diff options
author | Ade Lee <alee@redhat.com> | 2012-01-11 12:57:53 -0500 |
---|---|---|
committer | Ade Lee <alee@redhat.com> | 2012-01-11 13:49:04 -0500 |
commit | 10cfe7756e967ac91c66d33b392aeab9cf3780fb (patch) | |
tree | d5ac9b58442265d2ce5ef60e31f041ddacba1b4f /pki/base/common/src/com/netscape/cms/profile/constraint/UniqueSubjectNameConstraint.java | |
parent | edcb24f65cc3700e75d0a1d14dc2483f210b0ee4 (diff) | |
download | pki-10cfe7756e967ac91c66d33b392aeab9cf3780fb.tar.gz pki-10cfe7756e967ac91c66d33b392aeab9cf3780fb.tar.xz pki-10cfe7756e967ac91c66d33b392aeab9cf3780fb.zip |
Formatting (no line wrap in comments or code)
Diffstat (limited to 'pki/base/common/src/com/netscape/cms/profile/constraint/UniqueSubjectNameConstraint.java')
-rw-r--r-- | pki/base/common/src/com/netscape/cms/profile/constraint/UniqueSubjectNameConstraint.java | 73 |
1 files changed, 36 insertions, 37 deletions
diff --git a/pki/base/common/src/com/netscape/cms/profile/constraint/UniqueSubjectNameConstraint.java b/pki/base/common/src/com/netscape/cms/profile/constraint/UniqueSubjectNameConstraint.java index 89b8d4602..211aef913 100644 --- a/pki/base/common/src/com/netscape/cms/profile/constraint/UniqueSubjectNameConstraint.java +++ b/pki/base/common/src/com/netscape/cms/profile/constraint/UniqueSubjectNameConstraint.java @@ -55,13 +55,13 @@ import com.netscape.cms.profile.def.UserSubjectNameDefault; * It checks if the subject name in the certificate is * unique in the internal database, ie, no two certificates * have the same subject name. - * + * * @version $Revision$, $Date$ */ public class UniqueSubjectNameConstraint extends EnrollConstraint { public static final String CONFIG_KEY_USAGE_EXTENSION_CHECKING = - "enableKeyUsageExtensionChecking"; + "enableKeyUsageExtensionChecking"; private boolean mKeyUsageExtensionChecking = true; public UniqueSubjectNameConstraint() { @@ -69,14 +69,14 @@ public class UniqueSubjectNameConstraint extends EnrollConstraint { } public void init(IProfile profile, IConfigStore config) - throws EProfileException { + throws EProfileException { super.init(profile, config); } - public IDescriptor getConfigDescriptor(Locale locale, String name) { + public IDescriptor getConfigDescriptor(Locale locale, String name) { if (name.equals(CONFIG_KEY_USAGE_EXTENSION_CHECKING)) { return new Descriptor(IDescriptor.BOOLEAN, null, "true", - CMS.getUserMessage(locale, "CMS_PROFILE_CONFIG_KEY_USAGE_EXTENSION_CHECKING")); + CMS.getUserMessage(locale, "CMS_PROFILE_CONFIG_KEY_USAGE_EXTENSION_CHECKING")); } return null; } @@ -85,12 +85,12 @@ public class UniqueSubjectNameConstraint extends EnrollConstraint { return null; } - /** - * Checks if the key extension in the issued certificate - * is the same as the one in the certificate template. - */ + /** + * Checks if the key extension in the issued certificate + * is the same as the one in the certificate template. + */ private boolean sameKeyUsageExtension(ICertRecord rec, - X509CertInfo certInfo) { + X509CertInfo certInfo) { X509CertImpl impl = rec.getCertificate(); boolean bits[] = impl.getKeyUsage(); @@ -98,7 +98,7 @@ public class UniqueSubjectNameConstraint extends EnrollConstraint { try { extensions = (CertificateExtensions) - certInfo.get(X509CertInfo.EXTENSIONS); + certInfo.get(X509CertInfo.EXTENSIONS); } catch (IOException e) { } catch (java.security.cert.CertificateException e) { } @@ -110,9 +110,9 @@ public class UniqueSubjectNameConstraint extends EnrollConstraint { } else { try { ext = (KeyUsageExtension) extensions.get( - KeyUsageExtension.NAME); + KeyUsageExtension.NAME); } catch (IOException