diff options
Diffstat (limited to 'pki/base/java-tools/src/com/netscape/cmstools')
22 files changed, 3809 insertions, 4047 deletions
diff --git a/pki/base/java-tools/src/com/netscape/cmstools/AtoB.java b/pki/base/java-tools/src/com/netscape/cmstools/AtoB.java index 78c20751..691bc9b1 100644 --- a/pki/base/java-tools/src/com/netscape/cmstools/AtoB.java +++ b/pki/base/java-tools/src/com/netscape/cmstools/AtoB.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cmstools; - import java.io.BufferedInputStream; import java.io.BufferedReader; import java.io.FileInputStream; @@ -26,33 +25,33 @@ import java.io.FileOutputStream; import java.io.IOException; import java.io.InputStreamReader; - /** * The AtoB class is a utility program designed to "translate" an ASCII - * BASE 64 encoded blob into a BINARY BASE 64 encoded blob. It assumes + * BASE 64 encoded blob into a BINARY BASE 64 encoded blob. It assumes * that the name of a data file is passed to the program via the command line, * and that the contents contain a blob encoded in an ASCII BASE 64 - * format. Note that the data file may contain an optional "-----BEGIN" header + * format. Note that the data file may contain an optional "-----BEGIN" header * and/or an optional "-----END" trailer. - * + * * <P> * The program may be invoked as follows: + * * <PRE> - * + * * AtoB <input filename> <output filename> - * + * * NOTE: <input filename> must contain an ASCII * BASE 64 encoded blob - * + * * <output filename> contains a BINARY * BASE 64 encoded blob * </PRE> - * + * * @version $Revision$, $Date$ */ public class AtoB { // Define constants - public static final int ARGC = 2; + public static final int ARGC = 2; public static final String HEADER = "-----BEGIN"; public static final String TRAILER = "-----END"; @@ -67,8 +66,8 @@ public class AtoB { // (1) Check that two arguments were submitted to the program if (argv.length != ARGC) { System.out.println("Usage: AtoB " + - "<input filename> " + - "<output filename>"); + "<input filename> " + + "<output filename>"); return; } @@ -78,11 +77,11 @@ public class AtoB { try { inputBlob = new BufferedReader(new InputStreamReader( new BufferedInputStream( - new FileInputStream( - argv[0])))); + new FileInputStream( + argv[0])))); } catch (FileNotFoundException e) { System.out.println("AtoB(): can''t find file " + - argv[0] + ":\n" + e); + argv[0] + ":\n" + e); return; } @@ -93,14 +92,14 @@ public class AtoB { try { while ((asciiBASE64BlobChunk = inputBlob.readLine()) != null) { if (!(asciiBASE64BlobChunk.startsWith(HEADER)) && - !(asciiBASE64BlobChunk.startsWith(TRAILER))) { + !(asciiBASE64BlobChunk.startsWith(TRAILER))) { asciiBASE64Blob += asciiBASE64BlobChunk.trim(); } } } catch (IOException e) { System.out.println("AtoB(): Unexpected BASE64 " + - "encoded error encountered in readLine():\n" + - e); + "encoded error encountered in readLine():\n" + + e); } // (4) Close the DataInputStream() object @@ -108,9 +107,9 @@ public class AtoB { inputBlob.close(); } catch (IOException e) { System.out.println("AtoB(): Unexpected BASE64 " + - "encoded error encountered in close():\n" + e); + "encoded error encountered in close():\n" + e); } - + // (5) Decode the ASCII BASE 64 blob enclosed in the // String() object into a BINARY BASE 64 byte[] object @@ -122,7 +121,7 @@ public class AtoB { outputBlob = new FileOutputStream(argv[1]); } catch (IOException e) { System.out.println("AtoB(): unable to open file " + - argv[1] + " for writing:\n" + e); + argv[1] + " for writing:\n" + e); return; } @@ -130,17 +129,16 @@ public class AtoB { outputBlob.write(binaryBASE64Blob); } catch (IOException e) { System.out.println("AtoB(): I/O error " + - "encountered during write():\n" + - e); + "encountered during write():\n" + + e); } try { outputBlob.close(); } catch (IOException e) { System.out.println("AtoB(): Unexpected error " + - "encountered while attempting to close() " + - argv[1] + ":\n" + e); + "encountered while attempting to close() " + + argv[1] + ":\n" + e); } } } - diff --git a/pki/base/java-tools/src/com/netscape/cmstools/AuditVerify.java b/pki/base/java-tools/src/com/netscape/cmstools/AuditVerify.java index aa8ffe9a..022fcfe0 100644 --- a/pki/base/java-tools/src/com/netscape/cmstools/AuditVerify.java +++ b/pki/base/java-tools/src/com/netscape/cmstools/AuditVerify.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cmstools; - import java.io.BufferedReader; import java.io.File; import java.io.FileNotFoundException; @@ -69,34 +68,34 @@ public class AuditVerify { } private static void writeSigStatus(int linenum, String sigStartFile, - int sigStartLine, String sigStopFile, int sigStopLine, String mesg) - throws IOException - { + int sigStartLine, String sigStopFile, int sigStopLine, String mesg) + throws IOException { output(linenum, mesg + ": signature of " + sigStartFile + ":" + - sigStartLine + " to " + sigStopFile + ":" + sigStopLine); + sigStartLine + " to " + sigStopFile + ":" + sigStopLine); } private static class PrefixFilter implements FilenameFilter { private String prefix; + public PrefixFilter(String prefix) { this.prefix = prefix; } + public boolean accept(File dir, String name) { // look for <prefix>cert* in this directory - return( name.indexOf(prefix + "cert") != -1 ); + return (name.indexOf(prefix + "cert") != -1); } } public static boolean validPrefix(String configDir, String prefix) - throws IOException - { + throws IOException { File dir = new File(configDir); - if( ! dir.isDirectory() ) { + if (!dir.isDirectory()) { System.out.println("ERROR: \"" + dir + "\" is not a directory"); usage(); } - String matchingFiles[] = dir.list( new PrefixFilter(prefix) ); + String matchingFiles[] = dir.list(new PrefixFilter(prefix)); // prefix may be valid if at least one file matched the pattern return (matchingFiles.length > 0); @@ -113,218 +112,221 @@ public class AuditVerify { return (keyUsage == null) ? false : keyUsage[0]; } - public static void main(String args[]) { - try { - - String dbdir = null; - String logListFile = null; - String signerNick = null; - String prefix = null; - boolean verbose = false; - - for(int i = 0; i < args.length; ++i) { - if( args[i].equals("-d") ) { - if( ++i >= args.length ) usage(); - dbdir = args[i]; - } else if( args[i].equals("-a") ) { - if( ++i >= args.length ) usage(); - logListFile = args[i]; - } else if( args[i].equals("-n") ) { - if( ++i >= args.length ) usage(); - signerNick = args[i]; - } else if( args[i].equals("-P") ) { - if( ++i >= args.length ) usage(); - prefix = args[i]; - } else if( args[i].equals("-v") ) { - verbose = true; - } else { - System.out.println("Unrecognized argument(" + i + "): " - + args[i]); + try { + + String dbdir = null; + String logListFile = null; + String signerNick = null; + String prefix = null; + boolean verbose = false; + + for (int i = 0; i < args.length; ++i) { + if (args[i].equals("-d")) { + if (++i >= args.length) + usage(); + dbdir = args[i]; + } else if (args[i].equals("-a")) { + if (++i >= args.length) + usage(); + logListFile = args[i]; + } else if (args[i].equals("-n")) { + if (++i >= args.length) + usage(); + signerNick = args[i]; + } else if (args[i].equals("-P")) { + if (++i >= args.length) + usage(); + prefix = args[i]; + } else if (args[i].equals("-v")) { + verbose = true; + } else { + System.out.println("Unrecognized argument(" + i + "): " + + args[i]); + usage(); + } + } + if (dbdir == null || logListFile == null || signerNick == null) { + System.out.println("Argument omitted"); usage(); } - } - if( dbdir == null || logListFile == null || signerNick == null) { - System.out.println("Argument omitted"); - usage(); - } - // get list of log files - Vector logFiles = new Vector(); - BufferedReader r = new BufferedReader(new FileReader(logListFile)); - String listLine; - while( (listLine = r.readLine()) != null ) { - StringTokenizer tok = new StringTokenizer(listLine, ","); - while( tok.hasMoreElements() ) { - logFiles.addElement( ((String)tok.nextElement()).trim()); + // get list of log files + Vector logFiles = new Vector(); + BufferedReader r = new BufferedReader(new FileReader(logListFile)); + String listLine; + while ((listLine = r.readLine()) != null) { + StringTokenizer tok = new StringTokenizer(listLine, ","); + while (tok.hasMoreElements()) { + logFiles.addElement(((String) tok.nextElement()).trim()); + } + } + if (logFiles.size() == 0) { + System.out.println("Error: no log files listed in " + logListFile); + System.exit(1); } - } - if( logFiles.size() == 0 ) { - System.out.println("Error: no log files listed in " + logListFile); - System.exit(1); - } - // initialize crypto stuff - if( prefix == null ) { - if( ! validPrefix(dbdir, "")) { - System.out.println("ERROR: \"" + dbdir + - "\" does not contain any security databases"); - usage(); + // initialize crypto stuff + if (prefix == null) { + if (!validPrefix(dbdir, "")) { + System.out.println("ERROR: \"" + dbdir + + "\" does not contain any security databases"); + usage(); + } + CryptoManager.initialize(dbdir); + } else { + if (!validPrefix(dbdir, prefix)) { + System.out.println("ERROR: \"" + prefix + + "\" is not a valid prefix"); + usage(); + } + CryptoManager.initialize( + new CryptoManager.InitializationValues(dbdir, prefix, prefix, + "secmod.db") + ); } - CryptoManager.initialize(dbdir); - } else { - if( ! validPrefix(dbdir, prefix) ) { - System.out.println("ERROR: \"" + prefix + - "\" is not a valid prefix"); - usage(); + CryptoManager cm = CryptoManager.getInstance(); + X509Certificate signerCert = cm.findCertByNickname(signerNick); + + X509CertImpl cert_i = null; + if (signerCert != null) { + byte[] signerCert_b = signerCert.getEncoded(); + cert_i = new X509CertImpl(signerCert_b); + } else { + System.out.println("ERROR: signing certificate not found"); + System.exit(1); } - CryptoManager.initialize( - new CryptoManager.InitializationValues(dbdir, prefix, prefix, - "secmod.db") - ); - } - CryptoManager cm = CryptoManager.getInstance(); - X509Certificate signerCert = cm.findCertByNickname(signerNick); - - X509CertImpl cert_i = null; - if (signerCert != null) { - byte[] signerCert_b = signerCert.getEncoded(); - cert_i = new X509CertImpl(signerCert_b); - } else { - System.out.println("ERROR: signing certificate not found"); - System.exit(1); - } - // verify signer's certificate - // not checking validity because we want to allow verifying old logs - // - if (!isSigningCert(cert_i)) { - System.out.println("info: signing certificate is not a signing certificate"); - System.exit(1); - } + // verify signer's certificate + // not checking validity because we want to allow verifying old logs + // + if (!isSigningCert(cert_i)) { + System.out.println("info: signing certificate is not a signing certificate"); + System.exit(1); + } - PublicKey pubk = signerCert.getPublicKey(); - String sigAlgorithm=null; - if( pubk instanceof RSAPublicKey ) { - sigAlgorithm = "SHA-256/RSA"; - } else if( pubk instanceof DSAPublicKey ) { - sigAlgorithm = "SHA-256/DSA"; - } else { - System.out.println("Error: unknown key type: " + - pubk.getAlgorithm()); - System.exit(1); - } - Signature sig = Signature.getInstance(sigAlgorithm, CRYPTO_PROVIDER); - sig.initVerify(pubk); + PublicKey pubk = signerCert.getPublicKey(); + String sigAlgorithm = null; + if (pubk instanceof RSAPublicKey) { + sigAlgorithm = "SHA-256/RSA"; + } else if (pubk instanceof DSAPublicKey) { + sigAlgorithm = "SHA-256/DSA"; + } else { + System.out.println("Error: unknown key type: " + + pubk.getAlgorithm()); + System.exit(1); + } + Signature sig = Signature.getInstance(sigAlgorithm, CRYPTO_PROVIDER); + sig.initVerify(pubk); - int goodSigCount = 0; - int badSigCount = 0; + int goodSigCount = 0; + int badSigCount = 0; - int lastFileWritten = -1; + int lastFileWritten = -1; - int sigStartLine = 1; - int sigStopLine = 1; - String sigStartFile = (String) logFiles.elementAt(0); - String sigStopFile = null; - int signedLines = 1; + int sigStartLine = 1; + int sigStopLine = 1; + String sigStartFile = (String) logFiles.elementAt(0); + String sigStopFile = null; + int signedLines = 1; - boolean lastLineWasSig = false; + boolean lastLineWasSig = false; - for( int curfile = 0; curfile < logFiles.size(); ++curfile) { - String curfileName = (String) logFiles.elementAt(curfile); - BufferedReader br = new BufferedReader(new FileReader(curfileName)); + for (int curfile = 0; curfile < logFiles.size(); ++curfile) { + String curfileName = (String) logFiles.elementAt(curfile); + BufferedReader br = new BufferedReader(new FileReader(curfileName)); - if( verbose ) { - writeFile(curfileName); - lastFileWritten = curfile; - } + if (verbose) { + writeFile(curfileName); + lastFileWritten = curfile; + } - String curLine; - int linenum = 0; - while( (curLine = br.readLine()) != null ) { - ++linenum; - if( curLine.indexOf("AUDIT_LOG_SIGNING") != -1 ) { - if( curfile == 0 && linenum == 1 ) { - // Ignore the first signature of the first file, - // since it signs data we don't have access to. - if( verbose ) { - output(linenum, - "Ignoring first signature of log series"); - } - } else { - int sigStart = curLine.indexOf("sig: ") + 5; - if( sigStart < 5 ) { - output(linenum, "INVALID SIGNATURE"); - ++badSigCount; + String curLine; + int linenum = 0; + while ((curLine = br.readLine()) != null) { + ++linenum; + if (curLine.indexOf("AUDIT_LOG_SIGNING") != -1) { + if (curfile == 0 && linenum == 1) { + // Ignore the first signature of the first file, + // since it signs data we don't have access to. + if (verbose) { + output(linenum, + "Ignoring first signature of log series"); + } } else { - byte[] logSig = - base64decode(curLine.substring(sigStart)); - - // verify the signature - if( sig.verify(logSig) ) { - // signature verifies correctly - if( verbose ) { - writeSigStatus(linenum, sigStartFile, - sigStartLine, sigStopFile, sigStopLine, - "verification succeeded"); - } - ++goodSigCount; + int sigStart = curLine.indexOf("sig: ") + 5; + if (sigStart < 5) { + output(linenum, "INVALID SIGNATURE"); + ++badSigCount; } else { - if( lastFileWritten < curfile ) { - writeFile(curfileName); - lastFileWritten = curfile; + byte[] logSig = + base64decode(curLine.substring(sigStart)); + + // verify the signature + if (sig.verify(logSig)) { + // signature verifies correctly + if (verbose) { + writeSigStatus(linenum, sigStartFile, + sigStartLine, sigStopFile, sigStopLine, + "verification succeeded"); + } + ++goodSigCount; + } else { + if (lastFileWritten < curfile) { + writeFile(curfileName); + lastFileWritten = curfile; + } + writeSigStatus(linenum, sigStartFile, + sigStartLine, sigStopFile, sigStopLine, + "VERIFICATION FAILED"); + ++badSigCount; } - writeSigStatus(linenum, sigStartFile, - sigStartLine, sigStopFile, sigStopLine, - "VERIFICATION FAILED"); - ++badSigCount; } + sig.initVerify(pubk); + signedLines = 0; + sigStartLine = linenum; + sigStartFile = curfileName; } - sig.initVerify(pubk); - signedLines = 0; - sigStartLine = linenum; - sigStartFile = curfileName; } + + byte[] lineBytes = curLine.getBytes("UTF-8"); + sig.update(lineBytes); + sig.update(LINE_SEP_BYTE); + ++signedLines; + sigStopLine = linenum; + sigStopFile = curfileName; } - byte[] lineBytes = curLine.getBytes("UTF-8"); - sig.update(lineBytes); - sig.update(LINE_SEP_BYTE); - ++signedLines; - sigStopLine = linenum; - sigStopFile = curfileName; } - } + // Make sure there were no unsigned log entries at the end. + // The first signed line is the previous signature, but anything + // more than that is data. + if (signedLines > 1) { + System.out.println( + "ERROR: log entries after " + sigStartFile + + ":" + sigStartLine + " are UNSIGNED"); + badSigCount++; + } - // Make sure there were no unsigned log entries at the end. - // The first signed line is the previous signature, but anything - // more than that is data. - if( signedLines > 1 ) { - System.out.println( - "ERROR: log entries after " + sigStartFile - + ":" + sigStartLine + " are UNSIGNED"); - badSigCount++; - } + System.out.println("\nVerification process complete."); + System.out.println("Valid signatures: " + goodSigCount); + System.out.println("Invalid signatures: " + badSigCount); - System.out.println("\nVerification process complete."); - System.out.println("Valid signatures: " + goodSigCount); - System.out.println("Invalid signatures: " + badSigCount); + if (badSigCount > 0) { + System.exit(2); + } else { + System.exit(0); + } - if( badSigCount > 0 ) { - System.exit(2); - } else { - System.exit(0); + } catch (FileNotFoundException fnfe) { + System.out.println(fnfe); + } catch (ObjectNotFoundException onfe) { + System.out.println("ERROR: certificate not found"); + } catch (Exception e) { + e.printStackTrace(); } - } catch(FileNotFoundException fnfe) { - System.out.println(fnfe); - } catch(ObjectNotFoundException onfe) { - System.out.println("ERROR: certificate not found"); - } catch(Exception e) { - e.printStackTrace(); - } - System.out.println("Verification process FAILED."); System.exit(1); } diff --git a/pki/base/java-tools/src/com/netscape/cmstools/BtoA.java b/pki/base/java-tools/src/com/netscape/cmstools/BtoA.java index 2bc96a2f..3d281d0c 100644 --- a/pki/base/java-tools/src/com/netscape/cmstools/BtoA.java +++ b/pki/base/java-tools/src/com/netscape/cmstools/BtoA.java @@ -17,49 +17,48 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cmstools; - import java.io.FileInputStream; import java.io.FileNotFoundException; import java.io.FileOutputStream; import java.io.IOException; - /** * The BtoA class is a utility program designed to "translate" a BINARY - * BASE 64 encoded blob into an ASCII BASE 64 encoded blob. It assumes + * BASE 64 encoded blob into an ASCII BASE 64 encoded blob. It assumes * that the name of a data file is passed to the program via the command line, * and that the contents contain a blob encoded in a BINARY BASE 64 * format. - * + * * <P> * The program may be invoked as follows: + * * <PRE> - * + * * BtoA <input filename> <output filename> - * + * * NOTE: <input filename> must contain a BINARY * BASE 64 encoded blob - * + * * <output filename> contains an ASCII * BASE 64 encoded blob * </PRE> - * + * * @version $Revision$, $Date$ */ public class BtoA { // Define constants - public static final int ARGC = 2; + public static final int ARGC = 2; public static void main(String argv[]) { - FileInputStream inputBlob = null; + FileInputStream inputBlob = null; FileOutputStream outputBlob = null; // (1) Check that two arguments were submitted to the program if (argv.length != ARGC) { System.out.println("Usage: BtoA " + - "<input filename> " + - "<output filename>"); + "<input filename> " + + "<output filename>"); return; } @@ -70,7 +69,7 @@ public class BtoA { inputBlob = new FileInputStream(argv[0]); } catch (FileNotFoundException e) { System.out.println("BtoA(): can''t find file " + - argv[0] + ":\n" + e); + argv[0] + ":\n" + e); return; } @@ -80,7 +79,7 @@ public class BtoA { outputBlob = new FileOutputStream(argv[1]); } catch (IOException e) { System.out.println("BtoA(): unable to open file " + - argv[1] + " for writing:\n" + e); + argv[1] + " for writing:\n" + e); return; } @@ -93,8 +92,8 @@ public class BtoA { outputBlob.write(out.getBytes()); } catch (IOException e) { System.out.println("BtoA(): Unexpected BASE64 " + - "encoded error encountered:\n" + - e); + "encoded error encountered:\n" + + e); } // (5) Close the DataInputStream() object @@ -102,8 +101,8 @@ public class BtoA { inputBlob.close(); } catch (IOException e) { System.out.println("BtoA(): Unexpected input error " + - "encountered while attempting to close() " + - argv[0] + ":\n" + e); + "encountered while attempting to close() " + + argv[0] + ":\n" + e); } // (6) Close the FileOutputStream() object @@ -111,9 +110,8 @@ public class BtoA { outputBlob.close(); } catch (IOException e) { System.out.println("BtoA(): Unexpected output error " + - "encountered while attempting to close() " + - argv[1] + ":\n" + e); + "encountered while attempting to close() " + + argv[1] + ":\n" + e); } } } - diff --git a/pki/base/java-tools/src/com/netscape/cmstools/CMCEnroll.java b/pki/base/java-tools/src/com/netscape/cmstools/CMCEnroll.java index 368ef827..b591b6e5 100644 --- a/pki/base/java-tools/src/com/netscape/cmstools/CMCEnroll.java +++ b/pki/base/java-tools/src/com/netscape/cmstools/CMCEnroll.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cmstools; - import java.io.BufferedInputStream; import java.io.BufferedReader; import java.io.ByteArrayInputStream; @@ -67,32 +66,30 @@ import org.mozilla.jss.pkix.primitive.AlgorithmIdentifier; import org.mozilla.jss.pkix.primitive.Name; import org.mozilla.jss.util.Password; - - /** * Tool for signing PKCS #10 , return CMC enrollment request * * <P> + * * @version $Revision$, $Date$ - */ public class CMCEnroll { public static final String PR_REQUEST_CMC = "CMC"; public static final String PR_REQUEST_PKCS10 = "PKCS10"; - public static final int ARGC = 4; + public static final int ARGC = 4; private static final String CERTDB = "cert8.db"; private static final String KEYDB = "key3.db"; public static final String HEADER = "-----BEGIN NEW CERTIFICATE REQUEST-----"; public static final String TRAILER = "-----END NEW CERTIFICATE REQUEST-----"; - - void cleanArgs(String[] s) { - + + void cleanArgs(String[] s) { + } public static X509Certificate getCertificate(String tokenname, - String nickname) throws Exception { + String nickname) throws Exception { CryptoManager manager = CryptoManager.getInstance(); CryptoToken token = null; @@ -116,30 +113,30 @@ public class CMCEnroll { } public static java.security.PrivateKey getPrivateKey(String tokenname, String nickname) - throws Exception { + throws Exception { X509Certificate cert = getCertificate(tokenname, nickname); return CryptoManager.getInstance().findPrivKeyByCert(cert); } + /** + * getCMCBlob create and return the enrollent request. + * <P> + * + * @param signerCert the certificate of the authorized signer of the CMC revocation request. + * @param manager the crypto manger. + * @param nValue the nickname of the certificate inside the token. + * @param rValue request PKCS#10 file name. + * @return the CMC revocation request encoded in base64 + */ + static String getCMCBlob(X509Certificate signerCert, CryptoManager manager, String nValue, String rValue) { - /** - * getCMCBlob create and return the enrollent request. - * <P> - * @param signerCert the certificate of the authorized signer of the CMC revocation request. - * @param manager the crypto manger. - * @param nValue the nickname of the certificate inside the token. - * @param rValue request PKCS#10 file name. - * @return the CMC revocation request encoded in base64 - */ - static String getCMCBlob(X509Certificate signerCert,CryptoManager manager, String nValue, String rValue) { - String asciiBASE64Blob = rValue; // input pkcs10 blob String tokenname = "internal"; try { - + java.security.PrivateKey privKey = null; PKCS10 pkcs = null; SignerIdentifier si = null; @@ -147,7 +144,7 @@ public class CMCEnroll { try { byte[] decodedBytes = com.netscape.osutil.OSUtil.AtoB(asciiBASE64Blob); - + pkcs = new PKCS10(decodedBytes); } catch (IOException e) { throw new IOException("Internal Error - " + e.toString()); @@ -156,7 +153,7 @@ public class CMCEnroll { } catch (NoSuchAlgorithmException e) { throw new IOException("Internal Error - " + e.toString()); } - + String hasSki = "true"; BigInteger serialno = signerCert.getSerialNumber(); @@ -164,35 +161,35 @@ public class CMCEnroll { X509CertImpl impl = new X509CertImpl(certB); X500Name issuerName = (X500Name) impl.getIssuerDN(); byte[] issuerByte = issuerName.getEncoded(); - ByteArrayInputStream istream = new ByteArrayInputStream(issuerByte); - + ByteArrayInputStream istream = new ByteArrayInputStream(issuerByte); + Name issuer = (Name) Name.getTemplate().decode(istream); IssuerAndSerialNumber ias = new IssuerAndSerialNumber(issuer, new INTEGER(serialno.toString())); - si = new SignerIdentifier(SignerIdentifier.ISSUER_AND_SERIALNUMBER, ias, null); + si = new SignerIdentifier(SignerIdentifier.ISSUER_AND_SERIALNUMBER, ias, null); privKey = getPrivateKey(tokenname, nValue); - + // create CMC req // transfer pkcs10 to jss class int bpid = 1; ByteArrayInputStream crInputStream = new ByteArrayInputStream(pkcs.toByteArray()); CertificationRequest cr = (CertificationRequest) CertificationRequest.getTemplate().decode(crInputStream); - + TaggedCertificationRequest tcr = new - TaggedCertificationRequest(new - INTEGER(bpid++), cr); + TaggedCertificationRequest(new + INTEGER(bpid++), cr); TaggedRequest trq = new - TaggedRequest(TaggedRequest.PKCS10, tcr, - null); - + TaggedRequest(TaggedRequest.PKCS10, tcr, + null); + SEQUENCE reqSequence = new SEQUENCE(); reqSequence.addElement(trq); - + // Add some control sequence // Verisign has transactionID,senderNonce SEQUENCE controlSeq = new SEQUENCE(); - + Date date = new Date(); String salt = "lala123" + date.toString(); byte[] dig; @@ -206,14 +203,14 @@ public class CMCEnroll { } String sn = com.netscape.osutil.OSUtil.BtoA(dig); - + TaggedAttribute senderNonce = new TaggedAttribute(new INTEGER(bpid++), OBJECT_IDENTIFIER.id_cmc_senderNonce, new OCTET_STRING(sn.getBytes())); controlSeq.addElement(senderNonce); - + // Verisign recommend transactionId be MD5 hash of publicKey byte[] transId; @@ -224,19 +221,19 @@ public class CMCEnroll { } catch (Exception ex) { transId = salt.getBytes(); } - + TaggedAttribute transactionId = new TaggedAttribute(new INTEGER(bpid++), OBJECT_IDENTIFIER.id_cmc_transactionId, new INTEGER(1, transId)); controlSeq.addElement(transactionId); - + PKIData pkidata = new PKIData(controlSeq, reqSequence, new SEQUENCE(), new SEQUENCE()); - + EncapsulatedContentInfo ci = new - EncapsulatedContentInfo(OBJECT_IDENTIFIER.id_cct_PKIData, - pkidata); + EncapsulatedContentInfo(OBJECT_IDENTIFIER.id_cct_PKIData, + pkidata); // SHA1 is the default digest Alg for now. DigestAlgorithm digestAlg = null; SignatureAlgorithm signAlg = SignatureAlgorithm.RSASignatureWithSHA1Digest; @@ -250,7 +247,7 @@ public class CMCEnroll { try { SHADigest = MessageDigest.getInstance("SHA1"); digestAlg = DigestAlgorithm.SHA1; - + ByteArrayOutputStream ostream = new ByteArrayOutputStream(); pkidata.encode((OutputStream) ostream); @@ -258,12 +255,12 @@ public class CMCEnroll { } catch (NoSuchAlgorithmException e) { } SignerInfo signInfo = new - SignerInfo(si, null, null, OBJECT_IDENTIFIER.id_cct_PKIData, digest, signAlg, - (org.mozilla.jss.crypto.PrivateKey) privKey); + SignerInfo(si, null, null, OBJECT_IDENTIFIER.id_cct_PKIData, digest, signAlg, + (org.mozilla.jss.crypto.PrivateKey) privKey); SET signInfos = new SET(); signInfos.addElement(signInfo); - + SET digestAlgs = new SET(); if (digestAlg != null) { @@ -271,7 +268,7 @@ public class CMCEnroll { digestAlgs.addElement(ai); } - + org.mozilla.jss.crypto.X509Certificate[] agentChain = manager.buildCertificateChain(signerCert); SET certs = new SET(); @@ -287,13 +284,13 @@ public class CMCEnroll { ByteArrayOutputStream bs = new ByteArrayOutputStream(); PrintStream ps = new PrintStream(bs); - + // format is PR_REQUEST_CMC - ByteArrayOutputStream os = new ByteArrayOutputStream(); + ByteArrayOutputStream os = new ByteArrayOutputStream(); - fullEnrollmentReq.encode(os); - ps.print(com.netscape.osutil.OSUtil.BtoA(os.toByteArray())); - //fullEnrollmentReq.print(ps); // no header/trailer + fullEnrollmentReq.encode(os); + ps.print(com.netscape.osutil.OSUtil.BtoA(os.toByteArray())); + //fullEnrollmentReq.print(ps); // no header/trailer asciiBASE64Blob = bs.toString(); } catch (Exception e) { e.printStackTrace(); @@ -303,74 +300,74 @@ public class CMCEnroll { } /** Creates a new instance of CMCEnroll */ - public static void main(String[]s) { - + public static void main(String[] s) { + String dValue = null, nValue = null, rValue = null, pValue = null; FileOutputStream outputBlob = null; - + // default path is "." String mPath = "."; // default prefix is "" String mPrefix = ""; - + boolean bWrongParam = false; // (1) Check that two arguments were submitted to the program if (s.length != (ARGC * 2)) { System.out.println("Wrong number of parameters:" + s.length); System.out.println("Usage: CMCEnroll " + - "-d <dir to cert8.db, key3.db> " + - "-n <nickname> " + - "-r <request PKCS#10 file name> " + - "-p <password>" - ); + "-d <dir to cert8.db, key3.db> " + + "-n <nickname> " + + "-r <request PKCS#10 file name> " + + "-p <password>" + ); bWrongParam = true; - }else { + } else { int length; int i; - + length = s.length; for (i = 0; i < length; i++) { if (s[i].equals("-d")) { dValue = s[i + 1]; - } else if (s[i].equals("-n")) { + } else if (s[i].equals("-n")) { nValue = s[i + 1]; - } else if (s[i].equals("-r")) { + } else if (s[i].equals("-r")) { rValue = s[i + 1]; - } else if (s[i].equals("-p")) { + } else if (s[i].equals("-p")) { pValue = s[i + 1]; } if (s[i].equals("")) bWrongParam = true; - + } - - if (dValue == null || nValue == null || rValue == null || pValue == null ) + + if (dValue == null || nValue == null || rValue == null || pValue == null) bWrongParam = true; - else if (dValue.length() == 0 || nValue.length() == 0 || rValue.length() == 0 || - pValue.length() == 0 ) + else if (dValue.length() == 0 || nValue.length() == 0 || rValue.length() == 0 || + pValue.length() == 0) bWrongParam = true; if (bWrongParam == true) { System.out.println("Usage: CMCEnroll " + - "-d <dir to cert8.db, key3.db> " + - "-n <nickname> " + - "-r <request PKCS#10 file name> " + - "-p <password>" - ); + "-d <dir to cert8.db, key3.db> " + + "-n <nickname> " + + "-r <request PKCS#10 file name> " + + "-p <password>" + ); System.exit(0); - } - + } + try { // initialize CryptoManager mPath = dValue; System.out.println("cert/key prefix = " + mPrefix); System.out.println("path = " + mPath); CryptoManager.InitializationValues vals = - new CryptoManager.InitializationValues(mPath, mPrefix, - mPrefix, "secmod.db"); + new CryptoManager.InitializationValues(mPath, mPrefix, + mPrefix, "secmod.db"); CryptoManager.initialize(vals); - + CryptoManager cm = CryptoManager.getInstance(); CryptoToken token = cm.getInternalKeyStorageToken(); Password pass = new Password(pValue.toCharArray()); @@ -379,19 +376,19 @@ public class CMCEnroll { CryptoStore store = token.getCryptoStore(); X509Certificate[] list = store.getCertificates(); X509Certificate signerCert = null; - + signerCert = cm.findCertByNickname(nValue); - - BufferedReader inputBlob = null; + + BufferedReader inputBlob = null; try { inputBlob = new BufferedReader(new InputStreamReader( new BufferedInputStream( - new FileInputStream( - rValue)))); + new FileInputStream( + rValue)))); } catch (FileNotFoundException e) { System.out.println("CMCEnroll: can''t find file " + - rValue + ":\n" + e); + rValue + ":\n" + e); return; } catch (Exception e) { e.printStackTrace(); @@ -407,40 +404,40 @@ public class CMCEnroll { try { while ((asciiBASE64BlobChunk = inputBlob.readLine()) != null) { if (!(asciiBASE64BlobChunk.startsWith(HEADER)) && - !(asciiBASE64BlobChunk.startsWith(TRAILER))) { + !(asciiBASE64BlobChunk.startsWith(TRAILER))) { asciiBASE64Blob += asciiBASE64BlobChunk.trim(); } } } catch (IOException e) { System.out.println("CMCEnroll: Unexpected BASE64 " + - "encoded error encountered in readLine():\n" + - e); + "encoded error encountered in readLine():\n" + + e); } // (4) Close the DataInputStream() object try { inputBlob.close(); } catch (IOException e) { System.out.println("CMCEnroll(): Unexpected BASE64 " + - "encoded error encountered in close():\n" + e); + "encoded error encountered in close():\n" + e); } - - asciiBASE64Blob = getCMCBlob(signerCert,cm, nValue, asciiBASE64Blob ); + + asciiBASE64Blob = getCMCBlob(signerCert, cm, nValue, asciiBASE64Blob); // (5) Decode the ASCII BASE 64 blob enclosed in the // String() object into a BINARY BASE 64 byte[] object byte binaryBASE64Blob[] = null; binaryBASE64Blob = com.netscape.osutil.OSUtil.AtoB(asciiBASE64Blob); - + // (6) Finally, print the actual CMCEnroll blob to the // specified output file try { outputBlob = new FileOutputStream(rValue + ".out"); } catch (IOException e) { System.out.println("CMCEnroll: unable to open file " + - rValue + ".out" + " for writing:\n" + e); + rValue + ".out" + " for writing:\n" + e); return; } - + System.out.println(HEADER); System.out.println(asciiBASE64Blob + TRAILER); try { @@ -448,23 +445,23 @@ public class CMCEnroll { outputBlob.write(asciiBASE64Blob.getBytes()); } catch (IOException e) { System.out.println("CMCEnroll: I/O error " + - "encountered during write():\n" + - e); + "encountered during write():\n" + + e); } - + try { outputBlob.close(); } catch (IOException e) { System.out.println("CMCEnroll: Unexpected error " + - "encountered while attempting to close() " + - "\n" + e); + "encountered while attempting to close() " + + "\n" + e); } - - }catch (Exception e) { + + } catch (Exception e) { e.printStackTrace(); System.exit(1); } - + return; } } diff --git a/pki/base/java-tools/src/com/netscape/cmstools/CMCRequest.java b/pki/base/java-tools/src/com/netscape/cmstools/CMCRequest.java index e7a23a85..bb046f5a 100644 --- a/pki/base/java-tools/src/com/netscape/cmstools/CMCRequest.java +++ b/pki/base/java-tools/src/com/netscape/cmstools/CMCRequest.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cmstools; - import java.io.BufferedInputStream; import java.io.BufferedReader; import java.io.ByteArrayInputStream; @@ -85,31 +84,31 @@ import org.mozilla.jss.util.Password; import com.netscape.cmsutil.util.HMACDigest; - /** * Tool for creating CMC full request * * <P> + * * @version $Revision$, $Date$ - * + * */ public class CMCRequest { public static final String PR_REQUEST_CMC = "CMC"; public static final String PR_REQUEST_CRMF = "CRMF"; - public static final int ARGC = 1; + public static final int ARGC = 1; private static final String CERTDB = "cert8.db"; private static final String KEYDB = "key3.db"; public static final String HEADER = "-----BEGIN NEW CERTIFICATE REQUEST-----"; public static final String TRAILER = "-----END NEW CERTIFICATE REQUEST-----"; - - void cleanArgs(String[] s) { - + + void cleanArgs(String[] s) { + } public static X509Certificate getCertificate(String tokenname, - String nickname) throws Exception { + String nickname) throws Exception { CryptoManager manager = CryptoManager.getInstance(); CryptoToken token = null; @@ -133,28 +132,28 @@ public class CMCRequest { } public static java.security.PrivateKey getPrivateKey(String tokenname, String nickname) - throws Exception { + throws Exception { X509Certificate cert = getCertificate(tokenname, nickname); return CryptoManager.getInstance().findPrivKeyByCert(cert); } - /** * getCMCBlob create and return the enrollent request. * <P> + * * @param signerCert the certificate of the authorized signer of the CMC revocation request. * @param nickname the nickname of the certificate inside the token. * @param rValue CRMF/PKCS10 request. - * @param format either crmf or pkcs10 + * @param format either crmf or pkcs10 * @return the CMC enrollment request encoded in base64 */ - static ContentInfo getCMCBlob(X509Certificate signerCert, String nickname, - String[] rValue, String format, CryptoManager manager, String transactionMgtEnable, - String transactionMgtId, String identityProofEnable, String identityProofSharedSecret, - SEQUENCE controlSeq, SEQUENCE otherMsgSeq, int bpid) { - + static ContentInfo getCMCBlob(X509Certificate signerCert, String nickname, + String[] rValue, String format, CryptoManager manager, String transactionMgtEnable, + String transactionMgtId, String identityProofEnable, String identityProofSharedSecret, + SEQUENCE controlSeq, SEQUENCE otherMsgSeq, int bpid) { + String tokenname = "internal"; ContentInfo fullEnrollmentReq = null; @@ -167,59 +166,59 @@ public class CMCRequest { X509CertImpl impl = new X509CertImpl(certB); X500Name issuerName = (X500Name) impl.getIssuerDN(); byte[] issuerByte = issuerName.getEncoded(); - ByteArrayInputStream istream = new ByteArrayInputStream(issuerByte); - + ByteArrayInputStream istream = new ByteArrayInputStream(issuerByte); + Name issuer = (Name) Name.getTemplate().decode(istream); IssuerAndSerialNumber ias = new IssuerAndSerialNumber( - issuer, new INTEGER(serialno.toString())); + issuer, new INTEGER(serialno.toString())); - si = new SignerIdentifier( - SignerIdentifier.ISSUER_AND_SERIALNUMBER, ias, null); + si = new SignerIdentifier( + SignerIdentifier.ISSUER_AND_SERIALNUMBER, ias, null); privKey = getPrivateKey(tokenname, nickname); TaggedRequest trq = null; PKCS10 pkcs = null; CertReqMsg certReqMsg = null; - + // create CMC req SEQUENCE reqSequence = new SEQUENCE(); try { - for (int k=0; k<rValue.length; k++) { - String asciiBASE64Blob = rValue[k]; + for (int k = 0; k < rValue.length; k++) { + String asciiBASE64Blob = rValue[k]; byte[] decodedBytes = com.netscape.osutil.OSUtil.AtoB(asciiBASE64Blob); - + if (format.equals("crmf")) { - ByteArrayInputStream reqBlob = - new ByteArrayInputStream(decodedBytes); + ByteArrayInputStream reqBlob = + new ByteArrayInputStream(decodedBytes); SEQUENCE crmfMsgs = null; - try { - crmfMsgs = (SEQUENCE)new SEQUENCE.OF_Template(new - CertReqMsg.Template()).decode(reqBlob); + try { + crmfMsgs = (SEQUENCE) new SEQUENCE.OF_Template(new + CertReqMsg.Template()).decode(reqBlob); } catch (InvalidBERException ee) { System.out.println("This is not a crmf request. Or this request has an error."); System.exit(1); } int nummsgs = crmfMsgs.size(); - certReqMsg = (CertReqMsg)crmfMsgs.elementAt(0); + certReqMsg = (CertReqMsg) crmfMsgs.elementAt(0); trq = new TaggedRequest(TaggedRequest.CRMF, null, - certReqMsg); + certReqMsg); } else if (format.equals("pkcs10")) { try { pkcs = new PKCS10(decodedBytes); } catch (IllegalArgumentException e) { System.out.println("This is not a PKCS10 request."); System.exit(1); - } + } ByteArrayInputStream crInputStream = new ByteArrayInputStream( - pkcs.toByteArray()); + pkcs.toByteArray()); CertificationRequest cr = (CertificationRequest) - CertificationRequest.getTemplate().decode(crInputStream); + CertificationRequest.getTemplate().decode(crInputStream); TaggedCertificationRequest tcr = new TaggedCertificationRequest( - new INTEGER(bpid++), cr); + new INTEGER(bpid++), cr); trq = new - TaggedRequest(TaggedRequest.PKCS10, tcr, null); + TaggedRequest(TaggedRequest.PKCS10, tcr, null); } else { - System.out.println("Unrecognized request format: "+format); + System.out.println("Unrecognized request format: " + format); System.exit(1); } reqSequence.addElement(trq); @@ -231,19 +230,19 @@ public class CMCRequest { } catch (NoSuchAlgorithmException e) { throw new IOException("Internal Error - " + e.toString()); } - + if (transactionMgtEnable.equals("true")) - bpid = addTransactionAttr(bpid, controlSeq, transactionMgtId, format, - pkcs, certReqMsg); + bpid = addTransactionAttr(bpid, controlSeq, transactionMgtId, format, + pkcs, certReqMsg); if (identityProofEnable.equals("true")) - bpid = addIdentityProofAttr(bpid, controlSeq, reqSequence, - identityProofSharedSecret); + bpid = addIdentityProofAttr(bpid, controlSeq, reqSequence, + identityProofSharedSecret); PKIData pkidata = new PKIData(controlSeq, reqSequence, new SEQUENCE(), otherMsgSeq); - + EncapsulatedContentInfo ci = new - EncapsulatedContentInfo(OBJECT_IDENTIFIER.id_cct_PKIData, pkidata); + EncapsulatedContentInfo(OBJECT_IDENTIFIER.id_cct_PKIData, pkidata); // SHA1 is the default digest Alg for now. DigestAlgorithm digestAlg = null; SignatureAlgorithm signAlg = SignatureAlgorithm.RSASignatureWithSHA1Digest; @@ -253,11 +252,11 @@ public class CMCRequest { signAlg = SignatureAlgorithm.DSASignatureWithSHA1Digest; MessageDigest SHADigest = null; - byte[] digest = null; + byte[] digest = null; try { SHADigest = MessageDigest.getInstance("SHA1"); digestAlg = DigestAlgorithm.SHA1; - + ByteArrayOutputStream ostream = new ByteArrayOutputStream(); pkidata.encode((OutputStream) ostream); @@ -265,18 +264,18 @@ public class CMCRequest { } catch (NoSuchAlgorithmException e) { } SignerInfo signInfo = new - SignerInfo(si, null, null, OBJECT_IDENTIFIER.id_cct_PKIData, digest, signAlg, - (org.mozilla.jss.crypto.PrivateKey) privKey); + SignerInfo(si, null, null, OBJECT_IDENTIFIER.id_cct_PKIData, digest, signAlg, + (org.mozilla.jss.crypto.PrivateKey) privKey); SET signInfos = new SET(); signInfos.addElement(signInfo); - + SET digestAlgs = new SET(); if (digestAlg != null) { AlgorithmIdentifier ai = new AlgorithmIdentifier(digestAlg.toOID(), null); digestAlgs.addElement(ai); } - + org.mozilla.jss.crypto.X509Certificate[] agentChain = manager.buildCertificateChain(signerCert); SET certs = new SET(); @@ -288,7 +287,7 @@ public class CMCRequest { fullEnrollmentReq = new ContentInfo(req); ByteArrayOutputStream bs = new ByteArrayOutputStream(); PrintStream ps = new PrintStream(bs); - + if (fullEnrollmentReq != null) { ByteArrayOutputStream os = new ByteArrayOutputStream(); @@ -300,7 +299,7 @@ public class CMCRequest { System.out.println(""); System.out.println("The CMC enrollment request in base-64 encoded format:"); System.out.println(""); - System.out.println(asciiBASE64Blob); + System.out.println(asciiBASE64Blob); } catch (Exception e) { e.printStackTrace(); System.exit(1); @@ -400,7 +399,7 @@ public class CMCRequest { System.out.println("revRequest.serial=61"); System.out.println(""); System.out.println("#revRequest.reason: The reason for revoking this certificate: "); - System.out.println("# unspecified, keyCompromise, caCompromise,"); + System.out.println("# unspecified, keyCompromise, caCompromise,"); System.out.println("# affiliationChanged, superseded, cessationOfOperation,"); System.out.println("# certificateHold, removeFromCRL"); System.out.println("revRequest.reason=unspecified"); @@ -443,22 +442,22 @@ public class CMCRequest { private static int addLraPopWitnessAttr(int bpid, SEQUENCE seq, String bodyPartIDs) { StringTokenizer tokenizer = new StringTokenizer(bodyPartIDs, " "); - SEQUENCE bodyList = new SEQUENCE(); + SEQUENCE bodyList = new SEQUENCE(); while (tokenizer.hasMoreTokens()) { - String s = (String)tokenizer.nextToken(); + String s = (String) tokenizer.nextToken(); bodyList.addElement(new INTEGER(s)); } LraPopWitness lra = new LraPopWitness(new INTEGER(0), bodyList); TaggedAttribute cont = new TaggedAttribute(new - INTEGER(bpid++), OBJECT_IDENTIFIER.id_cmc_lraPOPWitness, lra); - System.out.println("Successfully create LRA POP witness control. bpid = "+(bpid-1)); - System.out.println(""); + INTEGER(bpid++), OBJECT_IDENTIFIER.id_cmc_lraPOPWitness, lra); + System.out.println("Successfully create LRA POP witness control. bpid = " + (bpid - 1)); + System.out.println(""); seq.addElement(cont); return bpid; } - private static int addConfirmCertAttr(int bpid, SEQUENCE seq, String confirmCertIssuer, - String confirmCertSerial) { + private static int addConfirmCertAttr(int bpid, SEQUENCE seq, String confirmCertIssuer, + String confirmCertSerial) { try { INTEGER serial = new INTEGER(confirmCertSerial); X500Name issuername = new X500Name(confirmCertIssuer); @@ -466,10 +465,10 @@ public class CMCRequest { ANY issuern = new ANY(issuerbyte); CMCCertId cmcCertId = new CMCCertId(issuern, serial, null); TaggedAttribute cmcCertIdControl = new TaggedAttribute(new - INTEGER(bpid++), - OBJECT_IDENTIFIER.id_cmc_idConfirmCertAcceptance, cmcCertId); - System.out.println("Successfully create confirm certificate acceptance control. bpid = "+(bpid-1)); - System.out.println(""); + INTEGER(bpid++), + OBJECT_IDENTIFIER.id_cmc_idConfirmCertAcceptance, cmcCertId); + System.out.println("Successfully create confirm certificate acceptance control. bpid = " + (bpid - 1)); + System.out.println(""); seq.addElement(cmcCertIdControl); } catch (Exception e) { System.out.println("Error in creating confirm certificate acceptance control. Check the parameters."); @@ -501,10 +500,10 @@ public class CMCRequest { System.exit(1); return RevRequest.unspecified; - } + } - private static int addIdentityProofAttr(int bpid, SEQUENCE seq, SEQUENCE reqSequence, - String sharedSecret) { + private static int addIdentityProofAttr(int bpid, SEQUENCE seq, SEQUENCE reqSequence, + String sharedSecret) { byte[] b = ASN1Util.encode(reqSequence); byte[] key = null; byte[] finalDigest = null; @@ -512,8 +511,8 @@ public class CMCRequest { MessageDigest SHA1Digest = MessageDigest.getInstance("SHA1"); key = SHA1Digest.digest(sharedSecret.getBytes()); } catch (NoSuchAlgorithmException ex) { - System.out.println( "CMCRequest::addIdentityProofAttr() - " - + "No such algorithm!" ); + System.out.println("CMCRequest::addIdentityProofAttr() - " + + "No such algorithm!"); return -1; } @@ -526,29 +525,29 @@ public class CMCRequest { } TaggedAttribute identityProof = new TaggedAttribute(new - INTEGER(bpid++), OBJECT_IDENTIFIER.id_cmc_identityProof, - new OCTET_STRING(finalDigest)); + INTEGER(bpid++), OBJECT_IDENTIFIER.id_cmc_identityProof, + new OCTET_STRING(finalDigest)); seq.addElement(identityProof); System.out.println("Identity Proof control: "); System.out.print(" Value: "); - for (int i=0; i<finalDigest.length; i++) { - System.out.print(finalDigest[i]+" "); - } + for (int i = 0; i < finalDigest.length; i++) { + System.out.print(finalDigest[i] + " "); + } System.out.println(""); - System.out.println("Successfully create identityProof control. bpid = "+(bpid-1)); + System.out.println("Successfully create identityProof control. bpid = " + (bpid - 1)); System.out.println(""); - return bpid; + return bpid; } - private static int addRevRequestAttr(int bpid, SEQUENCE seq, SEQUENCE otherMsgSeq, String nickname, - String revRequestIssuer, String revRequestSerial, String revRequestReason, - String revRequestSharedSecret, String revRequestComment, String invalidityDatePresent, - CryptoManager manager) { - try { + private static int addRevRequestAttr(int bpid, SEQUENCE seq, SEQUENCE otherMsgSeq, String nickname, + String revRequestIssuer, String revRequestSerial, String revRequestReason, + String revRequestSharedSecret, String revRequestComment, String invalidityDatePresent, + CryptoManager manager) { + try { if (nickname.length() <= 0) { System.out.println("The nickname for the certificate being revoked is null"); System.exit(1); - } + } String nickname1 = nickname; UTF8String comment = null; OCTET_STRING sharedSecret = null; @@ -558,27 +557,27 @@ public class CMCRequest { ENUMERATED reason = toCRLReason(revRequestReason); if (revRequestSharedSecret.length() > 0) sharedSecret = new OCTET_STRING(revRequestSharedSecret.getBytes()); - if (revRequestComment.length() > 0) + if (revRequestComment.length() > 0) comment = new UTF8String(revRequestComment); if (invalidityDatePresent.equals("true")) d = new GeneralizedTime(new Date()); RevRequest revRequest = - new RevRequest(new ANY(subjectname.getEncoded()), snumber, - reason, d, sharedSecret, comment); + new RevRequest(new ANY(subjectname.getEncoded()), snumber, + reason, d, sharedSecret, comment); int revokeBpid = bpid; TaggedAttribute revRequestControl = new TaggedAttribute( - new INTEGER(bpid++), - OBJECT_IDENTIFIER.id_cmc_revokeRequest, revRequest); + new INTEGER(bpid++), + OBJECT_IDENTIFIER.id_cmc_revokeRequest, revRequest); seq.addElement(revRequestControl); if (sharedSecret != null) { - System.out.println("Successfully create revRequest control. bpid = "+(bpid-1)); + System.out.println("Successfully create revRequest control. bpid = " + (bpid - 1)); System.out.println(""); - return bpid; + return bpid; } EncapsulatedContentInfo revokeContent = new EncapsulatedContentInfo( - OBJECT_IDENTIFIER.id_cct_PKIData, revRequestControl); + OBJECT_IDENTIFIER.id_cct_PKIData, revRequestControl); DigestAlgorithm digestAlg1 = null; SignatureAlgorithm signAlg1 = SignatureAlgorithm.RSASignatureWithSHA1Digest; java.security.PrivateKey