diff options
author | Ade Lee <alee@redhat.com> | 2011-12-07 16:58:12 -0500 |
---|---|---|
committer | Ade Lee <alee@redhat.com> | 2011-12-07 16:58:12 -0500 |
commit | 32150d3ee32f8ac27118af7c792794b538c78a2f (patch) | |
tree | 52dd96f664a6fa51be25b28b6f10adc5f2c9f660 /pki/base/common/src/com/netscape/cms/policy/extensions/CRLDistributionPointsExt.java | |
parent | f05d58a46795553beb8881039cc922974b40db34 (diff) | |
download | pki-32150d3ee32f8ac27118af7c792794b538c78a2f.tar.gz pki-32150d3ee32f8ac27118af7c792794b538c78a2f.tar.xz pki-32150d3ee32f8ac27118af7c792794b538c78a2f.zip |
Formatting
Formatted project according to eclipse project settings
Diffstat (limited to 'pki/base/common/src/com/netscape/cms/policy/extensions/CRLDistributionPointsExt.java')
-rw-r--r-- | pki/base/common/src/com/netscape/cms/policy/extensions/CRLDistributionPointsExt.java | 193 |
1 files changed, 108 insertions, 85 deletions
diff --git a/pki/base/common/src/com/netscape/cms/policy/extensions/CRLDistributionPointsExt.java b/pki/base/common/src/com/netscape/cms/policy/extensions/CRLDistributionPointsExt.java index cec8051b8..400a6d35c 100644 --- a/pki/base/common/src/com/netscape/cms/policy/extensions/CRLDistributionPointsExt.java +++ b/pki/base/common/src/com/netscape/cms/policy/extensions/CRLDistributionPointsExt.java @@ -17,7 +17,6 @@ // --- END COPYRIGHT BLOCK --- package com.netscape.cms.policy.extensions; - import java.io.IOException; import java.security.cert.CertificateException; import java.util.Hashtable; @@ -50,18 +49,18 @@ import com.netscape.certsrv.request.IRequest; import com.netscape.certsrv.request.PolicyResult; import com.netscape.cms.policy.APolicyRule; - /** - * The type of the distribution point or issuer name. The name is expressed - * as a simple string in the configuration file, so this attribute is needed - * to tell whether the simple string should be stored in an X.500 Name, - * a URL, or an RDN. + * The type of the distribution point or issuer name. The name is expressed as a + * simple string in the configuration file, so this attribute is needed to tell + * whether the simple string should be stored in an X.500 Name, a URL, or an + * RDN. * <P> + * * <PRE> * NOTE: The Policy Framework has been replaced by the Profile Framework. * </PRE> * <P> - * + * * @deprecated * @version $Revision$, $Date$ */ @@ -69,7 +68,7 @@ class NameType { private NameType() { } // no default constructor - private String stringRep; // string representation of this type + private String stringRep; // string representation of this type private NameType(String s) { map.put(s, this); @@ -79,8 +78,8 @@ class NameType { private static Hashtable map = new Hashtable(); /** - * Looks up a NameType from its string representation. Returns null - * if no matching NameType was found. + * Looks up a NameType from its string representation. Returns null if no + * matching NameType was found. */ public static NameType fromString(String s) { return (NameType) map.get(s); @@ -92,15 +91,14 @@ class NameType { public static final NameType DIRECTORY_NAME = new NameType("DirectoryName"); public static final NameType URI = new NameType("URI"); - public static final NameType RELATIVE_TO_ISSUER = - new NameType("RelativeToIssuer"); + public static final NameType RELATIVE_TO_ISSUER = new NameType( + "RelativeToIssuer"); } - /** - * These are the parameters that may be given in the configuration file - * for each distribution point. They are parsed by DPParamsToDP(). - * Any of them may be null. + * These are the parameters that may be given in the configuration file for each + * distribution point. They are parsed by DPParamsToDP(). Any of them may be + * null. */ class DistPointParams { public String pointName; @@ -124,13 +122,12 @@ class DistPointParams { } - /** - * CRL Distribution Points policy. - * Adds the CRL Distribution Points extension to the certificate. + * CRL Distribution