diff options
author | Endi Sukma Dewata <edewata@redhat.com> | 2012-03-24 02:27:47 -0500 |
---|---|---|
committer | Endi Sukma Dewata <edewata@redhat.com> | 2012-03-26 11:43:54 -0500 |
commit | 621d9e5c413e561293d7484b93882d985b3fe15f (patch) | |
tree | 638f3d75761c121d9a8fb50b52a12a6686c5ac5c /base/common/src/com/netscape/cms/crl | |
parent | 40d3643b8d91886bf210aa27f711731c81a11e49 (diff) | |
download | pki-621d9e5c413e561293d7484b93882d985b3fe15f.tar.gz pki-621d9e5c413e561293d7484b93882d985b3fe15f.tar.xz pki-621d9e5c413e561293d7484b93882d985b3fe15f.zip |
Removed unnecessary pki folder.
Previously the source code was located inside a pki folder.
This folder was created during svn migration and is no longer
needed. This folder has now been removed and the contents have
been moved up one level.
Ticket #131
Diffstat (limited to 'base/common/src/com/netscape/cms/crl')
11 files changed, 2059 insertions, 0 deletions
diff --git a/base/common/src/com/netscape/cms/crl/CMSAuthInfoAccessExtension.java b/base/common/src/com/netscape/cms/crl/CMSAuthInfoAccessExtension.java new file mode 100644 index 000000000..d4cef0148 --- /dev/null +++ b/base/common/src/com/netscape/cms/crl/CMSAuthInfoAccessExtension.java @@ -0,0 +1,259 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.cms.crl; + +import java.io.IOException; +import java.util.Locale; + +import netscape.security.extensions.AuthInfoAccessExtension; +import netscape.security.util.ObjectIdentifier; +import netscape.security.x509.Extension; +import netscape.security.x509.GeneralName; +import netscape.security.x509.URIName; +import netscape.security.x509.X500Name; + +import com.netscape.certsrv.apps.CMS; +import com.netscape.certsrv.base.EBaseException; +import com.netscape.certsrv.base.EPropertyNotFound; +import com.netscape.certsrv.base.IConfigStore; +import com.netscape.certsrv.base.IExtendedPluginInfo; +import com.netscape.certsrv.ca.ICMSCRLExtension; +import com.netscape.certsrv.common.NameValuePairs; +import com.netscape.certsrv.logging.ILogger; + +/** + * This represents a Authority Information Access CRL extension. + * + * @version $Revision$, $Date$ + */ +public class CMSAuthInfoAccessExtension + implements ICMSCRLExtension, IExtendedPluginInfo { + public static final String PROP_NUM_ADS = "numberOfAccessDescriptions"; + public static final String PROP_ACCESS_METHOD = "accessMethod"; + public static final String PROP_ACCESS_LOCATION_TYPE = "accessLocationType"; + public static final String PROP_ACCESS_LOCATION = "accessLocation"; + + private static final String PROP_ACCESS_METHOD_OCSP = "ocsp"; + private static final String PROP_ACCESS_METHOD_CAISSUERS = "caIssuers"; + private static final String PROP_DIRNAME = "DirectoryName"; + private static final String PROP_URINAME = "URI"; + + private ILogger mLogger = CMS.getLogger(); + + public CMSAuthInfoAccessExtension() { + } + + public Extension setCRLExtensionCriticality(Extension ext, + boolean critical) { + AuthInfoAccessExtension authInfoAccessExt = (AuthInfoAccessExtension) ext; + + authInfoAccessExt.setCritical(critical); + + return authInfoAccessExt; + } + + public Extension getCRLExtension(IConfigStore config, Object ip, + boolean critical) { + AuthInfoAccessExtension authInfoAccessExt = new AuthInfoAccessExtension(critical); + + int numberOfAccessDescriptions = 0; + + try { + numberOfAccessDescriptions = config.getInteger(PROP_NUM_ADS, 0); + } catch (EBaseException e) { + log(ILogger.LL_FAILURE, CMS.getLogMessage("CRL_CREATE_AIA_INVALID_NUM_ADS", e.toString())); + } + + if (numberOfAccessDescriptions > 0) { + + for (int i = 0; i < numberOfAccessDescriptions; i++) { + String accessMethod = null; + String accessLocationType = null; + String accessLocation = null; + ObjectIdentifier method = AuthInfoAccessExtension.METHOD_CA_ISSUERS; + + try { + accessMethod = config.getString(PROP_ACCESS_METHOD + i); + } catch (EPropertyNotFound e) { + log(ILogger.LL_FAILURE, CMS.getLogMessage("CRL_CREATE_AIA_AD_AM_UNDEFINED", e.toString())); + } catch (EBaseException e) { + log(ILogger.LL_FAILURE, CMS.getLogMessage("CRL_CREATE_AIA_AD_AM_INVALID", e.toString())); + } + + if (accessMethod != null && accessMethod.equals(PROP_ACCESS_METHOD_OCSP)) { + method = AuthInfoAccessExtension.METHOD_OCSP; + } + + try { + accessLocationType = config.getString(PROP_ACCESS_LOCATION_TYPE + i); + } catch (EPropertyNotFound e) { + log(ILogger.LL_FAILURE, CMS.getLogMessage("CRL_CREATE_AIA_AD_ALT_UNDEFINED", e.toString())); + } catch (EBaseException e) { + log(ILogger.LL_FAILURE, CMS.getLogMessage("CRL_CREATE_AIA_AD_ALT_INVALID", e.toString())); + } + + try { + accessLocation = config.getString(PROP_ACCESS_LOCATION + i); + } catch (EPropertyNotFound e) { + log(ILogger.LL_FAILURE, CMS.getLogMessage("CRL_CREATE_DIST_POINT_UNDEFINED", e.toString())); + } catch (EBaseException e) { + log(ILogger.LL_FAILURE, CMS.getLogMessage("CRL_CREATE_DIST_POINT_INVALID", e.toString())); + } + + if (accessLocationType != null && accessLocation != null && accessLocation.length() > 0) { + if (accessLocationType.equalsIgnoreCase(PROP_DIRNAME)) { + try { + X500Name dirName = new X500Name(accessLocation); + authInfoAccessExt.addAccessDescription(method, new GeneralName(dirName)); + } catch (IOException e) { + log(ILogger.LL_FAILURE, CMS.getLogMessage("CRL_CREATE_INVALID_500NAME", e.toString())); + } + } else if (accessLocationType.equalsIgnoreCase(PROP_URINAME)) { + URIName uriName = new URIName(accessLocation); + authInfoAccessExt.addAccessDescription(method, new GeneralName(uriName)); + } else { + log(ILogger.LL_FAILURE, CMS.getLogMessage("CRL_INVALID_POTINT_TYPE", accessLocation)); + } + } else { + accessLocationType = PROP_URINAME; + String hostname = CMS.getEENonSSLHost(); + String port = CMS.getEENonSSLPort(); + if (hostname != null && port != null) { + accessLocation = "http://" + hostname + ":" + port + "/ca/ee/ca/getCAChain?op=downloadBIN"; + } + URIName uriName = new URIName(accessLocation); + authInfoAccessExt.addAccessDescription(AuthInfoAccessExtension.METHOD_CA_ISSUERS, new GeneralName( + uriName)); + } + } + } + + return authInfoAccessExt; + } + + public String getCRLExtOID() { + return AuthInfoAccessExtension.ID.toString(); + } + + public void getConfigParams(IConfigStore config, NameValuePairs nvp) { + + int numberOfAccessDescriptions = 0; + + try { + numberOfAccessDescriptions = config.getInteger(PROP_NUM_ADS, 0); + } catch (EBaseException e) { + log(ILogger.LL_FAILURE, CMS.getLogMessage("CRL_CREATE_AIA_INVALID_NUM_ADS", e.toString())); + } + nvp.put(PROP_NUM_ADS, String.valueOf(numberOfAccessDescriptions)); + + for (int i = 0; i < numberOfAccessDescriptions; i++) { + String accessMethod = null; + String accessLocationType = null; + String accessLocation = null; + + try { + accessMethod = config.getString(PROP_ACCESS_METHOD + i); + } catch (EPropertyNotFound e) { + log(ILogger.LL_FAILURE, CMS.getLogMessage("CRL_CREATE_AIA_AD_AM_UNDEFINED", e.toString())); + } catch (EBaseException e) { + log(ILogger.LL_FAILURE, CMS.getLogMessage("CRL_CREATE_AIA_AD_AM_INVALID", e.toString())); + } + + if (accessMethod != null && accessMethod.length() > 0) { + nvp.put(PROP_ACCESS_METHOD + i, accessMethod); + } else { + nvp.put(PROP_ACCESS_METHOD + i, PROP_ACCESS_METHOD_CAISSUERS); + } + + try { + accessLocationType = config.getString(PROP_ACCESS_LOCATION_TYPE + i); + } catch (EPropertyNotFound e) { + log(ILogger.LL_FAILURE, CMS.getLogMessage("CRL_CREATE_AIA_AD_ALT_UNDEFINED", e.toString())); + } catch (EBaseException e) { + log(ILogger.LL_FAILURE, CMS.getLogMessage("CRL_CREATE_AIA_AD_ALT_INVALID", e.toString())); + } + + if (accessLocationType != null && accessLocationType.length() > 0) { + nvp.put(PROP_ACCESS_LOCATION_TYPE + i, accessLocationType); + } else { + nvp.put(PROP_ACCESS_LOCATION_TYPE + i, PROP_URINAME); + } + + try { + accessLocation = config.getString(PROP_ACCESS_LOCATION + i); + } catch (EPropertyNotFound e) { + log(ILogger.LL_FAILURE, CMS.getLogMessage("CRL_CREATE_AIA_AD_AL_UNDEFINED", e.toString())); + } catch (EBaseException e) { + log(ILogger.LL_FAILURE, CMS.getLogMessage("CRL_CREATE_AIA_AD_AL_INVALID", e.toString())); + } + + if (accessLocation != null && accessLocation.length() > 0) { + nvp.put(PROP_ACCESS_LOCATION + i, accessLocation); + } else { + String hostname = CMS.getEENonSSLHost(); + String port = CMS.getEENonSSLPort(); + if (hostname != null && port != null) { + accessLocation = "http://" + hostname + ":" + port + "/ca/ee/ca/getCAChain?op=downloadBIN"; + } + nvp.put(PROP_ACCESS_LOCATION + i, accessLocation); + } + } + } + + public String[] getExtendedPluginInfo(Locale locale) { + String[] params = { + "enable;boolean;Check to enable Authority Information Access extension.", + "critical;boolean;Set criticality for Authority Information Access extension.", + PROP_NUM_ADS + ";number;Set number of Access Descriptions.", + PROP_ACCESS_METHOD + "0;choice(" + PROP_ACCESS_METHOD_CAISSUERS + "," + + PROP_ACCESS_METHOD_OCSP + ");Select access description method.", + PROP_ACCESS_LOCATION_TYPE + "0;choice(" + PROP_URINAME + "," + + PROP_DIRNAME + ");Select access location type.", + PROP_ACCESS_LOCATION + "0;string;Enter access location " + + "corresponding to the selected access location type.", + IExtendedPluginInfo.HELP_TOKEN + + ";configuration-ca-edit-crlextension-authorityinformationaccess", + PROP_ACCESS_METHOD + "1;choice(" + PROP_ACCESS_METHOD_CAISSUERS + "," + + PROP_ACCESS_METHOD_OCSP + ");Select access description method.", + PROP_ACCESS_LOCATION_TYPE + "1;choice(" + PROP_URINAME + "," + + PROP_DIRNAME + ");Select access location type.", + PROP_ACCESS_LOCATION + "1;string;Enter access location " + + "corresponding to the selected access location type.", + IExtendedPluginInfo.HELP_TOKEN + + ";configuration-ca-edit-crlextension-authorityinformationaccess", + PROP_ACCESS_METHOD + "2;choice(" + PROP_ACCESS_METHOD_CAISSUERS + "," + + PROP_ACCESS_METHOD_OCSP + ");Select access description method.", + PROP_ACCESS_LOCATION_TYPE + "2;choice(" + PROP_URINAME + "," + + PROP_DIRNAME + ");Select access location type.", + PROP_ACCESS_LOCATION + "2;string;Enter access location " + + "corresponding to the selected access location type.", + IExtendedPluginInfo.HELP_TOKEN + + ";configuration-ca-edit-crlextension-authorityinformationaccess", + IExtendedPluginInfo.HELP_TEXT + + ";The Freshest CRL is a non critical CRL extension " + + "that identifies the delta CRL distribution points for a particular CRL." + }; + + return params; + } + + private void log(int level, String msg) { + mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_CA, level, + "CMSAuthInfoAccessExtension - " + msg); + } +} diff --git a/base/common/src/com/netscape/cms/crl/CMSAuthorityKeyIdentifierExtension.java b/base/common/src/com/netscape/cms/crl/CMSAuthorityKeyIdentifierExtension.java new file mode 100644 index 000000000..26c8c1d0e --- /dev/null +++ b/base/common/src/com/netscape/cms/crl/CMSAuthorityKeyIdentifierExtension.java @@ -0,0 +1,165 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.cms.crl; + +import java.io.IOException; +import java.security.cert.CertificateException; +import java.security.cert.CertificateParsingException; +import java.util.Locale; + +import netscape.security.x509.AuthorityKeyIdentifierExtension; +import netscape.security.x509.CertificateExtensions; +import netscape.security.x509.Extension; +import netscape.security.x509.GeneralNames; +import netscape.security.x509.KeyIdentifier; +import netscape.security.x509.PKIXExtensions; +import netscape.security.x509.SerialNumber; +import netscape.security.x509.SubjectKeyIdentifierExtension; +import netscape.security.x509.X509CertImpl; +import netscape.security.x509.X509CertInfo; + +import com.netscape.certsrv.apps.CMS; +import com.netscape.certsrv.base.IConfigStore; +import com.netscape.certsrv.base.IExtendedPluginInfo; +import com.netscape.certsrv.ca.ICMSCRLExtension; +import com.netscape.certsrv.ca.ICRLIssuingPoint; +import com.netscape.certsrv.ca.ICertificateAuthority; +import com.netscape.certsrv.common.NameValuePairs; +import com.netscape.certsrv.logging.ILogger; + +/** + * This represents an authority key identifier extension. + * + * @version $Revision$, $Date$ + */ +public class CMSAuthorityKeyIdentifierExtension + implements ICMSCRLExtension, IExtendedPluginInfo { + private ILogger mLogger = CMS.getLogger(); + + public CMSAuthorityKeyIdentifierExtension() { + } + + public Extension setCRLExtensionCriticality(Extension ext, + boolean critical) { + AuthorityKeyIdentifierExtension authKeyIdExt = null; + KeyIdentifier keyId = null; + GeneralNames names = null; + SerialNumber sn = null; + + try { + keyId = (KeyIdentifier) ((AuthorityKeyIdentifierExtension) ext).get( + AuthorityKeyIdentifierExtension.KEY_ID); + names = (GeneralNames) ((AuthorityKeyIdentifierExtension) ext).get( + AuthorityKeyIdentifierExtension.AUTH_NAME); + sn = (SerialNumber) ((AuthorityKeyIdentifierExtension) ext).get( + AuthorityKeyIdentifierExtension.SERIAL_NUMBER); + authKeyIdExt = new AuthorityKeyIdentifierExtension(critical, keyId, names, sn); + } catch (IOException e) { + log(ILogger.LL_FAILURE, CMS.getLogMessage("CRL_CREATE_AKI_EXT", e.toString())); + } + return authKeyIdExt; + } + + public Extension getCRLExtension(IConfigStore config, + Object ip, + boolean critical) { + AuthorityKeyIdentifierExtension authKeyIdExt = null; + ICRLIssuingPoint crlIssuingPoint = (ICRLIssuingPoint) ip; + + try { + KeyIdentifier keyId = null; + + try { + X509CertInfo info = (X509CertInfo) + ((ICertificateAuthority) crlIssuingPoint.getCertificateAuthority()).getCACert().get( + X509CertImpl.NAME + "." + X509CertImpl.INFO); + + if (info != null) { + CertificateExtensions caCertExtensions = (CertificateExtensions) + info.get(X509CertInfo.EXTENSIONS); + + if (caCertExtensions != null) { + for (int i = 0; i < caCertExtensions.size(); i++) { + Extension caCertExt = (Extension) caCertExtensions.elementAt(i); + + if (caCertExt instanceof SubjectKeyIdentifierExtension) { + SubjectKeyIdentifierExtension id = + (SubjectKeyIdentifierExtension) caCertExt; + + keyId = (KeyIdentifier) + id.get(SubjectKeyIdentifierExtension.KEY_ID); + } + } + } + } + + } catch (CertificateParsingException e) { + log(ILogger.LL_FAILURE, CMS.getLogMessage("CRL_CERT_PARSING_ERROR", e.toString())); + } catch (CertificateException e) { + log(ILogger.LL_FAILURE, CMS.getLogMessage("CRL_CERT_CERT_EXCEPTION", e.toString())); + } + + if (keyId != null) { + authKeyIdExt = new AuthorityKeyIdentifierExtension(critical, keyId, null, null); + } else { + GeneralNames gNames = new GeneralNames(); + + gNames.addElement(((ICertificateAuthority) crlIssuingPoint.getCertificateAuthority()).getX500Name()); + + authKeyIdExt = + new AuthorityKeyIdentifierExtension(critical, null, gNames, + new SerialNumber(((ICertificateAuthority) crlIssuingPoint.getCertificateAuthority()) + .getCACert().getSerialNumber())); + } + + } catch (IOException e) { + log(ILogger.LL_FAILURE, CMS.getLogMessage("CRL_CREATE_AKI_EXT", e.toString())); + } + + return authKeyIdExt; + } + + public String getCRLExtOID() { + return PKIXExtensions.AuthorityKey_Id.toString(); + } + + public void getConfigParams(IConfigStore config, NameValuePairs nvp) { + } + + public String[] getExtendedPluginInfo(Locale locale) { + String[] params = { + //"type;choice(CRLExtension,CRLEntryExtension);CRL Extension Type. "+ + //"This field is not editable.", + "enable;boolean;Check to enable Authority Key Identifier CRL extension.", + "critical;boolean;Set criticality for Authority Key Identifier CRL extension.", + IExtendedPluginInfo.HELP_TOKEN + + ";configuration-ca-edit-crlextension-authoritykeyidentifier", + IExtendedPluginInfo.HELP_TEXT + + ";The authority key identifier extension provides a means " + + "of identifying the public key corresponding to the private " + + "key used to sign a CRL." + }; + + return params; + } + + private void log(int level, String msg) { + mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_CA, level, + "CMSAuthorityKeyIdentifierExtension - " + msg); + } +} diff --git a/base/common/src/com/netscape/cms/crl/CMSCRLNumberExtension.java b/base/common/src/com/netscape/cms/crl/CMSCRLNumberExtension.java new file mode 100644 index 000000000..e7f4e7b3f --- /dev/null +++ b/base/common/src/com/netscape/cms/crl/CMSCRLNumberExtension.java @@ -0,0 +1,107 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.cms.crl; + +import java.io.IOException; +import java.math.BigInteger; +import java.util.Locale; + +import netscape.security.x509.CRLNumberExtension; +import netscape.security.x509.Extension; +import netscape.security.x509.PKIXExtensions; + +import com.netscape.certsrv.apps.CMS; +import com.netscape.certsrv.base.IConfigStore; +import com.netscape.certsrv.base.IExtendedPluginInfo; +import com.netscape.certsrv.ca.ICMSCRLExtension; +import com.netscape.certsrv.ca.ICRLIssuingPoint; +import com.netscape.certsrv.common.NameValuePairs; +import