                    CMS.debug("ProfileSubmitServlet authorize: " + e.toString());
                     if (xmlOutput) {
-                        outputError(response, CMS.getUserMessage(locale, 
-                          "CMS_AUTHORIZATION_ERROR"));
+                        outputError(response, CMS.getUserMessage(locale,
+                                "CMS_AUTHORIZATION_ERROR"));
                     } else {
                         args.set(ARG_ERROR_CODE, "1");
                         args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale,
-                            "CMS_AUTHORIZATION_ERROR"));
+                                "CMS_AUTHORIZATION_ERROR"));
                         outputTemplate(request, response, args);
                     }
 
@@ -1089,11 +1086,11 @@ public class ProfileSubmitServlet extends ProfileServlet {
         IRequest reqs[] = null;
 
         if (statsSub != null) {
-          statsSub.startTiming("request_population");
+            statsSub.startTiming("request_population");
         }
-        ///////////////////////////////////////////////
+        // /////////////////////////////////////////////
         // create request
-        ///////////////////////////////////////////////
+        // /////////////////////////////////////////////
         try {
             reqs = profile.createRequests(ctx, locale);
         } catch (EProfileException e) {
@@ -1107,8 +1104,8 @@ public class ProfileSubmitServlet extends ProfileServlet {
                 outputTemplate(request, response, args);
             }
             if (statsSub != null) {
-              statsSub.endTiming("request_population");
-              statsSub.endTiming("enrollment");
+                statsSub.endTiming("request_population");
+                statsSub.endTiming("enrollment");
             }
             return;
         } catch (Throwable e) {
@@ -1119,44 +1116,44 @@ public class ProfileSubmitServlet extends ProfileServlet {
             } else {
                 args.set(ARG_ERROR_CODE, "1");
                 args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale,
-                    "CMS_INTERNAL_ERROR"));
+                        "CMS_INTERNAL_ERROR"));
                 outputTemplate(request, response, args);
             }
             if (statsSub != null) {
-              statsSub.endTiming("request_population");
-              statsSub.endTiming("enrollment");
+                statsSub.endTiming("request_population");
+                statsSub.endTiming("enrollment");
             }
             return;
         }
 
         String errorCode = null;
-        String errorReason = null; 
+        String errorReason = null;
 
-        ///////////////////////////////////////////////
+        // /////////////////////////////////////////////
         // populate request
-        ///////////////////////////////////////////////
+        // /////////////////////////////////////////////
         for (int k = 0; k < reqs.length; k++) {
             boolean fromRA = false;
             String uid = "";
 
             // adding parameters to request
             if (isRenewal) {
-              setInputsIntoRequest(origReq, profile, reqs[k], locale);
-              // set orig expiration date to be used in Validity constraint
-              reqs[k].setExtData("origNotAfter",
-                  BigInteger.valueOf(origNotAfter.getTime()));
-              // set subjectDN to be used in subject name default
-              reqs[k].setExtData(IProfileAuthenticator.AUTHENTICATED_NAME, origSubjectDN);
-              // set request type
-              reqs[k].setRequestType("renewal");
+                setInputsIntoRequest(origReq, profile, reqs[k], locale);
+                // set orig expiration date to be used in Validity constraint
+                reqs[k].setExtData("origNotAfter",
+                        BigInteger.valueOf(origNotAfter.getTime()));
+                // set subjectDN to be used in subject name default
+                reqs[k].setExtData(IProfileAuthenticator.AUTHENTICATED_NAME, origSubjectDN);
+                // set request type
+                reqs[k].setRequestType("renewal");
             } else
-              setInputsIntoRequest(request, profile, reqs[k]);
+                setInputsIntoRequest(request, profile, reqs[k]);
 
             // serial auth token into request
             if (authToken != null) {
                 Enumeration<String> tokenNames = authToken.getElements();
                 while (tokenNames.hasMoreElements()) {
-                    String tokenName =  tokenNames.nextElement();
+                    String tokenName = tokenNames.nextElement();
                     String[] tokenVals = authToken.getInStringArray(tokenName);
                     if (tokenVals != null) {
                         for (int i = 0; i < tokenVals.length; i++) {
@@ -1181,7 +1178,7 @@ public class ProfileSubmitServlet extends ProfileServlet {
             }
 
             if (fromRA) {
-                CMS.debug("ProfileSubmitServlet: request from RA: "+ uid);
+                CMS.debug("ProfileSubmitServlet: request from RA: " + uid);
                 reqs[k].setExtData(ARG_REQUEST_OWNER, uid);
             }
 
@@ -1200,13 +1197,13 @@ public class ProfileSubmitServlet extends ProfileServlet {
                     outputError(response, FAILED, CMS.getUserMessage("CMS_PROFILE_NO_POLICY_SET_FOUND"), reqs[k].getRequestId().toString());
                 } else {
                     args.set(ARG_ERROR_CODE, "1");
-                    args.set(ARG_ERROR_REASON, 
-                      CMS.getUserMessage("CMS_PROFILE_NO_POLICY_SET_FOUND"));
+                    args.set(ARG_ERROR_REASON,
+                            CMS.getUserMessage("CMS_PROFILE_NO_POLICY_SET_FOUND"));
                     outputTemplate(request, response, args);
                 }
                 if (statsSub != null) {
-                  statsSub.endTiming("request_population");
-                  statsSub.endTiming("enrollment");
+                    statsSub.endTiming("request_population");
+                    statsSub.endTiming("enrollment");
                 }
                 return;
             }
@@ -1216,13 +1213,13 @@ public class ProfileSubmitServlet extends ProfileServlet {
             reqs[k].setExtData(ARG_PROFILE_REMOTE_HOST, request.getRemoteHost());
             reqs[k].setExtData(ARG_PROFILE_REMOTE_ADDR, request.getRemoteAddr());
 
-            CMS.debug("ProfileSubmitServlet: request " + 
-                reqs[k].getRequestId().toString());
+            CMS.debug("ProfileSubmitServlet: request " +
+                    reqs[k].getRequestId().toString());
 
             try {
                 CMS.debug("ProfileSubmitServlet: populating request inputs");
                 // give authenticator a chance to populate the request
-                if (authenticator != null) { 
+                if (authenticator != null) {
                     authenticator.populate(authToken, reqs[k]);
                 }
                 profile.populateInput(ctx, reqs[k]);
@@ -1237,31 +1234,31 @@ public class ProfileSubmitServlet extends ProfileServlet {
                     outputTemplate(request, response, args);
                 }
                 if (statsSub != null) {
-                  statsSub.endTiming("request_population");
-                  statsSub.endTiming("enrollment");
+                    statsSub.endTiming("request_population");
+                    statsSub.endTiming("enrollment");
                 }
                 return;
             } catch (Throwable e) {
                 CMS.debug("ProfileSubmitServlet: populate " + e.toString());
-                //  throw new IOException("Profile " + profileId + 
-                //          " cannot populate");
+                // throw new IOException("Profile " + profileId +
+                // " cannot populate");
                 if (xmlOutput) {
                     outputError(response, FAILED, CMS.getUserMessage(locale, "CMS_INTERNAL_ERROR"), reqs[k].getRequestId().toString());
                 } else {
                     args.set(ARG_ERROR_CODE, "1");
                     args.set(ARG_ERROR_REASON, CMS.getUserMessage(locale,
-                        "CMS_INTERNAL_ERROR"));
+                            "CMS_INTERNAL_ERROR"));
                     outputTemplate(request, response, args);
                 }
                 if (statsSub != null) {
-                  statsSub.endTiming("request_population");
-                  statsSub.endTiming("enrollment");
+                    statsSub.endTiming("request_population");
+                    statsSub.endTiming("enrollment");
                 }
                 return;
             }
         }
         if (statsSub != null) {
-          statsSub.endTiming("request_population");
+            statsSub.endTiming("request_population");
         }
 
         String auditMessage = null;
@@ -1270,9 +1267,9 @@ public class ProfileSubmitServlet extends ProfileServlet {
         String auditInfoCertValue = ILogger.SIGNED_AUDIT_EMPTY_VALUE;
 
         try {
-            ///////////////////////////////////////////////
+            // /////////////////////////////////////////////
             // submit request
-            ///////////////////////////////////////////////
+            // /////////////////////////////////////////////
             String requestIds = ""; // deliminated with double space
             for (int k = 0; k < reqs.length; k++) {
                 try {
@@ -1281,15 +1278,15 @@ public class ProfileSubmitServlet extends ProfileServlet {
 
                     // print request debug
                     if (reqs[k] != null) {
-                      requestIds += "  "+reqs[k].getRequestId().toString();
-                      Enumeration<String> reqKeys = reqs[k].getExtDataKeys();
-                      while (reqKeys.hasMoreElements()) {
-                        String reqKey = reqKeys.nextElement();
-                        String reqVal = reqs[k].getExtDataInString(reqKey);
-                        if (reqVal != null) {
-                           CMS.debug("ProfileSubmitServlet: key=$request." + reqKey + "$ value=" + reqVal);
+                        requestIds += "  " + reqs[k].getRequestId().toString();
+                        Enumeration<String> reqKeys = reqs[k].getExtDataKeys();
+                        while (reqKeys.hasMoreElements()) {
+                            String reqKey = reqKeys.nextElement();
+                            String reqVal = reqs[k].getExtDataInString(reqKey);
+                            if (reqVal != null) {
+                                CMS.debug("ProfileSubmitServlet: key=$request." + reqKey + "$ value=" + reqVal);
+                            }
                         }
-                      }
                     }
 
                     profile.submit(authToken, reqs[k]);
@@ -1319,16 +1316,16 @@ public class ProfileSubmitServlet extends ProfileServlet {
                     // need to notify
                     INotify notify = profile.getRequestQueue().getPendingNotify();
                     if (notify != null) {
-                       notify.notify(reqs[k]);
+                        notify.notify(reqs[k]);
                     }
-                
+
                     CMS.debug("ProfileSubmitServlet: submit " + e.toString());
                     errorCode = "2";
                     errorReason = CMS.getUserMessage(locale,
                                 "CMS_PROFILE_DEFERRED",
                                 e.toString());
                 } catch (ERejectException e) {
-                    // return error to the user 
+                    // return error to the user
                     reqs[k].setRequestStatus(RequestStatus.REJECTED);
                     CMS.debug("ProfileSubmitServlet: submit " + e.toString());
                     errorCode = "3";
@@ -1343,7 +1340,7 @@ public class ProfileSubmitServlet extends ProfileServlet {
                                 "CMS_INTERNAL_ERROR");
                 }
 
-                try { 
+                try {
                     if (errorCode == null) {
                         profile.getRequestQueue().markAsServiced(reqs[k]);
                     } else {
@@ -1351,7 +1348,7 @@ public class ProfileSubmitServlet extends ProfileServlet {
                     }
                 } catch (EBaseException e) {
                     CMS.debug("ProfileSubmitServlet: updateRequest " +
-                        e.toString());
+                            e.toString());
                 }
 
                 if (errorCode != null) {
@@ -1396,7 +1393,7 @@ public class ProfileSubmitServlet extends ProfileServlet {
                         ArgSet requestset = new ArgSet();
 
                         requestset.set(ARG_REQUEST_ID,
-                            reqs[k].getRequestId().toString());
+                                reqs[k].getRequestId().toString());
                         requestlist.add(requestset);
                     }
                     args.set(ARG_REQUEST_LIST, requestlist);
@@ -1405,14 +1402,14 @@ public class ProfileSubmitServlet extends ProfileServlet {
                     outputTemplate(request, response, args);
                 }
                 if (statsSub != null) {
-                  statsSub.endTiming("enrollment");
+                    statsSub.endTiming("enrollment");
                 }
                 return;
             }
 
-            ///////////////////////////////////////////////
-            // output output list 
-            ///////////////////////////////////////////////
+            // /////////////////////////////////////////////
+            // output output list
+            // /////////////////////////////////////////////
             if (xmlOutput) {
                 xmlOutput(response, profile, locale, reqs);
             } else {
@@ -1431,7 +1428,7 @@ public class ProfileSubmitServlet extends ProfileServlet {
                     ArgSet requestset = new ArgSet();
 
                     requestset.set(ARG_REQUEST_ID,
-                        reqs[k].getRequestId().toString());
+                            reqs[k].getRequestId().toString());
                     requestlist.add(requestset);
                 }
                 args.set(ARG_REQUEST_LIST, requestlist);
@@ -1454,14 +1451,14 @@ public class ProfileSubmitServlet extends ProfileServlet {
             audit(auditMessage);
 
             if (statsSub != null) {
-              statsSub.endTiming("enrollment");
+                statsSub.endTiming("enrollment");
             }
             throw eAudit1;
         } finally {
             SessionContext.releaseContext();
         }
         if (statsSub != null) {
-          statsSub.endTiming("enrollment");
+            statsSub.endTiming("enrollment");
         }
     }
 
@@ -1473,19 +1470,19 @@ public class ProfileSubmitServlet extends ProfileServlet {
             Node root = xmlObj.createRoot("XMLResponse");
             xmlObj.addItemToContainer(root, "Status", SUCCESS);
             Node n = xmlObj.createContainer(root, "Requests");
-            CMS.debug("ProfileSubmitServlet xmlOutput: req len = " +reqs.length);
+            CMS.debug("ProfileSubmitServlet xmlOutput: req len = " + reqs.length);
 
-            for (int i=0; i<reqs.length; i++) {
+            for (int i = 0; i < reqs.length; i++) {
                 Node subnode = xmlObj.createContainer(n, "Request");
                 xmlObj.addItemToContainer(subnode, "Id", reqs[i].getRequestId().toString());
                 X509CertInfo certInfo =
-                    reqs[i].getExtDataInCertInfo(IEnrollProfile.REQUEST_CERTINFO);
+                        reqs[i].getExtDataInCertInfo(IEnrollProfile.REQUEST_CERTINFO);
                 if (certInfo != null) {
-                  String subject = "";
-                  subject = (String) certInfo.get(X509CertInfo.SUBJECT).toString();
-                  xmlObj.addItemToContainer(subnode, "SubjectDN", subject);
+                    String subject = "";
+                    subject = (String) certInfo.get(X509CertInfo.SUBJECT).toString();
+                    xmlObj.addItemToContainer(subnode, "SubjectDN", subject);
                 } else {
-                  CMS.debug("ProfileSubmitServlet xmlOutput: no certInfo found in request");
+                    CMS.debug("ProfileSubmitServlet xmlOutput: no certInfo found in request");
                 }
                 Enumeration<String> outputIds = profile.getProfileOutputIds();
                 if (outputIds != null) {
@@ -1501,23 +1498,23 @@ public class ProfileSubmitServlet extends ProfileServlet {
                                 try {
                                     String outputValue = profileOutput.getValue(outputName, locale, reqs[i]);
                                     if (outputName.equals("b64_cert")) {
-                                      String ss = Cert.normalizeCertStrAndReq(outputValue);
-                                      outputValue = Cert.stripBrackets(ss);
-                                      byte[] bcode = CMS.AtoB(outputValue);
-                                      X509CertImpl impl = new X509CertImpl(bcode);
-                                      xmlObj.addItemToContainer(subnode,
-                                        "serialno", impl.getSerialNumber().toString(16));
-                                      xmlObj.addItemToContainer(subnode, "b64", outputValue);
+                                        String ss = Cert.normalizeCertStrAndReq(outputValue);
+                                        outputValue = Cert.stripBrackets(ss);
+                                        byte[] bcode = CMS.AtoB(outputValue);
+                                        X509CertImpl impl = new X509CertImpl(bcode);
+                                        xmlObj.addItemToContainer(subnode,
+                                                "serialno", impl.getSerialNumber().toString(16));
+                                        xmlObj.addItemToContainer(subnode, "b64", outputValue);
                                     }// if b64_cert
                                     else if (outputName.equals("pkcs7")) {
-                                      String ss = Cert.normalizeCertStrAndReq(outputValue);
-                                      xmlObj.addItemToContainer(subnode, "pkcs7", ss);
+                                        String ss = Cert.normalizeCertStrAndReq(outputValue);
+                                        xmlObj.addItemToContainer(subnode, "pkcs7", ss);
                                     }
- 
+
                                 } catch (EProfileException e) {
-                                    CMS.debug("ProfileSubmitServlet xmlOutput: "+e.toString());
+                                    CMS.debug("ProfileSubmitServlet xmlOutput: " + e.toString());
                                 } catch (Exception e) {
-                                    CMS.debug("ProfileSubmitServlet xmlOutput: "+e.toString());
+                                    CMS.debug("ProfileSubmitServlet xmlOutput: " + e.toString());
                                 }
                             }
                         }
@@ -1534,11 +1531,11 @@ public class ProfileSubmitServlet extends ProfileServlet {
 
     /**
      * Signed Audit Log Requester ID
-     *
-     * This method is called to obtain the "RequesterID" for
-     * a signed audit log message.
+     * 
+     * This method is called to obtain the "RequesterID" for a signed audit log
+     * message.
      * <P>
-     *
+     * 
      * @param request the actual request
      * @return id string containing the signed audit log message RequesterID
      */
@@ -1564,11 +1561,11 @@ public class ProfileSubmitServlet extends ProfileServlet {
 
     /**
      * Signed Audit Log Info Certificate Value
-     *
+     * 
      * This method is called to obtain the certificate from the passed in
      * "X509CertImpl" for a signed audit log message.
      * <P>
-     *
+     * 
      * @param request request containing an X509CertImpl
      * @return cert string containing the certificate
      */
diff --git a/pki/base/common/src/com/netscape/cms/servlet/profile/SSLClientCertProvider.java b/pki/base/common/src/com/netscape/cms/servlet/profile/SSLClientCertProvider.java
index 989710e3..0114f632 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/profile/SSLClientCertProvider.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/profile/SSLClientCertProvider.java
@@ -32,9 +32,8 @@ public class SSLClientCertProvider implements ISSLClientCertProvider {
 
     public X509Certificate[] getClientCertificateChain() {
         X509Certificate[] allCerts = (X509Certificate[])
-            mRequest.getAttribute("javax.servlet.request.X509Certificate");
+                mRequest.getAttribute("javax.servlet.request.X509Certificate");
 
         return allCerts;
     }
 }
-
diff --git a/pki/base/common/src/com/netscape/cms/servlet/request/CertReqParser.java b/pki/base/common/src/com/netscape/cms/servlet/request/CertReqParser.java
index 6a9ccac5..2f14fe71 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/request/CertReqParser.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/request/CertReqParser.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.servlet.request;
 
-
 import java.io.ByteArrayInputStream;
 import java.io.IOException;
 import java.lang.reflect.Array;
@@ -61,18 +60,15 @@ import com.netscape.cms.servlet.common.CMSTemplate;
 import com.netscape.cms.servlet.common.CMSTemplateParams;
 import com.netscape.cms.servlet.common.RawJS;
 
-
 /**
  * Output a 'pretty print' of a certificate request
- *
+ * 
  * @version $Revision$, $Date$
  */
 public class CertReqParser extends ReqParser {
-	
-    public static final CertReqParser 
-        DETAIL_PARSER = new CertReqParser(true);
-    public static final CertReqParser 
-        NODETAIL_PARSER = new CertReqParser(false);
+
+    public static final CertReqParser DETAIL_PARSER = new CertReqParser(true);
+    public static final CertReqParser NODETAIL_PARSER = new CertReqParser(false);
 
     private boolean mDetails = true;
     private IPrettyPrintFormat pp = null;
@@ -86,7 +82,7 @@ public class CertReqParser extends ReqParser {
 
     /**
      * Constructs a certificate request parser.
-     *
+     * 
      * @param details return detailed information (this can be time consuming)
      */
     public CertReqParser(boolean details) {
@@ -101,34 +97,30 @@ public class CertReqParser extends ReqParser {
     private static final String RB = "]";
     private static final String EQ = " = ";
 
-    private static final String 
-        HTTP_PARAMS_COUNTER = IRequest.HTTP_PARAMS + LB + "httpParamsCount++" + RB;
-    private static final String 
-        HTTP_HEADERS_COUNTER = IRequest.HTTP_HEADERS + LB + "httpHeadersCount++" + RB;
-    private static final String 
-        AUTH_TOKEN_COUNTER = IRequest.AUTH_TOKEN + LB + "authTokenCount++" + RB;
-    private static final String 
-        SERVER_ATTRS_COUNTER = IRequest.SERVER_ATTRS + LB + "serverAttrsCount++" + RB;
+    private static final String HTTP_PARAMS_COUNTER = IRequest.HTTP_PARAMS + LB + "httpParamsCount++" + RB;
+    private static final String HTTP_HEADERS_COUNTER = IRequest.HTTP_HEADERS + LB + "httpHeadersCount++" + RB;
+    private static final String AUTH_TOKEN_COUNTER = IRequest.AUTH_TOKEN + LB + "authTokenCount++" + RB;
+    private static final String SERVER_ATTRS_COUNTER = IRequest.SERVER_ATTRS + LB + "serverAttrsCount++" + RB;
 
     /**
      * Fills in certificate specific request attributes.
      */
     public void fillRequestIntoArg(Locale l, IRequest req, CMSTemplateParams argSet, IArgBlock arg)
-        throws EBaseException {
+            throws EBaseException {
         if (req.getExtDataInCertInfoArray(IRequest.CERT_INFO) != null) {
-            fillX509RequestIntoArg(l, req, argSet, arg);	
+            fillX509RequestIntoArg(l, req, argSet, arg);
         } else if (req.getExtDataInRevokedCertArray(IRequest.CERT_INFO) != null) {
-            fillRevokeRequestIntoArg(l, req, argSet, arg);	
+            fillRevokeRequestIntoArg(l, req, argSet, arg);
         } else {
-            //o = req.get(IRequest.OLD_CERTS);
-            //if (o != null)
-            fillRevokeRequestIntoArg(l, req, argSet, arg);	
+            // o = req.get(IRequest.OLD_CERTS);
+            // if (o != null)
+            fillRevokeRequestIntoArg(l, req, argSet, arg);
         }
     }
-	
+
     private void fillX509RequestIntoArg(Locale l, IRequest req, CMSTemplateParams argSet, IArgBlock arg)
-        throws EBaseException {
-	
+            throws EBaseException {
+
         // fill in the standard attributes
         super.fillRequestIntoArg(l, req, argSet, arg);
 
@@ -138,19 +130,19 @@ public class CertReqParser extends ReqParser {
         Enumeration<String> enum1 = req.getExtDataKeys();
 
         // gross hack
-        String prefix = "record."; 
+        String prefix = "record.";
 
         if (argSet.getHeader() == arg)
             prefix = "header.";
 
         while (enum1.hasMoreElements()) {
-            String name =  enum1.nextElement();
+            String name = enum1.nextElement();
 
             if (mDetails) {
                 // show all http parameters stored in request.
                 if (name.equalsIgnoreCase(IRequest.HTTP_PARAMS)) {
                     Hashtable<String, ?> http_params = req.getExtDataInHashtable(name);
-                    // show certType specially 
+                    // show certType specially
                     String certType = (String) http_params.get(IRequest.CERT_TYPE);
 
                     if (certType != null) {
@@ -166,16 +158,16 @@ public class CertReqParser extends ReqParser {
                     Enumeration<String> elms = http_params.keys();
 
                     while (elms.hasMoreElements()) {
-                        String parami = 
-                            IRequest.HTTP_PARAMS + LB + String.valueOf(counter++) + RB;
+                        String parami =
+                                IRequest.HTTP_PARAMS + LB + String.valueOf(counter++) + RB;
                         // hack
-                        String n =  elms.nextElement();
+                        String n = elms.nextElement();
                         String rawJS = "new Object;\n\r" +
-                            prefix + parami + ".name=\"" +
-                            CMSTemplate.escapeJavaScriptString(n) + "\";\n\r" +
-                            prefix + parami + ".value=\"" +
-                            CMSTemplate.escapeJavaScriptStringHTML(
-                                http_params.get(n).toString()) + "\"";
+                                prefix + parami + ".name=\"" +
+                                CMSTemplate.escapeJavaScriptString(n) + "\";\n\r" +
+                                prefix + parami + ".value=\"" +
+                                CMSTemplate.escapeJavaScriptStringHTML(
+                                        http_params.get(n).toString()) + "\"";
 
                         arg.set(parami, new RawJS(rawJS));
                     }
@@ -186,16 +178,16 @@ public class CertReqParser extends ReqParser {
                     int counter = 0;
 
                     while (elms.hasMoreElements()) {
-                        String parami = 
-                            IRequest.HTTP_HEADERS + LB + String.valueOf(counter++) + RB;
+                        String parami =
+                                IRequest.HTTP_HEADERS + LB + String.valueOf(counter++) + RB;
                         // hack
-                        String n =  elms.nextElement();
+                        String n = elms.nextElement();
                         String rawJS = "new Object;\n\r" +
-                            prefix + parami + ".name=\"" +
-                            CMSTemplate.escapeJavaScriptString(n) + "\";\n\r" +
-                            prefix + parami + ".value=\"" +
-                            CMSTemplate.escapeJavaScriptStringHTML(
-                                http_hdrs.get(n).toString()) + "\"";
+                                prefix + parami + ".name=\"" +
+                                CMSTemplate.escapeJavaScriptString(n) + "\";\n\r" +
+                                prefix + parami + ".value=\"" +
+                                CMSTemplate.escapeJavaScriptStringHTML(
+                                        http_hdrs.get(n).toString()) + "\"";
 
                         arg.set(parami, new RawJS(rawJS));
                     }
@@ -206,23 +198,24 @@ public class CertReqParser extends ReqParser {
                     int counter = 0;
 
                     while (elms.hasMoreElements()) {
-                        String parami = 
-                            IRequest.AUTH_TOKEN + LB + String.valueOf(counter++) + RB;
+                        String parami =
+                                IRequest.AUTH_TOKEN + LB + String.valueOf(counter++) + RB;
                         // hack
-                        String n =  elms.nextElement();
+                        String n = elms.nextElement();
                         Object authTokenValue = auth_token.getInStringArray(n);
                         if (authTokenValue == null) {
                             authTokenValue = auth_token.getInString(n);
                         }
                         String v = expandValue(prefix + parami + ".value",
-                            authTokenValue);
+                                authTokenValue);
                         String rawJS = "new Object;\n\r" +
-                            prefix + parami + ".name=\"" +
-                            CMSTemplate.escapeJavaScriptString(n) + "\";\n" + v;
+                                prefix + parami + ".name=\"" +
+                                CMSTemplate.escapeJavaScriptString(n) + "\";\n" + v;
 
                         arg.set(parami, new RawJS(rawJS));
                     }
-                } // all others are request attrs from policy or internal modules.
+                } // all others are request attrs from policy or internal
+                  // modules.
                 else {
                     Object val;
                     if (req.isSimpleExtDataValue(name)) {
@@ -235,41 +228,41 @@ public class CertReqParser extends ReqParser {
                     }
                     String valstr = "";
                     // hack
-                    String parami = 
-                        IRequest.SERVER_ATTRS + LB + String.valueOf(saCounter++) + RB;
+                    String parami =
+                            IRequest.SERVER_ATTRS + LB + String.valueOf(saCounter++) + RB;
 
                     if (name.equalsIgnoreCase(IRequest.ISSUED_CERTS) && mDetails &&
-                        (req.getRequestStatus().toString().equals(RequestStatus.COMPLETE_STRING) ||
+                            (req.getRequestStatus().toString().equals(RequestStatus.COMPLETE_STRING) ||
                             req.getRequestType().equals(IRequest.GETREVOCATIONINFO_REQUEST))) {
                         X509CertImpl issuedCert[] =
-                            req.getExtDataInCertArray(IRequest.ISSUED_CERTS);
+                                req.getExtDataInCertArray(IRequest.ISSUED_CERTS);
                         if (issuedCert != null && issuedCert[0] != null) {
-                            val = "<pre>"+CMS.getCertPrettyPrint(issuedCert[0]).toString(l)+"</pre>";
+                            val = "<pre>" + CMS.getCertPrettyPrint(issuedCert[0]).toString(l) + "</pre>";
                         }
                     } else if (name.equalsIgnoreCase(IRequest.CERT_INFO) && mDetails) {
                         X509CertInfo[] certInfo =
-                            req.getExtDataInCertInfoArray(IRequest.CERT_INFO);
+                                req.getExtDataInCertInfoArray(IRequest.CERT_INFO);
                         if (certInfo != null && certInfo[0] != null) {
-                            val = "<pre>"+certInfo[0].toString()+"</pre>";
+                            val = "<pre>" + certInfo[0].toString() + "</pre>";
                         }
                     }
 
                     valstr = expandValue(prefix + parami + ".value", val);
                     String rawJS = "new Object;\n\r" +
-                        prefix + parami + ".name=\"" +
-                        CMSTemplate.escapeJavaScriptString(name) + "\";\n" +
-                        valstr;  // java string already escaped in expandValue.
+                            prefix + parami + ".name=\"" +
+                            CMSTemplate.escapeJavaScriptString(name) + "\";\n" +
+                            valstr; // java string already escaped in
+                                    // expandValue.
 
                     arg.set(parami, new RawJS(rawJS));
                 }
             }
 
             if (name.equalsIgnoreCase(IRequest.REQUESTOR_PHONE)
-                || name.equalsIgnoreCase(IRequest.REQUESTOR_EMAIL)
-                || name.equalsIgnoreCase(IRequest.REQUESTOR_COMMENTS)
-                || name.equalsIgnoreCase(IRequest.RESULT)
-                || name.equalsIgnoreCase(IRequest.REQUEST_TRUSTEDMGR_PRIVILEGE)
-            ) {
+                    || name.equalsIgnoreCase(IRequest.REQUESTOR_EMAIL)
+                    || name.equalsIgnoreCase(IRequest.REQUESTOR_COMMENTS)
+                    || name.equalsIgnoreCase(IRequest.RESULT)
+                    || name.equalsIgnoreCase(IRequest.REQUEST_TRUSTEDMGR_PRIVILEGE)) {
                 arg.addStringValue(name, req.getExtDataInString(name));
             }
 
@@ -299,12 +292,12 @@ public class CertReqParser extends ReqParser {
             }
 
             if (name.equalsIgnoreCase(IRequest.CERT_INFO)) {
-                // Get the certificate info from the request 
+                // Get the certificate info from the request
                 X509CertInfo[] certInfo =
-                    req.getExtDataInCertInfoArray(IRequest.CERT_INFO);
+                        req.getExtDataInCertInfoArray(IRequest.CERT_INFO);
 
                 if (certInfo != null && certInfo[0] != null) {
-                    // Get the subject name if any set. 
+                    // Get the subject name if any set.
                     CertificateSubjectName subjectName = null;
                     String signatureAlgorithm = null;
                     String signatureAlgorithmName = null;
@@ -332,9 +325,9 @@ public class CertReqParser extends ReqParser {
                     if (mDetails) {
                         try {
                             CertificateAlgorithmId certAlgId = (CertificateAlgorithmId)
-                                certInfo[0].get(X509CertInfo.ALGORITHM_ID);
+                                    certInfo[0].get(X509CertInfo.ALGORITHM_ID);
                             AlgorithmId algId = (AlgorithmId)
-                                certAlgId.get(CertificateAlgorithmId.ALGORITHM);
+                                    certAlgId.get(CertificateAlgorithmId.ALGORITHM);
 
                             signatureAlgorithm = (algId.getOID()).toString();
                             signatureAlgorithmName = algId.getName();
@@ -362,36 +355,36 @@ public class CertReqParser extends ReqParser {
 
                                 // only know about ns cert type
                                 if (ext instanceof NSCertTypeExtension) {
-                                    NSCertTypeExtension nsExtensions = 
-                                        (NSCertTypeExtension) ext;
+                                    NSCertTypeExtension nsExtensions =
+                                            (NSCertTypeExtension) ext;
 
                                     try {
                                         arg.addStringValue("ext_" + NSCertTypeExtension.SSL_SERVER,
-                                            nsExtensions.get(NSCertTypeExtension.SSL_SERVER).toString());
+                                                nsExtensions.get(NSCertTypeExtension.SSL_SERVER).toString());
 
                                         arg.addStringValue("ext_" + NSCertTypeExtension.SSL_CLIENT,
-                                            nsExtensions.get(NSCertTypeExtension.SSL_CLIENT).toString());
+                                                nsExtensions.get(NSCertTypeExtension.SSL_CLIENT).toString());
 
                                         arg.addStringValue("ext_" + NSCertTypeExtension.EMAIL,
-                                            nsExtensions.get(NSCertTypeExtension.EMAIL).toString());
+                                                nsExtensions.get(NSCertTypeExtension.EMAIL).toString());
 
                                         arg.addStringValue("ext_" + NSCertTypeExtension.OBJECT_SIGNING,
-                                            nsExtensions.get(NSCertTypeExtension.OBJECT_SIGNING).toString());
+                                                nsExtensions.get(NSCertTypeExtension.OBJECT_SIGNING).toString());
 
                                         arg.addStringValue("ext_" + NSCertTypeExtension.SSL_CA,
-                                            nsExtensions.get(NSCertTypeExtension.SSL_CA).toString());
+                                                nsExtensions.get(NSCertTypeExtension.SSL_CA).toString());
 
                                         arg.addStringValue("ext_" + NSCertTypeExtension.EMAIL_CA,
-                                            nsExtensions.get(NSCertTypeExtension.EMAIL_CA).toString());
+                                                nsExtensions.get(NSCertTypeExtension.EMAIL_CA).toString());
 
                                         arg.addStringValue("ext_" + NSCertTypeExtension.OBJECT_SIGNING_CA,
-                                            nsExtensions.get(NSCertTypeExtension.OBJECT_SIGNING_CA).toString());
+                                                nsExtensions.get(NSCertTypeExtension.OBJECT_SIGNING_CA).toString());
 
                                     } catch (Exception e) {
                                     }
                                 } else if (ext instanceof BasicConstraintsExtension) {
-                                    BasicConstraintsExtension bcExt = 
-                                        (BasicConstraintsExtension) ext;
+                                    BasicConstraintsExtension bcExt =
+                                            (BasicConstraintsExtension) ext;
                                     Integer pathLength = null;
                                     Boolean isCA = null;
 
@@ -410,8 +403,8 @@ public class CertReqParser extends ReqParser {
                                         IArgBlock rr = CMS.createArgBlock();
 
                                         rr.addStringValue(
-                                            EXT_PRETTYPRINT,
-                                            CMS.getExtPrettyPrint(ext, 0).toString());
+                                                EXT_PRETTYPRINT,
+                                                CMS.getExtPrettyPrint(ext, 0).toString());
                                         argSet.addRepeatRecord(rr);
                                     }
                                 }
@@ -419,7 +412,7 @@ public class CertReqParser extends ReqParser {
 
                         }
 
-                        // Get the public key 
+                        // Get the public key
                         CertificateX509Key certKey = null;
 
                         try {
@@ -440,17 +433,17 @@ public class CertReqParser extends ReqParser {
 
                         if (key != null) {
                             arg.addStringValue("subjectPublicKeyInfo",
-                                key.getAlgorithm() + " - " + key.getAlgorithmId().getOID().toString());
+                                    key.getAlgorithm() + " - " + key.getAlgorithmId().getOID().toString());
                             arg.addStringValue("subjectPublicKey",
-                                pp.toHexString(key.getKey(), 0, 16));
+                                    pp.toHexString(key.getKey(), 0, 16));
                         }
 
-                        // Get the validity period 
+                        // Get the validity period
                         CertificateValidity validity = null;
 
                         try {
                             validity =
-                                    (CertificateValidity) 
+                                    (CertificateValidity)
                                     certInfo[0].get(X509CertInfo.VALIDITY);
                             if (validity != null) {
                                 long validityLength = (((Date) validity.get(CertificateValidity.NOT_AFTER)).getTime() - ((Date) validity.get(CertificateValidity.NOT_BEFORE)).getTime()) / 1000;
@@ -475,7 +468,7 @@ public class CertReqParser extends ReqParser {
                             IArgBlock rarg = CMS.createArgBlock();
 
                             rarg.addBigIntegerValue("serialNumber",
-                                oldSerialNo[i], 16);
+                                    oldSerialNo[i], 16);
                             argSet.addRepeatRecord(rarg);
                         }
                     }
@@ -483,10 +476,10 @@ public class CertReqParser extends ReqParser {
             }
 
             if (name.equalsIgnoreCase(IRequest.ISSUED_CERTS) && mDetails &&
-                (req.getRequestStatus().toString().equals(RequestStatus.COMPLETE_STRING) ||
+                    (req.getRequestStatus().toString().equals(RequestStatus.COMPLETE_STRING) ||
                     req.getRequestType().equals(IRequest.GETREVOCATIONINFO_REQUEST))) {
                 X509CertImpl issuedCert[] =
-                    req.getExtDataInCertArray(IRequest.ISSUED_CERTS);
+                        req.getExtDataInCertArray(IRequest.ISSUED_CERTS);
 
                 arg.addBigIntegerValue("serialNumber", issuedCert[0].getSerialNumber(), 16);
                 // Set Serial No for 2nd certificate
@@ -495,7 +488,7 @@ public class CertReqParser extends ReqParser {
             }
             if (name.equalsIgnoreCase(IRequest.OLD_CERTS) && mDetails) {
                 X509CertImpl oldCert[] =
-                    req.getExtDataInCertArray(IRequest.OLD_CERTS);
+                        req.getExtDataInCertArray(IRequest.OLD_CERTS);
 
                 if (oldCert != null && oldCert.length > 0) {
                     arg.addBigIntegerValue("serialNumber", oldCert[0].getSerialNumber(), 16);
@@ -505,7 +498,7 @@ public class CertReqParser extends ReqParser {
                             IArgBlock rarg = CMS.createArgBlock();
 
                             rarg.addBigIntegerValue("serialNumber",
-                                oldCert[i].getSerialNumber(), 16);
+                                    oldCert[i].getSerialNumber(), 16);
                             argSet.addRepeatRecord(rarg);
                         }
                     }
@@ -526,7 +519,7 @@ public class CertReqParser extends ReqParser {
                             IArgBlock rarg = CMS.createArgBlock();
 
                             rarg.addBigIntegerValue("serialNumber",
-                                cert[i].getSerialNumber(), 16);
+                                    cert[i].getSerialNumber(), 16);
                             argSet.addRepeatRecord(rarg);
                         }
                     } catch (IOException e) {
@@ -535,16 +528,16 @@ public class CertReqParser extends ReqParser {
                 }
             }
             if (name.equalsIgnoreCase(IRequest.FINGERPRINTS) && mDetails) {
-                Hashtable<String, Object> fingerprints =  
-                    req.getExtDataInHashtable(IRequest.FINGERPRINTS);
+                Hashtable<String, Object> fingerprints =
+                        req.getExtDataInHashtable(IRequest.FINGERPRINTS);
 
                 if (fingerprints != null) {
                     String namesAndHashes = null;
                     Enumeration<String> enumFingerprints = fingerprints.keys();
 
-                    while (enumFingerprints.hasMoreElements()) { 
+                    while (enumFingerprints.hasMoreElements()) {
                         String hashname = enumFingerprints.nextElement();
-                        String hashvalue =  (String) fingerprints.get(hashname);
+                        String hashvalue = (String) fingerprints.get(hashname);
                         byte[] fingerprint = CMS.AtoB(hashvalue);
                         String ppFingerprint = pp.toHexString(fingerprint, 0);
 
@@ -578,7 +571,7 @@ public class CertReqParser extends ReqParser {
 
                 StringBuffer sb = new StringBuffer();
                 for (@SuppressWarnings("unchecked")
-				Enumeration<String> n = ((Vector<String>)v).elements(); n.hasMoreElements(); j++) {
+                Enumeration<String> n = ((Vector<String>) v).elements(); n.hasMoreElements(); j++) {
                     sb.append(";\n");
                     sb.append(valuename);
                     sb.append(LB);
@@ -588,8 +581,8 @@ public class CertReqParser extends ReqParser {
                     sb.append("\"");
                     sb.append(
                             CMSTemplate.escapeJavaScriptStringHTML(
-                                n.nextElement().toString())); 
-                    sb.append( "\";\n");
+                                    n.nextElement().toString()));
+                    sb.append("\";\n");
                 }
                 sb.append("\n");
                 valstr = sb.toString();
@@ -599,7 +592,7 @@ public class CertReqParser extends ReqParser {
             // if an array.
             int len = -1;
 
-            try { 
+            try {
                 len = Array.getLength(v);
             } catch (IllegalArgumentException e) {
             }
@@ -611,7 +604,7 @@ public class CertReqParser extends ReqParser {
                     if (Array.get(v, i) != null)
                         valstr += ";\n" + valuename + LB + i + RB + EQ + "\"" +
                                 CMSTemplate.escapeJavaScriptStringHTML(
-                                    Array.get(v, i).toString()) + "\";\n";
+                                        Array.get(v, i).toString()) + "\";\n";
                 }
                 return valstr;
             }
@@ -620,16 +613,16 @@ public class CertReqParser extends ReqParser {
 
         // if string or unrecognized type, just call its toString method.
         return valuename + "=\"" +
-            CMSTemplate.escapeJavaScriptStringHTML(v.toString()) + "\"";
+                CMSTemplate.escapeJavaScriptStringHTML(v.toString()) + "\"";
     }
 
     public String getRequestorDN(IRequest request) {
         try {
             X509CertInfo info = (X509CertInfo)
-                request.getExtDataInCertInfo(IEnrollProfile.REQUEST_CERTINFO);
+                    request.getExtDataInCertInfo(IEnrollProfile.REQUEST_CERTINFO);
             // retrieve the subject name
             CertificateSubjectName sn = (CertificateSubjectName)
-                info.get(X509CertInfo.SUBJECT);
+                    info.get(X509CertInfo.SUBJECT);
 
             return sn.toString();
         } catch (Exception e) {
@@ -644,15 +637,15 @@ public class CertReqParser extends ReqParser {
 
             String cid = request.getExtDataInString(IRequest.NETKEY_ATTR_CUID);
             if (cid == null) {
-                 cid = "";
+                cid = "";
             }
             String uid = request.getExtDataInString(IRequest.NETKEY_ATTR_USERID);
             if (uid == null) {
-                 uid = "";
+                uid = "";
             }
-            kid = cid+":"+uid;
+            kid = cid + ":" + uid;
             if (kid.equals(":")) {
-              kid = "";
+                kid = "";
             }
 
             return kid;
@@ -663,14 +656,14 @@ public class CertReqParser extends ReqParser {
     }
 
     private void fillRevokeRequestIntoArg(Locale l, IRequest req, CMSTemplateParams argSet, IArgBlock arg)
-        throws EBaseException {
+            throws EBaseException {
         // fill in the standard attributes
         super.fillRequestIntoArg(l, req, argSet, arg);
 
         arg.addStringValue("certExtsEnabled", "yes");
         String profile = req.getExtDataInString("profile");
 
-        //CMS.debug("CertReqParser: profile=" + profile);
+        // CMS.debug("CertReqParser: profile=" + profile);
         if (profile != null) {
             arg.addStringValue("profile", profile);
             String requestorDN = getRequestorDN(req);
@@ -691,7 +684,7 @@ public class CertReqParser extends ReqParser {
         Enumeration<String> enum1 = req.getExtDataKeys();
 
         // gross hack
-        String prefix = "record."; 
+        String prefix = "record.";
 
         if (argSet.getHeader() == arg)
             prefix = "header.";
@@ -703,7 +696,7 @@ public class CertReqParser extends ReqParser {
                 // show all http parameters stored in request.
                 if (name.equalsIgnoreCase(IRequest.HTTP_PARAMS)) {
                     Hashtable<String, Object> http_params = req.getExtDataInHashtable(name);
-                    // show certType specially 
+                    // show certType specially
                     String certType = (String) http_params.get(IRequest.CERT_TYPE);
 
                     if (certType != null) {
@@ -714,16 +707,16 @@ public class CertReqParser extends ReqParser {
                     Enumeration<String> elms = http_params.keys();
 
                     while (elms.hasMoreElements()) {
-                        String parami = 
-                            IRequest.HTTP_PARAMS + LB + String.valueOf(counter++) + RB;
+                        String parami =
+                                IRequest.HTTP_PARAMS + LB + String.valueOf(counter++) + RB;
                         // hack
                         String n = (String) elms.nextElement();
                         String rawJS = "new Object;\n\r" +
-                            prefix + parami + ".name=\"" +
-                            CMSTemplate.escapeJavaScriptString(n) + "\";\n\r" +
-                            prefix + parami + ".value=\"" +
-                            CMSTemplate.escapeJavaScriptStringHTML(
-                                http_params.get(n).toString()) + "\"";
+                                prefix + parami + ".name=\"" +
+                                CMSTemplate.escapeJavaScriptString(n) + "\";\n\r" +
+                                prefix + parami + ".value=\"" +
+                                CMSTemplate.escapeJavaScriptStringHTML(
+                                        http_params.get(n).toString()) + "\"";
 
                         arg.set(parami, new RawJS(rawJS));
                     }
@@ -734,16 +727,16 @@ public class CertReqParser extends ReqParser {
                     int counter = 0;
 
                     while (elms.hasMoreElements()) {
-                        String parami = 
-                            IRequest.HTTP_HEADERS + LB + String.valueOf(counter++) + RB;
+                        String parami =
+                                IRequest.HTTP_HEADERS + LB + String.valueOf(counter++) + RB;
                         // hack
                         String n = (String) elms.nextElement();
                         String rawJS = "new Object;\n\r" +
-                            prefix + parami + ".name=\"" +
-                            CMSTemplate.escapeJavaScriptString(n) + "\";\n\r" +
-                            prefix + parami + ".value=\"" +
-                            CMSTemplate.escapeJavaScriptStringHTML(
-                                http_hdrs.get(n).toString()) + "\"";
+                                prefix + parami + ".name=\"" +
+                                CMSTemplate.escapeJavaScriptString(n) + "\";\n\r" +
+                                prefix + parami + ".value=\"" +
+                                CMSTemplate.escapeJavaScriptStringHTML(
+                                        http_hdrs.get(n).toString()) + "\"";
 
                         arg.set(parami, new RawJS(rawJS));
                     }
@@ -754,20 +747,21 @@ public class CertReqParser extends ReqParser {
                     int counter = 0;
 
                     while (elms.hasMoreElements()) {
-                        String parami = 
-                            IRequest.AUTH_TOKEN + LB + String.valueOf(counter++) + RB;
+                        String parami =
+                                IRequest.AUTH_TOKEN + LB + String.valueOf(counter++) + RB;
                         // hack
                         String n = (String) elms.nextElement();
-                        String v = 
-                            expandValue(prefix + parami + ".value", 
-                                auth_token.getInString(n));
+                        String v =
+                                expandValue(prefix + parami + ".value",
+                                        auth_token.getInString(n));
                         String rawJS = "new Object;\n\r" +
-                            prefix + parami + ".name=\"" +
-                            CMSTemplate.escapeJavaScriptString(n) + "\";\n" + v;
+                                prefix + parami + ".name=\"" +
+                                CMSTemplate.escapeJavaScriptString(n) + "\";\n" + v;
 
                         arg.set(parami, new RawJS(rawJS));
                     }
-                } // all others are request attrs from policy or internal modules.
+                } // all others are request attrs from policy or internal
+                  // modules.
                 else {
                     Object val;
                     if (req.isSimpleExtDataValue(name)) {
@@ -780,25 +774,25 @@ public class CertReqParser extends ReqParser {
                     }
                     String valstr = "";
                     // hack
-                    String parami = 
-                        IRequest.SERVER_ATTRS + LB + String.valueOf(saCounter++) + RB;
+                    String parami =
+                            IRequest.SERVER_ATTRS + LB + String.valueOf(saCounter++) + RB;
 
                     valstr = expandValue(prefix + parami + ".value", val);
                     String rawJS = "new Object;\n\r" +
-                        prefix + parami + ".name=\"" +
-                        CMSTemplate.escapeJavaScriptString(name) + "\";\n" +
-                        valstr;  // java string already escaped in expandValue.
+                            prefix + parami + ".name=\"" +
+                            CMSTemplate.escapeJavaScriptString(name) + "\";\n" +
+                            valstr; // java string already escaped in
+                                    // expandValue.
 
                     arg.set(parami, new RawJS(rawJS));
                 }
             }
 
             if (name.equalsIgnoreCase(IRequest.REQUESTOR_PHONE)
-                || name.equalsIgnoreCase(IRequest.REQUESTOR_EMAIL)
-                || name.equalsIgnoreCase(IRequest.REQUESTOR_COMMENTS)
-                || name.equalsIgnoreCase(IRequest.RESULT)
-                || name.equalsIgnoreCase(IRequest.REQUEST_TRUSTEDMGR_PRIVILEGE)
-            ) {
+                    || name.equalsIgnoreCase(IRequest.REQUESTOR_EMAIL)
+                    || name.equalsIgnoreCase(IRequest.REQUESTOR_COMMENTS)
+                    || name.equalsIgnoreCase(IRequest.RESULT)
+                    || name.equalsIgnoreCase(IRequest.REQUEST_TRUSTEDMGR_PRIVILEGE)) {
                 arg.addStringValue(name, req.getExtDataInString(name));
             }
 
@@ -828,7 +822,7 @@ public class CertReqParser extends ReqParser {
             }
 
             if (name.equalsIgnoreCase(IRequest.CERT_INFO)) {
-                // Get the certificate info from the request 
+                // Get the certificate info from the request
                 RevokedCertImpl revokedCert[] = req.getExtDataInRevokedCertArray(IRequest.CERT_INFO);
 
                 if (mDetails && revokedCert != null) {
@@ -837,7 +831,7 @@ public class CertReqParser extends ReqParser {
                             IArgBlock rarg = CMS.createArgBlock();
 
                             rarg.addBigIntegerValue("serialNumber",
-                                revokedCert[i].getSerialNumber(), 16);
+                                    revokedCert[i].getSerialNumber(), 16);
 
                             CRLExtensions crlExtensions = revokedCert[i].getExtensions();
 
@@ -847,19 +841,19 @@ public class CertReqParser extends ReqParser {
 
                                     if (ext instanceof CRLReasonExtension) {
                                         rarg.addStringValue("reason",
-                                            ((CRLReasonExtension) ext).getReason().toString());
+                                                ((CRLReasonExtension) ext).getReason().toString());
                                     }
                                 }
                             } else {
                                 rarg.addStringValue("reason",
-                                    RevocationReason.UNSPECIFIED.toString());
+                                        RevocationReason.UNSPECIFIED.toString());
                             }
 
                             argSet.addRepeatRecord(rarg);
                         }
                     } else {
                         arg.addBigIntegerValue("serialNumber",
-                            revokedCert[0].getSerialNumber(), 16);
+                                revokedCert[0].getSerialNumber(), 16);
                     }
                 }
             }
@@ -873,7 +867,7 @@ public class CertReqParser extends ReqParser {
                             IArgBlock rarg = CMS.createArgBlock();
 
                             rarg.addBigIntegerValue("serialNumber",
-                                oldSerialNo[i], 16);
+                                    oldSerialNo[i], 16);
                             argSet.addRepeatRecord(rarg);
                         }
                     }
@@ -881,11 +875,11 @@ public class CertReqParser extends ReqParser {
             }
 
             if (name.equalsIgnoreCase(IRequest.OLD_CERTS) && mDetails) {
-                //X509CertImpl oldCert[] =
-                //	(X509CertImpl[])req.get(IRequest.OLD_CERTS);
+                // X509CertImpl oldCert[] =
+                // (X509CertImpl[])req.get(IRequest.OLD_CERTS);
                 Certificate oldCert[] =
-                    (Certificate[]) req.getExtDataInCertArray(IRequest.OLD_CERTS);
-				
+                        (Certificate[]) req.getExtDataInCertArray(IRequest.OLD_CERTS);
+
                 if (oldCert != null && oldCert.length > 0) {
                     if (oldCert[0] instanceof X509CertImpl) {
                         X509CertImpl xcert = (X509CertImpl) oldCert[0];
@@ -898,7 +892,7 @@ public class CertReqParser extends ReqParser {
 
                                 xcert = (X509CertImpl) oldCert[i];
                                 rarg.addBigIntegerValue("serialNumber",
-                                    xcert.getSerialNumber(), 16);
+                                        xcert.getSerialNumber(), 16);
                                 argSet.addRepeatRecord(rarg);
                             }
                         }
@@ -907,9 +901,9 @@ public class CertReqParser extends ReqParser {
             }
 
             if (name.equalsIgnoreCase(IRequest.REVOKED_CERTS) && mDetails &&
-                req.getRequestType().equals("getRevocationInfo")) {
-                RevokedCertImpl revokedCert[] = 
-                    req.getExtDataInRevokedCertArray(IRequest.REVOKED_CERTS);
+                    req.getRequestType().equals("getRevocationInfo")) {
+                RevokedCertImpl revokedCert[] =
+                        req.getExtDataInRevokedCertArray(IRequest.REVOKED_CERTS);
 
                 if (revokedCert != null && revokedCert[0] != null) {
                     boolean reasonFound = false;
@@ -920,7 +914,7 @@ public class CertReqParser extends ReqParser {
 
                         if (ext instanceof CRLReasonExtension) {
                             arg.addStringValue("reason",
-                                ((CRLReasonExtension) ext).getReason().toString());
+                                    ((CRLReasonExtension) ext).getReason().toString());
                             reasonFound = true;
                         }
                     }
@@ -931,5 +925,5 @@ public class CertReqParser extends ReqParser {
             }
         }
     }
-		
+
 }
diff --git a/pki/base/common/src/com/netscape/cms/servlet/request/CheckRequest.java b/pki/base/common/src/com/netscape/cms/servlet/request/CheckRequest.java
index 127f2ce8..ce05b408 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/request/CheckRequest.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/request/CheckRequest.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.servlet.request;
 
-
 import java.io.ByteArrayInputStream;
 import java.io.ByteArrayOutputStream;
 import java.io.File;
@@ -81,10 +80,9 @@ import com.netscape.cms.servlet.common.CMSTemplate;
 import com.netscape.cms.servlet.common.CMSTemplateParams;
 import com.netscape.cms.servlet.common.ECMSGWException;
 
-
 /**
  * Check the status of a certificate request
- *
+ * 
  * @version $Revision$, $Date$
  */
 public class CheckRequest extends CMSServlet {
@@ -116,15 +114,15 @@ public class CheckRequest extends CMSServlet {
     /**
      * Constructs request query servlet.
      */
-    public CheckRequest() 
-        throws EBaseException {
+    public CheckRequest()
+            throws EBaseException {
         super();
     }
 
     /**
      * initialize the servlet. This servlet uses the template file
      * "requestStatus.template" to process the response.
-     *
+     * 
      * @param sc servlet configuration, read from the web.xml file
      */
     public void init(ServletConfig sc) throws ServletException {
@@ -140,12 +138,12 @@ public class CheckRequest extends CMSServlet {
      * Process the HTTP request.
      * <ul>
      * <li>http.param requestId ID of the request to check
-     * <li>http.param format if 'id', then check the request based on
-     *      the request ID parameter. If set to CMC, then use the
-     *      'queryPending' parameter.
+     * <li>http.param format if 'id', then check the request based on the
+     * request ID parameter. If set to CMC, then use the 'queryPending'
+     * parameter.
      * <li>http.param queryPending query formatted as a CMC request
      * </ul>
-     *
+     * 
      * @param cmsReq the object holding the request and response information
      */
     public void process(CMSRequest cmsReq) throws EBaseException {
@@ -166,10 +164,10 @@ public class CheckRequest extends CMSServlet {
                         mAuthzResourceName, "read");
         } catch (EAuthzAccessDenied e) {
             log(ILogger.LL_FAILURE,
-                CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+                    CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
         } catch (Exception e) {
             log(ILogger.LL_FAILURE,
-                CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+                    CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
         }
 
         if (authzToken == null) {
@@ -187,9 +185,9 @@ public class CheckRequest extends CMSServlet {
             form = getTemplate(mFormPath, req, locale);
         } catch (IOException e) {
             log(ILogger.LL_FAILURE,
-                CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString()));
+                    CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString()));
             throw new ECMSGWException(
-              CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
+                    CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
         }
 
         IArgBlock header = CMS.createArgBlock();
@@ -212,13 +210,13 @@ public class CheckRequest extends CMSServlet {
                 isCMCReq = true;
                 byte[] cmcBlob = CMS.AtoB(queryPending);
                 ByteArrayInputStream cmcBlobIn =
-                    new ByteArrayInputStream(cmcBlob);
+                        new ByteArrayInputStream(cmcBlob);
 
                 org.mozilla.jss.pkix.cms.ContentInfo cii = (org.mozilla.jss.pkix.cms.ContentInfo)
-                    org.mozilla.jss.pkix.cms.ContentInfo.getTemplate().decode(cmcBlobIn);
+                        org.mozilla.jss.pkix.cms.ContentInfo.getTemplate().decode(cmcBlobIn);
                 SignedData cmcFullReq = (SignedData)
-                    cii.getInterpretedContent();
-			
+                        cii.getInterpretedContent();
+
                 EncapsulatedContentInfo ci = cmcFullReq.getContentInfo();
 
                 OBJECT_IDENTIFIER id = ci.getContentType();
@@ -235,7 +233,7 @@ public class CheckRequest extends CMSServlet {
 
                 for (int i = 0; i < numControls; i++) {
                     // decode message.
-                    TaggedAttribute  taggedAttr = (TaggedAttribute) controlSequence.elementAt(i);
+                    TaggedAttribute taggedAttr = (TaggedAttribute) controlSequence.elementAt(i);
                     OBJECT_IDENTIFIER type = taggedAttr.getType();
 
                     if (type.equals(OBJECT_IDENTIFIER.id_cmc_QueryPending)) {
@@ -246,18 +244,16 @@ public class CheckRequest extends CMSServlet {
                         // We only process one for now.
                         if (numReq > 0) {
                             OCTET_STRING reqId = (OCTET_STRING)
-                                ASN1Util.decode(OCTET_STRING.getTemplate(),
-                                    ASN1Util.encode(requestIds.elementAt(0)));
+                                    ASN1Util.decode(OCTET_STRING.getTemplate(),
+                                            ASN1Util.encode(requestIds.elementAt(0)));
 
                             requestId = new String(reqId.toByteArray());
                         }
                     } else if (type.equals(OBJECT_IDENTIFIER.id_cmc_transactionId)) {
                         transIds = taggedAttr.getValues();
-                    }else if
-                    (type.equals(OBJECT_IDENTIFIER.id_cmc_recipientNonce)) {
+                    } else if (type.equals(OBJECT_IDENTIFIER.id_cmc_recipientNonce)) {
                         rNonces = taggedAttr.getValues();
-                    } else if
-                    (type.equals(OBJECT_IDENTIFIER.id_cmc_senderNonce)) {
+                    } else if (type.equals(OBJECT_IDENTIFIER.id_cmc_senderNonce)) {
                         sNonces = taggedAttr.getValues();
                     }
                 }
@@ -276,7 +272,7 @@ public class CheckRequest extends CMSServlet {
             mCACerts = ((ICertAuthority) mAuthority).getCACertChain().getChain();
         } catch (Exception e) {
             throw new ECMSGWException(
-              CMS.getUserMessage("CMS_GW_CA_CHAIN_NOT_AVAILABLE"));
+                    CMS.getUserMessage("CMS_GW_CA_CHAIN_NOT_AVAILABLE"));
         }
 
         if (requestId == null || requestId.trim().equals("")) {
@@ -289,34 +285,34 @@ public class CheckRequest extends CMSServlet {
             log(ILogger.LL_FAILURE, CMS.getLogMessage("BASE_INVALID_NUMBER_FORMAT_1", requestId));
             throw new EBaseException(
                     CMS.getUserMessage(getLocale(req), "CMS_BASE_INVALID_NUMBER_FORMAT_1", requestId));
-        } 
+        }
 
         IRequest r = mQueue.findRequest(new RequestId(requestId));
 
         if (r == null) {
             log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_REQUEST_ID_NOT_FOUND_1", requestId));
             throw new ECMSGWException(
-              CMS.getUserMessage("CMS_GW_REQUEST_ID_NOT_FOUND", requestId));
+                    CMS.getUserMessage("CMS_GW_REQUEST_ID_NOT_FOUND", requestId));
         }
 
         if (authToken != null) {
-          // if RA, requestOwner must match the group
-          String group = authToken.getInString("group");
-          if ((group != null) && (group != "")) {
-            if (group.equals("Registration Manager Agents")) {
-              boolean groupMatched = false;
-              String requestOwner = r.getExtDataInString("requestOwner");
-              if (requestOwner != null) {
-                  if (requestOwner.equals(group))
-                    groupMatched = true;
-              }
-              if (groupMatched == false) {
-                log(ILogger.LL_FAILURE, CMS.getLogMessage("BASE_INVALID_NUMBER_FORMAT_1", requestId.toString()));
-                throw new EBaseException(
-                    CMS.getUserMessage(getLocale(req), "CMS_BASE_INVALID_NUMBER_FORMAT_1", requestId));
-              }
+            // if RA, requestOwner must match the group
+            String group = authToken.getInString("group");
+            if ((group != null) && (group != "")) {
+                if (group.equals("Registration Manager Agents")) {
+                    boolean groupMatched = false;
+                    String requestOwner = r.getExtDataInString("requestOwner");
+                    if (requestOwner != null) {
+                        if (requestOwner.equals(group))
+                            groupMatched = true;
+                    }
+                    if (groupMatched == false) {
+                        log(ILogger.LL_FAILURE, CMS.getLogMessage("BASE_INVALID_NUMBER_FORMAT_1", requestId.toString()));
+                        throw new EBaseException(
+                                CMS.getUserMessage(getLocale(req), "CMS_BASE_INVALID_NUMBER_FORMAT_1", requestId));
+                    }
+                }
             }
-          }
         }
 
         RequestStatus status = r.getRequestStatus();
@@ -327,35 +323,35 @@ public class CheckRequest extends CMSServlet {
         header.addStringValue(STATUS, status.toString());
         header.addLongValue(CREATE_ON, r.getCreationTime().getTime() / 1000);
         header.addLongValue(UPDATE_ON, r.getModificationTime().getTime() / 1000);
-        if (note != null && note.length() > 0) 
+        if (note != null && note.length() > 0)
             header.addStringValue("requestNotes", note);
 
         String type = r.getRequestType();
         Integer result = r.getExtDataInInteger(IRequest.RESULT);
 
-/*        if (type.equals(IRequest.ENROLLMENT_REQUEST) && (r.get("profile") != null) && status.equals(RequestStatus.COMPLETE)) { 
-            X509CertImpl cert = (X509CertImpl) r.get(IEnrollProfile.REQUEST_ISSUED_CERT);
-            IArgBlock rarg = CMS.createArgBlock();
-
-            rarg.addBigIntegerValue("serialNumber",
-                cert.getSerialNumber(), 16);
-            argSet.addRepeatRecord(rarg);
-        }
-*/
+        /*
+         * if (type.equals(IRequest.ENROLLMENT_REQUEST) && (r.get("profile") !=
+         * null) && status.equals(RequestStatus.COMPLETE)) { X509CertImpl cert =
+         * (X509CertImpl) r.get(IEnrollProfile.REQUEST_ISSUED_CERT); IArgBlock
+         * rarg = CMS.createArgBlock();
+         * 
+         * rarg.addBigIntegerValue("serialNumber", cert.getSerialNumber(), 16);
+         * argSet.addRepeatRecord(rarg); }
+         */
         String profileId = r.getExtDataInString("profileId");
         if (profileId != null) {
-           result = IRequest.RES_SUCCESS;
+            result = IRequest.RES_SUCCESS;
         }
         if ((type != null) && (type.equals(IRequest.ENROLLMENT_REQUEST) ||
-                type.equals(IRequest.RENEWAL_REQUEST)) && (status != null) && 
-            status.equals(RequestStatus.COMPLETE) && (result != null) && 
-            result.equals(IRequest.RES_SUCCESS)) {
+                type.equals(IRequest.RENEWAL_REQUEST)) && (status != null) &&
+                status.equals(RequestStatus.COMPLETE) && (result != null) &&
+                result.equals(IRequest.RES_SUCCESS)) {
             Object o = r.getExtDataInCertArray(IRequest.ISSUED_CERTS);
 
             if (profileId != null) {
-               X509CertImpl impl[] = new X509CertImpl[1];
-               impl[0] = r.getExtDataInCert(IEnrollProfile.REQUEST_ISSUED_CERT);
-               o = impl;
+                X509CertImpl impl[] = new X509CertImpl[1];
+                impl[0] = r.getExtDataInCert(IEnrollProfile.REQUEST_ISSUED_CERT);
+                o = impl;
             }
             if (o != null && (o instanceof X509CertImpl[])) {
                 X509CertImpl[] certs = (X509CertImpl[]) o;
@@ -366,11 +362,12 @@ public class CheckRequest extends CMSServlet {
                             IArgBlock rarg = CMS.createArgBlock();
 
                             rarg.addBigIntegerValue("serialNumber",
-                                certs[i].getSerialNumber(), 16);
+                                    certs[i].getSerialNumber(), 16);
                             // add pkcs7 cert for importing
                             if (importCert || isCMCReq) {
-                                //byte[] ba = certs[i].getEncoded();
-                                X509CertImpl[] certsInChain = new X509CertImpl[1];; 
+                                // byte[] ba = certs[i].getEncoded();
+                                X509CertImpl[] certsInChain = new X509CertImpl[1];
+                                ;
                                 if (mCACerts != null) {
                                     for (int ii = 0; ii < mCACerts.length; ii++) {
                                         if (certs[i].equals(mCACerts[ii])) {
@@ -381,10 +378,10 @@ public class CheckRequest extends CMSServlet {
                                         certsInChain = new X509CertImpl[mCACerts.length + 1];
                                     }
                                 }
-			
+
                                 // Set the EE cert
                                 certsInChain[0] = certs[i];
-			
+
                                 // Set the Ca certificate chain
                                 if (mCACerts != null) {
                                     for (int ii = 0; ii < mCACerts.length; ii++) {
@@ -396,7 +393,7 @@ public class CheckRequest extends CMSServlet {
                                 String p7Str;
 
                                 try {
-                                    PKCS7 p7 = new PKCS7(new AlgorithmId[0], 
+                                    PKCS7 p7 = new PKCS7(new AlgorithmId[0],
                                             new netscape.security.pkcs.ContentInfo(new byte[0]),
                                             certsInChain,
                                             new netscape.security.pkcs.SignerInfo[0]);
@@ -407,7 +404,7 @@ public class CheckRequest extends CMSServlet {
 
                                     p7Str = CMS.BtoA(p7Bytes);
 
-                                    StringTokenizer tokenizer = null;  
+                                    StringTokenizer tokenizer = null;
 
                                     if (File.separator.equals("\\")) {
                                         char[] nl = new char[2];
@@ -438,14 +435,14 @@ public class CheckRequest extends CMSServlet {
                                         if (bodyPartId != null)
                                             bpids.addElement(bodyPartId);
                                         CMCStatusInfo cmcStatusInfo = new
-                                            CMCStatusInfo(CMCStatusInfo.SUCCESS, bpids);
+                                                CMCStatusInfo(CMCStatusInfo.SUCCESS, bpids);
                                         TaggedAttribute ta = new TaggedAttribute(new
                                                 INTEGER(bpid++),
                                                 OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo,
                                                 cmcStatusInfo);
 
                                         controlSeq.addElement(ta);
-                
+
                                         // copy transactionID, senderNonce,
                                         // create recipientNonce
                                         if (transIds != null) {
@@ -455,7 +452,7 @@ public class CheckRequest extends CMSServlet {
                                                         transIds);
                                             controlSeq.addElement(ta);
                                         }
-                					
+
                                         if (sNonces != null) {
                                             ta = new TaggedAttribute(new
                                                         INTEGER(bpid++),
@@ -463,7 +460,7 @@ public class CheckRequest extends CMSServlet {
                                                         sNonces);
                                             controlSeq.addElement(ta);
                                         }
-                
+
                                         String salt = CMSServlet.generateSalt();
                                         byte[] dig;
 
@@ -475,42 +472,42 @@ public class CheckRequest extends CMSServlet {
                                             dig = salt.getBytes();
                                         }
                                         String b64E = CMS.BtoA(dig);
-                                        String[] newNonce = {b64E};
+                                        String[] newNonce = { b64E };
 
                                         ta = new TaggedAttribute(new
                                                     INTEGER(bpid++),
                                                     OBJECT_IDENTIFIER.id_cmc_senderNonce,
                                                     new OCTET_STRING(newNonce[0].getBytes()));
                                         controlSeq.addElement(ta);
-                
+
                                         ResponseBody rb = new ResponseBody(controlSeq, new
                                                 SEQUENCE(), new
                                                 SEQUENCE());
                                         EncapsulatedContentInfo ci = new
-                                            EncapsulatedContentInfo(OBJECT_IDENTIFIER.id_cct_PKIResponse,
-                                                rb);
-                
+                                                EncapsulatedContentInfo(OBJECT_IDENTIFIER.id_cct_PKIResponse,
+                                                        rb);
+
                                         org.mozilla.jss.crypto.X509Certificate x509cert = null;
 
                                         if (mAuthority instanceof ICertificateAuthority) {
                                             x509cert = ((ICertificateAuthority) mAuthority).getCaX509Cert();
-                                        }else if (mAuthority instanceof IRegistrationAuthority) {
+                                        } else if (mAuthority instanceof IRegistrationAuthority) {
                                             x509cert = ((IRegistrationAuthority) mAuthority).getRACert();
                                         }
                                         if (x509cert == null)
-                                            throw new
-                                                ECMSGWException(CMS.getUserMessage("CMS_GW_CMC_ERROR", "No signing cert found.")); 
+                                            throw new ECMSGWException(CMS.getUserMessage("CMS_GW_CMC_ERROR", "No signing cert found."));
 
                                         X509CertImpl cert = new X509CertImpl(x509cert.getEncoded());
                                         ByteArrayInputStream issuer1 = new
-                                            ByteArrayInputStream(((X500Name) cert.getIssuerDN()).getEncoded());
+                                                ByteArrayInputStream(((X500Name) cert.getIssuerDN()).getEncoded());
                                         Name issuer = (Name) Name.getTemplate().decode(issuer1);
                                         IssuerAndSerialNumber ias = new
-                                            IssuerAndSerialNumber(issuer, new INTEGER(cert.getSerialNumber().toString()));
+                                                IssuerAndSerialNumber(issuer, new INTEGER(cert.getSerialNumber().toString()));
                                         SignerIdentifier si = new
-                                            SignerIdentifier(SignerIdentifier.ISSUER_AND_SERIALNUMBER, ias, null);
-            
-                                        // SHA1 is the default digest Alg for now.
+                                                SignerIdentifier(SignerIdentifier.ISSUER_AND_SERIALNUMBER, ias, null);
+
+                                        // SHA1 is the default digest Alg for
+                                        // now.
                                         DigestAlgorithm digestAlg = null;
                                         SignatureAlgorithm signAlg = null;
                                         org.mozilla.jss.crypto.PrivateKey privKey = CryptoManager.getInstance().findPrivKeyByCert(x509cert);
@@ -518,7 +515,7 @@ public class CheckRequest extends CMSServlet {
 
                                         if (keyType.equals(org.mozilla.jss.crypto.PrivateKey.RSA))
                                             signAlg = SignatureAlgorithm.RSASignatureWithSHA1Digest;
-                                        else if (keyType.equals(org.mozilla.jss.crypto.PrivateKey.DSA)) 
+                                        else if (keyType.equals(org.mozilla.jss.crypto.PrivateKey.DSA))
                                             signAlg = SignatureAlgorithm.DSASignatureWithSHA1Digest;
                                         MessageDigest SHADigest = null;
                                         byte[] digest = null;
@@ -531,46 +528,46 @@ public class CheckRequest extends CMSServlet {
                                             rb.encode((OutputStream) ostream);
                                             digest = SHADigest.digest(ostream.toByteArray());
                                         } catch (NoSuchAlgorithmException ex) {
-                                            //log("digest fail");
+                                            // log("digest fail");
                                         }
-            
+
                                         org.mozilla.jss.pkix.cms.SignerInfo signInfo = new
-                                            org.mozilla.jss.pkix.cms.SignerInfo(si, null, null,
-                                                OBJECT_IDENTIFIER.id_cct_PKIResponse,
-                                                digest, signAlg,
-                                                privKey);
+                                                org.mozilla.jss.pkix.cms.SignerInfo(si, null, null,
+                                                        OBJECT_IDENTIFIER.id_cct_PKIResponse,
+                                                        digest, signAlg,
+                                                        privKey);
                                         SET signInfos = new SET();
 
                                         signInfos.addElement(signInfo);
-            					
+
                                         SET digestAlgs = new SET();
 
                                         if (digestAlg != null) {
                                             AlgorithmIdentifier ai = new
-                                                AlgorithmIdentifier(digestAlg.toOID(),
-                                                    null);
+                                                    AlgorithmIdentifier(digestAlg.toOID(),
+                                                            null);
 
                                             digestAlgs.addElement(ai);
                                         }
-            					
+
                                         SET jsscerts = new SET();
 
                                         for (int j = 0; j < certsInChain.length; j++) {
                                             ByteArrayInputStream is = new
-                                                ByteArrayInputStream(certsInChain[j].getEncoded());
+                                                    ByteArrayInputStream(certsInChain[j].getEncoded());
                                             org.mozilla.jss.pkix.cert.Certificate certJss = (org.mozilla.jss.pkix.cert.Certificate)
-                                                org.mozilla.jss.pkix.cert.Certificate.getTemplate().decode(is);
+                                                    org.mozilla.jss.pkix.cert.Certificate.getTemplate().decode(is);
 
                                             jsscerts.addElement(certJss);
                                         }
-            						
+
                                         SignedData fResponse = new
-                                            SignedData(digestAlgs, ci,
-                                                jsscerts, null, signInfos);
+                                                SignedData(digestAlgs, ci,
+                                                        jsscerts, null, signInfos);
                                         org.mozilla.jss.pkix.cms.ContentInfo fullResponse = new
-                                            org.mozilla.jss.pkix.cms.ContentInfo(org.mozilla.jss.pkix.cms.ContentInfo.SIGNED_DATA, fResponse);
+                                                org.mozilla.jss.pkix.cms.ContentInfo(org.mozilla.jss.pkix.cms.ContentInfo.SIGNED_DATA, fResponse);
                                         ByteArrayOutputStream ostream = new
-                                            ByteArrayOutputStream();
+                                                ByteArrayOutputStream();
 
                                         fullResponse.encode((OutputStream) ostream);
                                         byte[] fr = ostream.toByteArray();
@@ -579,10 +576,10 @@ public class CheckRequest extends CMSServlet {
                                     }
                                 } catch (Exception e) {
                                     e.printStackTrace();
-                                    log(ILogger.LL_FAILURE, 
-                                        CMS.getLogMessage("CMSGW_ERROR_FORMING_PKCS7_1", e.toString())); 
+                                    log(ILogger.LL_FAILURE,
+                                            CMS.getLogMessage("CMSGW_ERROR_FORMING_PKCS7_1", e.toString()));
                                     throw new ECMSGWException(
-                                      CMS.getUserMessage("CMS_GW_FORMING_PKCS7_ERROR"));
+                                            CMS.getUserMessage("CMS_GW_FORMING_PKCS7_ERROR"));
                                 }
                             }
                             argSet.addRepeatRecord(rarg);
@@ -598,11 +595,11 @@ public class CheckRequest extends CMSServlet {
             if (error == null) {
                 String xmlOutput = req.getParameter("xml");
                 if (xmlOutput != null && xmlOutput.equals("true")) {
-                  outputXML(resp, argSet);
+                    outputXML(resp, argSet);
                 } else {
-                  resp.setContentType("text/html");
-                  form.renderOutput(out, argSet);
-                  cmsReq.setStatus(CMSRequest.SUCCESS);
+                    resp.setContentType("text/html");
+                    form.renderOutput(out, argSet);
+                    cmsReq.setStatus(CMSRequest.SUCCESS);
                 }
             } else {
                 cmsReq.setStatus(CMSRequest.ERROR);
@@ -610,10 +607,9 @@ public class CheckRequest extends CMSServlet {
             }
         } catch (IOException e) {
             log(ILogger.LL_FAILURE,
-                CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString()));
+                    CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString()));
             throw new ECMSGWException(
-              CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
+                    CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
         }
     }
 }
-
diff --git a/pki/base/common/src/com/netscape/cms/servlet/request/IReqParser.java b/pki/base/common/src/com/netscape/cms/servlet/request/IReqParser.java
index 0e3974a1..99e7d14d 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/request/IReqParser.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/request/IReqParser.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.servlet.request;
 
-
 import java.util.Locale;
 
 import com.netscape.certsrv.base.EBaseException;
@@ -25,13 +24,11 @@ import com.netscape.certsrv.base.IArgBlock;
 import com.netscape.certsrv.request.IRequest;
 import com.netscape.cms.servlet.common.CMSTemplateParams;
 
-
 /**
- * An interface representing a request parser which
- * converts Java request object into name value
- * pairs and vice versa.
+ * An interface representing a request parser which converts Java request object
+ * into name value pairs and vice versa.
  * <P>
- *
+ * 
  * @version $Revision$, $Date$
  */
 public interface IReqParser {
@@ -40,5 +37,5 @@ public interface IReqParser {
      * Maps request object into argument block.
      */
     public void fillRequestIntoArg(Locale l, IRequest req, CMSTemplateParams argSet, IArgBlock arg)
-        throws EBaseException;
+            throws EBaseException;
 }
diff --git a/pki/base/common/src/com/netscape/cms/servlet/request/KeyReqParser.java b/pki/base/common/src/com/netscape/cms/servlet/request/KeyReqParser.java
index 459aca63..b7ddc16d 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/request/KeyReqParser.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/request/KeyReqParser.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.servlet.request;
 
-
 import java.math.BigInteger;
 import java.util.Locale;
 
@@ -29,10 +28,9 @@ import com.netscape.certsrv.request.IRequest;
 import com.netscape.cms.servlet.common.CMSTemplateParams;
 import com.netscape.cms.servlet.key.KeyRecordParser;
 
-
 /**
  * Output a 'pretty print' of a Key Archival request
- *
+ * 
  * @version $Revision$, $Date$
  */
 public class KeyReqParser extends ReqParser {
@@ -50,7 +48,7 @@ public class KeyReqParser extends ReqParser {
      * Fills in certificate specific request attributes.
      */
     public void fillRequestIntoArg(Locale l, IRequest req, CMSTemplateParams argSet, IArgBlock arg)
-        throws EBaseException {
+            throws EBaseException {
         // fill in the standard attributes
         super.fillRequestIntoArg(l, req, argSet, arg);
 
@@ -58,7 +56,7 @@ public class KeyReqParser extends ReqParser {
 
         if (type.equals(IRequest.ENROLLMENT_REQUEST)) {
             BigInteger recSerialNo = req.getExtDataInBigInteger("keyRecord");
-            IKeyRecoveryAuthority kra = (IKeyRecoveryAuthority)CMS.getSubsystem("kra");
+            IKeyRecoveryAuthority kra = (IKeyRecoveryAuthority) CMS.getSubsystem("kra");
             if (kra != null) {
                 KeyRecordParser.fillRecordIntoArg(
                         kra.getKeyRepository().readKeyRecord(recSerialNo),
diff --git a/pki/base/common/src/com/netscape/cms/servlet/request/ProcessCertReq.java b/pki/base/common/src/com/netscape/cms/servlet/request/ProcessCertReq.java
index d19c7714..023e52f1 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/request/ProcessCertReq.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/request/ProcessCertReq.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.servlet.request;
 
-
 import java.io.IOException;
 import java.security.NoSuchAlgorithmException;
 import java.security.cert.Certificate;
@@ -79,12 +78,10 @@ import com.netscape.cms.servlet.common.CMSTemplateParams;
 import com.netscape.cms.servlet.common.ECMSGWException;
 import com.netscape.cms.servlet.common.ICMSTemplateFiller;
 
-
 /**
- * Agent operations on Certificate requests. This servlet is used
- * by an Agent to approve, reject, reassign, or change a certificate
- * request.
- *
+ * Agent operations on Certificate requests. This servlet is used by an Agent to
+ * approve, reject, reassign, or change a certificate request.
+ * 
  * @version $Revision$, $Date$
  */
 public class ProcessCertReq extends CMSServlet {
@@ -105,101 +102,92 @@ public class ProcessCertReq extends CMSServlet {
     private boolean mExtraAgentParams = false;
 
     // for RA only since it does not have a database.
-    private final static String 
-        REQ_COMPLETED_TEMPLATE = "ra/RequestCompleted.template";
-    private final static String 
-        PROP_REQ_COMPLETED_TEMPLATE = "requestCompletedTemplate";
-    private final static String 
-        PROP_EXTRA_AGENT_PARAMS = "extraAgentParams";
-    private static ICMSTemplateFiller 
-        REQ_COMPLETED_FILLER = new RAReqCompletedFiller();
+    private final static String REQ_COMPLETED_TEMPLATE = "ra/RequestCompleted.template";
+    private final static String PROP_REQ_COMPLETED_TEMPLATE = "requestCompletedTemplate";
+    private final static String PROP_EXTRA_AGENT_PARAMS = "extraAgentParams";
+    private static ICMSTemplateFiller REQ_COMPLETED_FILLER = new RAReqCompletedFiller();
     private String mReqCompletedTemplate = null;
-    private final static String 
-        CERT_TYPE = "certType";
+    private final static String CERT_TYPE = "certType";
 
     private String auditServiceID = ILogger.UNIDENTIFIED;
     private final static String AGENT_CA_CLONE_ENROLLMENT_SERVLET =
-        "caProcessCertReq";
+            "caProcessCertReq";
     private final static String AGENT_RA_CLONE_ENROLLMENT_SERVLET =
-        "raProcessCertReq";
+            "raProcessCertReq";
     private final static String SIGNED_AUDIT_ACCEPTANCE = "accept";
     private final static String SIGNED_AUDIT_CANCELLATION = "cancel";
     private final static String SIGNED_AUDIT_CLONING = "clone";
     private final static String SIGNED_AUDIT_REJECTION = "reject";
     private final static byte EOL[] = { Character.LINE_SEPARATOR };
-    private final static String[]
-        SIGNED_AUDIT_MANUAL_CANCELLATION_REASON = new String[] {
-            
-            /* 0 */ "manual non-profile cert request cancellation:  "
+    private final static String[] SIGNED_AUDIT_MANUAL_CANCELLATION_REASON = new String[] {
+
+    /* 0 */"manual non-profile cert request cancellation:  "
             + "request cannot be processed due to an "
             + "authorization failure",
-            
-            /* 1 */ "manual non-profile cert request cancellation:  "
+
+    /* 1 */"manual non-profile cert request cancellation:  "
             + "no reason has been given for cancelling this "
             + "cert request",
-            
-            /* 2 */ "manual non-profile cert request cancellation:  "
+
+    /* 2 */"manual non-profile cert request cancellation:  "
             + "indeterminate reason for inability to process "
             + "cert request due to an EBaseException",
-            
-            /* 3 */ "manual non-profile cert request cancellation:  "
+
+    /* 3 */"manual non-profile cert request cancellation:  "
             + "indeterminate reason for inability to process "
             + "cert request due to an IOException",
-            
-            /* 4 */ "manual non-profile cert request cancellation:  "
+
+    /* 4 */"manual non-profile cert request cancellation:  "
             + "indeterminate reason for inability to process "
             + "cert request due to a CertificateException",
-            
-            /* 5 */ "manual non-profile cert request cancellation:  "
+
+    /* 5 */"manual non-profile cert request cancellation:  "
             + "indeterminate reason for inability to process "
             + "cert request due to a NoSuchAlgorithmException"
         };
-    private final static String[]
-        SIGNED_AUDIT_MANUAL_REJECTION_REASON = new String[] {
-            
-            /* 0 */ "manual non-profile cert request rejection:  "
+    private final static String[] SIGNED_AUDIT_MANUAL_REJECTION_REASON = new String[] {
+
+    /* 0 */"manual non-profile cert request rejection:  "
             + "request cannot be processed due to an "
             + "authorization failure",
-            
-            /* 1 */ "manual non-profile cert request rejection:  "
+
+    /* 1 */"manual non-profile cert request rejection:  "
             + "no reason has been given for rejecting this "
             + "cert request",
-            
-            /* 2 */ "manual non-profile cert request rejection:  "
+
+    /* 2 */"manual non-profile cert request rejection:  "
             + "indeterminate reason for inability to process "
             + "cert request due to an EBaseException",
-            
-            /* 3 */ "manual non-profile cert request rejection:  "
+
+    /* 3 */"manual non-profile cert request rejection:  "
             + "indeterminate reason for inability to process "
             + "cert request due to an IOException",
-            
-            /* 4 */ "manual non-profile cert request rejection:  "
+
+    /* 4 */"manual non-profile cert request rejection:  "
             + "indeterminate reason for inability to process "
             + "cert request due to a CertificateException",
-            
-            /* 5 */ "manual non-profile cert request rejection:  "
+
+    /* 5 */"manual non-profile cert request rejection:  "
             + "indeterminate reason for inability to process "
             + "cert request due to a NoSuchAlgorithmException"
         };
-    private final static String
-        LOGGING_SIGNED_AUDIT_NON_PROFILE_CERT_REQUEST =
-        "LOGGING_SIGNED_AUDIT_NON_PROFILE_CERT_REQUEST_5";
-    private final static String
-        LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED =
-        "LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED_5";
+    private final static String LOGGING_SIGNED_AUDIT_NON_PROFILE_CERT_REQUEST =
+            "LOGGING_SIGNED_AUDIT_NON_PROFILE_CERT_REQUEST_5";
+    private final static String LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED =
+            "LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED_5";
 
     /**
      * Process request.
      */
     public ProcessCertReq()
-        throws EBaseException {
+            throws EBaseException {
         super();
     }
 
     /**
      * initialize the servlet. This servlet uses the template file
      * "processCertReq.template" to process the response.
-     *
+     * 
      * @param sc servlet configuration, read from the web.xml file
      */
     public void init(ServletConfig sc) throws ServletException {
@@ -212,8 +200,8 @@ public class ProcessCertReq extends CMSServlet {
             if (id != null) {
                 if (!(auditServiceID.equals(
                             AGENT_CA_CLONE_ENROLLMENT_SERVLET))
-                    && !(auditServiceID.equals(
-                            AGENT_RA_CLONE_ENROLLMENT_SERVLET))) {
+                        && !(auditServiceID.equals(
+                                AGENT_RA_CLONE_ENROLLMENT_SERVLET))) {
                     auditServiceID = ILogger.UNIDENTIFIED;
                 } else {
                     auditServiceID = id.trim();
@@ -228,7 +216,7 @@ public class ProcessCertReq extends CMSServlet {
 
             mParser = CertReqParser.DETAIL_PARSER;
 
-            // override success and error templates to null - 
+            // override success and error templates to null -
             // handle templates locally.
             mTemplates.remove(CMSRequest.SUCCESS);
 
@@ -252,25 +240,24 @@ public class ProcessCertReq extends CMSServlet {
         }
     }
 
-
     /**
      * Process the HTTP request.
      * <ul>
-     * <li>http.param seqNum           request id
-     * <li>http.param notValidBefore   certificate validity
-	 *    - notBefore - in seconds since jan 1, 1970
-     * <li>http.param notValidAfter    certificate validity
-     *    - notAfter - in seconds since jan 1, 1970
-     * <li>http.param subject          certificate subject name
-     * <li>http.param toDo             requested action
-     *    (can be one of: clone, reject, accept, cancel)
+     * <li>http.param seqNum request id
+     * <li>http.param notValidBefore certificate validity - notBefore - in
+     * seconds since jan 1, 1970
+     * <li>http.param notValidAfter certificate validity - notAfter - in seconds
+     * since jan 1, 1970
+     * <li>http.param subject certificate subject name
+     * <li>http.param toDo requested action (can be one of: clone, reject,
+     * accept, cancel)
      * <li>http.param signatureAlgorithm certificate signing algorithm
-     * <li>http.param addExts          base-64, DER encoded Extension or
-     *    SEQUENCE OF Extensions to add to certificate
-     * <li>http.param pathLenConstraint integer path length constraint to
-     *    use in BasicConstraint extension if applicable
+     * <li>http.param addExts base-64, DER encoded Extension or SEQUENCE OF
+     * Extensions to add to certificate
+     * <li>http.param pathLenConstraint integer path length constraint to use in
+     * BasicConstraint extension if applicable
      * </ul>
-     *
+     * 
      * @param cmsReq the object holding the request and response information
      */
     public void process(CMSRequest cmsReq) throws EBaseException {
@@ -297,15 +284,15 @@ public class ProcessCertReq extends CMSServlet {
             form = getTemplate(mFormPath, req, locale);
         } catch (IOException e) {
             log(ILogger.LL_FAILURE,
-                CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString()));
+                    CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString()));
             throw new ECMSGWException(
-              CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
+                    CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
         }
 
         try {
             if (req.getParameter(SEQNUM) != null) {
                 CMS.debug(
-                    "ProcessCertReq: parameter seqNum " + req.getParameter(SEQNUM));
+                        "ProcessCertReq: parameter seqNum " + req.getParameter(SEQNUM));
                 seqNum = Integer.parseInt(req.getParameter(SEQNUM));
             }
             String notValidBeforeStr = req.getParameter("notValidBefore");
@@ -326,7 +313,6 @@ public class ProcessCertReq extends CMSServlet {
             subject = req.getParameter("subject");
             signatureAlgorithm = req.getParameter("signatureAlgorithm");
 
-
             IRequest r = null;
 
             if (seqNum > -1) {
@@ -334,23 +320,22 @@ public class ProcessCertReq extends CMSServlet {
                             Integer.toString(seqNum)));
             }
 
-            if(seqNum > -1 && r != null)
-            {
+            if (seqNum > -1 && r != null) {
                 processX509(cmsReq, argSet, header, seqNum, req, resp,
-                    toDo, signatureAlgorithm, subject,
-                    notValidBefore, notValidAfter, locale[0], startTime);
+                        toDo, signatureAlgorithm, subject,
+                        notValidBefore, notValidAfter, locale[0], startTime);
             } else {
                 log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_INVALID_REQUEST_ID_1", String.valueOf(seqNum)));
                 error = new ECMSGWException(
-                  CMS.getUserMessage("CMS_GW_INVALID_REQUEST_ID", 
-                            String.valueOf(seqNum)));
+                        CMS.getUserMessage("CMS_GW_INVALID_REQUEST_ID",
+                                String.valueOf(seqNum)));
             }
         } catch (EBaseException e) {
             error = e;
         } catch (NumberFormatException e) {
             log(ILogger.LL_FAILURE, "Error " + e);
-            error = new EBaseException(CMS.getUserMessage(getLocale(req),"CMS_BASE_INVALID_NUMBER_FORMAT"));
-        } 
+            error = new EBaseException(CMS.getUserMessage(getLocale(req), "CMS_BASE_INVALID_NUMBER_FORMAT"));
+        }
 
         try {
             ServletOutputStream out = resp.getOutputStream();
@@ -358,46 +343,47 @@ public class ProcessCertReq extends CMSServlet {
             if (error == null) {
                 String xmlOutput = req.getParameter("xml");
                 if (xmlOutput != null && xmlOutput.equals("true")) {
-                  outputXML(resp, argSet);
+                    outputXML(resp, argSet);
                 } else {
-                  String output = form.getOutput(argSet);
-                  resp.setContentType("text/html");
-                  form.renderOutput(out, argSet);
-                  cmsReq.setStatus(CMSRequest.SUCCESS);
+                    String output = form.getOutput(argSet);
+                    resp.setContentType("text/html");
+                    form.renderOutput(out, argSet);
+                    cmsReq.setStatus(CMSRequest.SUCCESS);
                 }
             } else {
                 cmsReq.setStatus(CMSRequest.ERROR);
                 cmsReq.setError(error);
             }
-				
+
         } catch (IOException e) {
             log(ILogger.LL_FAILURE,
-                CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString()));
+                    CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString()));
             throw new ECMSGWException(
-              CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
+                    CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
         }
         return;
     }
 
     /**
      * Process X509 certificate enrollment request and send request information
-     * to the caller. 
+     * to the caller.
      * <P>
-     *
+     * 
      * (Certificate Request - an "agent" cert request for "cloning")
      * <P>
-     *
-     * (Certificate Request Processed -  either a manual "agent" non-profile
-     *  based cert acceptance, a manual "agent" non-profile based cert
-     *  cancellation, or a manual "agent" non-profile based cert rejection)
+     * 
+     * (Certificate Request Processed - either a manual "agent" non-profile
+     * based cert acceptance, a manual "agent" non-profile based cert
+     * cancellation, or a manual "agent" non-profile based cert rejection)
      * <P>
-     *
+     * 
      * <ul>
-     * <li>signed.audit LOGGING_SIGNED_AUDIT_NON_PROFILE_CERT_REQUEST used when a
-     * non-profile cert request is made (before approval process)
+     * <li>signed.audit LOGGING_SIGNED_AUDIT_NON_PROFILE_CERT_REQUEST used when
+     * a non-profile cert request is made (before approval process)
      * <li>signed.audit LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED used when a
      * certificate request has just been through the approval process
      * </ul>
+     * 
      * @param cmsReq a certificate enrollment request
      * @param argSet CMS template parameters
      * @param header argument block
@@ -405,26 +391,26 @@ public class ProcessCertReq extends CMSServlet {
      * @param req HTTP servlet request
      * @param resp HTTP servlet response
      * @param toDo string representing the requested action (can be one of:
-     * clone, reject, accept, cancel)
+     *            clone, reject, accept, cancel)
      * @param signatureAlgorithm string containing the signature algorithm
      * @param subject string containing the subject name of the certificate
-     * @param notValidBefore certificate validity - notBefore - in seconds
-     * since Jan 1, 1970
+     * @param notValidBefore certificate validity - notBefore - in seconds since
+     *            Jan 1, 1970
      * @param notValidAfter certificate validity - notAfter - in seconds since
-     * Jan 1, 1970
+     *            Jan 1, 1970
      * @param locale the system locale
      * @param startTime the current date
      * @exception EBaseException an error has occurred
      */
     private void processX509(CMSRequest cmsReq,
-        CMSTemplateParams argSet, IArgBlock header,
-        int seqNum, HttpServletRequest req,
-        HttpServletResponse resp,
-        String toDo, String signatureAlgorithm,
-        String subject,
-        long notValidBefore, long notValidAfter,
-        Locale locale, long startTime)
-        throws EBaseException {
+            CMSTemplateParams argSet, IArgBlock header,
+            int seqNum, HttpServletRequest req,
+            HttpServletResponse resp,
+            String toDo, String signatureAlgorithm,
+            String subject,
+            long notValidBefore, long notValidAfter,
+            Locale locale, long startTime)
+            throws EBaseException {
         String auditMessage = null;
         String auditSubjectID = auditSubjectID();
         String auditRequesterID = ILogger.UNIDENTIFIED;
@@ -434,10 +420,10 @@ public class ProcessCertReq extends CMSServlet {
 
         // "normalize" the "auditCertificateSubjectName"
         if (auditCertificateSubjectName != null) {
-            // NOTE:  This is ok even if the cert subject name is "" (empty)!
+            // NOTE: This is ok even if the cert subject name is "" (empty)!
             auditCertificateSubjectName = auditCertificateSubjectName.trim();
         } else {
-            // NOTE:  Here, the cert subject name is MISSING, not "" (empty)!
+            // NOTE: Here, the cert subject name is MISSING, not "" (empty)!
             auditCertificateSubjectName = ILogger.SIGNED_AUDIT_EMPTY_VALUE;
         }
 
@@ -453,7 +439,7 @@ public class ProcessCertReq extends CMSServlet {
                 }
             }
 
-            if (mAuthority != null) 
+            if (mAuthority != null)
                 header.addStringValue("authorityid", mAuthority.getId());
 
             if (toDo != null) {
@@ -466,12 +452,12 @@ public class ProcessCertReq extends CMSServlet {
                                 mAuthzResourceName, "execute");
                 } catch (EAuthzAccessDenied e) {
                     log(ILogger.LL_FAILURE,
-                        CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", 
-                            e.toString()));
+                            CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE",
+                                    e.toString()));
                 } catch (Exception e) {
                     log(ILogger.LL_FAILURE,
-                        CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", 
-                            e.toString()));
+                            CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE",
+                                    e.toString()));
                 }
 
                 if (authzToken == null) {
@@ -546,71 +532,72 @@ public class ProcessCertReq extends CMSServlet {
                         int alterationCounter = 0;
 
                         for (int i = 0; i < certInfo.length; i++) {
-                            CertificateAlgorithmId certAlgId = 
-                                (CertificateAlgorithmId)
-                                certInfo[i].get(X509CertInfo.ALGORITHM_ID);
+                            CertificateAlgorithmId certAlgId =
+                                    (CertificateAlgorithmId)
+                                    certInfo[i].get(X509CertInfo.ALGORITHM_ID);
 
                             AlgorithmId algId = (AlgorithmId)
-                                certAlgId.get(CertificateAlgorithmId.ALGORITHM);
+                                    certAlgId.get(CertificateAlgorithmId.ALGORITHM);
 
                             if (!(algId.getName().equals(signatureAlgorithm))) {
                                 alterationCounter++;
                                 AlgorithmId newAlgId = AlgorithmId.getAlgorithmId(signatureAlgorithm);
 
                                 certInfo[i].set(X509CertInfo.ALGORITHM_ID,
-                                    new CertificateAlgorithmId(newAlgId));
+                                        new CertificateAlgorithmId(newAlgId));
                             }
 
-                            CertificateSubjectName certSubject = 
-                                (CertificateSubjectName)
-                                certInfo[i].get(X509CertInfo.SUBJECT);
+                            CertificateSubjectName certSubject =
+                                    (CertificateSubjectName)
+                                    certInfo[i].get(X509CertInfo.SUBJECT);
 
-                            if (subject != null && 
-                                !(certSubject.toString().equals(subject))) {
+                            if (subject != null &&
+                                    !(certSubject.toString().equals(subject))) {
 
                                 alterationCounter++;
                                 certInfo[i].set(X509CertInfo.SUBJECT,
-                                    new CertificateSubjectName(
-                                        (new X500Name(subject))));
+                                        new CertificateSubjectName(
+                                                (new X500Name(subject))));
                             }
 
-                            CertificateValidity certValidity = 
-                                (CertificateValidity)
-                                certInfo[i].get(X509CertInfo.VALIDITY);
+                            CertificateValidity certValidity =
+                                    (CertificateValidity)
+                                    certInfo[i].get(X509CertInfo.VALIDITY);
                             Date currentTime = CMS.getCurrentDate();
                             boolean validityChanged = false;
 
-                            // only override these values if agent specified them
+                            // only override these values if agent specified
+                            // them
                             if (notValidBefore > 0) {
                                 Date notBefore = (Date) certValidity.get(
                                         CertificateValidity.NOT_BEFORE);
 
                                 if (notBefore.getTime() == 0 ||
-                                    notBefore.getTime() != notValidBefore) {
+                                        notBefore.getTime() != notValidBefore) {
                                     Date validFrom = new Date(notValidBefore);
 
                                     notBefore = (notValidBefore == 0) ? currentTime : validFrom;
                                     certValidity.set(CertificateValidity.NOT_BEFORE,
-                                        notBefore);
+                                            notBefore);
                                     validityChanged = true;
                                 }
                             }
                             if (notValidAfter > 0) {
                                 Date validTo = new Date(notValidAfter);
                                 Date notAfter = (Date)
-                                    certValidity.get(CertificateValidity.NOT_AFTER);
+                                        certValidity.get(CertificateValidity.NOT_AFTER);
 
                                 if (notAfter.getTime() == 0 ||
-                                    notAfter.getTime() != notValidAfter) {
+                                        notAfter.getTime() != notValidAfter) {
                                     notAfter = currentTime;
                                     notAfter = (notValidAfter == 0) ? currentTime : validTo;
                                     certValidity.set(CertificateValidity.NOT_AFTER,
-                                        notAfter);
+                                            notAfter);
                                     validityChanged = true;
                                 }
                             }
                             if (validityChanged) {
-                                // this set() trigger this rebuild of internal 
+                                // this set() trigger this rebuild of internal
                                 // raw der encoding cache of X509CertInfo.
                                 // Otherwise, the above change wont have effect.
                                 certInfo[i].set(X509CertInfo.VALIDITY, certValidity);
@@ -618,8 +605,8 @@ public class ProcessCertReq extends CMSServlet {
 
                             if (certInfo[i].get(X509CertInfo.VERSION) == null) {
                                 certInfo[i].set(X509CertInfo.VERSION,
-                                    new CertificateVersion(
-                                        CertificateVersion.V3));
+                                        new CertificateVersion(
+                                                CertificateVersion.V3));
                             }
 
                             CertificateExtensions extensions = null;
@@ -639,7 +626,8 @@ public class ProcessCertReq extends CMSServlet {
 
                                 byte[] b = (byte[]) (com.netscape.osutil.OSUtil.AtoB(addExts));
 
-                                // this b can be "Extension" Or "SEQUENCE OF Extension"
+                                // this b can be "Extension" Or
+                                // "SEQUENCE OF Extension"
                                 try {
                                     DerValue b_der = new DerValue(b);
 
@@ -669,14 +657,14 @@ public class ProcessCertReq extends CMSServlet {
 
                             if (extensions != null) {
                                 try {
-                                    NSCertTypeExtension nsExtensions = 
-                                        (NSCertTypeExtension)
-                                        extensions.get(
-                                            NSCertTypeExtension.class.getSimpleName());
+                                    NSCertTypeExtension nsExtensions =
+                                            (NSCertTypeExtension)
+                                            extensions.get(
+                                                    NSCertTypeExtension.class.getSimpleName());
 
                                     if (nsExtensions != null) {
                                         updateNSExtension(req, nsExtensions);
-                                    } 
+                                    }
                                 } catch (IOException e) {
                                     log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_ERROR_PROCESS_NETSCAPE_EXTENSION", e.toString()));
                                 }
@@ -686,20 +674,20 @@ public class ProcessCertReq extends CMSServlet {
                                 if (pathLength != null) {
                                     try {
                                         int pathLen = Integer.parseInt(pathLength);
-                                        BasicConstraintsExtension bcExt = 
-                                            (BasicConstraintsExtension)
-                                            extensions.get(
-                                                BasicConstraintsExtension.class.getSimpleName());
+                                        BasicConstraintsExtension bcExt =
+                                                (BasicConstraintsExtension)
+                                                extensions.get(
+                                                        BasicConstraintsExtension.class.getSimpleName());
 
                                         if (bcExt != null) {
                                             Integer bcPathLen = (Integer) bcExt.get(BasicConstraintsExtension.PATH_LEN);
                                             Boolean isCA = (Boolean) bcExt.get(BasicConstraintsExtension.IS_CA);
 
                                             if (bcPathLen != null &&
-                                                bcPathLen.intValue() != pathLen &&
-                                                isCA != null) {
+                                                    bcPathLen.intValue() != pathLen &&
+                                                    isCA != null) {
                                                 BasicConstraintsExtension bcExt0 =
-                                                    new BasicConstraintsExtension(isCA.booleanValue(), pathLen);
+                                                        new BasicConstraintsExtension(isCA.booleanValue(), pathLen);
 
                                                 extensions.delete(BasicConstraintsExtension.class.getSimpleName());
                                                 extensions.set(BasicConstraintsExtension.class.getSimpleName(), (Extension) bcExt0);
@@ -775,7 +763,7 @@ public class ProcessCertReq extends CMSServlet {
 
                                 if (mExtraAgentParams) {
                                     @SuppressWarnings("unchecked")
-									Enumeration<String> extraparams = req.getParameterNames();
+                                    Enumeration<String> extraparams = req.getParameterNames();
                                     int l = IRequest.AGENT_PARAMS.length() + 1;
                                     int ap_counter = 0;
                                     Hashtable<String, String> agentparamsargblock = new Hashtable<String, String>();
@@ -802,7 +790,7 @@ public class ProcessCertReq extends CMSServlet {
                                     }
                                 }
 
-                                // this set() trigger this rebuild of internal 
+                                // this set() trigger this rebuild of internal
                                 // raw der encoding cache of X509CertInfo.
                                 // Otherwise, the above change wont have effect.
                                 certInfo[i].set(X509CertInfo.EXTENSIONS, extensions);
@@ -819,100 +807,100 @@ public class ProcessCertReq extends CMSServlet {
                     if (r.getRequestStatus().equals(RequestStatus.PENDING)) {
                         cmsReq.setResult(r);
                         cmsReq.setStatus(CMSRequest.PENDING);
-                        if (certInfo != null) {            
+                        if (certInfo != null) {
                             for (int i = 0; i < certInfo.length; i++) {
-                                mLogger.log(ILogger.EV_AUDIT, 
-                                    ILogger.S_OTHER,
-                                    AuditFormat.LEVEL,
-                                    AuditFormat.FORMAT,
-                                    new Object[] {
-                                        r.getRequestType(),
-                                        r.getRequestId(), 
-                                        initiative,
-                                        authMgr,
-                                        "pending",
-                                        certInfo[i].get(X509CertInfo.SUBJECT),
-                                        ""} 
-                                );
+                                mLogger.log(ILogger.EV_AUDIT,
+                                        ILogger.S_OTHER,
+                                        AuditFormat.LEVEL,
+                                        AuditFormat.FORMAT,
+                                        new Object[] {
+                                                r.getRequestType(),
+                                                r.getRequestId(),
+                                                initiative,
+                                                authMgr,
+                                                "pending",
+                                                certInfo[i].get(X509CertInfo.SUBJECT),
+                                                "" }
+                                        );
                             }
                         } else {
                             if (subject != null) {
-                                mLogger.log(ILogger.EV_AUDIT, 
-                                    ILogger.S_OTHER,
-                                    AuditFormat.LEVEL,
-                                    AuditFormat.FORMAT,
-                                    new Object[] {
-                                        r.getRequestType(),
-                                        r.getRequestId(),
-                                        initiative,
-                                        authMgr,
-                                        "pending",
-                                        subject,
-                                        ""}
-                                );
+                                mLogger.log(ILogger.EV_AUDIT,
+                                        ILogger.S_OTHER,
+                                        AuditFormat.LEVEL,
+                                        AuditFormat.FORMAT,
+                                        new Object[] {
+                                                r.getRequestType(),
+                                                r.getRequestId(),
+                                                initiative,
+                                                authMgr,
+                                                "pending",
+                                                subject,
+                                                "" }
+                                        );
                             } else {
-                                mLogger.log(ILogger.EV_AUDIT, 
-                                    ILogger.S_OTHER,
-                                    AuditFormat.LEVEL,
-                                    AuditFormat.NODNFORMAT,
-                                    new Object[] {
-                                        r.getRequestType(),
-                                        r.getRequestId(),
-                                        initiative,
-                                        authMgr,
-                                        "pending"}
-                                );
+                                mLogger.log(ILogger.EV_AUDIT,
+                                        ILogger.S_OTHER,
+                                        AuditFormat.LEVEL,
+                                        AuditFormat.NODNFORMAT,
+                                        new Object[] {
+                                                r.getRequestType(),
+                                                r.getRequestId(),
+                                                initiative,
+                                                authMgr,
+                                                "pending" }
+                                        );
                             }
                         }
                     } else if (r.getRequestStatus().equals(
                             RequestStatus.APPROVED) ||
-                        r.getRequestStatus().equals(
-                            RequestStatus.SVC_PENDING)) {
+                            r.getRequestStatus().equals(
+                                    RequestStatus.SVC_PENDING)) {
                         cmsReq.setResult(r);
                         cmsReq.setStatus(CMSRequest.SVC_PENDING);
                         if (certInfo != null) {
                             for (int i = 0; i < certInfo.length; i++) {
-                                mLogger.log(ILogger.EV_AUDIT, 
-                                    ILogger.S_OTHER,
-                                    AuditFormat.LEVEL,
-                                    AuditFormat.FORMAT,
-                                    new Object[] {
-                                        r.getRequestType(),
-                                        r.getRequestId(),
-                                        initiative,
-                                        authMgr,
-                                        r.getRequestStatus(),
-                                        certInfo[i].get(X509CertInfo.SUBJECT),
-                                        ""}
-                                );
+                                mLogger.log(ILogger.EV_AUDIT,
+                                        ILogger.S_OTHER,
+                                        AuditFormat.LEVEL,
+                                        AuditFormat.FORMAT,
+                                        new Object[] {
+                                                r.getRequestType(),
+                                                r.getRequestId(),
+                                                initiative,
+                                                authMgr,
+                                                r.getRequestStatus(),
+                                                certInfo[i].get(X509CertInfo.SUBJECT),
+                                                "" }
+                                        );
                             }
                         } else {
                             if (subject != null) {
-                                mLogger.log(ILogger.EV_AUDIT, 
-                                    ILogger.S_OTHER,
-                                    AuditFormat.LEVEL,
-                                    AuditFormat.FORMAT,
-                                    new Object[] {
-                                        r.getRequestType(),
-                                        r.getRequestId(),
-                                        initiative,
-                                        authMgr,
-                                        r.getRequestStatus(),
-                                        subject,
-                                        ""}
-                                );
+                                mLogger.log(ILogger.EV_AUDIT,
+                                        ILogger.S_OTHER,
+                                        AuditFormat.LEVEL,
+                                        AuditFormat.FORMAT,
+                                        new Object[] {
+                                                r.getRequestType(),
+                                                r.getRequestId(),
+                                                initiative,
+                                                authMgr,
+                                                r.getRequestStatus(),
+                                                subject,
+                                                "" }
+                                        );
                             } else {
-                                mLogger.log(ILogger.EV_AUDIT, 
-                                    ILogger.S_OTHER,
-                                    AuditFormat.LEVEL,
-                                    AuditFormat.NODNFORMAT,
-                                    new Object[] {
-                                        r.getRequestType(),
-                                        r.getRequestId(),
-                                        initiative,
-                                        authMgr,
-                                        r.getRequestStatus()}
-                                );
+                                mLogger.log(ILogger.EV_AUDIT,
+                                        ILogger.S_OTHER,
+                                        AuditFormat.LEVEL,
+                                        AuditFormat.NODNFORMAT,
+                                        new Object[] {
+                                                r.getRequestType(),
+                                                r.getRequestId(),
+                                                initiative,
+                                                authMgr,
+                                                r.getRequestStatus() }
+                                        );
                             }
                         }
                     } else if (r.getRequestStatus().equals(
@@ -922,38 +910,38 @@ public class ProcessCertReq extends CMSServlet {
                         // XXX make the repeat record.
                         // Get the certificate(s) from the request
                         X509CertImpl issuedCerts[] =
-                            r.getExtDataInCertArray(IRequest.ISSUED_CERTS);
+                                r.getExtDataInCertArray(IRequest.ISSUED_CERTS);
 
-                        // return potentially more than one certificates. 
+                        // return potentially more than one certificates.
                         if (issuedCerts != null) {
                             long endTime = CMS.getCurrentDate().getTime();
                             StringBuffer sbuf = new StringBuffer();
 
-                            //header.addBigIntegerValue("serialNumber", 
-                            //issuedCerts[0].getSerialNumber(),16);
+                            // header.addBigIntegerValue("serialNumber",
+                            // issuedCerts[0].getSerialNumber(),16);
                             for (int i = 0; i < issuedCerts.length; i++) {
-                                if (i != 0) 
+                                if (i != 0)
                                     sbuf.append(", ");
                                 sbuf.append("0x" +
-                                    issuedCerts[i].getSerialNumber().toString(16));
-                                mLogger.log(ILogger.EV_AUDIT, 
-                                    ILogger.S_OTHER,
-                                    AuditFormat.LEVEL,
-                                    AuditFormat.FORMAT,
-                                    new Object[] {
-                                        r.getRequestType(),
-                                        r.getRequestId(),
-                                        initiative,
-                                        authMgr,
-                                        "completed",
-                                        issuedCerts[i].getSubjectDN(),
-                                        "cert issued serial number: 0x" +
-                                        issuedCerts[i].getSerialNumber().toString(16) + " time: " + (endTime - startTime)}
-                                );
+                                        issuedCerts[i].getSerialNumber().toString(16));
+                                mLogger.log(ILogger.EV_AUDIT,
+                                        ILogger.S_OTHER,
+                                        AuditFormat.LEVEL,
+                                        AuditFormat.FORMAT,
+                                        new Object[] {
+                                                r.getRequestType(),
+                                                r.getRequestId(),
+                                                initiative,
+                                                authMgr,
+                                                "completed",
+                                                issuedCerts[i].getSubjectDN(),
+                                                "cert issued serial number: 0x" +
+                                                        issuedCerts[i].getSerialNumber().toString(16) + " time: " + (endTime - startTime) }
+                                        );
 
                                 // store a message in the signed audit log file
                                 // (one for each manual "agent"
-                                //  cert request processed - "accepted")
+                                // cert request processed - "accepted")
                                 auditMessage = CMS.getLogMessage(
                                             LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED,
                                             auditSubjectID,
@@ -965,39 +953,39 @@ public class ProcessCertReq extends CMSServlet {
                                 audit(auditMessage);
                             }
                             header.addStringValue(
-                                "serialNumber", sbuf.toString());
+                                    "serialNumber", sbuf.toString());
                         } else {
                             if (subject != null) {
-                                mLogger.log(ILogger.EV_AUDIT, 
-                                    ILogger.S_OTHER,
-                                    AuditFormat.LEVEL,
-                                    AuditFormat.FORMAT,
-                                    new Object[] {
-                                        r.getRequestType(),
-                                        r.getRequestId(),
-                                        initiative,
-                                        authMgr,
-                                        "completed",
-                                        subject,
-                                        ""}
-                                );
+                                mLogger.log(ILogger.EV_AUDIT,
+                                        ILogger.S_OTHER,
+                                        AuditFormat.LEVEL,
+                                        AuditFormat.FORMAT,
+                                        new Object[] {
+                                                r.getRequestType(),
+                                                r.getRequestId(),
+                                                initiative,
+                                                authMgr,
+                                                "completed",
+                                                subject,
+                                                "" }
+                                        );
                             } else {
-                                mLogger.log(ILogger.EV_AUDIT, 
-                                    ILogger.S_OTHER,
-                                    AuditFormat.LEVEL,
-                                    AuditFormat.NODNFORMAT,
-                                    new Object[] {
-                                        r.getRequestType(),
-                                        r.getRequestId(),
-                                        initiative,
-                                        authMgr,
-                                        "completed"}
-                                );
+                                mLogger.log(ILogger.EV_AUDIT,
+                                        ILogger.S_OTHER,
+                                        AuditFormat.LEVEL,
+                                        AuditFormat.NODNFORMAT,
+                                        new Object[] {
+                                                r.getRequestType(),
+                                                r.getRequestId(),
+                                                initiative,
+                                                authMgr,
+                                                "completed" }
+                                        );
                             }
 
                             // store a message in the signed audit log file
                             // (manual "agent" cert request processed
-                            //  - "accepted")
+                            // - "accepted")
                             auditMessage = CMS.getLogMessage(
                                         LOGGING_SIGNED_AUDIT_CERT_REQUEST_PROCESSED,
                                         auditSubjectID,
@@ -1009,10 +997,10 @@ public class ProcessCertReq extends CMSServlet {
                             audit(auditMessage);
                         }
 
-                        // grant trusted manager or agent privileges  
+                        // grant trusted manager or agent privileges
                         Object grantError = null;
 
-                        try { 
+                        try {
                             int res = grant_privileges(
                                     cmsReq, r, issuedCerts, header);
 
@@ -1028,45 +1016,41 @@ public class ProcessCertReq extends CMSServlet {
                         // if this is a RA, show the certificate right away
                         // since ther is no cert database.
                         /*
-                         if (mAuthority instanceof RegistrationAuthority) {
-                         Object[] results = 
-                         new Object[] { issuedCerts, grantError };
-                         cmsReq.setResult(results);
-                         renderTemplate(cmsReq, 
-                         mReqCompletedTemplate, REQ_COMPLETED_FILLER);
-
-                         return;
-                         }
+                         * if (mAuthority instanceof RegistrationAuthority) {
+                         * Object[] results = new Object[] { issuedCerts,
+                         * grantError }; cmsReq.setResult(results);
+                         * renderTemplate(cmsReq, mReqCompletedTemplate,
+                         * REQ_COMPLETED_FILLER);
+                         * 
+                         * return; }
                          */
 
                         cmsReq.setResult(r);
 
                         String scheme = req.getScheme();
 
-                        if (scheme.equals("http") && 
-                            connectionIsSSL(req)) scheme = "https";
+                        if (scheme.equals("http") &&
+                                connectionIsSSL(req))
+                            scheme = "https";
 
-                            /*
-                             header.addStringValue(
-                             "authorityid", mAuthority.getId());
-                             header.addStringValue("serviceURL", scheme +"://"+
-                             req.getServerName() + ":"+
-                             req.getServerPort() + 
-                             req.getRequestURI());
-                             */
+                        /*
+                         * header.addStringValue( "authorityid",
+                         * mAuthority.getId());
+                         * header.addStringValue("serviceURL", scheme +"://"+
+                         * req.getServerName() + ":"+ req.getServerPort() +
+                         * req.getRequestURI());
+                         */
 
                         if (mPublisherProcessor != null && mPublisherProcessor.ldapEnabled()) {
                             header.addStringValue("dirEnabled", "yes");
 
-                            Integer[] ldapPublishStatus = 
-                                r.getExtDataInIntegerArray("ldapPublishStatus");
+                            Integer[] ldapPublishStatus =
+                                    r.getExtDataInIntegerArray("ldapPublishStatus");
                             int certsUpdated = 0;
 
                             if (ldapPublishStatus != null) {
-                                for (int i = 0; 
-                                    i < ldapPublishStatus.length; i++) {
-                                    if (ldapPublishStatus[i] == 
-                                        IRequest.RES_SUCCESS) {
+                                for (int i = 0; i < ldapPublishStatus.length; i++) {
+                                    if (ldapPublishStatus[i] == IRequest.RES_SUCCESS) {
                                         certsUpdated++;
                                     }
                                 }
@@ -1082,47 +1066,47 @@ public class ProcessCertReq extends CMSServlet {
                     mQueue.rejectRequest(r);
                     if (certInfo != null) {
                         for (int i = 0; i < certInfo.length; i++) {
-                            mLogger.log(ILogger.EV_AUDIT, 
-                                ILogger.S_OTHER,
-                                AuditFormat.LEVEL,
-                                AuditFormat.FORMAT,
-                                new Object[] {
-                                    r.getRequestType(),
-                                    r.getRequestId(),
-                                    initiative,
-                                    authMgr,
-                                    "rejected",
-                                    certInfo[i].get(X509CertInfo.SUBJECT),
-                                    ""}
-                            );
+                            mLogger.log(ILogger.EV_AUDIT,
+                                    ILogger.S_OTHER,
+                                    AuditFormat.LEVEL,
+                                    AuditFormat.FORMAT,
+                                    new Object[] {
+                                            r.getRequestType(),
+                                            r.getRequestId(),
+                                            initiative,
+                                            authMgr,
+                                            "rejected",
+                                            certInfo[i].get(X509CertInfo.SUBJECT),
+                                            "" }
+                                    );
                         }
                     } else {
                         if (subject != null) {
-                            mLogger.log(ILogger.EV_AUDIT, 
-                                ILogger.S_OTHER,
-                                AuditFormat.LEVEL,
-                                AuditFormat.FORMAT,
-                                new Object[] {
-                                    r.getRequestType(),
-                                    r.getRequestId(),
-                                    initiative,
-                                    authMgr,
-                                    "rejected",
-                                    subject,
-                                    ""}
-                            );
+                            mLogger.log(ILogger.EV_AUDIT,
+                                    ILogger.S_OTHER,
+                                    AuditFormat.LEVEL,
+                                    AuditFormat.FORMAT,
+                                    new Object[] {
+                                            r.getRequestType(),
+                                            r.getRequestId(),
+                                            initiative,
+                                            authMgr,
+                                            "rejected",
+                                            subject,
+                                            "" }
+                                    );
                         } else {
-                            mLogger.log(ILogger.EV_AUDIT, 
-                                ILogger.S_OTHER,
-                                AuditFormat.LEVEL,
-                                AuditFormat.NODNFORMAT,
-                                new Object[] {
-                                    r.getRequestType(),
-                                    r.getRequestId(),
-                                    initiative,
-                                    authMgr,
-                                    "rejected"}
-                            );
+                            mLogger.log(ILogger.EV_AUDIT,
+                                    ILogger.S_OTHER,
+                                    AuditFormat.LEVEL,
+                                    AuditFormat.NODNFORMAT,
+                                    new Object[] {
+                                            r.getRequestType(),
+                                            r.getRequestId(),
+                                            initiative,
+                                            authMgr,
+                                            "rejected" }
+                                    );
                         }
                     }
 
@@ -1143,47 +1127,47 @@ public class ProcessCertReq extends CMSServlet {
 
                     if (certInfo != null) {
                         for (int i = 0; i < certInfo.length; i++) {
-                            mLogger.log(ILogger.EV_AUDIT, 
-                                ILogger.S_OTHER,
-                                AuditFormat.LEVEL,
-                                AuditFormat.FORMAT,
-                                new Object[] {
-                                    r.getRequestType(),
-                                    r.getRequestId(),
-                                    initiative,
-                                    authMgr,
-                                    "canceled",
-                                    certInfo[i].get(X509CertInfo.SUBJECT),
-                                    ""}
-                            );
+                            mLogger.log(ILogger.EV_AUDIT,
+                                    ILogger.S_OTHER,
+                                    AuditFormat.LEVEL,
+                                    AuditFormat.FORMAT,
+                                    new Object[] {
+                                            r.getRequestType(),
+                                            r.getRequestId(),
+                                            initiative,
+                                            authMgr,
+                                            "canceled",
+                                            certInfo[i].get(X509CertInfo.SUBJECT),
+                                            "" }
+                                    );
                         }
                     } else {
                         if (subject != null) {
-                            mLogger.log(ILogger.EV_AUDIT, 
-                                ILogger.S_OTHER,
-                                AuditFormat.LEVEL,
-                                AuditFormat.FORMAT,
-                                new Object[] {
-                                    r.getRequestType(),
-                                    r.getRequestId(),
-                                    initiative,
-                                    authMgr,
-                                    "canceled",
-                                    subject,
-                                    ""}
-                            );
+                            mLogger.log(ILogger.EV_AUDIT,
+                                    ILogger.S_OTHER,
+                                    AuditFormat.LEVEL,
+                                    AuditFormat.FORMAT,
+                                    new Object[] {
+                                            r.getRequestType(),
+                                            r.getRequestId(),
+                                            initiative,
+                                            authMgr,
+                                            "canceled",
+                                            subject,
+                                            "" }
+                                    );
                         } else {
-                            mLogger.log(ILogger.EV_AUDIT, 
-                                ILogger.S_OTHER,
-                                AuditFormat.LEVEL,
-                                AuditFormat.NODNFORMAT,
-                                new Object[] {
-                                    r.getRequestType(),
-                                    r.getRequestId(),
-                                    initiative,
-                                    authMgr,
-                                    "canceled"}
-                            );
+                            mLogger.log(ILogger.EV_AUDIT,
+                                    ILogger.S_OTHER,
+                                    AuditFormat.LEVEL,
+                                    AuditFormat.NODNFORMAT,
+                                    new Object[] {
+                                            r.getRequestType(),
+                                            r.getRequestId(),
+                                            initiative,
+                                            authMgr,
+                                            "canceled" }
+                                    );
                         }
 
                     }
@@ -1204,54 +1188,54 @@ public class ProcessCertReq extends CMSServlet {
                     IRequest clonedRequest = mQueue.cloneAndMarkPending(r);
 
                     header.addStringValue("clonedRequestId",
-                        clonedRequest.getRequestId().toString());
+                            clonedRequest.getRequestId().toString());
 
                     if (certInfo != null) {
                         for (int i = 0; i < certInfo.length; i++) {
-                            mLogger.log(ILogger.EV_AUDIT, 
-                                ILogger.S_OTHER,
-                                AuditFormat.LEVEL,
-                                AuditFormat.FORMAT,
-                                new Object[] {
-                                    r.getRequestType(),
-                                    r.getRequestId(),
-                                    initiative,
-                                    authMgr,
-                                    "cloned to reqID: " +
-                                    clonedRequest.getRequestId().toString(),
-                                    certInfo[i].get(X509CertInfo.SUBJECT),
-                                    ""}
-                            );
+                            mLogger.log(ILogger.EV_AUDIT,
+                                    ILogger.S_OTHER,
+                                    AuditFormat.LEVEL,
+                                    AuditFormat.FORMAT,
+                                    new Object[] {
+                                            r.getRequestType(),
+                                            r.getRequestId(),
+                                            initiative,
+                                            authMgr,
+                                            "cloned to reqID: " +
+                                                    clonedRequest.getRequestId().toString(),
+                                            certInfo[i].get(X509CertInfo.SUBJECT),
+                                            "" }
+                                    );
                         }
                     } else {
                         if (subject != null) {
-                            mLogger.log(ILogger.EV_AUDIT, 
-                                ILogger.S_OTHER,
-                                AuditFormat.LEVEL,
-                                AuditFormat.FORMAT,
-                                new Object[] {
-                                    r.getRequestType(),
-                                    r.getRequestId(),
-                                    initiative,
-                                    authMgr,
-                                    "cloned to reqID: " +
-                                    clonedRequest.getRequestId().toString(),
-                                    subject,
-                                    ""}
-                            );
+                            mLogger.log(ILogger.EV_AUDIT,
+                                    ILogger.S_OTHER,
+                                    AuditFormat.LEVEL,
+                                    AuditFormat.FORMAT,
+                                    new Object[] {
+                                            r.getRequestType(),
+                                            r.getRequestId(),
+                                            initiative,
+                                            authMgr,
+                                            "cloned to reqID: " +
+                                                    clonedRequest.getRequestId().toString(),
+                                            subject,
+                                            "" }
+                                    );
                         } else {
-                            mLogger.log(ILogger.EV_AUDIT, 
-                                ILogger.S_OTHER,
-                                AuditFormat.LEVEL,
-                                AuditFormat.NODNFORMAT,
-                                new Object[] {
-                                    r.getRequestType(),
-                                    r.getRequestId(),
-                                    initiative,
-                                    authMgr,
-                                    "cloned to reqID: " +
-                                    clonedRequest.getRequestId().toString()}
-                            );
+                            mLogger.log(ILogger.EV_AUDIT,
+                                    ILogger.S_OTHER,
+                                    AuditFormat.LEVEL,
+                                    AuditFormat.NODNFORMAT,
+                                    new Object[] {
+                                            r.getRequestType(),
+                                            r.getRequestId(),
+                                            initiative,
+                                            authMgr,
+                                            "cloned to reqID: " +
+                                                    clonedRequest.getRequestId().toString() }
+                                    );
                         }
                     }
 
@@ -1269,12 +1253,12 @@ public class ProcessCertReq extends CMSServlet {
                 }
             }
 
-            // add authority names to know what privileges can be requested.	
-            if (CMS.getSubsystem("kra") != null) 
+            // add authority names to know what privileges can be requested.
+            if (CMS.getSubsystem("kra") != null)
                 header.addStringValue("localkra", "yes");
-            if (CMS.getSubsystem("ca") != null) 
+            if (CMS.getSubsystem("ca") != null)
                 header.addStringValue("localca", "yes");
-            if (CMS.getSubsystem("ra") != null) 
+            if (CMS.getSubsystem("ra") != null)
                 header.addStringValue("localra", "yes");
 
             header.addIntegerValue("seqNum", seqNum);
@@ -1389,7 +1373,7 @@ public class ProcessCertReq extends CMSServlet {
             }
 
             throw new ECMSGWException(
-              CMS.getUserMessage("CMS_GW_ENCODING_ISSUED_CERT_ERROR"));
+                    CMS.getUserMessage("CMS_GW_ENCODING_ISSUED_CERT_ERROR"));
         } catch (CertificateException e) {
             log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_IO_ERROR_REMOTE_REQUEST", e.toString()));
 
@@ -1443,7 +1427,7 @@ public class ProcessCertReq extends CMSServlet {
             }
 
             throw new ECMSGWException(
-              CMS.getUserMessage("CMS_GW_ENCODING_ISSUED_CERT_ERROR"));
+                    CMS.getUserMessage("CMS_GW_ENCODING_ISSUED_CERT_ERROR"));
         } catch (NoSuchAlgorithmException e) {
             log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSGW_IO_ERROR_REMOTE_REQUEST", e.toString()));
 
@@ -1500,9 +1484,9 @@ public class ProcessCertReq extends CMSServlet {
         }
         return;
     }
-	
-    private void updateNSExtension(HttpServletRequest req, 
-        NSCertTypeExtension ext) throws IOException {
+
+    private void updateNSExtension(HttpServletRequest req,
+            NSCertTypeExtension ext) throws IOException {
         try {
 
             if (req.getParameter("certTypeSSLServer") == null) {
@@ -1551,106 +1535,101 @@ public class ProcessCertReq extends CMSServlet {
     }
 
     /**
-     * This method sets extensions parameter into the request so
-     * that the NSCertTypeExtension policy creates new
-     * NSCertTypExtension with this setting. Note that this
-     * setting will not be used if the NSCertType Extension
-     * already exist in CertificateExtension. In that case,
-     * updateExtensions() will be called to set the extension
-     * parameter into the extension directly.
+     * This method sets extensions parameter into the request so that the
+     * NSCertTypeExtension policy creates new NSCertTypExtension with this
+     * setting. Note that this setting will not be used if the NSCertType
+     * Extension already exist in CertificateExtension. In that case,
+     * updateExtensions() will be called to set the extension parameter into the
+     * extension directly.
      */
     private int updateExtensionsInRequest(HttpServletRequest req, IRequest r) {
         int nChanges = 0;
 
-            if (req.getParameter("certTypeSSLServer") != null) {
-                r.setExtData(NSCertTypeExtension.SSL_SERVER, "true");
-                nChanges++;
-            } else {
-                r.deleteExtData(NSCertTypeExtension.SSL_SERVER);
-                nChanges++;
-            }
+        if (req.getParameter("certTypeSSLServer") != null) {
+            r.setExtData(NSCertTypeExtension.SSL_SERVER, "true");
+            nChanges++;
+        } else {
+            r.deleteExtData(NSCertTypeExtension.SSL_SERVER);
+            nChanges++;
+        }
 
-            if (req.getParameter("certTypeSSLClient") != null) {
-                r.setExtData(NSCertTypeExtension.SSL_CLIENT, "true");
-                nChanges++;
-            } else {
-                r.deleteExtData(NSCertTypeExtension.SSL_CLIENT);
-                nChanges++;
-            }
+        if (req.getParameter("certTypeSSLClient") != null) {
+            r.setExtData(NSCertTypeExtension.SSL_CLIENT, "true");
+            nChanges++;
+        } else {
+            r.deleteExtData(NSCertTypeExtension.SSL_CLIENT);
+            nChanges++;
+        }
 
-            if (req.getParameter("certTypeEmail") != null) {
-                r.setExtData(NSCertTypeExtension.EMAIL, "true");
-                nChanges++;
-            } else {
-                r.deleteExtData(NSCertTypeExtension.EMAIL);
-                nChanges++;
-            }
+        if (req.getParameter("certTypeEmail") != null) {
+            r.setExtData(NSCertTypeExtension.EMAIL, "true");
+            nChanges++;
+        } else {
+            r.deleteExtData(NSCertTypeExtension.EMAIL);
+            nChanges++;
+        }
 
-            if (req.getParameter("certTypeObjSigning") != null) {
-                r.setExtData(NSCertTypeExtension.OBJECT_SIGNING, "true");
-                nChanges++;
-            } else {
-                r.deleteExtData(NSCertTypeExtension.OBJECT_SIGNING);
-                nChanges++;
-            }
+        if (req.getParameter("certTypeObjSigning") != null) {
+            r.setExtData(NSCertTypeExtension.OBJECT_SIGNING, "true");
+            nChanges++;
+        } else {
+            r.deleteExtData(NSCertTypeExtension.OBJECT_SIGNING);
+            nChanges++;
+        }
 
-            if (req.getParameter("certTypeEmailCA") != null) {
-                r.setExtData(NSCertTypeExtension.EMAIL_CA, "true");
-                nChanges++;
-            } else {
-                r.deleteExtData(NSCertTypeExtension.EMAIL_CA);
-                nChanges++;
-            }
+        if (req.getParameter("certTypeEmailCA") != null) {
+            r.setExtData(NSCertTypeExtension.EMAIL_CA, "true");
+            nChanges++;
+        } else {
+            r.deleteExtData(NSCertTypeExtension.EMAIL_CA);
+            nChanges++;
+        }
 
-            if (req.getParameter("certTypeSSLCA") != null) {
-                r.setExtData(NSCertTypeExtension.SSL_CA, "true");
-                nChanges++;
-            } else {
-                r.deleteExtData(NSCertTypeExtension.SSL_CA);
-                nChanges++;
-            }
+        if (req.getParameter("certTypeSSLCA") != null) {
+            r.setExtData(NSCertTypeExtension.SSL_CA, "true");
+            nChanges++;
+        } else {
+            r.deleteExtData(NSCertTypeExtension.SSL_CA);
+            nChanges++;
+        }
 
-            if (req.getParameter("certTypeObjSigningCA") != null) {
-                r.setExtData(NSCertTypeExtension.OBJECT_SIGNING_CA, "true");
-                nChanges++;
-            } else {
-                r.deleteExtData(NSCertTypeExtension.OBJECT_SIGNING_CA);
-                nChanges++;
-            }
+        if (req.getParameter("certTypeObjSigningCA") != null) {
+            r.setExtData(NSCertTypeExtension.OBJECT_SIGNING_CA, "true");
+            nChanges++;
+        } else {
+            r.deleteExtData(NSCertTypeExtension.OBJECT_SIGNING_CA);
+            nChanges++;
+        }
 
         return nChanges;
     }
-	
+
     protected static final String GRANT_ERROR = "grantError";
 
-    public static final String 
-        GRANT_TRUSTEDMGR_PRIVILEGE = "grantTrustedManagerPrivilege";
-    public static final String 
-        GRANT_CMAGENT_PRIVILEGE = "grantCMAgentPrivilege";
-    public static final String 
-        GRANT_RMAGENT_PRIVILEGE = "grantRMAgentPrivilege";
-    public static final String 
-        GRANT_DRMAGENT_PRIVILEGE = "grantDRMAgentPrivilege";
+    public static final String GRANT_TRUSTEDMGR_PRIVILEGE = "grantTrustedManagerPrivilege";
+    public static final String GRANT_CMAGENT_PRIVILEGE = "grantCMAgentPrivilege";
+    public static final String GRANT_RMAGENT_PRIVILEGE = "grantRMAgentPrivilege";
+    public static final String GRANT_DRMAGENT_PRIVILEGE = "grantDRMAgentPrivilege";
     public static final String GRANT_UID = "grantUID";
     public static final String GRANT_PRIVILEGE = "grantPrivilege";
 
     protected int grant_privileges(
-        CMSRequest cmsReq, IRequest req, Certificate[] certs, IArgBlock header)
-        throws EBaseException {
+            CMSRequest cmsReq, IRequest req, Certificate[] certs, IArgBlock header)
+            throws EBaseException {
         // get privileges to grant
         IArgBlock httpParams = cmsReq.getHttpParams();
 
-        boolean grantTrustedMgr = 
-            httpParams.getValueAsBoolean(GRANT_TRUSTEDMGR_PRIVILEGE, false);
-        boolean grantRMAgent = 
-            httpParams.getValueAsBoolean(GRANT_RMAGENT_PRIVILEGE, false);
-        boolean grantCMAgent = 
-            httpParams.getValueAsBoolean(GRANT_CMAGENT_PRIVILEGE, false);
-        boolean grantDRMAgent = 
-            httpParams.getValueAsBoolean(GRANT_DRMAGENT_PRIVILEGE, false);
-
-        if (!grantTrustedMgr && 
-            !grantCMAgent && !grantRMAgent && !grantDRMAgent) {
+        boolean grantTrustedMgr =
+                httpParams.getValueAsBoolean(GRANT_TRUSTEDMGR_PRIVILEGE, false);
+        boolean grantRMAgent =
+                httpParams.getValueAsBoolean(GRANT_RMAGENT_PRIVILEGE, false);
+        boolean grantCMAgent =
+                httpParams.getValueAsBoolean(GRANT_CMAGENT_PRIVILEGE, false);
+        boolean grantDRMAgent =
+                httpParams.getValueAsBoolean(GRANT_DRMAGENT_PRIVILEGE, false);
+
+        if (!grantTrustedMgr &&
+                !grantCMAgent && !grantRMAgent && !grantDRMAgent) {
             return 0;
         } else {
             IAuthToken authToken = getAuthToken(req);
@@ -1669,7 +1648,7 @@ public class ProcessCertReq extends CMSServlet {
 
                 if (grantTrustedMgr)
                     obj[0] = TRUSTED_RA_GROUP;
-                else if (grantRMAgent) 
+                else if (grantRMAgent)
                     obj[0] = RA_AGENT_GROUP;
                 else if (grantCMAgent)
                     obj[0] = CA_AGENT_GROUP;
@@ -1696,22 +1675,22 @@ public class ProcessCertReq extends CMSServlet {
             groupname = TRUSTED_RA_GROUP;
             userType = Constants.PR_SUBSYSTEM_TYPE;
         } else {
-            if (grantCMAgent) 
+            if (grantCMAgent)
                 groupname = CA_AGENT_GROUP;
-            else if (grantRMAgent) 
+            else if (grantRMAgent)
                 groupname = RA_AGENT_GROUP;
 
             if (grantDRMAgent) {
-                if (groupname != null) 
+                if (groupname != null)
                     groupname1 = KRA_AGENT_GROUP;
-                else 	
+                else
                     groupname = KRA_AGENT_GROUP;
             }
             userType = Constants.PR_AGENT_TYPE;
         }
 
-        String privilege = 
-            (groupname1 == null) ? groupname : groupname + " and " + groupname1;
+        String privilege =
+                (groupname1 == null) ? groupname : groupname + " and " + groupname1;
 
         header.addStringValue(GRANT_PRIVILEGE, privilege);
 
@@ -1727,23 +1706,23 @@ public class ProcessCertReq extends CMSServlet {
         IGroup group = ug.findGroup(groupname), group1 = null;
 
         if (group == null) {
-            log(ILogger.LL_FAILURE, 
-                CMS.getLogMessage("CMSGW_ERROR_FIND_GROUP_1", groupname));
+            log(ILogger.LL_FAILURE,
+                    CMS.getLogMessage("CMSGW_ERROR_FIND_GROUP_1", groupname));
             throw new ECMSGWException(CMS.getUserMessage("CMS_GW_FIND_GROUP_ERROR", groupname));
         }
         if (groupname1 != null) {
             group1 = ug.findGroup(groupname1);
             if (group1 == null) {
-                log(ILogger.LL_FAILURE, 
-                    CMS.getLogMessage("CMSGW_ERROR_FIND_GROUP_1", groupname));
+                log(ILogger.LL_FAILURE,
+                        CMS.getLogMessage("CMSGW_ERROR_FIND_GROUP_1", groupname));
                 throw new ECMSGWException(CMS.getUserMessage("CMS_GW_FIND_GROUP_ERROR", groupname1));
             }
         }
         try {
             ug.addUser(user);
         } catch (Exception e) {
-            log(ILogger.LL_FAILURE, 
-                CMS.getLogMessage("CMSGW_ERROR_ADDING_USER_1", uid));
+            log(ILogger.LL_FAILURE,
+                    CMS.getLogMessage("CMSGW_ERROR_ADDING_USER_1", uid));
             throw new ECMSGWException(CMS.getUserMessage("CMS_GW_ADDING_USER_ERROR", uid));
         }
         try {
@@ -1752,11 +1731,11 @@ public class ProcessCertReq extends CMSServlet {
 
                 user.setX509Certificates(tmp);
             }
-			
+
             ug.addUserCert(user);
         } catch (Exception e) {
-            log(ILogger.LL_FAILURE, 
-                CMS.getLogMessage("CMSGW_ERROR_ADDING_CERT_1", uid));
+            log(ILogger.LL_FAILURE,
+                    CMS.getLogMessage("CMSGW_ERROR_ADDING_CERT_1", uid));
             throw new ECMSGWException(CMS.getUserMessage("CMS_GW_ADDING_CERT_ERROR", uid));
         }
         try {
@@ -1765,44 +1744,44 @@ public class ProcessCertReq extends CMSServlet {
             // for audit log
             SessionContext sContext = SessionContext.getContext();
             String adminId = (String) sContext.get(SessionContext.USER_ID);
-                
+
             mLogger.log(ILogger.EV_AUDIT, ILogger.S_USRGRP,
-                AuditFormat.LEVEL, AuditFormat.ADDUSERGROUPFORMAT,
-                new Object[] {adminId, uid, groupname}
-            );
+                    AuditFormat.LEVEL, AuditFormat.ADDUSERGROUPFORMAT,
+                    new Object[] { adminId, uid, groupname }
+                    );
 
             if (group1 != null) {
                 group1.addMemberName(uid);
                 ug.modifyGroup(group1);
-				
+
                 mLogger.log(ILogger.EV_AUDIT, ILogger.S_USRGRP,
-                    AuditFormat.LEVEL, AuditFormat.ADDUSERGROUPFORMAT,
-                    new Object[] {adminId, uid, groupname1}
-                );
+                        AuditFormat.LEVEL, AuditFormat.ADDUSERGROUPFORMAT,
+                        new Object[] { adminId, uid, groupname1 }
+                        );
 
             }
         } catch (Exception e) {
-            String msg = 
-                "Could not add user " + uid + " to group " + groupname;
+            String msg =
+                    "Could not add user " + uid + " to group " + groupname;
 
             if (group1 != null)
                 msg += " or group " + groupname1;
             log(ILogger.LL_FAILURE, msg);
-            if (group1 == null) 
-                throw new ECMSGWException(CMS.getUserMessage("CMS_GW_ADDING_MEMBER", uid, groupname)); 
-            else 
-                throw new ECMSGWException(CMS.getUserMessage("CMS_GW_ADDING_MEMBER_1", uid, groupname, groupname1)); 
+            if (group1 == null)
+                throw new ECMSGWException(CMS.getUserMessage("CMS_GW_ADDING_MEMBER", uid, groupname));
+            else
+                throw new ECMSGWException(CMS.getUserMessage("CMS_GW_ADDING_MEMBER_1", uid, groupname, groupname1));
         }
         return 1;
     }
 
     /**
      * Signed Audit Log Info Name
-     *
-     * This method is called to obtain the "InfoName" for
-     * a signed audit log message.
+     * 
+     * This method is called to obtain the "InfoName" for a signed audit log
+     * message.
      * <P>
-     *
+     * 
      * @param type signed audit log request processing type
      * @return id string containing the signed audit log message InfoName
      */
@@ -1833,11 +1812,11 @@ public class ProcessCertReq extends CMSServlet {
 
     /**
      * Signed Audit Log Info Certificate Value
-     *
+     * 
      * This method is called to obtain the certificate from the passed in
      * "X509CertImpl" for a signed audit log message.
      * <P>
-     *
+     * 
      * @param x509cert an X509CertImpl
      * @return cert string containing the certificate
      */
@@ -1891,38 +1870,38 @@ public class ProcessCertReq extends CMSServlet {
     }
 }
 
-
 class RAReqCompletedFiller extends ImportCertsTemplateFiller {
     private static final String RA_AGENT_GROUP = "Registration Manager Agents";
     private static final String KRA_AGENT_GROUP = "Data Recovery Manager Agents";
+
     public RAReqCompletedFiller() {
         super();
     }
 
     public CMSTemplateParams getTemplateParams(
-        CMSRequest cmsReq, IAuthority authority, Locale locale, Exception e) 
-        throws Exception {
+            CMSRequest cmsReq, IAuthority authority, Locale locale, Exception e)
+            throws Exception {
 
         Object[] results = (Object[]) cmsReq.getResult();
         Object grantError = results[1];
-        //X509CertImpl[] issuedCerts = (X509CertImpl[])results[0];
+        // X509CertImpl[] issuedCerts = (X509CertImpl[])results[0];
         Certificate[] issuedCerts = (Certificate[]) results[0];
-			
+
         cmsReq.setResult(issuedCerts);
-        CMSTemplateParams params = 
-            super.getTemplateParams(cmsReq, authority, locale, e);
+        CMSTemplateParams params =
+                super.getTemplateParams(cmsReq, authority, locale, e);
 
         if (grantError != null) {
             IArgBlock header = params.getHeader();
 
             if (grantError instanceof String) {
                 header.addStringValue(
-                    ProcessCertReq.GRANT_ERROR, (String) grantError);
+                        ProcessCertReq.GRANT_ERROR, (String) grantError);
             } else {
                 EBaseException ex = (EBaseException) grantError;
 
                 header.addStringValue(
-                    ProcessCertReq.GRANT_ERROR, ex.toString(locale));
+                        ProcessCertReq.GRANT_ERROR, ex.toString(locale));
             }
             IArgBlock httpParams = cmsReq.getHttpParams();
             String uid = httpParams.getValueAsString(
@@ -1941,7 +1920,7 @@ class RAReqCompletedFiller extends ImportCertsTemplateFiller {
             if (grantDRMAgent) {
                 if (privilege != null)
                     privilege += " and " + KRA_AGENT_GROUP;
-                else 
+                else
                     privilege = KRA_AGENT_GROUP;
             }
             header.addStringValue(ProcessCertReq.GRANT_PRIVILEGE, privilege);
@@ -1949,4 +1928,3 @@ class RAReqCompletedFiller extends ImportCertsTemplateFiller {
         return params;
     }
 }
-
diff --git a/pki/base/common/src/com/netscape/cms/servlet/request/ProcessReq.java b/pki/base/common/src/com/netscape/cms/servlet/request/ProcessReq.java
index 0ac27197..55eebfac 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/request/ProcessReq.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/request/ProcessReq.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.servlet.request;
 
-
 import java.io.IOException;
 import java.util.Locale;
 
@@ -50,10 +49,9 @@ import com.netscape.cms.servlet.common.CMSTemplate;
 import com.netscape.cms.servlet.common.CMSTemplateParams;
 import com.netscape.cms.servlet.common.ECMSGWException;
 
-
 /**
  * Display Generic Request detail to the user.
- *
+ * 
  * @version $Revision$, $Date$
  */
 public class ProcessReq extends CMSServlet {
@@ -74,8 +72,8 @@ public class ProcessReq extends CMSServlet {
     private IReqParser mParser = null;
     private String[] mSigningAlgorithms = null;
 
-    private static String[] DEF_SIGNING_ALGORITHMS = new String[] 
-        {"SHA1withRSA", "SHA256withRSA", "SHA512withRSA", "SHA1withDSA", "MD5withRSA", "MD2withRSA"};
+    private static String[] DEF_SIGNING_ALGORITHMS = new String[]
+        { "SHA1withRSA", "SHA256withRSA", "SHA512withRSA", "SHA1withDSA", "MD5withRSA", "MD2withRSA" };
 
     /**
      * Process request.
@@ -86,15 +84,15 @@ public class ProcessReq extends CMSServlet {
 
     /**
      * initialize the servlet. This servlet uses the template file
-     * "processReq.template" to process the response.
-     * The initialization parameter 'parser' is read from the
-     * servlet configration, and is used to set the type of request.
-     * The value of this parameter can be:
-     * <UL><LI><B>CertReqParser.NODETAIL_PARSER</B> - Show certificate Summary
-     *  <LI><B>CertReqParser.DETAIL_PARSER</B> - Show certificate detail
-     *  <LI><B>KeyReqParser.PARSER</B> - Show key archival detail
-	 * </UL>
-     *
+     * "processReq.template" to process the response. The initialization
+     * parameter 'parser' is read from the servlet configration, and is used to
+     * set the type of request. The value of this parameter can be:
+     * <UL>
+     * <LI><B>CertReqParser.NODETAIL_PARSER</B> - Show certificate Summary
+     * <LI><B>CertReqParser.DETAIL_PARSER</B> - Show certificate detail
+     * <LI><B>KeyReqParser.PARSER</B> - Show key archival detail
+     * </UL>
+     * 
      * @param sc servlet configuration, read from the web.xml file
      */
     public void init(ServletConfig sc) throws ServletException {
@@ -111,13 +109,13 @@ public class ProcessReq extends CMSServlet {
                 mParser = CertReqParser.DETAIL_PARSER;
             else if (tmp.trim().equals("KeyReqParser.PARSER"))
                 mParser = KeyReqParser.PARSER;
-        }			
+        }
 
-        // override success and error templates to null - 
+        // override success and error templates to null -
         // handle templates locally.
         mTemplates.remove(CMSRequest.SUCCESS);
         mTemplates.remove(CMSRequest.ERROR);
-        if (mOutputTemplatePath != null) 
+        if (mOutputTemplatePath != null)
             mFormPath = mOutputTemplatePath;
     }
 
@@ -126,9 +124,9 @@ public class ProcessReq extends CMSServlet {
      * <ul>
      * <li>http.param seqNum
      * <li>http.param doAssign reassign request. Value can be reassignToMe
-     *       reassignToNobody
+     * reassignToNobody
      * </ul>
-     *
+     * 
      * @param cmsReq the object holding the request and response information
      */
     public void process(CMSRequest cmsReq) throws EBaseException {
@@ -152,10 +150,10 @@ public class ProcessReq extends CMSServlet {
         try {
             form = getTemplate(mFormPath, req, locale);
         } catch (IOException e) {
-            log(ILogger.LL_FAILURE, 
-                "Error getting template " + mFormPath + " Error " + e);
+            log(ILogger.LL_FAILURE,
+                    "Error getting template " + mFormPath + " Error " + e);
             throw new ECMSGWException(
-              CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
+                    CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
         }
 
         try {
@@ -172,8 +170,8 @@ public class ProcessReq extends CMSServlet {
                     if (doAssign == null) {
                         authzToken = authorize(mAclMethod, authToken,
                                     mAuthzResourceName, "read");
-                    } else if (doAssign.equals("toMe") || 
-                        doAssign.equals("reassignToMe")) {
+                    } else if (doAssign.equals("toMe") ||
+                            doAssign.equals("reassignToMe")) {
                         authzToken = authorize(mAclMethod, authToken,
                                     mAuthzResourceName, "assign");
                     } else if (doAssign.equals("reassignToNobody")) {
@@ -182,10 +180,10 @@ public class ProcessReq extends CMSServlet {
                     }
                 } catch (EAuthzAccessDenied e) {
                     log(ILogger.LL_FAILURE,
-                        CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+                            CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
                 } catch (Exception e) {
                     log(ILogger.LL_FAILURE,
-                        CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+                            CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
                 }
 
                 if (authzToken == null) {
@@ -193,19 +191,19 @@ public class ProcessReq extends CMSServlet {
                     return;
                 }
 
-                process(argSet, header, seqNum, req, resp, 
-                    doAssign, locale[0]);
+                process(argSet, header, seqNum, req, resp,
+                        doAssign, locale[0]);
             } else {
                 log(ILogger.LL_FAILURE, "Invalid sequence number " + seqNum);
                 error = new ECMSGWException(
-                  CMS.getUserMessage("CMS_GW_INVALID_REQUEST_ID",
-                            String.valueOf(seqNum)));
+                        CMS.getUserMessage("CMS_GW_INVALID_REQUEST_ID",
+                                String.valueOf(seqNum)));
             }
         } catch (EBaseException e) {
             error = e;
         } catch (NumberFormatException e) {
             error = new EBaseException(CMS.getUserMessage(locale[0], "CMS_BASE_INVALID_NUMBER_FORMAT"));
-        } 
+        }
 
         try {
             ServletOutputStream out = resp.getOutputStream();
@@ -213,46 +211,46 @@ public class ProcessReq extends CMSServlet {
             if (error == null) {
                 String xmlOutput = req.getParameter("xml");
                 if (xmlOutput != null && xmlOutput.equals("true")) {
-                  outputXML(resp, argSet);
+                    outputXML(resp, argSet);
                 } else {
-                  String output = form.getOutput(argSet);
-                  resp.setContentType("text/html");
-                  form.renderOutput(out, argSet);
-                  cmsReq.setStatus(CMSRequest.SUCCESS);
+                    String output = form.getOutput(argSet);
+                    resp.setContentType("text/html");
+                    form.renderOutput(out, argSet);
+                    cmsReq.setStatus(CMSRequest.SUCCESS);
                 }
             } else {
                 cmsReq.setError(error);
                 cmsReq.setStatus(CMSRequest.ERROR);
             }
         } catch (IOException e) {
-            log(ILogger.LL_FAILURE, 
-                "Error getting servlet output stream for rendering template. " +
-                "Error " + e);
+            log(ILogger.LL_FAILURE,
+                    "Error getting servlet output stream for rendering template. " +
+                            "Error " + e);
             throw new ECMSGWException(
-              CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
+                    CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
         }
         return;
     }
 
     /**
-     * Sends request information to the calller. 
-     * returns whether there was an error or not.
+     * Sends request information to the calller. returns whether there was an
+     * error or not.
      */
     private void process(CMSTemplateParams argSet, IArgBlock header,
-        int seqNum, HttpServletRequest req,
-        HttpServletResponse resp, 
-        String doAssign, Locale locale)
-        throws EBaseException {
+            int seqNum, HttpServletRequest req,
+            HttpServletResponse resp,
+            String doAssign, Locale locale)
+            throws EBaseException {
 
         header.addIntegerValue("seqNum", seqNum);
 
-        IRequest r = 
-            mQueue.findRequest(new RequestId(Integer.toString(seqNum)));
+        IRequest r =
+                mQueue.findRequest(new RequestId(Integer.toString(seqNum)));
 
         if (r != null) {
             if (doAssign != null) {
                 if ((doAssign.equals("toMe"))
-                    || (doAssign.equals("reassignToMe"))) {
+                        || (doAssign.equals("reassignToMe"))) {
                     SessionContext ctx = SessionContext.getContext();
                     String id = (String) ctx.get(SessionContext.USER_ID);
 
@@ -264,32 +262,33 @@ public class ProcessReq extends CMSServlet {
                 }
             }
 
-            // add authority names to know what privileges can be requested.	
-            if (CMS.getSubsystem("kra") != null) 
+            // add authority names to know what privileges can be requested.
+            if (CMS.getSubsystem("kra") != null)
                 header.addStringValue("localkra", "yes");
-            if (CMS.getSubsystem("ca") != null) 
+            if (CMS.getSubsystem("ca") != null)
                 header.addStringValue("localca", "yes");
-            if (CMS.getSubsystem("ra") != null) 
+            if (CMS.getSubsystem("ra") != null)
                 header.addStringValue("localra", "yes");
 
-                // DONT NEED TO DO THIS FOR DRM
+            // DONT NEED TO DO THIS FOR DRM
             if (mAuthority instanceof ICertAuthority) {
                 // Check/set signing algorithms dynamically.
-                // In RA mSigningAlgorithms could be null at startup if CA is not 
-                // up and set later when CA comes back up. 
+                // In RA mSigningAlgorithms could be null at startup if CA is
+                // not
+                // up and set later when CA comes back up.
                 // Once it's set assumed that it won't change.
                 String[] allAlgorithms = mSigningAlgorithms;
 
                 if (allAlgorithms == null) {
-                    allAlgorithms = mSigningAlgorithms = 
+                    allAlgorithms = mSigningAlgorithms =
                                     ((ICertAuthority) mAuthority).getCASigningAlgorithms();
                     if (allAlgorithms == null) {
                         CMS.debug(
-                            "ProcessReq: signing algorithms set to All algorithms");
+                                "ProcessReq: signing algorithms set to All algorithms");
                         allAlgorithms = AlgorithmId.ALL_SIGNING_ALGORITHMS;
-                    } else 
+                    } else
                         CMS.debug(
-                            "ProcessReq: First signing algorithms is " + allAlgorithms[0]);
+                                "ProcessReq: First signing algorithms is " + allAlgorithms[0]);
                 }
                 String validAlgorithms = null;
                 StringBuffer sb = new StringBuffer();
@@ -310,10 +309,10 @@ public class ProcessReq extends CMSServlet {
                     if (signingAlgorithm != null)
                         header.addStringValue("caSigningAlgorithm", signingAlgorithm);
                     header.addLongValue("defaultValidityLength",
-                        ((ICertificateAuthority) mAuthority).getDefaultValidity() / 1000);
+                            ((ICertificateAuthority) mAuthority).getDefaultValidity() / 1000);
                 } else if (mAuthority instanceof IRegistrationAuthority) {
                     header.addLongValue("defaultValidityLength",
-                        ((IRegistrationAuthority) mAuthority).getDefaultValidity() / 1000);
+                            ((IRegistrationAuthority) mAuthority).getDefaultValidity() / 1000);
                 }
                 X509CertImpl caCert = ((ICertAuthority) mAuthority).getCACert();
 
@@ -328,8 +327,8 @@ public class ProcessReq extends CMSServlet {
         } else {
             log(ILogger.LL_FAILURE, "Invalid sequence number " + seqNum);
             throw new ECMSGWException(
-                  CMS.getUserMessage("CMS_GW_INVALID_REQUEST_ID",
-                    String.valueOf(seqNum)));
+                    CMS.getUserMessage("CMS_GW_INVALID_REQUEST_ID",
+                            String.valueOf(seqNum)));
         }
 
         return;
diff --git a/pki/base/common/src/com/netscape/cms/servlet/request/QueryReq.java b/pki/base/common/src/com/netscape/cms/servlet/request/QueryReq.java
index 036bd5d0..10c608b6 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/request/QueryReq.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/request/QueryReq.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.servlet.request;
 
-
 import java.io.IOException;
 import java.util.Enumeration;
 import java.util.Locale;
@@ -45,10 +44,9 @@ import com.netscape.cms.servlet.common.CMSTemplate;
 import com.netscape.cms.servlet.common.CMSTemplateParams;
 import com.netscape.cms.servlet.common.ECMSGWException;
 
-
 /**
  * Show paged list of requests matching search criteria
- *
+ * 
  * @version $Revision$, $Date$
  */
 public class QueryReq extends CMSServlet {
@@ -61,7 +59,7 @@ public class QueryReq extends CMSServlet {
     private final static String IN_SHOW_ALL = "showAll";
     private final static String IN_SHOW_WAITING = "showWaiting";
     private final static String IN_SHOW_IN_SERVICE = "showInService";
-    private final static String IN_SHOW_PENDING= "showPending";
+    private final static String IN_SHOW_PENDING = "showPending";
     private final static String IN_SHOW_CANCELLED = "showCancelled";
     private final static String IN_SHOW_REJECTED = "showRejected";
     private final static String IN_SHOW_COMPLETED = "showCompleted";
@@ -85,17 +83,17 @@ public class QueryReq extends CMSServlet {
     private final static String OUT_UPDATE_ON = "updatedOn";
     private final static String OUT_UPDATE_BY = "updatedBy";
     private final static String OUT_REQUESTING_USER = "requestingUser";
-    //keeps track of where to begin if page down
+    // keeps track of where to begin if page down
     private final static String OUT_FIRST_ENTRY_ON_PAGE = "firstEntryOnPage";
-    //keeps track of where to begin if page up
+    // keeps track of where to begin if page up
     private final static String OUT_LAST_ENTRY_ON_PAGE = "lastEntryOnPage";
     private final static String OUT_SUBJECT = "subject";
     private final static String OUT_REQUEST_TYPE = "requestType";
     private final static String OUT_COMMENTS = "requestorComments";
     private final static String OUT_SERIALNO = "serialNumber";
     private final static String OUT_OWNER_NAME = "ownerName";
-    private final static String OUT_PUBLIC_KEY_INFO = 
-        "subjectPublicKeyInfo";
+    private final static String OUT_PUBLIC_KEY_INFO =
+            "subjectPublicKeyInfo";
     private final static String OUT_ERROR = "error";
     private final static String OUT_AUTHORITY_ID = "authorityid";
 
@@ -119,7 +117,7 @@ public class QueryReq extends CMSServlet {
     /**
      * initialize the servlet. This servlet uses the template file
      * "queryReq.template" to process the response.
-     *
+     * 
      * @param sc servlet configuration, read from the web.xml file
      */
     public void init(ServletConfig sc) throws ServletException {
@@ -142,9 +140,9 @@ public class QueryReq extends CMSServlet {
                 mParser = CertReqParser.DETAIL_PARSER;
             else if (tmp.trim().equals("KeyReqParser.PARSER"))
                 mParser = KeyReqParser.PARSER;
-        }			
+        }
 
-        // override success and error templates to null - 
+        // override success and error templates to null -
         // handle templates locally.
         mTemplates.remove(CMSRequest.SUCCESS);
         mTemplates.remove(CMSRequest.ERROR);
@@ -152,7 +150,7 @@ public class QueryReq extends CMSServlet {
         if (mOutputTemplatePath != null)
             mFormPath = mOutputTemplatePath;
     }
-	
+
     private String getRequestType(String p) {
         String filter = "(requestType=*)";
 
@@ -212,348 +210,346 @@ public class QueryReq extends CMSServlet {
     /**
      * Process the HTTP request.
      * <ul>
-     * <li>http.param reqState request state
-	 *            (one of showAll, showWaiting, showInService, 
-	 *            showCancelled, showRejected, showCompleted)
+     * <li>http.param reqState request state (one of showAll, showWaiting,
+     * showInService, showCancelled, showRejected, showCompleted)
      * <li>http.param reqType
      * <li>http.param seqNumFromDown request ID to start at (decimal, or hex if
-     *           when paging down
-     *           seqNumFromDown starts with 0x)
+     * when paging down seqNumFromDown starts with 0x)
      * <li>http.param seqNumFromUp request ID to start at (decimal, or hex if
-     *           when paging up
-     *           seqNumFromUp starts with 0x)
+     * when paging up seqNumFromUp starts with 0x)
      * <li>http.param maxCount maximum number of records to show
      * <li>http.param totalCount total number of records in set of pages
      * <li>http.param direction "up", "down", "begin", or "end"
      * </ul>
-     *
+     * 
      * @param cmsReq the object holding the request and response information
      */
 
     public void process(CMSRequest cmsReq) throws EBaseException {
-    	CMS.debug("in QueryReq servlet");
-    	
-    	// Authentication / Authorization
-
-    	HttpServletRequest req = cmsReq.getHttpReq();
-    	IAuthToken authToken = authenticate(cmsReq);
-    	AuthzToken authzToken = null;
-    	
-    	try {
-    		authzToken = authorize(mAclMethod, authToken,
-    				mAuthzResourceName, "list");
-    	} catch (EAuthzAccessDenied e) {
-    		log(ILogger.LL_FAILURE,
-    				CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
-    	} catch (Exception e) {
-    		log(ILogger.LL_FAILURE,
-    				CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
-    	}
-    	if (authzToken == null) {
-    		cmsReq.setStatus(CMSRequest.UNAUTHORIZED);
-    		return;
-    	}
-    	
-
-
-    	  	
-    	CMSTemplate form = null;
-    	Locale[] locale = new Locale[1];
-    	
-    	try {
-    		// if get a EBaseException we just throw it. 
-    		form = getTemplate(mFormPath, req, locale);
-    	} catch (IOException e) {
-    		log(ILogger.LL_FAILURE,
-    				CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString()));
-    		throw new ECMSGWException(
-    				CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
-    	}
-    	
-    	/** 
-    	 * WARNING:
-    	 * 
-    	 * PLEASE DO NOT TOUCH THE FILTER HERE. ALL FILTERS ARE INDEXED.
-    	 *
-    	 **/
-    	String filter = null;
-    	String reqState = req.getParameter("reqState");
-    	String reqType = req.getParameter("reqType");
-    	
-    	if (reqState == null || reqType == null) {
-    		filter = "(requeststate=*)";
-    	} else if (reqState.equals(IN_SHOW_ALL) && 
-    			reqType.equals(IN_SHOW_ALL)) {
-    		filter = "(requeststate=*)";
-    	} else if (reqState.equals(IN_SHOW_ALL)) {
-    		filter = getRequestType(reqType);
-    	} else if (reqType.equals(IN_SHOW_ALL)) {
-    		filter = getRequestState(reqState);
-    	} else {
-    		filter = "(&" + getRequestState(reqState) + 
-    		getRequestType(reqType) + ")";
-    	}
-    	
-    	String direction = "begin";
-    	if (req.getParameter("direction") != null) {
-    		direction = req.getParameter("direction").trim();
-    	}
-    	
-    	
-    	int top=0, bottom=0;
-    	
-    	try {
-    		String top_s = req.getParameter(OUT_FIRST_ENTRY_ON_PAGE);
-    		if (top_s == null) top_s = "0";
-    		
-    		String bottom_s = req.getParameter(OUT_LAST_ENTRY_ON_PAGE);
-    		if (bottom_s == null) bottom_s = "0";
-    		
-    		if (top_s.trim().startsWith("0x")) {
-    			top = Integer.parseInt(top_s.trim().substring(2), 16);
-    		} else {
-    			top = Integer.parseInt(top_s.trim());
-    		}
-    		if (bottom_s.trim().startsWith("0x")) {
-    			bottom = Integer.parseInt(bottom_s.trim().substring(2), 16);
-    		} else {
-    			bottom = Integer.parseInt(bottom_s.trim());
-    		}
-    		
-    	} catch (NumberFormatException e) {
-
-    	}
-    	
-    	// avoid NumberFormatException to the user interface
-    	int maxCount = 10;
-    	try {
-    		maxCount = Integer.parseInt(req.getParameter(IN_MAXCOUNT));
-    	} catch (Exception e) {
-    	}
+        CMS.debug("in QueryReq servlet");
+
+        // Authentication / Authorization
+
+        HttpServletRequest req = cmsReq.getHttpReq();
+        IAuthToken authToken = authenticate(cmsReq);
+        AuthzToken authzToken = null;
+
+        try {
+            authzToken = authorize(mAclMethod, authToken,
+                    mAuthzResourceName, "list");
+        } catch (EAuthzAccessDenied e) {
+            log(ILogger.LL_FAILURE,
+                    CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+        } catch (Exception e) {
+            log(ILogger.LL_FAILURE,
+                    CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+        }
+        if (authzToken == null) {
+            cmsReq.setStatus(CMSRequest.UNAUTHORIZED);
+            return;
+        }
+
+        CMSTemplate form = null;
+        Locale[] locale = new Locale[1];
+
+        try {
+            // if get a EBaseException we just throw it.
+            form = getTemplate(mFormPath, req, locale);
+        } catch (IOException e) {
+            log(ILogger.LL_FAILURE,
+                    CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", mFormPath, e.toString()));
+            throw new ECMSGWException(
+                    CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
+        }
+
+        /**
+         * WARNING:
+         * 
+         * PLEASE DO NOT TOUCH THE FILTER HERE. ALL FILTERS ARE INDEXED.
+         * 
+         **/
+        String filter = null;
+        String reqState = req.getParameter("reqState");
+        String reqType = req.getParameter("reqType");
+
+        if (reqState == null || reqType == null) {
+            filter = "(requeststate=*)";
+        } else if (reqState.equals(IN_SHOW_ALL) &&
+                reqType.equals(IN_SHOW_ALL)) {
+            filter = "(requeststate=*)";
+        } else if (reqState.equals(IN_SHOW_ALL)) {
+            filter = getRequestType(reqType);
+        } else if (reqType.equals(IN_SHOW_ALL)) {
+            filter = getRequestState(reqState);
+        } else {
+            filter = "(&" + getRequestState(reqState) +
+                    getRequestType(reqType) + ")";
+        }
+
+        String direction = "begin";
+        if (req.getParameter("direction") != null) {
+            direction = req.getParameter("direction").trim();
+        }
+
+        int top = 0, bottom = 0;
+
+        try {
+            String top_s = req.getParameter(OUT_FIRST_ENTRY_ON_PAGE);
+            if (top_s == null)
+                top_s = "0";
+
+            String bottom_s = req.getParameter(OUT_LAST_ENTRY_ON_PAGE);
+            if (bottom_s == null)
+                bottom_s = "0";
+
+            if (top_s.trim().startsWith("0x")) {
+                top = Integer.parseInt(top_s.trim().substring(2), 16);
+            } else {
+                top = Integer.parseInt(top_s.trim());
+            }
+            if (bottom_s.trim().startsWith("0x")) {
+                bottom = Integer.parseInt(bottom_s.trim().substring(2), 16);
+            } else {
+                bottom = Integer.parseInt(bottom_s.trim());
+            }
+
+        } catch (NumberFormatException e) {
+
+        }
+
+        // avoid NumberFormatException to the user interface
+        int maxCount = 10;
+        try {
+            maxCount = Integer.parseInt(req.getParameter(IN_MAXCOUNT));
+        } catch (Exception e) {
+        }
         if (maxCount > mMaxReturns) {
             CMS.debug("Resetting page size from " + maxCount + " to " + mMaxReturns);
             maxCount = mMaxReturns;
         }
 
-    	HttpServletResponse resp = cmsReq.getHttpResp(); 
-    	CMSTemplateParams argset = doSearch(locale[0],filter, maxCount, direction, top, bottom );
-	
-  
-        argset.getFixed().addStringValue("reqType",reqType);
+        HttpServletResponse resp = cmsReq.getHttpResp();
+        CMSTemplateParams argset = doSearch(locale[0], filter, maxCount, direction, top, bottom);
+
+        argset.getFixed().addStringValue("reqType", reqType);
         argset.getFixed().addStringValue("reqState", reqState);
-        argset.getFixed().addIntegerValue("maxCount",maxCount);
-    	
-    	
-    	try {
-    		form.getOutput(argset);    		
-    		resp.setContentType("text/html");
-    		form.renderOutput(resp.getOutputStream(), argset);
-    	} catch (IOException e) {
-    		log(ILogger.LL_FAILURE,
-    				CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString()));
-    		throw new ECMSGWException(
-    				CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
-    	}
-    	cmsReq.setStatus(CMSRequest.SUCCESS);
-    	return;
+        argset.getFixed().addIntegerValue("maxCount", maxCount);
+
+        try {
+            form.getOutput(argset);
+            resp.setContentType("text/html");
+            form.renderOutput(resp.getOutputStream(), argset);
+        } catch (IOException e) {
+            log(ILogger.LL_FAILURE,
+                    CMS.getLogMessage("CMSGW_ERR_STREAM_TEMPLATE", e.toString()));
+            throw new ECMSGWException(
+                    CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
+        }
+        cmsReq.setStatus(CMSRequest.SUCCESS);
+        return;
     }
 
     /**
      * Perform search based on direction button pressed
-     * @param filter ldap filter indicating which VLV to search through. This can be
-     * 'all requests', 'pending', etc
+     * 
+     * @param filter ldap filter indicating which VLV to search through. This
+     *            can be 'all requests', 'pending', etc
      * @param count the number of requests to show per page
-     * @param direction either 'begin', 'end', 'previous' or 'next' (defaults to end)
-     * @param top  the number of the request shown on at the top of the current page
-     * @param bottom the number of the request shown on at the bottom of the current page
-     * @return 
+     * @param direction either 'begin', 'end', 'previous' or 'next' (defaults to
+     *            end)
+     * @param top the number of the request shown on at the top of the current
+     *            page
+     * @param bottom the number of the request shown on at the bottom of the
+     *            current page
+     * @return
      */
-    
+
     private CMSTemplateParams doSearch(Locale l, String filter,
-    		int count, String direction, int top, int bottom)
-    {
-    	CMSTemplateParams ctp = null;
-    	if (direction.equals("previous")) {
-    		ctp = doSearch(l, filter, -count, top-1);
-    	} else if (direction.equals("next")) {
-    		ctp = doSearch(l,filter, count, bottom+1);
-    	} else if (direction.equals("begin")) {
-    		ctp = doSearch(l,filter, count, 0);
-    	} else if (direction.equals("first")) {
-    		ctp = doSearch(l,filter, count, bottom);
-    	} else {  // if 'direction is 'end', default here
-    		ctp = doSearch(l,filter, -count, -1);
-    	}
-    	return ctp;
+            int count, String direction, int top, int bottom) {
+        CMSTemplateParams ctp = null;
+        if (direction.equals("previous")) {
+            ctp = doSearch(l, filter, -count, top - 1);
+        } else if (direction.equals("next")) {
+            ctp = doSearch(l, filter, count, bottom + 1);
+        } else if (direction.equals("begin")) {
+            ctp = doSearch(l, filter, count, 0);
+        } else if (direction.equals("first")) {
+            ctp = doSearch(l, filter, count, bottom);
+        } else { // if 'direction is 'end', default here
+            ctp = doSearch(l, filter, -count, -1);
+        }
+        return ctp;
     }
-    
-    
-
-	/**
-	 * 
-	 * @param locale
-	 * @param filter the types of requests to return - this must match the VLV index
-	 * @param count maximum number of records to return
-	 * @param marker indication of the request ID where the page is anchored
-	 * @return
-	 */
+
+    /**
+     * 
+     * @param locale
+     * @param filter the types of requests to return - this must match the VLV
+     *            index
+     * @param count maximum number of records to return
+     * @param marker indication of the request ID where the page is anchored
+     * @return
+     */
 
     private CMSTemplateParams doSearch(
-    		Locale locale,
-    		String filter,
-    		int count, 
-    		int marker) {
-    	
-    	IArgBlock header = CMS.createArgBlock();
-    	IArgBlock context = CMS.createArgBlock();
-    	CMSTemplateParams argset = new CMSTemplateParams(header, context);
-    	
-    	try {
-    		long startTime = CMS.getCurrentDate().getTime();
-    		// preserve the type of request that we are
-    		// requesting.
-    		
-    		header.addStringValue(OUT_AUTHORITY_ID, mAuthority.getId());
-    		header.addStringValue(OUT_REQUESTING_USER, "admin");
-    		
-    		
-    		boolean jumptoend = false;
-    		if (marker == -1) {
-    			marker = 0;       // I think this is inconsequential
-    			jumptoend = true; // override  to '99' during search 
-    		}
-    		
-    		RequestId id = new RequestId(Integer.toString(marker));
-    		IRequestVirtualList list =   mQueue.getPagedRequestsByFilter(
-    				id,
-    				jumptoend,
-    				filter, 
-    				count+1,
-    		"requestId");
-    		
-    		int totalCount = list.getSize() - list.getCurrentIndex();
-    		header.addIntegerValue(OUT_TOTALCOUNT, totalCount);
-    		header.addIntegerValue(OUT_CURRENTCOUNT, list.getSize());
-    		
-    		int numEntries = list.getSize() - list.getCurrentIndex();
-    		
-    		Vector v = fetchRecords(list,Math.abs(count));
-    		v = normalizeOrder(v);
-    		trim(v,id);
-    		
-    		
-    		int currentCount = 0;
-    		int curNum = 0;
-    		int firstNum = -1;
-    		Enumeration requests = v.elements();
-    		
-    		while (requests.hasMoreElements()) {
-    			IRequest request = null;
-    			try {
-    				request = (IRequest) requests.nextElement();
-    			} catch (Exception e) {
-    				CMS.debug("Error displaying request:"+e.getMessage());
-    				// handled below
-    			}
-    			if (request == null) {
-    				log(ILogger.LL_WARN, "Error display request on page");
-    				continue;
-    			}
-    			
-    			curNum = Integer.parseInt(
-    					request.getRequestId().toString());
-    			
-    			if (firstNum == -1) {
-    				firstNum = curNum; 
-    			}
-    			
-    			IArgBlock rec = CMS.createArgBlock();
-    			mParser.fillRequestIntoArg(locale, request, argset, rec);
-    			mQueue.releaseRequest(request);
-    			argset.addRepeatRecord(rec);
-    			
-    			currentCount++;
-    			
-    		}// while
-    		long endTime = CMS.getCurrentDate().getTime();
-    		
-    		header.addIntegerValue(OUT_CURRENTCOUNT, currentCount);
-    		header.addStringValue("time", Long.toString(endTime - startTime));
-    		header.addIntegerValue(OUT_FIRST_ENTRY_ON_PAGE, firstNum);
-    		header.addIntegerValue(OUT_LAST_ENTRY_ON_PAGE, curNum);
-    		
-    	} catch (EBaseException e) {
-    		header.addStringValue(OUT_ERROR, e.toString(locale));
-    	} catch (Exception e) {
-    	}
-    	return argset;
-    	
+            Locale locale,
+            String filter,
+            int count,
+            int marker) {
+
+        IArgBlock header = CMS.createArgBlock();
+        IArgBlock context = CMS.createArgBlock();
+        CMSTemplateParams argset = new CMSTemplateParams(header, context);
+
+        try {
+            long startTime = CMS.getCurrentDate().getTime();
+            // preserve the type of request that we are
+            // requesting.
+
+            header.addStringValue(OUT_AUTHORITY_ID, mAuthority.getId());
+            header.addStringValue(OUT_REQUESTING_USER, "admin");
+
+            boolean jumptoend = false;
+            if (marker == -1) {
+                marker = 0; // I think this is inconsequential
+                jumptoend = true; // override to '99' during search
+            }
+
+            RequestId id = new RequestId(Integer.toString(marker));
+            IRequestVirtualList list = mQueue.getPagedRequestsByFilter(
+                    id,
+                    jumptoend,
+                    filter,
+                    count + 1,
+                    "requestId");
+
+            int totalCount = list.getSize() - list.getCurrentIndex();
+            header.addIntegerValue(OUT_TOTALCOUNT, totalCount);
+            header.addIntegerValue(OUT_CURRENTCOUNT, list.getSize());
+
+            int numEntries = list.getSize() - list.getCurrentIndex();
+
+            Vector v = fetchRecords(list, Math.abs(count));
+            v = normalizeOrder(v);
+            trim(v, id);
+
+            int currentCount = 0;
+            int curNum = 0;
+            int firstNum = -1;
+            Enumeration requests = v.elements();
+
+            while (requests.hasMoreElements()) {
+                IRequest request = null;
+                try {
+                    request = (IRequest) requests.nextElement();
+                } catch (Exception e) {
+                    CMS.debug("Error displaying request:" + e.getMessage());
+                    // handled below
+                }
+                if (request == null) {
+                    log(ILogger.LL_WARN, "Error display request on page");
+                    continue;
+                }
+
+                curNum = Integer.parseInt(
+                        request.getRequestId().toString());
+
+                if (firstNum == -1) {
+                    firstNum = curNum;
+                }
+
+                IArgBlock rec = CMS.createArgBlock();
+                mParser.fillRequestIntoArg(locale, request, argset, rec);
+                mQueue.releaseRequest(request);
+                argset.addRepeatRecord(rec);
+
+                currentCount++;
+
+            }// while
+            long endTime = CMS.getCurrentDate().getTime();
+
+            header.addIntegerValue(OUT_CURRENTCOUNT, currentCount);
+            header.addStringValue("time", Long.toString(endTime - startTime));
+            header.addIntegerValue(OUT_FIRST_ENTRY_ON_PAGE, firstNum);
+            header.addIntegerValue(OUT_LAST_ENTRY_ON_PAGE, curNum);
+
+        } catch (EBaseException e) {
+            header.addStringValue(OUT_ERROR, e.toString(locale));
+        } catch (Exception e) {
+        }
+        return argset;
+
     }
 
     /**
      * If the vector contains the marker element at the end, remove it.
-     * @param v  The vector to trim
-     * @param marker  the marker to look for.
+     * 
+     * @param v The vector to trim
+     * @param marker the marker to look for.
+     */
+    private void trim(Vector v, RequestId marker) {
+        int i = v.size() - 1;
+        if (((IRequest) v.elementAt(i)).getRequestId().equals(marker)) {
+            v.remove(i);
+        }
+
+    }
+
+    /**
+     * Sometimes the list comes back from LDAP in reverse order. This function
+     * makes sure the results are in 'forward' order.
+     * 
+     * @param list
+     * @return
      */
-	private void trim(Vector v, RequestId marker) {
-		int i = v.size()-1;
-		if (((IRequest)v.elementAt(i)).getRequestId().equals(marker)) {
-			v.remove(i);
-		}
-		
-	}
-
-	/**
-	 * Sometimes the list comes back from LDAP in reverse order. This function makes
-	 * sure the results are in 'forward' order.
-	 * @param list
-	 * @return
-	 */
     private Vector fetchRecords(IRequestVirtualList list, int maxCount) {
-    	
-    	Vector v = new Vector();
-    	int count = list.getSize();
-    	int c=0;
-    	for (int i=0; i<count; i++) {
-    		IRequest request = list.getElementAt(i);
-    		if (request != null) {
-    		   v.add(request);
-    		   c++;
-    		}
-    		if (c >= maxCount) break;
-    	}
-    	
-    	return v;
+
+        Vector v = new Vector();
+        int count = list.getSize();
+        int c = 0;
+        for (int i = 0; i < count; i++) {
+            IRequest request = list.getElementAt(i);
+            if (request != null) {
+                v.add(request);
+                c++;
+            }
+            if (c >= maxCount)
+                break;
+        }
+
+        return v;
 
     }
 
     /**
      * If the requests are in backwards order, reverse the list
+     * 
      * @param list
      * @return
      */
     private Vector normalizeOrder(Vector list) {
-    	
-    	int firstrequestnum = Integer.parseInt(((IRequest) list.elementAt(0))
-    			.getRequestId().toString());
-    	int lastrequestnum = Integer.parseInt(((IRequest) list.elementAt(list
-    			.size() - 1)).getRequestId().toString());
-    	boolean reverse = false;
-    	if (firstrequestnum > lastrequestnum) {
-    		reverse = true; // if the order is backwards, place items at the beginning
-    	}
-    	Vector v = new Vector();
-    	int count = list.size();
-    	for (int i = 0; i < count; i++) {
-    		Object request = list.elementAt(i);
-    		if (request != null) {
-    			if (reverse)
-    				v.add(0, request);
-    			else
-    				v.add(request);
-    		}
-    	}
-    	
-    	return v;
+
+        int firstrequestnum = Integer.parseInt(((IRequest) list.elementAt(0))
+                .getRequestId().toString());
+        int lastrequestnum = Integer.parseInt(((IRequest) list.elementAt(list
+                .size() - 1)).getRequestId().toString());
+        boolean reverse = false;
+        if (firstrequestnum > lastrequestnum) {
+            reverse = true; // if the order is backwards, place items at the
+                            // beginning
+        }
+        Vector v = new Vector();
+        int count = list.size();
+        for (int i = 0; i < count; i++) {
+            Object request = list.elementAt(i);
+            if (request != null) {
+                if (reverse)
+                    v.add(0, request);
+                else
+                    v.add(request);
+            }
+        }
+
+        return v;
     }
 }
diff --git a/pki/base/common/src/com/netscape/cms/servlet/request/ReqParser.java b/pki/base/common/src/com/netscape/cms/servlet/request/ReqParser.java
index 29414ca5..00f95ec2 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/request/ReqParser.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/request/ReqParser.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.servlet.request;
 
-
 import java.util.Locale;
 
 import com.netscape.certsrv.base.EBaseException;
@@ -26,11 +25,10 @@ import com.netscape.certsrv.base.SessionContext;
 import com.netscape.certsrv.request.IRequest;
 import com.netscape.cms.servlet.common.CMSTemplateParams;
 
-
 /**
  * A class representing a request parser.
  * <P>
- *
+ * 
  * @version $Revision$, $Date$
  */
 public class ReqParser implements IReqParser {
@@ -51,29 +49,30 @@ public class ReqParser implements IReqParser {
      * Maps request object into argument block.
      */
     public void fillRequestIntoArg(Locale l, IRequest req, CMSTemplateParams argSet, IArgBlock arg)
-        throws EBaseException {
+            throws EBaseException {
         arg.addStringValue(TYPE, req.getRequestType());
-        arg.addLongValue("seqNum", 
-            Long.parseLong(req.getRequestId().toString()));
-        arg.addStringValue(STATUS, 
-            req.getRequestStatus().toString());
-        arg.addLongValue(CREATE_ON, 
-            req.getCreationTime().getTime() / 1000);
-        arg.addLongValue(UPDATE_ON, 
-            req.getModificationTime().getTime() / 1000);
+        arg.addLongValue("seqNum",
+                Long.parseLong(req.getRequestId().toString()));
+        arg.addStringValue(STATUS,
+                req.getRequestStatus().toString());
+        arg.addLongValue(CREATE_ON,
+                req.getCreationTime().getTime() / 1000);
+        arg.addLongValue(UPDATE_ON,
+                req.getModificationTime().getTime() / 1000);
         String updatedBy = req.getExtDataInString(IRequest.UPDATED_BY);
 
-        if (updatedBy == null) updatedBy = "";
+        if (updatedBy == null)
+            updatedBy = "";
         arg.addStringValue(UPDATE_BY, updatedBy);
 
         SessionContext ctx = SessionContext.getContext();
-        String id = (String) ctx.get(SessionContext.USER_ID); 
+        String id = (String) ctx.get(SessionContext.USER_ID);
 
         arg.addStringValue("callerName", id);
-		
+
         String owner = req.getRequestOwner();
 
-        if (owner != null) 
+        if (owner != null)
             arg.addStringValue("assignedTo", owner);
     }
 }
diff --git a/pki/base/common/src/com/netscape/cms/servlet/request/SearchReqs.java b/pki/base/common/src/com/netscape/cms/servlet/request/SearchReqs.java
index 04b21440..c660be24 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/request/SearchReqs.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/request/SearchReqs.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cms.servlet.request;
 
-
 import java.io.IOException;
 import java.math.BigInteger;
 import java.util.Date;
@@ -48,10 +47,9 @@ import com.netscape.cms.servlet.common.CMSTemplate;
 import com.netscape.cms.servlet.common.CMSTemplateParams;
 import com.netscape.cms.servlet.common.ECMSGWException;
 
-
 /**
  * Search for certificates matching complex query filter
- *
+ * 
  * @version $Revision$, $Date$
  */
 public class SearchReqs extends CMSServlet {
@@ -90,8 +88,9 @@ public class SearchReqs extends CMSServlet {
     }
 
     /**
-	 * initialize the servlet. This servlet uses queryReq.template
-	 * to render the response
+     * initialize the servlet. This servlet uses queryReq.template to render the
+     * response
+     * 
      * @param sc servlet configuration, read from the web.xml file
      */
     public void init(ServletConfig sc) throws ServletException {
@@ -154,10 +153,8 @@ public class SearchReqs extends CMSServlet {
 
     /**
      * Serves HTTP request. This format of this request is as follows:
-     *   queryCert?
-     *     [maxCount=<number>]
-     *     [queryFilter=<filter>]
-     *     [revokeAll=<filter>]
+     * queryCert? [maxCount=<number>] [queryFilter=<filter>]
+     * [revokeAll=<filter>]
      */
     public void process(CMSRequest cmsReq) throws EBaseException {
         HttpServletRequest req = cmsReq.getHttpReq();
@@ -172,10 +169,10 @@ public class SearchReqs extends CMSServlet {
                         mAuthzResourceName, "list");
         } catch (EAuthzAccessDenied e) {
             log(ILogger.LL_FAILURE,
-                CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+                    CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
         } catch (Exception e) {
             log(ILogger.LL_FAILURE,
-                CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
+                    CMS.getLogMessage("ADMIN_SRVLT_AUTH_FAILURE", e.toString()));
         }
 
         if (authzToken == null) {
@@ -198,10 +195,10 @@ public class SearchReqs extends CMSServlet {
         try {
             form = getTemplate(mFormPath, req, locale);
         } catch (IOException e) {
-            log(ILogger.LL_FAILURE, 
-                CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", e.toString()));
+            log(ILogger.LL_FAILURE,
+                    CMS.getLogMessage("CMSGW_ERR_GET_TEMPLATE", e.toString()));
             throw new ECMSGWException(
-              CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
+                    CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
         }
 
         try {
@@ -215,10 +212,10 @@ public class SearchReqs extends CMSServlet {
                 timeLimit = Integer.parseInt(timeLimitStr);
 
             process(argSet, header, req.getParameter("queryRequestFilter"), authToken,
-                maxResults, timeLimit, req, resp, locale[0]);
+                    maxResults, timeLimit, req, resp, locale[0]);
         } catch (NumberFormatException e) {
             log(ILogger.LL_FAILURE, CMS.getLogMessage("BASE_INVALID_NUMBER_FORMAT"));
-            error = new EBaseException(CMS.getUserMessage(getLocale(req),"CMS_BASE_INVALID_NUMBER_FORMAT"));
+            error = new EBaseException(CMS.getUserMessage(getLocale(req), "CMS_BASE_INVALID_NUMBER_FORMAT"));
         } catch (EBaseException e) {
             error = e;
         }
@@ -229,33 +226,33 @@ public class SearchReqs extends CMSServlet {
             if (error == null) {
                 String xmlOutput = req.getParameter("xml");
                 if (xmlOutput != null && xmlOutput.equals("true")) {
-                  outputXML(resp, argSet);
+                    outputXML(resp, argSet);
                 } else {
-                  cmsReq.setStatus(CMSRequest.SUCCESS);
-                  resp.setContentType("text/html");
-                  form.renderOutput(out, argSet);
+                    cmsReq.setStatus(CMSRequest.SUCCESS);
+                    resp.setContentType("text/html");
+                    form.renderOutput(out, argSet);
                 }
             } else {
                 cmsReq.setStatus(CMSRequest.ERROR);
                 cmsReq.setError(error);
             }
         } catch (IOException e) {
-            log(ILogger.LL_FAILURE, 
-                CMS.getLogMessage("CMSGW_ERR_OUT_STREAM_TEMPLATE", e.toString()));
+            log(ILogger.LL_FAILURE,
+                    CMS.getLogMessage("CMSGW_ERR_OUT_STREAM_TEMPLATE", e.toString()));
             throw new ECMSGWException(
-              CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
+                    CMS.getUserMessage("CMS_GW_DISPLAY_TEMPLATE_ERROR"));
         }
     }
 
     /**
      * Process the key search.
      */
-    private void process(CMSTemplateParams argSet, IArgBlock header, 
-        String filter, IAuthToken token,
-        int maxResults, int timeLimit,
-        HttpServletRequest req, HttpServletResponse resp,
-        Locale locale)
-        throws EBaseException {
+    private void process(CMSTemplateParams argSet, IArgBlock header,
+            String filter, IAuthToken token,
+            int maxResults, int timeLimit,
+            HttpServletRequest req, HttpServletResponse resp,
+            Locale locale)
+            throws EBaseException {
 
         try {
             long startTime = CMS.getCurrentDate().getTime();
@@ -272,12 +269,12 @@ public class SearchReqs extends CMSServlet {
             } else {
                 if (owner.equals("self")) {
                     String self_uid = token.getInString(IAuthToken.USER_ID);
-                    requestowner_filter = "(requestowner="+self_uid+")";
+                    requestowner_filter = "(requestowner=" + self_uid + ")";
                 } else {
                     String uid = req.getParameter("uid");
-                    requestowner_filter = "(requestowner="+uid+")";
+                    requestowner_filter = "(requestowner=" + uid + ")";
                 }
-                newfilter = "(&"+requestowner_filter+filter.substring(2);
+                newfilter = "(&" + requestowner_filter + filter.substring(2);
             }
             // xxx the filter includes serial number range???
             if (maxResults == -1 || maxResults > mMaxReturns) {
@@ -289,8 +286,8 @@ public class SearchReqs extends CMSServlet {
                 timeLimit = mTimeLimits;
             }
             IRequestList list = (timeLimit > 0) ?
-                mQueue.listRequestsByFilter(newfilter, maxResults, timeLimit) :
-                mQueue.listRequestsByFilter(newfilter, maxResults);
+                    mQueue.listRequestsByFilter(newfilter, maxResults, timeLimit) :
+                    mQueue.listRequestsByFilter(newfilter, maxResults);
 
             int count = 0;
 
@@ -323,7 +320,8 @@ public class SearchReqs extends CMSServlet {
         int i = filter.indexOf(CURRENT_TIME, k);
 
         while (i > -1) {
-            if (now == null) now = new Date();
+            if (now == null)
+                now = new Date();
             newFilter.append(filter.substring(k, i));
             newFilter.append(now.getTime());
             k = i + CURRENT_TIME.length();
diff --git a/pki/base/common/src/com/netscape/cms/servlet/tks/TokenServlet.java b/pki/base/common/src/com/netscape/cms/servlet/tks/TokenServlet.java
index ca785565..d9919723 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/tks/TokenServlet.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/tks/TokenServlet.java
@@ -50,14 +50,11 @@ import com.netscape.cms.servlet.base.CMSServlet;
 import com.netscape.cms.servlet.common.CMSRequest;
 import com.netscape.symkey.SessionKey;
 
-
-
 /**
- * A class representings an administration servlet for Token Key
- * Service Authority. This servlet is responsible to serve 
- * tks administrative operation such as configuration 
- * parameter updates.
- *
+ * A class representings an administration servlet for Token Key Service
+ * Authority. This servlet is responsible to serve tks administrative operation
+ * such as configuration parameter updates.
+ * 
  * @version $Revision$, $Date$
  */
 public class TokenServlet extends CMSServlet {
@@ -66,66 +63,53 @@ public class TokenServlet extends CMSServlet {
      */
     private static final long serialVersionUID = 8687436109695172791L;
     protected static final String PROP_ENABLED = "enabled";
-    protected static final String TRANSPORT_KEY_NAME ="sharedSecret";
+    protected static final String TRANSPORT_KEY_NAME = "sharedSecret";
     private final static String INFO = "TokenServlet";
     public static int ERROR = 1;
     private ITKSAuthority mTKS = null;
     private String mSelectedToken = null;
     private String mNewSelectedToken = null;
     String mKeyNickName = null;
-    String mNewKeyNickName = null; 
+    String mNewKeyNickName = null;
     private final static String LOGGING_SIGNED_AUDIT_CONFIG_DRM =
-        "LOGGING_SIGNED_AUDIT_CONFIG_DRM_3";
+            "LOGGING_SIGNED_AUDIT_CONFIG_DRM_3";
     IPrettyPrintFormat pp = CMS.getPrettyPrintFormat(":");
 
-    private final static String
-        LOGGING_SIGNED_AUDIT_COMPUTE_SESSION_KEY_REQUEST =
-        "LOGGING_SIGNED_AUDIT_COMPUTE_SESSION_KEY_REQUEST_3";
-
-   private final static String
-        LOGGING_SIGNED_AUDIT_COMPUTE_SESSION_KEY_REQUEST_PROCESSED_SUCCESS =
-        "LOGGING_SIGNED_AUDIT_COMPUTE_SESSION_KEY_REQUEST_PROCESSED_SUCCESS_8";
+    private final static String LOGGING_SIGNED_AUDIT_COMPUTE_SESSION_KEY_REQUEST =
+            "LOGGING_SIGNED_AUDIT_COMPUTE_SESSION_KEY_REQUEST_3";
 
-   private final static String
-        LOGGING_SIGNED_AUDIT_COMPUTE_SESSION_KEY_REQUEST_PROCESSED_FAILURE =
-        "LOGGING_SIGNED_AUDIT_COMPUTE_SESSION_KEY_REQUEST_PROCESSED_FAILURE_9";
+    private final static String LOGGING_SIGNED_AUDIT_COMPUTE_SESSION_KEY_REQUEST_PROCESSED_SUCCESS =
+            "LOGGING_SIGNED_AUDIT_COMPUTE_SESSION_KEY_REQUEST_PROCESSED_SUCCESS_8";
 
-   private final static String
-        LOGGING_SIGNED_AUDIT_DIVERSIFY_KEY_REQUEST =
-        "LOGGING_SIGNED_AUDIT_DIVERSIFY_KEY_REQUEST_5";
+    private final static String LOGGING_SIGNED_AUDIT_COMPUTE_SESSION_KEY_REQUEST_PROCESSED_FAILURE =
+            "LOGGING_SIGNED_AUDIT_COMPUTE_SESSION_KEY_REQUEST_PROCESSED_FAILURE_9";
 
-   private final static String
-        LOGGING_SIGNED_AUDIT_DIVERSIFY_KEY_REQUEST_PROCESSED_SUCCESS =
-        "LOGGING_SIGNED_AUDIT_DIVERSIFY_KEY_REQUEST_PROCESSED_SUCCESS_6";
+    private final static String LOGGING_SIGNED_AUDIT_DIVERSIFY_KEY_REQUEST =
+            "LOGGING_SIGNED_AUDIT_DIVERSIFY_KEY_REQUEST_5";
 
-   private final static String
-        LOGGING_SIGNED_AUDIT_DIVERSIFY_KEY_REQUEST_PROCESSED_FAILURE =
-        "LOGGING_SIGNED_AUDIT_DIVERSIFY_KEY_REQUEST_PROCESSED_FAILURE_7";
+    private final static String LOGGING_SIGNED_AUDIT_DIVERSIFY_KEY_REQUEST_PROCESSED_SUCCESS =
+            "LOGGING_SIGNED_AUDIT_DIVERSIFY_KEY_REQUEST_PROCESSED_SUCCESS_6";
 
+    private final static String LOGGING_SIGNED_AUDIT_DIVERSIFY_KEY_REQUEST_PROCESSED_FAILURE =
+            "LOGGING_SIGNED_AUDIT_DIVERSIFY_KEY_REQUEST_PROCESSED_FAILURE_7";
 
-   private final static String
-        LOGGING_SIGNED_AUDIT_ENCRYPT_DATA_REQUEST =
-        "LOGGING_SIGNED_AUDIT_ENCRYPT_DATA_REQUEST_4";
+    private final static String LOGGING_SIGNED_AUDIT_ENCRYPT_DATA_REQUEST =
+            "LOGGING_SIGNED_AUDIT_ENCRYPT_DATA_REQUEST_4";
 
-   private final static String
-        LOGGING_SIGNED_AUDIT_ENCRYPT_DATA_REQUEST_PROCESSED_SUCCESS =
-        "LOGGING_SIGNED_AUDIT_ENCRYPT_DATA_REQUEST_PROCESSED_SUCCESS_7";
+    private final static String LOGGING_SIGNED_AUDIT_ENCRYPT_DATA_REQUEST_PROCESSED_SUCCESS =
+            "LOGGING_SIGNED_AUDIT_ENCRYPT_DATA_REQUEST_PROCESSED_SUCCESS_7";
 
-   private final static String
-        LOGGING_SIGNED_AUDIT_ENCRYPT_DATA_REQUEST_PROCESSED_FAILURE =
-        "LOGGING_SIGNED_AUDIT_ENCRYPT_DATA_REQUEST_PROCESSED_FAILURE_8";
+    private final static String LOGGING_SIGNED_AUDIT_ENCRYPT_DATA_REQUEST_PROCESSED_FAILURE =
+            "LOGGING_SIGNED_AUDIT_ENCRYPT_DATA_REQUEST_PROCESSED_FAILURE_8";
 
-   private final static String
-        LOGGING_SIGNED_AUDIT_COMPUTE_RANDOM_DATA_REQUEST = 
-         "LOGGING_SIGNED_AUDIT_COMPUTE_RANDOM_DATA_REQUEST_2";
+    private final static String LOGGING_SIGNED_AUDIT_COMPUTE_RANDOM_DATA_REQUEST =
+            "LOGGING_SIGNED_AUDIT_COMPUTE_RANDOM_DATA_REQUEST_2";
 
-   private final static String
-        LOGGING_SIGNED_AUDIT_COMPUTE_RANDOM_DATA_REQUEST_PROCESSED_SUCCESS = 
-         "LOGGING_SIGNED_AUDIT_COMPUTE_RANDOM_DATA_REQUEST_PROCESSED_SUCCESS_3";
+    private final static String LOGGING_SIGNED_AUDIT_COMPUTE_RANDOM_DATA_REQUEST_PROCESSED_SUCCESS =
+            "LOGGING_SIGNED_AUDIT_COMPUTE_RANDOM_DATA_REQUEST_PROCESSED_SUCCESS_3";
 
-   private final static String
-        LOGGING_SIGNED_AUDIT_COMPUTE_RANDOM_DATA_REQUEST_PROCESSED_FAILURE =
-         "LOGGING_SIGNED_AUDIT_COMPUTE_RANDOM_DATA_REQUEST_PROCESSED_FAILURE_4";
+    private final static String LOGGING_SIGNED_AUDIT_COMPUTE_RANDOM_DATA_REQUEST_PROCESSED_FAILURE =
+            "LOGGING_SIGNED_AUDIT_COMPUTE_RANDOM_DATA_REQUEST_PROCESSED_FAILURE_4";
 
     /**
      * Constructs tks servlet.
@@ -135,14 +119,13 @@ public class TokenServlet extends CMSServlet {
 
     }
 
-    public static String trim(String a) 
-    {
-    StringBuffer newa = new StringBuffer();
+    public static String trim(String a) {
+        StringBuffer newa = new StringBuffer();
         StringTokenizer tokens = new StringTokenizer(a, "\n");
-    while (tokens.hasMoreTokens()) {
-        newa.append(tokens.nextToken());
-    }
-    return newa.toString();
+        while (tokens.hasMoreTokens()) {
+            newa.append(tokens.nextToken());
+        }
+        return newa.toString();
     }
 
     public void init(ServletConfig config) throws ServletException {
@@ -151,18 +134,19 @@ public class TokenServlet extends CMSServlet {
 
     /**
      * Returns serlvet information.
-     *
+     * 
      * @return name of this servlet
      */
-    public String getServletInfo() { 
-        return INFO; 
+    public String getServletInfo() {
+        return INFO;
     }
-   /**
-     * Process the HTTP request. 
-     *
+
+    /**
+     * Process the HTTP request.
+     * 
      * @param s The URL to decode.
      */
-     protected String URLdecode(String s) {
+    protected String URLdecode(String s) {
         if (s == null)
             return null;
         ByteArrayOutputStream out = new ByteArrayOutputStream(s.length());
@@ -182,62 +166,59 @@ public class TokenServlet extends CMSServlet {
             }
         } // end for
         return out.toString();
-     }
+    }
+
+    private void setDefaultSlotAndKeyName(HttpServletRequest req) {
+        try {
 
-    private void setDefaultSlotAndKeyName(HttpServletRequest req)
-    {
-         try {
+            String keySet = req.getParameter("keySet");
+            if (keySet == null || keySet.equals("")) {
+                keySet = "defKeySet";
+            }
+            CMS.debug("keySet selected: " + keySet);
 
-        String keySet = req.getParameter("keySet");
-        if (keySet == null || keySet.equals("")) {
-          keySet = "defKeySet";
-        }
-        CMS.debug("keySet selected: " + keySet);
+            mNewSelectedToken = null;
 
-        mNewSelectedToken = null;
-        
-        mSelectedToken = CMS.getConfigStore().getString("tks.defaultSlot");
-        String masterKeyPrefix = CMS.getConfigStore().getString("tks.master_key_prefix", null);
-        String temp = req.getParameter("KeyInfo"); //#xx#xx
-        String keyInfoMap = "tks." + keySet + ".mk_mappings." + temp;
-        String mappingValue = CMS.getConfigStore().getString(keyInfoMap, null);
-        if(mappingValue!=null)
-            {        
-            StringTokenizer st = new StringTokenizer(mappingValue, ":");
-            int tokenNumber=0;
-            while (st.hasMoreTokens()) {
-
-                        String currentToken= st.nextToken();
-                        if(tokenNumber==0)
-                            mSelectedToken = currentToken;
-                            else if(tokenNumber==1)
-                                mKeyNickName = currentToken;
-                        tokenNumber++;
-                    
-                    }
+            mSelectedToken = CMS.getConfigStore().getString("tks.defaultSlot");
+            String masterKeyPrefix = CMS.getConfigStore().getString("tks.master_key_prefix", null);
+            String temp = req.getParameter("KeyInfo"); // #xx#xx
+            String keyInfoMap = "tks." + keySet + ".mk_mappings." + temp;
+            String mappingValue = CMS.getConfigStore().getString(keyInfoMap, null);
+            if (mappingValue != null) {
+                StringTokenizer st = new StringTokenizer(mappingValue, ":");
+                int tokenNumber = 0;
+                while (st.hasMoreTokens()) {
+
+                    String currentToken = st.nextToken();
+                    if (tokenNumber == 0)
+                        mSelectedToken = currentToken;
+                    else if (tokenNumber == 1)
+                        mKeyNickName = currentToken;
+                    tokenNumber++;
+
+                }
             }
-        if(req.getParameter("newKeyInfo")!=null) // for diversification
+            if (req.getParameter("newKeyInfo") != null) // for diversification
             {
-            temp = req.getParameter("newKeyInfo"); //#xx#xx
-            String newKeyInfoMap = "tks." + keySet + ".mk_mappings." + temp;
-            String newMappingValue = CMS.getConfigStore().getString(newKeyInfoMap, null);
-            if(newMappingValue!=null)
-                {
-                StringTokenizer st = new StringTokenizer(newMappingValue, ":");
-                int tokenNumber=0;
-                while (st.hasMoreTokens()) {
-                            String currentToken= st.nextToken();
-                            if(tokenNumber==0)
-                                mNewSelectedToken = currentToken;
-                                else if(tokenNumber==1)
-                                    mNewKeyNickName = currentToken;
-                            tokenNumber++;
-                    
-                        }
+                temp = req.getParameter("newKeyInfo"); // #xx#xx
+                String newKeyInfoMap = "tks." + keySet + ".mk_mappings." + temp;
+                String newMappingValue = CMS.getConfigStore().getString(newKeyInfoMap, null);
+                if (newMappingValue != null) {
+                    StringTokenizer st = new StringTokenizer(newMappingValue, ":");
+                    int tokenNumber = 0;
+                    while (st.hasMoreTokens()) {
+                        String currentToken = st.nextToken();
+                        if (tokenNumber == 0)
+                            mNewSelectedToken = currentToken;
+                        else if (tokenNumber == 1)
+                            mNewKeyNickName = currentToken;
+                        tokenNumber++;
+
+                    }
                 }
-        }
+            }
 
-        SessionKey.SetDefaultPrefix(masterKeyPrefix);
+            SessionKey.SetDefaultPrefix(masterKeyPrefix);
 
         } catch (Exception e) {
             e.printStackTrace();
@@ -247,9 +228,8 @@ public class TokenServlet extends CMSServlet {
     }
 
     private void processComputeSessionKey(HttpServletRequest req,
-      HttpServletResponse resp) throws EBaseException
-    {
-        byte[] card_challenge ,host_challenge,keyInfo, xCUID, CUID, session_key;
+            HttpServletResponse resp) throws EBaseException {
+        byte[] card_challenge, host_challenge, keyInfo, xCUID, CUID, session_key;
         byte[] card_crypto, host_cryptogram, input_card_crypto;
         byte[] xcard_challenge, xhost_challenge;
         byte[] enc_session_key, xkeyInfo;
@@ -257,18 +237,18 @@ public class TokenServlet extends CMSServlet {
         String errorMsg = "";
         String badParams = "";
         String transportKeyName = "";
-   
-        String rCUID = req.getParameter("CUID"); 
+
+        String rCUID = req.getParameter("CUID");
         String keySet = req.getParameter("keySet");
         if (keySet == null || keySet.equals("")) {
-          keySet = "defKeySet";
+            keySet = "defKeySet";
         }
         CMS.debug("keySet selected: " + keySet);
 
         boolean serversideKeygen = false;
         byte[] drm_trans_wrapped_desKey = null;
-	PK11SymKey desKey = null;
-	//        PK11SymKey kek_session_key;
+        PK11SymKey desKey = null;
+        // PK11SymKey kek_session_key;
         PK11SymKey kek_key;
 
         IConfigStore sconfig = CMS.getConfigStore();
@@ -278,14 +258,14 @@ public class TokenServlet extends CMSServlet {
         card_crypto = null;
         host_cryptogram = null;
         enc_session_key = null;
-	//        kek_session_key = null;
+        // kek_session_key = null;
 
         SessionContext sContext = SessionContext.getContext();
 
-        String agentId="";
+        String agentId = "";
         if (sContext != null) {
             agentId =
-                (String) sContext.get(SessionContext.USER_ID);
+                    (String) sContext.get(SessionContext.USER_ID);
         }
 
         auditMessage = CMS.getLogMessage(
@@ -297,19 +277,19 @@ public class TokenServlet extends CMSServlet {
         audit(auditMessage);
 
         String kek_wrapped_desKeyString = null;
-	String keycheck_s = null;
+        String keycheck_s = null;
 
         CMS.debug("processComputeSessionKey:");
         String useSoftToken_s = CMS.getConfigStore().getString("tks.useSoftToken", "true");
-	if (!useSoftToken_s.equalsIgnoreCase("true"))
-	    useSoftToken_s = "false";
+        if (!useSoftToken_s.equalsIgnoreCase("true"))
+            useSoftToken_s = "false";
 
-	String rServersideKeygen = (String) req.getParameter("serversideKeygen");
+        String rServersideKeygen = (String) req.getParameter("serversideKeygen");
         if (rServersideKeygen.equals("true")) {
-              CMS.debug("TokenServlet: serversideKeygen requested");
-              serversideKeygen = true;
+            CMS.debug("TokenServlet: serversideKeygen requested");
+            serversideKeygen = true;
         } else {
-              CMS.debug("TokenServlet: serversideKeygen not requested");
+            CMS.debug("TokenServlet: serversideKeygen not requested");
         }
 
         try {
@@ -318,13 +298,12 @@ public class TokenServlet extends CMSServlet {
         }
 
         try {
-            transportKeyName = sconfig.getString("tks.tksSharedSymKeyName",TRANSPORT_KEY_NAME);
+            transportKeyName = sconfig.getString("tks.tksSharedSymKeyName", TRANSPORT_KEY_NAME);
         } catch (EBaseException e) {
         }
 
         CMS.debug("TokenServlet: ComputeSessionKey(): tksSharedSymKeyName: " + transportKeyName);
 
-
         String rcard_challenge = req.getParameter("card_challenge");
         String rhost_challenge = req.getParameter("host_challenge");
         String rKeyInfo = req.getParameter("KeyInfo");
@@ -353,7 +332,6 @@ public class TokenServlet extends CMSServlet {
             missingParam = true;
         }
 
-        
         String selectedToken = null;
         String keyNickName = null;
         boolean sameCardCrypto = true;
@@ -362,48 +340,48 @@ public class TokenServlet extends CMSServlet {
 
             xCUID = com.netscape.cmsutil.util.Utils.SpecialDecode(rCUID);
             if (xCUID == null || xCUID.length != 10) {
-                        badParams += " CUID length,";
-                        CMS.debug("TokenServlet: Invalid CUID length");
-                        missingParam = true;
+                badParams += " CUID length,";
+                CMS.debug("TokenServlet: Invalid CUID length");
+                missingParam = true;
             }
             xkeyInfo = com.netscape.cmsutil.util.Utils.SpecialDecode(rKeyInfo);
             if (xkeyInfo == null || xkeyInfo.length != 2) {
-                        badParams += " KeyInfo length,";
-                        CMS.debug("TokenServlet: Invalid key info length.");
-                        missingParam = true;
+                badParams += " KeyInfo length,";
+                CMS.debug("TokenServlet: Invalid key info length.");
+                missingParam = true;
             }
-            xcard_challenge = 
-                com.netscape.cmsutil.util.Utils.SpecialDecode(rcard_challenge);
+            xcard_challenge =
+                    com.netscape.cmsutil.util.Utils.SpecialDecode(rcard_challenge);
             if (xcard_challenge == null || xcard_challenge.length != 8) {
-                        badParams += " card_challenge length,";
-                        CMS.debug("TokenServlet: Invalid card challenge length.");
-                        missingParam = true;
+                badParams += " card_challenge length,";
+                CMS.debug("TokenServlet: Invalid card challenge length.");
+                missingParam = true;
             }
-        
+
             xhost_challenge = com.netscape.cmsutil.util.Utils.SpecialDecode(rhost_challenge);
             if (xhost_challenge == null || xhost_challenge.length != 8) {
-                        badParams += " host_challenge length,";
-                        CMS.debug("TokenServlet: Invalid host challenge length");
-                        missingParam = true;
+                badParams += " host_challenge length,";
+                CMS.debug("TokenServlet: Invalid host challenge length");
+                missingParam = true;
             }
- 
+
         }
 
         CUID = null;
         if (!missingParam) {
-            card_challenge = 
-                com.netscape.cmsutil.util.Utils.SpecialDecode(rcard_challenge);
-        
+            card_challenge =
+                    com.netscape.cmsutil.util.Utils.SpecialDecode(rcard_challenge);
+
             host_challenge = com.netscape.cmsutil.util.Utils.SpecialDecode(rhost_challenge);
             keyInfo = com.netscape.cmsutil.util.Utils.SpecialDecode(rKeyInfo);
 
-            CUID =com.netscape.cmsutil.util.Utils.SpecialDecode(rCUID);
+            CUID = com.netscape.cmsutil.util.Utils.SpecialDecode(rCUID);
 
-            String keyInfoMap = "tks." + keySet + ".mk_mappings." + rKeyInfo; //#xx#xx
+            String keyInfoMap = "tks." + keySet + ".mk_mappings." + rKeyInfo; // #xx#xx
             String mappingValue = CMS.getConfigStore().getString(keyInfoMap, null);
             if (mappingValue == null) {
-                selectedToken = 
-                  CMS.getConfigStore().getString("tks.defaultSlot", "internal");
+                selectedToken =
+                        CMS.getConfigStore().getString("tks.defaultSlot", "internal");
                 keyNickName = rKeyInfo;
             } else {
                 StringTokenizer st = new StringTokenizer(mappingValue, ":");
@@ -419,133 +397,130 @@ public class TokenServlet extends CMSServlet {
 
                     byte macKeyArray[] = com.netscape.cmsutil.util.Utils.SpecialDecode(sconfig.getString("tks." + keySet + ".mac_key"));
                     CMS.debug("TokenServlet about to try ComputeSessionKey selectedToken=" + selectedToken + " keyNickName=" + keyNickName);
-                        session_key = SessionKey.ComputeSessionKey(
-			     selectedToken,keyNickName,card_challenge,
-			     host_challenge,keyInfo,CUID, macKeyArray, useSoftToken_s, keySet, transportKeyName );
+                    session_key = SessionKey.ComputeSessionKey(
+                            selectedToken, keyNickName, card_challenge,
+                            host_challenge, keyInfo, CUID, macKeyArray, useSoftToken_s, keySet, transportKeyName);
 
-                    if(session_key == null)
-                    {
+                    if (session_key == null) {
                         CMS.debug("TokenServlet:Tried ComputeSessionKey, got NULL ");
-                        throw  new Exception("Can't compute session key!");
+                        throw new Exception("Can't compute session key!");
 
-                    }     
+                    }
 
                     byte encKeyArray[] = com.netscape.cmsutil.util.Utils.SpecialDecode(sconfig.getString("tks." + keySet + ".auth_key"));
                     enc_session_key = SessionKey.ComputeEncSessionKey(
-                      selectedToken,keyNickName,card_challenge,
-		      host_challenge,keyInfo,CUID, encKeyArray, useSoftToken_s, keySet);
+                            selectedToken, keyNickName, card_challenge,
+                            host_challenge, keyInfo, CUID, encKeyArray, useSoftToken_s, keySet);
 
-                    if(enc_session_key == null)
-                    {
+                    if (enc_session_key == null) {
                         CMS.debug("TokenServlet:Tried ComputeEncSessionKey, got NULL ");
-                        throw  new Exception("Can't compute enc session key!");
-    
+                        throw new Exception("Can't compute enc session key!");
+
                     }
 
                     if (serversideKeygen == true) {
 
                         /**
-			 * 0. generate des key
-                         * 1. encrypt des key with kek key
-                         * 2. encrypt des key with DRM transport key
-                         * These two wrapped items are to be sent back to
-                         * TPS.  2nd item is to DRM
+                         * 0. generate des key 1. encrypt des key with kek key
+                         * 2. encrypt des key with DRM transport key These two
+                         * wrapped items are to be sent back to TPS. 2nd item is
+                         * to DRM
                          **/
                         CMS.debug("TokenServlet: calling ComputeKekKey");
 
-                    byte kekKeyArray[] = com.netscape.cmsutil.util.Utils.SpecialDecode(sconfig.getString("tks." + keySet + ".kek_key"));
-
+                        byte kekKeyArray[] = com.netscape.cmsutil.util.Utils.SpecialDecode(sconfig.getString("tks." + keySet + ".kek_key"));
 
                         kek_key = SessionKey.ComputeKekKey(
-			     selectedToken,keyNickName,card_challenge,
-			     host_challenge,keyInfo,CUID, kekKeyArray, useSoftToken_s,keySet);
-
+                                selectedToken, keyNickName, card_challenge,
+                                host_challenge, keyInfo, CUID, kekKeyArray, useSoftToken_s, keySet);
 
                         CMS.debug("TokenServlet: called ComputeKekKey");
 
-                        if(kek_key == null)
-                        {
+                        if (kek_key == null) {
                             CMS.debug("TokenServlet:Tried ComputeKekKey, got NULL ");
-                            throw  new Exception("Can't compute kek key!");
-    
+                            throw new Exception("Can't compute kek key!");
+
                         }
                         // now use kek key to wrap kek session key..
-			CMS.debug("computeSessionKey:kek key len ="+
-				  kek_key.getLength());
-
-			// (1) generate DES key
-			/* applet does not support DES3
-			org.mozilla.jss.crypto.KeyGenerator kg = 
-			    internalToken.getKeyGenerator(KeyGenAlgorithm.DES3);
-			    desKey = kg.generate();*/
-
-			/*
-			 * XXX GenerateSymkey firt generates a 16 byte DES2 key.
-			 * It then pads it into a 24 byte key with last
-			 * 8 bytes copied from the 1st 8 bytes.  Effectively
-			 * making it a 24 byte DES2 key.  We need this for
-			 * wrapping private keys on DRM.
-			 */
-			/*generate it on whichever token the master key is at*/
-			if (useSoftToken_s.equals("true")) {
-			    CMS.debug("TokenServlet: key encryption key generated on internal");
-//cfu audit here? sym key gen
-			    desKey = SessionKey.GenerateSymkey("internal");
-//cfu audit here? sym key gen done
+                        CMS.debug("computeSessionKey:kek key len =" +
+                                kek_key.getLength());
+
+                        // (1) generate DES key
+                        /*
+                         * applet does not support DES3
+                         * org.mozilla.jss.crypto.KeyGenerator kg =
+                         * internalToken.getKeyGenerator(KeyGenAlgorithm.DES3);
+                         * desKey = kg.generate();
+                         */
+
+                        /*
+                         * XXX GenerateSymkey firt generates a 16 byte DES2 key.
+                         * It then pads it into a 24 byte key with last 8 bytes
+                         * copied from the 1st 8 bytes. Effectively making it a
+                         * 24 byte DES2 key. We need this for wrapping private
+                         * keys on DRM.
+                         */
+                        /* generate it on whichever token the master key is at */
+                        if (useSoftToken_s.equals("true")) {
+                            CMS.debug("TokenServlet: key encryption key generated on internal");
+                            // cfu audit here? sym key gen
+                            desKey = SessionKey.GenerateSymkey("internal");
+                            // cfu audit here? sym key gen done
                         } else {
-			    CMS.debug("TokenServlet: key encryption key generated on " + selectedToken);
-			    desKey = SessionKey.GenerateSymkey(selectedToken);
+                            CMS.debug("TokenServlet: key encryption key generated on " + selectedToken);
+                            desKey = SessionKey.GenerateSymkey(selectedToken);
+                        }
+                        if (desKey != null)
+                            CMS.debug("TokenServlet: key encryption key generated for " + rCUID);
+                        else {
+                            CMS.debug("TokenServlet: key encryption key generation failed for " + rCUID);
+                            throw new Exception("can't generate key encryption key");
                         }
-			if (desKey != null)
-			    CMS.debug("TokenServlet: key encryption key generated for "+rCUID);
-			else {
-			    CMS.debug("TokenServlet: key encryption key generation failed for "+rCUID);
-			    throw new Exception ("can't generate key encryption key");
-			}
-
-			/*
-			 * XXX ECBencrypt actually takes the 24 byte DES2 key
-			 * and discard the last 8 bytes before it encrypts.
-			 * This is done so that the applet can digest it
-			 */
-			byte[] encDesKey =
-			    SessionKey.ECBencrypt( kek_key,
-						    desKey);
-			/*
-			CMS.debug("computeSessionKey:encrypted desKey size = "+encDesKey.length);
-			CMS.debug(encDesKey);
-			*/
+
+                        /*
+                         * XXX ECBencrypt actually takes the 24 byte DES2 key
+                         * and discard the last 8 bytes before it encrypts. This
+                         * is done so that the applet can digest it
+                         */
+                        byte[] encDesKey =
+                                SessionKey.ECBencrypt(kek_key,
+                                        desKey);
+                        /*
+                         * CMS.debug("computeSessionKey:encrypted desKey size = "
+                         * +encDesKey.length); CMS.debug(encDesKey);
+                         */
 
                         kek_wrapped_desKeyString =
-                            com.netscape.cmsutil.util.Utils.SpecialEncode(encDesKey);
-
-			// get keycheck
-			byte[] keycheck = 
-			    SessionKey.ComputeKeyCheck(desKey);
-			/*
-			CMS.debug("computeSessionKey:keycheck size = "+keycheck.length);
-			CMS.debug(keycheck);
-			*/
-			keycheck_s =
-			    com.netscape.cmsutil.util.Utils.SpecialEncode(keycheck);
-
-                        //XXX use DRM transport cert to wrap desKey
-                        String drmTransNickname =  CMS.getConfigStore().getString("tks.drm_transport_cert_nickname", "");
-
-			if ((drmTransNickname == null) || (drmTransNickname == "")) {
-			    CMS.debug("TokenServlet:did not find DRM transport certificate nickname");
-			    throw new Exception("can't find DRM transport certificate nickname");
-			} else {
-			    CMS.debug("TokenServlet:drmtransport_cert_nickname="+drmTransNickname);
-			}
+                                com.netscape.cmsutil.util.Utils.SpecialEncode(encDesKey);
+
+                        // get keycheck
+                        byte[] keycheck =
+                                SessionKey.ComputeKeyCheck(desKey);
+                        /*
+                         * CMS.debug("computeSessionKey:keycheck size = "+keycheck
+                         * .length); CMS.debug(keycheck);
+                         */
+                        keycheck_s =
+                                com.netscape.cmsutil.util.Utils.SpecialEncode(keycheck);
+
+                        // XXX use DRM transport cert to wrap desKey
+                        String drmTransNickname = CMS.getConfigStore().getString("tks.drm_transport_cert_nickname", "");
+
+                        if ((drmTransNickname == null) || (drmTransNickname == "")) {
+                            CMS.debug("TokenServlet:did not find DRM transport certificate nickname");
+                            throw new Exception("can't find DRM transport certificate nickname");
+                        } else {
+                            CMS.debug("TokenServlet:drmtransport_cert_nickname=" + drmTransNickname);
+                        }
 
                         X509Certificate drmTransCert = null;
                         drmTransCert = CryptoManager.getInstance().findCertByNickname(drmTransNickname);
                         // wrap kek session key with DRM transport public key
-			CryptoToken token = null;
-			if (useSoftToken_s.equals("true")) {
-                           //token = CryptoManager.getInstance().getTokenByName(selectedToken);
-                           token = CryptoManager.getInstance().getInternalCryptoToken();
+                        CryptoToken token = null;
+                        if (useSoftToken_s.equals("true")) {
+                            // token =
+                            // CryptoManager.getInstance().getTokenByName(selectedToken);
+                            token = CryptoManager.getInstance().getInternalCryptoToken();
                         } else {
                             token = CryptoManager.getInstance().getTokenByName(selectedToken);
                         }
@@ -553,7 +528,7 @@ public class TokenServlet extends CMSServlet {
                         String pubKeyAlgo = pubKey.getAlgorithm();
                         CMS.debug("Transport Cert Key Algorithm: " + pubKeyAlgo);
                         KeyWrapper keyWrapper = null;
-                        //For wrapping symmetric keys don't need IV, use ECB
+                        // For wrapping symmetric keys don't need IV, use ECB
                         if (pubKeyAlgo.equals("EC")) {
                             keyWrapper = token.getKeyWrapper(KeyWrapAlgorithm.AES_ECB);
                             keyWrapper.initWrap(pubKey, null);
@@ -561,31 +536,29 @@ public class TokenServlet extends CMSServlet {
                             keyWrapper = token.getKeyWrapper(KeyWrapAlgorithm.RSA);
                             keyWrapper.initWrap(pubKey, null);
                         }
-                        CMS.debug("desKey token " + desKey.getOwningToken().getName() + " token: " + token.getName() );
+                        CMS.debug("desKey token " + desKey.getOwningToken().getName() + " token: " + token.getName());
                         drm_trans_wrapped_desKey = keyWrapper.wrap(desKey);
-			CMS.debug("computeSessionKey:desKey wrapped with drm transportation key.");
+                        CMS.debug("computeSessionKey:desKey wrapped with drm transportation key.");
 
                     } // if (serversideKeygen == true)
 
                     byte authKeyArray[] = com.netscape.cmsutil.util.Utils.SpecialDecode(sconfig.getString("tks." + keySet + ".auth_key"));
                     host_cryptogram = SessionKey.ComputeCryptogram(
-                      selectedToken,keyNickName,card_challenge,
-		      host_challenge,keyInfo,CUID,0, authKeyArray, useSoftToken_s, keySet);
+                            selectedToken, keyNickName, card_challenge,
+                            host_challenge, keyInfo, CUID, 0, authKeyArray, useSoftToken_s, keySet);
 
-                    if(host_cryptogram == null)
-                    {
+                    if (host_cryptogram == null) {
                         CMS.debug("TokenServlet:Tried ComputeCryptogram, got NULL ");
-                        throw  new Exception("Can't compute host cryptogram!");
+                        throw new Exception("Can't compute host cryptogram!");
 
                     }
                     card_crypto = SessionKey.ComputeCryptogram(
-                      selectedToken,keyNickName,card_challenge,
-		      host_challenge,keyInfo,CUID,1, authKeyArray, useSoftToken_s, keySet);
+                            selectedToken, keyNickName, card_challenge,
+                            host_challenge, keyInfo, CUID, 1, authKeyArray, useSoftToken_s, keySet);
 
-                    if(card_crypto == null)
-                    {
+                    if (card_crypto == null) {
                         CMS.debug("TokenServlet:Tried ComputeCryptogram, got NULL ");
-                        throw  new Exception("Can't compute card cryptogram!");
+                        throw new Exception("Can't compute card cryptogram!");
 
                     }
 
@@ -595,9 +568,9 @@ public class TokenServlet extends CMSServlet {
                             throw new Exception("Missing card cryptogram");
                         }
                         input_card_crypto =
-                               com.netscape.cmsutil.util.Utils.SpecialDecode(rcard_cryptogram);
+                                com.netscape.cmsutil.util.Utils.SpecialDecode(rcard_cryptogram);
                         if (card_crypto.length == input_card_crypto.length) {
-                            for (int i=0; i<card_crypto.length; i++) {
+                            for (int i = 0; i < card_crypto.length; i++) {
                                 if (card_crypto[i] != input_card_crypto[i]) {
                                     sameCardCrypto = false;
                                     break;
@@ -611,15 +584,15 @@ public class TokenServlet extends CMSServlet {
 
                     CMS.getLogger().log(ILogger.EV_AUDIT,
                             ILogger.S_TKS,
-                            ILogger.LL_INFO,"processComputeSessionKey for CUID=" + 
-                            trim(pp.toHexString(CUID)));
-                }    catch (Exception e) {
+                            ILogger.LL_INFO, "processComputeSessionKey for CUID=" +
+                                    trim(pp.toHexString(CUID)));
+                } catch (Exception e) {
                     CMS.debug(e);
                     CMS.debug("TokenServlet Computing Session Key: " + e.toString());
                     if (isCryptoValidate)
                         sameCardCrypto = false;
                 }
-            } 
+            }
         } // ! missingParam
 
         String value = "";
@@ -632,34 +605,32 @@ public class TokenServlet extends CMSServlet {
         String cryptogram = "";
         String status = "0";
         if (session_key != null && session_key.length > 0) {
-            outputString = 
-                com.netscape.cmsutil.util.Utils.SpecialEncode(session_key);
-        } else   {
-            
+            outputString =
+                    com.netscape.cmsutil.util.Utils.SpecialEncode(session_key);
+        } else {
+
             status = "1";
         }
 
         if (enc_session_key != null && enc_session_key.length > 0) {
-            encSessionKeyString = 
-                com.netscape.cmsutil.util.Utils.SpecialEncode(enc_session_key);
-        } else  {
+            encSessionKeyString =
+                    com.netscape.cmsutil.util.Utils.SpecialEncode(enc_session_key);
+        } else {
             status = "1";
         }
 
-
         if (serversideKeygen == true) {
-	    if ( drm_trans_wrapped_desKey != null && drm_trans_wrapped_desKey.length > 0)
-		drm_trans_wrapped_desKeyString  = 
-		    com.netscape.cmsutil.util.Utils.SpecialEncode(drm_trans_wrapped_desKey);
-	    else  {
-		status = "1";
+            if (drm_trans_wrapped_desKey != null && drm_trans_wrapped_desKey.length > 0)
+                drm_trans_wrapped_desKeyString =
+                        com.netscape.cmsutil.util.Utils.SpecialEncode(drm_trans_wrapped_desKey);
+            else {
+                status = "1";
             }
-	}
+        }
 
-        
         if (host_cryptogram != null && host_cryptogram.length > 0) {
-            cryptogram = 
-                com.netscape.cmsutil.util.Utils.SpecialEncode(host_cryptogram);
+            cryptogram =
+                    com.netscape.cmsutil.util.Utils.SpecialEncode(host_cryptogram);
         } else {
             status = "2";
         }
@@ -675,32 +646,30 @@ public class TokenServlet extends CMSServlet {
         if (missingParam) {
             status = "3";
         }
- 
-        if (!status.equals("0"))  {
-
-
-           if(status.equals("1")) {
-               errorMsg = "Problem generating session key info.";
-           }
- 
-           if(status.equals("2")) {
-               errorMsg = "Problem creating host_cryptogram.";
-           }
- 
-           if(status.equals("4")) {
-               errorMsg = "Problem obtaining token information.";
-           }
-
-           if(status.equals("3")) {
-               if(badParams.endsWith(","))  {
-                  badParams = badParams.substring(0,badParams.length() -1);         
-               }
-               errorMsg = "Missing input parameters :" + badParams;
-           }
-
-            value = "status="+status;
-        }
-        else {
+
+        if (!status.equals("0")) {
+
+            if (status.equals("1")) {
+                errorMsg = "Problem generating session key info.";
+            }
+
+            if (status.equals("2")) {
+                errorMsg = "Problem creating host_cryptogram.";
+            }
+
+            if (status.equals("4")) {
+                errorMsg = "Problem obtaining token information.";
+            }
+
+            if (status.equals("3")) {
+                if (badParams.endsWith(",")) {
+                    badParams = badParams.substring(0, badParams.length() - 1);
+                }
+                errorMsg = "Missing input parameters :" + badParams;
+            }
+
+            value = "status=" + status;
+        } else {
             if (serversideKeygen == true) {
                 StringBuffer sb = new StringBuffer();
                 sb.append("status=0&");
@@ -709,10 +678,10 @@ public class TokenServlet extends CMSServlet {
                 sb.append("&hostCryptogram=");
                 sb.append(cryptogram);
                 sb.append("&encSessionKey=");
-                sb.append(encSessionKeyString); 
+                sb.append(encSessionKeyString);
                 sb.append("&kek_wrapped_desKey=");
                 sb.append(kek_wrapped_desKeyString);
-		        sb.append("&keycheck=");
+                sb.append("&keycheck=");
                 sb.append(keycheck_s);
                 sb.append("&drm_trans_wrapped_desKey=");
                 sb.append(drm_trans_wrapped_desKeyString);
@@ -722,19 +691,19 @@ public class TokenServlet extends CMSServlet {
                 sb.append("status=0&");
                 sb.append("sessionKey=");
                 sb.append(outputString);
-				sb.append("&hostCryptogram=");
-				sb.append(cryptogram);
+                sb.append("&hostCryptogram=");
+                sb.append(cryptogram);
                 sb.append("&encSessionKey=");
                 sb.append(encSessionKeyString);
                 value = sb.toString();
             }
 
         }
-        CMS.debug("TokenServlet:outputString.encode " +value);
+        CMS.debug("TokenServlet:outputString.encode " + value);
 
-        try{
+        try {
             resp.setContentLength(value.length());
-            CMS.debug("TokenServlet:outputString.length " +value.length());
+            CMS.debug("TokenServlet:outputString.length " + value.length());
             OutputStream ooss = resp.getOutputStream();
             ooss.write(value.getBytes());
             ooss.flush();
@@ -742,65 +711,65 @@ public class TokenServlet extends CMSServlet {
         } catch (IOException e) {
             CMS.debug("TokenServlet: " + e.toString());
         }
-       
-        if(status.equals("0")) {
 
-           auditMessage = CMS.getLogMessage(
+        if (status.equals("0")) {
+
+            auditMessage = CMS.getLogMessage(
                          LOGGING_SIGNED_AUDIT_COMPUTE_SESSION_KEY_REQUEST_PROCESSED_SUCCESS,
                         rCUID,
                         ILogger.SUCCESS,
                         status,
                         agentId,
-                        isCryptoValidate? "true":"false",
-                        serversideKeygen? "true":"false",
+                        isCryptoValidate ? "true" : "false",
+                        serversideKeygen ? "true" : "false",
                         selectedToken,
                         keyNickName);
 
         } else {
 
-           auditMessage = CMS.getLogMessage(
+            auditMessage = CMS.getLogMessage(
                          LOGGING_SIGNED_AUDIT_COMPUTE_SESSION_KEY_REQUEST_PROCESSED_FAILURE,
                         rCUID,
                         ILogger.FAILURE,
                         status,
                         agentId,
-                        isCryptoValidate? "true":"false",
-                        serversideKeygen? "true":"false",
+                        isCryptoValidate ? "true" : "false",
+                        serversideKeygen ? "true" : "false",
                         selectedToken,
                         keyNickName,
                         errorMsg);
-       }
- 
+        }
+
         audit(auditMessage);
     }
 
     private void processDiversifyKey(HttpServletRequest req,
-      HttpServletResponse resp) throws EBaseException {
-        byte[] KeySetData,KeysValues,CUID,xCUID;
-        byte[] xkeyInfo,xnewkeyInfo;
+            HttpServletResponse resp) throws EBaseException {
+        byte[] KeySetData, KeysValues, CUID, xCUID;
+        byte[] xkeyInfo, xnewkeyInfo;
         boolean missingParam = false;
         String errorMsg = "";
         String badParams = "";
 
         IConfigStore sconfig = CMS.getConfigStore();
-         String rnewKeyInfo        = req.getParameter("newKeyInfo");
+        String rnewKeyInfo = req.getParameter("newKeyInfo");
         String newMasterKeyName = req.getParameter("newKeyInfo");
         String oldMasterKeyName = req.getParameter("KeyInfo");
-        String rCUID =req.getParameter("CUID");
-        String auditMessage="";
+        String rCUID = req.getParameter("CUID");
+        String auditMessage = "";
 
         String keySet = req.getParameter("keySet");
         if (keySet == null || keySet.equals("")) {
-          keySet = "defKeySet";
+            keySet = "defKeySet";
         }
         CMS.debug("keySet selected: " + keySet);
 
         SessionContext sContext = SessionContext.getContext();
 
-        String agentId="";
+        String agentId = "";
         if (sContext != null) {
             agentId =
-                (String) sContext.get(SessionContext.USER_ID);
+                    (String) sContext.get(SessionContext.USER_ID);
         }
 
         auditMessage = CMS.getLogMessage(
@@ -813,7 +782,6 @@ public class TokenServlet extends CMSServlet {
 
         audit(auditMessage);
 
-
         if ((rCUID == null) || (rCUID.equals(""))) {
             badParams += " CUID,";
             CMS.debug("TokenServlet: processDiversifyKey(): missing request parameter: CUID");
@@ -824,130 +792,130 @@ public class TokenServlet extends CMSServlet {
             CMS.debug("TokenServlet: processDiversifyKey(): missing request parameter: newKeyInfo");
             missingParam = true;
         }
-        if ((oldMasterKeyName == null) || (oldMasterKeyName.equals(""))){
+        if ((oldMasterKeyName == null) || (oldMasterKeyName.equals(""))) {
             badParams += " KeyInfo,";
             CMS.debug("TokenServlet: processDiversifyKey(): missing request parameter: KeyInfo");
             missingParam = true;
         }
 
         if (!missingParam) {
-                xkeyInfo = com.netscape.cmsutil.util.Utils.SpecialDecode(oldMasterKeyName);
-                    if (xkeyInfo == null || xkeyInfo.length != 2) {
-                        badParams += " KeyInfo length,";
-                        CMS.debug("TokenServlet: Invalid key info length");
-                        missingParam = true;
-                     }
-                xnewkeyInfo = com.netscape.cmsutil.util.Utils.SpecialDecode(newMasterKeyName);
-                    if (xnewkeyInfo == null || xnewkeyInfo.length != 2) {
-                        badParams += " NewKeyInfo length,";
-                        CMS.debug("TokenServlet: Invalid new key info length");
-                        missingParam = true;
-                     }
-                }
+            xkeyInfo = com.netscape.cmsutil.util.Utils.SpecialDecode(oldMasterKeyName);
+            if (xkeyInfo == null || xkeyInfo.length != 2) {
+                badParams += " KeyInfo length,";
+                CMS.debug("TokenServlet: Invalid key info length");
+                missingParam = true;
+            }
+            xnewkeyInfo = com.netscape.cmsutil.util.Utils.SpecialDecode(newMasterKeyName);
+            if (xnewkeyInfo == null || xnewkeyInfo.length != 2) {
+                badParams += " NewKeyInfo length,";
+                CMS.debug("TokenServlet: Invalid new key info length");
+                missingParam = true;
+            }
+        }
         String useSoftToken_s = CMS.getConfigStore().getString("tks.useSoftToken", "true");
-	if (!useSoftToken_s.equalsIgnoreCase("true"))
-	    useSoftToken_s = "false";
+        if (!useSoftToken_s.equalsIgnoreCase("true"))
+            useSoftToken_s = "false";
 
         KeySetData = null;
         String outputString = null;
         if (!missingParam) {
-                   xCUID = com.netscape.cmsutil.util.Utils.SpecialDecode(rCUID);
-                   if (xCUID == null || xCUID.length != 10) {
-                        badParams += " CUID length,";
-                        CMS.debug("TokenServlet: Invalid CUID length");
-            missingParam = true;
-                   }
-                }
+            xCUID = com.netscape.cmsutil.util.Utils.SpecialDecode(rCUID);
+            if (xCUID == null || xCUID.length != 10) {
+                badParams += " CUID length,";
+                CMS.debug("TokenServlet: Invalid CUID length");
+                missingParam = true;
+            }
+        }
         if (!missingParam) {
-          CUID = com.netscape.cmsutil.util.Utils.SpecialDecode(rCUID);
-
-          if (mKeyNickName!=null)
-              oldMasterKeyName =   mKeyNickName;
-          if (mNewKeyNickName!=null)
-              newMasterKeyName = mNewKeyNickName;  
-
-          String oldKeyInfoMap = "tks." + keySet + ".mk_mappings." + req.getParameter("KeyInfo"); //#xx#xx
-          String oldMappingValue = CMS.getConfigStore().getString(oldKeyInfoMap, null);
-          String oldSelectedToken = null;
-          String oldKeyNickName = null;
-          if (oldMappingValue == null) {
-              oldSelectedToken = CMS.getConfigStore().getString("tks.defaultSlot", "internal");
-              oldKeyNickName = req.getParameter("KeyInfo");
-          } else {
-              StringTokenizer st = new StringTokenizer(oldMappingValue, ":");
-              oldSelectedToken = st.nextToken();
-              oldKeyNickName = st.nextToken();
-          }
-
-          String newKeyInfoMap = "tks.mk_mappings." + rnewKeyInfo; //#xx#xx
-          String newMappingValue = CMS.getConfigStore().getString(newKeyInfoMap, null);
-          String newSelectedToken = null;
-          String newKeyNickName = null;
-          if (newMappingValue == null) {
-              newSelectedToken = CMS.getConfigStore().getString("tks.defaultSlot", "internal");
-              newKeyNickName = rnewKeyInfo;
-          } else {
-              StringTokenizer st = new StringTokenizer(newMappingValue, ":");
-              newSelectedToken = st.nextToken();
-              newKeyNickName = st.nextToken();
-          }
-
-          CMS.debug("process DiversifyKey for oldSelectedToke="+ 
-                oldSelectedToken + " newSelectedToken=" + newSelectedToken + 
-                " oldKeyNickName=" + oldKeyNickName + " newKeyNickName=" + 
-                newKeyNickName);
-
-          byte kekKeyArray[] = com.netscape.cmsutil.util.Utils.SpecialDecode(sconfig.getString("tks." + keySet + ".kek_key"));
-          KeySetData = SessionKey.DiversifyKey(oldSelectedToken, 
+            CUID = com.netscape.cmsutil.util.Utils.SpecialDecode(rCUID);
+
+            if (mKeyNickName != null)
+                oldMasterKeyName = mKeyNickName;
+            if (mNewKeyNickName != null)
+                newMasterKeyName = mNewKeyNickName;
+
+            String oldKeyInfoMap = "tks." + keySet + ".mk_mappings." + req.getParameter("KeyInfo"); // #xx#xx
+            String oldMappingValue = CMS.getConfigStore().getString(oldKeyInfoMap, null);
+            String oldSelectedToken = null;
+            String oldKeyNickName = null;
+            if (oldMappingValue == null) {
+                oldSelectedToken = CMS.getConfigStore().getString("tks.defaultSlot", "internal");
+                oldKeyNickName = req.getParameter("KeyInfo");
+            } else {
+                StringTokenizer st = new StringTokenizer(oldMappingValue, ":");
+                oldSelectedToken = st.nextToken();
+                oldKeyNickName = st.nextToken();
+            }
+
+            String newKeyInfoMap = "tks.mk_mappings." + rnewKeyInfo; // #xx#xx
+            String newMappingValue = CMS.getConfigStore().getString(newKeyInfoMap, null);
+            String newSelectedToken = null;
+            String newKeyNickName = null;
+            if (newMappingValue == null) {
+                newSelectedToken = CMS.getConfigStore().getString("tks.defaultSlot", "internal");
+                newKeyNickName = rnewKeyInfo;
+            } else {
+                StringTokenizer st = new StringTokenizer(newMappingValue, ":");
+                newSelectedToken = st.nextToken();
+                newKeyNickName = st.nextToken();
+            }
+
+            CMS.debug("process DiversifyKey for oldSelectedToke=" +
+                    oldSelectedToken + " newSelectedToken=" + newSelectedToken +
+                    " oldKeyNickName=" + oldKeyNickName + " newKeyNickName=" +
+                    newKeyNickName);
+
+            byte kekKeyArray[] = com.netscape.cmsutil.util.Utils.SpecialDecode(sconfig.getString("tks." + keySet + ".kek_key"));
+            KeySetData = SessionKey.DiversifyKey(oldSelectedToken,
                      newSelectedToken, oldKeyNickName,
-		 newKeyNickName,rnewKeyInfo,CUID, kekKeyArray, useSoftToken_s, keySet);
-
-          if (KeySetData == null || KeySetData.length<=1) {
-                  CMS.getLogger().log(ILogger.EV_AUDIT,
-                  ILogger.S_TKS,
-                  ILogger.LL_INFO,"process DiversifyKey: Missing MasterKey in Slot");
-          }
-
-          CMS.getLogger().log(ILogger.EV_AUDIT,
-                  ILogger.S_TKS,
-                  ILogger.LL_INFO,"process DiversifyKey for CUID ="+ trim(pp.toHexString(CUID))
-                  + ";from oldMasterKeyName="+oldSelectedToken + ":" + oldKeyNickName
-                  +";to newMasterKeyName="+newSelectedToken + ":" + newKeyNickName);
-
-          resp.setContentType("text/html");
-            
-          if (KeySetData != null) {
-              outputString  = new String(KeySetData);
-          }
+                    newKeyNickName, rnewKeyInfo, CUID, kekKeyArray, useSoftToken_s, keySet);
+
+            if (KeySetData == null || KeySetData.length <= 1) {
+                CMS.getLogger().log(ILogger.EV_AUDIT,
+                        ILogger.S_TKS,
+                        ILogger.LL_INFO, "process DiversifyKey: Missing MasterKey in Slot");
+            }
+
+            CMS.getLogger().log(ILogger.EV_AUDIT,
+                    ILogger.S_TKS,
+                    ILogger.LL_INFO, "process DiversifyKey for CUID =" + trim(pp.toHexString(CUID))
+                            + ";from oldMasterKeyName=" + oldSelectedToken + ":" + oldKeyNickName
+                            + ";to newMasterKeyName=" + newSelectedToken + ":" + newKeyNickName);
+
+            resp.setContentType("text/html");
+
+            if (KeySetData != null) {
+                outputString = new String(KeySetData);
+            }
         } // ! missingParam
 
-        //CMS.debug("TokenServlet:processDiversifyKey " +outputString);
-        //String value="keySetData=%00" if the KeySetData=byte[0]=0;
+        // CMS.debug("TokenServlet:processDiversifyKey " +outputString);
+        // String value="keySetData=%00" if the KeySetData=byte[0]=0;
 
         String value = "";
         String status = "0";
 
         if (KeySetData != null && KeySetData.length > 1) {
-            value = "status=0&"+"keySetData=" + 
+            value = "status=0&" + "keySetData=" +
                      com.netscape.cmsutil.util.Utils.SpecialEncode(KeySetData);
-            CMS.debug("TokenServlet:process DiversifyKey.encode " +value);
+            CMS.debug("TokenServlet:process DiversifyKey.encode " + value);
         } else if (missingParam) {
             status = "3";
-            if(badParams.endsWith(","))  {
-                badParams = badParams.substring(0,badParams.length() -1);
+            if (badParams.endsWith(",")) {
+                badParams = badParams.substring(0, badParams.length() - 1);
             }
             errorMsg = "Missing input parameters: " + badParams;
             value = "status=" + status;
-        } else  {
+        } else {
             errorMsg = "Problem diversifying key data.";
             status = "1";
             value = "status=" + status;
         }
 
         resp.setContentLength(value.length());
-        CMS.debug("TokenServlet:outputString.length " +value.length());
+        CMS.debug("TokenServlet:outputString.length " + value.length());
 
-        try{
+        try {
             OutputStream ooss = resp.getOutputStream();
             ooss.write(value.getBytes());
             ooss.flush();
@@ -956,9 +924,9 @@ public class TokenServlet extends CMSServlet {
             CMS.debug("TokenServlet:process DiversifyKey: " + e.toString());
         }
 
-         if(status.equals("0")) {
+        if (status.equals("0")) {
 
-           auditMessage = CMS.getLogMessage(
+            auditMessage = CMS.getLogMessage(
                          LOGGING_SIGNED_AUDIT_DIVERSIFY_KEY_REQUEST_PROCESSED_SUCCESS,
                         rCUID,
                         ILogger.SUCCESS,
@@ -969,7 +937,7 @@ public class TokenServlet extends CMSServlet {
 
         } else {
 
-           auditMessage = CMS.getLogMessage(
+            auditMessage = CMS.getLogMessage(
                          LOGGING_SIGNED_AUDIT_DIVERSIFY_KEY_REQUEST_PROCESSED_FAILURE,
                         rCUID,
                         ILogger.FAILURE,
@@ -978,13 +946,13 @@ public class TokenServlet extends CMSServlet {
                         oldMasterKeyName,
                         newMasterKeyName,
                         errorMsg);
-       }
+        }
 
-       audit(auditMessage);
+        audit(auditMessage);
     }
 
     private void processEncryptData(HttpServletRequest req,
-      HttpServletResponse resp) throws EBaseException {
+            HttpServletResponse resp) throws EBaseException {
         byte[] keyInfo, CUID, xCUID, encryptedData, xkeyInfo;
         boolean missingParam = false;
         byte[] data = null;
@@ -1004,10 +972,10 @@ public class TokenServlet extends CMSServlet {
 
         SessionContext sContext = SessionContext.getContext();
 
-        String agentId="";
+        String agentId = "";
         if (sContext != null) {
             agentId =
-                (String) sContext.get(SessionContext.USER_ID);
+                    (String) sContext.get(SessionContext.USER_ID);
         }
 
         CMS.debug("keySet selected: " + keySet);
@@ -1032,20 +1000,20 @@ public class TokenServlet extends CMSServlet {
 
         if (isRandom) {
             if ((rdata == null) || (rdata.equals(""))) {
-              CMS.debug("TokenServlet: processEncryptData(): no data in request.  Generating random number as data");
+                CMS.debug("TokenServlet: processEncryptData(): no data in request.  Generating random number as data");
             } else {
-              CMS.debug("TokenServlet: processEncryptData(): contain data in request, however, random generation on TKS is required. Generating...");
+                CMS.debug("TokenServlet: processEncryptData(): contain data in request, however, random generation on TKS is required. Generating...");
             }
             try {
-              SecureRandom random = SecureRandom.getInstance("SHA1PRNG");
-              data = new byte[16];
-              random.nextBytes(data);
+                SecureRandom random = SecureRandom.getInstance("SHA1PRNG");
+                data = new byte[16];
+                random.nextBytes(data);
             } catch (Exception e) {
-              CMS.debug("TokenServlet: processEncryptData():"+ e.toString());
-              badParams += " Random Number,";
-              missingParam = true;
+                CMS.debug("TokenServlet: processEncryptData():" + e.toString());
+                badParams += " Random Number,";
+                missingParam = true;
             }
-        } else if ((!isRandom) && (((rdata == null) || (rdata.equals(""))))){
+        } else if ((!isRandom) && (((rdata == null) || (rdata.equals(""))))) {
             CMS.debug("TokenServlet: processEncryptData(): missing request parameter: data.");
             badParams += " data,";
             missingParam = true;
@@ -1056,75 +1024,74 @@ public class TokenServlet extends CMSServlet {
             CMS.debug("TokenServlet: processEncryptData(): missing request parameter: CUID");
             missingParam = true;
         }
- 
+
         if ((rKeyInfo == null) || (rKeyInfo.equals(""))) {
             badParams += " KeyInfo,";
             CMS.debug("TokenServlet: processEncryptData(): missing request parameter: key info");
             missingParam = true;
         }
 
