diff options
author | Ade Lee <alee@redhat.com> | 2016-05-04 18:25:51 -0400 |
---|---|---|
committer | Ade Lee <alee@redhat.com> | 2016-05-09 21:47:11 -0400 |
commit | 5384c8c21ed167e3b08f0d709c43a68fd49ffc38 (patch) | |
tree | 40e3df2dd35a289906cea538a3c5cd12cb364a23 /base/ca/shared | |
parent | fe1f36dd601f5d8956cf6e1d9b1855b5ea755596 (diff) | |
download | pki-5384c8c21ed167e3b08f0d709c43a68fd49ffc38.tar.gz pki-5384c8c21ed167e3b08f0d709c43a68fd49ffc38.tar.xz pki-5384c8c21ed167e3b08f0d709c43a68fd49ffc38.zip |
Add realm to requests coming in from CA
Requests to the KRA through the CA-KRA connector use the Enrollment
Service. This has been modified to read and store any realm passed in.
The realm can be added to the request by havibg the admin add
a AuthzRealmDefault and AuthzRealmConstraint in a profile.
At this point, all the constraint does is verify that the realm is
one of a specified list of realms. More verification will be added
in a subsequent patch.
No attempt is made yet to allow users to specify the realm. This
would need to be added as a ProfileInput.
Part of Ticket 2041
Diffstat (limited to 'base/ca/shared')
-rw-r--r-- | base/ca/shared/conf/registry.cfg | 10 |
1 files changed, 8 insertions, 2 deletions
diff --git a/base/ca/shared/conf/registry.cfg b/base/ca/shared/conf/registry.cfg index 9cd4e6d5c..0bd7c0548 100644 --- a/base/ca/shared/conf/registry.cfg +++ b/base/ca/shared/conf/registry.cfg @@ -1,8 +1,11 @@ types=profile,defaultPolicy,constraintPolicy,profileInput,profileOutput,profileUpdater -constraintPolicy.ids=noConstraintImpl,subjectNameConstraintImpl,uniqueSubjectNameConstraintImpl,userSubjectNameConstraintImpl,validityConstraintImpl,keyUsageExtConstraintImpl,nsCertTypeExtConstraintImpl,extendedKeyUsageExtConstraintImpl,keyConstraintImpl,basicConstraintsExtConstraintImpl,extensionConstraintImpl,signingAlgConstraintImpl,uniqueKeyConstraintImpl,renewGracePeriodConstraintImpl +constraintPolicy.ids=noConstraintImpl,subjectNameConstraintImpl,uniqueSubjectNameConstraintImpl,userSubjectNameConstraintImpl,validityConstraintImpl,keyUsageExtConstraintImpl,nsCertTypeExtConstraintImpl,extendedKeyUsageExtConstraintImpl,keyConstraintImpl,basicConstraintsExtConstraintImpl,extensionConstraintImpl,signingAlgConstraintImpl,uniqueKeyConstraintImpl,renewGracePeriodConstraintImpl,authzRealmConstraintImpl constraintPolicy.signingAlgConstraintImpl.class=com.netscape.cms.profile.constraint.SigningAlgConstraint constraintPolicy.signingAlgConstraintImpl.desc=Signing Algorithm Constraint constraintPolicy.signingAlgConstraintImpl.name=Signing Algorithm Constraint +constraintPolicy.authzRealmConstraintImpl.class=com.netscape.cms.profile.constraint.AuthzRealmConstraint +constraintPolicy.authzRealmConstraintImpl.desc=Authz Realm Constraint +constraintPolicy.authzRealmConstraintImpl.name=Authz Realm Constraint constraintPolicy.extensionConstraintImpl.class=com.netscape.cms.profile.constraint.ExtensionConstraint constraintPolicy.extensionConstraintImpl.desc=Extension Constraint constraintPolicy.extensionConstraintImpl.name=Extension Constraint @@ -42,7 +45,7 @@ constraintPolicy.renewGracePeriodConstraintImpl.name=Renewal Grace Period Constr constraintPolicy.uniqueKeyConstraintImpl.class=com.netscape.cms.profile.constraint.UniqueKeyConstraint constraintPolicy.uniqueKeyConstraintImpl.desc=Unique Public Key Constraint