revokePrivKey = null; @@ -586,12 +585,12 @@ public class CMCRequest { try { revokeCert = manager.findCertByNickname(nickname1); } catch (ObjectNotFoundException e) { - System.out.println("Certificate not found: "+nickname1); + System.out.println("Certificate not found: " + nickname1); System.exit(1); } revokePrivKey = manager.findPrivKeyByCert(revokeCert); org.mozilla.jss.crypto.PrivateKey.Type signingKeyType1 = - ((org.mozilla.jss.crypto.PrivateKey) revokePrivKey).getType(); + ((org.mozilla.jss.crypto.PrivateKey) revokePrivKey).getType(); if (signingKeyType1.equals(org.mozilla.jss.crypto.PrivateKey.Type.DSA)) signAlg1 = SignatureAlgorithm.DSASignatureWithSHA1Digest; @@ -609,15 +608,15 @@ public class CMCRequest { } ByteArrayInputStream bistream = - new ByteArrayInputStream(subjectname.getEncoded()); - Name iname = (Name)Name.getTemplate().decode(bistream); + new ByteArrayInputStream(subjectname.getEncoded()); + Name iname = (Name) Name.getTemplate().decode(bistream); IssuerAndSerialNumber ias1 = new IssuerAndSerialNumber(iname, snumber); SignerIdentifier rsi = new SignerIdentifier( - SignerIdentifier.ISSUER_AND_SERIALNUMBER, ias1, null); + SignerIdentifier.ISSUER_AND_SERIALNUMBER, ias1, null); SignerInfo signInfo1 = new SignerInfo(rsi, null, null, - OBJECT_IDENTIFIER.id_cct_PKIData, rdigest, signAlg1, + OBJECT_IDENTIFIER.id_cct_PKIData, rdigest, signAlg1, (org.mozilla.jss.crypto.PrivateKey) revokePrivKey); SET signInfos1 = new SET(); @@ -629,29 +628,29 @@ public class CMCRequest { } org.mozilla.jss.crypto.X509Certificate[] revokeCertChain = - manager.buildCertificateChain(revokeCert); + manager.buildCertificateChain(revokeCert); SET certs1 = new SET(); - for (int i=0; i<revokeCertChain.length; i++) { + for (int i = 0; i < revokeCertChain.length; i++) { ANY cert1 = new ANY(revokeCertChain[i].getEncoded()); certs1.addElement(cert1); } - SignedData sData = new SignedData(digestAlgs1, revokeContent, certs1, null, signInfos1); + SignedData sData = new SignedData(digestAlgs1, revokeContent, certs1, null, signInfos1); OBJECT_IDENTIFIER signedDataOID = new OBJECT_IDENTIFIER("1.2.840.113549.1.7.2"); ByteArrayOutputStream bos1 = new ByteArrayOutputStream(); sData.encode(bos1); OtherMsg otherMsg = new OtherMsg(new INTEGER(revokeBpid), signedDataOID, new ANY(bos1.toByteArray())); otherMsgSeq.addElement(otherMsg); - System.out.println("Successfully create revRequest control. bpid = "+(bpid-1)); + System.out.println("Successfully create revRequest control. bpid = " + (bpid - 1)); System.out.println(""); } catch (Exception e) { System.out.println("Error in creating revRequest control. Check the parameters."); System.exit(1); } - + return bpid; } - + private static int addGetCertAttr(int bpid, SEQUENCE seq, String issuer, String serial) { try { INTEGER serialno = new INTEGER(serial); @@ -660,16 +659,16 @@ public class CMCRequest { ANY issuern = new ANY(issuerbyte); GetCert getCert = new GetCert(issuern, serialno); TaggedAttribute getCertControl = new TaggedAttribute(new - INTEGER(bpid++), - OBJECT_IDENTIFIER.id_cmc_getCert, getCert); - System.out.println("Successfully create get certificate control. bpid = "+(bpid-1)); + INTEGER(bpid++), + OBJECT_IDENTIFIER.id_cmc_getCert, getCert); + System.out.println("Successfully create get certificate control. bpid = " + (bpid - 1)); System.out.println(""); seq.addElement(getCertControl); } catch (Exception e) { System.out.println("Error in creating get certificate control. Check the parameters."); System.exit(1); } - + return bpid; } @@ -678,15 +677,15 @@ public class CMCRequest { byte bvalue[] = str.getBytes(); System.out.println("Data Return Control: "); String ss = " Value: "; - for (int m=0; m<bvalue.length; m++) { - ss = ss+bvalue[m]+" "; + for (int m = 0; m < bvalue.length; m++) { + ss = ss + bvalue[m] + " "; } System.out.println(ss); OCTET_STRING s = new OCTET_STRING(bvalue); TaggedAttribute dataReturnControl = new TaggedAttribute(new - INTEGER(bpid++), OBJECT_IDENTIFIER.id_cmc_dataReturn, s); + INTEGER(bpid++), OBJECT_IDENTIFIER.id_cmc_dataReturn, s); seq.addElement(dataReturnControl); - System.out.println("Successfully create data return control. bpid = "+(bpid-1)); + System.out.println("Successfully create data return control. bpid = " + (bpid - 1)); System.out.println(""); } catch (Exception e) { System.out.println("Error in creating data return control. Check the parameters."); @@ -696,8 +695,8 @@ public class CMCRequest { return bpid; } - private static int addTransactionAttr(int bpid, SEQUENCE seq, String id, String format, - PKCS10 pkcs, CertReqMsg certReqMsg) { + private static int addTransactionAttr(int bpid, SEQUENCE seq, String id, String format, + PKCS10 pkcs, CertReqMsg certReqMsg) { byte[] transId = null; Date date = new Date(); String salt = "lala123" + date.toString(); @@ -718,21 +717,21 @@ public class CMCRequest { transId = salt.getBytes(); } } else { - transId = id.getBytes(); + transId = id.getBytes(); } - if( transId == null ) { - System.out.println( "CMCRequest::addTransactionAttr() - " - + "transId is null!" ); + if (transId == null) { + System.out.println("CMCRequest::addTransactionAttr() - " + + "transId is null!"); return -1; } INTEGER ii = new INTEGER(1, transId); TaggedAttribute transactionId = new TaggedAttribute(new - INTEGER(bpid++), OBJECT_IDENTIFIER.id_cmc_transactionId, ii); + INTEGER(bpid++), OBJECT_IDENTIFIER.id_cmc_transactionId, ii); System.out.println("Transaction ID control: "); - System.out.println(" Value: "+ii.toString()); - System.out.println("Successfully create transaction management control. bpid = "+(bpid-1)); + System.out.println(" Value: " + ii.toString()); + System.out.println("Successfully create transaction management control. bpid = " + (bpid - 1)); System.out.println(""); seq.addElement(transactionId); @@ -758,64 +757,64 @@ public class CMCRequest { sn = com.netscape.osutil.OSUtil.BtoA(dig); } - byte bb[] = sn.getBytes(); + byte bb[] = sn.getBytes(); System.out.println("SenderNonce control: "); String ss = " Value: "; - for (int m=0; m<bb.length; m++) { - ss = ss+bb[m]+" "; + for (int m = 0; m < bb.length; m++) { + ss = ss + bb[m] + " "; } System.out.println(ss); TaggedAttribute senderNonce = new TaggedAttribute(new - INTEGER(bpid++), OBJECT_IDENTIFIER.id_cmc_senderNonce, - new OCTET_STRING(sn.getBytes())); - System.out.println("Successfully create sender nonce control. bpid = "+(bpid-1)); + INTEGER(bpid++), OBJECT_IDENTIFIER.id_cmc_senderNonce, + new OCTET_STRING(sn.getBytes())); + System.out.println("Successfully create sender nonce control. bpid = " + (bpid - 1)); System.out.println(""); seq.addElement(senderNonce); return bpid; } private static int addPopLinkWitnessAttr(int bpid, SEQUENCE controlSeq) { -byte[] seed = -{0x10, 0x53, 0x42, 0x24, 0x1a, 0x2a, 0x35, 0x3c, - 0x7a, 0x52, 0x54, 0x56, 0x71, 0x65, 0x66, 0x4c, - 0x51, 0x34, 0x35, 0x23, 0x3c, 0x42, 0x43, 0x45, - 0x61, 0x4f, 0x6e, 0x43, 0x1e, 0x2a, 0x2b, 0x31, - 0x32, 0x34, 0x35, 0x36, 0x55, 0x51, 0x48, 0x14, - 0x16, 0x29, 0x41, 0x42, 0x43, 0x7b, 0x63, 0x44, - 0x6a, 0x12, 0x6b, 0x3c, 0x4c, 0x3f, 0x00, 0x14, - 0x51, 0x61, 0x15, 0x22, 0x23, 0x5f, 0x5e, 0x69}; + byte[] seed = + { 0x10, 0x53, 0x42, 0x24, 0x1a, 0x2a, 0x35, 0x3c, + 0x7a, 0x52, 0x54, 0x56, 0x71, 0x65, 0x66, 0x4c, + 0x51, 0x34, 0x35, 0x23, 0x3c, 0x42, 0x43, 0x45, + 0x61, 0x4f, 0x6e, 0x43, 0x1e, 0x2a, 0x2b, 0x31, + 0x32, 0x34, 0x35, 0x36, 0x55, 0x51, 0x48, 0x14, + 0x16, 0x29, 0x41, 0x42, 0x43, 0x7b, 0x63, 0x44, + 0x6a, 0x12, 0x6b, 0x3c, 0x4c, 0x3f, 0x00, 0x14, + 0x51, 0x61, 0x15, 0x22, 0x23, 0x5f, 0x5e, 0x69 }; TaggedAttribute idPOPLinkRandom = new TaggedAttribute(new - INTEGER(bpid++), OBJECT_IDENTIFIER.id_cmc_idPOPLinkRandom, - new OCTET_STRING(seed)); + INTEGER(bpid++), OBJECT_IDENTIFIER.id_cmc_idPOPLinkRandom, + new OCTET_STRING(seed)); controlSeq.addElement(idPOPLinkRandom); - System.out.println("Successfully create PopLinkWitness control. bpid = "+(bpid-1)); - System.out.println(""); + System.out.println("Successfully create PopLinkWitness control. bpid = " + (bpid - 1)); + System.out.println(""); return bpid; } - public static void main(String[]s) { - String numRequests=null; - String dbdir=null, nickname=null; - String ifilename=null, ofilename=null, password=null, format=null; + public static void main(String[] s) { + String numRequests = null; + String dbdir = null, nickname = null; + String ifilename = null, ofilename = null, password = null, format = null; FileOutputStream outputBlob = null; String confirmCertEnable = "false", confirmCertIssuer = null, confirmCertSerial = null; String getCertEnable = "false", getCertIssuer = null, getCertSerial = null; - String dataReturnEnable = "false", dataReturnData = null; + String dataReturnEnable = "false", dataReturnData = null; String transactionMgtEnable = "false", transactionMgtId = null; String senderNonceEnable = "false", senderNonce = null; String revCertNickname = ""; - String revRequestEnable = "false", revRequestIssuer = null, revRequestSerial= null; + String revRequestEnable = "false", revRequestIssuer = null, revRequestSerial = null; String revRequestReason = null, revRequestSharedSecret = null, revRequestComment = null; String revRequestInvalidityDatePresent = "false"; String identityProofEnable = "false", identityProofSharedSecret = null; String popLinkWitnessEnable = "false"; String bodyPartIDs = null, lraPopWitnessEnable = "false"; - System.out.println(""); + System.out.println(""); // Check that the correct # of arguments were submitted to the program - if( s.length != ( ARGC ) ) { + if (s.length != (ARGC)) { System.out.println("Wrong number of parameters:" + s.length); printUsage(); } @@ -825,16 +824,16 @@ byte[] seed = try { reader = new BufferedReader(new InputStreamReader( new BufferedInputStream( - new FileInputStream( - configFile)))); + new FileInputStream( + configFile)))); } catch (FileNotFoundException e) { - System.out.println("CMCRequest: can't find configuration file: "+configFile); + System.out.println("CMCRequest: can't find configuration file: " + configFile); printUsage(); } catch (Exception e) { e.printStackTrace(); System.exit(1); } - + try { String str = ""; while ((str = reader.readLine()) != null) { @@ -842,14 +841,14 @@ byte[] seed = if (!str.startsWith("#") && str.length() > 0) { int index = str.indexOf("="); String name = ""; - String val = ""; + String val = ""; if (index == -1) { - System.out.println("Error in configuration file: "+str); + System.out.println("Error in configuration file: " + str); System.exit(1); } name = str.substring(0, index); - if (index != str.length()-1) - val = str.substring(index+1); + if (index != str.length() - 1) + val = str.substring(index + 1); if (name.equals("format")) { format = val; @@ -942,15 +941,15 @@ byte[] seed = } StringTokenizer tokenizer = new StringTokenizer(ifilename, " "); - String[] ifiles = new String[num]; - for (int i=0; i<num; i++) { - String ss = (String)tokenizer.nextToken(); + String[] ifiles = new String[num]; + for (int i = 0; i < num; i++) { + String ss = (String) tokenizer.nextToken(); ifiles[i] = ss; if (ss == null) { System.out.println("Missing input file for the request."); System.exit(1); } - } + } if (ofilename == null) { System.out.println("Missing output filename for the CMC request."); @@ -975,13 +974,13 @@ byte[] seed = try { // initialize CryptoManager if (dbdir == null) - dbdir = "."; - String mPrefix = ""; + dbdir = "."; + String mPrefix = ""; System.out.println("cert/key prefix = " + mPrefix); System.out.println("path = " + dbdir); CryptoManager.InitializationValues vals = - new CryptoManager.InitializationValues(dbdir, mPrefix, - mPrefix, "secmod.db"); + new CryptoManager.InitializationValues(dbdir, mPrefix, + mPrefix, "secmod.db"); CryptoManager.initialize(vals); CryptoManager cm = CryptoManager.getInstance(); @@ -992,18 +991,18 @@ byte[] seed = CryptoStore store = token.getCryptoStore(); X509Certificate[] list = store.getCertificates(); X509Certificate signerCert = null; - + signerCert = cm.findCertByNickname(nickname); - + String[] requests = new String[num]; - for (int i=0; i<num; i++) { + for (int i = 0; i < num; i++) { BufferedReader inputBlob = null; try { inputBlob = new BufferedReader(new InputStreamReader( - new BufferedInputStream(new FileInputStream(ifiles[i])))); + new BufferedInputStream(new FileInputStream(ifiles[i])))); } catch (FileNotFoundException e) { System.out.println("CMCRequest: can't find file " + - ifiles[i] + ":\n" + e); + ifiles[i] + ":\n" + e); } catch (Exception e) { e.printStackTrace(); System.exit(1); @@ -1018,25 +1017,25 @@ byte[] seed = try { while ((asciiBASE64BlobChunk = inputBlob.readLine()) != null) { if (!(asciiBASE64BlobChunk.startsWith(HEADER)) && - !(asciiBASE64BlobChunk.startsWith(TRAILER))) { + !(asciiBASE64BlobChunk.startsWith(TRAILER))) { asciiBASE64Blob += asciiBASE64BlobChunk.trim(); } } requests[i] = asciiBASE64Blob; } catch (IOException e) { System.out.println("CMCRequest: Unexpected BASE64 " + - "encoded error encountered in readLine():\n" + - e); + "encoded error encountered in readLine():\n" + + e); } // (4) Close the DataInputStream() object try { inputBlob.close(); } catch (IOException e) { System.out.println("CMCRequest(): Unexpected BASE64 " + - "encoded error encountered in close():\n" + e); + "encoded error encountered in close():\n" + e); } - } - + } + SEQUENCE controlSeq = new SEQUENCE(); int bpid = 1; if (confirmCertEnable.equalsIgnoreCase("true")) { @@ -1047,13 +1046,13 @@ byte[] seed = } bpid = addConfirmCertAttr(bpid, controlSeq, confirmCertIssuer, confirmCertSerial); } - + if (lraPopWitnessEnable.equalsIgnoreCase("true")) { if (bodyPartIDs.length() == 0) { System.out.println("Illegal parameters for Lra Pop Witness control"); printUsage(); System.exit(1); - } + } bpid = addLraPopWitnessAttr(bpid, controlSeq, bodyPartIDs); } @@ -1064,7 +1063,7 @@ byte[] seed = printUsage(); System.exit(1); } - + bpid = addGetCertAttr(bpid, controlSeq, getCertIssuer, getCertSerial); } @@ -1086,46 +1085,46 @@ byte[] seed = SEQUENCE otherMsgSeq = new SEQUENCE(); if (revRequestEnable.equalsIgnoreCase("true")) { - if (revRequestIssuer.length() == 0 || revRequestSerial.length() == 0 || - revRequestReason.length() == 0) { + if (revRequestIssuer.length() == 0 || revRequestSerial.length() == 0 || + revRequestReason.length() == 0) { System.out.println("Illegal parameters for revRequest control"); printUsage(); System.exit(1); } - bpid = addRevRequestAttr(bpid, controlSeq, otherMsgSeq, revCertNickname, - revRequestIssuer, revRequestSerial, revRequestReason, revRequestSharedSecret, - revRequestComment, revRequestInvalidityDatePresent, cm); + bpid = addRevRequestAttr(bpid, controlSeq, otherMsgSeq, revCertNickname, + revRequestIssuer, revRequestSerial, revRequestReason, revRequestSharedSecret, + revRequestComment, revRequestInvalidityDatePresent, cm); } - - ContentInfo cmcblob = getCMCBlob(signerCert, nickname, requests, format, - cm, transactionMgtEnable, transactionMgtId, identityProofEnable, - identityProofSharedSecret, controlSeq, otherMsgSeq, bpid); + + ContentInfo cmcblob = getCMCBlob(signerCert, nickname, requests, format, + cm, transactionMgtEnable, transactionMgtId, identityProofEnable, + identityProofSharedSecret, controlSeq, otherMsgSeq, bpid); // (6) Finally, print the actual CMC blob to the // specified output file - FileOutputStream os = null; + FileOutputStream os = null; try { os = new FileOutputStream(ofilename); cmcblob.encode(os); System.out.println(""); System.out.println(""); - System.out.println("The CMC enrollment request in binary format is stored in "+ - ofilename+"."); + System.out.println("The CMC enrollment request in binary format is stored in " + + ofilename + "."); } catch (IOException e) { - System.out.println("CMCRequest: unable to open file " +ofilename+ - " for writing:\n" + e); + System.out.println("CMCRequest: unable to open file " + ofilename + + " for writing:\n" + e); } - + try { os.close(); } catch (IOException e) { System.out.println("CMCRequest: Unexpected error " + - "encountered while attempting to close() " + - "\n" + e); + "encountered while attempting to close() " + + "\n" + e); } - - }catch (Exception e) { + + } catch (Exception e) { e.printStackTrace(); System.exit(1); } diff --git a/pki/base/java-tools/src/com/netscape/cmstools/CMCResponse.java b/pki/base/java-tools/src/com/netscape/cmstools/CMCResponse.java index 33fce125..16373cdc 100644 --- a/pki/base/java-tools/src/com/netscape/cmstools/CMCResponse.java +++ b/pki/base/java-tools/src/com/netscape/cmstools/CMCResponse.java @@ -44,11 +44,11 @@ import org.mozilla.jss.pkix.cms.EncapsulatedContentInfo; * Tool for parsing a CMC response * * <P> + * * @version $Revision$, $Date$ - * + * */ -public class CMCResponse -{ +public class CMCResponse { public CMCResponse() { } @@ -61,17 +61,17 @@ public class CMCResponse while (fis.available() > 0) fis.read(bb, 0, 10000); } catch (Exception e) { - System.out.println("Error reading the response. Exception: "+e.toString()); + System.out.println("Error reading the response. Exception: " + e.toString()); System.exit(1); } try { ByteArrayInputStream bis = new ByteArrayInputStream(bb); org.mozilla.jss.pkix.cms.ContentInfo cii = (org.mozilla.jss.pkix.cms.ContentInfo) - org.mozilla.jss.pkix.cms.ContentInfo.getTemplate().decode(bis); + org.mozilla.jss.pkix.cms.ContentInfo.getTemplate().decode(bis); - org.mozilla.jss.pkix.cms.SignedData cmcFullResp = - (org.mozilla.jss.pkix.cms.SignedData)cii.getInterpretedContent(); + org.mozilla.jss.pkix.cms.SignedData cmcFullResp = + (org.mozilla.jss.pkix.cms.SignedData) cii.getInterpretedContent(); String content = ""; if (cmcFullResp.hasCertificates()) { @@ -85,7 +85,7 @@ public class CMCResponse content += print.toString(Locale.getDefault()); } } - + System.out.println("Certificates: "); System.out.println(content); System.out.println(""); @@ -94,7 +94,7 @@ public class CMCResponse OBJECT_IDENTIFIER dataid = new OBJECT_IDENTIFIER("1.2.840.113549.1.7.1"); if (!id.equals(OBJECT_IDENTIFIER.id_cct_PKIResponse) && !id.equals(dataid)) { System.out.println("Invalid CMC Response Format"); - } + } if (!ci.hasContent()) return; @@ -103,39 +103,39 @@ public class CMCResponse ByteArrayInputStream bbis = new ByteArrayInputStream(content1.toByteArray()); ResponseBody responseBody = (ResponseBody) (new ResponseBody.Template()).decode(bbis); SEQUENCE controlSequence = responseBody.getControlSequence(); - + int numControls = controlSequence.size(); - System.out.println("Number of controls is "+numControls); + System.out.println("Number of controls is " + numControls); INTEGER bodyPartId = null; String error = ""; - for (int i=0; i<numControls; i++) { + for (int i = 0; i < numControls; i++) { TaggedAttribute taggedAttr = (TaggedAttribute) controlSequence.elementAt(i); OBJECT_IDENTIFIER type = taggedAttr.getType(); if (type.equals(OBJECT_IDENTIFIER.id_cmc_cMCStatusInfo)) { - System.out.println("Control #"+i+": CMCStatusInfo"); - System.out.println(" OID: "+type.toString()); + System.out.println("Control #" + i + ": CMCStatusInfo"); + System.out.println(" OID: " + type.toString()); SET sts = taggedAttr.getValues(); int numSts = sts.size(); for (int j = 0; j < numSts; j++) { - CMCStatusInfo cst = (CMCStatusInfo)ASN1Util.decode(CMCStatusInfo.getTemplate(), - ASN1Util.encode(sts.elementAt(j))); + CMCStatusInfo cst = (CMCStatusInfo) ASN1Util.decode(CMCStatusInfo.getTemplate(), + ASN1Util.encode(sts.elementAt(j))); SEQUENCE seq = cst.getBodyList(); - + String s = " BodyList: "; - for (int k=0; k < seq.size(); k++) { - INTEGER n = (INTEGER)seq.elementAt(k); - s = s+n.toString()+" "; - } + for (int k = 0; k < seq.size(); k++) { + INTEGER n = (INTEGER) seq.elementAt(k); + s = s + n.toString() + " "; + } System.out.println(s); int st = cst.getStatus(); if (st != CMCStatusInfo.SUCCESS && st != CMCStatusInfo.CONFIRM_REQUIRED) { String stString = cst.getStatusString(); if (stString != null) - System.out.println(" Status String: "+stString); + System.out.println(" Status String: " + stString); OtherInfo oi = cst.getOtherInfo(); - OtherInfo.Type t = oi.getType(); + OtherInfo.Type t = oi.getType(); if (t == OtherInfo.FAIL) System.out.println(" OtherInfo type: FAIL"); else if (t == OtherInfo.PEND) { @@ -147,7 +147,7 @@ public class CMCResponse String datePattern = "dd/MMM/yyyy:HH:mm:ss z"; SimpleDateFormat dateFormat = new SimpleDateFormat(datePattern); Date d = pi.getPendTime().toDate(); - System.out.println(" Date: "+dateFormat.format(d)); + System.out.println(" Date: " + dateFormat.format(d)); } } } else if (st == CMCStatusInfo.SUCCESS) { @@ -155,63 +155,63 @@ public class CMCResponse } } } else if (type.equals(OBJECT_IDENTIFIER.id_cmc_transactionId)) { - System.out.println("Control #"+i+": CMC Transaction Id"); - System.out.println(" OID: "+type.toString()); - SET transIds = taggedAttr.getValues(); - INTEGER num = (INTEGER)(ASN1Util.decode(INTEGER.getTemplate(), - ASN1Util.encode(transIds.elementAt(0)))); - System.out.println(" INTEGER: "+num); + System.out.println("Control #" + i + ": CMC Transaction Id"); + System.out.println(" OID: " + type.toString()); + SET transIds = taggedAttr.getValues(); + INTEGER num = (INTEGER) (ASN1Util.decode(INTEGER.getTemplate(), + ASN1Util.encode(transIds.elementAt(0)))); + System.out.println(" INTEGER: " + num); } else if (type.equals(OBJECT_IDENTIFIER.id_cmc_recipientNonce)) { - System.out.println("Control #"+i+": CMC Recipient Nonce"); - System.out.println(" OID: "+type.toString()); + System.out.println("Control #" + i + ": CMC Recipient Nonce"); + System.out.println(" OID: " + type.toString()); SET recipientN = taggedAttr.getValues(); - OCTET_STRING str = - (OCTET_STRING)(ASN1Util.decode(OCTET_STRING.getTemplate(), - ASN1Util.encode(recipientN.elementAt(0)))); + OCTET_STRING str = + (OCTET_STRING) (ASN1Util.decode(OCTET_STRING.getTemplate(), + ASN1Util.encode(recipientN.elementAt(0)))); byte b[] = str.toByteArray(); String s = " Value: "; - for (int m=0; m<b.length; m++) { - s = s+b[m]+" "; + for (int m = 0; m < b.length; m++) { + s = s + b[m] + " "; } System.out.println(s); } else if (type.equals(OBJECT_IDENTIFIER.id_cmc_senderNonce)) { - System.out.println("Control #"+i+": CMC Sender Nonce"); - System.out.println(" OID: "+type.toString()); + System.out.println("Control #" + i + ": CMC Sender Nonce"); + System.out.println(" OID: " + type.toString()); SET senderN = taggedAttr.getValues(); - OCTET_STRING str = - (OCTET_STRING)(ASN1Util.decode(OCTET_STRING.getTemplate(), - ASN1Util.encode(senderN.elementAt(0)))); + OCTET_STRING str = + (OCTET_STRING) (ASN1Util.decode(OCTET_STRING.getTemplate(), + ASN1Util.encode(senderN.elementAt(0)))); byte b[] = str.toByteArray(); String s = " Value: "; - for (int m=0; m<b.length; m++) { - s = s+b[m]+" "; + for (int m = 0; m < b.length; m++) { + s = s + b[m] + " "; } System.out.println(s); } else if (type.equals(OBJECT_IDENTIFIER.id_cmc_dataReturn)) { - System.out.println("Control #"+i+": CMC Data Return"); - System.out.println(" OID: "+type.toString()); + System.out.println("Control #" + i + ": CMC Data Return"); + System.out.println(" OID: " + type.toString()); SET dataReturn = taggedAttr.getValues(); - OCTET_STRING str = - (OCTET_STRING)(ASN1Util.decode(OCTET_STRING.getTemplate(), - ASN1Util.encode(dataReturn.elementAt(0)))); + OCTET_STRING str = + (OCTET_STRING) (ASN1Util.decode(OCTET_STRING.getTemplate(), + ASN1Util.encode(dataReturn.elementAt(0)))); byte b[] = str.toByteArray(); String s = " Value: "; - for (int m=0; m<b.length; m++) { - s = s+b[m]+" "; + for (int m = 0; m < b.length; m++) { + s = s + b[m] + " "; } System.out.println(s); } } } catch (Exception e) { - System.out.println("Error found in the response. Exception: "+e.toString()); + System.out.println("Error found in the response. Exception: " + e.toString()); System.exit(1); - + } } private static void printUsage() { System.out.println(""); - System.out.println("Usage: CMCResponse -d <pathname for cert8.db> -i <pathname for CMC response in binary format> "); + System.out.println("Usage: CMCResponse -d <pathname for cert8.db> -i <pathname for CMC response in binary format> "); } public static void main(String args[]) { @@ -221,11 +221,11 @@ public class CMCResponse System.exit(1); } - for (int i=0; i<args.length; i++) { + for (int i = 0; i < args.length; i++) { if (args[i].equals("-d")) - path = args[i+1]; + path = args[i + 1]; else if (args[i].equals("-i")) - filename = args[i+1]; + filename = args[i + 1]; } if (filename == null || path == null) { diff --git a/pki/base/java-tools/src/com/netscape/cmstools/CMCRevoke.java b/pki/base/java-tools/src/com/netscape/cmstools/CMCRevoke.java index 85bdf5b1..647e5a97 100644 --- a/pki/base/java-tools/src/com/netscape/cmstools/CMCRevoke.java +++ b/pki/base/java-tools/src/com/netscape/cmstools/CMCRevoke.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cmstools; - import java.io.ByteArrayInputStream; import java.io.ByteArrayOutputStream; import java.io.FileOutputStream; @@ -61,27 +60,26 @@ import org.mozilla.jss.pkix.primitive.AlgorithmIdentifier; import org.mozilla.jss.pkix.primitive.Name; import org.mozilla.jss.util.Password; - - /** * Tool for signing a CMC revocation request with an agent's certificate. * * <P> + * * @version $Revision$, $Date$ */ public class CMCRevoke { - public static final int ARGC = 7; + public static final int ARGC = 7; private static final String CERTDB = "cert8.db"; private static final String KEYDB = "key3.db"; public static final String HEADER = "-----BEGIN NEW CERTIFICATE REQUEST-----"; public static final String TRAILER = "-----END NEW CERTIFICATE REQUEST-----"; static String dValue = null, nValue = null, iValue = null, sValue = null, mValue = null, hValue = null, cValue = null; - public static final String CMS_BASE_CA_SIGNINGCERT_NOT_FOUND="CA signing certificate not found"; + public static final String CMS_BASE_CA_SIGNINGCERT_NOT_FOUND = "CA signing certificate not found"; public static final String PR_INTERNAL_TOKEN_NAME = "internal"; public static final String PR_REQUEST_CMC = "CMC"; - static String cleanArgs(String s) { + static String cleanArgs(String s) { if (s.startsWith("\"") && s.endsWith("\"")) return s.substring(1, s.length() - 2); else if (s.startsWith("\'") && s.endsWith("\'")) @@ -89,94 +87,94 @@ public class CMCRevoke { else return s; } - + /** - * Creates a new instance of CMCRevoke. + * Creates a new instance of CMCRevoke. */ - public static void main(String[]s) { - + public static void main(String[] s) { + FileOutputStream outputBlob = null; - + // default path is "." String mPath = "."; // default prefix is "" String mPrefix = ""; - + boolean bWrongParam = false; // (1) Check that two arguments were submitted to the program if (s.length != (ARGC) && s.length != (ARGC - 1)) { - + bWrongParam = true; System.out.println("Wrong number of parameters:" + s.length); System.out.println("Usage: CMCRevoke " + - "-d<dir to cert8.db, key3.db> " + - "-n<nickname> " + - "-i<issuerName> " + - "-s<serialName> " + - "-m<reason to revoke> " + - "-h<password to db> " + - "-c<comment> "); + "-d<dir to cert8.db, key3.db> " + + "-n<nickname> " + + "-i<issuerName> " + + "-s<serialName> " + + "-m<reason to revoke> " + + "-h<password to db> " + + "-c<comment> "); for (int i = 0; i < s.length; i++) { System.out.println(i + ":" + s[i]); } - }else { + } else { int length; int i; - + length = s.length; for (i = 0; i < length; i++) { if (s[i].startsWith("-d")) { dValue = cleanArgs(s[i].substring(2)); - } else if (s[i].startsWith("-n")) { + } else if (s[i].startsWith("-n")) { nValue = cleanArgs(s[i].substring(2)); - } else if (s[i].startsWith("-i")) { + } else if (s[i].startsWith("-i")) { iValue = cleanArgs(s[i].substring(2)); - } else if (s[i].startsWith("-s")) { + } else if (s[i].startsWith("-s")) { sValue = cleanArgs(s[i].substring(2)); - } else if (s[i].startsWith("-m")) { + } else if (s[i].startsWith("-m")) { mValue = cleanArgs(s[i].substring(2)); - } else if (s[i].startsWith("-h")) { + } else if (s[i].startsWith("-h")) { hValue = cleanArgs(s[i].substring(2)); - } else if (s[i].startsWith("-c")) { + } else if (s[i].startsWith("-c")) { cValue = cleanArgs(s[i].substring(2)); } - + } // optional parameter if (cValue == null) cValue = new String(); - if (dValue == null || nValue == null || iValue == null || sValue == null || mValue == null || hValue == null) + if (dValue == null || nValue == null || iValue == null || sValue == null || mValue == null || hValue == null) bWrongParam = true; - else if (dValue.length() == 0 || nValue.length() == 0 || iValue.length() == 0 || - sValue.length() == 0 || mValue.length() == 0 || hValue.length() == 0) + else if (dValue.length() == 0 || nValue.length() == 0 || iValue.length() == 0 || + sValue.length() == 0 || mValue.length() == 0 || hValue.length() == 0) bWrongParam = true; - + if (bWrongParam == true) { System.out.println("Usage: CMCRevoke " + - "-d<dir to cert8.db, key3.db> " + - "-n<nickname> " + - "-i<issuerName> " + - "-s<serialName> " + - "-m<reason to revoke> " + - "-h<password to db> " + - "-c<comment> "); + "-d<dir to cert8.db, key3.db> " + + "-n<nickname> " + + "-i<issuerName> " + + "-s<serialName> " + + "-m<reason to revoke> " + + "-h<password to db> " + + "-c<comment> "); for (i = 0; i < s.length; i++) { System.out.println(i + ":" + s[i]); } System.exit(0); } - + try { // initialize CryptoManager mPath = dValue; System.out.println("cert/key prefix = " + mPrefix); System.out.println("path = " + mPath); CryptoManager.InitializationValues vals = - new CryptoManager.InitializationValues(mPath, mPrefix, mPrefix, "secmod.db"); + new CryptoManager.InitializationValues(mPath, mPrefix, mPrefix, "secmod.db"); CryptoManager.initialize(vals); - + CryptoManager cm = CryptoManager.getInstance(); CryptoToken token = cm.getInternalKeyStorageToken(); Password pass = new Password(hValue.toCharArray()); @@ -185,16 +183,16 @@ public class CMCRevoke { CryptoStore store = token.getCryptoStore(); X509Certificate[] list = store.getCertificates(); X509Certificate signerCert = null; - + signerCert = cm.findCertByNickname(nValue); String outBlob = createRevokeReq(signerCert, cm, nValue); printCMCRevokeRequest(outBlob); - }catch (Exception e) { + } catch (Exception e) { e.printStackTrace(); System.exit(1); } - + return; } } @@ -202,10 +200,11 @@ public class CMCRevoke { /** * printout CMC revoke request in Base64 encoding to a file CMCRevoke.out * <P> + * * @param asciiBASE64Blob the ascii string of the request */ static void printCMCRevokeRequest(String asciiBASE64Blob) { - + // (6) Finally, print the actual CMCSigning blob to the // specified output file FileOutputStream outputBlob = null; @@ -216,7 +215,7 @@ public class CMCRevoke { System.out.println("CMCSigning: unable to open file CMCRevoke.out for writing:\n" + e); return; } - + System.out.println(HEADER); System.out.println(asciiBASE64Blob + TRAILER); try { @@ -224,29 +223,30 @@ public class CMCRevoke { outputBlob.write(asciiBASE64Blob.getBytes()); } catch (IOException e) { System.out.println("CMCSigning: I/O error " + - "encountered during write():\n" + - e); + "encountered during write():\n" + + e); } - + try { outputBlob.close(); } catch (IOException e) { System.out.println("CMCSigning: Unexpected error " + - "encountered while attempting to close() " + - "\n" + e); + "encountered while attempting to close() " + + "\n" + e); } } /** * getCertificate find the certicate inside the token by its nickname. * <P> + * * @param manager the CrytoManager * @param tokenname the name of the token. it's set to "internal". * @param nickname the nickname of the certificate inside the token. * @return the X509Certificate. */ public static X509Certificate getCertificate(CryptoManager manager, String tokenname, - String nickname) throws NoSuchTokenException, + String nickname) throws NoSuchTokenException, Exception, TokenException { CryptoToken token = null; @@ -272,19 +272,20 @@ public class CMCRevoke { /** * createRevokeReq create and return the revocation request. * <P> + * * @param signerCert the certificate of the authorized signer of the CMC revocation request. * @param manager the crypto manger. * @param nValue the nickname of the certificate inside the token. * @return the CMC revocation request encoded in base64 */ - static String createRevokeReq(X509Certificate signerCert, CryptoManager manager, String nValue) { + static String createRevokeReq(X509Certificate signerCert, CryptoManager manager, String nValue) { java.security.PrivateKey privKey = null; SignerIdentifier si = null; ContentInfo fullEnrollmentReq = null; String tokenname = "internal"; String asciiBASE64Blob = new String(); - + try { String hasSki = "true"; @@ -294,23 +295,23 @@ public class CMCRevoke { X509CertImpl impl = new X509CertImpl(certB); X500Name issuerName = (X500Name) impl.getIssuerDN(); byte[] issuerByte = issuerName.getEncoded(); - ByteArrayInputStream istream = new ByteArrayInputStream(issuerByte); - + ByteArrayInputStream istream = new ByteArrayInputStream(issuerByte); + Name issuer = (Name) Name.getTemplate().decode(istream); IssuerAndSerialNumber ias = new IssuerAndSerialNumber(issuer, new INTEGER(serialno.toString())); - si = new SignerIdentifier(SignerIdentifier.ISSUER_AND_SERIALNUMBER, ias, null); + si = new SignerIdentifier(SignerIdentifier.ISSUER_AND_SERIALNUMBER, ias, null); X509Certificate cert = getCertificate(manager, tokenname, nValue); - + privKey = manager.findPrivKeyByCert(cert); - if( privKey == null ) { - System.out.println( "CMCRevoke::createRevokeReq() - " + - "privKey is null!" ); + if (privKey == null) { + System.out.println("CMCRevoke::createRevokeReq() - " + + "privKey is null!"); return ""; } - int bpid = 1; + int bpid = 1; // Add some control sequence // Verisign has transactionID,senderNonce SEQUENCE controlSeq = new SEQUENCE(); @@ -339,7 +340,7 @@ public class CMCRevoke { org.mozilla.jss.pkix.cmmf.RevRequest lRevokeRequest = new org.mozilla.jss.pkix.cmmf.RevRequest(new ANY((new X500Name(iValue)).getEncoded()), new INTEGER(sValue), //org.mozilla.jss.pkix.cmmf.RevRequest.unspecified, - new ENUMERATED((new Integer(mValue)). longValue()), + new ENUMERATED((new Integer(mValue)).longValue()), //new GeneralizedTime(new Date(lValue)), new OCTET_STRING(hValue.getBytes()), new UTF8String(cValue.toCharArray())); @@ -348,7 +349,7 @@ public class CMCRevoke { //org.mozilla.jss.pkix.cmmf.RevRequest revRequest = (org.mozilla.jss.pkix.cmmf.RevRequest) // template.decode(new java.io.ByteArrayInputStream( // encoded)); - + ByteArrayOutputStream os = new ByteArrayOutputStream(); //lRevokeRequest.encode(os); // khai TaggedAttribute revokeRequestTag = new TaggedAttribute(new INTEGER(bpid++), OBJECT_IDENTIFIER.id_cmc_revokeRequest, @@ -356,7 +357,7 @@ public class CMCRevoke { controlSeq.addElement(revokeRequestTag); PKIData pkidata = new PKIData(controlSeq, new SEQUENCE(), new SEQUENCE(), new SEQUENCE()); - + EncapsulatedContentInfo ci = new EncapsulatedContentInfo(OBJECT_IDENTIFIER.id_cct_PKIData, pkidata); // SHA1 is the default digest Alg for now. DigestAlgorithm digestAlg = null; @@ -371,7 +372,7 @@ public class CMCRevoke { try { SHADigest = MessageDigest.getInstance("SHA1"); digestAlg = DigestAlgorithm.SHA1; - + ByteArrayOutputStream ostream = new ByteArrayOutputStream(); pkidata.encode((OutputStream) ostream); @@ -383,7 +384,7 @@ public class CMCRevoke { SET signInfos = new SET(); signInfos.addElement(signInfo); - + SET digestAlgs = new SET(); if (digestAlg != null) { @@ -391,7 +392,7 @@ public class CMCRevoke { digestAlgs.addElement(ai); } - + org.mozilla.jss.crypto.X509Certificate[] agentChain = manager.buildCertificateChain(signerCert); SET certs = new SET(); @@ -403,16 +404,16 @@ public class CMCRevoke { SignedData req = new SignedData(digestAlgs, ci, certs, null, signInfos); fullEnrollmentReq = new ContentInfo(req); - + ByteArrayOutputStream bs = new ByteArrayOutputStream(); PrintStream ps = new PrintStream(bs); - + if (fullEnrollmentReq != null) { // format is PR_REQUEST_CMC fullEnrollmentReq.encode(os); ps.print(com.netscape.osutil.OSUtil.BtoA(os.toByteArray())); ////fullEnrollmentReq.print(ps); // no header/trailer - } + } asciiBASE64Blob = bs.toString(); } catch (Exception e) { diff --git a/pki/base/java-tools/src/com/netscape/cmstools/CRMFPopClient.java b/pki/base/java-tools/src/com/netscape/cmstools/CRMFPopClient.java index c2d22173..1e452a8a 100644 --- a/pki/base/java-tools/src/com/netscape/cmstools/CRMFPopClient.java +++ b/pki/base/java-tools/src/com/netscape/cmstools/CRMFPopClient.java @@ -69,49 +69,51 @@ import org.mozilla.jss.util.Password; import com.netscape.cmsutil.util.HMACDigest; - /** * A command-line utility used to generate a Certificate Request Message * Format (CRMF) request with proof of possesion (POP). - * + * * Usage: + * * <pre> * CRMFPopClient TOKEN_PWD * PROFILE_NAME HOST PORT USER_NAME REQUESTOR_NAME * POP_OPTION * SUBJECT_DN [OUTPUT_CERT_REQ] - * + * * --- or --- - * + * * CRMFPopClient TOKEN_PWD * POP_OPTION * OUTPUT_CERT_REQ SUBJECT_DN - * - * + * + * * where POP_OPTION can be [POP_SUCCESS or POP_FAIL or POP_NONE] * </pre> * <p> * Examples: + * * <pre> * CRMFPopClient password123 * caEncUserCert host.example.com 1026 MyUid MyUid * [POP_SUCCESS or POP_FAIL or POP_NONE] * CN=MyTest,C=US,UID=MyUid - * + * * --- or --- - * + * * CRMFPopClient password123 * caEncUserCert host.example.com 1026 joe joe * [POP_SUCCESS or POP_FAIL or POP_NONE] * CN=MyTest,C=US,UID=MyUid OUTPUT_CERT_REQ - * + * * --- or --- - * + * * CRMFPopClient password123 * [POP_SUCCESS or POP_FAIL or POP_NONE] * OUTPUT_CERT_REQ CN=MyTest,C=US,UID=MyUid * </pre> * <p> + * * <pre> * IMPORTANT: The file "transport.txt" needs to be created to contain the * transport certificate in its base64 encoded format. This @@ -119,543 +121,499 @@ import com.netscape.cmsutil.util.HMACDigest; * in base64 encoded format with the header and footer removed. * </pre> * <p> + * * @version $Revision$, $Date$ */ -public class CRMFPopClient -{ - - private static void usage() - { - System.out.println(""); - System.out.println("Description: A command-line utility used to generate a"); - System.out.println(" Certificate Request Message Format (CRMF)"); - System.out.println(" request with proof of possesion (POP).\n\n"); - System.out.println("Usage:"); - System.out.println(""); - System.out.println(" CRMFPopClient TOKEN_PWD"); - System.out.println(" PROFILE_NAME HOST PORT USER_NAME REQUESTOR_NAME"); - System.out.println(" POP_OPTION"); - System.out.println(" SUBJECT_DN [OUTPUT_CERT_REQ] \n"); - System.out.println(" --- or ---\n"); - System.out.println(" CRMFPopClient TOKEN_PWD"); - System.out.println(" POP_OPTION"); - System.out.println(" OUTPUT_CERT_REQ SUBJECT_DN\n\n"); - System.out.println(" where POP_OPTION can be [POP_SUCCESS or POP_FAIL or POP_NONE]\n\n"); - System.out.println("Examples:"); - System.out.println(""); - System.out.println(" CRMFPopClient password123"); - System.out.println(" caEncUserCert host.example.com 1026 MyUid MyUid"); - System.out.println(" [POP_SUCCESS or POP_FAIL or POP_NONE]"); - System.out.println(" CN=MyTest,C=US,UID=MyUid\n"); - System.out.println(" --- or ---\n"); - System.out.println(" CRMFPopClient password123"); - System.out.println(" caEncUserCert host.example.com 1026 MyUid myUid"); - System.out.println(" [POP_SUCCESS or POP_FAIL or POP_NONE]"); - System.out.println(" CN=MyTest,C=US,UID=MyUid OUTPUT_CERT_REQ\n"); - System.out.println(" --- or ---\n"); - System.out.println(" CRMFPopClient password123"); - System.out.println(" [POP_SUCCESS or POP_FAIL or POP_NONE]"); - System.out.println(" OUTPUT_CERT_REQ CN=MyTest,C=US,UID=MyUid"); - System.out.println("\n"); - System.out.println("IMPORTANT: The file \"transport.txt\" needs to be created to contain the"); - System.out.println(" transport certificate in its base64 encoded format. This"); - System.out.println(" file should consist of one line containing a single certificate"); - System.out.println(" in base64 encoded format with the header and footer removed.\n"); - } - private static int getRealArgsLength(String args[]) - { - - int len = args.length; - - String curArg = ""; - int finalLen = len; - - for(int i = 0; i < len; i++) - { +public class CRMFPopClient { + + private static void usage() { + System.out.println(""); + System.out.println("Description: A command-line utility used to generate a"); + System.out.println(" Certificate Request Message Format (CRMF)"); + System.out.println(" request with proof of possesion (POP).\n\n"); + System.out.println("Usage:"); + System.out.println(""); + System.out.println(" CRMFPopClient TOKEN_PWD"); + System.out.println(" PROFILE_NAME HOST PORT USER_NAME REQUESTOR_NAME"); + System.out.println(" POP_OPTION"); + System.out.println(" SUBJECT_DN [OUTPUT_CERT_REQ] \n"); + System.out.println(" --- or ---\n"); + System.out.println(" CRMFPopClient TOKEN_PWD"); + System.out.println(" POP_OPTION"); + System.out.println(" OUTPUT_CERT_REQ SUBJECT_DN\n\n"); + System.out.println(" where POP_OPTION can be [POP_SUCCESS or POP_FAIL or POP_NONE]\n\n"); + System.out.println("Examples:"); + System.out.println(""); + System.out.println(" CRMFPopClient password123"); + System.out.println(" caEncUserCert host.example.com 1026 MyUid MyUid"); + System.out.println(" [POP_SUCCESS or POP_FAIL or POP_NONE]"); + System.out.println(" CN=MyTest,C=US,UID=MyUid\n"); + System.out.println(" --- or ---\n"); + System.out.println(" CRMFPopClient password123"); + System.out.println(" caEncUserCert host.example.com 1026 MyUid myUid"); + System.out.println(" [POP_SUCCESS or POP_FAIL or POP_NONE]"); + System.out.println(" CN=MyTest,C=US,UID=MyUid OUTPUT_CERT_REQ\n"); + System.out.println(" --- or ---\n"); + System.out.println(" CRMFPopClient password123"); + System.out.println(" [POP_SUCCESS or POP_FAIL or POP_NONE]"); + System.out.println(" OUTPUT_CERT_REQ CN=MyTest,C=US,UID=MyUid"); + System.out.println("\n"); + System.out.println("IMPORTANT: The file \"transport.txt\" needs to be created to contain the"); + System.out.println(" transport certificate in its base64 encoded format. This"); + System.out.println(" file should consist of one line containing a single certificate"); + System.out.println(" in base64 encoded format with the header and footer removed.\n"); + } + + private static int getRealArgsLength(String args[]) { + + int len = args.length; + + String curArg = ""; + int finalLen = len; + + for (int i = 0; i < len; i++) { + + curArg = args[i]; + // System.out.println("arg[" + i + "] " + curArg); + + if (curArg == null || curArg.equalsIgnoreCase("")) { + finalLen--; + } - curArg = args[i]; - // System.out.println("arg[" + i + "] " + curArg); + } + //System.out.println("getRealArgsLength: returning " + finalLen); - if(curArg == null || curArg.equalsIgnoreCase("")) { - finalLen --; - } + if (finalLen < 0) + finalLen = 0; - } + return finalLen; - //System.out.println("getRealArgsLength: returning " + finalLen); + } - if(finalLen < 0) - finalLen = 0; + public static void main(String args[]) { + String USER_PREFIX = "user"; + int argsLen = getRealArgsLength(args); - return finalLen; + // System.out.println("args length " + argsLen); + System.out.println("\n\nProof Of Possession Utility...."); + System.out.println(""); + if (argsLen == 0 || (argsLen != 8 && argsLen != 9 && argsLen != 10 && argsLen != 4)) { + usage(); + return; } - public static void main(String args[]) - { - String USER_PREFIX = "user"; - - - int argsLen = getRealArgsLength(args); - - // System.out.println("args length " + argsLen); + String DB_DIR = "./"; + String TOKEN_PWD = args[0]; + int KEY_LEN = 1024; - System.out.println("\n\nProof Of Possession Utility...."); - System.out.println(""); + int PORT = 0; + String USER_NAME = null; + String REQUESTOR_NAME = null; + String PROFILE_NAME = null; - if(argsLen == 0 || (argsLen != 8 && argsLen != 9 && argsLen !