diff options
author | Ade Lee <alee@redhat.com> | 2011-12-07 16:58:12 -0500 |
---|---|---|
committer | Ade Lee <alee@redhat.com> | 2011-12-07 16:58:12 -0500 |
commit | 32150d3ee32f8ac27118af7c792794b538c78a2f (patch) | |
tree | 52dd96f664a6fa51be25b28b6f10adc5f2c9f660 /pki/base/common/src/com/netscape/cms/profile/constraint/UniqueSubjectNameConstraint.java | |
parent | f05d58a46795553beb8881039cc922974b40db34 (diff) | |
download | pki-32150d3ee32f8ac27118af7c792794b538c78a2f.tar.gz pki-32150d3ee32f8ac27118af7c792794b538c78a2f.tar.xz pki-32150d3ee32f8ac27118af7c792794b538c78a2f.zip |
Formatting
Formatted project according to eclipse project settings
Diffstat (limited to 'pki/base/common/src/com/netscape/cms/profile/constraint/UniqueSubjectNameConstraint.java')
-rw-r--r-- | pki/base/common/src/com/netscape/cms/profile/constraint/UniqueSubjectNameConstraint.java | 112 |
1 files changed, 53 insertions, 59 deletions
diff --git a/pki/base/common/src/com/netscape/cms/profile/constraint/UniqueSubjectNameConstraint.java b/pki/base/common/src/com/netscape/cms/profile/constraint/UniqueSubjectNameConstraint.java index 89b8d4602..2d5db341f 100644 --- a/pki/base/common/src/com/netscape/cms/profile/constraint/UniqueSubjectNameConstraint.java +++ b/pki/base/common/src/com/netscape/cms/profile/constraint/UniqueSubjectNameConstraint.java @@ -51,17 +51,15 @@ import com.netscape.cms.profile.def.SubjectNameDefault; import com.netscape.cms.profile.def.UserSubjectNameDefault; /** - * This class implements the unique subject name constraint. - * It checks if the subject name in the certificate is - * unique in the internal database, ie, no two certificates - * have the same subject name. - * + * This class implements the unique subject name constraint. It checks if the + * subject name in the certificate is unique in the internal database, ie, no + * two certificates have the same subject name. + * * @version $Revision$, $Date$ */ public class UniqueSubjectNameConstraint extends EnrollConstraint { - public static final String CONFIG_KEY_USAGE_EXTENSION_CHECKING = - "enableKeyUsageExtensionChecking"; + public static final String CONFIG_KEY_USAGE_EXTENSION_CHECKING = "enableKeyUsageExtensionChecking"; private boolean mKeyUsageExtensionChecking = true; public UniqueSubjectNameConstraint() { @@ -69,14 +67,15 @@ public class UniqueSubjectNameConstraint extends EnrollConstraint { } public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { super.init(profile, config); } - public IDescriptor getConfigDescriptor(Locale locale, String name) { + public IDescriptor getConfigDescriptor(Locale locale, String name) { if (name.equals(CONFIG_KEY_USAGE_EXTENSION_CHECKING)) { return new Descriptor(IDescriptor.BOOLEAN, null, "true", - CMS.getUserMessage(locale, "CMS_PROFILE_CONFIG_KEY_USAGE_EXTENSION_CHECKING")); + CMS.getUserMessage(locale, + "CMS_PROFILE_CONFIG_KEY_USAGE_EXTENSION_CHECKING")); } return null; } @@ -85,20 +84,19 @@ public class UniqueSubjectNameConstraint extends EnrollConstraint { return null; } - /** - * Checks if the key extension in the issued certificate - * is the same as the one in the certificate template. - */ - private boolean sameKeyUsageExtension(ICertRecord rec, - X509CertInfo certInfo) { + /** + * Checks if the key extension in the issued certificate is the same as the + * one in the certificate template. + */ + private boolean sameKeyUsageExtension(ICertRecord rec, X509CertInfo certInfo) { X509CertImpl impl = rec.getCertificate(); boolean bits[] = impl.getKeyUsage(); CertificateExtensions extensions = null; try { - extensions = (CertificateExtensions) - certInfo.get(X509CertInfo.EXTENSIONS); + extensions = (CertificateExtensions) certInfo + .get(X509CertInfo.EXTENSIONS); } catch (IOException e) { } catch (java.security.cert.CertificateException e) { } @@ -109,10 +107,10 @@ public class UniqueSubjectNameConstraint extends EnrollConstraint { return false; } else { try { - ext = (KeyUsageExtension) extensions.get( - KeyUsageExtension.NAME); + ext = (KeyUsageExtension) extensions + .get(KeyUsageExtension.NAME); } catch (IOException e) { - // extension isn't there. + // extension isn't there. } if (ext == null) { @@ -135,48 +133,44 @@ public class UniqueSubjectNameConstraint extends EnrollConstraint { return false; } } - } + } } - return true; + return true; } - /** - * Validates the request. The request is not modified - * during the validation. - * - * Rules