e) { - // extension isn't there. + // extension isn't there. } if (ext == null) { @@ -135,48 +135,47 @@ public class UniqueSubjectNameConstraint extends EnrollConstraint { return false; } } - } + } } - return true; + return true; } - /** * Validates the request. The request is not modified * during the validation. - * - * Rules are as follows: + * + * Rules are as follows: * If the subject name is not unique, then the request will be rejected unless: * 1. the certificate is expired or expired_revoked * 2. the certificate is revoked and the revocation reason is not "on hold" * 3. the keyUsageExtension bits are different and enableKeyUsageExtensionChecking=true (default) */ public void validate(IRequest request, X509CertInfo info) - throws ERejectException { + throws ERejectException { CMS.debug("UniqueSubjectNameConstraint: validate start"); CertificateSubjectName sn = null; - IAuthority authority = (IAuthority)CMS.getSubsystem("ca"); - + IAuthority authority = (IAuthority) CMS.getSubsystem("ca"); + mKeyUsageExtensionChecking = getConfigBoolean(CONFIG_KEY_USAGE_EXTENSION_CHECKING); ICertificateRepository certdb = null; if (authority != null && authority instanceof ICertificateAuthority) { - ICertificateAuthority ca = (ICertificateAuthority)authority; + ICertificateAuthority ca = (ICertificateAuthority) authority; certdb = ca.getCertificateRepository(); } - + try { sn = (CertificateSubjectName) info.get(X509CertInfo.SUBJECT); } catch (Exception e) { throw new ERejectException( - CMS.getUserMessage(getLocale(request), - "CMS_PROFILE_SUBJECT_NAME_NOT_FOUND")); + CMS.getUserMessage(getLocale(request), + "CMS_PROFILE_SUBJECT_NAME_NOT_FOUND")); } String certsubjectname = null; if (sn == null) throw new ERejectException( - CMS.getUserMessage(getLocale(request), - "CMS_PROFILE_SUBJECT_NAME_NOT_FOUND")); + CMS.getUserMessage(getLocale(request), + "CMS_PROFILE_SUBJECT_NAME_NOT_FOUND")); else { certsubjectname = sn.toString(); String filter = "x509Cert.subject=" + certsubjectname; @@ -184,7 +183,7 @@ public class UniqueSubjectNameConstraint extends EnrollConstraint { try { sameSubjRecords = certdb.findCertRecords(filter); } catch (EBaseException e) { - CMS.debug("UniqueSubjectNameConstraint exception: "+e.toString()); + CMS.debug("UniqueSubjectNameConstraint exception: " + e.toString()); } while (sameSubjRecords != null && sameSubjRecords.hasMoreElements()) { ICertRecord rec = (ICertRecord) sameSubjRecords.nextElement(); @@ -213,8 +212,8 @@ public class UniqueSubjectNameConstraint extends EnrollConstraint { continue; } - if (status.equals(ICertRecord.STATUS_REVOKED) && reason != null && - (! reason.equals(RevocationReason.CERTIFICATE_HOLD))) { + if (status.equals(ICertRecord.STATUS_REVOKED) && reason != null && + (!reason.equals(RevocationReason.CERTIFICATE_HOLD))) { continue; } @@ -223,20 +222,20 @@ public class UniqueSubjectNameConstraint extends EnrollConstraint { } throw new ERejectException( - CMS.getUserMessage(getLocale(request), - "CMS_PROFILE_SUBJECT_NAME_NOT_UNIQUE", - certsubjectname)); + CMS.getUserMessage(getLocale(request), + "CMS_PROFILE_SUBJECT_NAME_NOT_UNIQUE", + certsubjectname)); } } - CMS.debug("UniqueSubjectNameConstraint: validate end"); + CMS.debug("UniqueSubjectNameConstraint: validate end"); } public String getText(Locale locale) { String params[] = { - getConfig(CONFIG_KEY_USAGE_EXTENSION_CHECKING) + getConfig(CONFIG_KEY_USAGE_EXTENSION_CHECKING) }; - return CMS.getUserMessage(locale, - "CMS_PROFILE_CONSTRAINT_UNIQUE_SUBJECT_NAME_TEXT", + return CMS.getUserMessage(locale, + "CMS_PROFILE_CONSTRAINT_UNIQUE_SUBJECT_NAME_TEXT", params); } |