=10 && argsLen != 4)) - { - usage(); - return; - } + String HOST = null; + String SUBJ_DN = null; - String DB_DIR = "./"; - String TOKEN_PWD = args[0]; - int KEY_LEN = 1024; + if (argsLen >= 8) { + PROFILE_NAME = args[1]; + HOST = args[2]; + PORT = Integer.parseInt(args[3]); - int PORT = 0; - String USER_NAME = null; - String REQUESTOR_NAME = null; - String PROFILE_NAME = null; - - String HOST = null; - String SUBJ_DN = null; - - if(argsLen >= 8) - { - PROFILE_NAME = args[1]; - HOST = args[2]; - - PORT = Integer.parseInt(args[3]); + USER_NAME = args[4]; + REQUESTOR_NAME = args[5]; - USER_NAME = args[4]; - REQUESTOR_NAME = args[5]; + SUBJ_DN = args[7]; - SUBJ_DN = args[7]; - - } - - String POP_OPTION = null; - String OUTPUT_CERT_REQ = null; - - if(argsLen == 4) - POP_OPTION = args[1]; - else - POP_OPTION = args[6]; + } + String POP_OPTION = null; + String OUTPUT_CERT_REQ = null; - int doServerHit = 1; + if (argsLen == 4) + POP_OPTION = args[1]; + else + POP_OPTION = args[6]; - if(argsLen >= 9) { - OUTPUT_CERT_REQ = args[8]; - } + int doServerHit = 1; - if(argsLen == 4) - { - doServerHit = 0; - OUTPUT_CERT_REQ = args[2]; - SUBJ_DN = args[3]; - } + if (argsLen >= 9) { + OUTPUT_CERT_REQ = args[8]; + } + if (argsLen == 4) { + doServerHit = 0; + OUTPUT_CERT_REQ = args[2]; + SUBJ_DN = args[3]; + } - int dont_do_pop = 0; + int dont_do_pop = 0; - if(POP_OPTION.equals("POP_NONE")) - { - dont_do_pop = 1; - } + if (POP_OPTION.equals("POP_NONE")) { + dont_do_pop = 1; + } - URL url = null; - URLConnection conn = null; - InputStream is = null; - BufferedReader reader = null; - boolean success = false; - int num = 1; - long total_time = 0; - KeyPair pair = null; + URL url = null; + URLConnection conn = null; + InputStream is = null; + BufferedReader reader = null; + boolean success = false; + int num = 1; + long total_time = 0; + KeyPair pair = null; + + boolean foundTransport = false; + String transportCert = null; + try { + BufferedReader br = new BufferedReader(new FileReader("./transport.txt")); + transportCert = br.readLine(); + foundTransport = true; + } catch (Exception e) { + System.out.println("ERROR: cannot find ./transport.txt, so no key archival"); + + return; + } + try { + CryptoManager.initialize(DB_DIR); + } catch (Exception e) { + // it is ok if it is already initialized + System.out.println("INITIALIZATION ERROR: " + e.toString()); + // return; + } - boolean foundTransport = false; - String transportCert = null; + try { + CryptoManager manager = CryptoManager.getInstance(); + String token_pwd = TOKEN_PWD; + CryptoToken token = manager.getInternalKeyStorageToken(); + Password password = new Password(token_pwd.toCharArray()); try { - BufferedReader br = new BufferedReader(new FileReader("./transport.txt")); - transportCert = br.readLine(); - foundTransport = true; + token.login(password); } catch (Exception e) { - System.out.println("ERROR: cannot find ./transport.txt, so no key archival"); - - return; - } - - - - try { - CryptoManager.initialize( DB_DIR ); - } catch (Exception e) { - // it is ok if it is already initialized - System.out.println("INITIALIZATION ERROR: " + e.toString()); - // return; + //System.out.println("login Exception: " + e.toString()); + if (!token.isLoggedIn()) { + token.initPassword(password, password); + } } + System.out.println("."); //"done with cryptomanager"); - try { - CryptoManager manager = CryptoManager.getInstance(); - String token_pwd = TOKEN_PWD; - CryptoToken token = manager.getInternalKeyStorageToken(); - Password password = new Password(token_pwd.toCharArray()); - try { - token.login(password); - } catch (Exception e) { - //System.out.println("login Exception: " + e.toString()); - if (!token.isLoggedIn()) { - token.initPassword(password, password); - } - } - - System.out.println("."); //"done with cryptomanager"); + KeyPairGenerator kg = token.getKeyPairGenerator( + KeyPairAlgorithm.RSA); + kg.initialize(KEY_LEN); - KeyPairGenerator kg = token.getKeyPairGenerator( - KeyPairAlgorithm.RSA); - kg.initialize(KEY_LEN); + String profileName = PROFILE_NAME; + pair = kg.genKeyPair(); - String profileName = PROFILE_NAME; - pair = kg.genKeyPair(); + System.out.println("."); //key pair generated"); - System.out.println("."); //key pair generated"); + // wrap private key + byte transport[] = com.netscape.osutil.OSUtil.AtoB(transportCert); - // wrap private key - byte transport[] = com.netscape.osutil.OSUtil.AtoB(transportCert); + X509Certificate tcert = manager.importCACertPackage(transport); - X509Certificate tcert = manager.importCACertPackage(transport); + byte iv[] = { 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1 }; - byte iv[] = {0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1}; + KeyGenerator kg1 = token.getKeyGenerator(KeyGenAlgorithm.DES3); + SymmetricKey sk = kg1.generate(); - KeyGenerator kg1 = token.getKeyGenerator(KeyGenAlgorithm.DES3); - SymmetricKey sk = kg1.generate(); + System.out.println("."); //before KeyWrapper"); - System.out.println("."); //before KeyWrapper"); + // wrap private key using session + KeyWrapper wrapper1 = + token.getKeyWrapper(KeyWrapAlgorithm.DES3_CBC_PAD); - // wrap private key using session - KeyWrapper wrapper1 = - token.getKeyWrapper(KeyWrapAlgorithm.DES3_CBC_PAD); + System.out.println("."); //key wrapper created"); - System.out.println("."); //key wrapper created"); + wrapper1.initWrap(sk, new IVParameterSpec(iv)); - wrapper1.initWrap(sk, new IVParameterSpec(iv)); + System.out.println("."); //key wrapper inited"); + byte key_data[] = wrapper1.wrap((org.mozilla.jss.crypto.PrivateKey) pair.getPrivate()); - System.out.println("."); //key wrapper inited"); - byte key_data[] = wrapper1.wrap((org.mozilla.jss.crypto.PrivateKey)pair.getPrivate()); + System.out.println("."); //key wrapper wrapped"); - System.out.println("."); //key wrapper wrapped"); + // wrap session using transport + KeyWrapper rsaWrap = token.getKeyWrapper( + KeyWrapAlgorithm.RSA); - // wrap session using transport - KeyWrapper rsaWrap = token.getKeyWrapper( - KeyWrapAlgorithm.RSA); + System.out.println("."); //got rsaWrapper"); - System.out.println("."); //got rsaWrapper"); + rsaWrap.initWrap(tcert.getPublicKey(), null); - rsaWrap.initWrap(tcert.getPublicKey(), null); + System.out.println("."); //rsaWrap inited"); - System.out.println("."); //rsaWrap inited"); + byte session_data[] = rsaWrap.wrap(sk); - byte session_data[] = rsaWrap.wrap(sk); + System.out.println("."); //rsaWrapped"); - System.out.println("."); //rsaWrapped"); - - try { - // create CRMF - CertTemplate certTemplate = new CertTemplate(); - certTemplate.setVersion(new INTEGER(2)); - - Name n1 = getJssName(SUBJ_DN); - - - Name n = new Name(); - - n.addCommonName("Me"); - n.addCountryName("US"); - n.addElement(new AVA(new OBJECT_IDENTIFIER("0.9.2342.19200300.100.1.1"), new PrintableString("MyUid"))); + try { + // create CRMF + CertTemplate certTemplate = new CertTemplate(); + certTemplate.setVersion(new INTEGER(2)); + + Name n1 = getJssName(SUBJ_DN); + + Name n = new Name(); + + n.addCommonName("Me"); + n.addCountryName("US"); + n.addElement(new AVA(new OBJECT_IDENTIFIER("0.9.2342.19200300.100.1.1"), new PrintableString("MyUid"))); + + if (n1 != null) + certTemplate.setSubject(n1); + else + certTemplate.setSubject(n); + + certTemplate.setPublicKey(new SubjectPublicKeyInfo(pair.getPublic())); + // set extension + AlgorithmIdentifier algS = new AlgorithmIdentifier(new OBJECT_IDENTIFIER("1.2.840.113549.3.7"), new OCTET_STRING(iv)); + EncryptedValue encValue = new EncryptedValue(null, algS, new BIT_STRING(session_data, 0), null, null, new BIT_STRING(key_data, 0)); + EncryptedKey key = new EncryptedKey(encValue); + PKIArchiveOptions opt = new PKIArchiveOptions(key); + SEQUENCE seq = new SEQUENCE(); + if (foundTransport) { + seq.addElement(new AVA(new OBJECT_IDENTIFIER("1.3.6.1.5.5.7.5.1.4"), opt)); + } - if(n1 != null) - certTemplate.setSubject(n1); - else - certTemplate.setSubject(n); + // Add idPOPLinkWitness control + String secretValue = "testing"; + byte[] key1 = null; + byte[] finalDigest = null; + try { + MessageDigest SHA1Digest = MessageDigest.getInstance("SHA1"); + key1 = SHA1Digest.digest(secretValue.getBytes()); + } catch (NoSuchAlgorithmException ex) { + } - certTemplate.setPublicKey(new SubjectPublicKeyInfo(pair.getPublic())); - // set extension - AlgorithmIdentifier algS = new AlgorithmIdentifier(new OBJECT_IDENTIFIER("1.2.840.113549.3.7"), new OCTET_STRING(iv)); - EncryptedValue encValue = new EncryptedValue(null, algS, new BIT_STRING(session_data, 0),null, null,new BIT_STRING(key_data, 0)); - EncryptedKey key = new EncryptedKey(encValue); - PKIArchiveOptions opt = new PKIArchiveOptions(key); - SEQUENCE seq = new SEQUENCE(); - if (foundTransport) { - seq.addElement(new AVA(new OBJECT_IDENTIFIER("1.3.6.1.5.5.7.5.1.4"),opt)); - } - + /* Example of adding the POP link witness control to CRMF */ + byte[] b = + { 0x10, 0x53, 0x42, 0x24, 0x1a, 0x2a, 0x35, 0x3c, + 0x7a, 0x52, 0x54, 0x56, 0x71, 0x65, 0x66, 0x4c, + 0x51, 0x34, 0x35, 0x23, 0x3c, 0x42, 0x43, 0x45, + 0x61, 0x4f, 0x6e, 0x43, 0x1e, 0x2a, 0x2b, 0x31, + 0x32, 0x34, 0x35, 0x36, 0x55, 0x51, 0x48, 0x14, + 0x16, 0x29, 0x41, 0x42, 0x43, 0x7b, 0x63, 0x44, + 0x6a, 0x12, 0x6b, 0x3c, 0x4c, 0x3f, 0x00, 0x14, + 0x51, 0x61, 0x15, 0x22, 0x23, 0x5f, 0x5e, 0x69 }; - // Add idPOPLinkWitness control - String secretValue = "testing"; - byte[] key1 = null; - byte[] finalDigest = null; - try { - MessageDigest SHA1Digest = MessageDigest.getInstance("SHA1"); - key1 = SHA1Digest.digest(secretValue.getBytes()); - } catch (NoSuchAlgorithmException ex) { - } + try { + MessageDigest SHA1Digest = MessageDigest.getInstance("SHA1"); + HMACDigest hmacDigest = new HMACDigest(SHA1Digest, key1); + hmacDigest.update(b); + finalDigest = hmacDigest.digest(); + } catch (NoSuchAlgorithmException ex) { + } -/* Example of adding the POP link witness control to CRMF */ -byte[] b = -{0x10, 0x53, 0x42, 0x24, 0x1a, 0x2a, 0x35, 0x3c, - 0x7a, 0x52, 0x54, 0x56, 0x71, 0x65, 0x66, 0x4c, - 0x51, 0x34, 0x35, 0x23, 0x3c, 0x42, 0x43, 0x45, - 0x61, 0x4f, 0x6e, 0x43, 0x1e, 0x2a, 0x2b, 0x31, - 0x32, 0x34, 0x35, 0x36, 0x55, 0x51, 0x48, 0x14, - 0x16, 0x29, 0x41, 0x42, 0x43, 0x7b, 0x63, 0x44, - 0x6a, 0x12, 0x6b, 0x3c, 0x4c, 0x3f, 0x00, 0x14, - 0x51, 0x61, 0x15, 0x22, 0x23, 0x5f, 0x5e, 0x69}; + OCTET_STRING ostr = new OCTET_STRING(finalDigest); + seq.addElement(new AVA(OBJECT_IDENTIFIER.id_cmc_idPOPLinkWitness, ostr)); + CertRequest certReq = new CertRequest(new INTEGER(1), certTemplate, seq); - try { - MessageDigest SHA1Digest = MessageDigest.getInstance("SHA1"); - HMACDigest hmacDigest = new HMACDigest(SHA1Digest, key1); - hmacDigest.update(b); - finalDigest = hmacDigest.digest(); - } catch (NoSuchAlgorithmException ex) { - } - + System.out.println("."); //CertRequest created"); - OCTET_STRING ostr = new OCTET_STRING(finalDigest); - seq.addElement(new AVA(OBJECT_IDENTIFIER.id_cmc_idPOPLinkWitness, ostr)); - CertRequest certReq = new CertRequest(new INTEGER(1), certTemplate, seq); + ByteArrayOutputStream bo = new ByteArrayOutputStream(); + certReq.encode(bo); + byte[] toBeVerified = bo.toByteArray(); - System.out.println("."); //CertRequest created"); + byte popdata[] = ASN1Util.encode(certReq); + byte signature[]; + System.out.println("."); //CertRequest encoded"); - ByteArrayOutputStream bo = new ByteArrayOutputStream(); - certReq.encode(bo); - byte[] toBeVerified = bo.toByteArray(); - - byte popdata[] = ASN1Util.encode(certReq); - byte signature[]; + Signature signer = token.getSignatureContext( + SignatureAlgorithm.RSASignatureWithMD5Digest); - System.out.println("."); //CertRequest encoded"); + System.out.println("."); //signer created"); - Signature signer = token.getSignatureContext( - SignatureAlgorithm.RSASignatureWithMD5Digest); + signer.initSign((org.mozilla.jss.crypto.PrivateKey) pair.getPrivate()); - System.out.println("."); //signer created"); + System.out.println("."); //signer inited"); - signer.initSign((org.mozilla.jss.crypto.PrivateKey)pair.getPrivate()); + System.out.println("."); //FAIL_OR_SUCC " + FAIL_OR_SUCC); - System.out.println("."); //signer inited"); + if (POP_OPTION.equals("POP_SUCCESS")) { + System.out.println("Generating Legal POP Data....."); + signer.update(toBeVerified); + } else if (POP_OPTION.equals("POP_FAIL")) { + System.out.println("Generating Illegal POP Data....."); + signer.update(iv); + } else if (dont_do_pop == 1) { + System.out.println("Generating NO POP Data....."); + } - System.out.println("."); //FAIL_OR_SUCC " + FAIL_OR_SUCC); + System.out.println("."); //signer updated"); - if(POP_OPTION.equals("POP_SUCCESS")) - { - System.out.println("Generating Legal POP Data....."); - signer.update(toBeVerified); - } - else if(POP_OPTION.equals("POP_FAIL")) - { - System.out.println("Generating Illegal POP Data....."); - signer.update(iv); - } - else if(dont_do_pop == 1) - { - System.out.println("Generating NO POP Data....."); - } + CertReqMsg crmfMsg = null; - System.out.println("."); //signer updated"); + if (dont_do_pop == 0) { + signature = signer.sign(); - CertReqMsg crmfMsg = null; + System.out.println("Signature completed..."); + System.out.println(""); - if(dont_do_pop == 0) - { - signature = signer.sign(); + AlgorithmIdentifier algID = + new AlgorithmIdentifier(SignatureAlgorithm.RSASignatureWithMD5Digest.toOID(), null); + POPOSigningKey popoKey = new POPOSigningKey(null, algID, new BIT_STRING(signature, 0)); - System.out.println("Signature completed..."); - System.out.println(""); + ProofOfPossession pop = ProofOfPossession.createSignature(popoKey); - - AlgorithmIdentifier algID = - new AlgorithmIdentifier(SignatureAlgorithm.RSASignatureWithMD5Digest.toOID(), null ); - POPOSigningKey popoKey = new POPOSigningKey(null,algID, new BIT_STRING(signature,0)); + crmfMsg = new CertReqMsg(certReq, pop, null); - ProofOfPossession pop = ProofOfPossession.createSignature(popoKey); + } else { + crmfMsg = new CertReqMsg(certReq, null, null); - crmfMsg = new CertReqMsg(certReq, pop, null); + } - } - else - { - crmfMsg = new CertReqMsg(certReq, null, null); + //crmfMsg.verify(); - } + SEQUENCE s1 = new SEQUENCE(); + s1.addElement(crmfMsg); + byte encoded[] = ASN1Util.encode(s1); - //crmfMsg.verify(); + String Req1 = com.netscape.osutil.OSUtil.BtoA(encoded); - SEQUENCE s1 = new SEQUENCE(); - s1.addElement(crmfMsg); - byte encoded[] = ASN1Util.encode(s1); + if (OUTPUT_CERT_REQ != null) { + System.out.println("Generated Cert Request: ...... "); + System.out.println(""); - String Req1 = com.netscape.osutil.OSUtil.BtoA(encoded); + System.out.println(Req1); + System.out.println(""); + System.out.println("End Request:"); - if(OUTPUT_CERT_REQ != null) - { - System.out.println("Generated Cert Request: ...... "); - System.out.println(""); + if (doServerHit == 0) + return; + } - System.out.println(Req1); - System.out.println(""); - System.out.println("End Request:"); + String Req = URLEncoder.encode(Req1); - if(doServerHit == 0) - return; - } - - String Req = URLEncoder.encode(Req1); + // post PKCS10 - // post PKCS10 + url = new URL("http://" + HOST + ":" + PORT + "/ca/ee/ca/profileSubmit?cert_request_type=crmf&cert_request=" + Req + "&renewal=false&uid=" + USER_NAME + "&xmlOutput=false&&profileId=" + profileName + "&sn_uid=" + USER_NAME + "&SubId=profile&requestor_name=" + REQUESTOR_NAME); + //System.out.println("Posting " + url); - url = new URL("http://" + HOST + ":" + PORT + "/ca/ee/ca/profileSubmit?cert_request_type=crmf&cert_request=" + Req + "&renewal=false&uid=" + USER_NAME + "&xmlOutput=false&&profileId=" + profileName + "&sn_uid=" + USER_NAME +"&SubId=profile&requestor_name="+ REQUESTOR_NAME); - //System.out.println("Posting " + url); + System.out.println(""); + System.out.println("Server Response....."); + System.out.println("--------------------"); + System.out.println(""); - System.out.println(""); - System.out.println("Server Response....."); - System.out.println("--------------------"); + long start_time = (new Date()).getTime(); + conn = url.openConnection(); + is = conn.getInputStream(); + reader = new BufferedReader(new InputStreamReader(is)); + String line = null; + while ((line = reader.readLine()) != null) { + System.out.println(line); + if (line.equals("CMS Enroll Request Success")) { + success = true; + System.out.println("Enrollment Successful: ......"); System.out.println(""); + } + } /* while */ + long end_time = (new Date()).getTime(); + total_time += (end_time - start_time); + } catch (Exception e) { + System.out.println("WARNING: " + e.toString()); + e.printStackTrace(); + } + } catch (Exception e) { + System.out.println("ERROR: " + e.toString()); + e.printStackTrace(); + } + } - long start_time = (new Date()).getTime(); - conn = url.openConnection(); - is = conn.getInputStream(); - reader = new BufferedReader(new InputStreamReader(is)); - String line = null; - while ((line = reader.readLine()) != null) { - System.out.println(line); - if (line.equals("CMS Enroll Request Success")) { - success = true; - System.out.println("Enrollment Successful: ......"); - System.out.println(""); - } - } /* while */ - long end_time = (new Date()).getTime(); - total_time += (end_time - start_time); - } catch (Exception e) { - System.out.println("WARNING: " + e.toString()); - e.printStackTrace(); - } - } catch (Exception e) { - System.out.println("ERROR: " + e.toString()); - e.printStackTrace(); - } - } - - static Name getJssName(String dn) - { - - X500Name x5Name = null; + static Name getJssName(String dn) { - try { - x5Name= new X500Name(dn); + X500Name x5Name = null; - } catch(IOException e) { + try { + x5Name = new X500Name(dn); - System.out.println("Illegal Subject Name: " + dn + " Error: " + e.toString()); - System.out.println("Filling in default Subject Name......"); - return null; - } + } catch (IOException e) { - Name ret = new Name(); + System.out.println("Illegal Subject Name: " + dn + " Error: " + e.toString()); + System.out.println("Filling in default Subject Name......"); + return null; + } - netscape.security.x509.RDN[] names = null; + Name ret = new Name(); - names = x5Name.getNames(); + netscape.security.x509.RDN[] names = null; - int nameLen = x5Name.getNamesLength(); + names = x5Name.getNames(); - // System.out.println("x5Name len: " + nameLen); + int nameLen = x5Name.getNamesLength(); - netscape.security.x509.RDN cur = null; + // System.out.println("x5Name len: " + nameLen); - for(int i = 0; i < nameLen ; i++) - { - cur = names[i]; + netscape.security.x509.RDN cur = null; - String rdnStr = cur.toString(); + for (int i = 0; i < nameLen; i++) { + cur = names[i]; + String rdnStr = cur.toString(); - String[] split = rdnStr.split("="); + String[] split = rdnStr.split("="); - if(split.length != 2) - continue; + if (split.length != 2) + continue; - try { + try { - if(split[0].equals("UID")) - { + if (split[0].equals("UID")) { - ret.addElement(new AVA(new OBJECT_IDENTIFIER("0.9.2342.19200300.100.1.1"), new PrintableString(split[1]))); - // System.out.println("UID found : " + split[1]); + ret.addElement(new AVA(new OBJECT_IDENTIFIER("0.9.2342.19200300.100.1.1"), new PrintableString(split[1]))); + // System.out.println("UID found : " + split[1]); } - if(split[0].equals("C")) - { - ret.addCountryName(split[1]); - // System.out.println("C found : " + split[1]); - continue; - - } + if (split[0].equals("C")) { + ret.addCountryName(split[1]); + // System.out.println("C found : " + split[1]); + continue; - if(split[0].equals("CN")) - { - ret.addCommonName(split[1]); - // System.out.println("CN found : " + split[1]); - continue; } - if(split[0].equals("L")) - { - ret.addLocalityName(split[1]); - // System.out.println("L found : " + split[1]); - continue; + if (split[0].equals("CN")) { + ret.addCommonName(split[1]); + // System.out.println("CN found : " + split[1]); + continue; } - if(split[0].equals("O")) - { - ret.addOrganizationName(split[1]); - // System.out.println("O found : " + split[1]); - continue; + if (split[0].equals("L")) { + ret.addLocalityName(split[1]); + // System.out.println("L found : " + split[1]); + continue; } - if(split[0].equals("ST")) - { - ret.addStateOrProvinceName(split[1]); - // System.out.println("ST found : " + split[1]); - continue; + if (split[0].equals("O")) { + ret.addOrganizationName(split[1]); + // System.out.println("O found : " + split[1]); + continue; } - if(split[0].equals("OU")) - { - ret.addOrganizationalUnitName(split[1]); - // System.out.println("OU found : " + split[1]); - continue; + if (split[0].equals("ST")) { + ret.addStateOrProvinceName(split[1]); + // System.out.println("ST found : " + split[1]); + continue; } - } catch (Exception e) { - System.out.println("Error constructing RDN: " + rdnStr + " Error: " + e.toString()); + if (split[0].equals("OU")) { + ret.addOrganizationalUnitName(split[1]); + // System.out.println("OU found : " + split[1]); continue; } + } catch (Exception e) { + System.out.println("Error constructing RDN: " + rdnStr + " Error: " + e.toString()); - + continue; } - return ret; + } + return ret; - } + } } diff --git a/pki/base/java-tools/src/com/netscape/cmstools/DRMTool.java b/pki/base/java-tools/src/com/netscape/cmstools/DRMTool.java index 20dfb42e..3b0e8b1f 100644 --- a/pki/base/java-tools/src/com/netscape/cmstools/DRMTool.java +++ b/pki/base/java-tools/src/com/netscape/cmstools/DRMTool.java @@ -68,28 +68,29 @@ import org.mozilla.jss.util.Password; /** * The DRMTool class is a utility program designed to operate on an LDIF file * to perform one or more of the following tasks: + * * <PRE> * (A) Use a new storage key (e. g. - a 2048-bit key to replace a * 1024-bit key) to rewrap the existing triple DES symmetric key * that was used to wrap a user's private key. - * + * * STARTING INVENTORY: - * + * * (1) a DRMTOOL configuration file containing DRM LDIF record * types and the processing status of their associated fields - * + * * (2) an LDIF file containing 'exported' DRM data * (referred to as the "source" DRM) - * + * * NOTE: If this LDIF file contains data that was originally * from a DRM instance that was prior to RHCS 8, it * must have previously undergone the appropriate * migration steps. - * + * * (3) the NSS security databases (e. g. - cert8.db, key3.db, * and secmod.db) associated with the data contained in * the source LDIF file - * + * * NOTE: If the storage key was located on an HSM, then the * HSM must be available to the machine on which the * DRMTool is being executed (since the RSA private @@ -98,301 +99,302 @@ import org.mozilla.jss.util.Password; * password may be required to unlock access to * this key (e. g. - which may be located in * the source DRM's 'password.conf' file). - * + * * (4) a file containing the ASCII BASE-64 storage certificate * from the DRM instance for which the output LDIF file is * intended (referred to as the "target") - * + * * ENDING INVENTORY: - * + * * (1) all items listed in the STARTING INVENTORY (unchanged) - * + * * (2) a log file containing information suitable for audit * purposes - * + * * (3) an LDIF file containing the revised data suitable for * 'import' into a new DRM (referred to as the "target" DRM) - * + * * DRMTool PARAMETERS: - * + * * (1) the name of the DRMTOOL configuration file containing * DRM LDIF record types and the processing status of their * associated fields - * + * * (2) the name of the input LDIF file containing data which was * 'exported' from the source DRM instance - * + * * (3) the name of the output LDIF file intended to contain the * revised data suitable for 'import' to a target DRM instance - * + * * (4) the name of the log file that may be used for auditing * purposes - * + * * (5) the path to the security databases that were used by * the source DRM instance - * + * * (6) the name of the token that was used by * the source DRM instance - * + * * (7) the name of the storage certificate that was used by * the source DRM instance - * + * * (8) the name of the file containing the ASCII BASE-64 storage * certificate from the target DRM instance for which the * output LDIF file is intended - * + * * (9) OPTIONALLY, the name of a file which ONLY contains the * password needed to access the source DRM instance's * security databases - * + * * (10) OPTIONALLY, choose to change the specified source DRM naming * context to the specified target DRM naming context - * + * * (11) OPTIONALLY, choose to ONLY process CA enrollment requests, * CA recovery requests, CA key records, TPS netkeyKeygen * enrollment requests, TPS recovery requests, and * TPS key records - * + * * DATA FIELDS AFFECTED (using default config file values): - * + * * (1) CA DRM enrollment request - * + * * (a) dateOfModify * (b) extdata-requestnotes - * + * * (2) CA DRM key record - * + * * (a) dateOfModify * (b) privateKeyData - * + * * (3) CA DRM recovery request - * + * * (a) dateOfModify * (b) extdata-requestnotes (NEW) - * + * * (4) TPS DRM netkeyKeygen (enrollment) request - * + * * (a) dateOfModify * (b) extdata-requestnotes (NEW) - * + * * (5) TPS DRM key record - * + * * (a) dateOfModify * (b) privateKeyData - * + * * (6) TPS DRM recovery request - * + * * (a) dateOfModify * (b) extdata-requestnotes (NEW) - * + * * (B) Specify an ID offset to append to existing numeric data * (e. g. - to renumber data for use in DRM consolidation efforts). - * + * * STARTING INVENTORY: - * + * * (1) a DRMTOOL configuration file containing DRM LDIF record * types and the processing status of their associated fields - * + * * (2) an LDIF file containing 'exported' DRM data * (referred to as the "source" DRM) - * + * * NOTE: If this LDIF file contains data that was originally * from a DRM instance that was prior to RHCS 8, it * must have previously undergone the appropriate * migration steps. - * + * * ENDING INVENTORY: - * + * * (1) all items listed in the STARTING INVENTORY (unchanged) - * + * * (2) a log file containing information suitable for audit * purposes - * + * * (3) an LDIF file containing the revised data suitable for * 'import' into a new DRM (referred to as the "target" DRM) - * + * * DRMTool PARAMETERS: - * + * * (1) the name of the DRMTOOL configuration file containing * DRM LDIF record types and the processing status of their * associated fields - * + * * (2) the name of the input LDIF file containing data which was * 'exported' from the source DRM instance - * + * * (3) the name of the output LDIF file intended to contain the * revised data suitable for 'import' to a target DRM instance - * + * * (4) the name of the log file that may be used for auditing * purposes - * + * * (5) a large numeric ID offset (mask) to be appended to existing * numeric data in the source DRM instance's LDIF file - * + * * (6) OPTIONALLY, choose to change the specified source DRM naming * context to the specified target DRM naming context - * + * * (7) OPTIONALLY, choose to ONLY process CA enrollment requests, * CA recovery requests, CA key records, TPS netkeyKeygen * enrollment requests, TPS recovery requests, and * TPS key records - * + * * DATA FIELDS AFFECTED (using default config file values): - * + * * (1) CA DRM enrollment request - * + * * (a) cn * (b) dateOfModify * (c) extdata-keyrecord * (d) extdata-requestnotes * (e) requestId - * + * * (2) CA DRM key record - * + * * (a) cn * (b) dateOfModify * (c) serialno - * + * * (3) CA DRM recovery request - * + * * (a) cn * (b) dateOfModify * (c) extdata-requestid * (d) extdata-requestnotes (NEW) * (e) extdata-serialnumber * (f) requestId - * + * * (4) TPS DRM netkeyKeygen (enrollment) request - * + * * (a) cn * (b) dateOfModify * (c) extdata-keyrecord * (d) extdata-requestid * (e) extdata-requestnotes (NEW) * (f) requestId - * + * * (5) TPS DRM key record - * + * * (a) cn * (b) dateOfModify * (c) serialno - * + * * (6) TPS DRM recovery request - * + * * (a) cn * (b) dateOfModify * (c) extdata-requestid * (d) extdata-requestnotes (NEW) * (e) extdata-serialnumber * (f) requestId - * + * * (C) Specify an ID offset to be removed from existing numeric data * (e. g. - to undo renumbering used in DRM consolidation efforts). - * + * * STARTING INVENTORY: - * + * * (1) a DRMTOOL configuration file containing DRM LDIF record * types and the processing status of their associated fields - * + * * (2) an LDIF file containing 'exported' DRM data * (referred to as the "source" DRM) - * + * * NOTE: If this LDIF file contains data that was originally * from a DRM instance that was prior to RHCS 8, it * must have previously undergone the appropriate * migration steps. - * + * * ENDING INVENTORY: - * + * * (1) all items listed in the STARTING INVENTORY (unchanged) - * + * * (2) a log file containing information suitable for audit * purposes - * + * * (3) an LDIF file containing the revised data suitable for * 'import' into a new DRM (referred to as the "target" DRM) - * + * * DRMTool PARAMETERS: - * + * * (1) the name of the DRMTOOL configuration file containing * DRM LDIF record types and the processing status of their * associated fields - * + * * (2) the name of the input LDIF file containing data which was * 'exported' from the source DRM instance - * + * * (3) the name of the output LDIF file intended to contain the * revised data suitable for 'import' to a target DRM instance - * + * * (4) the name of the log file that may be used for auditing * purposes - * + * * (5) a large numeric ID offset (mask) to be removed from existing * numeric data in the source DRM instance's LDIF file - * + * * (6) OPTIONALLY, choose to change the specified source DRM naming * context to the specified target DRM naming context - * + * * (7) OPTIONALLY, choose to ONLY process CA enrollment requests, * CA recovery requests, CA key records, TPS netkeyKeygen * enrollment requests, TPS recovery requests, and * TPS key records - * + * * DATA FIELDS AFFECTED (using default config file values): - * + * * (1) CA DRM enrollment request - * + * * (a) cn * (b) dateOfModify * (c) extdata-keyrecord * (d) extdata-requestnotes * (e) requestId - * + * * (2) CA DRM key record - * + * * (a) cn * (b) dateOfModify * (c) serialno - * + * * (3) CA DRM recovery request - * + * * (a) cn * (b) dateOfModify * (c) extdata-requestid * (d) extdata-requestnotes (NEW) * (e) extdata-serialnumber * (f) requestId - * + * * (4) TPS DRM netkeyKeygen (enrollment) request - * + * * (a) cn * (b) dateOfModify * (c) extdata-keyrecord * (d) extdata-requestid * (e) extdata-requestnotes (NEW) * (f) requestId - * + * * (5) TPS DRM key record - * + * * (a) cn * (b) dateOfModify * (c) serialno - * + * * (6) TPS DRM recovery request - * + * * (a) cn * (b) dateOfModify * (c) extdata-requestid * (d) extdata-requestnotes (NEW) * (e) extdata-serialnumber * (f) requestId - * + * * </PRE> - * + * * <P> * DRMTool may be invoked as follows: + * * <PRE> - * + * * DRMTool * -drmtool_config_file <path + drmtool config file> * -source_ldif_file <path + source ldif file> @@ -408,91 +410,90 @@ import org.mozilla.jss.util.Password; * [-source_drm_naming_context '<original source DRM naming context>'] * [-target_drm_naming_context '<renamed target DRM naming context>'] * [-process_requests_and_key_records_only] - * + * * where the following options are 'Mandatory': - * + * * -drmtool_config_file <path + drmtool config file> * -source_ldif_file <path + source ldif file> * -target_ldif_file <path + target ldif file> * -log_file <path + log file> - * + * * AND at least ONE of the following are a 'Mandatory' set of options: - * + * * (a) options for using a new storage key for rewrapping: - * + * * [-source_pki_security_database_path * <path to PKI source database>] * [-source_storage_token_name '<source token>'] * [-source_storage_certificate_nickname '<source nickname>'] * [-target_storage_certificate_file * <path to target certificate file>] - * + * * AND OPTIONALLY, specify the name of a file which ONLY contains * the password needed to access the source DRM instance's * security databases: - * + * * [-source_pki_security_database_pwdfile * <path to PKI password file>] - * + * * AND OPTIONALLY, rename source DRM naming context --> target * DRM naming context: - * + * * [-source_drm_naming_context '<source DRM naming context>'] * [-target_drm_naming_context '<target DRM naming context>'] - * + * * AND OPTIONALLY, process requests and key records ONLY: - * + * * [-process_requests_and_key_records_only] - * + * * (b) option for appending the specified numeric ID offset * to existing numerical data: - * + * * [-append_id_offset <numeric offset>] - * + * * AND OPTIONALLY, rename source DRM naming context --> target * DRM naming context: - * + * * [-source_drm_naming_context '<source DRM naming context>'] * [-target_drm_naming_context '<target DRM naming context>'] - * + * * AND OPTIONALLY, process requests and key records ONLY: - * + * * [-process_requests_and_key_records_only] - * + * * (c) option for removing the specified numeric ID offset * from existing numerical data: - * + * * AND OPTIONALLY, rename source DRM naming context --> target * DRM naming context: - * + * * [-source_drm_naming_context '<source DRM naming context>'] * [-target_drm_naming_context '<target DRM naming context>'] - * + * * [-remove_id_offset <numeric offset>] - * + * * AND OPTIONALLY, process requests and key records ONLY: - * + * * [-process_requests_and_key_records_only] - * + * * (d) (a) rewrap AND (b) append ID offset * [AND OPTIONALLY, rename source DRM naming context --> target * DRM naming context] * [AND OPTIONALLY process requests and key records ONLY] - * + * * (e) (a) rewrap AND (c) remove ID offset * [AND OPTIONALLY, rename source DRM naming context --> target * DRM naming context] * [AND OPTIONALLY process requests and key records ONLY] - * + * * NOTE: Options (b) and (c) are mutually exclusive! - * + * * </PRE> - * + * * @author mharmsen * @version $Revision$, $Date$ */ -public class DRMTool -{ +public class DRMTool { /*************/ /* Constants */ /*************/ @@ -512,16 +513,13 @@ public class DRMTool private static final String SPACE = " "; private static final String TIC = "'"; - // Constants: Calendar private static final String DATE_OF_MODIFY_PATTERN = "yyyyMMddHHmmss'Z'"; private static final String LOGGING_DATE_PATTERN = "dd/MMM/yyyy:HH:mm:ss z"; - // Constants: PKCS #11 Information private static final String INTERNAL_TOKEN = "Internal Key Storage Token"; - // Constants: Command-line Options private static final int ID_OFFSET_NAME_VALUE_PAIRS = 1; private static final int PWDFILE_NAME_VALUE_PAIRS = 1; @@ -532,116 +530,91 @@ public class DRMTool private static final int REWRAP_ARGS = 16; private static final int REWRAP_AND_ID_OFFSET_ARGS = 18; - // Constants: Command-line Options (Mandatory) private static final String DRM_TOOL = "DRMTool"; - private static final String - DRMTOOL_CFG_FILE = "-drmtool_config_file"; + private static final String DRMTOOL_CFG_FILE = "-drmtool_config_file"; - private static final String - DRMTOOL_CFG_DESCRIPTION = " <complete path to the drmtool config file" + private static final String DRMTOOL_CFG_DESCRIPTION = " <complete path to the drmtool config file" + NEWLINE + " " + " ending with the drmtool config file name>"; - private static final String - DRMTOOL_CFG_FILE_EXAMPLE = DRMTOOL_CFG_FILE + private static final String DRMTOOL_CFG_FILE_EXAMPLE = DRMTOOL_CFG_FILE + " " + "/usr/share/pki/java-tools/DRMTool.cfg"; - private static final String - SOURCE_LDIF_FILE = "-source_ldif_file"; + private static final String SOURCE_LDIF_FILE = "-source_ldif_file"; - private static final String - SOURCE_LDIF_DESCRIPTION = " <complete path to the source LDIF input file" + private static final String SOURCE_LDIF_DESCRIPTION = " <complete path to the source LDIF input file" + NEWLINE + " " + " ending with the source LDIF file name>"; - private static final String - SOURCE_LDIF_FILE_EXAMPLE = SOURCE_LDIF_FILE + private static final String SOURCE_LDIF_FILE_EXAMPLE = SOURCE_LDIF_FILE + " " + "/export/pki/source.ldif"; - private static final String - TARGET_LDIF_FILE = "-target_ldif_file"; + private static final String TARGET_LDIF_FILE = "-target_ldif_file"; - private static final String - TARGET_LDIF_DESCRIPTION = " <complete path to the target LDIF output file" + private static final String TARGET_LDIF_DESCRIPTION = " <complete path to the target LDIF output file" + NEWLINE + " " + " ending with the target LDIF file name>"; - private static final String - TARGET_LDIF_FILE_EXAMPLE = TARGET_LDIF_FILE + private static final String TARGET_LDIF_FILE_EXAMPLE = TARGET_LDIF_FILE + " " + "/export/pki/target.ldif"; - private static final String - LOG_FILE = "-log_file"; + private static final String LOG_FILE = "-log_file"; - private static final String - LOG_DESCRIPTION = " <complete path to the log file" + private static final String LOG_DESCRIPTION = " <complete path to the log file" + NEWLINE + " " + " ending with the log file name>"; - private static final String - LOG_FILE_EXAMPLE = LOG_FILE + private static final String LOG_FILE_EXAMPLE = LOG_FILE + " " + "/export/pki/DRMTool.log"; - // Constants: Command-line Options (Rewrap) - private static final String - SOURCE_NSS_DB_PATH = "-source_pki_security_database_path"; + private static final String SOURCE_NSS_DB_PATH = "-source_pki_security_database_path"; - private static final String - SOURCE_NSS_DB_DESCRIPTION = " <complete path to the " + private static final String SOURCE_NSS_DB_DESCRIPTION = " <complete path to the " + "source security databases" + NEWLINE + " " + " used by data in the source LDIF file>"; - private static final String - SOURCE_NSS_DB_PATH_EXAMPLE = SOURCE_NSS_DB_PATH + private static final String SOURCE_NSS_DB_PATH_EXAMPLE = SOURCE_NSS_DB_PATH + " " + "/export/pki"; - private static final String - SOURCE_STORAGE_TOKEN_NAME = "-source_storage_token_name"; + private static final String SOURCE_STORAGE_TOKEN_NAME = "-source_storage_token_name"; - private static final String - SOURCE_STORAGE_TOKEN_DESCRIPTION = " <name of the token containing " + private static final String SOURCE_STORAGE_TOKEN_DESCRIPTION = " <name of the token containing " + "the source storage token>"; - private static final String - SOURCE_STORAGE_TOKEN_NAME_EXAMPLE = SOURCE_STORAGE_TOKEN_NAME + private static final String SOURCE_STORAGE_TOKEN_NAME_EXAMPLE = SOURCE_STORAGE_TOKEN_NAME + " " + TIC + "Internal Key Storage Token" + TIC; - private static final String - SOURCE_STORAGE_CERT_NICKNAME = "-source_storage_certificate_nickname"; + private static final String SOURCE_STORAGE_CERT_NICKNAME = "-source_storage_certificate_nickname"; - private static final String - SOURCE_STORAGE_CERT_NICKNAME_DESCRIPTION = " <nickname of the source " + private static final String SOURCE_STORAGE_CERT_NICKNAME_DESCRIPTION = " <nickname of the source " + "storage certificate>"; - private static final String - SOURCE_STORAGE_CERT_NICKNAME_EXAMPLE = SOURCE_STORAGE_CERT_NICKNAME + private static final String SOURCE_STORAGE_CERT_NICKNAME_EXAMPLE = SOURCE_STORAGE_CERT_NICKNAME + " " + TIC + "storageCert cert-pki-kra" + TIC; - private static final String - TARGET_STORAGE_CERTIFICATE_FILE = "-target_storage_certificate_file"; + private static final String TARGET_STORAGE_CERTIFICATE_FILE = "-target_storage_certificate_file"; - private static final String - TARGET_STORAGE_CERTIFICATE_DESCRIPTION = " <complete path to the target " + private static final String TARGET_STORAGE_CERTIFICATE_DESCRIPTION = " <complete path to the target " + "storage certificate file" + NEWLINE + " " @@ -656,86 +629,65 @@ public class DRMTool + " an ASCII format between a " + "header and footer>"; - private static final String - TARGET_STORAGE_CERTIFICATE_FILE_EXAMPLE = TARGET_STORAGE_CERTIFICATE_FILE + private static final String TARGET_STORAGE_CERTIFICATE_FILE_EXAMPLE = TARGET_STORAGE_CERTIFICATE_FILE + " " + "/export/pki/target_storage.cert"; - private static final String - SOURCE_NSS_DB_PWDFILE = "-source_pki_security_database_pwdfile"; + private static final String SOURCE_NSS_DB_PWDFILE = "-source_pki_security_database_pwdfile"; - private static final String - SOURCE_NSS_DB_PWDFILE_DESCRIPTION = " <complete path to the password " + private static final String SOURCE_NSS_DB_PWDFILE_DESCRIPTION = " <complete path to the password " + "file which ONLY contains the" + NEWLINE + " " + " password used to access the " + "source security databases>"; - private static final String - SOURCE_NSS_DB_PWDFILE_EXAMPLE = SOURCE_NSS_DB_PWDFILE + private static final String SOURCE_NSS_DB_PWDFILE_EXAMPLE = SOURCE_NSS_DB_PWDFILE + " " + "/export/pki/pwdfile"; - - // Constants: Command-line Options (ID Offset) - private static final String - APPEND_ID_OFFSET = "-append_id_offset"; + private static final String APPEND_ID_OFFSET = "-append_id_offset"; - private static final String - APPEND_ID_OFFSET_DESCRIPTION = " <ID offset that is appended to " + private static final String APPEND_ID_OFFSET_DESCRIPTION = " <ID offset that is appended to " + "each record's source ID>"; - private static final String - APPEND_ID_OFFSET_EXAMPLE = APPEND_ID_OFFSET + private static final String APPEND_ID_OFFSET_EXAMPLE = APPEND_ID_OFFSET + " " + "100000000000"; - private static final String - REMOVE_ID_OFFSET = "-remove_id_offset"; + private static final String REMOVE_ID_OFFSET = "-remove_id_offset"; - private static final String - REMOVE_ID_OFFSET_DESCRIPTION = " <ID offset that is removed from " + private static final String REMOVE_ID_OFFSET_DESCRIPTION = " <ID offset that is removed from " + "each record's source ID>"; - private static final String - REMOVE_ID_OFFSET_EXAMPLE = REMOVE_ID_OFFSET + private static final String REMOVE_ID_OFFSET_EXAMPLE = REMOVE_ID_OFFSET + " " + "100000000000"; - // Constants: Command-line Options - private static final String - SOURCE_DRM_NAMING_CONTEXT = "-source_drm_naming_context"; + private static final String SOURCE_DRM_NAMING_CONTEXT = "-source_drm_naming_context"; - private static final String - SOURCE_DRM_NAMING_CONTEXT_DESCRIPTION = " <source DRM naming context>"; + private static final String SOURCE_DRM_NAMING_CONTEXT_DESCRIPTION = " <source DRM naming context>"; - private static final String - SOURCE_DRM_NAMING_CONTEXT_EXAMPLE = SOURCE_DRM_NAMING_CONTEXT + private static final String SOURCE_DRM_NAMING_CONTEXT_EXAMPLE = SOURCE_DRM_NAMING_CONTEXT + " " + TIC + "alpha.example.com-pki-kra" + TIC; - private static final String - TARGET_DRM_NAMING_CONTEXT = "-target_drm_naming_context"; + private static final String TARGET_DRM_NAMING_CONTEXT = "-target_drm_naming_context"; - private static final String - TARGET_DRM_NAMING_CONTEXT_DESCRIPTION = " <target DRM naming context>"; + private static final String TARGET_DRM_NAMING_CONTEXT_DESCRIPTION = " <target DRM naming context>"; - private static final String - TARGET_DRM_NAMING_CONTEXT_EXAMPLE = TARGET_DRM_NAMING_CONTEXT + private static final String TARGET_DRM_NAMING_CONTEXT_EXAMPLE = TARGET_DRM_NAMING_CONTEXT + " " + TIC + "omega.example.com-pki-kra" + TIC; - private static final String - PROCESS_REQUESTS_AND_KEY_RECORDS_ONLY = - "-process_requests_and_key_records_only"; - + private static final String PROCESS_REQUESTS_AND_KEY_RECORDS_ONLY = + "-process_requests_and_key_records_only"; // Constants: DRMTOOL Config File private static final String DRMTOOL_CFG_PREFIX = "drmtool.ldif"; @@ -745,234 +697,189 @@ public class DRMTool private static final String DRMTOOL_CFG_TPS_KEY_RECORD = "tpsKeyRecord"; private static final String DRMTOOL_CFG_KEYGEN = "tpsNetkeyKeygenRequest"; - // Constants: DRMTOOL Config File (DRM CA Enrollment Request Fields) - private static final String - DRMTOOL_CFG_ENROLLMENT_CN = DRMTOOL_CFG_PREFIX + private static final String DRMTOOL_CFG_ENROLLMENT_CN = DRMTOOL_CFG_PREFIX + DOT + DRMTOOL_CFG_ENROLLMENT + DOT + "cn"; - private static final String - DRMTOOL_CFG_ENROLLMENT_DATE_OF_MODIFY = DRMTOOL_CFG_PREFIX + private static final String DRMTOOL_CFG_ENROLLMENT_DATE_OF_MODIFY = DRMTOOL_CFG_PREFIX + DOT + DRMTOOL_CFG_ENROLLMENT + DOT + "dateOfModify"; - private static final String - DRMTOOL_CFG_ENROLLMENT_DN = DRMTOOL_CFG_PREFIX + private static final String DRMTOOL_CFG_ENROLLMENT_DN = DRMTOOL_CFG_PREFIX + DOT + DRMTOOL_CFG_ENROLLMENT + DOT + "dn"; - private static final String - DRMTOOL_CFG_ENROLLMENT_EXTDATA_KEY_RECORD = DRMTOOL_CFG_PREFIX + private static final String DRMTOOL_CFG_ENROLLMENT_EXTDATA_KEY_RECORD = DRMTOOL_CFG_PREFIX + DOT + DRMTOOL_CFG_ENROLLMENT + DOT + "extdata.keyRecord"; - private static final String - DRMTOOL_CFG_ENROLLMENT_EXTDATA_REQUEST_NOTES = DRMTOOL_CFG_PREFIX + private static final String DRMTOOL_CFG_ENROLLMENT_EXTDATA_REQUEST_NOTES = DRMTOOL_CFG_PREFIX + DOT + DRMTOOL_CFG_ENROLLMENT + DOT + "extdata.requestNotes"; - private static final String - DRMTOOL_CFG_ENROLLMENT_REQUEST_ID = DRMTOOL_CFG_PREFIX + private static final String DRMTOOL_CFG_ENROLLMENT_REQUEST_ID = DRMTOOL_CFG_PREFIX + DOT + DRMTOOL_CFG_ENROLLMENT + DOT + "requestId"; - // Constants: DRMTOOL Config File (DRM CA Key Record Fields) - private static final String - DRMTOOL_CFG_CA_KEY_RECORD_CN = DRMTOOL_CFG_PREFIX + private static final String DRMTOOL_CFG_CA_KEY_RECORD_CN = DRMTOOL_CFG_PREFIX + DOT + DRMTOOL_CFG_CA_KEY_RECORD + DOT + "cn"; - private static final String - DRMTOOL_CFG_CA_KEY_RECORD_DATE_OF_MODIFY = DRMTOOL_CFG_PREFIX + private static final String DRMTOOL_CFG_CA_KEY_RECORD_DATE_OF_MODIFY = DRMTOOL_CFG_PREFIX + DOT + DRMTOOL_CFG_CA_KEY_RECORD + DOT + "dateOfModify"; - private static final String - DRMTOOL_CFG_CA_KEY_RECORD_DN = DRMTOOL_CFG_PREFIX + private static final String DRMTOOL_CFG_CA_KEY_RECORD_DN = DRMTOOL_CFG_PREFIX + DOT + DRMTOOL_CFG_ENROLLMENT + DOT + "dn"; - private static final String - DRMTOOL_CFG_CA_KEY_RECORD_PRIVATE_KEY_DATA = DRMTOOL_CFG_PREFIX + private static final String DRMTOOL_CFG_CA_KEY_RECORD_PRIVATE_KEY_DATA = DRMTOOL_CFG_PREFIX + DOT + DRMTOOL_CFG_CA_KEY_RECORD + DOT + "privateKeyData"; - private static final String - DRMTOOL_CFG_CA_KEY_RECORD_SERIAL_NO = DRMTOOL_CFG_PREFIX + private static final String DRMTOOL_CFG_CA_KEY_RECORD_SERIAL_NO = DRMTOOL_CFG_PREFIX + DOT + DRMTOOL_CFG_CA_KEY_RECORD + DOT + "serialno"; - // Constants: DRMTOOL Config File (DRM CA / TPS Recovery Request Fields) - private static final String - DRMTOOL_CFG_RECOVERY_CN = DRMTOOL_CFG_PREFIX + private static final String DRMTOOL_CFG_RECOVERY_CN = DRMTOOL_CFG_PREFIX + DOT + DRMTOOL_CFG_RECOVERY + DOT + "cn"; - private static final String - DRMTOOL_CFG_RECOVERY_DATE_OF_MODIFY = DRMTOOL_CFG_PREFIX + private static final String DRMTOOL_CFG_RECOVERY_DATE_OF_MODIFY = DRMTOOL_CFG_PREFIX + DOT + DRMTOOL_CFG_RECOVERY + DOT + "dateOfModify"; - private static final String - DRMTOOL_CFG_RECOVERY_DN = DRMTOOL_CFG_PREFIX + private static final String DRMTOOL_CFG_RECOVERY_DN = DRMTOOL_CFG_PREFIX + DOT + DRMTOOL_CFG_RECOVERY + DOT + "dn"; - private static final String - DRMTOOL_CFG_RECOVERY_EXTDATA_REQUEST_ID = DRMTOOL_CFG_PREFIX + private static final String DRMTOOL_CFG_RECOVERY_EXTDATA_REQUEST_ID = DRMTOOL_CFG_PREFIX + DOT + DRMTOOL_CFG_RECOVERY + DOT + "extdata.requestId"; - private static final String - DRMTOOL_CFG_RECOVERY_EXTDATA_REQUEST_NOTES = DRMTOOL_CFG_PREFIX + private static final String DRMTOOL_CFG_RECOVERY_EXTDATA_REQUEST_NOTES = DRMTOOL_CFG_PREFIX + DOT + DRMTOOL_CFG_RECOVERY + DOT + "extdata.requestNotes"; - private static final String - DRMTOOL_CFG_RECOVERY_EXTDATA_SERIAL_NUMBER = DRMTOOL_CFG_PREFIX + private static final String DRMTOOL_CFG_RECOVERY_EXTDATA_SERIAL_NUMBER = DRMTOOL_CFG_PREFIX + DOT + DRMTOOL_CFG_RECOVERY + DOT + "extdata.serialnumber"; - private static final String - DRMTOOL_CFG_RECOVERY_REQUEST_ID = DRMTOOL_CFG_PREFIX + private static final String DRMTOOL_CFG_RECOVERY_REQUEST_ID = DRMTOOL_CFG_PREFIX + DOT + DRMTOOL_CFG_RECOVERY + DOT + "requestId"; - // Constants: DRMTOOL Config File (DRM TPS Key Record Fields) - private static final String - DRMTOOL_CFG_TPS_KEY_RECORD_CN = DRMTOOL_CFG_PREFIX + private static final String DRMTOOL_CFG_TPS_KEY_RECORD_CN = DRMTOOL_CFG_PREFIX + DOT + DRMTOOL_CFG_TPS_KEY_RECORD + DOT + "cn"; - private static final String - DRMTOOL_CFG_TPS_KEY_RECORD_DATE_OF_MODIFY = DRMTOOL_CFG_PREFIX + private static final String DRMTOOL_CFG_TPS_KEY_RECORD_DATE_OF_MODIFY = DRMTOOL_CFG_PREFIX + DOT + DRMTOOL_CFG_TPS_KEY_RECORD + DOT + "dateOfModify"; - private static final String - DRMTOOL_CFG_TPS_KEY_RECORD_DN = DRMTOOL_CFG_PREFIX + private static final String DRMTOOL_CFG_TPS_KEY_RECORD_DN = DRMTOOL_CFG_PREFIX + DOT + DRMTOOL_CFG_TPS_KEY_RECORD + DOT + "dn"; - private static final String - DRMTOOL_CFG_TPS_KEY_RECORD_PRIVATE_KEY_DATA = DRMTOOL_CFG_PREFIX + private static final String DRMTOOL_CFG_TPS_KEY_RECORD_PRIVATE_KEY_DATA = DRMTOOL_CFG_PREFIX + DOT + DRMTOOL_CFG_TPS_KEY_RECORD + DOT + "privateKeyData"; - private static final String - DRMTOOL_CFG_TPS_KEY_RECORD_SERIAL_NO = DRMTOOL_CFG_PREFIX + private static final String DRMTOOL_CFG_TPS_KEY_RECORD_SERIAL_NO = DRMTOOL_CFG_PREFIX + DOT + DRMTOOL_CFG_TPS_KEY_RECORD + DOT + "serialno"; - // Constants: DRMTOOL Config File (DRM TPS Netkey Keygen Request Fields) - private static final String - DRMTOOL_CFG_KEYGEN_CN = DRMTOOL_CFG_PREFIX + private static final String DRMTOOL_CFG_KEYGEN_CN = DRMTOOL_CFG_PREFIX + DOT + DRMTOOL_CFG_KEYGEN + DOT + "cn"; - private static final String - DRMTOOL_CFG_KEYGEN_DATE_OF_MODIFY = DRMTOOL_CFG_PREFIX + private static final String DRMTOOL_CFG_KEYGEN_DATE_OF_MODIFY = DRMTOOL_CFG_PREFIX + DOT + DRMTOOL_CFG_KEYGEN + DOT + "dateOfModify"; - private static final String - DRMTOOL_CFG_KEYGEN_DN = DRMTOOL_CFG_PREFIX + private static final String DRMTOOL_CFG_KEYGEN_DN = DRMTOOL_CFG_PREFIX + DOT + DRMTOOL_CFG_KEYGEN + DOT + "dn"; - private static final String - DRMTOOL_CFG_KEYGEN_EXTDATA_KEY_RECORD = DRMTOOL_CFG_PREFIX + private static final String DRMTOOL_CFG_KEYGEN_EXTDATA_KEY_RECORD = DRMTOOL_CFG_PREFIX + DOT + DRMTOOL_CFG_KEYGEN + DOT + "extdata.keyRecord"; - private static final String - DRMTOOL_CFG_KEYGEN_EXTDATA_REQUEST_ID = DRMTOOL_CFG_PREFIX + private static final String DRMTOOL_CFG_KEYGEN_EXTDATA_REQUEST_ID = DRMTOOL_CFG_PREFIX + DOT + DRMTOOL_CFG_KEYGEN + DOT + "extdata.requestId"; - private static final String - DRMTOOL_CFG_KEYGEN_EXTDATA_REQUEST_NOTES = DRMTOOL_CFG_PREFIX + private static final String DRMTOOL_CFG_KEYGEN_EXTDATA_REQUEST_NOTES = DRMTOOL_CFG_PREFIX + DOT + DRMTOOL_CFG_KEYGEN + DOT + "extdata.requestNotes"; - private static final String - DRMTOOL_CFG_KEYGEN_REQUEST_ID = DRMTOOL_CFG_PREFIX + private static final String DRMTOOL_CFG_KEYGEN_REQUEST_ID = DRMTOOL_CFG_PREFIX + DOT + DRMTOOL_CFG_KEYGEN + DOT + "requestId"; - // Constants: Target Certificate Information private static final String HEADER = "-----BEGIN"; private static final String TRAILER = "-----END"; private static final String X509_INFO = "x509.INFO"; - // Constants: DRM LDIF Record Fields private static final String DRM_LDIF_ARCHIVED_BY = "archivedBy:"; private static final String DRM_LDIF_CN = "cn:"; private static final String DRM_LDIF_DATE_OF_MODIFY = "dateOfModify:"; private static final String DRM_LDIF_DN = "dn:"; private static final String DRM_LDIF_DN_EMBEDDED_CN_DATA = "dn: cn"; - private static final String - DRM_LDIF_EXTDATA_AUTH_TOKEN_USER = "extdata-auth--005ftoken;user:"; - private static final String - DRM_LDIF_EXTDATA_AUTH_TOKEN_USER_DN = "extdata-auth--005ftoken;userdn:"; - private static final String - DRM_LDIF_EXTDATA_KEY_RECORD = "extdata-keyrecord:"; - private static final String - DRM_LDIF_EXTDATA_REQUEST_ID = "extdata-requestid:"; - private static final String - DRM_LDIF_EXTDATA_REQUEST_NOTES = "extdata-requestnotes:"; - private static final String - DRM_LDIF_EXTDATA_REQUEST_TYPE = "extdata-requesttype:"; - private static final String - DRM_LDIF_EXTDATA_SERIAL_NUMBER = "extdata-serialnumber:"; + private static final String DRM_LDIF_EXTDATA_AUTH_TOKEN_USER = "extdata-auth--005ftoken;user:"; + private static final String DRM_LDIF_EXTDATA_AUTH_TOKEN_USER_DN = "extdata-auth--005ftoken;userdn:"; + private static final String DRM_LDIF_EXTDATA_KEY_RECORD = "extdata-keyrecord:"; + private static final String DRM_LDIF_EXTDATA_REQUEST_ID = "extdata-requestid:"; + private static final String DRM_LDIF_EXTDATA_REQUEST_NOTES = "extdata-requestnotes:"; + private static final String DRM_LDIF_EXTDATA_REQUEST_TYPE = "extdata-requesttype:"; + private static final String DRM_LDIF_EXTDATA_SERIAL_NUMBER = "extdata-serialnumber:"; private static final String DRM_LDIF_PRIVATE_KEY_DATA = "privateKeyData::"; private static final String DRM_LDIF_REQUEST_ID = "requestId:"; private static final String DRM_LDIF_REQUEST_TYPE = "requestType:"; private static final String DRM_LDIF_SERIAL_NO = "serialno:"; - // Constants: DRM LDIF Record Values private static final int INITIAL_LDIF_RECORD_CAPACITY = 0; private static final int EXTDATA_REQUEST_NOTES_FIRST_LINE_DATA_LENGTH = 56; @@ -984,7 +891,6 @@ public class DRMTool private static final String DRM_LDIF_RECOVERY = "recovery"; private static final String DRM_LDIF_TPS_KEY_RECORD = "TPS"; - // Constants: DRM LDIF Record Messages private static final String DRM_LDIF_REWRAP_MESSAGE = "REWRAPPED the '" + "existing DES3 " @@ -997,7 +903,7 @@ public class DRMTool + "certificate"; private static final String DRM_LDIF_USED_PWDFILE_MESSAGE = "USED source PKI security database " - + "password file"; + + "password file"; private static final String DRM_LDIF_APPENDED_ID_OFFSET_MESSAGE = "APPENDED ID offset"; private static final String DRM_LDIF_REMOVED_ID_OFFSET_MESSAGE = @@ -1006,11 +912,9 @@ public class DRMTool "RENAMED source DRM naming context '"; private static final String DRM_LDIF_TARGET_NAME_CONTEXT_MESSAGE = "' to target DRM naming context '"; - private static final String - DRM_LDIF_PROCESS_REQUESTS_AND_KEY_RECORDS_ONLY_MESSAGE = + private static final String DRM_LDIF_PROCESS_REQUESTS_AND_KEY_RECORDS_ONLY_MESSAGE = "PROCESSED requests and key records ONLY!"; - /*************/ /* Variables */ /*************/ @@ -1018,7 +922,6 @@ public class DRMTool // Variables: Calendar private static String mDateOfModify = null; - // Variables: Command-Line Options private static boolean mMandatoryFlag = false; private static boolean mRewrapFlag = false; @@ -1034,14 +937,12 @@ public class DRMTool private static int mRemoveIdOffsetNameValuePairs = 0; private static int mDrmNamingContextNameValuePairs = 0; - // Variables: Command-Line Values (Mandatory) private static String mDrmtoolCfgFilename = null; private static String mSourceLdifFilename = null; private static String mTargetLdifFilename = null; private static String mLogFilename = null; - // Variables: Command-Line Values (Rewrap) private static String mSourcePKISecurityDatabasePath = null; private static String mSourceStorageTokenName = null; @@ -1055,27 +956,22 @@ public class DRMTool private static BigInteger mAppendIdOffset = null; private static BigInteger mRemoveIdOffset = null; - // Variables: Command-Line Values (DRM Naming Contexts) private static String mSourceDrmNamingContext = null; private static String mTargetDrmNamingContext = null; - // Variables: DRMTOOL Config File Parameters of Interest private static Hashtable<String, Boolean> drmtoolCfg = null; - // Variables: DRMTOOL LDIF File Parameters of Interest private static Vector<String> record = null; private static Iterator<String> ldif_record = null; - // Variables: Logging - private static boolean mDebug = false; // set 'true' for debug messages + private static boolean mDebug = false; // set 'true' for debug messages private static PrintWriter logger = null; private static String current_date_and_time = null; - // Variables: PKCS #11 Information private static CryptoToken mSourceToken = null; private static X509Certificate mUnwrapCert = null; @@ -1083,13 +979,11 @@ public class DRMTool private static PublicKey mWrapPublicKey = null; private static int mPublicKeySize = 0; - // Variables: DRM LDIF Record Messages private static String mSourcePKISecurityDatabasePwdfileMessage = null; private static String mDrmNamingContextMessage = null; private static String mProcessRequestsAndKeyRecordsOnlyMessage = null; - /********************/ /* Calendar Methods */ /********************/ @@ -1097,17 +991,16 @@ public class DRMTool /** * This method is used to get the current date and time. * <P> - * + * * @param pattern string containing desired format of date and time * @return a formatted string containing the current date and time */ - private static String now( String pattern ) { + private static String now(String pattern) { Calendar cal = Calendar.getInstance(); - SimpleDateFormat sdf = new SimpleDateFormat( pattern ); - return sdf.format( cal.getTime() ); + SimpleDateFormat sdf = new SimpleDateFormat(pattern); + return sdf.format(cal.getTime()); } - /*****************/ /* Usage Methods */ /*****************/ @@ -1117,7 +1010,7 @@ public class DRMTool * execute DRMTool. */ private static void printUsage() { - System.out.println( "Usage: " + System.out.println("Usage: " + DRM_TOOL + NEWLINE + " " @@ -1220,9 +1113,9 @@ public class DRMTool + "[" + PROCESS_REQUESTS_AND_KEY_RECORDS_ONLY + "]" - + NEWLINE ); + + NEWLINE); - System.out.println( "Example of 'Rewrap and Append ID Offset':" + System.out.println("Example of 'Rewrap and Append ID Offset':" + NEWLINE + NEWLINE + " " @@ -1266,9 +1159,9 @@ public class DRMTool + NEWLINE + " " + PROCESS_REQUESTS_AND_KEY_RECORDS_ONLY - + NEWLINE ); + + NEWLINE); - System.out.println( "Example of 'Rewrap and Remove ID Offset':" + System.out.println("Example of 'Rewrap and Remove ID Offset':" + NEWLINE + NEWLINE + " " @@ -1312,9 +1205,9 @@ public class DRMTool + NEWLINE + " " + PROCESS_REQUESTS_AND_KEY_RECORDS_ONLY - + NEWLINE ); + + NEWLINE); - System.out.println( "Example of 'Rewrap':" + System.out.println("Example of 'Rewrap':" + NEWLINE + NEWLINE + " " @@ -1355,9 +1248,9 @@ public class DRMTool + NEWLINE + " " + PROCESS_REQUESTS_AND_KEY_RECORDS_ONLY - + NEWLINE ); + + NEWLINE); - System.out.println( "Example of 'Append ID Offset':" + System.out.println("Example of 'Append ID Offset':" + NEWLINE + NEWLINE + " " @@ -1386,9 +1279,9 @@ public class DRMTool + NEWLINE + " " + PROCESS_REQUESTS_AND_KEY_RECORDS_ONLY - + NEWLINE ); + + NEWLINE); - System.out.println( "Example of 'Remove ID Offset':" + System.out.println("Example of 'Remove ID Offset':" + NEWLINE + NEWLINE + " " @@ -1417,10 +1310,9 @@ public class DRMTool + NEWLINE + " " + PROCESS_REQUESTS_AND_KEY_RECORDS_ONLY - + NEWLINE ); + + NEWLINE); } - /*******************/ /* Logging Methods */ /*******************/ @@ -1428,83 +1320,80 @@ public class DRMTool /** * This method opens a new log file for writing. * <P> - * + * * @param logfile string containing the name of the log file to be opened */ - private static void open_log( String logfile ) { + private static void open_log(String logfile) { try { logger = new PrintWriter( new BufferedWriter( - new FileWriter( logfile ) ) ); - } catch( IOException eFile ) { - System.err.println( "ERROR: Unable to open file '" + new FileWriter(logfile))); + } catch (IOException eFile) { + System.err.println("ERROR: Unable to open file '" + logfile + "' for writing: '" + eFile.toString() + "'" - + NEWLINE ); - System.exit( 0 ); + + NEWLINE); + System.exit(0); } } - /** * This method closes the specified log file. * <P> - * + * * @param logfile string containing the name of the log file to be closed */ - private static void close_log( String logfile ) { + private static void close_log(String logfile) { logger.close(); } - /** * This method writes the specified message to the log file, and also * to 'stderr' if the boolean flag is set to 'true'. * <P> - * + * * @param msg string containing the message to be written to the log file * @param stderr boolean which also writes the message to 'stderr' if 'true' */ - private static void log( String msg, boolean stderr ) { - current_date_and_time = now( LOGGING_DATE_PATTERN ); - if( stderr ) { - System.err.println( msg ); + private static void log(String msg, boolean stderr) { + current_date_and_time = now(LOGGING_DATE_PATTERN); + if (stderr) { + System.err.println(msg); } - logger.write( "[" + logger.write("[" + current_date_and_time + "]: " - + msg ); + + msg); logger.flush(); } - /*********************************************/ /* PKCS #11: Rewrap RSA Storage Key Methods */ /*********************************************/ /** * Helper method to determine if two arrays contain the same values. - * + * * This method is based upon code from 'com.netscape.kra.StorageKeyUnit'. * <P> - * + * * @param bytes first array of bytes * @param ints second array of bytes * @return true if the two arrays are identical */ - private static boolean arraysEqual( byte[] bytes, byte[] ints ) { - if( bytes == null || ints == null ) { + private static boolean arraysEqual(byte[] bytes, byte[] ints) { + if (bytes == null || ints == null) { return false; } - if( bytes.length != ints.length ) { + if (bytes.length != ints.length) { return false; } - for( int i = 0; i < bytes.length; i++ ) { - if( bytes[i] != ints[i] ) { + for (int i = 0; i < bytes.length; i++) { + if (bytes[i] != ints[i]) { return false; } } @@ -1512,49 +1401,47 @@ public class DRMTool return true; } - /** * This method is used to obtain the private RSA storage key from * the "source" DRM instance's security databases. - * + * * This method is based upon code from 'com.netscape.kra.StorageKeyUnit'. * <P> - * + * * @return the private RSA storage key from the "source" DRM */ private static PrivateKey getPrivateKey() { try { - PrivateKey pk[] = mSourceToken.getCryptoStore().getPrivateKeys(); - - for( int i = 0; i < pk.length; i++ ) { - if( arraysEqual( pk[i].getUniqueID(), - ( ( TokenCertificate ) - mUnwrapCert ).getUniqueID() ) ) { - return pk[i]; - } - } - } catch( TokenException exToken ) { - log( "ERROR: Getting private key - " - + "TokenException: '" - + exToken.toString() - + "'" - + NEWLINE, true ); - System.exit( 0 ); + PrivateKey pk[] = mSourceToken.getCryptoStore().getPrivateKeys(); + + for (int i = 0; i < pk.length; i++) { + if (arraysEqual(pk[i].getUniqueID(), + ((TokenCertificate) + mUnwrapCert).getUniqueID())) { + return pk[i]; + } + } + } catch (TokenException exToken) { + log("ERROR: Getting private key - " + + "TokenException: '" + + exToken.toString() + + "'" + + NEWLINE, true); + System.exit(0); } return null; } - /** * This method gets the public key from the certificate stored - * in the "target" DRM storage certificate file. It also obtains + * in the "target" DRM storage certificate file. It also obtains * the keysize of this RSA key. - * + * * This method is based upon code from * 'com.netscape.cmstools.PrettyPrintCert'. * <P> - * + * * @return the public RSA storage key from the "target" DRM */ private static PublicKey getPublicKey() { @@ -1572,19 +1459,19 @@ public class DRMTool try { inputCert = new BufferedReader( new InputStreamReader( - new BufferedInputStream( - new FileInputStream( - mTargetStorageCertificateFilename - ) ) ) ); - } catch( FileNotFoundException exWrapFileNotFound ) { - log( "ERROR: No target storage " - + "certificate file named '" - + mTargetStorageCertificateFilename - + "' exists! FileNotFoundException: '" - + exWrapFileNotFound.toString() - + "'" - + NEWLINE, true ); - System.exit( 0 ); + new BufferedInputStream( + new FileInputStream( + mTargetStorageCertificateFilename + )))); + } catch (FileNotFoundException exWrapFileNotFound) { + log("ERROR: No target storage " + + "certificate file named '" + + mTargetStorageCertificateFilename + + "' exists! FileNotFoundException: '" + + exWrapFileNotFound.toString() + + "'" + + NEWLINE, true); + System.exit(0); } // Read the entire contents of the specified BASE 64 encoded @@ -1592,78 +1479,78 @@ public class DRMTool // headers beginning with HEADER and any trailers beginning // with TRAILER try { - while( ( encodedBASE64CertChunk = inputCert.readLine() ) != null ) { - if( !( encodedBASE64CertChunk.startsWith( HEADER ) ) && - !( encodedBASE64CertChunk.startsWith( TRAILER ) ) ) { + while ((encodedBASE64CertChunk = inputCert.readLine()) != null) { + if (!(encodedBASE64CertChunk.startsWith(HEADER)) && + !(encodedBASE64CertChunk.startsWith(TRAILER))) { encodedBASE64Cert += encodedBASE64CertChunk.trim(); } } - } catch( IOException exWrapReadLineIO ) { - log( "ERROR: Unexpected BASE64 " - + "encoded error encountered while reading '" - + mTargetStorageCertificateFilename - + "'! IOException: '" - + exWrapReadLineIO.toString() - + "'" - + NEWLINE, true ); - System.exit( 0 ); + } catch (IOException exWrapReadLineIO) { + log("ERROR: Unexpected BASE64 " + + "encoded error encountered while reading '" + + mTargetStorageCertificateFilename + + "'! IOException: '" + + exWrapReadLineIO.toString() + + "'" + + NEWLINE, true); + System.exit(0); } // Close the DataInputStream() object try { inputCert.close(); - } catch( IOException exWrapCloseIO ) { - log( "ERROR: Unexpected BASE64 " - + "encoded error encountered in closing '" - + mTargetStorageCertificateFilename - + "'! IOException: '" - + exWrapCloseIO.toString() - + "'" - + NEWLINE, true ); - System.exit( 0 ); + } catch (IOException exWrapCloseIO) { + log("ERROR: Unexpected BASE64 " + + "encoded error encountered in closing '" + + mTargetStorageCertificateFilename + + "'! IOException: '" + + exWrapCloseIO.toString() + + "'" + + NEWLINE, true); + System.exit(0); } // Decode the ASCII BASE 64 certificate enclosed in the // String() object into a BINARY BASE 64 byte[] object decodedBASE64Cert = com.netscape.osutil.OSUtil.AtoB( - encodedBASE64Cert ); + encodedBASE64Cert); // Create an X509CertImpl() object from // the BINARY BASE 64 byte[] object try { - cert = new X509CertImpl( decodedBASE64Cert ); - } catch( CertificateException exWrapCertificate ) { - log( "ERROR: Error encountered " - + "in parsing certificate in '" - + mTargetStorageCertificateFilename - + "' CertificateException: '" - + exWrapCertificate.toString() - + "'" - + NEWLINE, true ); - System.exit( 0 ); + cert = new X509CertImpl(decodedBASE64Cert); + } catch (CertificateException exWrapCertificate) { + log("ERROR: Error encountered " + + "in parsing certificate in '" + + mTargetStorageCertificateFilename + + "' CertificateException: '" + + exWrapCertificate.toString() + + "'" + + NEWLINE, true); + System.exit(0); } // Extract the Public Key key = cert.getPublicKey(); - if( key == null ) { - log( "ERROR: Unable to extract public key " - + "from certificate that was stored in '" - + mTargetStorageCertificateFilename - + "'." - + NEWLINE, true ); - System.exit( 0 ); + if (key == null) { + log("ERROR: Unable to extract public key " + + "from certificate that was stored in '" + + mTargetStorageCertificateFilename + + "'." + + NEWLINE, true); + System.exit(0); } // Convert this X.509 public key --> RSA public key try { - rsakey = new RSAPublicKey( key.getEncoded() ); - } catch( InvalidKeyException exInvalidKey ) { - log( "ERROR: Converting X.509 public key --> RSA public key - " - + "InvalidKeyException: '" - + exInvalidKey.toString() - + "'" - + NEWLINE, true ); - System.exit( 0 ); + rsakey = new RSAPublicKey(key.getEncoded()); + } catch (InvalidKeyException exInvalidKey) { + log("ERROR: Converting X.509 public key --> RSA public key - " + + "InvalidKeyException: '" + + exInvalidKey.toString() + + "'" + + NEWLINE, true); + System.exit(0); } // Obtain the Public Key's keysize @@ -1672,14 +1559,13 @@ public class DRMTool return key; } - /** * This method is used to obtain the private RSA storage key * from the "source" DRM instance's security databases and * the public RSA storage key from the certificate stored in * the "target" DRM storage certificate file. * <P> - * + * * @return true if successfully able to obtain both keys */ private static boolean obtain_RSA_rewrapping_keys() { @@ -1687,67 +1573,67 @@ public class DRMTool // Initialize the source security databases try { - log( "Initializing source PKI security databases in '" - + mSourcePKISecurityDatabasePath + "'." - + NEWLINE, true ); - - CryptoManager.initialize( mSourcePKISecurityDatabasePath ); - } catch( KeyDatabaseException exKey ) { - log( "ERROR: source_pki_security_database_path='" - + mSourcePKISecurityDatabasePath - + "' KeyDatabaseException: '" - + exKey.toString() - + "'" - + NEWLINE, true ); - System.exit( 0 ); - } catch( CertDatabaseException exCert ) { - log( "ERROR: source_pki_security_database_path='" - + mSourcePKISecurityDatabasePath - + "' CertDatabaseException: '" - + exCert.toString() - + "'" - + NEWLINE, true ); - System.exit( 0 ); - } catch( AlreadyInitializedException exAlreadyInitialized ) { - log( "ERROR: source_pki_security_database_path='" - + mSourcePKISecurityDatabasePath - + "' AlreadyInitializedException: '" - + exAlreadyInitialized.toString() - + "'" - + NEWLINE, true ); - System.exit( 0 ); - } catch( GeneralSecurityException exSecurity ) { - log( "ERROR: source_pki_security_database_path='" - + mSourcePKISecurityDatabasePath - + "' GeneralSecurityException: '" - + exSecurity.toString() - + "'" - + NEWLINE, true ); - System.exit( 0 ); + log("Initializing source PKI security databases in '" + + mSourcePKISecurityDatabasePath + "'." + + NEWLINE, true); + + CryptoManager.initialize(mSourcePKISecurityDatabasePath); + } catch (KeyDatabaseException exKey) { + log("ERROR: source_pki_security_database_path='" + + mSourcePKISecurityDatabasePath + + "' KeyDatabaseException: '" + + exKey.toString() + + "'" + + NEWLINE, true); + System.exit(0); + } catch (CertDatabaseException exCert) { + log("ERROR: source_pki_security_database_path='" + + mSourcePKISecurityDatabasePath + + "' CertDatabaseException: '" + + exCert.toString() + + "'" + + NEWLINE, true); + System.exit(0); + } catch (AlreadyInitializedException exAlreadyInitialized) { + log("ERROR: source_pki_security_database_path='" + + mSourcePKISecurityDatabasePath + + "' AlreadyInitializedException: '" + + exAlreadyInitialized.toString() + + "'" + + NEWLINE, true); + System.exit(0); + } catch (GeneralSecurityException exSecurity) { + log("ERROR: source_pki_security_database_path='" + + mSourcePKISecurityDatabasePath + + "' GeneralSecurityException: '" + + exSecurity.toString() + + "'" + + NEWLINE, true); + System.exit(0); } // Retrieve the source storage token by its name try { - log( "Retrieving token from CryptoManager." - + NEWLINE, true ); + log("Retrieving token from CryptoManager." + + NEWLINE, true); cm = CryptoManager.getInstance(); - log( "Retrieving source storage token called '" - + mSourceStorageTokenName - + "'." - + NEWLINE, true ); + log("Retrieving source storage token called '" + + mSourceStorageTokenName + + "'." + + NEWLINE, true); - if( mSourceStorageTokenName.equals( INTERNAL_TOKEN ) ) { + if (mSourceStorageTokenName.equals(INTERNAL_TOKEN)) { mSourceToken = cm.getInternalKeyStorageToken(); } else { - mSourceToken = cm.getTokenByName( mSourceStorageTokenName ); + mSourceToken = cm.getTokenByName(mSourceStorageTokenName); } - if( mSourceToken == null ) { + if (mSourceToken == null) { return FAILURE; } - if( mPwdfileFlag ) { + if (mPwdfileFlag) { BufferedReader in = null; String pwd = null; Password mPwd = null; @@ -1755,177 +1641,174 @@ public class DRMTool try { in = new BufferedReader( new FileReader( - mSourcePKISecurityDatabasePwdfile ) ); + mSourcePKISecurityDatabasePwdfile)); pwd = in.readLine(); - mPwd = new Password( pwd.toCharArray() ); - - mSourceToken.login( mPwd ); - } catch( Exception exReadPwd ) { - log( "ERROR: Failed to read the keydb password from " - + "the file '" - + mSourcePKISecurityDatabasePwdfile - + "'. Exception: '" - + exReadPwd.toString() - + "'" - + NEWLINE, true ); - System.exit( 0 ); + mPwd = new Password(pwd.toCharArray()); + + mSourceToken.login(mPwd); + } catch (Exception exReadPwd) { + log("ERROR: Failed to read the keydb password from " + + "the file '" + + mSourcePKISecurityDatabasePwdfile + + "'. Exception: '" + + exReadPwd.toString() + + "'" + + NEWLINE, true); + System.exit(0); } } - } catch( Exception exUninitialized ) { - log( "ERROR: Uninitialized CryptoManager - '" - + exUninitialized.toString() - + "'" - + NEWLINE, true ); - System.exit( 0 ); + } catch (Exception exUninitialized) { + log("ERROR: Uninitialized CryptoManager - '" + + exUninitialized.toString() + + "'" + + NEWLINE, true); + System.exit(0); } // Retrieve the source storage cert by its nickname try { - if( mSourceStorageTokenName.equals( INTERNAL_TOKEN ) ) { - log( "Retrieving source storage cert with nickname of '" - + mSourceStorageCertNickname - + "'." - + NEWLINE, true ); + if (mSourceStorageTokenName.equals(INTERNAL_TOKEN)) { + log("Retrieving source storage cert with nickname of '" + + mSourceStorageCertNickname + + "'." + + NEWLINE, true); - mUnwrapCert = cm.findCertByNickname( mSourceStorageCertNickname + mUnwrapCert = cm.findCertByNickname(mSourceStorageCertNickname ); } else { - log( "Retrieving source storage cert with nickname of '" - + mSourceStorageTokenName - + ":" - + mSourceStorageCertNickname - + "'. " - + NEWLINE, true ); - mUnwrapCert = cm.findCertByNickname( mSourceStorageTokenName + log("Retrieving source storage cert with nickname of '" + + mSourceStorageTokenName + + ":" + + mSourceStorageCertNickname + + "'. " + + NEWLINE, true); + mUnwrapCert = cm.findCertByNickname(mSourceStorageTokenName + ":" + mSourceStorageCertNickname ); } - if( mUnwrapCert == null ) { + if (mUnwrapCert == null) { return FAILURE; } - } catch( ObjectNotFoundException exUnwrapObjectNotFound ) { - if( mSourceStorageTokenName.equals( INTERNAL_TOKEN ) ) { - log( "ERROR: No internal " - + "source storage cert named '" - + mSourceStorageCertNickname - + "' exists! ObjectNotFoundException: '" - + exUnwrapObjectNotFound.toString() - + "'" - + NEWLINE, true ); + } catch (ObjectNotFoundException exUnwrapObjectNotFound) { + if (mSourceStorageTokenName.equals(INTERNAL_TOKEN)) { + log("ERROR: No internal " + + "source storage cert named '" + + mSourceStorageCertNickname + + "' exists! ObjectNotFoundException: '" + + exUnwrapObjectNotFound.toString() + + "'" + + NEWLINE, true); } else { - log( "ERROR: No " - + "source storage cert named '" - + mSourceStorageTokenName - + ":" - + mSourceStorageCertNickname - + "' exists! ObjectNotFoundException: '" - + exUnwrapObjectNotFound - + "'" - + NEWLINE, true ); + log("ERROR: No " + + "source storage cert named '" + + mSourceStorageTokenName + + ":" + + mSourceStorageCertNickname + + "' exists! ObjectNotFoundException: '" + + exUnwrapObjectNotFound + + "'" + + NEWLINE, true); } - System.exit( 0 ); - } catch( TokenException exUnwrapToken ) { - if( mSourceStorageTokenName.equals( INTERNAL_TOKEN ) ) { - log( "ERROR: No internal " - + "source storage cert named '" - + mSourceStorageCertNickname - + "' exists! TokenException: '" - + exUnwrapToken.toString() - + "'" - + NEWLINE, true ); + System.exit(0); + } catch (TokenException exUnwrapToken) { + if (mSourceStorageTokenName.equals(INTERNAL_TOKEN)) { + log("ERROR: No internal " + + "source storage cert named '" + + mSourceStorageCertNickname + + "' exists! TokenException: '" + + exUnwrapToken.toString() + + "'" + + NEWLINE, true); } else { - log( "ERROR: No " - + "source storage cert named '" - + mSourceStorageTokenName - + ":" - + mSourceStorageCertNickname - + "' exists! TokenException: '" - + exUnwrapToken - + "'" - + NEWLINE, true ); + log("ERROR: No " + + "source storage cert named '" + + mSourceStorageTokenName + + ":" + + mSourceStorageCertNickname + + "' exists! TokenException: '" + + exUnwrapToken + + "'" + + NEWLINE, true); } - System.exit( 0 ); + System.exit(0); } - // Extract the private key from the source storage token - log( "BEGIN: Obtaining the private key from " - + "the source storage token . . ." - + NEWLINE, true ); + log("BEGIN: Obtaining the private key from " + + "the source storage token . . ." + + NEWLINE, true); mUnwrapPrivateKey = getPrivateKey(); - if( mUnwrapPrivateKey == null ) { - log( "ERROR: Failed extracting " - + "private key from the source storage token." - + NEWLINE, true ); - System.exit( 0 ); + if (mUnwrapPrivateKey == null) { + log("ERROR: Failed extracting " + + "private key from the source storage token." + + NEWLINE, true); + System.exit(0); } - log( "FINISHED: Obtaining the private key from " - + "the source storage token." - + NEWLINE, true ); - + log("FINISHED: Obtaining the private key from " + + "the source storage token." + + NEWLINE, true); // Extract the public key from the target storage certificate try { - log( "BEGIN: Obtaining the public key from " - + "the target storage certificate . . ." - + NEWLINE, true ); - - mWrapPublicKey = ( PublicKey ) - ( PK11PubKey.fromSPKI( - getPublicKey().getEncoded() ) ); - - if( mWrapPublicKey == null ) { - log( "ERROR: Failed extracting " - + "public key from target storage certificate stored in '" - + mTargetStorageCertificateFilename - + "'" - + NEWLINE, true ); - System.exit( 0 ); + log("BEGIN: Obtaining the public key from " + + "the target storage certificate . . ." + + NEWLINE, true); + + mWrapPublicKey = (PublicKey) + (PK11PubKey.fromSPKI( + getPublicKey().getEncoded())); + + if (mWrapPublicKey == null) { + log("ERROR: Failed extracting " + + "public key from target storage certificate stored in '" + + mTargetStorageCertificateFilename + + "'" + + NEWLINE, true); + System.exit(0); } - log( "FINISHED: Obtaining the public key from " - + "the target storage certificate." - + NEWLINE, true ); - } catch( InvalidKeyFormatException exInvalidPublicKey ) { - log( "ERROR: Failed extracting " - + "public key from target storage certificate stored in '" - + mTargetStorageCertificateFilename - + "' InvalidKeyFormatException '" - + exInvalidPublicKey.toString() - + "'" - + NEWLINE, true ); - System.exit( 0 ); + log("FINISHED: Obtaining the public key from " + + "the target storage certificate." + + NEWLINE, true); + } catch (InvalidKeyFormatException exInvalidPublicKey) { + log("ERROR: Failed extracting " + + "public key from target storage certificate stored in '" + + mTargetStorageCertificateFilename + + "' InvalidKeyFormatException '" + + exInvalidPublicKey.toString() + + "'" + + NEWLINE, true); + System.exit(0); } return SUCCESS; } - /** * This method basically rewraps the "wrappedKeyData" by implementiing * "mStorageUnit.decryptInternalPrivate( byte wrappedKeyData[] )" and * "mStorageUnit.encryptInternalPrivate( byte priKey[] )", where * "wrappedKeyData" uses the following structure: - * - * SEQUENCE { - * encryptedSession OCTET STRING, - * encryptedPrivate OCTET STRING - * } - * + * + * SEQUENCE { + * encryptedSession OCTET STRING, + * encryptedPrivate OCTET STRING + * } + * * This method is based upon code from * 'com.netscape.kra.EncryptionUnit'. * <P> - * + * * @return a byte[] containing the rewrappedKeyData */ - private static byte[] rewrap_wrapped_key_data( byte[] wrappedKeyData ) - throws Exception { + private static byte[] rewrap_wrapped_key_data(byte[] wrappedKeyData) + throws Exception { DerValue val = null; DerInputStream in = null; DerValue dSession = null; @@ -1944,75 +1827,75 @@ public class DRMTool // mStorageUnit.decryptInternalPrivate( byte wrappedKeyData[] ); // throws EBaseException try { - val = new DerValue( wrappedKeyData ); + val = new DerValue(wrappedKeyData); in = val.data; dSession = in.getDerValue(); source_session = dSession.getOctetString(); dPri = in.getDerValue(); pri = dPri.getOctetString(); source_rsaWrap = mSourceToken.getKeyWrapper( - KeyWrapAlgorithm.RSA ); - source_rsaWrap.initUnwrap( mUnwrapPrivateKey, null ); - sk = source_rsaWrap.unwrapSymmetric( source_session, + KeyWrapAlgorithm.RSA); + source_rsaWrap.initUnwrap(mUnwrapPrivateKey, null); + sk = source_rsaWrap.unwrapSymmetric(source_session, SymmetricKey.DES3, SymmetricKey.Usage.DECRYPT, - 0 ); - if( mDebug ) { - log( "DEBUG: sk = '" - + com.netscape.osutil.OSUtil.BtoA( sk.getEncoded() ) - + "' length = '" - + sk.getEncoded().length - + "'" - + NEWLINE, false ); - log( "DEBUG: pri = '" - + com.netscape.osutil.OSUtil.BtoA( pri ) - + "' length = '" - + pri.length - + "'" - + NEWLINE, false ); + 0); + if (mDebug) { + log("DEBUG: sk = '" + + com.netscape.osutil.OSUtil.BtoA(sk.getEncoded()) + + "' length = '" + + sk.getEncoded().length + + "'" + + NEWLINE, false); + log("DEBUG: pri = '" + + com.netscape.osutil.OSUtil.BtoA(pri) + + "' length = '" + + pri.length + + "'" + + NEWLINE, false); } - } catch( IOException exUnwrapIO ) { - log( "ERROR: Unwrapping key data - " - + "IOException: '" - + exUnwrapIO.toString() - + "'" - + NEWLINE, true ); - System.exit( 0 ); - } catch( NoSuchAlgorithmException exUnwrapAlgorithm ) { - log( "ERROR: Unwrapping key data - " - + "NoSuchAlgorithmException: '" - + exUnwrapAlgorithm.toString() - + "'" - + NEWLINE, true ); - System.exit( 0 ); - } catch( TokenException exUnwrapToken ) { - log( "ERROR: Unwrapping key data - " - + "TokenException: '" - + exUnwrapToken.toString() - + "'" - + NEWLINE, true ); - System.exit( 0 ); - } catch( InvalidKeyException exUnwrapInvalidKey ) { - log( "ERROR: Unwrapping key data - " - + "InvalidKeyException: '" - + exUnwrapInvalidKey.toString() - + "'" - + NEWLINE, true ); - System.exit( 0 ); - } catch( InvalidAlgorithmParameterException exUnwrapInvalidAlgorithm ) { - log( "ERROR: Unwrapping key data - " - + "InvalidAlgorithmParameterException: '" - + exUnwrapInvalidAlgorithm.toString() - + "'" - + NEWLINE, true ); - System.exit( 0 ); - } catch( IllegalStateException exUnwrapState ) { - log( "ERROR: Unwrapping key data - " - + "InvalidStateException: '" - + exUnwrapState.toString() - + "'" - + NEWLINE, true ); - System.exit( 0 ); + } catch (IOException exUnwrapIO) { + log("ERROR: Unwrapping key data - " + + "IOException: '" + + exUnwrapIO.toString() + + "'" + + NEWLINE, true); + System.exit(0); + } catch (NoSuchAlgorithmException exUnwrapAlgorithm) { + log("ERROR: Unwrapping key data - " + + "NoSuchAlgorithmException: '" + + exUnwrapAlgorithm.toString() + + "'" + + NEWLINE, true); + System.exit(0); + } catch (TokenException exUnwrapToken) { + log("ERROR: Unwrapping key data - " + + "TokenException: '" + + exUnwrapToken.toString() + + "'" + + NEWLINE, true); + System.exit(0); + } catch (InvalidKeyException exUnwrapInvalidKey) { + log("ERROR: Unwrapping key data - " + + "InvalidKeyException: '" + + exUnwrapInvalidKey.toString() + + "'" + + NEWLINE, true); + System.exit(0); + } catch (InvalidAlgorithmParameterException exUnwrapInvalidAlgorithm) { + log("ERROR: Unwrapping key data - " + + "InvalidAlgorithmParameterException: '" + + exUnwrapInvalidAlgorithm.toString() + + "'" + + NEWLINE, true); + System.exit(0); + } catch (IllegalStateException exUnwrapState) { + log("ERROR: Unwrapping key data - " + + "InvalidStateException: '" + + exUnwrapState.toString() + + "'" + + NEWLINE, true); + System.exit(0); } // public byte[] @@ -2021,82 +1904,81 @@ public class DRMTool try { // Use "mSourceToken" to get "KeyWrapAlgorithm.RSA" target_rsaWrap = mSourceToken.getKeyWrapper( - KeyWrapAlgorithm.RSA ); - target_rsaWrap.initWrap( mWrapPublicKey, null ); - target_session = target_rsaWrap.wrap( sk ); + KeyWrapAlgorithm.RSA); + target_rsaWrap.initWrap(mWrapPublicKey, null); + target_session = target_rsaWrap.wrap(sk); tmp = new DerOutputStream(); out = new DerOutputStream(); - tmp.putOctetString( target_session ); - tmp.putOctetString( pri ); - out.write( DerValue.tag_Sequence, tmp ); + tmp.putOctetString(target_session); + tmp.putOctetString(pri); + out.write(DerValue.tag_Sequence, tmp); rewrappedKeyData = out.toByteArray(); - } catch( NoSuchAlgorithmException exWrapAlgorithm ) { - log( "ERROR: Wrapping key data - " - + "NoSuchAlgorithmException: '" - + exWrapAlgorithm.toString() - + "'" - + NEWLINE, true ); - System.exit( 0 ); - } catch( TokenException exWrapToken ) { - log( "ERROR: Wrapping key data - " - + "TokenException: '" - + exWrapToken.toString() - + "'" - + NEWLINE, true ); - System.exit( 0 ); - } catch( InvalidKeyException exWrapInvalidKey ) { - log( "ERROR: Wrapping key data - " - + "InvalidKeyException: '" - + exWrapInvalidKey.toString() - + "'" - + NEWLINE, true ); - System.exit( 0 ); - } catch( InvalidAlgorithmParameterException exWrapInvalidAlgorithm ) { - log( "ERROR: Wrapping key data - " - + "InvalidAlgorithmParameterException: '" - + exWrapInvalidAlgorithm.toString() - + "'" - + NEWLINE, true ); - System.exit( 0 ); - } catch( IllegalStateException exWrapState ) { - log( "ERROR: Wrapping key data - " - + "InvalidStateException: '" - + exWrapState.toString() - + "'" - + NEWLINE, true ); - System.exit( 0 ); - } catch( IOException exWrapIO ) { - log( "ERROR: Wrapping key data - " - + "IOException: '" - + exWrapIO.toString() - + "'" - + NEWLINE, true ); - System.exit( 0 ); + } catch (NoSuchAlgorithmException exWrapAlgorithm) { + log("ERROR: Wrapping key data - " + + "NoSuchAlgorithmException: '" + + exWrapAlgorithm.toString() + + "'" + + NEWLINE, true); + System.exit(0); + } catch (TokenException exWrapToken) { + log("ERROR: Wrapping key data - " + + "TokenException: '" + + exWrapToken.toString() + + "'" + + NEWLINE, true); + System.exit(0); + } catch (InvalidKeyException exWrapInvalidKey) { + log("ERROR: Wrapping key data - " + + "InvalidKeyException: '" + + exWrapInvalidKey.toString() + + "'" + + NEWLINE, true); + System.exit(0); + } catch (InvalidAlgorithmParameterException exWrapInvalidAlgorithm) { + log("ERROR: Wrapping key data - " + + "InvalidAlgorithmParameterException: '" + + exWrapInvalidAlgorithm.toString() + + "'" + + NEWLINE, true); + System.exit(0); + } catch (IllegalStateException exWrapState) { + log("ERROR: Wrapping key data - " + + "InvalidStateException: '" + + exWrapState.toString() + + "'" + + NEWLINE, true); + System.exit(0); + } catch (IOException exWrapIO) { + log("ERROR: Wrapping key data - " + + "IOException: '" + + exWrapIO.toString() + + "'" + + NEWLINE, true); + System.exit(0); } return rewrappedKeyData; } - /** * Helper method used to remove all EOLs ('\n' and '\r') * from the passed in string. * <P> - * + * * @param data consisting of a string containing EOLs * @return a string consisting of a string with no EOLs */ - private static String stripEOL( String data ) { + private static String stripEOL(String data) { StringBuffer buffer = new StringBuffer(); String revised_data = null; - for( int i = 0; i < data.length(); i++ ) { - if( ( data.charAt(i) != '\n' ) && - ( data.charAt(i) != '\r' ) ) { - buffer.append( data.charAt( i ) ); + for (int i = 0; i < data.length(); i++) { + if ((data.charAt(i) != '\n') && + (data.charAt(i) != '\r')) { + buffer.append(data.charAt(i)); } } @@ -2105,25 +1987,24 @@ public class DRMTool return revised_data; } - /** * Helper method used to format a string containing unformatted data * into a string containing formatted data suitable as an entry for * an LDIF file. * <P> - * + * * @param length the length of the first line of data * @param data a string containing unformatted data * @return formatted data consisting of data formatted for an LDIF record - * suitable for an LDIF file + * suitable for an LDIF file */ - private static String format_ldif_data( int length, String data ) { + private static String format_ldif_data(int length, String data) { String revised_data = ""; - if( data.length() > length ) { + if (data.length() > length) { // process first line - for( int i = 0; i < length; i++ ) { - revised_data += data.charAt( i ); + for (int i = 0; i < length; i++) { + revised_data += data.charAt(i); } // terminate first line @@ -2131,26 +2012,25 @@ public class DRMTool // process remaining lines int j = 0; - for( int i = length; i < data.length(); i++ ) { - if( j == 0 ) { + for (int i = length; i < data.length(); i++) { + if (j == 0) { revised_data += ' '; } - revised_data += data.charAt( i ); + revised_data += data.charAt(i); j++; - if( j == 76 ) { + if (j == 76) { revised_data += '\n'; j = 0; } } } - return revised_data.replaceAll( "\\s+$", "" ); + return revised_data.replaceAll("\\s+$", ""); } - /*********************/ /* ID Offset Methods */ /*********************/ @@ -2158,77 +2038,75 @@ public class DRMTool /** * Helper method which converts an "indexed" BigInteger into * its String representation. - * + * * <PRE> - * + * * NOTE: Indexed data means that the numeric data * is stored with a prepended length * (e. g. - record '73' is stored as '0273'). - * + * * Indexed data is currently limited to '99' digits * (an index of '00' is invalid). See * 'com.netscape.cmscore.dbs.BigIntegerMapper.java' * for details. - * + * * </PRE> - * + * * This method is based upon code from * 'com.netscape.cmscore.dbs.BigIntegerMapper'. * <P> - * + * * @param i an "indexed " BigInteger * @return the string representation of the "indexed" BigInteger */ - private static String BigIntegerToDB( BigInteger i ) { + private static String BigIntegerToDB(BigInteger i) { int len = i.toString().length(); String ret = null; - if( len < 10 ) { - ret = "0" + Integer.toString( len ) + i.toString(); + if (len < 10) { + ret = "0" + Integer.toString(len) + i.toString(); } else { - ret = Integer.toString( len ) + i.toString(); + ret = Integer.toString(len) + i.toString(); } return ret; } - /** * Helper method which converts the string representation of an * "indexed" integer into a BigInteger. - * + * * <PRE> * NOTE: Indexed data means that the numeric data * is stored with a prepended length * (e. g. - record '73' is stored as '0273'). - * + * * Indexed data is currently limited to '99' digits * (an index of '00' is invalid). See * 'com.netscape.cmscore.dbs.BigIntegerMapper.java' * for details. * </PRE> - * + * * This method is based upon code from * 'com.netscape.cmscore.dbs.BigIntegerMapper'. * <P> - * + * * @param i the string representation of the "indexed" integer * @return an "indexed " BigInteger */ - private static BigInteger BigIntegerFromDB( String i ) { - String s = i.substring( 2 ); + private static BigInteger BigIntegerFromDB(String i) { + String s = i.substring(2); // possibly check length - return new BigInteger( s ); + return new BigInteger(s); } - /** * This method accepts an "attribute", its "delimiter", a string * representation of numeric data, and a flag indicating whether * or not the string representation is "indexed". - * + * * An "attribute" consists of one of the following values: - * + * * <PRE> * DRM_LDIF_CN = "cn:"; * DRM_LDIF_DN_EMBEDDED_CN_DATA = "dn: cn"; @@ -2237,31 +2115,31 @@ public class DRMTool * DRM_LDIF_EXTDATA_SERIAL_NUMBER = "extdata-serialnumber:"; * DRM_LDIF_REQUEST_ID = "requestId:"; * DRM_LDIF_SERIAL_NO = "serialno:"; - * - * + * + * * NOTE: Indexed data means that the numeric data * is stored with a prepended length * (e. g. - record '73' is stored as '0273'). - * + * * Indexed data is currently limited to '99' digits * (an index of '00' is invalid). See * 'com.netscape.cmscore.dbs.BigIntegerMapper.java' * for details. * </PRE> - * + * * <P> - * + * * @param attribute the string representation of the "name" * @param delimiter the separator between the attribute and its contents * @param source_line the string containing the "name" and "value" * @param indexed boolean flag indicating if the "value" is "indexed" * @return a revised line containing the "name" and "value" with the - * specified ID offset applied as a "mask" to the "value" + * specified ID offset applied as a "mask" to the "value" */ - private static String compose_numeric_line( String attribute, + private static String compose_numeric_line(String attribute, String delimiter, String source_line, - boolean indexed ) { + boolean indexed) { String target_line = null; String data = null; String revised_data = null; @@ -2269,28 +2147,28 @@ public class DRMTool // Since both "-append_id_offset" and "-remove_id_offset" are OPTIONAL // parameters, first check to see if either has been selected - if( !mAppendIdOffsetFlag && - !mRemoveIdOffsetFlag ) { + if (!mAppendIdOffsetFlag && + !mRemoveIdOffsetFlag) { return source_line; } try { // extract the data - data = source_line.substring( attribute.length() + 1 ).trim(); + data = source_line.substring(attribute.length() + 1).trim(); // skip values which are non-numeric - if( !data.matches( "[0-9]++" ) ) { + if (!data.matches("[0-9]++")) { // set the target_line to the unchanged source_line target_line = source_line; // log this information - log( "Skipped changing non-numeric line '" - + source_line - + "'." - + NEWLINE, false ); + log("Skipped changing non-numeric line '" + + source_line + + "'." + + NEWLINE, false); } else { // if indexed, first strip the index from the data - if( indexed ) { + if (indexed) { // NOTE: Indexed data means that the numeric data // is stored with a prepended length // (e. g. - record '73' is stored as '0273'). @@ -2299,54 +2177,54 @@ public class DRMTool // (an index of '00' is invalid). See // 'com.netscape.cmscore.dbs.BigIntegerMapper.java' // for details. - value = BigIntegerFromDB( data ); + value = BigIntegerFromDB(data); } else { - value = new BigInteger( data ); + value = new BigInteger(data); } // compare the specified target ID offset // with the actual value of the attribute - if( mAppendIdOffsetFlag ) { - if( mAppendIdOffset.compareTo( value ) == 1 ) { + if (mAppendIdOffsetFlag) { + if (mAppendIdOffset.compareTo(value) == 1) { // add the target ID offset to this value - if( indexed ) { + if (indexed) { revised_data = BigIntegerToDB( - value.add( mAppendIdOffset ) + value.add(mAppendIdOffset) ).toString(); } else { revised_data = value.add( - mAppendIdOffset ).toString(); + mAppendIdOffset).toString(); } } else { - log( "ERROR: attribute='" - + attribute - + "' is greater than the specified " - + "append_id_offset='" - + mAppendIdOffset.toString() - + "'!" - + NEWLINE, true ); - System.exit( 0 ); + log("ERROR: attribute='" + + attribute + + "' is greater than the specified " + + "append_id_offset='" + + mAppendIdOffset.toString() + + "'!" + + NEWLINE, true); + System.exit(0); } - } else if( mRemoveIdOffsetFlag ) { - if( mRemoveIdOffset.compareTo( value ) <= 0 ) { + } else if (mRemoveIdOffsetFlag) { + if (mRemoveIdOffset.compareTo(value) <= 0) { // subtract the target ID offset to this value - if( indexed ) { + if (indexed) { revised_data = BigIntegerToDB( - value.subtract( mRemoveIdOffset ) + value.subtract(mRemoveIdOffset) ).toString(); } else { - revised_data = value.subtract( mRemoveIdOffset + revised_data = value.subtract(mRemoveIdOffset ).toString(); } } else { - log( "ERROR: attribute='" - + attribute - + "' is less than the specified " - + "remove_id_offset='" - + mRemoveIdOffset.toString() - + "'!" - + NEWLINE, true ); - System.exit( 0 ); + log("ERROR: attribute='" + + attribute + + "' is less than the specified " + + "remove_id_offset='" + + mRemoveIdOffset.toString() + + "'!" + + NEWLINE, true); + System.exit(0); } } @@ -2354,35 +2232,34 @@ public class DRMTool target_line = attribute + delimiter + revised_data; // log this information - log( "Changed numeric data '" - + data - + "' to '" - + revised_data - + "'." - + NEWLINE, false ); + log("Changed numeric data '" + + data + + "' to '" + + revised_data + + "'." + + NEWLINE, false); } - } catch( IndexOutOfBoundsException exBounds ) { - log( "ERROR: source_line='" - + source_line - + "' IndexOutOfBoundsException: '" - + exBounds.toString() - + "'" - + NEWLINE, true ); - System.exit( 0 ); - } catch( PatternSyntaxException exPattern ) { - log( "ERROR: data='" - + data - + "' PatternSyntaxException: '" - + exPattern.toString() - + "'" - + NEWLINE, true ); - System.exit( 0 ); + } catch (IndexOutOfBoundsException exBounds) { + log("ERROR: source_line='" + + source_line + + "' IndexOutOfBoundsException: '" + + exBounds.toString() + + "'" + + NEWLINE, true); + System.exit(0); + } catch (PatternSyntaxException exPattern) { + log("ERROR: data='" + + data + + "' PatternSyntaxException: '" + + exPattern.toString() + + "'" + + NEWLINE, true); + System.exit(0); } return target_line; } - /***********************/ /* LDIF Parser Methods */ /***********************/ @@ -2390,189 +2267,187 @@ public class DRMTool /** * Helper method which composes the output line for DRM_LDIF_CN. * <P> - * + * * @param record_type the string representation of the input record type * @param line the string representation of the input line * @return the composed output line */ - private static String output_cn( String record_type, - String line ) { + private static String output_cn(String record_type, + String line) { String output = null; - if( record_type.equals( DRM_LDIF_ENROLLMENT ) ) { - if( drmtoolCfg.get( DRMTOOL_CFG_ENROLLMENT_CN ) ) { - output = compose_numeric_line( DRM_LDIF_CN, + if (record_type.equals(DRM_LDIF_ENROLLMENT)) { + if (drmtoolCfg.get(DRMTOOL_CFG_ENROLLMENT_CN)) { + output = compose_numeric_line(DRM_LDIF_CN, SPACE, line, - false ); + false); } else { output = line; } - } else if( record_type.equals( DRM_LDIF_CA_KEY_RECORD ) ) { - if( drmtoolCfg.get( DRMTOOL_CFG_CA_KEY_RECORD_CN ) ) { - output = compose_numeric_line( DRM_LDIF_CN, + } else if (record_type.equals(DRM_LDIF_CA_KEY_RECORD)) { + if (drmtoolCfg.get(DRMTOOL_CFG_CA_KEY_RECORD_CN)) { + output = compose_numeric_line(DRM_LDIF_CN, SPACE, line, - false ); + false); } else { output = line; } - } else if( record_type.equals( DRM_LDIF_RECOVERY ) ) { - if( drmtoolCfg.get( DRMTOOL_CFG_RECOVERY_CN ) ) { - output = compose_numeric_line( DRM_LDIF_CN, + } else if (record_type.equals(DRM_LDIF_RECOVERY)) { + if (drmtoolCfg.get(DRMTOOL_CFG_RECOVERY_CN)) { + output = compose_numeric_line(DRM_LDIF_CN, SPACE, line, - false ); + false); } else { output = line; } - } else if( record_type.equals( DRM_LDIF_TPS_KEY_RECORD ) ) { - if( drmtoolCfg.get( DRMTOOL_CFG_TPS_KEY_RECORD_CN ) ) { - output = compose_numeric_line( DRM_LDIF_CN, + } else if (record_type.equals(DRM_LDIF_TPS_KEY_RECORD)) { + if (drmtoolCfg.get(DRMTOOL_CFG_TPS_KEY_RECORD_CN)) { + output = compose_numeric_line(DRM_LDIF_CN, SPACE, line, - false ); + false); } else { output = line; } - } else if( record_type.equals( DRM_LDIF_KEYGEN ) ) { - if( drmtoolCfg.get( DRMTOOL_CFG_KEYGEN_CN ) ) { - output = compose_numeric_line( DRM_LDIF_CN, + } else if (record_type.equals(DRM_LDIF_KEYGEN)) { + if (drmtoolCfg.get(DRMTOOL_CFG_KEYGEN_CN)) { + output = compose_numeric_line(DRM_LDIF_CN, SPACE, line, - false ); + false); } else { output = line; } - } else if( record_type.equals( DRM_LDIF_RECORD ) ) { + } else if (record_type.equals(DRM_LDIF_RECORD)) { // Non-Request / Non-Key Record: // Pass through the original // 'cn' line UNCHANGED // so that it is ALWAYS written output = line; } else { - log( "ERROR: Mismatched record field='" - + DRM_LDIF_CN - + "' for record type='" - + record_type - + "'!" - + NEWLINE, true ); + log("ERROR: Mismatched record field='" + + DRM_LDIF_CN + + "' for record type='" + + record_type + + "'!" + + NEWLINE, true); } return output; } - /** * Helper method which composes the output line for DRM_LDIF_DATE_OF_MODIFY. * <P> - * + * * @param record_type the string representation of the input record type * @param line the string representation of the input line * @return the composed output line */ - private static String output_date_of_modify( String record_type, - String line ) { + private static String output_date_of_modify(String record_type, + String line) { String output = null; - if( record_type.equals( DRM_LDIF_ENROLLMENT ) ) { - if( drmtoolCfg.get( DRMTOOL_CFG_ENROLLMENT_DATE_OF_MODIFY ) ) { + if (record_type.equals(DRM_LDIF_ENROLLMENT)) { + if (drmtoolCfg.get(DRMTOOL_CFG_ENROLLMENT_DATE_OF_MODIFY)) { output = DRM_LDIF_DATE_OF_MODIFY - + SPACE - + mDateOfModify; - - log( "Changed '" - + line - + "' to '" - + output - + "'." - + NEWLINE, false ); + + SPACE + + mDateOfModify; + + log("Changed '" + + line + + "' to '" + + output + + "'." + + NEWLINE, false); } else { output = line; } - } else if( record_type.equals( DRM_LDIF_CA_KEY_RECORD ) ) { - if( drmtoolCfg.get( DRMTOOL_CFG_CA_KEY_RECORD_DATE_OF_MODIFY ) ) { + } else if (record_type.equals(DRM_LDIF_CA_KEY_RECORD)) { + if (drmtoolCfg.get(DRMTOOL_CFG_CA_KEY_RECORD_DATE_OF_MODIFY)) { output = DRM_LDIF_DATE_OF_MODIFY - + SPACE - + mDateOfModify; - - log( "Changed '" - + line - + "' to '" - + output - + "'." - + NEWLINE, false ); + + SPACE + + mDateOfModify; + + log("Changed '" + + line + + "' to '" + + output + + "'." + + NEWLINE, false); } else { output = line; } - } else if( record_type.equals( DRM_LDIF_RECOVERY ) ) { - if( drmtoolCfg.get( DRMTOOL_CFG_RECOVERY_DATE_OF_MODIFY ) ) { + } else if (record_type.equals(DRM_LDIF_RECOVERY)) { + if (drmtoolCfg.get(DRMTOOL_CFG_RECOVERY_DATE_OF_MODIFY)) { output = DRM_LDIF_DATE_OF_MODIFY - + SPACE - + mDateOfModify; - - log( "Changed '" - + line - + "' to '" - + output - + "'." - + NEWLINE, false ); + + SPACE + + mDateOfModify; + + log("Changed '" + + line + + "' to '" + + output + + "'." + + NEWLINE, false); } else { output = line; } - } else if( record_type.equals( DRM_LDIF_TPS_KEY_RECORD ) ) { - if( drmtoolCfg.get( DRMTOOL_CFG_TPS_KEY_RECORD_DATE_OF_MODIFY ) ) { + } else if (record_type.equals(DRM_LDIF_TPS_KEY_RECORD)) { + if (drmtoolCfg.get(DRMTOOL_CFG_TPS_KEY_RECORD_DATE_OF_MODIFY)) { output = DRM_LDIF_DATE_OF_MODIFY - + SPACE - + mDateOfModify; - - log( "Changed '" - + line - + "' to '" - + output - + "'." - + NEWLINE, false ); + + SPACE + + mDateOfModify; + + log("Changed '" + + line + + "' to '" + + output + + "'." + + NEWLINE, false); } else { output = line; } - } else if( record_type.equals( DRM_LDIF_KEYGEN ) ) { - if( drmtoolCfg.get( DRMTOOL_CFG_KEYGEN_DATE_OF_MODIFY ) ) { + } else if (record_type.equals(DRM_LDIF_KEYGEN)) { + if (drmtoolCfg.get(DRMTOOL_CFG_KEYGEN_DATE_OF_MODIFY)) { output = DRM_LDIF_DATE_OF_MODIFY - + SPACE - + mDateOfModify; - - log( "Changed '" - + line - + "' to '" - + output - + "'." - + NEWLINE, false ); + + SPACE + + mDateOfModify; + + log("Changed '" + + line + + "' to '" + + output + + "'." + + NEWLINE, false); } else { output = line; } } else { - log( "ERROR: Mismatched record field='" - + DRM_LDIF_DATE_OF_MODIFY - + "' for record type='" - + record_type - + "'!" - + NEWLINE, true ); + log("ERROR: Mismatched record field='" + + DRM_LDIF_DATE_OF_MODIFY + + "' for record type='" + + record_type + + "'!" + + NEWLINE, true); } return output; } - /** * Helper method which composes the output line for DRM_LDIF_DN. * <P> - * + * * @param record_type the string representation of the input record type * @param line the string representation of the input line * @return the composed output line */ - private static String output_dn( String record_type, - String line ) { + private static String output_dn(String record_type, + String line) { String data = null; String embedded_cn_data[] = null; String embedded_cn_output = null; @@ -2580,27 +2455,27 @@ public class DRMTool String output = null; try { - if( record_type.equals( DRM_LDIF_ENROLLMENT ) ) { - if( drmtoolCfg.get( DRMTOOL_CFG_ENROLLMENT_DN ) ) { + if (record_type.equals(DRM_LDIF_ENROLLMENT)) { + if (drmtoolCfg.get(DRMTOOL_CFG_ENROLLMENT_DN)) { // First check for an embedded "cn=<value>" // name-value pair - if( line.startsWith( DRM_LDIF_DN_EMBEDDED_CN_DATA ) ) { + if (line.startsWith(DRM_LDIF_DN_EMBEDDED_CN_DATA)) { // At this point, always extract // the embedded "cn=<value>" name-value pair // which will ALWAYS be the first // portion of the "dn: " attribute - embedded_cn_data = line.split( COMMA, 2 ); + embedded_cn_data = line.split(COMMA, 2); embedded_cn_output = compose_numeric_line( DRM_LDIF_DN_EMBEDDED_CN_DATA, EQUAL_SIGN, embedded_cn_data[0], - false ); + false); input = embedded_cn_output - + COMMA - + embedded_cn_data[1]; + + COMMA + + embedded_cn_data[1]; } else { input = line; } @@ -2609,36 +2484,36 @@ public class DRMTool // "-target_drm_naming_context" are OPTIONAL // parameters, ONLY process this portion of the field // if both of these options have been selected - if( mDrmNamingContextsFlag ) { - output = input.replace( mSourceDrmNamingContext, - mTargetDrmNamingContext ); + if (mDrmNamingContextsFlag) { + output = input.replace(mSourceDrmNamingContext, + mTargetDrmNamingContext); } else { output = input; } } else { output = line; } - } else if( record_type.equals( DRM_LDIF_CA_KEY_RECORD ) ) { - if( drmtoolCfg.get( DRMTOOL_CFG_CA_KEY_RECORD_DN ) ) { + } else if (record_type.equals(DRM_LDIF_CA_KEY_RECORD)) { + if (drmtoolCfg.get(DRMTOOL_CFG_CA_KEY_RECORD_DN)) { // First check for an embedded "cn=<value>" // name-value pair - if( line.startsWith( DRM_LDIF_DN_EMBEDDED_CN_DATA ) ) { + if (line.startsWith(DRM_LDIF_DN_EMBEDDED_CN_DATA)) { // At this point, always extract // the embedded "cn=<value>" name-value pair // which will ALWAYS be the first // portion of the "dn: " attribute - embedded_cn_data = line.split( COMMA, 2 ); + embedded_cn_data = line.split(COMMA, 2); embedded_cn_output = compose_numeric_line( DRM_LDIF_DN_EMBEDDED_CN_DATA, EQUAL_SIGN, embedded_cn_data[0], - false ); + false); input = embedded_cn_output - + COMMA - + embedded_cn_data[1]; + + COMMA + + embedded_cn_data[1]; } else { input = line; } @@ -2647,36 +2522,36 @@ public class DRMTool // "-target_drm_naming_context" are OPTIONAL // parameters, ONLY process this portion of the field // if both of these options have been selected - if( mDrmNamingContextsFlag ) { - output = input.replace( mSourceDrmNamingContext, - mTargetDrmNamingContext ); + if (mDrmNamingContextsFlag) { + output = input.replace(mSourceDrmNamingContext, + mTargetDrmNamingContext); } else { output = input; } } else { output = line; } - } else if( record_type.equals( DRM_LDIF_RECOVERY ) ) { - if( drmtoolCfg.get( DRMTOOL_CFG_RECOVERY_DN ) ) { + } else if (record_type.equals(DRM_LDIF_RECOVERY)) { + if (drmtoolCfg.get(DRMTOOL_CFG_RECOVERY_DN)) { // First check for an embedded "cn=<value>" // name-value pair - if( line.startsWith( DRM_LDIF_DN_EMBEDDED_CN_DATA ) ) { + if (line.startsWith(DRM_LDIF_DN_EMBEDDED_CN_DATA)) { // At this point, always extract // the embedded "cn=<value>" name-value pair // which will ALWAYS be the first // portion of the "dn: " attribute - embedded_cn_data = line.split( COMMA, 2 ); + embedded_cn_data = line.split(COMMA, 2); embedded_cn_output = compose_numeric_line( DRM_LDIF_DN_EMBEDDED_CN_DATA, EQUAL_SIGN, embedded_cn_data[0], - false ); + false); input = embedded_cn_output - + COMMA - + embedded_cn_data[1]; + + COMMA + + embedded_cn_data[1]; } else { input = line; } @@ -2685,36 +2560,36 @@ public class DRMTool // "-target_drm_naming_context" are OPTIONAL // parameters, ONLY process this portion of the field // if both of these options have been selected - if( mDrmNamingContextsFlag ) { - output = input.replace( mSourceDrmNamingContext, - mTargetDrmNamingContext ); + if (mDrmNamingContextsFlag) { + output = input.replace(mSourceDrmNamingContext, + mTargetDrmNamingContext); } else { output = input; } } else { output = line; } - } else if( record_type.equals( DRM_LDIF_TPS_KEY_RECORD ) ) { - if( drmtoolCfg.get( DRMTOOL_CFG_TPS_KEY_RECORD_DN ) ) { + } else if (record_type.equals(DRM_LDIF_TPS_KEY_RECORD)) { + if (drmtoolCfg.get(DRMTOOL_CFG_TPS_KEY_RECORD_DN)) { // First check for an embedded "cn=<value>" // name-value pair - if( line.startsWith( DRM_LDIF_DN_EMBEDDED_CN_DATA ) ) { + if (line.startsWith(DRM_LDIF_DN_EMBEDDED_CN_DATA)) { // At this point, always extract // the embedded "cn=<value>" name-value pair // which will ALWAYS be the first // portion of the "dn: " attribute - embedded_cn_data = line.split( COMMA, 2 ); + embedded_cn_data = line.split(COMMA, 2); embedded_cn_output = compose_numeric_line( DRM_LDIF_DN_EMBEDDED_CN_DATA, EQUAL_SIGN, embedded_cn_data[0], - false ); + false); input = embedded_cn_output - + COMMA - + embedded_cn_data[1]; + + COMMA + + embedded_cn_data[1]; } else { input = line; } @@ -2723,36 +2598,36 @@ public class DRMTool // "-target_drm_naming_context" are OPTIONAL // parameters, ONLY process this portion of the field // if both of these options have been selected - if( mDrmNamingContextsFlag ) { - output = input.replace( mSourceDrmNamingContext, - mTargetDrmNamingContext ); + if (mDrmNamingContextsFlag) { + output = input.replace(mSourceDrmNamingContext, + mTargetDrmNamingContext); } else { output = input; } } else { output = line; } - } else if( record_type.equals( DRM_LDIF_KEYGEN ) ) { - if( drmtoolCfg.get( DRMTOOL_CFG_KEYGEN_DN ) ) { + } else if (record_type.equals(DRM_LDIF_KEYGEN)) { + if (drmtoolCfg.get(DRMTOOL_CFG_KEYGEN_DN)) { // First check for an embedded "cn=<value>" // name-value pair - if( line.startsWith( DRM_LDIF_DN_EMBEDDED_CN_DATA ) ) { + if (line.startsWith(DRM_LDIF_DN_EMBEDDED_CN_DATA)) { // At this point, always extract // the embedded "cn=<value>" name-value pair // which will ALWAYS be the first // portion of the "dn: " attribute - embedded_cn_data = line.split( COMMA, 2 ); + embedded_cn_data = line.split(COMMA, 2); embedded_cn_output = compose_numeric_line( DRM_LDIF_DN_EMBEDDED_CN_DATA, EQUAL_SIGN, embedded_cn_data[0], - false ); + false); input = embedded_cn_output - + COMMA - + embedded_cn_data[1]; + + COMMA + + embedded_cn_data[1]; } else { input = line; } @@ -2761,155 +2636,152 @@ public class DRMTool // "-target_drm_naming_context" are OPTIONAL // parameters, ONLY process this portion of the field // if both of these options have been selected - if( mDrmNamingContextsFlag ) { - output = input.replace( mSourceDrmNamingContext, - mTargetDrmNamingContext ); + if (mDrmNamingContextsFlag) { + output = input.replace(mSourceDrmNamingContext, + mTargetDrmNamingContext); } else { output = input; } } else { output = line; } - } else if( record_type.equals( DRM_LDIF_RECORD ) ) { + } else if (record_type.equals(DRM_LDIF_RECORD)) { // Non-Request / Non-Key Record: // Pass through the original // 'dn' line UNCHANGED // so that it is ALWAYS written output = line; } else { - log( "ERROR: Mismatched record field='" - + DRM_LDIF_DN - + "' for record type='" - + record_type - + "'!" - + NEWLINE, true ); + log("ERROR: Mismatched record field='" + + DRM_LDIF_DN + + "' for record type='" + + record_type + + "'!" + + NEWLINE, true); } - } catch( PatternSyntaxException exDnEmbeddedCnNameValuePattern ) { - log( "ERROR: line='" - + line - + "' PatternSyntaxException: '" - + exDnEmbeddedCnNameValuePattern.toString() - + "'" - + NEWLINE, true ); - } catch( NullPointerException exNullPointerException ) { - log( "ERROR: Unable to replace source DRM naming context '" - + mSourceDrmNamingContext - + "' with target DRM naming context '" - + mTargetDrmNamingContext - + "' NullPointerException: '" - + exNullPointerException.toString() - + "'" - + NEWLINE, true ); + } catch (PatternSyntaxException exDnEmbeddedCnNameValuePattern) { + log("ERROR: line='" + + line + + "' PatternSyntaxException: '" + + exDnEmbeddedCnNameValuePattern.toString() + + "'" + + NEWLINE, true); + } catch (NullPointerException exNullPointerException) { + log("ERROR: Unable to replace source DRM naming context '" + + mSourceDrmNamingContext + + "' with target DRM naming context '" + + mTargetDrmNamingContext + + "' NullPointerException: '" + + exNullPointerException.toString() + + "'" + + NEWLINE, true); } return output; } - /** * Helper method which composes the output line for * DRM_LDIF_EXTDATA_KEY_RECORD. * <P> - * + * * @param record_type the string representation of the input record type * @param line the string representation of the input line * @return the composed output line */ - private static String output_extdata_key_record( String record_type, - String line ) { + private static String output_extdata_key_record(String record_type, + String line) { String output = null; - if( record_type.equals( DRM_LDIF_ENROLLMENT ) ) { - if( drmtoolCfg.get( DRMTOOL_CFG_ENROLLMENT_EXTDATA_KEY_RECORD ) ) { - output = compose_numeric_line( DRM_LDIF_EXTDATA_KEY_RECORD, + if (record_type.equals(DRM_LDIF_ENROLLMENT)) { + if (drmtoolCfg.get(DRMTOOL_CFG_ENROLLMENT_EXTDATA_KEY_RECORD)) { + output = compose_numeric_line(DRM_LDIF_EXTDATA_KEY_RECORD, SPACE, line, - false ); + false); } else { output = line; } - } else if( record_type.equals( DRM_LDIF_KEYGEN ) ) { - if( drmtoolCfg.get( DRMTOOL_CFG_KEYGEN_EXTDATA_KEY_RECORD ) ) { - output = compose_numeric_line( DRM_LDIF_EXTDATA_KEY_RECORD, + } else if (record_type.equals(DRM_LDIF_KEYGEN)) { + if (drmtoolCfg.get(DRMTOOL_CFG_KEYGEN_EXTDATA_KEY_RECORD)) { + output = compose_numeric_line(DRM_LDIF_EXTDATA_KEY_RECORD, SPACE, line, - false ); + false); } else { output = line; } } else { - log( "ERROR: Mismatched record field='" - + DRM_LDIF_EXTDATA_KEY_RECORD - + "' for record type='" - + record_type - + "'!" - + NEWLINE, true ); + log("ERROR: Mismatched record field='" + + DRM_LDIF_EXTDATA_KEY_RECORD + + "' for record type='" + + record_type + + "'!" + + NEWLINE, true); } return output; } - /** * Helper method which composes the output line for * DRM_LDIF_EXTDATA_REQUEST_ID. * <P> - * + * * @param record_type the string representation of the input record type * @param line the string representation of the input line * @return the composed output line */ - private static String output_extdata_request_id( String record_type, - String line ) { + private static String output_extdata_request_id(String record_type, + String line) { String output = null; - if( record_type.equals( DRM_LDIF_ENROLLMENT ) ) { + if (record_type.equals(DRM_LDIF_ENROLLMENT)) { // ALWAYS pass-through "extdata-requestId" for // DRM_LDIF_ENROLLMENT records UNCHANGED because the // value in this field is associated with the issuing CA! output = line; - } else if( record_type.equals( DRM_LDIF_RECOVERY ) ) { - if( drmtoolCfg.get( DRMTOOL_CFG_RECOVERY_EXTDATA_REQUEST_ID ) ) { - output = compose_numeric_line( DRM_LDIF_EXTDATA_REQUEST_ID, + } else if (record_type.equals(DRM_LDIF_RECOVERY)) { + if (drmtoolCfg.get(DRMTOOL_CFG_RECOVERY_EXTDATA_REQUEST_ID)) { + output = compose_numeric_line(DRM_LDIF_EXTDATA_REQUEST_ID, SPACE, line, - false ); + false); } else { output = line; } - } else if( record_type.equals( DRM_LDIF_KEYGEN ) ) { - if( drmtoolCfg.get( DRMTOOL_CFG_KEYGEN_EXTDATA_REQUEST_ID ) ) { - output = compose_numeric_line( DRM_LDIF_EXTDATA_REQUEST_ID, + } else if (record_type.equals(DRM_LDIF_KEYGEN)) { + if (drmtoolCfg.get(DRMTOOL_CFG_KEYGEN_EXTDATA_REQUEST_ID)) { + output = compose_numeric_line(DRM_LDIF_EXTDATA_REQUEST_ID, SPACE, line, - false ); + false); } else { output = line; } } else { - log( "ERROR: Mismatched record field='" - + DRM_LDIF_EXTDATA_REQUEST_ID - + "' for record type='" - + record_type - + "'!" - + NEWLINE, true ); + log("ERROR: Mismatched record field='" + + DRM_LDIF_EXTDATA_REQUEST_ID + + "' for record type='" + + record_type + + "'!" + + NEWLINE, true); } return output; } - /** * Helper method which composes the output line for * DRM_LDIF_EXTDATA_REQUEST_NOTES. * <P> - * + * * @param record_type the string representation of the input record type * @param line the string representation of the input line * @return the composed output line */ - private static String output_extdata_request_notes( String record_type, - String line ) { + private static String output_extdata_request_notes(String record_type, + String line) { String input = null; String data = null; String unformatted_data = null; @@ -2917,7 +2789,7 @@ public class DRMTool String next_line = null; // extract the data - if( line.length() > DRM_LDIF_EXTDATA_REQUEST_NOTES.length() ) { + if (line.length() > DRM_LDIF_EXTDATA_REQUEST_NOTES.length()) { input = line.substring( DRM_LDIF_EXTDATA_REQUEST_NOTES.length() + 1 ).trim(); @@ -2927,879 +2799,876 @@ public class DRMTool ).trim(); } - while( ( line = ldif_record.next() ) != null ) { - if( line.startsWith( SPACE ) ) { + while ((line = ldif_record.next()) != null) { + if (line.startsWith(SPACE)) { // Do NOT use "trim()"; // remove single leading space and // trailing carriage returns and newlines ONLY! - input += line.replaceFirst(" ","").replace('\r','\0').replace('\n','\0'); + input += line.replaceFirst(" ", "").replace('\r', '\0').replace('\n', '\0'); } else { next_line = line; break; } } - if( record_type.equals( DRM_LDIF_ENROLLMENT ) ) { - if(drmtoolCfg.get( DRMTOOL_CFG_ENROLLMENT_EXTDATA_REQUEST_NOTES )) { + if (record_type.equals(DRM_LDIF_ENROLLMENT)) { + if (drmtoolCfg.get(DRMTOOL_CFG_ENROLLMENT_EXTDATA_REQUEST_NOTES)) { // write out a revised 'extdata-requestnotes' line - if( mRewrapFlag && mAppendIdOffsetFlag ) { + if (mRewrapFlag && mAppendIdOffsetFlag) { data = input - + SPACE - + LEFT_BRACE - + mDateOfModify - + RIGHT_BRACE - + COLON + SPACE - + DRM_LDIF_REWRAP_MESSAGE - + mPublicKeySize - + DRM_LDIF_RSA_MESSAGE - + mSourcePKISecurityDatabasePwdfileMessage - + SPACE - + PLUS + SPACE - + DRM_LDIF_APPENDED_ID_OFFSET_MESSAGE - + SPACE - + TIC - + mAppendIdOffset.toString() - + TIC - + mDrmNamingContextMessage - + mProcessRequestsAndKeyRecordsOnlyMessage; + + SPACE + + LEFT_BRACE + + mDateOfModify + + RIGHT_BRACE + + COLON + SPACE + + DRM_LDIF_REWRAP_MESSAGE + + mPublicKeySize + + DRM_LDIF_RSA_MESSAGE + + mSourcePKISecurityDatabasePwdfileMessage + + SPACE + + PLUS + SPACE + + DRM_LDIF_APPENDED_ID_OFFSET_MESSAGE + + SPACE + + TIC + + mAppendIdOffset.toString() + + TIC + + mDrmNamingContextMessage + + mProcessRequestsAndKeyRecordsOnlyMessage; // Unformat the data - unformatted_data = stripEOL( data ); + unformatted_data = stripEOL(data); // Format the unformatted_data // to match the desired LDIF format output = DRM_LDIF_EXTDATA_REQUEST_NOTES - + SPACE - + format_ldif_data( - EXTDATA_REQUEST_NOTES_FIRST_LINE_DATA_LENGTH, - unformatted_data ); - } else if( mRewrapFlag && mRemoveIdOffsetFlag ) { + + SPACE + + format_ldif_data( + EXTDATA_REQUEST_NOTES_FIRST_LINE_DATA_LENGTH, + unformatted_data); + } else if (mRewrapFlag && mRemoveIdOffsetFlag) { data = input - + SPACE - + LEFT_BRACE - + mDateOfModify - + RIGHT_BRACE - + COLON + SPACE - + DRM_LDIF_REWRAP_MESSAGE - + mPublicKeySize - + DRM_LDIF_RSA_MESSAGE - + mSourcePKISecurityDatabasePwdfileMessage - + SPACE - + PLUS + SPACE - + DRM_LDIF_REMOVED_ID_OFFSET_MESSAGE - + SPACE - + TIC - + mRemoveIdOffset.toString() - + TIC - + mDrmNamingContextMessage - + mProcessRequestsAndKeyRecordsOnlyMessage; + + SPACE + + LEFT_BRACE + + mDateOfModify + + RIGHT_BRACE + + COLON + SPACE + + DRM_LDIF_REWRAP_MESSAGE + + mPublicKeySize + + DRM_LDIF_RSA_MESSAGE + + mSourcePKISecurityDatabasePwdfileMessage + + SPACE + + PLUS + SPACE + + DRM_LDIF_REMOVED_ID_OFFSET_MESSAGE + + SPACE + + TIC + + mRemoveIdOffset.toString() + + TIC + + mDrmNamingContextMessage + + mProcessRequestsAndKeyRecordsOnlyMessage; // Unformat the data - unformatted_data = stripEOL( data ); + unformatted_data = stripEOL(data); // Format the unformatted_data // to match the desired LDIF format output = DRM_LDIF_EXTDATA_REQUEST_NOTES - + SPACE - + format_ldif_data( - EXTDATA_REQUEST_NOTES_FIRST_LINE_DATA_LENGTH, - unformatted_data ); - } else if( mRewrapFlag ) { + + SPACE + + format_ldif_data( + EXTDATA_REQUEST_NOTES_FIRST_LINE_DATA_LENGTH, + unformatted_data); + } else if (mRewrapFlag) { data = input - + SPACE - + LEFT_BRACE - + mDateOfModify - + RIGHT_BRACE - + COLON + SPACE - + DRM_LDIF_REWRAP_MESSAGE - + mPublicKeySize - + DRM_LDIF_RSA_MESSAGE - + mSourcePKISecurityDatabasePwdfileMessage - + mDrmNamingContextMessage - + mProcessRequestsAndKeyRecordsOnlyMessage; + + SPACE + + LEFT_BRACE + + mDateOfModify + + RIGHT_BRACE + + COLON + SPACE + + DRM_LDIF_REWRAP_MESSAGE + + mPublicKeySize + + DRM_LDIF_RSA_MESSAGE + + mSourcePKISecurityDatabasePwdfileMessage + + mDrmNamingContextMessage + + mProcessRequestsAndKeyRecordsOnlyMessage; // Unformat the data - unformatted_data = stripEOL( data ); + unformatted_data = stripEOL(data); // Format the unformatted_data // to match the desired LDIF format output = DRM_LDIF_EXTDATA_REQUEST_NOTES - + SPACE - + format_ldif_data( - EXTDATA_REQUEST_NOTES_FIRST_LINE_DATA_LENGTH, - unformatted_data ); - } else if( mAppendIdOffsetFlag ) { + + SPACE + + format_ldif_data( + EXTDATA_REQUEST_NOTES_FIRST_LINE_DATA_LENGTH, + unformatted_data); + } else if (mAppendIdOffsetFlag) { data = input - + SPACE - + LEFT_BRACE - + mDateOfModify - + RIGHT_BRACE - + COLON + SPACE - + DRM_LDIF_APPENDED_ID_OFFSET_MESSAGE - + SPACE - + TIC - + mAppendIdOffset.toString() - + TIC - + mDrmNamingContextMessage - + mProcessRequestsAndKeyRecordsOnlyMessage; + + SPACE + + LEFT_BRACE + + mDateOfModify + + RIGHT_BRACE + + COLON + SPACE + + DRM_LDIF_APPENDED_ID_OFFSET_MESSAGE + + SPACE + + TIC + + mAppendIdOffset.toString() + + TIC + + mDrmNamingContextMessage + + mProcessRequestsAndKeyRecordsOnlyMessage; // Unformat the data - unformatted_data = stripEOL( data ); + unformatted_data = stripEOL(data); // Format the unformatted_data // to match the desired LDIF format output = DRM_LDIF_EXTDATA_REQUEST_NOTES - + SPACE - + format_ldif_data( - EXTDATA_REQUEST_NOTES_FIRST_LINE_DATA_LENGTH, - unformatted_data ); - } else if( mRemoveIdOffsetFlag ) { + + SPACE + + format_ldif_data( + EXTDATA_REQUEST_NOTES_FIRST_LINE_DATA_LENGTH, + unformatted_data); + } else if (mRemoveIdOffsetFlag) { data = input - + SPACE - + LEFT_BRACE - + mDateOfModify - + RIGHT_BRACE - + COLON + SPACE - + DRM_LDIF_REMOVED_ID_OFFSET_MESSAGE - + SPACE - + TIC - + mRemoveIdOffset.toString() - + TIC - + mDrmNamingContextMessage - + mProcessRequestsAndKeyRecordsOnlyMessage; + + SPACE + + LEFT_BRACE + + mDateOfModify + + RIGHT_BRACE + + COLON + SPACE + + DRM_LDIF_REMOVED_ID_OFFSET_MESSAGE + + SPACE + + TIC + + mRemoveIdOffset.toString() + + TIC + + mDrmNamingContextMessage + + mProcessRequestsAndKeyRecordsOnlyMessage; // Unformat the data - unformatted_data = stripEOL( data ); + unformatted_data = stripEOL(data); // Format the unformatted_data // to match the desired LDIF format output = DRM_LDIF_EXTDATA_REQUEST_NOTES - + SPACE - + format_ldif_data( - EXTDATA_REQUEST_NOTES_FIRST_LINE_DATA_LENGTH, - unformatted_data ); + + SPACE + + format_ldif_data( + EXTDATA_REQUEST_NOTES_FIRST_LINE_DATA_LENGTH, + unformatted_data); } // log this information - log( "Changed:" - + NEWLINE - + TIC - + DRM_LDIF_EXTDATA_REQUEST_NOTES - + SPACE - + format_ldif_data( - EXTDATA_REQUEST_NOTES_FIRST_LINE_DATA_LENGTH, - input ) - + TIC - + NEWLINE - + "--->" - + NEWLINE - + TIC - + output - + TIC - + NEWLINE, false ); + log("Changed:" + + NEWLINE + + TIC + + DRM_LDIF_EXTDATA_REQUEST_NOTES + + SPACE + + format_ldif_data( + EXTDATA_REQUEST_NOTES_FIRST_LINE_DATA_LENGTH, + input) + + TIC + + NEWLINE + + "--->" + + NEWLINE + + TIC + + output + + TIC + + NEWLINE, false); } else { output = line; } - } else if( record_type.equals( DRM_LDIF_RECOVERY ) ) { - if( drmtoolCfg.get( DRMTOOL_CFG_RECOVERY_EXTDATA_REQUEST_NOTES ) ) { + } else if (record_type.equals(DRM_LDIF_RECOVERY)) { + if (drmtoolCfg.get(DRMTOOL_CFG_RECOVERY_EXTDATA_REQUEST_NOTES)) { // write out a revised 'extdata-requestnotes' line - if( mRewrapFlag && mAppendIdOffsetFlag ) { + if (mRewrapFlag && mAppendIdOffsetFlag) { data = input - + SPACE - + LEFT_BRACE - + mDateOfModify - + RIGHT_BRACE - + COLON + SPACE - + DRM_LDIF_REWRAP_MESSAGE - + mPublicKeySize - + DRM_LDIF_RSA_MESSAGE - + mSourcePKISecurityDatabasePwdfileMessage - + SPACE - + PLUS + SPACE - + DRM_LDIF_APPENDED_ID_OFFSET_MESSAGE - + SPACE - + TIC - + mAppendIdOffset.toString() - + TIC - + mDrmNamingContextMessage - + mProcessRequestsAndKeyRecordsOnlyMessage; + + SPACE + + LEFT_BRACE + + mDateOfModify + + RIGHT_BRACE + + COLON + SPACE + + DRM_LDIF_REWRAP_MESSAGE + + mPublicKeySize + + DRM_LDIF_RSA_MESSAGE + + mSourcePKISecurityDatabasePwdfileMessage + + SPACE + + PLUS + SPACE + + DRM_LDIF_APPENDED_ID_OFFSET_MESSAGE + + SPACE + + TIC + + mAppendIdOffset.toString() + + TIC + + mDrmNamingContextMessage + + mProcessRequestsAndKeyRecordsOnlyMessage; // Unformat the data - unformatted_data = stripEOL( data ); + unformatted_data = stripEOL(data); // Format the unformatted_data // to match the desired LDIF format output = DRM_LDIF_EXTDATA_REQUEST_NOTES - + SPACE - + format_ldif_data( - EXTDATA_REQUEST_NOTES_FIRST_LINE_DATA_LENGTH, - unformatted_data ); - } else if( mRewrapFlag && mRemoveIdOffsetFlag ) { + + SPACE + + format_ldif_data( + EXTDATA_REQUEST_NOTES_FIRST_LINE_DATA_LENGTH, + unformatted_data); + } else if (mRewrapFlag && mRemoveIdOffsetFlag) { data = input - + SPACE - + LEFT_BRACE - + mDateOfModify - + RIGHT_BRACE - + COLON + SPACE - + DRM_LDIF_REWRAP_MESSAGE - + mPublicKeySize - + DRM_LDIF_RSA_MESSAGE - + mSourcePKISecurityDatabasePwdfileMessage - + SPACE - + PLUS + SPACE - + DRM_LDIF_REMOVED_ID_OFFSET_MESSAGE - + SPACE - + TIC - + mRemoveIdOffset.toString() - + TIC - + mDrmNamingContextMessage - + mProcessRequestsAndKeyRecordsOnlyMessage; + + SPACE + + LEFT_BRACE + + mDateOfModify + + RIGHT_BRACE + + COLON + SPACE + + DRM_LDIF_REWRAP_MESSAGE + + mPublicKeySize + + DRM_LDIF_RSA_MESSAGE + + mSourcePKISecurityDatabasePwdfileMessage + + SPACE + + PLUS + SPACE + + DRM_LDIF_REMOVED_ID_OFFSET_MESSAGE + + SPACE + + TIC + + mRemoveIdOffset.toString() + + TIC + + mDrmNamingContextMessage + + mProcessRequestsAndKeyRecordsOnlyMessage; // Unformat the data - unformatted_data = stripEOL( data ); + unformatted_data = stripEOL(data); // Format the unformatted_data // to match the desired LDIF format output = DRM_LDIF_EXTDATA_REQUEST_NOTES - + SPACE - + format_ldif_data( - EXTDATA_REQUEST_NOTES_FIRST_LINE_DATA_LENGTH, - unformatted_data ); - } else if( mRewrapFlag ) { + + SPACE + + format_ldif_data( + EXTDATA_REQUEST_NOTES_FIRST_LINE_DATA_LENGTH, + unformatted_data); + } else if (mRewrapFlag) { data = input - + SPACE - + LEFT_BRACE - + mDateOfModify - + RIGHT_BRACE - + COLON + SPACE - + DRM_LDIF_REWRAP_MESSAGE - + mPublicKeySize - + DRM_LDIF_RSA_MESSAGE - + mSourcePKISecurityDatabasePwdfileMessage - + mDrmNamingContextMessage - + mProcessRequestsAndKeyRecordsOnlyMessage; + + SPACE + + LEFT_BRACE + + mDateOfModify + + RIGHT_BRACE + + COLON + SPACE + + DRM_LDIF_REWRAP_MESSAGE + + mPublicKeySize + + DRM_LDIF_RSA_MESSAGE + + mSourcePKISecurityDatabasePwdfileMessage + + mDrmNamingContextMessage + + mProcessRequestsAndKeyRecordsOnlyMessage; // Unformat the data - unformatted_data = stripEOL( data ); + unformatted_data = stripEOL(data); // Format the unformatted_data // to match the desired LDIF format output = DRM_LDIF_EXTDATA_REQUEST_NOTES - + SPACE - + format_ldif_data( - EXTDATA_REQUEST_NOTES_FIRST_LINE_DATA_LENGTH, - unformatted_data ); - } else if( mAppendIdOffsetFlag ) { + + SPACE + + format_ldif_data( + EXTDATA_REQUEST_NOTES_FIRST_LINE_DATA_LENGTH, + unformatted_data); + } else if (mAppendIdOffsetFlag) { data = input - + SPACE - + LEFT_BRACE - + mDateOfModify - + RIGHT_BRACE - + COLON + SPACE - + DRM_LDIF_APPENDED_ID_OFFSET_MESSAGE - + SPACE - + TIC - + mAppendIdOffset.toString() - + TIC - + mDrmNamingContextMessage - + mProcessRequestsAndKeyRecordsOnlyMessage; + + SPACE + + LEFT_BRACE + + mDateOfModify + + RIGHT_BRACE + + COLON + SPACE + + DRM_LDIF_APPENDED_ID_OFFSET_MESSAGE + + SPACE + + TIC + + mAppendIdOffset.toString() + + TIC + + mDrmNamingContextMessage + + mProcessRequestsAndKeyRecordsOnlyMessage; // Unformat the data - unformatted_data = stripEOL( data ); + unformatted_data = stripEOL(data); // Format the unformatted_data // to match the desired LDIF format output = DRM_LDIF_EXTDATA_REQUEST_NOTES - + SPACE - + format_ldif_data( - EXTDATA_REQUEST_NOTES_FIRST_LINE_DATA_LENGTH, - unformatted_data ); - } else if( mRemoveIdOffsetFlag ) { + + SPACE + + format_ldif_data( + EXTDATA_REQUEST_NOTES_FIRST_LINE_DATA_LENGTH, + unformatted_data); + } else if (mRemoveIdOffsetFlag) { data = input - + SPACE - + LEFT_BRACE - + mDateOfModify - + RIGHT_BRACE - + COLON + SPACE - + DRM_LDIF_REMOVED_ID_OFFSET_MESSAGE - + SPACE - + TIC - + mRemoveIdOffset.toString() - + TIC - + mDrmNamingContextMessage - + mProcessRequestsAndKeyRecordsOnlyMessage; + + SPACE + + LEFT_BRACE + + mDateOfModify + + RIGHT_BRACE + + COLON + SPACE + + DRM_LDIF_REMOVED_ID_OFFSET_MESSAGE + + SPACE + + TIC + + mRemoveIdOffset.toString() + + TIC + + mDrmNamingContextMessage + + mProcessRequestsAndKeyRecordsOnlyMessage; // Unformat the data - unformatted_data = stripEOL( data ); + unformatted_data = stripEOL(data); // Format the unformatted_data // to match the desired LDIF format output = DRM_LDIF_EXTDATA_REQUEST_NOTES - + SPACE - + format_ldif_data( - EXTDATA_REQUEST_NOTES_FIRST_LINE_DATA_LENGTH, - unformatted_data ); + + SPACE + + format_ldif_data( + EXTDATA_REQUEST_NOTES_FIRST_LINE_DATA_LENGTH, + unformatted_data); } // log this information - log( "Changed:" - + NEWLINE - + TIC - + DRM_LDIF_EXTDATA_REQUEST_NOTES - + SPACE - + format_ldif_data( - EXTDATA_REQUEST_NOTES_FIRST_LINE_DATA_LENGTH, - input ) - + TIC - + NEWLINE - + "--->" - + NEWLINE - + TIC - + output - + TIC - + NEWLINE, false ); + log("Changed:" + + NEWLINE + + TIC + + DRM_LDIF_EXTDATA_REQUEST_NOTES + + SPACE + + format_ldif_data( + EXTDATA_REQUEST_NOTES_FIRST_LINE_DATA_LENGTH, + input) + + TIC + + NEWLINE + + "--->" + + NEWLINE + + TIC + + output + + TIC + + NEWLINE, false); } else { output = line; } - } else if( record_type.equals( DRM_LDIF_KEYGEN ) ) { - if( drmtoolCfg.get( DRMTOOL_CFG_KEYGEN_EXTDATA_REQUEST_NOTES ) ) { + } else if (record_type.equals(DRM_LDIF_KEYGEN)) { + if (drmtoolCfg.get(DRMTOOL_CFG_KEYGEN_EXTDATA_REQUEST_NOTES)) { // write out a revised 'extdata-requestnotes' line - if( mRewrapFlag && mAppendIdOffsetFlag ) { + if (mRewrapFlag && mAppendIdOffsetFlag) { data = input - + SPACE - + LEFT_BRACE - + mDateOfModify - + RIGHT_BRACE - + COLON + SPACE - + DRM_LDIF_REWRAP_MESSAGE - + mPublicKeySize - + DRM_LDIF_RSA_MESSAGE - + mSourcePKISecurityDatabasePwdfileMessage - + SPACE - + PLUS + SPACE - + DRM_LDIF_APPENDED_ID_OFFSET_MESSAGE - + SPACE - + TIC - + mAppendIdOffset.toString() - + TIC - + mDrmNamingContextMessage - + mProcessRequestsAndKeyRecordsOnlyMessage; + + SPACE + + LEFT_BRACE + + mDateOfModify + + RIGHT_BRACE + + COLON + SPACE + + DRM_LDIF_REWRAP_MESSAGE + + mPublicKeySize + + DRM_LDIF_RSA_MESSAGE + + mSourcePKISecurityDatabasePwdfileMessage + + SPACE + + PLUS + SPACE + + DRM_LDIF_APPENDED_ID_OFFSET_MESSAGE + + SPACE + + TIC + + mAppendIdOffset.toString() + + TIC + + mDrmNamingContextMessage + + mProcessRequestsAndKeyRecordsOnlyMessage; // Unformat the data - unformatted_data = stripEOL( data ); + unformatted_data = stripEOL(data); // Format the unformatted_data // to match the desired LDIF format output = DRM_LDIF_EXTDATA_REQUEST_NOTES - + SPACE - + format_ldif_data( - EXTDATA_REQUEST_NOTES_FIRST_LINE_DATA_LENGTH, - unformatted_data ); - } else if( mRewrapFlag && mRemoveIdOffsetFlag ) { + + SPACE + + format_ldif_data( + EXTDATA_REQUEST_NOTES_FIRST_LINE_DATA_LENGTH, + unformatted_data); + } else if (mRewrapFlag && mRemoveIdOffsetFlag) { data = input - + SPACE - + LEFT_BRACE - + mDateOfModify - + RIGHT_BRACE - + COLON + SPACE - + DRM_LDIF_REWRAP_MESSAGE - + mPublicKeySize - + DRM_LDIF_RSA_MESSAGE - + mSourcePKISecurityDatabasePwdfileMessage - + SPACE - + PLUS + SPACE - + DRM_LDIF_REMOVED_ID_OFFSET_MESSAGE - + SPACE - + TIC - + mRemoveIdOffset.toString() - + TIC - + mDrmNamingContextMessage - + mProcessRequestsAndKeyRecordsOnlyMessage; + + SPACE + + LEFT_BRACE + + mDateOfModify + + RIGHT_BRACE + + COLON + SPACE + + DRM_LDIF_REWRAP_MESSAGE + + mPublicKeySize + + DRM_LDIF_RSA_MESSAGE + + mSourcePKISecurityDatabasePwdfileMessage + + SPACE + + PLUS + SPACE + + DRM_LDIF_REMOVED_ID_OFFSET_MESSAGE + + SPACE + + TIC + + mRemoveIdOffset.toString() + + TIC + + mDrmNamingContextMessage + + mProcessRequestsAndKeyRecordsOnlyMessage; // Unformat the data - unformatted_data = stripEOL( data ); + unformatted_data = stripEOL(data); // Format the unformatted_data // to match the desired LDIF format output = DRM_LDIF_EXTDATA_REQUEST_NOTES - + SPACE - + format_ldif_data( - EXTDATA_REQUEST_NOTES_FIRST_LINE_DATA_LENGTH, - unformatted_data ); - } else if( mRewrapFlag ) { + + SPACE + + format_ldif_data( + EXTDATA_REQUEST_NOTES_FIRST_LINE_DATA_LENGTH, + unformatted_data); + } else if (mRewrapFlag) { data = input - + SPACE - + LEFT_BRACE - + mDateOfModify - + RIGHT_BRACE - + COLON + SPACE - + DRM_LDIF_REWRAP_MESSAGE - + mPublicKeySize - + DRM_LDIF_RSA_MESSAGE - + mSourcePKISecurityDatabasePwdfileMessage - + mDrmNamingContextMessage - + mProcessRequestsAndKeyRecordsOnlyMessage; + + SPACE + + LEFT_BRACE + + mDateOfModify + + RIGHT_BRACE + + COLON + SPACE + + DRM_LDIF_REWRAP_MESSAGE + + mPublicKeySize + + DRM_LDIF_RSA_MESSAGE + + mSourcePKISecurityDatabasePwdfileMessage + + mDrmNamingContextMessage + + mProcessRequestsAndKeyRecordsOnlyMessage; // Unformat the data - unformatted_data = stripEOL( data ); + unformatted_data = stripEOL(data); // Format the unformatted_data // to match the desired LDIF format output = DRM_LDIF_EXTDATA_REQUEST_NOTES - + SPACE - + format_ldif_data( - EXTDATA_REQUEST_NOTES_FIRST_LINE_DATA_LENGTH, - unformatted_data ); - } else if( mAppendIdOffsetFlag ) { + + SPACE + + format_ldif_data( + EXTDATA_REQUEST_NOTES_FIRST_LINE_DATA_LENGTH, + unformatted_data); + } else if (mAppendIdOffsetFlag) { data = input - + SPACE - + LEFT_BRACE - + mDateOfModify - + RIGHT_BRACE - + COLON + SPACE - + DRM_LDIF_APPENDED_ID_OFFSET_MESSAGE - + SPACE - + TIC - + mAppendIdOffset.toString() - + TIC - + mDrmNamingContextMessage - + mProcessRequestsAndKeyRecordsOnlyMessage; + + SPACE + + LEFT_BRACE + + mDateOfModify + + RIGHT_BRACE + + COLON + SPACE + + DRM_LDIF_APPENDED_ID_OFFSET_MESSAGE + + SPACE + + TIC + + mAppendIdOffset.toString() + + TIC + + mDrmNamingContextMessage + + mProcessRequestsAndKeyRecordsOnlyMessage; // Unformat the data - unformatted_data = stripEOL( data ); + unformatted_data = stripEOL(data); // Format the unformatted_data // to match the desired LDIF format output = DRM_LDIF_EXTDATA_REQUEST_NOTES - + SPACE - + format_ldif_data( - EXTDATA_REQUEST_NOTES_FIRST_LINE_DATA_LENGTH, - unformatted_data ); - } else if( mRemoveIdOffsetFlag ) { + + SPACE + + format_ldif_data( + EXTDATA_REQUEST_NOTES_FIRST_LINE_DATA_LENGTH, + unformatted_data); + } else if (mRemoveIdOffsetFlag) { data = input - + SPACE - + LEFT_BRACE - + mDateOfModify - + RIGHT_BRACE - + COLON + SPACE - + DRM_LDIF_REMOVED_ID_OFFSET_MESSAGE - + SPACE - + TIC - + mRemoveIdOffset.toString() - + TIC - + mDrmNamingContextMessage - + mProcessRequestsAndKeyRecordsOnlyMessage; + + SPACE + + LEFT_BRACE + + mDateOfModify + + RIGHT_BRACE + + COLON + SPACE + + DRM_LDIF_REMOVED_ID_OFFSET_MESSAGE + + SPACE + + TIC + + mRemoveIdOffset.toString() + + TIC + + mDrmNamingContextMessage + + mProcessRequestsAndKeyRecordsOnlyMessage; // Unformat the data - unformatted_data = stripEOL( data ); + unformatted_data = stripEOL(data); // Format the unformatted_data // to match the desired LDIF format output = DRM_LDIF_EXTDATA_REQUEST_NOTES - + SPACE - + format_ldif_data( - EXTDATA_REQUEST_NOTES_FIRST_LINE_DATA_LENGTH, - unformatted_data ); + + SPACE + + format_ldif_data( + EXTDATA_REQUEST_NOTES_FIRST_LINE_DATA_LENGTH, + unformatted_data); } // log this information - log( "Changed:" - + NEWLINE - + TIC - + DRM_LDIF_EXTDATA_REQUEST_NOTES - + SPACE - + format_ldif_data( - EXTDATA_REQUEST_NOTES_FIRST_LINE_DATA_LENGTH, - input ) - + TIC - + NEWLINE - + "--->" - + NEWLINE - + TIC - + output - + TIC - + NEWLINE, false ); + log("Changed:" + + NEWLINE + + TIC + + DRM_LDIF_EXTDATA_REQUEST_NOTES + + SPACE + + format_ldif_data( + EXTDATA_REQUEST_NOTES_FIRST_LINE_DATA_LENGTH, + input) + + TIC + + NEWLINE + + "--->" + + NEWLINE + + TIC + + output + + TIC + + NEWLINE, false); } else { output = line; } } else { - log( "ERROR: Mismatched record field='" - + DRM_LDIF_EXTDATA_REQUEST_NOTES - + "' for record type='" - + record_type - + "'!" - + NEWLINE, true ); + log("ERROR: Mismatched record field='" + + DRM_LDIF_EXTDATA_REQUEST_NOTES + + "' for record type='" + + record_type + + "'!" + + NEWLINE, true); } - if( output != null ) { + if (output != null) { output += NEWLINE + next_line; } return output; } - /** * Helper method which composes the output line for * DRM_LDIF_EXTDATA_REQUEST_NOTES. * <P> - * + * * @param record_type the string representation of the input record type * @param previous_line the string representation of the previous input line * @param writer the PrintWriter used to output this new LDIF line * @return the composed output line */ - private static void create_extdata_request_notes( String record_type, + private static void create_extdata_request_notes(String record_type, String previous_line, - PrintWriter writer ) { + PrintWriter writer) { String data = null; String unformatted_data = null; String output = null; - if( record_type.equals( DRM_LDIF_RECOVERY ) ) { - if( drmtoolCfg.get( DRMTOOL_CFG_RECOVERY_EXTDATA_REQUEST_NOTES ) ) { - if(!previous_line.startsWith( DRM_LDIF_EXTDATA_REQUEST_NOTES)) { + if (record_type.equals(DRM_LDIF_RECOVERY)) { + if (drmtoolCfg.get(DRMTOOL_CFG_RECOVERY_EXTDATA_REQUEST_NOTES)) { + if (!previous_line.startsWith(DRM_LDIF_EXTDATA_REQUEST_NOTES)) { // write out the missing 'extdata-requestnotes' line - if( mRewrapFlag && mAppendIdOffsetFlag ) { + if (mRewrapFlag && mAppendIdOffsetFlag) { data = LEFT_BRACE - + mDateOfModify - + RIGHT_BRACE - + COLON + SPACE - + DRM_LDIF_REWRAP_MESSAGE - + mPublicKeySize - + DRM_LDIF_RSA_MESSAGE - + mSourcePKISecurityDatabasePwdfileMessage - + SPACE - + PLUS + SPACE - + DRM_LDIF_APPENDED_ID_OFFSET_MESSAGE - + SPACE - + TIC - + mAppendIdOffset.toString() - + TIC - + mDrmNamingContextMessage - + mProcessRequestsAndKeyRecordsOnlyMessage; + + mDateOfModify + + RIGHT_BRACE + + COLON + SPACE + + DRM_LDIF_REWRAP_MESSAGE + + mPublicKeySize + + DRM_LDIF_RSA_MESSAGE + + mSourcePKISecurityDatabasePwdfileMessage + + SPACE + + PLUS + SPACE + + DRM_LDIF_APPENDED_ID_OFFSET_MESSAGE + + SPACE + + TIC + + mAppendIdOffset.toString() + + TIC + + mDrmNamingContextMessage + + mProcessRequestsAndKeyRecordsOnlyMessage; // Unformat the data - unformatted_data = stripEOL( data ); + unformatted_data = stripEOL(data); // Format the unformatted_data // to match the desired LDIF format output = DRM_LDIF_EXTDATA_REQUEST_NOTES - + SPACE - + format_ldif_data( - EXTDATA_REQUEST_NOTES_FIRST_LINE_DATA_LENGTH, - unformatted_data ); - } else if( mRewrapFlag && mRemoveIdOffsetFlag ) { + + SPACE + + format_ldif_data( + EXTDATA_REQUEST_NOTES_FIRST_LINE_DATA_LENGTH, + unformatted_data); + } else if (mRewrapFlag && mRemoveIdOffsetFlag) { data = LEFT_BRACE - + mDateOfModify - + RIGHT_BRACE - + COLON + SPACE - + DRM_LDIF_REWRAP_MESSAGE - + mPublicKeySize - + DRM_LDIF_RSA_MESSAGE - + mSourcePKISecurityDatabasePwdfileMessage - + SPACE - + PLUS + SPACE - + DRM_LDIF_REMOVED_ID_OFFSET_MESSAGE - + SPACE - + TIC - + mRemoveIdOffset.toString() - + TIC - + mDrmNamingContextMessage - + mProcessRequestsAndKeyRecordsOnlyMessage; + + mDateOfModify + + RIGHT_BRACE + + COLON + SPACE + + DRM_LDIF_REWRAP_MESSAGE + + mPublicKeySize + + DRM_LDIF_RSA_MESSAGE + + mSourcePKISecurityDatabasePwdfileMessage + + SPACE + + PLUS + SPACE + + DRM_LDIF_REMOVED_ID_OFFSET_MESSAGE + + SPACE + + TIC + + mRemoveIdOffset.toString() + + TIC + + mDrmNamingContextMessage + + mProcessRequestsAndKeyRecordsOnlyMessage; // Unformat the data - unformatted_data = stripEOL( data ); + unformatted_data = stripEOL(data); // Format the unformatted_data // to match the desired LDIF format output = DRM_LDIF_EXTDATA_REQUEST_NOTES - + SPACE - + format_ldif_data( - EXTDATA_REQUEST_NOTES_FIRST_LINE_DATA_LENGTH, - unformatted_data ); - } else if( mRewrapFlag ) { + + SPACE + + format_ldif_data( + EXTDATA_REQUEST_NOTES_FIRST_LINE_DATA_LENGTH, + unformatted_data); + } else if (mRewrapFlag) { data = LEFT_BRACE - + mDateOfModify - + RIGHT_BRACE - + COLON + SPACE - + DRM_LDIF_REWRAP_MESSAGE - + mPublicKeySize - + DRM_LDIF_RSA_MESSAGE - + mSourcePKISecurityDatabasePwdfileMessage - + mDrmNamingContextMessage - + mProcessRequestsAndKeyRecordsOnlyMessage; + + mDateOfModify + + RIGHT_BRACE + + COLON + SPACE + + DRM_LDIF_REWRAP_MESSAGE + + mPublicKeySize + + DRM_LDIF_RSA_MESSAGE + + mSourcePKISecurityDatabasePwdfileMessage + + mDrmNamingContextMessage + + mProcessRequestsAndKeyRecordsOnlyMessage; // Unformat the data - unformatted_data = stripEOL( data ); + unformatted_data = stripEOL(data); // Format the unformatted_data // to match the desired LDIF format output = DRM_LDIF_EXTDATA_REQUEST_NOTES - + SPACE - + format_ldif_data( - EXTDATA_REQUEST_NOTES_FIRST_LINE_DATA_LENGTH, - unformatted_data ); - } else if( mAppendIdOffsetFlag ) { + + SPACE + + format_ldif_data( + EXTDATA_REQUEST_NOTES_FIRST_LINE_DATA_LENGTH, + unformatted_data); + } else if (mAppendIdOffsetFlag) { data = LEFT_BRACE - + mDateOfModify - + RIGHT_BRACE - + COLON + SPACE - + DRM_LDIF_APPENDED_ID_OFFSET_MESSAGE - + SPACE - + TIC - + mAppendIdOffset.toString() - + TIC - + mDrmNamingContextMessage - + mProcessRequestsAndKeyRecordsOnlyMessage; + + mDateOfModify + + RIGHT_BRACE + + COLON + SPACE + + DRM_LDIF_APPENDED_ID_OFFSET_MESSAGE + + SPACE + + TIC + + mAppendIdOffset.toString() + + TIC + + mDrmNamingContextMessage + + mProcessRequestsAndKeyRecordsOnlyMessage; // Unformat the data - unformatted_data = stripEOL( data ); + unformatted_data = stripEOL(data); // Format the unformatted_data // to match the desired LDIF format output = DRM_LDIF_EXTDATA_REQUEST_NOTES - + SPACE - + format_ldif_data( - EXTDATA_REQUEST_NOTES_FIRST_LINE_DATA_LENGTH, - unformatted_data ); - } else if( mRemoveIdOffsetFlag ) { + + SPACE + + format_ldif_data( + EXTDATA_REQUEST_NOTES_FIRST_LINE_DATA_LENGTH, + unformatted_data); + } else if (mRemoveIdOffsetFlag) { data = LEFT_BRACE - + mDateOfModify - + RIGHT_BRACE - + COLON + SPACE - + DRM_LDIF_REMOVED_ID_OFFSET_MESSAGE - + SPACE - + TIC - + mRemoveIdOffset.toString() - + TIC - + mDrmNamingContextMessage - + mProcessRequestsAndKeyRecordsOnlyMessage; + + mDateOfModify + + RIGHT_BRACE + + COLON + SPACE + + DRM_LDIF_REMOVED_ID_OFFSET_MESSAGE + + SPACE + + TIC + + mRemoveIdOffset.toString() + + TIC + + mDrmNamingContextMessage + + mProcessRequestsAndKeyRecordsOnlyMessage; // Unformat the data - unformatted_data = stripEOL( data ); + unformatted_data = stripEOL(data); // Format the unformatted_data // to match the desired LDIF format output = DRM_LDIF_EXTDATA_REQUEST_NOTES - + SPACE - + format_ldif_data( - EXTDATA_REQUEST_NOTES_FIRST_LINE_DATA_LENGTH, - unformatted_data ); + + SPACE + + format_ldif_data( + EXTDATA_REQUEST_NOTES_FIRST_LINE_DATA_LENGTH, + unformatted_data); } // log this information - log( "Created:" - + NEWLINE - + TIC - + output - + TIC - + NEWLINE, false ); + log("Created:" + + NEWLINE + + TIC + + output + + TIC + + NEWLINE, false); // Write out this revised line // and flush the buffer - writer.write( output + NEWLINE ); + writer.write(output + NEWLINE); writer.flush(); - System.out.print( "." ); + System.out.print("."); } } - } else if( record_type.equals( DRM_LDIF_KEYGEN ) ) { - if( drmtoolCfg.get( DRMTOOL_CFG_KEYGEN_EXTDATA_REQUEST_NOTES ) ) { - if(!previous_line.startsWith( DRM_LDIF_EXTDATA_REQUEST_NOTES)) { + } else if (record_type.equals(DRM_LDIF_KEYGEN)) { + if (drmtoolCfg.get(DRMTOOL_CFG_KEYGEN_EXTDATA_REQUEST_NOTES)) { + if (!previous_line.startsWith(DRM_LDIF_EXTDATA_REQUEST_NOTES)) { // write out the missing 'extdata-requestnotes' line - if( mRewrapFlag && mAppendIdOffsetFlag ) { + if (mRewrapFlag && mAppendIdOffsetFlag) { data = LEFT_BRACE - + mDateOfModify - + RIGHT_BRACE - + COLON + SPACE - + DRM_LDIF_REWRAP_MESSAGE - + mPublicKeySize - + DRM_LDIF_RSA_MESSAGE - + mSourcePKISecurityDatabasePwdfileMessage - + SPACE - + PLUS + SPACE - + DRM_LDIF_APPENDED_ID_OFFSET_MESSAGE - + SPACE - + TIC - + mAppendIdOffset.toString() - + TIC - + mDrmNamingContextMessage - + mProcessRequestsAndKeyRecordsOnlyMessage; + + mDateOfModify + + RIGHT_BRACE + + COLON + SPACE + + DRM_LDIF_REWRAP_MESSAGE + + mPublicKeySize + + DRM_LDIF_RSA_MESSAGE + + mSourcePKISecurityDatabasePwdfileMessage + + SPACE + + PLUS + SPACE + + DRM_LDIF_APPENDED_ID_OFFSET_MESSAGE + + SPACE + + TIC + + mAppendIdOffset.toString() + + TIC + + mDrmNamingContextMessage + + mProcessRequestsAndKeyRecordsOnlyMessage; // Unformat the data - unformatted_data = stripEOL( data ); + unformatted_data = stripEOL(data); // Format the unformatted_data // to match the desired LDIF format output = DRM_LDIF_EXTDATA_REQUEST_NOTES - + SPACE - + format_ldif_data( - EXTDATA_REQUEST_NOTES_FIRST_LINE_DATA_LENGTH, - unformatted_data ); - } else if( mRewrapFlag && mRemoveIdOffsetFlag ) { + + SPACE + + format_ldif_data( + EXTDATA_REQUEST_NOTES_FIRST_LINE_DATA_LENGTH, + unformatted_data); + } else if (mRewrapFlag && mRemoveIdOffsetFlag) { data = LEFT_BRACE - + mDateOfModify - + RIGHT_BRACE - + COLON + SPACE - + DRM_LDIF_REWRAP_MESSAGE - + mPublicKeySize - + DRM_LDIF_RSA_MESSAGE - + mSourcePKISecurityDatabasePwdfileMessage - + SPACE - + PLUS + SPACE - + DRM_LDIF_REMOVED_ID_OFFSET_MESSAGE - + SPACE - + TIC - + mRemoveIdOffset.toString() - + TIC - + mDrmNamingContextMessage - + mProcessRequestsAndKeyRecordsOnlyMessage; + + mDateOfModify + + RIGHT_BRACE + + COLON + SPACE + + DRM_LDIF_REWRAP_MESSAGE + + mPublicKeySize + + DRM_LDIF_RSA_MESSAGE + + mSourcePKISecurityDatabasePwdfileMessage + + SPACE + + PLUS + SPACE + + DRM_LDIF_REMOVED_ID_OFFSET_MESSAGE + + SPACE + + TIC + + mRemoveIdOffset.toString() + + TIC + + mDrmNamingContextMessage + + mProcessRequestsAndKeyRecordsOnlyMessage; // Unformat the data - unformatted_data = stripEOL( data ); + unformatted_data = stripEOL(data); // Format the unformatted_data // to match the desired LDIF format output = DRM_LDIF_EXTDATA_REQUEST_NOTES - + SPACE - + format_ldif_data( - EXTDATA_REQUEST_NOTES_FIRST_LINE_DATA_LENGTH, - unformatted_data ); - } else if( mRewrapFlag ) { + + SPACE + + format_ldif_data( + EXTDATA_REQUEST_NOTES_FIRST_LINE_DATA_LENGTH, + unformatted_data); + } else if (mRewrapFlag) { data = LEFT_BRACE - + mDateOfModify - + RIGHT_BRACE - + COLON + SPACE - + DRM_LDIF_REWRAP_MESSAGE - + mPublicKeySize - + DRM_LDIF_RSA_MESSAGE - + mSourcePKISecurityDatabasePwdfileMessage - + mDrmNamingContextMessage - + mProcessRequestsAndKeyRecordsOnlyMessage; + + mDateOfModify + + RIGHT_BRACE + + COLON + SPACE + + DRM_LDIF_REWRAP_MESSAGE + + mPublicKeySize + + DRM_LDIF_RSA_MESSAGE + + mSourcePKISecurityDatabasePwdfileMessage + + mDrmNamingContextMessage + + mProcessRequestsAndKeyRecordsOnlyMessage; // Unformat the data - unformatted_data = stripEOL( data ); + unformatted_data = stripEOL(data); // Format the unformatted_data // to match the desired LDIF format output = DRM_LDIF_EXTDATA_REQUEST_NOTES - + SPACE - + format_ldif_data( - EXTDATA_REQUEST_NOTES_FIRST_LINE_DATA_LENGTH, - unformatted_data ); - } else if( mAppendIdOffsetFlag ) { + + SPACE + + format_ldif_data( + EXTDATA_REQUEST_NOTES_FIRST_LINE_DATA_LENGTH, + unformatted_data); + } else if (mAppendIdOffsetFlag) { data = LEFT_BRACE - + mDateOfModify - + RIGHT_BRACE - + COLON + SPACE - + DRM_LDIF_APPENDED_ID_OFFSET_MESSAGE - + SPACE - + TIC - + mAppendIdOffset.toString() - + TIC - + mDrmNamingContextMessage - + mProcessRequestsAndKeyRecordsOnlyMessage; + + mDateOfModify + + RIGHT_BRACE + + COLON + SPACE + + DRM_LDIF_APPENDED_ID_OFFSET_MESSAGE + + SPACE + + TIC + + mAppendIdOffset.toString() + + TIC + + mDrmNamingContextMessage + + mProcessRequestsAndKeyRecordsOnlyMessage; // Unformat the data - unformatted_data = stripEOL( data ); + unformatted_data = stripEOL(data); // Format the unformatted_data // to match the desired LDIF format output = DRM_LDIF_EXTDATA_REQUEST_NOTES - + SPACE - + format_ldif_data( - EXTDATA_REQUEST_NOTES_FIRST_LINE_DATA_LENGTH, - unformatted_data ); - } else