-
         if (!missingParam) {
-             xCUID = com.netscape.cmsutil.util.Utils.SpecialDecode(rCUID);
-                     if (xCUID == null || xCUID.length != 10) {
-                        badParams += " CUID length,";
-                        CMS.debug("TokenServlet: Invalid CUID length");
-                        missingParam = true;
-                      }
-             xkeyInfo = com.netscape.cmsutil.util.Utils.SpecialDecode(rKeyInfo);
-                     if (xkeyInfo == null || xkeyInfo.length != 2) {
-                        badParams += " KeyInfo length,";
-                        CMS.debug("TokenServlet: Invalid key info length");
-                         missingParam = true;
-                      }
+            xCUID = com.netscape.cmsutil.util.Utils.SpecialDecode(rCUID);
+            if (xCUID == null || xCUID.length != 10) {
+                badParams += " CUID length,";
+                CMS.debug("TokenServlet: Invalid CUID length");
+                missingParam = true;
+            }
+            xkeyInfo = com.netscape.cmsutil.util.Utils.SpecialDecode(rKeyInfo);
+            if (xkeyInfo == null || xkeyInfo.length != 2) {
+                badParams += " KeyInfo length,";
+                CMS.debug("TokenServlet: Invalid key info length");
+                missingParam = true;
+            }
         }
 
-        String useSoftToken_s = CMS.getConfigStore().getString("tks.useSoftToken","true");
-	if (!useSoftToken_s.equalsIgnoreCase("true"))
-	    useSoftToken_s = "false";
+        String useSoftToken_s = CMS.getConfigStore().getString("tks.useSoftToken", "true");
+        if (!useSoftToken_s.equalsIgnoreCase("true"))
+            useSoftToken_s = "false";
 
         String selectedToken = null;
         String keyNickName = null;
         if (!missingParam) {
-          if (!isRandom)
-            data = com.netscape.cmsutil.util.Utils.SpecialDecode(rdata);
-          keyInfo = com.netscape.cmsutil.util.Utils.SpecialDecode(rKeyInfo);
-          CUID = com.netscape.cmsutil.util.Utils.SpecialDecode(rCUID);
-
-          String keyInfoMap = "tks." + keySet + ".mk_mappings." + rKeyInfo;
-          String mappingValue = CMS.getConfigStore().getString(keyInfoMap, null);
-          if (mappingValue == null) {
-              selectedToken = CMS.getConfigStore().getString("tks.defaultSlot", "internal");
-              keyNickName = rKeyInfo;
-          } else {
-              StringTokenizer st = new StringTokenizer(mappingValue, ":");
-              selectedToken = st.nextToken();
-              keyNickName = st.nextToken();
-          }
-          
-          byte kekKeyArray[] = com.netscape.cmsutil.util.Utils.SpecialDecode(sconfig.getString("tks." + keySet + ".kek_key"));
-          encryptedData = SessionKey.EncryptData(
-                       selectedToken,keyNickName,data,keyInfo,CUID, kekKeyArray, useSoftToken_s, keySet);
-        
-          CMS.getLogger().log(ILogger.EV_AUDIT,
+            if (!isRandom)
+                data = com.netscape.cmsutil.util.Utils.SpecialDecode(rdata);
+            keyInfo = com.netscape.cmsutil.util.Utils.SpecialDecode(rKeyInfo);
+            CUID = com.netscape.cmsutil.util.Utils.SpecialDecode(rCUID);
+
+            String keyInfoMap = "tks." + keySet + ".mk_mappings." + rKeyInfo;
+            String mappingValue = CMS.getConfigStore().getString(keyInfoMap, null);
+            if (mappingValue == null) {
+                selectedToken = CMS.getConfigStore().getString("tks.defaultSlot", "internal");
+                keyNickName = rKeyInfo;
+            } else {
+                StringTokenizer st = new StringTokenizer(mappingValue, ":");
+                selectedToken = st.nextToken();
+                keyNickName = st.nextToken();
+            }
+
+            byte kekKeyArray[] = com.netscape.cmsutil.util.Utils.SpecialDecode(sconfig.getString("tks." + keySet + ".kek_key"));
+            encryptedData = SessionKey.EncryptData(
+                       selectedToken, keyNickName, data, keyInfo, CUID, kekKeyArray, useSoftToken_s, keySet);
+
+            CMS.getLogger().log(ILogger.EV_AUDIT,
                      ILogger.S_TKS,
-                     ILogger.LL_INFO,"process EncryptData for CUID ="+ trim(pp.toHexString(CUID)));
+                     ILogger.LL_INFO, "process EncryptData for CUID =" + trim(pp.toHexString(CUID)));
         } // !missingParam
 
         resp.setContentType("text/html");
-            
+
         String value = "";
-        String status = "0"; 
-        if (encryptedData != null && encryptedData.length > 0) { 
-            String outputString  = new String(encryptedData);
+        String status = "0";
+        if (encryptedData != null && encryptedData.length > 0) {
+            String outputString = new String(encryptedData);
             // sending both the pre-encrypted and encrypted data back
-            value = "status=0&"+"data="+
-                         com.netscape.cmsutil.util.Utils.SpecialEncode(data)+
-                         "&encryptedData=" + 
+            value = "status=0&" + "data=" +
+                         com.netscape.cmsutil.util.Utils.SpecialEncode(data) +
+                         "&encryptedData=" +
                          com.netscape.cmsutil.util.Utils.SpecialEncode(encryptedData);
         } else if (missingParam) {
-            if(badParams.endsWith(","))  {
-                badParams = badParams.substring(0,badParams.length() -1);
+            if (badParams.endsWith(",")) {
+                badParams = badParams.substring(0, badParams.length() - 1);
             }
             errorMsg = "Missing input parameters: " + badParams;
             status = "3";
@@ -1135,12 +1102,12 @@ public class TokenServlet extends CMSServlet {
             value = "status=" + status;
         }
 
-        CMS.debug("TokenServlet:process EncryptData.encode " +value);
+        CMS.debug("TokenServlet:process EncryptData.encode " + value);
 
         try {
             resp.setContentLength(value.length());
-            CMS.debug("TokenServlet:outputString.lenght " +value.length());
-            
+            CMS.debug("TokenServlet:outputString.lenght " + value.length());
+
             OutputStream ooss = resp.getOutputStream();
             ooss.write(value.getBytes());
             ooss.flush();
@@ -1149,9 +1116,9 @@ public class TokenServlet extends CMSServlet {
             CMS.debug("TokenServlet: " + e.toString());
         }
 
-         if(status.equals("0")) {
+        if (status.equals("0")) {
 
-           auditMessage = CMS.getLogMessage(
+            auditMessage = CMS.getLogMessage(
                          LOGGING_SIGNED_AUDIT_ENCRYPT_DATA_REQUEST_PROCESSED_SUCCESS,
                         rCUID,
                         ILogger.SUCCESS,
@@ -1163,7 +1130,7 @@ public class TokenServlet extends CMSServlet {
 
         } else {
 
-           auditMessage = CMS.getLogMessage(
+            auditMessage = CMS.getLogMessage(
                          LOGGING_SIGNED_AUDIT_ENCRYPT_DATA_REQUEST_PROCESSED_FAILURE,
                         rCUID,
                         ILogger.FAILURE,
@@ -1173,30 +1140,24 @@ public class TokenServlet extends CMSServlet {
                         selectedToken,
                         keyNickName,
                         errorMsg);
-       }
+        }
 
-       audit(auditMessage);
+        audit(auditMessage);
     }
 
-    /* 
-     *   For EncryptData:
-     *   data=value1
-     *   CUID=value2 // missing from RA
-     *   versionID=value3  // missing from RA
-     *
-     *   For ComputeSession: 
-     *   card_challenge=value1
-     *   host_challenge=value2
-     
-     *   For DiversifyKey:
-     *   new_master_key_index
-     *   master_key_index   
+    /*
+     * For EncryptData: data=value1 CUID=value2 // missing from RA
+     * versionID=value3 // missing from RA
+     * 
+     * For ComputeSession: card_challenge=value1 host_challenge=value2
+     * 
+     * For DiversifyKey: new_master_key_index master_key_index
      */
 
     private void processComputeRandomData(HttpServletRequest req,
-      HttpServletResponse resp) throws EBaseException {
-       
-        byte[] randomData = null; 
+            HttpServletResponse resp) throws EBaseException {
+
+        byte[] randomData = null;
         String status = "0";
         String errorMsg = "";
         String badParams = "";
@@ -1207,26 +1168,23 @@ public class TokenServlet extends CMSServlet {
 
         SessionContext sContext = SessionContext.getContext();
 
-        String agentId="";
+        String agentId = "";
         if (sContext != null) {
             agentId =
-                (String) sContext.get(SessionContext.USER_ID);
+                    (String) sContext.get(SessionContext.USER_ID);
         }
 
         String sDataSize = req.getParameter("dataNumBytes");
 
-        if(sDataSize == null || sDataSize.equals(""))  {
+        if (sDataSize == null || sDataSize.equals("")) {
             CMS.debug("TokenServlet::processComputeRandomData missing param dataNumBytes");
             badParams += " Random Data size, ";
             missingParam = true;
             status = "1";
         } else {
-            try
-            {
-               dataSize = Integer.parseInt(sDataSize.trim());
-            }
-            catch (NumberFormatException nfe)
-            {
+            try {
+                dataSize = Integer.parseInt(sDataSize.trim());
+            } catch (NumberFormatException nfe) {
                 CMS.debug("TokenServlet::processComputeRandomData invalid data size input!");
                 badParams += " Random Data size, ";
                 missingParam = true;
@@ -1244,33 +1202,33 @@ public class TokenServlet extends CMSServlet {
 
         audit(auditMessage);
 
-        if(!missingParam) {         
+        if (!missingParam) {
             try {
-                  SecureRandom random = SecureRandom.getInstance("SHA1PRNG");
-                  randomData = new byte[dataSize];
-                  random.nextBytes(randomData);
-                } catch (Exception e) {
-                   CMS.debug("TokenServlet::processComputeRandomData:"+ e.toString());
-                   errorMsg = "Can't generate random data!";
-                   status = "2";
+                SecureRandom random = SecureRandom.getInstance("SHA1PRNG");
+                randomData = new byte[dataSize];
+                random.nextBytes(randomData);
+            } catch (Exception e) {
+                CMS.debug("TokenServlet::processComputeRandomData:" + e.toString());
+                errorMsg = "Can't generate random data!";
+                status = "2";
             }
         }
 
         String randomDataOut = "";
-        if(status.equals("0")) {
+        if (status.equals("0")) {
             if (randomData != null && randomData.length == dataSize) {
                 randomDataOut =
-                    com.netscape.cmsutil.util.Utils.SpecialEncode(randomData);
+                        com.netscape.cmsutil.util.Utils.SpecialEncode(randomData);
             } else {
                 status = "2";
                 errorMsg = "Can't convert random data!";
             }
         }
 
-        if(status.equals("1") && missingParam) {
+        if (status.equals("1") && missingParam) {
 
-            if(badParams.endsWith(","))  {
-                  badParams = badParams.substring(0,badParams.length() -1);
+            if (badParams.endsWith(",")) {
+                badParams = badParams.substring(0, badParams.length() - 1);
             }
             errorMsg = "Missing input parameters :" + badParams;
         }
@@ -1278,15 +1236,15 @@ public class TokenServlet extends CMSServlet {
         resp.setContentType("text/html");
         String value = "";
 
-        value = "status="+status;
-        if(status.equals("0")) {
-            value = value + "&DATA="+randomDataOut;
+        value = "status=" + status;
+        if (status.equals("0")) {
+            value = value + "&DATA=" + randomDataOut;
         }
-        
+
         try {
             resp.setContentLength(value.length());
-            CMS.debug("TokenServler::processComputeRandomData :outputString.length " +value.length());
-            
+            CMS.debug("TokenServler::processComputeRandomData :outputString.length " + value.length());
+
             OutputStream ooss = resp.getOutputStream();
             ooss.write(value.getBytes());
             ooss.flush();
@@ -1295,22 +1253,22 @@ public class TokenServlet extends CMSServlet {
             CMS.debug("TokenServlet::processComputeRandomData " + e.toString());
         }
 
-        if(status.equals("0")) {
+        if (status.equals("0")) {
             auditMessage = CMS.getLogMessage(
                         LOGGING_SIGNED_AUDIT_COMPUTE_RANDOM_DATA_REQUEST_PROCESSED_SUCCESS,
                         ILogger.SUCCESS,
                         status,
                         agentId);
-           } else {
-               auditMessage = CMS.getLogMessage(
+        } else {
+            auditMessage = CMS.getLogMessage(
                         LOGGING_SIGNED_AUDIT_COMPUTE_RANDOM_DATA_REQUEST_PROCESSED_FAILURE,
                         ILogger.FAILURE,
                         status,
                         agentId,
                         errorMsg);
-          }
+        }
 
-          audit(auditMessage);
+        audit(auditMessage);
     }
 
     public void process(CMSRequest cmsReq) throws EBaseException {
@@ -1328,7 +1286,7 @@ public class TokenServlet extends CMSServlet {
 
         if (authzToken == null) {
 
-            try{
+            try {
                 resp.setContentType("text/html");
                 String value = "unauthorized=";
                 CMS.debug("TokenServlet: Unauthorized");
@@ -1338,37 +1296,36 @@ public class TokenServlet extends CMSServlet {
                 ooss.write(value.getBytes());
                 ooss.flush();
                 mRenderResult = false;
-            }catch (Exception e) {
+            } catch (Exception e) {
                 CMS.debug("TokenServlet: " + e.toString());
             }
 
-            //       cmsReq.setStatus(CMSRequest.UNAUTHORIZED);
+            // cmsReq.setStatus(CMSRequest.UNAUTHORIZED);
             return;
         }
 
         String temp = req.getParameter("card_challenge");
         mSelectedToken = CMS.getConfigStore().getString("tks.defaultSlot");
         setDefaultSlotAndKeyName(req);
-        if(temp!=null)
-        {
-            processComputeSessionKey(req,resp);
-        }else if(req.getParameter("data")!=null){
-            processEncryptData(req,resp);
-        }else if(req.getParameter("newKeyInfo")!=null){
-            processDiversifyKey(req,resp);
-        }else if(req.getParameter("dataNumBytes") !=null){
-            processComputeRandomData(req,resp);
+        if (temp != null) {
+            processComputeSessionKey(req, resp);
+        } else if (req.getParameter("data") != null) {
+            processEncryptData(req, resp);
+        } else if (req.getParameter("newKeyInfo") != null) {
+            processDiversifyKey(req, resp);
+        } else if (req.getParameter("dataNumBytes") != null) {
+            processComputeRandomData(req, resp);
         }
     }
 
     /**
      * Serves HTTP admin request.
-     *
+     * 
      * @param req HTTP request
      * @param resp HTTP response
      */
     public void service(HttpServletRequest req, HttpServletResponse resp)
-        throws ServletException, IOException {
+            throws ServletException, IOException {
         String scope = req.getParameter(Constants.OP_SCOPE);
         String op = req.getParameter(Constants.OP_TYPE);
 
diff --git a/pki/base/common/src/com/netscape/cms/servlet/wizard/IWizardPanel.java b/pki/base/common/src/com/netscape/cms/servlet/wizard/IWizardPanel.java
index 9d67065d..d9d3ddec 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/wizard/IWizardPanel.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/wizard/IWizardPanel.java
@@ -33,10 +33,10 @@ public interface IWizardPanel {
     /**
      * Initializes this panel.
      */
-    public void init(ServletConfig config, int panelno) 
+    public void init(ServletConfig config, int panelno)
                  throws ServletException;
 
-    public void init(WizardServlet servlet, ServletConfig config, 
+    public void init(WizardServlet servlet, ServletConfig config,
                      int panelno, String id) throws ServletException;
 
     public String getName();
@@ -44,7 +44,9 @@ public interface IWizardPanel {
     public int getPanelNo();
 
     public void setId(String id);
+
     public String getId();
+
     public PropertySet getUsage();
 
     /**
@@ -84,20 +86,22 @@ public interface IWizardPanel {
      */
     public void display(HttpServletRequest request,
                             HttpServletResponse response,
-                            Context context );
+                            Context context);
+
     /**
      * Checks if the given parameters are valid.
      */
     public void validate(HttpServletRequest request,
                             HttpServletResponse response,
-                            Context context ) throws IOException;
+                            Context context) throws IOException;
 
     /**
      * Commit parameter changes
      */
     public void update(HttpServletRequest request,
                           HttpServletResponse response,
-                          Context context ) throws IOException;
+                          Context context) throws IOException;
+
     /**
      * If validiate() returns false, this method will be called.
      */
diff --git a/pki/base/common/src/com/netscape/cms/servlet/wizard/WizardServlet.java b/pki/base/common/src/com/netscape/cms/servlet/wizard/WizardServlet.java
index 691d3e98..5c14fcf0 100644
--- a/pki/base/common/src/com/netscape/cms/servlet/wizard/WizardServlet.java
+++ b/pki/base/common/src/com/netscape/cms/servlet/wizard/WizardServlet.java
@@ -37,13 +37,10 @@ import com.netscape.cms.servlet.csadmin.Cert;
 import com.netscape.cmsutil.crypto.Module;
 
 /**
- * wizard?p=[panel number]&op=usage    <= usage in xml
- * wizard?p=[panel number]&op=display
- * wizard?p=[panel number]&op=next&...[additional parameters]...
- * wizard?p=[panel number]&op=apply
- * wizard?p=[panel number]&op=back
- * wizard?op=menu
- *   return menu options
+ * wizard?p=[panel number]&op=usage <= usage in xml wizard?p=[panel
+ * number]&op=display wizard?p=[panel number]&op=next&...[additional
+ * parameters]... wizard?p=[panel number]&op=apply wizard?p=[panel
+ * number]&op=back wizard?op=menu return menu options
  */
 public class WizardServlet extends VelocityServlet {
 
@@ -54,8 +51,7 @@ public class WizardServlet extends VelocityServlet {
     private String name = null;
     private Vector mPanels = new Vector();
 
-    public void init(ServletConfig config) throws ServletException 
-    {
+    public void init(ServletConfig config) throws ServletException {
         super.init(config);
 
         /* load sequence map */
@@ -64,33 +60,32 @@ public class WizardServlet extends VelocityServlet {
         StringTokenizer st = new StringTokenizer(panels, ",");
         int pno = 0;
         while (st.hasMoreTokens()) {
-          String p = st.nextToken();
-          StringTokenizer st1 = new StringTokenizer(p, "=");
-          String id = st1.nextToken();
-          String pvalue = st1.nextToken();
-          try {
-            IWizardPanel panel = (IWizardPanel)Class.forName(pvalue).newInstance();
-            panel.init(this, config, pno, id);
-            CMS.debug("WizardServlet: panel name=" + panel.getName());
-            mPanels.addElement(panel);
-          } catch (Exception e) {
-            CMS.debug("WizardServlet: " + e.toString());
-          }
-          pno++;
+            String p = st.nextToken();
+            StringTokenizer st1 = new StringTokenizer(p, "=");
+            String id = st1.nextToken();
+            String pvalue = st1.nextToken();
+            try {
+                IWizardPanel panel = (IWizardPanel) Class.forName(pvalue).newInstance();
+                panel.init(this, config, pno, id);
+                CMS.debug("WizardServlet: panel name=" + panel.getName());
+                mPanels.addElement(panel);
+            } catch (Exception e) {
+                CMS.debug("WizardServlet: " + e.toString());
+            }
+            pno++;
         }
         CMS.debug("WizardServlet: done");
-     
+
     }
 
     public void exposePanels(HttpServletRequest request,
                             HttpServletResponse response,
-                            Context context ) 
-    {
+                            Context context) {
         Enumeration e = mPanels.elements();
         Vector panels = new Vector();
         while (e.hasMoreElements()) {
-          IWizardPanel p = (IWizardPanel)e.nextElement();
-          panels.addElement(p);
+            IWizardPanel p = (IWizardPanel) e.nextElement();
+            panels.addElement(p);
         }
         context.put("panels", panels);
     }
@@ -98,84 +93,80 @@ public class WizardServlet extends VelocityServlet {
     /**
      * Cleans up panels from a particular panel.
      */
-    public void cleanUpFromPanel(int pno) throws IOException 
-    {
-      /* panel number starts from zero */
-      int s = mPanels.size();
-      for (int i = pno; i < s; i++) {
-        IWizardPanel panel = (IWizardPanel)mPanels.elementAt(i);
-        panel.cleanUp();
-      }
+    public void cleanUpFromPanel(int pno) throws IOException {
+        /* panel number starts from zero */
+        int s = mPanels.size();
+        for (int i = pno; i < s; i++) {
+            IWizardPanel panel = (IWizardPanel) mPanels.elementAt(i);
+            panel.cleanUp();
+        }
     }
 
-    public IWizardPanel getPanelByNo(int p)
-    {
-        IWizardPanel panel = (IWizardPanel)mPanels.elementAt(p);
+    public IWizardPanel getPanelByNo(int p) {
+        IWizardPanel panel = (IWizardPanel) mPanels.elementAt(p);
         if (panel.shouldSkip()) {
-          panel = getPanelByNo(p+1);
+            panel = getPanelByNo(p + 1);
         }
         return panel;
     }
 
     public Template displayPanel(HttpServletRequest request,
                             HttpServletResponse response,
-                            Context context ) 
-    {
+                            Context context) {
         CMS.debug("WizardServlet: in display");
         int p = getPanelNo(request);
 
         if (p == 0) {
-          CMS.debug("WizardServlet: firstpanel");
-          context.put("firstpanel", Boolean.TRUE);
+            CMS.debug("WizardServlet: firstpanel");
+            context.put("firstpanel", Boolean.TRUE);
         }
         if (p == (mPanels.size() - 1)) {
-          CMS.debug("WizardServlet: lastpanel");
-          context.put("lastpanel", Boolean.TRUE);
+            CMS.debug("WizardServlet: lastpanel");
+            context.put("lastpanel", Boolean.TRUE);
         }
         IWizardPanel panel = getPanelByNo(p);
         CMS.debug("WizardServlet: panel=" + panel);
 
         if (panel.showApplyButton() == true)
-          context.put("showApplyButton", Boolean.TRUE);
+            context.put("showApplyButton", Boolean.TRUE);
         else
-          context.put("showApplyButton", Boolean.FALSE);
+            context.put("showApplyButton", Boolean.FALSE);
 
         panel.display(request, response, context);
         context.put("p", Integer.toString(panel.getPanelNo()));
 
         try {
             return Velocity.getTemplate("admin/console/config/wizard.vm");
-        } catch (Exception e) { 
+        } catch (Exception e) {
         }
         return null;
     }
 
-    public String xml_value_flatten(Object v) 
-    {
+    public String xml_value_flatten(Object v) {
         String ret = "";
         if (v instanceof String) {
             ret += v;
         } else if (v instanceof Integer) {
-            ret += ((Integer)v).toString();
+            ret += ((Integer) v).toString();
         } else if (v instanceof Vector) {
             ret += "<Vector>";
-            Vector v1 = (Vector)v;
+            Vector v1 = (Vector) v;
             Enumeration e = v1.elements();
             StringBuffer sb = new StringBuffer();
             while (e.hasMoreElements()) {
-              sb.append(xml_value_flatten(e.nextElement()));
+                sb.append(xml_value_flatten(e.nextElement()));
             }
             ret += sb.toString();
             ret += "</Vector>";
         } else if (v instanceof Module) { // for hardware token
-            Module m = (Module)v;
+            Module m = (Module) v;
             ret += "<Module>";
             ret += "<CommonName>" + m.getCommonName() + "</CommonName>";
             ret += "<UserFriendlyName>" + m.getUserFriendlyName() + "</UserFriendlyName>";
             ret += "<ImagePath>" + m.getImagePath() + "</ImagePath>";
             ret += "</Module>";
         } else if (v instanceof Cert) {
-            Cert m = (Cert)v;
+            Cert m = (Cert) v;
             ret += "<CertReqPair>";
             ret += "<Nickname>" + m.getNickname() + "</Nickname>";
             ret += "<Tokenname>" + m.getTokenname() + "</Tokenname>";
@@ -187,7 +178,7 @@ public class WizardServlet extends VelocityServlet {
             ret += "<KeyOption>" + m.getKeyOption() + "</KeyOption>";
             ret += "</CertReqPair>";
         } else if (v instanceof IWizardPanel) {
-            IWizardPanel m = (IWizardPanel)v;
+            IWizardPanel m = (IWizardPanel) v;
             ret += "<Panel>";
             ret += "<Id>" + m.getId() + "</Id>";
             ret += "<Name>" + m.getName() + "</Name>";
@@ -198,89 +189,84 @@ public class WizardServlet extends VelocityServlet {
         return ret;
     }
 
-    public String xml_flatten(Context context)
-    {
+    public String xml_flatten(Context context) {
         StringBuffer ret = new StringBuffer();
-        Object o[] = context.getKeys(); 
-        for (int i = 0; i < o.length; i ++) {
-          if (o[i] instanceof String) {
-            String key = (String)o[i];
-            if (key.startsWith("__")) {
-                continue;
-            }
-            ret.append("<");
-            ret.append(key);
-            ret.append(">");
-            if (key.equals("bindpwd")) {
-              ret.append("(sensitive)");
-            } else {
-              Object v = context.get(key);
-              ret.append(xml_value_flatten(v));
+        Object o[] = context.getKeys();
+        for (int i = 0; i < o.length; i++) {
+            if (o[i] instanceof String) {
+                String key = (String) o[i];
+                if (key.startsWith("__")) {
+                    continue;
+                }
+                ret.append("<");
+                ret.append(key);
+                ret.append(">");
+                if (key.equals("bindpwd")) {
+                    ret.append("(sensitive)");
+                } else {
+                    Object v = context.get(key);
+                    ret.append(xml_value_flatten(v));
+                }
+                ret.append("</");
+                ret.append(key);
+                ret.append(">");
             }
-            ret.append("</");
-            ret.append(key);
-            ret.append(">");
-          }
         }
         return ret.toString();
     }
 
-    public int getPanelNo(HttpServletRequest request)
-    {
+    public int getPanelNo(HttpServletRequest request) {
         int p = 0;
-  
-        // panel number can be identified by either 
-        //   panel no (p parameter) directly, or
-        //   panel name (panelname parameter).
+
+        // panel number can be identified by either
+        // panel no (p parameter) directly, or
+        // panel name (panelname parameter).
         if (request.getParameter("panelname") != null) {
-          String name = request.getParameter("panelname");
-          for (int i = 0; i < mPanels.size(); i++) {
-            IWizardPanel panel = (IWizardPanel)mPanels.elementAt(i);
-            if (panel.getId().equals(name)) {
-              return i;
+            String name = request.getParameter("panelname");
+            for (int i = 0; i < mPanels.size(); i++) {
+                IWizardPanel panel = (IWizardPanel) mPanels.elementAt(i);
+                if (panel.getId().equals(name)) {
+                    return i;
+                }
             }
-          }
         } else if (request.getParameter("p") != null) {
-          p = Integer.parseInt(request.getParameter("p"));
+            p = Integer.parseInt(request.getParameter("p"));
         }
         return p;
     }
 
-    public String getNameFromPanelNo(int p)
-    {
-      IWizardPanel wp = (IWizardPanel)mPanels.elementAt(p);
-      return wp.getId();
+    public String getNameFromPanelNo(int p) {
+        IWizardPanel wp = (IWizardPanel) mPanels.elementAt(p);
+        return wp.getId();
     }
 
-    public IWizardPanel getPreviousPanel(int p) 
-    {
+    public IWizardPanel getPreviousPanel(int p) {
         CMS.debug("getPreviousPanel input p=" + p);
-        IWizardPanel backpanel = (IWizardPanel)mPanels.elementAt(p-1);
+        IWizardPanel backpanel = (IWizardPanel) mPanels.elementAt(p - 1);
         if (backpanel.isSubPanel()) {
-          backpanel = (IWizardPanel)mPanels.elementAt(p-1-1);
+            backpanel = (IWizardPanel) mPanels.elementAt(p - 1 - 1);
         }
         while (backpanel.shouldSkip()) {
-          backpanel = (IWizardPanel)
+            backpanel = (IWizardPanel)
                          mPanels.elementAt(backpanel.getPanelNo() - 1);
         }
         CMS.debug("getPreviousPanel output p=" + backpanel.getPanelNo());
         return backpanel;
     }
 
-    public IWizardPanel getNextPanel(int p) 
-    {
+    public IWizardPanel getNextPanel(int p) {
         CMS.debug("getNextPanel input p=" + p);
-        IWizardPanel panel = (IWizardPanel)mPanels.elementAt(p);
+        IWizardPanel panel = (IWizardPanel) mPanels.elementAt(p);
         if (p == (mPanels.size() - 1)) {
             p = p;
-	    } else if(panel.isSubPanel()) {
-           if (panel.isLoopbackPanel()) {
-	           p = p-1;   // Login Panel is a loop back panel
-           } else {
-	           p = p+1;
-           }
-	    } else if (panel.hasSubPanel()) {
-		    p = p + 2;
+        } else if (panel.isSubPanel()) {
+            if (panel.isLoopbackPanel()) {
+                p = p - 1; // Login Panel is a loop back panel
+            } else {
+                p = p + 1;
+            }
+        } else if (panel.hasSubPanel()) {
+            p = p + 2;
         } else {
             p = p + 1;
         }
@@ -291,190 +277,183 @@ public class WizardServlet extends VelocityServlet {
 
     public Template goApply(HttpServletRequest request,
                             HttpServletResponse response,
-                            Context context)
-    {
+                            Context context) {
         return goNextApply(request, response, context, true);
     }
 
     public Template goNext(HttpServletRequest request,
                             HttpServletResponse response,
-                            Context context ) 
-    {
+                            Context context) {
         return goNextApply(request, response, context, false);
     }
 
     /*
-     * The parameter "stay" is used to indicate "apply" without
-     * moving to the next panel
+     * The parameter "stay" is used to indicate "apply" without moving to the
+     * next panel
      */
     public Template goNextApply(HttpServletRequest request,
                             HttpServletResponse response,
-				Context context, boolean stay )
-    {
+                Context context, boolean stay) {
         int p = getPanelNo(request);
         if (stay == true)
             CMS.debug("WizardServlet: in reply " + p);
         else
             CMS.debug("WizardServlet: in next " + p);
 
-        IWizardPanel panel = (IWizardPanel)mPanels.elementAt(p);
+        IWizardPanel panel = (IWizardPanel) mPanels.elementAt(p);
         try {
-          panel.validate(request, response, context);
-          try {
-            panel.update(request, response, context);
-            if (stay == true) { // "apply"
-
-              if (panel.showApplyButton() == true)
-                context.put("showApplyButton", Boolean.TRUE);
-              else
-                context.put("showApplyButton", Boolean.FALSE);
-		      panel.display(request, response, context);
-            } else { // "next"
-                IWizardPanel nextpanel = getNextPanel(p);
-
-                if (nextpanel.showApplyButton() == true)
-                  context.put("showApplyButton", Boolean.TRUE);
-                else
-                  context.put("showApplyButton", Boolean.FALSE);
-                nextpanel.display(request, response, context);
-                panel = nextpanel;
+            panel.validate(request, response, context);
+            try {
+                panel.update(request, response, context);
+                if (stay == true) { // "apply"
+
+                    if (panel.showApplyButton() == true)
+                        context.put("showApplyButton", Boolean.TRUE);
+                    else
+                        context.put("showApplyButton", Boolean.FALSE);
+                    panel.display(request, response, context);
+                } else { // "next"
+                    IWizardPanel nextpanel = getNextPanel(p);
+
+                    if (nextpanel.showApplyButton() == true)
+                        context.put("showApplyButton", Boolean.TRUE);
+                    else
+                        context.put("showApplyButton", Boolean.FALSE);
+                    nextpanel.display(request, response, context);
+                    panel = nextpanel;
+                }
+                context.put("errorString", "");
+            } catch (Exception e) {
+                context.put("errorString", e.getMessage());
+                panel.displayError(request, response, context);
             }
-            context.put("errorString", "");
-          } catch (Exception e) {
-            context.put("errorString", e.getMessage());
-            panel.displayError(request, response, context);
-          }
         } catch (IOException eee) {
-          context.put("errorString", eee.getMessage());
-          panel.displayError(request, response, context);
+            context.put("errorString", eee.getMessage());
+            panel.displayError(request, response, context);
         }
         p = panel.getPanelNo();
         CMS.debug("panel no=" + p);
         CMS.debug("panel name=" + getNameFromPanelNo(p));
-        CMS.debug("total number of panels="+mPanels.size());
+        CMS.debug("total number of panels=" + mPanels.size());
         context.put("p", Integer.toString(p));
         context.put("panelname", getNameFromPanelNo(p));
         if (p == 0) {
-          CMS.debug("WizardServlet: firstpanel");
-          context.put("firstpanel", Boolean.TRUE);
+            CMS.debug("WizardServlet: firstpanel");
+            context.put("firstpanel", Boolean.TRUE);
         }
         if (p == (mPanels.size() - 1)) {
-          CMS.debug("WizardServlet: lastpanel");
-          context.put("lastpanel", Boolean.TRUE);
+            CMS.debug("WizardServlet: lastpanel");
+            context.put("lastpanel", Boolean.TRUE);
         }
         // this is where we handle the xml request
         String xml = request.getParameter("xml");
         if (xml != null && xml.equals("true")) {
-          CMS.debug("WizardServlet: found xml");
-          
-          response.setContentType("application/xml");
-          String xmlstr = xml_flatten(context);
-          context.put("xml", xmlstr);
-          try {
-            return Velocity.getTemplate("admin/console/config/xml.vm");
-          } catch (Exception e) { 
-            CMS.debug("Failing to get template" + e );
-          }
+            CMS.debug("WizardServlet: found xml");
+
+            response.setContentType("application/xml");
+            String xmlstr = xml_flatten(context);
+            context.put("xml", xmlstr);
+            try {
+                return Velocity.getTemplate("admin/console/config/xml.vm");
+            } catch (Exception e) {
+                CMS.debug("Failing to get template" + e);
+            }
         } else {
-          try {
-            return Velocity.getTemplate("admin/console/config/wizard.vm");
-          } catch (Exception e) { 
-            CMS.debug("Failing to get template" + e );
-          }
+            try {
+                return Velocity.getTemplate("admin/console/config/wizard.vm");
+            } catch (Exception e) {
+                CMS.debug("Failing to get template" + e);
+            }
         }
         return null;
     }
 
     public Template goBack(HttpServletRequest request,
                             HttpServletResponse response,
-                            Context context ) 
-    {
+                            Context context) {
         int p = getPanelNo(request);
         CMS.debug("WizardServlet: in back " + p);
         IWizardPanel backpanel = getPreviousPanel(p);
 
         if (backpanel.showApplyButton() == true)
-          context.put("showApplyButton", Boolean.TRUE);
+            context.put("showApplyButton", Boolean.TRUE);
         else
-          context.put("showApplyButton", Boolean.FALSE);
+            context.put("showApplyButton", Boolean.FALSE);
         backpanel.display(request, response, context);
-	    context.put("p", Integer.toString(backpanel.getPanelNo()));
+        context.put("p", Integer.toString(backpanel.getPanelNo()));
         context.put("panelname", getNameFromPanelNo(backpanel.getPanelNo()));
 
         p = backpanel.getPanelNo();
 
         if (p == 0) {
-          CMS.debug("WizardServlet: firstpanel");
-          context.put("firstpanel", Boolean.TRUE);
+            CMS.debug("WizardServlet: firstpanel");
+            context.put("firstpanel", Boolean.TRUE);
         }
         if (p == (mPanels.size() - 1)) {
-          CMS.debug("WizardServlet: lastpanel");
-          context.put("lastpanel", Boolean.TRUE);
+            CMS.debug("WizardServlet: lastpanel");
+            context.put("lastpanel", Boolean.TRUE);
         }
         try {
             return Velocity.getTemplate("admin/console/config/wizard.vm");
-        } catch (Exception e) { 
+        } catch (Exception e) {
         }
         return null;
     }
 
     public boolean authenticate(HttpServletRequest request,
                                    HttpServletResponse response,
-                                   Context context ) {
-      String pin = (String)request.getSession().getAttribute("pin");
-      if (pin == null) {
-        try {
-          response.sendRedirect("login");
-        } catch (IOException e) {
+                                   Context context) {
+        String pin = (String) request.getSession().getAttribute("pin");
+        if (pin == null) {
+            try {
+                response.sendRedirect("login");
+            } catch (IOException e) {
+            }
+            return false;
         }
-        return false;
-      }
-      return true;
+        return true;
     }
 
-    public void outputHttpParameters(HttpServletRequest httpReq)
-    {
+    public void outputHttpParameters(HttpServletRequest httpReq) {
         CMS.debug("WizardServlet:service() uri = " + httpReq.getRequestURI());
         Enumeration paramNames = httpReq.getParameterNames();
         while (paramNames.hasMoreElements()) {
-            String pn = (String)paramNames.nextElement();
+            String pn = (String) paramNames.nextElement();
             // added this facility so that password can be hidden,
-            // all sensitive parameters should be prefixed with 
+            // all sensitive parameters should be prefixed with
             // __ (double underscores); however, in the event that
             // a security parameter slips through, we perform multiple
             // additional checks to insure that it is NOT displayed
-            if( pn.startsWith("__")                         ||
-                pn.endsWith("password")                     ||
-                pn.endsWith("passwd")                       ||
-                pn.endsWith("pwd")                          ||
-                pn.equalsIgnoreCase("admin_password_again") ||
-                pn.equalsIgnoreCase("directoryManagerPwd")  ||
-                pn.equalsIgnoreCase("bindpassword")         ||
-                pn.equalsIgnoreCase("bindpwd")              ||
-                pn.equalsIgnoreCase("passwd")               ||
-                pn.equalsIgnoreCase("password")             ||
-                pn.equalsIgnoreCase("pin")                  ||
-                pn.equalsIgnoreCase("pwd")                  ||
-                pn.equalsIgnoreCase("pwdagain")             ||
-                pn.equalsIgnoreCase("uPasswd") ) {
-               CMS.debug("WizardServlet::service() param name='" + pn +
-                         "' value='(sensitive)'" );
+            if (pn.startsWith("__") ||
+                    pn.endsWith("password") ||
+                    pn.endsWith("passwd") ||
+                    pn.endsWith("pwd") ||
+                    pn.equalsIgnoreCase("admin_password_again") ||
+                    pn.equalsIgnoreCase("directoryManagerPwd") ||
+                    pn.equalsIgnoreCase("bindpassword") ||
+                    pn.equalsIgnoreCase("bindpwd") ||
+                    pn.equalsIgnoreCase("passwd") ||
+                    pn.equalsIgnoreCase("password") ||
+                    pn.equalsIgnoreCase("pin") ||
+                    pn.equalsIgnoreCase("pwd") ||
+                    pn.equalsIgnoreCase("pwdagain") ||
+                    pn.equalsIgnoreCase("uPasswd")) {
+                CMS.debug("WizardServlet::service() param name='" + pn +
+                         "' value='(sensitive)'");
             } else {
-               CMS.debug("WizardServlet::service() param name='" + pn +
-                         "' value='" + httpReq.getParameter(pn) + "'" );
+                CMS.debug("WizardServlet::service() param name='" + pn +
+                         "' value='" + httpReq.getParameter(pn) + "'");
             }
         }
     }
-                                                                                
 
     public Template handleRequest(HttpServletRequest request,
                             HttpServletResponse response,
-                            Context context ) 
-    {
+                            Context context) {
         CMS.debug("WizardServlet: process");
 
-        if (CMS.debugOn())  {
-              outputHttpParameters(request);
+        if (CMS.debugOn()) {
+            outputHttpParameters(request);
         }
 
         if (!authenticate(request, response, context)) {
@@ -484,7 +463,7 @@ public class WizardServlet extends VelocityServlet {
 
         String op = request.getParameter("op"); /* operation */
         if (op == null) {
-          op = "display";
+            op = "display";
         }
         CMS.debug("WizardServlet: op=" + op);
         CMS.debug("WizardServlet: size=" + mPanels.size());
diff --git a/pki/base/common/src/com/netscape/cms/shares/OldJoinShares.java b/pki/base/common/src/com/netscape/cms/shares/OldJoinShares.java
index 0c4dade8..0377c2b3 100644
--- a/pki/base/common/src/com/netscape/cms/shares/OldJoinShares.java
+++ b/pki/base/common/src/com/netscape/cms/shares/OldJoinShares.java
@@ -23,9 +23,9 @@ import java.lang.reflect.Method;
 import com.netscape.certsrv.kra.IJoinShares;
 
 /**
- * Use Java's reflection API to leverage CMS's
- * old Share and JoinShares implementations.
- *
+ * Use Java's reflection API to leverage CMS's old Share and JoinShares
+ * implementations.
+ * 
  * @deprecated
  * @version $Revision$ $Date$
  */
@@ -33,59 +33,54 @@ public class OldJoinShares implements IJoinShares {
 
     public Object mOldImpl = null;
 
-    public OldJoinShares()
-    {
+    public OldJoinShares() {
     }
 
-    public void initialize(int threshold) throws Exception
-    {
-      Class c = Class.forName("com.netscape.cmscore.shares.JoinShares");
-      Class types[] = { int.class };
-      Constructor con = c.getConstructor(types);
-      Object params[] = {Integer.valueOf(threshold)};
-      mOldImpl = con.newInstance(params);
+    public void initialize(int threshold) throws Exception {
+        Class c = Class.forName("com.netscape.cmscore.shares.JoinShares");
+        Class types[] = { int.class };
+        Constructor con = c.getConstructor(types);
+        Object params[] = { Integer.valueOf(threshold) };
+        mOldImpl = con.newInstance(params);
     }
 
-    public void addShare(int shareNum, byte[] share)
-    {
-      try {
-        Class types[] = { int.class, share.getClass() };
-        Class c = mOldImpl.getClass();
-        Method method = c.getMethod("addShare", types);
-        Object params[] = {Integer.valueOf(shareNum), share};
-        method.invoke(mOldImpl, params);
-      } catch (Exception e) {
-      }
+    public void addShare(int shareNum, byte[] share) {
+        try {
+            Class types[] = { int.class, share.getClass() };
+            Class c = mOldImpl.getClass();
+            Method method = c.getMethod("addShare", types);
+            Object params[] = { Integer.valueOf(shareNum), share };
+            method.invoke(mOldImpl, params);
+        } catch (Exception e) {
+        }
     }
 
-    public int getShareCount()
-    {
-      if (mOldImpl == null)
-        return -1;
-      try {
-        Class types[] = null;
-        Class c = mOldImpl.getClass();
-        Method method = c.getMethod("getShareCount", types);
-        Object params[] = null;
-        Integer result = (Integer)method.invoke(mOldImpl, params);
-        return result.intValue();
-      } catch (Exception e) {
-        return -1;
-      }
+    public int getShareCount() {
+        if (mOldImpl == null)
+            return -1;
+        try {
+            Class types[] = null;
+            Class c = mOldImpl.getClass();
+            Method method = c.getMethod("getShareCount", types);
+            Object params[] = null;
+            Integer result = (Integer) method.invoke(mOldImpl, params);
+            return result.intValue();
+        } catch (Exception e) {
+            return -1;
+        }
     }
 
-    public byte[] recoverSecret()
-    {
-      if (mOldImpl == null)
-        return null;
-      try {
-        Class types[] = null;
-        Class c = mOldImpl.getClass();
-        Method method = c.getMethod("recoverSecret", types);
-        Object params[] = null;
-        return (byte[])method.invoke(mOldImpl, params);
-      } catch (Exception e) {
-        return null;
-      }
+    public byte[] recoverSecret() {
+        if (mOldImpl == null)
+            return null;
+        try {
+            Class types[] = null;
+            Class c = mOldImpl.getClass();
+            Method method = c.getMethod("recoverSecret", types);
+            Object params[] = null;
+            return (byte[]) method.invoke(mOldImpl, params);
+        } catch (Exception e) {
+            return null;
+        }
     }
 }
diff --git a/pki/base/common/src/com/netscape/cms/shares/OldShare.java b/pki/base/common/src/com/netscape/cms/shares/OldShare.java
index 4e92f76a..cfd5c709 100644
--- a/pki/base/common/src/com/netscape/cms/shares/OldShare.java
+++ b/pki/base/common/src/com/netscape/cms/shares/OldShare.java
@@ -23,45 +23,41 @@ import java.lang.reflect.Method;
 import com.netscape.certsrv.kra.IShare;
 
 /**
- * Use Java's reflection API to leverage CMS's
- * old Share and JoinShares implementations.
- *
+ * Use Java's reflection API to leverage CMS's old Share and JoinShares
+ * implementations.
+ * 
  * @deprecated
  * @version $Revision$ $Date$
  */
-public class OldShare implements IShare 
-{
+public class OldShare implements IShare {
     public Object mOldImpl = null;
 
-    public OldShare()
-    {
+    public OldShare() {
     }
 
-    public void initialize(byte[] secret, int threshold) throws Exception
-    {
-      try {
-        Class c = Class.forName("com.netscape.cmscore.shares.Share");
-        Class types[] = { secret.getClass(), int.class };
-        Constructor cs[] = c.getConstructors();
-        Constructor con = c.getConstructor(types);
-        Object params[] = {secret, Integer.valueOf(threshold)};
-        mOldImpl = con.newInstance(params);
-      } catch (Exception e) {
-      }
+    public void initialize(byte[] secret, int threshold) throws Exception {
+        try {
+            Class c = Class.forName("com.netscape.cmscore.shares.Share");
+            Class types[] = { secret.getClass(), int.class };
+            Constructor cs[] = c.getConstructors();
+            Constructor con = c.getConstructor(types);
+            Object params[] = { secret, Integer.valueOf(threshold) };
+            mOldImpl = con.newInstance(params);
+        } catch (Exception e) {
+        }
     }
 
-    public byte[] createShare(int sharenumber)
-    {
-      if (mOldImpl == null)
-        return null;
-      try {
-        Class types[] = { int.class };
-        Class c = mOldImpl.getClass();
-        Method method = c.getMethod("createShare", types);
-        Object params[] = {Integer.valueOf(sharenumber)};
-        return (byte[])method.invoke(mOldImpl, params);
-      } catch (Exception e) {
-        return null;
-      }
+    public byte[] createShare(int sharenumber) {
+        if (mOldImpl == null)
+            return null;
+        try {
+            Class types[] = { int.class };
+            Class c = mOldImpl.getClass();
+            Method method = c.getMethod("createShare", types);
+            Object params[] = { Integer.valueOf(sharenumber) };
+            return (byte[]) method.invoke(mOldImpl, params);
+        } catch (Exception e) {
+            return null;
+        }
     }
 }
diff --git a/pki/base/common/src/com/netscape/cmscore/apps/CMSEngine.java b/pki/base/common/src/com/netscape/cmscore/apps/CMSEngine.java
index db648125..94a8345c 100644
--- a/pki/base/common/src/com/netscape/cmscore/apps/CMSEngine.java
+++ b/pki/base/common/src/com/netscape/cmscore/apps/CMSEngine.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cmscore.apps;
 
-
 import java.io.BufferedReader;
 import java.io.ByteArrayOutputStream;
 import java.io.File;
@@ -184,10 +183,13 @@ public class CMSEngine implements ICMSEngine {
 
     public static final SubsystemRegistry mSSReg = SubsystemRegistry.getInstance();
 
-    public static String instanceDir;    /* path to instance <server-root>/cert-<instance-name> */
-  
-    private IConfigStore mConfig = null; 
-    private ISubsystem mOwner = null; 
+    public static String instanceDir; /*
+                                       * path to instance
+                                       * <server-root>/cert-<instance-name>
+                                       */
+
+    private IConfigStore mConfig = null;
+    private ISubsystem mOwner = null;
     private long mStartupTime = 0;
     private boolean isStarted = false;
     private StringBuffer mWarning = new StringBuffer();
@@ -199,43 +201,43 @@ public class CMSEngine implements ICMSEngine {
     private String mConfigSDSessionId = null;
     private Timer mSDTimer = null;
 
-    // static subsystems - must be singletons 
+    // static subsystems - must be singletons
     private static SubsystemInfo[] mStaticSubsystems = {
             new SubsystemInfo(
-                Debug.ID, Debug.getInstance()),
-            new SubsystemInfo(LogSubsystem.ID, 
-                LogSubsystem.getInstance()),
-            new SubsystemInfo( 
-                OsSubsystem.ID, OsSubsystem.getInstance()),
-            new SubsystemInfo( 
-                JssSubsystem.ID, JssSubsystem.getInstance()),
-            new SubsystemInfo( 
-                DBSubsystem.ID, DBSubsystem.getInstance()),
-            new SubsystemInfo( 
-                UGSubsystem.ID, UGSubsystem.getInstance()),
+                    Debug.ID, Debug.getInstance()),
+            new SubsystemInfo(LogSubsystem.ID,
+                    LogSubsystem.getInstance()),
+            new SubsystemInfo(
+                    OsSubsystem.ID, OsSubsystem.getInstance()),
+            new SubsystemInfo(
+                    JssSubsystem.ID, JssSubsystem.getInstance()),
+            new SubsystemInfo(
+                    DBSubsystem.ID, DBSubsystem.getInstance()),
             new SubsystemInfo(
-                PluginRegistry.ID, new PluginRegistry()),
+                    UGSubsystem.ID, UGSubsystem.getInstance()),
             new SubsystemInfo(
-                OidLoaderSubsystem.ID, OidLoaderSubsystem.getInstance()),
+                    PluginRegistry.ID, new PluginRegistry()),
             new SubsystemInfo(
-                X500NameSubsystem.ID, X500NameSubsystem.getInstance()),
-            // skip TP subsystem; 
+                    OidLoaderSubsystem.ID, OidLoaderSubsystem.getInstance()),
+            new SubsystemInfo(
+                    X500NameSubsystem.ID, X500NameSubsystem.getInstance()),
+            // skip TP subsystem;
             // problem in needing dbsubsystem in constructor. and it's not used.
             new SubsystemInfo(
-                RequestSubsystem.ID, RequestSubsystem.getInstance()),
+                    RequestSubsystem.ID, RequestSubsystem.getInstance()),
         };
 
-    // dynamic subsystems are loaded at init time, not neccessarily singletons. 
+    // dynamic subsystems are loaded at init time, not neccessarily singletons.
     private static SubsystemInfo[] mDynSubsystems = null;
 
-    // final static subsystems - must be singletons. 
+    // final static subsystems - must be singletons.
     private static SubsystemInfo[] mFinalSubsystems = {
-            new SubsystemInfo( 
-                AuthSubsystem.ID, AuthSubsystem.getInstance()),
-            new SubsystemInfo( 
-                AuthzSubsystem.ID, AuthzSubsystem.getInstance()),
             new SubsystemInfo(
-                JobsScheduler.ID, JobsScheduler.getInstance()),
+                    AuthSubsystem.ID, AuthSubsystem.getInstance()),
+            new SubsystemInfo(
+                    AuthzSubsystem.ID, AuthzSubsystem.getInstance()),
+            new SubsystemInfo(
+                    JobsScheduler.ID, JobsScheduler.getInstance()),
         };
 
     private static final int IP = 0;
@@ -247,12 +249,12 @@ public class CMSEngine implements ICMSEngine {
     private static final int EE_NON_SSL = 3;
     private static final int EE_CLIENT_AUTH_SSL = 4;
     private static String mServerCertNickname = null;
-    private static String info[][] = { {null, null, null},//agent
-            {null, null, null},//admin
-            {null, null, null},//sslEE
-            {null, null, null},//non_sslEE
-            {null, null, null} //ssl_clientauth_EE
-        };
+    private static String info[][] = { { null, null, null },// agent
+            { null, null, null },// admin
+            { null, null, null },// sslEE
+            { null, null, null },// non_sslEE
+            { null, null, null } // ssl_clientauth_EE
+    };
 
     /**
      * private constructor.
@@ -261,14 +263,14 @@ public class CMSEngine implements ICMSEngine {
     }
 
     /**
-     * gets this ID 
+     * gets this ID
      */
     public String getId() {
         return ID;
     }
 
     /**
-     * should never be called. returns error. 
+     * should never be called. returns error.
      */
     public void setId(String id) throws EBaseException {
         throw new EBaseException(CMS.getUserMessage("CMS_BASE_INVALID_OPERATION"));
@@ -283,42 +285,43 @@ public class CMSEngine implements ICMSEngine {
 
     public synchronized IPasswordStore getPasswordStore() {
         // initialize the PasswordReader and PasswordWriter
-      try {
-        String pwdPath = mConfig.getString("passwordFile");
-        if (mPasswordStore == null) {
-          CMS.debug("CMSEngine: getPasswordStore(): password store not initialized before.");
-          String pwdClass = mConfig.getString("passwordClass");
+        try {
+            String pwdPath = mConfig.getString("passwordFile");
+            if (mPasswordStore == null) {
+                CMS.debug("CMSEngine: getPasswordStore(): password store not initialized before.");
+                String pwdClass = mConfig.getString("passwordClass");
 
-          if (pwdClass != null) {
-            try {
-                mPasswordStore = (IPasswordStore)Class.forName(pwdClass).newInstance();
-            } catch (Exception e) {
-                CMS.debug("CMSEngine: getPasswordStore(): password store initialization failure:" + e.toString());
+                if (pwdClass != null) {
+                    try {
+                        mPasswordStore = (IPasswordStore) Class.forName(pwdClass).newInstance();
+                    } catch (Exception e) {
+                        CMS.debug("CMSEngine: getPasswordStore(): password store initialization failure:" + e.toString());
+                    }
+                }
+            } else {
+                CMS.debug("CMSEngine: getPasswordStore(): password store initialized before.");
             }
-          }
-        } else {
-          CMS.debug("CMSEngine: getPasswordStore(): password store initialized before.");
-        }
 
-        // have to initialize it because other places don't always
-        mPasswordStore.init(pwdPath); 
-        CMS.debug("CMSEngine: getPasswordStore(): password store initialized.");
-      } catch (Exception e) {
-        CMS.debug("CMSEngine: getPasswordStore(): failure:" + e.toString());
-      }
+            // have to initialize it because other places don't always
+            mPasswordStore.init(pwdPath);
+            CMS.debug("CMSEngine: getPasswordStore(): password store initialized.");
+        } catch (Exception e) {
+            CMS.debug("CMSEngine: getPasswordStore(): failure:" + e.toString());
+        }
 
-      return mPasswordStore;
+        return mPasswordStore;
     }
 
     /**
      * initialize all static, dynamic and final static subsystems.
+     * 
      * @param owner null
      * @param config main config store.
-     * @exception EBaseException if any error occur in subsystems during 
-     * initialization.
+     * @exception EBaseException if any error occur in subsystems during
+     *                initialization.
      */
-    public void init(ISubsystem owner, IConfigStore config) 
-        throws EBaseException {
+    public void init(ISubsystem owner, IConfigStore config)
+            throws EBaseException {
         mOwner = owner;
         mConfig = config;
         int state = mConfig.getInteger("cs.state");
@@ -337,7 +340,7 @@ public class CMSEngine implements ICMSEngine {
         mSDTimer = new Timer();
         SessionTimer timertask = new SessionTimer(mSecurityDomainSessionTable);
         if ((state != 1) || (sd.equals("existing"))) {
-            // for non-security domain hosts or if not yet configured, 
+            // for non-security domain hosts or if not yet configured,
             // do not check session domain table
         } else {
             mSDTimer.schedule(timertask, 5, (new Long(secdomain_check_interval)).longValue());
@@ -363,10 +366,10 @@ public class CMSEngine implements ICMSEngine {
         loadDynSubsystems();
 
         java.security.Security.addProvider(
-            new netscape.security.provider.CMS());
+                new netscape.security.provider.CMS());
 
         mSSReg.put(ID, this);
-        initSubsystems(mStaticSubsystems, false); 
+        initSubsystems(mStaticSubsystems, false);
 
         // Once the log subsystem is initialized, we
         // want to register a listener to catch
@@ -379,7 +382,7 @@ public class CMSEngine implements ICMSEngine {
         initSubsystems(mDynSubsystems, true);
         initSubsystems(mFinalSubsystems, false);
 
-        CMS.debug("Java version=" + (String)System.getProperty("java.version"));
+        CMS.debug("Java version=" + (String) System.getProperty("java.version"));
         java.security.Provider ps[] = java.security.Security.getProviders();
 
         if (ps == null || ps.length <= 0) {
@@ -395,8 +398,10 @@ public class CMSEngine implements ICMSEngine {
 
     /**
      * Parse ACL resource attributes
+     * 
      * @param resACLs same format as the resourceACLs attribute:
-     * <PRE>
+     * 
+     *            <PRE>
      *     <resource name>:<permission1,permission2,...permissionn>:
      *     <allow|deny> (<subset of the permission set>) <evaluator expression>
      * </PRE>
@@ -420,7 +425,7 @@ public class CMSEngine implements ICMSEngine {
 
             if (resource == null) {
                 String infoMsg = "resource not specified in resourceACLS attribute:" +
-                    resACLs;
+                        resACLs;
 
                 String[] params = new String[2];
 
@@ -438,7 +443,7 @@ public class CMSEngine implements ICMSEngine {
                 rightsString = st.substring(0, idx2);
             else {
                 String infoMsg =
-                    "rights not specified in resourceACLS attribute:" + resACLs;
+                        "rights not specified in resourceACLS attribute:" + resACLs;
                 String[] params = new String[2];
 
                 params[0] = resACLs;
@@ -487,7 +492,7 @@ public class CMSEngine implements ICMSEngine {
                 // fine
                 String infoMsg = "acls not specified in resourceACLS attribute:" +
 
-                    resACLs;
+                resACLs;
 
                 String[] params = new String[2];
 
@@ -511,100 +516,100 @@ public class CMSEngine implements ICMSEngine {
     private void parseServerXML() {
         try {
             String instanceRoot = mConfig.getString("instanceRoot");
-            String path = instanceRoot+File.separator+"conf"+File.separator+SERVER_XML;
+            String path = instanceRoot + File.separator + "conf" + File.separator + SERVER_XML;
             DOMParser parser = new DOMParser();
             parser.parse(path);
             NodeList nodes = parser.getDocument().getElementsByTagName("Connector");
-            String parentName="";
-            String name="";
-            String port="";
-            for (int i=0; i<nodes.getLength(); i++) {
-                Element n = (Element)nodes.item(i);
+            String parentName = "";
+            String name = "";
+            String port = "";
+            for (int i = 0; i < nodes.getLength(); i++) {
+                Element n = (Element) nodes.item(i);
 
                 parentName = "";
                 Element p = (Element) n.getParentNode();
-                if(p != null)  {
-                    parentName = p.getAttribute("name");   
+                if (p != null) {
+                    parentName = p.getAttribute("name");
                 }
                 name = n.getAttribute("name");
                 port = n.getAttribute("port");
-             
+
                 // The "server.xml" file is parsed from top-to-bottom, and
                 // supports BOTH "Port Separation" (the new default method)
-                // as well as "Shared Ports" (the old legacy method).  Since
+                // as well as "Shared Ports" (the old legacy method). Since
                 // both methods must be supported, the file structure MUST
                 // conform to ONE AND ONLY ONE of the following formats:
                 //
                 // Port Separation:
                 //
-                //  <Catalina>
-                //     ...
-                //     <!-- Port Separation:  Unsecure Port -->
-                //     <Connector name="Unsecure" . . .
-                //     ...
-                //     <!-- Port Separation:  Agent Secure Port -->
-                //     <Connector name="Agent" . . .
-                //     ...
-                //     <!-- Port Separation:  Admin Secure Port -->
-                //     <Connector name="Admin" . . .
-                //     ...
-                //     <!-- Port Separation:  EE Secure Port -->
-                //     <Connector name="EE" . . .
-                //     ...
-                //  </Catalina>
+                // <Catalina>
+                // ...
+                // <!-- Port Separation: Unsecure Port -->
+                // <Connector name="Unsecure" . . .
+                // ...
+                // <!-- Port Separation: Agent Secure Port -->
+                // <Connector name="Agent" . . .
+                // ...
+                // <!-- Port Separation: Admin Secure Port -->
+                // <Connector name="Admin" . . .
+                // ...
+                // <!-- Port Separation: EE Secure Port -->
+                // <Connector name="EE" . . .
+                // ...
+                // </Catalina>
                 //
                 //
                 // Shared Ports:
                 //
-                //  <Catalina>
-                //     ...
-                //     <!-- Shared Ports:  Unsecure Port -->
-                //     <Connector name="Unsecure" . . .
-                //     ...
-                //     <!-- Shared Ports:  Agent, EE, and Admin Secure Port -->
-                //     <Connector name="Secure" . . .
-                //     ...
-                //     <!--
-                //     <Connector name="Unused" . . .
-                //     -->
-                //     ...
-                //     <!--
-                //     <Connector name="Unused" . . .
-                //     -->
-                //     ...
-                //  </Catalina>
+                // <Catalina>
+                // ...
+                // <!-- Shared Ports: Unsecure Port -->
+                // <Connector name="Unsecure" . . .
+                // ...
+                // <!-- Shared Ports: Agent, EE, and Admin Secure Port -->
+                // <Connector name="Secure" . . .
+                // ...
+                // <!--
+                // <Connector name="Unused" . . .
+                // -->
+                // ...
+                // <!--
+                // <Connector name="Unused" . . .
+                // -->
+                // ...
+                // </Catalina>
                 //
-                if ( parentName.equals("Catalina"))  {
-                    if( name.equals( "Unsecure" ) ) {
-                        // Port Separation:  Unsecure Port
-                        //                   OR
-                        // Shared Ports:     Unsecure Port
+                if (parentName.equals("Catalina")) {
+                    if (name.equals("Unsecure")) {
+                        // Port Separation: Unsecure Port
+                        // OR
+                        // Shared Ports: Unsecure Port
                         info[EE_NON_SSL][PORT] = port;
-                    } else if( name.equals( "Agent" ) ) {
-                        // Port Separation:  Agent Secure Port
+                    } else if (name.equals("Agent")) {
+                        // Port Separation: Agent Secure Port
                         info[AGENT][PORT] = port;
-                    } else if( name.equals( "Admin" ) ) {
-                        // Port Separation:  Admin Secure Port
+                    } else if (name.equals("Admin")) {
+                        // Port Separation: Admin Secure Port
                         info[ADMIN][PORT] = port;
-                    } else if( name.equals( "EE" ) ) {
-                        // Port Separation:  EE Secure Port
+                    } else if (name.equals("EE")) {
+                        // Port Separation: EE Secure Port
                         info[EE_SSL][PORT] = port;
-                    } else if( name.equals( "EEClientAuth" ) ) {
+                    } else if (name.equals("EEClientAuth")) {
                         // Port Separation: EE Client Auth Secure Port
-                        info[EE_CLIENT_AUTH_SSL][PORT] = port; 
-                    } else if( name.equals( "Secure" ) ) {
-                        // Shared Ports:  Agent, EE, and Admin Secure Port
+                        info[EE_CLIENT_AUTH_SSL][PORT] = port;
+                    } else if (name.equals("Secure")) {
+                        // Shared Ports: Agent, EE, and Admin Secure Port
                         info[AGENT][PORT] = port;
                         info[ADMIN][PORT] = port;
                         info[EE_SSL][PORT] = port;
                         info[EE_CLIENT_AUTH_SSL][PORT] = port;
                     }
-                }   
-           }
- 
-           } catch (Exception e) {
-               CMS.debug("CMSEngine: parseServerXML exception: " + e.toString());
-           }
+                }
+            }
+
+        } catch (Exception e) {
+            CMS.debug("CMSEngine: parseServerXML exception: " + e.toString());
+        }
     }
 
     private void fixProxyPorts() throws EBaseException {
@@ -624,24 +629,22 @@ public class CMSEngine implements ICMSEngine {
         } catch (EBaseException e) {
             CMS.debug("CMSEngine: fixProxyPorts exception: " + e.toString());
             throw e;
-        }   
+        }
     }
 
-
     public IConfigStore createFileConfigStore(String path) throws EBaseException {
         try {
-          /* if the file is not there, create one */
-          File f = new File(path);
-          if (!f.exists()) {
-            f.createNewFile();
-          }
+            /* if the file is not there, create one */
+            File f = new File(path);
+            if (!f.exists()) {
+                f.createNewFile();
+            }
         } catch (Exception e) {
         }
 
-        
         return new FileConfigStore(path);
     }
-    
+
     public IArgBlock createArgBlock() {
         return new ArgBlock();
     }
@@ -684,7 +687,7 @@ public class CMSEngine implements ICMSEngine {
     }
 
     public ICRLIssuingPointRecord createCRLIssuingPointRecord(String
-        id, BigInteger crlNumber, Long crlSize, Date thisUpdate, Date nextUpdate) {
+            id, BigInteger crlNumber, Long crlSize, Date thisUpdate, Date nextUpdate) {
         return new CRLIssuingPointRecord(id, crlNumber, crlSize, thisUpdate, nextUpdate);
     }
 
@@ -778,17 +781,17 @@ public class CMSEngine implements ICMSEngine {
     }
 
     public IHttpConnection getHttpConnection(IRemoteAuthority authority,
-        ISocketFactory factory) {
+            ISocketFactory factory) {
         return new HttpConnection(authority, factory);
     }
 
     public IHttpConnection getHttpConnection(IRemoteAuthority authority,
-        ISocketFactory factory, int timeout) {
+            ISocketFactory factory, int timeout) {
         return new HttpConnection(authority, factory, timeout);
     }
 
     public IResender getResender(IAuthority authority, String nickname,
-        IRemoteAuthority remote, int interval) {
+            IRemoteAuthority remote, int interval) {
         return new Resender(authority, nickname, remote, interval);
     }
 
@@ -796,31 +799,31 @@ public class CMSEngine implements ICMSEngine {
         return new HttpPKIMessage();
     }
 
-    public  ILdapConnInfo getLdapConnInfo(IConfigStore config)
-        throws EBaseException, ELdapException {
+    public ILdapConnInfo getLdapConnInfo(IConfigStore config)
+            throws EBaseException, ELdapException {
         return new LdapConnInfo(config);
     }
 
-    public   LDAPSSLSocketFactoryExt getLdapJssSSLSocketFactory(
-        String certNickname) {
+    public LDAPSSLSocketFactoryExt getLdapJssSSLSocketFactory(
+            String certNickname) {
         return new LdapJssSSLSocketFactory(certNickname);
     }
 
-    public   LDAPSSLSocketFactoryExt getLdapJssSSLSocketFactory() {
+    public LDAPSSLSocketFactoryExt getLdapJssSSLSocketFactory() {
         return new LdapJssSSLSocketFactory();
     }
 
-    public  ILdapAuthInfo getLdapAuthInfo() {
+    public ILdapAuthInfo getLdapAuthInfo() {
         return new LdapAuthInfo();
     }
 
-    public  ILdapConnFactory getLdapBoundConnFactory()
-        throws ELdapException {
+    public ILdapConnFactory getLdapBoundConnFactory()
+            throws ELdapException {
         return new LdapBoundConnFactory();
     }
 
-    public  ILdapConnFactory getLdapAnonConnFactory()
-        throws ELdapException {
+    public ILdapConnFactory getLdapAnonConnFactory()
+            throws ELdapException {
         return new LdapAnonConnFactory();
     }
 
@@ -844,8 +847,8 @@ public class CMSEngine implements ICMSEngine {
      * initialize an array of subsystem info.
      */
     private void initSubsystems(SubsystemInfo[] sslist, boolean doSetId)
-        throws EBaseException {
-        if (sslist == null) 
+            throws EBaseException {
+        if (sslist == null)
             return;
         for (int i = 0; i < sslist.length; i++) {
             initSubsystem(sslist[i], doSetId);
@@ -856,34 +859,34 @@ public class CMSEngine implements ICMSEngine {
      * load dynamic subsystems
      */
     private void loadDynSubsystems()
-        throws EBaseException {
+            throws EBaseException {
         IConfigStore ssconfig = mConfig.getSubStore(PROP_SUBSYSTEM);
 
-        // count number of dyn loaded subsystems. 
+        // count number of dyn loaded subsystems.
         Enumeration<String> ssnames = ssconfig.getSubStoreNames();
         int nsubsystems = 0;
 
         for (nsubsystems = 0; ssnames.hasMoreElements(); nsubsystems++)
-            ssnames.nextElement(); 
+            ssnames.nextElement();
         if (Debug.ON) {
             Debug.trace(nsubsystems + " dyn subsystems loading..");
         }
-        if (nsubsystems == 0) 
+        if (nsubsystems == 0)
             return;
 
-            // load dyn subsystems.
+        // load dyn subsystems.
         mDynSubsystems = new SubsystemInfo[nsubsystems];
         ssnames = ssconfig.getSubStoreNames();
         for (int i = 0; i < mDynSubsystems.length; i++) {
-            IConfigStore config = 
-                ssconfig.getSubStore(String.valueOf(i));
+            IConfigStore config =
+                    ssconfig.getSubStore(String.valueOf(i));
             String id = config.getString(PROP_ID);
             String classname = config.getString(PROP_CLASS);
             ISubsystem ss = null;
 
             try {
                 ss = (ISubsystem) Class.forName(classname).newInstance();
-            } catch (InstantiationException e) { 
+            } catch (InstantiationException e) {
                 throw new EBaseException(
                         CMS.getUserMessage("CMS_BASE_LOAD_FAILED_1", id, e.toString()));
             } catch (IllegalAccessException e) {
@@ -900,23 +903,22 @@ public class CMSEngine implements ICMSEngine {
 
     public LDAPConnection getBoundConnection(String host, int port,
                int version, LDAPSSLSocketFactoryExt fac, String bindDN,
-               String bindPW) throws LDAPException
-    {
-          return new LdapBoundConnection(host, port, version, fac,
-             bindDN, bindPW);
+               String bindPW) throws LDAPException {
+        return new LdapBoundConnection(host, port, version, fac,
+                bindDN, bindPW);
     }
 
     /**
-     * initialize a subsystem 
+     * initialize a subsystem
      */
-    private void initSubsystem(SubsystemInfo ssinfo, boolean doSetId) 
-        throws EBaseException {
+    private void initSubsystem(SubsystemInfo ssinfo, boolean doSetId)
+            throws EBaseException {
         String id = ssinfo.mId;
         ISubsystem ss = ssinfo.mInstance;
         IConfigStore ssConfig = mConfig.getSubStore(id);
 
         CMS.debug("CMSEngine: initSubsystem id=" + id);
-        if (doSetId) 
+        if (doSetId)
             ss.setId(id);
         CMS.debug("CMSEngine: ready to init id=" + id);
         ss.init(this, ssConfig);
@@ -925,8 +927,8 @@ public class CMSEngine implements ICMSEngine {
         mSSReg.put(id, ss);
         CMS.debug("CMSEngine: initialized " + id);
 
-        if(id.equals("ca") || id.equals("ocsp") ||
-            id.equals("kra") || id.equals("tks")) {
+        if (id.equals("ca") || id.equals("ocsp") ||
+                id.equals("kra") || id.equals("tks")) {
             CMS.debug("CMSEngine::initSubsystem " + id + " Java subsytem about to calculate serverCertNickname. ");
             // get SSL server nickname
             IConfigStore serverCertStore = mConfig.getSubStore(id + "." + "sslserver");
@@ -934,12 +936,12 @@ public class CMSEngine implements ICMSEngine {
                 String nickName = serverCertStore.getString("nickname");
                 String tokenName = serverCertStore.getString("tokenname");
                 if (tokenName != null && tokenName.length() > 0 &&
-                    nickName != null && nickName.length() > 0) {
+                        nickName != null && nickName.length() > 0) {
                     CMS.setServerCertNickname(tokenName, nickName);
-                    CMS.debug("Subsystem " + id + " init sslserver:  tokenName:"+tokenName+"  nickName:"+nickName);
+                    CMS.debug("Subsystem " + id + " init sslserver:  tokenName:" + tokenName + "  nickName:" + nickName);
                 } else if (nickName != null && nickName.length() > 0) {
                     CMS.setServerCertNickname(nickName);
-                    CMS.debug("Subsystem " + id + " init sslserver:  nickName:"+nickName);
+                    CMS.debug("Subsystem " + id + " init sslserver:  nickName:" + nickName);
                 } else {
                     CMS.debug("Subsystem " + id + " init error: SSL server certificate nickname is not available.");
                 }
@@ -955,16 +957,17 @@ public class CMSEngine implements ICMSEngine {
 
     /**
      * Starts up all subsystems. subsystems must be initialized.
+     * 
      * @exception EBaseException if any subsystem fails to startup.
      */
     public void startup() throws EBaseException {
-        //OsSubsystem.nativeExit(0);
+        // OsSubsystem.nativeExit(0);
         startupSubsystems(mStaticSubsystems);
         if (mDynSubsystems != null)
             startupSubsystems(mDynSubsystems);
         startupSubsystems(mFinalSubsystems);
 
-        // global admin servlet. (anywhere else more fit for this ?) 
+        // global admin servlet. (anywhere else more fit for this ?)
 
         mStartupTime = System.currentTimeMillis();
 
@@ -981,7 +984,7 @@ public class CMSEngine implements ICMSEngine {
 
             CMS.debug("CMSEngine: checking certificate serial number ranges");
             ca.getCertificateRepository().checkRanges();
-        } 
+        }
 
         IKeyRecoveryAuthority kra = (IKeyRecoveryAuthority) getSubsystem("kra");
         if ((kra != null) && !isPreOpMode()) {
@@ -992,16 +995,18 @@ public class CMSEngine implements ICMSEngine {
             kra.getKeyRepository().checkRanges();
         }
 
-        /*LogDoc
-         *
+        /*
+         * LogDoc
+         * 
          * @phase server startup
+         * 
          * @reason all subsystems are initialized and started.
          */
         Logger.getLogger().log(ILogger.EV_SYSTEM, ILogger.S_ADMIN,
-            ILogger.LL_INFO, CMS.getLogMessage("SERVER_STARTUP"));
+                ILogger.LL_INFO, CMS.getLogMessage("SERVER_STARTUP"));
         System.out.println(Constants.SERVER_STARTUP_MESSAGE);
         isStarted = true;
-       
+
     }
 
     public boolean isInRunningState() {
@@ -1011,31 +1016,31 @@ public class CMSEngine implements ICMSEngine {
     public byte[] getPKCS7(Locale locale, IRequest req) {
         try {
             X509CertImpl cert = req.getExtDataInCert(
-              IEnrollProfile.REQUEST_ISSUED_CERT);
+                    IEnrollProfile.REQUEST_ISSUED_CERT);
             if (cert == null)
                 return null;
-            
+
             ICertificateAuthority ca = (ICertificateAuthority)
-              CMS.getSubsystem("ca");
+                    CMS.getSubsystem("ca");
             CertificateChain cachain = ca.getCACertChain();
             X509Certificate[] cacerts = cachain.getChain();
 
             X509CertImpl[] userChain = new X509CertImpl[cacerts.length + 1];
             int m = 1, n = 0;
-    
+
             for (; n < cacerts.length; m++, n++) {
                 userChain[m] = (X509CertImpl) cacerts[n];
             }
 
             userChain[0] = cert;
             PKCS7 p7 = new PKCS7(new AlgorithmId[0],
-              new ContentInfo(new byte[0]),
-              userChain,
-              new SignerInfo[0]);
+                    new ContentInfo(new byte[0]),
+                    userChain,
+                    new SignerInfo[0]);
             ByteArrayOutputStream bos = new ByteArrayOutputStream();
 
             p7.encodeSignedData(bos);
-            return bos.toByteArray(); 
+            return bos.toByteArray();
         } catch (Exception e) {
             return null;
         }
@@ -1046,11 +1051,11 @@ public class CMSEngine implements ICMSEngine {
     }
 
     public void setServerCertNickname(String tokenName, String
-        nickName) {
+            nickName) {
         String newName = null;
 
         if (tokenName.equals(Constants.PR_INTERNAL_TOKEN_NAME) ||
-            tokenName.equalsIgnoreCase("Internal Key Storage Token"))
+                tokenName.equalsIgnoreCase("Internal Key Storage Token"))
             newName = nickName;
         else {
             if (tokenName.equals("") && nickName.equals(""))
@@ -1063,83 +1068,63 @@ public class CMSEngine implements ICMSEngine {
 
     public void setServerCertNickname(String newName) {
         // modify server.xml
-/*
-        String filePrefix = instanceDir + File.separator +
-            "config" + File.separator;
-        String orig = filePrefix + "server.xml";
-        String dest = filePrefix + "server.xml.bak";
-        String newF = filePrefix + "server.xml.new";
-
-        // save the old copy
-        Utils.copy(orig, dest);
-
-        BufferedReader in1 = null;
-        PrintWriter out1 = null;
-
-        try {
-            in1 = new BufferedReader(new FileReader(dest));
-            out1 = new PrintWriter(
-                        new BufferedWriter(new FileWriter(newF)));
-            String line = "";
-
-            while (in1.ready()) {
-                line = in1.readLine();
-                if (line != null)
-                    out1.println(lineParsing(line, newName)); 
-            }
-
-            out1.close();
-            in1.close();
-        } catch (Exception eee) {
-            Logger.getLogger().log(ILogger.EV_SYSTEM, ILogger.S_ADMIN,
-                ILogger.LL_FAILURE, CMS.getLogMessage("OPERATION_ERROR", eee.toString()));
-        }
-
-        File file = new File(newF);
-        File nfile = new File(orig);
-
-        try {
-            boolean success = file.renameTo(nfile);
-
-            if (!success) {
-                if (Utils.isNT()) {
-                    // NT is very picky on the path
-                    Utils.exec("copy " +
-                        file.getAbsolutePath().replace('/', '\\') + " " +
-                        nfile.getAbsolutePath().replace('/', '\\'));
-                } else {
-                    Utils.exec("cp " + file.getAbsolutePath() + " " +
-                        nfile.getAbsolutePath());
-                }
-            }
-        } catch (Exception exx) {
-            Logger.getLogger().log(ILogger.EV_SYSTEM, ILogger.S_ADMIN,
-                ILogger.LL_FAILURE, "CMSEngine: Error " + exx.toString());
-        }
-        // update "cache" for CMS.getServerCertNickname()
-*/
+        /*
+         * String filePrefix = instanceDir + File.separator + "config" +
+         * File.separator; String orig = filePrefix + "server.xml"; String dest
+         * = filePrefix + "server.xml.bak"; String newF = filePrefix +
+         * "server.xml.new";
+         * 
+         * // save the old copy Utils.copy(orig, dest);
+         * 
+         * BufferedReader in1 = null; PrintWriter out1 = null;
+         * 
+         * try { in1 = new BufferedReader(new FileReader(dest)); out1 = new
+         * PrintWriter( new BufferedWriter(new FileWriter(newF))); String line =
+         * "";
+         * 
+         * while (in1.ready()) { line = in1.readLine(); if (line != null)
+         * out1.println(lineParsing(line, newName)); }
+         * 
+         * out1.close(); in1.close(); } catch (Exception eee) {
+         * Logger.getLogger().log(ILogger.EV_SYSTEM, ILogger.S_ADMIN,
+         * ILogger.LL_FAILURE, CMS.getLogMessage("OPERATION_ERROR",
+         * eee.toString())); }
+         * 
+         * File file = new File(newF); File nfile = new File(orig);
+         * 
+         * try { boolean success = file.renameTo(nfile);
+         * 
+         * if (!success) { if (Utils.isNT()) { // NT is very picky on the path
+         * Utils.exec("copy " + file.getAbsolutePath().replace('/', '\\') + " "
+         * + nfile.getAbsolutePath().replace('/', '\\')); } else {
+         * Utils.exec("cp " + file.getAbsolutePath() + " " +
+         * nfile.getAbsolutePath()); } } } catch (Exception exx) {
+         * Logger.getLogger().log(ILogger.EV_SYSTEM, ILogger.S_ADMIN,
+         * ILogger.LL_FAILURE, "CMSEngine: Error " + exx.toString()); } //
+         * update "cache" for CMS.getServerCertNickname()
+         */
         mServerCertNickname = newName;
     }
 
     public String getFingerPrint(Certificate cert)
-        throws CertificateEncodingException, NoSuchAlgorithmException {
+            throws CertificateEncodingException, NoSuchAlgorithmException {
         return CertUtils.getFingerPrint(cert);
     }
 
     public String getFingerPrints(Certificate cert)
-        throws NoSuchAlgorithmException, CertificateEncodingException {
+            throws NoSuchAlgorithmException, CertificateEncodingException {
         return CertUtils.getFingerPrints(cert);
     }
 
     public String getFingerPrints(byte[] certDer)
-        throws NoSuchAlgorithmException {
+            throws NoSuchAlgorithmException {
         return CertUtils.getFingerPrints(certDer);
     }
 
     public String getUserMessage(Locale locale, String msgID, String params[]) {
         // if locale is null, try to get it out from session context
         if (locale == null) {
-            SessionContext sc = SessionContext.getExistingContext(); 
+            SessionContext sc = SessionContext.getExistingContext();
 
             if (sc != null)
                 locale = (Locale) sc.get(SessionContext.LOCALE);
@@ -1178,8 +1163,8 @@ public class CMSEngine implements ICMSEngine {
         return getUserMessage(locale, msgID, params);
     }
 
-    public String getUserMessage(Locale locale, String msgID, 
-        String p1, String p2, String p3) {
+    public String getUserMessage(Locale locale, String msgID,
+            String p1, String p2, String p3) {
         String params[] = { p1, p2, p3 };
 
         return getUserMessage(locale, msgID, params);
@@ -1198,7 +1183,7 @@ public class CMSEngine implements ICMSEngine {
     }
 
     public void debug(byte data[]) {
-        if (!debugOn()) { 
+        if (!debugOn()) {
             // this helps to not saving stuff to file when debug
             // is disable
             return;
@@ -1207,7 +1192,7 @@ public class CMSEngine implements ICMSEngine {
     }
 
     public void debug(int level, String msg) {
-        if (!debugOn()) { 
+        if (!debugOn()) {
             // this helps to not saving stuff to file when debug
             // is disable
             return;
@@ -1216,7 +1201,7 @@ public class CMSEngine implements ICMSEngine {
     }
 
     public void debug(String msg) {
-        if (!debugOn()) { 
+        if (!debugOn()) {
             // this helps to not saving stuff to file when debug
             // is disable
             return;
@@ -1225,7 +1210,7 @@ public class CMSEngine implements ICMSEngine {
     }
 
     public void debug(Throwable e) {
-        if (!debugOn()) { 
+        if (!debugOn()) {
             // this helps to not saving stuff to file when debug
             // is disable
             return;
@@ -1244,14 +1229,15 @@ public class CMSEngine implements ICMSEngine {
     public void traceHashKey(String type, String key) {
         Debug.traceHashKey(type, key);
     }
+
     public void traceHashKey(String type, String key, String val) {
         Debug.traceHashKey(type, key, val);
     }
+
     public void traceHashKey(String type, String key, String val, String def) {
         Debug.traceHashKey(type, key, val, def);
     }
 
-
     public String getLogMessage(String msgID) {
         return getLogMessage(msgID, (String[]) null);
     }
@@ -1310,67 +1296,67 @@ public class CMSEngine implements ICMSEngine {
         return getLogMessage(msgID, params);
     }
 
-    public  void getSubjAltNameConfigDefaultParams(String name,
-        Vector<String> params) {
+    public void getSubjAltNameConfigDefaultParams(String name,
+            Vector<String> params) {
         GeneralNameUtil.SubjAltNameGN.getDefaultParams(name, params);
     }
 
-    public  void getSubjAltNameConfigExtendedPluginInfo(String name,
-        Vector<String> params) {
+    public void getSubjAltNameConfigExtendedPluginInfo(String name,
+            Vector<String> params) {
         GeneralNameUtil.SubjAltNameGN.getExtendedPluginInfo(name, params);
     }
 
-    public  ISubjAltNameConfig createSubjAltNameConfig(String name, IConfigStore config, boolean isValueConfigured) throws EBaseException {
+    public ISubjAltNameConfig createSubjAltNameConfig(String name, IConfigStore config, boolean isValueConfigured) throws EBaseException {
         return new GeneralNameUtil.SubjAltNameGN(name, config, isValueConfigured);
     }
 
-    public  GeneralName form_GeneralNameAsConstraints(String generalNameChoice, String value) throws EBaseException {
+    public GeneralName form_GeneralNameAsConstraints(String generalNameChoice, String value) throws EBaseException {
         return GeneralNameUtil.form_GeneralNameAsConstraints(generalNameChoice, value);
     }
 
-    public  GeneralName form_GeneralName(String generalNameChoice,
-        String value) throws EBaseException {
+    public GeneralName form_GeneralName(String generalNameChoice,
+            String value) throws EBaseException {
         return GeneralNameUtil.form_GeneralName(generalNameChoice, value);
     }
 
-    public  void getGeneralNameConfigDefaultParams(String name,
-        boolean isValueConfigured, Vector<String> params) {
+    public void getGeneralNameConfigDefaultParams(String name,
+            boolean isValueConfigured, Vector<String> params) {
         GeneralNameUtil.GeneralNameConfig.getDefaultParams(name, isValueConfigured, params);
     }
 
-    public  void getGeneralNamesConfigDefaultParams(String name,
-        boolean isValueConfigured, Vector<String> params) {
+    public void getGeneralNamesConfigDefaultParams(String name,
+            boolean isValueConfigured, Vector<String> params) {
         GeneralNameUtil.GeneralNamesConfig.getDefaultParams(name, isValueConfigured, params);
     }
 
-    public  void getGeneralNameConfigExtendedPluginInfo(String name,
-        boolean isValueConfigured, Vector<String> info) {
+    public void getGeneralNameConfigExtendedPluginInfo(String name,
+            boolean isValueConfigured, Vector<String> info) {
         GeneralNameUtil.GeneralNameConfig.getExtendedPluginInfo(name, isValueConfigured, info);
     }
 
-    public  void getGeneralNamesConfigExtendedPluginInfo(String name,
-        boolean isValueConfigured, Vector<String> info) {
+    public void getGeneralNamesConfigExtendedPluginInfo(String name,
+            boolean isValueConfigured, Vector<String> info) {
         GeneralNameUtil.GeneralNamesConfig.getExtendedPluginInfo(name, isValueConfigured, info);
     }
 
-    public  IGeneralNamesConfig createGeneralNamesConfig(String name,
-        IConfigStore config, boolean isValueConfigured,
-        boolean isPolicyEnabled) throws EBaseException {
+    public IGeneralNamesConfig createGeneralNamesConfig(String name,
+            IConfigStore config, boolean isValueConfigured,
+            boolean isPolicyEnabled) throws EBaseException {
         return new GeneralNameUtil.GeneralNamesConfig(name, config, isValueConfigured, isPolicyEnabled);
     }
 
-    public  IGeneralNameAsConstraintsConfig createGeneralNameAsConstraintsConfig(String name, IConfigStore config, boolean isValueConfigured,
-        boolean isPolicyEnabled) throws EBaseException {
+    public IGeneralNameAsConstraintsConfig createGeneralNameAsConstraintsConfig(String name, IConfigStore config, boolean isValueConfigured,
+            boolean isPolicyEnabled) throws EBaseException {
         return new GeneralNameUtil.GeneralNameAsConstraintsConfig(name, config, isValueConfigured, isPolicyEnabled);
     }
 
-    public  IGeneralNamesAsConstraintsConfig createGeneralNamesAsConstraintsConfig(String name, IConfigStore config, boolean isValueConfigured,
-        boolean isPolicyEnabled) throws EBaseException {
+    public IGeneralNamesAsConstraintsConfig createGeneralNamesAsConstraintsConfig(String name, IConfigStore config, boolean isValueConfigured,
+            boolean isPolicyEnabled) throws EBaseException {
         return new GeneralNameUtil.GeneralNamesAsConstraintsConfig(name, config, isValueConfigured, isPolicyEnabled);
     }
 
     public ObjectIdentifier checkOID(String attrName, String value)
-        throws EBaseException {
+            throws EBaseException {
         return CertUtils.checkOID(attrName, value);
     }
 
@@ -1384,10 +1370,9 @@ public class CMSEngine implements ICMSEngine {
 
     public String getEncodedCert(X509Certificate cert) {
         try {
-            return
-                "-----BEGIN CERTIFICATE-----\n" +
-                CMS.BtoA(cert.getEncoded()) +
-                "\n-----END CERTIFICATE-----\n";
+            return "-----BEGIN CERTIFICATE-----\n" +
+                    CMS.BtoA(cert.getEncoded()) +
+                    "\n-----END CERTIFICATE-----\n";
         } catch (Exception e) {
             return null;
         }
@@ -1439,10 +1424,10 @@ public class CMSEngine implements ICMSEngine {
 
     public IMailNotification getMailNotification() {
         try {
-            String className = mConfig.getString("notificationClassName", 
+            String className = mConfig.getString("notificationClassName",
                     "com.netscape.cms.notification.MailNotification");
             IMailNotification notification = (IMailNotification)
-                Class.forName(className).newInstance();
+                    Class.forName(className).newInstance();
 
             return notification;
         } catch (Exception e) {
@@ -1475,7 +1460,7 @@ public class CMSEngine implements ICMSEngine {
             String className = mConfig.getString("passwordCheckerClass",
                     "com.netscape.cms.password.PasswordChecker");
             IPasswordCheck check = (IPasswordCheck)
-                Class.forName(className).newInstance();
+                    Class.forName(className).newInstance();
 
             return check;
         } catch (Exception e) {
@@ -1494,8 +1479,8 @@ public class CMSEngine implements ICMSEngine {
     /**
      * starts up subsystems in a subsystem list..
      */
-    private void startupSubsystems(SubsystemInfo[] sslist) 
-        throws EBaseException {
+    private void startupSubsystems(SubsystemInfo[] sslist)
+            throws EBaseException {
         ISubsystem ss = null;
 
         for (int i = 0; i < sslist.length; i++) {
@@ -1519,7 +1504,7 @@ public class CMSEngine implements ICMSEngine {
 
         while (e.hasMoreElements()) {
             Object thisRequest = e.nextElement();
-                   
+
             HttpServlet thisServlet = (HttpServlet) CommandQueue.mCommandQueue.get(thisRequest);
 
             if (thisServlet != null) {
@@ -1528,6 +1513,7 @@ public class CMSEngine implements ICMSEngine {
             }
         }
     }
+
     public static boolean isNT() {
         return (File.separator.equals("\\"));
     }
@@ -1542,17 +1528,16 @@ public class CMSEngine implements ICMSEngine {
                 cmds = new String[3];
                 cmds[0] = "cmd";
                 cmds[1] = "/c";
-                cmds[2] = instanceDir +"\\" + cmd;
+                cmds[2] = instanceDir + "\\" + cmd;
             } else {
                 // UNIX
                 cmds = new String[3];
                 cmds[0] = "/bin/sh";
                 cmds[1] = "-c";
-                cmds[2] = instanceDir +"/" +cmd;
+                cmds[2] = instanceDir + "/" + cmd;
             }
 
-            Process process = Runtime.getRuntime().exec(cmds); 
-
+            Process process = Runtime.getRuntime().exec(cmds);
 
             process.waitFor();
 
@@ -1562,38 +1547,32 @@ public class CMSEngine implements ICMSEngine {
 
         }
     } // end shutdownHttpServer
+
     /**
-     * Shuts down subsystems in backwards order 
-     * exceptions are ignored. process exists at end to force exit.
+     * Shuts down subsystems in backwards order exceptions are ignored. process
+     * exists at end to force exit.
      */
     public void shutdown() {
         Logger.getLogger().log(ILogger.EV_SYSTEM, ILogger.S_ADMIN,
-            ILogger.LL_INFO, Constants.SERVER_SHUTDOWN_MESSAGE);
+                ILogger.LL_INFO, Constants.SERVER_SHUTDOWN_MESSAGE);
 
         CMS.debug("CMSEngine.shutdown()");
-       
-/*
-        CommandQueue commandQueue = new CommandQueue();
-        Thread t1 = new Thread(commandQueue);
 
-        t1.setDaemon(true);
-        t1.start();
-        
-        // wait for command queue to emptied before proceeding to shutting down subsystems
-        Date time = new Date();
-        long startTime = time.getTime();
-        long timeOut = time.getTime();
-
-        while (t1.isAlive() && ((timeOut - startTime) < (60 * 1000))) //wait for 1 minute
-        {
-            try {
-                Thread.currentThread().sleep(5000); // sleep for 5 sec
-            }catch (java.lang.InterruptedException e) {
-            }
-            timeOut = time.getTime();
-        }
-        terminateRequests();
-*/
+        /*
+         * CommandQueue commandQueue = new CommandQueue(); Thread t1 = new
+         * Thread(commandQueue);
+         * 
+         * t1.setDaemon(true); t1.start();
+         * 
+         * // wait for command queue to emptied before proceeding to shutting
+         * down subsystems Date time = new Date(); long startTime =
+         * time.getTime(); long timeOut = time.getTime();
+         * 
+         * while (t1.isAlive() && ((timeOut - startTime) < (60 * 1000))) //wait
+         * for 1 minute { try { Thread.currentThread().sleep(5000); // sleep for
+         * 5 sec }catch (java.lang.InterruptedException e) { } timeOut =
+         * time.getTime(); } terminateRequests();
+         */
 
         shutdownSubsystems(mFinalSubsystems);
         shutdownSubsystems(mDynSubsystems);
@@ -1603,15 +1582,14 @@ public class CMSEngine implements ICMSEngine {
     }
 
     /**
-     * Shuts down subsystems in backwards order
-     * exceptions are ignored. process exists at end to force exit.
-     * Added extra call to shutdown the web server.
+     * Shuts down subsystems in backwards order exceptions are ignored. process
+     * exists at end to force exit. Added extra call to shutdown the web server.
      */
 
     public void forceShutdown() {
 
         Logger.getLogger().log(ILogger.EV_SYSTEM, ILogger.S_ADMIN,
-            ILogger.LL_INFO, Constants.SERVER_SHUTDOWN_MESSAGE);
+                ILogger.LL_INFO, Constants.SERVER_SHUTDOWN_MESSAGE);
 
         CMS.debug("CMSEngine.forceShutdown()");
 
@@ -1621,16 +1599,19 @@ public class CMSEngine implements ICMSEngine {
         t1.setDaemon(true);
         t1.start();
 
-        // wait for command queue to emptied before proceeding to shutting down subsystems
+        // wait for command queue to emptied before proceeding to shutting down
+        // subsystems
         Date time = new Date();
         long startTime = time.getTime();
         long timeOut = time.getTime();
 
-        while (t1.isAlive() && ((timeOut - startTime) < (60 * 1000))) //wait for 1 minute
+        while (t1.isAlive() && ((timeOut - startTime) < (60 * 1000))) // wait
+                                                                      // for 1
+                                                                      // minute
         {
             try {
-				Thread.sleep(5000); // sleep for 5 sec
-            }catch (java.lang.InterruptedException e) {
+                Thread.sleep(5000); // sleep for 5 sec
+            } catch (java.lang.InterruptedException e) {
             }
             timeOut = time.getTime();
         }
@@ -1647,12 +1628,11 @@ public class CMSEngine implements ICMSEngine {
      * shuts down a subsystem list in reverse order.
      */
     private void shutdownSubsystems(SubsystemInfo[] sslist) {
-        if (sslist == null) 
+        if (sslist == null)
             return;
 
         for (int i = sslist.length - 1; i >= 0; i--) {
-            if (sslist[i] != null && sslist[i].mInstance != null) 
-            {
+            if (sslist[i] != null && sslist[i].mInstance != null) {
                 sslist[i].mInstance.shutdown();
             }
         }
@@ -1679,7 +1659,7 @@ public class CMSEngine implements ICMSEngine {
         } catch (EBaseException e) {
             // intercept this for now -- don't want to change the callers
             Logger.getLogger().log(ILogger.EV_SYSTEM, ILogger.S_OTHER,
-                ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SDR_ADD_ERROR", e.toString()));
+                    ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SDR_ADD_ERROR", e.toString()));
         }
     }
 
@@ -1707,22 +1687,21 @@ public class CMSEngine implements ICMSEngine {
     }
 
     public static void upgradeConfig(IConfigStore c)
-        throws EBaseException {
+            throws EBaseException {
         String version = c.getString("cms.version", "pre4.2");
 
         if (version.equals("4.22")) {
             Upgrade.perform422to45(c);
-        }else if (version.equals("4.2")) {
+        } else if (version.equals("4.2")) {
             // SUPPORT UPGRADE FROM 4.2 to 4.2 (SP2)
             Upgrade.perform42to422(c);
             Upgrade.perform422to45(c);
         } else {
             // ONLY SUPPORT UPGRADE FROM 4.2 to 4.2 (SP2)
             /**
-             if (!version.equals("pre4.2"))
-             return;
-
-             Upgrade.perform(c);
+             * if (!version.equals("pre4.2")) return;
+             * 
+             * Upgrade.perform(c);
              **/
         }
     }
@@ -1753,10 +1732,10 @@ public class CMSEngine implements ICMSEngine {
 
         try {
             IRegistrationAuthority ra = (IRegistrationAuthority)
-                SubsystemRegistry.getInstance().get("ra");
+                    SubsystemRegistry.getInstance().get("ra");
 
             if (ra != null) {
-                  queue = ra.getRequestQueue();
+                queue = ra.getRequestQueue();
             }
 
         } catch (Exception e) {
@@ -1788,8 +1767,8 @@ public class CMSEngine implements ICMSEngine {
                 result = mVCList.check(cert);
             }
             if (result != VerifiedCert.REVOKED &&
-                result != VerifiedCert.NOT_REVOKED &&
-                result != VerifiedCert.CHECKED) {
+                    result != VerifiedCert.NOT_REVOKED &&
+                    result != VerifiedCert.CHECKED) {
 
                 CertificateRepository certDB = (CertificateRepository) getCertDB();
 
@@ -1815,9 +1794,9 @@ public class CMSEngine implements ICMSEngine {
                         try {
                             checkRevReq = queue.newRequest(CertRequestConstants.GETREVOCATIONINFO_REQUEST);
                             checkRevReq.setExtData(IRequest.REQ_TYPE,
-                                CertRequestConstants.GETREVOCATIONINFO_REQUEST);
+                                    CertRequestConstants.GETREVOCATIONINFO_REQUEST);
                             checkRevReq.setExtData(IRequest.REQUESTOR_TYPE,
-                                IRequest.REQUESTOR_RA);
+                                    IRequest.REQUESTOR_RA);
 
                             X509CertImpl agentCerts[] = new X509CertImpl[certificates.length];
 
@@ -1865,12 +1844,11 @@ public class CMSEngine implements ICMSEngine {
     }
 
     private void log(int level, String msg) {
-        Logger.getLogger().log(ILogger.EV_SYSTEM, null, 
-            ILogger.S_AUTHENTICATION, level, msg);
+        Logger.getLogger().log(ILogger.EV_SYSTEM, null,
+                ILogger.S_AUTHENTICATION, level, msg);
     }
 }
 
-
 class WarningListener implements ILogEventListener {
     private StringBuffer mSB = null;
 
@@ -1903,19 +1881,19 @@ class WarningListener implements ILogEventListener {
         return null;
     }
 
-    public void init(ISubsystem owner, IConfigStore config) 
-        throws EBaseException {
+    public void init(ISubsystem owner, IConfigStore config)
+            throws EBaseException {
     }
 
     public void startup() {
     }
 
     /**
-     * Retrieve last "maxLine" number of system log with log lever >"level"
-     * and from  source "source". If the parameter is omitted. All entries
-     * are sent back.
+     * Retrieve last "maxLine" number of system log with log lever >"level" and
+     * from source "source". If the parameter is omitted. All entries are sent
+     * back.
      */
-    public synchronized NameValuePairs retrieveLogContent(Hashtable<String, String>  req) throws ServletException,
+    public synchronized NameValuePairs retrieveLogContent(Hashtable<String, String> req) throws ServletException,
             IOException, EBaseException {
         return null;
     }
@@ -1923,7 +1901,7 @@ class WarningListener implements ILogEventListener {
     /**
      * Retrieve log file list.
      */
-    public synchronized NameValuePairs retrieveLogList(Hashtable<String, String>  req) throws ServletException,
+    public synchronized NameValuePairs retrieveLogList(Hashtable<String, String> req) throws ServletException,
             IOException, EBaseException {
         return null;
     }
@@ -1949,14 +1927,13 @@ class WarningListener implements ILogEventListener {
     }
 }
 
-
 class SubsystemInfo {
     public final String mId;
     public final ISubsystem mInstance;
+
     public SubsystemInfo(String id, ISubsystem ssInstance) {
         mId = id;
         mInstance = ssInstance;
     }
-    
-}
 
+}
diff --git a/pki/base/common/src/com/netscape/cmscore/apps/CommandQueue.java b/pki/base/common/src/com/netscape/cmscore/apps/CommandQueue.java
index 41b31049..d4b55604 100644
--- a/pki/base/common/src/com/netscape/cmscore/apps/CommandQueue.java
+++ b/pki/base/common/src/com/netscape/cmscore/apps/CommandQueue.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cmscore.apps;
 
-
 import java.util.Hashtable;
 
 import javax.servlet.Servlet;
@@ -25,23 +24,22 @@ import javax.servlet.Servlet;
 import com.netscape.certsrv.apps.ICommandQueue;
 import com.netscape.cms.servlet.common.CMSRequest;
 
-
 /*---------------------------------------------------------------
  ** CommandQueue - Class
  */
 
 /**
- *  register and unregister proccess for clean shutdown
+ * register and unregister proccess for clean shutdown
  */
 public class CommandQueue implements Runnable, ICommandQueue {
 
-    public static Hashtable<CMSRequest, Servlet> mCommandQueue = new Hashtable<CMSRequest, Servlet>(); 
+    public static Hashtable<CMSRequest, Servlet> mCommandQueue = new Hashtable<CMSRequest, Servlet>();
     public static boolean mShuttingDown = false;
 
     /*-----------------------------------------------------------
      ** CommandQueue - Constructor
      */
-    
+
     /**
      * Main constructor.
      */
@@ -52,21 +50,21 @@ public class CommandQueue implements Runnable, ICommandQueue {
     /*-----------------------------------------------------------
      ** run
      */
-    
+
     /**
      * Overrides Thread.run(), calls batchPublish().
      */
     public void run() {
-        //int  priority = Thread.MIN_PRIORITY;      
-        //Thread.currentThread().setPriority(priority);
+        // int priority = Thread.MIN_PRIORITY;
+        // Thread.currentThread().setPriority(priority);
         /*-------------------------------------------------
          ** Loop until queue is empty
          */
         mShuttingDown = true;
         while (mCommandQueue.isEmpty() == false) {
             try {
-				Thread.sleep(5 * 1000);
-                //gcProcess();
+                Thread.sleep(5 * 1000);
+                // gcProcess();
             } catch (Exception e) {
 
             }
@@ -78,9 +76,9 @@ public class CommandQueue implements Runnable, ICommandQueue {
             if ((currentServlet instanceof com.netscape.cms.servlet.base.CMSStartServlet) == false)
                 mCommandQueue.put(currentRequest, currentServlet);
             return true;
-        }else
+        } else
             return false;
-        
+
     }
 
     public void unRegisterProccess(Object currentRequest, Object currentServlet) {
@@ -88,13 +86,13 @@ public class CommandQueue implements Runnable, ICommandQueue {
 
         while (e.hasMoreElements()) {
             Object thisRequest = e.nextElement();
-      
+
             if (thisRequest.equals(currentRequest)) {
                 if (mCommandQueue.get(currentRequest).equals(currentServlet))
                     mCommandQueue.remove(currentRequest);
             }
         }
-            
+
     }
 } // CommandQueue
 
diff --git a/pki/base/common/src/com/netscape/cmscore/apps/PKIServerEvent.java b/pki/base/common/src/com/netscape/cmscore/apps/PKIServerEvent.java
index 27d2e3f7..e815a994 100644
--- a/pki/base/common/src/com/netscape/cmscore/apps/PKIServerEvent.java
+++ b/pki/base/common/src/com/netscape/cmscore/apps/PKIServerEvent.java
@@ -17,11 +17,10 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cmscore.apps;
 
-
 /**
  * A class represents a PKIServer event.
  * <P>
- *
+ * 
  * @author thomask
  * @version $Revision$, $Date$
  */
diff --git a/pki/base/common/src/com/netscape/cmscore/apps/PKIServerListener.java b/pki/base/common/src/com/netscape/cmscore/apps/PKIServerListener.java
index 78fe9069..d461ed21 100644
--- a/pki/base/common/src/com/netscape/cmscore/apps/PKIServerListener.java
+++ b/pki/base/common/src/com/netscape/cmscore/apps/PKIServerListener.java
@@ -17,12 +17,10 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cmscore.apps;
 
-
 /**
- * A class represents a listener that listens to
- * PKIServer event.
+ * A class represents a listener that listens to PKIServer event.
  * <P>
- *
+ * 
  * @author thomask
  * @version $Revision$, $Date$
  */
diff --git a/pki/base/common/src/com/netscape/cmscore/apps/Setup.java b/pki/base/common/src/com/netscape/cmscore/apps/Setup.java
index 3eb897cc..c46f113f 100644
--- a/pki/base/common/src/com/netscape/cmscore/apps/Setup.java
+++ b/pki/base/common/src/com/netscape/cmscore/apps/Setup.java
@@ -17,14 +17,12 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cmscore.apps;
 
-
 import com.netscape.certsrv.base.EBaseException;
 import com.netscape.certsrv.base.IConfigStore;
 
-
 /**
  * Select certificate server serices.
- *
+ * 
  * @author thomask
  * @author nicolson
  * @version $Revision$, $Date$
@@ -34,52 +32,53 @@ public class Setup {
     // These are a bunch of fixed values that just need to be stored to the
     // config file before the server is started.
     public static final String[][] authEntries = new String[][] {
-            {"auths._000", "##"},
-            {"auths._001", "## new authentication"},
-            {"auths._002", "##"},
-            {"auths.impl._000", "##"},
-            {"auths.impl._001", "## authentication manager implementations"},
-            {"auths.impl._002", "##"},
-            {"auths.impl.UidPwdDirAuth.class", "com.netscape.cms.authentication.UidPwdDirAuthentication"},
-            {"auths.impl.UidPwdPinDirAuth.class", "com.netscape.cms.authentication.UidPwdPinDirAuthentication"},
-            {"auths.impl.UdnPwdDirAuth.class", "com.netscape.cms.authentication.UdnPwdDirAuthentication"},
-            {"auths.impl.NISAuth.class", "com.netscape.cms.authentication.NISAuth"},
-            {"auths.impl.CMCAuth.class", "com.netscape.cms.authentication.CMCAuth"},
-            {"auths.impl.AgentCertAuth.class", "com.netscape.cms.authentication.AgentCertAuthentication"},
-            {"auths.impl.PortalEnroll.class", "com.netscape.cms.authentication.PortalEnroll"
+            { "auths._000", "##" },
+            { "auths._001", "## new authentication" },
+            { "auths._002", "##" },
+            { "auths.impl._000", "##" },
+            { "auths.impl._001", "## authentication manager implementations" },
+            { "auths.impl._002", "##" },
+            { "auths.impl.UidPwdDirAuth.class", "com.netscape.cms.authentication.UidPwdDirAuthentication" },
+            { "auths.impl.UidPwdPinDirAuth.class", "com.netscape.cms.authentication.UidPwdPinDirAuthentication" },
+            { "auths.impl.UdnPwdDirAuth.class", "com.netscape.cms.authentication.UdnPwdDirAuthentication" },
+            { "auths.impl.NISAuth.class", "com.netscape.cms.authentication.NISAuth" },
+            { "auths.impl.CMCAuth.class", "com.netscape.cms.authentication.CMCAuth" },
+            { "auths.impl.AgentCertAuth.class", "com.netscape.cms.authentication.AgentCertAuthentication" },
+            { "auths.impl.PortalEnroll.class", "com.netscape.cms.authentication.PortalEnroll"
             },
-            {"auths.revocationChecking.bufferSize", "50"},
+            { "auths.revocationChecking.bufferSize", "50" },
         };
+
     public static void installAuthImpls(IConfigStore c)
-        throws EBaseException {
+            throws EBaseException {
         for (int i = 0; i < authEntries.length; i++) {
             c.putString(authEntries[i][0], authEntries[i][1]);
         }
     }
 
     public static final String[][] oidmapEntries = new String[][] {
-            {"oidmap.pse.class", "netscape.security.extensions.PresenceServerExtension"},
-            {"oidmap.pse.oid", "2.16.840.1.113730.1.18"},
-            {"oidmap.ocsp_no_check.class", "netscape.security.extensions.OCSPNoCheckExtension"},
-            {"oidmap.ocsp_no_check.oid", "1.3.6.1.5.5.7.48.1.5"},
-            {"oidmap.netscape_comment.class", "netscape.security.x509.NSCCommentExtension"},
-            {"oidmap.netscape_comment.oid", "2.16.840.1.113730.1.13"},
-            {"oidmap.extended_key_usage.class", "netscape.security.extensions.ExtendedKeyUsageExtension"},
-            {"oidmap.extended_key_usage.oid", "2.5.29.37"},
-            {"oidmap.subject_info_access.class", "netscape.security.extensions.SubjectInfoAccessExtension"},
-            {"oidmap.subject_info_access.oid", "1.3.6.1.5.5.7.1.11"},
-            {"oidmap.auth_info_access.class", "netscape.security.extensions.AuthInfoAccessExtension"},
-            {"oidmap.auth_info_access.oid", "1.3.6.1.5.5.7.1.1"},
-            {"oidmap.challenge_password.class", "com.netscape.cms.servlet.cert.scep.ChallengePassword"},
-            {"oidmap.challenge_password.oid", "1.2.840.113549.1.9.7"},
-            {"oidmap.extensions_requested_vsgn.class", "com.netscape.cms.servlet.cert.scep.ExtensionsRequested"},
-            {"oidmap.extensions_requested_vsgn.oid", "2.16.840.1.113733.1.9.8"},
-            {"oidmap.extensions_requested_pkcs9.class", "com.netscape.cms.servlet.cert.scep.ExtensionsRequested"},
-            {"oidmap.extensions_requested_pkcs9.oid", "1.2.840.113549.1.9.14"},
+            { "oidmap.pse.class", "netscape.security.extensions.PresenceServerExtension" },
+            { "oidmap.pse.oid", "2.16.840.1.113730.1.18" },
+            { "oidmap.ocsp_no_check.class", "netscape.security.extensions.OCSPNoCheckExtension" },
+            { "oidmap.ocsp_no_check.oid", "1.3.6.1.5.5.7.48.1.5" },
+            { "oidmap.netscape_comment.class", "netscape.security.x509.NSCCommentExtension" },
+            { "oidmap.netscape_comment.oid", "2.16.840.1.113730.1.13" },
+            { "oidmap.extended_key_usage.class", "netscape.security.extensions.ExtendedKeyUsageExtension" },
+            { "oidmap.extended_key_usage.oid", "2.5.29.37" },
+            { "oidmap.subject_info_access.class", "netscape.security.extensions.SubjectInfoAccessExtension" },
+            { "oidmap.subject_info_access.oid", "1.3.6.1.5.5.7.1.11" },
+            { "oidmap.auth_info_access.class", "netscape.security.extensions.AuthInfoAccessExtension" },
+            { "oidmap.auth_info_access.oid", "1.3.6.1.5.5.7.1.1" },
+            { "oidmap.challenge_password.class", "com.netscape.cms.servlet.cert.scep.ChallengePassword" },
+            { "oidmap.challenge_password.oid", "1.2.840.113549.1.9.7" },
+            { "oidmap.extensions_requested_vsgn.class", "com.netscape.cms.servlet.cert.scep.ExtensionsRequested" },
+            { "oidmap.extensions_requested_vsgn.oid", "2.16.840.1.113733.1.9.8" },
+            { "oidmap.extensions_requested_pkcs9.class", "com.netscape.cms.servlet.cert.scep.ExtensionsRequested" },
+            { "oidmap.extensions_requested_pkcs9.oid", "1.2.840.113549.1.9.14" },
         };
 
     public static void installOIDMap(IConfigStore c)
-        throws EBaseException {
+            throws EBaseException {
         for (int i = 0; i < oidmapEntries.length; i++) {
             c.putString(oidmapEntries[i][0], oidmapEntries[i][1]);
         }
@@ -89,150 +88,149 @@ public class Setup {
      * This function is used for installation and upgrade.
      */
     public static void installPolicyImpls(String prefix, IConfigStore c)
-        throws EBaseException {
+            throws EBaseException {
         boolean isCA = false;
 
         if (prefix.equals("ca"))
             isCA = true;
 
-            //
-            // Policy implementations (class names)
-            //
+        //
+        // Policy implementations (class names)
+        //
         c.putString(prefix + ".Policy.impl._000", "##");
         c.putString(prefix + ".Policy.impl._001",
-            "## Policy Implementations");
+                "## Policy Implementations");
         c.putString(prefix + ".Policy.impl._002", "##");
         c.putString(
-            prefix + ".Policy.impl.KeyAlgorithmConstraints.class",
-            "com.netscape.cmscore.policy.KeyAlgorithmConstraints");
+                prefix + ".Policy.impl.KeyAlgorithmConstraints.class",
+                "com.netscape.cmscore.policy.KeyAlgorithmConstraints");
         c.putString(
-            prefix + ".Policy.impl.DSAKeyConstraints.class",
-            "com.netscape.cmscore.policy.DSAKeyConstraints");
+                prefix + ".Policy.impl.DSAKeyConstraints.class",
+                "com.netscape.cmscore.policy.DSAKeyConstraints");
         c.putString(
-            prefix + ".Policy.impl.RSAKeyConstraints.class",
-            "com.netscape.cmscore.policy.RSAKeyConstraints");
+                prefix + ".Policy.impl.RSAKeyConstraints.class",
+                "com.netscape.cmscore.policy.RSAKeyConstraints");
         c.putString(
-            prefix + ".Policy.impl.SigningAlgorithmConstraints.class",
-            "com.netscape.cmscore.policy.SigningAlgorithmConstraints");
+                prefix + ".Policy.impl.SigningAlgorithmConstraints.class",
+                "com.netscape.cmscore.policy.SigningAlgorithmConstraints");
         c.putString(
-            prefix + ".Policy.impl.ValidityConstraints.class",
-            "com.netscape.cmscore.policy.ValidityConstraints");
+                prefix + ".Policy.impl.ValidityConstraints.class",
+                "com.netscape.cmscore.policy.ValidityConstraints");
 
         /**
-         c.putString(
-         prefix + ".Policy.impl.NameConstraints.class",
-         "com.netscape.cmscore.policy.NameConstraints");
+         * c.putString( prefix + ".Policy.impl.NameConstraints.class",
+         * "com.netscape.cmscore.policy.NameConstraints");
          **/
         c.putString(
-            prefix + ".Policy.impl.RenewalConstraints.class",
-            "com.netscape.cmscore.policy.RenewalConstraints");
+                prefix + ".Policy.impl.RenewalConstraints.class",
+                "com.netscape.cmscore.policy.RenewalConstraints");
         c.putString(
-            prefix + ".Policy.impl.RenewalValidityConstraints.class",
-            "com.netscape.cmscore.policy.RenewalValidityConstraints");
+                prefix + ".Policy.impl.RenewalValidityConstraints.class",
+                "com.netscape.cmscore.policy.RenewalValidityConstraints");
         c.putString(
-            prefix + ".Policy.impl.RevocationConstraints.class",
-            "com.netscape.cmscore.policy.RevocationConstraints");
-        //getTempCMSConfig().putString(
-        //        prefix + ".Policy.impl.DefaultRevocation.class",
-        //        "com.netscape.cmscore.policy.DefaultRevocation");
+                prefix + ".Policy.impl.RevocationConstraints.class",
+                "com.netscape.cmscore.policy.RevocationConstraints");
+        // getTempCMSConfig().putString(
+        // prefix + ".Policy.impl.DefaultRevocation.class",
+        // "com.netscape.cmscore.policy.DefaultRevocation");
         c.putString(
-            prefix + ".Policy.impl.NSCertTypeExt.class",
-            "com.netscape.cmscore.policy.NSCertTypeExt");
+                prefix + ".Policy.impl.NSCertTypeExt.class",
+                "com.netscape.cmscore.policy.NSCertTypeExt");
         c.putString(
-            prefix + ".Policy.impl.KeyUsageExt.class",
-            "com.netscape.cmscore.policy.KeyUsageExt");
+                prefix + ".Policy.impl.KeyUsageExt.class",
+                "com.netscape.cmscore.policy.KeyUsageExt");
         c.putString(
-            prefix + ".Policy.impl.SubjectKeyIdentifierExt.class",
-            "com.netscape.cmscore.policy.SubjectKeyIdentifierExt");
+                prefix + ".Policy.impl.SubjectKeyIdentifierExt.class",
+                "com.netscape.cmscore.policy.SubjectKeyIdentifierExt");
         c.putString(
-            prefix + ".Policy.impl.CertificatePoliciesExt.class",
-            "com.netscape.cmscore.policy.CertificatePoliciesExt");
+                prefix + ".Policy.impl.CertificatePoliciesExt.class",
+                "com.netscape.cmscore.policy.CertificatePoliciesExt");
         c.putString(
-            prefix + ".Policy.impl.NSCCommentExt.class",
-            "com.netscape.cmscore.policy.NSCCommentExt");
+                prefix + ".Policy.impl.NSCCommentExt.class",
+                "com.netscape.cmscore.policy.NSCCommentExt");
         c.putString(
-            prefix + ".Policy.impl.IssuerAltNameExt.class",
-            "com.netscape.cmscore.policy.IssuerAltNameExt");
+                prefix + ".Policy.impl.IssuerAltNameExt.class",
+                "com.netscape.cmscore.policy.IssuerAltNameExt");
         c.putString(
-            prefix + ".Policy.impl.PrivateKeyUsagePeriodExt.class",
-            "com.netscape.cmscore.policy.PrivateKeyUsagePeriodExt");
+                prefix + ".Policy.impl.PrivateKeyUsagePeriodExt.class",
+                "com.netscape.cmscore.policy.PrivateKeyUsagePeriodExt");
         c.putString(
-            prefix + ".Policy.impl.AttributePresentConstraints.class",
-            "com.netscape.cmscore.policy.AttributePresentConstraints");
+                prefix + ".Policy.impl.AttributePresentConstraints.class",
+                "com.netscape.cmscore.policy.AttributePresentConstraints");
         c.putString(
-            prefix + ".Policy.impl.SubjectAltNameExt.class",
-            "com.netscape.cmscore.policy.SubjectAltNameExt");
+                prefix + ".Policy.impl.SubjectAltNameExt.class",
+                "com.netscape.cmscore.policy.SubjectAltNameExt");
         c.putString(
-            prefix + ".Policy.impl.SubjectDirectoryAttributesExt.class",
-            "com.netscape.cmscore.policy.SubjectDirectoryAttributesExt");
+                prefix + ".Policy.impl.SubjectDirectoryAttributesExt.class",
+                "com.netscape.cmscore.policy.SubjectDirectoryAttributesExt");
         c.putString(
-            prefix + ".Policy.impl.CertificateRenewalWindowExt.class",
-            "com.netscape.cmscore.policy.CertificateRenewalWindowExt");
+                prefix + ".Policy.impl.CertificateRenewalWindowExt.class",
+                "com.netscape.cmscore.policy.CertificateRenewalWindowExt");
         c.putString(
-            prefix + ".Policy.impl.CertificateScopeOfUseExt.class",
-            "com.netscape.cmscore.policy.CertificateScopeOfUseExt");
+                prefix + ".Policy.impl.CertificateScopeOfUseExt.class",
+                "com.netscape.cmscore.policy.CertificateScopeOfUseExt");
         if (isCA) {
             c.putString(
-                prefix + ".Policy.impl.AuthorityKeyIdentifierExt.class",
-                "com.netscape.cmscore.policy.AuthorityKeyIdentifierExt");
+                    prefix + ".Policy.impl.AuthorityKeyIdentifierExt.class",
+                    "com.netscape.cmscore.policy.AuthorityKeyIdentifierExt");
             c.putString(
-                prefix + ".Policy.impl.BasicConstraintsExt.class",
-                "com.netscape.cmscore.policy.BasicConstraintsExt");
+                    prefix + ".Policy.impl.BasicConstraintsExt.class",
+                    "com.netscape.cmscore.policy.BasicConstraintsExt");
             c.putString(
-                prefix + ".Policy.impl.SubCANameConstraints.class",
-                "com.netscape.cmscore.policy.SubCANameConstraints");
+                    prefix + ".Policy.impl.SubCANameConstraints.class",
+                    "com.netscape.cmscore.policy.SubCANameConstraints");
         }
         c.putString(
-            prefix + ".Policy.impl.CRLDistributionPointsExt.class",
-            "com.netscape.cmscore.policy.CRLDistributionPointsExt");
+                prefix + ".Policy.impl.CRLDistributionPointsExt.class",
+                "com.netscape.cmscore.policy.CRLDistributionPointsExt");
         c.putString(
-            prefix + ".Policy.impl.AuthInfoAccessExt.class",
-            "com.netscape.cmscore.policy.AuthInfoAccessExt");
+                prefix + ".Policy.impl.AuthInfoAccessExt.class",
+                "com.netscape.cmscore.policy.AuthInfoAccessExt");
         c.putString(
-            prefix + ".Policy.impl.OCSPNoCheckExt.class",
-            "com.netscape.cmscore.policy.OCSPNoCheckExt");
+                prefix + ".Policy.impl.OCSPNoCheckExt.class",
+                "com.netscape.cmscore.policy.OCSPNoCheckExt");
         c.putString(
-            prefix + ".Policy.impl.ExtendedKeyUsageExt.class",
-            "com.netscape.cmscore.policy.ExtendedKeyUsageExt");
+                prefix + ".Policy.impl.ExtendedKeyUsageExt.class",
+                "com.netscape.cmscore.policy.ExtendedKeyUsageExt");
         if (isCA) {
             c.putString(
-                prefix + ".Policy.impl.UniqueSubjectNameConstraints.class",
-                "com.netscape.cmscore.policy.UniqueSubjectNameConstraints");
+                    prefix + ".Policy.impl.UniqueSubjectNameConstraints.class",
+                    "com.netscape.cmscore.policy.UniqueSubjectNameConstraints");
         }
         c.putString(
-            prefix + ".Policy.impl.GenericASN1Ext.class",
-            "com.netscape.cmscore.policy.GenericASN1Ext");
+                prefix + ".Policy.impl.GenericASN1Ext.class",
+                "com.netscape.cmscore.policy.GenericASN1Ext");
         c.putString(
-            prefix + ".Policy.impl.RemoveBasicConstraintsExt.class",
-            "com.netscape.cmscore.policy.RemoveBasicConstraintsExt");
+                prefix + ".Policy.impl.RemoveBasicConstraintsExt.class",
+                "com.netscape.cmscore.policy.RemoveBasicConstraintsExt");
     }
 
     /**
      * This function is used for installation and upgrade.
      */
     public static void installCACRLExtensions(IConfigStore c)
-        throws EBaseException {
+            throws EBaseException {
         // ca crl extensions
 
         // AuthorityKeyIdentifier
         c.putString("ca.crl.MasterCRL.extension.AuthorityKeyIdentifier.enable",
-            "false");
+                "false");
         c.putString("ca.crl.MasterCRL.extension.AuthorityKeyIdentifier.critical",
-            "false");
+                "false");
         c.putString("ca.crl.MasterCRL.extension.AuthorityKeyIdentifier.type",
-            "CRLExtension");
+                "CRLExtension");
         c.putString("ca.crl.MasterCRL.extension.AuthorityKeyIdentifier.class",
-            "com.netscape.cms.crl.CMSAuthorityKeyIdentifierExtension");
+                "com.netscape.cms.crl.CMSAuthorityKeyIdentifierExtension");
 
         // IssuerAlternativeName
         c.putString("ca.crl.MasterCRL.extension.IssuerAlternativeName.enable",
-            "false");
+                "false");
         c.putString("ca.crl.MasterCRL.extension.IssuerAlternativeName.critical",
-            "false");
+                "false");
         c.putString("ca.crl.MasterCRL.extension.IssuerAlternativeName.type",
-            "CRLExtension");
+                "CRLExtension");
         c.putString("ca.crl.MasterCRL.extension.IssuerAlternativeName.class",
-            "com.netscape.cms.crl.CMSIssuerAlternativeNameExtension");
+                "com.netscape.cms.crl.CMSIssuerAlternativeNameExtension");
         c.putString("ca.crl.MasterCRL.extension.IssuerAlternativeName.numNames", "0");
         c.putString("ca.crl.MasterCRL.extension.IssuerAlternativeName.nameType0", "");
         c.putString("ca.crl.MasterCRL.extension.IssuerAlternativeName.name0", "");
@@ -242,48 +240,48 @@ public class Setup {
         c.putString("ca.crl.MasterCRL.extension.CRLNumber.critical", "false");
         c.putString("ca.crl.MasterCRL.extension.CRLNumber.type", "CRLExtension");
         c.putString("ca.crl.MasterCRL.extension.CRLNumber.class",
-            "com.netscape.cms.crl.CMSCRLNumberExtension");
+                "com.netscape.cms.crl.CMSCRLNumberExtension");
 
         // DeltaCRLIndicator
         c.putString("ca.crl.MasterCRL.extension.DeltaCRLIndicator.enable", "false");
         c.putString("ca.crl.MasterCRL.extension.DeltaCRLIndicator.critical", "true");
         c.putString("ca.crl.MasterCRL.extension.DeltaCRLIndicator.type", "CRLExtension");
         c.putString("ca.crl.MasterCRL.extension.DeltaCRLIndicator.class",
-            "com.netscape.cms.crl.CMSDeltaCRLIndicatorExtension");
+                "com.netscape.cms.crl.CMSDeltaCRLIndicatorExtension");
 
         // IssuingDistributionPoint
         c.putString("ca.crl.MasterCRL.extension.IssuingDistributionPoint.enable",
-            "false");
+                "false");
         c.putString("ca.crl.MasterCRL.extension.IssuingDistributionPoint.critical",
-            "true");
+                "true");
         c.putString("ca.crl.MasterCRL.extension.IssuingDistributionPoint.type",
-            "CRLExtension");
+                "CRLExtension");
         c.putString("ca.crl.MasterCRL.extension.IssuingDistributionPoint.class",
-            "com.netscape.cms.crl.CMSIssuingDistributionPointExtension");
+                "com.netscape.cms.crl.CMSIssuingDistributionPointExtension");
         c.putString("ca.crl.MasterCRL.extension.IssuingDistributionPoint.pointType", "");
         c.putString("ca.crl.MasterCRL.extension.IssuingDistributionPoint.pointName", "");
         c.putString("ca.crl.MasterCRL.extension.IssuingDistributionPoint.onlyContainsUserCerts",
-            "false");
+                "false");
         c.putString("ca.crl.MasterCRL.extension.IssuingDistributionPoint.onlyContainsCACerts",
-            "false");
+                "false");
         c.putString("ca.crl.MasterCRL.extension.IssuingDistributionPoint.onlySomeReasons", "");
-        //"keyCompromise,cACompromise,affiliationChanged,superseded,cessationOfOperation,certificateHold");
+        // "keyCompromise,cACompromise,affiliationChanged,superseded,cessationOfOperation,certificateHold");
         c.putString("ca.crl.MasterCRL.extension.IssuingDistributionPoint.indirectCRL",
-            "false");
+                "false");
 
         // CRLReason
         c.putString("ca.crl.MasterCRL.extension.CRLReason.enable", "true");
         c.putString("ca.crl.MasterCRL.extension.CRLReason.critical", "false");
         c.putString("ca.crl.MasterCRL.extension.CRLReason.type", "CRLEntryExtension");
         c.putString("ca.crl.MasterCRL.extension.CRLReason.class",
-            "com.netscape.cms.crl.CMSCRLReasonExtension");
+                "com.netscape.cms.crl.CMSCRLReasonExtension");
 
         // HoldInstruction
         c.putString("ca.crl.MasterCRL.extension.HoldInstruction.enable", "false");
         c.putString("ca.crl.MasterCRL.extension.HoldInstruction.critical", "false");
         c.putString("ca.crl.MasterCRL.extension.HoldInstruction.type", "CRLEntryExtension");
         c.putString("ca.crl.MasterCRL.extension.HoldInstruction.class",
-            "com.netscape.cms.crl.CMSHoldInstructionExtension");
+                "com.netscape.cms.crl.CMSHoldInstructionExtension");
         c.putString("ca.crl.MasterCRL.extension.HoldInstruction.instruction", "none");
 
         // InvalidityDate
@@ -291,18 +289,24 @@ public class Setup {
         c.putString("ca.crl.MasterCRL.extension.InvalidityDate.critical", "false");
         c.putString("ca.crl.MasterCRL.extension.InvalidityDate.type", "CRLEntryExtension");
         c.putString("ca.crl.MasterCRL.extension.InvalidityDate.class",
-            "com.netscape.cms.crl.CMSInvalidityDateExtension");
+                "com.netscape.cms.crl.CMSInvalidityDateExtension");
 
         // CertificateIssuer
         /*
-         c.putString("ca.crl.MasterCRL.extension.CertificateIssuer.enable", "false");
-         c.putString("ca.crl.MasterCRL.extension.CertificateIssuer.critical", "true");
-         c.putString("ca.crl.MasterCRL.extension.CertificateIssuer.type", "CRLEntryExtension");
-         c.putString("ca.crl.MasterCRL.extension.CertificateIssuer.class",
-         "com.netscape.cms.crl.CMSCertificateIssuerExtension");
-         c.putString("ca.crl.MasterCRL.extension.CertificateIssuer.numNames", "0");
-         c.putString("ca.crl.MasterCRL.extension.CertificateIssuer.nameType0", "");
-         c.putString("ca.crl.MasterCRL.extension.CertificateIssuer.name0", "");
+         * c.putString("ca.crl.MasterCRL.extension.CertificateIssuer.enable",
+         * "false");
+         * c.putString("ca.crl.MasterCRL.extension.CertificateIssuer.critical",
+         * "true");
+         * c.putString("ca.crl.MasterCRL.extension.CertificateIssuer.type",
+         * "CRLEntryExtension");
+         * c.putString("ca.crl.MasterCRL.extension.CertificateIssuer.class",
+         * "com.netscape.cms.crl.CMSCertificateIssuerExtension");
+         * c.putString("ca.crl.MasterCRL.extension.CertificateIssuer.numNames",
+         * "0");
+         * c.putString("ca.crl.MasterCRL.extension.CertificateIssuer.nameType0",
+         * "");
+         * c.putString("ca.crl.MasterCRL.extension.CertificateIssuer.name0",
+         * "");
          */
 
         // FreshestCRL
@@ -310,34 +314,34 @@ public class Setup {
         c.putString("ca.crl.MasterCRL.extension.FreshestCRL.critical", "false");
         c.putString("ca.crl.MasterCRL.extension.FreshestCRL.type", "CRLExtension");
         c.putString("ca.crl.MasterCRL.extension.FreshestCRL.class",
-            "com.netscape.cms.crl.CMSFreshestCRLExtension");
+                "com.netscape.cms.crl.CMSFreshestCRLExtension");
         c.putString("ca.crl.MasterCRL.extension.FreshestCRL.numPoints", "0");
         c.putString("ca.crl.MasterCRL.extension.FreshestCRL.pointType0", "");
         c.putString("ca.crl.MasterCRL.extension.FreshestCRL.pointName0", "");
     }
 
     public static void installCAPublishingImpls(IConfigStore c)
-        throws EBaseException {
+            throws EBaseException {
         for (int i = 0; i < caLdappublishImplsEntries.length; i++) {
             c.putString(
-                caLdappublishImplsEntries[i][0], caLdappublishImplsEntries[i][1]);
+                    caLdappublishImplsEntries[i][0], caLdappublishImplsEntries[i][1]);
         }
     }
 
     private static final String[][] caLdappublishImplsEntries = new String[][] {
-            {"ca.publish.mapper.impl.LdapCaSimpleMap.class", "com.netscape.cms.publish.LdapCaSimpleMap"},
-            {"ca.publish.mapper.impl.LdapSimpleMap.class", "com.netscape.cms.publish.LdapSimpleMap"},
-            {"ca.publish.mapper.impl.LdapEnhancedMap.class", "com.netscape.cms.publish.LdapEnhancedMap"},
-            {"ca.publish.mapper.impl.LdapDNCompsMap.class", "com.netscape.cms.publish.LdapCertCompsMap"},
-            {"ca.publish.mapper.impl.LdapSubjAttrMap.class", "com.netscape.cms.publish.LdapCertSubjMap"},
-            {"ca.publish.mapper.impl.LdapDNExactMap.class", "com.netscape.cms.publish.LdapCertExactMap"},
-            //{"ca.publish.mapper.impl.LdapCrlIssuerCompsMap.class","com.netscape.cms.publish.LdapCrlIssuerCompsMap"},
-            {"ca.publish.publisher.impl.LdapUserCertPublisher.class", "com.netscape.cms.publish.LdapUserCertPublisher"},
-            {"ca.publish.publisher.impl.LdapCaCertPublisher.class", "com.netscape.cms.publish.LdapCaCertPublisher"},
-            {"ca.publish.publisher.impl.LdapCrlPublisher.class", "com.netscape.cms.publish.LdapCrlPublisher"},
-            {"ca.publish.publisher.impl.FileBasedPublisher.class", "com.netscape.cms.publish.FileBasedPublisher"},
-            {"ca.publish.publisher.impl.OCSPPublisher.class", "com.netscape.cms.publish.OCSPPublisher"},
-            {"ca.publish.rule.impl.Rule.class", "com.netscape.cmscore.ldap.LdapRule"},
+            { "ca.publish.mapper.impl.LdapCaSimpleMap.class", "com.netscape.cms.publish.LdapCaSimpleMap" },
+            { "ca.publish.mapper.impl.LdapSimpleMap.class", "com.netscape.cms.publish.LdapSimpleMap" },
+            { "ca.publish.mapper.impl.LdapEnhancedMap.class", "com.netscape.cms.publish.LdapEnhancedMap" },
+            { "ca.publish.mapper.impl.LdapDNCompsMap.class", "com.netscape.cms.publish.LdapCertCompsMap" },
+            { "ca.publish.mapper.impl.LdapSubjAttrMap.class", "com.netscape.cms.publish.LdapCertSubjMap" },
+            { "ca.publish.mapper.impl.LdapDNExactMap.class", "com.netscape.cms.publish.LdapCertExactMap" },
+            // {"ca.publish.mapper.impl.LdapCrlIssuerCompsMap.class","com.netscape.cms.publish.LdapCrlIssuerCompsMap"},
+            { "ca.publish.publisher.impl.LdapUserCertPublisher.class", "com.netscape.cms.publish.LdapUserCertPublisher" },
+            { "ca.publish.publisher.impl.LdapCaCertPublisher.class", "com.netscape.cms.publish.LdapCaCertPublisher" },
+            { "ca.publish.publisher.impl.LdapCrlPublisher.class", "com.netscape.cms.publish.LdapCrlPublisher" },
+            { "ca.publish.publisher.impl.FileBasedPublisher.class", "com.netscape.cms.publish.FileBasedPublisher" },
+            { "ca.publish.publisher.impl.OCSPPublisher.class", "com.netscape.cms.publish.OCSPPublisher" },
+            { "ca.publish.rule.impl.Rule.class", "com.netscape.cmscore.ldap.LdapRule" },
         };
 
 }
diff --git a/pki/base/common/src/com/netscape/cmscore/apps/Upgrade.java b/pki/base/common/src/com/netscape/cmscore/apps/Upgrade.java
index b77c8a7d..4fad2b4c 100644
--- a/pki/base/common/src/com/netscape/cmscore/apps/Upgrade.java
+++ b/pki/base/common/src/com/netscape/cmscore/apps/Upgrade.java
@@ -17,150 +17,147 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cmscore.apps;
 
-
 import java.io.File;
 
 import com.netscape.certsrv.base.EBaseException;
 import com.netscape.certsrv.base.IConfigStore;
 import com.netscape.cmscore.util.OsSubsystem;
 
-
 public final class Upgrade {
     public static void perform422to45(IConfigStore c)
-        throws EBaseException {
+            throws EBaseException {
         jss3(c);
-        c.putInteger("agentGateway.https.timeout", 120); 
+        c.putInteger("agentGateway.https.timeout", 120);
         IConfigStore cs = c.getSubStore("ca");
 
         if (cs != null && cs.size() > 0) {
             c.putString("ca.publish.mapper.impl.LdapEnhancedMap.class",
-                "com.netscape.certsrv.ldap.LdapEnhancedMap");
+                    "com.netscape.certsrv.ldap.LdapEnhancedMap");
         }
         c.putString("cms.version", "4.5");
         c.commit(false);
     }
 
     public static void perform42to422(IConfigStore c)
-        throws EBaseException {
+            throws EBaseException {
         // upgrade CMS's configuration parameters
-        c.putString("eeGateway.dynamicVariables", 
-            "serverdate=serverdate(),subsystemname=subsystemname(),http=http(),authmgrs=authmgrs(),clacrlurl=clacrlurl()");
+        c.putString("eeGateway.dynamicVariables",
+                "serverdate=serverdate(),subsystemname=subsystemname(),http=http(),authmgrs=authmgrs(),clacrlurl=clacrlurl()");
 
         // new OCSP Publisher implemention
         c.putString("ra.publish.publisher.impl.OCSPPublisher.class",
-            "com.netscape.certsrv.ldap.OCSPPublisher");
+                "com.netscape.certsrv.ldap.OCSPPublisher");
         c.putString("ca.publish.publisher.impl.OCSPPublisher.class",
-            "com.netscape.certsrv.ldap.OCSPPublisher");
+                "com.netscape.certsrv.ldap.OCSPPublisher");
 
         // new logging framework
         c.putString("log.impl.file.class",
-            "com.netscape.certsrv.logging.RollingLogFile");
+                "com.netscape.certsrv.logging.RollingLogFile");
 
-        c.putString("log.instance.Audit.bufferSize", 
-            c.getString("logAudit.bufferSize"));
-        c.putString("log.instance.Audit.enable", 
-            c.getString("logAudit.on"));
+        c.putString("log.instance.Audit.bufferSize",
+                c.getString("logAudit.bufferSize"));
+        c.putString("log.instance.Audit.enable",
+                c.getString("logAudit.on"));
         // This feature doesnot work in the previous release
         // But it works now. I don't want people to have their
         // logs auto deleted without notice.It's dangerous.
-        c.putString("log.instance.Audit.expirationTime", 
-            "0"); //Specifically turn it off.
-        //			c.getString("logAudit.expirationTime"));
-        c.putString("log.instance.Audit.fileName", 
-            c.getString("logAudit.fileName"));
-        c.putString("log.instance.Audit.flushInterval", 
-            c.getString("logAudit.flushInterval"));
-        c.putString("log.instance.Audit.level", 
-            c.getString("logAudit.level"));
-        c.putString("log.instance.Audit.maxFileSize", 
-            c.getString("logAudit.maxFileSize"));
-        c.putString("log.instance.Audit.pluginName", 
-            "file");
-        c.putString("log.instance.Audit.rolloverInterval", 
-            c.getString("logAudit.rolloverInterval"));
-        c.putString("log.instance.Audit.type", 
-            "audit");
-
-        c.putString("log.instance.Error.bufferSize", 
-            c.getString("logError.bufferSize"));
-        c.putString("log.instance.Error.enable", 
-            c.getString("logError.on"));
-        c.putString("log.instance.Error.expirationTime", 
-            "0"); //Specifically turn it off.
-        //			c.getString("logError.expirationTime"));
-        c.putString("log.instance.Error.fileName", 
-            c.getString("logError.fileName"));
-        c.putString("log.instance.Error.flushInterval", 
-            c.getString("logError.flushInterval"));
-        c.putString("log.instance.Error.level", 
-            c.getString("logError.level"));
-        c.putString("log.instance.Error.maxFileSize", 
-            c.getString("logError.maxFileSize"));
-        c.putString("log.instance.Error.pluginName", 
-            "file");
-        c.putString("log.instance.Error.rolloverInterval", 
-            c.getString("logError.rolloverInterval"));
-        c.putString("log.instance.Error.type", 
-            "system");
-
-        c.putString("log.instance.System.bufferSize", 
-            c.getString("logSystem.bufferSize"));
-        c.putString("log.instance.System.enable", 
-            c.getString("logSystem.on"));
-        c.putString("log.instance.System.expirationTime", 
-            "0"); //Specifically turn it off.
-        //			c.getString("logSystem.expirationTime"));
-        c.putString("log.instance.System.fileName", 
-            c.getString("logSystem.fileName"));
-        c.putString("log.instance.System.flushInterval", 
-            c.getString("logSystem.flushInterval"));
-        c.putString("log.instance.System.level", 
-            c.getString("logSystem.level"));
-        c.putString("log.instance.System.maxFileSize", 
-            c.getString("logSystem.maxFileSize"));
-        c.putString("log.instance.System.pluginName", 
-            "file");
-        c.putString("log.instance.System.rolloverInterval", 
-            c.getString("logSystem.rolloverInterval"));
-        c.putString("log.instance.System.type", 
-            "system");
-
-        if (!OsSubsystem.isUnix()) {
-            c.putString("log.impl.NTEventLog.class",
-                "com.netscape.certsrv.logging.NTEventLog");
-
-            c.putString("log.instance.NTAudit.NTEventSourceName", 
-                c.getString("logNTAudit.NTEventSourceName"));
-            c.putString("log.instance.NTAudit.enable", 
-                c.getString("logNTAudit.on"));
-            c.putString("log.instance.NTAudit.level", 
-                c.getString("logNTAudit.level"));
-            c.putString("log.instance.NTAudit.pluginName", 
-                "NTEventLog");
-            c.putString("log.instance.NTAudit.type", 
+        c.putString("log.instance.Audit.expirationTime",
+                "0"); // Specifically turn it off.
+        // c.getString("logAudit.expirationTime"));
+        c.putString("log.instance.Audit.fileName",
+                c.getString("logAudit.fileName"));
+        c.putString("log.instance.Audit.flushInterval",
+                c.getString("logAudit.flushInterval"));
+        c.putString("log.instance.Audit.level",
+                c.getString("logAudit.level"));
+        c.putString("log.instance.Audit.maxFileSize",
+                c.getString("logAudit.maxFileSize"));
+        c.putString("log.instance.Audit.pluginName",
+                "file");
+        c.putString("log.instance.Audit.rolloverInterval",
+                c.getString("logAudit.rolloverInterval"));
+        c.putString("log.instance.Audit.type",
+                "audit");
+
+        c.putString("log.instance.Error.bufferSize",
+                c.getString("logError.bufferSize"));
+        c.putString("log.instance.Error.enable",
+                c.getString("logError.on"));
+        c.putString("log.instance.Error.expirationTime",
+                "0"); // Specifically turn it off.
+        // c.getString("logError.expirationTime"));
+        c.putString("log.instance.Error.fileName",
+                c.getString("logError.fileName"));
+        c.putString("log.instance.Error.flushInterval",
+                c.getString("logError.flushInterval"));
+        c.putString("log.instance.Error.level",
+                c.getString("logError.level"));
+        c.putString("log.instance.Error.maxFileSize",
+                c.getString("logError.maxFileSize"));
+        c.putString("log.instance.Error.pluginName",
+                "file");
+        c.putString("log.instance.Error.rolloverInterval",
+                c.getString("logError.rolloverInterval"));
+        c.putString("log.instance.Error.type",
                 "system");
 
-            c.putString("log.instance.NTSystem.NTEventSourceName", 
-                c.getString("logNTSystem.NTEventSourceName"));
-            c.putString("log.instance.NTSystem.enable", 
-                c.getString("logNTSystem.on"));
-            c.putString("log.instance.NTSystem.level", 
-                c.getString("logNTSystem.level"));
-            c.putString("log.instance.NTSystem.pluginName", 
-                "NTEventLog");
-            c.putString("log.instance.NTSystem.type", 
+        c.putString("log.instance.System.bufferSize",
+                c.getString("logSystem.bufferSize"));
+        c.putString("log.instance.System.enable",
+                c.getString("logSystem.on"));
+        c.putString("log.instance.System.expirationTime",
+                "0"); // Specifically turn it off.
+        // c.getString("logSystem.expirationTime"));
+        c.putString("log.instance.System.fileName",
+                c.getString("logSystem.fileName"));
+        c.putString("log.instance.System.flushInterval",
+                c.getString("logSystem.flushInterval"));
+        c.putString("log.instance.System.level",
+                c.getString("logSystem.level"));
+        c.putString("log.instance.System.maxFileSize",
+                c.getString("logSystem.maxFileSize"));
+        c.putString("log.instance.System.pluginName",
+                "file");
+        c.putString("log.instance.System.rolloverInterval",
+                c.getString("logSystem.rolloverInterval"));
+        c.putString("log.instance.System.type",
                 "system");
+
+        if (!OsSubsystem.isUnix()) {
+            c.putString("log.impl.NTEventLog.class",
+                    "com.netscape.certsrv.logging.NTEventLog");
+
+            c.putString("log.instance.NTAudit.NTEventSourceName",
+                    c.getString("logNTAudit.NTEventSourceName"));
+            c.putString("log.instance.NTAudit.enable",
+                    c.getString("logNTAudit.on"));
+            c.putString("log.instance.NTAudit.level",
+                    c.getString("logNTAudit.level"));
+            c.putString("log.instance.NTAudit.pluginName",
+                    "NTEventLog");
+            c.putString("log.instance.NTAudit.type",
+                    "system");
+
+            c.putString("log.instance.NTSystem.NTEventSourceName",
+                    c.getString("logNTSystem.NTEventSourceName"));
+            c.putString("log.instance.NTSystem.enable",
+                    c.getString("logNTSystem.on"));
+            c.putString("log.instance.NTSystem.level",
+                    c.getString("logNTSystem.level"));
+            c.putString("log.instance.NTSystem.pluginName",
+                    "NTEventLog");
+            c.putString("log.instance.NTSystem.type",
+                    "system");
         }
         c.putString("cms.version", "4.22");
         c.commit(false);
     }
 
     /**
-     * This method handles pre4.2 -> 4.2 configuration 
-     * upgrade.
+     * This method handles pre4.2 -> 4.2 configuration upgrade.
      */
     public static void perform(IConfigStore c)
-        throws EBaseException {
+            throws EBaseException {
         boolean isCA = false;
         boolean isRA = false;
         boolean isKRA = false;
@@ -195,8 +192,8 @@ public final class Upgrade {
             Setup.installPolicyImpls("ra", c);
         }
 
-        c.putString("eeGateway.dynamicVariables", 
-            "serverdate=serverdate(),subsystemname=subsystemname(),http=http(),authmgrs=authmgrs()");
+        c.putString("eeGateway.dynamicVariables",
+                "serverdate=serverdate(),subsystemname=subsystemname(),http=http(),authmgrs=authmgrs()");
 
         c.putString("cms.version", "4.2");
         // Assumed user backups (including CMS.cfg) the system before
@@ -205,56 +202,56 @@ public final class Upgrade {
     }
 
     /**
-     * Upgrade publishing. This function upgrades both enabled 
-     * or disabled publishing configuration.
+     * Upgrade publishing. This function upgrades both enabled or disabled
+     * publishing configuration.
      */
     public static void caPublishing(IConfigStore c)
-        throws EBaseException {
-        c.putString("ca.publish.enable", 
-            c.getString("ca.enableLdapPublish", "false"));
-        c.putString("ca.publish.ldappublish.enable", 
-            c.getString("ca.enableLdapPublish", "false"));
-        c.putString("ca.publish.ldappublish.ldap.ldapauth.authtype", 
-            c.getString("ca.ldappublish.ldap.ldapauth.authtype", "BasicAuth"));
-        c.putString("ca.publish.ldappublish.ldap.ldapauth.bindDN", 
-            c.getString("ca.ldappublish.ldap.ldapauth.bindDN", ""));
-        c.putString("ca.publish.ldappublish.ldap.ldapauth.bindPWPrompt", 
-            c.getString("ca.ldappublish.ldap.ldapauth.bindPWPrompt", "LDAP Publishing"));
-        c.putString("ca.publish.ldappublish.ldap.ldapconn.host", 
-            c.getString("ca.ldappublish.ldap.ldapconn.host", ""));
-        c.putString("ca.publish.ldappublish.ldap.ldapconn.port", 
-            c.getString("ca.ldappublish.ldap.ldapconn.port", ""));
-        c.putString("ca.publish.ldappublish.ldap.ldapconn.secureConn", 
-            c.getString("ca.ldappublish.ldap.ldapconn.secureConn", "false"));
-        c.putString("ca.publish.ldappublish.ldap.ldapconn.version", 
-            c.getString("ca.ldappublish.ldap.ldapconn.version", "2"));
+            throws EBaseException {
+        c.putString("ca.publish.enable",
+                c.getString("ca.enableLdapPublish", "false"));
+        c.putString("ca.publish.ldappublish.enable",
+                c.getString("ca.enableLdapPublish", "false"));
+        c.putString("ca.publish.ldappublish.ldap.ldapauth.authtype",
+                c.getString("ca.ldappublish.ldap.ldapauth.authtype", "BasicAuth"));
+        c.putString("ca.publish.ldappublish.ldap.ldapauth.bindDN",
+                c.getString("ca.ldappublish.ldap.ldapauth.bindDN", ""));
+        c.putString("ca.publish.ldappublish.ldap.ldapauth.bindPWPrompt",
+                c.getString("ca.ldappublish.ldap.ldapauth.bindPWPrompt", "LDAP Publishing"));
+        c.putString("ca.publish.ldappublish.ldap.ldapconn.host",
+                c.getString("ca.ldappublish.ldap.ldapconn.host", ""));
+        c.putString("ca.publish.ldappublish.ldap.ldapconn.port",
+                c.getString("ca.ldappublish.ldap.ldapconn.port", ""));
+        c.putString("ca.publish.ldappublish.ldap.ldapconn.secureConn",
+                c.getString("ca.ldappublish.ldap.ldapconn.secureConn", "false"));
+        c.putString("ca.publish.ldappublish.ldap.ldapconn.version",
+                c.getString("ca.ldappublish.ldap.ldapconn.version", "2"));
 
         // mappers
-        c.putString("ca.publish.mapper.instance.LdapCaCertMap.pluginName", 
-            "LdapDNCompsMap");
-        c.putString("ca.publish.mapper.instance.LdapCaCertMap.dnComps", 
-            c.getString("ca.ldappublish.type.ca.mapper.dnComps"));
-        c.putString("ca.publish.mapper.instance.LdapCaCertMap.filterComps", 
-            c.getString("ca.ldappublish.type.ca.mapper.filterComps"));
-        c.putString("ca.publish.mapper.instance.LdapCaCertMap.baseDN", 
-            c.getString("ca.ldappublish.type.ca.mapper.baseDN"));
-
-        c.putString("ca.publish.mapper.instance.LdapCrlMap.pluginName", 
-            "LdapDNCompsMap");
-        c.putString("ca.publish.mapper.instance.LdapCrlMap.dnComps", 
-            c.getString("ca.ldappublish.type.crl.mapper.dnComps"));
-        c.putString("ca.publish.mapper.instance.LdapCrlMap.filterComps", 
-            c.getString("ca.ldappublish.type.crl.mapper.filterComps"));
-        c.putString("ca.publish.mapper.instance.LdapCrlMap.baseDN", 
-            c.getString("ca.ldappublish.type.crl.mapper.baseDN"));
-        c.putString("ca.publish.mapper.instance.LdapUserCertMap.pluginName", 
-            "LdapDNCompsMap"); 
+        c.putString("ca.publish.mapper.instance.LdapCaCertMap.pluginName",
+                "LdapDNCompsMap");
+        c.putString("ca.publish.mapper.instance.LdapCaCertMap.dnComps",
+                c.getString("ca.ldappublish.type.ca.mapper.dnComps"));
+        c.putString("ca.publish.mapper.instance.LdapCaCertMap.filterComps",
+                c.getString("ca.ldappublish.type.ca.mapper.filterComps"));
+        c.putString("ca.publish.mapper.instance.LdapCaCertMap.baseDN",
+                c.getString("ca.ldappublish.type.ca.mapper.baseDN"));
+
+        c.putString("ca.publish.mapper.instance.LdapCrlMap.pluginName",
+                "LdapDNCompsMap");
+        c.putString("ca.publish.mapper.instance.LdapCrlMap.dnComps",
+                c.getString("ca.ldappublish.type.crl.mapper.dnComps"));
+        c.putString("ca.publish.mapper.instance.LdapCrlMap.filterComps",
+                c.getString("ca.ldappublish.type.crl.mapper.filterComps"));
+        c.putString("ca.publish.mapper.instance.LdapCrlMap.baseDN",
+                c.getString("ca.ldappublish.type.crl.mapper.baseDN"));
+        c.putString("ca.publish.mapper.instance.LdapUserCertMap.pluginName",
+                "LdapDNCompsMap");
         c.putString("ca.publish.mapper.instance.LdapUserCertMap.dnComps",
-            c.getString("ca.ldappublish.type.client.mapper.dnComps"));
+                c.getString("ca.ldappublish.type.client.mapper.dnComps"));
         c.putString("ca.publish.mapper.instance.LdapUserCertMap.filterComps",
-            c.getString("ca.ldappublish.type.client.mapper.filterComps"));
+                c.getString("ca.ldappublish.type.client.mapper.filterComps"));
         c.putString("ca.publish.mapper.instance.LdapUserCertMap.baseDN",
-            c.getString("ca.ldappublish.type.client.mapper.baseDN"));
+                c.getString("ca.ldappublish.type.client.mapper.baseDN"));
 
         // publishers
         c.putString("ca.publish.publisher.instance.LdapCaCertPublisher.caCertAttr", "caCertificate;binary");
@@ -266,51 +263,52 @@ public final class Upgrade {
         c.putString("ca.publish.publisher.instance.LdapUserCertPublisher.pluginName", "LdapUserCertPublisher");
 
         // rules
-        c.putString("ca.publish.rule.instance.LdapCaCertRule.pluginName ", 
-            "Rule");
-        c.putString("ca.publish.rule.instance.LdapCaCertRule.predicate", 
-            "");
-        c.putString("ca.publish.rule.instance.LdapCaCertRule.publisher", 
-            "LdapCaCertPublisher");
-        c.putString("ca.publish.rule.instance.LdapCaCertRule.type", 
-            "cacert");
-        c.putString("ca.publish.rule.instance.LdapCaCertRule.enable", 
-            "true");
-        c.putString("ca.publish.rule.instance.LdapCaCertRule.mapper", 
-            "LdapCaCertMap");
-
-        c.putString("ca.publish.rule.instance.LdapCrlRule.pluginName", 
-            "Rule");
+        c.putString("ca.publish.rule.instance.LdapCaCertRule.pluginName ",
+                "Rule");
+        c.putString("ca.publish.rule.instance.LdapCaCertRule.predicate",
+                "");
+        c.putString("ca.publish.rule.instance.LdapCaCertRule.publisher",
+                "LdapCaCertPublisher");
+        c.putString("ca.publish.rule.instance.LdapCaCertRule.type",
+                "cacert");
+        c.putString("ca.publish.rule.instance.LdapCaCertRule.enable",
+                "true");
+        c.putString("ca.publish.rule.instance.LdapCaCertRule.mapper",
+                "LdapCaCertMap");
+
+        c.putString("ca.publish.rule.instance.LdapCrlRule.pluginName",
+                "Rule");
         c.putString("ca.publish.rule.instance.LdapCrlRule.predicate", "");
-        c.putString("ca.publish.rule.instance.LdapCrlRule.publisher", 
-            "LdapCrlPublisher");
+        c.putString("ca.publish.rule.instance.LdapCrlRule.publisher",
+                "LdapCrlPublisher");
         c.putString("ca.publish.rule.instance.LdapCrlRule.type", "crl");
         c.putString("ca.publish.rule.instance.LdapCrlRule.enable", "true");
-        c.putString("ca.publish.rule.instance.LdapCrlRule.mapper", 
-            "LdapCrlMap");
+        c.putString("ca.publish.rule.instance.LdapCrlRule.mapper",
+                "LdapCrlMap");
 
-        c.putString("ca.publish.rule.instance.LdapUserCertRule.pluginName", 
-            "Rule");
+        c.putString("ca.publish.rule.instance.LdapUserCertRule.pluginName",
+                "Rule");
         c.putString("ca.publish.rule.instance.LdapUserCertRule.predicate", "");
-        c.putString("ca.publish.rule.instance.LdapUserCertRule.publisher", 
-            "LdapUserCertPublisher");
+        c.putString("ca.publish.rule.instance.LdapUserCertRule.publisher",
+                "LdapUserCertPublisher");
         c.putString("ca.publish.rule.instance.LdapUserCertRule.type", "certs");
         c.putString("ca.publish.rule.instance.LdapUserCertRule.enable", "true");
-        c.putString("ca.publish.rule.instance.LdapUserCertRule.mapper", 
-            "LdapUserCertMap");
+        c.putString("ca.publish.rule.instance.LdapUserCertRule.mapper",
+                "LdapUserCertMap");
 
         c.removeSubStore("ca.ldappublish");
     }
 
     /**
-     * Upgrade publishing. This function upgrades both enabled 
-     * or disabled publishing configuration.
+     * Upgrade publishing. This function upgrades both enabled or disabled
+     * publishing configuration.
      */
     public static void jss3(IConfigStore c)
-        throws EBaseException {
+            throws EBaseException {
         String moddb = c.getString("jss.moddb");
 
-        if (moddb == null) return;
+        if (moddb == null)
+            return;
 
         int i = moddb.lastIndexOf("/");
         String dir = moddb.substring(0, i);
@@ -322,7 +320,7 @@ public final class Upgrade {
         i = certdb.lastIndexOf("/");
         String instID = certdb.substring(i + 1);
         String certPrefix = ".." + File.separator + ".." + File.separator + instID +
-            File.separator + "config" + File.separator;
+                File.separator + "config" + File.separator;
         String keyPrefix = certPrefix;
 
         c.putString("jss.certPrefix", certPrefix.replace('\\', '/'));
diff --git a/pki/base/common/src/com/netscape/cmscore/authentication/AuthSubsystem.java b/pki/base/common/src/com/netscape/cmscore/authentication/AuthSubsystem.java
index 252d69d6..8f4e3734 100644
--- a/pki/base/common/src/com/netscape/cmscore/authentication/AuthSubsystem.java
+++ b/pki/base/common/src/com/netscape/cmscore/authentication/AuthSubsystem.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cmscore.authentication;
 
-
 import java.util.Enumeration;
 import java.util.Hashtable;
 import java.util.Vector;
@@ -40,11 +39,10 @@ import com.netscape.certsrv.base.ISubsystem;
 import com.netscape.certsrv.logging.ILogger;
 import com.netscape.cmscore.util.Debug;
 
-
 /**
  * Default authentication subsystem
  * <P>
- *
+ * 
  * @author cfu
  * @author lhsiao
  * @version $Revision$, $Date$
@@ -73,29 +71,30 @@ public class AuthSubsystem implements IAuthSubsystem {
     }
 
     /**
-     * Initializes the authentication subsystem from the config store.
-     * Load Authentication manager plugins, create and initialize
-     * initialize authentication manager instances. 
+     * Initializes the authentication subsystem from the config store. Load
+     * Authentication manager plugins, create and initialize initialize
+     * authentication manager instances.
+     * 
      * @param owner The owner of this module.
      * @param config The configuration store.
      */
     public void init(ISubsystem owner, IConfigStore config)
-        throws EBaseException {
+            throws EBaseException {
         try {
             mLogger = CMS.getLogger();
             mConfig = config;
-    
-            // hardcode admin and agent plugins required for the server to be 
+
+            // hardcode admin and agent plugins required for the server to be
             // functional.
 
             AuthMgrPlugin newPlugin = null;
 
-            newPlugin = new AuthMgrPlugin(PASSWDUSERDB_PLUGIN_ID, 
+            newPlugin = new AuthMgrPlugin(PASSWDUSERDB_PLUGIN_ID,
                     PasswdUserDBAuthentication.class.getName());
             newPlugin.setVisible(false);
             mAuthMgrPlugins.put(PASSWDUSERDB_PLUGIN_ID, newPlugin);
 
-            newPlugin = new AuthMgrPlugin(CERTUSERDB_PLUGIN_ID, 
+            newPlugin = new AuthMgrPlugin(CERTUSERDB_PLUGIN_ID,
                     CertUserDBAuthentication.class.getName());
             newPlugin.setVisible(false);
             mAuthMgrPlugins.put(CERTUSERDB_PLUGIN_ID, newPlugin);
@@ -106,12 +105,12 @@ public class AuthSubsystem implements IAuthSubsystem {
             mAuthMgrPlugins.put(CHALLENGE_PLUGIN_ID, newPlugin);
 
             // Bugscape #56659
-            //   Removed NullAuthMgr to harden CMS. Otherwise,
-            //   any request submitted for nullAuthMgr will
-            //   be approved automatically
+            // Removed NullAuthMgr to harden CMS. Otherwise,
+            // any request submitted for nullAuthMgr will
+            // be approved automatically
             //
             // newPlugin = new AuthMgrPlugin(NULL_PLUGIN_ID,
-            //            NullAuthentication.class.getName());
+            // NullAuthentication.class.getName());
             // newPlugin.setVisible(false);
             // mAuthMgrPlugins.put(NULL_PLUGIN_ID, newPlugin);
 
@@ -128,7 +127,7 @@ public class AuthSubsystem implements IAuthSubsystem {
             while (mImpls.hasMoreElements()) {
                 String id = (String) mImpls.nextElement();
                 String pluginPath = c.getString(id + "." + PROP_CLASS);
-			
+
                 AuthMgrPlugin plugin = new AuthMgrPlugin(id, pluginPath);
 
                 mAuthMgrPlugins.put(id, plugin);
@@ -143,8 +142,8 @@ public class AuthSubsystem implements IAuthSubsystem {
             IAuthManager passwdUserDBAuth = new PasswdUserDBAuthentication();
 
             passwdUserDBAuth.init(PASSWDUSERDB_AUTHMGR_ID, PASSWDUSERDB_PLUGIN_ID, null);
-            mAuthMgrInsts.put(PASSWDUSERDB_AUTHMGR_ID, new 
-                AuthManagerProxy(true, passwdUserDBAuth));
+            mAuthMgrInsts.put(PASSWDUSERDB_AUTHMGR_ID, new
+                    AuthManagerProxy(true, passwdUserDBAuth));
             if (Debug.ON) {
                 Debug.trace("loaded password based auth manager");
             }
@@ -164,7 +163,7 @@ public class AuthSubsystem implements IAuthSubsystem {
             if (Debug.ON) {
                 Debug.trace("loaded challenge phrase auth manager");
             }
-        
+
             IAuthManager cmcAuth = new com.netscape.cms.authentication.CMCAuth();
 
             cmcAuth.init(CMCAUTH_AUTHMGR_ID, CMCAUTH_PLUGIN_ID, config);
@@ -172,14 +171,15 @@ public class AuthSubsystem implements IAuthSubsystem {
             if (Debug.ON) {
                 Debug.trace("loaded cmc auth manager");
             }
-        
+
             // #56659
             // IAuthManager nullAuth = new NullAuthentication();
 
             // nullAuth.init(NULL_AUTHMGR_ID, NULL_PLUGIN_ID, config);
-            // mAuthMgrInsts.put(NULL_AUTHMGR_ID, new AuthManagerProxy(true, nullAuth));
+            // mAuthMgrInsts.put(NULL_AUTHMGR_ID, new AuthManagerProxy(true,
+            // nullAuth));
             // if (Debug.ON) {
-            //    Debug.trace("loaded null auth manager");
+            // Debug.trace("loaded null auth manager");
             // }
 
             IAuthManager sslClientCertAuth = new SSLClientCertAuthentication();
@@ -197,8 +197,8 @@ public class AuthSubsystem implements IAuthSubsystem {
             while (instances.hasMoreElements()) {
                 String insName = (String) instances.nextElement();
                 String implName = c.getString(insName + "." + PROP_PLUGIN);
-                AuthMgrPlugin plugin = 
-                    (AuthMgrPlugin) mAuthMgrPlugins.get(implName);
+                AuthMgrPlugin plugin =
+                        (AuthMgrPlugin) mAuthMgrPlugins.get(implName);
 
                 if (plugin == null) {
                     log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_AUTH_CANT_FIND_PLUGIN", implName));
@@ -211,8 +211,8 @@ public class AuthSubsystem implements IAuthSubsystem {
                 IAuthManager authMgrInst = null;
 
                 try {
-                    authMgrInst = (IAuthManager) 
-                        Class.forName(className).newInstance();
+                    authMgrInst = (IAuthManager)
+                            Class.forName(className).newInstance();
                     IConfigStore authMgrConfig = c.getSubStore(insName);
 
                     authMgrInst.init(insName, implName, authMgrConfig);
@@ -221,16 +221,13 @@ public class AuthSubsystem implements IAuthSubsystem {
                     log(ILogger.LL_INFO, CMS.getLogMessage("CMSCORE_AUTH_ADD_AUTH_INSTANCE", insName));
                 } catch (ClassNotFoundException e) {
                     log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_AUTH_AUTHSUB_ERROR", e.toString()));
-                    throw new
-                        EAuthException(CMS.getUserMessage("CMS_ACL_CLASS_LOAD_FAIL", className));
+                    throw new EAuthException(CMS.getUserMessage("CMS_ACL_CLASS_LOAD_FAIL", className));
                 } catch (IllegalAccessException e) {
                     log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_AUTH_AUTHSUB_ERROR", e.toString()));
-                    throw new
-                        EAuthException(CMS.getUserMessage("CMS_ACL_CLASS_LOAD_FAIL", className));
+                    throw new EAuthException(CMS.getUserMessage("CMS_ACL_CLASS_LOAD_FAIL", className));
                 } catch (InstantiationException e) {
                     log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_AUTH_AUTHSUB_ERROR", e.toString()));
-                    throw new
-                        EAuthException(CMS.getUserMessage("CMS_ACL_CLASS_LOAD_FAIL", className));
+                    throw new EAuthException(CMS.getUserMessage("CMS_ACL_CLASS_LOAD_FAIL", className));
                 } catch (EBaseException e) {
                     log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_AUTH_AUTH_INIT_ERROR", insName, e.toString()));
                     // Skip the authenticaiton instance if
@@ -245,8 +242,8 @@ public class AuthSubsystem implements IAuthSubsystem {
                     // fix the problem via console
                 }
                 // add manager instance to list.
-                mAuthMgrInsts.put(insName, new 
-                    AuthManagerProxy(isEnable, authMgrInst));
+                mAuthMgrInsts.put(insName, new
+                        AuthManagerProxy(isEnable, authMgrInst));
                 if (Debug.ON) {
                     Debug.trace("loaded auth instance " + insName + " impl " + implName);
                 }
@@ -262,23 +259,24 @@ public class AuthSubsystem implements IAuthSubsystem {
     /**
      * Authenticate to the named authentication manager instance
      * <p>
-     * @param authCred authentication credentials subject to the
-     *  requirements of each authentication manager
+     * 
+     * @param authCred authentication credentials subject to the requirements of
+     *            each authentication manager
      * @param authMgrName name of the authentication manager instance
-     * @return authentication token with individualized authenticated 
-     * information.
+     * @return authentication token with individualized authenticated
+     *         information.
      * @exception EMissingCredential If a required credential for the
-     * authentication manager is missing.
+     *                authentication manager is missing.
      * @exception EInvalidCredentials If the credentials cannot be authenticated
      * @exception EAuthMgrNotFound The auth manager is not found.
      * @exception EBaseException If an internal error occurred.
      */
     public IAuthToken authenticate(
-        IAuthCredentials authCred, String authMgrInstName)
-        throws EMissingCredential, EInvalidCredentials, 
+            IAuthCredentials authCred, String authMgrInstName)
+            throws EMissingCredential, EInvalidCredentials,
             EAuthMgrNotFound, EBaseException {
         AuthManagerProxy proxy = (AuthManagerProxy)
-            mAuthMgrInsts.get(authMgrInstName);
+                mAuthMgrInsts.get(authMgrInstName);
 
         if (proxy == null) {
             throw new EAuthMgrNotFound(CMS.getUserMessage("CMS_AUTHENTICATION_AUTHMGR_NOT_FOUND", authMgrInstName));
@@ -295,11 +293,11 @@ public class AuthSubsystem implements IAuthSubsystem {
     }
 
     /**
-     * Gets a list of required authentication credential names
-     * of the specified authentication manager.  
+     * Gets a list of required authentication credential names of the specified
+     * authentication manager.
      */
     public String[] getRequiredCreds(String authMgrInstName)
-        throws EAuthMgrNotFound {
+            throws EAuthMgrNotFound {
         IAuthManager authMgrInst = get(authMgrInstName);
 
         if (authMgrInst == null) {
@@ -309,13 +307,14 @@ public class AuthSubsystem implements IAuthSubsystem {
     }
 
     /**
-     * Gets configuration parameters for the given 
-     * authentication manager plugin.
+     * Gets configuration parameters for the given authentication manager
+     * plugin.
+     * 
      * @param implName Name of the authentication plugin.
      * @return Hashtable of required parameters.
      */
     public String[] getConfigParams(String implName)
-        throws EAuthMgrPluginNotFound, EBaseException {
+            throws EAuthMgrPluginNotFound, EBaseException {
         // is this a registered implname?
         AuthMgrPlugin plugin = (AuthMgrPlugin) mAuthMgrPlugins.get(implName);
 
@@ -334,21 +333,19 @@ public class AuthSubsystem implements IAuthSubsystem {
             return (authMgrInst.getConfigParams());
         } catch (InstantiationException e) {
             log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_AUTH_INSTANCE_NOT_CREATED", e.toString()));
-            throw new
-                EAuthException(CMS.getUserMessage("CMS_ACL_CLASS_LOAD_FAIL", className));
+            throw new EAuthException(CMS.getUserMessage("CMS_ACL_CLASS_LOAD_FAIL", className));
         } catch (ClassNotFoundException e) {
             log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_AUTH_INSTANCE_NOT_CREATED", e.toString()));
-            throw new 
-                EAuthException(CMS.getUserMessage("CMS_ACL_CLASS_LOAD_FAIL", className));
+            throw new EAuthException(CMS.getUserMessage("CMS_ACL_CLASS_LOAD_FAIL", className));
         } catch (IllegalAccessException e) {
             log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_AUTH_INSTANCE_NOT_CREATED", e.toString()));
-            throw new 
-                EAuthException(CMS.getUserMessage("CMS_ACL_CLASS_LOAD_FAIL", className));
+            throw new EAuthException(CMS.getUserMessage("CMS_ACL_CLASS_LOAD_FAIL", className));
         }
     }
 
     /**
      * Add an authentication manager instance.
+     * 
      * @param name name of the authentication manager instance
      * @param authMgr the authentication manager instance to be added
      */
@@ -358,6 +355,7 @@ public class AuthSubsystem implements IAuthSubsystem {
 
     /*
      * Removes a authentication manager instance.
+     * 
      * @param name name of the authentication manager
      */
     public void delete(String name) {
@@ -366,6 +364,7 @@ public class AuthSubsystem implements IAuthSubsystem {
 
     /**
      * Gets the authentication manager instance of the specified name.
+     * 
      * @param name name of the authentication manager instance
      * @return the named authentication manager instance
      */
@@ -385,7 +384,7 @@ public class AuthSubsystem implements IAuthSubsystem {
         Enumeration<String> e = mAuthMgrInsts.keys();
 
         while (e.hasMoreElements()) {
-            IAuthManager p = get( e.nextElement());
+            IAuthManager p = get(e.nextElement());
 
             if (p != null) {
                 inst.addElement(p);
@@ -409,9 +408,9 @@ public class AuthSubsystem implements IAuthSubsystem {
     }
 
     /**
-     * Retrieve a single auth manager instance 
+     * Retrieve a single auth manager instance
      */
-    
+
     /* getconfigparams above should be recoded to use this func */
     public IAuthManager getAuthManagerPlugin(String name) {
         AuthMgrPlugin plugin = (AuthMgrPlugin) mAuthMgrPlugins.get(name);
@@ -429,16 +428,18 @@ public class AuthSubsystem implements IAuthSubsystem {
 
     /**
      * Retrieves id (name) of this subsystem.
+     * 
      * @return name of the authentication subsystem
      */
     public String getId() {
         return (mId);
     }
-  
+
     /**
      * Sets id string to this subsystem.
      * <p>
-     * Use with caution.  Should not do it when sharing with others
+     * Use with caution. Should not do it when sharing with others
+     * 
      * @param id name to be applied to an authentication sybsystem
      */
     public void setId(String id) throws EBaseException {
@@ -449,18 +450,17 @@ public class AuthSubsystem implements IAuthSubsystem {
      * registers the administration servlet with the administration subsystem.
      */
     public void startup() throws EBaseException {
-        //remove the log since it's already logged from S_ADMIN
-        //String infoMsg = "Auth subsystem administration Servlet registered";
-        //log(ILogger.LL_INFO, infoMsg);
+        // remove the log since it's already logged from S_ADMIN
+        // String infoMsg = "Auth subsystem administration Servlet registered";
+        // log(ILogger.LL_INFO, infoMsg);
     }
 
     /**
-     * shuts down authentication managers one by one. 
+     * shuts down authentication managers one by one.
      * <P>
      */
     public void shutdown() {
-        for (Enumeration<String> e = mAuthMgrInsts.keys();
-            e.hasMoreElements();) {
+        for (Enumeration<String> e = mAuthMgrInsts.keys(); e.hasMoreElements();) {
 
             IAuthManager mgr = (IAuthManager) get((String) e.nextElement());
 
@@ -486,7 +486,7 @@ public class AuthSubsystem implements IAuthSubsystem {
     /**
      * Returns the root configuration storage of this system.
      * <P>
-     *
+     * 
      * @return configuration store of this subsystem
      */
     public IConfigStore getConfigStore() {
@@ -495,6 +495,7 @@ public class AuthSubsystem implements IAuthSubsystem {
 
     /**
      * gets the named authentication manager
+     * 
      * @param name of the authentication manager
      * @return the named authentication manager
      */
@@ -509,7 +510,7 @@ public class AuthSubsystem implements IAuthSubsystem {
         if (mLogger == null)
             return;
         mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_AUTHENTICATION,
-            level, msg);
+                level, msg);
     }
 
 }
diff --git a/pki/base/common/src/com/netscape/cmscore/authentication/CertUserDBAuthentication.java b/pki/base/common/src/com/netscape/cmscore/authentication/CertUserDBAuthentication.java
index c8214294..e23a02f8 100644
--- a/pki/base/common/src/com/netscape/cmscore/authentication/CertUserDBAuthentication.java
+++ b/pki/base/common/src/com/netscape/cmscore/authentication/CertUserDBAuthentication.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cmscore.authentication;
 
-
 import java.security.cert.X509Certificate;
 
 import netscape.security.x509.X509CertImpl;
@@ -38,13 +37,11 @@ import com.netscape.certsrv.usrgrp.ICertUserLocator;
 import com.netscape.cmscore.usrgrp.ExactMatchCertUserLocator;
 import com.netscape.cmscore.usrgrp.User;
 
-
 /**
- * Certificate server agent authentication.  
- * Maps a SSL client authenticate certificate to a user (agent) entry in the 
- * internal database. 
+ * Certificate server agent authentication. Maps a SSL client authenticate
+ * certificate to a user (agent) entry in the internal database.
  * <P>
- *
+ * 
  * @author lhsiao
  * @author cfu
  * @version $Revision$, $Date$
@@ -81,15 +78,15 @@ public class CertUserDBAuthentication implements IAuthManager {
     /**
      * initializes the CertUserDBAuthentication auth manager
      * <p>
-     * called by AuthSubsystem init() method, when initializing
-     * all available authentication managers.
-     * @param owner - The authentication subsystem that hosts this
-     *   auth manager
-     * @param config - The configuration store used by the
-     *	 authentication subsystem
+     * called by AuthSubsystem init() method, when initializing all available
+     * authentication managers.
+     * 
+     * @param owner - The authentication subsystem that hosts this auth manager
+     * @param config - The configuration store used by the authentication
+     *            subsystem
      */
     public void init(String name, String implName, IConfigStore config)
-        throws EBaseException {
+            throws EBaseException {
         mName = name;
         mImplName = implName;
         mConfig = config;
@@ -112,7 +109,7 @@ public class CertUserDBAuthentication implements IAuthManager {
         mCULocator = new ExactMatchCertUserLocator();
         log(ILogger.LL_INFO, CMS.getLogMessage("INIT_DONE", name));
     }
- 
+
     /**
      * Gets the name of this authentication manager.
      */
@@ -126,28 +123,29 @@ public class CertUserDBAuthentication implements IAuthManager {
     public String getImplName() {
         return mImplName;
     }
- 
+
     /**
      * authenticates user(agent) by certificate
      * <p>
-     * called by other subsystems or their servlets to authenticate
-     *	 users (agents)
-     * @param authCred - authentication credential that contains
-     *	 an usrgrp.Certificates of the user (agent)
+     * called by other subsystems or their servlets to authenticate users
+     * (agents)
+     * 
+     * @param authCred - authentication credential that contains an
+     *            usrgrp.Certificates of the user (agent)
      * @return the authentication token that contains the following
-     *
-     * @exception com.netscape.certsrv.base.EAuthsException any
-     *	 authentication failure or insufficient credentials
+     * 
+     * @exception com.netscape.certsrv.base.EAuthsException any authentication
+     *                failure or insufficient credentials
      * @see com.netscape.certsrv.authentication.AuthToken
      * @see com.netscape.certsrv.usrgrp.Certificates
      */
     public IAuthToken authenticate(IAuthCredentials authCred)
-        throws EMissingCredential, EInvalidCredentials, EBaseException {
+            throws EMissingCredential, EInvalidCredentials, EBaseException {
         CMS.debug("CertUserDBAuth: started");
         AuthToken authToken = new AuthToken(this);
         CMS.debug("CertUserDBAuth: Retrieving client certificate");
-        X509Certificate[] x509Certs = 
-            (X509Certificate[]) authCred.get(CRED_CERT);
+        X509Certificate[] x509Certs =
+                (X509Certificate[]) authCred.get(CRED_CERT);
 
         if (x509Certs == null) {
             CMS.debug("CertUserDBAuth: no client certificate found");
@@ -184,7 +182,7 @@ public class CertUserDBAuthentication implements IAuthManager {
             throw new EBaseException(CMS.getUserMessage("CMS_BASE_INTERNAL_ERROR", e.toString()));
         }
 
-        // any unexpected error occurs like internal db down, 
+        // any unexpected error occurs like internal db down,
         // UGSubsystem only returns null for user.
         if (user == null) {
             CMS.debug("Authentication: cannot map certificate to user");
@@ -198,7 +196,7 @@ public class CertUserDBAuthentication implements IAuthManager {
         authToken.set(TOKEN_USER_DN, user.getUserDN());
         authToken.set(TOKEN_USERID, user.getUserID());
         authToken.set(TOKEN_UID, user.getUserID());
-        authToken.set(CRED_CERT, certs);  
+        authToken.set(CRED_CERT, certs);
 
         log(ILogger.LL_INFO, CMS.getLogMessage("CMS_AUTH_AUTHENTICATED", user.getUserID()));
         CMS.debug("authenticated " + user.getUserDN());
@@ -207,11 +205,12 @@ public class CertUserDBAuthentication implements IAuthManager {
     }
 
     /**
-     * get the list of authentication credential attribute names
-     *	 required by this authentication manager. Generally used by
-     *	 the servlets that handle agent operations to authenticate its
-     *	 users.  It calls this method to know which are the
-     *	 required credentials from the user (e.g. Javascript form data)
+     * get the list of authentication credential attribute names required by
+     * this authentication manager. Generally used by the servlets that handle
+     * agent operations to authenticate its users. It calls this method to know
+     * which are the required credentials from the user (e.g. Javascript form
+     * data)
+     * 
      * @return attribute names in Vector
      */
     public String[] getRequiredCreds() {
@@ -219,15 +218,15 @@ public class CertUserDBAuthentication implements IAuthManager {
     }
 
     /**
-     * get the list of configuration parameter names
-     *	 required by this authentication manager.  Generally used by
-     *	 the Certificate Server Console to display the table for
-     *	 configuration purposes.  CertUserDBAuthentication is currently not
-     *	 exposed in this case, so this method is not to be used.
-     * @return configuration parameter names in Hashtable of Vectors
-     *	 where each hashtable entry's key is the substore name, value is a
-     * Vector of parameter names.  If no substore, the parameter name
-     *	 is the Hashtable key itself, with value same as key.
+     * get the list of configuration parameter names required by this
+     * authentication manager. Generally used by the Certificate Server Console
+     * to display the table for configuration purposes. CertUserDBAuthentication
+     * is currently not exposed in this case, so this method is not to be used.
+     * 
+     * @return configuration parameter names in Hashtable of Vectors where each
+     *         hashtable entry's key is the substore name, value is a Vector of
+     *         parameter names. If no substore, the parameter name is the
+     *         Hashtable key itself, with value same as key.
      */
     public String[] getConfigParams() {
         return (mConfigParams);
@@ -240,8 +239,8 @@ public class CertUserDBAuthentication implements IAuthManager {
     }
 
     /**
-     * gets the configuretion substore used by this authentication
-     *  manager
+     * gets the configuretion substore used by this authentication manager
+     * 
      * @return configuration store
      */
     public IConfigStore getConfigStore() {
@@ -252,7 +251,7 @@ public class CertUserDBAuthentication implements IAuthManager {
         if (mLogger == null)
             return;
         mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_AUTHENTICATION,
-            level, msg);
+                level, msg);
     }
 
 }
diff --git a/pki/base/common/src/com/netscape/cmscore/authentication/ChallengePhraseAuthentication.java b/pki/base/common/src/com/netscape/cmscore/authentication/ChallengePhraseAuthentication.java
index 38901f3b..56db7194 100644
--- a/pki/base/common/src/com/netscape/cmscore/authentication/ChallengePhraseAuthentication.java
+++ b/pki/base/common/src/com/netscape/cmscore/authentication/ChallengePhraseAuthentication.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cmscore.authentication;
 
-
 import java.math.BigInteger;
 import java.security.MessageDigest;
 import java.security.NoSuchAlgorithmException;
@@ -50,14 +49,12 @@ import com.netscape.cmscore.dbs.CertRecord;
 import com.netscape.cmscore.dbs.CertificateRepository;
 import com.netscape.cmscore.util.Debug;
 
-
 /**
- * Challenge phrase based authentication.
- * Maps a certificate to the request in the
- * internal database and further compares the challenge phrase with
- * that from the EE input.
+ * Challenge phrase based authentication. Maps a certificate to the request in
+ * the internal database and further compares the challenge phrase with that
+ * from the EE input.
  * <P>
- *
+ * 
  * @author cfu chrisho
  * @version $Revision$, $Date$
  */
@@ -69,7 +66,7 @@ public class ChallengePhraseAuthentication implements IAuthManager {
     /* required credentials */
     public static final String CRED_CERT_SERIAL = IAuthManager.CRED_CERT_SERIAL_TO_REVOKE;
     public static final String CRED_CHALLENGE = "challengePhrase";
-    protected String[] mRequiredCreds = { CRED_CERT_SERIAL, CRED_CHALLENGE};
+    protected String[] mRequiredCreds = { CRED_CERT_SERIAL, CRED_CHALLENGE };
 
     /* config parameters to pass to console (none) */
     protected static String[] mConfigParams = null;
@@ -86,7 +83,7 @@ public class ChallengePhraseAuthentication implements IAuthManager {
     private Vector mID = null;
     private MessageDigest mSHADigest = null;
 
-    // request attributes hacks 
+    // request attributes hacks
     public static final String CHALLENGE_PHRASE = CRED_CHALLENGE;
     public static final String SUBJECTNAME = "subjectName";
     public static final String SERIALNUMBER = "serialNumber";
@@ -98,14 +95,15 @@ public class ChallengePhraseAuthentication implements IAuthManager {
     /**
      * initializes the ChallengePhraseAuthentication auth manager
      * <p>
-     * called by AuthSubsystem init() method, when initializing
-     * all available authentication managers.
+     * called by AuthSubsystem init() method, when initializing all available
+     * authentication managers.
+     * 
      * @param name The name of this authentication manager instance.
      * @param implName The name of the authentication manager plugin.
      * @param config The configuration store for this authentication manager.
      */
     public void init(String name, String implName, IConfigStore config)
-        throws EBaseException {
+            throws EBaseException {
         mName = name;
         mImplName = implName;
         mConfig = config;
@@ -118,7 +116,7 @@ public class ChallengePhraseAuthentication implements IAuthManager {
 
         log(ILogger.LL_INFO, CMS.getLogMessage("INIT_DONE", name));
     }
- 
+
     /**
      * Gets the name of this authentication manager.
      */
@@ -132,24 +130,25 @@ public class ChallengePhraseAuthentication implements IAuthManager {
     public String getImplName() {
         return mImplName;
     }
- 
+
     /**
      * authenticates revocation of a certification by a challenge phrase
      * <p>
-     * called by other subsystems or their servlets to authenticate
-     *	 a revocation request
-     * @param authCred - authentication credential that contains
-     *	 a Certificate to revoke
+     * called by other subsystems or their servlets to authenticate a revocation
+     * request
+     * 
+     * @param authCred - authentication credential that contains a Certificate
+     *            to revoke
      * @return the authentication token that contains the request id
-     *
+     * 
      * @exception EMissingCredential If a required credential for this
-     * authentication manager is missing.
+     *                authentication manager is missing.
      * @exception EInvalidCredentials If credentials cannot be authenticated.
      * @exception EBaseException If an internal error occurred.
      * @see com.netscape.certsrv.authentication.AuthToken
      */
     public IAuthToken authenticate(IAuthCredentials authCred)
-        throws EMissingCredential, EInvalidCredentials, EBaseException {
+            throws EMissingCredential, EInvalidCredentials, EBaseException {
         mCA = (ICertificateAuthority)
                 SubsystemRegistry.getInstance().get("ca");
 
@@ -160,13 +159,10 @@ public class ChallengePhraseAuthentication implements IAuthManager {
         AuthToken authToken = new AuthToken(this);
 
         /*
-         X509Certificate[] x509Certs = 
-         (X509Certificate[]) authCred.get(CRED_CERT);
-         if (x509Certs == null) {
-         log(ILogger.LL_FAILURE, 
-         " missing cert credential.");
-         throw new EMissingCredential(CRED_CERT_SERIAL);
-         }
+         * X509Certificate[] x509Certs = (X509Certificate[])
+         * authCred.get(CRED_CERT); if (x509Certs == null) {
+         * log(ILogger.LL_FAILURE, " missing cert credential."); throw new
+         * EMissingCredential(CRED_CERT_SERIAL); }
          */
 
         String serialNumString = (String) authCred.get(CRED_CERT_SERIAL);
@@ -176,7 +172,7 @@ public class ChallengePhraseAuthentication implements IAuthManager {
         if (serialNumString == null || serialNumString.equals(""))
             throw new EMissingCredential(CMS.getUserMessage("CMS_AUTHENTICATION_NULL_CREDENTIAL", CRED_CERT_SERIAL));
         else {
-            //serialNumString = getDecimalStr(serialNumString);
+            // serialNumString = getDecimalStr(serialNumString);
             try {
                 serialNumString = serialNumString.trim();
                 if (serialNumString.startsWith("0x") || serialNumString.startsWith("0X")) {
@@ -186,7 +182,7 @@ public class ChallengePhraseAuthentication implements IAuthManager {
                     serialNum = new
                             BigInteger(serialNumString);
                 }
-						
+
             } catch (NumberFormatException e) {
                 throw new EAuthUserError(CMS.getUserMessage("CMS_AUTHENTICATION_INVALID_ATTRIBUTE_VALUE", "Invalid serial number."));
             }
@@ -203,13 +199,10 @@ public class ChallengePhraseAuthentication implements IAuthManager {
             throw new EInvalidCredentials(CMS.getUserMessage("CMS_AUTHENTICATION_INVALID_CREDENTIAL"));
         }
 
-        /* maybe later
-         if (mCertDB.isCertificateRevoked(cert) != null) {
-         log(ILogger.LL_FAILURE, 
-         "Certificate has already been revoked.");
-         // throw something else...cfu
-         throw new EInvalidCredentials();
-         }
+        /*
+         * maybe later if (mCertDB.isCertificateRevoked(cert) != null) {
+         * log(ILogger.LL_FAILURE, "Certificate has already been revoked."); //
+         * throw something else...cfu throw new EInvalidCredentials(); }
          */
 
         X509CertImpl[] certsToRevoke = null;
@@ -217,9 +210,9 @@ public class ChallengePhraseAuthentication implements IAuthManager {
 
         // check challenge phrase against request
         /*
-         * map cert to a request: a cert serial number maps to a
-         * cert record in the internal db, from the cert record,
-         * where we'll find the challenge phrase
+         * map cert to a request: a cert serial number maps to a cert record in
+         * the internal db, from the cert record, where we'll find the challenge
+         * phrase
          */
         if (mCertDB != null) { /* is CA */
             CertRecord record = null;
@@ -240,7 +233,7 @@ public class ChallengePhraseAuthentication implements IAuthManager {
                     if (samepwd) {
                         bigIntArray = new BigInteger[1];
                         bigIntArray[0] = record.getSerialNumber();
-                    } else 
+                    } else
                         throw new EAuthUserError(CMS.getUserMessage("CMS_AUTHENTICATION_INVALID_ATTRIBUTE_VALUE", "Invalid password."));
 
                 } else {
@@ -283,7 +276,7 @@ public class ChallengePhraseAuthentication implements IAuthManager {
         if (bigIntArray != null && bigIntArray.length > 0) {
             if (Debug.ON) {
                 Debug.trace("challenge authentication serialno array not null");
-                for (int i = 0; i < bigIntArray.length; i++) 
+                for (int i = 0; i < bigIntArray.length; i++)
                     Debug.trace("challenge auth serialno " + bigIntArray[i]);
             }
         }
@@ -295,8 +288,8 @@ public class ChallengePhraseAuthentication implements IAuthManager {
         return authToken;
     }
 
-    private boolean compareChallengePassword(CertRecord record, String pwd) 
-        throws EBaseException {
+    private boolean compareChallengePassword(CertRecord record, String pwd)
+            throws EBaseException {
         MetaInfo metaInfo = (MetaInfo) record.get(CertRecord.ATTR_META_INFO);
 
         if (metaInfo == null) {
@@ -312,8 +305,8 @@ public class ChallengePhraseAuthentication implements IAuthManager {
         String hashpwd = hashPassword(pwd);
 
         // got metaInfo
-        String challengeString = 
-            (String) metaInfo.get(CertRecord.META_CHALLENGE_PHRASE);
+        String challengeString =
+                (String) metaInfo.get(CertRecord.META_CHALLENGE_PHRASE);
 
         if (challengeString == null) {
             if (Debug.ON) {
@@ -326,20 +319,21 @@ public class ChallengePhraseAuthentication implements IAuthManager {
             return false;
 
             /*
-             log(ILogger.LL_FAILURE,
-             "Incorrect challenge phrase password used for revocation");
-             throw new EInvalidCredentials();
+             * log(ILogger.LL_FAILURE,
+             * "Incorrect challenge phrase password used for revocation"); throw
+             * new EInvalidCredentials();
              */
-        } else 
+        } else
             return true;
     }
 
     /**
-     * get the list of authentication credential attribute names
-     *	 required by this authentication manager. Generally used by
-     *	 the servlets that handle agent operations to authenticate its
-     *	 users.  It calls this method to know which are the
-     *	 required credentials from the user (e.g. Javascript form data)
+     * get the list of authentication credential attribute names required by
+     * this authentication manager. Generally used by the servlets that handle
+     * agent operations to authenticate its users. It calls this method to know
+     * which are the required credentials from the user (e.g. Javascript form
+     * data)
+     * 
      * @return attribute names in Vector
      */
     public String[] getRequiredCreds() {
@@ -347,15 +341,16 @@ public class ChallengePhraseAuthentication implements IAuthManager {
     }
 
     /**
-     * get the list of configuration parameter names
-     *	 required by this authentication manager.  Generally used by
-     *	 the Certificate Server Console to display the table for
-     *	 configuration purposes.  ChallengePhraseAuthentication is currently not
-     *	 exposed in this case, so this method is not to be used.
-     * @return configuration parameter names in Hashtable of Vectors
-     *	 where each hashtable entry's key is the substore name, value is a
-     * Vector of parameter names.  If no substore, the parameter name
-     *	 is the Hashtable key itself, with value same as key.
+     * get the list of configuration parameter names required by this
+     * authentication manager. Generally used by the Certificate Server Console
+     * to display the table for configuration purposes.
+     * ChallengePhraseAuthentication is currently not exposed in this case, so
+     * this method is not to be used.
+     * 
+     * @return configuration parameter names in Hashtable of Vectors where each
+     *         hashtable entry's key is the substore name, value is a Vector of
+     *         parameter names. If no substore, the parameter name is the
+     *         Hashtable key itself, with value same as key.
      */
     public String[] getConfigParams() {
         return (mConfigParams);
@@ -368,8 +363,8 @@ public class ChallengePhraseAuthentication implements IAuthManager {
     }
 
     /**
-     * gets the configuretion substore used by this authentication
-     *  manager
+     * gets the configuretion substore used by this authentication manager
+     * 
      * @return configuration store
      */
     public IConfigStore getConfigStore() {
@@ -380,7 +375,7 @@ public class ChallengePhraseAuthentication implements IAuthManager {
         if (mLogger == null)
             return;
         mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_AUTHENTICATION,
-            level, msg);
+                level, msg);
     }
 
     private IRequestQueue getReqQueue() {
@@ -388,15 +383,15 @@ public class ChallengePhraseAuthentication implements IAuthManager {
 
         try {
             IRegistrationAuthority ra = (IRegistrationAuthority)
-                SubsystemRegistry.getInstance().get("ra");
+                    SubsystemRegistry.getInstance().get("ra");
 
             if (ra != null) {
                 queue = ra.getRequestQueue();
                 mRequestor = IRequest.REQUESTOR_RA;
             }
         } catch (Exception e) {
-            log(ILogger.LL_FAILURE, 
-                " cannot get access to the request queue.");
+            log(ILogger.LL_FAILURE,
+                    " cannot get access to the request queue.");
         }
 
         return queue;
diff --git a/pki/base/common/src/com/netscape/cmscore/authentication/NullAuthentication.java b/pki/base/common/src/com/netscape/cmscore/authentication/NullAuthentication.java
index e9bcbcb6..d2095f84 100644
--- a/pki/base/common/src/com/netscape/cmscore/authentication/NullAuthentication.java
+++ b/pki/base/common/src/com/netscape/cmscore/authentication/NullAuthentication.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cmscore.authentication;
 
-
 import com.netscape.certsrv.apps.CMS;
 import com.netscape.certsrv.authentication.AuthToken;
 import com.netscape.certsrv.authentication.EInvalidCredentials;
@@ -29,10 +28,10 @@ import com.netscape.certsrv.base.EBaseException;
 import com.netscape.certsrv.base.IConfigStore;
 import com.netscape.certsrv.logging.ILogger;
 
-
 /**
  * This authentication does nothing but just returns an empty authToken.
  * <P>
+ * 
  * @author chrisho
  * @version $Revision$, $Date$
  */
@@ -53,15 +52,16 @@ public class NullAuthentication implements IAuthManager {
     /**
      * initializes the NullAuthentication auth manager
      * <p>
-     * called by AuthSubsystem init() method, when initializing
-     * all available authentication managers.
+     * called by AuthSubsystem init() method, when initializing all available
+     * authentication managers.
+     * 
      * @param name - Name assigned to this authentication manager instance.
      * @param implName - Name of the authentication plugin.
-     * @param config - The configuration store used by the
-     *	 authentication subsystem.
+     * @param config - The configuration store used by the authentication
+     *            subsystem.
      */
     public void init(String name, String implName, IConfigStore config)
-        throws EBaseException {
+            throws EBaseException {
         mName = name;
         mImplName = implName;
         mConfig = config;
@@ -72,21 +72,22 @@ public class NullAuthentication implements IAuthManager {
     /**
      * authenticates nothing
      * <p>
-     * called by other subsystems or their servlets to authenticate administrators
-     * @param authCred Authentication credentials. 
-     *          "uid" and "pwd" are required.
+     * called by other subsystems or their servlets to authenticate
+     * administrators
+     * 
+     * @param authCred Authentication credentials. "uid" and "pwd" are required.
      * @return the authentication token (authToken) that contains the following
-     *        userdn = [userdn, in case of success]<br>
-     *        authMgrName = [authMgrName]<br>
-     * @exception com.netscape.certsrv.base.MissingCredential If either 
-     *          "uid" or "pwd" is missing from the given credentials.
-     * @exception com.netscape.certsrv.base.InvalidCredentials If the 
-     *          the credentials failed to authenticate.
-     * @exception com.netscape.certsrv.base.EBaseException If an internal 
-     *          error occurred.
+     *         userdn = [userdn, in case of success]<br>
+     *         authMgrName = [authMgrName]<br>
+     * @exception com.netscape.certsrv.base.MissingCredential If either "uid" or
+     *                "pwd" is missing from the given credentials.
+     * @exception com.netscape.certsrv.base.InvalidCredentials If the the
+     *                credentials failed to authenticate.
+     * @exception com.netscape.certsrv.base.EBaseException If an internal error
+     *                occurred.
      */
     public IAuthToken authenticate(IAuthCredentials authCred)
-        throws EMissingCredential, EInvalidCredentials, EBaseException {
+            throws EMissingCredential, EInvalidCredentials, EBaseException {
         AuthToken authToken = new AuthToken(this);
 
         authToken.set("authType", "NOAUTH");
@@ -109,10 +110,11 @@ public class NullAuthentication implements IAuthManager {
     }
 
     /**
-     * get the list of authentication credential attribute names
-     *	 required by this authentication manager.  Generally used by
-     *	 servlets that use this authentication manager, to retrieve
-     *	 required credentials from the user (e.g. Javascript form data)
+     * get the list of authentication credential attribute names required by
+     * this authentication manager. Generally used by servlets that use this
+     * authentication manager, to retrieve required credentials from the user
+     * (e.g. Javascript form data)
+     * 
      * @return attribute names in Vector
      */
     public String[] getRequiredCreds() {
@@ -120,9 +122,10 @@ public class NullAuthentication implements IAuthManager {
     }
 
     /**
-     * Get the list of configuration parameter names
-     * required by this authentication manager.  In this case, an empty list.
-     * @return String array of configuration parameters. 
+     * Get the list of configuration parameter names required by this
+     * authentication manager. In this case, an empty list.
+     * 
+     * @return String array of configuration parameters.
      */
     public String[] getConfigParams() {
         return (mConfigParams);
@@ -135,8 +138,8 @@ public class NullAuthentication implements IAuthManager {
     }
 
     /**
-     * gets the configuration substore used by this authentication
-     *  manager
+     * gets the configuration substore used by this authentication manager
+     * 
      * @return configuration store
      */
     public IConfigStore getConfigStore() {
@@ -145,6 +148,7 @@ public class NullAuthentication implements IAuthManager {
 
     /**
      * Log a message.
+     * 
      * @param level The logging level.
      * @param msg The message to log.
      */
@@ -152,6 +156,6 @@ public class NullAuthentication implements IAuthManager {
         if (mLogger == null)
             return;
         mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_AUTHENTICATION,
-            level, msg);
+                level, msg);
     }
 }
diff --git a/pki/base/common/src/com/netscape/cmscore/authentication/PasswdUserDBAuthentication.java b/pki/base/common/src/com/netscape/cmscore/authentication/PasswdUserDBAuthentication.java
index 88dc7296..a6fcaadb 100644
--- a/pki/base/common/src/com/netscape/cmscore/authentication/PasswdUserDBAuthentication.java
+++ b/pki/base/common/src/com/netscape/cmscore/authentication/PasswdUserDBAuthentication.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cmscore.authentication;
 
-
 import netscape.ldap.LDAPConnection;
 import netscape.ldap.LDAPEntry;
 import netscape.ldap.LDAPException;
@@ -43,13 +42,12 @@ import com.netscape.cmscore.ldapconn.LdapConnInfo;
 import com.netscape.cmscore.usrgrp.UGSubsystem;
 import com.netscape.cmscore.util.Debug;
 
-
 /**
- * Certificate Server admin authentication. 
- * Used to authenticate administrators in the Certificate Server Console.
- * Authentications by checking the uid and password against the 
- * database.
+ * Certificate Server admin authentication. Used to authenticate administrators
+ * in the Certificate Server Console. Authentications by checking the uid and
+ * password against the database.
  * <P>
+ * 
  * @author lhsiao, cfu
  * @version $Revision$, $Date$
  */
@@ -81,15 +79,16 @@ public class PasswdUserDBAuthentication implements IAuthManager {
     /**
      * initializes the PasswdUserDBAuthentication auth manager
      * <p>
-     * called by AuthSubsystem init() method, when initializing
-     * all available authentication managers.
+     * called by AuthSubsystem init() method, when initializing all available
+     * authentication managers.
+     * 
      * @param name - Name assigned to this authentication manager instance.
      * @param implName - Name of the authentication plugin.
-     * @param config - The configuration store used by the
-     *	 authentication subsystem.
+     * @param config - The configuration store used by the authentication
+     *            subsystem.
      */
     public void init(String name, String implName, IConfigStore config)
-        throws EBaseException {
+            throws EBaseException {
         mName = name;
         mImplName = implName;
         mConfig = config;
@@ -110,24 +109,25 @@ public class PasswdUserDBAuthentication implements IAuthManager {
     /**
      * authenticates administratrators by LDAP uid/pwd
      * <p>
-     * called by other subsystems or their servlets to authenticate administrators
-     * @param authCred Authentication credentials. 
-     *          "uid" and "pwd" are required.
+     * called by other subsystems or their servlets to authenticate
+     * administrators
+     * 
+     * @param authCred Authentication credentials. "uid" and "pwd" are required.
      * @return the authentication token (authToken) that contains the following
-     *        userdn = [userdn, in case of success]<br>
-     *        authMgrName = [authMgrName]<br>
-     * @exception com.netscape.certsrv.base.MissingCredential If either 
-     *          "uid" or "pwd" is missing from the given credentials.
-     * @exception com.netscape.certsrv.base.InvalidCredentials If the 
-     *          the credentials failed to authenticate.
-     * @exception com.netscape.certsrv.base.EBaseException If an internal 
-     *          error occurred.
+     *         userdn = [userdn, in case of success]<br>
+     *         authMgrName = [authMgrName]<br>
+     * @exception com.netscape.certsrv.base.MissingCredential If either "uid" or
+     *                "pwd" is missing from the given credentials.
+     * @exception com.netscape.certsrv.base.InvalidCredentials If the the
+     *                credentials failed to authenticate.
+     * @exception com.netscape.certsrv.base.EBaseException If an internal error
+     *                occurred.
      */
     public IAuthToken authenticate(IAuthCredentials authCred)
-        throws EMissingCredential, EInvalidCredentials, EBaseException {
+            throws EMissingCredential, EInvalidCredentials, EBaseException {
         AuthToken authToken = new AuthToken(this);
 
-        // make sure the required credentials are provided 
+        // make sure the required credentials are provided
         String uid = (String) authCred.get(CRED_UID);
         CMS.debug("Authentication: UID=" + uid);
         if (uid == null) {
@@ -171,32 +171,32 @@ public class PasswdUserDBAuthentication implements IAuthManager {
             log(ILogger.LL_SECURITY, CMS.getLogMessage("CMSCORE_AUTH_AUTH_FAILED", uid, e.toString()));
             throw new EInvalidCredentials(CMS.getUserMessage("CMS_AUTHENTICATION_INVALID_CREDENTIAL"));
         } finally {
-            if (conn != null) 
+            if (conn != null)
                 mConnFactory.returnConn(conn);
-            if (anonConn != null) 
+            if (anonConn != null)
                 mAnonConnFactory.returnConn(anonConn);
         }
 
         UGSubsystem ug = UGSubsystem.getInstance();
 
         authToken.set(TOKEN_USERDN, userdn);
-        authToken.set(CRED_UID, uid);  // return original uid for info
+        authToken.set(CRED_UID, uid); // return original uid for info
 
         IUser user = null;
 
         try {
             user = ug.getUser(uid);
         } catch (EBaseException e) {
-            if (Debug.ON) 
+            if (Debug.ON)
                 e.printStackTrace();
-                // not a user in our user/group database.
+            // not a user in our user/group database.
             log(ILogger.LL_SECURITY, CMS.getLogMessage("CMSCORE_AUTH_UID_NOT_FOUND", uid, e.toString()));
             throw new EInvalidCredentials(CMS.getUserMessage("CMS_AUTHENTICATION_INVALID_CREDENTIAL"));
         }
         authToken.set(TOKEN_USERDN, user.getUserDN());
         authToken.set(TOKEN_USERID, user.getUserID());
         log(ILogger.LL_INFO, CMS.getLogMessage("CMS_AUTH_AUTHENTICATED", uid));
-		
+
         return authToken;
     }
 
@@ -215,10 +215,11 @@ public class PasswdUserDBAuthentication implements IAuthManager {
     }
 
     /**
-     * get the list of authentication credential attribute names
-     *	 required by this authentication manager.  Generally used by
-     *	 servlets that use this authentication manager, to retrieve
-     *	 required credentials from the user (e.g. Javascript form data)
+     * get the list of authentication credential attribute names required by
+     * this authentication manager. Generally used by servlets that use this
+     * authentication manager, to retrieve required credentials from the user
+     * (e.g. Javascript form data)
+     * 
      * @return attribute names in Vector
      */
     public String[] getRequiredCreds() {
@@ -226,9 +227,10 @@ public class PasswdUserDBAuthentication implements IAuthManager {
     }
 
     /**
-     * Get the list of configuration parameter names
-     * required by this authentication manager.  In this case, an empty list.
-     * @return String array of configuration parameters. 
+     * Get the list of configuration parameter names required by this
+     * authentication manager. In this case, an empty list.
+     * 
+     * @return String array of configuration parameters.
      */
     public String[] getConfigParams() {
         return (mConfigParams);
@@ -248,8 +250,8 @@ public class PasswdUserDBAuthentication implements IAuthManager {
     }
 
     /**
-     * gets the configuretion substore used by this authentication
-     *  manager
+     * gets the configuretion substore used by this authentication manager
+     * 
      * @return configuration store
      */
     public IConfigStore getConfigStore() {
@@ -258,6 +260,7 @@ public class PasswdUserDBAuthentication implements IAuthManager {
 
     /**
      * Log a message.
+     * 
      * @param level The logging level.
      * @param msg The message to log.
      */
@@ -265,6 +268,6 @@ public class PasswdUserDBAuthentication implements IAuthManager {
         if (mLogger == null)
             return;
         mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_AUTHENTICATION,
-            level, msg);
+                level, msg);
     }
 }
diff --git a/pki/base/common/src/com/netscape/cmscore/authentication/SSLClientCertAuthentication.java b/pki/base/common/src/com/netscape/cmscore/authentication/SSLClientCertAuthentication.java
index 56927537..c88050d4 100644
--- a/pki/base/common/src/com/netscape/cmscore/authentication/SSLClientCertAuthentication.java
+++ b/pki/base/common/src/com/netscape/cmscore/authentication/SSLClientCertAuthentication.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cmscore.authentication;
 
-
 // ldap java sdk
 
 // cert server imports.
@@ -47,10 +46,10 @@ import com.netscape.certsrv.request.IRequestQueue;
 import com.netscape.certsrv.request.RequestStatus;
 import com.netscape.cmscore.util.Debug;
 
-
 /**
  * SSL client based authentication.
  * <P>
+ * 
  * @author chrisho
  * @version $Revision$, $Date$
  */
@@ -70,13 +69,13 @@ public class SSLClientCertAuthentication implements IAuthManager {
     private IConfigStore mConfig = null;
     private String mRequestor = null;
 
-    /* Holds configuration parameters accepted by this implementation.
-     * This list is passed to the configuration console so configuration
-     * for instances of this implementation can be configured through the
-     * console.
+    /*
+     * Holds configuration parameters accepted by this implementation. This list
+     * is passed to the configuration console so configuration for instances of
+     * this implementation can be configured through the console.
      */
-    protected static String[] mConfigParams = 
-        new String[] {};
+    protected static String[] mConfigParams =
+            new String[] {};
 
     /**
      * Default constructor, initialization must follow.
@@ -86,7 +85,7 @@ public class SSLClientCertAuthentication implements IAuthManager {
     }
 
     public void init(String name, String implName, IConfigStore config)
-        throws EBaseException {
+            throws EBaseException {
         mName = name;
         mImplName = implName;
         mConfig = config;
@@ -95,18 +94,18 @@ public class SSLClientCertAuthentication implements IAuthManager {
     }
 
     public IAuthToken authenticate(IAuthCredentials authCred)
-        throws EMissingCredential, EInvalidCredentials, EBaseException {
+            throws EMissingCredential, EInvalidCredentials, EBaseException {
 
         AuthToken authToken = new AuthToken(this);
 
         CMS.debug("SSLCertAuth: Retrieving client certificates");
         X509Certificate[] x509Certs =
-            (X509Certificate[]) authCred.get(CRED_CERT);
+                (X509Certificate[]) authCred.get(CRED_CERT);
 
         if (x509Certs == null) {
             CMS.debug("SSLCertAuth: No client certificate found");
-            log(ILogger.LL_FAILURE, 
-                CMS.getLogMessage("CMSCORE_AUTH_MISSING_CERT"));
+            log(ILogger.LL_FAILURE,
+                    CMS.getLogMessage("CMSCORE_AUTH_MISSING_CERT"));
             throw new EMissingCredential(CMS.getUserMessage("CMS_AUTHENTICATION_NULL_CREDENTIAL", CRED_CERT));
         }
         CMS.debug("SSLCertAuth: Got client certificate");
@@ -118,17 +117,17 @@ public class SSLClientCertAuthentication implements IAuthManager {
         }
 
         X509CertImpl clientCert = (X509CertImpl) x509Certs[0];
- 
+
         BigInteger serialNum = null;
 
         try {
             serialNum = (BigInteger) clientCert.getSerialNumber();
-            //serialNum = new BigInteger(s.substring(2), 16);
+            // serialNum = new BigInteger(s.substring(2), 16);
         } catch (NumberFormatException e) {
             throw new EAuthUserError(CMS.getUserMessage("CMS_AUTHENTICATION_INVALID_ATTRIBUTE_VALUE", "Invalid serial number."));
         }
 
-        String clientCertIssuerDN = clientCert.getIssuerDN().toString(); 
+        String clientCertIssuerDN = clientCert.getIssuerDN().toString();
         BigInteger[] bigIntArray = null;
 
         if (mCertDB != null) { /* is CA */
@@ -145,13 +144,13 @@ public class SSLClientCertAuthentication implements IAuthManager {
                 String status = record.getStatus();
 
                 if (status.equals("VALID")) {
- 
+
                     X509CertImpl cacert = mCA.getCACert();
                     Principal p = cacert.getSubjectDN();
 
                     if (!p.toString().equals(clientCertIssuerDN)) {
-                        throw new EBaseException(CMS.getUserMessage("CMS_BASE_INVALID_ISSUER_NAME")); 
-                    } 
+                        throw new EBaseException(CMS.getUserMessage("CMS_BASE_INVALID_ISSUER_NAME"));
+                    }
                 } else {
                     throw new EBaseException(
                             CMS.getUserMessage("CMS_BASE_INVALID_CERT_STATUS", status));
@@ -182,30 +181,30 @@ public class SSLClientCertAuthentication implements IAuthManager {
                 RequestStatus status = getCertStatusReq.getRequestStatus();
 
                 if (status == RequestStatus.COMPLETE) {
-                    String certStatus = 
-                        getCertStatusReq.getExtDataInString(IRequest.CERT_STATUS);
+                    String certStatus =
+                            getCertStatusReq.getExtDataInString(IRequest.CERT_STATUS);
 
-                    if (certStatus == null) { 
-                        String[] params = {"null status"};
+                    if (certStatus == null) {
+                        String[] params = { "null status" };
 
                         throw new EBaseException(
                                 CMS.getUserMessage("CMS_BASE_INVALID_CERT_STATUS", params));
                     } else if (certStatus.equals("INVALIDCERTROOT")) {
-                        throw new EBaseException(CMS.getUserMessage("CMS_BASE_INVALID_ISSUER_NAME")); 
+                        throw new EBaseException(CMS.getUserMessage("CMS_BASE_INVALID_ISSUER_NAME"));
                     } else if (!certStatus.equals("VALID")) {
-                        String[] params = {status.toString()};
+                        String[] params = { status.toString() };
 
                         throw new EBaseException(
                                 CMS.getUserMessage("CMS_BASE_INVALID_CERT_STATUS", params));
                     }
                 } else {
-                    log(ILogger.LL_FAILURE, 
-                        CMS.getLogMessage("CMSCORE_AUTH_INCOMPLETE_REQUEST"));
+                    log(ILogger.LL_FAILURE,
+                            CMS.getLogMessage("CMSCORE_AUTH_INCOMPLETE_REQUEST"));
                     throw new EBaseException(CMS.getUserMessage("CMS_BASE_REQUEST_IN_BAD_STATE"));
                 }
             } else {
-                log(ILogger.LL_FAILURE, 
-                    CMS.getLogMessage("CMSCORE_AUTH_FAILED_GET_QUEUE"));
+                log(ILogger.LL_FAILURE,
+                        CMS.getLogMessage("CMSCORE_AUTH_FAILED_GET_QUEUE"));
                 throw new EBaseException(CMS.getUserMessage("CMS_BASE_GET_QUEUE_FAILED"));
             }
         } // else, ra
@@ -222,10 +221,10 @@ public class SSLClientCertAuthentication implements IAuthManager {
     }
 
     /**
-     * Returns a list of configuration parameter names. 
-     * The list is passed to the configuration console so instances of 
-     * this implementation can be configured through the console.
-     *
+     * Returns a list of configuration parameter names. The list is passed to
+     * the configuration console so instances of this implementation can be
+     * configured through the console.
+     * 
      * @return String array of configuration parameter names.
      */
     public String[] getConfigParams() {
@@ -234,6 +233,7 @@ public class SSLClientCertAuthentication implements IAuthManager {
 
     /**
      * Returns array of required credentials for this authentication manager.
+     * 
      * @return Array of required credentials.
      */
     public String[] getRequiredCreds() {
@@ -244,15 +244,15 @@ public class SSLClientCertAuthentication implements IAuthManager {
         if (mLogger == null)
             return;
         mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_AUTHENTICATION,
-            level, msg);
+                level, msg);
     }
 
     private IRequestQueue getReqQueue() {
         IRequestQueue queue = null;
 
         try {
-            IRegistrationAuthority ra = 
-                (IRegistrationAuthority) CMS.getSubsystem("ra");
+            IRegistrationAuthority ra =
+                    (IRegistrationAuthority) CMS.getSubsystem("ra");
 
             if (ra != null) {
                 queue = ra.getRequestQueue();
@@ -260,7 +260,7 @@ public class SSLClientCertAuthentication implements IAuthManager {
             }
         } catch (Exception e) {
             log(ILogger.LL_FAILURE,
-                " cannot get access to the request queue.");
+                    " cannot get access to the request queue.");
         }
 
         return queue;
@@ -268,6 +268,7 @@ public class SSLClientCertAuthentication implements IAuthManager {
 
     /**
      * Gets the configuration substore used by this authentication manager
+     * 
      * @return configuration store
      */
     public IConfigStore getConfigStore() {
@@ -288,4 +289,3 @@ public class SSLClientCertAuthentication implements IAuthManager {
         return mImplName;
     }
 }
-
diff --git a/pki/base/common/src/com/netscape/cmscore/authentication/VerifiedCert.java b/pki/base/common/src/com/netscape/cmscore/authentication/VerifiedCert.java
index 69192f3f..173d69f8 100644
--- a/pki/base/common/src/com/netscape/cmscore/authentication/VerifiedCert.java
+++ b/pki/base/common/src/com/netscape/cmscore/authentication/VerifiedCert.java
@@ -17,16 +17,14 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cmscore.authentication;
 
-
 import java.math.BigInteger;
 import java.util.Date;
 
 import com.netscape.certsrv.apps.CMS;
 
-
-/** 
+/**
  * class storing verified certificate.
- *
+ * 
  * @version $Revision$, $Date$
  */
 
@@ -45,9 +43,9 @@ public class VerifiedCert {
     /**
      * Constructs verified certiificate record
      */
- 
+
     public VerifiedCert(BigInteger serialNumber, byte[] certEncoded,
-        int status) {
+            int status) {
         mStatus = status;
         mSerialNumber = serialNumber;
         mCertEncoded = certEncoded;
@@ -55,13 +53,13 @@ public class VerifiedCert {
     }
 
     public int check(BigInteger serialNumber, byte[] certEncoded,
-        long interval, long unknownStateInterval) {
+            long interval, long unknownStateInterval) {
         int status = UNKNOWN;
- 
+
         if (mSerialNumber.equals(serialNumber)) {
             if (mCertEncoded != null) {
                 if (certEncoded != null &&
-                    mCertEncoded.length == certEncoded.length) {
+                        mCertEncoded.length == certEncoded.length) {
                     int i;
 
                     for (i = 0; i < mCertEncoded.length; i++) {
@@ -90,4 +88,3 @@ public class VerifiedCert {
         return status;
     }
 }
-
diff --git a/pki/base/common/src/com/netscape/cmscore/authentication/VerifiedCerts.java b/pki/base/common/src/com/netscape/cmscore/authentication/VerifiedCerts.java
index ca0f63e5..0907bf62 100644
--- a/pki/base/common/src/com/netscape/cmscore/authentication/VerifiedCerts.java
+++ b/pki/base/common/src/com/netscape/cmscore/authentication/VerifiedCerts.java
@@ -17,15 +17,13 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cmscore.authentication;
 
-
 import java.math.BigInteger;
 
 import netscape.security.x509.X509CertImpl;
 
-
-/** 
+/**
  * class storing verified certificates.
- *
+ * 
  * @version $Revision$, $Date$
  */
 
@@ -38,11 +36,11 @@ public class VerifiedCerts {
     private VerifiedCert[] mVCerts = null;
     private long mInterval = 0;
     private long mUnknownStateInterval = 0;
- 
+
     /**
      * Constructs verified certiificates list
      */
- 
+
     public VerifiedCerts(int size, long interval) {
         mVCerts = new VerifiedCert[size];
         mInterval = interval;
@@ -64,8 +62,8 @@ public class VerifiedCerts {
             } catch (Exception e) {
             }
             if ((certEncoded != null ||
-                    (status == VerifiedCert.CHECKED && mUnknownStateInterval > 0)) 
-                && mInterval > 0) {
+                    (status == VerifiedCert.CHECKED && mUnknownStateInterval > 0))
+                    && mInterval > 0) {
                 update(cert.getSerialNumber(), certEncoded, status);
             }
         }
@@ -75,7 +73,7 @@ public class VerifiedCerts {
         if ((status == VerifiedCert.NOT_REVOKED ||
                 status == VerifiedCert.REVOKED ||
                 (status == VerifiedCert.CHECKED && mUnknownStateInterval > 0))
-            && mInterval > 0) {
+                && mInterval > 0) {
             if (mLast == mNext && mFirst == mNext) { // empty
                 mVCerts[mNext] = new VerifiedCert(serialNumber, certEncoded, status);
                 mNext = next(mNext);
@@ -94,8 +92,8 @@ public class VerifiedCerts {
 
     public int check(X509CertImpl cert) {
         int status = VerifiedCert.UNKNOWN;
-        
-        if (mLast != mNext && mInterval > 0) {  // if not empty and
+
+        if (mLast != mNext && mInterval > 0) { // if not empty and
             if (cert != null) {
                 byte[] certEncoded = null;
 
@@ -116,10 +114,11 @@ public class VerifiedCerts {
         int status = VerifiedCert.UNKNOWN;
         int i = mLast;
 
-        if (mVCerts != null && mLast != mNext && mInterval > 0) {  // if not empty and
-            while (status == VerifiedCert.UNKNOWN) { 
-                if (mVCerts[i] == null) 
-                   return status;
+        if (mVCerts != null && mLast != mNext && mInterval > 0) { // if not
+                                                                  // empty and
+            while (status == VerifiedCert.UNKNOWN) {
+                if (mVCerts[i] == null)
+                    return status;
                 status = mVCerts[i].check(serialNumber, certEncoded,
                             mInterval, mUnknownStateInterval);
                 if (status == VerifiedCert.EXPIRED) {
@@ -158,4 +157,3 @@ public class VerifiedCerts {
         return i;
     }
 }
-
diff --git a/pki/base/common/src/com/netscape/cmscore/authorization/AuthzSubsystem.java b/pki/base/common/src/com/netscape/cmscore/authorization/AuthzSubsystem.java
index 62351f1a..429aeda0 100644
--- a/pki/base/common/src/com/netscape/cmscore/authorization/AuthzSubsystem.java
+++ b/pki/base/common/src/com/netscape/cmscore/authorization/AuthzSubsystem.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cmscore.authorization;
 
-
 import java.util.Enumeration;
 import java.util.Hashtable;
 import java.util.Vector;
@@ -38,11 +37,10 @@ import com.netscape.certsrv.base.ISubsystem;
 import com.netscape.certsrv.logging.ILogger;
 import com.netscape.cmscore.util.Debug;
 
-
 /**
  * Default authorization subsystem
  * <P>
- *
+ * 
  * @author cfu
  * @version $Revision$, $Date$
  */
@@ -70,14 +68,15 @@ public class AuthzSubsystem implements IAuthzSubsystem {
     }
 
     /**
-     * Initializes the authorization subsystem from the config store.
-     * Load Authorization manager plugins, create and initialize
-     * initialize authorization manager instances. 
+     * Initializes the authorization subsystem from the config store. Load
+     * Authorization manager plugins, create and initialize initialize
+     * authorization manager instances.
+     * 
      * @param owner The owner of this module.
      * @param config The configuration store.
      */
     public void init(ISubsystem owner, IConfigStore config)
-        throws EBaseException {
+            throws EBaseException {
         try {
             mLogger = CMS.getLogger();
             mConfig = config;
@@ -90,7 +89,7 @@ public class AuthzSubsystem implements IAuthzSubsystem {
             while (mImpls.hasMoreElements()) {
                 String id = (String) mImpls.nextElement();
                 String pluginPath = c.getString(id + "." + PROP_CLASS);
-			
+
                 AuthzMgrPlugin plugin = new AuthzMgrPlugin(id, pluginPath);
 
                 mAuthzMgrPlugins.put(id, plugin);
@@ -107,16 +106,16 @@ public class AuthzSubsystem implements IAuthzSubsystem {
             while (instances.hasMoreElements()) {
                 String insName = (String) instances.nextElement();
                 String implName = c.getString(insName + "." + PROP_PLUGIN);
-                AuthzMgrPlugin plugin = 
-                    (AuthzMgrPlugin) mAuthzMgrPlugins.get(implName);
+                AuthzMgrPlugin plugin =
+                        (AuthzMgrPlugin) mAuthzMgrPlugins.get(implName);
 
                 if (plugin == null) {
-                    log(ILogger.LL_FAILURE, 
-                        CMS.getLogMessage("CMSCORE_AUTHZ_PLUGIN_NOT_FOUND", implName));
+                    log(ILogger.LL_FAILURE,
+                            CMS.getLogMessage("CMSCORE_AUTHZ_PLUGIN_NOT_FOUND", implName));
                     throw new EAuthzMgrPluginNotFound(CMS.getUserMessage("CMS_AUTHORIZATION_AUTHZMGR_PLUGIN_NOT_FOUND", implName));
                 } else {
                     CMS.debug(
-                        CMS.getLogMessage("CMSCORE_AUTHZ_PLUGIN_FOUND", implName));
+                            CMS.getLogMessage("CMSCORE_AUTHZ_PLUGIN_FOUND", implName));
                 }
 
                 String className = plugin.getClassPath();
@@ -126,33 +125,30 @@ public class AuthzSubsystem implements IAuthzSubsystem {
                 IAuthzManager authzMgrInst = null;
 
                 try {
-                    authzMgrInst = (IAuthzManager) 
-                        Class.forName(className).newInstance();
+                    authzMgrInst = (IAuthzManager)
+                            Class.forName(className).newInstance();
                     IConfigStore authzMgrConfig = c.getSubStore(insName);
 
                     authzMgrInst.init(insName, implName, authzMgrConfig);
                     isEnable = true;
 
-                    log(ILogger.LL_INFO, 
-                        CMS.getLogMessage("CMSCORE_AUTHZ_INSTANCE_ADDED", insName));
+                    log(ILogger.LL_INFO,
+                            CMS.getLogMessage("CMSCORE_AUTHZ_INSTANCE_ADDED", insName));
                 } catch (ClassNotFoundException e) {
                     String errMsg = "AuthzSubsystem:: init()-" + e.toString();
 
                     log(ILogger.LL_FAILURE, CMS.getLogMessage("OPERATION_ERROR", errMsg));
-                    throw new
-                        EAuthzException(CMS.getUserMessage("CMS_AUTHORIZATION_LOAD_CLASS_FAIL", className));
+                    throw new EAuthzException(CMS.getUserMessage("CMS_AUTHORIZATION_LOAD_CLASS_FAIL", className));
                 } catch (IllegalAccessException e) {
                     String errMsg = "AuthzSubsystem:: init()-" + e.toString();
 
                     log(ILogger.LL_FAILURE, CMS.getLogMessage("OPERATION_ERROR", errMsg));
-                    throw new
-                        EAuthzException(CMS.getUserMessage("CMS_AUTHORIZATION_LOAD_CLASS_FAIL", className));
+                    throw new EAuthzException(CMS.getUserMessage("CMS_AUTHORIZATION_LOAD_CLASS_FAIL", className));
                 } catch (InstantiationException e) {
                     String errMsg = "AuthzSubsystem: init()-" + e.toString();
 
                     log(ILogger.LL_FAILURE, CMS.getLogMessage("OPERATION_ERROR", errMsg));
-                    throw new
-                        EAuthzException(CMS.getUserMessage("CMS_AUTHORIZATION_LOAD_CLASS_FAIL", className));
+                    throw new EAuthzException(CMS.getUserMessage("CMS_AUTHORIZATION_LOAD_CLASS_FAIL", className));
                 } catch (EBaseException e) {
                     log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_AUTHZ_PLUGIN_INIT_FAILED", insName, e.toString()));
                     // it is mis-configurated. This give
@@ -166,8 +162,8 @@ public class AuthzSubsystem implements IAuthzSubsystem {
                     // fix the problem via console
                 }
                 // add manager instance to list.
-                mAuthzMgrInsts.put(insName, new 
-                    AuthzManagerProxy(isEnable, authzMgrInst));
+                mAuthzMgrInsts.put(insName, new
+                        AuthzManagerProxy(isEnable, authzMgrInst));
                 if (Debug.ON) {
                     Debug.trace("loaded authz instance " + insName + " impl " + implName);
                 }
@@ -182,16 +178,19 @@ public class AuthzSubsystem implements IAuthzSubsystem {
     }
 
     /**
-     * authMgrzAccessInit is for servlets who want to initialize their
-     * own authorization information before full operation.  It is supposed
-     * to be called during the init() method of a servlet.
+     * authMgrzAccessInit is for servlets who want to initialize their own
+     * authorization information before full operation. It is supposed to be
+     * called during the init() method of a servlet.
+     * 
      * @param authzMgrName The authorization manager name
-     * @param accessInfo the access information to be initialized.  currently it's acl string in the format specified in the authorization manager
+     * @param accessInfo the access information to be initialized. currently
+     *            it's acl string in the format specified in the authorization
+     *            manager
      */
     public void authzMgrAccessInit(String authzMgrInstName, String accessInfo)
-        throws EAuthzMgrNotFound, EBaseException {
+            throws EAuthzMgrNotFound, EBaseException {
         AuthzManagerProxy proxy = (AuthzManagerProxy)
-            mAuthzMgrInsts.get(authzMgrInstName);
+                mAuthzMgrInsts.get(authzMgrInstName);
 
         if (proxy == null) {
             throw new EAuthzMgrNotFound(CMS.getUserMessage("CMS_AUTHORIZATION_AUTHZMGR_NOT_FOUND", authzMgrInstName));
@@ -210,21 +209,22 @@ public class AuthzSubsystem implements IAuthzSubsystem {
 
     /**
      * Authorization to the named authorization manager instance
+     * 
      * @param authzMgrName The authorization manager name
      * @param authToken the authenticaton token associated with a user
      * @param resource the resource protected by the authorization system
-     * @param operation the operation for resource protected by the authoriz
-     n system
+     * @param operation the operation for resource protected by the authoriz n
+     *            system
      * @exception EBaseException If an error occurs during authorization.
      * @return a authorization token.
      */
     public AuthzToken authorize(
-        String authzMgrInstName, IAuthToken authToken,
-        String resource, String operation)
-        throws EAuthzMgrNotFound, EBaseException {
+            String authzMgrInstName, IAuthToken authToken,
+            String resource, String operation)
+            throws EAuthzMgrNotFound, EBaseException {
 
         AuthzManagerProxy proxy = (AuthzManagerProxy)
-            mAuthzMgrInsts.get(authzMgrInstName);
+                mAuthzMgrInsts.get(authzMgrInstName);
 
         if (proxy == null) {
             throw new EAuthzMgrNotFound(CMS.getUserMessage("CMS_AUTHORIZATION_AUTHZMGR_NOT_FOUND", authzMgrInstName));
@@ -241,15 +241,15 @@ public class AuthzSubsystem implements IAuthzSubsystem {
     }
 
     public AuthzToken authorize(
-        String authzMgrInstName, IAuthToken authToken, String exp) 
-        throws EAuthzMgrNotFound, EBaseException {
+            String authzMgrInstName, IAuthToken authToken, String exp)
+            throws EAuthzMgrNotFound, EBaseException {
 
         AuthzManagerProxy proxy = (AuthzManagerProxy)
-            mAuthzMgrInsts.get(authzMgrInstName);
+                mAuthzMgrInsts.get(authzMgrInstName);
 
         if (proxy == null) {
             throw new EAuthzMgrNotFound(CMS.getUserMessage("CMS_AUTHORIZATION_AUTHZMGR_NOT_FOUND", authzMgrInstName));
-        } 
+        }
         if (!proxy.isEnable()) {
             throw new EAuthzMgrNotFound(CMS.getUserMessage("CMS_AUTHORIZATION_AUTHZMGR_NOT_FOUND", authzMgrInstName));
         }
@@ -262,13 +262,13 @@ public class AuthzSubsystem implements IAuthzSubsystem {
     }
 
     /**
-     * Gets configuration parameters for the given 
-     * authorization manager plugin.
+     * Gets configuration parameters for the given authorization manager plugin.
+     * 
      * @param implName Name of the authorization plugin.
      * @return Hashtable of required parameters.
      */
     public String[] getConfigParams(String implName)
-        throws EAuthzMgrPluginNotFound, EBaseException {
+            throws EAuthzMgrPluginNotFound, EBaseException {
         // is this a registered implname?
         AuthzMgrPlugin plugin = (AuthzMgrPlugin) mAuthzMgrPlugins.get(implName);
 
@@ -287,21 +287,19 @@ public class AuthzSubsystem implements IAuthzSubsystem {
             return (authzMgrInst.getConfigParams());
         } catch (InstantiationException e) {
             log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_AUTHZ_PLUGIN_NOT_CREATED", e.toString()));
-            throw new 
-                EAuthzException(CMS.getUserMessage("CMS_AUTHORIZATION_LOAD_CLASS_FAIL", className));
+            throw new EAuthzException(CMS.getUserMessage("CMS_AUTHORIZATION_LOAD_CLASS_FAIL", className));
         } catch (ClassNotFoundException e) {
             log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_AUTHZ_PLUGIN_NOT_CREATED", e.toString()));
-            throw new 
-                EAuthzException(CMS.getUserMessage("CMS_AUTHORIZATION_LOAD_CLASS_FAIL", className));
+            throw new EAuthzException(CMS.getUserMessage("CMS_AUTHORIZATION_LOAD_CLASS_FAIL", className));
         } catch (IllegalAccessException e) {
             log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_AUTHZ_PLUGIN_NOT_CREATED", e.toString()));
-            throw new 
-                EAuthzException(CMS.getUserMessage("CMS_AUTHORIZATION_LOAD_CLASS_FAIL", className));
+            throw new EAuthzException(CMS.getUserMessage("CMS_AUTHORIZATION_LOAD_CLASS_FAIL", className));
         }
     }
 
     /**
      * Add an authorization manager instance.
+     * 
      * @param name name of the authorization manager instance
      * @param authzMgr the authorization manager instance to be added
      */
@@ -311,6 +309,7 @@ public class AuthzSubsystem implements IAuthzSubsystem {
 
     /*
      * Removes a authorization manager instance.
+     * 
      * @param name name of the authorization manager
      */
     public void delete(String name) {
@@ -319,6 +318,7 @@ public class AuthzSubsystem implements IAuthzSubsystem {
 
     /**
      * Gets the authorization manager instance of the specified name.
+     * 
      * @param name name of the authorization manager instance
      * @return the named authorization manager instance
      */
@@ -362,9 +362,9 @@ public class AuthzSubsystem implements IAuthzSubsystem {
     }
 
     /**
-     * Retrieve a single authz manager instance 
+     * Retrieve a single authz manager instance
      */
-    
+
     /* getconfigparams above should be recoded to use this func */
     public IAuthzManager getAuthzManagerPlugin(String name) {
         AuthzMgrPlugin plugin = (AuthzMgrPlugin) mAuthzMgrPlugins.get(name);
@@ -382,16 +382,18 @@ public class AuthzSubsystem implements IAuthzSubsystem {
 
     /**
      * Retrieves id (name) of this subsystem.
+     * 
      * @return name of the authorization subsystem
      */
     public String getId() {
         return (mId);
     }
-  
+
     /**
      * Sets id string to this subsystem.
      * <p>
-     * Use with caution.  Should not do it when sharing with others
+     * Use with caution. Should not do it when sharing with others
+     * 
      * @param id name to be applied to an authorization sybsystem
      */
     public void setId(String id) throws EBaseException {
@@ -402,25 +404,24 @@ public class AuthzSubsystem implements IAuthzSubsystem {
      * registers the administration servlet with the administration subsystem.
      */
     public void startup() throws EBaseException {
-        //remove the log since it's already logged from S_ADMIN
-        //String infoMsg = "Authz subsystem administration Servlet registered";
-        //log(ILogger.LL_INFO, infoMsg);
+        // remove the log since it's already logged from S_ADMIN
+        // String infoMsg = "Authz subsystem administration Servlet registered";
+        // log(ILogger.LL_INFO, infoMsg);
     }
 
     /**
-     * shuts down authorization managers one by one. 
+     * shuts down authorization managers one by one.
      * <P>
      */
     public void shutdown() {
-        for (Enumeration<String> e = mAuthzMgrInsts.keys();
-            e.hasMoreElements();) {
+        for (Enumeration<String> e = mAuthzMgrInsts.keys(); e.hasMoreElements();) {
 
             IAuthzManager mgr = (IAuthzManager) get((String) e.nextElement());
 
-            String infoMsg = 
-                "Shutting down authz manager instance " + mgr.getName();
+            String infoMsg =
+                    "Shutting down authz manager instance " + mgr.getName();
 
-            //log(ILogger.LL_INFO, infoMsg);
+            // log(ILogger.LL_INFO, infoMsg);
 
             mgr.shutdown();
         }
@@ -441,7 +442,7 @@ public class AuthzSubsystem implements IAuthzSubsystem {
     /**
      * Returns the root configuration storage of this system.
      * <P>
-     *
+     * 
      * @return configuration store of this subsystem
      */
     public IConfigStore getConfigStore() {
@@ -450,6 +451,7 @@ public class AuthzSubsystem implements IAuthzSubsystem {
 
     /**
      * gets the named authorization manager
+     * 
      * @param name of the authorization manager
      * @return the named authorization manager
      */
@@ -464,7 +466,7 @@ public class AuthzSubsystem implements IAuthzSubsystem {
         if (mLogger == null)
             return;
         mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_AUTHORIZATION,
-            level, msg);
+                level, msg);
     }
 
 }
diff --git a/pki/base/common/src/com/netscape/cmscore/base/ArgBlock.java b/pki/base/common/src/com/netscape/cmscore/base/ArgBlock.java
index 8f29fc1b..d66059c9 100644
--- a/pki/base/common/src/com/netscape/cmscore/base/ArgBlock.java
+++ b/pki/base/common/src/com/netscape/cmscore/base/ArgBlock.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cmscore.base;
 
-
 import java.io.IOException;
 import java.math.BigInteger;
 import java.security.NoSuchAlgorithmException;
@@ -34,12 +33,10 @@ import com.netscape.certsrv.base.EBaseException;
 import com.netscape.certsrv.base.IArgBlock;
 import com.netscape.certsrv.base.KeyGenInfo;
 
-
 /**
- * This class represents a set of indexed arguments. 
- * Each argument is indexed by a key, which can be 
- * used during the argument retrieval.
- *
+ * This class represents a set of indexed arguments. Each argument is indexed by
+ * a key, which can be used during the argument retrieval.
+ * 
  * @version $Revision$, $Date$
  */
 public class ArgBlock implements IArgBlock {
@@ -48,48 +45,45 @@ public class ArgBlock implements IArgBlock {
      *
      */
     private static final long serialVersionUID = -6054531129316353282L;
-    /*==========================================================
-     * variables
-     *==========================================================*/
-    public static final String 
-        CERT_NEW_REQUEST_HEADER = "-----BEGIN NEW CERTIFICATE REQUEST-----";
-    public static final String 
-        CERT_NEW_REQUEST_TRAILER = "-----END NEW CERTIFICATE REQUEST-----";
-    public static final String 
-        CERT_REQUEST_HEADER = "-----BEGIN CERTIFICATE REQUEST-----";
-    public static final String 
-        CERT_REQUEST_TRAILER = "-----END CERTIFICATE REQUEST-----";
-    public static final String 
-        CERT_RENEWAL_HEADER = "-----BEGIN RENEWAL CERTIFICATE REQUEST-----";
-    public static final String 
-        CERT_RENEWAL_TRAILER = "-----END RENEWAL CERTIFICATE REQUEST-----";
+    /*
+     * ========================================================== variables
+     * ==========================================================
+     */
+    public static final String CERT_NEW_REQUEST_HEADER = "-----BEGIN NEW CERTIFICATE REQUEST-----";
+    public static final String CERT_NEW_REQUEST_TRAILER = "-----END NEW CERTIFICATE REQUEST-----";
+    public static final String CERT_REQUEST_HEADER = "-----BEGIN CERTIFICATE REQUEST-----";
+    public static final String CERT_REQUEST_TRAILER = "-----END CERTIFICATE REQUEST-----";
+    public static final String CERT_RENEWAL_HEADER = "-----BEGIN RENEWAL CERTIFICATE REQUEST-----";
+    public static final String CERT_RENEWAL_TRAILER = "-----END RENEWAL CERTIFICATE REQUEST-----";
 
     private Hashtable<String, Object> mArgs = new Hashtable<String, Object>();
 
-	private String mType = "unspecified-argblock";
+    private String mType = "unspecified-argblock";
 
-    /*==========================================================
-     * constructors
-     *==========================================================*/
+    /*
+     * ========================================================== constructors
+     * ==========================================================
+     */
     /**
      * Constructs an argument block with the given hashtable values.
+     * 
      * @param realm the type of argblock - used for debugging the values
      */
     public ArgBlock(String realm, Hashtable<String, String> httpReq) {
-		mType = realm;
-		populate(httpReq);
-	}
-    
+        mType = realm;
+        populate(httpReq);
+    }
+
     /**
      * Constructs an argument block with the given hashtable values.
-     *
+     * 
      * @param httpReq hashtable keys and values
      */
     public ArgBlock(Hashtable<String, String> httpReq) {
-		populate(httpReq);
-	}
+        populate(httpReq);
+    }
 
-	private void populate(Hashtable<String, String> httpReq) {
+    private void populate(Hashtable<String, String> httpReq) {
         // Add all parameters from the request
         Enumeration<String> e = httpReq.keys();
 
@@ -109,18 +103,19 @@ public class ArgBlock implements IArgBlock {
     public ArgBlock() {
     }
 
-    /*==========================================================
-     * public methods
-     *==========================================================*/
+    /*
+     * ========================================================== public methods
+     * ==========================================================
+     */
 
     /**
      * Checks if this argument block contains the given key.
-     *
+     * 
      * @param n key
      * @return true if key is present
      */
     public boolean isValuePresent(String n) {
-		CMS.traceHashKey(mType, n);
+        CMS.traceHashKey(mType, n);
         if (mArgs.get(n) != null) {
             return true;
         } else {
@@ -130,7 +125,7 @@ public class ArgBlock implements IArgBlock {
 
     /**
      * Adds string-based value into this argument block.
-     *
+     * 
      * @param n key
      * @param v value
      * @return value
@@ -145,14 +140,14 @@ public class ArgBlock implements IArgBlock {
 
     /**
      * Retrieves argument value as string.
-     *
+     * 
      * @param n key
      * @return argument value as string
      * @exception EBaseException failed to retrieve value
      */
     public String getValueAsString(String n) throws EBaseException {
-		String t= (String)mArgs.get(n);
-		CMS.traceHashKey(mType, n, t);
+        String t = (String) mArgs.get(n);
+        CMS.traceHashKey(mType, n, t);
 
         if (t != null) {
             return t;
@@ -163,14 +158,14 @@ public class ArgBlock implements IArgBlock {
 
     /**
      * Retrieves argument value as string.
-     *
+     * 
      * @param n key
      * @param def default value to be returned if key is not present
      * @return argument value as string
      */
     public String getValueAsString(String n, String def) {
         String val = (String) mArgs.get(n);
-		CMS.traceHashKey(mType, n, val, def);
+        CMS.traceHashKey(mType, n, val, def);
 
         if (val != null) {
             return val;
@@ -181,14 +176,14 @@ public class ArgBlock implements IArgBlock {
 
     /**
      * Retrieves argument value as integer.
-     *
+     * 
      * @param n key
      * @return argument value as int
      * @exception EBaseException failed to retrieve value
      */
     public int getValueAsInt(String n) throws EBaseException {
         if (mArgs.get(n) != null) {
-			CMS.traceHashKey(mType, n, (String)mArgs.get(n));
+            CMS.traceHashKey(mType, n, (String) mArgs.get(n));
             try {
                 return new Integer((String) mArgs.get(n)).intValue();
             } catch (NumberFormatException e) {
@@ -196,20 +191,20 @@ public class ArgBlock implements IArgBlock {
                         CMS.getUserMessage("CMS_BASE_INVALID_ATTR_TYPE", n, e.toString()));
             }
         } else {
-			CMS.traceHashKey(mType, n, "<notpresent>");
+            CMS.traceHashKey(mType, n, "<notpresent>");
             throw new EBaseException(CMS.getUserMessage("CMS_BASE_ATTRIBUTE_NOT_FOUND", n));
         }
     }
 
     /**
      * Retrieves argument value as integer.
-     *
+     * 
      * @param n key
      * @param def default value to be returned if key is not present
      * @return argument value as int
      */
     public int getValueAsInt(String n, int def) {
-		CMS.traceHashKey(mType, n, (String)mArgs.get(n), ""+def);
+        CMS.traceHashKey(mType, n, (String) mArgs.get(n), "" + def);
         if (mArgs.get(n) != null) {
             try {
                 return new Integer((String) mArgs.get(n)).intValue();
@@ -223,13 +218,13 @@ public class ArgBlock implements IArgBlock {
 
     /**
      * Retrieves argument value as big integer.
-     *
+     * 
      * @param n key
      * @return argument value as big integer
      * @exception EBaseException failed to retrieve value
      */
     public BigInteger getValueAsBigInteger(String n)
-        throws EBaseException {
+            throws EBaseException {
         String v = (String) mArgs.get(n);
 
         if (v != null) {
@@ -250,7 +245,7 @@ public class ArgBlock implements IArgBlock {
 
     /**
      * Retrieves argument value as big integer.
-     *
+     * 
      * @param n key
      * @param def default value to be returned if key is not present
      * @return argument value as big integer
@@ -265,7 +260,7 @@ public class ArgBlock implements IArgBlock {
 
     /**
      * Retrieves argument value as object
-     *
+     * 
      * @param n key
      * @return argument value as object
      * @exception EBaseException failed to retrieve value
@@ -280,7 +275,7 @@ public class ArgBlock implements IArgBlock {
 
     /**
      * Retrieves argument value as object
-     *
+     * 
      * @param n key
      * @param def default value to be returned if key is not present
      * @return argument value as object
@@ -295,18 +290,18 @@ public class ArgBlock implements IArgBlock {
 
     /**
      * Gets boolean value. They should be "true" or "false".
-     *
+     * 
      * @param name name of the input type
      * @return boolean type: <code>true</code> or <code>false</code>
      * @exception EBaseException failed to retrieve value
      */
-    public boolean getValueAsBoolean(String name)  throws EBaseException {
+    public boolean getValueAsBoolean(String name) throws EBaseException {
         String val = (String) mArgs.get(name);
-		CMS.traceHashKey(mType, name, val);
+        CMS.traceHashKey(mType, name, val);
 
         if (val != null) {
-            if (val.equalsIgnoreCase("true") || 
-                val.equalsIgnoreCase("on")) 
+            if (val.equalsIgnoreCase("true") ||
+                    val.equalsIgnoreCase("on"))
                 return true;
             else
                 return false;
@@ -317,34 +312,34 @@ public class ArgBlock implements IArgBlock {
 
     /**
      * Gets boolean value. They should be "true" or "false".
-     *
+     * 
      * @param name name of the input type
      * @return boolean type: <code>true</code> or <code>false</code>
      */
     public boolean getValueAsBoolean(String name, boolean def) {
         boolean val;
 
-        try { 
-            val = getValueAsBoolean(name); 
+        try {
+            val = getValueAsBoolean(name);
             return val;
-        } catch (EBaseException e) { 
-            return def; 
+        } catch (EBaseException e) {
+            return def;
         }
     }
 
     /**
      * Gets KeyGenInfo
-     *
+     * 
      * @param name name of the input type
      * @param verify true if signature validation is required
      * @exception EBaseException
      * @return KeyGenInfo object
      */
     public KeyGenInfo getValueAsKeyGenInfo(String name, KeyGenInfo def)
-        throws EBaseException {
+            throws EBaseException {
         KeyGenInfo keyGenInfo;
 
-		CMS.traceHashKey(mType, name);
+        CMS.traceHashKey(mType, name);
         if (mArgs.get(name) != null) {
             try {
                 keyGenInfo = new KeyGenInfo((String) mArgs.get(name));
@@ -359,9 +354,9 @@ public class ArgBlock implements IArgBlock {
     }
 
     /**
-     * Gets PKCS10 request. This pkcs10 attribute does not 
-     * contain header information.
-     *
+     * Gets PKCS10 request. This pkcs10 attribute does not contain header
+     * information.
+     * 
      * @param name name of the input type
      * @return pkcs10 request
      * @exception EBaseException failed to retrieve value
@@ -370,22 +365,22 @@ public class ArgBlock implements IArgBlock {
         PKCS10 request;
 
         if (mArgs.get(name) != null) {
-			CMS.traceHashKey(mType, name, (String)mArgs.get(name));
+            CMS.traceHashKey(mType, name, (String) mArgs.get(name));
 
             String tempStr = unwrap((String) mArgs.get(name), false);
 
             if (tempStr == null) {
                 throw new EBaseException(
-                        CMS.getUserMessage("CMS_BASE_INVALID_ATTR_VALUE", name, "Empty Content")); 
+                        CMS.getUserMessage("CMS_BASE_INVALID_ATTR_VALUE", name, "Empty Content"));
             }
             try {
                 request = decodePKCS10(tempStr);
             } catch (Exception e) {
                 throw new EBaseException(
-                        CMS.getUserMessage("CMS_BASE_INVALID_ATTR_VALUE", name, e.toString())); 
+                        CMS.getUserMessage("CMS_BASE_INVALID_ATTR_VALUE", name, e.toString()));
             }
         } else {
-			CMS.traceHashKey(mType, name, "<notpresent>");
+            CMS.traceHashKey(mType, name, "<notpresent>");
             throw new EBaseException(CMS.getUserMessage("CMS_BASE_ATTRIBUTE_NOT_FOUND", name));
         }
 
@@ -393,19 +388,19 @@ public class ArgBlock implements IArgBlock {
     }
 
     /**
-     * Gets PKCS10 request. This pkcs10 attribute does not 
-     * contain header information.
-     *
+     * Gets PKCS10 request. This pkcs10 attribute does not contain header
+     * information.
+     * 
      * @param name name of the input type
      * @param def default PKCS10
      * @return pkcs10 request
      * @exception EBaseException failed to retrieve value
      */
     public PKCS10 getValueAsRawPKCS10(String name, PKCS10 def)
-        throws EBaseException {
+            throws EBaseException {
         PKCS10 request;
 
-		CMS.traceHashKey(mType, name);
+        CMS.traceHashKey(mType, name);
         if (mArgs.get(name) != null) {
 
             String tempStr = unwrap((String) mArgs.get(name), false);
@@ -426,30 +421,30 @@ public class ArgBlock implements IArgBlock {
 
     /**
      * Retrieves PKCS10
-     *
-     * @param name name of the  input type
+     * 
+     * @param name name of the input type
      * @param checkheader true if header must be present
      * @return PKCS10 object
      * @exception EBaseException failed to retrieve value
      */
-    public PKCS10 getValueAsPKCS10(String name, boolean checkheader) 
-        throws EBaseException {
+    public PKCS10 getValueAsPKCS10(String name, boolean checkheader)
+            throws EBaseException {
         PKCS10 request;
 
-		CMS.traceHashKey(mType, name);
+        CMS.traceHashKey(mType, name);
         if (mArgs.get(name) != null) {
 
             String tempStr = unwrap((String) mArgs.get(name), checkheader);
 
             if (tempStr == null) {
                 throw new EBaseException(
-                        CMS.getUserMessage("CMS_BASE_INVALID_ATTR_VALUE", name, "Empty Content")); 
+                        CMS.getUserMessage("CMS_BASE_INVALID_ATTR_VALUE", name, "Empty Content"));
             }
             try {
                 request = decodePKCS10(tempStr);
             } catch (Exception e) {
                 throw new EBaseException(
-                        CMS.getUserMessage("CMS_BASE_INVALID_ATTR_VALUE", name, e.toString())); 
+                        CMS.getUserMessage("CMS_BASE_INVALID_ATTR_VALUE", name, e.toString()));
             }
         } else {
             throw new EBaseException(CMS.getUserMessage("CMS_BASE_ATTRIBUTE_NOT_FOUND", name));
@@ -460,19 +455,19 @@ public class ArgBlock implements IArgBlock {
 
     /**
      * Retrieves PKCS10
-     *
-     * @param name name of the  input type
+     * 
+     * @param name name of the input type
      * @param checkheader true if header must be present
      * @param def default PKCS10
-     * @return PKCS10 object 
+     * @return PKCS10 object
      * @exception EBaseException
      */
     public PKCS10 getValueAsPKCS10(
-        String name, boolean checkheader, PKCS10 def) 
-        throws EBaseException {
+            String name, boolean checkheader, PKCS10 def)
+            throws EBaseException {
         PKCS10 request;
 
-		CMS.traceHashKey(mType, name);
+        CMS.traceHashKey(mType, name);
 
         if (mArgs.get(name) != null) {
 
@@ -495,17 +490,17 @@ public class ArgBlock implements IArgBlock {
 
     /**
      * Retrieves PKCS10
-     *
-     * @param name name of the  input type
+     * 
+     * @param name name of the input type
      * @param def default PKCS10
-     * @return PKCS10 object 
+     * @return PKCS10 object
      * @exception EBaseException
      */
-    public PKCS10 getValuePKCS10(String name, PKCS10 def) 
-        throws EBaseException {
+    public PKCS10 getValuePKCS10(String name, PKCS10 def)
+            throws EBaseException {
         PKCS10 request;
         String p10b64 = (String) mArgs.get(name);
-		CMS.traceHashKey(mType, name);
+        CMS.traceHashKey(mType, name);
 
         if (p10b64 != null) {
 
@@ -522,7 +517,7 @@ public class ArgBlock implements IArgBlock {
 
     /**
      * Sets argument into this block.
-     *
+     * 
      * @param name key
      * @param ob value
      */
@@ -532,18 +527,18 @@ public class ArgBlock implements IArgBlock {
 
     /**
      * Retrieves argument.
-     *
+     * 
      * @param name key
      * @return object value
      */
     public Object get(String name) {
-		CMS.traceHashKey(mType, name);
+        CMS.traceHashKey(mType, name);
         return mArgs.get(name);
     }
 
     /**
      * Deletes argument by the given key.
-     *
+     * 
      * @param name key
      */
     public void delete(String name) {
@@ -552,7 +547,7 @@ public class ArgBlock implements IArgBlock {
 
     /**
      * Retrieves a list of argument keys.
-     *
+     * 
      * @return a list of string-based keys
      */
     public Enumeration<String> getElements() {
@@ -561,7 +556,7 @@ public class ArgBlock implements IArgBlock {
 
     /**
      * Retrieves a list of argument keys.
-     *
+     * 
      * @return a list of string-based keys
      */
     public Enumeration<String> elements() {
@@ -570,7 +565,7 @@ public class ArgBlock implements IArgBlock {
 
     /**
      * Adds long-type arguments to this block.
-     *
+     * 
      * @param n key
      * @param v value
      * @return value
@@ -581,7 +576,7 @@ public class ArgBlock implements IArgBlock {
 
     /**
      * Adds integer-type arguments to this block.
-     *
+     * 
      * @param n key
      * @param v value
      * @return value
@@ -592,7 +587,7 @@ public class ArgBlock implements IArgBlock {
 
     /**
      * Adds boolean-type arguments to this block.
-     *
+     * 
      * @param n key
      * @param v value
      * @return value
@@ -607,7 +602,7 @@ public class ArgBlock implements IArgBlock {
 
     /**
      * Adds integer-type arguments to this block.
-     *
+     * 
      * @param n key
      * @param v value
      * @param radix radix
@@ -617,20 +612,20 @@ public class ArgBlock implements IArgBlock {
         return mArgs.put(n, v.toString(radix));
     }
 
-    /*==========================================================
-     * private methods
-     *==========================================================*/
-
+    /*
+     * ========================================================== private
+     * methods==========================================================
+     */
 
     /**
      * Unwrap PKCS10 Package
-     *
+     * 
      * @param request string formated PKCS10 request
      * @exception EBaseException
      * @return Base64Encoded PKCS10 request
      */
     private String unwrap(String request, boolean checkHeader)
-        throws EBaseException {
+            throws EBaseException {
         String unwrapped;
         String header = null;
         int head = -1;
@@ -655,7 +650,7 @@ public class ArgBlock implements IArgBlock {
             // header.
             if (!(head == -1 && trail == -1)) {
                 header = CERT_REQUEST_HEADER;
-		
+
             }
         }
 
@@ -695,22 +690,22 @@ public class ArgBlock implements IArgBlock {
 
     /**
      * Decode Der encoded PKCS10 certifictae Request
-     *
+     * 
      * @param base64Request Base64 Encoded Certificate Request
      * @exception Exception
      * @return PKCS10
      */
     private PKCS10 decodePKCS10(String base64Request)
-        throws EBaseException {
+            throws EBaseException {
         PKCS10 pkcs10 = null;
 
         try {
             byte[] decodedBytes = com.netscape.osutil.OSUtil.AtoB(base64Request);
 
             pkcs10 = new PKCS10(decodedBytes);
-        } catch (NoSuchProviderException e) { 
+        } catch (NoSuchProviderException e) {
             throw new EBaseException(CMS.getUserMessage("CMS_BASE_INTERNAL_ERROR", e.toString()));
-        } catch (IOException e) { 
+        } catch (IOException e) {
             throw new EBaseException(CMS.getUserMessage("CMS_BASE_INTERNAL_ERROR", e.toString()));
         } catch (SignatureException e) {
             throw new EBaseException(CMS.getUserMessage("CMS_BASE_INTERNAL_ERROR", e.toString()));
diff --git a/pki/base/common/src/com/netscape/cmscore/base/FileConfigStore.java b/pki/base/common/src/com/netscape/cmscore/base/FileConfigStore.java
index a4b37114..ec7096c0 100644
--- a/pki/base/common/src/com/netscape/cmscore/base/FileConfigStore.java
+++ b/pki/base/common/src/com/netscape/cmscore/base/FileConfigStore.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cmscore.base;
 
-
 import java.io.BufferedInputStream;
 import java.io.File;
 import java.io.FileInputStream;
@@ -33,21 +32,19 @@ import com.netscape.certsrv.base.EBaseException;
 import com.netscape.certsrv.base.IConfigStore;
 import com.netscape.cmsutil.util.Utils;
 
-
 /**
- * FileConfigStore:
- * Extends HashConfigStore with methods to load/save from/to file for 
- * persistent storage. This is a configuration store agent who
- * reads data from a file.
+ * FileConfigStore: Extends HashConfigStore with methods to load/save from/to
+ * file for persistent storage. This is a configuration store agent who reads
+ * data from a file.
  * <P>
- * Note that a LdapConfigStore can be implemented so that it reads 
- * the configuration stores from the Ldap directory.
+ * Note that a LdapConfigStore can be implemented so that it reads the
+ * configuration stores from the Ldap directory.
  * <P>
  * 
  * @version $Revision$, $Date$
  * @see PropConfigStore
  */
-public class FileConfigStore extends PropConfigStore implements 
+public class FileConfigStore extends PropConfigStore implements
         IConfigStore {
 
     /**
@@ -59,7 +56,7 @@ public class FileConfigStore extends PropConfigStore implements
     /**
      * Constructs a file configuration store.
      * <P>
-     *
+     * 
      * @param fileName file name
      * @exception EBaseException failed to create file configuration
      */
@@ -67,7 +64,7 @@ public class FileConfigStore extends PropConfigStore implements
         super(null); // top-level store without a name
         mFile = new File(fileName);
         if (!mFile.exists()) {
-            throw new EBaseException(CMS.getUserMessage("CMS_BASE_NO_CONFIG_FILE", 
+            throw new EBaseException(CMS.getUserMessage("CMS_BASE_NO_CONFIG_FILE",
                         mFile.getPath()));
         }
         load(fileName);
@@ -76,7 +73,7 @@ public class FileConfigStore extends PropConfigStore implements
     /**
      * Loads property file into memory.
      * <P>
-     *
+     * 
      * @param fileName file name
      * @exception EBaseException failed to load configuration
      */
@@ -93,11 +90,11 @@ public class FileConfigStore extends PropConfigStore implements
 
     /**
      * The original config file is copied to
-     * <filename>.<current_time_in_milliseconds>.
-     * Commits the current properties to the configuration file.
+     * <filename>.<current_time_in_milliseconds>. Commits the current properties
+     * to the configuration file.
      * <P>
-     *
-     * @param backup 
+     * 
+     * @param backup
      */
     public void commit(boolean createBackup) throws EBaseException {
         if (createBackup) {
@@ -105,57 +102,56 @@ public class FileConfigStore extends PropConfigStore implements
                     Long.toString(System.currentTimeMillis()));
 
             try {
-                if( Utils.isNT() ) {
+                if (Utils.isNT()) {
                     // NT is very picky on the path
-                    Utils.exec( "copy " +
-                                mFile.getAbsolutePath().replace( '/', '\\' ) +
+                    Utils.exec("copy " +
+                                mFile.getAbsolutePath().replace('/', '\\') +
                                 " " +
-                                newName.getAbsolutePath().replace( '/',
-                                                                   '\\' ) );
+                                newName.getAbsolutePath().replace('/',
+                                                                   '\\'));
                 } else {
                     // Create a copy of the original file which
                     // preserves the original file permissions.
-                    Utils.exec( "cp -p " + mFile.getAbsolutePath() + " " +
-                                newName.getAbsolutePath() );
+                    Utils.exec("cp -p " + mFile.getAbsolutePath() + " " +
+                                newName.getAbsolutePath());
                 }
 
                 // Proceed only if the backup copy was successful.
-                if( !newName.exists() ) {
-                    throw new EBaseException( "backup copy failed" );
+                if (!newName.exists()) {
+                    throw new EBaseException("backup copy failed");
                 } else {
                     // Make certain that the backup file has
                     // the correct permissions.
-                    if( !Utils.isNT() ) {
-                        Utils.exec( "chmod 00660 " + newName.getAbsolutePath() );
+                    if (!Utils.isNT()) {
+                        Utils.exec("chmod 00660 " + newName.getAbsolutePath());
                     }
                 }
-            } catch( EBaseException e ) {
-                    throw new EBaseException( "backup copy failed" );
+            } catch (EBaseException e) {
+                throw new EBaseException("backup copy failed");
             }
         }
 
         // Overwrite the contents of the original file
         // to preserve the original file permissions.
-        save( mFile.getPath() );
+        save(mFile.getPath());
 
         try {
             // Make certain that the original file retains
             // the correct permissions.
-            if( !Utils.isNT() ) {
-                Utils.exec( "chmod 00660 " + mFile.getCanonicalPath() );
+            if (!Utils.isNT()) {
+                Utils.exec("chmod 00660 " + mFile.getCanonicalPath());
             }
-        } catch( Exception e ) {
+        } catch (Exception e) {
         }
     }
 
     /**
      * Saves in-memory properties to a specified file.
      * <P>
-     * Note that the superclass's save is synchronized. It
-     * means no properties can be altered (inserted) at
-     * the saving time.
+     * Note that the superclass's save is synchronized. It means no properties
+     * can be altered (inserted) at the saving time.
      * <P>
-     *
+     * 
      * @param fileName filename
      * @exception EBaseException failed to save configuration
      */
@@ -173,7 +169,7 @@ public class FileConfigStore extends PropConfigStore implements
     }
 
     private void printSubStore(PrintWriter writer, IConfigStore store,
-        String name) throws EBaseException,
+            String name) throws EBaseException,
             IOException {
         // print keys
         Enumeration e0 = store.getPropertyNames();
@@ -220,7 +216,7 @@ public class FileConfigStore extends PropConfigStore implements
             }
             v.removeElementAt(j);
             printSubStore(writer, store.getSubStore(pname), name +
-                pname + ".");
+                    pname + ".");
         }
     }
 }
diff --git a/pki/base/common/src/com/netscape/cmscore/base/JDialogPasswordCallback.java b/pki/base/common/src/com/netscape/cmscore/base/JDialogPasswordCallback.java
index cd695967..9e7f6c8e 100644
--- a/pki/base/common/src/com/netscape/cmscore/base/JDialogPasswordCallback.java
+++ b/pki/base/common/src/com/netscape/cmscore/base/JDialogPasswordCallback.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cmscore.base;
 
-
 import java.awt.Color;
 import java.awt.Dimension;
 import java.awt.Font;
@@ -44,19 +43,18 @@ import org.mozilla.jss.util.Password;
 import org.mozilla.jss.util.PasswordCallback;
 import org.mozilla.jss.util.PasswordCallbackInfo;
 
-
 /**
  * A class to retrieve passwords through a modal Java dialog box
  */
 public class JDialogPasswordCallback implements PasswordCallback {
 
     public Password getPasswordFirstAttempt(PasswordCallbackInfo info)
-        throws PasswordCallback.GiveUpException {
+            throws PasswordCallback.GiveUpException {
         return getPW(info, false);
     }
 
     public Password getPasswordAgain(PasswordCallbackInfo info)
-        throws PasswordCallback.GiveUpException {
+            throws PasswordCallback.GiveUpException {
         return getPW(info, true);
     }
 
@@ -88,27 +86,27 @@ public class JDialogPasswordCallback implements PasswordCallback {
     }
 
     /**
-     * This method does the work of displaying the dialog box,
-     * extracting the information, and returning it.
+     * This method does the work of displaying the dialog box, extracting the
+     * information, and returning it.
      */
     private Password getPW(PasswordCallbackInfo info, boolean retry)
-        throws PasswordCallback.GiveUpException {
+            throws PasswordCallback.GiveUpException {
         // These need to final so they can be accessed from action listeners
         final PWHolder pwHolder = new PWHolder();
         final JFrame f = new JFrame("Password Dialog");
         final JPasswordField pwField = new JPasswordField(15);
 
-        ///////////////////////////////////////////////////
+        // /////////////////////////////////////////////////
         // Panel
-        ///////////////////////////////////////////////////
+        // /////////////////////////////////////////////////
         JPanel contentPane = new JPanel(new GridBagLayout());
 
         contentPane.setBorder(BorderFactory.createEmptyBorder(20, 20, 20, 20));
         GridBagConstraints c = new GridBagConstraints();
 
-        ////////////////////////////////////////////////////
+        // //////////////////////////////////////////////////
         // Labels
-        ////////////////////////////////////////////////////
+        // //////////////////////////////////////////////////
 
         if (retry) {
             JLabel warning = new JLabel("Password incorrect.");
@@ -119,46 +117,46 @@ public class JDialogPasswordCallback implements PasswordCallback {
             c.gridwidth = GridBagConstraints.REMAINDER;
             // Setting this to NULL causes nasty Exception stack traces
             // to be printed, although the program still seems to work
-            //warning.setHighlighter(null);
+            // warning.setHighlighter(null);
             contentPane.add(warning, c);
         }
-            
+
         String prompt = getPrompt(info);
         JLabel label = new JLabel(prompt);
 
         label.setForeground(Color.black);
         // Setting this to NULL causes nasty Exception stack traces
         // to be printed, although the program still seems to work
-        //label.setHighlighter(null);
+        // label.setHighlighter(null);
         resetGBC(c);
         c.anchor = GridBagConstraints.NORTHWEST;
         c.gridwidth = GridBagConstraints.REMAINDER;
         contentPane.add(label, c);
 
-        ///////////////////////////////////////////////////
+        // /////////////////////////////////////////////////
         // Password text field
-        ///////////////////////////////////////////////////
+        // /////////////////////////////////////////////////
 
         // Listener for the text field
         ActionListener getPasswordListener = new ActionListener() {
-                public void actionPerformed(ActionEvent e) {
-                    //input = (JPasswordField)e.getSource();
+            public void actionPerformed(ActionEvent e) {
+                // input = (JPasswordField)e.getSource();
 
-                    // XXX!!! Change to char[] in JDK 1.2
-                    String pwString = pwField.getText();
+                // XXX!!! Change to char[] in JDK 1.2
+                String pwString = pwField.getText();
 
-                    pwHolder.password = new Password(pwString.toCharArray());
-                    pwHolder.cancelled = false;
-                    f.dispose();
-                }
-            };
+                pwHolder.password = new Password(pwString.toCharArray());
+                pwHolder.cancelled = false;
+                f.dispose();
+            }
+        };
 
         // There is a bug in JPasswordField. The cursor is advanced by the
         // width of the character you type, but a '*' is echoed, so the
         // cursor does not stay lined up with the end of the text.
         // We use a monospaced font to workaround this.
 