com.netscape.certsrv.logging.ILogger; + +/** + * This represents a CRL number extension. + * + * @version $Revision$, $Date$ + */ +public class CMSCRLNumberExtension + implements ICMSCRLExtension, IExtendedPluginInfo { + private ILogger mLogger = CMS.getLogger(); + + public CMSCRLNumberExtension() { + } + + public Extension setCRLExtensionCriticality(Extension ext, + boolean critical) { + BigInteger crlNumber = null; + CRLNumberExtension crlNumberExt = null; + + try { + crlNumber = (BigInteger) + ((CRLNumberExtension) ext).get(CRLNumberExtension.NUMBER); + crlNumberExt = new CRLNumberExtension(Boolean.valueOf(critical), + crlNumber); + } catch (IOException e) { + log(ILogger.LL_FAILURE, CMS.getLogMessage("CRL_CREATE_CRL_NUMBER_EXT", e.toString())); + } + return crlNumberExt; + } + + public Extension getCRLExtension(IConfigStore config, + Object ip, + boolean critical) { + CRLNumberExtension crlNumberExt = null; + ICRLIssuingPoint crlIssuingPoint = (ICRLIssuingPoint) ip; + + try { + crlNumberExt = new CRLNumberExtension(Boolean.valueOf(critical), + crlIssuingPoint.getNextCRLNumber()); + } catch (IOException e) { + log(ILogger.LL_FAILURE, CMS.getLogMessage("CRL_CREATE_CRL_NUMBER_EXT", e.toString())); + } + return crlNumberExt; + } + + public String getCRLExtOID() { + return PKIXExtensions.CRLNumber_Id.toString(); + } + + public void getConfigParams(IConfigStore config, NameValuePairs nvp) { + } + + public String[] getExtendedPluginInfo(Locale locale) { + String[] params = { + //"type;choice(CRLExtension,CRLEntryExtension);"+ + //"CRL Extension type. This field is not editable.", + "enable;boolean;Check to enable CRL Number extension.", + "critical;boolean;Set criticality for CRL Number extension.", + IExtendedPluginInfo.HELP_TOKEN + + ";configuration-ca-edit-crlextension-crlnumber", + IExtendedPluginInfo.HELP_TEXT + + ";The CRL number is a non-critical CRL extension " + + "which conveys a monotonically increasing sequence number " + + "for each CRL issued by a CA" + }; + + return params; + } + + private void log(int level, String msg) { + mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_CA, level, + "CMSCRLNumberExtension - " + msg); + } +} diff --git a/base/common/src/com/netscape/cms/crl/CMSCRLReasonExtension.java b/base/common/src/com/netscape/cms/crl/CMSCRLReasonExtension.java new file mode 100644 index 000000000..6ed993d54 --- /dev/null +++ b/base/common/src/com/netscape/cms/crl/CMSCRLReasonExtension.java @@ -0,0 +1,96 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.cms.crl; + +import java.io.IOException; +import java.util.Locale; + +import netscape.security.x509.CRLReasonExtension; +import netscape.security.x509.Extension; +import netscape.security.x509.PKIXExtensions; +import netscape.security.x509.RevocationReason; + +import com.netscape.certsrv.apps.CMS; +import com.netscape.certsrv.base.IConfigStore; +import com.netscape.certsrv.base.IExtendedPluginInfo; +import com.netscape.certsrv.ca.ICMSCRLExtension; +import com.netscape.certsrv.common.NameValuePairs; +import com.netscape.certsrv.logging.ILogger; + +/** + * This represents a CRL reason extension. + * + * @version $Revision$, $Date$ + */ +public class CMSCRLReasonExtension + implements ICMSCRLExtension, IExtendedPluginInfo { + private ILogger mLogger = CMS.getLogger(); + + public CMSCRLReasonExtension() { + } + + public Extension setCRLExtensionCriticality(Extension ext, + boolean critical) { + RevocationReason reason = null; + CRLReasonExtension crlReasonExt = null; + + try { + reason = (RevocationReason) ((CRLReasonExtension) ext).get(CRLReasonExtension.REASON); + crlReasonExt = new CRLReasonExtension(Boolean.valueOf(critical), reason); + } catch (IOException e) { + log(ILogger.LL_FAILURE, CMS.getLogMessage("CRL_CREATE_CRL_REASON_EXT", e.toString())); + } + return crlReasonExt; + } + + public Extension getCRLExtension(IConfigStore config, + Object crlIssuingPoint, + boolean critical) { + CRLReasonExtension crlReasonExt = null; + + return crlReasonExt; + } + + public String getCRLExtOID() { + return PKIXExtensions.ReasonCode_Id.toString(); + } + + public void getConfigParams(IConfigStore config, NameValuePairs nvp) { + } + + public String[] getExtendedPluginInfo(Locale locale) { + String[] params = { + //"type;choice(CRLExtension,CRLEntryExtension);"+ + //"CRL Entry Extension type. This field is not editable.", + "enable;boolean;Check to enable reason code CRL entry extension.", + "critical;boolean;Set criticality for reason code CRL entry extension.", + IExtendedPluginInfo.HELP_TOKEN + + ";configuration-ca-edit-crlextension-crlreason", + IExtendedPluginInfo.HELP_TEXT + + ";The CRL reason code is a non-critical CRL entry extension " + + "that identifies the reason for the certificate revocation." + }; + + return params; + } + + private void log(int level, String msg) { + mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_CA, level, + "CMSCRLReasonExtension - " + msg); + } +} diff --git a/base/common/src/com/netscape/cms/crl/CMSCertificateIssuerExtension.java b/base/common/src/com/netscape/cms/crl/CMSCertificateIssuerExtension.java new file mode 100644 index 000000000..b0bf20856 --- /dev/null +++ b/base/common/src/com/netscape/cms/crl/CMSCertificateIssuerExtension.java @@ -0,0 +1,224 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.cms.crl; + +import java.io.IOException; +import java.util.Locale; + +import netscape.security.x509.CertificateIssuerExtension; +import netscape.security.x509.Extension; +import netscape.security.x509.GeneralNames; +import netscape.security.x509.PKIXExtensions; +import netscape.security.x509.URIName; +import netscape.security.x509.X500Name; + +import com.netscape.certsrv.apps.CMS; +import com.netscape.certsrv.base.EBaseException; +import com.netscape.certsrv.base.EPropertyNotFound; +import com.netscape.certsrv.base.IConfigStore; +import com.netscape.certsrv.base.IExtendedPluginInfo; +import com.netscape.certsrv.ca.ICMSCRLExtension; +import com.netscape.certsrv.common.NameValuePairs; +import com.netscape.certsrv.logging.ILogger; + +/** + * This represents a certificate issuer extension. + * + * @version $Revision$, $Date$ + */ +public class CMSCertificateIssuerExtension + implements ICMSCRLExtension, IExtendedPluginInfo { + private ILogger mLogger = CMS.getLogger(); + + public CMSCertificateIssuerExtension() { + } + + public Extension setCRLExtensionCriticality(Extension ext, + boolean critical) { + CertificateIssuerExtension certIssuerExt = null; + GeneralNames names = null; + + try { + names = (GeneralNames) ((CertificateIssuerExtension) ext).get( + CertificateIssuerExtension.CERTIFICATE_ISSUER); + certIssuerExt = new CertificateIssuerExtension(Boolean.valueOf(critical), + names); + } catch (IOException e) { + log(ILogger.LL_FAILURE, CMS.getLogMessage("CRL_CREATE_CERT_ISSUER_EXT", e.toString())); + } + return certIssuerExt; + } + + public Extension getCRLExtension(IConfigStore config, + Object ip, + boolean critical) { + CertificateIssuerExtension certIssuerExt = null; + int numNames = 0; + + try { + numNames = config.getInteger("numNames", 0); + } catch (EBaseException e) { + log(ILogger.LL_FAILURE, CMS.getLogMessage("CRL_CREATE_INVALID_NUM_NAMES", e.toString())); + } + if (numNames > 0) { + GeneralNames names = new GeneralNames(); + + for (int i = 0; i < numNames; i++) { + String nameType = null; + + try { + nameType = config.getString("nameType" + i); + } catch (EPropertyNotFound e) { + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CRL_CREATE_UNDEFINED_TYPE", Integer.toString(i), e.toString())); + } catch (EBaseException e) { + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CRL_CREATE_INVALID_TYPE", Integer.toString(i), e.toString())); + } + + if (nameType != null) { + String name = null; + + try { + name = config.getString("name" + i); + } catch (EPropertyNotFound e) { + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CRL_CREATE_UNDEFINED_TYPE", Integer.toString(i), e.toString())); + } catch (EBaseException e) { + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CRL_CREATE_INVALID_TYPE", Integer.toString(i), e.toString())); + } + + if (name != null && name.length() > 0) { + if (nameType.equalsIgnoreCase("DirectoryName")) { + try { + X500Name dirName = new X500Name(name); + + names.addElement(dirName); + } catch (IOException e) { + log(ILogger.LL_FAILURE, CMS.getLogMessage("CRL_CREATE_INVALID_500NAME", e.toString())); + } + } else if (nameType.equalsIgnoreCase("URI")) { + URIName uriName = new URIName(name); + + names.addElement(uriName); + } else { + log(ILogger.LL_FAILURE, CMS.getLogMessage("CRL_CREATE_INVALID_NAME_TYPE", nameType)); + } + } + } + } + + if (names.size() > 0) { + try { + certIssuerExt = new CertificateIssuerExtension( + Boolean.valueOf(critical), names); + } catch (IOException e) { + log(ILogger.LL_FAILURE, CMS.getLogMessage("CRL_CREATE_CERT_ISSUER_EXT", e.toString())); + } + } + } + + return certIssuerExt; + } + + public String getCRLExtOID() { + return PKIXExtensions.CertificateIssuer_Id.toString(); + } + + public void getConfigParams(IConfigStore config, NameValuePairs nvp) { + int numNames = 0; + + try { + numNames = config.getInteger("numNames", 0); + } catch (EBaseException e) { + log(ILogger.LL_FAILURE, CMS.getLogMessage("CRL_CREATE_INVALID_NUM_NAMES", e.toString())); + } + nvp.put("numNames", String.valueOf(numNames)); + + for (int i = 0; i < numNames; i++) { + String nameType = null; + + try { + nameType = config.getString("nameType" + i); + } catch (EPropertyNotFound e) { + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CRL_CREATE_UNDEFINED_TYPE", Integer.toString(i), e.toString())); + } catch (EBaseException e) { + log(ILogger.LL_FAILURE, CMS.getLogMessage("CRL_CREATE_INVALID_TYPE", Integer.toString(i), e.toString())); + } + + if (nameType != null && nameType.length() > 0) { + nvp.put("nameType" + i, nameType); + } else { + nvp.put("nameType" + i, ""); + } + + String name = null; + + try { + name = config.getString("name" + i); + } catch (EPropertyNotFound e) { + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CRL_CREATE_UNDEFINED_TYPE", Integer.toString(i), e.toString())); + } catch (EBaseException e) { + log(ILogger.LL_FAILURE, CMS.getLogMessage("CRL_CREATE_INVALID_TYPE", Integer.toString(i), e.toString())); + } + + if (name != null && name.length() > 0) { + nvp.put("name" + i, name); + } else { + nvp.put("name" + i, ""); + } + } + + if (numNames < 3) { + for (int i = numNames; i < 3; i++) { + nvp.put("nameType" + i, ""); + nvp.put("name" + i, ""); + } + } + } + + public String[] getExtendedPluginInfo(Locale locale) { + String[] params = { + //"type;choice(CRLExtension,CRLEntryExtension);CRL Entry Extension type."+ + //" This field is not editable.", + "enable;boolean;Check to enable Certificate Issuer CRL entry extension.", + "critical;boolean;Set criticality for Certificate Issuer CRL entry extension.", + "numNames;number;Set number of certificate issuer names for the CRL entry.", + "nameType0;choice(DirectoryName,URI);Select Certificate Issuer name type.", + "name0;string;Enter Certificate Issuer name corresponding to the selected name type.", + "nameType1;choice(DirectoryName,URI);Select Certificate Issuer name type.", + "name1;string;Enter Certificate Issuer name corresponding to the selected name type.", + "nameType2;choice(DirectoryName,URI);Select Certificate Issuer name type.", + "name2;string;Enter Certificate Issuer name corresponding to the selected name type.", + IExtendedPluginInfo.HELP_TOKEN + + ";configuration-ca-edit-crlextension-certificateissuer", + IExtendedPluginInfo.HELP_TEXT + + ";This CRL entry extension identifies the certificate issuer" + + " associated with an entry in an indirect CRL." + }; + + return params; + } + + private void log(int level, String msg) { + mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_CA, level, msg); + } +} diff --git a/base/common/src/com/netscape/cms/crl/CMSDeltaCRLIndicatorExtension.java b/base/common/src/com/netscape/cms/crl/CMSDeltaCRLIndicatorExtension.java new file mode 100644 index 000000000..8672502ab --- /dev/null +++ b/base/common/src/com/netscape/cms/crl/CMSDeltaCRLIndicatorExtension.java @@ -0,0 +1,108 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.cms.crl; + +import java.io.IOException; +import java.math.BigInteger; +import java.util.Locale; + +import netscape.security.x509.DeltaCRLIndicatorExtension; +import netscape.security.x509.Extension; +import netscape.security.x509.PKIXExtensions; + +import com.netscape.certsrv.apps.CMS; +import com.netscape.certsrv.base.IConfigStore; +import com.netscape.certsrv.base.IExtendedPluginInfo; +import com.netscape.certsrv.ca.ICMSCRLExtension; +import com.netscape.certsrv.ca.ICRLIssuingPoint; +import com.netscape.certsrv.common.NameValuePairs; +import com.netscape.certsrv.logging.ILogger; + +/** + * This represents a delta CRL indicator extension. + * + * @version $Revision$, $Date$ + */ +public class CMSDeltaCRLIndicatorExtension + implements ICMSCRLExtension, IExtendedPluginInfo { + private ILogger mLogger = CMS.getLogger(); + + public CMSDeltaCRLIndicatorExtension() { + } + + public Extension setCRLExtensionCriticality(Extension ext, + boolean critical) { + BigInteger baseCRLNumber = null; + DeltaCRLIndicatorExtension deltaCRLIndicatorExt = null; + + try { + baseCRLNumber = (BigInteger) + ((DeltaCRLIndicatorExtension) ext).get(DeltaCRLIndicatorExtension.NUMBER); + deltaCRLIndicatorExt = new DeltaCRLIndicatorExtension( + Boolean.valueOf(critical), + baseCRLNumber); + } catch (IOException e) { + log(ILogger.LL_FAILURE, CMS.getLogMessage("CRL_CREATE_DELTA_CRL_EXT", e.toString())); + } + return deltaCRLIndicatorExt; + } + + public Extension getCRLExtension(IConfigStore config, + Object ip, + boolean critical) { + DeltaCRLIndicatorExtension deltaCRLIndicatorExt = null; + ICRLIssuingPoint crlIssuingPoint = (ICRLIssuingPoint) ip; + + try { + deltaCRLIndicatorExt = new DeltaCRLIndicatorExtension( + Boolean.valueOf(critical), + crlIssuingPoint.getCRLNumber()); + } catch (IOException e) { + log(ILogger.LL_FAILURE, CMS.getLogMessage("CRL_CREATE_DELTA_CRL_EXT", e.toString())); + } + return deltaCRLIndicatorExt; + } + + public String getCRLExtOID() { + return PKIXExtensions.DeltaCRLIndicator_Id.toString(); + } + + public void getConfigParams(IConfigStore config, NameValuePairs nvp) { + } + + public String[] getExtendedPluginInfo(Locale locale) { + String[] params = { + //"type;choice(CRLExtension,CRLEntryExtension);"+ + //"CRL Extension type. This field is not editable.", + "enable;boolean;Check to enable Delta CRL Indicator extension.", + "critical;boolean;Set criticality for Delta CRL Indicator extension.", + IExtendedPluginInfo.HELP_TOKEN + + ";configuration-ca-edit-crlextension-crlnumber", + IExtendedPluginInfo.HELP_TEXT + + ";The Delta CRL Indicator is a critical CRL extension " + + "which identifies a delta-CRL." + }; + + return params; + } + + private void log(int level, String msg) { + mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_CA, level, + "CMSDeltaCRLIndicatorExtension - " + msg); + } +} diff --git a/base/common/src/com/netscape/cms/crl/CMSFreshestCRLExtension.java b/base/common/src/com/netscape/cms/crl/CMSFreshestCRLExtension.java new file mode 100644 index 000000000..72dbe5502 --- /dev/null +++ b/base/common/src/com/netscape/cms/crl/CMSFreshestCRLExtension.java @@ -0,0 +1,232 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.cms.crl; + +import java.io.IOException; +import java.util.Locale; + +import netscape.security.x509.CRLDistributionPoint; +import netscape.security.x509.Extension; +import netscape.security.x509.FreshestCRLExtension; +import netscape.security.x509.GeneralNames; +import netscape.security.x509.GeneralNamesException; +import netscape.security.x509.PKIXExtensions; +import netscape.security.x509.URIName; +import netscape.security.x509.X500Name; + +import com.netscape.certsrv.apps.CMS; +import com.netscape.certsrv.base.EBaseException; +import com.netscape.certsrv.base.EPropertyNotFound; +import com.netscape.certsrv.base.IConfigStore; +import com.netscape.certsrv.base.IExtendedPluginInfo; +import com.netscape.certsrv.ca.ICMSCRLExtension; +import com.netscape.certsrv.common.NameValuePairs; +import com.netscape.certsrv.logging.ILogger; + +/** + * This represents a freshest CRL extension. + * + * @version $Revision$, $Date$ + */ +public class CMSFreshestCRLExtension + implements ICMSCRLExtension, IExtendedPluginInfo { + public static final String PROP_NUM_POINTS = "numPoints"; + public static final String PROP_POINTTYPE = "pointType"; + public static final String PROP_POINTNAME = "pointName"; + public static final String PROP_DIRNAME = "DirectoryName"; + public static final String PROP_URINAME = "URI"; + + private ILogger mLogger = CMS.getLogger(); + + public CMSFreshestCRLExtension() { + } + + public Extension setCRLExtensionCriticality(Extension ext, + boolean