if( mRemoveIdOffsetFlag ) { + + SPACE + + format_ldif_data( + EXTDATA_REQUEST_NOTES_FIRST_LINE_DATA_LENGTH, + unformatted_data); + } else if (mRemoveIdOffsetFlag) { data = LEFT_BRACE - + mDateOfModify - + RIGHT_BRACE - + COLON + SPACE - + DRM_LDIF_REMOVED_ID_OFFSET_MESSAGE - + SPACE - + TIC - + mRemoveIdOffset.toString() - + TIC - + mDrmNamingContextMessage - + mProcessRequestsAndKeyRecordsOnlyMessage; + + mDateOfModify + + RIGHT_BRACE + + COLON + SPACE + + DRM_LDIF_REMOVED_ID_OFFSET_MESSAGE + + SPACE + + TIC + + mRemoveIdOffset.toString() + + TIC + + mDrmNamingContextMessage + + mProcessRequestsAndKeyRecordsOnlyMessage; // Unformat the data - unformatted_data = stripEOL( data ); + unformatted_data = stripEOL(data); // Format the unformatted_data // to match the desired LDIF format output = DRM_LDIF_EXTDATA_REQUEST_NOTES - + SPACE - + format_ldif_data( - EXTDATA_REQUEST_NOTES_FIRST_LINE_DATA_LENGTH, - unformatted_data ); + + SPACE + + format_ldif_data( + EXTDATA_REQUEST_NOTES_FIRST_LINE_DATA_LENGTH, + unformatted_data); } // log this information - log( "Created:" - + NEWLINE - + TIC - + output - + TIC - + NEWLINE, false ); + log("Created:" + + NEWLINE + + TIC + + output + + TIC + + NEWLINE, false); // Write out this revised line // and flush the buffer - writer.write( output + NEWLINE ); + writer.write(output + NEWLINE); writer.flush(); - System.out.print( "." ); + System.out.print("."); } } } } - /** * Helper method which composes the output line for * DRM_LDIF_EXTDATA_SERIAL_NUMBER. * <P> - * + * * @param record_type the string representation of the input record type * @param line the string representation of the input line * @return the composed output line */ - private static String output_extdata_serial_number( String record_type, - String line ) { + private static String output_extdata_serial_number(String record_type, + String line) { String output = null; - if( record_type.equals( DRM_LDIF_RECOVERY ) ) { - if( drmtoolCfg.get( DRMTOOL_CFG_RECOVERY_EXTDATA_SERIAL_NUMBER ) ) { - output = compose_numeric_line( DRM_LDIF_EXTDATA_SERIAL_NUMBER, + if (record_type.equals(DRM_LDIF_RECOVERY)) { + if (drmtoolCfg.get(DRMTOOL_CFG_RECOVERY_EXTDATA_SERIAL_NUMBER)) { + output = compose_numeric_line(DRM_LDIF_EXTDATA_SERIAL_NUMBER, SPACE, line, - false ); + false); } else { output = line; } } else { - log( "ERROR: Mismatched record field='" - + DRM_LDIF_EXTDATA_SERIAL_NUMBER - + "' for record type='" - + record_type - + "'!" - + NEWLINE, true ); + log("ERROR: Mismatched record field='" + + DRM_LDIF_EXTDATA_SERIAL_NUMBER + + "' for record type='" + + record_type + + "'!" + + NEWLINE, true); } return output; } - /** * Helper method which composes the output line for * DRM_LDIF_PRIVATE_KEY_DATA. * <P> - * + * * @param record_type the string representation of the input record type * @param line the string representation of the input line * @return the composed output line */ - private static String output_private_key_data( String record_type, - String line ) { + private static String output_private_key_data(String record_type, + String line) { byte source_wrappedKeyData[] = null; byte target_wrappedKeyData[] = null; String data = null; @@ -3809,22 +3678,22 @@ public class DRMTool String output = null; try { - if( record_type.equals( DRM_LDIF_CA_KEY_RECORD ) ) { - if(drmtoolCfg.get(DRMTOOL_CFG_CA_KEY_RECORD_PRIVATE_KEY_DATA)) { + if (record_type.equals(DRM_LDIF_CA_KEY_RECORD)) { + if (drmtoolCfg.get(DRMTOOL_CFG_CA_KEY_RECORD_PRIVATE_KEY_DATA)) { // Since "-source_pki_security_database_path", // "-source_storage_token_name", // "-source_storage_certificate_nickname", and // "-target_storage_certificate_file" are OPTIONAL // parameters, ONLY process this field if all of // these options have been selected - if( mRewrapFlag ) { + if (mRewrapFlag) { // extract the data data = line.substring( DRM_LDIF_PRIVATE_KEY_DATA.length() + 1 - ).trim(); + ).trim(); - while( ( line = ldif_record.next() ) != null ) { - if( line.startsWith( SPACE ) ) { + while ((line = ldif_record.next()) != null) { + if (line.startsWith(SPACE)) { data += line.trim(); } else { break; @@ -3835,70 +3704,70 @@ public class DRMTool // enclosed in the String() object // into a BINARY BASE 64 byte[] object source_wrappedKeyData = - com.netscape.osutil.OSUtil.AtoB( data ); + com.netscape.osutil.OSUtil.AtoB(data); // rewrap the source wrapped private key data target_wrappedKeyData = rewrap_wrapped_key_data( - source_wrappedKeyData ); + source_wrappedKeyData); // Encode the BINARY BASE 64 byte[] object // into an ASCII BASE 64 certificate // enclosed in a String() object revised_data = com.netscape.osutil.OSUtil.BtoA( - target_wrappedKeyData ); + target_wrappedKeyData); // Unformat the ASCII BASE 64 certificate // for the log file - unformatted_data = stripEOL( revised_data ); + unformatted_data = stripEOL(revised_data); // Format the ASCII BASE 64 certificate // to match the desired LDIF format formatted_data = format_ldif_data( - PRIVATE_KEY_DATA_FIRST_LINE_DATA_LENGTH, - unformatted_data ); + PRIVATE_KEY_DATA_FIRST_LINE_DATA_LENGTH, + unformatted_data); // construct a revised 'privateKeyData' line output = DRM_LDIF_PRIVATE_KEY_DATA - + SPACE - + formatted_data - + NEWLINE - + line; + + SPACE + + formatted_data + + NEWLINE + + line; // log this information - log( "Changed 'privateKeyData' from:" - + NEWLINE - + TIC - + data - + TIC - + NEWLINE - + " to:" - + NEWLINE - + TIC - + unformatted_data - + TIC - + NEWLINE, false ); + log("Changed 'privateKeyData' from:" + + NEWLINE + + TIC + + data + + TIC + + NEWLINE + + " to:" + + NEWLINE + + TIC + + unformatted_data + + TIC + + NEWLINE, false); } else { output = line; } } else { output = line; } - } else if( record_type.equals( DRM_LDIF_TPS_KEY_RECORD ) ) { - if(drmtoolCfg.get(DRMTOOL_CFG_TPS_KEY_RECORD_PRIVATE_KEY_DATA)){ + } else if (record_type.equals(DRM_LDIF_TPS_KEY_RECORD)) { + if (drmtoolCfg.get(DRMTOOL_CFG_TPS_KEY_RECORD_PRIVATE_KEY_DATA)) { // Since "-source_pki_security_database_path", // "-source_storage_token_name", // "-source_storage_certificate_nickname", and // "-target_storage_certificate_file" are OPTIONAL // parameters, ONLY process this field if all of // these options have been selected - if( mRewrapFlag ) { + if (mRewrapFlag) { // extract the data data = line.substring( DRM_LDIF_PRIVATE_KEY_DATA.length() + 1 - ).trim(); + ).trim(); - while( ( line = ldif_record.next() ) != null ) { - if( line.startsWith( SPACE ) ) { + while ((line = ldif_record.next()) != null) { + if (line.startsWith(SPACE)) { data += line.trim(); } else { break; @@ -3909,48 +3778,48 @@ public class DRMTool // enclosed in the String() object // into a BINARY BASE 64 byte[] object source_wrappedKeyData = - com.netscape.osutil.OSUtil.AtoB( data ); + com.netscape.osutil.OSUtil.AtoB(data); // rewrap the source wrapped private key data target_wrappedKeyData = rewrap_wrapped_key_data( - source_wrappedKeyData ); + source_wrappedKeyData); // Encode the BINARY BASE 64 byte[] object // into an ASCII BASE 64 certificate // enclosed in a String() object revised_data = com.netscape.osutil.OSUtil.BtoA( - target_wrappedKeyData ); + target_wrappedKeyData); // Unformat the ASCII BASE 64 certificate // for the log file - unformatted_data = stripEOL( revised_data ); + unformatted_data = stripEOL(revised_data); // Format the ASCII BASE 64 certificate // to match the desired LDIF format formatted_data = format_ldif_data( - PRIVATE_KEY_DATA_FIRST_LINE_DATA_LENGTH, - unformatted_data ); + PRIVATE_KEY_DATA_FIRST_LINE_DATA_LENGTH, + unformatted_data); // construct a revised 'privateKeyData' line output = DRM_LDIF_PRIVATE_KEY_DATA - + SPACE - + formatted_data - + NEWLINE - + line; + + SPACE + + formatted_data + + NEWLINE + + line; // log this information - log( "Changed 'privateKeyData' from:" - + NEWLINE - + TIC - + data - + TIC - + NEWLINE - + " to:" - + NEWLINE - + TIC - + unformatted_data - + TIC - + NEWLINE, false ); + log("Changed 'privateKeyData' from:" + + NEWLINE + + TIC + + data + + TIC + + NEWLINE + + " to:" + + NEWLINE + + TIC + + unformatted_data + + TIC + + NEWLINE, false); } else { output = line; } @@ -3958,229 +3827,224 @@ public class DRMTool output = line; } } else { - log( "ERROR: Mismatched record field='" - + DRM_LDIF_PRIVATE_KEY_DATA - + "' for record type='" - + record_type - + "'!" - + NEWLINE, true ); + log("ERROR: Mismatched record field='" + + DRM_LDIF_PRIVATE_KEY_DATA + + "' for record type='" + + record_type + + "'!" + + NEWLINE, true); } - } catch( Exception exRewrap ) { - log( "ERROR: Unable to rewrap BINARY BASE 64 data. " - + "Exception: '" - + exRewrap.toString() - + "'" - + NEWLINE, true ); + } catch (Exception exRewrap) { + log("ERROR: Unable to rewrap BINARY BASE 64 data. " + + "Exception: '" + + exRewrap.toString() + + "'" + + NEWLINE, true); } return output; } - /** * Helper method which composes the output line for DRM_LDIF_REQUEST_ID. * <P> - * + * * @param record_type the string representation of the input record type * @param line the string representation of the input line * @return the composed output line */ - private static String output_request_id( String record_type, - String line ) { + private static String output_request_id(String record_type, + String line) { String output = null; - if( record_type.equals( DRM_LDIF_ENROLLMENT ) ) { - if( drmtoolCfg.get( DRMTOOL_CFG_ENROLLMENT_REQUEST_ID ) ) { - output = compose_numeric_line( DRM_LDIF_REQUEST_ID, + if (record_type.equals(DRM_LDIF_ENROLLMENT)) { + if (drmtoolCfg.get(DRMTOOL_CFG_ENROLLMENT_REQUEST_ID)) { + output = compose_numeric_line(DRM_LDIF_REQUEST_ID, SPACE, line, - true ); + true); } else { output = line; } - } else if( record_type.equals( DRM_LDIF_RECOVERY ) ) { - if( drmtoolCfg.get( DRMTOOL_CFG_RECOVERY_REQUEST_ID ) ) { - output = compose_numeric_line( DRM_LDIF_REQUEST_ID, + } else if (record_type.equals(DRM_LDIF_RECOVERY)) { + if (drmtoolCfg.get(DRMTOOL_CFG_RECOVERY_REQUEST_ID)) { + output = compose_numeric_line(DRM_LDIF_REQUEST_ID, SPACE, line, - true ); + true); } else { output = line; } - } else if( record_type.equals( DRM_LDIF_KEYGEN ) ) { - if( drmtoolCfg.get( DRMTOOL_CFG_KEYGEN_REQUEST_ID ) ) { - output = compose_numeric_line( DRM_LDIF_REQUEST_ID, + } else if (record_type.equals(DRM_LDIF_KEYGEN)) { + if (drmtoolCfg.get(DRMTOOL_CFG_KEYGEN_REQUEST_ID)) { + output = compose_numeric_line(DRM_LDIF_REQUEST_ID, SPACE, line, - true ); + true); } else { output = line; } } else { - log( "ERROR: Mismatched record field='" - + DRM_LDIF_REQUEST_ID - + "' for record type='" - + record_type - + "'!" - + NEWLINE, true ); + log("ERROR: Mismatched record field='" + + DRM_LDIF_REQUEST_ID + + "' for record type='" + + record_type + + "'!" + + NEWLINE, true); } return output; } - /** * Helper method which composes the output line for DRM_LDIF_SERIAL_NO. * <P> - * + * * @param record_type the string representation of the input record type * @param line the string representation of the input line * @return the composed output line */ - private static String output_serial_no( String record_type, - String line ) { + private static String output_serial_no(String record_type, + String line) { String output = null; - if( record_type.equals( DRM_LDIF_CA_KEY_RECORD ) ) { - if( drmtoolCfg.get( DRMTOOL_CFG_CA_KEY_RECORD_SERIAL_NO ) ) { - output = compose_numeric_line( DRM_LDIF_SERIAL_NO, + if (record_type.equals(DRM_LDIF_CA_KEY_RECORD)) { + if (drmtoolCfg.get(DRMTOOL_CFG_CA_KEY_RECORD_SERIAL_NO)) { + output = compose_numeric_line(DRM_LDIF_SERIAL_NO, SPACE, line, - true ); + true); } else { output = line; } - } else if( record_type.equals( DRM_LDIF_TPS_KEY_RECORD ) ) { - if( drmtoolCfg.get( DRMTOOL_CFG_TPS_KEY_RECORD_SERIAL_NO ) ) { - output = compose_numeric_line( DRM_LDIF_SERIAL_NO, + } else if (record_type.equals(DRM_LDIF_TPS_KEY_RECORD)) { + if (drmtoolCfg.get(DRMTOOL_CFG_TPS_KEY_RECORD_SERIAL_NO)) { + output = compose_numeric_line(DRM_LDIF_SERIAL_NO, SPACE, line, - true ); + true); } else { output = line; } - } else if( record_type.equals( DRM_LDIF_RECORD ) ) { + } else if (record_type.equals(DRM_LDIF_RECORD)) { // Non-Request / Non-Key Record: // Pass through the original // 'serialno' line UNCHANGED // so that it is ALWAYS written output = line; } else { - log( "ERROR: Mismatched record field='" - + DRM_LDIF_SERIAL_NO - + "' for record type='" - + record_type - + "'!" - + NEWLINE, true ); + log("ERROR: Mismatched record field='" + + DRM_LDIF_SERIAL_NO + + "' for record type='" + + record_type + + "'!" + + NEWLINE, true); } return output; } - /** * Helper method which composes the output line for * DRM_LDIF_EXTDATA_AUTH_TOKEN_USER. * <P> - * + * * @param record_type the string representation of the input record type * @param line the string representation of the input line * @return the composed output line */ - private static String output_extdata_auth_token_user( String record_type, - String line ) { + private static String output_extdata_auth_token_user(String record_type, + String line) { String data = null; String output = null; try { - if( record_type.equals( DRM_LDIF_ENROLLMENT ) ) { + if (record_type.equals(DRM_LDIF_ENROLLMENT)) { // Since "-source_drm_naming_context", and // "-target_drm_naming_context" are OPTIONAL // parameters, ONLY process this field if both of // these options have been selected - if( mDrmNamingContextsFlag ) { - output = line.replace( mSourceDrmNamingContext, - mTargetDrmNamingContext ); + if (mDrmNamingContextsFlag) { + output = line.replace(mSourceDrmNamingContext, + mTargetDrmNamingContext); } else { output = line; } } else { - log( "ERROR: Mismatched record field='" - + DRM_LDIF_EXTDATA_AUTH_TOKEN_USER - + "' for record type='" - + record_type - + "'!" - + NEWLINE, true ); + log("ERROR: Mismatched record field='" + + DRM_LDIF_EXTDATA_AUTH_TOKEN_USER + + "' for record type='" + + record_type + + "'!" + + NEWLINE, true); } - } catch( NullPointerException exNullPointerException ) { - log( "ERROR: Unable to replace source DRM naming context '" - + mSourceDrmNamingContext - + "' with target DRM naming context '" - + mTargetDrmNamingContext - + "' NullPointerException: '" - + exNullPointerException.toString() - + "'" - + NEWLINE, true ); + } catch (NullPointerException exNullPointerException) { + log("ERROR: Unable to replace source DRM naming context '" + + mSourceDrmNamingContext + + "' with target DRM naming context '" + + mTargetDrmNamingContext + + "' NullPointerException: '" + + exNullPointerException.toString() + + "'" + + NEWLINE, true); } return output; } - /** * Helper method which composes the output line for * DRM_LDIF_EXTDATA_AUTH_TOKEN_USER_DN. * <P> - * + * * @param record_type the string representation of the input record type * @param line the string representation of the input line * @return the composed output line */ - private static String output_extdata_auth_token_user_dn( String record_type, - String line ) { + private static String output_extdata_auth_token_user_dn(String record_type, + String line) { String data = null; String output = null; try { - if( record_type.equals( DRM_LDIF_ENROLLMENT ) ) { + if (record_type.equals(DRM_LDIF_ENROLLMENT)) { // Since "-source_drm_naming_context", and // "-target_drm_naming_context" are OPTIONAL // parameters, ONLY process this field if both of // these options have been selected - if( mDrmNamingContextsFlag ) { - output = line.replace( mSourceDrmNamingContext, - mTargetDrmNamingContext ); + if (mDrmNamingContextsFlag) { + output = line.replace(mSourceDrmNamingContext, + mTargetDrmNamingContext); } else { output = line; } } else { - log( "ERROR: Mismatched record field='" - + DRM_LDIF_EXTDATA_AUTH_TOKEN_USER_DN - + "' for record type='" - + record_type - + "'!" - + NEWLINE, true ); + log("ERROR: Mismatched record field='" + + DRM_LDIF_EXTDATA_AUTH_TOKEN_USER_DN + + "' for record type='" + + record_type + + "'!" + + NEWLINE, true); } - } catch( NullPointerException exNullPointerException ) { - log( "ERROR: Unable to replace source DRM naming context '" - + mSourceDrmNamingContext - + "' with target DRM naming context '" - + mTargetDrmNamingContext - + "' NullPointerException: '" - + exNullPointerException.toString() - + "'" - + NEWLINE, true ); + } catch (NullPointerException exNullPointerException) { + log("ERROR: Unable to replace source DRM naming context '" + + mSourceDrmNamingContext + + "' with target DRM naming context '" + + mTargetDrmNamingContext + + "' NullPointerException: '" + + exNullPointerException.toString() + + "'" + + NEWLINE, true); } return output; } - /** * This method performs the actual parsing of the "source" LDIF file * and produces the "target" LDIF file. * <P> - * + * * @return true if the "target" LDIF file is successfully created */ private static boolean convert_source_ldif_to_target_ldif() { @@ -4194,41 +4058,41 @@ public class DRMTool String data = null; String record_type = null; - if( mRewrapFlag ) { + if (mRewrapFlag) { success = obtain_RSA_rewrapping_keys(); - if( !success ) { + if (!success) { return FAILURE; } } // Create a vector for LDIF input - record = new Vector<String>( INITIAL_LDIF_RECORD_CAPACITY ); + record = new Vector<String>(INITIAL_LDIF_RECORD_CAPACITY); // Process each line in the source LDIF file // and store it in the target LDIF file try { // Open source LDIF file for reading reader = new BufferedReader( - new FileReader( mSourceLdifFilename ) ); + new FileReader(mSourceLdifFilename)); // Open target LDIF file for writing writer = new PrintWriter( new BufferedWriter( - new FileWriter( mTargetLdifFilename ) ) ); + new FileWriter(mTargetLdifFilename))); - System.out.print( "PROCESSING: " ); - while( ( input = reader.readLine() ) != null ) { + System.out.print("PROCESSING: "); + while ((input = reader.readLine()) != null) { // Read in a record from the source LDIF file and // add this line of input into the record vector - success = record.add( input ); - if( !success ) { + success = record.add(input); + if (!success) { return FAILURE; } // Check for the end of an LDIF record - if( !input.equals( "" ) ) { + if (!input.equals("")) { // Check to see if input line identifies the record type - if( input.startsWith( DRM_LDIF_REQUEST_TYPE ) ) { + if (input.startsWith(DRM_LDIF_REQUEST_TYPE)) { // set the record type: // // * DRM_LDIF_ENROLLMENT @@ -4238,36 +4102,36 @@ public class DRMTool record_type = input.substring( DRM_LDIF_REQUEST_TYPE.length() + 1 ).trim(); - if( !record_type.equals( DRM_LDIF_ENROLLMENT ) && - !record_type.equals( DRM_LDIF_KEYGEN ) && - !record_type.equals( DRM_LDIF_RECOVERY ) ) { - log( "ERROR: Unknown LDIF record type='" - + record_type - + "'!" - + NEWLINE, true ); + if (!record_type.equals(DRM_LDIF_ENROLLMENT) && + !record_type.equals(DRM_LDIF_KEYGEN) && + !record_type.equals(DRM_LDIF_RECOVERY)) { + log("ERROR: Unknown LDIF record type='" + + record_type + + "'!" + + NEWLINE, true); return FAILURE; } - } else if( input.startsWith( DRM_LDIF_ARCHIVED_BY ) ) { + } else if (input.startsWith(DRM_LDIF_ARCHIVED_BY)) { // extract the data data = input.substring( DRM_LDIF_ARCHIVED_BY.length() + 1 - ).trim(); + ).trim(); // set the record type: // // * DRM_LDIF_CA_KEY_RECORD // * DRM_LDIF_TPS_KEY_RECORD // - if( data.startsWith( DRM_LDIF_TPS_KEY_RECORD ) ) { + if (data.startsWith(DRM_LDIF_TPS_KEY_RECORD)) { record_type = DRM_LDIF_TPS_KEY_RECORD; - } else if( data.startsWith( DRM_LDIF_CA_KEY_RECORD ) ) { + } else if (data.startsWith(DRM_LDIF_CA_KEY_RECORD)) { record_type = DRM_LDIF_CA_KEY_RECORD; } else { - log( "ERROR: Unable to determine LDIF record type " - + "from data='" - + data - + "'!" - + NEWLINE, true ); + log("ERROR: Unable to determine LDIF record type " + + "from data='" + + data + + "'!" + + NEWLINE, true); return FAILURE; } } @@ -4280,15 +4144,15 @@ public class DRMTool // an LDIF request record nor an LDIF key record; check // to see if it needs to be written out to the target // LDIF file or thrown away. - if( ( record_type == null ) && - mProcessRequestsAndKeyRecordsOnlyFlag ) { + if ((record_type == null) && + mProcessRequestsAndKeyRecordsOnlyFlag) { // Mark each removed record with an 'x' - System.out.print( "x" ); + System.out.print("x"); // log this information - log( "INFO: Throwing away an LDIF record which is " - + "neither a Request nor a Key Record!" - + NEWLINE, false ); + log("INFO: Throwing away an LDIF record which is " + + "neither a Request nor a Key Record!" + + NEWLINE, false); // clear this LDIF record from the record vector record.clear(); @@ -4297,7 +4161,7 @@ public class DRMTool // begin adding input lines into a new record continue; - } else if( record_type == null ) { + } else if (record_type == null) { // Set record type to specify a "generic" LDIF record record_type = DRM_LDIF_RECORD; } @@ -4312,91 +4176,91 @@ public class DRMTool // * Pass through this data unchanged // * Else If LDIF Record Type for this line is 'invalid' // * Log error and leave method returning 'false' - while( ldif_record.hasNext() ) { + while (ldif_record.hasNext()) { line = ldif_record.next(); - if( line.startsWith( DRM_LDIF_CN ) ) { - output = output_cn( record_type, line ); - if( output == null ) { + if (line.startsWith(DRM_LDIF_CN)) { + output = output_cn(record_type, line); + if (output == null) { return FAILURE; } - } else if( line.startsWith( DRM_LDIF_DATE_OF_MODIFY ) ) { - output = output_date_of_modify( record_type, line ); - if( output == null ) { + } else if (line.startsWith(DRM_LDIF_DATE_OF_MODIFY)) { + output = output_date_of_modify(record_type, line); + if (output == null) { return FAILURE; } - } else if( line.startsWith( DRM_LDIF_DN ) ) { - output = output_dn( record_type, line ); - if( output == null ) { + } else if (line.startsWith(DRM_LDIF_DN)) { + output = output_dn(record_type, line); + if (output == null) { return FAILURE; } - } else if(line.startsWith( DRM_LDIF_EXTDATA_KEY_RECORD )) { - output = output_extdata_key_record( record_type, - line ); - if( output == null ) { + } else if (line.startsWith(DRM_LDIF_EXTDATA_KEY_RECORD)) { + output = output_extdata_key_record(record_type, + line); + if (output == null) { return FAILURE; } - } else if(line.startsWith( DRM_LDIF_EXTDATA_REQUEST_ID )) { - output = output_extdata_request_id( record_type, - line ); - if( output == null ) { + } else if (line.startsWith(DRM_LDIF_EXTDATA_REQUEST_ID)) { + output = output_extdata_request_id(record_type, + line); + if (output == null) { return FAILURE; } - } else if(line.startsWith(DRM_LDIF_EXTDATA_REQUEST_NOTES)) { - output = output_extdata_request_notes( record_type, - line ); - if( output == null ) { + } else if (line.startsWith(DRM_LDIF_EXTDATA_REQUEST_NOTES)) { + output = output_extdata_request_notes(record_type, + line); + if (output == null) { return FAILURE; } - } else if(line.startsWith(DRM_LDIF_EXTDATA_REQUEST_TYPE)) { + } else if (line.startsWith(DRM_LDIF_EXTDATA_REQUEST_TYPE)) { // if one is not already present, // compose and write out the missing // 'extdata_requestnotes' line - create_extdata_request_notes( record_type, + create_extdata_request_notes(record_type, previous_line, - writer ); + writer); // ALWAYS pass through the original // 'extdata-requesttype' line UNCHANGED // so that it is ALWAYS written output = line; - } else if(line.startsWith(DRM_LDIF_EXTDATA_SERIAL_NUMBER)) { - output = output_extdata_serial_number( record_type, - line ); - if( output == null ) { + } else if (line.startsWith(DRM_LDIF_EXTDATA_SERIAL_NUMBER)) { + output = output_extdata_serial_number(record_type, + line); + if (output == null) { return FAILURE; } - } else if( line.startsWith( DRM_LDIF_PRIVATE_KEY_DATA ) ) { - output = output_private_key_data( record_type, - line ); - if( output == null ) { + } else if (line.startsWith(DRM_LDIF_PRIVATE_KEY_DATA)) { + output = output_private_key_data(record_type, + line); + if (output == null) { return FAILURE; } - } else if( line.startsWith( DRM_LDIF_REQUEST_ID ) ) { - output = output_request_id( record_type, line ); - if( output == null ) { + } else if (line.startsWith(DRM_LDIF_REQUEST_ID)) { + output = output_request_id(record_type, line); + if (output == null) { return FAILURE; } - } else if( line.startsWith( DRM_LDIF_SERIAL_NO ) ) { - output = output_serial_no( record_type, line ); - if( output == null ) { + } else if (line.startsWith(DRM_LDIF_SERIAL_NO)) { + output = output_serial_no(record_type, line); + if (output == null) { return FAILURE; } - } else if( previous_line != null && + } else if (previous_line != null && previous_line.startsWith( - DRM_LDIF_EXTDATA_AUTH_TOKEN_USER ) ) { - output = output_extdata_auth_token_user( record_type, - line ); - if( output == null ) { + DRM_LDIF_EXTDATA_AUTH_TOKEN_USER)) { + output = output_extdata_auth_token_user(record_type, + line); + if (output == null) { return FAILURE; } - } else if( previous_line != null && + } else if (previous_line != null && previous_line.startsWith( - DRM_LDIF_EXTDATA_AUTH_TOKEN_USER_DN ) ) { - output = output_extdata_auth_token_user_dn( record_type, - line ); - if( output == null ) { + DRM_LDIF_EXTDATA_AUTH_TOKEN_USER_DN)) { + output = output_extdata_auth_token_user_dn(record_type, + line); + if (output == null) { return FAILURE; } } else { @@ -4408,33 +4272,32 @@ public class DRMTool previous_line = output; // Always write out the output line and flush the buffer - writer.write( output + NEWLINE ); + writer.write(output + NEWLINE); writer.flush(); - System.out.print( "." ); + System.out.print("."); } // Mark the end of the LDIF record - System.out.print( "!" ); + System.out.print("!"); // clear this LDIF record from the record vector record.clear(); } - System.out.println( " FINISHED." + NEWLINE ); - } catch( IOException exIO ) { - log( "ERROR: line='" - + line - + "' OR output='" - + output - + "' IOException: '" - + exIO.toString() - + "'" - + NEWLINE, true ); + System.out.println(" FINISHED." + NEWLINE); + } catch (IOException exIO) { + log("ERROR: line='" + + line + + "' OR output='" + + output + + "' IOException: '" + + exIO.toString() + + "'" + + NEWLINE, true); return FAILURE; } return SUCCESS; } - /**************************************/ /* DRMTOOL Config File Parser Methods */ /**************************************/ @@ -4443,7 +4306,7 @@ public class DRMTool * This method performs the actual parsing of the DRMTOOL config file * and initializes how the DRM Record Fields should be processed. * <P> - * + * * @return true if the DRMTOOL config file is successfully processed */ private static boolean process_drmtool_config_file() { @@ -4459,94 +4322,93 @@ public class DRMTool try { // Open DRMTOOL config file for reading reader = new BufferedReader( - new FileReader( mDrmtoolCfgFilename ) ); + new FileReader(mDrmtoolCfgFilename)); // Create a hashtable for relevant name/value pairs drmtoolCfg = new Hashtable<String, Boolean>(); - System.out.print( "PROCESSING DRMTOOL CONFIG FILE: " ); - while( ( line = reader.readLine() ) != null ) { - if( line.startsWith( DRMTOOL_CFG_PREFIX ) ) { + System.out.print("PROCESSING DRMTOOL CONFIG FILE: "); + while ((line = reader.readLine()) != null) { + if (line.startsWith(DRMTOOL_CFG_PREFIX)) { // obtain "name=value" pair - name_value_pair = line.split( EQUAL_SIGN ); + name_value_pair = line.split(EQUAL_SIGN); // obtain "name" name = name_value_pair[0]; // compute "boolean" value - if( name_value_pair[1].equals( "true" ) ) { + if (name_value_pair[1].equals("true")) { value = Boolean.TRUE; } else { value = Boolean.FALSE; } // store relevant DRM LDIF fields for processing - if( name.equals( DRMTOOL_CFG_ENROLLMENT_CN ) - || name.equals( DRMTOOL_CFG_ENROLLMENT_DATE_OF_MODIFY ) - || name.equals( DRMTOOL_CFG_ENROLLMENT_DN ) - || name.equals( DRMTOOL_CFG_ENROLLMENT_EXTDATA_KEY_RECORD ) - || name.equals( DRMTOOL_CFG_ENROLLMENT_EXTDATA_REQUEST_NOTES ) - || name.equals( DRMTOOL_CFG_ENROLLMENT_REQUEST_ID ) - || name.equals( DRMTOOL_CFG_CA_KEY_RECORD_CN ) - || name.equals( DRMTOOL_CFG_CA_KEY_RECORD_DATE_OF_MODIFY ) - || name.equals( DRMTOOL_CFG_CA_KEY_RECORD_DN ) - || name.equals( DRMTOOL_CFG_CA_KEY_RECORD_PRIVATE_KEY_DATA ) - || name.equals( DRMTOOL_CFG_CA_KEY_RECORD_SERIAL_NO ) - || name.equals( DRMTOOL_CFG_RECOVERY_CN ) - || name.equals( DRMTOOL_CFG_RECOVERY_DATE_OF_MODIFY ) - || name.equals( DRMTOOL_CFG_RECOVERY_DN ) - || name.equals( DRMTOOL_CFG_RECOVERY_EXTDATA_REQUEST_ID ) - || name.equals( DRMTOOL_CFG_RECOVERY_EXTDATA_REQUEST_NOTES ) - || name.equals( DRMTOOL_CFG_RECOVERY_EXTDATA_SERIAL_NUMBER ) - || name.equals( DRMTOOL_CFG_RECOVERY_REQUEST_ID ) - || name.equals( DRMTOOL_CFG_TPS_KEY_RECORD_CN ) - || name.equals( DRMTOOL_CFG_TPS_KEY_RECORD_DATE_OF_MODIFY ) - || name.equals( DRMTOOL_CFG_TPS_KEY_RECORD_DN ) - || name.equals( DRMTOOL_CFG_TPS_KEY_RECORD_PRIVATE_KEY_DATA ) - || name.equals( DRMTOOL_CFG_TPS_KEY_RECORD_SERIAL_NO ) - || name.equals( DRMTOOL_CFG_KEYGEN_CN ) - || name.equals( DRMTOOL_CFG_KEYGEN_DATE_OF_MODIFY ) - || name.equals( DRMTOOL_CFG_KEYGEN_DN ) - || name.equals( DRMTOOL_CFG_KEYGEN_EXTDATA_KEY_RECORD ) - || name.equals( DRMTOOL_CFG_KEYGEN_EXTDATA_REQUEST_ID ) - || name.equals( DRMTOOL_CFG_KEYGEN_EXTDATA_REQUEST_NOTES ) - || name.equals( DRMTOOL_CFG_KEYGEN_REQUEST_ID ) ) { - drmtoolCfg.put( name, value ); - System.out.print( "." ); + if (name.equals(DRMTOOL_CFG_ENROLLMENT_CN) + || name.equals(DRMTOOL_CFG_ENROLLMENT_DATE_OF_MODIFY) + || name.equals(DRMTOOL_CFG_ENROLLMENT_DN) + || name.equals(DRMTOOL_CFG_ENROLLMENT_EXTDATA_KEY_RECORD) + || name.equals(DRMTOOL_CFG_ENROLLMENT_EXTDATA_REQUEST_NOTES) + || name.equals(DRMTOOL_CFG_ENROLLMENT_REQUEST_ID) + || name.equals(DRMTOOL_CFG_CA_KEY_RECORD_CN) + || name.equals(DRMTOOL_CFG_CA_KEY_RECORD_DATE_OF_MODIFY) + || name.equals(DRMTOOL_CFG_CA_KEY_RECORD_DN) + || name.equals(DRMTOOL_CFG_CA_KEY_RECORD_PRIVATE_KEY_DATA) + || name.equals(DRMTOOL_CFG_CA_KEY_RECORD_SERIAL_NO) + || name.equals(DRMTOOL_CFG_RECOVERY_CN) + || name.equals(DRMTOOL_CFG_RECOVERY_DATE_OF_MODIFY) + || name.equals(DRMTOOL_CFG_RECOVERY_DN) + || name.equals(DRMTOOL_CFG_RECOVERY_EXTDATA_REQUEST_ID) + || name.equals(DRMTOOL_CFG_RECOVERY_EXTDATA_REQUEST_NOTES) + || name.equals(DRMTOOL_CFG_RECOVERY_EXTDATA_SERIAL_NUMBER) + || name.equals(DRMTOOL_CFG_RECOVERY_REQUEST_ID) + || name.equals(DRMTOOL_CFG_TPS_KEY_RECORD_CN) + || name.equals(DRMTOOL_CFG_TPS_KEY_RECORD_DATE_OF_MODIFY) + || name.equals(DRMTOOL_CFG_TPS_KEY_RECORD_DN) + || name.equals(DRMTOOL_CFG_TPS_KEY_RECORD_PRIVATE_KEY_DATA) + || name.equals(DRMTOOL_CFG_TPS_KEY_RECORD_SERIAL_NO) + || name.equals(DRMTOOL_CFG_KEYGEN_CN) + || name.equals(DRMTOOL_CFG_KEYGEN_DATE_OF_MODIFY) + || name.equals(DRMTOOL_CFG_KEYGEN_DN) + || name.equals(DRMTOOL_CFG_KEYGEN_EXTDATA_KEY_RECORD) + || name.equals(DRMTOOL_CFG_KEYGEN_EXTDATA_REQUEST_ID) + || name.equals(DRMTOOL_CFG_KEYGEN_EXTDATA_REQUEST_NOTES) + || name.equals(DRMTOOL_CFG_KEYGEN_REQUEST_ID)) { + drmtoolCfg.put(name, value); + System.out.print("."); } } } - System.out.println( " FINISHED." + NEWLINE ); - } catch( FileNotFoundException exDrmtoolCfgFileNotFound ) { - log( "ERROR: No DRMTOOL config file named '" - + mDrmtoolCfgFilename - + "' exists! FileNotFoundException: '" - + exDrmtoolCfgFileNotFound.toString() - + "'" - + NEWLINE, true ); + System.out.println(" FINISHED." + NEWLINE); + } catch (FileNotFoundException exDrmtoolCfgFileNotFound) { + log("ERROR: No DRMTOOL config file named '" + + mDrmtoolCfgFilename + + "' exists! FileNotFoundException: '" + + exDrmtoolCfgFileNotFound.toString() + + "'" + + NEWLINE, true); return FAILURE; - } catch( IOException exDrmtoolCfgIO ) { - log( "ERROR: line='" - + line - + "' IOException: '" - + exDrmtoolCfgIO.toString() - + "'" - + NEWLINE, true ); + } catch (IOException exDrmtoolCfgIO) { + log("ERROR: line='" + + line + + "' IOException: '" + + exDrmtoolCfgIO.toString() + + "'" + + NEWLINE, true); return FAILURE; - } catch( PatternSyntaxException exDrmtoolCfgNameValuePattern ) { - log( "ERROR: line='" - + line - + "' PatternSyntaxException: '" - + exDrmtoolCfgNameValuePattern.toString() - + "'" - + NEWLINE, true ); + } catch (PatternSyntaxException exDrmtoolCfgNameValuePattern) { + log("ERROR: line='" + + line + + "' PatternSyntaxException: '" + + exDrmtoolCfgNameValuePattern.toString() + + "'" + + NEWLINE, true); return FAILURE; } return SUCCESS; } - /************/ /* DRM Tool */ /************/ @@ -4554,10 +4416,10 @@ public class DRMTool /** * The main DRMTool method. * <P> - * + * * @param args DRMTool options */ - public static void main( String[] args ) { + public static void main(String[] args) { // Variables String append_id_offset = null; String remove_id_offset = null; @@ -4574,155 +4436,154 @@ public class DRMTool boolean success = false; // Get current date and time - mDateOfModify = now( DATE_OF_MODIFY_PATTERN ); + mDateOfModify = now(DATE_OF_MODIFY_PATTERN); // Check that the correct number of arguments were // submitted to the program - if( ( args.length != ID_OFFSET_ARGS ) && - ( args.length != ( ID_OFFSET_ARGS + 1 ) ) && - ( args.length != ( ID_OFFSET_ARGS + 4 ) ) && - ( args.length != ( ID_OFFSET_ARGS + 5 ) ) && - ( args.length != REWRAP_ARGS ) && - ( args.length != ( REWRAP_ARGS + 1 ) ) && - ( args.length != ( REWRAP_ARGS + 2 ) ) && - ( args.length != ( REWRAP_ARGS + 3 ) ) && - ( args.length != ( REWRAP_ARGS + 4 ) ) && - ( args.length != ( REWRAP_ARGS + 5 ) ) && - ( args.length != ( REWRAP_ARGS + 6 ) ) && - ( args.length != ( REWRAP_ARGS + 7 ) ) && - ( args.length != REWRAP_AND_ID_OFFSET_ARGS ) && - ( args.length != ( REWRAP_AND_ID_OFFSET_ARGS + 1 ) ) && - ( args.length != ( REWRAP_AND_ID_OFFSET_ARGS + 2 ) ) && - ( args.length != ( REWRAP_AND_ID_OFFSET_ARGS + 3 ) ) && - ( args.length != ( REWRAP_AND_ID_OFFSET_ARGS + 4 ) ) && - ( args.length != ( REWRAP_AND_ID_OFFSET_ARGS + 5 ) ) && - ( args.length != ( REWRAP_AND_ID_OFFSET_ARGS + 6 ) ) && - ( args.length != ( REWRAP_AND_ID_OFFSET_ARGS + 7 ) ) ) { - System.err.println( "ERROR: Incorrect number of arguments!" - + NEWLINE ); + if ((args.length != ID_OFFSET_ARGS) && + (args.length != (ID_OFFSET_ARGS + 1)) && + (args.length != (ID_OFFSET_ARGS + 4)) && + (args.length != (ID_OFFSET_ARGS + 5)) && + (args.length != REWRAP_ARGS) && + (args.length != (REWRAP_ARGS + 1)) && + (args.length != (REWRAP_ARGS + 2)) && + (args.length != (REWRAP_ARGS + 3)) && + (args.length != (REWRAP_ARGS + 4)) && + (args.length != (REWRAP_ARGS + 5)) && + (args.length != (REWRAP_ARGS + 6)) && + (args.length != (REWRAP_ARGS + 7)) && + (args.length != REWRAP_AND_ID_OFFSET_ARGS) && + (args.length != (REWRAP_AND_ID_OFFSET_ARGS + 1)) && + (args.length != (REWRAP_AND_ID_OFFSET_ARGS + 2)) && + (args.length != (REWRAP_AND_ID_OFFSET_ARGS + 3)) && + (args.length != (REWRAP_AND_ID_OFFSET_ARGS + 4)) && + (args.length != (REWRAP_AND_ID_OFFSET_ARGS + 5)) && + (args.length != (REWRAP_AND_ID_OFFSET_ARGS + 6)) && + (args.length != (REWRAP_AND_ID_OFFSET_ARGS + 7))) { + System.err.println("ERROR: Incorrect number of arguments!" + + NEWLINE); printUsage(); - System.exit( 0 ); + System.exit(0); } // Process command-line arguments - for( int i = 0; i < args.length; i += 2 ) { - if( args[i].equals( DRMTOOL_CFG_FILE ) ) { + for (int i = 0; i < args.length; i += 2) { + if (args[i].equals(DRMTOOL_CFG_FILE)) { mDrmtoolCfgFilename = args[i + 1]; mMandatoryNameValuePairs++; - } else if( args[i].equals( SOURCE_LDIF_FILE ) ) { + } else if (args[i].equals(SOURCE_LDIF_FILE)) { mSourceLdifFilename = args[i + 1]; mMandatoryNameValuePairs++; - } else if( args[i].equals( TARGET_LDIF_FILE ) ) { + } else if (args[i].equals(TARGET_LDIF_FILE)) { mTargetLdifFilename = args[i + 1]; mMandatoryNameValuePairs++; - } else if( args[i].equals( LOG_FILE ) ) { + } else if (args[i].equals(LOG_FILE)) { mLogFilename = args[i + 1]; mMandatoryNameValuePairs++; - } else if( args[i].equals( SOURCE_NSS_DB_PATH ) ) { + } else if (args[i].equals(SOURCE_NSS_DB_PATH)) { mSourcePKISecurityDatabasePath = args[i + 1]; mRewrapNameValuePairs++; - } else if( args[i].equals( SOURCE_STORAGE_TOKEN_NAME ) ) { + } else if (args[i].equals(SOURCE_STORAGE_TOKEN_NAME)) { mSourceStorageTokenName = args[i + 1]; mRewrapNameValuePairs++; - } else if( args[i].equals( SOURCE_STORAGE_CERT_NICKNAME ) ) { + } else if (args[i].equals(SOURCE_STORAGE_CERT_NICKNAME)) { mSourceStorageCertNickname = args[i + 1]; mRewrapNameValuePairs++; - } else if( args[i].equals( TARGET_STORAGE_CERTIFICATE_FILE ) ) { + } else if (args[i].equals(TARGET_STORAGE_CERTIFICATE_FILE)) { mTargetStorageCertificateFilename = args[i + 1]; mRewrapNameValuePairs++; - } else if( args[i].equals( SOURCE_NSS_DB_PWDFILE ) ) { + } else if (args[i].equals(SOURCE_NSS_DB_PWDFILE)) { mSourcePKISecurityDatabasePwdfile = args[i + 1]; mPKISecurityDatabasePwdfileNameValuePairs++; - } else if( args[i].equals( APPEND_ID_OFFSET ) ) { + } else if (args[i].equals(APPEND_ID_OFFSET)) { append_id_offset = args[i + 1]; mAppendIdOffsetNameValuePairs++; - } else if( args[i].equals( REMOVE_ID_OFFSET ) ) { + } else if (args[i].equals(REMOVE_ID_OFFSET)) { remove_id_offset = args[i + 1]; mRemoveIdOffsetNameValuePairs++; - } else if( args[i].equals( SOURCE_DRM_NAMING_CONTEXT ) ) { + } else if (args[i].equals(SOURCE_DRM_NAMING_CONTEXT)) { mSourceDrmNamingContext = args[i + 1]; mDrmNamingContextNameValuePairs++; - } else if( args[i].equals( TARGET_DRM_NAMING_CONTEXT ) ) { + } else if (args[i].equals(TARGET_DRM_NAMING_CONTEXT)) { mTargetDrmNamingContext = args[i + 1]; mDrmNamingContextNameValuePairs++; - } else if( args[i].equals( PROCESS_REQUESTS_AND_KEY_RECORDS_ONLY ) ) - { + } else if (args[i].equals(PROCESS_REQUESTS_AND_KEY_RECORDS_ONLY)) { mProcessRequestsAndKeyRecordsOnlyFlag = true; i -= 1; } else { - System.err.println( "ERROR: Unknown argument '" + System.err.println("ERROR: Unknown argument '" + args[i] + "'!" - + NEWLINE ); + + NEWLINE); printUsage(); - System.exit( 0 ); + System.exit(0); } } // Verify that correct number of valid mandatory // arguments were submitted to the program - if( mMandatoryNameValuePairs != MANDATORY_NAME_VALUE_PAIRS || - mDrmtoolCfgFilename == null || - mDrmtoolCfgFilename.length() == 0 || - mSourceLdifFilename == null || - mSourceLdifFilename.length() == 0 || - mTargetLdifFilename == null || - mTargetLdifFilename.length() == 0 || - mLogFilename == null || - mLogFilename.length() == 0 ) { - System.err.println( "ERROR: Missing mandatory arguments!" - + NEWLINE ); + if (mMandatoryNameValuePairs != MANDATORY_NAME_VALUE_PAIRS || + mDrmtoolCfgFilename == null || + mDrmtoolCfgFilename.length() == 0 || + mSourceLdifFilename == null || + mSourceLdifFilename.length() == 0 || + mTargetLdifFilename == null || + mTargetLdifFilename.length() == 0 || + mLogFilename == null || + mLogFilename.length() == 0) { + System.err.println("ERROR: Missing mandatory arguments!" + + NEWLINE); printUsage(); - System.exit( 0 ); + System.exit(0); } else { // Check for a valid DRMTOOL config file - cfgFile = new File( mDrmtoolCfgFilename ); - if( !cfgFile.exists() || - !cfgFile.isFile() || - ( cfgFile.length() == 0 ) ) { - System.err.println( "ERROR: '" + cfgFile = new File(mDrmtoolCfgFilename); + if (!cfgFile.exists() || + !cfgFile.isFile() || + (cfgFile.length() == 0)) { + System.err.println("ERROR: '" + mDrmtoolCfgFilename + "' does NOT exist, is NOT a file, " + "or is empty!" - + NEWLINE ); + + NEWLINE); printUsage(); - System.exit( 0 ); + System.exit(0); } // Check for a valid source LDIF file - sourceFile = new File( mSourceLdifFilename ); - if( !sourceFile.exists() || - !sourceFile.isFile() || - ( sourceFile.length() == 0 ) ) { - System.err.println( "ERROR: '" + sourceFile = new File(mSourceLdifFilename); + if (!sourceFile.exists() || + !sourceFile.isFile() || + (sourceFile.length() == 0)) { + System.err.println("ERROR: '" + mSourceLdifFilename + "' does NOT exist, is NOT a file, " + "or is empty!" - + NEWLINE ); + + NEWLINE); printUsage(); - System.exit( 0 ); + System.exit(0); } // Check that the target LDIF file does NOT exist - targetFile = new File( mTargetLdifFilename ); - if( targetFile.exists() ) { - System.err.println( "ERROR: '" + targetFile = new File(mTargetLdifFilename); + if (targetFile.exists()) { + System.err.println("ERROR: '" + mTargetLdifFilename + "' ALREADY exists!" - + NEWLINE ); + + NEWLINE); printUsage(); - System.exit( 0 ); + System.exit(0); } // Check that the log file does NOT exist - logFile = new File( mLogFilename ); - if( logFile.exists() ) { - System.err.println( "ERROR: '" + logFile = new File(mLogFilename); + if (logFile.exists()) { + System.err.println("ERROR: '" + mLogFilename + "' ALREADY exists!" - + NEWLINE ); + + NEWLINE); printUsage(); - System.exit( 0 ); + System.exit(0); } // Mark the 'Mandatory' flag true @@ -4731,47 +4592,47 @@ public class DRMTool // Check to see that if the 'Rewrap' command-line options were // specified, that they are all present and accounted for - if( mRewrapNameValuePairs > 0 ) { - if( mRewrapNameValuePairs != REWRAP_NAME_VALUE_PAIRS || - mSourcePKISecurityDatabasePath == null || - mSourcePKISecurityDatabasePath.length() == 0 || - mSourceStorageTokenName == null || - mSourceStorageTokenName.length() == 0 || - mSourceStorageCertNickname == null || - mSourceStorageCertNickname.length() == 0 || - mTargetStorageCertificateFilename == null || - mTargetStorageCertificateFilename.length() == 0 ) { - System.err.println( "ERROR: Missing 'Rewrap' arguments!" - + NEWLINE ); + if (mRewrapNameValuePairs > 0) { + if (mRewrapNameValuePairs != REWRAP_NAME_VALUE_PAIRS || + mSourcePKISecurityDatabasePath == null || + mSourcePKISecurityDatabasePath.length() == 0 || + mSourceStorageTokenName == null || + mSourceStorageTokenName.length() == 0 || + mSourceStorageCertNickname == null || + mSourceStorageCertNickname.length() == 0 || + mTargetStorageCertificateFilename == null || + mTargetStorageCertificateFilename.length() == 0) { + System.err.println("ERROR: Missing 'Rewrap' arguments!" + + NEWLINE); printUsage(); - System.exit( 0 ); + System.exit(0); } else { // Check for a valid path to the PKI security databases - sourceDBPath = new File( mSourcePKISecurityDatabasePath ); - if( !sourceDBPath.exists() || - !sourceDBPath.isDirectory() ) { - System.err.println( "ERROR: '" + sourceDBPath = new File(mSourcePKISecurityDatabasePath); + if (!sourceDBPath.exists() || + !sourceDBPath.isDirectory()) { + System.err.println("ERROR: '" + mSourcePKISecurityDatabasePath + "' does NOT exist or " + "'is NOT a directory!" - + NEWLINE ); + + NEWLINE); printUsage(); - System.exit( 0 ); + System.exit(0); } // Check for a valid target storage certificate file targetStorageCertFile = new File( - mTargetStorageCertificateFilename ); - if( !targetStorageCertFile.exists() || - !targetStorageCertFile.isFile() || - ( targetStorageCertFile.length() == 0 ) ) { - System.err.println( "ERROR: '" + mTargetStorageCertificateFilename); + if (!targetStorageCertFile.exists() || + !targetStorageCertFile.isFile() || + (targetStorageCertFile.length() == 0)) { + System.err.println("ERROR: '" + mTargetStorageCertificateFilename + "' does NOT exist, is NOT a file, " + "or is empty!" - + NEWLINE ); + + NEWLINE); printUsage(); - System.exit( 0 ); + System.exit(0); } // Mark the 'Rewrap' flag true @@ -4782,139 +4643,139 @@ public class DRMTool // Check to see that BOTH append 'ID Offset' command-line options // and remove 'ID Offset' command-line options were NOT specified // since these two command-line options are mutually exclusive! - if( ( mAppendIdOffsetNameValuePairs > 0 ) && - ( mRemoveIdOffsetNameValuePairs > 0 ) ) { - System.err.println( "ERROR: The 'append ID Offset' option " + if ((mAppendIdOffsetNameValuePairs > 0) && + (mRemoveIdOffsetNameValuePairs > 0)) { + System.err.println("ERROR: The 'append ID Offset' option " + "and the 'remove ID Offset' option are " + "mutually exclusive!" - + NEWLINE ); - printUsage(); - System.exit( 0 ); + + NEWLINE); + printUsage(); + System.exit(0); } // Check to see that if the 'append ID Offset' command-line options // were specified, that they are all present and accounted for - if( mAppendIdOffsetNameValuePairs > 0 ) { - if( mAppendIdOffsetNameValuePairs == ID_OFFSET_NAME_VALUE_PAIRS && - append_id_offset != null && - append_id_offset.length() != 0 ) { + if (mAppendIdOffsetNameValuePairs > 0) { + if (mAppendIdOffsetNameValuePairs == ID_OFFSET_NAME_VALUE_PAIRS && + append_id_offset != null && + append_id_offset.length() != 0) { try { - if( !append_id_offset.matches( "[0-9]++" ) ) { - System.err.println( "ERROR: '" + if (!append_id_offset.matches("[0-9]++")) { + System.err.println("ERROR: '" + append_id_offset + "' contains non-numeric " + "characters!" - + NEWLINE ); + + NEWLINE); printUsage(); - System.exit( 0 ); + System.exit(0); } else { mAppendIdOffset = new BigInteger( - append_id_offset ); + append_id_offset); // Mark the 'append ID Offset' flag true mAppendIdOffsetFlag = true; } - } catch( PatternSyntaxException exAppendPattern ) { - System.err.println( "ERROR: append_id_offset='" + } catch (PatternSyntaxException exAppendPattern) { + System.err.println("ERROR: append_id_offset='" + append_id_offset + "' PatternSyntaxException: '" + exAppendPattern.toString() + "'" - + NEWLINE ); - System.exit( 0 ); + + NEWLINE); + System.exit(0); } } else { - System.err.println( "ERROR: Missing " + System.err.println("ERROR: Missing " + "'append ID Offset' arguments!" - + NEWLINE ); + + NEWLINE); printUsage(); - System.exit( 0 ); + System.exit(0); } } // Check to see that if the 'remove ID Offset' command-line options // were specified, that they are all present and accounted for - if( mRemoveIdOffsetNameValuePairs > 0 ) { - if( mRemoveIdOffsetNameValuePairs == ID_OFFSET_NAME_VALUE_PAIRS && - remove_id_offset != null && - remove_id_offset.length() != 0 ) { + if (mRemoveIdOffsetNameValuePairs > 0) { + if (mRemoveIdOffsetNameValuePairs == ID_OFFSET_NAME_VALUE_PAIRS && + remove_id_offset != null && + remove_id_offset.length() != 0) { try { - if( !remove_id_offset.matches( "[0-9]++" ) ) { - System.err.println( "ERROR: '" + if (!remove_id_offset.matches("[0-9]++")) { + System.err.println("ERROR: '" + remove_id_offset + "' contains non-numeric " + "characters!" - + NEWLINE ); + + NEWLINE); printUsage(); - System.exit( 0 ); + System.exit(0); } else { mRemoveIdOffset = new BigInteger( - remove_id_offset ); + remove_id_offset); // Mark the 'remove ID Offset' flag true mRemoveIdOffsetFlag = true; } - } catch( PatternSyntaxException exRemovePattern ) { - System.err.println( "ERROR: remove_id_offset='" + } catch (PatternSyntaxException exRemovePattern) { + System.err.println("ERROR: remove_id_offset='" + remove_id_offset + "' PatternSyntaxException: '" + exRemovePattern.toString() + "'" - + NEWLINE ); - System.exit( 0 ); + + NEWLINE); + System.exit(0); } } else { - System.err.println( "ERROR: Missing " + System.err.println("ERROR: Missing " + "'remove ID Offset' arguments!" - + NEWLINE ); + + NEWLINE); printUsage(); - System.exit( 0 ); + System.exit(0); } } // Make certain that at least one of the "Rewrap", "Append ID Offset", // or "Remove ID Offset" options has been specified - if( !mRewrapFlag && - !mAppendIdOffsetFlag && - !mRemoveIdOffsetFlag ) { - System.err.println( "ERROR: At least one of the 'rewrap', " + if (!mRewrapFlag && + !mAppendIdOffsetFlag && + !mRemoveIdOffsetFlag) { + System.err.println("ERROR: At least one of the 'rewrap', " + "'append ID Offset', or 'remove ID Offset' " + "options MUST be specified!" - + NEWLINE ); + + NEWLINE); printUsage(); - System.exit( 0 ); + System.exit(0); } // Check to see that if the OPTIONAL // 'PKI Security Database Password File' // command-line options were specified, // that they are all present and accounted for - if( mPKISecurityDatabasePwdfileNameValuePairs > 0 ) { - if( mPKISecurityDatabasePwdfileNameValuePairs != - PWDFILE_NAME_VALUE_PAIRS || - mSourcePKISecurityDatabasePwdfile == null || - mSourcePKISecurityDatabasePwdfile.length() == 0 ) { - System.err.println( "ERROR: Missing 