Points policy. Adds the CRL Distribution Points extension to + * the certificate. */ -public class CRLDistributionPointsExt extends APolicyRule - implements IEnrollmentPolicy, IExtendedPluginInfo { +public class CRLDistributionPointsExt extends APolicyRule implements + IEnrollmentPolicy, IExtendedPluginInfo { public static final String PROP_IS_CRITICAL = "critical"; public static final String PROP_NUM_POINTS = "numPoints"; @@ -172,32 +169,40 @@ public class CRLDistributionPointsExt extends APolicyRule // should replace MAX_POINTS with mNumPoints if bug 385118 is fixed for (int i = 0; i < MAX_POINTS; i++) { - v.addElement(PROP_POINT_TYPE + Integer.toString(i) + ";choice(" + - "DirectoryName,URI,RelativeToIssuer);" + - "The type of the CRL distribution point."); - v.addElement(PROP_POINT_NAME + Integer.toString(i) + ";string;" + - "The name of the CRL distribution point depending on the CRLDP type."); - v.addElement(PROP_REASONS + Integer.toString(i) + ";string;" + - "The revocation reasons for the CRL maintained at this distribution point. It's a comma-seperated list of the following constants: unused, keyCompromise, cACompromise, affiliationChanged, superseded, cessationOfOperation, certificateHold."); - v.addElement(PROP_ISSUER_TYPE + Integer.toString(i) + ";choice(" + - "DirectoryName,URI);" + - "The type of the issuer that has signed the CRL maintained at this distribution point."); - v.addElement(PROP_ISSUER_NAME + Integer.toString(i) + ";string;" + - "The name of the issuer that has signed the CRL maintained at this distribution point. The value depends on the issuer type."); + v.addElement(PROP_POINT_TYPE + Integer.toString(i) + ";choice(" + + "DirectoryName,URI,RelativeToIssuer);" + + "The type of the CRL distribution point."); + v.addElement(PROP_POINT_NAME + + Integer.toString(i) + + ";string;" + + "The name of the CRL distribution point depending on the CRLDP type."); + v.addElement(PROP_REASONS + + Integer.toString(i) + + ";string;" + + "The revocation reasons for the CRL maintained at this distribution point. It's a comma-seperated list of the following constants: unused, keyCompromise, cACompromise, affiliationChanged, superseded, cessationOfOperation, certificateHold."); + v.addElement(PROP_ISSUER_TYPE + + Integer.toString(i) + + ";choice(" + + "DirectoryName,URI);" + + "The type of the issuer that has signed the CRL maintained at this distribution point."); + v.addElement(PROP_ISSUER_NAME + + Integer.toString(i) + + ";string;" + + "The name of the issuer that has signed the CRL maintained at this distribution point. The value depends on the issuer type."); } - v.addElement(PROP_NUM_POINTS + - ";number;The total number of CRL distribution points to be contained or allowed in the extension."); - v.addElement(PROP_IS_CRITICAL + - ";boolean;RFC 2459 recommendation: SHOULD be non-critical. But recommends support for this extension by CAs and applications."); - v.addElement(IExtendedPluginInfo.HELP_TOKEN + - ";configuration-policyrules-crldistributionpoints"); - v.addElement(IExtendedPluginInfo.HELP_TEXT + - ";This policy inserts the CRL Distribution Points " + - "Extension into the certificate. See RFC 2459 (4.2.1.14). " - ); - - mExtParams = com.netscape.cmsutil.util.Utils.getStringArrayFromVector(v); + v.addElement(PROP_NUM_POINTS + + ";number;The total number of CRL distribution points to be contained or allowed in the extension."); + v.addElement(PROP_IS_CRITICAL + + ";boolean;RFC 2459 recommendation: SHOULD be non-critical. But recommends support for this extension by CAs and applications."); + v.addElement(IExtendedPluginInfo.HELP_TOKEN + + ";configuration-policyrules-crldistributionpoints"); + v.addElement(IExtendedPluginInfo.HELP_TEXT + + ";This policy inserts the CRL Distribution Points " + + "Extension into the certificate. See RFC 2459 (4.2.1.14). "); + + mExtParams = com.netscape.cmsutil.util.Utils + .getStringArrayFromVector(v); } public String[] getExtendedPluginInfo(Locale locale) { @@ -212,13 +217,13 @@ public class CRLDistributionPointsExt extends APolicyRule * Performs one-time initialization of the policy. */ public void init(ISubsystem owner, IConfigStore config) - throws EBaseException { + throws EBaseException { // Register the CRL Distribution Points extension. try { netscape.security.x509.OIDMap.addAttribute( - CRLDistributionPointsExtension.class.getName(), - CRLDistributionPointsExtension.OID, - CRLDistributionPointsExtension.NAME); + CRLDistributionPointsExtension.class.getName(), + CRLDistributionPointsExtension.OID, + CRLDistributionPointsExtension.NAME); } catch (CertificateException e) { // ignore, just means it has already been added } @@ -242,11 +247,15 @@ public class CRLDistributionPointsExt extends APolicyRule DistPointParams configparams = new DistPointParams(params); CRLDistributionPoint crldp = DPParamsToDP(params); - mParams.addElement(PROP_POINT_TYPE + i + "=" + configparams.pointType); - mParams.addElement(PROP_POINT_NAME + i + "=" + configparams.pointName); + mParams.addElement(PROP_POINT_TYPE + i + "=" + + configparams.pointType); + mParams.addElement(PROP_POINT_NAME + i + "=" + + configparams.pointName); mParams.addElement(PROP_REASONS + i + "=" + configparams.reasons); - mParams.addElement(PROP_ISSUER_TYPE + i + "=" + configparams.issuerType); - mParams.addElement(PROP_ISSUER_NAME + i + "=" + configparams.issuerName); + mParams.addElement(PROP_ISSUER_TYPE + i + "=" + + configparams.issuerType); + mParams.addElement(PROP_ISSUER_NAME + i + "=" + + configparams.issuerName); // add the distribution point to the extension if (mCrldpExt == null) { @@ -256,8 +265,7 @@ public class CRLDistributionPointsExt extends APolicyRule } } - boolean crit = config.getBoolean(PROP_IS_CRITICAL, - DEFAULT_CRITICALITY); + boolean crit = config.getBoolean(PROP_IS_CRITICAL, DEFAULT_CRITICALITY); mParams.addElement(PROP_IS_CRITICAL + "=" + crit); if (mCrldpExt != null) { @@ -269,11 +277,11 @@ public class CRLDistributionPointsExt extends APolicyRule } /** - * Parses the parameters in the config file to create an - * actual CRL Distribution Point object. + * Parses the parameters in the config file to create an actual CRL + * Distribution Point object. */ private CRLDistributionPoint DPParamsToDP(DistPointParams params) - throws EBaseException { + throws EBaseException { CRLDistributionPoint crlDP = new CRLDistributionPoint(); try { @@ -302,33 +310,39 @@ public class CRLDistributionPointsExt extends APolicyRule if (nType == null) { String err = "Unknown name type: " + params.pointType; - log(ILogger.LL_FAILURE, CMS.getLogMessage("CA_UNKNOWN_NAME_TYPE", params.pointType)); + log(ILogger.LL_FAILURE, CMS.getLogMessage( + "CA_UNKNOWN_NAME_TYPE", params.pointType)); throw new EBaseException(err); } if (nType == NameType.DIRECTORY_NAME) { GeneralNames gen = new GeneralNames(); - gen.addElement(new GeneralName(new X500Name(params.pointName))); + gen.addElement(new GeneralName(new X500Name( + params.pointName))); crlDP.setFullName(gen); } else if (nType == NameType.URI) { GeneralNames gen = new GeneralNames(); - gen.addElement(new GeneralName(new URIName(params.pointName))); + gen.addElement(new GeneralName( + new URIName(params.pointName))); crlDP.setFullName(gen); } else if (nType == NameType.RELATIVE_TO_ISSUER) { crlDP.setRelativeName(new RDN(params.pointName)); } else { String err = "Unknown name type: " + nType.toString(); - log(ILogger.LL_FAILURE, CMS.getLogMessage("CA_UNKNOWN_NAME_TYPE", nType.