critical) { + FreshestCRLExtension freshestCRLExt = (FreshestCRLExtension) ext; + + freshestCRLExt.setCritical(critical); + + return freshestCRLExt; + } + + public Extension getCRLExtension(IConfigStore config, Object ip, + boolean critical) { + FreshestCRLExtension freshestCRLExt = null; + + int numPoints = 0; + + try { + numPoints = config.getInteger("numPoints", 0); + } catch (EBaseException e) { + log(ILogger.LL_FAILURE, CMS.getLogMessage("CRL_CREATE_ISSUER_INVALID_NUM_NAMES", e.toString())); + } + + if (numPoints > 0) { + + for (int i = 0; i < numPoints; i++) { + CRLDistributionPoint crlDP = new CRLDistributionPoint(); + GeneralNames names = new GeneralNames(); + String pointType = null; + + try { + pointType = config.getString(PROP_POINTTYPE + i); + } catch (EPropertyNotFound e) { + log(ILogger.LL_FAILURE, CMS.getLogMessage("CRL_CREATE_DIST_POINT_UNDEFINED", e.toString())); + } catch (EBaseException e) { + log(ILogger.LL_FAILURE, CMS.getLogMessage("CRL_CREATE_DIST_POINT_INVALID", e.toString())); + } + + if (pointType != null) { + String pointName = null; + + try { + pointName = config.getString(PROP_POINTNAME + i); + } catch (EPropertyNotFound e) { + log(ILogger.LL_FAILURE, CMS.getLogMessage("CRL_CREATE_DIST_POINT_UNDEFINED", e.toString())); + } catch (EBaseException e) { + log(ILogger.LL_FAILURE, CMS.getLogMessage("CRL_CREATE_DIST_POINT_INVALID", e.toString())); + } + + if (pointName != null && pointName.length() > 0) { + if (pointType.equalsIgnoreCase(PROP_DIRNAME)) { + try { + X500Name dirName = new X500Name(pointName); + + names.addElement(dirName); + } catch (IOException e) { + log(ILogger.LL_FAILURE, CMS.getLogMessage("CRL_CREATE_INVALID_500NAME", e.toString())); + } + } else if (pointType.equalsIgnoreCase(PROP_URINAME)) { + URIName uriName = new URIName(pointName); + + names.addElement(uriName); + } else { + log(ILogger.LL_FAILURE, CMS.getLogMessage("CRL_INVALID_POTINT_TYPE", pointType)); + } + } + } + + if (names.size() > 0) { + try { + crlDP.setFullName(names); + } catch (IOException e) { + log(ILogger.LL_FAILURE, CMS.getLogMessage("CRL_CANNOT_SET_NAME", e.toString())); + } catch (GeneralNamesException e) { + log(ILogger.LL_FAILURE, CMS.getLogMessage("CRL_CANNOT_SET_NAME", e.toString())); + } + } + + if (i > 0) { + freshestCRLExt.addPoint(crlDP); + } else { + freshestCRLExt = new FreshestCRLExtension(crlDP); + } + } + } + + return freshestCRLExt; + } + + public String getCRLExtOID() { + return PKIXExtensions.FreshestCRL_Id.toString(); + } + + public void getConfigParams(IConfigStore config, NameValuePairs nvp) { + + int numPoints = 0; + + try { + numPoints = config.getInteger(PROP_NUM_POINTS, 0); + } catch (EBaseException e) { + log(ILogger.LL_FAILURE, "Invalid numPoints property for CRL " + + "Freshest CRL extension - " + e); + } + nvp.put(PROP_NUM_POINTS, String.valueOf(numPoints)); + + for (int i = 0; i < numPoints; i++) { + String pointType = null; + + try { + pointType = config.getString(PROP_POINTTYPE + i); + } catch (EPropertyNotFound e) { + log(ILogger.LL_FAILURE, CMS.getLogMessage("CRL_CREATE_DIST_POINT_UNDEFINED", e.toString())); + } catch (EBaseException e) { + log(ILogger.LL_FAILURE, CMS.getLogMessage("CRL_CREATE_DIST_POINT_INVALID", e.toString())); + } + + if (pointType != null && pointType.length() > 0) { + nvp.put(PROP_POINTTYPE + i, pointType); + } else { + nvp.put(PROP_POINTTYPE + i, ""); + } + + String pointName = null; + + try { + pointName = config.getString(PROP_POINTNAME + i); + } catch (EPropertyNotFound e) { + log(ILogger.LL_FAILURE, CMS.getLogMessage("CRL_CREATE_DIST_POINT_UNDEFINED", e.toString())); + } catch (EBaseException e) { + log(ILogger.LL_FAILURE, CMS.getLogMessage("CRL_CREATE_DIST_POINT_INVALID", e.toString())); + } + + if (pointName != null && pointName.length() > 0) { + nvp.put(PROP_POINTNAME + i, pointName); + } else { + nvp.put(PROP_POINTNAME + i, ""); + } + } + } + + public String[] getExtendedPluginInfo(Locale locale) { + String[] params = { + "enable;boolean;Check to enable Freshest CRL extension.", + "critical;boolean;Set criticality for Freshest CRL extension.", + PROP_NUM_POINTS + ";number;Set number of CRL distribution points.", + PROP_POINTTYPE + "0;choice(" + PROP_DIRNAME + "," + PROP_URINAME + + ");Select CRL distribution point name type.", + PROP_POINTNAME + "0;string;Enter CRL distribution point name " + + "corresponding to the selected point type.", + IExtendedPluginInfo.HELP_TOKEN + + ";configuration-ca-edit-crlextension-issuingdistributionpoint", + PROP_POINTTYPE + "1;choice(" + PROP_DIRNAME + "," + PROP_URINAME + + ");Select CRL distribution point name type.", + PROP_POINTNAME + "1;string;Enter CRL distribution point name " + + "corresponding to the selected point type.", + IExtendedPluginInfo.HELP_TOKEN + + ";configuration-ca-edit-crlextension-issuingdistributionpoint", + PROP_POINTTYPE + "2;choice(" + PROP_DIRNAME + "," + PROP_URINAME + + ");Select CRL distribution point name type.", + PROP_POINTNAME + "2;string;Enter CRL distribution point name " + + "corresponding to the selected point type.", + IExtendedPluginInfo.HELP_TOKEN + + ";configuration-ca-edit-crlextension-issuingdistributionpoint", + IExtendedPluginInfo.HELP_TEXT + + ";The Freshest CRL is a non critical CRL extension " + + "that identifies the delta CRL distribution points for a particular CRL." + }; + + return params; + } + + private void log(int level, String msg) { + mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_CA, level, + "CMSFreshestCRLExtension - " + msg); + } +} diff --git a/base/common/src/com/netscape/cms/crl/CMSHoldInstructionExtension.java b/base/common/src/com/netscape/cms/crl/CMSHoldInstructionExtension.java new file mode 100644 index 000000000..4023e3b2f --- /dev/null +++ b/base/common/src/com/netscape/cms/crl/CMSHoldInstructionExtension.java @@ -0,0 +1,153 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.cms.crl; + +import java.io.IOException; +import java.util.Locale; + +import netscape.security.util.ObjectIdentifier; +import netscape.security.x509.Extension; +import netscape.security.x509.HoldInstructionExtension; +import netscape.security.x509.PKIXExtensions; + +import com.netscape.certsrv.apps.CMS; +import com.netscape.certsrv.base.EBaseException; +import com.netscape.certsrv.base.EPropertyNotFound; +import com.netscape.certsrv.base.IConfigStore; +import com.netscape.certsrv.base.IExtendedPluginInfo; +import com.netscape.certsrv.ca.ICMSCRLExtension; +import com.netscape.certsrv.common.NameValuePairs; +import com.netscape.certsrv.logging.ILogger; + +/** + * This represents a hold instruction extension. + * + * @version $Revision$, $Date$ + */ +public class CMSHoldInstructionExtension + implements ICMSCRLExtension, IExtendedPluginInfo { + public static final String PROP_INSTR = "instruction"; + public static final String PROP_INSTR_NONE = "none"; + public static final String PROP_INSTR_CALLISSUER = "callissuer"; + public static final String PROP_INSTR_REJECT = "reject"; + + private ILogger mLogger = CMS.getLogger(); + + public CMSHoldInstructionExtension() { + } + + public Extension setCRLExtensionCriticality(Extension ext, + boolean critical) { + HoldInstructionExtension holdInstrExt = null; + + try { + ObjectIdentifier holdInstr = + ((HoldInstructionExtension) ext).getHoldInstructionCode(); + + holdInstrExt = new HoldInstructionExtension(Boolean.valueOf(critical), + holdInstr); + } catch (IOException e) { + log(ILogger.LL_FAILURE, CMS.getLogMessage("CRL_CREATE_HOLD_INSTR_EXT", e.toString())); + } + return holdInstrExt; + } + + public Extension getCRLExtension(IConfigStore config, + Object ip, + boolean critical) { + HoldInstructionExtension holdInstrExt = null; + String instruction = null; + + try { + instruction = config.getString(PROP_INSTR); + } catch (EPropertyNotFound e) { + log(ILogger.LL_FAILURE, CMS.getLogMessage("CRL_CREATE_HOLD_UNDEFINED", e.toString())); + } catch (EBaseException e) { + log(ILogger.LL_FAILURE, CMS.getLogMessage("CRL_CREATE_HOLD_INVALID", e.toString())); + } + + ObjectIdentifier holdInstr = HoldInstructionExtension.NONE_HOLD_INSTR_OID; + + if (instruction != null) { + if (instruction.equalsIgnoreCase(PROP_INSTR_CALLISSUER)) { + holdInstr = HoldInstructionExtension.CALL_ISSUER_HOLD_INSTR_OID; + } else if (instruction.equalsIgnoreCase(PROP_INSTR_REJECT)) { + holdInstr = HoldInstructionExtension.REJECT_HOLD_INSTR_OID; + } + } + try { + holdInstrExt = new HoldInstructionExtension(Boolean.valueOf(critical), + holdInstr); + } catch (IOException e) { + log(ILogger.LL_FAILURE, CMS.getLogMessage("CRL_CREATE_HOLD_INSTR_EXT", e.toString())); + } + + return holdInstrExt; + } + + public String getCRLExtOID() { + return PKIXExtensions.HoldInstructionCode_Id.toString(); + } + + public void getConfigParams(IConfigStore config, NameValuePairs nvp) { + String instruction = null; + + try { + instruction = config.getString(PROP_INSTR); + } catch (EPropertyNotFound e) { + log(ILogger.LL_FAILURE, CMS.getLogMessage("CRL_CREATE_HOLD_UNDEFINED", e.toString())); + } catch (EBaseException e) { + log(ILogger.LL_FAILURE, CMS.getLogMessage("CRL_CREATE_HOLD_INVALID", e.toString())); + } + if (instruction != null) { + if (!