'Password File' " + if (mPKISecurityDatabasePwdfileNameValuePairs > 0) { + if (mPKISecurityDatabasePwdfileNameValuePairs != + PWDFILE_NAME_VALUE_PAIRS || + mSourcePKISecurityDatabasePwdfile == null || + mSourcePKISecurityDatabasePwdfile.length() == 0) { + System.err.println("ERROR: Missing 'Password File' " + "arguments!" - + NEWLINE ); + + NEWLINE); printUsage(); - System.exit( 0 ); + System.exit(0); } else { - if( mRewrapFlag ) { + if (mRewrapFlag) { // Check for a valid source PKI // security database password file sourceDBPwdfile = new - File( mSourcePKISecurityDatabasePwdfile ); - if( !sourceDBPwdfile.exists() || - !sourceDBPwdfile.isFile() || - ( sourceDBPwdfile.length() == 0 ) ) { - System.err.println( "ERROR: '" + File(mSourcePKISecurityDatabasePwdfile); + if (!sourceDBPwdfile.exists() || + !sourceDBPwdfile.isFile() || + (sourceDBPwdfile.length() == 0)) { + System.err.println("ERROR: '" + mSourcePKISecurityDatabasePwdfile + "' does NOT exist, is NOT a file, " + "or is empty!" - + NEWLINE ); + + NEWLINE); printUsage(); - System.exit( 0 ); + System.exit(0); } use_PKI_security_database_pwdfile = SPACE @@ -4932,15 +4793,15 @@ public class DRMTool // Mark the 'Password File' flag true mPwdfileFlag = true; } else { - System.err.println( "ERROR: The " + System.err.println("ERROR: The " + TIC + SOURCE_NSS_DB_PWDFILE + TIC + " option is ONLY valid when " + "performing rewrapping." - + NEWLINE ); + + NEWLINE); printUsage(); - System.exit( 0 ); + System.exit(0); } } } else { @@ -4950,19 +4811,19 @@ public class DRMTool // Check to see that if the OPTIONAL 'DRM Naming Context' command-line // options were specified, that they are all present and accounted for - if( mDrmNamingContextNameValuePairs > 0 ) { - if( mDrmNamingContextNameValuePairs != - NAMING_CONTEXT_NAME_VALUE_PAIRS || - mSourceDrmNamingContext == null || - mSourceDrmNamingContext.length() == 0 || - mTargetDrmNamingContext == null || - mTargetDrmNamingContext.length() == 0 ) { - System.err.println( "ERROR: Both 'source DRM naming context' " + if (mDrmNamingContextNameValuePairs > 0) { + if (mDrmNamingContextNameValuePairs != + NAMING_CONTEXT_NAME_VALUE_PAIRS || + mSourceDrmNamingContext == null || + mSourceDrmNamingContext.length() == 0 || + mTargetDrmNamingContext == null || + mTargetDrmNamingContext.length() == 0) { + System.err.println("ERROR: Both 'source DRM naming context' " + "and 'target DRM naming context' " + "options MUST be specified!" - + NEWLINE ); + + NEWLINE); printUsage(); - System.exit( 0 ); + System.exit(0); } else { process_drm_naming_context_fields = SPACE + SOURCE_DRM_NAMING_CONTEXT @@ -4995,268 +4856,267 @@ public class DRMTool } // Check for OPTIONAL "Process Requests and Key Records ONLY" option - if( mProcessRequestsAndKeyRecordsOnlyFlag ) { + if (mProcessRequestsAndKeyRecordsOnlyFlag) { process_requests_and_key_records_only = SPACE + PROCESS_REQUESTS_AND_KEY_RECORDS_ONLY; mProcessRequestsAndKeyRecordsOnlyMessage = SPACE + PLUS + SPACE + - DRM_LDIF_PROCESS_REQUESTS_AND_KEY_RECORDS_ONLY_MESSAGE; + DRM_LDIF_PROCESS_REQUESTS_AND_KEY_RECORDS_ONLY_MESSAGE; } else { process_requests_and_key_records_only = ""; mProcessRequestsAndKeyRecordsOnlyMessage = ""; } // Enable logging process . . . - open_log( mLogFilename ); + open_log(mLogFilename); // Begin logging progress . . . - if( mRewrapFlag && mAppendIdOffsetFlag ) { - log( "BEGIN \"" - + DRM_TOOL + SPACE - + DRMTOOL_CFG_FILE + SPACE - + mDrmtoolCfgFilename + SPACE - + SOURCE_LDIF_FILE + SPACE - + mSourceLdifFilename + SPACE - + TARGET_LDIF_FILE + SPACE - + mTargetLdifFilename + SPACE - + LOG_FILE + SPACE - + mLogFilename + SPACE - + SOURCE_NSS_DB_PATH + SPACE - + mSourcePKISecurityDatabasePath + SPACE - + SOURCE_STORAGE_TOKEN_NAME + SPACE - + TIC + mSourceStorageTokenName + TIC + SPACE - + SOURCE_STORAGE_CERT_NICKNAME + SPACE - + TIC + mSourceStorageCertNickname + TIC + SPACE - + TARGET_STORAGE_CERTIFICATE_FILE + SPACE - + mTargetStorageCertificateFilename + SPACE - + use_PKI_security_database_pwdfile - + APPEND_ID_OFFSET + SPACE - + append_id_offset - + process_drm_naming_context_fields - + process_requests_and_key_records_only - + "\" . . ." - + NEWLINE, true ); - } else if( mRewrapFlag && mRemoveIdOffsetFlag ) { - log( "BEGIN \"" - + DRM_TOOL + SPACE - + DRMTOOL_CFG_FILE + SPACE - + mDrmtoolCfgFilename + SPACE - + SOURCE_LDIF_FILE + SPACE - + mSourceLdifFilename + SPACE - + TARGET_LDIF_FILE + SPACE - + mTargetLdifFilename + SPACE - + LOG_FILE + SPACE - + mLogFilename + SPACE - + SOURCE_NSS_DB_PATH + SPACE - + mSourcePKISecurityDatabasePath + SPACE - + SOURCE_STORAGE_TOKEN_NAME + SPACE - + TIC + mSourceStorageTokenName + TIC + SPACE - + SOURCE_STORAGE_CERT_NICKNAME + SPACE - + TIC + mSourceStorageCertNickname + TIC + SPACE - + TARGET_STORAGE_CERTIFICATE_FILE + SPACE - + mTargetStorageCertificateFilename + SPACE - + use_PKI_security_database_pwdfile - + REMOVE_ID_OFFSET + SPACE - + remove_id_offset - + process_drm_naming_context_fields - + process_requests_and_key_records_only - + "\" . . ." - + NEWLINE, true ); - } else if( mRewrapFlag ) { - log( "BEGIN \"" - + DRM_TOOL + SPACE - + DRMTOOL_CFG_FILE + SPACE - + mDrmtoolCfgFilename + SPACE - + SOURCE_LDIF_FILE + SPACE - + mSourceLdifFilename + SPACE - + TARGET_LDIF_FILE + SPACE - + mTargetLdifFilename + SPACE - + LOG_FILE + SPACE - + mLogFilename + SPACE - + SOURCE_NSS_DB_PATH + SPACE - + mSourcePKISecurityDatabasePath + SPACE - + SOURCE_STORAGE_TOKEN_NAME + SPACE - + TIC + mSourceStorageTokenName + TIC + SPACE - + SOURCE_STORAGE_CERT_NICKNAME + SPACE - + TIC + mSourceStorageCertNickname + TIC + SPACE - + TARGET_STORAGE_CERTIFICATE_FILE + SPACE - + mTargetStorageCertificateFilename - + use_PKI_security_database_pwdfile - + process_drm_naming_context_fields - + process_requests_and_key_records_only - + "\" . . ." - + NEWLINE, true ); - } else if( mAppendIdOffsetFlag ) { - log( "BEGIN \"" - + DRM_TOOL + SPACE - + DRMTOOL_CFG_FILE + SPACE - + mDrmtoolCfgFilename + SPACE - + SOURCE_LDIF_FILE + SPACE - + mSourceLdifFilename + SPACE - + TARGET_LDIF_FILE + SPACE - + mTargetLdifFilename + SPACE - + LOG_FILE + SPACE - + mLogFilename + SPACE - + APPEND_ID_OFFSET + SPACE - + append_id_offset - + process_drm_naming_context_fields - + process_requests_and_key_records_only - + "\" . . ." - + NEWLINE, true ); - } else if( mRemoveIdOffsetFlag ) { - log( "BEGIN \"" - + DRM_TOOL + SPACE - + DRMTOOL_CFG_FILE + SPACE - + mDrmtoolCfgFilename + SPACE - + SOURCE_LDIF_FILE + SPACE - + mSourceLdifFilename + SPACE - + TARGET_LDIF_FILE + SPACE - + mTargetLdifFilename + SPACE - + LOG_FILE + SPACE - + mLogFilename + SPACE - + REMOVE_ID_OFFSET + SPACE - + remove_id_offset - + process_drm_naming_context_fields - + process_requests_and_key_records_only - + "\" . . ." - + NEWLINE, true ); + if (mRewrapFlag && mAppendIdOffsetFlag) { + log("BEGIN \"" + + DRM_TOOL + SPACE + + DRMTOOL_CFG_FILE + SPACE + + mDrmtoolCfgFilename + SPACE + + SOURCE_LDIF_FILE + SPACE + + mSourceLdifFilename + SPACE + + TARGET_LDIF_FILE + SPACE + + mTargetLdifFilename + SPACE + + LOG_FILE + SPACE + + mLogFilename + SPACE + + SOURCE_NSS_DB_PATH + SPACE + + mSourcePKISecurityDatabasePath + SPACE + + SOURCE_STORAGE_TOKEN_NAME + SPACE + + TIC + mSourceStorageTokenName + TIC + SPACE + + SOURCE_STORAGE_CERT_NICKNAME + SPACE + + TIC + mSourceStorageCertNickname + TIC + SPACE + + TARGET_STORAGE_CERTIFICATE_FILE + SPACE + + mTargetStorageCertificateFilename + SPACE + + use_PKI_security_database_pwdfile + + APPEND_ID_OFFSET + SPACE + + append_id_offset + + process_drm_naming_context_fields + + process_requests_and_key_records_only + + "\" . . ." + + NEWLINE, true); + } else if (mRewrapFlag && mRemoveIdOffsetFlag) { + log("BEGIN \"" + + DRM_TOOL + SPACE + + DRMTOOL_CFG_FILE + SPACE + + mDrmtoolCfgFilename + SPACE + + SOURCE_LDIF_FILE + SPACE + + mSourceLdifFilename + SPACE + + TARGET_LDIF_FILE + SPACE + + mTargetLdifFilename + SPACE + + LOG_FILE + SPACE + + mLogFilename + SPACE + + SOURCE_NSS_DB_PATH + SPACE + + mSourcePKISecurityDatabasePath + SPACE + + SOURCE_STORAGE_TOKEN_NAME + SPACE + + TIC + mSourceStorageTokenName + TIC + SPACE + + SOURCE_STORAGE_CERT_NICKNAME + SPACE + + TIC + mSourceStorageCertNickname + TIC + SPACE + + TARGET_STORAGE_CERTIFICATE_FILE + SPACE + + mTargetStorageCertificateFilename + SPACE + + use_PKI_security_database_pwdfile + + REMOVE_ID_OFFSET + SPACE + + remove_id_offset + + process_drm_naming_context_fields + + process_requests_and_key_records_only + + "\" . . ." + + NEWLINE, true); + } else if (mRewrapFlag) { + log("BEGIN \"" + + DRM_TOOL + SPACE + + DRMTOOL_CFG_FILE + SPACE + + mDrmtoolCfgFilename + SPACE + + SOURCE_LDIF_FILE + SPACE + + mSourceLdifFilename + SPACE + + TARGET_LDIF_FILE + SPACE + + mTargetLdifFilename + SPACE + + LOG_FILE + SPACE + + mLogFilename + SPACE + + SOURCE_NSS_DB_PATH + SPACE + + mSourcePKISecurityDatabasePath + SPACE + + SOURCE_STORAGE_TOKEN_NAME + SPACE + + TIC + mSourceStorageTokenName + TIC + SPACE + + SOURCE_STORAGE_CERT_NICKNAME + SPACE + + TIC + mSourceStorageCertNickname + TIC + SPACE + + TARGET_STORAGE_CERTIFICATE_FILE + SPACE + + mTargetStorageCertificateFilename + + use_PKI_security_database_pwdfile + + process_drm_naming_context_fields + + process_requests_and_key_records_only + + "\" . . ." + + NEWLINE, true); + } else if (mAppendIdOffsetFlag) { + log("BEGIN \"" + + DRM_TOOL + SPACE + + DRMTOOL_CFG_FILE + SPACE + + mDrmtoolCfgFilename + SPACE + + SOURCE_LDIF_FILE + SPACE + + mSourceLdifFilename + SPACE + + TARGET_LDIF_FILE + SPACE + + mTargetLdifFilename + SPACE + + LOG_FILE + SPACE + + mLogFilename + SPACE + + APPEND_ID_OFFSET + SPACE + + append_id_offset + + process_drm_naming_context_fields + + process_requests_and_key_records_only + + "\" . . ." + + NEWLINE, true); + } else if (mRemoveIdOffsetFlag) { + log("BEGIN \"" + + DRM_TOOL + SPACE + + DRMTOOL_CFG_FILE + SPACE + + mDrmtoolCfgFilename + SPACE + + SOURCE_LDIF_FILE + SPACE + + mSourceLdifFilename + SPACE + + TARGET_LDIF_FILE + SPACE + + mTargetLdifFilename + SPACE + + LOG_FILE + SPACE + + mLogFilename + SPACE + + REMOVE_ID_OFFSET + SPACE + + remove_id_offset + + process_drm_naming_context_fields + + process_requests_and_key_records_only + + "\" . . ." + + NEWLINE, true); } // Process the DRMTOOL config file success = process_drmtool_config_file(); - if( !success ) { - log( "FAILED processing drmtool config file!" - + NEWLINE, true ); + if (!success) { + log("FAILED processing drmtool config file!" + + NEWLINE, true); } else { - log( "SUCCESSFULLY processed drmtool config file!" - + NEWLINE, true ); + log("SUCCESSFULLY processed drmtool config file!" + + NEWLINE, true); // Convert the source LDIF file to a target LDIF file success = convert_source_ldif_to_target_ldif(); - if( !success ) { - log( "FAILED converting source LDIF file --> target LDIF file!" - + NEWLINE, true ); + if (!success) { + log("FAILED converting source LDIF file --> target LDIF file!" + + NEWLINE, true); } else { - log( "SUCCESSFULLY converted source LDIF file --> " - + "target LDIF file!" - + NEWLINE, true ); + log("SUCCESSFULLY converted source LDIF file --> " + + "target LDIF file!" + + NEWLINE, true); } } // Finish logging progress - if( mRewrapFlag && mAppendIdOffsetFlag ) { - log( "FINISHED \"" - + DRM_TOOL + SPACE - + DRMTOOL_CFG_FILE + SPACE - + mDrmtoolCfgFilename + SPACE - + SOURCE_LDIF_FILE + SPACE - + mSourceLdifFilename + SPACE - + TARGET_LDIF_FILE + SPACE - + mTargetLdifFilename + SPACE - + LOG_FILE + SPACE - + mLogFilename + SPACE - + SOURCE_NSS_DB_PATH + SPACE - + mSourcePKISecurityDatabasePath + SPACE - + SOURCE_STORAGE_TOKEN_NAME + SPACE - + TIC + mSourceStorageTokenName + TIC + SPACE - + SOURCE_STORAGE_CERT_NICKNAME + SPACE - + TIC + mSourceStorageCertNickname + TIC + SPACE - + TARGET_STORAGE_CERTIFICATE_FILE + SPACE - + mTargetStorageCertificateFilename + SPACE - + use_PKI_security_database_pwdfile - + APPEND_ID_OFFSET + SPACE - + append_id_offset - + process_drm_naming_context_fields - + process_requests_and_key_records_only - + "\"." - + NEWLINE, true ); - } else if( mRewrapFlag && mRemoveIdOffsetFlag ) { - log( "FINISHED \"" - + DRM_TOOL + SPACE - + DRMTOOL_CFG_FILE + SPACE - + mDrmtoolCfgFilename + SPACE - + SOURCE_LDIF_FILE + SPACE - + mSourceLdifFilename + SPACE - + TARGET_LDIF_FILE + SPACE - + mTargetLdifFilename + SPACE - + LOG_FILE + SPACE - + mLogFilename + SPACE - + SOURCE_NSS_DB_PATH + SPACE - + mSourcePKISecurityDatabasePath + SPACE - + SOURCE_STORAGE_TOKEN_NAME + SPACE - + TIC + mSourceStorageTokenName + TIC + SPACE - + SOURCE_STORAGE_CERT_NICKNAME + SPACE - + TIC + mSourceStorageCertNickname + TIC + SPACE - + TARGET_STORAGE_CERTIFICATE_FILE + SPACE - + mTargetStorageCertificateFilename + SPACE - + use_PKI_security_database_pwdfile - + REMOVE_ID_OFFSET + SPACE - + remove_id_offset - + process_drm_naming_context_fields - + process_requests_and_key_records_only - + "\"." - + NEWLINE, true ); - } else if( mRewrapFlag ) { - log( "FINISHED \"" - + DRM_TOOL + SPACE - + DRMTOOL_CFG_FILE + SPACE - + mDrmtoolCfgFilename + SPACE - + SOURCE_LDIF_FILE + SPACE - + mSourceLdifFilename + SPACE - + TARGET_LDIF_FILE + SPACE - + mTargetLdifFilename + SPACE - + LOG_FILE + SPACE - + mLogFilename + SPACE - + SOURCE_NSS_DB_PATH + SPACE - + mSourcePKISecurityDatabasePath + SPACE - + SOURCE_STORAGE_TOKEN_NAME + SPACE - + TIC + mSourceStorageTokenName + TIC + SPACE - + SOURCE_STORAGE_CERT_NICKNAME + SPACE - + TIC + mSourceStorageCertNickname + TIC + SPACE - + TARGET_STORAGE_CERTIFICATE_FILE + SPACE - + mTargetStorageCertificateFilename - + use_PKI_security_database_pwdfile - + process_drm_naming_context_fields - + process_requests_and_key_records_only - + "\"." - + NEWLINE, true ); - } else if( mAppendIdOffsetFlag ) { - log( "FINISHED \"" - + DRM_TOOL + SPACE - + DRMTOOL_CFG_FILE + SPACE - + mDrmtoolCfgFilename + SPACE - + SOURCE_LDIF_FILE + SPACE - + mSourceLdifFilename + SPACE - + TARGET_LDIF_FILE + SPACE - + mTargetLdifFilename + SPACE - + LOG_FILE + SPACE - + mLogFilename + SPACE - + APPEND_ID_OFFSET + SPACE - + append_id_offset - + process_drm_naming_context_fields - + process_requests_and_key_records_only - + "\"." - + NEWLINE, true ); - } else if( mRemoveIdOffsetFlag ) { - log( "FINISHED \"" - + DRM_TOOL + SPACE - + DRMTOOL_CFG_FILE + SPACE - + mDrmtoolCfgFilename + SPACE - + SOURCE_LDIF_FILE + SPACE - + mSourceLdifFilename + SPACE - + TARGET_LDIF_FILE + SPACE - + mTargetLdifFilename + SPACE - + LOG_FILE + SPACE - + mLogFilename + SPACE - + REMOVE_ID_OFFSET + SPACE - + remove_id_offset - + process_drm_naming_context_fields - + process_requests_and_key_records_only - + "\"." - + NEWLINE, true ); + if (mRewrapFlag && mAppendIdOffsetFlag) { + log("FINISHED \"" + + DRM_TOOL + SPACE + + DRMTOOL_CFG_FILE + SPACE + + mDrmtoolCfgFilename + SPACE + + SOURCE_LDIF_FILE + SPACE + + mSourceLdifFilename + SPACE + + TARGET_LDIF_FILE + SPACE + + mTargetLdifFilename + SPACE + + LOG_FILE + SPACE + + mLogFilename + SPACE + + SOURCE_NSS_DB_PATH + SPACE + + mSourcePKISecurityDatabasePath + SPACE + + SOURCE_STORAGE_TOKEN_NAME + SPACE + + TIC + mSourceStorageTokenName + TIC + SPACE + + SOURCE_STORAGE_CERT_NICKNAME + SPACE + + TIC + mSourceStorageCertNickname + TIC + SPACE + + TARGET_STORAGE_CERTIFICATE_FILE + SPACE + + mTargetStorageCertificateFilename + SPACE + + use_PKI_security_database_pwdfile + + APPEND_ID_OFFSET + SPACE + + append_id_offset + + process_drm_naming_context_fields + + process_requests_and_key_records_only + + "\"." + + NEWLINE, true); + } else if (mRewrapFlag && mRemoveIdOffsetFlag) { + log("FINISHED \"" + + DRM_TOOL + SPACE + + DRMTOOL_CFG_FILE + SPACE + + mDrmtoolCfgFilename + SPACE + + SOURCE_LDIF_FILE + SPACE + + mSourceLdifFilename + SPACE + + TARGET_LDIF_FILE + SPACE + + mTargetLdifFilename + SPACE + + LOG_FILE + SPACE + + mLogFilename + SPACE + + SOURCE_NSS_DB_PATH + SPACE + + mSourcePKISecurityDatabasePath + SPACE + + SOURCE_STORAGE_TOKEN_NAME + SPACE + + TIC + mSourceStorageTokenName + TIC + SPACE + + SOURCE_STORAGE_CERT_NICKNAME + SPACE + + TIC + mSourceStorageCertNickname + TIC + SPACE + + TARGET_STORAGE_CERTIFICATE_FILE + SPACE + + mTargetStorageCertificateFilename + SPACE + + use_PKI_security_database_pwdfile + + REMOVE_ID_OFFSET + SPACE + + remove_id_offset + + process_drm_naming_context_fields + + process_requests_and_key_records_only + + "\"." + + NEWLINE, true); + } else if (mRewrapFlag) { + log("FINISHED \"" + + DRM_TOOL + SPACE + + DRMTOOL_CFG_FILE + SPACE + + mDrmtoolCfgFilename + SPACE + + SOURCE_LDIF_FILE + SPACE + + mSourceLdifFilename + SPACE + + TARGET_LDIF_FILE + SPACE + + mTargetLdifFilename + SPACE + + LOG_FILE + SPACE + + mLogFilename + SPACE + + SOURCE_NSS_DB_PATH + SPACE + + mSourcePKISecurityDatabasePath + SPACE + + SOURCE_STORAGE_TOKEN_NAME + SPACE + + TIC + mSourceStorageTokenName + TIC + SPACE + + SOURCE_STORAGE_CERT_NICKNAME + SPACE + + TIC + mSourceStorageCertNickname + TIC + SPACE + + TARGET_STORAGE_CERTIFICATE_FILE + SPACE + + mTargetStorageCertificateFilename + + use_PKI_security_database_pwdfile + + process_drm_naming_context_fields + + process_requests_and_key_records_only + + "\"." + + NEWLINE, true); + } else if (mAppendIdOffsetFlag) { + log("FINISHED \"" + + DRM_TOOL + SPACE + + DRMTOOL_CFG_FILE + SPACE + + mDrmtoolCfgFilename + SPACE + + SOURCE_LDIF_FILE + SPACE + + mSourceLdifFilename + SPACE + + TARGET_LDIF_FILE + SPACE + + mTargetLdifFilename + SPACE + + LOG_FILE + SPACE + + mLogFilename + SPACE + + APPEND_ID_OFFSET + SPACE + + append_id_offset + + process_drm_naming_context_fields + + process_requests_and_key_records_only + + "\"." + + NEWLINE, true); + } else if (mRemoveIdOffsetFlag) { + log("FINISHED \"" + + DRM_TOOL + SPACE + + DRMTOOL_CFG_FILE + SPACE + + mDrmtoolCfgFilename + SPACE + + SOURCE_LDIF_FILE + SPACE + + mSourceLdifFilename + SPACE + + TARGET_LDIF_FILE + SPACE + + mTargetLdifFilename + SPACE + + LOG_FILE + SPACE + + mLogFilename + SPACE + + REMOVE_ID_OFFSET + SPACE + + remove_id_offset + + process_drm_naming_context_fields + + process_requests_and_key_records_only + + "\"." + + NEWLINE, true); } // Shutdown logging process - close_log( mLogFilename ); + close_log(mLogFilename); } } - diff --git a/pki/base/java-tools/src/com/netscape/cmstools/ExtJoiner.java b/pki/base/java-tools/src/com/netscape/cmstools/ExtJoiner.java index f7f90a52..4362839e 100644 --- a/pki/base/java-tools/src/com/netscape/cmstools/ExtJoiner.java +++ b/pki/base/java-tools/src/com/netscape/cmstools/ExtJoiner.java @@ -17,31 +17,30 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cmstools; - import java.io.FileInputStream; import java.io.IOException; import netscape.security.util.DerOutputStream; import netscape.security.util.DerValue; - /** - * This program joins a sequence of extensions together + * This program joins a sequence of extensions together * so that the final output can be used in configuration * wizard for specifing extra extensions in default * certificates (i.e. CA certificate, SSL certificate). - * + * * Usage: + * * <pre> * ExtJoiner \ * <ext_file0> <ext_file1> ... <ext_fileN> - * + * * where, * <ext_file> is a file that has the base64 * encoded DER encoding of an X509 Extension * * ExtensionSequence ::= SEQUENCE OF Extension; - * + * * 0 30 142: SEQUENCE { * 3 30 69: SEQUENCE { * 5 06 3: OBJECT IDENTIFIER issuerAltName (2 5 29 18) @@ -61,7 +60,7 @@ import netscape.security.util.DerValue; * : } * : } * </pre> - * + * * @version $Revision$, $Date$ */ public class ExtJoiner { @@ -88,8 +87,8 @@ public class ExtJoiner { } } - public static byte[] getFileData(String fileName) - throws IOException { + public static byte[] getFileData(String fileName) + throws IOException { FileInputStream fis = new FileInputStream(fileName); byte data[] = new byte[fis.available()]; @@ -98,6 +97,6 @@ public class ExtJoiner { } finally { fis.close(); } - return com.netscape.osutil.OSUtil.AtoB(new String(data)); + return com.netscape.osutil.OSUtil.AtoB(new String(data)); } } diff --git a/pki/base/java-tools/src/com/netscape/cmstools/GenExtKeyUsage.java b/pki/base/java-tools/src/com/netscape/cmstools/GenExtKeyUsage.java index 9fffce3f..fc3511f2 100644 --- a/pki/base/java-tools/src/com/netscape/cmstools/GenExtKeyUsage.java +++ b/pki/base/java-tools/src/com/netscape/cmstools/GenExtKeyUsage.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cmstools; - import java.util.Vector; import netscape.security.util.DerOutputStream; @@ -25,14 +24,13 @@ import netscape.security.util.DerValue; import netscape.security.util.ObjectIdentifier; import netscape.security.x509.Extension; - /** * Generates a DER-encoded Extended Key Usage extension. * The first parameter is the criticality of the extension, true or false. * The OIDs to be included in the extension are passed as command-line - * arguments. The OIDs are described in RFC 2459. For example, + * arguments. The OIDs are described in RFC 2459. For example, * the OID for code signing is 1.3.6.1.5.5.7.3.3. - * + * * @version $Revision$, $Date$ */ public class GenExtKeyUsage { @@ -42,7 +40,7 @@ public class GenExtKeyUsage { if (args.length < 2) { System.out.println("Usage: GenExtKeyUsage [true|false] <OID> ..."); System.exit(-1); - } + } boolean critical = false; diff --git a/pki/base/java-tools/src/com/netscape/cmstools/GenIssuerAltNameExt.java b/pki/base/java-tools/src/com/netscape/cmstools/GenIssuerAltNameExt.java index 60913224..622655ae 100644 --- a/pki/base/java-tools/src/com/netscape/cmstools/GenIssuerAltNameExt.java +++ b/pki/base/java-tools/src/com/netscape/cmstools/GenIssuerAltNameExt.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cmstools; - import java.io.ByteArrayOutputStream; import java.net.InetAddress; @@ -32,17 +31,17 @@ import netscape.security.x509.RFC822Name; import netscape.security.x509.URIName; import netscape.security.x509.X500Name; - /** * This program generates an issuer alternative name extension - * in base-64 encoding. The encoding output can be used with + * in base-64 encoding. The encoding output can be used with * the configuration wizard. - * + * * Usage: + * * <pre> * GenIssuerAltNameExt \ * <general_type0> <general_name0> ... <general_typeN> <general_nameN> - * + * * where, * <general_type> can be one of the following string: * DNSName @@ -54,7 +53,7 @@ import netscape.security.x509.X500Name; * X500Name * <general_name> is string * </pre> - * + * * @version $Revision$, $Date$ */ public class GenIssuerAltNameExt { @@ -68,15 +67,15 @@ public class GenIssuerAltNameExt { GeneralNames gns = new GeneralNames(); for (int i = 0; i < args.length; i += 2) { - GeneralNameInterface gni = - buildGeneralNameInterface( - args[i], args[i + 1]); + GeneralNameInterface gni = + buildGeneralNameInterface( + args[i], args[i + 1]); gns.addElement(gni); } - IssuerAlternativeNameExtension sane = - new IssuerAlternativeNameExtension(gns); + IssuerAlternativeNameExtension sane = + new IssuerAlternativeNameExtension(gns); output(sane); } catch (Exception e) { @@ -85,14 +84,14 @@ public class GenIssuerAltNameExt { } public static void output(IssuerAlternativeNameExtension ext) - throws Exception { - ByteArrayOutputStream os = new ByteArrayOutputStream(); + throws Exception { + ByteArrayOutputStream os = new ByteArrayOutputStream(); ext.encode(os); System.out.println( - com.netscape.osutil.OSUtil.BtoA(os.toByteArray()) - ); + com.netscape.osutil.OSUtil.BtoA(os.toByteArray()) + ); } public static void doUsage() { @@ -111,7 +110,7 @@ public class GenIssuerAltNameExt { } public static GeneralNameInterface buildGeneralNameInterface( - String type, String value) throws Exception { + String type, String value) throws Exception { if (type.equals("DNSName")) { return new DNSName(value); } else if (type.equals("EDIPartyName")) { @@ -129,8 +128,8 @@ public class GenIssuerAltNameExt { } else if (type.equals("X500Name")) { return new X500Name(value); } else { - System.out.println("Error: unknown general_type " + - type); + System.out.println("Error: unknown general_type " + + type); doUsage(); System.exit(0); return null; diff --git a/pki/base/java-tools/src/com/netscape/cmstools/GenSubjectAltNameExt.java b/pki/base/java-tools/src/com/netscape/cmstools/GenSubjectAltNameExt.java index 52fefe57..66a1a580 100644 --- a/pki/base/java-tools/src/com/netscape/cmstools/GenSubjectAltNameExt.java +++ b/pki/base/java-tools/src/com/netscape/cmstools/GenSubjectAltNameExt.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cmstools; - import java.io.ByteArrayOutputStream; import java.net.InetAddress; @@ -32,17 +31,17 @@ import netscape.security.x509.SubjectAlternativeNameExtension; import netscape.security.x509.URIName; import netscape.security.x509.X500Name; - /** * This program generates an subject alternative name extension * in base-64 encoding. The encoding output can be used with * the configuration wizard. - * + * * Usage: + * * <pre> * GenSubjectAltNameExt \ * <general_type0> <general_name0> ... <general_typeN> <general_nameN> - * + * * where, * <general_type> can be one of the following string: * DNSName @@ -54,7 +53,7 @@ import netscape.security.x509.X500Name; * X500Name * <general_name> is string * </pre> - * + * * @version $Revision$, $Date$ */ public class GenSubjectAltNameExt { @@ -68,15 +67,15 @@ public class GenSubjectAltNameExt { GeneralNames gns = new GeneralNames(); for (int i = 0; i < args.length; i += 2) { - GeneralNameInterface gni = - buildGeneralNameInterface( - args[i], args[i + 1]); + GeneralNameInterface gni = + buildGeneralNameInterface( + args[i], args[i + 1]); gns.addElement(gni); } - SubjectAlternativeNameExtension sane = - new SubjectAlternativeNameExtension(gns); + SubjectAlternativeNameExtension sane = + new SubjectAlternativeNameExtension(gns); output(sane); } catch (Exception e) { @@ -85,14 +84,14 @@ public class GenSubjectAltNameExt { } public static void output(SubjectAlternativeNameExtension ext) - throws Exception { - ByteArrayOutputStream os = new ByteArrayOutputStream(); + throws Exception { + ByteArrayOutputStream os = new ByteArrayOutputStream(); ext.encode(os); System.out.println( - com.netscape.osutil.OSUtil.BtoA(os.toByteArray()) - ); + com.netscape.osutil.OSUtil.BtoA(os.toByteArray()) + ); } public static void doUsage() { @@ -111,7 +110,7 @@ public class GenSubjectAltNameExt { } public static GeneralNameInterface buildGeneralNameInterface( - String type, String value) throws Exception { + String type, String value) throws Exception { if (type.equals("DNSName")) { return new DNSName(value); } else if (type.equals("EDIPartyName")) { @@ -129,8 +128,8 @@ public class GenSubjectAltNameExt { } else if (type.equals("X500Name")) { return new X500Name(value); } else { - System.out.println("Error: unknown general_type " + - type); + System.out.println("Error: unknown general_type " + + type); doUsage(); System.exit(0); return null; diff --git a/pki/base/java-tools/src/com/netscape/cmstools/HttpClient.java b/pki/base/java-tools/src/com/netscape/cmstools/HttpClient.java index 0b9d3932..68e5fb5a 100644 --- a/pki/base/java-tools/src/com/netscape/cmstools/HttpClient.java +++ b/pki/base/java-tools/src/com/netscape/cmstools/HttpClient.java @@ -42,19 +42,17 @@ import org.mozilla.jss.ssl.SSLHandshakeCompletedListener; import org.mozilla.jss.ssl.SSLSocket; import org.mozilla.jss.util.Password; - /** * This class implements a CMC Enroll client for testing. - * + * * @version $Revision$, $Date$ */ -public class HttpClient -{ +public class HttpClient { private String _host = null; private int _port = 0; private boolean _secure = false; - public static final int ARGC = 1; + public static final int ARGC = 1; static final int cipherSuites[] = { SSLSocket.SSL3_RSA_WITH_RC4_128_MD5, SSLSocket.SSL3_RSA_WITH_3DES_EDE_CBC_SHA, @@ -65,9 +63,8 @@ public class HttpClient 0 }; - public HttpClient(String host, int port, String secure) - throws Exception - { + public HttpClient(String host, int port, String secure) + throws Exception { _host = host; _port = port; if (secure.equals("true")) @@ -81,81 +78,77 @@ public class HttpClient long length = file.length(); if (length > Integer.MAX_VALUE) { - throw new IOException("Input file " + filename + - " is too large. Must be smaller than " + Integer.MAX_VALUE); + throw new IOException("Input file " + filename + + " is too large. Must be smaller than " + Integer.MAX_VALUE); } - byte[] bytes = new byte[(int)length]; + byte[] bytes = new byte[(int) length]; int offset = 0; int numRead = 0; while (offset < bytes.length - && (numRead=is.read(bytes, offset, bytes.length-offset)) >= 0) { + && (numRead = is.read(bytes, offset, bytes.length - offset)) >= 0) { offset += numRead; } if (offset < bytes.length) { - throw new IOException("Could not completely read file "+filename); + throw new IOException("Could not completely read file " + filename); } is.close(); return bytes; } + public void send(String ifilename, String ofilename, String dbdir, + String nickname, String password, String servlet, String clientmode) + throws Exception { + byte[] b = getBytesFromFile(ifilename); - public void send(String ifilename, String ofilename, String dbdir, - String nickname, String password, String servlet, String clientmode) - throws Exception - { - byte[] b = getBytesFromFile(ifilename); - - System.out.println("Total number of bytes read = "+b.length); + System.out.println("Total number of bytes read = " + b.length); DataOutputStream dos = null; InputStream is = null; if (_secure) { try { CryptoManager.InitializationValues vals = - new CryptoManager.InitializationValues(dbdir, "", "", "secmod.db"); + new CryptoManager.InitializationValues(dbdir, "", "", "secmod.db"); CryptoManager.initialize(vals); SSLSocket socket = new SSLSocket(_host, _port); int i; - for (i = SSLSocket.SSL2_RC4_128_WITH_MD5; - i <= SSLSocket.SSL2_RC2_128_CBC_EXPORT40_WITH_MD5; ++i) { + for (i = SSLSocket.SSL2_RC4_128_WITH_MD5; i <= SSLSocket.SSL2_RC2_128_CBC_EXPORT40_WITH_MD5; ++i) { try { socket.setCipherPreference(i, true); - } catch( SocketException e) { + } catch (SocketException e) { } } //skip SSL_EN_IDEA_128_EDE3_CBC_WITH_MD5 - for (i = SSLSocket.SSL2_DES_64_CBC_WITH_MD5; - i <= SSLSocket.SSL2_DES_192_EDE3_CBC_WITH_MD5; ++i) { - try { + for (i = SSLSocket.SSL2_DES_64_CBC_WITH_MD5; i <= SSLSocket.SSL2_DES_192_EDE3_CBC_WITH_MD5; ++i) { + try { socket.setCipherPreference(i, true); - } catch( SocketException e) { + } catch (SocketException e) { } } for (i = 0; cipherSuites[i] != 0; ++i) { try { socket.setCipherPreference(cipherSuites[i], true); - } catch( SocketException e) { + } catch (SocketException e) { } } SSLHandshakeCompletedListener listener = new ClientHandshakeCB(this); - socket.addHandshakeCompletedListener(listener); + socket.addHandshakeCompletedListener(listener); if (clientmode != null && clientmode.equals("true")) { CryptoManager cm = CryptoManager.getInstance(); CryptoToken token = cm.getInternalKeyStorageToken(); - Password pass = new Password(password.toCharArray()); + Password pass = new Password(password.toCharArray()); token.login(pass); - CryptoStore store = token.getCryptoStore(); - X509Certificate cert = cm.findCertByNickname(nickname); + CryptoStore store = token.getCryptoStore(); + X509Certificate cert = cm.findCertByNickname(nickname); if (cert == null) - System.out.println("client cert is null"); + System.out.println("client cert is null"); else - System.out.println("client cert is not null"); + System.out.println("client cert is not null"); socket.setUseClientMode(true); socket.setClientCertNickname(nickname); } @@ -164,7 +157,7 @@ public class HttpClient dos = new DataOutputStream(socket.getOutputStream()); is = socket.getInputStream(); } catch (Exception e) { - System.out.println("Exception: "+e.toString()); + System.out.println("Exception: " + e.toString()); return; } } else { @@ -178,12 +171,12 @@ public class HttpClient System.out.println("Missing servlet name."); printUsage(); } else { - String s = "POST "+servlet+" HTTP/1.0\r\n"; + String s = "POST " + servlet + " HTTP/1.0\r\n"; dos.writeBytes(s); - } - dos.writeBytes("Content-length: " + b.length + "\r\n"); - dos.writeBytes("\r\n"); - dos.write(b); + } + dos.writeBytes("Content-length: " + b.length + "\r\n"); + dos.writeBytes("\r\n"); + dos.write(b); dos.flush(); FileOutputStream fof = new FileOutputStream(ofilename); @@ -191,8 +184,7 @@ public class HttpClient int sum = 0; boolean hack = false; try { - while (true) - { + while (true) { int r = is.read(); if (r == -1) break; @@ -217,7 +209,7 @@ public class HttpClient fof.close(); byte[] bout = getBytesFromFile(ofilename); - System.out.println("Total number of bytes read = "+ bout.length); + System.out.println("Total number of bytes read = " + bout.length); ByteArrayOutputStream bs = new ByteArrayOutputStream(); PrintStream ps = new PrintStream(bs); @@ -225,7 +217,7 @@ public class HttpClient System.out.println(bs.toString()); System.out.println(""); - System.out.println("The response in binary format is stored in "+ofilename); + System.out.println("The response in binary format is stored in " + ofilename); System.out.println(""); } @@ -273,17 +265,16 @@ public class HttpClient System.exit(0); } - public static void main(String args[]) - { - String host = null, portstr = null, secure = null, dbdir = null, nickname = null ; + public static void main(String args[]) { + String host = null, portstr = null, secure = null, dbdir = null, nickname = null; String password = null, ofilename = null, ifilename = null; String servlet = null; String clientmode = null; - System.out.println(""); + System.out.println(""); // Check that the correct # of arguments were submitted to the program - if( args.length != ( ARGC ) ) { + if (args.length != (ARGC)) { System.out.println("Wrong number of parameters:" + args.length); printUsage(); } @@ -293,9 +284,9 @@ public class HttpClient try { reader = new BufferedReader(new InputStreamReader( new BufferedInputStream( - new FileInputStream(configFile)))); + new FileInputStream(configFile)))); } catch (FileNotFoundException e) { - System.out.println("HttpClient: can't find configuration file: "+configFile); + System.out.println("HttpClient: can't find configuration file: " + configFile); printUsage(); System.exit(1); } catch (Exception e) { @@ -314,7 +305,7 @@ public class HttpClient String name = tokenizer.nextToken(); String val = null; if (tokenizer.countTokens() > 0) - val = tokenizer.nextToken(); + val = tokenizer.nextToken(); if (name.equals("host")) { host = val; } else if (name.equals("port")) { @@ -370,7 +361,7 @@ public class HttpClient } int port = Integer.parseInt(portstr); - + if (secure != null && secure.equals("true")) { if (dbdir == null) { System.out.println("Missing directory name for the cert7.db."); @@ -390,8 +381,8 @@ public class HttpClient } try { - HttpClient client = - new HttpClient(host, port, secure); + HttpClient client = + new HttpClient(host, port, secure); client.send(ifilename, ofilename, dbdir, nickname, password, servlet, clientmode); } catch (Exception e) { System.out.println("Error: " + e.toString()); diff --git a/pki/base/java-tools/src/com/netscape/cmstools/OCSPClient.java b/pki/base/java-tools/src/com/netscape/cmstools/OCSPClient.java index df18a3e5..a3e885e9 100644 --- a/pki/base/java-tools/src/com/netscape/cmstools/OCSPClient.java +++ b/pki/base/java-tools/src/com/netscape/cmstools/OCSPClient.java @@ -56,232 +56,221 @@ import com.netscape.cmsutil.ocsp.SingleResponse; import com.netscape.cmsutil.ocsp.TBSRequest; import com.netscape.cmsutil.ocsp.UnknownInfo; - /** * This class implements a OCSP client for testing. - * + * * @version $Revision$, $Date$ */ -public class OCSPClient -{ +public class OCSPClient { private String _host = null; private int _port = 0; - public OCSPClient(String host, int port, String dbdir) - throws Exception - { + public OCSPClient(String host, int port, String dbdir) + throws Exception { _host = host; _port = port; CryptoManager.initialize(dbdir); } - public void send(String uri, String nickname, int serialno, String output) - throws Exception - { - CryptoManager manager = CryptoManager.getInstance(); + public void send(String uri, String nickname, int serialno, String output) + throws Exception { + CryptoManager manager = CryptoManager.getInstance(); X509Certificate caCert = manager.findCertByNickname(nickname); OCSPRequest request = getOCSPRequest(caCert, serialno); - ByteArrayOutputStream os = new ByteArrayOutputStream(); - request.encode(os); - byte request_data[] = os.toByteArray(); + ByteArrayOutputStream os = new ByteArrayOutputStream(); + request.encode(os); + byte request_data[] = os.toByteArray(); sendOCSPRequest(uri, _host, _port, request_data, output); } - public void sendRequestData(String uri, String nickname, byte request_data[], String output) - throws Exception - { + public void sendRequestData(String uri, String nickname, byte request_data[], String output) + throws Exception { sendOCSPRequest(uri, _host, _port, request_data, output); } - public OCSPRequest getOCSPRequest(X509Certificate caCert, int serialno) - throws Exception - { + public OCSPRequest getOCSPRequest(X509Certificate caCert, int serialno) + throws Exception { MessageDigest md = MessageDigest.getInstance("SHA"); // calculate issuer key hash X509CertImpl x509Cert = new X509CertImpl(caCert.getEncoded()); - X509Key x509key = (X509Key)x509Cert.getPublicKey(); + X509Key x509key = (X509Key) x509Cert.getPublicKey(); byte issuerKeyHash[] = md.digest(x509key.getKey()); // calculate name hash - X500Name name = (X500Name)x509Cert.getSubjectDN(); + X500Name name = (X500Name) x509Cert.getSubjectDN(); byte issuerNameHash[] = md.digest(name.getEncoded()); // constructing the OCSP request CertID certid = new CertID( - new AlgorithmIdentifier( - new OBJECT_IDENTIFIER("1.3.14.3.2.26"), new NULL()), - new OCTET_STRING(issuerNameHash), - new OCTET_STRING(issuerKeyHash), + new AlgorithmIdentifier( + new OBJECT_IDENTIFIER("1.3.14.3.2.26"), new NULL()), + new OCTET_STRING(issuerNameHash), + new OCTET_STRING(issuerKeyHash), new INTEGER(serialno)); Request request = new Request(certid, null); SEQUENCE requestList = new SEQUENCE(); requestList.addElement(request); - TBSRequest tbsRequest = new TBSRequest(null,null,requestList,null); + TBSRequest tbsRequest = new TBSRequest(null, null, requestList, null); return new OCSPRequest(tbsRequest, null); } - public void sendOCSPRequest(String uri, String host, int port, - byte request_data[], String output) throws Exception - { + public void sendOCSPRequest(String uri, String host, int port, + byte request_data[], String output) throws Exception { Socket socket = new Socket(host, port); // send request System.out.println("URI: " + uri); - DataOutputStream dos = new DataOutputStream(socket.getOutputStream()); - dos.writeBytes("POST " + uri + " HTTP/1.0\r\n"); - dos.writeBytes("Content-length: " + request_data.length + "\r\n"); - dos.writeBytes("\r\n"); - dos.write(request_data); + DataOutputStream dos = new DataOutputStream(socket.getOutputStream()); + dos.writeBytes("POST " + uri + " HTTP/1.0\r\n"); + dos.writeBytes("Content-length: " + request_data.length + "\r\n"); + dos.writeBytes("\r\n"); + dos.write(request_data); dos.flush(); System.out.println("Data Length: " + request_data.length); System.out.println("Data: " + com.netscape.osutil.OSUtil.BtoA(request_data)); - InputStream iiss = socket.getInputStream(); + InputStream iiss = socket.getInputStream(); FileOutputStream fof = new FileOutputStream(output); - boolean startSaving = false; - int sum = 0; - boolean hack = false; - try { - while (true) - { - int r = iiss.read(); - if (r == -1) - break; - if (r == 10) { - sum++; - } - if (sum == 6) { - startSaving = true; - continue; - } - if (startSaving) { - if (hack) { - fof.write(r); - } - if (hack == false) { - hack = true; - } - } + boolean startSaving = false; + int sum = 0; + boolean hack = false; + try { + while (true) { + int r = iiss.read(); + if (r == -1) + break; + if (r == 10) { + sum++; + } + if (sum == 6) { + startSaving = true; + continue; + } + if (startSaving) { + if (hack) { + fof.write(r); + } + if (hack == false) { + hack = true; + } + } } // while - } catch (IOException e) { - } + } catch (IOException e) { + } fof.close(); - // parse OCSPResponse + // parse OCSPResponse BufferedInputStream fis = - new BufferedInputStream( - new FileInputStream(output)); + new BufferedInputStream( + new FileInputStream(output)); OCSPResponse resp = (OCSPResponse) - OCSPResponse.getTemplate().decode(fis); - OCSPResponseStatus status = resp.getResponseStatus(); + OCSPResponse.getTemplate().decode(fis); + OCSPResponseStatus status = resp.getResponseStatus(); ResponseBytes bytes = resp.getResponseBytes(); - BasicOCSPResponse basic = (BasicOCSPResponse) - BasicOCSPResponse.getTemplate().decode( - new ByteArrayInputStream(bytes.getResponse().toByteArray())); + BasicOCSPResponse basic = (BasicOCSPResponse) + BasicOCSPResponse.getTemplate().decode( + new ByteArrayInputStream(bytes.getResponse().toByteArray())); ResponseData rd = basic.getResponseData(); for (int i = 0; i < rd.getResponseCount(); i++) { - SingleResponse rd1 = rd.getResponseAt(i); - System.out.println("CertID.serialNumber=" + - rd1.getCertID().getSerialNumber()); - CertStatus status1 = rd1.getCertStatus(); - if (status1 instanceof GoodInfo) { - System.out.println("CertStatus=Good"); - } - if (status1 instanceof UnknownInfo) { - System.out.println("CertStatus=Unknown"); - } - if (status1 instanceof RevokedInfo) { - System.out.println("CertStatus=Revoked"); - } + SingleResponse rd1 = rd.getResponseAt(i); + System.out.println("CertID.serialNumber=" + + rd1.getCertID().getSerialNumber()); + CertStatus status1 = rd1.getCertStatus(); + if (status1 instanceof GoodInfo) { + System.out.println("CertStatus=Good"); + } + if (status1 instanceof UnknownInfo) { + System.out.println("CertStatus=Unknown"); + } + if (status1 instanceof RevokedInfo) { + System.out.println("CertStatus=Revoked"); + } } } - public static void printUsage() - { - System.out.println("Usage: OCSPClient " + - "<host> <port> <dbdir> <nickname> <serialno_or_filename> <output> <times>"); - System.out.println(" <host> = OCSP server hostname"); - System.out.println(" <port> = OCSP server port number"); - System.out.println(" <dbdir> = Certificate Database Directory"); - System.out.println(" <nickname> = Nickname of CA Certificate"); - System.out.println(" <serialno_or_filename> = Serial Number Being Checked, Or Name of file that contains the request"); - System.out.println(" <output> = Filename of Response in DER encoding"); - System.out.println(" <times> = Submit Request Multiple Times"); - System.out.println(" [<uri>] = OCSP Service URI (i.e. /ocsp/ee/ocsp)"); + public static void printUsage() { + System.out.println("Usage: OCSPClient " + + "<host> <port> <dbdir> <nickname> <serialno_or_filename> <output> <times>"); + System.out.println(" <host> = OCSP server hostname"); + System.out.println(" <port> = OCSP server port number"); + System.out.println(" <dbdir> = Certificate Database Directory"); + System.out.println(" <nickname> = Nickname of CA Certificate"); + System.out.println(" <serialno_or_filename> = Serial Number Being Checked, Or Name of file that contains the request"); + System.out.println(" <output> = Filename of Response in DER encoding"); + System.out.println(" <times> = Submit Request Multiple Times"); + System.out.println(" [<uri>] = OCSP Service URI (i.e. /ocsp/ee/ocsp)"); } - public static void main(String args[]) - { - if (args.length != 7 && args.length !