summaryrefslogtreecommitdiffstats
path: root/pki/base/common/src/com/netscape/cms/policy/extensions/CRLDistributionPointsExt.java
diff options
context:
space:
mode:
authorAde Lee <alee@redhat.com>2011-12-07 16:58:12 -0500
committerAde Lee <alee@redhat.com>2011-12-07 16:58:12 -0500
commit32150d3ee32f8ac27118af7c792794b538c78a2f (patch)
tree52dd96f664a6fa51be25b28b6f10adc5f2c9f660 /pki/base/common/src/com/netscape/cms/policy/extensions/CRLDistributionPointsExt.java
parentf05d58a46795553beb8881039cc922974b40db34 (diff)
downloadpki-32150d3ee32f8ac27118af7c792794b538c78a2f.tar.gz
pki-32150d3ee32f8ac27118af7c792794b538c78a2f.tar.xz
pki-32150d3ee32f8ac27118af7c792794b538c78a2f.zip
Formatting
Formatted project according to eclipse project settings
Diffstat (limited to 'pki/base/common/src/com/netscape/cms/policy/extensions/CRLDistributionPointsExt.java')
-rw-r--r--pki/base/common/src/com/netscape/cms/policy/extensions/CRLDistributionPointsExt.java193
1 files changed, 108 insertions, 85 deletions
diff --git a/pki/base/common/src/com/netscape/cms/policy/extensions/CRLDistributionPointsExt.java b/pki/base/common/src/com/netscape/cms/policy/extensions/CRLDistributionPointsExt.java
index cec8051b8..400a6d35c 100644
--- a/pki/base/common/src/com/netscape/cms/policy/extensions/CRLDistributionPointsExt.java
+++ b/pki/base/common/src/com/netscape/cms/policy/extensions/CRLDistributionPointsExt.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.policy.extensions;
-
import java.io.IOException;
import java.security.cert.CertificateException;
import java.util.Hashtable;
@@ -50,18 +49,18 @@ import com.netscape.certsrv.request.IRequest;
import com.netscape.certsrv.request.PolicyResult;
import com.netscape.cms.policy.APolicyRule;
-
/**
- * The type of the distribution point or issuer name. The name is expressed
- * as a simple string in the configuration file, so this attribute is needed
- * to tell whether the simple string should be stored in an X.500 Name,
- * a URL, or an RDN.
+ * The type of the distribution point or issuer name. The name is expressed as a
+ * simple string in the configuration file, so this attribute is needed to tell
+ * whether the simple string should be stored in an X.500 Name, a URL, or an
+ * RDN.
* <P>
+ *
* <PRE>
* NOTE: The Policy Framework has been replaced by the Profile Framework.
* </PRE>
* <P>
- *
+ *
* @deprecated
* @version $Revision$, $Date$
*/
@@ -69,7 +68,7 @@ class NameType {
private NameType() {
} // no default constructor
- private String stringRep; // string representation of this type
+ private String stringRep; // string representation of this type
private NameType(String s) {
map.put(s, this);
@@ -79,8 +78,8 @@ class NameType {
private static Hashtable map = new Hashtable();
/**
- * Looks up a NameType from its string representation. Returns null
- * if no matching NameType was found.
+ * Looks up a NameType from its string representation. Returns null if no
+ * matching NameType was found.
*/
public static NameType fromString(String s) {
return (NameType) map.get(s);
@@ -92,15 +91,14 @@ class NameType {
public static final NameType DIRECTORY_NAME = new NameType("DirectoryName");
public static final NameType URI = new NameType("URI");
- public static final NameType RELATIVE_TO_ISSUER =
- new NameType("RelativeToIssuer");
+ public static final NameType RELATIVE_TO_ISSUER = new NameType(
+ "RelativeToIssuer");
}
-
/**
- * These are the parameters that may be given in the configuration file
- * for each distribution point. They are parsed by DPParamsToDP().
- * Any of them may be null.
+ * These are the parameters that may be given in the configuration file for each
+ * distribution point. They are parsed by DPParamsToDP(). Any of them may be
+ * null.
*/
class DistPointParams {
public String pointName;
@@ -124,13 +122,12 @@ class DistPointParams {
}
-
/**
- * CRL Distribution Points policy.
- * Adds the CRL Distribution Points extension to the certificate.
+ * CRL Distribution Points policy. Adds the CRL Distribution Points extension to
+ * the certificate.
