diff options
Diffstat (limited to 'pki/base/ocsp/src/com/netscape/ocsp/SigningUnit.java')
-rw-r--r-- | pki/base/ocsp/src/com/netscape/ocsp/SigningUnit.java | 76 |
1 files changed, 37 insertions, 39 deletions
diff --git a/pki/base/ocsp/src/com/netscape/ocsp/SigningUnit.java b/pki/base/ocsp/src/com/netscape/ocsp/SigningUnit.java index d1447de2..83b48096 100644 --- a/pki/base/ocsp/src/com/netscape/ocsp/SigningUnit.java +++ b/pki/base/ocsp/src/com/netscape/ocsp/SigningUnit.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.ocsp; - import java.security.InvalidKeyException; import java.security.NoSuchAlgorithmException; import java.security.PublicKey; @@ -51,7 +50,7 @@ import com.netscape.cmsutil.util.Cert; /** * OCSP signing unit based on JSS. - * + * * $Revision$ $Date$ */ @@ -76,8 +75,8 @@ public final class SigningUnit implements ISigningUnit { private ISubsystem mOwner = null; - private String mDefSigningAlgname = null; - private SignatureAlgorithm mDefSigningAlgorithm = null; + private String mDefSigningAlgname = null; + private SignatureAlgorithm mDefSigningAlgorithm = null; public SigningUnit() { } @@ -124,8 +123,8 @@ public final class SigningUnit implements ISigningUnit { } public void init(ISubsystem owner, IConfigStore config) - throws EBaseException { - mOwner = owner; + throws EBaseException { + mOwner = owner; mConfig = config; String tokenname = null; @@ -139,7 +138,7 @@ public final class SigningUnit implements ISigningUnit { tokenname = config.getString(PROP_TOKEN_NAME); if (tokenname.equalsIgnoreCase(Constants.PR_INTERNAL_TOKEN) || - tokenname.equalsIgnoreCase("Internal Key Storage Token")) { + tokenname.equalsIgnoreCase("Internal Key Storage Token")) { mToken = mManager.getInternalKeyStorageToken(); } else { mToken = mManager.getTokenByName(tokenname); @@ -149,12 +148,12 @@ public final class SigningUnit implements ISigningUnit { CMS.debug(config.getName() + " Signing Unit nickname " + mNickname); CMS.debug("Got token " + tokenname + " by name"); - PasswordCallback cb = JssSubsystem.getInstance().getPWCB(); + PasswordCallback cb = JssSubsystem.getInstance().getPWCB(); mToken.login(cb); // ONE_TIME by default. mCert = mManager.findCertByNickname(mNickname); - CMS.debug("Found cert by nickname: '"+mNickname+"' with serial number: "+mCert.getSerialNumber()); + CMS.debug("Found cert by nickname: '" + mNickname + "' with serial number: " + mCert.getSerialNumber()); mCertImpl = new X509CertImpl(mCert.getEncoded()); CMS.debug("converted to x509CertImpl"); @@ -167,22 +166,22 @@ public final class SigningUnit implements ISigningUnit { // get def alg and check if def sign alg is valid for token. mDefSigningAlgname = config.getString(PROP_DEFAULT_SIGNALG); - mDefSigningAlgorithm = + mDefSigningAlgorithm = checkSigningAlgorithmFromName(mDefSigningAlgname); CMS.debug( - "got signing algorithm " + mDefSigningAlgorithm); + "got signing algorithm " + mDefSigningAlgorithm); mInited = true; } catch (java.security.cert.CertificateException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_OCSP_CONVERT_X509", e.getMessage())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_OCSP_CONVERT_X509", e.getMessage())); throw new EOCSPException(CMS.getUserMessage("CMS_BASE_INTERNAL_ERROR", e.toString())); } catch (CryptoManager.NotInitializedException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_OCSP_SIGNING", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_OCSP_SIGNING", e.toString())); throw new EOCSPException(CMS.getUserMessage("CMS_BASE_INTERNAL_ERROR", e.toString())); } catch (IncorrectPasswordException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_OCSP_INCORRECT_PWD", e.