=8 ) - { + public static void main(String args[]) { + if (args.length != 7 && args.length != 8) { System.out.println("ERROR: Invalid number of arguments - got " + args.length + " expected 7!"); for (int i = 0; i < args.length; i++) { - System.out.println("arg[" + i + "]=" + args[i]); + System.out.println("arg[" + i + "]=" + args[i]); } printUsage(); - System.exit(0); + System.exit(0); } String host = args[0]; int port = -1; try { - port = Integer.parseInt(args[1]); + port = Integer.parseInt(args[1]); } catch (Exception e) { - System.out.println("Error: Invalid Port Number"); - printUsage(); - System.exit(0); + System.out.println("Error: Invalid Port Number"); + printUsage(); + System.exit(0); } String dbdir = args[2]; String nickname = args[3]; int serialno = -1; byte data[] = null; try { - serialno = Integer.parseInt(args[4]); + serialno = Integer.parseInt(args[4]); } catch (Exception e) { - try { - System.out.println("Warning: Serial Number not found. It may be a filename."); - /* it could be a file name */ - FileInputStream fis = new FileInputStream(args[4]); - System.out.println("File Size: " + fis.available()); - data = new byte[fis.available()]; - fis.read(data); - } catch (Exception e1) { - System.out.println("Error: Invalid Serial Number or File Name"); - printUsage(); - System.exit(0); - } + try { + System.out.println("Warning: Serial Number not found. It may be a filename."); + /* it could be a file name */ + FileInputStream fis = new FileInputStream(args[4]); + System.out.println("File Size: " + fis.available()); + data = new byte[fis.available()]; + fis.read(data); + } catch (Exception e1) { + System.out.println("Error: Invalid Serial Number or File Name"); + printUsage(); + System.exit(0); + } } String output = args[5]; int times = 1; try { - times = Integer.parseInt(args[6]); + times = Integer.parseInt(args[6]); } catch (Exception e) { - System.out.println("Error: Invalid Times"); - printUsage(); - System.exit(0); + System.out.println("Error: Invalid Times"); + printUsage(); + System.exit(0); } String uri = "/ocsp/ee/ocsp"; if (args.length > 7) { - uri = args[7]; + uri = args[7]; } try { - OCSPClient client = - new OCSPClient(host, port, dbdir); - for (int i = 0; i < times; i ++) { - if (data != null) { - client.sendRequestData(uri, nickname, data, output); - } else { - client.send(uri, nickname, serialno, output); - } + OCSPClient client = + new OCSPClient(host, port, dbdir); + for (int i = 0; i < times; i++) { + if (data != null) { + client.sendRequestData(uri, nickname, data, output); + } else { + client.send(uri, nickname, serialno, output); + } } System.out.println("Success: Output " + output); } catch (Exception e) { System.out.println("Error: " + e.toString()); printUsage(); - System.exit(0); + System.exit(0); } } } diff --git a/pki/base/java-tools/src/com/netscape/cmstools/PKCS10Client.java b/pki/base/java-tools/src/com/netscape/cmstools/PKCS10Client.java index 5f099911..a97a014a 100644 --- a/pki/base/java-tools/src/com/netscape/cmstools/PKCS10Client.java +++ b/pki/base/java-tools/src/com/netscape/cmstools/PKCS10Client.java @@ -46,32 +46,25 @@ import org.mozilla.jss.util.Password; import com.netscape.cmsutil.util.HMACDigest; - /** * Generates a 1024-bit RSA key pair in the security database, constructs a * PKCS#10 certificate request with the public key, and outputs the request * to a file. * <p> - * PKCS #10 is a certification request syntax standard defined by RSA. A CA - * may support multiple types of certificate requests. The Certificate System - * CA supports KEYGEN, PKCS#10, CRMF, and CMC. + * PKCS #10 is a certification request syntax standard defined by RSA. A CA may support multiple types of certificate requests. The Certificate System CA supports KEYGEN, PKCS#10, CRMF, and CMC. * <p> - * To get a certificate from the CA, the certificate request needs to be - * submitted to and approved by a CA agent. Once approved, a certificate is - * created for the request, and certificate attributes, such as extensions, - * are populated according to certificate profiles. + * To get a certificate from the CA, the certificate request needs to be submitted to and approved by a CA agent. Once approved, a certificate is created for the request, and certificate attributes, such as extensions, are populated according to certificate profiles. * <p> + * * @version $Revision$, $Date$ */ -public class PKCS10Client -{ - +public class PKCS10Client { + private static void printUsage() { System.out.println("Usage: PKCS10Client -p <certdb password> -d <location of certdb> -o <output file which saves the base64 PKCS10> -s <subjectDN>\n"); } - public static void main(String args[]) - { + public static void main(String args[]) { String dbdir = null, ofilename = null, password = null, subjectName = null; if (args.length != 8) { @@ -79,33 +72,33 @@ public class PKCS10Client System.exit(1); } - for (int i=0; i<args.length; i++) { + for (int i = 0; i < args.length; i++) { String name = args[i]; if (name.equals("-p")) { - password = args[i+1]; + password = args[i + 1]; } else if (name.equals("-d")) { - dbdir = args[i+1]; + dbdir = args[i + 1]; } else if (name.equals("-o")) { - ofilename = args[i+1]; + ofilename = args[i + 1]; } else if (name.equals("-s")) { - subjectName = args[i+1]; + subjectName = args[i + 1]; } } - + if (password == null || ofilename == null || subjectName == null) { System.out.println("Illegal input parameters."); printUsage(); System.exit(1); } - + if (dbdir == null) dbdir = "."; - try { + try { String mPrefix = ""; CryptoManager.InitializationValues vals = - new CryptoManager.InitializationValues(dbdir, mPrefix, - mPrefix, "secmod.db"); + new CryptoManager.InitializationValues(dbdir, mPrefix, + mPrefix, "secmod.db"); CryptoManager.initialize(vals); CryptoManager cm = CryptoManager.getInstance(); @@ -113,9 +106,9 @@ public class PKCS10Client Password pass = new Password(password.toCharArray()); token.login(pass); - KeyPairGenerator kg = token.getKeyPairGenerator(KeyPairAlgorithm.RSA); + KeyPairGenerator kg = token.getKeyPairGenerator(KeyPairAlgorithm.RSA); kg.initialize(1024); - KeyPair pair = kg.genKeyPair(); + KeyPair pair = kg.genKeyPair(); // Add idPOPLinkWitness control String secretValue = "testing"; @@ -124,16 +117,16 @@ public class PKCS10Client MessageDigest SHA1Digest = MessageDigest.getInstance("SHA1"); key1 = SHA1Digest.digest(secretValue.getBytes()); -/* seed */ -byte[] b = -{0x10, 0x53, 0x42, 0x24, 0x1a, 0x2a, 0x35, 0x3c, - 0x7a, 0x52, 0x54, 0x56, 0x71, 0x65, 0x66, 0x4c, - 0x51, 0x34, 0x35, 0x23, 0x3c, 0x42, 0x43, 0x45, - 0x61, 0x4f, 0x6e, 0x43, 0x1e, 0x2a, 0x2b, 0x31, - 0x32, 0x34, 0x35, 0x36, 0x55, 0x51, 0x48, 0x14, - 0x16, 0x29, 0x41, 0x42, 0x43, 0x7b, 0x63, 0x44, - 0x6a, 0x12, 0x6b, 0x3c, 0x4c, 0x3f, 0x00, 0x14, - 0x51, 0x61, 0x15, 0x22, 0x23, 0x5f, 0x5e, 0x69}; + /* seed */ + byte[] b = + { 0x10, 0x53, 0x42, 0x24, 0x1a, 0x2a, 0x35, 0x3c, + 0x7a, 0x52, 0x54, 0x56, 0x71, 0x65, 0x66, 0x4c, + 0x51, 0x34, 0x35, 0x23, 0x3c, 0x42, 0x43, 0x45, + 0x61, 0x4f, 0x6e, 0x43, 0x1e, 0x2a, 0x2b, 0x31, + 0x32, 0x34, 0x35, 0x36, 0x55, 0x51, 0x48, 0x14, + 0x16, 0x29, 0x41, 0x42, 0x43, 0x7b, 0x63, 0x44, + 0x6a, 0x12, 0x6b, 0x3c, 0x4c, 0x3f, 0x00, 0x14, + 0x51, 0x61, 0x15, 0x22, 0x23, 0x5f, 0x5e, 0x69 }; HMACDigest hmacDigest = new HMACDigest(SHA1Digest, key1); hmacDigest.update(b); @@ -141,26 +134,26 @@ byte[] b = OCTET_STRING ostr = new OCTET_STRING(finalDigest); Attribute attr = new Attribute(OBJECT_IDENTIFIER.id_cmc_idPOPLinkWitness, ostr); - + SET attributes = new SET(); attributes.addElement(attr); Name n = getJssName(subjectName); - SubjectPublicKeyInfo subjectPub = new SubjectPublicKeyInfo(pair.getPublic()); - CertificationRequestInfo certReqInfo = - new CertificationRequestInfo(new INTEGER(0), n, subjectPub, attributes); + SubjectPublicKeyInfo subjectPub = new SubjectPublicKeyInfo(pair.getPublic()); + CertificationRequestInfo certReqInfo = + new CertificationRequestInfo(new INTEGER(0), n, subjectPub, attributes); CertificationRequest certRequest = new CertificationRequest(certReqInfo, - pair.getPrivate(), SignatureAlgorithm.RSASignatureWithMD5Digest); + pair.getPrivate(), SignatureAlgorithm.RSASignatureWithMD5Digest); ByteArrayOutputStream bos = new ByteArrayOutputStream(); certRequest.encode(bos); byte[] bb = bos.toByteArray(); String b64E = com.netscape.osutil.OSUtil.BtoA(bb); - + System.out.println(""); System.out.println(b64E); System.out.println(""); - + PrintStream ps = null; ps = new PrintStream(new FileOutputStream(ofilename)); ps.println(b64E); @@ -170,86 +163,77 @@ byte[] b = } } - static Name getJssName(String dn) - { + static Name getJssName(String dn) { X500Name x5Name = null; try { - x5Name= new X500Name(dn); - } catch(IOException e) { + x5Name = new X500Name(dn); + } catch (IOException e) { - System.out.println("Illegal Subject Name: " + dn + " Error: " + e.toString()); + System.out.println("Illegal Subject Name: " + dn + " Error: " + e.toString()); System.out.println("Filling in default Subject Name......"); return null; } Name ret = new Name(); netscape.security.x509.RDN[] names = null; - names = x5Name.getNames(); + names = x5Name.getNames(); int nameLen = x5Name.getNamesLength(); netscape.security.x509.RDN cur = null; - for(int i = 0; i < nameLen ; i++) - { + for (int i = 0; i < nameLen; i++) { cur = names[i]; String rdnStr = cur.toString(); String[] split = rdnStr.split("="); - if(split.length != 2) + if (split.length != 2) continue; try { - if(split[0].equals("UID")) - { - ret.addElement(new AVA(new OBJECT_IDENTIFIER("0.9.2342.19200300.100.1.1"), new PrintableString(split[1]))); - // System.out.println("UID found : " + split[1]); + if (split[0].equals("UID")) { + ret.addElement(new AVA(new OBJECT_IDENTIFIER("0.9.2342.19200300.100.1.1"), new PrintableString(split[1]))); + // System.out.println("UID found : " + split[1]); } - if(split[0].equals("C")) - { + if (split[0].equals("C")) { ret.addCountryName(split[1]); - // System.out.println("C found : " + split[1]); + // System.out.println("C found : " + split[1]); continue; } - if(split[0].equals("CN")) - { + if (split[0].equals("CN")) { ret.addCommonName(split[1]); - // System.out.println("CN found : " + split[1]); + // System.out.println("CN found : " + split[1]); continue; } - if(split[0].equals("L")) - { + if (split[0].equals("L")) { ret.addLocalityName(split[1]); - // System.out.println("L found : " + split[1]); + // System.out.println("L found : " + split[1]); continue; } - if(split[0].equals("O")) - { + if (split[0].equals("O")) { ret.addOrganizationName(split[1]); - // System.out.println("O found : " + split[1]); + // System.out.println("O found : " + split[1]); continue; } - if(split[0].equals("ST")) - { + if (split[0].equals("ST")) { ret.addStateOrProvinceName(split[1]); - // System.out.println("ST found : " + split[1]); + // System.out.println("ST found : " + split[1]); continue; } - if(split[0].equals("OU")) - { + if (split[0].equals("OU")) { ret.addOrganizationalUnitName(split[1]); - // System.out.println("OU found : " + split[1]); + // System.out.println("OU found : " + split[1]); continue; } - } catch (Exception e) { - System.out.println("Error constructing RDN: " + rdnStr + " Error: " + e.toString()); + } catch (Exception e) { + System.out.println("Error constructing RDN: " + rdnStr + " Error: " + e.toString()); continue; } } diff --git a/pki/base/java-tools/src/com/netscape/cmstools/PKCS12Export.java b/pki/base/java-tools/src/com/netscape/cmstools/PKCS12Export.java index 38b3e162..e30cfdb2 100644 --- a/pki/base/java-tools/src/com/netscape/cmstools/PKCS12Export.java +++ b/pki/base/java-tools/src/com/netscape/cmstools/PKCS12Export.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cmstools; - import java.io.BufferedReader; import java.io.ByteArrayOutputStream; import java.io.FileOutputStream; @@ -53,13 +52,13 @@ import org.mozilla.jss.pkix.primitive.EncryptedPrivateKeyInfo; import org.mozilla.jss.pkix.primitive.PrivateKeyInfo; import org.mozilla.jss.util.Password; - /** * Tool for creating PKCS12 file * * <P> + * * @version $Revision$, $Date$ - * + * */ public class PKCS12Export { @@ -67,7 +66,7 @@ public class PKCS12Export { private static void debug(String s) { if (debugMode) - System.out.println("PKCS12Export debug: " + s); + System.out.println("PKCS12Export debug: " + s); } private static void printUsage() { @@ -84,7 +83,7 @@ public class PKCS12Export { KeyGenerator kg = token.getKeyGenerator(KeyGenAlgorithm.DES3); SymmetricKey sk = kg.generate(); KeyWrapper wrapper = token.getKeyWrapper(KeyWrapAlgorithm.DES3_CBC_PAD); - byte iv[] = {0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1}; + byte iv[] = { 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1 }; IVParameterSpec param = new IVParameterSpec(iv); wrapper.initWrap(sk, param); byte[] enckey = wrapper.wrap(pkey); @@ -93,7 +92,7 @@ public class PKCS12Export { byte[] recovered = c.doFinal(enckey); return recovered; } catch (Exception e) { - debug("PKCS12Export getEncodedKey: Exception="+e.toString()); + debug("PKCS12Export getEncodedKey: Exception=" + e.toString()); System.exit(1); } @@ -101,30 +100,30 @@ public class PKCS12Export { } private static void addKeyBag(org.mozilla.jss.crypto.PrivateKey pkey, X509Certificate x509cert, - Password pass, byte[] localKeyId, SEQUENCE safeContents) { + Password pass, byte[] localKeyId, SEQUENCE safeContents) { try { PasswordConverter passConverter = new PasswordConverter(); - byte salt[] = {0x01, 0x01, 0x01, 0x01}; + byte salt[] = { 0x01, 0x01, 0x01, 0x01 }; byte[] priData = getEncodedKey(pkey); PrivateKeyInfo pki = (PrivateKeyInfo) - ASN1Util.decode(PrivateKeyInfo.getTemplate(), priData); + ASN1Util.decode(PrivateKeyInfo.getTemplate(), priData); ASN1Value key = EncryptedPrivateKeyInfo.createPBE( - PBEAlgorithm.PBE_SHA1_DES3_CBC, - pass, salt, 1, passConverter, pki); + PBEAlgorithm.PBE_SHA1_DES3_CBC, + pass, salt, 1, passConverter, pki); SET keyAttrs = createBagAttrs( - x509cert.getSubjectDN().toString(), localKeyId); + x509cert.getSubjectDN().toString(), localKeyId); SafeBag keyBag = new SafeBag(SafeBag.PKCS8_SHROUDED_KEY_BAG, - key, keyAttrs); + key, keyAttrs); safeContents.addElement(keyBag); } catch (Exception e) { - debug("PKCS12Export addKeyBag: Exception="+e.toString()); + debug("PKCS12Export addKeyBag: Exception=" + e.toString()); System.exit(1); } } private static byte[] addCertBag(X509Certificate x509cert, String nickname, - SEQUENCE safeContents) throws IOException { + SEQUENCE safeContents) throws IOException { byte[] localKeyId = null; try { ASN1Value cert = new OCTET_STRING(x509cert.getEncoded()); @@ -133,10 +132,10 @@ public class PKCS12Export { if (nickname != null) certAttrs = createBagAttrs(nickname, localKeyId); SafeBag certBag = new SafeBag(SafeBag.CERT_BAG, - new CertBag(CertBag.X509_CERT_TYPE, cert), certAttrs); + new CertBag(CertBag.X509_CERT_TYPE, cert), certAttrs); safeContents.addElement(certBag); } catch (Exception e) { - debug("PKCS12Export addCertBag: "+e.toString()); + debug("PKCS12Export addCertBag: " + e.toString()); System.exit(1); } @@ -153,7 +152,7 @@ public class PKCS12Export { md.update(certDer); return md.digest(); } catch (Exception e) { - debug("PKCS12Export createLocalKeyId: Exception: "+e.toString()); + debug("PKCS12Export createLocalKeyId: Exception: " + e.toString()); System.exit(1); } @@ -161,7 +160,7 @@ public class PKCS12Export { } private static SET createBagAttrs(String nickName, byte localKeyId[]) - throws IOException { + throws IOException { try { SET attrs = new SET(); SEQUENCE nickNameAttr = new SEQUENCE(); @@ -182,7 +181,7 @@ public class PKCS12Export { attrs.addElement(localKeyAttr); return attrs; } catch (Exception e) { - debug("PKCS12Export createBagAttrs: Exception="+e.toString()); + debug("PKCS12Export createBagAttrs: Exception=" + e.toString()); System.exit(1); } @@ -200,24 +199,24 @@ public class PKCS12Export { String snickname = null; String pk12pwdfile = null; String pk12output = null; - for (int i=0; i<args.length; i++) { + for (int i = 0; i < args.length; i++) { if (args[i].equals("-d")) { - dir = args[i+1]; + dir = args[i + 1]; } else if (args[i].equals("-p")) { - pwdfile = args[i+1]; + pwdfile = args[i + 1]; } else if (args[i].equals("-s")) { - snickname = args[i+1]; + snickname = args[i + 1]; } else if (args[i].equals("-w")) { - pk12pwdfile = args[i+1]; + pk12pwdfile = args[i + 1]; } else if (args[i].equals("-o")) { - pk12output = args[i+1]; + pk12output = args[i + 1]; } else if (args[i].equals("-debug")) { debugMode = true; } } - debug("The directory for certdb/keydb is "+dir); - debug("The password file for keydb is "+pwdfile); + debug("The directory for certdb/keydb is " + dir); + debug("The password file for keydb is " + pwdfile); // get password String pwd = null; @@ -225,7 +224,7 @@ public class PKCS12Export { BufferedReader in = new BufferedReader(new FileReader(pwdfile)); pwd = in.readLine(); } catch (Exception e) { - debug("Failed to read the keydb password from the file. Exception: "+e.toString()); + debug("Failed to read the keydb password from the file. Exception: " + e.toString()); System.exit(1); } @@ -234,14 +233,14 @@ public class PKCS12Export { BufferedReader in = new BufferedReader(new FileReader(pk12pwdfile)); pk12pwd = in.readLine(); } catch (Exception e) { - debug("Failed to read the keydb password from the file. Exception: "+e.toString()); + debug("Failed to read the keydb password from the file. Exception: " + e.toString()); System.exit(1); } CryptoManager cm = null; try { - CryptoManager.InitializationValues vals = - new CryptoManager.InitializationValues(dir, "", "", "secmod.db"); + CryptoManager.InitializationValues vals = + new CryptoManager.InitializationValues(dir, "", "", "secmod.db"); CryptoManager.initialize(vals); cm = CryptoManager.getInstance(); } catch (Exception e) { @@ -257,16 +256,16 @@ public class PKCS12Export { token.login(pass); CryptoStore store = token.getCryptoStore(); X509Certificate[] certs = store.getCertificates(); - debug("Number of user certificates = "+certs.length); + debug("Number of user certificates = " + certs.length); Password pass12 = new Password(pk12pwd.toCharArray()); - for (int i=0; i<certs.length; i++) { + for (int i = 0; i < certs.length; i++) { String nickname = certs[i].getNickname(); - debug("Certificate nickname = "+nickname); + debug("Certificate nickname = " + nickname); org.mozilla.jss.crypto.PrivateKey prikey = null; try { prikey = cm.findPrivKeyByCert(certs[i]); } catch (Exception e) { - debug("PKCS12Export Exception: "+e.toString()); + debug("PKCS12Export Exception: " + e.toString()); } if (prikey == null) { @@ -274,8 +273,8 @@ public class PKCS12Export { byte[] localKeyId = addCertBag(certs[i], null, safeContents); } else { debug("Private key is not null"); - byte localKeyId[] = - addCertBag(certs[i], nickname, safeContents); + byte localKeyId[] = + addCertBag(certs[i], nickname, safeContents); addKeyBag(prikey, certs[i], pass12, localKeyId, encSafeContents); } } @@ -294,7 +293,7 @@ public class PKCS12Export { pass.clear(); pass12.clear(); } catch (Exception e) { - debug("PKCS12Export Exception: "+e.toString()); + debug("PKCS12Export Exception: " + e.toString()); System.exit(1); } } diff --git a/pki/base/java-tools/src/com/netscape/cmstools/PasswordCache.java b/pki/base/java-tools/src/com/netscape/cmstools/PasswordCache.java index cd0351ae..a90ee079 100644 --- a/pki/base/java-tools/src/com/netscape/cmstools/PasswordCache.java +++ b/pki/base/java-tools/src/com/netscape/cmstools/PasswordCache.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cmstools; - import java.io.BufferedReader; import java.io.ByteArrayOutputStream; import java.io.File; @@ -43,7 +42,7 @@ import org.mozilla.jss.util.Base64OutputStream; import org.mozilla.jss.util.Password; /** - * Tool for interacting with the PWcache + * Tool for interacting with the PWcache * * @version $Revision$, $Date$ */ @@ -63,15 +62,15 @@ public class PasswordCache { private static final String KEYDB = "key3.db"; private static void usage() { - System.out.println("This tool has to be run from the same directory where pwcache.db file resides, normally <cms instance>/config directory, unless the file's full path is specified in the -c option..\nUsage: PasswordCache <SSO_PASSWORD> <-d cert/key db directory> <-h tokenName> <-P cert/key db prefix> <-c pwcache.db_file_full_path> <-k file containing Base64EncodedKeyID> <COMMAND> ..."); - System.out.println(" commands:"); - System.out.println(" 'add <password_name> <password>'"); - System.out.println(" 'change <password_name> <password>'"); - System.out.println(" 'delete <password_name>'"); - System.out.println(" 'rekey'"); - System.out.println(" 'list'"); - System.out.println("\nExample:\n\tPasswordCache thePassword1 -d /usr/netscape/servers/cms/alias -P cert-instance1-machine1- -c pwcache.db -k keyidFile list"); - System.exit(1); + System.out.println("This tool has to be run from the same directory where pwcache.db file resides, normally <cms instance>/config directory, unless the file's full path is specified in the -c option..\nUsage: PasswordCache <SSO_PASSWORD> <-d cert/key db directory> <-h tokenName> <-P cert/key db prefix> <-c pwcache.db_file_full_path> <-k file containing Base64EncodedKeyID> <COMMAND> ..."); + System.out.println(" commands:"); + System.out.println(" 'add <password_name> <password>'"); + System.out.println(" 'change <password_name> <password>'"); + System.out.println(" 'delete <password_name>'"); + System.out.println(" 'rekey'"); + System.out.println(" 'list'"); + System.out.println("\nExample:\n\tPasswordCache thePassword1 -d /usr/netscape/servers/cms/alias -P cert-instance1-machine1- -c pwcache.db -k keyidFile list"); + System.exit(1); } private static boolean debugMode = false; @@ -79,14 +78,14 @@ public class PasswordCache { public PasswordCache() { } - private static void debug (String s) { + private static void debug(String s) { if (debugMode == true) - System.out.println("PasswordCache debug: "+s); + System.out.println("PasswordCache debug: " + s); } /** * clean up an argv by removing the trailing, empty arguments - * + * * This is necessary to support the script wrapper which calls the * tool with arguments in quotes such as: * "$1" "$2" @@ -98,7 +97,7 @@ public class PasswordCache { int i; length = s.length; - debug("before cleanArgs argv length ="+length); + debug("before cleanArgs argv length =" + length); for (i = length - 1; i >= 0; i--) { if (s[i].equals("")) { @@ -111,16 +110,16 @@ public class PasswordCache { String[] new_av = new String[length]; for (i = 0; i < length; i++) { new_av[i] = s[i]; - debug("arg "+i+" is "+new_av[i]); + debug("arg " + i + " is " + new_av[i]); } - debug("after cleanArgs argv length ="+length); + debug("after cleanArgs argv length =" + length); return new_av; } public static byte[] base64Decode(String s) throws IOException { - byte[] d = com.netscape.osutil.OSUtil.AtoB(s); - return d; + byte[] d = com.netscape.osutil.OSUtil.AtoB(s); + return d; } public static String base64Encode(byte[] bytes) throws IOException { @@ -129,9 +128,9 @@ public class PasswordCache { ByteArrayOutputStream output = new ByteArrayOutputStream(); Base64OutputStream b64 = new Base64OutputStream(new PrintStream(new - FilterOutputStream(output) + FilterOutputStream(output) ) - ); + ); b64.write(bytes); b64.flush(); @@ -141,7 +140,7 @@ public class PasswordCache { return output.toString("8859_1"); } - public static void main(String[]av) { + public static void main(String[] av) { // default path is "." String mPath = "."; String mTokenName = null; @@ -173,28 +172,33 @@ public class PasswordCache { String aPasswd = ""; int i = 0; - for ( i = 1; i < argv.length; ++i) { - if( argv[i].equals("-d") ) { - if( ++i >= argv.length ) usage(); + for (i = 1; i < argv.length; ++i) { + if (argv[i].equals("-d")) { + if (++i >= argv.length) + usage(); mPath = argv[i]; - } else if( argv[i].equals("-h") ) { - if( ++i >= argv.length ) usage(); + } else if (argv[i].equals("-h")) { + if (++i >= argv.length) + usage(); mTokenName = argv[i]; - } else if( argv[i].equals("-P") ) { - if( ++i >= argv.length ) usage(); + } else if (argv[i].equals("-P")) { + if (++i >= argv.length) + usage(); mPrefix = argv[i]; - } else if( argv[i].equals("-c") ) { - if( ++i >= argv.length ) usage(); + } else if (argv[i].equals("-c")) { + if (++i >= argv.length) + usage(); mCacheFile = argv[i]; - } else if (argv[i].equals("-k") ) { - if( ++i >= argv.length ) usage(); + } else if (argv[i].equals("-k")) { + if (++i >= argv.length) + usage(); String keyFile = argv[i]; try { - BufferedReader r = new BufferedReader(new FileReader(keyFile)); - String listLine; - mKeyIdString = r.readLine(); + BufferedReader r = new BufferedReader(new FileReader(keyFile)); + String listLine; + mKeyIdString = r.readLine(); } catch (Exception e) { - System.out.println("Error: "+e.toString()); + System.out.println("Error: " + e.toString()); System.exit(1); } @@ -209,13 +213,13 @@ public class PasswordCache { } } else { command = argv[i++]; - debug("command = "+command); + debug("command = " + command); if ((command.equals("add")) || (command.equals("change"))) { aTag = argv[i++]; aPasswd = argv[i]; - debug("command is "+command+" "+aTag+":"+aPasswd); + debug("command is " + command + " " + aTag + ":" + aPasswd); } else if (command.equals("delete")) { aTag = argv[i]; } else if (command.equals("list")) { @@ -231,9 +235,9 @@ public class PasswordCache { System.out.println("cert/key db path = " + mPath); System.out.println("password cache file = " + mCacheFile); - CryptoManager.InitializationValues vals = - new CryptoManager.InitializationValues(mPath, mPrefix, - mPrefix, "secmod.db"); + CryptoManager.InitializationValues vals = + new CryptoManager.InitializationValues(mPath, mPrefix, + mPrefix, "secmod.db"); CryptoManager.initialize(vals); @@ -244,7 +248,7 @@ public class PasswordCache { System.out.println("token name = internal"); } else { token = cm.getTokenByName(mTokenName); - System.out.println("token name = "+ mTokenName); + System.out.println("token name = " + mTokenName); } token.login(pass); @@ -259,31 +263,31 @@ public class PasswordCache { PWsdrCache cache = null; try { // compose instance name - File passwordCacheDB = new File( mCacheFile ); + File passwordCacheDB = new File(mCacheFile); pwdPath = passwordCacheDB.getAbsolutePath(); - int beginIndex = pwdPath.lastIndexOf( "cert-" ); - instancePath = pwdPath.substring( beginIndex ); + int beginIndex = pwdPath.lastIndexOf("cert-"); + instancePath = pwdPath.substring(beginIndex); int endIndex = 0; - endIndex = instancePath.lastIndexOf( "config" ); - instanceName = instancePath.substring( 0, ( endIndex - 1 ) ); + endIndex = instancePath.lastIndexOf("config"); + instanceName = instancePath.substring(0, (endIndex - 1)); - cache = new PWsdrCache(mCacheFile, mTokenName, null, true); - cache.deleteUniqueNamedKey( PROP_PWC_NICKNAME + cache = new PWsdrCache(mCacheFile, mTokenName, null, true); + cache.deleteUniqueNamedKey(PROP_PWC_NICKNAME + " " - + instanceName ); + + instanceName); byte[] newKeyId = cache.generateSDRKeyWithNickName( PROP_PWC_NICKNAME - + " " - + instanceName ); + + " " + + instanceName); if (newKeyId != null) { String newKeyIDString = base64Encode(newKeyId); - System.out.println("key generated successfully with key id = "+ + System.out.println("key generated successfully with key id = " + newKeyIDString); System.out.println("Save the VALUE portion of this key id in a local file,"); System.out.println("and under variable \"pwcKeyid\" in CS.cfg !!"); System.out.println("If you have not already done so,"); - System.out.println("remove the old pwcache.db and use this local file to add passwords."); - // job is done + System.out.println("remove the old pwcache.db and use this local file to add passwords."); + // job is done System.exit(0); } else { System.out.println("key expected to be generated but wasn't"); @@ -297,10 +301,10 @@ public class PasswordCache { PWsdrCache cache = null; try { - cache = new PWsdrCache(mCacheFile, mTokenName, mKeyId, true); + cache = new PWsdrCache(mCacheFile, mTokenName, mKeyId, true); } catch (Exception e) { System.out.println(e.toString()); - System.exit(1); + System.exit(1); } if ((command.equals("add")) || (command.equals("change"))) { @@ -310,12 +314,12 @@ public class PasswordCache { System.exit(1); } - try { - System.out.println("adding "+aTag+":"+aPasswd); - cache.addEntry(aTag, aPasswd); - } catch (Exception e) { - System.out.println("--failed--"+ e.toString()); - } + try { + System.out.println("adding " + aTag + ":" + aPasswd); + cache.addEntry(aTag, aPasswd); + } catch (Exception e) { + System.out.println("--failed--" + e.toString()); + } } else if (command.equals("list")) { cache.pprint(); } else if (command.equals("delete")) { @@ -325,11 +329,11 @@ public class PasswordCache { System.exit(1); } - try { - cache.deleteEntry(aTag); - } catch (Exception e) { - System.out.println("User not found"); - } + try { + cache.deleteEntry(aTag); + } catch (Exception e) { + System.out.println("User not found"); + } } else { System.out.println("Illegal command: " + command); System.exit(1); @@ -337,7 +341,6 @@ public class PasswordCache { } } - /* * A class for managing passwords in the SDR password cache * @@ -371,9 +374,9 @@ class PWsdrCache { cm = CryptoManager.getInstance(); if (mTokenName != null) { mToken = cm.getTokenByName(mTokenName); - debug("PWsdrCache: mToken = "+mTokenName); + debug("PWsdrCache: mToken = " + mTokenName); } else { - mToken = cm.getInternalKeyStorageToken(); + mToken = cm.getInternalKeyStorageToken(); debug("PWsdrCache: mToken = internal"); } } @@ -386,24 +389,22 @@ class PWsdrCache { return mTokenName; } - public void deleteUniqueNamedKey( String nickName ) - throws Exception - { - KeyManager km = new KeyManager( mToken ); - km.deleteUniqueNamedKey( nickName ); + public void deleteUniqueNamedKey(String nickName) + throws Exception { + KeyManager km = new KeyManager(mToken); + km.deleteUniqueNamedKey(nickName); } public byte[] generateSDRKey() throws Exception { - return generateSDRKeyWithNickName(PROP_PWC_NICKNAME); + return generateSDRKeyWithNickName(PROP_PWC_NICKNAME); } - public byte[] generateSDRKeyWithNickName( String nickName ) - throws Exception - { + public byte[] generateSDRKeyWithNickName(String nickName) + throws Exception { try { if (mIsTool == true) { // generate SDR key - KeyManager km = new KeyManager(mToken); + KeyManager km = new KeyManager(mToken); try { // Bugscape Bug #54838: Due to the CMS cloning feature, // we must check for the presence of @@ -411,17 +412,17 @@ class PWsdrCache { // prior to making an attempt to // generate it! // - if( !( km.uniqueNamedKeyExists( nickName ) ) ) { - mKeyID = km.generateUniqueNamedKey( nickName ); + if (!(km.uniqueNamedKeyExists(nickName))) { + mKeyID = km.generateUniqueNamedKey(nickName); debug("PWsdrCache: SDR key generated"); } } catch (TokenException e) { - log (0, "generateSDRKey() failed on "+e.toString()); + log(0, "generateSDRKey() failed on " + e.toString()); throw e; } } } catch (Exception e) { - log (0, e.toString()); + log(0, e.toString()); throw e; } return mKeyID; @@ -442,7 +443,7 @@ class PWsdrCache { * add passwd in pwcache. */ public void addEntry(String tag, String pwd, Hashtable tagPwds) throws IOException { - System.out.println("PWsdrCache: in addEntry"); + System.out.println("PWsdrCache: in addEntry"); String stringToAdd = null; String bufs = null; @@ -455,7 +456,7 @@ class PWsdrCache { tag = (String) enum1.nextElement(); pwd = (String) tagPwds.get(tag); debug("password tag: " + tag + " stored in " + mPWcachedb); - + if (stringToAdd == null) { stringToAdd = tag + ":" + pwd + "\n"; } else { @@ -483,7 +484,7 @@ class PWsdrCache { debug("adding new tag: " + tag); bufs = stringToAdd; } - + // write update to cache writePWcache(bufs); } @@ -513,7 +514,7 @@ class PWsdrCache { debug("password cache contains no tags"); return; } - + // write update to cache writePWcache(bufs); } @@ -584,7 +585,6 @@ class PWsdrCache { */ public void writePWcache(String bufs) throws IOException { - try { Encryptor sdr = new Encryptor(mToken, mKeyID, Encryptor.DEFAULT_ENCRYPTION_ALG); @@ -613,46 +613,46 @@ class PWsdrCache { // Make certain that this temporary file has // the correct permissions. - if( !isNT() ) { - exec( "chmod 00660 " + tmpPWcache.getAbsolutePath() ); + if (!isNT()) { + exec("chmod 00660 " + tmpPWcache.getAbsolutePath()); } File origFile = new File(mPWcachedb); try { // Always remove any pre-existing target file - if( origFile.exists() ) { + if (origFile.exists()) { origFile.delete(); } if (isNT()) { // NT is very picky on the path exec("copy " + - tmpPWcache.getAbsolutePath().replace('/', '\\') + " " + - origFile.getAbsolutePath().replace('/', '\\')); + tmpPWcache.getAbsolutePath().replace('/', '\\') + " " + + origFile.getAbsolutePath().replace('/', '\\')); } else { // Create a copy of the temporary file which // preserves the temporary file's permissions. exec("cp -p " + tmpPWcache.getAbsolutePath() + " " + - origFile.getAbsolutePath()); + origFile.getAbsolutePath()); } // Remove the temporary file if and only if // the "rename" was successful. - if( origFile.exists() ) { + if (origFile.exists()) { tmpPWcache.delete(); // Make certain that the final file has // the correct permissions. - if( !isNT() ) { - exec( "chmod 00660 " + origFile.getAbsolutePath() ); + if (!isNT()) { + exec("chmod 00660 " + origFile.getAbsolutePath()); } // report success - debug( "Renaming operation completed for " + mPWcachedb ); + debug("Renaming operation completed for " + mPWcachedb); } else { // report failure and exit - debug( "Renaming operation failed for " + mPWcachedb ); + debug("Renaming operation failed for " + mPWcachedb); System.exit(1); } } catch (IOException exx) { @@ -678,7 +678,7 @@ class PWsdrCache { while (enum1.hasMoreElements()) { String tag = (String) enum1.nextElement(); String pwd = (String) ht.get(tag); - + if (returnString == null) { returnString = tag + ":" + pwd + "\n"; } else { @@ -797,22 +797,22 @@ class PWsdrCache { if (process.exitValue() == 0) { /** - pOut = new BufferedReader( - new InputStreamReader(process.getInputStream())); - while ((l = pOut.readLine()) != null) { - System.out.println(l); - } + * pOut = new BufferedReader( + * new InputStreamReader(process.getInputStream())); + * while ((l = pOut.readLine()) != null) { + * System.out.println(l); + * } **/ return true; } else { /** - pOut = new BufferedReader( - new InputStreamReader(process.getErrorStream())); - l = null; - while ((l = pOut.readLine()) != null) { - System.out.println(l); - } + * pOut = new BufferedReader( + * new InputStreamReader(process.getErrorStream())); + * l = null; + * while ((l = pOut.readLine()) != null) { + * System.out.println(l); + * } **/ return false; } @@ -860,7 +860,7 @@ class PWsdrCache { line.length()); debug(tag.trim() + - " : " + passwd.trim()); + " : " + passwd.trim()); } else { //invalid format...log or throw...later debug("invalid format"); diff --git a/pki/base/java-tools/src/com/netscape/cmstools/PrettyPrintCert.java b/pki/base/java-tools/src/com/netscape/cmstools/PrettyPrintCert.java index f67f787e..9d914292 100644 --- a/pki/base/java-tools/src/com/netscape/cmstools/PrettyPrintCert.java +++ b/pki/base/java-tools/src/com/netscape/cmstools/PrettyPrintCert.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cmstools; - import java.io.BufferedInputStream; import java.io.BufferedReader; import java.io.FileInputStream; @@ -36,41 +35,41 @@ import netscape.security.x509.X500Name; import netscape.security.x509.X509CertImpl; import netscape.security.x509.X509CertInfo; - /** * The PrettyPrintCert class is a utility program designed to "pretty print" - * a certificate. It assumes that the name of a data file is passed to the + * a certificate. It assumes that the name of a data file is passed to the * program via the command line, and that the contents contain a certificate - * encoded in an ASCII BASE 64 format. Note that the data file may contain + * encoded in an ASCII BASE 64 format. Note that the data file may contain * an optional "-----BEGIN" header and/or an optional "-----END" trailer. - * + * * <P> * The program may be invoked as follows: + * * <PRE> - * + * * PrettyPrintCert <input filename> [output filename] - * + * * NOTE: <input filename> must contain an ASCII * BASE 64 encoded certificate - * + * * <output filename> contains a certificate displayed * in a "pretty print" ASCII format * </PRE> - * + * * @version $Revision$, $Date$ */ public class PrettyPrintCert { // Define constants - public static final int ARGC = 2; + public static final int ARGC = 2; public static final String HEADER = "-----BEGIN"; public static final String TRAILER = "-----END"; public static void usageAndExit() { System.out.println("Usage: PrettyPrintCert " + - "[options] " + - "<input filename> " + - "[output filename]"); + "[options] " + + "<input filename> " + + "[output filename]"); System.out.println("\n options: "); System.out.println(" -simpleinfo : prints limited cert info in easy to parse format"); System.exit(0); @@ -87,7 +86,7 @@ public class PrettyPrintCert { CertPrettyPrint certDetails = null; String pp = new String(); FileOutputStream outputCert = null; - boolean mSimpleInfo = false; + boolean mSimpleInfo = false; String inputfile = null; String outputfile = null; @@ -130,18 +129,18 @@ public class PrettyPrintCert { if (inputfile == null) { usageAndExit(); } - + // (2) Create a DataInputStream() object to the BASE 64 // encoded certificate contained within the file // specified on the command line try { inputCert = new BufferedReader(new InputStreamReader( new BufferedInputStream( - new FileInputStream( - inputfile)))); + new FileInputStream( + inputfile)))); } catch (FileNotFoundException e) { System.out.println("PrettyPrintCert: can't find file " + - inputfile + ":\n" + e); + inputfile + ":\n" + e); return; } @@ -152,14 +151,14 @@ public class PrettyPrintCert { try { while ((encodedBASE64CertChunk = inputCert.readLine()) != null) { if (!(encodedBASE64CertChunk.startsWith(HEADER)) && - !(encodedBASE64CertChunk.startsWith(TRAILER))) { + !(encodedBASE64CertChunk.startsWith(TRAILER))) { encodedBASE64Cert += encodedBASE64CertChunk.trim(); } } } catch (IOException e) { System.out.println("PrettyPrintCert: Unexpected BASE64 " + - "encoded error encountered in readLine():\n" + - e); + "encoded error encountered in readLine():\n" + + e); } // (4) Close the DataInputStream() object @@ -167,9 +166,9 @@ public class PrettyPrintCert { inputCert.close(); } catch (IOException e) { System.out.println("PrettyPrintCert: Unexpected BASE64 " + - "encoded error encountered in close():\n" + e); + "encoded error encountered in close():\n" + e); } - + // (5) Decode the ASCII BASE 64 certificate enclosed in the // String() object into a BINARY BASE 64 byte[] object @@ -181,19 +180,19 @@ public class PrettyPrintCert { cert = new X509CertImpl(decodedBASE64Cert); } catch (CertificateException e) { System.out.println("PrettyPrintCert: Error encountered " + - "on parsing certificate :\n" + e); + "on parsing certificate :\n" + e); } if (mSimpleInfo) { try { X509CertInfo certinfo = (X509CertInfo) cert.get("x509.INFO"); - + CertificateSubjectName csn = (CertificateSubjectName) - certinfo.get(X509CertInfo.SUBJECT); + certinfo.get(X509CertInfo.SUBJECT); Enumeration<String> en = csn.getAttributeNames(); - X500Name dname = (X500Name) csn.get(CertificateSubjectName.DN_NAME); + X500Name dname = (X500Name) csn.get(CertificateSubjectName.DN_NAME); pp = ""; RDN[] rdns = dname.getNames(); @@ -201,14 +200,14 @@ public class PrettyPrintCert { for (int i = rdns.length - 1; i >= 0; i--) { pp = pp + rdns[i] + "\n"; } - - } catch (Exception e) { + + } catch (Exception e) { System.out.println("ERROR"); e.printStackTrace(); - } + } } else { // (7) For this utility, always specify the default Locale - aLocale = Locale.getDefault(); + aLocale = Locale.getDefault(); // (8) Create a CertPrettyPrint() object certDetails = new CertPrettyPrint(cert); @@ -226,7 +225,7 @@ public class PrettyPrintCert { outputCert = new FileOutputStream(outputfile); } catch (Exception e) { System.out.println("PrettyPrintCert: unable to open file " + - argv[1] + " for writing:\n" + e); + argv[1] + " for writing:\n" + e); return; } @@ -234,18 +233,17 @@ public class PrettyPrintCert { outputCert.write(pp.getBytes()); } catch (IOException e) { System.out.println("PrettyPrintCert: Unexpected error " + - "encountered while attempting to write() " + - outputfile + ":\n" + e); + "encountered while attempting to write() " + + outputfile + ":\n" + e); } try { outputCert.close(); } catch (IOException e) { System.out.println("PrettyPrintCert: Unexpected error " + - "encountered while attempting to close() " + - outputfile + ":\n" + e); + "encountered while attempting to close() " + + outputfile + ":\n" + e); } } } } - diff --git a/pki/base/java-tools/src/com/netscape/cmstools/PrettyPrintCrl.java b/pki/base/java-tools/src/com/netscape/cmstools/PrettyPrintCrl.java index b072867b..b55b62bf 100644 --- a/pki/base/java-tools/src/com/netscape/cmstools/PrettyPrintCrl.java +++ b/pki/base/java-tools/src/com/netscape/cmstools/PrettyPrintCrl.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cmstools; - import java.io.BufferedInputStream; import java.io.BufferedReader; import java.io.FileInputStream; @@ -38,33 +37,33 @@ import netscape.security.x509.OIDMap; import netscape.security.x509.X509CRLImpl; import netscape.security.x509.X509ExtensionException; - /** * The PrettyPrintCrl class is a utility program designed to "pretty print" - * a CRL. It assumes that the name of a data file is passed to the + * a CRL. It assumes that the name of a data file is passed to the * program via the command line, and that the contents contain a CRL - * encoded in an ASCII BASE 64 format. Note that the data file may contain + * encoded in an ASCII BASE 64 format. Note that the data file may contain * an optional "-----BEGIN" header and/or an optional "-----END" trailer. - * + * * <P> * The program may be invoked as follows: + * * <PRE> - * + * * PrettyPrintCrl <input filename> [output filename] - * + * * NOTE: <input filename> must contain an ASCII * BASE 64 encoded CRL - * + * * <output filename> contains a CRL displayed * in a "pretty print" ASCII format * </PRE> - * + * * @version $Revision$, $Date$ */ public class PrettyPrintCrl { // Define constants - public static final int ARGC = 2; + public static final int ARGC = 2; public static final String HEADER = "-----BEGIN"; public static final String TRAILER = "-----END"; @@ -83,33 +82,33 @@ public class PrettyPrintCrl { // (1) Check that at least one argument was submitted to the program if ((argv.length < 1) || (argv.length > ARGC)) { System.out.println("Usage: PrettyPrintCrl " + - "<input filename> " + - "[output filename]"); + "<input filename> " + + "[output filename]"); return; } try { OIDMap.addAttribute(DeltaCRLIndicatorExtension.class.getName(), - DeltaCRLIndicatorExtension.OID, - DeltaCRLIndicatorExtension.class.getSimpleName()); + DeltaCRLIndicatorExtension.OID, + DeltaCRLIndicatorExtension.class.getSimpleName()); } catch (CertificateException e) { } try { OIDMap.addAttribute(HoldInstructionExtension.class.getName(), - HoldInstructionExtension.OID, - HoldInstructionExtension.class.getSimpleName()); + HoldInstructionExtension.OID, + HoldInstructionExtension.class.getSimpleName()); } catch (CertificateException e) { } try { OIDMap.addAttribute(InvalidityDateExtension.class.getName(), - InvalidityDateExtension.OID, - InvalidityDateExtension.class.getSimpleName()); + InvalidityDateExtension.OID, + InvalidityDateExtension.class.getSimpleName()); } catch (CertificateException e) { } try { OIDMap.addAttribute(IssuingDistributionPointExtension.class.getName(), - IssuingDistributionPointExtension.OID, - IssuingDistributionPointExtension.class.getSimpleName()); + IssuingDistributionPointExtension.OID, + IssuingDistributionPointExtension.class.getSimpleName()); } catch (CertificateException e) { } @@ -119,11 +118,11 @@ public class PrettyPrintCrl { try { inputCrl = new BufferedReader(new InputStreamReader( new BufferedInputStream( - new FileInputStream( - argv[0])))); + new FileInputStream( + argv[0])))); } catch (FileNotFoundException e) { System.out.println("PrettyPrintCrl(): can''t find file " + - argv[0] + ":\n" + e); + argv[0] + ":\n" + e); return; } @@ -134,14 +133,14 @@ public class PrettyPrintCrl { try { while ((encodedBASE64CrlChunk = inputCrl.readLine()) != null) { if (!(encodedBASE64CrlChunk.startsWith(HEADER)) && - !(encodedBASE64CrlChunk.startsWith(TRAILER))) { + !(encodedBASE64CrlChunk.startsWith(TRAILER))) { encodedBASE64Crl += encodedBASE64CrlChunk.trim(); } } } catch (IOException e) { System.out.println("PrettyPrintCrl(): Unexpected BASE64 " + - "encoded error encountered in readLine():\n" + - e); + "encoded error encountered in readLine():\n" + + e); } // (4) Close the DataInputStream() object @@ -149,9 +148,9 @@ public class PrettyPrintCrl { inputCrl.close(); } catch (IOException e) { System.out.println("PrettyPrintCrl(): Unexpected BASE64 " + - "encoded error encountered in close():\n" + e); + "encoded error encountered in close():\n" + e); } - + // (5) Decode the ASCII BASE 64 CRL enclosed in the // String() object into a BINARY BASE 64 byte[] object @@ -163,14 +162,14 @@ public class PrettyPrintCrl { crl = new X509CRLImpl(decodedBASE64Crl); } catch (CRLException e) { System.out.println("PrettyPrintCrl(): Error encountered " + - "on parsing and initialization errors:\n" + e); + "on parsing and initialization errors:\n" + e); } catch (X509ExtensionException e) { System.out.println("PrettyPrintCrl(): Error encountered " + - "on parsing and initialization errors:\n" + e); + "on parsing and initialization errors:\n" + e); } // (7) For this utility, always specify the default Locale - aLocale = Locale.getDefault(); + aLocale = Locale.getDefault(); // (8) Create a CrlPrettyPrint() object CrlDetails = new CrlPrettyPrint(crl); @@ -187,7 +186,7 @@ public class PrettyPrintCrl { outputCrl = new FileOutputStream(argv[1]); } catch (IOException e) { System.out.println("PrettyPrintCrl(): unable to open file " + - argv[1] + " for writing:\n" + e); + argv[1] + " for writing:\n" + e); return; } @@ -195,18 +194,17 @@ public class PrettyPrintCrl { outputCrl.write(pp.getBytes()); } catch (IOException e) { System.out.println("PrettyPrintCrl(): I/O error " + - "encountered during write():\n" + - e); + "encountered during write():\n" + + e); } try { outputCrl.close(); } catch (IOException e) { System.out.println("PrettyPrintCrl(): Unexpected error " + - "encountered while attempting to close() " + - argv[1] + ":\n" + e); + "encountered while attempting to close() " + + argv[1] + ":\n" + e); } } } } - diff --git a/pki/base/java-tools/src/com/netscape/cmstools/TestCRLSigning.java b/pki/base/java-tools/src/com/netscape/cmstools/TestCRLSigning.java index d43b3533..10956748 100644 --- a/pki/base/java-tools/src/com/netscape/cmstools/TestCRLSigning.java +++ b/pki/base/java-tools/src/com/netscape/cmstools/TestCRLSigning.java @@ -34,19 +34,17 @@ import org.mozilla.jss.util.Password; /** * Tool used to test out signing a CRL - * + * * <p> + * * @version $Revision$ Date: $ */ -public class TestCRLSigning -{ - public static void printUsage() - { - System.out.println("Command <dbdir> <numreovked> <keysize> <tokenname> <tokenpwd>"); +public class TestCRLSigning { + public static void printUsage() { + System.out.println("Command <dbdir> <numreovked> <keysize> <tokenname> <tokenpwd>"); } - public static void main(String args[]) throws Exception - { + public static void main(String args[]) throws Exception { String dir = args[0]; String num = args[1]; String keysize = args[2]; @@ -56,18 +54,18 @@ public class TestCRLSigning // initialize JSS CryptoManager cm = null; CryptoManager.InitializationValues vals = - new CryptoManager.InitializationValues(dir, "", "", "secmod.db"); + new CryptoManager.InitializationValues(dir, "", "", "secmod.db"); CryptoManager.initialize(vals); cm = CryptoManager.getInstance(); // Login to token CryptoToken token = null; if (tokenname.equals("internal")) { - token = cm.getInternalKeyStorageToken(); + token = cm.getInternalKeyStorageToken(); } else { - token = cm.getTokenByName(tokenname); + token = cm.getTokenByName(tokenname); } - Password pass = new Password(tokenpwd.toCharArray()); + Password pass = new Password(tokenpwd.toCharArray()); token.login(pass); // generate key pair @@ -81,13 +79,13 @@ public class TestCRLSigning Hashtable badCerts = new Hashtable(); int n = Integer.parseInt(num); for (int i = 0; i < n; i++) { - badCerts.put(Integer.toString(i), - new RevokedCertImpl(new BigInteger(Integer.toString(i)), curDate)); + badCerts.put(Integer.toString(i), + new RevokedCertImpl(new BigInteger(Integer.toString(i)), curDate)); } long endPutting = System.currentTimeMillis(); long startConstructing = System.currentTimeMillis(); - X509CRLImpl crl = new X509CRLImpl( + X509CRLImpl crl = new X509CRLImpl( new X500Name("CN=Signer"), null, curDate, @@ -96,7 +94,6 @@ public class TestCRLSigning null); long endConstructing = System.currentTimeMillis(); - System.out.println("Start signing"); long startSigning = System.currentTimeMillis(); crl.sign(pair.getPrivate(), "SHA1withRSA"); diff --git a/pki/base/java-tools/src/com/netscape/cmstools/TokenInfo.java b/pki/base/java-tools/src/com/netscape/cmstools/TokenInfo.java index ade2b467..d695dcfa 100644 --- a/pki/base/java-tools/src/com/netscape/cmstools/TokenInfo.java +++ b/pki/base/java-tools/src/com/netscape/cmstools/TokenInfo.java @@ -17,59 +17,57 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cmstools; - import java.util.Enumeration; import org.mozilla.jss.CryptoManager; import org.mozilla.jss.crypto.CryptoToken; import org.mozilla.jss.pkcs11.PK11Module; - - /** * Tool used to determine which external hardware tokens are visible to the * Certificate System subsystem. This can be used to diagnose whether problems * using tokens are related to the Certificate System being unable to detect it. - * + * * <p> + * * @version $Revision$ Date: $ */ public class TokenInfo { - + /** - * Creates a new instance of CMCRevoke. + * Creates a new instance of CMCRevoke. */ - public static void main(String[]args) { + public static void main(String[] args) { try { - if (args.length != 1) { - System.out.println("Usage: TokenInfo <alias directory>"); - System.exit(0); - } - System.out.println("Database Path: " + args[0]); + if (args.length != 1) { + System.out.println("Usage: TokenInfo <alias directory>"); + System.exit(0); + } + System.out.println("Database Path: " + args[0]); - CryptoManager.InitializationValues vals = - new CryptoManager.InitializationValues(args[0], - "", "", "secmod.db"); + CryptoManager.InitializationValues vals = + new CryptoManager.InitializationValues(args[0], + "", "", "secmod.db"); - CryptoManager.initialize(vals); - - CryptoManager cm = CryptoManager.getInstance(); - Enumeration modules = cm.getModules(); - while (modules.hasMoreElements()) { - PK11Module m = (PK11Module)modules.nextElement(); - System.out.println("Found external module '" + m.getName() + "'"); - } - Enumeration tokens = cm.getExternalTokens(); + CryptoManager.initialize(vals); - while (tokens.hasMoreElements()) { - CryptoToken t = (CryptoToken)tokens.nextElement(); - System.out.println("Found external token '" + t.getName() + "'"); - } + CryptoManager cm = CryptoManager.getInstance(); + Enumeration modules = cm.getModules(); + while (modules.hasMoreElements()) { + PK11Module m = (PK11Module) modules.nextElement(); + System.out.println("Found external module '" + m.getName() + "'"); + } + Enumeration tokens = cm.getExternalTokens(); - }catch (Exception e) { - e.printStackTrace(); - System.exit(1); + while (tokens.hasMoreElements()) { + CryptoToken t = (CryptoToken) tokens.nextElement(); + System.out.println("Found external token '" + t.getName() + "'"); } - + + } catch (Exception e) { + e.printStackTrace(); + System.exit(1); + } + } } |