*/
-public class CRLDistributionPointsExt extends APolicyRule
- implements IEnrollmentPolicy, IExtendedPluginInfo {
+public class CRLDistributionPointsExt extends APolicyRule implements
+ IEnrollmentPolicy, IExtendedPluginInfo {
public static final String PROP_IS_CRITICAL = "critical";
public static final String PROP_NUM_POINTS = "numPoints";
@@ -172,32 +169,40 @@ public class CRLDistributionPointsExt extends APolicyRule
// should replace MAX_POINTS with mNumPoints if bug 385118 is fixed
for (int i = 0; i < MAX_POINTS; i++) {
- v.addElement(PROP_POINT_TYPE + Integer.toString(i) + ";choice(" +
- "DirectoryName,URI,RelativeToIssuer);" +
- "The type of the CRL distribution point.");
- v.addElement(PROP_POINT_NAME + Integer.toString(i) + ";string;" +
- "The name of the CRL distribution point depending on the CRLDP type.");
- v.addElement(PROP_REASONS + Integer.toString(i) + ";string;" +
- "The revocation reasons for the CRL maintained at this distribution point. It's a comma-seperated list of the following constants: unused, keyCompromise, cACompromise, affiliationChanged, superseded, cessationOfOperation, certificateHold.");
- v.addElement(PROP_ISSUER_TYPE + Integer.toString(i) + ";choice(" +
- "DirectoryName,URI);" +
- "The type of the issuer that has signed the CRL maintained at this distribution point.");
- v.addElement(PROP_ISSUER_NAME + Integer.toString(i) + ";string;" +
- "The name of the issuer that has signed the CRL maintained at this distribution point. The value depends on the issuer type.");
+ v.addElement(PROP_POINT_TYPE + Integer.toString(i) + ";choice("
+ + "DirectoryName,URI,RelativeToIssuer);"
+ + "The type of the CRL distribution point.");
+ v.addElement(PROP_POINT_NAME
+ + Integer.toString(i)
+ + ";string;"
+ + "The name of the CRL distribution point depending on the CRLDP type.");
+ v.addElement(PROP_REASONS
+ + Integer.toString(i)
+ + ";string;"
+ + "The revocation reasons for the CRL maintained at this distribution point. It's a comma-seperated list of the following constants: unused, keyCompromise, cACompromise, affiliationChanged, superseded, cessationOfOperation, certificateHold.");
+ v.addElement(PROP_ISSUER_TYPE
+ + Integer.toString(i)
+ + ";choice("
+ + "DirectoryName,URI);"
+ + "The type of the issuer that has signed the CRL maintained at this distribution point.");
+ v.addElement(PROP_ISSUER_NAME
+ + Integer.toString(i)
+ + ";string;"
+ + "The name of the issuer that has signed the CRL maintained at this distribution point. The value depends on the issuer type.");
}
- v.addElement(PROP_NUM_POINTS +
- ";number;The total number of CRL distribution points to be contained or allowed in the extension.");
- v.addElement(PROP_IS_CRITICAL +
- ";boolean;RFC 2459 recommendation: SHOULD be non-critical. But recommends support for this extension by CAs and applications.");
- v.addElement(IExtendedPluginInfo.HELP_TOKEN +
- ";configuration-policyrules-crldistributionpoints");
- v.addElement(IExtendedPluginInfo.HELP_TEXT +
- ";This policy inserts the CRL Distribution Points " +
- "Extension into the certificate. See RFC 2459 (4.2.1.14). "
- );
-
- mExtParams = com.netscape.cmsutil.util.Utils.getStringArrayFromVector(v);
+ v.addElement(PROP_NUM_POINTS
+ + ";number;The total number of CRL distribution points to be contained or allowed in the extension.");
+ v.addElement(PROP_IS_CRITICAL
+ + ";boolean;RFC 2459 recommendation: SHOULD be non-critical. But recommends support for this extension by CAs and applications.");
+ v.addElement(IExtendedPluginInfo.HELP_TOKEN
+ + ";configuration-policyrules-crldistributionpoints");
+ v.addElement(IExtendedPluginInfo.HELP_TEXT
+ + ";This policy inserts the CRL Distribution Points "
+ + "Extension into the certificate. See RFC 2459 (4.2.1.14). ");
+
+ mExtParams = com.netscape.cmsutil.util.Utils
+ .getStringArrayFromVector(v);
}
public String[] getExtendedPluginInfo(Locale locale) {
@@ -212,13 +217,13 @@ public class CRLDistributionPointsExt extends APolicyRule
* Performs one-time initialization of the policy.
