Add realm to requests coming in from CA

Requests to the KRA through the CA-KRA connector use the Enrollment
Service.  This has been modified to read and store any realm passed in.
The realm can be added to the request by havibg the admin add
a AuthzRealmDefault and AuthzRealmConstraint in a profile.

At this point, all the constraint does is verify that the realm is
one of a specified list of realms.  More verification will be added
in a subsequent patch.

No attempt is made yet to allow users to specify the realm.  This
would need to be added as a ProfileInput.

Part of Ticket 2041

1 files changed, 6 insertions, 0 deletions

diff --git a/base/server/cmsbundle/src/UserMessages.properties b/base/server/cmsbundle/src/UserMessages.properties
index 57c85c03d..6d24c2b88 100644
--- a/base/server/cmsbundle/src/UserMessages.properties
+++ b/base/server/cmsbundle/src/UserMessages.properties
@@ -867,6 +867,9 @@ CMS_PROFILE_SUBJECT_NAME_NOT_UNIQUE=Subject Name Not Unique {0}
 CMS_PROFILE_SIGNING_ALGORITHMS_ALLOWED=Allowed Signing Algorithms
 CMS_PROFILE_SIGNING_ALGORITHM_NOT_MATCHED=Signing Algorithm Not Matched {0}
 CMS_PROFILE_SIGNING_ALGORITHM_NOT_FOUND=Signing Algorithm Not Found
+CMS_PROFILE_AUTHZ_REALM=Authorization realm
+CMS_PROFILE_AUTHZ_REALM_NOT_MATCHED=Authorization realm not matched {0}
+CMS_PROFILE_AUTHZ_REALMS_ALLOWED=Allowed Authorization realms
 CMS_PROFILE_OIDS=Comma-Separated list of Object Identifiers
 CMS_PROFILE_SSL_CLIENT=SSL Client
 CMS_PROFILE_SSL_SERVER=SSL Server
@@ -948,6 +951,8 @@ CMS_PROFILE_CONSTRAINT_USER_SUBJECT_NAME_TEXT=This constraint accepts user subje
 CMS_PROFILE_CONSTRAINT_VALIDITY_TEXT=This constraint rejects the validity that is not between {0} days.
 CMS_PROFILE_CONSTRAINT_RENEWAL_GRACE_PERIOD_TEXT=This constraint rejects the renewal requests that are outside of the grace period {0}
 CMS_PROFILE_CONSTRAINT_VALIDITY_RENEWAL_TEXT=This constraint rejects the validity that is not between {0} days. If renewal, grace period is {1} days before and {2} days after the expiration date of the original certificate.
+CMS_PROFILE_CONSTRAINT_REALM_TEXT=This constraint accepts only specified authorization realms.
+
 CMS_PROFILE_DEF_SIA_TEXT=This default populates a Subject Info Access Extension (1.3.6.1.5.5.7.1.11) to the request. The default values are Criticality={0}, {1}
 CMS_PROFILE_DEF_AIA_TEXT=This default populates a Authority Info Access Extension (1.3.6.1.5.5.7.1.1) to the request. The default values are Criticality={0}, {1}
 CMS_PROFILE_DEF_IMAGE=This default populates the image from the user.
@@ -984,6 +989,7 @@ CMS_PROFILE_INHIBIT_ANY_POLICY_WRONG_SKIP_CERTS=The value for skipped certificat
 CMS_PROFILE_DEF_USER_EXT=This default populates a User-Supplied Extension ({0}) to the request.
 CMS_PROFILE_DEF_USER_KEY=This default populates a User-Supplied Certificate Key to the request.
 CMS_PROFILE_DEF_USER_SIGNING_ALGORITHM=This default populates a User-Supplied Certificate Signing Algorithm to the request.
+CMS_PROFILE_DEF_AUTHZ_REALM=This default populates an authorization realm.
 CMS_PROFILE_DEF_USER_SUBJECT_NAME=This default populates a User-Supplied Certificate Subject Name to the request.
 CMS_PROFILE_DEF_USER_VALIDITY=This default populates a User-Supplied Certificate Validity to the request.
 CMS_PROFILE_DEF_VALIDITY=This default populates a Certificate Validity to the request. The default values are Range={0} in days