(instruction.equalsIgnoreCase(PROP_INSTR_NONE) || + instruction.equalsIgnoreCase(PROP_INSTR_CALLISSUER) || + instruction.equalsIgnoreCase(PROP_INSTR_REJECT))) { + instruction = PROP_INSTR_NONE; + } + } else { + instruction = PROP_INSTR_NONE; + } + nvp.put(PROP_INSTR, instruction); + } + + public String[] getExtendedPluginInfo(Locale locale) { + String[] params = { + //"type;choice(CRLExtension,CRLEntryExtension);"+ + //"CRL Entry Extension type. This field is not editable.", + "enable;boolean;Check to enable Hold Instruction CRL entry extension.", + "critical;boolean;Set criticality for Hold Instruction CRL entry extension.", + PROP_INSTR + ";choice(" + PROP_INSTR_NONE + "," + PROP_INSTR_CALLISSUER + "," + + PROP_INSTR_REJECT + ");Select hold instruction code.", + IExtendedPluginInfo.HELP_TOKEN + + ";configuration-ca-edit-crlextension-holdinstruction", + IExtendedPluginInfo.HELP_TEXT + + ";The hold instruction code is a non-critical CRL entry " + + "extension that provides a registered instruction identifier " + + "which indicates the action to be taken after encountering " + + "a certificate that has been placed on hold." + }; + + return params; + } + + private void log(int level, String msg) { + mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_CA, level, + "CMSHoldInstructionExtension - " + msg); + } +} diff --git a/base/common/src/com/netscape/cms/crl/CMSInvalidityDateExtension.java b/base/common/src/com/netscape/cms/crl/CMSInvalidityDateExtension.java new file mode 100644 index 000000000..083873c31 --- /dev/null +++ b/base/common/src/com/netscape/cms/crl/CMSInvalidityDateExtension.java @@ -0,0 +1,99 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.cms.crl; + +import java.io.IOException; +import java.util.Date; +import java.util.Locale; + +import netscape.security.x509.Extension; +import netscape.security.x509.InvalidityDateExtension; +import netscape.security.x509.PKIXExtensions; + +import com.netscape.certsrv.apps.CMS; +import com.netscape.certsrv.base.IConfigStore; +import com.netscape.certsrv.base.IExtendedPluginInfo; +import com.netscape.certsrv.ca.ICMSCRLExtension; +import com.netscape.certsrv.common.NameValuePairs; +import com.netscape.certsrv.logging.ILogger; + +/** + * This represents a invalidity date extension. + * + * @version $Revision$, $Date$ + */ +public class CMSInvalidityDateExtension + implements ICMSCRLExtension, IExtendedPluginInfo { + private ILogger mLogger = CMS.getLogger(); + + public CMSInvalidityDateExtension() { + } + + public Extension setCRLExtensionCriticality(Extension ext, + boolean critical) { + InvalidityDateExtension invalidityDateExt = null; + + try { + Date invalidityDate = ((InvalidityDateExtension) ext).getInvalidityDate(); + + invalidityDateExt = new InvalidityDateExtension(Boolean.valueOf(critical), + invalidityDate); + } catch (IOException e) { + log(ILogger.LL_FAILURE, CMS.getLogMessage("CRL_CREATE_INVALIDITY_DATE_EXT", e.toString())); + } + return invalidityDateExt; + } + + public Extension getCRLExtension(IConfigStore config, + Object crlIssuingPoint, + boolean critical) { + InvalidityDateExtension invalidityDateExt = null; + + return invalidityDateExt; + } + + public String getCRLExtOID() { + return PKIXExtensions.InvalidityDate_Id.toString(); + } + + public void getConfigParams(IConfigStore config, NameValuePairs nvp) { + } + + public String[] getExtendedPluginInfo(Locale locale) { + String[] params = { + //"type;choice(CRLExtension,CRLEntryExtension);"+ + //"CRL Entry Extension type. This field is not editable.", + "enable;boolean;Check to enable Invalidity Date CRL entry extension.", + "critical;boolean;Set criticality for Invalidity Date CRL entry extension.", + IExtendedPluginInfo.HELP_TOKEN + + ";configuration-ca-edit-crlextension-invaliditydate", + IExtendedPluginInfo.HELP_TEXT + + ";The invalidity date is a non-critical CRL entry extension " + + "that provides the date on which it is known or suspected " + + "that the private key was compromised or that the certificate" + + " otherwise became invalid." + }; + + return params; + } + + private void log(int level, String msg) { + mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_CA, level, + "CMSInvalidityDateExtension - " + msg); + } +} diff --git a/base/common/src/com/netscape/cms/crl/CMSIssuerAlternativeNameExtension.java b/base/common/src/com/netscape/cms/crl/CMSIssuerAlternativeNameExtension.java new file mode 100644 index 000000000..64252a0b9 --- /dev/null +++ b/base/common/src/com/netscape/cms/crl/CMSIssuerAlternativeNameExtension.java @@ -0,0 +1,284 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.cms.crl; + +import java.io.ByteArrayInputStream; +import java.io.IOException; +import java.util.Locale; + +import netscape.security.util.DerValue; +import netscape.security.util.ObjectIdentifier; +import netscape.security.x509.DNSName; +import netscape.security.x509.EDIPartyName; +import netscape.security.x509.Extension; +import netscape.security.x509.GeneralName; +import netscape.security.x509.GeneralNames; +import netscape.security.x509.IPAddressName; +import netscape.security.x509.IssuerAlternativeNameExtension; +import netscape.security.x509.OIDName; +import netscape.security.x509.PKIXExtensions; +import netscape.security.x509.RFC822Name; +import netscape.security.x509.URIName; +import netscape.security.x509.X500Name; + +import com.netscape.certsrv.apps.CMS; +import com.netscape.certsrv.base.EBaseException; +import com.netscape.certsrv.base.EPropertyNotFound; +import com.netscape.certsrv.base.IConfigStore; +import com.netscape.certsrv.base.IExtendedPluginInfo; +import com.netscape.certsrv.ca.ICMSCRLExtension; +import com.netscape.certsrv.common.NameValuePairs; +import com.netscape.certsrv.logging.ILogger; +import com.netscape.cmsutil.util.Utils; + +/** + * This represents a issuer alternative name extension. + * + * @version $Revision$, $Date$ + */ +public class CMSIssuerAlternativeNameExtension + implements ICMSCRLExtension, IExtendedPluginInfo { + private static final String PROP_RFC822_NAME = "rfc822Name"; + private static final String PROP_DNS_NAME = "dNSName"; + private static final String PROP_DIR_NAME = "directoryName"; + private static final String PROP_EDI_NAME = "ediPartyName"; + private static final String PROP_URI_NAME = "URI"; + private static final String PROP_IP_NAME = "iPAddress"; + private static final String PROP_OID_NAME = "OID"; + private static final String PROP_OTHER_NAME = "otherName"; + + private ILogger mLogger = CMS.getLogger(); + + public CMSIssuerAlternativeNameExtension() { + } + + public Extension setCRLExtensionCriticality(Extension ext, + boolean critical) { + IssuerAlternativeNameExtension issuerAltNameExt = null; + GeneralNames names = null; + + try { + names = (GeneralNames) ((IssuerAlternativeNameExtension) ext) + .get(IssuerAlternativeNameExtension.ISSUER_NAME); + issuerAltNameExt = new IssuerAlternativeNameExtension(Boolean.valueOf(critical), names); + } catch (IOException e) { + log(ILogger.LL_FAILURE, CMS.getLogMessage("CRL_CREATE_ISSUER_ALT_NAME_EXT", e.toString())); + } + return issuerAltNameExt; + } + + public Extension getCRLExtension(IConfigStore config, + Object ip, + boolean critical) { + IssuerAlternativeNameExtension issuerAltNameExt = null; + int numNames = 0; + + try { + numNames = config.getInteger("numNames", 0); + } catch (EBaseException e) { + log(ILogger.LL_FAILURE, CMS.getLogMessage("CRL_CREATE_ISSUER_INVALID_NUM_NAMES", e.toString())); + } + if (numNames > 0) { + GeneralNames names = new GeneralNames(); + + for (int i = 0; i < numNames; i++) { + String nameType = null; + + try { + nameType = config.getString("nameType" + i); + } catch (EPropertyNotFound e) { + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CRL_CREATE_ISSUER_UNDEFINED_TYPE", Integer.toString(i), e.toString())); + } catch (EBaseException e) { + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CRL_CREATE_ISSUER_INVALID_TYPE", Integer.toString(i), e.toString())); + } + + if (nameType != null && nameType.length() > 0) { + String name = null; + + try { + name = config.getString("name" + i); + } catch (EPropertyNotFound e) { + log(ILogger.LL_FAILURE, CMS.getLogMessage("CRL_CREATE_ISSUER_UNDEFINED_TYPE", + Integer.toString(i), e.toString())); + } catch (EBaseException e) { + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CRL_CREATE_ISSUER_INVALID_TYPE", Integer.toString(i), e.toString())); + } + + if (name != null && name.length() > 0) { + if (nameType.equalsIgnoreCase(PROP_DIR_NAME)) { + try { + X500Name dirName = new X500Name(name); + + names.addElement(dirName); + } catch (IOException e) { + log(ILogger.LL_FAILURE, CMS.getLogMessage("CRL_CREATE_INVALID_500NAME", e.toString())); + } + } else if (nameType.equalsIgnoreCase(PROP_RFC822_NAME)) { + RFC822Name rfc822Name = new RFC822Name(name); + + names.addElement(rfc822Name); + } else if (nameType.equalsIgnoreCase(PROP_DNS_NAME)) { + DNSName dnsName = new DNSName(name); + + names.addElement(dnsName); + } else if (nameType.equalsIgnoreCase(PROP_EDI_NAME)) { + EDIPartyName ediName = new EDIPartyName(name); + + names.addElement(ediName); + } else if (nameType.equalsIgnoreCase(PROP_URI_NAME)) { + URIName uriName = new URIName(name); + + names.addElement(uriName); + } else if (nameType.equalsIgnoreCase(PROP_IP_NAME)) { + IPAddressName ipName = new IPAddressName(name); + + names.addElement(ipName); + } else if (nameType.equalsIgnoreCase(PROP_OID_NAME)) { + ObjectIdentifier oid = new ObjectIdentifier(name); + OIDName oidNmae = new OIDName(oid); + + names.addElement(oidNmae); + } else if (nameType.equalsIgnoreCase(PROP_OTHER_NAME)) { + + try { + byte[] val = Utils.base64decode(name); + DerValue derVal = new DerValue(new ByteArrayInputStream(val)); + GeneralName generalName = new GeneralName(derVal); + + names.addElement(generalName); + } catch (IOException e) { + log(ILogger.LL_FAILURE, CMS.getLogMessage("CRL_INVALID_OTHER_NAME", e.toString())); + } + } else { + log(ILogger.LL_FAILURE, CMS.getLogMessage("CRL_CREATE_ISSUER_INVALID_TYPE", nameType, "")); + } + } + } + } + + if (names.size() > 0) { + try { + issuerAltNameExt = new IssuerAlternativeNameExtension( + Boolean.valueOf(critical), names); + } catch (IOException e) { + log(ILogger.LL_FAILURE, CMS.getLogMessage("CRL_CREATE_ISSUER_ALT_NAME_EXT", e.toString())); + } + } + } + + return issuerAltNameExt; + } + + public String getCRLExtOID() { + return PKIXExtensions.IssuerAlternativeName_Id.toString(); + } + + public void getConfigParams(IConfigStore config, NameValuePairs nvp) { + int numNames = 0; + + try { + numNames = config.getInteger("numNames", 0); + } catch (EBaseException e) { + log(ILogger.LL_FAILURE, "Invalid numNames property for CRL " + + "IssuerAlternativeName extension - " + e); + } + nvp.put("numNames", String.valueOf(numNames)); + + for (int i = 0; i < numNames; i++) { + String nameType = null; + + try { + nameType = config.getString("nameType" + i); + } catch (EPropertyNotFound e) { + log(ILogger.LL_FAILURE, "Undefined nameType" + i + " property for " + + "CRL IssuerAlternativeName extension - " + e); + } catch (EBaseException e) { + log(ILogger.LL_FAILURE, "Invalid nameType" + i + " property for " + + "CRL IssuerAlternativeName extension - " + e); + } + + if (nameType != null && nameType.length() > 0) { + nvp.put("nameType" + i, nameType); + } else { + nvp.put("nameType" + i, ""); + } + + String name = null; + + try { + name = config.getString("name" + i); + } catch (EPropertyNotFound e) { + log(ILogger.LL_FAILURE, "Undefined name" + i + " property for " + + "CRL IssuerAlternativeName extension - " + e); + } catch (EBaseException e) { + log(ILogger.LL_FAILURE, "Invalid name" + i + " property for " + + "CRL IssuerAlternativeName extension - " + e); + } + + if (name != null && name.length() > 0) { + nvp.put("name" + i, name); + } else { + nvp.put("name" + i, ""); + } + } + + if (numNames < 3) { + for (int i = numNames; i < 3; i++) { + nvp.put("nameType" + i, ""); + nvp.put("name" + i, ""); + } + } + } + + public String[] getExtendedPluginInfo(Locale locale) { + String[] params = { + //"type;choice(CRLExtension,CRLEntryExtension);"+ + //"CRL Extension type. This field is not editable.", + "enable;boolean;Check to enable Issuer Alternative Name CRL extension.", + "critical;boolean;Set criticality for Issuer Alternative Name CRL extension.", + "numNames;number;Set number of alternative names for the CRL issuer.", + "nameType0;choice(" + PROP_RFC822_NAME + "," + PROP_DIR_NAME + "," + PROP_DNS_NAME + "," + + PROP_EDI_NAME + "," + PROP_URI_NAME + "," + PROP_IP_NAME + "," + PROP_OID_NAME + "," + + PROP_OTHER_NAME + ");Select Issuer Alternative Name type.", + "name0;string;Enter Issuer Alternative Name corresponding to the selected name type.", + "nameType1;choice(" + PROP_RFC822_NAME + "," + PROP_DIR_NAME + "," + PROP_DNS_NAME + "," + + PROP_EDI_NAME + "," + PROP_URI_NAME + "," + PROP_IP_NAME + "," + PROP_OID_NAME + "," + + PROP_OTHER_NAME + ");Select Issuer Alternative Name type.", + "name1;string;Enter Issuer Alternative Name corresponding to the selected name type.", + "nameType2;choice(" + PROP_RFC822_NAME + "," + PROP_DIR_NAME + "," + PROP_DNS_NAME + "," + + PROP_EDI_NAME + "," + PROP_URI_NAME + "," + PROP_IP_NAME + "," + PROP_OID_NAME + "," + + PROP_OTHER_NAME + ");Select Issuer Alternative Name type.", + "name2;string;Enter Issuer Alternative Name corresponding to the selected name type.", + IExtendedPluginInfo.HELP_TOKEN + + ";configuration-ca-edit-crlextension-issueralternativename", + IExtendedPluginInfo.HELP_TEXT + + ";The issuer alternative names extension allows additional" + + " identities to be associated with the issuer of the CRL." + }; + + return params; + } + + private void log(int level, String msg) { + mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_CA, level, + "CMSIssuerAlternativeNameExtension - " + msg); + } +} diff --git a/base/common/src/com/netscape/cms/crl/CMSIssuingDistributionPointExtension.java b/base/common/src/com/netscape/cms/crl/CMSIssuingDistributionPointExtension.java new file mode 100644 index 000000000..4253584ce --- /dev/null +++ b/base/common/src/com/netscape/cms/crl/CMSIssuingDistributionPointExtension.java @@ -0,0 +1,332 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.cms.crl; + +import java.io.IOException; +import java.util.Locale; +import java.util.StringTokenizer; + +import netscape.security.util.BitArray; +import netscape.security.x509.Extension; +import netscape.security.x509.GeneralNames; +import netscape.security.x509.GeneralNamesException; +import netscape.security.x509.IssuingDistributionPoint; +import netscape.security.x509.IssuingDistributionPointExtension; +import netscape.security.x509.PKIXExtensions; +import netscape.security.x509.RDN; +import netscape.security.x509.URIName; +import netscape.security.x509.X500Name; + +import com.netscape.certsrv.apps.CMS; +import com.netscape.certsrv.base.EBaseException; +import com.netscape.certsrv.base.EPropertyNotFound; +import com.netscape.certsrv.base.IConfigStore; +import com.netscape.certsrv.base.IExtendedPluginInfo; +import com.netscape.certsrv.ca.ICMSCRLExtension; +import com.netscape.certsrv.common.NameValuePairs; +import com.netscape.certsrv.logging.ILogger; + +/** + * This represents a issuing distribution point extension. + * + * @version $Revision$, $Date$ + */ +public class CMSIssuingDistributionPointExtension + implements ICMSCRLExtension, IExtendedPluginInfo { + public static final String PROP_POINTTYPE = "pointType"; + public static final String PROP_POINTNAME = "pointName"; + public static final String PROP_DIRNAME = "DirectoryName"; + public static final String PROP_URINAME = "URI"; + public static final String PROP_RDNNAME = "RelativeToIssuer"; + public static final String PROP_CACERTS = "onlyContainsCACerts"; + public static final String PROP_USERCERTS = "onlyContainsUserCerts"; + public static final String PROP_INDIRECT = "indirectCRL"; + public static final String PROP_REASONS = "onlySomeReasons"; + + private static final String[] reasonFlags = { "unused", + "keyCompromise", + "cACompromise", + "affiliationChanged", + "superseded", + "cessationOfOperation", + "certificateHold", + "privilegeWithdrawn" }; + + private