-        pwField.setFont(new Font("Monospaced", Font.PLAIN, 
+        pwField.setFont(new Font("Monospaced", Font.PLAIN,
                 pwField.getFont().getSize()));
         pwField.setEchoChar('*');
         pwField.addActionListener(getPasswordListener);
@@ -167,12 +165,12 @@ public class JDialogPasswordCallback implements PasswordCallback {
         c.fill = GridBagConstraints.NONE;
         c.insets = new Insets(16, 0, 0, 0);
         c.gridwidth = GridBagConstraints.REMAINDER;
-        //c.gridy++;
+        // c.gridy++;
         contentPane.add(pwField, c);
 
-        ///////////////////////////////////////////////////
+        // /////////////////////////////////////////////////
         // Cancel button
-        ///////////////////////////////////////////////////
+        // /////////////////////////////////////////////////
 
         JPanel buttonPanel = new JPanel(new GridBagLayout());
 
@@ -188,11 +186,11 @@ public class JDialogPasswordCallback implements PasswordCallback {
 
         JButton cancel = new JButton("Cancel");
         ActionListener buttonListener = new ActionListener() {
-                public void actionPerformed(ActionEvent e) {
-                    pwHolder.cancelled = true;
-                    f.dispose();
-                }
-            };
+            public void actionPerformed(ActionEvent e) {
+                pwHolder.cancelled = true;
+                f.dispose();
+            }
+        };
 
         cancel.addActionListener(buttonListener);
         resetGBC(c);
@@ -211,16 +209,16 @@ public class JDialogPasswordCallback implements PasswordCallback {
         c.insets = new Insets(0, 0, 0, 0);
         contentPane.add(buttonPanel, c);
 
-        ///////////////////////////////////////////////////
+        // /////////////////////////////////////////////////
         // Create modal dialog
-        ///////////////////////////////////////////////////
+        // /////////////////////////////////////////////////
         JDialog d = new JDialog(f, "Fedora Certificate System", true);
 
         WindowListener windowListener = new WindowAdapter() {
-                public void windowOpened(WindowEvent e) {
-                    pwField.requestFocus();
-                }
-            };
+            public void windowOpened(WindowEvent e) {
+                pwField.requestFocus();
+            }
+        };
 
         d.addWindowListener(windowListener);
 
@@ -230,17 +228,17 @@ public class JDialogPasswordCallback implements PasswordCallback {
         Dimension paneSize = d.getSize();
 
         d.setLocation((screenSize.width - paneSize.width) / 2,
-            (screenSize.height - paneSize.height) / 2);
+                (screenSize.height - paneSize.height) / 2);
         d.getRootPane().setDefaultButton(ok);
 
         // toFront seems to cause the dialog to go blank on unix!
-        //d.toFront();
+        // d.toFront();
 
         d.show();
 
-        ///////////////////////////////////////////////////
+        // /////////////////////////////////////////////////
         // Return results
-        ///////////////////////////////////////////////////
+        // /////////////////////////////////////////////////
         if (pwHolder.cancelled) {
             throw new PasswordCallback.GiveUpException();
         }
@@ -254,7 +252,7 @@ public class JDialogPasswordCallback implements PasswordCallback {
             CryptoManager manager;
 
             CryptoManager.InitializationValues iv = new
-                CryptoManager.InitializationValues(args[0]);
+                    CryptoManager.InitializationValues(args[0]);
 
             CryptoManager.initialize(iv);
             manager = CryptoManager.getInstance();
diff --git a/pki/base/common/src/com/netscape/cmscore/base/PropConfigStore.java b/pki/base/common/src/com/netscape/cmscore/base/PropConfigStore.java
index be8e7007..9b7b74ad 100644
--- a/pki/base/common/src/com/netscape/cmscore/base/PropConfigStore.java
+++ b/pki/base/common/src/com/netscape/cmscore/base/PropConfigStore.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cmscore.base;
 
-
 import java.io.ByteArrayOutputStream;
 import java.io.FilterOutputStream;
 import java.io.IOException;
@@ -38,23 +37,22 @@ import com.netscape.certsrv.base.EPropertyNotFound;
 import com.netscape.certsrv.base.IConfigStore;
 import com.netscape.certsrv.base.ISourceConfigStore;
 
-
 /**
- * A class represents a in-memory configuration store.
- * Note this class takes advantage of the recursive nature of
- * property names.  The current property prefix is kept in
- * mStoreName and the mSource usually points back to another
+ * A class represents a in-memory configuration store. Note this class takes
+ * advantage of the recursive nature of property names. The current property
+ * prefix is kept in mStoreName and the mSource usually points back to another
  * occurance of the same PropConfigStore, with longer mStoreName. IE
+ * 
  * <PRE>
- *		cms.ca0.http.service0 -> mSource=PropConfigStore ->
- *			cms.ca0.http -> mSource=PropConfigStore ->
- *				cms.ca0 -> mSource=PropConfigStore ->
+ * 	cms.ca0.http.service0 -> mSource=PropConfigStore ->
+ * 		cms.ca0.http -> mSource=PropConfigStore ->
+ * 			cms.ca0 -> mSource=PropConfigStore ->
  * 					cms -> mSource=SourceConfigStore -> Properties
  * </PRE>
- * The chain ends when the store name is reduced down to it's original
- * value.
+ * 
+ * The chain ends when the store name is reduced down to it's original value.
  * <P>
- *
+ * 
  * @version $Revision$, $Date$
  */
 public class PropConfigStore implements IConfigStore, Cloneable {
@@ -76,14 +74,13 @@ public class PropConfigStore implements IConfigStore, Cloneable {
      */
     protected ISourceConfigStore mSource = null;
 
-	private static String mDebugType="CS.cfg";
+    private static String mDebugType = "CS.cfg";
 
     /**
-     * Constructs a property configuration store. This must
-     * be a brand new store without properties. The subclass
-     * must be a ISourceConfigStore.
+     * Constructs a property configuration store. This must be a brand new store
+     * without properties. The subclass must be a ISourceConfigStore.
      * <P>
-     *
+     * 
      * @param storeName property store name
      * @exception EBaseException failed to create configuration
      */
@@ -93,12 +90,11 @@ public class PropConfigStore implements IConfigStore, Cloneable {
     }
 
     /**
-     * Constructs a configuration store. The constructor is
-     * a helper class for substores. Source is the one
-     * that stores all the parameters. Each substore only
-     * store a substore name, and a reference to the source.
+     * Constructs a configuration store. The constructor is a helper class for
+     * substores. Source is the one that stores all the parameters. Each
+     * substore only store a substore name, and a reference to the source.
      * <P>
-     *
+     * 
      * @param storeName store name
      * @param prop list of properties
      * @exception EBaseException failed to create configuration
@@ -111,7 +107,7 @@ public class PropConfigStore implements IConfigStore, Cloneable {
     /**
      * Returns the name of this store.
      * <P>
-     *
+     * 
      * @return store name
      */
     public String getName() {
@@ -121,7 +117,7 @@ public class PropConfigStore implements IConfigStore, Cloneable {
     /**
      * Retrieves a property from the configuration file.
      * <P>
-     *
+     * 
      * @param name property name
      * @return property value
      */
@@ -130,10 +126,10 @@ public class PropConfigStore implements IConfigStore, Cloneable {
     }
 
     /**
-     * Retrieves a property from the configuration file.  Does not prepend
-     * the config store name to the property.
+     * Retrieves a property from the configuration file. Does not prepend the
+     * config store name to the property.
      * <P>
-     *
+     * 
      * @param name property name
      * @return property value
      */
@@ -142,11 +138,10 @@ public class PropConfigStore implements IConfigStore, Cloneable {
     }
 
     /**
-     * Puts a property into the configuration file. The
-     * values wont be updated to the file until save
-     * method is invoked.
+     * Puts a property into the configuration file. The values wont be updated
+     * to the file until save method is invoked.
      * <P>
-     *
+     * 
      * @param name property name
      * @param value property value
      */
@@ -156,16 +151,17 @@ public class PropConfigStore implements IConfigStore, Cloneable {
 
     /**
      * Removes a property from the configuration file.
-     *
+     * 
      * @param name property name
      */
     public void remove(String name) {
         ((SourceConfigStore) mSource).remove(getFullName(name));
-    }	
+    }
 
     /**
      * Returns an enumeration of the config store's keys, hidding the store
      * name.
+     * 
      * @see java.util.Hashtable#elements
      * @see java.util.Enumeration
      */
@@ -178,7 +174,7 @@ public class PropConfigStore implements IConfigStore, Cloneable {
 
     /**
      * Retrieves the hashtable where all the properties are kept.
-     *
+     * 
      * @return hashtable
      */
     public Hashtable hashtable() {
@@ -199,16 +195,16 @@ public class PropConfigStore implements IConfigStore, Cloneable {
     }
 
     /**
-     * Fills the given hash table with all key/value pairs in the current
-     * config store, removing the config store name prefix
+     * Fills the given hash table with all key/value pairs in the current config
+     * store, removing the config store name prefix
      * <P>
-     *
+     * 
      * @param h the hashtable
      */
     private synchronized void enumerate(Hashtable h) {
         Enumeration e = mSource.keys();
         // We only want the keys which match the current substore name
-        // without the current substore prefix.  This code works even
+        // without the current substore prefix. This code works even
         // if mStoreName is null.
         String fullName = getFullName("");
         int kIndex = fullName.length();
@@ -224,7 +220,7 @@ public class PropConfigStore implements IConfigStore, Cloneable {
 
     /**
      * Reads a config store from an input stream.
-     *
+     * 
      * @param in input stream where properties are located
      * @exception IOException failed to load
      */
@@ -234,7 +230,7 @@ public class PropConfigStore implements IConfigStore, Cloneable {
 
     /**
      * Stores this config store to the specified output stream.
-     *
+     * 
      * @param out outputstream where the properties are saved
      * @param header optional header information to be saved
      */
@@ -244,7 +240,7 @@ public class PropConfigStore implements IConfigStore, Cloneable {
 
     /**
      * Retrieves a property value.
-     *
+     * 
      * @param name property key
      * @return property value
      * @exception EBaseException failed to retrieve value
@@ -253,12 +249,12 @@ public class PropConfigStore implements IConfigStore, Cloneable {
         String str = (String) get(name);
 
         if (str == null) {
-			CMS.traceHashKey(mDebugType,getFullName(name),"<notpresent>");
+            CMS.traceHashKey(mDebugType, getFullName(name), "<notpresent>");
             throw new EPropertyNotFound(CMS.getUserMessage("CMS_BASE_GET_PROPERTY_FAILED", getName() + "." + name));
         }
-        // should we check for empty string ? 
+        // should we check for empty string ?
         // if (str.length() == 0) {
-        //	throw new EPropertyNotDefined(getName() + "." + name);
+        // throw new EPropertyNotDefined(getName() + "." + name);
         // }
         String ret = null;
 
@@ -267,14 +263,14 @@ public class PropConfigStore implements IConfigStore, Cloneable {
         } catch (java.io.UnsupportedEncodingException e) {
             throw new EBaseException(CMS.getUserMessage("CMS_BASE_UTF8_NOT_SUPPORTED"));
         }
-		CMS.traceHashKey(mDebugType,getFullName(name),ret);
+        CMS.traceHashKey(mDebugType, getFullName(name), ret);
         return ret;
     }
 
     /**
      * Retrieves a String from the configuration file.
      * <P>
-     *
+     * 
      * @param name property name
      * @param defval the default object to return if name does not exist
      * @return property value
@@ -287,13 +283,13 @@ public class PropConfigStore implements IConfigStore, Cloneable {
         } catch (EPropertyNotFound e) {
             val = defval;
         }
-		CMS.traceHashKey(mDebugType,getFullName(name),val,defval);
+        CMS.traceHashKey(mDebugType, getFullName(name), val, defval);
         return val;
     }
 
     /**
      * Puts property value into this configuration store.
-     *
+     * 
      * @param name property key
      * @param value property value
      */
@@ -304,17 +300,17 @@ public class PropConfigStore implements IConfigStore, Cloneable {
     /**
      * Retrieves a byte array from the configuration file.
      * <P>
-     *
+     * 
      * @param name property name
      * @exception IllegalArgumentException if name is not set or is null.
-     *
+     * 
      * @return property value
      */
     public byte[] getByteArray(String name) throws EBaseException {
         byte[] arr = getByteArray(name, new byte[0]);
 
         if (arr.length == 0) {
-			CMS.traceHashKey(mDebugType,getFullName(name),"<notpresent>");
+            CMS.traceHashKey(mDebugType, getFullName(name), "<notpresent>");
             throw new EPropertyNotFound(CMS.getUserMessage("CMS_BASE_GET_PROPERTY_FAILED", getName() + "." + name));
         }
         return arr;
@@ -323,34 +319,32 @@ public class PropConfigStore implements IConfigStore, Cloneable {
     /**
      * Retrieves a byte array from the configuration file.
      * <P>
-     *
+     * 
      * @param name property name
-     * @param defval the default byte array to return if name does
-     * not exist
-     *
+     * @param defval the default byte array to return if name does not exist
+     * 
      * @return property value
      */
-    public byte[] getByteArray(String name, byte defval[]) 
-        throws EBaseException {
+    public byte[] getByteArray(String name, byte defval[])
+            throws EBaseException {
         String str = (String) get(name);
 
-            byte returnval;
+        byte returnval;
 
-            if (str == null || str.length() == 0) {
-				CMS.traceHashKey(mDebugType,getFullName(name),
-					"<notpresent>","<bytearray>");
-                return defval;
-			}
-            else {
-				CMS.traceHashKey(mDebugType,getFullName(name),
-					"<bytearray>","<bytearray>");
-                return com.netscape.osutil.OSUtil.AtoB(str);
-			}
+        if (str == null || str.length() == 0) {
+            CMS.traceHashKey(mDebugType, getFullName(name),
+                    "<notpresent>", "<bytearray>");
+            return defval;
+        } else {
+            CMS.traceHashKey(mDebugType, getFullName(name),
+                    "<bytearray>", "<bytearray>");
+            return com.netscape.osutil.OSUtil.AtoB(str);
+        }
     }
 
     /**
      * Puts byte array into this configuration store.
-     *
+     * 
      * @param name property key
      * @param value byte array
      */
@@ -368,13 +362,13 @@ public class PropConfigStore implements IConfigStore, Cloneable {
             put(name, output.toString("8859_1"));
         } catch (IOException e) {
             System.out.println("Warning: base-64 encoding of configuration " +
-                "information failed");
+                    "information failed");
         }
     }
 
     /**
      * Retrieves boolean-based property value.
-     *
+     * 
      * @param name property key
      * @return boolean value
      * @exception EBaseException failed to retrieve
@@ -383,7 +377,7 @@ public class PropConfigStore implements IConfigStore, Cloneable {
         String value = (String) get(name);
 
         if (value == null) {
-			CMS.traceHashKey(mDebugType,getFullName(name),"<notpresent>");
+            CMS.traceHashKey(mDebugType, getFullName(name), "<notpresent>");
             throw new EPropertyNotFound(CMS.getUserMessage("CMS_BASE_GET_PROPERTY_FAILED", getName() + "." + name));
         }
         if (value.length() == 0) {
@@ -401,14 +395,14 @@ public class PropConfigStore implements IConfigStore, Cloneable {
 
     /**
      * Retrieves boolean-based property value.
-     *
+     * 
      * @param name property key
      * @param defval default value
      * @return boolean value
      * @exception EBaseException failed to retrieve
      */
-    public boolean getBoolean(String name, boolean defval) 
-        throws EBaseException {
+    public boolean getBoolean(String name, boolean defval)
+            throws EBaseException {
         boolean val;
 
         try {
@@ -418,14 +412,14 @@ public class PropConfigStore implements IConfigStore, Cloneable {
         } catch (EPropertyNotDefined e) {
             val = defval;
         }
-		CMS.traceHashKey(mDebugType,getFullName(name),
-			val?"true":"false", defval?"true":"false");
+        CMS.traceHashKey(mDebugType, getFullName(name),
+                val ? "true" : "false", defval ? "true" : "false");
         return val;
     }
 
     /**
      * Puts boolean value into the configuration store.
-     *
+     * 
      * @param name property key
      * @param value property value
      */
@@ -439,7 +433,7 @@ public class PropConfigStore implements IConfigStore, Cloneable {
 
     /**
      * Retrieves integer value.
-     *
+     * 
      * @param name property key
      * @return property value
      * @exception EBaseException failed to retrieve value
@@ -448,14 +442,14 @@ public class PropConfigStore implements IConfigStore, Cloneable {
         String value = (String) get(name);
 
         if (value == null) {
-			CMS.traceHashKey(mDebugType,getFullName(name),"<notpresent>");
+            CMS.traceHashKey(mDebugType, getFullName(name), "<notpresent>");
             throw new EPropertyNotFound(CMS.getUserMessage("CMS_BASE_GET_PROPERTY_FAILED", getName() + "." + name));
         }
         if (value.length() == 0) {
             throw new EPropertyNotDefined(CMS.getUserMessage("CMS_BASE_GET_PROPERTY_NOVALUE", getName() + "." + name));
         }
         try {
-			CMS.traceHashKey(mDebugType,getFullName(name), value);
+            CMS.traceHashKey(mDebugType, getFullName(name), value);
             return Integer.parseInt(value);
         } catch (NumberFormatException e) {
             throw new EBaseException(CMS.getUserMessage("CMS_BASE_INVALID_PROPERTY_1", getName() + "." + name, "int", "number"));
@@ -464,7 +458,7 @@ public class PropConfigStore implements IConfigStore, Cloneable {
 
     /**
      * Retrieves integer value.
-     *
+     * 
      * @param name property key
      * @param defval default value
      * @return property value
@@ -480,14 +474,14 @@ public class PropConfigStore implements IConfigStore, Cloneable {
         } catch (EPropertyNotDefined e) {
             val = defval;
         }
-		CMS.traceHashKey(mDebugType,getFullName(name),
-			""+val,""+defval);
+        CMS.traceHashKey(mDebugType, getFullName(name),
+                "" + val, "" + defval);
         return val;
     }
 
     /**
      * Puts an integer value.
-     *
+     * 
      * @param name property key
      * @param val property value
      * @exception EBaseException failed to retrieve value
@@ -498,7 +492,7 @@ public class PropConfigStore implements IConfigStore, Cloneable {
 
     /**
      * Retrieves big integer value.
-     *
+     * 
      * @param name property key
      * @return property value
      * @exception EBaseException failed to retrieve value
@@ -507,7 +501,7 @@ public class PropConfigStore implements IConfigStore, Cloneable {
         String value = (String) get(name);
 
         if (value == null) {
-			CMS.traceHashKey(mDebugType,getFullName(name),"<notpresent>");
+            CMS.traceHashKey(mDebugType, getFullName(name), "<notpresent>");
             throw new EPropertyNotFound(CMS.getUserMessage("CMS_BASE_GET_PROPERTY_FAILED", getName() + "." + name));
         }
         if (value.length() == 0) {
@@ -527,14 +521,14 @@ public class PropConfigStore implements IConfigStore, Cloneable {
 
     /**
      * Retrieves integer value.
-     *
+     * 
      * @param name property key
      * @param defval default value
      * @return property value
      * @exception EBaseException failed to retrieve value
      */
-    public BigInteger getBigInteger(String name, BigInteger defval) 
-        throws EBaseException {
+    public BigInteger getBigInteger(String name, BigInteger defval)
+            throws EBaseException {
         BigInteger val;
 
         try {
@@ -549,7 +543,7 @@ public class PropConfigStore implements IConfigStore, Cloneable {
 
     /**
      * Puts a big integer value.
-     *
+     * 
      * @param name property key
      * @param val default value
      */
@@ -560,37 +554,33 @@ public class PropConfigStore implements IConfigStore, Cloneable {
     /**
      * Creates a new sub store.
      * <P>
-     *
+     * 
      * @param name substore name
      * @return substore
      */
     public IConfigStore makeSubStore(String name) {
 
         /*
-         String names=(String)mSource.get(getFullName(PROP_SUBSTORES));
-
-         if (names==null) {
-         names=name;
-         }
-         else {
-         names=names+","+name;
-         }
-         mSource.put(getFullName(PROP_SUBSTORES), name);
+         * String names=(String)mSource.get(getFullName(PROP_SUBSTORES));
+         * 
+         * if (names==null) { names=name; } else { names=names+","+name; }
+         * mSource.put(getFullName(PROP_SUBSTORES), name);
          */
         return new PropConfigStore(getFullName(name), mSource);
     }
 
     /**
-     * Removes a sub store.<p>
-     *
+     * Removes a sub store.
+     * <p>
+     * 
      * @param name substore name
      */
     public void removeSubStore(String name) {
         // this operation is expensive!!!
-		
+
         Enumeration e = mSource.keys();
         // We only want the keys which match the current substore name
-        // without the current substore prefix.  This code works even
+        // without the current substore prefix. This code works even
         // if mStoreName is null.
         String fullName = getFullName(name);
         int kIndex = fullName.length();
@@ -605,20 +595,22 @@ public class PropConfigStore implements IConfigStore, Cloneable {
     }
 
     /**
-     * Retrieves a sub store. A substore contains a list
-     * of properties and substores. For example,
+     * Retrieves a sub store. A substore contains a list of properties and
+     * substores. For example,
+     * 
      * <PRE>
      *    cms.ldap.host=ds.netscape.com
      *    cms.ldap.port=389
      * </PRE>
-     * "ldap" is a substore in above example. If the
-     * substore property itself is set, this method
-     * will treat the value as a reference. For example,
+     * 
+     * "ldap" is a substore in above example. If the substore property itself is
+     * set, this method will treat the value as a reference. For example,
+     * 
      * <PRE>
-     *    cms.ldap=kms.ldap
+     * cms.ldap = kms.ldap
      * </PRE>
      * <P>
-     *
+     * 
      * @param name substore name
      * @return substore
      */
@@ -639,7 +631,7 @@ public class PropConfigStore implements IConfigStore, Cloneable {
 
     /**
      * Retrieves a list of property names.
-     *
+     * 
      * @return a list of string-based property names
      */
     public Enumeration getPropertyNames() {
@@ -668,7 +660,7 @@ public class PropConfigStore implements IConfigStore, Cloneable {
     /**
      * Returns a list of sub store names.
      * <P>
-     *
+     * 
      * @return list of substore names
      */
     public Enumeration getSubStoreNames() {
@@ -695,10 +687,9 @@ public class PropConfigStore implements IConfigStore, Cloneable {
     }
 
     /**
-     * Retrieves the source configuration store where
-     * the properties are stored.
+     * Retrieves the source configuration store where the properties are stored.
      * <P>
-     *
+     * 
      * @return source configuration store
      */
     public ISourceConfigStore getSourceConfigStore() {
@@ -706,8 +697,7 @@ public class PropConfigStore implements IConfigStore, Cloneable {
     }
 
     /**
-     * For debugging purposes. Prints properties of this
-     * substore.
+     * For debugging purposes. Prints properties of this substore.
      */
     public void printProperties() {
         Enumeration keys = mSource.keys();
@@ -726,7 +716,7 @@ public class PropConfigStore implements IConfigStore, Cloneable {
 
     /**
      * Converts the substore parameters.
-     *
+     * 
      * @param name property name
      * @return fill property name
      */
@@ -739,7 +729,7 @@ public class PropConfigStore implements IConfigStore, Cloneable {
 
     /**
      * Cloning of property configuration store.
-     *
+     * 
      * @return a new configuration store
      */
     public Object clone() {
@@ -752,7 +742,7 @@ public class PropConfigStore implements IConfigStore, Cloneable {
 
             while (subs.hasMoreElements()) {
                 IConfigStore sub = (IConfigStore)
-                    subs.nextElement();
+                        subs.nextElement();
                 IConfigStore newSub = that.makeSubStore(
                         sub.getName());
                 Enumeration props = sub.getPropertyNames();
@@ -761,8 +751,8 @@ public class PropConfigStore implements IConfigStore, Cloneable {
                     String n = (String) props.nextElement();
 
                     try {
-                        newSub.putString(n, 
-                            sub.getString(n));
+                        newSub.putString(n,
+                                sub.getString(n));
                     } catch (EBaseException ex) {
                     }
                 }
diff --git a/pki/base/common/src/com/netscape/cmscore/base/SimpleProperties.java b/pki/base/common/src/com/netscape/cmscore/base/SimpleProperties.java
index 4eb1c839..d6f9772b 100644
--- a/pki/base/common/src/com/netscape/cmscore/base/SimpleProperties.java
+++ b/pki/base/common/src/com/netscape/cmscore/base/SimpleProperties.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cmscore.base;
 
-
 import java.io.BufferedReader;
 import java.io.BufferedWriter;
 import java.io.IOException;
@@ -31,28 +30,26 @@ import java.util.Date;
 import java.util.Enumeration;
 import java.util.Hashtable;
 
-
 /**
- * The <code>Properties</code> class represents a persistent set of
- * properties. The <code>Properties</code> can be saved to a stream
- * or loaded from a stream. Each key and its corresponding value in
- * the property list is a string.
+ * The <code>Properties</code> class represents a persistent set of properties.
+ * The <code>Properties</code> can be saved to a stream or loaded from a stream.
+ * Each key and its corresponding value in the property list is a string.
  * <p>
- * A property list can contain another property list as its
- * "defaults"; this second property list is searched if
- * the property key is not found in the original property list.
- *
+ * A property list can contain another property list as its "defaults"; this
+ * second property list is searched if the property key is not found in the
+ * original property list.
+ * 
  * Because <code>Properties</code> inherits from <code>Hashtable</code>, the
  * <code>put</code> and <code>putAll</code> methods can be applied to a
- * <code>Properties</code> object.  Their use is strongly discouraged as they
+ * <code>Properties</code> object. Their use is strongly discouraged as they
  * allow the caller to insert entries whose keys or values are not
- * <code>Strings</code>.  The <code>setProperty</code> method should be used
- * instead.  If the <code>store</code> or <code>save</code> method is called
- * on a "compromised" <code>Properties</code> object that contains a
- * non-<code>String</code> key or value, the call will fail.
- *
+ * <code>Strings</code>. The <code>setProperty</code> method should be used
+ * instead. If the <code>store</code> or <code>save</code> method is called on a
+ * "compromised" <code>Properties</code> object that contains a non-
+ * <code>String</code> key or value, the call will fail.
+ * 
  */
-public class SimpleProperties extends Hashtable<String,String> {
+public class SimpleProperties extends Hashtable<String, String> {
 
     /**
      *
@@ -60,9 +57,9 @@ public class SimpleProperties extends Hashtable<String,String> {
     private static final long serialVersionUID = -6129810287662322712L;
 
     /**
-     * A property list that contains default values for any keys not
-     * found in this property list.
-     *
+     * A property list that contains default values for any keys not found in
+     * this property list.
+     * 
      * @serial
      */
     protected SimpleProperties defaults;
@@ -76,18 +73,19 @@ public class SimpleProperties extends Hashtable<String,String> {
 
     /**
      * Creates an empty property list with the specified defaults.
-     *
-     * @param   defaults   the defaults.
+     * 
+     * @param defaults the defaults.
      */
     public SimpleProperties(SimpleProperties defaults) {
         this.defaults = defaults;
     }
 
     /**
-     * Calls the hashtable method <code>put</code>. Provided for
-     * parallelism with the getProperties method. Enforces use of
-     * strings for property keys and values.
-     * @since    JDK1.2
+     * Calls the hashtable method <code>put</code>. Provided for parallelism
+     * with the getProperties method. Enforces use of strings for property keys
+     * and values.
+     * 
+     * @since JDK1.2
      */
     public synchronized Object setProperty(String key, String value) {
         return put(key, value);
@@ -104,75 +102,83 @@ public class SimpleProperties extends Hashtable<String,String> {
     /**
      * Reads a property list (key and element pairs) from the input stream.
      * <p>
-     * Every property occupies one line of the input stream. Each line
-     * is terminated by a line terminator (<code>\n</code> or <code>\r</code>
-     * or <code>\r\n</code>). Lines from the input stream are processed until
-     * end of file is reached on the input stream.
+     * Every property occupies one line of the input stream. Each line is
+     * terminated by a line terminator (<code>\n</code> or <code>\r</code> or
+     * <code>\r\n</code>). Lines from the input stream are processed until end
+     * of file is reached on the input stream.
      * <p>
      * A line that contains only whitespace or whose first non-whitespace
-     * character is an ASCII <code>#</code> or <code>!</code> is ignored
-     * (thus, <code>#</code> or <code>!</code> indicate comment lines).
+     * character is an ASCII <code>#</code> or <code>!</code> is ignored (thus,
+     * <code>#</code> or <code>!</code> indicate comment lines).
      * <p>
      * Every line other than a blank line or a comment line describes one
      * property to be added to the table (except that if a line ends with \,
-     * then the following line, if it exists, is treated as a continuation
-     * line, as described
-     * below). The key consists of all the characters in the line starting
-     * with the first non-whitespace character and up to, but not including,
-     * the first ASCII <code>=</code>, <code>:</code>, or whitespace
-     * character. All of the key termination characters may be included in
-     * the key by preceding them with a \.
-     * Any whitespace after the key is skipped; if the first non-whitespace
-     * character after the key is <code>=</code> or <code>:</code>, then it
-     * is ignored and any whitespace characters after it are also skipped.
-     * All remaining characters on the line become part of the associated
-     * element string. Within the element string, the ASCII
-     * escape sequences <code>\t</code>, <code>\n</code>,
-     * <code>\r</code>, <code>\\</code>, <code>\"</code>, <code>\'</code>,
-     * <code>\ &#32;</code> &#32;(a backslash and a space), and
-     * <code>\\u</code><i>xxxx</i> are recognized and converted to single
-     * characters. Moreover, if the last character on the line is
-     * <code>\</code>, then the next line is treated as a continuation of the
-     * current line; the <code>\</code> and line terminator are simply
-     * discarded, and any leading whitespace characters on the continuation
-     * line are also discarded and are not part of the element string.
+     * then the following line, if it exists, is treated as a continuation line,
+     * as described below). The key consists of all the characters in the line
+     * starting with the first non-whitespace character and up to, but not
+     * including, the first ASCII <code>=</code>, <code>:</code>, or whitespace
+     * character. All of the key termination characters may be included in the
+     * key by preceding them with a \. Any whitespace after the key is skipped;
+     * if the first non-whitespace character after the key is <code>=</code> or
+     * <code>:</code>, then it is ignored and any whitespace characters after it
+     * are also skipped. All remaining characters on the line become part of the
+     * associated element string. Within the element string, the ASCII escape
+     * sequences <code>\t</code>, <code>\n</code>, <code>\r</code>,
+     * <code>\\</code>, <code>\"</code>, <code>\'</code>, <code>\ &#32;</code>
+     * &#32;(a backslash and a space), and <code>\\u</code><i>xxxx</i> are
+     * recognized and converted to single characters. Moreover, if the last
+     * character on the line is <code>\</code>, then the next line is treated as
+     * a continuation of the current line; the <code>\</code> and line
+     * terminator are simply discarded, and any leading whitespace characters on
+     * the continuation line are also discarded and are not part of the element
+     * string.
      * <p>
      * As an example, each of the following four lines specifies the key
      * <code>"Truth"</code> and the associated element value
      * <code>"Beauty"</code>:
      * <p>
+     * 
      * <pre>
      * Truth = Beauty
-     *	Truth:Beauty
+     * Truth:Beauty
      * Truth			:Beauty
      * </pre>
-     * As another example, the following three lines specify a single
-     * property:
+     * 
+     * As another example, the following three lines specify a single property:
      * <p>
+     * 
      * <pre>
      * fruits				apple, banana, pear, \
      *                                  cantaloupe, watermelon, \
      *                                  kiwi, mango
      * </pre>
+     * 
      * The key is <code>"fruits"</code> and the associated element is:
      * <p>
-     * <pre>"apple, banana, pear, cantaloupe, watermelon,kiwi, mango"</pre>
-     * Note that a space appears before each <code>\</code> so that a space
-     * will appear after each comma in the final result; the <code>\</code>,
-     * line terminator, and leading whitespace on the continuation line are
-     * merely discarded and are <i>not</i> replaced by one or more other
-     * characters.
+     * 
+     * <pre>
+     * &quot;apple, banana, pear, cantaloupe, watermelon,kiwi, mango&quot;
+     * </pre>
+     * 
+     * Note that a space appears before each <code>\</code> so that a space will
+     * appear after each comma in the final result; the <code>\</code>, line
+     * terminator, and leading whitespace on the continuation line are merely
+     * discarded and are <i>not</i> replaced by one or more other characters.
      * <p>
      * As a third example, the line:
      * <p>
-     * <pre>cheeses
+     * 
+     * <pre>
+     * cheeses
      * </pre>
+     * 
      * specifies that the key is <code>"cheeses"</code> and the associated
-     * element is the empty string.<p>
-     *
-     * @param      in   the input stream.
-     * @exception  IOException  if an error occurred when reading from the
-     *               input stream.
+     * element is the empty string.
+     * <p>
+     * 
+     * @param in the input stream.
+     * @exception IOException if an error occurred when reading from the input
+     *                stream.
      */
     public synchronized void load(InputStream inStream) throws IOException {
 
@@ -232,12 +238,12 @@ public class SimpleProperties extends Hashtable<String,String> {
                         if (whiteSpaceChars.indexOf(line.charAt(valueIndex)) == -1)
                             break;
 
-                        // Skip over one non whitespace key value separators if any
+                    // Skip over one non whitespace key value separators if any
                     if (valueIndex < len)
                         if (strictKeyValueSeparators.indexOf(line.charAt(valueIndex)) != -1)
                             valueIndex++;
 
-                        // Skip over white space after other separators if any
+                    // Skip over white space after other separators if any
                     while (valueIndex < len) {
                         if (whiteSpaceChars.indexOf(line.charAt(valueIndex)) == -1)
                             break;
@@ -248,8 +254,8 @@ public class SimpleProperties extends Hashtable<String,String> {
 
                     // Convert then store key and value
                     // NETSCAPE: no need to convert escape characters
-                    //                    key = loadConvert(key);
-                    //                    value = loadConvert(value);
+                    // key = loadConvert(key);
+                    // value = loadConvert(value);
                     put(key, value);
                 }
             }
@@ -257,8 +263,8 @@ public class SimpleProperties extends Hashtable<String,String> {
     }
 
     /*
-     * Returns true if the given line is a line that must
-     * be appended to the next line
+     * Returns true if the given line is a line that must be appended to the
+     * next line
      */
     private boolean continueLine(String line) {
         int slashCount = 0;
@@ -270,18 +276,20 @@ public class SimpleProperties extends Hashtable<String,String> {
     }
 
     /**
-     * Calls the <code>store(OutputStream out, String header)</code> method
-     * and suppresses IOExceptions that were thrown.
-     *
+     * Calls the <code>store(OutputStream out, String header)</code> method and
+     * suppresses IOExceptions that were thrown.
+     * 
      * @deprecated This method does not throw an IOException if an I/O error
-     * occurs while saving the property list.  As of JDK 1.2, the preferred
-     * way to save a properties list is via the <code>store(OutputStream out,
+     *             occurs while saving the property list. As of JDK 1.2, the
+     *             preferred way to save a properties list is via the
+     *             <code>store(OutputStream out,
      * String header)</code> method.
-     *
-     * @param   out      an output stream.
-     * @param   header   a description of the property list.
-     * @exception  ClassCastException  if this <code>Properties</code> object
-     *             contains any keys or values that are not <code>Strings</code>.
+     * 
+     * @param out an output stream.
+     * @param header a description of the property list.
+     * @exception ClassCastException if this <code>Properties</code> object
+     *                contains any keys or values that are not
+     *                <code>Strings</code>.
      */
     public synchronized void save(OutputStream out, String header) {
         try {
@@ -296,44 +304,45 @@ public class SimpleProperties extends Hashtable<String,String> {
      * for loading into a <code>Properties</code> table using the
      * <code>load</code> method.
      * <p>
-     * Properties from the defaults table of this <code>Properties</code>
-     * table (if any) are <i>not</i> written out by this method.
+     * Properties from the defaults table of this <code>Properties</code> table
+     * (if any) are <i>not</i> written out by this method.
      * <p>
      * If the header argument is not null, then an ASCII <code>#</code>
-     * character, the header string, and a line separator are first written
-     * to the output stream. Thus, the <code>header</code> can serve as an
+     * character, the header string, and a line separator are first written to
+     * the output stream. Thus, the <code>header</code> can serve as an
      * identifying comment.
      * <p>
      * Next, a comment line is always written, consisting of an ASCII
-     * <code>#</code> character, the current date and time (as if produced
-     * by the <code>toString</code> method of <code>Date</code> for the
-     * current time), and a line separator as generated by the Writer.
+     * <code>#</code> character, the current date and time (as if produced by
+     * the <code>toString</code> method of <code>Date</code> for the current
+     * time), and a line separator as generated by the Writer.
      * <p>
      * Then every entry in this <code>Properties</code> table is written out,
      * one per line. For each entry the key string is written, then an ASCII
-     * <code>=</code>, then the associated element string. Each character of
-     * the element string is examined to see whether it should be rendered as
-     * an escape sequence. The ASCII characters <code>\</code>, tab, newline,
-     * and carriage return are written as <code>\\</code>, <code>\t</code>,
-     * <code>\n</code>, and <code>\r</code>, respectively. Characters less
-     * than <code>\u0020</code> and characters greater than
-     * <code>\u007E</code> are written as <code>\\u</code><i>xxxx</i> for
-     * the appropriate hexadecimal value <i>xxxx</i>. Space characters, but
-     * not embedded or trailing space characters, are written with a preceding
-     * <code>\</code>. The key and value characters <code>#</code>,
-     * <code>!</code>, <code>=</code>, and <code>:</code> are written with a
-     * preceding slash to ensure that they are properly loaded.
+     * <code>=</code>, then the associated element string. Each character of the
+     * element string is examined to see whether it should be rendered as an
+     * escape sequence. The ASCII characters <code>\</code>, tab, newline, and
+     * carriage return are written as <code>\\</code>, <code>\t</code>,
+     * <code>\n</code>, and <code>\r</code>, respectively. Characters less than
+     * <code>\u0020</code> and characters greater than <code>\u007E</code> are
+     * written as <code>\\u</code><i>xxxx</i> for the appropriate hexadecimal
+     * value <i>xxxx</i>. Space characters, but not embedded or trailing space
+     * characters, are written with a preceding <code>\</code>. The key and
+     * value characters <code>#</code>, <code>!</code>, <code>=</code>, and
+     * <code>:</code> are written with a preceding slash to ensure that they are
+     * properly loaded.
      * <p>
-     * After the entries have been written, the output stream is flushed.  The
+     * After the entries have been written, the output stream is flushed. The
      * output stream remains open after this method returns.
-     *
-     * @param   out      an output stream.
-     * @param   header   a description of the property list.
-     * @exception  ClassCastException  if this <code>Properties</code> object
-     *             contains any keys or values that are not <code>Strings</code>.
+     * 
+     * @param out an output stream.
+     * @param header a description of the property list.
+     * @exception ClassCastException if this <code>Properties</code> object
+     *                contains any keys or values that are not
+     *                <code>Strings</code>.
      */
     public synchronized void store(OutputStream out, String header)
-        throws IOException {
+            throws IOException {
         BufferedWriter awriter;
 
         awriter = new BufferedWriter(new OutputStreamWriter(out, "8859_1"));
@@ -341,11 +350,11 @@ public class SimpleProperties extends Hashtable<String,String> {
             writeln(awriter, "#" + header);
         writeln(awriter, "#" + new Date().toString());
         for (Enumeration<String> e = keys(); e.hasMoreElements();) {
-            String key =  e.nextElement();
-            String val =  get(key);
+            String key = e.nextElement();
+            String val = get(key);
 
-            //           key = saveConvert(key);
-            //           val = saveConvert(val);
+            // key = saveConvert(key);
+            // val = saveConvert(val);
             writeln(awriter, key + "=" + val);
         }
         awriter.flush();
@@ -361,14 +370,14 @@ public class SimpleProperties extends Hashtable<String,String> {
      * If the key is not found in this property list, the default property list,
      * and its defaults, recursively, are then checked. The method returns
      * <code>null</code> if the property is not found.
-     *
-     * @param   key   the property key.
-     * @return  the value in this property list with the specified key value.
-     * @see     java.util.Properties#defaults
+     * 
+     * @param key the property key.
+     * @return the value in this property list with the specified key value.
+     * @see java.util.Properties#defaults
      */
     public String getProperty(String key) {
         String oval = super.get(key);
-        String sval = (oval instanceof String) ?  oval : null;
+        String sval = (oval instanceof String) ? oval : null;
 
         return ((sval == null) && (defaults != null)) ? defaults.getProperty(key) : sval;
     }
@@ -378,12 +387,12 @@ public class SimpleProperties extends Hashtable<String,String> {
      * If the key is not found in this property list, the default property list,
      * and its defaults, recursively, are then checked. The method returns the
      * default value argument if the property is not found.
-     *
-     * @param   key            the hashtable key.
-     * @param   defaultValue   a default value.
-     *
-     * @return  the value in this property list with the specified key value.
-     * @see     java.util.Properties#defaults
+     * 
+     * @param key the hashtable key.
+     * @param defaultValue a default value.
+     * 
+     * @return the value in this property list with the specified key value.
+     * @see java.util.Properties#defaults
      */
     public String getProperty(String key, String defaultValue) {
         String val = getProperty(key);
@@ -394,11 +403,11 @@ public class SimpleProperties extends Hashtable<String,String> {
     /**
      * Returns an enumeration of all the keys in this property list, including
      * the keys in the default property list.
-     *
-     * @return  an enumeration of all the keys in this property list, including
-     *          the keys in the default property list.
-     * @see     java.util.Enumeration
-     * @see     java.util.Properties#defaults
+     * 
+     * @return an enumeration of all the keys in this property list, including
+     *         the keys in the default property list.
+     * @see java.util.Enumeration
+     * @see java.util.Properties#defaults
      */
     public Enumeration<String> propertyNames() {
         Hashtable<String, String> h = new Hashtable<String, String>();
@@ -408,10 +417,10 @@ public class SimpleProperties extends Hashtable<String,String> {
     }
 
     /**
-     * Prints this property list out to the specified output stream.
-     * This method is useful for debugging.
-     *
-     * @param   out   an output stream.
+     * Prints this property list out to the specified output stream. This method
+     * is useful for debugging.
+     * 
+     * @param out an output stream.
      */
     public void list(PrintStream out) {
         out.println("-- listing properties --");
@@ -430,13 +439,13 @@ public class SimpleProperties extends Hashtable<String,String> {
     }
 
     /**
-     * Prints this property list out to the specified output stream.
-     * This method is useful for debugging.
-     *
-     * @param   out   an output stream.
-     * @since   JDK1.1
+     * Prints this property list out to the specified output stream. This method
+     * is useful for debugging.
+     * 
+     * @param out an output stream.
+     * @since JDK1.1
      */
-    
+
     /*
      * Rather than use an anonymous inner class to share common code, this
      * method is duplicated in order to ensure that a non-1.1 compiler can
@@ -448,7 +457,7 @@ public class SimpleProperties extends Hashtable<String,String> {
 
         enumerate(h);
         for (Enumeration<String> e = h.keys(); e.hasMoreElements();) {
-            String key =  e.nextElement();
+            String key = e.nextElement();
             String val = h.get(key);
 
             if (val.length() > 40) {
@@ -460,6 +469,7 @@ public class SimpleProperties extends Hashtable<String,String> {
 
     /**
      * Enumerates all key/value pairs in the specified hastable.
+     * 
      * @param h the hashtable
      */
     private synchronized void enumerate(Hashtable<String, String> h) {
@@ -467,7 +477,7 @@ public class SimpleProperties extends Hashtable<String,String> {
             defaults.enumerate(h);
         }
         for (Enumeration<String> e = keys(); e.hasMoreElements();) {
-            String key =  e.nextElement();
+            String key = e.nextElement();
 
             h.put(key, get(key));
         }
diff --git a/pki/base/common/src/com/netscape/cmscore/base/SourceConfigStore.java b/pki/base/common/src/com/netscape/cmscore/base/SourceConfigStore.java
index 70af37ce..c647bb0b 100644
--- a/pki/base/common/src/com/netscape/cmscore/base/SourceConfigStore.java
+++ b/pki/base/common/src/com/netscape/cmscore/base/SourceConfigStore.java
@@ -17,14 +17,12 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cmscore.base;
 
-
 import com.netscape.certsrv.base.ISourceConfigStore;
 
-
 /**
- * This class is is a wrapper to hide the Properties methods from
- * the PropConfigStore.  Lucky for us, Properties already implements
- * almost every thing ISourceConfigStore requires.
+ * This class is is a wrapper to hide the Properties methods from the
+ * PropConfigStore. Lucky for us, Properties already implements almost every
+ * thing ISourceConfigStore requires.
  * 
  * @version $Revision$, $Date$
  * @see java.util.Properties
@@ -39,7 +37,7 @@ public class SourceConfigStore extends SimpleProperties implements ISourceConfig
     /**
      * Retrieves a property from the config store
      * <P>
-     *
+     * 
      * @param name property name
      * @return property value
      */
@@ -50,10 +48,10 @@ public class SourceConfigStore extends SimpleProperties implements ISourceConfig
     /**
      * Puts a property into the config store.
      * <P>
-     *
+     * 
      * @param name property name
      * @param value property value
-     * @return 
+     * @return
      */
     public String put(String name, String value) {
         return super.put(name, value); // from Properties->Hashtable
diff --git a/pki/base/common/src/com/netscape/cmscore/base/SubsystemLoader.java b/pki/base/common/src/com/netscape/cmscore/base/SubsystemLoader.java
index 83c74ebc..0dbeb4b5 100644
--- a/pki/base/common/src/com/netscape/cmscore/base/SubsystemLoader.java
+++ b/pki/base/common/src/com/netscape/cmscore/base/SubsystemLoader.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cmscore.base;
 
-
 import java.util.Vector;
 
 import com.netscape.certsrv.apps.CMS;
@@ -25,7 +24,6 @@ import com.netscape.certsrv.base.EBaseException;
 import com.netscape.certsrv.base.IConfigStore;
 import com.netscape.certsrv.base.ISubsystem;
 
-
 /**
  * A class represents a subsystem loader.
  * <P>
@@ -34,7 +32,7 @@ import com.netscape.certsrv.base.ISubsystem;
  * @version $Revision$, $Date$
  */
 public class SubsystemLoader {
-	
+
     private static final String PROP_SUBSYSTEM = "subsystem";
     private static final String PROP_CLASSNAME = "class";
     private static final String PROP_ID = "id";
diff --git a/pki/base/common/src/com/netscape/cmscore/base/SubsystemRegistry.java b/pki/base/common/src/com/netscape/cmscore/base/SubsystemRegistry.java
index 72b4105a..adae6049 100644
--- a/pki/base/common/src/com/netscape/cmscore/base/SubsystemRegistry.java
+++ b/pki/base/common/src/com/netscape/cmscore/base/SubsystemRegistry.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cmscore.base;
 
-
 import java.util.Hashtable;
 
 import com.netscape.certsrv.base.ISubsystem;
@@ -38,7 +37,7 @@ public class SubsystemRegistry extends Hashtable<String, ISubsystem> {
     }
 
     public ISubsystem get(String key) {
-        return  super.get(key);
+        return super.get(key);
     }
 
 }
diff --git a/pki/base/common/src/com/netscape/cmscore/cert/CertDateCompare.java b/pki/base/common/src/com/netscape/cmscore/cert/CertDateCompare.java
index ed20d76f..d8b29812 100644
--- a/pki/base/common/src/com/netscape/cmscore/cert/CertDateCompare.java
+++ b/pki/base/common/src/com/netscape/cmscore/cert/CertDateCompare.java
@@ -17,16 +17,14 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cmscore.cert;
 
-
 import java.util.Comparator;
 import java.util.Date;
 
 import netscape.security.x509.X509CertImpl;
 
-
 /**
  * Compares validity dates for use in sorting.
- *
+ * 
  * @author kanda
  * @version $Revision$, $Date$
  */
@@ -44,11 +42,11 @@ public class CertDateCompare implements Comparator {
         } catch (Exception e) {
             e.printStackTrace();
         }
-        if (d1 == d2) return 0;
+        if (d1 == d2)
+            return 0;
         if (d1.after(d2))
             return 1;
         else
             return -1;
     }
 }
-
diff --git a/pki/base/common/src/com/netscape/cmscore/cert/CertPrettyPrint.java b/pki/base/common/src/com/netscape/cmscore/cert/CertPrettyPrint.java
index 3168b92f..775ba9e4 100644
--- a/pki/base/common/src/com/netscape/cmscore/cert/CertPrettyPrint.java
+++ b/pki/base/common/src/com/netscape/cmscore/cert/CertPrettyPrint.java
@@ -17,16 +17,13 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cmscore.cert;
 
-
 import java.security.cert.Certificate;
 
 import com.netscape.certsrv.base.ICertPrettyPrint;
 
-
 /**
- * This class will display the certificate content in predefined
- * format.
- *
+ * This class will display the certificate content in predefined format.
+ * 
  * @author Jack Pan-Chen
  * @version $Revision$, $Date$
  */
diff --git a/pki/base/common/src/com/netscape/cmscore/cert/CertUtils.java b/pki/base/common/src/com/netscape/cmscore/cert/CertUtils.java
index 97db7921..c098ca9d 100644
--- a/pki/base/common/src/com/netscape/cmscore/cert/CertUtils.java
+++ b/pki/base/common/src/com/netscape/cmscore/cert/CertUtils.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cmscore.cert;
 
-
 import java.io.FileInputStream;
 import java.io.FileOutputStream;
 import java.io.IOException;
@@ -64,10 +63,9 @@ import com.netscape.certsrv.logging.ILogger;
 import com.netscape.osutil.OSUtil;
 
 /**
- * Utility class with assorted methods to check for 
- * smime pairs, determining the type of cert - signature
- * or encryption ..etc.
- *
+ * Utility class with assorted methods to check for smime pairs, determining the
+ * type of cert - signature or encryption ..etc.
+ * 
  * @author kanda
  * @version $Revision$, $Date$
  */
@@ -79,9 +77,9 @@ public class CertUtils {
     public static final String CERT_RENEWAL_HEADER = "-----BEGIN RENEWAL CERTIFICATE REQUEST-----";
     public static final String CERT_RENEWAL_TRAILER = "-----END RENEWAL CERTIFICATE REQUEST-----";
     public static final String BEGIN_CRL_HEADER =
-        "-----BEGIN CERTIFICATE REVOCATION LIST-----";
+            "-----BEGIN CERTIFICATE REVOCATION LIST-----";
     public static final String END_CRL_HEADER =
-        "-----END CERTIFICATE REVOCATION LIST-----";
+            "-----END CERTIFICATE REVOCATION LIST-----";
 
     protected static ILogger mSignedAuditLogger = CMS.getSignedAuditLogger();
     private final static String LOGGING_SIGNED_AUDIT_CIMC_CERT_VERIFICATION =
@@ -91,7 +89,7 @@ public class CertUtils {
      * Remove the header and footer in the PKCS10 request.
      */
     public static String unwrapPKCS10(String request, boolean checkHeader)
-        throws EBaseException {
+            throws EBaseException {
         String unwrapped;
         String header = null;
         int head = -1;
@@ -112,7 +110,8 @@ public class CertUtils {
             head = request.indexOf(CERT_REQUEST_HEADER);
             trail = request.indexOf(CERT_REQUEST_TRAILER);
 
-            // If this is not a request header, check if this is a renewal header.
+            // If this is not a request header, check if this is a renewal
+            // header.
             if (!(head == -1 && trail == -1)) {
                 header = CERT_REQUEST_HEADER;
 
@@ -167,8 +166,8 @@ public class CertUtils {
         return pkcs10;
     }
 
-    public static void setRSAKeyToCertInfo(X509CertInfo info, 
-        byte encoded[]) throws EBaseException {
+    public static void setRSAKeyToCertInfo(X509CertInfo info,
+            byte encoded[]) throws EBaseException {
         try {
             if (info == null) {
                 throw new EBaseException(CMS.getUserMessage("CMS_BASE_INVALID_OPERATION"));
@@ -183,20 +182,20 @@ public class CertUtils {
     }
 
     public static X509CertInfo createCertInfo(int ver,
-        BigInteger serialno, String alg, String issuerName,
-        Date notBefore, Date notAfter) throws EBaseException {
+            BigInteger serialno, String alg, String issuerName,
+            Date notBefore, Date notAfter) throws EBaseException {
         try {
             X509CertInfo info = new X509CertInfo();
 
             info.set(X509CertInfo.VERSION, new CertificateVersion(ver));
-            info.set(X509CertInfo.SERIAL_NUMBER, new 
-                CertificateSerialNumber(serialno));
-            info.set(X509CertInfo.ALGORITHM_ID, new 
-                CertificateAlgorithmId(AlgorithmId.getAlgorithmId(alg)));
-            info.set(X509CertInfo.ISSUER, new 
-                CertificateIssuerName(new X500Name(issuerName)));
-            info.set(X509CertInfo.VALIDITY, new 
-                CertificateValidity(notBefore, notAfter));
+            info.set(X509CertInfo.SERIAL_NUMBER, new
+                    CertificateSerialNumber(serialno));
+            info.set(X509CertInfo.ALGORITHM_ID, new
+                    CertificateAlgorithmId(AlgorithmId.getAlgorithmId(alg)));
+            info.set(X509CertInfo.ISSUER, new
+                    CertificateIssuerName(new X500Name(issuerName)));
+            info.set(X509CertInfo.VALIDITY, new
+                    CertificateValidity(notBefore, notAfter));
             return info;
         } catch (Exception e) {
             System.out.println(e.toString());
@@ -233,11 +232,12 @@ public class CertUtils {
             return false;
         else if (keyUsage.length == 3)
             return keyUsage[2];
-        else return keyUsage[2] || keyUsage[3];
+        else
+            return keyUsage[2] || keyUsage[3];
     }
 
     public static boolean haveSameValidityPeriod(X509CertImpl cert1,
-        X509CertImpl cert2) {
+            X509CertImpl cert2) {
         long notBefDiff = 0;
         long notAfterDiff = 0;
 
@@ -264,7 +264,7 @@ public class CertUtils {
             if (!sameSubjectDN(dn1, dn2))
                 return false;
         }
-		
+
         // Check for the presence of signing and encryption certs.
         boolean hasSigningCert = isSigningCert(cert1) || isSigningCert(cert2);
 
@@ -276,15 +276,15 @@ public class CertUtils {
         if (!hasEncryptionCert)
             return false;
 
-            // If both certs have signing & encryption usage set, they are
-            // not really pairs.
+        // If both certs have signing & encryption usage set, they are
+        // not really pairs.
         if ((isSigningCert(cert1) && isEncryptionCert(cert1)) ||
-            (isSigningCert(cert2) && isEncryptionCert(cert2)))
+                (isSigningCert(cert2) && isEncryptionCert(cert2)))
             return false;
 
-            // See if the certs have the same validity.
-        boolean haveSameValidity = 
-            haveSameValidityPeriod(cert1, cert2);
+        // See if the certs have the same validity.
+        boolean haveSameValidity =
+                haveSameValidityPeriod(cert1, cert2);
 
         return haveSameValidity;
     }
@@ -358,7 +358,7 @@ public class CertUtils {
     }
 
     public static String getRenewedCertsDisplayInfo(String cn,
-        X509CertImpl[] validCerts, X509CertImpl[] renewedCerts) {
+            X509CertImpl[] validCerts, X509CertImpl[] renewedCerts) {
         StringBuffer sb = new StringBuffer(1024);
 
         if (validCerts != null) {
@@ -397,11 +397,11 @@ public class CertUtils {
 
     /**
      * Returns the index of the given cert in an array of certs.
-     *
-     * Assumptions: The certs are issued by the same CA 
-     *
-     * @param certArray	The array of certs.
-     * @param givenCert	The certificate we are lokking for in the array.
+     * 
+     * Assumptions: The certs are issued by the same CA
+     * 
+     * @param certArray The array of certs.
+     * @param givenCert The certificate we are lokking for in the array.
      * @return -1 if not found or the index of the given cert in the array.
      */
     public static int getCertIndex(X509CertImpl[] certArray, X509CertImpl givenCert) {
@@ -418,21 +418,21 @@ public class CertUtils {
     }
 
     /**
-     * Returns the most recently issued signing certificate from an
-     * an array of certs. 
-     *
-     * Assumptions: The certs are issued by the same CA 
-     *
-     * @param certArray	The array of certs.
-     * @param givenCert	The certificate we are lokking for in the array.
+     * Returns the most recently issued signing certificate from an an array of
+     * certs.
+     * 
+     * Assumptions: The certs are issued by the same CA
+     * 
+     * @param certArray The array of certs.
+     * @param givenCert The certificate we are lokking for in the array.
      * @return null if there is no recent cert or the most recent cert.
      */
     public static X509CertImpl getRecentSigningCert(X509CertImpl[] certArray,
-        X509CertImpl currentCert) {
+            X509CertImpl currentCert) {
         if (certArray == null || currentCert == null)
             return null;
 
-            // Sort the certificate array.
+        // Sort the certificate array.
         Arrays.sort(certArray, new CertDateCompare());
 
         // Get the index of the current cert in the array.
@@ -447,7 +447,7 @@ public class CertUtils {
             // Check if it is a signing cert and has its
             // NotAfter later than the current cert.
             if (isSigningCert(certArray[i]) &&
-                certArray[i].getNotAfter().after(recentCert.getNotAfter()))
+                    certArray[i].getNotAfter().after(recentCert.getNotAfter()))
                 recentCert = certArray[i];
         }
         return ((recentCert == currentCert) ? null : recentCert);
@@ -467,13 +467,13 @@ public class CertUtils {
         // Is is object signing cert?
         try {
             CertificateExtensions extns = (CertificateExtensions)
-                cert.get(X509CertImpl.NAME + "." + 
-                    X509CertImpl.INFO + "." + 
-                    X509CertInfo.EXTENSIONS);
+                    cert.get(X509CertImpl.NAME + "." +
+                            X509CertImpl.INFO + "." +
+                            X509CertInfo.EXTENSIONS);
 
             if (extns != null) {
                 NSCertTypeExtension nsExtn = (NSCertTypeExtension)
-                    extns.get(NSCertTypeExtension.class.getSimpleName());
+                        extns.get(NSCertTypeExtension.class.getSimpleName());
 
                 if (nsExtn != null) {
                     String nsType = getNSExtensionInfo(nsExtn);
@@ -485,7 +485,7 @@ public class CertUtils {
                     }
                 }
             }
-        }catch (Exception e) {
+        } catch (Exception e) {
         }
         return (sb.length() > 0) ? sb.toString() : null;
     }
@@ -517,14 +517,14 @@ public class CertUtils {
             res = (Boolean) nsExtn.get(NSCertTypeExtension.OBJECT_SIGNING_CA);
             if (res.equals(Boolean.TRUE))
                 sb.append("   object_signing_CA");
-        }catch (Exception e) {
+        } catch (Exception e) {
         }
 
         return (sb.length() > 0) ? sb.toString() : null;
     }
 
     public static byte[] readFromFile(String fileName)
-        throws IOException {
+            throws IOException {
         FileInputStream fin = new FileInputStream(fileName);
         int available = fin.available();
         byte[] ba = new byte[available];
@@ -537,7 +537,7 @@ public class CertUtils {
     }
 
     public static void storeInFile(String fileName, byte[] ba)
-        throws IOException {
+            throws IOException {
         FileOutputStream fout = new FileOutputStream(fileName);
 
         fout.write(ba);
@@ -546,17 +546,16 @@ public class CertUtils {
 
     public static String toMIME64(X509CertImpl cert) {
         try {
-            return 
-                "-----BEGIN CERTIFICATE-----\n" +
-                com.netscape.osutil.OSUtil.BtoA(cert.getEncoded()) +
-                "-----END CERTIFICATE-----\n";
+            return "-----BEGIN CERTIFICATE-----\n" +
+                    com.netscape.osutil.OSUtil.BtoA(cert.getEncoded()) +
+                    "-----END CERTIFICATE-----\n";
         } catch (CertificateException e) {
         }
         return null;
     }
 
-    public static X509Certificate mapCert(String mime64) 
-        throws IOException {
+    public static X509Certificate mapCert(String mime64)
+            throws IOException {
         mime64 = stripCertBrackets(mime64.trim());
         String newval = normalizeCertStr(mime64);
         byte rawPub[] = com.netscape.osutil.OSUtil.AtoB(newval);
@@ -569,8 +568,8 @@ public class CertUtils {
         return cert;
     }
 
-    public static X509Certificate[] mapCertFromPKCS7(String mime64) 
-        throws IOException {
+    public static X509Certificate[] mapCertFromPKCS7(String mime64)
+            throws IOException {
         mime64 = stripCertBrackets(mime64.trim());
         String newval = normalizeCertStr(mime64);
         byte rawPub[] = com.netscape.osutil.OSUtil.AtoB(newval);
@@ -584,8 +583,8 @@ public class CertUtils {
         }
     }
 
-    public static X509CRL mapCRL(String mime64) 
-        throws IOException {
+    public static X509CRL mapCRL(String mime64)
+            throws IOException {
         mime64 = stripCRLBrackets(mime64.trim());
         String newval = normalizeCertStr(mime64);
         byte rawPub[] = com.netscape.osutil.OSUtil.AtoB(newval);
@@ -598,8 +597,8 @@ public class CertUtils {
         return crl;
     }
 
-    public static X509CRL mapCRL1(String mime64) 
-        throws IOException {
+    public static X509CRL mapCRL1(String mime64)
+            throws IOException {
         mime64 = stripCRLBrackets(mime64.trim());
         byte rawPub[] = OSUtil.AtoB(mime64);
         X509CRL crl = null;
@@ -635,7 +634,7 @@ public class CertUtils {
             return s;
         }
         if ((s.startsWith("-----BEGIN CERTIFICATE REVOCATION LIST-----")) &&
-            (s.endsWith("-----END CERTIFICATE REVOCATION LIST-----"))) {
+                (s.endsWith("-----END CERTIFICATE REVOCATION LIST-----"))) {
             return (s.substring(43, (s.length() - 41)));
         }
         return s;
@@ -643,8 +642,9 @@ public class CertUtils {
 
     /**
      * strips out the begin and end certificate brackets
+     * 
      * @param s the string potentially bracketed with
-     * "-----BEGIN CERTIFICATE-----" and "-----END CERTIFICATE-----"
+     *            "-----BEGIN CERTIFICATE-----" and "-----END CERTIFICATE-----"
      * @return string without the brackets
      */
     public static String stripCertBrackets(String s) {
@@ -653,13 +653,13 @@ public class CertUtils {
         }
 
         if ((s.startsWith("-----BEGIN CERTIFICATE-----")) &&
-            (s.endsWith("-----END CERTIFICATE-----"))) {
+                (s.endsWith("-----END CERTIFICATE-----"))) {
             return (s.substring(27, (s.length() - 25)));
         }
 
         // To support Thawte's header and footer
         if ((s.startsWith("-----BEGIN PKCS #7 SIGNED DATA-----")) &&
-            (s.endsWith("-----END PKCS #7 SIGNED DATA-----"))) {
+                (s.endsWith("-----END PKCS #7 SIGNED DATA-----"))) {
             return (s.substring(35, (s.length() - 33)));
         }
 
@@ -667,13 +667,14 @@ public class CertUtils {
     }
 
     /**
-     * Returns a string that represents a cert's fingerprint.
-     * The fingerprint is a MD5 digest of the DER encoded certificate.
-     * @param  cert Certificate to get the fingerprint of.
+     * Returns a string that represents a cert's fingerprint. The fingerprint is
+     * a MD5 digest of the DER encoded certificate.
+     * 
+     * @param cert Certificate to get the fingerprint of.
      * @return a String that represents the cert's fingerprint.
      */
-    public static String getFingerPrint(Certificate cert) 
-        throws CertificateEncodingException, NoSuchAlgorithmException {
+    public static String getFingerPrint(Certificate cert)
+            throws CertificateEncodingException, NoSuchAlgorithmException {
         byte certDer[] = cert.getEncoded();
         MessageDigest md = MessageDigest.getInstance("MD5");
 
@@ -685,16 +686,17 @@ public class CertUtils {
         sb.append(pp.toHexString(digestedCert, 4, 20));
         return sb.toString();
     }
-	
+
     /**
-     * Returns a string that has the certificate's fingerprint using 
-     * MD5, MD2 and SHA1 hashes.
-     * A certificate's fingerprint is a hash digest of the DER encoded 
-     * certificate.
+     * Returns a string that has the certificate's fingerprint using MD5, MD2
+     * and SHA1 hashes. A certificate's fingerprint is a hash digest of the DER
+     * encoded certificate.
+     * 
      * @param cert Certificate to get the fingerprints of.
      * @return a String with fingerprints using the MD5, MD2 and SHA1 hashes.
-     * For example, 
-     * <pre>
+     *         For example,
+     * 
+     *         <pre>
      * MD2:   78:7E:D1:F9:3E:AF:50:18:68:A7:29:50:C3:21:1F:71
      * 
      * MD5:   0E:89:91:AC:40:50:F7:BE:6E:7B:39:4F:56:73:75:75
@@ -703,34 +705,33 @@ public class CertUtils {
      * </pre>
      */
     public static String getFingerPrints(Certificate cert)
-        throws NoSuchAlgorithmException, CertificateEncodingException {
+            throws NoSuchAlgorithmException, CertificateEncodingException {
         byte certDer[] = cert.getEncoded();
-		/*
-        String[] hashes = new String[] {"MD2", "MD5", "SHA1"};
-        String certFingerprints = "";
-        PrettyPrintFormat pp = new PrettyPrintFormat(":");
-
-        for (int i = 0; i < hashes.length; i++) {
-            MessageDigest md = MessageDigest.getInstance(hashes[i]);
-
-            md.update(certDer);
-            certFingerprints += "    " + hashes[i] + ":" +
-                    pp.toHexString(md.digest(), 6 - hashes[i].length());
-        }
-        return certFingerprints;
-		*/
-		return getFingerPrints(certDer);
+        /*
+         * String[] hashes = new String[] {"MD2", "MD5", "SHA1"}; String
+         * certFingerprints = ""; PrettyPrintFormat pp = new
+         * PrettyPrintFormat(":");
+         * 
+         * for (int i = 0; i < hashes.length; i++) { MessageDigest md =
+         * MessageDigest.getInstance(hashes[i]);
+         * 
+         * md.update(certDer); certFingerprints += "    " + hashes[i] + ":" +
+         * pp.toHexString(md.digest(), 6 - hashes[i].length()); } return
+         * certFingerprints;
+         */
+        return getFingerPrints(certDer);
     }
-	
+
     /**
-     * Returns a string that has the certificate's fingerprint using 
-     * MD5, MD2 and SHA1 hashes.
-     * A certificate's fingerprint is a hash digest of the DER encoded 
-     * certificate.
+     * Returns a string that has the certificate's fingerprint using MD5, MD2
+     * and SHA1 hashes. A certificate's fingerprint is a hash digest of the DER
+     * encoded certificate.
+     * 
      * @param cert Certificate to get the fingerprints of.
      * @return a String with fingerprints using the MD5, MD2 and SHA1 hashes.
-     * For example, 
-     * <pre>
+     *         For example,
+     * 
+     *         <pre>
      * MD2:   78:7E:D1:F9:3E:AF:50:18:68:A7:29:50:C3:21:1F:71
      * 
      * MD5:   0E:89:91:AC:40:50:F7:BE:6E:7B:39:4F:56:73:75:75
@@ -739,9 +740,9 @@ public class CertUtils {
      * </pre>
      */
     public static String getFingerPrints(byte[] certDer)
-        throws NoSuchAlgorithmException/*, CertificateEncodingException*/ {
-		//        byte certDer[] = cert.getEncoded();
-        String[] hashes = new String[] {"MD2", "MD5", "SHA1", "SHA256", "SHA512"};
+            throws NoSuchAlgorithmException/* , CertificateEncodingException */{
+        // byte certDer[] = cert.getEncoded();
+        String[] hashes = new String[] { "MD2", "MD5", "SHA1", "SHA256", "SHA512" };
         String certFingerprints = "";
         PrettyPrintFormat pp = new PrettyPrintFormat(":");
 
@@ -756,19 +757,20 @@ public class CertUtils {
     }
 
     /**
-     * Check if a object identifier in string form is valid, 
-     * that is a string in the form n.n.n.n and der encode and decode-able.
+     * Check if a object identifier in string form is valid, that is a string in
+     * the form n.n.n.n and der encode and decode-able.
+     * 
      * @param attrName attribute name (from the configuration file)
      * @param value object identifier string.
-     */ 
+     */
     public static ObjectIdentifier checkOID(String attrName, String value)
-        throws EBaseException {
+            throws EBaseException {
         String msg = "value must be a object identifier in the form n.n.n.n";
         String msg1 = "not a valid object identifier.";
         ObjectIdentifier oid;
 
-        try { 
-            oid = ObjectIdentifier.getObjectIdentifier(value); 
+        try {
+            oid = ObjectIdentifier.getObjectIdentifier(value);
         } catch (Exception e) {
             throw new EBaseException(CMS.getUserMessage("CMS_BASE_INVALID_ATTR_VALUE",
                         attrName, msg));
@@ -776,7 +778,7 @@ public class CertUtils {
 
         // if the OID isn't valid (ex. n.n) the error isn't caught til
         // encoding time leaving a bad request in the request queue.
-        try { 
+        try {
             DerOutputStream derOut = new DerOutputStream();
 
             derOut.putOID(oid);
@@ -803,20 +805,20 @@ public class CertUtils {
 
         return tmp.toString();
     }
-	
+
     /*
-     * verify a certificate by its nickname
-     * returns true if it verifies; false if any not
+     * verify a certificate by its nickname returns true if it verifies; false
+     * if any not
      */
     public static boolean verifySystemCertByNickname(String nickname, String certusage) {
         boolean r = true;
-        CertificateUsage  cu = null;
+        CertificateUsage cu = null;
         cu = getCertificateUsage(certusage);
         int ccu = 0;
 
         if (cu == null) {
-            CMS.debug("CertUtils: verifySystemCertByNickname() failed: "+
-                nickname + " with unsupported certusage ="+ certusage);
+            CMS.debug("CertUtils: verifySystemCertByNickname() failed: " +
+                    nickname + " with unsupported certusage =" + certusage);
             return false;
         }
 
@@ -839,7 +841,7 @@ public class CertUtils {
                 if (ccu == CertificateUsage.basicCertificateUsages) {
                     /* cert is good for nothing */
                     r = false;
-                    CMS.debug("CertUtils: verifySystemCertByNickname() failed: cert is good for nothing:"+ nickname);
+                    CMS.debug("CertUtils: verifySystemCertByNickname() failed: cert is good for nothing:" + nickname);
                 } else {
                     r = true;
                     CMS.debug("CertUtils: verifySystemCertByNickname() passed:" + nickname);
@@ -871,16 +873,16 @@ public class CertUtils {
                 }
             }
         } catch (Exception e) {
-            CMS.debug("CertUtils: verifySystemCertByNickname() failed: "+
-                e.toString());
+            CMS.debug("CertUtils: verifySystemCertByNickname() failed: " +
+                    e.toString());
             r = false;
         }
         return r;
     }
 
     /*
-     * verify a certificate by its tag name
-     * returns true if it verifies; false if any not
+     * verify a certificate by its tag name returns true if it verifies; false
+     * if any not
      */
     public static boolean verifySystemCertByTag(String tag) {
         String auditMessage = null;
@@ -905,12 +907,12 @@ public class CertUtils {
                 r = false;
                 return r;
             }
-            String nickname = config.getString(subsysType+".cert."+tag+".nickname", "");
+            String nickname = config.getString(subsysType + ".cert." + tag + ".nickname", "");
             if (nickname.equals("")) {
                 CMS.debug("CertUtils: verifySystemCertByTag() nickname for cert tag " + tag + " undefined in CS.cfg");
                 r = false;
             }
-            String certusage = config.getString(subsysType+".cert."+tag+".certusage", "");
+            String certusage = config.getString(subsysType + ".cert." + tag + ".certusage", "");
             if (certusage.equals("")) {
                 CMS.debug("CertUtils: verifySystemCertByTag() certusage for cert tag " + tag + " undefined in CS.cfg, getting current certificate usage");
             }
@@ -918,9 +920,9 @@ public class CertUtils {
             if (r == true) {
                 // audit here
                 auditMessage = CMS.getLogMessage(
-                    LOGGING_SIGNED_AUDIT_CIMC_CERT_VERIFICATION,
-                    ILogger.SYSTEM_UID,
-                    ILogger.SUCCESS,
+                        LOGGING_SIGNED_AUDIT_CIMC_CERT_VERIFICATION,
+                        ILogger.SYSTEM_UID,
+                        ILogger.SUCCESS,
                             nickname);
 
                 audit(auditMessage);
@@ -935,8 +937,8 @@ public class CertUtils {
                 audit(auditMessage);
             }
         } catch (Exception e) {
-            CMS.debug("CertUtils: verifySystemCertsByTag() failed: "+
-                e.toString());
+            CMS.debug("CertUtils: verifySystemCertsByTag() failed: " +
+                    e.toString());
             auditMessage = CMS.getLogMessage(
                         LOGGING_SIGNED_AUDIT_CIMC_CERT_VERIFICATION,
                         ILogger.SYSTEM_UID,
@@ -986,9 +988,8 @@ public class CertUtils {
     }
 
     /*
-     * goes through all system certs and check to see if they are good
-     * and audit the result
-     * returns true if all verifies; false if any not
+     * goes through all system certs and check to see if they are good and audit
+     * the result returns true if all verifies; false if any not
      */
     public static boolean verifySystemCerts() {
         String auditMessage = null;
@@ -1022,9 +1023,9 @@ public class CertUtils {
                 r = false;
                 return r;
             }
-            String certlist = config.getString(subsysType+".cert.list", "");
+            String certlist = config.getString(subsysType + ".cert.list", "");
             if (certlist.equals("")) {
-                CMS.debug("CertUtils: verifySystemCerts() "+subsysType+ ".cert.list not defined in CS.cfg. System certificates verification not done");
+                CMS.debug("CertUtils: verifySystemCerts() " + subsysType + ".cert.list not defined in CS.cfg. System certificates verification not done");
                 auditMessage = CMS.getLogMessage(
                             LOGGING_SIGNED_AUDIT_CIMC_CERT_VERIFICATION,
                             ILogger.SYSTEM_UID,
@@ -1050,7 +1051,7 @@ public class CertUtils {
                         ILogger.FAILURE,
                         "");
 
-                    audit(auditMessage);
+            audit(auditMessage);
             r = false;
             CMS.debug("CertUtils: verifySystemCerts():" + e.toString());
         }
@@ -1073,8 +1074,9 @@ public class CertUtils {
     }
 
     /**
-     * Signed Audit Log
-     * This method is called to store messages to the signed audit log.
+     * Signed Audit Log This method is called to store messages to the signed
+     * audit log.
+     * 
      * @param msg signed audit log message
      */
     private static void audit(String msg) {
@@ -1085,11 +1087,10 @@ public class CertUtils {
         }
 
         mSignedAuditLogger.log(ILogger.EV_SIGNED_AUDIT,
-            null,
-            ILogger.S_SIGNED_AUDIT,
-            ILogger.LL_SECURITY,
-            msg);
+                null,
+                ILogger.S_SIGNED_AUDIT,
+                ILogger.LL_SECURITY,
+                msg);
     }
 
-
 }
diff --git a/pki/base/common/src/com/netscape/cmscore/cert/CertificatePair.java b/pki/base/common/src/com/netscape/cmscore/cert/CertificatePair.java
index effd86ed..c23fd5e0 100644
--- a/pki/base/common/src/com/netscape/cmscore/cert/CertificatePair.java
+++ b/pki/base/common/src/com/netscape/cmscore/cert/CertificatePair.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cmscore.cert;
 
-
 import java.io.IOException;
 import java.io.OutputStream;
 import java.security.cert.CertificateException;
@@ -34,10 +33,9 @@ import com.netscape.certsrv.base.EBaseException;
 import com.netscape.certsrv.ca.ICertificateAuthority;
 import com.netscape.certsrv.cert.ICrossCertPairSubsystem;
 
-
 /**
  * This class implements CertificatePair used for Cross Certification
- *
+ * 
  * @author cfu
  * @version $Revision$, $Date$
  */
@@ -47,14 +45,14 @@ public class CertificatePair implements ASN1Value {
     private static final Tag TAG = SEQUENCE.TAG;
 
     /**
-     * construct a CertificatePair.  It doesn't matter which is
-     * forward and which is reverse in the parameters.  It will figure 
-     * it out
+     * construct a CertificatePair. It doesn't matter which is forward and which
+     * is reverse in the parameters. It will figure it out
+     * 
      * @param cert1 one X509Certificate
      * @param cert2 one X509Certificate
      */
-    public CertificatePair (X509Certificate cert1, X509Certificate cert2)
-        throws EBaseException {
+    public CertificatePair(X509Certificate cert1, X509Certificate cert2)
+            throws EBaseException {
         if ((cert1 == null) || (cert2 == null))
             throw new EBaseException("CertificatePair: both certs can not be null");
         debug("in CertificatePair()");
@@ -74,14 +72,14 @@ public class CertificatePair implements ASN1Value {
     }
 
     /**
-     * construct a CertificatePair.  It doesn't matter which is
-     * forward and which is reverse in the parameters.  It will figure 
-     * it out
+     * construct a CertificatePair. It doesn't matter which is forward and which
+     * is reverse in the parameters. It will figure it out
+     * 
      * @param cert1 one certificate byte array
      * @param cert2 one certificate byte array
      */
-    public CertificatePair (byte[] cert1, byte[] cert2)
-        throws EBaseException {
+    public CertificatePair(byte[] cert1, byte[] cert2)
+            throws EBaseException {
         if ((cert1 == null) || (cert2 == null))
             throw new EBaseException("CertificatePair: both certs can not be null");
         boolean rightOrder = certOrders(cert1, cert2);
@@ -96,11 +94,11 @@ public class CertificatePair implements ASN1Value {
     }
 
     /*
-     * returns true if c1 is forward and cert2 is reverse
-     * returns false if c2 is forward and cert1 is reverse
+     * returns true if c1 is forward and cert2 is reverse returns false if c2 is
+     * forward and cert1 is reverse
      */
     private boolean certOrders(X509Certificate c1, X509Certificate c2)
-        throws EBaseException {
+            throws EBaseException {
         debug("in certOrders() with X509Cert");
 
         ICertificateAuthority ca = (ICertificateAuthority) CMS.getSubsystem("ca");
@@ -111,55 +109,43 @@ public class CertificatePair implements ASN1Value {
         // more check really should be done here regarding the
         // validity of the two certs...later
 
-        /* It looks the DN's returned are not normalized and fail
-         * comparison
-
-         if ((c1.getIssuerDN().equals((Object) caCert.getSubjectDN()))) 
-         debug("myCA signed c1");
-         else {
-         debug("c1 issuerDN="+c1.getIssuerDN().toString());
-         debug("myCA subjectDN="+caCert.getSubjectDN().toString());
-         }
-
-         if(caCert.getSubjectDN().equals((Object) c2.getSubjectDN()))
-         debug("myCA subject == c2 subject");
-         else {
-         debug("caCert subjectDN="+caCert.getSubjectDN().toString());
-         debug("c2 subjectDN="+c2.getSubjectDN().toString());
-         }
-
-         if ((c2.getIssuerDN().equals((Object) caCert.getSubjectDN())))
-         debug("myCA signed c2");
-         else {
-         debug("c2 issuerDN="+c1.getIssuerDN().toString());
-         debug("myCA subjectDN="+caCert.getSubjectDN().toString());
-         }
-
-         if(caCert.getSubjectDN().equals((Object) c1.getSubjectDN()))
-         debug("myCA subject == c1 subject");
-         else {
-         debug("caCert subjectDN="+caCert.getSubjectDN().toString());
-         debug("c1 subjectDN="+c1.getSubjectDN().toString());
-         }
-
-         if ((c1.getIssuerDN().equals((Object) caCert.getSubjectDN()))
-         && (caCert.getSubjectDN().equals((Object) c2.getSubjectDN())))
-         
-         {
-         return false;
-         } else if ((c2.getIssuerDN().equals((Object) caCert.getSubjectDN()))
-         && (caCert.getSubjectDN().equals((Object) c1.getSubjectDN())))
-         {
-         return true;
-         } else {
-         throw new EBaseException("CertificatePair: need correct forward and reverse relationship to construct CertificatePair");
-         }
+        /*
+         * It looks the DN's returned are not normalized and fail comparison
+         * 
+         * if ((c1.getIssuerDN().equals((Object) caCert.getSubjectDN())))
+         * debug("myCA signed c1"); else {
+         * debug("c1 issuerDN="+c1.getIssuerDN().toString());
+         * debug("myCA subjectDN="+caCert.getSubjectDN().toString()); }
+         * 
+         * if(caCert.getSubjectDN().equals((Object) c2.getSubjectDN()))
+         * debug("myCA subject == c2 subject"); else {
+         * debug("caCert subjectDN="+caCert.getSubjectDN().toString());
+         * debug("c2 subjectDN="+c2.getSubjectDN().toString()); }
+         * 
+         * if ((c2.getIssuerDN().equals((Object) caCert.getSubjectDN())))
+         * debug("myCA signed c2"); else {
+         * debug("c2 issuerDN="+c1.getIssuerDN().toString());
+         * debug("myCA subjectDN="+caCert.getSubjectDN().toString()); }
+         * 
+         * if(caCert.getSubjectDN().equals((Object) c1.getSubjectDN()))
+         * debug("myCA subject == c1 subject"); else {
+         * debug("caCert subjectDN="+caCert.getSubjectDN().toString());
+         * debug("c1 subjectDN="+c1.getSubjectDN().toString()); }
+         * 
+         * if ((c1.getIssuerDN().equals((Object) caCert.getSubjectDN())) &&
+         * (caCert.getSubjectDN().equals((Object) c2.getSubjectDN())))
+         * 
+         * { return false; } else if ((c2.getIssuerDN().equals((Object)
+         * caCert.getSubjectDN())) && (caCert.getSubjectDN().equals((Object)
+         * c1.getSubjectDN()))) { return true; } else { throw new
+         * EBaseException(
+         * "CertificatePair: need correct forward and reverse relationship to construct CertificatePair"
+         * ); }
          */
 
         /*
-         * my other attempt:
-         * one of the certs has to share the same public key as this
-         * CA, and that will be the "forward" cert; the other one is
+         * my other attempt: one of the certs has to share the same public key
+         * as this CA, and that will be the "forward" cert; the other one is
          * assumed to be the "reverse" cert
          */
         byte[] caCertBytes = caCert.getPublicKey().getEncoded();
@@ -220,14 +206,14 @@ public class CertificatePair implements ASN1Value {
     }
 
     /*
-     * returns true if cert1 is forward and cert2 is reverse
-     * returns false if cert2 is forward and cert1 is reverse
+     * returns true if cert1 is forward and cert2 is reverse returns false if
+     * cert2 is forward and cert1 is reverse
      */
     private boolean certOrders(byte[] cert1, byte[] cert2)
-        throws EBaseException {
+            throws EBaseException {
         debug("in certOrders() with byte[]");
         ICrossCertPairSubsystem ccps =
-            (ICrossCertPairSubsystem) CMS.getSubsystem("CrossCertPair");
+                (ICrossCertPairSubsystem) CMS.getSubsystem("CrossCertPair");
         X509Certificate c1 = null;
         X509Certificate c2 = null;
 
diff --git a/pki/base/common/src/com/netscape/cmscore/cert/CrlCachePrettyPrint.java b/pki/base/common/src/com/netscape/cmscore/cert/CrlCachePrettyPrint.java
index 5c3c8001..92fbc9a1 100644
--- a/pki/base/common/src/com/netscape/cmscore/cert/CrlCachePrettyPrint.java
+++ b/pki/base/common/src/com/netscape/cmscore/cert/CrlCachePrettyPrint.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cmscore.cert;
 
-
 import java.text.DateFormat;
 import java.util.Iterator;
 import java.util.Locale;
@@ -35,44 +34,45 @@ import com.netscape.certsrv.ca.ICRLIssuingPoint;
 import com.netscape.certsrv.ca.ICertificateAuthority;
 
 /**
- * This class will display the certificate content in predefined
- * format.
- *
+ * This class will display the certificate content in predefined format.
+ * 
  * @author Andrew Wnuk
  * @version $Revision$, $Date$
  */
-public class CrlCachePrettyPrint implements ICRLPrettyPrint
-{
+public class CrlCachePrettyPrint implements ICRLPrettyPrint {
 
-    /*==========================================================
-     * constants
-     *==========================================================*/
+    /*
+     * ========================================================== constants
+     * ==========================================================
+     */
     private final static String CUSTOM_LOCALE = "Custom";
 
-    /*==========================================================
-     * variables
-     *==========================================================*/
+    /*
+     * ========================================================== variables
+     * ==========================================================
+     */
     private ICRLIssuingPoint mIP = null;
     private PrettyPrintFormat pp = null;
 
-    /*==========================================================
-     * constructors
-     *==========================================================*/
+    /*
+     * ========================================================== constructors
+     * ==========================================================
+     */
 
     public CrlCachePrettyPrint(ICRLIssuingPoint ip) {
         mIP = ip;
         pp = new PrettyPrintFormat(":");
     }
 
-    /*==========================================================
-     * public methods
-     *==========================================================*/
+    /*
+     * ========================================================== public methods
+     * ==========================================================
+     */
 
     /**
-     * This method return string representation of the certificate
-     * revocation list in predefined format using specified client
-     * local. I18N Support.
-     *
+     * This method return string representation of the certificate revocation
+     * list in predefined format using specified client local. I18N Support.
+     * 
      * @param clientLocale Locale to be used for localization
      * @return string representation of the certificate
      */
@@ -82,12 +82,12 @@ public class CrlCachePrettyPrint implements ICRLPrettyPrint
 
     public String toString(Locale clientLocale, long crlSize, long pageStart, long pageSize) {
 
-        //get I18N resources
+        // get I18N resources
         ResourceBundle resource = ResourceBundle.getBundle(
                 PrettyPrintResources.class.getName());
         DateFormat dateFormater = DateFormat.getDateTimeInstance(
                 DateFormat.FULL, DateFormat.FULL, clientLocale);
-        //get timezone and timezone ID
+        // get timezone and timezone ID
         String tz = " ";
         String tzid = " ";
 
@@ -107,8 +107,8 @@ public class CrlCachePrettyPrint implements ICRLPrettyPrint
             }
             sb.append(pp.indent(12) + resource.getString(
                       PrettyPrintResources.TOKEN_ISSUER) +
-                      ((ICertificateAuthority)(mIP.getCertificateAuthority()))
-                      .getCRLX500Name().toString() + "\n");
+                      ((ICertificateAuthority) (mIP.getCertificateAuthority()))
+                              .getCRLX500Name().toString() + "\n");
             // Format thisUpdate
             String thisUpdate = dateFormater.format(mIP.getLastUpdate());
 
@@ -124,17 +124,17 @@ public class CrlCachePrettyPrint implements ICRLPrettyPrint
             if (tz.equals(tzid) || tzid.equals(CUSTOM_LOCALE)) {
                 // Do NOT append timezone ID
                 sb.append(pp.indent(12)
-                    + resource.getString(
-                        PrettyPrintResources.TOKEN_THIS_UPDATE)
-                    + thisUpdate
-                    + "\n");
+                        + resource.getString(
+                                PrettyPrintResources.TOKEN_THIS_UPDATE)
+                        + thisUpdate
+                        + "\n");
             } else {
                 // Append timezone ID
                 sb.append(pp.indent(12)
-                    + resource.getString(
-                        PrettyPrintResources.TOKEN_THIS_UPDATE)
-                    + thisUpdate
-                    + " " + tzid + "\n");
+                        + resource.getString(
+                                PrettyPrintResources.TOKEN_THIS_UPDATE)
+                        + thisUpdate
+                        + " " + tzid + "\n");
             }
             // Check for presence of NextUpdate
             if (mIP.getNextUpdate() != null) {
@@ -152,17 +152,17 @@ public class CrlCachePrettyPrint implements ICRLPrettyPrint
                 if (tz.equals(tzid) || tzid.equals(CUSTOM_LOCALE)) {
                     // Do NOT append timezone ID
                     sb.append(pp.indent(12)
-                        + resource.getString(
-                            PrettyPrintResources.TOKEN_NEXT_UPDATE)
-                        + nextUpdate
-                        + "\n");
+                            + resource.getString(
+                                    PrettyPrintResources.TOKEN_NEXT_UPDATE)
+                            + nextUpdate
+                            + "\n");
                 } else {
                     // Append timezone ID
                     sb.append(pp.indent(12)
-                        + resource.getString(
-                            PrettyPrintResources.TOKEN_NEXT_UPDATE)
-                        + nextUpdate
-                        + " " + tzid + "\n");
+                            + resource.getString(
+                                    PrettyPrintResources.TOKEN_NEXT_UPDATE)
+                            + nextUpdate
+                            + " " + tzid + "\n");
                 }
             }
 
@@ -170,7 +170,7 @@ public class CrlCachePrettyPrint implements ICRLPrettyPrint
                 sb.append(pp.indent(12) + resource.getString(
                         PrettyPrintResources.TOKEN_REVOKED_CERTIFICATES) + crlSize + "\n");
             } else if ((crlSize == 0 && pageStart == 0 && pageSize == 0) ||
-                (crlSize > 0 && pageStart > 0 && pageSize > 0)) {
+                    (crlSize > 0 && pageStart > 0 && pageSize > 0)) {
                 sb.append(pp.indent(12) + resource.getString(
                         PrettyPrintResources.TOKEN_REVOKED_CERTIFICATES));
                 long upperLimit = crlSize;
@@ -183,7 +183,7 @@ public class CrlCachePrettyPrint implements ICRLPrettyPrint
                 }
                 sb.append("\n");
 
-                Set<RevokedCertificate> revokedCerts = mIP.getRevokedCertificates((int)(pageStart-1), (int)upperLimit);
+                Set<RevokedCertificate> revokedCerts = mIP.getRevokedCertificates((int) (pageStart - 1), (int) upperLimit);
 
                 if (revokedCerts != null) {
                     Iterator<RevokedCertificate> i = revokedCerts.iterator();
@@ -195,35 +195,35 @@ public class CrlCachePrettyPrint implements ICRLPrettyPrint
                         if ((crlSize == 0) || (upperLimit - pageStart + 1 >= l)) {
                             sb.append(pp.indent(16) + resource.getString(
                                     PrettyPrintResources.TOKEN_SERIAL) + "0x" +
-                                revokedCert.getSerialNumber().toString(16).toUpperCase() + "\n");
+                                    revokedCert.getSerialNumber().toString(16).toUpperCase() + "\n");
                             String revocationDate =
-                                dateFormater.format(revokedCert.getRevocationDate());
+                                    dateFormater.format(revokedCert.getRevocationDate());
 
                             // re-get timezone
                             // (just in case it is different . . .)
                             if (TimeZone.getDefault() != null) {
                                 tz = TimeZone.getDefault().getDisplayName(
                                             TimeZone.getDefault().inDaylightTime(
-                                                revokedCert.getRevocationDate()),
+                                                    revokedCert.getRevocationDate()),
                                             TimeZone.SHORT,
                                             clientLocale);
                             }
                             // Specify revocationDate
                             if (tz.equals(tzid) ||
-                                tzid.equals(CUSTOM_LOCALE)) {
+                                    tzid.equals(CUSTOM_LOCALE)) {
                                 // Do NOT append timezone ID
                                 sb.append(pp.indent(16)
-                                    + resource.getString(
-                                        PrettyPrintResources.TOKEN_REVOCATION_DATE)
-                                    + revocationDate
-                                    + "\n");
+                                        + resource.getString(
+                                                PrettyPrintResources.TOKEN_REVOCATION_DATE)
+                                        + revocationDate
+                                        + "\n");
                             } else {
                                 // Append timezone ID
                                 sb.append(pp.indent(16)
-                                    + resource.getString(
-                                        PrettyPrintResources.TOKEN_REVOCATION_DATE)
-                                    + revocationDate
-                                    + " " + tzid + "\n");
+                                        + resource.getString(
+                                                PrettyPrintResources.TOKEN_REVOCATION_DATE)
+                                        + revocationDate
+                                        + " " + tzid + "\n");
                             }
                             if (revokedCert.hasExtensions()) {
                                 sb.append(pp.indent(16) + resource.getString(
@@ -254,7 +254,7 @@ public class CrlCachePrettyPrint implements ICRLPrettyPrint
         } catch (Exception e) {
             sb.append("\n\n" + pp.indent(4) + resource.getString(
                     PrettyPrintResources.TOKEN_DECODING_ERROR) + "\n\n");
-            CMS.debug("Exception="+e.toString());
+            CMS.debug("Exception=" + e.toString());
             CMS.debugStackTrace();
         }
 
diff --git a/pki/base/common/src/com/netscape/cmscore/cert/CrlPrettyPrint.java b/pki/base/common/src/com/netscape/cmscore/cert/CrlPrettyPrint.java
index 1a3969b4..1c24bf2c 100644
--- a/pki/base/common/src/com/netscape/cmscore/cert/CrlPrettyPrint.java
+++ b/pki/base/common/src/com/netscape/cmscore/cert/CrlPrettyPrint.java
@@ -17,16 +17,13 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cmscore.cert;
 
-
 import netscape.security.x509.X509CRLImpl;
 
 import com.netscape.certsrv.base.ICRLPrettyPrint;
 
-
 /**
- * This class will display the certificate content in predefined
- * format.
- *
+ * This class will display the certificate content in predefined format.
+ * 
  * @author Andrew Wnuk
  * @version $Revision$, $Date$
  */
diff --git a/pki/base/common/src/com/netscape/cmscore/cert/CrossCertPairSubsystem.java b/pki/base/common/src/com/netscape/cmscore/cert/CrossCertPairSubsystem.java
index 663585bf..17329ffe 100644
--- a/pki/base/common/src/com/netscape/cmscore/cert/CrossCertPairSubsystem.java
+++ b/pki/base/common/src/com/netscape/cmscore/cert/CrossCertPairSubsystem.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cmscore.cert;
 
-
 import java.io.ByteArrayInputStream;
 import java.io.ByteArrayOutputStream;
 import java.io.IOException;
@@ -47,23 +46,21 @@ import com.netscape.certsrv.publish.IPublisherProcessor;
 import com.netscape.certsrv.publish.IXcertPublisherProcessor;
 import com.netscape.cmscore.ldapconn.LdapBoundConnFactory;
 
-
 /**
- * Subsystem for handling cross certificate pairing and publishing
- * Intended use:
+ * Subsystem for handling cross certificate pairing and publishing Intended use:
  * <ul>
- *   <li> when signing a subordinate CA cert which is intended to be
- * part of the crossCertificatePair
- *   <li> when this ca submits a request (with existing CA signing key 
- * material to another ca for cross-signing
- *</ul>
- *   In both cases, administrator needs to "import" the crossSigned
- * certificates via the admin console.  When importCert() is called,
- * the imported cert will be stored in the internal db
- * first until it's pairing cert shows up.
- * If it happens that the above two cases finds its pairing
- * cert already there, then a CertifiatePair is created and put
- * in the internal db "crosscertificatepair;binary" attribute
+ * <li>when signing a subordinate CA cert which is intended to be part of the
+ * crossCertificatePair
+ * <li>when this ca submits a request (with existing CA signing key material to
+ * another ca for cross-signing
+ * </ul>
+ * In both cases, administrator needs to "import" the crossSigned certificates
+ * via the admin console. When importCert() is called, the imported cert will be
+ * stored in the internal db first until it's pairing cert shows up. If it
+ * happens that the above two cases finds its pairing cert already there, then a
+ * CertifiatePair is created and put in the internal db
+ * "crosscertificatepair;binary" attribute
+ * 
  * @author cfu
  * @version $Revision$, $Date$
  */
@@ -100,7 +97,7 @@ public class CrossCertPairSubsystem implements ICrossCertPairSubsystem {
     }
 
     public void init(ISubsystem owner, IConfigStore config)
-        throws EBaseException {
+            throws EBaseException {
         try {
             mConfig = config;
             mLogger = CMS.getLogger();
@@ -112,21 +109,21 @@ public class CrossCertPairSubsystem implements ICrossCertPairSubsystem {
 
             if (ldapConfig == null) {
                 log(ILogger.LL_MISCONF,
-                    CMS.getLogMessage("CMSCORE_DBS_CONF_ERROR",
-                    PROP_LDAP));
+                        CMS.getLogMessage("CMSCORE_DBS_CONF_ERROR",
+                                PROP_LDAP));
                 return;
             }
 
             mBaseDN = ldapConfig.getString(PROP_BASEDN, null);
-    
+
             mLdapConnFactory = new LdapBoundConnFactory();
 
             if (mLdapConnFactory != null)
                 mLdapConnFactory.init(ldapConfig);
             else {
                 log(ILogger.LL_MISCONF,
-                    CMS.getLogMessage("CMSCORE_DBS_CONF_ERROR",
-                        PROP_LDAP));
+                        CMS.getLogMessage("CMSCORE_DBS_CONF_ERROR",
+                                PROP_LDAP));
                 return;
             }
         } catch (EBaseException e) {
@@ -137,14 +134,12 @@ public class CrossCertPairSubsystem implements ICrossCertPairSubsystem {
     }
 
     /**
-     * "import" the CA cert cross-signed by another CA (potentially a
-     * bridge CA) into internal ldap db.
-     * the imported cert will be stored in the internal db
-     * first until it's pairing cert shows up.
-     * If it happens that it finds its pairing
-     * cert already there, then a CertifiatePair is created and put
+     * "import" the CA cert cross-signed by another CA (potentially a bridge CA)
+     * into internal ldap db. the imported cert will be stored in the internal
+     * db first until it's pairing cert shows up. If it happens that it finds
+     * its pairing cert already there, then a CertifiatePair is created and put
      * in the internal db "crosscertificatepair;binary" attribute
-     *
+     * 
      * @param certBytes cert in byte array to be imported
      */
     public void importCert(byte[] certBytes) throws EBaseException {
@@ -162,14 +157,12 @@ public class CrossCertPairSubsystem implements ICrossCertPairSubsystem {
     }
 
     /**
-     * "import" the CA cert cross-signed by another CA (potentially a
-     * bridge CA) into internal ldap db.
-     * the imported cert will be stored in the internal db
-     * first until it's pairing cert shows up.
-     * If it happens that it finds its pairing
-     * cert already there, then a CertifiatePair is created and put
+     * "import" the CA cert cross-signed by another CA (potentially a bridge CA)
+     * into internal ldap db. the imported cert will be stored in the internal
+     * db first until it's pairing cert shows up. If it happens that it finds
+     * its pairing cert already there, then a CertifiatePair is created and put
      * in the internal db "crosscertificatepair;binary" attribute
-     *
+     * 
      * @param certBytes cert in byte array to be imported
      */
     public synchronized void importCert(Object certObj) throws EBaseException {
@@ -182,8 +175,8 @@ public class CrossCertPairSubsystem implements ICrossCertPairSubsystem {
         // 1. does cert2 share the same key pair as this CA's signing
         // cert
         // 2. does cert2's subject match this CA's subject?
-        // 3. other valididity checks: is this a ca cert?  Is this
-        // cert still valid?  If the issuer is not yet trusted, let it 
+        // 3. other valididity checks: is this a ca cert? Is this
+        // cert still valid? If the issuer is not yet trusted, let it
         // be.
 
         // get certs from internal db to see if we find a pair
@@ -208,7 +201,7 @@ public class CrossCertPairSubsystem implements ICrossCertPairSubsystem {
                 }
 
                 Enumeration en = caCerts.getByteValues();
-				
+
                 if ((en == null) || (en.hasMoreElements() == false)) {
                     debug("1st potential xcert");
                     addCAcert(conn, cert.getEncoded());
@@ -232,8 +225,9 @@ public class CrossCertPairSubsystem implements ICrossCertPairSubsystem {
                             // caCertificate attr, and publish if so configured
                             debug("found a pair!");
                             CertificatePair cp = new
-                                //								CertificatePair(inCert.getEncoded(), cert.getEncoded());
-                                CertificatePair(inCert, cert);
+                                    // CertificatePair(inCert.getEncoded(),
+                                    // cert.getEncoded());
+                                    CertificatePair(inCert, cert);
 
                             addXCertPair(conn, certPairs, cp);
                             deleteCAcert(conn, inCert.getEncoded());
@@ -242,7 +236,7 @@ public class CrossCertPairSubsystem implements ICrossCertPairSubsystem {
                             break;
                         }
                     }
-                } //while
+                } // while
                 if (match == false) {
                     // don't find a pair, add it into
                     // caCertificate attr for later pairing
@@ -279,27 +273,28 @@ public class CrossCertPairSubsystem implements ICrossCertPairSubsystem {
 
     /**
      * are cert1 and cert2 cross-signed certs?
+     * 
      * @param cert1 the cert for comparison in our internal db
      * @param cert2 the cert that's being considered
      */
     protected boolean arePair(X509Certificate cert1, X509Certificate cert2) {
         // 1. does cert1's issuer match cert2's subject?
         // 2. does cert2's issuer match cert1's subject?
-        if ((cert1.getIssuerDN().equals((Object) cert2.getSubjectDN())) 
-            && (cert2.getIssuerDN().equals((Object) cert1.getSubjectDN())))
+        if ((cert1.getIssuerDN().equals((Object) cert2.getSubjectDN()))
+                && (cert2.getIssuerDN().equals((Object) cert1.getSubjectDN())))
             return true;
         else
             return false;
     }
 
-    public X509Certificate byteArray2X509Cert(byte[] certBytes) 
-        throws CertificateException {
+    public X509Certificate byteArray2X509Cert(byte[] certBytes)
+            throws CertificateException {
         debug("in bytearray2X509Cert()");
         ByteArrayInputStream inStream = new
-            ByteArrayInputStream(certBytes);
+                ByteArrayInputStream(certBytes);
 
         CertificateFactory cf =
-            CertificateFactory.getInstance("X.509");
+                CertificateFactory.getInstance("X.509");
 
         X509Certificate cert = (X509Certificate) cf.generateCertificate(inStream);
 
@@ -308,12 +303,12 @@ public class CrossCertPairSubsystem implements ICrossCertPairSubsystem {
     }
 
     public synchronized void addXCertPair(LDAPConnection conn,
-        LDAPAttribute certPairs, CertificatePair pair)
-        throws LDAPException, IOException {
+            LDAPAttribute certPairs, CertificatePair pair)
+            throws LDAPException, IOException {
         ByteArrayOutputStream bos = new ByteArrayOutputStream();
 
         pair.encode(bos);
-		
+
         if (ByteValueExists(certPairs, bos.toByteArray()) == true) {
             debug("cross cert pair exists in internal db, don't add again");
             return;
@@ -322,9 +317,9 @@ public class CrossCertPairSubsystem implements ICrossCertPairSubsystem {
         // add certificatePair
         LDAPModificationSet modSet = new LDAPModificationSet();
 
-        modSet.add(LDAPModification.ADD, 
-            new LDAPAttribute(LDAP_ATTR_XCERT_PAIR, bos.toByteArray()));
-        conn.modify(DN_XCERTS + "," + mBaseDN, modSet); 
+        modSet.add(LDAPModification.ADD,
+                new LDAPAttribute(LDAP_ATTR_XCERT_PAIR, bos.toByteArray()));
+        conn.modify(DN_XCERTS + "," + mBaseDN, modSet);
     }
 
     /**
@@ -366,24 +361,24 @@ public class CrossCertPairSubsystem implements ICrossCertPairSubsystem {
         debug("exiting byteArraysAreEqual(): true");
         return true;
     }
-    
+
     public synchronized void addCAcert(LDAPConnection conn, byte[] certEnc)
-        throws LDAPException {
+            throws LDAPException {
         LDAPModificationSet modSet = new
-            LDAPModificationSet();
-						
+                LDAPModificationSet();
+
         modSet.add(LDAPModification.ADD,
-            new LDAPAttribute(LDAP_ATTR_CA_CERT, certEnc));
+                new LDAPAttribute(LDAP_ATTR_CA_CERT, certEnc));
         conn.modify(DN_XCERTS + "," + mBaseDN, modSet);
     }
 
     public synchronized void deleteCAcert(LDAPConnection conn, byte[] certEnc)
-        throws LDAPException {
+            throws LDAPException {
         LDAPModificationSet modSet = new
-            LDAPModificationSet();
+                LDAPModificationSet();
 
         modSet.add(LDAPModification.DELETE,
-            new LDAPAttribute(LDAP_ATTR_CA_CERT, certEnc));
+                new LDAPAttribute(LDAP_ATTR_CA_CERT, certEnc));
         conn.modify(DN_XCERTS + "," + mBaseDN, modSet);
     }
 
@@ -394,7 +389,7 @@ public class CrossCertPairSubsystem implements ICrossCertPairSubsystem {
         LDAPConnection conn = null;
 
         if ((mPublisherProcessor == null) ||
-            !mPublisherProcessor.enabled())
+                !mPublisherProcessor.enabled())
             return;
 
         try {
@@ -421,7 +416,7 @@ public class CrossCertPairSubsystem implements ICrossCertPairSubsystem {
                 }
 
                 Enumeration en = xcerts.getByteValues();
-				
+
                 if ((en == null) || (en.hasMoreElements() == false)) {
                     debug("publishCertPair found no pairs in internal db");
                     return;
@@ -435,7 +430,7 @@ public class CrossCertPairSubsystem implements ICrossCertPairSubsystem {
                         continue;
                     } else {
                         try {
-                            //found a cross cert pair, publish if we could
+                            // found a cross cert pair, publish if we could
                             IXcertPublisherProcessor xp = null;
 
                             xp = (IXcertPublisherProcessor) mPublisherProcessor;
@@ -445,7 +440,7 @@ public class CrossCertPairSubsystem implements ICrossCertPairSubsystem {
                         }
                     }
                 }// while
-            }//if
+            }// if
         } catch (Exception e) {
             throw new EBaseException("CrossCertPairSubsystem: publishCertPairs() failed:" + e.toString());
         }
@@ -476,16 +471,15 @@ public class CrossCertPairSubsystem implements ICrossCertPairSubsystem {
             try {
                 mLdapConnFactory.reset();
             } catch (ELdapException e) {
-                CMS.debug("CrossCertPairSubsystem shutdown exception: "+e.toString()); 
+                CMS.debug("CrossCertPairSubsystem shutdown exception: " + e.toString());
             }
         }
         mLdapConnFactory = null;
     }
 
     /*
-     * Returns the root configuration storage of this system.
-     * <P>
-     *
+     * Returns the root configuration storage of this system. <P>
+     * 
      * @return configuration store of this subsystem
      */
     public IConfigStore getConfigStore() {
@@ -494,7 +488,7 @@ public class CrossCertPairSubsystem implements ICrossCertPairSubsystem {
 
     protected void log(int level, String msg) {
         mLogger.log(ILogger.EV_SYSTEM,
-            ILogger.S_XCERT, level, msg);
+                ILogger.S_XCERT, level, msg);
     }
 
     private static void debug(String msg) {
diff --git a/pki/base/common/src/com/netscape/cmscore/cert/ExtPrettyPrint.java b/pki/base/common/src/com/netscape/cmscore/cert/ExtPrettyPrint.java
index ea9fabf2..a2ac04e4 100644
--- a/pki/base/common/src/com/netscape/cmscore/cert/ExtPrettyPrint.java
+++ b/pki/base/common/src/com/netscape/cmscore/cert/ExtPrettyPrint.java
@@ -17,16 +17,13 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cmscore.cert;
 
-
 import netscape.security.x509.Extension;
 
 import com.netscape.certsrv.base.IExtPrettyPrint;
 
-
 /**
- * This class will display the certificate content in predefined
- * format.
- *
+ * This class will display the certificate content in predefined format.
+ * 
  * @author Andrew Wnuk
  * @version $Revision$, $Date$
  */
@@ -36,4 +33,3 @@ public class ExtPrettyPrint extends netscape.security.util.ExtPrettyPrint implem
         super(ext, indentSize);
     }
 }
-
diff --git a/pki/base/common/src/com/netscape/cmscore/cert/OidLoaderSubsystem.java b/pki/base/common/src/com/netscape/cmscore/cert/OidLoaderSubsystem.java
index 9353ae8f..42425c86 100644
--- a/pki/base/common/src/com/netscape/cmscore/cert/OidLoaderSubsystem.java
+++ b/pki/base/common/src/com/netscape/cmscore/cert/OidLoaderSubsystem.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cmscore.cert;
 
-
 import java.security.cert.CertificateException;
 import java.util.Enumeration;
 
@@ -38,7 +37,6 @@ import com.netscape.certsrv.base.IConfigStore;
 import com.netscape.certsrv.base.ISubsystem;
 import com.netscape.cmscore.util.Debug;
 
-
 /**
  * 
  * @author stevep
@@ -47,7 +45,7 @@ import com.netscape.cmscore.util.Debug;
 public class OidLoaderSubsystem implements ISubsystem {
 
     private IConfigStore mConfig = null;
-    public  static final String ID = "oidmap";
+    public static final String ID = "oidmap";
     private String mId = ID;
 
     private static final String PROP_OID = "oid";
@@ -77,61 +75,56 @@ public class OidLoaderSubsystem implements ISubsystem {
     public static OidLoaderSubsystem getInstance() {
         return mInstance;
     }
-	
+
     private static final int CertType_data[] = { 2, 16, 840, 1, 113730, 1, 1 };
 
     /**
      * Identifies the particular public key used to sign the certificate.
      */
     public static final ObjectIdentifier CertType_Id = new
-        ObjectIdentifier(CertType_data);
+            ObjectIdentifier(CertType_data);
 
     private static final String[][] oidMapEntries = new String[][] {
-            {NSCertTypeExtension.class.getName(),
-                CertType_Id.toString(),
-                NSCertTypeExtension.class.getSimpleName()},
-            {CertificateRenewalWindowExtension.class.getName(),
-                CertificateRenewalWindowExtension.ID.toString(),
-                CertificateRenewalWindowExtension.class.getSimpleName()},
-            {CertificateScopeOfUseExtension.class.getName(),
-                CertificateScopeOfUseExtension.ID.toString(),
-                CertificateScopeOfUseExtension.NAME},
-            {DeltaCRLIndicatorExtension.class.getName(),
-                DeltaCRLIndicatorExtension.OID,
-                DeltaCRLIndicatorExtension.class.getSimpleName()},
-            {HoldInstructionExtension.class.getName(),
-                HoldInstructionExtension.OID,
-                HoldInstructionExtension.class.getSimpleName()},
-            {InvalidityDateExtension.class.getName(),
-                InvalidityDateExtension.OID,
-                InvalidityDateExtension.class.getSimpleName()},
-            {IssuingDistributionPointExtension.class.getName(),
-                IssuingDistributionPointExtension.OID,
-                IssuingDistributionPointExtension.class.getSimpleName()},
-            {FreshestCRLExtension.class.getName(),
-                FreshestCRLExtension.OID,
-                FreshestCRLExtension.class.getSimpleName()},
+            { NSCertTypeExtension.class.getName(),
+                    CertType_Id.toString(),
+                    NSCertTypeExtension.class.getSimpleName() },
+            { CertificateRenewalWindowExtension.class.getName(),
+                    CertificateRenewalWindowExtension.ID.toString(),
+                    CertificateRenewalWindowExtension.class.getSimpleName() },
+            { CertificateScopeOfUseExtension.class.getName(),
+                    CertificateScopeOfUseExtension.ID.toString(),
+                    CertificateScopeOfUseExtension.NAME },
+            { DeltaCRLIndicatorExtension.class.getName(),
+                    DeltaCRLIndicatorExtension.OID,
+                    DeltaCRLIndicatorExtension.class.getSimpleName() },
+            { HoldInstructionExtension.class.getName(),
+                    HoldInstructionExtension.OID,
+                    HoldInstructionExtension.class.getSimpleName() },
+            { InvalidityDateExtension.class.getName(),
+                    InvalidityDateExtension.OID,
+                    InvalidityDateExtension.class.getSimpleName() },
+            { IssuingDistributionPointExtension.class.getName(),
+                    IssuingDistributionPointExtension.OID,
+                    IssuingDistributionPointExtension.class.getSimpleName() },
+            { FreshestCRLExtension.class.getName(),
+                    FreshestCRLExtension.OID,
+                    FreshestCRLExtension.class.getSimpleName() },
         };
 
     /**
-     * Initializes this subsystem with the given 
-     * configuration store.
-     * It first initializes resident subsystems,
-     * and it loads and initializes loadable
-     * subsystem specified in the configuration
-     * store.
+     * Initializes this subsystem with the given configuration store. It first
+     * initializes resident subsystems, and it loads and initializes loadable
+     * subsystem specified in the configuration store.
      * <P>
-     * Note that individual subsystem should be
-     * initialized in a separated thread if
-     * it has dependency on the initialization
-     * of other subsystems.
+     * Note that individual subsystem should be initialized in a separated
+     * thread if it has dependency on the initialization of other subsystems.
      * <P>
-     *
+     * 
      * @param owner owner of this subsystem
      * @param config configuration store
      */
     public synchronized void init(ISubsystem owner, IConfigStore config)
-        throws EBaseException {
+            throws EBaseException {
         if (Debug.ON) {
             Debug.trace("OIDLoaderSubsystem started");
         }
@@ -144,8 +137,8 @@ public class OidLoaderSubsystem implements ISubsystem {
         for (int i = 0; i < oidMapEntries.length; i++) {
             try {
                 OIDMap.addAttribute(oidMapEntries[i][0],
-                    oidMapEntries[i][1],
-                    oidMapEntries[i][2]);
+                        oidMapEntries[i][1],
+                        oidMapEntries[i][2]);
             } catch (Exception e) {
             }
         }
@@ -161,8 +154,8 @@ public class OidLoaderSubsystem implements ISubsystem {
                 String classname = substore.getString(PROP_CLASS);
 
                 OIDMap.addAttribute(classname,
-                    oidname,
-                    substorename);
+                        oidname,
+                        substorename);
             } catch (EPropertyNotFound e) {
                 // Log error
             } catch (CertificateException e) {
@@ -181,9 +174,8 @@ public class OidLoaderSubsystem implements ISubsystem {
     }
 
     /*
-     * Returns the root configuration storage of this system.
-     * <P>
-     *
+     * Returns the root configuration storage of this system. <P>
+     * 
      * @return configuration store of this subsystem
      */
     public IConfigStore getConfigStore() {
diff --git a/pki/base/common/src/com/netscape/cmscore/cert/PrettyPrintFormat.java b/pki/base/common/src/com/netscape/cmscore/cert/PrettyPrintFormat.java
index 3ace3c67..cdde9939 100644
--- a/pki/base/common/src/com/netscape/cmscore/cert/PrettyPrintFormat.java
+++ b/pki/base/common/src/com/netscape/cmscore/cert/PrettyPrintFormat.java
@@ -17,40 +17,40 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cmscore.cert;
 
-
 import com.netscape.certsrv.base.IPrettyPrintFormat;
 
-
 /**
- * This class will display the certificate content in predefined
- * format.
- *
+ * This class will display the certificate content in predefined format.
+ * 
  * @author Andrew Wnuk
  * @version $Revision$, $Date$
  */
 public class PrettyPrintFormat implements IPrettyPrintFormat {
 
-    /*==========================================================
-     * variables
-     *==========================================================*/
+    /*
+     * ========================================================== variables
+     * ==========================================================
+     */
     private String mSeparator = "";
     private int mIndentSize = 0;
     private int mLineLen = 0;
 
-    /*==========================================================
-     * constants
-     *
-     *==========================================================*/
+    /*
+     * ========================================================== constants
+     * 
+     * ==========================================================
+     */
     private final static String spaces =
-        "                                                 " +
-        "                                                 " +
-        "                                                 " +
-        "                                                 " +
-        "                                                 ";
-
-    /*==========================================================
-     * constructors
-     *==========================================================*/
+            "                                                 " +
+                    "                                                 " +
+                    "                                                 " +
+                    "                                                 " +
+                    "                                                 ";
+
+    /*
+     * ========================================================== constructors
+     * ==========================================================
+     */
 
     public PrettyPrintFormat(String separator) {
         mSeparator = separator;
@@ -67,18 +67,20 @@ public class PrettyPrintFormat implements IPrettyPrintFormat {
         mIndentSize = indentSize;
     }
 
-    /*==========================================================
-     * Private methods
-     *==========================================================*/
-	 
-	 
-    /*==========================================================
-     * public methods
-     *==========================================================*/
+    /*
+     * ========================================================== Private
+     * methods==========================================================
+     */
+
+    /*
+     * ========================================================== public methods
+     * ==========================================================
+     */
 
     /**
-     * Provide white space indention
-     * stevep - speed improvements. Factor of 10 improvement
+     * Provide white space indention stevep - speed improvements. Factor of 10
+     * improvement
+     * 
      * @param numSpace number of white space to be returned
      * @return white spaces
      */
@@ -92,19 +94,19 @@ public class PrettyPrintFormat implements IPrettyPrintFormat {
         };
 
     /**
-     * Convert Byte Array to Hex String Format
-     * stevep - speedup by factor of 8
+     * Convert Byte Array to Hex String Format stevep - speedup by factor of 8
+     * 
      * @param byte array of data to hexify
      * @param indentSize number of spaces to prepend before each line
-     * @param lineLen number of bytes to output on each line (0
-     means: put everything on one line
-     * @param separator the first character of this string will be used as
-     the separator between bytes.
+     * @param lineLen number of bytes to output on each line (0 means: put
+     *            everything on one line
+     * @param separator the first character of this string will be used as the
+     *            separator between bytes.
      * @return string representation
      */
 
-    public String toHexString(byte[] in, int indentSize, 
-        int lineLen, String separator) {
+    public String toHexString(byte[] in, int indentSize,
+            int lineLen, String separator) {
         StringBuffer sb = new StringBuffer();
         int hexCount = 0;
         char c[];
@@ -144,7 +146,7 @@ public class PrettyPrintFormat implements IPrettyPrintFormat {
             c[j++] = '\n';
             sb.append(c, 0, j);
         }
-        //        sb.append("\n");
+        // sb.append("\n");
 
         return sb.toString();
     }
diff --git a/pki/base/common/src/com/netscape/cmscore/cert/PrettyPrintResources.java b/pki/base/common/src/com/netscape/cmscore/cert/PrettyPrintResources.java
index 4bf1147a..d90a4558 100644
--- a/pki/base/common/src/com/netscape/cmscore/cert/PrettyPrintResources.java
+++ b/pki/base/common/src/com/netscape/cmscore/cert/PrettyPrintResources.java
@@ -17,21 +17,19 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cmscore.cert;
 
-
 import java.util.ListResourceBundle;
 
 import netscape.security.extensions.NSCertTypeExtension;
 import netscape.security.x509.KeyUsageExtension;
 
-
 /**
  * Resource Boundle for the Pretty Print
- *
+ * 
  * @author Jack Pan-Chen
  * @version $Revision$, $Date$
  */
 
-public class PrettyPrintResources extends  ListResourceBundle {
+public class PrettyPrintResources extends ListResourceBundle {
 
     /**
      * Returns content
@@ -41,11 +39,10 @@ public class PrettyPrintResources extends  ListResourceBundle {
     }
 
     /**
-     * Constants. The suffix represents the number of
-     * possible parameters.
+     * Constants. The suffix represents the number of possible parameters.
      */
 
-    //certificate pretty print
+    // certificate pretty print
     public final static String TOKEN_CERTIFICATE = "tokenCertificate";
     public final static String TOKEN_DATA = "tokenData";
     public final static String TOKEN_VERSION = "tokenVersion";
@@ -64,14 +61,14 @@ public class PrettyPrintResources extends  ListResourceBundle {
     public final static String TOKEN_EXTENSIONS = "tokenExtensions";
     public final static String TOKEN_SIGNATURE = "tokenSignature";
 
-    //extension pretty print
+    // extension pretty print
     public final static String TOKEN_YES = "tokenYes";
     public final static String TOKEN_NO = "tokenNo";
     public final static String TOKEN_IDENTIFIER = "tokenIdentifier";
     public final static String TOKEN_CRITICAL = "tokenCritical";
     public final static String TOKEN_VALUE = "tokenValue";
 
-    //specific extension token
+    // specific extension token
     public final static String TOKEN_KEY_TYPE = "tokenKeyType";
     public final static String TOKEN_CERT_TYPE = "tokenCertType";
     public final static String TOKEN_SKI = "tokenSKI";
@@ -174,122 +171,122 @@ public class PrettyPrintResources extends  ListResourceBundle {
     public final static String TOKEN_CACHE_NOT_AVAILABLE = "cacheNotAvailable";
     public final static String TOKEN_CACHE_IS_EMPTY = "cacheIsEmpty";
 
-    //Tokens should have blank_space as trailer
+    // Tokens should have blank_space as trailer
     static final Object[][] contents = {
-            {TOKEN_CERTIFICATE, "Certificate: "},
-            {TOKEN_DATA, "Data: "},
-            {TOKEN_VERSION, "Version: "},
-            {TOKEN_SERIAL, "Serial Number: "},
-            {TOKEN_SIGALG, "Signature Algorithm: "},
-            {TOKEN_ISSUER, "Issuer: "},
-            {TOKEN_VALIDITY, "Validity: "},
-            {TOKEN_NOT_BEFORE, "Not Before: "},
-            {TOKEN_NOT_AFTER, "Not  After: "},
-            {TOKEN_SUBJECT, "Subject: "},
-            {TOKEN_SPKI, "Subject Public Key Info: "},
-            {TOKEN_ALGORITHM, "Algorithm: "},
-            {TOKEN_PUBLIC_KEY, "Public Key: "},
-            {TOKEN_PUBLIC_KEY_MODULUS, "Public Key Modulus: "},
-            {TOKEN_PUBLIC_KEY_EXPONENT, "Exponent: "},
-            {TOKEN_EXTENSIONS, "Extensions: "},
-            {TOKEN_SIGNATURE, "Signature: "},
-            {TOKEN_YES, "yes "},
-            {TOKEN_NO, "no "},
-            {TOKEN_IDENTIFIER, "Identifier: "},
-            {TOKEN_CRITICAL, "Critical: "},
-            {TOKEN_VALUE, "Value: "},
-            {TOKEN_KEY_TYPE, "Key Type "},
-            {TOKEN_CERT_TYPE, "Netscape Certificate Type "},
-            {TOKEN_SKI, "Subject Key Identifier "},
-            {TOKEN_AKI, "Authority Key Identifier "},
-            {TOKEN_ACCESS_DESC, "Access Description: "},
-            {TOKEN_OCSP_NOCHECK, "OCSP NoCheck: "},
-            {TOKEN_EXTENDED_KEY_USAGE, "Extended Key Usage: "},
-            {TOKEN_PRIVATE_KEY_USAGE, "Private Key Usage: "},
-            {TOKEN_PRESENCE_SERVER, "Presence Server: "},
-            {TOKEN_AIA, "Authority Info Access: "},
-            {TOKEN_KEY_USAGE, "Key Usage: "},
-            {KeyUsageExtension.DIGITAL_SIGNATURE, "Digital Signature "},
-            {KeyUsageExtension.NON_REPUDIATION, "Non Repudiation "},
-            {KeyUsageExtension.KEY_ENCIPHERMENT, "Key Encipherment "},        
-            {KeyUsageExtension.DATA_ENCIPHERMENT, "Data Encipherment "},
-            {KeyUsageExtension.KEY_AGREEMENT, "Key Agreement "},
-            {KeyUsageExtension.KEY_CERTSIGN, "Key CertSign "},
-            {KeyUsageExtension.CRL_SIGN, "Crl Sign "},
-            {KeyUsageExtension.ENCIPHER_ONLY, "Encipher Only "},
-            {KeyUsageExtension.DECIPHER_ONLY, "Decipher Only "},
-            {TOKEN_CERT_USAGE, "Certificate Usage: "},
-            {NSCertTypeExtension.SSL_CLIENT, "SSL Client "},
-            {NSCertTypeExtension.SSL_SERVER, "SSL Server "},
-            {NSCertTypeExtension.EMAIL, "Secure Email "},
-            {NSCertTypeExtension.OBJECT_SIGNING, "Object Signing "},
-            {NSCertTypeExtension.SSL_CA, "SSL CA "},
-            {NSCertTypeExtension.EMAIL_CA, "Secure Email CA "},
-            {NSCertTypeExtension.OBJECT_SIGNING_CA, "ObjectSigning CA "},
-            {TOKEN_KEY_ID, "Key Identifier: "},
-            {TOKEN_AUTH_NAME, "Authority Name: "},
-            {TOKEN_CRL, "Certificate Revocation List: "},
-            {TOKEN_THIS_UPDATE, "This Update: "},
-            {TOKEN_NEXT_UPDATE, "Next Update: "},
-            {TOKEN_REVOKED_CERTIFICATES, "Revoked Certificates: "},
-            {TOKEN_REVOCATION_DATE, "Revocation Date: "},
-            {TOKEN_REVOCATION_REASON, "Revocation Reason "},
-            {TOKEN_REASON, "Reason: "},
-            {TOKEN_BASIC_CONSTRAINTS, "Basic Constraints "},
-            {TOKEN_NAME_CONSTRAINTS, "Name Constraints "},
-            {TOKEN_NSC_COMMENT, "Netscape Comment "},
-            {TOKEN_IS_CA, "Is CA: "},
-            {TOKEN_PATH_LEN, "Path Length Constraint: "},
-            {TOKEN_PATH_LEN_UNLIMITED, "UNLIMITED"},
-            {TOKEN_PATH_LEN_UNDEFINED, "UNDEFINED"},
-            {TOKEN_PATH_LEN_INVALID, "INVALID"},
-            {TOKEN_CRL_NUMBER, "CRL Number "},
-            {TOKEN_NUMBER, "Number: "},
-            {TOKEN_DELTA_CRL_INDICATOR, "Delta CRL Indicator "},
-            {TOKEN_BASE_CRL_NUMBER, "Base CRL Number: "},
-            {TOKEN_CERT_SCOPE_OF_USE, "Certificate Scope of Use "},
-            {TOKEN_SCOPE_OF_USE, "Scope of Use: "},
-            {TOKEN_PORT, "Port: "},
-            {TOKEN_ISSUER_ALT_NAME, "Issuer Alternative Name "},
-            {TOKEN_ISSUER_NAMES, "Issuer Names: "},
-            {TOKEN_SUBJECT_ALT_NAME, "Subject Alternative Name "},
-            {TOKEN_DECODING_ERROR, "Decoding Error"},
-            {TOKEN_FRESHEST_CRL_EXT, "Freshest CRL "},
-            {TOKEN_CRL_DP_EXT, "CRL Distribution Points "},
-            {TOKEN_CRLDP_NUMPOINTS, "Number of Points: "},
-            {TOKEN_CRLDP_POINTN, "Point "},
-            {TOKEN_CRLDP_DISTPOINT, "Distribution Point: "},
-            {TOKEN_CRLDP_REASONS, "Reason Flags: "},
-            {TOKEN_CRLDP_CRLISSUER, "CRL Issuer: "},
-            {TOKEN_ISSUING_DIST_POINT, "Issuing Distribution Point "},
-            {TOKEN_DIST_POINT_NAME, "Distribution Point: "},
-            {TOKEN_FULL_NAME, "Full Name: "},
-            {TOKEN_RELATIVE_NAME, "Name Relative To CRL Issuer: "},
-            {TOKEN_ONLY_USER_CERTS, "Only Contains User Certificates: "},
-            {TOKEN_ONLY_CA_CERTS, "Only Contains CA Certificates: "},
-            {TOKEN_ONLY_SOME_REASONS, "Only Some Reasons: "},
-            {TOKEN_INDIRECT_CRL, "Indirect CRL: "},
-            {TOKEN_INVALIDITY_DATE, "Invalidity Date "},
-            {TOKEN_DATE_OF_INVALIDITY, "Invalidity Date: "},
-            {TOKEN_CERTIFICATE_ISSUER, "Certificate Issuer "},
-            {TOKEN_HOLD_INSTRUCTION, "Hold Instruction Code "},
-            {TOKEN_HOLD_INSTRUCTION_CODE, "Hold Instruction Code: "},
-            {TOKEN_POLICY_CONSTRAINTS, "Policy Constraints "},
-            {TOKEN_INHIBIT_POLICY_MAPPING, "Inhibit Policy Mapping: "},
-            {TOKEN_REQUIRE_EXPLICIT_POLICY, "Require Explicit Policy: "},
-            {TOKEN_POLICY_MAPPINGS, "Policy Mappings "},
-            {TOKEN_MAPPINGS, "Mappings: "},
-            {TOKEN_MAP, "Map "},
-            {TOKEN_ISSUER_DOMAIN_POLICY, "Issuer Domain Policy: "},
-            {TOKEN_SUBJECT_DOMAIN_POLICY, "Subject Domain Policy: "},
-            {TOKEN_SUBJECT_DIR_ATTR, "Subject Directory Attributes "},
-            {TOKEN_ATTRIBUTES, "Attributes:" },
-            {TOKEN_ATTRIBUTE, "Attribute "},
-            {TOKEN_VALUES, "Values: "},
-            {TOKEN_NOT_SET, "not set"},
-            {TOKEN_NONE, "none"},
-            {TOKEN_CACHE_NOT_AVAILABLE, "CRL cache is not available. "},
-            {TOKEN_CACHE_IS_EMPTY, "CRL cache is empty. "},
+            { TOKEN_CERTIFICATE, "Certificate: " },
+            { TOKEN_DATA, "Data: " },
+            { TOKEN_VERSION, "Version: " },
+            { TOKEN_SERIAL, "Serial Number: " },
+            { TOKEN_SIGALG, "Signature Algorithm: " },
+            { TOKEN_ISSUER, "Issuer: " },
+            { TOKEN_VALIDITY, "Validity: " },
+            { TOKEN_NOT_BEFORE, "Not Before: " },
+            { TOKEN_NOT_AFTER, "Not  After: " },
+            { TOKEN_SUBJECT, "Subject: " },
+            { TOKEN_SPKI, "Subject Public Key Info: " },
+            { TOKEN_ALGORITHM, "Algorithm: " },
+            { TOKEN_PUBLIC_KEY, "Public Key: " },
+            { TOKEN_PUBLIC_KEY_MODULUS, "Public Key Modulus: " },
+            { TOKEN_PUBLIC_KEY_EXPONENT, "Exponent: " },
+            { TOKEN_EXTENSIONS, "Extensions: " },
+            { TOKEN_SIGNATURE, "Signature: " },
+            { TOKEN_YES, "yes " },
+            { TOKEN_NO, "no " },
+            { TOKEN_IDENTIFIER, "Identifier: " },
+            { TOKEN_CRITICAL, "Critical: " },
+            { TOKEN_VALUE, "Value: " },
+            { TOKEN_KEY_TYPE, "Key Type " },
+            { TOKEN_CERT_TYPE, "Netscape Certificate Type " },
+            { TOKEN_SKI, "Subject Key Identifier " },
+            { TOKEN_AKI, "Authority Key Identifier " },
+            { TOKEN_ACCESS_DESC, "Access Description: " },
+            { TOKEN_OCSP_NOCHECK, "OCSP NoCheck: " },
+            { TOKEN_EXTENDED_KEY_USAGE, "Extended Key Usage: " },
+            { TOKEN_PRIVATE_KEY_USAGE, "Private Key Usage: " },
+            { TOKEN_PRESENCE_SERVER, "Presence Server: " },
+            { TOKEN_AIA, "Authority Info Access: " },
+            { TOKEN_KEY_USAGE, "Key Usage: " },
+            { KeyUsageExtension.DIGITAL_SIGNATURE, "Digital Signature " },
+            { KeyUsageExtension.NON_REPUDIATION, "Non Repudiation " },
+            { KeyUsageExtension.KEY_ENCIPHERMENT, "Key Encipherment " },
+            { KeyUsageExtension.DATA_ENCIPHERMENT, "Data Encipherment " },
+            { KeyUsageExtension.KEY_AGREEMENT, "Key Agreement " },
+            { KeyUsageExtension.KEY_CERTSIGN, "Key CertSign " },
+            { KeyUsageExtension.CRL_SIGN, "Crl Sign " },
+            { KeyUsageExtension.ENCIPHER_ONLY, "Encipher Only " },
+            { KeyUsageExtension.DECIPHER_ONLY, "Decipher Only " },
+            { TOKEN_CERT_USAGE, "Certificate Usage: " },
+            { NSCertTypeExtension.SSL_CLIENT, "SSL Client " },
+            { NSCertTypeExtension.SSL_SERVER, "SSL Server " },
+            { NSCertTypeExtension.EMAIL, "Secure Email " },
+            { NSCertTypeExtension.OBJECT_SIGNING, "Object Signing " },
+            { NSCertTypeExtension.SSL_CA, "SSL CA " },
+            { NSCertTypeExtension.EMAIL_CA, "Secure Email CA " },
+            { NSCertTypeExtension.OBJECT_SIGNING_CA, "ObjectSigning CA " },
+            { TOKEN_KEY_ID, "Key Identifier: " },
+            { TOKEN_AUTH_NAME, "Authority Name: " },
+            { TOKEN_CRL, "Certificate Revocation List: " },
+            { TOKEN_THIS_UPDATE, "This Update: " },
+            { TOKEN_NEXT_UPDATE, "Next Update: " },
+            { TOKEN_REVOKED_CERTIFICATES, "Revoked Certificates: " },
+            { TOKEN_REVOCATION_DATE, "Revocation Date: " },
+            { TOKEN_REVOCATION_REASON, "Revocation Reason " },
+            { TOKEN_REASON, "Reason: " },
+            { TOKEN_BASIC_CONSTRAINTS, "Basic Constraints " },
+            { TOKEN_NAME_CONSTRAINTS, "Name Constraints " },
+            { TOKEN_NSC_COMMENT, "Netscape Comment " },
+            { TOKEN_IS_CA, "Is CA: " },
+            { TOKEN_PATH_LEN, "Path Length Constraint: " },
+            { TOKEN_PATH_LEN_UNLIMITED, "UNLIMITED" },
+            { TOKEN_PATH_LEN_UNDEFINED, "UNDEFINED" },
+            { TOKEN_PATH_LEN_INVALID, "INVALID" },
+            { TOKEN_CRL_NUMBER, "CRL Number " },
+            { TOKEN_NUMBER, "Number: " },
+            { TOKEN_DELTA_CRL_INDICATOR, "Delta CRL Indicator " },
+            { TOKEN_BASE_CRL_NUMBER, "Base CRL Number: " },
+            { TOKEN_CERT_SCOPE_OF_USE, "Certificate Scope of Use " },
+            { TOKEN_SCOPE_OF_USE, "Scope of Use: " },
+            { TOKEN_PORT, "Port: " },
+            { TOKEN_ISSUER_ALT_NAME, "Issuer Alternative Name " },
+            { TOKEN_ISSUER_NAMES, "Issuer Names: " },
+            { TOKEN_SUBJECT_ALT_NAME, "Subject Alternative Name " },
+            { TOKEN_DECODING_ERROR, "Decoding Error" },
+            { TOKEN_FRESHEST_CRL_EXT, "Freshest CRL " },
+            { TOKEN_CRL_DP_EXT, "CRL Distribution Points " },
+            { TOKEN_CRLDP_NUMPOINTS, "Number of Points: " },
+            { TOKEN_CRLDP_POINTN, "Point " },
+            { TOKEN_CRLDP_DISTPOINT, "Distribution Point: " },
+            { TOKEN_CRLDP_REASONS, "Reason Flags: " },
+            { TOKEN_CRLDP_CRLISSUER, "CRL Issuer: " },
+            { TOKEN_ISSUING_DIST_POINT, "Issuing Distribution Point " },
+            { TOKEN_DIST_POINT_NAME, "Distribution Point: " },
+            { TOKEN_FULL_NAME, "Full Name: " },
+            { TOKEN_RELATIVE_NAME, "Name Relative To CRL Issuer: " },
+            { TOKEN_ONLY_USER_CERTS, "Only Contains User Certificates: " },
+            { TOKEN_ONLY_CA_CERTS, "Only Contains CA Certificates: " },
+            { TOKEN_ONLY_SOME_REASONS, "Only Some Reasons: " },
+            { TOKEN_INDIRECT_CRL, "Indirect CRL: " },
+            { TOKEN_INVALIDITY_DATE, "Invalidity Date " },
+            { TOKEN_DATE_OF_INVALIDITY, "Invalidity Date: " },
+            { TOKEN_CERTIFICATE_ISSUER, "Certificate Issuer " },
+            { TOKEN_HOLD_INSTRUCTION, "Hold Instruction Code " },
+            { TOKEN_HOLD_INSTRUCTION_CODE, "Hold Instruction Code: " },
+            { TOKEN_POLICY_CONSTRAINTS, "Policy Constraints " },
+            { TOKEN_INHIBIT_POLICY_MAPPING, "Inhibit Policy Mapping: " },
+            { TOKEN_REQUIRE_EXPLICIT_POLICY, "Require Explicit Policy: " },
+            { TOKEN_POLICY_MAPPINGS, "Policy Mappings " },
+            { TOKEN_MAPPINGS, "Mappings: " },
+            { TOKEN_MAP, "Map " },
+            { TOKEN_ISSUER_DOMAIN_POLICY, "Issuer Domain Policy: " },
+            { TOKEN_SUBJECT_DOMAIN_POLICY, "Subject Domain Policy: " },
+            { TOKEN_SUBJECT_DIR_ATTR, "Subject Directory Attributes " },
+            { TOKEN_ATTRIBUTES, "Attributes:" },
+            { TOKEN_ATTRIBUTE, "Attribute " },
+            { TOKEN_VALUES, "Values: " },
+            { TOKEN_NOT_SET, "not set" },
+            { TOKEN_NONE, "none" },
+            { TOKEN_CACHE_NOT_AVAILABLE, "CRL cache is not available. " },
+            { TOKEN_CACHE_IS_EMPTY, "CRL cache is empty. " },
         };
 
 }
diff --git a/pki/base/common/src/com/netscape/cmscore/cert/PubKeyPrettyPrint.java b/pki/base/common/src/com/netscape/cmscore/cert/PubKeyPrettyPrint.java
index 01e58fa1..ba5acdff 100644
--- a/pki/base/common/src/com/netscape/cmscore/cert/PubKeyPrettyPrint.java
+++ b/pki/base/common/src/com/netscape/cmscore/cert/PubKeyPrettyPrint.java
@@ -17,14 +17,11 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cmscore.cert;
 
-
 import java.security.PublicKey;
 
-
 /**
- * This class will display the certificate content in predefined
- * format.
- *
+ * This class will display the certificate content in predefined format.
+ * 
  * @author Jack Pan-Chen
  * @author Andrew Wnuk
  * @version $Revision$, $Date$
diff --git a/pki/base/common/src/com/netscape/cmscore/cert/X500NameSubsystem.java b/pki/base/common/src/com/netscape/cmscore/cert/X500NameSubsystem.java
index 539ec82b..acbdfea6 100644
--- a/pki/base/common/src/com/netscape/cmscore/cert/X500NameSubsystem.java
+++ b/pki/base/common/src/com/netscape/cmscore/cert/X500NameSubsystem.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cmscore.cert;
 
-
 import java.util.Enumeration;
 import java.util.Hashtable;
 import java.util.StringTokenizer;
@@ -35,13 +34,12 @@ import com.netscape.certsrv.base.ISubsystem;
 import com.netscape.certsrv.logging.ILogger;
 import com.netscape.cmscore.util.Debug;
 
-
 /**
- * Subsystem for configuring X500Name related things. 
- * It is used for the following. 
+ * Subsystem for configuring X500Name related things. It is used for the
+ * following.
  * <ul>
- * <li>Add X500Name (string to oid) maps for attributes that 
- *   are not supported by default.
+ * <li>Add X500Name (string to oid) maps for attributes that are not supported
+ * by default.
  * <li>Specify an order for encoding Directory Strings other than the default.
  * </ul>
  * 
@@ -51,11 +49,10 @@ import com.netscape.cmscore.util.Debug;
 public class X500NameSubsystem implements ISubsystem {
 
     private IConfigStore mConfig = null;
-    public  static final String ID = "X500Name";
+    public static final String ID = "X500Name";
     private String mId = ID;
 
-    private static final String 
-        PROP_DIR_STR_ENCODING_ORDER = "directoryStringEncodingOrder";
+    private static final String PROP_DIR_STR_ENCODING_ORDER = "directoryStringEncodingOrder";
 
     private static final String PROP_ATTR = "attr";
     private static final String PROP_OID = "oid";
@@ -82,57 +79,62 @@ public class X500NameSubsystem implements ISubsystem {
     public static X500NameSubsystem getInstance() {
         return mInstance;
     }
-	
+
     /**
-     * Initializes this subsystem with the given configuration store.
-     * All paramters are optional.  
+     * Initializes this subsystem with the given configuration store. All
+     * paramters are optional.
      * <ul>
-     * <li>Change encoding order of Directory Strings: 
+     * <li>Change encoding order of Directory Strings:
+     * 
      * <pre>
      * X500Name.directoryStringEncodingOrder=order seperated by commas
      * For example: Printable,BMPString,UniversalString.
      * </pre>
-     * Possible values are:  
+     * 
+     * Possible values are:
      * <ul>
      * <li>Printable
      * <li>IA5String
      * <li>UniversalString
      * <li>BMPString
-     * <li>UTF8String 
+     * <li>UTF8String
      * </ul>
      * <p>
-     * <li>Add X500Name attributes: 
+     * <li>Add X500Name attributes:
+     * 
      * <pre>
      * X500Name.attr.attribute-name.oid=n.n.n.n
-     * X500Name.attr.attribute-name.class=value converter class 
+     * X500Name.attr.attribute-name.class=value converter class
      * </pre>
      * 
-     * The value converter class converts a string to a ASN.1 value. 
-     * It must implement netscape.security.x509.AVAValueConverter interface. 
-     * Converter classes provided in CMS are: 
+     * The value converter class converts a string to a ASN.1 value. It must
+     * implement netscape.security.x509.AVAValueConverter interface. Converter
+     * classes provided in CMS are:
+     * 
      * <pre>
      *     netscape.security.x509.PrintableConverter - 
-     *			Converts to a Printable String value. String must have only 
-     *			printable characters. 
+     * 		Converts to a Printable String value. String must have only 
+     * 		printable characters. 
      *     netscape.security.x509.IA5StringConverter - 
-     *			Converts to a IA5String value. String must have only IA5String
-     *			characters. 
+     * 		Converts to a IA5String value. String must have only IA5String
+     * 		characters. 
      *     netscape.security.x509.DirStrConverter - 
-     *			Converts to a Directory (v3) String. String is expected to 
-     *			be in Directory String format according to rfc2253.
+     * 		Converts to a Directory (v3) String. String is expected to 
+     * 		be in Directory String format according to rfc2253.
      *     netscape.security.x509.GenericValueConverter - 
-     *			Converts string character by character in the following order
-     *			from smaller character sets to broadest character set.
-     *				Printable, IA5String, BMPString, Universal String.
+     * 		Converts string character by character in the following order
+     * 		from smaller character sets to broadest character set.
+     * 			Printable, IA5String, BMPString, Universal String.
      * </pre>
+     * 
      * </ul>
      * <P>
-     *
+     * 
      * @param owner owner of this subsystem
      * @param config configuration store
      */
     public synchronized void init(ISubsystem owner, IConfigStore config)
-        throws EBaseException {
+            throws EBaseException {
         mLogger = CMS.getLogger();
         if (Debug.ON) {
             Debug.trace(ID + " started");
@@ -142,16 +144,15 @@ public class X500NameSubsystem implements ISubsystem {
         // get order for encoding directory strings if any.
         setDirStrEncodingOrder();
 
-        // load x500 name maps 
+        // load x500 name maps
         loadX500NameAttrMaps();
     }
 
     /**
-     * Loads X500Name String to attribute maps. 
-     * Called from init.
+     * Loads X500Name String to attribute maps. Called from init.
      */
     private void loadX500NameAttrMaps()
-        throws EBaseException {
+            throws EBaseException {
         X500NameAttrMap globalMap = X500NameAttrMap.getDefault();
         IConfigStore attrSubStore = mConfig.getSubStore(PROP_ATTR);
         Enumeration attrNames = attrSubStore.getSubStoreNames();
@@ -180,14 +181,13 @@ public class X500NameSubsystem implements ISubsystem {
     }
 
     /**
-     * Set directory string encoding order. 
-     * Called from init().
+     * Set directory string encoding order. Called from init().
      */
-    private void setDirStrEncodingOrder() 
-        throws EBaseException {
+    private void setDirStrEncodingOrder()
+            throws EBaseException {
         String order = mConfig.getString(PROP_DIR_STR_ENCODING_ORDER, null);
 
-        if (order == null || order.length() == 0)  // nothing.
+        if (order == null || order.length() == 0) // nothing.
             return;
         StringTokenizer toker = new StringTokenizer(order, ", \t");
         int numTokens = toker.countTokens();
@@ -196,7 +196,7 @@ public class X500NameSubsystem implements ISubsystem {
             String msg = "must be a list of DER tag names seperated by commas.";
 
             log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CERT_DIR_STRING", PROP_DIR_STR_ENCODING_ORDER));
-            throw new EBaseException(CMS.getUserMessage("CMS_BASE_INVALID_ATTR_VALUE", 
+            throw new EBaseException(CMS.getUserMessage("CMS_BASE_INVALID_ATTR_VALUE",
                         PROP_DIR_STR_ENCODING_ORDER, msg));
         }
 
@@ -211,7 +211,7 @@ public class X500NameSubsystem implements ISubsystem {
                 String msg = "unknown DER tag '" + nextTag + "'.";
 
                 log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CERT_UNKNOWN_TAG", PROP_DIR_STR_ENCODING_ORDER, nextTag));
-                throw new EBaseException(CMS.getUserMessage("CMS_BASE_INVALID_ATTR_VALUE", 
+                throw new EBaseException(CMS.getUserMessage("CMS_BASE_INVALID_ATTR_VALUE",
                             PROP_DIR_STR_ENCODING_ORDER, msg));
             }
         }
@@ -230,27 +230,27 @@ public class X500NameSubsystem implements ISubsystem {
 
     static {
         mDerStr2TagHash.put(
-            PRINTABLESTRING, Byte.valueOf(DerValue.tag_PrintableString));
+                PRINTABLESTRING, Byte.valueOf(DerValue.tag_PrintableString));
         mDerStr2TagHash.put(
-            IA5STRING, Byte.valueOf(DerValue.tag_IA5String));
+                IA5STRING, Byte.valueOf(DerValue.tag_IA5String));
         mDerStr2TagHash.put(
-            VISIBLESTRING, Byte.valueOf(DerValue.tag_VisibleString));
+                VISIBLESTRING, Byte.valueOf(DerValue.tag_VisibleString));
         mDerStr2TagHash.put(
-            T61STRING, Byte.valueOf(DerValue.tag_T61String));
+                T61STRING, Byte.valueOf(DerValue.tag_T61String));
         mDerStr2TagHash.put(
-            BMPSTRING, Byte.valueOf(DerValue.tag_BMPString));
+                BMPSTRING, Byte.valueOf(DerValue.tag_BMPString));
         mDerStr2TagHash.put(
-            UNIVERSALSTRING, Byte.valueOf(DerValue.tag_UniversalString));
+                UNIVERSALSTRING, Byte.valueOf(DerValue.tag_UniversalString));
         mDerStr2TagHash.put(
-            UFT8STRING, Byte.valueOf(DerValue.tag_UTF8String));
+                UFT8STRING, Byte.valueOf(DerValue.tag_UTF8String));
     }
 
     private byte derStr2Tag(String s) {
-        if (s == null || s.length() == 0) 
+        if (s == null || s.length() == 0)
             throw new IllegalArgumentException();
         Byte tag = (Byte) mDerStr2TagHash.get(s);
 
-        if (tag == null) 
+        if (tag == null)
             throw new IllegalArgumentException();
         return tag.byteValue();
     }
@@ -265,9 +265,8 @@ public class X500NameSubsystem implements ISubsystem {
     }
 
     /*
-     * Returns the root configuration storage of this system.
-     * <P>
-     *
+     * Returns the root configuration storage of this system. <P>
+     * 
      * @return configuration store of this subsystem
      */
     public IConfigStore getConfigStore() {
@@ -278,7 +277,7 @@ public class X500NameSubsystem implements ISubsystem {
 
     protected void log(int level, String msg) {
         mLogger.log(ILogger.EV_SYSTEM,
-            ILogger.S_ADMIN, level, msg);
+                ILogger.S_ADMIN, level, msg);
     }
 
 }
diff --git a/pki/base/common/src/com/netscape/cmscore/connector/HttpConnFactory.java b/pki/base/common/src/com/netscape/cmscore/connector/HttpConnFactory.java
index 5a607ee9..925c65b3 100644
--- a/pki/base/common/src/com/netscape/cmscore/connector/HttpConnFactory.java
+++ b/pki/base/common/src/com/netscape/cmscore/connector/HttpConnFactory.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cmscore.connector;
 
-
 import com.netscape.certsrv.apps.CMS;
 import com.netscape.certsrv.authority.IAuthority;
 import com.netscape.certsrv.base.EBaseException;
@@ -28,7 +27,6 @@ import com.netscape.certsrv.logging.ILogger;
 import com.netscape.cmsutil.http.JssSSLSocketFactory;
 import com.netscape.cmsutil.net.ISocketFactory;
 
-
 /**
  * Factory for getting HTTP Connections to a HTTPO server
  */
@@ -38,14 +36,14 @@ public class HttpConnFactory {
 
     private ILogger mLogger = CMS.getLogger();
 
-    private int mNumConns = 0;      // number of available conns in array
-    private int mTotal = 0;		// total num conns 
+    private int mNumConns = 0; // number of available conns in array
+    private int mTotal = 0; // total num conns
     private IHttpConnection mMasterConn = null; // master connection object.
     private IHttpConnection mConns[];
     private IAuthority mSource = null;
     private IRemoteAuthority mDest = null;
     private String mNickname = "";
-    private int    mTimeout = 0;
+    private int mTimeout = 0;
 
     /**
      * default value for the above at init time.
@@ -53,20 +51,20 @@ public class HttpConnFactory {
     private boolean mDefErrorIfDown = false;
 
     /**
-     * Constructor for initializing from the config store.
-     * must be followed by init(IConfigStore)
+     * Constructor for initializing from the config store. must be followed by
+     * init(IConfigStore)
      */
     public HttpConnFactory() {
     }
 
     /**
      * Constructor for HttpConnFactory
+     * 
      * @param minConns minimum number of connections to have available
-     * @param maxConns max number of connections to have available. This is 
+     * @param maxConns max number of connections to have available. This is
      * @param serverInfo server connection info - host, port, etc.
      */
-    public HttpConnFactory(int minConns, int maxConns, IAuthority source, IRemoteAuthority dest, String nickname, int timeout
-    ) throws EBaseException {
+    public HttpConnFactory(int minConns, int maxConns, IAuthority source, IRemoteAuthority dest, String nickname, int timeout) throws EBaseException {
 
         CMS.debug("In HttpConnFactory constructor mTimeout " + timeout);
         mSource = source;
@@ -78,21 +76,21 @@ public class HttpConnFactory {
     }
 
     /**
-     * initialize parameters obtained from either constructor or 
-     * config store
+     * initialize parameters obtained from either constructor or config store
+     * 
      * @param minConns minimum number of connection handls to have available.
      * @param maxConns maximum total number of connections to ever have.
      * @param connInfo ldap connection info.
      * @param authInfo ldap authentication info.
-     * @exception ELdapException if any error occurs. 
+     * @exception ELdapException if any error occurs.
      */
-    private void init(int minConns, int maxConns 
-    ) 
-        throws EBaseException {
+    private void init(int minConns, int maxConns
+            )
+                    throws EBaseException {
 
         CMS.debug("min conns " + minConns + " maxConns " + maxConns);
         if (minConns <= 0 || maxConns <= 0 || minConns > maxConns) {
-            CMS.debug("bad values from CMS.cfg");   
+            CMS.debug("bad values from CMS.cfg");
 
         } else {
 
@@ -109,11 +107,11 @@ public class HttpConnFactory {
         CMS.debug("before makeConnection");
 
         CMS.debug(
-            "initializing HttpConnFactory with mininum " + mMinConns + " and maximum " + mMaxConns +
-            " connections to ");
+                "initializing HttpConnFactory with mininum " + mMinConns + " and maximum " + mMaxConns +
+                        " connections to ");
 
         // initalize minimum number of connection handles available.
-        //makeMinimum();
+        // makeMinimum();
 
         CMS.debug("leaving HttpConnFactory init.");
     }
@@ -126,21 +124,21 @@ public class HttpConnFactory {
 
         try {
             ISocketFactory tFactory = new JssSSLSocketFactory(mNickname);
-        
+
             if (mTimeout == 0) {
                 retConn = CMS.getHttpConnection(mDest, tFactory);
             } else {
                 retConn = CMS.getHttpConnection(mDest, tFactory, mTimeout);
             }
 
-        }  catch (Exception e) {
+        } catch (Exception e) {
 
             CMS.debug("can't make new Htpp Connection");
 
             throw new EBaseException(
-                    "Can't create new Http Connection"); 
+                    "Can't create new Http Connection");
         }
-       
+
         return retConn;
     }
 
@@ -160,7 +158,7 @@ public class HttpConnFactory {
                 return;
 
             CMS.debug(
-                "increasing minimum connections by " + increment);
+                    "increasing minimum connections by " + increment);
             for (int i = increment - 1; i >= 0; i--) {
                 mConns[i] = (IHttpConnection) createConnection();
             }
@@ -172,77 +170,71 @@ public class HttpConnFactory {
     }
 
     /**
-     * gets a conenction from this factory. 
-     * All connections obtained from the factory must be returned by 
-     * returnConn() method.
-     * The best thing to do is to put returnConn in a finally clause so it
-     * always gets called. For example, 
+     * gets a conenction from this factory. All connections obtained from the
+     * factory must be returned by returnConn() method. The best thing to do is
+     * to put returnConn in a finally clause so it always gets called. For
+     * example,
+     * 
      * <pre>
-     *	  IHttpConnection c = null;
-     *    try { 
-     *		c = factory.getConn();
-     * 		myclass.do_something_with_c(c);
-     *	  }
-     *    catch (EBaseException e) {
-     *		handle_error_here();
-     *	  }
-     *	  finally {
-     *		factory.returnConn(c);
-     *    }
+     * IHttpConnection c = null;
+     * try {
+     *     c = factory.getConn();
+     *     myclass.do_something_with_c(c);
+     * } catch (EBaseException e) {
+     *     handle_error_here();
+     * } finally {
+     *     factory.returnConn(c);
+     * }
      * </pre>
      */
-    public IHttpConnection getConn() 
-        throws EBaseException {
+    public IHttpConnection getConn()
+            throws EBaseException {
         return getConn(true);
     }
 
     /**
-     * Returns a Http connection - a clone of the master connection.
-     * All connections should be returned to the factory using returnConn()
-     * to recycle connection objects.
-     * If not returned the limited max number is affected but if that 
-     * number is large not much harm is done.
-     * Returns null if maximum number of connections reached.
-     * The best thing to do is to put returnConn in a finally clause so it
-     * always gets called. For example, 
+     * Returns a Http connection - a clone of the master connection. All
+     * connections should be returned to the factory using returnConn() to
+     * recycle connection objects. If not returned the limited max number is
+     * affected but if that number is large not much harm is done. Returns null
+     * if maximum number of connections reached. The best thing to do is to put
+     * returnConn in a finally clause so it always gets called. For example,
+     * 
      * <pre>
-     *	  IHttpConnnection c = null;
-     *    try { 
-     *		c = factory.getConn();
-     * 		myclass.do_something_with_c(c);
-     *	  }
-     *    catch (EBaseException e) {
-     *		handle_error_here();
-     *	  }
-     *	  finally {
-     *		factory.returnConn(c);
-     *    }
+     * IHttpConnnection c = null;
+     * try {
+     *     c = factory.getConn();
+     *     myclass.do_something_with_c(c);
+     * } catch (EBaseException e) {
+     *     handle_error_here();
+     * } finally {
+     *     factory.returnConn(c);
+     * }
      * </pre>
-     */ 
-    public synchronized IHttpConnection getConn(boolean waitForConn) 
-        throws EBaseException {
+     */
+    public synchronized IHttpConnection getConn(boolean waitForConn)
+            throws EBaseException {
         boolean waited = false;
 
         CMS.debug("In HttpConnFactory.getConn");
-        if (mNumConns == 0) 
+        if (mNumConns == 0)
             makeMinimum();
         if (mNumConns == 0) {
             if (!waitForConn)
                 return null;
             try {
                 CMS.debug("getConn: out of http connections");
-                log(ILogger.LL_WARN, 
-                    "Ran out of http connections available " 
-                );
+                log(ILogger.LL_WARN,
+                        "Ran out of http connections available ");
                 waited = true;
                 CMS.debug("HttpConn:about to wait for a new http connection");
-                while (mNumConns == 0) 
+                while (mNumConns == 0)
                     wait();
 
                 CMS.debug("HttpConn:done waiting for new http connection");
             } catch (InterruptedException e) {
             }
-        } 
+        }
         mNumConns--;
         IHttpConnection conn = mConns[mNumConns];
 
@@ -250,9 +242,8 @@ public class HttpConnFactory {
 
         if (waited) {
             CMS.debug("HttpConn:had to wait for an available connection from pool");
-            log(ILogger.LL_WARN, 
-                "Http connections are available again in http connection pool " 
-            );
+            log(ILogger.LL_WARN,
+                    "Http connections are available again in http connection pool ");
         }
         CMS.debug("HttpgetConn: mNumConns now " + mNumConns);
 
@@ -260,22 +251,20 @@ public class HttpConnFactory {
     }
 
     /**
-     * Teturn connection to the factory. 
-     * This is mandatory after a getConn().
+     * Teturn connection to the factory. This is mandatory after a getConn().
      * The best thing to do is to put returnConn in a finally clause so it
-     * always gets called. For example, 
+     * always gets called. For example,
+     * 
      * <pre>
-     *	  IHttpConnection c = null;
-     *    try { 
-     *		c = factory.getConn();
-     * 		myclass.do_something_with_c(c);
-     *	  }
-     *    catch (EBaseException e) {
-     *		handle_error_here();
-     *	  }
-     *	  finally {
-     *		factory.returnConn(c);
-     *    }
+     * IHttpConnection c = null;
+     * try {
+     *     c = factory.getConn();
+     *     myclass.do_something_with_c(c);
+     * } catch (EBaseException e) {
+     *     handle_error_here();
+     * } finally {
+     *     factory.returnConn(c);
+     * }
      * </pre>
      */
     public synchronized void returnConn(IHttpConnection conn) {
@@ -289,7 +278,7 @@ public class HttpConnFactory {
         for (int i = 0; i < mNumConns; i++) {
             if (mConns[i] == conn) {
                 CMS.debug(
-                    "returnConn: previously returned connection. " + conn);
+                        "returnConn: previously returned connection. " + conn);
 
             }
         }
@@ -303,11 +292,11 @@ public class HttpConnFactory {
      */
     private void log(int level, String msg) {
         mLogger.log(ILogger.EV_SYSTEM, ILogger.S_LDAP, level,
-            "In Http (bound) connection pool to" +
-            msg);
+                "In Http (bound) connection pool to" +
+                        msg);
     }
 
     protected void finalize()
-        throws Exception {
+            throws Exception {
     }
 }
diff --git a/pki/base/common/src/com/netscape/cmscore/connector/HttpConnection.java b/pki/base/common/src/com/netscape/cmscore/connector/HttpConnection.java
index e8b03542..cf0caf64 100644
--- a/pki/base/common/src/com/netscape/cmscore/connector/HttpConnection.java
+++ b/pki/base/common/src/com/netscape/cmscore/connector/HttpConnection.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cmscore.connector;
 
-
 import java.io.IOException;
 import java.util.StringTokenizer;
 
@@ -33,34 +32,32 @@ import com.netscape.cmsutil.http.HttpRequest;
 import com.netscape.cmsutil.http.HttpResponse;
 import com.netscape.cmsutil.net.ISocketFactory;
 
-
 public class HttpConnection implements IHttpConnection {
     protected IRemoteAuthority mDest = null;
     protected HttpRequest mHttpreq = new HttpRequest();
     protected IRequestEncoder mReqEncoder = null;
     protected HttpClient mHttpClient = null;
 
-    protected boolean Connect(String host, HttpClient client)
-    {
-               StringTokenizer st = new StringTokenizer(host, " ");
-               while (st.hasMoreTokens()) {
-                    String hp = st.nextToken(); // host:port
-                    StringTokenizer st1 = new StringTokenizer(hp, ":");
-                    try {
-                        String h = st1.nextToken();
-                        int p = Integer.parseInt(st1.nextToken());
-                        client.connect(h, p);
-                        return true;
-                    } catch (Exception e) {
-                        // may want to log the failure
-                    }
-                    try {
-                      Thread.sleep(5000); // 5 seconds
-                    } catch (Exception e) {
-                    }
-             
-               }
-               return false;
+    protected boolean Connect(String host, HttpClient client) {
+        StringTokenizer st = new StringTokenizer(host, " ");
+        while (st.hasMoreTokens()) {
+            String hp = st.nextToken(); // host:port
+            StringTokenizer st1 = new StringTokenizer(hp, ":");
+            try {
+                String h = st1.nextToken();
+                int p = Integer.parseInt(st1.nextToken());
+                client.connect(h, p);
+                return true;
+            } catch (Exception e) {
+                // may want to log the failure
+            }
+            try {
+                Thread.sleep(5000); // 5 seconds
+            } catch (Exception e) {
+            }
+
+        }
+        return false;
     }
 
     public HttpConnection(IRemoteAuthority dest, ISocketFactory factory) {
@@ -76,22 +73,22 @@ public class HttpConnection implements IHttpConnection {
             CMS.debug("HttpConnection: connecting to " + dest.getHost() + ":" + dest.getPort());
             String host = dest.getHost();
             // we could have a list of host names in the host parameters
-            // the format is, for example, 
+            // the format is, for example,
             // "directory.knowledge.com:1050 people.catalog.com 199.254.1.2"
             if (host != null && host.indexOf(' ') != -1) {
-               // try to do client-side failover
-               boolean connected = false;
-               do {
-                   connected = Connect(host, mHttpClient);
-               } while (!connected);
+                // try to do client-side failover
+                boolean connected = false;
+                do {
+                    connected = Connect(host, mHttpClient);
+                } while (!connected);
             } else {
-               mHttpClient.connect(host, dest.getPort());
+                mHttpClient.connect(host, dest.getPort());
             }
             CMS.debug("HttpConnection: connected to " + dest.getHost() + ":" + dest.getPort());
         } catch (IOException e) {
             // server's probably down. that's fine. try later.
-            //System.out.println(
-            //"Can't connect to server in connection creation");
+            // System.out.println(
+            // "Can't connect to server in connection creation");
         }
     }
 
@@ -110,19 +107,20 @@ public class HttpConnection implements IHttpConnection {
             CMS.debug("HttpConnection: connected to " + dest.getHost() + ":" + dest.getPort() + " timeout:" + timeout);
         } catch (IOException e) {
             // server's probably down. that's fine. try later.
-            //System.out.println(
-            //"Can't connect to server in connection creation");
+            // System.out.println(
+            // "Can't connect to server in connection creation");
             CMS.debug("CMSConn:IOException in creating HttpConnection " + e.toString());
         }
     }
 
     // Insert end
-    /** 
+    /**
      * sends a request to remote RA/CA, returning the result.
-     * @throws EBaseException if request could not be encoded 
+     * 
+     * @throws EBaseException if request could not be encoded
      */
-    public IPKIMessage send(IPKIMessage tomsg) 
-        throws EBaseException {
+    public IPKIMessage send(IPKIMessage tomsg)
+            throws EBaseException {
         IPKIMessage replymsg = null;
 
         CMS.debug("in HttpConnection.send " + this);
@@ -143,8 +141,8 @@ public class HttpConnection implements IHttpConnection {
         }
         boolean reconnect = false;
 
-        mHttpreq.setHeader("Content-Length", 
-            Integer.toString(content.length()));
+        mHttpreq.setHeader("Content-Length",
+                Integer.toString(content.length()));
         if (Debug.ON)
             Debug.trace("request encoded length " + content.length());
         mHttpreq.setContent(content);
@@ -220,8 +218,8 @@ public class HttpConnection implements IHttpConnection {
             }
         }
 
-        // decode reply. 
-        // if reply is bad, error is thrown and request will be resent 
+        // decode reply.
+        // if reply is bad, error is thrown and request will be resent
         String pcontent = p.getContent();
 
         if (Debug.ON) {
diff --git a/pki/base/common/src/com/netscape/cmscore/connector/HttpConnector.java b/pki/base/common/src/com/netscape/cmscore/connector/HttpConnector.java
index fefbe0f3..d7a73335 100644
--- a/pki/base/common/src/com/netscape/cmscore/connector/HttpConnector.java
+++ b/pki/base/common/src/com/netscape/cmscore/connector/HttpConnector.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cmscore.connector;
 
-
 import java.util.Vector;
 
 import com.netscape.certsrv.apps.CMS;
@@ -36,7 +35,6 @@ import com.netscape.certsrv.request.RequestStatus;
 import com.netscape.cmsutil.http.JssSSLSocketFactory;
 import com.netscape.cmsutil.net.ISocketFactory;
 
-
 public class HttpConnector implements IConnector {
     protected IAuthority mSource = null;
     protected IRemoteAuthority mDest = null;
@@ -45,13 +43,14 @@ public class HttpConnector implements IConnector {
     // XXX todo make this a pool.
     // XXX use CMMF in the future.
     protected IHttpConnection mConn = null;
-    private Thread mResendThread = null; 
+    private Thread mResendThread = null;
     private IResender mResender = null;
     private int mTimeout;
 
     private HttpConnFactory mConnFactory = null;
+
     public HttpConnector(IAuthority source, String nickName,
-        IRemoteAuthority dest, int resendInterval, IConfigStore config) throws EBaseException {
+            IRemoteAuthority dest, int resendInterval, IConfigStore config) throws EBaseException {
 
         mTimeout = 0;
         mSource = source;
@@ -70,22 +69,22 @@ public class HttpConnector implements IConnector {
             CMS.debug("can't create new HttpConnFactory " + e.toString());
         }
 
-        //        mConn = CMS.getHttpConnection(dest, mFactory);
-        // this will start resending past requests in parallel. 
-        mResender = CMS.getResender(mSource, nickName, dest, resendInterval); 
+        // mConn = CMS.getHttpConnection(dest, mFactory);
+        // this will start resending past requests in parallel.
+        mResender = CMS.getResender(mSource, nickName, dest, resendInterval);
         mResendThread = new Thread(mResender, "HttpConnector");
     }
-	
+
     // Inserted by beomsuk
     public HttpConnector(IAuthority source, String nickName,
-        IRemoteAuthority dest, int resendInterval, IConfigStore config, int timeout) throws EBaseException {
+            IRemoteAuthority dest, int resendInterval, IConfigStore config, int timeout) throws EBaseException {
         mSource = source;
         mDest = dest;
         mTimeout = timeout;
         mFactory = new JssSSLSocketFactory(nickName);
 
         int minConns = config.getInteger("minHttpConns", 1);
-        int maxConns = config.getInteger("maxHttpConns", 15); 
+        int maxConns = config.getInteger("maxHttpConns", 15);
 
         CMS.debug("HttpConn: min " + minConns);
         CMS.debug("HttpConn: max " + maxConns);
@@ -96,15 +95,15 @@ public class HttpConnector implements IConnector {
             CMS.debug("can't create new HttpConnFactory");
         }
 
-        // this will start resending past requests in parallel. 
-        mResender = CMS.getResender(mSource, nickName, dest, resendInterval); 
+        // this will start resending past requests in parallel.
+        mResender = CMS.getResender(mSource, nickName, dest, resendInterval);
         mResendThread = new Thread(mResender, "HttpConnector");
     }
 
     // Insert end
-    
-    public  boolean  send(IRequest r)
-        throws EBaseException {
+
+    public boolean send(IRequest r)
+            throws EBaseException {
         IHttpConnection curConn = null;
 
         try {
@@ -141,35 +140,35 @@ public class HttpConnector implements IConnector {
             CMS.debug("reply status " + replyStatus);
 
             // non terminal states.
-            // XXX hack: don't resend get revocation info requests since 
+            // XXX hack: don't resend get revocation info requests since
             // resent results are ignored.
             if ((!r.getRequestType().equals(
-                        IRequest.GETREVOCATIONINFO_REQUEST)) && 
-                (replyStatus == RequestStatus.BEGIN || 
-                    replyStatus == RequestStatus.PENDING ||
-                    replyStatus == RequestStatus.SVC_PENDING ||
+                        IRequest.GETREVOCATIONINFO_REQUEST)) &&
+                    (replyStatus == RequestStatus.BEGIN ||
+                            replyStatus == RequestStatus.PENDING ||
+                            replyStatus == RequestStatus.SVC_PENDING ||
                     replyStatus == RequestStatus.APPROVED)) {
                 CMS.debug("HttpConn:  remote request id still pending " +
-                    r.getRequestId() + " state " + replyStatus);
+                        r.getRequestId() + " state " + replyStatus);
                 mSource.log(ILogger.LL_INFO, CMS.getLogMessage("CMSCORE_CONNECTOR_REQUEST_NOT_COMPLETED", r.getRequestId().toString()));
                 mResender.addRequest(r);
                 return false;
             }
 
             // request was completed.
-            replymsg.toRequest(r);  // this only copies contents.
+            replymsg.toRequest(r); // this only copies contents.
 
             // terminal states other than completed
-            if (replyStatus == RequestStatus.REJECTED || 
-                replyStatus == RequestStatus.CANCELED) {
+            if (replyStatus == RequestStatus.REJECTED ||
+                    replyStatus == RequestStatus.CANCELED) {
                 CMS.debug(
-                    "remote request id " + r.getRequestId() +
-                    " was rejected or cancelled.");
+                        "remote request id " + r.getRequestId() +
+                                " was rejected or cancelled.");
                 r.setExtData(IRequest.REMOTE_STATUS, replyStatus.toString());
                 r.setExtData(IRequest.RESULT, IRequest.RES_ERROR);
                 r.setExtData(IRequest.ERROR,
-                    new EBaseException(CMS.getUserMessage("CMS_BASE_REMOTE_AUTHORITY_ERROR")));
-                // XXX overload svcerrors for now. 
+                        new EBaseException(CMS.getUserMessage("CMS_BASE_REMOTE_AUTHORITY_ERROR")));
+                // XXX overload svcerrors for now.
                 Vector policyErrors = r.getExtDataInStringVector(IRequest.ERRORS);
 
                 if (policyErrors != null && policyErrors.size() > 0) {
@@ -178,18 +177,18 @@ public class HttpConnector implements IConnector {
             }
 
             CMS.debug(
-                "remote request id " + r.getRequestId() + " was completed");
+                    "remote request id " + r.getRequestId() + " was completed");
             return true;
         } catch (EBaseException e) {
             CMS.debug("HttpConn: inside EBaseException " + e.toString());
-           
+
             if (!r.getRequestType().equals(IRequest.GETREVOCATIONINFO_REQUEST))
                 mResender.addRequest(r);
 
             CMS.debug("HttpConn:  error sending request to cert " + e.toString());
             mSource.log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_CONNECTOR_SEND_REQUEST", r.getRequestId().toString(), mDest.getHost(), Integer.toString(mDest.getPort())));
-            // mSource.log(ILogger.LL_INFO, 
-            //    "Queing " + r.getRequestId() + " for resend.");
+            // mSource.log(ILogger.LL_INFO,
+            // "Queing " + r.getRequestId() + " for resend.");
             return false;
         } finally {
 
diff --git a/pki/base/common/src/com/netscape/cmscore/connector/HttpPKIMessage.java b/pki/base/common/src/com/netscape/cmscore/connector/HttpPKIMessage.java
index e236655d..51e3ed8a 100644
--- a/pki/base/common/src/com/netscape/cmscore/connector/HttpPKIMessage.java
+++ b/pki/base/common/src/com/netscape/cmscore/connector/HttpPKIMessage.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cmscore.connector;
 
-
 import java.io.ByteArrayOutputStream;
 import java.io.IOException;
 import java.io.ObjectOutputStream;
@@ -32,9 +31,8 @@ import com.netscape.certsrv.connector.IHttpPKIMessage;
 import com.netscape.certsrv.request.IRequest;
 import com.netscape.cmscore.util.Debug;
 
-
 /**
- * simple name/value pair message. 
+ * simple name/value pair message.
  */
 public class HttpPKIMessage implements IHttpPKIMessage {
     /**
@@ -66,7 +64,7 @@ public class HttpPKIMessage implements IHttpPKIMessage {
      * copy contents of request to make a simple name/value message.
      */
     public void fromRequest(IRequest r) {
-        // actually don't need to copy source id since 
+        // actually don't need to copy source id since
         reqType = r.getRequestType();
         reqId = r.getRequestId().toString();
         reqStatus = r.getRequestStatus().toString();
@@ -96,7 +94,7 @@ public class HttpPKIMessage implements IHttpPKIMessage {
      * copy contents to request.
      */
     public void toRequest(IRequest r) {
-        // id, type and status 
+        // id, type and status
         // type had to have been set in instantiation.
         // id is checked but not reset.
         // request status cannot be set, but can be looked at.
@@ -118,16 +116,16 @@ public class HttpPKIMessage implements IHttpPKIMessage {
                     r.setExtData(key, (Hashtable) value);
                 } else {
                     CMS.debug("HttpPKIMessage.toRequest(): key: " + key +
-                    " has unexpected type " + value.getClass().toString());
+                            " has unexpected type " + value.getClass().toString());
                 }
             } catch (NoSuchElementException e) {
-              CMS.debug("Incorrect pairing of name/value for " + key);
+                CMS.debug("Incorrect pairing of name/value for " + key);
             }
         }
     }
 
     private void writeObject(java.io.ObjectOutputStream out)
-        throws IOException {
+            throws IOException {
         CMS.debug("writeObject");
         out.writeObject(reqType);
         if (Debug.ON)
@@ -145,34 +143,34 @@ public class HttpPKIMessage implements IHttpPKIMessage {
             Object val = null;
             key = enum1.nextElement();
             try {
-              val = enum1.nextElement();
-              // test if key and value are serializable
-              ObjectOutputStream os = 
-                new ObjectOutputStream(new ByteArrayOutputStream());
-              os.writeObject(key);
-              os.writeObject(val);
-
-              // ok, if we dont have problem serializing the objects,
-              // then write the objects into the real object stream
-              out.writeObject(key);
-              out.writeObject(val);
+                val = enum1.nextElement();
+                // test if key and value are serializable
+                ObjectOutputStream os =
+                        new ObjectOutputStream(new ByteArrayOutputStream());
+                os.writeObject(key);
+                os.writeObject(val);
+
+                // ok, if we dont have problem serializing the objects,
+                // then write the objects into the real object stream
+                out.writeObject(key);
+                out.writeObject(val);
             } catch (Exception e) {
-              // skip not serialiable attribute in DRM
-              // DRM does not need to store the enrollment request anymore
-              CMS.debug("HttpPKIMessage:skipped key=" + 
-                key.getClass().getName());
-              if (val == null) {
-                CMS.debug("HttpPKIMessage:skipped val= null");
-              } else {
-                CMS.debug("HttpPKIMessage:skipped val=" + 
-                  val.getClass().getName());
-              } 
+                // skip not serialiable attribute in DRM
+                // DRM does not need to store the enrollment request anymore
+                CMS.debug("HttpPKIMessage:skipped key=" +
+                        key.getClass().getName());
+                if (val == null) {
+                    CMS.debug("HttpPKIMessage:skipped val= null");
+                } else {
+                    CMS.debug("HttpPKIMessage:skipped val=" +
+                            val.getClass().getName());
+                }
             }
         }
     }
 
     private void readObject(java.io.ObjectInputStream in)
-        throws IOException, ClassNotFoundException, OptionalDataException {
+            throws IOException, ClassNotFoundException, OptionalDataException {
         reqType = (String) in.readObject();
         reqId = (String) in.readObject();
         reqStatus = (String) in.readObject();
@@ -185,21 +183,21 @@ public class HttpPKIMessage implements IHttpPKIMessage {
             while (true) {
                 boolean skipped = false;
                 try {
-                   keyorval = in.readObject();
+                    keyorval = in.readObject();
                 } catch (OptionalDataException e) {
-                   throw e;
+                    throw e;
                 } catch (IOException e) {
-                   // just skipped parameter
-                  CMS.debug("skipped attribute in request e="+e);
-                  if (!iskey) {
-                     int s = mNameVals.size();
-                     if (s > 0) {
-                       // remove previous key if this is value
-                       mNameVals.removeElementAt(s - 1);
-                       skipped = true;
-                       keyorval = "";
-                     }
-                  }
+                    // just skipped parameter
+                    CMS.debug("skipped attribute in request e=" + e);
+                    if (!iskey) {
+                        int s = mNameVals.size();
+                        if (s > 0) {
+                            // remove previous key if this is value
+                            mNameVals.removeElementAt(s - 1);
+                            skipped = true;
+                            keyorval = "";
+                        }
+                    }
                 }
                 if (iskey) {
                     if (Debug.ON)
@@ -213,9 +211,9 @@ public class HttpPKIMessage implements IHttpPKIMessage {
                 if (Debug.ON)
                     Debug.trace("read " + keyorval);
                 if (!skipped) {
-                  if (keyorval == null) 
-                    break;
-                  mNameVals.addElement(keyorval);
+                    if (keyorval == null)
+                        break;
+                    mNameVals.addElement(keyorval);
                 }
             }
         } catch (OptionalDataException e) {
diff --git a/pki/base/common/src/com/netscape/cmscore/connector/HttpRequestEncoder.java b/pki/base/common/src/com/netscape/cmscore/connector/HttpRequestEncoder.java
index 4a762dd8..29c3b8d0 100644
--- a/pki/base/common/src/com/netscape/cmscore/connector/HttpRequestEncoder.java
+++ b/pki/base/common/src/com/netscape/cmscore/connector/HttpRequestEncoder.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cmscore.connector;
 
-
 import java.io.ByteArrayInputStream;
 import java.io.ByteArrayOutputStream;
 import java.io.IOException;
@@ -28,13 +27,12 @@ import java.io.OptionalDataException;
 import com.netscape.certsrv.connector.IRequestEncoder;
 import com.netscape.cmscore.util.Debug;
 
-
 /**
- * encodes a request by serializing it. 
+ * encodes a request by serializing it.
  */
 public class HttpRequestEncoder implements IRequestEncoder {
     public String encode(Object r)
-        throws IOException {
+            throws IOException {
         String s = null;
         byte[] serial;
         ByteArrayOutputStream ba = new ByteArrayOutputStream();
@@ -47,7 +45,7 @@ public class HttpRequestEncoder implements IRequestEncoder {
     }
 
     public Object decode(String s)
-        throws IOException {
+            throws IOException {
         Object result = null;
         byte[] serial = null;
 
@@ -59,7 +57,7 @@ public class HttpRequestEncoder implements IRequestEncoder {
 
             result = is.readObject();
         } catch (ClassNotFoundException e) {
-            // XXX hack: change this 
+            // XXX hack: change this
             if (Debug.ON)
                 Debug.trace("class not found ex " + e + e.getMessage());
             throw new IOException("Class Not Found " + e.getMessage());
diff --git a/pki/base/common/src/com/netscape/cmscore/connector/LocalConnector.java b/pki/base/common/src/com/netscape/cmscore/connector/LocalConnector.java
index 9272cc93..79f77e1a 100644
--- a/pki/base/common/src/com/netscape/cmscore/connector/LocalConnector.java
+++ b/pki/base/common/src/com/netscape/cmscore/connector/LocalConnector.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cmscore.connector;
 
-
 import java.util.Hashtable;
 
 import com.netscape.certsrv.apps.CMS;
@@ -36,7 +35,6 @@ import com.netscape.certsrv.request.RequestId;
 import com.netscape.certsrv.request.RequestStatus;
 import com.netscape.cmscore.util.Debug;
 
-
 public class LocalConnector implements IConnector {
     ILogger mLogger = CMS.getLogger();
     ICertAuthority mSource = null;
@@ -46,45 +44,44 @@ public class LocalConnector implements IConnector {
     public LocalConnector(ICertAuthority source, IAuthority dest) {
         mSource = source;
         // mSource.log(ILogger.LL_DEBUG, "Local connector setup for source " +
-        //    mSource.getId());
+        // mSource.getId());
         mDest = dest;
         CMS.debug("Local connector setup for dest " +
-            mDest.getId());
+                mDest.getId());
         // register for events.
         mDest.registerRequestListener(new LocalConnListener());
         CMS.debug("Connector inited");
     }
 
     /**
-     * send request to local authority.
-     * returns resulting request
+     * send request to local authority. returns resulting request
      */
     public boolean send(IRequest r) throws EBaseException {
         if (Debug.ON) {
             Debug.print("send request type " + r.getRequestType() + " status=" + r.getRequestStatus() + " to " + mDest.getId() + " id=" + r.getRequestId() + "\n");
         }
         CMS.debug("send request type " + r.getRequestType() +
-            " to " + mDest.getId());
+                " to " + mDest.getId());
 
         IRequestQueue destQ = mDest.getRequestQueue();
         IRequest destreq = destQ.newRequest(r.getRequestType());
 
         CMS.debug("local connector dest req " +
-            destreq.getRequestId() + " created for source rId " + r.getRequestId());
-        //  mSource.log(ILogger.LL_DEBUG, 
-        //     "setting connector dest " + mDest.getId() +
-        //    " source id to " + r.getRequestId());
+                destreq.getRequestId() + " created for source rId " + r.getRequestId());
+        // mSource.log(ILogger.LL_DEBUG,
+        // "setting connector dest " + mDest.getId() +
+        // " source id to " + r.getRequestId());
 
-        // XXX set context to the real identity later. 
+        // XXX set context to the real identity later.
         destreq.setSourceId(
-            mSource.getX500Name().toString() + ":" + r.getRequestId().toString());
-        //destreq.copyContents(r);  // copy meta attributes in request.
+                mSource.getX500Name().toString() + ":" + r.getRequestId().toString());
+        // destreq.copyContents(r); // copy meta attributes in request.
         transferRequest(r, destreq);
         // XXX requestor type is not transferred on return.
         destreq.setExtData(IRequest.REQUESTOR_TYPE,
-            IRequest.REQUESTOR_RA);
+                IRequest.REQUESTOR_RA);
         CMS.debug("connector dest " + mDest.getId() +
-            " processing " + destreq.getRequestId());
+                " processing " + destreq.getRequestId());
 
         // set context before calling process request so
         // that request subsystem can record the creator
@@ -98,7 +95,7 @@ public class LocalConnector implements IConnector {
         }
 
         // Locally cache the source request so that we
-        // can update it when the dest request is 
+        // can update it when the dest request is
         // processed (when LocalConnListener is being called).
         mSourceReqs.put(r.getRequestId().toString(), r);
         try {
@@ -111,8 +108,8 @@ public class LocalConnector implements IConnector {
         }
 
         CMS.debug("connector dest " + mDest.getId() +
-            " processed " + destreq.getRequestId() +
-            " status " + destreq.getRequestStatus());
+                " processed " + destreq.getRequestId() +
+                " status " + destreq.getRequestStatus());
 
         if (destreq.getRequestStatus() == RequestStatus.COMPLETE) {
             // no need to transfer contents if request wasn't complete.
@@ -126,7 +123,7 @@ public class LocalConnector implements IConnector {
     public class LocalConnListener implements IRequestListener {
 
         public void init(ISubsystem sys, IConfigStore config)
-            throws EBaseException {
+                throws EBaseException {
         }
 
         public void set(String name, String val) {
@@ -136,36 +133,37 @@ public class LocalConnector implements IConnector {
             if (Debug.ON) {
                 Debug.print("dest " + mDest.getId() + " done with " + destreq.getRequestId());
             }
-            CMS.debug( 
-                "dest " + mDest.getId() + " done with " + destreq.getRequestId());
+            CMS.debug(
+                    "dest " + mDest.getId() + " done with " + destreq.getRequestId());
 
             IRequestQueue sourceQ = mSource.getRequestQueue();
-            // accept requests that only belong to us. 
+            // accept requests that only belong to us.
             // XXX review death scenarios here. - If system dies anywhere
-            // here need to check all requests at next server startup. 
+            // here need to check all requests at next server startup.
             String sourceNameAndId = destreq.getSourceId();
             String sourceName = mSource.getX500Name().toString();
 
-            if (sourceNameAndId == null || 
-                !sourceNameAndId.toString().regionMatches(0, 
-                    sourceName, 0, sourceName.length())) {
+            if (sourceNameAndId == null ||
+                    !sourceNameAndId.toString().regionMatches(0,
+                            sourceName, 0, sourceName.length())) {
                 CMS.debug("request " + destreq.getRequestId() +
-                    " from " + sourceNameAndId + " not ours.");
+                        " from " + sourceNameAndId + " not ours.");
                 return;
             }
             int index = sourceNameAndId.lastIndexOf(':');
 
             if (index == -1) {
-                mSource.log(ILogger.LL_FAILURE, 
-                    "request " + destreq.getRequestId() +
-                    " for " + sourceNameAndId + " malformed.");
+                mSource.log(ILogger.LL_FAILURE,
+                        "request " + destreq.getRequestId() +
+                                " for " + sourceNameAndId + " malformed.");
                 return;
             }
             String sourceId = sourceNameAndId.substring(index + 1);
             RequestId rId = new RequestId(sourceId);
 
-            //    mSource.log(ILogger.LL_DEBUG, mDest.getId() + " " +
-            //       destreq.getRequestId() + " mapped to " + mSource.getId() + " " + rId);
+            // mSource.log(ILogger.LL_DEBUG, mDest.getId() + " " +
+            // destreq.getRequestId() + " mapped to " + mSource.getId() + " " +
+            // rId);
 
             IRequest r = null;
 
@@ -174,7 +172,7 @@ public class LocalConnector implements IConnector {
             // performance enhancement, approved request will
             // not be immediately available in the database. So
             // retrieving the request from the queue within
-            // the serviceRequest() function will have 
+            // the serviceRequest() function will have
             // diffculities.
             // You may wonder what happen if the system crashes
             // during the request servicing. Yes, the request
@@ -182,14 +180,14 @@ public class LocalConnector implements IConnector {
             // resubmit their requests again.
             // Note that the pending requests, on the other hand,
             // are persistent before the servicing.
-            // Please see stateEngine() function in 
+            // Please see stateEngine() function in
             // ARequestQueue.java for details.
             r = (IRequest) mSourceReqs.get(rId);
             if (r != null) {
                 if (r.getRequestStatus() != RequestStatus.SVC_PENDING) {
-                    mSource.log(ILogger.LL_FAILURE, 
-                        "request state of " + rId + "not pending " +
-                        " from dest authority " + mDest.getId());
+                    mSource.log(ILogger.LL_FAILURE,
+                            "request state of " + rId + "not pending " +
+                                    " from dest authority " + mDest.getId());
                     sourceQ.releaseRequest(r);
                     return;
                 }
@@ -209,4 +207,3 @@ public class LocalConnector implements IConnector {
         RequestTransfer.transfer(src, dest);
     }
 }
-
diff --git a/pki/base/common/src/com/netscape/cmscore/connector/RemoteAuthority.java b/pki/base/common/src/com/netscape/cmscore/connector/RemoteAuthority.java
index ddd02f82..48e722cf 100644
--- a/pki/base/common/src/com/netscape/cmscore/connector/RemoteAuthority.java
+++ b/pki/base/common/src/com/netscape/cmscore/connector/RemoteAuthority.java
@@ -17,23 +17,19 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cmscore.connector;
 
-
 import com.netscape.certsrv.base.EBaseException;
 import com.netscape.certsrv.base.IConfigStore;
 import com.netscape.certsrv.connector.IRemoteAuthority;
 
-
 public class RemoteAuthority implements IRemoteAuthority {
     String mHost = null;
     int mPort = -1;
     String mURI = null;
     int mTimeout = 0;
-    
+
     /**
-     * host parameter can be:
-     *    "directory.knowledge.com"
-     *    "199.254.1.2"
-     *    "directory.knowledge.com:1050 people.catalog.com 199.254.1.2"
+     * host parameter can be: "directory.knowledge.com" "199.254.1.2"
+     * "directory.knowledge.com:1050 people.catalog.com 199.254.1.2"
      */
     public RemoteAuthority(String host, int port, String uri, int timeout) {
         mHost = host;
@@ -46,7 +42,7 @@ public class RemoteAuthority implements IRemoteAuthority {
     }
 
     public void init(IConfigStore c)
-        throws EBaseException {
+            throws EBaseException {
         mHost = c.getString("host");
         mPort = c.getInteger("port");
         mURI = c.getString("uri");
diff --git a/pki/base/common/src/com/netscape/cmscore/connector/RequestTransfer.java b/pki/base/common/src/com/netscape/cmscore/connector/RequestTransfer.java
index b0095020..c00d5c8b 100644
--- a/pki/base/common/src/com/netscape/cmscore/connector/RequestTransfer.java
+++ b/pki/base/common/src/com/netscape/cmscore/connector/RequestTransfer.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cmscore.connector;
 
-
 import java.util.Enumeration;
 import java.util.Vector;
 
@@ -25,27 +24,26 @@ import com.netscape.certsrv.apps.CMS;
 import com.netscape.certsrv.request.IRequest;
 import com.netscape.cmscore.authentication.ChallengePhraseAuthentication;
 
-
 public class RequestTransfer {
 
     private static final String DOT = ".";
 
-    private static String[] transferAttributes = { 
+    private static String[] transferAttributes = {
             IRequest.HTTP_PARAMS,
-            IRequest.AGENT_PARAMS, 
-            IRequest.CERT_INFO, 
-            IRequest.ISSUED_CERTS, 
-            IRequest.OLD_CERTS, 
-            IRequest.OLD_SERIALS, 
-            IRequest.REVOKED_CERTS, 
-            IRequest.CACERTCHAIN, 
-            IRequest.CRL, 
-            IRequest.ERRORS, 
+            IRequest.AGENT_PARAMS,
+            IRequest.CERT_INFO,
+            IRequest.ISSUED_CERTS,
+            IRequest.OLD_CERTS,
+            IRequest.OLD_SERIALS,
+            IRequest.REVOKED_CERTS,
+            IRequest.CACERTCHAIN,
+            IRequest.CRL,
+            IRequest.ERRORS,
             IRequest.RESULT,
             IRequest.ERROR,
-            IRequest.SVCERRORS, 
-            IRequest.REMOTE_STATUS, 
-            IRequest.REMOTE_REQID, 
+            IRequest.SVCERRORS,
+            IRequest.REMOTE_STATUS,
+            IRequest.REMOTE_REQID,
             IRequest.REVOKED_CERT_RECORDS,
             IRequest.CERT_STATUS,
             ChallengePhraseAuthentication.CHALLENGE_PHRASE,
@@ -53,11 +51,11 @@ public class RequestTransfer {
             ChallengePhraseAuthentication.SERIALNUMBER,
             ChallengePhraseAuthentication.SERIALNOARRAY,
             IRequest.ISSUERDN,
-            IRequest.CERT_FILTER, 
+            IRequest.CERT_FILTER,
             "keyRecord",
             "uid", // UidPwdDirAuthentication.CRED_UID,
             "udn", // UdnPwdDirAuthentication.CRED_UDN,
-        }; 
+    };
 
     public static boolean isProfileRequest(IRequest request) {
         String profileId = request.getExtDataInString("profileId");
@@ -71,8 +69,8 @@ public class RequestTransfer {
     public static String[] getTransferAttributes(IRequest r) {
         if (isProfileRequest(r)) {
             // copy everything in the request
-            CMS.debug("RequestTransfer: profile request " + 
-                r.getRequestId().toString());
+            CMS.debug("RequestTransfer: profile request " +
+                    r.getRequestId().toString());
             Enumeration e = r.getExtDataKeys();
             Vector v = new Vector();
 
@@ -108,8 +106,8 @@ public class RequestTransfer {
 
     public static void transfer(IRequest src, IRequest dest) {
         CMS.debug("Transfer srcId=" +
-            src.getRequestId().toString() + 
-            " destId=" + dest.getRequestId().toString());
+                src.getRequestId().toString() +
+                " destId=" + dest.getRequestId().toString());
         String attrs[] = getTransferAttributes(src);
 
         for (int i = 0; i < attrs.length; i++) {
diff --git a/pki/base/common/src/com/netscape/cmscore/connector/Resender.java b/pki/base/common/src/com/netscape/cmscore/connector/Resender.java
index ad89a34a..ba5906e8 100644
--- a/pki/base/common/src/com/netscape/cmscore/connector/Resender.java
+++ b/pki/base/common/src/com/netscape/cmscore/connector/Resender.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cmscore.connector;
 
-
 import java.io.IOException;
 import java.util.Enumeration;
 import java.util.Vector;
@@ -36,16 +35,15 @@ import com.netscape.certsrv.request.RequestStatus;
 import com.netscape.cmscore.util.Debug;
 import com.netscape.cmsutil.http.JssSSLSocketFactory;
 
-
 /**
- * Resend requests at intervals to the server to check if it's been completed. 
+ * Resend requests at intervals to the server to check if it's been completed.
  * Default interval is 5 minutes.
  */
 public class Resender implements IResender {
-    public static final int SECOND = 1000; //milliseconds
-    public static final int MINUTE = 60 * SECOND;	
-    public static final int HOUR = 60 * MINUTE;	
-    public static final int DAY = 24 * HOUR;	
+    public static final int SECOND = 1000; // milliseconds
+    public static final int MINUTE = 60 * SECOND;
+    public static final int HOUR = 60 * MINUTE;
+    public static final int DAY = 24 * HOUR;
 
     protected IAuthority mAuthority = null;
     IRequestQueue mQueue = null;
@@ -61,44 +59,44 @@ public class Resender implements IResender {
     // default interval.
     // XXX todo add another interval for requests unsent because server
     // was down (versus being serviced in request queue)
-    protected int mInterval = 1 * MINUTE;	
+    protected int mInterval = 1 * MINUTE;
 
     public Resender(IAuthority authority, String nickName, IRemoteAuthority dest) {
         mAuthority = authority;
         mQueue = mAuthority.getRequestQueue();
         mDest = dest;
         mNickName = nickName;
-        
-        //mConn = new HttpConnection(dest, 
-         //           new JssSSLSocketFactory(nickName));
+
+        // mConn = new HttpConnection(dest,
+        // new JssSSLSocketFactory(nickName));
     }
 
     public Resender(
-        IAuthority authority, String nickName, 
-        IRemoteAuthority dest, int interval) {
+            IAuthority authority, String nickName,
+            IRemoteAuthority dest, int interval) {
         mAuthority = authority;
         mQueue = mAuthority.getRequestQueue();
         mDest = dest;
         if (interval > 0)
             mInterval = interval * SECOND; // interval specified in seconds.
 
-        //mConn = new HttpConnection(dest, 
-         //           new JssSSLSocketFactory(nickName));
+        // mConn = new HttpConnection(dest,
+        // new JssSSLSocketFactory(nickName));
     }
 
     // must be done after a subsystem 'start' so queue is initialized.
     private void initRequests() {
         mQueue = mAuthority.getRequestQueue();
         // get all requests in mAuthority that are still pending.
-        IRequestList list = 
-            mQueue.listRequestsByStatus(RequestStatus.SVC_PENDING);
+        IRequestList list =
+                mQueue.listRequestsByStatus(RequestStatus.SVC_PENDING);
 
         while (list != null && list.hasMoreElements()) {
             RequestId rid = list.nextRequestId();
 
             CMS.debug(
-                "added request Id " + rid + " in init to resend queue.");
-            // note these are added as strings 
+                    "added request Id " + rid + " in init to resend queue.");
+            // note these are added as strings
             mRequestIds.addElement(rid.toString());
         }
     }
@@ -109,13 +107,13 @@ public class Resender implements IResender {
             mRequestIds.addElement(r.getRequestId().toString());
         }
         CMS.debug(
-            "added " + r.getRequestId() + " to resend queue");
+                "added " + r.getRequestId() + " to resend queue");
     }
 
     public void run() {
 
-         CMS.debug("Resender: In resender Thread run:");
-         mConn = new HttpConnection(mDest,
+        CMS.debug("Resender: In resender Thread run:");
+        mConn = new HttpConnection(mDest,
                     new JssSSLSocketFactory(mNickName));
         initRequests();
 
@@ -127,8 +125,7 @@ public class Resender implements IResender {
                 mAuthority.log(ILogger.LL_INFO, CMS.getLogMessage("CMSCORE_CONNECTOR_RESENDER_INTERRUPTED"));
                 continue;
             }
-        }
-        while (true);
+        } while (true);
     }
 
     private void resend() {
@@ -141,17 +138,17 @@ public class Resender implements IResender {
 
         while (enum1.hasMoreElements()) {
             // request ids are added as strings.
-            String ridString = (String) enum1.nextElement(); 
+            String ridString = (String) enum1.nextElement();
             RequestId rid = new RequestId(ridString);
             IRequest r = null;
 
             CMS.debug(
-                "resend processing request id " + rid);
+                    "resend processing request id " + rid);
 
             try {
                 r = mQueue.findRequest(rid);
             } catch (EBaseException e) {
-                // XXX bad case. should we remove the rid now ? 
+                // XXX bad case. should we remove the rid now ?
                 mAuthority.log(ILogger.LL_WARN, CMS.getLogMessage("CMSCORE_CONNECTOR_REQUEST_NOT_FOUND", rid.toString()));
                 continue;
             }
@@ -160,7 +157,7 @@ public class Resender implements IResender {
                     // request not pending anymore - aborted or cancelled.
                     completedRids.addElement(rid);
                     CMS.debug(
-                        "request id " + rid + " no longer service pending");
+                            "request id " + rid + " no longer service pending");
                 } else {
                     boolean completed = send(r);
 
@@ -175,8 +172,7 @@ public class Resender implements IResender {
                 // if connection is down, don't send the remaining request
                 // as it will sure fail.
                 mAuthority.log(ILogger.LL_WARN, CMS.getLogMessage("CMSCORE_CONNECTOR_DOWN"));
-                if (e.toString().indexOf("connection not available")
-                    >= 0)
+                if (e.toString().indexOf("connection not available") >= 0)
                     break;
             }
         }
@@ -189,44 +185,44 @@ public class Resender implements IResender {
                 RequestId id = (RequestId) en.nextElement();
 
                 CMS.debug(
-                    "Connector: Removed request " + id + " from re-send queue");
+                        "Connector: Removed request " + id + " from re-send queue");
                 mRequestIds.removeElement(id.toString());
                 CMS.debug(
-                    "Connector: mRequestIds now has " +
-                    mRequestIds.size() + " elements.");
+                        "Connector: mRequestIds now has " +
+                                mRequestIds.size() + " elements.");
             }
         }
     }
 
     // this is almost the same as connector's send.
     private boolean send(IRequest r)
-        throws IOException, EBaseException {
+            throws IOException, EBaseException {
         IRequest reply = null;
-		
+
         try {
             HttpPKIMessage tomsg = new HttpPKIMessage();
             HttpPKIMessage replymsg = null;
 
             tomsg.fromRequest(r);
             replymsg = (HttpPKIMessage) mConn.send(tomsg);
-            if(replymsg==null)
+            if (replymsg == null)
                 return false;
             CMS.debug(
-                r.getRequestId() + " resent to CA");
-			
-            RequestStatus replyStatus = 
-                RequestStatus.fromString(replymsg.reqStatus);
+                    r.getRequestId() + " resent to CA");
+
+            RequestStatus replyStatus =
+                    RequestStatus.fromString(replymsg.reqStatus);
             int index = replymsg.reqId.lastIndexOf(':');
-            RequestId replyRequestId = 
-                new RequestId(replymsg.reqId.substring(index + 1));
+            RequestId replyRequestId =
+                    new RequestId(replymsg.reqId.substring(index + 1));
 
             if (Debug.ON)
                 Debug.trace("reply request id " + replyRequestId +
-                    " for request " + r.getRequestId());
+                        " for request " + r.getRequestId());
 
             if (replyStatus != RequestStatus.COMPLETE) {
                 CMS.debug("resend " +
-                    r.getRequestId() + " still not completed.");
+                        r.getRequestId() + " still not completed.");
                 return false;
             }
 
@@ -237,7 +233,7 @@ public class Resender implements IResender {
             mQueue.markAsServiced(r);
             mQueue.releaseRequest(r);
             CMS.debug(
-                "resend released request " + r.getRequestId());
+                    "resend released request " + r.getRequestId());
             return true;
         } catch (EBaseException e) {
             // same as not having sent it, so still want to resend.
@@ -248,6 +244,5 @@ public class Resender implements IResender {
         return false;
 
     }
-	
-}
 
+}
diff --git a/pki/base/common/src/com/netscape/cmscore/crmf/CRMFParser.java b/pki/base/common/src/com/netscape/cmscore/crmf/CRMFParser.java
index e2bee6d1..ec553393 100644
--- a/pki/base/common/src/com/netscape/cmscore/crmf/CRMFParser.java
+++ b/pki/base/common/src/com/netscape/cmscore/crmf/CRMFParser.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cmscore.crmf;
 
-
 import java.io.ByteArrayInputStream;
 import java.io.IOException;
 import java.util.Vector;
@@ -34,39 +33,38 @@ import org.mozilla.jss.pkix.primitive.AVA;
 
 import com.netscape.certsrv.apps.CMS;
 
-
 public class CRMFParser {
 
     private static final OBJECT_IDENTIFIER PKIARCHIVEOPTIONS_OID =
-        new OBJECT_IDENTIFIER(new long[] {1, 3, 6, 1, 5, 5, 7, 5, 1, 4}
-        );
+            new OBJECT_IDENTIFIER(new long[] { 1, 3, 6, 1, 5, 5, 7, 5, 1, 4 }
+            );
 
     /**
      * Retrieves PKIArchiveOptions from CRMF request.
-     *
+     * 
      * @param request CRMF request
      * @return PKIArchiveOptions
      * @exception failed to extrace option
      */
-    public static PKIArchiveOptionsContainer[] 
-    getPKIArchiveOptions(String crmfBlob) throws IOException {
+    public static PKIArchiveOptionsContainer[]
+            getPKIArchiveOptions(String crmfBlob) throws IOException {
         Vector options = new Vector();
 
         byte[] crmfBerBlob = null;
 
-        crmfBerBlob = CMS.AtoB(crmfBlob); 
+        crmfBerBlob = CMS.AtoB(crmfBlob);
         if (crmfBerBlob == null)
             throw new IOException("no CRMF data found");
 
-        ByteArrayInputStream crmfBerBlobIn = new 	
-            ByteArrayInputStream(crmfBerBlob);
+        ByteArrayInputStream crmfBerBlobIn = new
+                ByteArrayInputStream(crmfBerBlob);
         SEQUENCE crmfmsgs = null;
 
         try {
-            crmfmsgs = (SEQUENCE) new 
-                    SEQUENCE.OF_Template(new 
-                        CertReqMsg.Template()).decode(
-                        crmfBerBlobIn);
+            crmfmsgs = (SEQUENCE) new
+                    SEQUENCE.OF_Template(new
+                            CertReqMsg.Template()).decode(
+                            crmfBerBlobIn);
         } catch (IOException e) {
             throw new IOException("[crmf msgs]" + e.toString());
         } catch (InvalidBERException e) {
@@ -75,9 +73,9 @@ public class CRMFParser {
 
         for (int z = 0; z < crmfmsgs.size(); z++) {
             CertReqMsg certReqMsg = (CertReqMsg)
-                crmfmsgs.elementAt(z);
-            CertRequest certReq = certReqMsg.getCertReq();	
-			
+                    crmfmsgs.elementAt(z);
+            CertRequest certReq = certReqMsg.getCertReq();
+
             // try to locate PKIArchiveOption control
             AVA archAva = null;
 
@@ -114,10 +112,10 @@ public class CRMFParser {
         if (options.size() == 0) {
             throw new IOException("no PKIArchiveOptions found");
         } else {
-            PKIArchiveOptionsContainer p[] = new PKIArchiveOptionsContainer[options.size()];	
+            PKIArchiveOptionsContainer p[] = new PKIArchiveOptionsContainer[options.size()];
 
             options.copyInto(p);
-            //  options.clear();
+            // options.clear();
             return p;
         }
     }
diff --git a/pki/base/common/src/com/netscape/cmscore/crmf/PKIArchiveOptionsContainer.java b/pki/base/common/src/com/netscape/cmscore/crmf/PKIArchiveOptionsContainer.java
index d7899da3..4c5478da 100644
--- a/pki/base/common/src/com/netscape/cmscore/crmf/PKIArchiveOptionsContainer.java
+++ b/pki/base/common/src/com/netscape/cmscore/crmf/PKIArchiveOptionsContainer.java
@@ -17,10 +17,8 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cmscore.crmf;
 
-
 import org.mozilla.jss.pkix.crmf.PKIArchiveOptions;
 
-
 public class PKIArchiveOptionsContainer {
 
     public PKIArchiveOptions mAO = null;
diff --git a/pki/base/common/src/com/netscape/cmscore/dbs/BigIntegerMapper.java b/pki/base/common/src/com/netscape/cmscore/dbs/BigIntegerMapper.java
index 7cd563f9..4e8d0dcf 100644
--- a/pki/base/common/src/com/netscape/cmscore/dbs/BigIntegerMapper.java
+++ b/pki/base/common/src/com/netscape/cmscore/dbs/BigIntegerMapper.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cmscore.dbs;
 
-
 import java.math.BigInteger;
 import java.util.Enumeration;
 import java.util.Vector;
@@ -29,14 +28,12 @@ import com.netscape.certsrv.base.EBaseException;
 import com.netscape.certsrv.dbs.IDBAttrMapper;
 import com.netscape.certsrv.dbs.IDBObj;
 
-
 /**
- * A class represents ann attribute mapper that maps
- * a Java BigInteger object into LDAP attribute,
- * and vice versa.
- *
+ * A class represents ann attribute mapper that maps a Java BigInteger object
+ * into LDAP attribute, and vice versa.
+ * 
  * @author thomask
- * @version $Revision$, $Date$ 
+ * @version $Revision$, $Date$
  */
 public class BigIntegerMapper implements IDBAttrMapper {
 
@@ -61,19 +58,18 @@ public class BigIntegerMapper implements IDBAttrMapper {
     /**
      * Maps object into ldap attribute set.
      */
-    public void mapObjectToLDAPAttributeSet(IDBObj parent, 
-        String name, Object obj, LDAPAttributeSet attrs) 
-        throws EBaseException {
-        attrs.add(new LDAPAttribute(mLdapName, 
+    public void mapObjectToLDAPAttributeSet(IDBObj parent,
+            String name, Object obj, LDAPAttributeSet attrs)
+            throws EBaseException {
+        attrs.add(new LDAPAttribute(mLdapName,
                 BigIntegerToDB((BigInteger) obj)));
     }
 
     /**
-     * Maps LDAP attributes into object, and put the object
-     * into 'parent'.
+     * Maps LDAP attributes into object, and put the object into 'parent'.
      */
-    public void mapLDAPAttributeSetToObject(LDAPAttributeSet attrs, 
-        String name, IDBObj parent) throws EBaseException {
+    public void mapLDAPAttributeSetToObject(LDAPAttributeSet attrs,
+            String name, IDBObj parent) throws EBaseException {
         LDAPAttribute attr = attrs.getAttribute(mLdapName);
 
         if (attr == null)
@@ -85,8 +81,8 @@ public class BigIntegerMapper implements IDBAttrMapper {
     /**
      * Maps search filters into LDAP search filter.
      */
-    public String mapSearchFilter(String name, String op, 
-        String value) throws EBaseException {
+    public String mapSearchFilter(String name, String op,
+            String value) throws EBaseException {
         String v = null;
 
         try {
diff --git a/pki/base/common/src/com/netscape/cmscore/dbs/ByteArrayMapper.java b/pki/base/common/src/com/netscape/cmscore/dbs/ByteArrayMapper.java
index b8e5b73d..f57eba26 100644
--- a/pki/base/common/src/com/netscape/cmscore/dbs/ByteArrayMapper.java
+++ b/pki/base/common/src/com/netscape/cmscore/dbs/ByteArrayMapper.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cmscore.dbs;
 
-
 import java.util.Enumeration;
 import java.util.Vector;
 
@@ -29,14 +28,12 @@ import com.netscape.certsrv.base.EBaseException;
 import com.netscape.certsrv.dbs.IDBAttrMapper;
 import com.netscape.certsrv.dbs.IDBObj;
 
-
 /**
- * A class represents ann attribute mapper that maps
- * a Java byte array object into LDAP attribute,
- * and vice versa.
- *
+ * A class represents ann attribute mapper that maps a Java byte array object
+ * into LDAP attribute, and vice versa.
+ * 
  * @author thomask
- * @version $Revision$, $Date$ 
+ * @version $Revision$, $Date$
  */
 public class ByteArrayMapper implements IDBAttrMapper {
 
@@ -61,26 +58,25 @@ public class ByteArrayMapper implements IDBAttrMapper {
     /**
      * Maps object to ldap attribute set.
      */
-    public void mapObjectToLDAPAttributeSet(IDBObj parent, 
-        String name, Object obj, LDAPAttributeSet attrs) 
-        throws EBaseException {
+    public void mapObjectToLDAPAttributeSet(IDBObj parent,
+            String name, Object obj, LDAPAttributeSet attrs)
+            throws EBaseException {
         byte data[] = (byte[]) obj;
         if (data == null) {
             CMS.debug("ByteArrayMapper:mapObjectToLDAPAttributeSet " + name +
-		" size=0");
+                    " size=0");
         } else {
             CMS.debug("ByteArrayMapper:mapObjectToLDAPAttributeSet " + name +
-		" size=" + data.length);
+                    " size=" + data.length);
         }
         attrs.add(new LDAPAttribute(mLdapName, data));
     }
 
     /**
-     * Maps LDAP attributes into object, and put the object
-     * into 'parent'.
+     * Maps LDAP attributes into object, and put the object into 'parent'.
      */
-    public void mapLDAPAttributeSetToObject(LDAPAttributeSet attrs, 
-        String name, IDBObj parent) throws EBaseException {
+    public void mapLDAPAttributeSetToObject(LDAPAttributeSet attrs,
+            String name, IDBObj parent) throws EBaseException {
         LDAPAttribute attr = attrs.getAttribute(mLdapName);
 
         if (attr == null)
@@ -91,8 +87,8 @@ public class ByteArrayMapper implements IDBAttrMapper {
     /**
      * Maps search filters into LDAP search filter.
      */
-    public String mapSearchFilter(String name, String op, 
-        String value) throws EBaseException {
+    public String mapSearchFilter(String name, String op,
+            String value) throws EBaseException {
         return mLdapName + op + value;
     }
 }
diff --git a/pki/base/common/src/com/netscape/cmscore/dbs/CRLDBSchema.java b/pki/base/common/src/com/netscape/cmscore/dbs/CRLDBSchema.java
index 58342a55..a47553fb 100644
--- a/pki/base/common/src/com/netscape/cmscore/dbs/CRLDBSchema.java
+++ b/pki/base/common/src/com/netscape/cmscore/dbs/CRLDBSchema.java
@@ -17,14 +17,10 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cmscore.dbs;
 
-
-
-
 /**
- * A class represents a collection of schema information
- * for CRL.
+ * A class represents a collection of schema information for CRL.
  * <P>
- *
+ * 
  * @author thomask
  * @version $Revision$, $Date$
  */
diff --git a/pki/base/common/src/com/netscape/cmscore/dbs/CRLIssuingPointRecord.java b/pki/base/common/src/com/netscape/cmscore/dbs/CRLIssuingPointRecord.java
index ea110d1c..239ba9b6 100644
--- a/pki/base/common/src/com/netscape/cmscore/dbs/CRLIssuingPointRecord.java
+++ b/pki/base/common/src/com/netscape/cmscore/dbs/CRLIssuingPointRecord.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cmscore.dbs;
 
-
 import java.math.BigInteger;
 import java.util.Date;
 import java.util.Enumeration;
@@ -29,11 +28,10 @@ import com.netscape.certsrv.base.EBaseException;
 import com.netscape.certsrv.dbs.IDBObj;
 import com.netscape.certsrv.dbs.crldb.ICRLIssuingPointRecord;
 
-
 /**
  * A class represents a CRL issuing point record.
  * <P>
- *
+ * 
  * @author thomask
  * @version $Revision$, $Date$
  */
@@ -43,8 +41,8 @@ public class CRLIssuingPointRecord implements ICRLIssuingPointRecord, IDBObj {
      *
      */
     private static final long serialVersionUID = 400565044343905267L;
-    protected String mId = null;               // internal unique id
-    protected BigInteger mCRLNumber = null;      // CRL number
+    protected String mId = null; // internal unique id
+    protected BigInteger mCRLNumber = null; // CRL number
     protected Long mCRLSize = null;
     protected Date mThisUpdate = null;
     protected Date mNextUpdate = null;
@@ -78,8 +76,8 @@ public class CRLIssuingPointRecord implements ICRLIssuingPointRecord, IDBObj {
     }
 
     /**
-     * Constructs empty CRLIssuingPointRecord. This is
-     * required in database framework.
+     * Constructs empty CRLIssuingPointRecord. This is required in database
+     * framework.
      */
     public CRLIssuingPointRecord() {
     }
@@ -87,8 +85,8 @@ public class CRLIssuingPointRecord implements ICRLIssuingPointRecord, IDBObj {
     /**
      * Constructs a CRLIssuingPointRecord
      */
-    public CRLIssuingPointRecord(String id, BigInteger crlNumber, Long crlSize, 
-        Date thisUpdate, Date nextUpdate) {
+    public CRLIssuingPointRecord(String id, BigInteger crlNumber, Long crlSize,
+            Date thisUpdate, Date nextUpdate) {
         mId = id;
         mCRLNumber = crlNumber;
         mCRLSize = crlSize;
@@ -106,9 +104,9 @@ public class CRLIssuingPointRecord implements ICRLIssuingPointRecord, IDBObj {
     /**
      * Constructs a CRLIssuingPointRecord
      */
-    public CRLIssuingPointRecord(String id, BigInteger crlNumber, Long crlSize, 
-        Date thisUpdate, Date nextUpdate, BigInteger deltaCRLNumber, Long deltaCRLSize,
-        Hashtable revokedCerts, Hashtable unrevokedCerts, Hashtable expiredCerts) {
+    public CRLIssuingPointRecord(String id, BigInteger crlNumber, Long crlSize,
+            Date thisUpdate, Date nextUpdate, BigInteger deltaCRLNumber, Long deltaCRLSize,
+            Hashtable revokedCerts, Hashtable unrevokedCerts, Hashtable expiredCerts) {
         mId = id;
         mCRLNumber = crlNumber;
         mCRLSize = crlSize;
diff --git a/pki/base/common/src/com/netscape/cmscore/dbs/CRLRepository.java b/pki/base/common/src/com/netscape/cmscore/dbs/CRLRepository.java
index ba3ed5a7..3c70bf3d 100644
--- a/pki/base/common/src/com/netscape/cmscore/dbs/CRLRepository.java
+++ b/pki/base/common/src/com/netscape/cmscore/dbs/CRLRepository.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cmscore.dbs;
 
-
 import java.math.BigInteger;
 import java.util.Date;
 import java.util.Hashtable;
@@ -36,10 +35,9 @@ import com.netscape.certsrv.dbs.crldb.ICRLIssuingPointRecord;
 import com.netscape.certsrv.dbs.crldb.ICRLRepository;
 
 /**
- * A class represents a CRL repository. It stores all the 
- * CRL issuing points.
+ * A class represents a CRL repository. It stores all the CRL issuing points.
  * <P>
- *
+ * 
  * @author thomask
  * @version $Revision$, $Date$
  */
@@ -52,8 +50,8 @@ public class CRLRepository extends Repository implements ICRLRepository {
     /**
      * Constructs a CRL repository.
      */
-    public CRLRepository(IDBSubsystem dbService, int increment, String baseDN) 
-        throws EDBException {
+    public CRLRepository(IDBSubsystem dbService, int increment, String baseDN)
+            throws EDBException {
         super(dbService, increment, baseDN);
         mBaseDN = baseDN;
         mDBService = dbService;
@@ -61,22 +59,21 @@ public class CRLRepository extends Repository implements ICRLRepository {
         IDBRegistry reg = dbService.getRegistry();
 
         /**
-         String crlRecordOC[] = new String[1];
-         crlRecordOC[0] = Schema.LDAP_OC_CRL_RECORD;
-         reg.registerObjectClass(CRLIssuingPointRecord.class.getName(),
-         crlRecordOC);
-         reg.registerAttribute(ICRLIssuingPointRecord.ATTR_ID, new
-         StringMapper(Schema.LDAP_ATTR_CRL_ID));
-         reg.registerAttribute(ICRLIssuingPointRecord.ATTR_CRL_NUMBER, new
-         BigIntegerMapper(Schema.LDAP_ATTR_CRL_NUMBER));
-         reg.registerAttribute(ICRLIssuingPointRecord.ATTR_CRL_SIZE, new
-         LongMapper(Schema.LDAP_ATTR_CRL_SIZE));
-         reg.registerAttribute(ICRLIssuingPointRecord.ATTR_THIS_UPDATE, new
-         DateMapper(Schema.LDAP_ATTR_THIS_UPDATE));
-         reg.registerAttribute(ICRLIssuingPointRecord.ATTR_NEXT_UPDATE, new
-         DateMapper(Schema.LDAP_ATTR_NEXT_UPDATE));
-         reg.registerAttribute(ICRLIssuingPointRecord.ATTR_CRL, new
-         ByteArrayMapper(Schema.LDAP_ATTR_CRL));
+         * String crlRecordOC[] = new String[1]; crlRecordOC[0] =
+         * Schema.LDAP_OC_CRL_RECORD;
+         * reg.registerObjectClass(CRLIssuingPointRecord.class.getName(),
+         * crlRecordOC); reg.registerAttribute(ICRLIssuingPointRecord.ATTR_ID,
+         * new StringMapper(Schema.LDAP_ATTR_CRL_ID));
+         * reg.registerAttribute(ICRLIssuingPointRecord.ATTR_CRL_NUMBER, new
+         * BigIntegerMapper(Schema.LDAP_ATTR_CRL_NUMBER));
+         * reg.registerAttribute(ICRLIssuingPointRecord.ATTR_CRL_SIZE, new
+         * LongMapper(Schema.LDAP_ATTR_CRL_SIZE));
+         * reg.registerAttribute(ICRLIssuingPointRecord.ATTR_THIS_UPDATE, new
+         * DateMapper(Schema.LDAP_ATTR_THIS_UPDATE));
+         * reg.registerAttribute(ICRLIssuingPointRecord.ATTR_NEXT_UPDATE, new
+         * DateMapper(Schema.LDAP_ATTR_NEXT_UPDATE));
+         * reg.registerAttribute(ICRLIssuingPointRecord.ATTR_CRL, new
+         * ByteArrayMapper(Schema.LDAP_ATTR_CRL));
          **/
     }
 
@@ -97,24 +94,23 @@ public class CRLRepository extends Repository implements ICRLRepository {
     /**
      * Removes all objects with this repository.
      */
-    public void removeAllObjects() throws EBaseException
-    {
+    public void removeAllObjects() throws EBaseException {
     }
 
     /**
      * Adds CRL issuing points.
      */
     public void addCRLIssuingPointRecord(ICRLIssuingPointRecord rec)
-        throws EBaseException {
+            throws EBaseException {
         IDBSSession s = mDBService.createSession();
 
         try {
             String name = mLdapCRLIssuingPointName + "=" +
-                ((CRLIssuingPointRecord) rec).getId().toString() + "," + getDN();
+                    ((CRLIssuingPointRecord) rec).getId().toString() + "," + getDN();
 
             s.add(name, rec);
-        } finally { 
-            if (s != null) 
+        } finally {
+            if (s != null)
                 s.close();
         }
     }
@@ -125,21 +121,21 @@ public class CRLRepository extends Repository implements ICRLRepository {
     public Vector getIssuingPointsNames() throws EBaseException {
         IDBSSession s = mDBService.createSession();
         try {
-            String[] attrs = {ICRLIssuingPointRecord.ATTR_ID, "objectclass"};
+            String[] attrs = { ICRLIssuingPointRecord.ATTR_ID, "objectclass" };
             String filter = "objectclass=" + CMS.getCRLIssuingPointRecordName();
             IDBSearchResults res = s.search(getDN(), filter, attrs);
             Vector v = new Vector();
             while (res.hasMoreElements()) {
-                ICRLIssuingPointRecord nextelement = 
-                  (ICRLIssuingPointRecord)res.nextElement();
+                ICRLIssuingPointRecord nextelement =
+                        (ICRLIssuingPointRecord) res.nextElement();
                 CMS.debug("CRLRepository getIssuingPointsNames(): name = "
-                  +nextelement.getId());
+                        + nextelement.getId());
                 v.addElement(nextelement.getId());
             }
 
             return v;
         } finally {
-            if (s != null) 
+            if (s != null)
                 s.close();
         }
     }
@@ -148,19 +144,20 @@ public class CRLRepository extends Repository implements ICRLRepository {
      * Reads issuing point record.
      */
     public ICRLIssuingPointRecord readCRLIssuingPointRecord(String id)
-        throws EBaseException {
+            throws EBaseException {
         IDBSSession s = mDBService.createSession();
         CRLIssuingPointRecord rec = null;
 
         try {
             String name = mLdapCRLIssuingPointName + "=" + id +
-                "," + getDN();
+                    "," + getDN();
 
             if (s != null) {
                 rec = (CRLIssuingPointRecord) s.read(name);
             }
-        } finally { 
-            if (s != null) s.close();
+        } finally {
+            if (s != null)
+                s.close();
         }
         return rec;
     }
@@ -169,31 +166,35 @@ public class CRLRepository extends Repository implements ICRLRepository {
      * deletes issuing point record.
      */
     public void deleteCRLIssuingPointRecord(String id)
-        throws EBaseException {
+            throws EBaseException {
         IDBSSession s = null;
 
         try {
             s = mDBService.createSession();
             String name = mLdapCRLIssuingPointName + "=" + id +
-                "," + getDN();
+                    "," + getDN();
 
-            if (s != null) s.delete(name);
+            if (s != null)
+                s.delete(name);
         } finally {
-            if (s != null) s.close();
+            if (s != null)
+                s.close();
         }
     }
 
-    public void modifyCRLIssuingPointRecord(String id, 
-        ModificationSet mods) throws EBaseException {
+    public void modifyCRLIssuingPointRecord(String id,
+            ModificationSet mods) throws EBaseException {
         IDBSSession s = mDBService.createSession();
 
         try {
             String name = mLdapCRLIssuingPointName + "=" + id +
-                "," + getDN();
+                    "," + getDN();
 
-            if (s != null) s.modify(name, mods);
-        } finally { 
-            if (s != null) s.close();
+            if (s != null)
+                s.modify(name, mods);
+        } finally {
+            if (s != null)
+                s.close();
         }
     }
 
@@ -201,24 +202,24 @@ public class CRLRepository extends Repository implements ICRLRepository {
      * Updates CRL issuing point record.
      */
     public void updateCRLIssuingPointRecord(String id, byte[] newCRL,
-        Date thisUpdate, Date nextUpdate, BigInteger crlNumber, Long crlSize)
-        throws EBaseException {
+            Date thisUpdate, Date nextUpdate, BigInteger crlNumber, Long crlSize)
+            throws EBaseException {
         ModificationSet mods = new ModificationSet();
 
         if (newCRL != null) {
-            mods.add(ICRLIssuingPointRecord.ATTR_CRL, 
-                Modification.MOD_REPLACE, newCRL);
+            mods.add(ICRLIssuingPointRecord.ATTR_CRL,
+                    Modification.MOD_REPLACE, newCRL);
         }
         if (nextUpdate != null) {
-            mods.add(ICRLIssuingPointRecord.ATTR_NEXT_UPDATE, 
-                Modification.MOD_REPLACE, nextUpdate);
+            mods.add(ICRLIssuingPointRecord.ATTR_NEXT_UPDATE,
+                    Modification.MOD_REPLACE, nextUpdate);
         }
-        mods.add(ICRLIssuingPointRecord.ATTR_THIS_UPDATE, 
-            Modification.MOD_REPLACE, thisUpdate);
-        mods.add(ICRLIssuingPointRecord.ATTR_CRL_NUMBER, 
-            Modification.MOD_REPLACE, crlNumber);
-        mods.add(ICRLIssuingPointRecord.ATTR_CRL_SIZE, 
-            Modification.MOD_REPLACE, crlSize);
+        mods.add(ICRLIssuingPointRecord.ATTR_THIS_UPDATE,
+                Modification.MOD_REPLACE, thisUpdate);
+        mods.add(ICRLIssuingPointRecord.ATTR_CRL_NUMBER,
+                Modification.MOD_REPLACE, crlNumber);
+        mods.add(ICRLIssuingPointRecord.ATTR_CRL_SIZE,
+                Modification.MOD_REPLACE, crlSize);
         modifyCRLIssuingPointRecord(id, mods);
     }
 
@@ -226,40 +227,40 @@ public class CRLRepository extends Repository implements ICRLRepository {
      * Updates CRL issuing point record.
      */
     public void updateCRLIssuingPointRecord(String id, byte[] newCRL,
-        Date thisUpdate, Date nextUpdate, BigInteger crlNumber, Long crlSize,
-        Hashtable revokedCerts, Hashtable unrevokedCerts, Hashtable expiredCerts)
-        throws EBaseException {
+            Date thisUpdate, Date nextUpdate, BigInteger crlNumber, Long crlSize,
+            Hashtable revokedCerts, Hashtable unrevokedCerts, Hashtable expiredCerts)
+            throws EBaseException {
         ModificationSet mods = new ModificationSet();
 
         if (newCRL != null) {
-            mods.add(ICRLIssuingPointRecord.ATTR_CRL, 
-                Modification.MOD_REPLACE, newCRL);
+            mods.add(ICRLIssuingPointRecord.ATTR_CRL,
+                    Modification.MOD_REPLACE, newCRL);
         }
         if (nextUpdate != null) {
-            mods.add(ICRLIssuingPointRecord.ATTR_NEXT_UPDATE, 
-                Modification.MOD_REPLACE, nextUpdate);
+            mods.add(ICRLIssuingPointRecord.ATTR_NEXT_UPDATE,
+                    Modification.MOD_REPLACE, nextUpdate);
         }
-        mods.add(ICRLIssuingPointRecord.ATTR_THIS_UPDATE, 
-            Modification.MOD_REPLACE, thisUpdate);
-        mods.add(ICRLIssuingPointRecord.ATTR_CRL_NUMBER, 
-            Modification.MOD_REPLACE, crlNumber);
-        mods.add(ICRLIssuingPointRecord.ATTR_CRL_SIZE, 
-            Modification.MOD_REPLACE, crlSize);
+        mods.add(ICRLIssuingPointRecord.ATTR_THIS_UPDATE,
+                Modification.MOD_REPLACE, thisUpdate);
+        mods.add(ICRLIssuingPointRecord.ATTR_CRL_NUMBER,
+                Modification.MOD_REPLACE, crlNumber);
+        mods.add(ICRLIssuingPointRecord.ATTR_CRL_SIZE,
+                Modification.MOD_REPLACE, crlSize);
         if (revokedCerts != null) {
-            mods.add(ICRLIssuingPointRecord.ATTR_REVOKED_CERTS, 
-                Modification.MOD_REPLACE, revokedCerts);
+            mods.add(ICRLIssuingPointRecord.ATTR_REVOKED_CERTS,
+                    Modification.MOD_REPLACE, revokedCerts);
         }
         if (unrevokedCerts != null) {
-            mods.add(ICRLIssuingPointRecord.ATTR_UNREVOKED_CERTS, 
-                Modification.MOD_REPLACE, unrevokedCerts);
+            mods.add(ICRLIssuingPointRecord.ATTR_UNREVOKED_CERTS,
+                    Modification.MOD_REPLACE, unrevokedCerts);
         }
         if (expiredCerts != null) {
-            mods.add(ICRLIssuingPointRecord.ATTR_EXPIRED_CERTS, 
-                Modification.MOD_REPLACE, expiredCerts);
+            mods.add(ICRLIssuingPointRecord.ATTR_EXPIRED_CERTS,
+                    Modification.MOD_REPLACE, expiredCerts);
         }
         if (revokedCerts != null || unrevokedCerts != null) {
             mods.add(ICRLIssuingPointRecord.ATTR_FIRST_UNSAVED,
-                Modification.MOD_REPLACE, ICRLIssuingPointRecord.CLEAN_CACHE);
+                    Modification.MOD_REPLACE, ICRLIssuingPointRecord.CLEAN_CACHE);
         }
         modifyCRLIssuingPointRecord(id, mods);
     }
@@ -268,16 +269,16 @@ public class CRLRepository extends Repository implements ICRLRepository {
      * Updates CRL issuing point record with recently revoked certificates info.
      */
     public void updateRevokedCerts(String id, Hashtable revokedCerts,
-        Hashtable unrevokedCerts)
-        throws EBaseException {
+            Hashtable unrevokedCerts)
+            throws EBaseException {
         ModificationSet mods = new ModificationSet();
 
-        mods.add(ICRLIssuingPointRecord.ATTR_REVOKED_CERTS, 
-            Modification.MOD_REPLACE, revokedCerts);
-        mods.add(ICRLIssuingPointRecord.ATTR_UNREVOKED_CERTS, 
-            Modification.MOD_REPLACE, unrevokedCerts);
+        mods.add(ICRLIssuingPointRecord.ATTR_REVOKED_CERTS,
+                Modification.MOD_REPLACE, revokedCerts);
+        mods.add(ICRLIssuingPointRecord.ATTR_UNREVOKED_CERTS,
+                Modification.MOD_REPLACE, unrevokedCerts);
         mods.add(ICRLIssuingPointRecord.ATTR_FIRST_UNSAVED,
-            Modification.MOD_REPLACE, ICRLIssuingPointRecord.CLEAN_CACHE);
+                Modification.MOD_REPLACE, ICRLIssuingPointRecord.CLEAN_CACHE);
         modifyCRLIssuingPointRecord(id, mods);
     }
 
@@ -285,11 +286,11 @@ public class CRLRepository extends Repository implements ICRLRepository {
      * Updates CRL issuing point record with recently expired certificates info.
      */
     public void updateExpiredCerts(String id, Hashtable expiredCerts)
-        throws EBaseException {
+            throws EBaseException {
         ModificationSet mods = new ModificationSet();
 
-        mods.add(ICRLIssuingPointRecord.ATTR_EXPIRED_CERTS, 
-            Modification.MOD_REPLACE, expiredCerts);
+        mods.add(ICRLIssuingPointRecord.ATTR_EXPIRED_CERTS,
+                Modification.MOD_REPLACE, expiredCerts);
         modifyCRLIssuingPointRecord(id, mods);
     }
 
@@ -297,24 +298,24 @@ public class CRLRepository extends Repository implements ICRLRepository {
      * Updates CRL issuing point record with CRL cache info.
      */
     public void updateCRLCache(String id, Long crlSize,
-        Hashtable revokedCerts,
-        Hashtable unrevokedCerts,
-        Hashtable expiredCerts)
-        throws EBaseException {
+            Hashtable revokedCerts,
+            Hashtable unrevokedCerts,
+            Hashtable expiredCerts)
+            throws EBaseException {
         ModificationSet mods = new ModificationSet();
 
         if (crlSize != null) {
-            mods.add(ICRLIssuingPointRecord.ATTR_CRL_SIZE, 
-                Modification.MOD_REPLACE, crlSize);
+            mods.add(ICRLIssuingPointRecord.ATTR_CRL_SIZE,
+                    Modification.MOD_REPLACE, crlSize);
         }
         mods.add(ICRLIssuingPointRecord.ATTR_REVOKED_CERTS,
-            Modification.MOD_REPLACE, revokedCerts);
+                Modification.MOD_REPLACE, revokedCerts);
         mods.add(ICRLIssuingPointRecord.ATTR_UNREVOKED_CERTS,
-            Modification.MOD_REPLACE, unrevokedCerts);
+                Modification.MOD_REPLACE, unrevokedCerts);
         mods.add(ICRLIssuingPointRecord.ATTR_EXPIRED_CERTS,
-            Modification.MOD_REPLACE, expiredCerts);
+                Modification.MOD_REPLACE, expiredCerts);
         mods.add(ICRLIssuingPointRecord.ATTR_FIRST_UNSAVED,
-            Modification.MOD_REPLACE, ICRLIssuingPointRecord.CLEAN_CACHE);
+                Modification.MOD_REPLACE, ICRLIssuingPointRecord.CLEAN_CACHE);
         modifyCRLIssuingPointRecord(id, mods);
     }
 
@@ -324,41 +325,41 @@ public class CRLRepository extends Repository implements ICRLRepository {
     public void updateDeltaCRL(String id, BigInteger deltaCRLNumber,
                                Long deltaCRLSize, Date nextUpdate,
                                byte[] deltaCRL)
-        throws EBaseException {
+            throws EBaseException {
         ModificationSet mods = new ModificationSet();
 
         if (deltaCRLNumber != null) {
             mods.add(ICRLIssuingPointRecord.ATTR_DELTA_NUMBER,
-                Modification.MOD_REPLACE, deltaCRLNumber);
+                    Modification.MOD_REPLACE, deltaCRLNumber);
         }
         if (deltaCRLSize != null) {
-            mods.add(ICRLIssuingPointRecord.ATTR_DELTA_SIZE, 
-                Modification.MOD_REPLACE, deltaCRLSize);
+            mods.add(ICRLIssuingPointRecord.ATTR_DELTA_SIZE,
+                    Modification.MOD_REPLACE, deltaCRLSize);
         }
         if (nextUpdate != null) {
-            mods.add(ICRLIssuingPointRecord.ATTR_NEXT_UPDATE, 
-                Modification.MOD_REPLACE, nextUpdate);
+            mods.add(ICRLIssuingPointRecord.ATTR_NEXT_UPDATE,
+                    Modification.MOD_REPLACE, nextUpdate);
         }
         if (deltaCRL != null) {
-            mods.add(ICRLIssuingPointRecord.ATTR_DELTA_CRL, 
-                Modification.MOD_REPLACE, deltaCRL);
+            mods.add(ICRLIssuingPointRecord.ATTR_DELTA_CRL,
+                    Modification.MOD_REPLACE, deltaCRL);
         }
         modifyCRLIssuingPointRecord(id, mods);
     }
 
     public void updateFirstUnsaved(String id, String firstUnsaved)
-        throws EBaseException {
+            throws EBaseException {
         ModificationSet mods = new ModificationSet();
 
         if (firstUnsaved != null) {
-            mods.add(ICRLIssuingPointRecord.ATTR_FIRST_UNSAVED, 
-                Modification.MOD_REPLACE, firstUnsaved);
+            mods.add(ICRLIssuingPointRecord.ATTR_FIRST_UNSAVED,
+                    Modification.MOD_REPLACE, firstUnsaved);
         }
         modifyCRLIssuingPointRecord(id, mods);
     }
 