*/
public void init(ISubsystem owner, IConfigStore config)
- throws EBaseException {
+ throws EBaseException {
// Register the CRL Distribution Points extension.
try {
netscape.security.x509.OIDMap.addAttribute(
- CRLDistributionPointsExtension.class.getName(),
- CRLDistributionPointsExtension.OID,
- CRLDistributionPointsExtension.NAME);
+ CRLDistributionPointsExtension.class.getName(),
+ CRLDistributionPointsExtension.OID,
+ CRLDistributionPointsExtension.NAME);
} catch (CertificateException e) {
// ignore, just means it has already been added
}
@@ -242,11 +247,15 @@ public class CRLDistributionPointsExt extends APolicyRule
DistPointParams configparams = new DistPointParams(params);
CRLDistributionPoint crldp = DPParamsToDP(params);
- mParams.addElement(PROP_POINT_TYPE + i + "=" + configparams.pointType);
- mParams.addElement(PROP_POINT_NAME + i + "=" + configparams.pointName);
+ mParams.addElement(PROP_POINT_TYPE + i + "="
+ + configparams.pointType);
+ mParams.addElement(PROP_POINT_NAME + i + "="
+ + configparams.pointName);
mParams.addElement(PROP_REASONS + i + "=" + configparams.reasons);
- mParams.addElement(PROP_ISSUER_TYPE + i + "=" + configparams.issuerType);
- mParams.addElement(PROP_ISSUER_NAME + i + "=" + configparams.issuerName);
+ mParams.addElement(PROP_ISSUER_TYPE + i + "="
+ + configparams.issuerType);
+ mParams.addElement(PROP_ISSUER_NAME + i + "="
+ + configparams.issuerName);
// add the distribution point to the extension
if (mCrldpExt == null) {
@@ -256,8 +265,7 @@ public class CRLDistributionPointsExt extends APolicyRule
}
}
- boolean crit = config.getBoolean(PROP_IS_CRITICAL,
- DEFAULT_CRITICALITY);
+ boolean crit = config.getBoolean(PROP_IS_CRITICAL, DEFAULT_CRITICALITY);
mParams.addElement(PROP_IS_CRITICAL + "=" + crit);
if (mCrldpExt != null) {
@@ -269,11 +277,11 @@ public class CRLDistributionPointsExt extends APolicyRule
}
/**
- * Parses the parameters in the config file to create an
- * actual CRL Distribution Point object.
+ * Parses the parameters in the config file to create an actual CRL
+ * Distribution Point object.
*/
private CRLDistributionPoint DPParamsToDP(DistPointParams params)
- throws EBaseException {
+ throws EBaseException {
CRLDistributionPoint crlDP = new CRLDistributionPoint();
try {
@@ -302,33 +310,39 @@ public class CRLDistributionPointsExt extends APolicyRule
if (nType == null) {
String err = "Unknown name type: " + params.pointType;
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CA_UNKNOWN_NAME_TYPE", params.pointType));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage(
+ "CA_UNKNOWN_NAME_TYPE", params.pointType));
throw new EBaseException(err);
}
if (nType == NameType.DIRECTORY_NAME) {
GeneralNames gen = new GeneralNames();
- gen.addElement(new GeneralName(new X500Name(params.pointName)));
+ gen.addElement(new GeneralName(new X500Name(
+ params.pointName)));
crlDP.setFullName(gen);
} else if (nType == NameType.URI) {
GeneralNames gen = new GeneralNames();
- gen.addElement(new GeneralName(new URIName(params.pointName)));
+ gen.addElement(new GeneralName(
+ new URIName(params.pointName)));
crlDP.setFullName(gen);
} else if (nType == NameType.RELATIVE_TO_ISSUER) {
crlDP.setRelativeName(new RDN(params.pointName));
} else {
String err = "Unknown name type: " + nType.toString();
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CA_UNKNOWN_NAME_TYPE", nType.toString()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CA_UNKNOWN_NAME_TYPE",
+ nType.toString()));
throw new EBaseException(err);
}
}
// deal with the reasons
if (params.reasons != null) {
- StringTokenizer tok = new StringTokenizer(params.reasons, ", \t");
+ StringTokenizer tok = new StringTokenizer(params.reasons,
+ ", \t");
byte reasonBits = 0;
while (tok.hasMoreTokens()) {
@@ -336,15 +350,15 @@ public class CRLDistributionPointsExt extends APolicyRule
Reason r = Reason.fromString(s);