ILogger mLogger = CMS.getLogger(); + + public CMSIssuingDistributionPointExtension() { + } + + public Extension setCRLExtensionCriticality(Extension ext, + boolean critical) { + IssuingDistributionPointExtension issuingDPointExt = + (IssuingDistributionPointExtension) ext; + + issuingDPointExt.setCritical(critical); + + return issuingDPointExt; + } + + public Extension getCRLExtension(IConfigStore config, + Object ip, + boolean critical) { + + CMS.debug("in CMSIssuingDistributionPointExtension::getCRLExtension."); + IssuingDistributionPointExtension issuingDPointExt = null; + IssuingDistributionPoint issuingDPoint = new IssuingDistributionPoint(); + + GeneralNames names = new GeneralNames(); + RDN rdnName = null; + + String pointType = null; + + try { + pointType = config.getString(PROP_POINTTYPE); + } catch (EPropertyNotFound e) { + log(ILogger.LL_FAILURE, CMS.getLogMessage("CRL_CREATE_DIST_POINT_UNDEFINED", e.toString())); + } catch (EBaseException e) { + log(ILogger.LL_FAILURE, CMS.getLogMessage("CRL_CREATE_DIST_POINT_INVALID", e.toString())); + } + + if (pointType != null) { + String pointName = null; + + try { + pointName = config.getString(PROP_POINTNAME); + } catch (EPropertyNotFound e) { + log(ILogger.LL_FAILURE, CMS.getLogMessage("CRL_CREATE_DIST_POINT_UNDEFINED", e.toString())); + } catch (EBaseException e) { + log(ILogger.LL_FAILURE, CMS.getLogMessage("CRL_CREATE_DIST_POINT_INVALID", e.toString())); + } + + if (pointName != null && pointName.length() > 0) { + if (pointType.equalsIgnoreCase(PROP_RDNNAME)) { + try { + rdnName = new RDN(pointName); + } catch (IOException e) { + log(ILogger.LL_FAILURE, CMS.getLogMessage("CRL_CREATE_RDN", e.toString())); + } + } else if (pointType.equalsIgnoreCase(PROP_DIRNAME)) { + try { + X500Name dirName = new X500Name(pointName); + + names.addElement(dirName); + } catch (IOException e) { + log(ILogger.LL_FAILURE, CMS.getLogMessage("CRL_CREATE_INVALID_500NAME", e.toString())); + } + } else if (pointType.equalsIgnoreCase(PROP_URINAME)) { + URIName uriName = new URIName(pointName); + + names.addElement(uriName); + } else { + log(ILogger.LL_FAILURE, CMS.getLogMessage("CRL_INVALID_POTINT_TYPE", pointType)); + } + } + } + + if (rdnName != null) { + issuingDPoint.setRelativeName(rdnName); + } else if (names.size() > 0) { + try { + issuingDPoint.setFullName(names); + } catch (IOException e) { + log(ILogger.LL_FAILURE, CMS.getLogMessage("CRL_CANNOT_SET_NAME", e.toString())); + } catch (GeneralNamesException e) { + log(ILogger.LL_FAILURE, CMS.getLogMessage("CRL_CANNOT_SET_NAME", e.toString())); + } + } + + String reasons = null; + + try { + reasons = config.getString(PROP_REASONS, null); + } catch (EBaseException e) { + log(ILogger.LL_FAILURE, CMS.getLogMessage("CRL_INVALID_PROPERTY", PROP_REASONS, e.toString())); + } + if (reasons != null && reasons.length() > 0) { + + boolean[] bits = { false, false, false, false, false, false, false }; + int k = 0; + StringTokenizer st = new StringTokenizer(reasons, ","); + + while (st.hasMoreTokens()) { + String bitName = st.nextToken(); + + for (int i = 1; i < reasonFlags.length; i++) { + if (bitName.equalsIgnoreCase(reasonFlags[i])) { + bits[i] = true; + k++; + break; + } + } + } + if (k > 0) { + BitArray ba = new BitArray(bits); + + issuingDPoint.setOnlySomeReasons(ba); + } + + } + + try { + boolean caCertsOnly = config.getBoolean(PROP_CACERTS, false); + + if (caCertsOnly) + issuingDPoint.setOnlyContainsCACerts(caCertsOnly); + } catch (EBaseException e) { + log(ILogger.LL_FAILURE, CMS.getLogMessage("CRL_INVALID_PROPERTY", "caCertsOnly", e.toString())); + } + try { + boolean userCertsOnly = config.getBoolean(PROP_USERCERTS, false); + + if (userCertsOnly) + issuingDPoint.setOnlyContainsUserCerts(userCertsOnly); + } catch (EBaseException e) { + log(ILogger.LL_FAILURE, CMS.getLogMessage("CRL_INVALID_PROPERTY", "userCertsOnly", e.toString())); + } + try { + boolean indirectCRL = config.getBoolean(PROP_INDIRECT, false); + + if (indirectCRL) + issuingDPoint.setIndirectCRL(indirectCRL); + } catch (EBaseException e) { + log(ILogger.LL_FAILURE, CMS.getLogMessage("CRL_INVALID_PROPERTY", "indirectCRL", e.toString())); + } + + issuingDPointExt = new IssuingDistributionPointExtension(issuingDPoint); + issuingDPointExt.setCritical(critical); + + return issuingDPointExt; + } + + public String getCRLExtOID() { + return PKIXExtensions.IssuingDistributionPoint_Id.toString(); + } + + public void getConfigParams(IConfigStore config, NameValuePairs nvp) { + String pointType = null; + + try { + pointType = config.getString(PROP_POINTTYPE); + } catch (EPropertyNotFound e) { + log(ILogger.LL_FAILURE, CMS.getLogMessage("CRL_CREATE_DIST_POINT_UNDEFINED", e.toString())); + } catch (EBaseException e) { + log(ILogger.LL_FAILURE, CMS.getLogMessage("CRL_CREATE_DIST_POINT_INVALID", e.toString())); + } + if (pointType != null && pointType.length() > 0) { + nvp.put("pointType", pointType); + } else { + nvp.put("pointType", ""); + } + + String pointName = null; + + try { + pointName = config.getString(PROP_POINTNAME); + } catch (EPropertyNotFound e) { + log(ILogger.LL_FAILURE, CMS.getLogMessage("CRL_CREATE_DIST_POINT_UNDEFINED", e.toString())); + } catch (EBaseException e) { + log(ILogger.LL_FAILURE, CMS.getLogMessage("CRL_CREATE_DIST_POINT_INVALID", e.toString())); + } + if (pointName != null && pointName.length() > 0) { + nvp.put("pointName", pointName); + } else { + nvp.put("pointName", ""); + } + + String reasons = null; + + try { + reasons = config.getString(PROP_REASONS, null); + } catch (EBaseException e) { + log(ILogger.LL_FAILURE, CMS.getLogMessage("CRL_INVALID_PROPERTY", PROP_REASONS, e.toString())); + } + if (reasons != null && reasons.length() > 0) { + nvp.put(PROP_REASONS, reasons); + } else { + nvp.put(PROP_REASONS, ""); + } + + try { + boolean caCertsOnly = config.getBoolean(PROP_CACERTS, false); + + nvp.put(PROP_CACERTS, String.valueOf(caCertsOnly)); + } catch (EBaseException e) { + nvp.put(PROP_CACERTS, "false"); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CRL_INVALID_PROPERTY", "caCertsOnly", e.toString())); + } + // Disable these for now unitl we support them fully + /* + try { + boolean userCertsOnly = config.getBoolean(PROP_USERCERTS, false); + + nvp.add(PROP_USERCERTS, String.valueOf(userCertsOnly)); + } catch (EBaseException e) { + nvp.add(PROP_USERCERTS, "false"); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CRL_INVALID_PROPERTY", "userCertsOnly", e.toString())); + } + + try { + boolean indirectCRL = config.getBoolean(PROP_INDIRECT, false); + + nvp.add(PROP_INDIRECT, String.valueOf(indirectCRL)); + } catch (EBaseException e) { + nvp.add(PROP_INDIRECT, "false"); + log(ILogger.LL_FAILURE, CMS.getLogMessage("CRL_INVALID_PROPERTY", "indirectCRL", e.toString())); + } + */ + } + + public String[] getExtendedPluginInfo(Locale locale) { + StringBuffer sb_reasons = new StringBuffer(); + sb_reasons.append(reasonFlags[1]); + + for (int i = 2; i < reasonFlags.length; i++) { + sb_reasons.append(", "); + sb_reasons.append(reasonFlags[i]); + } + String[] params = { + //"type;choice(CRLExtension,CRLEntryExtension);"+ + //"CRL Extension type. This field is not editable.", + "enable;boolean;Check to enable Issuing Distribution Point CRL extension.", + "critical;boolean;Set criticality for Issuing Distribution Point CRL extension.", + PROP_POINTTYPE + ";choice(" + PROP_DIRNAME + "," + PROP_URINAME + "," + + PROP_RDNNAME + ");Select Issuing Distribution Point name type.", + PROP_POINTNAME + ";string;Enter Issuing Distribution Point name " + + "corresponding to the selected point type.", + PROP_REASONS + ";string;Select any combination of the following reasons: " + + sb_reasons.toString(), + PROP_CACERTS + ";boolean;Check if CRL contains CA certificates only", + // Remove these from the UI until they can be supported fully. + // PROP_USERCERTS + ";boolean;Check if CRL contains user certificates only", + // PROP_INDIRECT + ";boolean;Check if CRL is built indirectly.", + IExtendedPluginInfo.HELP_TOKEN + + ";configuration-ca-edit-crlextension-issuingdistributionpoint", + IExtendedPluginInfo.HELP_TEXT + + ";The issuing distribution point is a critical CRL extension " + + "that identifies the CRL distribution point for a particular CRL." + }; + + return params; + } + + private void log(int level, String msg) { + mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_CA, level, + "CMSIssuingDistributionPointExtension - " + msg); + } +} |