-     public BigInteger getLastSerialNumberInRange(BigInteger  serial_low_bound, BigInteger serial_upper_bound)
-        throws EBaseException {
+    public BigInteger getLastSerialNumberInRange(BigInteger serial_low_bound, BigInteger serial_upper_bound)
+            throws EBaseException {
 
         return null;
     }
diff --git a/pki/base/common/src/com/netscape/cmscore/dbs/CertDBSchema.java b/pki/base/common/src/com/netscape/cmscore/dbs/CertDBSchema.java
index 83164aab..3718e504 100644
--- a/pki/base/common/src/com/netscape/cmscore/dbs/CertDBSchema.java
+++ b/pki/base/common/src/com/netscape/cmscore/dbs/CertDBSchema.java
@@ -17,14 +17,11 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cmscore.dbs;
 
-
-
-
 /**
- * A class represents a collection of certificate record
- * specific schema information.
+ * A class represents a collection of certificate record specific schema
+ * information.
  * <P>
- *
+ * 
  * @author thomask
  * @version $Revision$, $Date$
  */
diff --git a/pki/base/common/src/com/netscape/cmscore/dbs/CertRecord.java b/pki/base/common/src/com/netscape/cmscore/dbs/CertRecord.java
index 973ddc4f..e8d2c954 100644
--- a/pki/base/common/src/com/netscape/cmscore/dbs/CertRecord.java
+++ b/pki/base/common/src/com/netscape/cmscore/dbs/CertRecord.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cmscore.dbs;
 
-
 import java.math.BigInteger;
 import java.security.cert.Certificate;
 import java.util.Date;
@@ -34,12 +33,11 @@ import com.netscape.certsrv.dbs.IDBObj;
 import com.netscape.certsrv.dbs.certdb.ICertRecord;
 import com.netscape.certsrv.dbs.certdb.IRevocationInfo;
 
-
 /**
  * A class represents a serializable certificate record.
  * <P>
- *
- * @author  thomask
+ * 
+ * @author thomask
  * @version $Revision$, $Date$
  */
 public class CertRecord implements IDBObj, ICertRecord {
@@ -83,8 +81,7 @@ public class CertRecord implements IDBObj, ICertRecord {
     }
 
     /**
-     * Constructs certiificate record with certificate 
-     * and meta info.
+     * Constructs certiificate record with certificate and meta info.
      */
     public CertRecord(BigInteger id, Certificate cert, MetaInfo meta) {
         mId = id;
@@ -205,14 +202,13 @@ public class CertRecord implements IDBObj, ICertRecord {
     /**
      * Retrieves revocation information.
      */
-    public IRevocationInfo getRevocationInfo() { 
-        return mRevocationInfo; 
+    public IRevocationInfo getRevocationInfo() {
+        return mRevocationInfo;
     }
 
     /**
-     * Retrieves serial number of this record. Usually,
-     * it is the same of the serial number of the
-     * associated certificate.
+     * Retrieves serial number of this record. Usually, it is the same of the
+     * serial number of the associated certificate.
      */
     public BigInteger getSerialNumber() {
         return mId;
@@ -271,7 +267,7 @@ public class CertRecord implements IDBObj, ICertRecord {
     public Date getModifyTime() {
         return mModifyTime;
     }
-	
+
     /**
      * String representation
      */
diff --git a/pki/base/common/src/com/netscape/cmscore/dbs/CertRecordList.java b/pki/base/common/src/com/netscape/cmscore/dbs/CertRecordList.java
index 3477360e..e1e3e5c0 100644
--- a/pki/base/common/src/com/netscape/cmscore/dbs/CertRecordList.java
+++ b/pki/base/common/src/com/netscape/cmscore/dbs/CertRecordList.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cmscore.dbs;
 
-
 import java.util.Enumeration;
 import java.util.Vector;
 
@@ -27,11 +26,10 @@ import com.netscape.certsrv.dbs.IElementProcessor;
 import com.netscape.certsrv.dbs.certdb.ICertRecord;
 import com.netscape.certsrv.dbs.certdb.ICertRecordList;
 
-
 /**
  * A class represents a list of certificate records.
  * <P>
- *
+ * 
  * @author thomask mzhao
  * @version $Revision$, $Date$
  */
@@ -69,35 +67,33 @@ public class CertRecordList implements ICertRecordList {
     }
 
     /**
-     * Process certificate record as soon as it is returned.
-     * kmccarth: changed to ignore startidx and endidx because VLVs don't
-     *           provide a stable list.
+     * Process certificate record as soon as it is returned. kmccarth: changed
+     * to ignore startidx and endidx because VLVs don't provide a stable list.
      */
     public void processCertRecords(int startidx, int endidx,
-        IElementProcessor ep) throws EBaseException {
+            IElementProcessor ep) throws EBaseException {
         int i = 0;
-        while ( i<mVlist.getSize() ) {
-           Object element = mVlist.getElementAt(i);
-           if (element != null && (! (element instanceof String)) ) {
-              ep.process(element);
-           }
-           i++;
+        while (i < mVlist.getSize()) {
+            Object element = mVlist.getElementAt(i);
+            if (element != null && (!(element instanceof String))) {
+                ep.process(element);
+            }
+            i++;
         }
     }
 
     /**
-     * Retrieves requests.
-     * It's no good to call this if you didnt check
-     * if the startidx, endidx are valid.
+     * Retrieves requests. It's no good to call this if you didnt check if the
+     * startidx, endidx are valid.
      */
     public Enumeration<ICertRecord> getCertRecords(int startidx, int endidx)
-        throws EBaseException {
+            throws EBaseException {
         Vector<ICertRecord> entries = new Vector<ICertRecord>();
 
         for (int i = startidx; i <= endidx; i++) {
             ICertRecord element = mVlist.getElementAt(i);
 
-            //  CMS.debug("gerCertRecords[" + i + "] element: " + element);
+            // CMS.debug("gerCertRecords[" + i + "] element: " + element);
             if (element != null) {
                 entries.addElement(element);
             }
@@ -106,11 +102,10 @@ public class CertRecordList implements ICertRecordList {
     }
 
     public ICertRecord getCertRecord(int index)
-        throws EBaseException {
+            throws EBaseException {
 
         return mVlist.getElementAt(index);
 
-
     }
 
 }
diff --git a/pki/base/common/src/com/netscape/cmscore/dbs/CertRecordMapper.java b/pki/base/common/src/com/netscape/cmscore/dbs/CertRecordMapper.java
index 510da3c5..0c75e834 100644
--- a/pki/base/common/src/com/netscape/cmscore/dbs/CertRecordMapper.java
+++ b/pki/base/common/src/com/netscape/cmscore/dbs/CertRecordMapper.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cmscore.dbs;
 
-
 import java.math.BigInteger;
 import java.util.Enumeration;
 import java.util.Vector;
@@ -34,13 +33,11 @@ import com.netscape.certsrv.dbs.certdb.ICertRecord;
 import com.netscape.certsrv.dbs.certdb.ICertificateRepository;
 import com.netscape.cmscore.util.Debug;
 
-
 /**
- * A class represents a mapper to serialize 
- * certificate record into database.
+ * A class represents a mapper to serialize certificate record into database.
  * <P>
- *
- * @author  thomask
+ * 
+ * @author thomask
  * @version $Revision$, $Date$
  */
 public class CertRecordMapper implements IDBAttrMapper {
@@ -58,9 +55,9 @@ public class CertRecordMapper implements IDBAttrMapper {
         return v.elements();
     }
 
-    public void mapObjectToLDAPAttributeSet(IDBObj parent, String name, 
-        Object obj, LDAPAttributeSet attrs) 
-        throws EBaseException {
+    public void mapObjectToLDAPAttributeSet(IDBObj parent, String name,
+            Object obj, LDAPAttributeSet attrs)
+            throws EBaseException {
         try {
             CertRecord rec = (CertRecord) obj;
 
@@ -74,9 +71,9 @@ public class CertRecordMapper implements IDBAttrMapper {
         }
     }
 
-    public void mapLDAPAttributeSetToObject(LDAPAttributeSet attrs, 
-        String name, IDBObj parent) throws EBaseException {
-        try {	
+    public void mapLDAPAttributeSetToObject(LDAPAttributeSet attrs,
+            String name, IDBObj parent) throws EBaseException {
+        try {
             LDAPAttribute attr = attrs.getAttribute(
                     CertDBSchema.LDAP_ATTR_CERT_RECORD_ID);
 
@@ -95,7 +92,7 @@ public class CertRecordMapper implements IDBAttrMapper {
     }
 
     public String mapSearchFilter(String name, String op, String value)
-        throws EBaseException {
+            throws EBaseException {
         return name + op + value;
     }
 }
diff --git a/pki/base/common/src/com/netscape/cmscore/dbs/CertificateRepository.java b/pki/base/common/src/com/netscape/cmscore/dbs/CertificateRepository.java
index bc3d279f..914da63a 100644
--- a/pki/base/common/src/com/netscape/cmscore/dbs/CertificateRepository.java
+++ b/pki/base/common/src/com/netscape/cmscore/dbs/CertificateRepository.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cmscore.dbs;
 
-
 import java.io.Serializable;
 import java.math.BigInteger;
 import java.security.cert.Certificate;
@@ -57,18 +56,17 @@ import com.netscape.certsrv.dbs.certdb.IRevocationInfo;
 import com.netscape.certsrv.dbs.repository.IRepository;
 import com.netscape.certsrv.logging.ILogger;
 
-
 /**
- * A class represents a certificate repository. It
- * stores all the issued certificate.
+ * A class represents a certificate repository. It stores all the issued
+ * certificate.
  * <P>
- *
+ * 
  * @author thomask
  * @author kanda
  * @version $Revision$, $Date$
  */
 public class CertificateRepository extends Repository
-    implements ICertificateRepository {
+        implements ICertificateRepository {
 
     public final String CERT_X509ATTRIBUTE = "x509signedcert";
 
@@ -88,10 +86,10 @@ public class CertificateRepository extends Repository
      * Constructs a certificate repository.
      */
     public CertificateRepository(IDBSubsystem dbService, String certRepoBaseDN, int increment, String baseDN)
-        throws EDBException {
+            throws EDBException {
         super(dbService, increment, baseDN);
         mBaseDN = certRepoBaseDN;
-      
+
         mDBService = dbService;
 
         // registers CMS database attributes
@@ -104,13 +102,12 @@ public class CertificateRepository extends Repository
         return new CertRecord(id, cert, meta);
     }
 
-    public BigInteger getLastSerialNumberInRange(BigInteger  serial_low_bound, BigInteger serial_upper_bound)
-    throws EBaseException {
+    public BigInteger getLastSerialNumberInRange(BigInteger serial_low_bound, BigInteger serial_upper_bound)
+            throws EBaseException {
 
         CMS.debug("CertificateRepository:  in getLastSerialNumberInRange: low " + serial_low_bound + " high " + serial_upper_bound);
 
-        if(serial_low_bound == null || serial_upper_bound == null || serial_low_bound.compareTo(serial_upper_bound) >= 0 )
-        { 
+        if (serial_low_bound == null || serial_upper_bound == null || serial_low_bound.compareTo(serial_upper_bound) >= 0) {
             return null;
 
         }
@@ -119,7 +116,7 @@ public class CertificateRepository extends Repository
 
         String[] attrs = null;
 
-        ICertRecordList recList = findCertRecordsInList(ldapfilter,attrs,serial_upper_bound.toString(10),"serialno", 5 * -1);
+        ICertRecordList recList = findCertRecordsInList(ldapfilter, attrs, serial_upper_bound.toString(10), "serialno", 5 * -1);
 
         int size = recList.getSize();
 
@@ -130,13 +127,12 @@ public class CertificateRepository extends Repository
 
             BigInteger ret = new BigInteger(serial_low_bound.toString(10));
 
-            ret = ret.add(new BigInteger("-1")); 
+            ret = ret.add(new BigInteger("-1"));
             CMS.debug("CertificateRepository:getLastCertRecordSerialNo: returning " + ret);
             return ret;
         }
         int ltSize = recList.getSizeBeforeJumpTo();
 
-
         CMS.debug("CertificateRepository:getLastSerialNumberInRange: ltSize " + ltSize);
 
         CertRecord curRec = null;
@@ -154,9 +150,8 @@ public class CertificateRepository extends Repository
 
                 CMS.debug("CertificateRepository:getLastCertRecordSerialNo:  serialno  " + serial);
 
-                if(  ((serial.compareTo(serial_low_bound) == 0) || (serial.compareTo(serial_low_bound) == 1) ) &&
-                     ((serial.compareTo(serial_upper_bound) == 0) || (serial.compareTo(serial_upper_bound) == -1) ))
-                {
+                if (((serial.compareTo(serial_low_bound) == 0) || (serial.compareTo(serial_low_bound) == 1)) &&
+                        ((serial.compareTo(serial_upper_bound) == 0) || (serial.compareTo(serial_upper_bound) == -1))) {
                     CMS.debug("getLastSerialNumberInRange returning: " + serial);
                     return serial;
                 }
@@ -164,24 +159,22 @@ public class CertificateRepository extends Repository
                 CMS.debug("getLastSerialNumberInRange:found null from getCertRecord");
             }
         }
-        
 
         BigInteger ret = new BigInteger(serial_low_bound.toString(10));
 
-        ret = ret.add(new BigInteger("-1")); 
+        ret = ret.add(new BigInteger("-1"));
 
         CMS.debug("CertificateRepository:getLastCertRecordSerialNo: returning " + ret);
-        return ret; 
+        return ret;
 
     }
 
     /**
      * Removes all objects with this repository.
      */
-    public void removeCertRecords(BigInteger beginS, BigInteger endS) throws EBaseException
-    {
+    public void removeCertRecords(BigInteger beginS, BigInteger endS) throws EBaseException {
         String filter = "(" + CertRecord.ATTR_CERT_STATUS + "=*" + ")";
-        ICertRecordList list =findCertRecordsInList(filter, 
+        ICertRecordList list = findCertRecordsInList(filter,
                     null, "serialno", 10);
         int size = list.getSize();
         Enumeration<ICertRecord> e = list.getCertRecords(0, size - 1);
@@ -192,8 +185,8 @@ public class CertificateRepository extends Repository
             BigInteger min = cur;
             if (endS != null)
                 min = cur.min(endS);
-            if (cur.equals(beginS) || cur.equals(endS) || 
-              (cur.equals(max) && cur.equals(min)))
+            if (cur.equals(beginS) || cur.equals(endS) ||
+                    (cur.equals(max) && cur.equals(min)))
                 deleteCertificateRecord(cur);
         }
     }
@@ -223,9 +216,7 @@ public class CertificateRepository extends Repository
     }
 
     /**
-     * interval value: (in seconds)
-     *   0 - disable
-     *   >0 - enable
+     * interval value: (in seconds) 0 - disable >0 - enable
      */
     public CertStatusUpdateThread mCertStatusUpdateThread = null;
     public RetrieveModificationsThread mRetrieveModificationsThread = null;
@@ -243,8 +234,8 @@ public class CertificateRepository extends Repository
             return;
         }
 
-        CMS.debug("In setCertStatusUpdateInterval  listenToCloneModifications="+listenToCloneModifications+
-                  "  mRetrieveModificationsThread="+mRetrieveModificationsThread);
+        CMS.debug("In setCertStatusUpdateInterval  listenToCloneModifications=" + listenToCloneModifications +
+                  "  mRetrieveModificationsThread=" + mRetrieveModificationsThread);
         if (listenToCloneModifications && mRetrieveModificationsThread == null) {
             CMS.debug("In setCertStatusUpdateInterval about to create RetrieveModificationsThread");
             mRetrieveModificationsThread = new RetrieveModificationsThread(this, "RetrieveModificationsThread");
@@ -273,7 +264,6 @@ public class CertificateRepository extends Repository
         }
     }
 
-
     /**
      * Blocking method.
      */
@@ -281,21 +271,21 @@ public class CertificateRepository extends Repository
 
         CMS.debug("In updateCertStatus()");
 
-        CMS.getLogger().log(ILogger.EV_SYSTEM, ILogger.S_OTHER, 
-            CMS.getLogMessage("CMSCORE_DBS_START_VALID_SEARCH"));
+        CMS.getLogger().log(ILogger.EV_SYSTEM, ILogger.S_OTHER,
+                CMS.getLogMessage("CMSCORE_DBS_START_VALID_SEARCH"));
         transitInvalidCertificates();
         CMS.getLogger().log(ILogger.EV_SYSTEM, ILogger.S_OTHER,
-            CMS.getLogMessage("CMSCORE_DBS_FINISH_VALID_SEARCH"));
+                CMS.getLogMessage("CMSCORE_DBS_FINISH_VALID_SEARCH"));
         CMS.getLogger().log(ILogger.EV_SYSTEM, ILogger.S_OTHER,
-            CMS.getLogMessage("CMSCORE_DBS_START_EXPIRED_SEARCH"));
+                CMS.getLogMessage("CMSCORE_DBS_START_EXPIRED_SEARCH"));
         transitValidCertificates();
         CMS.getLogger().log(ILogger.EV_SYSTEM, ILogger.S_OTHER,
-            CMS.getLogMessage("CMSCORE_DBS_FINISH_EXPIRED_SEARCH"));
+                CMS.getLogMessage("CMSCORE_DBS_FINISH_EXPIRED_SEARCH"));
         CMS.getLogger().log(ILogger.EV_SYSTEM, ILogger.S_OTHER,
-            CMS.getLogMessage("CMSCORE_DBS_START_REVOKED_EXPIRED_SEARCH"));
+                CMS.getLogMessage("CMSCORE_DBS_START_REVOKED_EXPIRED_SEARCH"));
         transitRevokedExpiredCertificates();
         CMS.getLogger().log(ILogger.EV_SYSTEM, ILogger.S_OTHER,
-            CMS.getLogMessage("CMSCORE_DBS_FINISH_REVOKED_EXPIRED_SEARCH"));
+                CMS.getLogMessage("CMSCORE_DBS_FINISH_REVOKED_EXPIRED_SEARCH"));
     }
 
     /**
@@ -305,13 +295,14 @@ public class CertificateRepository extends Repository
         return mBaseDN;
     }
 
-    public void setRequestDN( String requestDN )  {
+    public void setRequestDN(String requestDN) {
         mRequestBaseDN = requestDN;
     }
 
-    public String getRequestDN()  {
+    public String getRequestDN() {
         return mRequestBaseDN;
     }
+
     /**
      * Retrieves backend database handle.
      */
@@ -320,22 +311,21 @@ public class CertificateRepository extends Repository
     }
 
     /**
-     * Adds a certificate record to the repository. Each certificate
-     * record contains four parts: certificate, meta-attributes,
-     * issue information and reovcation information.
+     * Adds a certificate record to the repository. Each certificate record
+     * contains four parts: certificate, meta-attributes, issue information and
+     * reovcation information.
      * <P>
-     *
+     * 
      * @param cert X.509 certificate
-     * @exception EBaseException failed to add new certificate to
-     * 		the repository
+     * @exception EBaseException failed to add new certificate to the repository
      */
     public void addCertificateRecord(ICertRecord record)
-        throws EBaseException {
+            throws EBaseException {
         IDBSSession s = mDBService.createSession();
 
         try {
             String name = "cn" + "=" +
-                ((CertRecord) record).getSerialNumber().toString() + "," + getDN();
+                    ((CertRecord) record).getSerialNumber().toString() + "," + getDN();
             SessionContext ctx = SessionContext.getContext();
             String uid = (String) ctx.get(SessionContext.USER_ID);
 
@@ -344,15 +334,15 @@ public class CertificateRepository extends Repository
                 record.set(CertRecord.ATTR_ISSUED_BY, "system");
 
                 /**
-                 System.out.println("XXX servlet should set USER_ID");
-                 throw new EBaseException(BaseResources.UNKNOWN_PRINCIPAL_1, 
-                 "null");
+                 * System.out.println("XXX servlet should set USER_ID"); throw
+                 * new EBaseException(BaseResources.UNKNOWN_PRINCIPAL_1,
+                 * "null");
                  **/
             } else {
                 record.set(CertRecord.ATTR_ISSUED_BY, uid);
             }
 
-            // Check validity of this certificate. If it is not invalid, 
+            // Check validity of this certificate. If it is not invalid,
             // mark it so. We will have a thread to transit the status
             // from INVALID to VALID.
             X509CertImpl x509cert = (X509CertImpl) record.get(
@@ -363,11 +353,11 @@ public class CertificateRepository extends Repository
 
                 if (x509cert.getNotBefore().after(now)) {
                     // not yet valid
-                    record.set(ICertRecord.ATTR_CERT_STATUS, 
-                        ICertRecord.STATUS_INVALID);
+                    record.set(ICertRecord.ATTR_CERT_STATUS,
+                            ICertRecord.STATUS_INVALID);
                 }
             }
-			
+
             s.add(name, record);
         } finally {
             if (s != null)
@@ -376,21 +366,20 @@ public class CertificateRepository extends Repository
     }
 
     /**
-     * Used by the Clone Master (CLA) to add a revoked certificate
-     * record to the repository.
+     * Used by the Clone Master (CLA) to add a revoked certificate record to the
+     * repository.
      * <p>
-     *
+     * 
      * @param record a CertRecord
-     * @exception EBaseException failed to add new certificate to
-     * 		the repository
+     * @exception EBaseException failed to add new certificate to the repository
      */
     public void addRevokedCertRecord(CertRecord record)
-        throws EBaseException {
+            throws EBaseException {
         IDBSSession s = mDBService.createSession();
 
         try {
             String name = "cn" + "=" +
-                record.getSerialNumber().toString() + "," + getDN();
+                    record.getSerialNumber().toString() + "," + getDN();
 
             s.add(name, record);
         } finally {
@@ -400,8 +389,8 @@ public class CertificateRepository extends Repository
     }
 
     /**
-     * This transits a certificate status from VALID to EXPIRED
-     * if a certificate becomes expired.
+     * This transits a certificate status from VALID to EXPIRED if a certificate
+     * becomes expired.
      */
     public void transitValidCertificates() throws EBaseException {
 
@@ -431,12 +420,13 @@ public class CertificateRepository extends Repository
         for (i = 0; i < ltSize; i++) {
             obj = recList.getCertRecord(i);
 
-            if (obj != null) {     
+            if (obj != null) {
                 curRec = (CertRecord) obj;
 
                 Date notAfter = curRec.getNotAfter();
 
-                //CMS.debug("notAfter " + notAfter.toString() + " now " + now.toString());
+                // CMS.debug("notAfter " + notAfter.toString() + " now " +
+                // now.toString());
                 if (notAfter.after(now)) {
                     CMS.debug("Record does not qualify,notAfter " + notAfter.toString() + " date " + now.toString());
                     continue;
@@ -461,13 +451,13 @@ public class CertificateRepository extends Repository
     }
 
     /**
-     * This transits a certificate status from REVOKED to REVOKED_EXPIRED
-     * if an revoked certificate becomes expired.
+     * This transits a certificate status from REVOKED to REVOKED_EXPIRED if an
+     * revoked certificate becomes expired.
      */
     public void transitRevokedExpiredCertificates() throws EBaseException {
         Date now = CMS.getCurrentDate();
         ICertRecordList recList = getRevokedCertsByNotAfterDate(now, -1 * mTransitRecordPageSize);
-   
+
         int size = recList.getSize();
 
         if (size <= 0) {
@@ -495,7 +485,8 @@ public class CertificateRepository extends Repository
 
                 Date notAfter = curRec.getNotAfter();
 
-                // CMS.debug("notAfter " + notAfter.toString() + " now " + now.toString());
+                // CMS.debug("notAfter " + notAfter.toString() + " now " +
+                // now.toString());
                 if (notAfter.after(now)) {
                     CMS.debug("Record does not qualify,notAfter " + notAfter.toString() + " date " + now.toString());
                     continue;
@@ -506,7 +497,7 @@ public class CertificateRepository extends Repository
                 } else {
                     cList.add(curRec.getSerialNumber());
                 }
-            }  else {
+            } else {
                 CMS.debug("found null record in getCertRecord");
             }
         }
@@ -516,8 +507,8 @@ public class CertificateRepository extends Repository
     }
 
     /**
-     * This transits a certificate status from INVALID to VALID
-     * if a certificate becomes valid.
+     * This transits a certificate status from INVALID to VALID if a certificate
+     * becomes valid.
      */
     public void transitInvalidCertificates() throws EBaseException {
 
@@ -554,7 +545,8 @@ public class CertificateRepository extends Repository
 
                 Date notBefore = curRec.getNotBefore();
 
-                //CMS.debug("notBefore " + notBefore.toString() + " now " + now.toString());
+                // CMS.debug("notBefore " + notBefore.toString() + " now " +
+                // now.toString());
                 if (notBefore.after(now)) {
                     CMS.debug("Record does not qualify,notBefore " + notBefore.toString() + " date " + now.toString());
                     continue;
@@ -600,8 +592,9 @@ public class CertificateRepository extends Repository
             updateStatus(serial, newCertStatus);
 
             if (newCertStatus.equals(CertRecord.STATUS_REVOKED_EXPIRED)) {
-                
-                // inform all CRLIssuingPoints about revoked and expired certificate
+
+                // inform all CRLIssuingPoints about revoked and expired
+                // certificate
 
                 Enumeration<ICRLIssuingPoint> eIPs = mCRLIssuingPoints.elements();
 
@@ -625,7 +618,7 @@ public class CertificateRepository extends Repository
      * Reads the certificate identified by the given serial no.
      */
     public X509CertImpl getX509Certificate(BigInteger serialNo)
-        throws EBaseException {
+            throws EBaseException {
         X509CertImpl cert = null;
         ICertRecord cr = readCertificateRecord(serialNo);
 
@@ -636,16 +629,16 @@ public class CertificateRepository extends Repository
      * Deletes certificate record.
      */
     public void deleteCertificateRecord(BigInteger serialNo)
-        throws EBaseException {
+            throws EBaseException {
         IDBSSession s = mDBService.createSession();
 
         try {
             String name = "cn" + "=" +
-                serialNo.toString() + "," + getDN();
+                    serialNo.toString() + "," + getDN();
 
             s.delete(name);
         } finally {
-            if (s != null) 
+            if (s != null)
                 s.close();
         }
     }
@@ -654,35 +647,35 @@ public class CertificateRepository extends Repository
      * Reads certificate from repository.
      */
     public ICertRecord readCertificateRecord(BigInteger serialNo)
-        throws EBaseException {
+            throws EBaseException {
         IDBSSession s = mDBService.createSession();
         CertRecord rec = null;
 
         try {
             String name = "cn" + "=" +
-                serialNo.toString() + "," + getDN();
+                    serialNo.toString() + "," + getDN();
 
             rec = (CertRecord) s.read(name);
         } finally {
-            if (s != null) 
+            if (s != null)
                 s.close();
         }
         return rec;
     }
 
     public synchronized void modifyCertificateRecord(BigInteger serialNo,
-        ModificationSet mods) throws EBaseException {
+            ModificationSet mods) throws EBaseException {
         IDBSSession s = mDBService.createSession();
 
         try {
             String name = "cn" + "=" +
-                serialNo.toString() + "," + getDN();
+                    serialNo.toString() + "," + getDN();
 
             mods.add(CertRecord.ATTR_MODIFY_TIME, Modification.MOD_REPLACE,
-                CMS.getCurrentDate());
+                    CMS.getCurrentDate());
             s.modify(name, mods);
         } finally {
-            if (s != null) 
+            if (s != null)
                 s.close();
         }
     }
@@ -691,7 +684,7 @@ public class CertificateRepository extends Repository
      * Checks if the specified certificate is in the repository.
      */
     public boolean containsCertificate(BigInteger serialNo)
-        throws EBaseException {
+            throws EBaseException {
         try {
             ICertRecord cr = readCertificateRecord(serialNo);
 
@@ -706,7 +699,7 @@ public class CertificateRepository extends Repository
      * Marks certificate as revoked.
      */
     public void markAsRevoked(BigInteger id, IRevocationInfo info)
-        throws EBaseException {
+            throws EBaseException {
         ModificationSet mods = new ModificationSet();
 
         mods.add(CertRecord.ATTR_REVO_INFO, Modification.MOD_ADD, info);
@@ -715,15 +708,15 @@ public class CertificateRepository extends Repository
 
         if (uid == null) {
             mods.add(CertRecord.ATTR_REVOKED_BY, Modification.MOD_ADD,
-                "system");
+                    "system");
         } else {
             mods.add(CertRecord.ATTR_REVOKED_BY, Modification.MOD_ADD,
-                uid);
+                    uid);
         }
         mods.add(CertRecord.ATTR_REVOKED_ON, Modification.MOD_ADD,
-            CMS.getCurrentDate());
+                CMS.getCurrentDate());
         mods.add(CertRecord.ATTR_CERT_STATUS, Modification.MOD_REPLACE,
-            CertRecord.STATUS_REVOKED);
+                CertRecord.STATUS_REVOKED);
         modifyCertificateRecord(id, mods);
     }
 
@@ -731,15 +724,15 @@ public class CertificateRepository extends Repository
      * Unmarks revoked certificate.
      */
     public void unmarkRevoked(BigInteger id, IRevocationInfo info,
-        Date revokedOn, String revokedBy)
-        throws EBaseException {
+            Date revokedOn, String revokedBy)
+            throws EBaseException {
         ModificationSet mods = new ModificationSet();
 
         mods.add(CertRecord.ATTR_REVO_INFO, Modification.MOD_DELETE, info);
         mods.add(CertRecord.ATTR_REVOKED_BY, Modification.MOD_DELETE, revokedBy);
         mods.add(CertRecord.ATTR_REVOKED_ON, Modification.MOD_DELETE, revokedOn);
         mods.add(CertRecord.ATTR_CERT_STATUS, Modification.MOD_REPLACE,
-            CertRecord.STATUS_VALID);
+                CertRecord.STATUS_VALID);
         modifyCertificateRecord(id, mods);
     }
 
@@ -747,17 +740,17 @@ public class CertificateRepository extends Repository
      * Updates the certificiate record status to the specified.
      */
     public void updateStatus(BigInteger id, String status)
-        throws EBaseException {
+            throws EBaseException {
         CMS.debug("updateStatus: " + id + " status " + status);
         ModificationSet mods = new ModificationSet();
 
         mods.add(CertRecord.ATTR_CERT_STATUS, Modification.MOD_REPLACE,
-            status);
+                status);
         modifyCertificateRecord(id, mods);
     }
 
     public Enumeration searchCertificates(String filter, int maxSize)
-        throws EBaseException {
+            throws EBaseException {
         IDBSSession s = mDBService.createSession();
         Enumeration e = null;
 
@@ -765,14 +758,14 @@ public class CertificateRepository extends Repository
         try {
             e = s.search(getDN(), filter, maxSize);
         } finally {
-            if (s != null) 
+            if (s != null)
                 s.close();
         }
         return e;
     }
 
     public Enumeration searchCertificates(String filter, int maxSize, int timeLimit)
-        throws EBaseException {
+            throws EBaseException {
         IDBSSession s = mDBService.createSession();
         Enumeration e = null;
 
@@ -780,7 +773,7 @@ public class CertificateRepository extends Repository
         try {
             e = s.search(getDN(), filter, maxSize, timeLimit);
         } finally {
-            if (s != null) 
+            if (s != null)
                 s.close();
         }
         return e;
@@ -788,39 +781,42 @@ public class CertificateRepository extends Repository
 
     /**
      * Returns a list of X509CertImp that satisfies the filter.
+     * 
      * @deprecated replaced by <code>findCertificatesInList</code>
      */
     public Enumeration findCertRecs(String filter)
-        throws EBaseException {
+            throws EBaseException {
         CMS.debug("findCertRecs " + filter);
         IDBSSession s = mDBService.createSession();
         Enumeration e = null;
         try {
             e = s.search(getDN(), filter);
         } finally {
-            if (s != null) s.close();
+            if (s != null)
+                s.close();
         }
         return e;
     }
 
     public Enumeration findCertRecs(String filter, String[] attrs)
-        throws EBaseException {
+            throws EBaseException {
 
-        CMS.debug( "findCertRecs " + filter
-                 + "attrs " + Arrays.toString( attrs ) );
+        CMS.debug("findCertRecs " + filter
+                 + "attrs " + Arrays.toString(attrs));
         IDBSSession s = mDBService.createSession();
         Enumeration e = null;
         try {
             e = s.search(getDN(), filter, attrs);
         } finally {
-            if (s != null) s.close();
+            if (s != null)
+                s.close();
         }
         return e;
 
     }
 
     public Enumeration<X509CertImpl> findCertificates(String filter)
-        throws EBaseException {
+            throws EBaseException {
         Enumeration e = findCertRecords(filter);
         Vector<X509CertImpl> v = new Vector<X509CertImpl>();
 
@@ -833,18 +829,16 @@ public class CertificateRepository extends Repository
     }
 
     /**
-     * Finds a list of certificate records that satisifies
-     * the filter.
-     * If you are going to process everything in the list,
-     * use this.
+     * Finds a list of certificate records that satisifies the filter. If you
+     * are going to process everything in the list, use this.
      */
     public Enumeration findCertRecords(String filter)
-        throws EBaseException {
+            throws EBaseException {
         IDBSSession s = mDBService.createSession();
         Enumeration e = null;
 
         try {
-            //e = s.search(getDN(), filter);
+            // e = s.search(getDN(), filter);
             ICertRecordList list = null;
 
             list = findCertRecordsInList(filter, null, "serialno", 10);
@@ -852,15 +846,16 @@ public class CertificateRepository extends Repository
 
             e = list.getCertRecords(0, size - 1);
         } finally {
-            if (s != null) 
+            if (s != null)
                 s.close();
         }
         return e;
     }
 
     /**
-     * Finds certificate records. Here is a list of filter
-     * attribute can be used:
+     * Finds certificate records. Here is a list of filter attribute can be
+     * used:
+     * 
      * <pre>
      *   certRecordId
      *   certMetaInfo
@@ -871,49 +866,50 @@ public class CertificateRepository extends Repository
      *   x509Cert.notAfter
      *   x509Cert.subject
      * </pre>
-     * The filter should follow RFC1558 LDAP filter syntax.
-     * For example,
+     * 
+     * The filter should follow RFC1558 LDAP filter syntax. For example,
+     * 
      * <pre>
      *   (&(certRecordId=5)(x509Cert.notBefore=934398398))
      * </pre>
      */
-    public ICertRecordList findCertRecordsInList(String filter, 
-        String attrs[], int pageSize) throws EBaseException {
-        return findCertRecordsInList(filter, attrs, CertRecord.ATTR_ID, 
+    public ICertRecordList findCertRecordsInList(String filter,
+            String attrs[], int pageSize) throws EBaseException {
+        return findCertRecordsInList(filter, attrs, CertRecord.ATTR_ID,
                 pageSize);
     }
 
-    public ICertRecordList findCertRecordsInList(String filter, 
-        String attrs[], String sortKey, int pageSize) 
-        throws EBaseException {
+    public ICertRecordList findCertRecordsInList(String filter,
+            String attrs[], String sortKey, int pageSize)
+            throws EBaseException {
         IDBSSession s = mDBService.createSession();
 
         CMS.debug("In findCertRecordsInList");
         CertRecordList list = null;
 
         try {
-            IDBVirtualList<ICertRecord> vlist =  s.createVirtualList(getDN(), filter, attrs,
+            IDBVirtualList<ICertRecord> vlist = s.createVirtualList(getDN(), filter, attrs,
                     sortKey, pageSize);
 
             list = new CertRecordList(vlist);
         } finally {
-            if (s != null) 
+            if (s != null)
                 s.close();
         }
         return list;
     }
 
-    public ICertRecordList findCertRecordsInList(String filter, 
-		 String attrs[], String jumpTo, String sortKey, int pageSize)
-        throws EBaseException {
-	return findCertRecordsInList(filter, attrs, jumpTo, false, sortKey, pageSize);
+    public ICertRecordList findCertRecordsInList(String filter,
+            String attrs[], String jumpTo, String sortKey, int pageSize)
+            throws EBaseException {
+        return findCertRecordsInList(filter, attrs, jumpTo, false, sortKey, pageSize);
 
     }
 
-    public ICertRecordList findCertRecordsInList(String filter, 
-		 String attrs[], String jumpTo, boolean hardJumpTo,
-						 String sortKey, int pageSize)
-        throws EBaseException {
+    public ICertRecordList findCertRecordsInList(String filter,
+            String attrs[], String jumpTo, boolean hardJumpTo,
+                         String sortKey, int pageSize)
+            throws EBaseException {
         IDBSSession s = mDBService.createSession();
         CertRecordList list = null;
 
@@ -921,33 +917,33 @@ public class CertificateRepository extends Repository
         try {
             String jumpToVal = null;
 
-	    if (hardJumpTo) {
-        CMS.debug("In findCertRecordsInList with hardJumpto ");
-		jumpToVal = "99";
-	    } else {
-            int len = jumpTo.length();
-
-            if (len > 9) {
-                jumpToVal = Integer.toString(len) + jumpTo;
+            if (hardJumpTo) {
+                CMS.debug("In findCertRecordsInList with hardJumpto ");
+                jumpToVal = "99";
             } else {
-                jumpToVal = "0" + Integer.toString(len) + jumpTo;
+                int len = jumpTo.length();
+
+                if (len > 9) {
+                    jumpToVal = Integer.toString(len) + jumpTo;
+                } else {
+                    jumpToVal = "0" + Integer.toString(len) + jumpTo;
+                }
             }
-	    }
 
-            IDBVirtualList<ICertRecord> vlist =  s.createVirtualList(getDN(), filter,
+            IDBVirtualList<ICertRecord> vlist = s.createVirtualList(getDN(), filter,
                     attrs, jumpToVal, sortKey, pageSize);
 
             list = new CertRecordList(vlist);
         } finally {
-            if (s != null) 
+            if (s != null)
                 s.close();
         }
         return list;
     }
 
     public ICertRecordList findCertRecordsInListRawJumpto(String filter,
-        String attrs[], String jumpTo, String sortKey, int pageSize)
-        throws EBaseException {
+            String attrs[], String jumpTo, String sortKey, int pageSize)
+            throws EBaseException {
         IDBSSession s = mDBService.createSession();
         CertRecordList list = null;
 
@@ -955,7 +951,7 @@ public class CertificateRepository extends Repository
 
         try {
 
-            IDBVirtualList<ICertRecord> vlist =  s.createVirtualList(getDN(), filter,
+            IDBVirtualList<ICertRecord> vlist = s.createVirtualList(getDN(), filter,
                     attrs, jumpTo, sortKey, pageSize);
 
             list = new CertRecordList(vlist);
@@ -970,44 +966,44 @@ public class CertificateRepository extends Repository
      * Marks certificate as renewable.
      */
     public void markCertificateAsRenewable(ICertRecord record)
-        throws EBaseException {
+            throws EBaseException {
         changeRenewalAttribute(((CertRecord) record).getSerialNumber().toString(),
-            CertRecord.AUTO_RENEWAL_ENABLED);
+                CertRecord.AUTO_RENEWAL_ENABLED);
     }
 
     /**
      * Marks certificate as renewable.
      */
     public void markCertificateAsNotRenewable(ICertRecord record)
-        throws EBaseException {
+            throws EBaseException {
         changeRenewalAttribute(((CertRecord) record).getSerialNumber().toString(),
-            CertRecord.AUTO_RENEWAL_DISABLED);
+                CertRecord.AUTO_RENEWAL_DISABLED);
     }
 
     public void markCertificateAsRenewed(String serialNo)
-        throws EBaseException {
+            throws EBaseException {
         changeRenewalAttribute(serialNo, CertRecord.AUTO_RENEWAL_DONE);
     }
 
     public void markCertificateAsRenewalNotified(String serialNo)
-        throws EBaseException {
+            throws EBaseException {
         changeRenewalAttribute(serialNo, CertRecord.AUTO_RENEWAL_NOTIFIED);
     }
 
     private void changeRenewalAttribute(String serialno, String value)
-        throws EBaseException {
+            throws EBaseException {
         IDBSSession s = mDBService.createSession();
 
         try {
             String name = "cn" + "=" + serialno +
-                "," + getDN();
+                    "," + getDN();
             ModificationSet mods = new ModificationSet();
 
             mods.add(CertRecord.ATTR_AUTO_RENEW, Modification.MOD_REPLACE,
-                value);
+                    value);
             s.modify(name, mods);
         } finally {
-            if (s != null) 
+            if (s != null)
                 s.close();
         }
     }
@@ -1018,6 +1014,7 @@ public class CertificateRepository extends Repository
     public class RenewableCertificateCollection {
         Vector<Object> mToRenew = null;
         Vector<Object> mToNotify = null;
+
         public RenewableCertificateCollection() {
         }
 
@@ -1044,21 +1041,21 @@ public class CertificateRepository extends Repository
     }
 
     public Hashtable<String, RenewableCertificateCollection> getRenewableCertificates(String renewalTime)
-        throws EBaseException {
+            throws EBaseException {
         IDBSSession s = mDBService.createSession();
 
         Hashtable<String, RenewableCertificateCollection> tab = null;
 
         try {
             String filter = "(&(" + CertRecord.ATTR_CERT_STATUS + "=" +
-                CertRecord.STATUS_VALID + ")("
-                + CertRecord.ATTR_X509CERT +
-                "." + CertificateValidity.NOT_AFTER + "<=" + renewalTime +
-                ")(!(" + CertRecord.ATTR_AUTO_RENEW + "=" +
-                CertRecord.AUTO_RENEWAL_DONE +
-                "))(!(" + CertRecord.ATTR_AUTO_RENEW + "=" +
-                CertRecord.AUTO_RENEWAL_NOTIFIED + ")))";
-            //Enumeration e = s.search(getDN(), filter);
+                    CertRecord.STATUS_VALID + ")("
+                    + CertRecord.ATTR_X509CERT +
+                    "." + CertificateValidity.NOT_AFTER + "<=" + renewalTime +
+                    ")(!(" + CertRecord.ATTR_AUTO_RENEW + "=" +
+                    CertRecord.AUTO_RENEWAL_DONE +
+                    "))(!(" + CertRecord.ATTR_AUTO_RENEW + "=" +
+                    CertRecord.AUTO_RENEWAL_NOTIFIED + ")))";
+            // Enumeration e = s.search(getDN(), filter);
             ICertRecordList list = null;
 
             list = findCertRecordsInList(filter, null, "serialno", 10);
@@ -1077,7 +1074,7 @@ public class CertificateRepository extends Repository
 
                 if ((val = tab.get(subjectDN)) == null) {
                     RenewableCertificateCollection collection =
-                        new RenewableCertificateCollection();
+                            new RenewableCertificateCollection();
 
                     collection.addCertificate(renewalFlag, cert);
                     tab.put(subjectDN, collection);
@@ -1086,23 +1083,22 @@ public class CertificateRepository extends Repository
                 }
             }
         } finally {
-            if (s != null) 
+            if (s != null)
                 s.close();
         }
         return tab;
     }
 
     /**
-     * Gets all valid and unexpired certificates pertaining
-     * to a subject DN.
-     *
-     * @param subjectDN	The distinguished name of the subject.
-     * @param validityType	The type of certificates to get.
+     * Gets all valid and unexpired certificates pertaining to a subject DN.
+     * 
+     * @param subjectDN The distinguished name of the subject.
+     * @param validityType The type of certificates to get.
      * @return An array of certificates.
      */
 
     public X509CertImpl[] getX509Certificates(String subjectDN,
-        int validityType) throws EBaseException {
+            int validityType) throws EBaseException {
         IDBSSession s = mDBService.createSession();
 
         X509CertImpl certs[] = null;
@@ -1110,7 +1106,7 @@ public class CertificateRepository extends Repository
         try {
             // XXX - not checking validityType...
             String filter = "(&(" + CertRecord.ATTR_X509CERT +
-                "." + X509CertInfo.SUBJECT + "=" + subjectDN;
+                    "." + X509CertInfo.SUBJECT + "=" + subjectDN;
 
             if (validityType == ALL_VALID_CERTS) {
                 filter += ")(" +
@@ -1126,7 +1122,7 @@ public class CertificateRepository extends Repository
             }
             filter += "))";
 
-            //Enumeration e = s.search(getDN(), filter);
+            // Enumeration e = s.search(getDN(), filter);
             ICertRecordList list = null;
 
             list = findCertRecordsInList(filter, null, "serialno", 10);
@@ -1145,14 +1141,14 @@ public class CertificateRepository extends Repository
             certs = new X509CertImpl[v.size()];
             v.copyInto(certs);
         } finally {
-            if (s != null) 
+            if (s != null)
                 s.close();
         }
         return certs;
     }
 
     public X509CertImpl[] getX509Certificates(String filter)
-        throws EBaseException {
+            throws EBaseException {
         IDBSSession s = mDBService.createSession();
 
         X509CertImpl certs[] = null;
@@ -1161,7 +1157,7 @@ public class CertificateRepository extends Repository
             Enumeration e = null;
 
             if (filter != null && filter.length() > 0) {
-                //e = s.search(getDN(), filter);
+                // e = s.search(getDN(), filter);
                 ICertRecordList list = null;
 
                 list = findCertRecordsInList(filter, null, "serialno", 10);
@@ -1182,7 +1178,7 @@ public class CertificateRepository extends Repository
                 v.copyInto(certs);
             }
         } finally {
-            if (s != null) 
+            if (s != null)
                 s.close();
         }
         return certs;
@@ -1190,106 +1186,108 @@ public class CertificateRepository extends Repository
 
     /**
      * Retrives all valid certificates excluding ones already revoked.
-     * @param from	The starting point of the serial number range.
-     * @param to	The ending point of the serial number range.
+     * 
+     * @param from The starting point of the serial number range.
+     * @param to The ending point of the serial number range.
      */
     public Enumeration<CertRecord> getValidCertificates(String from, String to)
-		throws EBaseException {
-			IDBSSession s = mDBService.createSession();
-			Vector<CertRecord> v = new Vector<CertRecord>();
+            throws EBaseException {
+        IDBSSession s = mDBService.createSession();
+        Vector<CertRecord> v = new Vector<CertRecord>();
 
-			try {
+        try {
 
-				// 'from' determines 'jumpto' value
-				// 'to' determines where to stop looking
+            // 'from' determines 'jumpto' value
+            // 'to' determines where to stop looking
 
-				String ldapfilter = "(certstatus=VALID)";
+            String ldapfilter = "(certstatus=VALID)";
 
-                String fromVal = "0";
-                try {
-                    if (from != null) {
-                      int fv = Integer.parseInt(from);
-                      fromVal = from;
-                    }
-                } catch (Exception e1) {
-                   // from is not integer
+            String fromVal = "0";
+            try {
+                if (from != null) {
+                    int fv = Integer.parseInt(from);
+                    fromVal = from;
                 }
+            } catch (Exception e1) {
+                // from is not integer
+            }
 
-				ICertRecordList list = 
-					findCertRecordsInList(ldapfilter, null, fromVal, "serialno", 40);
+            ICertRecordList list =
+                    findCertRecordsInList(ldapfilter, null, fromVal, "serialno", 40);
 
-				BigInteger toInt = null;
-                if (to != null && !to.trim().equals("")) {
-                  toInt = new BigInteger(to);
-                }
+            BigInteger toInt = null;
+            if (to != null && !to.trim().equals("")) {
+                toInt = new BigInteger(to);
+            }
 
-				for (int i=0;; i++) {
-					CertRecord rec = (CertRecord) list.getCertRecord(i);
-					CMS.debug("processing record: "+i);
-					if (rec == null) {
-                         break; // no element returned
-                    } else {
-
-					     CMS.debug("processing record: "+i+" "+rec.getSerialNumber());
-						// Check if we are past the 'to' marker
-                        if (toInt != null) {
-						  if (rec.getSerialNumber().compareTo(toInt) > 0) {
-							break;
-						  }
+            for (int i = 0;; i++) {
+                CertRecord rec = (CertRecord) list.getCertRecord(i);
+                CMS.debug("processing record: " + i);
+                if (rec == null) {
+                    break; // no element returned
+                } else {
+
+                    CMS.debug("processing record: " + i + " " + rec.getSerialNumber());
+                    // Check if we are past the 'to' marker
+                    if (toInt != null) {
+                        if (rec.getSerialNumber().compareTo(toInt) > 0) {
+                            break;
                         }
-						v.addElement(rec);
-					}
-				}
-
-			} finally {
-				if (s != null) 
-					s.close();
-			}
-			CMS.debug("returning "+v.size()+" elements");
-			return v.elements();
-		}
+                    }
+                    v.addElement(rec);
+                }
+            }
+
+        } finally {
+            if (s != null)
+                s.close();
+        }
+        CMS.debug("returning " + v.size() + " elements");
+        return v.elements();
+    }
 
     /**
      * Retrives all valid certificates excluding ones already revoked.
      */
     public Enumeration getAllValidCertificates()
-        throws EBaseException {
+            throws EBaseException {
         IDBSSession s = mDBService.createSession();
         Enumeration e = null;
 
         try {
             Date now = CMS.getCurrentDate();
             String ldapfilter = "(&(!(" + CertRecord.ATTR_REVO_INFO + "=*))(" +
-                CertRecord.ATTR_X509CERT + "." +
-                CertificateValidity.NOT_BEFORE + "<=" +
-                DateMapper.dateToDB(now) + ")(" +
-                CertRecord.ATTR_X509CERT + "." +
-                CertificateValidity.NOT_AFTER + ">=" +
-                DateMapper.dateToDB(now) + "))";
-            //e = s.search(getDN(), ldapfilter);
+                    CertRecord.ATTR_X509CERT + "." +
+                    CertificateValidity.NOT_BEFORE + "<=" +
+                    DateMapper.dateToDB(now) + ")(" +
+                    CertRecord.ATTR_X509CERT + "." +
+                    CertificateValidity.NOT_AFTER + ">=" +
+                    DateMapper.dateToDB(now) + "))";
+            // e = s.search(getDN(), ldapfilter);
             ICertRecordList list = null;
 
             list = findCertRecordsInList(ldapfilter, null, "serialno", 10);
             int size = list.getSize();
 
             e = list.getCertRecords(0, size - 1);
-								 
+
         } finally {
             // XXX - transaction is not done at this moment
-            if (s != null) 
+            if (s != null)
                 s.close();
         }
         return e;
     }
 
     /**
-     * Retrives all valid not published certificates 
-     * excluding ones already revoked.
-     * @param from	The starting point of the serial number range.
-     * @param to	The ending point of the serial number range.
+     * Retrives all valid not published certificates excluding ones already
+     * revoked.
+     * 
+     * @param from The starting point of the serial number range.
+     * @param to The ending point of the serial number range.
      */
     public Enumeration getValidNotPublishedCertificates(String from, String to)
-        throws EBaseException {
+            throws EBaseException {
         IDBSSession s = mDBService.createSession();
         Enumeration e = null;
 
@@ -1311,53 +1309,53 @@ public class CertificateRepository extends Repository
                     "certMetainfo=" +
                     CertRecord.META_LDAPPUBLISH +
                     ":true)))";
-            //e = s.search(getDN(), ldapfilter);
+            // e = s.search(getDN(), ldapfilter);
             ICertRecordList list = null;
 
             list = findCertRecordsInList(ldapfilter, null, "serialno", 10);
             int size = list.getSize();
 
             e = list.getCertRecords(0, size - 1);
-								 
+
         } finally {
-            if (s != null) 
+            if (s != null)
                 s.close();
         }
         return e;
     }
 
     /**
-     * Retrives all valid not published certificates 
-     * excluding ones already revoked.
+     * Retrives all valid not published certificates excluding ones already
+     * revoked.
      */
     public Enumeration getAllValidNotPublishedCertificates()
-        throws EBaseException {
+            throws EBaseException {
         IDBSSession s = mDBService.createSession();
         Enumeration e = null;
 
         try {
             Date now = CMS.getCurrentDate();
             String ldapfilter = "(&(!(" + CertRecord.ATTR_REVO_INFO + "=*))(" +
-                CertRecord.ATTR_X509CERT + "." +
-                CertificateValidity.NOT_BEFORE + "<=" +
-                DateMapper.dateToDB(now) + ")(" +
-                CertRecord.ATTR_X509CERT + "." +
-                CertificateValidity.NOT_AFTER + ">=" +
-                DateMapper.dateToDB(now) + ")(!(" +
-                "certMetainfo=" +
-                CertRecord.META_LDAPPUBLISH +
-                ":true)))";
-            //e = s.search(getDN(), ldapfilter);
+                    CertRecord.ATTR_X509CERT + "." +
+                    CertificateValidity.NOT_BEFORE + "<=" +
+                    DateMapper.dateToDB(now) + ")(" +
+                    CertRecord.ATTR_X509CERT + "." +
+                    CertificateValidity.NOT_AFTER + ">=" +
+                    DateMapper.dateToDB(now) + ")(!(" +
+                    "certMetainfo=" +
+                    CertRecord.META_LDAPPUBLISH +
+                    ":true)))";
+            // e = s.search(getDN(), ldapfilter);
             ICertRecordList list = null;
 
             list = findCertRecordsInList(ldapfilter, null, "serialno", 10);
             int size = list.getSize();
 
             e = list.getCertRecords(0, size - 1);
-								 
+
         } finally {
             // XXX - transaction is not done at this moment
-            if (s != null) 
+            if (s != null)
                 s.close();
         }
         return e;
@@ -1365,11 +1363,12 @@ public class CertificateRepository extends Repository
 
     /**
      * Retrives all expired certificates.
-     * @param from	The starting point of the serial number range.
-     * @param to	The ending point of the serial number range.
+     * 
+     * @param from The starting point of the serial number range.
+     * @param to The ending point of the serial number range.
      */
     public Enumeration getExpiredCertificates(String from, String to)
-        throws EBaseException {
+            throws EBaseException {
         IDBSSession s = mDBService.createSession();
         Enumeration e = null;
 
@@ -1384,17 +1383,17 @@ public class CertificateRepository extends Repository
             ldapfilter += "!(" + CertRecord.ATTR_X509CERT + "." +
                     CertificateValidity.NOT_AFTER + ">=" +
                     DateMapper.dateToDB(now) + ")))";
-            //e = s.search(getDN(), ldapfilter);
-								 
+            // e = s.search(getDN(), ldapfilter);
+
             ICertRecordList list = null;
 
             list = findCertRecordsInList(ldapfilter, null, "serialno", 10);
             int size = list.getSize();
 
             e = list.getCertRecords(0, size - 1);
-        } finally { 
+        } finally {
             // XXX - transaction is not done at this moment
-            if (s != null) 
+            if (s != null)
                 s.close();
         }
         return e;
@@ -1404,26 +1403,26 @@ public class CertificateRepository extends Repository
      * Retrives all expired certificates.
      */
     public Enumeration getAllExpiredCertificates()
-        throws EBaseException {
+            throws EBaseException {
         IDBSSession s = mDBService.createSession();
         Enumeration e = null;
 
         try {
             Date now = CMS.getCurrentDate();
             String ldapfilter = "(!(" + CertRecord.ATTR_X509CERT + "." +
-                CertificateValidity.NOT_AFTER + ">=" +
-                DateMapper.dateToDB(now) + "))";
-            //e = s.search(getDN(), ldapfilter);
+                    CertificateValidity.NOT_AFTER + ">=" +
+                    DateMapper.dateToDB(now) + "))";
+            // e = s.search(getDN(), ldapfilter);
             ICertRecordList list = null;
 
             list = findCertRecordsInList(ldapfilter, null, "serialno", 10);
             int size = list.getSize();
 
             e = list.getCertRecords(0, size - 1);
-								 
-        } finally { 
+
+        } finally {
             // XXX - transaction is not done at this moment
-            if (s != null) 
+            if (s != null)
                 s.close();
         }
         return e;
@@ -1431,11 +1430,12 @@ public class CertificateRepository extends Repository
 
     /**
      * Retrives all expired published certificates.
-     * @param from	The starting point of the serial number range.
-     * @param to	The ending point of the serial number range.
+     * 
+     * @param from The starting point of the serial number range.
+     * @param to The ending point of the serial number range.
      */
     public Enumeration getExpiredPublishedCertificates(String from, String to)
-        throws EBaseException {
+            throws EBaseException {
         IDBSSession s = mDBService.createSession();
         Enumeration e = null;
 
@@ -1449,22 +1449,22 @@ public class CertificateRepository extends Repository
                 ldapfilter += CertRecord.ATTR_ID + "<=" + to + ")(";
             ldapfilter += "!(" + CertRecord.ATTR_X509CERT + "." +
                     CertificateValidity.NOT_AFTER + ">=" +
-                    //DateMapper.dateToDB(now) + ")))";
+                    // DateMapper.dateToDB(now) + ")))";
                     DateMapper.dateToDB(now) + "))(" +
                     "certMetainfo=" +
                     CertRecord.META_LDAPPUBLISH +
                     ":true))";
-            //e = s.search(getDN(), ldapfilter);
-								 
+            // e = s.search(getDN(), ldapfilter);
+
             ICertRecordList list = null;
 
             list = findCertRecordsInList(ldapfilter, null, "serialno", 10);
             int size = list.getSize();
 
             e = list.getCertRecords(0, size - 1);
-        } finally { 
+        } finally {
             // XXX - transaction is not done at this moment
-            if (s != null) 
+            if (s != null)
                 s.close();
         }
         return e;
@@ -1474,7 +1474,7 @@ public class CertificateRepository extends Repository
      * Retrives all expired publishedcertificates.
      */
     public Enumeration getAllExpiredPublishedCertificates()
-        throws EBaseException {
+            throws EBaseException {
         IDBSSession s = mDBService.createSession();
         Enumeration e = null;
 
@@ -1488,25 +1488,25 @@ public class CertificateRepository extends Repository
             ldapfilter += "(certMetainfo=" +
                     CertRecord.META_LDAPPUBLISH +
                     ":true))";
-		
-            //e = s.search(getDN(), ldapfilter);
+
+            // e = s.search(getDN(), ldapfilter);
             ICertRecordList list = null;
 
             list = findCertRecordsInList(ldapfilter, null, "serialno", 10);
             int size = list.getSize();
 
             e = list.getCertRecords(0, size - 1);
-								 
-        } finally { 
+
+        } finally {
             // XXX - transaction is not done at this moment
-            if (s != null) 
+            if (s != null)
                 s.close();
         }
         return e;
     }
 
     public ICertRecordList getInvalidCertsByNotBeforeDate(Date date, int pageSize)
-        throws EBaseException {
+            throws EBaseException {
 
         String now = null;
 
@@ -1521,22 +1521,21 @@ public class CertificateRepository extends Repository
             String[] attrs = null;
 
             if (mConsistencyCheck == false) {
-                attrs = new String[] { "objectclass", CertRecord.ATTR_ID, CertRecord.ATTR_X509CERT};
+                attrs = new String[] { "objectclass", CertRecord.ATTR_ID, CertRecord.ATTR_X509CERT };
             }
 
             CMS.debug("getInvalidCertificatesByNotBeforeDate filter " + ldapfilter);
-            //e = s.search(getDN(), ldapfilter);
+            // e = s.search(getDN(), ldapfilter);
             CMS.debug("getInvalidCertificatesByNotBeforeDate: about to call findCertRecordsInList");
 
             list = findCertRecordsInListRawJumpto(ldapfilter, attrs,
                         DateMapper.dateToDB(date), "notBefore", pageSize);
 
-            //e = list.getCertRecords(0, size - 1);
+            // e = list.getCertRecords(0, size - 1);
 
         } finally {
             // XXX - transaction is not done at this moment
 
-
             CMS.debug("In getInvalidCertsByNotBeforeDate finally.");
 
             if (s != null)
@@ -1547,7 +1546,7 @@ public class CertificateRepository extends Repository
     }
 
     public ICertRecordList getValidCertsByNotAfterDate(Date date, int pageSize)
-        throws EBaseException {
+            throws EBaseException {
 
         String now = null;
 
@@ -1560,11 +1559,11 @@ public class CertificateRepository extends Repository
             String[] attrs = null;
 
             if (mConsistencyCheck == false) {
-                attrs = new String[] { "objectclass", CertRecord.ATTR_ID, CertRecord.ATTR_X509CERT};
+                attrs = new String[] { "objectclass", CertRecord.ATTR_ID, CertRecord.ATTR_X509CERT };
             }
 
             CMS.debug("getValidCertsByNotAfterDate filter " + ldapfilter);
-            //e = s.search(getDN(), ldapfilter);
+            // e = s.search(getDN(), ldapfilter);
             list = findCertRecordsInListRawJumpto(ldapfilter, attrs, DateMapper.dateToDB(date), "notAfter", pageSize);
 
         } finally {
@@ -1577,7 +1576,7 @@ public class CertificateRepository extends Repository
     }
 
     public ICertRecordList getRevokedCertsByNotAfterDate(Date date, int pageSize)
-        throws EBaseException {
+            throws EBaseException {
 
         ICertRecordList list = null;
         IDBSSession s = mDBService.createSession();
@@ -1589,11 +1588,11 @@ public class CertificateRepository extends Repository
 
             if (mConsistencyCheck == false) {
                 attrs = new String[] { "objectclass", CertRecord.ATTR_REVOKED_ON, CertRecord.ATTR_ID,
-                            CertRecord.ATTR_REVO_INFO, CertificateValidity.NOT_AFTER, CertRecord.ATTR_X509CERT};
+                            CertRecord.ATTR_REVO_INFO, CertificateValidity.NOT_AFTER, CertRecord.ATTR_X509CERT };
             }
 
             CMS.debug("getRevokedCertificatesByNotAfterDate filter " + ldapfilter);
-            //e = s.search(getDN(), ldapfilter);
+            // e = s.search(getDN(), ldapfilter);
             CMS.debug("getRevokedCertificatesByNotAfterDate: about to call findCertRecordsInList");
 
             list = findCertRecordsInListRawJumpto(ldapfilter, attrs,
@@ -1602,21 +1601,21 @@ public class CertificateRepository extends Repository
         } finally {
             // XXX - transaction is not done at this moment
 
-
             if (s != null)
                 s.close();
         }
         return list;
 
     }
-    
+
     /**
-     * Retrieves all revoked certificates in the serial number range. 
-     * @param from	The starting point of the serial number range.
-     * @param to	The ending point of the serial number range.
+     * Retrieves all revoked certificates in the serial number range.
+     * 
+     * @param from The starting point of the serial number range.
+     * @param to The ending point of the serial number range.
      */
     public Enumeration getRevokedCertificates(String from, String to)
-        throws EBaseException {
+            throws EBaseException {
         IDBSSession s = mDBService.createSession();
         Enumeration e = null;
 
@@ -1628,7 +1627,7 @@ public class CertificateRepository extends Repository
             if (to != null && to.length() > 0)
                 ldapfilter += "(" + CertRecord.ATTR_ID + "<=" + to + ")";
             ldapfilter += ")";
-            //e = s.search(getDN(), ldapfilter);
+            // e = s.search(getDN(), ldapfilter);
             ICertRecordList list = null;
 
             list = findCertRecordsInList(ldapfilter, null, "serialno", 10);
@@ -1637,24 +1636,29 @@ public class CertificateRepository extends Repository
             e = list.getCertRecords(0, size - 1);
         } finally {
             // XXX - transaction is not done at this moment
-            if (s != null) 
+            if (s != null)
                 s.close();
         }
         return e;
     }
 
     /**
-     * Retrives all revoked certificates including ones already expired or 
-     * not yet valid.
+     * Retrives all revoked certificates including ones already expired or not
+     * yet valid.
      */
     public Enumeration getAllRevokedCertificates()
-        throws EBaseException {
+            throws EBaseException {
         IDBSSession s = mDBService.createSession();
         Enumeration e = null;
-        String ldapfilter = "(|(" + CertRecord.ATTR_CERT_STATUS + "=" + CertRecord.STATUS_REVOKED + ")(" + CertRecord.ATTR_CERT_STATUS + "=" + CertRecord.STATUS_REVOKED_EXPIRED + "))"; // index is setup for this filter
+        String ldapfilter = "(|(" + CertRecord.ATTR_CERT_STATUS + "=" + CertRecord.STATUS_REVOKED + ")(" + CertRecord.ATTR_CERT_STATUS + "=" + CertRecord.STATUS_REVOKED_EXPIRED + "))"; // index
+                                                                                                                                                                                         // is
+                                                                                                                                                                                         // setup
+                                                                                                                                                                                         // for
+                                                                                                                                                                                         // this
+                                                                                                                                                                                         // filter
 
         try {
-            //e = s.search(getDN(), ldapfilter);
+            // e = s.search(getDN(), ldapfilter);
             ICertRecordList list = null;
 
             list = findCertRecordsInList(ldapfilter, null, "serialno", 10);
@@ -1662,19 +1666,20 @@ public class CertificateRepository extends Repository
 
             e = list.getCertRecords(0, size - 1);
         } finally {
-            if (s != null) 
+            if (s != null)
                 s.close();
         }
         return e;
     }
 
     /**
-     * Retrieves all revoked publishedcertificates in the serial number range. 
-     * @param from	The starting point of the serial number range.
-     * @param to	The ending point of the serial number range.
+     * Retrieves all revoked publishedcertificates in the serial number range.
+     * 
+     * @param from The starting point of the serial number range.
+     * @param to The ending point of the serial number range.
      */
     public Enumeration getRevokedPublishedCertificates(String from, String to)
-        throws EBaseException {
+            throws EBaseException {
         IDBSSession s = mDBService.createSession();
         Enumeration e = null;
 
@@ -1685,11 +1690,11 @@ public class CertificateRepository extends Repository
                 ldapfilter += "(" + CertRecord.ATTR_ID + ">=" + from + ")";
             if (to != null && to.length() > 0)
                 ldapfilter += "(" + CertRecord.ATTR_ID + "<=" + to + ")";
-                //ldapfilter += ")";
+            // ldapfilter += ")";
             ldapfilter += "(certMetainfo=" +
                     CertRecord.META_LDAPPUBLISH +
                     ":true))";
-            //e = s.search(getDN(), ldapfilter);
+            // e = s.search(getDN(), ldapfilter);
             ICertRecordList list = null;
 
             list = findCertRecordsInList(ldapfilter, null, "serialno", 10);
@@ -1698,27 +1703,32 @@ public class CertificateRepository extends Repository
             e = list.getCertRecords(0, size - 1);
         } finally {
             // XXX - transaction is not done at this moment
-            if (s != null) 
+            if (s != null)
                 s.close();
         }
         return e;
     }
 
     /**
-     * Retrives all revoked published certificates including ones 
-     * already expired or not yet valid.
+     * Retrives all revoked published certificates including ones already
+     * expired or not yet valid.
      */
     public Enumeration getAllRevokedPublishedCertificates()
-        throws EBaseException {
+            throws EBaseException {
         IDBSSession s = mDBService.createSession();
         Enumeration e = null;
-        String ldapfilter = "(&(|(" + CertRecord.ATTR_CERT_STATUS + "=" + CertRecord.STATUS_REVOKED + ")(" + CertRecord.ATTR_CERT_STATUS + "=" + CertRecord.STATUS_REVOKED_EXPIRED + "))"; // index is setup for this filter
+        String ldapfilter = "(&(|(" + CertRecord.ATTR_CERT_STATUS + "=" + CertRecord.STATUS_REVOKED + ")(" + CertRecord.ATTR_CERT_STATUS + "=" + CertRecord.STATUS_REVOKED_EXPIRED + "))"; // index
+                                                                                                                                                                                           // is
+                                                                                                                                                                                           // setup
+                                                                                                                                                                                           // for
+                                                                                                                                                                                           // this
+                                                                                                                                                                                           // filter
 
         ldapfilter += "(certMetainfo=" +
                 CertRecord.META_LDAPPUBLISH +
                 ":true))";
         try {
-            //e = s.search(getDN(), ldapfilter);
+            // e = s.search(getDN(), ldapfilter);
             ICertRecordList list = null;
 
             list = findCertRecordsInList(ldapfilter, null, "serialno", 10);
@@ -1726,30 +1736,31 @@ public class CertificateRepository extends Repository
 
             e = list.getCertRecords(0, size - 1);
         } finally {
-            if (s != null) 
+            if (s != null)
                 s.close();
         }
         return e;
     }
 
     /**
-     * Retrieves all revoked certificates that have not expired. 
+     * Retrieves all revoked certificates that have not expired.
      */
     public Enumeration getRevokedCertificates(Date asOfDate)
-        throws EBaseException {
+            throws EBaseException {
         IDBSSession s = mDBService.createSession();
         Enumeration e = null;
 
         try {
 
-            /*e = s.search(getDN(), "(&(" +
-             CertRecord.ATTR_REVO_INFO + "=*)(" + CertRecord.ATTR_X509CERT +
-             "." +  CertificateValidity.NOT_AFTER + " >= " +
-             DateMapper.dateToDB(asOfDate) + "))");*/
+            /*
+             * e = s.search(getDN(), "(&(" + CertRecord.ATTR_REVO_INFO + "=*)("
+             * + CertRecord.ATTR_X509CERT + "." + CertificateValidity.NOT_AFTER
+             * + " >= " + DateMapper.dateToDB(asOfDate) + "))");
+             */
             String ldapfilter = "(&(" +
-                CertRecord.ATTR_REVO_INFO + "=*)(" + CertRecord.ATTR_X509CERT +
-                "." + CertificateValidity.NOT_AFTER + " >= " +
-                DateMapper.dateToDB(asOfDate) + "))";
+                    CertRecord.ATTR_REVO_INFO + "=*)(" + CertRecord.ATTR_X509CERT +
+                    "." + CertificateValidity.NOT_AFTER + " >= " +
+                    DateMapper.dateToDB(asOfDate) + "))";
             ICertRecordList list = null;
 
             list = findCertRecordsInList(ldapfilter, null, "serialno", 10);
@@ -1758,7 +1769,7 @@ public class CertificateRepository extends Repository
             e = list.getCertRecords(0, size - 1);
         } finally {
             // XXX - transaction is not done at this moment
-            if (s != null) 
+            if (s != null)
                 s.close();
         }
         return e;
@@ -1768,13 +1779,18 @@ public class CertificateRepository extends Repository
      * Retrives all revoked certificates excluing ones already expired.
      */
     public Enumeration getAllRevokedNonExpiredCertificates()
-        throws EBaseException {
+            throws EBaseException {
         IDBSSession s = mDBService.createSession();
         Enumeration e = null;
-        String ldapfilter = "(" + CertRecord.ATTR_CERT_STATUS + "=" + CertRecord.STATUS_REVOKED + ")"; // index is setup for this filter
+        String ldapfilter = "(" + CertRecord.ATTR_CERT_STATUS + "=" + CertRecord.STATUS_REVOKED + ")"; // index
+                                                                                                       // is
+                                                                                                       // setup
+                                                                                                       // for
+                                                                                                       // this
+                                                                                                       // filter
 
         try {
-            //e = s.search(getDN(), ldapfilter);
+            // e = s.search(getDN(), ldapfilter);
             ICertRecordList list = null;
 
             list = findCertRecordsInList(ldapfilter, null, "serialno", 10);
@@ -1782,14 +1798,14 @@ public class CertificateRepository extends Repository
 
             e = list.getCertRecords(0, size - 1);
         } finally {
-            if (s != null) 
+            if (s != null)
                 s.close();
         }
         return e;
     }
 
     private LDAPSearchResults startSearchForModifiedCertificateRecords()
-        throws EBaseException {
+            throws EBaseException {
         CMS.debug("startSearchForModifiedCertificateRecords");
         LDAPSearchResults r = null;
         IDBSSession s = mDBService.createSession();
@@ -1799,9 +1815,9 @@ public class CertificateRepository extends Repository
             r = s.persistentSearch(getDN(), filter, null);
             CMS.debug("startSearchForModifiedCertificateRecords  persistentSearch started");
         } catch (Exception e) {
-            CMS.debug("startSearchForModifiedCertificateRecords  persistentSearch Exception="+e);
+            CMS.debug("startSearchForModifiedCertificateRecords  persistentSearch Exception=" + e);
             r = null;
-            if (s != null) 
+            if (s != null)
                 s.close();
         }
         return r;
@@ -1809,20 +1825,20 @@ public class CertificateRepository extends Repository
 
     public void getModifications(LDAPEntry entry) {
         if (entry != null) {
-            CMS.debug("getModifications  entry DN="+entry.getDN());
+            CMS.debug("getModifications  entry DN=" + entry.getDN());
 
             LDAPAttributeSet entryAttrs = entry.getAttributeSet();
             ICertRecord certRec = null;
             try {
-                certRec = (ICertRecord)mDBService.getRegistry().createObject(entryAttrs);
+                certRec = (ICertRecord) mDBService.getRegistry().createObject(entryAttrs);
             } catch (Exception e) {
             }
             if (certRec != null) {
                 String status = certRec.getStatus();
-                CMS.debug("getModifications  serialNumber="+certRec.getSerialNumber()+
-                          "  status="+status);
+                CMS.debug("getModifications  serialNumber=" + certRec.getSerialNumber() +
+                          "  status=" + status);
                 if (status != null && (status.equals(ICertRecord.STATUS_VALID) ||
-                    status.equals(ICertRecord.STATUS_REVOKED))) {
+                        status.equals(ICertRecord.STATUS_REVOKED))) {
 
                     Enumeration<ICRLIssuingPoint> eIPs = mCRLIssuingPoints.elements();
 
@@ -1834,7 +1850,7 @@ public class CertificateRepository extends Repository
                                 IRevocationInfo rInfo = certRec.getRevocationInfo();
                                 if (rInfo != null) {
                                     ip.addRevokedCert(certRec.getSerialNumber(),
-                                        new RevokedCertImpl(certRec.getSerialNumber(),
+                                            new RevokedCertImpl(certRec.getSerialNumber(),
                                                             rInfo.getRevocationDate(),
                                                             rInfo.getCRLEntryExtensions()));
                                 }
@@ -1851,16 +1867,16 @@ public class CertificateRepository extends Repository
         }
     }
 
-
     /**
-     * Checks if the presented certificate belongs to the repository
-     * and is revoked.
-     *
-     * @param cert	certificate to verify.
-     * @return RevocationInfo if the presented certificate is revoked otherwise null.
+     * Checks if the presented certificate belongs to the repository and is
+     * revoked.
+     * 
+     * @param cert certificate to verify.
+     * @return RevocationInfo if the presented certificate is revoked otherwise
+     *         null.
      */
     public RevocationInfo isCertificateRevoked(X509CertImpl cert)
-        throws EBaseException {
+            throws EBaseException {
         RevocationInfo info = null;
 
         // 615932
@@ -1885,8 +1901,8 @@ public class CertificateRepository extends Repository
                     }
 
                     if (certEncoded != null &&
-                        repCertEncoded != null &&
-                        certEncoded.length == repCertEncoded.length) {
+                            repCertEncoded != null &&
+                            certEncoded.length == repCertEncoded.length) {
                         int i;
 
                         for (i = 0; i < certEncoded.length; i++) {
@@ -1905,15 +1921,14 @@ public class CertificateRepository extends Repository
     }
 
     public void shutdown() {
-        //if (mCertStatusUpdateThread != null) 
-        //        mCertStatusUpdateThread.destroy();
+        // if (mCertStatusUpdateThread != null)
+        // mCertStatusUpdateThread.destroy();
 
-        //if (mRetrieveModificationsThread != null) 
-        //        mRetrieveModificationsThread.destroy();
+        // if (mRetrieveModificationsThread != null)
+        // mRetrieveModificationsThread.destroy();
     }
 }
 
-
 class CertStatusUpdateThread extends Thread {
     CertificateRepository _cr = null;
     IRepository _rr = null;
@@ -1922,7 +1937,7 @@ class CertStatusUpdateThread extends Thread {
     CertStatusUpdateThread(CertificateRepository cr, IRepository rr, String name) {
         super(name);
         CMS.debug("new CertStatusUpdateThread");
-        //setName(name);
+        // setName(name);
 
         _cr = cr;
         _rr = rr;
@@ -1965,7 +1980,6 @@ class CertStatusUpdateThread extends Thread {
     }
 }
 
-
 class RetrieveModificationsThread extends Thread {
     CertificateRepository _cr = null;
     LDAPSearchResults _results = null;
@@ -1973,7 +1987,7 @@ class RetrieveModificationsThread extends Thread {
     RetrieveModificationsThread(CertificateRepository cr, String name) {
         super(name);
         CMS.debug("new RetrieveModificationsThread");
-        //setName(name);
+        // setName(name);
 
         _cr = cr;
     }
@@ -1992,7 +2006,7 @@ class RetrieveModificationsThread extends Thread {
                     _cr.getModifications(entry);
                 }
             } catch (LDAPException e) {
-                CMS.debug("LDAPException: "+e.toString());
+                CMS.debug("LDAPException: " + e.toString());
             }
         } else {
             CMS.debug("_results are null");
diff --git a/pki/base/common/src/com/netscape/cmscore/dbs/DBRegistry.java b/pki/base/common/src/com/netscape/cmscore/dbs/DBRegistry.java
index 65b1039d..21974918 100644
--- a/pki/base/common/src/com/netscape/cmscore/dbs/DBRegistry.java
+++ b/pki/base/common/src/com/netscape/cmscore/dbs/DBRegistry.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cmscore.dbs;
 
-
 import java.util.Enumeration;
 import java.util.Hashtable;
 import java.util.Iterator;
@@ -37,22 +36,18 @@ import com.netscape.certsrv.dbs.IDBObj;
 import com.netscape.certsrv.dbs.IDBRegistry;
 import com.netscape.certsrv.dbs.IFilterConverter;
 import com.netscape.certsrv.logging.ILogger;
- 
 
 /**
- * A class represents a registry where all the
- * schema (object classes and attribute) information 
- * is stored.
- *
- * Attribute mappers can be registered with this
- * registry.
- *
- * Given the schema information stored, this registry
- * has knowledge to convert a Java object into a
- * LDAPAttributeSet or vice versa.
- *
+ * A class represents a registry where all the schema (object classes and
+ * attribute) information is stored.
+ * 
+ * Attribute mappers can be registered with this registry.
+ * 
+ * Given the schema information stored, this registry has knowledge to convert a
+ * Java object into a LDAPAttributeSet or vice versa.
+ * 
  * @author thomask
- * @version $Revision$, $Date$ 
+ * @version $Revision$, $Date$
  */
 public class DBRegistry implements IDBRegistry, ISubsystem {
 
@@ -79,25 +74,24 @@ public class DBRegistry implements IDBRegistry, ISubsystem {
     }
 
     /**
-     * Sets subsystem identifier. This is an internal
-     * subsystem, and is not loadable.
+     * Sets subsystem identifier. This is an internal subsystem, and is not
+     * loadable.
      */
     public void setId(String id) throws EBaseException {
         throw new EBaseException(CMS.getUserMessage("CMS_BASE_INVALID_OPERATION"));
     }
 
     /**
-     * Initializes the internal registery. Connects to the 
-     * data source, and create a pool of connection of which 
-     * applications can use. Optionally, check the integrity
-     * of the database.
+     * Initializes the internal registery. Connects to the data source, and
+     * create a pool of connection of which applications can use. Optionally,
+     * check the integrity of the database.
      */
-    public void init(ISubsystem owner, IConfigStore config) 
-        throws EBaseException {
+    public void init(ISubsystem owner, IConfigStore config)
+            throws EBaseException {
         mConfig = config;
         mConverter = new LdapFilterConverter(mAttrufNames);
     }
-	
+
     /**
      * Retrieves configuration store.
      */
@@ -128,24 +122,27 @@ public class DBRegistry implements IDBRegistry, ISubsystem {
      * Registers object class.
      */
     public void registerObjectClass(String className, String ldapNames[])
-        throws EDBException {
+            throws EDBException {
         try {
             Class<?> c = Class.forName(className);
 
             mOCclassNames.put(className, ldapNames);
             mOCldapNames.put(sortAndConcate(
-                    ldapNames).toLowerCase(), 
-                new NameAndObject(className, c));
+                    ldapNames).toLowerCase(),
+                    new NameAndObject(className, c));
         } catch (ClassNotFoundException e) {
 
-            /*LogDoc
-             *
+            /*
+             * LogDoc
+             * 
              * @phase db startup
+             * 
              * @reason failed to register object class
+             * 
              * @message DBRegistry: <exception thrown>
              */
             mLogger.log(ILogger.EV_SYSTEM, ILogger.S_DB,
-                ILogger.LL_FAILURE, CMS.getLogMessage("OPERATION_ERROR", e.toString()));
+                    ILogger.LL_FAILURE, CMS.getLogMessage("OPERATION_ERROR", e.toString()));
             throw new EDBException(
                     CMS.getUserMessage("CMS_DBS_INVALID_CLASS_NAME", className));
         }
@@ -161,8 +158,8 @@ public class DBRegistry implements IDBRegistry, ISubsystem {
     /**
      * Registers attribute mapper.
      */
-    public void registerAttribute(String ufName, IDBAttrMapper mapper) 
-        throws EDBException {
+    public void registerAttribute(String ufName, IDBAttrMapper mapper)
+            throws EDBException {
         // should not allows 'objectclass' as attribute; it has
         // special meaning
         mAttrufNames.put(ufName.toLowerCase(), mapper);
@@ -180,9 +177,9 @@ public class DBRegistry implements IDBRegistry, ISubsystem {
     }
 
     /**
-     * Creates LDAP-based search filters with help of
-     * registered mappers.
-     * Parses filter from filter string specified in RFC1558.
+     * Creates LDAP-based search filters with help of registered mappers. Parses
+     * filter from filter string specified in RFC1558.
+     * 
      * <pre>
      * <filter> ::= '(' <filtercomp> ')'
      * <filtercomp> ::= <and> | <or> | <not> | <item>
@@ -209,37 +206,37 @@ public class DBRegistry implements IDBRegistry, ISubsystem {
         return getFilter(filter, mConverter);
     }
 
-    public String getFilter(String filter, IFilterConverter c) 
-        throws EBaseException {
+    public String getFilter(String filter, IFilterConverter c)
+            throws EBaseException {
         String f = filter;
 
         f = f.trim();
         if (f.startsWith("(") && f.endsWith(")")) {
-            return "(" + getFilterComp(f.substring(1, 
+            return "(" + getFilterComp(f.substring(1,
                         f.length() - 1), c) + ")";
         } else {
             return getFilterComp(filter, c);
         }
     }
 
-    private String getFilterComp(String f, IFilterConverter c) 
-        throws EBaseException {
+    private String getFilterComp(String f, IFilterConverter c)
+            throws EBaseException {
         f = f.trim();
-        if (f.startsWith("&")) {        // AND operation
-            return "&" + getFilterList(f.substring(1, 
+        if (f.startsWith("&")) { // AND operation
+            return "&" + getFilterList(f.substring(1,
                         f.length()), c);
         } else if (f.startsWith("|")) { // OR operation
-            return "|" + getFilterList(f.substring(1, 
+            return "|" + getFilterList(f.substring(1,
                         f.length()), c);
         } else if (f.startsWith("!")) { // NOT operation
             return "!" + getFilter(f.substring(1, f.length()), c);
-        } else {                        // item
+        } else { // item
             return getFilterItem(f, c);
         }
     }
-	
-    private String getFilterList(String f, IFilterConverter c) 
-        throws EBaseException {
+
+    private String getFilterList(String f, IFilterConverter c)
+            throws EBaseException {
         f = f.trim();
         int level = 0;
         int start = 0;
@@ -274,8 +271,8 @@ public class DBRegistry implements IDBRegistry, ISubsystem {
     /**
      * So, here we need to separate item into name, op, value.
      */
-    private String getFilterItem(String f, IFilterConverter c) 
-        throws EBaseException {
+    private String getFilterItem(String f, IFilterConverter c)
+            throws EBaseException {
         f = f.trim();
         int idx = f.indexOf('=');
 
@@ -318,7 +315,7 @@ public class DBRegistry implements IDBRegistry, ISubsystem {
         if (value.indexOf('*') == -1) {
             if (type.equals("objectclass")) {
                 String ldapNames[] = (String[])
-                    mOCclassNames.get(value);
+                        mOCclassNames.get(value);
 
                 if (ldapNames == null)
                     throw new EDBException(
@@ -326,8 +323,8 @@ public class DBRegistry implements IDBRegistry, ISubsystem {
                 String filter = "";
 
                 for (int g = 0; g < ldapNames.length; g++) {
-                    filter += "(objectclass=" + 
-                            ldapNames[g] + ")";	
+                    filter += "(objectclass=" +
+                            ldapNames[g] + ")";
                 }
                 return "&" + filter;
             } else {
@@ -341,27 +338,26 @@ public class DBRegistry implements IDBRegistry, ISubsystem {
     /**
      * Maps object into LDAP attribute set.
      */
-    public void mapObject(IDBObj parent, String name, Object obj, 
-        LDAPAttributeSet attrs) throws EBaseException {
+    public void mapObject(IDBObj parent, String name, Object obj,
+            LDAPAttributeSet attrs) throws EBaseException {
         IDBAttrMapper mapper = (IDBAttrMapper) mAttrufNames.get(
                 name.toLowerCase());
 
         if (mapper == null) {
             return; // no mapper found, just skip this attribute
-        }	
+        }
         mapper.mapObjectToLDAPAttributeSet(parent, name, obj, attrs);
     }
 
     /**
-     * Retrieves a list of LDAP attributes that are associated
-     * with the given attributes.
-     * This method is used for searches, to map the database attributes
-     * to LDAP attributes.
+     * Retrieves a list of LDAP attributes that are associated with the given
+     * attributes. This method is used for searches, to map the database
+     * attributes to LDAP attributes.
      */
-    public String[] getLDAPAttributes(String attrs[]) 
-        throws EBaseException {
+    public String[] getLDAPAttributes(String attrs[])
+            throws EBaseException {
         IDBAttrMapper mapper;
-	    
+
         if (attrs == null)
             return null;
         Vector<String> v = new Vector<String>();
@@ -391,10 +387,9 @@ public class DBRegistry implements IDBRegistry, ISubsystem {
             } else {
                 IDBDynAttrMapper matchingDynAttrMapper = null;
                 // check if a dynamic mapper can handle the attribute
-                for (Iterator<IDBDynAttrMapper> dynMapperIter = mDynAttrMappers.iterator();
-                     dynMapperIter.hasNext();) {
+                for (Iterator<IDBDynAttrMapper> dynMapperIter = mDynAttrMappers.iterator(); dynMapperIter.hasNext();) {
                     IDBDynAttrMapper dynAttrMapper =
-                            (IDBDynAttrMapper)dynMapperIter.next();
+                            (IDBDynAttrMapper) dynMapperIter.next();
                     if (dynAttrMapper.supportsLDAPAttributeName(attrs[i])) {
                         matchingDynAttrMapper = dynAttrMapper;
                         break;
@@ -403,14 +398,17 @@ public class DBRegistry implements IDBRegistry, ISubsystem {
                 if (matchingDynAttrMapper != null) {
                     v.addElement(attrs[i]);
                 } else {
-                    /*LogDoc
-                     *
+                    /*
+                     * LogDoc
+                     * 
                      * @phase retrieve ldap attr
+                     * 
                      * @reason failed to get registered object class
+                     * 
                      * @message DBRegistry: <attr> is not registered
                      */
                     mLogger.log(ILogger.EV_SYSTEM, ILogger.S_DB,
-                        ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_DBS_ATTR_NOT_REGISTER", attrs[i]));
+                            ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_DBS_ATTR_NOT_REGISTER", attrs[i]));
                     throw new EDBException(CMS.getLogMessage("CMSCORE_DBS_ATTR_NOT_REGISTER", attrs[i]));
                 }
             }
@@ -427,8 +425,8 @@ public class DBRegistry implements IDBRegistry, ISubsystem {
     /**
      * Creates attribute set from object.
      */
-    public LDAPAttributeSet createLDAPAttributeSet(IDBObj obj) 
-        throws EBaseException {
+    public LDAPAttributeSet createLDAPAttributeSet(IDBObj obj)
+            throws EBaseException {
         Enumeration<String> e = obj.getSerializableAttrNames();
         LDAPAttributeSet attrs = new LDAPAttributeSet();
 
@@ -453,17 +451,17 @@ public class DBRegistry implements IDBRegistry, ISubsystem {
      * Creates object from attribute set.
      */
     public IDBObj createObject(LDAPAttributeSet attrs)
-        throws EBaseException {
+            throws EBaseException {
         // map object class attribute to object
         LDAPAttribute attr = attrs.getAttribute("objectclass");
 
-        //CMS.debug("createObject: attrs " + attrs.toString());
+        // CMS.debug("createObject: attrs " + attrs.toString());
 
         attrs.remove("objectclass");
 
         // sort the object class values
         @SuppressWarnings("unchecked")
-		Enumeration<String> vals = attr.getStringValues();
+        Enumeration<String> vals = attr.getStringValues();
         Vector<String> v = new Vector<String>();
 
         while (vals.hasMoreElements()) {
@@ -488,27 +486,30 @@ public class DBRegistry implements IDBRegistry, ISubsystem {
             while (ee.hasMoreElements()) {
                 String oname = (String) ee.nextElement();
                 IDBAttrMapper mapper = (IDBAttrMapper)
-                    mAttrufNames.get(
-                        oname.toLowerCase());
+                        mAttrufNames.get(
+                                oname.toLowerCase());
 
                 if (mapper == null) {
                     throw new EDBException(
                             CMS.getUserMessage("CMS_DBS_NO_MAPPER_FOUND", oname));
                 }
-                mapper.mapLDAPAttributeSetToObject(attrs, 
-                    oname, obj);
+                mapper.mapLDAPAttributeSetToObject(attrs,
+                        oname, obj);
             }
             return obj;
         } catch (Exception e) {
 
-            /*LogDoc
-             *
+            /*
+             * LogDoc
+             * 
              * @phase create ldap attr
+             * 
              * @reason failed to create object class
+             * 
              * @message DBRegistry: <attr> is not registered
              */
             mLogger.log(ILogger.EV_SYSTEM, ILogger.S_DB,
-                ILogger.LL_FAILURE, CMS.getLogMessage("OPERATION_ERROR", e.toString()));
+                    ILogger.LL_FAILURE, CMS.getLogMessage("OPERATION_ERROR", e.toString()));
             throw new EDBException(CMS.getUserMessage("CMS_DBS_INVALID_ATTRS"));
         }
     }
@@ -543,7 +544,6 @@ public class DBRegistry implements IDBRegistry, ISubsystem {
     }
 }
 
-
 /**
  * Just a convenient container class.
  */
@@ -556,7 +556,7 @@ class NameAndObject {
         mN = name;
         mO = o;
     }
-	
+
     public String getName() {
         return mN;
     }
diff --git a/pki/base/common/src/com/netscape/cmscore/dbs/DBSSession.java b/pki/base/common/src/com/netscape/cmscore/dbs/DBSSession.java
index 5b081d6c..b2a3b17f 100644
--- a/pki/base/common/src/com/netscape/cmscore/dbs/DBSSession.java
+++ b/pki/base/common/src/com/netscape/cmscore/dbs/DBSSession.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cmscore.dbs;
 
-
 import java.util.Enumeration;
 
 import netscape.ldap.LDAPAttribute;
@@ -47,14 +46,12 @@ import com.netscape.certsrv.dbs.Modification;
 import com.netscape.certsrv.dbs.ModificationSet;
 import com.netscape.certsrv.logging.ILogger;
 
-
 /**
- * A class represents the database session. Operations
- * can be performed with a session.
- *
- * Transaction and Caching support can be integrated
- * into session.
- *
+ * A class represents the database session. Operations can be performed with a
+ * session.
+ * 
+ * Transaction and Caching support can be integrated into session.
+ * 
  * @author thomask
  * @version $Revision$, $Date$
  */
@@ -66,7 +63,7 @@ public class DBSSession implements IDBSSession {
 
     /**
      * Constructs a database session.
-     *
+     * 
      * @param system the database subsytem
      * @param c the ldap connection
      */
@@ -75,7 +72,7 @@ public class DBSSession implements IDBSSession {
         mConn = c;
         try {
             // no limit
-            mConn.setOption(LDAPv2.SIZELIMIT, Integer.valueOf(0)); 
+            mConn.setOption(LDAPv2.SIZELIMIT, Integer.valueOf(0));
         } catch (LDAPException e) {
         }
     }
@@ -97,28 +94,31 @@ public class DBSSession implements IDBSSession {
 
     /**
      * Adds object to backend database. For example,
+     * 
      * <PRE>
-     *    session.add("cn=123459,o=certificate repository,o=airius.com",
-     * 			certRec);
+     * session.add(&quot;cn=123459,o=certificate repository,o=airius.com&quot;,
+     *             certRec);
      * </PRE>
-     *
+     * 
      * @param name the name of the ldap entry
      * @param obj the DBobj that can be mapped to ldap attrubute set
      */
     public void add(String name, IDBObj obj) throws EBaseException {
         try {
             LDAPAttributeSet attrs = mDBSystem.getRegistry(
-                ).createLDAPAttributeSet(obj);
+                    ).createLDAPAttributeSet(obj);
             LDAPEntry e = new LDAPEntry(name, attrs);
 
-            /*LogDoc
-             *
+            /*
+             * LogDoc
+             * 
              * @phase local ldap add
+             * 
              * @message DBSSession: begin LDAP add <entry>
              */
             mConn.add(e);
         } catch (LDAPException e) {
-            if (e.getLDAPResultCode() == LDAPException.UNAVAILABLE) 
+            if (e.getLDAPResultCode() == LDAPException.UNAVAILABLE)
                 throw new EDBNotAvailException(
                         CMS.getUserMessage("CMS_DBS_INTERNAL_DIR_UNAVAILABLE"));
             throw new EDBException(CMS.getUserMessage("CMS_DBS_LDAP_OP_FAILURE",
@@ -127,9 +127,8 @@ public class DBSSession implements IDBSSession {
     }
 
     /**
-     * Reads an object from the database.
-     * all attributes will be returned
-     *
+     * Reads an object from the database. all attributes will be returned
+     * 
      * @param name the name of the ldap entry
      */
     public IDBObj read(String name) throws EBaseException {
@@ -137,14 +136,14 @@ public class DBSSession implements IDBSSession {
     }
 
     /**
-     * Reads an object from the database, and only populates
-     * the selected attributes.
-     *
+     * Reads an object from the database, and only populates the selected
+     * attributes.
+     * 
      * @param name the name of the ldap entry
      * @param attrs the attributes to be selected
      */
     public IDBObj read(String name, String attrs[])
-        throws EBaseException {
+            throws EBaseException {
         try {
             String ldapattrs[] = null;
 
@@ -153,9 +152,11 @@ public class DBSSession implements IDBSSession {
                         ).getLDAPAttributes(attrs);
             }
 
-            /*LogDoc
-             *
+            /*
+             * LogDoc
+             * 
              * @phase local ldap read
+             * 
              * @message DBSSession: begin LDAP read <entry>
              */
             LDAPSearchResults res = mConn.search(name,
@@ -167,16 +168,18 @@ public class DBSSession implements IDBSSession {
                     entry.getAttributeSet());
         } catch (LDAPException e) {
 
-            /*LogDoc
-             *
+            /*
+             * LogDoc
+             * 
              * @phase local ldap read
+             * 
              * @message DBSSession: <exception thrown>
              */
             mLogger.log(ILogger.EV_SYSTEM, ILogger.S_DB, ILogger.LL_INFO, "DBSSession: " + e.toString());
-            if (e.getLDAPResultCode() == LDAPException.UNAVAILABLE) 
+            if (e.getLDAPResultCode() == LDAPException.UNAVAILABLE)
                 throw new EDBNotAvailException(
                         CMS.getUserMessage("CMS_DBS_INTERNAL_DIR_UNAVAILABLE"));
-            if (e.getLDAPResultCode() == LDAPException.NO_SUCH_OBJECT) 
+            if (e.getLDAPResultCode() == LDAPException.NO_SUCH_OBJECT)
                 throw new EDBRecordNotFoundException(
                         CMS.getUserMessage("CMS_DBS_RECORD_NOT_FOUND"));
             throw new EDBException(CMS.getUserMessage("CMS_DBS_LDAP_OP_FAILURE",
@@ -191,7 +194,7 @@ public class DBSSession implements IDBSSession {
         try {
             mConn.delete(name);
         } catch (LDAPException e) {
-            if (e.getLDAPResultCode() == LDAPException.UNAVAILABLE) 
+            if (e.getLDAPResultCode() == LDAPException.UNAVAILABLE)
                 throw new EDBNotAvailException(
                         CMS.getUserMessage("CMS_DBS_INTERNAL_DIR_UNAVAILABLE"));
             throw new EDBException(CMS.getUserMessage("CMS_DBS_LDAP_OP_FAILURE",
@@ -203,36 +206,38 @@ public class DBSSession implements IDBSSession {
      * Modify an object in the database.
      */
     public void modify(String name, ModificationSet mods)
-        throws EBaseException {
+            throws EBaseException {
         try {
             LDAPModificationSet ldapMods = new
-                LDAPModificationSet();
+                    LDAPModificationSet();
             Enumeration<?> e = mods.getModifications();
 
             while (e.hasMoreElements()) {
                 Modification mod = (Modification)
-                    e.nextElement();
+                        e.nextElement();
                 LDAPAttributeSet attrs = new LDAPAttributeSet();
 
                 mDBSystem.getRegistry().mapObject(null,
-                    mod.getName(), mod.getValue(), attrs);
+                        mod.getName(), mod.getValue(), attrs);
                 Enumeration<?> e0 = attrs.getAttributes();
 
                 while (e0.hasMoreElements()) {
                     ldapMods.add(toLdapModOp(mod.getOp()),
-                        (LDAPAttribute)
-                        e0.nextElement());
+                            (LDAPAttribute)
+                            e0.nextElement());
                 }
             }
 
-            /*LogDoc
-             *
+            /*
+             * LogDoc
+             * 
              * @phase local ldap add
+             * 
              * @message DBSSession: begin LDAP modify <entry>
              */
             mConn.modify(name, ldapMods);
         } catch (LDAPException e) {
-            if (e.getLDAPResultCode() == LDAPException.UNAVAILABLE) 
+            if (e.getLDAPResultCode() == LDAPException.UNAVAILABLE)
                 throw new EDBNotAvailException(
                         CMS.getUserMessage("CMS_DBS_INTERNAL_DIR_UNAVAILABLE"));
             throw new EDBException(CMS.getUserMessage("CMS_DBS_LDAP_OP_FAILURE",
@@ -256,20 +261,19 @@ public class DBSSession implements IDBSSession {
     }
 
     /**
-     * Searchs for a list of objects that match the
-     * filter.
+     * Searchs for a list of objects that match the filter.
      */
     public IDBSearchResults search(String base, String filter)
-        throws EBaseException {
+            throws EBaseException {
         return search(base, filter, null);
     }
 
     public IDBSearchResults search(String base, String filter, int maxSize)
-        throws EBaseException {
+            throws EBaseException {
         try {
             String ldapattrs[] = null;
             String ldapfilter =
-                mDBSystem.getRegistry().getFilter(filter);
+                    mDBSystem.getRegistry().getFilter(filter);
 
             LDAPSearchConstraints cons = new LDAPSearchConstraints();
 
@@ -281,22 +285,22 @@ public class DBSSession implements IDBSSession {
             return new DBSearchResults(mDBSystem.getRegistry(),
                     res);
         } catch (LDAPException e) {
-            if (e.getLDAPResultCode() == LDAPException.UNAVAILABLE) 
+            if (e.getLDAPResultCode() == LDAPException.UNAVAILABLE)
                 throw new EDBNotAvailException(
                         CMS.getUserMessage("CMS_DBS_INTERNAL_DIR_UNAVAILABLE"));
-                // XXX error handling, should not raise exception if
-                // entry not found
+            // XXX error handling, should not raise exception if
+            // entry not found
             throw new EDBException(CMS.getUserMessage("CMS_DBS_LDAP_OP_FAILURE",
                         e.toString()));
         }
     }
 
     public IDBSearchResults search(String base, String filter, int maxSize, int timeLimit)
-        throws EBaseException {
+            throws EBaseException {
         try {
             String ldapattrs[] = null;
             String ldapfilter =
-                mDBSystem.getRegistry().getFilter(filter);
+                    mDBSystem.getRegistry().getFilter(filter);
 
             LDAPSearchConstraints cons = new LDAPSearchConstraints();
 
@@ -309,22 +313,21 @@ public class DBSSession implements IDBSSession {
             return new DBSearchResults(mDBSystem.getRegistry(),
                     res);
         } catch (LDAPException e) {
-            if (e.getLDAPResultCode() == LDAPException.UNAVAILABLE) 
+            if (e.getLDAPResultCode() == LDAPException.UNAVAILABLE)
                 throw new EDBNotAvailException(
                         CMS.getUserMessage("CMS_DBS_INTERNAL_DIR_UNAVAILABLE"));
-                // XXX error handling, should not raise exception if
-                // entry not found
+            // XXX error handling, should not raise exception if
+            // entry not found
             throw new EDBException(CMS.getUserMessage("CMS_DBS_LDAP_OP_FAILURE",
                         e.toString()));
         }
     }
 
     /**
-     * Retrieves a list of object that satifies the given
-     * filter.
+     * Retrieves a list of object that satifies the given filter.
      */
     public IDBSearchResults search(String base, String filter,
-        String attrs[]) throws EBaseException {
+            String attrs[]) throws EBaseException {
         try {
             String ldapattrs[] = null;
 
@@ -333,35 +336,37 @@ public class DBSSession implements IDBSSession {
                         ).getLDAPAttributes(attrs);
             }
             String ldapfilter =
-                mDBSystem.getRegistry().getFilter(filter);
+                    mDBSystem.getRegistry().getFilter(filter);
 
-            /*LogDoc
-             *
+            /*
+             * LogDoc
+             * 
              * @phase local ldap add
+             * 
              * @message DBSSession: begin LDAP search <filter>
              */
             LDAPSearchConstraints cons = new LDAPSearchConstraints();
 
-            cons.setMaxResults(0);            
-			
+            cons.setMaxResults(0);
+
             LDAPSearchResults res = mConn.search(base,
                     LDAPv2.SCOPE_ONE, ldapfilter, ldapattrs, false, cons);
 
             return new DBSearchResults(mDBSystem.getRegistry(),
                     res);
         } catch (LDAPException e) {
-            if (e.getLDAPResultCode() == LDAPException.UNAVAILABLE) 
+            if (e.getLDAPResultCode() == LDAPException.UNAVAILABLE)
                 throw new EDBNotAvailException(
                         CMS.getUserMessage("CMS_DBS_INTERNAL_DIR_UNAVAILABLE"));
-                // XXX error handling, should not raise exception if
-                // entry not found
+            // XXX error handling, should not raise exception if
+            // entry not found
             throw new EDBException(CMS.getUserMessage("CMS_DBS_LDAP_OP_FAILURE",
                         e.toString()));
         }
     }
 
     public LDAPSearchResults persistentSearch(String base, String filter, String attrs[])
-        throws EBaseException {
+            throws EBaseException {
         try {
             String ldapattrs[] = null;
             if (attrs != null) {
@@ -369,11 +374,11 @@ public class DBSSession implements IDBSSession {
                         ).getLDAPAttributes(attrs);
             }
             String ldapfilter =
-                mDBSystem.getRegistry().getFilter(filter);
+                    mDBSystem.getRegistry().getFilter(filter);
 
-            Integer version = (Integer)(mConn.getOption(LDAPv2.PROTOCOL_VERSION));
+            Integer version = (Integer) (mConn.getOption(LDAPv2.PROTOCOL_VERSION));
 
-            // Only version 3 protocol supports persistent search. 
+            // Only version 3 protocol supports persistent search.
             if (version.intValue() == 2) {
                 mConn.setOption(LDAPv2.PROTOCOL_VERSION, Integer.valueOf(3));
             }
@@ -384,22 +389,22 @@ public class DBSSession implements IDBSSession {
             boolean returnControls = true;
             boolean isCritical = true;
             LDAPPersistSearchControl persistCtrl = new
-              LDAPPersistSearchControl( op, changesOnly,
-              returnControls, isCritical );
+                    LDAPPersistSearchControl(op, changesOnly,
+                            returnControls, isCritical);
 
             LDAPSearchConstraints cons = new LDAPSearchConstraints();
             cons.setBatchSize(0);
-            cons.setServerControls( persistCtrl );
+            cons.setServerControls(persistCtrl);
 
             LDAPSearchResults res = mConn.search(base,
                     LDAPv2.SCOPE_ONE, ldapfilter, ldapattrs, false, cons);
             return res;
         } catch (LDAPException e) {
-            if (e.getLDAPResultCode() == LDAPException.UNAVAILABLE) 
+            if (e.getLDAPResultCode() == LDAPException.UNAVAILABLE)
                 throw new EDBNotAvailException(
                         CMS.getUserMessage("CMS_DBS_INTERNAL_DIR_UNAVAILABLE"));
-                // XXX error handling, should not raise exception if
-                // entry not found
+            // XXX error handling, should not raise exception if
+            // entry not found
             throw new EDBException(CMS.getUserMessage("CMS_DBS_LDAP_OP_FAILURE",
                         e.toString()));
         }
@@ -409,7 +414,7 @@ public class DBSSession implements IDBSSession {
      * Retrieves a list of objects.
      */
     public <T> IDBVirtualList<T> createVirtualList(String base, String filter,
-        String attrs[]) throws EBaseException {
+            String attrs[]) throws EBaseException {
         return new DBVirtualList<T>(mDBSystem.getRegistry(), mConn, base,
                 filter, attrs);
     }
@@ -418,7 +423,7 @@ public class DBSSession implements IDBSSession {
      * Retrieves a list of objects.
      */
     public <T> IDBVirtualList<T> createVirtualList(String base, String filter,
-        String attrs[], String sortKey[]) throws EBaseException {
+            String attrs[], String sortKey[]) throws EBaseException {
         return new DBVirtualList<T>(mDBSystem.getRegistry(), mConn, base,
                 filter, attrs, sortKey);
     }
@@ -427,7 +432,7 @@ public class DBSSession implements IDBSSession {
      * Retrieves a list of objects.
      */
     public IDBVirtualList<?> createVirtualList(String base, String filter,
-        String attrs[], String sortKey) throws EBaseException {
+            String attrs[], String sortKey) throws EBaseException {
         return new DBVirtualList<Object>(mDBSystem.getRegistry(), mConn, base,
                 filter, attrs, sortKey);
     }
@@ -436,7 +441,7 @@ public class DBSSession implements IDBSSession {
      * Retrieves a list of objects.
      */
     public IDBVirtualList<?> createVirtualList(String base, String filter,
-        String attrs[], String sortKey[], int pageSize) throws EBaseException {
+            String attrs[], String sortKey[], int pageSize) throws EBaseException {
         return new DBVirtualList<Object>(mDBSystem.getRegistry(), mConn, base,
                 filter, attrs, sortKey, pageSize);
     }
@@ -445,21 +450,21 @@ public class DBSSession implements IDBSSession {
      * Retrieves a list of objects.
      */
     public IDBVirtualList<?> createVirtualList(String base, String filter,
-        String attrs[], String sortKey, int pageSize) throws EBaseException {
+            String attrs[], String sortKey, int pageSize) throws EBaseException {
         return new DBVirtualList<Object>(mDBSystem.getRegistry(), mConn, base,
                 filter, attrs, sortKey, pageSize);
     }
 
     public IDBVirtualList<?> createVirtualList(String base, String filter,
-        String attrs[], String startFrom, String sortKey, int pageSize) throws EBaseException {
+            String attrs[], String startFrom, String sortKey, int pageSize) throws EBaseException {
         return new DBVirtualList<Object>(mDBSystem.getRegistry(), mConn, base,
                 filter, attrs, startFrom, sortKey, pageSize);
 
     }
 
     /**
-     * Releases object to this interface. This allows us to
-     * use memory more efficiently.
+     * Releases object to this interface. This allows us to use memory more
+     * efficiently.
      */
     public void release(Object obj) {
         // not implemented
diff --git a/pki/base/common/src/com/netscape/cmscore/dbs/DBSUtil.java b/pki/base/common/src/com/netscape/cmscore/dbs/DBSUtil.java
index 123fb847..e18906ff 100644
--- a/pki/base/common/src/com/netscape/cmscore/dbs/DBSUtil.java
+++ b/pki/base/common/src/com/netscape/cmscore/dbs/DBSUtil.java
@@ -17,16 +17,12 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cmscore.dbs;
 
-
-
-
 /**
- * A class represents ann attribute mapper that maps
- * a Java BigInteger object into LDAP attribute,
- * and vice versa.
- *
+ * A class represents ann attribute mapper that maps a Java BigInteger object
+ * into LDAP attribute, and vice versa.
+ * 
  * @author thomask
- * @version $Revision$, $Date$ 
+ * @version $Revision$, $Date$
  */
 public class DBSUtil {
 
diff --git a/pki/base/common/src/com/netscape/cmscore/dbs/DBSearchResults.java b/pki/base/common/src/com/netscape/cmscore/dbs/DBSearchResults.java
index 8b5098dc..1fadbbf5 100644
--- a/pki/base/common/src/com/netscape/cmscore/dbs/DBSearchResults.java
+++ b/pki/base/common/src/com/netscape/cmscore/dbs/DBSearchResults.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cmscore.dbs;
 
-
 import java.util.Enumeration;
 
 import netscape.ldap.LDAPEntry;
@@ -27,15 +26,13 @@ import com.netscape.certsrv.apps.CMS;
 import com.netscape.certsrv.dbs.IDBRegistry;
 import com.netscape.certsrv.dbs.IDBSearchResults;
 import com.netscape.certsrv.logging.ILogger;
- 
 
 /**
- * A class represents the search results. A search
- * results object contain a enumeration of
- * Java objects that are just read from the database.
- *
+ * A class represents the search results. A search results object contain a
+ * enumeration of Java objects that are just read from the database.
+ * 
  * @author thomask
- * @version $Revision$, $Date$ 
+ * @version $Revision$, $Date$
  */
 public class DBSearchResults implements IDBSearchResults {
 
@@ -71,24 +68,27 @@ public class DBSearchResults implements IDBSearchResults {
                 entry = (LDAPEntry) o;
                 return mRegistry.createObject(entry.getAttributeSet());
             } else {
-                if (o instanceof LDAPException) 
+                if (o instanceof LDAPException)
                     ;
-                    // doing nothing because the last object in the search
-                    // results is always LDAPException
+                // doing nothing because the last object in the search
+                // results is always LDAPException
                 else
                     mLogger.log(ILogger.EV_SYSTEM, ILogger.S_DB,
-                      ILogger.LL_FAILURE, "DBSearchResults: result format error class=" + o.getClass().getName());
+                            ILogger.LL_FAILURE, "DBSearchResults: result format error class=" + o.getClass().getName());
             }
         } catch (Exception e) {
 
-            /*LogDoc
-             *
+            /*
+             * LogDoc
+             * 
              * @phase local ldap search
+             * 
              * @reason failed to get next element
+             * 
              * @message DBSearchResults: <exception thrown>
              */
             mLogger.log(ILogger.EV_SYSTEM, ILogger.S_DB,
-                ILogger.LL_FAILURE, "DBSearchResults: " + e.toString());
+                    ILogger.LL_FAILURE, "DBSearchResults: " + e.toString());
         }
         return null;
     }
diff --git a/pki/base/common/src/com/netscape/cmscore/dbs/DBSubsystem.java b/pki/base/common/src/com/netscape/cmscore/dbs/DBSubsystem.java
index 3208a23d..16fbecbc 100644
--- a/pki/base/common/src/com/netscape/cmscore/dbs/DBSubsystem.java
+++ b/pki/base/common/src/com/netscape/cmscore/dbs/DBSubsystem.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cmscore.dbs;
 
-
 import java.math.BigInteger;
 import java.util.Hashtable;
 
@@ -53,17 +52,15 @@ import com.netscape.cmscore.ldapconn.LdapAuthInfo;
 import com.netscape.cmscore.ldapconn.LdapBoundConnFactory;
 import com.netscape.cmscore.ldapconn.LdapConnInfo;
 
-
 /**
- * A class represents the database subsystem that manages
- * the backend data storage.
- *
- * This subsystem maintains multiple sessions that allows
- * operations to be performed, and provide a registry
- * where all the schema information is stored.
- *
+ * A class represents the database subsystem that manages the backend data
+ * storage.
+ * 
+ * This subsystem maintains multiple sessions that allows operations to be
+ * performed, and provide a registry where all the schema information is stored.
+ * 
  * @author thomask
- * @version $Revision$, $Date$ 
+ * @version $Revision$, $Date$
  */
 public class DBSubsystem implements IDBSubsystem {
 
@@ -98,40 +95,40 @@ public class DBSubsystem implements IDBSubsystem {
     private static final String KR_DN = "ou=keyRepository, ou=kra";
     private static final String KRA_REQUESTS_DN = "ou=kra, ou=requests";
     private static final String REPLICA_DN = "ou=replica";
-    private static final String PROP_ENABLE_SERIAL_NUMBER_RECOVERY = 
-        "enableSerialNumberRecovery";
+    private static final String PROP_ENABLE_SERIAL_NUMBER_RECOVERY =
+            "enableSerialNumberRecovery";
     // This value is only equal to the next Serial number that the CA's
     // going to issue when cms just start up or it's just set from console.
     // It doesn't record the next serial number at other time when cms's
     // runing not to increase overhead when issuing certs.
-    private static final String PROP_NEXT_SERIAL_NUMBER = 
-        "nextSerialNumber";
-    private static final String PROP_MIN_SERIAL_NUMBER="beginSerialNumber";
+    private static final String PROP_NEXT_SERIAL_NUMBER =
+            "nextSerialNumber";
+    private static final String PROP_MIN_SERIAL_NUMBER = "beginSerialNumber";
     private static final String PROP_MAX_SERIAL_NUMBER = "endSerialNumber";
-    private static final String PROP_NEXT_MIN_SERIAL_NUMBER="nextBeginSerialNumber";
-    private static final String PROP_NEXT_MAX_SERIAL_NUMBER ="nextEndSerialNumber";
-    private static final String PROP_SERIAL_LOW_WATER_MARK="serialLowWaterMark";
-    private static final String PROP_SERIAL_INCREMENT="serialIncrement";
-    private static final String PROP_SERIAL_BASEDN="serialDN";
-    private static final String PROP_SERIAL_RANGE_DN="serialRangeDN";
-
-    private static final String PROP_MIN_REQUEST_NUMBER="beginRequestNumber";
-    private static final String PROP_MAX_REQUEST_NUMBER="endRequestNumber";
-    private static final String PROP_NEXT_MIN_REQUEST_NUMBER="nextBeginRequestNumber";
-    private static final String PROP_NEXT_MAX_REQUEST_NUMBER="nextEndRequestNumber";
-    private static final String PROP_REQUEST_LOW_WATER_MARK="requestLowWaterMark";
-    private static final String PROP_REQUEST_INCREMENT="requestIncrement";
-    private static final String PROP_REQUEST_BASEDN="requestDN";
-    private static final String PROP_REQUEST_RANGE_DN="requestRangeDN";
-
-    private static final String PROP_MIN_REPLICA_NUMBER="beginReplicaNumber";
+    private static final String PROP_NEXT_MIN_SERIAL_NUMBER = "nextBeginSerialNumber";
+    private static final String PROP_NEXT_MAX_SERIAL_NUMBER = "nextEndSerialNumber";
+    private static final String PROP_SERIAL_LOW_WATER_MARK = "serialLowWaterMark";
+    private static final String PROP_SERIAL_INCREMENT = "serialIncrement";
+    private static final String PROP_SERIAL_BASEDN = "serialDN";
+    private static final String PROP_SERIAL_RANGE_DN = "serialRangeDN";
+
+    private static final String PROP_MIN_REQUEST_NUMBER = "beginRequestNumber";
+    private static final String PROP_MAX_REQUEST_NUMBER = "endRequestNumber";
+    private static final String PROP_NEXT_MIN_REQUEST_NUMBER = "nextBeginRequestNumber";
+    private static final String PROP_NEXT_MAX_REQUEST_NUMBER = "nextEndRequestNumber";
+    private static final String PROP_REQUEST_LOW_WATER_MARK = "requestLowWaterMark";
+    private static final String PROP_REQUEST_INCREMENT = "requestIncrement";
+    private static final String PROP_REQUEST_BASEDN = "requestDN";
+    private static final String PROP_REQUEST_RANGE_DN = "requestRangeDN";
+
+    private static final String PROP_MIN_REPLICA_NUMBER = "beginReplicaNumber";
     private static final String PROP_MAX_REPLICA_NUMBER = "endReplicaNumber";
-    private static final String PROP_NEXT_MIN_REPLICA_NUMBER="nextBeginReplicaNumber";
-    private static final String PROP_NEXT_MAX_REPLICA_NUMBER ="nextEndReplicaNumber";
-    private static final String PROP_REPLICA_LOW_WATER_MARK="replicaLowWaterMark";
-    private static final String PROP_REPLICA_INCREMENT="replicaIncrement";
-    private static final String PROP_REPLICA_BASEDN="replicaDN";
-    private static final String PROP_REPLICA_RANGE_DN="replicaRangeDN";
+    private static final String PROP_NEXT_MIN_REPLICA_NUMBER = "nextBeginReplicaNumber";
+    private static final String PROP_NEXT_MAX_REPLICA_NUMBER = "nextEndReplicaNumber";
+    private static final String PROP_REPLICA_LOW_WATER_MARK = "replicaLowWaterMark";
+    private static final String PROP_REPLICA_INCREMENT = "replicaIncrement";
+    private static final String PROP_REPLICA_BASEDN = "replicaDN";
+    private static final String PROP_REPLICA_RANGE_DN = "replicaRangeDN";
 
     private static final String PROP_INFINITE_SERIAL_NUMBER = "1000000000";
     private static final String PROP_INFINITE_REQUEST_NUMBER = "1000000000";
@@ -140,27 +137,27 @@ public class DBSubsystem implements IDBSubsystem {
     private static final String PROP_LDAP = "ldap";
     private static final String PROP_NEXT_RANGE = "nextRange";
     private static final String PROP_ENABLE_SERIAL_MGMT = "enableSerialManagement";
-    
+
     // hash keys
-    private static final String NAME="name";
-    private static final String PROP_MIN="min";
-    private static final String PROP_MIN_NAME="min_name";
+    private static final String NAME = "name";
+    private static final String PROP_MIN = "min";
+    private static final String PROP_MIN_NAME = "min_name";
     private static final String PROP_MAX = "max";
     private static final String PROP_MAX_NAME = "max_name";
-    private static final String PROP_NEXT_MIN="next_min";
-    private static final String PROP_NEXT_MIN_NAME="next_min_name";
+    private static final String PROP_NEXT_MIN = "next_min";
+    private static final String PROP_NEXT_MIN_NAME = "next_min_name";
     private static final String PROP_NEXT_MAX = "next_max";
     private static final String PROP_NEXT_MAX_NAME = "next_max_name";
-    private static final String PROP_LOW_WATER_MARK="lowWaterMark";
-    private static final String PROP_LOW_WATER_MARK_NAME="lowWaterMark_name";
+    private static final String PROP_LOW_WATER_MARK = "lowWaterMark";
+    private static final String PROP_LOW_WATER_MARK_NAME = "lowWaterMark_name";
     private static final String PROP_INCREMENT = "increment";
     private static final String PROP_INCREMENT_NAME = "increment_name";
-    private static final String PROP_RANGE_DN="rangeDN";
+    private static final String PROP_RANGE_DN = "rangeDN";
 
     private static final BigInteger BI_ONE = new BigInteger("1");
 
     private ILogger mLogger = null;
- 
+
     // singleton enforcement
 
     private static IDBSubsystem mInstance = new DBSubsystem();
@@ -170,9 +167,10 @@ public class DBSubsystem implements IDBSubsystem {
     }
 
     /**
-     * This method is used for unit tests.  It allows the underlying instance
-     * to be stubbed out.
-     * @param dbSubsystem  The stubbed out subsystem to override with.
+     * This method is used for unit tests. It allows the underlying instance to
+     * be stubbed out.
+     * 
+     * @param dbSubsystem The stubbed out subsystem to override with.
      */
     public static void setInstance(IDBSubsystem dbSubsystem) {
         mInstance = dbSubsystem;
@@ -191,7 +189,7 @@ public class DBSubsystem implements IDBSubsystem {
      */
     public String getId() {
         return IDBSubsystem.SUB_ID;
-    }	
+    }
 
     /**
      * Sets subsystem identifier.
@@ -214,14 +212,14 @@ public class DBSubsystem implements IDBSubsystem {
         return mEnableSerialMgmt;
     }
 
-    public void setEnableSerialMgmt(boolean v) 
-        throws EBaseException {
+    public void setEnableSerialMgmt(boolean v)
+            throws EBaseException {
         if (v) {
             CMS.debug("DBSubsystem: Enabling Serial Number Management");
         } else {
             CMS.debug("DBSubsystem: Disabling Serial Number Management");
         }
-       
+
         mDBConfig.putBoolean(PROP_ENABLE_SERIAL_MGMT, v);
         IConfigStore rootStore = getOwner().getConfigStore();
         rootStore.commit(false);
@@ -232,30 +230,29 @@ public class DBSubsystem implements IDBSubsystem {
         return mNextSerialConfig;
     }
 
-    public void setNextSerialConfig(BigInteger serial) 
-        throws EBaseException {
+    public void setNextSerialConfig(BigInteger serial)
+            throws EBaseException {
         mLogger.log(ILogger.EV_SYSTEM, ILogger.S_DB,
-            ILogger.LL_INFO, "DBSubsystem: " +
-            "Setting next serial number: 0x" + serial.toString(16));
+                ILogger.LL_INFO, "DBSubsystem: " +
+                        "Setting next serial number: 0x" + serial.toString(16));
         mDBConfig.putString(PROP_NEXT_SERIAL_NUMBER,
-            serial.toString(16));
+                serial.toString(16));
     }
 
     /**
      * Gets minimum serial number limit in config file
-     *
-     * @param repo   repo identifier 
+     * 
+     * @param repo repo identifier
      * @return min serial number
      */
-    public String getMinSerialConfig(int repo)
-    {
+    public String getMinSerialConfig(int repo) {
         return (String) (mRepos[repo]).get(PROP_MIN);
     }
 
     /**
      * Gets maximum serial number limit in config file
-     *
-     * @param repo   repo identifier 
+     * 
+     * @param repo repo identifier
      * @return max serial number
      */
     public String getMaxSerialConfig(int repo) {
@@ -264,41 +261,38 @@ public class DBSubsystem implements IDBSubsystem {
 
     /**
      * Gets minimum serial number limit in next range in config file
-     *
-     * @param repo   repo identifier 
+     * 
+     * @param repo repo identifier
      * @return min serial number in next range
      */
-    public String getNextMinSerialConfig(int repo)
-    {
+    public String getNextMinSerialConfig(int repo) {
         String ret = (String) (mRepos[repo]).get(PROP_NEXT_MIN);
         if (ret.equals("-1")) {
             return null;
-        }
-        else {
+        } else {
             return ret;
         }
     }
 
     /**
      * Gets maximum serial number limit in next range in config file
-     *
-     * @param repo   repo identifier 
+     * 
+     * @param repo repo identifier
      * @return max serial number in next range
      */
     public String getNextMaxSerialConfig(int repo) {
         String ret = (String) (mRepos[repo]).get(PROP_NEXT_MAX);
         if (ret.equals("-1")) {
             return null;
-        }
-        else {
+        } else {
             return ret;
         }
     }
 
     /**
      * Gets low water mark limit in config file
-     *
-     * @param repo   repo identifier 
+     * 
+     * @param repo repo identifier
      * @return low water mark
      */
     public String getLowWaterMarkConfig(int repo) {
@@ -307,28 +301,27 @@ public class DBSubsystem implements IDBSubsystem {
 
     /**
      * Gets range increment for next range in config file
-     *
-     * @param repo   repo identifier 
+     * 
+     * @param repo repo identifier
      * @return range increment
      */
-    public String getIncrementConfig(int repo)
-    {
+    public String getIncrementConfig(int repo) {
         return (String) (mRepos[repo]).get(PROP_INCREMENT);
     }
 
     /**
      * Sets maximum serial number limit in config file
-     *
-     * @param repo   repo identifier 
+     * 
+     * @param repo repo identifier
      * @param serial max serial number
-     * @exception  EBaseException failed to set
+     * @exception EBaseException failed to set
      */
-    public void setMaxSerialConfig(int repo, String serial) 
-        throws EBaseException {
+    public void setMaxSerialConfig(int repo, String serial)
+            throws EBaseException {
         Hashtable h = mRepos[repo];
         CMS.debug("DBSubsystem: Setting max serial number for " + h.get(NAME) + ": " + serial);
 
-        //persist to file
+        // persist to file
         mDBConfig.putString((String) h.get(PROP_MAX_NAME), serial);
         IConfigStore rootStore = getOwner().getConfigStore();
         rootStore.commit(false);
@@ -339,17 +332,17 @@ public class DBSubsystem implements IDBSubsystem {
 
     /**
      * Sets minimum serial number limit in config file
-     *
-     * @param repo   repo identifier 
+     * 
+     * @param repo repo identifier
      * @param serial min serial number
-     * @exception  EBaseException failed to set
+     * @exception EBaseException failed to set
      */
-    public void setMinSerialConfig(int repo, String serial) 
-        throws EBaseException {
+    public void setMinSerialConfig(int repo, String serial)
+            throws EBaseException {
         Hashtable h = mRepos[repo];
         CMS.debug("DBSubsystem: Setting min serial number for " + h.get(NAME) + ": " + serial);
 
-        //persist to file
+        // persist to file
         mDBConfig.putString((String) h.get(PROP_MIN_NAME), serial);
         IConfigStore rootStore = getOwner().getConfigStore();
         rootStore.commit(false);
@@ -360,13 +353,13 @@ public class DBSubsystem implements IDBSubsystem {
 
     /**
      * Sets maximum serial number limit for next range in config file
-     *
-     * @param repo   repo identifier 
+     * 
+     * @param repo repo identifier
      * @param serial max serial number for next range
-     * @exception  EBaseException failed to set
+     * @exception EBaseException failed to set
      */
-    public void setNextMaxSerialConfig(int repo, String serial) 
-        throws EBaseException {
+    public void setNextMaxSerialConfig(int repo, String serial)
+            throws EBaseException {
         Hashtable h = mRepos[repo];
         if (serial == null) {
             CMS.debug("DBSubsystem: Removing next max " + h.get(NAME) + " number");
@@ -387,13 +380,13 @@ public class DBSubsystem implements IDBSubsystem {
 
     /**
      * Sets minimum serial number limit for next range in config file
-     *
-     * @param repo   repo identifier 
+     * 
+     * @param repo repo identifier
      * @param serial min serial number for next range
-     * @exception  EBaseException failed to set
+     * @exception EBaseException failed to set
      */
     public void setNextMinSerialConfig(int repo, String serial)
-        throws EBaseException {
+            throws EBaseException {
         Hashtable h = mRepos[repo];
         if (serial == null) {
             CMS.debug("DBSubsystem: Removing next min " + h.get(NAME) + " number");
@@ -405,19 +398,19 @@ public class DBSubsystem implements IDBSubsystem {
         IConfigStore rootStore = getOwner().getConfigStore();
         rootStore.commit(false);
         if (serial == null) {
-           Object o2 = h.remove(PROP_NEXT_MIN);
+            Object o2 = h.remove(PROP_NEXT_MIN);
         } else {
-           h.put(PROP_NEXT_MIN, serial);
+            h.put(PROP_NEXT_MIN, serial);
         }
         mRepos[repo] = h;
     }
 
     /**
-     * Gets start of next range from database.
-     * Increments the nextRange attribute and allocates
-     * this range to the current instance by creating a pkiRange object.
-     *
-     * @param repo   repo identifier 
+     * Gets start of next range from database. Increments the nextRange
+     * attribute and allocates this range to the current instance by creating a
+     * pkiRange object.
+     * 
+     * @param repo repo identifier
      * @return start of next range
      */
     public String getNextRange(int repo) {
@@ -430,28 +423,29 @@ public class DBSubsystem implements IDBSubsystem {
             String rangeDN = (String) h.get(PROP_RANGE_DN) + "," + mBaseDN;
 
             LDAPEntry entry = conn.read(dn);
-            LDAPAttribute attr =  entry.getAttribute(PROP_NEXT_RANGE);
+            LDAPAttribute attr = entry.getAttribute(PROP_NEXT_RANGE);
             nextRange = (String) attr.getStringValues().nextElement();
 
             BigInteger nextRangeNo = new BigInteger(nextRange);
             BigInteger incrementNo = new BigInteger((String) h.get(PROP_INCREMENT));
-            // To make sure attrNextRange always increments, first delete the current value and then 
-            // increment.  Two operations in the same transaction 
-            LDAPAttribute attrNextRange = new LDAPAttribute(PROP_NEXT_RANGE,  nextRangeNo.add(incrementNo).toString());
-            LDAPModification [] mods = {
-                new LDAPModification( LDAPModification.DELETE, attr), 
-                new LDAPModification( LDAPModification.ADD, attrNextRange ) };
-            conn.modify( dn, mods );
+            // To make sure attrNextRange always increments, first delete the
+            // current value and then
+            // increment. Two operations in the same transaction
+            LDAPAttribute attrNextRange = new LDAPAttribute(PROP_NEXT_RANGE, nextRangeNo.add(incrementNo).toString());
+            LDAPModification[] mods = {
+                    new LDAPModification(LDAPModification.DELETE, attr),
+                    new LDAPModification(LDAPModification.ADD, attrNextRange) };
+            conn.modify(dn, mods);
 
             // Add new range object
             String endRange = nextRangeNo.add(incrementNo).subtract(BI_ONE).toString();
             LDAPAttributeSet attrs = new LDAPAttributeSet();
             attrs.add(new LDAPAttribute("objectClass", "top"));
             attrs.add(new LDAPAttribute("objectClass", "pkiRange"));
-            attrs.add(new LDAPAttribute("beginRange" , nextRange));
-            attrs.add(new LDAPAttribute("endRange" , endRange));
+            attrs.add(new LDAPAttribute("beginRange", nextRange));
+            attrs.add(new LDAPAttribute("endRange", endRange));
             attrs.add(new LDAPAttribute("cn", nextRange));
-            attrs.add(new LDAPAttribute("host",  CMS.getEESSLHost()));
+            attrs.add(new LDAPAttribute("host", CMS.getEESSLHost()));
             attrs.add(new LDAPAttribute("securePort", CMS.getEESSLPort()));
             String dn2 = "cn=" + nextRange + "," + rangeDN;
             LDAPEntry rangeEntry = new LDAPEntry(dn2, attrs);
@@ -462,12 +456,11 @@ public class DBSubsystem implements IDBSubsystem {
             nextRange = null;
         } finally {
             try {
-                if ((conn != null) && (mLdapConnFactory!= null)) {
+                if ((conn != null) && (mLdapConnFactory != null)) {
                     CMS.debug("Releasing ldap connection");
                     mLdapConnFactory.returnConn(conn);
                 }
-            }
-            catch (Exception e) {
+            } catch (Exception e) {
                 CMS.debug("Error releasing the ldap connection" + e.toString());
             }
         }
@@ -475,31 +468,30 @@ public class DBSubsystem implements IDBSubsystem {
     }
 
     /**
-     * Determines if a range conflict has been observed in database.
-     * If so, delete the conflict entry and remove the next range.
-     * When the next number is requested, if the number of certs is still 
-     * below the low water mark, then a new range will be requested.
+     * Determines if a range conflict has been observed in database. If so,
+     * delete the conflict entry and remove the next range. When the next number
+     * is requested, if the number of certs is still below the low water mark,
+     * then a new range will be requested.
      * 
-     * @param repo   repo identifier 
+     * @param repo repo identifier
      * @return true if range conflict, false otherwise
      */
-    public boolean hasRangeConflict(int repo) 
-    {
+    public boolean hasRangeConflict(int repo) {
         LDAPConnection conn = null;
         boolean conflict = false;
         try {
             String nextRangeStart = getNextMinSerialConfig(repo);
-            if (nextRangeStart == null) { 
+            if (nextRangeStart == null) {
                 return false;
             }
             Hashtable h = mRepos[repo];
             conn = mLdapConnFactory.getConn();
             String rangedn = (String) h.get(PROP_RANGE_DN) + "," + mBaseDN;
             String filter = "(&(nsds5ReplConflict=*)(objectClass=pkiRange)(host= " +
-                CMS.getEESSLHost() + ")(SecurePort=" + CMS.getEESSLPort() +
-                ")(beginRange=" + nextRangeStart + "))";
+                    CMS.getEESSLHost() + ")(SecurePort=" + CMS.getEESSLPort() +
+                    ")(beginRange=" + nextRangeStart + "))";
             LDAPSearchResults results = conn.search(rangedn, LDAPv3.SCOPE_SUB,
-                filter, null, false);
+                    filter, null, false);
 
             while (results.hasMoreElements()) {
                 conflict = true;
@@ -513,12 +505,11 @@ public class DBSubsystem implements IDBSubsystem {
             e.printStackTrace();
         } finally {
             try {
-                if ((conn != null) && (mLdapConnFactory!= null)) {
+                if ((conn != null) && (mLdapConnFactory != null)) {
                     CMS.debug("Releasing ldap connection");
                     mLdapConnFactory.returnConn(conn);
                 }
-            }
-            catch (Exception e) {
+            } catch (Exception e) {
                 CMS.debug("Error releasing the ldap connection" + e.toString());
             }
         }
@@ -530,14 +521,12 @@ public class DBSubsystem implements IDBSubsystem {
     }
 
     /**
-     * Initializes the internal registery. Connects to the 
-     * data source, and create a pool of connection of which 
-     * applications can use. Optionally, check the integrity
-     * of the database.
+     * Initializes the internal registery. Connects to the data source, and
+     * create a pool of connection of which applications can use. Optionally,
+     * check the integrity of the database.
      */
-    public void init(ISubsystem owner, IConfigStore config) 
-        throws EBaseException {
-
+    public void init(ISubsystem owner, IConfigStore config)
+            throws EBaseException {
 
         mLogger = CMS.getLogger();
         mDBConfig = config;
@@ -548,110 +537,109 @@ public class DBSubsystem implements IDBSubsystem {
         try {
             mBaseDN = mConfig.getString(PROP_BASEDN, "o=NetscapeCertificateServer");
 
-            mOwner = owner; 
+            mOwner = owner;
 
             mNextSerialConfig = new BigInteger(mDBConfig.getString(
-                PROP_NEXT_SERIAL_NUMBER, "0"), 16);
+                    PROP_NEXT_SERIAL_NUMBER, "0"), 16);
 
             mEnableSerialMgmt = mDBConfig.getBoolean(PROP_ENABLE_SERIAL_MGMT, false);
 
             // populate the certs hash entry
             Hashtable certs = new Hashtable();
             certs.put(NAME, "certs");
-            certs.put(PROP_BASEDN, mDBConfig.getString(PROP_SERIAL_BASEDN,"")); 
+            certs.put(PROP_BASEDN, mDBConfig.getString(PROP_SERIAL_BASEDN, ""));
             certs.put(PROP_RANGE_DN, mDBConfig.getString(PROP_SERIAL_RANGE_DN, ""));
 
             certs.put(PROP_MIN_NAME, PROP_MIN_SERIAL_NUMBER);
             certs.put(PROP_MIN, mDBConfig.getString(
-                PROP_MIN_SERIAL_NUMBER, "0"));
+                    PROP_MIN_SERIAL_NUMBER, "0"));
 
             certs.put(PROP_MAX_NAME, PROP_MAX_SERIAL_NUMBER);
             certs.put(PROP_MAX, mDBConfig.getString(
-                PROP_MAX_SERIAL_NUMBER, PROP_INFINITE_SERIAL_NUMBER));
+                    PROP_MAX_SERIAL_NUMBER, PROP_INFINITE_SERIAL_NUMBER));
 
             certs.put(PROP_NEXT_MIN_NAME, PROP_NEXT_MIN_SERIAL_NUMBER);
             certs.put(PROP_NEXT_MIN, mDBConfig.getString(
-                PROP_NEXT_MIN_SERIAL_NUMBER, "-1"));
+                    PROP_NEXT_MIN_SERIAL_NUMBER, "-1"));
 
             certs.put(PROP_NEXT_MAX_NAME, PROP_NEXT_MAX_SERIAL_NUMBER);
             certs.put(PROP_NEXT_MAX, mDBConfig.getString(
-                PROP_NEXT_MAX_SERIAL_NUMBER, "-1"));
+                    PROP_NEXT_MAX_SERIAL_NUMBER, "-1"));
 
             certs.put(PROP_LOW_WATER_MARK_NAME, PROP_SERIAL_LOW_WATER_MARK);
             certs.put(PROP_LOW_WATER_MARK, mDBConfig.getString(
-                PROP_SERIAL_LOW_WATER_MARK, "5000"));
+                    PROP_SERIAL_LOW_WATER_MARK, "5000"));
 
             certs.put(PROP_INCREMENT_NAME, PROP_SERIAL_INCREMENT);
             certs.put(PROP_INCREMENT, mDBConfig.getString(
-                PROP_SERIAL_INCREMENT, PROP_INFINITE_SERIAL_NUMBER));
+                    PROP_SERIAL_INCREMENT, PROP_INFINITE_SERIAL_NUMBER));
 
-            mRepos[CERTS]=certs;
+            mRepos[CERTS] = certs;
 
             // populate the requests hash entry
             Hashtable requests = new Hashtable();
             requests.put(NAME, "requests");
-            requests.put(PROP_BASEDN, mDBConfig.getString(PROP_REQUEST_BASEDN,""));
+            requests.put(PROP_BASEDN, mDBConfig.getString(PROP_REQUEST_BASEDN, ""));
             requests.put(PROP_RANGE_DN, mDBConfig.getString(PROP_REQUEST_RANGE_DN, ""));
 
             requests.put(PROP_MIN_NAME, PROP_MIN_REQUEST_NUMBER);
             requests.put(PROP_MIN, mDBConfig.getString(
-                PROP_MIN_REQUEST_NUMBER, "0"));
+                    PROP_MIN_REQUEST_NUMBER, "0"));
 
             requests.put(PROP_MAX_NAME, PROP_MAX_REQUEST_NUMBER);
             requests.put(PROP_MAX, mDBConfig.getString(
-                PROP_MAX_REQUEST_NUMBER, PROP_INFINITE_REQUEST_NUMBER));
+                    PROP_MAX_REQUEST_NUMBER, PROP_INFINITE_REQUEST_NUMBER));
 
             requests.put(PROP_NEXT_MIN_NAME, PROP_NEXT_MIN_REQUEST_NUMBER);
             requests.put(PROP_NEXT_MIN, mDBConfig.getString(
-                PROP_NEXT_MIN_REQUEST_NUMBER, "-1"));
+                    PROP_NEXT_MIN_REQUEST_NUMBER, "-1"));
 
             requests.put(PROP_NEXT_MAX_NAME, PROP_NEXT_MAX_REQUEST_NUMBER);
             requests.put(PROP_NEXT_MAX, mDBConfig.getString(
-                PROP_NEXT_MAX_REQUEST_NUMBER, "-1"));
+                    PROP_NEXT_MAX_REQUEST_NUMBER, "-1"));
 
             requests.put(PROP_LOW_WATER_MARK_NAME, PROP_REQUEST_LOW_WATER_MARK);
             requests.put(PROP_LOW_WATER_MARK, mDBConfig.getString(
-                PROP_REQUEST_LOW_WATER_MARK, "5000"));
+                    PROP_REQUEST_LOW_WATER_MARK, "5000"));
 
             requests.put(PROP_INCREMENT_NAME, PROP_REQUEST_INCREMENT);
             requests.put(PROP_INCREMENT, mDBConfig.getString(
-                PROP_REQUEST_INCREMENT, PROP_INFINITE_REQUEST_NUMBER));
+                    PROP_REQUEST_INCREMENT, PROP_INFINITE_REQUEST_NUMBER));
 
             mRepos[REQUESTS] = requests;
 
             // populate replica ID hash entry
             Hashtable replicaID = new Hashtable();
             replicaID.put(NAME, "requests");
-            replicaID.put(PROP_BASEDN, mDBConfig.getString(PROP_REPLICA_BASEDN,""));
+            replicaID.put(PROP_BASEDN, mDBConfig.getString(PROP_REPLICA_BASEDN, ""));
             replicaID.put(PROP_RANGE_DN, mDBConfig.getString(PROP_REPLICA_RANGE_DN, ""));
 
             replicaID.put(PROP_MIN_NAME, PROP_MIN_REPLICA_NUMBER);
             replicaID.put(PROP_MIN, mDBConfig.getString(
-                PROP_MIN_REPLICA_NUMBER, "1"));
+                    PROP_MIN_REPLICA_NUMBER, "1"));
 
             replicaID.put(PROP_MAX_NAME, PROP_MAX_REPLICA_NUMBER);
             replicaID.put(PROP_MAX, mDBConfig.getString(
-                PROP_MAX_REPLICA_NUMBER, PROP_INFINITE_REPLICA_NUMBER));
+                    PROP_MAX_REPLICA_NUMBER, PROP_INFINITE_REPLICA_NUMBER));
 
             replicaID.put(PROP_NEXT_MIN_NAME, PROP_NEXT_MIN_REPLICA_NUMBER);
             replicaID.put(PROP_NEXT_MIN, mDBConfig.getString(
-                PROP_NEXT_MIN_REPLICA_NUMBER, "-1"));
+                    PROP_NEXT_MIN_REPLICA_NUMBER, "-1"));
 
             replicaID.put(PROP_NEXT_MAX_NAME, PROP_NEXT_MAX_REPLICA_NUMBER);
             replicaID.put(PROP_NEXT_MAX, mDBConfig.getString(
-                PROP_NEXT_MAX_REPLICA_NUMBER, "-1"));
+                    PROP_NEXT_MAX_REPLICA_NUMBER, "-1"));
 
             replicaID.put(PROP_LOW_WATER_MARK_NAME, PROP_REPLICA_LOW_WATER_MARK);
             replicaID.put(PROP_LOW_WATER_MARK, mDBConfig.getString(
-                PROP_REPLICA_LOW_WATER_MARK, "10"));
+                    PROP_REPLICA_LOW_WATER_MARK, "10"));
 
             replicaID.put(PROP_INCREMENT_NAME, PROP_REPLICA_INCREMENT);
             replicaID.put(PROP_INCREMENT, mDBConfig.getString(
-                PROP_REPLICA_INCREMENT, PROP_INFINITE_REPLICA_NUMBER));
+                    PROP_REPLICA_INCREMENT, PROP_INFINITE_REPLICA_NUMBER));
 
             mRepos[REPLICA_ID] = replicaID;
 
-
             // initialize registry
             mRegistry = new DBRegistry();
             mRegistry.init(this, null);
@@ -688,7 +676,7 @@ public class DBSubsystem implements IDBSubsystem {
         try {
             // registers CMS database attributes
             IDBRegistry reg = getRegistry();
-    
+
             String certRecordOC[] = new String[2];
 
             certRecordOC[0] = CertDBSchema.LDAP_OC_TOP;
@@ -696,61 +684,61 @@ public class DBSubsystem implements IDBSubsystem {
 
             if (!reg.isObjectClassRegistered(CertRecord.class.getName())) {
                 reg.registerObjectClass(CertRecord.class.getName(),
-                    certRecordOC);
+                        certRecordOC);
             }
             if (!reg.isAttributeRegistered(CertRecord.ATTR_ID)) {
                 reg.registerAttribute(CertRecord.ATTR_ID, new
-                    BigIntegerMapper(CertDBSchema.LDAP_ATTR_SERIALNO));
+                        BigIntegerMapper(CertDBSchema.LDAP_ATTR_SERIALNO));
             }
             if (!reg.isAttributeRegistered(CertRecord.ATTR_META_INFO)) {
                 reg.registerAttribute(CertRecord.ATTR_META_INFO, new
-                    MetaInfoMapper(CertDBSchema.LDAP_ATTR_META_INFO));
+                        MetaInfoMapper(CertDBSchema.LDAP_ATTR_META_INFO));
             }
             if (!reg.isAttributeRegistered(CertRecord.ATTR_REVO_INFO)) {
                 reg.registerAttribute(CertRecord.ATTR_REVO_INFO, new
-                    RevocationInfoMapper());
+                        RevocationInfoMapper());
             }
             if (!reg.isAttributeRegistered(CertRecord.ATTR_X509CERT)) {
                 reg.registerAttribute(CertRecord.ATTR_X509CERT, new
-                    X509CertImplMapper());
+                        X509CertImplMapper());
             }
             if (!reg.isAttributeRegistered(CertRecord.ATTR_CERT_STATUS)) {
                 reg.registerAttribute(CertRecord.ATTR_CERT_STATUS, new
-                    StringMapper(CertDBSchema.LDAP_ATTR_CERT_STATUS));
+                        StringMapper(CertDBSchema.LDAP_ATTR_CERT_STATUS));
             }
             if (!reg.isAttributeRegistered(CertRecord.ATTR_AUTO_RENEW)) {
                 reg.registerAttribute(CertRecord.ATTR_AUTO_RENEW, new
-                    StringMapper(CertDBSchema.LDAP_ATTR_AUTO_RENEW));
+                        StringMapper(CertDBSchema.LDAP_ATTR_AUTO_RENEW));
             }
             if (!reg.isAttributeRegistered(CertRecord.ATTR_CREATE_TIME)) {
                 reg.registerAttribute(CertRecord.ATTR_CREATE_TIME, new
-                    DateMapper(CertDBSchema.LDAP_ATTR_CREATE_TIME));
+                        DateMapper(CertDBSchema.LDAP_ATTR_CREATE_TIME));
             }
             if (!reg.isAttributeRegistered(CertRecord.ATTR_MODIFY_TIME)) {
                 reg.registerAttribute(CertRecord.ATTR_MODIFY_TIME, new
-                    DateMapper(CertDBSchema.LDAP_ATTR_MODIFY_TIME));
+                        DateMapper(CertDBSchema.LDAP_ATTR_MODIFY_TIME));
             }
             if (!reg.isAttributeRegistered(CertRecord.ATTR_ISSUED_BY)) {
                 reg.registerAttribute(CertRecord.ATTR_ISSUED_BY, new
-                    StringMapper(CertDBSchema.LDAP_ATTR_ISSUED_BY));
+                        StringMapper(CertDBSchema.LDAP_ATTR_ISSUED_BY));
             }
             if (!reg.isAttributeRegistered(CertRecord.ATTR_REVOKED_BY)) {
                 reg.registerAttribute(CertRecord.ATTR_REVOKED_BY, new
-                    StringMapper(CertDBSchema.LDAP_ATTR_REVOKED_BY));
+                        StringMapper(CertDBSchema.LDAP_ATTR_REVOKED_BY));
             }
             if (!reg.isAttributeRegistered(CertRecord.ATTR_REVOKED_ON)) {
                 reg.registerAttribute(CertRecord.ATTR_REVOKED_ON, new
-                    DateMapper(CertDBSchema.LDAP_ATTR_REVOKED_ON));
+                        DateMapper(CertDBSchema.LDAP_ATTR_REVOKED_ON));
             }
 
             if (!reg.isAttributeRegistered(CertificateValidity.NOT_AFTER)) {
                 reg.registerAttribute(CertificateValidity.NOT_AFTER, new
-                    DateMapper(CertDBSchema.LDAP_ATTR_NOT_AFTER));
+                        DateMapper(CertDBSchema.LDAP_ATTR_NOT_AFTER));
             }
 
             if (!reg.isAttributeRegistered(CertificateValidity.NOT_BEFORE)) {
                 reg.registerAttribute(CertificateValidity.NOT_BEFORE, new
-                    DateMapper(CertDBSchema.LDAP_ATTR_NOT_BEFORE));
+                        DateMapper(CertDBSchema.LDAP_ATTR_NOT_BEFORE));
             }
 
             String crlRecordOC[] = new String[2];
@@ -758,54 +746,54 @@ public class DBSubsystem implements IDBSubsystem {
             crlRecordOC[0] = CRLDBSchema.LDAP_OC_TOP;
             crlRecordOC[1] = CRLDBSchema.LDAP_OC_CRL_RECORD;
             reg.registerObjectClass(CRLIssuingPointRecord.class.getName(),
-                crlRecordOC);
+                    crlRecordOC);
             reg.registerAttribute(ICRLIssuingPointRecord.ATTR_ID, new
-                StringMapper(CRLDBSchema.LDAP_ATTR_CRL_ID));
+                    StringMapper(CRLDBSchema.LDAP_ATTR_CRL_ID));
             reg.registerAttribute(ICRLIssuingPointRecord.ATTR_CRL_NUMBER, new
-                BigIntegerMapper(CRLDBSchema.LDAP_ATTR_CRL_NUMBER));
+                    BigIntegerMapper(CRLDBSchema.LDAP_ATTR_CRL_NUMBER));
             reg.registerAttribute(ICRLIssuingPointRecord.ATTR_DELTA_NUMBER, new
-                BigIntegerMapper(CRLDBSchema.LDAP_ATTR_DELTA_NUMBER));
+                    BigIntegerMapper(CRLDBSchema.LDAP_ATTR_DELTA_NUMBER));
             reg.registerAttribute(ICRLIssuingPointRecord.ATTR_CRL_SIZE, new
-                LongMapper(CRLDBSchema.LDAP_ATTR_CRL_SIZE));
+                    LongMapper(CRLDBSchema.LDAP_ATTR_CRL_SIZE));
             reg.registerAttribute(ICRLIssuingPointRecord.ATTR_DELTA_SIZE, new
-                LongMapper(CRLDBSchema.LDAP_ATTR_DELTA_SIZE));
+                    LongMapper(CRLDBSchema.LDAP_ATTR_DELTA_SIZE));
             reg.registerAttribute(ICRLIssuingPointRecord.ATTR_THIS_UPDATE, new
-                DateMapper(CRLDBSchema.LDAP_ATTR_THIS_UPDATE));
+                    DateMapper(CRLDBSchema.LDAP_ATTR_THIS_UPDATE));
             reg.registerAttribute(ICRLIssuingPointRecord.ATTR_NEXT_UPDATE, new
-                DateMapper(CRLDBSchema.LDAP_ATTR_NEXT_UPDATE));
+                    DateMapper(CRLDBSchema.LDAP_ATTR_NEXT_UPDATE));
             reg.registerAttribute(ICRLIssuingPointRecord.ATTR_FIRST_UNSAVED, new
-                StringMapper(CRLDBSchema.LDAP_ATTR_FIRST_UNSAVED));
+                    StringMapper(CRLDBSchema.LDAP_ATTR_FIRST_UNSAVED));
             reg.registerAttribute(ICRLIssuingPointRecord.ATTR_CRL, new
-                ByteArrayMapper(CRLDBSchema.LDAP_ATTR_CRL));
+                    ByteArrayMapper(CRLDBSchema.LDAP_ATTR_CRL));
             reg.registerAttribute(ICRLIssuingPointRecord.ATTR_DELTA_CRL, new
-                ByteArrayMapper(CRLDBSchema.LDAP_ATTR_DELTA_CRL));
+                    ByteArrayMapper(CRLDBSchema.LDAP_ATTR_DELTA_CRL));
             reg.registerAttribute(ICRLIssuingPointRecord.ATTR_CA_CERT, new
-                ByteArrayMapper(CRLDBSchema.LDAP_ATTR_CA_CERT));
+                    ByteArrayMapper(CRLDBSchema.LDAP_ATTR_CA_CERT));
             reg.registerAttribute(ICRLIssuingPointRecord.ATTR_CRL_CACHE, new
-                ObjectStreamMapper(CRLDBSchema.LDAP_ATTR_CRL_CACHE));
+                    ObjectStreamMapper(CRLDBSchema.LDAP_ATTR_CRL_CACHE));
             reg.registerAttribute(ICRLIssuingPointRecord.ATTR_REVOKED_CERTS, new
-                ObjectStreamMapper(CRLDBSchema.LDAP_ATTR_REVOKED_CERTS));
+                    ObjectStreamMapper(CRLDBSchema.LDAP_ATTR_REVOKED_CERTS));
             reg.registerAttribute(ICRLIssuingPointRecord.ATTR_UNREVOKED_CERTS, new
-                ObjectStreamMapper(CRLDBSchema.LDAP_ATTR_UNREVOKED_CERTS));
+                    ObjectStreamMapper(CRLDBSchema.LDAP_ATTR_UNREVOKED_CERTS));
             reg.registerAttribute(ICRLIssuingPointRecord.ATTR_EXPIRED_CERTS, new
-                ObjectStreamMapper(CRLDBSchema.LDAP_ATTR_EXPIRED_CERTS));
+                    ObjectStreamMapper(CRLDBSchema.LDAP_ATTR_EXPIRED_CERTS));
 
             if (!reg.isObjectClassRegistered(
-                RepositoryRecord.class.getName())) {
+                    RepositoryRecord.class.getName())) {
                 String repRecordOC[] = new String[2];
 
                 repRecordOC[0] = RepositorySchema.LDAP_OC_TOP;
                 repRecordOC[1] = RepositorySchema.LDAP_OC_REPOSITORY;
                 reg.registerObjectClass(
-                    RepositoryRecord.class.getName(), repRecordOC);
+                        RepositoryRecord.class.getName(), repRecordOC);
             }
             if (!reg.isAttributeRegistered(IRepositoryRecord.ATTR_SERIALNO)) {
                 reg.registerAttribute(IRepositoryRecord.ATTR_SERIALNO,
-                    new BigIntegerMapper(RepositorySchema.LDAP_ATTR_SERIALNO));
+                        new BigIntegerMapper(RepositorySchema.LDAP_ATTR_SERIALNO));
             }
             if (!reg.isAttributeRegistered(IRepositoryRecord.ATTR_PUB_STATUS)) {
                 reg.registerAttribute(IRepositoryRecord.ATTR_PUB_STATUS,
-                    new StringMapper(RepositorySchema.LDAP_ATTR_PUB_STATUS));
+                        new StringMapper(RepositorySchema.LDAP_ATTR_PUB_STATUS));
             }
 
         } catch (EBaseException e) {
@@ -820,7 +808,7 @@ public class DBSubsystem implements IDBSubsystem {
      */
     public void startup() throws EBaseException {
     }
-	
+
     /**
      * Retrieves configuration store.
      */
@@ -861,16 +849,19 @@ public class DBSubsystem implements IDBSubsystem {
             }
         } catch (ELdapException e) {
 
-            /*LogDoc
-             *
+            /*
+             * LogDoc
+             * 
              * @phase shutdown server
+             * 
              * @reason shutdown db subsystem
+             * 
              * @message DBSubsystem: <exception thrown>
              */
             mLogger.log(ILogger.EV_SYSTEM, ILogger.S_DB,
-                ILogger.LL_FAILURE, CMS.getLogMessage("OPERATION_ERROR", e.toString()));
+                    ILogger.LL_FAILURE, CMS.getLogMessage("OPERATION_ERROR", e.toString()));
         }
-        if (mRegistry != null) 
+        if (mRegistry != null)
             mRegistry.shutdown();
     }
 
@@ -905,11 +896,11 @@ public class DBSubsystem implements IDBSubsystem {
                                 LDAPAttributeSchema.cis, false);
                     userType.add(conn);
                 }
- 
+
                 // create new objectclass: cmsuser
                 dirSchema.fetchSchema(conn);
                 LDAPObjectClassSchema newObjClass = dirSchema.getObjectClass("cmsuser");
-                String[] requiredAttrs = {"usertype"};
+                String[] requiredAttrs = { "usertype" };
                 String[] optionalAttrs = new String[0];
 
                 if (newObjClass == null) {
@@ -928,25 +919,26 @@ public class DBSubsystem implements IDBSubsystem {
                         CMS.getUserMessage("CMS_DBS_INTERNAL_DIR_UNAVAILABLE"));
             }
 
-            /*LogDoc
-             *
+            /*
+             * LogDoc
+             * 
              * @phase create db session
              */
-            mLogger.log(ILogger.EV_SYSTEM, ILogger.S_DB, ILogger.LL_FAILURE, 
-                CMS.getLogMessage("CMSCORE_DBS_CONN_ERROR", e.toString()));
+            mLogger.log(ILogger.EV_SYSTEM, ILogger.S_DB, ILogger.LL_FAILURE,
+                    CMS.getLogMessage("CMSCORE_DBS_CONN_ERROR", e.toString()));
             throw new EDBException(
                     CMS.getUserMessage("CMS_DBS_CONNECT_LDAP_FAILED", e.toString()));
         } catch (LDAPException e) {
             if (e.getLDAPResultCode() != 20) {
                 mLogger.log(ILogger.EV_SYSTEM, ILogger.S_DB, ILogger.LL_FAILURE,
-                    CMS.getLogMessage("CMSCORE_DBS_SCHEMA_ERROR", e.toString()));
+                        CMS.getLogMessage("CMSCORE_DBS_SCHEMA_ERROR", e.toString()));
                 throw new EDBException(
                         CMS.getUserMessage("CMS_DBS_ADD_ENTRY_FAILED", e.toString()));
             }
         } catch (EBaseException e) {
-            mLogger.log(ILogger.EV_SYSTEM, ILogger.S_DB, ILogger.LL_FAILURE, 
-                CMS.getLogMessage("CMSCORE_DBS_CONF_ERROR",
-                    e.toString()));
+            mLogger.log(ILogger.EV_SYSTEM, ILogger.S_DB, ILogger.LL_FAILURE,
+                    CMS.getLogMessage("CMSCORE_DBS_CONF_ERROR",
+                            e.toString()));
         }
         return new DBSSession(this, conn);
     }
diff --git a/pki/base/common/src/com/netscape/cmscore/dbs/DBVirtualList.java b/pki/base/common/src/com/netscape/cmscore/dbs/DBVirtualList.java
index ddec63ce..350c78b6 100644
--- a/pki/base/common/src/com/netscape/cmscore/dbs/DBVirtualList.java
+++ b/pki/base/common/src/com/netscape/cmscore/dbs/DBVirtualList.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cmscore.dbs;
 
-
 import java.util.Arrays;
 import java.util.Vector;
 
@@ -38,12 +37,11 @@ import com.netscape.certsrv.dbs.IDBVirtualList;
 import com.netscape.certsrv.dbs.IElementProcessor;
 import com.netscape.certsrv.logging.ILogger;
 
-
 /**
- * A class represents a virtual list of search results.
- * Note that this class must be used with DS4.0.
- *
- * @author thomask 
+ * A class represents a virtual list of search results. Note that this class
+ * must be used with DS4.0.
+ * 
+ * @author thomask
  * @author mzhao
  * @version $Revision$, $Date$
  */
@@ -71,63 +69,62 @@ public class DBVirtualList<E> implements IDBVirtualList<E> {
     // the index of the first entry returned
     private int mSelectedIndex = 0;
     private int mJumpToIndex = 0;
-    private int mJumpToInitialIndex = 0;    // Initial index hit in jumpto operation
-    private int mJumpToDirection = 1;         // Do we proceed forward or backwards
-    private String mJumpTo = null;          // Determines if this is the jumpto case
+    private int mJumpToInitialIndex = 0; // Initial index hit in jumpto
+                                         // operation
+    private int mJumpToDirection = 1; // Do we proceed forward or backwards
+    private String mJumpTo = null; // Determines if this is the jumpto case
 
     private ILogger mLogger = CMS.getLogger();
 
     /**
-     * Constructs a virtual list. 
-     * Be sure to setPageSize() later if your pageSize is not the default 10
-     * Be sure to setSortKey() before fetchs
-     *
-     * param registry the registry of attribute mappers
-     * param c the ldap connection. It has to be version 3 and upper
-     * param base the base distinguished name to search from
-     * param filter search filter specifying the search criteria
-     * param attrs list of attributes that you want returned in the search results
+     * Constructs a virtual list. Be sure to setPageSize() later if your
+     * pageSize is not the default 10 Be sure to setSortKey() before fetchs
+     * 
+     * param registry the registry of attribute mappers param c the ldap
+     * connection. It has to be version 3 and upper param base the base
+     * distinguished name to search from param filter search filter specifying
+     * the search criteria param attrs list of attributes that you want returned
+     * in the search results
      */
     public DBVirtualList(IDBRegistry registry, LDAPConnection c,
-        String base, String filter, String attrs[]) throws EBaseException {
+            String base, String filter, String attrs[]) throws EBaseException {
         mRegistry = registry;
         mFilter = filter;
         mBase = base;
         mAttrs = attrs;
-        CMS.debug( "In DBVirtualList filter attrs filter: " + filter
-                 + " attrs: " + Arrays.toString( attrs ) );
+        CMS.debug("In DBVirtualList filter attrs filter: " + filter
+                 + " attrs: " + Arrays.toString(attrs));
         mPageControls = new LDAPControl[2];
         try {
             mConn = (LDAPConnection) c.clone();
         } catch (Exception e) {
-            throw new EBaseException(CMS.getUserMessage("CMS_BASE_CONN_FAILED", 
+            throw new EBaseException(CMS.getUserMessage("CMS_BASE_CONN_FAILED",
                         e.toString()));
         }
     }
 
     /**
-     * Constructs a virtual list.
-     * Be sure to setPageSize() later if your pageSize is not the default 10
-     *
-     * param registry the registry of attribute mappers
-     * param c the ldap connection. It has to be version 3 and upper
-     * param base the base distinguished name to search from
-     * param filter search filter specifying the search criteria
-     * param attrs list of attributes that you want returned in the search results
-     * param sortKey the attributes to sort by
+     * Constructs a virtual list. Be sure to setPageSize() later if your
+     * pageSize is not the default 10
+     * 
+     * param registry the registry of attribute mappers param c the ldap
+     * connection. It has to be version 3 and upper param base the base
+     * distinguished name to search from param filter search filter specifying
+     * the search criteria param attrs list of attributes that you want returned
+     * in the search results param sortKey the attributes to sort by
      */
     public DBVirtualList(IDBRegistry registry, LDAPConnection c,
-        String base, String filter, String attrs[], String sortKey[])
-        throws EBaseException {
+            String base, String filter, String attrs[], String sortKey[])
+            throws EBaseException {
 
-        CMS.debug( "In DBVirtualList filter attrs sotrKey[]  filter: " + filter
-                 + " attrs: " + Arrays.toString( attrs ) );
+        CMS.debug("In DBVirtualList filter attrs sotrKey[]  filter: " + filter
+                 + " attrs: " + Arrays.toString(attrs));
         mRegistry = registry;
         mFilter = filter;
         try {
             mConn = (LDAPConnection) c.clone();
         } catch (Exception e) {
-            throw new EBaseException(CMS.getUserMessage("CMS_BASE_CONN_FAILED", 
+            throw new EBaseException(CMS.getUserMessage("CMS_BASE_CONN_FAILED",
                         e.toString()));
         }
         mBase = base;
@@ -137,27 +134,26 @@ public class DBVirtualList<E> implements IDBVirtualList<E> {
     }
 
     /**
-     * Constructs a virtual list.
-     * Be sure to setPageSize() later if your pageSize is not the default 10
-     *
-     * param registry the registry of attribute mappers
-     * param c the ldap connection. It has to be version 3 and upper
-     * param base the base distinguished name to search from
-     * param filter search filter specifying the search criteria
-     * param attrs list of attributes that you want returned in the search results
-     * param sortKey the attribute to sort by
+     * Constructs a virtual list. Be sure to setPageSize() later if your
+     * pageSize is not the default 10
+     * 
+     * param registry the registry of attribute mappers param c the ldap
+     * connection. It has to be version 3 and upper param base the base
+     * distinguished name to search from param filter search filter specifying
+     * the search criteria param attrs list of attributes that you want returned
+     * in the search results param sortKey the attribute to sort by
      */
     public DBVirtualList(IDBRegistry registry, LDAPConnection c,
-        String base, String filter, String attrs[], String sortKey)
-        throws EBaseException {
+            String base, String filter, String attrs[], String sortKey)
+            throws EBaseException {
 
-        CMS.debug( "In DBVirtualList filter attrs sortKey   filter: " + filter                   + " attrs: " + Arrays.toString( attrs ) );
+        CMS.debug("In DBVirtualList filter attrs sortKey   filter: " + filter + " attrs: " + Arrays.toString(attrs));
         mRegistry = registry;
         mFilter = filter;
         try {
             mConn = (LDAPConnection) c.clone();
         } catch (Exception e) {
-            throw new EBaseException(CMS.getUserMessage("CMS_BASE_CONN_FAILED", 
+            throw new EBaseException(CMS.getUserMessage("CMS_BASE_CONN_FAILED",
                         e.toString()));
         }
         mBase = base;
@@ -168,29 +164,28 @@ public class DBVirtualList<E> implements IDBVirtualList<E> {
 
     /**
      * Constructs a virtual list.
-     *
-     * param registry the registry of attribute mappers
-     * param c the ldap connection. It has to be version 3 and upper
-     * param base the base distinguished name to search from
-     * param filter search filter specifying the search criteria
-     * param attrs list of attributes that you want returned in the search results
-     * param sortKey the attributes to sort by
-     * param pageSize the size of a page. There is a 3*pageSize buffer maintained so
-     *       pageUp and pageDown won't invoke fetch from ldap server
+     * 
+     * param registry the registry of attribute mappers param c the ldap
+     * connection. It has to be version 3 and upper param base the base
+     * distinguished name to search from param filter search filter specifying
+     * the search criteria param attrs list of attributes that you want returned
+     * in the search results param sortKey the attributes to sort by param
+     * pageSize the size of a page. There is a 3*pageSize buffer maintained so
+     * pageUp and pageDown won't invoke fetch from ldap server
      */
     public DBVirtualList(IDBRegistry registry, LDAPConnection c,
-        String base, String filter, String attrs[], String sortKey[],
-        int pageSize) throws EBaseException {
+            String base, String filter, String attrs[], String sortKey[],
+            int pageSize) throws EBaseException {
 
-        CMS.debug( "In DBVirtualList filter attrs sortKey[] pageSize filter: "
-                 + filter + " attrs: " + Arrays.toString( attrs )
-                 + " pageSize " + pageSize );
+        CMS.debug("In DBVirtualList filter attrs sortKey[] pageSize filter: "
+                 + filter + " attrs: " + Arrays.toString(attrs)
+                 + " pageSize " + pageSize);
         mRegistry = registry;
         mFilter = filter;
         try {
             mConn = (LDAPConnection) c.clone();
         } catch (Exception e) {
-            throw new EBaseException(CMS.getUserMessage("CMS_BASE_CONN_FAILED", 
+            throw new EBaseException(CMS.getUserMessage("CMS_BASE_CONN_FAILED",
                         e.toString()));
         }
         mBase = base;
@@ -202,23 +197,22 @@ public class DBVirtualList<E> implements IDBVirtualList<E> {
 
     /**
      * Constructs a virtual list.
-     *
-     * param registry the registry of attribute mappers
-     * param c the ldap connection. It has to be version 3 and upper
-     * param base the base distinguished name to search from
-     * param filter search filter specifying the search criteria
-     * param attrs list of attributes that you want returned in the search results
-     * param sortKey the attribute to sort by
-     * param pageSize the size of a page. There is a 3*pageSize buffer maintained so
-     *       pageUp and pageDown won't invoke fetch from ldap server
+     * 
+     * param registry the registry of attribute mappers param c the ldap
+     * connection. It has to be version 3 and upper param base the base
+     * distinguished name to search from param filter search filter specifying
+     * the search criteria param attrs list of attributes that you want returned
+     * in the search results param sortKey the attribute to sort by param
+     * pageSize the size of a page. There is a 3*pageSize buffer maintained so
+     * pageUp and pageDown won't invoke fetch from ldap server
      */
     public DBVirtualList(IDBRegistry registry, LDAPConnection c,
-        String base, String filter, String attrs[], String sortKey,
-        int pageSize) throws EBaseException {
+            String base, String filter, String attrs[], String sortKey,
+            int pageSize) throws EBaseException {
 
-        CMS.debug( "In DBVirtualList filter attrs sortKey pageSize filter: "
-                 + filter + " attrs: " + Arrays.toString( attrs )
-                 + " pageSize " + pageSize );
+        CMS.debug("In DBVirtualList filter attrs sortKey pageSize filter: "
+                 + filter + " attrs: " + Arrays.toString(attrs)
+                 + " pageSize " + pageSize);
         mRegistry = registry;
         mFilter = filter;
         try {
@@ -235,20 +229,20 @@ public class DBVirtualList<E> implements IDBVirtualList<E> {
     }
 
     public DBVirtualList(IDBRegistry registry, LDAPConnection c,
-        String base, String filter, String attrs[], 
-        String startFrom, String sortKey,
-        int pageSize) throws EBaseException {
-
-        CMS.debug( "In DBVirtualList filter attrs startFrom sortKey pageSize "
-                 + "filter: " + filter 
-                 + " attrs: " + Arrays.toString( attrs )
-                 + " pageSize " + pageSize + " startFrom " + startFrom );
+            String base, String filter, String attrs[],
+            String startFrom, String sortKey,
+            int pageSize) throws EBaseException {
+
+        CMS.debug("In DBVirtualList filter attrs startFrom sortKey pageSize "
+                 + "filter: " + filter
+                 + " attrs: " + Arrays.toString(attrs)
+                 + " pageSize " + pageSize + " startFrom " + startFrom);
         mRegistry = registry;
         mFilter = filter;
         try {
             mConn = (LDAPConnection) c.clone();
         } catch (Exception e) {
-            throw new EBaseException(CMS.getUserMessage("CMS_BASE_CONN_FAILED", 
+            throw new EBaseException(CMS.getUserMessage("CMS_BASE_CONN_FAILED",
                         e.toString()));
         }
         mBase = base;
@@ -260,7 +254,7 @@ public class DBVirtualList<E> implements IDBVirtualList<E> {
 
         if (pageSize < 0) {
             mJumpToDirection = -1;
-        } 
+        }
         mPageSize = pageSize;
 
         mBeforeCount = 0;
@@ -268,11 +262,10 @@ public class DBVirtualList<E> implements IDBVirtualList<E> {
     }
 
     /**
-     * Set the paging size of this virtual list.
-     * The page size here is just a buffer size. A buffer is kept around
-     * that is three times as large as the number of visible entries.
-     * That way, you can scroll up/down several items(up to a page-full)
-     * without refetching entries from the directory.
+     * Set the paging size of this virtual list. The page size here is just a
+     * buffer size. A buffer is kept around that is three times as large as the
+     * number of visible entries. That way, you can scroll up/down several
+     * items(up to a page-full) without refetching entries from the directory.
      * 
      * @param size the page size
      */
@@ -283,15 +276,16 @@ public class DBVirtualList<E> implements IDBVirtualList<E> {
         }
 
         mPageSize = size;
-        mBeforeCount = 0; //mPageSize;
+        mBeforeCount = 0; // mPageSize;
         mAfterCount = mPageSize; // mPageSize + mPageSize;
 
-        //CMS.debug("In setPageSize " + size + " mBeforeCount " + mBeforeCount + " mAfterCount " + mAfterCount);
+        // CMS.debug("In setPageSize " + size + " mBeforeCount " + mBeforeCount
+        // + " mAfterCount " + mAfterCount);
     }
 
     /**
      * set the sort key
-     *
+     * 
      * @param sortKey the attribute to sort by
      */
     public void setSortKey(String sortKey) throws EBaseException {
@@ -303,7 +297,7 @@ public class DBVirtualList<E> implements IDBVirtualList<E> {
 
     /**
      * set the sort key
-     *
+     * 
      * @param sortKey the attributes to sort by
      */
     public void setSortKey(String[] sortKeys) throws EBaseException {
@@ -319,28 +313,31 @@ public class DBVirtualList<E> implements IDBVirtualList<E> {
             }
         } catch (Exception e) {
 
-            /*LogDoc
-             *
+            /*
+             * LogDoc
+             * 
              * @phase local ldap search
+             * 
              * @reason Failed at setSortKey.
+             * 
              * @message DBVirtualList: <exception thrown>
              */
             mLogger.log(ILogger.EV_SYSTEM, ILogger.S_DB, ILogger.LL_FAILURE,
-                CMS.getLogMessage("OPERATION_ERROR", e.toString()));
+                    CMS.getLogMessage("OPERATION_ERROR", e.toString()));
         }
         // Paged results also require a sort control
         if (mKeys != null) {
             mPageControls[0] =
                     new LDAPSortControl(mKeys, true);
-        }else {
+        } else {
             throw new EBaseException("sort keys cannot be null");
         }
     }
 
     /**
-     * Retrieves the size of this virtual list.
-     * Recommend to call getSize() before getElementAt() or getElements() 
-     * since you'd better check if the index is out of bound first.
+     * Retrieves the size of this virtual list. Recommend to call getSize()
+     * before getElementAt() or getElements() since you'd better check if the
+     * index is out of bound first.
      */
     public int getSize() {
         if (!mInitialized) {
@@ -348,16 +345,18 @@ public class DBVirtualList<E> implements IDBVirtualList<E> {
             // Do an initial search to get the virtual list size
             // Keep one page before and one page after the start
             if (mJumpTo == null) {
-                mBeforeCount = 0; //mPageSize;
-                mAfterCount = mPageSize; //  mPageSize + mPageSize;
+                mBeforeCount = 0; // mPageSize;
+                mAfterCount = mPageSize; // mPageSize + mPageSize;
             }
             // Create the initial paged results control
-            /* Since this one is only used to get the size of the virtual list;
-             we don't care about the starting index. If there is no partial
-             match, the first one before (or after, if none before) is returned
-             as the index entry. Instead of "A", you could use the other
-             constructor and specify 0 both for startIndex and for
-             contentCount. */
+            /*
+             * Since this one is only used to get the size of the virtual list;
+             * we don't care about the starting index. If there is no partial
+             * match, the first one before (or after, if none before) is
+             * returned as the index entry. Instead of "A", you could use the
+             * other constructor and specify 0 both for startIndex and for
+             * contentCount.
+             */
             LDAPVirtualListControl cont = null;
 
             if (mJumpTo == null) {
@@ -368,7 +367,7 @@ public class DBVirtualList<E> implements IDBVirtualList<E> {
 
                 if (mPageSize < 0) {
                     mBeforeCount = mPageSize * -1;
-                    mAfterCount = 0;  
+                    mAfterCount = 0;
                 }
                 cont = new LDAPVirtualListControl(mJumpTo,
                             mBeforeCount,
@@ -382,21 +381,21 @@ public class DBVirtualList<E> implements IDBVirtualList<E> {
         return mSize;
     }
 
-    public  int getSizeBeforeJumpTo() {
+    public int getSizeBeforeJumpTo() {
 
         if (!mInitialized || mJumpTo == null)
             return 0;
 
         int size = 0;
-     
-        if (mJumpToDirection < 0) { 
+
+        if (mJumpToDirection < 0) {
             size = mTop + mEntries.size();
         } else {
             size = mTop;
 
         }
 
-        return size; 
+        return size;
 
     }
 
@@ -410,7 +409,7 @@ public class DBVirtualList<E> implements IDBVirtualList<E> {
         return size;
 
     }
- 
+
     private synchronized boolean getEntries() {
         // Specify necessary controls for vlist
         // LDAPSearchConstraints cons = mConn.getSearchConstraints();
@@ -419,13 +418,13 @@ public class DBVirtualList<E> implements IDBVirtualList<E> {
         cons.setMaxResults(0);
         if (mPageControls != null) {
             cons.setServerControls(mPageControls);
-            //System.out.println( "setting vlist control" );
+            // System.out.println( "setting vlist control" );
         }
         // Empty the buffer
         mEntries.removeAllElements();
         // Do a search
         try {
-            //what happen if there is no matching?
+            // what happen if there is no matching?
             String ldapFilter = mRegistry.getFilter(mFilter);
             String ldapAttrs[] = null;
             LDAPSearchResults result;
@@ -434,12 +433,10 @@ public class DBVirtualList<E> implements IDBVirtualList<E> {
                 ldapAttrs = mRegistry.getLDAPAttributes(mAttrs);
 
                 /*
-                 LDAPv2.SCOPE_BASE:
-                 (search only the base DN) 
-                 LDAPv2.SCOPE_ONE:
-                 (search only entries under the base DN) 
-                 LDAPv2.SCOPE_SUB:
-                 (search the base DN and all entries within its subtree) 
+                 * LDAPv2.SCOPE_BASE: (search only the base DN)
+                 * LDAPv2.SCOPE_ONE: (search only entries under the base DN)
+                 * LDAPv2.SCOPE_SUB: (search the base DN and all entries within
+                 * its subtree)
                  */
                 result = mConn.search(mBase,
                             LDAPConnection.SCOPE_ONE, ldapFilter, ldapAttrs,
@@ -459,47 +456,53 @@ public class DBVirtualList<E> implements IDBVirtualList<E> {
                 LDAPEntry entry = (LDAPEntry) result.nextElement();
 
                 try {
-                    //maintain mEntries as vector of LDAPEntry
+                    // maintain mEntries as vector of LDAPEntry
                     @SuppressWarnings("unchecked")
-					E o = (E)mRegistry.createObject(entry.getAttributeSet());
+                    E o = (E) mRegistry.createObject(entry.getAttributeSet());
 
                     mEntries.addElement(o);
                 } catch (Exception e) {
 
                     CMS.debug("Exception " + e);
 
-                    /*LogDoc
-                     *
+                    /*
+                     * LogDoc
+                     * 
                      * @phase local ldap search
+                     * 
                      * @reason Failed to get enties.
+                     * 
                      * @message DBVirtualList: <exception thrown>
                      */
                     mLogger.log(ILogger.EV_SYSTEM, ILogger.S_DB, ILogger.LL_FAILURE,
-                        CMS.getLogMessage("CMSCORE_DBS_VL_ADD", e.toString()));
+                            CMS.getLogMessage("CMSCORE_DBS_VL_ADD", e.toString()));
                     // #539044
                     damageCounter++;
                     if (damageCounter > 100) {
                         mLogger.log(ILogger.EV_SYSTEM, ILogger.S_DB, ILogger.LL_FAILURE,
-                            CMS.getLogMessage("CMSCORE_DBS_VL_CORRUPTED_ENTRIES", Integer.toString(damageCounter)));
+                                CMS.getLogMessage("CMSCORE_DBS_VL_CORRUPTED_ENTRIES", Integer.toString(damageCounter)));
                         return false;
                     }
                 }
             }
         } catch (Exception e) {
 
-            /*LogDoc
-             *
+            /*
+             * LogDoc
+             * 
              * @phase local ldap search
+             * 
              * @reason Failed to get enties.
+             * 
              * @message DBVirtualList: <exception thrown>
              */
             CMS.debug("getEntries: exception " + e);
 
             mLogger.log(ILogger.EV_SYSTEM, ILogger.S_DB, ILogger.LL_FAILURE,
-                CMS.getLogMessage("OPERATION_ERROR", e.toString()));
+                    CMS.getLogMessage("OPERATION_ERROR", e.toString()));
         }
-        //System.out.println( "Returning " + mEntries.size() +
-        //       " entries" );
+        // System.out.println( "Returning " + mEntries.size() +
+        // " entries" );
 
         CMS.debug("getEntries returning " + mEntries.size());
         return true;
@@ -515,10 +518,10 @@ public class DBVirtualList<E> implements IDBVirtualList<E> {
             if (!getEntries())
                 return false;
 
-                // Check if we have a control returned
+            // Check if we have a control returned
             LDAPControl[] c = mConn.getResponseControls();
             LDAPVirtualListResponse nextCont =
-                LDAPVirtualListResponse.parseResponse(c);
+                    LDAPVirtualListResponse.parseResponse(c);
 
             if (nextCont != null) {
                 mSelectedIndex = nextCont.getFirstPosition() - 1;
@@ -533,10 +536,10 @@ public class DBVirtualList<E> implements IDBVirtualList<E> {
                 mSize = nextCont.getContentCount();
                 ((LDAPVirtualListControl) mPageControls[1]).setListSize(mSize);
                 mInitialized = true;
-                //System.out.println( "Virtual window: " + mTop +
-                //       ".." + (mTop+mEntries.size()-1) +
-                //      " of " + mSize );
-            } else { 
+                // System.out.println( "Virtual window: " + mTop +
+                // ".." + (mTop+mEntries.size()-1) +
+                // " of " + mSize );
+            } else {
                 mLogger.log(ILogger.EV_SYSTEM, ILogger.S_DB, ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_DBS_VL_NULL_RESPONSE"));
             }
             return true;
@@ -546,14 +549,15 @@ public class DBVirtualList<E> implements IDBVirtualList<E> {
         }
     }
 
-    /** Get a page starting at "first" (although we may also fetch
-     * some preceding entries)
-     * Recommend to call getSize() before getElementAt() or getElements() 
-     * since you'd better check if the index is out of bound first.
-     *
+    /**
+     * Get a page starting at "first" (although we may also fetch some preceding
+     * entries) Recommend to call getSize() before getElementAt() or
+     * getElements() since you'd better check if the index is out of bound
+     * first.
+     * 
      * @param first the index of the first entry of the page you want to fetch
      */
-    public  boolean getPage(int first) {
+    public boolean getPage(int first) {
         CMS.debug("getPage " + first);
         if (!mInitialized) {
             LDAPVirtualListControl cont = new LDAPVirtualListControl(0,
@@ -563,116 +567,131 @@ public class DBVirtualList<E> implements IDBVirtualList<E> {
             mPageControls[1] = cont;
         }
 
-        //CMS.debug("about to set range first " + first + " mBeforeCount " + mBeforeCount + " mAfterCount " + mAfterCount);
+        // CMS.debug("about to set range first " + first + " mBeforeCount " +
+        // mBeforeCount + " mAfterCount " + mAfterCount);
         ((LDAPVirtualListControl) mPageControls[1]).setRange(first, mBeforeCount, mAfterCount);
         return getPage();
     }
 
-    /** Fetch a buffer
+    /**
+     * Fetch a buffer
      */
-    private  boolean getPage() {
+    private boolean getPage() {
         // Get the actual entries
         if (!getEntries())
             return false;
 
-            // Check if we have a control returned
+        // Check if we have a control returned
         LDAPControl[] c = mConn.getResponseControls();
         LDAPVirtualListResponse nextCont =
-            LDAPVirtualListResponse.parseResponse(c);
+                LDAPVirtualListResponse.parseResponse(c);
 
         if (nextCont != null) {
             mSelectedIndex = nextCont.getFirstPosition() - 1;
             mTop = Math.max(0, mSelectedIndex - mBeforeCount);
-            //CMS.debug("New mTop: " + mTop + " mSelectedIndex " + mSelectedIndex);
+            // CMS.debug("New mTop: " + mTop + " mSelectedIndex " +
+            // mSelectedIndex);
             // Now we know the total size of the virtual list box
             mSize = nextCont.getContentCount();
             ((LDAPVirtualListControl) mPageControls[1]).setListSize(mSize);
             mInitialized = true;
-            //System.out.println( "Virtual window: " + mTop +
-            //       ".." + (mTop+mEntries.size()-1) +
-            //      " of " + mSize );
+            // System.out.println( "Virtual window: " + mTop +
+            // ".." + (mTop+mEntries.size()-1) +
+            // " of " + mSize );
         } else {
 
-            /*LogDoc
-             *
+            /*
+             * LogDoc
+             * 
              * @phase local ldap search
              */
             mLogger.log(ILogger.EV_SYSTEM, ILogger.S_DB, ILogger.LL_FAILURE,
-                CMS.getLogMessage("CMSCORE_DBS_VL_NULL_RESPONSE"));
+                    CMS.getLogMessage("CMSCORE_DBS_VL_NULL_RESPONSE"));
         }
         return true;
     }
 
-    /** Called by application to scroll the list with initial letters.
-     * Consider text to be an initial substring of the attribute of the
-     * primary sorting key(the first one specified in the sort key array)
-     * of an entry.
-     * If no entries match, the one just before(or after, if none before)
-     * will be returned as mSelectedIndex
-     *
+    /**
+     * Called by application to scroll the list with initial letters. Consider
+     * text to be an initial substring of the attribute of the primary sorting
+     * key(the first one specified in the sort key array) of an entry. If no
+     * entries match, the one just before(or after, if none before) will be
+     * returned as mSelectedIndex
+     * 
      * @param text the prefix of the first entry of the page you want to fetch
      */
     public boolean getPage(String text) {
         mPageControls[1] =
                 new LDAPVirtualListControl(text,
-                    mBeforeCount,
-                    mAfterCount);
-        //System.out.println( "Setting requested start to " +
-        //      text + ", -" + mBeforeCount + ", +" +
-        //      mAfterCount );
+                        mBeforeCount,
+                        mAfterCount);
+        // System.out.println( "Setting requested start to " +
+        // text + ", -" + mBeforeCount + ", +" +
+        // mAfterCount );
         return getPage();
     }
 
-    /** 
-     * fetch data of a single list item
-     * Recommend to call getSize() before getElementAt() or getElements() 
-     * since you'd better check if the index is out of bound first.
-     * If the index is out of range of the virtual list, an exception will be thrown
-     * and return null
-     *
+    /**
+     * fetch data of a single list item Recommend to call getSize() before
+     * getElementAt() or getElements() since you'd better check if the index is
+     * out of bound first. If the index is out of range of the virtual list, an
+     * exception will be thrown and return null
+     * 
      * @param index the index of the element to fetch
      */
     public E getElementAt(int index) {
 
-        /* mSize may not be init at this time! Bad !
-         * the caller should really check the index is within bound before this
-         * but I'll take care of this just in case they are too irresponsible
+        /*
+         * mSize may not be init at this time! Bad ! the caller should really
+         * check the index is within bound before this but I'll take care of
+         * this just in case they are too irresponsible
          */
         int baseJumpTo = 0;
 
         if (!mInitialized)
             mSize = getSize();
 
-        CMS.debug("getElementAt: " + index + " mTop " + mTop); 
-	    
-        //System.out.println( "need entry " + index );
+        CMS.debug("getElementAt: " + index + " mTop " + mTop);
+
+        // System.out.println( "need entry " + index );
         if ((index < 0) || (index >= mSize)) {
             CMS.debug("returning null");
             return null;
         }
 
-        if (mJumpTo != null) {        //Handle the explicit jumpto case
+        if (mJumpTo != null) { // Handle the explicit jumpto case
 
             if (index == 0)
-                mJumpToIndex = 0;      // Keep a running jumpto index for this page of data
+                mJumpToIndex = 0; // Keep a running jumpto index for this page
+                                  // of data
             else
                 mJumpToIndex++;
-         
-                //CMS.debug("getElementAtJT: " + index  +  " mTop " + mTop + " mEntries.size() " + mEntries.size());
- 
-            if ((mJumpToDirection > 0) && (mJumpToInitialIndex + index >= mSize))  // out of data in forward paging jumpto case
+
+            // CMS.debug("getElementAtJT: " + index + " mTop " + mTop +
+            // " mEntries.size() " + mEntries.size());
+
+            if ((mJumpToDirection > 0) && (mJumpToInitialIndex + index >= mSize)) // out
+                                                                                  // of
+                                                                                  // data
+                                                                                  // in
+                                                                                  // forward
+                                                                                  // paging
+                                                                                  // jumpto
+                                                                                  // case
             {
                 CMS.debug("mJumpTo virtual list exhausted   mTop " + mTop + " mSize " + mSize);
                 return null;
             }
-   
-            if (mJumpToIndex >= mEntries.size())   // In jumpto case, page of data has been exhausted
+
+            if (mJumpToIndex >= mEntries.size()) // In jumpto case, page of data
+                                                 // has been exhausted
             {
-                mJumpToIndex = 0;                   // new page will be needed reset running count
+                mJumpToIndex = 0; // new page will be needed reset running count
 
-                if (mJumpToDirection > 0) {                  //proceed in positive direction past hit point
-                    getPage(index + mJumpToInitialIndex + 1); 
-                } else {                                              //proceed backwards from hit point
+                if (mJumpToDirection > 0) { // proceed in positive direction
+                                            // past hit point
+                    getPage(index + mJumpToInitialIndex + 1);
+                } else { // proceed backwards from hit point
                     if (mTop == 0) {
                         getPage(0);
                         CMS.debug("asking for a page less than zero in reverse case, return null");
@@ -681,15 +700,16 @@ public class DBVirtualList<E> implements IDBVirtualList<E> {
 
                     CMS.debug("getting page reverse mJumptoIndex  " + mJumpToIndex + " mTop " + mTop);
                     getPage(mTop);
- 
+
                 }
 
             }
 
-            if (mJumpToDirection > 0)     // handle getting entry in forward direction
+            if (mJumpToDirection > 0) // handle getting entry in forward
+                                      // direction
             {
                 return mEntries.elementAt(mJumpToIndex);
-            } else {                            // handle getting entry in reverse direction
+            } else { // handle getting entry in reverse direction
                 int reverse_index = mEntries.size() - mJumpToIndex - 1;
 
                 CMS.debug("reverse direction getting index " + reverse_index);
@@ -702,21 +722,24 @@ public class DBVirtualList<E> implements IDBVirtualList<E> {
             }
         }
 
-        //CMS.debug("getElementAt noJumpto: " + index);
+        // CMS.debug("getElementAt noJumpto: " + index);
 
-        if ((index < mTop) || (index >= mTop + mEntries.size())) {    // handle the non jumpto case
-            //fetch a new page
-            //System.out.println( "fetching a page starting at " +
-            //        index );
-            //   CMS.debug("getElementAt noJumpto: getting page index: " + index + " mEntries.size() " + mEntries.size() + " mTop: " + mTop);
+        if ((index < mTop) || (index >= mTop + mEntries.size())) { // handle the
+                                                                   // non jumpto
+                                                                   // case
+            // fetch a new page
+            // System.out.println( "fetching a page starting at " +
+            // index );
+            // CMS.debug("getElementAt noJumpto: getting page index: " + index +
+            // " mEntries.size() " + mEntries.size() + " mTop: " + mTop);
             getPage(index);
         }
 
         int offset = index - mTop;
 
         if ((offset < 0) || (offset >= mEntries.size()))
-            //XXX
-            return null; //("No entry at " + index);
+            // XXX
+            return null; // ("No entry at " + index);
         else
             return mEntries.elementAt(offset);
     }
@@ -726,20 +749,21 @@ public class DBVirtualList<E> implements IDBVirtualList<E> {
     }
 
     /**
-     * This function processes elements as soon as it arrives. It is
-     * more memory-efficient. 
+     * This function processes elements as soon as it arrives. It is more
+     * memory-efficient.
      */
     public void processElements(int startidx, int endidx, IElementProcessor ep)
-        throws EBaseException {
+            throws EBaseException {
 
-        /* mSize may not be init at this time! Bad !
-         * the caller should really check the index is within bound before this
-         * but I'll take care of this just in case they are too irresponsible
+        /*
+         * mSize may not be init at this time! Bad ! the caller should really
+         * check the index is within bound before this but I'll take care of
+         * this just in case they are too irresponsible
          */
         if (!mInitialized)
             mSize = getSize();
 
-            // short-cut the existing code ... :(
+        // short-cut the existing code ... :(
         if (mJumpTo != null) {
             for (int i = startidx; i <= endidx; i++) {
                 Object element = getJumpToElementAt(i);
@@ -750,10 +774,10 @@ public class DBVirtualList<E> implements IDBVirtualList<E> {
             return;
         }
 
-        //guess this is what you really mean to try to improve performance
+        // guess this is what you really mean to try to improve performance
         if (startidx >= endidx) {
             throw new EBaseException("startidx must be less than endidx");
-        }else {
+        } else {
             setPageSize(endidx - startidx);
             getPage(startidx);
         }
@@ -766,14 +790,14 @@ public class DBVirtualList<E> implements IDBVirtualList<E> {
         }
     }
 
-    /** 
+    /**
      * get the virutal selected index
      */
     public int getSelectedIndex() {
         return mSelectedIndex;
     }
 
-    /** 
+    /**
      * get the top of the buffer
      */
     public int getFirstIndex() {
diff --git a/pki/base/common/src/com/netscape/cmscore/dbs/DateArrayMapper.java b/pki/base/common/src/com/netscape/cmscore/dbs/DateArrayMapper.java
index b8df1240..d0ea2384 100644
--- a/pki/base/common/src/com/netscape/cmscore/dbs/DateArrayMapper.java
+++ b/pki/base/common/src/com/netscape/cmscore/dbs/DateArrayMapper.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cmscore.dbs;
 
-
 import java.util.Date;
 import java.util.Enumeration;
 import java.util.Vector;
@@ -29,14 +28,12 @@ import com.netscape.certsrv.base.EBaseException;
 import com.netscape.certsrv.dbs.IDBAttrMapper;
 import com.netscape.certsrv.dbs.IDBObj;
 
-
 /**
- * A class represents ann attribute mapper that maps
- * a Java Date array object into LDAP attribute,
- * and vice versa.
- *
+ * A class represents ann attribute mapper that maps a Java Date array object
+ * into LDAP attribute, and vice versa.
+ * 
  * @author thomask
- * @version $Revision$, $Date$ 
+ * @version $Revision$, $Date$
  */
 public class DateArrayMapper implements IDBAttrMapper {
 
@@ -61,9 +58,9 @@ public class DateArrayMapper implements IDBAttrMapper {
     /**
      * Maps object to a set of attributes.
      */
-    public void mapObjectToLDAPAttributeSet(IDBObj parent, 
-        String name, Object obj, LDAPAttributeSet attrs) 
-        throws EBaseException {
+    public void mapObjectToLDAPAttributeSet(IDBObj parent,
+            String name, Object obj, LDAPAttributeSet attrs)
+            throws EBaseException {
         Date dates[] = (Date[]) obj;
 
         if (dates == null)
@@ -77,11 +74,10 @@ public class DateArrayMapper implements IDBAttrMapper {
     }
 
     /**
-     * Maps LDAP attributes into object, and put the object
-     * into 'parent'.
+     * Maps LDAP attributes into object, and put the object into 'parent'.
      */
-    public void mapLDAPAttributeSetToObject(LDAPAttributeSet attrs, 
-        String name, IDBObj parent) throws EBaseException {
+    public void mapLDAPAttributeSetToObject(LDAPAttributeSet attrs,
+            String name, IDBObj parent) throws EBaseException {
         LDAPAttribute attr = attrs.getAttribute(mLdapName);
 
         if (attr == null)
@@ -104,8 +100,8 @@ public class DateArrayMapper implements IDBAttrMapper {
     /**
      * Maps search filters into LDAP search filter.
      */
-    public String mapSearchFilter(String name, String op, 
-        String value) throws EBaseException {
+    public String mapSearchFilter(String name, String op,
+            String value) throws EBaseException {
         return mLdapName + op + value;
     }
 }
diff --git a/pki/base/common/src/com/netscape/cmscore/dbs/DateMapper.java b/pki/base/common/src/com/netscape/cmscore/dbs/DateMapper.java
index d547a445..0094159b 100644
--- a/pki/base/common/src/com/netscape/cmscore/dbs/DateMapper.java
+++ b/pki/base/common/src/com/netscape/cmscore/dbs/DateMapper.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cmscore.dbs;
 
-
 import java.text.ParseException;
 import java.text.SimpleDateFormat;
 import java.util.Date;
@@ -31,12 +30,10 @@ import com.netscape.certsrv.base.EBaseException;
 import com.netscape.certsrv.dbs.IDBAttrMapper;
 import com.netscape.certsrv.dbs.IDBObj;
 
-
 /**
- * A class represents ann attribute mapper that maps
- * a Java Date object into LDAP attribute,
- * and vice versa.
- *
+ * A class represents ann attribute mapper that maps a Java Date object into
+ * LDAP attribute, and vice versa.
+ * 
  * @author thomask
  * @version $Revision$, $Date$
  */
@@ -45,7 +42,7 @@ public class DateMapper implements IDBAttrMapper {
     private String mLdapName = null;
     private Vector v = new Vector();
     private static SimpleDateFormat formatter = new
-        SimpleDateFormat("yyyyMMddHHmmss'Z'");
+            SimpleDateFormat("yyyyMMddHHmmss'Z'");
 
     /**
      * Constructs date mapper.
@@ -66,18 +63,17 @@ public class DateMapper implements IDBAttrMapper {
      * Maps object to ldap attribute set.
      */
     public void mapObjectToLDAPAttributeSet(IDBObj parent,
-        String name, Object obj, LDAPAttributeSet attrs)
-        throws EBaseException {
-        attrs.add(new LDAPAttribute(mLdapName, 
+            String name, Object obj, LDAPAttributeSet attrs)
+            throws EBaseException {
+        attrs.add(new LDAPAttribute(mLdapName,
                 dateToDB((Date) obj)));
     }
 
     /**
-     * Maps LDAP attributes into object, and put the object
-     * into 'parent'.
+     * Maps LDAP attributes into object, and put the object into 'parent'.
      */
     public void mapLDAPAttributeSetToObject(LDAPAttributeSet attrs,
-        String name, IDBObj parent) throws EBaseException {
+            String name, IDBObj parent) throws EBaseException {
         LDAPAttribute attr = attrs.getAttribute(mLdapName);
 
         if (attr == null)
@@ -90,7 +86,7 @@ public class DateMapper implements IDBAttrMapper {
      * Maps search filters into LDAP search filter.
      */
     public String mapSearchFilter(String name, String op,
-        String value) throws EBaseException {
+            String value) throws EBaseException {
         String val = null;
 
         try {
diff --git a/pki/base/common/src/com/netscape/cmscore/dbs/IntegerMapper.java b/pki/base/common/src/com/netscape/cmscore/dbs/IntegerMapper.java
index c5601a9b..2de316c6 100644
--- a/pki/base/common/src/com/netscape/cmscore/dbs/IntegerMapper.java
+++ b/pki/base/common/src/com/netscape/cmscore/dbs/IntegerMapper.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cmscore.dbs;
 
-
 import java.util.Enumeration;
 import java.util.Vector;
 
@@ -28,14 +27,12 @@ import com.netscape.certsrv.base.EBaseException;
 import com.netscape.certsrv.dbs.IDBAttrMapper;
 import com.netscape.certsrv.dbs.IDBObj;
 
-
 /**
- * A class represents ann attribute mapper that maps
- * a Java Integer object into LDAP attribute,
- * and vice versa.
- *
+ * A class represents ann attribute mapper that maps a Java Integer object into
+ * LDAP attribute, and vice versa.
+ * 
  * @author thomask
- * @version $Revision$, $Date$ 
+ * @version $Revision$, $Date$
  */
 public class IntegerMapper implements IDBAttrMapper {
 
@@ -60,19 +57,18 @@ public class IntegerMapper implements IDBAttrMapper {
     /**
      * Maps object to ldap attribute set.
      */
-    public void mapObjectToLDAPAttributeSet(IDBObj parent, 
-        String name, Object obj, LDAPAttributeSet attrs) 
-        throws EBaseException {
-        attrs.add(new LDAPAttribute(mLdapName, 
+    public void mapObjectToLDAPAttributeSet(IDBObj parent,
+            String name, Object obj, LDAPAttributeSet attrs)
+            throws EBaseException {
+        attrs.add(new LDAPAttribute(mLdapName,
                 ((Integer) obj).toString()));
     }
 
     /**
-     * Maps LDAP attributes into object, and put the object
-     * into 'parent'.
+     * Maps LDAP attributes into object, and put the object into 'parent'.
      */
-    public void mapLDAPAttributeSetToObject(LDAPAttributeSet attrs, 
-        String name, IDBObj parent) throws EBaseException {
+    public void mapLDAPAttributeSetToObject(LDAPAttributeSet attrs,
+            String name, IDBObj parent) throws EBaseException {
         LDAPAttribute attr = attrs.getAttribute(mLdapName);
 
         if (attr == null)
@@ -84,8 +80,8 @@ public class IntegerMapper implements IDBAttrMapper {
     /**
      * Maps search filters into LDAP search filter.
      */
-    public String mapSearchFilter(String name, String op, 
-        String value) throws EBaseException {
+    public String mapSearchFilter(String name, String op,
+            String value) throws EBaseException {
         return mLdapName + op + value;
     }
 }
diff --git a/pki/base/common/src/com/netscape/cmscore/dbs/KeyDBSchema.java b/pki/base/common/src/com/netscape/cmscore/dbs/KeyDBSchema.java
index ff776424..e940a530 100644
--- a/pki/base/common/src/com/netscape/cmscore/dbs/KeyDBSchema.java
+++ b/pki/base/common/src/com/netscape/cmscore/dbs/KeyDBSchema.java
@@ -17,14 +17,10 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cmscore.dbs;
 
-
-
-
 /**
- * A class represents a collection of key record 
- * specific schema information.
+ * A class represents a collection of key record specific schema information.
  * <P>
- *
+ * 
  * @author thomask
  * @version $Revision$, $Date$
  */
@@ -43,9 +39,9 @@ public class KeyDBSchema {
     public static final String LDAP_ATTR_KEY_SIZE = "keySize";
     public static final String LDAP_ATTR_ALGORITHM = "algorithm";
     public static final String LDAP_ATTR_STATE = "keyState";
-    public static final String LDAP_ATTR_DATE_OF_RECOVERY = 
-        "dateOfRecovery";
-    public static final String LDAP_ATTR_PUBLIC_KEY_FORMAT = 
-        "publicKeyFormat";
+    public static final String LDAP_ATTR_DATE_OF_RECOVERY =
+            "dateOfRecovery";
+    public static final String LDAP_ATTR_PUBLIC_KEY_FORMAT =
+            "publicKeyFormat";
     public static final String LDAP_ATTR_ARCHIVED_BY = "archivedBy";
 }
diff --git a/pki/base/common/src/com/netscape/cmscore/dbs/KeyRecord.java b/pki/base/common/src/com/netscape/cmscore/dbs/KeyRecord.java
index 2c1265f7..eb16032b 100644
--- a/pki/base/common/src/com/netscape/cmscore/dbs/KeyRecord.java
+++ b/pki/base/common/src/com/netscape/cmscore/dbs/KeyRecord.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cmscore.dbs;
 
-
 import java.math.BigInteger;
 import java.util.Date;
 import java.util.Enumeration;
@@ -29,14 +28,12 @@ import com.netscape.certsrv.dbs.IDBObj;
 import com.netscape.certsrv.dbs.keydb.IKeyRecord;
 import com.netscape.certsrv.dbs.keydb.KeyState;
 
-
 /**
- * A class represents a Key record. It maintains the key
- * life cycle as well as other information about an
- * archived key. Namely, whether a key is inactive because
- * of compromise.
+ * A class represents a Key record. It maintains the key life cycle as well as
+ * other information about an archived key. Namely, whether a key is inactive
+ * because of compromise.
  * <P>
- *
+ * 
  * @author thomask
  * @version $Revision$, $Date$
  */
@@ -82,14 +79,14 @@ public class KeyRecord implements IDBObj, IKeyRecord {
     }
 
     /*
-     *  Constructs key record.
+     * Constructs key record.
      * 
      * @param key key to be archived
      */
-    public KeyRecord(BigInteger serialNo, byte publicData[], 
-        byte privateData[], String owner,
-        String algorithm, String agentId) 
-        throws EBaseException {
+    public KeyRecord(BigInteger serialNo, byte publicData[],
+            byte privateData[], String owner,
+            String algorithm, String agentId)
+            throws EBaseException {
         mSerialNo = serialNo;
         mPublicKey = publicData;
         mPrivateKey = privateData;
@@ -193,10 +190,10 @@ public class KeyRecord implements IDBObj, IKeyRecord {
     }
 
     /**
-     * Retrieves serial number of the key record. Each key record
-     * is uniquely identified by serial number.
+     * Retrieves serial number of the key record. Each key record is uniquely
+     * identified by serial number.
      * <P>
-     *
+     * 
      * @return serial number of this key record
      */
     public BigInteger getSerialNumber() throws EBaseException {
@@ -211,10 +208,9 @@ public class KeyRecord implements IDBObj, IKeyRecord {
     }
 
     /**
-     * Retrieves the key state. This gives key life cycle 
-     * information.
+     * Retrieves the key state. This gives key life cycle information.
      * <P>
-     *
+     * 
      * @return key state
      */
     public KeyState getState() throws EBaseException {
@@ -239,7 +235,7 @@ public class KeyRecord implements IDBObj, IKeyRecord {
     /**
      * Retrieves key.
      * <P>
-     * 	
+     * 
      * @return archived key
      */
     public byte[] getPrivateKeyData() throws EBaseException {
@@ -256,7 +252,7 @@ public class KeyRecord implements IDBObj, IKeyRecord {
     /**
      * Retrieves the key size.
      * <P>
-     *
+     * 
      * @return key size
      */
     public Integer getKeySize() throws EBaseException {
@@ -280,7 +276,7 @@ public class KeyRecord implements IDBObj, IKeyRecord {
     }
 
     /**
-     * Sets owner name.	
+     * Sets owner name.
      * <P>
      */
     public void setOwnerName(String name) throws EBaseException {
@@ -338,8 +334,7 @@ public class KeyRecord implements IDBObj, IKeyRecord {
     }
 
     /**
-     * Retrieves the last modification time of 
-     * this record.
+     * Retrieves the last modification time of this record.
      */
     public Date getModifyTime() {
         return mModifyTime;
diff --git a/pki/base/common/src/com/netscape/cmscore/dbs/KeyRecordList.java b/pki/base/common/src/com/netscape/cmscore/dbs/KeyRecordList.java
index f4882ffc..dd0c88a9 100644
--- a/pki/base/common/src/com/netscape/cmscore/dbs/KeyRecordList.java
+++ b/pki/base/common/src/com/netscape/cmscore/dbs/KeyRecordList.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cmscore.dbs;
 
-
 import java.util.Enumeration;
 import java.util.Vector;
 
@@ -26,11 +25,10 @@ import com.netscape.certsrv.dbs.IDBVirtualList;
 import com.netscape.certsrv.dbs.keydb.IKeyRecord;
 import com.netscape.certsrv.dbs.keydb.IKeyRecordList;
 
-
 /**
  * A class represents a list of key records.
  * <P>
- *
+ * 
  * @author thomask
  * @version $Revision$, $Date$
  */
@@ -46,13 +44,13 @@ public class KeyRecordList implements IKeyRecordList {
     }
 
     /**
-     * Retrieves the size of key list. 
+     * Retrieves the size of key list.
      */
     public int getSize() {
         return mVlist.getSize();
     }
 
-    public  int getSizeBeforeJumpTo() {
+    public int getSizeBeforeJumpTo() {
 
         return mVlist.getSizeBeforeJumpTo();
 
@@ -66,15 +64,17 @@ public class KeyRecordList implements IKeyRecordList {
     public IKeyRecord getKeyRecord(int i) {
         KeyRecord record = (KeyRecord) mVlist.getElementAt(i);
 
-        if (record == null) return null;
+        if (record == null)
+            return null;
+
+        return record;
+    }
 
-        return record; 
-    } 
     /**
      * Retrieves requests.
      */
     public Enumeration getKeyRecords(int startidx, int endidx)
-        throws EBaseException {
+            throws EBaseException {
         Vector entries = new Vector();
 
         for (int i = startidx; i <= endidx; i++) {
diff --git a/pki/base/common/src/com/netscape/cmscore/dbs/KeyRecordMapper.java b/pki/base/common/src/com/netscape/cmscore/dbs/KeyRecordMapper.java
index 1cbd3229..9218abfd 100644
--- a/pki/base/common/src/com/netscape/cmscore/dbs/KeyRecordMapper.java
+++ b/pki/base/common/src/com/netscape/cmscore/dbs/KeyRecordMapper.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cmscore.dbs;
 
-
 import java.math.BigInteger;
 import java.util.Enumeration;
 import java.util.Vector;
@@ -33,14 +32,12 @@ import com.netscape.certsrv.dbs.IDBObj;
 import com.netscape.certsrv.dbs.keydb.IKeyRecord;
 import com.netscape.certsrv.dbs.keydb.IKeyRepository;
 import com.netscape.certsrv.logging.ILogger;
- 
 
 /**
- * A class represents a mapper to serialize 
- * key record into database.
+ * A class represents a mapper to serialize key record into database.
  * <P>
- *
- * @author  thomask
+ * 
+ * @author thomask
  * @version $Revision$, $Date$
  */
 public class KeyRecordMapper implements IDBAttrMapper {
@@ -59,8 +56,8 @@ public class KeyRecordMapper implements IDBAttrMapper {
         return v.elements();
     }
 
-    public void mapObjectToLDAPAttributeSet(IDBObj parent, String name, 
-        Object obj, LDAPAttributeSet attrs) throws EBaseException {
+    public void mapObjectToLDAPAttributeSet(IDBObj parent, String name,
+            Object obj, LDAPAttributeSet attrs) throws EBaseException {
         try {
             KeyRecord rec = (KeyRecord) obj;
 
@@ -68,47 +65,51 @@ public class KeyRecordMapper implements IDBAttrMapper {
                     rec.getSerialNumber().toString()));
         } catch (Exception e) {
 
-            /*LogDoc
-             *
-             * @phase  Maps object to ldap attribute set
+            /*
+             * LogDoc
+             * 
+             * @phase Maps object to ldap attribute set
+             * 
              * @message KeyRecordMapper: <exception thrown>
              */
-            mLogger.log(ILogger.EV_SYSTEM, ILogger.S_DB, ILogger.LL_FAILURE, 
-                CMS.getLogMessage("CMSCORE_DBS_KEYRECORD_MAPPER_ERROR", e.toString()));
+            mLogger.log(ILogger.EV_SYSTEM, ILogger.S_DB, ILogger.LL_FAILURE,
+                    CMS.getLogMessage("CMSCORE_DBS_KEYRECORD_MAPPER_ERROR", e.toString()));
             throw new EDBException(
                     CMS.getUserMessage("CMS_DBS_SERIALIZE_FAILED", name));
         }
     }
 
-    public void mapLDAPAttributeSetToObject(LDAPAttributeSet attrs, 
-        String name, IDBObj parent) throws EBaseException {
-        try {	
+    public void mapLDAPAttributeSetToObject(LDAPAttributeSet attrs,
+            String name, IDBObj parent) throws EBaseException {
+        try {
             LDAPAttribute attr = attrs.getAttribute(
                     KeyDBSchema.LDAP_ATTR_KEY_RECORD_ID);
 
             if (attr == null)
                 return;
             String serialno = (String) attr.getStringValues().nextElement();
-            IKeyRecord rec = mDB.readKeyRecord(new 
+            IKeyRecord rec = mDB.readKeyRecord(new
                     BigInteger(serialno));
 
             parent.set(name, rec);
         } catch (Exception e) {
 
-            /*LogDoc
-             *
-             * @phase  Maps ldap attribute set to object
+            /*
+             * LogDoc
+             * 
+             * @phase Maps ldap attribute set to object
+             * 
              * @message KeyRecordMapper: <exception thrown>
              */
-            mLogger.log(ILogger.EV_SYSTEM, ILogger.S_DB, ILogger.LL_FAILURE, 
-                CMS.getLogMessage("CMSCORE_DBS_KEYRECORD_MAPPER_ERROR", e.toString()));
+            mLogger.log(ILogger.EV_SYSTEM, ILogger.S_DB, ILogger.LL_FAILURE,
+                    CMS.getLogMessage("CMSCORE_DBS_KEYRECORD_MAPPER_ERROR", e.toString()));
             throw new EDBException(
                     CMS.getUserMessage("CMS_DBS_DESERIALIZE_FAILED", name));
         }
     }
 
     public String mapSearchFilter(String name, String op, String value)
-        throws EBaseException {
+            throws EBaseException {
         return name + op + value;
     }
 }
diff --git a/pki/base/common/src/com/netscape/cmscore/dbs/KeyRepository.java b/pki/base/common/src/com/netscape/cmscore/dbs/KeyRepository.java
index f684718c..c1278888 100644
--- a/pki/base/common/src/com/netscape/cmscore/dbs/KeyRepository.java
+++ b/pki/base/common/src/com/netscape/cmscore/dbs/KeyRepository.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cmscore.dbs;
 
-
 import java.math.BigInteger;
 import java.security.PublicKey;
 import java.util.Date;
@@ -39,12 +38,10 @@ import com.netscape.certsrv.dbs.keydb.IKeyRecordList;
 import com.netscape.certsrv.dbs.keydb.IKeyRepository;
 import com.netscape.certsrv.dbs.repository.IRepository;
 
-
 /**
- * A class represents a Key repository. This is the container of
- * archived keys.
+ * A class represents a Key repository. This is the container of archived keys.
  * <P>
- *
+ * 
  * @author thomask
  * @version $Revision$, $Date$
  */
@@ -59,15 +56,15 @@ public class KeyRepository extends Repository implements IKeyRepository {
     private String mBaseDN = null;
 
     /**
-     * Constructs a key repository. It checks if the key repository
-     * does exist. If not, it creates the repository.
+     * Constructs a key repository. It checks if the key repository does exist.
+     * If not, it creates the repository.
      * <P>
-     *
+     * 
      * @param service db service
      * @exception EBaseException failed to setup key repository
      */
     public KeyRepository(IDBSubsystem service, int increment, String baseDN)
-        throws EDBException {
+            throws EDBException {
         super(service, increment, baseDN);
         mBaseDN = baseDN;
         mDBService = service;
@@ -81,55 +78,55 @@ public class KeyRepository extends Repository implements IKeyRepository {
 
         if (!reg.isObjectClassRegistered(KeyRecord.class.getName())) {
             reg.registerObjectClass(KeyRecord.class.getName(),
-                keyRecordOC);
+                    keyRecordOC);
         }
         if (!reg.isAttributeRegistered(KeyRecord.ATTR_ID)) {
             reg.registerAttribute(KeyRecord.ATTR_ID, new
-                BigIntegerMapper(KeyDBSchema.LDAP_ATTR_SERIALNO));
+                    BigIntegerMapper(KeyDBSchema.LDAP_ATTR_SERIALNO));
         }
         if (!reg.isAttributeRegistered(KeyRecord.ATTR_ALGORITHM)) {
             reg.registerAttribute(KeyRecord.ATTR_ALGORITHM, new
-                StringMapper(KeyDBSchema.LDAP_ATTR_ALGORITHM));
+                    StringMapper(KeyDBSchema.LDAP_ATTR_ALGORITHM));
         }
         if (!reg.isAttributeRegistered(KeyRecord.ATTR_STATE)) {
             reg.registerAttribute(KeyRecord.ATTR_STATE, new
-                KeyStateMapper(KeyDBSchema.LDAP_ATTR_STATE));
+                    KeyStateMapper(KeyDBSchema.LDAP_ATTR_STATE));
         }
         if (!reg.isAttributeRegistered(KeyRecord.ATTR_KEY_SIZE)) {
             reg.registerAttribute(KeyRecord.ATTR_KEY_SIZE, new
-                IntegerMapper(KeyDBSchema.LDAP_ATTR_KEY_SIZE));
+                    IntegerMapper(KeyDBSchema.LDAP_ATTR_KEY_SIZE));
         }
         if (!reg.isAttributeRegistered(KeyRecord.ATTR_OWNER_NAME)) {
             reg.registerAttribute(KeyRecord.ATTR_OWNER_NAME, new
-                StringMapper(KeyDBSchema.LDAP_ATTR_OWNER_NAME));
+                    StringMapper(KeyDBSchema.LDAP_ATTR_OWNER_NAME));
         }
         if (!reg.isAttributeRegistered(KeyRecord.ATTR_PRIVATE_KEY_DATA)) {
             reg.registerAttribute(KeyRecord.ATTR_PRIVATE_KEY_DATA, new
-                ByteArrayMapper(KeyDBSchema.LDAP_ATTR_PRIVATE_KEY_DATA));
+                    ByteArrayMapper(KeyDBSchema.LDAP_ATTR_PRIVATE_KEY_DATA));
         }
         if (!reg.isAttributeRegistered(KeyRecord.ATTR_PUBLIC_KEY_DATA)) {
             reg.registerAttribute(KeyRecord.ATTR_PUBLIC_KEY_DATA, new
-                PublicKeyMapper(KeyDBSchema.LDAP_ATTR_PUBLIC_KEY_DATA));
+                    PublicKeyMapper(KeyDBSchema.LDAP_ATTR_PUBLIC_KEY_DATA));
         }
         if (!reg.isAttributeRegistered(KeyRecord.ATTR_DATE_OF_RECOVERY)) {
             reg.registerAttribute(KeyRecord.ATTR_DATE_OF_RECOVERY, new
-                DateArrayMapper(KeyDBSchema.LDAP_ATTR_DATE_OF_RECOVERY));
+                    DateArrayMapper(KeyDBSchema.LDAP_ATTR_DATE_OF_RECOVERY));
         }
         if (!reg.isAttributeRegistered(KeyRecord.ATTR_CREATE_TIME)) {
             reg.registerAttribute(KeyRecord.ATTR_CREATE_TIME, new
-                DateMapper(KeyDBSchema.LDAP_ATTR_CREATE_TIME));
+                    DateMapper(KeyDBSchema.LDAP_ATTR_CREATE_TIME));
         }
         if (!reg.isAttributeRegistered(KeyRecord.ATTR_MODIFY_TIME)) {
             reg.registerAttribute(KeyRecord.ATTR_MODIFY_TIME, new
-                DateMapper(KeyDBSchema.LDAP_ATTR_MODIFY_TIME));
+                    DateMapper(KeyDBSchema.LDAP_ATTR_MODIFY_TIME));
         }
         if (!reg.isAttributeRegistered(KeyRecord.ATTR_META_INFO)) {
             reg.registerAttribute(KeyRecord.ATTR_META_INFO, new
-                MetaInfoMapper(KeyDBSchema.LDAP_ATTR_META_INFO));
+                    MetaInfoMapper(KeyDBSchema.LDAP_ATTR_META_INFO));
         }
         if (!reg.isAttributeRegistered(KeyRecord.ATTR_ARCHIVED_BY)) {
             reg.registerAttribute(KeyRecord.ATTR_ARCHIVED_BY, new
-                StringMapper(KeyDBSchema.LDAP_ATTR_ARCHIVED_BY));
+                    StringMapper(KeyDBSchema.LDAP_ATTR_ARCHIVED_BY));
         }
     }
 
@@ -147,7 +144,7 @@ public class KeyRepository extends Repository implements IKeyRepository {
         CMS.debug("In setKeyStatusUpdateInterval  mKeyStatusUpdateThread " + mKeyStatusUpdateThread);
         if (mKeyStatusUpdateThread == null) {
             CMS.debug("In setKeyStatusUpdateInterval about to create KeyStatusUpdateThread ");
-            mKeyStatusUpdateThread = new KeyStatusUpdateThread(this, requestRepo,  "KeyStatusUpdateThread");
+            mKeyStatusUpdateThread = new KeyStatusUpdateThread(this, requestRepo, "KeyStatusUpdateThread");
             mKeyStatusUpdateThread.setInterval(interval);
             mKeyStatusUpdateThread.start();
         } else {
@@ -171,15 +168,14 @@ public class KeyRepository extends Repository implements IKeyRepository {
     /**
      * Removes all objects with this repository.
      */
-    public void removeAllObjects() throws EBaseException
-    {
+    public void removeAllObjects() throws EBaseException {
         String filter = "(" + KeyRecord.ATTR_OWNER_NAME + "=*" + ")";
         IKeyRecordList list = findKeyRecordsInList(filter,
                     null, "serialno", 10);
         int size = list.getSize();
         Enumeration<IKeyRecord> e = list.getKeyRecords(0, size - 1);
         while (e.hasMoreElements()) {
-            IKeyRecord rec =  e.nextElement();
+            IKeyRecord rec = e.nextElement();
             deleteKeyRecord(rec.getSerialNumber());
         }
     }
@@ -187,7 +183,7 @@ public class KeyRepository extends Repository implements IKeyRepository {
     /**
      * Archives a key to the repository.
      * <P>
-     *
+     * 
      * @param record key record
      * @exception EBaseException failed to archive key
      */
@@ -196,34 +192,38 @@ public class KeyRepository extends Repository implements IKeyRepository {
 
         try {
             String name = "cn" + "=" +
-                ((KeyRecord) record).getSerialNumber().toString() + "," + getDN();
+                    ((KeyRecord) record).getSerialNumber().toString() + "," + getDN();
 
-            if (s != null) s.add(name, (KeyRecord) record);
-        } finally { 
-            if (s != null) s.close();
+            if (s != null)
+                s.add(name, (KeyRecord) record);
+        } finally {
+            if (s != null)
+                s.close();
         }
     }
 
     /**
      * Recovers an archived key by serial number.
      * <P>
-     *
+     * 
      * @param serialNo serial number
      * @return key record
      * @exception EBaseException failed to recover key
      */
     public IKeyRecord readKeyRecord(BigInteger serialNo)
-        throws EBaseException {
+            throws EBaseException {
         IDBSSession s = mDBService.createSession();
         KeyRecord rec = null;
 
         try {
             String name = "cn" + "=" +
-                serialNo.toString() + "," + getDN();
+                    serialNo.toString() + "," + getDN();
 
-            if (s != null) rec = (KeyRecord) s.read(name);
-        } finally { 
-            if (s != null) s.close();
+            if (s != null)
+                rec = (KeyRecord) s.read(name);
+        } finally {
+            if (s != null)
+                s.close();
         }
         return rec;
     }
@@ -231,26 +231,27 @@ public class KeyRepository extends Repository implements IKeyRepository {
     /**
      * Recovers an archived key by owner name.
      * <P>
-     *
+     * 
      * @param ownerName owner name
      * @return key record
      * @exception EBaseException failed to recover key
      */
     public IKeyRecord readKeyRecord(X500Name ownerName)
-        throws EBaseException {
+            throws EBaseException {
         IDBSSession s = mDBService.createSession();
         KeyRecord keyRec = null;
 
         try {
             if (ownerName != null) {
                 String filter = "(" + KeyRecord.ATTR_OWNER_NAME + "=" +
-                    ownerName.toString() + ")";
+                        ownerName.toString() + ")";
                 IDBSearchResults res = s.search(getDN(), filter);
 
                 keyRec = (KeyRecord) res.nextElement();
-            } 
-        } finally { 
-            if (s != null) s.close();
+            }
+        } finally {
+            if (s != null)
+                s.close();
         }
         return keyRec;
     }
@@ -259,7 +260,7 @@ public class KeyRepository extends Repository implements IKeyRepository {
      * Recovers archived key using public key.
      */
     public IKeyRecord readKeyRecord(PublicKey publicKey)
-        throws EBaseException {
+            throws EBaseException {
         // XXX - setup binary search attributes
         byte data[] = publicKey.getEncoded();
 
@@ -270,39 +271,40 @@ public class KeyRepository extends Repository implements IKeyRepository {
 
         try {
             String filter = "(" + KeyRecord.ATTR_PUBLIC_KEY_DATA + "=" +
-                escapeBinaryData(data) + ")";
-            if( s != null ) {
+                    escapeBinaryData(data) + ")";
+            if (s != null) {
                 IDBSearchResults res = s.search(getDN(), filter);
 
                 rec = (KeyRecord) res.nextElement();
             }
-        } finally { 
-            if (s != null) s.close();
+        } finally {
+            if (s != null)
+                s.close();
         }
         return rec;
     }
 
-
     /**
      * Recovers archived key using b64 encoded cert
      */
     public IKeyRecord readKeyRecord(String cert)
-        throws EBaseException {
+            throws EBaseException {
 
         IDBSSession s = mDBService.createSession();
         KeyRecord rec = null;
 
         try {
-            String filter = "(publicKey=x509cert#\"" +cert+"\")";
-CMS.debug("filter= " + filter);
+            String filter = "(publicKey=x509cert#\"" + cert + "\")";
+            CMS.debug("filter= " + filter);
 
-            if( s != null ) {
+            if (s != null) {
                 IDBSearchResults res = s.search(getDN(), filter);
 
                 rec = (KeyRecord) res.nextElement();
             }
-        } finally { 
-            if (s != null) s.close();
+        } finally {
+            if (s != null)
+                s.close();
         }
         return rec;
     }
@@ -311,32 +313,36 @@ CMS.debug("filter= " + filter);
      * Modifies key record.
      */
     public void modifyKeyRecord(BigInteger serialNo, ModificationSet mods)
-        throws EBaseException {
+            throws EBaseException {
         IDBSSession s = mDBService.createSession();
 
         try {
             String name = "cn" + "=" +
-                serialNo.toString() + "," + getDN();
+                    serialNo.toString() + "," + getDN();
 
             mods.add(KeyRecord.ATTR_MODIFY_TIME, Modification.MOD_REPLACE,
-                new Date());
-            if (s != null) s.modify(name, mods);
-        } finally { 
-            if (s != null) s.close();
+                    new Date());
+            if (s != null)
+                s.modify(name, mods);
+        } finally {
+            if (s != null)
+                s.close();
         }
     }
 
     public void deleteKeyRecord(BigInteger serialNo)
-        throws EBaseException {
+            throws EBaseException {
         IDBSSession s = mDBService.createSession();
 
         try {
             String name = "cn" + "=" +
-                serialNo.toString() + "," + getDN();
+                    serialNo.toString() + "," + getDN();
 
-            if (s != null) s.delete(name);
-        } finally { 
-            if (s != null) s.close();
+            if (s != null)
+                s.delete(name);
+        } finally {
+            if (s != null)
+                s.close();
         }
     }
 
@@ -353,7 +359,7 @@ CMS.debug("filter= " + filter);
     }
 
     public Enumeration<Object> searchKeys(String filter, int maxSize)
-        throws EBaseException {
+            throws EBaseException {
         IDBSSession s = mDBService.createSession();
         Enumeration<Object> e = null;
 
@@ -367,7 +373,7 @@ CMS.debug("filter= " + filter);
     }
 
     public Enumeration<Object> searchKeys(String filter, int maxSize, int timeLimit)
-        throws EBaseException {
+            throws EBaseException {
         IDBSSession s = mDBService.createSession();
         Enumeration<Object> e = null;
 
@@ -384,14 +390,14 @@ CMS.debug("filter= " + filter);
      * Retrieves key record list.
      */
     public IKeyRecordList findKeyRecordsInList(String filter,
-        String attrs[], int pageSize) throws EBaseException {
+            String attrs[], int pageSize) throws EBaseException {
         return findKeyRecordsInList(filter, attrs, IKeyRecord.ATTR_ID,
-                pageSize); 
+                pageSize);
     }
 
     public IKeyRecordList findKeyRecordsInList(String filter,
-        String attrs[], String sortKey, int pageSize) 
-        throws EBaseException {
+            String attrs[], String sortKey, int pageSize)
+            throws EBaseException {
         IDBSSession s = mDBService.createSession();
         IKeyRecordList list = null;
 
@@ -399,18 +405,19 @@ CMS.debug("filter= " + filter);
             if (s != null) {
                 list = new KeyRecordList(
                         s.createVirtualList(getDN(), "(&(objectclass=" +
-                            KeyRecord.class.getName() + ")" + filter + ")",
-                            attrs, sortKey, pageSize));
+                                KeyRecord.class.getName() + ")" + filter + ")",
+                                attrs, sortKey, pageSize));
             }
-        } finally { 
-            if (s != null) s.close();
+        } finally {
+            if (s != null)
+                s.close();
         }
         return list;
     }
 
     public IKeyRecordList findKeyRecordsInList(String filter,
-        String attrs[],String jumpTo, String sortKey, int pageSize)
-        throws EBaseException {
+            String attrs[], String jumpTo, String sortKey, int pageSize)
+            throws EBaseException {
         IDBSSession s = mDBService.createSession();
         IKeyRecordList list = null;
 
@@ -419,92 +426,91 @@ CMS.debug("filter= " + filter);
         String jumpToVal = null;
 
         if (len > 9) {
-                jumpToVal = Integer.toString(len) + jumpTo;
-            } else {
-                jumpToVal = "0" + Integer.toString(len) + jumpTo;
+            jumpToVal = Integer.toString(len) + jumpTo;
+        } else {
+            jumpToVal = "0" + Integer.toString(len) + jumpTo;
         }
 
         try {
             if (s != null) {
                 list = new KeyRecordList(
                         s.createVirtualList(getDN(), "(&(objectclass=" +
-                            KeyRecord.class.getName() + ")" + filter + ")",
-                            attrs,jumpToVal, sortKey, pageSize));
+                                KeyRecord.class.getName() + ")" + filter + ")",
+                                attrs, jumpToVal, sortKey, pageSize));
             }
         } finally {
-            if (s != null) s.close();
+            if (s != null)
+                s.close();
         }
         return list;
     }
 
-    public BigInteger getLastSerialNumberInRange(BigInteger  serial_low_bound, BigInteger serial_upper_bound) throws
-       EBaseException {
+    public BigInteger getLastSerialNumberInRange(BigInteger serial_low_bound, BigInteger serial_upper_bound) throws
+            EBaseException {
 
-          CMS.debug("KeyRepository:  in getLastSerialNumberInRange: low " + serial_low_bound + " high " + serial_upper_bound);
+        CMS.debug("KeyRepository:  in getLastSerialNumberInRange: low " + serial_low_bound + " high " + serial_upper_bound);
 
-          if(serial_low_bound == null || serial_upper_bound == null || serial_low_bound.compareTo(serial_upper_bound) >= 0)
-          {
-              return null;
-          }
+        if (serial_low_bound == null || serial_upper_bound == null || serial_low_bound.compareTo(serial_upper_bound) >= 0) {
+            return null;
+        }
 
-          String ldapfilter = "(" + "serialno" + "=*" + ")";
-          String[] attrs = null;
+        String ldapfilter = "(" + "serialno" + "=*" + ")";
+        String[] attrs = null;
 
-          KeyRecordList recList = (KeyRecordList) findKeyRecordsInList(ldapfilter,attrs,serial_upper_bound.toString(10),"serialno", 5 * -1);
+        KeyRecordList recList = (KeyRecordList) findKeyRecordsInList(ldapfilter, attrs, serial_upper_bound.toString(10), "serialno", 5 * -1);
 
-          int size = recList.getSize();
+        int size = recList.getSize();
 
-          CMS.debug("KeyRepository: getLastSerialNumberInRange: recList size " + size);
+        CMS.debug("KeyRepository: getLastSerialNumberInRange: recList size " + size);
 
-          if (size <= 0) {
-              CMS.debug("KeyRepository: getLastSerialNumberInRange: index may be empty");
+        if (size <= 0) {
+            CMS.debug("KeyRepository: getLastSerialNumberInRange: index may be empty");
 
-              BigInteger ret = new BigInteger(serial_low_bound.toString(10));
+            BigInteger ret = new BigInteger(serial_low_bound.toString(10));
 
-              ret = ret.add(new BigInteger("-1"));
+            ret = ret.add(new BigInteger("-1"));
 
-              CMS.debug("KeyRepository: getLastSerialNumberInRange returning: " +  ret );
-              return ret;
-          }
-          int ltSize = recList.getSizeBeforeJumpTo();
+            CMS.debug("KeyRepository: getLastSerialNumberInRange returning: " + ret);
+            return ret;
+        }
+        int ltSize = recList.getSizeBeforeJumpTo();
 
-          CMS.debug("KeyRepository:getLastSerialNumberInRange: ltSize " + ltSize);
+        CMS.debug("KeyRepository:getLastSerialNumberInRange: ltSize " + ltSize);
 
-          int i;
-          KeyRecord curRec = null;
+        int i;
+        KeyRecord curRec = null;
 
-          for (i = 0; i < 5; i++) {
-              curRec = (KeyRecord) recList.getKeyRecord(i);
+        for (i = 0; i < 5; i++) {
+            curRec = (KeyRecord) recList.getKeyRecord(i);
 
-              if (curRec != null) {
+            if (curRec != null) {
 
-                  BigInteger serial = curRec.getSerialNumber();
+                BigInteger serial = curRec.getSerialNumber();
 
-                  CMS.debug("KeyRepository:  getLastCertRecordSerialNo:  serialno  " + serial);
+                CMS.debug("KeyRepository:  getLastCertRecordSerialNo:  serialno  " + serial);
 
-                  if(  ((serial.compareTo(serial_low_bound) == 0) || (serial.compareTo(serial_low_bound) == 1) ) &&
-                       ((serial.compareTo(serial_upper_bound) == 0) || (serial.compareTo(serial_upper_bound) == -1) ))
-                  {
-                      CMS.debug("KeyRepository: getLastSerialNumberInRange returning: " + serial);
-                      return serial;
-                  }
-              } else {
-                  CMS.debug("KeyRepository:  getLastSerialNumberInRange:found null from getCertRecord");
-              }
-          }
+                if (((serial.compareTo(serial_low_bound) == 0) || (serial.compareTo(serial_low_bound) == 1)) &&
+                        ((serial.compareTo(serial_upper_bound) == 0) || (serial.compareTo(serial_upper_bound) == -1))) {
+                    CMS.debug("KeyRepository: getLastSerialNumberInRange returning: " + serial);
+                    return serial;
+                }
+            } else {
+                CMS.debug("KeyRepository:  getLastSerialNumberInRange:found null from getCertRecord");
+            }
+        }
 
-          BigInteger ret = new BigInteger(serial_low_bound.toString(10));
+        BigInteger ret = new BigInteger(serial_low_bound.toString(10));
 
-          ret = ret.add(new BigInteger("-1"));
+        ret = ret.add(new BigInteger("-1"));
 
-          CMS.debug("KeyRepository: getLastSerialNumberInRange returning: " +  ret );
-          return ret ;
+        CMS.debug("KeyRepository: getLastSerialNumberInRange returning: " + ret);
+        return ret;
 
     }
 
     public void shutdown() {
-        //if (mKeyStatusUpdateThread != null) 
-        //        mKeyStatusUpdateThread.destroy();
+        // if (mKeyStatusUpdateThread != null)
+        // mKeyStatusUpdateThread.destroy();
     }
 
 }
@@ -538,7 +544,7 @@ class KeyStatusUpdateThread extends Thread {
                     CMS.debug("Starting key checkRanges");
                     _kr.checkRanges();
                     CMS.debug("key checkRanges done");
- 
+
                     CMS.debug("Starting request checkRanges");
                     _rr.checkRanges();
                     CMS.debug("request checkRanges done");
@@ -553,5 +559,3 @@ class KeyStatusUpdateThread extends Thread {
         }
     }
 }
-
-
diff --git a/pki/base/common/src/com/netscape/cmscore/dbs/KeyStateMapper.java b/pki/base/common/src/com/netscape/cmscore/dbs/KeyStateMapper.java
index 7f13c8ed..3da1c795 100644
--- a/pki/base/common/src/com/netscape/cmscore/dbs/KeyStateMapper.java
+++ b/pki/base/common/src/com/netscape/cmscore/dbs/KeyStateMapper.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cmscore.dbs;
 
-
 import java.util.Enumeration;
 import java.util.Vector;
 
@@ -29,13 +28,12 @@ import com.netscape.certsrv.dbs.IDBAttrMapper;
 import com.netscape.certsrv.dbs.IDBObj;
 import com.netscape.certsrv.dbs.keydb.KeyState;
 
-
 /**
  * A class represents a key state mapper.
  * <P>
- *
+ * 
  * @author thomask
- * @version $Revision$, $Date$ 
+ * @version $Revision$, $Date$
  */
 public class KeyStateMapper implements IDBAttrMapper {
 
@@ -52,19 +50,18 @@ public class KeyStateMapper implements IDBAttrMapper {
         return v.elements();
     }
 
-    public void mapObjectToLDAPAttributeSet(IDBObj parent, 
-        String name, Object obj, LDAPAttributeSet attrs) 
-        throws EBaseException {
-        attrs.add(new LDAPAttribute(mLdapName, 
+    public void mapObjectToLDAPAttributeSet(IDBObj parent,
+            String name, Object obj, LDAPAttributeSet attrs)
+            throws EBaseException {
+        attrs.add(new LDAPAttribute(mLdapName,
                 ((KeyState) obj).toString()));
     }
 
     /**
-     * Maps LDAP attributes into object, and put the object
-     * into 'parent'.
+     * Maps LDAP attributes into object, and put the object into 'parent'.
      */
-    public void mapLDAPAttributeSetToObject(LDAPAttributeSet attrs, 
-        String name, IDBObj parent) throws EBaseException {
+    public void mapLDAPAttributeSetToObject(LDAPAttributeSet attrs,
+            String name, IDBObj parent) throws EBaseException {
         LDAPAttribute attr = attrs.getAttribute(mLdapName);
 
         if (attr == null) {
@@ -77,8 +74,8 @@ public class KeyStateMapper implements IDBAttrMapper {
     /**
      * Maps search filters into LDAP search filter.
      */
-    public String mapSearchFilter(String name, String op, 
-        String value) throws EBaseException {
+    public String mapSearchFilter(String name, String op,
+            String value) throws EBaseException {
         return mLdapName + op + value;
     }
 }
diff --git a/pki/base/common/src/com/netscape/cmscore/dbs/LdapFilterConverter.java b/pki/base/common/src/com/netscape/cmscore/dbs/LdapFilterConverter.java
index 909bf47e..1b7b9381 100644
--- a/pki/base/common/src/com/netscape/cmscore/dbs/LdapFilterConverter.java
+++ b/pki/base/common/src/com/netscape/cmscore/dbs/LdapFilterConverter.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cmscore.dbs;
 
-
 import java.util.Hashtable;
 
 import com.netscape.certsrv.base.AttributeNameHelper;
@@ -25,14 +24,12 @@ import com.netscape.certsrv.base.EBaseException;
 import com.netscape.certsrv.dbs.IDBAttrMapper;
 import com.netscape.certsrv.dbs.IFilterConverter;
 
-
 /**
- * A class represents a filter converter
- * that understands how to convert a attribute
- * type from one defintion to another.
+ * A class represents a filter converter that understands how to convert a
+ * attribute type from one defintion to another.
  * 
  * @author thomask
- * @version $Revision$, $Date$ 
+ * @version $Revision$, $Date$
  */
 public class LdapFilterConverter implements IFilterConverter {
 
diff --git a/pki/base/common/src/com/netscape/cmscore/dbs/LongMapper.java b/pki/base/common/src/com/netscape/cmscore/dbs/LongMapper.java
index cdd9aeb7..a97f2703 100644
--- a/pki/base/common/src/com/netscape/cmscore/dbs/LongMapper.java
+++ b/pki/base/common/src/com/netscape/cmscore/dbs/LongMapper.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cmscore.dbs;
 
-
 import java.util.Enumeration;
 import java.util.Vector;
 
@@ -28,14 +27,12 @@ import com.netscape.certsrv.base.EBaseException;
 import com.netscape.certsrv.dbs.IDBAttrMapper;
 import com.netscape.certsrv.dbs.IDBObj;
 
-
 /**
- * A class represents ann attribute mapper that maps
- * a Java Long object into LDAP attribute,
- * and vice versa.
- *
+ * A class represents ann attribute mapper that maps a Java Long object into
+ * LDAP attribute, and vice versa.
+ * 
  * @author thomask
- * @version $Revision$, $Date$ 
+ * @version $Revision$, $Date$
  */
 public class LongMapper implements IDBAttrMapper {
 
@@ -60,19 +57,18 @@ public class LongMapper implements IDBAttrMapper {
     /**
      * Maps object into ldap attribute set.
      */
-    public void mapObjectToLDAPAttributeSet(IDBObj parent, 
-        String name, Object obj, LDAPAttributeSet attrs) 
-        throws EBaseException {
-        attrs.add(new LDAPAttribute(mLdapName, 
+    public void mapObjectToLDAPAttributeSet(IDBObj parent,
+            String name, Object obj, LDAPAttributeSet attrs)
+            throws EBaseException {
+        attrs.add(new LDAPAttribute(mLdapName,
                 LongToDB((Long) obj)));
     }
 
     /**
-     * Maps LDAP attributes into object, and put the object
-     * into 'parent'.
+     * Maps LDAP attributes into object, and put the object into 'parent'.
      */
-    public void mapLDAPAttributeSetToObject(LDAPAttributeSet attrs, 
-        String name, IDBObj parent) throws EBaseException {
+    public void mapLDAPAttributeSetToObject(LDAPAttributeSet attrs,
+            String name, IDBObj parent) throws EBaseException {
         LDAPAttribute attr = attrs.getAttribute(mLdapName);
 
         if (attr == null)
@@ -84,8 +80,8 @@ public class LongMapper implements IDBAttrMapper {
     /**
      * Maps search filters into LDAP search filter.
      */
-    public String mapSearchFilter(String name, String op, 
-        String value) throws EBaseException {
+    public String mapSearchFilter(String name, String op,
+            String value) throws EBaseException {
         String v = null;
 
         try {
diff --git a/pki/base/common/src/com/netscape/cmscore/dbs/MetaInfoMapper.java b/pki/base/common/src/com/netscape/cmscore/dbs/MetaInfoMapper.java
index 605e2fad..8cd0656e 100644
--- a/pki/base/common/src/com/netscape/cmscore/dbs/MetaInfoMapper.java
+++ b/pki/base/common/src/com/netscape/cmscore/dbs/MetaInfoMapper.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cmscore.dbs;
 
-
 import java.util.Enumeration;
 import java.util.StringTokenizer;
 import java.util.Vector;
@@ -30,20 +29,19 @@ import com.netscape.certsrv.base.MetaInfo;
 import com.netscape.certsrv.dbs.IDBAttrMapper;
 import com.netscape.certsrv.dbs.IDBObj;
 
-
 /**
- * A class represent mapper for metainfo attribute. Metainfo
- * is in format of the following:
- *
+ * A class represent mapper for metainfo attribute. Metainfo is in format of the
+ * following:
+ * 
  * <PRE>
  * metaInfoType:metaInfoValue
  * metaInfoType:metaInfoValue
  * metaInfoType:metaInfoValue
  * metaInfoType:metaInfoValue
  * </PRE>
- *
+ * 
  * @author thomask
- * @version $Revision$, $Date$ 
+ * @version $Revision$, $Date$
  */
 public class MetaInfoMapper implements IDBAttrMapper {
 
@@ -71,8 +69,8 @@ public class MetaInfoMapper implements IDBAttrMapper {
      * Maps object into ldap attribute set.
      */
     public void mapObjectToLDAPAttributeSet(IDBObj parent,
-        String name, Object obj, LDAPAttributeSet attrs)
-        throws EBaseException {
+            String name, Object obj, LDAPAttributeSet attrs)
+            throws EBaseException {
         MetaInfo info = (MetaInfo) obj;
         Enumeration e = info.getElements();
 
@@ -92,11 +90,10 @@ public class MetaInfoMapper implements IDBAttrMapper {
     }
 
     /**
-     * Maps LDAP attributes into object, and put the object into
-     * 'parent'.
+     * Maps LDAP attributes into object, and put the object into 'parent'.
      */
     public void mapLDAPAttributeSetToObject(LDAPAttributeSet attrs,
-        String name, IDBObj parent) throws EBaseException {
+            String name, IDBObj parent) throws EBaseException {
         LDAPAttribute attr = attrs.getAttribute(mLdapName);
 
         if (attr == null)
@@ -114,12 +111,11 @@ public class MetaInfoMapper implements IDBAttrMapper {
     }
 
     /**
-     * Map search filters into LDAP search filter.
-     * Possible search filter:
+     * Map search filters into LDAP search filter. Possible search filter:
      * (&(metaInfo=reserver0:value0)(metaInfo=reserved1:value1))
      */
     public String mapSearchFilter(String name, String op,
-        String value) throws EBaseException {
+            String value) throws EBaseException {
         return mLdapName + op + value;
     }
 }
diff --git a/pki/base/common/src/com/netscape/cmscore/dbs/ObjectStreamMapper.java b/pki/base/common/src/com/netscape/cmscore/dbs/ObjectStreamMapper.java
index 46979715..f0aa6936 100644
--- a/pki/base/common/src/com/netscape/cmscore/dbs/ObjectStreamMapper.java
+++ b/pki/base/common/src/com/netscape/cmscore/dbs/ObjectStreamMapper.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cmscore.dbs;
 
-
 import java.io.ByteArrayInputStream;
 import java.io.ByteArrayOutputStream;
 import java.io.IOException;
@@ -35,15 +34,13 @@ import com.netscape.certsrv.dbs.EDBException;
 import com.netscape.certsrv.dbs.IDBAttrMapper;
 import com.netscape.certsrv.dbs.IDBObj;
 import com.netscape.certsrv.logging.ILogger;
- 
 
 /**
- * A class represents ann attribute mapper that maps
- * a Java object into LDAP attribute,
- * and vice versa.
- *
+ * A class represents ann attribute mapper that maps a Java object into LDAP
+ * attribute, and vice versa.
+ * 
  * @author thomask
- * @version $Revision$, $Date$ 
+ * @version $Revision$, $Date$
  */
 public class ObjectStreamMapper implements IDBAttrMapper {
 
@@ -69,9 +66,9 @@ public class ObjectStreamMapper implements IDBAttrMapper {
     /**
      * Maps object to ldap attribute set.
      */
-    public void mapObjectToLDAPAttributeSet(IDBObj parent, String name, 
-        Object obj, LDAPAttributeSet attrs) 	
-        throws EBaseException {
+    public void mapObjectToLDAPAttributeSet(IDBObj parent, String name,
+            Object obj, LDAPAttributeSet attrs)
+            throws EBaseException {
         try {
             ByteArrayOutputStream bos = new ByteArrayOutputStream();
             ObjectOutputStream os = new ObjectOutputStream(bos);
@@ -79,35 +76,36 @@ public class ObjectStreamMapper implements IDBAttrMapper {
             os.writeObject(obj);
             byte data[] = bos.toByteArray();
             if (data == null) {
-               CMS.debug("ObjectStreamMapper:mapObjectToLDAPAttributeSet " +
+                CMS.debug("ObjectStreamMapper:mapObjectToLDAPAttributeSet " +
                            name + " size=0");
             } else {
-               CMS.debug("ObjectStreamMapper:mapObjectToLDAPAttributeSet " +
+                CMS.debug("ObjectStreamMapper:mapObjectToLDAPAttributeSet " +
                            name + " size=" + data.length);
             }
-            attrs.add(new LDAPAttribute(mLdapName, 
+            attrs.add(new LDAPAttribute(mLdapName,
                     data));
         } catch (IOException e) {
 
-            /*LogDoc
-             *
+            /*
+             * LogDoc
+             * 
              * @phase Maps object to ldap attribute set
+             * 
              * @message ObjectStreamMapper: <exception thrown>
              */
-            mLogger.log(ILogger.EV_SYSTEM, ILogger.S_DB, ILogger.LL_FAILURE, 
-                CMS.getLogMessage("CMSCORE_DBS_OBJECTSTREAM_MAPPER_ERROR",
-                    e.toString()));
+            mLogger.log(ILogger.EV_SYSTEM, ILogger.S_DB, ILogger.LL_FAILURE,
+                    CMS.getLogMessage("CMSCORE_DBS_OBJECTSTREAM_MAPPER_ERROR",
+                            e.toString()));
             throw new EDBException(
                     CMS.getUserMessage("CMS_DBS_SERIALIZE_FAILED", name));
         }
     }
 
     /**
-     * Maps LDAP attributes into object, and put the object
-     * into 'parent'.
+     * Maps LDAP attributes into object, and put the object into 'parent'.
      */
-    public void mapLDAPAttributeSetToObject(LDAPAttributeSet attrs, 
-        String name, IDBObj parent) throws EBaseException {
+    public void mapLDAPAttributeSetToObject(LDAPAttributeSet attrs,
+            String name, IDBObj parent) throws EBaseException {
         try {
             LDAPAttribute attr = attrs.getAttribute(mLdapName);
 
@@ -131,8 +129,8 @@ public class ObjectStreamMapper implements IDBAttrMapper {
     /**
      * Maps search filters into LDAP search filter.
      */
-    public String mapSearchFilter(String name, String op, 
-        String value) throws EBaseException {
+    public String mapSearchFilter(String name, String op,
+            String value) throws EBaseException {
         return mLdapName + op + value;
     }
 }
diff --git a/pki/base/common/src/com/netscape/cmscore/dbs/PublicKeyMapper.java b/pki/base/common/src/com/netscape/cmscore/dbs/PublicKeyMapper.java
index 8a2d1f2d..88aeda3a 100644
--- a/pki/base/common/src/com/netscape/cmscore/dbs/PublicKeyMapper.java
+++ b/pki/base/common/src/com/netscape/cmscore/dbs/PublicKeyMapper.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cmscore.dbs;
 
-
 import java.security.PublicKey;
 import java.security.cert.X509Certificate;
 import java.util.Enumeration;
@@ -32,16 +31,14 @@ import com.netscape.certsrv.dbs.IDBAttrMapper;
 import com.netscape.certsrv.dbs.IDBObj;
 import com.netscape.certsrv.logging.ILogger;
 import com.netscape.cmscore.cert.CertUtils;
- 
 
 /**
- * A class represents an attribute mapper that maps
- * a public key data into LDAP attribute and
- * vice versa.
+ * A class represents an attribute mapper that maps a public key data into LDAP
+ * attribute and vice versa.
  * <P>
- *
+ * 
  * @author thomask
- * @version $Revision$, $Date$ 
+ * @version $Revision$, $Date$
  */
 public class PublicKeyMapper implements IDBAttrMapper {
 
@@ -68,18 +65,17 @@ public class PublicKeyMapper implements IDBAttrMapper {
     /**
      * Maps object to ldap attribute set.
      */
-    public void mapObjectToLDAPAttributeSet(IDBObj parent, 
-        String name, Object obj, LDAPAttributeSet attrs) 
-        throws EBaseException {
+    public void mapObjectToLDAPAttributeSet(IDBObj parent,
+            String name, Object obj, LDAPAttributeSet attrs)
+            throws EBaseException {
         attrs.add(new LDAPAttribute(mLdapName, (byte[]) obj));
     }
 
     /**
-     * Maps LDAP attributes into object, and put the object
-     * into 'parent'.
+     * Maps LDAP attributes into object, and put the object into 'parent'.
      */
-    public void mapLDAPAttributeSetToObject(LDAPAttributeSet attrs, 
-        String name, IDBObj parent) throws EBaseException {
+    public void mapLDAPAttributeSetToObject(LDAPAttributeSet attrs,
+            String name, IDBObj parent) throws EBaseException {
         LDAPAttribute attr = attrs.getAttribute(mLdapName);
 
         if (attr == null) {
@@ -89,11 +85,11 @@ public class PublicKeyMapper implements IDBAttrMapper {
     }
 
     /**
-     * Maps search filters into LDAP search filter. It knows
-     * how to extract public key from the certificate.
+     * Maps search filters into LDAP search filter. It knows how to extract
+     * public key from the certificate.
      */
-    public String mapSearchFilter(String name, String op, 
-        String value) throws EBaseException {
+    public String mapSearchFilter(String name, String op,
+            String value) throws EBaseException {
         int i = value.indexOf("#");
 
         if (i != -1) {
@@ -111,14 +107,16 @@ public class PublicKeyMapper implements IDBAttrMapper {
                 return mLdapName + op + escapeBinaryData(pub);
             } catch (Exception e) {
 