constraintPolicy.uniqueKeyConstraintImpl.name=Unique Public Key Constraint -defaultPolicy.ids=noDefaultImpl,genericExtDefaultImpl,autoAssignDefaultImpl,subjectNameDefaultImpl,validityDefaultImpl,randomizedValidityDefaultImpl,caValidityDefaultImpl,subjectKeyIdentifierExtDefaultImpl,authorityKeyIdentifierExtDefaultImpl,basicConstraintsExtDefaultImpl,keyUsageExtDefaultImpl,nsCertTypeExtDefaultImpl,extendedKeyUsageExtDefaultImpl,ocspNoCheckExtDefaultImpl,issuerAltNameExtDefaultImpl,subjectAltNameExtDefaultImpl,userSubjectNameDefaultImpl,signingAlgDefaultImpl,userKeyDefaultImpl,userValidityDefaultImpl,userExtensionDefaultImpl,userSigningAlgDefaultImpl,authTokenSubjectNameDefaultImpl,subjectInfoAccessExtDefaultImpl,authInfoAccessExtDefaultImpl,nscCommentExtDefaultImpl,freshestCRLExtDefaultImpl,crlDistributionPointsExtDefaultImpl,policyConstraintsExtDefaultImpl,policyMappingsExtDefaultImpl,nameConstraintsExtDefaultImpl,certificateVersionDefaultImpl,certificatePoliciesExtDefaultImpl,subjectDirAttributesExtDefaultImpl,privateKeyPeriodExtDefaultImpl,inhibitAnyPolicyExtDefaultImpl,imageDefaultImpl,nsTokenDeviceKeySubjectNameDefaultImpl,nsTokenUserKeySubjectNameDefaultImpl +defaultPolicy.ids=noDefaultImpl,genericExtDefaultImpl,autoAssignDefaultImpl,subjectNameDefaultImpl,validityDefaultImpl,randomizedValidityDefaultImpl,caValidityDefaultImpl,subjectKeyIdentifierExtDefaultImpl,authorityKeyIdentifierExtDefaultImpl,basicConstraintsExtDefaultImpl,keyUsageExtDefaultImpl,nsCertTypeExtDefaultImpl,extendedKeyUsageExtDefaultImpl,ocspNoCheckExtDefaultImpl,issuerAltNameExtDefaultImpl,subjectAltNameExtDefaultImpl,userSubjectNameDefaultImpl,signingAlgDefaultImpl,userKeyDefaultImpl,userValidityDefaultImpl,userExtensionDefaultImpl,userSigningAlgDefaultImpl,authTokenSubjectNameDefaultImpl,subjectInfoAccessExtDefaultImpl,authInfoAccessExtDefaultImpl,nscCommentExtDefaultImpl,freshestCRLExtDefaultImpl,crlDistributionPointsExtDefaultImpl,policyConstraintsExtDefaultImpl,policyMappingsExtDefaultImpl,nameConstraintsExtDefaultImpl,certificateVersionDefaultImpl,certificatePoliciesExtDefaultImpl,subjectDirAttributesExtDefaultImpl,privateKeyPeriodExtDefaultImpl,inhibitAnyPolicyExtDefaultImpl,imageDefaultImpl,nsTokenDeviceKeySubjectNameDefaultImpl,nsTokenUserKeySubjectNameDefaultImpl,authzRealmDefaultImpl defaultPolicy.autoAssignDefaultImpl.class=com.netscape.cms.profile.def.AutoAssignDefault defaultPolicy.autoAssignDefaultImpl.desc=Auto Request Assignment Default defaultPolicy.autoAssignDefaultImpl.name=Auto Request Assignment Default @@ -76,6 +79,9 @@ defaultPolicy.userSigningAlgDefaultImpl.name=User Supplied Signing Alg Default defaultPolicy.signingAlgDefaultImpl.class=com.netscape.cms.profile.def.SigningAlgDefault defaultPolicy.signingAlgDefaultImpl.desc=Signing Algorithm Default defaultPolicy.signingAlgDefaultImpl.name=Signing Algorithm Default +defaultPolicy.authzRealmDefaultImpl.class=com.netscape.cms.profile.def.AuthzRealmDefault +defaultPolicy.authzRealmDefaultImpl.desc=Authz Realm Default +defaultPolicy.authzRealmDefaultImpl.name=Authz Realm Default defaultPolicy.authorityKeyIdentifierExtDefaultImpl.class=com.netscape.cms.profile.def.AuthorityKeyIdentifierExtDefault defaultPolicy.authorityKeyIdentifierExtDefaultImpl.desc=Authority Key Identifier Extension Default defaultPolicy.authorityKeyIdentifierExtDefaultImpl.name=Authority Key Identifier Extension Default |