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CA_UNKNOWN_NAME_TYPE", + nType.toString())); throw new EBaseException(err); } } // deal with the reasons if (params.reasons != null) { - StringTokenizer tok = new StringTokenizer(params.reasons, ", \t"); + StringTokenizer tok = new StringTokenizer(params.reasons, + ", \t"); byte reasonBits = 0; while (tok.hasMoreTokens()) { @@ -336,15 +350,15 @@ public class CRLDistributionPointsExt extends APolicyRule Reason r = Reason.fromString(s); if (r == null) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("CA_UNKNOWN_REASON", s)); - throw new EBaseException("Unknown reason: " + s); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CA_UNKNOWN_REASON", s)); + throw new EBaseException("Unknown reason: " + s); } else { reasonBits |= r.getBitMask(); } } if (reasonBits != 0) { - BitArray ba = new BitArray(8, new byte[] { reasonBits } - ); + BitArray ba = new BitArray(8, new byte[] { reasonBits }); crlDP.setReasons(ba); } @@ -358,24 +372,29 @@ public class CRLDistributionPointsExt extends APolicyRule if (nType == null) { String err = "Unknown name type: " + params.issuerType; - log(ILogger.LL_FAILURE, CMS.getLogMessage("CA_UNKNOWN_NAME_TYPE", params.issuerType)); + log(ILogger.LL_FAILURE, CMS.getLogMessage( + "CA_UNKNOWN_NAME_TYPE", params.issuerType)); throw new EBaseException(err); } if (nType == NameType.DIRECTORY_NAME) { GeneralNames gen = new GeneralNames(); - gen.addElement(new GeneralName(new X500Name(params.issuerName))); + gen.addElement(new GeneralName(new X500Name( + params.issuerName))); crlDP.setCRLIssuer(gen); } else if (nType == NameType.URI) { GeneralNames gen = new GeneralNames(); - gen.addElement(new GeneralName(new URIName(params.issuerName))); + gen.addElement(new GeneralName(new URIName( + params.issuerName))); crlDP.setCRLIssuer(gen); } else { String err = "Unknown name type: " + nType.toString(); - log(ILogger.LL_FAILURE, CMS.getLogMessage("CA_UNKNOWN_NAME_TYPE", nType.toString())); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CA_UNKNOWN_NAME_TYPE", + nType.toString())); throw new EBaseException(err); } } @@ -420,16 +439,16 @@ public class CRLDistributionPointsExt extends APolicyRule try { // find the extensions in the certInfo - CertificateExtensions extensions = (CertificateExtensions) - certInfo.get(X509CertInfo.EXTENSIONS); + CertificateExtensions extensions = (CertificateExtensions) certInfo + .get(X509CertInfo.EXTENSIONS); // prepare the extensions data structure if (extensions == null) { - certInfo.set(X509CertInfo.VERSION, - new CertificateVersion(CertificateVersion.V3)); + certInfo.set(X509CertInfo.VERSION, new CertificateVersion( + CertificateVersion.V3)); extensions = new CertificateExtensions(); - certInfo.set(X509CertInfo.VERSION, - new CertificateVersion(CertificateVersion.V3)); + certInfo.set(X509CertInfo.VERSION, new CertificateVersion( + CertificateVersion.V3)); certInfo.set(X509CertInfo.EXTENSIONS, extensions); } else { // remove any previously computed version of the extension @@ -444,15 +463,19 @@ public class CRLDistributionPointsExt extends APolicyRule return PolicyResult.ACCEPTED; } catch (IOException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("POLICY_UNEXPECTED_POLICY_ERROR", NAME, e.getMessage())); - setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"), NAME, - e.getMessage()); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("POLICY_UNEXPECTED_POLICY_ERROR", NAME, + e.getMessage())); + setError(req, + CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"), + NAME, e.getMessage()); return PolicyResult.REJECTED; } catch (CertificateException e) { - log(ILogger.LL_FAILURE, CMS.getLogMessage("CA_CERT_INFO_ERROR", - e.getMessage())); - setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"), NAME, - e.getMessage()); + log(ILogger.LL_FAILURE, + CMS.getLogMessage("CA_CERT_INFO_ERROR", e.getMessage())); + setError(req, + CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"), + NAME, e.getMessage()); return PolicyResult.REJECTED; } } @@ -471,7 +494,7 @@ public class CRLDistributionPointsExt extends APolicyRule /** * Return configured parameters for a policy rule instance. - * + * * @return nvPairs A Vector of name/value pairs. */ public Vector getInstanceParams() { |