-                /*LogDoc
-                 *
+                /*
+                 * LogDoc
+                 * 
                  * @phase Maps search filters into LDAP search filter
+                 * 
                  * @message PublicKeyMapper: <exception thrown>
                  */
-                mLogger.log(ILogger.EV_SYSTEM, ILogger.S_DB, ILogger.LL_FAILURE, 
-                    CMS.getLogMessage("CMSCORE_DBS_PUBLICKEY_MAPPER_ERROR",
-                        e.toString()));
+                mLogger.log(ILogger.EV_SYSTEM, ILogger.S_DB, ILogger.LL_FAILURE,
+                        CMS.getLogMessage("CMSCORE_DBS_PUBLICKEY_MAPPER_ERROR",
+                                e.toString()));
             }
         }
         return mLdapName + op + value;
diff --git a/pki/base/common/src/com/netscape/cmscore/dbs/ReplicaIDRepository.java b/pki/base/common/src/com/netscape/cmscore/dbs/ReplicaIDRepository.java
index 61beb423..4e79cd89 100644
--- a/pki/base/common/src/com/netscape/cmscore/dbs/ReplicaIDRepository.java
+++ b/pki/base/common/src/com/netscape/cmscore/dbs/ReplicaIDRepository.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cmscore.dbs;
 
-
 import java.math.BigInteger;
 
 import com.netscape.certsrv.apps.CMS;
@@ -27,15 +26,15 @@ import com.netscape.certsrv.dbs.IDBSubsystem;
 import com.netscape.certsrv.dbs.replicadb.IReplicaIDRepository;
 
 /**
- * A class represents a replica repository. It
- * creates unique managed replica IDs.
+ * A class represents a replica repository. It creates unique managed replica
+ * IDs.
  * <P>
- *
+ * 
  * @author alee
  * @version $Revision$, $Date$
  */
 public class ReplicaIDRepository extends Repository
-    implements IReplicaIDRepository {
+        implements IReplicaIDRepository {
 
     private IDBSubsystem mDBService;
     private String mBaseDN;
@@ -44,24 +43,23 @@ public class ReplicaIDRepository extends Repository
      * Constructs a certificate repository.
      */
     public ReplicaIDRepository(IDBSubsystem dbService, int increment, String baseDN)
-        throws EDBException {
+            throws EDBException {
         super(dbService, increment, baseDN);
         mBaseDN = baseDN;
         mDBService = dbService;
     }
-   
- 
+
     /**
      * Returns last serial number in given range
      */
     public BigInteger getLastSerialNumberInRange(BigInteger serial_low_bound, BigInteger serial_upper_bound)
-    throws EBaseException {
-        CMS.debug("ReplicaIDReposoitory: in getLastSerialNumberInRange: low "  + serial_low_bound + " high " + serial_upper_bound);
-        if(serial_low_bound == null || serial_upper_bound == null || serial_low_bound.compareTo(serial_upper_bound) >= 0 ) {
+            throws EBaseException {
+        CMS.debug("ReplicaIDReposoitory: in getLastSerialNumberInRange: low " + serial_low_bound + " high " + serial_upper_bound);
+        if (serial_low_bound == null || serial_upper_bound == null || serial_low_bound.compareTo(serial_upper_bound) >= 0) {
             return null;
         }
         BigInteger ret = new BigInteger(getMinSerial());
-        if ((ret==null) || (ret.compareTo(serial_upper_bound) >0) || (ret.compareTo(serial_low_bound) <0)) {
+        if ((ret == null) || (ret.compareTo(serial_upper_bound) > 0) || (ret.compareTo(serial_low_bound) < 0)) {
             return null;
         }
         return ret;
diff --git a/pki/base/common/src/com/netscape/cmscore/dbs/Repository.java b/pki/base/common/src/com/netscape/cmscore/dbs/Repository.java
index 858e7a63..494da26c 100644
--- a/pki/base/common/src/com/netscape/cmscore/dbs/Repository.java
+++ b/pki/base/common/src/com/netscape/cmscore/dbs/Repository.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cmscore.dbs;
 
-
 import java.math.BigInteger;
 
 import com.netscape.certsrv.apps.CMS;
@@ -36,18 +35,17 @@ import com.netscape.certsrv.dbs.repository.IRepository;
 import com.netscape.certsrv.dbs.repository.IRepositoryRecord;
 
 /**
- * A class represents a generic repository. It maintains unique 
- * serial number within repository.
+ * A class represents a generic repository. It maintains unique serial number
+ * within repository.
  * <P>
- * To build domain specific repository, subclass should be
- * created.
+ * To build domain specific repository, subclass should be created.
  * <P>
- *
+ * 
  * @author galperin
  * @author thomask
  * @version $Revision: 1.4
- *       
- $, $Date$
+ * 
+ *          $, $Date$
  */
 
 public abstract class Repository implements IRepository {
@@ -56,7 +54,7 @@ public abstract class Repository implements IRepository {
     private BigInteger BI_INCREMENT = null;
     private static final BigInteger BI_ZERO = new BigInteger("0");
     // (the next serialNo to be issued) - 1
-    private BigInteger mSerialNo = null; 
+    private BigInteger mSerialNo = null;
     // the serialNo attribute stored in db
     private BigInteger mNext = null;
 
@@ -79,51 +77,45 @@ public abstract class Repository implements IRepository {
     private int mRadix = 10;
     private int mRepo = -1;
 
-
     private BigInteger mLastSerialNo = null;
+
     /**
      * Constructs a repository.
      * <P>
      */
-    public Repository(IDBSubsystem db, int increment, String baseDN) 
-        throws EDBException {
+    public Repository(IDBSubsystem db, int increment, String baseDN)
+            throws EDBException {
         mDB = db;
         mBaseDN = baseDN;
 
-
         BI_INCREMENT = new BigInteger(Integer.toString(increment));
 
         // register schema
         IDBRegistry reg = db.getRegistry();
 
         /**
-         if (!reg.isObjectClassRegistered(
-         RepositoryRecord.class.getName())) {
-         String repRecordOC[] = new String[2];
-         repRecordOC[0] = RepositorySchema.LDAP_OC_TOP;
-         repRecordOC[1] = RepositorySchema.LDAP_OC_REPOSITORY;
-         reg.registerObjectClass(
-         RepositoryRecord.class.getName(), repRecordOC);
-         }
-         if (!reg.isAttributeRegistered(RepositoryRecord.ATTR_SERIALNO)) {
-         reg.registerAttribute(RepositoryRecord.ATTR_SERIALNO,
-         new BigIntegerMapper(RepositorySchema.LDAP_ATTR_SERIALNO));
-         }
+         * if (!reg.isObjectClassRegistered( RepositoryRecord.class.getName()))
+         * { String repRecordOC[] = new String[2]; repRecordOC[0] =
+         * RepositorySchema.LDAP_OC_TOP; repRecordOC[1] =
+         * RepositorySchema.LDAP_OC_REPOSITORY; reg.registerObjectClass(
+         * RepositoryRecord.class.getName(), repRecordOC); } if
+         * (!reg.isAttributeRegistered(RepositoryRecord.ATTR_SERIALNO)) {
+         * reg.registerAttribute(RepositoryRecord.ATTR_SERIALNO, new
+         * BigIntegerMapper(RepositorySchema.LDAP_ATTR_SERIALNO)); }
          **/
     }
 
     /**
      * Resets serial number.
      */
-    public void resetSerialNumber(BigInteger serial) throws EBaseException
-    {
+    public void resetSerialNumber(BigInteger serial) throws EBaseException {
         IDBSSession s = mDB.createSession();
-                                                                                
+
         try {
             String name = mBaseDN;
             ModificationSet mods = new ModificationSet();
             mods.add(IRepositoryRecord.ATTR_SERIALNO,
-                Modification.MOD_REPLACE, serial);
+                    Modification.MOD_REPLACE, serial);
             s.modify(name, mods);
         } finally {
             if (s != null)
@@ -134,7 +126,7 @@ public abstract class Repository implements IRepository {
     /**
      * Retrieves the next serial number attr in db.
      * <P>
-     *
+     * 
      * @return next serial number
      */
     protected BigInteger getSerialNumber() throws EBaseException {
@@ -144,21 +136,23 @@ public abstract class Repository implements IRepository {
         RepositoryRecord rec = null;
 
         try {
-            if (s != null) rec = (RepositoryRecord) s.read(mBaseDN);
-        } finally { 
-            if (s != null) s.close();
+            if (s != null)
+                rec = (RepositoryRecord) s.read(mBaseDN);
+        } finally {
+            if (s != null)
+                s.close();
         }
 
-        if( rec == null ) {
-            CMS.debug( "Repository::getSerialNumber() - "
-                     + "- rec is null!" );
-            throw new EBaseException( "rec is null" );
+        if (rec == null) {
+            CMS.debug("Repository::getSerialNumber() - "
+                     + "- rec is null!");
+            throw new EBaseException("rec is null");
         }
 
         BigInteger serial = rec.getSerialNumber();
 
         if (!mInit) {
-            // cms may crash after issue a cert but before update 
+            // cms may crash after issue a cert but before update
             // the serial number record
             try {
                 IDBObj obj = s.read("cn=" +
@@ -168,7 +162,7 @@ public abstract class Repository implements IRepository {
                     serial = serial.add(BI_ONE);
                     setSerialNumber(serial);
                 }
-            }catch (EBaseException e) {
+            } catch (EBaseException e) {
                 // do nothing
             }
             mInit = true;
@@ -179,12 +173,12 @@ public abstract class Repository implements IRepository {
     /**
      * Updates the serial number to the specified in db.
      * <P>
-     *
+     * 
      * @param num serial number
      */
     protected void setSerialNumber(BigInteger num) throws EBaseException {
 
-        CMS.debug("Repository:setSerialNumber " +  num.toString());
+        CMS.debug("Repository:setSerialNumber " + num.toString());
 
         return;
 
@@ -211,8 +205,8 @@ public abstract class Repository implements IRepository {
 
         maxSerial = new BigInteger(serial, mRadix);
         if (maxSerial != null) {
-           mMaxSerial = serial;
-           mMaxSerialNo = maxSerial;
+            mMaxSerial = serial;
+            mMaxSerialNo = maxSerial;
         }
     }
 
@@ -229,7 +223,8 @@ public abstract class Repository implements IRepository {
      * Set the maximum serial number in next range
      * 
      * @param serial maximum number in next range
-     * @exception EBaseException failed to set maximum serial number in next range
+     * @exception EBaseException failed to set maximum serial number in next
+     *                range
      */
     public void setNextMaxSerial(String serial) throws EBaseException {
         BigInteger maxSerial = null;
@@ -237,23 +232,22 @@ public abstract class Repository implements IRepository {
 
         maxSerial = new BigInteger(serial, mRadix);
         if (maxSerial != null) {
-           mNextMaxSerial = serial;
-           mNextMaxSerialNo = maxSerial;
+            mNextMaxSerial = serial;
+            mNextMaxSerialNo = maxSerial;
         }
 
         return;
     }
-  
+
     /**
      * Get the minimum serial number.
      * 
      * @return minimum serial number
      */
     public String getMinSerial() {
-       return mMinSerial;
+        return mMinSerial;
     }
 
-
     /**
      * init serial number cache
      */
@@ -261,16 +255,17 @@ public abstract class Repository implements IRepository {
         mNext = getSerialNumber();
         BigInteger serialConfig = new BigInteger("0");
         mRadix = 10;
-   
+
         CMS.debug("Repository: in InitCache");
 
         if (this instanceof ICertificateRepository) {
             CMS.debug("Repository: Instance of Certificate Repository.");
             mRadix = 16;
             mRepo = IDBSubsystem.CERTS;
-        } else if (this instanceof IKeyRepository)  {
-            // Key Repository uses the same configuration parameters as Certificate
-            // Repository.  This is ok because they are on separate subsystems.
+        } else if (this instanceof IKeyRepository) {
+            // Key Repository uses the same configuration parameters as
+            // Certificate
+            // Repository. This is ok because they are on separate subsystems.
             CMS.debug("Repository: Instance of Key Repository");
             mRadix = 16;
             mRepo = IDBSubsystem.CERTS;
@@ -278,7 +273,8 @@ public abstract class Repository implements IRepository {
             CMS.debug("Repository: Instance of Replica ID repository");
             mRepo = IDBSubsystem.REPLICA_ID;
         } else {
-            // CRLRepository subclasses this too, but does not use serial number stuff
+            // CRLRepository subclasses this too, but does not use serial number
+            // stuff
             CMS.debug("Repository: Instance of Request Repository or CRLRepository.");
             mRepo = IDBSubsystem.REQUESTS;
         }
@@ -292,48 +288,47 @@ public abstract class Repository implements IRepository {
 
         CMS.debug("Repository: minSerial " + mMinSerial + " maxSerial: " + mMaxSerial);
 
-        if(mMinSerial != null) 
-            mMinSerialNo = new BigInteger(mMinSerial,mRadix);
+        if (mMinSerial != null)
+            mMinSerialNo = new BigInteger(mMinSerial, mRadix);
 
-        if(mMaxSerial != null)
-            mMaxSerialNo = new BigInteger(mMaxSerial,mRadix); 
+        if (mMaxSerial != null)
+            mMaxSerialNo = new BigInteger(mMaxSerial, mRadix);
 
-        if(mNextMinSerial != null) 
-            mNextMinSerialNo = new BigInteger(mNextMinSerial,mRadix);
+        if (mNextMinSerial != null)
+            mNextMinSerialNo = new BigInteger(mNextMinSerial, mRadix);
 
-        if(mNextMaxSerial != null)
-            mNextMaxSerialNo = new BigInteger(mNextMaxSerial,mRadix); 
+        if (mNextMaxSerial != null)
+            mNextMaxSerialNo = new BigInteger(mNextMaxSerial, mRadix);
 
-        if(lowWaterMark  != null) 
-            mLowWaterMarkNo = new BigInteger(lowWaterMark,mRadix);
+        if (lowWaterMark != null)
+            mLowWaterMarkNo = new BigInteger(lowWaterMark, mRadix);
 
-        if(increment != null) 
-            mIncrementNo = new BigInteger(increment,mRadix);
+        if (increment != null)
+            mIncrementNo = new BigInteger(increment, mRadix);
 
         BigInteger theSerialNo = null;
-        theSerialNo = getLastSerialNumberInRange(mMinSerialNo,mMaxSerialNo);
+        theSerialNo = getLastSerialNumberInRange(mMinSerialNo, mMaxSerialNo);
 
-        if(theSerialNo != null)  {
+        if (theSerialNo != null) {
 
             mLastSerialNo = new BigInteger(theSerialNo.toString());
             CMS.debug("Repository:  mLastSerialNo: " + mLastSerialNo.toString());
 
-        }
-        else  {
+        } else {
 
             throw new EBaseException("Error in obtaining the last serial number in the repository!");
 
         }
 
     }
-   
+
     /**
      * get the next serial number in cache
      */
     public BigInteger getTheSerialNumber() throws EBaseException {
-        
-        CMS.debug("Repository:In getTheSerialNumber " );
-        if (mLastSerialNo == null) 
+
+        CMS.debug("Repository:In getTheSerialNumber ");
+        if (mLastSerialNo == null)
             initCache();
         BigInteger serial = new BigInteger((mLastSerialNo.add(BI_ONE)).toString());
 
@@ -346,7 +341,7 @@ public abstract class Repository implements IRepository {
     /**
      * Updates the serial number to the specified in db and cache.
      * <P>
-     *
+     * 
      * @param num serial number
      */
     public void setTheSerialNumber(BigInteger num) throws EBaseException {
@@ -370,46 +365,45 @@ public abstract class Repository implements IRepository {
     }
 
     /**
-     * Retrieves the next serial number, and also increase the
-     * serial number by one.
+     * Retrieves the next serial number, and also increase the serial number by
+     * one.
      * <P>
-     *
+     * 
      * @return serial number
      */
     public synchronized BigInteger getNextSerialNumber() throws
             EBaseException {
 
         CMS.debug("Repository: in getNextSerialNumber. ");
- 
+
         if (mLastSerialNo == null) {
             initCache();
 
             mLastSerialNo = mLastSerialNo.add(BI_ONE);
-            
-          
+
         } else {
             mLastSerialNo = mLastSerialNo.add(BI_ONE);
         }
 
-        if( mLastSerialNo == null ) {
-            CMS.debug( "Repository::getNextSerialNumber() " +
-                       "- mLastSerialNo is null!" );
-            throw new EBaseException( "mLastSerialNo is null" );
+        if (mLastSerialNo == null) {
+            CMS.debug("Repository::getNextSerialNumber() " +
+                       "- mLastSerialNo is null!");
+            throw new EBaseException("mLastSerialNo is null");
         }
 
         // check if we have reached the end of the range
         // if so, move to next range
-        if (mLastSerialNo.compareTo( mMaxSerialNo ) > 0 ) {
+        if (mLastSerialNo.compareTo(mMaxSerialNo) > 0) {
             if (mDB.getEnableSerialMgmt()) {
                 CMS.debug("Reached the end of the range.  Attempting to move to next range");
                 mMinSerialNo = mNextMinSerialNo;
                 mMaxSerialNo = mNextMaxSerialNo;
                 mLastSerialNo = mMinSerialNo;
-                mNextMinSerialNo  = null;
-                mNextMaxSerialNo  = null;
+                mNextMinSerialNo = null;
+                mNextMaxSerialNo = null;
                 if ((mMaxSerialNo == null) || (mMinSerialNo == null)) {
                     throw new EDBException(CMS.getUserMessage("CMS_DBS_LIMIT_REACHED",
-                        mLastSerialNo.toString()));
+                            mLastSerialNo.toString()));
                 }
 
                 // persist the changes
@@ -426,17 +420,16 @@ public abstract class Repository implements IRepository {
         BigInteger retSerial = new BigInteger(mLastSerialNo.toString());
 
         CMS.debug("Repository: getNextSerialNumber: returning retSerial " + retSerial);
-        return retSerial; 
+        return retSerial;
     }
 
     /**
-     * Checks to see if a new range is needed, or if we have reached the end of the 
-     * current range, or if a range conflict has occurred.
-     *      
+     * Checks to see if a new range is needed, or if we have reached the end of
+     * the current range, or if a range conflict has occurred.
+     * 
      * @exception EBaseException failed to check next range for conflicts
      */
-    public void checkRanges() throws EBaseException 
-    {
+    public void checkRanges() throws EBaseException {
         if (!mDB.getEnableSerialMgmt()) {
             CMS.debug("Serial Management not enabled. Returning .. ");
             return;
@@ -464,7 +457,7 @@ public abstract class Repository implements IRepository {
             CMS.debug("Serial Numbers available: " + numsAvail.toString());
         }
 
-        if ((numsAvail.compareTo(mLowWaterMarkNo) < 0) && (!CMS.isPreOpMode()) ) {
+        if ((numsAvail.compareTo(mLowWaterMarkNo) < 0) && (!CMS.isPreOpMode())) {
             CMS.debug("Low water mark reached. Requesting next range");
             mNextMinSerialNo = new BigInteger(mDB.getNextRange(mRepo), mRadix);
             if (mNextMinSerialNo == null) {
@@ -478,31 +471,29 @@ public abstract class Repository implements IRepository {
             }
         }
 
-        if (numsInRange.compareTo (mLowWaterMarkNo) < 0 )  {
+        if (numsInRange.compareTo(mLowWaterMarkNo) < 0) {
             // check for a replication error
             CMS.debug("Checking for a range conflict");
             if (mDB.hasRangeConflict(mRepo)) {
-                 CMS.debug("Range Conflict found! Removing next range.");
-                 mNextMaxSerialNo = null;
-                 mNextMinSerialNo= null;
-                 mDB.setNextMinSerialConfig(mRepo, null);
-                 mDB.setNextMaxSerialConfig(mRepo, null);
+                CMS.debug("Range Conflict found! Removing next range.");
+                mNextMaxSerialNo = null;
+                mNextMinSerialNo = null;
+                mDB.setNextMinSerialConfig(mRepo, null);
+                mDB.setNextMaxSerialConfig(mRepo, null);
             }
-        }   
+        }
     }
 
     /**
-     * Sets whether serial number management is enabled for certs
-     * and requests. 
-     *
-     * @param value   true/false 
-     * @exception EBaseException failed to set 
+     * Sets whether serial number management is enabled for certs and requests.
+     * 
+     * @param value true/false
+     * @exception EBaseException failed to set
      */
-    public void setEnableSerialMgmt(boolean value) throws EBaseException
-    {
+    public void setEnableSerialMgmt(boolean value) throws EBaseException {
         mDB.setEnableSerialMgmt(value);
-    } 
+    }
 
-    public abstract BigInteger getLastSerialNumberInRange(BigInteger  serial_low_bound, BigInteger serial_upper_bound) throws
-       EBaseException;
+    public abstract BigInteger getLastSerialNumberInRange(BigInteger serial_low_bound, BigInteger serial_upper_bound) throws
+            EBaseException;
 }
diff --git a/pki/base/common/src/com/netscape/cmscore/dbs/RepositoryRecord.java b/pki/base/common/src/com/netscape/cmscore/dbs/RepositoryRecord.java
index 97cedac8..0a79b4b9 100644
--- a/pki/base/common/src/com/netscape/cmscore/dbs/RepositoryRecord.java
+++ b/pki/base/common/src/com/netscape/cmscore/dbs/RepositoryRecord.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cmscore.dbs;
 
-
 import java.math.BigInteger;
 import java.util.Enumeration;
 import java.util.Vector;
@@ -26,11 +25,10 @@ import com.netscape.certsrv.apps.CMS;
 import com.netscape.certsrv.base.EBaseException;
 import com.netscape.certsrv.dbs.repository.IRepositoryRecord;
 
-
 /**
  * A class represents a repository record.
  * <P>
- *
+ * 
  * @author thomask
  * @version $Revision$, $Date$
  */
diff --git a/pki/base/common/src/com/netscape/cmscore/dbs/RepositorySchema.java b/pki/base/common/src/com/netscape/cmscore/dbs/RepositorySchema.java
index 67cc5c1c..a926187f 100644
--- a/pki/base/common/src/com/netscape/cmscore/dbs/RepositorySchema.java
+++ b/pki/base/common/src/com/netscape/cmscore/dbs/RepositorySchema.java
@@ -17,14 +17,10 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cmscore.dbs;
 
-
-
-
 /**
- * A class represents a collection of repository-specific
- * schema information.
+ * A class represents a collection of repository-specific schema information.
  * <P>
- *
+ * 
  * @author thomask
  * @version $Revision$, $Date$
  */
diff --git a/pki/base/common/src/com/netscape/cmscore/dbs/RevocationInfo.java b/pki/base/common/src/com/netscape/cmscore/dbs/RevocationInfo.java
index 001089fb..87da8b91 100644
--- a/pki/base/common/src/com/netscape/cmscore/dbs/RevocationInfo.java
+++ b/pki/base/common/src/com/netscape/cmscore/dbs/RevocationInfo.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cmscore.dbs;
 
-
 import java.io.Serializable;
 import java.util.Date;
 
@@ -26,13 +25,12 @@ import netscape.security.x509.CRLReasonExtension;
 
 import com.netscape.certsrv.dbs.certdb.IRevocationInfo;
 
-
 /**
- * A class represents a certificate revocation info. This
- * object is written as an attribute of certificate record 
- * which essentially signifies a revocation act.
+ * A class represents a certificate revocation info. This object is written as
+ * an attribute of certificate record which essentially signifies a revocation
+ * act.
  * <P>
- *
+ * 
  * @author galperin
  * @version $Revision$, $Date$
  */
@@ -52,11 +50,10 @@ public class RevocationInfo implements IRevocationInfo, Serializable {
     }
 
     /**
-     * Constructs revocation info used by revocation 
-     * request implementation.
-     *
-     * @param reason if not null contains CRL entry extension 
-     *   that specifies revocation reason
+     * Constructs revocation info used by revocation request implementation.
+     * 
+     * @param reason if not null contains CRL entry extension that specifies
+     *            revocation reason
      * @see CRLReasonExtension
      */
     public RevocationInfo(Date revocationDate, CRLExtensions exts) {
diff --git a/pki/base/common/src/com/netscape/cmscore/dbs/RevocationInfoMapper.java b/pki/base/common/src/com/netscape/cmscore/dbs/RevocationInfoMapper.java
index c0949f66..d7198f6a 100644
--- a/pki/base/common/src/com/netscape/cmscore/dbs/RevocationInfoMapper.java
+++ b/pki/base/common/src/com/netscape/cmscore/dbs/RevocationInfoMapper.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cmscore.dbs;
 
-
 import java.util.Date;
 import java.util.Enumeration;
 import java.util.Vector;
@@ -37,13 +36,12 @@ import com.netscape.certsrv.dbs.IDBAttrMapper;
 import com.netscape.certsrv.dbs.IDBObj;
 import com.netscape.cmscore.util.Debug;
 
-
 /**
- * A class represents a mapper to serialize 
- * revocation information into database.
+ * A class represents a mapper to serialize revocation information into
+ * database.
  * <P>
- *
- * @author  thomask
+ * 
+ * @author thomask
  * @version $Revision$, $Date$
  */
 public class RevocationInfoMapper implements IDBAttrMapper {
@@ -63,9 +61,9 @@ public class RevocationInfoMapper implements IDBAttrMapper {
         return mNames.elements();
     }
 
-    public void mapObjectToLDAPAttributeSet(IDBObj parent, String name, 
-        Object obj, LDAPAttributeSet attrs) 
-        throws EBaseException {
+    public void mapObjectToLDAPAttributeSet(IDBObj parent, String name,
+            Object obj, LDAPAttributeSet attrs)
+            throws EBaseException {
         try {
             // in format of <date>;<extensions>
             String value = "";
@@ -82,22 +80,22 @@ public class RevocationInfoMapper implements IDBAttrMapper {
                 Extension ext = e.nextElement();
 
                 if (ext instanceof CRLReasonExtension) {
-                    RevocationReason reason = 
-                        ((CRLReasonExtension) ext).getReason();
+                    RevocationReason reason =
+                            ((CRLReasonExtension) ext).getReason();
 
-                    value = value + ";CRLReasonExtension=" + 	
+                    value = value + ";CRLReasonExtension=" +
                             Integer.toString(reason.toInt());
                 } else if (ext instanceof InvalidityDateExtension) {
-                    Date invalidityDate = 
-                        ((InvalidityDateExtension) ext).getInvalidityDate();
+                    Date invalidityDate =
+                            ((InvalidityDateExtension) ext).getInvalidityDate();
 
-                    value = value + ";InvalidityDateExtension=" + 	
+                    value = value + ";InvalidityDateExtension=" +
                             DateMapper.dateToDB(invalidityDate);
                 } else {
                     Debug.trace("XXX skipped extension");
                 }
             }
-            attrs.add(new LDAPAttribute(CertDBSchema.LDAP_ATTR_REVO_INFO, 
+            attrs.add(new LDAPAttribute(CertDBSchema.LDAP_ATTR_REVO_INFO,
                     value));
         } catch (Exception e) {
             Debug.trace(e.toString());
@@ -106,8 +104,8 @@ public class RevocationInfoMapper implements IDBAttrMapper {
         }
     }
 
-    public void mapLDAPAttributeSetToObject(LDAPAttributeSet attrs, 
-        String name, IDBObj parent) throws EBaseException {
+    public void mapLDAPAttributeSetToObject(LDAPAttributeSet attrs,
+            String name, IDBObj parent) throws EBaseException {
         try {
             LDAPAttribute attr = attrs.getAttribute(
                     CertDBSchema.LDAP_ATTR_REVO_INFO);
@@ -148,15 +146,14 @@ public class RevocationInfoMapper implements IDBAttrMapper {
                         String invalidityDateStr = str.substring(24);
                         Date invalidityDate = DateMapper.dateFromDB(invalidityDateStr);
                         InvalidityDateExtension ext =
-                            new InvalidityDateExtension(invalidityDate);
+                                new InvalidityDateExtension(invalidityDate);
 
                         exts.set(InvalidityDateExtension.class.getSimpleName(), ext);
                     } else {
                         Debug.trace("XXX skipped extension");
                     }
-                }
-                while (i != -1);
-            }	
+                } while (i != -1);
+            }
             RevocationInfo info = new RevocationInfo(d, exts);
 
             parent.set(name, info);
@@ -168,7 +165,7 @@ public class RevocationInfoMapper implements IDBAttrMapper {
     }
 
     public String mapSearchFilter(String name, String op, String value)
-        throws EBaseException {
+            throws EBaseException {
         return CertDBSchema.LDAP_ATTR_REVO_INFO + op + value;
     }
 }
diff --git a/pki/base/common/src/com/netscape/cmscore/dbs/StringMapper.java b/pki/base/common/src/com/netscape/cmscore/dbs/StringMapper.java
index 39fdac87..c4a8ca96 100644
--- a/pki/base/common/src/com/netscape/cmscore/dbs/StringMapper.java
+++ b/pki/base/common/src/com/netscape/cmscore/dbs/StringMapper.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cmscore.dbs;
 
-
 import java.util.Enumeration;
 import java.util.NoSuchElementException;
 import java.util.Vector;
@@ -29,14 +28,12 @@ import com.netscape.certsrv.base.EBaseException;
 import com.netscape.certsrv.dbs.IDBAttrMapper;
 import com.netscape.certsrv.dbs.IDBObj;
 
-
 /**
- * A class represents ann attribute mapper that maps
- * a Java String object into LDAP attribute,
- * and vice versa.
- *
+ * A class represents ann attribute mapper that maps a Java String object into
+ * LDAP attribute, and vice versa.
+ * 
  * @author thomask
- * @version $Revision$, $Date$ 
+ * @version $Revision$, $Date$
  */
 public class StringMapper implements IDBAttrMapper {
 
@@ -61,19 +58,18 @@ public class StringMapper implements IDBAttrMapper {
     /**
      * Maps attribute value to ldap attributes.
      */
-    public void mapObjectToLDAPAttributeSet(IDBObj parent, 
-        String name, Object obj, LDAPAttributeSet attrs) 
-        throws EBaseException {
+    public void mapObjectToLDAPAttributeSet(IDBObj parent,
+            String name, Object obj, LDAPAttributeSet attrs)
+            throws EBaseException {
         attrs.add(new LDAPAttribute(mLdapName, (String) obj));
     }
 
     /**
-     * Maps LDAP attributes into object, and put the object
-     * into 'parent'.
+     * Maps LDAP attributes into object, and put the object into 'parent'.
      */
-    public void mapLDAPAttributeSetToObject(LDAPAttributeSet attrs, 
-        String name, IDBObj parent) 	
-        throws EBaseException {
+    public void mapLDAPAttributeSetToObject(LDAPAttributeSet attrs,
+            String name, IDBObj parent)
+            throws EBaseException {
         LDAPAttribute attr = attrs.getAttribute(mLdapName);
 
         if (attr == null) {
@@ -81,7 +77,7 @@ public class StringMapper implements IDBAttrMapper {
         }
         try {
             parent.set(name, (String)
-                attr.getStringValues().nextElement());
+                    attr.getStringValues().nextElement());
         } catch (NoSuchElementException e) {
             // attribute present, but without value
         }
@@ -90,8 +86,8 @@ public class StringMapper implements IDBAttrMapper {
     /**
      * Maps search filters into LDAP search filter.
      */
-    public String mapSearchFilter(String name, String op, 
-        String value) throws EBaseException {
+    public String mapSearchFilter(String name, String op,
+            String value) throws EBaseException {
         return mLdapName + op + value;
     }
 }
diff --git a/pki/base/common/src/com/netscape/cmscore/dbs/StringVectorMapper.java b/pki/base/common/src/com/netscape/cmscore/dbs/StringVectorMapper.java
index d14470a2..3269e61a 100644
--- a/pki/base/common/src/com/netscape/cmscore/dbs/StringVectorMapper.java
+++ b/pki/base/common/src/com/netscape/cmscore/dbs/StringVectorMapper.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cmscore.dbs;
 
-
 import java.util.Enumeration;
 import java.util.Vector;
 
@@ -28,14 +27,12 @@ import com.netscape.certsrv.base.EBaseException;
 import com.netscape.certsrv.dbs.IDBAttrMapper;
 import com.netscape.certsrv.dbs.IDBObj;
 
-
 /**
- * A class represents ann attribute mapper that maps
- * a Java String object into LDAP attribute,
- * and vice versa.
- *
+ * A class represents ann attribute mapper that maps a Java String object into
+ * LDAP attribute, and vice versa.
+ * 
  * @author thomask
- * @version $Revision$, $Date$ 
+ * @version $Revision$, $Date$
  */
 public class StringVectorMapper implements IDBAttrMapper {
 
@@ -60,9 +57,9 @@ public class StringVectorMapper implements IDBAttrMapper {
     /**
      * Maps attribute value to ldap attributes.
      */
-    public void mapObjectToLDAPAttributeSet(IDBObj parent, 
-        String name, Object obj, LDAPAttributeSet attrs) 
-        throws EBaseException {
+    public void mapObjectToLDAPAttributeSet(IDBObj parent,
+            String name, Object obj, LDAPAttributeSet attrs)
+            throws EBaseException {
         Vector v = (Vector) obj;
         int s = v.size();
 
@@ -78,11 +75,10 @@ public class StringVectorMapper implements IDBAttrMapper {
     }
 
     /**
-     * Maps LDAP attributes into object, and put the object
-     * into 'parent'.
+     * Maps LDAP attributes into object, and put the object into 'parent'.
      */
-    public void mapLDAPAttributeSetToObject(LDAPAttributeSet attrs, 
-        String name, IDBObj parent) throws EBaseException {
+    public void mapLDAPAttributeSetToObject(LDAPAttributeSet attrs,
+            String name, IDBObj parent) throws EBaseException {
         LDAPAttribute attr = attrs.getAttribute(mLdapName);
 
         if (attr == null)
@@ -104,8 +100,8 @@ public class StringVectorMapper implements IDBAttrMapper {
     /**
      * Maps search filters into LDAP search filter.
      */
-    public String mapSearchFilter(String name, String op, 
-        String value) throws EBaseException {
+    public String mapSearchFilter(String name, String op,
+            String value) throws EBaseException {
         return mLdapName + op + value;
     }
 }
diff --git a/pki/base/common/src/com/netscape/cmscore/dbs/X500NameMapper.java b/pki/base/common/src/com/netscape/cmscore/dbs/X500NameMapper.java
index 963c2fdc..a2b2ea1c 100644
--- a/pki/base/common/src/com/netscape/cmscore/dbs/X500NameMapper.java
+++ b/pki/base/common/src/com/netscape/cmscore/dbs/X500NameMapper.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cmscore.dbs;
 
-
 import java.io.IOException;
 import java.util.Enumeration;
 import java.util.Vector;
@@ -32,15 +31,13 @@ import com.netscape.certsrv.dbs.EDBException;
 import com.netscape.certsrv.dbs.IDBAttrMapper;
 import com.netscape.certsrv.dbs.IDBObj;
 import com.netscape.certsrv.logging.ILogger;
- 
 
 /**
- * A class represents ann attribute mapper that maps
- * a Java X500Name object into LDAP attribute,
- * and vice versa.
- *
+ * A class represents ann attribute mapper that maps a Java X500Name object into
+ * LDAP attribute, and vice versa.
+ * 
  * @author thomask
- * @version $Revision$, $Date$ 
+ * @version $Revision$, $Date$
  */
 public class X500NameMapper implements IDBAttrMapper {
 
@@ -67,19 +64,18 @@ public class X500NameMapper implements IDBAttrMapper {
     /**
      * Maps attribute value to ldap attributes.
      */
-    public void mapObjectToLDAPAttributeSet(IDBObj parent, 
-        String name, Object obj, LDAPAttributeSet attrs) 
-        throws EBaseException {
-        attrs.add(new LDAPAttribute(mLdapName, 
+    public void mapObjectToLDAPAttributeSet(IDBObj parent,
+            String name, Object obj, LDAPAttributeSet attrs)
+            throws EBaseException {
+        attrs.add(new LDAPAttribute(mLdapName,
                 ((X500Name) obj).toString()));
     }
 
     /**
-     * Maps LDAP attributes into object, and put the object
-     * into 'parent'.
+     * Maps LDAP attributes into object, and put the object into 'parent'.
      */
-    public void mapLDAPAttributeSetToObject(LDAPAttributeSet attrs, 
-        String name, IDBObj parent) throws EBaseException {
+    public void mapLDAPAttributeSetToObject(LDAPAttributeSet attrs,
+            String name, IDBObj parent) throws EBaseException {
         LDAPAttribute attr = attrs.getAttribute(mLdapName);
 
         if (attr == null) {
@@ -90,14 +86,16 @@ public class X500NameMapper implements IDBAttrMapper {
                     attr.getStringValues().nextElement()));
         } catch (IOException e) {
 
-            /*LogDoc
-             *
+            /*
+             * LogDoc
+             * 
              * @phase Maps LDAP attributes into object
+             * 
              * @message X500NameMapper: <exception thrown>
              */
-            mLogger.log(ILogger.EV_SYSTEM, ILogger.S_DB, ILogger.LL_FAILURE, 
-                CMS.getLogMessage("CMSCORE_DBS_X500NAME_MAPPER_ERROR",
-                    e.toString()));
+            mLogger.log(ILogger.EV_SYSTEM, ILogger.S_DB, ILogger.LL_FAILURE,
+                    CMS.getLogMessage("CMSCORE_DBS_X500NAME_MAPPER_ERROR",
+                            e.toString()));
             throw new EDBException(
                     CMS.getUserMessage("CMS_DBS_DESERIALIZE_FAILED", name));
         }
@@ -106,8 +104,8 @@ public class X500NameMapper implements IDBAttrMapper {
     /**
      * Maps search filters into LDAP search filter.
      */
-    public String mapSearchFilter(String name, String op, 
-        String value) throws EBaseException {
+    public String mapSearchFilter(String name, String op,
+            String value) throws EBaseException {
         return mLdapName + op + value;
     }
 }
diff --git a/pki/base/common/src/com/netscape/cmscore/dbs/X509CertImplMapper.java b/pki/base/common/src/com/netscape/cmscore/dbs/X509CertImplMapper.java
index 9acf05f2..63ec1e12 100644
--- a/pki/base/common/src/com/netscape/cmscore/dbs/X509CertImplMapper.java
+++ b/pki/base/common/src/com/netscape/cmscore/dbs/X509CertImplMapper.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cmscore.dbs;
 
-
 import java.security.cert.CertificateEncodingException;
 import java.security.cert.CertificateException;
 import java.util.Date;
@@ -43,12 +42,10 @@ import com.netscape.certsrv.dbs.IDBAttrMapper;
 import com.netscape.certsrv.dbs.IDBObj;
 import com.netscape.certsrv.dbs.certdb.ICertRecord;
 
-
 /**
- * A class represents a mapper to serialize 
- * x509 certificate into database.
- *
- * @author  thomask
+ * A class represents a mapper to serialize x509 certificate into database.
+ * 
+ * @author thomask
  * @version $Revision$, $Date$
  */
 public class X509CertImplMapper implements IDBAttrMapper {
@@ -72,23 +69,23 @@ public class X509CertImplMapper implements IDBAttrMapper {
         return v.elements();
     }
 
-    public void mapObjectToLDAPAttributeSet(IDBObj parent, String name, 
-        Object obj, LDAPAttributeSet attrs) throws EBaseException {
+    public void mapObjectToLDAPAttributeSet(IDBObj parent, String name,
+            Object obj, LDAPAttributeSet attrs) throws EBaseException {
         try {
             X509CertImpl cert = (X509CertImpl) obj;
             // make information searchable
             Date notBefore = cert.getNotBefore();
 
             attrs.add(new LDAPAttribute(
-                    CertDBSchema.LDAP_ATTR_NOT_BEFORE, 
+                    CertDBSchema.LDAP_ATTR_NOT_BEFORE,
                     DateMapper.dateToDB(notBefore)));
             Date notAfter = cert.getNotAfter();
 
-            attrs.add(new LDAPAttribute(CertDBSchema.LDAP_ATTR_NOT_AFTER, 
+            attrs.add(new LDAPAttribute(CertDBSchema.LDAP_ATTR_NOT_AFTER,
                     DateMapper.dateToDB(notAfter)));
-            attrs.add(new LDAPAttribute(CertDBSchema.LDAP_ATTR_DURATION, 
+            attrs.add(new LDAPAttribute(CertDBSchema.LDAP_ATTR_DURATION,
                     DBSUtil.longToDB(notAfter.getTime() - notBefore.getTime())));
-            attrs.add(new LDAPAttribute(CertDBSchema.LDAP_ATTR_SUBJECT, 
+            attrs.add(new LDAPAttribute(CertDBSchema.LDAP_ATTR_SUBJECT,
                     cert.getSubjectDN().getName()));
             attrs.add(new LDAPAttribute(CertDBSchema.LDAP_ATTR_PUBLIC_KEY_DATA, cert.getPublicKey().getEncoded()));
             // make extension searchable
@@ -119,7 +116,7 @@ public class X509CertImplMapper implements IDBAttrMapper {
 
             if (critSet != null) {
                 for (Iterator<String> i = critSet.iterator(); i.hasNext();) {
-                    String oid =  i.next();
+                    String oid = i.next();
 
                     if (oid.equals("2.16.840.1.113730.1.1")) {
                         String extVal = getCertTypeExtensionInfo(cert);
@@ -145,19 +142,19 @@ public class X509CertImplMapper implements IDBAttrMapper {
             // not know how to display the certificate in
             // pretty print format.
             attrs.add(new LDAPAttribute(
-                    CertDBSchema.LDAP_ATTR_SIGNED_CERT + ";binary", 
+                    CertDBSchema.LDAP_ATTR_SIGNED_CERT + ";binary",
                     cert.getEncoded()));
 
             attrs.add(new LDAPAttribute(
-                    CertDBSchema.LDAP_ATTR_VERSION, 
+                    CertDBSchema.LDAP_ATTR_VERSION,
                     Integer.toString(cert.getVersion())));
             X509Key pubKey = (X509Key) cert.getPublicKey();
 
             attrs.add(new LDAPAttribute(
-                    CertDBSchema.LDAP_ATTR_ALGORITHM, 
+                    CertDBSchema.LDAP_ATTR_ALGORITHM,
                     pubKey.getAlgorithmId().getOID().toString()));
             attrs.add(new LDAPAttribute(
-                    CertDBSchema.LDAP_ATTR_SIGNING_ALGORITHM, 
+                    CertDBSchema.LDAP_ATTR_SIGNING_ALGORITHM,
                     cert.getSigAlgOID()));
         } catch (CertificateEncodingException e) {
             throw new EDBException(
@@ -203,7 +200,7 @@ public class X509CertImplMapper implements IDBAttrMapper {
             Boolean objectSigning = (Boolean) nsExt.get(
                     NSCertTypeExtension.OBJECT_SIGNING);
 
-            result += "objectSigning=" + 
+            result += "objectSigning=" +
                     objectSigning.toString();
             return result;
         } catch (Exception e) {
@@ -240,8 +237,8 @@ public class X509CertImplMapper implements IDBAttrMapper {
         }
     }
 
-    public void mapLDAPAttributeSetToObject(LDAPAttributeSet attrs, 
-        String name, IDBObj parent) throws EBaseException {
+    public void mapLDAPAttributeSetToObject(LDAPAttributeSet attrs,
+            String name, IDBObj parent) throws EBaseException {
         try {
             // rebuild object quickly using binary image
             // XXX bad! when we add this attribute,
@@ -249,8 +246,8 @@ public class X509CertImplMapper implements IDBAttrMapper {
             // we retrieve it, DS returns it as
             // userCertificate;binary. So I cannot do the
             // following:
-            //      LDAPAttribute attr = attrs.getAttribute(
-            //  	  Schema.LDAP_ATTR_SIGNED_CERT);
+            // LDAPAttribute attr = attrs.getAttribute(
+            // Schema.LDAP_ATTR_SIGNED_CERT);
 
             X509CertInfo certinfo = new X509CertInfo();
             LDAPAttribute attr = attrs.getAttribute(
@@ -263,39 +260,39 @@ public class X509CertImplMapper implements IDBAttrMapper {
             }
             if (attr != null) {
                 byte der[] = (byte[])
-                    attr.getByteValues().nextElement();
+                        attr.getByteValues().nextElement();
                 X509CertImpl impl = new X509CertImpl(der);
 
                 parent.set(name, impl);
             }
         } catch (CertificateException e) {
-            //throw new EDBException(
-            //	DBResources.FAILED_TO_DESERIALIZE_1, name);
+            // throw new EDBException(
+            // DBResources.FAILED_TO_DESERIALIZE_1, name);
             parent.set(name, null);
         } catch (Exception e) {
-            //throw new EDBException(
-            //	DBResources.FAILED_TO_DESERIALIZE_1, name);
+            // throw new EDBException(
+            // DBResources.FAILED_TO_DESERIALIZE_1, name);
             parent.set(name, null);
-			
+
         }
     }
 
     public String mapSearchFilter(String name, String op, String value)
-        throws EBaseException {
+            throws EBaseException {
         AttributeNameHelper h = new AttributeNameHelper(name);
         String suffix = h.getSuffix();
 
         if (suffix.equalsIgnoreCase(ICertRecord.X509CERT_NOT_BEFORE)) {
             name = CertDBSchema.LDAP_ATTR_NOT_BEFORE;
             try {
-                value = DateMapper.dateToDB(new 
+                value = DateMapper.dateToDB(new
                             Date(Long.parseLong(value)));
             } catch (NumberFormatException e) {
             }
         } else if (suffix.equalsIgnoreCase(ICertRecord.X509CERT_NOT_AFTER)) {
             name = CertDBSchema.LDAP_ATTR_NOT_AFTER;
             try {
-                value = DateMapper.dateToDB(new 
+                value = DateMapper.dateToDB(new
                             Date(Long.parseLong(value)));
             } catch (NumberFormatException e) {
             }
@@ -313,15 +310,15 @@ public class X509CertImplMapper implements IDBAttrMapper {
         } else if (suffix.equalsIgnoreCase(ICertRecord.X509CERT_SIGNING_ALGORITHM)) {
             name = CertDBSchema.LDAP_ATTR_SIGNING_ALGORITHM;
         } else if (suffix.equalsIgnoreCase(ICertRecord.X509CERT_SERIAL_NUMBER)) {
-            name = CertDBSchema.LDAP_ATTR_CERT_RECORD_ID; 
+            name = CertDBSchema.LDAP_ATTR_CERT_RECORD_ID;
         } else if (suffix.equalsIgnoreCase(ICertRecord.X509CERT_EXTENSION)) {
-            name = CertDBSchema.LDAP_ATTR_EXTENSION; 
+            name = CertDBSchema.LDAP_ATTR_EXTENSION;
         } else if (suffix.equalsIgnoreCase(ICertRecord.ATTR_REVO_INFO)) {
-            name = CertDBSchema.LDAP_ATTR_REVO_INFO; 
+            name = CertDBSchema.LDAP_ATTR_REVO_INFO;
             value = "*;CRLReasonExtension=" + value + "*";
         } else if (suffix.equalsIgnoreCase("nsExtension.SSLClient")) {
             // special case for NS cert type extension
-            name = CertDBSchema.LDAP_ATTR_EXTENSION; 
+            name = CertDBSchema.LDAP_ATTR_EXTENSION;
             if (value.equals("on")) {
                 value = "2.16.840.1.113730.1.1;*SSLClient=true*";
             } else {
@@ -329,7 +326,7 @@ public class X509CertImplMapper implements IDBAttrMapper {
             }
         } else if (suffix.equalsIgnoreCase("nsExtension.SSLServer")) {
             // special case for NS cert type extension
-            name = CertDBSchema.LDAP_ATTR_EXTENSION; 
+            name = CertDBSchema.LDAP_ATTR_EXTENSION;
             if (value.equals("on")) {
                 value = "2.16.840.1.113730.1.1;*SSLServer=true*";
             } else {
@@ -337,7 +334,7 @@ public class X509CertImplMapper implements IDBAttrMapper {
             }
         } else if (suffix.equalsIgnoreCase("nsExtension.SecureEmail")) {
             // special case for NS cert type extension
-            name = CertDBSchema.LDAP_ATTR_EXTENSION; 
+            name = CertDBSchema.LDAP_ATTR_EXTENSION;
             if (value.equals("on")) {
                 value = "2.16.840.1.113730.1.1;*Email=true*";
             } else {
@@ -345,7 +342,7 @@ public class X509CertImplMapper implements IDBAttrMapper {
             }
         } else if (suffix.equalsIgnoreCase("nsExtension.SubordinateSSLCA")) {
             // special case for NS cert type extension
-            name = CertDBSchema.LDAP_ATTR_EXTENSION; 
+            name = CertDBSchema.LDAP_ATTR_EXTENSION;
             if (value.equals("on")) {
                 value = "2.16.840.1.113730.1.1;*SSLCA=true*";
             } else {
@@ -353,7 +350,7 @@ public class X509CertImplMapper implements IDBAttrMapper {
             }
         } else if (suffix.equalsIgnoreCase("nsExtension.SubordinateEmailCA")) {
             // special case for NS cert type extension
-            name = CertDBSchema.LDAP_ATTR_EXTENSION; 
+            name = CertDBSchema.LDAP_ATTR_EXTENSION;
             if (value.equals("on")) {
                 value = "2.16.840.1.113730.1.1;*EmailCA=true*";
             } else {
@@ -361,7 +358,7 @@ public class X509CertImplMapper implements IDBAttrMapper {
             }
         } else if (suffix.equalsIgnoreCase("BasicConstraints.isCA")) {
             // special case for Basic Constraints extension
-            name = CertDBSchema.LDAP_ATTR_EXTENSION; 
+            name = CertDBSchema.LDAP_ATTR_EXTENSION;
             if (value.equals("on")) {
                 value = "2.5.29.19;*isCA=true*";
             } else {
diff --git a/pki/base/common/src/com/netscape/cmscore/extensions/CMSExtensionsMap.java b/pki/base/common/src/com/netscape/cmscore/extensions/CMSExtensionsMap.java
index b0fe0432..a4e90f61 100644
--- a/pki/base/common/src/com/netscape/cmscore/extensions/CMSExtensionsMap.java
+++ b/pki/base/common/src/com/netscape/cmscore/extensions/CMSExtensionsMap.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cmscore.extensions;
 
-
 import java.util.Enumeration;
 import java.util.Hashtable;
 
@@ -30,10 +29,9 @@ import com.netscape.certsrv.base.ISubsystem;
 import com.netscape.certsrv.extensions.EExtensionsException;
 import com.netscape.certsrv.extensions.ICMSExtension;
 
-
-/** 
- * Loads extension classes from configuration file and return 
- * for a given extension name or OID.
+/**
+ * Loads extension classes from configuration file and return for a given
+ * extension name or OID.
  */
 public class CMSExtensionsMap implements ISubsystem {
     public static String ID = "extensions";
@@ -56,10 +54,11 @@ public class CMSExtensionsMap implements ISubsystem {
 
     /**
      * Create extensions from configuration store.
+     * 
      * @param config the configuration store.
      */
-    public void init(ISubsystem owner, IConfigStore config) 
-        throws EBaseException {
+    public void init(ISubsystem owner, IConfigStore config)
+            throws EBaseException {
         mOwner = owner;
         mConfig = config;
 
@@ -82,11 +81,11 @@ public class CMSExtensionsMap implements ISubsystem {
             } catch (IllegalAccessException e) {
                 throw new EExtensionsException(
                         CMS.getUserMessage("CMS_EXTENSION_INSTANTIATE_ERROR",
-                        className, e.toString()));
+                                className, e.toString()));
             } catch (InstantiationException e) {
                 throw new EExtensionsException(
                         CMS.getUserMessage("CMS_EXTENSION_INSTANTIATE_ERROR",
-                        className, e.toString()));
+                                className, e.toString()));
             } catch (ClassCastException e) {
                 throw new EExtensionsException(
                         CMS.getUserMessage("CMS_EXTENSION_INVALID_IMPL", className));
@@ -101,7 +100,7 @@ public class CMSExtensionsMap implements ISubsystem {
         if (name == null || oid == null) {
             throw new EExtensionsException(
                     CMS.getUserMessage("CMS_EXTENSION_INCORRECT_IMPL",
-                    ext.getClass().getName()));
+                            ext.getClass().getName()));
         }
         mName2Ext.put(name, ext);
         mOID2Ext.put(oid.toString(), ext);
@@ -120,29 +119,30 @@ public class CMSExtensionsMap implements ISubsystem {
     }
 
     /**
-     * Get configuration store. 
+     * Get configuration store.
      */
     public IConfigStore getConfigStore() {
         return mConfig;
     }
 
     /**
-     * Returns subsystem ID 
+     * Returns subsystem ID
      */
     public String getId() {
         return ID;
     }
 
     /**
-     * sets subsystem ID 
+     * sets subsystem ID
      */
     public void setId(String Id) {
     }
 
     /**
      * Get the extension class by name.
+     * 
      * @param name name of the extension
-     * @return the extension class. 
+     * @return the extension class.
      */
     public ICMSExtension getByName(String name) {
         return (ICMSExtension) mName2Ext.get(name);
@@ -150,6 +150,7 @@ public class CMSExtensionsMap implements ISubsystem {
 
     /**
      * Get the extension class by its OID.
+     * 
      * @param oid - the OID of the extension.
      * @return the extension class.
      */
diff --git a/pki/base/common/src/com/netscape/cmscore/extensions/KeyUsage.java b/pki/base/common/src/com/netscape/cmscore/extensions/KeyUsage.java
index 9b8e16cf..bba95949 100644
--- a/pki/base/common/src/com/netscape/cmscore/extensions/KeyUsage.java
+++ b/pki/base/common/src/com/netscape/cmscore/extensions/KeyUsage.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cmscore.extensions;
 
-
 import java.io.IOException;
 
 import netscape.security.util.DerOutputStream;
@@ -36,7 +35,6 @@ import com.netscape.certsrv.extensions.ICMSExtension;
 import com.netscape.certsrv.logging.ILogger;
 import com.netscape.cmscore.util.Debug;
 
-
 public class KeyUsage implements ICMSExtension {
     private final static String NAME = "KeyUsageExtension";
     private final static ObjectIdentifier OID = PKIXExtensions.KeyUsage_Id;
@@ -49,24 +47,24 @@ public class KeyUsage implements ICMSExtension {
     public KeyUsage(boolean setDefault) {
         mSetDefault = setDefault;
         mLogger = CMS.getLogger();
-    } 
+    }
 
-    public void init(ISubsystem owner, IConfigStore config) 
-        throws EBaseException {
+    public void init(ISubsystem owner, IConfigStore config)
+            throws EBaseException {
         // nothing to do here.
         mConfig = config;
     }
 
-    public String getName() { 
-        return NAME; 
+    public String getName() {
+        return NAME;
     }
 
-    public ObjectIdentifier getOID() { 
-        return OID; 
+    public ObjectIdentifier getOID() {
+        return OID;
     }
 
-    protected static final boolean[] DEF_BITS = 
-        new boolean[KeyUsageExtension.NBITS];
+    protected static final boolean[] DEF_BITS =
+            new boolean[KeyUsageExtension.NBITS];
 
     static {
         // set default bits used when request missing key usage info.
@@ -84,10 +82,10 @@ public class KeyUsage implements ICMSExtension {
     private static boolean getBoolean(Object value) {
         String val = (String) value;
 
-        if (val != null && 
-            (val.equalsIgnoreCase("true") || val.equalsIgnoreCase("on")))
+        if (val != null &&
+                (val.equalsIgnoreCase("true") || val.equalsIgnoreCase("on")))
             return true;
-        else 
+        else
             return false;
     }
 
@@ -120,13 +118,13 @@ public class KeyUsage implements ICMSExtension {
         int i;
 
         for (i = 0; i < KeyUsageExtension.NBITS; i++) {
-            if (values[i] != null && (values[i] instanceof String)) 
+            if (values[i] != null && (values[i] instanceof String))
                 break;
         }
         if (i == KeyUsageExtension.NBITS && mSetDefault) {
             // no key usage extension parameters are requested. set default.
             CMS.debug(
-                "No Key usage bits requested. Setting default.");
+                    "No Key usage bits requested. Setting default.");
             bits = DEF_BITS;
         } else {
             bit = KeyUsageExtension.DIGITAL_SIGNATURE_BIT;
@@ -171,15 +169,15 @@ public class KeyUsage implements ICMSExtension {
             int j = 0;
 
             for (j = 0; j < bits.length; j++) {
-                if (bits[j]) 
+                if (bits[j])
                     break;
             }
             if (j == bits.length) {
-                if (!mSetDefault) 
+                if (!mSetDefault)
                     return null;
-                else 
+                else
                     bits = DEF_BITS;
-            } 
+            }
             return new KeyUsageExtension(bits);
         } catch (IOException e) {
             throw new EExtensionsException(
@@ -188,7 +186,7 @@ public class KeyUsage implements ICMSExtension {
     }
 
     public IArgBlock getFormParams(Extension extension)
-        throws EBaseException {
+            throws EBaseException {
         KeyUsageExtension ext = null;
 
         if (!extension.getExtensionId().equals(PKIXExtensions.KeyUsage_Id)) {
@@ -210,26 +208,25 @@ public class KeyUsage implements ICMSExtension {
         IArgBlock params = CMS.createArgBlock();
         boolean[] bits = ext.getBits();
 
-        params.set(KeyUsageExtension.DIGITAL_SIGNATURE, 
-            String.valueOf(bits[KeyUsageExtension.DIGITAL_SIGNATURE_BIT]));
+        params.set(KeyUsageExtension.DIGITAL_SIGNATURE,
+                String.valueOf(bits[KeyUsageExtension.DIGITAL_SIGNATURE_BIT]));
         params.set(KeyUsageExtension.NON_REPUDIATION,
-            String.valueOf(bits[KeyUsageExtension.NON_REPUDIATION_BIT]));
+                String.valueOf(bits[KeyUsageExtension.NON_REPUDIATION_BIT]));
         params.set(KeyUsageExtension.KEY_ENCIPHERMENT,
-            String.valueOf(bits[KeyUsageExtension.KEY_ENCIPHERMENT_BIT]));
+                String.valueOf(bits[KeyUsageExtension.KEY_ENCIPHERMENT_BIT]));
         params.set(KeyUsageExtension.DATA_ENCIPHERMENT,
-            String.valueOf(bits[KeyUsageExtension.DATA_ENCIPHERMENT_BIT]));
+                String.valueOf(bits[KeyUsageExtension.DATA_ENCIPHERMENT_BIT]));
         params.set(KeyUsageExtension.KEY_AGREEMENT,
-            String.valueOf(bits[KeyUsageExtension.KEY_AGREEMENT_BIT]));
+                String.valueOf(bits[KeyUsageExtension.KEY_AGREEMENT_BIT]));
         params.set(KeyUsageExtension.KEY_CERTSIGN,
-            String.valueOf(bits[KeyUsageExtension.KEY_CERTSIGN_BIT]));
+                String.valueOf(bits[KeyUsageExtension.KEY_CERTSIGN_BIT]));
         params.set(KeyUsageExtension.CRL_SIGN,
-            String.valueOf(bits[KeyUsageExtension.CRL_SIGN_BIT]));
-        params.set(KeyUsageExtension.ENCIPHER_ONLY, 
-            String.valueOf(bits[KeyUsageExtension.ENCIPHER_ONLY_BIT]));
+                String.valueOf(bits[KeyUsageExtension.CRL_SIGN_BIT]));
+        params.set(KeyUsageExtension.ENCIPHER_ONLY,
+                String.valueOf(bits[KeyUsageExtension.ENCIPHER_ONLY_BIT]));
         params.set(KeyUsageExtension.DECIPHER_ONLY,
-            String.valueOf(bits[KeyUsageExtension.DECIPHER_ONLY_BIT]));
+                String.valueOf(bits[KeyUsageExtension.DECIPHER_ONLY_BIT]));
         return params;
     }
 
 }
-
diff --git a/pki/base/common/src/com/netscape/cmscore/jobs/CronItem.java b/pki/base/common/src/com/netscape/cmscore/jobs/CronItem.java
index 4b248954..7bc14625 100644
--- a/pki/base/common/src/com/netscape/cmscore/jobs/CronItem.java
+++ b/pki/base/common/src/com/netscape/cmscore/jobs/CronItem.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cmscore.jobs;
 
-
 import java.util.StringTokenizer;
 import java.util.Vector;
 
@@ -25,15 +24,15 @@ import com.netscape.certsrv.apps.CMS;
 import com.netscape.certsrv.base.EBaseException;
 import com.netscape.certsrv.logging.ILogger;
 
-
 /**
  * class representing one Job cron item
- * <p>here, an "item" refers to one of the 5 fields in a cron string;
- * "element" refers to any comma-deliminated element in an
- * "item"...which includes both numbers and '-' separated ranges.
+ * <p>
+ * here, an "item" refers to one of the 5 fields in a cron string; "element"
+ * refers to any comma-deliminated element in an "item"...which includes both
+ * numbers and '-' separated ranges.
  * <p>
  * for each of the 5 cron fields, it's represented as a CronItem
- *
+ * 
  * @author cfu
  * @version $Revision$, $Date$
  */
@@ -49,22 +48,22 @@ public class CronItem {
     // store all elements in a field.
     // elements can either be numbers or ranges (CronRange)
     protected Vector<CronRange> mElements = new Vector<CronRange>();
-	
+
     public CronItem(int min, int max) {
         mMin = min;
         mMax = max;
     }
-	
+
     /**
      * parses and sets a string cron item
-     * @param sItem the string representing an item of a cron string.
-     * item can be potentially comma separated with ranges specified
-     * with '-'s
+     * 
+     * @param sItem the string representing an item of a cron string. item can
+     *            be potentially comma separated with ranges specified with '-'s
      */
     public void set(String sItem) throws EBaseException {
-		
+
         if (sItem.equals(ALL)) {
-            //			System.out.println("CronItem set(): item is ALL");
+            // System.out.println("CronItem set(): item is ALL");
             CronRange cr = new CronRange();
 
             cr.setBegin(mMin);
@@ -90,7 +89,7 @@ public class CronItem {
                     } catch (NumberFormatException e) {
                         // throw ...
                         log(ILogger.LL_FAILURE,
-                            CMS.getLogMessage("CMSCORE_JOBS_INVALID_TOKEN", tok, e.toString()));
+                                CMS.getLogMessage("CMSCORE_JOBS_INVALID_TOKEN", tok, e.toString()));
                         throw new EBaseException(CMS.getUserMessage("CMS_BASE_INVALID_JOB_CRON"));
                     }
                     String sEnd = tok.substring(r + 1, tok.length());
@@ -100,7 +99,7 @@ public class CronItem {
                     } catch (NumberFormatException e) {
                         // throw ...
                         log(ILogger.LL_FAILURE,
-                            CMS.getLogMessage("CMSCORE_JOBS_INVALID_TOKEN", tok, e.toString()));
+                                CMS.getLogMessage("CMSCORE_JOBS_INVALID_TOKEN", tok, e.toString()));
                         throw new EBaseException(CMS.getUserMessage("CMS_BASE_INVALID_JOB_CRON"));
                     }
                     // got both begin and end for range
@@ -112,11 +111,11 @@ public class CronItem {
                     if (!cr.isValidRange(mMin, mMax)) {
                         // throw...
                         log(ILogger.LL_FAILURE,
-                            CMS.getLogMessage("CMSCORE_JOBS_INVALID_RANGE",
-                                tok));
+                                CMS.getLogMessage("CMSCORE_JOBS_INVALID_RANGE",
+                                        tok));
                         throw new EBaseException(CMS.getUserMessage("CMS_BASE_INVALID_JOB_CRON"));
                     }
-                    //					System.out.println("CronItem set(): adding a range");
+                    // System.out.println("CronItem set(): adding a range");
                     mElements.addElement(cr);
                 } else {
                     // number element, begin and end are the same
@@ -130,15 +129,15 @@ public class CronItem {
                         if (!cr.isValidRange(mMin, mMax)) {
                             // throw...
                             log(ILogger.LL_FAILURE,
-                                CMS.getLogMessage("CMSCORE_JOBS_INVALID_MIN_MAX_RANGE", Integer.toString(mMin), Integer.toString(mMax)));
+                                    CMS.getLogMessage("CMSCORE_JOBS_INVALID_MIN_MAX_RANGE", Integer.toString(mMin), Integer.toString(mMax)));
                             throw new EBaseException(CMS.getUserMessage("CMS_BASE_INVALID_JOB_CRON"));
                         }
-                        //						System.out.println("CronItem set(): adding a number");
+                        // System.out.println("CronItem set(): adding a number");
                         mElements.addElement(cr);
                     } catch (NumberFormatException e) {
                         // throw...
                         log(ILogger.LL_FAILURE,
-                            "invalid item in cron: " + tok);
+                                "invalid item in cron: " + tok);
                         throw new EBaseException(CMS.getUserMessage("CMS_BASE_INVALID_JOB_CRON"));
                     }
                 }
@@ -147,8 +146,9 @@ public class CronItem {
     }
 
     /**
-     * get the vector stuffed with elements where each element is
-     *	 represented as CronRange
+     * get the vector stuffed with elements where each element is represented as
+     * CronRange
+     * 
      * @return a vector of CronRanges
      */
     public Vector<CronRange> getElements() {
@@ -162,7 +162,6 @@ public class CronItem {
         if (mLogger == null)
             return;
         mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER,
-            level, "jobs/CronItem: " + msg);
+                level, "jobs/CronItem: " + msg);
     }
 }
-
diff --git a/pki/base/common/src/com/netscape/cmscore/jobs/CronRange.java b/pki/base/common/src/com/netscape/cmscore/jobs/CronRange.java
index 59293ee1..0a90dbb2 100644
--- a/pki/base/common/src/com/netscape/cmscore/jobs/CronRange.java
+++ b/pki/base/common/src/com/netscape/cmscore/jobs/CronRange.java
@@ -17,27 +17,24 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cmscore.jobs;
 
-
-
-
 /**
  * class representing one Job cron element
- * <p>here, an "item" refers to one of the 5 fields in a cron string;
- * "element" refers to any comma-deliminated element in an
- * "item"...which includes both numbers and '-' separated ranges.
  * <p>
- * an Element can contain either an integer number or a range
- *	 specified as CronRange.  In case of integer numbers, begin
- *	 and end are of the same value
- *
+ * here, an "item" refers to one of the 5 fields in a cron string; "element"
+ * refers to any comma-deliminated element in an "item"...which includes both
+ * numbers and '-' separated ranges.
+ * <p>
+ * an Element can contain either an integer number or a range specified as
+ * CronRange. In case of integer numbers, begin and end are of the same value
+ * 
  * @author cfu
  * @version $Revision$, $Date$
  */
 public class CronRange {
     int mBegin = 0;
     int mEnd = 0;
-		
-    public CronRange () {
+
+    public CronRange() {
     }
 
     /**
@@ -46,7 +43,7 @@ public class CronRange {
     public void setBegin(int i) {
         mBegin = i;
     }
-	
+
     /**
      * gets the lower boundary value of the range
      */
@@ -69,17 +66,18 @@ public class CronRange {
     }
 
     /**
-     * checks to see if the lower and higher boundary values are
-     *	 within the min/max.
+     * checks to see if the lower and higher boundary values are within the
+     * min/max.
+     * 
      * @param min the minimum value one can specify in this field
      * @param max the maximum value one can specify in this field
-     * @return a boolean (true/false) on whether the begin/end values
-     *	 are within the min/max passed in the params
+     * @return a boolean (true/false) on whether the begin/end values are within
+     *         the min/max passed in the params
      */
     public boolean isValidRange(int min, int max) {
         if ((mEnd < mBegin) ||
-            (mBegin < min) ||
-            (mEnd > max))
+                (mBegin < min) ||
+                (mEnd > max))
             return false;
         else
             return true;
diff --git a/pki/base/common/src/com/netscape/cmscore/jobs/JobCron.java b/pki/base/common/src/com/netscape/cmscore/jobs/JobCron.java
index 8272c448..828834a2 100644
--- a/pki/base/common/src/com/netscape/cmscore/jobs/JobCron.java
+++ b/pki/base/common/src/com/netscape/cmscore/jobs/JobCron.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cmscore.jobs;
 
-
 import java.util.Calendar;
 import java.util.Enumeration;
 import java.util.StringTokenizer;
@@ -28,33 +27,28 @@ import com.netscape.certsrv.base.EBaseException;
 import com.netscape.certsrv.jobs.IJobCron;
 import com.netscape.certsrv.logging.ILogger;
 
-
 /**
  * class representing one Job cron information
- * <p>here, an "item" refers to one of the 5 fields in a cron string;
- * "element" refers to any comma-deliminated element in an
- * "item"...which includes both numbers and '-' separated ranges.
- * A cron string in the configuration takes the following format:
- * <i>minute (0-59),
- * hour (0-23),
- * day of the month (1-31),
- * month of the year (1-12),
- * day of the week (0-6 with 0=Sunday)</i>
  * <p>
- * e.g. jobsScheduler.job.rnJob1.cron=30 11,23 * * 1-5
- * In this example, the job "rnJob1" will be executed from Monday
- * through Friday, at 11:30am and 11:30pm.
+ * here, an "item" refers to one of the 5 fields in a cron string; "element"
+ * refers to any comma-deliminated element in an "item"...which includes both
+ * numbers and '-' separated ranges. A cron string in the configuration takes
+ * the following format: <i>minute (0-59), hour (0-23), day of the month (1-31),
+ * month of the year (1-12), day of the week (0-6 with 0=Sunday)</i>
  * <p>
- *
+ * e.g. jobsScheduler.job.rnJob1.cron=30 11,23 * * 1-5 In this example, the job
+ * "rnJob1" will be executed from Monday through Friday, at 11:30am and 11:30pm.
+ * <p>
+ * 
  * @author cfu
  * @version $Revision$, $Date$
  */
 public class JobCron implements IJobCron {
 
     /**
-     * CRON_MINUTE, CRON_HOUR, CRON_DAY_OF_MONTH, CRON_MONTH_OF_YEAR,
-     *	 and CRON_DAY_OF_WEEK are to be used in <b>getItem()</b> to
-     * retrieve the corresponding <b>CronItem</b>
+     * CRON_MINUTE, CRON_HOUR, CRON_DAY_OF_MONTH, CRON_MONTH_OF_YEAR, and
+     * CRON_DAY_OF_WEEK are to be used in <b>getItem()</b> to retrieve the
+     * corresponding <b>CronItem</b>
      */
     public static final String CRON_MINUTE = "minute";
     public static final String CRON_HOUR = "hour";
@@ -72,7 +66,7 @@ public class JobCron implements IJobCron {
     CronItem cDOW = null;
 
     public JobCron(String cronString)
-        throws EBaseException {
+            throws EBaseException {
         mCronString = cronString;
 
         // create all 5 items in the cron
@@ -84,9 +78,9 @@ public class JobCron implements IJobCron {
 
         cronToVals(mCronString);
     }
-	
-    private void cronToVals(String cronString) 
-        throws EBaseException {
+
+    private void cronToVals(String cronString)
+            throws EBaseException {
         StringTokenizer st = new StringTokenizer(cronString);
 
         String sMinute = null;
@@ -101,8 +95,8 @@ public class JobCron implements IJobCron {
                 cMinute.set(sMinute);
             }
         } catch (EBaseException e) {
-            log(ILogger.LL_FAILURE, 
-                CMS.getLogMessage("CMSCORE_JOBS_INVALID_MIN", e.toString()));
+            log(ILogger.LL_FAILURE,
+                    CMS.getLogMessage("CMSCORE_JOBS_INVALID_MIN", e.toString()));
             throw new EBaseException(CMS.getUserMessage("CMS_BASE_INVALID_JOB_CRON"));
         }
 
@@ -118,7 +112,7 @@ public class JobCron implements IJobCron {
 
         if (st.hasMoreTokens()) {
             sDayOMonth = st.nextToken();
-            //			cDOM.set(sDayOMonth);
+            // cDOM.set(sDayOMonth);
         }
 
         try {
@@ -133,24 +127,22 @@ public class JobCron implements IJobCron {
 
         if (st.hasMoreTokens()) {
             sDayOWeek = st.nextToken();
-            //			cDOW.set(sDayOWeek);
+            // cDOW.set(sDayOWeek);
         }
 
         /**
-         * day-of-month or day-of-week, or both?
-         * if only one of them is '*', the non '*' one prevails,
-         * the '*' one will remain empty (no elements)
+         * day-of-month or day-of-week, or both? if only one of them is '*', the
+         * non '*' one prevails, the '*' one will remain empty (no elements)
          */
         // day-of-week
-        if ((sDayOMonth!= null) && sDayOMonth.equals(CronItem.ALL) && (sDayOWeek!= null) && !sDayOWeek.equals(CronItem.ALL)) {
+        if ((sDayOMonth != null) && sDayOMonth.equals(CronItem.ALL) && (sDayOWeek != null) && !sDayOWeek.equals(CronItem.ALL)) {
             try {
                 cDOW.set(sDayOWeek);
             } catch (EBaseException e) {
                 log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_JOBS_INVALID_DAY_OF_WEEK", e.toString()));
                 throw new EBaseException(CMS.getUserMessage("CMS_BASE_INVALID_JOB_CRON"));
             }
-        } else
-        if ((sDayOMonth!= null) && !sDayOMonth.equals(CronItem.ALL) && (sDayOWeek!= null) && sDayOWeek.equals(CronItem.ALL)) {
+        } else if ((sDayOMonth != null) && !sDayOMonth.equals(CronItem.ALL) && (sDayOWeek != null) && sDayOWeek.equals(CronItem.ALL)) {
             try {
                 cDOM.set(sDayOMonth);
             } catch (EBaseException e) {
@@ -159,7 +151,7 @@ public class JobCron implements IJobCron {
             }
         } else { // if both '*', every day, if neither is '*', do both
             try {
-                if (sDayOWeek!= null) {
+                if (sDayOWeek != null) {
                     cDOW.set(sDayOWeek);
                 }
             } catch (EBaseException e) {
@@ -179,10 +171,11 @@ public class JobCron implements IJobCron {
 
     /**
      * retrieves the cron item
-     * @param item name of the item.  must be one of the <b>CRON_*</b>
-     * strings defined in this class
-     * @return an instance of the CronItem class which represents the
-     *	 requested cron item 
+     * 
+     * @param item name of the item. must be one of the <b>CRON_*</b> strings
+     *            defined in this class
+     * @return an instance of the CronItem class which represents the requested
+     *         cron item
      */
     public CronItem getItem(String item) {
         if (item.equals(CRON_MINUTE)) {
@@ -204,10 +197,11 @@ public class JobCron implements IJobCron {
 
     /**
      * Does the element fit any element in the item
+     * 
      * @param element the element of "now" in cron format
      * @param item the item consists of a vector of elements
-     * @return boolean (true/false) on whether the element is one of
-     *	 the elements in the item
+     * @return boolean (true/false) on whether the element is one of the
+     *         elements in the item
      */
     boolean isElement(int element, Vector<CronRange> item) {
         // loop through all of the elements of an item
@@ -221,7 +215,7 @@ public class JobCron implements IJobCron {
                 }
             } else { // is a range
                 if ((element >= cElement.getBegin()) &&
-                    (element <= cElement.getEnd())) {
+                        (element <= cElement.getEnd())) {
                     return true;
                 }
             }
@@ -231,11 +225,10 @@ public class JobCron implements IJobCron {
     }
 
     /**
-     * convert the day of the week representation from Calendar to
-     *	 cron
+     * convert the day of the week representation from Calendar to cron
+     * 
      * @param time the Calendar value represents a moment of time
-     * @return an integer value that represents a cron Day-Of-Week
-     *	 element
+     * @return an integer value that represents a cron Day-Of-Week element
      */
     public int DOW_cal2cron(Calendar time) {
         int calDow = time.get(Calendar.DAY_OF_WEEK);
@@ -280,9 +273,9 @@ public class JobCron implements IJobCron {
 
     /**
      * convert the month of year representation from Calendar to cron
+     * 
      * @param time the Calendar value represents a moment of time
-     * @return an integer value that represents a cron Month-Of-Year
-     *	 element
+     * @return an integer value that represents a cron Month-Of-Year element
      */
     public int MOY_cal2cron(Calendar time) {
         int calMoy = time.get(Calendar.MONTH);
@@ -352,6 +345,6 @@ public class JobCron implements IJobCron {
         if (mLogger == null)
             return;
         mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER,
-            level, msg);
+                level, msg);
     }
 }
diff --git a/pki/base/common/src/com/netscape/cmscore/jobs/JobsScheduler.java b/pki/base/common/src/com/netscape/cmscore/jobs/JobsScheduler.java
index ad6cf898..ed992c90 100644
--- a/pki/base/common/src/com/netscape/cmscore/jobs/JobsScheduler.java
+++ b/pki/base/common/src/com/netscape/cmscore/jobs/JobsScheduler.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cmscore.jobs;
 
-
 import java.util.Calendar;
 import java.util.Enumeration;
 import java.util.Hashtable;
@@ -35,24 +34,21 @@ import com.netscape.certsrv.jobs.JobPlugin;
 import com.netscape.certsrv.logging.ILogger;
 import com.netscape.cmscore.util.Debug;
 
-
 /**
- * This is a daemon thread that handles scheduled jobs like cron would
- * do with different jobs.  This daemon wakes up at a pre-configured
- * interval to see
- * if there is any job to be done, if so, a thread is created to execute
- * the job(s).
+ * This is a daemon thread that handles scheduled jobs like cron would do with
+ * different jobs. This daemon wakes up at a pre-configured interval to see if
+ * there is any job to be done, if so, a thread is created to execute the
+ * job(s).
  * <p>
- * The interval <b>jobsScheduler.interval</b> in the configuration is
- * specified as number of minutes.  If not set, the default is 1 minute.
- * Note that the cron specification for each job CAN NOT be finer than
- * the granularity of the Scheduler daemon interval.  For example, if
- * the daemon interval is set to 5 minute, a job cron for every minute
- * at 7am on each Tuesday (e.g. * 7 * * 2) will result in the
- * execution of the job thread only once every 5 minutes during that
- * hour.  <b>The inteval value is recommended at 1 minute, setting it
- * otherwise has the potential of forever missing the beat</b>. Use
- * with caution.
+ * The interval <b>jobsScheduler.interval</b> in the configuration is specified
+ * as number of minutes. If not set, the default is 1 minute. Note that the cron
+ * specification for each job CAN NOT be finer than the granularity of the
+ * Scheduler daemon interval. For example, if the daemon interval is set to 5
+ * minute, a job cron for every minute at 7am on each Tuesday (e.g. * 7 * * 2)
+ * will result in the execution of the job thread only once every 5 minutes
+ * during that hour. <b>The inteval value is recommended at 1 minute, setting it
+ * otherwise has the potential of forever missing the beat</b>. Use with
+ * caution.
  * 
  * @author cfu
  * @see JobCron
@@ -93,19 +89,19 @@ public class JobsScheduler implements Runnable, IJobsScheduler {
     }
 
     /**
-     * read from the config file all implementations of Jobs,
-     * register and initialize them
+     * read from the config file all implementations of Jobs, register and
+     * initialize them
      * <p>
      * the config params have the following formats:
      * jobScheduler.impl.[implementation name].class=[package name]
      * jobScheduler.job.[job name].pluginName=[implementation name]
-     * jobScheduler.job.[job name].cron=[crontab format]
-     * jobScheduler.job.[job name].[any job specific params]=[values]
+     * jobScheduler.job.[job name].cron=[crontab format] jobScheduler.job.[job
+     * name].[any job specific params]=[values]
      * 
      * @param config jobsScheduler configStore
      */
     public void init(ISubsystem owner, IConfigStore config)
-        throws EBaseException, EJobsException {
+            throws EBaseException, EJobsException {
         mLogger = CMS.getLogger();
 
         // read in config parameters and set variables
@@ -142,14 +138,13 @@ public class JobsScheduler implements Runnable, IJobsScheduler {
             String jobName = (String) jobs.nextElement();
             String implName = c.getString(jobName + "." + PROP_PLUGIN);
             JobPlugin plugin =
-                (JobPlugin) mJobPlugins.get(implName);
+                    (JobPlugin) mJobPlugins.get(implName);
 
             if (plugin == null) {
-                log(ILogger.LL_FAILURE, 
-                    CMS.getLogMessage("CMSCORE_JOBS_CLASS_NOT_FOUND",
-                        implName));
-                throw new
-                    EJobsException(CMS.getUserMessage("CMS_JOB_PLUGIN_NOT_FOUND", implName));
+                log(ILogger.LL_FAILURE,
+                        CMS.getLogMessage("CMSCORE_JOBS_CLASS_NOT_FOUND",
+                                implName));
+                throw new EJobsException(CMS.getUserMessage("CMS_JOB_PLUGIN_NOT_FOUND", implName));
             }
             String classPath = plugin.getClassPath();
 
@@ -169,20 +164,17 @@ public class JobsScheduler implements Runnable, IJobsScheduler {
                 String errMsg = "JobsScheduler:: init()-" + e.toString();
 
                 log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_JOBS_INIT_ERROR", e.toString()));
-                throw new
-                    EJobsException(CMS.getUserMessage("CMS_JOB_LOAD_CLASS_FAILED", classPath));
+                throw new EJobsException(CMS.getUserMessage("CMS_JOB_LOAD_CLASS_FAILED", classPath));
             } catch (IllegalAccessException e) {
                 String errMsg = "JobsScheduler:: init()-" + e.toString();
 
                 log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_JOBS_INIT_ERROR", e.toString()));
-                throw new
-                    EJobsException(CMS.getUserMessage("CMS_JOB_LOAD_CLASS_FAILED", classPath));
+                throw new EJobsException(CMS.getUserMessage("CMS_JOB_LOAD_CLASS_FAILED", classPath));
             } catch (InstantiationException e) {
                 String errMsg = "JobsScheduler: init()-" + e.toString();
 
                 log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_JOBS_INIT_ERROR", e.toString()));
-                throw new
-                    EJobsException(CMS.getUserMessage("CMS_JOB_LOAD_CLASS_FAILED", classPath));
+                throw new EJobsException(CMS.getUserMessage("CMS_JOB_LOAD_CLASS_FAILED", classPath));
             } catch (EBaseException e) {
                 log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_JOBS_INIT_ERROR", e.toString()));
                 throw e;
@@ -205,12 +197,10 @@ public class JobsScheduler implements Runnable, IJobsScheduler {
     }
 
     /**
-     * when wake up:
-     * . execute the scheduled job(s)
-     * * if job still running from previous interval, skip it
-     * . figure out when is the next wakeup time (every interval).  If
-     *	 current wakup time runs over the interval, skip the missed interval(s)
-     * . sleep till the next wakeup time
+     * when wake up: . execute the scheduled job(s) * if job still running from
+     * previous interval, skip it . figure out when is the next wakeup time
+     * (every interval). If current wakup time runs over the interval, skip the
+     * missed interval(s) . sleep till the next wakeup time
      */
     public void run() {
         long wokeupTime = 0;
@@ -230,8 +220,8 @@ public class JobsScheduler implements Runnable, IJobsScheduler {
                 // just let it skip to next second, fine.
                 duration = (60 - second) * 1000 + 1000 - milliSec;
                 log(ILogger.LL_INFO,
-                    "adjustment for cron behavior: sleep for " +
-                    duration + " milliseconds");
+                        "adjustment for cron behavior: sleep for " +
+                                duration + " milliseconds");
             } else {
 
                 // when is the next wakeup time for the JobsScheduler?
@@ -268,14 +258,13 @@ public class JobsScheduler implements Runnable, IJobsScheduler {
 
             // get time now
             cal = Calendar.getInstance();
-			
+
             /**
-             * Get the current time outside the jobs while loop
-             * to make sure that the rightful jobs are run
-             * -- milliseconds from the epoch
+             * Get the current time outside the jobs while loop to make sure
+             * that the rightful jobs are run -- milliseconds from the epoch
              */
             wokeupTime = cal.getTime().getTime();
-			
+
             IJob job = null;
 
             for (Enumeration<IJob> e = mJobs.elements(); e.hasMoreElements();) {
@@ -296,7 +285,7 @@ public class JobsScheduler implements Runnable, IJobsScheduler {
 
                 // start the job thread if necessary
                 if (isShowTime(job, cal) == true) {
-                    //	log(ILogger.LL_INFO, "show time for: "+job.getId());
+                    // log(ILogger.LL_INFO, "show time for: "+job.getId());
 
                     // if previous thread still alive, skip
                     Thread jthread = (Thread) mJobThreads.get(job.getId());
@@ -310,14 +299,14 @@ public class JobsScheduler implements Runnable, IJobsScheduler {
                     } else {
                         // previous thread still alive, log it
                         log(ILogger.LL_INFO, "Job " + job.getId() +
-                            " still running...skipping this round");
+                                " still running...skipping this round");
                     }
                 }
             } // for
 
         }
     }
-   
+
     public IJobCron createJobCron(String cs) throws EBaseException {
         return new JobCron(cs);
     }
@@ -338,8 +327,8 @@ public class JobsScheduler implements Runnable, IJobsScheduler {
          * is it the right month?
          */
         Vector<CronRange> moy =
-            jcron.getItem(JobCron.CRON_MONTH_OF_YEAR).getElements();
-		
+                jcron.getItem(JobCron.CRON_MONTH_OF_YEAR).getElements();
+
         int cronMoy = jcron.MOY_cal2cron(now);
 
         if (jcron.isElement(cronMoy, moy) == false) {
@@ -361,7 +350,7 @@ public class JobsScheduler implements Runnable, IJobsScheduler {
         int cronDow = jcron.DOW_cal2cron(now);
 
         if ((jcron.isElement(cronDow, dow) == false) &&
-            (jcron.isElement(now.get(Calendar.DAY_OF_MONTH), dom) == false)) {
+                (jcron.isElement(now.get(Calendar.DAY_OF_MONTH), dom) == false)) {
             return false;
         }
         // is the right date!
@@ -384,23 +373,25 @@ public class JobsScheduler implements Runnable, IJobsScheduler {
         if (jcron.isElement(now.get(Calendar.MINUTE), minute) == false) {
             return false;
         }
-        // is the right minute!  We're on!
+        // is the right minute! We're on!
 
         return true;
     }
 
     /**
      * Retrieves id (name) of this subsystem.
+     * 
      * @return name of the Jobs Scheduler subsystem
      */
     public String getId() {
         return (mId);
     }
-  
+
     /**
      * Sets id string to this subsystem.
      * <p>
-     * Use with caution.  Should not do it when sharing with others
+     * Use with caution. Should not do it when sharing with others
+     * 
      * @param id name to be applied to an Jobs Scheduler subsystem
      */
     public void setId(String id) throws EBaseException {
@@ -421,13 +412,14 @@ public class JobsScheduler implements Runnable, IJobsScheduler {
      * registers the administration servlet with the administration subsystem.
      */
     public void startup() throws EBaseException {
-        //remove, already logged from S_ADMIN
-        //String infoMsg = "Jobs Scheduler subsystem administration Servlet registered";
-        //log(ILogger.LL_INFO, infoMsg);
+        // remove, already logged from S_ADMIN
+        // String infoMsg =
+        // "Jobs Scheduler subsystem administration Servlet registered";
+        // log(ILogger.LL_INFO, infoMsg);
     }
 
     /**
-     * shuts down Jobs one by one. 
+     * shuts down Jobs one by one.
      * <P>
      */
     public void shutdown() {
@@ -438,23 +430,23 @@ public class JobsScheduler implements Runnable, IJobsScheduler {
 
         Enumeration<String> enums = mJobThreads.keys();
         while (enums.hasMoreElements()) {
-            String id = (String)enums.nextElement();
-            Thread currthread = (Thread)mJobThreads.get(id);
-            //if (currthread != null) 
-            //  currthread.destroy();
+            String id = (String) enums.nextElement();
+            Thread currthread = (Thread) mJobThreads.get(id);
+            // if (currthread != null)
+            // currthread.destroy();
         }
 
         mJobThreads.clear();
         mJobThreads = null;
 
-        //if (mScheduleThread != null) 
-              //  mScheduleThread.destroy();
+        // if (mScheduleThread != null)
+        // mScheduleThread.destroy();
     }
 
     /**
      * Returns the root configuration storage of this system.
      * <P>
-     *
+     * 
      * @return configuration store of this subsystem
      */
     public IConfigStore getConfigStore() {
@@ -462,29 +454,29 @@ public class JobsScheduler implements Runnable, IJobsScheduler {
     }
 
     /**
-     * Gets configuration parameters for the given 
-     * job plugin.
+     * Gets configuration parameters for the given job plugin.
+     * 
      * @param implName Name of the job plugin.
      * @return Hashtable of required parameters.
      */
     public String[] getConfigParams(String implName)
-        throws EJobsException {
+            throws EJobsException {
         if (Debug.ON)
             Debug.trace("in getCofigParams()");
 
-            // is this a registered implname?
+        // is this a registered implname?
         JobPlugin plugin = (JobPlugin) mJobPlugins.get(implName);
 
         if (plugin == null) {
-            log(ILogger.LL_FAILURE, 
-                CMS.getLogMessage("CMSCORE_JOBS_CLASS_NOT_FOUND", implName));
+            log(ILogger.LL_FAILURE,
+                    CMS.getLogMessage("CMSCORE_JOBS_CLASS_NOT_FOUND", implName));
             if (Debug.ON)
                 Debug.trace("Job plugin " + implName + " not found.");
             throw new EJobsException(CMS.getUserMessage("CMS_JOB_PLUGIN_NOT_FOUND",
                     implName));
         }
 
-        // XXX can find an instance of this plugin in existing 
+        // XXX can find an instance of this plugin in existing
         // auth manager instantces to avoid instantiation just for this.
 
         // a temporary instance
@@ -500,26 +492,23 @@ public class JobsScheduler implements Runnable, IJobsScheduler {
                 Debug.trace("class instantiated");
             return (jobInst.getConfigParams());
         } catch (InstantiationException e) {
-            log(ILogger.LL_FAILURE, 
-                CMS.getLogMessage("CMSCORE_JOBS_CREATE_NEW", e.toString()));
+            log(ILogger.LL_FAILURE,
+                    CMS.getLogMessage("CMSCORE_JOBS_CREATE_NEW", e.toString()));
             if (Debug.ON)
                 Debug.trace("class NOT instantiated: " + e.toString());
-            throw new 
-                EJobsException(CMS.getUserMessage("CMS_JOB_LOAD_CLASS_FAILED", className));
+            throw new EJobsException(CMS.getUserMessage("CMS_JOB_LOAD_CLASS_FAILED", className));
         } catch (ClassNotFoundException e) {
-            log(ILogger.LL_FAILURE, 
-                CMS.getLogMessage("CMSCORE_JOBS_CREATE_NEW", e.toString()));
+            log(ILogger.LL_FAILURE,
+                    CMS.getLogMessage("CMSCORE_JOBS_CREATE_NEW", e.toString()));
             if (Debug.ON)
                 Debug.trace("class NOT instantiated: " + e.toString());
-            throw new
-                EJobsException(CMS.getUserMessage("CMS_JOB_LOAD_CLASS_FAILED", className));
+            throw new EJobsException(CMS.getUserMessage("CMS_JOB_LOAD_CLASS_FAILED", className));
         } catch (IllegalAccessException e) {
-            log(ILogger.LL_FAILURE, 
-                CMS.getLogMessage("CMSCORE_JOBS_CREATE_NEW", e.toString()));
+            log(ILogger.LL_FAILURE,
+                    CMS.getLogMessage("CMSCORE_JOBS_CREATE_NEW", e.toString()));
             if (Debug.ON)
                 Debug.trace("class NOT instantiated: " + e.toString());
-            throw new
-                EJobsException(CMS.getUserMessage("CMS_JOB_LOAD_CLASS_FAILED", className));
+            throw new EJobsException(CMS.getUserMessage("CMS_JOB_LOAD_CLASS_FAILED", className));
         }
     }
 
@@ -534,7 +523,7 @@ public class JobsScheduler implements Runnable, IJobsScheduler {
         if (mLogger == null)
             return;
         mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER,
-            level, msg);
+                level, msg);
     }
 
     public Hashtable<String, JobPlugin> getJobPlugins() {
diff --git a/pki/base/common/src/com/netscape/cmscore/ldap/LdapAndExpression.java b/pki/base/common/src/com/netscape/cmscore/ldap/LdapAndExpression.java
index c41f361e..8f62aa0b 100644
--- a/pki/base/common/src/com/netscape/cmscore/ldap/LdapAndExpression.java
+++ b/pki/base/common/src/com/netscape/cmscore/ldap/LdapAndExpression.java
@@ -17,32 +17,31 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cmscore.ldap;
 
-
 import com.netscape.certsrv.base.SessionContext;
 import com.netscape.certsrv.ldap.ELdapException;
 import com.netscape.certsrv.publish.ILdapExpression;
 import com.netscape.certsrv.request.IRequest;
 
-
 /**
- * This class represents an expression of the form
- * <var1 op val1 AND var2 op va2>.
- *
+ * This class represents an expression of the form <var1 op val1 AND var2 op
+ * va2>.
+ * 
  * Expressions are used as predicates for publishing rule selection.
- *
+ * 
  * @author mzhao
  * @version $Revision$, $Date$
  */
 public class LdapAndExpression implements ILdapExpression {
     private ILdapExpression mExp1;
     private ILdapExpression mExp2;
+
     public LdapAndExpression(ILdapExpression exp1, ILdapExpression exp2) {
         mExp1 = exp1;
         mExp2 = exp2;
     }
 
     public boolean evaluate(SessionContext sc)
-        throws ELdapException {
+            throws ELdapException {
         // If an expression is missing we assume applicability.
         if (mExp1 == null && mExp2 == null)
             return true;
@@ -50,12 +49,13 @@ public class LdapAndExpression implements ILdapExpression {
             return mExp1.evaluate(sc) && mExp2.evaluate(sc);
         else if (mExp1 == null)
             return mExp2.evaluate(sc);
-        else // (if mExp2 == null)
+        else
+            // (if mExp2 == null)
             return mExp1.evaluate(sc);
     }
 
     public boolean evaluate(IRequest req)
-        throws ELdapException {
+            throws ELdapException {
         // If an expression is missing we assume applicability.
         if (mExp1 == null && mExp2 == null)
             return true;
@@ -63,7 +63,8 @@ public class LdapAndExpression implements ILdapExpression {
             return mExp1.evaluate(req) && mExp2.evaluate(req);
         else if (mExp1 == null)
             return mExp2.evaluate(req);
-        else // (if mExp2 == null)
+        else
+            // (if mExp2 == null)
             return mExp1.evaluate(req);
     }
 
@@ -71,4 +72,3 @@ public class LdapAndExpression implements ILdapExpression {
         return mExp1.toString() + " AND " + mExp2.toString();
     }
 }
-
diff --git a/pki/base/common/src/com/netscape/cmscore/ldap/LdapConnModule.java b/pki/base/common/src/com/netscape/cmscore/ldap/LdapConnModule.java
index 7574bf1b..56fa230e 100644
--- a/pki/base/common/src/com/netscape/cmscore/ldap/LdapConnModule.java
+++ b/pki/base/common/src/com/netscape/cmscore/ldap/LdapConnModule.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cmscore.ldap;
 
-
 import netscape.ldap.LDAPConnection;
 
 import com.netscape.certsrv.apps.CMS;
@@ -34,7 +33,6 @@ import com.netscape.cmscore.ldapconn.LdapAuthInfo;
 import com.netscape.cmscore.ldapconn.LdapBoundConnFactory;
 import com.netscape.cmscore.ldapconn.LdapConnInfo;
 
-
 public class LdapConnModule implements ILdapConnModule {
     protected IConfigStore mConfig = null;
     protected LdapBoundConnFactory mLdapConnFactory = null;
@@ -42,7 +40,7 @@ public class LdapConnModule implements ILdapConnModule {
     private boolean mInited = false;
 
     /**
-     * instantiate connection factory. 
+     * instantiate connection factory.
      */
 
     public static final String PROP_LDAP = "ldap";
@@ -58,22 +56,22 @@ public class LdapConnModule implements ILdapConnModule {
     protected ISubsystem mPubProcessor;
 
     public void init(ISubsystem p,
-        IConfigStore config)
-        throws EBaseException {
+            IConfigStore config)
+            throws EBaseException {
 
         CMS.debug("LdapConnModule: init called");
         if (mInited) {
             CMS.debug("LdapConnModule: already initialized. return.");
-             return;
+            return;
         }
         CMS.debug("LdapConnModule: init begins");
 
         mPubProcessor = p;
         mConfig = config;
         /*
-        mLdapConnFactory = new LdapBoundConnFactory();
-        mLdapConnFactory.init(mConfig.getSubStore("ldap"));
-        */
+         * mLdapConnFactory = new LdapBoundConnFactory();
+         * mLdapConnFactory.init(mConfig.getSubStore("ldap"));
+         */
 
         // support publishing dirsrv with different pwd than internaldb
         IConfigStore ldap = mConfig.getSubStore("ldap");
@@ -85,16 +83,16 @@ public class LdapConnModule implements ILdapConnModule {
         ILdapConnInfo connInfo =
                 CMS.getLdapConnInfo(ldapconn);
         LdapAuthInfo authInfo =
-            new LdapAuthInfo(authinfo, ldapconn.getString("host"),
-                ldapconn.getInteger("port"), connInfo.getSecure());
+                new LdapAuthInfo(authinfo, ldapconn.getString("host"),
+                        ldapconn.getInteger("port"), connInfo.getSecure());
 
         int minConns = mConfig.getInteger(ILdapBoundConnFactory.PROP_MINCONNS, 3);
         int maxConns = mConfig.getInteger(ILdapBoundConnFactory.PROP_MAXCONNS, 15);
         // must get authInfo from the config, don't default to internaldb!!!
 
-        CMS.debug("Creating LdapBoundConnFactory for LdapConnModule."); 
+        CMS.debug("Creating LdapBoundConnFactory for LdapConnModule.");
         mLdapConnFactory =
-             new LdapBoundConnFactory(minConns, maxConns, (LdapConnInfo)connInfo, authInfo);
+                new LdapBoundConnFactory(minConns, maxConns, (LdapConnInfo) connInfo, authInfo);
 
         mInited = true;
 
@@ -102,15 +100,14 @@ public class LdapConnModule implements ILdapConnModule {
     }
 
     /**
-     * Returns the internal ldap connection factory. 
-     * This can be useful to get a ldap connection to the 
-     * ldap publishing directory without having to get it again from the 
-     * config file. Note that this means sharing a ldap connection pool 
-     * with the ldap publishing module so be sure to return connections to pool.
-     * Use ILdapConnFactory.getConn() to get a Ldap connection to the ldap 
-     * publishing directory. 
-     * Use ILdapConnFactory.returnConn() to return the connection. 
-     *
+     * Returns the internal ldap connection factory. This can be useful to get a
+     * ldap connection to the ldap publishing directory without having to get it
+     * again from the config file. Note that this means sharing a ldap
+     * connection pool with the ldap publishing module so be sure to return
+     * connections to pool. Use ILdapConnFactory.getConn() to get a Ldap
+     * connection to the ldap publishing directory. Use
+     * ILdapConnFactory.returnConn() to return the connection.
+     * 
      * @see com.netscape.certsrv.ldap.ILdapBoundConnFactory
      * @see com.netscape.certsrv.ldap.ILdapConnFactory
      */
@@ -127,9 +124,8 @@ public class LdapConnModule implements ILdapConnModule {
     }
 
     public void log(int level, String msg) {
-        mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_LDAP, level, 
-            "LdapPublishModule: " + msg);
+        mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_LDAP, level,
+                "LdapPublishModule: " + msg);
     }
-	
-}
 
+}
diff --git a/pki/base/common/src/com/netscape/cmscore/ldap/LdapOrExpression.java b/pki/base/common/src/com/netscape/cmscore/ldap/LdapOrExpression.java
index aaf9f35d..1264c4ce 100644
--- a/pki/base/common/src/com/netscape/cmscore/ldap/LdapOrExpression.java
+++ b/pki/base/common/src/com/netscape/cmscore/ldap/LdapOrExpression.java
@@ -17,51 +17,52 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cmscore.ldap;
 
-
 import com.netscape.certsrv.base.SessionContext;
 import com.netscape.certsrv.ldap.ELdapException;
 import com.netscape.certsrv.publish.ILdapExpression;
 import com.netscape.certsrv.request.IRequest;
 
-
 /**
- * This class represents an Or expression of the form
- * (var1 op val1 OR var2 op val2).
- *
+ * This class represents an Or expression of the form (var1 op val1 OR var2 op
+ * val2).
+ * 
  * Expressions are used as predicates for publishing rule selection.
- *
+ * 
  * @author mzhao
  * @version $Revision$, $Date$
  */
 public class LdapOrExpression implements ILdapExpression {
     private ILdapExpression mExp1;
     private ILdapExpression mExp2;
+
     public LdapOrExpression(ILdapExpression exp1, ILdapExpression exp2) {
         mExp1 = exp1;
         mExp2 = exp2;
     }
 
     public boolean evaluate(SessionContext sc)
-        throws ELdapException {
+            throws ELdapException {
         if (mExp1 == null && mExp2 == null)
             return true;
         else if (mExp1 != null && mExp2 != null)
             return mExp1.evaluate(sc) || mExp2.evaluate(sc);
         else if (mExp1 != null && mExp2 == null)
             return mExp1.evaluate(sc);
-        else // (mExp1 == null && mExp2 != null)
+        else
+            // (mExp1 == null && mExp2 != null)
             return mExp2.evaluate(sc);
     }
 
     public boolean evaluate(IRequest req)
-        throws ELdapException {
+            throws ELdapException {
         if (mExp1 == null && mExp2 == null)
             return true;
         else if (mExp1 != null && mExp2 != null)
             return mExp1.evaluate(req) || mExp2.evaluate(req);
         else if (mExp1 != null && mExp2 == null)
             return mExp1.evaluate(req);
-        else // (mExp1 == null && mExp2 != null)
+        else
+            // (mExp1 == null && mExp2 != null)
             return mExp2.evaluate(req);
     }
 
@@ -72,8 +73,8 @@ public class LdapOrExpression implements ILdapExpression {
             return mExp1.toString() + " OR " + mExp2.toString();
         else if (mExp1 != null && mExp2 == null)
             return mExp1.toString();
-        else // (mExp1 == null && mExp2 != null)
+        else
+            // (mExp1 == null && mExp2 != null)
             return mExp2.toString();
     }
 }
-
diff --git a/pki/base/common/src/com/netscape/cmscore/ldap/LdapPredicateParser.java b/pki/base/common/src/com/netscape/cmscore/ldap/LdapPredicateParser.java
index 3ac8f750..8c6be490 100644
--- a/pki/base/common/src/com/netscape/cmscore/ldap/LdapPredicateParser.java
+++ b/pki/base/common/src/com/netscape/cmscore/ldap/LdapPredicateParser.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cmscore.ldap;
 
-
 import java.util.Enumeration;
 import java.util.Hashtable;
 import java.util.Vector;
@@ -29,19 +28,16 @@ import com.netscape.certsrv.ldap.ELdapException;
 import com.netscape.certsrv.publish.ILdapExpression;
 import com.netscape.cmscore.util.Debug;
 
-
 /**
  * Default implementation of predicate parser.
- *
+ * 
  * Limitations:
- *
- *	1. Currently parentheses are not suported.
- *	2. Only ==, != <, >, <= and >= operators are supported.
- *	3. The only boolean operators supported are AND and OR. AND takes precedence
- *	   over OR. Example: a AND b OR e OR c AND d
- *					is treated as (a AND b) OR e OR (c AND d)
- *	4. If this is n't adequate, roll your own.
- *
+ * 
+ * 1. Currently parentheses are not suported. 2. Only ==, != <, >, <= and >=
+ * operators are supported. 3. The only boolean operators supported are AND and
+ * OR. AND takes precedence over OR. Example: a AND b OR e OR c AND d is treated
+ * as (a AND b) OR e OR (c AND d) 4. If this is n't adequate, roll your own.
+ * 
  * @author mzhao
  * @version $Revision$, $Date$
  */
@@ -57,22 +53,23 @@ public class LdapPredicateParser {
 
     /**
      * Parse the predicate expression and return a vector of expressions.
-     *
-     * @param predicateExp	The predicate expression as read from the config file.
-     * @return expVector	The vector of expressions.
+     * 
+     * @param predicateExp The predicate expression as read from the config
+     *            file.
+     * @return expVector The vector of expressions.
      */
     public static ILdapExpression parse(String predicateExpression)
-        throws ELdapException {
-        if (predicateExpression == null || 
-            predicateExpression.length() == 0)
+            throws ELdapException {
+        if (predicateExpression == null ||
+                predicateExpression.length() == 0)
             return null;
         PredicateTokenizer pt = new PredicateTokenizer(predicateExpression);
 
         if (pt == null || !pt.hasMoreTokens())
             return null;
 
-            // The first token cannot be an operator. We are not dealing with
-            // reverse-polish notation.
+        // The first token cannot be an operator. We are not dealing with
+        // reverse-polish notation.
         String token = pt.nextToken();
         boolean opANDSeen;
         boolean opORSeen;
@@ -92,7 +89,7 @@ public class LdapPredicateParser {
             int curType = getOP(token);
 
             if ((prevType != EXPRESSION && curType != EXPRESSION) ||
-                (prevType == EXPRESSION && curType == EXPRESSION)) {
+                    (prevType == EXPRESSION && curType == EXPRESSION)) {
                 malformed = true;
                 break;
             }
@@ -103,7 +100,8 @@ public class LdapPredicateParser {
                 continue;
             }
 
-            // If the previous type was an OR token, add the current expression to
+            // If the previous type was an OR token, add the current expression
+            // to
             // the expression set;
             if (prevType == OP_OR) {
                 expSet.addElement(current);
@@ -122,8 +120,8 @@ public class LdapPredicateParser {
             if (Debug.ON)
                 Debug.trace("Malformed expression: " + predicateExpression);
             throw new ELdapException(
-              CMS.getUserMessage("CMS_LDAP_BAD_LDAP_EXPRESSION",
-                    predicateExpression));
+                    CMS.getUserMessage("CMS_LDAP_BAD_LDAP_EXPRESSION",
+                            predicateExpression));
         }
 
         // Form an LdapOrExpression
@@ -135,7 +133,7 @@ public class LdapPredicateParser {
         if (size == 0)
             return null;
         LdapOrExpression orExp = new
-            LdapOrExpression((ILdapExpression) expSet.elementAt(0), null);
+                LdapOrExpression((ILdapExpression) expSet.elementAt(0), null);
 
         for (int i = 1; i < size; i++)
             orExp = new LdapOrExpression(orExp,
@@ -153,7 +151,7 @@ public class LdapPredicateParser {
     }
 
     private static ILdapExpression parseExpression(String input)
-        throws ELdapException {
+            throws ELdapException {
         // If the expression has multiple parts separated by commas
         // we need to construct an AND expression. Else we will return a
         // simple expression.
@@ -166,8 +164,8 @@ public class LdapPredicateParser {
 
         while (commaIndex > 0) {
             LdapSimpleExpression exp = (LdapSimpleExpression)
-                LdapSimpleExpression.parse(input.substring(currentIndex,
-                        commaIndex));
+                    LdapSimpleExpression.parse(input.substring(currentIndex,
+                            commaIndex));
 
             expVector.addElement(exp);
             currentIndex = commaIndex + 1;
@@ -175,7 +173,7 @@ public class LdapPredicateParser {
         }
         if (currentIndex < (input.length() - 1)) {
             LdapSimpleExpression exp = (LdapSimpleExpression)
-                LdapSimpleExpression.parse(input.substring(currentIndex));
+                    LdapSimpleExpression.parse(input.substring(currentIndex));
 
             expVector.addElement(exp);
         }
@@ -194,79 +192,40 @@ public class LdapPredicateParser {
     public static void main(String[] args) {
 
         /**
-         AttributeSet req = new AttributeSet();
-         try
-         {
-         req.set("ou", "people");
-         req.set("cn", "John Doe");
-         req.set("uid", "jdoes");
-         req.set("o", "airius.com");
-         req.set("certtype", "client");
-         req.set("request", "issuance");
-         req.set("id", new Integer(10));
-         req.set("dualcerts", new Boolean(true));
-
-         Vector v = new Vector();
-         v.addElement("one");
-         v.addElement("two");
-         v.addElement("three");
-         req.set("count", v);
-         }
-         catch (Exception e){e.printStackTrace();}
-         String[] array = { "ou == people AND certtype == client",
-         "ou == servergroup AND certtype == server",
-         "uid == jdoes, ou==people, o==airius.com OR ou == people AND certType == client OR certType == server AND cn == needles.mcom.com",
-         };
-         for (int i = 0; i < array.length; i++)
-         {
-         System.out.println();
-         System.out.println("String: " + array[i]);
-         ILdapExpression exp = null;
-         try
-         {
-         exp = parse(array[i]);
-         if (exp != null)
-         {
-         System.out.println("Parsed Expression: " + exp);
-         boolean result = exp.evaluate(req);
-         System.out.println("Result: " + result);
-         }
-         }
-         catch (Exception e) {e.printStackTrace(); }
-         }
-
-
-         try
-         {
-         BufferedReader rdr = new BufferedReader(
-         new FileReader(args[0]));
-         String line;
-         while((line=rdr.readLine()) != null)
-         {
-         System.out.println();
-         System.out.println("Line Read: " + line);
-         ILdapExpression exp = null;
-         try
-         {
-         exp = parse(line);
-         if (exp != null)
-         {
-         System.out.println(exp);
-         boolean result = exp.evaluate(req);
-         System.out.println("Result: " + result);
-         }
-
-         }catch (Exception e){e.printStackTrace();}
-         }
-         }
-         catch (Exception e){e.printStackTrace(); }
-
+         * AttributeSet req = new AttributeSet(); try { req.set("ou", "people");
+         * req.set("cn", "John Doe"); req.set("uid", "jdoes"); req.set("o",
+         * "airius.com"); req.set("certtype", "client"); req.set("request",
+         * "issuance"); req.set("id", new Integer(10)); req.set("dualcerts", new
+         * Boolean(true));
+         * 
+         * Vector v = new Vector(); v.addElement("one"); v.addElement("two");
+         * v.addElement("three"); req.set("count", v); } catch (Exception
+         * e){e.printStackTrace();} String[] array = {
+         * "ou == people AND certtype == client",
+         * "ou == servergroup AND certtype == server",
+         * "uid == jdoes, ou==people, o==airius.com OR ou == people AND certType == client OR certType == server AND cn == needles.mcom.com"
+         * , }; for (int i = 0; i < array.length; i++) { System.out.println();
+         * System.out.println("String: " + array[i]); ILdapExpression exp =
+         * null; try { exp = parse(array[i]); if (exp != null) {
+         * System.out.println("Parsed Expression: " + exp); boolean result =
+         * exp.evaluate(req); System.out.println("Result: " + result); } } catch
+         * (Exception e) {e.printStackTrace(); } }
+         * 
+         * 
+         * try { BufferedReader rdr = new BufferedReader( new
+         * FileReader(args[0])); String line; while((line=rdr.readLine()) !=
+         * null) { System.out.println(); System.out.println("Line Read: " +
+         * line); ILdapExpression exp = null; try { exp = parse(line); if (exp
+         * != null) { System.out.println(exp); boolean result =
+         * exp.evaluate(req); System.out.println("Result: " + result); }
+         * 
+         * }catch (Exception e){e.printStackTrace();} } } catch (Exception
+         * e){e.printStackTrace(); }
          **/
     }
 
 }
 
-
 class PredicateTokenizer {
     String input;
     int currentIndex;
@@ -348,30 +307,30 @@ class PredicateTokenizer {
     }
 }
 
-
 class AttributeSet implements IAttrSet {
     /**
      *
      */
     private static final long serialVersionUID = -3155846653754028803L;
     Hashtable ht = new Hashtable();
+
     public AttributeSet() {
     }
 
     public void delete(String name)
-        throws EBaseException {
+            throws EBaseException {
         Object ob = ht.get(name);
 
         ht.remove(ob);
     }
 
     public Object get(String name)
-        throws EBaseException {
+            throws EBaseException {
         return ht.get(name);
     }
 
     public void set(String name, Object ob)
-        throws EBaseException {
+            throws EBaseException {
         ht.put(name, ob);
     }
 
diff --git a/pki/base/common/src/com/netscape/cmscore/ldap/LdapPublishModule.java b/pki/base/common/src/com/netscape/cmscore/ldap/LdapPublishModule.java
index e9839f59..6fba2c37 100644
--- a/pki/base/common/src/com/netscape/cmscore/ldap/LdapPublishModule.java
+++ b/pki/base/common/src/com/netscape/cmscore/ldap/LdapPublishModule.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cmscore.ldap;
 
-
 import java.io.IOException;
 import java.math.BigInteger;
 import java.security.cert.X509CRL;
@@ -56,7 +55,6 @@ import com.netscape.cmscore.dbs.CertRecord;
 import com.netscape.cmscore.ldapconn.LdapBoundConnFactory;
 import com.netscape.cmscore.util.Debug;
 
-
 public class LdapPublishModule implements ILdapPublishModule {
     protected IConfigStore mConfig = null;
     protected LdapBoundConnFactory mLdapConnFactory = null;
@@ -64,28 +62,24 @@ public class LdapPublishModule implements ILdapPublishModule {
     private boolean mInited = false;
     protected ICertAuthority mAuthority = null;
 
-    /** 
-     * hashtable of cert types to cert mappers and publishers. 
-     * cert types are client, server, ca, subca, ra, crl, etc. 
-     * XXX the cert types need to be consistently used.
-     * for each, the mapper may be null, in which case the full subject
-     * name is used to map the cert. 
-     * for crl, if the mapper is null the ca mapper is used. if that
-     * is null, the full issuer name is used.  
-     * XXX if we support crl issuing points the issuing point should be used
-     * to publish the crl.
-     * When publishers are null, the certs are not published. 
+    /**
+     * hashtable of cert types to cert mappers and publishers. cert types are
+     * client, server, ca, subca, ra, crl, etc. XXX the cert types need to be
+     * consistently used. for each, the mapper may be null, in which case the
+     * full subject name is used to map the cert. for crl, if the mapper is null
+     * the ca mapper is used. if that is null, the full issuer name is used. XXX
+     * if we support crl issuing points the issuing point should be used to
+     * publish the crl. When publishers are null, the certs are not published.
      */
-    protected Hashtable mMappers = new Hashtable(); 
+    protected Hashtable mMappers = new Hashtable();
 
     /**
-     * handlers for request types (events) 
-     * values implement IRequestListener
+     * handlers for request types (events) values implement IRequestListener
      */
     protected Hashtable mEventHandlers = new Hashtable();
 
     /**
-     * instantiate connection factory. 
+     * instantiate connection factory.
      */
     public static final String ATTR_LDAPPUBLISH_STATUS = "LdapPublishStatus";
     public static final String PROP_LDAP = "ldap";
@@ -100,12 +94,10 @@ public class LdapPublishModule implements ILdapPublishModule {
     public LdapPublishModule() {
     }
 
-	public void init(ISubsystem sub, IConfigStore config) throws EBaseException 
-	{
-	}
+    public void init(ISubsystem sub, IConfigStore config) throws EBaseException {
+    }
 
-    public void set(String name, String val)
-    {
+    public void set(String name, String val) {
     }
 
     public LdapPublishModule(LdapBoundConnFactory factory) {
@@ -116,8 +108,8 @@ public class LdapPublishModule implements ILdapPublishModule {
     protected IPublisherProcessor mPubProcessor;
 
     public void init(ICertAuthority authority, IPublisherProcessor p,
-        IConfigStore config)
-        throws EBaseException {
+            IConfigStore config)
+            throws EBaseException {
         if (mInited)
             return;
 
@@ -133,9 +125,9 @@ public class LdapPublishModule implements ILdapPublishModule {
         mAuthority.registerRequestListener(this);
     }
 
-    public void init(ICertAuthority authority, IConfigStore config) 
-        throws EBaseException {
-        if (mInited)  
+    public void init(ICertAuthority authority, IConfigStore config)
+            throws EBaseException {
+        if (mInited)
             return;
 
         mAuthority = authority;
@@ -150,15 +142,14 @@ public class LdapPublishModule implements ILdapPublishModule {
     }
 
     /**
-     * Returns the internal ldap connection factory. 
-     * This can be useful to get a ldap connection to the 
-     * ldap publishing directory without having to get it again from the 
-     * config file. Note that this means sharing a ldap connection pool 
-     * with the ldap publishing module so be sure to return connections to pool.
-     * Use ILdapConnFactory.getConn() to get a Ldap connection to the ldap 
-     * publishing directory. 
-     * Use ILdapConnFactory.returnConn() to return the connection. 
-     *
+     * Returns the internal ldap connection factory. This can be useful to get a
+     * ldap connection to the ldap publishing directory without having to get it
+     * again from the config file. Note that this means sharing a ldap
+     * connection pool with the ldap publishing module so be sure to return
+     * connections to pool. Use ILdapConnFactory.getConn() to get a Ldap
+     * connection to the ldap publishing directory. Use
+     * ILdapConnFactory.returnConn() to return the connection.
+     * 
      * @see com.netscape.certsrv.ldap.ILdapBoundConnFactory
      * @see com.netscape.certsrv.ldap.ILdapConnFactory
      */
@@ -167,8 +158,8 @@ public class LdapPublishModule implements ILdapPublishModule {
     }
 
     /**
-     * Returns the connection factory to the publishing directory. 
-     * Must return the connection once you return
+     * Returns the connection factory to the publishing directory. Must return
+     * the connection once you return
      */
 
     protected LdapMappers getMappers(String certType) {
@@ -179,16 +170,16 @@ public class LdapPublishModule implements ILdapPublishModule {
         } else {
             mappers = (LdapMappers) mMappers.get(certType);
         }
-        return mappers; 
+        return mappers;
     }
 
     protected void initMappers(IConfigStore config)
-        throws EBaseException {
+            throws EBaseException {
         IConfigStore types = mConfig.getSubStore(PROP_TYPE);
 
         if (types == null || types.size() <= 0) {
             // nothing configured.
-            if (Debug.ON) 
+            if (Debug.ON)
                 System.out.println("No ldap publishing configurations.");
             return;
         }
@@ -198,9 +189,9 @@ public class LdapPublishModule implements ILdapPublishModule {
             String certType = (String) substores.nextElement();
             IConfigStore current = types.getSubStore(certType);
 
-            if (current == null || current.size() <= 0) { 
+            if (current == null || current.size() <= 0) {
                 CMS.debug(
-                    "No ldap publish configuration for " + certType + " found.");
+                        "No ldap publish configuration for " + certType + " found.");
                 continue;
             }
             ILdapPlugin mapper = null, publisher = null;
@@ -212,53 +203,53 @@ public class LdapPublishModule implements ILdapPublishModule {
                 mapperClassName = mapperConf.getString(PROP_CLASS, null);
                 if (mapperClassName != null && mapperClassName.length() > 0) {
                     CMS.debug(
-                        "mapper " + mapperClassName + " for " + certType);
+                            "mapper " + mapperClassName + " for " + certType);
                     mapper = (ILdapPlugin)
                             Class.forName(mapperClassName).newInstance();
                     mapper.init(mapperConf);
                 }
                 publisherConf = current.getSubStore(PROP_PUBLISHER);
                 publisherClassName = publisherConf.getString(PROP_CLASS, null);
-                if (publisherClassName != null && 
-                    publisherClassName.length() > 0) {
+                if (publisherClassName != null &&
+                        publisherClassName.length() > 0) {
                     CMS.debug(
-                        "publisher " + publisherClassName + " for " + certType);
+                            "publisher " + publisherClassName + " for " + certType);
                     publisher = (ILdapPlugin)
                             Class.forName(publisherClassName).newInstance();
                     publisher.init(publisherConf);
                 }
                 mMappers.put(certType, new LdapMappers(mapper, publisher));
             } catch (ClassNotFoundException e) {
-                String missingClass = mapperClassName + 
-                    ((publisherClassName == null) ? "" : 
-                        (" or " + publisherClassName));
+                String missingClass = mapperClassName +
+                        ((publisherClassName == null) ? "" :
+                                (" or " + publisherClassName));
 
-                log(ILogger.LL_FAILURE, 
-			CMS.getLogMessage("CMSCORE_LDAP_FIND_CLASS", missingClass));
+                log(ILogger.LL_FAILURE,
+                        CMS.getLogMessage("CMSCORE_LDAP_FIND_CLASS", missingClass));
                 throw new ELdapException(
-                  CMS.getUserMessage("CMS_LDAP_CLASS_NOT_FOUND", missingClass));
+                        CMS.getUserMessage("CMS_LDAP_CLASS_NOT_FOUND", missingClass));
             } catch (InstantiationException e) {
-                String badInstance = mapperClassName + 
-                    ((publisherClassName == null) ? "" : 
-                        (" or " + publisherClassName));
+                String badInstance = mapperClassName +
+                        ((publisherClassName == null) ? "" :
+                                (" or " + publisherClassName));
 
-                log(ILogger.LL_FAILURE, 
-			CMS.getLogMessage("CMSCORE_LDAP_INST_CLASS", 
-                    badInstance ,certType));
+                log(ILogger.LL_FAILURE,
+                        CMS.getLogMessage("CMSCORE_LDAP_INST_CLASS",
+                                badInstance, certType));
                 throw new ELdapException(
-                  CMS.getUserMessage("CMS_LDAP_INSTANTIATING_CLASS_FAILED", badInstance));
+                        CMS.getUserMessage("CMS_LDAP_INSTANTIATING_CLASS_FAILED", badInstance));
             } catch (IllegalAccessException e) {
-                String badInstance = mapperClassName + 
-                    ((publisherClassName == null) ? "" : 
-                        (" or " + publisherClassName));
+                String badInstance = mapperClassName +
+                        ((publisherClassName == null) ? "" :
+                                (" or " + publisherClassName));
 
-                log(ILogger.LL_FAILURE, 
-			CMS.getLogMessage("CMSCORE_LDAP_INSUFFICIENT_CREDENTIALS", badInstance, certType));
+                log(ILogger.LL_FAILURE,
+                        CMS.getLogMessage("CMSCORE_LDAP_INSUFFICIENT_CREDENTIALS", badInstance, certType));
                 throw new ELdapException(
-                  CMS.getUserMessage("CMS_LDAP_INSUFFICIENT_CREDENTIALS", certType));
+                        CMS.getUserMessage("CMS_LDAP_INSUFFICIENT_CREDENTIALS", certType));
             } catch (EBaseException e) {
-                log(ILogger.LL_FAILURE, 
-			CMS.getLogMessage("CMSCORE_LDAP_INIT_ERROR", certType, e.toString()));
+                log(ILogger.LL_FAILURE,
+                        CMS.getLogMessage("CMSCORE_LDAP_INIT_ERROR", certType, e.toString()));
                 throw e;
             }
         }
@@ -266,14 +257,14 @@ public class LdapPublishModule implements ILdapPublishModule {
     }
 
     protected void initHandlers() {
-        mEventHandlers.put(IRequest.ENROLLMENT_REQUEST, 
-            new HandleEnrollment(this));
+        mEventHandlers.put(IRequest.ENROLLMENT_REQUEST,
+                new HandleEnrollment(this));
         mEventHandlers.put(IRequest.RENEWAL_REQUEST,
-            new HandleRenewal(this));
-        mEventHandlers.put(IRequest.REVOCATION_REQUEST, 
-            new HandleRevocation(this));
-        mEventHandlers.put(IRequest.UNREVOCATION_REQUEST, 
-            new HandleUnrevocation(this));
+                new HandleRenewal(this));
+        mEventHandlers.put(IRequest.REVOCATION_REQUEST,
+                new HandleRevocation(this));
+        mEventHandlers.put(IRequest.UNREVOCATION_REQUEST,
+                new HandleUnrevocation(this));
     }
 
     public void accept(IRequest r) {
@@ -284,14 +275,14 @@ public class LdapPublishModule implements ILdapPublishModule {
 
         if (handler == null) {
             CMS.debug(
-                "Nothing to publish for request type " + type);
+                    "Nothing to publish for request type " + type);
             return;
         }
         handler.accept(r);
     }
 
     public void publish(String certType, X509Certificate cert)
-        throws ELdapException {
+            throws ELdapException {
         // get mapper and publisher for cert type.
         LdapMappers mappers = getMappers(certType);
 
@@ -299,15 +290,15 @@ public class LdapPublishModule implements ILdapPublishModule {
             CMS.debug("publisher for " + certType + " is null");
             return;
         }
-        publish((ILdapMapper) mappers.mapper, 
-            (ILdapPublisher) mappers.publisher, cert);
+        publish((ILdapMapper) mappers.mapper,
+                (ILdapPublisher) mappers.publisher, cert);
 
         // set the ldap published flag.
         setPublishedFlag(cert.getSerialNumber(), true);
     }
 
     public void unpublish(String certType, X509Certificate cert)
-        throws ELdapException {
+            throws ELdapException {
         // get mapper and publisher for cert type.
         LdapMappers mappers = getMappers(certType);
 
@@ -315,19 +306,19 @@ public class LdapPublishModule implements ILdapPublishModule {
             CMS.debug("publisher for " + certType + " is null");
             return;
         }
-        unpublish((ILdapMapper) mappers.mapper, 
-            (ILdapPublisher) mappers.publisher, cert);
+        unpublish((ILdapMapper) mappers.mapper,
+                (ILdapPublisher) mappers.publisher, cert);
 
         // set the ldap published flag.
         setPublishedFlag(cert.getSerialNumber(), false);
     }
 
     /**
-     * set published flag - true when published, false when unpublished. 
-     * not exist means not published. 
+     * set published flag - true when published, false when unpublished. not
+     * exist means not published.
      */
     public void setPublishedFlag(BigInteger serialNo, boolean published) {
-        if (!(mAuthority instanceof ICertificateAuthority)) 
+        if (!(mAuthority instanceof ICertificateAuthority))
             return;
         ICertificateAuthority ca = (ICertificateAuthority) mAuthority;
 
@@ -340,18 +331,18 @@ public class LdapPublishModule implements ILdapPublishModule {
                 metaInfo = new MetaInfo();
             }
             metaInfo.set(
-                CertRecord.META_LDAPPUBLISH, String.valueOf(published));
+                    CertRecord.META_LDAPPUBLISH, String.valueOf(published));
             ModificationSet modSet = new ModificationSet();
 
-            modSet.add(ICertRecord.ATTR_META_INFO, 
-                Modification.MOD_REPLACE, metaInfo);
+            modSet.add(ICertRecord.ATTR_META_INFO,
+                    Modification.MOD_REPLACE, metaInfo);
             certdb.modifyCertificateRecord(serialNo, modSet);
         } catch (EBaseException e) {
             // not fatal. just log warning.
-            log(ILogger.LL_WARN, 
-                "Cannot mark cert 0x" + serialNo.toString(16) + " published as " + published +
-                " in the ldap directory. Cert Record not found. Error: " +
-                e.getMessage());
+            log(ILogger.LL_WARN,
+                    "Cannot mark cert 0x" + serialNo.toString(16) + " published as " + published +
+                            " in the ldap directory. Cert Record not found. Error: " +
+                            e.getMessage());
         }
     }
 
@@ -364,8 +355,8 @@ public class LdapPublishModule implements ILdapPublishModule {
     }
 
     public void publish(ILdapMapper mapper, ILdapPublisher publisher,
-        X509Certificate cert)
-        throws ELdapException {
+            X509Certificate cert)
+            throws ELdapException {
         LDAPConnection conn = null;
 
         try {
@@ -376,17 +367,17 @@ public class LdapPublishModule implements ILdapPublishModule {
             if (mapper == null) { // use the cert's subject name exactly
                 dirdn = cert.getSubjectDN().toString();
                 CMS.debug(
-                    "no mapper found. Using subject name exactly." +
-                    cert.getSubjectDN());
+                        "no mapper found. Using subject name exactly." +
+                                cert.getSubjectDN());
             } else {
                 result = mapper.map(conn, cert);
                 dirdn = result;
-                if (dirdn == null) {  
-                    log(ILogger.LL_FAILURE, 
-			CMS.getLogMessage("CMSCORE_LDAP_PUBLISH_NOT_MATCH",
-                        cert.getSerialNumber().toString(16),
-                        cert.getSubjectDN().toString()));
-                    throw new ELdapException(CMS.getUserMessage("CMS_LDAP_NO_MATCH", 
+                if (dirdn == null) {
+                    log(ILogger.LL_FAILURE,
+                            CMS.getLogMessage("CMSCORE_LDAP_PUBLISH_NOT_MATCH",
+                                    cert.getSerialNumber().toString(16),
+                                    cert.getSubjectDN().toString()));
+                    throw new ELdapException(CMS.getUserMessage("CMS_LDAP_NO_MATCH",
                             cert.getSubjectDN().toString()));
                 }
             }
@@ -399,8 +390,8 @@ public class LdapPublishModule implements ILdapPublishModule {
     }
 
     public void unpublish(ILdapMapper mapper, ILdapPublisher publisher,
-        X509Certificate cert) 
-        throws ELdapException {
+            X509Certificate cert)
+            throws ELdapException {
         LDAPConnection conn = null;
 
         try {
@@ -413,12 +404,12 @@ public class LdapPublishModule implements ILdapPublishModule {
             } else {
                 result = mapper.map(conn, cert);
                 dirdn = result;
-                if (dirdn == null) {  
-                    log(ILogger.LL_FAILURE, 
-			CMS.getLogMessage("CMSCORE_LDAP_PUBLISH_NOT_MATCH",
-                        cert.getSerialNumber().toString(16),
-                        cert.getSubjectDN().toString()));
-                    throw new ELdapException(CMS.getUserMessage("CMS_LDAP_NO_MATCH", 
+                if (dirdn == null) {
+                    log(ILogger.LL_FAILURE,
+                            CMS.getLogMessage("CMSCORE_LDAP_PUBLISH_NOT_MATCH",
+                                    cert.getSerialNumber().toString(16),
+                                    cert.getSubjectDN().toString()));
+                    throw new ELdapException(CMS.getUserMessage("CMS_LDAP_NO_MATCH",
                             cert.getSubjectDN().toString()));
                 }
             }
@@ -431,11 +422,11 @@ public class LdapPublishModule implements ILdapPublishModule {
     }
 
     /**
-     * publishes a crl by mapping the issuer name in the crl to an entry
-     * and publishing it there. entry must be a certificate authority.
+     * publishes a crl by mapping the issuer name in the crl to an entry and
+     * publishing it there. entry must be a certificate authority.
      */
-    public void publish(X509CRLImpl crl) 
-        throws ELdapException {
+    public void publish(X509CRLImpl crl)
+            throws ELdapException {
         ILdapCrlMapper mapper = null;
         ILdapPublisher publisher = null;
 
@@ -458,17 +449,17 @@ public class LdapPublishModule implements ILdapPublishModule {
             } else {
                 result = ((ILdapMapper) mappers.mapper).map(conn, crl);
                 dn = result;
-                if (dn == null) {  
+                if (dn == null) {
                     log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_LDAP_CRL_NOT_MATCH"));
-                    throw new ELdapException(CMS.getUserMessage("CMS_LDAP_NO_MATCH", 
+                    throw new ELdapException(CMS.getUserMessage("CMS_LDAP_NO_MATCH",
                             crl.getIssuerDN().toString()));
                 }
             }
             ((ILdapPublisher) mappers.publisher).publish(conn, dn, crl);
         } catch (ELdapException e) {
-            //e.printStackTrace();
+            // e.printStackTrace();
             CMS.debug(
-                "Error publishing CRL to " + dn + ": " + e);
+                    "Error publishing CRL to " + dn + ": " + e);
             throw e;
         } catch (IOException e) {
             CMS.debug("Error publishing CRL to " + dn + ": " + e);
@@ -481,11 +472,11 @@ public class LdapPublishModule implements ILdapPublishModule {
     }
 
     /**
-     * publishes a crl by mapping the issuer name in the crl to an entry
-     * and publishing it there. entry must be a certificate authority.
+     * publishes a crl by mapping the issuer name in the crl to an entry and
+     * publishing it there. entry must be a certificate authority.
      */
-    public void publish(String dn, X509CRL crl) 
-        throws ELdapException {
+    public void publish(String dn, X509CRL crl)
+            throws ELdapException {
         LdapMappers mappers = getMappers(PROP_TYPE_CRL);
 
         if (mappers == null || mappers.publisher == null) {
@@ -500,7 +491,7 @@ public class LdapPublishModule implements ILdapPublishModule {
             ((ILdapPublisher) mappers.publisher).publish(conn, dn, crl);
         } catch (ELdapException e) {
             CMS.debug(
-                "Error publishing CRL to " + dn + ": " + e.toString());
+                    "Error publishing CRL to " + dn + ": " + e.toString());
             throw e;
         } finally {
             if (conn != null) {
@@ -510,23 +501,22 @@ public class LdapPublishModule implements ILdapPublishModule {
     }
 
     public void log(int level, String msg) {
-        mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_LDAP, level, 
-            "LdapPublishModule: " + msg);
+        mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_LDAP, level,
+                "LdapPublishModule: " + msg);
     }
-	
-}
 
+}
 
 class LdapMappers {
     public LdapMappers(ILdapPlugin aMapper, ILdapPlugin aPublisher) {
         mapper = aMapper;
         publisher = aPublisher;
     }
+
     public ILdapPlugin mapper = null;
     public ILdapPlugin publisher = null;
 }
 
-
 class HandleEnrollment implements IRequestListener {
     LdapPublishModule mModule = null;
 
@@ -534,49 +524,47 @@ class HandleEnrollment implements IRequestListener {
         mModule = module;
     }
 
-    public void set(String name, String val)
-    {
+    public void set(String name, String val) {
     }
 
-    public void init(ISubsystem sub, IConfigStore config) throws EBaseException 
-	{
+    public void init(ISubsystem sub, IConfigStore config) throws EBaseException {
     }
 
     public void accept(IRequest r) {
         CMS.debug(
-            "handling publishing for enrollment request id " +
-            r.getRequestId());
+                "handling publishing for enrollment request id " +
+                        r.getRequestId());
 
         // in case it's not meant for us
         if (r.getExtDataInInteger(IRequest.RESULT) == null)
             return;
 
-            // check if request failed.
+        // check if request failed.
         if ((r.getExtDataInInteger(IRequest.RESULT)).equals(IRequest.RES_ERROR)) {
             CMS.debug("Request errored. " +
-                "Nothing to publish for enrollment request id " +
-                r.getRequestId());
+                    "Nothing to publish for enrollment request id " +
+                    r.getRequestId());
             return;
         }
         CMS.debug("Checking publishing for request " +
-            r.getRequestId());
+                r.getRequestId());
         // check if issued certs is set.
         X509CertImpl[] certs = r.getExtDataInCertArray(IRequest.ISSUED_CERTS);
 
         if (certs == null || certs.length == 0 || certs[0] == null) {
             CMS.debug(
-                "No certs to publish for request id " + r.getRequestId());
+                    "No certs to publish for request id " + r.getRequestId());
             return;
         }
 
         // get mapper and publisher for client certs.
-        LdapMappers mappers = 
-            mModule.getMappers(LdapPublishModule.PROP_TYPE_CLIENT);
+        LdapMappers mappers =
+                mModule.getMappers(LdapPublishModule.PROP_TYPE_CLIENT);
 
         if (mappers == null || mappers.publisher == null) {
             CMS.debug(
-                "In publishing: No publisher for type " +
-                LdapPublishModule.PROP_TYPE_CLIENT);
+                    "In publishing: No publisher for type " +
+                            LdapPublishModule.PROP_TYPE_CLIENT);
             return;
         }
 
@@ -586,18 +574,18 @@ class HandleEnrollment implements IRequestListener {
 
         for (int i = 0; i < certs.length; i++) {
             try {
-                if (certs[i] == null) 
+                if (certs[i] == null)
                     continue;
-                mModule.publish((ILdapMapper) mappers.mapper, 
-                    (ILdapPublisher) mappers.publisher, certs[i]);
+                mModule.publish((ILdapMapper) mappers.mapper,
+                        (ILdapPublisher) mappers.publisher, certs[i]);
                 results[i] = IRequest.RES_SUCCESS;
                 CMS.debug(
-                    "Published cert serial no 0x" + certs[i].getSerialNumber().toString(16));
+                        "Published cert serial no 0x" + certs[i].getSerialNumber().toString(16));
                 mModule.setPublishedFlag(certs[i].getSerialNumber(), true);
             } catch (ELdapException e) {
-                mModule.log(ILogger.LL_FAILURE, 
-			CMS.getLogMessage("CMSCORE_LDAP_CERT_NOT_PUBLISH",
-                    certs[i].getSerialNumber().toString(16),e.toString()));
+                mModule.log(ILogger.LL_FAILURE,
+                        CMS.getLogMessage("CMSCORE_LDAP_CERT_NOT_PUBLISH",
+                                certs[i].getSerialNumber().toString(16), e.toString()));
                 results[i] = IRequest.RES_ERROR;
             }
             r.setExtData("ldapPublishStatus", results);
@@ -605,40 +593,38 @@ class HandleEnrollment implements IRequestListener {
     }
 }
 
-
 class HandleRenewal implements IRequestListener {
     private LdapPublishModule mModule = null;
+
     public HandleRenewal(LdapPublishModule module) {
         mModule = module;
     }
 
-    public void init(ISubsystem sub, IConfigStore config) throws EBaseException 
-	{
-	}
+    public void init(ISubsystem sub, IConfigStore config) throws EBaseException {
+    }
 
-    public void set(String name, String val)
-    {
+    public void set(String name, String val) {
     }
 
     public void accept(IRequest r) {
-        // Note we do not remove old certs from directory during renewal 
+        // Note we do not remove old certs from directory during renewal
         X509CertImpl[] certs = r.getExtDataInCertArray(IRequest.ISSUED_CERTS);
 
         if (certs == null || certs.length == 0) {
             CMS.debug("no certs to publish for renewal " +
-                "request " + r.getRequestId());
+                    "request " + r.getRequestId());
             return;
         }
         Integer results[] = new Integer[certs.length];
         X509CertImpl cert = null;
 
         // get mapper and publisher for cert type.
-        LdapMappers mappers = 
-            mModule.getMappers(LdapPublishModule.PROP_TYPE_CLIENT);
+        LdapMappers mappers =
+                mModule.getMappers(LdapPublishModule.PROP_TYPE_CLIENT);
 
         if (mappers == null || mappers.publisher == null) {
             CMS.debug(
-                "publisher for " + LdapPublishModule.PROP_TYPE_CLIENT + " is null");
+                    "publisher for " + LdapPublishModule.PROP_TYPE_CLIENT + " is null");
             return;
         }
 
@@ -646,46 +632,44 @@ class HandleRenewal implements IRequestListener {
 
         for (int i = 0; i < certs.length; i++) {
             cert = (X509CertImpl) certs[i];
-            if (cert == null) 
+            if (cert == null)
                 continue; // there was an error issuing this cert.
             try {
-                mModule.publish((ILdapMapper) mappers.mapper, 
-                    (ILdapPublisher) mappers.publisher, cert);
+                mModule.publish((ILdapMapper) mappers.mapper,
+                        (ILdapPublisher) mappers.publisher, cert);
                 results[i] = IRequest.RES_SUCCESS;
-                mModule.log(ILogger.LL_INFO, 
-                    "Published cert serial no 0x" + cert.getSerialNumber().toString(16));
+                mModule.log(ILogger.LL_INFO,
+                        "Published cert serial no 0x" + cert.getSerialNumber().toString(16));
             } catch (ELdapException e) {
                 error = true;
-                mModule.log(ILogger.LL_FAILURE, 
-			CMS.getLogMessage("CMSCORE_LDAP_CERT_NOT_PUBLISH",
-                    cert.getSerialNumber().toString(16), e.getMessage()));
+                mModule.log(ILogger.LL_FAILURE,
+                        CMS.getLogMessage("CMSCORE_LDAP_CERT_NOT_PUBLISH",
+                                cert.getSerialNumber().toString(16), e.getMessage()));
                 results[i] = IRequest.RES_ERROR;
             }
         }
         r.setExtData("ldapPublishStatus", results);
         r.setExtData("ldapPublishOverAllStatus",
-            (error == true ? IRequest.RES_ERROR : IRequest.RES_SUCCESS));
+                (error == true ? IRequest.RES_ERROR : IRequest.RES_SUCCESS));
     }
 }
 
-
 class HandleRevocation implements IRequestListener {
     private LdapPublishModule mModule = null;
+
     public HandleRevocation(LdapPublishModule module) {
         mModule = module;
     }
 
-    public void init(ISubsystem sub, IConfigStore config) throws EBaseException 
-	{
-	}
+    public void init(ISubsystem sub, IConfigStore config) throws EBaseException {
+    }
 
-    public void set(String name, String val)
-    {
+    public void set(String name, String val) {
     }
 
     public void accept(IRequest r) {
         CMS.debug(
-            "Handle publishing for revoke request id " + r.getRequestId());
+                "Handle publishing for revoke request id " + r.getRequestId());
 
         // get fields in request.
         X509CertImpl[] revcerts = r.getExtDataInCertArray(IRequest.OLD_CERTS);
@@ -693,18 +677,18 @@ class HandleRevocation implements IRequestListener {
         if (revcerts == null || revcerts.length == 0 || revcerts[0] == null) {
             // no certs in revoke.
             CMS.debug(
-                "Nothing to unpublish for revocation " +
-                "request " + r.getRequestId());
+                    "Nothing to unpublish for revocation " +
+                            "request " + r.getRequestId());
             return;
         }
 
         // get mapper and publisher for cert type.
-        LdapMappers mappers = 
-            mModule.getMappers(LdapPublishModule.PROP_TYPE_CLIENT);
+        LdapMappers mappers =
+                mModule.getMappers(LdapPublishModule.PROP_TYPE_CLIENT);
 
         if (mappers == null || mappers.publisher == null) {
             CMS.debug(
-                "publisher for " + LdapPublishModule.PROP_TYPE_CLIENT + " is null");
+                    "publisher for " + LdapPublishModule.PROP_TYPE_CLIENT + " is null");
             return;
         }
 
@@ -716,41 +700,40 @@ class HandleRevocation implements IRequestListener {
 
             results[i] = IRequest.RES_ERROR;
             try {
-                mModule.unpublish((ILdapMapper) mappers.mapper, 
-                    (ILdapPublisher) mappers.publisher, cert);
+                mModule.unpublish((ILdapMapper) mappers.mapper,
+                        (ILdapPublisher) mappers.publisher, cert);
                 results[i] = IRequest.RES_SUCCESS;
                 CMS.debug(
-                    "Unpublished cert serial no 0x" + cert.getSerialNumber().toString(16));
+                        "Unpublished cert serial no 0x" + cert.getSerialNumber().toString(16));
             } catch (ELdapException e) {
                 error = true;
-                mModule.log(ILogger.LL_FAILURE, 
-			CMS.getLogMessage("CMSCORE_LDAP_CERT_NOT_UNPUBLISH",
-                    cert.getSerialNumber().toString(16), e.getMessage()));
+                mModule.log(ILogger.LL_FAILURE,
+                        CMS.getLogMessage("CMSCORE_LDAP_CERT_NOT_UNPUBLISH",
+                                cert.getSerialNumber().toString(16), e.getMessage()));
             }
         }
         r.setExtData("ldapPublishStatus", results);
         r.setExtData("ldapPublishOverAllStatus",
-            (error == true ? IRequest.RES_ERROR : IRequest.RES_SUCCESS));
+                (error == true ? IRequest.RES_ERROR : IRequest.RES_SUCCESS));
     }
 }
 
-
 class HandleUnrevocation implements IRequestListener {
     private LdapPublishModule mModule = null;
+
     public HandleUnrevocation(LdapPublishModule module) {
         mModule = module;
     }
 
-    public void set(String name, String val)
-    {
+    public void set(String name, String val) {
+    }
+
+    public void init(ISubsystem sub, IConfigStore config) throws EBaseException {
     }
-    public void init(ISubsystem sub, IConfigStore config) throws EBaseException 
-	{
-	}
 
     public void accept(IRequest r) {
         CMS.debug(
-            "Handle publishing for unrevoke request id " + r.getRequestId());
+                "Handle publishing for unrevoke request id " + r.getRequestId());
 
         // get fields in request.
         X509CertImpl[] certs = r.getExtDataInCertArray(IRequest.OLD_CERTS);
@@ -758,18 +741,18 @@ class HandleUnrevocation implements IRequestListener {
         if (certs == null || certs.length == 0 || certs[0] == null) {
             // no certs in unrevoke.
             CMS.debug(
-                "Nothing to publish for unrevocation " +
-                "request " + r.getRequestId());
+                    "Nothing to publish for unrevocation " +
+                            "request " + r.getRequestId());
             return;
         }
 
         // get mapper and publisher for cert type.
-        LdapMappers mappers = 
-            mModule.getMappers(LdapPublishModule.PROP_TYPE_CLIENT);
+        LdapMappers mappers =
+                mModule.getMappers(LdapPublishModule.PROP_TYPE_CLIENT);
 
         if (mappers == null || mappers.publisher == null) {
             CMS.debug(
-                "publisher for " + LdapPublishModule.PROP_TYPE_CLIENT + " is null");
+                    "publisher for " + LdapPublishModule.PROP_TYPE_CLIENT + " is null");
             return;
         }
 
@@ -779,22 +762,21 @@ class HandleUnrevocation implements IRequestListener {
         for (int i = 0; i < certs.length; i++) {
             results[i] = IRequest.RES_ERROR;
             try {
-                mModule.publish((ILdapMapper) mappers.mapper, 
-                    (ILdapPublisher) mappers.publisher, certs[i]);
+                mModule.publish((ILdapMapper) mappers.mapper,
+                        (ILdapPublisher) mappers.publisher, certs[i]);
                 results[i] = IRequest.RES_SUCCESS;
                 CMS.debug(
-                    "Unpublished cert serial no 0x" + certs[i].getSerialNumber().toString(16));
+                        "Unpublished cert serial no 0x" + certs[i].getSerialNumber().toString(16));
             } catch (ELdapException e) {
                 error = true;
-                mModule.log(ILogger.LL_FAILURE, 
-			CMS.getLogMessage("CMSCORE_LDAP_CERT_NOT_UNPUBLISH",
-                    certs[i].getSerialNumber().toString(16), e.getMessage()));
+                mModule.log(ILogger.LL_FAILURE,
+                        CMS.getLogMessage("CMSCORE_LDAP_CERT_NOT_UNPUBLISH",
+                                certs[i].getSerialNumber().toString(16), e.getMessage()));
             }
         }
         r.setExtData("ldapPublishStatus", results);
         r.setExtData("ldapPublishOverAllStatus",
-            (error == true ? IRequest.RES_ERROR : IRequest.RES_SUCCESS));
+                (error == true ? IRequest.RES_ERROR : IRequest.RES_SUCCESS));
     }
 
 }
-
diff --git a/pki/base/common/src/com/netscape/cmscore/ldap/LdapRequestListener.java b/pki/base/common/src/com/netscape/cmscore/ldap/LdapRequestListener.java
index 6c1e1e8a..f67124a0 100644
--- a/pki/base/common/src/com/netscape/cmscore/ldap/LdapRequestListener.java
+++ b/pki/base/common/src/com/netscape/cmscore/ldap/LdapRequestListener.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cmscore.ldap;
 
-
 import java.math.BigInteger;
 import java.security.cert.Certificate;
 import java.util.Hashtable;
@@ -42,13 +41,12 @@ import com.netscape.certsrv.request.IRequestListener;
 import com.netscape.certsrv.request.RequestId;
 import com.netscape.cmscore.dbs.CertRecord;
 
-
 public class LdapRequestListener implements IRequestListener {
     private boolean mInited = false;
 
     /**
-     * handlers for request types (events)
-     * each handler implement IRequestListener
+     * handlers for request types (events) each handler implement
+     * IRequestListener
      */
     private Hashtable mRequestListeners = new Hashtable();
 
@@ -57,23 +55,23 @@ public class LdapRequestListener implements IRequestListener {
     public LdapRequestListener() {
     }
 
-	public void set(String name, String val) 
-	{ 
-	}
+    public void set(String name, String val) {
+    }
 
     public void init(ISubsystem sys, IConfigStore config) throws EBaseException {
-        if (mInited) return;
+        if (mInited)
+            return;
 
-        mPublisherProcessor = (IPublisherProcessor)sys;
+        mPublisherProcessor = (IPublisherProcessor) sys;
 
         mRequestListeners.put(IRequest.ENROLLMENT_REQUEST,
-            new LdapEnrollmentListener(mPublisherProcessor));
+                new LdapEnrollmentListener(mPublisherProcessor));
         mRequestListeners.put(IRequest.RENEWAL_REQUEST,
-            new LdapRenewalListener(mPublisherProcessor));
+                new LdapRenewalListener(mPublisherProcessor));
         mRequestListeners.put(IRequest.REVOCATION_REQUEST,
-            new LdapRevocationListener(mPublisherProcessor));
+                new LdapRevocationListener(mPublisherProcessor));
         mRequestListeners.put(IRequest.UNREVOCATION_REQUEST,
-            new LdapUnrevocationListener(mPublisherProcessor));
+                new LdapUnrevocationListener(mPublisherProcessor));
         mInited = true;
     }
 
@@ -86,33 +84,33 @@ public class LdapRequestListener implements IRequestListener {
             if (r.getExtDataInInteger(IRequest.RESULT) == null)
                 return null;
 
-                // check if request failed.
+            // check if request failed.
             if ((r.getExtDataInInteger(IRequest.RESULT)).equals(IRequest.RES_ERROR)) {
                 CMS.debug("Request errored. " +
-                    "Nothing to publish for enrollment request id " +
-                    r.getRequestId());
+                        "Nothing to publish for enrollment request id " +
+                        r.getRequestId());
                 return null;
             }
             CMS.debug("Checking publishing for request " +
-                r.getRequestId());
+                    r.getRequestId());
             // check if issued certs is set.
             X509CertImpl[] certs = r.getExtDataInCertArray(IRequest.ISSUED_CERTS);
 
             if (certs == null || certs.length == 0 || certs[0] == null) {
                 CMS.debug(
-                    "No certs to publish for request id " +
-                    r.getRequestId());
+                        "No certs to publish for request id " +
+                                r.getRequestId());
                 return null;
             }
             obj.setCerts(certs);
             return obj;
         } else if (type.equals(IRequest.RENEWAL_REQUEST)) {
-            // Note we do not remove old certs from directory during renewal 
+            // Note we do not remove old certs from directory during renewal
             X509CertImpl[] certs = r.getExtDataInCertArray(IRequest.ISSUED_CERTS);
 
             if (certs == null || certs.length == 0) {
                 CMS.debug("no certs to publish for renewal " +
-                    "request " + r.getRequestId());
+                        "request " + r.getRequestId());
                 return null;
             }
             obj.setCerts(certs);
@@ -123,8 +121,8 @@ public class LdapRequestListener implements IRequestListener {
             if (revcerts == null || revcerts.length == 0 || revcerts[0] == null) {
                 // no certs in revoke.
                 CMS.debug(
-                    "Nothing to unpublish for revocation " +
-                    "request " + r.getRequestId());
+                        "Nothing to unpublish for revocation " +
+                                "request " + r.getRequestId());
                 return null;
             }
             obj.setCerts(revcerts);
@@ -135,16 +133,16 @@ public class LdapRequestListener implements IRequestListener {
             if (certs == null || certs.length == 0 || certs[0] == null) {
                 // no certs in unrevoke.
                 CMS.debug(
-                    "Nothing to publish for unrevocation " +
-                    "request " + r.getRequestId());
+                        "Nothing to publish for unrevocation " +
+                                "request " + r.getRequestId());
                 return null;
             }
             obj.setCerts(certs);
             return obj;
         } else {
             CMS.debug("Request errored. " +
-                "Nothing to publish for request id " +
-                r.getRequestId());
+                    "Nothing to publish for request id " +
+                    r.getRequestId());
             return null;
         }
 
@@ -157,7 +155,7 @@ public class LdapRequestListener implements IRequestListener {
 
         if (handler == null) {
             CMS.debug(
-                "Nothing to publish for request type " + type);
+                    "Nothing to publish for request type " + type);
             return;
         }
         handler.accept(r);
@@ -165,7 +163,6 @@ public class LdapRequestListener implements IRequestListener {
 
 }
 
-
 class LdapEnrollmentListener implements IRequestListener {
     IPublisherProcessor mProcessor = null;
 
@@ -176,51 +173,50 @@ class LdapEnrollmentListener implements IRequestListener {
     public void init(ISubsystem sys, IConfigStore config) throws EBaseException {
     }
 
-    public void set(String name, String val)
-    {
+    public void set(String name, String val) {
     }
 
     public void accept(IRequest r) {
         CMS.debug(
-            "LdapRequestListener handling publishing for enrollment request id " +
-            r.getRequestId());
+                "LdapRequestListener handling publishing for enrollment request id " +
+                        r.getRequestId());
 
         String profileId = r.getExtDataInString("profileId");
 
         if (profileId == null) {
-          // in case it's not meant for us
-          if (r.getExtDataInInteger(IRequest.RESULT) == null)
-            return;
+            // in case it's not meant for us
+            if (r.getExtDataInInteger(IRequest.RESULT) == null)
+                return;
 
             // check if request failed.
-          if ((r.getExtDataInInteger(IRequest.RESULT)).equals(IRequest.RES_ERROR)) {
-            CMS.debug("Request errored. " +
-                "Nothing to publish for enrollment request id " +
-                r.getRequestId());
-            return;
-          }
-	}
+            if ((r.getExtDataInInteger(IRequest.RESULT)).equals(IRequest.RES_ERROR)) {
+                CMS.debug("Request errored. " +
+                        "Nothing to publish for enrollment request id " +
+                        r.getRequestId());
+                return;
+            }
+        }
         CMS.debug("Checking publishing for request " +
-            r.getRequestId());
+                r.getRequestId());
         // check if issued certs is set.
         Certificate[] certs = null;
         if (profileId == null) {
-		certs = r.getExtDataInCertArray(IRequest.ISSUED_CERTS);
-	} else {
-		certs = new Certificate[1];
-		certs[0] = r.getExtDataInCert(IEnrollProfile.REQUEST_ISSUED_CERT);
-	}
+            certs = r.getExtDataInCertArray(IRequest.ISSUED_CERTS);
+        } else {
+            certs = new Certificate[1];
+            certs[0] = r.getExtDataInCert(IEnrollProfile.REQUEST_ISSUED_CERT);
+        }
 
         if (certs == null || certs.length == 0 || certs[0] == null) {
             CMS.debug(
-                "No certs to publish for request id " + r.getRequestId());
+                    "No certs to publish for request id " + r.getRequestId());
             return;
         }
-		
+
         if (certs[0] instanceof X509CertImpl)
             acceptX509(r, certs);
     }
-	
+
     public void acceptX509(IRequest r, Certificate[] certs) {
         Integer results[] = new Integer[certs.length];
         boolean error = false;
@@ -228,58 +224,57 @@ class LdapEnrollmentListener implements IRequestListener {
         for (int i = 0; i < certs.length; i++) {
             X509CertImpl xcert = (X509CertImpl) certs[i];
 
-            if (xcert == null) 
+            if (xcert == null)
                 continue;
             try {
                 mProcessor.publishCert(xcert, r);
-		
+
                 results[i] = IRequest.RES_SUCCESS;
                 CMS.debug(
-                    "acceptX509: Published cert serial no 0x" +
-                    xcert.getSerialNumber().toString(16));
-                //mProcessor.setPublishedFlag(xcert.getSerialNumber(), true);
+                        "acceptX509: Published cert serial no 0x" +
+                                xcert.getSerialNumber().toString(16));
+                // mProcessor.setPublishedFlag(xcert.getSerialNumber(), true);
             } catch (ELdapException e) {
-                mProcessor.log(ILogger.LL_FAILURE, 
-			CMS.getLogMessage("CMSCORE_LDAP_CERT_NOT_PUBLISH",
-                    xcert.getSerialNumber().toString(16), e.toString()));
+                mProcessor.log(ILogger.LL_FAILURE,
+                        CMS.getLogMessage("CMSCORE_LDAP_CERT_NOT_PUBLISH",
+                                xcert.getSerialNumber().toString(16), e.toString()));
                 results[i] = IRequest.RES_ERROR;
                 error = true;
             }
         }
         r.setExtData("ldapPublishStatus", results);
         r.setExtData("ldapPublishOverAllStatus",
-            (error == true ? IRequest.RES_ERROR : IRequest.RES_SUCCESS));
+                (error == true ? IRequest.RES_ERROR : IRequest.RES_SUCCESS));
     }
 }
 
-
 class LdapRenewalListener implements IRequestListener {
     private IPublisherProcessor mProcessor = null;
 
     public LdapRenewalListener(IPublisherProcessor processor) {
         mProcessor = processor;
     }
+
     public void init(ISubsystem sys, IConfigStore config) throws EBaseException {
     }
 
-    public void set(String name, String val)
-    {
+    public void set(String name, String val) {
     }
 
     public void accept(IRequest r) {
-        // Note we do not remove old certs from directory during renewal 
+        // Note we do not remove old certs from directory during renewal
         Certificate[] certs = r.getExtDataInCertArray(IRequest.ISSUED_CERTS);
 
         if (certs == null || certs.length == 0) {
             CMS.debug("no certs to publish for renewal " +
-                "request " + r.getRequestId());
+                    "request " + r.getRequestId());
             return;
         }
-		
+
         if (certs[0] instanceof X509CertImpl)
             acceptX509(r, certs);
     }
-			
+
     public void acceptX509(IRequest r, Certificate[] certs) {
         X509CertImpl cert = null;
 
@@ -288,45 +283,44 @@ class LdapRenewalListener implements IRequestListener {
 
         for (int i = 0; i < certs.length; i++) {
             cert = (X509CertImpl) certs[i];
-            if (cert == null) 
+            if (cert == null)
                 continue; // there was an error issuing this cert.
             try {
                 mProcessor.publishCert(cert, r);
                 results[i] = IRequest.RES_SUCCESS;
-                mProcessor.log(ILogger.LL_INFO, 
-                    "Published cert serial no 0x" +
-                    cert.getSerialNumber().toString(16));
+                mProcessor.log(ILogger.LL_INFO,
+                        "Published cert serial no 0x" +
+                                cert.getSerialNumber().toString(16));
             } catch (ELdapException e) {
                 error = true;
-                mProcessor.log(ILogger.LL_FAILURE, 
-			CMS.getLogMessage("CMSCORE_LDAP_CERT_NOT_PUBLISH",
-                    cert.getSerialNumber().toString(16), e.toString()));
+                mProcessor.log(ILogger.LL_FAILURE,
+                        CMS.getLogMessage("CMSCORE_LDAP_CERT_NOT_PUBLISH",
+                                cert.getSerialNumber().toString(16), e.toString()));
                 results[i] = IRequest.RES_ERROR;
             }
         }
         r.setExtData("ldapPublishStatus", results);
         r.setExtData("ldapPublishOverAllStatus",
-            (error == true ? IRequest.RES_ERROR : IRequest.RES_SUCCESS));
+                (error == true ? IRequest.RES_ERROR : IRequest.RES_SUCCESS));
     }
 }
 
-
 class LdapRevocationListener implements IRequestListener {
     private IPublisherProcessor mProcessor = null;
 
     public LdapRevocationListener(IPublisherProcessor processor) {
         mProcessor = processor;
     }
+
     public void init(ISubsystem sys, IConfigStore config) throws EBaseException {
     }
 
-    public void set(String name, String val)
-    {
+    public void set(String name, String val) {
     }
 
     public void accept(IRequest r) {
         CMS.debug(
-            "Handle publishing for revoke request id " + r.getRequestId());
+                "Handle publishing for revoke request id " + r.getRequestId());
 
         // get fields in request.
         Certificate[] certs = r.getExtDataInCertArray(IRequest.OLD_CERTS);
@@ -334,15 +328,15 @@ class LdapRevocationListener implements IRequestListener {
         if (certs == null || certs.length == 0 || certs[0] == null) {
             // no certs in revoke.
             CMS.debug(
-                "Nothing to unpublish for revocation " +
-                "request " + r.getRequestId());
+                    "Nothing to unpublish for revocation " +
+                            "request " + r.getRequestId());
             return;
         }
-		
+
         if (certs[0] instanceof X509CertImpl)
             acceptX509(r, certs);
     }
-	
+
     public void acceptX509(IRequest r, Certificate[] revcerts) {
         boolean error = false;
         Integer results[] = new Integer[revcerts.length];
@@ -356,15 +350,15 @@ class LdapRevocationListener implements IRequestListener {
                 // We need the enrollment request to sort out predicate
                 BigInteger serial = cert.getSerialNumber();
                 ICertRecord certRecord = null;
-                IAuthority auth = (IAuthority)mProcessor.getAuthority();
+                IAuthority auth = (IAuthority) mProcessor.getAuthority();
 
                 if (auth == null ||
-                    !(auth instanceof ICertificateAuthority)) {
+                        !(auth instanceof ICertificateAuthority)) {
                     mProcessor.log(ILogger.LL_WARN,
-                        "Trying to get a certificate from non certificate authority.");
+                            "Trying to get a certificate from non certificate authority.");
                 } else {
                     ICertificateRepository certdb =
-                        (ICertificateRepository) ((ICertificateAuthority) auth).getCertificateRepository();
+                            (ICertificateRepository) ((ICertificateAuthority) auth).getCertificateRepository();
 
                     if (certdb == null) {
                         mProcessor.log(ILogger.LL_WARN, "Cert DB is null for " + auth);
@@ -373,72 +367,72 @@ class LdapRevocationListener implements IRequestListener {
                             certRecord = (ICertRecord) certdb.readCertificateRecord(serial);
                         } catch (EBaseException e) {
                             mProcessor.log(ILogger.LL_FAILURE,
-				CMS.getLogMessage("CMSCORE_LDAP_GET_CERT_RECORD",
-                                serial.toString(16), e.toString()));
+                                    CMS.getLogMessage("CMSCORE_LDAP_GET_CERT_RECORD",
+                                            serial.toString(16), e.toString()));
                         }
                     }
                 }
 
                 MetaInfo metaInfo = null;
                 String ridString = null;
-				
+
                 if (certRecord != null)
-                    metaInfo = 
+                    metaInfo =
                             (MetaInfo) certRecord.get(ICertRecord.ATTR_META_INFO);
                 if (metaInfo == null) {
-                    mProcessor.log(ILogger.LL_FAILURE,					
-                        "failed getting CertRecord.ATTR_META_INFO for cert serial number 0x" +
-                        serial.toString(16));
+                    mProcessor.log(ILogger.LL_FAILURE,
+                            "failed getting CertRecord.ATTR_META_INFO for cert serial number 0x" +
+                                    serial.toString(16));
                 } else {
                     ridString = (String) metaInfo.get(ICertRecord.META_REQUEST_ID);
                 }
-				
+
                 IRequest req = null;
 
                 if (ridString != null) {
                     RequestId rid = new RequestId(ridString);
-				
+
                     req = auth.getRequestQueue().findRequest(rid);
-                } 
+                }
                 mProcessor.unpublishCert(cert, req);
                 results[i] = IRequest.RES_SUCCESS;
                 CMS.debug(
-                    "Unpublished cert serial no 0x" +
-                    cert.getSerialNumber().toString(16));
+                        "Unpublished cert serial no 0x" +
+                                cert.getSerialNumber().toString(16));
             } catch (ELdapException e) {
                 error = true;
-                mProcessor.log(ILogger.LL_FAILURE, 
-			CMS.getLogMessage("CMSCORE_LDAP_CERT_NOT_UNPUBLISH",
-                    cert.getSerialNumber().toString(16), e.toString()));
+                mProcessor.log(ILogger.LL_FAILURE,
+                        CMS.getLogMessage("CMSCORE_LDAP_CERT_NOT_UNPUBLISH",
+                                cert.getSerialNumber().toString(16), e.toString()));
             } catch (EBaseException e) {
                 error = true;
-                mProcessor.log(ILogger.LL_FAILURE, 
-			CMS.getLogMessage("CMSCORE_LDAP_CERT_NOT_FIND",
-                    cert.getSerialNumber().toString(16), e.toString()));
+                mProcessor.log(ILogger.LL_FAILURE,
+                        CMS.getLogMessage("CMSCORE_LDAP_CERT_NOT_FIND",
+                                cert.getSerialNumber().toString(16), e.toString()));
             }
         }
         r.setExtData("ldapPublishStatus", results);
         r.setExtData("ldapPublishOverAllStatus",
-            (error == true ? IRequest.RES_ERROR : IRequest.RES_SUCCESS));
+                (error == true ? IRequest.RES_ERROR : IRequest.RES_SUCCESS));
     }
 }
 
-
 class LdapUnrevocationListener implements IRequestListener {
     private IPublisherProcessor mProcessor = null;
 
     public LdapUnrevocationListener(IPublisherProcessor processor) {
         mProcessor = processor;
     }
+
     public void init(ISubsystem sys, IConfigStore config) throws EBaseException {
     }
-    public void set(String name, String val)
-    {
+
+    public void set(String name, String val) {
     }
 
     public void accept(IRequest r) {
         CMS.debug(
-            "Handle publishing for unrevoke request id " + r.getRequestId());
+                "Handle publishing for unrevoke request id " + r.getRequestId());
 
         // get fields in request.
         Certificate[] certs = r.getExtDataInCertArray(IRequest.OLD_CERTS);
@@ -446,15 +440,15 @@ class LdapUnrevocationListener implements IRequestListener {
         if (certs == null || certs.length == 0 || certs[0] == null) {
             // no certs in unrevoke.
             CMS.debug(
-                "Nothing to publish for unrevocation " +
-                "request " + r.getRequestId());
+                    "Nothing to publish for unrevocation " +
+                            "request " + r.getRequestId());
             return;
         }
-		
+
         if (certs[0] instanceof X509CertImpl)
             acceptX509(r, certs);
     }
-	
+
     public void acceptX509(IRequest r, Certificate[] certs) {
         boolean error = false;
         Integer results[] = new Integer[certs.length];
@@ -467,15 +461,15 @@ class LdapUnrevocationListener implements IRequestListener {
                 // We need the enrollment request to sort out predicate
                 BigInteger serial = xcert.getSerialNumber();
                 ICertRecord certRecord = null;
-                IAuthority auth = (IAuthority)mProcessor.getAuthority();
+                IAuthority auth = (IAuthority) mProcessor.getAuthority();
 
                 if (auth == null ||
-                    !(auth instanceof ICertificateAuthority)) {
+                        !(auth instanceof ICertificateAuthority)) {
                     mProcessor.log(ILogger.LL_WARN,
-                        "Trying to get a certificate from non certificate authority.");
+                            "Trying to get a certificate from non certificate authority.");
                 } else {
                     ICertificateRepository certdb = (ICertificateRepository)
-                        ((ICertificateAuthority) auth).getCertificateRepository();
+                            ((ICertificateAuthority) auth).getCertificateRepository();
 
                     if (certdb == null) {
                         mProcessor.log(ILogger.LL_WARN, "Cert DB is null for " + auth);
@@ -484,52 +478,51 @@ class LdapUnrevocationListener implements IRequestListener {
                             certRecord = (ICertRecord) certdb.readCertificateRecord(serial);
                         } catch (EBaseException e) {
                             mProcessor.log(ILogger.LL_FAILURE,
-				CMS.getLogMessage("CMSCORE_LDAP_GET_CERT_RECORD",  serial.toString(16), e.toString()));
+                                    CMS.getLogMessage("CMSCORE_LDAP_GET_CERT_RECORD", serial.toString(16), e.toString()));
                         }
                     }
                 }
 
                 MetaInfo metaInfo = null;
                 String ridString = null;
-				
+
                 if (certRecord != null)
-                    metaInfo = 
+                    metaInfo =
                             (MetaInfo) certRecord.get(CertRecord.ATTR_META_INFO);
                 if (metaInfo == null) {
-                    mProcessor.log(ILogger.LL_FAILURE,					
-                        "Failed getting CertRecord.ATTR_META_INFO for cert serial number 0x" +
-                        serial.toString(16));
+                    mProcessor.log(ILogger.LL_FAILURE,
+                            "Failed getting CertRecord.ATTR_META_INFO for cert serial number 0x" +
+                                    serial.toString(16));
                 } else {
                     ridString = (String) metaInfo.get(CertRecord.META_REQUEST_ID);
                 }
-				
+
                 IRequest req = null;
 
                 if (ridString != null) {
                     RequestId rid = new RequestId(ridString);
-				
+
                     req = auth.getRequestQueue().findRequest(rid);
-                } 
+                }
                 mProcessor.publishCert(xcert, req);
                 results[i] = IRequest.RES_SUCCESS;
                 CMS.debug(
-                    "Published cert serial no 0x" +
-                    xcert.getSerialNumber().toString(16));
+                        "Published cert serial no 0x" +
+                                xcert.getSerialNumber().toString(16));
             } catch (ELdapException e) {
                 error = true;
-                mProcessor.log(ILogger.LL_FAILURE, 
-			CMS.getLogMessage("CMSCORE_LDAP_CERT_NOT_PUBLISH",
-                    xcert.getSerialNumber().toString(16), e.toString()));
+                mProcessor.log(ILogger.LL_FAILURE,
+                        CMS.getLogMessage("CMSCORE_LDAP_CERT_NOT_PUBLISH",
+                                xcert.getSerialNumber().toString(16), e.toString()));
             } catch (EBaseException e) {
                 error = true;
-                mProcessor.log(ILogger.LL_FAILURE, 
-			CMS.getLogMessage("CMSCORE_LDAP_CERT_NOT_FIND",
-                    xcert.getSerialNumber().toString(16), e.toString()));
-            } 
+                mProcessor.log(ILogger.LL_FAILURE,
+                        CMS.getLogMessage("CMSCORE_LDAP_CERT_NOT_FIND",
+                                xcert.getSerialNumber().toString(16), e.toString()));
+            }
         }
         r.setExtData("ldapPublishStatus", results);
         r.setExtData("ldapPublishOverAllStatus",
-            (error == true ? IRequest.RES_ERROR : IRequest.RES_SUCCESS));
+                (error == true ? IRequest.RES_ERROR : IRequest.RES_SUCCESS));
     }
 }
-
diff --git a/pki/base/common/src/com/netscape/cmscore/ldap/LdapRule.java b/pki/base/common/src/com/netscape/cmscore/ldap/LdapRule.java
index 233cbf87..53da0f35 100644
--- a/pki/base/common/src/com/netscape/cmscore/ldap/LdapRule.java
+++ b/pki/base/common/src/com/netscape/cmscore/ldap/LdapRule.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cmscore.ldap;
 
-
 import java.util.Enumeration;
 import java.util.Locale;
 import java.util.Vector;
@@ -30,8 +29,7 @@ import com.netscape.certsrv.publish.ILdapRule;
 import com.netscape.certsrv.publish.IPublisherProcessor;
 import com.netscape.cmscore.util.Debug;
 
-
-/** 
+/**
  * The publishing rule that links mapper and publisher together.
  */
 public class LdapRule implements ILdapRule, IExtendedPluginInfo {
@@ -43,15 +41,15 @@ public class LdapRule implements ILdapRule, IExtendedPluginInfo {
 
     private IPublisherProcessor mProcessor = null;
 
-    private static String[] epi_params = null;  // extendedpluginInfo
+    private static String[] epi_params = null; // extendedpluginInfo
 
     public IConfigStore getConfigStore() {
         return mConfig;
     }
 
     public String[] getExtendedPluginInfo(Locale locale) {
-        //dont know why it's null here.
-        //if (mProcessor == null) System.out.println("p null");
+        // dont know why it's null here.
+        // if (mProcessor == null) System.out.println("p null");
 
         if (Debug.ON) {
             Debug.trace("LdapRule: getExtendedPluginInfo() - returning epi_params:");
@@ -61,7 +59,7 @@ public class LdapRule implements ILdapRule, IExtendedPluginInfo {
         }
         return epi_params;
     }
-	
+
     public void init(IPublisherProcessor processor, IConfigStore config) throws EBaseException {
         mConfig = config;
 
@@ -72,14 +70,14 @@ public class LdapRule implements ILdapRule, IExtendedPluginInfo {
         String map = NOMAPPER;
 
         for (; mappers.hasMoreElements();) {
-            String name =  mappers.nextElement();
+            String name = mappers.nextElement();
 
             map = map + "," + name;
         }
         String publish = "";
 
         for (; publishers.hasMoreElements();) {
-            String name =  publishers.nextElement();
+            String name = publishers.nextElement();
 
             publish = publish + "," + name;
         }
@@ -94,7 +92,7 @@ public class LdapRule implements ILdapRule, IExtendedPluginInfo {
 
         // Read the predicate expression if any associated
         // with the rule
-        String exp = config.getString(IPublisherProcessor.PROP_PREDICATE, null);		
+        String exp = config.getString(IPublisherProcessor.PROP_PREDICATE, null);
 
         if (exp != null)
             exp = exp.trim();
@@ -103,14 +101,13 @@ public class LdapRule implements ILdapRule, IExtendedPluginInfo {
 
             setPredicate(filterExp);
         }
-        //if (mProcessor == null) System.out.println("null");
+        // if (mProcessor == null) System.out.println("null");
 
     }
 
     /**
-     * The init method in ILdapPlugin
-     * It can not set set mapper,publisher choice for console dynamicly
-     * Should not use this method to init.
+     * The init method in ILdapPlugin It can not set set mapper,publisher choice
+     * for console dynamicly Should not use this method to init.
      */
     public void init(IConfigStore config) throws EBaseException {
         mConfig = config;
@@ -125,7 +122,7 @@ public class LdapRule implements ILdapRule, IExtendedPluginInfo {
 
         // Read the predicate expression if any associated
         // with the rule
-        String exp = config.getString(IPublisherProcessor.PROP_PREDICATE, null);		
+        String exp = config.getString(IPublisherProcessor.PROP_PREDICATE, null);
 
         if (exp != null)
             exp = exp.trim();
@@ -169,8 +166,8 @@ public class LdapRule implements ILdapRule, IExtendedPluginInfo {
      * Returns the current instance parameters.
      */
     public Vector<String> getInstanceParams() {
-        //if (mProcessor == null) System.out.println("xxxxnull");
-        //dont know why the processor was null in getExtendedPluginInfo()
+        // if (mProcessor == null) System.out.println("xxxxnull");
+        // dont know why the processor was null in getExtendedPluginInfo()
         Enumeration<String> mappers = mProcessor.getMapperInsts().keys();
         Enumeration<String> publishers = mProcessor.getPublisherInsts().keys();
         String map = NOMAPPER;
@@ -189,31 +186,34 @@ public class LdapRule implements ILdapRule, IExtendedPluginInfo {
         }
 
         /*
-         mExtendedPluginInfo = new NameValuePairs();
-         mExtendedPluginInfo.add("type","choice(client,server,objSignClient,smime,ca,crl);The publishing object type");
-         mExtendedPluginInfo.add("mapper","choice("+map+");Use the mapper to find the ldap dn \nto publish the certificate or crl");
-         mExtendedPluginInfo.add("publisher","choice("+publish+");Use the publisher to publish the certificate or crl a directory etc");
-         mExtendedPluginInfo.add("enable","boolean;");
-         mExtendedPluginInfo.add("predicate","string;");
+         * mExtendedPluginInfo = new NameValuePairs();
+         * mExtendedPluginInfo.add("type",
+         * "choice(client,server,objSignClient,smime,ca,crl);The publishing object type"
+         * ); mExtendedPluginInfo.add("mapper","choice("+map+
+         * ");Use the mapper to find the ldap dn \nto publish the certificate or crl"
+         * ); mExtendedPluginInfo.add("publisher","choice("+publish+
+         * ");Use the publisher to publish the certificate or crl a directory etc"
+         * ); mExtendedPluginInfo.add("enable","boolean;");
+         * mExtendedPluginInfo.add("predicate","string;");
          */
 
         Vector<String> v = new Vector<String>();
 
         try {
-            v.addElement(IPublisherProcessor.PROP_TYPE + "=" + 
-                mConfig.getString(IPublisherProcessor.PROP_TYPE, ""));
-            v.addElement(IPublisherProcessor.PROP_PREDICATE + "=" + 
-                mConfig.getString(IPublisherProcessor.PROP_PREDICATE, 
-                    ""));
-            v.addElement(IPublisherProcessor.PROP_ENABLE + "=" + 
-                mConfig.getString(IPublisherProcessor.PROP_ENABLE, 
-                    ""));
-            v.addElement(IPublisherProcessor.PROP_MAPPER + "=" + 
-                mConfig.getString(IPublisherProcessor.PROP_MAPPER, 
-                    ""));
-            v.addElement(IPublisherProcessor.PROP_PUBLISHER + "=" + 
-                mConfig.getString(IPublisherProcessor.PROP_PUBLISHER, 
-                    ""));
+            v.addElement(IPublisherProcessor.PROP_TYPE + "=" +
+                    mConfig.getString(IPublisherProcessor.PROP_TYPE, ""));
+            v.addElement(IPublisherProcessor.PROP_PREDICATE + "=" +
+                    mConfig.getString(IPublisherProcessor.PROP_PREDICATE,
+                            ""));
+            v.addElement(IPublisherProcessor.PROP_ENABLE + "=" +
+                    mConfig.getString(IPublisherProcessor.PROP_ENABLE,
+                            ""));
+            v.addElement(IPublisherProcessor.PROP_MAPPER + "=" +
+                    mConfig.getString(IPublisherProcessor.PROP_MAPPER,
+                            ""));
+            v.addElement(IPublisherProcessor.PROP_PUBLISHER + "=" +
+                    mConfig.getString(IPublisherProcessor.PROP_PUBLISHER,
+                            ""));
         } catch (EBaseException e) {
         }
         return v;
@@ -222,8 +222,8 @@ public class LdapRule implements ILdapRule, IExtendedPluginInfo {
     /**
      * Sets a predicate expression for rule matching.
      * <P>
-     *
-     * @param exp   The predicate expression for the rule.
+     * 
+     * @param exp The predicate expression for the rule.
      */
     public void setPredicate(ILdapExpression exp) {
         mFilterExp = exp;
@@ -232,7 +232,7 @@ public class LdapRule implements ILdapRule, IExtendedPluginInfo {
     /**
      * Returns the predicate expression for the rule.
      * <P>
-     *
+     * 
      * @return The predicate expression for the rule.
      */
     public ILdapExpression getPredicate() {
@@ -242,7 +242,7 @@ public class LdapRule implements ILdapRule, IExtendedPluginInfo {
     public String getMapper() {
         try {
             String map =
-                mConfig.getString(IPublisherProcessor.PROP_MAPPER, "");
+                    mConfig.getString(IPublisherProcessor.PROP_MAPPER, "");
 
             if (map != null)
                 map = map.trim();
@@ -275,10 +275,10 @@ public class LdapRule implements ILdapRule, IExtendedPluginInfo {
 
     public boolean enabled() {
         try {
-            boolean enable = 
-                mConfig.getBoolean(IPublisherProcessor.PROP_ENABLE, false);
+            boolean enable =
+                    mConfig.getBoolean(IPublisherProcessor.PROP_ENABLE, false);
 
-            //System.out.println(enable);
+            // System.out.println(enable);
             return enable;
         } catch (EBaseException e) {
         }
diff --git a/pki/base/common/src/com/netscape/cmscore/ldap/LdapSimpleExpression.java b/pki/base/common/src/com/netscape/cmscore/ldap/LdapSimpleExpression.java
index a2a7e558..1c9b074d 100644
--- a/pki/base/common/src/com/netscape/cmscore/ldap/LdapSimpleExpression.java
+++ b/pki/base/common/src/com/netscape/cmscore/ldap/LdapSimpleExpression.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cmscore.ldap;
 
-
 import java.util.Enumeration;
 import java.util.Vector;
 
@@ -28,13 +27,12 @@ import com.netscape.certsrv.publish.ILdapExpression;
 import com.netscape.certsrv.request.IRequest;
 import com.netscape.cmscore.util.AssertionException;
 
-
 /**
- * This class represents an expression of the form var = val,
- * var != val, var < val, var > val, var <= val, var >= val.
- *
+ * This class represents an expression of the form var = val, var != val, var <
+ * val, var > val, var <= val, var >= val.
+ * 
  * Expressions are used as predicates for publishing rule selection.
- *
+ * 
  * @author mzhao
  * @version $Revision$, $Date$
  */
@@ -47,11 +45,11 @@ public class LdapSimpleExpression implements ILdapExpression {
     private boolean hasWildCard;
     public static final char WILDCARD_CHAR = '*';
 
-    // This is just for indicating a null expression. 
+    // This is just for indicating a null expression.
     public static LdapSimpleExpression NULL_EXPRESSION = new LdapSimpleExpression("null", OP_EQUAL, "null");
 
     public static ILdapExpression parse(String input)
-        throws ELdapException {
+            throws ELdapException {
         // Get the index of operator
         // Debug.trace("LdapSimpleExpression::input: " + input);
         String var = null;
@@ -73,7 +71,7 @@ public class LdapSimpleExpression implements ILdapExpression {
             comps = parseForLT(input);
         if (comps == null)
             throw new ELdapException(CMS.getUserMessage("CMS_LDAP_BAD_LDAP_EXPRESSION", input));
-	
+
         String pfx = null;
         String rawVar = comps.getAttr();
         int dotIdx = rawVar.indexOf('.');
@@ -119,23 +117,23 @@ public class LdapSimpleExpression implements ILdapExpression {
     }
 
     public boolean evaluate(SessionContext sc)
-        throws ELdapException {
+            throws ELdapException {
         Object givenVal;
 
         try {
             // Try exact case first.
             givenVal = (String) sc.get(mVar);
-        }catch (Exception e) {
+        } catch (Exception e) {
             givenVal = (String) null;
         }
 
         // It is kind of a problem here if all letters are in
-        // lowercase or in upperCase -  for example in the case
+        // lowercase or in upperCase - for example in the case
         // of directory attributes.
         if (givenVal == null) {
             try {
                 givenVal = (String) sc.get(mVar.toLowerCase());
-            }catch (Exception e) {
+            } catch (Exception e) {
                 givenVal = (String) null;
             }
         }
@@ -143,12 +141,13 @@ public class LdapSimpleExpression implements ILdapExpression {
         if (givenVal == null) {
             try {
                 givenVal = (String) sc.get(mVar.toUpperCase());
-            }catch (Exception e) {
+            } catch (Exception e) {
                 givenVal = (String) null;
             }
         }
 
-        // Debug.trace("mVar: " + mVar + ",Given Value: " + givenVal + ", Value to compare with: " + mVal);
+        // Debug.trace("mVar: " + mVar + ",Given Value: " + givenVal +
+        // ", Value to compare with: " + mVal);
         boolean result = false;
 
         result = matchValue(givenVal);
@@ -158,7 +157,7 @@ public class LdapSimpleExpression implements ILdapExpression {
     }
 
     public boolean evaluate(IRequest req)
-        throws ELdapException {
+            throws ELdapException {
         boolean result = false;
         // mPfx and mVar are looked up case-indendently
         if (mPfx != null) {
@@ -170,7 +169,7 @@ public class LdapSimpleExpression implements ILdapExpression {
     }
 
     private boolean matchVector(Vector value)
-        throws ELdapException {
+            throws ELdapException {
         boolean result = false;
         Enumeration e = (Enumeration) value.elements();
 
@@ -183,7 +182,7 @@ public class LdapSimpleExpression implements ILdapExpression {
     }
 
     private boolean matchStringArray(String[] value)
-        throws ELdapException {
+            throws ELdapException {
         boolean result = false;
 
         for (int i = 0; i < value.length; i++) {
@@ -195,7 +194,7 @@ public class LdapSimpleExpression implements ILdapExpression {
     }
 
     private boolean matchValue(Object value)
-        throws ELdapException {
+            throws ELdapException {
         boolean result;
 
         // There is nothing to compare with!
@@ -219,7 +218,7 @@ public class LdapSimpleExpression implements ILdapExpression {
     }
 
     private boolean matchStringValue(String givenVal)
-        throws ELdapException {
+            throws ELdapException {
         boolean result;
 
         switch (mOp) {
@@ -260,7 +259,7 @@ public class LdapSimpleExpression implements ILdapExpression {
     }
 
     private boolean matchIntegerValue(Integer intVal)
-        throws ELdapException {
+            throws ELdapException {
         boolean result;
         int storedVal;
         int givenVal = intVal.intValue();
@@ -303,12 +302,11 @@ public class LdapSimpleExpression implements ILdapExpression {
     }
 
     private boolean matchBooleanValue(Boolean givenVal)
-        throws ELdapException {
+            throws ELdapException {
         boolean result;
         Boolean storedVal;
 
-        if (!(mVal.equalsIgnoreCase("true") ||
-                mVal.equalsIgnoreCase("false")))
+        if (!(mVal.equalsIgnoreCase("true") || mVal.equalsIgnoreCase("false")))
             throw new ELdapException(CMS.getUserMessage("CMS_LDAP_INVALID_ATTR_VALUE",
                     mVal));
         storedVal = new Boolean(mVal);
@@ -359,7 +357,7 @@ public class LdapSimpleExpression implements ILdapExpression {
             op = ILdapExpression.LE_STR;
             break;
         }
-        if (mPfx != null && mPfx.length() > 0) 
+        if (mPfx != null && mPfx.length() > 0)
             return mPfx + "." + mVar + " " + op + " " + mVal;
         else
             return mVar + " " + op + " " + mVal;
@@ -450,7 +448,6 @@ public class LdapSimpleExpression implements ILdapExpression {
     }
 }
 
-
 class ExpressionComps {
     String attr;
     int op;
@@ -474,4 +471,3 @@ class ExpressionComps {
         return val;
     }
 }
-
diff --git a/pki/base/common/src/com/netscape/cmscore/ldap/PublishObject.java b/pki/base/common/src/com/netscape/cmscore/ldap/PublishObject.java
index fc2ace23..940330d6 100644
--- a/pki/base/common/src/com/netscape/cmscore/ldap/PublishObject.java
+++ b/pki/base/common/src/com/netscape/cmscore/ldap/PublishObject.java
@@ -17,11 +17,9 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cmscore.ldap;
 
-
 import netscape.security.x509.X509CRLImpl;
 import netscape.security.x509.X509CertImpl;
 
-
 /**
  * The object to publish or unpublish: a certificate or a CRL
  */
@@ -32,7 +30,7 @@ public class PublishObject {
     private String mObjectType = null;
     private X509CertImpl mCert = null;
     private X509CertImpl[] mCerts = null;
-    private X509CRLImpl mCRL = null;	
+    private X509CRLImpl mCRL = null;
     private int mIndex = 0;
 
     public PublishObject() {
diff --git a/pki/base/common/src/com/netscape/cmscore/ldap/PublisherProcessor.java b/pki/base/common/src/com/netscape/cmscore/ldap/PublisherProcessor.java
index 57e39aef..68519be2 100644
--- a/pki/base/common/src/com/netscape/cmscore/ldap/PublisherProcessor.java
+++ b/pki/base/common/src/com/netscape/cmscore/ldap/PublisherProcessor.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cmscore.ldap;
 
-
 import java.math.BigInteger;
 import java.security.cert.X509CRL;
 import java.security.cert.X509Certificate;
@@ -61,9 +60,8 @@ import com.netscape.certsrv.request.IRequestNotifier;
 import com.netscape.cmscore.dbs.CertRecord;
 import com.netscape.cmscore.util.Debug;
 
-
 public class PublisherProcessor implements
-		IPublisherProcessor, IXcertPublisherProcessor {
+        IPublisherProcessor, IXcertPublisherProcessor {
 
     public Hashtable<String, PublisherPlugin> mPublisherPlugins = new Hashtable<String, PublisherPlugin>();
     public Hashtable<String, PublisherProxy> mPublisherInsts = new Hashtable<String, PublisherProxy>();
@@ -73,7 +71,7 @@ public class PublisherProcessor implements
     public Hashtable<String, ILdapRule> mRuleInsts = new Hashtable<String, ILdapRule>();
 
     /**
-     protected PublishRuleSet mRuleSet = null;
+     * protected PublishRuleSet mRuleSet = null;
      **/
     protected LdapConnModule mLdapConnModule = null;
 
@@ -94,7 +92,7 @@ public class PublisherProcessor implements
     public String getId() {
         return mId;
     }
-		
+
     public void setId(String id) {
         mId = id;
     }
@@ -104,7 +102,7 @@ public class PublisherProcessor implements
     }
 
     public void init(ISubsystem authority, IConfigStore config)
-        throws EBaseException {
+            throws EBaseException {
         mConfig = config;
         mAuthority = (ICertAuthority) authority;
 
@@ -124,20 +122,20 @@ public class PublisherProcessor implements
         if (Debug.ON)
             Debug.trace("loaded publisher plugins");
 
-            // load publisher instances
+        // load publisher instances
         c = publisherConfig.getSubStore(PROP_INSTANCE);
         Enumeration<String> instances = c.getSubStoreNames();
 
         while (instances.hasMoreElements()) {
             String insName = (String) instances.nextElement();
-            String implName = c.getString(insName + "." + 
+            String implName = c.getString(insName + "." +
                     PROP_PLUGIN);
             PublisherPlugin plugin =
-                (PublisherPlugin) mPublisherPlugins.get(implName);
+                    (PublisherPlugin) mPublisherPlugins.get(implName);
 
-            if (plugin == null) { 
-                log(ILogger.LL_FAILURE, 
-			CMS.getLogMessage("CMSCORE_LDAP_PLUGIN_NOT_FIND", implName));
+            if (plugin == null) {
+                log(ILogger.LL_FAILURE,
+                        CMS.getLogMessage("CMSCORE_LDAP_PLUGIN_NOT_FIND", implName));
                 throw new ELdapException(implName);
             }
             String className = plugin.getClassPath();
@@ -149,8 +147,8 @@ public class PublisherProcessor implements
             try {
                 publisherInst = (ILdapPublisher)
                         Class.forName(className).newInstance();
-                IConfigStore pConfig = 
-                    c.getSubStore(insName);
+                IConfigStore pConfig =
+                        c.getSubStore(insName);
 
                 publisherInst.init(pConfig);
                 isEnable = true;
@@ -188,8 +186,8 @@ public class PublisherProcessor implements
             }
 
             // add publisher instance to list.
-            mPublisherInsts.put(insName, new 
-                PublisherProxy(isEnable, publisherInst));
+            mPublisherInsts.put(insName, new
+                    PublisherProxy(isEnable, publisherInst));
             log(ILogger.LL_INFO, "publisher instance " + insName + " added");
             if (Debug.ON)
                 Debug.trace("loaded publisher instance " + insName + " impl " + implName);
@@ -210,19 +208,19 @@ public class PublisherProcessor implements
         if (Debug.ON)
             Debug.trace("loaded mapper plugins");
 
-            // load mapper instances
+        // load mapper instances
         c = mapperConfig.getSubStore(PROP_INSTANCE);
         instances = c.getSubStoreNames();
         while (instances.hasMoreElements()) {
             String insName = (String) instances.nextElement();
-            String implName = c.getString(insName + "." + 
+            String implName = c.getString(insName + "." +
                     PROP_PLUGIN);
             MapperPlugin plugin =
-                (MapperPlugin) mMapperPlugins.get(implName);
+                    (MapperPlugin) mMapperPlugins.get(implName);
 
-            if (plugin == null) { 
-                log(ILogger.LL_FAILURE, 
-			CMS.getLogMessage("CMSCORE_LDAP_MAPPER_NOT_FIND", implName));
+            if (plugin == null) {
+                log(ILogger.LL_FAILURE,
+                        CMS.getLogMessage("CMSCORE_LDAP_MAPPER_NOT_FIND", implName));
                 throw new ELdapException(implName);
             }
             String className = plugin.getClassPath();
@@ -230,15 +228,15 @@ public class PublisherProcessor implements
             if (Debug.ON)
                 Debug.trace("loaded mapper className=" + className);
 
-                // Instantiate and init the mapper
+            // Instantiate and init the mapper
             boolean isEnable = false;
             ILdapMapper mapperInst = null;
 
             try {
                 mapperInst = (ILdapMapper)
                         Class.forName(className).newInstance();
-                IConfigStore mConfig = 
-                    c.getSubStore(insName);
+                IConfigStore mConfig =
+                        c.getSubStore(insName);
 
                 mapperInst.init(mConfig);
                 isEnable = true;
@@ -294,19 +292,19 @@ public class PublisherProcessor implements
         if (Debug.ON)
             Debug.trace("loaded rule plugins");
 
-            // load rule instances
+        // load rule instances
         c = ruleConfig.getSubStore(PROP_INSTANCE);
         instances = c.getSubStoreNames();
         while (instances.hasMoreElements()) {
             String insName = (String) instances.nextElement();
-            String implName = c.getString(insName + "." + 
+            String implName = c.getString(insName + "." +
                     PROP_PLUGIN);
             RulePlugin plugin =
-                (RulePlugin) mRulePlugins.get(implName);
+                    (RulePlugin) mRulePlugins.get(implName);
 
-            if (plugin == null) { 
-                log(ILogger.LL_FAILURE, 
-			CMS.getLogMessage("CMSCORE_LDAP_RULE_NOT_FIND", implName));
+            if (plugin == null) {
+                log(ILogger.LL_FAILURE,
+                        CMS.getLogMessage("CMSCORE_LDAP_RULE_NOT_FIND", implName));
                 throw new ELdapException(implName);
             }
             String className = plugin.getClassPath();
@@ -314,7 +312,7 @@ public class PublisherProcessor implements
             if (Debug.ON)
                 Debug.trace("loaded rule className=" + className);
 
-                // Instantiate and init the rule
+            // Instantiate and init the rule
             IConfigStore mConfig = null;
 
             try {
@@ -330,8 +328,8 @@ public class PublisherProcessor implements
                 if (Debug.ON)
                     Debug.trace("ADDING RULE " + insName + "  " + ruleInst);
                 mRuleInsts.put(insName, ruleInst);
-                log(ILogger.LL_INFO, "rule instance " + 
-                    insName + " added");
+                log(ILogger.LL_INFO, "rule instance " +
+                        insName + " added");
             } catch (ClassNotFoundException e) {
                 String errMsg = "PublisherProcessor:: init()-" + e.toString();
 
@@ -351,8 +349,8 @@ public class PublisherProcessor implements
                 if (mConfig == null) {
                     throw new ELdapException(CMS.getUserMessage("CMS_LDAP_FAIL_LOAD_CLASS", className));
                 }
-                mConfig.putString(ILdapRule.PROP_ENABLE, 
-                    "false");
+                mConfig.putString(ILdapRule.PROP_ENABLE,
+                        "false");
                 log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_LDAP_SKIP_RULE", insName, e.toString()));
                 // Let the server continue if it is a
                 // mis-configuration. But the instance
@@ -372,40 +370,40 @@ public class PublisherProcessor implements
     /**
      * Retrieves LDAP connection module.
      * <P>
-     *
+     * 
      * @return LDAP connection instance
      */
     public ILdapConnModule getLdapConnModule() {
         return mLdapConnModule;
     }
-	
+
     public void setLdapConnModule(ILdapConnModule m) {
-        mLdapConnModule = (LdapConnModule)m;
+        mLdapConnModule = (LdapConnModule) m;
     }
-		
+
     /**
      * init ldap connection
      */
     private void initLdapConn(IConfigStore ldapConfig)
-        throws EBaseException {
+            throws EBaseException {
         IConfigStore c = ldapConfig;
 
         try {
-            //c = authConfig.getSubStore(PROP_LDAP_PUBLISH_SUBSTORE);
+            // c = authConfig.getSubStore(PROP_LDAP_PUBLISH_SUBSTORE);
             if (c != null && c.size() > 0) {
                 mLdapConnModule = new LdapConnModule();
                 mLdapConnModule.init(this, c);
                 CMS.debug("LdapPublishing connection inited");
             } else {
-                log(ILogger.LL_FAILURE, 
-                    "No Ldap Module configuration found");
+                log(ILogger.LL_FAILURE,
+                        "No Ldap Module configuration found");
                 throw new ELdapException(
-                  CMS.getUserMessage("CMS_LDAP_NO_LDAP_PUBLISH_CONFIG_FOUND"));
+                        CMS.getUserMessage("CMS_LDAP_NO_LDAP_PUBLISH_CONFIG_FOUND"));
             }
 
         } catch (ELdapException e) {
-            log(ILogger.LL_FAILURE, 
-                "Ldap Publishing Module failed with " + e);
+            log(ILogger.LL_FAILURE,
+                    "Ldap Publishing Module failed with " + e);
             throw new ELdapException(CMS.getUserMessage("CMS_LDAP_INIT_LDAP_PUBLISH_MODULE_FAILED", e.toString()));
         }
     }
@@ -434,9 +432,9 @@ public class PublisherProcessor implements
                 CMS.debug("PublisherProcessor: startup: Publishing Queue Enabled: " + isPublishingQueueEnabled +
                           "  Priority Level: " + publishingQueuePriorityLevel +
                           "  Maximum Number of Threads: " + maxNumberOfPublishingThreads +
-                          "  Page Size: "+ publishingQueuePageSize);
-                IRequestNotifier reqNotifier = ((ICertificateAuthority)mAuthority).getRequestNotifier();
-                reqNotifier.setPublishingQueue (isPublishingQueueEnabled,
+                          "  Page Size: " + publishingQueuePageSize);
+                IRequestNotifier reqNotifier = ((ICertificateAuthority) mAuthority).getRequestNotifier();
+                reqNotifier.setPublishingQueue(isPublishingQueueEnabled,
                                                 publishingQueuePriorityLevel,
                                                 maxNumberOfPublishingThreads,
                                                 publishingQueuePageSize,
@@ -452,11 +450,11 @@ public class PublisherProcessor implements
                 mLdapConnModule.getLdapConnFactory().reset();
             }
             if (mLdapRequestListener != null) {
-                //mLdapRequestListener.shutdown();
+                // mLdapRequestListener.shutdown();
                 mAuthority.removeRequestListener(mLdapRequestListener);
             }
-        } catch (Exception e) { 
-            // ignore 
+        } catch (Exception e) {
+            // ignore
         }
     }
 
@@ -484,12 +482,12 @@ public class PublisherProcessor implements
         return mPublisherInsts;
     }
 
-    //certType can be client,server,ca,crl,smime
-    //XXXshould make it static to make it faster
+    // certType can be client,server,ca,crl,smime
+    // XXXshould make it static to make it faster
     public Enumeration<ILdapRule> getRules(String publishingType) {
         Vector<ILdapRule> rules = new Vector<ILdapRule>();
         Enumeration<String> e = mRuleInsts.keys();
-			
+
         while (e.hasMoreElements()) {
             String name = (String) e.nextElement();
 
@@ -502,7 +500,7 @@ public class PublisherProcessor implements
                     Debug.trace("rule name is " + name);
             }
 
-            //this is the only rule we support now
+            // this is the only rule we support now
             LdapRule rule = (LdapRule) (mRuleInsts.get(name));
 
             if (rule.enabled() && rule.getType().equals(publishingType)) {
@@ -532,7 +530,7 @@ public class PublisherProcessor implements
 
         Vector<ILdapRule> rules = new Vector<ILdapRule>();
         Enumeration<String> e = mRuleInsts.keys();
-			
+
         while (e.hasMoreElements()) {
             String name = (String) e.nextElement();
 
@@ -545,7 +543,7 @@ public class PublisherProcessor implements
                     Debug.trace("rule name is " + name);
             }
 
-            //this is the only rule we support now
+            // this is the only rule we support now
             LdapRule rule = (LdapRule) (mRuleInsts.get(name));
 
             if (rule.enabled() && rule.getType().equals(publishingType)) {
@@ -562,17 +560,14 @@ public class PublisherProcessor implements
                 rules.addElement(rule);
                 if (Debug.ON)
                     Debug.trace("added rule " + name + " for " + publishingType +
-                        " request: " + req.getRequestId());
+                            " request: " + req.getRequestId());
             }
         }
         return rules.elements();
     }
 
     /**
-     public PublishRuleSet getPublishRuleSet()
-     {
-     return mRuleSet;
-     }
+     * public PublishRuleSet getPublishRuleSet() { return mRuleSet; }
      **/
 
     public Vector<String> getMapperDefaultParams(String implName) throws
@@ -582,13 +577,13 @@ public class PublisherProcessor implements
 
         if (plugin == null) {
             log(ILogger.LL_FAILURE,
-		CMS.getLogMessage("CMSCORE_LDAP_MAPPER_NOT_FIND", implName));
+                    CMS.getLogMessage("CMSCORE_LDAP_MAPPER_NOT_FIND", implName));
             throw new ELdapException(implName);
         }
-			
+
         // XXX can find an instance of this plugin in existing
         // mapper instances to avoid instantiation just for this.
-			
+
         // a temporary instance
         ILdapMapper mapperInst = null;
         String className = plugin.getClassPath();
@@ -632,17 +627,17 @@ public class PublisherProcessor implements
             ELdapException {
         // is this a registered implname?
         PublisherPlugin plugin = (PublisherPlugin)
-            mPublisherPlugins.get(implName);
+                mPublisherPlugins.get(implName);
 
         if (plugin == null) {
             log(ILogger.LL_FAILURE,
-		CMS.getLogMessage("CMSCORE_LDAP_PLUGIN_NOT_FIND", implName));
+                    CMS.getLogMessage("CMSCORE_LDAP_PLUGIN_NOT_FIND", implName));
             throw new ELdapException(implName);
         }
-			
+
         // XXX can find an instance of this plugin in existing
         // publisher instantces to avoid instantiation just for this.
-			
+
         // a temporary instance
         ILdapPublisher publisherInst = null;
         String className = plugin.getClassPath();
@@ -667,7 +662,7 @@ public class PublisherProcessor implements
 
     public boolean isMapperInstanceEnable(String insName) {
         MapperProxy proxy = (MapperProxy)
-            mMapperInsts.get(insName);
+                mMapperInsts.get(insName);
 
         if (proxy == null) {
             return false;
@@ -696,7 +691,7 @@ public class PublisherProcessor implements
 
     public boolean isPublisherInstanceEnable(String insName) {
         PublisherProxy proxy = (PublisherProxy)
-            mPublisherInsts.get(insName);
+                mPublisherInsts.get(insName);
 
         if (proxy == null) {
             return false;
@@ -706,20 +701,20 @@ public class PublisherProcessor implements
 
     public ILdapPublisher getActivePublisherInstance(String insName) {
         PublisherProxy proxy = (PublisherProxy)
-            mPublisherInsts.get(insName);
+                mPublisherInsts.get(insName);
 
         if (proxy == null) {
             return null;
         }
         if (proxy.isEnable())
             return proxy.getPublisher();
-        else 
+        else
             return null;
     }
 
     public ILdapPublisher getPublisherInstance(String insName) {
         PublisherProxy proxy = (PublisherProxy)
-            mPublisherInsts.get(insName);
+                mPublisherInsts.get(insName);
 
         if (proxy == null) {
             return null;
@@ -746,13 +741,13 @@ public class PublisherProcessor implements
 
         if (plugin == null) {
             log(ILogger.LL_FAILURE,
-		CMS.getLogMessage("CMSCORE_LDAP_RULE_NOT_FIND", implName));
+                    CMS.getLogMessage("CMSCORE_LDAP_RULE_NOT_FIND", implName));
             throw new ELdapException(implName);
         }
-			
+
         // XXX can find an instance of this plugin in existing
         // rule instantces to avoid instantiation just for this.
-			
+
         // a temporary instance
         ILdapRule ruleInst = null;
         String className = plugin.getClassPath();
@@ -760,7 +755,7 @@ public class PublisherProcessor implements
         try {
             ruleInst = (ILdapRule)
                     Class.forName(className).newInstance();
-			
+
             Vector<String> v = ruleInst.getDefaultParams();
 
             return v;
@@ -783,13 +778,13 @@ public class PublisherProcessor implements
 
         if (plugin == null) {
             log(ILogger.LL_FAILURE,
-		CMS.getLogMessage("CMSCORE_LDAP_RULE_NOT_FIND", implName));
+                    CMS.getLogMessage("CMSCORE_LDAP_RULE_NOT_FIND", implName));
             throw new ELdapException(implName);
         }
-		   
+
         // XXX can find an instance of this plugin in existing
         // rule instantces to avoid instantiation just for this.
-		   
+
         // a temporary instance
         ILdapRule ruleInst = null;
         String className = plugin.getClassPath();
@@ -814,11 +809,11 @@ public class PublisherProcessor implements
     }
 
     /**
-     * set published flag - true when published, false when unpublished. 
-     * not exist means not published. 
+     * set published flag - true when published, false when unpublished. not
+     * exist means not published.
      */
     public void setPublishedFlag(BigInteger serialNo, boolean published) {
-        if (!(mAuthority instanceof ICertificateAuthority)) 
+        if (!(mAuthority instanceof ICertificateAuthority))
             return;
         ICertificateAuthority ca = (ICertificateAuthority) mAuthority;
 
@@ -831,19 +826,19 @@ public class PublisherProcessor implements
                 metaInfo = new MetaInfo();
             }
             metaInfo.set(
-                CertRecord.META_LDAPPUBLISH, String.valueOf(published));
+                    CertRecord.META_LDAPPUBLISH, String.valueOf(published));
             ModificationSet modSet = new ModificationSet();
 
-            modSet.add(ICertRecord.ATTR_META_INFO, 
-                Modification.MOD_REPLACE, metaInfo);
+            modSet.add(ICertRecord.ATTR_META_INFO,
+                    Modification.MOD_REPLACE, metaInfo);
             certdb.modifyCertificateRecord(serialNo, modSet);
         } catch (EBaseException e) {
             // not fatal. just log warning.
-            log(ILogger.LL_WARN, 
-                "Cannot mark cert 0x" + serialNo.toString(16) + " published as " + published +
-                " in the ldap directory. Cert Record not found. Error: " +
-                e.toString() + 
-                " Don't be alarmed if it's a subordinate ca or clone's ca siging cert. Otherwise your internal db may be corrupted.");
+            log(ILogger.LL_WARN,
+                    "Cannot mark cert 0x" + serialNo.toString(16) + " published as " + published +
+                            " in the ldap directory. Cert Record not found. Error: " +
+                            e.toString() +
+                            " Don't be alarmed if it's a subordinate ca or clone's ca siging cert. Otherwise your internal db may be corrupted.");
         }
     }
 
@@ -851,7 +846,7 @@ public class PublisherProcessor implements
      * Publish ca cert, UpdateDir.java, jobs, request listeners
      */
     public void publishCACert(X509Certificate cert)
-        throws ELdapException {
+            throws ELdapException {
         boolean error = false;
         String errorRule = "";
 
@@ -860,7 +855,7 @@ public class PublisherProcessor implements
 
         CMS.debug("PublishProcessor::publishCACert");
 
-            // get mapper and publisher for cert type.
+        // get mapper and publisher for cert type.
         Enumeration<ILdapRule> rules = getRules(PROP_LOCAL_CA);
 
         if (rules == null || !rules.hasMoreElements()) {
@@ -869,23 +864,27 @@ public class PublisherProcessor implements
                 return;
             } else {
                 Debug.trace(CMS.getLogMessage("CMSCORE_LDAP_NO_RULE_FOUND", PROP_LOCAL_CA));
-                //log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_LDAP_NO_RULE_FOUND", PROP_LOCAL_CA));
-                //throw new ELdapException(CMS.getUserMessage("CMS_LDAP_NO_RULE_MATCHED", PROP_LOCAL_CA));
+                // log(ILogger.LL_FAILURE,
+                // CMS.getLogMessage("CMSCORE_LDAP_NO_RULE_FOUND",
+                // PROP_LOCAL_CA));
+                // throw new
+                // ELdapException(CMS.getUserMessage("CMS_LDAP_NO_RULE_MATCHED",
+                // PROP_LOCAL_CA));
                 return;
             }
         }
         while (rules.hasMoreElements()) {
             LdapRule rule = (LdapRule) rules.nextElement();
 
-            if( rule == null ) {
-                CMS.debug( "PublisherProcessor::publishCACert() - "
-                         + "rule is null!" );
-                throw new ELdapException( "rule is null" );
+            if (rule == null) {
+                CMS.debug("PublisherProcessor::publishCACert() - "
+                         + "rule is null!");
+                throw new ELdapException("rule is null");
             }
 
             log(ILogger.LL_INFO, "publish certificate type=" + PROP_LOCAL_CA +
-                " rule=" + rule.getInstanceName() + " publisher=" + 
-                rule.getPublisher());
+                    " rule=" + rule.getInstanceName() + " publisher=" +
+                    rule.getPublisher());
 
             try {
                 ILdapMapper mapper = null;
@@ -893,16 +892,19 @@ public class PublisherProcessor implements
                 String mapperName = rule.getMapper();
 
                 if (mapperName != null &&
-                    !mapperName.trim().equals("")) {
+                        !mapperName.trim().equals("")) {
                     mapper = getActiveMapperInstance(mapperName);
                 }
 
-                publishNow(mapper, getActivePublisherInstance(rule.getPublisher()), null/* NO REQUEsT */, cert);
-                log(ILogger.LL_INFO, "published certificate using rule=" + 
-                    rule.getInstanceName());
+                publishNow(mapper, getActivePublisherInstance(rule.getPublisher()), null/*
+                                                                                         * NO
+                                                                                         * REQUEsT
+                                                                                         */, cert);
+                log(ILogger.LL_INFO, "published certificate using rule=" +
+                        rule.getInstanceName());
             } catch (Exception e) {
                 // continue publishing even publisher has errors
-                //log(ILogger.LL_WARN, e.toString());
+                // log(ILogger.LL_WARN, e.toString());
                 CMS.debug("PublisherProcessor::publishCACert returned error: " + e.toString());
                 error = true;
                 errorRule = errorRule + " " + rule.getInstanceName() +
@@ -913,24 +915,22 @@ public class PublisherProcessor implements
         if (!error) {
             setPublishedFlag(cert.getSerialNumber(), true);
         } else {
-            throw new
-                ELdapException(CMS.getUserMessage("CMS_LDAP_PUBLISH_FAILED", errorRule));
+            throw new ELdapException(CMS.getUserMessage("CMS_LDAP_PUBLISH_FAILED", errorRule));
         }
     }
 
     /**
-     * This function is never called. CMS does not unpublish
-     * CA certificate.
+     * This function is never called. CMS does not unpublish CA certificate.
      */
     public void unpublishCACert(X509Certificate cert)
-        throws ELdapException {
+            throws ELdapException {
         boolean error = false;
         String errorRule = "";
 
         if (!enabled())
             return;
 
-            // get mapper and publisher for cert type.
+        // get mapper and publisher for cert type.
         Enumeration<ILdapRule> rules = getRules(PROP_LOCAL_CA);
 
         if (rules == null || !rules.hasMoreElements()) {
@@ -946,32 +946,35 @@ public class PublisherProcessor implements
         while (rules.hasMoreElements()) {
             LdapRule rule = (LdapRule) rules.nextElement();
 
-            if( rule == null ) {
-                CMS.debug( "PublisherProcessor::unpublishCACert() - "
-                         + "rule is null!" );
-                throw new ELdapException( "rule is null" );
+            if (rule == null) {
+                CMS.debug("PublisherProcessor::unpublishCACert() - "
+                         + "rule is null!");
+                throw new ELdapException("rule is null");
             }
 
             try {
                 log(ILogger.LL_INFO, "unpublish certificate type=" +
-                    PROP_LOCAL_CA + " rule=" + rule.getInstanceName() + 
-                    " publisher=" + rule.getPublisher());
+                        PROP_LOCAL_CA + " rule=" + rule.getInstanceName() +
+                        " publisher=" + rule.getPublisher());
 
                 ILdapMapper mapper = null;
 
                 String mapperName = rule.getMapper();
 
                 if (mapperName != null &&
-                    !mapperName.trim().equals("")) {
+                        !mapperName.trim().equals("")) {
                     mapper = getActiveMapperInstance(mapperName);
                 }
 
-                unpublishNow(mapper, getActivePublisherInstance(rule.getPublisher()), null/* NO REQUEST */, cert);
-                log(ILogger.LL_INFO, "unpublished certificate using rule=" + 
-                    rule.getInstanceName());
+                unpublishNow(mapper, getActivePublisherInstance(rule.getPublisher()), null/*
+                                                                                           * NO
+                                                                                           * REQUEST
+                                                                                           */, cert);
+                log(ILogger.LL_INFO, "unpublished certificate using rule=" +
+                        rule.getInstanceName());
             } catch (Exception e) {
                 // continue publishing even publisher has errors
-                //log(ILogger.LL_WARN, e.toString());
+                // log(ILogger.LL_WARN, e.toString());
                 error = true;
                 errorRule = errorRule + " " + rule.getInstanceName();
             }
@@ -989,15 +992,15 @@ public class PublisherProcessor implements
      * Publish crossCertificatePair
      */
     public void publishXCertPair(byte[] pair)
-        throws ELdapException {
+            throws ELdapException {
         boolean error = false;
         String errorRule = "";
 
         if (!enabled())
             return;
-		CMS.debug("PublisherProcessor: in publishXCertPair()");
+        CMS.debug("PublisherProcessor: in publishXCertPair()");
 
-            // get mapper and publisher for cert type.
+        // get mapper and publisher for cert type.
         Enumeration<ILdapRule> rules = getRules(PROP_XCERT);
 
         if (rules == null || !rules.hasMoreElements()) {
@@ -1012,31 +1015,34 @@ public class PublisherProcessor implements
         while (rules.hasMoreElements()) {
             LdapRule rule = (LdapRule) rules.nextElement();
 
-            if( rule == null ) {
-                CMS.debug( "PublisherProcessor::publishXCertPair() - "
-                         + "rule is null!" );
-                throw new ELdapException( "rule is null" );
+            if (rule == null) {
+                CMS.debug("PublisherProcessor::publishXCertPair() - "
+                         + "rule is null!");
+                throw new ELdapException("rule is null");
             }
 
             log(ILogger.LL_INFO, "publish certificate type=" + PROP_XCERT +
-                " rule=" + rule.getInstanceName() + " publisher=" + 
-                rule.getPublisher());
+                    " rule=" + rule.getInstanceName() + " publisher=" +
+                    rule.getPublisher());
             try {
                 ILdapMapper mapper = null;
 
                 String mapperName = rule.getMapper();
 
                 if (mapperName != null &&
-                    !mapperName.trim().equals("")) {
+                        !mapperName.trim().equals("")) {
                     mapper = getActiveMapperInstance(mapperName);
                 }
 
-                publishNow(mapper, getActivePublisherInstance(rule.getPublisher()), null/* NO REQUEsT */, pair);
-                log(ILogger.LL_INFO, "published Xcertificates using rule=" + 
-                    rule.getInstanceName());
+                publishNow(mapper, getActivePublisherInstance(rule.getPublisher()), null/*
+                                                                                         * NO
+                                                                                         * REQUEsT
+                                                                                         */, pair);
+                log(ILogger.LL_INFO, "published Xcertificates using rule=" +
+                        rule.getInstanceName());
             } catch (Exception e) {
                 // continue publishing even publisher has errors
-                //log(ILogger.LL_WARN, e.toString());
+                // log(ILogger.LL_WARN, e.toString());
                 error = true;
                 errorRule = errorRule + " " + rule.getInstanceName() +
                         " error:" + e.toString();
@@ -1047,11 +1053,11 @@ public class PublisherProcessor implements
     }
 
     /**
-     * Publishs regular user certificate based on the criteria
-     * set in the request.
+     * Publishs regular user certificate based on the criteria set in the
+     * request.
      */
     public void publishCert(X509Certificate cert, IRequest req)
-        throws ELdapException {
+            throws ELdapException {
         boolean error = false;
         String errorRule = "";
 
@@ -1059,10 +1065,10 @@ public class PublisherProcessor implements
         if (!enabled())
             return;
 
-            // get mapper and publisher for cert type.
+        // get mapper and publisher for cert type.
         Enumeration<ILdapRule> rules = getRules("certs", req);
 
-         // Bugscape  #52306  -  Remove superfluous log messages on failure
+        // Bugscape #52306 - Remove superfluous log messages on failure
         if (rules == null || !rules.hasMoreElements()) {
             CMS.debug("Publishing: can't find publishing rule,exiting routine.");
 
@@ -1074,10 +1080,10 @@ public class PublisherProcessor implements
             LdapRule rule = (LdapRule) rules.nextElement();
 
             try {
-                log(ILogger.LL_INFO, 
-                    "publish certificate (with request) type=" + 
-                    "certs" + " rule=" + rule.getInstanceName() + 
-                    " publisher=" + rule.getPublisher());
+                log(ILogger.LL_INFO,
+                        "publish certificate (with request) type=" +
+                                "certs" + " rule=" + rule.getInstanceName() +
+                                " publisher=" + rule.getPublisher());
                 ILdapPublisher p = getActivePublisherInstance(rule.getPublisher());
                 ILdapMapper m = null;
                 String mapperName = rule.getMapper();
@@ -1086,11 +1092,11 @@ public class PublisherProcessor implements
                     m = getActiveMapperInstance(mapperName);
                 }
                 publishNow(m, p, req, cert);
-                log(ILogger.LL_INFO, "published certificate using rule=" + 
-                    rule.getInstanceName());
+                log(ILogger.LL_INFO, "published certificate using rule=" +
+                        rule.getInstanceName());
             } catch (Exception e) {
                 // continue publishing even publisher has errors
-                //log(ILogger.LL_WARN, e.toString());
+                // log(ILogger.LL_WARN, e.toString());
                 error = true;
                 errorRule = errorRule + " " + rule.getInstanceName();
             }
@@ -1099,24 +1105,23 @@ public class PublisherProcessor implements
         if (!error) {
             setPublishedFlag(cert.getSerialNumber(), true);
         } else {
-            CMS.debug("PublishProcessor::publishCert : " + CMS.getUserMessage("CMS_LDAP_PUBLISH_FAILED",errorRule));
+            CMS.debug("PublishProcessor::publishCert : " + CMS.getUserMessage("CMS_LDAP_PUBLISH_FAILED", errorRule));
             throw new ELdapException(CMS.getUserMessage("CMS_LDAP_PUBLISH_FAILED", errorRule));
         }
     }
 
     /**
-     * Unpublish user certificate. This is used by 
-     * UnpublishExpiredJob.
+     * Unpublish user certificate. This is used by UnpublishExpiredJob.
      */
     public void unpublishCert(X509Certificate cert, IRequest req)
-        throws ELdapException {
+            throws ELdapException {
         boolean error = false;
         String errorRule = "";
 
         if (!enabled())
             return;
 
-            // get mapper and publisher for cert type.
+        // get mapper and publisher for cert type.
         Enumeration<ILdapRule> rules = getRules("certs", req);
 
         if (rules == null || !rules.hasMoreElements()) {
@@ -1128,34 +1133,34 @@ public class PublisherProcessor implements
         while (rules.hasMoreElements()) {
             LdapRule rule = (LdapRule) rules.nextElement();
 
-            if( rule == null ) {
-                CMS.debug( "PublisherProcessor::unpublishCert() - "
-                         + "rule is null!" );
-                throw new ELdapException( "rule is null" );
+            if (rule == null) {
+                CMS.debug("PublisherProcessor::unpublishCert() - "
+                         + "rule is null!");
+                throw new ELdapException("rule is null");
             }
 
             try {
-                log(ILogger.LL_INFO, 
-                    "unpublish certificate (with request) type=" + 
-                    "certs" + " rule=" + rule.getInstanceName() + 
-                    " publisher=" + rule.getPublisher());
+                log(ILogger.LL_INFO,
+                        "unpublish certificate (with request) type=" +
+                                "certs" + " rule=" + rule.getInstanceName() +
+                                " publisher=" + rule.getPublisher());
 
                 ILdapMapper mapper = null;
 
                 String mapperName = rule.getMapper();
 
                 if (mapperName != null &&
-                    !mapperName.trim().equals("")) {
+                        !mapperName.trim().equals("")) {
                     mapper = getActiveMapperInstance(mapperName);
                 }
 
                 unpublishNow(mapper, getActivePublisherInstance(rule.getPublisher()),
-                    req, cert);
-                log(ILogger.LL_INFO, "unpublished certificate using rule=" + 
-                    rule.getInstanceName());
+                        req, cert);
+                log(ILogger.LL_INFO, "unpublished certificate using rule=" +
+                        rule.getInstanceName());
             } catch (Exception e) {
                 // continue publishing even publisher has errors
-                //log(ILogger.LL_WARN, e.toString());
+                // log(ILogger.LL_WARN, e.toString());
                 error = true;
                 errorRule = errorRule + " " + rule.getInstanceName();
             }
@@ -1170,16 +1175,15 @@ public class PublisherProcessor implements
     }
 
     /**
-     * publishes a crl by mapping the issuer name in the crl to an entry
-     * and publishing it there. entry must be a certificate authority.
-     * Note that this is used by cmsgateway/cert/UpdateDir.java
+     * publishes a crl by mapping the issuer name in the crl to an entry and
+     * publishing it there. entry must be a certificate authority. Note that
+     * this is used by cmsgateway/cert/UpdateDir.java
      */
-    public void publishCRL(X509CRLImpl crl, String crlIssuingPointId) 
-        throws ELdapException {
+    public void publishCRL(X509CRLImpl crl, String crlIssuingPointId)
+            throws ELdapException {
         boolean error = false;
         String errorRule = "";
 
-
         if (!enabled())
             return;
         ILdapMapper mapper = null;
@@ -1207,53 +1211,53 @@ public class PublisherProcessor implements
                 String result = null;
                 LdapRule rule = (LdapRule) rules.nextElement();
 
-                log(ILogger.LL_INFO, "publish crl rule=" + 
-                    rule.getInstanceName() + " publisher=" + 
-                    rule.getPublisher());
+                log(ILogger.LL_INFO, "publish crl rule=" +
+                        rule.getInstanceName() + " publisher=" +
+                        rule.getPublisher());
                 try {
                     String mapperName = rule.getMapper();
 
                     if (mapperName != null &&
-                        !mapperName.trim().equals("")) {
+                            !mapperName.trim().equals("")) {
                         mapper = getActiveMapperInstance(mapperName);
                     }
                     if (mapper == null || mapper.getImplName().equals("NoMap")) {
                         dn = ((X500Name) crl.getIssuerDN()).toLdapDNString();
-                    }else {
-							
+                    } else {
+
                         result = ((ILdapMapper) mapper).map(conn, crl);
                         dn = result;
                         if (!mCreateOwnDNEntry) {
-                            if (dn == null) {  
+                            if (dn == null) {
                                 log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_LDAP_MAPPER_NOT_MAP", rule.getMapper()));
-                                throw new ELdapException(CMS.getUserMessage("CMS_LDAP_NO_MATCH", 
-                                    crl.getIssuerDN().toString()));
-                          
+                                throw new ELdapException(CMS.getUserMessage("CMS_LDAP_NO_MATCH",
+                                        crl.getIssuerDN().toString()));
+
                             }
                         }
                     }
                     publisher = getActivePublisherInstance(rule.getPublisher());
                     if (publisher != null) {
-                        if(publisher instanceof com.netscape.cms.publish.publishers.FileBasedPublisher)
-                        ((com.netscape.cms.publish.publishers.FileBasedPublisher)publisher).setIssuingPointId(crlIssuingPointId);
+                        if (publisher instanceof com.netscape.cms.publish.publishers.FileBasedPublisher)
+                            ((com.netscape.cms.publish.publishers.FileBasedPublisher) publisher).setIssuingPointId(crlIssuingPointId);
                         publisher.publish(conn, dn, crl);
                         log(ILogger.LL_INFO, "published crl using rule=" + rule.getInstanceName());
                     }
                     // continue publishing even publisher has errors
-                }catch (Exception e) {
-                    //e.printStackTrace();
+                } catch (Exception e) {
+                    // e.printStackTrace();
                     CMS.debug(
-                        "Error publishing CRL to " + dn + ": " + e);
+                            "Error publishing CRL to " + dn + ": " + e);
                     error = true;
                     errorRule = errorRule + " " + rule.getInstanceName();
 
                     CMS.debug("PublisherProcessor::publishCRL: error: " + e.toString());
                 }
             }
-        }catch (ELdapException e) {
-            //e.printStackTrace();
+        } catch (ELdapException e) {
+            // e.printStackTrace();
             CMS.debug(
-                "Error publishing CRL to " + dn + ": " + e);
+                    "Error publishing CRL to " + dn + ": " + e);
             throw e;
         } finally {
             if (conn != null) {
@@ -1265,17 +1269,17 @@ public class PublisherProcessor implements
     }
 
     /**
-     * publishes a crl by mapping the issuer name in the crl to an entry
-     * and publishing it there. entry must be a certificate authority.
+     * publishes a crl by mapping the issuer name in the crl to an entry and
+     * publishing it there. entry must be a certificate authority.
      */
-    public void publishCRL(String dn, X509CRL crl) 
-        throws ELdapException {
+    public void publishCRL(String dn, X509CRL crl)
+            throws ELdapException {
         boolean error = false;
         String errorRule = "";
 
         if (!enabled())
             return;
-            // get mapper and publisher for cert type.
+        // get mapper and publisher for cert type.
         Enumeration<ILdapRule> rules = getRules(PROP_LOCAL_CRL);
 
         if (rules == null || !rules.hasMoreElements()) {
@@ -1295,25 +1299,25 @@ public class PublisherProcessor implements
                 LdapRule rule = (LdapRule) rules.nextElement();
 
                 log(ILogger.LL_INFO, "publish crl dn=" + dn + " rule=" +
-                    rule.getInstanceName() + " publisher=" + 
-                    rule.getPublisher());
+                        rule.getInstanceName() + " publisher=" +
+                        rule.getPublisher());
                 try {
                     publisher = getActivePublisherInstance(rule.getPublisher());
                     if (publisher != null) {
                         publisher.publish(conn, dn, crl);
                         log(ILogger.LL_INFO, "published crl using rule=" + rule.getInstanceName());
                     }
-                }catch (Exception e) {
+                } catch (Exception e) {
                     CMS.debug(
-                        "Error publishing CRL to " + dn + ": " + e.toString());
+                            "Error publishing CRL to " + dn + ": " + e.toString());
                     error = true;
                     errorRule = errorRule + " " + rule.getInstanceName();
-                    CMS.debug("PublisherProcessor::publishCRL: error: " + e.toString()); 
-                } 
+                    CMS.debug("PublisherProcessor::publishCRL: error: " + e.toString());
+                }
             }
         } catch (ELdapException e) {
             CMS.debug(
-                "Error publishing CRL to " + dn + ": " + e.toString());
+                    "Error publishing CRL to " + dn + ": " + e.toString());
             throw e;
         } finally {
             if (conn != null) {
@@ -1325,7 +1329,7 @@ public class PublisherProcessor implements
     }
 
     private void publishNow(ILdapMapper mapper, ILdapPublisher publisher,
-        IRequest r, Object obj) throws ELdapException {
+            IRequest r, Object obj) throws ELdapException {
         if (!enabled())
             return;
         CMS.debug("PublisherProcessor: in publishNow()");
@@ -1340,16 +1344,16 @@ public class PublisherProcessor implements
                 if (mLdapConnModule != null) {
                     try {
                         conn = mLdapConnModule.getConn();
-                    } catch(ELdapException e) {
+                    } catch (ELdapException e) {
                         throw e;
-                   }
+                    }
                 }
                 try {
                     if ((mapper instanceof com.netscape.cms.publish.mappers.LdapCertSubjMap) &&
-                         ((com.netscape.cms.publish.mappers.LdapCertSubjMap)mapper).useAllEntries()) {
-                        dirdn = ((com.netscape.cms.publish.mappers.LdapCertSubjMap)mapper).mapAll(conn, r, obj); 
+                            ((com.netscape.cms.publish.mappers.LdapCertSubjMap) mapper).useAllEntries()) {
+                        dirdn = ((com.netscape.cms.publish.mappers.LdapCertSubjMap) mapper).mapAll(conn, r, obj);
                     } else {
-                       dirdn = mapper.map(conn, r, obj); 
+                        dirdn = mapper.map(conn, r, obj);
                     }
                 } catch (Throwable e1) {
                     CMS.debug("Error mapping: mapper=" + mapper + " error=" + e1.toString());
@@ -1361,26 +1365,26 @@ public class PublisherProcessor implements
 
             try {
                 if (dirdn instanceof Vector) {
-                	@SuppressWarnings("unchecked")
-					Vector<String> dirdnVector = (Vector<String>)dirdn;
+                    @SuppressWarnings("unchecked")
+                    Vector<String> dirdnVector = (Vector<String>) dirdn;
                     int n = dirdnVector.size();
                     for (int i = 0; i < n; i++) {
                         publisher.publish(conn, dirdnVector.elementAt(i), cert);
                     }
-                } else if (dirdn instanceof String || 
+                } else if (dirdn instanceof String ||
                            publisher instanceof com.netscape.cms.publish.publishers.FileBasedPublisher) {
-                    publisher.publish(conn, (String)dirdn, cert);
+                    publisher.publish(conn, (String) dirdn, cert);
                 }
             } catch (Throwable e1) {
                 CMS.debug("PublisherProcessor::publishNow : publisher=" + publisher + " error=" + e1.toString());
                 throw e1;
             }
-            log(ILogger.LL_INFO, "published certificate serial number: 0x" + 
-                cert.getSerialNumber().toString(16));
+            log(ILogger.LL_INFO, "published certificate serial number: 0x" +
+                    cert.getSerialNumber().toString(16));
         } catch (ELdapException e) {
             throw e;
         } catch (Throwable e) {
-            throw new ELdapException(CMS.getUserMessage("CMS_LDAP_NO_MATCH", e.toString())); 
+            throw new ELdapException(CMS.getUserMessage("CMS_LDAP_NO_MATCH", e.toString()));
         } finally {
             if (conn != null) {
                 mLdapConnModule.returnConn(conn);
@@ -1388,16 +1392,16 @@ public class PublisherProcessor implements
         }
     }
 
-	// for crosscerts
+    // for crosscerts
     private void publishNow(ILdapMapper mapper, ILdapPublisher publisher,
-        IRequest r, byte[] bytes) throws ELdapException {
+            IRequest r, byte[] bytes) throws ELdapException {
         if (!enabled())
             return;
-		CMS.debug("PublisherProcessor: in publishNow() for xcerts");
+        CMS.debug("PublisherProcessor: in publishNow() for xcerts");
 
-		// use ca cert publishing map and rule
+        // use ca cert publishing map and rule
         ICertificateAuthority ca = (ICertificateAuthority) mAuthority;
-		X509Certificate caCert = (X509Certificate) ca.getCACert();
+        X509Certificate caCert = (X509Certificate) ca.getCACert();
 
         LDAPConnection conn = null;
 
@@ -1411,8 +1415,8 @@ public class PublisherProcessor implements
                     conn = mLdapConnModule.getConn();
                 }
                 try {
-                    dirdn = mapper.map(conn, r, (Object) caCert); 
-		CMS.debug("PublisherProcessor: dirdn="+dirdn);
+                    dirdn = mapper.map(conn, r, (Object) caCert);
+                    CMS.debug("PublisherProcessor: dirdn=" + dirdn);
 
                 } catch (Throwable e1) {
                     CMS.debug("Error mapping: mapper=" + mapper + " error=" + e1.toString());
@@ -1421,7 +1425,7 @@ public class PublisherProcessor implements
             }
 
             try {
-		CMS.debug("PublisherProcessor: publisher impl name="+publisher.getImplName());
+                CMS.debug("PublisherProcessor: publisher impl name=" + publisher.getImplName());
 
                 publisher.publish(conn, dirdn, bytes);
             } catch (Throwable e1) {
@@ -1432,7 +1436,7 @@ public class PublisherProcessor implements
         } catch (ELdapException e) {
             throw e;
         } catch (Throwable e) {
-            throw new ELdapException(CMS.getUserMessage("CMS_LDAP_NO_MATCH", e.toString())); 
+            throw new ELdapException(CMS.getUserMessage("CMS_LDAP_NO_MATCH", e.toString()));
         } finally {
             if (conn != null) {
                 mLdapConnModule.returnConn(conn);
@@ -1441,7 +1445,7 @@ public class PublisherProcessor implements
     }
 
     private void unpublishNow(ILdapMapper mapper, ILdapPublisher publisher,
-        IRequest r, Object obj) throws ELdapException {
+            IRequest r, Object obj) throws ELdapException {
         if (!enabled())
             return;
         LDAPConnection conn = null;
@@ -1455,13 +1459,13 @@ public class PublisherProcessor implements
                 if (mLdapConnModule != null) {
                     conn = mLdapConnModule.getConn();
                 }
-                dirdn = mapper.map(conn, r, obj); 
+                dirdn = mapper.map(conn, r, obj);
             }
             X509Certificate cert = (X509Certificate) obj;
 
             publisher.unpublish(conn, dirdn, cert);
-            log(ILogger.LL_INFO, "unpublished certificate serial number: 0x" + 
-                cert.getSerialNumber().toString(16));
+            log(ILogger.LL_INFO, "unpublished certificate serial number: 0x" +
+                    cert.getSerialNumber().toString(16));
         } catch (ELdapException e) {
             throw e;
         } finally {
@@ -1498,8 +1502,8 @@ public class PublisherProcessor implements
     }
 
     public boolean isClone() {
-        if ((mAuthority instanceof ICertificateAuthority) && 
-            ((ICertificateAuthority) mAuthority).isClone())
+        if ((mAuthority instanceof ICertificateAuthority) &&
+                ((ICertificateAuthority) mAuthority).isClone())
             return true;
         else
             return false;
@@ -1511,7 +1515,7 @@ public class PublisherProcessor implements
     public void log(int level, String msg) {
         if (mLogger == null)
             return;
-        mLogger.log(ILogger.EV_SYSTEM, 
-            ILogger.S_LDAP, level, "Publishing: " + msg);
+        mLogger.log(ILogger.EV_SYSTEM,
+                ILogger.S_LDAP, level, "Publishing: " + msg);
     }
 }
diff --git a/pki/base/common/src/com/netscape/cmscore/ldapconn/LdapAnonConnFactory.java b/pki/base/common/src/com/netscape/cmscore/ldapconn/LdapAnonConnFactory.java
index fa400341..a91e1aa5 100644
--- a/pki/base/common/src/com/netscape/cmscore/ldapconn/LdapAnonConnFactory.java
+++ b/pki/base/common/src/com/netscape/cmscore/ldapconn/LdapAnonConnFactory.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cmscore.ldapconn;
 
-
 import netscape.ldap.LDAPConnection;
 import netscape.ldap.LDAPException;
 import netscape.ldap.LDAPSocketFactory;
@@ -30,11 +29,10 @@ import com.netscape.certsrv.ldap.ELdapServerDownException;
 import com.netscape.certsrv.ldap.ILdapConnFactory;
 import com.netscape.certsrv.logging.ILogger;
 
-
 /**
- * Factory for getting LDAP Connections to a LDAP server 
- * each connection is a seperate thread that can be bound to a different
- * authentication dn and password.
+ * Factory for getting LDAP Connections to a LDAP server each connection is a
+ * seperate thread that can be bound to a different authentication dn and
+ * password.
  */
 public class LdapAnonConnFactory implements ILdapConnFactory {
     protected int mMinConns = 5;
@@ -49,8 +47,8 @@ public class LdapAnonConnFactory implements ILdapConnFactory {
 
     public static final String PROP_ERROR_IF_DOWN = "errorIfDown";
 
-    private int mNumConns = 0;      // number of available conns in array
-    private int mTotal = 0;		// total num conns 
+    private int mNumConns = 0; // number of available conns in array
+    private int mTotal = 0; // total num conns
     private AnonConnection mConns[] = null;
 
     private boolean mInited = false;
@@ -59,8 +57,8 @@ public class LdapAnonConnFactory implements ILdapConnFactory {
     private boolean mDefErrorIfDown = false;
 
     /**
-     * Constructor for initializing from the config store.
-     * must be followed by init(IConfigStore)
+     * Constructor for initializing from the config store. must be followed by
+     * init(IConfigStore)
      */
     public LdapAnonConnFactory() {
     }
@@ -71,13 +69,15 @@ public class LdapAnonConnFactory implements ILdapConnFactory {
 
     /**
      * Constructor for LdapAnonConnFactory
+     * 
      * @param minConns minimum number of connections to have available
-     * @param maxConns max number of connections to have available. This is 
-     * the maximum number of clones of this connection one wants to allow.
+     * @param maxConns max number of connections to have available. This is the
+     *            maximum number of clones of this connection one wants to
+     *            allow.
      * @param serverInfo server connection info - host, port, etc.
      */
-    public LdapAnonConnFactory(int minConns, int maxConns, 
-        LdapConnInfo connInfo) throws ELdapException {
+    public LdapAnonConnFactory(int minConns, int maxConns,
+            LdapConnInfo connInfo) throws ELdapException {
         init(minConns, maxConns, connInfo);
     }
 
@@ -107,8 +107,8 @@ public class LdapAnonConnFactory implements ILdapConnFactory {
             try {
                 minConns = Integer.parseInt(minStr);
             } catch (NumberFormatException e) {
-                log(ILogger.LL_FAILURE, 
-                    CMS.getLogMessage("CMSCORE_LDAPCONN_MIN_CONN"));
+                log(ILogger.LL_FAILURE,
+                        CMS.getLogMessage("CMSCORE_LDAPCONN_MIN_CONN"));
                 throw new EBaseException(CMS.getUserMessage("CMS_BASE_INVALID_NUMBER_FORMAT_1", PROP_MINCONNS));
             }
         }
@@ -118,30 +118,30 @@ public class LdapAnonConnFactory implements ILdapConnFactory {
             try {
                 maxConns = Integer.parseInt(maxStr);
             } catch (NumberFormatException e) {
-                log(ILogger.LL_FAILURE, 
-                    CMS.getLogMessage("CMSCORE_LDAPCONN_MAX_CONN"));
+                log(ILogger.LL_FAILURE,
+                        CMS.getLogMessage("CMSCORE_LDAPCONN_MAX_CONN"));
                 throw new EBaseException(CMS.getUserMessage("CMS_BASE_INVALID_NUMBER_FORMAT_1", PROP_MAXCONNS));
             }
         }
 
         mErrorIfDown = config.getBoolean(PROP_ERROR_IF_DOWN, mDefErrorIfDown);
 
-        init(minConns, maxConns, 
-            new LdapConnInfo(config.getSubStore(PROP_LDAPCONNINFO)));
+        init(minConns, maxConns,
+                new LdapConnInfo(config.getSubStore(PROP_LDAPCONNINFO)));
     }
 
     /**
      * initialize routine from parameters.
      */
     protected void init(int minConns, int maxConns, LdapConnInfo connInfo)
-        throws ELdapException {
-        if (mInited) 
-            return;		// XXX should throw exception here ? 
+            throws ELdapException {
+        if (mInited)
+            return; // XXX should throw exception here ?
 
