diff --git a/base/ca/src/main/java/com/netscape/cms/servlet/cert/HashEnrollServlet.java b/base/ca/src/main/java/com/netscape/cms/servlet/cert/HashEnrollServlet.java index 207ed8fdf9e..ff98374bc89 100644 --- a/base/ca/src/main/java/com/netscape/cms/servlet/cert/HashEnrollServlet.java +++ b/base/ca/src/main/java/com/netscape/cms/servlet/cert/HashEnrollServlet.java @@ -27,6 +27,7 @@ import java.security.cert.X509Certificate; import java.util.Date; import java.util.Enumeration; +import java.util.Iterator; import java.util.Locale; import java.util.Vector; @@ -83,8 +84,8 @@ import com.netscape.cmscore.base.ConfigStore; import com.netscape.cmscore.cert.CertUtils; import com.netscape.cmscore.dbs.CertRecord; -import com.netscape.cmscore.dbs.CertRecordList; import com.netscape.cmscore.dbs.CertificateRepository; +import com.netscape.cmscore.dbs.RecordPagedList; import com.netscape.cmscore.request.CertRequestRepository; import com.netscape.cmscore.request.Request; @@ -95,11 +96,11 @@ */ public class HashEnrollServlet extends CAServlet { - public static org.slf4j.Logger logger = org.slf4j.LoggerFactory.getLogger(HashEnrollServlet.class); + public static final org.slf4j.Logger logger = org.slf4j.LoggerFactory.getLogger(HashEnrollServlet.class); private static final long serialVersionUID = 5532936020515258333L; - public final static String ADMIN_ENROLL_SERVLET_ID = "adminEnroll"; + public static final String ADMIN_ENROLL_SERVLET_ID = "adminEnroll"; // enrollment templates. public static final String ENROLL_SUCCESS_TEMPLATE = "/ra/HashEnrollSuccess.template"; @@ -126,7 +127,6 @@ public class HashEnrollServlet extends CAServlet { private ICMSTemplateFiller mEnrollSuccessFiller = new ImportCertsTemplateFiller(); CertificateAuthority mCa; - CertificateRepository mRepository; public HashEnrollServlet() { super(); @@ -161,7 +161,7 @@ public void init(ServletConfig sc) throws ServletException { CAEngine engine = CAEngine.getInstance(); mCa = engine.getCA(); - init_testbed_hack(mConfig); + initTestbedHack(mConfig); } catch (Exception e) { logger.warn(CMS.getLogMessage("CMSGW_IMP_INIT_SERV_ERR", e.toString(), mId)); } @@ -226,8 +226,6 @@ else if (diff > timeout) { certType = httpParams.getValueAsString(OLD_CERT_TYPE, null); if (certType == null) { certType = httpParams.getValueAsString(CERT_TYPE, "client"); - } else { - ; } processX509(cmsReq); @@ -304,15 +302,15 @@ protected void processX509(CMSRequest cmsReq) String certauthEnrollType = null; - if (certAuthEnroll == true) { + if (certAuthEnroll) { certauthEnrollType = httpParams.getValueAsString("certauthEnrollType", null); if (certauthEnrollType != null) { - if (certauthEnrollType.equals("dual")) { + if (certauthEnrollType.equals(CERT_AUTH_DUAL)) { logger.debug("HashEnrollServlet: certauthEnrollType is dual"); - } else if (certauthEnrollType.equals("encryption")) { + } else if (certauthEnrollType.equals(CERT_AUTH_ENCRYPTION)) { logger.debug("HashEnrollServlet: certauthEnrollType is encryption"); - } else if (certauthEnrollType.equals("single")) { + } else if (certauthEnrollType.equals(CERT_AUTH_SINGLE)) { logger.debug("HashEnrollServlet: certauthEnrollType is single"); } else { logger.error(CMS.getLogMessage("CMSGW_INVALID_CERTAUTH_ENROLL_TYPE_1", certauthEnrollType)); @@ -360,7 +358,7 @@ protected void processX509(CMSRequest cmsReq) // also if authenticated, take certInfo from authToken. X509CertInfo certInfo = null; - if (certAuthEnroll == true) { + if (certAuthEnroll) { sslClientCert = getSSLClientCertificate(httpReq); if (sslClientCert == null) { logger.error(CMS.getLogMessage("CMSGW_MISSING_SSL_CLIENT_CERT")); @@ -406,7 +404,7 @@ protected void processX509(CMSRequest cmsReq) // don't store agent token in request. // agent currently used for bulk issuance. // if (!authMgr.equals(IAuthSubsystem.CERTUSERDB_AUTHMGR_ID)) { - logger.info("Enrollment request was authenticated by " + + logger.info("Enrollment request was authenticated by {}", authToken.getInString(AuthToken.TOKEN_AUTHMGR_INST_NAME)); fillCertInfoFromAuthToken(certInfo, authToken); // save authtoken attrs to request directly (for policy use) @@ -429,7 +427,7 @@ protected void processX509(CMSRequest cmsReq) String crmf = httpParams.getValueAsString(CRMF_REQUEST, null); - if (certAuthEnroll == true) { + if (certAuthEnroll) { fillCertInfoFromAuthToken(certInfo, authToken); @@ -457,11 +455,7 @@ protected void processX509(CMSRequest cmsReq) key = (X509Key) sslClientCert.getPublicKey(); try { certInfo.set(X509CertInfo.KEY, new CertificateX509Key(key)); - } catch (CertificateException e) { - logger.error(CMS.getLogMessage("CMSGW_FAILED_SET_KEY_FROM_CERT_AUTH_ENROLL_1", e.toString()), e); - throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_SET_KEY_FROM_CERT_AUTH_ENROLL_FAILED", e.toString()), e); - } catch (IOException e) { + } catch (CertificateException | IOException e) { logger.error(CMS.getLogMessage("CMSGW_FAILED_SET_KEY_FROM_CERT_AUTH_ENROLL_1", e.toString()), e); throw new ECMSGWException( CMS.getUserMessage("CMS_GW_SET_KEY_FROM_CERT_AUTH_ENROLL_FAILED", e.toString()), e); @@ -471,12 +465,11 @@ protected void processX509(CMSRequest cmsReq) "(&(x509cert.subject=" + certBasedOldSubjectDN + ")(!(x509cert.serialNumber=" + certBasedOldSerialNum + "))(certStatus=VALID))"; - CertRecordList list = cr.findCertRecordsInList(filter, null, 10); - int size = list.getSize(); - Enumeration en = list.getCertRecords(0, size - 1); + RecordPagedList records = cr.findPagedCertRecords(filter, null, null); + Iterator iRec = records.iterator(); boolean gotEncCert = false; - if (!en.hasMoreElements()) { + if (!iRec.hasNext()) { // pairing encryption cert not found } else { X509CertInfo encCertInfo = new CertInfo(); @@ -484,9 +477,9 @@ protected void processX509(CMSRequest cmsReq) encCertInfo }; int i = 1; - while (en.hasMoreElements()) { - CertRecord record = en.nextElement(); - X509CertImpl cert = record.getCertificate(); + while (iRec.hasNext() && !gotEncCert) { + CertRecord rec = iRec.next(); + X509CertImpl cert = rec.getCertificate(); // if not encryption cert only, try next one if (!CertUtils.isEncryptionCert(cert) || @@ -509,11 +502,7 @@ protected void processX509(CMSRequest cmsReq) try { encCertInfo.set(X509CertInfo.KEY, new CertificateX509Key(key)); - } catch (CertificateException e) { - logger.error(CMS.getLogMessage("CMSGW_FAILED_SET_KEY_FROM_CERT_AUTH_ENROLL_1", e.toString()), e); - throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_SET_KEY_FROM_CERT_AUTH_ENROLL_FAILED", e.toString()), e); - } catch (IOException e) { + } catch (CertificateException | IOException e) { logger.error(CMS.getLogMessage("CMSGW_FAILED_SET_KEY_FROM_CERT_AUTH_ENROLL_1", e.toString()), e); throw new ECMSGWException( CMS.getUserMessage("CMS_GW_SET_KEY_FROM_CERT_AUTH_ENROLL_FAILED", e.toString()), e); @@ -523,11 +512,10 @@ protected void processX509(CMSRequest cmsReq) cInfoArray[i++] = encCertInfo; certInfoArray = cInfoArray; gotEncCert = true; - break; } } - if (gotEncCert == false) { + if (!gotEncCert) { // encryption cert not found, bail logger.error(CMS.getLogMessage("CMSGW_ENCRYPTION_CERT_NOT_FOUND")); throw new ECMSGWException( @@ -548,11 +536,11 @@ protected void processX509(CMSRequest cmsReq) /* * crmf */ - if (crmf != null && crmf != "") { + if (crmf != null && !crmf.isBlank()) { certInfoArray = fillCRMF(crmf, authToken, httpParams, req); req.setExtData(CLIENT_ISSUER, sslClientCert.getIssuerDN().toString()); - logger.debug("HashEnrollServlet: sslClientCert issuerDN = " + sslClientCert.getIssuerDN()); + logger.debug("HashEnrollServlet: sslClientCert issuerDN = {}", sslClientCert.getIssuerDN()); } else { logger.error(CMS.getLogMessage("CMSGW_MISSING_KEYGEN_INFO")); throw new ECMSGWException(CMS.getUserMessage(getLocale(httpReq), @@ -561,7 +549,7 @@ protected void processX509(CMSRequest cmsReq) } else if (certauthEnrollType.equals(CERT_AUTH_SINGLE)) { // have to be buried here to handle the issuer - if (crmf != null && crmf != "") { + if (crmf != null && !crmf.isBlank()) { certInfoArray = fillCRMF(crmf, authToken, httpParams, req); } else { logger.error(CMS.getLogMessage("CMSGW_MISSING_KEYGEN_INFO")); @@ -572,7 +560,7 @@ protected void processX509(CMSRequest cmsReq) req.setExtData(CLIENT_ISSUER, sslClientCert.getIssuerDN().toString()); } - } else if (crmf != null && crmf != "") { + } else if (crmf != null && !crmf.isBlank()) { certInfoArray = fillCRMF(crmf, authToken, httpParams, req); } else { logger.error(CMS.getLogMessage("CMSGW_MISSING_KEYGEN_INFO")); @@ -629,7 +617,7 @@ protected void processX509(CMSRequest cmsReq) if (messages != null) { Enumeration msgs = messages.elements(); - StringBuffer wholeMsg = new StringBuffer(); + StringBuilder wholeMsg = new StringBuilder(); while (msgs.hasMoreElements()) { wholeMsg.append("\n"); @@ -707,10 +695,7 @@ protected void processX509(CMSRequest cmsReq) "" ); - } catch (IOException e) { - logger.warn(CMS.getLogMessage("CMSGW_CANT_GET_CERT_SUBJ_AUDITING", e.toString()), e); - - } catch (CertificateException e) { + } catch (CertificateException | IOException e) { logger.warn(CMS.getLogMessage("CMSGW_CANT_GET_CERT_SUBJ_AUDITING", e.toString()), e); } } @@ -755,8 +740,6 @@ protected void processX509(CMSRequest cmsReq) throw new ECMSGWException( CMS.getUserMessage("CMS_GW_RETURNING_RESULT_ERROR"), e); } - - return; } /** @@ -781,15 +764,10 @@ protected void fillCertInfoFromAuthToken( CertificateSubjectName certSubject = new CertificateSubjectName(new X500Name(subjectname)); certInfo.set(X509CertInfo.SUBJECT, certSubject); - logger.info("cert subject set to " + certSubject + " from authtoken"); + logger.info("cert subject set to {} from authtoken", certSubject); } - } catch (CertificateException e) { - logger.error(CMS.getLogMessage("CMSGW_ERROR_SET_SUBJECT_NAME_1", e.toString()), e); - throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_SET_SUBJECT_NAME_ERROR"), e); - - } catch (IOException e) { + } catch (CertificateException | IOException e) { logger.error(CMS.getLogMessage("CMSGW_ERROR_SET_SUBJECT_NAME_1", e.toString()), e); throw new ECMSGWException( CMS.getUserMessage("CMS_GW_SET_SUBJECT_NAME_ERROR"), e); @@ -806,15 +784,10 @@ protected void fillCertInfoFromAuthToken( if (notBefore != null && notAfter != null) { validity = new CertificateValidity(notBefore, notAfter); certInfo.set(X509CertInfo.VALIDITY, validity); - logger.info("cert validity set to " + validity + " from authtoken"); + logger.info("cert validity set to {} from authtoken", validity); } - } catch (CertificateException e) { - logger.error(CMS.getLogMessage("CMSGW_ERROR_SET_VALIDITY_1", e.toString()), e); - throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_SET_VALIDITY_ERROR"), e); - - } catch (IOException e) { + } catch (CertificateException | IOException e) { logger.error(CMS.getLogMessage("CMSGW_ERROR_SET_VALIDITY_1", e.toString()), e); throw new ECMSGWException( CMS.getUserMessage("CMS_GW_SET_VALIDITY_ERROR"), e); @@ -830,12 +803,7 @@ protected void fillCertInfoFromAuthToken( logger.info("cert extensions set from authtoken"); } - } catch (CertificateException e) { - logger.error(CMS.getLogMessage("CMSGW_ERROR_SET_EXTENSIONS_1", e.toString()), e); - throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_SET_EXTENSIONS_ERROR"), e); - - } catch (IOException e) { + } catch (CertificateException | IOException e) { logger.error(CMS.getLogMessage("CMSGW_ERROR_SET_EXTENSIONS_1", e.toString()), e); throw new ECMSGWException( CMS.getUserMessage("CMS_GW_SET_EXTENSIONS_ERROR"), e); @@ -927,9 +895,7 @@ protected X509CertInfo[] fillCRMF( try { extensions = (CertificateExtensions) certInfo.get(X509CertInfo.EXTENSIONS); - } catch (CertificateException e) { - extensions = null; - } catch (IOException e) { + } catch (CertificateException | IOException e) { extensions = null; } if (certTemplate.hasExtensions()) { @@ -991,26 +957,11 @@ protected X509CertInfo[] fillCRMF( certInfoArray[i] = certInfo; } - do_testbed_hack(nummsgs, certInfoArray, httpParams); + doTestbedHack(certInfoArray, httpParams); return certInfoArray; - } catch (CertificateException e) { - logger.error(CMS.getLogMessage("CMSGW_ERROR_CRMF_TO_CERTINFO_1", e.toString()), e); - throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_CRMF_TO_CERTINFO_ERROR"), e); - - } catch (IOException e) { - logger.error(CMS.getLogMessage("CMSGW_ERROR_CRMF_TO_CERTINFO_1", e.toString()), e); - throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_CRMF_TO_CERTINFO_ERROR"), e); - - } catch (InvalidBERException e) { - logger.error(CMS.getLogMessage("CMSGW_ERROR_CRMF_TO_CERTINFO_1", e.toString()), e); - throw new ECMSGWException( - CMS.getUserMessage("CMS_GW_CRMF_TO_CERTINFO_ERROR"), e); - - } catch (InvalidKeyException e) { + } catch (CertificateException | IOException | InvalidBERException | InvalidKeyException e) { logger.error(CMS.getLogMessage("CMSGW_ERROR_CRMF_TO_CERTINFO_1", e.toString()), e); throw new ECMSGWException( CMS.getUserMessage("CMS_GW_CRMF_TO_CERTINFO_ERROR"), e); @@ -1050,7 +1001,7 @@ protected void renderServerEnrollResult(CMSRequest cmsReq) throws Exception { out.println("Certificate: "); out.println("

