diff options
author | PKI Team <PKI Team@c9f7a03b-bd48-0410-a16d-cbbf54688b0b> | 2008-03-18 22:36:57 +0000 |
---|---|---|
committer | PKI Team <PKI Team@c9f7a03b-bd48-0410-a16d-cbbf54688b0b> | 2008-03-18 22:36:57 +0000 |
commit | d0f2e4efbd3eb0f1d7f5a28e7f97c1fb4ec027bb (patch) | |
tree | 7e7473fae8af5ad7e6cda7eabbef787093fc59a7 /pki/base/common/src/com/netscape/cms/profile/constraint/ExtendedKeyUsageExtConstraint.java | |
parent | 273f8d85df5c31293a908185622b378c8f3cf7e8 (diff) | |
download | pki-d0f2e4efbd3eb0f1d7f5a28e7f97c1fb4ec027bb.tar.gz pki-d0f2e4efbd3eb0f1d7f5a28e7f97c1fb4ec027bb.tar.xz pki-d0f2e4efbd3eb0f1d7f5a28e7f97c1fb4ec027bb.zip |
Initial open source version based upon proprietary Red Hat Certificate System (RHCS) 7.3.
git-svn-id: svn+ssh://svn.fedorahosted.org/svn/pki/trunk@2 c9f7a03b-bd48-0410-a16d-cbbf54688b0b
Diffstat (limited to 'pki/base/common/src/com/netscape/cms/profile/constraint/ExtendedKeyUsageExtConstraint.java')
-rw-r--r-- | pki/base/common/src/com/netscape/cms/profile/constraint/ExtendedKeyUsageExtConstraint.java | 150 |
1 files changed, 150 insertions, 0 deletions
diff --git a/pki/base/common/src/com/netscape/cms/profile/constraint/ExtendedKeyUsageExtConstraint.java b/pki/base/common/src/com/netscape/cms/profile/constraint/ExtendedKeyUsageExtConstraint.java new file mode 100644 index 000000000..171886fcc --- /dev/null +++ b/pki/base/common/src/com/netscape/cms/profile/constraint/ExtendedKeyUsageExtConstraint.java @@ -0,0 +1,150 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.cms.profile.constraint; + + +import java.util.*; +import java.io.*; +import com.netscape.certsrv.base.*; +import com.netscape.certsrv.profile.*; +import com.netscape.certsrv.request.*; +import com.netscape.certsrv.property.*; +import com.netscape.certsrv.apps.*; +import com.netscape.cms.profile.common.*; +import com.netscape.cms.profile.def.*; + +import netscape.security.x509.*; +import netscape.security.util.*; +import netscape.security.extensions.*; + + +/** + * This class implements the extended key usage extension constraint. + * It checks if the extended key usage extension in the certificate + * template satisfies the criteria. + * + * @version $Revision: 14561 $, $Date: 2007-05-01 10:28:56 -0700 (Tue, 01 May 2007) $ + */ +public class ExtendedKeyUsageExtConstraint extends EnrollConstraint { + + public static final String CONFIG_CRITICAL = "exKeyUsageCritical"; + public static final String CONFIG_OIDS = + "exKeyUsageOIDs"; + + public ExtendedKeyUsageExtConstraint() { + super(); + addConfigName(CONFIG_CRITICAL); + addConfigName(CONFIG_OIDS); + } + + public void init(IProfile profile, IConfigStore config) + throws EProfileException { + super.init(profile, config); + } + + public IDescriptor getConfigDescriptor(Locale locale, String name) { + if (name.equals(CONFIG_CRITICAL)) { + return new Descriptor(IDescriptor.CHOICE, "true,false,-", + "-", + CMS.getUserMessage(locale, "CMS_PROFILE_CRITICAL")); + } else if (name.equals(CONFIG_OIDS)) { + return new Descriptor(IDescriptor.STRING, null, + null, + CMS.getUserMessage(locale, "CMS_PROFILE_OIDS")); + } + return null; + } + + /** + * Validates the request. The request is not modified + * during the validation. + */ + public void validate(IRequest request, X509CertInfo info) + throws ERejectException { + ExtendedKeyUsageExtension ext = (ExtendedKeyUsageExtension) + getExtension(ExtendedKeyUsageExtension.OID, info); + + if (ext == null) { + throw new ERejectException( + CMS.getUserMessage( + getLocale(request), + "CMS_PROFILE_EXTENSION_NOT_FOUND", + ExtendedKeyUsageExtension.OID)); + } + + // check criticality + String value = getConfig(CONFIG_CRITICAL); + + if (!isOptional(value)) { + boolean critical = getBoolean(value); + + if (critical != ext.isCritical()) { + throw new ERejectException( + CMS.getUserMessage( + getLocale(request), + "CMS_PROFILE_CRITICAL_NOT_MATCHED")); + } + } + + // Build local cache of configured OIDs + Vector mCache = new Vector(); + StringTokenizer st = new StringTokenizer(getConfig(CONFIG_OIDS), ","); + + while (st.hasMoreTokens()) { + String oid = st.nextToken(); + + mCache.addElement(oid); + } + + // check OIDs + Enumeration e = ext.getOIDs(); + + while (e.hasMoreElements()) { + ObjectIdentifier oid = (ObjectIdentifier) e.nextElement(); + + if (!mCache.contains(oid.toString())) { + throw new ERejectException( + CMS.getUserMessage( + getLocale(request), + "CMS_PROFILE_OID_NOT_MATCHED", + oid.toString())); + } + } + } + + public String getText(Locale locale) { + String params[] = { + getConfig(CONFIG_CRITICAL), + getConfig(CONFIG_OIDS) + }; + + return CMS.getUserMessage(locale, + "CMS_PROFILE_CONSTRAINT_EXTENDED_KEY_EXT_TEXT", + params); + } + + public boolean isApplicable(IPolicyDefault def) { + if (def instanceof NoDefault) + return true; + if (def instanceof ExtendedKeyUsageExtDefault) + return true; + if (def instanceof UserExtensionDefault) + return true; + return false; + } +} |