-        if (minConns <= 0 || maxConns <= 0 || minConns > maxConns) 
+        if (minConns <= 0 || maxConns <= 0 || minConns > maxConns)
             throw new ELdapException(
                     CMS.getUserMessage("CMS_LDAP_INVALID_NUMCONN_PARAMETERS"));
-        if (connInfo == null) 
+        if (connInfo == null)
             throw new IllegalArgumentException("connInfo is Null!");
 
         mMinConns = minConns;
@@ -150,10 +150,10 @@ public class LdapAnonConnFactory implements ILdapConnFactory {
 
         mConns = new AnonConnection[mMaxConns];
 
-        log(ILogger.LL_INFO, 
-            "Created: min " + minConns + " max " + maxConns +
-            " host " + connInfo.getHost() + " port " + connInfo.getPort() +
-            " secure " + connInfo.getSecure());
+        log(ILogger.LL_INFO,
+                "Created: min " + minConns + " max " + maxConns +
+                        " host " + connInfo.getHost() + " port " + connInfo.getPort() +
+                        " secure " + connInfo.getSecure());
 
         // initalize minimum number of connection handles available.
         makeMinimum(mErrorIfDown);
@@ -161,7 +161,7 @@ public class LdapAnonConnFactory implements ILdapConnFactory {
     }
 
     /**
-     * make the mininum configured connections 
+     * make the mininum configured connections
      */
     protected void makeMinimum(boolean errorIfDown) throws ELdapException {
         try {
@@ -169,115 +169,111 @@ public class LdapAnonConnFactory implements ILdapConnFactory {
                 int increment = Math.min(mMinConns - mNumConns, mMaxConns - mTotal);
 
                 CMS.debug(
-                    "increasing minimum number of connections by " + increment);
+                        "increasing minimum number of connections by " + increment);
                 for (int i = increment - 1; i >= 0; i--) {
                     mConns[i] = new AnonConnection(mConnInfo);
                 }
                 mTotal += increment;
                 mNumConns += increment;
                 CMS.debug(
-                    "new total number of connections " + mTotal);
+                        "new total number of connections " + mTotal);
                 CMS.debug(
-                    "new total available connections " + mNumConns);
+                        "new total available connections " + mNumConns);
             }
         } catch (LDAPException e) {
             // XXX errorCodeToString() used here so users won't see message.
-            // though why are messages from exceptions being displayed to 
+            // though why are messages from exceptions being displayed to
             // users ?
             if (e.getLDAPResultCode() == LDAPException.UNAVAILABLE) {
-                // need to intercept this because message from LDAP is 
+                // need to intercept this because message from LDAP is
                 // "DSA is unavailable" which confuses with DSA PKI.
                 log(ILogger.LL_FAILURE,
-                    "Cannot connect to Ldap server. Error: " +
-                    "Ldap Server host " + mConnInfo.getHost() +
-                    " int " + mConnInfo.getPort() + " is unavailable.");
+                        "Cannot connect to Ldap server. Error: " +
+                                "Ldap Server host " + mConnInfo.getHost() +
+                                " int " + mConnInfo.getPort() + " is unavailable.");
                 if (errorIfDown) {
                     throw new ELdapServerDownException(
                             CMS.getUserMessage("CMS_LDAP_SERVER_UNAVAILABLE",
-                                mConnInfo.getHost(), "" + mConnInfo.getPort()));
+                                    mConnInfo.getHost(), "" + mConnInfo.getPort()));
                 }
             } else {
-                log(ILogger.LL_FAILURE, 
-                    "Cannot connect to ldap server. error: " + e.toString());
+                log(ILogger.LL_FAILURE,
+                        "Cannot connect to ldap server. error: " + e.toString());
                 String errmsg = e.errorCodeToString();
 
                 if (errmsg == null)
                     errmsg = e.toString();
                 throw new ELdapException(
                         CMS.getUserMessage("CMS_LDAP_CONNECT_TO_LDAP_SERVER_FAILED",
-                            mConnInfo.getHost(), "" + (Integer.valueOf(mConnInfo.getPort())), errmsg));
+                                mConnInfo.getHost(), "" + (Integer.valueOf(mConnInfo.getPort())), errmsg));
             }
         }
     }
 
     /**
-     * Gets connection from this factory.
-     * All connections gotten from this factory must be returned. 
-     * If not the max number of connections may be reached prematurely.
-     * The best thing to put returnConn in a finally clause so it
-     * always gets called. For example, 
+     * Gets connection from this factory. All connections gotten from this
+     * factory must be returned. If not the max number of connections may be
+     * reached prematurely. The best thing to put returnConn in a finally clause
+     * so it always gets called. For example,
+     * 
      * <pre>
-     *	  LDAPConnection c = null;
-     *    try { 
-     *		c = factory.getConn();
-     * 		myclass.do_something_with_c(c);
-     *	  }
-     *    catch (ELdapException e) {
-     *		handle_error_here();
-     *	  }
-     *	  finally {
-     *		factory.returnConn(c);
-     *    }
+     * LDAPConnection c = null;
+     * try {
+     *     c = factory.getConn();
+     *     myclass.do_something_with_c(c);
+     * } catch (ELdapException e) {
+     *     handle_error_here();
+     * } finally {
+     *     factory.returnConn(c);
+     * }
      * </pre>
      */
     public LDAPConnection getConn()
-        throws ELdapException {
+            throws ELdapException {
         return getConn(true);
     }
 
     /**
-     * Returns a LDAP connection - a clone of the master connection.
-     * All connections should be returned to the factory using returnConn()
-     * to recycle connection objects.
-     * If not returned the limited max number is affected but if that 
-     * number is large not much harm is done.
-     * Returns null if maximum number of connections reached.
-     * <p> 
-     * The best thing to put returnConn in a finally clause so it
-     * always gets called. For example, 
+     * Returns a LDAP connection - a clone of the master connection. All
+     * connections should be returned to the factory using returnConn() to
+     * recycle connection objects. If not returned the limited max number is
+     * affected but if that number is large not much harm is done. Returns null
+     * if maximum number of connections reached.
+     * <p>
+     * The best thing to put returnConn in a finally clause so it always gets
+     * called. For example,
+     * 
      * <pre>
-     *	  LDAPConnection c = null;
-     *    try { 
-     *		c = factory.getConn();
-     * 		myclass.do_something_with_c(c);
-     *	  }
-     *    catch (ELdapException e) {
-     *		handle_error_here();
-     *	  }
-     *	  finally {
-     *		factory.returnConn(c);
-     *    }
+     * LDAPConnection c = null;
+     * try {
+     *     c = factory.getConn();
+     *     myclass.do_something_with_c(c);
+     * } catch (ELdapException e) {
+     *     handle_error_here();
+     * } finally {
+     *     factory.returnConn(c);
+     * }
      * </pre>
-     */ 
-    public synchronized LDAPConnection getConn(boolean waitForConn) 
-        throws ELdapException {
+     */
+    public synchronized LDAPConnection getConn(boolean waitForConn)
+            throws ELdapException {
         boolean waited = false;
 
         CMS.debug("LdapAnonConnFactory::getConn");
-        if (mNumConns == 0) 
+        if (mNumConns == 0)
             makeMinimum(true);
         if (mNumConns == 0) {
             if (!waitForConn)
                 return null;
             try {
                 CMS.debug("getConn(): out of ldap connections");
-                log(ILogger.LL_WARN, 
-                    "Ran out of ldap connections available " +
-                    "in ldap connection pool to " +
-                    mConnInfo.getHost() + ":" + mConnInfo.getPort() + ". " +
-                    "This could be a temporary condition or an indication of " +
-                    "something more serious that can cause the server to " +
-                    "hang.");
+                log(ILogger.LL_WARN,
+                        "Ran out of ldap connections available " +
+                                "in ldap connection pool to " +
+                                mConnInfo.getHost() + ":" + mConnInfo.getPort() + ". " +
+                                "This could be a temporary condition or an indication of " +
+                                "something more serious that can cause the server to " +
+                                "hang.");
                 waited = true;
                 while (mNumConns == 0) {
                     wait();
@@ -291,53 +287,52 @@ public class LdapAnonConnFactory implements ILdapConnFactory {
 
         mConns[mNumConns] = null;
         if (waited) {
-            log(ILogger.LL_WARN, 
-                "Ldap connections are available again in ldap connection pool " +
-                "to " + mConnInfo.getHost() + ":" + mConnInfo.getPort());
+            log(ILogger.LL_WARN,
+                    "Ldap connections are available again in ldap connection pool " +
+                            "to " + mConnInfo.getHost() + ":" + mConnInfo.getPort());
         }
         CMS.debug("LdapAnonConnFactory.getConn(): num avail conns now " + mNumConns);
-        //Beginning of fix for Bugzilla #630176 
+        // Beginning of fix for Bugzilla #630176
         boolean isConnected = false;
-        if(conn != null) {
+        if (conn != null) {
             isConnected = conn.isConnected();
         }
 
-        if(!isConnected) {
+        if (!isConnected) {
             CMS.debug("LdapAnonConnFactory.getConn(): selected conn is down, try to reconnect...");
             conn = null;
             try {
-               conn =  new AnonConnection(mConnInfo);
+                conn = new AnonConnection(mConnInfo);
             } catch (LDAPException e) {
-                 CMS.debug("LdapAnonConnFactory.getConn(): error when trying to bring back a down connection.");
-                 throw new ELdapException(
+                CMS.debug("LdapAnonConnFactory.getConn(): error when trying to bring back a down connection.");
+                throw new ELdapException(
                         CMS.getUserMessage("CMS_LDAP_CONNECT_TO_LDAP_SERVER_FAILED",
-                            mConnInfo.getHost(), "" + (Integer.valueOf(mConnInfo.getPort())), e.toString()));
+                                mConnInfo.getHost(), "" + (Integer.valueOf(mConnInfo.getPort())), e.toString()));
             }
         }
-        //This is the end of the fix for Bugzilla #630176
+        // This is the end of the fix for Bugzilla #630176
 
         return conn;
     }
 
-    /** 
-     * Returns a connection to the factory for recycling.
-     * All connections gotten from this factory must be returned. 
-     * If not the max number of connections may be reached prematurely.
+    /**
+     * Returns a connection to the factory for recycling. All connections gotten
+     * from this factory must be returned. If not the max number of connections
+     * may be reached prematurely.
      * <p>
-     * The best thing to put returnConn in a finally clause so it
-     * always gets called. For example, 
+     * The best thing to put returnConn in a finally clause so it always gets
+     * called. For example,
+     * 
      * <pre>
-     *	  LDAPConnection c = null;
-     *    try { 
-     *		c = factory.getConn();
-     * 		myclass.do_something_with_c(c);
-     *	  }
-     *    catch (ELdapException e) {
-     *		handle_error_here();
-     *	  }
-     *	  finally {
-     *		factory.returnConn(c);
-     *    }
+     * LDAPConnection c = null;
+     * try {
+     *     c = factory.getConn();
+     *     myclass.do_something_with_c(c);
+     * } catch (ELdapException e) {
+     *     handle_error_here();
+     * } finally {
+     *     factory.returnConn(c);
+     * }
      * </pre>
      */
     public synchronized void returnConn(LDAPConnection conn) {
@@ -348,12 +343,12 @@ public class LdapAnonConnFactory implements ILdapConnFactory {
         AnonConnection anon = (AnonConnection) conn;
 
         if (anon.getFacId() != mConns) {
-            // returning a connection not from this factory. 
+            // returning a connection not from this factory.
             log(ILogger.LL_WARN, "returnConn: unknown connection.");
 
             /* swallow this error but see who's doing it. */
-            ELdapException e = 
-                new ELdapException(CMS.getUserMessage("CMS_LDAP_UNKNOWN_RETURNED_CONN"));
+            ELdapException e =
+                    new ELdapException(CMS.getUserMessage("CMS_LDAP_UNKNOWN_RETURNED_CONN"));
         }
         // check if conn has already been returned.
         for (int i = 0; i < mNumConns; i++) {
@@ -361,10 +356,10 @@ public class LdapAnonConnFactory implements ILdapConnFactory {
             if (mConns[i] == anon) {
 
                 /* swallow this error but see who's doing it. */
-                log(ILogger.LL_WARN, 
-                    "returnConn: previously returned connection.");
-                ELdapException e = 
-                    new ELdapException(CMS.getUserMessage("CMS_LDAP_BAD_RETURNED_CONN"));
+                log(ILogger.LL_WARN,
+                        "returnConn: previously returned connection.");
+                ELdapException e =
+                        new ELdapException(CMS.getUserMessage("CMS_LDAP_BAD_RETURNED_CONN"));
             }
         }
 
@@ -377,9 +372,9 @@ public class LdapAnonConnFactory implements ILdapConnFactory {
             // return conn.
             CMS.debug("returnConn: mNumConns now " + mNumConns);
         } catch (LDAPException e) {
-            log(ILogger.LL_WARN, 
-                "Could not re-authenticate ldap connection to anonymous." +
-                " Error " + e);
+            log(ILogger.LL_WARN,
+                    "Could not re-authenticate ldap connection to anonymous." +
+                            " Error " + e);
         }
         // return the connection even if can't reauthentication anon.
         // most likely server was down.
@@ -389,7 +384,7 @@ public class LdapAnonConnFactory implements ILdapConnFactory {
     }
 
     protected void finalize()
-        throws Exception {
+            throws Exception {
         reset();
     }
 
@@ -401,30 +396,30 @@ public class LdapAnonConnFactory implements ILdapConnFactory {
     }
 
     /**
-     * resets this factory - if no connections outstanding, 
-     * disconnections all connections and resets everything to 0 as if
-     * no connections were ever made. intended to be called just before
-     * shutdown or exit to disconnection & cleanup connections.
+     * resets this factory - if no connections outstanding, disconnections all
+     * connections and resets everything to 0 as if no connections were ever
+     * made. intended to be called just before shutdown or exit to disconnection
+     * & cleanup connections.
      */
     // ok only if no connections outstanding.
-    public synchronized void reset() 
-        throws ELdapException {
+    public synchronized void reset()
+            throws ELdapException {
         if (mNumConns == mTotal) {
             for (int i = 0; i < mNumConns; i++) {
                 try {
                     CMS.debug("disconnecting connection " + i);
                     mConns[i].disconnect();
                 } catch (LDAPException e) {
-                    log(ILogger.LL_INFO, 
-                        "exception during disconnect: " + e.toString());
+                    log(ILogger.LL_INFO,
+                            "exception during disconnect: " + e.toString());
                 }
                 mConns[i] = null;
             }
             mTotal = 0;
             mNumConns = 0;
         } else {
-            log(ILogger.LL_INFO, 
-                "Cannot reset() while connections not all returned");
+            log(ILogger.LL_INFO,
+                    "Cannot reset() while connections not all returned");
             throw new ELdapException(
                     CMS.getUserMessage("CMS_LDAP_CANNOT_RESET_CONNFAC"));
         }
@@ -435,9 +430,9 @@ public class LdapAnonConnFactory implements ILdapConnFactory {
      */
     private void log(int level, String msg) {
         mLogger.log(ILogger.EV_SYSTEM, ILogger.S_LDAP, level,
-            "In Ldap (anonymous) connection pool to" +
-            " host " + mConnInfo.getHost() +
-            " port " + mConnInfo.getPort() + ", " + msg);
+                "In Ldap (anonymous) connection pool to" +
+                        " host " + mConnInfo.getHost() +
+                        " port " + mConnInfo.getPort() + ", " + msg);
     }
 
     /**
@@ -450,27 +445,27 @@ public class LdapAnonConnFactory implements ILdapConnFactory {
         private static final long serialVersionUID = 4813780131074412404L;
 
         public AnonConnection(LdapConnInfo connInfo)
-            throws LDAPException {
+                throws LDAPException {
             super(connInfo);
         }
-			
-        public AnonConnection(String host, int port, int version, 
-            LDAPSocketFactory fac)
-            throws LDAPException {
+
+        public AnonConnection(String host, int port, int version,
+                LDAPSocketFactory fac)
+                throws LDAPException {
             super(host, port, version, fac);
         }
- 
+
         /**
          * instantiates a non-secure connection to a ldap server
          */
         public AnonConnection(String host, int port, int version)
-            throws LDAPException {
+                throws LDAPException {
             super(host, port, version);
         }
 
         /**
-         * used only to identify the factory from which this came.
-         * mConns to identify factory.
+         * used only to identify the factory from which this came. mConns to
+         * identify factory.
          */
         public AnonConnection[] getFacId() {
             return mConns;
diff --git a/pki/base/common/src/com/netscape/cmscore/ldapconn/LdapAnonConnection.java b/pki/base/common/src/com/netscape/cmscore/ldapconn/LdapAnonConnection.java
index 1d3996dd..5243c4fb 100644
--- a/pki/base/common/src/com/netscape/cmscore/ldapconn/LdapAnonConnection.java
+++ b/pki/base/common/src/com/netscape/cmscore/ldapconn/LdapAnonConnection.java
@@ -17,18 +17,16 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cmscore.ldapconn;
 
-
 import netscape.ldap.LDAPConnection;
 import netscape.ldap.LDAPException;
 import netscape.ldap.LDAPSocketFactory;
 import netscape.ldap.LDAPv2;
 
-
 /**
- * A LDAP connection that is bound to a server host, port and secure type.
- * Makes a LDAP connection when instantiated.
- * Cannot establish another LDAP connection after construction. 
- * LDAPConnection connect methods are overridden to prevent this.
+ * A LDAP connection that is bound to a server host, port and secure type. Makes
+ * a LDAP connection when instantiated. Cannot establish another LDAP connection
+ * after construction. LDAPConnection connect methods are overridden to prevent
+ * this.
  */
 public class LdapAnonConnection extends LDAPConnection {
 
@@ -41,25 +39,25 @@ public class LdapAnonConnection extends LDAPConnection {
      * instantiates a connection to a ldap server
      */
     public LdapAnonConnection(LdapConnInfo connInfo)
-        throws LDAPException {
+            throws LDAPException {
         super(connInfo.getSecure() ? new LdapJssSSLSocketFactory() : null);
 
-        // Set option to automatically follow referrals. 
+        // Set option to automatically follow referrals.
         // rebind info is also anonymous.
         boolean followReferrals = connInfo.getFollowReferrals();
 
         setOption(LDAPv2.REFERRALS, new Boolean(followReferrals));
 
-        super.connect(connInfo.getVersion(), 
-            connInfo.getHost(), connInfo.getPort(), null, null);
+        super.connect(connInfo.getVersion(),
+                connInfo.getHost(), connInfo.getPort(), null, null);
     }
 
     /**
      * instantiates a connection to a ldap server
      */
-    public LdapAnonConnection(String host, int port, int version, 
-        LDAPSocketFactory fac)
-        throws LDAPException {
+    public LdapAnonConnection(String host, int port, int version,
+            LDAPSocketFactory fac)
+            throws LDAPException {
         super(fac);
         super.connect(version, host, port, null, null);
     }
@@ -68,14 +66,13 @@ public class LdapAnonConnection extends LDAPConnection {
      * instantiates a non-secure connection to a ldap server
      */
     public LdapAnonConnection(String host, int port, int version)
-        throws LDAPException {
+            throws LDAPException {
         super();
         super.connect(version, host, port, null, null);
     }
 
     /**
-     * overrides superclass connect. 
-     * does not allow reconnect.
+     * overrides superclass connect. does not allow reconnect.
      */
     public void connect(String host, int port) throws LDAPException {
         throw new RuntimeException(
@@ -83,11 +80,10 @@ public class LdapAnonConnection extends LDAPConnection {
     }
 
     /**
-     * overrides superclass connect.
-     * does not allow reconnect.
+     * overrides superclass connect. does not allow reconnect.
      */
-    public void connect(int version, String host, int port, 
-        String dn, String pw) throws LDAPException {
+    public void connect(int version, String host, int port,
+            String dn, String pw) throws LDAPException {
         throw new RuntimeException(
                 "this LdapAnonConnection already connected: connect(v,h,p)");
     }
diff --git a/pki/base/common/src/com/netscape/cmscore/ldapconn/LdapAuthInfo.java b/pki/base/common/src/com/netscape/cmscore/ldapconn/LdapAuthInfo.java
index b499dd07..b853fb4b 100644
--- a/pki/base/common/src/com/netscape/cmscore/ldapconn/LdapAuthInfo.java
+++ b/pki/base/common/src/com/netscape/cmscore/ldapconn/LdapAuthInfo.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cmscore.ldapconn;
 
-
 import java.util.Hashtable;
 
 import netscape.ldap.LDAPConnection;
@@ -29,7 +28,6 @@ import com.netscape.certsrv.base.IConfigStore;
 import com.netscape.certsrv.ldap.ILdapAuthInfo;
 import com.netscape.cmsutil.password.IPasswordStore;
 
-
 /**
  * class for reading ldap authentication info from config store
  */
@@ -56,28 +54,30 @@ public class LdapAuthInfo implements ILdapAuthInfo {
     }
 
     /**
-     * constructs ldap auth info directly from config store, and verifies
-     * the password by attempting to connect to the server.
+     * constructs ldap auth info directly from config store, and verifies the
+     * password by attempting to connect to the server.
      */
     public LdapAuthInfo(IConfigStore config, String host, int port, boolean secure)
-        throws EBaseException {
+            throws EBaseException {
         init(config, host, port, secure);
     }
 
-    public String getPasswordFromStore (String prompt) {
+    public String getPasswordFromStore(String prompt) {
         String pwd = null;
         CMS.debug("LdapAuthInfo: getPasswordFromStore: try to get it from password store");
 
-// hey - should use password store interface to allow different implementations
-// but the problem is, other parts of the system just go directly to the file
-// so calling CMS.getPasswordStore() will give you an outdated one
-/*
-                IConfigStore mainConfig = CMS.getConfigStore();
-                String pwdFile = mainConfig.getString("passwordFile");
-                FileConfigStore pstore = new FileConfigStore(pwdFile);
-*/
+        // hey - should use password store interface to allow different
+        // implementations
+        // but the problem is, other parts of the system just go directly to the
+        // file
+        // so calling CMS.getPasswordStore() will give you an outdated one
+        /*
+         * IConfigStore mainConfig = CMS.getConfigStore(); String pwdFile =
+         * mainConfig.getString("passwordFile"); FileConfigStore pstore = new
+         * FileConfigStore(pwdFile);
+         */
         IPasswordStore pwdStore = CMS.getPasswordStore();
-        CMS.debug("LdapAuthInfo: getPasswordFromStore: about to get from passwored store: "+prompt);
+        CMS.debug("LdapAuthInfo: getPasswordFromStore: about to get from passwored store: " + prompt);
 
         // support publishing dirsrv with different pwd than internaldb
 
@@ -85,18 +85,18 @@ public class LdapAuthInfo implements ILdapAuthInfo {
         if (pwdStore != null) {
             CMS.debug("LdapAuthInfo: getPasswordFromStore: password store available");
             pwd = pwdStore.getPassword(prompt);
-//            pwd = pstore.getString(prompt);
-            if ( pwd == null) {
-              CMS.debug("LdapAuthInfo: getPasswordFromStore: password for "+prompt+
-                " not found, trying internaldb");
+            // pwd = pstore.getString(prompt);
+            if (pwd == null) {
+                CMS.debug("LdapAuthInfo: getPasswordFromStore: password for " + prompt +
+                        " not found, trying internaldb");
 
-//               pwd = pstore.getString("internaldb");
+                // pwd = pstore.getString("internaldb");
 
-                 pwd = pwdStore.getPassword("internaldb"); // last resort
+                pwd = pwdStore.getPassword("internaldb"); // last resort
             } else
-              CMS.debug("LdapAuthInfo: getPasswordFromStore: password found for prompt in password store");
+                CMS.debug("LdapAuthInfo: getPasswordFromStore: password found for prompt in password store");
         } else
-          CMS.debug("LdapAuthInfo: getPasswordFromStore: password store not available: pwdStore is null");
+            CMS.debug("LdapAuthInfo: getPasswordFromStore: password store not available: pwdStore is null");
 
         return pwd;
     }
@@ -110,19 +110,19 @@ public class LdapAuthInfo implements ILdapAuthInfo {
 
     /**
      * initialize this class from the config store, and verify the password.
-     *
-     * @param host The host that the directory server is running on.
-     *      This will be used to verify the password by attempting to connect.
-     *      If it is <code>null</code>, the password will not be verified.
+     * 
+     * @param host The host that the directory server is running on. This will
+     *            be used to verify the password by attempting to connect. If it
+     *            is <code>null</code>, the password will not be verified.
      * @param port The port that the directory server is running on.
      */
     public void init(IConfigStore config, String host, int port, boolean secure)
-        throws EBaseException {
+            throws EBaseException {
 
         CMS.debug("LdapAuthInfo: init()");
-        if (mInited)  {
+        if (mInited) {
             CMS.debug("LdapAuthInfo: already initialized");
-            return;            // XXX throw exception here ?
+            return; // XXX throw exception here ?
         }
         CMS.debug("LdapAuthInfo: init begins");
 
@@ -144,30 +144,30 @@ public class LdapAuthInfo implements ILdapAuthInfo {
 
             if (prompt == null) {
                 prompt = "LDAP Authentication";
-                CMS.debug("LdapAuthInfo: init: prompt is null, change to "+prompt);
+                CMS.debug("LdapAuthInfo: init: prompt is null, change to " + prompt);
             } else
-                CMS.debug("LdapAuthInfo: init: prompt is "+prompt);
+                CMS.debug("LdapAuthInfo: init: prompt is " + prompt);
 
             if (mParms[1] == null) {
                 CMS.debug("LdapAuthInfo: init: try getting from memory cache");
                 mParms[1] = (String) passwords.get(prompt);
-if (mParms[1] != null) {
-    inMem = true;
-CMS.debug("LdapAuthInfo: init: got password from memory");
-} else
-CMS.debug("LdapAuthInfo: init: password not in memory");
+                if (mParms[1] != null) {
+                    inMem = true;
+                    CMS.debug("LdapAuthInfo: init: got password from memory");
+                } else
+                    CMS.debug("LdapAuthInfo: init: password not in memory");
             } else
-CMS.debug("LdapAuthInfo: init: found password from config");
+                CMS.debug("LdapAuthInfo: init: found password from config");
 
             if (mParms[1] == null) {
                 mParms[1] = getPasswordFromStore(prompt);
-           } else {
+            } else {
                 CMS.debug("LdapAuthInfo: init: password found for prompt.");
-           }
+            }
 
             // verify the password
-            if ((mParms[1]!= null) && (!mParms[1].equals("")) && (host == null ||
-              authInfoOK(host, port, secure, mParms[0], mParms[1]))) {
+            if ((mParms[1] != null) && (!mParms[1].equals("")) && (host == null ||
+                    authInfoOK(host, port, secure, mParms[0], mParms[1]))) {
                 // The password is OK or uncheckable
                 CMS.debug("LdapAuthInfo: password ok: store in memory cache");
                 passwords.put(prompt, mParms[1]);
@@ -176,16 +176,17 @@ CMS.debug("LdapAuthInfo: init: found password from config");
                     CMS.debug("LdapAuthInfo: password not found");
                 else {
                     CMS.debug("LdapAuthInfo: password does not work");
-/* what do you know?  Our IPasswordStore does not have a remove function.
-                pstore.remove("internaldb");
-*/
+                    /*
+                     * what do you know? Our IPasswordStore does not have a
+                     * remove function. pstore.remove("internaldb");
+                     */
                     if (inMem) {
                         // this is for the case when admin changes pwd
                         // from console
                         mParms[1] = getPasswordFromStore(prompt);
-                        if(authInfoOK(host, port, secure, mParms[0], mParms[1])) {
-                          CMS.debug("LdapAuthInfo: password ok: store in memory cache");
-                          passwords.put(prompt, mParms[1]);
+                        if (authInfoOK(host, port, secure, mParms[0], mParms[1])) {
+                            CMS.debug("LdapAuthInfo: password ok: store in memory cache");
+                            passwords.put(prompt, mParms[1]);
                         }
                     }
                 }
@@ -212,16 +213,17 @@ CMS.debug("LdapAuthInfo: init: found password from config");
 
     /**
      * Verifies the distinguished name and password by attempting to
-     * authenticate to the server.  If we connect to the server but cannot
-     * authenticate, we conclude that the DN or password is invalid. If
-     * we cannot connect at all, we don't know, so we return true
-     * (there's no sense asking for the password again since we can't verify
-     * it anyway).  If we connect and authenticate successfully, we know
-     * the DN and password are correct, so we return true.
+     * authenticate to the server. If we connect to the server but cannot
+     * authenticate, we conclude that the DN or password is invalid. If we
+     * cannot connect at all, we don't know, so we return true (there's no sense
+     * asking for the password again since we can't verify it anyway). If we
+     * connect and authenticate successfully, we know the DN and password are
+     * correct, so we return true.
      */
     private static LDAPConnection conn = new LDAPConnection();
+
     private static boolean
-    authInfoOK(String host, int port, boolean secure, String dn, String pw) {
+            authInfoOK(String host, int port, boolean secure, String dn, String pw) {
 
         // We dont perform auth checking if we are in SSL mode.
         if (secure)
@@ -238,16 +240,13 @@ CMS.debug("LdapAuthInfo: init: found password from config");
         }
 
         /**
-         * There is a bug in LDAP SDK. VM will crash on NT if
-         * we connect and disconnect too many times. 
+         * There is a bug in LDAP SDK. VM will crash on NT if we connect and
+         * disconnect too many times.
          **/
-        
+
         /**
-         if( connected ) {
-         try {
-         conn.disconnect();
-         } catch( LDAPException e ) { }
-         }
+         * if( connected ) { try { conn.disconnect(); } catch( LDAPException e )
+         * { } }
          **/
 
         if (connected && !authenticated) {
@@ -258,10 +257,11 @@ CMS.debug("LdapAuthInfo: init: found password from config");
     }
 
     /**
-     * get authentication type. 
+     * get authentication type.
+     * 
      * @return one of: <br>
-     *		LdapAuthInfo.LDAP_AUTHTYPE_BASICAUTH or 
-     *		LdapAuthInfo.LDAP_AUTHTYPE_SSLCLIENTAUTH
+     *         LdapAuthInfo.LDAP_AUTHTYPE_BASICAUTH or
+     *         LdapAuthInfo.LDAP_AUTHTYPE_SSLCLIENTAUTH
      */
     public int getAuthType() {
         return mType;
@@ -269,6 +269,7 @@ CMS.debug("LdapAuthInfo: init: found password from config");
 
     /**
      * get params for authentication
+     * 
      * @return array of parameters for this authentication.
      */
     public String[] getParms() {
@@ -281,7 +282,7 @@ CMS.debug("LdapAuthInfo: init: found password from config");
     public void addPassword(String prompt, String pw) {
         try {
             passwords.put(prompt, pw);
-        }catch (Exception e) {
+        } catch (Exception e) {
         }
     }
 
@@ -291,7 +292,7 @@ CMS.debug("LdapAuthInfo: init: found password from config");
     public void removePassword(String prompt) {
         try {
             passwords.remove(prompt);
-        }catch (Exception e) {
+        } catch (Exception e) {
         }
     }
 }
diff --git a/pki/base/common/src/com/netscape/cmscore/ldapconn/LdapBoundConnFactory.java b/pki/base/common/src/com/netscape/cmscore/ldapconn/LdapBoundConnFactory.java
index a8a107ac..3a3b893a 100644
--- a/pki/base/common/src/com/netscape/cmscore/ldapconn/LdapBoundConnFactory.java
+++ b/pki/base/common/src/com/netscape/cmscore/ldapconn/LdapBoundConnFactory.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cmscore.ldapconn;
 
-
 import netscape.ldap.LDAPConnection;
 import netscape.ldap.LDAPException;
 import netscape.ldap.LDAPSocketFactory;
@@ -30,12 +29,10 @@ import com.netscape.certsrv.ldap.ELdapServerDownException;
 import com.netscape.certsrv.ldap.ILdapBoundConnFactory;
 import com.netscape.certsrv.logging.ILogger;
 
-
 /**
- * Factory for getting LDAP Connections to a LDAP server with the same
- * LDAP authentication.
- * XXX not sure how useful this is given that LDAPConnection itself can 
- * be shared by multiple threads and cloned. 
+ * Factory for getting LDAP Connections to a LDAP server with the same LDAP
+ * authentication. XXX not sure how useful this is given that LDAPConnection
+ * itself can be shared by multiple threads and cloned.
  */
 public class LdapBoundConnFactory implements ILdapBoundConnFactory {
     protected int mMinConns = 5;
@@ -52,10 +49,10 @@ public class LdapBoundConnFactory implements ILdapBoundConnFactory {
 
     public static final String PROP_ERROR_IF_DOWN = "errorIfDown";
 
-    private int mNumConns = 0;      // number of available conns in array
-    private int mTotal = 0;		// total num conns 
+    private int mNumConns = 0; // number of available conns in array
+    private int mTotal = 0; // total num conns
 
-    private boolean doCloning=true;
+    private boolean doCloning = true;
     private LdapBoundConnection mMasterConn = null; // master connection object.
     private BoundConnection mConns[];
 
@@ -70,8 +67,8 @@ public class LdapBoundConnFactory implements ILdapBoundConnFactory {
     private boolean mDefErrorIfDown = false;
 
     /**
-     * Constructor for initializing from the config store.
-     * must be followed by init(IConfigStore)
+     * Constructor for initializing from the config store. must be followed by
+     * init(IConfigStore)
      */
     public LdapBoundConnFactory() {
     }
@@ -94,51 +91,53 @@ public class LdapBoundConnFactory implements ILdapBoundConnFactory {
 
     /**
      * Constructor for LdapBoundConnFactory
+     * 
      * @param minConns minimum number of connections to have available
-     * @param maxConns max number of connections to have available. This is 
-     * the maximum number of clones of this connection or separate connections one wants to allow.
+     * @param maxConns max number of connections to have available. This is the
+     *            maximum number of clones of this connection or separate
+     *            connections one wants to allow.
      * @param serverInfo server connection info - host, port, etc.
      */
-    public LdapBoundConnFactory(int minConns, int maxConns, 
-        LdapConnInfo connInfo, LdapAuthInfo authInfo) throws ELdapException {
+    public LdapBoundConnFactory(int minConns, int maxConns,
+            LdapConnInfo connInfo, LdapAuthInfo authInfo) throws ELdapException {
         init(minConns, maxConns, connInfo, authInfo);
     }
 
     /**
      * Constructor for initialize
      */
-    public void init(IConfigStore config) 
-        throws ELdapException, EBaseException {
+    public void init(IConfigStore config)
+            throws ELdapException, EBaseException {
 
         CMS.debug("LdapBoundConnFactory: init ");
         LdapConnInfo connInfo =
-            new LdapConnInfo(config.getSubStore(PROP_LDAPCONNINFO));
+                new LdapConnInfo(config.getSubStore(PROP_LDAPCONNINFO));
 
         mErrorIfDown = config.getBoolean(PROP_ERROR_IF_DOWN, mDefErrorIfDown);
 
-        doCloning = config.getBoolean("doCloning",true);
+        doCloning = config.getBoolean("doCloning", true);
 
         CMS.debug("LdapBoundConnFactory:doCloning " + doCloning);
         init(config.getInteger(PROP_MINCONNS, mMinConns),
-            config.getInteger(PROP_MAXCONNS, mMaxConns),
-            connInfo,
-            new LdapAuthInfo(config.getSubStore(PROP_LDAPAUTHINFO),
-                connInfo.getHost(), connInfo.getPort(), connInfo.getSecure()));
+                config.getInteger(PROP_MAXCONNS, mMaxConns),
+                connInfo,
+                new LdapAuthInfo(config.getSubStore(PROP_LDAPAUTHINFO),
+                        connInfo.getHost(), connInfo.getPort(), connInfo.getSecure()));
     }
 
     /**
-     * initialize parameters obtained from either constructor or 
-     * config store
+     * initialize parameters obtained from either constructor or config store
+     * 
      * @param minConns minimum number of connection handls to have available.
      * @param maxConns maximum total number of connections to ever have.
      * @param connInfo ldap connection info.
      * @param authInfo ldap authentication info.
-     * @exception ELdapException if any error occurs. 
+     * @exception ELdapException if any error occurs.
      */
-    private void init(int minConns, int maxConns, 
-        LdapConnInfo connInfo, LdapAuthInfo authInfo) 
-        throws ELdapException {
-        if (minConns <= 0 || maxConns <= 0 || minConns > maxConns) 
+    private void init(int minConns, int maxConns,
+            LdapConnInfo connInfo, LdapAuthInfo authInfo)
+            throws ELdapException {
+        if (minConns <= 0 || maxConns <= 0 || minConns > maxConns)
             throw new ELdapException(
                     CMS.getUserMessage("CMS_LDAP_INVALID_NUMCONN_PARAMETERS"));
         if (connInfo == null || authInfo == null)
@@ -153,15 +152,15 @@ public class LdapBoundConnFactory implements ILdapBoundConnFactory {
 
         // Create connection handle and make initial connection
         CMS.debug(
-            "init: before makeConnection errorIfDown is " + mErrorIfDown);
+                "init: before makeConnection errorIfDown is " + mErrorIfDown);
         makeConnection(mErrorIfDown);
 
         CMS.debug(
-            "initializing with mininum " + mMinConns + " and maximum " + mMaxConns +
-            " connections to " +
-            "host " + mConnInfo.getHost() + " port " + mConnInfo.getPort() +
-            ", secure connection, " + mConnInfo.getSecure() + 
-            ", authentication type " + mAuthInfo.getAuthType());
+                "initializing with mininum " + mMinConns + " and maximum " + mMaxConns +
+                        " connections to " +
+                        "host " + mConnInfo.getHost() + " port " + mConnInfo.getPort() +
+                        ", secure connection, " + mConnInfo.getSecure() +
+                        ", authentication type " + mAuthInfo.getAuthType());
 
         // initalize minimum number of connection handles available.
         makeMinimum();
@@ -169,6 +168,7 @@ public class LdapBoundConnFactory implements ILdapBoundConnFactory {
 
     /**
      * makes the initial master connection used to clone others..
+     * 
      * @exception ELdapException if any error occurs.
      */
     protected void makeConnection(boolean errorIfDown) throws ELdapException {
@@ -179,31 +179,31 @@ public class LdapBoundConnFactory implements ILdapBoundConnFactory {
             if (e.getLDAPResultCode() == LDAPException.UNAVAILABLE) {
                 // need to intercept this because message from LDAP is
                 // "DSA is unavailable" which confuses with DSA PKI.
-                log(ILogger.LL_FAILURE, 
-                    CMS.getLogMessage("CMSCORE_LDAPCONN_CONNECT_SERVER",
-                        mConnInfo.getHost(), 	
-                        Integer.toString(mConnInfo.getPort())));
+                log(ILogger.LL_FAILURE,
+                        CMS.getLogMessage("CMSCORE_LDAPCONN_CONNECT_SERVER",
+                                mConnInfo.getHost(),
+                                Integer.toString(mConnInfo.getPort())));
                 if (errorIfDown) {
                     throw new ELdapServerDownException(
                             CMS.getUserMessage("CMS_LDAP_SERVER_UNAVAILABLE",
-                                mConnInfo.getHost(), "" + mConnInfo.getPort()));
+                                    mConnInfo.getHost(), "" + mConnInfo.getPort()));
                 }
             } else {
-                log(ILogger.LL_FAILURE, 
-                    CMS.getLogMessage("CMSCORE_LDAPCONN_FAILED_SERVER", e.toString()));
+                log(ILogger.LL_FAILURE,
+                        CMS.getLogMessage("CMSCORE_LDAPCONN_FAILED_SERVER", e.toString()));
                 throw new ELdapException(
-                        CMS.getUserMessage("CMS_LDAP_CONNECT_TO_LDAP_SERVER_FAILED", 
-                            mConnInfo.getHost(), "" + (Integer.valueOf(mConnInfo.getPort())), e.toString()));
+                        CMS.getUserMessage("CMS_LDAP_CONNECT_TO_LDAP_SERVER_FAILED",
+                                mConnInfo.getHost(), "" + (Integer.valueOf(mConnInfo.getPort())), e.toString()));
             }
         }
     }
 
-
     /**
      * makes subsequent connections if cloning is not used .
+     * 
      * @exception ELdapException if any error occurs.
      */
-    private  LdapBoundConnection makeNewConnection(boolean errorIfDown) throws ELdapException {
+    private LdapBoundConnection makeNewConnection(boolean errorIfDown) throws ELdapException {
         CMS.debug("LdapBoundConnFactory:In makeNewConnection: errorIfDown " + errorIfDown);
         LdapBoundConnection conn = null;
         try {
@@ -213,46 +213,46 @@ public class LdapBoundConnFactory implements ILdapBoundConnFactory {
                 // need to intercept this because message from LDAP is
                 // "DSA is unavailable" which confuses with DSA PKI.
                 log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("CMSCORE_LDAPCONN_CONNECT_SERVER",
-                        mConnInfo.getHost(),
-                        Integer.toString(mConnInfo.getPort())));
+                        CMS.getLogMessage("CMSCORE_LDAPCONN_CONNECT_SERVER",
+                                mConnInfo.getHost(),
+                                Integer.toString(mConnInfo.getPort())));
                 if (errorIfDown) {
                     throw new ELdapServerDownException(
                             CMS.getUserMessage("CMS_LDAP_SERVER_UNAVAILABLE",
-                                mConnInfo.getHost(), "" + mConnInfo.getPort()));
+                                    mConnInfo.getHost(), "" + mConnInfo.getPort()));
                 }
             } else {
                 log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("CMSCORE_LDAPCONN_FAILED_SERVER", e.toString()));
+                        CMS.getLogMessage("CMSCORE_LDAPCONN_FAILED_SERVER", e.toString()));
                 throw new ELdapException(
                         CMS.getUserMessage("CMS_LDAP_CONNECT_TO_LDAP_SERVER_FAILED",
-                            mConnInfo.getHost(), "" + (Integer.valueOf(mConnInfo.getPort())), e.toString()));
+                                mConnInfo.getHost(), "" + (Integer.valueOf(mConnInfo.getPort())), e.toString()));
             }
         }
 
         return conn;
     }
+
     /**
      * makes the minumum number of connections
      */
     private void makeMinimum() throws ELdapException {
-        if (mMasterConn == null || mMasterConn.isConnected() == false) 
+        if (mMasterConn == null || mMasterConn.isConnected() == false)
             return;
         int increment;
 
         if (mNumConns < mMinConns && mTotal <= mMaxConns) {
             increment = Math.min(mMinConns - mNumConns, mMaxConns - mTotal);
             CMS.debug(
-                "increasing minimum connections by " + increment);
+                    "increasing minimum connections by " + increment);
             for (int i = increment - 1; i >= 0; i--) {
 
-                if(doCloning == true)  {
+                if (doCloning == true) {
                     mConns[i] = (BoundConnection) mMasterConn.clone();
-                }
-                else  {
+                } else {
                     mConns[i] = (BoundConnection) makeNewConnection(true);
                 }
-             
+
             }
             mTotal += increment;
             mNumConns += increment;
@@ -262,132 +262,125 @@ public class LdapBoundConnFactory implements ILdapBoundConnFactory {
     }
 
     /**
-     * gets a conenction from this factory. 
-     * All connections obtained from the factory must be returned by 
-     * returnConn() method.
-     * The best thing to do is to put returnConn in a finally clause so it
-     * always gets called. For example, 
+     * gets a conenction from this factory. All connections obtained from the
+     * factory must be returned by returnConn() method. The best thing to do is
+     * to put returnConn in a finally clause so it always gets called. For
+     * example,
+     * 
      * <pre>
-     *	  LDAPConnection c = null;
-     *    try { 
-     *		c = factory.getConn();
-     * 		myclass.do_something_with_c(c);
-     *	  }
-     *    catch (ELdapException e) {
-     *		handle_error_here();
-     *	  }
-     *	  finally {
-     *		factory.returnConn(c);
-     *    }
+     * LDAPConnection c = null;
+     * try {
+     *     c = factory.getConn();
+     *     myclass.do_something_with_c(c);
+     * } catch (ELdapException e) {
+     *     handle_error_here();
+     * } finally {
+     *     factory.returnConn(c);
+     * }
      * </pre>
      */
-    public LDAPConnection getConn() 
-        throws ELdapException {
+    public LDAPConnection getConn()
+            throws ELdapException {
         return getConn(true);
     }
 
     /**
-     * Returns a LDAP connection - a clone of the master connection.
-     * All connections should be returned to the factory using returnConn()
-     * to recycle connection objects.
-     * If not returned the limited max number is affected but if that 
-     * number is large not much harm is done.
-     * Returns null if maximum number of connections reached.
-     * The best thing to do is to put returnConn in a finally clause so it
-     * always gets called. For example, 
+     * Returns a LDAP connection - a clone of the master connection. All
+     * connections should be returned to the factory using returnConn() to
+     * recycle connection objects. If not returned the limited max number is
+     * affected but if that number is large not much harm is done. Returns null
+     * if maximum number of connections reached. The best thing to do is to put
+     * returnConn in a finally clause so it always gets called. For example,
+     * 
      * <pre>
-     *	  LDAPConnection c = null;
-     *    try { 
-     *		c = factory.getConn();
-     * 		myclass.do_something_with_c(c);
-     *	  }
-     *    catch (ELdapException e) {
-     *		handle_error_here();
-     *	  }
-     *	  finally {
-     *		factory.returnConn(c);
-     *    }
+     * LDAPConnection c = null;
+     * try {
+     *     c = factory.getConn();
+     *     myclass.do_something_with_c(c);
+     * } catch (ELdapException e) {
+     *     handle_error_here();
+     * } finally {
+     *     factory.returnConn(c);
+     * }
      * </pre>
-     */ 
-    public synchronized LDAPConnection getConn(boolean waitForConn) 
-        throws ELdapException {
+     */
+    public synchronized LDAPConnection getConn(boolean waitForConn)
+            throws ELdapException {
         boolean waited = false;
 
-        CMS.debug("In LdapBoundConnFactory::getConn()"); 
-        if(mMasterConn != null) 
+        CMS.debug("In LdapBoundConnFactory::getConn()");
+        if (mMasterConn != null)
             CMS.debug("masterConn is connected: " + mMasterConn.isConnected());
         else
             CMS.debug("masterConn is null.");
 
         if (mMasterConn == null || !mMasterConn.isConnected()) {
             try {
-                  makeConnection(true);
-            }  catch (ELdapException e) {
+                makeConnection(true);
+            } catch (ELdapException e) {
                 mMasterConn = null;
                 CMS.debug("Can't create master connection in LdapBoundConnFactory::getConn! " + e.toString());
                 throw e;
             }
         }
 
-        if (mNumConns == 0) 
+        if (mNumConns == 0)
             makeMinimum();
         if (mNumConns == 0) {
             if (!waitForConn)
                 return null;
             try {
                 CMS.debug("getConn: out of ldap connections");
-                log(ILogger.LL_WARN, 
-                    "Ran out of ldap connections available " +
-                    "in ldap connection pool to " +
-                    mConnInfo.getHost() + ":" + mConnInfo.getPort() + ". " +
-                    "This could be a temporary condition or an indication of " +
-                    "something more serious that can cause the server to " +
-                    "hang.");
+                log(ILogger.LL_WARN,
+                        "Ran out of ldap connections available " +
+                                "in ldap connection pool to " +
+                                mConnInfo.getHost() + ":" + mConnInfo.getPort() + ". " +
+                                "This could be a temporary condition or an indication of " +
+                                "something more serious that can cause the server to " +
+                                "hang.");
                 waited = true;
-                while (mNumConns == 0) 
+                while (mNumConns == 0)
                     wait();
             } catch (InterruptedException e) {
             }
-        } 
+        }
         mNumConns--;
         LDAPConnection conn = mConns[mNumConns];
 
         boolean isConnected = false;
-        if(conn != null) {
+        if (conn != null) {
             isConnected = conn.isConnected();
         }
 
         CMS.debug("getConn: conn is connected " + isConnected);
 
-        //If masterConn is still alive, lets try to bring this one
-        //back to life
+        // If masterConn is still alive, lets try to bring this one
+        // back to life
 
-        if((isConnected == false) && (mMasterConn != null) 
-            && (mMasterConn.isConnected() == true))   {
+        if ((isConnected == false) && (mMasterConn != null)
+                && (mMasterConn.isConnected() == true)) {
             CMS.debug("Attempt to bring back down connection.");
 
-            if(doCloning == true) {
+            if (doCloning == true) {
                 mConns[mNumConns] = (BoundConnection) mMasterConn.clone();
-            }
-            else {
+            } else {
                 try {
-                   mConns[mNumConns] = (BoundConnection) makeNewConnection(true);
+                    mConns[mNumConns] = (BoundConnection) makeNewConnection(true);
+                } catch (ELdapException e) {
+                    mConns[mNumConns] = null;
                 }
-                catch (ELdapException e) {
-                   mConns[mNumConns] = null;
-                }
-           }
-           conn = mConns[mNumConns];
+            }
+            conn = mConns[mNumConns];
 
-           CMS.debug("Re-animated connection: " + conn);
-       }
+            CMS.debug("Re-animated connection: " + conn);
+        }
 
-       mConns[mNumConns] = null;
+        mConns[mNumConns] = null;
 
         if (waited) {
-            log(ILogger.LL_WARN, 
-                "Ldap connections are available again in ldap connection pool " +
-                "to " + mConnInfo.getHost() + ":" + mConnInfo.getPort());
+            log(ILogger.LL_WARN,
+                    "Ldap connections are available again in ldap connection pool " +
+                            "to " + mConnInfo.getHost() + ":" + mConnInfo.getPort());
         }
         CMS.debug("getConn: mNumConns now " + mNumConns);
 
@@ -395,22 +388,20 @@ public class LdapBoundConnFactory implements ILdapBoundConnFactory {
     }
 
     /**
-     * Teturn connection to the factory. 
-     * This is mandatory after a getConn().
+     * Teturn connection to the factory. This is mandatory after a getConn().
      * The best thing to do is to put returnConn in a finally clause so it
-     * always gets called. For example, 
+     * always gets called. For example,
+     * 
      * <pre>
-     *	  LDAPConnection c = null;
-     *    try { 
-     *		c = factory.getConn();
-     * 		myclass.do_something_with_c(c);
-     *	  }
-     *    catch (ELdapException e) {
-     *		handle_error_here();
-     *	  }
-     *	  finally {
-     *		factory.returnConn(c);
-     *    }
+     * LDAPConnection c = null;
+     * try {
+     *     c = factory.getConn();
+     *     myclass.do_something_with_c(c);
+     * } catch (ELdapException e) {
+     *     handle_error_here();
+     * } finally {
+     *     factory.returnConn(c);
+     * }
      * </pre>
      */
     public synchronized void returnConn(LDAPConnection conn) {
@@ -423,17 +414,17 @@ public class LdapBoundConnFactory implements ILdapBoundConnFactory {
             log(ILogger.LL_WARN, "returnConn: unknown connection.");
 
             /* swallow this exception but see who's doing it. */
-            ELdapException e = 
-                new ELdapException(CMS.getUserMessage("CMS_LDAP_UNKNOWN_RETURNED_CONN"));
+            ELdapException e =
+                    new ELdapException(CMS.getUserMessage("CMS_LDAP_UNKNOWN_RETURNED_CONN"));
         }
         for (int i = 0; i < mNumConns; i++) {
             if (mConns[i] == conn) {
                 CMS.debug(
-                    "returnConn: previously returned connection.");
+                        "returnConn: previously returned connection.");
 
-                /* swallow this exception but see who's doing it */ 
-                ELdapException e = 
-                    new ELdapException(CMS.getUserMessage("CMS_LDAP_BAD_RETURNED_CONN"));
+                /* swallow this exception but see who's doing it */
+                ELdapException e =
+                        new ELdapException(CMS.getUserMessage("CMS_LDAP_BAD_RETURNED_CONN"));
             }
         }
         mConns[mNumConns++] = boundconn;
@@ -446,24 +437,23 @@ public class LdapBoundConnFactory implements ILdapBoundConnFactory {
      */
     private void log(int level, String msg) {
         mLogger.log(ILogger.EV_SYSTEM, ILogger.S_LDAP, level,
-            "In Ldap (bound) connection pool to" +
-            " host " + mConnInfo.getHost() + 
-            " port " + mConnInfo.getPort() + ", " + msg);
+                "In Ldap (bound) connection pool to" +
+                        " host " + mConnInfo.getHost() +
+                        " port " + mConnInfo.getPort() + ", " + msg);
     }
 
     protected void finalize()
-        throws Exception {
+            throws Exception {
         reset();
     }
 
     /**
-     * used for disconnecting all connections and reset everything to 0
-     * as if connections were never made. used just before a subsystem
-     * shutdown or process exit.
-     * useful only if no connections are outstanding.
+     * used for disconnecting all connections and reset everything to 0 as if
+     * connections were never made. used just before a subsystem shutdown or
+     * process exit. useful only if no connections are outstanding.
      */
-    public synchronized void reset() 
-        throws ELdapException {
+    public synchronized void reset()
+            throws ELdapException {
         if (mNumConns == mTotal) {
             for (int i = 0; i < mNumConns; i++) {
                 try {
@@ -477,9 +467,9 @@ public class LdapBoundConnFactory implements ILdapBoundConnFactory {
                     log(ILogger.LL_INFO, "disconnecting masterConn");
                     mMasterConn.disconnect();
                 } catch (LDAPException e) {
-                    log(ILogger.LL_FAILURE, 
-                        CMS.getLogMessage("CMSCORE_LDAPCONN_CANNOT_RESET",
-                            e.toString()));
+                    log(ILogger.LL_FAILURE,
+                            CMS.getLogMessage("CMSCORE_LDAPCONN_CANNOT_RESET",
+                                    e.toString()));
                 }
             }
             mMasterConn = null;
@@ -487,7 +477,7 @@ public class LdapBoundConnFactory implements ILdapBoundConnFactory {
             mNumConns = 0;
         } else {
             CMS.debug(
-                "Cannot reset factory: connections not all returned");
+                    "Cannot reset factory: connections not all returned");
             throw new ELdapException(CMS.getUserMessage("CMS_LDAP_CANNOT_RESET_CONNFAC"));
         }
 
@@ -497,7 +487,7 @@ public class LdapBoundConnFactory implements ILdapBoundConnFactory {
     }
 
     /**
-     * return ldap connection info 
+     * return ldap connection info
      */
     public LdapConnInfo getConnInfo() {
         return mConnInfo;
@@ -520,17 +510,17 @@ public class LdapBoundConnFactory implements ILdapBoundConnFactory {
         private static final long serialVersionUID = 1353616391879078337L;
 
         public BoundConnection(LdapConnInfo connInfo, LdapAuthInfo authInfo)
-            throws LDAPException {
+                throws LDAPException {
             super(connInfo, authInfo);
         }
-			
-        public BoundConnection(String host, int port, int version, 
-            LDAPSocketFactory fac,
-            String bindDN, String bindPW)
-            throws LDAPException {
+
+        public BoundConnection(String host, int port, int version,
+                LDAPSocketFactory fac,
+                String bindDN, String bindPW)
+                throws LDAPException {
             super(host, port, version, fac, bindDN, bindPW);
         }
- 
+
         /**
          * used only to identify the factory from which this came.
          */
diff --git a/pki/base/common/src/com/netscape/cmscore/ldapconn/LdapBoundConnection.java b/pki/base/common/src/com/netscape/cmscore/ldapconn/LdapBoundConnection.java
index 82e0b315..57d4ddff 100644
--- a/pki/base/common/src/com/netscape/cmscore/ldapconn/LdapBoundConnection.java
+++ b/pki/base/common/src/com/netscape/cmscore/ldapconn/LdapBoundConnection.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cmscore.ldapconn;
 
-
 import java.util.Properties;
 
 import netscape.ldap.LDAPConnection;
@@ -29,13 +28,11 @@ import netscape.ldap.LDAPv2;
 
 import com.netscape.certsrv.apps.CMS;
 
-
 /**
- * A LDAP connection that is bound to a server host, port, secure type.
- * and authentication.
- * Makes a LDAP connection and authentication when instantiated.
- * Cannot establish another LDAP connection or authentication after 
- * construction. LDAPConnection connect and authentication methods are 
+ * A LDAP connection that is bound to a server host, port, secure type. and
+ * authentication. Makes a LDAP connection and authentication when instantiated.
+ * Cannot establish another LDAP connection or authentication after
+ * construction. LDAPConnection connect and authentication methods are
  * overridden to prevent this.
  */
 public class LdapBoundConnection extends LDAPConnection {
@@ -43,7 +40,7 @@ public class LdapBoundConnection extends LDAPConnection {
      *
      */
     private static final long serialVersionUID = -2242077674357271559L;
-    // LDAPConnection calls authenticate so must set this for first 
+    // LDAPConnection calls authenticate so must set this for first
     // authenticate call.
     private boolean mAuthenticated = false;
 
@@ -52,28 +49,28 @@ public class LdapBoundConnection extends LDAPConnection {
      * connection with Ldap basic bind dn & pw authentication.
      */
     public LdapBoundConnection(
-        LdapConnInfo connInfo, LdapAuthInfo authInfo)
-        throws LDAPException {
+            LdapConnInfo connInfo, LdapAuthInfo authInfo)
+            throws LDAPException {
         // this LONG line to satisfy super being the first call. (yuk)
         super(
-            authInfo.getAuthType() == LdapAuthInfo.LDAP_AUTHTYPE_SSLCLIENTAUTH ?
-            new LdapJssSSLSocketFactory(authInfo.getParms()[0]) : 
-            (connInfo.getSecure() ? new LdapJssSSLSocketFactory() : null));
+                authInfo.getAuthType() == LdapAuthInfo.LDAP_AUTHTYPE_SSLCLIENTAUTH ?
+                        new LdapJssSSLSocketFactory(authInfo.getParms()[0]) :
+                        (connInfo.getSecure() ? new LdapJssSSLSocketFactory() : null));
 
-        // Set option to automatically follow referrals. 
-        // Use the same credentials to follow referrals; this is the easiest 
-        // thing to do without any complicated configuration using 
+        // Set option to automatically follow referrals.
+        // Use the same credentials to follow referrals; this is the easiest
+        // thing to do without any complicated configuration using
         // different hosts.
         // If client auth is used don't have dn and pw to follow referrals.
 
         boolean followReferrals = connInfo.getFollowReferrals();
 
         setOption(LDAPv2.REFERRALS, new Boolean(followReferrals));
-        if (followReferrals && 
-            authInfo.getAuthType() != LdapAuthInfo.LDAP_AUTHTYPE_SSLCLIENTAUTH) {
-            LDAPRebind rebindInfo = 
-                new ARebindInfo(authInfo.getParms()[0], 
-                    authInfo.getParms()[1]);
+        if (followReferrals &&
+                authInfo.getAuthType() != LdapAuthInfo.LDAP_AUTHTYPE_SSLCLIENTAUTH) {
+            LDAPRebind rebindInfo =
+                    new ARebindInfo(authInfo.getParms()[0],
+                            authInfo.getParms()[1]);
 
             setOption(LDAPv2.REFERRALS_REBIND_PROC, rebindInfo);
         }
@@ -82,19 +79,19 @@ public class LdapBoundConnection extends LDAPConnection {
             // will be bound to client auth cert mapped entry.
             super.connect(connInfo.getHost(), connInfo.getPort());
             CMS.debug(
-                "Established LDAP connection with SSL client auth to " +
-                connInfo.getHost() + ":" + connInfo.getPort());
-        } else {  // basic auth
+                    "Established LDAP connection with SSL client auth to " +
+                            connInfo.getHost() + ":" + connInfo.getPort());
+        } else { // basic auth
             String binddn = authInfo.getParms()[0];
             String bindpw = authInfo.getParms()[1];
 
-            super.connect(connInfo.getVersion(), 
-                connInfo.getHost(), connInfo.getPort(), binddn, bindpw);
+            super.connect(connInfo.getVersion(),
+                    connInfo.getHost(), connInfo.getPort(), binddn, bindpw);
             CMS.debug(
-                "Established LDAP connection using basic authentication to" +
-                " host " + connInfo.getHost() +
-                " port " + connInfo.getPort() +
-                " as " + binddn);
+                    "Established LDAP connection using basic authentication to" +
+                            " host " + connInfo.getHost() +
+                            " port " + connInfo.getPort() +
+                            " as " + binddn);
         }
     }
 
@@ -102,26 +99,26 @@ public class LdapBoundConnection extends LDAPConnection {
      * Instantiates a connection to a ldap server, secure or non-secure
      * connection with Ldap basic bind dn & pw authentication.
      */
-    public LdapBoundConnection(String host, int port, int version, 
-        LDAPSocketFactory fac,
-        String bindDN, String bindPW)
-        throws LDAPException {
+    public LdapBoundConnection(String host, int port, int version,
+            LDAPSocketFactory fac,
+            String bindDN, String bindPW)
+            throws LDAPException {
         super(fac);
         if (bindDN != null) {
-            super.connect(version, host, port, bindDN, bindPW); 
+            super.connect(version, host, port, bindDN, bindPW);
             CMS.debug(
-                "Established LDAP connection using basic authentication " +
-                " as " + bindDN + " to " + host + ":" + port);
+                    "Established LDAP connection using basic authentication " +
+                            " as " + bindDN + " to " + host + ":" + port);
         } else {
             if (fac == null && bindDN == null) {
                 throw new IllegalArgumentException(
                         "Ldap bound connection must have authentication info.");
             }
             // automatically authenticated if it's ssl client auth.
-            super.connect(version, host, port, null, null);  
+            super.connect(version, host, port, null, null);
             CMS.debug(
-                "Established LDAP connection using SSL client authentication " +
-                "to " + host + ":" + port);
+                    "Established LDAP connection using SSL client authentication " +
+                            "to " + host + ":" + port);
         }
     }
 
@@ -129,13 +126,11 @@ public class LdapBoundConnection extends LDAPConnection {
      * Overrides same method in LDAPConnection to do prevent re-authentication.
      */
     public void authenticate(int version, String dn, String pw)
-        throws LDAPException {
+            throws LDAPException {
 
         /**
-         if (mAuthenticated) {
-         throw new RuntimeException(
-         "this LdapBoundConnection already authenticated: auth(v,dn,pw)");
-         }
+         * if (mAuthenticated) { throw new RuntimeException(
+         * "this LdapBoundConnection already authenticated: auth(v,dn,pw)"); }
          **/
         super.authenticate(version, dn, pw);
         mAuthenticated = true;
@@ -145,13 +140,11 @@ public class LdapBoundConnection extends LDAPConnection {
      * Overrides same method in LDAPConnection to do prevent re-authentication.
      */
     public void authenticate(String dn, String pw)
-        throws LDAPException {
+            throws LDAPException {
 
         /**
-         if (mAuthenticated) {
-         throw new RuntimeException(
-         "this LdapBoundConnection already authenticated: auth(dn,pw)");
-         }	
+         * if (mAuthenticated) { throw new RuntimeException(
+         * "this LdapBoundConnection already authenticated: auth(dn,pw)"); }
          **/
         super.authenticate(3, dn, pw);
         mAuthenticated = true;
@@ -160,15 +153,13 @@ public class LdapBoundConnection extends LDAPConnection {
     /**
      * Overrides same method in LDAPConnection to do prevent re-authentication.
      */
-    public void authenticate(String dn, String mech, String packageName, 
-        Properties props, Object getter)
-        throws LDAPException {
+    public void authenticate(String dn, String mech, String packageName,
+            Properties props, Object getter)
+            throws LDAPException {
 
         /**
-         if (mAuthenticated)  {
-         throw new RuntimeException(
-         "this LdapBoundConnection already authenticated: auth(mech)");
-         }
+         * if (mAuthenticated) { throw new RuntimeException(
+         * "this LdapBoundConnection already authenticated: auth(mech)"); }
          **/
         super.authenticate(dn, mech, packageName, props, getter);
         mAuthenticated = true;
@@ -177,15 +168,13 @@ public class LdapBoundConnection extends LDAPConnection {
     /**
      * Overrides same method in LDAPConnection to do prevent re-authentication.
      */
-    public void authenticate(String dn, String mechs[], String packageName, 
-        Properties props, Object getter)
-        throws LDAPException {
+    public void authenticate(String dn, String mechs[], String packageName,
+            Properties props, Object getter)
+            throws LDAPException {
 
         /**
-         if (mAuthenticated) {
-         throw new RuntimeException(
-         "this LdapBoundConnection is already authenticated: auth(mechs)");
-         }
+         * if (mAuthenticated) { throw new RuntimeException(
+         * "this LdapBoundConnection is already authenticated: auth(mechs)"); }
          **/
         super.authenticate(dn, mechs, packageName, props, getter);
         mAuthenticated = true;
@@ -202,14 +191,13 @@ public class LdapBoundConnection extends LDAPConnection {
     /**
      * overrides parent's connect to prevent re-connect.
      */
-    public void connect(int version, String host, int port, 
-        String dn, String pw) throws LDAPException {
+    public void connect(int version, String host, int port,
+            String dn, String pw) throws LDAPException {
         throw new RuntimeException(
                 "this LdapBoundConnection is already connected: conn(version,h,p)");
     }
 }
 
-
 class ARebindInfo implements LDAPRebind {
     private LDAPRebindAuth mRebindAuthInfo = null;
 
diff --git a/pki/base/common/src/com/netscape/cmscore/ldapconn/LdapConnInfo.java b/pki/base/common/src/com/netscape/cmscore/ldapconn/LdapConnInfo.java
index 70361f87..ad8869ac 100644
--- a/pki/base/common/src/com/netscape/cmscore/ldapconn/LdapConnInfo.java
+++ b/pki/base/common/src/com/netscape/cmscore/ldapconn/LdapConnInfo.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cmscore.ldapconn;
 
-
 import netscape.ldap.LDAPv2;
 
 import com.netscape.certsrv.apps.CMS;
@@ -27,10 +26,9 @@ import com.netscape.certsrv.base.IConfigStore;
 import com.netscape.certsrv.ldap.ELdapException;
 import com.netscape.certsrv.ldap.ILdapConnInfo;
 
-
 /**
- * class for reading ldap connection from the config store.
- * ldap connection info: host, port, secure connection
+ * class for reading ldap connection from the config store. ldap connection
+ * info: host, port, secure connection
  */
 public class LdapConnInfo implements ILdapConnInfo {
 
@@ -48,8 +46,7 @@ public class LdapConnInfo implements ILdapConnInfo {
     }
 
     /**
-     * initializes an instance from a config store.
-     * required parms: host, port 
+     * initializes an instance from a config store. required parms: host, port
      * optional parms: secure connection, authentication method & info.
      */
     public void init(IConfigStore config) throws EBaseException, ELdapException {
@@ -58,8 +55,8 @@ public class LdapConnInfo implements ILdapConnInfo {
         String version = (String) config.get(PROP_PROTOCOL);
 
         if (version != null && version.equals("")) {
-            // provide a default when this field is blank from the 
-            // configuration. 
+            // provide a default when this field is blank from the
+            // configuration.
             mVersion = LDAP_VERSION_3;
         } else {
             mVersion = config.getInteger(PROP_PROTOCOL, LDAP_VERSION_3);
@@ -75,43 +72,43 @@ public class LdapConnInfo implements ILdapConnInfo {
             throw new EBaseException(
                     CMS.getUserMessage("CMS_BASE_INVALID_PROPERTY", PROP_PORT));
         }
-        mSecure = config.getBoolean(PROP_SECURE, false); 
-        mFollowReferrals = config.getBoolean(PROP_FOLLOW_REFERRALS, true); 
+        mSecure = config.getBoolean(PROP_SECURE, false);
+        mFollowReferrals = config.getBoolean(PROP_FOLLOW_REFERRALS, true);
     }
 
     public LdapConnInfo(String host, int port, boolean secure) {
-        mHost = host; 
-        mPort = port; 
+        mHost = host;
+        mPort = port;
         mSecure = secure;
         if (mHost == null || mPort <= 0) {
-            // XXX log something here 
+            // XXX log something here
             throw new IllegalArgumentException("LDAP host or port is null");
         }
     }
 
     public LdapConnInfo(String host, int port) {
-        mHost = host; 
-        mPort = port; 
+        mHost = host;
+        mPort = port;
         if (mHost == null || mPort <= 0) {
-            // XXX log something here 
+            // XXX log something here
             throw new IllegalArgumentException("LDAP host or port is null");
         }
     }
 
-    public String getHost() { 
-        return mHost; 
+    public String getHost() {
+        return mHost;
     }
 
-    public int getPort() { 
-        return mPort; 
+    public int getPort() {
+        return mPort;
     }
 
-    public int getVersion() { 
-        return mVersion; 
+    public int getVersion() {
+        return mVersion;
     }
 
-    public boolean getSecure() { 
-        return mSecure; 
+    public boolean getSecure() {
+        return mSecure;
     }
 
     public boolean getFollowReferrals() {
diff --git a/pki/base/common/src/com/netscape/cmscore/ldapconn/LdapJssSSLSocketFactory.java b/pki/base/common/src/com/netscape/cmscore/ldapconn/LdapJssSSLSocketFactory.java
index 8aa59e30..bbc208d3 100644
--- a/pki/base/common/src/com/netscape/cmscore/ldapconn/LdapJssSSLSocketFactory.java
+++ b/pki/base/common/src/com/netscape/cmscore/ldapconn/LdapJssSSLSocketFactory.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cmscore.ldapconn;
 
-
 import java.io.IOException;
 import java.net.Socket;
 import java.net.UnknownHostException;
@@ -32,9 +31,9 @@ import org.mozilla.jss.ssl.SSLSocket;
 import com.netscape.certsrv.apps.CMS;
 import com.netscape.certsrv.logging.ILogger;
 
-
 /**
  * Uses HCL ssl socket.
+ * 
  * @author Lily Hsiao lhsiao@netscape.com
  */
 public class LdapJssSSLSocketFactory implements LDAPSSLSocketFactoryExt {
@@ -56,7 +55,7 @@ public class LdapJssSSLSocketFactory implements LDAPSSLSocketFactoryExt {
             s = new SSLSocket(host, port);
             s.setUseClientMode(true);
             s.enableSSL2(false);
-            //TODO Do we really want to set the default each time?
+            // TODO Do we really want to set the default each time?
             SSLSocket.enableSSL2Default(false);
             s.enableV2CompatibleHello(false);
 
@@ -68,14 +67,14 @@ public class LdapJssSSLSocketFactory implements LDAPSSLSocketFactoryExt {
             if (mClientAuthCertNickname != null) {
                 mClientAuth = true;
                 CMS.debug(
-                    "LdapJssSSLSocket set client auth cert nickname" +
-                    mClientAuthCertNickname);
+                        "LdapJssSSLSocket set client auth cert nickname" +
+                                mClientAuthCertNickname);
                 s.setClientCertNickname(mClientAuthCertNickname);
             }
             s.forceHandshake();
         } catch (UnknownHostException e) {
-            log(ILogger.LL_FAILURE, 
-                CMS.getLogMessage("CMSCORE_LDAPCONN_UNKNOWN_HOST"));
+            log(ILogger.LL_FAILURE,
+                    CMS.getLogMessage("CMSCORE_LDAPCONN_UNKNOWN_HOST"));
             throw new LDAPException(
                     "Cannot Create JSS SSL Socket - Unknown host");
         } catch (IOException e) {
@@ -102,10 +101,9 @@ public class LdapJssSSLSocketFactory implements LDAPSSLSocketFactoryExt {
         public ClientHandshakeCB(Object sc) {
             this.sc = sc;
         }
-	 
+
         public void handshakeCompleted(SSLHandshakeCompletedEvent event) {
             CMS.debug("SSL handshake happened");
         }
     }
 }
-
diff --git a/pki/base/common/src/com/netscape/cmscore/listeners/ListenerPlugin.java b/pki/base/common/src/com/netscape/cmscore/listeners/ListenerPlugin.java
index 181ea34b..7db8f2e1 100644
--- a/pki/base/common/src/com/netscape/cmscore/listeners/ListenerPlugin.java
+++ b/pki/base/common/src/com/netscape/cmscore/listeners/ListenerPlugin.java
@@ -17,13 +17,10 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cmscore.listeners;
 
-
-
-
 /**
  * This class represents a registered listener plugin.
  * <P>
- *
+ * 
  * @author stevep
  * @version $Revision$, $Date$
  */
@@ -34,16 +31,18 @@ public class ListenerPlugin {
 
     /**
      * Constructs a Listener plugin.
+     * 
      * @param id listener implementation name
      * @param classPath class path
      */
     public ListenerPlugin(String id, String classPath) {
-        //        if (id == null || classPath == null)
-        //           throw new AssertionException("Listener id or classpath can't be null");
+        // if (id == null || classPath == null)
+        // throw new
+        // AssertionException("Listener id or classpath can't be null");
         mId = id;
         mClassPath = classPath;
     }
-		
+
     public String getId() {
         return mId;
     }
diff --git a/pki/base/common/src/com/netscape/cmscore/logging/AuditEventFactory.java b/pki/base/common/src/com/netscape/cmscore/logging/AuditEventFactory.java
index 46b42f04..438b3abb 100644
--- a/pki/base/common/src/com/netscape/cmscore/logging/AuditEventFactory.java
+++ b/pki/base/common/src/com/netscape/cmscore/logging/AuditEventFactory.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cmscore.logging;
 
-
 import java.util.Properties;
 
 import com.netscape.certsrv.logging.AuditEvent;
@@ -26,12 +25,11 @@ import com.netscape.certsrv.logging.ILogEvent;
 import com.netscape.certsrv.logging.ILogEventFactory;
 import com.netscape.certsrv.logging.ILogger;
 
-
 /**
  * A log event object for handling audit messages
  * <P>
- *
- * @author mikep 
+ * 
+ * @author mikep
  * @author mzhao
  * @version $Revision$, $Date$
  */
@@ -60,7 +58,7 @@ public class AuditEventFactory implements ILogEventFactory {
      * @param params the parameters in the detail log message
      */
     public ILogEvent create(int evtClass, Properties prop, int source,
-        int level, boolean multiline, String msg, Object params[]) {
+            int level, boolean multiline, String msg, Object params[]) {
         if (evtClass != ILogger.EV_AUDIT)
             return null;
         AuditEvent event = new AuditEvent(msg, params);
@@ -74,8 +72,8 @@ public class AuditEventFactory implements ILogEventFactory {
 
     /**
      * Set the resource bundle of the log event.
-     *
-     * @param prop the properties 
+     * 
+     * @param prop the properties
      * @param event the log event
      */
     protected void setProperties(Properties prop, IBundleLogEvent event) {
@@ -92,7 +90,7 @@ public class AuditEventFactory implements ILogEventFactory {
 
     /**
      * Releases an log event.
-     *
+     * 
      * @param e the log event
      */
     public void release(ILogEvent e) {
diff --git a/pki/base/common/src/com/netscape/cmscore/logging/AuditFormat.java b/pki/base/common/src/com/netscape/cmscore/logging/AuditFormat.java
index 7d7f817f..60b53236 100644
--- a/pki/base/common/src/com/netscape/cmscore/logging/AuditFormat.java
+++ b/pki/base/common/src/com/netscape/cmscore/logging/AuditFormat.java
@@ -17,14 +17,12 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cmscore.logging;
 
-
 import com.netscape.certsrv.logging.ILogger;
 import com.netscape.certsrv.request.IRequest;
 
-
 /**
  * Define audit log message format
- *
+ * 
  * @author mzhao
  * @version $Revision$, $Date$
  */
@@ -43,68 +41,64 @@ public class AuditFormat {
     /**
      * initiative: the event is from agent
      */
-    public static final String FROMAGENT = "fromAgent";        
+    public static final String FROMAGENT = "fromAgent";
 
     /**
      * initiative: the event is from router
      */
-    public static final String FROMROUTER = "fromRouter";  
+    public static final String FROMROUTER = "fromRouter";
 
     /**
      * initiative: the event is from remote authority
      */
     public static final String FROMRA = "fromRemoteAuthority";
-      
+
     /**
      * authentication module: no Authentication manager
      */
     public static final String NOAUTH = "noAuthManager";
 
     // for ProcessCertReq.java ,kra
-    /* 0: request type
-     1: request ID
-     2: initiative
-     3: auth module
-     4: status
-     5: cert dn
-     6: other info. eg cert serial number, violation policies
+    /*
+     * 0: request type 1: request ID 2: initiative 3: auth module 4: status 5:
+     * cert dn 6: other info. eg cert serial number, violation policies
      */
-    public static final String FORMAT = 
-        "{0} reqID {1} {2} authenticated by {3} is {4} DN requested: {5} {6}";
-    public static final  String NODNFORMAT = 
-        "{0} reqID {1} {2} authenticated by {3} is {4}";
+    public static final String FORMAT =
+            "{0} reqID {1} {2} authenticated by {3} is {4} DN requested: {5} {6}";
+    public static final String NODNFORMAT =
+            "{0} reqID {1} {2} authenticated by {3} is {4}";
 
-    public static final String ENROLLMENTFORMAT = 
-        IRequest.ENROLLMENT_REQUEST + " reqID {0} {1} authenticated by {2} is {3}. DN requested: {4} {5}";
-    public static final String RENEWALFORMAT = 
-        IRequest.RENEWAL_REQUEST + " reqID {0} {1} authenticated by {2} is {3}. DN requested: {4} old serial number: 0x{5} {6}";
-    public static final String REVOCATIONFORMAT = 
-        IRequest.REVOCATION_REQUEST + " reqID {0} {1} authenticated by {2} is {3}. DN requested: {4} serial number: 0x{5} revocation reason: {6} {7}";
+    public static final String ENROLLMENTFORMAT =
+            IRequest.ENROLLMENT_REQUEST + " reqID {0} {1} authenticated by {2} is {3}. DN requested: {4} {5}";
+    public static final String RENEWALFORMAT =
+            IRequest.RENEWAL_REQUEST + " reqID {0} {1} authenticated by {2} is {3}. DN requested: {4} old serial number: 0x{5} {6}";
+    public static final String REVOCATIONFORMAT =
+            IRequest.REVOCATION_REQUEST + " reqID {0} {1} authenticated by {2} is {3}. DN requested: {4} serial number: 0x{5} revocation reason: {6} {7}";
 
     // 1: fromAgent AgentID: xxx authenticated by xxx
-    public static final String DOREVOKEFORMAT = 
-        IRequest.REVOCATION_REQUEST + " reqID {0} {1} is {2}. DN requested: {3} serial number: 0x{4} revocation reason: {5}";
+    public static final String DOREVOKEFORMAT =
+            IRequest.REVOCATION_REQUEST + " reqID {0} {1} is {2}. DN requested: {3} serial number: 0x{4} revocation reason: {5}";
     // 1: fromAgent AgentID: xxx authenticated by xxx
-    public static final String DOUNREVOKEFORMAT = 
-        IRequest.UNREVOCATION_REQUEST + " reqID {0} {1} is {2}. DN requested: {3} serial number: 0x{4}";
+    public static final String DOUNREVOKEFORMAT =
+            IRequest.UNREVOCATION_REQUEST + " reqID {0} {1} is {2}. DN requested: {3} serial number: 0x{4}";
 
     // 0:initiative
-    public static final String CRLUPDATEFORMAT = 
-        "CRLUpdate request {0} authenticated by {1} is {2}. Id: {3}\ncrl Number: {4} last update time: {5} next update time: {6} number of entries in the CRL: {7}";
+    public static final String CRLUPDATEFORMAT =
+            "CRLUpdate request {0} authenticated by {1} is {2}. Id: {3}\ncrl Number: {4} last update time: {5} next update time: {6} number of entries in the CRL: {7}";
 
     // audit user/group
     public static final String ADDUSERFORMAT =
-        "Admin UID: {0} added User UID: {1}";
+            "Admin UID: {0} added User UID: {1}";
     public static final String REMOVEUSERFORMAT =
-        "Admin UID: {0} removed User UID: {1} ";
+            "Admin UID: {0} removed User UID: {1} ";
     public static final String MODIFYUSERFORMAT =
-        "Admin UID: {0} modified User UID: {1}";
+            "Admin UID: {0} modified User UID: {1}";
     public static final String ADDUSERCERTFORMAT =
-        "Admin UID: {0} added cert for User UID: {1}. cert DN: {2} serial number: 0x{3}";
+            "Admin UID: {0} added cert for User UID: {1}. cert DN: {2} serial number: 0x{3}";
     public static final String REMOVEUSERCERTFORMAT =
-        "Admin UID: {0} removed cert of User UID: {1}. cert DN: {2} serial number: 0x{3}";
+            "Admin UID: {0} removed cert of User UID: {1}. cert DN: {2} serial number: 0x{3}";
     public static final String ADDUSERGROUPFORMAT =
-        "Admin UID: {0} added User UID: {1} to group: {2}";
+            "Admin UID: {0} added User UID: {1} to group: {2}";
     public static final String REMOVEUSERGROUPFORMAT =
-        "Admin UID: {0} removed User UID: {1} from group: {2}";
+            "Admin UID: {0} removed User UID: {1} from group: {2}";
 }
diff --git a/pki/base/common/src/com/netscape/cmscore/logging/LogQueue.java b/pki/base/common/src/com/netscape/cmscore/logging/LogQueue.java
index faddc44d..2ddc57ad 100644
--- a/pki/base/common/src/com/netscape/cmscore/logging/LogQueue.java
+++ b/pki/base/common/src/com/netscape/cmscore/logging/LogQueue.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cmscore.logging;
 
-
 import java.util.Vector;
 
 import com.netscape.certsrv.logging.ELogException;
@@ -25,9 +24,8 @@ import com.netscape.certsrv.logging.ILogEvent;
 import com.netscape.certsrv.logging.ILogEventListener;
 import com.netscape.certsrv.logging.ILogQueue;
 
-
 /**
- * A class represents a log queue. 
+ * A class represents a log queue.
  * <P>
  * 
  * @author mzhao
@@ -51,11 +49,11 @@ public class LogQueue implements ILogQueue {
     /**
      * Initializes the log queue.
      * <P>
-     *
+     * 
      */
     public void init() {
         mListeners = new Vector();
-        
+
     }
 
     /**
@@ -63,7 +61,7 @@ public class LogQueue implements ILogQueue {
      * <P>
      */
     public void shutdown() {
-        if (mListeners == null) 
+        if (mListeners == null)
             return;
         for (int i = 0; i < mListeners.size(); i++) {
             ((ILogEventListener) mListeners.elementAt(i)).shutdown();
@@ -73,18 +71,18 @@ public class LogQueue implements ILogQueue {
 
     /**
      * Adds an event listener.
-     *
+     * 
      * @param listener the log event listener
      */
     public void addLogEventListener(ILogEventListener listener) {
-        //Make sure we don't have duplicated listener
+        // Make sure we don't have duplicated listener
         if (!mListeners.contains(listener))
             mListeners.addElement(listener);
     }
 
     /**
      * Removes an event listener.
-     *
+     * 
      * @param listener the log event listener
      */
     public void removeLogEventListener(ILogEventListener listener) {
@@ -93,30 +91,30 @@ public class LogQueue implements ILogQueue {
 
     /**
      * Logs an event, and notifies logger to reuse the event.
-     *
+     * 
      * @param event the log event
      */
     public void log(ILogEvent event) {
         if (mListeners == null)
-           return;
+            return;
         for (int i = 0; i < mListeners.size(); i++) {
             try {
                 ((ILogEventListener) mListeners.elementAt(i)).log(event);
             } catch (ELogException e) {
-                // Raidzilla Bug #57592:  Don't display potentially
-                //                        incorrect log message.
-                // ConsoleError.send(new SystemEvent(CMS.getUserMessage("CMS_LOG_EVENT_FAILED",
-                //          event.getEventType(), e.toString())));
-
-                // Don't do this again.  
-                removeLogEventListener((ILogEventListener)
-                    mListeners.elementAt(i));
+                // Raidzilla Bug #57592: Don't display potentially
+                // incorrect log message.
+                // ConsoleError.send(new
+                // SystemEvent(CMS.getUserMessage("CMS_LOG_EVENT_FAILED",
+                // event.getEventType(), e.toString())));
+
+                // Don't do this again.
+                removeLogEventListener((ILogEventListener) mListeners.elementAt(i));
             }
         }
     }
 
     /**
-     *  Flushes the log buffers (if any)
+     * Flushes the log buffers (if any)
      */
     public void flush() {
         for (int i = 0; i < mListeners.size(); i++) {
@@ -124,4 +122,3 @@ public class LogQueue implements ILogQueue {
         }
     }
 }
-
diff --git a/pki/base/common/src/com/netscape/cmscore/logging/LogSubsystem.java b/pki/base/common/src/com/netscape/cmscore/logging/LogSubsystem.java
index 05e4e91f..a8bc67c0 100644
--- a/pki/base/common/src/com/netscape/cmscore/logging/LogSubsystem.java
+++ b/pki/base/common/src/com/netscape/cmscore/logging/LogSubsystem.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cmscore.logging;
 
-
 import java.util.Enumeration;
 import java.util.Hashtable;
 import java.util.Vector;
@@ -33,7 +32,6 @@ import com.netscape.certsrv.logging.ILogSubsystem;
 import com.netscape.certsrv.logging.LogPlugin;
 import com.netscape.cmscore.util.Debug;
 
-
 /**
  * A class represents a log subsystem.
  * <P>
@@ -77,12 +75,12 @@ public class LogSubsystem implements ILogSubsystem {
     /**
      * Initializes the log subsystem.
      * <P>
-     *
+     * 
      * @param owner owner of this subsystem
      * @param config configuration store
      */
     public void init(ISubsystem owner, IConfigStore config)
-        throws EBaseException {
+            throws EBaseException {
         mConfig = config;
         mLogQueue.init();
 
@@ -100,18 +98,18 @@ public class LogSubsystem implements ILogSubsystem {
         if (Debug.ON)
             Debug.trace("loaded logger plugins");
 
-            // load log instances
+        // load log instances
         c = config.getSubStore(PROP_INSTANCE);
         Enumeration<String> instances = c.getSubStoreNames();
 
         while (instances.hasMoreElements()) {
             String insName = (String) instances.nextElement();
-            String implName = c.getString(insName + "." + 
+            String implName = c.getString(insName + "." +
                     PROP_PLUGIN);
             LogPlugin plugin =
-                (LogPlugin) mLogPlugins.get(implName);
+                    (LogPlugin) mLogPlugins.get(implName);
 
-            if (plugin == null) { 
+            if (plugin == null) {
                 throw new EBaseException(implName);
             }
             String className = plugin.getClassPath();
@@ -121,8 +119,8 @@ public class LogSubsystem implements ILogSubsystem {
             try {
                 logInst = (ILogEventListener)
                         Class.forName(className).newInstance();
-                IConfigStore pConfig = 
-                    c.getSubStore(insName);
+                IConfigStore pConfig =
+                        c.getSubStore(insName);
 
                 logInst.init(this, pConfig);
                 // for view from console
@@ -165,7 +163,7 @@ public class LogSubsystem implements ILogSubsystem {
 
             Debug.trace("about to call inst=" + instName + " in LogSubsystem.startup()");
             ILogEventListener inst = (ILogEventListener)
-                mLogInsts.get(instName);
+                    mLogInsts.get(instName);
 
             inst.startup();
         }
@@ -182,7 +180,7 @@ public class LogSubsystem implements ILogSubsystem {
     /**
      * Returns the root configuration storage of this system.
      * <P>
-     *
+     * 
      * @return configuration store of this subsystem
      */
     public IConfigStore getConfigStore() {
@@ -232,12 +230,12 @@ public class LogSubsystem implements ILogSubsystem {
             ELogException {
         // is this a registered implname?
         LogPlugin plugin = (LogPlugin)
-            mLogPlugins.get(implName);
+                mLogPlugins.get(implName);
 
         if (plugin == null) {
             throw new ELogException(implName);
         }
-			
+
         // a temporary instance
         ILogEventListener LogInst = null;
         String className = plugin.getClassPath();
@@ -272,4 +270,3 @@ public class LogSubsystem implements ILogSubsystem {
         return v;
     }
 }
-
diff --git a/pki/base/common/src/com/netscape/cmscore/logging/Logger.java b/pki/base/common/src/com/netscape/cmscore/logging/Logger.java
index 3c97023a..6682fd32 100644
--- a/pki/base/common/src/com/netscape/cmscore/logging/Logger.java
+++ b/pki/base/common/src/com/netscape/cmscore/logging/Logger.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cmscore.logging;
 
-
 import java.util.Hashtable;
 import java.util.Properties;
 
@@ -26,13 +25,11 @@ import com.netscape.certsrv.logging.ILogEventFactory;
 import com.netscape.certsrv.logging.ILogQueue;
 import com.netscape.certsrv.logging.ILogger;
 
-
 /**
- * A class represents certificate server logger
- * implementation.
+ * A class represents certificate server logger implementation.
  * <P>
- *
- * @author thomask 
+ * 
+ * @author thomask
  * @author mzhao
  * @version $Revision$, $Date$
  */
@@ -43,8 +40,8 @@ public class Logger implements ILogger {
     protected Hashtable mFactories = new Hashtable();
 
     /**
-     * Constructs a generic logger, and registers a list
-     * of resident event factories.
+     * Constructs a generic logger, and registers a list of resident event
+     * factories.
      */
     public Logger() {
         mLogQueue = LogSubsystem.getLogQueue();
@@ -63,7 +60,7 @@ public class Logger implements ILogger {
     }
 
     /**
-     * Retrieves the associated log queue. 
+     * Retrieves the associated log queue.
      */
     public ILogQueue getLogQueue() {
         return mLogQueue;
@@ -71,17 +68,19 @@ public class Logger implements ILogger {
 
     /**
      * Registers log factory.
-     * @param evtClass the event class name: ILogger.EV_SYSTEM or ILogger.EV_AUDIT
+     * 
+     * @param evtClass the event class name: ILogger.EV_SYSTEM or
+     *            ILogger.EV_AUDIT
      * @param f the event factory name
      */
     public void register(int evtClass, ILogEventFactory f) {
         mFactories.put(Integer.toString(evtClass), f);
     }
 
-    //************** default level ****************
+    // ************** default level ****************
     /**
      * Logs an event using default log level: ILogger.LL_INFO
-     *
+     * 
      * @param evtClass What kind of event it is: EV_AUDIT or EV_SYSTEM.
      * @param source the source of the log event
      * @param msg the one line detail message to be logged
@@ -92,7 +91,7 @@ public class Logger implements ILogger {
 
     /**
      * Logs an event using default log level: ILogger.LL_INFO
-     *
+     * 
      * @param evtClass What kind of event it is: EV_AUDIT or EV_SYSTEM.
      * @param props the resource bundle used for the detailed message
      * @param source the source of the log event
@@ -102,11 +101,11 @@ public class Logger implements ILogger {
         log(evtClass, props, source, ILogger.LL_INFO, msg, null);
     }
 
-    //************** no param ****************
+    // ************** no param ****************
 
     /**
      * Logs an event to the log queue.
-     *
+     * 
      * @param evtClass What kind of event it is: EV_AUDIT or EV_SYSTEM.
      * @param source the source of the log event
      * @param level the level of the log event
@@ -118,7 +117,7 @@ public class Logger implements ILogger {
 
     /**
      * Logs an event to the log queue.
-     *
+     * 
      * @param evtClass What kind of event it is: EV_AUDIT or EV_SYSTEM.
      * @param props the resource bundle used for the detailed message
      * @param source the source of the log event
@@ -129,11 +128,11 @@ public class Logger implements ILogger {
         log(evtClass, props, source, level, msg, null);
     }
 
-    //********************* one param **********************
+    // ********************* one param **********************
 
     /**
      * Logs an event to the log queue.
-     *
+     * 
      * @param evtClass What kind of event it is: EV_AUDIT or EV_SYSTEM.
      * @param props the resource bundle used for the detailed message
      * @param source the source of the log event
@@ -146,7 +145,7 @@ public class Logger implements ILogger {
 
     /**
      * Logs an event using default log level: ILogger.LL_INFO
-     *
+     * 
      * @param evtClass What kind of event it is: EV_AUDIT or EV_SYSTEM.
      * @param props the resource bundle used for the detailed message
      * @param source the source of the log event
@@ -159,7 +158,7 @@ public class Logger implements ILogger {
 
     /**
      * Logs an event to the log queue.
-     *
+     * 
      * @param evtClass What kind of event it is: EV_AUDIT or EV_SYSTEM.
      * @param props the resource bundle used for the detailed message
      * @param source the source of the log event
@@ -168,18 +167,18 @@ public class Logger implements ILogger {
      * @param param the parameter in the detail message
      */
     public void log(int evtClass, Properties props, int source, int level, String msg,
-        Object param) {
+            Object param) {
         Object o[] = new Object[1];
 
         o[0] = param;
         log(evtClass, props, source, level, msg, o);
     }
 
-    //******************* multiple param **************************
+    // ******************* multiple param **************************
 
     /**
      * Logs an event to the log queue.
-     *
+     * 
      * @param evtClass What kind of event it is: EV_AUDIT or EV_SYSTEM.
      * @param source the source of the log event
      * @param level the level of the log event
@@ -187,14 +186,14 @@ public class Logger implements ILogger {
      * @param params the parameters in the detail message
      */
     public void log(int evtClass, int source, int level, String msg,
-        Object params[]) {
+            Object params[]) {
         log(evtClass, null, source, level, msg, params);
     }
 
-    //*************** the real implementation *****************
+    // *************** the real implementation *****************
     /**
      * Logs an event to the log queue.
-     *
+     * 
      * @param evtClass What kind of event it is: EV_AUDIT or EV_SYSTEM.
      * @param props the resource bundle used for the detailed message
      * @param source the source of the log event
@@ -203,19 +202,20 @@ public class Logger implements ILogger {
      * @param params the parameters in the detail message
      */
     public void log(int evtClass, Properties prop, int source, int level, String msg,
-        Object params[]) {
+            Object params[]) {
         mLogQueue.log(create(evtClass, prop, source, level, msg, params, ILogger.L_SINGLELINE));
     }
 
-    //******************** multiline log *************************
-    //************** default level ****************
+    // ******************** multiline log *************************
+    // ************** default level ****************
     /**
      * Logs an event using default log level: ILogger.LL_INFO
-     *
+     * 
      * @param evtClass What kind of event it is: EV_AUDIT or EV_SYSTEM.
      * @param source the source of the log event
      * @param msg the one line detail message to be logged
-     * @param multiline true if the message has more than one line, otherwise false
+     * @param multiline true if the message has more than one line, otherwise
+     *            false
      */
     public void log(int evtClass, int source, String msg, boolean multiline) {
         log(evtClass, null, source, ILogger.LL_INFO, msg, null, multiline);
@@ -223,27 +223,29 @@ public class Logger implements ILogger {
 
     /**
      * Logs an event using default log level: ILogger.LL_INFO
-     *
+     * 
      * @param evtClass What kind of event it is: EV_AUDIT or EV_SYSTEM.
      * @param props the resource bundle used for the detailed message
      * @param source the source of the log event
      * @param msg the one line detail message to be logged
-     * @param multiline true if the message has more than one line, otherwise false
+     * @param multiline true if the message has more than one line, otherwise
+     *            false
      */
     public void log(int evtClass, Properties props, int source, String msg, boolean multiline) {
         log(evtClass, props, source, ILogger.LL_INFO, msg, null, multiline);
     }
 
-    //************** no param ****************
+    // ************** no param ****************
 
     /**
      * Logs an event to the log queue.
-     *
+     * 
      * @param evtClass What kind of event it is: EV_AUDIT or EV_SYSTEM.
      * @param source the source of the log event
      * @param level the level of the log event
      * @param msg the one line detail message to be logged
-     * @param multiline true if the message has more than one line, otherwise false
+     * @param multiline true if the message has more than one line, otherwise
+     *            false
      */
     public void log(int evtClass, int source, int level, String msg, boolean multiline) {
         log(evtClass, null, source, level, msg, null, multiline);
@@ -251,29 +253,31 @@ public class Logger implements ILogger {
 
     /**
      * Logs an event to the log queue.
-     *
+     * 
      * @param evtClass What kind of event it is: EV_AUDIT or EV_SYSTEM.
      * @param props the resource bundle used for the detailed message
      * @param source the source of the log event
      * @param level the level of the log event
      * @param msg the one line detail message to be logged
-     * @param multiline true if the message has more than one line, otherwise false
+     * @param multiline true if the message has more than one line, otherwise
+     *            false
      */
     public void log(int evtClass, Properties props, int source, int level, String msg, boolean multiline) {
         log(evtClass, props, source, level, msg, null, multiline);
     }
 
-    //********************* one param **********************
+    // ********************* one param **********************
 
     /**
      * Logs an event to the log queue.
-     *
+     * 
      * @param evtClass What kind of event it is: EV_AUDIT or EV_SYSTEM.
      * @param props the resource bundle used for the detailed message
      * @param source the source of the log event
      * @param msg the one line detail message to be logged
      * @param param the parameter in the detail message
-     * @param multiline true if the message has more than one line, otherwise false
+     * @param multiline true if the message has more than one line, otherwise
+     *            false
      */
     public void log(int evtClass, int source, int level, String msg, Object param, boolean multiline) {
         log(evtClass, null, source, level, msg, param, multiline);
@@ -281,13 +285,14 @@ public class Logger implements ILogger {
 
     /**
      * Logs an event using default log level: ILogger.LL_INFO
-     *
+     * 
      * @param evtClass What kind of event it is: EV_AUDIT or EV_SYSTEM.
      * @param props the resource bundle used for the detailed message
      * @param source the source of the log event
      * @param msg the one line detail message to be logged
      * @param param the parameter in the detail message
-     * @param multiline true if the message has more than one line, otherwise false
+     * @param multiline true if the message has more than one line, otherwise
+     *            false
      */
     public void log(int evtClass, Properties props, int source, String msg, Object param, boolean multiline) {
         log(evtClass, props, source, ILogger.LL_INFO, msg, param, multiline);
@@ -295,67 +300,68 @@ public class Logger implements ILogger {
 
     /**
      * Logs an event to the log queue.
-     *
+     * 
      * @param evtClass What kind of event it is: EV_AUDIT or EV_SYSTEM.
      * @param props the resource bundle used for the detailed message
      * @param source the source of the log event
      * @param level the level of the log event
      * @param msg the one line detail message to be logged
      * @param param the parameter in the detail message
-     * @param multiline true if the message has more than one line, otherwise false
+     * @param multiline true if the message has more than one line, otherwise
+     *            false
      */
     public void log(int evtClass, Properties props, int source, int level, String msg,
-        Object param, boolean multiline) {
+            Object param, boolean multiline) {
         Object o[] = new Object[1];
 
         o[0] = param;
         log(evtClass, props, source, level, msg, o, multiline);
     }
 
-    //******************* multiple param **************************
+    // ******************* multiple param **************************
 
     /**
      * Logs an event to the log queue.
-     *
+     * 
      * @param evtClass What kind of event it is: EV_AUDIT or EV_SYSTEM.
      * @param source the source of the log event
      * @param level the level of the log event
      * @param msg the one line detail message to be logged
      * @param params the parameters in the detail message
-     * @param multiline true if the message has more than one line, otherwise false
+     * @param multiline true if the message has more than one line, otherwise
+     *            false
      */
     public void log(int evtClass, int source, int level, String msg,
-        Object params[], boolean multiline) {
+            Object params[], boolean multiline) {
         log(evtClass, null, source, level, msg, params, multiline);
     }
 
-    //*************** the real implementation *****************
+    // *************** the real implementation *****************
     /**
      * Logs an event to the log queue.
-     *
+     * 
      * @param evtClass What kind of event it is: EV_AUDIT or EV_SYSTEM.
      * @param props the resource bundle used for the detailed message
      * @param source the source of the log event
      * @param level the level of the log event
      * @param msg the one line detail message to be logged
      * @param params the parameters in the detail message
-     * @param multiline true if the message has more than one line, otherwise false
+     * @param multiline true if the message has more than one line, otherwise
+     *            false
      */
     public void log(int evtClass, Properties prop, int source, int level, String msg,
-        Object params[], boolean multiline) {
+            Object params[], boolean multiline) {
         mLogQueue.log(create(evtClass, prop, source, level, msg, params, multiline));
     }
 
-    //******************** end  multiline log *************************
-
+    // ******************** end multiline log *************************
 
     /**
-     * Creates generic log event. If required, we can recycle
-     * events here.
+     * Creates generic log event. If required, we can recycle events here.
      */
-    //XXXXXXXXXXX prop is out dated!!!! XXXXXXXXXXXXXXX
+    // XXXXXXXXXXX prop is out dated!!!! XXXXXXXXXXXXXXX
     public ILogEvent create(int evtClass, Properties prop, int source, int level,
-        String msg, Object params[], boolean multiline) {
+            String msg, Object params[], boolean multiline) {
         ILogEventFactory f = (ILogEventFactory) mFactories.get(
                 Integer.toString(evtClass));
 
@@ -365,8 +371,9 @@ public class Logger implements ILogger {
     }
 
     /**
-     * Notifies logger to reuse the event. This framework
-     * opens up possibility to reuse event.
+     * Notifies logger to reuse the event. This framework opens up possibility
+     * to reuse event.
+     * 
      * @param event a log event
      */
     public void release(ILogEvent event) {
diff --git a/pki/base/common/src/com/netscape/cmscore/logging/SignedAuditEventFactory.java b/pki/base/common/src/com/netscape/cmscore/logging/SignedAuditEventFactory.java
index 970516c1..48570cad 100644
--- a/pki/base/common/src/com/netscape/cmscore/logging/SignedAuditEventFactory.java
+++ b/pki/base/common/src/com/netscape/cmscore/logging/SignedAuditEventFactory.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cmscore.logging;
 
-
 import java.util.Properties;
 
 import com.netscape.certsrv.logging.IBundleLogEvent;
@@ -27,12 +26,11 @@ import com.netscape.certsrv.logging.ILogger;
 import com.netscape.certsrv.logging.SignedAuditEvent;
 import com.netscape.cmscore.util.Debug;
 
-
 /**
  * A log event object for handling system messages
  * <P>
- *
- * @author mikep 
+ * 
+ * @author mikep
  * @author mzhao
  * @author cfu
  * @version $Revision$, $Date$
@@ -52,7 +50,7 @@ public class SignedAuditEventFactory implements ILogEventFactory {
 
     /**
      * Creates an log event.
-     *
+     * 
      * @param evtClass the event type
      * @param prop the resource bundle
      * @param source the subsystem ID who creates the log event
@@ -60,10 +58,9 @@ public class SignedAuditEventFactory implements ILogEventFactory {
      * @param multiline the log message has more than one line or not
      * @param msg the detail message of the log
      * @param params the parameters in the detail log message
-     
      */
     public ILogEvent create(int evtClass, Properties prop, int source,
-        int level, boolean multiline, String msg, Object params[]) {
+            int level, boolean multiline, String msg, Object params[]) {
         if (evtClass != ILogger.EV_SIGNED_AUDIT)
             return null;
 
@@ -101,8 +98,8 @@ public class SignedAuditEventFactory implements ILogEventFactory {
 
     /**
      * Set the resource bundle of the log event.
-     *
-     * @param prop the properties 
+     * 
+     * @param prop the properties
      * @param event the log event
      */
     protected void setProperties(Properties prop, IBundleLogEvent event) {
@@ -119,7 +116,7 @@ public class SignedAuditEventFactory implements ILogEventFactory {
 
     /**
      * Releases an log event.
-     *
+     * 
      * @param e the log event
      */
     public void release(ILogEvent e) {
diff --git a/pki/base/common/src/com/netscape/cmscore/logging/SignedAuditLogger.java b/pki/base/common/src/com/netscape/cmscore/logging/SignedAuditLogger.java
index 013447ce..34af748d 100644
--- a/pki/base/common/src/com/netscape/cmscore/logging/SignedAuditLogger.java
+++ b/pki/base/common/src/com/netscape/cmscore/logging/SignedAuditLogger.java
@@ -17,23 +17,19 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cmscore.logging;
 
-
-
-
 /**
- * A class represents certificate server logger
- * implementation.
+ * A class represents certificate server logger implementation.
  * <P>
- *
- * @author thomask 
+ * 
+ * @author thomask
  * @author mzhao
  * @version $Revision$, $Date$
  */
 public class SignedAuditLogger extends Logger {
 
     /**
-     * Constructs a generic logger, and registers a list
-     * of resident event factories.
+     * Constructs a generic logger, and registers a list of resident event
+     * factories.
      */
     public SignedAuditLogger() {
         super();
diff --git a/pki/base/common/src/com/netscape/cmscore/logging/SystemEventFactory.java b/pki/base/common/src/com/netscape/cmscore/logging/SystemEventFactory.java
index 7bef282b..dfe25f03 100644
--- a/pki/base/common/src/com/netscape/cmscore/logging/SystemEventFactory.java
+++ b/pki/base/common/src/com/netscape/cmscore/logging/SystemEventFactory.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cmscore.logging;
 
-
 import java.util.Properties;
 
 import com.netscape.certsrv.logging.IBundleLogEvent;
@@ -26,12 +25,11 @@ import com.netscape.certsrv.logging.ILogEventFactory;
 import com.netscape.certsrv.logging.ILogger;
 import com.netscape.certsrv.logging.SystemEvent;
 
-
 /**
  * A log event object for handling system messages
  * <P>
- *
- * @author mikep 
+ * 
+ * @author mikep
  * @author mzhao
  * @version $Revision$, $Date$
  */
@@ -50,7 +48,7 @@ public class SystemEventFactory implements ILogEventFactory {
 
     /**
      * Creates an log event.
-     *
+     * 
      * @param evtClass the event type
      * @param prop the resource bundle
      * @param source the subsystem ID who creates the log event
@@ -58,10 +56,9 @@ public class SystemEventFactory implements ILogEventFactory {
      * @param multiline the log message has more than one line or not
      * @param msg the detail message of the log
      * @param params the parameters in the detail log message
-     
      */
     public ILogEvent create(int evtClass, Properties prop, int source,
-        int level, boolean multiline, String msg, Object params[]) {
+            int level, boolean multiline, String msg, Object params[]) {
         if (evtClass != ILogger.EV_SYSTEM)
             return null;
         SystemEvent event = new SystemEvent(msg, params);
@@ -75,8 +72,8 @@ public class SystemEventFactory implements ILogEventFactory {
 
     /**
      * Set the resource bundle of the log event.
-     *
-     * @param prop the properties 
+     * 
+     * @param prop the properties
      * @param event the log event
      */
     protected void setProperties(Properties prop, IBundleLogEvent event) {
@@ -93,7 +90,7 @@ public class SystemEventFactory implements ILogEventFactory {
 
     /**
      * Releases an log event.
-     *
+     * 
      * @param e the log event
      */
     public void release(ILogEvent e) {
diff --git a/pki/base/common/src/com/netscape/cmscore/notification/EmailFormProcessor.java b/pki/base/common/src/com/netscape/cmscore/notification/EmailFormProcessor.java
index 770b5ba4..9f6b206a 100644
--- a/pki/base/common/src/com/netscape/cmscore/notification/EmailFormProcessor.java
+++ b/pki/base/common/src/com/netscape/cmscore/notification/EmailFormProcessor.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cmscore.notification;
 
-
 import java.util.Enumeration;
 import java.util.Hashtable;
 import java.util.StringTokenizer;
@@ -27,12 +26,12 @@ import com.netscape.certsrv.apps.CMS;
 import com.netscape.certsrv.logging.ILogger;
 import com.netscape.certsrv.notification.IEmailFormProcessor;
 
-
 /**
- * formulates the final email.  Escape character '\' is understood.
- * '$' is used preceeding a token name.  A token name should not be a
- * substring of any other token name
+ * formulates the final email. Escape character '\' is understood. '$' is used
+ * preceeding a token name. A token name should not be a substring of any other
+ * token name
  * <p>
+ * 
  * @author cfu
  * @version $Revision$, $Date$
  */
@@ -78,16 +77,19 @@ public class EmailFormProcessor implements IEmailFormProcessor {
     }
 
     /*
-     * takes the form template, parse and replace all $tokens with the
-     *		 right values.  It handles escape character '\'
+     * takes the form template, parse and replace all $tokens with the right
+     * values. It handles escape character '\'
+     * 
      * @param form The locale specific form template,
-     * @param tok2vals a hashtable containing one to one mapping
-     *	 from $tokens used by the admins in the form template to the real
-     *	 values corresponding to the $tokens
+     * 
+     * @param tok2vals a hashtable containing one to one mapping from $tokens
+     * used by the admins in the form template to the real values corresponding
+     * to the $tokens
+     * 
      * @return mail content
      */
     public String getEmailContent(String form,
-        Hashtable<String, Object> tok2vals) {
+            Hashtable<String, Object> tok2vals) {
         mTok2vals = tok2vals;
 
         if (form == null) {
@@ -104,11 +106,11 @@ public class EmailFormProcessor implements IEmailFormProcessor {
          * first, take care of the escape characters '\'
          */
         StringTokenizer es = new StringTokenizer(form, TOK_ESC);
-		
+
         if (es.hasMoreTokens() && !form.startsWith(TOK_ESC)) {
             dollarProcess(es.nextToken());
         }
-		
+
         // rest of them start with '\'
         while (es.hasMoreTokens()) {
             String t = es.nextToken();
@@ -140,16 +142,16 @@ public class EmailFormProcessor implements IEmailFormProcessor {
         }
 
         /*
-         * all of the string tokens below begin with a '$'
-         * match it one by one with the mTok2vals table
+         * all of the string tokens below begin with a '$' match it one by one
+         * with the mTok2vals table
          */
         while (st.hasMoreTokens()) {
             String t = st.nextToken();
 
             /*
-             * We don't know when a token ends.  Compare with every
-             * token in the table for the first match.  Which means, a
-             * token name should not be a substring of any token name
+             * We don't know when a token ends. Compare with every token in the
+             * table for the first match. Which means, a token name should not
+             * be a substring of any token name
              */
             boolean matched = false;
             String tok = null;
@@ -183,7 +185,7 @@ public class EmailFormProcessor implements IEmailFormProcessor {
                     matched = true;
 
                     // replaced! bail out.
-                    break; 
+                    break;
                 }
             }
 
@@ -192,17 +194,17 @@ public class EmailFormProcessor implements IEmailFormProcessor {
 
                 // no match, put the token back, as is
                 // -- for bug 382162, don't remove the following line, in
-                //	 case John changes his mind for the better
-                //				mContent.add(TOK_PREFIX+t);
+                // case John changes his mind for the better
+                // mContent.add(TOK_PREFIX+t);
                 int tl = token_keys.length;
 
                 for (int i = 0; i < token_keys.length; i++) {
                     if (t.startsWith(token_keys[i])) {
-                        // match,  replace it with the TOK_VALUE_UNKNOWN
+                        // match, replace it with the TOK_VALUE_UNKNOWN
                         mContent.add(TOK_VALUE_UNKNOWN);
-					
+
                         // now, put the rest of the non-token string
-                        //						in mContent
+                        // in mContent
                         if (t.length() != token_keys[i].length()) {
                             mContent.add(t.substring(token_keys[i].length()));
                         }
@@ -228,7 +230,7 @@ public class EmailFormProcessor implements IEmailFormProcessor {
 
         // initialize content with first element
         if (e.hasMoreElements()) {
-            content =  e.nextElement();
+            content = e.nextElement();
         }
 
         while (e.hasMoreElements()) {
@@ -247,7 +249,6 @@ public class EmailFormProcessor implements IEmailFormProcessor {
         if (mLogger == null)
             return;
         mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_OTHER,
-            level, "EmailFormProcessor: " + msg);
+                level, "EmailFormProcessor: " + msg);
     }
 }
-
diff --git a/pki/base/common/src/com/netscape/cmscore/notification/EmailResolverKeys.java b/pki/base/common/src/com/netscape/cmscore/notification/EmailResolverKeys.java
index 909ec484..6f22c026 100644
--- a/pki/base/common/src/com/netscape/cmscore/notification/EmailResolverKeys.java
+++ b/pki/base/common/src/com/netscape/cmscore/notification/EmailResolverKeys.java
@@ -17,18 +17,16 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cmscore.notification;
 
-
 import java.util.Enumeration;
 import java.util.Hashtable;
 
 import com.netscape.certsrv.base.EBaseException;
 import com.netscape.certsrv.notification.IEmailResolverKeys;
 
-
 /**
  * Email resolver keys as input to email resolvers
  * <P>
- *
+ * 
  * @author cfu
  * @version $Revision$, $Date$
  */
@@ -45,11 +43,12 @@ public class EmailResolverKeys implements IEmailResolverKeys {
 
     /**
      * sets a key with key name and the key
+     * 
      * @param name key name
      * @param key key
      * @exception com.netscape.certsrv.base.EBaseException NullPointerException
      */
-    public void set(String name, Object key)throws EBaseException {
+    public void set(String name, Object key) throws EBaseException {
         try {
             mKeys.put(name, key);
         } catch (NullPointerException e) {
@@ -59,8 +58,8 @@ public class EmailResolverKeys implements IEmailResolverKeys {
     }
 
     /**
-     * returns the key to which the specified name is mapped in this
-     *	 key set
+     * returns the key to which the specified name is mapped in this key set
+     * 
      * @param name key name
      * @return the named email resolver key
      */
@@ -69,9 +68,9 @@ public class EmailResolverKeys implements IEmailResolverKeys {
     }
 
     /**
-     * removes the name and its corresponding key from this
-     *	 key set.  This method does nothing if the named
-     *	 key is not in the key set.
+     * removes the name and its corresponding key from this key set. This method
+     * does nothing if the named key is not in the key set.
+     * 
      * @param name key name
      */
     public void delete(String name) {
@@ -79,9 +78,9 @@ public class EmailResolverKeys implements IEmailResolverKeys {
     }
 
     /**
-     * returns an enumeration of the keys in this key
-     *	 set.  Use the Enumeration methods on the returned object to
-     *	 fetch the elements sequentially.
+     * returns an enumeration of the keys in this key set. Use the Enumeration
+     * methods on the returned object to fetch the elements sequentially.
+     * 
      * @return an enumeration of the values in this key set
      * @see java.util.Enumeration
      */
@@ -89,4 +88,3 @@ public class EmailResolverKeys implements IEmailResolverKeys {
         return (mKeys.elements());
     }
 }
-
diff --git a/pki/base/common/src/com/netscape/cmscore/notification/EmailTemplate.java b/pki/base/common/src/com/netscape/cmscore/notification/EmailTemplate.java
index 5c9e9ae0..ac25616c 100644
--- a/pki/base/common/src/com/netscape/cmscore/notification/EmailTemplate.java
+++ b/pki/base/common/src/com/netscape/cmscore/notification/EmailTemplate.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cmscore.notification;
 
-
 import java.io.BufferedReader;
 import java.io.File;
 import java.io.FileNotFoundException;
@@ -28,21 +27,21 @@ import com.netscape.certsrv.apps.CMS;
 import com.netscape.certsrv.logging.ILogger;
 import com.netscape.certsrv.notification.IEmailTemplate;
 
-
 /**
- * Files to be processed and returned to the requested parties. It
- * is a template with $tokens to be used by the form/template processor.
- *
- *
+ * Files to be processed and returned to the requested parties. It is a template
+ * with $tokens to be used by the form/template processor.
+ * 
+ * 
  * @author cfu
  * @version $Revision$, $Date$
  */
 
 public class EmailTemplate implements IEmailTemplate {
 
-    /*==========================================================
-     * variables
-     *==========================================================*/
+    /*
+     * ========================================================== variables
+     * ==========================================================
+     */
 
     /* private variables */
     private String mTemplateFile = new String();
@@ -51,27 +50,29 @@ public class EmailTemplate implements IEmailTemplate {
     /* public vaiables */
     public String mFileContents;
 
-    /*==========================================================
-     * constructors
-     *==========================================================*/
+    /*
+     * ========================================================== constructors
+     * ==========================================================
+     */
 
     /**
      * Default Constructor
-     *
+     * 
      * @param templateFile File name of the template including the full path and
-     *        file extension
+     *            file extension
      */
     public EmailTemplate(String templatePath) {
         mTemplateFile = templatePath;
     }
 
-    /*==========================================================
-     * public methods
-     *==========================================================*/
+    /*
+     * ========================================================== public methods
+     * ==========================================================
+     */
 
     /*
      * Load the template from the file
-     *
+     * 
      * @return true if successful
      */
     public boolean init() {
@@ -124,14 +125,14 @@ public class EmailTemplate implements IEmailTemplate {
         return mTemplateFile;
     }
 
-    /** 
+    /**
      * @return true if template is an html file, false otherwise
      */
     public boolean isHTML() {
         if (mTemplateFile.endsWith(".html") ||
-            mTemplateFile.endsWith(".HTML") ||
-            mTemplateFile.endsWith(".htm") ||
-            mTemplateFile.endsWith(".HTM"))
+                mTemplateFile.endsWith(".HTML") ||
+                mTemplateFile.endsWith(".htm") ||
+                mTemplateFile.endsWith(".HTM"))
             return true;
         else
             return false;
@@ -144,9 +145,10 @@ public class EmailTemplate implements IEmailTemplate {
         return mFileContents;
     }
 
-    /*==========================================================
-     * private methods
-     *==========================================================*/
+    /*
+     * ========================================================== private
+     * methods==========================================================
+     */
 
     /* load file into string */
     private String loadFile(FileReader input) {
@@ -178,7 +180,7 @@ public class EmailTemplate implements IEmailTemplate {
         if (mLogger == null)
             return;
         mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_OTHER,
-            level, msg);
+                level, msg);
     }
 
 }
diff --git a/pki/base/common/src/com/netscape/cmscore/notification/ReqCertEmailResolver.java b/pki/base/common/src/com/netscape/cmscore/notification/ReqCertEmailResolver.java
index 04dd9b5f..4c62fa1e 100644
--- a/pki/base/common/src/com/netscape/cmscore/notification/ReqCertEmailResolver.java
+++ b/pki/base/common/src/com/netscape/cmscore/notification/ReqCertEmailResolver.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cmscore.notification;
 
-
 import java.io.IOException;
 import java.security.cert.X509Certificate;
 
@@ -31,11 +30,11 @@ import com.netscape.certsrv.notification.IEmailResolver;
 import com.netscape.certsrv.notification.IEmailResolverKeys;
 import com.netscape.certsrv.request.IRequest;
 
-
 /**
- * An email resolver that first checks the request email, if none,
- * then follows by checking the subjectDN of the certificate
+ * An email resolver that first checks the request email, if none, then follows
+ * by checking the subjectDN of the certificate
  * <p>
+ * 
  * @author cfu
  * @version $Revision$, $Date$
  */
@@ -44,19 +43,21 @@ public class ReqCertEmailResolver implements IEmailResolver {
 
     public static final String KEY_REQUEST = "request";
     public static final String KEY_CERT = "cert";
+
     // required keys for this resolver to figure out the email address
-    //	protected static String[] mRequiredKeys = {KEY_REQUEST, KEY_CERT};
+    // protected static String[] mRequiredKeys = {KEY_REQUEST, KEY_CERT};
 
     public ReqCertEmailResolver() {
     }
 
     /**
-     * returns an email address by using the resolver keys.  The
-     *	 return value can possibly be null
+     * returns an email address by using the resolver keys. The return value can
+     * possibly be null
+     * 
      * @param keys list of keys used for resolving the email address
      */
-    public String getEmail(IEmailResolverKeys keys) 
-        throws EBaseException, ENotificationException {
+    public String getEmail(IEmailResolverKeys keys)
+            throws EBaseException, ENotificationException {
         IRequest req = (IRequest) keys.get(KEY_REQUEST);
 
         String mEmail = null;
@@ -84,14 +85,14 @@ public class ReqCertEmailResolver implements IEmailResolver {
         if (cert != null) {
             subjectDN =
                     (X500Name) cert.getSubjectDN();
-			
+
             try {
                 mEmail = subjectDN.getEmail();
             } catch (IOException e) {
                 System.out.println("X500Name getEmail failed");
-                throw new ENotificationException (
+                throw new ENotificationException(
                         CMS.getUserMessage("CMS_NOTIFICATION_EMAIL_RESOLVE_FAILED",
-                        subjectDN.toString()));
+                                subjectDN.toString()));
             }
         } else {
             log(ILogger.LL_INFO, "cert null in keys");
@@ -101,31 +102,31 @@ public class ReqCertEmailResolver implements IEmailResolver {
         if (mEmail == null) {
             if (cert != null) {
                 log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("CMSCORE_NOTIFY_NO_EMAIL", subjectDN.toString()));
+                        CMS.getLogMessage("CMSCORE_NOTIFY_NO_EMAIL", subjectDN.toString()));
                 CMS.debug(
-                    "no email resolved, throwing NotificationResources.EMAIL_RESOLVE_FAILED_1 for " +
-                    subjectDN.toString());
-                throw new ENotificationException (
+                        "no email resolved, throwing NotificationResources.EMAIL_RESOLVE_FAILED_1 for " +
+                                subjectDN.toString());
+                throw new ENotificationException(
                         CMS.getUserMessage("CMS_NOTIFICATION_EMAIL_RESOLVE_FAILED",
-                        "subjectDN= " + subjectDN.toString()));
+                                "subjectDN= " + subjectDN.toString()));
             } else if (req != null) {
                 log(ILogger.LL_FAILURE,
-                    "no email resolved for request id =" +
-                    req.getRequestId().toString());
+                        "no email resolved for request id =" +
+                                req.getRequestId().toString());
                 CMS.debug(
-                    "no email resolved, throwing NotificationResources.EMAIL_RESOLVE_FAILED_1 for request id =" +
-                    req.getRequestId().toString());
-                throw new ENotificationException (
+                        "no email resolved, throwing NotificationResources.EMAIL_RESOLVE_FAILED_1 for request id =" +
+                                req.getRequestId().toString());
+                throw new ENotificationException(
                         CMS.getUserMessage("CMS_NOTIFICATION_EMAIL_RESOLVE_FAILED",
-                        "requestId= " + req.getRequestId().toString()));
+                                "requestId= " + req.getRequestId().toString()));
             } else {
                 log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("CMSCORE_NOTIFY_NO_EMAIL_REQUEST"));
+                        CMS.getLogMessage("CMSCORE_NOTIFY_NO_EMAIL_REQUEST"));
                 CMS.debug(
-                    "no email resolved, throwing NotificationResources.EMAIL_RESOLVE_FAILED_1.  No request id or cert info found");
-                throw new ENotificationException (
+                        "no email resolved, throwing NotificationResources.EMAIL_RESOLVE_FAILED_1.  No request id or cert info found");
+                throw new ENotificationException(
                         CMS.getUserMessage("CMS_NOTIFICATION_EMAIL_RESOLVE_FAILED",
-                        ": No request id or cert info found"));
+                                ": No request id or cert info found"));
             }
         } else {
             log(ILogger.LL_INFO, "email resolved: " + mEmail);
@@ -136,18 +137,19 @@ public class ReqCertEmailResolver implements IEmailResolver {
 
     /**
      * Returns array of required keys for this email resolver
+     * 
      * @return Array of required keys.
      */
-    
-    /*	public String[] getRequiredKeys() {
-     return mRequiredKeys;
-     }*/
+
+    /*
+     * public String[] getRequiredKeys() { return mRequiredKeys; }
+     */
 
     private void log(int level, String msg) {
         if (mLogger == null)
             return;
         mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_OTHER,
-            level, "ReqCertEmailResolver: " + msg);
+                level, "ReqCertEmailResolver: " + msg);
     }
 
 }
diff --git a/pki/base/common/src/com/netscape/cmscore/notification/ReqCertSANameEmailResolver.java b/pki/base/common/src/com/netscape/cmscore/notification/ReqCertSANameEmailResolver.java
index 580c9e98..52eaeefd 100644
--- a/pki/base/common/src/com/netscape/cmscore/notification/ReqCertSANameEmailResolver.java
+++ b/pki/base/common/src/com/netscape/cmscore/notification/ReqCertSANameEmailResolver.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cmscore.notification;
 
-
 import java.io.IOException;
 import java.security.cert.CertificateException;
 import java.security.cert.CertificateParsingException;
@@ -43,12 +42,12 @@ import com.netscape.certsrv.notification.IEmailResolver;
 import com.netscape.certsrv.notification.IEmailResolverKeys;
 import com.netscape.certsrv.request.IRequest;
 
-
 /**
- * An email resolver that first checks the request email, if none,
- * then follows by checking the subjectDN of the certificate, if none,
- * then follows by checking the subjectalternatename extension
+ * An email resolver that first checks the request email, if none, then follows
+ * by checking the subjectDN of the certificate, if none, then follows by
+ * checking the subjectalternatename extension
  * <p>
+ * 
  * @author cfu
  * @version $Revision$, $Date$
  */
@@ -59,18 +58,19 @@ public class ReqCertSANameEmailResolver implements IEmailResolver {
     public static final String KEY_CERT = IEmailResolverKeys.KEY_CERT;
 
     // required keys for this resolver to figure out the email address
-    //	protected static String[] mRequiredKeys = {KEY_REQUEST, KEY_CERT};
+    // protected static String[] mRequiredKeys = {KEY_REQUEST, KEY_CERT};
 
     public ReqCertSANameEmailResolver() {
     }
 
     /**
-     * returns an email address by using the resolver keys.  The
-     *	 return value can possibly be null
+     * returns an email address by using the resolver keys. The return value can
+     * possibly be null
+     * 
      * @param keys list of keys used for resolving the email address
      */
-    public String getEmail(IEmailResolverKeys keys) 
-        throws EBaseException, ENotificationException {
+    public String getEmail(IEmailResolverKeys keys)
+            throws EBaseException, ENotificationException {
         IRequest req = (IRequest) keys.get(KEY_REQUEST);
 
         String mEmail = null;
@@ -102,30 +102,30 @@ public class ReqCertSANameEmailResolver implements IEmailResolver {
             ICertificateRepository certDB = ca.getCertificateRepository();
 
             cert = certDB.getX509Certificate(revCert.getSerialNumber());
-        }else
+        } else
             cert = (X509Certificate) request;
-        
+
         X500Name subjectDN = null;
 
         if (cert != null) {
             subjectDN =
                     (X500Name) cert.getSubjectDN();
-			
+
             try {
                 mEmail = subjectDN.getEmail();
                 if (mEmail != null) {
                     if (!mEmail.equals("")) {
                         log(ILogger.LL_INFO, "cert subjectDN E=" +
-                            mEmail);
+                                mEmail);
                     }
                 } else {
                     log(ILogger.LL_INFO, "no E component in subjectDN ");
                 }
             } catch (IOException e) {
                 System.out.println("X500Name getEmail failed");
-                throw new ENotificationException (
+                throw new ENotificationException(
                         CMS.getUserMessage("CMS_NOTIFICATION_EMAIL_RESOLVE_FAILED",
-                        subjectDN.toString()));
+                                subjectDN.toString()));
             }
 
             // try subjectalternatename
@@ -136,13 +136,13 @@ public class ReqCertSANameEmailResolver implements IEmailResolver {
                 try {
                     certInfo = (X509CertInfo)
                             ((X509CertImpl) cert).get(
-                                X509CertImpl.NAME + "." + X509CertImpl.INFO);
+                                    X509CertImpl.NAME + "." + X509CertImpl.INFO);
                 } catch (CertificateParsingException ex) {
                     log(ILogger.LL_FAILURE,
-                        CMS.getLogMessage("CMSCORE_NOTIFY_NO_CERTINFO"));
-                    throw new ENotificationException (
+                            CMS.getLogMessage("CMSCORE_NOTIFY_NO_CERTINFO"));
+                    throw new ENotificationException(
                             CMS.getUserMessage("CMS_NOTIFICATION_EMAIL_RESOLVE_FAILED",
-                            "subjectDN= " + subjectDN.toString()));
+                                    "subjectDN= " + subjectDN.toString()));
                 }
 
                 CertificateExtensions exts;
@@ -152,47 +152,46 @@ public class ReqCertSANameEmailResolver implements IEmailResolver {
                             certInfo.get(CertificateExtensions.NAME);
                 } catch (IOException e) {
                     log(ILogger.LL_FAILURE,
-                        CMS.getLogMessage("CMSCORE_NOTIFY_GET_EXT", e.toString()));
-                    throw new ENotificationException (
+                            CMS.getLogMessage("CMSCORE_NOTIFY_GET_EXT", e.toString()));
+                    throw new ENotificationException(
                             CMS.getUserMessage("CMS_NOTIFICATION_EMAIL_RESOLVE_FAILED",
-                            "subjectDN= " + subjectDN.toString()));
+                                    "subjectDN= " + subjectDN.toString()));
 
                 } catch (CertificateException e) {
                     log(ILogger.LL_FAILURE,
-                        CMS.getLogMessage("CMSCORE_NOTIFY_GET_EXT", e.toString()));
-                    throw new ENotificationException (
+                            CMS.getLogMessage("CMSCORE_NOTIFY_GET_EXT", e.toString()));
+                    throw new ENotificationException(
                             CMS.getUserMessage("CMS_NOTIFICATION_EMAIL_RESOLVE_FAILED",
-                            "subjectDN= " + subjectDN.toString()));
+                                    "subjectDN= " + subjectDN.toString()));
                 }
 
                 if (exts != null) {
                     SubjectAlternativeNameExtension ext;
 
                     try {
-                        ext = 
+                        ext =
                                 (SubjectAlternativeNameExtension)
                                 exts.get(SubjectAlternativeNameExtension.class.getSimpleName());
                     } catch (IOException e) {
                         log(ILogger.LL_FAILURE,
-                            CMS.getLogMessage("CMSCORE_NOTIFY_GET_EXT", e.toString()));
-                        throw new ENotificationException (
+                                CMS.getLogMessage("CMSCORE_NOTIFY_GET_EXT", e.toString()));
+                        throw new ENotificationException(
                                 CMS.getUserMessage("CMS_NOTIFICATION_EMAIL_RESOLVE_FAILED",
-                                "subjectDN= " + subjectDN.toString()));
-						
+                                        "subjectDN= " + subjectDN.toString()));
+
                     }
 
                     try {
                         if (ext != null) {
                             GeneralNames gn =
-                                (GeneralNames) ext.get(SubjectAlternativeNameExtension.SUBJECT_NAME);
+                                    (GeneralNames) ext.get(SubjectAlternativeNameExtension.SUBJECT_NAME);
 
                             Enumeration<GeneralNameInterface> e = gn.elements();
 
                             while (e.hasMoreElements()) {
-                                GeneralNameInterface gni =e.nextElement();
+                                GeneralNameInterface gni = e.nextElement();
 
-                                if (gni.getType() ==
-                                    GeneralNameInterface.NAME_RFC822) {
+                                if (gni.getType() == GeneralNameInterface.NAME_RFC822) {
                                     CMS.debug("got an subjectalternatename email");
 
                                     String nameString = gni.toString();
@@ -201,9 +200,9 @@ public class ReqCertSANameEmailResolver implements IEmailResolver {
                                     mEmail =
                                             nameString.substring(nameString.indexOf(' ') + 1);
                                     log(ILogger.LL_INFO,
-                                        "subjectalternatename email used:" +
-                                        mEmail);
-									
+                                            "subjectalternatename email used:" +
+                                                    mEmail);
+
                                     break;
                                 } else {
                                     CMS.debug("not an subjectalternatename email");
@@ -212,43 +211,43 @@ public class ReqCertSANameEmailResolver implements IEmailResolver {
                         }
                     } catch (IOException e) {
                         log(ILogger.LL_FAILURE,
-                            CMS.getLogMessage("CMSCORE_NOTIFY_SUBJECTALTNAME"));
+                                CMS.getLogMessage("CMSCORE_NOTIFY_SUBJECTALTNAME"));
                     }
                 }
             }
         } else {
             log(ILogger.LL_INFO, "cert null in keys");
         }
-    
+
         // log it
         if (mEmail == null) {
             if (cert != null) {
                 log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("CMSCORE_NOTIFY_NO_EMAIL", subjectDN.toString()));
+                        CMS.getLogMessage("CMSCORE_NOTIFY_NO_EMAIL", subjectDN.toString()));
                 CMS.debug(
-                    "no email resolved, throwing NotificationResources.EMAIL_RESOLVE_FAILED_1 for " +
-                    subjectDN.toString());
-                throw new ENotificationException (
+                        "no email resolved, throwing NotificationResources.EMAIL_RESOLVE_FAILED_1 for " +
+                                subjectDN.toString());
+                throw new ENotificationException(
                         CMS.getUserMessage("CMS_NOTIFICATION_EMAIL_RESOLVE_FAILED",
-                        "subjectDN= " + subjectDN.toString()));
+                                "subjectDN= " + subjectDN.toString()));
             } else if (req != null) {
                 log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("CMSCORE_NOTIFY_NO_EMAIL_ID",
-                        req.getRequestId().toString()));
+                        CMS.getLogMessage("CMSCORE_NOTIFY_NO_EMAIL_ID",
+                                req.getRequestId().toString()));
                 CMS.debug(
-                    "no email resolved, throwing NotificationResources.EMAIL_RESOLVE_FAILED_1 for request id =" +
-                    req.getRequestId().toString());
-                throw new ENotificationException (
+                        "no email resolved, throwing NotificationResources.EMAIL_RESOLVE_FAILED_1 for request id =" +
+                                req.getRequestId().toString());
+                throw new ENotificationException(
                         CMS.getUserMessage("CMS_NOTIFICATION_EMAIL_RESOLVE_FAILED",
-                        "requestId= " + req.getRequestId().toString()));
+                                "requestId= " + req.getRequestId().toString()));
             } else {
                 log(ILogger.LL_FAILURE,
-                    CMS.getLogMessage("CMSCORE_NOTIFY_NO_EMAIL_REQUEST"));
+                        CMS.getLogMessage("CMSCORE_NOTIFY_NO_EMAIL_REQUEST"));
                 CMS.debug(
-                    "no email resolved, throwing NotificationResources.EMAIL_RESOLVE_FAILED_1.  No request id or cert info found");
-                throw new ENotificationException (
+                        "no email resolved, throwing NotificationResources.EMAIL_RESOLVE_FAILED_1.  No request id or cert info found");
+                throw new ENotificationException(
                         CMS.getUserMessage("CMS_NOTIFICATION_EMAIL_RESOLVE_FAILED",
-                        ": No request id or cert info found"));
+                                ": No request id or cert info found"));
             }
         } else {
             log(ILogger.LL_INFO, "email resolved: " + mEmail);
@@ -259,18 +258,19 @@ public class ReqCertSANameEmailResolver implements IEmailResolver {
 
     /**
      * Returns array of required keys for this email resolver
+     * 
      * @return Array of required keys.
      */
-    
-    /*	public String[] getRequiredKeys() {
-     return mRequiredKeys;
-     }*/
+
+    /*
+     * public String[] getRequiredKeys() { return mRequiredKeys; }
+     */
 
     private void log(int level, String msg) {
         if (mLogger == null)
             return;
         mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_OTHER,
-            level, "ReqCertSANameEmailResolver: " + msg);
+                level, "ReqCertSANameEmailResolver: " + msg);
     }
 
 }
diff --git a/pki/base/common/src/com/netscape/cmscore/policy/AndExpression.java b/pki/base/common/src/com/netscape/cmscore/policy/AndExpression.java
index d58cfe13..974e2e86 100644
--- a/pki/base/common/src/com/netscape/cmscore/policy/AndExpression.java
+++ b/pki/base/common/src/com/netscape/cmscore/policy/AndExpression.java
@@ -17,31 +17,30 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cmscore.policy;
 
-
 import com.netscape.certsrv.policy.EPolicyException;
 import com.netscape.certsrv.policy.IExpression;
 import com.netscape.certsrv.request.IRequest;
 
-
 /**
- * This class represents an expression of the form
- * <var1 op val1 AND var2 op va2>.
- *
+ * This class represents an expression of the form <var1 op val1 AND var2 op
+ * va2>.
+ * 
  * Expressions are used as predicates for policy selection.
- *
+ * 
  * @author kanda
  * @version $Revision$, $Date$
  */
 public class AndExpression implements IExpression {
     private IExpression mExp1;
     private IExpression mExp2;
+
     public AndExpression(IExpression exp1, IExpression exp2) {
         mExp1 = exp1;
         mExp2 = exp2;
     }
 
     public boolean evaluate(IRequest req)
-        throws EPolicyException {
+            throws EPolicyException {
         // If an expression is missing we assume applicability.
         if (mExp1 == null && mExp2 == null)
             return true;
@@ -49,7 +48,8 @@ public class AndExpression implements IExpression {
             return mExp1.evaluate(req) && mExp2.evaluate(req);
         else if (mExp1 == null)
             return mExp2.evaluate(req);
-        else // (if mExp2 == null)
+        else
+            // (if mExp2 == null)
             return mExp1.evaluate(req);
     }
 
diff --git a/pki/base/common/src/com/netscape/cmscore/policy/GeneralNameUtil.java b/pki/base/common/src/com/netscape/cmscore/policy/GeneralNameUtil.java
index 4587bca6..561cf01d 100644
--- a/pki/base/common/src/com/netscape/cmscore/policy/GeneralNameUtil.java
+++ b/pki/base/common/src/com/netscape/cmscore/policy/GeneralNameUtil.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cmscore.policy;
 
-
 import java.io.ByteArrayInputStream;
 import java.io.IOException;
 import java.util.Enumeration;
@@ -50,23 +49,22 @@ import com.netscape.certsrv.policy.IGeneralNamesConfig;
 import com.netscape.certsrv.policy.ISubjAltNameConfig;
 import com.netscape.cmscore.util.Debug;
 
-
-/** 
- * Class that can be used to form general names from configuration file. 
- * Used by policies and extension commands.
+/**
+ * Class that can be used to form general names from configuration file. Used by
+ * policies and extension commands.
  */
 public class GeneralNameUtil implements IGeneralNameUtil {
 
     private static final String DOT = ".";
 
     /**
-     * GeneralName can be used in the context of Constraints. Examples
-     * are NameConstraints, CertificateScopeOfUse extensions. In such
-     * cases, IPAddress may contain netmask component.
+     * GeneralName can be used in the context of Constraints. Examples are
+     * NameConstraints, CertificateScopeOfUse extensions. In such cases,
+     * IPAddress may contain netmask component.
      */
-    static public GeneralName 
-    form_GeneralNameAsConstraints(String generalNameChoice, String value)
-        throws EBaseException {
+    static public GeneralName
+            form_GeneralNameAsConstraints(String generalNameChoice, String value)
+                    throws EBaseException {
         try {
             if (generalNameChoice.equalsIgnoreCase(GENNAME_CHOICE_IPADDRESS)) {
                 StringTokenizer st = new StringTokenizer(value, ",");
@@ -86,16 +84,17 @@ public class GeneralNameUtil implements IGeneralNameUtil {
     }
 
     /**
-     * Form a General Name from a General Name choice and value.
-     * The General Name choice must be one of the General Name Choice Strings 
-     * defined in this class.
-     * @param generalNameChoice General Name choice. Must be one of the General 
-     * Name choices defined in this class.
+     * Form a General Name from a General Name choice and value. The General
+     * Name choice must be one of the General Name Choice Strings defined in
+     * this class.
+     * 
+     * @param generalNameChoice General Name choice. Must be one of the General
+     *            Name choices defined in this class.
      * @param value String value of the general name to form.
      */
-    static public GeneralName 
-    form_GeneralName(String generalNameChoice, String value)
-        throws EBaseException {
+    static public GeneralName
+            form_GeneralName(String generalNameChoice, String value)
+                    throws EBaseException {
         GeneralNameInterface generalNameI = null;
         DerValue derVal = null;
         GeneralName generalName = null;
@@ -112,10 +111,12 @@ public class GeneralNameUtil implements IGeneralNameUtil {
             } else if (generalNameChoice.equalsIgnoreCase(GENNAME_CHOICE_DNSNAME)) {
                 generalNameI = new DNSName(value);
                 Debug.trace("dnsName formed");
-            } /** not supported -- no sun class 
-             else if (generalNameChoice.equalsIgnoreCase(GENNAME_CHOICE_X400ADDRESS)) {
-             }
-             **/ else if (generalNameChoice.equalsIgnoreCase(GENNAME_CHOICE_DIRECTORYNAME)) {
+            }/**
+             * not supported -- no sun class else if
+             * (generalNameChoice.equalsIgnoreCase(GENNAME_CHOICE_X400ADDRESS))
+             * { }
+             **/
+            else if (generalNameChoice.equalsIgnoreCase(GENNAME_CHOICE_DIRECTORYNAME)) {
                 generalNameI = new X500Name(value);
                 Debug.trace("X500Name formed");
             } else if (generalNameChoice.equalsIgnoreCase(GENNAME_CHOICE_EDIPARTYNAME)) {
@@ -135,35 +136,38 @@ public class GeneralNameUtil implements IGeneralNameUtil {
                 } catch (Exception e) {
                     throw new EBaseException(
                             CMS.getUserMessage("CMS_BASE_INVALID_VALUE_FOR_TYPE",
-                                generalNameChoice,
-                                "value must be a valid OID in the form n.n.n.n"));
+                                    generalNameChoice,
+                                    "value must be a valid OID in the form n.n.n.n"));
                 }
                 generalNameI = new OIDName(oid);
                 Debug.trace("oidname formed");
             } else {
                 throw new EBaseException(
                         CMS.getUserMessage("CMS_BASE_INVALID_ATTR_VALUE",
-                            new String[] { 
-                                PROP_GENNAME_CHOICE,
-                                "value must be one of: " +
-                                GENNAME_CHOICE_OTHERNAME + ", " +
-                                GENNAME_CHOICE_RFC822NAME + ", " +
-                                GENNAME_CHOICE_DNSNAME + ", " +
-                            
-                                /* GENNAME_CHOICE_X400ADDRESS +", "+ */
-                                GENNAME_CHOICE_DIRECTORYNAME + ", " +
-                                GENNAME_CHOICE_EDIPARTYNAME + ", " +
-                                GENNAME_CHOICE_URL + ", " +
-                                GENNAME_CHOICE_IPADDRESS + ", or " +
-                                GENNAME_CHOICE_REGISTEREDID + "."
+                                new String[] {
+                                        PROP_GENNAME_CHOICE,
+                                        "value must be one of: " +
+                                                GENNAME_CHOICE_OTHERNAME + ", " +
+                                                GENNAME_CHOICE_RFC822NAME + ", " +
+                                                GENNAME_CHOICE_DNSNAME + ", " +
+
+                                                /*
+                                                 * GENNAME_CHOICE_X400ADDRESS
+                                                 * +", "+
+                                                 */
+                                                GENNAME_CHOICE_DIRECTORYNAME + ", " +
+                                                GENNAME_CHOICE_EDIPARTYNAME + ", " +
+                                                GENNAME_CHOICE_URL + ", " +
+                                                GENNAME_CHOICE_IPADDRESS + ", or " +
+                                                GENNAME_CHOICE_REGISTEREDID + "."
                             }
-                        ));
+                                ));
             }
         } catch (IOException e) {
             Debug.printStackTrace(e);
             throw new EBaseException(
                     CMS.getUserMessage("CMS_BASE_INVALID_VALUE_FOR_TYPE",
-                        generalNameChoice, e.toString()));
+                            generalNameChoice, e.toString()));
         } catch (InvalidIPAddressException e) {
             Debug.printStackTrace(e);
             throw new EBaseException(CMS.getUserMessage("CMS_BASE_INVALID_IP_ADDR", value));
@@ -187,62 +191,64 @@ public class GeneralNameUtil implements IGeneralNameUtil {
     }
 
     /**
-     * Checks if given string is a valid General Name choice and returns 
-     * the actual string that can be passed into form_GeneralName().
+     * Checks if given string is a valid General Name choice and returns the
+     * actual string that can be passed into form_GeneralName().
+     * 
      * @param generalNameChoice a General Name choice string.
-     * @return one of General Name choices defined in this class that can be 
-     * passed into form_GeneralName().
+     * @return one of General Name choices defined in this class that can be
+     *         passed into form_GeneralName().
      */
-    static public String check_GeneralNameChoice(String generalNameChoice) 
-        throws EBaseException {
+    static public String check_GeneralNameChoice(String generalNameChoice)
+            throws EBaseException {
         String theGeneralNameChoice = null;
 
-        if (generalNameChoice.equalsIgnoreCase(GENNAME_CHOICE_OTHERNAME)) 
+        if (generalNameChoice.equalsIgnoreCase(GENNAME_CHOICE_OTHERNAME))
             theGeneralNameChoice = GENNAME_CHOICE_OTHERNAME;
-        else if (generalNameChoice.equalsIgnoreCase(GENNAME_CHOICE_RFC822NAME)) 
+        else if (generalNameChoice.equalsIgnoreCase(GENNAME_CHOICE_RFC822NAME))
             theGeneralNameChoice = GENNAME_CHOICE_RFC822NAME;
-        else if (generalNameChoice.equalsIgnoreCase(GENNAME_CHOICE_DNSNAME)) 
+        else if (generalNameChoice.equalsIgnoreCase(GENNAME_CHOICE_DNSNAME))
             theGeneralNameChoice = GENNAME_CHOICE_DNSNAME;
 
-            /* X400Address not supported.
-             else if (generalNameChoice.equalsIgnoreCase(GENNAME_CHOICE_X400ADDRESS)) 
-             theGeneralNameChoice = GENNAME_CHOICE_X400ADDRESS;
-             */
-        else if (generalNameChoice.equalsIgnoreCase(GENNAME_CHOICE_DIRECTORYNAME)) 
+        /*
+         * X400Address not supported. else if
+         * (generalNameChoice.equalsIgnoreCase(GENNAME_CHOICE_X400ADDRESS))
+         * theGeneralNameChoice = GENNAME_CHOICE_X400ADDRESS;
+         */
+        else if (generalNameChoice.equalsIgnoreCase(GENNAME_CHOICE_DIRECTORYNAME))
             theGeneralNameChoice = GENNAME_CHOICE_DIRECTORYNAME;
-        else if (generalNameChoice.equalsIgnoreCase(GENNAME_CHOICE_EDIPARTYNAME)) 
+        else if (generalNameChoice.equalsIgnoreCase(GENNAME_CHOICE_EDIPARTYNAME))
             theGeneralNameChoice = GENNAME_CHOICE_EDIPARTYNAME;
-        else if (generalNameChoice.equalsIgnoreCase(GENNAME_CHOICE_URL)) 
+        else if (generalNameChoice.equalsIgnoreCase(GENNAME_CHOICE_URL))
             theGeneralNameChoice = GENNAME_CHOICE_URL;
-        else if (generalNameChoice.equalsIgnoreCase(GENNAME_CHOICE_IPADDRESS)) 
+        else if (generalNameChoice.equalsIgnoreCase(GENNAME_CHOICE_IPADDRESS))
             theGeneralNameChoice = GENNAME_CHOICE_IPADDRESS;
-        else if (generalNameChoice.equalsIgnoreCase(GENNAME_CHOICE_REGISTEREDID)) 
+        else if (generalNameChoice.equalsIgnoreCase(GENNAME_CHOICE_REGISTEREDID))
             theGeneralNameChoice = GENNAME_CHOICE_REGISTEREDID;
         else {
             throw new EBaseException(
                     CMS.getUserMessage("CMS_BASE_INVALID_ATTR_VALUE",
-                        new String[] { 
-                            PROP_GENNAME_CHOICE + "=" + generalNameChoice,
-                            "value must be one of: " +
-                            GENNAME_CHOICE_OTHERNAME + ", " +
-                            GENNAME_CHOICE_RFC822NAME + ", " +
-                            GENNAME_CHOICE_DNSNAME + ", " +
-                        
-                            /* GENNAME_CHOICE_X400ADDRESS +", "+ */
-                            GENNAME_CHOICE_DIRECTORYNAME + ", " +
-                            GENNAME_CHOICE_EDIPARTYNAME + ", " +
-                            GENNAME_CHOICE_URL + ", " +
-                            GENNAME_CHOICE_IPADDRESS + ", " +
-                            GENNAME_CHOICE_REGISTEREDID + "."
+                            new String[] {
+                                    PROP_GENNAME_CHOICE + "=" + generalNameChoice,
+                                    "value must be one of: " +
+                                            GENNAME_CHOICE_OTHERNAME + ", " +
+                                            GENNAME_CHOICE_RFC822NAME + ", " +
+                                            GENNAME_CHOICE_DNSNAME + ", " +
+
+                                            /* GENNAME_CHOICE_X400ADDRESS +", "+ */
+                                            GENNAME_CHOICE_DIRECTORYNAME + ", " +
+                                            GENNAME_CHOICE_EDIPARTYNAME + ", " +
+                                            GENNAME_CHOICE_URL + ", " +
+                                            GENNAME_CHOICE_IPADDRESS + ", " +
+                                            GENNAME_CHOICE_REGISTEREDID + "."
                         }
-                    ));
+                            ));
         }
         return theGeneralNameChoice;
     }
 
     static public class GeneralNamesConfig implements IGeneralNamesConfig {
         public String mName = null; // substore name of config if any.
-        public GeneralNameConfig[] mGenNameConfigs = null; 
+        public GeneralNameConfig[] mGenNameConfigs = null;
         public IConfigStore mConfig = null;
         public boolean mIsValueConfigured = true;
         public boolean mIsPolicyEnabled = true;
@@ -252,17 +258,17 @@ public class GeneralNameUtil implements IGeneralNameUtil {
         private String mNameDotGeneralName = mName + DOT + PROP_GENERALNAME;
 
         public GeneralNamesConfig(
-            String name, 
-            IConfigStore config, 
-            boolean isValueConfigured,
-            boolean isPolicyEnabled)
-            throws EBaseException {
+                String name,
+                IConfigStore config,
+                boolean isValueConfigured,
+                boolean isPolicyEnabled)
+                throws EBaseException {
             mIsValueConfigured = isValueConfigured;
             mIsPolicyEnabled = isPolicyEnabled;
             mName = name;
-            if (mName != null) 
+            if (mName != null)
                 mNameDotGeneralName = mName + DOT + PROP_GENERALNAME;
-            else 
+            else
                 mNameDotGeneralName = PROP_GENERALNAME;
             mConfig = config;
 
@@ -271,19 +277,19 @@ public class GeneralNameUtil implements IGeneralNameUtil {
             if (numGNs < 0) {
                 throw new EBaseException(
                         CMS.getUserMessage("CMS_BASE_INVALID_ATTR_VALUE",
-                            new String[] { 
-                                PROP_NUM_GENERALNAMES + "=" + numGNs, 
-                                "value must be greater than or equal to 0."}
-                        ));
+                                new String[] {
+                                        PROP_NUM_GENERALNAMES + "=" + numGNs,
+                                        "value must be greater than or equal to 0." }
+                                ));
             }
             mGenNameConfigs = new GeneralNameConfig[numGNs];
             for (int i = 0; i < numGNs; i++) {
                 String storeName = mNameDotGeneralName + i;
 
-                mGenNameConfigs[i] = 
+                mGenNameConfigs[i] =
                         newGeneralNameConfig(
-                            storeName, mConfig.getSubStore(storeName), 
-                            mIsValueConfigured, mIsPolicyEnabled);
+                                storeName, mConfig.getSubStore(storeName),
+                                mIsValueConfigured, mIsPolicyEnabled);
             }
 
             if (mIsValueConfigured && mIsPolicyEnabled) {
@@ -299,9 +305,9 @@ public class GeneralNameUtil implements IGeneralNameUtil {
         }
 
         protected GeneralNameConfig newGeneralNameConfig(
-            String name, IConfigStore config, 
-            boolean isValueConfigured, boolean isPolicyEnabled) 
-            throws EBaseException {
+                String name, IConfigStore config,
+                boolean isValueConfigured, boolean isPolicyEnabled)
+                throws EBaseException {
             return new GeneralNameConfig(
                     name, config, isValueConfigured, isPolicyEnabled);
         }
@@ -334,20 +340,20 @@ public class GeneralNameUtil implements IGeneralNameUtil {
             return mDefNumGenNames;
         }
 
-        /** 
-         * adds params to default 
+        /**
+         * adds params to default
          */
         public static void getDefaultParams(
-            String name, boolean isValueConfigured, Vector<String> params) {
+                String name, boolean isValueConfigured, Vector<String> params) {
             String nameDot = "";
 
-            if (name != null) 
+            if (name != null)
                 nameDot = name + DOT;
             params.addElement(
-                nameDot + PROP_NUM_GENERALNAMES + '=' + DEF_NUM_GENERALNAMES);
+                    nameDot + PROP_NUM_GENERALNAMES + '=' + DEF_NUM_GENERALNAMES);
             for (int i = 0; i < DEF_NUM_GENERALNAMES; i++) {
                 GeneralNameConfig.getDefaultParams(
-                    nameDot + PROP_GENERALNAME + i, isValueConfigured, params);
+                        nameDot + PROP_GENERALNAME + i, isValueConfigured, params);
             }
         }
 
@@ -356,7 +362,7 @@ public class GeneralNameUtil implements IGeneralNameUtil {
          */
         public void getInstanceParams(Vector<String> params) {
             params.addElement(
-                PROP_NUM_GENERALNAMES + '=' + mGenNameConfigs.length);
+                    PROP_NUM_GENERALNAMES + '=' + mGenNameConfigs.length);
             for (int i = 0; i < mGenNameConfigs.length; i++) {
                 mGenNameConfigs[i].getInstanceParams(params);
             }
@@ -366,7 +372,7 @@ public class GeneralNameUtil implements IGeneralNameUtil {
          * Get extended plugin info.
          */
         public static void getExtendedPluginInfo(
-            String name, boolean isValueConfigured, Vector<String> info) {
+                String name, boolean isValueConfigured, Vector<String> info) {
             String nameDot = "";
 
             if (name != null && name.length() > 0)
@@ -374,33 +380,31 @@ public class GeneralNameUtil implements IGeneralNameUtil {
             info.addElement(PROP_NUM_GENERALNAMES + ";" + NUM_GENERALNAMES_INFO);
             for (int i = 0; i < DEF_NUM_GENERALNAMES; i++) {
                 GeneralNameConfig.getExtendedPluginInfo(
-                    nameDot + PROP_GENERALNAME + i, isValueConfigured, info);
+                        nameDot + PROP_GENERALNAME + i, isValueConfigured, info);
             }
         }
 
     }
 
-
     static public class GeneralNamesAsConstraintsConfig extends GeneralNamesConfig implements IGeneralNamesAsConstraintsConfig {
         public GeneralNamesAsConstraintsConfig(
-            String name, 
-            IConfigStore config, 
-            boolean isValueConfigured,
-            boolean isPolicyEnabled)
-            throws EBaseException {
+                String name,
+                IConfigStore config,
+                boolean isValueConfigured,
+                boolean isPolicyEnabled)
+                throws EBaseException {
             super(name, config, isValueConfigured, isPolicyEnabled);
         }
 
         protected GeneralNameConfig newGeneralNameConfig(
-            String name, IConfigStore config, 
-            boolean isValueConfigured, boolean isPolicyEnabled) 
-            throws EBaseException {
-            return new GeneralNameAsConstraintsConfig(name, config, 
+                String name, IConfigStore config,
+                boolean isValueConfigured, boolean isPolicyEnabled)
+                throws EBaseException {
+            return new GeneralNameAsConstraintsConfig(name, config,
                     isValueConfigured, isPolicyEnabled);
         }
     }
 
-
     /**
      * convenience class for policies use.
      */
@@ -418,11 +422,11 @@ public class GeneralNameUtil implements IGeneralNameUtil {
         public String mNameDotValue = null;
 
         public GeneralNameConfig(
-            String name, 
-            IConfigStore config, 
-            boolean isValueConfigured, 
-            boolean isPolicyEnabled) 
-            throws EBaseException {
+                String name,
+                IConfigStore config,
+                boolean isValueConfigured,
+                boolean isPolicyEnabled)
+                throws EBaseException {
             mIsValueConfigured = isValueConfigured;
             mIsPolicyEnabled = isPolicyEnabled;
             mName = name;
@@ -461,7 +465,7 @@ public class GeneralNameUtil implements IGeneralNameUtil {
                     mGeneralName = formGeneralName(mGenNameChoice, mValue);
                 } else {
                     mValue = mConfig.getString(PROP_GENNAME_VALUE, "");
-                    if (mValue != null && mValue.length() > 0) 
+                    if (mValue != null && mValue.length() > 0)
                         mGeneralName = formGeneralName(mGenNameChoice, mValue);
                 }
             }
@@ -470,23 +474,23 @@ public class GeneralNameUtil implements IGeneralNameUtil {
         /**
          * Form a general name from the value string.
          */
-        public GeneralName formGeneralName(String value) 
-            throws EBaseException {
+        public GeneralName formGeneralName(String value)
+                throws EBaseException {
             return formGeneralName(mGenNameChoice, value);
         }
 
-        public GeneralName formGeneralName(String choice, String value) 
-            throws EBaseException {
+        public GeneralName formGeneralName(String choice, String value)
+                throws EBaseException {
             return form_GeneralName(choice, value);
         }
 
-        /** 
-         * @return a vector of General names from a value that can be 
-         * either a Vector of strings, string array or just a string.
-         * Returned Vector can be null if value is not of expected type.
+        /**
+         * @return a vector of General names from a value that can be either a
+         *         Vector of strings, string array or just a string. Returned
+         *         Vector can be null if value is not of expected type.
          */
-        public Vector<GeneralName> formGeneralNames(Object value) 
-            throws EBaseException {
+        public Vector<GeneralName> formGeneralNames(Object value)
+                throws EBaseException {
             Vector<GeneralName> gns = new Vector<GeneralName>();
             GeneralName gn = null;
 
@@ -513,7 +517,7 @@ public class GeneralNameUtil implements IGeneralNameUtil {
                     Object val = n.nextElement();
 
                     if (val != null && (val instanceof String) &&
-                        ((String) (val = ((String) val).trim())).length() > 0) {
+                            ((String) (val = ((String) val).trim())).length() > 0) {
                         gn = formGeneralName(mGenNameChoice, (String) val);
                         gns.addElement(gn);
                     }
@@ -539,10 +543,7 @@ public class GeneralNameUtil implements IGeneralNameUtil {
         }
 
         /*
-         public GeneralNameInterface getGeneralName() {
-         return mGeneralName;
-         }
-
+         * public GeneralNameInterface getGeneralName() { return mGeneralName; }
          */
         public boolean isValueConfigured() {
             return mIsValueConfigured;
@@ -553,7 +554,7 @@ public class GeneralNameUtil implements IGeneralNameUtil {
          */
 
         public static void getDefaultParams(
-            String name, boolean isValueConfigured, Vector<String> params) {
+                String name, boolean isValueConfigured, Vector<String> params) {
             String nameDot = "";
 
             if (name != null)
@@ -565,14 +566,14 @@ public class GeneralNameUtil implements IGeneralNameUtil {
         }
 
         /**
-         * Get instance params 
+         * Get instance params
          */
         public void getInstanceParams(Vector<String> params) {
             String value = (mValue == null) ? "" : mValue;
             String choice = (mGenNameChoice == null) ? "" : mGenNameChoice;
 
             params.addElement(mNameDotChoice + "=" + choice);
-            if (mIsValueConfigured) 
+            if (mIsValueConfigured)
                 params.addElement(mNameDotValue + "=" + value);
         }
 
@@ -580,31 +581,30 @@ public class GeneralNameUtil implements IGeneralNameUtil {
          * Get extended plugin info
          */
         public static void getExtendedPluginInfo(
-            String name, boolean isValueConfigured, Vector<String> info) {
+                String name, boolean isValueConfigured, Vector<String> info) {
             String nameDot = "";
 
-            if (name != null && name.length() > 0) 
+            if (name != null && name.length() > 0)
                 nameDot = name + ".";
             info.addElement(
-                nameDot + PROP_GENNAME_CHOICE + ";" + GENNAME_CHOICE_INFO);
-            if (isValueConfigured) 
+                    nameDot + PROP_GENNAME_CHOICE + ";" + GENNAME_CHOICE_INFO);
+            if (isValueConfigured)
                 info.addElement(
-                    nameDot + PROP_GENNAME_VALUE + ";" + GENNAME_VALUE_INFO);
+                        nameDot + PROP_GENNAME_VALUE + ";" + GENNAME_VALUE_INFO);
         }
     }
 
-
     /**
      * convenience class for policies use.
      */
     static public class GeneralNameAsConstraintsConfig extends GeneralNameConfig implements IGeneralNameAsConstraintsConfig {
-		
+
         public GeneralNameAsConstraintsConfig(
-            String name,
-            IConfigStore config,
-            boolean isValueConfigured,
-            boolean isPolicyEnabled)
-            throws EBaseException {
+                String name,
+                IConfigStore config,
+                boolean isValueConfigured,
+                boolean isPolicyEnabled)
+                throws EBaseException {
             super(name, config, isValueConfigured, isPolicyEnabled);
         }
 
@@ -615,18 +615,17 @@ public class GeneralNameUtil implements IGeneralNameUtil {
         /**
          * Form a general name from the value string.
          */
-        public GeneralName formGeneralName(String choice, String value) 
-            throws EBaseException {
+        public GeneralName formGeneralName(String choice, String value)
+                throws EBaseException {
             return form_GeneralNameAsConstraints(choice, value);
         }
     }
 
-
     public static class SubjAltNameGN extends GeneralNameUtil.GeneralNameConfig implements ISubjAltNameConfig {
         static final String REQUEST_ATTR_INFO =
-            "string;Request attribute name. " +
-            "The value of the request attribute will be used to form a " +
-            "General Name in the Subject Alternative Name extension.";
+                "string;Request attribute name. " +
+                        "The value of the request attribute will be used to form a " +
+                        "General Name in the Subject Alternative Name extension.";
 
         static final String PROP_REQUEST_ATTR = "requestAttr";
 
@@ -635,8 +634,8 @@ public class GeneralNameUtil implements IGeneralNameUtil {
         String mAttr = null;
 
         public SubjAltNameGN(
-            String name, IConfigStore config, boolean isPolicyEnabled)
-            throws EBaseException {
+                String name, IConfigStore config, boolean isPolicyEnabled)
+                throws EBaseException {
             super(name, config, false, isPolicyEnabled);
 
             mRequestAttr = mConfig.getString(PROP_REQUEST_ATTR, null);
@@ -645,7 +644,7 @@ public class GeneralNameUtil implements IGeneralNameUtil {
                 mRequestAttr = "";
             }
             if (isPolicyEnabled && mRequestAttr.length() == 0) {
-                throw new EPropertyNotFound(CMS.getUserMessage("CMS_BASE_GET_PROPERTY_FAILED", 
+                throw new EPropertyNotFound(CMS.getUserMessage("CMS_BASE_GET_PROPERTY_FAILED",
                             mConfig.getName() + "." + PROP_REQUEST_ATTR));
             }
             int x = mRequestAttr.indexOf('.');
diff --git a/pki/base/common/src/com/netscape/cmscore/policy/GenericPolicyProcessor.java b/pki/base/common/src/com/netscape/cmscore/policy/GenericPolicyProcessor.java
index 2b4d012c..ea4fd499 100644
--- a/pki/base/common/src/com/netscape/cmscore/policy/GenericPolicyProcessor.java
+++ b/pki/base/common/src/com/netscape/cmscore/policy/GenericPolicyProcessor.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cmscore.policy;
 
-
 import java.util.Enumeration;
 import java.util.Hashtable;
 import java.util.StringTokenizer;
@@ -48,20 +47,17 @@ import com.netscape.cmscore.request.ARequestQueue;
 import com.netscape.cmscore.util.AssertionException;
 import com.netscape.cmscore.util.Debug;
 
-
 /**
- * This is a Generic policy processor. The three main functions of
- * this class are:
- *  1. To initialize policies by reading policy configuration from the
- *     config file, and maintain 5 sets of policies - viz Enrollment,
- *      Renewal, Revocation and KeyRecovery and KeyArchival.
- *  2. To apply the configured policies on the given request.
- *  3. To enable policy listing/configuration via MCC console.
- *
- * Since the policy processor also implements the IPolicy interface
- * the processor itself presents itself as one big policy to the
- * request processor.
- *
+ * This is a Generic policy processor. The three main functions of this class
+ * are: 1. To initialize policies by reading policy configuration from the
+ * config file, and maintain 5 sets of policies - viz Enrollment, Renewal,
+ * Revocation and KeyRecovery and KeyArchival. 2. To apply the configured
+ * policies on the given request. 3. To enable policy listing/configuration via
+ * MCC console.
+ * 
+ * Since the policy processor also implements the IPolicy interface the
+ * processor itself presents itself as one big policy to the request processor.
+ * 
  * @author kanda
  * @version $Revision$, $Date$
  */
@@ -71,12 +67,12 @@ public class GenericPolicyProcessor implements IPolicyProcessor {
     protected IAuthority mAuthority = null;
 
     // Default System Policies
-    public final static String[] DEF_POLICIES = 
-        {"com.netscape.cms.policy.constraints.ManualAuthentication"};
+    public final static String[] DEF_POLICIES =
+        { "com.netscape.cms.policy.constraints.ManualAuthentication" };
 
     // Policies that can't be deleted nor disabled.
     public final static Hashtable<String, IExpression> DEF_UNDELETABLE_POLICIES =
-        new Hashtable<String, IExpression>();
+            new Hashtable<String, IExpression>();
 
     private String mId = "Policy";
     private Vector<String> mPolicyOrder = new Vector<String>();
@@ -125,9 +121,9 @@ public class GenericPolicyProcessor implements IPolicyProcessor {
     }
 
     /**
-     * Returns  the configuration store.
+     * Returns the configuration store.
      * <P>
-     *
+     * 
      * @return configuration store
      */
     public IConfigStore getConfigStore() {
@@ -137,24 +133,24 @@ public class GenericPolicyProcessor implements IPolicyProcessor {
     /**
      * Initializes the PolicyProcessor
      * <P>
-     *
+     * 
      * @param owner owner of this subsystem
      * @param config configuration of this subsystem
      * @exception EBaseException failed to initialize this Subsystem.
      */
     public synchronized void init(ISubsystem owner, IConfigStore config)
-        throws EBaseException {
+            throws EBaseException {
         // Debug.trace("GenericPolicyProcessor::init");
         CMS.debug("GenericPolicyProcessor::init begins");
         mAuthority = (IAuthority) owner;
         mConfig = config;
-        mGlobalStore = 
+        mGlobalStore =
                 SubsystemRegistry.getInstance().get("MAIN").getConfigStore();
 
         try {
             IConfigStore configStore = CMS.getConfigStore();
-            String PKI_Subsystem = configStore.getString( "subsystem.0.id",
-                                                          null );
+            String PKI_Subsystem = configStore.getString("subsystem.0.id",
+                                                          null);
 
             // CMS 6.1 began utilizing the "Certificate Profiles" framework
             // instead of the legacy "Certificate Policies" framework.
@@ -164,34 +160,34 @@ public class GenericPolicyProcessor implements IPolicyProcessor {
             // that this legacy "Certificate Policies" framework would be
             // deprecated and disabled by default (see Bugzilla Bug #472597).
             //
-            // NOTE:  The "Certificate Policies" framework ONLY applied to
-            //        to CA, KRA, and legacy RA (pre-CMS 7.0) subsystems.
+            // NOTE: The "Certificate Policies" framework ONLY applied to
+            // to CA, KRA, and legacy RA (pre-CMS 7.0) subsystems.
             //
-            if( PKI_Subsystem.trim().equalsIgnoreCase( "ca" ) ||
-                PKI_Subsystem.trim().equalsIgnoreCase( "kra" ) ) {
+            if (PKI_Subsystem.trim().equalsIgnoreCase("ca") ||
+                    PKI_Subsystem.trim().equalsIgnoreCase("kra")) {
                 String policyStatus = PKI_Subsystem.trim().toLowerCase()
                                     + "." + "Policy"
                                     + "." + IPolicyProcessor.PROP_ENABLE;
 
-                if( configStore.getBoolean( policyStatus, true ) == true ) {
-                    // NOTE:  If "<subsystem>.Policy.enable=<boolean>" is
-                    //        missing, then the referenced instance existed
-                    //        prior to this name=value pair existing in its
-                    //        'CS.cfg' file, and thus we err on the
-                    //        side that the user may still need to
-                    //        use the policy framework.
-                    CMS.debug( "GenericPolicyProcessor::init Certificate "
+                if (configStore.getBoolean(policyStatus, true) == true) {
+                    // NOTE: If "<subsystem>.Policy.enable=<boolean>" is
+                    // missing, then the referenced instance existed
+                    // prior to this name=value pair existing in its
+                    // 'CS.cfg' file, and thus we err on the
+                    // side that the user may still need to
+                    // use the policy framework.
+                    CMS.debug("GenericPolicyProcessor::init Certificate "
                              + "Policy Framework (deprecated) "
-                             + "is ENABLED" );
+                             + "is ENABLED");
                 } else {
-                    // CS 8.1 Default:  <subsystem>.Policy.enable=false
-                    CMS.debug( "GenericPolicyProcessor::init Certificate "
+                    // CS 8.1 Default: <subsystem>.Policy.enable=false
+                    CMS.debug("GenericPolicyProcessor::init Certificate "
                              + "Policy Framework (deprecated) "
-                             + "is DISABLED" );
+                             + "is DISABLED");
                     return;
                 }
             }
-        } catch( EBaseException e ) {
+        } catch (EBaseException e) {
             throw e;
         }
 
@@ -225,16 +221,16 @@ public class GenericPolicyProcessor implements IPolicyProcessor {
                 throw new EPolicyException(
                         CMS.getUserMessage("CMS_POLICY_SYSTEM_POLICY_CONFIG_ERROR", clPath));
 
-                // Verify if the class is a valid implementation of
-                // IPolicyRule
+            // Verify if the class is a valid implementation of
+            // IPolicyRule
             try {
                 Object o = Class.forName(clPath).newInstance();
 
                 if (!(o instanceof IEnrollmentPolicy) &&
-                    !(o instanceof IRenewalPolicy) &&
-                    !(o instanceof IRevocationPolicy) &&
-                    !(o instanceof IKeyRecoveryPolicy) &&
-                    !(o instanceof IKeyArchivalPolicy))
+                        !(o instanceof IRenewalPolicy) &&
+                        !(o instanceof IRevocationPolicy) &&
+                        !(o instanceof IKeyRecoveryPolicy) &&
+                        !(o instanceof IKeyArchivalPolicy))
                     throw new EPolicyException(
                             CMS.getUserMessage("CMS_POLICY_INVALID_POLICY_IMPL", clPath));
             } catch (EBaseException e) {
@@ -247,7 +243,7 @@ public class GenericPolicyProcessor implements IPolicyProcessor {
 
             // Register the implementation.
             RegisteredPolicy regPolicy =
-                new RegisteredPolicy(id, clPath);
+                    new RegisteredPolicy(id, clPath);
 
             mImplTable.put(id, regPolicy);
         }
@@ -291,7 +287,7 @@ public class GenericPolicyProcessor implements IPolicyProcessor {
             String enabledStr = c.getString(PROP_ENABLE, null);
 
             if (enabledStr == null || enabledStr.trim().length() == 0 ||
-                enabledStr.trim().equalsIgnoreCase("true"))
+                    enabledStr.trim().equalsIgnoreCase("true"))
                 enabled = true;
             else
                 enabled = false;
@@ -304,15 +300,15 @@ public class GenericPolicyProcessor implements IPolicyProcessor {
 
             // Make an instance of the specified policy.
             RegisteredPolicy regPolicy =
-                (RegisteredPolicy) mImplTable.get(implName);
+                    (RegisteredPolicy) mImplTable.get(implName);
 
             if (regPolicy == null) {
-                String[] params = {implName, instanceName};
+                String[] params = { implName, instanceName };
 
                 throw new EPolicyException(
                         CMS.getUserMessage("CMS_POLICY_IMPL_NOT_FOUND", params));
             }
-            
+
             String classpath = regPolicy.getClassPath();
 
             try {
@@ -323,7 +319,7 @@ public class GenericPolicyProcessor implements IPolicyProcessor {
                 rule.init(this, c);
             } catch (Throwable e) {
                 mAuthority.log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_POLICY_INIT_FAILED", instanceName, e.toString()));
-                // disable rule initialized if there is 
+                // disable rule initialized if there is
                 // configuration error
                 enabled = false;
                 c.putString(PROP_ENABLE, "false");
@@ -332,8 +328,8 @@ public class GenericPolicyProcessor implements IPolicyProcessor {
             if (rule == null)
                 continue;
 
-                // Read the predicate expression if any associated
-                // with the rule
+            // Read the predicate expression if any associated
+            // with the rule
             String exp = c.getString(GenericPolicyProcessor.PROP_PREDICATE, null);
 
             if (exp != null)
@@ -345,13 +341,13 @@ public class GenericPolicyProcessor implements IPolicyProcessor {
 
             // Add the rule to the instance table
             mInstanceTable.put(instanceName,
-                new PolicyInstance(instanceName, implName, rule, enabled));
+                    new PolicyInstance(instanceName, implName, rule, enabled));
 
             if (!enabled)
                 continue;
 
-                // Add the rule to the policy set according to category if a
-                // rule is enabled.
+            // Add the rule to the policy set according to category if a
+            // rule is enabled.
             addRule(instanceName, rule);
         }
 
@@ -372,8 +368,8 @@ public class GenericPolicyProcessor implements IPolicyProcessor {
 
     /**
      * Apply policies on the given request.
-     *
-     * @param IRequest  The given request
+     * 
+     * @param IRequest The given request
      * @return The policy result object.
      */
     public PolicyResult apply(IRequest req) {
@@ -383,18 +379,19 @@ public class GenericPolicyProcessor implements IPolicyProcessor {
         CMS.debug("GenericPolicyProcessor: apply begins");
         if (op == null) {
             CMS.debug("GenericPolicyProcessor: apply op null");
-            // throw new AssertionException("Missing operation type in request. Can't happen!");
-            // Return ACCEPTED for now. Looks like even get CA chain 
-            // is being passed in here with request type set elsewhere 
-            // on the request. 
+            // throw new
+            // AssertionException("Missing operation type in request. Can't happen!");
+            // Return ACCEPTED for now. Looks like even get CA chain
+            // is being passed in here with request type set elsewhere
+            // on the request.
             return PolicyResult.ACCEPTED;
         }
         if (isProfileRequest(req)) {
-            Debug.trace("GenericPolicyProcessor: Profile-base Request " + 
-                req.getRequestId().toString());
+            Debug.trace("GenericPolicyProcessor: Profile-base Request " +
+                    req.getRequestId().toString());
             return PolicyResult.ACCEPTED;
         }
-        CMS.debug("GenericPolicyProcessor: apply not ProfileRequest. op="+op);
+        CMS.debug("GenericPolicyProcessor: apply not ProfileRequest. op=" + op);
 
         if (op.equalsIgnoreCase(IRequest.ENROLLMENT_REQUEST))
             rules = mEnrollmentRules;
@@ -409,7 +406,8 @@ public class GenericPolicyProcessor implements IPolicyProcessor {
         else {
             // It aint' a CMP request. We don't care.
             return PolicyResult.ACCEPTED;
-            // throw new AssertionException("Invalid request type. Can't Happen!");
+            // throw new
+            // AssertionException("Invalid request type. Can't Happen!");
         }
 
         // ((PolicySet)rules).printPolicies();
@@ -421,11 +419,11 @@ public class GenericPolicyProcessor implements IPolicyProcessor {
             return PolicyResult.ACCEPTED;
 
             /**
-             setError(req, PolicyResources.NO_RULES_CONFIGURED, op);
-             return PolicyResult.REJECTED;
+             * setError(req, PolicyResources.NO_RULES_CONFIGURED, op); return
+             * PolicyResult.REJECTED;
              **/
         }
-        CMS.debug("GenericPolicyProcessor: apply: rules.count="+ rules.count());
+        CMS.debug("GenericPolicyProcessor: apply: rules.count=" + rules.count());
 
         // request must be up to date or can't process it.
         PolicyResult res = PolicyResult.ACCEPTED;
@@ -466,11 +464,11 @@ public class GenericPolicyProcessor implements IPolicyProcessor {
         try {
             while (enum1.hasMoreElements()) {
                 RegisteredPolicy regPolicy =
-                    (RegisteredPolicy) enum1.nextElement();
+                        (RegisteredPolicy) enum1.nextElement();
 
                 // Make an Instance of it
                 IPolicyRule ruleImpl = (IPolicyRule)
-                    Class.forName(regPolicy.getClassPath()).newInstance();
+                        Class.forName(regPolicy.getClassPath()).newInstance();
 
                 impls.addElement(ruleImpl);
             }
@@ -489,7 +487,7 @@ public class GenericPolicyProcessor implements IPolicyProcessor {
         try {
             while (enum1.hasMoreElements()) {
                 RegisteredPolicy regPolicy =
-                    (RegisteredPolicy) enum1.nextElement();
+                        (RegisteredPolicy) enum1.nextElement();
 
                 impls.addElement(regPolicy.getId());
 
@@ -503,7 +501,7 @@ public class GenericPolicyProcessor implements IPolicyProcessor {
 
     public IPolicyRule getPolicyImpl(String id) {
         RegisteredPolicy regImpl = (RegisteredPolicy)
-            mImplTable.get(id);
+                mImplTable.get(id);
 
         if (regImpl == null)
             return null;
@@ -523,7 +521,7 @@ public class GenericPolicyProcessor implements IPolicyProcessor {
 
         if (rp == null)
             return null;
-        Vector<String>  v = rp.getDefaultParams();
+        Vector<String> v = rp.getDefaultParams();
 
         if (v == null)
             v = new Vector<String>();
@@ -533,16 +531,16 @@ public class GenericPolicyProcessor implements IPolicyProcessor {
     }
 
     public void deletePolicyImpl(String id)
-        throws EBaseException {
+            throws EBaseException {
         // First check if the id is valid;
         RegisteredPolicy regPolicy =
-            (RegisteredPolicy) mImplTable.get(id);
+                (RegisteredPolicy) mImplTable.get(id);
 
         if (regPolicy == null)
             throw new EPolicyException(
                     CMS.getUserMessage("CMS_POLICY_NO_POLICY_IMPL", id));
 
-            // If any instance exists for this impl, can't delete it.
+        // If any instance exists for this impl, can't delete it.
         boolean instanceExist = false;
         Enumeration<PolicyInstance> e = mInstanceTable.elements();
 
@@ -558,12 +556,12 @@ public class GenericPolicyProcessor implements IPolicyProcessor {
             throw new EPolicyException(
                     CMS.getUserMessage("CMS_POLICY_ACTIVE_POLICY_RULES_EXIST", id));
 
-            // Else delete the implementation
+        // Else delete the implementation
         mImplTable.remove(id);
-        IConfigStore policyStore = 
-            mGlobalStore.getSubStore(getPolicySubstoreId());
-        IConfigStore implStore = 
-            policyStore.getSubStore(PROP_IMPL);
+        IConfigStore policyStore =
+                mGlobalStore.getSubStore(getPolicySubstoreId());
+        IConfigStore implStore =
+                policyStore.getSubStore(PROP_IMPL);
 
         implStore.removeSubStore(id);
 
@@ -572,7 +570,7 @@ public class GenericPolicyProcessor implements IPolicyProcessor {
             mGlobalStore.commit(true);
         } catch (Exception ex) {
             Debug.printStackTrace(ex);
-            String[] params = {"implementation", id};
+            String[] params = { "implementation", id };
 
             throw new EPolicyException(
                     CMS.getUserMessage("CMS_POLICY_DELETING_POLICY_ERROR", params));
@@ -580,49 +578,49 @@ public class GenericPolicyProcessor implements IPolicyProcessor {
     }
 
     public void addPolicyImpl(String id, String classPath)
-        throws EBaseException {
+            throws EBaseException {
         // See if the id is unique
         if (mImplTable.containsKey(id))
             throw new EPolicyException(
                     CMS.getUserMessage("CMS_POLICY_DUPLICATE_IMPL_ID", id));
 
-            // See if the classPath is ok
+        // See if the classPath is ok
         Object impl = null;
 
         try {
             impl = Class.forName(classPath).newInstance();
-        }catch (Exception e) {
+        } catch (Exception e) {
             throw new EPolicyException(CMS.getUserMessage("CMS_POLICY_NO_POLICY_IMPL",
                         id));
         }
 
         // Does the class implement one of the four interfaces?
         if (!(impl instanceof IEnrollmentPolicy) &&
-            !(impl instanceof IRenewalPolicy) &&
-            !(impl instanceof IRevocationPolicy) &&
-            !(impl instanceof IKeyRecoveryPolicy) &&
-            !(impl instanceof IKeyArchivalPolicy))
+                !(impl instanceof IRenewalPolicy) &&
+                !(impl instanceof IRevocationPolicy) &&
+                !(impl instanceof IKeyRecoveryPolicy) &&
+                !(impl instanceof IKeyArchivalPolicy))
             throw new EPolicyException(
                     CMS.getUserMessage("CMS_POLICY_INVALID_POLICY_IMPL", classPath));
 
-            // Add the implementation to the registry
+        // Add the implementation to the registry
         RegisteredPolicy regPolicy =
-            new RegisteredPolicy(id, classPath);
+                new RegisteredPolicy(id, classPath);
 
         mImplTable.put(id, regPolicy);
 
         // Store the impl in the configuration.
-        IConfigStore policyStore = 
-            mGlobalStore.getSubStore(getPolicySubstoreId());
-        IConfigStore implStore = 
-            policyStore.getSubStore(PROP_IMPL);
+        IConfigStore policyStore =
+                mGlobalStore.getSubStore(getPolicySubstoreId());
+        IConfigStore implStore =
+                policyStore.getSubStore(PROP_IMPL);
         IConfigStore newStore = implStore.makeSubStore(id);
 
         newStore.put(PROP_CLASS, classPath);
         try {
             mGlobalStore.commit(true);
         } catch (Exception e) {
-            String[] params = {"implementation", id};
+            String[] params = { "implementation", id };
 
             throw new EPolicyException(
                     CMS.getUserMessage("CMS_POLICY_ADDING_POLICY_ERROR", params));
@@ -637,7 +635,7 @@ public class GenericPolicyProcessor implements IPolicyProcessor {
         try {
             while (enum1.hasMoreElements()) {
                 PolicyInstance instance =
-                    (PolicyInstance) mInstanceTable.get((String) enum1.nextElement());
+                        (PolicyInstance) mInstanceTable.get((String) enum1.nextElement());
 
                 rules.addElement(instance.getRule());
 
@@ -669,14 +667,14 @@ public class GenericPolicyProcessor implements IPolicyProcessor {
 
     public IPolicyRule getPolicyInstance(String id) {
         PolicyInstance policyInstance = (PolicyInstance)
-            mInstanceTable.get(id);
+                mInstanceTable.get(id);
 
         return (policyInstance == null) ? null : policyInstance.getRule();
     }
 
     public Vector<String> getPolicyInstanceConfig(String id) {
         PolicyInstance policyInstance = (PolicyInstance)
-            mInstanceTable.get(id);
+                mInstanceTable.get(id);
 
         if (policyInstance == null)
             return null;
@@ -695,24 +693,24 @@ public class GenericPolicyProcessor implements IPolicyProcessor {
     }
 
     public void deletePolicyInstance(String id)
-        throws EBaseException {
+            throws EBaseException {
         // If the rule is a persistent rule, we can't delete it.
         if (mUndeletablePolicies.containsKey(id))
             throw new EPolicyException(
                     CMS.getUserMessage("CMS_POLICY_CANT_DELETE_PERSISTENT_POLICY", id));
 
-            // First check if the instance is present.
+        // First check if the instance is present.
         PolicyInstance instance =
-            (PolicyInstance) mInstanceTable.get(id);
+                (PolicyInstance) mInstanceTable.get(id);
 
         if (instance == null)
             throw new EPolicyException(
                     CMS.getUserMessage("CMS_POLICY_INVALID_POLICY_INSTANCE", id));
 
         IConfigStore policyStore =
-            mGlobalStore.getSubStore(getPolicySubstoreId());
-        IConfigStore instanceStore = 
-            policyStore.getSubStore(PROP_RULE);
+                mGlobalStore.getSubStore(getPolicySubstoreId());
+        IConfigStore instanceStore =
+                policyStore.getSubStore(PROP_RULE);
 
         instanceStore.removeSubStore(id);
 
@@ -732,7 +730,7 @@ public class GenericPolicyProcessor implements IPolicyProcessor {
             mPolicyOrder.insertElementAt(id, index);
 
             Debug.printStackTrace(e);
-            String[] params = {"instance", id};
+            String[] params = { "instance", id };
 
             throw new EPolicyException(
                     CMS.getUserMessage("CMS_POLICY_DELETING_POLICY_ERROR", params));
@@ -751,17 +749,17 @@ public class GenericPolicyProcessor implements IPolicyProcessor {
         if (rule instanceof IKeyArchivalPolicy)
             mKeyArchivalRules.removeRule(id);
 
-            // Delete the instance
+        // Delete the instance
         mInstanceTable.remove(id);
     }
 
     public void addPolicyInstance(String id, Hashtable<String, String> ht)
-        throws EBaseException {
+            throws EBaseException {
         // The instance id should be unique
         if (getPolicyInstance(id) != null)
             throw new EPolicyException(
                     CMS.getUserMessage("CMS_POLICY_DUPLICATE_INST_ID", id));
-            // There should be an implmentation for this rule.
+        // There should be an implmentation for this rule.
         String implName = (String) ht.get(IPolicyRule.PROP_IMPLNAME);
 
         // See if there is an implementation with this name.
@@ -771,23 +769,23 @@ public class GenericPolicyProcessor implements IPolicyProcessor {
             throw new EPolicyException(
                     CMS.getUserMessage("CMS_POLICY_NO_POLICY_IMPL", implName));
 
-            // Prepare config file entries.
-        IConfigStore policyStore = 
-            mGlobalStore.getSubStore(getPolicySubstoreId());
-        IConfigStore instanceStore = 
-            policyStore.getSubStore(PROP_RULE);
+        // Prepare config file entries.
+        IConfigStore policyStore =
+                mGlobalStore.getSubStore(getPolicySubstoreId());
+        IConfigStore instanceStore =
+                policyStore.getSubStore(PROP_RULE);
         IConfigStore newStore = instanceStore.makeSubStore(id);
 
         for (Enumeration<String> keys = ht.keys(); keys.hasMoreElements();) {
             String key = keys.nextElement();
-            String val =  ht.get(key);
+            String val = ht.get(key);
 
             newStore.put(key, val);
         }
 
         // Set the order string.
         policyStore.put(PROP_ORDER,
-            getRuleOrderString(mPolicyOrder, id));
+                getRuleOrderString(mPolicyOrder, id));
 
         // Try to initialize this rule.
         rule.init(this, newStore);
@@ -797,10 +795,10 @@ public class GenericPolicyProcessor implements IPolicyProcessor {
         boolean active = false;
 
         if (enabledStr == null || enabledStr.trim().length() == 0 ||
-            enabledStr.equalsIgnoreCase("true"))
+                enabledStr.equalsIgnoreCase("true"))
             active = true;
 
-            // Set the predicate if any present on the rule.
+        // Set the predicate if any present on the rule.
         String predicate = ((String) ht.get(IPolicyRule.PROP_PREDICATE)).trim();
         IExpression exp = null;
 
@@ -812,7 +810,7 @@ public class GenericPolicyProcessor implements IPolicyProcessor {
         try {
             mGlobalStore.commit(true);
         } catch (Exception e) {
-            String[] params = {"instance", id};
+            String[] params = { "instance", id };
 
             throw new EPolicyException(
                     CMS.getUserMessage("CMS_POLICY_ADDING_POLICY_ERROR", params));
@@ -835,10 +833,10 @@ public class GenericPolicyProcessor implements IPolicyProcessor {
     }
 
     public void modifyPolicyInstance(String id, Hashtable<String, String> ht)
-        throws EBaseException {
+            throws EBaseException {
         // The instance id should be there already
         PolicyInstance policyInstance = (PolicyInstance)
-            mInstanceTable.get(id);
+                mInstanceTable.get(id);
 
         if (policyInstance == null)
             throw new EPolicyException(
@@ -851,38 +849,38 @@ public class GenericPolicyProcessor implements IPolicyProcessor {
         if (!implId.equals(policyInstance.getImplId()))
             throw new EPolicyException(
                     CMS.getUserMessage("CMS_POLICY_IMPLCHANGE_ERROR", id));
-					
-            // Make a new rule instance
+
+        // Make a new rule instance
         IPolicyRule newRule = getPolicyImpl(implId);
 
         if (newRule == null) // Can't happen, but just in case..
             throw new EPolicyException(
                     CMS.getUserMessage("CMS_POLICY_INVALID_POLICY_IMPL", implId));
-			
-            // Try to init this rule.
-        IConfigStore policyStore = 
-            mGlobalStore.getSubStore(getPolicySubstoreId());
-        IConfigStore instanceStore = 
-            policyStore.getSubStore(PROP_RULE);
+
+        // Try to init this rule.
+        IConfigStore policyStore =
+                mGlobalStore.getSubStore(getPolicySubstoreId());
+        IConfigStore instanceStore =
+                policyStore.getSubStore(PROP_RULE);
         IConfigStore oldStore = instanceStore.getSubStore(id);
         IConfigStore newStore = new PropConfigStore(id);
-			
+
         // See if the rule is disabled.
         String enabledStr = (String) ht.get(IPolicyRule.PROP_ENABLE);
         boolean active = false;
 
         if (enabledStr == null || enabledStr.trim().length() == 0 ||
-            enabledStr.equalsIgnoreCase("true"))
+                enabledStr.equalsIgnoreCase("true"))
             active = true;
 
-            // Set the predicate expression.
+        // Set the predicate expression.
         String predicate = ((String) ht.get(IPolicyRule.PROP_PREDICATE)).trim();
         IExpression exp = null;
 
         if (predicate.trim().length() > 0)
             exp = PolicyPredicateParser.parse(predicate.trim());
 
-            // See if this a persistent rule.
+        // See if this a persistent rule.
         if (mUndeletablePolicies.containsKey(id)) {
             // A persistent rule can't be disabled.
             if (!active) {
@@ -891,24 +889,24 @@ public class GenericPolicyProcessor implements IPolicyProcessor {
             }
 
             IExpression defPred = (IExpression)
-                mUndeletablePolicies.get(id);
+                    mUndeletablePolicies.get(id);
 
             if (defPred == SimpleExpression.NULL_EXPRESSION)
                 defPred = null;
             if (exp == null && defPred != null) {
-                String[] params = {id, defPred.toString(),
+                String[] params = { id, defPred.toString(),
                         "null" };
 
                 throw new EPolicyException(
                         CMS.getUserMessage("CMS_POLICY_PERSISTENT_RULE_MISCONFIG", params));
             } else if (exp != null && defPred == null) {
-                String[] params = {id, "null", exp.toString()};
+                String[] params = { id, "null", exp.toString() };
 
                 throw new EPolicyException(
                         CMS.getUserMessage("CMS_POLICY_PERSISTENT_RULE_MISCONFIG", params));
             } else if (exp != null && defPred != null) {
                 if (!defPred.toString().equals(exp.toString())) {
-                    String[] params = {id, defPred.toString(),
+                    String[] params = { id, defPred.toString(),
                             exp.toString() };
 
                     throw new EPolicyException(
@@ -920,9 +918,8 @@ public class GenericPolicyProcessor implements IPolicyProcessor {
         // Predicate for the persistent rule can't be changed.
         ht.put(IPolicyRule.PROP_ENABLE, String.valueOf(active));
 
-        // put old config store parameters first. 
-        for (Enumeration<String> oldkeys = oldStore.keys();
-            oldkeys.hasMoreElements();) {
+        // put old config store parameters first.
+        for (Enumeration<String> oldkeys = oldStore.keys(); oldkeys.hasMoreElements();) {
             String k = (String) oldkeys.nextElement();
             String v = (String) oldStore.getString(k);
 
@@ -930,15 +927,14 @@ public class GenericPolicyProcessor implements IPolicyProcessor {
         }
 
         // put modified params.
-        for (Enumeration<String> newkeys = ht.keys();
-            newkeys.hasMoreElements();) {
+        for (Enumeration<String> newkeys = ht.keys(); newkeys.hasMoreElements();) {
             String k = (String) newkeys.nextElement();
             String v = (String) ht.get(k);
 
             Debug.trace("newstore key " + k + "=" + v);
             if (v != null) {
                 if (!k.equals(Constants.OP_TYPE) && !k.equals(Constants.OP_SCOPE) &&
-                    !k.equals(Constants.RS_ID) && !k.equals("RULENAME")) {
+                        !k.equals(Constants.RS_ID) && !k.equals("RULENAME")) {
                     Debug.trace("newstore.put(" + k + "=" + v + ")");
                     newStore.put(k, v);
                 }
@@ -948,19 +944,15 @@ public class GenericPolicyProcessor implements IPolicyProcessor {
         // include impl default params in case we missed any.
 
         /*
-         for (Enumeration keys = ht.keys(); keys.hasMoreElements();)
-         {
-         String key = (String)keys.nextElement();
-         String val = (String)ht.get(key);
-         newStore.put(key, val);
-         }
+         * for (Enumeration keys = ht.keys(); keys.hasMoreElements();) { String
+         * key = (String)keys.nextElement(); String val = (String)ht.get(key);
+         * newStore.put(key, val); }
          */
 
-
         // Try to initialize this rule.
         newRule.init(this, newStore);
-			
-        // If we are successfully initialized, replace the rule 
+
+        // If we are successfully initialized, replace the rule
         // instance
         policyInstance.setRule(newRule);
         policyInstance.setActive(active);
@@ -969,21 +961,21 @@ public class GenericPolicyProcessor implements IPolicyProcessor {
         if (exp != null)
             newRule.setPredicate(exp);
 
-            // Store the changes in the file.
+        // Store the changes in the file.
         try {
             for (Enumeration<String> e = newStore.keys(); e.hasMoreElements();) {
                 String key = (String) e.nextElement();
 
                 if (key != null) {
                     Debug.trace(
-                        "oldstore.put(" + key + "," +
-                        (String) newStore.getString(key) + ")");
+                            "oldstore.put(" + key + "," +
+                                    (String) newStore.getString(key) + ")");
                     oldStore.put(key, (String) newStore.getString(key));
                 }
             }
             mGlobalStore.commit(true);
         } catch (Exception e) {
-            String[] params = {"instance", id};
+            String[] params = { "instance", id };
 
             throw new EPolicyException(
                     CMS.getUserMessage("CMS_POLICY_ADDING_POLICY_ERROR", params));
@@ -1018,8 +1010,8 @@ public class GenericPolicyProcessor implements IPolicyProcessor {
     }
 
     public synchronized void changePolicyInstanceOrdering(
-        String policyOrderStr)
-        throws EBaseException {
+            String policyOrderStr)
+            throws EBaseException {
         Vector<String> policyOrder = new Vector<String>();
         StringTokenizer tokens = new StringTokenizer(policyOrderStr, ",");
 
@@ -1053,9 +1045,9 @@ public class GenericPolicyProcessor implements IPolicyProcessor {
                 String defRuleName = mSystemDefaults[i].substring(
                         mSystemDefaults[i].lastIndexOf('.') + 1);
                 IPolicyRule defRule = (IPolicyRule)
-                    Class.forName(mSystemDefaults[i]).newInstance();
-                IConfigStore ruleConfig = 
-                    mConfig.getSubStore(PROP_DEF_POLICIES + "." + defRuleName);
+                        Class.forName(mSystemDefaults[i]).newInstance();
+                IConfigStore ruleConfig =
+                        mConfig.getSubStore(PROP_DEF_POLICIES + "." + defRuleName);
 
                 defRule.init(this, ruleConfig);
                 if (defRule instanceof IEnrollmentPolicy)
@@ -1072,7 +1064,7 @@ public class GenericPolicyProcessor implements IPolicyProcessor {
             }
         } catch (Throwable e) {
             Debug.printStackTrace(e);
-            EBaseException ex = new EBaseException(CMS.getUserMessage("CMS_BASE_INTERNAL_ERROR", 
+            EBaseException ex = new EBaseException(CMS.getUserMessage("CMS_BASE_INTERNAL_ERROR",
                         "Cannot create default policy rule. Error: " + e.getMessage()));
 
             mAuthority.log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_POLICY_DEF_CREATE", e.toString()));
@@ -1080,17 +1072,16 @@ public class GenericPolicyProcessor implements IPolicyProcessor {
         }
 
         // add rules specified in the new order.
-        for (Enumeration<String> enum1 = policyOrder.elements();
-            enum1.hasMoreElements();) {
+        for (Enumeration<String> enum1 = policyOrder.elements(); enum1.hasMoreElements();) {
             String instanceName = (String) enum1.nextElement();
             PolicyInstance pInstance = (PolicyInstance)
-                mInstanceTable.get(instanceName);
-				
+                    mInstanceTable.get(instanceName);
+
             if (!pInstance.isActive())
                 continue;
 
-                // Add the rule to the policy set according to category if a
-                // rule is enabled.
+            // Add the rule to the policy set according to category if a
+            // rule is enabled.
             IPolicyRule rule = pInstance.getRule();
 
             if (rule instanceof IEnrollmentPolicy)
@@ -1114,8 +1105,8 @@ public class GenericPolicyProcessor implements IPolicyProcessor {
         mPolicyOrder = policyOrder;
 
         // Now change the ordering in the config file.
-        IConfigStore policyStore = 
-            mGlobalStore.getSubStore(getPolicySubstoreId());
+        IConfigStore policyStore =
+                mGlobalStore.getSubStore(getPolicySubstoreId());
 
         policyStore.put(PROP_ORDER, policyOrderStr);
 
@@ -1163,37 +1154,37 @@ public class GenericPolicyProcessor implements IPolicyProcessor {
     }
 
     /**
-     * Initializes the default system policies. Currently there is only
-     * one policy - ManualAuthentication. More may be added later on.
-     *
-     * The default policies may be disabled - for example to over-ride
-     * agent approval for testing the system by setting the following
-     * property in the config file:
+     * Initializes the default system policies. Currently there is only one
+     * policy - ManualAuthentication. More may be added later on.
+     * 
+     * The default policies may be disabled - for example to over-ride agent
+     * approval for testing the system by setting the following property in the
+     * config file:
+     * 
+     * <subsystemId>.Policy.systemPolicies.enable=false
      * 
-     *	<subsystemId>.Policy.systemPolicies.enable=false
+     * By default the value for this property is true.
      * 
-     *  By default the value for this property is true.
-     *
-     * Users can over-ride the default system policies by listing their 
-     * 'custom' system policies under the following property:
+     * Users can over-ride the default system policies by listing their 'custom'
+     * system policies under the following property:
      * 
-     *	<subsystemId>.Policy.systemPolicies=<system policy1 class path>,
-     *		<system policy2 class path>
-     *
-     * There can only be one instance of the system policy in the system
-     * and will apply to all requests, and hence predicates are not used 
-     * for a system policy.  Due to the same reason, these properties are 
-     * not configurable using the Console.
+     * <subsystemId>.Policy.systemPolicies=<system policy1 class path>, <system
+     * policy2 class path>
+     * 
+     * There can only be one instance of the system policy in the system and
+     * will apply to all requests, and hence predicates are not used for a
+     * system policy. Due to the same reason, these properties are not
+     * configurable using the Console.
      * 
      * A System policy may read config properties from a subtree under
      * <subsystemId>.Policy.systemPolicies.<ClassName>. An example is
      * ra.Policy.systemPolicies.ManualAuthentication.param1=value
      */
     private void initSystemPolicies(IConfigStore mConfig)
-        throws EBaseException {
+            throws EBaseException {
         // If system policies are disabled, return. No Deferral of
         // requests may be done.
-        String enable = mConfig.getString(PROP_DEF_POLICIES + "." + 
+        String enable = mConfig.getString(PROP_DEF_POLICIES + "." +
                 PROP_ENABLE, "true").trim();
 
         if (enable.equalsIgnoreCase("false")) {
@@ -1202,17 +1193,17 @@ public class GenericPolicyProcessor implements IPolicyProcessor {
         }
 
         // Load default policies that are always present.
-        String configuredDefaults = mConfig.getString(PROP_DEF_POLICIES, 
+        String configuredDefaults = mConfig.getString(PROP_DEF_POLICIES,
                 null);
 
-        if (configuredDefaults == null || 
-            configuredDefaults.trim().length() == 0)
+        if (configuredDefaults == null ||
+                configuredDefaults.trim().length() == 0)
             mSystemDefaults = DEF_POLICIES;
         else {
             Vector<String> rules = new Vector<String>();
-            StringTokenizer tokenizer = new 
-                StringTokenizer(configuredDefaults.trim(), ",");
-	
+            StringTokenizer tokenizer = new
+                    StringTokenizer(configuredDefaults.trim(), ",");
+
             while (tokenizer.hasMoreTokens()) {
                 String rule = tokenizer.nextToken().trim();
 
@@ -1221,11 +1212,11 @@ public class GenericPolicyProcessor implements IPolicyProcessor {
             if (rules.size() > 0) {
                 mSystemDefaults = new String[rules.size()];
                 rules.copyInto(mSystemDefaults);
-            } else 
+            } else
                 mSystemDefaults = DEF_POLICIES;
         }
-	
-        // Now Initialize the rules. These defaults have only one 
+
+        // Now Initialize the rules. These defaults have only one
         // instance and the rule name is the name of the class itself.
         // Any configuration parameters required could be read from
         // <subsystemId>.Policy.default.RuleName.
@@ -1239,16 +1230,16 @@ public class GenericPolicyProcessor implements IPolicyProcessor {
                 Object o = Class.forName(mSystemDefaults[i]).newInstance();
 
                 if (!(o instanceof IEnrollmentPolicy) &&
-                    !(o instanceof IRenewalPolicy) &&
-                    !(o instanceof IRevocationPolicy) &&
-                    !(o instanceof IKeyRecoveryPolicy) &&
-                    !(o instanceof IKeyArchivalPolicy))
+                        !(o instanceof IRenewalPolicy) &&
+                        !(o instanceof IRevocationPolicy) &&
+                        !(o instanceof IKeyRecoveryPolicy) &&
+                        !(o instanceof IKeyArchivalPolicy))
                     throw new EPolicyException(
                             CMS.getUserMessage("CMS_POLICY_INVALID_POLICY_IMPL",
-                                mSystemDefaults[i]));
-	
+                                    mSystemDefaults[i]));
+
                 IPolicyRule rule = (IPolicyRule) o;
-	
+
                 // Initialize the rule.
                 ruleName = mSystemDefaults[i].substring(
                             mSystemDefaults[i].lastIndexOf('.') + 1);
@@ -1256,116 +1247,113 @@ public class GenericPolicyProcessor implements IPolicyProcessor {
                         PROP_DEF_POLICIES + "." + ruleName);
 
                 rule.init(this, ruleConfig);
-	
+
                 // Add the rule to the appropriate PolicySet.
                 addRule(ruleName, rule);
             } catch (EBaseException e) {
                 throw e;
             } catch (Exception e) {
                 Debug.printStackTrace(e);
-                throw new EPolicyException(CMS.getUserMessage("CMS_POLICY_NO_POLICY_IMPL", 
+                throw new EPolicyException(CMS.getUserMessage("CMS_POLICY_NO_POLICY_IMPL",
                             ruleName));
             }
         }
     }
 
     /**
-     * Read list of undeletable policies if any configured in the
-     * system. 
-     *
-     * These are required to protect the system from being misconfigured
-     * to the point that the requests wouldn't serialize or certain
-     * fields in the certificate(s) being checked will go unchecked 
-     * ..etc.
-     *
-     * For now the following policies are undeletable: 
-     *
-     *	DirAuthRule:	This is a default DirectoryAuthentication policy
-     *					for user certificates that interprets directory
-     *					credentials. The presence of this policy is needed
-     *					if the OOTB DirectoryAuthentication-based automatic
-     *					certificate issuance is supported.
-     *
-     *	DefaultUserNameRule: This policy verifies/sets subjectDn for user
-     *						 certificates.
-     *
-     *	DefaultServerNameRule: This policy verifies/sets subjectDn for 
-     *							server certificates.
-     *
-     *	DefaultValidityRule:	Verifies/sets validty for all certificates.
-     *
-     *	DefaultRenewalValidityRule: Verifies/sets validity for certs being
-     *							renewed.
-     *
-     *  The 'undeletables' cannot be deleted from the config file, nor
-     *	can the be disabled. If any predicates are associated with them
-     *	the predicates can't be changed either. But, other config parameters
-     *	such as maxValidity, renewalInterval ..etc can be changed to suit 
-     *	local policy requirements.
-     *
-     *  During start up the policy processor will verify if the undeletables
-     *	are present, and that they are enabled and that their predicates are
-     *	not changed.
-     *
-     *  The rules mentioned above are currently hard coded. If these need to
-     *  read from the config file, the 'undeletables' can be configured as
-     *  as follows:
-     *
-     *	<subsystemId>.Policy.undeletablePolicies=<comma separated rule names>
-     *	Example:
-     *	ra.Policy.undeletablePolicies=DirAuthRule, DefaultUserNameRule, DefaultServerNameRule, DefaultValidityRule, DefaultRenewalValidityRule
-     *
-     *  The predicates if any associated with them may be configured as
-     *  follows:
-     *		<subsystemId>.Policy.undeletablePolicies.DirAuthRule.predicate= certType == client.
-     *
-     *		where subsystemId is ra or ca.
-     *
+     * Read list of undeletable policies if any configured in the system.
+     * 
+     * These are required to protect the system from being misconfigured to the
+     * point that the requests wouldn't serialize or certain fields in the
+     * certificate(s) being checked will go unchecked ..etc.
+     * 
+     * For now the following policies are undeletable:
+     * 
+     * DirAuthRule: This is a default DirectoryAuthentication policy for user
+     * certificates that interprets directory credentials. The presence of this
+     * policy is needed if the OOTB DirectoryAuthentication-based automatic
+     * certificate issuance is supported.
+     * 
+     * DefaultUserNameRule: This policy verifies/sets subjectDn for user
+     * certificates.
+     * 
+     * DefaultServerNameRule: This policy verifies/sets subjectDn for server
+     * certificates.
+     * 
+     * DefaultValidityRule: Verifies/sets validty for all certificates.
+     * 
+     * DefaultRenewalValidityRule: Verifies/sets validity for certs being
+     * renewed.
+     * 
+     * The 'undeletables' cannot be deleted from the config file, nor can the be
+     * disabled. If any predicates are associated with them the predicates can't
+     * be changed either. But, other config parameters such as maxValidity,
+     * renewalInterval ..etc can be changed to suit local policy requirements.
+     * 
+     * During start up the policy processor will verify if the undeletables are
+     * present, and that they are enabled and that their predicates are not
+     * changed.
+     * 
+     * The rules mentioned above are currently hard coded. If these need to read
+     * from the config file, the 'undeletables' can be configured as as follows:
+     * 
+     * <subsystemId>.Policy.undeletablePolicies=<comma separated rule names>
+     * Example: ra.Policy.undeletablePolicies=DirAuthRule, DefaultUserNameRule,
+     * DefaultServerNameRule, DefaultValidityRule, DefaultRenewalValidityRule
+     * 
+     * The predicates if any associated with them may be configured as follows:
+     * <subsystemId>.Policy.undeletablePolicies.DirAuthRule.predicate= certType
+     * == client.
+     * 
+     * where subsystemId is ra or ca.
+     * 
      * If the undeletables are configured in the file,the configured entries
-     * take precedence over the hardcoded ones in this file. If you are 
-     * configuring them in the file, please remember to configure the 
-     * predicates if applicable.
-     *
-     * During policy configuration from MCC, the policy processor will not
-     * let you delete an 'undeletable', nor will it let you disable it. 
-     * You will not be able to change the predicate either. Other parameters
-     * can be configured as needed.
-     *
-     * If a particular rule needs to be removed from the 'undeletables', 
-     * either remove it from the hard coded list above, or configure the
-     * rules required rules only via the config file. The former needs 
-     * recompilation of the source. The later is flexible to be able to
-     * make any rule an 'undeletable' or nor an 'undeletable'.
-     *
-     * Example: We want to use only manual forms for enrollment. 
-     * We do n't need to burn in DirAuthRule. We need to configure all
-     * other rules except the DirAuthRule as follows:
-     *
-     *	ra.Policy.undeletablePolicies = DefaultUserNameRule, DefaultServerNameRule, DefaultValidityRule, DefaultRenewalValidityRule
-     *
+     * take precedence over the hardcoded ones in this file. If you are
+     * configuring them in the file, please remember to configure the predicates
+     * if applicable.
+     * 
+     * During policy configuration from MCC, the policy processor will not let
+     * you delete an 'undeletable', nor will it let you disable it. You will not
+     * be able to change the predicate either. Other parameters can be
+     * configured as needed.
+     * 
+     * If a particular rule needs to be removed from the 'undeletables', either
+     * remove it from the hard coded list above, or configure the rules required
+     * rules only via the config file. The former needs recompilation of the
+     * source. The later is flexible to be able to make any rule an
+     * 'undeletable' or nor an 'undeletable'.
+     * 
+     * Example: We want to use only manual forms for enrollment. We do n't need
+     * to burn in DirAuthRule. We need to configure all other rules except the
+     * DirAuthRule as follows:
+     * 
+     * ra.Policy.undeletablePolicies = DefaultUserNameRule,
+     * DefaultServerNameRule, DefaultValidityRule, DefaultRenewalValidityRule
+     * 
      * The following predicates are necessary:
-     *
-     *	ra.Policy.undeletablePolicies.DefaultUserNameRule.predicate = certType == client
-     *	ra.Policy.undeletablePolicies.DefaultServerNameRule.predicate = certType == server
-     *
-     *	The other two rules do not have any predicates.
+     * 
+     * ra.Policy.undeletablePolicies.DefaultUserNameRule.predicate = certType ==
+     * client ra.Policy.undeletablePolicies.DefaultServerNameRule.predicate =
+     * certType == server
+     * 
+     * The other two rules do not have any predicates.
      */
     private void initUndeletablePolicies(IConfigStore mConfig)
-        throws EBaseException {
+            throws EBaseException {
         // Read undeletable policies if any configured.
-        String configuredUndeletables = 
-            mConfig.getString(PROP_UNDELETABLE_POLICIES, null);
+        String configuredUndeletables =
+                mConfig.getString(PROP_UNDELETABLE_POLICIES, null);
 
-        if (configuredUndeletables == null || 
-            configuredUndeletables.trim().length() == 0) {
+        if (configuredUndeletables == null ||
+                configuredUndeletables.trim().length() == 0) {
             mUndeletablePolicies = DEF_UNDELETABLE_POLICIES;
             return;
         }
 
         Vector<String> rules = new Vector<String>();
-        StringTokenizer tokenizer = new 
-            StringTokenizer(configuredUndeletables.trim(), ",");
-	
+        StringTokenizer tokenizer = new
+                StringTokenizer(configuredUndeletables.trim(), ",");
+
         while (tokenizer.hasMoreTokens()) {
             String rule = tokenizer.nextToken().trim();
 
@@ -1377,18 +1365,18 @@ public class GenericPolicyProcessor implements IPolicyProcessor {
             return;
         }
 
-        // For each rule read from the config file, see if any 
+        // For each rule read from the config file, see if any
         // predicate is set.
         mUndeletablePolicies = new Hashtable<String, IExpression>();
         for (Enumeration<String> e = rules.elements(); e.hasMoreElements();) {
             String urn = (String) e.nextElement();
-			
+
             // See if there is predicate in the file
             String pred = mConfig.getString(PROP_UNDELETABLE_POLICIES +
                     "." + urn + "." + PROP_PREDICATE, null);
-			
+
             IExpression exp = SimpleExpression.NULL_EXPRESSION;
-			
+
             if (pred != null)
                 exp = PolicyPredicateParser.parse(pred);
             mUndeletablePolicies.put(urn, exp);
@@ -1423,12 +1411,11 @@ public class GenericPolicyProcessor implements IPolicyProcessor {
     }
 
     private void verifyDefaultPolicyConfig()
-        throws EPolicyException {
+            throws EPolicyException {
         // For each policy in undeletable list make sure that
         // the policy is present, is not disabled and its predicate
         // is not tampered with.
-        for (Enumeration<String> e = mUndeletablePolicies.keys();
-            e.hasMoreElements();) {
+        for (Enumeration<String> e = mUndeletablePolicies.keys(); e.hasMoreElements();) {
             String urn = (String) e.nextElement();
 
             // See if the rule is in the instance table.
@@ -1438,14 +1425,14 @@ public class GenericPolicyProcessor implements IPolicyProcessor {
                 throw new EPolicyException(
                         CMS.getUserMessage("CMS_POLICY_MISSING_PERSISTENT_RULE", urn));
 
-                // See if the instance is disabled.
+            // See if the instance is disabled.
             if (!inst.isActive())
                 throw new EPolicyException(
                         CMS.getUserMessage("CMS_POLICY_PERSISTENT_RULE_INACTIVE", urn));
 
-                // See if the predicated is misconfigured.
+            // See if the predicated is misconfigured.
             IExpression defPred = (IExpression)
-                mUndeletablePolicies.get(urn);
+                    mUndeletablePolicies.get(urn);
 
             // We used SimpleExpression.NULL_EXPRESSION to indicate a null.
             if (defPred == SimpleExpression.NULL_EXPRESSION)
@@ -1453,19 +1440,19 @@ public class GenericPolicyProcessor implements IPolicyProcessor {
             IExpression confPred = inst.getRule().getPredicate();
 
             if (defPred == null && confPred != null) {
-                String[] params = {urn, "null", confPred.toString()};
+                String[] params = { urn, "null", confPred.toString() };
 
                 throw new EPolicyException(
                         CMS.getUserMessage("CMS_POLICY_PERSISTENT_RULE_MISCONFIG", params));
             } else if (defPred != null && confPred == null) {
-                String[] params = {urn, defPred.toString(), "null"};
+                String[] params = { urn, defPred.toString(), "null" };
 
                 throw new EPolicyException(
                         CMS.getUserMessage("CMS_POLICY_PERSISTENT_RULE_MISCONFIG", params));
             } else if (defPred != null && confPred != null) {
                 if (!defPred.toString().equals(confPred.toString())) {
-                    String[] params = {urn, defPred.toString(), 
-                            confPred.toString()};
+                    String[] params = { urn, defPred.toString(),
+                            confPred.toString() };
 
                     throw new EPolicyException(
                             CMS.getUserMessage("CMS_POLICY_PERSISTENT_RULE_MISCONFIG", params));
@@ -1475,31 +1462,29 @@ public class GenericPolicyProcessor implements IPolicyProcessor {
     }
 }
 
-
 /**
  * Class to keep track of various configurable implementations.
  */
 class RegisteredPolicy {
     String mId;
     String mClPath;
-    public RegisteredPolicy (String id, String clPath) {
+
+    public RegisteredPolicy(String id, String clPath) {
         if (id == null || clPath == null)
-            throw new 
-                AssertionException("Policy id or classpath can't be null");
+            throw new AssertionException("Policy id or classpath can't be null");
         mId = id;
         mClPath = clPath;
     }
-	
+
     public String getClassPath() {
         return mClPath;
     }
-	
+
     public String getId() {
         return mId;
     }
 }
 
-
 class PolicyInstance {
     String mInstanceId;
     String mImplId;
@@ -1507,7 +1492,7 @@ class PolicyInstance {
     boolean mIsEnabled;
 
     public PolicyInstance(String instanceId, String implId,
-        IPolicyRule rule, boolean isEnabled) {
+            IPolicyRule rule, boolean isEnabled) {
         mInstanceId = instanceId;
         mImplId = implId;
         mRule = rule;
@@ -1543,9 +1528,8 @@ class PolicyInstance {
     public void setActive(boolean stat) {
         mIsEnabled = stat;
     }
-	
+
     public void setRule(IPolicyRule newRule) {
         mRule = newRule;
     }
-}    
-
+}
diff --git a/pki/base/common/src/com/netscape/cmscore/policy/JavaScriptRequestProxy.java b/pki/base/common/src/com/netscape/cmscore/policy/JavaScriptRequestProxy.java
index fde12d04..e9a7371d 100644
--- a/pki/base/common/src/com/netscape/cmscore/policy/JavaScriptRequestProxy.java
+++ b/pki/base/common/src/com/netscape/cmscore/policy/JavaScriptRequestProxy.java
@@ -17,14 +17,13 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cmscore.policy;
 
-
 import com.netscape.certsrv.policy.IPolicyRule;
 import com.netscape.certsrv.request.IRequest;
 import com.netscape.certsrv.request.PolicyResult;
 
-
 public class JavaScriptRequestProxy {
     IRequest req;
+
     public JavaScriptRequestProxy(IRequest r) {
         req = r;
     }
@@ -42,4 +41,3 @@ public class JavaScriptRequestProxy {
     }
 
 }
-
diff --git a/pki/base/common/src/com/netscape/cmscore/policy/OrExpression.java b/pki/base/common/src/com/netscape/cmscore/policy/OrExpression.java
index f1bb6457..00fbfab7 100644
--- a/pki/base/common/src/com/netscape/cmscore/policy/OrExpression.java
+++ b/pki/base/common/src/com/netscape/cmscore/policy/OrExpression.java
@@ -17,38 +17,38 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cmscore.policy;
 
-
 import com.netscape.certsrv.policy.EPolicyException;
 import com.netscape.certsrv.policy.IExpression;
 import com.netscape.certsrv.request.IRequest;
 
-
 /**
- * This class represents an Or expression of the form
- * (var1 op val1 OR var2 op val2).
- *
+ * This class represents an Or expression of the form (var1 op val1 OR var2 op
+ * val2).
+ * 
  * Expressions are used as predicates for policy selection.
- *
+ * 
  * @author kanda
  * @version $Revision$, $Date$
  */
 public class OrExpression implements IExpression {
     private IExpression mExp1;
     private IExpression mExp2;
+
     public OrExpression(IExpression exp1, IExpression exp2) {
         mExp1 = exp1;
         mExp2 = exp2;
     }
 
     public boolean evaluate(IRequest req)
-        throws EPolicyException {
+            throws EPolicyException {
         if (mExp1 == null && mExp2 == null)
             return true;
         else if (mExp1 != null && mExp2 != null)
             return mExp1.evaluate(req) || mExp2.evaluate(req);
         else if (mExp1 != null && mExp2 == null)
             return mExp1.evaluate(req);
-        else // (mExp1 == null && mExp2 != null)
+        else
+            // (mExp1 == null && mExp2 != null)
             return mExp2.evaluate(req);
     }
 
@@ -59,7 +59,8 @@ public class OrExpression implements IExpression {
             return mExp1.toString() + " OR " + mExp2.toString();
         else if (mExp1 != null && mExp2 == null)
             return mExp1.toString();
-        else // (mExp1 == null && mExp2 != null)
+        else
+            // (mExp1 == null && mExp2 != null)
             return mExp2.toString();
     }
 }
diff --git a/pki/base/common/src/com/netscape/cmscore/policy/PolicyPredicateParser.java b/pki/base/common/src/com/netscape/cmscore/policy/PolicyPredicateParser.java
index 0f00e815..91406776 100644
--- a/pki/base/common/src/com/netscape/cmscore/policy/PolicyPredicateParser.java
+++ b/pki/base/common/src/com/netscape/cmscore/policy/PolicyPredicateParser.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cmscore.policy;
 
-
 import java.util.Enumeration;
 import java.util.Hashtable;
 import java.util.Vector;
@@ -29,19 +28,16 @@ import com.netscape.certsrv.policy.EPolicyException;
 import com.netscape.certsrv.policy.IExpression;
 import com.netscape.cmscore.util.Debug;
 
-
 /**
  * Default implementation of predicate parser.
- *
+ * 
  * Limitations:
- *
- *	1. Currently parentheses are not suported.
- *	2. Only ==, != <, >, <= and >= operators are supported.
- *	3. The only boolean operators supported are AND and OR. AND takes precedence
- *	   over OR. Example: a AND b OR e OR c AND d
- *					is treated as (a AND b) OR e OR (c AND d)
- *	4. If this is n't adequate, roll your own.
- *
+ * 
+ * 1. Currently parentheses are not suported. 2. Only ==, != <, >, <= and >=
+ * operators are supported. 3. The only boolean operators supported are AND and
+ * OR. AND takes precedence over OR. Example: a AND b OR e OR c AND d is treated
+ * as (a AND b) OR e OR (c AND d) 4. If this is n't adequate, roll your own.
+ * 
  * @author kanda
  * @version $Revision$, $Date$
  */
@@ -57,22 +53,23 @@ public class PolicyPredicateParser {
 
     /**
      * Parse the predicate expression and return a vector of expressions.
-     *
-     * @param predicateExp	The predicate expression as read from the config file.
-     * @return expVector	The vector of expressions.
+     * 
+     * @param predicateExp The predicate expression as read from the config
+     *            file.
+     * @return expVector The vector of expressions.
      */
     public static IExpression parse(String predicateExpression)
-        throws EPolicyException {
-        if (predicateExpression == null || 
-            predicateExpression.length() == 0)
+            throws EPolicyException {
+        if (predicateExpression == null ||
+                predicateExpression.length() == 0)
             return null;
         PredicateTokenizer pt = new PredicateTokenizer(predicateExpression);
 
         if (pt == null || !pt.hasMoreTokens())
             return null;
 
-            // The first token cannot be an operator. We are not dealing with
-            // reverse-polish notation.
+        // The first token cannot be an operator. We are not dealing with
+        // reverse-polish notation.
         String token = pt.nextToken();
         boolean opANDSeen;
         boolean opORSeen;
@@ -92,7 +89,7 @@ public class PolicyPredicateParser {
             int curType = getOP(token);
 
             if ((prevType != EXPRESSION && curType != EXPRESSION) ||
-                (prevType == EXPRESSION && curType == EXPRESSION)) {
+                    (prevType == EXPRESSION && curType == EXPRESSION)) {
                 malformed = true;
                 break;
             }
@@ -103,7 +100,8 @@ public class PolicyPredicateParser {
                 continue;
             }
 
-            // If the previous type was an OR token, add the current expression to
+            // If the previous type was an OR token, add the current expression
+            // to
             // the expression set;
             if (prevType == OP_OR) {
                 expSet.addElement(current);
@@ -123,7 +121,7 @@ public class PolicyPredicateParser {
                 Debug.trace("Malformed expression: " + predicateExpression);
             throw new EPolicyException(
                     CMS.getUserMessage("CMS_POLICY_BAD_POLICY_EXPRESSION",
-                        predicateExpression));
+                            predicateExpression));
         }
 
         // Form an ORExpression
@@ -135,7 +133,7 @@ public class PolicyPredicateParser {
         if (size == 0)
             return null;
         OrExpression orExp = new
-            OrExpression((IExpression) expSet.elementAt(0), null);
+                OrExpression((IExpression) expSet.elementAt(0), null);
 
         for (int i = 1; i < size; i++)
             orExp = new OrExpression(orExp,
@@ -153,7 +151,7 @@ public class PolicyPredicateParser {
     }
 
     private static IExpression parseExpression(String input)
-        throws EPolicyException {
+            throws EPolicyException {
         // If the expression has multiple parts separated by commas
         // we need to construct an AND expression. Else we will return a
         // simple expression.
@@ -166,8 +164,8 @@ public class PolicyPredicateParser {
 
         while (commaIndex > 0) {
             SimpleExpression exp = (SimpleExpression)
-                SimpleExpression.parse(input.substring(currentIndex,
-                        commaIndex));
+                    SimpleExpression.parse(input.substring(currentIndex,
+                            commaIndex));
 
             expVector.addElement(exp);
             currentIndex = commaIndex + 1;
@@ -175,7 +173,7 @@ public class PolicyPredicateParser {
         }
         if (currentIndex < (input.length() - 1)) {
             SimpleExpression exp = (SimpleExpression)
-                SimpleExpression.parse(input.substring(currentIndex));
+                    SimpleExpression.parse(input.substring(currentIndex));
 
             expVector.addElement(exp);
         }
@@ -194,79 +192,40 @@ public class PolicyPredicateParser {
     public static void main(String[] args) {
 
         /*********
-         IRequest req = new IRequest();
-         try
-         {
-         req.set("ou", "people");
-         req.set("cn", "John Doe");
-         req.set("uid", "jdoes");
-         req.set("o", "airius.com");
-         req.set("certtype", "client");
-         req.set("request", "issuance");
-         req.set("id", new Integer(10));
-         req.set("dualcerts", new Boolean(true));
-
-         Vector v = new Vector();
-         v.addElement("one");
-         v.addElement("two");
-         v.addElement("three");
-         req.set("count", v);
-         }
-         catch (Exception e){e.printStackTrace();}
-         String[] array = { "ou == people AND certtype == client",
-         "ou == servergroup AND certtype == server",
-         "uid == jdoes, ou==people, o==airius.com OR ou == people AND certType == client OR certType == server AND cn == needles.mcom.com",
-         };
-         for (int i = 0; i < array.length; i++)
-         {
-         System.out.println();
-         System.out.println("String: " + array[i]);
-         IExpression exp = null;
-         try
-         {
-         exp = parse(array[i]);
-         if (exp != null)
-         {
-         System.out.println("Parsed Expression: " + exp);
-         boolean result = exp.evaluate(req);
-         System.out.println("Result: " + result);
-         }
-         }
-         catch (Exception e) {e.printStackTrace(); }
-         }
-
-
-         try
-         {
-         BufferedReader rdr = new BufferedReader(
-         new FileReader(args[0]));
-         String line;
-         while((line=rdr.readLine()) != null)
-         {
-         System.out.println();
-         System.out.println("Line Read: " + line);
-         IExpression exp = null;
-         try
-         {
-         exp = parse(line);
-         if (exp != null)
-         {
-         System.out.println(exp);
-         boolean result = exp.evaluate(req);
-         System.out.println("Result: " + result);
-         }
-
-         }catch (Exception e){e.printStackTrace();}
-         }
-         }
-         catch (Exception e){e.printStackTrace(); }
-
+         * IRequest req = new IRequest(); try { req.set("ou", "people");
+         * req.set("cn", "John Doe"); req.set("uid", "jdoes"); req.set("o",
+         * "airius.com"); req.set("certtype", "client"); req.set("request",
+         * "issuance"); req.set("id", new Integer(10)); req.set("dualcerts", new
+         * Boolean(true));
+         * 
+         * Vector v = new Vector(); v.addElement("one"); v.addElement("two");
+         * v.addElement("three"); req.set("count", v); } catch (Exception
+         * e){e.printStackTrace();} String[] array = {
+         * "ou == people AND certtype == client",
+         * "ou == servergroup AND certtype == server",
+         * "uid == jdoes, ou==people, o==airius.com OR ou == people AND certType == client OR certType == server AND cn == needles.mcom.com"
+         * , }; for (int i = 0; i < array.length; i++) { System.out.println();
+         * System.out.println("String: " + array[i]); IExpression exp = null;
+         * try { exp = parse(array[i]); if (exp != null) {
+         * System.out.println("Parsed Expression: " + exp); boolean result =
+         * exp.evaluate(req); System.out.println("Result: " + result); } } catch
+         * (Exception e) {e.printStackTrace(); } }
+         * 
+         * 
+         * try { BufferedReader rdr = new BufferedReader( new
+         * FileReader(args[0])); String line; while((line=rdr.readLine()) !=
+         * null) { System.out.println(); System.out.println("Line Read: " +
+         * line); IExpression exp = null; try { exp = parse(line); if (exp !=
+         * null) { System.out.println(exp); boolean result = exp.evaluate(req);
+         * System.out.println("Result: " + result); }
+         * 
+         * }catch (Exception e){e.printStackTrace();} } } catch (Exception
+         * e){e.printStackTrace(); }
          *******/
     }
 
 }
 
-
 class PredicateTokenizer {
     String input;
     int currentIndex;
@@ -348,30 +307,30 @@ class PredicateTokenizer {
     }
 }
 
-
 class AttributeSet implements IAttrSet {
     /**
      *
      */
     private static final long serialVersionUID = -3985810281989018413L;
     Hashtable ht = new Hashtable();
+
     public AttributeSet() {
     }
 
     public void delete(String name)
-        throws EBaseException {
+            throws EBaseException {
         Object ob = ht.get(name);
 
         ht.remove(ob);
     }
 
     public Object get(String name)
-        throws EBaseException {
+            throws EBaseException {
         return ht.get(name);
     }
 
     public void set(String name, Object ob)
-        throws EBaseException {
+            throws EBaseException {
         ht.put(name, ob);
     }
 
diff --git a/pki/base/common/src/com/netscape/cmscore/policy/PolicySet.java b/pki/base/common/src/com/netscape/cmscore/policy/PolicySet.java
index 24918a33..7fe049c0 100644
--- a/pki/base/common/src/com/netscape/cmscore/policy/PolicySet.java
+++ b/pki/base/common/src/com/netscape/cmscore/policy/PolicySet.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cmscore.policy;
 
-
 import java.util.Enumeration;
 import java.util.Vector;
 
@@ -30,11 +29,10 @@ import com.netscape.certsrv.request.IRequest;
 import com.netscape.certsrv.request.PolicyResult;
 import com.netscape.cmscore.util.Debug;
 
-
 /**
- * Implements a policy set per IPolicySet interface. This class
- * uses a vector of ordered policies to enforce priority.
- *
+ * Implements a policy set per IPolicySet interface. This class uses a vector of
+ * ordered policies to enforce priority.
+ * 
  * @author kanda
  * @version $Revision$, $Date$
  */
@@ -51,7 +49,7 @@ public class PolicySet implements IPolicySet {
     /**
      * Returns the name of the rule set.
      * <P>
-     *
+     * 
      * @return The name of the rule set.
      */
     public String getName() {
@@ -61,6 +59,7 @@ public class PolicySet implements IPolicySet {
     /**
      * Returns the no of rules in a set.
      * <P>
+     * 
      * @return the no of rules.
      */
     public int count() {
@@ -70,9 +69,9 @@ public class PolicySet implements IPolicySet {
     /**
      * Add a policy rule.
      * <P>
-     *
-     * @param ruleName  The name of the rule to be added.
-     * @param rule  The rule to be added.
+     * 
+     * @param ruleName The name of the rule to be added.
+     * @param rule The rule to be added.
      */
     public void addRule(String ruleName, IPolicyRule rule) {
         if (mRuleNames.indexOf(ruleName) >= 0)
@@ -88,9 +87,9 @@ public class PolicySet implements IPolicySet {
 
     /**
      * Remplaces a policy rule identified by the given name.
-     *
-     * @param name  The name of the rule to be replaced.
-     * @param rule  The rule to be replaced.
+     * 
+     * @param name The name of the rule to be replaced.
+     * @param rule The rule to be replaced.
      */
     public void replaceRule(String ruleName, IPolicyRule rule) {
         int index = mRuleNames.indexOf(ruleName);
@@ -99,22 +98,22 @@ public class PolicySet implements IPolicySet {
             addRule(ruleName, rule);
             return;
         }
-        	
+
         mRuleNames.setElementAt(ruleName, index);
         mRules.setElementAt(rule, index);
     }
 
     /**
      * Removes a policy rule identified by the given name.
-     *
-     * @param name  The name of the rule to be removed.
+     * 
+     * @param name The name of the rule to be removed.
      */
     public void removeRule(String ruleName) {
         int index = mRuleNames.indexOf(ruleName);
 
         if (index < 0)
             return; // XXX - throw an exception.
-        	
+
         mRuleNames.removeElementAt(index);
         mRules.removeElementAt(index);
     }
@@ -122,8 +121,8 @@ public class PolicySet implements IPolicySet {
     /**
      * Returns the rule identified by a given name.
      * <P>
-     *
-     * @param name  The name of the rule to be return.
+     * 
+     * @param name The name of the rule to be return.
      * @return The rule identified by the given name or null if none exists.
      */
     public IPolicyRule getRule(String ruleName) {
@@ -137,7 +136,7 @@ public class PolicySet implements IPolicySet {
     /**
      * Returns an enumeration of rules.
      * <P>
-     *
+     * 
      * @return An enumeration of rules.
      */
     public Enumeration<IPolicyRule> getRules() {
@@ -145,10 +144,10 @@ public class PolicySet implements IPolicySet {
     }
 
     /**
-     * Apply policies on a given request from a rule set.
-     * The rules may modify the request.
-     *
-     * @param req   The request to apply policies on.
+     * Apply policies on a given request from a rule set. The rules may modify
+     * the request.
+     * 
+     * @param req The request to apply policies on.
      * @return the PolicyResult.
      */
     public PolicyResult apply(IRequest req) {
@@ -158,11 +157,11 @@ public class PolicySet implements IPolicySet {
         if ((cnt = mRules.size()) == 0)
             return PolicyResult.ACCEPTED;
 
-            // All policies are applied before returning the result. Hence
-            // if atleast one of the policies returns a REJECTED, we need to
-            // return that status. If none of the policies REJECTED
-            // the request, but atleast one of them DEFERRED the request, we
-            // need to return DEFERRED. 
+        // All policies are applied before returning the result. Hence
+        // if atleast one of the policies returns a REJECTED, we need to
+        // return that status. If none of the policies REJECTED
+        // the request, but atleast one of them DEFERRED the request, we
+        // need to return DEFERRED.
         boolean rejected = false;
         boolean deferred = false;
         int size = mRules.size();
@@ -182,7 +181,7 @@ public class PolicySet implements IPolicySet {
                 e.printStackTrace();
             }
 
-            if (!typeMatched(rule, req)) 
+            if (!typeMatched(rule, req))
                 continue;
 
             try {
@@ -200,16 +199,16 @@ public class PolicySet implements IPolicySet {
                     // we pass that info down the chain. For now use S_OTHER
                     // as the system id for the log entry.
                     mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER,
-                        ILogger.LL_FAILURE, 
-                        CMS.getLogMessage("CMSCORE_POLICY_REJECT_RESULT", req.getRequestId().toString(), name));
+                            ILogger.LL_FAILURE,
+                            CMS.getLogMessage("CMSCORE_POLICY_REJECT_RESULT", req.getRequestId().toString(), name));
                     rejected = true;
                 } else if (result == PolicyResult.DEFERRED) {
                     // It is hard to find out the owner at the moment unless
                     // we pass that info down the chain. For now use S_OTHER
                     // as the system id for the log entry.
                     mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER,
-                        ILogger.LL_WARN, 
-                        CMS.getLogMessage("CMSCORE_POLICY_DEFER_RESULT", req.getRequestId().toString(), name));
+                            ILogger.LL_WARN,
+                            CMS.getLogMessage("CMSCORE_POLICY_DEFER_RESULT", req.getRequestId().toString(), name));
                     deferred = true;
                 } else if (result == PolicyResult.ACCEPTED) {
                     // It is hard to find out the owner at the moment unless
@@ -221,9 +220,9 @@ public class PolicySet implements IPolicySet {
                     // we pass that info down the chain. For now use S_OTHER
                     // as the system id for the log entry.
                     mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER,
-                        ILogger.LL_INFO, 
-                        "policy: Request " + req.getRequestId() + " - Result of applying rule: " + name + 
-                        " is: " + getPolicyResult(result));
+                            ILogger.LL_INFO,
+                            "policy: Request " + req.getRequestId() + " - Result of applying rule: " + name +
+                                    " is: " + getPolicyResult(result));
                 }
             } catch (Throwable ex) {
                 // Customer can install his own policies.
@@ -231,14 +230,14 @@ public class PolicySet implements IPolicySet {
                 // catch those problems and report
                 // them to the log
                 mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER,
-                    ILogger.LL_FAILURE, 
-                    CMS.getLogMessage("CMSCORE_POLICY_ERROR_RESULT", req.getRequestId().toString(), name, ex.toString()));
-                // treat as rejected to prevent request from going into 
+                        ILogger.LL_FAILURE,
+                        CMS.getLogMessage("CMSCORE_POLICY_ERROR_RESULT", req.getRequestId().toString(), name, ex.toString()));
+                // treat as rejected to prevent request from going into
                 // a weird state. request queue doesn't handle this case.
                 rejected = true;
                 ((IPolicyRule) rule).setError(
-                    req,
-                    CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR", rule.getName(), ex.toString()), null); 
+                        req,
+                        CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR", rule.getName(), ex.toString()), null);
             }
         }
 
@@ -248,9 +247,9 @@ public class PolicySet implements IPolicySet {
             return PolicyResult.DEFERRED;
         } else {
             mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER,
-                ILogger.LL_INFO, 
-                "Request " + req.getRequestId() + 
-                " Policy result: successful");
+                    ILogger.LL_INFO,
+                    "Request " + req.getRequestId() +
+                            " Policy result: successful");
             return PolicyResult.ACCEPTED;
         }
     }
@@ -267,7 +266,7 @@ public class PolicySet implements IPolicySet {
 
             System.out.println("Rule Name: " + ruleName);
             System.out.println("Implementation: " +
-                mRules.elementAt(index).getClass().getName());
+                    mRules.elementAt(index).getClass().getName());
         }
     }
 
@@ -295,4 +294,3 @@ public class PolicySet implements IPolicySet {
         return false;
     }
 }
-
diff --git a/pki/base/common/src/com/netscape/cmscore/policy/SimpleExpression.java b/pki/base/common/src/com/netscape/cmscore/policy/SimpleExpression.java
index 5e6458be..677b0574 100644
--- a/pki/base/common/src/com/netscape/cmscore/policy/SimpleExpression.java
+++ b/pki/base/common/src/com/netscape/cmscore/policy/SimpleExpression.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cmscore.policy;
 
-
 import java.util.Enumeration;
 import java.util.Vector;
 
@@ -28,13 +27,12 @@ import com.netscape.certsrv.request.IRequest;
 import com.netscape.cmscore.util.AssertionException;
 import com.netscape.cmscore.util.Debug;
 
-
 /**
- * This class represents an expression of the form var = val,
- * var != val, var < val, var > val, var <= val, var >= val.
- *
+ * This class represents an expression of the form var = val, var != val, var <
+ * val, var > val, var <= val, var >= val.
+ * 
  * Expressions are used as predicates for policy selection.
- *
+ * 
  * @author kanda
  * @version $Revision$, $Date$
  */
@@ -47,11 +45,11 @@ public class SimpleExpression implements IExpression {
     private boolean hasWildCard;
     public static final char WILDCARD_CHAR = '*';
 
-    // This is just for indicating a null expression. 
+    // This is just for indicating a null expression.
     public static SimpleExpression NULL_EXPRESSION = new SimpleExpression("null", OP_EQUAL, "null");
 
     public static IExpression parse(String input)
-        throws EPolicyException {
+            throws EPolicyException {
         // Get the index of operator
         // Debug.trace("SimpleExpression::input: " + input);
         String var = null;
@@ -118,19 +116,19 @@ public class SimpleExpression implements IExpression {
     }
 
     public boolean evaluate(IRequest req)
-        throws EPolicyException {
+            throws EPolicyException {
         // mPfx and mVar are looked up case-indendently
         String givenVal = req.getExtDataInString(mPfx, mVar);
 
         if (Debug.ON)
-            Debug.trace("mPfx: " + mPfx + " mVar: " + mVar + 
-                ",Given Value: " + givenVal + ", Value to compare with: " + mVal);
+            Debug.trace("mPfx: " + mPfx + " mVar: " + mVar +
+                    ",Given Value: " + givenVal + ", Value to compare with: " + mVal);
 
         return matchValue(givenVal);
     }
 
     private boolean matchVector(Vector value)
-        throws EPolicyException {
+            throws EPolicyException {
         boolean result = false;
         Enumeration e = (Enumeration) value.elements();
 
@@ -143,7 +141,7 @@ public class SimpleExpression implements IExpression {
     }
 
     private boolean matchStringArray(String[] value)
-        throws EPolicyException {
+            throws EPolicyException {
         boolean result = false;
 
         for (int i = 0; i < value.length; i++) {
@@ -155,23 +153,23 @@ public class SimpleExpression implements IExpression {
     }
 
     private boolean matchValue(Object value)
-        throws EPolicyException {
+            throws EPolicyException {
         boolean result;
 
         // There is nothing to compare with!
         if (value == null)
             return false;
 
-            // XXX - Kanda: We need a better way of handling this!.
+        // XXX - Kanda: We need a better way of handling this!.
         if (value instanceof String)
             result = matchStringValue((String) value);
         else if (value instanceof Integer)
             result = matchIntegerValue((Integer) value);
         else if (value instanceof Boolean)
             result = matchBooleanValue((Boolean) value);
-        else if (value instanceof Vector) 
+        else if (value instanceof Vector)
             result = matchVector((Vector) value);
-        else if (value instanceof String[]) 
+        else if (value instanceof String[])
             result = matchStringArray((String[]) value);
         else
             throw new EPolicyException(CMS.getUserMessage("CMS_POLICY_INVALID_ATTR_VALUE",
@@ -180,7 +178,7 @@ public class SimpleExpression implements IExpression {
     }
 
     private boolean matchStringValue(String givenVal)
-        throws EPolicyException {
+            throws EPolicyException {
         boolean result;
 
         switch (mOp) {
@@ -221,7 +219,7 @@ public class SimpleExpression implements IExpression {
     }
 
     private boolean matchIntegerValue(Integer intVal)
-        throws EPolicyException {
+            throws EPolicyException {
         boolean result;
         int storedVal;
         int givenVal = intVal.intValue();
@@ -264,12 +262,11 @@ public class SimpleExpression implements IExpression {
     }
 
     private boolean matchBooleanValue(Boolean givenVal)
-        throws EPolicyException {
+            throws EPolicyException {
         boolean result;
         Boolean storedVal;
 
-        if (!(mVal.equalsIgnoreCase("true") ||
-                mVal.equalsIgnoreCase("false")))
+        if (!(mVal.equalsIgnoreCase("true") || mVal.equalsIgnoreCase("false")))
             throw new EPolicyException(CMS.getUserMessage("CMS_POLICY_INVALID_ATTR_VALUE",
                         mVal));
         storedVal = new Boolean(mVal);
@@ -320,9 +317,9 @@ public class SimpleExpression implements IExpression {
             op = IExpression.LE_STR;
             break;
         }
-        if (mPfx != null && mPfx.length() > 0) 
+        if (mPfx != null && mPfx.length() > 0)
             return mPfx + "." + mVar + " " + op + " " + mVal;
-        else 
+        else
             return mVar + " " + op + " " + mVal;
     }
 
@@ -411,7 +408,6 @@ public class SimpleExpression implements IExpression {
     }
 }
 
-
 class ExpressionComps {
     String attr;
     int op;
@@ -435,4 +431,3 @@ class ExpressionComps {
         return val;
     }
 }
-
diff --git a/pki/base/common/src/com/netscape/cmscore/profile/ProfileSubsystem.java b/pki/base/common/src/com/netscape/cmscore/profile/ProfileSubsystem.java
index 4f386259..aa93f1ae 100644
--- a/pki/base/common/src/com/netscape/cmscore/profile/ProfileSubsystem.java
+++ b/pki/base/common/src/com/netscape/cmscore/profile/ProfileSubsystem.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cmscore.profile;
 
-
 import java.io.File;
 import java.util.Enumeration;
 import java.util.Hashtable;
@@ -34,7 +33,6 @@ import com.netscape.certsrv.profile.IProfileSubsystem;
 import com.netscape.certsrv.registry.IPluginInfo;
 import com.netscape.certsrv.registry.IPluginRegistry;
 
-
 public class ProfileSubsystem implements IProfileSubsystem {
     private static final String PROP_LIST = "list";
     private static final String PROP_CLASS_ID = "class_id";
@@ -54,7 +52,7 @@ public class ProfileSubsystem implements IProfileSubsystem {
      * Retrieves the name of this subsystem.
      */
     public String getId() {
-        return null; 
+        return null;
     }
 
     /**
@@ -64,19 +62,18 @@ public class ProfileSubsystem implements IProfileSubsystem {
     }
 
     /**
-     * Initializes this subsystem with the given configuration
-     * store.
+     * Initializes this subsystem with the given configuration store.
      * <P>
-     *
+     * 
      * @param owner owner of this subsystem
      * @param config configuration store
      * @exception EBaseException failed to initialize
      */
     public void init(ISubsystem owner, IConfigStore config)
-        throws EBaseException {
+            throws EBaseException {
         CMS.debug("ProfileSubsystem: start init");
         IPluginRegistry registry = (IPluginRegistry)
-            CMS.getSubsystem(CMS.SUBSYSTEM_REGISTRY);
+                CMS.getSubsystem(CMS.SUBSYSTEM_REGISTRY);
 
         mConfig = config;
         mOwner = owner;
@@ -100,7 +97,7 @@ public class ProfileSubsystem implements IProfileSubsystem {
             String configPath = subStore.getString(PROP_CONFIG);
 
             CMS.debug("Start Profile Creation - " + id + " " + classid + " " + info.getClassName());
-            IProfile profile = createProfile(id, classid, info.getClassName(), 
+            IProfile profile = createProfile(id, classid, info.getClassName(),
                     configPath);
 
             CMS.debug("Done Profile Creation - " + id);
@@ -112,15 +109,15 @@ public class ProfileSubsystem implements IProfileSubsystem {
             String id = (String) ee.nextElement();
 
             CMS.debug("Registered Confirmation - " + id);
-        }	
+        }
     }
 
     /**
      * Creates a profile instance.
      */
-    public IProfile createProfile(String id, String classid, String className, 
-        String configPath)
-        throws EProfileException {
+    public IProfile createProfile(String id, String classid, String className,
+            String configPath)
+            throws EProfileException {
         IProfile profile = null;
 
         try {
@@ -143,11 +140,11 @@ public class ProfileSubsystem implements IProfileSubsystem {
     }
 
     public void deleteProfile(String id, String configPath) throws EProfileException {
-    
+
         if (isProfileEnable(id)) {
             throw new EProfileException("CMS_PROFILE_DELETE_ENABLEPROFILE");
         }
-        
+
         String ids = "";
         try {
             ids = mConfig.getString(PROP_LIST, "");
@@ -166,7 +163,7 @@ public class ProfileSubsystem implements IProfileSubsystem {
         }
         if (!list.equals(""))
             list = list.substring(0, list.length() - 1);
- 
+
         mConfig.putString(PROP_LIST, list);
         mConfig.removeSubStore(id);
         File file1 = new File(configPath);
@@ -181,13 +178,13 @@ public class ProfileSubsystem implements IProfileSubsystem {
         }
     }
 
-    public void createProfileConfig(String id, String classId, 
-        String configPath)
-        throws EProfileException {
+    public void createProfileConfig(String id, String classId,
+            String configPath)
+            throws EProfileException {
         try {
             if (mProfiles.size() > 0) {
-                mConfig.putString(PROP_LIST, 
-                    mConfig.getString(PROP_LIST) + "," + id);
+                mConfig.putString(PROP_LIST,
+                        mConfig.getString(PROP_LIST) + "," + id);
             } else {
                 mConfig.putString(PROP_LIST, id);
             }
@@ -207,8 +204,8 @@ public class ProfileSubsystem implements IProfileSubsystem {
     }
 
     /**
-     * Stops this system. The owner may call shutdown
-     * anytime after initialization.
+     * Stops this system. The owner may call shutdown anytime after
+     * initialization.
      * <P>
      */
     public void shutdown() {
@@ -222,7 +219,7 @@ public class ProfileSubsystem implements IProfileSubsystem {
     /**
      * Returns the root configuration storage of this system.
      * <P>
-     *
+     * 
      * @return configuration store of this subsystem
      */
     public IConfigStore getConfigStore() {
@@ -233,7 +230,7 @@ public class ProfileSubsystem implements IProfileSubsystem {
      * Adds a profile.
      */
     public void addProfile(String id, IProfile profile)
-        throws EProfileException {
+            throws EProfileException {
     }
 
     public boolean isProfileEnable(String id) {
@@ -267,7 +264,7 @@ public class ProfileSubsystem implements IProfileSubsystem {
      * Enables a profile for execution.
      */
     public void enableProfile(String id, String enableBy)
-        throws EProfileException {
+            throws EProfileException {
         IProfile profile = (IProfile) mProfiles.get(id);
 
         profile.getConfigStore().putString(PROP_ENABLE, "true");
@@ -282,7 +279,7 @@ public class ProfileSubsystem implements IProfileSubsystem {
      * Disables a profile for execution.
      */
     public void disableProfile(String id)
-        throws EProfileException {
+            throws EProfileException {
         IProfile profile = (IProfile) mProfiles.get(id);
 
         profile.getConfigStore().putString(PROP_ENABLE, "false");
@@ -296,7 +293,7 @@ public class ProfileSubsystem implements IProfileSubsystem {
      * Retrieves a profile by id.
      */
     public IProfile getProfile(String id)
-        throws EProfileException {
+            throws EProfileException {
         return (IProfile) mProfiles.get(id);
     }
 
@@ -305,8 +302,7 @@ public class ProfileSubsystem implements IProfileSubsystem {
     }
 
     /**
-     * Retrieves a list of profile ids. The return
-     * list is of type String.
+     * Retrieves a list of profile ids. The return list is of type String.
      */
     public Enumeration<String> getProfileIds() {
         return mProfileIds.elements();
@@ -314,15 +310,14 @@ public class ProfileSubsystem implements IProfileSubsystem {
 
     /**
      * Checks if owner id should be enforced during profile approval.
-     *
+     * 
      * @return true if approval should be checked
      */
-    public boolean checkOwner()
-    {
+    public boolean checkOwner() {
         try {
-          return mConfig.getBoolean(PROP_CHECK_OWNER, false);
+            return mConfig.getBoolean(PROP_CHECK_OWNER, false);
         } catch (EBaseException e) {
-          return false;
+            return false;
         }
     }
 }
diff --git a/pki/base/common/src/com/netscape/cmscore/registry/PluginInfo.java b/pki/base/common/src/com/netscape/cmscore/registry/PluginInfo.java
index 2766bcdb..c65626a1 100644
--- a/pki/base/common/src/com/netscape/cmscore/registry/PluginInfo.java
+++ b/pki/base/common/src/com/netscape/cmscore/registry/PluginInfo.java
@@ -17,16 +17,13 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cmscore.registry;
 
-
 import java.util.Locale;
 
 import com.netscape.certsrv.registry.IPluginInfo;
 
-
 /**
- * The plugin information includes id, name, 
- * classname, and description.
- *
+ * The plugin information includes id, name, classname, and description.
+ * 
  * @author thomask
  */
 public class PluginInfo implements IPluginInfo {
diff --git a/pki/base/common/src/com/netscape/cmscore/registry/PluginRegistry.java b/pki/base/common/src/com/netscape/cmscore/registry/PluginRegistry.java
index 20c9cef0..2f82248a 100644
--- a/pki/base/common/src/com/netscape/cmscore/registry/PluginRegistry.java
+++ b/pki/base/common/src/com/netscape/cmscore/registry/PluginRegistry.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cmscore.registry;
 
-
 import java.util.Enumeration;
 import java.util.Hashtable;
 import java.util.Locale;
@@ -31,7 +30,6 @@ import com.netscape.certsrv.registry.ERegistryException;
 import com.netscape.certsrv.registry.IPluginInfo;
 import com.netscape.certsrv.registry.IPluginRegistry;
 
-
 public class PluginRegistry implements IPluginRegistry {
 
     private static final String PROP_TYPES = "types";
@@ -44,7 +42,7 @@ public class PluginRegistry implements IPluginRegistry {
     private IConfigStore mConfig = null;
     private IConfigStore mFileConfig = null;
     private ISubsystem mOwner = null;
-    private Hashtable<String, Hashtable <String ,IPluginInfo>> mTypes = new Hashtable<String, Hashtable<String, IPluginInfo>>();
+    private Hashtable<String, Hashtable<String, IPluginInfo>> mTypes = new Hashtable<String, Hashtable<String, IPluginInfo>>();
 
     public PluginRegistry() {
     }
@@ -53,7 +51,7 @@ public class PluginRegistry implements IPluginRegistry {
      * Retrieves the name of this subsystem.
      */
     public String getId() {
-        return null; 
+        return null;
     }
 
     /**
@@ -63,16 +61,15 @@ public class PluginRegistry implements IPluginRegistry {
     }
 
     /**
-     * Initializes this subsystem with the given configuration
-     * store.
+     * Initializes this subsystem with the given configuration store.
      * <P>
-     *
+     * 
      * @param owner owner of this subsystem
      * @param config configuration store
      * @exception EBaseException failed to initialize
      */
     public void init(ISubsystem owner, IConfigStore config)
-        throws EBaseException {
+            throws EBaseException {
         CMS.debug("RegistrySubsystem: start init");
         mConfig = config;
         mOwner = owner;
@@ -103,7 +100,7 @@ public class PluginRegistry implements IPluginRegistry {
      * Load plugins of the given type.
      */
     public void loadPlugins(IConfigStore config, String type)
-        throws EBaseException {
+            throws EBaseException {
         String ids_str = null;
 
         try {
@@ -122,7 +119,6 @@ public class PluginRegistry implements IPluginRegistry {
         }
     }
 
-
     public IPluginInfo createPluginInfo(String name, String desc, String classPath) {
         return new PluginInfo(name, desc, classPath);
     }
@@ -131,7 +127,7 @@ public class PluginRegistry implements IPluginRegistry {
      * Load plugins of the given type.
      */
     public void loadPlugin(IConfigStore config, String type, String id)
-        throws EBaseException {
+            throws EBaseException {
         String name = null;
 
         try {
@@ -147,7 +143,7 @@ public class PluginRegistry implements IPluginRegistry {
         String classpath = null;
 
         try {
-            classpath = mFileConfig.getString(type + "." + id + "." + PROP_CLASSPATH, 
+            classpath = mFileConfig.getString(type + "." + id + "." + PROP_CLASSPATH,
                         null);
         } catch (EBaseException e) {
         }
@@ -157,23 +153,23 @@ public class PluginRegistry implements IPluginRegistry {
     }
 
     public void removePluginInfo(String type, String id)
-        throws ERegistryException {
+            throws ERegistryException {
         Hashtable<String, IPluginInfo> plugins = mTypes.get(type);
         if (plugins == null)
-          return;
+            return;
         plugins.remove(id);
         Locale locale = Locale.getDefault();
         rebuildConfigStore(locale);
     }
 
     public void addPluginInfo(String type, String id, IPluginInfo info)
-        throws ERegistryException {
+            throws ERegistryException {
         addPluginInfo(type, id, info, 1);
     }
 
     public void addPluginInfo(String type, String id, IPluginInfo info, int saveConfig)
-        throws ERegistryException {
-        Hashtable<String, IPluginInfo> plugins =  mTypes.get(type);
+            throws ERegistryException {
+        Hashtable<String, IPluginInfo> plugins = mTypes.get(type);
 
         if (plugins == null) {
             plugins = new Hashtable<String, IPluginInfo>();
@@ -181,17 +177,18 @@ public class PluginRegistry implements IPluginRegistry {
         }
         Locale locale = Locale.getDefault();
 
-        CMS.debug("added plugin " + type + " " + id + " " + 
-            info.getName(locale) + " " + info.getDescription(locale) + " " +
-            info.getClassName());
+        CMS.debug("added plugin " + type + " " + id + " " +
+                info.getName(locale) + " " + info.getDescription(locale) + " " +
+                info.getClassName());
         plugins.put(id, info);
 
         // rebuild configuration store
-        if (saveConfig == 1) rebuildConfigStore(locale);
+        if (saveConfig == 1)
+            rebuildConfigStore(locale);
     }
 
     public void rebuildConfigStore(Locale locale)
-        throws ERegistryException {
+            throws ERegistryException {
         Enumeration<String> types = mTypes.keys();
         StringBuffer typesBuf = new StringBuffer();
 
@@ -215,20 +212,20 @@ public class PluginRegistry implements IPluginRegistry {
                 }
                 IPluginInfo plugin = (IPluginInfo) mPlugins.get(id);
 
-                mFileConfig.putString(type + "." + id + ".class", 
-                    plugin.getClassName());
-                mFileConfig.putString(type + "." + id + ".name", 
-                    plugin.getName(locale));
-                mFileConfig.putString(type + "." + id + ".desc", 
-                    plugin.getDescription(locale));
+                mFileConfig.putString(type + "." + id + ".class",
+                        plugin.getClassName());
+                mFileConfig.putString(type + "." + id + ".name",
+                        plugin.getName(locale));
+                mFileConfig.putString(type + "." + id + ".desc",
+                        plugin.getDescription(locale));
             }
             mFileConfig.putString(type + ".ids", idsBuf.toString());
         }
         mFileConfig.putString("types", typesBuf.toString());
         try {
-          mFileConfig.commit(false);
+            mFileConfig.commit(false);
         } catch (EBaseException e) {
-          CMS.debug("PluginRegistry: failed to commit registry.cfg");
+            CMS.debug("PluginRegistry: failed to commit registry.cfg");
         }
     }
 
@@ -240,8 +237,8 @@ public class PluginRegistry implements IPluginRegistry {
     }
 
     /**
-     * Stops this system. The owner may call shutdown
-     * anytime after initialization.
+     * Stops this system. The owner may call shutdown anytime after
+     * initialization.
      * <P>
      */
     public void shutdown() {
@@ -252,7 +249,7 @@ public class PluginRegistry implements IPluginRegistry {
     /**
      * Returns the root configuration storage of this system.
      * <P>
-     *
+     * 
      * @return configuration store of this subsystem
      */
     public IConfigStore getConfigStore() {
@@ -274,7 +271,7 @@ public class PluginRegistry implements IPluginRegistry {
      * Returns a list of identifiers of the given type.
      */
     public Enumeration<String> getIds(String type) {
-        Hashtable<String, IPluginInfo> plugins =  mTypes.get(type);
+        Hashtable<String, IPluginInfo> plugins = mTypes.get(type);
 
         if (plugins == null)
             return null;
@@ -285,7 +282,7 @@ public class PluginRegistry implements IPluginRegistry {
      * Retrieves the plugin information.
      */
     public IPluginInfo getPluginInfo(String type, String id) {
-        Hashtable <String ,IPluginInfo> plugins = mTypes.get(type);
+        Hashtable<String, IPluginInfo> plugins = mTypes.get(type);
 
         if (plugins == null)
             return null;
diff --git a/pki/base/common/src/com/netscape/cmscore/request/ARequestQueue.java b/pki/base/common/src/com/netscape/cmscore/request/ARequestQueue.java
index 47418664..bb56a8b3 100644
--- a/pki/base/common/src/com/netscape/cmscore/request/ARequestQueue.java
+++ b/pki/base/common/src/com/netscape/cmscore/request/ARequestQueue.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cmscore.request;
 
-
 import java.io.ByteArrayInputStream;
 import java.io.ByteArrayOutputStream;
 import java.io.IOException;
@@ -63,31 +62,30 @@ import com.netscape.certsrv.request.PolicyResult;
 import com.netscape.certsrv.request.RequestId;
 import com.netscape.certsrv.request.RequestStatus;
 
-
 /**
- * The ARequestQueue class is an abstract class that implements
- * most portions of the IRequestQueue interface.  This includes
- * the state engine as defined for processing IRequest objects.
+ * The ARequestQueue class is an abstract class that implements most portions of
+ * the IRequestQueue interface. This includes the state engine as defined for
+ * processing IRequest objects.
  * <p>
  * !Put state machine description here!
  * <p>
- * This class defines several abstract protected functions that
- * need to be defined by the concrete implementation.  In
- * particular, this class does not implement the operations
- * for storing requests persistantly.
+ * This class defines several abstract protected functions that need to be
+ * defined by the concrete implementation. In particular, this class does not
+ * implement the operations for storing requests persistantly.
  * <p>
- * This class also provides several accessor functions for setting
- * fields in the IRequest object.  These functions are provided
- * as an aid to saving and restoring the state in the database.
+ * This class also provides several accessor functions for setting fields in the
+ * IRequest object. These functions are provided as an aid to saving and
+ * restoring the state in the database.
  * <p>
- * This class also implements the locking operations specified by
- * the IRequestQueue interface.
+ * This class also implements the locking operations specified by the
+ * IRequestQueue interface.
  * <p>
+ * 
  * @author thayes
  * @version $Revision$ $Date$
  */
 public abstract class ARequestQueue
-    implements IRequestQueue {
+        implements IRequestQueue {
 
     /**
      * global request version for tracking request changes.
@@ -97,37 +95,35 @@ public abstract class ARequestQueue
     /**
      * Create a new (unique) RequestId. (abstract)
      * <p>
-     * This method must be implemented by the specialized class to
-     * generate a new id from data in the persistant store.  This id
-     * is used to create a new request object.
+     * This method must be implemented by the specialized class to generate a
+     * new id from data in the persistant store. This id is used to create a new
+     * request object.
      * <p>
-     * @return
-     *    a new RequestId object.
-     * @exception EBaseException
-     *    indicates that creation of the new id could not be completed.
+     * 
+     * @return a new RequestId object.
+     * @exception EBaseException indicates that creation of the new id could not
+     *                be completed.
      * @see RequestId
      */
     protected abstract RequestId newRequestId()
-        throws EBaseException;
+            throws EBaseException;
 
     /**
      * Read a request from the persistant store. (abstract)
      * <p>
-     * This function is called to create the in-memory version of
-     * a request object.
+     * This function is called to create the in-memory version of a request
+     * object.
      * <p>
-     * The implementation of this object can use the createRequest
-     * member function to create a new instance of an IRequest, and
-     * use the setRequestStatus, setCreationTime and setModificationTime
-     * functions to set those values.
+     * The implementation of this object can use the createRequest member
+     * function to create a new instance of an IRequest, and use the
+     * setRequestStatus, setCreationTime and setModificationTime functions to
+     * set those values.
      * <p>
-     * @param id
-     *    the id of the request to read.
-     * @return
-     *    a new IRequest object. null is returned if the object cannot
-     *    be located.
-     * @exception EBaseException
-     *    TODO: this is not implemented yet
+     * 
+     * @param id the id of the request to read.
+     * @return a new IRequest object. null is returned if the object cannot be
+     *         located.
+     * @exception EBaseException TODO: this is not implemented yet
      * @see #createRequest
      * @see #setRequestStatus
      * @see #setModificationTime
@@ -138,56 +134,51 @@ public abstract class ARequestQueue
     /**
      * Add the request to the store. (abstract)
      * <p>
-     * This function is called when a new request immediately after
-     * creating a new request.
+     * This function is called when a new request immediately after creating a
+     * new request.
      * <p>
-     * @param request
-     *    the request to add.
-     * @exception EBaseException
-     *    TODO: this is not implemented yet
+     * 
+     * @param request the request to add.
+     * @exception EBaseException TODO: this is not implemented yet
      */
     protected abstract void addRequest(IRequest request) throws EBaseException;
 