"); out.println("

");
-            X509CertImpl certs[] =
+            X509CertImpl[] certs =
                     cmsReq.getRequest().getExtDataInCertArray(Request.ISSUED_CERTS);
 
             out.println(CertUtil.toPEM(certs[0]));
@@ -1128,13 +1079,11 @@ protected void renderServerEnrollResult(CMSRequest cmsReq) throws Exception {
 
     private boolean mIsTestBed = false;
 
-    private void init_testbed_hack(ConfigStore config) throws EBaseException {
+    private void initTestbedHack(ConfigStore config) throws EBaseException {
         mIsTestBed = config.getBoolean("isTestBed", true);
     }
 
-    private void do_testbed_hack(
-            int nummsgs, X509CertInfo[] certinfo, ArgBlock httpParams)
-            throws EBaseException {
+    private void doTestbedHack(X509CertInfo[] certinfo, ArgBlock httpParams) {
         if (!mIsTestBed)
             return;
 
@@ -1185,12 +1134,8 @@ private void do_testbed_hack(
                     exts.delete(KeyUsageExtension.NAME);
                     exts.set(KeyUsageExtension.NAME, newext);
                 }
-            } catch (IOException e) {
-                // should never happen
-                continue;
-            } catch (CertificateException e) {
+            } catch (IOException | CertificateException e) {
                 // should never happen
-                continue;
             }
         }