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_OCSP_INCORRECT_PWD", e.toString())); throw new EOCSPException(CMS.getUserMessage("CMS_BASE_INTERNAL_ERROR", e.toString())); } catch (NoSuchTokenException e) { log(ILogger.LL_FAILURE, CMS.getLogMessage("CMSCORE_OCSP_TOKEN_NOT_FOUND", tokenname, e.toString())); @@ -206,14 +205,14 @@ public final class SigningUnit implements ISigningUnit { * @exception EBaseException if signing algorithm is not supported. */ public SignatureAlgorithm checkSigningAlgorithmFromName(String algname) - throws EBaseException { + throws EBaseException { try { SignatureAlgorithm sigalg = null; sigalg = mapAlgorithmToJss(algname); if (sigalg == null) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_OCSP_SIGN_ALG_NOT_SUPPORTED", algname)); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_OCSP_SIGN_ALG_NOT_SUPPORTED", algname)); throw new EOCSPException(CMS.getUserMessage("CMS_BASE_INTERNAL_ERROR", "")); } Signature signer = mToken.getSignatureContext(sigalg); @@ -221,17 +220,17 @@ public final class SigningUnit implements ISigningUnit { signer.initSign(mPrivk); return sigalg; } catch (NoSuchAlgorithmException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_OCSP_SIGN_ALG_NOT_SUPPORTED", algname)); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_OCSP_SIGN_ALG_NOT_SUPPORTED", algname)); throw new EOCSPException(CMS.getUserMessage("CMS_BASE_INTERNAL_ERROR", e.toString())); } catch (TokenException e) { // from get signature context or from initSign - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_OCSP_SIGN_ALG_NOT_SUPPORTED", algname)); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_OCSP_SIGN_ALG_NOT_SUPPORTED", algname)); throw new EOCSPException(CMS.getUserMessage("CMS_BASE_INTERNAL_ERROR", e.toString())); } catch (InvalidKeyException e) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_OCSP_SIGN_ALG_NOT_SUPPORTED", algname)); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_OCSP_SIGN_ALG_NOT_SUPPORTED", algname)); throw new EOCSPException(CMS.getUserMessage("CMS_BASE_INTERNAL_ERROR", e.toString())); } } @@ -240,7 +239,7 @@ public final class SigningUnit implements ISigningUnit { * @param algname is expected to be one of JCA's algorithm names. */ public byte[] sign(byte[] data, String algname) - throws EBaseException { + throws EBaseException { if (!mInited) { throw new EBaseException("OCSPSigningUnit not initialized!"); } @@ -253,10 +252,10 @@ public final class SigningUnit implements ISigningUnit { signAlg = checkSigningAlgorithmFromName(algname); } - // XXX use a pool of signers based on alg ? + // XXX use a pool of signers based on alg ? // XXX Map algor. name to id. hack: use hardcoded define for now. CMS.debug( - "Getting algorithm context for " + algname + " " + signAlg); + "Getting algorithm context for " + algname + " " + signAlg); Signature signer = mToken.getSignatureContext(signAlg); signer.initSign(mPrivk); @@ -280,7 +279,7 @@ public final class SigningUnit implements ISigningUnit { } public boolean verify(byte[] data, byte[] signature, String algname) - throws EBaseException { + throws EBaseException { if (!mInited) { throw new EBaseException("OCSPSigningUnit not initialized!"); } @@ -288,8 +287,8 @@ public final class SigningUnit implements ISigningUnit { SignatureAlgorithm signAlg = mapAlgorithmToJss(algname); if (signAlg == null) { - log(ILogger.LL_FAILURE, - CMS.getLogMessage("CMSCORE_OCSP_SIGN_ALG_NOT_SUPPORTED", algname)); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CMSCORE_OCSP_SIGN_ALG_NOT_SUPPORTED", algname)); throw new EOCSPException(CMS.getUserMessage("CMS_BASE_INTERNAL_ERROR", "")); } // XXX make this configurable. hack: use hardcoded for now. @@ -317,8 +316,8 @@ public final class SigningUnit implements ISigningUnit { private void log(int level, String msg) { if (mLogger == null) return; - mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_OCSP, - level, "OCSPSigningUnit: " + msg); + mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_OCSP, + level, "OCSPSigningUnit: " + msg); } /** @@ -336,15 +335,15 @@ public final class SigningUnit implements ISigningUnit { } public void setDefaultAlgorithm(String algorithm) throws EBaseException { - mConfig.putString(PROP_DEFAULT_SIGNALG, algorithm); + mConfig.putString(PROP_DEFAULT_SIGNALG, algorithm); mDefSigningAlgname = algorithm; - log(ILogger.LL_INFO, - "Default signing algorithm is set to " + algorithm); + log(ILogger.LL_INFO, + "Default signing algorithm is set to " + algorithm); } /** * get all possible algorithms for the OCSP signing key type. - */ + */ public String[] getAllAlgorithms() throws EBaseException { byte[] keybytes = mPubk.getEncoded(); X509Key key = new X509Key(); @@ -369,4 +368,3 @@ public final class SigningUnit implements ISigningUnit { return Cert.mapAlgorithmToJss(algname); } } - |