     /**
      * Modify the request in the store. (abstract)
      * <p>
-     * Update the persistant copy of this request with the
-     * current values in the object.
+     * Update the persistant copy of this request with the current values in the
+     * object.
      * <p>
-     * Currently there are no hints for what has changed, so
-     * the entire request should be updated.
+     * Currently there are no hints for what has changed, so the entire request
+     * should be updated.
      * <p>
+     * 
      * @param request
-     * @exception EBaseException
-     *    TODO: this is not implemented yet
+     * @exception EBaseException TODO: this is not implemented yet
      */
     protected abstract void modifyRequest(IRequest request);
 
     /**
-     * Get complete list of RequestId values found i this
-     * queue.
+     * Get complete list of RequestId values found i this queue.
      * <p>
-     * This method can form the basis for creating other types
-     * of search/list operations (although there are probably more
-     * efficient ways of doing this.  ARequestQueue implements
-     * default versions of some of the searching by using this
-     * method as a basis.
+     * This method can form the basis for creating other types of search/list
+     * operations (although there are probably more efficient ways of doing
+     * this. ARequestQueue implements default versions of some of the searching
+     * by using this method as a basis.
      * <p>
-     * TODO: return IRequestList -or- just use listRequests as
-     * the basic engine.
+     * TODO: return IRequestList -or- just use listRequests as the basic engine.
      * <p>
-     * @return
-     *    an Enumeration that generates RequestId objects.
+     * 
+     * @return an Enumeration that generates RequestId objects.
      */
     abstract protected Enumeration<RequestId> getRawList();
 
     /**
      * protected access for setting the current state of a request.
      * <p>
-     * @param request
-     *    The request to be modified.
-     * @param status
-     *    The new value for the request status.
+     * 
+     * @param request The request to be modified.
+     * @param status The new value for the request status.
      */
     protected final void setRequestStatus(IRequest request, RequestStatus status) {
         Request r = (Request) request;
@@ -198,10 +189,9 @@ public abstract class ARequestQueue
     /**
      * protected access for setting the modification time of a request.
      * <p>
-     * @param request
-     *    The request to be modified.
-     * @param date
-     *    The new value for the time.
+     * 
+     * @param request The request to be modified.
+     * @param date The new value for the time.
      */
     protected final void setModificationTime(IRequest request, Date date) {
         Request r = (Request) request;
@@ -212,10 +202,9 @@ public abstract class ARequestQueue
     /**
      * protected access for setting the creation time of a request.
      * <p>
-     * @param request
-     *    The request to be modified.
-     * @param date
-     *    The new value for the time.
+     * 
+     * @param request The request to be modified.
+     * @param date The new value for the time.
      */
     protected final void setCreationTime(IRequest request, Date date) {
         Request r = (Request) request;
@@ -226,20 +215,19 @@ public abstract class ARequestQueue
     /**
      * protected access for creating a new Request object
      * <p>
-     * @param id
-     *    The identifier for the new request
-     * @return
-     *    A new request object.  The caller should fill in other data
-     *    values from the datastore.
+     * 
+     * @param id The identifier for the new request
+     * @return A new request object. The caller should fill in other data values
+     *         from the datastore.
      */
     protected final IRequest createRequest(RequestId id, String requestType) {
         Request r;
 
         /*
          * Determine the specialized class to create for this type
-         *
-         * TODO: this set of classes is an example only.  The real set
-         *   needs to be determined and implemented.
+         * 
+         * TODO: this set of classes is an example only. The real set needs to
+         * be determined and implemented.
          */
         if (requestType != null && requestType.equals("enrollment")) {
             r = new EnrollmentRequest(id);
@@ -251,12 +239,13 @@ public abstract class ARequestQueue
     }
 
     /**
-     * Implements IRequestQueue.newRequest 
+     * Implements IRequestQueue.newRequest
      * <p>
+     * 
      * @see IRequestQueue#newRequest
      */
     public IRequest newRequest(String requestType)
-        throws EBaseException {
+            throws EBaseException {
         if (requestType == null) {
             throw new EBaseException(CMS.getUserMessage("CMS_BASE_INVALID_REQUEST_TYPE", "null"));
         }
@@ -288,16 +277,18 @@ public abstract class ARequestQueue
     /**
      * Implements IRequestQueue.cloneRequest
      * <p>
+     * 
      * @see IRequestQueue#cloneRequest
      */
-    public IRequest cloneRequest(IRequest r) 
-        throws EBaseException {
-        // 1. check for valid state. (Are any invalid ?) 
+    public IRequest cloneRequest(IRequest r)
+            throws EBaseException {
+        // 1. check for valid state. (Are any invalid ?)
         RequestStatus rs = r.getRequestStatus();
 
-        if (rs == RequestStatus.BEGIN) throw new EBaseException("Invalid Status");
+        if (rs == RequestStatus.BEGIN)
+            throw new EBaseException("Invalid Status");
 
-            // 2. create new request 
+        // 2. create new request
         String reqType = r.getRequestType();
         IRequest clone = newRequest(reqType);
 
@@ -317,10 +308,11 @@ public abstract class ARequestQueue
     /**
      * Implements IRequestQueue.findRequest
      * <p>
+     * 
      * @see IRequestQueue#findRequest
      */
     public IRequest findRequest(RequestId id)
-        throws EBaseException {
+            throws EBaseException {
         IRequest r;
 
         // mTable.lock(id);
@@ -328,12 +320,12 @@ public abstract class ARequestQueue
         r = readRequest(id);
 
         // if (r == null) mTable.unlock(id);
-      
+
         return r;
     }
 
     private IRequestScheduler mRequestScheduler = null;
- 
+
     public void setRequestScheduler(IRequestScheduler scheduler) {
         mRequestScheduler = scheduler;
     }
@@ -345,10 +337,11 @@ public abstract class ARequestQueue
     /**
      * Implements IRequestQueue.processRequest
      * <p>
+     * 
      * @see IRequestQueue#processRequest
      */
     public final void processRequest(IRequest r)
-        throws EBaseException {
+            throws EBaseException {
 
         // #610553 Thread Scheduler
         IRequestScheduler scheduler = getRequestScheduler();
@@ -361,7 +354,8 @@ public abstract class ARequestQueue
             // 1. Check for valid state
             RequestStatus rs = r.getRequestStatus();
 
-            if (rs != RequestStatus.BEGIN) throw new EBaseException("Invalid Status");
+            if (rs != RequestStatus.BEGIN)
+                throw new EBaseException("Invalid Status");
 
             stateEngine(r);
         } finally {
@@ -374,19 +368,21 @@ public abstract class ARequestQueue
     /**
      * Implements IRequestQueue.markRequestPending
      * <p>
+     * 
      * @see IRequestQueue#markRequestPending
      */
     public final void markRequestPending(IRequest r)
-        throws EBaseException {
+            throws EBaseException {
         // 1. Check for valid state
         RequestStatus rs = r.getRequestStatus();
 
-        if (rs != RequestStatus.BEGIN) throw new EBaseException("Invalid Status");
+        if (rs != RequestStatus.BEGIN)
+            throw new EBaseException("Invalid Status");
 
-            // 2. Change the request state.  This method of making
-            // a request PENDING does NOT invoke the PENDING notifiers.
-            // To change this, just call stateEngine at the completion of this
-            // routine.
+        // 2. Change the request state. This method of making
+        // a request PENDING does NOT invoke the PENDING notifiers.
+        // To change this, just call stateEngine at the completion of this
+        // routine.
         setRequestStatus(r, RequestStatus.PENDING);
 
         updateRequest(r);
@@ -396,10 +392,11 @@ public abstract class ARequestQueue
     /**
      * Implements IRequestQueue.cloneAndMarkPending
      * <p>
+     * 
      * @see IRequestQueue#cloneAndMarkPending
      */
-    public IRequest cloneAndMarkPending(IRequest r) 
-        throws EBaseException {
+    public IRequest cloneAndMarkPending(IRequest r)
+            throws EBaseException {
         IRequest clone = cloneRequest(r);
 
         markRequestPending(clone);
@@ -409,14 +406,16 @@ public abstract class ARequestQueue
     /**
      * Implements IRequestQueue.approveRequest
      * <p>
+     * 
      * @see IRequestQueue#approveRequest
      */
     public final void approveRequest(IRequest r)
-        throws EBaseException {
+            throws EBaseException {
         // 1. Check for valid state
         RequestStatus rs = r.getRequestStatus();
 
-        if (rs != RequestStatus.PENDING) throw new EBaseException("Invalid Status");
+        if (rs != RequestStatus.PENDING)
+            throw new EBaseException("Invalid Status");
 
         AgentApprovals aas = AgentApprovals.fromStringVector(
                 r.getExtDataInStringVector(AgentApprovals.class.getName()));
@@ -427,17 +426,18 @@ public abstract class ARequestQueue
         // Record agent who did this
         String agentName = getUserIdentity();
 
-        if (agentName == null) throw new EBaseException("Missing agent information");
+        if (agentName == null)
+            throw new EBaseException("Missing agent information");
 
         aas.addApproval(agentName);
-        r.setExtData(AgentApprovals.class.getName(), (Vector<?>)aas.toStringVector());
+        r.setExtData(AgentApprovals.class.getName(), (Vector<?>) aas.toStringVector());
 
         PolicyResult pr = mPolicy.apply(r);
 
         if (pr == PolicyResult.ACCEPTED) {
             setRequestStatus(r, RequestStatus.APPROVED);
         } else if (pr == PolicyResult.DEFERRED ||
-            pr == PolicyResult.REJECTED) {
+                pr == PolicyResult.REJECTED) {
         }
 
         // Always update. The policy code may have made changes to the
@@ -450,16 +450,18 @@ public abstract class ARequestQueue
     /**
      * Implements IRequestQueue.rejectRequest
      * <p>
+     * 
      * @see IRequestQueue#rejectRequest
      */
     public final void rejectRequest(IRequest r)
-        throws EBaseException {
+            throws EBaseException {
         // 1. Check for valid state
         RequestStatus rs = r.getRequestStatus();
 
-        if (rs != RequestStatus.PENDING) throw new EBaseException("Invalid Status");
+        if (rs != RequestStatus.PENDING)
+            throw new EBaseException("Invalid Status");
 
-            // 2. Change state
+        // 2. Change state
         setRequestStatus(r, RequestStatus.REJECTED);
         updateRequest(r);
 
@@ -470,10 +472,11 @@ public abstract class ARequestQueue
     /**
      * Implments IRequestQueue.cancelRequest
      * <p>
+     * 
      * @see IRequestQueue#cancelRequest
      */
     public final void cancelRequest(IRequest r)
-        throws EBaseException {
+            throws EBaseException {
         setRequestStatus(r, RequestStatus.CANCELED);
         updateRequest(r);
 
@@ -489,7 +492,8 @@ public abstract class ARequestQueue
         setRequestStatus(r, RequestStatus.COMPLETE);
         updateRequest(r);
 
-        if (mNotify != null) mNotify.notify(r);
+        if (mNotify != null)
+            mNotify.notify(r);
 
         return;
     }
@@ -497,10 +501,10 @@ public abstract class ARequestQueue
     /**
      * Implements IRequestQueue.listRequests
      * <p>
-     * Should be overridden by the specialized class if
-     * a more efficient method is available for implementing
-     * this operation.
+     * Should be overridden by the specialized class if a more efficient method
+     * is available for implementing this operation.
      * <P>
+     * 
      * @see IRequestQueue#listRequests
      */
     public IRequestList listRequests() {
@@ -510,10 +514,10 @@ public abstract class ARequestQueue
     /**
      * Implements IRequestQueue.listRequestsByStatus
      * <p>
-     * Should be overridden by the specialized class if
-     * a more efficient method is available for implementing
-     * this operation.
+     * Should be overridden by the specialized class if a more efficient method
+     * is available for implementing this operation.
      * <P>
+     * 
      * @see IRequestQueue#listRequestsByStatus
      */
     public IRequestList listRequestsByStatus(RequestStatus s) {
@@ -523,6 +527,7 @@ public abstract class ARequestQueue
     /**
      * Implements IRequestQueue.releaseRequest
      * <p>
+     * 
      * @see IRequestQueue#releaseRequest
      */
     public final void releaseRequest(IRequest request) {
@@ -534,17 +539,18 @@ public abstract class ARequestQueue
 
         String name = getUserIdentity();
 
-        if (name != null) r.setExtData(IRequest.UPDATED_BY, name);
+        if (name != null)
+            r.setExtData(IRequest.UPDATED_BY, name);
 
-            // TODO: use a state flag to determine whether to call
-            // addRequest or modifyRequest (see newRequest as well)
+        // TODO: use a state flag to determine whether to call
+        // addRequest or modifyRequest (see newRequest as well)
         modifyRequest(r);
     }
 
     // PRIVATE functions
 
     private final void stateEngine(IRequest r)
-        throws EBaseException {
+            throws EBaseException {
         boolean complete = false;
 
         while (!complete) {
@@ -618,14 +624,14 @@ public abstract class ARequestQueue
         // write the queue name and request id
         // write who changed it
         // write what change (which state change) was made
-        //   - new (processRequest)
-        //   - approve
-        //   - reject
+        // - new (processRequest)
+        // - approve
+        // - reject
 
         // Ordering
-        //  - make change in memory
-        //  - log change and result
-        //  - update record
+        // - make change in memory
+        // - log change and result
+        // - update record
     }
 
     /**
@@ -644,15 +650,15 @@ public abstract class ARequestQueue
      */
     public void recover() {
         if (CMS.isRunningMode()) {
-        RecoverThread t = new RecoverThread(this);
+            RecoverThread t = new RecoverThread(this);
 
-        t.start();
+            t.start();
         }
     }
 
     /**
-     * recover from a crash.  Resends all requests that are in
-     * the APPROVED state.
+     * recover from a crash. Resends all requests that are in the APPROVED
+     * state.
      */
     public void recoverWillBlock() {
         // Get a list of all requests that are APPROVED
@@ -665,7 +671,7 @@ public abstract class ARequestQueue
             try {
                 request = findRequest(rid);
 
-                //if (request == null) log_error
+                // if (request == null) log_error
 
                 // Recheck the status - should be the same!!
                 if (request.getRequestStatus() == RequestStatus.APPROVED) {
@@ -685,7 +691,7 @@ public abstract class ARequestQueue
 
     // Constructor
     protected ARequestQueue(IPolicy policy, IService service, INotify notify,
-        INotify pendingNotify) {
+            INotify pendingNotify) {
         mPolicy = policy;
         mService = service;
         mNotify = notify;
@@ -705,44 +711,30 @@ public abstract class ARequestQueue
     protected ILogger mLogger;
 }
 
-
 //
 // Table of RequestId values that are currently in use by some thread.
 // The fact that the request is in this table constitutes a lock
 // on the value.
 //
 /*
- class RequestIDTable {
- public synchronized void lock(RequestId id) {
- while (true) {
- if (mHashtable.put(id, id) == null)
- break;
-
- try {
- wait();
- } catch (InterruptedException e) {
- };
- }
- } 
-
- public synchronized void unlock(RequestId id) {
- mHashtable.remove(id);
-
- notifyAll();
- }
-
- // instance variables
- Hashtable mHashtable = new Hashtable(); 
- }
+ * class RequestIDTable { public synchronized void lock(RequestId id) { while
+ * (true) { if (mHashtable.put(id, id) == null) break;
+ * 
+ * try { wait(); } catch (InterruptedException e) { }; } }
+ * 
+ * public synchronized void unlock(RequestId id) { mHashtable.remove(id);
+ * 
+ * notifyAll(); }
+ * 
+ * // instance variables Hashtable mHashtable = new Hashtable(); }
  */
 
-
 //
-// Request - implementation of the IRequest interface.  This
+// Request - implementation of the IRequest interface. This
 // version is returned by ARequestQueue (and its derivatives)
 //
 class Request
-    implements IRequest {
+        implements IRequest {
     // IRequest.getRequestId
     public RequestId getRequestId() {
         return mRequestId;
@@ -835,8 +827,8 @@ class Request
         while (e.hasMoreElements()) {
             String key = (String) e.nextElement();
             if (!key.equals(IRequest.ISSUED_CERTS) &&
-                !key.equals(IRequest.ERRORS) &&
-                !key.equals(IRequest.REMOTE_REQID)) {
+                    !key.equals(IRequest.ERRORS) &&
+                    !key.equals(IRequest.REMOTE_REQID)) {
                 if (req.isSimpleExtDataValue(key)) {
                     setExtData(key, req.getExtDataInString(key));
                 } else {
@@ -848,15 +840,15 @@ class Request
 
     /**
      * This function used to check that the keys obeyed LDAP attribute name
-     * syntax rules.  Keys are being encoded now, so it is changed to just
-     * filter out null and empty string keys.
-     *
-     * @param key  The key to check
-     * @return  false if invalid
+     * syntax rules. Keys are being encoded now, so it is changed to just filter
+     * out null and empty string keys.
+     * 
+     * @param key The key to check
+     * @return false if invalid
      */
     protected boolean isValidExtDataKey(String key) {
         return key != null &&
-               (! key.equals(""));
+                (!key.equals(""));
     }
 
     protected boolean isValidExtDataHashtableValue(Hashtable<String, Object> hash) {
@@ -866,15 +858,14 @@ class Request
         Enumeration<String> keys = hash.keys();
         while (keys.hasMoreElements()) {
             Object key = keys.nextElement();
-            if (! ((key instanceof String) &&
-                    isValidExtDataKey((String)key)) ) {
+            if (!((key instanceof String) && isValidExtDataKey((String) key))) {
                 return false;
             }
             /*
-             * 	TODO  should the Value type be String?
+             * TODO should the Value type be String?
              */
             Object value = hash.get(key);
-            if (! (value instanceof String)) {
+            if (!(value instanceof String)) {
                 return false;
             }
         }
@@ -883,7 +874,7 @@ class Request
     }
 
     public boolean setExtData(String key, String value) {
-        if (! isValidExtDataKey(key)) {
+        if (!isValidExtDataKey(key)) {
             return false;
         }
         if (value == null) {
@@ -895,8 +886,8 @@ class Request
     }
 
     @SuppressWarnings("unchecked")
-	public boolean setExtData(String key, Hashtable<String, ?> value) {
-        if ( !(isValidExtDataKey(key) && isValidExtDataHashtableValue((Hashtable<String, Object>) value)) ) {
+    public boolean setExtData(String key, Hashtable<String, ?> value) {
+        if (!(isValidExtDataKey(key) && isValidExtDataHashtableValue((Hashtable<String, Object>) value))) {
             return false;
         }
 
@@ -913,22 +904,22 @@ class Request
         if (value == null) {
             return null;
         }
-        if (! (value instanceof String)) {
+        if (!(value instanceof String)) {
             return null;
         }
-        return (String)value;
+        return (String) value;
     }
 
     @SuppressWarnings("unchecked")
-	public <V> Hashtable<String, V> getExtDataInHashtable(String key) {
+    public <V> Hashtable<String, V> getExtDataInHashtable(String key) {
         Object value = mExtData.get(key);
         if (value == null) {
             return null;
         }
-        if (! (value instanceof Hashtable)) {
+        if (!(value instanceof Hashtable)) {
             return null;
         }
-        return new ExtDataHashtable<V>((Map<? extends String, ? extends V>)value);
+        return new ExtDataHashtable<V>((Map<? extends String, ? extends V>) value);
     }
 
     public Enumeration<String> getExtDataKeys() {
@@ -940,7 +931,7 @@ class Request
     }
 
     public boolean setExtData(String key, String subkey, String value) {
-        if (! (isValidExtDataKey(key) && isValidExtDataKey(subkey)) ) {
+        if (!(isValidExtDataKey(key) && isValidExtDataKey(subkey))) {
             return false;
         }
         if (isSimpleExtDataValue(key)) {
@@ -951,7 +942,7 @@ class Request
         }
 
         @SuppressWarnings("unchecked")
-		Hashtable<String, String> existingValue = (Hashtable<String, String>)mExtData.get(key);
+        Hashtable<String, String> existingValue = (Hashtable<String, String>) mExtData.get(key);
         if (existingValue == null) {
             existingValue = new ExtDataHashtable<String>();
             mExtData.put(key, existingValue);
@@ -965,7 +956,7 @@ class Request
         if (value == null) {
             return null;
         }
-        return (String)value.get(subkey);
+        return (String) value.get(subkey);
     }
 
     public boolean setExtData(String key, Integer value) {
@@ -1229,7 +1220,7 @@ class Request
             return false;
         }
         try {
-            stringArray = (String[])stringVector.toArray(new String[0]);
+            stringArray = (String[]) stringVector.toArray(new String[0]);
         } catch (ArrayStoreException e) {
             return false;
         }
@@ -1392,7 +1383,7 @@ class Request
             listValue.set(index,
                     hashValue.get(arrayKey));
         }
-        return (String[])listValue.toArray(new String[0]);
+        return (String[]) listValue.toArray(new String[0]);
     }
 
     public IAttrSet asIAttrSet() {
@@ -1431,7 +1422,7 @@ class RequestIAttrSetWrapper implements IAttrSet {
 
     public void set(String name, Object obj) throws EBaseException {
         try {
-            mRequest.setExtData(name, (String)obj);
+            mRequest.setExtData(name, (String) obj);
         } catch (ClassCastException e) {
             throw new EBaseException(e.toString());
         }
@@ -1450,21 +1441,19 @@ class RequestIAttrSetWrapper implements IAttrSet {
     }
 }
 
-
 /**
  * Example of a specialized request class.
  */
 class EnrollmentRequest
-    extends Request
-    implements IEnrollmentRequest {
+        extends Request
+        implements IEnrollmentRequest {
     EnrollmentRequest(RequestId id) {
         super(id);
     }
 }
 
-
 class RequestListByStatus
-    implements IRequestList {
+        implements IRequestList {
     public boolean hasMoreElements() {
         return (mNext != null);
     }
@@ -1507,14 +1496,16 @@ class RequestListByStatus
         mNext = null;
 
         while (mNext == null) {
-            if (!mEnumeration.hasMoreElements()) break;
-   
-            rId =  mEnumeration.nextElement();
+            if (!mEnumeration.hasMoreElements())
+                break;
+
+            rId = mEnumeration.nextElement();
 
             try {
                 IRequest r = mQueue.findRequest(rId);
 
-                if (r.getRequestStatus() == mStatus) mNext = rId;
+                if (r.getRequestStatus() == mStatus)
+                    mNext = rId;
 
                 mQueue.releaseRequest(r);
             } catch (Exception e) {
@@ -1524,13 +1515,12 @@ class RequestListByStatus
 
     protected RequestStatus mStatus;
     protected IRequestQueue mQueue;
-    protected Enumeration<RequestId> mEnumeration; 
+    protected Enumeration<RequestId> mEnumeration;
     protected RequestId mNext;
 }
 
-
 class RequestList
-    implements IRequestList {
+        implements IRequestList {
     public boolean hasMoreElements() {
         return mEnumeration.hasMoreElements();
     }
@@ -1555,10 +1545,9 @@ class RequestList
         mEnumeration = e;
     }
 
-    protected Enumeration<RequestId> mEnumeration; 
+    protected Enumeration<RequestId> mEnumeration;
 }
 
-
 class RecoverThread extends Thread {
     private ARequestQueue mQ = null;
 
diff --git a/pki/base/common/src/com/netscape/cmscore/request/ARequestRecord.java b/pki/base/common/src/com/netscape/cmscore/request/ARequestRecord.java
index f85beca0..14a6cbcf 100644
--- a/pki/base/common/src/com/netscape/cmscore/request/ARequestRecord.java
+++ b/pki/base/common/src/com/netscape/cmscore/request/ARequestRecord.java
@@ -17,22 +17,19 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cmscore.request;
 
-
 import java.util.Date;
 import java.util.Hashtable;
 
 import com.netscape.certsrv.request.RequestId;
 import com.netscape.certsrv.request.RequestStatus;
 
-
 /**
- * The low level (attributes only) version of the database
- * record object.  This exists so that RecordAttr methods can use
- * this type definition, 
+ * The low level (attributes only) version of the database record object. This
+ * exists so that RecordAttr methods can use this type definition,
  * 
  * RequestRecord refers both to this class and to RecordAttr objects.
  */
-class ARequestRecord { 
+class ARequestRecord {
     RequestId mRequestId;
     RequestStatus mRequestState;
     Date mCreateTime;
diff --git a/pki/base/common/src/com/netscape/cmscore/request/CertRequestConstants.java b/pki/base/common/src/com/netscape/cmscore/request/CertRequestConstants.java
index 7494b5e4..134166f6 100644
--- a/pki/base/common/src/com/netscape/cmscore/request/CertRequestConstants.java
+++ b/pki/base/common/src/com/netscape/cmscore/request/CertRequestConstants.java
@@ -17,15 +17,13 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cmscore.request;
 
-
 /**
- * temporary location for cert request constants. 
- * XXX we really need to centralize all these but for now they are here
- * as needed.
+ * temporary location for cert request constants. XXX we really need to
+ * centralize all these but for now they are here as needed.
  */
 public class CertRequestConstants {
-    // request types - these have string values. 
-    // made to match policy constants. 
+    // request types - these have string values.
+    // made to match policy constants.
     public final static String GETCRL_REQUEST = "getCRL";
     public final static String GETCACHAIN_REQUEST = "getCAChain";
     public final static String GETREVOCATIONINFO_REQUEST = "getRevocationInfo";
@@ -51,7 +49,7 @@ public class CertRequestConstants {
     // this has a CRLExtensions value.
     public final static String CRLEXTS = "CRLExts";
 
-    // this has a String value - it is either null or set. 
+    // this has a String value - it is either null or set.
     public final static String DOGETCACHAIN = "doGetCAChain";
 
     // this has a CertificateChain value.
@@ -64,7 +62,7 @@ public class CertRequestConstants {
     public final static String CERTIFICATE = "certificate";
 
     // this is an array of EBaseException for service errors when
-    // there's an error processing an array of something such as 
+    // there's an error processing an array of something such as
     // certs to renew, certs to revoke, etc.
     public final static String SVCERRORS = "serviceErrors";
 
diff --git a/pki/base/common/src/com/netscape/cmscore/request/ExtDataHashtable.java b/pki/base/common/src/com/netscape/cmscore/request/ExtDataHashtable.java
index e3c1908e..8bc4d982 100644
--- a/pki/base/common/src/com/netscape/cmscore/request/ExtDataHashtable.java
+++ b/pki/base/common/src/com/netscape/cmscore/request/ExtDataHashtable.java
@@ -6,9 +6,9 @@ import java.util.Map;
 import java.util.Set;
 
 /**
- * Subclass of Hashtable returned by IRequest.getExtDataInHashtable.  Its
- * purpose is to hide the fact that LDAP doesn't preserve the case of keys.
- * It does this by lowercasing all keys used to access the Hashtable.
+ * Subclass of Hashtable returned by IRequest.getExtDataInHashtable. Its purpose
+ * is to hide the fact that LDAP doesn't preserve the case of keys. It does this
+ * by lowercasing all keys used to access the Hashtable.
  */
 public class ExtDataHashtable<V> extends Hashtable<String, V> {
 
@@ -38,7 +38,7 @@ public class ExtDataHashtable<V> extends Hashtable<String, V> {
 
     public boolean containsKey(Object o) {
         if (o instanceof String) {
-            String key = (String)o;
+            String key = (String) o;
             return super.containsKey(key.toLowerCase());
         }
         return super.containsKey(o);
@@ -46,7 +46,7 @@ public class ExtDataHashtable<V> extends Hashtable<String, V> {
 
     public V get(Object o) {
         if (o instanceof String) {
-            String key = (String)o;
+            String key = (String) o;
             return super.get(key.toLowerCase());
         }
         return super.get(o);
@@ -54,7 +54,7 @@ public class ExtDataHashtable<V> extends Hashtable<String, V> {
 
     public V put(String oKey, V val) {
         if (oKey instanceof String) {
-            String key = (String)oKey;
+            String key = (String) oKey;
             return super.put(key.toLowerCase(), val);
         }
         return super.put(oKey, val);
@@ -62,16 +62,15 @@ public class ExtDataHashtable<V> extends Hashtable<String, V> {
 
     public void putAll(Map<? extends String, ? extends V> map) {
         Set<? extends String> keys = map.keySet();
-        for (Iterator<? extends String> i = keys.iterator();
-             i.hasNext();) {
+        for (Iterator<? extends String> i = keys.iterator(); i.hasNext();) {
             Object key = i.next();
-            put((String)key, map.get(key));
+            put((String) key, map.get(key));
         }
     }
 
     public V remove(Object o) {
         if (o instanceof String) {
-            String key = (String)o;
+            String key = (String) o;
             return super.remove(key.toLowerCase());
         }
         return super.remove(o);
diff --git a/pki/base/common/src/com/netscape/cmscore/request/RequestAttr.java b/pki/base/common/src/com/netscape/cmscore/request/RequestAttr.java
index 4583a1fa..d7ac32be 100644
--- a/pki/base/common/src/com/netscape/cmscore/request/RequestAttr.java
+++ b/pki/base/common/src/com/netscape/cmscore/request/RequestAttr.java
@@ -17,28 +17,24 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cmscore.request;
 
-
 import com.netscape.certsrv.dbs.IDBAttrMapper;
 import com.netscape.certsrv.dbs.Modification;
 import com.netscape.certsrv.dbs.ModificationSet;
 import com.netscape.certsrv.request.IRequest;
 import com.netscape.certsrv.request.ldap.IRequestMod;
 
-
 /**
- * The RequestAttr class defines the methods used
- * to transfer data between the various representations of
- * a request.  The three forms are:
- *  1) LDAPAttributes (and Modifications)
- *  2) Database record IDBAttrSet
- *  3) IRequest (Request) object
+ * The RequestAttr class defines the methods used to transfer data between the
+ * various representations of a request. The three forms are: 1) LDAPAttributes
+ * (and Modifications) 2) Database record IDBAttrSet 3) IRequest (Request)
+ * object
  */
 abstract class RequestAttr {
 
     /**
      * 
      */
-  
+
     abstract void set(ARequestRecord r, Object o);
 
     abstract Object get(ARequestRecord r);
diff --git a/pki/base/common/src/com/netscape/cmscore/request/RequestQueue.java b/pki/base/common/src/com/netscape/cmscore/request/RequestQueue.java
index b748f23b..b1a313c8 100644
--- a/pki/base/common/src/com/netscape/cmscore/request/RequestQueue.java
+++ b/pki/base/common/src/com/netscape/cmscore/request/RequestQueue.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cmscore.request;
 
-
 import java.math.BigInteger;
 import java.util.Date;
 import java.util.Enumeration;
@@ -43,13 +42,12 @@ import com.netscape.certsrv.request.ldap.IRequestMod;
 import com.netscape.cmscore.dbs.DBSubsystem;
 import com.netscape.cmscore.util.Debug;
 
-
 public class RequestQueue
-    extends ARequestQueue
-    implements IRequestMod {
+        extends ARequestQueue
+        implements IRequestMod {
     // ARequestQueue.newRequestId
     protected RequestId newRequestId()
-        throws EBaseException {
+            throws EBaseException {
         // get the next request Id
         BigInteger next = mRepository.getNextSerialNumber();
 
@@ -63,7 +61,7 @@ public class RequestQueue
 
         // String name = Schema.LDAP_ATTR_REQUEST_ID + "=" +
         String name = "cn" + "=" +
-            id + "," + mBaseDN;
+                id + "," + mBaseDN;
 
         Object obj = null;
         IDBSSession dbs = null;
@@ -71,29 +69,29 @@ public class RequestQueue
         try {
             dbs = mDB.createSession();
             obj = dbs.read(name);
-        } catch (EBaseException e) { 
-            Debug.trace("Error: " + e); 
+        } catch (EBaseException e) {
+            Debug.trace("Error: " + e);
             Debug.printStackTrace(e);
         } finally {
             // Close session - ignoring errors (UTIL)
-            if (dbs != null) try {
+            if (dbs != null)
+                try {
                     dbs.close();
                 } catch (EBaseException e) {
                 }
         }
 
         // TODO Errors!!!
-        if (obj == null || !(obj instanceof RequestRecord)) return null;
+        if (obj == null || !(obj instanceof RequestRecord))
+            return null;
 
         record = (RequestRecord) obj;
 
         /*
-         setRequestStatus(r, record.mRequestState);
-         r.setSourceId(record.mSourceId);
-         r.setRequestOwner(record.mOwner);
-         record.storeAttrs(r, record.mRequestAttrs);
-         setModificationTime(r, record.mModifyTime);
-         setCreationTime(r, record.mCreateTime);
+         * setRequestStatus(r, record.mRequestState);
+         * r.setSourceId(record.mSourceId); r.setRequestOwner(record.mOwner);
+         * record.storeAttrs(r, record.mRequestAttrs); setModificationTime(r,
+         * record.mModifyTime); setCreationTime(r, record.mCreateTime);
          */
         return makeRequest(record);
     }
@@ -107,20 +105,21 @@ public class RequestQueue
         // compute the name of the object
         // String name = Schema.LDAP_ATTR_REQUEST_ID + "=" +
         String name = "cn" + "=" +
-            record.mRequestId + "," + mBaseDN;
+                record.mRequestId + "," + mBaseDN;
 
         IDBSSession dbs = null;
 
         try {
             dbs = mDB.createSession();
             dbs.add(name, record);
-        } catch (EBaseException e) { 
-            Debug.trace("Error: " + e); 
+        } catch (EBaseException e) {
+            Debug.trace("Error: " + e);
             Debug.printStackTrace(e);
             throw e;
         } finally {
             // Close session - ignoring errors (UTIL)
-            if (dbs != null) try {
+            if (dbs != null)
+                try {
                     dbs.close();
                 } catch (EBaseException e) {
                 }
@@ -150,39 +149,39 @@ public class RequestQueue
         }
 
         /*
-         //
-         mods.add(IRequestRecord.ATTR_REQUEST_STATE,
-         Modification.MOD_REPLACE, r.getRequestStatus());
-
-         mods.add(IRequestRecord.ATTR_SOURCE_ID,
-         Modification.MOD_REPLACE, r.getSourceId());
-
-         mods.add(IRequestRecord.ATTR_REQUEST_OWNER,
-         Modification.MOD_REPLACE, r.getRequestOwner());
-
-         mods.add(IRequestRecord.ATTR_MODIFY_TIME,
-         Modification.MOD_REPLACE, r.getModificationTime());
-
-         java.util.Hashtable ht = RequestRecord.loadAttrs(r);
-         mods.add(RequestRecord.ATTR_REQUEST_ATTRS,
-         Modification.MOD_REPLACE, ht);
+         * // mods.add(IRequestRecord.ATTR_REQUEST_STATE,
+         * Modification.MOD_REPLACE, r.getRequestStatus());
+         * 
+         * mods.add(IRequestRecord.ATTR_SOURCE_ID, Modification.MOD_REPLACE,
+         * r.getSourceId());
+         * 
+         * mods.add(IRequestRecord.ATTR_REQUEST_OWNER, Modification.MOD_REPLACE,
+         * r.getRequestOwner());
+         * 
+         * mods.add(IRequestRecord.ATTR_MODIFY_TIME, Modification.MOD_REPLACE,
+         * r.getModificationTime());
+         * 
+         * java.util.Hashtable ht = RequestRecord.loadAttrs(r);
+         * mods.add(RequestRecord.ATTR_REQUEST_ATTRS, Modification.MOD_REPLACE,
+         * ht);
          */
 
         // String name = Schema.LDAP_ATTR_REQUEST_ID + "=" +
         String name = "cn" + "=" +
-            r.getRequestId() + "," + mBaseDN;
+                r.getRequestId() + "," + mBaseDN;
 
         IDBSSession dbs = null;
 
         try {
             dbs = mDB.createSession();
             dbs.modify(name, mods);
-        } catch (EBaseException e) { 
-            Debug.trace("Error: " + e); 
+        } catch (EBaseException e) {
+            Debug.trace("Error: " + e);
             Debug.printStackTrace(e);
         } finally {
             // Close session - ignoring errors (UTIL)
-            if (dbs != null) try {
+            if (dbs != null)
+                try {
                     dbs.close();
                 } catch (EBaseException e) {
                 }
@@ -218,34 +217,30 @@ public class RequestQueue
     /**
      * Resets serial number.
      */
-    public void resetSerialNumber(BigInteger serial) throws EBaseException
-    {
+    public void resetSerialNumber(BigInteger serial) throws EBaseException {
         mRepository.resetSerialNumber(serial);
     }
-                                                                                
+
     /**
      * Removes all objects with this repository.
      */
-    public void removeAllObjects() throws EBaseException
-    {
+    public void removeAllObjects() throws EBaseException {
         mRepository.removeAllObjects();
     }
 
-    public BigInteger getLastRequestIdInRange(BigInteger  reqId_low_bound, BigInteger reqId_upper_bound)
-    {
+    public BigInteger getLastRequestIdInRange(BigInteger reqId_low_bound, BigInteger reqId_upper_bound) {
         CMS.debug("RequestQueue: getLastRequestId: low " + reqId_low_bound + " high " + reqId_upper_bound);
-        if(reqId_low_bound == null || reqId_upper_bound == null || reqId_low_bound.compareTo(reqId_upper_bound) >= 0)
-        {
+        if (reqId_low_bound == null || reqId_upper_bound == null || reqId_low_bound.compareTo(reqId_upper_bound) >= 0) {
             CMS.debug("RequestQueue: getLastRequestId: bad upper and lower bound range.");
             return null;
         }
 
-        String filter = "(" + "requeststate" + "=*"  + ")";
+        String filter = "(" + "requeststate" + "=*" + ")";
 
         RequestId fromId = new RequestId(reqId_upper_bound.toString(10));
 
         CMS.debug("RequestQueue: getLastRequestId: filter " + filter + " fromId " + fromId);
-        ListEnumeration recList = (ListEnumeration) getPagedRequestsByFilter(fromId,filter,5 * -1,"requestId");
+        ListEnumeration recList = (ListEnumeration) getPagedRequestsByFilter(fromId, filter, 5 * -1, "requestId");
 
         int size = recList.getSize();
 
@@ -272,33 +267,29 @@ public class RequestQueue
 
         String reqId = null;
 
-        for(int i = 0; i < 5; i++)
-        {
-             curRec = recList.getElementAt(i);
-
-             if(curRec != null) {
+        for (int i = 0; i < 5; i++) {
+            curRec = recList.getElementAt(i);
 
-                 curId = curRec.getRequestId();
+            if (curRec != null) {
 
-                 reqId = curId.toString();
+                curId = curRec.getRequestId();
 
-                 CMS.debug("RequestQueue: curReqId: " + reqId);
+                reqId = curId.toString();
 
-                 BigInteger curIdInt = new BigInteger(reqId);
+                CMS.debug("RequestQueue: curReqId: " + reqId);
 
+                BigInteger curIdInt = new BigInteger(reqId);
 
-                 if(  ((curIdInt.compareTo(reqId_low_bound) == 0) || (curIdInt.compareTo(reqId_low_bound) == 1) ) &&
-                       ((curIdInt.compareTo(reqId_upper_bound) == 0) || (curIdInt.compareTo(reqId_upper_bound) == -1) ))
-                  {
-                      CMS.debug("RequestQueue: getLastRequestId : returning value " + curIdInt);
-                      return curIdInt;
-                  }
+                if (((curIdInt.compareTo(reqId_low_bound) == 0) || (curIdInt.compareTo(reqId_low_bound) == 1)) &&
+                        ((curIdInt.compareTo(reqId_upper_bound) == 0) || (curIdInt.compareTo(reqId_upper_bound) == -1))) {
+                    CMS.debug("RequestQueue: getLastRequestId : returning value " + curIdInt);
+                    return curIdInt;
+                }
 
-             }
+            }
 
         }
 
-
         BigInteger ret = new BigInteger(reqId_low_bound.toString(10));
 
         ret = ret.add(new BigInteger("-1"));
@@ -311,12 +302,14 @@ public class RequestQueue
     /**
      * Implements IRequestQueue.findRequestBySourceId
      * <p>
+     * 
      * @see com.netscape.certsrv.request.IRequestQueue#findRequestBySourceId
      */
     public RequestId findRequestBySourceId(String id) {
         IRequestList irl = findRequestsBySourceId(id);
 
-        if (irl == null) return null;
+        if (irl == null)
+            return null;
 
         return irl.nextRequestId();
     }
@@ -324,6 +317,7 @@ public class RequestQueue
     /**
      * Implements IRequestQueue.findRequestsBySourceId
      * <p>
+     * 
      * @see com.netscape.certsrv.request.IRequestQueue#findRequestsBySourceId
      */
     public IRequestList findRequestsBySourceId(String id) {
@@ -343,13 +337,15 @@ public class RequestQueue
             Debug.printStackTrace(e);
         } finally {
             // Close session - ignoring errors (UTIL)
-            if (dbs != null) try {
+            if (dbs != null)
+                try {
                     dbs.close();
                 } catch (EBaseException e) {
                 }
         }
 
-        if (results == null || !results.hasMoreElements()) return null;
+        if (results == null || !results.hasMoreElements())
+            return null;
 
         return new SearchEnumeration(this, results);
 
@@ -363,18 +359,20 @@ public class RequestQueue
         try {
             dbs = mDB.createSession();
             results = dbs.search(mBaseDN, "(requestId=*)");
-        } catch (EBaseException e) { 
-            Debug.trace("Error: " + e); 
+        } catch (EBaseException e) {
+            Debug.trace("Error: " + e);
             Debug.printStackTrace(e);
         } finally {
             // Close session - ignoring errors (UTIL)
-            if (dbs != null) try {
+            if (dbs != null)
+                try {
                     dbs.close();
                 } catch (EBaseException e) {
                 }
         }
 
-        if (results == null) return null;
+        if (results == null)
+            return null;
 
         return new SearchEnumeration(this, results);
     }
@@ -389,18 +387,20 @@ public class RequestQueue
         try {
             dbs = mDB.createSession();
             results = dbs.search(mBaseDN, f);
-        } catch (EBaseException e) { 
-            Debug.trace("Error: " + e); 
+        } catch (EBaseException e) {
+            Debug.trace("Error: " + e);
             Debug.printStackTrace(e);
         } finally {
             // Close session - ignoring errors (UTIL)
-            if (dbs != null) try {
+            if (dbs != null)
+                try {
                     dbs.close();
                 } catch (EBaseException e) {
                 }
         }
 
-        if (results == null) return null;
+        if (results == null)
+            return null;
 
         return new SearchEnumeration(this, results);
     }
@@ -411,7 +411,7 @@ public class RequestQueue
         IDBSearchResults results = null;
         IDBSSession dbs = null;
         String attrs[] = { IRequestRecord.ATTR_REQUEST_ID };
-            
+
         try {
             dbs = mDB.createSession();
             results = dbs.search(mBaseDN, f, maxSize);
@@ -420,14 +420,16 @@ public class RequestQueue
             Debug.printStackTrace(e);
         } finally {
             // Close session - ignoring errors (UTIL)
-            if (dbs != null) try {
+            if (dbs != null)
+                try {
                     dbs.close();
                 } catch (EBaseException e) {
                 }
         }
-    
-        if (results == null) return null;
-    
+
+        if (results == null)
+            return null;
+
         return new SearchEnumeration(this, results);
     }
 
@@ -446,13 +448,15 @@ public class RequestQueue
             Debug.printStackTrace(e);
         } finally {
             // Close session - ignoring errors (UTIL)
-            if (dbs != null) try {
+            if (dbs != null)
+                try {
                     dbs.close();
                 } catch (EBaseException e) {
                 }
         }
 
-        if (results == null) return null;
+        if (results == null)
+            return null;
 
         return new SearchEnumeration(this, results);
     }
@@ -473,18 +477,20 @@ public class RequestQueue
 
             dbs = mDB.createSession();
             results = dbs.search(mBaseDN, f1);
-        } catch (EBaseException e) { 
-            //System.err.println("Error: "+e); 
-            //e.printStackTrace();
+        } catch (EBaseException e) {
+            // System.err.println("Error: "+e);
+            // e.printStackTrace();
         } finally {
             // Close session - ignoring errors (UTIL)
-            if (dbs != null) try {
+            if (dbs != null)
+                try {
                     dbs.close();
                 } catch (EBaseException e) {
                 }
         }
 
-        if (results == null) return null;
+        if (results == null)
+            return null;
 
         return new SearchEnumeration(this, results);
     }
@@ -500,19 +506,19 @@ public class RequestQueue
      * Implements IRequestQueue.getPagedRequestsByFilter
      */
     public IRequestVirtualList
-    getPagedRequestsByFilter(String filter, int pageSize, String sortKey) {
+            getPagedRequestsByFilter(String filter, int pageSize, String sortKey) {
         return getPagedRequestsByFilter(null, filter, pageSize, sortKey);
     }
 
     public IRequestVirtualList
-    getPagedRequestsByFilter(RequestId from, String filter, int pageSize, 
-        String sortKey) {
-	return getPagedRequestsByFilter(from, false, filter, pageSize, sortKey);
+            getPagedRequestsByFilter(RequestId from, String filter, int pageSize,
+                    String sortKey) {
+        return getPagedRequestsByFilter(from, false, filter, pageSize, sortKey);
     }
 
     public IRequestVirtualList
-    getPagedRequestsByFilter(RequestId from, boolean jumpToEnd, String filter, int pageSize, 
-        String sortKey) {
+            getPagedRequestsByFilter(RequestId from, boolean jumpToEnd, String filter, int pageSize,
+                    String sortKey) {
         IDBVirtualList results = null;
         IDBSSession dbs = null;
 
@@ -525,24 +531,24 @@ public class RequestQueue
         try {
 
             if (from == null) {
-                results = dbs.createVirtualList(mBaseDN, filter, (String[]) null, 
+                results = dbs.createVirtualList(mBaseDN, filter, (String[]) null,
                             sortKey, pageSize);
             } else {
                 int len = from.toString().length();
                 String internalRequestId = null;
 
                 if (jumpToEnd) {
-			internalRequestId ="99";
-		} else {
-                if (len > 9) {
-                    internalRequestId = Integer.toString(len) + from.toString();
+                    internalRequestId = "99";
                 } else {
-                    internalRequestId = "0" + Integer.toString(len) + 
-                            from.toString();
+                    if (len > 9) {
+                        internalRequestId = Integer.toString(len) + from.toString();
+                    } else {
+                        internalRequestId = "0" + Integer.toString(len) +
+                                from.toString();
+                    }
                 }
-		}
 
-                results = dbs.createVirtualList(mBaseDN, filter, (String[]) null, 
+                results = dbs.createVirtualList(mBaseDN, filter, (String[]) null,
                             internalRequestId, sortKey, pageSize);
             }
         } catch (EBaseException e) {
@@ -556,7 +562,7 @@ public class RequestQueue
 
         try {
             results.setSortKey(sortKey);
-        } catch (EBaseException e) {//XXX
+        } catch (EBaseException e) {// XXX
             System.out.println(e.toString());
             return null;
         }
@@ -565,14 +571,14 @@ public class RequestQueue
     }
 
     public RequestQueue(String name, int increment, IPolicy p, IService s, INotify n,
-        INotify pendingNotify)
-        throws EBaseException {
+            INotify pendingNotify)
+            throws EBaseException {
         super(p, s, n, pendingNotify);
 
         mDB = DBSubsystem.getInstance();
         mBaseDN = "ou=" + name + ",ou=requests," + mDB.getBaseDN();
 
-        mRepository = new RequestRepository(name, increment, mDB,this);
+        mRepository = new RequestRepository(name, increment, mDB, this);
 
     }
 
@@ -591,8 +597,8 @@ public class RequestQueue
     }
 
     /*
-     * return request repository 
-     */ 
+     * return request repository
+     */
     public IRepository getRequestRepository() {
         return (IRepository) mRepository;
     }
@@ -610,15 +616,15 @@ public class RequestQueue
     protected RequestRepository mRepository;
 }
 
-
 class SearchEnumeration
-    implements IRequestList {
+        implements IRequestList {
     public RequestId nextRequestId() {
         Object obj;
 
         obj = mResults.nextElement();
 
-        if (obj == null || !(obj instanceof RequestRecord)) return null;
+        if (obj == null || !(obj instanceof RequestRecord))
+            return null;
 
         RequestRecord r = (RequestRecord) obj;
 
@@ -647,7 +653,8 @@ class SearchEnumeration
 
         obj = mResults.nextElement();
 
-        if (obj == null || !(obj instanceof RequestRecord)) return null;
+        if (obj == null || !(obj instanceof RequestRecord))
+            return null;
 
         RequestRecord r = (RequestRecord) obj;
 
@@ -655,7 +662,7 @@ class SearchEnumeration
     }
 
     public IRequest nextRequestObject() {
-        RequestRecord record = (RequestRecord)nextRequest();
+        RequestRecord record = (RequestRecord) nextRequest();
         if (record != null)
             return mQueue.makeRequest(record);
         return null;
@@ -665,13 +672,13 @@ class SearchEnumeration
     protected RequestQueue mQueue;
 }
 
-
 class ListEnumeration
-    implements IRequestVirtualList {
+        implements IRequestVirtualList {
     public IRequest getElementAt(int i) {
         RequestRecord record = (RequestRecord) mList.getElementAt(i);
 
-        if (record == null) return null;
+        if (record == null)
+            return null;
 
         return mQueue.makeRequest(record);
     }
@@ -693,6 +700,7 @@ class ListEnumeration
         return mList.getSizeAfterJumpTo();
 
     }
+
     ListEnumeration(RequestQueue queue, IDBVirtualList list) {
         mQueue = queue;
         mList = list;
diff --git a/pki/base/common/src/com/netscape/cmscore/request/RequestRecord.java b/pki/base/common/src/com/netscape/cmscore/request/RequestRecord.java
index 321e32ec..d7570ad9 100644
--- a/pki/base/common/src/com/netscape/cmscore/request/RequestRecord.java
+++ b/pki/base/common/src/com/netscape/cmscore/request/RequestRecord.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cmscore.request;
 
-
 import java.io.ByteArrayInputStream;
 import java.io.ByteArrayOutputStream;
 import java.io.IOException;
@@ -53,15 +52,14 @@ import com.netscape.cmscore.dbs.DateMapper;
 import com.netscape.cmscore.dbs.StringMapper;
 import com.netscape.cmscore.util.Debug;
 
-
 //
 // A request record is the stored version of a request.
 // It has a set of attributes that are mapped into LDAP
 // attributes for actual directory operations.
 //
 public class RequestRecord
-    extends ARequestRecord
-    implements IRequestRecord, IDBObj {
+        extends ARequestRecord
+        implements IRequestRecord, IDBObj {
     /**
      *
      */
@@ -96,7 +94,8 @@ public class RequestRecord
         else {
             RequestAttr ra = (RequestAttr) mAttrTable.get(name);
 
-            if (ra != null) return ra.get(this);
+            if (ra != null)
+                return ra.get(this);
         }
 
         return null;
@@ -104,7 +103,7 @@ public class RequestRecord
 
     // IDBObj.set
     @SuppressWarnings("unchecked")
-	public void set(String name, Object o) {
+    public void set(String name, Object o) {
         if (name.equals(IRequestRecord.ATTR_REQUEST_ID))
             mRequestId = (RequestId) o;
         else if (name.equals(IRequestRecord.ATTR_REQUEST_STATE))
@@ -120,17 +119,18 @@ public class RequestRecord
         else if (name.equals(IRequestRecord.ATTR_REQUEST_OWNER))
             mOwner = (String) o;
         else if (name.equals(IRequestRecord.ATTR_EXT_DATA))
-            mExtData = (Hashtable)o;
+            mExtData = (Hashtable) o;
         else {
             RequestAttr ra = (RequestAttr) mAttrTable.get(name);
 
-            if (ra != null) ra.set(this, o);
+            if (ra != null)
+                ra.set(this, o);
         }
     }
 
     // IDBObj.delete
     public void delete(String name)
-        throws EBaseException {
+            throws EBaseException {
         throw new EBaseException("Invalid call to delete");
     }
 
@@ -177,19 +177,19 @@ public class RequestRecord
     static void mod(ModificationSet mods, IRequest r) throws EBaseException {
         //
         mods.add(IRequestRecord.ATTR_REQUEST_STATE,
-            Modification.MOD_REPLACE, r.getRequestStatus());
+                Modification.MOD_REPLACE, r.getRequestStatus());
 
         mods.add(IRequestRecord.ATTR_SOURCE_ID,
-            Modification.MOD_REPLACE, r.getSourceId());
+                Modification.MOD_REPLACE, r.getSourceId());
 
         mods.add(IRequestRecord.ATTR_REQUEST_OWNER,
-            Modification.MOD_REPLACE, r.getRequestOwner());
+                Modification.MOD_REPLACE, r.getRequestOwner());
 
         mods.add(IRequestRecord.ATTR_MODIFY_TIME,
-            Modification.MOD_REPLACE, r.getModificationTime());
+                Modification.MOD_REPLACE, r.getModificationTime());
 
         mods.add(IRequestRecord.ATTR_EXT_DATA,
-            Modification.MOD_REPLACE, loadExtDataFromRequest(r));
+                Modification.MOD_REPLACE, loadExtDataFromRequest(r));
 
         for (int i = 0; i < mRequestA.length; i++) {
             mRequestA[i].mod(mods, r);
@@ -197,7 +197,7 @@ public class RequestRecord
     }
 
     static void register(IDBSubsystem db)
-        throws EDBException {
+            throws EDBException {
         IDBRegistry reg = db.getRegistry();
 
         reg.registerObjectClass(RequestRecord.class.getName(), mOC);
@@ -205,13 +205,13 @@ public class RequestRecord
         reg.registerAttribute(IRequestRecord.ATTR_REQUEST_ID, new RequestIdMapper());
         reg.registerAttribute(IRequestRecord.ATTR_REQUEST_STATE, new RequestStateMapper());
         reg.registerAttribute(IRequestRecord.ATTR_CREATE_TIME,
-            new DateMapper(Schema.LDAP_ATTR_CREATE_TIME));
+                new DateMapper(Schema.LDAP_ATTR_CREATE_TIME));
         reg.registerAttribute(IRequestRecord.ATTR_MODIFY_TIME,
-            new DateMapper(Schema.LDAP_ATTR_MODIFY_TIME));
+                new DateMapper(Schema.LDAP_ATTR_MODIFY_TIME));
         reg.registerAttribute(IRequestRecord.ATTR_SOURCE_ID,
-            new StringMapper(Schema.LDAP_ATTR_SOURCE_ID));
+                new StringMapper(Schema.LDAP_ATTR_SOURCE_ID));
         reg.registerAttribute(IRequestRecord.ATTR_REQUEST_OWNER,
-            new StringMapper(Schema.LDAP_ATTR_REQUEST_OWNER));
+                new StringMapper(Schema.LDAP_ATTR_REQUEST_OWNER));
         ExtAttrDynMapper extAttrMapper = new ExtAttrDynMapper();
         reg.registerAttribute(IRequestRecord.ATTR_EXT_DATA, extAttrMapper);
         reg.registerDynamicMapper(extAttrMapper);
@@ -248,9 +248,9 @@ public class RequestRecord
             String key = (String) e.nextElement();
             Object value = mExtData.get(key);
             if (value instanceof String) {
-                r.setExtData(key, (String)value);
+                r.setExtData(key, (String) value);
             } else if (value instanceof Hashtable) {
-                r.setExtData(key, (Hashtable)value);
+                r.setExtData(key, (Hashtable) value);
             } else {
                 throw new EDBException("Illegal data value in RequestRecord: " +
                         r.toString());
@@ -263,40 +263,40 @@ public class RequestRecord
     static Hashtable mAttrTable = new Hashtable();
 
     /*
-     * This table contains attribute handlers for attributes
-     * of the request.  These attributes are ones that are stored
-     * apart from the generic name/value pairs supported by the get/set
-     * interface plus the hashtable for the name/value pairs themselves. 
-     *
-     * NOTE: Eventually, all attributes should be done here.  Currently
-     *   only the last ones added are implemented this way.
+     * This table contains attribute handlers for attributes of the request.
+     * These attributes are ones that are stored apart from the generic
+     * name/value pairs supported by the get/set interface plus the hashtable
+     * for the name/value pairs themselves.
+     * 
+     * NOTE: Eventually, all attributes should be done here. Currently only the
+     * last ones added are implemented this way.
      */
     static RequestAttr mRequestA[] = {
 
-            new RequestAttr(IRequest.ATTR_REQUEST_TYPE,
+    new RequestAttr(IRequest.ATTR_REQUEST_TYPE,
                 new StringMapper(Schema.LDAP_ATTR_REQUEST_TYPE)) {
-                void set(ARequestRecord r, Object o) {
-                    r.mRequestType = (String) o;
-                }
-  
-                Object get(ARequestRecord r) {
-                    return r.mRequestType;
-                }
-  
-                void read(IRequestMod a, IRequest r, ARequestRecord rr) {
-                    r.setRequestType(rr.mRequestType);
-                }
-  
-                void add(IRequest r, ARequestRecord rr) {
-                    rr.mRequestType = r.getRequestType();
-                }
-  
-                void mod(ModificationSet mods, IRequest r) {
-                    addmod(mods, r.getRequestType());
-                }
-            }
+        void set(ARequestRecord r, Object o) {
+            r.mRequestType = (String) o;
+        }
+
+        Object get(ARequestRecord r) {
+            return r.mRequestType;
+        }
+
+        void read(IRequestMod a, IRequest r, ARequestRecord rr) {
+            r.setRequestType(rr.mRequestType);
+        }
+
+        void add(IRequest r, ARequestRecord rr) {
+            rr.mRequestType = r.getRequestType();
+        }
+
+        void mod(ModificationSet mods, IRequest r) {
+            addmod(mods, r.getRequestType());
+        }
+    }
 
-        };
+    };
     static {
         mAttrs.add(IRequestRecord.ATTR_REQUEST_ID);
         mAttrs.add(IRequestRecord.ATTR_REQUEST_STATE);
@@ -316,7 +316,6 @@ public class RequestRecord
 
 }
 
-
 //
 // A mapper between an request state object and
 // its LDAP attribute representation
@@ -326,7 +325,7 @@ public class RequestRecord
 // @version $Revision$ $Date$
 //
 class RequestStateMapper
-    implements IDBAttrMapper {
+        implements IDBAttrMapper {
     // IDBAttrMapper methods
 
     //
@@ -337,7 +336,7 @@ class RequestStateMapper
 
     //
     public void mapObjectToLDAPAttributeSet(IDBObj parent,
-        String name, Object obj, LDAPAttributeSet attrs) {
+            String name, Object obj, LDAPAttributeSet attrs) {
         RequestStatus rs = (RequestStatus) obj;
 
         attrs.add(new LDAPAttribute(Schema.LDAP_ATTR_REQUEST_STATE,
@@ -345,11 +344,12 @@ class RequestStateMapper
     }
 
     public void mapLDAPAttributeSetToObject(LDAPAttributeSet attrs,
-        String name, IDBObj parent)
-        throws EBaseException {
+            String name, IDBObj parent)
+            throws EBaseException {
         LDAPAttribute attr = attrs.getAttribute(Schema.LDAP_ATTR_REQUEST_STATE);
 
-        if (attr == null) throw new EBaseException("schema violation");
+        if (attr == null)
+            throw new EBaseException("schema violation");
 
         String value = (String) attr.getStringValues().nextElement();
 
@@ -367,7 +367,6 @@ class RequestStateMapper
     }
 }
 
-
 //
 // A mapper between an request id object and
 // its LDAP attribute representation
@@ -377,7 +376,7 @@ class RequestStateMapper
 // @version $Revision$ $Date$
 //
 class RequestIdMapper
-    implements IDBAttrMapper {
+        implements IDBAttrMapper {
     // IDBAttrMapper methods
 
     //
@@ -388,7 +387,7 @@ class RequestIdMapper
 
     //
     public void mapObjectToLDAPAttributeSet(IDBObj parent,
-        String name, Object obj, LDAPAttributeSet attrs) {
+            String name, Object obj, LDAPAttributeSet attrs) {
         RequestId rid = (RequestId) obj;
 
         String v = BigIntegerMapper.BigIntegerToDB(new BigInteger(rid.toString()));
@@ -397,11 +396,12 @@ class RequestIdMapper
     }
 
     public void mapLDAPAttributeSetToObject(LDAPAttributeSet attrs,
-        String name, IDBObj parent)
-        throws EBaseException {
+            String name, IDBObj parent)
+            throws EBaseException {
         LDAPAttribute attr = attrs.getAttribute(Schema.LDAP_ATTR_REQUEST_ID);
 
-        if (attr == null) throw new EBaseException("schema violation");
+        if (attr == null)
+            throw new EBaseException("schema violation");
 
         String value = (String) attr.getStringValues().nextElement();
 
@@ -427,19 +427,18 @@ class RequestIdMapper
     }
 }
 
-
 /**
  * A mapper between an request attr set and its LDAP attribute representation.
- *
- * The attr attribute is no longer used.  This class is kept for historical
- * and migration purposes.
- *
+ * 
+ * The attr attribute is no longer used. This class is kept for historical and
+ * migration purposes.
+ * 
  * @author thayes
  * @version $Revision$ $Date$
  * @deprecated
  */
 class RequestAttrsMapper
-    implements IDBAttrMapper {
+        implements IDBAttrMapper {
     // IDBAttrMapper methods
 
     //
@@ -450,8 +449,8 @@ class RequestAttrsMapper
 
     //
     public void mapObjectToLDAPAttributeSet(IDBObj parent,
-        String name, Object obj, LDAPAttributeSet attrs) {
-        Hashtable ht = (Hashtable) obj;   
+            String name, Object obj, LDAPAttributeSet attrs) {
+        Hashtable ht = (Hashtable) obj;
         Enumeration e = ht.keys();
 
         try {
@@ -473,13 +472,13 @@ class RequestAttrsMapper
                 } catch (NotSerializableException x) {
                     if (Debug.ON) {
                         System.err.println("Error: attribute '" + key + "' (" +
-                            x.getMessage() + ") is not serializable");
+                                x.getMessage() + ") is not serializable");
                         x.printStackTrace();
                     }
                 } catch (Exception x) {
                     if (Debug.ON) {
                         System.err.println("Error: attribute '" + key +
-                            "' - error during serialization: " + x);
+                                "' - error during serialization: " + x);
                         x.printStackTrace();
                     }
                 }
@@ -490,17 +489,17 @@ class RequestAttrsMapper
 
             attrs.add(new LDAPAttribute(Schema.LDAP_ATTR_REQUEST_ATTRS,
                     bos.toByteArray()));
-        } catch (Exception x) { 
+        } catch (Exception x) {
             Debug.trace("Output Mapping Error in requeset ID " +
-                ((RequestRecord) parent).getRequestId().toString() + " : " + x); 
-            //if (Debug.ON) {
+                    ((RequestRecord) parent).getRequestId().toString() + " : " + x);
+            // if (Debug.ON) {
             Debug.printStackTrace(x);
-            //}
+            // }
         }
     }
 
     private byte[] encode(Object value)
-        throws NotSerializableException, IOException {
+            throws NotSerializableException, IOException {
         ByteArrayOutputStream bos = new ByteArrayOutputStream();
         ObjectOutputStream os = new ObjectOutputStream(bos);
 
@@ -511,7 +510,7 @@ class RequestAttrsMapper
     }
 
     private Object decode(byte[] data)
-        throws ObjectStreamException, IOException, ClassNotFoundException {
+            throws ObjectStreamException, IOException, ClassNotFoundException {
         ByteArrayInputStream bis = new ByteArrayInputStream(data);
         ObjectInputStream is = new ObjectInputStream(bis);
 
@@ -519,7 +518,7 @@ class RequestAttrsMapper
     }
 
     private Hashtable decodeHashtable(byte[] data)
-        throws ObjectStreamException, IOException, ClassNotFoundException {
+            throws ObjectStreamException, IOException, ClassNotFoundException {
         Hashtable ht = new Hashtable();
         ByteArrayInputStream bis = new ByteArrayInputStream(data);
         ObjectInputStream is = new ObjectInputStream(bis);
@@ -530,22 +529,23 @@ class RequestAttrsMapper
 
             while (true) {
                 key = (String) is.readObject();
-  
+
                 // end of table is marked with null
-                if (key == null) break;
+                if (key == null)
+                    break;
 
                 byte[] bytes = (byte[]) is.readObject();
 
                 ht.put(key, decode(bytes));
             }
         } catch (ObjectStreamException e) {
-            Debug.trace("Key " + key);  // would be nice to know object type.
+            Debug.trace("Key " + key); // would be nice to know object type.
             throw e;
         } catch (IOException e) {
-            Debug.trace("Key " + key);  // would be nice to know object type.
+            Debug.trace("Key " + key); // would be nice to know object type.
             throw e;
         } catch (ClassNotFoundException e) {
-            Debug.trace("Key " + key);  // would be nice to know object type.
+            Debug.trace("Key " + key); // would be nice to know object type.
             throw e;
         }
 
@@ -555,16 +555,17 @@ class RequestAttrsMapper
     /**
      * Implements IDBAttrMapper.mapLDAPAttributeSetToObject
      * <p>
+     * 
      * @see IDBAttrMapper#mapLDAPAttributeSetToObject
      */
     public void mapLDAPAttributeSetToObject(LDAPAttributeSet attrs,
-        String name, IDBObj parent)
-        throws EBaseException {
+            String name, IDBObj parent)
+            throws EBaseException {
         Hashtable ht = null;
 
         //
         // Data is stored in a (single valued) binary attribute
-        // 
+        //
         byte[] value;
 
         LDAPAttribute attr = null;
@@ -581,11 +582,11 @@ class RequestAttrsMapper
             }
         } catch (Exception x) {
             Debug.trace("Mapping error in request Id " +
-                ((RequestRecord) parent).getRequestId().toString() + " : " + x);
+                    ((RequestRecord) parent).getRequestId().toString() + " : " + x);
             Debug.trace("Attr " + attr.getName());
-            //if (Debug.ON) {
+            // if (Debug.ON) {
             Debug.printStackTrace(x);
-            //}
+            // }
         }
 
         parent.set(name, ht);
@@ -605,25 +606,18 @@ class RequestAttrsMapper
 /**
  * Maps dynamic data for the extData- prefix to and from the extData Hashtable
  * in RequestRecord.
- *
- * The data in RequestRecord is stored in a Hashtable.  It comes in two forms:
- * 1. String key1 => String value1
- *    String key2 => String value2
- *    This is stored in LDAP as:
- *        extData-key1 => value1
- *        extData-key2 => value2
- *
- * 2. String key => Hashtable value
- *        where value stores:
- *            String key2 => String value2
- *            String key3 => String value3
- *    This is stored in LDAP as:
- *        extData-key;key2 => value2
- *        extData-key;key3 => value3
- *
- * These can be mixed, but each top-level key can only be associated with
- * a String value or a Hashtable value.
- *
+ * 
+ * The data in RequestRecord is stored in a Hashtable. It comes in two forms: 1.
+ * String key1 => String value1 String key2 => String value2 This is stored in
+ * LDAP as: extData-key1 => value1 extData-key2 => value2
+ * 
+ * 2. String key => Hashtable value where value stores: String key2 => String
+ * value2 String key3 => String value3 This is stored in LDAP as:
+ * extData-key;key2 => value2 extData-key;key3 => value3
+ * 
+ * These can be mixed, but each top-level key can only be associated with a
+ * String value or a Hashtable value.
+ * 
  */
 class ExtAttrDynMapper implements IDBDynAttrMapper {
 
@@ -636,17 +630,15 @@ class ExtAttrDynMapper implements IDBDynAttrMapper {
         return mAttrs.elements();
     }
 
-
     /**
-     * Decodes extdata encoded keys.
-     * -- followed by a 4 digit hexadecimal string is decoded to the character
-     * representing the hex string.
-     *
-     * The routine is written to be highly efficient.  It only allocates
-     * the StringBuffer if needed and copies the pieces in large chunks.
-     *
-     * @param key  The key to decode
-     * @return  The decoded key.
+     * Decodes extdata encoded keys. -- followed by a 4 digit hexadecimal string
+     * is decoded to the character representing the hex string.
+     * 
+     * The routine is written to be highly efficient. It only allocates the
+     * StringBuffer if needed and copies the pieces in large chunks.
+     * 
+     * @param key The key to decode
+     * @return The decoded key.
      */
     public String decodeKey(String key) {
         StringBuffer output = null;
@@ -656,8 +648,8 @@ class ExtAttrDynMapper implements IDBDynAttrMapper {
         int index = 0;
         while (index < input.length) {
             if (input[index] == '-') {
-                if ( ((index + 1) < input.length) &&
-                     (input[index + 1] == '-')) {
+                if (((index + 1) < input.length) &&
+                        (input[index + 1] == '-')) {
                     if (output == null) {
                         output = new StringBuffer(input.length);
                     }
@@ -665,10 +657,10 @@ class ExtAttrDynMapper implements IDBDynAttrMapper {
                     index += 2;
                     if ((index + 3) < input.length) {
                         output.append(
-                            Character.toChars(
-                                Integer.parseInt(new String(input, index, 4),
+                                Character.toChars(
+                                        Integer.parseInt(new String(input, index, 4),
                                                 16))
-                        );
+                                );
                     }
                     index += 4;
                     startCopyIndex = index;
@@ -690,26 +682,23 @@ class ExtAttrDynMapper implements IDBDynAttrMapper {
 
     /**
      * Encoded extdata keys for storage in LDAP.
-     *
-     * The rules for encoding are trickier than decoding.  We want to allow
-     * '-' by itself to be stored in the database (for the common case of keys
-     * like 'Foo-Bar'.  Therefore we are using '--' as the encoding character.
-     * The rules are:
-     * 1) All characters [^-a-zA-Z0-9] are encoded as --XXXX where XXXX is the
-     *    hex representation of the digit.
-     * 2) [a-zA-Z0-9] are always passed through unencoded
-     * 3) [-] is passed through as long as it is preceded and followed
-     *    by [a-zA-Z0-9] (or if it's at the beginning/end of the string)
-     * 4) If [-] is preceded or followed by [^a-zA-Z0-9] then
-     *    the - as well as all following [^a-zA-Z0-9] characters are encoded
-     *    as --XXXX.
-     *
+     * 
+     * The rules for encoding are trickier than decoding. We want to allow '-'
+     * by itself to be stored in the database (for the common case of keys like
+     * 'Foo-Bar'. Therefore we are using '--' as the encoding character. The
+     * rules are: 1) All characters [^-a-zA-Z0-9] are encoded as --XXXX where
+     * XXXX is the hex representation of the digit. 2) [a-zA-Z0-9] are always
+     * passed through unencoded 3) [-] is passed through as long as it is
+     * preceded and followed by [a-zA-Z0-9] (or if it's at the beginning/end of
+     * the string) 4) If [-] is preceded or followed by [^a-zA-Z0-9] then the -
+     * as well as all following [^a-zA-Z0-9] characters are encoded as --XXXX.
+     * 
      * This routine tries to be as efficient as possible with StringBuffer and
-     * large copies.  However, the encoding unfortunately requires several
+     * large copies. However, the encoding unfortunately requires several
      * objects to be allocated.
-     *
+     * 
      * @param key The key to encode
-     * @return  The encoded key
+     * @return The encoded key
      */
     public String encodeKey(String key) {
         StringBuffer output = null;
@@ -718,10 +707,10 @@ class ExtAttrDynMapper implements IDBDynAttrMapper {
 
         int index = 0;
         while (index < input.length) {
-            if (! isAlphaNum(input[index])) {
+            if (!isAlphaNum(input[index])) {
                 if ((input[index] == '-') &&
-                    ((index + 1) < input.length) &&
-                    (isAlphaNum(input[index + 1]))) {
+                        ((index + 1) < input.length) &&
+                        (isAlphaNum(input[index + 1]))) {
                     index += 2;
                 } else if ((input[index] == '-') &&
                            ((index + 1) == input.length)) {
@@ -731,8 +720,8 @@ class ExtAttrDynMapper implements IDBDynAttrMapper {
                         output = new StringBuffer(input.length + 5);
                     }
                     output.append(input, startCopyIndex, index - startCopyIndex);
-                    while ( (index < input.length) &&
-                            (! isAlphaNum(input[index])) ) {
+                    while ((index < input.length) &&
+                            (!isAlphaNum(input[index]))) {
                         output.append("--");
                         String hexString = Integer.toHexString(input[index]);
                         int padding = 4 - hexString.length();
@@ -782,28 +771,28 @@ class ExtAttrDynMapper implements IDBDynAttrMapper {
                 String key = (String) e.nextElement();
                 Object value = ht.get(key);
                 if (value instanceof String) {
-                    String stringValue = (String)value;
+                    String stringValue = (String) value;
                     attrs.add(new LDAPAttribute(
                             extAttrPrefix + encodeKey(key),
                             stringValue));
                 } else if (value instanceof Hashtable) {
-                    Hashtable innerHash = (Hashtable)value;
+                    Hashtable innerHash = (Hashtable) value;
                     Enumeration innerHashEnum = innerHash.keys();
-                    while (innerHashEnum.hasMoreElements()){
-                        String innerKey = (String)innerHashEnum.nextElement();
-                        String innerValue = (String)innerHash.get(innerKey);
+                    while (innerHashEnum.hasMoreElements()) {
+                        String innerKey = (String) innerHashEnum.nextElement();
+                        String innerValue = (String) innerHash.get(innerKey);
                         attrs.add(new LDAPAttribute(
-                            extAttrPrefix + encodeKey(key) + ";" + encodeKey(innerKey),
-                            innerValue));
+                                extAttrPrefix + encodeKey(key) + ";" + encodeKey(innerKey),
+                                innerValue));
                     }
                 }
             }
         } catch (Exception x) {
             Debug.trace("Output Mapping Error in requeset ID " +
-                ((IRequestRecord) parent).getRequestId().toString() + " : " + x);
-            //if (Debug.ON) {
+                    ((IRequestRecord) parent).getRequestId().toString() + " : " + x);
+            // if (Debug.ON) {
             Debug.printStackTrace(x);
-            //}
+            // }
         }
     }
 
@@ -815,7 +804,7 @@ class ExtAttrDynMapper implements IDBDynAttrMapper {
 
         Enumeration attrEnum = attrs.getAttributes();
         while (attrEnum.hasMoreElements()) {
-            LDAPAttribute attr = (LDAPAttribute)attrEnum.nextElement();
+            LDAPAttribute attr = (LDAPAttribute) attrEnum.nextElement();
             String baseName = attr.getBaseName();
             if (baseName.toLowerCase().startsWith(extAttrPrefix)) {
                 String keyName = decodeKey(
@@ -824,7 +813,7 @@ class ExtAttrDynMapper implements IDBDynAttrMapper {
                 String[] values = attr.getStringValueArray();
                 if (values.length != 1) {
                     String message = "Output Mapping Error in request ID " +
-                        ((IRequestRecord) parent).getRequestId().toString() + " : " +
+                            ((IRequestRecord) parent).getRequestId().toString() + " : " +
                             "more than one value returned for " +
                             keyName;
                     Debug.trace(message);
@@ -833,22 +822,22 @@ class ExtAttrDynMapper implements IDBDynAttrMapper {
                 if ((subTypes != null) && (subTypes.length > 0)) {
                     if (subTypes.length != 1) {
                         String message = "Output Mapping Error in request ID " +
-                            ((IRequestRecord) parent).getRequestId().toString() + " : " +
+                                ((IRequestRecord) parent).getRequestId().toString() + " : " +
                                 "more than one subType returned for " +
                                 keyName;
                         Debug.trace(message);
                         throw new EBaseException(message);
                     }
                     Object value = ht.get(keyName);
-                    if ((value != null) && (! (value instanceof Hashtable))) {
+                    if ((value != null) && (!(value instanceof Hashtable))) {
                         String message = "Output Mapping Error in request ID " +
-                            ((IRequestRecord) parent).getRequestId().toString() + " : " +
+                                ((IRequestRecord) parent).getRequestId().toString() + " : " +
                                 "combined no-subtype and subtype data for key " +
                                 keyName;
                         Debug.trace(message);
                         throw new EBaseException(message);
                     }
-                    valueHashtable = (Hashtable)value;
+                    valueHashtable = (Hashtable) value;
                     if (valueHashtable == null) {
                         valueHashtable = new Hashtable();
                         ht.put(keyName, valueHashtable);
diff --git a/pki/base/common/src/com/netscape/cmscore/request/RequestRepository.java b/pki/base/common/src/com/netscape/cmscore/request/RequestRepository.java
index 1dafc2a7..94274af0 100644
--- a/pki/base/common/src/com/netscape/cmscore/request/RequestRepository.java
+++ b/pki/base/common/src/com/netscape/cmscore/request/RequestRepository.java
@@ -32,30 +32,29 @@ import com.netscape.certsrv.request.IRequestQueue;
 import com.netscape.cmscore.dbs.Repository;
 import com.netscape.cmscore.dbs.RepositoryRecord;
 
-
 /**
- * TODO: what does this class provide beyond the Repository
- * base class??
+ * TODO: what does this class provide beyond the Repository base class??
  * <p>
+ * 
  * @author thayes
  * @version $Revision$ $Date$
  */
 class RequestRepository
-    extends Repository {
+        extends Repository {
+
+    IDBSubsystem mDB = null;
+    IRequestQueue mRequestQueue = null;
 
-     IDBSubsystem mDB = null;
-     IRequestQueue mRequestQueue = null;
     /**
      * Create a request repository that uses the LDAP database
      * <p>
-     * @param name
-     *    the name of the repository.  This String is used to
-     *    construct the DN for the repository's LDAP entry.
-     * @param db
-     *    the LDAP database system.
+     * 
+     * @param name the name of the repository. This String is used to construct
+     *            the DN for the repository's LDAP entry.
+     * @param db the LDAP database system.
      */
     public RequestRepository(String name, int increment, IDBSubsystem db)
-        throws EDBException {
+            throws EDBException {
         super(db, increment, "ou=" + name + ",ou=requests," + db.getBaseDN());
 
         CMS.debug("RequestRepository: constructor 1");
@@ -67,8 +66,8 @@ class RequestRepository
         mDB = db;
     }
 
-    public RequestRepository(String name, int increment, IDBSubsystem db,IRequestQueue requestQueue)
-        throws EDBException {
+    public RequestRepository(String name, int increment, IDBSubsystem db, IRequestQueue requestQueue)
+            throws EDBException {
         super(db, increment, "ou=" + name + ",ou=requests," + db.getBaseDN());
 
         CMS.debug("RequestRepository: constructor2.");
@@ -82,12 +81,11 @@ class RequestRepository
     }
 
     /**
-     * get the LDAP base DN for this repository.  This
-     * value can be used by the request queue to create the
-     * name for the request records themselves.
+     * get the LDAP base DN for this repository. This value can be used by the
+     * request queue to create the name for the request records themselves.
      * <p>
-     * @return
-     *    the LDAP base DN.
+     * 
+     * @return the LDAP base DN.
      */
     public String getBaseDN() {
         return mBaseDN;
@@ -96,34 +94,31 @@ class RequestRepository
     /**
      * Resets serial number.
      */
-    public void resetSerialNumber(BigInteger serial) throws EBaseException
-    {
+    public void resetSerialNumber(BigInteger serial) throws EBaseException {
         setTheSerialNumber(serial);
     }
-                                                                                
+
     /**
      * Removes all objects with this repository.
      */
-    public void removeAllObjects() throws EBaseException
-    {
+    public void removeAllObjects() throws EBaseException {
         IDBSSession s = mDB.createSession();
         try {
-            Enumeration e = s.search(getBaseDN(), 
+            Enumeration e = s.search(getBaseDN(),
                                "(" + RequestRecord.ATTR_REQUEST_ID + "=*)");
             while (e.hasMoreElements()) {
-              RequestRecord r = (RequestRecord)e.nextElement();
-              String name = "cn" + "=" +
-                r.getRequestId().toString() + "," + getBaseDN();
-               s.delete(name);
-            }       
+                RequestRecord r = (RequestRecord) e.nextElement();
+                String name = "cn" + "=" +
+                        r.getRequestId().toString() + "," + getBaseDN();
+                s.delete(name);
+            }
         } finally {
             if (s != null)
                 s.close();
         }
     }
 
-    public BigInteger getLastSerialNumberInRange(BigInteger min, BigInteger max)
-    {
+    public BigInteger getLastSerialNumberInRange(BigInteger min, BigInteger max) {
 
         CMS.debug("RequestRepository: in getLastSerialNumberInRange: min " + min + " max " + max);
 
@@ -131,26 +126,26 @@ class RequestRepository
 
         BigInteger ret = null;
 
-        if(mRequestQueue == null)  {
+        if (mRequestQueue == null) {
 
             CMS.debug("RequestRepository:  mRequestQueue is null.");
 
-        }  else  {
-       
-            CMS.debug("RequestRepository: about to call mRequestQueue.getLastRequestIdInRange"); 
-            ret = mRequestQueue.getLastRequestIdInRange(min,max);
+        } else {
+
+            CMS.debug("RequestRepository: about to call mRequestQueue.getLastRequestIdInRange");
+            ret = mRequestQueue.getLastRequestIdInRange(min, max);
 
         }
 
         return ret;
 
     }
+
     /**
      * the LDAP base DN for this repository
      */
     protected String mBaseDN;
 
-
     public String getPublishingStatus() {
         RepositoryRecord record = null;
         Object obj = null;
@@ -160,8 +155,8 @@ class RequestRepository
         try {
             dbs = mDB.createSession();
             obj = dbs.read(mBaseDN);
-        } catch (Exception e) { 
-            CMS.debug("RequestRepository:  getPublishingStatus:  Error: " + e); 
+        } catch (Exception e) {
+            CMS.debug("RequestRepository:  getPublishingStatus:  Error: " + e);
             CMS.debugStackTrace();
         } finally {
             // Close session - ignoring errors (UTIL)
@@ -169,7 +164,7 @@ class RequestRepository
                 try {
                     dbs.close();
                 } catch (Exception ex) {
-                    CMS.debug("RequestRepository:  getPublishingStatus:  Error: " + ex); 
+                    CMS.debug("RequestRepository:  getPublishingStatus:  Error: " + ex);
                 }
             }
         }
@@ -181,7 +176,7 @@ class RequestRepository
             CMS.debug("RequestRepository:  obj is NOT instanceof RepositoryRecord");
         }
         CMS.debug("RequestRepository:  getPublishingStatus  mBaseDN: " + mBaseDN +
-                  "  status: " + ((status != null)?status:"null"));
+                  "  status: " + ((status != null) ? status : "null"));
 
         return status;
     }
@@ -193,14 +188,14 @@ class RequestRepository
         ModificationSet mods = new ModificationSet();
 
         if (status != null && status.length() > 0) {
-            mods.add(IRepositoryRecord.ATTR_PUB_STATUS, 
-                Modification.MOD_REPLACE, status);
+            mods.add(IRepositoryRecord.ATTR_PUB_STATUS,
+                    Modification.MOD_REPLACE, status);
 
             try {
                 dbs = mDB.createSession();
                 dbs.modify(mBaseDN, mods);
-            } catch (Exception e) { 
-                CMS.debug("RequestRepository:  setPublishingStatus:  Error: " + e); 
+            } catch (Exception e) {
+                CMS.debug("RequestRepository:  setPublishingStatus:  Error: " + e);
                 CMS.debugStackTrace();
             } finally {
                 // Close session - ignoring errors (UTIL)
@@ -208,7 +203,7 @@ class RequestRepository
                     try {
                         dbs.close();
                     } catch (Exception ex) {
-                        CMS.debug("RequestRepository:  setPublishingStatus:  Error: " + ex); 
+                        CMS.debug("RequestRepository:  setPublishingStatus:  Error: " + ex);
                     }
                 }
             }
diff --git a/pki/base/common/src/com/netscape/cmscore/request/RequestSubsystem.java b/pki/base/common/src/com/netscape/cmscore/request/RequestSubsystem.java
index 90df9924..8a8387a7 100644
--- a/pki/base/common/src/com/netscape/cmscore/request/RequestSubsystem.java
+++ b/pki/base/common/src/com/netscape/cmscore/request/RequestSubsystem.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cmscore.request;
 
-
 import com.netscape.certsrv.apps.CMS;
 import com.netscape.certsrv.base.EBaseException;
 import com.netscape.certsrv.base.IConfigStore;
@@ -32,24 +31,22 @@ import com.netscape.certsrv.request.IRequestSubsystem;
 import com.netscape.certsrv.request.IService;
 import com.netscape.cmscore.dbs.DBSubsystem;
 
-
 /**
  * RequestSubsystem
  * <p>
- * This class is reponsible for managing storage of request objects
- * in the local database.
+ * This class is reponsible for managing storage of request objects in the local
+ * database.
  * <p>
- * TODO: review this
- * It provides:
- *   + registration of LDAP/JAVA mapping classes with the DBSubsystem
- *   + creation of RequestQueue storage in the database
- *   + retrieval of existing RequestQueue objects from the database
+ * TODO: review this It provides: + registration of LDAP/JAVA mapping classes
+ * with the DBSubsystem + creation of RequestQueue storage in the database +
+ * retrieval of existing RequestQueue objects from the database
  * <p>
+ * 
  * @author thayes
  * @version $Revision$, $Date$
  */
 public class RequestSubsystem
-    implements IRequestSubsystem, ISubsystem {
+        implements IRequestSubsystem, ISubsystem {
 
     public final static String ID = IRequestSubsystem.SUB_ID;
 
@@ -67,49 +64,51 @@ public class RequestSubsystem
     // end singleton enforcement.
 
     //
-    // Create a new request queue.  The LDAP DN for the entry
+    // Create a new request queue. The LDAP DN for the entry
     // in the database is supplied by the caller.
     //
     public void createRequestQueue(String name)
-        throws EBaseException {
+            throws EBaseException {
 
         /*
-         String dbName = makeQueueName(name);
-         IDBSSession dbs = createDBSSession();
-
-         // Create Repository record here
-
-        dbs.add(dbName, r);
-        */
+         * String dbName = makeQueueName(name); IDBSSession dbs =
+         * createDBSSession();
+         * 
+         * // Create Repository record here
+         * 
+         * dbs.add(dbName, r);
+         */
     }
 
     public IRequestQueue
-    getRequestQueue(String name, int increment, IPolicy p, IService s, INotify n)
-        throws EBaseException {
+            getRequestQueue(String name, int increment, IPolicy p, IService s, INotify n)
+                    throws EBaseException {
         return getRequestQueue(name, increment, p, s, n, null);
     }
 
     public IRequestQueue
-    getRequestQueue(String name, int increment, IPolicy p, IService s, INotify n,
-        INotify pendingNotifier)
-        throws EBaseException {
+            getRequestQueue(String name, int increment, IPolicy p, IService s, INotify n,
+                    INotify pendingNotifier)
+                    throws EBaseException {
         RequestQueue rq = new RequestQueue(name, increment, p, s, n, pendingNotifier);
 
         // can't do this here because the service depends on getting rq
-        // (to get request) and since this method hasn't returned it's rq is null. 
-        //rq.recover();
+        // (to get request) and since this method hasn't returned it's rq is
+        // null.
+        // rq.recover();
 
         return rq;
     }
 
     //
     // ISubsystem methods:
-    //   getId, setId, init, startup, shutdown, getConfigStore
+    // getId, setId, init, startup, shutdown, getConfigStore
     //
 
     /**
      * Implements ISubsystem.getId
      * <p>
+     * 
      * @see ISubsystem#getId
      */
     public String getId() {
@@ -118,7 +117,7 @@ public class RequestSubsystem
 
     // ISubsystem.setId
     public void setId(String id)
-        throws EBaseException {
+            throws EBaseException {
         mId = id;
     }
 
@@ -127,18 +126,19 @@ public class RequestSubsystem
         mParent = parent;
         mConfig = config;
     }
-   
+
     /**
      * Implements ISubsystem.startup
      * <p>
+     * 
      * @see ISubsystem#startup
      */
     public void startup()
-        throws EBaseException {
+            throws EBaseException {
         mLogger = CMS.getLogger();
 
         mLogger.log(ILogger.EV_SYSTEM, ILogger.S_REQQUEUE, ILogger.LL_INFO,
-            "Request subsystem started");
+                "Request subsystem started");
     }
 
     public void shutdown() {
@@ -146,7 +146,7 @@ public class RequestSubsystem
 
         if (mLogger != null) {
             mLogger.log(ILogger.EV_SYSTEM, ILogger.S_REQQUEUE, ILogger.LL_INFO,
-                "Request subsystem stopped");
+                    "Request subsystem stopped");
         }
     }
 
@@ -166,7 +166,7 @@ public class RequestSubsystem
     // system.
     //
     protected IDBSSession createDBSSession()
-        throws EBaseException {
+            throws EBaseException {
         return getDBSubsystem().createSession();
     }
 
@@ -186,6 +186,5 @@ public class RequestSubsystem
     private String mId = IRequestSubsystem.SUB_ID;
     private IRequestQueue mRequestQueue;
 
-    protected ILogger mLogger; 
+    protected ILogger mLogger;
 }
-
diff --git a/pki/base/common/src/com/netscape/cmscore/request/Schema.java b/pki/base/common/src/com/netscape/cmscore/request/Schema.java
index 182e3470..b18b3666 100644
--- a/pki/base/common/src/com/netscape/cmscore/request/Schema.java
+++ b/pki/base/common/src/com/netscape/cmscore/request/Schema.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cmscore.request;
 
-
 //
 // The Schema class contains constant string values for
 // LDAP attribute and object class names used in this package
@@ -44,7 +43,7 @@ class Schema {
     public static final String LDAP_ATTR_EXT_ATTR = "extAttr";
 
     // Indicates a special state that may be searched for exactly
-    // such as requiresAgentService.  The idea is to reduce the space
+    // such as requiresAgentService. The idea is to reduce the space
     // used in indexes to optimize common queries.
     // NOT IMPLEMENTED
     public static final String LDAP_ATTR_REQUEST_FLAG = "requestFlag";
diff --git a/pki/base/common/src/com/netscape/cmscore/security/CASigningCert.java b/pki/base/common/src/com/netscape/cmscore/security/CASigningCert.java
index 04f442a3..d750ea23 100644
--- a/pki/base/common/src/com/netscape/cmscore/security/CASigningCert.java
+++ b/pki/base/common/src/com/netscape/cmscore/security/CASigningCert.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cmscore.security;
 
-
 import java.io.IOException;
 import java.math.BigInteger;
 import java.security.KeyPair;
@@ -34,7 +33,6 @@ import com.netscape.certsrv.common.ConfigConstants;
 import com.netscape.certsrv.common.Constants;
 import com.netscape.certsrv.security.KeyCertData;
 
-
 /**
  * CA signing certificate.
  * 
@@ -43,8 +41,8 @@ import com.netscape.certsrv.security.KeyCertData;
  */
 public class CASigningCert extends CertificateInfo {
 
-    public static final String SUBJECT_NAME = 
-        "CN=Certificate Authority, O=Netscape Communications, C=US";
+    public static final String SUBJECT_NAME =
+            "CN=Certificate Authority, O=Netscape Communications, C=US";
 
     public CASigningCert(KeyCertData properties) {
         this(properties, null);
@@ -52,15 +50,11 @@ public class CASigningCert extends CertificateInfo {
 
     public CASigningCert(KeyCertData properties, KeyPair pair) {
         super(properties, pair);
-        /* included in console UI
-        try {
-            if (mProperties.get(Constants.PR_AKI) == null) {
-                mProperties.put(Constants.PR_AKI, Constants.FALSE);
-            }
-        } catch (Exception e) {
-            mProperties.put(Constants.PR_AKI, Constants.FALSE);
-        }
-        */
+        /*
+         * included in console UI try { if (mProperties.get(Constants.PR_AKI) ==
+         * null) { mProperties.put(Constants.PR_AKI, Constants.FALSE); } } catch
+         * (Exception e) { mProperties.put(Constants.PR_AKI, Constants.FALSE); }
+         */
         try {
             if (mProperties.get(Constants.PR_CERT_LEN) == null) {
                 mProperties.put(Constants.PR_CERT_LEN, "-1");
@@ -77,15 +71,11 @@ public class CASigningCert extends CertificateInfo {
             // "null" mean no BasicConstriant
             mProperties.put(Constants.PR_IS_CA, "null");
         }
-        /* included in console UI
-        try {
-            if (mProperties.get(Constants.PR_SKI) == null) {
-                mProperties.put(Constants.PR_SKI, Constants.FALSE);
-            }
-        } catch (Exception e) {
-            mProperties.put(Constants.PR_SKI, Constants.FALSE);
-        }
-        */
+        /*
+         * included in console UI try { if (mProperties.get(Constants.PR_SKI) ==
+         * null) { mProperties.put(Constants.PR_SKI, Constants.FALSE); } } catch
+         * (Exception e) { mProperties.put(Constants.PR_SKI, Constants.FALSE); }
+         */
     }
 
     public String getSubjectName() {
@@ -107,7 +97,7 @@ public class CASigningCert extends CertificateInfo {
             BigInteger P = new BigInteger(p);
             BigInteger Q = new BigInteger(q);
             BigInteger G = new BigInteger(g);
-            BigInteger pqgSeed = new BigInteger(seed); 
+            BigInteger pqgSeed = new BigInteger(seed);
             BigInteger pqgH = new BigInteger(H);
 
             return new PQGParams(P, Q, G, pqgSeed, counter, pqgH);
@@ -135,7 +125,7 @@ public class CASigningCert extends CertificateInfo {
             cmsFileTmp.putString("ca.signing.cacertnickname", nickname);
         else
             cmsFileTmp.putString("ca.signing.cacertnickname",
-                tokenname + ":" + nickname);
+                    tokenname + ":" + nickname);
         cmsFileTmp.commit(false);
     }
 
@@ -162,4 +152,3 @@ public class CASigningCert extends CertificateInfo {
         return extension;
     }
 }
-
diff --git a/pki/base/common/src/com/netscape/cmscore/security/CertificateInfo.java b/pki/base/common/src/com/netscape/cmscore/security/CertificateInfo.java
index 1b0c9f2f..2c31bdf9 100644
--- a/pki/base/common/src/com/netscape/cmscore/security/CertificateInfo.java
+++ b/pki/base/common/src/com/netscape/cmscore/security/CertificateInfo.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cmscore.security;
 
-
 import java.io.IOException;
 import java.math.BigInteger;
 import java.security.InvalidKeyException;
@@ -60,7 +59,6 @@ import com.netscape.certsrv.common.ConfigConstants;
 import com.netscape.certsrv.common.Constants;
 import com.netscape.certsrv.security.KeyCertData;
 
-
 /**
  * This base class provides methods to import CA signing cert or get certificate
  * request.
@@ -92,7 +90,7 @@ public abstract class CertificateInfo {
 
     public abstract String getSubjectName();
 
-    //public abstract SignatureAlgorithm getSigningAlgorithm();
+    // public abstract SignatureAlgorithm getSigningAlgorithm();
     public abstract String getKeyAlgorithm();
 
     public abstract String getNickname();
@@ -102,12 +100,12 @@ public abstract class CertificateInfo {
     public CertificateValidity getCertificateValidity() throws EBaseException {
 
         /*
-         String period = (String)mProperties.get(Constants.PR_VALIDITY_PERIOD);
-         Date notBeforeDate = CMS.getCurrentDate();
-         Date notAfterDate = new Date(notBeforeDate.getYear(),
-         notBeforeDate.getMonth(), 
-         notBeforeDate.getDate()+Integer.parseInt(period));
-         return new CertificateValidity(notBeforeDate, notAfterDate);
+         * String period =
+         * (String)mProperties.get(Constants.PR_VALIDITY_PERIOD); Date
+         * notBeforeDate = CMS.getCurrentDate(); Date notAfterDate = new
+         * Date(notBeforeDate.getYear(), notBeforeDate.getMonth(),
+         * notBeforeDate.getDate()+Integer.parseInt(period)); return new
+         * CertificateValidity(notBeforeDate, notAfterDate);
          */
         Date notBeforeDate = null;
         Date notAfterDate = null;
@@ -118,30 +116,30 @@ public abstract class CertificateInfo {
             notBeforeDate = new Date(Long.parseLong(notBeforeStr));
             notAfterDate = new Date(Long.parseLong(notAfterStr));
         } else {
-            int beginYear = 
-                Integer.parseInt(mProperties.getBeginYear()) - 1900;
-            int afterYear = 
-                Integer.parseInt(mProperties.getAfterYear()) - 1900;
+            int beginYear =
+                    Integer.parseInt(mProperties.getBeginYear()) - 1900;
+            int afterYear =
+                    Integer.parseInt(mProperties.getAfterYear()) - 1900;
             int beginMonth =
-                Integer.parseInt(mProperties.getBeginMonth());
+                    Integer.parseInt(mProperties.getBeginMonth());
             int afterMonth =
-                Integer.parseInt(mProperties.getAfterMonth());
+                    Integer.parseInt(mProperties.getAfterMonth());
             int beginDate =
-                Integer.parseInt(mProperties.getBeginDate());
-            int afterDate = 
-                Integer.parseInt(mProperties.getAfterDate());
+                    Integer.parseInt(mProperties.getBeginDate());
+            int afterDate =
+                    Integer.parseInt(mProperties.getAfterDate());
             int beginHour =
-                Integer.parseInt(mProperties.getBeginHour());
+                    Integer.parseInt(mProperties.getBeginHour());
             int afterHour =
-                Integer.parseInt(mProperties.getAfterHour());
+                    Integer.parseInt(mProperties.getAfterHour());
             int beginMin =
-                Integer.parseInt(mProperties.getBeginMin());
+                    Integer.parseInt(mProperties.getBeginMin());
             int afterMin =
-                Integer.parseInt(mProperties.getAfterMin());
+                    Integer.parseInt(mProperties.getAfterMin());
             int beginSec =
-                Integer.parseInt(mProperties.getBeginSec());
+                    Integer.parseInt(mProperties.getBeginSec());
             int afterSec =
-                Integer.parseInt(mProperties.getAfterSec());
+                    Integer.parseInt(mProperties.getAfterSec());
 
             Calendar calendar = Calendar.getInstance();
             calendar.set(beginYear, beginMonth, beginDate,
@@ -159,11 +157,11 @@ public abstract class CertificateInfo {
 
         try {
             certInfo.set(X509CertInfo.VERSION,
-                new CertificateVersion(CertificateVersion.V3));
+                    new CertificateVersion(CertificateVersion.V3));
             BigInteger serialNumber = mProperties.getSerialNumber();
 
             certInfo.set(X509CertInfo.SERIAL_NUMBER,
-                new CertificateSerialNumber(serialNumber));
+                    new CertificateSerialNumber(serialNumber));
             certInfo.set(X509CertInfo.EXTENSIONS, getExtensions());
             certInfo.set(X509CertInfo.VALIDITY, getCertificateValidity());
             String issuerName = mProperties.getIssuerName();
@@ -172,20 +170,20 @@ public abstract class CertificateInfo {
                 issuerName = getSubjectName();
             }
 
-            certInfo.set(X509CertInfo.ISSUER, 
-                new CertificateIssuerName(new X500Name(issuerName)));
+            certInfo.set(X509CertInfo.ISSUER,
+                    new CertificateIssuerName(new X500Name(issuerName)));
             certInfo.set(X509CertInfo.SUBJECT,
-                new CertificateSubjectName(new X500Name(getSubjectName())));
-            certInfo.set(X509CertInfo.VERSION, 
-                new CertificateVersion(CertificateVersion.V3));
+                    new CertificateSubjectName(new X500Name(getSubjectName())));
+            certInfo.set(X509CertInfo.VERSION,
+                    new CertificateVersion(CertificateVersion.V3));
 
             PublicKey pubk = mKeyPair.getPublic();
             X509Key xKey = KeyCertUtil.convertPublicKeyToX509Key(pubk);
 
             certInfo.set(X509CertInfo.KEY, new CertificateX509Key(xKey));
-            //SignatureAlgorithm algm = getSigningAlgorithm();
-            SignatureAlgorithm algm = 
-                (SignatureAlgorithm) mProperties.get(Constants.PR_SIGNATURE_ALGORITHM);
+            // SignatureAlgorithm algm = getSigningAlgorithm();
+            SignatureAlgorithm algm =
+                    (SignatureAlgorithm) mProperties.get(Constants.PR_SIGNATURE_ALGORITHM);
 
             if (algm == null) {
                 String hashtype = (String) mProperties.get(ConfigConstants.PR_HASH_TYPE);
@@ -197,16 +195,16 @@ public abstract class CertificateInfo {
             AlgorithmId sigAlgId = getAlgorithmId();
 
             if (sigAlgId == null) {
-                byte[]encodedOID = ASN1Util.encode(algm.toOID());
+                byte[] encodedOID = ASN1Util.encode(algm.toOID());
 
                 sigAlgId = new AlgorithmId(new ObjectIdentifier(
                                 new DerInputStream(encodedOID)));
             }
             certInfo.set(X509CertInfo.ALGORITHM_ID,
-                new CertificateAlgorithmId(sigAlgId));
+                    new CertificateAlgorithmId(sigAlgId));
         } catch (InvalidKeyException e) {
             throw new EBaseException(CMS.getUserMessage("CMS_BASE_INVALID_KEY"));
-        } catch (CertificateException e) { 
+        } catch (CertificateException e) {
             throw new EBaseException(CMS.getUserMessage("CMS_BASE_INVALID_CERT", e.toString()));
         } catch (IOException e) {
             throw new EBaseException(CMS.getUserMessage("CMS_BASE_INVALID_CERT", e.toString()));
@@ -225,7 +223,7 @@ public abstract class CertificateInfo {
         KeyCertUtil.setDERExtension(exts, mProperties);
         KeyCertUtil.setBasicConstraintsExtension(exts, mProperties);
         KeyCertUtil.setSubjectKeyIdentifier(mKeyPair, exts, mProperties);
-        //KeyCertUtil.setOCSPSigning(mKeyPair, exts, mProperties);
+        // KeyCertUtil.setOCSPSigning(mKeyPair, exts, mProperties);
         KeyCertUtil.setAuthInfoAccess(mKeyPair, exts, mProperties);
         KeyCertUtil.setOCSPNoCheck(mKeyPair, exts, mProperties);
         KeyPair caKeyPair = (KeyPair) mProperties.get(Constants.PR_CA_KEYPAIR);
@@ -246,7 +244,7 @@ public abstract class CertificateInfo {
 
         if (isKeyUsageEnabled) {
             KeyCertUtil.setKeyUsageExtension(
-                exts, getKeyUsageExtension());
+                    exts, getKeyUsageExtension());
         }
         return exts;
     }
@@ -256,7 +254,7 @@ public abstract class CertificateInfo {
     }
 
     public void setAuthorityKeyIdExt(CertificateExtensions caexts, CertificateExtensions ext)
-        throws IOException, CertificateException, CertificateEncodingException,
+            throws IOException, CertificateException, CertificateEncodingException,
             CertificateParsingException {
         SubjectKeyIdentifierExtension subjKeyExt = null;
 
@@ -272,10 +270,9 @@ public abstract class CertificateInfo {
             KeyIdentifier keyId = (KeyIdentifier) subjKeyExt.get(
                     SubjectKeyIdentifierExtension.KEY_ID);
             AuthorityKeyIdentifierExtension authExt =
-                new AuthorityKeyIdentifierExtension(false, keyId, null, null);
+                    new AuthorityKeyIdentifierExtension(false, keyId, null, null);
 
             ext.set(AuthorityKeyIdentifierExtension.class.getSimpleName(), authExt);
         }
     }
 }
-
diff --git a/pki/base/common/src/com/netscape/cmscore/security/JssSubsystem.java b/pki/base/common/src/com/netscape/cmscore/security/JssSubsystem.java
index 372b966b..627b4022 100644
--- a/pki/base/common/src/com/netscape/cmscore/security/JssSubsystem.java
+++ b/pki/base/common/src/com/netscape/cmscore/security/JssSubsystem.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cmscore.security;
 
-
 import java.io.ByteArrayOutputStream;
 import java.io.FileInputStream;
 import java.io.FileOutputStream;
@@ -101,10 +100,10 @@ import com.netscape.cmscore.cert.CertUtils;
 import com.netscape.cmscore.util.Debug;
 import com.netscape.cmsutil.crypto.CryptoUtil;
 
-
 /**
  * Subsystem for initializing JSS>
  * <P>
+ * 
  * @version $Revision$ $Date$
  */
 public final class JssSubsystem implements ICryptoSubsystem {
@@ -131,13 +130,14 @@ public final class JssSubsystem implements ICryptoSubsystem {
     private Hashtable<String, X509Certificate[]> mNicknameMapCertsTable = new Hashtable<String, X509Certificate[]>();
     private Hashtable<String, X509Certificate[]> mNicknameMapUserCertsTable = new Hashtable<String, X509Certificate[]>();
 
-	private FileInputStream devRandomInputStream=null;
+    private FileInputStream devRandomInputStream = null;
 
-    // This date format is to format the date string of the certificate in such a way as
+    // This date format is to format the date string of the certificate in such
+    // a way as
     // May 01, 1999 01:55:55.
     private static SimpleDateFormat mFormatter = new SimpleDateFormat("MMMMM dd, yyyy HH:mm:ss");
 
-    // SSL related variables. 
+    // SSL related variables.
 
     private IConfigStore mSSLConfig = null;
 
@@ -147,20 +147,20 @@ public final class JssSubsystem implements ICryptoSubsystem {
 
     private static Hashtable<String, Integer> mCipherNames = new Hashtable<String, Integer>();
 
-    /* default sslv2 and sslv3 cipher suites(all), set if no prefs in config.*/
-    private static final String DEFAULT_CIPHERPREF = 
-        "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA," +
-        "TLS_RSA_WITH_AES_128_CBC_SHA," +
-        "TLS_RSA_WITH_AES_256_CBC_SHA," +
-        "TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA," +
-        "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA," +
-//        "TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA," +
-//        "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA," +
-//        "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA," +
-        "TLS_DHE_DSS_WITH_AES_128_CBC_SHA," +
-        "TLS_DHE_DSS_WITH_AES_256_CBC_SHA," +
-        "TLS_DHE_RSA_WITH_AES_128_CBC_SHA," +
-        "TLS_DHE_RSA_WITH_AES_256_CBC_SHA";
+    /* default sslv2 and sslv3 cipher suites(all), set if no prefs in config. */
+    private static final String DEFAULT_CIPHERPREF =
+            "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA," +
+                    "TLS_RSA_WITH_AES_128_CBC_SHA," +
+                    "TLS_RSA_WITH_AES_256_CBC_SHA," +
+                    "TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA," +
+                    "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA," +
+                    // "TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA," +
+                    // "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA," +
+                    // "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA," +
+                    "TLS_DHE_DSS_WITH_AES_128_CBC_SHA," +
+                    "TLS_DHE_DSS_WITH_AES_256_CBC_SHA," +
+                    "TLS_DHE_RSA_WITH_AES_128_CBC_SHA," +
+                    "TLS_DHE_RSA_WITH_AES_256_CBC_SHA";
 
     /* list of all ciphers JSS supports */
     private static final int mJSSCipherSuites[] = {
@@ -184,44 +184,45 @@ public final class JssSubsystem implements ICryptoSubsystem {
     static {
 
         /* set ssl cipher string names. */
-        /* disallowing SSL2 ciphers to be turned on
-        mCipherNames.put(Constants.PR_SSL2_RC4_128_WITH_MD5,
-            Integer.valueOf(SSLSocket.SSL2_RC4_128_WITH_MD5));
-        mCipherNames.put(Constants.PR_SSL2_RC4_128_EXPORT40_WITH_MD5,
-            Integer.valueOf(SSLSocket.SSL2_RC4_128_EXPORT40_WITH_MD5));
-        mCipherNames.put(Constants.PR_SSL2_RC2_128_CBC_WITH_MD5,
-            Integer.valueOf(SSLSocket.SSL2_RC2_128_CBC_WITH_MD5));
-        mCipherNames.put(Constants.PR_SSL2_RC2_128_CBC_EXPORT40_WITH_MD5,
-            Integer.valueOf(SSLSocket.SSL2_RC2_128_CBC_EXPORT40_WITH_MD5));
-        mCipherNames.put(Constants.PR_SSL2_DES_64_CBC_WITH_MD5,
-            Integer.valueOf(SSLSocket.SSL2_DES_64_CBC_WITH_MD5));
-        mCipherNames.put(Constants.PR_SSL2_DES_192_EDE3_CBC_WITH_MD5,
-            Integer.valueOf(SSLSocket.SSL2_DES_192_EDE3_CBC_WITH_MD5));
-        */
+        /*
+         * disallowing SSL2 ciphers to be turned on
+         * mCipherNames.put(Constants.PR_SSL2_RC4_128_WITH_MD5,
+         * Integer.valueOf(SSLSocket.SSL2_RC4_128_WITH_MD5));
+         * mCipherNames.put(Constants.PR_SSL2_RC4_128_EXPORT40_WITH_MD5,
+         * Integer.valueOf(SSLSocket.SSL2_RC4_128_EXPORT40_WITH_MD5));
+         * mCipherNames.put(Constants.PR_SSL2_RC2_128_CBC_WITH_MD5,
+         * Integer.valueOf(SSLSocket.SSL2_RC2_128_CBC_WITH_MD5));
+         * mCipherNames.put(Constants.PR_SSL2_RC2_128_CBC_EXPORT40_WITH_MD5,
+         * Integer.valueOf(SSLSocket.SSL2_RC2_128_CBC_EXPORT40_WITH_MD5));
+         * mCipherNames.put(Constants.PR_SSL2_DES_64_CBC_WITH_MD5,
+         * Integer.valueOf(SSLSocket.SSL2_DES_64_CBC_WITH_MD5));
+         * mCipherNames.put(Constants.PR_SSL2_DES_192_EDE3_CBC_WITH_MD5,
+         * Integer.valueOf(SSLSocket.SSL2_DES_192_EDE3_CBC_WITH_MD5));
+         */
         mCipherNames.put(Constants.PR_SSL3_RSA_WITH_NULL_MD5,
-            Integer.valueOf(SSLSocket.SSL3_RSA_WITH_NULL_MD5));
+                Integer.valueOf(SSLSocket.SSL3_RSA_WITH_NULL_MD5));
         mCipherNames.put(Constants.PR_SSL3_RSA_EXPORT_WITH_RC4_40_MD5,
-            Integer.valueOf(SSLSocket.SSL3_RSA_EXPORT_WITH_RC4_40_MD5));
+                Integer.valueOf(SSLSocket.SSL3_RSA_EXPORT_WITH_RC4_40_MD5));
         mCipherNames.put(Constants.PR_SSL3_RSA_WITH_RC4_128_MD5,
-            Integer.valueOf(SSLSocket.SSL3_RSA_WITH_RC4_128_MD5));
+                Integer.valueOf(SSLSocket.SSL3_RSA_WITH_RC4_128_MD5));
         mCipherNames.put(Constants.PR_SSL3_RSA_EXPORT_WITH_RC2_CBC_40_MD5,
-            Integer.valueOf(SSLSocket.SSL3_RSA_EXPORT_WITH_RC2_CBC_40_MD5));
+                Integer.valueOf(SSLSocket.SSL3_RSA_EXPORT_WITH_RC2_CBC_40_MD5));
         mCipherNames.put(Constants.PR_SSL3_RSA_WITH_DES_CBC_SHA,
-            Integer.valueOf(SSLSocket.SSL3_RSA_WITH_DES_CBC_SHA));
+                Integer.valueOf(SSLSocket.SSL3_RSA_WITH_DES_CBC_SHA));
         mCipherNames.put(Constants.PR_SSL3_RSA_WITH_3DES_EDE_CBC_SHA,
-            Integer.valueOf(SSLSocket.SSL3_RSA_WITH_3DES_EDE_CBC_SHA));
+                Integer.valueOf(SSLSocket.SSL3_RSA_WITH_3DES_EDE_CBC_SHA));
         mCipherNames.put(Constants.PR_SSL3_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA,
-            Integer.valueOf(SSLSocket.SSL3_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA));
+                Integer.valueOf(SSLSocket.SSL3_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA));
         mCipherNames.put(Constants.PR_SSL3_FORTEZZA_DMS_WITH_RC4_128_SHA,
-            Integer.valueOf(SSLSocket.SSL3_FORTEZZA_DMS_WITH_RC4_128_SHA));
+                Integer.valueOf(SSLSocket.SSL3_FORTEZZA_DMS_WITH_RC4_128_SHA));
         mCipherNames.put(Constants.PR_SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA,
-            Integer.valueOf(SSLSocket.SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA));
+                Integer.valueOf(SSLSocket.SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA));
         mCipherNames.put(Constants.PR_SSL_RSA_FIPS_WITH_DES_CBC_SHA,
-            Integer.valueOf(SSLSocket.SSL_RSA_FIPS_WITH_DES_CBC_SHA));
+                Integer.valueOf(SSLSocket.SSL_RSA_FIPS_WITH_DES_CBC_SHA));
         mCipherNames.put(Constants.PR_TLS_RSA_EXPORT1024_WITH_RC4_56_SHA,
-            Integer.valueOf(SSLSocket.TLS_RSA_EXPORT1024_WITH_RC4_56_SHA));
+                Integer.valueOf(SSLSocket.TLS_RSA_EXPORT1024_WITH_RC4_56_SHA));
         mCipherNames.put(Constants.PR_TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA,
-            Integer.valueOf(SSLSocket.TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA));
+                Integer.valueOf(SSLSocket.TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA));
     }
 
     public static JssSubsystem getInstance() {
@@ -243,40 +244,37 @@ public final class JssSubsystem implements ICryptoSubsystem {
 
     }
 
-	// Add entropy to the 'default' RNG token
-	public void addEntropy(int bits)
-    throws org.mozilla.jss.util.NotImplementedException, 
-			IOException,
-			TokenException
-	{
-		int read=0;
-		int bytes = (7+bits)/8;
-		byte[] b = new byte[bytes];
-		if (devRandomInputStream == null) {
-			throw new IOException(CMS.getLogMessage("CMSCORE_SECURITY_NO_ENTROPY_STREAM"));
-		}
-		do {
-			int c = devRandomInputStream.read(b,read,bytes-read);
-			read += c;
-		}
-		while (read < bytes);
-
-        CMS.debug("JssSubsystem adding "+bits+" bits ("+bytes+" bytes) of entropy to default RNG token");
-		CMS.debug(b);
-		PK11SecureRandom sr = new PK11SecureRandom();
-		sr.setSeed(b);
-	}
-  
+    // Add entropy to the 'default' RNG token
+    public void addEntropy(int bits)
+            throws org.mozilla.jss.util.NotImplementedException,
+            IOException,
+            TokenException {
+        int read = 0;
+        int bytes = (7 + bits) / 8;
+        byte[] b = new byte[bytes];
+        if (devRandomInputStream == null) {
+            throw new IOException(CMS.getLogMessage("CMSCORE_SECURITY_NO_ENTROPY_STREAM"));
+        }
+        do {
+            int c = devRandomInputStream.read(b, read, bytes - read);
+            read += c;
+        } while (read < bytes);
+
+        CMS.debug("JssSubsystem adding " + bits + " bits (" + bytes + " bytes) of entropy to default RNG token");
+        CMS.debug(b);
+        PK11SecureRandom sr = new PK11SecureRandom();
+        sr.setSeed(b);
+    }
+
     /**
-     * Initializes the Jss security subsystem.  
+     * Initializes the Jss security subsystem.
      * <P>
      */
-    public void init(ISubsystem owner, IConfigStore config) 
-        throws EBaseException {
+    public void init(ISubsystem owner, IConfigStore config)
+            throws EBaseException {
         mLogger = CMS.getLogger();
-		
-        if (mInited)
-        {
+
+        if (mInited) {
             // This used to throw an exeception (e.g. - on Solaris).
             // If JSS is already initialized simply return.
             CMS.debug("JssSubsystem already inited.. returning.");
@@ -309,9 +307,9 @@ public final class JssSubsystem implements ICryptoSubsystem {
         String certDir;
 
         certDir = config.getString(CONFIG_DIR, null);
-        
-        CryptoManager.InitializationValues vals = 
-            new CryptoManager.InitializationValues(certDir,
+
+        CryptoManager.InitializationValues vals =
+                new CryptoManager.InitializationValues(certDir,
                                                    "", "", "secmod.db");
 
         vals.removeSunProvider = false;
@@ -321,7 +319,7 @@ public final class JssSubsystem implements ICryptoSubsystem {
         } catch (AlreadyInitializedException e) {
             // do nothing
         } catch (Exception e) {
-            String[] params = {mId, e.toString()};
+            String[] params = { mId, e.toString() };
             EBaseException ex = new EBaseException(
                     CMS.getUserMessage("CMS_BASE_CREATE_SERVICE_FAILED", params));
 
@@ -333,19 +331,19 @@ public final class JssSubsystem implements ICryptoSubsystem {
             mCryptoManager = CryptoManager.getInstance();
             initSSL();
         } catch (CryptoManager.NotInitializedException e) {
-            String[] params = {mId, e.toString()};
+            String[] params = { mId, e.toString() };
             EBaseException ex = new EBaseException(
                     CMS.getUserMessage("CMS_BASE_CREATE_SERVICE_FAILED", params));
 
             log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_GENERAL_ERROR", ex.toString()));
             throw ex;
         }
- 
+
         mInited = true;
     }
 
     public String getCipherVersion() throws EBaseException {
-        return "cipherdomestic"; 
+        return "cipherdomestic";
     }
 
     public String getCipherPreferences() throws EBaseException {
@@ -370,9 +368,9 @@ public final class JssSubsystem implements ICryptoSubsystem {
     }
 
     public String isCipherFortezza() throws EBaseException {
-        // we always display fortezza suites. 
-        // too much work to display tokens/certs corresponding to the 
-        // suites. 
+        // we always display fortezza suites.
+        // too much work to display tokens/certs corresponding to the
+        // suites.
         return "true";
     }
 
@@ -383,13 +381,13 @@ public final class JssSubsystem implements ICryptoSubsystem {
 
         if (position == -1) {
             Debug.trace("Unable to install CMS provider");
-            log(ILogger.LL_FAILURE, 
-                CMS.getLogMessage("CMSCORE_SECURITY_INSTALL_PROVIDER"));
+            log(ILogger.LL_FAILURE,
+                    CMS.getLogMessage("CMSCORE_SECURITY_INSTALL_PROVIDER"));
         }
     }
 
-    public void setCipherPreferences(String cipherPrefs) 
-        throws EBaseException {
+    public void setCipherPreferences(String cipherPrefs)
+            throws EBaseException {
         if (mSSLConfig != null) {
             if (cipherPrefs.equals(""))
                 throw new EBaseException(CMS.getUserMessage("CMS_BASE_NO_EMPTY_CIPHERPREFS"));
@@ -402,7 +400,7 @@ public final class JssSubsystem implements ICryptoSubsystem {
      * 
      */
     private void initSSL() throws EBaseException {
-        // JSS will AND what is set and what is allowed by export policy 
+        // JSS will AND what is set and what is allowed by export policy
         // so we can set what is requested.
 
         try {
@@ -418,11 +416,11 @@ public final class JssSubsystem implements ICryptoSubsystem {
         if (Debug.ON)
             Debug.trace("configured ssl cipher prefs is " + sslCiphers);
 
-            // first, disable all ciphers, since JSS defaults to all-enabled 
+        // first, disable all ciphers, since JSS defaults to all-enabled
         for (int i = mJSSCipherSuites.length - 1; i >= 0; i--) {
             try {
                 SSLSocket.setCipherPreferenceDefault(mJSSCipherSuites[i],
-                    false);
+                        false);
             } catch (SocketException e) {
             }
         }
@@ -433,8 +431,8 @@ public final class JssSubsystem implements ICryptoSubsystem {
             StringTokenizer ciphers = new StringTokenizer(sslCiphers, ",");
 
             if (!ciphers.hasMoreTokens()) {
-                log(ILogger.LL_FAILURE, 
-                    CMS.getLogMessage("CMSCORE_SECURITY_INVALID_CIPHER", sslCiphers));
+                log(ILogger.LL_FAILURE,
+                        CMS.getLogMessage("CMSCORE_SECURITY_INVALID_CIPHER", sslCiphers));
                 throw new EBaseException(CMS.getUserMessage("CMS_BASE_INVALID_PROPERTY", PROP_SSL_CIPHERPREF));
             }
             while (ciphers.hasMoreTokens()) {
@@ -444,13 +442,13 @@ public final class JssSubsystem implements ICryptoSubsystem {
                 if (sslcipher != null) {
                     String msg = "setting ssl cipher " + cipher;
 
-                    CMS.debug("JSSSubsystem: initSSL(): "+msg);
+                    CMS.debug("JSSSubsystem: initSSL(): " + msg);
                     log(ILogger.LL_INFO, msg);
                     if (Debug.ON)
                         Debug.trace(msg);
                     try {
                         SSLSocket.setCipherPreferenceDefault(
-                            sslcipher.intValue(), true);
+                                sslcipher.intValue(), true);
                     } catch (SocketException e) {
                     }
                 }
@@ -458,7 +456,7 @@ public final class JssSubsystem implements ICryptoSubsystem {
         }
 
     }
-	
+
     /**
      * Retrieves a configuration store of this subsystem.
      * <P>
@@ -472,26 +470,26 @@ public final class JssSubsystem implements ICryptoSubsystem {
      */
     public void startup() throws EBaseException {
     }
-	
+
     /**
      * Shutdowns this subsystem.
      * <P>
      */
     public void shutdown() {
         try {
-          // After talking to NSS teamm, we should not call close databases
-          // which will call NSS_Shutdown. Web Server will call NSS_Shutdown
-          boolean isClosing = mConfig.getBoolean("closeDatabases", false);
-          if (isClosing) {
-            JSSDatabaseCloser closer = new JSSDatabaseCloser();
-            closer.closeDatabases();
-          }
+            // After talking to NSS teamm, we should not call close databases
+            // which will call NSS_Shutdown. Web Server will call NSS_Shutdown
+            boolean isClosing = mConfig.getBoolean("closeDatabases", false);
+            if (isClosing) {
+                JSSDatabaseCloser closer = new JSSDatabaseCloser();
+                closer.closeDatabases();
+            }
         } catch (Exception e) {
         }
     }
 
     public void log(int level, String msg) {
-        mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER, level, "JSS " + msg); 
+        mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER, level, "JSS " + msg);
     }
 
     public PasswordCallback getPWCB() {
@@ -505,7 +503,7 @@ public final class JssSubsystem implements ICryptoSubsystem {
         try {
             name = c.getName();
         } catch (TokenException e) {
-            String[] params = {mId, e.toString()};
+            String[] params = { mId, e.toString() };
             EBaseException ex = new EBaseException(
                     CMS.getUserMessage("CMS_BASE_CREATE_SERVICE_FAILED", params));
 
@@ -519,12 +517,12 @@ public final class JssSubsystem implements ICryptoSubsystem {
     public String getTokenList() throws EBaseException {
         String tokenList = "";
         @SuppressWarnings("unchecked")
-		Enumeration<CryptoToken> tokens = mCryptoManager.getExternalTokens();
+        Enumeration<CryptoToken> tokens = mCryptoManager.getExternalTokens();
         int num = 0;
 
         try {
             while (tokens.hasMoreElements()) {
-                CryptoToken c =  tokens.nextElement();
+                CryptoToken c = tokens.nextElement();
 
                 // skip builtin object token
                 if (c.getName() != null && c.getName().equals("Builtin Object Token")) {
@@ -532,12 +530,12 @@ public final class JssSubsystem implements ICryptoSubsystem {
                 }
 
                 if (num++ == 0)
-                    tokenList = tokenList + c.getName(); 
-                else 
+                    tokenList = tokenList + c.getName();
+                else
                     tokenList = tokenList + "," + c.getName();
             }
         } catch (TokenException e) {
-            String[] params = {mId, e.toString()};
+            String[] params = { mId, e.toString() };
             EBaseException ex = new EBaseException(
                     CMS.getUserMessage("CMS_BASE_CREATE_SERVICE_FAILED", params));
 
@@ -545,8 +543,8 @@ public final class JssSubsystem implements ICryptoSubsystem {
             throw ex;
         }
 
-        if (tokenList.equals("")) 
-            return Constants.PR_INTERNAL_TOKEN; 
+        if (tokenList.equals(""))
+            return Constants.PR_INTERNAL_TOKEN;
         else
             return (tokenList + "," + Constants.PR_INTERNAL_TOKEN);
     }
@@ -585,8 +583,8 @@ public final class JssSubsystem implements ICryptoSubsystem {
         }
     }
 
-    public String getCertSubjectName(String tokenname, String nickname) 
-        throws EBaseException {
+    public String getCertSubjectName(String tokenname, String nickname)
+            throws EBaseException {
         try {
             return KeyCertUtil.getCertSubjectName(tokenname, nickname);
         } catch (NoSuchTokenException e) {
@@ -609,7 +607,7 @@ public final class JssSubsystem implements ICryptoSubsystem {
 
         try {
             @SuppressWarnings("unchecked")
-			Enumeration<CryptoToken> enums = mCryptoManager.getAllTokens();
+            Enumeration<CryptoToken> enums = mCryptoManager.getAllTokens();
 
             while (enums.hasMoreElements()) {
                 CryptoToken token = enums.nextElement();
@@ -626,7 +624,7 @@ public final class JssSubsystem implements ICryptoSubsystem {
                 }
             }
         } catch (TokenException e) {
-            String[] params = {mId, e.toString()};
+            String[] params = { mId, e.toString() };
             EBaseException ex = new EBaseException(
                     CMS.getUserMessage("CMS_BASE_CREATE_SERVICE_FAILED", params));
 
@@ -655,7 +653,7 @@ public final class JssSubsystem implements ICryptoSubsystem {
 
                 if (list == null)
                     return "";
-        
+
                 for (int i = 0; i < list.length; i++) {
                     String nickname = list[i].getNickname();
                     int index = nickname.indexOf(":");
@@ -672,14 +670,14 @@ public final class JssSubsystem implements ICryptoSubsystem {
                 return "";
 
         } catch (TokenException e) {
-            String[] params = {mId, e.toString()};
+            String[] params = { mId, e.toString() };
             EBaseException ex = new EBaseException(
                     CMS.getUserMessage("CMS_BASE_CREATE_SERVICE_FAILED", params));
 
             log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_GENERAL_ERROR", ex.toString()));
             throw ex;
         } catch (NoSuchTokenException e) {
-            String[] params = {mId, e.toString()};
+            String[] params = { mId, e.toString() };
             EBaseException ex = new EBaseException(
                     CMS.getUserMessage("CMS_BASE_CREATE_SERVICE_FAILED", params));
 
@@ -706,7 +704,7 @@ public final class JssSubsystem implements ICryptoSubsystem {
 
                 if (list == null)
                     return "";
-        
+
                 for (int i = 0; i < list.length; i++) {
                     String nickname = list[i].getNickname();
 
@@ -720,14 +718,14 @@ public final class JssSubsystem implements ICryptoSubsystem {
                 return "";
 
         } catch (TokenException e) {
-            String[] params = {mId, e.toString()};
+            String[] params = { mId, e.toString() };
             EBaseException ex = new EBaseException(
                     CMS.getUserMessage("CMS_BASE_CREATE_SERVICE_FAILED", params));
 
             log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_GENERAL_ERROR", ex.toString()));
             throw ex;
         } catch (NoSuchTokenException e) {
-            String[] params = {mId, e.toString()};
+            String[] params = { mId, e.toString() };
             EBaseException ex = new EBaseException(
                     CMS.getUserMessage("CMS_BASE_CREATE_SERVICE_FAILED", params));
 
@@ -736,8 +734,8 @@ public final class JssSubsystem implements ICryptoSubsystem {
         }
     }
 
-    public AlgorithmId getAlgorithmId(String algname, IConfigStore store) 
-        throws EBaseException {
+    public AlgorithmId getAlgorithmId(String algname, IConfigStore store)
+            throws EBaseException {
         try {
             if (algname.equals("DSA")) {
                 byte[] p = store.getByteArray("ca.dsaP", null);
@@ -760,8 +758,8 @@ public final class JssSubsystem implements ICryptoSubsystem {
 
     public String getSignatureAlgorithm(String nickname) throws EBaseException {
         try {
-            X509Certificate cert = 
-                CryptoManager.getInstance().findCertByNickname(nickname);
+            X509Certificate cert =
+                    CryptoManager.getInstance().findCertByNickname(nickname);
             X509CertImpl impl = new X509CertImpl(cert.getEncoded());
 
             return impl.getSigAlgName();
@@ -777,15 +775,15 @@ public final class JssSubsystem implements ICryptoSubsystem {
         } catch (CertificateException e) {
             log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_ALG", e.toString()));
             throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_ERROR", ""));
-        } 
+        }
     }
 
     public KeyPair getKeyPair(String nickname) throws EBaseException {
         try {
-            X509Certificate cert = 
-                CryptoManager.getInstance().findCertByNickname(nickname);
-            PrivateKey priKey = 
-                CryptoManager.getInstance().findPrivKeyByCert(cert);
+            X509Certificate cert =
+                    CryptoManager.getInstance().findCertByNickname(nickname);
+            PrivateKey priKey =
+                    CryptoManager.getInstance().findPrivKeyByCert(cert);
             PublicKey publicKey = cert.getPublicKey();
 
             return new KeyPair(publicKey, priKey);
@@ -802,12 +800,12 @@ public final class JssSubsystem implements ICryptoSubsystem {
     }
 
     public KeyPair getKeyPair(String tokenName, String alg,
-        int keySize) throws EBaseException {
+            int keySize) throws EBaseException {
         return getKeyPair(tokenName, alg, keySize, null);
     }
 
     public KeyPair getKeyPair(String tokenName, String alg,
-        int keySize, PQGParams pqg) throws EBaseException {
+            int keySize, PQGParams pqg) throws EBaseException {
 
         String t = tokenName;
         if (tokenName.equals(Constants.PR_INTERNAL_TOKEN))
@@ -815,12 +813,12 @@ public final class JssSubsystem implements ICryptoSubsystem {
         CryptoToken token = null;
 
         try {
-            token = mCryptoManager.getTokenByName(t);       
+            token = mCryptoManager.getTokenByName(t);
         } catch (NoSuchTokenException e) {
             log(ILogger.LL_FAILURE, "Generate Key Pair Error " + e);
             throw new EBaseException(CMS.getUserMessage("CMS_BASE_TOKEN_NOT_FOUND", tokenName));
         }
-      
+
         KeyPairAlgorithm kpAlg = null;
 
         if (alg.equals("RSA"))
@@ -862,11 +860,11 @@ public final class JssSubsystem implements ICryptoSubsystem {
         }
     }
 
-    public String getCertRequest(String subjectName, KeyPair kp) 
-        throws EBaseException {
+    public String getCertRequest(String subjectName, KeyPair kp)
+            throws EBaseException {
         try {
             netscape.security.pkcs.PKCS10 pkcs =
-                KeyCertUtil.getCertRequest(subjectName, kp);
+                    KeyCertUtil.getCertRequest(subjectName, kp);
             ByteArrayOutputStream bs = new ByteArrayOutputStream();
             PrintStream ps = new PrintStream(bs);
 
@@ -893,8 +891,8 @@ public final class JssSubsystem implements ICryptoSubsystem {
         }
     }
 
-    public void importCert(String b64E, String nickname, String certType) 
-        throws EBaseException {
+    public void importCert(String b64E, String nickname, String certType)
+            throws EBaseException {
         try {
             KeyCertUtil.importCert(b64E, nickname, certType);
         } catch (CertificateException e) {
@@ -931,7 +929,7 @@ public final class JssSubsystem implements ICryptoSubsystem {
         String tmp = (String) properties.get(Constants.PR_TOKEN_NAME);
 
         if ((tmp != null) &&
-            (!tmp.equals(Constants.PR_INTERNAL_TOKEN)))
+                (!tmp.equals(Constants.PR_INTERNAL_TOKEN)))
             tokenname = tmp;
         tmp = (String) properties.get(Constants.PR_KEY_TYPE);
         if (tmp != null)
@@ -953,9 +951,9 @@ public final class JssSubsystem implements ICryptoSubsystem {
         KeyPair pair = null;
 
         String tmp = (String) properties.get(Constants.PR_TOKEN_NAME);
-        if (tmp != null) 
+        if (tmp != null)
             token = tmp;
-    
+
         tmp = (String) properties.get(Constants.PR_KEY_CURVENAME);
         if (tmp != null)
             keyCurve = tmp;
@@ -966,7 +964,7 @@ public final class JssSubsystem implements ICryptoSubsystem {
 
         return pair;
     }
- 
+
     public KeyPair getECCKeyPair(String token, String keyCurve, String certType) throws EBaseException {
         KeyPair pair = null;
 
@@ -974,26 +972,26 @@ public final class JssSubsystem implements ICryptoSubsystem {
             token = Constants.PR_INTERNAL_TOKEN_NAME;
 
         if ((keyCurve == null) || (keyCurve.equals("")))
-             keyCurve = "nistp512";
+            keyCurve = "nistp512";
 
         String ectype = getECType(certType);
 
         // ECDHE needs "SIGN" but no "DERIVE"
         org.mozilla.jss.crypto.KeyPairGeneratorSpi.Usage usages_mask[] = {
-            org.mozilla.jss.crypto.KeyPairGeneratorSpi.Usage.DERIVE
+                org.mozilla.jss.crypto.KeyPairGeneratorSpi.Usage.DERIVE
         };
 
         // ECDH needs "DERIVE" but no any kind of "SIGN"
         org.mozilla.jss.crypto.KeyPairGeneratorSpi.Usage ECDH_usages_mask[] = {
-            org.mozilla.jss.crypto.KeyPairGeneratorSpi.Usage.SIGN,
-            org.mozilla.jss.crypto.KeyPairGeneratorSpi.Usage.SIGN_RECOVER,
+                org.mozilla.jss.crypto.KeyPairGeneratorSpi.Usage.SIGN,
+                org.mozilla.jss.crypto.KeyPairGeneratorSpi.Usage.SIGN_RECOVER,
         };
 
         try {
-            if (ectype.equals("ECDHE")) 
-                pair =  CryptoUtil.generateECCKeyPair(token, keyCurve, null, usages_mask);
+            if (ectype.equals("ECDHE"))
+                pair = CryptoUtil.generateECCKeyPair(token, keyCurve, null, usages_mask);
             else
-                pair =  CryptoUtil.generateECCKeyPair(token, keyCurve, null, ECDH_usages_mask);
+                pair = CryptoUtil.generateECCKeyPair(token, keyCurve, null, ECDH_usages_mask);
         } catch (NotInitializedException e) {
             log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_GET_ECC_KEY", e.toString()));
             throw new EBaseException(CMS.getUserMessage("CMS_BASE_CRYPTOMANAGER_UNINITIALIZED"));
@@ -1009,10 +1007,10 @@ public final class JssSubsystem implements ICryptoSubsystem {
         }
 
         return pair;
-    } 
+    }
 
     public void importCert(X509CertImpl signedCert, String nickname,
-        String certType) throws EBaseException {
+            String certType) throws EBaseException {
 
         try {
             KeyCertUtil.importCert(signedCert, nickname, certType);
@@ -1065,23 +1063,23 @@ public final class JssSubsystem implements ICryptoSubsystem {
     }
 
     public void deleteUserCert(String nickname, String serialno, String issuername)
-      throws EBaseException {
+            throws EBaseException {
         try {
             X509Certificate cert = getCertificate(nickname, serialno, issuername);
             if (cert instanceof TokenCertificate) {
                 TokenCertificate tcert = (TokenCertificate) cert;
                 CryptoStore store = tcert.getOwningToken().getCryptoStore();
 
-CMS.debug("*** deleting this token cert");
+                CMS.debug("*** deleting this token cert");
                 tcert.getOwningToken().getCryptoStore().deleteCert(tcert);
-CMS.debug("*** finish deleting this token cert");
+                CMS.debug("*** finish deleting this token cert");
             } else {
-               CryptoToken token = CryptoManager.getInstance().getInternalKeyStorageToken();
-               CryptoStore store = token.getCryptoStore();
+                CryptoToken token = CryptoManager.getInstance().getInternalKeyStorageToken();
+                CryptoStore store = token.getCryptoStore();
 
-CMS.debug("*** deleting this interna cert");
-               store.deleteCert(cert);
-CMS.debug("*** removing this interna cert");
+                CMS.debug("*** deleting this interna cert");
+                store.deleteCert(cert);
+                CMS.debug("*** removing this interna cert");
             }
         } catch (NotInitializedException e) {
             log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_DELETE_CERT", e.toString()));
@@ -1095,12 +1093,12 @@ CMS.debug("*** removing this interna cert");
         }
     }
 
-    public void deleteRootCert(String nickname, String serialno, 
-      String issuername) throws EBaseException {
+    public void deleteRootCert(String nickname, String serialno,
+            String issuername) throws EBaseException {
         int index = nickname.indexOf(":");
         String tokenname = nickname.substring(0, index);
         if (tokenname.equals(Constants.PR_INTERNAL_TOKEN_NAME)) {
-            nickname = nickname.substring(index+1);
+            nickname = nickname.substring(index + 1);
         }
         try {
             if (mNicknameMapCertsTable != null) {
@@ -1117,24 +1115,24 @@ CMS.debug("*** removing this interna cert");
                         X509CertImpl impl = new X509CertImpl(cert.getEncoded());
                         String num = impl.getSerialNumber().toString();
                         String issuer = impl.getIssuerDN().toString();
-CMS.debug("*** num "+num);
-CMS.debug("*** issuer "+issuer);
+                        CMS.debug("*** num " + num);
+                        CMS.debug("*** issuer " + issuer);
                         if (num.equals(serialno) && issuername.equals(issuer)) {
-CMS.debug("*** removing root cert");
+                            CMS.debug("*** removing root cert");
                             if (cert instanceof TokenCertificate) {
                                 TokenCertificate tcert = (TokenCertificate) cert;
                                 CryptoStore store = tcert.getOwningToken().getCryptoStore();
-                                
-CMS.debug("*** deleting this token cert");
-                                tcert.getOwningToken().getCryptoStore().deleteCert(tcert);                           
-CMS.debug("*** finish deleting this token cert");
+
+                                CMS.debug("*** deleting this token cert");
+                                tcert.getOwningToken().getCryptoStore().deleteCert(tcert);
+                                CMS.debug("*** finish deleting this token cert");
                             } else {
-                                CryptoToken token = CryptoManager.getInstance().getInternalKeyStorageToken();            
+                                CryptoToken token = CryptoManager.getInstance().getInternalKeyStorageToken();
                                 CryptoStore store = token.getCryptoStore();
-                                
-CMS.debug("*** deleting this interna cert");
+
+                                CMS.debug("*** deleting this interna cert");
                                 store.deleteCert(cert);
-CMS.debug("*** removing this interna cert");
+                                CMS.debug("*** removing this interna cert");
                             }
                             mNicknameMapCertsTable.remove(nickname);
                             break;
@@ -1162,7 +1160,7 @@ CMS.debug("*** removing this interna cert");
         NameValuePairs nvps = new NameValuePairs();
         try {
             @SuppressWarnings("unchecked")
-			Enumeration<CryptoToken> enums = mCryptoManager.getAllTokens();
+            Enumeration<CryptoToken> enums = mCryptoManager.getAllTokens();
             if (mNicknameMapCertsTable != null)
                 mNicknameMapCertsTable.clear();
 
@@ -1178,21 +1176,21 @@ CMS.debug("*** removing this interna cert");
 
                 for (int i = 0; i < list.length; i++) {
                     try {
-                        PrivateKey key = 
-                          CryptoManager.getInstance().findPrivKeyByCert(list[i]);
+                        PrivateKey key =
+                                CryptoManager.getInstance().findPrivKeyByCert(list[i]);
                         Debug.trace("JssSubsystem getRootCerts: find private key "
-                          +list[i].getNickname());
+                                + list[i].getNickname());
                     } catch (ObjectNotFoundException e) {
                         String nickname = list[i].getNickname();
-                        if (tokenName.equals(Constants.PR_INTERNAL_TOKEN_NAME)) { 
-                            nickname = Constants.PR_INTERNAL_TOKEN_NAME+":"+nickname;
+                        if (tokenName.equals(Constants.PR_INTERNAL_TOKEN_NAME)) {
+                            nickname = Constants.PR_INTERNAL_TOKEN_NAME + ":" + nickname;
                         }
                         X509CertImpl impl = null;
 
                         try {
                             Vector<X509Certificate> v;
                             if (vecTable.containsKey((Object) nickname) == true) {
-                                v =  vecTable.get(nickname);
+                                v = vecTable.get(nickname);
                             } else {
                                 v = new Vector<X509Certificate>();
                             }
@@ -1206,20 +1204,20 @@ CMS.debug("*** removing this interna cert");
                         }
                         String serialno = impl.getSerialNumber().toString();
                         String issuer = impl.getIssuerDN().toString();
-                        nvps.add(nickname+","+serialno, issuer);
-                        Debug.trace("getRootCerts: nickname="+nickname+", serialno="+
-                          serialno+", issuer="+issuer);
+                        nvps.add(nickname + "," + serialno, issuer);
+                        Debug.trace("getRootCerts: nickname=" + nickname + ", serialno=" +
+                                serialno + ", issuer=" + issuer);
                         continue;
                     } catch (CryptoManager.NotInitializedException e) {
                         continue;
                     }
-                }   
+                }
                 // convert hashtable of vectors to hashtable of arrays
                 Enumeration<String> elms = vecTable.keys();
 
                 while (elms.hasMoreElements()) {
                     String key = (String) elms.nextElement();
-                    Vector<X509Certificate> v =  vecTable.get((Object) key);
+                    Vector<X509Certificate> v = vecTable.get((Object) key);
                     X509Certificate[] a = new X509Certificate[v.size()];
 
                     v.copyInto((Object[]) a);
@@ -1239,7 +1237,7 @@ CMS.debug("*** removing this interna cert");
         NameValuePairs nvps = new NameValuePairs();
         try {
             @SuppressWarnings("unchecked")
-			Enumeration<CryptoToken> enums = mCryptoManager.getAllTokens();
+            Enumeration<CryptoToken> enums = mCryptoManager.getAllTokens();
 
             while (enums.hasMoreElements()) {
                 CryptoToken token = (CryptoToken) enums.nextElement();
@@ -1250,16 +1248,16 @@ CMS.debug("*** removing this interna cert");
 
                 for (int i = 0; i < list.length; i++) {
                     try {
-                        PrivateKey key = 
-                          CryptoManager.getInstance().findPrivKeyByCert(list[i]);
+                        PrivateKey key =
+                                CryptoManager.getInstance().findPrivKeyByCert(list[i]);
                         String nickname = list[i].getNickname();
                         if (tokenName.equals(Constants.PR_INTERNAL_TOKEN_NAME) ||
-                          tokenName.equals(Constants.PR_FULL_INTERNAL_TOKEN_NAME)) {
-                            nickname = Constants.PR_INTERNAL_TOKEN_NAME+":"+nickname;
+                                tokenName.equals(Constants.PR_FULL_INTERNAL_TOKEN_NAME)) {
+                            nickname = Constants.PR_INTERNAL_TOKEN_NAME + ":" + nickname;
                         }
                         X509CertImpl impl = null;
 
-                        try { 
+                        try {
                             impl = new X509CertImpl(list[i].getEncoded());
                         } catch (CertificateException e) {
                             // skip bad certificate
@@ -1268,17 +1266,17 @@ CMS.debug("*** removing this interna cert");
                         }
                         String serialno = impl.getSerialNumber().toString();
                         String issuer = impl.getIssuerDN().toString();
-                        nvps.add(nickname+","+serialno, issuer);
-                        Debug.trace("getUserCerts: nickname="+nickname+", serialno="+
-                          serialno+", issuer="+issuer);
+                        nvps.add(nickname + "," + serialno, issuer);
+                        Debug.trace("getUserCerts: nickname=" + nickname + ", serialno=" +
+                                serialno + ", issuer=" + issuer);
                     } catch (ObjectNotFoundException e) {
                         Debug.trace("JssSubsystem getUserCerts: cant find private key "
-                          +list[i].getNickname());
+                                + list[i].getNickname());
                         continue;
                     } catch (CryptoManager.NotInitializedException e) {
                         continue;
                     }
-                }   
+                }
             }
         } catch (TokenException e) {
             log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_GET_ALL_CERT", e.toString()));
@@ -1295,8 +1293,8 @@ CMS.debug("*** removing this interna cert");
     public NameValuePairs getAllCertsManage() throws EBaseException {
 
         /*
-         * first get all CA certs (internal only),
-         * then all user certs (both internal and external)
+         * first get all CA certs (internal only), then all user certs (both
+         * internal and external)
          */
 
         NameValuePairs pairs = getCACerts();
@@ -1306,7 +1304,7 @@ CMS.debug("*** removing this interna cert");
 
         try {
             @SuppressWarnings("unchecked")
-			Enumeration<CryptoToken> enums = mCryptoManager.getAllTokens();
+            Enumeration<CryptoToken> enums = mCryptoManager.getAllTokens();
 
             while (enums.hasMoreElements()) {
                 CryptoToken token = (CryptoToken) enums.nextElement();
@@ -1317,14 +1315,14 @@ CMS.debug("*** removing this interna cert");
 
                 for (int i = 0; i < list.length; i++) {
                     String nickname = list[i].getNickname();
-                    X509Certificate[] certificates = 
-                        CryptoManager.getInstance().findCertsByNickname(nickname);
+                    X509Certificate[] certificates =
+                            CryptoManager.getInstance().findCertsByNickname(nickname);
 
                     mNicknameMapUserCertsTable.put(nickname, certificates);
 
                     X509CertImpl impl = null;
 
-                    try { 
+                    try {
                         impl = new X509CertImpl(list[i].getEncoded());
                     } catch (CertificateException e) {
                         // skip bad certificate
@@ -1335,7 +1333,7 @@ CMS.debug("*** removing this interna cert");
                     String dateStr = mFormatter.format(date);
                     NameValuePair pair = pairs.getPair(nickname);
 
-                    /* always user cert here*/
+                    /* always user cert here */
                     String certValue = dateStr + "," + "u";
 
                     if (pair == null)
@@ -1346,7 +1344,7 @@ CMS.debug("*** removing this interna cert");
                         if (vvalue.endsWith(",u")) {
                             pair.setValue(vvalue + ";" + certValue);
                         }
-                    } 
+                    }
 
                 }
             } /* while */
@@ -1354,8 +1352,10 @@ CMS.debug("*** removing this interna cert");
             log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_GET_ALL_CERT", e.toString()));
             throw new EBaseException(CMS.getUserMessage("CMS_BASE_CRYPTOMANAGER_UNINITIALIZED"));
             // } catch (CertificateException e) {
-            //    log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_GET_ALL_CERT", e.toString()));
-            //   throw new EBaseException(BaseResources.CERT_ERROR);
+            // log(ILogger.LL_FAILURE,
+            // CMS.getLogMessage("CMSCORE_SECURITY_GET_ALL_CERT",
+            // e.toString()));
+            // throw new EBaseException(BaseResources.CERT_ERROR);
         } catch (TokenException e) {
             log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_GET_ALL_CERT", e.toString()));
             throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_ERROR", ""));
@@ -1367,26 +1367,26 @@ CMS.debug("*** removing this interna cert");
     public NameValuePairs getCACerts() throws EBaseException {
         NameValuePairs pairs = new NameValuePairs();
 
-        //InternalCertificate[] certs;
+        // InternalCertificate[] certs;
         X509Certificate[] certs;
 
         try {
-            certs = 
+            certs =
                     CryptoManager.getInstance().getCACerts();
         } catch (NotInitializedException e) {
             log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_GET_CA_CERT", e.toString()));
             throw new EBaseException(CMS.getUserMessage("CMS_BASE_CRYPTOMANAGER_UNINITIALIZED"));
         }
 
-        if( mNicknameMapCertsTable == null ) {
-            CMS.debug( "JssSubsystem::getCACerts() - "
-                     + "mNicknameMapCertsTable is null!" );
-            throw new EBaseException( "mNicknameMapCertsTable is null" );
+        if (mNicknameMapCertsTable == null) {
+            CMS.debug("JssSubsystem::getCACerts() - "
+                     + "mNicknameMapCertsTable is null!");
+            throw new EBaseException("mNicknameMapCertsTable is null");
         } else {
             mNicknameMapCertsTable.clear();
         }
 
-            // a temp hashtable with vectors
+        // a temp hashtable with vectors
         Hashtable<String, Vector<X509Certificate>> vecTable = new Hashtable<String, Vector<X509Certificate>>();
 
         for (int i = 0; i < certs.length; i++) {
@@ -1396,7 +1396,7 @@ CMS.debug("*** removing this interna cert");
             Vector<X509Certificate> v;
 
             if (vecTable.containsKey((Object) nickname) == true) {
-                v =  vecTable.get(nickname);
+                v = vecTable.get(nickname);
             } else {
                 v = new Vector<X509Certificate>();
             }
@@ -1409,19 +1409,19 @@ CMS.debug("*** removing this interna cert");
 
         while (elms.hasMoreElements()) {
             String key = (String) elms.nextElement();
-            Vector<X509Certificate> v =  vecTable.get((Object) key);
+            Vector<X509Certificate> v = vecTable.get((Object) key);
             X509Certificate[] a = new X509Certificate[v.size()];
 
             v.copyInto((Object[]) a);
             mNicknameMapCertsTable.put(key, a);
         }
 
-        Enumeration<String> keys = mNicknameMapCertsTable.keys(); 
+        Enumeration<String> keys = mNicknameMapCertsTable.keys();
 
         while (keys.hasMoreElements()) {
             String nickname = (String) keys.nextElement();
             X509Certificate[] value = (X509Certificate[]) mNicknameMapCertsTable.get(nickname);
-			
+
             for (int i = 0; i < value.length; i++) {
                 InternalCertificate icert = null;
 
@@ -1431,14 +1431,13 @@ CMS.debug("*** removing this interna cert");
                     Debug.trace("cert is not an InternalCertificate");
                     Debug.trace("nickname: " + nickname + "  index " + i);
                     Debug.trace("cert: " + value[i]);
-                    continue;  
+                    continue;
                 }
-				
+
                 int flag = icert.getSSLTrust();
                 String trust = "U";
 
-                if ((InternalCertificate.TRUSTED_CLIENT_CA & flag) == 
-                    InternalCertificate.TRUSTED_CLIENT_CA)
+                if ((InternalCertificate.TRUSTED_CLIENT_CA & flag) == InternalCertificate.TRUSTED_CLIENT_CA)
                     trust = "T";
                 X509CertImpl impl = null;
 
@@ -1455,12 +1454,12 @@ CMS.debug("*** removing this interna cert");
                         String vvalue = pair.getValue();
 
                         pair.setValue(vvalue + ";" + certValue);
-                    } 
+                    }
                 } catch (CertificateException e) {
                     log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_GET_CA_CERT_FOR", nickname, e.toString()));
                     // allow it to continue with other certs even if one blows
                     // up
-                    //            throw new EBaseException(BaseResources.CERT_ERROR);
+                    // throw new EBaseException(BaseResources.CERT_ERROR);
                 }
             }
         }
@@ -1489,8 +1488,8 @@ CMS.debug("*** removing this interna cert");
                             if (cert instanceof InternalCertificate) {
                                 if (trust.equals("Trust")) {
                                     int trustflag = InternalCertificate.TRUSTED_CA |
-                                        InternalCertificate.TRUSTED_CLIENT_CA | 
-                                        InternalCertificate.VALID_CA;
+                                            InternalCertificate.TRUSTED_CLIENT_CA |
+                                            InternalCertificate.VALID_CA;
 
                                     ((InternalCertificate) cert).setSSLTrust(trustflag);
                                 } else
@@ -1503,7 +1502,7 @@ CMS.debug("*** removing this interna cert");
                     }
                 }
             }
-        } catch (ParseException e) {    
+        } catch (ParseException e) {
             log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_TRUST_CERT", e.toString()));
             throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_ERROR", e.toString()));
         } catch (CertificateException e) {
@@ -1514,12 +1513,14 @@ CMS.debug("*** removing this interna cert");
 
     /**
      * Delete the CA certificate from the perm database.
+     * 
      * @param nickname The nickname of the CA certificate.
-     * @param notAfterTime The notAfter of the certificate. It is possible to get multiple
-     *   certificates under the same nickname. If one of the certificates match the notAfterTime,
-     *   then the certificate will get deleted. The format of the notAfterTime has to be
-     *   in "MMMMM dd, yyyy HH:mm:ss" format.
-     */ 
+     * @param notAfterTime The notAfter of the certificate. It is possible to
+     *            get multiple certificates under the same nickname. If one of
+     *            the certificates match the notAfterTime, then the certificate
+     *            will get deleted. The format of the notAfterTime has to be in
+     *            "MMMMM dd, yyyy HH:mm:ss" format.
+     */
     public void deleteCACert(String nickname, String notAfterTime) throws EBaseException {
         try {
             if (mNicknameMapCertsTable != null) {
@@ -1575,15 +1576,18 @@ CMS.debug("*** removing this interna cert");
 
     /**
      * Delete any certificate from the any token.
+     * 
      * @param nickname The nickname of the certificate.
-     * @param notAfterTime The notAfter of the certificate. It is possible to get multiple
-     *   certificates under the same nickname. If one of the certificates match the notAfterTime,
-     *   then the certificate will get deleted. The format of the notAfterTime has to be
-     *   in "MMMMM dd, yyyy HH:mm:ss" format.
-     */ 
+     * @param notAfterTime The notAfter of the certificate. It is possible to
+     *            get multiple certificates under the same nickname. If one of
+     *            the certificates match the notAfterTime, then the certificate
+     *            will get deleted. The format of the notAfterTime has to be in
+     *            "MMMMM dd, yyyy HH:mm:ss" format.
+     */
     public void deleteCert(String nickname, String notAfterTime) throws EBaseException {
         boolean isUserCert = false;
-        X509Certificate[] certs = null;;
+        X509Certificate[] certs = null;
+        ;
 
         try {
             if (mNicknameMapCertsTable != null) {
@@ -1677,15 +1681,16 @@ CMS.debug("*** removing this interna cert");
                 CryptoStore store = tcert.getOwningToken().getCryptoStore();
 
                 tcert.getOwningToken().getCryptoStore().deleteCert(tcert);
-            } else 
+            } else
                 throw new EBaseException(CMS.getUserMessage("CMS_BASE_NOT_TOKEN_CERT"));
 
             int index = nickname.indexOf(":");
- 
-            // the deleted certificate is on the hardware token. We should delete the same one from
+
+            // the deleted certificate is on the hardware token. We should
+            // delete the same one from
             // the internal token.
             if (index > 0) {
-                CryptoToken cToken = CryptoManager.getInstance().getInternalKeyStorageToken(); 
+                CryptoToken cToken = CryptoManager.getInstance().getInternalKeyStorageToken();
                 CryptoStore store = cToken.getCryptoStore();
                 X509Certificate[] allcerts = CryptoManager.getInstance().getCACerts();
 
@@ -1721,7 +1726,7 @@ CMS.debug("*** removing this interna cert");
         } catch (CertificateEncodingException e) {
             log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_DELETE_CERT", e.toString()));
             throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_ERROR", e.toString()));
-        } catch (IOException e) { 
+        } catch (IOException e) {
             log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_DELETE_CERT", e.toString()));
             throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_ERROR", e.toString()));
         }
@@ -1730,7 +1735,7 @@ CMS.debug("*** removing this interna cert");
     public String getSubjectDN(String nickname) throws EBaseException {
         try {
             X509Certificate cert =
-                CryptoManager.getInstance().findCertByNickname(nickname);
+                    CryptoManager.getInstance().findCertByNickname(nickname);
             X509CertImpl impl = new X509CertImpl(cert.getEncoded());
 
             return impl.getSubjectDN().getName();
@@ -1750,14 +1755,14 @@ CMS.debug("*** removing this interna cert");
     }
 
     public void setRootCertTrust(String nickname, String serialno,
-      String issuerName, String trust) throws EBaseException {
- 
+            String issuerName, String trust) throws EBaseException {
+
         X509Certificate cert = getCertificate(nickname, serialno, issuerName);
         if (cert instanceof InternalCertificate) {
             if (trust.equals("trust")) {
                 int trustflag = InternalCertificate.TRUSTED_CA |
-                  InternalCertificate.TRUSTED_CLIENT_CA |
-                  InternalCertificate.VALID_CA;
+                        InternalCertificate.TRUSTED_CLIENT_CA |
+                        InternalCertificate.VALID_CA;
 
                 ((InternalCertificate) cert).setSSLTrust(trustflag);
             } else {
@@ -1767,31 +1772,31 @@ CMS.debug("*** removing this interna cert");
     }
 
     public X509Certificate getCertificate(String nickname, String serialno,
-      String issuerName) throws EBaseException {
+            String issuerName) throws EBaseException {
 
         int index = nickname.indexOf(":");
         String tokenname = nickname.substring(0, index);
         if (tokenname.equals(Constants.PR_INTERNAL_TOKEN_NAME)) {
-            nickname = nickname.substring(index+1);
+            nickname = nickname.substring(index + 1);
         }
         try {
             X509Certificate[] certs =
-                CryptoManager.getInstance().findCertsByNickname(nickname);
+                    CryptoManager.getInstance().findCertsByNickname(nickname);
 
             X509CertImpl impl = null;
-            int i=0;
+            int i = 0;
             if (certs != null && certs.length > 0) {
                 for (; i < certs.length; i++) {
                     impl = new X509CertImpl(certs[i].getEncoded());
                     if (impl.getIssuerDN().toString().equals(issuerName) &&
-                        impl.getSerialNumber().toString().equals(serialno))
+                            impl.getSerialNumber().toString().equals(serialno))
                         return certs[i];
                 }
             } else {
                 EBaseException e =
-                  new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_NOT_FOUND"));
+                        new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_NOT_FOUND"));
                 log(ILogger.LL_FAILURE,
-                  CMS.getLogMessage("CMSCORE_SECURITY_PRINT_CERT", e.toString()));
+                        CMS.getLogMessage("CMSCORE_SECURITY_PRINT_CERT", e.toString()));
                 throw e;
             }
         } catch (NotInitializedException e) {
@@ -1799,50 +1804,50 @@ CMS.debug("*** removing this interna cert");
             throw new EBaseException(CMS.getUserMessage("CMS_BASE_CRYPTOMANAGER_UNINITIALIZED"));
         } catch (TokenException e) {
             log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_PRINT_CERT", e.toString()));
-            throw new EBaseException(CMS.getUserMessage("CMS_BASE_TOKEN_NOT_FOUND", ""));        } catch (CertificateException e) {
+            throw new EBaseException(CMS.getUserMessage("CMS_BASE_TOKEN_NOT_FOUND", ""));
+        } catch (CertificateException e) {
             log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_PRINT_CERT", e.toString()));
             throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_ERROR", e.toString()));
         }
-  
+
         return null;
     }
 
     public String getRootCertTrustBit(String nickname, String serialno,
-      String issuerName) throws EBaseException {
+            String issuerName) throws EBaseException {
         int index = nickname.indexOf(":");
         String tokenname = nickname.substring(0, index);
         if (tokenname.equals(Constants.PR_INTERNAL_TOKEN_NAME)) {
-            nickname = nickname.substring(index+1);
+            nickname = nickname.substring(index + 1);
         }
         try {
             X509Certificate[] certs =
-                CryptoManager.getInstance().findCertsByNickname(nickname);
+                    CryptoManager.getInstance().findCertsByNickname(nickname);
 
             X509CertImpl impl = null;
-            int i=0;
+            int i = 0;
             if (certs != null && certs.length > 0) {
                 for (; i < certs.length; i++) {
                     impl = new X509CertImpl(certs[i].getEncoded());
                     if (impl.getIssuerDN().toString().equals(issuerName) &&
-                        impl.getSerialNumber().toString().equals(serialno))
+                            impl.getSerialNumber().toString().equals(serialno))
                         break;
                 }
             } else {
                 EBaseException e =
-                  new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_NOT_FOUND"));
+                        new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_NOT_FOUND"));
                 log(ILogger.LL_FAILURE,
-                  CMS.getLogMessage("CMSCORE_SECURITY_PRINT_CERT", e.toString()));
+                        CMS.getLogMessage("CMSCORE_SECURITY_PRINT_CERT", e.toString()));
                 throw e;
             }
 
             String trust = "U";
             if (certs[i] instanceof InternalCertificate) {
-                InternalCertificate icert = (InternalCertificate)certs[i];
+                InternalCertificate icert = (InternalCertificate) certs[i];
                 int flag = icert.getSSLTrust();
-                if ((InternalCertificate.TRUSTED_CLIENT_CA & flag) ==
-                  InternalCertificate.TRUSTED_CLIENT_CA)
+                if ((InternalCertificate.TRUSTED_CLIENT_CA & flag) == InternalCertificate.TRUSTED_CLIENT_CA)
                     trust = "T";
-            } else 
+            } else
                 trust = "N/A";
             return trust;
         } catch (NotInitializedException e) {
@@ -1850,36 +1855,37 @@ CMS.debug("*** removing this interna cert");
             throw new EBaseException(CMS.getUserMessage("CMS_BASE_CRYPTOMANAGER_UNINITIALIZED"));
         } catch (TokenException e) {
             log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_PRINT_CERT", e.toString()));
-            throw new EBaseException(CMS.getUserMessage("CMS_BASE_TOKEN_NOT_FOUND", ""));        } catch (CertificateException e) {
+            throw new EBaseException(CMS.getUserMessage("CMS_BASE_TOKEN_NOT_FOUND", ""));
+        } catch (CertificateException e) {
             log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_PRINT_CERT", e.toString()));
             throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_ERROR", e.toString()));
         }
     }
 
     public String getCertPrettyPrint(String nickname, String serialno,
-      String issuerName, Locale locale) throws EBaseException {
+            String issuerName, Locale locale) throws EBaseException {
         int index = nickname.indexOf(":");
         String tokenname = nickname.substring(0, index);
         if (tokenname.equals(Constants.PR_INTERNAL_TOKEN_NAME)) {
-            nickname = nickname.substring(index+1);
+            nickname = nickname.substring(index + 1);
         }
         try {
             X509Certificate[] certs =
-                CryptoManager.getInstance().findCertsByNickname(nickname);
+                    CryptoManager.getInstance().findCertsByNickname(nickname);
 
             X509CertImpl impl = null;
             if (certs != null && certs.length > 0) {
                 for (int i = 0; i < certs.length; i++) {
                     impl = new X509CertImpl(certs[i].getEncoded());
                     if (impl.getIssuerDN().toString().equals(issuerName) &&
-                        impl.getSerialNumber().toString().equals(serialno))
+                            impl.getSerialNumber().toString().equals(serialno))
                         break;
                 }
             } else {
-                EBaseException e = 
-                  new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_NOT_FOUND"));
-                log(ILogger.LL_FAILURE, 
-                  CMS.getLogMessage("CMSCORE_SECURITY_PRINT_CERT", e.toString()));
+                EBaseException e =
+                        new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_NOT_FOUND"));
+                log(ILogger.LL_FAILURE,
+                        CMS.getLogMessage("CMSCORE_SECURITY_PRINT_CERT", e.toString()));
                 throw e;
             }
             CertPrettyPrint print = null;
@@ -1904,42 +1910,42 @@ CMS.debug("*** removing this interna cert");
     }
 
     public String getCertPrettyPrintAndFingerPrint(String nickname, String serialno,
-      String issuerName, Locale locale) throws EBaseException {
+            String issuerName, Locale locale) throws EBaseException {
         int index = nickname.indexOf(":");
         String tokenname = nickname.substring(0, index);
         if (tokenname.equals(Constants.PR_INTERNAL_TOKEN_NAME)) {
-            nickname = nickname.substring(index+1);
+            nickname = nickname.substring(index + 1);
         }
         try {
             X509Certificate[] certs =
-                CryptoManager.getInstance().findCertsByNickname(nickname);
+                    CryptoManager.getInstance().findCertsByNickname(nickname);
 
             X509CertImpl impl = null;
             if (certs != null && certs.length > 0) {
                 for (int i = 0; i < certs.length; i++) {
                     impl = new X509CertImpl(certs[i].getEncoded());
                     if (impl.getIssuerDN().toString().equals(issuerName) &&
-                        impl.getSerialNumber().toString().equals(serialno))
+                            impl.getSerialNumber().toString().equals(serialno))
                         break;
                 }
             } else {
-                EBaseException e = 
-                  new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_NOT_FOUND"));
-                log(ILogger.LL_FAILURE, 
-                  CMS.getLogMessage("CMSCORE_SECURITY_PRINT_CERT", e.toString()));
+                EBaseException e =
+                        new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_NOT_FOUND"));
+                log(ILogger.LL_FAILURE,
+                        CMS.getLogMessage("CMSCORE_SECURITY_PRINT_CERT", e.toString()));
                 throw e;
             }
             CertPrettyPrint print = null;
-			String fingerPrint = "";
+            String fingerPrint = "";
 
             if (impl != null) {
                 print = new CertPrettyPrint(impl);
-				fingerPrint = CMS.getFingerPrints(impl.getEncoded());
-			}
+                fingerPrint = CMS.getFingerPrints(impl.getEncoded());
+            }
 
             if ((print != null) && (fingerPrint != "")) {
-				String pp =  print.toString(locale) + "\n" +
-					"Certificate Fingerprints:"+ '\n' + fingerPrint;
+                String pp = print.toString(locale) + "\n" +
+                        "Certificate Fingerprints:" + '\n' + fingerPrint;
                 return pp;
             } else
                 return null;
@@ -1958,14 +1964,14 @@ CMS.debug("*** removing this interna cert");
         }
     }
 
-    public String getCertPrettyPrint(String nickname, String date, 
-        Locale locale) throws EBaseException {
+    public String getCertPrettyPrint(String nickname, String date,
+            Locale locale) throws EBaseException {
         try {
             X509Certificate[] certs =
-                CryptoManager.getInstance().findCertsByNickname(nickname);
+                    CryptoManager.getInstance().findCertsByNickname(nickname);
 
             if ((certs == null || certs.length == 0) &&
-                mNicknameMapCertsTable != null) {
+                    mNicknameMapCertsTable != null) {
                 certs = (X509Certificate[]) mNicknameMapCertsTable.get(nickname);
             }
             if (certs == null) {
@@ -2010,7 +2016,7 @@ CMS.debug("*** removing this interna cert");
     }
 
     public String getCertPrettyPrint(String b64E, Locale locale) throws EBaseException {
-        try { 
+        try {
             try {
                 byte[] b = KeyCertUtil.convertB64EToByteArray(b64E);
                 X509CertImpl impl = new X509CertImpl(b);
@@ -2026,7 +2032,7 @@ CMS.debug("*** removing this interna cert");
                 byte data[] = com.netscape.osutil.OSUtil.AtoB(normalized);
 
                 ContentInfo ci = (ContentInfo)
-                    ASN1Util.decode(ContentInfo.getTemplate(), data);
+                        ASN1Util.decode(ContentInfo.getTemplate(), data);
 
                 if (!ci.getContentType().equals(ContentInfo.SIGNED_DATA)) {
                     throw new CertificateException(
@@ -2053,7 +2059,7 @@ CMS.debug("*** removing this interna cert");
             }
         } catch (InvalidBERException e) {
             log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_PRINT_CERT", e.toString()));
-            throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_ERROR", 
+            throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_ERROR",
                         "Failed to decode"));
         } catch (CertificateException e) {
             log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_PRINT_CERT", e.toString()));
@@ -2064,8 +2070,8 @@ CMS.debug("*** removing this interna cert");
         }
     }
 
-    public X509CertImpl getSignedCert(KeyCertData data, String certType, java.security.PrivateKey priKey) 
-        throws EBaseException {
+    public X509CertImpl getSignedCert(KeyCertData data, String certType, java.security.PrivateKey priKey)
+            throws EBaseException {
         CertificateInfo cert = null;
 
         if (certType.equals(Constants.PR_CA_SIGNING_CERT)) {
@@ -2087,8 +2093,8 @@ CMS.debug("*** removing this interna cert");
 
         try {
             certInfo = cert.getCertInfo();
-            SignatureAlgorithm sigAlg = 
-                (SignatureAlgorithm) data.get(Constants.PR_SIGNATURE_ALGORITHM);
+            SignatureAlgorithm sigAlg =
+                    (SignatureAlgorithm) data.get(Constants.PR_SIGNATURE_ALGORITHM);
 
             signedCert = KeyCertUtil.signCert(priKey, certInfo, sigAlg);
         } catch (NoSuchTokenException e) {
@@ -2115,15 +2121,15 @@ CMS.debug("*** removing this interna cert");
             if (certinfo == null)
                 return false;
             else {
-                CertificateExtensions exts = 
-                    (CertificateExtensions) certinfo.get(X509CertInfo.EXTENSIONS);
+                CertificateExtensions exts =
+                        (CertificateExtensions) certinfo.get(X509CertInfo.EXTENSIONS);
 
                 if (exts == null)
                     return false;
                 else {
                     try {
                         BasicConstraintsExtension ext = (BasicConstraintsExtension)
-                            exts.get(BasicConstraintsExtension.class.getSimpleName());
+                                exts.get(BasicConstraintsExtension.class.getSimpleName());
 
                         if (ext == null)
                             return false;
@@ -2155,8 +2161,8 @@ CMS.debug("*** removing this interna cert");
         }
     }
 
-    public CertificateExtensions getExtensions(String tokenname, String nickname) 
-        throws EBaseException {
+    public CertificateExtensions getExtensions(String tokenname, String nickname)
+            throws EBaseException {
         try {
             return KeyCertUtil.getExtensions(tokenname, nickname);
         } catch (NotInitializedException e) {
@@ -2182,7 +2188,8 @@ CMS.debug("*** removing this interna cert");
     }
 
     public void checkKeyLength(String keyType, int keyLength, String certType, int minRSAKeyLen) throws EBaseException {
-        //	KeyCertUtil.checkKeyLength(keyType, keyLength, certType, minRSAKeyLen);
+        // KeyCertUtil.checkKeyLength(keyType, keyLength, certType,
+        // minRSAKeyLen);
     }
 
     public PQGParams getPQG(int keysize) {
@@ -2190,25 +2197,24 @@ CMS.debug("*** removing this interna cert");
     }
 
     public PQGParams getCAPQG(int keysize, IConfigStore store)
-        throws EBaseException {
+            throws EBaseException {
         return KeyCertUtil.getCAPQG(keysize, store);
     }
 
     public CertificateExtensions getCertExtensions(String tokenname, String nickname)
-        throws NotInitializedException, TokenException, ObjectNotFoundException,
+            throws NotInitializedException, TokenException, ObjectNotFoundException,
 
             IOException, CertificateException {
         return KeyCertUtil.getExtensions(tokenname, nickname);
     }
 }
 
-class JSSDatabaseCloser extends org.mozilla.jss.DatabaseCloser
-{
+class JSSDatabaseCloser extends org.mozilla.jss.DatabaseCloser {
     public JSSDatabaseCloser() throws Exception {
-      super();
+        super();
     }
 
     public void closeDatabases() {
-      super.closeDatabases();
+        super.closeDatabases();
     }
 }
diff --git a/pki/base/common/src/com/netscape/cmscore/security/KRATransportCert.java b/pki/base/common/src/com/netscape/cmscore/security/KRATransportCert.java
index 35b7cdf2..b1294902 100644
--- a/pki/base/common/src/com/netscape/cmscore/security/KRATransportCert.java
+++ b/pki/base/common/src/com/netscape/cmscore/security/KRATransportCert.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cmscore.security;
 
-
 import java.io.IOException;
 import java.security.KeyPair;
 
@@ -29,16 +28,15 @@ import com.netscape.certsrv.common.ConfigConstants;
 import com.netscape.certsrv.common.Constants;
 import com.netscape.certsrv.security.KeyCertData;
 
-
 /**
- * KRA transport certificate 
+ * KRA transport certificate
  * 
  * @author Christine Ho
  * @version $Revision$, $Date$
  */
 public class KRATransportCert extends CertificateInfo {
-    public static final String SUBJECT_NAME = 
-        "CN=Data Recovery Manager, O=Netscape Communications, C=US";
+    public static final String SUBJECT_NAME =
+            "CN=Data Recovery Manager, O=Netscape Communications, C=US";
     private String mTokenname = Constants.PR_INTERNAL_TOKEN_NAME;
 
     public KRATransportCert(KeyCertData properties) {
@@ -49,8 +47,8 @@ public class KRATransportCert extends CertificateInfo {
         super(properties, pair);
         String tmp = (String) mProperties.get(Constants.PR_TOKEN_NAME);
 
-        if ((tmp != null) && 
-            (!tmp.equals(Constants.PR_INTERNAL_TOKEN)))   
+        if ((tmp != null) &&
+                (!tmp.equals(Constants.PR_INTERNAL_TOKEN)))
             mTokenname = tmp;
         mProperties.put(Constants.PR_AKI, Constants.TRUE);
     }
@@ -72,8 +70,8 @@ public class KRATransportCert extends CertificateInfo {
 
     public String getNickname() {
         String name = (String) mProperties.get(Constants.PR_NICKNAME);
-        String instanceName = 
-            (String) mProperties.get(ConfigConstants.PR_CERT_INSTANCE_NAME);
+        String instanceName =
+                (String) mProperties.get(ConfigConstants.PR_CERT_INSTANCE_NAME);
 
         if (name != null)
             return name;
@@ -81,19 +79,14 @@ public class KRATransportCert extends CertificateInfo {
     }
 
     /*
-     public SignatureAlgorithm getSigningAlgorithm() {
-     SignatureAlgorithm sAlg =
-     (SignatureAlgorithm)mProperties.get(Constants.PR_SIGNATURE_ALGORITHM);
-     if (sAlg != null) {
-     return sAlg;
-     }
-     String alg = (String)mProperties.get(Constants.PR_KEY_TYPE);
-     
-     if (alg.equals("RSA"))
-     return SignatureAlgorithm.RSASignatureWithMD5Digest;
-     else
-     return SignatureAlgorithm.DSASignatureWithSHA1Digest;
-     }
+     * public SignatureAlgorithm getSigningAlgorithm() { SignatureAlgorithm sAlg
+     * = (SignatureAlgorithm)mProperties.get(Constants.PR_SIGNATURE_ALGORITHM);
+     * if (sAlg != null) { return sAlg; } String alg =
+     * (String)mProperties.get(Constants.PR_KEY_TYPE);
+     * 
+     * if (alg.equals("RSA")) return
+     * SignatureAlgorithm.RSASignatureWithMD5Digest; else return
+     * SignatureAlgorithm.DSASignatureWithSHA1Digest; }
      */
 
     public String getKeyAlgorithm() {
@@ -107,4 +100,3 @@ public class KRATransportCert extends CertificateInfo {
         return extension;
     }
 }
-
diff --git a/pki/base/common/src/com/netscape/cmscore/security/KeyCertUtil.java b/pki/base/common/src/com/netscape/cmscore/security/KeyCertUtil.java
index c020fe8b..3b49d233 100644
--- a/pki/base/common/src/com/netscape/cmscore/security/KeyCertUtil.java
+++ b/pki/base/common/src/com/netscape/cmscore/security/KeyCertUtil.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cmscore.security;
 
-
 import java.io.ByteArrayInputStream;
 import java.io.ByteArrayOutputStream;
 import java.io.FilterOutputStream;
@@ -116,7 +115,6 @@ import com.netscape.cmscore.dbs.DateMapper;
 import com.netscape.cmscore.dbs.X509CertImplMapper;
 import com.netscape.cmsutil.crypto.CryptoUtil;
 
-
 /**
  * This class provides all the base methods to generate the key for different
  * kinds of certificates.
@@ -155,11 +153,11 @@ public class KeyCertUtil {
         }
     }
 
-    public static String getTokenNames(CryptoManager manager) 
-        throws TokenException {
+    public static String getTokenNames(CryptoManager manager)
+            throws TokenException {
         String tokenList = "";
         @SuppressWarnings("unchecked")
-		Enumeration<CryptoToken> tokens = manager.getExternalTokens();
+        Enumeration<CryptoToken> tokens = manager.getExternalTokens();
         int num = 0;
 
         while (tokens.hasMoreElements()) {
@@ -183,9 +181,9 @@ public class KeyCertUtil {
         ByteArrayOutputStream output = new ByteArrayOutputStream();
         Base64OutputStream b64 = new Base64OutputStream(new
                 PrintStream(new
-                    FilterOutputStream(output)
+                        FilterOutputStream(output)
                 )
-            );
+                );
 
         b64.write(bytes);
         b64.flush();
@@ -196,7 +194,7 @@ public class KeyCertUtil {
     }
 
     public static byte[] makeDSSParms(BigInteger P, BigInteger Q, BigInteger G)
-        throws IOException {
+            throws IOException {
 
         // Write P, Q, G to a DER stream
         DerOutputStream contents = new DerOutputStream();
@@ -213,25 +211,25 @@ public class KeyCertUtil {
         return sequence.toByteArray();
     }
 
-    public static PrivateKey getPrivateKey(String tokenname, String nickname) 
-        throws TokenException, EBaseException,
+    public static PrivateKey getPrivateKey(String tokenname, String nickname)
+            throws TokenException, EBaseException,
             NoSuchTokenException, NotInitializedException, CertificateException,
             CertificateEncodingException, EBaseException, ObjectNotFoundException {
 
         /*
-         String caNickname = store.getString("ca.signing.tokenname");
-         String tokenName = store.getString("ca.signing.cacertnickname");
+         * String caNickname = store.getString("ca.signing.tokenname"); String
+         * tokenName = store.getString("ca.signing.cacertnickname");
          */
         X509Certificate cert = getCertificate(tokenname, nickname);
-            
+
         return CryptoManager.getInstance().findPrivKeyByCert(cert);
     }
 
-    public static String getCertSubjectName(String tokenname, String nickname) 
-        throws TokenException, EBaseException, NoSuchTokenException,
+    public static String getCertSubjectName(String tokenname, String nickname)
+            throws TokenException, EBaseException, NoSuchTokenException,
             NotInitializedException, CertificateException,
             CertificateEncodingException, EBaseException {
- 
+
         X509Certificate cert = getCertificate(tokenname, nickname);
         X509CertImpl impl = new X509CertImpl(cert.getEncoded());
 
@@ -239,16 +237,16 @@ public class KeyCertUtil {
     }
 
     public static X509CertImpl signCert(PrivateKey privateKey, X509CertInfo certInfo,
-        SignatureAlgorithm sigAlg) 
-        throws NoSuchTokenException, EBaseException, NotInitializedException {
+            SignatureAlgorithm sigAlg)
+            throws NoSuchTokenException, EBaseException, NotInitializedException {
         try {
             CertificateAlgorithmId sId = (CertificateAlgorithmId)
-                certInfo.get(X509CertInfo.ALGORITHM_ID);
+                    certInfo.get(X509CertInfo.ALGORITHM_ID);
             AlgorithmId sigAlgId =
-                (AlgorithmId) sId.get(CertificateAlgorithmId.ALGORITHM);
+                    (AlgorithmId) sId.get(CertificateAlgorithmId.ALGORITHM);
 
-            org.mozilla.jss.crypto.PrivateKey priKey = 
-                (org.mozilla.jss.crypto.PrivateKey) privateKey;
+            org.mozilla.jss.crypto.PrivateKey priKey =
+                    (org.mozilla.jss.crypto.PrivateKey) privateKey;
             CryptoToken token = priKey.getOwningToken();
 
             DerOutputStream tmp = new DerOutputStream();
@@ -283,7 +281,7 @@ public class KeyCertUtil {
         } catch (CertificateException e) {
             throw new EBaseException(CMS.getUserMessage("CMS_BASE_CERT_ERROR", e.toString()));
         }
-    } 
+    }
 
     public static SignatureAlgorithm getSigningAlgorithm(String keyType) {
         SignatureAlgorithm sAlg = null;
@@ -318,9 +316,9 @@ public class KeyCertUtil {
     }
 
     public static AlgorithmId getAlgorithmId(String algname, IConfigStore store)
-        throws EBaseException {
+            throws EBaseException {
         try {
-            
+
             if (algname.equals("DSA")) {
                 byte[] p = store.getByteArray("ca.dsaP", null);
                 byte[] q = store.getByteArray("ca.dsaQ", null);
@@ -341,10 +339,10 @@ public class KeyCertUtil {
     }
 
     public static X509Certificate getCertificate(String tokenname,
-        String nickname) throws NotInitializedException, NoSuchTokenException,
+            String nickname) throws NotInitializedException, NoSuchTokenException,
             EBaseException, TokenException {
         CryptoManager manager = CryptoManager.getInstance();
-        CryptoToken token = null; 
+        CryptoToken token = null;
 
         if (tokenname.equals(Constants.PR_INTERNAL_TOKEN_NAME)) {
             token = manager.getInternalKeyStorageToken();
@@ -365,12 +363,12 @@ public class KeyCertUtil {
         }
     }
 
-    public static KeyPair getKeyPair(String tokenname, String nickname) 
-        throws NotInitializedException, NoSuchTokenException, TokenException,
+    public static KeyPair getKeyPair(String tokenname, String nickname)
+            throws NotInitializedException, NoSuchTokenException, TokenException,
             ObjectNotFoundException, EBaseException {
         X509Certificate cert = getCertificate(tokenname, nickname);
         PrivateKey priKey =
-            CryptoManager.getInstance().findPrivKeyByCert(cert);
+                CryptoManager.getInstance().findPrivKeyByCert(cert);
         PublicKey publicKey = cert.getPublicKey();
 
         return new KeyPair(publicKey, priKey);
@@ -384,8 +382,8 @@ public class KeyCertUtil {
         }
     }
 
-    public static PQGParams getCAPQG(int keysize, IConfigStore store) 
-        throws EBaseException {
+    public static PQGParams getCAPQG(int keysize, IConfigStore store)
+            throws EBaseException {
         if (store != null) {
             try {
                 int pqgKeySize = store.getInteger("ca.dsaPQG.keyLength", 0);
@@ -422,9 +420,9 @@ public class KeyCertUtil {
                 store.putInteger("ca.dsaCounter", pqg.getCounter());
                 store.putString("ca.dsaH", KeyCertUtil.base64Encode(
                         pqg.getH().toByteArray()));
-                store.putString("ca.DSSParms", 
-                    KeyCertUtil.base64Encode(
-                        KeyCertUtil.makeDSSParms(pqg.getP(), pqg.getQ(), pqg.getG())));
+                store.putString("ca.DSSParms",
+                        KeyCertUtil.base64Encode(
+                                KeyCertUtil.makeDSSParms(pqg.getP(), pqg.getQ(), pqg.getG())));
                 store.commit(false);
                 return pqg;
             } catch (IOException ee) {
@@ -439,12 +437,12 @@ public class KeyCertUtil {
     }
 
     public static KeyPair generateKeyPair(CryptoToken token,
-        KeyPairAlgorithm kpAlg, int keySize, PQGParams pqg) 
-        throws NoSuchAlgorithmException, TokenException, InvalidAlgorithmParameterException,
+            KeyPairAlgorithm kpAlg, int keySize, PQGParams pqg)
+            throws NoSuchAlgorithmException, TokenException, InvalidAlgorithmParameterException,
             InvalidParameterException, PQGParamGenException {
 
         KeyPairGenerator kpGen = token.getKeyPairGenerator(kpAlg);
- 
+
         if (kpAlg == KeyPairAlgorithm.DSA) {
             if (pqg == null) {
                 kpGen.initialize(keySize);
@@ -464,18 +462,16 @@ public class KeyCertUtil {
             do {
                 // 602548 NSS bug - to overcome it, we use isBadDSAKeyPair
                 kp = kpGen.genKeyPair();
-            }
-            while (isBadDSAKeyPair(kp)); 
+            } while (isBadDSAKeyPair(kp));
             return kp;
         }
     }
 
     /**
-     * Test for a DSA key pair that will trigger a bug in NSS.
-     * The problem occurs when the first byte of the key is 0. This
-     * happens when the value otherwise would have been negative, and a
-     * zero byte is prepended to force it to be positive.
-     * This is blackflag bug 602548.
+     * Test for a DSA key pair that will trigger a bug in NSS. The problem
+     * occurs when the first byte of the key is 0. This happens when the value
+     * otherwise would have been negative, and a zero byte is prepended to force
+     * it to be positive. This is blackflag bug 602548.
      */
     public static boolean isBadDSAKeyPair(KeyPair pair) {
         try {
@@ -490,7 +486,7 @@ public class KeyCertUtil {
             byte[] bits = bs.getBits();
             ByteArrayInputStream bitstream = new ByteArrayInputStream(bs.getBits());
             ASN1Header wrapper = new ASN1Header(bitstream);
-            byte[] valBytes = new byte[ (int) wrapper.getContentLength() ];
+            byte[] valBytes = new byte[(int) wrapper.getContentLength()];
 
             ASN1Util.readFully(valBytes, bitstream);
 
@@ -504,7 +500,7 @@ public class KeyCertUtil {
     }
 
     public static KeyPair generateKeyPair(String tokenName, String alg,
-        int keySize, PQGParams pqg) throws EBaseException {
+            int keySize, PQGParams pqg) throws EBaseException {
 
         CryptoToken token = null;
 
@@ -549,8 +545,8 @@ public class KeyCertUtil {
         }
     }
 
-    public static PKCS10 getCertRequest(String subjectName, KeyPair keyPair) 
-        throws NoSuchAlgorithmException, NoSuchProviderException, 
+    public static PKCS10 getCertRequest(String subjectName, KeyPair keyPair)
+            throws NoSuchAlgorithmException, NoSuchProviderException,
             InvalidKeyException, IOException, CertificateException,
             SignatureException {
         PublicKey pubk = keyPair.getPublic();
@@ -565,7 +561,7 @@ public class KeyCertUtil {
             alg = "DSA";
         }
         java.security.Signature sig =
-            java.security.Signature.getInstance(alg, "Mozilla-JSS");
+                java.security.Signature.getInstance(alg, "Mozilla-JSS");
 
         sig.initSign(keyPair.getPrivate());
 
@@ -580,9 +576,9 @@ public class KeyCertUtil {
     }
 
     public static PKCS10 getCertRequest(String subjectName, KeyPair
-        keyPair, Extensions
-        exts) 
-        throws NoSuchAlgorithmException, NoSuchProviderException, 
+            keyPair, Extensions
+            exts)
+            throws NoSuchAlgorithmException, NoSuchProviderException,
             InvalidKeyException, IOException, CertificateException,
             SignatureException {
         PublicKey pubk = keyPair.getPublic();
@@ -597,7 +593,7 @@ public class KeyCertUtil {
             alg = "DSA";
         }
         java.security.Signature sig =
-            java.security.Signature.getInstance(alg, "Mozilla-JSS");
+                java.security.Signature.getInstance(alg, "Mozilla-JSS");
 
         sig.initSign(keyPair.getPrivate());
 
@@ -605,8 +601,8 @@ public class KeyCertUtil {
 
         if (exts != null) {
             PKCS10Attribute attr = new
-                PKCS10Attribute(PKCS9Attribute.EXTENSION_REQUEST_OID,
-                    (CertAttrSet) exts);
+                    PKCS10Attribute(PKCS9Attribute.EXTENSION_REQUEST_OID,
+                            (CertAttrSet) exts);
             PKCS10Attributes attrs = new PKCS10Attributes();
 
             attrs.setAttribute(attr.getAttributeValue().getName(), attr);
@@ -624,8 +620,8 @@ public class KeyCertUtil {
         return pkcs10;
     }
 
-    public static X509Key convertPublicKeyToX509Key(PublicKey pubk) 
-        throws InvalidKeyException {
+    public static X509Key convertPublicKeyToX509Key(PublicKey pubk)
+            throws InvalidKeyException {
 
         X509Key xKey;
 
@@ -654,23 +650,23 @@ public class KeyCertUtil {
     }
 
     public static X509Certificate
-    importCert(X509CertImpl signedCert, String nickname,
-        String certType) throws NotInitializedException, TokenException,
-            CertificateEncodingException, UserCertConflictException,
-            NicknameConflictException, NoSuchItemOnTokenException, CertificateException {
-      
+            importCert(X509CertImpl signedCert, String nickname,
+                    String certType) throws NotInitializedException, TokenException,
+                    CertificateEncodingException, UserCertConflictException,
+                    NicknameConflictException, NoSuchItemOnTokenException, CertificateException {
+
         return importCert(signedCert.getEncoded(), nickname, certType);
     }
 
     public static X509Certificate
-    importCert(String b64E, String nickname, String certType)
-        throws NotInitializedException, TokenException,
-            CertificateEncodingException, UserCertConflictException,
-            NicknameConflictException, NoSuchItemOnTokenException, CertificateException {
- 
+            importCert(String b64E, String nickname, String certType)
+                    throws NotInitializedException, TokenException,
+                    CertificateEncodingException, UserCertConflictException,
+                    NicknameConflictException, NoSuchItemOnTokenException, CertificateException {
+
         byte b[] = b64E.getBytes();
         X509Certificate cert = getInternalCertificate(b, nickname, certType);
- 
+
         if (cert instanceof InternalCertificate) {
             setTrust(certType, (InternalCertificate) cert);
         }
@@ -678,10 +674,10 @@ public class KeyCertUtil {
     }
 
     public static X509Certificate
-    importCert(byte[] b, String nickname, String certType) 
-        throws NotInitializedException, TokenException, 
-            CertificateEncodingException, UserCertConflictException, 
-            NicknameConflictException, NoSuchItemOnTokenException, CertificateException {
+            importCert(byte[] b, String nickname, String certType)
+                    throws NotInitializedException, TokenException,
+                    CertificateEncodingException, UserCertConflictException,
+                    NicknameConflictException, NoSuchItemOnTokenException, CertificateException {
 
         X509Certificate cert = getInternalCertificate(b, nickname, certType);
 
@@ -691,8 +687,8 @@ public class KeyCertUtil {
         return cert;
     }
 
-    public static X509Certificate getInternalCertificate(byte[] b, String nickname, String certType) 
-        throws NotInitializedException, TokenException, CertificateEncodingException,
+    public static X509Certificate getInternalCertificate(byte[] b, String nickname, String certType)
+            throws NotInitializedException, TokenException, CertificateEncodingException,
             UserCertConflictException, NicknameConflictException, NoSuchItemOnTokenException,
             CertificateException {
         X509Certificate cert = null;
@@ -701,12 +697,12 @@ public class KeyCertUtil {
             cert = CryptoManager.getInstance().importUserCACertPackage(b,
                         nickname);
         } else if (certType.equals(Constants.PR_RA_SIGNING_CERT) ||
-            certType.equals(Constants.PR_KRA_TRANSPORT_CERT) ||
-            certType.equals(Constants.PR_OCSP_SIGNING_CERT) ||
-            certType.equals(Constants.PR_SERVER_CERT) ||
-            certType.equals(Constants.PR_SERVER_CERT_RADM) ||
-            certType.equals(Constants.PR_OTHER_CERT) ||
-            certType.equals(Constants.PR_SUBSYSTEM_CERT)) {
+                certType.equals(Constants.PR_KRA_TRANSPORT_CERT) ||
+                certType.equals(Constants.PR_OCSP_SIGNING_CERT) ||
+                certType.equals(Constants.PR_SERVER_CERT) ||
+                certType.equals(Constants.PR_SERVER_CERT_RADM) ||
+                certType.equals(Constants.PR_OTHER_CERT) ||
+                certType.equals(Constants.PR_SUBSYSTEM_CERT)) {
             cert = CryptoManager.getInstance().importCertPackage(b,
                         nickname);
         } else if (certType.equals(Constants.PR_SERVER_CERT_CHAIN)) {
@@ -719,15 +715,15 @@ public class KeyCertUtil {
                 cert = certchain[certchain.length - 1];
             }
         }
-        return cert;   
+        return cert;
     }
 
     public static void setTrust(String certType, InternalCertificate inCert) {
         if (certType.equals(Constants.PR_CA_SIGNING_CERT)) {
             int flag = InternalCertificate.VALID_CA |
-                InternalCertificate.TRUSTED_CA |
-                InternalCertificate.USER |
-                InternalCertificate.TRUSTED_CLIENT_CA;
+                    InternalCertificate.TRUSTED_CA |
+                    InternalCertificate.USER |
+                    InternalCertificate.TRUSTED_CLIENT_CA;
 
             inCert.setSSLTrust(flag);
             inCert.setObjectSigningTrust(flag);
@@ -737,72 +733,61 @@ public class KeyCertUtil {
 
             inCert.setSSLTrust(flag);
             inCert.setObjectSigningTrust(flag);
-            inCert.setEmailTrust(flag); 
+            inCert.setEmailTrust(flag);
         } else if (certType.equals(Constants.PR_OCSP_SIGNING_CERT)) {
             int flag = InternalCertificate.USER | InternalCertificate.VALID_CA;
 
             inCert.setSSLTrust(flag);
             inCert.setObjectSigningTrust(flag);
-            inCert.setEmailTrust(flag); 
+            inCert.setEmailTrust(flag);
         } else if (certType.equals(Constants.PR_SERVER_CERT) ||
-          certType.equals(Constants.PR_SUBSYSTEM_CERT)) {
+                certType.equals(Constants.PR_SUBSYSTEM_CERT)) {
             int flag = InternalCertificate.USER | InternalCertificate.VALID_CA;
 
             inCert.setSSLTrust(flag);
             inCert.setObjectSigningTrust(flag);
-            inCert.setEmailTrust(flag); 
+            inCert.setEmailTrust(flag);
         } else if (certType.equals(Constants.PR_TRUSTED_CA_CERT)) {
             inCert.setSSLTrust(InternalCertificate.TRUSTED_CA | InternalCertificate.TRUSTED_CLIENT_CA |
-                InternalCertificate.VALID_CA);
-            //inCert.setEmailTrust(InternalCertificate.TRUSTED_CA);
+                    InternalCertificate.VALID_CA);
+            // inCert.setEmailTrust(InternalCertificate.TRUSTED_CA);
 
-            // cannot set this bit. If set, then the cert will not appear when you called getCACerts().
-            //inCert.setObjectSigningTrust(InternalCertificate.TRUSTED_CA);
+            // cannot set this bit. If set, then the cert will not appear when
+            // you called getCACerts().
+            // inCert.setObjectSigningTrust(InternalCertificate.TRUSTED_CA);
         }
     }
 
     public static byte[] convertB64EToByteArray(String b64E)
-        throws CertificateException, IOException {
+            throws CertificateException, IOException {
         String str = CertUtils.stripCertBrackets(b64E);
         byte bCert[] = (byte[]) (com.netscape.osutil.OSUtil.AtoB(str));
 
         /*
-         java.security.cert.X509Certificate cert = 
-         java.security.cert.X509Certificate.getInstance(bCert);
-         return cert;
+         * java.security.cert.X509Certificate cert =
+         * java.security.cert.X509Certificate.getInstance(bCert); return cert;
          */
         return bCert;
     }
 
     /**
-     * ASN.1 structure:
-     *  0 30  142: SEQUENCE {
-     *  3 30   69:   SEQUENCE {
-     *  5 06    3:     OBJECT IDENTIFIER issuerAltName (2 5 29 18)
-     * 10 04   62:     OCTET STRING
-     *           :       30 3C 82 01 61 82 01 61 A4 10 30 0E 31 0C 30 0A
-     *           :       06 03 55 04 03 13 03 64 73 61 87 04 01 01 01 01
-     *           :       86 01 61 81 14 74 68 6F 6D 61 73 6B 40 6E 65 74
-     *           :       73 63 61 70 65 2E 63 6F 6D 88 03 29 01 01
-     *           :     }
-     * 74 30   69:   SEQUENCE {
-     * 76 06    3:     OBJECT IDENTIFIER subjectAltName (2 5 29 17)
-     * 81 04   62:     OCTET STRING
-     *           :       30 3C 82 01 61 82 01 61 A4 10 30 0E 31 0C 30 0A
-     *           :       06 03 55 04 03 13 03 64 73 61 87 04 01 01 01 01
-     *           :       86 01 61 81 14 74 68 6F 6D 61 73 6B 40 6E 65 74
-     *           :       73 63 61 70 65 2E 63 6F 6D 88 03 29 01 01
-     *           :     }
-     *           :   }
-     * Uses the following to test with configuration wizard:
+     * ASN.1 structure: 0 30 142: SEQUENCE { 3 30 69: SEQUENCE { 5 06 3: OBJECT
+     * IDENTIFIER issuerAltName (2 5 29 18) 10 04 62: OCTET STRING : 30 3C 82 01
+     * 61 82 01 61 A4 10 30 0E 31 0C 30 0A : 06 03 55 04 03 13 03 64 73 61 87 04
+     * 01 01 01 01 : 86 01 61 81 14 74 68 6F 6D 61 73 6B 40 6E 65 74 : 73 63 61
+     * 70 65 2E 63 6F 6D 88 03 29 01 01 : } 74 30 69: SEQUENCE { 76 06 3: OBJECT
+     * IDENTIFIER subjectAltName (2 5 29 17) 81 04 62: OCTET STRING : 30 3C 82
+     * 01 61 82 01 61 A4 10 30 0E 31 0C 30 0A : 06 03 55 04 03 13 03 64 73 61 87
+     * 04 01 01 01 01 : 86 01 61 81 14 74 68 6F 6D 61 73 6B 40 6E 65 74 : 73 63
+     * 61 70 65 2E 63 6F 6D 88 03 29 01 01 : } : } Uses the following to test
+     * with configuration wizard:
      * MIGOMEUGA1UdEQQ+MDyCAWGCAWGkEDAOMQwwCgYDVQQDEwNkc2GHBAEBAQGGAWGB
      * FHRob21hc2tAbmV0c2NhcGUuY29tiAMpAQEwRQYDVR0SBD4wPIIBYYIBYaQQMA4x
-     * DDAKBgNVBAMTA2RzYYcEAQEBAYYBYYEUdGhvbWFza0BuZXRzY2FwZS5jb22IAykB
-     * AQ== 
+     * DDAKBgNVBAMTA2RzYYcEAQEBAYYBYYEUdGhvbWFza0BuZXRzY2FwZS5jb22IAykB AQ==
      */
     public static void setDERExtension(
-        CertificateExtensions ext, KeyCertData properties) 
-        throws IOException {
+            CertificateExtensions ext, KeyCertData properties)
+            throws IOException {
 
         String b64E = properties.getDerExtension();
 
@@ -827,8 +812,8 @@ public class KeyCertUtil {
     }
 
     public static void setBasicConstraintsExtension(
-        CertificateExtensions ext, KeyCertData properties) 
-        throws IOException {
+            CertificateExtensions ext, KeyCertData properties)
+            throws IOException {
         String isCA = properties.isCA();
         String certLen = properties.getCertLen();
 
@@ -844,12 +829,12 @@ public class KeyCertUtil {
         else
             len = Integer.parseInt(certLen);
 
-        if ((isCA == null) || (isCA.equals("")) || 
-            (isCA.equals(Constants.FALSE)))
+        if ((isCA == null) || (isCA.equals("")) ||
+                (isCA.equals(Constants.FALSE)))
             bool = false;
         else
             bool = true;
-            
+
         BasicConstraintsExtension basic = new BasicConstraintsExtension(
                 bool, len);
 
@@ -857,17 +842,17 @@ public class KeyCertUtil {
     }
 
     public static void setExtendedKeyUsageExtension(
-        CertificateExtensions ext, KeyCertData properties) throws IOException,
+            CertificateExtensions ext, KeyCertData properties) throws IOException,
             CertificateException {
         ExtendedKeyUsageExtension ns = new ExtendedKeyUsageExtension();
         boolean anyExt = false;
-        
+
         String sslClient = properties.getSSLClientBit();
-        
+
         if ((sslClient != null) && (sslClient.equals(Constants.TRUE))) {
             ns.addOID(new ObjectIdentifier("1.3.6.1.5.5.7.3.2"));
             anyExt = true;
-        }   
+        }
 
         String sslServer = properties.getSSLServerBit();
 
@@ -908,7 +893,7 @@ public class KeyCertUtil {
     }
 
     public static void setNetscapeCertificateExtension(
-        CertificateExtensions ext, KeyCertData properties) throws IOException,
+            CertificateExtensions ext, KeyCertData properties) throws IOException,
             CertificateException {
 
         NSCertTypeExtension ns = new NSCertTypeExtension();
@@ -966,37 +951,37 @@ public class KeyCertUtil {
             ext.set(NSCertTypeExtension.class.getSimpleName(), ns);
     }
 
-    public static void setOCSPNoCheck(KeyPair keypair, 
-        CertificateExtensions ext, KeyCertData properties) throws IOException,
+    public static void setOCSPNoCheck(KeyPair keypair,
+            CertificateExtensions ext, KeyCertData properties) throws IOException,
             NoSuchAlgorithmException, InvalidKeyException {
         String noCheck = properties.getOCSPNoCheck();
 
         if ((noCheck != null) && (noCheck.equals(Constants.TRUE))) {
-            OCSPNoCheckExtension noCheckExt = 
-                new OCSPNoCheckExtension();
+            OCSPNoCheckExtension noCheckExt =
+                    new OCSPNoCheckExtension();
 
             ext.set(OCSPNoCheckExtension.class.getSimpleName(), noCheckExt);
         }
     }
 
-    public static void setOCSPSigning(KeyPair keypair, 
-        CertificateExtensions ext, KeyCertData properties) throws IOException,
+    public static void setOCSPSigning(KeyPair keypair,
+            CertificateExtensions ext, KeyCertData properties) throws IOException,
             NoSuchAlgorithmException, InvalidKeyException {
         String signing = properties.getOCSPSigning();
 
-        if ((signing != null) && (signing.equals(Constants.TRUE))) { 
-            Vector<ObjectIdentifier> oidSet = new Vector<ObjectIdentifier>(); 
+        if ((signing != null) && (signing.equals(Constants.TRUE))) {
+            Vector<ObjectIdentifier> oidSet = new Vector<ObjectIdentifier>();
             oidSet.addElement(
-              ObjectIdentifier.getObjectIdentifier(
-                ExtendedKeyUsageExtension.OID_OCSPSigning));
-            ExtendedKeyUsageExtension ocspExt = 
-                new ExtendedKeyUsageExtension(false, oidSet);
+                    ObjectIdentifier.getObjectIdentifier(
+                            ExtendedKeyUsageExtension.OID_OCSPSigning));
+            ExtendedKeyUsageExtension ocspExt =
+                    new ExtendedKeyUsageExtension(false, oidSet);
             ext.set(ExtendedKeyUsageExtension.class.getSimpleName(), ocspExt);
         }
     }
 
-    public static void setAuthInfoAccess(KeyPair keypair, 
-        CertificateExtensions ext, KeyCertData properties) throws IOException,
+    public static void setAuthInfoAccess(KeyPair keypair,
+            CertificateExtensions ext, KeyCertData properties) throws IOException,
             NoSuchAlgorithmException, InvalidKeyException {
         String aia = properties.getAIA();
 
@@ -1005,7 +990,7 @@ public class KeyCertUtil {
             String port = CMS.getEENonSSLPort();
             AuthInfoAccessExtension aiaExt = new AuthInfoAccessExtension(false);
             if (hostname != null && port != null) {
-                String location = "http://"+hostname+":"+port+"/ca/ocsp";
+                String location = "http://" + hostname + ":" + port + "/ca/ocsp";
                 GeneralName ocspName = new GeneralName(new URIName(location));
                 aiaExt.addAccessDescription(AuthInfoAccessExtension.METHOD_OCSP, ocspName);
             }
@@ -1014,53 +999,53 @@ public class KeyCertUtil {
         }
     }
 
-    public static void setAuthorityKeyIdentifier(KeyPair keypair, 
-        CertificateExtensions ext, KeyCertData properties) throws IOException,
+    public static void setAuthorityKeyIdentifier(KeyPair keypair,
+            CertificateExtensions ext, KeyCertData properties) throws IOException,
             NoSuchAlgorithmException, InvalidKeyException {
         String aki = properties.getAKI();
 
         if ((aki != null) && (aki.equals(Constants.TRUE))) {
             KeyIdentifier id = createKeyIdentifier(keypair);
-            AuthorityKeyIdentifierExtension akiExt = 
-                new AuthorityKeyIdentifierExtension(id, null, null);
+            AuthorityKeyIdentifierExtension akiExt =
+                    new AuthorityKeyIdentifierExtension(id, null, null);
 
             ext.set(AuthorityKeyIdentifierExtension.class.getSimpleName(), akiExt);
         }
     }
 
-    public static void setSubjectKeyIdentifier(KeyPair keypair, 
-        CertificateExtensions ext,
-        KeyCertData properties) throws IOException, NoSuchAlgorithmException, 
+    public static void setSubjectKeyIdentifier(KeyPair keypair,
+            CertificateExtensions ext,
+            KeyCertData properties) throws IOException, NoSuchAlgorithmException,
             InvalidKeyException {
         String ski = properties.getSKI();
 
         if ((ski != null) && (ski.equals(Constants.TRUE))) {
             KeyIdentifier id = createKeyIdentifier(keypair);
             SubjectKeyIdentifierExtension skiExt =
-                new SubjectKeyIdentifierExtension(id.getIdentifier());
+                    new SubjectKeyIdentifierExtension(id.getIdentifier());
 
             ext.set(SubjectKeyIdentifierExtension.class.getSimpleName(), skiExt);
         }
     }
 
     public static void setKeyUsageExtension(CertificateExtensions ext,
-        KeyUsageExtension keyUsage) throws IOException {
+            KeyUsageExtension keyUsage) throws IOException {
         ext.set(KeyUsageExtension.class.getSimpleName(), keyUsage);
     }
 
-    public static KeyIdentifier createKeyIdentifier(KeyPair keypair) 
-        throws NoSuchAlgorithmException, InvalidKeyException {
+    public static KeyIdentifier createKeyIdentifier(KeyPair keypair)
+            throws NoSuchAlgorithmException, InvalidKeyException {
         MessageDigest md = MessageDigest.getInstance("SHA-1");
         X509Key subjectKeyInfo = convertPublicKeyToX509Key(
                 keypair.getPublic());
 
-        //md.update(subjectKeyInfo.getEncoded());
+        // md.update(subjectKeyInfo.getEncoded());
         md.update(subjectKeyInfo.getKey());
         return new KeyIdentifier(md.digest());
     }
 
-    public static BigInteger getSerialNumber(LDAPConnection conn, String baseDN) 
-        throws LDAPException {
+    public static BigInteger getSerialNumber(LDAPConnection conn, String baseDN)
+            throws LDAPException {
         String dn = "ou=certificateRepository,ou=ca," + baseDN;
         BigInteger serialno = null;
         LDAPEntry entry = conn.read(dn);
@@ -1080,9 +1065,9 @@ public class KeyCertUtil {
         return serialno;
     }
 
-    public static void setSerialNumber(LDAPConnection conn, 
-        String baseDN, BigInteger serial) 
-        throws LDAPException {
+    public static void setSerialNumber(LDAPConnection conn,
+            String baseDN, BigInteger serial)
+            throws LDAPException {
         String dn = "ou=certificateRepository,ou=ca," + baseDN;
         LDAPAttribute attr = new LDAPAttribute("serialno");
 
@@ -1097,19 +1082,19 @@ public class KeyCertUtil {
     }
 
     public static void addCertToDB(LDAPConnection conn, String dn, X509CertImpl cert)
-        throws LDAPException, EBaseException {
+            throws LDAPException, EBaseException {
         BigInteger serialno = cert.getSerialNumber();
         X509CertImplMapper mapper = new X509CertImplMapper();
         LDAPAttributeSet attrs = new LDAPAttributeSet();
 
         mapper.mapObjectToLDAPAttributeSet(null, null,
-            cert, attrs);
+                cert, attrs);
         attrs.add(new LDAPAttribute("objectclass", "top"));
         attrs.add(new LDAPAttribute("objectclass",
                 "certificateRecord"));
         attrs.add(new LDAPAttribute("serialno",
                 BigIntegerMapper.BigIntegerToDB(
-                    serialno)));
+                        serialno)));
         attrs.add(new LDAPAttribute("dateOfCreate",
                 DateMapper.dateToDB((CMS.getCurrentDate()))));
         attrs.add(new LDAPAttribute("dateOfModify",
@@ -1125,12 +1110,12 @@ public class KeyCertUtil {
         conn.add(entry);
     }
 
-    public static CertificateExtensions getExtensions(String tokenname, String nickname) 
-        throws NotInitializedException, TokenException, ObjectNotFoundException, 
+    public static CertificateExtensions getExtensions(String tokenname, String nickname)
+            throws NotInitializedException, TokenException, ObjectNotFoundException,
             IOException, CertificateException {
         String fullnickname = nickname;
 
-        if (!tokenname.equals(Constants.PR_INTERNAL_TOKEN_NAME)) 
+        if (!tokenname.equals(Constants.PR_INTERNAL_TOKEN_NAME))
             fullnickname = tokenname + ":" + nickname;
         CryptoManager manager = CryptoManager.getInstance();
         X509Certificate cert = manager.findCertByNickname(fullnickname);
diff --git a/pki/base/common/src/com/netscape/cmscore/security/OCSPSigningCert.java b/pki/base/common/src/com/netscape/cmscore/security/OCSPSigningCert.java
index efeade92..7e77b201 100644
--- a/pki/base/common/src/com/netscape/cmscore/security/OCSPSigningCert.java
+++ b/pki/base/common/src/com/netscape/cmscore/security/OCSPSigningCert.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cmscore.security;
 
-
 import java.io.IOException;
 import java.math.BigInteger;
 import java.security.KeyPair;
@@ -34,7 +33,6 @@ import com.netscape.certsrv.common.ConfigConstants;
 import com.netscape.certsrv.common.Constants;
 import com.netscape.certsrv.security.KeyCertData;
 
-
 /**
  * OCSP signing certificate.
  * 
@@ -42,8 +40,8 @@ import com.netscape.certsrv.security.KeyCertData;
  * @version $Revision$, $Date$
  */
 public class OCSPSigningCert extends CertificateInfo {
-    public static final String SUBJECT_NAME = 
-        "CN=Certificate Authority, O=Netscape Communications, C=US";
+    public static final String SUBJECT_NAME =
+            "CN=Certificate Authority, O=Netscape Communications, C=US";
 
     public OCSPSigningCert(KeyCertData properties) {
         this(properties, null);
@@ -51,19 +49,16 @@ public class OCSPSigningCert extends CertificateInfo {
 
     public OCSPSigningCert(KeyCertData properties, KeyPair pair) {
         super(properties, pair);
-        /* included in console UI
-        try {
-            if (mProperties.get(Constants.PR_OCSP_SIGNING) == null) {
-                mProperties.put(Constants.PR_OCSP_SIGNING, Constants.TRUE);
-            }
-            if (mProperties.get(Constants.PR_OCSP_NOCHECK) == null) {
-                mProperties.put(Constants.PR_OCSP_NOCHECK, Constants.TRUE);
-            }
-        } catch (Exception e) {
-            mProperties.put(Constants.PR_OCSP_SIGNING, Constants.TRUE);
-            mProperties.put(Constants.PR_OCSP_NOCHECK, Constants.TRUE);
-        }
-        */
+        /*
+         * included in console UI try { if
+         * (mProperties.get(Constants.PR_OCSP_SIGNING) == null) {
+         * mProperties.put(Constants.PR_OCSP_SIGNING, Constants.TRUE); } if
+         * (mProperties.get(Constants.PR_OCSP_NOCHECK) == null) {
+         * mProperties.put(Constants.PR_OCSP_NOCHECK, Constants.TRUE); } } catch
+         * (Exception e) { mProperties.put(Constants.PR_OCSP_SIGNING,
+         * Constants.TRUE); mProperties.put(Constants.PR_OCSP_NOCHECK,
+         * Constants.TRUE); }
+         */
     }
 
     public String getSubjectName() {
@@ -85,7 +80,7 @@ public class OCSPSigningCert extends CertificateInfo {
             BigInteger P = new BigInteger(p);
             BigInteger Q = new BigInteger(q);
             BigInteger G = new BigInteger(g);
-            BigInteger pqgSeed = new BigInteger(seed); 
+            BigInteger pqgSeed = new BigInteger(seed);
             BigInteger pqgH = new BigInteger(H);
 
             return new PQGParams(P, Q, G, pqgSeed, counter, pqgH);
@@ -113,7 +108,7 @@ public class OCSPSigningCert extends CertificateInfo {
             cmsFileTmp.putString("ca.signing.cacertnickname", nickname);
         else
             cmsFileTmp.putString("ca.signing.cacertnickname",
-                tokenname + ":" + nickname);
+                    tokenname + ":" + nickname);
         cmsFileTmp.commit(false);
     }
 
@@ -140,4 +135,3 @@ public class OCSPSigningCert extends CertificateInfo {
         return extension;
     }
 }
-
diff --git a/pki/base/common/src/com/netscape/cmscore/security/PWCBsdr.java b/pki/base/common/src/com/netscape/cmscore/security/PWCBsdr.java
index 48b19f62..99f8d1e4 100644
--- a/pki/base/common/src/com/netscape/cmscore/security/PWCBsdr.java
+++ b/pki/base/common/src/com/netscape/cmscore/security/PWCBsdr.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cmscore.security;
 
-
 import java.io.File;
 import java.io.InputStream;
 import java.io.OutputStream;
@@ -30,7 +29,6 @@ import com.netscape.certsrv.apps.CMS;
 import com.netscape.certsrv.logging.ILogger;
 import com.netscape.cmscore.base.JDialogPasswordCallback;
 
-
 /* 
  * A class to retrieve passwords from the SDR password cache
  *
@@ -41,7 +39,7 @@ import com.netscape.cmscore.base.JDialogPasswordCallback;
 public class PWCBsdr implements PasswordCallback {
     InputStream in = null;
     OutputStream out = null;
-    String mprompt = "";  
+    String mprompt = "";
     boolean firsttime = true;
     private PasswordCallback mCB = null;
     private String mPWcachedb = null;
@@ -50,29 +48,28 @@ public class PWCBsdr implements PasswordCallback {
     public PWCBsdr() {
         this(null);
     }
-  
+
     public PWCBsdr(String prompt) {
         in = System.in;
         out = System.out;
         mprompt = prompt;
 
-        /* to get the test program work
-         System.out.println("before CMS.getLogger");
-         try {
+        /*
+         * to get the test program work
+         * System.out.println("before CMS.getLogger"); try {
          */
         mLogger = CMS.getLogger();
 
         /*
-         } catch (NullPointerException e) {
-         System.out.println("after CMS.getLoggergot NullPointerException ... testing ok");
-         }
-         System.out.println("after CMS.getLogger");
+         * } catch (NullPointerException e) { System.out.println(
+         * "after CMS.getLoggergot NullPointerException ... testing ok"); }
+         * System.out.println("after CMS.getLogger");
          */
         // get path to password cache
         try {
             mPWcachedb = CMS.getConfigStore().getString("pwCache");
             CMS.debug("got pwCache from configstore: " +
-                mPWcachedb);
+                    mPWcachedb);
         } catch (NullPointerException e) {
             System.out.println("after CMS.getConfigStore got NullPointerException ... testing ok");
         } catch (Exception e) {
@@ -80,8 +77,8 @@ public class PWCBsdr implements PasswordCallback {
             // let it fall through
         }
 
-        //    System.out.println("after CMS.getConfigStore");
-        if (File.separator.equals("/")) {  
+        // System.out.println("after CMS.getConfigStore");
+        if (File.separator.equals("/")) {
             // Unix
             mCB = new PWsdrConsolePasswordCallback(prompt);
         } else {
@@ -90,33 +87,27 @@ public class PWCBsdr implements PasswordCallback {
         }
 
         // System.out.println( "Created PWCBsdr with prompt of "
-        //                   + mprompt );
+        // + mprompt );
     }
 
-    /* We are now assuming that PasswordCallbackInfo.getname() returns 
-     * the tag we are hoping to match in the cache.
+    /*
+     * We are now assuming that PasswordCallbackInfo.getname() returns the tag
+     * we are hoping to match in the cache.
      */
 
     public Password getPasswordFirstAttempt(PasswordCallbackInfo info)
-        throws PasswordCallback.GiveUpException {
+            throws PasswordCallback.GiveUpException {
 
         CMS.debug("in getPasswordFirstAttempt");
 
-        /* debugging code to see if token is logged in
-         try {
-         CryptoManager cm = CryptoManager.getInstance();
-         CryptoToken token =
-         cm.getInternalKeyStorageToken();
-         if (token.isLoggedIn() == false) {
-         // missed it.
-         CMS.debug("token not yet logged in!!");
-         } else {
-         CMS.debug("token logged in.");
-         }
-         } catch (Exception e) {
-         CMS.debug("crypto manager error:"+e.toString());
-         }
-         CMS.debug("still in getPasswordFirstAttempt");
+        /*
+         * debugging code to see if token is logged in try { CryptoManager cm =
+         * CryptoManager.getInstance(); CryptoToken token =
+         * cm.getInternalKeyStorageToken(); if (token.isLoggedIn() == false) {
+         * // missed it. CMS.debug("token not yet logged in!!"); } else {
+         * CMS.debug("token logged in."); } } catch (Exception e) {
+         * CMS.debug("crypto manager error:"+e.toString()); }
+         * CMS.debug("still in getPasswordFirstAttempt");
          */
         Password pw = null;
         String tmpPrompt = info.getName();
@@ -144,7 +135,7 @@ public class PWCBsdr implements PasswordCallback {
             if (tmpPrompt == null) { /* no name, fail */
                 System.out.println("Shouldn't get here");
                 throw new PasswordCallback.GiveUpException();
-            } else {  /* get password from password cache */
+            } else { /* get password from password cache */
 
                 CMS.debug("getting tag = " + tmpPrompt);
                 PWsdrCache pwc = new PWsdrCache(mPWcachedb, mLogger);
@@ -157,7 +148,7 @@ public class PWCBsdr implements PasswordCallback {
 
                     return (pw);
                 } else { /* password not found */
-                    // we don't want caller to do getPasswordAgain,    for now
+                    // we don't want caller to do getPasswordAgain, for now
                     log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_THROW_CALLBACK"));
                     throw new PasswordCallback.GiveUpException();
                 }
@@ -169,12 +160,13 @@ public class PWCBsdr implements PasswordCallback {
         }
     }
 
-    /* The password cache has failed to return a password (or a usable password.
-     * Now we will try and get the password from the user and hopefully add
-     * the password to the cache pw cache 
+    /*
+     * The password cache has failed to return a password (or a usable password.
+     * Now we will try and get the password from the user and hopefully add the
+     * password to the cache pw cache
      */
     public Password getPasswordAgain(PasswordCallbackInfo info)
-        throws PasswordCallback.GiveUpException {
+            throws PasswordCallback.GiveUpException {
 
         CMS.debug("in getPasswordAgain");
         try {
@@ -198,7 +190,7 @@ public class PWCBsdr implements PasswordCallback {
             }
         } catch (Throwable e) {
             // System.out.println( "BUG HERE!! in the password again!!"
-            //                   + "!!!!!!!!!!!" );
+            // + "!!!!!!!!!!!" );
             // e.printStackTrace();
             throw new PasswordCallback.GiveUpException();
         }
@@ -208,12 +200,11 @@ public class PWCBsdr implements PasswordCallback {
         if (mLogger == null) {
             System.out.println(msg);
         } else {
-            mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER, level, "PWCBsdr " + msg); 
+            mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER, level, "PWCBsdr " + msg);
         }
     }
 }
 
-
 class PWsdrConsolePasswordCallback implements PasswordCallback {
     private String mPrompt = null;
 
@@ -226,7 +217,7 @@ class PWsdrConsolePasswordCallback implements PasswordCallback {
     }
 
     public Password getPasswordFirstAttempt(PasswordCallbackInfo info)
-        throws PasswordCallback.GiveUpException {
+            throws PasswordCallback.GiveUpException {
         if (mPrompt == null) {
             System.out.println("Get password " + info.getName());
         } else {
@@ -239,7 +230,7 @@ class PWsdrConsolePasswordCallback implements PasswordCallback {
     }
 
     public Password getPasswordAgain(PasswordCallbackInfo info)
-        throws PasswordCallback.GiveUpException {
+            throws PasswordCallback.GiveUpException {
         System.out.println("Password Incorrect.");
         if (mPrompt == null) {
             System.out.println("Get password " + info.getName());
@@ -253,7 +244,6 @@ class PWsdrConsolePasswordCallback implements PasswordCallback {
     }
 }
 
-
 class PWsdrDialogPasswordCallback extends JDialogPasswordCallback {
     private String mPrompt = null;
 
@@ -270,4 +260,3 @@ class PWsdrDialogPasswordCallback extends JDialogPasswordCallback {
         }
     }
 }
-
diff --git a/pki/base/common/src/com/netscape/cmscore/security/PWUtil.java b/pki/base/common/src/com/netscape/cmscore/security/PWUtil.java
index 3be63691..b8d9d149 100644
--- a/pki/base/common/src/com/netscape/cmscore/security/PWUtil.java
+++ b/pki/base/common/src/com/netscape/cmscore/security/PWUtil.java
@@ -17,23 +17,20 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cmscore.security;
 
-
 import java.io.BufferedReader;
 import java.io.InputStreamReader;
 
 import org.mozilla.jss.util.Password;
 import org.mozilla.jss.util.PasswordCallback;
 
-
-public class
-PWUtil {
+public class PWUtil {
     public static Password
-    readPasswordFromStream() 
-        throws PasswordCallback.GiveUpException {
+            readPasswordFromStream()
+                    throws PasswordCallback.GiveUpException {
         BufferedReader in;
 
         in = new BufferedReader(new InputStreamReader(System.in));
-    
+
         StringBuffer buf = new StringBuffer();
         String passwordString = new String();
         int c;
@@ -49,7 +46,7 @@ PWUtil {
                     if (ch != '\r') {
                         if (ch != '\n') {
                             buf.append(ch);
-                        } else {          
+                        } else {
                             passwordString = buf.toString();
                             buf.setLength(0);
                             break;
@@ -61,10 +58,10 @@ PWUtil {
             }
 
             // memory problem?
-            //      String passwordString = in.readLine();
-            //            System.out.println( "done read" );
-            //            System.out.println( " password recieved is ["
-            //                              + passwordString + "]" );
+            // String passwordString = in.readLine();
+            // System.out.println( "done read" );
+            // System.out.println( " password recieved is ["
+            // + passwordString + "]" );
             if (passwordString == null) {
                 throw new PasswordCallback.GiveUpException();
             }
@@ -80,4 +77,3 @@ PWUtil {
         }
     }
 }
-
diff --git a/pki/base/common/src/com/netscape/cmscore/security/PWsdrCache.java b/pki/base/common/src/com/netscape/cmscore/security/PWsdrCache.java
index 12412f59..1deb64e0 100644
--- a/pki/base/common/src/com/netscape/cmscore/security/PWsdrCache.java
+++ b/pki/base/common/src/com/netscape/cmscore/security/PWsdrCache.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cmscore.security;
 
-
 import java.io.BufferedReader;
 import java.io.ByteArrayOutputStream;
 import java.io.File;
@@ -46,7 +45,6 @@ import com.netscape.certsrv.base.EBaseException;
 import com.netscape.certsrv.logging.ILogger;
 import com.netscape.cmsutil.util.Utils;
 
-
 /* 
  * A class for managing passwords in the SDR password cache
  *
@@ -86,13 +84,13 @@ public class PWsdrCache {
             try {
                 cm = CryptoManager.getInstance();
                 mTokenName = CMS.getConfigStore().getString(PROP_PWC_TOKEN_NAME);
-                log (ILogger.LL_DEBUG, "pwcTokenname specified.  Use token for SDR key. tokenname= "+mTokenName);
+                log(ILogger.LL_DEBUG, "pwcTokenname specified.  Use token for SDR key. tokenname= " + mTokenName);
                 mToken = cm.getTokenByName(mTokenName);
             } catch (NotInitializedException e) {
-                log (ILogger.LL_FAILURE, e.toString());
+                log(ILogger.LL_FAILURE, e.toString());
                 throw new EBaseException(e.toString());
             } catch (Exception e) {
-                log (ILogger.LL_DEBUG, "no pwcTokenname specified, use internal token for SDR key");
+                log(ILogger.LL_DEBUG, "no pwcTokenname specified, use internal token for SDR key");
                 mToken = cm.getInternalKeyStorageToken();
             }
         }
@@ -103,11 +101,11 @@ public class PWsdrCache {
         if (mKeyID == null) {
             try {
                 String keyID = CMS.getConfigStore().getString(PROP_PWC_KEY_ID);
-                log (ILogger.LL_DEBUG, "retrieved PWC SDR key");
+                log(ILogger.LL_DEBUG, "retrieved PWC SDR key");
                 mKeyID = base64Decode(keyID);
-                
+
             } catch (Exception e) {
-                log (ILogger.LL_DEBUG, "no pwcSDRKey specified");
+                log(ILogger.LL_DEBUG, "no pwcSDRKey specified");
                 throw new EBaseException(e.toString());
             }
         }
@@ -131,10 +129,10 @@ public class PWsdrCache {
         cm = CryptoManager.getInstance();
         if (mTokenName != null) {
             mToken = cm.getTokenByName(mTokenName);
-            mToken =  cm.getInternalKeyStorageToken();
-            debug("PWsdrCache: mToken = "+mTokenName);
+            mToken = cm.getInternalKeyStorageToken();
+            debug("PWsdrCache: mToken = " + mTokenName);
         } else {
-            mToken =  cm.getInternalKeyStorageToken();
+            mToken = cm.getInternalKeyStorageToken();
             debug("PWsdrCache: mToken = internal");
         }
     }
@@ -147,50 +145,48 @@ public class PWsdrCache {
         return mTokenName;
     }
 
-    public void deleteUniqueNamedKey( String nickName )
-        throws Exception
-    {
-        KeyManager km = new KeyManager( mToken );
-        km.deleteUniqueNamedKey( nickName );
+    public void deleteUniqueNamedKey(String nickName)
+            throws Exception {
+        KeyManager km = new KeyManager(mToken);
+        km.deleteUniqueNamedKey(nickName);
     }
 
-    public byte[] generateSDRKey () throws Exception {
-		return generateSDRKeyWithNickName(PROP_PWC_NICKNAME);
+    public byte[] generateSDRKey() throws Exception {
+        return generateSDRKeyWithNickName(PROP_PWC_NICKNAME);
     }
 
-    public byte[] generateSDRKeyWithNickName (String nickName)
-        throws Exception
-    {
+    public byte[] generateSDRKeyWithNickName(String nickName)
+            throws Exception {
         try {
 
             if (mIsTool != true) {
                 // generate SDR key
                 KeyManager km = new KeyManager(mToken);
                 try {
-                    // Bugscape Bug #54838:  Due to the CMS cloning feature,
-                    //                       we must check for the presence of
-                    //                       a uniquely named symmetric key
-                    //                       prior to making an attempt to
-                    //                       generate it!
+                    // Bugscape Bug #54838: Due to the CMS cloning feature,
+                    // we must check for the presence of
+                    // a uniquely named symmetric key
+                    // prior to making an attempt to
+                    // generate it!
                     //
-                    if( !( km.uniqueNamedKeyExists( nickName ) ) ) {
-                        mKeyID = km.generateUniqueNamedKey( nickName );
+                    if (!(km.uniqueNamedKeyExists(nickName))) {
+                        mKeyID = km.generateUniqueNamedKey(nickName);
                     }
                 } catch (TokenException e) {
-                    log (0, "generateSDRKey() failed on "+e.toString());
+                    log(0, "generateSDRKey() failed on " + e.toString());
                     throw e;
                 }
             }
         } catch (Exception e) {
-            log (ILogger.LL_FAILURE, e.toString());
+            log(ILogger.LL_FAILURE, e.toString());
             throw e;
         }
         return mKeyID;
     }
 
     public byte[] base64Decode(String s) throws IOException {
-         byte[] d = com.netscape.osutil.OSUtil.AtoB(s);
-         return d;
+        byte[] d = com.netscape.osutil.OSUtil.AtoB(s);
+        return d;
     }
 
     public static String base64Encode(byte[] bytes) throws IOException {
@@ -199,9 +195,9 @@ public class PWsdrCache {
         ByteArrayOutputStream output = new ByteArrayOutputStream();
         Base64OutputStream b64 = new Base64OutputStream(new
                 PrintStream(new
-                    FilterOutputStream(output)
+                        FilterOutputStream(output)
                 )
-            );
+                );
 
         b64.write(bytes);
         b64.flush();
@@ -211,10 +207,9 @@ public class PWsdrCache {
         return output.toString("8859_1");
     }
 
-
     // for PWCBsdr
     public PWsdrCache(String pwCache, ILogger logger) throws
-        EBaseException {
+            EBaseException {
         mLogger = logger;
         mPWcachedb = pwCache;
         initToken();
@@ -236,7 +231,7 @@ public class PWsdrCache {
      * add passwd in pwcache.
      */
     public void addEntry(String tag, String pwd, Hashtable tagPwds) throws EBaseException {
-        
+
         String stringToAdd = null;
         String bufs = null;
 
@@ -249,7 +244,7 @@ public class PWsdrCache {
                 tag = (String) enum1.nextElement();
                 pwd = (String) tagPwds.get(tag);
                 debug("password tag: " + tag + " stored in " + mPWcachedb);
-                
+
                 if (stringToAdd == null) {
                     stringToAdd = tag + ":" + pwd + "\n";
                 } else {
@@ -262,7 +257,7 @@ public class PWsdrCache {
 
         if (dcrypts != null) {
             // converts to Hashtable, replace if tag exists, add
-            //                if tag doesn't exist
+            // if tag doesn't exist
             Hashtable ht = string2Hashtable(dcrypts);
 
             if (ht.containsKey(tag) == false) {
@@ -277,7 +272,7 @@ public class PWsdrCache {
             debug("adding new tag: " + tag);
             bufs = stringToAdd;
         }
-        
+
         // write update to cache
         writePWcache(bufs);
     }
@@ -292,7 +287,7 @@ public class PWsdrCache {
 
         if (dcrypts != null) {
             // converts to Hashtable, replace if tag exists, add
-            //                if tag doesn't exist
+            // if tag doesn't exist
             Hashtable ht = string2Hashtable(dcrypts);
 
             if (ht.containsKey(tag) == false) {
@@ -307,7 +302,7 @@ public class PWsdrCache {
             debug("password cache contains no tags");
             return;
         }
-        
+
         // write update to cache
         writePWcache(bufs);
     }
@@ -394,35 +389,35 @@ public class PWsdrCache {
             File origFile = new File(mPWcachedb);
 
             try {
-                if( Utils.isNT() ) {
+                if (Utils.isNT()) {
                     // NT is very picky on the path
-                    Utils.exec( "copy " +
-                                tmpPWcache.getAbsolutePath().replace( '/',
-                                                                      '\\' ) +
+                    Utils.exec("copy " +
+                                tmpPWcache.getAbsolutePath().replace('/',
+                                                                      '\\') +
                                 " " +
-                                origFile.getAbsolutePath().replace( '/',
-                                                                    '\\' ) );
+                                origFile.getAbsolutePath().replace('/',
+                                                                    '\\'));
                 } else {
                     // Create a copy of the original file which
                     // preserves the original file permissions.
-                    Utils.exec( "cp -p " + tmpPWcache.getAbsolutePath() + " " +
-                                origFile.getAbsolutePath() );
+                    Utils.exec("cp -p " + tmpPWcache.getAbsolutePath() + " " +
+                                origFile.getAbsolutePath());
                 }
 
                 // Remove the original file if and only if
                 // the backup copy was successful.
-                if( origFile.exists() ) {
-                    if( !Utils.isNT() ) {
+                if (origFile.exists()) {
+                    if (!Utils.isNT()) {
                         try {
-                            Utils.exec( "chmod 00660 " +
-                                        origFile.getCanonicalPath() );
-                        } catch( IOException e ) {
-                            CMS.debug( "Unable to change file permissions on "
-                                     + origFile.toString() );
+                            Utils.exec("chmod 00660 " +
+                                        origFile.getCanonicalPath());
+                        } catch (IOException e) {
+                            CMS.debug("Unable to change file permissions on "
+                                     + origFile.toString());
                         }
                     }
                     tmpPWcache.delete();
-                    debug( "operation completed for " + mPWcachedb );
+                    debug("operation completed for " + mPWcachedb);
                 }
             } catch (Exception exx) {
                 log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_SECURITY_PW_CACHE", exx.toString()));
@@ -447,7 +442,7 @@ public class PWsdrCache {
         while (enum1.hasMoreElements()) {
             String tag = (String) enum1.nextElement();
             String pwd = (String) ht.get(tag);
-                
+
             if (returnString == null) {
                 returnString = tag + ":" + pwd + "\n";
             } else {
@@ -475,14 +470,14 @@ public class PWsdrCache {
 
                 ht.put(tag.trim(), passwd.trim());
             } else {
-                //invalid format...log or throw...later
+                // invalid format...log or throw...later
             }
         }
         return ht;
     }
 
     /*
-     * get password from cache.  This one supplies cache file name
+     * get password from cache. This one supplies cache file name
      */
     public Password getEntry(String fileName, String tag) {
         mPWcachedb = fileName;
@@ -490,8 +485,8 @@ public class PWsdrCache {
     }
 
     /*
-     * if tag found with pwd, return it
-     * if tag not found, return null, which will cause it to give up
+     * if tag found with pwd, return it if tag not found, return null, which
+     * will cause it to give up
      */
     public Password getEntry(String tag) {
         Hashtable pwTable = null;
@@ -532,7 +527,7 @@ public class PWsdrCache {
         }
     }
 
-    //copied from IOUtil.java
+    // copied from IOUtil.java
     /**
      * Checks if this is NT.
      */
@@ -566,22 +561,17 @@ public class PWsdrCache {
             if (process.exitValue() == 0) {
 
                 /**
-                 pOut = new BufferedReader(
-                 new InputStreamReader(process.getInputStream()));
-                 while ((l = pOut.readLine()) != null) {
-                 System.out.println(l);
-                 }
+                 * pOut = new BufferedReader( new
+                 * InputStreamReader(process.getInputStream())); while ((l =
+                 * pOut.readLine()) != null) { System.out.println(l); }
                  **/
                 return true;
             } else {
 
                 /**
-                 pOut = new BufferedReader(
-                 new InputStreamReader(process.getErrorStream()));
-                 l = null;
-                 while ((l = pOut.readLine()) != null) {
-                 System.out.println(l);
-                 }
+                 * pOut = new BufferedReader( new
+                 * InputStreamReader(process.getErrorStream())); l = null; while
+                 * ((l = pOut.readLine()) != null) { System.out.println(l); }
                  **/
                 return false;
             }
@@ -599,7 +589,7 @@ public class PWsdrCache {
     public void log(int level, String msg) {
         if (mLogger != null) {
             mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER, level,
-                "PWsdrCache " + msg);
+                    "PWsdrCache " + msg);
         } else if (mIsTool) {
             System.out.println(msg);
         } // else it's most likely the installation wizard...no logging
@@ -636,9 +626,9 @@ public class PWsdrCache {
                             line.length());
 
                     debug(tag.trim() +
-                        " : " + passwd.trim());
+                            " : " + passwd.trim());
                 } else {
-                    //invalid format...log or throw...later
+                    // invalid format...log or throw...later
                     debug("invalid format");
                 }
             }
diff --git a/pki/base/common/src/com/netscape/cmscore/security/Provider.java b/pki/base/common/src/com/netscape/cmscore/security/Provider.java
index 0e7f8e2e..8c264142 100644
--- a/pki/base/common/src/com/netscape/cmscore/security/Provider.java
+++ b/pki/base/common/src/com/netscape/cmscore/security/Provider.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cmscore.security;
 
-
 public class Provider extends java.security.Provider {
 
     /**
@@ -27,11 +26,11 @@ public class Provider extends java.security.Provider {
 
     public Provider() {
         super("CMS", 1.4,
-            "Provides Signature and Message Digesting");
+                "Provides Signature and Message Digesting");
 
-        /////////////////////////////////////////////////////////////
+        // ///////////////////////////////////////////////////////////
         // Signature
-        /////////////////////////////////////////////////////////////
+        // ///////////////////////////////////////////////////////////
 
         put("Signature.SHA1withDSA", "org.mozilla.jss.provider.DSASignature");
 
@@ -46,13 +45,13 @@ public class Provider extends java.security.Provider {
         put("Signature.MD5/RSA", "org.mozilla.jss.provider.MD5RSASignature");
         put("Signature.MD2/RSA", "org.mozilla.jss.provider.MD2RSASignature");
         put("Signature.SHA-1/RSA",
-            "org.mozilla.jss.provider.SHA1RSASignature");
+                "org.mozilla.jss.provider.SHA1RSASignature");
 
         put("Alg.Alias.Signature.SHA1/RSA", "SHA-1/RSA");
 
-        /////////////////////////////////////////////////////////////
+        // ///////////////////////////////////////////////////////////
         // Message Digesting
-        /////////////////////////////////////////////////////////////
+        // ///////////////////////////////////////////////////////////
 
     }
 }
diff --git a/pki/base/common/src/com/netscape/cmscore/security/RASigningCert.java b/pki/base/common/src/com/netscape/cmscore/security/RASigningCert.java
index 1ac8f0ea..bf7a4ef2 100644
--- a/pki/base/common/src/com/netscape/cmscore/security/RASigningCert.java
+++ b/pki/base/common/src/com/netscape/cmscore/security/RASigningCert.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cmscore.security;
 
-
 import java.io.IOException;
 import java.security.KeyPair;
 
@@ -29,16 +28,15 @@ import com.netscape.certsrv.common.ConfigConstants;
 import com.netscape.certsrv.common.Constants;
 import com.netscape.certsrv.security.KeyCertData;
 
-
 /**
- * RA signing certificate 
+ * RA signing certificate
  * 
  * @author Christine Ho
  * @version $Revision$, $Date$
  */
 public class RASigningCert extends CertificateInfo {
-    public static final String SUBJECT_NAME = 
-        "CN=Registration Authority, O=Netscape Communications, C=US";
+    public static final String SUBJECT_NAME =
+            "CN=Registration Authority, O=Netscape Communications, C=US";
     private String mTokenname = Constants.PR_INTERNAL_TOKEN_NAME;
 
     public RASigningCert(KeyCertData properties) {
@@ -49,8 +47,8 @@ public class RASigningCert extends CertificateInfo {
         super(properties, pair);
         String tmp = (String) mProperties.get(Constants.PR_TOKEN_NAME);
 
-        if ((tmp != null) && 
-            (!tmp.equals(Constants.PR_INTERNAL_TOKEN)))   
+        if ((tmp != null) &&
+                (!tmp.equals(Constants.PR_INTERNAL_TOKEN)))
             mTokenname = tmp;
         try {
             if (mProperties.get(Constants.PR_AKI) == null) {
@@ -79,7 +77,7 @@ public class RASigningCert extends CertificateInfo {
     public String getNickname() {
         String name = (String) mProperties.get(Constants.PR_NICKNAME);
         String instanceName =
-            (String) mProperties.get(ConfigConstants.PR_CERT_INSTANCE_NAME);
+                (String) mProperties.get(ConfigConstants.PR_CERT_INSTANCE_NAME);
 
         if (name != null)
             return name;
@@ -87,19 +85,14 @@ public class RASigningCert extends CertificateInfo {
     }
 
     /*
-     public SignatureAlgorithm getSigningAlgorithm() {
-     SignatureAlgorithm sAlg =
-     (SignatureAlgorithm)mProperties.get(Constants.PR_SIGNATURE_ALGORITHM);
-     if (sAlg != null) {
-     return sAlg;
-     }
-     String alg = (String)mProperties.get(Constants.PR_KEY_TYPE);
-     
-     if (alg.equals("RSA"))
-     return SignatureAlgorithm.RSASignatureWithMD5Digest;
-     else
-     return SignatureAlgorithm.DSASignatureWithSHA1Digest;
-     }
+     * public SignatureAlgorithm getSigningAlgorithm() { SignatureAlgorithm sAlg
+     * = (SignatureAlgorithm)mProperties.get(Constants.PR_SIGNATURE_ALGORITHM);
+     * if (sAlg != null) { return sAlg; } String alg =
+     * (String)mProperties.get(Constants.PR_KEY_TYPE);
+     * 
+     * if (alg.equals("RSA")) return
+     * SignatureAlgorithm.RSASignatureWithMD5Digest; else return
+     * SignatureAlgorithm.DSASignatureWithSHA1Digest; }
      */
 
     public String getKeyAlgorithm() {
@@ -113,4 +106,3 @@ public class RASigningCert extends CertificateInfo {
         return extension;
     }
 }
-
diff --git a/pki/base/common/src/com/netscape/cmscore/security/SSLCert.java b/pki/base/common/src/com/netscape/cmscore/security/SSLCert.java
index eab48bdf..e978851d 100644
--- a/pki/base/common/src/com/netscape/cmscore/security/SSLCert.java
+++ b/pki/base/common/src/com/netscape/cmscore/security/SSLCert.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cmscore.security;
 
-
 import java.io.IOException;
 import java.security.KeyPair;
 
@@ -29,16 +28,15 @@ import com.netscape.certsrv.common.ConfigConstants;
 import com.netscape.certsrv.common.Constants;
 import com.netscape.certsrv.security.KeyCertData;
 
-
 /**
- * SSL server certificate 
+ * SSL server certificate
  * 
  * @author Christine Ho
  * @version $Revision$, $Date$
  */
 public class SSLCert extends CertificateInfo {
-    public static final String SUBJECT_NAME = 
-        "CN=SSL, O=Netscape Communications, C=US";
+    public static final String SUBJECT_NAME =
+            "CN=SSL, O=Netscape Communications, C=US";
     private String mTokenname = Constants.PR_INTERNAL_TOKEN_NAME;
 
     public SSLCert(KeyCertData properties) {
@@ -49,8 +47,8 @@ public class SSLCert extends CertificateInfo {
         super(properties, pair);
         String tmp = (String) mProperties.get(Constants.PR_TOKEN_NAME);
 
-        if ((tmp != null) && 
-            (!tmp.equals(Constants.PR_INTERNAL_TOKEN)))   
+        if ((tmp != null) &&
+                (!tmp.equals(Constants.PR_INTERNAL_TOKEN)))
             mTokenname = tmp;
         try {
             if (mProperties.get(Constants.PR_AKI) == null) {
@@ -62,7 +60,7 @@ public class SSLCert extends CertificateInfo {
 
         // 020598: The server bit has to be turned on. Otherwise, it might
         // crash jss.
-        //mProperties.put(Constants.PR_SSL_SERVER_BIT, Constants.TRUE);
+        // mProperties.put(Constants.PR_SSL_SERVER_BIT, Constants.TRUE);
     }
 
     public void updateConfig(IConfigStore cmsFileTmp) throws EBaseException {
@@ -88,7 +86,7 @@ public class SSLCert extends CertificateInfo {
     public String getNickname() {
         String name = (String) mProperties.get(Constants.PR_NICKNAME);
         String instanceName =
-            (String) mProperties.get(ConfigConstants.PR_CERT_INSTANCE_NAME);
+                (String) mProperties.get(ConfigConstants.PR_CERT_INSTANCE_NAME);
 
         if (name != null)
             return name;
@@ -96,19 +94,14 @@ public class SSLCert extends CertificateInfo {
     }
 
     /*
-     public SignatureAlgorithm getSigningAlgorithm() {
-     SignatureAlgorithm sAlg =
-     (SignatureAlgorithm)mProperties.get(Constants.PR_SIGNATURE_ALGORITHM);
-     if (sAlg != null) {
-     return sAlg;
-     }
-     String alg = (String)mProperties.get(Constants.PR_KEY_TYPE);
-     
-     if (alg.equals("RSA"))
-     return SignatureAlgorithm.RSASignatureWithMD5Digest;
-     else
-     return SignatureAlgorithm.DSASignatureWithSHA1Digest;
-     }
+     * public SignatureAlgorithm getSigningAlgorithm() { SignatureAlgorithm sAlg
+     * = (SignatureAlgorithm)mProperties.get(Constants.PR_SIGNATURE_ALGORITHM);
+     * if (sAlg != null) { return sAlg; } String alg =
+     * (String)mProperties.get(Constants.PR_KEY_TYPE);
+     * 
+     * if (alg.equals("RSA")) return
+     * SignatureAlgorithm.RSASignatureWithMD5Digest; else return
+     * SignatureAlgorithm.DSASignatureWithSHA1Digest; }
      */
 
     public String getKeyAlgorithm() {
@@ -125,4 +118,3 @@ public class SSLCert extends CertificateInfo {
         return extension;
     }
 }
-
diff --git a/pki/base/common/src/com/netscape/cmscore/security/SSLSelfSignedCert.java b/pki/base/common/src/com/netscape/cmscore/security/SSLSelfSignedCert.java
index ac7eb2ad..8494baf0 100644
--- a/pki/base/common/src/com/netscape/cmscore/security/SSLSelfSignedCert.java
+++ b/pki/base/common/src/com/netscape/cmscore/security/SSLSelfSignedCert.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cmscore.security;
 
-
 import java.io.IOException;
 import java.security.KeyPair;
 
@@ -29,16 +28,15 @@ import com.netscape.certsrv.common.ConfigConstants;
 import com.netscape.certsrv.common.Constants;
 import com.netscape.certsrv.security.KeyCertData;
 
-
 /**
- * SSL server certificate 
+ * SSL server certificate
  * 
  * @author Christine Ho
  * @version $Revision$, $Date$
  */
 public class SSLSelfSignedCert extends CertificateInfo {
-    public static final String SUBJECT_NAME = 
-        "CN=SSL, O=Netscape Communications, C=US";
+    public static final String SUBJECT_NAME =
+            "CN=SSL, O=Netscape Communications, C=US";
     private String mTokenname = Constants.PR_INTERNAL_TOKEN_NAME;
 
     public SSLSelfSignedCert(KeyCertData properties) {
@@ -49,8 +47,8 @@ public class SSLSelfSignedCert extends CertificateInfo {
         super(properties, pair);
         String tmp = (String) mProperties.get(Constants.PR_TOKEN_NAME);
 
-        if ((tmp != null) && 
-            (!tmp.equals(Constants.PR_INTERNAL_TOKEN)))   
+        if ((tmp != null) &&
+                (!tmp.equals(Constants.PR_INTERNAL_TOKEN)))
             mTokenname = tmp;
         mProperties.remove(Constants.PR_AKI);
 
@@ -80,7 +78,7 @@ public class SSLSelfSignedCert extends CertificateInfo {
     public String getNickname() {
         String name = (String) mProperties.get(Constants.PR_NICKNAME);
         String instanceName =
-            (String) mProperties.get(ConfigConstants.PR_CERT_INSTANCE_NAME);
+                (String) mProperties.get(ConfigConstants.PR_CERT_INSTANCE_NAME);
 
         if (name != null)
             return name;
@@ -88,19 +86,14 @@ public class SSLSelfSignedCert extends CertificateInfo {
     }
 
     /*
-     public SignatureAlgorithm getSigningAlgorithm() {
-     SignatureAlgorithm sAlg =
-     (SignatureAlgorithm)mProperties.get(Constants.PR_SIGNATURE_ALGORITHM);
-     if (sAlg != null) {
-     return sAlg;
-     }
-     String alg = (String)mProperties.get(Constants.PR_KEY_TYPE);
-     
-     if (alg.equals("RSA"))
-     return SignatureAlgorithm.RSASignatureWithMD5Digest;
-     else
-     return SignatureAlgorithm.DSASignatureWithSHA1Digest;
-     }
+     * public SignatureAlgorithm getSigningAlgorithm() { SignatureAlgorithm sAlg
+     * = (SignatureAlgorithm)mProperties.get(Constants.PR_SIGNATURE_ALGORITHM);
+     * if (sAlg != null) { return sAlg; } String alg =
+     * (String)mProperties.get(Constants.PR_KEY_TYPE);
+     * 
+     * if (alg.equals("RSA")) return
+     * SignatureAlgorithm.RSASignatureWithMD5Digest; else return
+     * SignatureAlgorithm.DSASignatureWithSHA1Digest; }
      */
 
     public String getKeyAlgorithm() {
@@ -114,9 +107,8 @@ public class SSLSelfSignedCert extends CertificateInfo {
         KeyUsageExtension extension = new KeyUsageExtension();
 
         extension.set(KeyUsageExtension.DIGITAL_SIGNATURE, new Boolean(true));
-        //extension.set(KeyUsageExtension.NON_REPUDIATION, new Boolean(true));
+        // extension.set(KeyUsageExtension.NON_REPUDIATION, new Boolean(true));
         extension.set(KeyUsageExtension.KEY_ENCIPHERMENT, new Boolean(true));
         return extension;
     }
 }
-
diff --git a/pki/base/common/src/com/netscape/cmscore/security/SubsystemCert.java b/pki/base/common/src/com/netscape/cmscore/security/SubsystemCert.java
index bd630de8..aede5e4d 100644
--- a/pki/base/common/src/com/netscape/cmscore/security/SubsystemCert.java
+++ b/pki/base/common/src/com/netscape/cmscore/security/SubsystemCert.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cmscore.security;
 
-
 import java.io.IOException;
 import java.security.KeyPair;
 
@@ -29,7 +28,6 @@ import com.netscape.certsrv.common.ConfigConstants;
 import com.netscape.certsrv.common.Constants;
 import com.netscape.certsrv.security.KeyCertData;
 
-
 /**
  * Subsystem certificate.
  * 
@@ -81,4 +79,3 @@ public class SubsystemCert extends CertificateInfo {
         return extension;
     }
 }
-
diff --git a/pki/base/common/src/com/netscape/cmscore/selftests/SelfTestOrderedInstance.java b/pki/base/common/src/com/netscape/cmscore/selftests/SelfTestOrderedInstance.java
index f462c2e2..5b06edc5 100644
--- a/pki/base/common/src/com/netscape/cmscore/selftests/SelfTestOrderedInstance.java
+++ b/pki/base/common/src/com/netscape/cmscore/selftests/SelfTestOrderedInstance.java
@@ -20,21 +20,19 @@
 
 package com.netscape.cmscore.selftests;
 
-
 ///////////////////////
 // import statements //
 ///////////////////////
 
 import java.util.StringTokenizer;
 
-
 //////////////////////
 // class definition //
 //////////////////////
 
 /**
- * This class implements a single element in
- * an ordered list of self test instances.
+ * This class implements a single element in an ordered list of self test
+ * instances.
  * <P>
  * 
  * @author mharmsen
@@ -42,32 +40,32 @@ import java.util.StringTokenizer;
  * @version $Revision$, $Date$
  */
 public class SelfTestOrderedInstance {
-    ////////////////////////
+    // //////////////////////
     // default parameters //
-    ////////////////////////
+    // //////////////////////
 
     private static final String ELEMENT_DELIMITER = ":";
     private static final String CRITICAL = "critical";
 
-    ////////////////////////////////////////
+    // //////////////////////////////////////
     // SelfTestOrderedInstance parameters //
-    ////////////////////////////////////////
+    // //////////////////////////////////////
 
-    private String  mInstanceName = null;
+    private String mInstanceName = null;
     private boolean mCritical = false;
 
-    /////////////////////
+    // ///////////////////
     // default methods //
-    /////////////////////
+    // ///////////////////
 