if (r == null) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CA_UNKNOWN_REASON", s));
- throw new EBaseException("Unknown reason: " + s);
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CA_UNKNOWN_REASON", s));
+ throw new EBaseException("Unknown reason: " + s);
} else {
reasonBits |= r.getBitMask();
}
}
if (reasonBits != 0) {
- BitArray ba = new BitArray(8, new byte[] { reasonBits }
- );
+ BitArray ba = new BitArray(8, new byte[] { reasonBits });
crlDP.setReasons(ba);
}
@@ -358,24 +372,29 @@ public class CRLDistributionPointsExt extends APolicyRule
if (nType == null) {
String err = "Unknown name type: " + params.issuerType;
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CA_UNKNOWN_NAME_TYPE", params.issuerType));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage(
+ "CA_UNKNOWN_NAME_TYPE", params.issuerType));
throw new EBaseException(err);
}
if (nType == NameType.DIRECTORY_NAME) {
GeneralNames gen = new GeneralNames();
- gen.addElement(new GeneralName(new X500Name(params.issuerName)));
+ gen.addElement(new GeneralName(new X500Name(
+ params.issuerName)));
crlDP.setCRLIssuer(gen);
} else if (nType == NameType.URI) {
GeneralNames gen = new GeneralNames();
- gen.addElement(new GeneralName(new URIName(params.issuerName)));
+ gen.addElement(new GeneralName(new URIName(
+ params.issuerName)));
crlDP.setCRLIssuer(gen);
} else {
String err = "Unknown name type: " + nType.toString();
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CA_UNKNOWN_NAME_TYPE", nType.toString()));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CA_UNKNOWN_NAME_TYPE",
+ nType.toString()));
throw new EBaseException(err);
}
}
@@ -420,16 +439,16 @@ public class CRLDistributionPointsExt extends APolicyRule
try {
// find the extensions in the certInfo
- CertificateExtensions extensions = (CertificateExtensions)
- certInfo.get(X509CertInfo.EXTENSIONS);
+ CertificateExtensions extensions = (CertificateExtensions) certInfo
+ .get(X509CertInfo.EXTENSIONS);
// prepare the extensions data structure
if (extensions == null) {
- certInfo.set(X509CertInfo.VERSION,
- new CertificateVersion(CertificateVersion.V3));
+ certInfo.set(X509CertInfo.VERSION, new CertificateVersion(
+ CertificateVersion.V3));
extensions = new CertificateExtensions();
- certInfo.set(X509CertInfo.VERSION,
- new CertificateVersion(CertificateVersion.V3));
+ certInfo.set(X509CertInfo.VERSION, new CertificateVersion(
+ CertificateVersion.V3));
certInfo.set(X509CertInfo.EXTENSIONS, extensions);
} else {
// remove any previously computed version of the extension
@@ -444,15 +463,19 @@ public class CRLDistributionPointsExt extends APolicyRule
return PolicyResult.ACCEPTED;
} catch (IOException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("POLICY_UNEXPECTED_POLICY_ERROR", NAME, e.getMessage()));
- setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"), NAME,
- e.getMessage());
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("POLICY_UNEXPECTED_POLICY_ERROR", NAME,
+ e.getMessage()));
+ setError(req,
+ CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"),
+ NAME, e.getMessage());
return PolicyResult.REJECTED;
} catch (CertificateException e) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("CA_CERT_INFO_ERROR",
- e.getMessage()));
- setError(req, CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"), NAME,
- e.getMessage());
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("CA_CERT_INFO_ERROR", e.getMessage()));
+ setError(req,
+ CMS.getUserMessage("CMS_POLICY_UNEXPECTED_POLICY_ERROR"),
+ NAME, e.getMessage());
return PolicyResult.REJECTED;
}
}
@@ -471,7 +494,7 @@ public class CRLDistributionPointsExt extends APolicyRule
/**
* Return configured parameters for a policy rule instance.
- *
+ *
* @return nvPairs A Vector of name/value pairs.
*/
public Vector getInstanceParams() {
generated by cgit (git 2.34.1) at 2024-06-09 06:28:54 +0000