are as follows: - * If the subject name is not unique, then the request will be rejected unless: - * 1. the certificate is expired or expired_revoked + * Validates the request. The request is not modified during the validation. + * + * Rules are as follows: If the subject name is not unique, then the request + * will be rejected unless: 1. the certificate is expired or expired_revoked * 2. the certificate is revoked and the revocation reason is not "on hold" - * 3. the keyUsageExtension bits are different and enableKeyUsageExtensionChecking=true (default) + * 3. the keyUsageExtension bits are different and + * enableKeyUsageExtensionChecking=true (default) */ public void validate(IRequest request, X509CertInfo info) - throws ERejectException { + throws ERejectException { CMS.debug("UniqueSubjectNameConstraint: validate start"); CertificateSubjectName sn = null; - IAuthority authority = (IAuthority)CMS.getSubsystem("ca"); - + IAuthority authority = (IAuthority) CMS.getSubsystem("ca"); + mKeyUsageExtensionChecking = getConfigBoolean(CONFIG_KEY_USAGE_EXTENSION_CHECKING); ICertificateRepository certdb = null; if (authority != null && authority instanceof ICertificateAuthority) { - ICertificateAuthority ca = (ICertificateAuthority)authority; + ICertificateAuthority ca = (ICertificateAuthority) authority; certdb = ca.getCertificateRepository(); } - + try { sn = (CertificateSubjectName) info.get(X509CertInfo.SUBJECT); } catch (Exception e) { - throw new ERejectException( - CMS.getUserMessage(getLocale(request), - "CMS_PROFILE_SUBJECT_NAME_NOT_FOUND")); + throw new ERejectException(CMS.getUserMessage(getLocale(request), + "CMS_PROFILE_SUBJECT_NAME_NOT_FOUND")); } String certsubjectname = null; if (sn == null) - throw new ERejectException( - CMS.getUserMessage(getLocale(request), - "CMS_PROFILE_SUBJECT_NAME_NOT_FOUND")); + throw new ERejectException(CMS.getUserMessage(getLocale(request), + "CMS_PROFILE_SUBJECT_NAME_NOT_FOUND")); else { certsubjectname = sn.toString(); String filter = "x509Cert.subject=" + certsubjectname; @@ -184,7 +178,8 @@ public class UniqueSubjectNameConstraint extends EnrollConstraint { try { sameSubjRecords = certdb.findCertRecords(filter); } catch (EBaseException e) { - CMS.debug("UniqueSubjectNameConstraint exception: "+e.toString()); + CMS.debug("UniqueSubjectNameConstraint exception: " + + e.toString()); } while (sameSubjRecords != null && sameSubjRecords.hasMoreElements()) { ICertRecord rec = (ICertRecord) sameSubjRecords.nextElement(); @@ -194,7 +189,8 @@ public class UniqueSubjectNameConstraint extends EnrollConstraint { RevocationReason reason = null; if (revocationInfo != null) { - CRLExtensions crlExts = revocationInfo.getCRLEntryExtensions(); + CRLExtensions crlExts = revocationInfo + .getCRLEntryExtensions(); if (crlExts != null) { Enumeration enumx = crlExts.getElements(); @@ -209,35 +205,33 @@ public class UniqueSubjectNameConstraint extends EnrollConstraint { } } - if (status.equals(ICertRecord.STATUS_EXPIRED) || status.equals(ICertRecord.STATUS_REVOKED_EXPIRED)) { + if (status.equals(ICertRecord.STATUS_EXPIRED) + || status.equals(ICertRecord.STATUS_REVOKED_EXPIRED)) { continue; } - if (status.equals(ICertRecord.STATUS_REVOKED) && reason != null && - (! reason.equals(RevocationReason.CERTIFICATE_HOLD))) { + if (status.equals(ICertRecord.STATUS_REVOKED) && reason != null + && (!reason.equals(RevocationReason.CERTIFICATE_HOLD))) { continue; } - if (mKeyUsageExtensionChecking && !sameKeyUsageExtension(rec, info)) { + if (mKeyUsageExtensionChecking + && !sameKeyUsageExtension(rec, info)) { continue; } - throw new ERejectException( - CMS.getUserMessage(getLocale(request), - "CMS_PROFILE_SUBJECT_NAME_NOT_UNIQUE", - certsubjectname)); + throw new ERejectException(CMS.getUserMessage( + getLocale(request), + "CMS_PROFILE_SUBJECT_NAME_NOT_UNIQUE", certsubjectname)); } } - CMS.debug("UniqueSubjectNameConstraint: validate end"); + CMS.debug("UniqueSubjectNameConstraint: validate end"); } public String getText(Locale locale) { - String params[] = { - getConfig(CONFIG_KEY_USAGE_EXTENSION_CHECKING) - }; - return CMS.getUserMessage(locale, - "CMS_PROFILE_CONSTRAINT_UNIQUE_SUBJECT_NAME_TEXT", - params); + String params[] = { getConfig(CONFIG_KEY_USAGE_EXTENSION_CHECKING) }; + return CMS.getUserMessage(locale, + "CMS_PROFILE_CONSTRAINT_UNIQUE_SUBJECT_NAME_TEXT", params); } public boolean isApplicable(IPolicyDefault def) { |