     /**
-     * Constructs a single element within an ordered list of self tests.
-     * A "listElement" contains a string of the form "[instanceName]" or
+     * Constructs a single element within an ordered list of self tests. A
+     * "listElement" contains a string of the form "[instanceName]" or
      * "[instanceName]:critical".
      * <P>
-     *
-     * @param listElement a string containing the "instanceName" and
-     * information indictating whether or not the instance is "critical"
+     * 
+     * @param listElement a string containing the "instanceName" and information
+     *            indictating whether or not the instance is "critical"
      */
     public SelfTestOrderedInstance(String listElement) {
         // strip preceding/trailing whitespace
@@ -101,14 +99,14 @@ public class SelfTestOrderedInstance {
 
     }
 
-    /////////////////////////////////////
+    // ///////////////////////////////////
     // SelfTestOrderedInstance methods //
-    /////////////////////////////////////
+    // ///////////////////////////////////
 
     /**
      * Returns the name associated with this self test; may be null.
      * <P>
-     *
+     * 
      * @return instanceName of this self test
      */
     public String getSelfTestName() {
@@ -118,9 +116,9 @@ public class SelfTestOrderedInstance {
     /**
      * Returns the criticality associated with this self test.
      * <P>
-     *
-     * @return true if failure of this self test is fatal when
-     * it is executed; otherwise return false
+     * 
+     * @return true if failure of this self test is fatal when it is executed;
+     *         otherwise return false
      */
     public boolean isSelfTestCritical() {
         return mCritical;
@@ -129,11 +127,10 @@ public class SelfTestOrderedInstance {
     /**
      * Sets/resets the criticality associated with this self test.
      * <P>
-     *
+     * 
      * @param criticalMode the criticality of this self test
      */
     public void setSelfTestCriticalMode(boolean criticalMode) {
         mCritical = criticalMode;
     }
 }
-
diff --git a/pki/base/common/src/com/netscape/cmscore/selftests/SelfTestSubsystem.java b/pki/base/common/src/com/netscape/cmscore/selftests/SelfTestSubsystem.java
index 8104210d..a2eb1510 100644
--- a/pki/base/common/src/com/netscape/cmscore/selftests/SelfTestSubsystem.java
+++ b/pki/base/common/src/com/netscape/cmscore/selftests/SelfTestSubsystem.java
@@ -20,7 +20,6 @@
 
 package com.netscape.cmscore.selftests;
 
-
 ///////////////////////
 // import statements //
 ///////////////////////
@@ -49,7 +48,6 @@ import com.netscape.certsrv.selftests.ESelfTestException;
 import com.netscape.certsrv.selftests.ISelfTest;
 import com.netscape.certsrv.selftests.ISelfTestSubsystem;
 
-
 //////////////////////
 // class definition //
 //////////////////////
@@ -63,22 +61,18 @@ import com.netscape.certsrv.selftests.ISelfTestSubsystem;
  * @version $Revision$, $Date$
  */
 public class SelfTestSubsystem
-    implements ISelfTestSubsystem {
-    ////////////////////////
+        implements ISelfTestSubsystem {
+    // //////////////////////
     // default parameters //
-    ////////////////////////
-
-
+    // //////////////////////
 
-    ///////////////////////
+    // /////////////////////
     // helper parameters //
-    ///////////////////////
+    // /////////////////////
 
-
-
-    //////////////////////////////////
+    // ////////////////////////////////
     // SelfTestSubsystem parameters //
-    //////////////////////////////////
+    // ////////////////////////////////
 
     private ISubsystem mOwner = null;
     private IConfigStore mConfig = null;
@@ -92,9 +86,9 @@ public class SelfTestSubsystem
     public Vector mOnDemandOrder = new Vector();
     public Vector mStartupOrder = new Vector();
 
-    ///////////////////////////
+    // /////////////////////////
     // ISubsystem parameters //
-    ///////////////////////////
+    // /////////////////////////
 
     private static final String LIST_DELIMITER = ",";
 
@@ -102,24 +96,22 @@ public class SelfTestSubsystem
     private static final String CRITICAL = "critical";
 
     private static final String LOGGING_SIGNED_AUDIT_SELFTESTS_EXECUTION =
-        "LOGGING_SIGNED_AUDIT_SELFTESTS_EXECUTION_2";
+            "LOGGING_SIGNED_AUDIT_SELFTESTS_EXECUTION_2";
 
-    /////////////////////
+    // ///////////////////
     // default methods //
-    /////////////////////
-
-
+    // ///////////////////
 
-    ////////////////////
+    // //////////////////
     // helper methods //
-    ////////////////////
+    // //////////////////
 
     /**
      * Signed Audit Log
-     *
+     * 
      * This helper method is called to store messages to the signed audit log.
      * <P>
-     *
+     * 
      * @param msg signed audit log message
      */
     private void audit(String msg) {
@@ -131,10 +123,10 @@ public class SelfTestSubsystem
         }
 
         mSignedAuditLogger.log(ILogger.EV_SIGNED_AUDIT,
-            null,
-            ILogger.S_SIGNED_AUDIT,
-            ILogger.LL_SECURITY,
-            msg);
+                null,
+                ILogger.S_SIGNED_AUDIT,
+                ILogger.LL_SECURITY,
+                msg);
     }
 
     /**
@@ -142,13 +134,13 @@ public class SelfTestSubsystem
      * substore name prepended in front of the plugin/parameter name). This
      * method may return null.
      * <P>
-     *
+     * 
      * @param instancePrefix full name of configuration store
      * @param instanceName instance name of self test
      * @return fullname of this self test plugin
      */
     private String getFullName(String instancePrefix,
-        String instanceName) {
+            String instanceName) {
         String instanceFullName = null;
 
         // strip preceding/trailing whitespace
@@ -161,9 +153,9 @@ public class SelfTestSubsystem
         }
 
         if ((instancePrefix != null) &&
-            (instancePrefix != "")) {
+                (instancePrefix != "")) {
             if ((instanceName != null) &&
-                (instanceName != "")) {
+                    (instanceName != "")) {
                 instanceFullName = instancePrefix
                         + "."
                         + instanceName;
@@ -176,16 +168,16 @@ public class SelfTestSubsystem
     }
 
     /**
-     * This helper method checks to see if an instance name/value
-     * pair exists for the corresponding ordered list element.
+     * This helper method checks to see if an instance name/value pair exists
+     * for the corresponding ordered list element.
      * <P>
-     *
+     * 
      * @param element owner of this subsystem
      * @param instanceName instance name of self test
      * @exception EMissingSelfTestException subsystem has missing name/value
      */
     private void checkInstance(SelfTestOrderedInstance element)
-        throws EInvalidSelfTestException, EMissingSelfTestException {
+            throws EInvalidSelfTestException, EMissingSelfTestException {
         String instanceFullName = null;
         String instanceName = null;
         String instanceValue = null;
@@ -200,8 +192,8 @@ public class SelfTestSubsystem
                         instanceName);
         } else {
             log(mLogger,
-                CMS.getLogMessage(
-                    "CMSCORE_SELFTESTS_PROPERTY_NAME_IS_NULL"));
+                    CMS.getLogMessage(
+                            "CMSCORE_SELFTESTS_PROPERTY_NAME_IS_NULL"));
 
             throw new EMissingSelfTestException();
         }
@@ -211,16 +203,15 @@ public class SelfTestSubsystem
             instanceValue = instanceConfig.getString(instanceName);
 
             if ((instanceValue == null) ||
-                (instanceValue.equals(""))) {
+                    (instanceValue.equals(""))) {
                 // self test plugin instance property name exists,
                 // but it contains no value(s)
                 log(mLogger,
-                    CMS.getLogMessage(
-                        "CMSCORE_SELFTESTS_PROPERTY_MISSING_VALUES",
-                        instanceFullName));
+                        CMS.getLogMessage(
+                                "CMSCORE_SELFTESTS_PROPERTY_MISSING_VALUES",
+                                instanceFullName));
 
-                throw new
-                    EMissingSelfTestException(instanceFullName,
+                throw new EMissingSelfTestException(instanceFullName,
                         instanceValue);
             } else {
                 instanceValue = instanceValue.trim();
@@ -229,27 +220,27 @@ public class SelfTestSubsystem
         } catch (EPropertyNotFound e) {
             // self test plugin instance property name is not present
             log(mLogger,
-                CMS.getLogMessage(
-                    "CMSCORE_SELFTESTS_PROPERTY_MISSING_NAME",
-                    instanceFullName));
+                    CMS.getLogMessage(
+                            "CMSCORE_SELFTESTS_PROPERTY_MISSING_NAME",
+                            instanceFullName));
 
             throw new EMissingSelfTestException(instanceFullName);
         } catch (EBaseException e) {
             // self test plugin instance EBaseException
             log(mLogger,
-                CMS.getLogMessage(
-                    "CMSCORE_SELFTESTS_PROPERTY_THREW_EBASEEXCEPTION",
-                    instanceFullName,
-                    instanceValue));
+                    CMS.getLogMessage(
+                            "CMSCORE_SELFTESTS_PROPERTY_THREW_EBASEEXCEPTION",
+                            instanceFullName,
+                            instanceValue));
 
             throw new EInvalidSelfTestException(instanceFullName,
                     instanceValue);
         }
     }
 
-    ///////////////////////////////
+    // /////////////////////////////
     // SelfTestSubsystem methods //
-    ///////////////////////////////
+    // /////////////////////////////
 
     //
     // methods associated with the list of on demand self tests
@@ -259,7 +250,7 @@ public class SelfTestSubsystem
      * List the instance names of all the self tests enabled to run on demand
      * (in execution order); may return null.
      * <P>
-     *
+     * 
      * @return list of self test instance names run on demand
      */
     public String[] listSelfTestsEnabledOnDemand() {
@@ -271,7 +262,7 @@ public class SelfTestSubsystem
             mList = new String[numElements];
         } else {
             return null;
-        } 
+        }
 
         // loop through all self test plugin instances
         // specified to be executed on demand
@@ -281,7 +272,7 @@ public class SelfTestSubsystem
 
         while (instances.hasMoreElements()) {
             SelfTestOrderedInstance instance = (SelfTestOrderedInstance)
-                instances.nextElement();
+                    instances.nextElement();
 
             mList[i] = instance.getSelfTestName();
             if (mList[i] != null) {
@@ -296,24 +287,24 @@ public class SelfTestSubsystem
     /**
      * Enable the specified self test to be executed on demand.
      * <P>
-     *
+     * 
      * @param instanceName instance name of self test
-     * @param isCritical isCritical is either a critical failure (true) or
-     * a non-critical failure (false)
+     * @param isCritical isCritical is either a critical failure (true) or a
+     *            non-critical failure (false)
      * @exception EInvalidSelfTestException subsystem has invalid name/value
      * @exception EMissingSelfTestException subsystem has missing name/value
      */
     public void enableSelfTestOnDemand(String instanceName,
-        boolean isCritical)
-        throws EInvalidSelfTestException, EMissingSelfTestException {
+            boolean isCritical)
+            throws EInvalidSelfTestException, EMissingSelfTestException {
         // strip preceding/trailing whitespace
         // from passed-in String parameters
         if (instanceName != null) {
             instanceName = instanceName.trim();
         } else {
             log(mLogger,
-                CMS.getLogMessage(
-                    "CMSCORE_SELFTESTS_PROPERTY_NAME_IS_NULL"));
+                    CMS.getLogMessage(
+                            "CMSCORE_SELFTESTS_PROPERTY_NAME_IS_NULL"));
 
             throw new EMissingSelfTestException();
         }
@@ -324,7 +315,7 @@ public class SelfTestSubsystem
 
         while (instances.hasMoreElements()) {
             SelfTestOrderedInstance instance = (SelfTestOrderedInstance)
-                instances.nextElement();
+                    instances.nextElement();
 
             if (instanceName.equals(instance.getSelfTestName())) {
                 instance.setSelfTestCriticalMode(isCritical);
@@ -347,8 +338,8 @@ public class SelfTestSubsystem
 
         element = new SelfTestOrderedInstance(elementName);
 
-        // SANITY CHECK:  find the corresponding instance property
-        //                name for this self test plugin
+        // SANITY CHECK: find the corresponding instance property
+        // name for this self test plugin
         checkInstance(element);
 
         // store this self test plugin in on-demand order
@@ -358,12 +349,12 @@ public class SelfTestSubsystem
     /**
      * Disable the specified self test from being able to be executed on demand.
      * <P>
-     *
+     * 
      * @param instanceName instance name of self test
      * @exception EMissingSelfTestException subsystem has missing name
      */
     public void disableSelfTestOnDemand(String instanceName)
-        throws EMissingSelfTestException {
+            throws EMissingSelfTestException {
         String instanceFullName = null;
 
         // strip preceding/trailing whitespace
@@ -374,8 +365,8 @@ public class SelfTestSubsystem
                         instanceName);
         } else {
             log(mLogger,
-                CMS.getLogMessage(
-                    "CMSCORE_SELFTESTS_PROPERTY_NAME_IS_NULL"));
+                    CMS.getLogMessage(
+                            "CMSCORE_SELFTESTS_PROPERTY_NAME_IS_NULL"));
 
             throw new EMissingSelfTestException();
         }
@@ -386,7 +377,7 @@ public class SelfTestSubsystem
 
         while (instances.hasMoreElements()) {
             SelfTestOrderedInstance instance = (SelfTestOrderedInstance)
-                instances.nextElement();
+                    instances.nextElement();
 
             if (instanceName.equals(instance.getSelfTestName())) {
                 mOnDemandOrder.remove(instance);
@@ -396,9 +387,9 @@ public class SelfTestSubsystem
 
         // self test plugin instance property name is not present
         log(mLogger,
-            CMS.getLogMessage(
-                "CMSCORE_SELFTESTS_PROPERTY_MISSING_NAME",
-                instanceFullName));
+                CMS.getLogMessage(
+                        "CMSCORE_SELFTESTS_PROPERTY_MISSING_NAME",
+                        instanceFullName));
 
         throw new EMissingSelfTestException(instanceFullName);
     }
@@ -406,21 +397,21 @@ public class SelfTestSubsystem
     /**
      * Determine if the specified self test is enabled to be executed on demand.
      * <P>
-     *
+     * 
      * @param instanceName instance name of self test
      * @return true if the specified self test is enabled on demand
      * @exception EMissingSelfTestException subsystem has missing name
      */
     public boolean isSelfTestEnabledOnDemand(String instanceName)
-        throws EMissingSelfTestException {
+            throws EMissingSelfTestException {
         // strip preceding/trailing whitespace
         // from passed-in String parameters
         if (instanceName != null) {
             instanceName = instanceName.trim();
         } else {
             log(mLogger,
-                CMS.getLogMessage(
-                    "CMSCORE_SELFTESTS_PROPERTY_NAME_IS_NULL"));
+                    CMS.getLogMessage(
+                            "CMSCORE_SELFTESTS_PROPERTY_NAME_IS_NULL"));
 
             throw new EMissingSelfTestException();
         }
@@ -431,7 +422,7 @@ public class SelfTestSubsystem
 
         while (instances.hasMoreElements()) {
             SelfTestOrderedInstance instance = (SelfTestOrderedInstance)
-                instances.nextElement();
+                    instances.nextElement();
 
             if (instanceName.equals(instance.getSelfTestName())) {
                 return true;
@@ -442,17 +433,17 @@ public class SelfTestSubsystem
     }
 
     /**
-     * Determine if failure of the specified self test is fatal when 
-     * it is executed on demand.
+     * Determine if failure of the specified self test is fatal when it is
+     * executed on demand.
      * <P>
-     *
+     * 
      * @param instanceName instance name of self test
-     * @return true if failure of the specified self test is fatal when
-     * it is executed on demand
+     * @return true if failure of the specified self test is fatal when it is
+     *         executed on demand
      * @exception EMissingSelfTestException subsystem has missing name
      */
     public boolean isSelfTestCriticalOnDemand(String instanceName)
-        throws EMissingSelfTestException {
+            throws EMissingSelfTestException {
         String instanceFullName = null;
 
         // strip preceding/trailing whitespace
@@ -463,8 +454,8 @@ public class SelfTestSubsystem
                         instanceName);
         } else {
             log(mLogger,
-                CMS.getLogMessage(
-                    "CMSCORE_SELFTESTS_PROPERTY_NAME_IS_NULL"));
+                    CMS.getLogMessage(
+                            "CMSCORE_SELFTESTS_PROPERTY_NAME_IS_NULL"));
 
             throw new EMissingSelfTestException();
         }
@@ -475,7 +466,7 @@ public class SelfTestSubsystem
 
         while (instances.hasMoreElements()) {
             SelfTestOrderedInstance instance = (SelfTestOrderedInstance)
-                instances.nextElement();
+                    instances.nextElement();
 
             if (instanceName.equals(instance.getSelfTestName())) {
                 if (instance.isSelfTestCritical()) {
@@ -488,9 +479,9 @@ public class SelfTestSubsystem
 
         // self test plugin instance property name is not present
         log(mLogger,
-            CMS.getLogMessage(
-                "CMSCORE_SELFTESTS_PROPERTY_MISSING_NAME",
-                instanceFullName));
+                CMS.getLogMessage(
+                        "CMSCORE_SELFTESTS_PROPERTY_MISSING_NAME",
+                        instanceFullName));
 
         throw new EMissingSelfTestException(instanceFullName);
     }
@@ -498,15 +489,15 @@ public class SelfTestSubsystem
     /**
      * Execute all self tests specified to be run on demand.
      * <P>
-     *
+     * 
      * @exception EMissingSelfTestException subsystem has missing name
      * @exception ESelfTestException self test exception
      */
     public void runSelfTestsOnDemand()
-        throws EMissingSelfTestException, ESelfTestException {
+            throws EMissingSelfTestException, ESelfTestException {
         if (CMS.debugOn()) {
             CMS.debug("SelfTestSubsystem::runSelfTestsOnDemand():"
-                + "  ENTERING . . .");
+                    + "  ENTERING . . .");
         }
 
         // loop through all self test plugin instances
@@ -515,7 +506,7 @@ public class SelfTestSubsystem
 
         while (instances.hasMoreElements()) {
             SelfTestOrderedInstance instance = (SelfTestOrderedInstance)
-                instances.nextElement();
+                    instances.nextElement();
 
             String instanceFullName = null;
             String instanceName = instance.getSelfTestName();
@@ -526,22 +517,22 @@ public class SelfTestSubsystem
                             instanceName);
             } else {
                 log(mLogger,
-                    CMS.getLogMessage(
-                        "CMSCORE_SELFTESTS_PROPERTY_NAME_IS_NULL"));
+                        CMS.getLogMessage(
+                                "CMSCORE_SELFTESTS_PROPERTY_NAME_IS_NULL"));
 
                 throw new EMissingSelfTestException();
             }
 
             if (mSelfTestInstances.containsKey(instanceName)) {
                 ISelfTest test = (ISelfTest)
-                    mSelfTestInstances.get(instanceName);
+                        mSelfTestInstances.get(instanceName);
 
                 try {
                     if (CMS.debugOn()) {
                         CMS.debug("SelfTestSubsystem::runSelfTestsOnDemand():"
-                            + "    running \""
-                            + test.getSelfTestName()
-                            + "\"");
+                                + "    running \""
+                                + test.getSelfTestName()
+                                + "\"");
                     }
 
                     test.runSelfTest(mLogger);
@@ -549,9 +540,9 @@ public class SelfTestSubsystem
                     // Check to see if the self test was critical:
                     if (isSelfTestCriticalOnDemand(instanceName)) {
                         log(mLogger,
-                            CMS.getLogMessage(
-                                "CMSCORE_SELFTESTS_RUN_ON_DEMAND_FAILED",
-                                instanceFullName));
+                                CMS.getLogMessage(
+                                        "CMSCORE_SELFTESTS_RUN_ON_DEMAND_FAILED",
+                                        instanceFullName));
 
                         // shutdown the system gracefully
                         CMS.shutdown();
@@ -562,9 +553,9 @@ public class SelfTestSubsystem
             } else {
                 // self test plugin instance property name is not present
                 log(mLogger,
-                    CMS.getLogMessage(
-                        "CMSCORE_SELFTESTS_PROPERTY_MISSING_NAME",
-                        instanceFullName));
+                        CMS.getLogMessage(
+                                "CMSCORE_SELFTESTS_PROPERTY_MISSING_NAME",
+                                instanceFullName));
 
                 throw new EMissingSelfTestException(instanceFullName);
             }
@@ -572,7 +563,7 @@ public class SelfTestSubsystem
 
         if (CMS.debugOn()) {
             CMS.debug("SelfTestSubsystem::runSelfTestsOnDemand():"
-                + "  EXITING.");
+                    + "  EXITING.");
         }
     }
 
@@ -581,10 +572,10 @@ public class SelfTestSubsystem
     //
 
     /**
-     * List the instance names of all the self tests enabled to run
-     * at server startup (in execution order); may return null.
+     * List the instance names of all the self tests enabled to run at server
+     * startup (in execution order); may return null.
      * <P>
-     *
+     * 
      * @return list of self test instance names run at server startup
      */
     public String[] listSelfTestsEnabledAtStartup() {
@@ -596,7 +587,7 @@ public class SelfTestSubsystem
             mList = new String[numElements];
         } else {
             return null;
-        } 
+        }
 
         // loop through all self test plugin instances
         // specified to be executed at server startup
@@ -606,7 +597,7 @@ public class SelfTestSubsystem
 
         while (instances.hasMoreElements()) {
             SelfTestOrderedInstance instance = (SelfTestOrderedInstance)
-                instances.nextElement();
+                    instances.nextElement();
 
             mList[i] = instance.getSelfTestName();
             if (mList[i] != null) {
@@ -621,24 +612,24 @@ public class SelfTestSubsystem
     /**
      * Enable the specified self test at server startup.
      * <P>
-     *
+     * 
      * @param instanceName instance name of self test
-     * @param isCritical isCritical is either a critical failure (true) or
-     * a non-critical failure (false)
+     * @param isCritical isCritical is either a critical failure (true) or a
+     *            non-critical failure (false)
      * @exception EInvalidSelfTestException subsystem has invalid name/value
      * @exception EMissingSelfTestException subsystem has missing name/value
      */
     public void enableSelfTestAtStartup(String instanceName,
-        boolean isCritical)
-        throws EInvalidSelfTestException, EMissingSelfTestException {
+            boolean isCritical)
+            throws EInvalidSelfTestException, EMissingSelfTestException {
         // strip preceding/trailing whitespace
         // from passed-in String parameters
         if (instanceName != null) {
             instanceName = instanceName.trim();
         } else {
             log(mLogger,
-                CMS.getLogMessage(
-                    "CMSCORE_SELFTESTS_PROPERTY_NAME_IS_NULL"));
+                    CMS.getLogMessage(
+                            "CMSCORE_SELFTESTS_PROPERTY_NAME_IS_NULL"));
 
             throw new EMissingSelfTestException();
         }
@@ -649,7 +640,7 @@ public class SelfTestSubsystem
 
         while (instances.hasMoreElements()) {
             SelfTestOrderedInstance instance = (SelfTestOrderedInstance)
-                instances.nextElement();
+                    instances.nextElement();
 
             if (instanceName.equals(instance.getSelfTestName())) {
                 instance.setSelfTestCriticalMode(isCritical);
@@ -672,8 +663,8 @@ public class SelfTestSubsystem
 
         element = new SelfTestOrderedInstance(elementName);
 
-        // SANITY CHECK:  find the corresponding instance property
-        //                name for this self test plugin
+        // SANITY CHECK: find the corresponding instance property
+        // name for this self test plugin
         checkInstance(element);
 
         // store this self test plugin in startup order
@@ -683,12 +674,12 @@ public class SelfTestSubsystem
     /**
      * Disable the specified self test at server startup.
      * <P>
-     *
+     * 
      * @param instanceName instance name of self test
      * @exception EMissingSelfTestException subsystem has missing name
      */
     public void disableSelfTestAtStartup(String instanceName)
-        throws EMissingSelfTestException {
+            throws EMissingSelfTestException {
         String instanceFullName = null;
 
         // strip preceding/trailing whitespace
@@ -699,8 +690,8 @@ public class SelfTestSubsystem
                         instanceName);
         } else {
             log(mLogger,
-                CMS.getLogMessage(
-                    "CMSCORE_SELFTESTS_PROPERTY_NAME_IS_NULL"));
+                    CMS.getLogMessage(
+                            "CMSCORE_SELFTESTS_PROPERTY_NAME_IS_NULL"));
 
             throw new EMissingSelfTestException();
         }
@@ -711,7 +702,7 @@ public class SelfTestSubsystem
 
         while (instances.hasMoreElements()) {
             SelfTestOrderedInstance instance = (SelfTestOrderedInstance)
-                instances.nextElement();
+                    instances.nextElement();
 
             if (instanceName.equals(instance.getSelfTestName())) {
                 mStartupOrder.remove(instance);
@@ -721,32 +712,32 @@ public class SelfTestSubsystem
 
         // self test plugin instance property name is not present
         log(mLogger,
-            CMS.getLogMessage(
-                "CMSCORE_SELFTESTS_PROPERTY_MISSING_NAME",
-                instanceFullName));
+                CMS.getLogMessage(
+                        "CMSCORE_SELFTESTS_PROPERTY_MISSING_NAME",
+                        instanceFullName));
 
         throw new EMissingSelfTestException(instanceFullName);
     }
 
     /**
-     * Determine if the specified self test is executed automatically
-     * at server startup.
+     * Determine if the specified self test is executed automatically at server
+     * startup.
      * <P>
-     *
+     * 
      * @param instanceName instance name of self test
      * @return true if the specified self test is executed at server startup
      * @exception EMissingSelfTestException subsystem has missing name
      */
     public boolean isSelfTestEnabledAtStartup(String instanceName)
-        throws EMissingSelfTestException {
+            throws EMissingSelfTestException {
         // strip preceding/trailing whitespace
         // from passed-in String parameters
         if (instanceName != null) {
             instanceName = instanceName.trim();
         } else {
             log(mLogger,
-                CMS.getLogMessage(
-                    "CMSCORE_SELFTESTS_PROPERTY_NAME_IS_NULL"));
+                    CMS.getLogMessage(
+                            "CMSCORE_SELFTESTS_PROPERTY_NAME_IS_NULL"));
 
             throw new EMissingSelfTestException();
         }
@@ -757,7 +748,7 @@ public class SelfTestSubsystem
 
         while (instances.hasMoreElements()) {
             SelfTestOrderedInstance instance = (SelfTestOrderedInstance)
-                instances.nextElement();
+                    instances.nextElement();
 
             if (instanceName.equals(instance.getSelfTestName())) {
                 return true;
@@ -768,17 +759,17 @@ public class SelfTestSubsystem
     }
 
     /**
-     * Determine if failure of the specified self test is fatal to
-     * server startup.
+     * Determine if failure of the specified self test is fatal to server
+     * startup.
      * <P>
-     *
+     * 
      * @param instanceName instance name of self test
-     * @return true if failure of the specified self test is fatal to
-     * server startup
+     * @return true if failure of the specified self test is fatal to server
+     *         startup
      * @exception EMissingSelfTestException subsystem has missing name
      */
     public boolean isSelfTestCriticalAtStartup(String instanceName)
-        throws EMissingSelfTestException {
+            throws EMissingSelfTestException {
         String instanceFullName = null;
 
         // strip preceding/trailing whitespace
@@ -789,8 +780,8 @@ public class SelfTestSubsystem
                         instanceName);
         } else {
             log(mLogger,
-                CMS.getLogMessage(
-                    "CMSCORE_SELFTESTS_PROPERTY_NAME_IS_NULL"));
+                    CMS.getLogMessage(
+                            "CMSCORE_SELFTESTS_PROPERTY_NAME_IS_NULL"));
 
             throw new EMissingSelfTestException();
         }
@@ -801,7 +792,7 @@ public class SelfTestSubsystem
 
         while (instances.hasMoreElements()) {
             SelfTestOrderedInstance instance = (SelfTestOrderedInstance)
-                instances.nextElement();
+                    instances.nextElement();
 
             if (instanceName.equals(instance.getSelfTestName())) {
                 if (instance.isSelfTestCritical()) {
@@ -814,9 +805,9 @@ public class SelfTestSubsystem
 
         // self test plugin instance property name is not present
         log(mLogger,
-            CMS.getLogMessage(
-                "CMSCORE_SELFTESTS_PROPERTY_MISSING_NAME",
-                instanceFullName));
+                CMS.getLogMessage(
+                        "CMSCORE_SELFTESTS_PROPERTY_MISSING_NAME",
+                        instanceFullName));
 
         throw new EMissingSelfTestException(instanceFullName);
     }
@@ -824,16 +815,17 @@ public class SelfTestSubsystem
     /**
      * Execute all self tests specified to be run at server startup.
      * <P>
-     *
+     * 
      * <ul>
      * <li>signed.audit LOGGING_SIGNED_AUDIT_SELFTESTS_EXECUTION used when self
      * tests are run at server startup
      * </ul>
+     * 
      * @exception EMissingSelfTestException subsystem has missing name
      * @exception ESelfTestException self test exception
      */
     public void runSelfTestsAtStartup()
-        throws EMissingSelfTestException, ESelfTestException {
+            throws EMissingSelfTestException, ESelfTestException {
         String auditMessage = null;
 
         // ensure that any low-level exceptions are reported
@@ -841,7 +833,7 @@ public class SelfTestSubsystem
         try {
             if (CMS.debugOn()) {
                 CMS.debug("SelfTestSubsystem::runSelfTestsAtStartup():"
-                    + "  ENTERING . . .");
+                        + "  ENTERING . . .");
             }
 
             // loop through all self test plugin instances
@@ -850,7 +842,7 @@ public class SelfTestSubsystem
 
             while (instances.hasMoreElements()) {
                 SelfTestOrderedInstance instance = (SelfTestOrderedInstance)
-                    instances.nextElement();
+                        instances.nextElement();
 
                 String instanceFullName = null;
                 String instanceName = instance.getSelfTestName();
@@ -861,8 +853,8 @@ public class SelfTestSubsystem
                                 instanceName);
                 } else {
                     log(mLogger,
-                        CMS.getLogMessage(
-                            "CMSCORE_SELFTESTS_PROPERTY_NAME_IS_NULL"));
+                            CMS.getLogMessage(
+                                    "CMSCORE_SELFTESTS_PROPERTY_NAME_IS_NULL"));
 
                     // store a message in the signed audit log file
                     auditMessage = CMS.getLogMessage(
@@ -877,14 +869,14 @@ public class SelfTestSubsystem
 
                 if (mSelfTestInstances.containsKey(instanceName)) {
                     ISelfTest test = (ISelfTest)
-                        mSelfTestInstances.get(instanceName);
+                            mSelfTestInstances.get(instanceName);
 
                     try {
                         if (CMS.debugOn()) {
                             CMS.debug("SelfTestSubsystem::runSelfTestsAtStartup():"
-                                + "    running \""
-                                + test.getSelfTestName()
-                                + "\"");
+                                    + "    running \""
+                                    + test.getSelfTestName()
+                                    + "\"");
                         }
 
                         test.runSelfTest(mLogger);
@@ -892,9 +884,9 @@ public class SelfTestSubsystem
                         // Check to see if the self test was critical:
                         if (isSelfTestCriticalAtStartup(instanceName)) {
                             log(mLogger,
-                                CMS.getLogMessage(
-                                    "CMSCORE_SELFTESTS_RUN_AT_STARTUP_FAILED",
-                                    instanceFullName));
+                                    CMS.getLogMessage(
+                                            "CMSCORE_SELFTESTS_RUN_AT_STARTUP_FAILED",
+                                            instanceFullName));
 
                             // store a message in the signed audit log file
                             auditMessage = CMS.getLogMessage(
@@ -913,9 +905,9 @@ public class SelfTestSubsystem
                 } else {
                     // self test plugin instance property name is not present
                     log(mLogger,
-                        CMS.getLogMessage(
-                            "CMSCORE_SELFTESTS_PROPERTY_MISSING_NAME",
-                            instanceFullName));
+                            CMS.getLogMessage(
+                                    "CMSCORE_SELFTESTS_PROPERTY_MISSING_NAME",
+                                    instanceFullName));
 
                     // store a message in the signed audit log file
                     auditMessage = CMS.getLogMessage(
@@ -939,7 +931,7 @@ public class SelfTestSubsystem
 
             if (CMS.debugOn()) {
                 CMS.debug("SelfTestSubsystem::runSelfTestsAtStartup():"
-                    + "  EXITING.");
+                        + "  EXITING.");
             }
         } catch (EMissingSelfTestException eAudit1) {
             // store a message in the signed audit log file
@@ -963,10 +955,10 @@ public class SelfTestSubsystem
     //
 
     /**
-     * Retrieve an individual self test from the instances list
-     * given its instance name.  This method may return null.
+     * Retrieve an individual self test from the instances list given its
+     * instance name. This method may return null.
      * <P>
-     *
+     * 
      * @param instanceName instance name of self test
      * @return individual self test
      */
@@ -998,10 +990,10 @@ public class SelfTestSubsystem
     //
 
     /**
-     * Returns the ILogEventListener of this subsystem.
-     * This method may return null.
+     * Returns the ILogEventListener of this subsystem. This method may return
+     * null.
      * <P>
-     *
+     * 
      * @return ILogEventListener of this subsystem
      */
     public ILogEventListener getSelfTestLogger() {
@@ -1011,7 +1003,7 @@ public class SelfTestSubsystem
     /**
      * This method represents the log interface for the self test subsystem.
      * <P>
-     *
+     * 
      * @param logger log event listener
      * @param msg self test log message
      */
@@ -1027,42 +1019,42 @@ public class SelfTestSubsystem
             ev.setLevel(ILogger.LL_INFO);
             try {
                 logger.log(ev);
-            } catch( ELogException le ) { 
+            } catch (ELogException le) {
                 // log the message to the "transactions" log
                 mErrorLogger.log(ILogger.EV_AUDIT,
-                    null,
-                    ILogger.S_OTHER,
-                    ILogger.LL_INFO,
-                    msg + " - " + le.toString() );
+                        null,
+                        ILogger.S_OTHER,
+                        ILogger.LL_INFO,
+                        msg + " - " + le.toString());
             }
         } else {
             // log the message to the "transactions" log
             mErrorLogger.log(ILogger.EV_AUDIT,
-                null,
-                ILogger.S_OTHER,
-                ILogger.LL_INFO,
-                msg);
+                    null,
+                    ILogger.S_OTHER,
+                    ILogger.LL_INFO,
+                    msg);
         }
     }
 
     /**
-     * Register an individual self test on the instances list AND
-     * on the "on demand" list (note that the specified self test
-     * will be appended to the end of each list).
+     * Register an individual self test on the instances list AND on the
+     * "on demand" list (note that the specified self test will be appended to
+     * the end of each list).
      * <P>
-     *
+     * 
      * @param instanceName instance name of self test
-     * @param isCritical isCritical is either a critical failure (true) or
-     * a non-critical failure (false)
+     * @param isCritical isCritical is either a critical failure (true) or a
+     *            non-critical failure (false)
      * @param instance individual self test
      * @exception EDuplicateSelfTestException subsystem has duplicate name
      * @exception EInvalidSelfTestException subsystem has invalid name/value
      * @exception EMissingSelfTestException subsystem has missing name/value
      */
     public void registerSelfTestOnDemand(String instanceName,
-        boolean isCritical,
-        ISelfTest instance)
-        throws EDuplicateSelfTestException,
+            boolean isCritical,
+            ISelfTest instance)
+            throws EDuplicateSelfTestException,
             EInvalidSelfTestException,
             EMissingSelfTestException {
         String instanceFullName = null;
@@ -1075,8 +1067,8 @@ public class SelfTestSubsystem
                         instanceName);
         } else {
             log(mLogger,
-                CMS.getLogMessage(
-                    "CMSCORE_SELFTESTS_PROPERTY_NAME_IS_NULL"));
+                    CMS.getLogMessage(
+                            "CMSCORE_SELFTESTS_PROPERTY_NAME_IS_NULL"));
 
             throw new EMissingSelfTestException();
         }
@@ -1084,9 +1076,9 @@ public class SelfTestSubsystem
         if (mSelfTestInstances.containsKey(instanceName)) {
             // self test plugin instance property name is a duplicate
             log(mLogger,
-                CMS.getLogMessage(
-                    "CMSCORE_SELFTESTS_PROPERTY_DUPLICATE_NAME",
-                    instanceFullName));
+                    CMS.getLogMessage(
+                            "CMSCORE_SELFTESTS_PROPERTY_DUPLICATE_NAME",
+                            instanceFullName));
 
             throw new EDuplicateSelfTestException(instanceFullName);
         } else {
@@ -1099,16 +1091,16 @@ public class SelfTestSubsystem
     }
 
     /**
-     * Deregister an individual self test on the instances list AND
-     * on the "on demand" list (note that the specified self test
-     * will be removed from each list).
+     * Deregister an individual self test on the instances list AND on the
+     * "on demand" list (note that the specified self test will be removed from
+     * each list).
      * <P>
-     *
+     * 
      * @param instanceName instance name of self test
      * @exception EMissingSelfTestException subsystem has missing name
      */
     public void deregisterSelfTestOnDemand(String instanceName)
-        throws EMissingSelfTestException {
+            throws EMissingSelfTestException {
         String instanceFullName = null;
 
         // strip preceding/trailing whitespace
@@ -1119,8 +1111,8 @@ public class SelfTestSubsystem
                         instanceName);
         } else {
             log(mLogger,
-                CMS.getLogMessage(
-                    "CMSCORE_SELFTESTS_PROPERTY_NAME_IS_NULL"));
+                    CMS.getLogMessage(
+                            "CMSCORE_SELFTESTS_PROPERTY_NAME_IS_NULL"));
 
             throw new EMissingSelfTestException();
         }
@@ -1131,9 +1123,9 @@ public class SelfTestSubsystem
         if (test == null) {
             // self test plugin instance property name is not present
             log(mLogger,
-                CMS.getLogMessage(
-                    "CMSCORE_SELFTESTS_PROPERTY_MISSING_NAME",
-                    instanceFullName));
+                    CMS.getLogMessage(
+                            "CMSCORE_SELFTESTS_PROPERTY_MISSING_NAME",
+                            instanceFullName));
 
             throw new EMissingSelfTestException(instanceFullName);
         } else {
@@ -1146,23 +1138,23 @@ public class SelfTestSubsystem
     }
 
     /**
-     * Register an individual self test on the instances list AND
-     * on the "startup" list (note that the specified self test
-     * will be appended to the end of each list).
+     * Register an individual self test on the instances list AND on the
+     * "startup" list (note that the specified self test will be appended to the
+     * end of each list).
      * <P>
-     *
+     * 
      * @param instanceName instance name of self test
-     * @param isCritical isCritical is either a critical failure (true) or
-     * a non-critical failure (false)
+     * @param isCritical isCritical is either a critical failure (true) or a
+     *            non-critical failure (false)
      * @param instance individual self test
      * @exception EDuplicateSelfTestException subsystem has duplicate name
      * @exception EInvalidSelfTestException subsystem has invalid name/value
      * @exception EMissingSelfTestException subsystem has missing name/value
      */
     public void registerSelfTestAtStartup(String instanceName,
-        boolean isCritical,
-        ISelfTest instance)
-        throws EDuplicateSelfTestException,
+            boolean isCritical,
+            ISelfTest instance)
+            throws EDuplicateSelfTestException,
             EInvalidSelfTestException,
             EMissingSelfTestException {
         String instanceFullName = null;
@@ -1175,8 +1167,8 @@ public class SelfTestSubsystem
                         instanceName);
         } else {
             log(mLogger,
-                CMS.getLogMessage(
-                    "CMSCORE_SELFTESTS_PROPERTY_NAME_IS_NULL"));
+                    CMS.getLogMessage(
+                            "CMSCORE_SELFTESTS_PROPERTY_NAME_IS_NULL"));
 
             throw new EMissingSelfTestException();
         }
@@ -1184,9 +1176,9 @@ public class SelfTestSubsystem
         if (mSelfTestInstances.containsKey(instanceName)) {
             // self test plugin instance property name is a duplicate
             log(mLogger,
-                CMS.getLogMessage(
-                    "CMSCORE_SELFTESTS_PROPERTY_DUPLICATE_NAME",
-                    instanceFullName));
+                    CMS.getLogMessage(
+                            "CMSCORE_SELFTESTS_PROPERTY_DUPLICATE_NAME",
+                            instanceFullName));
 
             throw new EDuplicateSelfTestException(instanceFullName);
         } else {
@@ -1199,16 +1191,16 @@ public class SelfTestSubsystem
     }
 
     /**
-     * Deregister an individual self test on the instances list AND
-     * on the "startup" list (note that the specified self test
-     * will be removed from each list).
+     * Deregister an individual self test on the instances list AND on the
+     * "startup" list (note that the specified self test will be removed from
+     * each list).
      * <P>
-     *
+     * 
      * @param instanceName instance name of self test
      * @exception EMissingSelfTestException subsystem has missing name
      */
     public void deregisterSelfTestAtStartup(String instanceName)
-        throws EMissingSelfTestException {
+            throws EMissingSelfTestException {
         String instanceFullName = null;
 
         // strip preceding/trailing whitespace
@@ -1219,8 +1211,8 @@ public class SelfTestSubsystem
                         instanceName);
         } else {
             log(mLogger,
-                CMS.getLogMessage(
-                    "CMSCORE_SELFTESTS_PROPERTY_NAME_IS_NULL"));
+                    CMS.getLogMessage(
+                            "CMSCORE_SELFTESTS_PROPERTY_NAME_IS_NULL"));
 
             throw new EMissingSelfTestException();
         }
@@ -1231,9 +1223,9 @@ public class SelfTestSubsystem
         if (test == null) {
             // self test plugin instance property name is not present
             log(mLogger,
-                CMS.getLogMessage(
-                    "CMSCORE_SELFTESTS_PROPERTY_MISSING_NAME",
-                    instanceFullName));
+                    CMS.getLogMessage(
+                            "CMSCORE_SELFTESTS_PROPERTY_MISSING_NAME",
+                            instanceFullName));
 
             throw new EMissingSelfTestException(instanceFullName);
         } else {
@@ -1245,15 +1237,15 @@ public class SelfTestSubsystem
         disableSelfTestAtStartup(instanceName);
     }
 
-    ////////////////////////
+    // //////////////////////
     // ISubsystem methods //
-    ////////////////////////
+    // //////////////////////
 
     /**
-     * This method retrieves the name of this subsystem.  This method
-     * may return null.
+     * This method retrieves the name of this subsystem. This method may return
+     * null.
      * <P>
-     *
+     * 
      * @return identification of this subsystem
      */
     public String getId() {
@@ -1263,20 +1255,20 @@ public class SelfTestSubsystem
     /**
      * This method sets information specific to this subsystem.
      * <P>
-     *
+     * 
      * @param id identification of this subsystem
      * @exception EBaseException base CMS exception
      */
     public void setId(String id)
-        throws EBaseException {
+            throws EBaseException {
         // strip preceding/trailing whitespace
         // from passed-in String parameters
         if (id != null) {
             id = id.trim();
         } else {
             log(mLogger,
-                CMS.getLogMessage(
-                    "CMSCORE_SELFTESTS_PROPERTY_NAME_IS_NULL"));
+                    CMS.getLogMessage(
+                            "CMSCORE_SELFTESTS_PROPERTY_NAME_IS_NULL"));
 
             throw new EBaseException("id is null");
         }
@@ -1287,45 +1279,45 @@ public class SelfTestSubsystem
     /**
      * This method initializes this subsystem.
      * <P>
-     *
+     * 
      * @param owner owner of this subsystem
      * @param config configuration store
      * @exception EBaseException base CMS exception
      */
     public void init(ISubsystem owner, IConfigStore config)
-        throws EBaseException {
+            throws EBaseException {
         if (CMS.debugOn()) {
             CMS.debug("SelfTestSubsystem::init():"
-                + "  ENTERING . . .");
+                    + "  ENTERING . . .");
         }
 
-        if( config == null ) {
-            CMS.debug( "SelfTestSubsystem::init() - config is null!" );
-            throw new EBaseException( "config is null" );
+        if (config == null) {
+            CMS.debug("SelfTestSubsystem::init() - config is null!");
+            throw new EBaseException("config is null");
         }
 
         mOwner = owner;
         mConfig = config;
 
         if ((mConfig != null) &&
-            (mConfig.getName() != null) &&
-            (mConfig.getName() != "")) {
+                (mConfig.getName() != null) &&
+                (mConfig.getName() != "")) {
             mRootPrefix = mConfig.getName().trim();
         }
 
         int loadStatus = 0;
 
-        // NOTE:  Obviously, we must load the self test logger parameters
-        //        first, since the "selftests.log" log file does not
-        //        exist until this is accomplished!!!
+        // NOTE: Obviously, we must load the self test logger parameters
+        // first, since the "selftests.log" log file does not
+        // exist until this is accomplished!!!
 
-        ////////////////////////////////////
+        // //////////////////////////////////
         // loggerPropertyName=loggerValue //
-        ////////////////////////////////////
+        // //////////////////////////////////
 
         if (CMS.debugOn()) {
             CMS.debug("SelfTestSubsystem::init():"
-                + "    loading self test logger parameters");
+                    + "    loading self test logger parameters");
         }
 
         String loggerPrefix = null;
@@ -1338,19 +1330,19 @@ public class SelfTestSubsystem
         IConfigStore loggerConfig = mConfig.getSubStore(loggerPath);
 
         if ((loggerConfig != null) &&
-            (loggerConfig.getName() != null) &&
-            (loggerConfig.getName() != "")) {
+                (loggerConfig.getName() != null) &&
+                (loggerConfig.getName() != "")) {
             loggerPrefix = loggerConfig.getName().trim();
         } else {
-            // NOTE:  These messages can only be logged to the "transactions"
-            //        log, since the "selftests.log" will not exist!
+            // NOTE: These messages can only be logged to the "transactions"
+            // log, since the "selftests.log" will not exist!
             log(mLogger,
-                CMS.getLogMessage(
-                    "CMSCORE_SELFTESTS_INITIALIZATION_NOTIFICATION"));
+                    CMS.getLogMessage(
+                            "CMSCORE_SELFTESTS_INITIALIZATION_NOTIFICATION"));
 
             log(mLogger,
-                CMS.getLogMessage(
-                    "CMSCORE_SELFTESTS_PROPERTY_NAME_IS_NULL"));
+                    CMS.getLogMessage(
+                            "CMSCORE_SELFTESTS_PROPERTY_NAME_IS_NULL"));
 
             throw new EMissingSelfTestException();
         }
@@ -1372,34 +1364,33 @@ public class SelfTestSubsystem
                     // self test plugin instance property name exists,
                     // but it contains no value(s)
 
-                    // NOTE:  This message can only be logged to the
-                    //        "transactions" log, since the "selftests.log"
-                    //        will not exist!
+                    // NOTE: This message can only be logged to the
+                    // "transactions" log, since the "selftests.log"
+                    // will not exist!
                     log(mLogger,
-                        CMS.getLogMessage(
-                            "CMSCORE_SELFTESTS_PROPERTY_MISSING_VALUES",
-                            loggerFullName));
+                            CMS.getLogMessage(
+                                    "CMSCORE_SELFTESTS_PROPERTY_MISSING_VALUES",
+                                    loggerFullName));
 
-                    throw new
-                        EMissingSelfTestException(loggerFullName,
+                    throw new EMissingSelfTestException(loggerFullName,
                             loggerValue);
                 }
 
                 Object o = Class.forName(loggerValue).newInstance();
 
                 if (!(o instanceof ILogEventListener)) {
-                    // NOTE:  These messages can only be logged to the
-                    //        "transactions" log, since the "selftests.log"
-                    //        will not exist!
+                    // NOTE: These messages can only be logged to the
+                    // "transactions" log, since the "selftests.log"
+                    // will not exist!
                     log(mLogger,
-                        CMS.getLogMessage(
-                            "CMSCORE_SELFTESTS_INITIALIZATION_NOTIFICATION"));
+                            CMS.getLogMessage(
+                                    "CMSCORE_SELFTESTS_INITIALIZATION_NOTIFICATION"));
 
                     log(mLogger,
-                        CMS.getLogMessage(
-                            "CMSCORE_SELFTESTS_PROPERTY_INVALID_INSTANCE",
-                            loggerFullName,
-                            loggerValue));
+                            CMS.getLogMessage(
+                                    "CMSCORE_SELFTESTS_PROPERTY_INVALID_INSTANCE",
+                                    loggerFullName,
+                                    loggerValue));
 
                     throw new EInvalidSelfTestException(loggerFullName,
                             loggerValue);
@@ -1411,34 +1402,34 @@ public class SelfTestSubsystem
             } catch (EBaseException e) {
                 // self test property name EBaseException
 
-                // NOTE:  These messages can only be logged to the
-                //        "transactions" log, since the "selftests.log"
-                //        will not exist!
+                // NOTE: These messages can only be logged to the
+                // "transactions" log, since the "selftests.log"
+                // will not exist!
                 log(mLogger,
-                    CMS.getLogMessage(
-                        "CMSCORE_SELFTESTS_INITIALIZATION_NOTIFICATION"));
+                        CMS.getLogMessage(
+                                "CMSCORE_SELFTESTS_INITIALIZATION_NOTIFICATION"));
 
                 log(mLogger,
-                    CMS.getLogMessage(
-                        "CMSCORE_SELFTESTS_PROPERTY_THREW_EBASEEXCEPTION",
-                        loggerFullName,
-                        loggerValue));
+                        CMS.getLogMessage(
+                                "CMSCORE_SELFTESTS_PROPERTY_THREW_EBASEEXCEPTION",
+                                loggerFullName,
+                                loggerValue));
 
                 throw new EInvalidSelfTestException(loggerFullName,
                         loggerValue);
             } catch (Exception e) {
-                // NOTE:  These messages can only be logged to the
-                //        "transactions" log, since the "selftests.log"
-                //        will not exist!
+                // NOTE: These messages can only be logged to the
+                // "transactions" log, since the "selftests.log"
+                // will not exist!
                 log(mLogger,
-                    CMS.getLogMessage(
-                        "CMSCORE_SELFTESTS_INITIALIZATION_NOTIFICATION"));
+                        CMS.getLogMessage(
+                                "CMSCORE_SELFTESTS_INITIALIZATION_NOTIFICATION"));
 
                 log(mLogger,
-                    CMS.getLogMessage(
-                        "CMSCORE_SELFTESTS_PROPERTY_THREW_EXCEPTION",
-                        loggerFullName,
-                        loggerValue));
+                        CMS.getLogMessage(
+                                "CMSCORE_SELFTESTS_PROPERTY_THREW_EXCEPTION",
+                                loggerFullName,
+                                loggerValue));
 
                 CMS.debugStackTrace();
 
@@ -1450,33 +1441,33 @@ public class SelfTestSubsystem
         // Barring any exceptions thrown above, we begin logging messages
         // to either the "transactions" log, or the "selftests.log" log.
         if (loadStatus == 0) {
-            // NOTE:  These messages can only be logged to the
-            //        "transactions" log, since the "selftests.log"
-            //        will not exist!
+            // NOTE: These messages can only be logged to the
+            // "transactions" log, since the "selftests.log"
+            // will not exist!
             log(mLogger,
-                CMS.getLogMessage(
-                    "CMSCORE_SELFTESTS_INITIALIZATION_NOTIFICATION"));
+                    CMS.getLogMessage(
+                            "CMSCORE_SELFTESTS_INITIALIZATION_NOTIFICATION"));
 
             log(mLogger,
-                CMS.getLogMessage(
-                    "CMSCORE_SELFTESTS_DONT_LOAD_LOGGER_PARAMETERS"));
+                    CMS.getLogMessage(
+                            "CMSCORE_SELFTESTS_DONT_LOAD_LOGGER_PARAMETERS"));
         } else {
             log(mLogger,
-                CMS.getLogMessage(
-                    "CMSCORE_SELFTESTS_INITIALIZATION_NOTIFICATION"));
+                    CMS.getLogMessage(
+                            "CMSCORE_SELFTESTS_INITIALIZATION_NOTIFICATION"));
 
             log(mLogger,
-                CMS.getLogMessage(
-                    "CMSCORE_SELFTESTS_LOAD_LOGGER_PARAMETERS"));
+                    CMS.getLogMessage(
+                            "CMSCORE_SELFTESTS_LOAD_LOGGER_PARAMETERS"));
         }
 
-        ////////////////////////////////////////
+        // //////////////////////////////////////
         // instancePropertyName=instanceValue //
-        ////////////////////////////////////////
+        // //////////////////////////////////////
 
         if (CMS.debugOn()) {
             CMS.debug("SelfTestSubsystem::init():"
-                + "    loading self test plugins");
+                    + "    loading self test plugins");
         }
 
         // compose self test plugins instance property prefix
@@ -1484,13 +1475,13 @@ public class SelfTestSubsystem
         IConfigStore instanceConfig = mConfig.getSubStore(instancePath);
 
         if ((instanceConfig != null) &&
-            (instanceConfig.getName() != null) &&
-            (instanceConfig.getName() != "")) {
+                (instanceConfig.getName() != null) &&
+                (instanceConfig.getName() != "")) {
             mPrefix = instanceConfig.getName().trim();
         } else {
             log(mLogger,
-                CMS.getLogMessage(
-                    "CMSCORE_SELFTESTS_PROPERTY_NAME_IS_NULL"));
+                    CMS.getLogMessage(
+                            "CMSCORE_SELFTESTS_PROPERTY_NAME_IS_NULL"));
 
             throw new EMissingSelfTestException();
         }
@@ -1499,12 +1490,12 @@ public class SelfTestSubsystem
 
         if (instances.hasMoreElements()) {
             loadStatus++;
-  
+
             log(mLogger,
-                CMS.getLogMessage("CMSCORE_SELFTESTS_LOAD_PLUGINS"));
+                    CMS.getLogMessage("CMSCORE_SELFTESTS_LOAD_PLUGINS"));
         } else {
             log(mLogger,
-                CMS.getLogMessage("CMSCORE_SELFTESTS_DONT_LOAD_PLUGINS"));
+                    CMS.getLogMessage("CMSCORE_SELFTESTS_DONT_LOAD_PLUGINS"));
         }
 
         // load all self test plugin instances
@@ -1522,8 +1513,8 @@ public class SelfTestSubsystem
                             instanceName);
             } else {
                 log(mLogger,
-                    CMS.getLogMessage(
-                        "CMSCORE_SELFTESTS_PROPERTY_NAME_IS_NULL"));
+                        CMS.getLogMessage(
+                                "CMSCORE_SELFTESTS_PROPERTY_NAME_IS_NULL"));
 
                 throw new EMissingSelfTestException();
             }
@@ -1531,9 +1522,9 @@ public class SelfTestSubsystem
             if (mSelfTestInstances.containsKey(instanceName)) {
                 // self test plugin instance property name is a duplicate
                 log(mLogger,
-                    CMS.getLogMessage(
-                        "CMSCORE_SELFTESTS_PROPERTY_DUPLICATE_NAME",
-                        instanceFullName));
+                        CMS.getLogMessage(
+                                "CMSCORE_SELFTESTS_PROPERTY_DUPLICATE_NAME",
+                                instanceFullName));
 
                 throw new EDuplicateSelfTestException(instanceFullName);
             }
@@ -1547,21 +1538,20 @@ public class SelfTestSubsystem
                     // self test plugin instance property name exists,
                     // but it contains no value(s)
                     log(mLogger,
-                        CMS.getLogMessage(
-                            "CMSCORE_SELFTESTS_PROPERTY_MISSING_VALUES",
-                            instanceFullName));
+                            CMS.getLogMessage(
+                                    "CMSCORE_SELFTESTS_PROPERTY_MISSING_VALUES",
+                                    instanceFullName));
 
-                    throw new
-                        EMissingSelfTestException(instanceFullName,
+                    throw new EMissingSelfTestException(instanceFullName,
                             instanceValue);
                 }
             } catch (EBaseException e) {
                 // self test property name EBaseException
                 log(mLogger,
-                    CMS.getLogMessage(
-                        "CMSCORE_SELFTESTS_PROPERTY_THREW_EBASEEXCEPTION",
-                        instanceFullName,
-                        instanceValue));
+                        CMS.getLogMessage(
+                                "CMSCORE_SELFTESTS_PROPERTY_THREW_EBASEEXCEPTION",
+                                instanceFullName,
+                                instanceValue));
 
                 throw new EInvalidSelfTestException(instanceFullName,
                         instanceValue);
@@ -1575,20 +1565,20 @@ public class SelfTestSubsystem
 
                 if (!(o instanceof ISelfTest)) {
                     log(mLogger,
-                        CMS.getLogMessage(
-                            "CMSCORE_SELFTESTS_PROPERTY_INVALID_INSTANCE",
-                            instanceFullName,
-                            instanceValue));
+                            CMS.getLogMessage(
+                                    "CMSCORE_SELFTESTS_PROPERTY_INVALID_INSTANCE",
+                                    instanceFullName,
+                                    instanceValue));
 
                     throw new EInvalidSelfTestException(instanceFullName,
                             instanceValue);
                 }
             } catch (Exception e) {
                 log(mLogger,
-                    CMS.getLogMessage(
-                        "CMSCORE_SELFTESTS_PROPERTY_THREW_EXCEPTION",
-                        instanceFullName,
-                        instanceValue));
+                        CMS.getLogMessage(
+                                "CMSCORE_SELFTESTS_PROPERTY_THREW_EXCEPTION",
+                                instanceFullName,
+                                instanceValue));
 
                 CMS.debugStackTrace();
 
@@ -1603,12 +1593,12 @@ public class SelfTestSubsystem
 
                     if (CMS.debugOn()) {
                         CMS.debug("SelfTestSubsystem::init():"
-                            + "    loading self test plugin parameters");
+                                + "    loading self test plugin parameters");
                     }
 
                     log(mLogger,
-                        CMS.getLogMessage(
-                            "CMSCORE_SELFTESTS_LOAD_PLUGIN_PARAMETERS"));
+                            CMS.getLogMessage(
+                                    "CMSCORE_SELFTESTS_LOAD_PLUGIN_PARAMETERS"));
                 }
 
                 ISelfTest test = (ISelfTest) o;
@@ -1619,44 +1609,44 @@ public class SelfTestSubsystem
                 mSelfTestInstances.put(instanceName, test);
             } catch (EDuplicateSelfTestException e) {
                 log(mLogger,
-                    CMS.getLogMessage(
-                        "CMSCORE_SELFTESTS_PLUGIN_DUPLICATE_PARAMETER",
-                        instanceFullName,
-                        e.getInstanceParameter()));
+                        CMS.getLogMessage(
+                                "CMSCORE_SELFTESTS_PLUGIN_DUPLICATE_PARAMETER",
+                                instanceFullName,
+                                e.getInstanceParameter()));
 
                 throw e;
             } catch (EMissingSelfTestException e) {
                 log(mLogger,
-                    CMS.getLogMessage(
-                        "CMSCORE_SELFTESTS_PLUGIN_MISSING_PARAMETER",
-                        instanceFullName,
-                        e.getInstanceParameter()));
+                        CMS.getLogMessage(
+                                "CMSCORE_SELFTESTS_PLUGIN_MISSING_PARAMETER",
+                                instanceFullName,
+                                e.getInstanceParameter()));
 
                 throw e;
             } catch (EInvalidSelfTestException e) {
                 log(mLogger,
-                    CMS.getLogMessage(
-                        "CMSCORE_SELFTESTS_PLUGIN_INVALID_PARAMETER",
-                        instanceFullName,
-                        e.getInstanceParameter()));
+                        CMS.getLogMessage(
+                                "CMSCORE_SELFTESTS_PLUGIN_INVALID_PARAMETER",
+                                instanceFullName,
+                                e.getInstanceParameter()));
 
                 throw e;
             }
         }
 
-        //////////////////////////////////////////////////////////
+        // ////////////////////////////////////////////////////////
         // onDemandOrderPropertyName=onDemandOrderValue1, . . . //
-        //////////////////////////////////////////////////////////
+        // ////////////////////////////////////////////////////////
 
         if (CMS.debugOn()) {
             CMS.debug("SelfTestSubsystem::init():"
-                + "    loading on demand self tests");
+                    + "    loading on demand self tests");
         }
 
         // compose self test plugins on-demand ordering property name
         String onDemandOrderName = PROP_CONTAINER + "."
-            + PROP_ORDER + "."
-            + PROP_ON_DEMAND;
+                + PROP_ORDER + "."
+                + PROP_ON_DEMAND;
         String onDemandOrderFullName = getFullName(mRootPrefix,
                 onDemandOrderName);
         String onDemandOrderValues = null;
@@ -1672,23 +1662,23 @@ public class SelfTestSubsystem
             loadStatus++;
 
             log(mLogger,
-                CMS.getLogMessage(
-                    "CMSCORE_SELFTESTS_LOAD_PLUGINS_ON_DEMAND"));
+                    CMS.getLogMessage(
+                            "CMSCORE_SELFTESTS_LOAD_PLUGINS_ON_DEMAND"));
 
             if ((onDemandOrderValues == null) ||
-                (onDemandOrderValues.equals(""))) {
+                    (onDemandOrderValues.equals(""))) {
                 // self test plugins on-demand ordering property name
                 // exists, but it contains no values, which means that
                 // no self tests are configured to run on-demand
-                if( ( onDemandOrderFullName != null ) &&
-                    ( !onDemandOrderFullName.equals( "" ) ) ) {
+                if ((onDemandOrderFullName != null) &&
+                        (!onDemandOrderFullName.equals(""))) {
                     log(mLogger,
-                        CMS.getLogMessage(
-                            "CMSCORE_SELFTESTS_MISSING_ON_DEMAND_VALUES",
-                            onDemandOrderFullName));
+                            CMS.getLogMessage(
+                                    "CMSCORE_SELFTESTS_MISSING_ON_DEMAND_VALUES",
+                                    onDemandOrderFullName));
                 }
-                throw new EBaseException( "onDemandOrderValues is null "
-                                        + "or empty" );
+                throw new EBaseException("onDemandOrderValues is null "
+                                        + "or empty");
             }
 
             StringTokenizer tokens = new StringTokenizer(onDemandOrderValues,
@@ -1701,8 +1691,8 @@ public class SelfTestSubsystem
                 element = new SelfTestOrderedInstance(
                             tokens.nextToken().trim());
 
-                // SANITY CHECK:  find the corresponding instance property
-                //                name for this self test plugin
+                // SANITY CHECK: find the corresponding instance property
+                // name for this self test plugin
                 checkInstance(element);
 
                 // store this self test plugin in on-demand order
@@ -1715,35 +1705,35 @@ public class SelfTestSubsystem
 
             // presently, we merely log this fact
             log(mLogger,
-                CMS.getLogMessage(
-                    "CMSCORE_SELFTESTS_DONT_LOAD_PLUGINS_ON_DEMAND"));
+                    CMS.getLogMessage(
+                            "CMSCORE_SELFTESTS_DONT_LOAD_PLUGINS_ON_DEMAND"));
 
             // throw new EMissingSelfTestException( onDemandOrderFullName );
         } catch (EBaseException e) {
             // self test property name EBaseException
             log(mLogger,
-                CMS.getLogMessage(
-                    "CMSCORE_SELFTESTS_PROPERTY_THREW_EBASEEXCEPTION",
-                    onDemandOrderFullName,
-                    onDemandOrderValues));
+                    CMS.getLogMessage(
+                            "CMSCORE_SELFTESTS_PROPERTY_THREW_EBASEEXCEPTION",
+                            onDemandOrderFullName,
+                            onDemandOrderValues));
 
             throw new EInvalidSelfTestException(onDemandOrderFullName,
                     onDemandOrderValues);
         }
 
-        ////////////////////////////////////////////////////////
+        // //////////////////////////////////////////////////////
         // startupOrderPropertyName=startupOrderValue1, . . . //
-        ////////////////////////////////////////////////////////
+        // //////////////////////////////////////////////////////
 
         if (CMS.debugOn()) {
             CMS.debug("SelfTestSubsystem::init():"
-                + "    loading startup self tests");
+                    + "    loading startup self tests");
         }
 
         // compose self test plugins startup ordering property name
         String startupOrderName = PROP_CONTAINER + "."
-            + PROP_ORDER + "."
-            + PROP_STARTUP;
+                + PROP_ORDER + "."
+                + PROP_STARTUP;
         String startupOrderFullName = getFullName(mRootPrefix,
                 startupOrderName);
         String startupOrderValues = null;
@@ -1759,20 +1749,20 @@ public class SelfTestSubsystem
             loadStatus++;
 
             log(mLogger,
-                CMS.getLogMessage(
-                    "CMSCORE_SELFTESTS_LOAD_PLUGINS_AT_STARTUP"));
+                    CMS.getLogMessage(
+                            "CMSCORE_SELFTESTS_LOAD_PLUGINS_AT_STARTUP"));
 
             if ((startupOrderValues == null) ||
-                (startupOrderValues.equals(""))) {
+                    (startupOrderValues.equals(""))) {
                 // self test plugins startup ordering property name
                 // exists, but it contains no values, which means that
                 // no self tests are configured to run at server startup
-                if( ( startupOrderFullName != null ) &&
-                    ( !startupOrderFullName.equals( "" ) ) ) {
+                if ((startupOrderFullName != null) &&
+                        (!startupOrderFullName.equals(""))) {
                     log(mLogger,
-                        CMS.getLogMessage(
-                            "CMSCORE_SELFTESTS_MISSING_STARTUP_VALUES",
-                            startupOrderFullName));
+                            CMS.getLogMessage(
+                                    "CMSCORE_SELFTESTS_MISSING_STARTUP_VALUES",
+                                    startupOrderFullName));
                 }
             }
 
@@ -1786,8 +1776,8 @@ public class SelfTestSubsystem
                 element = new SelfTestOrderedInstance(
                             tokens.nextToken().trim());
 
-                // SANITY CHECK:  find the corresponding instance property
-                //                name for this self test plugin
+                // SANITY CHECK: find the corresponding instance property
+                // name for this self test plugin
                 checkInstance(element);
 
                 // store this self test plugin in startup order
@@ -1800,17 +1790,17 @@ public class SelfTestSubsystem
 
             // presently, we merely log this fact
             log(mLogger,
-                CMS.getLogMessage(
-                    "CMSCORE_SELFTESTS_DONT_LOAD_PLUGINS_AT_STARTUP"));
+                    CMS.getLogMessage(
+                            "CMSCORE_SELFTESTS_DONT_LOAD_PLUGINS_AT_STARTUP"));
 
             // throw new EMissingSelfTestException( startupOrderFullName );
         } catch (EBaseException e) {
             // self test property name EBaseException
             log(mLogger,
-                CMS.getLogMessage(
-                    "CMSCORE_SELFTESTS_PROPERTY_THREW_EBASEEXCEPTION",
-                    startupOrderFullName,
-                    startupOrderValues));
+                    CMS.getLogMessage(
+                            "CMSCORE_SELFTESTS_PROPERTY_THREW_EBASEEXCEPTION",
+                            startupOrderFullName,
+                            startupOrderValues));
 
             throw new EInvalidSelfTestException(startupOrderFullName,
                     startupOrderValues);
@@ -1819,28 +1809,28 @@ public class SelfTestSubsystem
         // notify user whether or not self test plugins have been loaded
         if (loadStatus == 0) {
             log(mLogger,
-                CMS.getLogMessage(
-                    "CMSCORE_SELFTESTS_PLUGINS_NONE_LOADED"));
+                    CMS.getLogMessage(
+                            "CMSCORE_SELFTESTS_PLUGINS_NONE_LOADED"));
         } else {
             log(mLogger,
-                CMS.getLogMessage(
-                    "CMSCORE_SELFTESTS_PLUGINS_LOADED"));
+                    CMS.getLogMessage(
+                            "CMSCORE_SELFTESTS_PLUGINS_LOADED"));
         }
 
         if (CMS.debugOn()) {
             CMS.debug("SelfTestSubsystem::init():"
-                + "  EXITING.");
+                    + "  EXITING.");
         }
     }
 
     /**
      * Notifies this subsystem if owner is in running mode.
      * <P>
-     *
+     * 
      * @exception EBaseException base CMS exception
      */
     public void startup()
-        throws EBaseException {
+            throws EBaseException {
         // loop through all self test plugin instances
         Enumeration<ISelfTest> instances = mSelfTestInstances.elements();
 
@@ -1857,8 +1847,8 @@ public class SelfTestSubsystem
             if (selftests.hasMoreElements()) {
                 // log that execution of startup self tests has begun
                 log(mLogger,
-                    CMS.getLogMessage(
-                        "CMSCORE_SELFTESTS_RUN_AT_STARTUP"));
+                        CMS.getLogMessage(
+                                "CMSCORE_SELFTESTS_RUN_AT_STARTUP"));
 
                 // execute all startup self tests
                 runSelfTestsAtStartup();
@@ -1866,24 +1856,24 @@ public class SelfTestSubsystem
                 // log that execution of all "critical" startup self tests
                 // has completed "successfully"
                 log(mLogger,
-                    CMS.getLogMessage(
-                        "CMSCORE_SELFTESTS_RUN_AT_STARTUP_SUCCEEDED"));
+                        CMS.getLogMessage(
+                                "CMSCORE_SELFTESTS_RUN_AT_STARTUP_SUCCEEDED"));
             } else {
                 log(mLogger,
-                    CMS.getLogMessage(
-                        "CMSCORE_SELFTESTS_NOT_RUN_AT_STARTUP"));
+                        CMS.getLogMessage(
+                                "CMSCORE_SELFTESTS_NOT_RUN_AT_STARTUP"));
             }
         }
     }
 
     /**
-     * Stops this subsystem. The owner may call shutdown
-     * anytime after initialization.
+     * Stops this subsystem. The owner may call shutdown anytime after
+     * initialization.
      * <P>
      */
     public void shutdown() {
         // reverse order of all self test plugin instances
-        Collection<ISelfTest>  collection = mSelfTestInstances.values();
+        Collection<ISelfTest> collection = mSelfTestInstances.values();
         Vector<ISelfTest> list = new Vector<ISelfTest>(collection);
 
         Collections.reverse(list);
@@ -1899,14 +1889,13 @@ public class SelfTestSubsystem
     }
 
     /**
-     * Returns the root configuration storage of this subsystem.
-     * This method may return null.
+     * Returns the root configuration storage of this subsystem. This method may
+     * return null.
      * <P>
-     *
+     * 
      * @return configuration store of this subsystem
      */
     public IConfigStore getConfigStore() {
         return mConfig;
     }
 }
-
diff --git a/pki/base/common/src/com/netscape/cmscore/time/SimpleTimeSource.java b/pki/base/common/src/com/netscape/cmscore/time/SimpleTimeSource.java
index 082ae4be..ab832b7c 100644
--- a/pki/base/common/src/com/netscape/cmscore/time/SimpleTimeSource.java
+++ b/pki/base/common/src/com/netscape/cmscore/time/SimpleTimeSource.java
@@ -17,12 +17,10 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cmscore.time;
 
-
 import java.util.Date;
 
 import com.netscape.certsrv.base.ITimeSource;
 
-
 public class SimpleTimeSource implements ITimeSource {
 
     public Date getCurrentDate() {
diff --git a/pki/base/common/src/com/netscape/cmscore/usrgrp/CertDNCertUserLocator.java b/pki/base/common/src/com/netscape/cmscore/usrgrp/CertDNCertUserLocator.java
index 4bf348ff..3211be7f 100644
--- a/pki/base/common/src/com/netscape/cmscore/usrgrp/CertDNCertUserLocator.java
+++ b/pki/base/common/src/com/netscape/cmscore/usrgrp/CertDNCertUserLocator.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cmscore.usrgrp;
 
-
 import java.security.cert.X509Certificate;
 
 import netscape.ldap.LDAPException;
@@ -30,13 +29,11 @@ import com.netscape.certsrv.usrgrp.ICertUserLocator;
 import com.netscape.certsrv.usrgrp.IUGSubsystem;
 import com.netscape.certsrv.usrgrp.IUser;
 
-
 /**
- * This interface defines a strategy on how to match
- * the incoming certificate(s) with the certificate(s)
- * in the scope.  It matches the "certdn" field which contains
- * the subject dn of the certificate
- *
+ * This interface defines a strategy on how to match the incoming certificate(s)
+ * with the certificate(s) in the scope. It matches the "certdn" field which
+ * contains the subject dn of the certificate
+ * 
  * @author cfu
  * @version $Revision$, $Date$
  */
@@ -54,9 +51,9 @@ public class CertDNCertUserLocator implements ICertUserLocator {
      * Retrieves description.
      */
     public String getDescription() {
-        return "A subject is authenticated if its first" + 
-            " certificate can be matched with one of the" +
-            " certificate in the scope";
+        return "A subject is authenticated if its first" +
+                " certificate can be matched with one of the" +
+                " certificate in the scope";
     }
 
     /**
@@ -72,7 +69,7 @@ public class CertDNCertUserLocator implements ICertUserLocator {
             return null;
 
         String filter = LDAP_ATTR_CERTDN + "=" +
-            certificates[0].getSubjectDN();
+                certificates[0].getSubjectDN();
 
         return mUG.findUsersByCert(filter);
     }
diff --git a/pki/base/common/src/com/netscape/cmscore/usrgrp/ExactMatchCertUserLocator.java b/pki/base/common/src/com/netscape/cmscore/usrgrp/ExactMatchCertUserLocator.java
index a7aeeb1e..1aecc786 100644
--- a/pki/base/common/src/com/netscape/cmscore/usrgrp/ExactMatchCertUserLocator.java
+++ b/pki/base/common/src/com/netscape/cmscore/usrgrp/ExactMatchCertUserLocator.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cmscore.usrgrp;
 
-
 import java.security.cert.X509Certificate;
 
 import netscape.ldap.LDAPException;
@@ -30,13 +29,11 @@ import com.netscape.certsrv.usrgrp.ICertUserLocator;
 import com.netscape.certsrv.usrgrp.IUGSubsystem;
 import com.netscape.certsrv.usrgrp.IUser;
 
-
 /**
- * This interface defines a strategy on how to match
- * the incoming certificate(s) with the certificate(s)
- * in the scope.  It matches the "description" field which contains a
- * stringied certificate.
- *
+ * This interface defines a strategy on how to match the incoming certificate(s)
+ * with the certificate(s) in the scope. It matches the "description" field
+ * which contains a stringied certificate.
+ * 
  * @author thomask
  * @author cfu
  * @version $Revision$, $Date$
@@ -54,9 +51,9 @@ public class ExactMatchCertUserLocator implements ICertUserLocator {
      * Retrieves description.
      */
     public String getDescription() {
-        return "A subject is authenticated if its first" + 
-            " certificate can be matched with one of the" +
-            " certificate in the scope";
+        return "A subject is authenticated if its first" +
+                " certificate can be matched with one of the" +
+                " certificate in the scope";
     }
 
     /**
@@ -78,7 +75,7 @@ public class ExactMatchCertUserLocator implements ICertUserLocator {
         }
 
         String filter = "description=" +
-            mUG.getCertificateString(certificates[pos]);
+                mUG.getCertificateString(certificates[pos]);
 
         return mUG.findUsersByCert(filter);
     }
diff --git a/pki/base/common/src/com/netscape/cmscore/usrgrp/Group.java b/pki/base/common/src/com/netscape/cmscore/usrgrp/Group.java
index d91eedf9..eee2afb4 100644
--- a/pki/base/common/src/com/netscape/cmscore/usrgrp/Group.java
+++ b/pki/base/common/src/com/netscape/cmscore/usrgrp/Group.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cmscore.usrgrp;
 
-
 import java.util.Enumeration;
 import java.util.Vector;
 
@@ -26,10 +25,9 @@ import com.netscape.certsrv.base.EBaseException;
 import com.netscape.certsrv.usrgrp.IGroup;
 import com.netscape.certsrv.usrgrp.IUsrGrp;
 
-
 /**
  * A class represents a group.
- *
+ * 
  * @author cfu
  * @version $Revision$, $Date$
  */
@@ -91,7 +89,7 @@ public class Group implements IGroup {
     }
 
     @SuppressWarnings("unchecked")
-	public void set(String name, Object object) throws EBaseException {
+    public void set(String name, Object object) throws EBaseException {
         if (name.equals(ATTR_NAME)) {
             throw new EBaseException(CMS.getUserMessage("CMS_BASE_INVALID_ATTRIBUTE", name));
         } else if (name.equals(ATTR_ID)) {
diff --git a/pki/base/common/src/com/netscape/cmscore/usrgrp/UGSubsystem.java b/pki/base/common/src/com/netscape/cmscore/usrgrp/UGSubsystem.java
index 6b25410e..3d63144d 100644
--- a/pki/base/common/src/com/netscape/cmscore/usrgrp/UGSubsystem.java
+++ b/pki/base/common/src/com/netscape/cmscore/usrgrp/UGSubsystem.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cmscore.usrgrp;
 
-
 import java.security.cert.CertificateEncodingException;
 import java.security.cert.X509Certificate;
 import java.util.Enumeration;
@@ -53,12 +52,10 @@ import com.netscape.certsrv.usrgrp.IUsrGrp;
 import com.netscape.cmscore.ldapconn.LdapBoundConnFactory;
 import com.netscape.cmscore.util.Debug;
 
-
 /**
- * This class defines low-level LDAP usr/grp management
- * usr/grp information is located remotely on another
- * LDAP server.
- *
+ * This class defines low-level LDAP usr/grp management usr/grp information is
+ * located remotely on another LDAP server.
+ * 
  * @author thomask
  * @author cfu
  * @version $Revision$, $Date$
@@ -74,7 +71,7 @@ public final class UGSubsystem implements IUGSubsystem {
     protected static final String GROUP_ATTR_VALUE = "groupofuniquenames";
 
     protected static final String LDAP_ATTR_USER_CERT_STRING = "description";
-    //	protected static final String LDAP_ATTR_CERTDN = "seeAlso";
+    // protected static final String LDAP_ATTR_CERTDN = "seeAlso";
     protected static final String LDAP_ATTR_USER_CERT = "userCertificate";
 
     protected static final String PROP_BASEDN = "basedn";
@@ -122,8 +119,8 @@ public final class UGSubsystem implements IUGSubsystem {
     /**
      * Connects to LDAP server.
      */
-    public void init(ISubsystem owner, IConfigStore config) 
-        throws EBaseException {
+    public void init(ISubsystem owner, IConfigStore config)
+            throws EBaseException {
         mLogger = CMS.getLogger();
         mConfig = config;
 
@@ -150,7 +147,7 @@ public final class UGSubsystem implements IUGSubsystem {
         // register admin servlet
 
     }
-	
+
     /**
      * Disconnects usr/grp manager from the LDAP
      */
@@ -164,7 +161,7 @@ public final class UGSubsystem implements IUGSubsystem {
             log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_USRGRP_LDAP_SHUT", e.toString()));
         }
     }
-	
+
     public IUser createUser(String id) {
         return new User(this, id);
     }
@@ -212,16 +209,16 @@ public final class UGSubsystem implements IUGSubsystem {
                 try {
                     ldapconn = getConn();
                     // read DN
-                    LDAPSearchResults res = 
-                        ldapconn.search(userid,
-                            LDAPv2.SCOPE_SUB, "(objectclass=*)", null, false);
+                    LDAPSearchResults res =
+                            ldapconn.search(userid,
+                                    LDAPv2.SCOPE_SUB, "(objectclass=*)", null, false);
                     Enumeration<IUser> e = buildUsers(res);
 
                     if (e.hasMoreElements()) {
                         return (IUser) e.nextElement();
                     }
                 } finally {
-                    if (ldapconn != null) 
+                    if (ldapconn != null)
                         returnConn(ldapconn);
                 }
             }
@@ -245,9 +242,9 @@ public final class UGSubsystem implements IUGSubsystem {
         try {
             ldapconn = getConn();
             String filter = LDAP_ATTR_USER_CERT_STRING + "=" + getCertificateString(cert);
-            LDAPSearchResults res = 
-                ldapconn.search(getUserBaseDN(),
-                    LDAPConnection.SCOPE_SUB, filter, null, false);
+            LDAPSearchResults res =
+                    ldapconn.search(getUserBaseDN(),
+                            LDAPConnection.SCOPE_SUB, filter, null, false);
             Enumeration<IUser> e = buildUsers(res);
 
             return (User) e.nextElement();
@@ -259,20 +256,20 @@ public final class UGSubsystem implements IUGSubsystem {
             }
             log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_USRGRP_FIND_USER", e.toString()));
         } catch (ELdapException e) {
-            String errMsg = 
-                "find User: Could not get connection to internaldb. Error " + e;
+            String errMsg =
+                    "find User: Could not get connection to internaldb. Error " + e;
 
             log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_USRGRP_INTERNAL_DB", e.toString()));
         } finally {
-            if (ldapconn != null) 
+            if (ldapconn != null)
                 returnConn(ldapconn);
         }
         return null;
     }
 
     /**
-     * Searchs for identities that matches the certificate locater
-     *	 generated filter.
+     * Searchs for identities that matches the certificate locater generated
+     * filter.
      */
     public IUser findUsersByCert(String filter) throws
             EUsrGrpException, LDAPException {
@@ -290,8 +287,9 @@ public final class UGSubsystem implements IUGSubsystem {
 
             hasSlash = up.indexOf('\\');
             while (hasSlash != -1) {
-                stripped += up.substring(0, hasSlash) + 
-                        "\\5c";;
+                stripped += up.substring(0, hasSlash) +
+                        "\\5c";
+                ;
                 up = up.substring(hasSlash + 1);
                 hasSlash = up.indexOf('\\');
             }
@@ -303,7 +301,7 @@ public final class UGSubsystem implements IUGSubsystem {
         try {
             ldapconn = getConn();
             LDAPSearchResults res = ldapconn.search(getUserBaseDN(),
-                    LDAPv2.SCOPE_SUB, "(" + filter + ")", 
+                    LDAPv2.SCOPE_SUB, "(" + filter + ")",
                     null, false);
 
             Enumeration<IUser> e = buildUsers(res);
@@ -317,13 +315,13 @@ public final class UGSubsystem implements IUGSubsystem {
             }
             log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_USRGRP_FIND_USER_BY_CERT", e.toString()));
         } catch (ELdapException e) {
-            String errMsg = 
-                "find Users By Cert: " +
-                "Could not get connection to internaldb. Error " + e;
+            String errMsg =
+                    "find Users By Cert: " +
+                            "Could not get connection to internaldb. Error " + e;
 
             log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_USRGRP_FIND_USER_BY_CERT", e.toString()));
         } finally {
-            if (ldapconn != null) 
+            if (ldapconn != null)
                 returnConn(ldapconn);
         }
 
@@ -343,7 +341,7 @@ public final class UGSubsystem implements IUGSubsystem {
         try {
             ldapconn = getConn();
             LDAPSearchResults res = ldapconn.search(getUserBaseDN(),
-                    LDAPv2.SCOPE_SUB, "(uid=" + filter + ")", 
+                    LDAPv2.SCOPE_SUB, "(uid=" + filter + ")",
                     null, false);
 
             Enumeration<IUser> e = buildUsers(res);
@@ -357,12 +355,12 @@ public final class UGSubsystem implements IUGSubsystem {
             }
             log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_USRGRP_FIND_USERS", e.toString()));
         } catch (ELdapException e) {
-            String errMsg = 
-                "find Users: Could not get connection to internaldb. Error " + e;
+            String errMsg =
+                    "find Users: Could not get connection to internaldb. Error " + e;
 
             log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_USRGRP_FIND_USERS", e.toString()));
         } finally {
-            if (ldapconn != null) 
+            if (ldapconn != null)
                 returnConn(ldapconn);
         }
 
@@ -370,8 +368,8 @@ public final class UGSubsystem implements IUGSubsystem {
     }
 
     /**
-     * Searchs for identities that matches the filter.
-     * retrieves uid only, for efficiency of user listing
+     * Searchs for identities that matches the filter. retrieves uid only, for
+     * efficiency of user listing
      */
     public Enumeration<IUser> listUsers(String filter) throws EUsrGrpException {
         if (filter == null) {
@@ -447,11 +445,12 @@ public final class UGSubsystem implements IUGSubsystem {
     }
 
     /**
-     * builds a User instance.  Sets only uid for user entry retrieved
-     * from LDAP server.  for listing efficiency only.
+     * builds a User instance. Sets only uid for user entry retrieved from LDAP
+     * server. for listing efficiency only.
+     * 
      * @return the User entity.
      */
-    protected IUser lbuildUser(LDAPEntry entry) throws EUsrGrpException {	
+    protected IUser lbuildUser(LDAPEntry entry) throws EUsrGrpException {
         IUser id = createUser(this, (String)
                 entry.getAttribute("uid").getStringValues().nextElement());
         LDAPAttribute cnAttr = entry.getAttribute("cn");
@@ -462,16 +461,16 @@ public final class UGSubsystem implements IUGSubsystem {
             if (cn != null) {
                 id.setFullName(cn);
             }
-            
+
         }
 
         LDAPAttribute certAttr =
-            entry.getAttribute(LDAP_ATTR_USER_CERT);
+                entry.getAttribute(LDAP_ATTR_USER_CERT);
 
         if (certAttr != null) {
             Vector<X509Certificate> certVector = new Vector<X509Certificate>();
             @SuppressWarnings("unchecked")
-			Enumeration<byte[]> e = certAttr.getByteValues();
+            Enumeration<byte[]> e = certAttr.getByteValues();
 
             try {
                 for (; e != null && e.hasMoreElements();) {
@@ -503,8 +502,9 @@ public final class UGSubsystem implements IUGSubsystem {
     }
 
     /**
-     * builds a User instance.  Set all attributes retrieved from
-     * LDAP server and set them on User.
+     * builds a User instance. Set all attributes retrieved from LDAP server and
+     * set them on User.
+     * 
      * @return the User entity.
      */
     protected IUser buildUser(LDAPEntry entry) throws EUsrGrpException {
@@ -524,9 +524,9 @@ public final class UGSubsystem implements IUGSubsystem {
 
         if (userdn != null) {
             id.setUserDN(userdn);
-        } else {  // the impossible
+        } else { // the impossible
             String errMsg = "buildUser(): user DN not found: " +
-                userdn;
+                    userdn;
 
             log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_USRGRP_BUILD_USER"));
 
@@ -534,22 +534,19 @@ public final class UGSubsystem implements IUGSubsystem {
         }
 
         /*
-         LDAPAttribute certdnAttr = entry.getAttribute(LDAP_ATTR_CERTDN);
-         if (certdnAttr != null) {
-         String cdn = (String)certdnAttr.getStringValues().nextElement();
-         if (cdn != null) {
-         id.setCertDN(cdn);
-         }
-         }
+         * LDAPAttribute certdnAttr = entry.getAttribute(LDAP_ATTR_CERTDN); if
+         * (certdnAttr != null) { String cdn =
+         * (String)certdnAttr.getStringValues().nextElement(); if (cdn != null)
+         * { id.setCertDN(cdn); } }
          */
         LDAPAttribute mailAttr = entry.getAttribute("mail");
 
         if (mailAttr != null) {
             @SuppressWarnings("unchecked")
-			Enumeration<String> en = mailAttr.getStringValues();
+            Enumeration<String> en = mailAttr.getStringValues();
 
             if (en != null && en.hasMoreElements()) {
-                String mail =  en.nextElement();
+                String mail = en.nextElement();
 
                 if (mail != null) {
                     id.setEmail(mail);
@@ -573,7 +570,7 @@ public final class UGSubsystem implements IUGSubsystem {
 
         if (phoneAttr != null) {
             @SuppressWarnings("unchecked")
-			Enumeration<String> en = phoneAttr.getStringValues();
+            Enumeration<String> en = phoneAttr.getStringValues();
 
             if (en != null && en.hasMoreElements()) {
                 String phone = (String) en.nextElement();
@@ -589,20 +586,20 @@ public final class UGSubsystem implements IUGSubsystem {
 
         LDAPAttribute userTypeAttr = entry.getAttribute("usertype");
 
-        if (userTypeAttr == null) 
+        if (userTypeAttr == null)
             id.setUserType("");
         else {
             @SuppressWarnings("unchecked")
-			Enumeration<String> en = userTypeAttr.getStringValues();
+            Enumeration<String> en = userTypeAttr.getStringValues();
 
             if (en != null && en.hasMoreElements()) {
                 String userType = (String) en.nextElement();
 
-                if ((userType != null) && (! userType.equals("undefined")))
+                if ((userType != null) && (!userType.equals("undefined")))
                     id.setUserType(userType);
                 else
                     id.setUserType("");
- 
+
             }
         }
 
@@ -612,7 +609,7 @@ public final class UGSubsystem implements IUGSubsystem {
             id.setState("");
         else {
             @SuppressWarnings("unchecked")
-			Enumeration<String> en = userStateAttr.getStringValues();
+            Enumeration<String> en = userStateAttr.getStringValues();
 
             if (en != null && en.hasMoreElements()) {
                 String userState = (String) en.nextElement();
@@ -621,17 +618,17 @@ public final class UGSubsystem implements IUGSubsystem {
                     id.setState(userState);
                 else
                     id.setState("");
- 
+
             }
         }
 
         LDAPAttribute certAttr =
-            entry.getAttribute(LDAP_ATTR_USER_CERT);
+                entry.getAttribute(LDAP_ATTR_USER_CERT);
 
         if (certAttr != null) {
             Vector<X509Certificate> certVector = new Vector<X509Certificate>();
             @SuppressWarnings("unchecked")
-			Enumeration<byte[]> e = certAttr.getByteValues();
+            Enumeration<byte[]> e = certAttr.getByteValues();
 
             try {
                 for (; e != null && e.hasMoreElements();) {
@@ -667,24 +664,21 @@ public final class UGSubsystem implements IUGSubsystem {
     }
 
     /**
-     * Adds identity.  Certificates handled by a separate call to
-     * addUserCert() 
+     * Adds identity. Certificates handled by a separate call to addUserCert()
      */
     public void addUser(IUser identity) throws EUsrGrpException, LDAPException {
         User id = (User) identity;
 
         if (id == null) {
-            throw new
-                EUsrGrpException(CMS.getUserMessage("CMS_USRGRP_ADD_USER_FAIL"));
+            throw new EUsrGrpException(CMS.getUserMessage("CMS_USRGRP_ADD_USER_FAIL"));
         }
 
         if (id.getUserID() == null) {
-            throw new
-                EUsrGrpException(CMS.getUserMessage("CMS_USRGRP_ADD_USER_FAIL_NO_UID"));
+            throw new EUsrGrpException(CMS.getUserMessage("CMS_USRGRP_ADD_USER_FAIL_NO_UID"));
         }
 
         LDAPAttributeSet attrs = new LDAPAttributeSet();
-        String oc[] = {"top", "person", "organizationalPerson", 
+        String oc[] = { "top", "person", "organizationalPerson",
                 "inetOrgPerson", "cmsuser" };
 
         attrs.add(new LDAPAttribute("objectclass", oc));
@@ -695,29 +689,30 @@ public final class UGSubsystem implements IUGSubsystem {
 
         if (id.getPhone() != null) {
             // DS syntax checking requires a value for PrintableString syntax
-            if (! id.getPhone().equals("")) {
+            if (!id.getPhone().equals("")) {
                 attrs.add(new LDAPAttribute("telephonenumber", id.getPhone()));
             }
         }
 
-        attrs.add(new LDAPAttribute("userpassword", 
+        attrs.add(new LDAPAttribute("userpassword",
                 id.getPassword()));
 
         if (id.getUserType() != null) {
             // DS syntax checking requires a value for Directory String syntax
-            // but usertype is a MUST attribute, so we need to add something here
+            // but usertype is a MUST attribute, so we need to add something
+            // here
             // if it is undefined.
-            
-            if (! id.getUserType().equals("")) {
-                 attrs.add(new LDAPAttribute("usertype", id.getUserType()));
+
+            if (!id.getUserType().equals("")) {
+                attrs.add(new LDAPAttribute("usertype", id.getUserType()));
             } else {
-                 attrs.add(new LDAPAttribute("usertype", "undefined"));
+                attrs.add(new LDAPAttribute("usertype", "undefined"));
             }
         }
 
         if (id.getState() != null) {
             // DS syntax checking requires a value for Directory String syntax
-            if (! id.getState().equals("")) {
+            if (!id.getState().equals("")) {
                 attrs.add(new LDAPAttribute("userstate", id.getState()));
             }
         }
@@ -729,9 +724,9 @@ public final class UGSubsystem implements IUGSubsystem {
         String adminId = (String) sessionContext.get(SessionContext.USER_ID);
 
         mLogger.log(ILogger.EV_AUDIT, ILogger.S_USRGRP,
-            AuditFormat.LEVEL, AuditFormat.ADDUSERFORMAT,
-            new Object[] {adminId, id.getUserID()}
-        );
+                AuditFormat.LEVEL, AuditFormat.ADDUSERFORMAT,
+                new Object[] { adminId, id.getUserID() }
+                );
 
         LDAPConnection ldapconn = null;
 
@@ -739,12 +734,12 @@ public final class UGSubsystem implements IUGSubsystem {
             ldapconn = getConn();
             ldapconn.add(entry);
         } catch (ELdapException e) {
-            String errMsg = 
-                "add User: Could not get connection to internaldb. Error " + e;
+            String errMsg =
+                    "add User: Could not get connection to internaldb. Error " + e;
 
             log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_USRGRP_ADD_USER", e.toString()));
         } finally {
-            if (ldapconn != null) 
+            if (ldapconn != null)
                 returnConn(ldapconn);
         }
     }
@@ -764,27 +759,27 @@ public final class UGSubsystem implements IUGSubsystem {
         LDAPModificationSet addCert = new LDAPModificationSet();
 
         if ((cert = user.getX509Certificates()) != null) {
-            LDAPAttribute attrCertStr = new 
-                LDAPAttribute(LDAP_ATTR_USER_CERT_STRING);
+            LDAPAttribute attrCertStr = new
+                    LDAPAttribute(LDAP_ATTR_USER_CERT_STRING);
 
             /*
-             LDAPAttribute attrCertDNStr = new 
-             LDAPAttribute(LDAP_ATTR_CERTDN);
+             * LDAPAttribute attrCertDNStr = new
+             * LDAPAttribute(LDAP_ATTR_CERTDN);
              */
-            LDAPAttribute attrCertBin = new 
-                LDAPAttribute(LDAP_ATTR_USER_CERT);
+            LDAPAttribute attrCertBin = new
+                    LDAPAttribute(LDAP_ATTR_USER_CERT);
 
             try {
                 attrCertBin.addValue(cert[0].getEncoded());
                 attrCertStr.addValue(getCertificateString(cert[0]));
-                //	attrCertDNStr.addValue(cert[0].getSubjectDN().toString());
+                // attrCertDNStr.addValue(cert[0].getSubjectDN().toString());
             } catch (CertificateEncodingException e) {
                 log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_USRGRP_ADD_USER_CERT", e.toString()));
                 throw new EUsrGrpException(CMS.getUserMessage("CMS_USRGRP_USR_CERT_ERROR"));
             }
 
             addCert.add(LDAPModification.ADD, attrCertStr);
-            //addCert.add(LDAPModification.ADD, attrCertDNStr);
+            // addCert.add(LDAPModification.ADD, attrCertDNStr);
             addCert.add(LDAPModification.ADD, attrCertBin);
 
             LDAPConnection ldapconn = null;
@@ -792,17 +787,17 @@ public final class UGSubsystem implements IUGSubsystem {
             try {
                 ldapconn = getConn();
                 ldapconn.modify("uid=" + user.getUserID() +
-                    "," + getUserBaseDN(), addCert);
+                        "," + getUserBaseDN(), addCert);
                 // for audit log
                 SessionContext sessionContext = SessionContext.getContext();
                 String adminId = (String) sessionContext.get(SessionContext.USER_ID);
 
                 mLogger.log(ILogger.EV_AUDIT, ILogger.S_USRGRP,
-                    AuditFormat.LEVEL, AuditFormat.ADDUSERCERTFORMAT,
-                    new Object[] {adminId, user.getUserID(),
-                        cert[0].getSubjectDN().toString(), 
-                        cert[0].getSerialNumber().toString(16)}
-                );
+                        AuditFormat.LEVEL, AuditFormat.ADDUSERCERTFORMAT,
+                        new Object[] { adminId, user.getUserID(),
+                                cert[0].getSubjectDN().toString(),
+                                cert[0].getSerialNumber().toString(16) }
+                        );
 
             } catch (LDAPException e) {
                 if (Debug.ON) {
@@ -816,13 +811,13 @@ public final class UGSubsystem implements IUGSubsystem {
                 log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_USRGRP_ADD_USER", e.toString()));
                 throw e;
             } catch (ELdapException e) {
-                String errMsg = 
-                    "add User Cert: " +
-                    "Could not get connection to internaldb. Error " + e;
+                String errMsg =
+                        "add User Cert: " +
+                                "Could not get connection to internaldb. Error " + e;
 
                 log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_USRGRP_ADD_USER", e.toString()));
             } finally {
-                if (ldapconn != null) 
+                if (ldapconn != null)
                     returnConn(ldapconn);
             }
         }
@@ -831,9 +826,9 @@ public final class UGSubsystem implements IUGSubsystem {
     }
 
     /**
-     * Removes a user certificate for a user entry
-     *    given a user certificate DN (actually, a combination of version,
-     *	 serialNumber, issuerDN, and SubjectDN), and it gets removed
+     * Removes a user certificate for a user entry given a user certificate DN
+     * (actually, a combination of version, serialNumber, issuerDN, and
+     * SubjectDN), and it gets removed
      */
     public void removeUserCert(IUser identity) throws EUsrGrpException {
         User user = (User) identity;
@@ -854,23 +849,21 @@ public final class UGSubsystem implements IUGSubsystem {
         X509Certificate[] certs = ldapUser.getX509Certificates();
 
         if (certs == null) {
-            throw new
-                EUsrGrpException(CMS.getUserMessage("CMS_USRGRP_CERT_NOT_FOUND"));
+            throw new EUsrGrpException(CMS.getUserMessage("CMS_USRGRP_CERT_NOT_FOUND"));
         }
 
         String delCertdn = user.getCertDN();
 
         if (delCertdn == null) {
-            throw new
-                EUsrGrpException(CMS.getUserMessage("CMS_USRGRP_CERT_NOT_FOUND"));
+            throw new EUsrGrpException(CMS.getUserMessage("CMS_USRGRP_CERT_NOT_FOUND"));
         }
 
         LDAPAttribute certAttr = new
-            LDAPAttribute(LDAP_ATTR_USER_CERT);
-        LDAPAttribute certAttrS = new 
-            LDAPAttribute(LDAP_ATTR_USER_CERT_STRING);
+                LDAPAttribute(LDAP_ATTR_USER_CERT);
+        LDAPAttribute certAttrS = new
+                LDAPAttribute(LDAP_ATTR_USER_CERT_STRING);
 
-        //LDAPAttribute certDNAttrS = new LDAPAttribute(LDAP_ATTR_CERTDN);
+        // LDAPAttribute certDNAttrS = new LDAPAttribute(LDAP_ATTR_CERTDN);
 
         int certCount = 0;
 
@@ -888,74 +881,73 @@ public final class UGSubsystem implements IUGSubsystem {
                 try {
                     certAttr.addValue(certs[i].getEncoded());
                     certAttrS.addValue(getCertificateString(certs[i]));
-                    //	certDNAttrS.addValue(certs[i].getSubjectDN().toString());
+                    // certDNAttrS.addValue(certs[i].getSubjectDN().toString());
                 } catch (CertificateEncodingException e) {
                     throw new EUsrGrpException(CMS.getUserMessage("CMS_USRGRP_USR_CERT_ERROR"));
                 }
 
                 attrs.add(LDAPModification.DELETE, certAttr);
                 attrs.add(LDAPModification.DELETE, certAttrS);
-                //attrs.add(LDAPModification.DELETE, certDNAttrS);
+                // attrs.add(LDAPModification.DELETE, certDNAttrS);
 
                 LDAPConnection ldapconn = null;
 
                 try {
                     ldapconn = getConn();
                     ldapconn.modify("uid=" + user.getUserID() +
-                        "," + getUserBaseDN(), attrs);
+                            "," + getUserBaseDN(), attrs);
                     certCount++;
                     // for audit log
                     SessionContext sessionContext = SessionContext.getContext();
                     String adminId = (String) sessionContext.get(SessionContext.USER_ID);
 
-                    mLogger.log(ILogger.EV_AUDIT, 
-                        ILogger.S_USRGRP,
-                        AuditFormat.LEVEL, 
-                        AuditFormat.REMOVEUSERCERTFORMAT,
-                        new Object[] {adminId, user.getUserID(),
-                            certs[0].getSubjectDN().toString(), 
-                            certs[i].getSerialNumber().toString(16)}
-                    );
+                    mLogger.log(ILogger.EV_AUDIT,
+                            ILogger.S_USRGRP,
+                            AuditFormat.LEVEL,
+                            AuditFormat.REMOVEUSERCERTFORMAT,
+                            new Object[] { adminId, user.getUserID(),
+                                    certs[0].getSubjectDN().toString(),
+                                    certs[i].getSerialNumber().toString(16) }
+                            );
 
                 } catch (LDAPException e) {
                     String errMsg = "removeUserCert():" + e;
 
                     if (e.getLDAPResultCode() == LDAPException.UNAVAILABLE) {
-                        errMsg = 
+                        errMsg =
                                 "removeUserCert: " + "Internal DB is unavailable";
                     }
                     log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_USRGRP_REMOVE_USER", e.toString()));
                     throw new EUsrGrpException(CMS.getUserMessage("CMS_USRGRP_MOD_USER_FAIL"));
                 } catch (ELdapException e) {
-                    String errMsg = 
-                        "remove User Cert: " +
-                        "Could not get connection to internaldb. Error " + e;
+                    String errMsg =
+                            "remove User Cert: " +
+                                    "Could not get connection to internaldb. Error " + e;
 
                     log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_USRGRP_REMOVE_USER", e.toString()));
                 } finally {
-                    if (ldapconn != null) 
+                    if (ldapconn != null)
                         returnConn(ldapconn);
                 }
             }
         }
 
         if (certCount == 0) {
-            throw new
-                EUsrGrpException(CMS.getUserMessage("CMS_USRGRP_CERT_NOT_FOUND"));
+            throw new EUsrGrpException(CMS.getUserMessage("CMS_USRGRP_CERT_NOT_FOUND"));
         }
 
         return;
     }
 
-    public void removeUserFromGroup(IGroup grp, String userid) 
-        throws EUsrGrpException {
-  
+    public void removeUserFromGroup(IGroup grp, String userid)
+            throws EUsrGrpException {
+
         LDAPConnection ldapconn = null;
 
         try {
             ldapconn = getConn();
-            String groupDN = "cn=" + grp.getGroupID() + 
-                "," + getGroupBaseDN();
+            String groupDN = "cn=" + grp.getGroupID() +
+                    "," + getGroupBaseDN();
             LDAPAttribute memberAttr = new LDAPAttribute(
                     "uniquemember", "uid=" + userid + "," + getUserBaseDN());
             LDAPModification singleChange = new LDAPModification(
@@ -972,12 +964,12 @@ public final class UGSubsystem implements IUGSubsystem {
 
             throw new EUsrGrpException(CMS.getUserMessage("CMS_USRGRP_REMOVE_USER_FAIL"));
         } catch (ELdapException e) {
-            String errMsg = 
-                "removeUserFromGroup: Could not get connection to internaldb. Error " + e;
+            String errMsg =
+                    "removeUserFromGroup: Could not get connection to internaldb. Error " + e;
 
             log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_USRGRP_REMOVE_USER_FROM_GROUP", e.toString()));
         } finally {
-            if (ldapconn != null) 
+            if (ldapconn != null)
                 returnConn(ldapconn);
         }
     }
@@ -1000,9 +992,9 @@ public final class UGSubsystem implements IUGSubsystem {
             String adminId = (String) sessionContext.get(SessionContext.USER_ID);
 
             mLogger.log(ILogger.EV_AUDIT, ILogger.S_USRGRP,
-                AuditFormat.LEVEL, AuditFormat.REMOVEUSERFORMAT,
-                new Object[] {adminId, userid}
-            );
+                    AuditFormat.LEVEL, AuditFormat.REMOVEUSERFORMAT,
+                    new Object[] { adminId, userid }
+                    );
 
         } catch (LDAPException e) {
             String errMsg = "removeUser()" + e.toString();
@@ -1014,25 +1006,25 @@ public final class UGSubsystem implements IUGSubsystem {
 
             throw new EUsrGrpException(CMS.getUserMessage("CMS_USRGRP_REMOVE_USER_FAIL"));
         } catch (ELdapException e) {
-            String errMsg = 
-                "remove User: Could not get connection to internaldb. Error " + e;
+            String errMsg =
+                    "remove User: Could not get connection to internaldb. Error " + e;
 
             log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_USRGRP_REMOVE_USER", e.toString()));
         } finally {
-            if (ldapconn != null) 
+            if (ldapconn != null)
                 returnConn(ldapconn);
         }
     }
 
     /**
-     * modifies user attributes.  Certs are handled separately
+     * modifies user attributes. Certs are handled separately
      */
     public void modifyUser(IUser identity) throws EUsrGrpException {
         User user = (User) identity;
         String st = null;
 
         /**
-         X509Certificate certs[] = null;
+         * X509Certificate certs[] = null;
          **/
         LDAPModificationSet attrs = new LDAPModificationSet();
 
@@ -1045,10 +1037,10 @@ public final class UGSubsystem implements IUGSubsystem {
         try {
             ldapconn = getConn();
             if ((st = user.getFullName()) != null) {
-                attrs.add(LDAPModification.REPLACE, 
-                    new LDAPAttribute("sn", st));
-                attrs.add(LDAPModification.REPLACE, 
-                    new LDAPAttribute("cn", st));
+                attrs.add(LDAPModification.REPLACE,
+                        new LDAPAttribute("sn", st));
+                attrs.add(LDAPModification.REPLACE,
+                        new LDAPAttribute("cn", st));
             }
             if ((st = user.getEmail()) != null) {
                 LDAPAttribute ld = new LDAPAttribute("mail", st);
@@ -1057,37 +1049,37 @@ public final class UGSubsystem implements IUGSubsystem {
             }
             if ((st = user.getPassword()) != null && (!st.equals(""))) {
                 attrs.add(LDAPModification.REPLACE,
-                    new LDAPAttribute("userpassword", st));
+                        new LDAPAttribute("userpassword", st));
             }
             if ((st = user.getPhone()) != null) {
-                if (! st.equals("")) {
+                if (!st.equals("")) {
                     attrs.add(LDAPModification.REPLACE,
-                        new LDAPAttribute("telephonenumber", st));
+                            new LDAPAttribute("telephonenumber", st));
                 } else {
                     try {
                         LDAPModification singleChange = new LDAPModification(
-                            LDAPModification.DELETE, new LDAPAttribute("telephonenumber"));
+                                LDAPModification.DELETE, new LDAPAttribute("telephonenumber"));
                         ldapconn.modify("uid=" + user.getUserID() +
-                            "," + getUserBaseDN(), singleChange);
+                                "," + getUserBaseDN(), singleChange);
                     } catch (LDAPException e) {
                         if (e.getLDAPResultCode() != LDAPException.NO_SUCH_ATTRIBUTE) {
                             CMS.debug("modifyUser: Error in deleting telephonenumber");
                             throw e;
                         }
                     }
-                }  
+                }
             }
 
             if ((st = user.getState()) != null) {
-                if (! st.equals("")) {
+                if (!st.equals("")) {
                     attrs.add(LDAPModification.REPLACE,
-                        new LDAPAttribute("userstate", st));
+                            new LDAPAttribute("userstate", st));
                 } else {
                     try {
                         LDAPModification singleChange = new LDAPModification(
-                            LDAPModification.DELETE, new LDAPAttribute("userstate"));
+                                LDAPModification.DELETE, new LDAPAttribute("userstate"));
                         ldapconn.modify("uid=" + user.getUserID() +
-                            "," + getUserBaseDN(), singleChange);
+                                "," + getUserBaseDN(), singleChange);
                     } catch (LDAPException e) {
                         if (e.getLDAPResultCode() != LDAPException.NO_SUCH_ATTRIBUTE) {
                             CMS.debug("modifyUser: Error in deleting userstate");
@@ -1095,45 +1087,39 @@ public final class UGSubsystem implements IUGSubsystem {
                         }
                     }
                 }
-            } 
+            }
 
             /**
-             if ((certs = user.getCertificates()) != null) {
-             LDAPAttribute attrCertStr = new 
-             LDAPAttribute("description");
-             LDAPAttribute attrCertBin = new 
-             LDAPAttribute(LDAP_ATTR_USER_CERT);
-             for (int i = 0 ; i < certs.length; i++) {
-             attrCertBin.addValue(certs[i].getEncoded());
-             attrCertStr.addValue(getCertificateString(certs[i]));
-             }
-             attrs.add(attrCertStr);
-
-             if (user.getCertOp() == OpDef.ADD) {
-             attrs.add(LDAPModification.ADD, attrCertBin);
-             } else if (user.getCertOp() == OpDef.DELETE) {
-             attrs.add(LDAPModification.DELETE, attrCertBin);
-             } else {
-             throw new EUsrGrpException(UsrGrpResources.USR_MOD_ILL_CERT_OP);
-             }
-             }
+             * if ((certs = user.getCertificates()) != null) { LDAPAttribute
+             * attrCertStr = new LDAPAttribute("description"); LDAPAttribute
+             * attrCertBin = new LDAPAttribute(LDAP_ATTR_USER_CERT); for (int i
+             * = 0 ; i < certs.length; i++) {
+             * attrCertBin.addValue(certs[i].getEncoded());
+             * attrCertStr.addValue(getCertificateString(certs[i])); }
+             * attrs.add(attrCertStr);
+             * 
+             * if (user.getCertOp() == OpDef.ADD) {
+             * attrs.add(LDAPModification.ADD, attrCertBin); } else if
+             * (user.getCertOp() == OpDef.DELETE) {
+             * attrs.add(LDAPModification.DELETE, attrCertBin); } else { throw
+             * new EUsrGrpException(UsrGrpResources.USR_MOD_ILL_CERT_OP); } }
              **/
             ldapconn.modify("uid=" + user.getUserID() +
-                "," + getUserBaseDN(), attrs);
+                    "," + getUserBaseDN(), attrs);
             // for audit log
             SessionContext sessionContext = SessionContext.getContext();
             String adminId = (String) sessionContext.get(SessionContext.USER_ID);
 
             mLogger.log(ILogger.EV_AUDIT, ILogger.S_USRGRP,
-                AuditFormat.LEVEL, AuditFormat.MODIFYUSERFORMAT,
-                new Object[] {adminId, user.getUserID()}
-            );
+                    AuditFormat.LEVEL, AuditFormat.MODIFYUSERFORMAT,
+                    new Object[] { adminId, user.getUserID() }
+                    );
 
         } catch (Exception e) {
-            //e.printStackTrace();
+            // e.printStackTrace();
             throw new EUsrGrpException(CMS.getUserMessage("CMS_USRGRP_MOD_USER_FAIL"));
         } finally {
-            if (ldapconn != null) 
+            if (ldapconn != null)
                 returnConn(ldapconn);
         }
     }
@@ -1161,15 +1147,15 @@ public final class UGSubsystem implements IUGSubsystem {
 
         try {
             ldapconn = getConn();
-            LDAPSearchResults res = 
-                ldapconn.search(getGroupBaseDN(), LDAPv2.SCOPE_SUB, 
-                    "(&(objectclass=groupofuniquenames)(cn=" + filter + "))", 
-                    null, false);
+            LDAPSearchResults res =
+                    ldapconn.search(getGroupBaseDN(), LDAPv2.SCOPE_SUB,
+                            "(&(objectclass=groupofuniquenames)(cn=" + filter + "))",
+                            null, false);
 
             return buildGroups(res);
         } catch (LDAPException e) {
-            String errMsg = 
-                "findGroups: could not find group " + filter + ". Error " + e;
+            String errMsg =
+                    "findGroups: could not find group " + filter + ". Error " + e;
 
             if (e.getLDAPResultCode() == LDAPException.UNAVAILABLE) {
                 errMsg = "findGroups: " + "Internal DB is unavailable";
@@ -1177,13 +1163,13 @@ public final class UGSubsystem implements IUGSubsystem {
             log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_USRGRP_FIND_GROUPS", e.toString()));
             return null;
         } catch (ELdapException e) {
-            String errMsg = 
-                "find Groups: Could not get connection to internaldb. Error " + e;
+            String errMsg =
+                    "find Groups: Could not get connection to internaldb. Error " + e;
 
             log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_USRGRP_FIND_GROUPS", e.toString()));
             return null;
         } finally {
-            if (ldapconn != null) 
+            if (ldapconn != null)
                 returnConn(ldapconn);
         }
     }
@@ -1197,10 +1183,10 @@ public final class UGSubsystem implements IUGSubsystem {
     }
 
     /**
-     * List groups.  more efficient than find Groups.  only retrieves
-     *	 group names and description.
+     * List groups. more efficient than find Groups. only retrieves group names
+     * and description.
      */
-    public Enumeration<IGroup>  listGroups(String filter) throws EUsrGrpException {
+    public Enumeration<IGroup> listGroups(String filter) throws EUsrGrpException {
         if (filter == null) {
             return null;
         }
@@ -1214,10 +1200,10 @@ public final class UGSubsystem implements IUGSubsystem {
             attrs[1] = "description";
 
             ldapconn = getConn();
-            LDAPSearchResults res = 
-                ldapconn.search(getGroupBaseDN(), LDAPv2.SCOPE_SUB, 
-                    "(&(objectclass=groupofuniquenames)(cn=" + filter + "))", 
-                    attrs, false);
+            LDAPSearchResults res =
+                    ldapconn.search(getGroupBaseDN(), LDAPv2.SCOPE_SUB,
+                            "(&(objectclass=groupofuniquenames)(cn=" + filter + "))",
+                            attrs, false);
 
             return buildGroups(res);
         } catch (LDAPException e) {
@@ -1228,12 +1214,12 @@ public final class UGSubsystem implements IUGSubsystem {
             }
             log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_USRGRP_LIST_GROUPS", e.toString()));
         } catch (ELdapException e) {
-            String errMsg = 
-                "list Groups: Could not get connection to internaldb. Error " + e;
+            String errMsg =
+                    "list Groups: Could not get connection to internaldb. Error " + e;
 
             log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_USRGRP_LIST_GROUPS", e.toString()));
         } finally {
-            if (ldapconn != null) 
+            if (ldapconn != null)
                 returnConn(ldapconn);
         }
         return null;
@@ -1243,14 +1229,14 @@ public final class UGSubsystem implements IUGSubsystem {
      * builds an instance of a Group entry
      */
     protected IGroup buildGroup(LDAPEntry entry) {
-        String groupName = (String)entry.getAttribute("cn").getStringValues().nextElement();
+        String groupName = (String) entry.getAttribute("cn").getStringValues().nextElement();
         IGroup grp = createGroup(this, groupName);
-		
+
         LDAPAttribute grpDesc = entry.getAttribute("description");
 
         if (grpDesc != null) {
             @SuppressWarnings("unchecked")
-			Enumeration<String> en = grpDesc.getStringValues();
+            Enumeration<String> en = grpDesc.getStringValues();
 
             if (en != null && en.hasMoreElements()) {
                 String desc = (String) en.nextElement();
@@ -1282,26 +1268,26 @@ public final class UGSubsystem implements IUGSubsystem {
         }
 
         @SuppressWarnings("unchecked")
-		Enumeration<String> e = attr.getStringValues();
+        Enumeration<String> e = attr.getStringValues();
 
         while (e.hasMoreElements()) {
             String v = (String) e.nextElement();
 
-            //		grp.addMemberName(v);
+            // grp.addMemberName(v);
             // DOES NOT SUPPORT NESTED GROUPS...
 
-            /* BAD_GROUP_MEMBER message goes to system log
-             * We are testing unique member attribute for
-             * 1. presence of uid string
-             * 2. presence and sequence of equal sign and comma
-             * 3. absence of equal sign between previously found equal sign and comma
-             * 4. absence of non white space characters between uid string and equal sign
-             */ 
+            /*
+             * BAD_GROUP_MEMBER message goes to system log We are testing unique
+             * member attribute for 1. presence of uid string 2. presence and
+             * sequence of equal sign and comma 3. absence of equal sign between
+             * previously found equal sign and comma 4. absence of non white
+             * space characters between uid string and equal sign
+             */
             int i = -1;
             int j = -1;
-            if (v == null || v.length() < 3 || (!(v.substring(0,3)).equalsIgnoreCase("uid")) ||
-                ((i = v.indexOf('=')) < 0) || ((j = v.indexOf(',')) < 0) || i > j || 
-                 (v.substring(i+1, j)).indexOf('=') > -1 || ((v.substring(3, i)).trim()).length() > 0) {
+            if (v == null || v.length() < 3 || (!(v.substring(0, 3)).equalsIgnoreCase("uid")) ||
+                    ((i = v.indexOf('=')) < 0) || ((j = v.indexOf(',')) < 0) || i > j ||
+                    (v.substring(i + 1, j)).indexOf('=') > -1 || ((v.substring(3, i)).trim()).length() > 0) {
                 log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_USRGRP_BAD_GROUP_MEMBER", groupName, v));
             } else {
                 grp.addMemberName(v.substring(v.indexOf('=') + 1, v.indexOf(',')));
@@ -1316,22 +1302,20 @@ public final class UGSubsystem implements IUGSubsystem {
     }
 
     /**
-     * Retrieves a group from LDAP
-     * NOTE - this takes just the group name.
+     * Retrieves a group from LDAP NOTE - this takes just the group name.
      */
     public IGroup getGroupFromName(String name) {
         return getGroup("cn=" + name + "," + getGroupBaseDN());
     }
 
     /**
-     * Retrieves a group from LDAP
-     * NOTE - LH This takes a full LDAP DN.
+     * Retrieves a group from LDAP NOTE - LH This takes a full LDAP DN.
      */
     public IGroup getGroup(String name) {
         if (name == null) {
             return null;
         }
-		
+
         LDAPConnection ldapconn = null;
 
         try {
@@ -1372,7 +1356,7 @@ public final class UGSubsystem implements IUGSubsystem {
                 return false;
             }
             @SuppressWarnings("unchecked")
-			Enumeration<String> en = attr.getStringValues();
+            Enumeration<String> en = attr.getStringValues();
 
             for (; en.hasMoreElements();) {
                 String v = (String) en.nextElement();
@@ -1390,91 +1374,84 @@ public final class UGSubsystem implements IUGSubsystem {
         return false;
     }
 
-    public boolean isMemberOf(String userid, String groupname) 
-    {
+    public boolean isMemberOf(String userid, String groupname) {
         try {
-          IUser user = getUser(userid);
-     	  return isMemberOfLdapGroup(user.getUserDN(), groupname);
+            IUser user = getUser(userid);
+            return isMemberOfLdapGroup(user.getUserDN(), groupname);
         } catch (Exception e) {
-          /* do nothing */
+            /* do nothing */
         }
         return false;
     }
 
     /**
-     * Checks if the given user is a member of the given group
-     * (now runs an ldap search to find the user, instead of
-     * fetching the entire group entry)
+     * Checks if the given user is a member of the given group (now runs an ldap
+     * search to find the user, instead of fetching the entire group entry)
      */
-    public boolean isMemberOf(IUser id, String name) { 
-        if (id == null) { 
-            log(ILogger.LL_WARN, "isMemberOf(): id is null"); 
-            return false; 
+    public boolean isMemberOf(IUser id, String name) {
+        if (id == null) {
+            log(ILogger.LL_WARN, "isMemberOf(): id is null");
+            return false;
         }
 
-        if (name == null) { 
-            log(ILogger.LL_WARN, "isMemberOf(): name is null"); 
-            return false; 
+        if (name == null) {
+            log(ILogger.LL_WARN, "isMemberOf(): name is null");
+            return false;
         }
 
-        Debug.trace("UGSubsystem.isMemberOf() using new lookup code"); 
-        return isMemberOfLdapGroup(id.getUserDN(),name);
+        Debug.trace("UGSubsystem.isMemberOf() using new lookup code");
+        return isMemberOfLdapGroup(id.getUserDN(), name);
     }
 
-
     /**
-     * checks if the given user DN is in the specified group
-     * by running an ldap search for the user in the group
+     * checks if the given user DN is in the specified group by running an ldap
+     * search for the user in the group
      */
-    protected boolean isMemberOfLdapGroup(String userid,String groupname) 
-    {
-        String basedn = "cn="+groupname+",ou=groups,"+mBaseDN;
+    protected boolean isMemberOfLdapGroup(String userid, String groupname) {
+        String basedn = "cn=" + groupname + ",ou=groups," + mBaseDN;
         LDAPConnection ldapconn = null;
-                boolean founduser=false;
+        boolean founduser = false;
         try {
-                        // the group could potentially have many thousands
-                        // of members, (many values of the uniquemember
-                        // attribute). So, we don't want to fetch this
-                        // list each time. We'll just fetch the CN.
-                        String attrs[]= new String[1];
-                        attrs[0] = "cn";
+            // the group could potentially have many thousands
+            // of members, (many values of the uniquemember
+            // attribute). So, we don't want to fetch this
+            // list each time. We'll just fetch the CN.
+            String attrs[] = new String[1];
+            attrs[0] = "cn";
 
             ldapconn = getConn();
 
-
-                        String filter = "(uniquemember="+userid+")";
-                        Debug.trace("authorization search base: "+basedn);
-                        Debug.trace("authorization search filter: "+filter);
+            String filter = "(uniquemember=" + userid + ")";
+            Debug.trace("authorization search base: " + basedn);
+            Debug.trace("authorization search filter: " + filter);
             LDAPSearchResults res =
-                ldapconn.search(basedn, LDAPv2.SCOPE_BASE,
-                       filter,
-                        attrs, false);
-                       // If the result had at least one entry, we know
-                       // that the filter matched, and so the user correctly
-                       // authenticated.
-                       if (res.hasMoreElements()) {
-                               // actually read the entry
-                               LDAPEntry entry = (LDAPEntry)res.nextElement();
-                               founduser=true;
-                       }
-                       Debug.trace("authorization result: "+founduser);
-       } catch (LDAPException e) {
-           String errMsg =
-               "isMemberOfLdapGroup: could not find group "+groupname+". Error "+e;
-           if (e.getLDAPResultCode() == LDAPException.UNAVAILABLE) {
-               errMsg = "isMemberOfLdapGroup: "+"Internal DB is unavailable";
-           }
-           Debug.trace("authorization exception: "+errMsg);
-           // too chatty in system log
-           // log(ILogger.LL_FAILURE, errMsg); 
-       }
-       catch (ELdapException e) {
-           String errMsg =
-               "isMemberOfLdapGroup: Could not get connection to internaldb. Error "+e;
-                       Debug.trace("authorization exception: "+errMsg);
+                    ldapconn.search(basedn, LDAPv2.SCOPE_BASE,
+                            filter,
+                            attrs, false);
+            // If the result had at least one entry, we know
+            // that the filter matched, and so the user correctly
+            // authenticated.
+            if (res.hasMoreElements()) {
+                // actually read the entry
+                LDAPEntry entry = (LDAPEntry) res.nextElement();
+                founduser = true;
+            }
+            Debug.trace("authorization result: " + founduser);
+        } catch (LDAPException e) {
+            String errMsg =
+                    "isMemberOfLdapGroup: could not find group " + groupname + ". Error " + e;
+            if (e.getLDAPResultCode() == LDAPException.UNAVAILABLE) {
+                errMsg = "isMemberOfLdapGroup: " + "Internal DB is unavailable";
+            }
+            Debug.trace("authorization exception: " + errMsg);
+            // too chatty in system log
+            // log(ILogger.LL_FAILURE, errMsg);
+        } catch (ELdapException e) {
+            String errMsg =
+                    "isMemberOfLdapGroup: Could not get connection to internaldb. Error " + e;
+            Debug.trace("authorization exception: " + errMsg);
             log(ILogger.LL_FAILURE, errMsg);
-        }
-        finally {
+        } finally {
             if (ldapconn != null)
                 returnConn(ldapconn);
         }
@@ -1495,7 +1472,7 @@ public final class UGSubsystem implements IUGSubsystem {
 
         try {
             LDAPAttributeSet attrs = new LDAPAttributeSet();
-            String oc[] = {"top", "groupOfUniqueNames"};
+            String oc[] = { "top", "groupOfUniqueNames" };
 
             attrs.add(new LDAPAttribute("objectclass", oc));
             attrs.add(new LDAPAttribute("cn", group.getGroupID()));
@@ -1509,8 +1486,8 @@ public final class UGSubsystem implements IUGSubsystem {
                     String name = (String) e.nextElement();
 
                     // DOES NOT SUPPORT NESTED GROUPS...
-                    attrMembers.addValue("uid=" + name + "," + 
-                        getUserBaseDN());
+                    attrMembers.addValue("uid=" + name + "," +
+                            getUserBaseDN());
                 }
                 attrs.add(attrMembers);
             }
@@ -1529,19 +1506,19 @@ public final class UGSubsystem implements IUGSubsystem {
 
             throw new EUsrGrpException(CMS.getUserMessage("CMS_USRGRP_ADD_GROUP_FAIL"));
         } catch (ELdapException e) {
-            String errMsg = 
-                "add Group: Could not get connection to internaldb. Error " + e;
+            String errMsg =
+                    "add Group: Could not get connection to internaldb. Error " + e;
 
             log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_USRGRP_ADD_GROUP", e.toString()));
             throw new EUsrGrpException(CMS.getUserMessage("CMS_USRGRP_ADD_GROUP_FAIL"));
         } finally {
-            if (ldapconn != null) 
+            if (ldapconn != null)
                 returnConn(ldapconn);
         }
     }
 
     /**
-     * Removes a group.  Can't remove SUPER_CERT_ADMINS
+     * Removes a group. Can't remove SUPER_CERT_ADMINS
      */
     public void removeGroup(String name) throws EUsrGrpException {
         if (name == null) {
@@ -1566,9 +1543,9 @@ public final class UGSubsystem implements IUGSubsystem {
 
             throw new EUsrGrpException(CMS.getUserMessage("CMS_USRGRP_REMOVE_GROUP_FAIL"));
         } catch (ELdapException e) {
-            String errMsg = 
-                "remove Group: Could not get connection to internaldb. " +
-                "Error " + e;
+            String errMsg =
+                    "remove Group: Could not get connection to internaldb. " +
+                            "Error " + e;
 
             log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_USRGRP_REMOVE_GROUP", e.toString()));
         } finally {
@@ -1594,8 +1571,8 @@ public final class UGSubsystem implements IUGSubsystem {
             String desc = grp.getDescription();
 
             if (desc != null) {
-                mod.add(LDAPModification.REPLACE, 
-                    new LDAPAttribute("description", desc));
+                mod.add(LDAPModification.REPLACE,
+                        new LDAPAttribute("description", desc));
             }
 
             Enumeration<String> e = grp.getMemberNames();
@@ -1605,8 +1582,8 @@ public final class UGSubsystem implements IUGSubsystem {
                     String name = (String) e.nextElement();
 
                     // DOES NOT SUPPORT NESTED GROUPS...
-                    attrMembers.addValue("uid=" + name + "," + 
-                        getUserBaseDN());
+                    attrMembers.addValue("uid=" + name + "," +
+                            getUserBaseDN());
                 }
                 mod.add(LDAPModification.REPLACE, attrMembers);
             } else {
@@ -1614,14 +1591,13 @@ public final class UGSubsystem implements IUGSubsystem {
                     mod.add(LDAPModification.DELETE, attrMembers);
                 } else {
                     // not allowed
-                    throw new
-                        EUsrGrpException(CMS.getUserMessage("CMS_USRGRP_ILL_GRP_MOD"));
+                    throw new EUsrGrpException(CMS.getUserMessage("CMS_USRGRP_ILL_GRP_MOD"));
                 }
             }
 
             ldapconn = getConn();
             ldapconn.modify("cn=" + grp.getGroupID() +
-                "," + getGroupBaseDN(), mod);
+                    "," + getGroupBaseDN(), mod);
         } catch (LDAPException e) {
             String errMsg = " modifyGroup()" + e.toString();
 
@@ -1641,18 +1617,17 @@ public final class UGSubsystem implements IUGSubsystem {
     }
 
     /**
-     * Evalutes the given context with the attribute 
-     * critieria.
+     * Evalutes the given context with the attribute critieria.
      */
-    public boolean evaluate(String type, IUser id, 
-        String op, String value) {
+    public boolean evaluate(String type, IUser id,
+            String op, String value) {
         if (op.equals("=")) {
             if (type.equalsIgnoreCase("user")) {
                 if (isMatched(value, id.getName()))
                     return true;
             }
             if (type.equalsIgnoreCase("group")) {
-                return isMemberOf(id, value); 
+                return isMemberOf(id, value);
             }
         }
         return false;
@@ -1682,21 +1657,20 @@ public final class UGSubsystem implements IUGSubsystem {
                 return entry.getDN();
             }
         } catch (ELdapException e) {
-            String errMsg = 
-                "convertUIDtoDN: Could not get connection to internaldb. " +
-                "Error " + e;
+            String errMsg =
+                    "convertUIDtoDN: Could not get connection to internaldb. " +
+                            "Error " + e;
 
             log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_USRGRP_CONVERT_UID", e.toString()));
         } finally {
-            if (ldapconn != null) 
+            if (ldapconn != null)
                 returnConn(ldapconn);
         }
         return null;
     }
 
     /**
-     * Checks if the given DNs are the same after 
-     * normalization.
+     * Checks if the given DNs are the same after normalization.
      */
     protected boolean isMatched(String dn1, String dn2) {
         String rdn1[] = LDAPDN.explodeDN(dn1, false);
@@ -1714,8 +1688,8 @@ public final class UGSubsystem implements IUGSubsystem {
     }
 
     /**
-     * Converts certificate into string format.
-     * should eventually go into the locator itself
+     * Converts certificate into string format. should eventually go into the
+     * locator itself
      */
     protected String getCertificateStringWithoutVersion(X509Certificate cert) {
         if (cert == null) {
@@ -1723,7 +1697,7 @@ public final class UGSubsystem implements IUGSubsystem {
         }
         // note that it did not represent a certificate fully
         return "-1;" + cert.getSerialNumber().toString() +
-            ";" + cert.getIssuerDN() + ";" + cert.getSubjectDN();
+                ";" + cert.getIssuerDN() + ";" + cert.getSubjectDN();
     }
 
     public String getCertificateString(X509Certificate cert) {
@@ -1733,7 +1707,7 @@ public final class UGSubsystem implements IUGSubsystem {
 
         // note that it did not represent a certificate fully
         return cert.getVersion() + ";" + cert.getSerialNumber().toString() +
-            ";" + cert.getIssuerDN() + ";" + cert.getSubjectDN();
+                ";" + cert.getIssuerDN() + ";" + cert.getSubjectDN();
     }
 
     /**
@@ -1751,13 +1725,13 @@ public final class UGSubsystem implements IUGSubsystem {
     }
 
     protected LDAPConnection getConn() throws ELdapException {
-        if (mLdapConnFactory == null) 
+        if (mLdapConnFactory == null)
             return null;
         return mLdapConnFactory.getConn();
     }
 
     protected void returnConn(LDAPConnection conn) {
-        if (mLdapConnFactory != null) 
+        if (mLdapConnFactory != null)
             mLdapConnFactory.returnConn(conn);
     }
 
@@ -1765,7 +1739,7 @@ public final class UGSubsystem implements IUGSubsystem {
         if (mLogger == null)
             return;
         mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_USRGRP,
-            level, "UGSubsystem: " + msg);
+                level, "UGSubsystem: " + msg);
     }
 
     public ICertUserLocator getCertUserLocator() {
diff --git a/pki/base/common/src/com/netscape/cmscore/usrgrp/User.java b/pki/base/common/src/com/netscape/cmscore/usrgrp/User.java
index 5133eb23..013b1e52 100644
--- a/pki/base/common/src/com/netscape/cmscore/usrgrp/User.java
+++ b/pki/base/common/src/com/netscape/cmscore/usrgrp/User.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cmscore.usrgrp;
 
-
 import java.security.cert.X509Certificate;
 import java.util.Enumeration;
 import java.util.Vector;
@@ -27,10 +26,9 @@ import com.netscape.certsrv.base.EBaseException;
 import com.netscape.certsrv.usrgrp.IUser;
 import com.netscape.certsrv.usrgrp.IUsrGrp;
 
-
 /**
  * A class represents a user.
- *
+ * 
  * @author cfu
  * @version $Revision$, $Date$
  */
@@ -61,7 +59,7 @@ public class User implements IUser {
         mNames.addElement(ATTR_PASSWORD);
         mNames.addElement(ATTR_STATE);
         mNames.addElement(ATTR_EMAIL);
-        //		mNames.addElement(ATTR_PHONENUMBER);
+        // mNames.addElement(ATTR_PHONENUMBER);
         mNames.addElement(ATTR_X509_CERTIFICATES);
         mNames.addElement(ATTR_USERTYPE);
     }
@@ -78,7 +76,7 @@ public class User implements IUser {
      * Retrieves the name of this identity.
      */
     public String getName() {
-        //		return mScope.getId() + "://" + mUserid;
+        // return mScope.getId() + "://" + mUserid;
         return mUserid;
     }
 
@@ -189,7 +187,7 @@ public class User implements IUser {
             throw new EBaseException(CMS.getUserMessage("CMS_BASE_INVALID_ATTRIBUTE", name));
         }
     }
-	
+
     public Object get(String name) throws EBaseException {
         if (name.equals(ATTR_NAME)) {
             return getName();
diff --git a/pki/base/common/src/com/netscape/cmscore/util/Assert.java b/pki/base/common/src/com/netscape/cmscore/util/Assert.java
index afc38f49..24659929 100644
--- a/pki/base/common/src/com/netscape/cmscore/util/Assert.java
+++ b/pki/base/common/src/com/netscape/cmscore/util/Assert.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cmscore.util;
 
-
 public class Assert {
     public static final boolean ON = true;
 
diff --git a/pki/base/common/src/com/netscape/cmscore/util/AssertionException.java b/pki/base/common/src/com/netscape/cmscore/util/AssertionException.java
index 6a0d8e66..d2f3708d 100644
--- a/pki/base/common/src/com/netscape/cmscore/util/AssertionException.java
+++ b/pki/base/common/src/com/netscape/cmscore/util/AssertionException.java
@@ -17,10 +17,9 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cmscore.util;
 
-
 /**
- * Assertion exceptions are thrown when assertion code is invoked
- * and fails to operate properly.
+ * Assertion exceptions are thrown when assertion code is invoked and fails to
+ * operate properly.
  */
 public class AssertionException extends Error {
     /**
diff --git a/pki/base/common/src/com/netscape/cmscore/util/Debug.java b/pki/base/common/src/com/netscape/cmscore/util/Debug.java
index 417f3159..9e0a0d82 100644
--- a/pki/base/common/src/com/netscape/cmscore/util/Debug.java
+++ b/pki/base/common/src/com/netscape/cmscore/util/Debug.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cmscore.util;
 
-
 import java.io.FileOutputStream;
 import java.io.OutputStream;
 import java.io.PrintStream;
@@ -30,29 +29,28 @@ import com.netscape.certsrv.base.IConfigStore;
 import com.netscape.certsrv.base.ISubsystem;
 import com.netscape.cmsutil.util.Utils;
 
-
 public class Debug
-    implements ISubsystem {
+        implements ISubsystem {
 
     private static Debug mInstance = new Debug();
     private static boolean mShowCaller = false;
 
-
-	/* This dateformatter is used to put the date on each
-	   debug line. But the DateFormatter is not thread safe,
-	   so I create a thread-local DateFormatter for each thread
-	 */
+    /*
+     * This dateformatter is used to put the date on each debug line. But the
+     * DateFormatter is not thread safe, so I create a thread-local
+     * DateFormatter for each thread
+     */
     private static String DATE_PATTERN = "dd/MMM/yyyy:HH:mm:ss";
     private static ThreadLocal mFormatObject = new ThreadLocal() {
-			protected synchronized Object initialValue() {
-				return new SimpleDateFormat(DATE_PATTERN);
-			}
-	}; 
+        protected synchronized Object initialValue() {
+            return new SimpleDateFormat(DATE_PATTERN);
+        }
+    };
 
-	/* the dateformatter should be accessed with this function */
-	private static SimpleDateFormat getDateFormatter() {
-		return ((SimpleDateFormat)(mFormatObject.get()));
-	}
+    /* the dateformatter should be accessed with this function */
+    private static SimpleDateFormat getDateFormatter() {
+        return ((SimpleDateFormat) (mFormatObject.get()));
+    }
 
     public static final boolean ON = false;
     public static final int OBNOXIOUS = 10;
@@ -62,10 +60,10 @@ public class Debug
     // the difference between this and 'ON' is that this is always
     // guaranteed to log to 'mOut', whereas other parts of the server
     // may do:
-    //  if (Debug.ON) {
-    //     System.out.println("..");
-    //	}
-    // I want to make sure that any Debug.trace() is not logged to 
+    // if (Debug.ON) {
+    // System.out.println("..");
+    // }
+    // I want to make sure that any Debug.trace() is not logged to
     // System.out if the server is running under watchdog
 
     private static boolean TRACE_ON = false;
@@ -73,7 +71,7 @@ public class Debug
     private static int mDebugLevel = VERBOSE;
 
     private static PrintStream mOut = null;
-	private static Hashtable mHK = null;
+    private static Hashtable mHK = null;
 
     static {
         if (TRACE_ON == true) {
@@ -88,98 +86,104 @@ public class Debug
     /**
      * Output a debug message at the output stream sepcified in the init()
      * method. This method is very lightweight if debugging is turned off, since
-     *   it will return immediately. However, the caller should be aware that
-     *   if the argument to Debug.trace() is an object whose toString() is
-     *   expensive, that this toString() will still be called in any case.
-     *   In such a case, it is wise to wrap the Debug.trace like this: <pre>
-     *   if (Debug.on()) { Debug.trace("obj is: "+obj); }
-     *   </pre>
+     * it will return immediately. However, the caller should be aware that if
+     * the argument to Debug.trace() is an object whose toString() is expensive,
+     * that this toString() will still be called in any case. In such a case, it
+     * is wise to wrap the Debug.trace like this:
+     * 
+     * <pre>
+     * if (Debug.on()) {
+     *     Debug.trace(&quot;obj is: &quot; + obj);
+     * }
+     * </pre>
+     * 
      * @param level the message level. If this is >= than the currently set
-     *    level (set with setLevel() ), the message is printed
+     *            level (set with setLevel() ), the message is printed
      * @param t the message to print
-     * @param ignoreStack when walking the stack to determine the
-     *   location of the method that called the trace() method,
-     *   ignore any classes with this string in. Can be null
-     * @param printCaller if true, (and if static mShowCaller is true)
-     *    dump caller information in this format:
-     *    (source-file:line) methodname():
+     * @param ignoreStack when walking the stack to determine the location of
+     *            the method that called the trace() method, ignore any classes
+     *            with this string in. Can be null
+     * @param printCaller if true, (and if static mShowCaller is true) dump
+     *            caller information in this format: (source-file:line)
+     *            methodname():
      */
     public static void trace(int level, String t, String ignoreStack, boolean printCaller) {
-		String callerinfo = "";
-        if (!TRACE_ON) return;
+        String callerinfo = "";
+        if (!TRACE_ON)
+            return;
         if (level >= mDebugLevel) {
             if (mShowCaller && printCaller) {
                 String method = "";
                 String fileAndLine = "";
 
                 try {
-					Throwable tr = new Throwable();
-					StackTraceElement ste[] = tr.getStackTrace();
-					int i=0;
-					while ((i < ste.length) && 
-						(ste[i].getMethodName().toLowerCase().indexOf("debug") >-1) ||
-						(ste[i].getMethodName().toLowerCase().indexOf("hashkey") >-1) ||
-						(ste[i].getClassName().toLowerCase().indexOf("propconfigstore") >-1) ||
-						(ste[i].getClassName().toLowerCase().indexOf("argblock") >-1) ||
-						(ste[i].getClassName().toLowerCase().indexOf("debug") >-1) ||
-						(ste[i].getMethodName().toLowerCase().indexOf("trace") >-1)) i++;
-
-					if (i < ste.length) {
-						fileAndLine = ste[i].getFileName()+":"+
-							ste[i].getLineNumber();
-						method = ste[i].getMethodName()+"()";
-					}
-
-					callerinfo = fileAndLine +":"+ method + " ";
+                    Throwable tr = new Throwable();
+                    StackTraceElement ste[] = tr.getStackTrace();
+                    int i = 0;
+                    while ((i < ste.length) &&
+                            (ste[i].getMethodName().toLowerCase().indexOf("debug") > -1) ||
+                            (ste[i].getMethodName().toLowerCase().indexOf("hashkey") > -1) ||
+                            (ste[i].getClassName().toLowerCase().indexOf("propconfigstore") > -1) ||
+                            (ste[i].getClassName().toLowerCase().indexOf("argblock") > -1) ||
+                            (ste[i].getClassName().toLowerCase().indexOf("debug") > -1) ||
+                            (ste[i].getMethodName().toLowerCase().indexOf("trace") > -1))
+                        i++;
+
+                    if (i < ste.length) {
+                        fileAndLine = ste[i].getFileName() + ":" +
+                                ste[i].getLineNumber();
+                        method = ste[i].getMethodName() + "()";
+                    }
+
+                    callerinfo = fileAndLine + ":" + method + " ";
                 } catch (Exception f) {
                 }
             }
-		
-			outputTraceMessage(callerinfo + t);
+
+            outputTraceMessage(callerinfo + t);
         }
     }
-	
-	private static void outputTraceMessage(String t)
-	{
-        if (!TRACE_ON) return;
-		SimpleDateFormat d = getDateFormatter();
+
+    private static void outputTraceMessage(String t) {
+        if (!TRACE_ON)
+            return;
+        SimpleDateFormat d = getDateFormatter();
         if (mOut != null && d != null) {
             mOut.println("[" + d.format(new Date()) + "][" + Thread.currentThread().getName() + "]: " + t);
             mOut.flush();
-            }
-	}
+        }
+    }
 
-	private static boolean hkdotype(String type)
-	{
-		if (mHK!= null && mHK.get(type) != null) {
-			return true;
-		} else {
-			return false;
-		}
-	}
+    private static boolean hkdotype(String type) {
+        if (mHK != null && mHK.get(type) != null) {
+            return true;
+        } else {
+            return false;
+        }
+    }
 
     public static void traceHashKey(String type, String key) {
-		if (hkdotype(type)) {
-           	trace("GET r=" + type+ ",k=" + key);
+        if (hkdotype(type)) {
+            trace("GET r=" + type + ",k=" + key);
         }
     }
 
     public static void traceHashKey(String type, String key, String val) {
-		if (hkdotype(type)) {
-            trace("GET r=" + type+ ",k=" + key + ",v=" + val);
+        if (hkdotype(type)) {
+            trace("GET r=" + type + ",k=" + key + ",v=" + val);
         }
     }
 
     public static void traceHashKey(String type, String key, String val, String def) {
-		if (hkdotype(type)) {
-            trace("GET r=" + type+ ",k=" +
-					 key + ",v=" + val +",d="+def);
+        if (hkdotype(type)) {
+            trace("GET r=" + type + ",k=" +
+                     key + ",v=" + val + ",d=" + def);
         }
-	}
+    }
 
     public static void putHashKey(String type, String key, String value) {
-		if (hkdotype(type)) {
-            outputTraceMessage("PUT r=" + type+ ",k=" + key + ",v=" + value);
+        if (hkdotype(type)) {
+            outputTraceMessage("PUT r=" + type + ",k=" + key + ",v=" + value);
         }
     }
 
@@ -188,7 +192,8 @@ public class Debug
     }
 
     public static void print(int level, String t) {
-        if (!TRACE_ON) return;
+        if (!TRACE_ON)
+            return;
         if (mOut != null) {
             if (level >= mDebugLevel)
                 mOut.print(t);
@@ -200,24 +205,30 @@ public class Debug
     }
 
     private static void printNybble(byte b) {
-        if (mOut == null) return;
-        if (b < 10) mOut.write('0' + b);
-        else mOut.write('a' + b - 10);
+        if (mOut == null)
+            return;
+        if (b < 10)
+            mOut.write('0' + b);
+        else
+            mOut.write('a' + b - 10);
     }
 
     /**
-     * If tracing enabled, dump a byte array to debugging printstream
-     * as hex, colon-seperated bytes, 16 bytes to a line
+     * If tracing enabled, dump a byte array to debugging printstream as hex,
+     * colon-seperated bytes, 16 bytes to a line
      */
     public static void print(byte[] b) {
-        if (!TRACE_ON) return;
-        if (mOut == null) return;
+        if (!TRACE_ON)
+            return;
+        if (mOut == null)
+            return;
 
         for (int i = 0; i < b.length; i++) {
             printNybble((byte) ((b[i] & 0xf0) >> 4));
             printNybble((byte) (b[i] & 0x0f));
             mOut.print(" ");
-            if (((i % 16) == 15) && i != b.length) mOut.println("");
+            if (((i % 16) == 15) && i != b.length)
+                mOut.println("");
         }
         mOut.println("");
         mOut.flush();
@@ -227,29 +238,35 @@ public class Debug
      * Print the current stack trace to the debug printstream
      */
     public static void printStackTrace() {
-        if (!TRACE_ON) return;
+        if (!TRACE_ON)
+            return;
         Exception e = new Exception("Debug");
 
         printStackTrace(e);
     }
 
     /**
-     * Print the stack trace of the named exception 
-     * to the debug printstream
+     * Print the stack trace of the named exception to the debug printstream
      */
     public static void printStackTrace(Throwable e) {
-        if (!TRACE_ON) return;
-        if (mOut == null) return;
+        if (!TRACE_ON)
+            return;
+        if (mOut == null)
+            return;
 
         e.printStackTrace(mOut);
     }
 
     /**
-     * Set the current debugging level. You can use: <pre>
+     * Set the current debugging level. You can use:
+     * 
+     * <pre>
      * OBNOXIOUS = 10
      * VERBOSE   = 5
      * INFORM    = 1
-     * </pre> Or another value
+     * </pre>
+     * 
+     * Or another value
      */
 
     public static void setLevel(int level) {
@@ -263,15 +280,15 @@ public class Debug
     /**
      * Test if debugging is on. Do NOT write to System.out in your debug code
      */
-    public static boolean on() { 
+    public static boolean on() {
         return TRACE_ON;
     }
 
-    /*  ISubsystem methods: */
+    /* ISubsystem methods: */
 
     public static String ID = "debug";
     private static IConfigStore mConfig = null;
-	
+
     public String getId() {
         return ID;
     }
@@ -288,8 +305,10 @@ public class Debug
     private static final String PROP_APPEND = "append";
 
     /**
-     * Debug subsystem initialization. This subsystem is usually
-     * given the following parameters: <pre>
+     * Debug subsystem initialization. This subsystem is usually given the
+     * following parameters:
+     * 
+     * <pre>
      * debug.enabled   : (true|false) default false
      * debug.filename  : can be a pathname, or STDOUT
      * debug.hashkeytypes: comma-separated list of hashkey types
@@ -301,7 +320,7 @@ public class Debug
         mConfig = config;
         String filename = null;
         String hashkeytypes = null;
-		boolean append=true;
+        boolean append = true;
 
         try {
             TRACE_ON = mConfig.getBoolean(PROP_ENABLED, false);
@@ -318,32 +337,32 @@ public class Debug
                 if (filename.equals("STDOUT")) {
                     mOut = System.out;
                 } else {
-                    if( !Utils.isNT() ) {
+                    if (!Utils.isNT()) {
                         // Always insure that a physical file exists!
-                        Utils.exec( "touch " + filename );
-                        Utils.exec( "chmod 00640 " + filename );
+                        Utils.exec("touch " + filename);
+                        Utils.exec("chmod 00640 " + filename);
                     }
                     OutputStream os = new FileOutputStream(filename, append);
-                    mOut = new PrintStream(os, true);  /* true == autoflush */
+                    mOut = new PrintStream(os, true); /* true == autoflush */
                 }
                 if (hashkeytypes != null) {
-					StringTokenizer st = new StringTokenizer(hashkeytypes,
-							",", false);
-					mHK = new Hashtable();
-					while (st.hasMoreElements()) {
-						String hkr = st.nextToken();
-						mHK.put(hkr, "true");
-					}
+                    StringTokenizer st = new StringTokenizer(hashkeytypes,
+                            ",", false);
+                    mHK = new Hashtable();
+                    while (st.hasMoreElements()) {
+                        String hkr = st.nextToken();
+                        mHK.put(hkr, "true");
+                    }
                 }
             }
-			outputTraceMessage("============================================");
-			outputTraceMessage("=====  DEBUG SUBSYSTEM INITIALIZED   =======");
-			outputTraceMessage("============================================");
+            outputTraceMessage("============================================");
+            outputTraceMessage("=====  DEBUG SUBSYSTEM INITIALIZED   =======");
+            outputTraceMessage("============================================");
             int level = mConfig.getInteger(PROP_LEVEL, VERBOSE);
             setLevel(level);
         } catch (Exception e) {
             // Don't do anything. Logging is not set up yet, and
-            // we can't write to STDOUT. 
+            // we can't write to STDOUT.
         }
     }
 
@@ -364,4 +383,3 @@ public class Debug
     }
 
 }
-
diff --git a/pki/base/common/src/com/netscape/cmscore/util/ExceptionFormatter.java b/pki/base/common/src/com/netscape/cmscore/util/ExceptionFormatter.java
index 8479c757..1ba708cb 100644
--- a/pki/base/common/src/com/netscape/cmscore/util/ExceptionFormatter.java
+++ b/pki/base/common/src/com/netscape/cmscore/util/ExceptionFormatter.java
@@ -17,21 +17,19 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cmscore.util;
 
-
 import java.io.PipedInputStream;
 import java.io.PipedOutputStream;
 import java.io.PrintWriter;
 
-
 public class ExceptionFormatter {
 
     /**
-     * Routines for pretty-printing java exceptions
-     * prints okay in a single-line.
+     * Routines for pretty-printing java exceptions prints okay in a
+     * single-line.
      */
     /*
-     * Take an exception stacktrace, and reformat it so that is
-     * prints okay in a single-line.
+     * Take an exception stacktrace, and reformat it so that is prints okay in a
+     * single-line.
      */
 
     public static String getStackTraceAsString(Throwable e) {
@@ -39,7 +37,7 @@ public class ExceptionFormatter {
 
         try {
             PipedOutputStream po = new PipedOutputStream();
-            PipedInputStream  pi = new PipedInputStream(po);
+            PipedInputStream pi = new PipedInputStream(po);
 
             PrintWriter ps = new PrintWriter(po);
 
@@ -48,7 +46,7 @@ public class ExceptionFormatter {
 
             int avail = pi.available();
             byte[] b = new byte[avail];
-		
+
             pi.read(b, 0, avail);
             returnvalue = new String(b);
         } catch (Exception ex) {
@@ -60,7 +58,7 @@ public class ExceptionFormatter {
     /* test code below */
 
     public static void test()
-        throws TestException {
+            throws TestException {
         throw new TestException("** testexception **");
     }
 
@@ -79,7 +77,6 @@ public class ExceptionFormatter {
 
 }
 
-
 class TestException extends Exception {
 
     /**
@@ -95,4 +92,3 @@ class TestException extends Exception {
     }
 
 }
-
diff --git a/pki/base/common/src/com/netscape/cmscore/util/FileAsString.java b/pki/base/common/src/com/netscape/cmscore/util/FileAsString.java
index c0ae1faa..6b97353b 100644
--- a/pki/base/common/src/com/netscape/cmscore/util/FileAsString.java
+++ b/pki/base/common/src/com/netscape/cmscore/util/FileAsString.java
@@ -17,25 +17,22 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cmscore.util;
 
-
 import java.io.BufferedReader;
 import java.io.File;
 import java.io.FileReader;
 import java.io.IOException;
 
-
 public class FileAsString {
 
     protected String mFilename;
     protected long mLastRead = 0;
-	
+
     private String fileContents = null;
     private Object userObject = null;
-	
+
     /**
-     * This class enables you to get treat a file as a string
-     * If the file changes underneath you, it will automatically
-     * be read
+     * This class enables you to get treat a file as a string If the file
+     * changes underneath you, it will automatically be read
      */
     public FileAsString(String filename) throws IOException {
         mFilename = filename;
@@ -50,7 +47,7 @@ public class FileAsString {
     }
 
     private void readFile()
-        throws IOException {
+            throws IOException {
         BufferedReader br = createBufferedReader(mFilename);
         StringBuffer buf = new StringBuffer("");
         int bytesread = 0;
@@ -63,15 +60,14 @@ public class FileAsString {
                 buf.append(cbuf, 0, bytesread);
             }
             String s = new String(buf);
-        }
-        while (bytesread != -1);
+        } while (bytesread != -1);
         br.close();
 
         fileContents = new String(buf);
     }
-		
-    private BufferedReader createBufferedReader(String filename) 
-        throws IOException {
+
+    private BufferedReader createBufferedReader(String filename)
+            throws IOException {
         Debug.trace("createBufferedReader(filename=" + filename + ")");
         BufferedReader br = null;
         FileReader fr = null;
@@ -84,13 +80,13 @@ public class FileAsString {
             br = new BufferedReader(fr);
             mFilename = filename;
         } catch (IOException e) {
-        	throw e;
+            throw e;
         }
         return br;
     }
-			
-    public String getAsString() 
-        throws IOException {
+
+    public String getAsString()
+            throws IOException {
         if (fileHasChanged()) {
             readFile();
         }
@@ -111,9 +107,9 @@ public class FileAsString {
     public void setUserObject(Object x) {
         userObject = x;
     }
-	
+
     public String getFilename() {
         return mFilename;
     }
-		
+
 }
diff --git a/pki/base/common/src/com/netscape/cmscore/util/FileDialogFilter.java b/pki/base/common/src/com/netscape/cmscore/util/FileDialogFilter.java
index 37410533..1277a8da 100644
--- a/pki/base/common/src/com/netscape/cmscore/util/FileDialogFilter.java
+++ b/pki/base/common/src/com/netscape/cmscore/util/FileDialogFilter.java
@@ -17,20 +17,18 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cmscore.util;
 
-
 import java.io.File;
 import java.io.FilenameFilter;
 
-
 /**
- * checks the filename and directory with the specified filter
- * checks with multiple "*".
- * the filter has to start with a '*' character.
- * this to keep the search the same as in the motif version
+ * checks the filename and directory with the specified filter checks with
+ * multiple "*". the filter has to start with a '*' character. this to keep the
+ * search the same as in the motif version
  * <P>
- * Copied verbatium from sun.awt.tiny.TinyFileDialogPeer.  Used by 
- * RollingLogFile expiration code
+ * Copied verbatium from sun.awt.tiny.TinyFileDialogPeer. Used by RollingLogFile
+ * expiration code
  * <P>
+ * 
  * @author mikep
  * @version $Revision$, $Date$
  */
@@ -50,25 +48,25 @@ public class FileDialogFilter implements FilenameFilter {
      * return true if match
      */
     public boolean accept(File dir, String fileName) {
-    	
+
         File f = new File(dir, fileName);
-	
+
         if (f.isDirectory()) {
             return true;
         } else {
             return searchPattern(fileName, filter);
         }
     }
-	
-    /** 
-     * start searching 
+
+    /**
+     * start searching
      */
     boolean searchPattern(String fileName, String filter) {
         int filterCursor = 0;
         int fileNameCursor = 0;
 
         int filterChar = filter.charAt(filterCursor);
-	    
+
         if (filterCursor == 0 && filterChar != '*') {
             return false;
         }
@@ -85,17 +83,17 @@ public class FileDialogFilter implements FilenameFilter {
         int flLen = fileName.length();
         char ftChar;
         char flChar;
-        int  ftCur = 0;
-        int  flCur = 0;
+        int ftCur = 0;
+        int flCur = 0;
         int c = 0;
-	
+
         if (ftLen == 0) {
             return true;
         }
 
         while (c < flLen) {
-            ftChar = filter.charAt(ftCur); 
-		
+            ftChar = filter.charAt(ftCur);
+
             if (ftChar == '*') {
                 String ls = filter.substring(ftCur + 1);
                 String fs = fileName.substring(flCur);
@@ -109,11 +107,11 @@ public class FileDialogFilter implements FilenameFilter {
                 continue;
             }
             flChar = fileName.charAt(flCur);
-	    
+
             if (ftChar == flChar) {
                 ftCur++;
                 flCur++;
-		
+
                 if (flCur == flLen && ftCur == ftLen) {
                     return true;
                 }
@@ -134,9 +132,9 @@ public class FileDialogFilter implements FilenameFilter {
                 }
             }
         }
-    	
+
         for (int i = ftCur; i < ftLen; i++) {
-            ftChar = filter.charAt(i); 
+            ftChar = filter.charAt(i);
             if (ftChar != '*') {
                 return false;
             }
@@ -144,4 +142,3 @@ public class FileDialogFilter implements FilenameFilter {
         return true;
     }
 }
-
diff --git a/pki/base/common/src/com/netscape/cmscore/util/OsSubsystem.java b/pki/base/common/src/com/netscape/cmscore/util/OsSubsystem.java
index 05118b9e..5568974b 100644
--- a/pki/base/common/src/com/netscape/cmscore/util/OsSubsystem.java
+++ b/pki/base/common/src/com/netscape/cmscore/util/OsSubsystem.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cmscore.util;
 
-
 import java.io.BufferedWriter;
 import java.io.File;
 import java.io.FileOutputStream;
@@ -36,13 +35,12 @@ import com.netscape.osutil.Signal;
 import com.netscape.osutil.SignalListener;
 import com.netscape.osutil.UserID;
 
-
 /**
- * This object contains the OS independent interfaces.  It's currently
- * used for Unix signal and user handling, but could eventually be extended
- * for NT interfaces.
+ * This object contains the OS independent interfaces. It's currently used for
+ * Unix signal and user handling, but could eventually be extended for NT
+ * interfaces.
  * <P>
- *
+ * 
  * @author mikep
  * @version $Revision$, $Date$
  */
@@ -86,16 +84,15 @@ public final class OsSubsystem implements ISubsystem {
     }
 
     /**
-     * Initializes this subsystem with the given configuration
-     * store.
+     * Initializes this subsystem with the given configuration store.
      * <P>
-     *
+     * 
      * @param owner owner of this subsystem
      * @param config configuration store
      * @exception EBaseException failed to initialize
      */
     public void init(ISubsystem owner, IConfigStore config)
-        throws EBaseException {
+            throws EBaseException {
 
         mOwner = owner;
         mConfig = config;
@@ -105,12 +102,12 @@ public final class OsSubsystem implements ISubsystem {
 
         // We currently only deal with Unix and NT
         if (isUnix()) {
-            //initUnix();
+            // initUnix();
         } else {
             initNT();
         }
         try {
-            //System.out.println(" The dir I'm seeing is " + mInstanceDir);
+            // System.out.println(" The dir I'm seeing is " + mInstanceDir);
             String pidName = mInstanceDir + File.separator + "config" + File.separator + "cert-pid";
             BufferedWriter pidOut = new BufferedWriter(new FileWriter(pidName));
             int pid = OsSubsystem.getpid();
@@ -119,8 +116,8 @@ public final class OsSubsystem implements ISubsystem {
             pidOut.close();
             OSUtil.getFileWriteLock(pidName);
         } catch (Exception e) {
-            //XX to stderr XXXXXX
-            //e.printStackTrace();
+            // XX to stderr XXXXXX
+            // e.printStackTrace();
         }
     }
 
@@ -149,20 +146,22 @@ public final class OsSubsystem implements ISubsystem {
                 fos.close();
             } catch (IOException e) {
 
-                /*LogDoc
-                 *
+                /*
+                 * LogDoc
+                 * 
                  * @phase start OS subsystem
+                 * 
                  * @message OS: <exception thrown>
                  */
                 mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER,
-                    ILogger.LL_FAILURE, "OS: " + e.toString());
+                        ILogger.LL_FAILURE, "OS: " + e.toString());
             }
         }
     }
 
     /**
-     * Returns the process ID of the Certificate Server process. Works
-     * on Unix and NT.
+     * Returns the process ID of the Certificate Server process. Works on Unix
+     * and NT.
      */
     public static int getpid() {
         if (isUnix()) {
@@ -173,7 +172,7 @@ public final class OsSubsystem implements ISubsystem {
     }
 
     /**
-     * Used to change the process user id usually called after the appropriate 
+     * Used to change the process user id usually called after the appropriate
      * network ports have been opened.
      */
     public void setUserId() throws EBaseException {
@@ -188,42 +187,50 @@ public final class OsSubsystem implements ISubsystem {
         // Change the userid to the prefered Unix user
         if (userid == null) {
 
-            /*LogDoc
-             *
+            /*
+             * LogDoc
+             * 
              * @phase set user id
+             * 
              * @arg0 default user id
              */
             mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER,
-                ILogger.LL_FAILURE, 
-                "OS: No user id in config file.  Running as {0}", id);
+                    ILogger.LL_FAILURE,
+                    "OS: No user id in config file.  Running as {0}", id);
         } else {
-            Object[] params = {userid, id};
+            Object[] params = { userid, id };
 
             try {
                 UserID.set(userid);
             } catch (IllegalArgumentException e) {
 
-                /*LogDoc
-                 *
+                /*
+                 * LogDoc
+                 * 
                  * @phase set user id
+                 * 
                  * @arg0 supplied user id in config
+                 * 
                  * @arg1 default user id
                  */
-                mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER, 
-                    ILogger.LL_FAILURE,
-                    "OS: No such user as {0}.  Running as {1}", params);
+                mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER,
+                        ILogger.LL_FAILURE,
+                        "OS: No such user as {0}.  Running as {1}", params);
             } catch (SecurityException e) {
 
-                /*LogDoc
-                 *
+                /*
+                 * LogDoc
+                 * 
                  * @phase set user id
+                 * 
                  * @arg0 supplied user id in config
+                 * 
                  * @arg1 default user id
                  */
                 mLogger.log(ILogger.EV_SYSTEM, ILogger.S_OTHER,
-                    ILogger.LL_FAILURE, 
-                    "OS: Can't change process uid to {0}. Running as {1}", 
-                    params);
+                        ILogger.LL_FAILURE,
+                        "OS: Can't change process uid to {0}. Running as {1}",
+                        params);
             }
         }
     }
@@ -232,9 +239,8 @@ public final class OsSubsystem implements ISubsystem {
     }
 
     /**
-     * Stops the watchdog.  You need to call this if you want the
-     * server to really shutdown, otherwise the watchdog will just
-     * restart us.
+     * Stops the watchdog. You need to call this if you want the server to
+     * really shutdown, otherwise the watchdog will just restart us.
      * <P>
      */
     public static void stop() {
@@ -243,13 +249,14 @@ public final class OsSubsystem implements ISubsystem {
             Signal.send(LibC.getppid(), Signal.SIGTERM);
         } else {
 
-            /*LogDoc
-             *
+            /*
+             * LogDoc
+             * 
              * @phase stop watchdog
              */
             CMS.getLogger().log(ILogger.EV_SYSTEM, ILogger.S_OTHER,
-                ILogger.LL_INFO, 
-                "OS: stop the NT watchdog!");
+                    ILogger.LL_INFO,
+                    "OS: stop the NT watchdog!");
         }
     }
 
@@ -272,15 +279,16 @@ public final class OsSubsystem implements ISubsystem {
     private static void shutdownUnix() {
 
         // Don't accidentally stop this thread
-        //if (Thread.currentThread() != mSignalThread && mSignalThread != null) {
-        //	mSignalThread.stop();
-        //	mSignalThread = null;
-        //}
-		
-        /* Don't release this signals to protect the process
-         Signal.release(Signal.SIGHUP); 
-         Signal.release(Signal.SIGTERM);
-         Signal.release(Signal.SIGINT);
+        // if (Thread.currentThread() != mSignalThread && mSignalThread != null)
+        // {
+        // mSignalThread.stop();
+        // mSignalThread = null;
+        // }
+
+        /*
+         * Don't release this signals to protect the process
+         * Signal.release(Signal.SIGHUP); Signal.release(Signal.SIGTERM);
+         * Signal.release(Signal.SIGINT);
          */
     }
 
@@ -298,18 +306,14 @@ public final class OsSubsystem implements ISubsystem {
     public void restart() {
 
         /**
-         if (isUnix()) {
-         restartUnix();
-         } else {
-         restartNT();
-         }
+         * if (isUnix()) { restartUnix(); } else { restartNT(); }
          **/
     }
 
     /**
      * Returns the root configuration storage of this system.
      * <P>
-     *
+     * 
      * @return configuration store of this subsystem
      */
     public IConfigStore getConfigStore() {
@@ -317,10 +321,11 @@ public final class OsSubsystem implements ISubsystem {
     }
 
     /**
-     * A universal routine to decide if we are Unix or something else.
-     * This is mostly used for signal handling and uids.
-     *
+     * A universal routine to decide if we are Unix or something else. This is
+     * mostly used for signal handling and uids.
+     * 
      * <P>
+     * 
      * @return true if these OS the JavaVM is running on is some Unix varient
      */
     public static boolean isUnix() {
@@ -329,8 +334,8 @@ public final class OsSubsystem implements ISubsystem {
     }
 
     /**
-     * Unix signal thread.  Sleep for a second and then check on the
-     * signals we're interested in.  If one is set, do the right stuff
+     * Unix signal thread. Sleep for a second and then check on the signals
+     * we're interested in. If one is set, do the right stuff
      */
     final class SignalThread extends Thread {
 
@@ -360,16 +365,17 @@ public final class OsSubsystem implements ISubsystem {
 
                 // wants us to exit?
                 if (Signal.caught(Signal.SIGINT) > 0 ||
-                    Signal.caught(Signal.SIGTERM) > 0) {
+                        Signal.caught(Signal.SIGTERM) > 0) {
 
-                    /*LogDoc
-                     *
+                    /*
+                     * LogDoc
+                     * 
                      * @phase watchdog check
                      */
-                    mLogger.log(ILogger.EV_SYSTEM, 
-                        ILogger.S_OTHER, 
-                        ILogger.LL_INFO,
-                        "OS: Received shutdown signal");
+                    mLogger.log(ILogger.EV_SYSTEM,
+                            ILogger.S_OTHER,
+                            ILogger.LL_INFO,
+                            "OS: Received shutdown signal");
                     SubsystemRegistry.getInstance().get("MAIN").shutdown();
                     return;
                 }
@@ -377,14 +383,15 @@ public final class OsSubsystem implements ISubsystem {
                 // Tell to restart us
                 if (Signal.caught(Signal.SIGHUP) > 0) {
 
-                    /*LogDoc
-                     *
+                    /*
+                     * LogDoc
+                     * 
                      * @phase watchdog check
                      */
-                    mLogger.log(ILogger.EV_SYSTEM, 
-                        ILogger.S_OTHER, 
-                        ILogger.LL_INFO,
-                        "OS: Received restart signal");
+                    mLogger.log(ILogger.EV_SYSTEM,
+                            ILogger.S_OTHER,
+                            ILogger.LL_INFO,
+                            "OS: Received restart signal");
                     restart();
                     return;
                 }
@@ -395,9 +402,9 @@ public final class OsSubsystem implements ISubsystem {
     }
 }
 
-
 class SIGTERMListener extends SignalListener {
     private OsSubsystem mOS;
+
     public SIGTERMListener(OsSubsystem os) {
         mOS = os;
     }
@@ -406,13 +413,13 @@ class SIGTERMListener extends SignalListener {
         System.out.println("SIGTERMListener process");
         // XXX - temp, should call shutdown
         System.exit(0);
-        //PKIServer.getPKIServer().shutdown();
+        // PKIServer.getPKIServer().shutdown();
     }
 }
 
-
 class SIGINTListener extends SignalListener {
     private OsSubsystem mOS;
+
     public SIGINTListener(OsSubsystem os) {
         mOS = os;
     }
@@ -421,13 +428,13 @@ class SIGINTListener extends SignalListener {
         System.out.println("SIGINTListener process");
         // XXX - temp, should call shutdown
         System.exit(0);
-        //PKIServer.getPKIServer().shutdown();
+        // PKIServer.getPKIServer().shutdown();
     }
 }
 
-
 class SIGHUPListener extends SignalListener {
     private OsSubsystem mOS;
+
     public SIGHUPListener(OsSubsystem os) {
         mOS = os;
     }
@@ -436,6 +443,6 @@ class SIGHUPListener extends SignalListener {
         System.out.println("SIGHUPListener process");
         // XXX - temp, should call shutdown
         // System.exit(0);
-        //PKIServer.getPKIServer().shutdown();
+        // PKIServer.getPKIServer().shutdown();
     }
 }
diff --git a/pki/base/common/src/com/netscape/cmscore/util/PFXUtils.java b/pki/base/common/src/com/netscape/cmscore/util/PFXUtils.java
index 7cde72cc..2107a28f 100644
--- a/pki/base/common/src/com/netscape/cmscore/util/PFXUtils.java
+++ b/pki/base/common/src/com/netscape/cmscore/util/PFXUtils.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cmscore.util;
 
-
 import java.io.ByteArrayOutputStream;
 import java.security.MessageDigest;
 import java.security.cert.X509Certificate;
@@ -40,14 +39,13 @@ import org.mozilla.jss.pkix.primitive.PrivateKeyInfo;
 import com.netscape.certsrv.apps.CMS;
 import com.netscape.certsrv.base.EBaseException;
 
-
 public class PFXUtils {
 
     /**
      * Creates a PKCS12 package.
      */
-    public static byte[] createPFX(String pwd, X509Certificate x509cert, 
-        byte privateKeyInfo[]) throws EBaseException {
+    public static byte[] createPFX(String pwd, X509Certificate x509cert,
+            byte privateKeyInfo[]) throws EBaseException {
         try {
             // add certificate
             SEQUENCE encSafeContents = new SEQUENCE();
@@ -64,24 +62,24 @@ public class PFXUtils {
             encSafeContents.addElement(certBag);
 
             // add key
-            org.mozilla.jss.util.Password pass = new 
-                org.mozilla.jss.util.Password(
-                    pwd.toCharArray());
+            org.mozilla.jss.util.Password pass = new
+                    org.mozilla.jss.util.Password(
+                            pwd.toCharArray());
 
             SEQUENCE safeContents = new SEQUENCE();
-            PasswordConverter passConverter = new 
-                PasswordConverter();
+            PasswordConverter passConverter = new
+                    PasswordConverter();
 
             // XXX - should generate salt
-            byte salt[] = {0x01, 0x01, 0x01, 0x01};
+            byte salt[] = { 0x01, 0x01, 0x01, 0x01 };
             PrivateKeyInfo pki = (PrivateKeyInfo)
-                ASN1Util.decode(PrivateKeyInfo.getTemplate(),
-                    privateKeyInfo);
+                    ASN1Util.decode(PrivateKeyInfo.getTemplate(),
+                            privateKeyInfo);
             ASN1Value key = EncryptedPrivateKeyInfo.createPBE(
-                    PBEAlgorithm.PBE_SHA1_DES3_CBC, 
+                    PBEAlgorithm.PBE_SHA1_DES3_CBC,
                     pass, salt, 1, passConverter, pki);
             SET keyAttrs = createBagAttrs(
-                    x509cert.getSubjectDN().toString(), 
+                    x509cert.getSubjectDN().toString(),
                     localKeyId);
             SafeBag keyBag = new SafeBag(
                     SafeBag.PKCS8_SHROUDED_KEY_BAG, key,
@@ -90,21 +88,21 @@ public class PFXUtils {
             safeContents.addElement(keyBag);
 
             // build contents
-            AuthenticatedSafes authSafes = new 
-                AuthenticatedSafes();
+            AuthenticatedSafes authSafes = new
+                    AuthenticatedSafes();
 
             authSafes.addSafeContents(safeContents);
             authSafes.addSafeContents(encSafeContents);
 
-            //                      authSafes.addEncryptedSafeContents(
-            //                              authSafes.DEFAULT_KEY_GEN_ALG,
-            //                              pass, null, 1,
-            //                              encSafeContents);
+            // authSafes.addEncryptedSafeContents(
+            // authSafes.DEFAULT_KEY_GEN_ALG,
+            // pass, null, 1,
+            // encSafeContents);
             PFX pfx = new PFX(authSafes);
 
             pfx.computeMacData(pass, null, 5); // ??
-            ByteArrayOutputStream fos = new 
-                ByteArrayOutputStream();
+            ByteArrayOutputStream fos = new
+                    ByteArrayOutputStream();
 
             pfx.encode(fos);
             pass.clear();
@@ -113,8 +111,8 @@ public class PFXUtils {
             return fos.toByteArray();
         } catch (Exception e) {
             throw new EBaseException(
-                    CMS.getUserMessage("CMS_BASE_INTERNAL_ERROR", 
-                        "Failed to create PKCS12 - " + e.toString()));
+                    CMS.getUserMessage("CMS_BASE_INTERNAL_ERROR",
+                            "Failed to create PKCS12 - " + e.toString()));
         }
     }
 
@@ -122,7 +120,7 @@ public class PFXUtils {
      * Creates local key identifier.
      */
     public static byte[] createLocalKeyId(X509Certificate cert)
-        throws EBaseException {
+            throws EBaseException {
         try {
             byte certDer[] = cert.getEncoded();
             MessageDigest md = MessageDigest.getInstance("SHA");
@@ -131,8 +129,8 @@ public class PFXUtils {
             return md.digest();
         } catch (Exception e) {
             throw new EBaseException(
-                    CMS.getUserMessage("CMS_BASE_INTERNAL_ERROR", 
-                        "Failed to create Key ID - " + e.toString()));
+                    CMS.getUserMessage("CMS_BASE_INTERNAL_ERROR",
+                            "Failed to create Key ID - " + e.toString()));
         }
     }
 
@@ -140,7 +138,7 @@ public class PFXUtils {
      * Creates bag attributes.
      */
     public static SET createBagAttrs(String nickName, byte localKeyId[])
-        throws EBaseException {
+            throws EBaseException {
         try {
             SET attrs = new SET();
             SEQUENCE nickNameAttr = new SEQUENCE();
@@ -163,7 +161,7 @@ public class PFXUtils {
         } catch (Exception e) {
             throw new EBaseException(
                     CMS.getUserMessage("CMS_BASE_INTERNAL_ERROR",
-                        "Failed to create Key Bag - " + e.toString()));
+                            "Failed to create Key Bag - " + e.toString()));
         }
     }
 }
diff --git a/pki/base/common/src/com/netscape/cmscore/util/ProfileSubsystem.java b/pki/base/common/src/com/netscape/cmscore/util/ProfileSubsystem.java
index 2d8e63c9..9a86d828 100644
--- a/pki/base/common/src/com/netscape/cmscore/util/ProfileSubsystem.java
+++ b/pki/base/common/src/com/netscape/cmscore/util/ProfileSubsystem.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cmscore.util;
 
-
 import java.awt.Frame;
 import java.awt.TextArea;
 import java.awt.event.MouseAdapter;
@@ -39,11 +38,9 @@ import com.netscape.certsrv.base.EBaseException;
 import com.netscape.certsrv.base.IConfigStore;
 import com.netscape.certsrv.base.ISubsystem;
 
-
 /**
- * A class represents a internal subsystem. This subsystem
- * can be loaded into cert server kernel to perform
- * run time system profiling.
+ * A class represents a internal subsystem. This subsystem can be loaded into
+ * cert server kernel to perform run time system profiling.
  * <P>
  * 
  * @author thomask
@@ -82,35 +79,30 @@ public class ProfileSubsystem extends Frame implements ISubsystem, Runnable {
     }
 
     /**
-     * Initializes this subsystem with the given 
-     * configuration store.
-     * It first initializes resident subsystems,
-     * and it loads and initializes loadable
-     * subsystem specified in the configuration
-     * store.
+     * Initializes this subsystem with the given configuration store. It first
+     * initializes resident subsystems, and it loads and initializes loadable
+     * subsystem specified in the configuration store.
      * <P>
-     * Note that individual subsystem should be
-     * initialized in a separated thread if
-     * it has dependency on the initialization
-     * of other subsystems.
+     * Note that individual subsystem should be initialized in a separated
+     * thread if it has dependency on the initialization of other subsystems.
      * <P>
-     *
+     * 
      * @param owner owner of this subsystem
      * @param config configuration store
      */
     public synchronized void init(ISubsystem owner, IConfigStore config)
-        throws EBaseException {
+            throws EBaseException {
         JTabbedPane tabPane = new JTabbedPane();
 
         // general panel
         JPanel pane = new JPanel();
 
         mTextArea = new TextArea();
-        //    mTextArea.setSize(500, 180);
-        //mGC = new JButton("GC"); 
-        //  pane.setLayout(new GridLayout(2, 1));
+        // mTextArea.setSize(500, 180);
+        // mGC = new JButton("GC");
+        // pane.setLayout(new GridLayout(2, 1));
         pane.add(mTextArea);
-        //  pane.add(mGC);
+        // pane.add(mGC);
         mTextArea.setEditable(false);
         tabPane.addTab("General", mTextArea);
         tabPane.setSelectedIndex(0);
@@ -141,9 +133,8 @@ public class ProfileSubsystem extends Frame implements ISubsystem, Runnable {
     }
 
     /*
-     * Returns the root configuration storage of this system.
-     * <P>
-     *
+     * Returns the root configuration storage of this system. <P>
+     * 
      * @return configuration store of this subsystem
      */
     public IConfigStore getConfigStore() {
@@ -152,17 +143,17 @@ public class ProfileSubsystem extends Frame implements ISubsystem, Runnable {
 
     public void updateGeneralPanel() {
         Runtime.getRuntime().gc();
-        String text = 
-            "JDK VM Information " + "\n" +
-            "Total Memory: " +  
-            Runtime.getRuntime().totalMemory() + "\n" +
-            "Used Memory: " +  
-            (Runtime.getRuntime().totalMemory() - 
-                Runtime.getRuntime().freeMemory()) + "\n" +
-            "Free Memory: " +  
-            Runtime.getRuntime().freeMemory() + "\n" +
-            "Number of threads: " +  
-            Thread.activeCount() + "\n";
+        String text =
+                "JDK VM Information " + "\n" +
+                        "Total Memory: " +
+                        Runtime.getRuntime().totalMemory() + "\n" +
+                        "Used Memory: " +
+                        (Runtime.getRuntime().totalMemory() -
+                        Runtime.getRuntime().freeMemory()) + "\n" +
+                        "Free Memory: " +
+                        Runtime.getRuntime().freeMemory() + "\n" +
+                        "Number of threads: " +
+                        Thread.activeCount() + "\n";
 
         mTextArea.setText(text);
     }
@@ -197,7 +188,7 @@ public class ProfileSubsystem extends Frame implements ISubsystem, Runnable {
         colNames.addElement("isCurrent");
         colNames.addElement("isInterrupted");
         colNames.addElement("isDaemon");
-     
+
         mThreadModel.setInfo(data, colNames);
         if (mThreadTable != null) {
             mThreadTable.setModel(mThreadModel);
@@ -219,8 +210,7 @@ public class ProfileSubsystem extends Frame implements ISubsystem, Runnable {
     }
 }
 
-
-class ThreadTableModel extends AbstractTableModel { 
+class ThreadTableModel extends AbstractTableModel {
     /**
      *
      */
@@ -236,34 +226,33 @@ class ThreadTableModel extends AbstractTableModel {
         columnNames = _columnNames;
     }
 
-    public String getColumnName(int column) { 
-        return columnNames.elementAt(column).toString(); 
-    } 
+    public String getColumnName(int column) {
+        return columnNames.elementAt(column).toString();
+    }
 
-    public int getRowCount() { 
-        return rowData.size(); 
-    } 
+    public int getRowCount() {
+        return rowData.size();
+    }
 
-    public int getColumnCount() { 
-        return columnNames.size(); 
-    } 
+    public int getColumnCount() {
+        return columnNames.size();
+    }
 
-    public Object getValueAt(int row, int column) { 
-        return ((Vector) rowData.elementAt(row)).elementAt(column); 
-    } 
+    public Object getValueAt(int row, int column) {
+        return ((Vector) rowData.elementAt(row)).elementAt(column);
+    }
 
-    public boolean isCellEditable(int row, int column) { 
-        return false; 
-    } 
+    public boolean isCellEditable(int row, int column) {
+        return false;
+    }
 
-    public void setValueAt(Object value, int row, int column) { 
-        ((Vector) rowData.elementAt(row)).setElementAt(value, column); 
-        fireTableCellUpdated(row, column); 
+    public void setValueAt(Object value, int row, int column) {
+        ((Vector) rowData.elementAt(row)).setElementAt(value, column);
+        fireTableCellUpdated(row, column);
     }
 }
 
-
-class ThreadTableEvent extends MouseAdapter { 
+class ThreadTableEvent extends MouseAdapter {
 
     private JTable mThreadTable = null;
 
@@ -271,8 +260,8 @@ class ThreadTableEvent extends MouseAdapter {
         mThreadTable = table;
     }
 
-    public void mouseClicked(MouseEvent e) { 
-        if (e.getClickCount() == 2) { 
+    public void mouseClicked(MouseEvent e) {
+        if (e.getClickCount() == 2) {
             int row = mThreadTable.getSelectedRow();
 
             if (row != -1) {
@@ -283,23 +272,23 @@ class ThreadTableEvent extends MouseAdapter {
 
                 field.setEditable(false);
 
-                // get stack trace 
+                // get stack trace
                 Thread threads[] = new Thread[100];
                 int numThreads = Thread.enumerate(threads);
 
-                ByteArrayOutputStream outArray = new ByteArrayOutputStream(); 
+                ByteArrayOutputStream outArray = new ByteArrayOutputStream();
 
                 for (int i = 0; i < numThreads; i++) {
                     if (!threads[i].getName().equals(name))
                         continue;
-                    PrintStream err = System.err; 
+                    PrintStream err = System.err;
 
                     System.setErr(new PrintStream(outArray));
-                  //TODO remove.  This was being called on the array object
-                    //But you can only dump stack on the current thread
-                    Thread.dumpStack();  
-                    
-                    System.setErr(err); 
+                    // TODO remove. This was being called on the array object
+                    // But you can only dump stack on the current thread
+                    Thread.dumpStack();
+
+                    System.setErr(err);
                 }
 
                 String str = outArray.toString();
@@ -312,7 +301,7 @@ class ThreadTableEvent extends MouseAdapter {
                 dialog.setContentPane(pane);
                 dialog.show();
             }
-        } 
+        }
     }
 
 }
diff --git a/pki/base/common/src/com/netscape/cmscore/util/StatsSubsystem.java b/pki/base/common/src/com/netscape/cmscore/util/StatsSubsystem.java
index 4cc393e0..40d68fea 100644
--- a/pki/base/common/src/com/netscape/cmscore/util/StatsSubsystem.java
+++ b/pki/base/common/src/com/netscape/cmscore/util/StatsSubsystem.java
@@ -17,7 +17,6 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cmscore.util;
 
-
 import java.util.Date;
 import java.util.Hashtable;
 import java.util.Vector;
@@ -30,16 +29,14 @@ import com.netscape.certsrv.util.IStatsSubsystem;
 import com.netscape.certsrv.util.StatsEvent;
 
 /**
- * A class represents a internal subsystem. This subsystem
- * can be loaded into cert server kernel to perform
- * statistics collection.
+ * A class represents a internal subsystem. This subsystem can be loaded into
+ * cert server kernel to perform statistics collection.
  * <P>
  * 
  * @author thomask
  * @version $Revision$, $Date$
  */
-public class StatsSubsystem implements IStatsSubsystem
-{
+public class StatsSubsystem implements IStatsSubsystem {
     private String mId = null;
     private StatsEvent mAllTrans = new StatsEvent(null);
     private Date mStartTime = new Date();
@@ -64,101 +61,89 @@ public class StatsSubsystem implements IStatsSubsystem
     }
 
     /**
-     * Initializes this subsystem with the given 
-     * configuration store.
-     * It first initializes resident subsystems,
-     * and it loads and initializes loadable
-     * subsystem specified in the configuration
-     * store.
+     * Initializes this subsystem with the given configuration store. It first
+     * initializes resident subsystems, and it loads and initializes loadable
+     * subsystem specified in the configuration store.
      * <P>
-     * Note that individual subsystem should be
-     * initialized in a separated thread if
-     * it has dependency on the initialization
-     * of other subsystems.
+     * Note that individual subsystem should be initialized in a separated
+     * thread if it has dependency on the initialization of other subsystems.
      * <P>
-     *
+     * 
      * @param owner owner of this subsystem
      * @param config configuration store
      */
     public synchronized void init(ISubsystem owner, IConfigStore config)
-        throws EBaseException 
-    {
-    }
-
-    public Date getStartTime()
-    {
-      return mStartTime;
-    }
-
-    public void startTiming(String id)
-    {
-      startTiming(id, false /* not the main */);
-    }
-
-    public void startTiming(String id, boolean mainAction)
-    {
-      Thread t = Thread.currentThread();
-      Vector milestones = null;
-      if (mHashtable.containsKey(t.toString())) {
-        milestones = (Vector)mHashtable.get(t.toString());
-      } else {
-        milestones = new Vector();
-        mHashtable.put(t.toString(), milestones);
-      }
-      long startTime = CMS.getCurrentDate().getTime();
-      StatsEvent currentST = null;
-      for (int i = 0; i < milestones.size(); i++) {
-        StatsMilestone se = (StatsMilestone)milestones.elementAt(i);
-        if (currentST == null) {
-          currentST = mAllTrans.getSubEvent(se.getId());
+            throws EBaseException {
+    }
+
+    public Date getStartTime() {
+        return mStartTime;
+    }
+
+    public void startTiming(String id) {
+        startTiming(id, false /* not the main */);
+    }
+
+    public void startTiming(String id, boolean mainAction) {
+        Thread t = Thread.currentThread();
+        Vector milestones = null;
+        if (mHashtable.containsKey(t.toString())) {
+            milestones = (Vector) mHashtable.get(t.toString());
         } else {
-          currentST = currentST.getSubEvent(se.getId());
+            milestones = new Vector();
+            mHashtable.put(t.toString(), milestones);
+        }
+        long startTime = CMS.getCurrentDate().getTime();
+        StatsEvent currentST = null;
+        for (int i = 0; i < milestones.size(); i++) {
+            StatsMilestone se = (StatsMilestone) milestones.elementAt(i);
+            if (currentST == null) {
+                currentST = mAllTrans.getSubEvent(se.getId());
+            } else {
+                currentST = currentST.getSubEvent(se.getId());
+            }
+        }
+        if (currentST == null) {
+            if (!mainAction) {
+                return; /* ignore none main action */
+            }
+            currentST = mAllTrans;
+        }
+        StatsEvent newST = currentST.getSubEvent(id);
+        if (newST == null) {
+            newST = new StatsEvent(currentST);
+            newST.setName(id);
+            currentST.addSubEvent(newST);
+        }
+        milestones.addElement(new StatsMilestone(id, startTime, newST));
+    }
+
+    public void endTiming(String id) {
+        long endTime = CMS.getCurrentDate().getTime();
+        Thread t = Thread.currentThread();
+        if (!mHashtable.containsKey(t.toString())) {
+            return; /* error */
+        }
+        Vector milestones = (Vector) mHashtable.get(t.toString());
+        if (milestones.size() == 0) {
+            return; /* error */
+        }
+        StatsMilestone last = (StatsMilestone) milestones.remove(milestones.size() - 1);
+        StatsEvent st = last.getStatsEvent();
+        st.incNoOfOperations(1);
+        st.incTimeTaken(endTime - last.getStartTime());
+        if (milestones.size() == 0) {
+            mHashtable.remove(t.toString());
         }
-      }
-      if (currentST == null) {
-          if (!mainAction) {
-            return; /* ignore none main action */
-          }
-          currentST = mAllTrans;
-      }
-      StatsEvent newST = currentST.getSubEvent(id);
-      if (newST == null) {
-        newST = new StatsEvent(currentST);
-        newST.setName(id);
-        currentST.addSubEvent(newST);
-      }
-      milestones.addElement(new StatsMilestone(id, startTime, newST));
-    }
-
-    public void endTiming(String id)
-    {
-      long endTime = CMS.getCurrentDate().getTime();
-      Thread t = Thread.currentThread();
-      if (!mHashtable.containsKey(t.toString())) {
-        return; /* error */
-      }
-      Vector milestones = (Vector)mHashtable.get(t.toString());
-      if (milestones.size() == 0) {
-        return; /* error */
-      }
-      StatsMilestone last = (StatsMilestone)milestones.remove(milestones.size() - 1);
-      StatsEvent st = last.getStatsEvent();
-      st.incNoOfOperations(1);
-      st.incTimeTaken(endTime - last.getStartTime());
-      if (milestones.size() == 0) {
-        mHashtable.remove(t.toString());
-      }
-    }
-
-    public void resetCounters()
-    {
-      mStartTime = CMS.getCurrentDate();
-      mAllTrans.resetCounters();
-    }
-
-    public StatsEvent getMainStatsEvent()
-    {
-      return mAllTrans; 
+    }
+
+    public void resetCounters() {
+        mStartTime = CMS.getCurrentDate();
+        mAllTrans.resetCounters();
+    }
+
+    public StatsEvent getMainStatsEvent() {
+        return mAllTrans;
     }
 
     public void startup() throws EBaseException {
@@ -171,9 +156,8 @@ public class StatsSubsystem implements IStatsSubsystem
     }
 
     /*
-     * Returns the root configuration storage of this system.
-     * <P>
-     *
+     * Returns the root configuration storage of this system. <P>
+     * 
      * @return configuration store of this subsystem
      */
     public IConfigStore getConfigStore() {
@@ -181,31 +165,26 @@ public class StatsSubsystem implements IStatsSubsystem
     }
 }
 
-class StatsMilestone
-{
-  private String mId = null;
-  private long mStartTime = 0;
-  private StatsEvent mST = null;
-
-  public StatsMilestone(String id, long startTime, StatsEvent st)
-  {
-    mId = id;
-    mStartTime = startTime;
-    mST = st;
-  }
-
-  public String getId()
-  {
-    return mId;
-  }
-
-  public long getStartTime()
-  {
-    return mStartTime;
-  }
-
-  public StatsEvent getStatsEvent()
-  {
-    return mST;
-  }
+class StatsMilestone {
+    private String mId = null;
+    private long mStartTime = 0;
+    private StatsEvent mST = null;
+
+    public StatsMilestone(String id, long startTime, StatsEvent st) {
+        mId = id;
+        mStartTime = startTime;
+        mST = st;
+    }
+
+    public String getId() {
+        return mId;
+    }
+
+    public long getStartTime() {
+        return mStartTime;
+    }
+
+    public StatsEvent getStatsEvent() {
+        return mST;
+    }
 }
diff --git a/pki/base/common/src/com/netscape/cmscore/util/UtilMessage.java b/pki/base/common/src/com/netscape/cmscore/util/UtilMessage.java
index a69a976c..8f82c784 100644
--- a/pki/base/common/src/com/netscape/cmscore/util/UtilMessage.java
+++ b/pki/base/common/src/com/netscape/cmscore/util/UtilMessage.java
@@ -17,16 +17,14 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cmscore.util;
 
-
 import java.util.Locale;
 
 import com.netscape.certsrv.base.MessageFormatter;
 
-
 /**
- * This object is used to easily create I18N messages for utility
- * classes and standalone programs.
- *
+ * This object is used to easily create I18N messages for utility classes and
+ * standalone programs.
+ * 
  * @author mikep
  * @version $Revision$, $Date$
  * @see com.netscape.certsrv.base.MessageFormatter
@@ -46,7 +44,7 @@ public class UtilMessage {
     /**
      * Constructs a message event
      * <P>
-     *
+     * 
      * @param msgFormat the message string
      */
     public UtilMessage(String msgFormat) {
@@ -56,11 +54,12 @@ public class UtilMessage {
 
     /**
      * Constructs a message with a parameter. For example,
+     * 
      * <PRE>
-     * 		new UtilMessage("failed to load {0}", fileName);
+     * new UtilMessage(&quot;failed to load {0}&quot;, fileName);
      * </PRE>
      * <P>
-     *
+     * 
      * @param msgFormat details in message string format
      * @param param message string parameter
      */
@@ -71,9 +70,9 @@ public class UtilMessage {
     }
 
     /**
-     * Constructs a message from an exception. It can be used to carry
-     * a system exception that may contain information about
-     * the context. For example,
+     * Constructs a message from an exception. It can be used to carry a system
+     * exception that may contain information about the context. For example,
+     * 
      * <PRE>
      * 		try {
      *  		...
@@ -82,7 +81,7 @@ public class UtilMessage {
      *      }
      * </PRE>
      * <P>
-     *
+     * 
      * @param msgFormat exception details in message string format
      * @param exception system exception
      */
@@ -95,6 +94,7 @@ public class UtilMessage {
     /**
      * Constructs a message from a base exception. This will use the msgFormat
      * from the exception itself.
+     * 
      * <PRE>
      * 		try {
      *  		...
@@ -103,7 +103,7 @@ public class UtilMessage {
      *      }
      * </PRE>
      * <P>
-     *
+     * 
      * @param exception CMS exception
      */
     public UtilMessage(Exception e) {
@@ -113,10 +113,10 @@ public class UtilMessage {
     }
 
     /**
-     * Constructs a message event with a list of parameters
-     * that will be substituted into the message format.
+     * Constructs a message event with a list of parameters that will be
+     * substituted into the message format.
      * <P>
-     *
+     * 
      * @param msgFormat message string format
      * @param params list of message format parameters
      */
@@ -128,7 +128,7 @@ public class UtilMessage {
     /**
      * Returns the current message format string.
      * <P>
-     *
+     * 
      * @return details message
      */
     public String getMessage() {
@@ -138,7 +138,7 @@ public class UtilMessage {
     /**
      * Returns a list of parameters.
      * <P>
-     *
+     * 
      * @return list of message format parameters
      */
     public Object[] getParameters() {
@@ -146,10 +146,10 @@ public class UtilMessage {
     }
 
     /**
-     * Returns localized message string. This method should
-     * only be called if a localized string is necessary.
+     * Returns localized message string. This method should only be called if a
+     * localized string is necessary.
      * <P>
-     *
+     * 
      * @return details message
      */
     public String toString() {
@@ -159,7 +159,7 @@ public class UtilMessage {
     /**
      * Returns the string based on the given locale.
      * <P>
-     *
+     * 
      * @param locale locale
      * @return details message
      */
@@ -170,8 +170,8 @@ public class UtilMessage {
     }
 
     /**
-     * Gets the resource bundle name for this class instance.  This should
-     * be overridden by subclasses who have their own resource bundles.
+     * Gets the resource bundle name for this class instance. This should be
+     * overridden by subclasses who have their own resource bundles.
      */
     protected String getBundleName() {
         return mBundleName;
diff --git a/pki/base/common/src/com/netscape/cmscore/util/UtilResources.java b/pki/base/common/src/com/netscape/cmscore/util/UtilResources.java
index 5892adc3..1e957cb9 100644
--- a/pki/base/common/src/com/netscape/cmscore/util/UtilResources.java
+++ b/pki/base/common/src/com/netscape/cmscore/util/UtilResources.java
@@ -17,14 +17,12 @@
 // --- END COPYRIGHT BLOCK ---
 package com.netscape.cmscore.util;
 
-
 import java.util.ListResourceBundle;
 
-
 /**
  * A class represents a resource bundle for miscellanous utilities
  * <P>
- *
+ * 
  * @author mikep
  * @version $Revision$, $Date$
  * @see java.util.ListResourceBundle
@@ -39,8 +37,7 @@ public class UtilResources extends ListResourceBundle {
     }
 
     /**
-     * Constants. The suffix represents the number of
-     * possible parameters.
+     * Constants. The suffix represents the number of possible parameters.
      */
     public final static String HASH_FILE_CHECK_USAGE = "hashFileCheckUsage";
     public final static String BAD_ARG_COUNT = "badArgCount";
@@ -57,18 +54,18 @@ public class UtilResources extends ListResourceBundle {
     public final static String RESTART_SIG = "restartSignal";
 
     static final Object[][] contents = {
-            {HASH_FILE_CHECK_USAGE, "usage: HashFileCheck <filename>"},
-            {BAD_ARG_COUNT, "incorrect number of arguments"},
-            {NO_SUCH_FILE_1, "can''t find file {0}"},
-            {FILE_TRUNCATED, "Log file has been truncated."},
-            {DIGEST_MATCH_1, "Hash digest matches log file. {0} OK"},
-            {DIGEST_DONT_MATCH_1, "Hash digest does NOT match log file. {0} and/or hash file is corrupt or the password is incorrect."},
-            {EXCEPTION_1, "Caught unexpected exception {0}"},
-            {LOG_PASSWORD, "Please enter the log file hash digest password: "},
-            {NO_USERID, "No user id in config file.  Running as {0}"},
-            {NO_SUCH_USER_2, "No such user as {0}.  Running as {1}"},
-            {NO_UID_PERMISSION_2, "Can''t change process uid to {0}. Running as {1}"},
-            {SHUTDOWN_SIG, "Received shutdown signal"},
-            {RESTART_SIG, "Received restart signal"},
+            { HASH_FILE_CHECK_USAGE, "usage: HashFileCheck <filename>" },
+            { BAD_ARG_COUNT, "incorrect number of arguments" },
+            { NO_SUCH_FILE_1, "can''t find file {0}" },
+            { FILE_TRUNCATED, "Log file has been truncated." },
+            { DIGEST_MATCH_1, "Hash digest matches log file. {0} OK" },
+            { DIGEST_DONT_MATCH_1, "Hash digest does NOT match log file. {0} and/or hash file is corrupt or the password is incorrect." },
+            { EXCEPTION_1, "Caught unexpected exception {0}" },
+            { LOG_PASSWORD, "Please enter the log file hash digest password: " },
+            { NO_USERID, "No user id in config file.  Running as {0}" },
+            { NO_SUCH_USER_2, "No such user as {0}.  Running as {1}" },
+            { NO_UID_PERMISSION_2, "Can''t change process uid to {0}. Running as {1}" },
+            { SHUTDOWN_SIG, "Received shutdown signal" },
+            { RESTART_SIG, "Received restart signal" },
         };
 }
diff --git a/pki/base/common/test/com/netscape/certsrv/app/CMSEngineDefaultStub.java b/pki/base/common/test/com/netscape/certsrv/app/CMSEngineDefaultStub.java
index c01ec33e..d2ba6c19 100644
--- a/pki/base/common/test/com/netscape/certsrv/app/CMSEngineDefaultStub.java
+++ b/pki/base/common/test/com/netscape/certsrv/app/CMSEngineDefaultStub.java
@@ -126,7 +126,7 @@ public class CMSEngineDefaultStub implements ICMSEngine {
         return false;
     }
 
-    public Enumeration <String> getSubsystemNames() {
+    public Enumeration<String> getSubsystemNames() {
         return null;
     }
 
@@ -261,14 +261,16 @@ public class CMSEngineDefaultStub implements ICMSEngine {
     public String getFingerPrints(Certificate cert) throws NoSuchAlgorithmException, CertificateEncodingException {
         return null;
     }/*
-    * Returns the finger print of the given certificate.
-*
-* @param certDer DER byte array of certificate
-* @return finger print of certificate
-*/
-public String getFingerPrints(byte[] certDer) throws NoSuchAlgorithmException {
-    return null;
-}
+      * Returns the finger print of the given certificate.
+      * 
+      * @param certDer DER byte array of certificate
+      * 
+      * @return finger print of certificate
+      */
+
+    public String getFingerPrints(byte[] certDer) throws NoSuchAlgorithmException {
+        return null;
+    }
 
     public IRepositoryRecord createRepositoryRecord() {
         return null;
@@ -459,7 +461,6 @@ public String getFingerPrints(byte[] certDer) throws NoSuchAlgorithmException {
         return null;
     }
 
-
     public IGeneralNamesConfig createGeneralNamesConfig(String name, IConfigStore config, boolean isValueConfigured, boolean isPolicyEnabled) throws EBaseException {
         return null;
     }
@@ -472,7 +473,6 @@ public String getFingerPrints(byte[] certDer) throws NoSuchAlgorithmException {
         return null;
     }
 
-
     public ISubjAltNameConfig createSubjAltNameConfig(String name, IConfigStore config, boolean isValueConfigured) throws EBaseException {
         return null;
     }
@@ -511,7 +511,6 @@ public String getFingerPrints(byte[] certDer) throws NoSuchAlgorithmException {
         return null;
     }
 
-
     public boolean isRevoked(X509Certificate[] certificates) {
         return false;
     }
@@ -537,89 +536,89 @@ public String getFingerPrints(byte[] certDer) throws NoSuchAlgorithmException {
         return null;
     }
 
-	@Override
-	public String getEEClientAuthSSLPort() {
-		// TODO Auto-generated method stub
-		return null;
-	}
-
-	@Override
-	public boolean verifySystemCerts() {
-		// TODO Auto-generated method stub
-		return false;
-	}
-
-	@Override
-	public boolean verifySystemCertByTag(String tag) {
-		// TODO Auto-generated method stub
-		return false;
-	}
-
-	@Override
-	public boolean verifySystemCertByNickname(String nickname,
-			String certificateUsage) {
-		// TODO Auto-generated method stub
-		return false;
-	}
-
-	@Override
-	public CertificateUsage getCertificateUsage(String certusage) {
-		// TODO Auto-generated method stub
-		return null;
-	}
-
-	@Override
-	public void getGeneralNameConfigDefaultParams(String name,
-			boolean isValueConfigured, Vector<String> params) {
-		// TODO Auto-generated method stub
-		
-	}
-
-	@Override
-	public void getGeneralNamesConfigDefaultParams(String name,
-			boolean isValueConfigured, Vector<String> params) {
-		// TODO Auto-generated method stub
-		
-	}
-
-	@Override
-	public void getGeneralNameConfigExtendedPluginInfo(String name,
-			boolean isValueConfigured, Vector<String> info) {
-		// TODO Auto-generated method stub
-		
-	}
-
-	@Override
-	public void getGeneralNamesConfigExtendedPluginInfo(String name,
-			boolean isValueConfigured, Vector<String> info) {
-		// TODO Auto-generated method stub
-		
-	}
-
-	@Override
-	public void getSubjAltNameConfigDefaultParams(String name,
-			Vector<String> params) {
-		// TODO Auto-generated method stub
-		
-	}
-
-	@Override
-	public void getSubjAltNameConfigExtendedPluginInfo(String name,
-			Vector<String> params) {
-		// TODO Auto-generated method stub
-		
-	}
-
-	@Override
-	public IArgBlock createArgBlock(String realm,
-			Hashtable<String, String> httpReq) {
-		// TODO Auto-generated method stub
-		return null;
-	}
-
-	@Override
-	public IArgBlock createArgBlock(Hashtable<String, String> httpReq) {
-		// TODO Auto-generated method stub
-		return null;
-	}
+    @Override
+    public String getEEClientAuthSSLPort() {
+        // TODO Auto-generated method stub
+        return null;
+    }
+
+    @Override
+    public boolean verifySystemCerts() {
+        // TODO Auto-generated method stub
+        return false;
+    }
+
+    @Override
+    public boolean verifySystemCertByTag(String tag) {
+        // TODO Auto-generated method stub
+        return false;
+    }
+
+    @Override
+    public boolean verifySystemCertByNickname(String nickname,
+            String certificateUsage) {
+        // TODO Auto-generated method stub
+        return false;
+    }
+
+    @Override
+    public CertificateUsage getCertificateUsage(String certusage) {
+        // TODO Auto-generated method stub
+        return null;
+    }
+
+    @Override
+    public void getGeneralNameConfigDefaultParams(String name,
+            boolean isValueConfigured, Vector<String> params) {
+        // TODO Auto-generated method stub
+
+    }
+
+    @Override
+    public void getGeneralNamesConfigDefaultParams(String name,
+            boolean isValueConfigured, Vector<String> params) {
+        // TODO Auto-generated method stub
+
+    }
+
+    @Override
+    public void getGeneralNameConfigExtendedPluginInfo(String name,
+            boolean isValueConfigured, Vector<String> info) {
+        // TODO Auto-generated method stub
+
+    }
+
+    @Override
+    public void getGeneralNamesConfigExtendedPluginInfo(String name,
+            boolean isValueConfigured, Vector<String> info) {
+        // TODO Auto-generated method stub
+
+    }
+
+    @Override
+    public void getSubjAltNameConfigDefaultParams(String name,
+            Vector<String> params) {
+        // TODO Auto-generated method stub
+
+    }
+
+    @Override
+    public void getSubjAltNameConfigExtendedPluginInfo(String name,
+            Vector<String> params) {
+        // TODO Auto-generated method stub
+
+    }
+
+    @Override
+    public IArgBlock createArgBlock(String realm,
+            Hashtable<String, String> httpReq) {
+        // TODO Auto-generated method stub
+        return null;
+    }
+
+    @Override
+    public IArgBlock createArgBlock(Hashtable<String, String> httpReq) {
+        // TODO Auto-generated method stub
+        return null;
+    }
 }
diff --git a/pki/base/common/test/com/netscape/certsrv/authentication/AuthTokenTest.java b/pki/base/common/test/com/netscape/certsrv/authentication/AuthTokenTest.java
index 3f83b3b0..2b8c0c25 100644
--- a/pki/base/common/test/com/netscape/certsrv/authentication/AuthTokenTest.java
+++ b/pki/base/common/test/com/netscape/certsrv/authentication/AuthTokenTest.java
@@ -48,7 +48,7 @@ public class AuthTokenTest extends CMSBaseTestCase {
         assertEquals("value", authToken.mAttrs.get("key"));
         assertEquals("value", authToken.getInString("key"));
 
-        assertFalse(authToken.set("key", (String)null));
+        assertFalse(authToken.set("key", (String) null));
     }
 
     public void testGetSetByteArray() {
@@ -62,7 +62,7 @@ public class AuthTokenTest extends CMSBaseTestCase {
         byte[] retval = authToken.getInByteArray("key");
         assertEquals(data, retval);
 
-        assertFalse(authToken.set("key2", (byte[])null));
+        assertFalse(authToken.set("key2", (byte[]) null));
     }
 
     public void testGetSetInteger() {
@@ -75,7 +75,7 @@ public class AuthTokenTest extends CMSBaseTestCase {
         authToken.set("key2", "value");
         assertNull(authToken.getInInteger("key2"));
 
-        assertFalse(authToken.set("key3", (Integer)null));
+        assertFalse(authToken.set("key3", (Integer) null));
     }
 
     public void testGetSetBigIntegerArray() {
@@ -102,11 +102,11 @@ public class AuthTokenTest extends CMSBaseTestCase {
         assertNull(authToken.getInBigIntegerArray("key3"));
 
         // corner case test
-        authToken.set("key",",");
+        authToken.set("key", ",");
         retval = authToken.getInBigIntegerArray("key");
         assertNull(retval);
 
-        assertFalse(authToken.set("key4", (BigInteger[])null));
+        assertFalse(authToken.set("key4", (BigInteger[]) null));
     }
 
     public void testGetSetDate() {
@@ -123,7 +123,7 @@ public class AuthTokenTest extends CMSBaseTestCase {
         authToken.set("key3", "oops");
         assertNull(authToken.getInDate("key3"));
 
-        assertFalse(authToken.set("key4", (Date)null));
+        assertFalse(authToken.set("key4", (Date) null));
     }
 
     public void testGetSetStringArray() throws IOException {
@@ -145,16 +145,15 @@ public class AuthTokenTest extends CMSBaseTestCase {
         assertEquals(value[3], retval[3]);
 
         // illegal value parsing
-        authToken.set("key2", new byte[] { 1, 2, 3, 4});
+        authToken.set("key2", new byte[] { 1, 2, 3, 4 });
         assertNull(authToken.getInStringArray("key2"));
 
-        
         DerOutputStream out = new DerOutputStream();
         out.putPrintableString("testing");
         authToken.set("key3", out.toByteArray());
         assertNull(authToken.getInStringArray("key3"));
 
-        assertFalse(authToken.set("key4", (String[])null));
+        assertFalse(authToken.set("key4", (String[]) null));
     }
 
     public void testGetSetCert() throws CertificateException {
@@ -170,7 +169,7 @@ public class AuthTokenTest extends CMSBaseTestCase {
         assertNotNull(retval);
         assertEquals(cert, retval);
 
-        assertFalse(authToken.set("key2", (X509CertImpl)null));
+        assertFalse(authToken.set("key2", (X509CertImpl) null));
     }
 
     public void testGetSetCertExts() throws IOException {
@@ -191,13 +190,13 @@ public class AuthTokenTest extends CMSBaseTestCase {
         assertNotNull(retval);
         assertEquals(1, retval.size());
 
-        assertFalse(authToken.set("key3", (CertificateExtensions)null));
+        assertFalse(authToken.set("key3", (CertificateExtensions) null));
     }
 
     public void testGetSetCertificates() throws CertificateException {
         X509CertImpl cert1 = getFakeCert();
         X509CertImpl cert2 = getFakeCert();
-        X509CertImpl[] certArray = new X509CertImpl[] {cert1, cert2};
+        X509CertImpl[] certArray = new X509CertImpl[] { cert1, cert2 };
         Certificates certs = new Certificates(certArray);
 
         assertFalse(cmsStub.bToACalled);
@@ -214,14 +213,14 @@ public class AuthTokenTest extends CMSBaseTestCase {
         assertEquals(cert1, retCerts[0]);
         assertEquals(cert2, retCerts[1]);
 
-        assertFalse(authToken.set("key2", (Certificates)null));
+        assertFalse(authToken.set("key2", (Certificates) null));
     }
 
     public void testGetSetByteArrayArray() {
         byte[][] value = new byte[][] {
                 new byte[] { 1, 2, 3, 4 },
-                new byte[] {12, 13, 14},
-                new byte[] { 50, -12, 0, 100}
+                new byte[] { 12, 13, 14 },
+                new byte[] { 50, -12, 0, 100 }
         };
 
         assertFalse(cmsStub.bToACalled);
@@ -240,15 +239,15 @@ public class AuthTokenTest extends CMSBaseTestCase {
             }
         }
 
-        assertFalse(authToken.set("key2", (byte[][])null));
+        assertFalse(authToken.set("key2", (byte[][]) null));
     }
 
     /**
      * CMSMemoryStub
-     *
+     * 
      * This class is used to help test methods that rely on setting and then
-     * getting a value out.  It assumes BtoA is always called first, stores
-     * the value passed in, and then returns that value for BtoA.
+     * getting a value out. It assumes BtoA is always called first, stores the
+     * value passed in, and then returns that value for BtoA.
      */
     class CMSMemoryStub extends CMSEngineDefaultStub {
         boolean bToACalled = false;
diff --git a/pki/base/common/test/com/netscape/certsrv/logging/LoggerDefaultStub.java b/pki/base/common/test/com/netscape/certsrv/logging/LoggerDefaultStub.java
index b7772bb2..a0ffe5e0 100644
--- a/pki/base/common/test/com/netscape/certsrv/logging/LoggerDefaultStub.java
+++ b/pki/base/common/test/com/netscape/certsrv/logging/LoggerDefaultStub.java
@@ -56,7 +56,7 @@ public class LoggerDefaultStub implements ILogger {
 
     public void log(int evtClass, Properties prop, int source, int level, String msg, Object params[], boolean multiline) {
     }
-    
+
     public ILogEvent create(int evtClass, Properties prop, int source, int level, String msg, Object params[], boolean multiline) {
         return null;
     }
diff --git a/pki/base/common/test/com/netscape/certsrv/request/AgentApprovalsTest.java b/pki/base/common/test/com/netscape/certsrv/request/AgentApprovalsTest.java
index 28ea1669..0cd27840 100644
--- a/pki/base/common/test/com/netscape/certsrv/request/AgentApprovalsTest.java
+++ b/pki/base/common/test/com/netscape/certsrv/request/AgentApprovalsTest.java
@@ -48,15 +48,15 @@ public class AgentApprovalsTest extends CMSBaseTestCase {
         assertNotNull(approvals);
         assertEquals(3, approvals.mVector.size());
 
-        AgentApproval approval = (AgentApproval)approvals.mVector.get(0);
+        AgentApproval approval = (AgentApproval) approvals.mVector.get(0);
         assertEquals(approval1.getUserName(), approval.getUserName());
         assertEquals(approval1.getDate(), approval.getDate());
 
-        approval = (AgentApproval)approvals.mVector.get(1);
+        approval = (AgentApproval) approvals.mVector.get(1);
         assertEquals(approval2.getUserName(), approval.getUserName());
         assertEquals(approval2.getDate(), approval.getDate());
 
-        approval = (AgentApproval)approvals.mVector.get(2);
+        approval = (AgentApproval) approvals.mVector.get(2);
         assertEquals(approval3.getUserName(), approval.getUserName());
         assertEquals(approval3.getDate(), approval.getDate());
 
diff --git a/pki/base/common/test/com/netscape/cmscore/dbs/CertRecordListTest.java b/pki/base/common/test/com/netscape/cmscore/dbs/CertRecordListTest.java
index 3fd6a96f..699a924d 100644
--- a/pki/base/common/test/com/netscape/cmscore/dbs/CertRecordListTest.java
+++ b/pki/base/common/test/com/netscape/cmscore/dbs/CertRecordListTest.java
@@ -40,7 +40,7 @@ public class CertRecordListTest extends CMSBaseTestCase {
         return new TestSuite(CertRecordListTest.class);
     }
 
-    public void testProcessCertRecordsUsesSize()  throws EBaseException {
+    public void testProcessCertRecordsUsesSize() throws EBaseException {
         DBVirtualListStub dbList = new DBVirtualListStub();
         dbList.size = 5;
 
@@ -57,7 +57,6 @@ public class CertRecordListTest extends CMSBaseTestCase {
         assertEquals(7, dbList.lastIndexGetElementAtCalledWith);
     }
 
-
     public class DBVirtualListStub extends DBVirtualListDefaultStub {
         public int size = 0;
         public int getElementAtCallCount = 0;
diff --git a/pki/base/common/test/com/netscape/cmscore/dbs/DBRegistryDefaultStub.java b/pki/base/common/test/com/netscape/cmscore/dbs/DBRegistryDefaultStub.java
index 2095e162..9635129f 100644
--- a/pki/base/common/test/com/netscape/cmscore/dbs/DBRegistryDefaultStub.java
+++ b/pki/base/common/test/com/netscape/cmscore/dbs/DBRegistryDefaultStub.java
@@ -17,7 +17,6 @@ import com.netscape.certsrv.dbs.IFilterConverter;
  */
 public class DBRegistryDefaultStub implements IDBRegistry {
 
-
     public void registerObjectClass(String className, String ldapNames[]) throws EDBException {
     }
 
diff --git a/pki/base/common/test/com/netscape/cmscore/dbs/DBRegistryTest.java b/pki/base/common/test/com/netscape/cmscore/dbs/DBRegistryTest.java
index 7b4681e5..c4564323 100644
--- a/pki/base/common/test/com/netscape/cmscore/dbs/DBRegistryTest.java
+++ b/pki/base/common/test/com/netscape/cmscore/dbs/DBRegistryTest.java
@@ -40,7 +40,7 @@ public class DBRegistryTest extends CMSBaseTestCase {
         extAttrMapper = new DBDynAttrMapperStub();
         try {
             registry.registerObjectClass(requestRecordStub.getClass().getName(),
-                    new String[] {"ocvalue"} );
+                    new String[] { "ocvalue" });
             registry.registerAttribute(IRequestRecord.ATTR_EXT_DATA, extAttrMapper);
             registry.registerAttribute(IRequestRecord.ATTR_SOURCE_ID,
                     new StringMapper("sourceIdOut"));
@@ -64,7 +64,7 @@ public class DBRegistryTest extends CMSBaseTestCase {
         assertTrue(extAttrMapper.mapObjectCalled);
     }
 
-    public void testGetLDAPAttributesForExtData()  throws EBaseException {
+    public void testGetLDAPAttributesForExtData() throws EBaseException {
         String inAttrs[] = new String[] {
                 "extData-foo",
                 "extData-foo12",
@@ -79,9 +79,10 @@ public class DBRegistryTest extends CMSBaseTestCase {
         assertTrue(TestHelper.contains(outAttrs, "sourceIdOut"));
 
         try {
-            registry.getLDAPAttributes(new String[] {"badattr"});
+            registry.getLDAPAttributes(new String[] { "badattr" });
             fail("Should not be able to map badattr");
-        } catch (EBaseException e) { /* good */ }
+        } catch (EBaseException e) { /* good */
+        }
     }
 
     public void testCreateLDAPAttributeSet() throws EBaseException {
@@ -109,7 +110,6 @@ public class DBRegistryTest extends CMSBaseTestCase {
         assertTrue(extAttrMapper.mapLDAPAttrsCalled);
     }
 
-
     class DBSubsystemStub extends DBSubsystemDefaultStub {
         DBRegistry registry;
 
@@ -118,7 +118,6 @@ public class DBRegistryTest extends CMSBaseTestCase {
         }
     }
 
-
     class DBDynAttrMapperStub extends DBDynAttrMapperDefaultStub {
         boolean mapObjectCalled = false;
         Object mapObjectCalledWithObject = null;
@@ -146,10 +145,10 @@ public class DBRegistryTest extends CMSBaseTestCase {
 
 /*
  * This class is purposefully placed outside the test because
- * DBRegistry.createObject() calls Class.newInstance() to create
- * this stub.  This fails if the class is nested.
+ * DBRegistry.createObject() calls Class.newInstance() to create this stub. This
+ * fails if the class is nested.
  */
- class RequestRecordStub extends RequestRecordDefaultStub {
+class RequestRecordStub extends RequestRecordDefaultStub {
 
     /**
      *
diff --git a/pki/base/common/test/com/netscape/cmscore/dbs/DBSubsystemDefaultStub.java b/pki/base/common/test/com/netscape/cmscore/dbs/DBSubsystemDefaultStub.java
index 68f24d50..fe19159d 100644
--- a/pki/base/common/test/com/netscape/cmscore/dbs/DBSubsystemDefaultStub.java
+++ b/pki/base/common/test/com/netscape/cmscore/dbs/DBSubsystemDefaultStub.java
@@ -17,7 +17,6 @@ import com.netscape.certsrv.dbs.IDBSubsystem;
  */
 public class DBSubsystemDefaultStub implements IDBSubsystem {
 
-
     public String getBaseDN() {
         return null;
     }
@@ -83,91 +82,91 @@ public class DBSubsystemDefaultStub implements IDBSubsystem {
         return null;
     }
 
-	@Override
-	public void setMaxSerialConfig(int repo, String serial)
-			throws EBaseException {
-		// TODO Auto-generated method stub
-
-	}
-
-	@Override
-	public void setMinSerialConfig(int repo, String serial)
-			throws EBaseException {
-		// TODO Auto-generated method stub
-
-	}
-
-	@Override
-	public void setNextMaxSerialConfig(int repo, String serial)
-			throws EBaseException {
-		// TODO Auto-generated method stub
-
-	}
-
-	@Override
-	public void setNextMinSerialConfig(int repo, String serial)
-			throws EBaseException {
-		// TODO Auto-generated method stub
-
-	}
-
-	@Override
-	public String getMinSerialConfig(int repo) {
-		// TODO Auto-generated method stub
-		return null;
-	}
-
-	@Override
-	public String getMaxSerialConfig(int repo) {
-		// TODO Auto-generated method stub
-		return null;
-	}
-
-	@Override
-	public String getNextMaxSerialConfig(int repo) {
-		// TODO Auto-generated method stub
-		return null;
-	}
-
-	@Override
-	public String getNextMinSerialConfig(int repo) {
-		// TODO Auto-generated method stub
-		return null;
-	}
-
-	@Override
-	public String getLowWaterMarkConfig(int repo) {
-		// TODO Auto-generated method stub
-		return null;
-	}
-
-	@Override
-	public String getIncrementConfig(int repo) {
-		// TODO Auto-generated method stub
-		return null;
-	}
-
-	@Override
-	public String getNextRange(int repo) {
-		// TODO Auto-generated method stub
-		return null;
-	}
-
-	@Override
-	public boolean hasRangeConflict(int repo) {
-		// TODO Auto-generated method stub
-		return false;
-	}
-
-	@Override
-	public boolean getEnableSerialMgmt() {
-		// TODO Auto-generated method stub
-		return false;
-	}
-
-	@Override
-	public void setEnableSerialMgmt(boolean value) throws EBaseException {
-		// TODO Auto-generated method stub
-
-	}
+    @Override
+    public void setMaxSerialConfig(int repo, String serial)
+            throws EBaseException {
+        // TODO Auto-generated method stub
+
+    }
+
+    @Override
+    public void setMinSerialConfig(int repo, String serial)
+            throws EBaseException {
+        // TODO Auto-generated method stub
+
+    }
+
+    @Override
+    public void setNextMaxSerialConfig(int repo, String serial)
+            throws EBaseException {
+        // TODO Auto-generated method stub
+
+    }
+
+    @Override
+    public void setNextMinSerialConfig(int repo, String serial)
+            throws EBaseException {
+        // TODO Auto-generated method stub
+
+    }
+
+    @Override
+    public String getMinSerialConfig(int repo) {
+        // TODO Auto-generated method stub
+        return null;
+    }
+
+    @Override
+    public String getMaxSerialConfig(int repo) {
+        // TODO Auto-generated method stub
+        return null;
+    }
+
+    @Override
+    public String getNextMaxSerialConfig(int repo) {
+        // TODO Auto-generated method stub
+        return null;
+    }
+
+    @Override
+    public String getNextMinSerialConfig(int repo) {
+        // TODO Auto-generated method stub
+        return null;
+    }
+
+    @Override
+    public String getLowWaterMarkConfig(int repo) {
+        // TODO Auto-generated method stub
+        return null;
+    }
+
+    @Override
+    public String getIncrementConfig(int repo) {
+        // TODO Auto-generated method stub
+        return null;
+    }
+
+    @Override
+    public String getNextRange(int repo) {
+        // TODO Auto-generated method stub
+        return null;
+    }
+
+    @Override
+    public boolean hasRangeConflict(int repo) {
+        // TODO Auto-generated method stub
+        return false;
+    }
+
+    @Override
+    public boolean getEnableSerialMgmt() {
+        // TODO Auto-generated method stub
+        return false;
+    }
+
+    @Override
+    public void setEnableSerialMgmt(boolean value) throws EBaseException {
+        // TODO Auto-generated method stub
+
+    }
 }
diff --git a/pki/base/common/test/com/netscape/cmscore/dbs/DBVirtualListDefaultStub.java b/pki/base/common/test/com/netscape/cmscore/dbs/DBVirtualListDefaultStub.java
index 45fda77d..294ae1df 100644
--- a/pki/base/common/test/com/netscape/cmscore/dbs/DBVirtualListDefaultStub.java
+++ b/pki/base/common/test/com/netscape/cmscore/dbs/DBVirtualListDefaultStub.java
@@ -22,11 +22,11 @@ import com.netscape.certsrv.dbs.IDBVirtualList;
 import com.netscape.certsrv.dbs.IElementProcessor;
 
 /**
- * A default stub ojbect for tests to extend.
- * This class helps test avoid the problem of test stubs having to
- * implement a new stub method every time the interface changes.
- * It also makes the tests clearer by not cluttered them with empty methods.
- *
+ * A default stub ojbect for tests to extend. This class helps test avoid the
+ * problem of test stubs having to implement a new stub method every time the
+ * interface changes. It also makes the tests clearer by not cluttered them with
+ * empty methods.
+ * 
  * Do not put any behaviour in this class.
  */
 public class DBVirtualListDefaultStub implements IDBVirtualList {
@@ -73,7 +73,7 @@ public class DBVirtualListDefaultStub implements IDBVirtualList {
     }
 
     public void processElements(int startidx, int endidx, IElementProcessor ep)
-        throws EBaseException {
+            throws EBaseException {
     }
 
     public int getSelectedIndex() {
diff --git a/pki/base/common/test/com/netscape/cmscore/request/ExtAttrDynMapperTest.java b/pki/base/common/test/com/netscape/cmscore/request/ExtAttrDynMapperTest.java
index f47cbe0a..a0ad0a8a 100644
--- a/pki/base/common/test/com/netscape/cmscore/request/ExtAttrDynMapperTest.java
+++ b/pki/base/common/test/com/netscape/cmscore/request/ExtAttrDynMapperTest.java
@@ -37,7 +37,7 @@ public class ExtAttrDynMapperTest extends CMSBaseTestCase {
 
     public void testSupportLDAPAttributeName() {
         assertNotNull(mapper);
-        
+
         assertTrue(mapper.supportsLDAPAttributeName("extData-green"));
         assertTrue(mapper.supportsLDAPAttributeName("EXTDATA-green"));
         assertTrue(mapper.supportsLDAPAttributeName("extData-foo;0"));
@@ -165,7 +165,6 @@ public class ExtAttrDynMapperTest extends CMSBaseTestCase {
         assertTrue(attrBim.hasSubtype("bi--003bm"));
     }
 
-
     public void testMapLDAPAttributeSetToObject() throws EBaseException {
         //
         // Test simple key-value pairs
@@ -183,7 +182,7 @@ public class ExtAttrDynMapperTest extends CMSBaseTestCase {
                 requestRecord);
 
         assertEquals(1, requestRecord.setCallCounter);
-        Hashtable<?, ?> extData = (Hashtable<?, ?>)requestRecord.extAttrData.get(
+        Hashtable<?, ?> extData = (Hashtable<?, ?>) requestRecord.extAttrData.get(
                 IRequestRecord.ATTR_EXT_DATA);
         assertNotNull(extData);
 
@@ -215,27 +214,27 @@ public class ExtAttrDynMapperTest extends CMSBaseTestCase {
                 requestRecord);
 
         assertEquals(1, requestRecord.setCallCounter);
-        extData = (Hashtable<?, ?>)requestRecord.extAttrData.get(
+        extData = (Hashtable<?, ?>) requestRecord.extAttrData.get(
                 IRequestRecord.ATTR_EXT_DATA);
         assertNotNull(extData);
 
         assertTrue(extData.containsKey("o;key1"));
-        Hashtable<?, ?> okey1Data = (Hashtable<?, ?>)extData.get("o;key1");
+        Hashtable<?, ?> okey1Data = (Hashtable<?, ?>) extData.get("o;key1");
         assertEquals(3, okey1Data.keySet().size());
         assertTrue(okey1Data.containsKey("i;key11"));
-        assertEquals("val11", (String)okey1Data.get("i;key11"));
+        assertEquals("val11", (String) okey1Data.get("i;key11"));
         assertTrue(okey1Data.containsKey("ikey12"));
-        assertEquals("val12", (String)okey1Data.get("ikey12"));
+        assertEquals("val12", (String) okey1Data.get("ikey12"));
         assertTrue(okey1Data.containsKey("ikey13"));
-        assertEquals("val13", (String)okey1Data.get("ikey13"));
+        assertEquals("val13", (String) okey1Data.get("ikey13"));
 
         assertTrue(extData.containsKey("okey2"));
-        Hashtable<?, ?> okey2Data = (Hashtable<?, ?>)extData.get("okey2");
+        Hashtable<?, ?> okey2Data = (Hashtable<?, ?>) extData.get("okey2");
         assertEquals(2, okey2Data.keySet().size());
         assertTrue(okey2Data.containsKey("ikey21"));
-        assertEquals("val21", (String)okey2Data.get("ikey21"));
+        assertEquals("val21", (String) okey2Data.get("ikey21"));
         assertTrue(okey2Data.containsKey("ikey22"));
-        assertEquals("val22", (String)okey2Data.get("ikey22"));
+        assertEquals("val22", (String) okey2Data.get("ikey22"));
 
         assertFalse(extData.containsKey("foo"));
 
@@ -260,13 +259,11 @@ public class ExtAttrDynMapperTest extends CMSBaseTestCase {
 
     }
 
-
     class RequestRecordStub extends RequestRecordDefaultStub {
         private static final long serialVersionUID = 4106967075497999274L;
         Hashtable<String, Object> extAttrData = new Hashtable<String, Object>();
         int setCallCounter = 0;
 
-
         public void set(String name, Object o) {
             setCallCounter++;
             if (IRequestRecord.ATTR_EXT_DATA.equals(name)) {
diff --git a/pki/base/common/test/com/netscape/cmscore/request/RequestDefaultStub.java b/pki/base/common/test/com/netscape/cmscore/request/RequestDefaultStub.java
index a835ba32..151f3d62 100644
--- a/pki/base/common/test/com/netscape/cmscore/request/RequestDefaultStub.java
+++ b/pki/base/common/test/com/netscape/cmscore/request/RequestDefaultStub.java
@@ -103,7 +103,7 @@ public class RequestDefaultStub implements IRequest {
         return false;
     }
 
-    public boolean setExtData(String key, Hashtable<String, ?>  value) {
+    public boolean setExtData(String key, Hashtable<String, ?> value) {
         return false;
     }
 
@@ -115,7 +115,7 @@ public class RequestDefaultStub implements IRequest {
         return null;
     }
 
-    public <V> Hashtable<String, V> getExtDataInHashtable(String key){
+    public <V> Hashtable<String, V> getExtDataInHashtable(String key) {
         return null;
     }
 
diff --git a/pki/base/common/test/com/netscape/cmscore/request/RequestQueueTest.java b/pki/base/common/test/com/netscape/cmscore/request/RequestQueueTest.java
index 4ae5be9a..d69ac6a5 100644
--- a/pki/base/common/test/com/netscape/cmscore/request/RequestQueueTest.java
+++ b/pki/base/common/test/com/netscape/cmscore/request/RequestQueueTest.java
@@ -41,7 +41,7 @@ public class RequestQueueTest extends CMSBaseTestCase {
     }
 
     class RequestStub extends RequestDefaultStub {
-        String[] keys = new String[] {"key1", "key2"};
+        String[] keys = new String[] { "key1", "key2" };
         boolean getExtDataKeysCalled = false;
 
         public Enumeration getExtDataKeys() {
diff --git a/pki/base/common/test/com/netscape/cmscore/request/RequestRecordTest.java b/pki/base/common/test/com/netscape/cmscore/request/RequestRecordTest.java
index ba3689fb..efdbfc20 100644
--- a/pki/base/common/test/com/netscape/cmscore/request/RequestRecordTest.java
+++ b/pki/base/common/test/com/netscape/cmscore/request/RequestRecordTest.java
@@ -69,7 +69,7 @@ public class RequestRecordTest extends CMSBaseTestCase {
 
         requestRecord.add(request);
 
-        assertEquals(request.mExtData,  requestRecord.mExtData);
+        assertEquals(request.mExtData, requestRecord.mExtData);
         assertNotSame(request.mExtData, requestRecord.mExtData);
     }
 
@@ -83,7 +83,6 @@ public class RequestRecordTest extends CMSBaseTestCase {
         requestRecord.set(IRequestRecord.ATTR_EXT_DATA, extData);
         requestRecord.mRequestType = "foo";
 
-
         requestRecord.read(new RequestModDefaultStub(), request);
 
         // the request stores other attributes inside its mExtData when some
@@ -114,12 +113,11 @@ public class RequestRecordTest extends CMSBaseTestCase {
         assertTrue(db.registry.registerObjectClassCalled);
         assertTrue(TestHelper.contains(db.registry.registerObjectClassLdapNames,
                                        "extensibleObject"));
-        
+
         assertTrue(db.registry.registerDynamicMapperCalled);
         assertTrue(db.registry.dynamicMapper instanceof ExtAttrDynMapper);
     }
 
-
     class ModificationSetStub extends ModificationSet {
         public boolean addCalledWithExtData = false;
         public Object addExtDataObject = null;
@@ -132,17 +130,14 @@ public class RequestRecordTest extends CMSBaseTestCase {
         }
     }
 
-
     class DBSubsystemStub extends DBSubsystemDefaultStub {
         DBRegistryStub registry = new DBRegistryStub();
 
-
         public IDBRegistry getRegistry() {
             return registry;
         }
     }
 
-
     class DBRegistryStub extends DBRegistryDefaultStub {
         boolean registerCalledWithExtAttr = false;
         IDBAttrMapper extAttrMapper = null;
diff --git a/pki/base/common/test/com/netscape/cmscore/request/RequestTest.java b/pki/base/common/test/com/netscape/cmscore/request/RequestTest.java
index dd1a1612..8d5132d9 100644
--- a/pki/base/common/test/com/netscape/cmscore/request/RequestTest.java
+++ b/pki/base/common/test/com/netscape/cmscore/request/RequestTest.java
@@ -69,7 +69,7 @@ public class RequestTest extends CMSBaseTestCase {
 
     public void testIsSimpleExtDataValue() {
         request.mExtData.put("simple1", "foo");
-        request.mExtData.put("complex1", new Hashtable<String, Object> ());
+        request.mExtData.put("complex1", new Hashtable<String, Object>());
 
         assertTrue(request.isSimpleExtDataValue("simple1"));
         assertFalse(request.isSimpleExtDataValue("complex1"));
@@ -87,12 +87,12 @@ public class RequestTest extends CMSBaseTestCase {
 
         request.setExtData("UPPER", "CASE");
         assertEquals("CASE", request.mExtData.get("upper"));
-        
-        assertFalse(request.setExtData("key", (String)null));
+
+        assertFalse(request.setExtData("key", (String) null));
     }
 
     @SuppressWarnings({ "rawtypes", "unchecked" })
-	public void testVerifyValidExtDataHashtable() {
+    public void testVerifyValidExtDataHashtable() {
         Hashtable valueHash = new Hashtable();
 
         valueHash.put("key1", "val1");
@@ -104,8 +104,8 @@ public class RequestTest extends CMSBaseTestCase {
         assertFalse(request.isValidExtDataHashtableValue(valueHash));
 
         valueHash.clear();
-        //valueHash.put(new Integer("0"), "bar");
-        //assertFalse(request.isValidExtDataHashtableValue(valueHash));
+        // valueHash.put(new Integer("0"), "bar");
+        // assertFalse(request.isValidExtDataHashtableValue(valueHash));
 
         valueHash.clear();
         valueHash.put("okay", new Integer(5));
@@ -114,7 +114,7 @@ public class RequestTest extends CMSBaseTestCase {
     }
 
     @SuppressWarnings({ "unchecked", "rawtypes" })
-	public void testSetExtHashtableData() {
+    public void testSetExtHashtableData() {
         Hashtable<String, String> valueHash = new Hashtable<String, String>();
 
         valueHash.put("key1", "val1");
@@ -133,8 +133,8 @@ public class RequestTest extends CMSBaseTestCase {
 
         valueHash.put("", "value");
         assertFalse(request.setExtData("topkey2", valueHash));
-        
-        assertFalse(request.setExtData("topkey3", (Hashtable)null));
+
+        assertFalse(request.setExtData("topkey3", (Hashtable) null));
     }
 
     public void testGetExtDataInString() {
@@ -215,9 +215,9 @@ public class RequestTest extends CMSBaseTestCase {
         assertFalse(value.containsKey(""));
 
         // Illegal values
-        assertFalse(request.setExtData((String)null, "b", "c"));
-        assertFalse(request.setExtData("a", (String)null, "c"));
-        assertFalse(request.setExtData("a", "b", (String)null));
+        assertFalse(request.setExtData((String) null, "b", "c"));
+        assertFalse(request.setExtData("a", (String) null, "c"));
+        assertFalse(request.setExtData("a", "b", (String) null));
     }
 
     public void testGetExtDataSubkeyValue() {
@@ -225,7 +225,7 @@ public class RequestTest extends CMSBaseTestCase {
         value.put("subkey", "value");
 
         request.setExtData("topkey", value);
-        
+
         assertEquals("value", request.getExtDataInString("topkey", "SUBKEY"));
         assertNull(request.getExtDataInString("badkey", "subkey"));
         assertNull(request.getExtDataInString("topkey", "badkey"));
@@ -244,7 +244,7 @@ public class RequestTest extends CMSBaseTestCase {
         assertNull(request.getExtDataInInteger("strkey"));
         assertNull(request.getExtDataInInteger("notfound"));
 
-        assertFalse(request.setExtData("key", (Integer)null));
+        assertFalse(request.setExtData("key", (Integer) null));
     }
 
     public void testGetSetExtDataIntegerArray() {
@@ -267,7 +267,7 @@ public class RequestTest extends CMSBaseTestCase {
         request.setExtData("topkey2", hashValue);
         assertNull(request.getExtDataInIntegerArray("topkey2"));
 
-        assertFalse(request.setExtData("key", (Integer[])null));
+        assertFalse(request.setExtData("key", (Integer[]) null));
     }
 
     public void testGetSetExtDataBigInteger() {
@@ -283,7 +283,7 @@ public class RequestTest extends CMSBaseTestCase {
         assertNull(request.getExtDataInBigInteger("strkey"));
         assertNull(request.getExtDataInBigInteger("notfound"));
 
-        assertFalse(request.setExtData("key", (BigInteger)null));
+        assertFalse(request.setExtData("key", (BigInteger) null));
     }
 
     public void testGetSetExtDataBigIntegerArray() {
@@ -306,7 +306,7 @@ public class RequestTest extends CMSBaseTestCase {
         request.setExtData("topkey2", hashValue);
         assertNull(request.getExtDataInBigIntegerArray("topkey2"));
 
-        assertFalse(request.setExtData("key", (BigInteger[])null));
+        assertFalse(request.setExtData("key", (BigInteger[]) null));
     }
 
     public void testSetExtDataThrowable() {
@@ -316,7 +316,7 @@ public class RequestTest extends CMSBaseTestCase {
 
         assertEquals(e.toString(), request.mExtData.get("key"));
 
-        assertFalse(request.setExtData("key", (Throwable)null));
+        assertFalse(request.setExtData("key", (Throwable) null));
     }
 
     public void testGetSetByteArray() {
@@ -332,7 +332,7 @@ public class RequestTest extends CMSBaseTestCase {
         assertTrue(cmsStub.aToBCalled);
         assertEquals(data, out);
 
-        assertFalse(request.setExtData("key", (byte[])null));
+        assertFalse(request.setExtData("key", (byte[]) null));
     }
 
     public void testGetSetCert() throws CertificateException {
@@ -347,7 +347,7 @@ public class RequestTest extends CMSBaseTestCase {
         assertTrue(cmsStub.aToBCalled);
         assertEquals(cert, retval);
 
-        assertFalse(request.setExtData("key", (X509CertImpl)null));
+        assertFalse(request.setExtData("key", (X509CertImpl) null));
     }
 
     public void testGetSetCertArray() throws CertificateException {
@@ -359,7 +359,7 @@ public class RequestTest extends CMSBaseTestCase {
         };
 
         assertTrue(request.setExtData("key", vals));
-        Hashtable<?, ?> hashVals = (Hashtable<?, ?>)request.mExtData.get("key");
+        Hashtable<?, ?> hashVals = (Hashtable<?, ?>) request.mExtData.get("key");
         assertEquals(2, hashVals.keySet().size());
 
         assertFalse(cmsStub.aToBCalled);
@@ -370,16 +370,16 @@ public class RequestTest extends CMSBaseTestCase {
         assertEquals(vals[0], retval[0]);
         assertEquals(vals[1], retval[1]);
 
-        assertFalse(request.setExtData("key", (X509CertImpl[])null));
+        assertFalse(request.setExtData("key", (X509CertImpl[]) null));
     }
 
     public void testGetSetStringArray() {
-        String[] value = new String[] {"blue", "green", "red", "orange"};
+        String[] value = new String[] { "blue", "green", "red", "orange" };
         assertTrue(request.setExtData("key", value));
 
         assertTrue(request.mExtData.containsKey("key"));
         @SuppressWarnings("unchecked")
-		Hashtable<String, String> hashValue = (Hashtable<String, String>)request.mExtData.get("key");
+        Hashtable<String, String> hashValue = (Hashtable<String, String>) request.mExtData.get("key");
         assertTrue(hashValue.containsKey("0"));
         assertTrue(hashValue.containsKey("1"));
         assertTrue(hashValue.containsKey("2"));
@@ -420,7 +420,7 @@ public class RequestTest extends CMSBaseTestCase {
         request.setExtData("cory", hashValue);
         assertNull(request.getExtDataInStringArray("cory"));
 
-        assertFalse(request.setExtData("key", (String[])null));
+        assertFalse(request.setExtData("key", (String[]) null));
 
     }
 
@@ -435,7 +435,7 @@ public class RequestTest extends CMSBaseTestCase {
 
         assertTrue(request.mExtData.containsKey("key"));
         @SuppressWarnings("unchecked")
-		Hashtable<String, String> hashValue = (Hashtable<String, String>)request.mExtData.get("key");
+        Hashtable<String, String> hashValue = (Hashtable<String, String>) request.mExtData.get("key");
         assertTrue(hashValue.containsKey("0"));
         assertTrue(hashValue.containsKey("1"));
         assertTrue(hashValue.containsKey("2"));
@@ -459,7 +459,7 @@ public class RequestTest extends CMSBaseTestCase {
         request.setExtData("cory", hashValue);
         assertNull(request.getExtDataInStringVector("cory"));
 
-        assertFalse(request.setExtData("key", (Vector<?>)null));
+        assertFalse(request.setExtData("key", (Vector<?>) null));
     }
 
     public void testGetSetCertInfo() {
@@ -476,7 +476,7 @@ public class RequestTest extends CMSBaseTestCase {
         request.getExtDataInCertInfo("key");
         assertTrue(cmsStub.aToBCalled);
 
-        assertFalse(request.setExtData("key", (X509CertInfo)null));
+        assertFalse(request.setExtData("key", (X509CertInfo) null));
     }
 
     public void testGetSetCertInfoArray() {
@@ -486,14 +486,14 @@ public class RequestTest extends CMSBaseTestCase {
         };
 
         assertTrue(request.setExtData("key", vals));
-        Hashtable<?, ?> hashVals = (Hashtable<?, ?>)request.mExtData.get("key");
+        Hashtable<?, ?> hashVals = (Hashtable<?, ?>) request.mExtData.get("key");
         assertEquals(2, hashVals.keySet().size());
 
         assertFalse(cmsStub.aToBCalled);
         request.getExtDataInCertInfoArray("key");
         assertTrue(cmsStub.aToBCalled);
 
-        assertFalse(request.setExtData("key", (X509CertInfo[])null));
+        assertFalse(request.setExtData("key", (X509CertInfo[]) null));
     }
 
     public void testGetBoolean() {
@@ -536,14 +536,14 @@ public class RequestTest extends CMSBaseTestCase {
         };
 
         assertTrue(request.setExtData("key", vals));
-        Hashtable<?, ?> hashVals = (Hashtable<?, ?>)request.mExtData.get("key");
+        Hashtable<?, ?> hashVals = (Hashtable<?, ?>) request.mExtData.get("key");
         assertEquals(2, hashVals.keySet().size());
 
         assertFalse(cmsStub.aToBCalled);
         request.getExtDataInCertInfoArray("key");
         assertTrue(cmsStub.aToBCalled);
 
-        assertFalse(request.setExtData("key", (RevokedCertImpl[])null));
+        assertFalse(request.setExtData("key", (RevokedCertImpl[]) null));
     }
 
     public void testGetSetCertExts() throws IOException {
@@ -564,7 +564,7 @@ public class RequestTest extends CMSBaseTestCase {
         assertNotNull(retval);
         assertEquals(1, retval.size());
 
-        assertFalse(request.setExtData("key", (CertificateExtensions)null));
+        assertFalse(request.setExtData("key", (CertificateExtensions) null));
     }
 
     public void testGetSetCertSubjectName() throws IOException {
@@ -576,10 +576,10 @@ public class RequestTest extends CMSBaseTestCase {
         CertificateSubjectName retval = request.getExtDataInCertSubjectName("key");
         assertNotNull(retval);
         // the 'CN=' is uppercased at some point
-        assertEquals("cn=kevin", 
+        assertEquals("cn=kevin",
                 retval.get(CertificateSubjectName.DN_NAME).toString().toLowerCase());
 
-        assertFalse(request.setExtData("key", (CertificateSubjectName)null));
+        assertFalse(request.setExtData("key", (CertificateSubjectName) null));
     }
 
     public void testGetSetAuthToken() {
@@ -597,15 +597,15 @@ public class RequestTest extends CMSBaseTestCase {
         assertEquals(token.getInString("key2"), retval.getInString("key2"));
         assertEquals(token.getInInteger("key3"), retval.getInInteger("key3"));
 
-        assertFalse(request.setExtData("key", (AuthToken)null));
+        assertFalse(request.setExtData("key", (AuthToken) null));
     }
-    
+
     /**
      * CMSMemoryStub
-     *
+     * 
      * This class is used to help test methods that rely on setting and then
-     * getting a value out.  It assumes BtoA is always called first, stores
-     * the value passed in, and then returns that value for BtoA.
+     * getting a value out. It assumes BtoA is always called first, stores the
+     * value passed in, and then returns that value for BtoA.
      */
     class CMSMemoryStub extends CMSEngineDefaultStub {
         boolean bToACalled = false;
@@ -650,7 +650,6 @@ public class RequestTest extends CMSBaseTestCase {
         private static final long serialVersionUID = -9088436260566619005L;
         boolean getEncodedCalled = false;
 
-
         public byte[] getEncoded() throws CRLException {
             getEncodedCalled = true;
             return new byte[] {};
diff --git a/pki/base/common/test/com/netscape/cmscore/test/CMSBaseTestCase.java b/pki/base/common/test/com/netscape/cmscore/test/CMSBaseTestCase.java
index 7e1978e1..ab621847 100644
--- a/pki/base/common/test/com/netscape/cmscore/test/CMSBaseTestCase.java
+++ b/pki/base/common/test/com/netscape/cmscore/test/CMSBaseTestCase.java
@@ -18,9 +18,9 @@ import com.netscape.cmscore.dbs.DBSubsystem;
 import com.netscape.cmscore.dbs.DBSubsystemDefaultStub;
 
 /**
- * The base class for all CMS unit tests.  This sets up some basic stubs
- * that allow unit tests to work without bumping into uninitialized subsystems
- * (like the CMS logging system).
+ * The base class for all CMS unit tests. This sets up some basic stubs that
+ * allow unit tests to work without bumping into uninitialized subsystems (like
+ * the CMS logging system).
  */
 public abstract class CMSBaseTestCase extends TestCase {
     CMSEngineStub engine;
@@ -56,26 +56,26 @@ public abstract class CMSBaseTestCase extends TestCase {
 
     public X509CertImpl getFakeCert() throws CertificateException {
         byte[] certData = new byte[] {
-            48, -126, 1, 18, 48, -127, -67, -96, 3, 2, 1, 2, 2, 1,
-            1, 48, 13, 6, 9, 42, -122, 72, -122, -9, 13, 1, 1, 4,
-            5, 0, 48, 18, 49, 16, 48, 14, 6, 3, 85, 4, 3, 19,
-            7, 116, 101, 115, 116, 105, 110, 103, 48, 30, 23, 13, 48, 55,
-            48, 55, 49, 50, 49, 55, 51, 56, 51, 52, 90, 23, 13, 48,
-            55, 49, 48, 49, 50, 49, 55, 51, 56, 51, 52, 90, 48, 18,
-            49, 16, 48, 14, 6, 3, 85, 4, 3, 19, 7, 116, 101, 115,
-            116, 105, 110, 103, 48, 92, 48, 13, 6, 9, 42, -122, 72, -122,
-            -9, 13, 1, 1, 1, 5, 0, 3, 75, 0, 48, 72, 2, 65,
-            0, -65, 121, -119, -59, 105, 66, -122, -78, -30, -64, 63, -47, 44,
-            -48, -104, 103, -47, -108, 42, -38, 46, -8, 32, 49, -29, -26, -112,
-            -29, -86, 71, 24, -104, 78, -31, -75, -128, 90, -92, -34, -51, -125,
-            -13, 80, 101, -78, 39, -119, -38, 117, 28, 67, -19, -71, -124, -85,
-            105, -53, -103, -59, -67, -38, -83, 118, 65, 2, 3, 1, 0, 1,
-            48, 13, 6, 9, 42, -122, 72, -122, -9, 13, 1, 1, 4, 5,
-            0, 3, 65, 0, -97, -62, 79, -28, 124, -81, 98, 119, -85, -49,
-            62, -81, 46, -25, -29, 78, -40, 118, -2, 114, -128, 74, -47, -68,
-            52, 11, -14, 30, -46, -95, -26, -108, -19, 110, -63, -70, 61, -75,
-            64, 74, -33, -65, -96, 120, -109, 37, 77, -76, 38, -114, 58, -80,
-            -122, -39, -65, -31, 37, -30, -126, 126, 17, -82, 92, 64,
+                48, -126, 1, 18, 48, -127, -67, -96, 3, 2, 1, 2, 2, 1,
+                1, 48, 13, 6, 9, 42, -122, 72, -122, -9, 13, 1, 1, 4,
+                5, 0, 48, 18, 49, 16, 48, 14, 6, 3, 85, 4, 3, 19,
+                7, 116, 101, 115, 116, 105, 110, 103, 48, 30, 23, 13, 48, 55,
+                48, 55, 49, 50, 49, 55, 51, 56, 51, 52, 90, 23, 13, 48,
+                55, 49, 48, 49, 50, 49, 55, 51, 56, 51, 52, 90, 48, 18,
+                49, 16, 48, 14, 6, 3, 85, 4, 3, 19, 7, 116, 101, 115,
+                116, 105, 110, 103, 48, 92, 48, 13, 6, 9, 42, -122, 72, -122,
+                -9, 13, 1, 1, 1, 5, 0, 3, 75, 0, 48, 72, 2, 65,
+                0, -65, 121, -119, -59, 105, 66, -122, -78, -30, -64, 63, -47, 44,
+                -48, -104, 103, -47, -108, 42, -38, 46, -8, 32, 49, -29, -26, -112,
+                -29, -86, 71, 24, -104, 78, -31, -75, -128, 90, -92, -34, -51, -125,
+                -13, 80, 101, -78, 39, -119, -38, 117, 28, 67, -19, -71, -124, -85,
+                105, -53, -103, -59, -67, -38, -83, 118, 65, 2, 3, 1, 0, 1,
+                48, 13, 6, 9, 42, -122, 72, -122, -9, 13, 1, 1, 4, 5,
+                0, 3, 65, 0, -97, -62, 79, -28, 124, -81, 98, 119, -85, -49,
+                62, -81, 46, -25, -29, 78, -40, 118, -2, 114, -128, 74, -47, -68,
+                52, 11, -14, 30, -46, -95, -26, -108, -19, 110, -63, -70, 61, -75,
+                64, 74, -33, -65, -96, 120, -109, 37, 77, -76, 38, -114, 58, -80,
+                -122, -39, -65, -31, 37, -30, -126, 126, 17, -82, 92, 64,
             };
 
         return new X509CertImpl(certData);